Exercise: Identification and Authentication Failures
Solutions for this exerciseBruteforce a login system
We have an application: KIS Klinik Sonnenschein. We want to bruteforce the site.
Automate login tests.
Wirte a small php (or java or python, or what you want) program to be run on your laptop. This program must send a request for login, where you can input a username and a password. You must test if the login is valid or not. You can test with the user
Wirte a small php (or java or python, or what you want) program to be run on your laptop. This program must send a request for login, where you can input a username and a password. You must test if the login is valid or not. You can test with the user
house. The password is given in Moodle.
Brute force the login
-
Modify your program to test with the list of most often used passwords Passwords. Select the list
darkweb2017-top100.txt. You will test userbie1. - Modify the previous program, such that you can loop all possible passwords with 4 letters.
Find the password for usertaub(this could last for a long time, start the next exercise while waiting for the result).
Credentials Theft
In Firefox, create a new profile. Download the
Access to www.facebook.com.
cookies.sqlite file in the Moodle. Copy this file in the profile directory that has been created for your new profile. Restart Firefox.
Access to www.facebook.com.
Related Pages
Contact
Prof. Dr. Emmanuel Benoist
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Social Networks
Follow
me
on
Linkedin, Scholar
& Research gate