How Hackers hack any account using Authentication flaws - 1st


                                       Hello, buddies my last post was about Web Server Hacking through Command Injection and as you know Injection is most dangerous Web Application vulnerabilities and 2nd is Session Management and Authentication flaws (As per OWASP Top 10 Vulnerabilities 2013). So today we'll learn Authentication flaws.

What is Authentication Flaws ?

It is little tough to describe Authentication flaw. Developers frequently build custom authentication and session management schemes, but building these correctly is hard. As a result, these custom schemes frequently have flaws in areas such as logout, password management, timeouts, remember me, secret question, account update, etc. Finding such flaws can sometimes be difficult, as each implementation is unique. Such flaws may allow some or even all accounts to be attacked. Once successful, the attacker can do anything the victim could do. Privileged accounts are frequently targeted.

Finding an authentication flaw isn't easy you'll have to analyze HTTP data, How Web App works, Encoding, How it get validated and all you've to become clever hacker to find that, It's an art in itself.


Authentication Flaw Exploitation Tutorial
So today we'll learn simple Authentication vulnerability exploitation tutorial. It's pretty amazing, just follow the below steps.

Requirements :
Start OWASP-BWA Virtual Machine, Open Homepage and Click on WebGoat.NET. It is also one kind of penetration testing box for learners and beginners in Ethical Hacking and Security Researching.




You'll be redirected to Homepage Just Click on Setup Database blue button.

Now Navigate to : WebGoat Coins Customer Portal > Forgot Password


Click on Image to enlarge it

Here, you know all website which uses login forms, they have members accounts, password and ID database. Then definitely they have password recovery options in case you forgot your password, you can retrieve. But often, many web application have authentication flaws just you need to understand how it works and what type of security it uses. So Now, assume that you are hacker and WebGoat.NET is your target - assume this is popular social networking or business website and this contain Authentication flaw, you need to find it and exploit it. The flaw is in the forgot password that leave some security question answer in Base64 encoded text, you need to crack it and hack any users account.

Authentication flaws is little hard to find but very interesting you just have to understand web application logic and method they uses to authenticate users.

  • Back to tut guys! : Now you need to get email of any user, Just type any alphabet like a or m it will automatically suggest you an email. Choose any one for eg m using this email : sky@havelzbyszekco.com.

    Click on Image to enlarge it

  • Click on Proceed : and you'll get security question, now you've to find authentication flaw to hack security question.

    Click on Image to enlarge it

  • So m trap here, i can't get password until i provide right security question answer, Now my question is where Web application stores this security question answer to validate it, and how it works? lets capture this in Burp Suite and understand.
Commonly many web application leaves Security question answer in Source Code, Cookie, Parameters, etc it can be anywhere you've to use logic and your great mind to know where and how it works using logic, tools & Hackers mind.

  • Just type any bogus answer and click on recover password : And start analyzing parameters, source code, Cookies, and every content that passes between browser and web server. m using Burp Suite.

    Click on Image to enlarge it

  • Guys as you all know it is already vulnerable, so we don't need to find it - just start understanding above image : and you'll see one cookie named encr_sec_qu_ans= well, this contain Question answer.
  • As I told you web application uses many ways to validate users answer through cookie, source code or even parameters - so here the WebApp is using Base64 Encryption text in Cookie that validates users security question answers and gets validated. Fine! lets decode it :
  • Select the Base64 Encrypted text > Right click on it and Send to Decoder

    Click on Image to enlarge it

  • Well, now its simple just click on Decode as Base64

    Click on Image to enlarge it

  • Sounds Pretty cool! you'll get another Base64 Encryption, well mostly web app do this to protect data as much they can, so decode it again.

    Click on Image to enlarge it

  • Wow! so till now i hope you've understand what exactly is Authentication flaws, it is one kind of logic to understand web application and Hack it. So we got an answer, CALIFORNIA! - it is not necessary that every website uses same method to validates users security answer, may be they do but different encryption like MD5, SH11 SH-256, or any you just need to become clever hacker to understand.
  • We've successfully exploited Authentication flaw in WebGoat.NET, now back to browser and enter correct answer and click on recover password.
Click on Image to enlarge it

Well, this is only called Authentication flaw - now you can hack any users account without any social engineering. There are many such kind of flaw in web application just we need to understand how it works.


: If you want live Tutorial then Watch Below video of Complete Post :
Click here to view me on youtube : Full Screen mode


The word i repeated most was : Just Try to understand how web application work! - I hope you understand what i mean. To become clever hacker learn Programming, Networking, WebApp architecture, and logics. We've many kind of Ethical Hacking articles, Books, Tools, Post, Tricks, tutorials, & Online books like D Hacker Drive. 
Thank you for reading my post, do a share if you like it, as always feel free to comment and let me know your problem. Sharing is caring :)
#Copied :D
-
Share on Google Plus

About Unknown

Hey there I'm Shahid Ayan Khan The Founder Owner Of This Blog.I don't Mind Being Called A CEO.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment