This media is not supported in the widget
VIEW IN TELEGRAM
๐ฟ31๐ณ5๐4
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐10โค1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ6๐4โค2
๐2
๐ Google Dorking - SQL Errors
site:[TARGET] AND (intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()")
๐4
This media is not supported in the widget
VIEW IN TELEGRAM
๐ฟ17โค1๐1๐ฅ1
046b11141368df687ef66ef418b6bd91.gif
12.9 MB
Bypassing Two-Factor Authentication (2FA)
1. Flawed Two-Factor Verification Logic
- Attackers can log in with their own credentials but change the
2. Clickjacking on 2FA Disable Feature
- Try to iframe the page where 2FA can be disabled. If successful, use social engineering to trick the victim.
3. Response Manipulation
- Check the 2FA request response. If it shows "Success":false, change it to "Success":true to bypass 2FA.
1. Flawed Two-Factor Verification Logic
- Attackers can log in with their own credentials but change the
account cookie to any arbitrary username when submitting the verification code.2. Clickjacking on 2FA Disable Feature
- Try to iframe the page where 2FA can be disabled. If successful, use social engineering to trick the victim.
3. Response Manipulation
- Check the 2FA request response. If it shows "Success":false, change it to "Success":true to bypass 2FA.
๐2โค1
4. Status Code Manipulation
- If the response status code is 4XX, change it to 200 OK to bypass 2FA.
5. 2FA Code Reusability
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
6. CSRF on 2FA Disable Feature
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
7. Backup Code Abuse
- Use techniques like response/status code manipulation, brute-force, etc., to bypass backup codes and disable/reset 2FA.
8. Enabling 2FA Doesn't Expire Previous Session
- Log in to the application in two different browsers. Enable 2FA in one session. Use the other session to check if itโs still active, which could be an issue.
9. 2FA Refer Check Bypass
- Directly navigate to the page after 2FA or any authenticated page. If it doesn't work, change the refer header to the 2FA page URL.
10. 2FA Code Leakage in Response
- Capture the request when 2FA code is triggered. Check the response to see if the 2FA code is leaked.
11. JS File Analysis
- Analyze all JS files referred in the response when triggering the 2FA code request to see if any contain information to bypass 2FA.
12. Lack of Brute-Force Protection
- Request 2FA codes repeatedly. If thereโs no rate limit, itโs a rate limit issue. Try brute-forcing the 2FA code.
13. Password Reset/Email Change - 2FA Disable
- Change the victim's email or password. 2FA might be disabled, depending on the organization's policy.
14. Missing 2FA Code Integrity Validation
- Use a valid 2FA code from your account in the victim's 2FA request to see if it bypasses 2FA protection.
15. Direct Request
- Directly navigate to the page after 2FA or any authenticated page. Change the refer header as if you came from the 2FA page.
16. Reusing Token
- Try reusing a previously used token inside the account to authenticate.
17. Sharing Unused Tokens
- Check if you can get a token from your account and use it to bypass 2FA in a different account.
18. Leaked Token
- Check if a token is leaked in the response from the web application.
19. Session Permission
- Use the same session to start the flow using your account and the victim's account. Complete 2FA with your account but try accessing the next step with the victim's account.
20. Password Reset Function
- Check if the password reset function logs the user in after completion. Try reusing the link to reset the password multiple times.
21. Lack of Rate Limit
- Check if thereโs a limit on the number of codes you can try. Brute force if thereโs no limit.
22. Flow Rate Limit but No Rate Limit
- If thereโs a flow rate limit but no rate limit, you can brute force the code with enough time.
23. Re-send Code and Reset the Limit
- If24. Infinite OTP Regeneration
- If you can generate a new OTP infinitely and the OTP is simple enough (e.g., 4 numbers), you can try the same 4 or 5 tokens every time and generate OTPs until it matches.
24. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
25. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
26. IP Address
- If the "remember me" functionality is attached to your IP address, you can try to figure out the IP address of the victim and impersonate it using the X-Forwarded-For header.
27. Subdomains
- Check for "testing" subdomains with login functionality. They might not support 2FA or might have vulnerable versions of it.
28. APIs
- Look for APIs located under a
29. Previous Sessions
- When 2FA is enabled, previous sessions should be ended. If not, an attacker could hijack an active session
- If the response status code is 4XX, change it to 200 OK to bypass 2FA.
5. 2FA Code Reusability
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
6. CSRF on 2FA Disable Feature
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.
7. Backup Code Abuse
- Use techniques like response/status code manipulation, brute-force, etc., to bypass backup codes and disable/reset 2FA.
8. Enabling 2FA Doesn't Expire Previous Session
- Log in to the application in two different browsers. Enable 2FA in one session. Use the other session to check if itโs still active, which could be an issue.
9. 2FA Refer Check Bypass
- Directly navigate to the page after 2FA or any authenticated page. If it doesn't work, change the refer header to the 2FA page URL.
10. 2FA Code Leakage in Response
- Capture the request when 2FA code is triggered. Check the response to see if the 2FA code is leaked.
11. JS File Analysis
- Analyze all JS files referred in the response when triggering the 2FA code request to see if any contain information to bypass 2FA.
12. Lack of Brute-Force Protection
- Request 2FA codes repeatedly. If thereโs no rate limit, itโs a rate limit issue. Try brute-forcing the 2FA code.
13. Password Reset/Email Change - 2FA Disable
- Change the victim's email or password. 2FA might be disabled, depending on the organization's policy.
14. Missing 2FA Code Integrity Validation
- Use a valid 2FA code from your account in the victim's 2FA request to see if it bypasses 2FA protection.
15. Direct Request
- Directly navigate to the page after 2FA or any authenticated page. Change the refer header as if you came from the 2FA page.
16. Reusing Token
- Try reusing a previously used token inside the account to authenticate.
17. Sharing Unused Tokens
- Check if you can get a token from your account and use it to bypass 2FA in a different account.
18. Leaked Token
- Check if a token is leaked in the response from the web application.
19. Session Permission
- Use the same session to start the flow using your account and the victim's account. Complete 2FA with your account but try accessing the next step with the victim's account.
20. Password Reset Function
- Check if the password reset function logs the user in after completion. Try reusing the link to reset the password multiple times.
21. Lack of Rate Limit
- Check if thereโs a limit on the number of codes you can try. Brute force if thereโs no limit.
22. Flow Rate Limit but No Rate Limit
- If thereโs a flow rate limit but no rate limit, you can brute force the code with enough time.
23. Re-send Code and Reset the Limit
- If24. Infinite OTP Regeneration
- If you can generate a new OTP infinitely and the OTP is simple enough (e.g., 4 numbers), you can try the same 4 or 5 tokens every time and generate OTPs until it matches.
24. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
25. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.
26. IP Address
- If the "remember me" functionality is attached to your IP address, you can try to figure out the IP address of the victim and impersonate it using the X-Forwarded-For header.
27. Subdomains
- Check for "testing" subdomains with login functionality. They might not support 2FA or might have vulnerable versions of it.
28. APIs
- Look for APIs located under a
/v*/ directory. Older API endpoints might be vulnerable to 2FA bypass. 29. Previous Sessions
- When 2FA is enabled, previous sessions should be ended. If not, an attacker could hijack an active session
๐10โค1
before 2FA.
30. Improper Access Control to Backup Codes
- If there are CORS misconfigurations or XSS vulnerabilities, backup codes can be stolen and used to bypass 2FA if the username and password are known.
31. Information Disclosure
- If confidential information, like the phone number, appears on the 2FA page that wasn't known previously, it's an information disclosure vulnerability.
32. Bypass 2FA with null or 000000
- Sometimes, 2FA can be bypassed by using null or 000000 as the code.
33. Previously Created Sessions Continue Being Valid After MFA Activation
- Access the same account on two devices. Enable 2FA on one device. If the session on the other device is still active, it's an issue.
34. Enable 2FA Without Verifying the Email
- Check if you can add 2FA to your account without verifying your email.
35. Password Not Checked When Disabling 2FA
- Try to disable 2FA without checking the password. If it succeeds, itโs a vulnerability.
36. โemailโ MFA Mode Allows Bypassing MFA From Victimโs Device When Device Trust Is Not Expired
- Use tools like Burp Suite to intercept requests. Modify the fields to bypass 2FA using the "email" mode.
30. Improper Access Control to Backup Codes
- If there are CORS misconfigurations or XSS vulnerabilities, backup codes can be stolen and used to bypass 2FA if the username and password are known.
31. Information Disclosure
- If confidential information, like the phone number, appears on the 2FA page that wasn't known previously, it's an information disclosure vulnerability.
32. Bypass 2FA with null or 000000
- Sometimes, 2FA can be bypassed by using null or 000000 as the code.
33. Previously Created Sessions Continue Being Valid After MFA Activation
- Access the same account on two devices. Enable 2FA on one device. If the session on the other device is still active, it's an issue.
34. Enable 2FA Without Verifying the Email
- Check if you can add 2FA to your account without verifying your email.
35. Password Not Checked When Disabling 2FA
- Try to disable 2FA without checking the password. If it succeeds, itโs a vulnerability.
36. โemailโ MFA Mode Allows Bypassing MFA From Victimโs Device When Device Trust Is Not Expired
- Use tools like Burp Suite to intercept requests. Modify the fields to bypass 2FA using the "email" mode.
๐ฅ7๐3โค1๐ฟ1
A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting!
https://github.com/hahwul/WebHackersWeapons/blob/main/README.md
https://github.com/hahwul/WebHackersWeapons/blob/main/README.md
GitHub
WebHackersWeapons/README.md at main ยท hahwul/WebHackersWeapons
โ๏ธ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting - hahwul/WebHackersWeapons
โค6
โก๏ธuro - Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that.
๐github.com/s0md3v/uro
๐github.com/s0md3v/uro
1โค6
๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐
๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ?
๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot
#BugBounty #BugBountyTips
๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ?
๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot
#BugBounty #BugBountyTips
2โค26๐3
Brut Security
๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐ ๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ? ๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot #BugBounty #BugBountyTips
Click on this button, you will get the materials @brutsecurity_bot
โค2๐ฟ1
Brut Security pinned ยซ๐ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ญ๐๐ซ๐ญ๐๐ซ ๐๐๐๐ค ๐ ๐๐๐ง๐ญ ๐๐๐๐๐ฌ๐ฌ ๐ญ๐จ ๐๐ฎ๐ ๐๐จ๐ฎ๐ง๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐๐ฆ๐ฌ, ๐๐ฅ๐๐ญ๐๐จ๐ซ๐ฆ๐ฌ, ๐๐ฎ๐ข๐๐๐ฌ, ๐๐จ๐จ๐ค๐ฌ, ๐๐ง๐ ๐๐๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ฌ? ๐Do Follow+โค๏ธLike+๐Retweet+๐ฌDM "Bounty" on @brutsecurity_bot #BugBounty #BugBountyTipsยป