Hello All While pentesting an application we might face some problem of Brute Force Protection , Login Attempt Protection And Captcha Based Protection , So today we will see how can "Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass"
First of all we will not use any kind of ready made tools for this , So lets begin !
Many people will think that this is a small issue, But if we look closely an attacker point of view then we will came to know , that By Brute Forcing any login panel can allows an attacker to gain administrative privilege instead of looking for vulnerabilities like RCE , SQL Injection and other critical vulnerability which might also allow us to take the Root or Administrator Level access.
Here i am describing many different techniques which i have observed while pentesting or hunting bugs.
1. Using Random User - Agent
Many web application track the user attempt on the bases of user agent ( Browser ) , So it might be possible to Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass By using random User Agent Strings ( Click Here For User Agent Strings )
2. Cookies Based Protection
In my recent Pentesting , i observe that whenever we send multiple login request to web application , then its actually comparing by the cookies values by web server to count our login hit , So if we remove the cookies from every request while performing brute forcing the application then we might be actually "Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass"
3. The Whole New Iframe Trick
Be frank i am still not able to know , Why this tricks work , But it is interesting for me.
Before some month i was pentesting an web application which had couple of roles like admin , write and viewer
There was a captcha on login panel which bothering me every time while logged in , So i tried to bypass that.
Dont know what happened , I just load that login page in an Iframe and SHOCK ! the captcha was not there , And then i logged in with only username and password and SHITT ! i was in.
4. Changing Referrer Value
I also found that Some web application check referrer to detect our login attempt , So We can simple change the referrer value to any external domain , which will trick the application to think that , We are a new user came from an external domain,So you might be able to "Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass"
5. Mobile Version
This is an old very known technique , Found by one of my friend.
Many web application have their mobile version site , Which may lack any kind of login attempt security ,
You can simple try to access mobile version by google , try to add m.site.com , mobile.site.com and site.com/mobile
there are many types of URL there you can try them out.
6. Using The Same Captcha
By some miss configuration , Some web application are vulnerable with this , Whenever web application ask you for captcha while login , Simple intercept the request the only change the password or username value where you want to attack and keep the captcha value as before and then attack , You will see that same captcha works for all request.
7. Time Delay Login Attack
Some web application detect the login attempt on Time Interval during every login request , So we can set a time delay in our every request which might be "Bypass Brute Force Protection"
8. Changing User Name While Attacking
Some web application login attempt behaviour is depend on which username the attacker is attacking , Like if you will attacker on username "admin" continuously more then 5 times then it will block you directly , To ride out of it , First we have to analysed that after how many attempts on any username application is blocking us , After analysing we can continue our attack with first 4 attempt with valid username and 5th attempt as invalid username , then again next 4 attempt as valid username and then attempts as invalid user name , By using we can also bypass the brute force protection
Thats all i observe and found , I will update the post asap if i found something more useful things. Thanks
Comments are always welcome. :)