Hacking OWASP’s Juice Shop Pt. 31: Bjoern’s Favorite Pet

Challenge: 

Name: Bjoern’s Favorite Pet

Description: Reset the password of Bjoern’s OWASP account via the Forgot Password mechanism with the original answer to his security question.

Difficulty: 3 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Tools used:

Hashcat, exiftool, Burp, FoxyProxy,

Resources used:

Solutions Page

BeNeLux Day 2018: Juice Shop: OWASP’s Most Broken Flagship – Björn Kimminich

Hash Analyzer

Methodology: 

This challenge took a long time to complete. As always, I read the expanded description, though this time I opted to try two of the recommended paths to completing this challenge at the same time.

The passive method I opted for was to play YouTube videos of Bjoern in the background while I attempted to find the answer by compiling a list of German pet names to try with Burp’s Intruder tool.

First, though, I had to figure out which of Bjoern’s three registered email accounts had his favorite pet as its security question.

I then (as the videos played in the background) compiled a list of nearly 700 German pet names. After running them through a Python script to trim duplicates, I was left with only 3-400, so I began testing them using Burp Suite’s Intruder tool, set up for a Sniper attack.

All that time spent cleaning up word lists for nothing. I even put ‘Z’ first because of the Missing Encoding challenge.

After a nice long wait for Burp’s throttled requests to complete, I was left with nothing. Next, I decided to try to crack the hashes I’d pulled from the database in the Database Schema challenge.

As it turns out, the actual hashing algorithm is much more intense than these.

… to no avail. Having tried to crack the hashes with every variation I could find on SHA256, and also listened to two full talks on YouTube without so much as a clue, I opted to read the solutions page. The video containing the solution was already running. I was less than a minute from completing this challenge legitimately. C’est la vie.

Prevention and Mitigation Strategies:

OWASP Security Question Cheat Sheet

Lessons Learned and Things Worth Mentioning: 

I need to be more patient with OSINT gathering. Had I waited one more minute I wouldn’t have had to list the solutions page in my Resources section for this challenge.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s