Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Account Takeover Methodologies

Aditya Shende
May 29, 2021
Technology
5
1.8k

Account Takeover Methodologies

Type of vulnerability that allows an attacker to gain an unauthorized and full control of the victim’s account without any need of credentials by exploiting the authentication flaw existing in the application.

Will look more into it

Aditya Shende

May 29, 2021
Tweet

More Decks by Aditya Shende

See All by Aditya Shende
Dependency Confusion
aditya45
2
1.9k
What_to_hunt_as_beginner....pdf
aditya45
5
3.7k
Hunting Headers for SSRF
aditya45
5
5.9k
Abusing functions for bug bounty
aditya45
6
5.1k
Github Recon and way to process
aditya45
5
3.6k
2FA bypassing for bug bounties
aditya45
6
2.7k
Approach to learn and time management for bug bounties
aditya45
3
2.6k
Bug Bounty Tips by Aditya Shende aka Kong
aditya45
5
5k

Other Decks in Technology

See All in Technology
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
120
MAMを軸とした動画ハンドリングにおけるAI活用前提の整備と次世代ビジョン / abema-ai-mam
cyberagentdevelopers
PRO
1
110
[JAWS-UG金沢支部×コンテナ支部合同企画]コンテナとは何か
furuton
3
250
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
630
ガバメントクラウド単独利用方式におけるIaC活用
techniczna
3
270
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
290k
マネジメント視点でのre:Invent参加 ~もしCEOがre:Inventに行ったら~
kojiasai
0
470
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
IaC運用を楽にするためにCDK Pipelinesを導入したけど、思い通りにいかなかった話
smt7174
1
110
物価高なラスベガスでの過ごし方
zakky
0
380

Featured

See All Featured
Bash Introduction
62gerente
608
210k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Building an army of robots
kneath
302
42k
How to Ace a Technical Interview
jacobian
275
23k
Become a Pro
speakerdeck
PRO
24
5k
Writing Fast Ruby
sferik
626
61k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k

Transcript

  1. ACCOUNT HIJACKING METHODOLOGIES ADITYA SHENDE

  2. Indian Bounty Hunter: Bugcrowd Biker Agri10x Red Team Ops WHOAMI

  3. Account Takeover ? This is a sort of vulnerability that

    allows an attacker to take full control of a victim's account without requiring any passwords by exploiting an authentication fault in the application.

  4. Methods or Test Cases Recent Finding: Host Manipulation Parameter Pollution

    Password Reset Poisoning IDOR to reset password of any user 1. 2. 3. 4.

  5. 1G 2G 3G 4G 5G Understand mechanism of reset function

    Analyse reset link In request try to add hosts with headers Analyse Response Tamper response if needed 1 2 3 4 5 Host Manipulation
  6. None
  7. None

  8. Parameter Pollution HTTP Parameter Pollution, as implied by the name,

    pollutes the HTTP parameters of a web application in order to perform or achieve a specific malicious task Example: Reset password or Send OTP While sending OTP or reset link there are params like ph_no , email_id ph_no=1234567890&ph_no=0000124563 [email protected]&[email protected] 1. 2. 3.
  9. None

  10. Password Reset Poisoning Application usually generate a secret token by

    using host header functionality. To create the password reset link they use domains mentioned in the host header and append it with the password reset token.

  11. POST /passwords/forgot HTTP/1.1 Host: dashboard.target.com X-Forwarded-Host: burplink.net User-Agent: Mozilla/5.0 (Windows

    NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9 ,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate C
  12. None

  13. Request Reset Link Open Link Capture password change request Tamper

    it Smart attack = $$$$ IDOR to reset password of any user

  14. {“email”:”[email protected]”,”password”:”new_passwd”,”confirmPassword ”:”new_passwd”} there is a changable parameter which is email,

    therefore the attacker proceeds to edit the parameters in the following way: {“email”:”[email protected]”,”password”:”new_passwd”,”confirmPassword”: ”new_passwd”} The attacker has changed the parameter email by just changing the attacker’s email by the victim’s email.
  15. None
  16. None