Bypassing Rate Limits via Race Conditions
👩🎓👨🎓 Learn about Race Condition vulnerabilities and how to exploit them! This lab's login mechanism uses rate limiting to defend against brute-force attacks. However, this can be bypassed due to a race condition. To solve the lab, we need to work out how to exploit the race condition to bypass the rate limit, successfully brute force the password for carlos, log in to the admin panel and delete the user carlos 😎 #websecurity #bugbounty #portswigger #burpsuite
Overview:
0:00 Intro
0:10 Recap
1:32 Detecting and exploiting limit overrun race conditions with Turbo Intruder
3:11 Lab: Bypassing rate limits via race conditions
4:13 Explore login functionality to identify rate limiting conditions
4:55 Probe step 1: send requests as a sequence
5:50 Probe step 2: send requests in parallel
7:29 Prove: develop turbo intruder script/payload
10:03 Bonus: more on turbo intruder
16:06 Summary
16:35 Conclusion
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Пікірлер: 17
Finally got around to watching this one! Love the depth this video goes into!
@intigriti
5 ай бұрын
Thanks mate! 💜
Good stuff, will be waiting for more!
@intigriti
6 ай бұрын
Thanks mate! Will continue in the new year 😊
big thx to your videos and great explanations and clear speaking! top
@intigriti
12 күн бұрын
Thank you! Glad you like them 💜
@eduardprivat9821
12 күн бұрын
I love it. Great speech speed, pronunciation, explenations, non monoton speech, not confusing over jumping from A to B topics or clicking. excelent video presentation, excelent acustic sound and the length is perfect. My personal opinion all videos under 30min are perfect because me as noob has to look min 2x which is around 1-2h of work with practicing, personal notes, thinking,etc to make it easier to remember. Thx your your work ❤
@intigriti
8 күн бұрын
🥰🥰🥰
Its not working for more. Then 1000 payloads
Wait .. is this a re upload??
@_CryptoCat
6 ай бұрын
I commented from the intigriti account but it disappeared for some reason 🤔 It's not a re-up, this is the 2nd race condition lab.. 4 more to go! 👀
@camelotenglishtuition6394
6 ай бұрын
@@_CryptoCat ahhh no worries at all.. thanks for all the great work dude
@_CryptoCat
6 ай бұрын
@@camelotenglishtuition6394 Thanks mate 🙏🥰
@camelotenglishtuition6394
6 ай бұрын
Anytime! Also, is it possible to change your username on Intigriti? My wife hates mine lol @@_CryptoCat
@intigriti
6 ай бұрын
I tried to reply to this on my account (CryptoCat) and the comment doesn't show, but it shows from the intigriti account. So weird lol. Unfortunately you cannot change your username on intigriti - kb.intigriti.com/en/articles/5378975-creating-an-intigriti-account