Hello, buddies my last post was about Web Server Hacking through Command Injection and as you know Injection is most dangerous Web Application vulnerabilities and 2nd is Session Management and Authentication flaws (As per OWASP Top 10 Vulnerabilities 2013). So today we'll learn Authentication flaws.
What is Authentication Flaws ?
It is little tough to describe Authentication flaw. Developers frequently build custom authentication and session management schemes, but building these correctly is hard. As a result, these custom schemes frequently have flaws in areas such as logout, password management, timeouts, remember me, secret question, account update, etc. Finding such flaws can sometimes be difficult, as each implementation is unique. Such flaws may allow some or even all accounts to be attacked. Once successful, the attacker can do anything the victim could do. Privileged accounts are frequently targeted.
Finding an authentication flaw isn't easy you'll have to analyze HTTP data, How Web App works, Encoding, How it get validated and all you've to become clever hacker to find that, It's an art in itself.
Authentication Flaw Exploitation Tutorial
So today we'll learn simple Authentication vulnerability exploitation tutorial. It's pretty amazing, just follow the below steps.
Requirements :
Start OWASP-BWA Virtual Machine, Open Homepage and Click on WebGoat.NET. It is also one kind of penetration testing box for learners and beginners in Ethical Hacking and Security Researching.
Now Navigate to : WebGoat Coins Customer Portal > Forgot Password
Here,
you know all website which uses login forms, they have members
accounts, password and ID database. Then definitely they have password
recovery options in case you forgot your password, you can retrieve. But
often, many web application have authentication flaws just you need to
understand how it works and what type of security it uses. So Now,
assume that you are hacker and WebGoat.NET is your target - assume this
is popular social networking or business website and this contain
Authentication flaw, you need to find it and exploit it. The flaw is in
the forgot password that leave some security question answer in Base64
encoded text, you need to crack it and hack any users account.
Now Navigate to : WebGoat Coins Customer Portal > Forgot Password
Click on Image to enlarge it
Authentication
flaws is little hard to find but very interesting you just have to
understand web application logic and method they uses to authenticate
users.
- Back to tut guys! : Now you need to get email of any user, Just type any alphabet like a or m it will automatically suggest you an email. Choose any one for eg m using this email : sky@havelzbyszekco.com.Click on Image to enlarge it
- Click on Proceed : and you'll get security question, now you've to find authentication flaw to hack security question.Click on Image to enlarge it
- So m trap here, i can't get password until i provide right security question answer, Now my question is where Web application stores this security question answer to validate it, and how it works? lets capture this in Burp Suite and understand.
Commonly
many web application leaves Security question answer in Source Code,
Cookie, Parameters, etc it can be anywhere you've to use logic and your
great mind to know where and how it works using logic, tools &
Hackers mind.
- Just
type any bogus answer and click on recover password : And start
analyzing parameters, source code, Cookies, and every content that
passes between browser and web server. m using Burp Suite.Click on Image to enlarge it
- Guys as you all know it is already vulnerable, so we don't need to find it - just start understanding above image : and you'll see one cookie named encr_sec_qu_ans= well, this contain Question answer.
- As
I told you web application uses many ways to validate users answer
through cookie, source code or even parameters - so here the WebApp is
using Base64 Encryption text in Cookie that validates users security
question answers and gets validated. Fine! lets decode it :
- Select the Base64 Encrypted text > Right click on it and Send to DecoderClick on Image to enlarge it
- Well, now its simple just click on Decode as Base64Click on Image to enlarge it
- Sounds
Pretty cool! you'll get another Base64 Encryption, well mostly web app
do this to protect data as much they can, so decode it again.Click on Image to enlarge it
- Wow! so till now i hope you've understand what exactly is Authentication flaws, it is one kind of logic to understand web application and Hack it. So we got an answer, CALIFORNIA! - it is not necessary that every website uses same method to validates users security answer, may be they do but different encryption like MD5, SH11 SH-256, or any you just need to become clever hacker to understand.
- We've successfully exploited Authentication flaw in WebGoat.NET, now back to browser and enter correct answer and click on recover password.
Click on Image to enlarge it
Well,
this is only called Authentication flaw - now you can hack any users
account without any social engineering. There are many such kind of flaw
in web application just we need to understand how it works.
: If you want live Tutorial then Watch Below video of Complete Post :
Click here to view me on youtube : Full Screen mode
Click here to view me on youtube : Full Screen mode
The word i repeated most was : Just Try to understand how web application work! -
I hope you understand what i mean. To become clever hacker learn
Programming, Networking, WebApp architecture, and logics. We've many
kind of Ethical Hacking articles, Books, Tools, Post, Tricks, tutorials,
& Online books like D Hacker Drive.
Thank
you for reading my post, do a share if you like it, as always feel free
to comment and let me know your problem. Sharing is caring :)
#Copied :D
0 comments:
Post a Comment