In this walk through, we will be going through the Admin password reset vulnerability section from Webgoat Labs. We will be exploring and exploiting Admin password reset functionality and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.
- In this challenge, we have to reset the admin password using the password reset functionality of the application.
- I first intercepted the request via Burpsuite and sent the email to our user mail box to see how the request is being carried out.
- As per the response the email was successfully sent to our user.
- I clicked on the reset link in the inbox and it shows that the reset link is not for admin. That means it is deliberately checking for value that belongs to admin.
- The above password reset link has a token value which looks like a hash. I used hash-identifier to find out and it was a possible MD5 however i was unable to decrypt it via generic online decrypters.
MD5 hash: d8941cf04545d885a3835f9f326475de
- Checked the source code and found that the admin password link is hardcoded in the application source code as the challenge was already turned green however we were unable to get the flag.
- Used the hash as token and got our flag. Submit it complete the challenge.
375afe1104f4a487a73823c50a9292a2
Also Read: Webgoat – Path traversal
Conclusion:
So, we finally completed the Webgoat Admin password reset Vulnerability section. Next, we can mitigate the Password reset attacks by making sure that the password reset token is being securely sent to the concerned user. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.