3 min read · Oct 27, 2023
Lab Description : This lab’s two-factor authentication is vulnerable to brute-forcing. You have already obtained a valid username and password, but do not have access to the user’s 2FA verification code. To solve the lab, brute-force the 2FA code and access Carlos’s account page.
GIVEN
Victim’s credentials: carlos:montoya
Hint Given:- You will need to use Burp macros in conjunction with Burp Intruder to solve this lab. For more information about macros, please refer to the Burp Suite documentation. Users proficient in Python might prefer to use the Turbo Intruder extension, which is available from the BApp store.
Procedure : Given 2FA authentication is vulnerable , checking working of 2FA .
In two failed attempts , I’ve been logged out
For this I’ll be using Burps session handling feature of burp ,
STEP 1 : Login using given credentials while burp running , give random digits under 2FA ,
STEP 2 : Open burp , under Project option → session handling rule → add rule → setup macro
Select these requests → POST Login , POST Login2 , Get Login
This will , Retry to login after every try or we can say it will keep me logged in .
STEP 3 → SEND POST /login2 to burp repeater , and add payload marker to 2FA parameter ,
STEP 4 → Give
Maximum concurrent request 1 , because we want to only send 1 request at a time.
STEP 5 → START the attack look for the response look for 320 status , that the one we are looking for , send this request in the browser.
You’ll login into the account ,
Click my account , to solve the lab completely .