API 01

Our task is to get the stored key in the admin’s account

Navigate to the webpage

Lets create an account

Lets create a secret

Now, lets fire up burpsuite, we’ll capture this request and send it over to burp repeater

What happens when we change the 2 to 3??? Well, lets find out

Alright, so that’s the secret I created.

How about we change it to 1

We got the key,

Submitting the key

We have sucessfully completed this exercise

API 02

Our task is to get the stored key located in the admin user’s account

Navigate to the webpage

So, we’ll signup and try to create a new secret

Now, we’ll capture this request using burpsuite and send it over to burp repeater

Changing the number doesn’t work as it did in the previous lab.

Take a loot at the jwt token been used

We can check the contents of this token using an online tool, you can access it here

Lets change the id to 1. Then we copy the new token that’ll be generated and replace it with the former one on burpsuite

So we got an error, that says the secret is not owned by the user. Lets change /api/secrets/2 to /api/secrets/1 since we are trying to view the admin’s secret

We got the ket hehe

Submitting it

We have successfully completed this exercise

API 03

Our task is to get the key that solves this lab and this key is located in the admin user’s account

Navigate to the webpage

Lets create and account, then we try to create a new secret

Now, lets capture this request using burpsuite and send it over to burp repeater

This lab is similar to the previous lab, just that in this lab we have to get the secret key before we can edit the content of the token

We’ll be using a tool called hashcat to try to get the secret.

command:hashcat -m 16500 -a 0 jwt_token.txt /usr/share/wordlists/rockyou.txt

cool, we got the secret to be secret, now lets edit the token with the online website we used earlier

As you can see, from the above screenshot, I changed the id to 1 and also provided the secret phrase.

Now lets copy that token and replace it with the former one

Changing /api/secrets/2 to /api/secrets/1 should get us the key

Submitting the key

We have successfully completed this labs

API 04

Our is to review the JavaScript of the page to find a hidden endpoint.

Navigate to the webpage

Checking the page source

Lets take a look at what’s in the js file. Well, I found this

Well, that’s an endpoint. Lets analayze what’s here. To do this, navigate to the webpage and capture the request using burpsuite

We’ll be using a POST request for this

coo, we got the key

Submitting it

We have successfully completed this exercise

API 05

Our task is to review the JavaScript of the page to find a hidden endpoint. But this time the code has been compressed

Navigae to the webpage

Checking the page source

You can use this to deobfuscate this javascript code

Copying the output, I found the endpoint

Lets analyze the endpoing /get_more_secret

Navigate to the webpage, capture the request using burpsuite and send it over to burp repeater. Also, change the request method to POST

Nice, we got the key

Submitting the key

We have successfully solved this exercise

API 06

Our task is to review the JavaScript of the page to find a hidden endpoint. But this time the code is being conpressed

Navigate to the webpage

Lets view the page source

Lets deobfuscate the script using the same method we used in the previous lab

nice, we got the endpoint.

Not to waste time, repeating the same thing we did in the previous labs gets us the key

API 07

Our task is to review the JavaScript of the page to find an information leak.

Navigate to the webpage

We get this login page

Checking the source code and analyzing the javascript file, I found the key

Submitting the key

We have successfully completed this exercise

API 08

Our task is to review the responses from the different API endpoints, to find an information leak allowing you to get logged in as admin@libcurl.so and get the key for this challeng

Navigate to the webpage

We have a login page, lets try to register an account

So we have to be logged in with the admin’s email address

Checking the login page, you’ll see there’s a reset email function. Since we don’t know the password of the admin email address lets reset the password

We don’t have access to check the mail lool. Lets try to reset again but this time we’ll capture the request on burpsuite and send it over to burp repeater