BOOK THIS SPACE FOR AD
ARTICLE ADThis lab’s two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s account page. You also have access to the email server to receive your 2FA verification code | Karthikeyan Nagaraj
This lab’s two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s account page.
Your credentials: wiener:peterVictim’s username: carlosYou also have access to the email server to receive your 2FA verification code.
Capture the Login Request with the Credentials wiener:peter and send it to the repeaterSend the request and observe the response.Now send the same request, but change the value of verify to carlosNow go to the browser, type any 4-digit number for the MFA code, and capture the requestSend it to Intruder, set the Attack type as sniper attack, change the value of verify to carlosAdd the mfa-code as payload positionNavigate to the Payloads tab, set the payload list as NumberSet the From value as 0 and To value as 1000 (If not working use 9999), step value as 1Set min integer digits to 4 and max integer digits to 4 and start the attack.You’ll now able to see a 302 response, right click and click Open response in the BrowserCopy and Paste the link into the browserClick My-Account to solve the LabYouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng