webPromedium

VaultLedger

hackadvisor

Task: banking platform with OTP-based password reset, rate-limited to 5 attempts per IP. Solution: bypass rate limit by spoofing X-Forwarded-For header with unique IPs per request, brute-force 4-digit OTP, reset admin password, access flag in admin notes.

authentication_bypass x_forwarded_for ip_spoofing nginx password_reset rate_limiting 2fa_bypass express_js otp_bruteforce

admin_account_takeoverpassword_reset_abuserate_limit_bypassx_forwarded_for_ip_spoofingotp_brute_force

$ ls tags/ techniques/

authentication_bypass x_forwarded_for ip_spoofing nginx password_reset rate_limiting 2fa_bypass express_js otp_bruteforce

admin_account_takeoverpassword_reset_abuserate_limit_bypassx_forwarded_for_ip_spoofingotp_brute_force

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups