1. Types of API Tests

API testing is an essential part of the software development process, as it ensures that the API functions correctly and meets the requirements set out in the design phase. In this guide, we will…

Smartphone




Juicy Details

Introduction

You were hired as a SOC Analyst for one of the biggest Juice Shops in the world and an attacker has made their way into your network.

Your tasks are:

An IT team has sent you a zip file containing logs from the server. Download the attached file, type in “I am ready!” and get to work! There’s no time to lose!

Reconnaissance

Analyze the provided log files.

Look carefully at:

Q. What tools did the attacker use? (Order by the occurrence in the log)

Answer : nmap, hydra, sqlmap, curl, feroxbuster

Q. What endpoint was vulnerable to a brute-force attack?

Q. What endpoint was vulnerable to SQL injection?

Q. What parameter was used for the SQL injection?

Q. What endpoint did the attacker try to use to retrieve files? (Include the /)

Q. What section of the website did the attacker use to scrape user email addresses?

Q. Was their brute-force attack successful? If so, what is the timestamp of the successful login? (Yay/Nay, 11/Apr/2021:09:xx:xx +0000)

Q. What user information was the attacker able to retrieve from the endpoint vulnerable to SQL injection?

Q. What files did they try to download from the vulnerable endpoint?

Q. What service and account name were used to retrieve files from the previous question?

Q. What service and username were used to gain shell access to the server?

Add a comment

Related posts:

How to Better Engage the Reader with Relative Context

Here we are going to explore a case in which we have a website with relatively high bounce rate (meaning that high percent of the readers are leaving the site after visiting only single page). There… Read more

How to get a higher GPA in 2023

2023 may seem like a long way off, but it’s never too early to start planning how to get a higher GPA. With the right strategies and tactics, you can be well on your way to achieving your academic… Read more

Treat Your Bodies Like Ferraris

Attaining Ninja status and further musings on biohacking, micro-dosing, optimal performance, and personal sustainability. Friends and associates often ask me about biohacking. Likely due to my wife… Read more