The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

particular attention to any cases where your username is being submit-

Download 5,76 Mb.

Pdf ko'rish

bet	265/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 261 262 263 264 265 266 267 268 ... 875

Bog'liq
3794 1008 4334

When carrying out password guessing attacks (see the “Brute-Forcible

particular attention to any cases where your username is being submit-

ted other than during normal login.

■

If you succeed in making use of the functionality, attempt to impersonate

any known or guessed administrative users, in order to elevate privileges.

■

When carrying out password guessing attacks (see the “Brute-Forcible

Login” section), review whether any users appear to have more than one

valid password, or whether a specific password has been matched

against several usernames. Also, log in as many different users with the

credentials captured in a brute-force attack, and review whether every-

thing appears normal. Pay close attention to any “logged in as X” status

message.

Chapter 6

■

Attacking Authentication

151

70779c06.qxd:WileyRed 9/14/07 3:13 PM Page 151

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 261 262 263 264 265 266 267 268 ... 875