WebAppSec101 Write up TryHackMe

4 min readMay 12, 2021

Hey everyone, today we will try to complete the room WebAppSec101 from Try Hack Me. You can this room from this link https://tryhackme.com/room/webappsec101

Let’s deploy the machine and we have to find these first

So for that we have the curl command

By that we can get the Apache version, behind technology and it’s version to create the website.

Now we need to find this

So admin username and password we need to find username, password. We have to click admin to go admin login page. Let’s try the very basic same username and password.

Look it worked. No need to brute force.

Now we have to find the name of the cookie. which is very easy. Just remember after login there is a particular cookie send by the server to the user. Its is the 5th layer of the OSI model.

Now let’s register an user

Now after registering click anywhere to see this

See the url. it said userid=12. Manipulate that. Less or more and then using that technique we got in this user account.

Now for the password, let’s try the username as password. And that worked perfectly fine.

Now for the XSS. let’s put a javascript payload in the search bar.

XSS is working here.

Now the Injection part

So let’s again make an user with SQL Injection payloads.

we got enter in an account

Now for Miscellaneous & Logic Flaws

Parameter manipulation we already did that where we change the parameter userid=12.

now for directory traversal let’s do again parameter manipulation and upload a file as photo

and it took it without any verification

Let’s upload another file and give tag name like ../file

It will show a conflict. The attacker able to overwrite the sample.php file by using directory transverse. As a result, the host might lose all the data.

Now in force browsing, let’s go to see any photo