Information Security

Hacking OWASP’s Juice Shop Pt. 26: Login Jim

Posted on by codeblue04

Challenge: 

Name: Login Jim

Description: Log in with Jim’s user account.

Difficulty: 3 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Tools used:

Burp, FoxyProxy, hashcat

Resources used:

Database Schema

Methodology: 

My methodology for solving this challenge differs greatly from the norm, in that usually I would read the expanded description, try to find what the Forgotten Password hit was, then solve the challenge by resetting his password.

Forgot Password Email jim@juice-sh.op Security Question Your eldest siblings middle name? Please provide an ansner to your security question. New Password O Password must be 5-20 characters long. Repeat New Password Show password advice Change o o

In this case, however, I had harvested his password hash (along with all others) in the Database Schema challenge. Having that MD5 hash in my possession, I simply ran it through hashcat and entered the cracked password: ncc-1701.

01920230bbd7325ø516fø69df18b5øø:admin123 e541coecf72b8d1286474fc613e5e45:ncc-17ø1 feø1ce2a7fbac8fafaed7c982aø4e229:demo Approaching final keyspace - workload adjusted.
For such an insecure web application, only three cracked hashes is remarkable.
You successfully solved a challenge: Login Jim (Log in with Jim's user account.) X

Prevention and Mitigation Strategies:

OWASP Mitigation Cheat Sheet 

Lessons Learned and Things Worth Mentioning: 

  1. I should have looked up what NCC-1701 meant. It would have saved me time down the road.
  2. Once again, extra data collected in earlier challenges saved me time and effort.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s