Authentication
Lab#: 2FA simple bypass
Welcome 👋 back , friends! Here is my write-up on 2FA simple bypass based on Web Security Academy labs. The web app has a two-factor authentication functionality that can be bypassed. We have already obtained a valid username and password but do not have access to the user’s 2FA verification code. Our task is to bypass the verification code for the 2FA. Let’s get started, guys.
End Goal #:
- Solve the lab and Access carlos account page.
Testing for vulnerabilities
- Let’s check the functionality of the web app. The app is a blog site.
- We are given an account; let’s log in to our account. We are sent a 2FA verification code to our email. Let’s check our email to get the code.
- By checking Burp, we can see that our username is the value of the ID parameter when we log in. Let’s log out and log in as the user Carlos to access his account without his verification code.
- Using the credentials for user Carlos, let’s log in. Since we cannot access his email, let’s send the request to the Repeater tab, modify the request, and navigate to
/my-account?id=carlos. The lab is solved when the page loads. - Or, after we log in, go back to the main web page and click the login functionality again, and it will automatically log in as the user Carlos.
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!