diff options
Diffstat (limited to 'Brute force password guessing/notes.md')
| -rw-r--r-- | Brute force password guessing/notes.md | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/Brute force password guessing/notes.md b/Brute force password guessing/notes.md deleted file mode 100644 index a66c5dc..0000000 --- a/Brute force password guessing/notes.md +++ /dev/null @@ -1,14 +0,0 @@ -1. Found an email in a hidden `<input>` tag in the **Recover Password** page: `webmaster@borntosec.com` -1. Got a list of common passwords to test from [https://github.com/duyet/bruteforce-database/blob/master/38650-password-sktorrent.txt]() -1. Made a script to brute force the login - -If you're getting false positives with the script use a smaller `BATCH_SIZE`. - -**How to protect against this?** - -[https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy]() - -- 2FA -- Strong password policy -- Forbid password reuse -- Password aging |