Classic Authentication Attacks

here, We're talking about brute-force attacks, password spraying, and messing with password resets.

1. Password Brute-Force Attacks

What It Is: Basically, you're trying a bunch of username/password combos to get into an API.
How It Works: You send requests with different credentials, usually in JSON format. Don't forget to base64 encode them for authentication!
Tools You Can Use: Check out Burp Suite’s Intruder or Wfuzz for this.

Example with Wfuzz:

wfuzz -d '{"email":"a@email.com","password":"FUZZ"}' -H 'Content-Type: application/json' -z file,/path/to/rockyou.txt -u http://target/api/auth/login --hc 405

Key Commands:
- -d: This is where you put the data you're sending.
- -H: Add any headers you need (like Content-Type).
- --hc: Use this to hide certain response codes to keep things tidy.

2. Password Spraying

What It Is: Instead of trying lots of passwords on one account, you use a few common passwords across many accounts. This way, you dodge account lockouts.
How to Do It: Grab a short list of likely passwords (think "Password1!", "QWER!@#$") and combine them with a list of usernames you've gathered from earlier recon.
Example: If you've got a JSON response with emails, you can use grep to pull those out:
```
grep -oe "[a-zA-Z0-9._]\+@[a-zA-Z]\+.[a-zA-Z]\+" response.json
```

3. Analyzing Your Results

Success Signs: Keep an eye out for HTTP status codes in the 200s or 300s and any response lengths that stand out from your failed attempts.

4. Base64 Encoding

Quick Note: If the API uses base64 encoding, make sure your credentials are encoded properly when you send them.

tools and wordlist :

Wordlist: rockyou.txt. It's often available on Kali Linux and can be unzipped using gzip -d /usr/share/wordlists/rockyou.txt.gz.
Mentalist App: (https://github.com/sc0tfree/mentalist)
Common User Passwords Profiler (CUPP): (https://github.com/Mebus/cupp)

Password Attacks

PreviousAPI Authentication Attacks NextAPI Token Attacks

Last updated 1 month ago