Module Question: Run ZAP Scanner on the target above to identify directories and potential vulnerabilities. Once you find the high-level vulnerability, try to use it to read the flag at ‘/flag.txt’
When I open a web browser through zap the HUD is non-responsive. When I attempt to run spider from the HUD, I am asked if I want to add it to scope. I confirm, but nothing is happens. When I press the button from the top left of the HUD to add the current domain to scope, nothing happens. When I run a Spider scan from ZAP (not the HUD), the scan will complete but no critical flags appear. Based on my research, ZAP is supposed to find a Remote OS Command Injection vuln. I also attempted to do an active scan. I also made sure the URL was added as context under the “sites” section. I feel like I’m missing something obvious but their are surprisingly very little tutorials and walkthroughs available online. Any help would be appreciated.