authbypass-authentication-flaws
Installation
SKILL.md
SKILL: Authentication Bypass — Expert Attack Playbook
AI LOAD INSTRUCTION: Expert authentication bypass techniques. Covers SQL injection-based login bypass, password reset flaws, token predictability, account enumeration, brute force bypass, and multi-factor auth bypass. Distinct from JWT/OAuth (covered in ../jwt-oauth-token-attacks/SKILL.md). Focus on the login mechanism itself.
0. AUTHORIZED CREDENTIAL TEST PLANNING
After reducing routing entries, default credentials, username variants, port focus, and wordlist sizing are handled here in one place.
Service-first tiny sets
| Service Type | First Usernames | First Passwords |
|---|---|---|
| phpMyAdmin | root, admin |
empty, root, phpmyadmin, admin |
| FTP | ftp, admin, test |
empty, ftp, admin, 123456 |
| SSH | root, admin, service account names |
root, admin, seasonal variants |
| MySQL | root, mysql |
empty, root, mysql |
| Tomcat / Java admin | tomcat, admin, manager |
tomcat, admin, s3cret |
| WebLogic | weblogic, admin |
weblogic, welcome1, admin |
Related skills