As discussed in the code review section, the data-gathering phase usually consists of meetings to set the scope of the test and provide the code base and any available documentation for it. In this module, we will assume that we were given the code base in an archive without further details, which is the minimum requirement for any whitebox pentest
Let’s start by opening the project in the VSCode
As we notice we managed to get the application hierarchy and the entry point file which is app.js
Now let’s review the app.js file
As we notice the application start a express server on port 5000 and got two API rounts /api/auth /api/service
Let’s follow up the review
As we see the API routes are the most interesting information we can extract from this file.
Now let’s check the Authentication
As we see we in the auth router we managed to find an endpoint named “authenticated” falling under /api/auth and it’s calling a function named “getUserToken”
Let’s check the “getUserToken” function
As we see we managed to find that the “getUserToken” function gets an email parameter as a post request parameter that is later checked using the “validateEmail” function then the JWT token is created and check if the email contains “@hackthebox.com” in it the role will be set to “admin” else it will set to “user”
Now let’s check the “validateEmail” function
