Skip to content

Instantly share code, notes, and snippets.

@RobAWilkinson

RobAWilkinson/readme.md

Last active August 29, 2015 14:26
Show Gist options
  • Save RobAWilkinson/f27b3b5c1398b7d02d3e to your computer and use it in GitHub Desktop.
Save RobAWilkinson/f27b3b5c1398b7d02d3e to your computer and use it in GitHub Desktop.
Download ZIP
Password discovery and enumeration
Raw
readme.md

##How to Play

Here is the app we will be attacking: http://hacksmith.herokuapp.com This app uses the standard authentication procedures we have been using in class. However, the authentication tokens were disabled, which allows users to make GET/POST requests without coming from another page in the app!

Using the techniques described in the following two recent articles, attempt to log in as an administrator:

Your strategy will be:

  1. Find a way to enumerate all usernames.
  2. For each username, find the associated email.
  3. Brute force each email against top passwords. Three user accounts are using easy passwords. One of the three is an administrator!

The potential passwords are:

  • test

  • password

  • 123456789

  • iloveyou

  • letmein

  • 111111

  • admin

  • passw0rd

  • You will know you logged in when the body HTML text does not contain the log in form!

  • You will know you have logged in as an administrator when the body HTML text contains: Congratulations -- YOU ARE ADMIN!

  • Find a list of common passwords online, and use these to attempt logging in with all emails discovered.

Check out the request docs

https://www.npmjs.com/package/request#forms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment