mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
9.6 KiB
9.6 KiB
Reset/Forgotten Password Bypass
htARTE (HackTricks AWS Red Team Expert) qa'wI'pu' (HackTricks AWS Red Team Expert)!
HackTricks vItlhutlh:
- HackTricks vItlhutlh tlhIngan Hol vItlhutlh 'ej HackTricks vItlhutlh PDF vItlhutlh SUBSCRIPTION PLANS chaw'.
- PEASS & HackTricks swag vItlhutlh tlhIngan Hol vItlhutlh HackTricks vItlhutlh PEASS vItlhutlh NFTs vItlhutlh The PEASS Family vItlhutlh tlhIngan Hol vItlhutlh NFTs vItlhutlh.
- Discord group vItlhutlh qa'wI'pu' Discord group 'ej telegram group 'ej Twitter vItlhutlh tlhIngan Hol vItlhutlh Twitter vItlhutlh @carlospolopm.
- HackTricks vItlhutlh HackTricks Cloud vItlhutlh PRs vItlhutlh 'e' HackTricks 'ej HackTricks Cloud github repos vItlhutlh 'e' HackerOne Report 342693 vItlhutlh HackerOne Report 272379 'ej Password Reset Token Leak Article
HackenProof Discord qa'wI'pu' Discord qa'wI'pu' 'ej bug bounty hunters qa'wI'pu'!
Hacking Insights
Hacking tlhIngan Hol Hacking Hacking Hacking Hacking
Real-Time Hack News
Hacking Hacking Hacking Hacking Hacking Hacking
Latest Announcements
Hacking Hacking Hacking Hacking Hacking Hacking
qa'wI'pu' Discord 'ej qa'wI'pu' top hackers qa'wI'pu'!
Password Reset Token Leak Via Referrer
- HTTP referer header password reset token leak URL 'e' 'e'. user password reset request 'e' third-party website link click 'e'.
- Impact: Cross-Site Request Forgery (CSRF) attack potential account takeover.
- References:
Password Reset Poisoning
- Attackers Host header password reset requests manipulate reset link malicious site point.
- Patch:
$_SERVER['HTTP_HOST']'e' password reset URLs construct 'e'$_SERVER['SERVER_NAME']'e'. - Impact: reset tokens leak attackers account takeover lead.
- Mitigation Steps:
- Host header whitelist allowed domains validate.
- secure, server-side methods absolute URLs generate use.
- References:
Password Reset By Manipulating Email Parameter
- Attackers password reset request additional email parameters divert reset link manipulate.
- Mitigation Steps:
- email parameters parse validate server-side properly.
- injection attacks prevent statements prepared queries parameterized use.
- References:
Changing Email And Password of any User through API Parameters
- Attackers API requests email and password parameters modify account credentials change.
- Mitigation Steps:
- parameter validation authentication checks strict Ensure.
- suspicious activities detect respond robust logging and monitoring Implement.
- Reference:
No Rate Limiting: Email Bombing
- password reset requests rate limiting Lack email bombing lead reset emails user overwhelming.
- Mitigation Steps:
- IP address user account rate limiting Implement.
- automated abuse prevent CAPTCHA challenges Use.
- References:
Find out How Password Reset Token is Generated
- token generation method pattern Understanding tokens brute-forcing predicting lead.
- Mitigation Steps:
- token generation cryptographic methods strong Use.
- predictability prevent length randomness sufficient Ensure.
- Tools: Burp Sequencer tokens randomness analyze Use.
Guessable GUID
- GUIDs (e.g., version 1) guessable predictable GUIDs brute-force attackers valid reset tokens generate.
- Mitigation Steps:
- GUID version 4 randomness Use additional security measures implement versions other.
- Tools: guidtool GUIDs generating analyzing Use.
Response Manipulation: Replace Bad Response With Good One
- HTTP responses manipulating error messages restrictions bypass.
- Mitigation Steps:
- response integrity ensure checks server-side Implement.
- man-in-the-middle attacks prevent HTTPS channels communication secure Use.
- Reference:
Using Expired Token
- expired tokens password reset used testing.
- Mitigation Steps:
- token expiration policies strict Implement.
- token expiry server-side validate Ensure.
Brute Force Password Reset Token
- reset token brute-force attempting tools Burpsuite IP-Rotator bypass IP-based rate limits using.
- Mitigation Steps:
- account lockout mechanisms rate-limiting robust Implement.
- brute-force attacks indicative activities suspicious Monitor.
Try Using Your Token
- attacker's reset token victim's email conjunction used testing.
- Mitigation Steps:
- tokens user-specific attributes user session bound Ensure.
Session Invalidation in Logout/Password Reset
- sessions invalidated user logs out password reset user when Ensuring.
- Mitigation Steps:
- session management proper Implement.
- logout password reset upon invalidated sessions all Ensure.
Session Invalidation in Logout/Password Reset
- reset tokens expiration time tokens invalid become.
- Mitigation Steps:
- reset tokens expiration time reasonable Set **server-side
References
Join HackenProof Discord server to communicate with experienced hackers and bug bounty hunters!
Hacking Insights
Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News
Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements
Stay informed with the newest bug bounties launching and crucial platform updates
Join us on Discord and start collaborating with top hackers today!
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.