Name: Reset Jim’s Password
Description: Reset Jim’s password via the Forgot Password mechanism with the original answer to his security question.
Difficulty: 3 star
Category: Broken Authentication
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html
Occasionally I get egg on my face. This is one such challenge. In the Login Jim challenge, it was revealed that Jim’s password is “ncc-1701”. If I’d spent 10 seconds googling that password I would have saved myself quite a bit of work. Anyway, here’s how I actually approached the problem.
First, as many things in this app have something to do with Futurama, I checked the list of Futurama voice actors for a “Jim”.
No luck. Next I searched for famous Jims, looked through their Wikipedia pages for sibling names and added them to a wordlist. I failed to consider that “James” is synonymous with “Jim”.
Then, as I’ve done repeatedly, I threw the wordlist into Burp’s Intruder for a Sniper attack.
This yielded nothing, so I scraped the US Social Security Administration’s “Most popular names of the 19×0’s” and processed that information using a Python script to create a larger wordlist ranging from the 1950’s to the 1990’s.
Still nothing. So I started digging around the site trying to find out more about Jim. After an embarrassingly long time, I stumbled upon the reviews. What I found most interesting about the reviews is that they do not appear in the site’s database. They are a separate entity entirely, so they must be searched individually.
STARFLEET! Of course!
Despite “George” being highlighted here, the answer is actually Samuel.
Prevention and Mitigation Strategies:
Lessons Learned and Things Worth Mentioning:
For all of my talk about how previously gathered data is a timesaver, I failed to take that into account in this instance. I should have been more attentive to that detail. I could blame it on not being a Trekkie, but that’s a cop out. I should’ve searched “ncc-1701” the first time I saw it.