$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:theatmodeling
Now that the app is running let's go hacking!
Running the app Python3
First, make sure python3 and pip are installed on your host machine. After installation, we go to the folder of the lab we want to practise "i.e /skf-labs/XSS/, /skf-labs/jwt-secret/ " and run the following commands:
$ pip3 install -r requirements.txt
$ python3 <labname>
Now that the app is running let's go hacking!
Reconnaissance
Step1
The first step is to understand how the password reset functionality works. We identify that there is a /forget endpoint that serves the password reset page.
http://localhost:5000/forget
Step2
Submit a username to the password reset form to generate a reset token.
http://localhost:5000/passwordForget
Step3
Observe that the reset token is generated using the current timestamp and the username. The token generation logic is as follows: