AP 120: Vulnerable API (20 pts extra)

What You Need

• Postman and Python 3

Purpose

Installing Vulnerable API

cd
git clone https://github.com/jorritfolmer/vulnerable-api.git
sudo apt update
sudo apt install virtualenv

virtualenv venv
source venv/bin/activate
cd vulnerable-api
pip install -r requirements.txt
python ./vAPI.py -p 8080

Restarting Vulnerable API If you shut down the server, you can restart it with these commands: cd virtualenv venv source venv/bin/activate cd vulnerable-api python ./vAPI.py -p 8080

You see a message showing that vAPI is running, as shown below.

Importing API Specifications

A Postman web page opens. Create an account, or link to an existing Google account.

Return to the main Postman window, as shown below.

In the Import box, click the Link tab.

Enter this URL, as shown below.

https://github.com/jorritfolmer/vulnerable-api/raw/main/openapi/vAPI.yaml

In the next box, in the "Link this collection as", select "Test Suite", as shown below, and click the orange Import button.

Setting the Base URL

On the right side, click the Variables tab.

Enter the URL to your instance of vulnerable-api into the "CURRENT VALUE" field, as shown below.

Then click the Save icon, outlined in green in the image below.

Creating a User Account

On the Body tab, enter a username and password of your choice.

Delete the outermost quotation marks and the backslashes, and click Beautify, so the JSON spreads out into several lines, as shown below.

If you get a status 400 response, saying "Request body is not valid JSON", check to make sure the extra quotation marks and backslashes are correctly removed.

Flag AP 120.1: Message (10 pts) When the JSON is correct, you get a different error. The flag is covered by a green rectangle in the image below.

Getting an Authorization Token

On the Body tab, default values are already set. Don't change the username or password, but remove the outer quotation marks and backslashes, so you can Beautify the JSON, as shown below.

There's an extraneous "\n" you need to remove too.

Click the blue Send button.

You get a token, highlighted in the image below.

Copy the token to the Clipboard.

Adding the Token to the Collection

In the "Vulnerable API" collection, in the "draft" container, click the "Vulnerable API" object.

In the center pane, click the Variables tab.

Add a variable named token with a CURRENT VALUE of your token, as shown below.

Then click the Save icon, outlined in green in the image below.

Reserving a Widget

On the Headers tab, in the "X-Auth-Token" line, change the VALUE to

{{token}}

Change the "widgetname" to "widget01", as shown below.

Click the blue Send button.

The request succeeds, as shown below.

Flag AP 120.2: Message (5 pts) The flag is covered by a green rectangle in the image below.

Requesting a User Record

On the Headers tab, in the "X-Auth-Token" line, change the VALUE to

{{token}}

Click the blue Send button.

The request succeeds, as shown below.

Flag AP 120.2: Message (5 pts) The flag is covered by a green rectangle in the image below.

Source

Posted 5-11-22