Hello. Today, I am going to write about the OWASP Juice Shop. The last time I was working on Juice shop I used SQL injection to bypass the login. Through this exploit, I was able to get a the admin email. In those post, I will develop a password cracker to crack the admin password to get the clear text value.
The first thing to do is ensure that Burp Suite is running and that the web browser is sending its traffic through the proxy.
Navigate to the login page and submit a request.
http://10.0.0.244:3000/#/loginFind the request in Burp Suite Site map. With the information from the information panes, I can start to craft the shell Python code.
Develop a python script to duplicate this POST request. Import the requests and json libraries. Set variables to track the IP address, port, user, API url, and password. Set two dictionary variables to track the headers and data. Dump the data dictionary into a string variable. Use these variables to submit the post request.
Update the file to include the path to the password file. Please note, that the rock you file has 14+ million records and could take a while for testing. Open the file and iterate through the passwords. Include an IF statement to identify when a match is discovered.
Testing the password…and wait. I confirmed the code works up until this point.
art@kali:~/blog$ python3 password_cracker.py
The password is: admin123Separate the code in functions for easier maintainability. Move the send request to its own method.
Add an IF statement to call the main function.
Import the argparse library and use it to capture the variables that would require human input to make the script more dynamic.
Update the old variables to accept the new parser variables.
Check the new code and ensure that the code is still in working order.
art@kali:~/blog$ python3 password_cracker.py -i 10.0.0.244 -p 3000 -f /usr/share/wordlists/rockyou.txt
The password is: admin123Update the code to have a try except block to catch general errors.
With this update, that wraps up this part of the script. I have the password. I might do another iteration later. This next iteration would have more error trapping and human proofing the code. There are other change that I have in my head. They can wait for another time. Enjoy the rest of your day.
Warm regards.
JMIDSec 