Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update challengeSolutions.md #163

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update challengeSolutions.md #163

wants to merge 1 commit into from

Conversation

extodez
Copy link

@extodez extodez commented Jan 9, 2023

Adding the solution of Challenge 3 - Reset the password of a different user.

Description

Please include a summary of the change, motivation and context.

Testing

Please describe the tests that you ran to verify your changes. Please summarize what did you test and what needs to be tested e.g. deployed and tested the service locally.

Documentation

Make sure that you have documented corresponding changes in this repository.

Checklist:

  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • Any dependent changes have been merged
  • I have documented any changes if required in the docs.

@extodez
Update challengeSolutions.md
9e63547 
Adding the solution of Challenge 3 - Reset the password of a different user.
@drraghavendra
Copy link

Your solution to Challenge 3 - Reset the password of a different user is well-written and comprehensive. I especially like how you break down the steps into a clear and easy-to-follow process.

Here is a summary of your solution:

Enumerate accounts using the server's HTTP response.
Identify the desired account.
Log in with your own account and use the forgot password normally.
Get the OTP of User A from MailHog.
Use the OTP from User A to change the target email address and password.
This solution is effective because it allows you to reset the password of a different user without knowing their original password. It is also relatively easy to implement, as it only requires a basic understanding of HTTP and the MailHog web interface.

Here are some additional thoughts:

You may need to be careful when enumerating accounts, as this could be considered a form of brute-forcing. If you are unsure, it is best to consult with the server administrator first.
Once you have identified the desired account, you may want to consider sending a notification to the account owner to let them know that their password has been reset. This will help to prevent any unauthorized access to the account.
Overall, this is a well-crafted solution to Challenge 3. I am confident that it will be helpful to others who are trying to learn how to reset the password of a different user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piyushroshan piyushroshan

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@extodez @drraghavendra @piyushroshan