Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
227
If we browse to the /ui path we’ll discover the entire APIs’ documentation.
Although this is common during white-box testing, is not a luxury we normally
have during a black-box test.
Let’s first inspect the /users API with curl.
kali@kali:~$
curl -i http://192.168.50.16:5002/users/v1
HTTP/1.0 200 OK
Content-Type: application/json
Content-Length: 241
Server: Werkzeug/1.0.1 Python/3.7.13
Date: Wed, 06 Apr 2022 09:27:50 GMT
{
"users": [
{
"email": "mail1@mail.com",
"username": "name1"
},
{
"email": "mail2@mail.com",
"username": "name2"
},
{
"email": "admin@mail.com",
"username": "admin"
}
]
}
Listing 108 - Obtaining Users’ Information
The application returned three user accounts, including an administrative account that seems to
be worth further investigation. We can use this information to attempt another brute force attack
with gobuster, this time targeting the
admin
user with a smaller wordlist. To verify if any further
API property is related to the
username
property, we’ll expand the API path by inserting the admin
username at the very end.
kali@kali:~$
Yüklə
Dostları ilə paylaş: 
