20.1 Lab: Basic password reset poisoning | 2023

This lab is vulnerable to password reset poisoning. The user Carlos will carelessly click on any links in emails that he receives. To solve the lab, log in to Carlos’s account. Any emails sent to this account can be read via the email client on the exploit server | Karthikeyan Nagaraj

Description

This lab is vulnerable to password reset poisoning. The user carlos will carelessly click on any links in emails that he receives. To solve the lab, log in to Carlos's account.

You can log in to your own account using the following credentials: wiener:peter. Any emails sent to this account can be read via the email client on the exploit server.

Solution

Analysis

1. Navigate to My Account and log in using the Above credentials
2. Copy wiener’s Email and log out
3. Click on Forgot Password on My account Page and paste the wiener’s Email and click submit
4. Now, Click on Exploit Server and Click Email Client at the Bottom to Analyze the Link that is sent to the wiener’s Email.

Exploitation

1. Click on Forgot Password on My account Page
2. Type carlos as the Username to Change Password and Intercept the request using Burp
3. Now we have to change the value of Host to our Exploit-Server-Id
4. Then send the request, as soon as Carlos clicks the link that we sent using his username, we will get his secret token in the Access log
5. After that, replace the token with the URL that we got on analysis.
6. Change the password and Log In to Carlos Account to solve the Lab

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials