Pwning OWASP’s Juice Shop Pt. 2: Score Board

Challenge: 

Name: Score Board

Description: Find the carefully hidden ‘Score Board’ page.

Difficulty: 1 star

Category: Miscellaneous

Expanded Description: https://pwning.owasp-juice.shop/part2/score-board.html 

Tools used:

Dirbuster

Resources used:

Official Companion Guide: https://pwning.owasp-juice.shop/

Methodology: 

Reading the expanded description in the guide, I was pointed to the section titled “Finding the Score Board”. There, one of the hints strenuously suggested that this link was easily guessable. That’s great and all, but it makes for a terrible walkthrough, so instead I fired up Dirbuster and prepared for the onslaught of errors I knew would be coming. For some reason Dirbuster and Juice Shop on Docker don’t always get along with one another particularly well, which is unfortunate, as it’s a very easy tool to use. Despite this, I had nothing to lose by trying it again.

I opted to set up a non recursive scan for directories only to save some time, knowing that if it were guessable then it’s almost certainly not hidden in another folder. Using the medium sized directory wordlist, I crossed my fingers, pressed “Start”, and began the estimated 45 minute wait. This time I only got a handful of errors, which was a pleasant surprise! The scan discovered a large number of directories, which would definitely be useful later, but still ultimately died at roughly 40% completion. It also died in such a way that I was forced to kill the process via command line.

It somehow failed its way into solving two unrelated challenges.

With no solution provided by the enumeration scan, guessing was turning out to be the best solution. I tried the most obvious of links (http://localhost:3000/#/score-board) and was met with the score board!

Full disclosure: while waiting for the scan to complete, I decided to check the wordlist I was using for what I knew the solution to be and was a little surprised to not find it. I even searched the full sized directory list with no luck. I then updated my wordlist to include it, because who knows if it’ll come in handy in the future.

Alternatively, you can simply click on the drop down menu on the left side, then select “Score Board”, but where’s the fun in that?

Prevention and mitigation strategies:

None necessary.

Lessons Learned and Things Worth Mentioning: 

  1. It’s hard to make a convincing walkthrough for a challenge which was solved for me in The CyberMentor’s Practical Ethical Hacking course (which I highly recommend).
  2. Guessing is a valid tactic.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s