Try to reset the password for admin.

Solution

• Send yourself and email thorugh WebWolf (http://localhost:9090/WebWolf).

• The link you receive should have the following format: http://localhost:8080/WebGoat/challenge/7/reset-password/867ef18bf000c0195c83161caf758c19

• What we need to find is the Hash Value. We can examine the source code. It is better to download the zip source code: https://github.com/WebGoat/WebGoat/releases

• You will see that there is a static admin password link:

• Now, go into the solutions constante page: https://github.com/WebGoat/WebGoat/blob/eed0feed061293e3c3f9d21ff672b68b55fc5e5d/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java

• Compose the link according to the above information:

Replace with the hash value: