[Brute-force] Lab 2: 2FA simple bypass
[Brute-force] Lab 2: 2FA simple bypass
This lab is apart of my journey on to the burp suite certified practitioner. And is on the server side vulnerabilities from Port Swigger.
so first lets go ahead and vist the site:
looks like a blog again. Lets login with the provided credentials.
after we login we can see that we have a pop up for a 4 digit 2fa code, and a button for email client when hitting the email client button we are redirected to some type of email account/client with the 4 digit code.
So what im going to do now is retry the login process but with use of the proxy to see what exactly is going on.
notice when i send in a POST request to ‘/loginʼ immediately after i get a get request to /login2
but look at this request, they are few things that caught my eye…
the Refere header: this is from the previous page we were at so /login
the GET request to /login2 can be changed with the proxy intercepting the request which means i donʼt need to go to the /login2 site.
IMPORTANT My Session cookie changes, this is a clear indicator to be that i have now be authenticated already so im now in a “logged-in stateˮ
so my thing is if i change the path of the get request from /login2 to just / which will give me the index page of the site i should be logged in as wiener.
yep it worked now time to do same thing with carlos account…
Since i explain my thinking i will only provide screen shots for carlos and the process.
Carlos
step 1 Login with provided username and password
Can also be solved with IDOR
