Authentication Vulnerabilities - Lab #10 Offline password cracking | Long Version

In this video, we cover Lab #10 in the Authentication module of the Web Security Academy. This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, we obtain Carlos's stay-logged-in cookie and use it to crack his password. Then, we log in as carlos and delete his account from the "My account" page. Your credentials: wiener:peter Victim's username: carlos ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬ 00:00​​​ - Introduction 00:10 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:21 - Navigation to the exercise 01:50 - Understand the exercise and make notes about what is required to solve it 02:30 - Exploit the lab using Burp Suite Professional 12:51 - Summary 13:10 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Lab Exercise: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Long Version
▶︎

Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Long Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Long Version
▶︎

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Long Version

Broken Authentication - Offline Password Cracking
▶︎

Broken Authentication - Offline Password Cracking

Authentication Vulnerabilities | Complete Guide
▶︎

Authentication Vulnerabilities | Complete Guide

SSRF Lab 3 - Blind SSRF with out-of-band detection (2 Solution Methods)
▶︎

SSRF Lab 3 - Blind SSRF with out-of-band detection (2 Solution Methods)

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version
▶︎

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

How hackers steal passwords with Wireshark
▶︎

How hackers steal passwords with Wireshark

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video
▶︎

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video

Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Long Video
▶︎

Business Logic Vulnerabilities - Lab #6 Inconsistent handling of exceptional input | Long Video

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

He Outsmarted Every Tech Company With One Simple Tool
▶︎

He Outsmarted Every Tech Company With One Simple Tool

Passkeys SUCK (here’s why + how I use them)
▶︎

Passkeys SUCK (here’s why + how I use them)

Bypassing Brute-Force Protection with Burpsuite
▶︎

Bypassing Brute-Force Protection with Burpsuite

Authentication Vulnerabilities - Lab #2 2FA simple bypass | Long Version
▶︎

Authentication Vulnerabilities - Lab #2 2FA simple bypass | Long Version

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version
▶︎

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version

CORS - Lab #1 CORS vulnerability with basic origin reflection | Long Video
▶︎

CORS - Lab #1 CORS vulnerability with basic origin reflection | Long Video

Most Devs Get API Authentication Wrong ?
▶︎

Most Devs Get API Authentication Wrong ?