Webgoat - Admin password reset

Webgoat – Admin password reset

In this walk through, we will be going through the Admin password reset vulnerability section from Webgoat Labs. We will be exploring and exploiting Admin password reset functionality and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Admin password reset

  • In this challenge, we have to reset the admin password using the password reset functionality of the application.

Forgot Password

  • I first intercepted the request via Burpsuite and sent the email to our user mail box to see how the request is being carried out.

Burpsuite intercept

  • As per the response the email was successfully sent to our user.

Burpsuite Response

  • I clicked on the reset link in the inbox and it shows that the reset link is not for admin. That means it is deliberately checking for value that belongs to admin.

Password reset email

reset link not for admin

  • The above password reset link has a token value which looks like a hash. I used hash-identifier to find out and it was a possible MD5 however i was unable to decrypt it via generic online decrypters.

MD5 hash: d8941cf04545d885a3835f9f326475de

Hash-identifier

  • Checked the source code and found that the admin password link is hardcoded in the application source code as the challenge was already turned green however we were unable to get the flag.

Link: https://github.com/WebGoat/WebGoat/blob/main/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java

Source code

  • Used the hash as token and got our flag. Submit it complete the challenge.

375afe1104f4a487a73823c50a9292a2

Success!!

Flag Submitted

Also Read: Webgoat – Path traversal

Conclusion:

Conclusion

So, we finally completed the Webgoat Admin password reset Vulnerability section. Next, we can mitigate the Password reset attacks by making sure that the password reset token is being securely sent to the concerned user. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top