Skip to content

AdonisEnProvence/Darkly

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
BONUS-xss-breach-on-filename-file-upload/Ressources
BONUS-xss-breach-on-filename-file-upload/Ressources
 
 
bruteforce-sign-in-form
bruteforce-sign-in-form
 
 
directory-traversal-breach
directory-traversal-breach
 
 
docs/assets
docs/assets
 
 
htpasswd_admin_authentication_breach
htpasswd_admin_authentication_breach
 
 
i_am_admin_cookie_breach
i_am_admin_cookie_breach
 
 
mocking_referer_and_user_agent_curl_breach
mocking_referer_and_user_agent_curl_breach
 
 
modify_value_form_fields_from_client
modify_value_form_fields_from_client
 
 
php_script_as_jpg_metadata_file_upload_breach
php_script_as_jpg_metadata_file_upload_breach
 
 
query_param_driving_redirection
query_param_driving_redirection
 
 
scraping_hidden_directory
scraping_hidden_directory
 
 
search_images_sql_injection
search_images_sql_injection
 
 
sql_injection_members_table
sql_injection_members_table
 
 
unprotected_select_value_on_survey_page
unprotected_select_value_on_survey_page
 
 
xss_on_feedbacks_page_breach
xss_on_feedbacks_page_breach
 
 
xss_page_nsa_image
xss_page_nsa_image
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Darkly

This repository is a 42 project that asked us to find security breaches on a website.

The objective was to find 14 breaches, each of them giving a flag.

For each breach, we wrote how we found it, how the breach can be exploited and how the breach can be avoided.

Darkly illustration image

At the root of the repository, we created a directory for each breach containing the flag, and optionally the ressources that were needed to find the flag. For instance, we had to find a file containing a flag among 18,000 other files, and we wrote a JavaScript script to help us.

Setup

Starting the iso

In our setup we're using virtual box.

Download the iso from the intranet.

Create a ubuntu virtual machine with a default vdi, then create a new optical drive from your machine storage settings in the section Controller: IDE.

Then start the machine, and open the given IP in a browser.

(Optional) Hitting the iso IP

If you have difficulties hitting the dumped vm ip. As for example if you're on 42 school network you will have to setup some config.

  1. Add a new Host-only Network in VirtualBox
File > Host Network Manager > Create
  1. Add a new NAT Network
File > Preferences > Network > Create

Then from your vm settings:

  1. Create the first Network adapter for it to be attached to Host-only Adapter
Machine Settings > Network > Change `Attached to` select value to Host-only Adapter
  1. Enable a second network adapter and make it attached to the NAT Network
Machine Settings > Network > Hit the Enabled Network Adapter checkbox
Machine Settings > Network > Change `Attached to` select value to Nat Network

About

42 Web security pen test project

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages