Permalink
Browse files

Add a second "Reset Bjoern's Password" challenge

  • Loading branch information...
bkimminich committed Dec 1, 2018
1 parent 049f75d commit 65b9754cea7afed2535a8ccae24a503178501b43
@@ -227,4 +227,6 @@ ctf:
loginAmyChallenge:
name: Andorra
code: AD
resetPasswordBjoernOwaspChallenge:
name: Kazakhstan
code: KZ
@@ -378,6 +378,10 @@ function createSecurityAnswers () {
SecurityQuestionId: 9,
UserId: 12,
answer: 'West-2082' // http://www.alte-postleitzahlen.de/uetersen
}, {
SecurityQuestionId: 7,
UserId: 13,
answer: 'Zaya'
}]
return Promise.all(
@@ -319,12 +319,12 @@
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/security-misconfiguration.html#reset-mortys-password-via-the-forgot-password-mechanism'
key: resetPasswordMortyChallenge
-
name: 'Reset Bjoern''s Password'
name: 'Reset Bjoern''s Password Tier 2'
category: 'Broken Authentication'
description: 'Reset Bjoern''s password via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
description: 'Reset the password of Bjoern''s internal account via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
difficulty: 5
hint: 'Nothing a little bit of Facebook stalking couldn''t reveal. Might involve a historical twist.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-bjoerns-password-via-the-forgot-password-mechanism'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-the-password-of-bjoerns-internal-account-via-the-forgot-password-mechanism'
key: resetPasswordBjoernChallenge
-
name: 'NoSQL Injection Tier 1'
@@ -591,3 +591,11 @@
hint: 'This challenge will make you go after a needle in a haystack.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/sensitive-data-exposure.html#log-in-with-amys-original-user-credentials'
key: loginAmyChallenge
-
name: 'Reset Bjoern''s Password Tier 1'
category: 'Broken Authentication'
description: 'Reset the password of Bjoern''s OWASP account via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
difficulty: 3
hint: 'He might have spoilered it on at least one occasion where a camera was running. Maybe elsewhere as well.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-the-password-of-bjoerns-owasp-account-via-the-forgot-password-mechanism'
key: resetPasswordBjoernOwaspChallenge
@@ -59,3 +59,9 @@
password: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase'
key: bjoern
isAdmin: true
-
email: bjoern.kimminich@owasp.org
password: 'kitten lesser pooch karate buffoon indoors'
customDomain: true
key: bjoernOwasp
isAdmin: true
@@ -38,6 +38,9 @@ module.exports = function resetPassword () {
if (utils.notSolved(challenges.resetPasswordMortyChallenge) && user.id === users.morty.id && answer === '5N0wb41L') {
utils.solve(challenges.resetPasswordMortyChallenge)
}
if (utils.notSolved(challenges.resetPasswordBjoernOwaspChallenge) && user.id === users.bjoernOwasp.id && answer === 'Zaya') {
utils.solve(challenges.resetPasswordBjoernOwaspChallenge)
}
res.json({ user })
}).catch(error => {
next(error)
@@ -125,7 +125,7 @@ describe('/rest/user/reset-password', () => {
.expect('status', 200)
})
it('POST password reset for Bjoern with correct answer to his security question', () => {
it('POST password reset for Bjoern´s internal account with correct answer to his security question', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
@@ -138,6 +138,19 @@ describe('/rest/user/reset-password', () => {
.expect('status', 200)
})
it('POST password reset for Bjoern´s OWASP account with correct answer to his security question', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
email: 'bjoern.kimminich@owasp.org',
answer: 'Zaya',
new: 'kitten lesser pooch karate buffoon indoors',
repeat: 'kitten lesser pooch karate buffoon indoors'
}
})
.expect('status', 200)
})
it('POST password reset for Morty with correct answer to his security question', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
@@ -51,18 +51,35 @@ describe('/#/forgot-password', () => {
})
describe('as Bjoern', () => {
it('should be able to reset password with his security answer', () => {
email.sendKeys('bjoern@' + config.get('application.domain'))
browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
securityAnswer.sendKeys('West-2082')
newPassword.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
newPasswordRepeat.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
resetButton.click()
describe('for his internal account', () => {
it('should be able to reset password with his security answer', () => {
email.sendKeys('bjoern@' + config.get('application.domain'))
browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
securityAnswer.sendKeys('West-2082')
newPassword.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
newPasswordRepeat.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
resetButton.click()
expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
})
protractor.expect.challengeSolved({challenge: 'Reset Bjoern\'s Password Tier 2'})
})
protractor.expect.challengeSolved({ challenge: 'Reset Bjoern\'s Password' })
describe('for his OWASP account', () => {
it('should be able to reset password with his security answer', () => {
email.sendKeys('bjoern.kimminich@owasp.org')
browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
securityAnswer.sendKeys('Zaya')
newPassword.sendKeys('kitten lesser pooch karate buffoon indoors')
newPasswordRepeat.sendKeys('kitten lesser pooch karate buffoon indoors')
resetButton.click()
expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
})
protractor.expect.challengeSolved({challenge: 'Reset Bjoern\'s Password Tier 1'})
})
})
describe('as Morty', () => {

0 comments on commit 65b9754

Please sign in to comment.