After a few attempts, you’re able to authenticate with the credentials admin:Fall2022
You cross-reference the GitHub page for this open-source application and learn that the interactive shell is accessible by clicking on the <> icon in the upper-right corner of this page. But before you go any further, one of your team members gives a word of caution.
“We need to be extremely careful here. We’re accessing an unencrypted page and anything we do is being sent in plain text. In fact, let’s open up Wireshark and monitor our traffic here.”
You think that’s an excellent call.
The web application’s interactive shell can’t run any commands yet. You try to run a simple command but an error indicates the command cannot execute. You also notice that the interactive shell is sending information back to you through an unencrypted web socket:
You’re approaching this carefully because anything you send and receive over this web application’s shell will be visible for everyone to see. You need to pivot this into a secured, authenticated communication channel. You make the calculated risk decision to enable basic command execution first and then, while being mindful of your traffic, pivot from this plain text code execution into something else.