Skip to main content

Approaching Login Pages and Authentication Mechanisms

Buy Me A Coffee


 1. Weak Credentials

  • Try default credentials like "admin:admin", "admin:unknown"
  • Google for default credentials.
  • Ask ChatGPT for defaults.
  • Brute force using burp intruder and check for "200 status code".
2. Username Enumeration Through error message

  • The "username is invalid" error message can indicate whether a username exists in the database.
  • ffuf -request r.txt —fr "Username is invalid" -w ~/Downloads/wordlists/usgrnames.txt
  • When brute-forcing, relying on error messages, codes, or response lengths can be confusing, as valid and invalid responses may look similar. Use FFUF to filter out invalid responses and return only valid usernames.
  • Username Enumeration through Forget Password :

3. Username Enumeration through Forget Password

  • If you find a username, use the same method to brute-force passwords by analyzing response codes and lengths. Some reset password pages may lack request limits, allowing unrestricted attempts.
4. Enumerate to find Hidden Sign-up or login pages
  • For login pages like example.com/user_login/, try fuzzing similar names like user_signup or user_register
  • This may also reveal hidden admin panels with default credentials like admin:admin.
  • Check the site's JavaScript files as they might reveal hidden pages or endpoints or even API endpoints.
Tip: Use curl -ik https://example.com/register/ in the terminal to quickly view the full response, including headers, without needing Burp Suite. Hacking with Curl

4. Brute Force OTP

  • For numeric OTP brute-forcing, set the payload type to Numbers and define your desired range, such as from 000000 to 999999. Then apply the correct payload positions to the OTP field in the request.

5) Look for leaked password reset Tokens

  • Look for leaked password reset tokens by fuzzing all possible paths, which may lead you to discover a reset token in response.

6) Forced Password Reset

  • While sending a password reset request (e.g., username:john), intercept the traffic, and try adding extra fields like username:john&email:groot@gmail.com. If that doesn't work, you can try modifying the request further, such as username:john&email:realemail@gmail.com&email:groot@gmail.com. This might trigger the reset request to be sent to the email(groot@gmail.com) you provided, potentially granting access to the reset token.

Example: 

CVE-2023-7028 | Account-Take-Over Gitlab

Buy Me A Coffee

Comments

Post a Comment

Popular posts from this blog

Bug Boundy Methodology, Tools & Resources

Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing authentication on your target. Then, consider how you can achieve this goal using various attack vectors like XSS, SSRF, or others - these are simply tools to help you reach your objective. Use the target as how a normal user would, while browsing keep these questions in mind: 1)How does the app pass data? 2)How/where does the app talk about users? 3)Does the app have multi-tenancy or user levels? 4)Does the app have a unique threat model? 5)Has there been past security research & vulnerabilities? 6)How does the app handle XSS, CSRF, and code injection?
Post a Comment
Read more

Install & set up mitmweb or mitmproxy in Linux

Step 1: Go to the mitmproxy page and download the binaries. Step 2: Install the downloaded tar file with the command " tar -xzf <filename>.tar.gz " Step 3: In the FoxyProxy add the proxy 127.0.0.1:8080  and turn it on. Step 4 : In the terminal run command " ./mitmweb " Step 5: Go to the page  http://mitm.it/   and download the mitmproxy's Certificate. Step 6: If you downloaded the certificate for Firefox, then go to " settings -> Privacy & Security -> Click View Certificates -> Click  Import ", then import the certificate.  Step 7: Now you are ready to capture the web traffic. Step 8 : In terminal run " ./mitmweb"
Post a Comment
Read more

pip error in Kali Linux: error: externally-managed-environment : SOLVED

 error: externally-managed-environment × This environment is externally managed ╰─> To install Python packages system-wide, try apt install     python3-xyz, where xyz is the package you are trying to     install.     If you wish to install a non-Kali-packaged Python package,     create a virtual environment using python3 -m venv path/to/venv.     Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make     sure you have pypy3-venv installed.     If you wish to install a non-Kali-packaged Python application,     it may be easiest to use pipx install xyz, which will manage a     virtual environment for you. Make sure you have pipx installed.     For more information, refer to the following:     * https://www.kali.org/docs/general-use/python3-external-packages/     * /usr/share/doc/python3.12/README.venv note: If you believe this is a mistake, please contac...
Post a Comment
Read more