API 01

This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.

< 1 Hr.
API Badge


In this challenge, you are tasked with identifying a vulnerability that will enable you to retrieve a key stored as a secret in the admin's account. The user admin@libcurl.so has stored this key, and your objective is to find a way to access it. This exercise is based on a challenge from the Essential badge and is designed to enhance your testing skills by providing minimal information at the start.

The video walkthrough demonstrates a step-by-step process to identify and exploit an Insecure Direct Object Reference (IDOR) vulnerability. By manipulating the API endpoints, you can access secrets that you are not authorized to view. This challenge emphasizes the importance of understanding both the front-end and back-end operations of a web application, and how they can be exploited if not properly secured.

Want to learn more? Get started with PentesterLab Pro! GO PRO