Name: Login Jim
Description: Log in with Jim’s user account.
Difficulty: 3 star
Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html
Burp, FoxyProxy, hashcat
My methodology for solving this challenge differs greatly from the norm, in that usually I would read the expanded description, try to find what the Forgotten Password hit was, then solve the challenge by resetting his password.
In this case, however, I had harvested his password hash (along with all others) in the Database Schema challenge. Having that MD5 hash in my possession, I simply ran it through hashcat and entered the cracked password: ncc-1701.
Prevention and Mitigation Strategies:
Lessons Learned and Things Worth Mentioning:
- I should have looked up what NCC-1701 meant. It would have saved me time down the road.
- Once again, extra data collected in earlier challenges saved me time and effort.