Exploiting HTTP Timing Attack - Timing [HackTheBox]
Автор: 0xdf
Загружено: 2022-06-04
Просмотров: 3508
Описание:
I've got an HTTP login form where it takes about a second longer to fail login if the username submitted exists. I'll show this with curl, then create a quick Python script that takes either a username, a comma-separated list of usernames, or a file of usernames, and reports which are valid.
Full HackTheBox Timing Writeup: https://0xdf.gitlab.io/2022/06/04/htb...
[00:00] Introduction
[00:51] Demonstrating timing condition with curl
[02:00] Starting Python script
[04:17] Updating input to take wordlist or names
[05:04] Using interactive Python to identify elapsed in respond
[07:40] Adding messages to show status
[11:56] Discussion of async / aoihttp failures
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке: