crAPI Lab Solutions (Api Hacking) | by Aditya Chauhan | Medium

Home

Library

Stories

Stats

crAPI Lab Solutions (Api Hacking)
Aditya Chauhan
·Follow
2 min read·
May 28, 2022
--
Intro :
crAPI (Completely Ridiculous Application Programmer Interface) defines an intentionally vulnerable API to the OWASP API Top 10 vulnerabilities. crAPI is meant to illustrate and educate by presenting these issues for you to discover and exploit.
lab: https://github.com/OWASP/crAPI
Challenge 1 — Access details of another user’s vehicleTo solve the challenge, you need to leak sensitive information about another user’s vehicle.
Since vehicle IDs are not sequential numbers, but GUIDs, you need to find a way to expose the vehicle ID of another user.
Find an API endpoint that receives a vehicle ID and returns information about it.
Step 1
Login user Account
Step 2
After login user account ade vehicles
Step 3
Click Contact Machanic
Send service Request
Step 4
Capture the request of mechanic_report
Step 5
Send to intruder > select payload position
Set payload>Numbers >Start Attack
Start Attack
Get all information about vehicles or other user
#crAPI #Apihacking
--
--
Written by Aditya Chauhan323 Followers
·252 Following
ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams