Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2FA bypassing for bug bounties

Aditya Shende
September 26, 2020
Technology
6
2.7k

2FA bypassing for bug bounties

1. Background concept about 2FA bypass
-With advent of account takeovers, Companies like Google, Facebook have implemented this feature on various sensitive pages where an attacker could get or modify data of a user without his intent. This Authentication method improves the security posture & provides a secure access to users. Using two-factor authentication prevents hackers or attackers from compromising your account even if your account credentials are leaked publicly or bypasses.
2. Impact of 2fa bypass
-ticket system takeover, unauthorized email verification bypass, account
3. Types of 2fa bypass request and response manipulation.
-In this we need people who are known to burpsuite and lil bit logical mindset
4. Security mis-configuration
Session hijacking, Subdomain to domain bypass, missing and broken links, input validation

Aditya Shende

September 26, 2020
Tweet

More Decks by Aditya Shende

See All by Aditya Shende
Dependency Confusion
aditya45
2
1.9k
What_to_hunt_as_beginner....pdf
aditya45
5
3.7k
Account Takeover Methodologies
aditya45
5
1.8k
Hunting Headers for SSRF
aditya45
5
5.9k
Abusing functions for bug bounty
aditya45
6
5.1k
Github Recon and way to process
aditya45
5
3.6k
Approach to learn and time management for bug bounties
aditya45
3
2.6k
Bug Bounty Tips by Aditya Shende aka Kong
aditya45
5
5k

Other Decks in Technology

See All in Technology
GitHub Universe: Evaluating RAG apps in GitHub Actions
pamelafox
0
170
Product Engineer Night #6プロダクトエンジニアを育む仕組み・施策
hacomono
PRO
1
470
最速最小からはじめるデータプロダクト / Data Product MVP
amaotone
5
740
10分でわかるfreee エンジニア向け会社説明資料
freee
18
520k
[AWS JAPAN 生成AIハッカソン] Dialog の紹介
yoshimi0227
0
150
AIを駆使したゲーム開発戦略: 新設AI組織の取り組み / sge-ai-strategy
cyberagentdevelopers
PRO
1
130
AWS CodePipelineでコンテナアプリをデプロイした際に、古いイメージを自動で削除する
smt7174
1
100
初心者に Vue.js を 教えるには
tsukuha
5
390
omakaseしないための.rubocop.yml のつくりかた / How to Build Your .rubocop.yml to Avoid Omakase #kaigionrails
linkers_tech
3
740
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
MAMを軸とした動画ハンドリングにおけるAI活用前提の整備と次世代ビジョン / abema-ai-mam
cyberagentdevelopers
PRO
1
110
独自ツール開発でスタジオ撮影をDX!「VLS(Virtual LED Studio)」 / dx-studio-vls
cyberagentdevelopers
PRO
1
180

Featured

See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Faster Mobile Websites
deanohume
304
30k
Making Projects Easy
brettharned
115
5.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Optimizing for Happiness
mojombo
376
69k
The Invisible Side of Design
smashingmag
297
50k
Six Lessons from altMBA
skipperchong
26
3.5k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k

Transcript

  1. MFA and misconfiguration 2FA Bypass

  2. WHO AM I ? -PENTRARTION TESTER -BUG BOUNTY HUNTER -ADMIN

    OF KONG CYBER SECURITES

  3. 2 FACTOR AUTHENTICATION IS METHOD OF UTILIZING A HANDHELD DEVICE

    AS AN AUTHENTICATOR FOR ONLINE PORTALS What is 2FA ?

  4. SESSION MANAGEMENT Methods to bypass 2FA REQUEST MANIPULATION RESPONSE MANIPULATION

  5. None

  6. REQUIREMENTS Chrome browser, Cookie Editor P Sub-domain to domain bypass

  7. SITE.COM HAVE 2FA ENABLED BUT NOT VULNERABLE FOR SESSION ISSUE

    1. 2. SUB.SITE.COM IS VULNERABLE FOR SESSION ISSUE 3.EXPORT THE COOKIES FOR SUB.SITE.COM AFTER LOGIN 4. IMPORT COOKIES OF SUB.SITE.COM AND 5. CHANGE THE VALUE OF SUB.SITE.COM TO SITE.COM TO ABUSE MAIN DOMAIN

  8. Refresh page !!!

  9. BURPSUITE & FIREFOX IS YOUR FRIEND Request manipulation CAPTURE REQUEST

    WHERE WE GET OTP FROM SERVER OBSERVE REQUEST AND MODIFY IT
  10. None
  11. None

  12. REGISTER WITH VALID ACCOUNT TO GET VALID RESPONSE , USE

    ANY TEST ACCOUNT GO TO BURPSUITE> DO INTERCEPT >RESPONSE TO THIS REQUEST COPY OLD RESPONSE WHICH IS VALID WHICH WE GENRATED FOR TEST ACCOUNT Response manipulation to desk hacking (2FA) CAPTURE REQUEST AFTER PUTTING OTP
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None

  19. I WAS ABLE TO SIGN IS AS THEIR SECURITY MAIL

    ABLE TO VIEW ALL BUG REPORTS AND REPLY TOO This is how bypass works and leads to giant problem

  20. Thank you -Aditya Shende