Journal
Today I am going to be taking a step back and focusing on Authentication by going back through the TCM’s and Portswigger’s training and filling out the Authentication section of my digital garden.
Need to complete the first three labs on Portswigger
Labs
- Vulnerabilities in password-based logging
- Vulnerabilities in multi-factor authentication
- Vulnerabilities in other authentication mechanisms
If I can get those three labs done I would consider it a productive day in learning.
Raw Notes
- Vulnerabilities in password-based logging
- LISTEN
- Check a log in manually first instead of doing a cluster bomb. Case is this scenario:
- Seeing that we have an Invalid username tells us that we can snipe a Username instead of doing a cluster bomb of 10,000+ combos. Find the username first then hit it against all passwords.
- LISTEN