In part 6 of Web Application Security 101 we will look into vulnerabilities effecting the authentication system. You will learn about password bruteforce attacks, cracking captures, bypassing the login system and more.
Breaking through the front door.
Types Of Authentication
Standard: Basic, Digest, HTLM.
Custom: Login Forms, APIs, OpenID, OAuth, etc.
Types Of Vulnerabilities
Password Reset Abuse
Denial Of Service (DoS)
Username enumeration via error messages.
Usernames are public information: e.g. sharepoint.
Usernames can be guessed: e.g. firstname.lastname.
Available in product manuals and online.
Guessing attacks by combining org name, etc.
Install the product to check for hidden accounts.
Trying various username/password combinations.
Changing between horizontal and vertical bruteforce.
The number of incorrect attempts allowed before locking the account.
When accounts can be locked indefinitely this means Denial of Service.
The application needs to employ captchas plus temporary account lockouts
Accounts may not be case sensitive at all.
This increases the chances of successful bruteforce.
Password Reset Abuse
Depending how it is implemented it may be used for account hijack attacks
Probably vulnerable if relays on security questions as they are easy to guess
Hacking Webmail 101
An exercise of how well you know the victim.
Business logic flaws.
Typical in some home rounters.
Works like this: a, b(skipping), c.
Typical attacks like ' or 1=1--.
SELECT username,password WHERE username='' or 1=1--' AND PASSWORD=''
Business Logic Flaws
Any logic flow that can be used to bypass the login.
Works by attacking the network layer.
tcpdump -A -i en1
tcpflow -i en1
Require ARP poisoning, DNS hijacking and other low-level network attacks.
Denial Of Services (DoS)
Works by locking out all accounts.
Most effective if there is no automated account unlock process.
There are many ways to authenticated.
Some methods are typically weaker than others.
Some applications support more than one ways to authenticate.
There are many types of attack like bruteforce, bypass, MITM and DoS.