Defcon 18: How I met your girlfriend | The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.

By YGN Ethical Hacker Group -
How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend.














Lessons learnt:


Samy did an excellent presentation on how he carried out.

  • PHP session hijacking via smart bruteforce guessing of PHP session cookies through the analysis of PHP source code
  • Cross Protocol Scripting, XPS, (Fooling browser into thinking a malicious web site connects to HTTP servers which in fact connects to arbitrary to SMTP/IRC, whatever an attacker ask it to). A DCC, http://en.wikipedia.org/wiki/Direct_Client-to-Client, (DCC CHAT <protocol> <ip> <port>) trick was used in POST data.
  • NAT Pinning through XPS (XPS makes browser think victim connecting to another HTTP server and nat-ed/firewall routers think user connecting to IRC server [which makes routers to allow connections from that IRC server connect-back attempt] )
  • Using image onerror techniques to identify user routers
  • Once identified, attempting to login user router using default username and password via Iframe
  • Once logged-in, attempting to get router MAC address via XSS flaw in user's router
  • Once got MAC address, identify user location via Google Location Services (http://samy.pl/mapxss/)

Comments

Post a Comment

Popular posts from this blog

Bypassing referrer check with no script involved

By YGN Ethical Hacker Group -
No more to use scripting approach like https://github.com/knu/noreferrer This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header: <meta name="referrer" content="no-referrer"> https://caniuse.com/#feat=referrer-policy
Read more

Jumping out of Touch Screen Kiosks

By YGN Ethical Hacker Group -
Image
Background: Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.   Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs. Weakness: Jumping out We cannot use  iKat  at first as we do not have access to any keyboard facility. However, the trick is no-brainer. Do long press on any locations and relieve.  You should see the usual Flash context menu like: Touch "Global Settings".  A web browser window will pop up and redirect to the Adobe ...
Read more