Lab: 2FA Simple Bypass

-

This one was rather simple, it demonstrated the lack of verification controls some websites have for 2FA where they do not check if the user has passed the second check or not.

I begin by logging in as the target user 'carlos':

I am presented with the 2FA screen:

But I just change the URL to direct me to `/my-account` which was the account page for users:



Comments

Post a Comment

Popular posts from this blog

Malware Analysis Report: Sample SmokeScreen

-
Image
Basic Facts Components -         PASTA_MENTOR_PROMO_DEAL_agreement.docx.scr       (Initial Stage) [Program1.exe]      sha256 8d204db953fd7d637f8718f56fbecfbf93ebcc8e7402ce71d5c52b01689777a2       Program1.main.exe        (Second Stage) [Runs under InstallUtil.exe]      sha256 c7ce154d0ab5aec517829623f7b3b30a4e0ea6dc981fdf13134a8f263a062a9a   Malware Type: Injector/Info-Stealer  Windows PE | C# (stage 1) | Nim (stage 2)   --*--*--
Read more

[TryHackMe] BrainPan 1

-
Image
So I was selected in one of the teams Sheridan is sending for cybersci and that meant I gotta prepare myself for the challenge, and what better way to do it than try a hard lab (I should have started with something easier, but atleast the pain was a learning experience). This is my writeup for BrainPan 1, or as I like to call it Brain Pain.
Read more