How Hackers Hack Any Account Using Authenticaion Flaw - 2 Hello, after a short break im back with an interesting post, How Hackers Hack any account using Authentication Flaws - 2. You might had read my previous 1st part on Authentication Flaws, it is amazing article for beginners who wants to learn basic about Authentication Flaws. So today well learn second method of Authentication, well there are many methods lets explore this Basic one. Requirements : • OWASP-BWA Pentest lab or WebGoat • Strongly recommend you to read my previous article • Burp Suite • Brain, Understanding and Little knowledge of Web Architecture , today well learn another method of Authentication Flaw. As from the beginning i m telling finding authentication flaw in website is little harder, researcher or hacker need to understand how web application, server, and other protocols are communicating with each others, Always remember that HTTP is stateless protocol it is like artificial intelligence it works same as developer programmed it. If youve good knowledge of Web technology, Application, Programming and hacking so you can understand how it is working & then youll be able to find its vulnerable point & Exploit it. Multi Level Login Authentication Flaw Exploitation : • Start WebGoat Click on Authentication Flaws > Multi-Level Login 2 • You can see that red highlighted text : It is explanation of this flaw read it properly it is important, and Go on next step. So, assume that youre an attacker and youve an active account on WebGoat website with the username : Joe and Password : banana but your main target is to get into Janes account without her knowledge, so youve to find that flaw and exploit it to get into her account. So lets do it. First of all lets understand how the server authenticating users and allowing them to access private information, Remember Tokens : (#TAN) is mostly in all websites but in different methods and logic. • Start Burp Suite : Setup Proxy connection between client (Browser) and server so you can easily intersect any request sent from client. • Back to WebGoat : Type Username and password and Hit Submit. • Analyze every request and response from Client and Server, and look for something that looks little suspicious. (Just for your knowledge) (Intercepting Clients request in Burp) • There you can clearly see application is using Post based form and by analyzing that we didnt got anything pretty interesting because its simple Post Based Form, i thought may be it is vulnerable to SQL injection but its Authentication Flaw tutorial. Lets Look at server response message. • Same here nothing pretty interesting, it just leaked server information which is really very useful and juicy information for hackers to find more vulnerabilities components in Web Server. This is also called Fingerprinting victim OS. • Go back to browser and youll see it is asking for Token (TAN). It says enter TAN #1 so here TAN 1 is 15161, lets do this also and analyze the application working method to get vulnerable point. • Lets look at request we intercepted into Burp Suite and here is only vulnerable point, please guys try to understand little from yourself also - dont only depend upon tutorial. Try to understand how it is validating and how server knows which user has to be logged in. • Go Back to browser and see it allowed you to access your private information such as credit card info and number. • Wow! now the question is how Server got to know i should allow this client to access Joe information, once again look back into second request you intercepted into Burp Suite. (That TAN Request) • Cool, please check above image properly and read that 3 lines properly to understand The Vulnerable point of this application. • Now the question is : How does Server knows which user has to be logged in ? .. Come-on lets change username value from Joe to Jane in TAN request. Again youve to go back to Multi-Level login and login with Joe Username and password, when it comes to TAN - enter TAN and capture request in Burp Suite and Change username Joe to Jane (You can also use Burp Suite Repeater to repeat same request) and Server will get confused with this request and youll easily allowed to access Jane confidential data and information. • Send that request and check response in Web Browser, youll be in Janes account without any password or Social engineering you hacked Janes account, this is called Multi-Level login Authentication Flaw. Every Web Application works in their own logic and method just you need to understand that how Web Application and Server is validating the user and allowing them to access private information. Here developers left great flaw in Validating users, if theyd used password over TAN verification also then there would no authentication flaw because we dont know Janes password, but mostly web developers dont connect their database to every application in fear of SQL Injection or any other Attack. Thank you for reading my post, if youve got any doubt please free to comment and let me know your problem. If you liked it please share it and increase us.
Posted on: Sun, 06 Jul 2014 15:05:33 +0000
Trending Topics
Recently Viewed Topics
© 2015