Skills Assessment

Scenario

You are tasked to conduct a penetration test on a client's Work-in-Progress user management platform. The platform is not completed yet, however, the user management core is already finished. Thus, the client wants you to focus on this feature and is particularly interested in vulnerabilities leading to privilege escalation. The web application implements three user roles: guest, user, and admin.

Furthermore, the client wants to ensure the security of the user management core to be as secure as possible. Thus, the penetration test is conducted in an assumed breach scenario where it is assumed that you obtained access to the user database through other means. Here is the user database provided by the client:

+----+-----------+----------------------------------+------+
| id | username  | password                         | role |
+----+-----------+----------------------------------+------+
|  1 | admin     | 0f5ff846bf7ae24489371cd8b7c1a1cd |    0 |
|  2 | vicky     | f179a0139bcdfd8cb317bc909d772872 |    1 |
|  3 | larry     | 0e656540908354891055044945395170 |    1 |
|  4 | ugo       | 076395db88a35e081442b0a4c6b9ce93 |    1 |
|  5 | lastrada  | 76ab196d4b4e5a308da01db9a7d4d451 |    2 |
|  6 | mumble    | 74b6af8dcda692bbc2b37a3e58e3151e |    2 |
|  7 | eris      | 12558e4c0b16815df04a3b1a515df968 |    2 |
|  8 | selby     | cefce2f3409aa1166232e263173a51bc |    2 |
|  9 | eggfox    | 3e41a8f42296e5da59ab6ffd284a738d |    2 |
| 10 | htb-stdnt | 02566311a7d37c5d58456e7d0d39bb78 |    2 |
+----+-----------+----------------------------------+------+

Additionally, the client provides access to a guest user: htb-stdnt:Academy_student!.