WRITEUPS
  • BURPSUITE
    • BURP_SUITE : REPEATER
    • BURPSUITE : BASICS
    • SSRF ATTACK : WALKTHROUGH
  • Page
  • TRY HACK ME : Writeups
    • THM : Intro to Docker
    • THM: Researching — Tools and Commands
    • THM: OpenVPN Connection Guide
    • THM : Enumeration & Brute Force
    • TRY_HACK_ME : NMAP
    • TRY_HACK_ME : WEB APPLICATION SECURITY
    • TRYHACKME: INTRODUCTION TO CYBERSECURITY
    • HTTP: IN DETAIL
    • TRY_HACK_ME : DNS
Powered by GitBook
On this page
  • Introduction
  • Task 1: Introduction
  • Task 2: Authentication Enumeration
  • Task 3: Enumerating Users via Verbose Errors
  • Task 4: Exploiting Vulnerable Password Reset Logic
  • Task 5: Exploiting HTTP Basic Authentication
  • Task 6: OSINT
  • Task 7: Conclusion
  • Key Takeaways
  1. TRY HACK ME : Writeups

THM : Enumeration & Brute Force

Introduction

In the realm of web application security, understanding enumeration and brute force attacks is critical for identifying and mitigating vulnerabilities. This writeup documents my experience in the TryHackMe room focused on these techniques. Through hands-on tasks, I gained insights into how attackers exploit weak authentication mechanisms and the importance of implementing robust security measures.

Task 1: Introduction

In this room, we explored various aspects of enumeration and brute force attacks, gaining practical skills necessary for conducting thorough security assessments on web applications. This foundational knowledge prepares us to better secure our own applications against such threats.

Task 2: Authentication Enumeration

2.1 Which feature, if poorly implemented, can assist attackers in gathering valid usernames through its response differences?

Answer: Password reset When a password reset feature is poorly implemented, attackers can exploit its functionality to enumerate valid usernames. For instance, if the application returns different responses for valid and invalid usernames (e.g., "If this email is registered, you will receive a reset link"), it allows an attacker to confirm the existence of a username simply by observing the application's behavior.

2.2 What type of error messages can unintentionally provide attackers with confirmation of valid usernames?

Answer: Verbose errors Verbose error messages can reveal sensitive information about the application's authentication process. For example, if an application states, "Username does not exist" for an invalid username but returns a different message for a valid one, it gives attackers clear feedback on which usernames are valid.

Task 3: Enumerating Users via Verbose Errors

3.1 What is the valid email address from the list?

Answer: canderson@gmail.com During this task, we analyzed the application's responses to various username submissions. By observing the different responses for valid and invalid inputs, we were able to identify "canderson@gmail.com" as a valid email address based on the feedback provided by the application.

Task 4: Exploiting Vulnerable Password Reset Logic

4.1 What is the flag?

Answer: THM{50_pr3d1ct4BL333!!} In this section, we exploited the vulnerabilities in the password reset logic. By using the valid email we discovered, we initiated a password reset process. The response from the application included a flag that served as proof of our successful exploitation. This flag emphasizes the potential risks associated with improper handling of password reset functionalities.

Task 5: Exploiting HTTP Basic Authentication

5.1 What is the flag?

Answer: THM{b4$$1C_AuTTHHH} In this task, we focused on HTTP Basic Authentication, a common method for securing web resources. By identifying the target and using brute force techniques, we were able to extract a flag indicating successful authentication. This demonstrated how weak or predictable credentials can be compromised using straightforward brute force methods.

5.2 Try using Hydra instead of Burp to brute force the password.

Answer: No answer needed. This task encouraged the use of specialized tools like Hydra for efficient brute force attacks, showcasing the importance of tool selection in penetration testing. Hydra is known for its speed and versatility in handling various authentication methods.

Task 6: OSINT

6.1 Click me to proceed to the next task.

Answer: No answer needed. This section introduced the concept of Open Source Intelligence (OSINT), emphasizing its relevance in reconnaissance phases of security assessments. Although no specific answer was required, understanding OSINT techniques can aid in gathering information before executing attacks.

Task 7: Conclusion

7.1 I can now attack authentication forms!

Answer: No answer needed. Through the completion of this room, I feel equipped to approach authentication forms with a critical eye. The knowledge gained will help in identifying potential vulnerabilities that could be exploited by attackers.

Key Takeaways

  1. Effective Enumeration: Proper enumeration is vital for identifying potential vulnerabilities in web applications. By utilizing the right tools and techniques, we can uncover valuable information that informs further attack planning.

  2. Brute Force Efficiency: Optimizing brute force attacks is essential. This includes creating intelligent wordlists tailored to the target, managing attack parameters (like delay and retries), and evading detection mechanisms, such as rate limiting and account lockouts.

  3. Ethical Responsibility: Conducting enumeration and brute force attacks must always be done with explicit permission from the system owner. Unauthorized attacks are illegal and can lead to severe consequences, both legally and ethically.

By understanding and practicing these techniques, security professionals can better protect web applications against unauthorized access and ensure robust authentication mechanisms are in place. This room has been instrumental in reinforcing the practical applications of theory in the field of cybersecurity.

PreviousTHM: OpenVPN Connection GuideNextTRY_HACK_ME : NMAP

Last updated 5 months ago