Recent
events of stolen pictures from celebrities account once again triggered the
authentication security bypass issue using “brute-force attack” on password
field.
As per Owasp
Definition
“A brute force attack can manifest itself in
many different ways, but primarily consists in an attacker configuring
predetermined values, making requests to a server using those values, and then analysing
the response. For the sake of efficiency, an attacker may use a dictionary
attack (with or without mutations) or a traditional brute-force attack (with
given classes of characters e.g.: alphanumerical, special, case (in) sensitive).
Considering a given method, number of tries, efficiency of the system which conducts
the attack, and estimated efficiency of the system which is attacked the
attacker is able to calculate approximately how long it will take to submit all
chosen predetermined values.” “
Why such attacks?
Brute-force
attacks are often used for attacking authentication and discovering hidden
content/pages within a web application/application
To bypass
the authentication policy implemented by site using the brute force attack is
all about, an attack on a username, and password to checks all possible
combinations until the correct one is found.
However a successful attempt in brute forcing can
give a malicious user could have access to:
·
Confidential information / data
·
Administration panels
·
Availability of further attack vectors
So question is how to test for such vulnerability?
To carryout test at different section
1. First is to identify the entry
point, like where we can begin, and what kind of authentication mechanism/pattern
are involved there.
2. Is there a mechanism installed to thwart such attacks, if it what
is its logic
After
enumeration the application for the above two points you will be in position to
decide that whether your test on the point will go valid or you should look for
something else
Real Attack scenario
During one of my testing
on a private site (Sorry!!Name can’t be disclosed), there was form which I found in my enumeration was vulnerable to brute force attack, when I carried my
testing on injection point ,to my surprise I was able to dump all the sensitive information of
users of the website
1. Phone
number
2. Email id etc
etc….
(Sorry due
to privacy I have hidden most of the information and depicted a portion of
those)
The above screen-shot was just given for a
glimpse that what we can do with this kind attacks. Though it will be worth
mentioning here that such attacks doesn’t yield same type result every time,
rather it varies.
Now let me feed you an exercise link over here,
with which you can understand how brute force attacks works.
Exercise
link:-
Solution link:-
0 comments:
Post a Comment