All Rooms
Authentication Bypass
easy30 mintryhackme
Learn four methods of bypassing website authentication: username enumeration via error message differences, brute-forcing credentials with ffuf, exploiting a logic flaw in password reset to hijack another user's account, and cookie tampering to escalate privileges. All attacks target the Acme IT Support website and demonstrate real-world authentication weaknesses.
Skills You Will Learn
username-enumerationbrute-forcelogic-flawcookie-tamperingffufbase64md5
Prerequisites
- thm-contentdiscovery
- content-discovery
- ffuf
Walkthrough Phases
1
Username Enumeration
Build a list of valid usernames using error message differences
2
Brute Force Attack
Find valid credentials using the enumerated usernames
3
Logic Flaw Exploitation
Hijack a password reset to take over Robert's account
4
Cookie Tampering
Manipulate cookies to escalate privileges
10 questions to answer
alienrecon start thm-authenticationbypassDon't have AlienRecon? Get started here