# Classic Authentication Attacks

here, We're talking about brute-force attacks, password spraying, and messing with password resets.

### 1. Password Brute-Force Attacks

* **What It Is**: Basically, you're trying a bunch of username/password combos to get into an API.
* **How It Works**: You send requests with different credentials, usually in JSON format. Don't forget to base64 encode them for authentication!
* **Tools You Can Use**: Check out Burp Suite’s Intruder or Wfuzz for this.
* **Example with Wfuzz**:

  ```bash
  wfuzz -d '{"email":"a@email.com","password":"FUZZ"}' -H 'Content-Type: application/json' -z file,/path/to/rockyou.txt -u http://target/api/auth/login --hc 405
  ```
* **Key Commands**:
  * `-d`: This is where you put the data you're sending.
  * `-H`: Add any headers you need (like Content-Type).
  * `--hc`: Use this to hide certain response codes to keep things tidy.

### 2. Password Spraying

* **What It Is**: Instead of trying lots of passwords on one account, you use a few common passwords across many accounts. This way, you dodge account lockouts.
* **How to Do It**: Grab a short list of likely passwords (think "Password1!", "QWER!@#$") and combine them with a list of usernames you've gathered from earlier recon.
* **Example**: If you've got a JSON response with emails, you can use grep to pull those out:

  ```bash
  grep -oe "[a-zA-Z0-9._]\+@[a-zA-Z]\+.[a-zA-Z]\+" response.json
  ```

### 3. Analyzing Your Results

* **Success Signs**: Keep an eye out for HTTP status codes in the 200s or 300s and any response lengths that stand out from your failed attempts.

### 4. Base64 Encoding

* **Quick Note**: If the API uses base64 encoding, make sure your credentials are encoded properly when you send them.

#### **tools and wordlist :**

* **Wordlist:**  `rockyou.txt`. It's often available on Kali Linux and can be unzipped using `gzip -d /usr/share/wordlists/rockyou.txt.gz`.
* **Mentalist App:** (<https://github.com/sc0tfree/mentalist>)
* **Common User Passwords Profiler (CUPP):** (<https://github.com/Mebus/cupp>)

{% content-ref url="/pages/MGfpgRxzQsWcwBIVA5oJ" %}
[Password Attacks](/security-notes/notes/active-directory-pentesting/password-attacks.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ahmed-tarek.gitbook.io/security-notes/notes/api-pen/api-authentication-attacks/classic-authentication-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.