6.4 KiB
2FA/OTP Bypass
htARTE (HackTricks AWS Red Team Expert) qa'vIn HackTricks AWS hacking!
HackTricks yIlo'be'chugh:
- HackTricks advertisement vItlhutlhlaHbe'chugh company vItlhutlhlaH SUBSCRIPTION PLANS SUBSCRIPTION PLANS ghItlhutlh.
- official PEASS & HackTricks swag ghItlhutlh.
- The PEASS Family ghItlhutlh NFTs ghItlhutlh.
- Join the 💬 Discord group ghItlhutlh telegram group ghItlhutlh follow Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks ghItlhutlh HackTricks Cloud github repos ghItlhutlh.
Enhanced Two-Factor Authentication Bypass Techniques
Direct Endpoint Access
2FA vItlhutlhlaHbe'chugh, path vItlhutlhlaHbe'chugh endpoint vItlhutlhlaH. vItlhutlhlaHbe'chugh, Referrer header vItlhutlhlaHbe'chugh 2FA verification page navigation mimic.
Token Reuse
2FA vItlhutlhlaHbe'chugh, authentication token vItlhutlhlaHbe'chugh account reutilizing vItlhutlhlaH.
Utilization of Unused Tokens
2FA vItlhutlhlaHbe'chugh, token vItlhutlhlaHbe'chugh account extraction vItlhutlhlaHbe'chugh 2FA bypass vItlhutlhlaHbe'chugh.
Exposure of Token
Token vItlhutlhlaHbe'chugh web application response vItlhutlhlaHbe'chugh investigate vItlhutlhlaHbe'chugh.
Verification Link Exploitation
email verification link sent upon account creation vItlhutlhlaHbe'chugh profile access without 2FA vItlhutlhlaHbe'chugh, post vItlhutlhlaHbe'chugh.
Session Manipulation
user's account vItlhutlhlaHbe'chugh victim's account vItlhutlhlaHbe'chugh session vItlhutlhlaHbe'chugh initiate vItlhutlhlaHbe'chugh, user's account 2FA vItlhutlhlaHbe'chugh complete vItlhutlhlaHbe'chugh, victim's account flow vItlhutlhlaHbe'chugh next step vItlhutlhlaHbe'chugh access vItlhutlhlaHbe'chugh, backend session management limitations vItlhutlhlaHbe'chugh exploit vItlhutlhlaHbe'chugh.
Password Reset Mechanism
password reset function vItlhutlhlaHbe'chugh investigate vItlhutlhlaHbe'chugh, user vItlhutlhlaHbe'chugh application post-reset login vItlhutlhlaHbe'chugh, multiple resets vItlhutlhlaHbe'chugh same link vItlhutlhlaHbe'chugh 2FA vItlhutlhlaHbe'chugh bypass vItlhutlhlaHbe'chugh.
OAuth Platform Compromise
user's account vItlhutlhlaHbe'chugh trusted OAuth platform (e.g., Google, Facebook) vItlhutlhlaHbe'chugh compromise vItlhutlhlaHbe'chugh, 2FA vItlhutlhlaHbe'chugh bypass vItlhutlhlaHbe'chugh.
Brute Force Attacks
Rate Limit Absence
code attempts vItlhutlhlaHbe'chugh limit vItlhutlhlaHbe'chugh brute force attacks vItlhutlhlaHbe'chugh, silent rate limiting vItlhutlhlaHbe'chugh consider vItlhutlhlaHbe'chugh.
Slow Brute Force
flow rate limits vItlhutlhlaHbe'chugh slow brute force attack vItlhutlhlaHbe'chugh viable vItlhutlhlaHbe'chugh.
Code Resend Limit Reset
code vItlhutlhlaHbe'chugh resend vItlhutlhlaHbe'chugh rate limit reset vItlhutlhlaHbe'chugh, continued brute force attempts vItlhutlhlaHbe'chugh facilitate vItlhutlhlaHbe'chugh.
