Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page
  1. Dictionary Based Brute Force Attacks

Logical Bruteforcing

PreviousDictionary Based BruteforcingNextPII Leakage Variant

Last updated 1 year ago

Open burpsuite

Start monitoring requests

Enter mobile number of victim

Enter random OTP once and click login

Find the request with the OTP and Mobile number going to checkOTP.php

Send it to Burp Intruder

Remove all $$ and add them to OTP POST parameter value using add button

OTP=$586$

Choose attack type sniper

Goto payloads and in Payload Sets, Click on Dropdown next to Payload Type. Choose Numbers

In payload options -> Form -> Put 100

And in To -> Put 999

In Step -> Put 1

Go to intruder options and scroll down to Grep Match

Click on the “Flag….” checkbox

Add the keyword “userdetails.php”

Make sure to uncheck “Exclude HTTP headers”

Start the attack

The responses with the keyword welcome in the response will be flagged

Check the flagged request OTP and use that OTP to login

Logical Bruteforcing

Step 1: Go to the hacking challenge (The URL will be different for each user). http://13.126.231.126/Brute-Forcing/Logical-Bruteforcing-Variant-3/

Step 2: Click on the dropdown arrow and choose any coupon.

Step 3: Now open Burp Suite and turn on the intercept.

Step 4: In the browser click on the ‘Submit’ button and intercept the request.

Step 5: Now send this request to Intruder(ctrl+i) and turn off the intercept.

Step 6: Go to the ‘Positions’ tab under intruder and clear all selected values by clicking on the ‘Clear All’ button.

Step 7: Now from the coupon=VOUCHER-a3f select the ‘3f’ part, and click on Add§ button It would look like this: coupon=VOUCHER-a§3f§

Step 8: Choose ‘Attack Type’ as ‘Sniper’.

Step 9: Now click on ‘Payloads’ tab. Choose payload set 1 Set payload type: Bruteforcer Set character set: abcdefghijklmnopqrstuvwxyz0123456789 Set max and min length to 2.

Step 10: Click on the ‘Start Attack’ button.

Step 11: Now sort the ‘Length’ tab in the new attack window created as ‘Intruder Attack’. You will be able to identify a few different length responses suggesting some coupons worked.

Step 12: The ones with different response length will have the correct coupon code so click on them and look at the request generated. From the HTTP request, copy the COUPON=[this].

Step 13: Use this coupon to apply the discount and you will get more discount than usual.