Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Account Takeover Methodologies

Account Takeover Methodologies

Type of vulnerability that allows an attacker to gain an unauthorized and full control of the victim’s account without any need of credentials by exploiting the authentication flaw existing in the application.

Will look more into it

Aditya Shende

May 29, 2021
Tweet

More Decks by Aditya Shende

Other Decks in Technology

Transcript

  1. Account Takeover ? This is a sort of vulnerability that

    allows an attacker to take full control of a victim's account without requiring any passwords by exploiting an authentication fault in the application.
  2. Methods or Test Cases Recent Finding: Host Manipulation Parameter Pollution

    Password Reset Poisoning IDOR to reset password of any user 1. 2. 3. 4.
  3. 1G 2G 3G 4G 5G Understand mechanism of reset function

    Analyse reset link In request try to add hosts with headers Analyse Response Tamper response if needed 1 2 3 4 5 Host Manipulation
  4. Parameter Pollution HTTP Parameter Pollution, as implied by the name,

    pollutes the HTTP parameters of a web application in order to perform or achieve a specific malicious task Example: Reset password or Send OTP While sending OTP or reset link there are params like ph_no , email_id ph_no=1234567890&ph_no=0000124563 [email protected]&[email protected] 1. 2. 3.
  5. Password Reset Poisoning Application usually generate a secret token by

    using host header functionality. To create the password reset link they use domains mentioned in the host header and append it with the password reset token.
  6. POST /passwords/forgot HTTP/1.1 Host: dashboard.target.com X-Forwarded-Host: burplink.net User-Agent: Mozilla/5.0 (Windows

    NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9 ,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate C
  7. Request Reset Link Open Link Capture password change request Tamper

    it Smart attack = $$$$ IDOR to reset password of any user
  8. {“email”:”[email protected]”,”password”:”new_passwd”,”confirmPassword ”:”new_passwd”} there is a changable parameter which is email,

    therefore the attacker proceeds to edit the parameters in the following way: {“email”:”[email protected]”,”password”:”new_passwd”,”confirmPassword”: ”new_passwd”} The attacker has changed the parameter email by just changing the attacker’s email by the victim’s email.