Name: Score Board
Description: Find the carefully hidden ‘Score Board’ page.
Difficulty: 1 star
Expanded Description: https://pwning.owasp-juice.shop/part2/score-board.html
Official Companion Guide: https://pwning.owasp-juice.shop/
Reading the expanded description in the guide, I was pointed to the section titled “Finding the Score Board”. There, one of the hints strenuously suggested that this link was easily guessable. That’s great and all, but it makes for a terrible walkthrough, so instead I fired up Dirbuster and prepared for the onslaught of errors I knew would be coming. For some reason Dirbuster and Juice Shop on Docker don’t always get along with one another particularly well, which is unfortunate, as it’s a very easy tool to use. Despite this, I had nothing to lose by trying it again.
I opted to set up a non recursive scan for directories only to save some time, knowing that if it were guessable then it’s almost certainly not hidden in another folder. Using the medium sized directory wordlist, I crossed my fingers, pressed “Start”, and began the estimated 45 minute wait. This time I only got a handful of errors, which was a pleasant surprise! The scan discovered a large number of directories, which would definitely be useful later, but still ultimately died at roughly 40% completion. It also died in such a way that I was forced to kill the process via command line.
With no solution provided by the enumeration scan, guessing was turning out to be the best solution. I tried the most obvious of links (http://localhost:3000/#/score-board) and was met with the score board!
Full disclosure: while waiting for the scan to complete, I decided to check the wordlist I was using for what I knew the solution to be and was a little surprised to not find it. I even searched the full sized directory list with no luck. I then updated my wordlist to include it, because who knows if it’ll come in handy in the future.
Alternatively, you can simply click on the drop down menu on the left side, then select “Score Board”, but where’s the fun in that?
Prevention and mitigation strategies:
Lessons Learned and Things Worth Mentioning:
- It’s hard to make a convincing walkthrough for a challenge which was solved for me in The CyberMentor’s Practical Ethical Hacking course (which I highly recommend).
- Guessing is a valid tactic.