Загрузка...

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version

In this video, we cover Lab #4 in the Authentication module of the Web Security Academy. This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernames: https://portswigger.net/web-security/authentication/auth-lab-usernames
Candidate passwords: https://portswigger.net/web-security/authentication/auth-lab-passwords

To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-04/notes.txt
Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-subtly-different-responses
Rana's Twitter account: https://twitter.com/rana__khalil

Видео Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version канала Rana Khalil
security web security owasp open web application security project portswigger web security academy python offensive security bug bounty scripting burp burp suite oswe offensive security web expert black-box penetration testing white box pentesting peneration testing pentesting broken authentication authentication authentication vulnerabilities
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
29 июля 2023 г. 22:45:00
00:08:46
Rana Khalil
Теги
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short VersionAuthentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long VersionBusiness Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long Version

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short VideoBusiness Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video

Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short VideoBusiness Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short Video

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short VersionBusiness Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short Version

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short VersionBusiness Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short Version

Directory Traversal - Lab #5 File path traversal, validation of start of path | Long VersionDirectory Traversal - Lab #5 File path traversal, validation of start of path | Long Version

CORS - Lab #4 CORS vulnerability with internal network pivot attack | Long VideoCORS - Lab #4 CORS vulnerability with internal network pivot attack | Long Video

Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long VersionBroken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long Version

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long VersionAuthentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

SQL Injection - Lab #13 Blind SQL injection with time delaysSQL Injection - Lab #13 Blind SQL injection with time delays

Broken Access Control - Lab #7 User ID controlled by request parameter | Long VersionBroken Access Control - Lab #7 User ID controlled by request parameter | Long Version

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long VersionBusiness Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version

Directory Traversal - Lab #4 Path traversal sequences stripped w/ URL-decode | Long VersionDirectory Traversal - Lab #4 Path traversal sequences stripped w/ URL-decode | Long Version

Authentication Vulnerabilities - Lab #13 Broken brute-force protection | Short VersionAuthentication Vulnerabilities - Lab #13 Broken brute-force protection | Short Version

Broken Access Control - Lab #10 User ID controlled by param with password disclosure | Long VersionBroken Access Control - Lab #10 User ID controlled by param with password disclosure | Long Version

CSRF - Lab #7 CSRF where Referer validation depends on header being present | Short VersionCSRF - Lab #7 CSRF where Referer validation depends on header being present | Short Version

Business Logic Vulnerabilities - Lab #8 Insufficient workflow validation | Long VersionBusiness Logic Vulnerabilities - Lab #8 Insufficient workflow validation | Long Version

Broken Access Control - Lab #3 User role controlled by request parameter | Long VersionBroken Access Control - Lab #3 User role controlled by request parameter | Long Version

Authentication Vulnerabilities - Lab #10 Offline password cracking | Long VersionAuthentication Vulnerabilities - Lab #10 Offline password cracking | Long Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Long VersionAuthentication Vulnerabilities - Lab #12 Password brute-force via password change | Long Version

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять