How I By-pass the login page and 2FA authentication…..

Hello everyone !

This is my first writeup. So please don’t mind if I was not able to explain it properly.

In this write up I will share 2 attacks.

  1. Login page By - pass.
  2. 2Fa Authentication By-pass.

Let’s Start……

I can’t disclose the program name so let’s consider.

www.test.com/home

  1. So what I see is there was a login page and Sign-up option. So I created 2 tested account.
  2. Now the website won’t allow me login into it till I confirm my email address, so I need to confirm my email address so I did.
  3. Now after confirming my email address the Website redirect me to the 2FA authentication. Well 2FA authentication was Also mandatory to login into.
  4. First I thought this website is really protected and I won’t be able to find any vulnerability,but I was like let’s try it and i hit my burp so I can see that how login authentication actually works. So I captured the request. And in request I saw that the token is generated with my password and when I check the response the same token is being validated with login credentials true and status code 200.
  5. So what I did is I try to login with my 2nd account and again I check the request/response. What I see is the same token is being generated again and against and is used to validate your credentials.

Note : So i get to know that there is same token generated everytime. So I copy the request and response in my notepad for true credentials.

6. Now what I did is I enter the wrong password and capture the request again I see the same token with my wrong password. But unfortunately in response it was invalid credentials status code: 400,here I was not disappointed what I did is I just paste the response of my true credentials of first account and I forward the request.

But very next moment I saw the 2Fa page I was like my vulnerability will not be considered because there is 2FA enabled on it and it’s mandatory to enable while creating your account.

7. Now again I try to capture the request in my burp and saw the response and I again I see the token is being generated when OTP is send to the user mobile number, Again I captured the request in my burp with correct OTP and check the response there was the same token with status code :200. Successfully login.

BINGO. I was successfully login into it .

11. What I noticed is web browser is actually taking some time to get me login into it.

So this way I was able to by pass the login page and 2Fa just doing response manipulation.

That’s all for today guys. Thank you for reading.

If you really are Hacker! then just give it a try