Defcon 18: How I met your girlfriend | The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.

How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.














Lessons learnt:


Samy did an excellent presentation on how he carried out.

  • PHP session hijacking via smart bruteforce guessing of PHP session cookies through the analysis of PHP source code
  • Cross Protocol Scripting, XPS, (Fooling browser into thinking a malicious web site connects to HTTP servers which in fact connects to arbitrary to SMTP/IRC, whatever an attacker ask it to). A DCC, http://en.wikipedia.org/wiki/Direct_Client-to-Client, (DCC CHAT <protocol> <ip> <port>) trick was used in POST data.
  • NAT Pinning through XPS (XPS makes browser think victim connecting to another HTTP server and nat-ed/firewall routers think user connecting to IRC server [which makes routers to allow connections from that IRC server connect-back attempt] )
  • Using image onerror techniques to identify user routers
  • Once identified, attempting to login user router using default username and password via Iframe
  • Once logged-in, attempting to get router MAC address via XSS flaw in user's router
  • Once got MAC address, identify user location via Google Location Services (http://samy.pl/mapxss/)

Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting