How Hackers Hack Any Account Using Authenticaion Flaw - 2nd Part

                         Hello, folks! after a short break i'm back with an interesting post, How Hackers Hack any account using Authentication Flaws - 2. You might had read my previous 1st part on Authentication Flaws, it is amazing article for beginners who wants to learn basic about Authentication Flaws. So today we'll learn second method of Authentication, well there are many methods lets explore this Basic one.

Requirements :

• OWASP-BWA Pentest lab or WebGoat
• Strongly recommend you to read my previous article
• Burp Suite
• Brain, Understanding and Little knowledge of Web Architecture

Short Description and Explanation : I'd already gave all explanation of Authentication flaws in previous post, today we'll learn another method of Authentication Flaw. As from the beginning i m telling finding authentication flaw in website is little harder, researcher or hacker need to understand how web application, server, and other protocols are communicating with each others, Always remember that HTTP is stateless protocol it is like artificial intelligence it works same as developer programmed it. If you've good knowledge of Web technology, Application, Programming and hacking so you can understand how it is working & then you'll be able to find it's vulnerable point & Exploit it.


Multi Level Login Authentication Flaw Exploitation :

• Start WebGoat Click on Authentication Flaws > Multi-Level Login 2
  Click on Image to Enlarge it
  
  
  
• You can see that red highlighted text : It is explanation of this flaw read it properly it is important, and Go on next step.

So, assume that you're an attacker and you've an active account on WebGoat website with the username : Joe and Password : banana but your main target is to get into Jane's account without her knowledge, so you've to find that flaw and exploit it to get into her account. So let's do it. First of all lets understand how the server authenticating users and allowing them to access private information, Remember Tokens : (#TAN) is mostly in all websites but in different methods and logic.

• Start Burp Suite : Setup Proxy connection between client (Browser) and server so you can easily intersect any request sent from client.
• Back to WebGoat : Type Username and password and Hit Submit.
  
  
  
• Analyze every request and response from Client and Server, and look for something that looks little suspicious. (Just for your knowledge)
  Click on Image to Enlarge it
  

  (Intercepting Client's request in Burp)
  
• There you can clearly see application is using Post based form and by analyzing that we didn't got anything pretty interesting because its simple Post Based Form, i thought may be it is vulnerable to SQL injection but it's Authentication Flaw tutorial. Lets Look at server response message.
  Click on Image to Enlarge it
  
  
  
• Same here nothing pretty interesting, it just leaked server information which is really very useful and juicy information for hackers to find more vulnerabilities components in Web Server. This is also called Fingerprinting victim OS.
• Go back to browser and you'll see it is asking for Token (TAN). It says enter TAN #1 so here TAN 1 is 15161, lets do this also and analyze the application working method to get vulnerable point.
  
  
  
• Let's look at request we intercepted into Burp Suite and here is only vulnerable point, please guys try to understand little from yourself also - don't only depend upon tutorial. Try to understand how it is validating and how server knows which user has to be logged in.
  Click on Image to enlarge it
  
  
  
• Go Back to browser and see it allowed you to access your private information such as credit card info and number.
  Click on Image to enlarge it
  
• Wow! now the question is how Server got to know i should allow this client to access Joe information, once again look back into second request you intercepted into Burp Suite. (That TAN Request)
  
  Click on Image to enlarge it
  
  
  
• Cool, please check above image properly and read that 3 lines properly to understand The Vulnerable point of this application.
• Now the question is : How does Server knows which user has to be logged in ? .. Come-on lets change username value from Joe to Jane in TAN request. Again you've to go back to Multi-Level login and login with Joe Username and password, when it comes to TAN - enter TAN and capture request in Burp Suite and Change username Joe to Jane (You can also use Burp Suite Repeater to repeat same request) and Server will get confused with this request and you'll easily allowed to access Jane confidential data and information.
  Click on Image to enlarge it
  
  
  
• Send that request and check response in Web Browser, you'll be in Jane's account without any password or Social engineering you hacked Jane's account, this is called Multi-Level login Authentication Flaw.
  
  
  

Every Web Application works in their own logic and method just you need to understand that how Web Application and Server is validating the user and allowing them to access private information. Here developers left great flaw in Validating users, if they'd used password over TAN verification also then there would no authentication flaw because we don't know Jane's password, but mostly web developers don't connect their database to every application in fear of SQL Injection or any other Attack.

If still you're not able to understand this Tutorial you can watch out Video Tutorial with simple explanation

Click on below image to watch it on Youtube

Thank you for reading my post, if you've got any doubt please free to comment and let me know your problem. If you liked it please share it and increase us. - 

#Copied

Share on Google Plus

About Unknown

Hey there I'm Shahid Ayan Khan The Founder Owner Of This Blog.I don't Mind Being Called A CEO.