{"id":1536,"date":"2023-05-20T23:11:00","date_gmt":"2023-05-20T15:11:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=1536"},"modified":"2024-05-23T20:39:25","modified_gmt":"2024-05-23T12:39:25","slug":"bypass-brute-force-lock","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/1536","title":{"rendered":"bypass brute-force lock"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">\u9396\u5b9a\u5e33\u6236\u53ef\u4ee5\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u4fdd\u8b77\uff0c\u9632\u6b62\u5c0d\u7279\u5b9a\u5e33\u6236\u9032\u884c\u6709\u91dd\u5c0d\u6027\u7684\u66b4\u529b\u7834\u89e3\uff0c\u4f46\u9084\u662f\u6709\u6a5f\u6703\u7e5e\u904e\u9396\u5b9a\u6a5f\u5236\uff0c\u5e38\u898b\u7684\u5e7e\u500b\u6848\u4f8b\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6539\u5bc6\u78bc\u7684\u529f\u80fd\u6c92\u6709\u9650\u5236\u539f\u5bc6\u78bc\u932f\u8aa4\u6b21\u6578<\/li>\n\n\n\n<li>\u9396\u5b9a\u6a5f\u5236\u908f\u8f2f\u7f3a\u9677<\/li>\n<\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u6539\u5bc6\u78bc\u7684\u529f\u80fd\u6c92\u6709\u9650\u5236\u539f\u5bc6\u78bc\u932f\u8aa4\u6b21\u6578<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u6539\u5bc6\u78bc\u7684\u529f\u80fd\u4e2d\uff0c\u539f\u5bc6\u78bc\u6c92\u6709\u932f\u8aa4\u6b21\u6578\u9650\u5236\uff0c\u56e0\u6b64\u53ef\u4ee5\u4e0d\u65b7\u5617\u8a66\uff0c\u8209\u4f8b\u5982\u4e0b<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u67d0\u4e00\u7cfb\u7d71\u66f4\u6539\u5bc6\u78bc\u7684\u8acb\u6c42\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>POST \/my-account\/change-password HTTP\/1.1\n...omit...\ncsrf=4hQDcFWEP3uFXO1TeqerBuKczGn4eYhw&amp;username=wiener&amp;current-password=peter&amp;new-password-1=1&amp;new-password-2=2<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u6839\u64da\u6e2c\u8a66\u767c\u73fe\u4ee5\u4e0b\u73fe\u8c61<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>current-password\u6b63\u78ba,\u4f462\u500bnew-password\u7d50\u679c\u4e0d\u7b26\u5408\uff0c\u8fd4\u56de<code>New passwords do not match<\/code><\/li>\n\n\n\n<li>current-password\u4e0d\u6b63\u78ba,\u4f462\u500bnew-password\u7d50\u679c\u4e0d\u7b26\u5408\uff0c\u8fd4\u56de<code>Current password is incorrect<\/code><\/li>\n\n\n\n<li>current-password\u4e0d\u6b63\u78ba\u7684\u6b21\u6578\u6c92\u6709\u9650\u5236<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u66f4\u6539\u5bc6\u78bc\u8acb\u6c42\u7684\u90e8\u4efd\uff0c\u5c0dcurrent-password\u53c3\u6578\u4f7f\u7528\u7206\u529b\u5bc6\u78bc\u7834\u89e3\uff0c\u4e26\u5c07username\u6539\u70bavictim\uff0c\u5982\u4e0b\u6240\u793a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>atatck  request( try different password)\nPOST \/my-account\/change-password HTTP\/1.1\n...omit...\ncsrf=4hQDcFWEP3uFXO1TeqerBuKczGn4eYhw&amp;username=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">victim<\/mark>&amp;current-password=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">$changepasswdhere$<\/mark>&amp;new-password-1=1&amp;new-password-2=2\nresponse\nif response New passwords do not match, that mean found current pw<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u7206\u7834\u904e\u7a0b\u4e2d\uff0c\u4e00\u4f46\u767c\u73fe\u8fd4\u56de\u5167\u5bb9\u70baNew passwords do not match\uff0c\u4ee3\u8868current-password\u6b63\u78ba\uff0c\u6210\u529f\u731c\u5230\u539f\u59cb\u5bc6\u78bc<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Lab: Password brute-force via password change<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u9396\u5b9a\u6a5f\u5236\u908f\u8f2f\u7f3a\u9677<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u8209\u4f8b\u4f86\u8aaa\uff0c\u76ee\u6a19\u7db2\u7ad9\u53ea\u8981\u5bc6\u78bc\u932f\u8aa43\u6b21\u4ee5\u4e0a\u5c31\u9396\u5b9a\u7684\u5b89\u5168\u6a5f\u5236\uff0c\u4f46\u8a72\u7db2\u7ad9\u7d93\u904e\u5206\u6790\u5f8c\u767c\u73fe\u4e00\u500b\u7279\u6027\uff0c\u4e00\u65e6\u6709\u51fa\u73fe\u5bc6\u78bc\u8f38\u5165\u6b63\u78ba\u7684\u60c5\u6cc1\uff0c\u4e4b\u524d\u7684\u932f\u8aa4\u7d2f\u7a4d\u5c31\u6703\u6b780\uff0c\u56e0\u6b64\u53ef\u4ee5\u5229\u7528\u9019\u500b\u7279\u9ede\u7e5e\u904e\u5b89\u5168\u6a5f\u5236\uff0c\u767c\u52d5\u7206\u529b\u5bc6\u78bc\u7834\u89e3<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u5be6\u969b\u64cd\u4f5c\u53ef\u4ee5\u5c07\u767b\u5165\u8acb\u6c42\u653e\u5165Intruder\uff0cPositions\u8a2d\u5b9a\u4ee5\u4e0b\uff0c\u653b\u64ca\u985e\u578b\u70baPitchfork<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>POST \/login HTTP\/1.1\n...omit...\n\nusername=\u00a7payload1\u00a7&amp;password=\u00a7payload2\u00a7<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">2\u500bpayload type\u9078\u64c7simple list\uff0c\u5167\u5bb9\u53c3\u8003\u5982\u4e0b<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>payload1<\/td><td>payload2<\/td><\/tr><tr><td>\u6709\u6548\u5e33\u865f<\/td><td>\u6b63\u78ba\u5bc6\u78bc<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc1<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc2<\/td><\/tr><tr><td>\u6709\u6548\u5e33\u865f<\/td><td>\u6b63\u78ba\u5bc6\u78bc<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc3<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc4<\/td><\/tr><tr><td>\u6709\u6548\u5e33\u865f<\/td><td>\u6709\u6548\u5e33\u865f<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc5<\/td><\/tr><tr><td>\u76ee\u6a19\u53d7\u5bb3\u5e33\u865f<\/td><td>\u6e2c\u8a66\u5bc6\u78bc6<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Lab: Broken brute-force protection, IP block<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9396\u5b9a\u5e33\u6236\u53ef\u4ee5\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u4fdd\u8b77\uff0c\u9632\u6b62\u5c0d\u7279\u5b9a\u5e33\u6236\u9032\u884c\u6709\u91dd\u5c0d\u6027\u7684\u66b4\u529b\u7834\u89e3\uff0c\u4f46\u9084\u662f\u6709\u6a5f\u6703\u7e5e\u904e\u9396\u5b9a\u6a5f\u5236<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[367],"tags":[],"class_list":["post-1536","post","type-post","status-publish","format-standard","hentry","category-logic-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1335,"url":"https:\/\/systw.net\/note\/archives\/1335","url_meta":{"origin":1536,"position":0},"title":"Username enumeration","author":"raymond","date":"2023 \u5e74 4 \u6708 14 \u65e5","format":false,"excerpt":"\u4f7f\u7528\u8005\u540d\u7a31\u5217\u8209Username enumeration\u662f\u6307\u653b\u64ca\u8005\u80fd\u5920\u89c0\u5bdf\u7db2\u7ad9\u884c\u70ba\u7684\u8b8a\u5316\uff0c\u4ee5\u78ba\u5b9a\u7d66\u5b9a\u7684\u2026","rel":"","context":"\u5728\u300cLogic Vulnerabilities\u300d\u4e2d","block_context":{"text":"Logic Vulnerabilities","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/logic-vulnerabilities"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":401,"url":"https:\/\/systw.net\/note\/archives\/401","url_meta":{"origin":1536,"position":1},"title":"Cracking Password","author":"raymond","date":"2017 \u5e74 3 \u6708 19 \u65e5","format":false,"excerpt":"\u5bc6\u78bc\u653b\u64ca\u985e\u578b 1. \u7dda\u4e0a\u653b\u64ca\uff08Online Attacks\uff09 \u88ab\u52d5\u5f0f\u7dda\u4e0a\u653b\u64ca\uff08Passive