How to Hack MFA (Multi-Factor Authentication)
HTML-код
- Опубликовано: 1 авг 2024
- 00:00 Intro
00:14 What is MFA?
01:00 TOTP flow
01:56 MFA bypass
03:33 MFA brute force
08:45 Outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. 
Наука
Awesome content and knowledge sharing guy's. 🙌🏻
8:30 your webcam is top-right, covering whatever you clicked to update the session cookie. I enjoy watching the videos and learning. Thanks for the great content!
I'm pretty sure it's a cookie editor plugin from firefox
yes i made a graphic pop up below with an arrow so you can see it :)
You people putting out nugts 🔥 content and information ' thankyou
Hello folks i had question can one brute force a ussd process and if yes which are some of the tools that can be used?
how to 'upload' the session cookie?
Good example, but why the key is showing in plain text? Isn't communication between the sides encrypted?
I think in this application there is no need to spend the time decrypting the traffic, as he mentions this is theory. You could absolutely argue that in a RL situation where you would be hacking MFA it would be encrypted.
Because he is using a local proxy, it intercepts the browser's traffic before https is applied, I think it's burp actually. The only way to use this attack he is showing is to have control of the client machine or browser on a step before the attack. With a man in the middle it would go everything encrypted.
The other thing he said that's not that aqurate is the posibility of bruteforcing the 4 digit code. Anybody with some knowledge of security would block that after some incorrect inputs, like 3 times or so. Usually those cannot be bruteforced unless the page is vulnerable to that (it was designed by a monkey) and it sould be generated by a random secure generator so the posibility to guess that is almost null.
I think I went overboard with the explanation, sorry, I think I didnt really like this video.
How do i evade such attacks , please can someone help me.
Would love it with you using Zap to brute force. Community Burp Suite too slow :(
Hello big bro
6:29 the easiest way would be to set the payload type to Numbers, then set the range from 0 to 9999 and the step to 1. Then you set min integer digits and max integer digits to 4 and min fraction digits and max fraction digits to 0.
Hi. Great video again. Could you make some of the next one about basic windows AD enum ? It will be nice to know some basic steps what could be useful to check to privesc after you get revshell or any not elevated user account. WinPEAS is good, but some tips for manual enum will be great to know.
Thanx a lot. And also thank you for great content 🙂
I need help my friend Facebook id was hacked long months ago can you help to bring that id back I have many expectations from you broo please help me
no one:
me: not knowing what MFA is but still watches the vid
That's concerning for your safety if you don't know what MFA
@@_justnick well I do know 2fa
I can see how "How to Hack MFA" could seem uninteresting to someone who doesn't know what "MFA" means. Maybe putting the written-out text in the title as well would be helpful in this case.
Good for you, that's a good way to learn new things.
so way smarter than I
good theory but dont think it would be bruteforable in real world attacks
please make a video on password rest bypass! :)
amazing video, web apps are easy to use and access ... trying brute force on dedicated apps is quite different. I wonder this could work on a chromium addon
MFA are really important, sad to know most people dont care about using it
Plz make video about red teaming
need internship or job, need of the hour
6:35 Number range easily done using bash curly brace expansion:
for i in {0000..9999}; do echo $i; done
3rd
1st view
2 comment pin please ❤