Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

王林
Release: 2019-12-18 11:58:46
forward
3608 people have browsed it

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

The Writeup shared today is a dynamic password OTP (One Time Password) for the target system that the author is participating in vulnerability testing, and is implemented by using a simple brute force enumeration method. Bypassing or cracking the target system's two-factor authentication mechanism 2FA (Two-Factor Authentication). The target system is the website of India's largest travel service company, which uses dynamic password OTP as a means of implementing two-factor authentication 2FA.

Generally speaking, OTP is a 4-digit combination from 0000 to 9999. If OTP has 10,000 possible combinations, in today's powerful computer era, it only takes a few minutes to process 10,000 combinations. time. So, if the OTP's verification mechanism is improper, anyone can bypass it through simple brute force enumeration.

Why can I bypass 2FA?

The target system does not rate limit unsuccessful request attempts.

The target system has no new dynamic password measures for unsuccessful request attempts.

Prerequisite preparation:

Web browser, BurpSuite.

The recurrence process of bypassing 2FA

The recurrence process of bypassing 2FA

1. Open BurpSuite and log in to the target system website using your mobile phone number , here, deliberately enter the wrong dynamic OTP sent by the system to your mobile phone (here we enter 1234 casually), and then use BurpSuite to capture the traffic;

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

We can see from BurpSuite Relevant information to the OTP API – verifyOTP?otp=:

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

2. Right-click the OTP sending process and Send to intruder:

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

3. Select the otp=1234 placeholder and set it to simple violent enumeration variable mode:

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

4. Select the Payload tag item, Modify it to any combination, and then click attack:

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

5. The attack begins. From the enumeration response result, we can see an abnormal response with a length of 2250. As expected, this is it:

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

6. Use this OTP to log in, It can be successful and effective!

Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

Related tutorial recommendations:web server security

The above is the detailed content of Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system. For more information, please follow other related articles on the PHP Chinese website!

source:freebuf.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!