Building momentum and my methodology
Posted on May 17, 2020
An exceedingly good week in the labs mainly thanks to the power of consistency:
Reminder that you can always check my solutions here:
This week I focused on more DOM attacks, CORS issues, XXE attacks and request smuggling. I still don't properly trust myself to spot a DOM vulnerability out in the wild, but I think I have a decent grip over CORS. XXE and request smuggling were entirely new to me.
I never really took the time to explore XML properly, often just bruteforcing my way though it with regex (or how to exponentially multiply the complexity of your code!). I spent some more time on it this week and it's starting to click, although what helped tremendously was this video by PwnFunction on XXE
Request smuggling was something completely new to me and I took my time experimenting and learning since it's something I can see myself often using in my real engagements. The Burp HTTP Smuggler extension helps a lot in identifying potential targets, although I need to test it more outside the labs. It did, however, push me to reach that point where I struggle to take in new information because I need to digest the one I have just learned, so I decided to slow down a bit for the weekend and play some Kenshi. Great game, would karate chop a cannibal and steal his hat again.
My methodology
This is by no means set in stone, and as proof is the fact that I took my time with the request smuggling labs, but I try to stick to the following:
Apprentice Difficulty: 15 minutes
Practitioner Difficulty : 30 minutes
Expect Difficulty: 45 minutes
That's about how long I'll spend on a lab before looking up the solution, although sometimes I'll push it if I feel like I'm close. I'm not ashamed to look at the solutions at all, since many labs can be in the unknown unknowns area - things I don't even know I don't know. I do read the main page for every attack before attempting the labs (e.g. XXE labs) and I do intend to frequently return to those labs and rely less on the solutions to gain a deeper understanding. At the moment, I'm just trying to expose myself to new and diverse attack vectors.
Next week seems to be quite busy, so we'll see if I can keep my momentum going.