▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎

1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt

🦑Few prerequisites:

1) Web Browser

2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-

Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite

Step 02: Sending the verifyOTP API call to the intruder.

Step 03: Selecting the OTP placeholder and add it for simple brute force.

Step 04: Select the Payload tab, changed the payload type to Numbers and change the payload options as desired and clicked on the attack.

Step 05: As the brute force was in progress I could see length for one of the OTP value is changed from 617 to 2250. Lets check:

Hence, The simple brute force was successful.

🦑Cracking Otp-with pic-
> not written by undercode
> wiki source

🦑Stone River eLearning - Common PHP Errors You Will Encounter —165 MB

https://www.oreilly.com/library/view/common-php-errors/100000006A0493/

>Download<

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1)git clone https://github.com/medbenali/CyberScan.git

2)cd CyberScan/

3)python CyberScan.py -v

ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.

Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:

$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.

Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:

$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:

$ CyberScan -s 192.168..... -p udp

✅@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1)git clone https://github.com/medbenali/CyberScan.git

2)cd CyberScan/

3)python CyberScan.py -v

ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.

Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:

$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.

Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:

$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:

$ CyberScan -s 192.168..... -p udp

✅@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Damn Small XSS Scanner

Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
> As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.
> termux-linux

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/stamparm/DSXS.git

2) cd DSXS

3) python3 dsxs.py -h
Damn Small XSS Scanner (DSXS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)

🦑Usage: dsxs.py options

Options:
--version show program's version number and exit
-h, --help show this help message and exit
-u URL, --url=URL Target URL (e.g. "http://www.target.com/page.htm?id=1")
--data=DATA POST data (e.g. "query=test")
--cookie=COOKIE HTTP Cookie header value
--user-agent=UA HTTP User-Agent header value
--referer=REFERER HTTP Referer header value
--proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python3 dsxs.py -u "http://testphp.vulnweb.com/search.php?test=query" --data="s
earchFor=foobar"
Damn Small XSS Scanner (DSXS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)

scanning GET parameter 'test'
scanning POST parameter 'searchFor'
(i) POST parameter 'searchFor' appears to be XSS vulnerable (">.xss.<", outside
of tags, no filtering)

scan results: possible vulnerabilities found
$ python3 dsxs.py -u "http://public-firing-range.appspot.com/address/location.has
h/replace"
Damn Small XSS Scanner (DSXS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)

(i) page itself appears to be XSS vulnerable (DOM)
(o) ...<script>
var payload = window.location.hash.substr(1);location.replace(payload);

</script>...
(x) no usable GET/POST parameters found

scan results: possible vulnerabilities found

✅Verified by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