Name: Bjoern’s Favorite Pet
Description: Reset the password of Bjoern’s OWASP account via the Forgot Password mechanism with the original answer to his security question.
Difficulty: 3 star
Category: Broken Authentication
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html
Hashcat, exiftool, Burp, FoxyProxy,
BeNeLux Day 2018: Juice Shop: OWASP’s Most Broken Flagship – Björn Kimminich
This challenge took a long time to complete. As always, I read the expanded description, though this time I opted to try two of the recommended paths to completing this challenge at the same time.
The passive method I opted for was to play YouTube videos of Bjoern in the background while I attempted to find the answer by compiling a list of German pet names to try with Burp’s Intruder tool.
First, though, I had to figure out which of Bjoern’s three registered email accounts had his favorite pet as its security question.
I then (as the videos played in the background) compiled a list of nearly 700 German pet names. After running them through a Python script to trim duplicates, I was left with only 3-400, so I began testing them using Burp Suite’s Intruder tool, set up for a Sniper attack.
After a nice long wait for Burp’s throttled requests to complete, I was left with nothing. Next, I decided to try to crack the hashes I’d pulled from the database in the Database Schema challenge.
… to no avail. Having tried to crack the hashes with every variation I could find on SHA256, and also listened to two full talks on YouTube without so much as a clue, I opted to read the solutions page. The video containing the solution was already running. I was less than a minute from completing this challenge legitimately. C’est la vie.
Prevention and Mitigation Strategies:
OWASP Security Question Cheat Sheet
Lessons Learned and Things Worth Mentioning:
I need to be more patient with OSINT gathering. Had I waited one more minute I wouldn’t have had to list the solutions page in my Resources section for this challenge.