Hacking for Security

15 Things I can do with your login/sign up pages

Aquila Ayo's photo
Aquila Ayo
·

4 min read

Login pages are generally considered to be a volatile portion of any application due to the sensitivity of credentials that is being inputted on the page. As such it is a targeted area for attackers.

Below are the first 15 things I will do to the login page of a web application

  1. Try to enumerate the usernames by monitoring the errors. Like username already exist (then it will be a problem.).
  2. After you found that You can enumerate the usernames then try to check the password quality. If the password rules are not good then a successful login is imminent ( point 1 + point 2).
  3. Is the login page is in the HTTPS? If it is not then what if the attacker intercepts the response and inject the keylogger to view the credentials .
  4. It is one thing for the login page to be in https, its another thing for the credentials to be sent over HTTPS? If that is not in place then point 3 still applies
  5. I will normally test default username and passwords on the page
  6. SQL injection may come in handy especially when the application developer for the login page didn't follow best practices.
  7. When you log in to your account sees the parameters carefully, is there any parameter like User-id. And if there is any then try to IDOR.
  8. View the source code for information that may allow you to breach the login page. Developer comments, variables used for authentication
  9. View the page to see if its using a known framework with security issues. Find the version number and look up related CVEs
  10. Proxy the request across and view the content. Tamper with information being passed across to see if it allows access
  11. View the content of cookies if there are any to see if that data allows access (seriously I've come across access=true in the past)
  12. Try going around the login page if you can guess some urls, they may have poor access controls on the page you are trying to get to
  13. View the site itself for information. Use something like dirbuster to see if there are any directories open to you that relate to the login page. Maybe a user list of plain text password file
  14. See what the login page is being hosted on. Maybe there is an exploit on the host platform you can use to gain access or get around the page
  15. Use a list of user / passwords from previous breaches to try brute force access

Ps: This post was inspired by a comment on StackOverflow

loginSecurityweb application