Ханипот (Honeypot)

hackerlab

Task: Get access to admin page without falling into the honeypot trap. Solution: Use DELETE HTTP method instead of GET/POST to bypass the fake password form.

authentication_bypass http_methods method_tampering delete_method honeypot trap_avoidance curl http_verbs

HTTP Method Tampering (DELETE instead of GET/POST)Honeypot trap recognition and avoidanceAlternative HTTP verb exploitation

$ ls tags/ techniques/

authentication_bypass http_methods method_tampering delete_method honeypot trap_avoidance curl http_verbs

HTTP Method Tampering (DELETE instead of GET/POST)Honeypot trap recognition and avoidanceAlternative HTTP verb exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Провальный код (Failed Code)— hackerlab
[misc][Pro]Предатель (Traitor)— hackerlab
[web][Pro]Магическая админка — hackerlab— hackerlab
[web][Pro]Pryzhok— hackerlab
[web][Pro]Доступ запрещён (Access Denied)— hackerlab