@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frame
Dont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
So with the missing missing parameter error, is there a smarter way to figure out the parameter other than brute force? I’ve made a wordlist of everything I can think of relating to t**p and fuzzed it with several parameters at the same time, but I haven’t got anything.
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frame
Dont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frame
Dont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
Seriously, what am I missing for initial. I have stepped away to regroup and read more. Not giving up, but I am obviously missing or overthinking something. Can someone point me to something. Thank you.
How to start pwning root binary? Usually i find bof, but for this bin i did not found anything like that. I am trying to find any leak or place where i can write input, but i just dont see any weak spot.
Can someone send article explaining how to find weak spot in this bin? I dont know what to google.
How to start pwning root binary? Usually i find bof, but for this bin i did not found anything like that. I am trying to find any leak or place where i can write input, but i just dont see any weak spot.
Can someone send article explaining how to find weak spot in this bin? I dont know what to google.
I’m stuck on the binary as well, can’t get pwndbg show me the thing I want to exploit. If somebody reads this and know about gdb/pwndbg/pwntools please DM me…
So, think I’m on the right track with the service. Making a request, but now getting Call to undefined function? I’m literally following the example in the documentation? So what am i doing wrong if we don’t need more than that?
EDIT: Figured it out was not sending the right variable, but again… I was following the Documentation example to the letter… so little puzzled by this one
So, think I’m on the right track with the service. Making a request, but now getting Call to undefined function? I’m literally following the example in the documentation? So what am i doing wrong if we don’t need more than that?
EDIT: Figured it out was not sending the right variable, but again… I was following the Documentation example to the letter… so little puzzled by this one
I was with you on that one, they referred to the element inside the definition in the example.
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frame
Dont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
So you need an “action” and some parameters? I really don’t understand how to validate the format of the request is correct. Seems I can supply any value for action. What’s the best way to approach this, other than being psychic?
@vrls said:
2FA is pretty obscure now… I will assume that since there is no limit, it is possible to run a brute-force… although it has a time frame
Dont bruteforce the 2fa.
If the 2FA mechanism is properly implemented it wouldn’t be possible, however, im getting a “constant” page on 2FA which made me believe the validity of tokens wasnt properly configured.
EDIT: nvm I just reached /a**/***p right now, not sure if this is the correct approach tho
reached the same location too, but stuck with getting ‘invalid action’ or server errors… is this a rabbit hole?
EDIT: 'doh! finding the missing param was so obvious that I ignored trying it early on. Goes to show that you should enumerate all possibilities and not assume anything (;
So you need an “action” and some parameters? I really don’t understand how to validate the format of the request is correct. Seems I can supply any value for action. What’s the best way to approach this, other than being psychic?
SAME ISSUE HERE. I fuzzed like 8K of words, plus all the ones like backup, SMS, OTP, TOTP, blah blah blah. I know I will feel stupid once I get past it, but I have searched on actions for TOTP to no avail.