Searching for Weak Credentials

Introduction

Vulnerability scanners can work in two different ways. One option is to identify the programs that are running on a system and then look up CVEs for those vulnerabilities. The other option is to search for common vulnerabilities that may exist in an application but don’t have an associated CVE.

We’ll be focusing on this second option. After identifying a vulnerability to exploit, we can craft exploit packets and automate the process of searching for systems that contain the vulnerability.

Looking for common errors

A vulnerability scanner can look for known or unknown vulnerabilities. For example, EternalBlue is a vulnerability in certain versions of the SMB protocol on Windows systems. With sufficient knowledge of how the exploit works, we can develop a scanner that tests if a system is vulnerable to EternalBlue by sending exploit packets and analyzing the responses.

Alternatively, a vulnerability scanner can search for unknown vulnerabilities. When doing so, a good starting point is a list of common vulnerabilities in applications. Some examples might include:

• Buffer overflows

• Integer overflows/underflows

• Injection vulnerabilities

• Cross-site scripting (XSS)

• Cross-site request forgery (CSRF)

• Security misconfigurations

This is far from a comprehensive list of all potential vulnerabilities that can exist in an application. Some good resources for learning about common vulnerabilities include the OWASP Top 10 list and the CWE Top 25.

Exploring an HTML login form

Login pages are a crucial part of many websites. Their purpose is to ensure that only legitimate users have access to online accounts and the sensitive data and functionality accessible via the webpage.

The following image shows a simple login page that does not use any CSS to beautify the page. However, the page is fully functional. Entering a username and password and clicking the “Login” button sends a request to the server to authenticate the user.