When we browse a web site, the first thing we often notice is its login pages. The more amateur hacker may try to brute-force it right away. However, the more experienced tester will think: are there any other authentication points to the same resource? The answer is often resoundingly YES!
Modern applications often create alternative ways into the same resource. For instance alternatives vectors to the site functionality may be designed to be accessed from Mobile devices (like your smartphone), and these are usually done with the help of API endpoints.
Web application may have various API endpoints that provides alternative login/authentication capabilities instead of using the main login pages. This API endpoints are usually designed to be used as an interface for other programs.
So remember:
- Humans use button
- Programs use APIs
In addition to APIs, there can be just full fledged pages that do the same login functions, however for other devices.
So it stands to reason to scan the website for those API endpoints and other pages that could provide alternative shortcuts to the same login functions of the site. One such example (for wordpress sites) is the xmlrpc.php page.
The benefits of finding alternative Login functions for the sites:
- While the main login pages may have all kinds of security restrictions, the alternative login functions may miss some or even all security restrictions. Often this is the case with multi-factor authentications, account lock-outs, request rate limiting and other restrictions placed on the main login but forgotten for its alternative authentication locations.
- The main login page is usually designed as an interface for humans. The alternative login pages, especially if they are designed for APIs for program use, may have other formats of interaction that allows to greatly increase the speed of brute-forcing.
And that’s about it. Whenever you encounter a site with a login functionality, don’t be hasty into attacking it right away. Try looking for alternative, not so out in the open, login functionalities to the same resource.