Test Modlishka MFA Bypass

Open up a new private browsing window, then visit http://modlishka.docker/?rid=test0001. We’ll make up a fake rid value to help us track our progress.

Modlishka MFA Login Modlishka MFA Login

Lets go through the authentication flow. You can Modlishka seamlessly handles the redirects and the MFA authentication flow.

Modlishka MFA Prompt Modlishka MFA Prompt

So we are stuck at a loading screen. this is because we hit the terminate trigger URL while loading a page.

Modlishka Authentication Loading Modlishka Authentication Loading

If we refresh the page we’ll get redirected to our termination URL. Kind of jarring, but still acceptable.

Now that we’ve completed our login, lets check out the Modlishka data. Open http://modlishka.docker/livewell/, login with the credentials we configured (phisherman:phisherpass).

Modlishka Livewell Modlishka Livewell

Lets click View Cookies on our testing UUID.

Modlishka Livewell Authentication Cookie Modlishka Livewell Authentication Cookie

Now we can copy the value of the authentik_session cookie. Open http://auth.target.docker:9000 in a new private browsing window, and update the cookie value using developer tools.

Replace Session Cookie to Current Session Replace Session Cookie to Current Session

Once completed, visit the root URL again http://auth.target.docker:9000/

Phished Admin Session Phished Admin Session

We are now logged in as the target.