Darkly
In this project we need to hack a given website.
Vulnerabilities are described in 'VULNERABILITIES.md'.
Flags refer to vulnerability identifiers in the form of a random code and proves a vulnerability has been found.
https://cdn.intra.42.fr/pdf/pdf/60806/en.subject.pdf
SETUP
To setup the webiste that has to be hacked follow the following steps:
- Download 'Virtual Machine' and 'Darkly_i386.iso' (found here https://projects.intra.42.fr/projects/42cursus-darkly).
- Use VM to launch a virtual machine of type 'linux' and version 'Oracle 64bit'.
- In settings of this virtual machine go to 'Network' set 'Attached to' to 'Bridged Adapter', in 'Advanced' set 'Promiscuous Mode' to 'Allow All'.
- In settings of this virtual machine go to 'Storage' and as shown in image click on 'Empty' followed by the right disk and choose the downloaded disk file 'Darkly_i386.iso'.
(Always click on ok to save virtual machine settings changes.) - Launch virtual machine, wait, go to given link.
Possible issues:
- VM does not work on apple M1 chips.
- Launching the VM with iso file does not return correct link when on macOS Montery but it does function on Catalina at least.
Documentation
https://www.codecademy.com/learn/introduction-to-cybersecurity
https://www.codecademy.com/learn/cybersecurity-for-business
https://www.codecademy.com/learn/defending-express-applications-from-sql-injection-xss-csrf-attacks
https://highon.coffee/blog/lfi-cheat-sheet