Login Panel Authentication Attacks.
In this tutorial we are going to explore several ways to Bypass a Web Login Panel.
Login Web Brute Force Attack.
Hydra.
Hydra is a popular open-source password cracking tool that can be used to perform brute-force attacks on login credentials of various network protocols, including FTP, HTTP, SSH, Telnet, and others. It uses different attack methods, including dictionary attacks, brute-force attacks, and hybrid attacks, to guess passwords and gain unauthorized access to a system.
What do we need to perform this Attack?
Inspector.
We can obtain all the information to deploy the attack in the inspector:
- User & Password Files.
- Target Login Panel URL.
- Request Method.
Post Request Method=
http-post-form
- Request Body.
- Cookies (If needed).
- Response (Login Error Message).
Burpsuite.
We can obtain all this info checking Burpsuite.
Hydra Web Brute Force Attack.
In my case, the unmodified request looks like
username=<user>&password=<pass>. If we need need to replace “user” and “password”, we will replace them with^USER^and^PASS^. But in case we know one of them, we don’t need to add it.We have to add
H=before the cookies and we can addF=before the Loging Error Message.
1
hydra -L <userFile> -P <passwordFile> <RHOST> <requestMethod> "<URL>:<requestBody>:H=<COOKIES>:F=<ErrorResponse>"
1
hydra -l admin -P /usr/share/wordlists/rockyou.txt 172.17.0.2 http-post-form "/index.php:username=^USER^&password=^PASS^:H=Cookie: PHPSESSID=t2d0hebr4qjb42n2fc5daam94d:F=Credenciales incorrectas."
If the IP itself takes us directly to the login panel, we can simply use the “/” to specify the URL, and it would look like:
1
hydra -l admin -P /usr/share/wordlists/rockyou.txt 172.17.0.2 http-post-form "/:username=^USER^&password=^PASS^:H=Cookie: PHPSESSID=t2d0hebr4qjb42n2fc5daam94d:F=Credenciales incorrectas."