table of Contents
1. Caigou's entry
page 2
This page is to try webwolf
There is a little wolf in the upper right corner, which is the topic of webwolf
download webwolf from here: https://github.com/WebGoat/WebGoat/releases
If the download is slow or fails, you can right-click the webwolf-8.1.0.jar file to copy the link, and then copy to this website to download: https://d.serctl.com/
webwolf v8.1.0 should be the same as webgoat v8.1.0, also java 11.
The command to start the webwolf server is:
java -jar webwolf-8.1.0.jar --server.address=0.0.0.0
The default port is 9090
To start webwolf, you can click the blue here in the picture above, and it will jump directly to http://yourip:9090/WebWolf
First click on the gray line Forgot your password?
After jumping to the page in the figure below, enter the email in this format in the input box: webgoatusername@随便什么东西
Then you can see the following email in the Mailbox of webwolf, with the updated password in the email
Then return to webgoat and log in with the webgoat username@anything (or even the pure webgoat username) and the new password that you saw in the webwolf email just now, and you can pass. (But the number of pages for this question will not turn green there)
Page 4
This question requires guessing the answer to the security question (favorite color) of another user (such as tom, admin, or larry).
This question suggests that there is no anti-brute force cracking mechanism, so you can select the user name, and then blast the color in the burpsuite.
However, I exhausted my English vocabulary and guessed just a few casually. . So there is no blasting with burpsuite. .
This question tells us that choosing the color you like should be a bit more compelling, and don’t use common vocabulary (no)
Security issues should also have anti-brute force cracking mechanisms like passwords.
Page 5
Choose two on this page of emmmm to see why it’s not safe.
Page 6
This question requires resetting Tom’s password and logging in as Tom. The title prompts that Tom will click on the link when he receives the email.
First touch the process of resetting the password:
First, click the gray line Forgot your password? Jump to the page below
Then enter the email address in this format in the input box: webgoat username@anything, click Continue
I went to webwolf and found an email
Click on the link in the email above, and you will be redirected to the page below to reset the password.
As can be seen from the figure below, the link to reset the password contains the server ip and port number, as well as a string of token-like things.
I tried something similar to the token several times, but I didn't find any rules, and MD5 decryption couldn't solve it.
But if the server ip and port number can be modified, when tom clicks on the link in the email, webwolf can receive this token. Since this token seems to be the only credential to modify the password, with this token, you can modify the password of tom.
Next, start the tom:
Send an email to Tom, use burpsuite to intercept it, forward all the way, and wait until the following package (or send a package to your own mailbox, and then replay it, it’s not related to the token)
Modify Host to the ip and port number of webwolf
In webwolf's Incoming requests, you can see the request sent when Tom clicks on the link in the email. The request contains the token.
Combine the path of the real password with the token, and come to the page of real password modification, enter the new password and save (I also found an insecure place here, the same token can change the password multiple times)
Go to the account access page of webgoat and log in with Tom’s mailbox and the password you just changed. Clearance~
2. Course mind map