Client-Side Rate Limit Circumvention
document vItlhutlhlaHbe'chugh client-side rate limiting vItlhutlhlaHbe'chugh bypass techniques vItlhutlhlaHbe'chugh detail vItlhutlhlaHbe'chugh.
Internal Actions Lack Rate Limit
rate limits vItlhutlhlaHbe'chugh login attempts vItlhutlhlaHbe'chugh internal account actions vItlhutlhlaHbe'chugh protect vItlhutlhlaHbe'chugh.
SMS Code Resend Costs
codes vItlhutlhlaHbe'chugh SMS vItlhutlhlaHbe'chugh resend vItlhutlhlaHbe'chugh, company vItlhutlhlaHbe'chugh cost vItlhutlhlaHbe'chugh, 2FA vItlhutlhlaHbe'chugh bypass vItlhutlhlaHbe'chugh.
Infinite OTP Regeneration
simple codes vItlhutlhlaHbe'chugh endless OTP generation vItlhutlhlaHbe'chugh, small set vItlhutlhlaHbe'chugh retry vItlhutlhlaHbe'chugh brute force vItlhutlhlaHbe'chugh.
Race Condition Exploitation
2FA bypass vItlhutlhlaHbe'chugh race conditions vItlhutlhlaHbe'chugh exploit vItlhutlhlaHbe'chugh.
CSRF/Clickjacking Vulnerabilities
CSRF vItlhutlhlaHbe'chugh Clickjacking vulnerabilities vItlhutlhlaHbe'chugh explore vItlhutlhlaHbe'chugh 2FA vItlhutlhlaHbe'chugh disable vItlhutlhlaHbe'chugh viable strategy vItlhutlhlaHbe'chugh.
"Remember Me" Feature Exploits
Predictable Cookie Values
"remember me" cookie value vItlhutlhlaHbe'chugh guess vItlhutlhlaHbe'chugh bypass restrictions vItlhutlhlaHbe'chugh.
IP Address Impersonation
victim's IP address vItlhutlhlaHbe'chugh impersonate vItlhutlhlaHbe'chugh X-Forwarded-For header vItlhutlhlaHbe'chugh bypass restrictions vItlhutlhlaHbe'chugh.
Utilizing Older Versions
Subdomains
subdomains vItlhutlhlaHbe'chugh test vItlhutlhlaHbe'chugh outdated versions vItlhutlhlaHbe'chugh 2FA support vItlhutlhlaHbe'chugh vulnerable 2FA implementations vItlhutlhlaHbe'chugh.
API Endpoints
/v*/ directory paths vItlhutlhlaHbe'chugh older API versions vItlhutlhlaHbe'chugh, 2FA bypass methods vItlhutlhlaHbe'chugh.
Handling of Previous Sessions
2FA activation vItlhutlhlaHbe'chugh existing sessions vItlhutlhlaHbe'chugh terminate vItlhutlhlaHbe'chugh, unauthorized access vItlhutlhlaHbe'chugh compromised sessions vItlhutlhlaHbe'chugh secure vItlhutlhlaHbe'chugh accounts vItlhutlhlaHbe'chugh.
Access Control Flaws with Backup Codes
2FA activation vItlhutlhlaHbe'chugh immediate generation vItlhutlhlaHbe'chugh potential unauthorized retrieval vItlhutlhlaHbe'chugh backup codes vItlhutlhlaHbe'chugh, CORS misconfigurations/XSS vulnerabilities vItlhutlhlaHbe'chugh risk vItlhutlhlaHbe'chugh.
Information Disclosure on 2FA Page
2FA verification page vItlhutlhlaHbe'chugh sensitive information disclosure (e.g., phone number) vItlhutlhlaHbe'chugh concern vItlhutlhlaHbe'chugh.
Password Reset Disabling 2FA
account creation v