authentication bypass checklist !!
https://medium.com/@reachaxis/how-i-took-over-100-000-user-account-without-knowing-their-password-part-one-7d965ae9e47a ---> https://hackerone.com/reports/1709881
1> make two accounts , compare both !! --> https://hackerone.com/reports/1709881
2>Username enumeration via different responses
1> bruteforce username with a nice username worldlist and keep password as normal 123
then see for abnormal changes in length (it might be like incorrect password , that means we got
the username ,
2> put username we got as a different response and then put password on selected and start
bruteforcing the password field , boom , we might get different response here (302) and good
to go !!
3> 2FA simple bypass
two accounts
1> wiener:peter-->attackercreds
Victim's credentials carlos:montoya
2> just go through the requests of attacker and try to see the url for 2fa login , next time
i login with the victims account i will drop that url and than gain acess !!
4> again make two accounts
go to forgot password reset password (capture the reset pass req ) and try to replace victims
name for reset !!
5> when enumerating for different response from intruder , try to use grep match , or simple find it
and for password 302 is enough !
6> bypass the rate limit using the time line method ((using X-Forwarded-For ))
7> https://hackerone.com/reports/3329361 , login anf bypass 2fa , 1> click on the send code and then keep turn on the intercept and forward to the intruder (dont tun off the intercept or dont forward anything ) , just starting the intruder attack on otp from xxx100 to xxxx200 so i will put the otp such range such that my true otp is between and near !! --> vedio poc also present there !!
8> edit response and change the status to 200 and message as sucess and sucess true
9> changing post bosy params to victims email acc !! and value:false to value:true
10>use user/12345 on login fourms !! at file manager systems or anything -->https://hackerone.com/reports/1747146 ,
11>
Last updated
Was this helpful?