TryHackMe: OWASP Top 10 || Severity 3 || Sensitive Data Exposure
2 min readApr 2, 2021
#1 What is the name of the mentioned directory?
/assets- Go to the website → Turn on your browser’s proxy.
- Start Burp Suite → Turn off the interceptor.
- Now, navigate through the website.
- Go back to Burp Suite → Click on “Target” tab → Select “Site Map” section.
- Browse through the directories and you would find the answer.
#2 Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
webapp.db#3 Use the supporting material to access the sensitive data. What is the password hash of the admin user?
root@ip-10-10-255-70:~# file webapp.db >>> To check the filetype
webapp.db: SQLite 3.x database, last written using SQLite version 3022000root@ip-10-10-255-70:~# sqlite3 webapp.db >>> To access the database
SQLite version 3.22.0 2018-01-22 18:45:57
Enter ".help" for usage hints.
sqlite> .tables >>> To see what tables are available
sessions users
sqlite> pragma table_info(users); >>> To list the columns of a particular table
0|userID|TEXT|1||1
1|username|TEXT|1||0
2|password|TEXT|1||0
3|admin|INT|1||0
sqlite> select * from users; >>> To list all contents from a particular table
4413096d9c933359b898b6202288a650|admin|6eea9b7ef19179a06954edd0f6c05ceb|1
23023b67a32488588db1e28579ced7ec|Bob|ad0234829205b9033196ba818f7a872b|1
4e8423b514eef575394ff78caed3254d|Alice|268b38ca7b84f44fa0a6cdc86e6301e0|0
sqlite>
#4 What is the admin’s plaintext password?
- To crack the hash, we can use https://crackstation.net/.
qwertyuiop#5 Login as the admin. What is the flag?
THM{Yzc2YjdkMjE5N2VjMzNhOTE3NjdiMjdl}