20.1 Lab: Basic password reset poisoning | 2023
This lab is vulnerable to password reset poisoning. The user Carlos will carelessly click on any links in emails that he receives. To solve the lab, log in to Carlos’s account. Any emails sent to this account can be read via the email client on the exploit server | Karthikeyan Nagaraj
2 min readNov 5, 2023
Description
This lab is vulnerable to password reset poisoning. The user carlos
will carelessly click on any links in emails that he receives. To solve the lab, log in to Carlos's account.
You can log in to your own account using the following credentials: wiener:peter
. Any emails sent to this account can be read via the email client on the exploit server.
Solution
Analysis
- Navigate to My Account and log in using the Above credentials
- Copy wiener’s Email and log out
- Click on Forgot Password on
My account
Page and paste the wiener’s Email and click submit - Now, Click on Exploit Server and Click Email Client at the Bottom to Analyze the Link that is sent to the wiener’s Email.
Exploitation
- Click on Forgot Password on
My account
Page - Type
carlos
as the Username to Change Password and Intercept the request using Burp - Now we have to change the value of
Host
to ourExploit-Server-Id
- Then send the request, as soon as Carlos clicks the link that we sent using his username, we will get his secret token in the Access log
- After that, replace the token with the URL that we got on analysis.
- Change the password and Log In to Carlos Account to solve the Lab
If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials