Kratius Pentesting Graveyard Challenge

This is my first write-up which is centered on the Kratius enrollment challenge.

TLDR: SSL running on website exposed a vulncode in the Javascript source code.

IP Dicovery and NMAP Scan

I had wasted a bit of time at first trying to check for XSS and Command Injection vulnerabilities. After having no luck with them, I decided to check open ports to see if there’s another web service running.

I ran nikto to get the IP address as can be seen in the Taregt IP field and then nmap.

Access and Discovery

The website was running on port 80 so after seeing that port 443 is open, I switched to it. An additonal button appeared that prompts a user to Submit Vulnerability.

I immediately thought of checking the source code to see if there is any exposed code or a referenced page or file. I found the Js code snippet that checks if a submission is valid, the code to be checked was hardcoded and I retrived it.

I submitted it and got a success message. This also triggered the content of the secured site to show on the mobile view.

Shortly after, a banner was added to the page.

In conclusion, it was a thrilling challenge as I was playing to be amongst the first three to discover the vulnerability. Also, it reminded me that gathering information and scanning a target are very important steps and should always be the first move at a black box target instead of jumping to test various vulnerabilities. It really does provide insight and saves one time and effort.