2FA bypassing for bug bounties

September 26, 2020

2.7k

2FA bypassing for bug bounties

1. Background concept about 2FA bypass
-With advent of account takeovers, Companies like Google, Facebook have implemented this feature on various sensitive pages where an attacker could get or modify data of a user without his intent. This Authentication method improves the security posture & provides a secure access to users. Using two-factor authentication prevents hackers or attackers from compromising your account even if your account credentials are leaked publicly or bypasses.
2. Impact of 2fa bypass
-ticket system takeover, unauthorized email verification bypass, account
3. Types of 2fa bypass request and response manipulation.
-In this we need people who are known to burpsuite and lil bit logical mindset
4. Security mis-configuration
Session hijacking, Subdomain to domain bypass, missing and broken links, input validation

Aditya Shende

September 26, 2020

Tweet

More Decks by Aditya Shende

See All by Aditya Shende

Dependency Confusion

2

1.9k

What_to_hunt_as_beginner....pdf

5

3.7k

Account Takeover Methodologies

5

1.8k

Hunting Headers for SSRF

5

5.9k

Abusing functions for bug bounty

6

5.1k

Github Recon and way to process

5

3.6k

Approach to learn and time management for bug bounties

3

2.6k

Bug Bounty Tips by Aditya Shende aka Kong

5

5k

Other Decks in Technology

See All in Technology

なぜ今 AI Agent なのか _近藤憲児

4

1.4k

強いチームと開発生産性

34

11k

VideoMamba: State Space Model for Efficient Video Understanding

0

190

Taming you application's environments

0

180

Evangelismo técnico: ¿qué, cómo y por qué?

0

360

Why does continuous profiling matter to developers? #appdevelopercon

0

190

OCI 運用監視サービス概要

oracle4engineer

0

4.8k

障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2

5

470

Making your applications cross-environment - OSCG 2024 NA

0

180

Platform Engineering for Software Developers and Architects

1

520

Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP

0

370

SREによる隣接領域への越境とその先の信頼性

shonansurvivors

2

520

Featured

See All Featured

98

6.7k

Let's Do A Bunch of Simple Stuff to Make Websites Faster

506

140k

The MySQL Ecosystem @ GitHub 2015

250

12k

It's Worth the Effort

183

27k

181

16k

The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024

16

2.1k

452

42k

What’s in a name? Adding method to the madness

productmarketing

22

3.1k

Practical Orchestrator

186

10k

Learning to Love Humans: Emotional Interface Design

273

40k

Rebuilding a faster, lazier Slack

79

8.7k

Adopting Sorbet at Scale

73

9.1k

Transcript

MFA and misconfiguration 2FA Bypass
WHO AM I ? -PENTRARTION TESTER -BUG BOUNTY HUNTER -ADMIN
OF KONG CYBER SECURITES
2 FACTOR AUTHENTICATION IS METHOD OF UTILIZING A HANDHELD DEVICE
AS AN AUTHENTICATOR FOR ONLINE PORTALS What is 2FA ?
SESSION MANAGEMENT Methods to bypass 2FA REQUEST MANIPULATION RESPONSE MANIPULATION
None
REQUIREMENTS Chrome browser, Cookie Editor P Sub-domain to domain bypass
SITE.COM HAVE 2FA ENABLED BUT NOT VULNERABLE FOR SESSION ISSUE
1. 2. SUB.SITE.COM IS VULNERABLE FOR SESSION ISSUE 3.EXPORT THE COOKIES FOR SUB.SITE.COM AFTER LOGIN 4. IMPORT COOKIES OF SUB.SITE.COM AND 5. CHANGE THE VALUE OF SUB.SITE.COM TO SITE.COM TO ABUSE MAIN DOMAIN
Refresh page !!!
BURPSUITE & FIREFOX IS YOUR FRIEND Request manipulation CAPTURE REQUEST
WHERE WE GET OTP FROM SERVER OBSERVE REQUEST AND MODIFY IT
None
None
REGISTER WITH VALID ACCOUNT TO GET VALID RESPONSE , USE
ANY TEST ACCOUNT GO TO BURPSUITE> DO INTERCEPT >RESPONSE TO THIS REQUEST COPY OLD RESPONSE WHICH IS VALID WHICH WE GENRATED FOR TEST ACCOUNT Response manipulation to desk hacking (2FA) CAPTURE REQUEST AFTER PUTTING OTP
None
None
None
None
None
None
I WAS ABLE TO SIGN IS AS THEIR SECURITY MAIL
ABLE TO VIEW ALL BUG REPORTS AND REPLY TOO This is how bypass works and leads to giant problem
Thank you -Aditya Shende