DEV Community

Cover image for Day-5: A day off but...
FENIL SHAH
FENIL SHAH

Posted on

2 1

Day-5: A day off but...

Day-5: Sunday...Hmmm! Today I did nothing In research but I read Two Medium blogs/Write-Ups one on ATO (Account Takeover) and one on Bypassing 2FA (2 Factor Authentication). And gave the rest of my time to family. Also realized Family talks actually makes your stress/Confusion low!😛

Lessons learned:

ATO by Avanish Pathak:

  • Changing value in Email Parameter in response request can lead to ATO!
  • The company was asking for OTP for login, what he did was: Put in the write email and code and then,
    • Capture the request in Burp ==> Response request ==> Change the Email in Email Parameter to victim's email with correct OTP code ==> BOOM!
  • For more In detail Information check out his blog! Link in Resource down there!

2FA bypass by Seqrity:

  • Subdomain enumeration helps alot! It opens a whole lot of opportunities to attack the target!
  • If the main domain is asking for 2FA Don't forget to check out that other domains are?, You can change the Host Header and can bypass 2FA!
  • For more In detail Information check out his blog! Link in Resource down there!

PS: Happy Father's Day to all Fathers out there!❤️


Resources:

ATO WriteUp by Avanish Pathak: https://medium.com/@avanishpathak46/an-interesting-account-takeover-vulnerability-f5bf6a89152c
2FA bypass by Seqrity:
https://medium.com/@seqrity/bypass-2fa-like-a-boss-378787707ba

Contact:

Got doubts? Contact me on Twitter.
Feedbacks are welcomed, do comment it down below! :)

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay