Curiosity Kills Colby | Northwestern Misadventures

Hacking OWASP’s Juice Shop Pt. 65: Email Leak

Posted on January 5, 2021 by codeblue04

Challenge:

Name: Email Leak

Description: Perform an unwanted information disclosure by accessing data cross-domain.

Difficulty: 5 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 64: Kill Chatbot

Posted on January 4, 2021 by codeblue04

Challenge:

Name: Kill Chatbot

Description: Permanently disable the support chatbot so that it can no longer answer customer queries.

Difficulty: 5 star

Category: Vulnerable Components

Expanded Description: https://pwning.owasp-juice.shop/part2/vulnerable-components.html

Hacking OWASP’s Juice Shop Pt. 63: Retrieve Blueprint

Posted on December 30, 2020 by codeblue04

Challenge:

Name: Retrieve Blueprint

Description: Deprive the shop of earnings by downloading the blueprint for one of its products.

Difficulty: 5 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 62: Supply Chain Attack

Posted on December 28, 2020 by codeblue04

Challenge:

Name: Supply Chain Attack

Description: Inform the development team about a danger to some of their credentials. (Send them the URL of the original report or an assigned CVE or another identifier of this vulnerability)

Difficulty: 5 star

Category: Vulnerable Components

Expanded Description: https://pwning.owasp-juice.shop/part2/vulnerable-components.html

Hacking OWASP’s Juice Shop Pt. 61: Leaked Access Logs

Posted on December 27, 2020 by codeblue04

Challenge:

Name: Leaked Access Logs

Description: Dumpster dive the Internet for a leaked password and log in to the original user account it belongs to. (Creating a new account with the same password does not qualify as a solution.)

Difficulty: 5 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 60: Extra Language

Posted on December 25, 2020 by codeblue04

Challenge:

Name: Extra Language

Description: Retrieve the language file that never made it into production.

Difficulty: 5 star

Category: Broken Anti-Automation

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-anti-automation.html

Hacking OWASP’s Juice Shop Pt. 59: Change Bender’s Password

Posted on December 24, 2020 by codeblue04

Challenge:

Name: Change Bender’s Password

Description: Change Bender’s password into slurmCl4ssic without using SQL Injection or Forgot Password.

Difficulty: 5 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 58: Two Factor Authentication

Posted on December 23, 2020 by codeblue04

Challenge:

Name: Two Factor Authentication

Description: Solve the 2FA challenge for user “wurstbrot”. (Disabling, bypassing or overwriting his 2FA settings does not count as a solution)

Difficulty: 5 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 57: Blockchain Hype

Posted on December 22, 2020 by codeblue04

Challenge:

Name: Blockchain Hype

Description: Learn about the Token Sale before its official announcement.

Difficulty: 5 star

Category: Security Through Obscurity

Expanded Description: https://pwning.owasp-juice.shop/part2/security-through-obscurity.html

Hacking OWASP’s Juice Shop Pt. 56: Allowlist Bypass

Posted on December 21, 2020 by codeblue04

Challenge:

Name: Allowlist Bypass (formerly Whitelist Bypass)

Description: Enforce a redirect to a page you are not supposed to redirect to.

Difficulty: 4 star

Category: Unvalidated Redirects

Expanded Description: https://pwning.owasp-juice.shop/part2/unvalidated-redirects.html