Application Exploits, Part II

AUTHENTICATION EXPLOITS

• Credential brute forcing
  • Offline cracking(Hydra)
• Session hijacking
  • Intercepting and using a session token(generally) to take over a valid distributed (web) session
• Redirect
  • Sending the user to a different site from what they expected (phishing)
• Default credentials
  • Out of the box artifacts (you have to clean these up!)
• Weak credentials
  • This is why password cracking works
• Kerberos exploits
  • Forged tickets to allow unauthorized access to resources

AUTHORIZATION

• Parameter pollution
  • Providing custom input parameters to alter service/API operation
• Insecure direct object reference
  • Programming mistake that can allow an attacker to bypass access controls and access resources or data

QUICK REVIEW

• Authentication attacks include credential brute forcing, session hijacking, redirecting, and forged Kerberos tickets
• If you can acquire valid authentication credentials, you have access to lots of data
• Authorization attacks include parameter pollution and insecure direct object reference

Penetration Test - Select Your Attacks(9)