OWASP Security Shepherd – Security Misconfiguration – Solution – LSB

Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key from successfully logging in.

secmis2

banner
Linux Foundation Sys Admin Courses

But we don’t have the credentials. The game tells us that the default credentials have not been changed or removed, so we can guess the credentials. I firstly tried admin/admin but this did not work.

secmis3

Next I tried admin/password, et voila, simple.

secmis4

The purpose of this level in the game is to teach us to always change default credentials in applications or devices you use. Devices that use default credentials can be used as part of a botnet, if a hacker can log in with default creds then it’s quite easy to run a script to find devices across the world that use defaults and take over the device.

2017-11-02 QuBits

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s