Credential Stuffing

You have enumerated subdomains and you have come acrossed admin panels.
You tried brute forcing credentials from public sources but no success.

What should you do now ?

You need to check the breached credentials of the specific company.

which site you need to check ?
dehashed.com

Goto dehashed.com give the query <domain:company.com\>

If there is any breaches happend in the past it shows you the credentials of the company

To download them you need to have a active subscription

They charge 7$ for week + you need to buy the api query credits

i.e 3$ for 100 api queries

You need to have both of them to use the api from the bash using the apikey

Query goes like

-u dehashed-registerd-email@mail.com:api-key -H 'Accept: application/json'

Get The Data from the above queries.

You can also use jq for processing the json output from the above liner.

-H 'Accept: application/json' | tee dehashed_company_output.txt

You can change it to a way how you need it.
test is for matching the regex.

you can play with jq to understand it better.

After you get the credentials from the above query you can bruteforce the login panels using pitchfork in intruder / ffuf.

I’ll keep the posts short and straight to the point.

Any queries?

Comment or contact me on twitter. @_thesecurityguy

The single jq line above took me 3 hours to figure out how to process the output in a detailed way.

The time invested by me = Time you saved.

Login with leaked credentials (But how to find the leaked credentials of the specific company 🤔? ) - How to get the plain text passwords of the compa