Darkly

Darkly is an educational exercise in the 42 curriculum aimed at understanding common vulnerabilities in web applications. By auditing a deliberately vulnerable application, this project aims to teach how to recognize and exploit flaws (XSS, injections, poor authentication management, etc.), understand OWASP recommendations, and propose corrective measures. This repository contains my notes, testing methods, and write-ups of the flags collected during the project.

Darkly VM Setup Guide

Goal

Download the Darkly ISO, create a VirtualBox VM, attach the ISO, and configure a bridged network so the VM and your host appear on the same LAN (same subnet) and can reach each other directly.

To download Darkly iso: https://cdn.intra.42.fr/isos/Darkly_i386.iso

Configuring a Bridged Network (VirtualBox) — Quick Instructions

Follow these steps to place the VM and host on the same LAN/subnet.

Configuration Steps

1. Open VirtualBox → Settings (for your VM where you installed darkly.iso image) → Network

2. Adapter 1 → Enable Network Adapter

   • Attached to: Bridged Adapter
   • Name: Select your host's physical interface (e.g., eth0, enp3s0, Wi-Fi)
   • Promiscuous Mode: Deny (or Allow VMs if needed)
   • Cable Connected: Checked

3. Click OK/Save

4. Start the VM

5. Access the darkly_IP_Adress in your web browser

Network Configuration

• If the VM uses DHCP, it should obtain an IP from the same network as the host.
• If necessary, configure a static IP in the VM (gateway and netmask must match the host network).

Tip

Use the exact same network for the local machine and the VM. Don't use a VPN.
Access the site in HTTP.

Flag 01 - Parameter Tampering - I forgot my password

Refs:
Web_Parameter_Tampering

Test_Integrity_Checks

Flag 02 - Exposure of sensitive files - /robots.txt & /admin panel

Refs:
Review_Webserver_Metafiles_for_Information_Leakage

Insecure_Direct_Object_References

Flag 03 - Cookie Tampering - I_am_admin

Refs:
Session_Management_Cheat_Sheet

Cookie_Theft_Mitigation_Cheat_Sheet

Flag 04 - UNION-based SQL Injection - Image number

Refs:
examining-the-database

union-based-injection

SQL_Injection_Prevention_Cheat_Sheet

Flag 05 - UNION-based SQL Injection - Search Member by ID

Refs:
examining-the-database

union-based-injection

SQL_Injection_Prevention_Cheat_Sheet

Flag 06 - Directory Traversal - URL Route http://darklyIPaddress/../../

Refs:
Path_Traversal

file-path-traversal

01-Testing_Directory_Traversal_File_Include

Flag 07 - Unrestricted file upload - Submit Image with php code integrated

Refs:
File_Upload_Cheat_Sheet

file-upload

Unrestricted_File_Upload

Flag 08 - BruteForce - Login page

Tip

Use the most famous password's dictionnary

Refs:
Brute_force_attack

Intruder_getting_started - Useful only if you want to use Burp Suite Tool

Flag 09 - Stored XSS - Leave a feedback

Refs:
02-Testing_for_Stored_Cross_Site_Scripting

cross-site-scripting

Flag 10 - Open Redirect - Check Homepage source Code

Refs:
Testing_for_Client_Side_URL_Redirect

Unvalidated_Redirects_and_Forwards_Cheat_Sheet

Flag 11 - Directory Enumeration - /.hidden

Refs:
Forced_browsing

information-disclosure

Flag 12 - HTTP header spoofing - Copyright Icon

Refs:
HTTP_Headers_Cheat_Sheet

bypassing-referer-based-defenses

Flag 13 - XSS - NSA image

Refs:
Preventing_cross-site-scripting

DOM_based_XSS_Prevention_Cheat_Sheet

Flag 14 - Parameter Tampering - Survey

Refs:
Web_Parameter_Tampering

Test_Integrity_Checks

Tools I used:

SHA256 Encoder

Password Hash Cracker

hash identifier

Burp Suite Community Edition

base64 encoder

MD5 encryptor tool