Application Exploits, Part II
AUTHENTICATION EXPLOITS
- Credential brute forcing
- Offline cracking(Hydra)
- Session hijacking
- Intercepting and using a session token(generally) to take over a valid distributed (web) session
- Redirect
- Sending the user to a different site from what they expected (phishing)
- Default credentials
- Out of the box artifacts (you have to clean these up!)
- Weak credentials
- This is why password cracking works
- Kerberos exploits
- Forged tickets to allow unauthorized access to resources
AUTHORIZATION
- Parameter pollution
- Providing custom input parameters to alter service/API operation
- Insecure direct object reference
- Programming mistake that can allow an attacker to bypass access controls and access resources or data
QUICK REVIEW
- Authentication attacks include credential brute forcing, session hijacking, redirecting, and forged Kerberos tickets
- If you can acquire valid authentication credentials, you have access to lots of data
- Authorization attacks include parameter pollution and insecure direct object reference