Onl\u2026","rel":"","context":"\u5728\u300cConcept\u300d\u4e2d","block_context":{"text":"Concept","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/concept"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1531,"url":"https:\/\/systw.net\/note\/archives\/1531","url_meta":{"origin":1536,"position":2},"title":"Reseting Password","author":"raymond","date":"2023 \u5e74 5 \u6708 21 \u65e5","format":false,"excerpt":"\u6709\u4e9b\u7528\u6236\u6703\u5fd8\u8a18\u5bc6\u78bc\uff0c\u56e0\u6b64\u7cfb\u7d71\u6703\u6709\u91cd\u8a2d\u5bc6\u78bc\u529f\u80fd\uff0c\u9019\u6709\u5e7e\u7a2e\u4e0d\u540c\u7684\u5be6\u4f5c\u65b9\u5f0f\uff0c\u800c\u4e14\u5b58\u5728\u4e0d\u540c\u7a0b\u5ea6\u7684\u6f0f\u6d1e","rel":"","context":"\u5728\u300cLogic Vulnerabilities\u300d\u4e2d","block_context":{"text":"Logic Vulnerabilities","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/logic-vulnerabilities"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1529,"url":"https:\/\/systw.net\/note\/archives\/1529","url_meta":{"origin":1536,"position":3},"title":"Keeping-logged","author":"raymond","date":"2023 \u5e74 4 \u6708 26 \u65e5","format":false,"excerpt":"\u4fdd\u6301\u767b\u5165\u72c0\u614b\u662f\u4e00\u500b\u5e38\u898b\u7684\u529f\u80fd\uff0c\u9019\u8868\u793a\u5728\u4f7f\u7528\u8005\u95dc\u9589\u700f\u89bd\u5668\u5de5\u4f5c\u968e\u6bb5\u5f8c\u4e5f\u53ef\u4ee5\u4fdd\u6301\u767b\u5165\u72c0\u614b\uff0c\u5e38\u898b\u505a\u6cd5\u662f\u5c07to\u2026","rel":"","context":"\u5728\u300cLogic Vulnerabilities\u300d\u4e2d","block_context":{"text":"Logic Vulnerabilities","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/logic-vulnerabilities"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1137,"url":"https:\/\/systw.net\/note\/archives\/1137","url_meta":{"origin":1536,"position":4},"title":"HOST header attack","author":"raymond","date":"2023 \u5e74 1 \u6708 20 \u65e5","format":false,"excerpt":"Host header\u7684\u76ee\u7684\u662f\u5e6b\u52a9\u8b58\u5225\u5ba2\u6236\u7aef\u60f3\u8981\u8207\u54ea\u500b\u5f8c\u7aef\u5143\u4ef6\u9032\u884c\u901a\u8a0a\uff0c\u7279\u5225\u662f\u540c\u4e00 IP \u4f4d\u5740\u5b58\u53d6\u591a\u2026","rel":"","context":"\u5728\u300cLogic Vulnerabilities\u300d\u4e2d","block_context":{"text":"Logic Vulnerabilities","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/logic-vulnerabilities"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1516,"url":"https:\/\/systw.net\/note\/archives\/1516","url_meta":{"origin":1536,"position":5},"title":"Business Logic Vulnerabilities","author":"raymond","date":"2024 \u5e74 4 \u6708 1 \u65e5","format":false,"excerpt":"\u7528\u5408\u6cd5\u63a9\u98fe\u975e\u6cd5\uff0c\u90194\u7a2e\u696d\u52d9\u908f\u8f2f\u5b89\u5168\u6f0f\u6d1e\uff0c\u7a7f\u904e\u4fdd\u8b77\u6a5f\u5236\u5957\u5229\u63d0\u6b0a\u3002\u9019\u662f\u61c9\u7528\u7a0b\u5f0f\u8a2d\u8a08\u548c\u5be6\u4f5c\u4e2d\u5e38\u898b\u7684\u7f3a\u9677\uff0c\u5141\u2026","rel":"","context":"\u5728\u300cLogic Vulnerabilities\u300d\u4e2d","block_context":{"text":"Logic Vulnerabilities","link":"https:\/\/systw.net\/note\/archives\/category\/hackerthreat\/logic-vulnerabilities"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/1536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=1536"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/1536\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=1536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=1536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=1536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}