![]() We took that value and decoded it from base64 decoder by using Burp Suite Decoder.Īfter decoding, we get a value =ljN5YTO. Now we can see a link there: image.php has a code parameter holding a value which looks like a Base64 encrypted. Just right click on the CAPTCHA image and select the Inspect element. We can see the three parameters in this authentication page: Login, Password and CAPTCHA. Again we move on to the login page to find something juicy. ![]() But nothing worked.īut we noticed the error message “Identifier not found” this is a good indicator that we are dealing with numbers rather than a username that could be lower and upper-case alphanumeric, reducing our scope of required characters, making it easier to brute-force. We guessed here for default credentials such as admin, ibank, bob, etc. Now the for recovering password, we need the login name. The recovery page leads to the forgot password functionality. So we crawled the application’s URL by using Burp Suite Spider.Īs we can see in the above figure, we found only two links: the login page and the recovery page. The first thing we do is search for internal files which could reveal some information about the application. We don’t have any credentials, so we have to hack. Here we can see the login page for the bank which requires a name and password.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |