Member-only story

How I Bypassed 2FA while Resetting Password

Sufiyan Gouri
InfoSec Write-ups
Published in
2 min readApr 22, 2022

It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two Factor Authentication

For Better understanding, I have divided this blog into two parts

1:Understanding the Functionality of Web Application.

2: Bypassing Two Factor Authentication.

Let’s Start

I can’t disclose the name of the Website, so let’s consider it “Target.com”

After checking all possible methods, I came to reset password functionality and I send a password reset link and opened it in my browser.

“https://abc.target.com/reset/<token>”

Entered new password

I entered the new password and clicked on next button and captured the request in burp.

Request:

POST /reset2fa HTTP/1.1

Host: abc.target.com

..

_csrf=<token>&reset_key=<key>&password=Test@123

After forwarding this request it redirected to 2fa page😓

Now I disabled 2fa from my account to check what is difference between both requests when 2fa is enabled&disabled.

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Sufiyan Gouri

Security Researcher |Penetration Tester | CEH | eJPT | eMAPT | CVE-2020–9829

Responses (2)

What are your thoughts?

great bro, ccongratulations🎉r

--

Total Hackerman moment, Kudos to you.

--