TryHackMe | Introduction to Django

1. Introduction
2. Scanning and Enumeration
3. Capture the Flags
4. Conslusion

INTRODUCTION

Learning Python can be extremely useful for penetration testers and a simple understanding of its frameworks can be a key to success.

Django is a high-level Python web framework that enables rapid development of secure and maintainable websites. It allows you to develop websites and web applications in a matter of hours.

Django can automatically compile HTML code, therefore making it possible for anyone without any advanced knowledge in markup languages develop a website. Additionally, Django is arguably one of the most secure developing frameworks, which in the right configuration, can strongly resist against SQL injections and XSS.

All in all, if you are familiar with Python and considering creating a website, Django can be a really good choice. As for penetration tester, it is important to understand the basic structure of Django-powered websites in order to be able to identify possible weaknesses and mistakes a developer can make.

SCANNING AND ENUMERATION

Considering that you have gone through all the material available till unit 4 and answered questions.

Moving further, Deploy machine and let’s begin with scanning and enumerating to get our flags, exploiting django misconfigurations.

We have got an IP -add for this machine and from above reading material we know that django runs on port 8000, lets check out what we have on the web.

This something i was expecting, here we land up on this page saying “Disallowed Host”, this is due to the reason that we have not yet set host for this WebApp.

Let’s just do a bit of scanning if we can get a door to get inside the machine. We can expect to have ssh running as we are provided with a username and a password.

$ nmap -v -sV -sC <machine ip-addr>

And yeeeh as expected SSH is running.
Go get inside the machine with provided username and password.

$ ssh django-admin@<machine ip-addr>

Huuurrrrhhhh !!!!!!

We are inside the box now.

Capture the Flags

Time to capture available flags.

first of all create an admin user for WebApp and include you machine-ip as allowed hosts in settings.py file

move to messagebox webapp directory.

$ python3 manage.py createsuperuser
Follow the steps to create your own credentials.

$ nano /messagebox/settings.py
Add machine ip in allowed hosts sections.

Now we’ll be able navigate to the webapp hosted on the server let’s check out what we can get from there and login to admin panel with credentials you created earlier.

WebApp Landing page.

Admin Login Page. Login to the admin using credentials you created earlier.

Here is not so informative and clean Django-admin dashboard.

For admin panel flag navigate to users tab and there u’ll find it.

There you got the flag and there in one more interesting thing another user and password hash for that user.

Crack the above available hash to get SSH password which will lead you to the user flag.

There are 2 ways to get on to user flag one is mentioned above and the other is misconfiguration in this machine, that django-admin can access data of the other user directly. Using the shell we obtained earlier navigate to /home/StrangeFox and get your user flag.

$ cd /home/StrangeFox
$ cat user.txt

At last for hidden flag navigate to main /home directory and use grep to look for THM flag format.

$ cd /home
$ grep -r THM

this will give hidden flag as output.

Violaaa!!!!!!!
we’re done !

CONCLUSION

Thanks for reading.

Python at this moment is one of the versatile languages.
Machine Learning, Data Science, Big Data etc all combine to be known as AI are using python the most for development of application, solving problems, analyzing data and related tasks and even being used for web development with its own frameworks Django and Flask.
As a penetration testing or Cyber Security Analyst one should be familiar with python to extract out weaknesses and exploiting them.