Story
McSysAdmin managed to reset everyone’s access except Santa’s!
Santa’s expected some urgent travel itinerary for his route over Christmas.
Rumour has it that Santa never followed the password security recommendations.
Can you use bruteforcing to help him access his accounts?
Learning
Objectives of the day
- Understanding authentication and where it is used
- Understanding what fuzzing is
- Understanding what Burp Suite is and how we can use it for fuzzing a login form to gain access
- Apply this knowledge to retrieve Santa’s travel itinerary
Let us understand the concepts targeted for today first!
What is authentication, and where is it Used?
Authentication is the process of verifying a user’s
identity, establishing that they are who they say they are. Authentication can
be proven using a variety of authentication means, including:
- A known set of credentials to the server and user such as a username and password
- Token authentication (these are unique pieces of encrypted text)
- Biometric authentication (fingerprints, retina data, etc.)
Authentication is often used interchangeably with
authorisation, but it is very different. Authorisation is a term for
the rules defining what an authenticated user can and cannot access.
What is Fuzzing?
Put simply, fuzzing is an automated means of testing an element of
a web application until the application gives a vulnerability or valuable
information. When we are fuzzing, we provide information as we would typically
when interacting with it, just at a much faster rate. This means that we can
use extensive lists known as wordlists to test a web application’s response to
various information.
Steps to Fuzz with Burp Suite
Let’s launch FireFox by navigating to “Applications ->
Internet-> Firefox”
avigate to the login form in the web browser
using the vulnerable IP address (http://MACHINE_IP) (note that the IP address
in the screenshots is only an example, you will need to replace this with the
MACHINE_IP)
And press “Intercept On” in “Proxy -> Intercept”
Now we
will need to return to our Firefox Browser and enable the
FoxyProxy extension in Firefox. You can do this by pressing the
“FoxyProxy” extension and pressing “Burp”
Submit some dummy data on the login form
Let’s launch Burp Suite by navigating to “Applications -> Other ->
Burp Suite”
Navigate to the “Proxy” tab
We will need to return to Burp Suite, where we will see some data has
now been returned to us. Right-click the window containing the data and press
“Send to Intruder”
Navigate to the “Intruder” tab
10.1. Click the
“Positions” tab and clear the pre-selected positions by pressing “Clear $”
10.2.
Add the value of the “username” parameter as the first position, sometimes we
will already know the username, other times we will not. We can tell Burp to
use a wordlist of usernames for this position as well. However, as the
username is already known (i.e. cmnatic), we are just brute-forcing the
password. (this can be done by highlighting the password parameter and
clicking “Add $”)
10.3. Add the “password” value as the position
(i.e. password123) (this can be done by highlighting the value in the password
parameter and clicking “Add $”)
10.4. Select “Cluster Bomb” in the Attack type in the dropdown
menu.
10.5. We will now need to provide some values for Burp Suite
to fuzz the login form with passwords. We can provide a list manually, or we
can provide a wordlist. I will be providing a wordlist.
11. Now after selecting our wordlist, we can see that some
passwords have filled the “Payload Options” window
12. Now let’s
press the “Start Attack” button, this will begin fuzzing the login form. Look
at the results and sort by “Length”. Unsuccessful passwords will return a
certain length, and successful passwords will return another length.
Now that we understand how to use Burp Suite, we can create our own attacks
and complete the challenge!
Q1. What valid password can you use to access the “santa” account?
Follow the steps mentioned above and create your own attack.
If
you read the challenge properly, the link for the wordlist is given there
already.
Use this wordlist for your attack and select the Cluster
attack for this challenge.
Navigate to the vulnerable login form at http://10.10.205.31/ and apply the material for
today's task to login to Santa's itinerary, using the username as "santa" and the password
list located at /root/Rooms/AoC3/Day4/passwords.txt on the TryHackMe AttackBox (or download
it from here for your payload.
Answer - cookie
Q2. What is the flag in Santa’s itinerary?
Once you
have logged in from the login panel, you get the flag!!
Answer - THM{SANTA_DELIVERS}
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
0 comments:
Post a Comment
For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.