User Enumeration - ????? ????? ?????????????? ?????????

User Enumeration - ????? ????? ?????????????? ?????????

????????????, ??? ????? ????????? ?????????? ????? ?? ???? ????????, ????? ??????????, ????? ??? ???????? ??. User Enumeration ???? ?????? ????? "???????" ??????? ?????? ?????????.


?? ???? User Enumeration ????????? ??

User Enumeration ???? ???????????? ???????, ??????? ??????? ??????? ??????????? ???? ???????, ???????? ?? ??? ?????????? ???????????? ?????????.

????? ??????? ??????????? ??

?????? ??????????:

??????? ???????? ??????:

"???????????? ?? ????????" - ?????? ??????? ?        

2. ???????????? ??????:

"???????? ????????????" vs "???????? ??????" ?        

3. ???????????? ??????:

"?? ????? ???? ?????????????????" ?        


????? ????? ??????? ??

1. ?????????? ?????????:

users = ['admin', 'user', 'test', ...]
for user in users:
    response = check_user(user)
    if "exists" in response:
        print(f"Found user: {user}")        

2. ?????????????? ???????:

  • ????? ??????????? ?????????
  • ???????? ????????? ???????????
  • ??????? ????? ???????????


????? ???????? ???????? ???

1. ?????????? ?????????????:

? "?? ????? ????????, ??????? ????????????"
? "?? ????? ?? ???????? ?????????"        

2. ????? ???????????:

def process_request():
    start_time = time.now()
    result = check_user()
    elapsed = time.now() - start_time
    if elapsed < MIN_TIME:
        sleep(MIN_TIME - elapsed)
    return result        

3. Rate Limiting:

@rate_limit(max_attempts=5, window=60)  # 5 ???????? ?????
def reset_password(email):
    # ????? ??????        


???????? ?????????????? ?????????? ??

1. ??????? ???????:

def handle_password_reset(email):
    # ???????? ?????? ????? ???????????
    return "?? ????? ????????, ??????? ???????????"        

2. ???????????:

def handle_login(username, password):
    # ???????? ???????? ??????
    return "???????? ???????????? ?? ??????"        

3. ???????????:

def handle_registration(email):
    # ?? ??????? ???????? ?? ??? ?????
    return "????????? ?????? ????? ??????? ?????????????"        


???????????? ????????? ??????????

  1. ?? ?????????? ?????????? ?????????????
  2. ?? ??????????? ??????? ???
  3. ?? ???????? ??????????? ??????
  4. ?? ???????? ???????? ????????
  5. ?? ??????????? ????????? ???????


???????????? ?????????

1. ????????????? ?????????????:

? "???????????? ?? ????????"
? "???????? ??????"
? "???????? ???????????? ?? ??????"        

2. ????? ???????????:

? ???????? ?????? ?? ???????? ????????????????
? ????????? ???????? ????????????????
? ??????????? ??? ????? ??????????        


???????

User Enumeration ???? ?????? ???????? - ??? ?????? ??????????? ???????, ??? ???? ????????? ???????. ????????:

  1. ?? ?? ?????? ??????? ??????????
  2. ?? ?????????? ?????? ?????????????
  3. ?? ????????? ????????? ??????????????
  4. ?? ???????? ??????????? ?????????

Giorgi Tcholadze

Senior Systems Engineer @ EPAM

1 周

???-???? ???????? ???? ??????????????, ??????? ???????? ????????? ??? ??????? link-??, ???????? token-?? ???? ???????????? ??????? ??????? ????????????. + rate limit ??????? ?? ???? ????????? ????? ????????? ????, ????????? ???? ?? ???? range 0000-9999 ??

回复

要查看或添加评论,请登录