Curiosity Kills Colby

Hacking OWASP’s Juice Shop Pt. 25: Login Amy

Posted on November 21, 2020 by codeblue04

Challenge:

Name: Login Amy

Description: Log in with Amy’s original user credentials. (This could take 93.83 billion trillion trillion centuries to brute force, but luckily she did not read the “One Important Final Note”)

Difficulty: 3 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 24: Deluxe Fraud

Posted on November 20, 2020 by codeblue04

Challenge:

Name: Deluxe Fraud

Description: Obtain a Deluxe Membership without paying for it.

Difficulty: 3 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 23: Payback Time

Posted on November 19, 2020 by codeblue04

Challenge:

Name: Payback Time

Description: Place an order that makes you rich.

Difficulty: 3 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 22: Admin Registration

Posted on November 18, 2020 by codeblue04

Challenge:

Name: Admin Registration

Description: Register as a user with administrator privileges.

Difficulty: 3 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 21: Database Schema

Posted on November 17, 2020 by codeblue04

Challenge:

Name: Database Schema

Description: Exfiltrate the entire DB schema definition via SQL injection.

Difficulty: 3 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 20: CAPTCHA Bypass

Posted on November 16, 2020 by codeblue04

Challenge:

Name: CAPTCHA Bypass

Description: Submit 10 or more customer feedbacks within 10 seconds.

Difficulty: 3 star

Category: Broken Anti-Automation

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-anti-automation.html

Hacking OWASP’s Juice Shop Pt. 19: Password Strength

Posted on November 15, 2020 by codeblue04

Challenge:

Name: Password Strength

Description: Log in with the administrator’s user credentials without previously changing them or applying SQL Injection.

Difficulty: 2 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 18: Deprecated Interface

Posted on November 14, 2020 by codeblue04

Challenge:

Name: Deprecated Interface

Description: Use a deprecated B2B interface that was not properly shut down.

Difficulty: 2 star

Category: Security Misconfiguration

Expanded Description: https://pwning.owasp-juice.shop/part2/security-misconfiguration.html

Hacking OWASP’s Juice Shop Pt. 17: View Basket

Posted on November 13, 2020 by codeblue04

Challenge:

Name: View Basket

Description: View another user’s shopping basket.

Difficulty: 2 star

Category: Broken Access Control

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html

Hacking OWASP’s Juice Shop Pt. 16: Visual Geo Stalking

Posted on November 12, 2020 by codeblue04

Challenge:

Name: Visual Geo Stalking

Description: Determine the answer to Emma’s security question by looking at an upload of her to the Photo Wall and use it to reset her password via the Forgot Password mechanism.

Difficulty: 2 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html