Загрузка...

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version

In this video, we cover Lab #5 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration using its response times. To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.

- Your credentials: wiener:peter
- Candidate usernames: https://portswigger.net/web-security/authentication/auth-lab-usernames
- Candidate passwords: https://portswigger.net/web-security/authentication/auth-lab-passwords

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-05/notes.txt
Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-response-timing
Rana's Twitter account: https://twitter.com/rana__khalil

Видео Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version канала Rana Khalil
security web security owasp open web application security project portswigger web security academy python offensive security bug bounty scripting burp burp suite oswe offensive security web expert black-box penetration testing white box pentesting peneration testing pentesting broken authentication authentication authentication vulnerabilities
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
5 августа 2023 г. 22:45:00
00:13:47
Rana Khalil
Теги
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long VersionBusiness Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short VersionAuthentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short Version

Business Logic Vulnerabilities - Lab #1 Excessive trust in client-side controls | Long VersionBusiness Logic Vulnerabilities - Lab #1 Excessive trust in client-side controls | Long Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short VersionAuthentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short VersionAuthentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version

SQL Injection - Lab #7 SQL injection attack, querying the database type and version on OracleSQL Injection - Lab #7 SQL injection attack, querying the database type and version on Oracle

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long VersionBusiness Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long Version

Authentication Vulnerabilities - Lab #8 2FA broken logic | Short VersionAuthentication Vulnerabilities - Lab #8 2FA broken logic | Short Version

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short VideoBusiness Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video

Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short VideoBusiness Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Short Video

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short VersionBusiness Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Short Version

Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short VersionBusiness Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Short Version

Command Injection - Lab #3 Blind OS command injection with output redirection | Long VersionCommand Injection - Lab #3 Blind OS command injection with output redirection | Long Version

SQL Injection - Lab #15 Blind SQL injection with out-of-band interactionSQL Injection - Lab #15 Blind SQL injection with out-of-band interaction

Directory Traversal - Lab #5 File path traversal, validation of start of path | Long VersionDirectory Traversal - Lab #5 File path traversal, validation of start of path | Long Version

CORS - Lab #4 CORS vulnerability with internal network pivot attack | Long VideoCORS - Lab #4 CORS vulnerability with internal network pivot attack | Long Video

Business Logic Vulnerabilities - Lab #3 Inconsistent security controls | Long VersionBusiness Logic Vulnerabilities - Lab #3 Inconsistent security controls | Long Version

Broken Access Control - Lab #12 Multi-step process with no access control on one step | Long VersionBroken Access Control - Lab #12 Multi-step process with no access control on one step | Long Version

Broken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long VersionBroken Access Control - Lab #2 Unprotected admin functionality with unpredictable URL | Long Version

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long VersionAuthentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long VersionAuthentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long Version

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять