blob: f13b4e475de4d7892c26c1e8295101f059d7b400 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
## Exploit
[https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/07-Testing_for_Weak_Password_Policy](OWASP: Testing for weak password policy)
1. Found an email in a hidden `<input>` tag in the **Recover Password** page: `webmaster@borntosec.com`
1. Got a list of common passwords to test from [https://github.com/duyet/bruteforce-database/blob/master/38650-password-sktorrent.txt](here)
1. Made a `brute_force.bash` script to brute force the login
If you're getting false positives with `brute_force.bash` use a smaller `BATCH_SIZE`.
## Fix
- 2FA
- Strong password policy
- Forbid password reuse
- Password aging
|
