★ ★ ★ Login Amy (Sensitive Data Exposure)
HTML-код
- Опубликовано: 11 сен 2024
- Log in with Amy's original user credentials. (This could take 93.83 billion trillion trillion centuries to brute force, but luckily she did not read the "One Important Final Note")
🤴 Credits to Bjoern Kimminich for providing this excellent vulnerable web app. Download here: github.com/bki...
🔗 Python GIST - gist.github.co...
📃 This video is part of the OWASP Juice Shop solutions & walkthrough playlist ( • ★ Zero Stars (Improper... .
📓 Make sure to check out all the other videos in this playlist as well to get a full tutorial.
💡 If you have any questions or want to request a new video about a special topic, feel free to leave me a comment. You can also contact me on all of my social medias below.
💖 I need your help. Subscribe to this channel, link and retweet my videos and share them with your friends. This going to help make this project more sustainable in the long-run.
💙 Last but not least: Subscribe to my Twitter channels / hacksplained & / pascalsec , and support me on Patreon / hacksplained
This is truly a brilliant solution! I haven't downloaded the script, but you can display a suitable message and terminate the loop as soon as you get a 200 response (instead of 401) from the server.
Alternatively, I just checked the Github and found the password there, but your solution was way cooler to learn.
Another way of solving it would be just generating list of potential passwords, then using md5sum on each of them and comparing results to the md5 hash of Amy's password (taken from the database).
Yeap, Juice Shop often times offers multiple solutions, which is awesome!!
this is great that you brought python to solve this challenge. unexpected! did you try turbo intruder in Burp? it's a free add-on and also uses python. it allows to do faster bruteforcing without throttling requests right inside Burp.
Haha, why unexpected?
:)
I have not thought of Turbo Intruder to be honest. I was actually thinking that Turbo Intruder is Burp Pro only, but I have just checked, it's not. Will definitely incorporate it into my videos next time!!
i'll try to look up your code. not familiar with async, just requests. and also please provide the solution sometime later too.
@@tanercoder1915 sure will do :) Will wait a bit first for a couple of folks to answer.
@@tanercoder1915 @Hacksplained I've updated the solution in gist, check it out. gist.github.com/pascalschulz/e4952c1961cd068d94b81c361fc2514a#gistcomment-3356442
Hot
First viewer
Cheers Mate :)