Hi All,
In this tutorial we will try to bypass login form of vulnerable website using Mantra Security Toolkit
What all you need
1. Mantra Security Toolkit - Download
2. A vulnerable website. I'm using a modified version of LAMPSecurity CTF6
Let's begin,
Step 1:
I'm on the home page of the website now
Step 2:
Login form of the website
Step 3:
Now we will test the input forms against SQL injection. For that we can use SQL Inject Me tool. It can be launched from Tools > SQL Inject Me > Open SQL Inject Me Sidebar
Step 4:
You can see SQL Inject Me sidebar on the right
Step 5:
I'm checking all the fields to test.
Step 6:
I clicked on "Test all forms with all attacks"
Step 7:
Test results says that none of the fields are vulnerable to SQL injection attack. So its confirmed that the website is sanitizing the input
Step 8:
Now we will try to see what type of sanitizing mechanism the website is employed. For that we will use Firebug. It can be launched by going to Tools > Firebug > Open Firebug
Step 9:
Now that firebug is open. I'm enabling Inspect mode of Firebug clicking on the inspect icon (second one) on the top left corner.
Step 10:
I clicked on the login from and Firebug highlighted respective source code. It shows that some type of local JavaScript is used to sanitize the input.
Step 11:
For bypassing it, we will use Live HTTP Headers. It can be launched either from sidebar or by going to Tools > Live HTTP Headers
Step 12:
Now you can see Live HTTP Headers. The Capture check box must be checked.
Step 13:
I went back to the login from and entered some sample values there and pressed on Log In
Step 14:
Now I again went back to Live HTTP Headers. We can clearly see that it captured the session.
Step 15:
I scrolled it up to find the username, password data field. I clicked on it and pressed on Replay button
Step 16:
I'm changing the value little bit to bypass the authentication and clicking on Replay button
Step 17:
hmmm. I got an error message. Looks like I should modify the injected code.
Step 18:
I modified the code
Step 19:
No luck
Step 18:
I changed the value again and pressed on Replay button
Step 19:
Voila. I'm successfully authenticated.
Step 20:
Now that I have got admin access
If you wish to completely root the whole server, you can go to this post and follow steps from step 24
In this tutorial we will try to bypass login form of vulnerable website using Mantra Security Toolkit
What all you need
1. Mantra Security Toolkit - Download
2. A vulnerable website. I'm using a modified version of LAMPSecurity CTF6
Let's begin,
Step 1:
I'm on the home page of the website now
http://192.168.132.128/
Step 2:
Login form of the website
http://192.168.132.128/?action=login
Step 3:
Now we will test the input forms against SQL injection. For that we can use SQL Inject Me tool. It can be launched from Tools > SQL Inject Me > Open SQL Inject Me Sidebar
Step 4:
You can see SQL Inject Me sidebar on the right
Step 5:
I'm checking all the fields to test.
Step 6:
I clicked on "Test all forms with all attacks"
Step 7:
Test results says that none of the fields are vulnerable to SQL injection attack. So its confirmed that the website is sanitizing the input
Step 8:
Now we will try to see what type of sanitizing mechanism the website is employed. For that we will use Firebug. It can be launched by going to Tools > Firebug > Open Firebug
Step 9:
Now that firebug is open. I'm enabling Inspect mode of Firebug clicking on the inspect icon (second one) on the top left corner.
Step 10:
I clicked on the login from and Firebug highlighted respective source code. It shows that some type of local JavaScript is used to sanitize the input.
Step 11:
For bypassing it, we will use Live HTTP Headers. It can be launched either from sidebar or by going to Tools > Live HTTP Headers
Step 12:
Now you can see Live HTTP Headers. The Capture check box must be checked.
Step 13:
I went back to the login from and entered some sample values there and pressed on Log In
Step 14:
Now I again went back to Live HTTP Headers. We can clearly see that it captured the session.
Step 15:
I scrolled it up to find the username, password data field. I clicked on it and pressed on Replay button
Step 16:
I'm changing the value little bit to bypass the authentication and clicking on Replay button
Step 17:
hmmm. I got an error message. Looks like I should modify the injected code.
Step 18:
I modified the code
Step 19:
No luck
Step 18:
I changed the value again and pressed on Replay button
Step 19:
Voila. I'm successfully authenticated.
Step 20:
Now that I have got admin access
If you wish to completely root the whole server, you can go to this post and follow steps from step 24
Tags
bypassing