Insecure Deserialisation – TryHackMe

Insecure deserialization occurs when an application trusts serialized data without proper validation. Serialization is the process of converting an object (data structure) into a byte stream for storage or transmission. Deserialization reverses this process, reconstructing the object from the byte stream. Insecure deserialization arises when this deserialization process happens without validating the integrity or origin of the serialized data.

Insecure Deserialization

Answers for this room:

Task 1:

1) I am ready to start the room.

Ans: No Answer Needed

Task 2:

2) What is the function used in PHP for serialisation?

Ans: serialize()

3) What is the base score for the vulnerability CVE-2015–4852?

Ans: 7.5

4) Does serialisation allow only saving to a byte stream file? (yea/nay)

Ans: nay

Task 3:

5) What is the base64 encoded output after pickling the string You got it in Python? Utilise the notes app found at http://MACHINE_IP:5000.

Ans: gASVNQAAAAAAAACMCF9fbWFpbl9flIwFTm90ZXOUk5QpgZR9lIwFbm90ZXOUXZSMCllvdSBnb3QgaXSUYXNiLg==

6) What is the output after serialising the string You got it in PHP?

Ans: O:5:”Notes”:1:{s:7:”content”;s:10:”You got it”;}

7) What is the renowned binary serialisation module used in Ruby?

Ans: Marshal

Task 4:

8) Visit the URL http://MACHINE_IP/who/index.php and identify what is the user-defined function used for serialisation?

Ans: HelloTHMSerialization

Task 5:

9) What is the flag value after sharing a note with a valid subscription?

Ans: THM{10101}

10) What is the default role value once the user loads the notes application?

Ans: guest

Task 6:

11) What is the flag value after getting the reverse shell?

Ans: THM{GOT_THE_SH#LL}

12) What is the output of the whoami command after getting the shell?

Ans: www-data

Task 7:

13) What is the vector for exploiting CodeIgniter4/FR1 as per the PHPGGC?

Ans: __toString

14) What is the output of the whoami command on the vulnerable Laravel application?

Ans: root

15) What is the output of the uname -r command on the vulnerable Laravel application?

Ans: 5.4.0–1029-aws

Task 8:

16) Is it a good practice to blindly use the eval() function in your code? (yea/nay)

Ans: nay

Task 9:

17) I have successfully completed the room.

Ans: No Answer Needed

Your time is valuable, and I truly appreciate you sharing it. I’m eager to delve into your next blog post.

Stay Connected – Audit Mania