.png)
4 years ago
201 BOOK THIS SPACE FOR AD
ARTICLE AD
In the sign-up form we enter username, email, password and solve the captcha function, what’s wrong is 2 major problems:
1- captcha was only 3 chars and only alphabet no numbers no special chars
2- once user sign-up and before confirming email with the link, a user gets registered in the DB forever
so what I did is that, with crunch I calculated all possible permutations with 3 alphabet chars it equals nearly 17500 Possibilities with crunch and send it to intruder .
what if we tried to register with all possible username we just have about 17500 Possibilities to bypass the captcha and hence we can block any next user from registering with the site “user name already exist”.
Steps:
1- go to the sign-up page, enter dummy data and send the request to burp intruder tab
2- with crunch generate with minimum and maximum of 3 chars and all alphabet chars
3- specify captcha parameter in the intruder and paste crunch output to the payloads section
4- hit “start attack” and watch the server’s response length
once it changed, we hit the right captcha and username created successfully….
and that’s it
thank you for reading! hope you enjoyed it…
you can find me on twitter @0xMohamed_Ayad
also, Linkedin @0xmh3yad
Bengali (Bangladesh) · 
English (United States) ·