Challenge: 

Name: Exposed Metrics

Description: Find the endpoint that serves usage data to be scraped by a popular monitoring system.

Difficulty: 1 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

None.

Resources used:

Prometheus documentation: https://prometheus.io/docs/introduction/first_steps

Methodology: 

RTFM is the fastest route to solving this. The expanded description provides both the name of the monitoring system and a link to its documentation. It will likely take less than 30 seconds of scanning to find the default link, and maybe another 5-10 to type it into the address bar. In all likelihood, your fist guess would probably be right: http://localhost:3000/metrics

Prevention and mitigation strategies:

Don’t allow users to access use metrics. Changing the link to something less generic (and non-default) along with restricting access to whitelisted IP addresses will provide reasonable protection. If you really want to obfuscate this link, you could even encode a password and use that as the link.

Lessons Learned and Things Worth Mentioning: 

1. Nothing, really. Always remember that Juice Shop is intentionally insecure. Default links and easily guessable answers should be somewhat expected at the 1 star level.