Inconsistent security controls
We can go to the Target > Site Map
tab in Burp Suite in order to see the domain.
Let's left click on the domain present and then Engagement tools > Discover content
.
That would tell us that there is a directory called /admin
. Alternatively, we can also directory fuzzing tools.
Let's visit the /admin
page through the browser.
As we can see, the admin page is only accessible to "DontWannaCry" users.
Let's Register
our user using our assigned email address.
Next, we can go to the Email client
and click our registration email.
Then, we can login to our created account through the My account
tab.
Once inside, we get the option to change our email.
Let's set it the following:
attacker@dontwannacry.com
Once we update our email, the admin panel becomes accessible to us.
Let's go inside the admin panel.
We have to delete the carlos
user.
We have solved the lab.