Login Bjorn Challenge

Jul 8, 2024

Lecture Notes: Login Bjorn Challenge

Main Objective

  • Task: Log in with Bjorn's Gmail account without changing his password, applying SQL injection, or hacking his Google account.
  • Category: Broken authentication.

Finding Bjorn’s Gmail Account

  • Navigate to OSP2Shop's administration path where registered users are visible (if logged in as the administrator).
  • Bjorn’s Gmail: bjorn.dot.chemin@gmail.com.
  • Note: This email will be used later for login attempts.

Understanding OAuth

  • OAuth is an open standard for access delegation, allowing users to log in to a service via an existing account like Google or Facebook.
  • Usage: Seen in login options like "Log in with Google".
  • OAuth Vulnerabilities: Potential flaws in the implementation can be exploited.

Inspecting JavaScript in OSP2Shop

  • Use browser's Developer Tools to inspect JavaScript code under the Debugger tab.
  • Look for OAuth-relevant code in the main JavaScript file (e.g., eos215.js).
  • Pretty print the code for readability.

Key Findings in JavaScript Code

  • Session to find relevant OAuth code snippets (search oauth):
  • Notable snippets: oauth unavailable and other oauth strings.
  • Significant line containing both oauth and password.

Understanding Key Code Snippet

  • Snippet suggests parameters: email and password.
  • Password Derivation: Uses a method called btoa, which encodes a string in Base64.
  • Parameters manipulation: email is split, reversed, and then joined before being encoded in Base64.

Practical Steps and Console Use

  • Console Operations:
    1. Store and split email string: email.split('').
    2. Reverse the array of characters: array.reverse().
    3. Join the reversed array: array.join('').
    4. Encode the result in Base64 using window.btoa(reversed_string).
  • The resulting Base64 string is used as the password.

Login Attempt

  • Use Bjorn’s email and the derived password to log in.
  • Steps:
    1. Open the login page of OSP2Shop.
    2. Enter Bjorn’s email.
    3. Enter the derived Base64 password.
    4. Click on Login.
  • Screen confirms successful login.

Conclusion

  • Importance of inspecting web application code for potential vulnerabilities.
  • Using browser tools effectively can reveal critical information for security challenges.

Recommendations:

  • Always analyze dynamic web app source code for vulnerabilities.
  • Stay updated with security practices to safeguard applications from similar attacks.

Additional Resources

  • Previous Videos: Links provided for further insights into finding email addresses and similar exploits.
  • Subscription: Reminder to subscribe for more tutorials and security challenges.

Make sure you always do that and see if there’s anything more in it that you can use to hack the web! Thank you for watching! Don’t forget to subscribe!