Approaching Login Pages and Authentication Mechanisms
1. Weak Credentials
- Try default credentials like "admin:admin", "admin:unknown"
- Google for default credentials.
- Ask ChatGPT for defaults.
- Brute force using burp intruder and check for "200 status code".
2. Username Enumeration Through error message
- The "username is invalid" error message can indicate whether a username exists in the database.
ffuf -request r.txt —fr "Username is invalid" -w ~/Downloads/wordlists/usgrnames.txt
- When brute-forcing, relying on error messages, codes, or response lengths can be confusing, as valid and invalid responses may look similar. Use FFUF to filter out invalid responses and return only valid usernames.
- Username Enumeration through Forget Password :
3. Username Enumeration through Forget Password
- If you find a username, use the same method to brute-force passwords by analyzing response codes and lengths. Some reset password pages may lack request limits, allowing unrestricted attempts.
4. Enumerate to find Hidden Sign-up or login pages
- For login pages like
example.com/user_login/
, try fuzzing similar names likeuser_signup
oruser_register
. - This may also reveal hidden admin panels with default credentials like
admin:admin
.
- Check the site's JavaScript files as they might reveal hidden pages or endpoints or even API endpoints.
Tip: Use
curl -ik https://example.com/register/
in the terminal to quickly view the full response, including headers, without needing Burp Suite. Hacking with Curl4. Brute Force OTP
5) Look for leaked password reset Tokens
Look for leaked password reset tokens by fuzzing all possible paths, which may lead you to discover a reset token in response.
6) Forced Password Reset
While sending a password reset request (e.g.,
username:john
), intercept the traffic, and try adding extra fields likeusername:john&email:groot@gmail.com
. If that doesn't work, you can try modifying the request further, such asusername:john&email:realemail@gmail.com&email:groot@gmail.com.
This might trigger the reset request to be sent to the email(groot@gmail.com) you provided, potentially granting access to the reset token.
Example:
Comments
Post a Comment