Admin Login: A2:2017-Broken Authentication WSTG-CONF-05 Enumerate Infrastructure and Application Admin Interfaces

This document provides a challenge to find and exploit broken authentication on a website by logging in as an admin user. It discusses how broken authentication is widespread due to issues with identity and access controls as well as session management. The document instructs the user to use source code observation to find an admin password and login in order to submit credentials and gain unauthorized access.

Uploaded by

student

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

336 views1 page

Admin Login: A2:2017-Broken Authentication WSTG-CONF-05 Enumerate Infrastructure and Application Admin Interfaces

Uploaded by

student

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

Challenge List

Admin Login
A2:2017-Broken Authentication

WSTG-CONF-05 Enumerate Infrastructure and Application Admin Interfaces

The prevalence of broken authentication is widespread due to the design and implementation of
most identity and access controls. Session management is the bedrock of authentication and
access controls, and is present in all stateful applications.
Attackers can detect broken
authentication using manual means and exploit them using automated tools with password lists
and dictionary attacks.

Use your powers of page source observation and find admin password and login.

Login as admin user

User Name :
Password :
Submit

Morning Catch Documentation
No ratings yet
Morning Catch Documentation
5 pages
Windows 10 Exploitation with Metasploit
No ratings yet
Windows 10 Exploitation with Metasploit
12 pages
Kerberos Attacks - @CyberFreeCourses
No ratings yet
Kerberos Attacks - @CyberFreeCourses
125 pages
Cheatsheet PenTesting
No ratings yet
Cheatsheet PenTesting
14 pages
NTLM Relay Attacks - @CyberFreeCourses
No ratings yet
NTLM Relay Attacks - @CyberFreeCourses
104 pages
AD Advanced Notes
No ratings yet
AD Advanced Notes
405 pages
ADCS Attacks - @CyberFreeCourses
100% (1)
ADCS Attacks - @CyberFreeCourses
167 pages
Oauth 2.0 Authentication Vulnerabilities
No ratings yet
Oauth 2.0 Authentication Vulnerabilities
20 pages
Pentesting Command Reference
No ratings yet
Pentesting Command Reference
12 pages
HackTheBox Password Attacks - Attacking Windows Credential Manager - by Manojchandran - Jun, 2025 - Medium
No ratings yet
HackTheBox Password Attacks - Attacking Windows Credential Manager - by Manojchandran - Jun, 2025 - Medium
11 pages
Roadmap For Red
No ratings yet
Roadmap For Red
2 pages
Arvandy Com Oscp Second Week
No ratings yet
Arvandy Com Oscp Second Week
7 pages
Password Attacks - 2
No ratings yet
Password Attacks - 2
108 pages
Breach - Vulnlab
No ratings yet
Breach - Vulnlab
7 pages
@FsKnockouT-27. Documentation & Reporting
No ratings yet
@FsKnockouT-27. Documentation & Reporting
73 pages
Module 2
No ratings yet
Module 2
84 pages
Penetration Test Scoping Form Guide
No ratings yet
Penetration Test Scoping Form Guide
1 page
SEC660: Advanced Penetration Testing
No ratings yet
SEC660: Advanced Penetration Testing
2 pages
Ethical Hacking Lab Guide
No ratings yet
Ethical Hacking Lab Guide
2 pages
CPENT Practices Range
No ratings yet
CPENT Practices Range
4 pages
Top Business Logic Vulnerabilities in Web Apps
No ratings yet
Top Business Logic Vulnerabilities in Web Apps
51 pages
Eh Lab 8
No ratings yet
Eh Lab 8
11 pages
Footprinting
No ratings yet
Footprinting
149 pages
Using CrackMapExec
No ratings yet
Using CrackMapExec
190 pages
Active Directory Lab
No ratings yet
Active Directory Lab
30 pages
API Pentesting
No ratings yet
API Pentesting
27 pages
100 Real World Cybersecurity Analyst
No ratings yet
100 Real World Cybersecurity Analyst
70 pages
8.1P Final
No ratings yet
8.1P Final
13 pages
Active Directory Exploitation Techniques
No ratings yet
Active Directory Exploitation Techniques
14 pages
Penetration Testing Full Guide
No ratings yet
Penetration Testing Full Guide
3 pages
Multiple Choice 2
0% (1)
Multiple Choice 2
5 pages
Another AMSI-Bypass Paper
No ratings yet
Another AMSI-Bypass Paper
19 pages
M18-MACC832-CLI Administration
No ratings yet
M18-MACC832-CLI Administration
52 pages
Hackademic 1: SQL Injection & Exploits
No ratings yet
Hackademic 1: SQL Injection & Exploits
4 pages
3 - Network Security Fundamentals
No ratings yet
3 - Network Security Fundamentals
15 pages
Mobile Security Testing Approaches and Challenges: February 2015
No ratings yet
Mobile Security Testing Approaches and Challenges: February 2015
6 pages
Network Security
No ratings yet
Network Security
42 pages
Windows Splunk Logging Cheat Sheet - Win 7 - Win2012: Definitions
No ratings yet
Windows Splunk Logging Cheat Sheet - Win 7 - Win2012: Definitions
8 pages
Lainkusanagi OSCP Like
No ratings yet
Lainkusanagi OSCP Like
17 pages
Attacking Common Web Applications
No ratings yet
Attacking Common Web Applications
195 pages
Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape
No ratings yet
Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape
8 pages
Lateral Movement Threat Hunt Report
No ratings yet
Lateral Movement Threat Hunt Report
7 pages
PT0-002 (Pentest+) Exam - Exambible
No ratings yet
PT0-002 (Pentest+) Exam - Exambible
27 pages
ECPTXv2 Latest
No ratings yet
ECPTXv2 Latest
39 pages
SQLMap Essentials
No ratings yet
SQLMap Essentials
55 pages
147-Reddish HTB Official Writeup Tamarisk
No ratings yet
147-Reddish HTB Official Writeup Tamarisk
18 pages
Compliance Audit for Brokers & MIIs
No ratings yet
Compliance Audit for Brokers & MIIs
11 pages
IDOR Final
No ratings yet
IDOR Final
77 pages
K032 - K053 - K055 - VAPT Report
No ratings yet
K032 - K053 - K055 - VAPT Report
20 pages
Scanning Networks in Ethical Hacking
No ratings yet
Scanning Networks in Ethical Hacking
30 pages
CSCI369 Lab 3
No ratings yet
CSCI369 Lab 3
4 pages
Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4
No ratings yet
Lab 3 - Vulnerability Scanning and Exploitation Instructions - Mar 4
5 pages
CRTE Notes
No ratings yet
CRTE Notes
12 pages
GIAC Cyber Incident Leader (GCIL) Certification - Cybersecurity Certification
No ratings yet
GIAC Cyber Incident Leader (GCIL) Certification - Cybersecurity Certification
6 pages
OWASP Mutilidae
No ratings yet
OWASP Mutilidae
19 pages
Blind SQL Injection - @CyberFreeCourses
No ratings yet
Blind SQL Injection - @CyberFreeCourses
55 pages
HaSzomerHirszfeldiensis 4
No ratings yet
HaSzomerHirszfeldiensis 4
5 pages
AppSec A2-Broken Authentication
No ratings yet
AppSec A2-Broken Authentication
5 pages
NSA211-SA2-LO3-LO4-APPROVED-202420 (1) Saeed
No ratings yet
NSA211-SA2-LO3-LO4-APPROVED-202420 (1) Saeed
35 pages
Incomplete Scan (Could Not Complete One or More Requested Checks.)
No ratings yet
Incomplete Scan (Could Not Complete One or More Requested Checks.)
2 pages