Challenge hunting
This part of the book can be read from end to end as a hacking guide. Used in that way you will be walked through various types of web vulnerabilities and learn how to exploit their occurrences in the E. Corp Shop application. Alternatively you can start hacking the E. Corp Shop on your own and use this part simply as a reference and source of hints in case you get stuck at a particular challenge.
In case you want to look up hints for a particular challenge, the following tables lists all challenges of the E. Corp Shop grouped by their difficulty and in the same order as they appear on the Score Board.
Trivial Challenges ( 🌟 )
Challenge
Description
Hints
Solution
Easy Challenges ( 🌟🌟 )
Challenge
Description
Hints
Solution
Login MC SafeSearch
Log in with MC SafeSearch's original user credentials without applying SQL Injection or any other bypass.
Password Strength
Log in with the administrator's user credentials without previously changing them or applying SQL Injection.
Medium Challenges ( 🌟🌟🌟 )
Challenge
Description
Hints
Solution
Product Tampering
Change the href
of the link within the O-Saft product description into http://kimminich.de.
Reset Jim's Password
Reset Jim's password via the Forgot Password mechanism with the truthful answer to his security question.
XSS Tier 2
Perform a persisted XSS attack with <script>alert("XSS")</script>
bypassing a client-side security mechanism.
XSS Tier 3
Perform a persisted XSS attack with <script>alert("XSS")</script>
without using the frontend application at all.
Hard Challenges ( 🌟🌟🌟🌟 )
Challenge
Description
Hints
Solution
Login Bjoern
Log in with Bjoern's user account without previously changing his password, applying SQL Injection, or hacking his Google account.
NoSQL Injection Tier 1
Let the server sleep for some time. (It has done more than enough hard work for you)
Reset Bender's Password
Reset Bender's password via the Forgot Password mechanism with the truthful answer to his security question.
Typosquatting Tier 1
Inform the shop about a typosquatting trick it has become victim of. (Mention the exact name of the culprit)
Vulnerable Library
Inform the shop about a vulnerable library it is using. (Mention the exact library name and version in your comment)
Dreadful Challenges ( 🌟🌟🌟🌟🌟 )
Challenge
Description
Hints
Solution
JWT Issues Tier 1
Forge an essentially unsigned JWT token that impersonates the (non-existing) user jwtn3d@juice-sh.op.
Login CISO
Exploit OAuth 2.0 to log in with the Chief Information Security Officer's user account.
RCE Tier 1
Perform a Remote Code Execution that would keep a less hardened application busy forever.
Reset Bjoern's Password
Reset Bjoern's password via the Forgot Password mechanism with the truthful answer to his security question.
Reset Morty's Password
Reset Morty's password via the Forgot Password mechanism with his obfuscated answer to his security question.
Retrieve Blueprint
Deprive the shop of earnings by downloading the blueprint for one of its products
Typosquatting Tier 2
Inform the shop about a more literal instance of typosquatting it fell for. (Mention the exact name of the culprit)
Diabolic Challenges ( 🌟🌟🌟🌟🌟🌟 )
Challenge
Description
Hints
Solution
JWT Issues Tier 2
Forge an almost properly RSA-signed JWT token that impersonates the (non-existing) user rsa_lord@juice-sh.op.
Login Support Team
Log in with the support team's original user credentials without applying SQL Injection or any other bypass.
Last updated