{ "id": "d36d2f71-dab4-31b0-a9fa-566315ee563d", "name": "Vulnerable Bank Portal: Dictionary Attack", "slug": "vulnerable-bank-portal-dictionary-attack", "status": "published", "lab_type": "pta", "is_sample": false, "duration_in_seconds": 1800, "metadata": { "courses": [ "1dce1618-55b6-4205-9799-e509ad2b2c77", "17214602-7ce2-4413-bdd2-efc077ca8443", "415d990e-1f7c-3d61-ac1e-cef23dc8abd3" ], "pta_sdn": "1932", "collections": [], "pta_namespace": "attackdefenselabs", "learning_paths": [], "has_published_parent": true }, "session": null, "company": "a491bc32-c056-4946-9169-cc053387bada", "created": "2022-03-17T11:44:15.367130Z", "modified": "2024-11-27T14:52:47.879825Z", "is_beta": false, "lab_objectives": [], "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "learning_areas": [ { "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "name": "Cyber Security", "slug": "cyber-security" } ], "categories": [ { "id": "5cbe2ba7-8f55-4e03-bf7b-91d1eeae776e", "name": "Broken Authentication" }, { "id": "e737c9b9-5d56-4780-a99c-dbe143d29184", "name": "OWASP Top 10" } ], "tags": [], "difficulty": "advanced", "is_web_access": false, "is_lab_experience": false, "is_featured": false, "cve": null, "severity": null, "year": null, "classification": null, "is_trackable": false, "cpe_credits": null, "is_skill_check": false, "external_url": "", "solution_video": "697a0019-b421-365a-a9a0-db6d28e54867", "explanation_video": null, "description": "[OWASP Top 10](https://owasp.org/www-project-top-ten/) is an awareness document, which outlines the most critical security risks to web applications. Pentesting is performed according to the OWASP TOP 10 standard to reduce/mitigate the security risks.\n\nIn the exercise, we will focus on [OWASP A2 Broken Authentication](https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication) flaws and we will take a look at how to leverage the broken authentication vulnerability on a single page web application. \n\nObjective:\u00a0Leverage the broken authentication vulnerability and access the administrative portal.\n\nInstructions:\u00a0 \n\n\n* This lab is dedicated to you! No other users are on this network :)\n* Once you start the lab,\u00a0you will have access to a Kali GUI instance.\n* Your Kali instance has an interface with IP address 192.X.Y.2. Run \"ip addr\" to know the values of X and Y.\n* Email ID to perform dictionary attack:\u00a0**admin@secbank.com**\n* Do not attack the gateway located at IP address 192.X.Y.1", "description_html": "

OWASP Top 10 is an awareness document, which outlines the most critical security risks to web applications. Pentesting is performed according to the OWASP TOP 10 standard to reduce/mitigate the security risks.

\n

In the exercise, we will focus on OWASP A2 Broken Authentication flaws and we will take a look at how to leverage the broken authentication vulnerability on a single page web application.

\n

Objective:\u00a0Leverage the broken authentication vulnerability and access the administrative portal.

\n

Instructions:\u00a0

\n", "tasks": "", "tasks_html": "", "published_date": "2023-09-01T20:17:50.381734Z", "solutions": "The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-1932.pdf", "solutions_html": "

The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-1932.pdf

", "flags": [], "min_points_to_pass": null, "access_type": "default", "user_status": "unstarted", "user_lab_status": null, "user_status_modified": null, "user_flags": [], "global_running_session": null }