Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Click Session Hijacking. Show all posts

Clickjacking Vulnerability found in Linkedin leads to account Deletion



 LinkedIn Vulnerable to User Account Delete using Click jacking, found by Asish

This Vulnerability is accepted by LinkedIn they are in a process to patched it but not yet patched. The hack use the Linkedin account deletion page itself.




Vulnerability Information:
  • Vulnerability Type: ClickJacking
  • Found By: Asish
  • Status: UnFixed
  • Alert Level: Critical
  • Website: http://linkedin.com

Default Account Closing page provided by Linkedin:
This exploit use the default Account Closing page.
User can close his account from LinkedIn by visiting the following page
https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1

Once he click continue user have to click on verify account to close


And Final Step


Exploit:ClickJacking Vulnerability


To exploit this Asish have created a fake page with a small game. This page has an invisible iframe which renders remove close account page. The correct answer, in this case ‘82’, is placed over the Continue and Verify account from vulnerable page & ‘Submit’ on Close Account.

Once user submit the right answer his account will be removed from LinkedIn

Are you curious to play this Game?

The document is available here(Password: 8nj98F4h9AW)

DroidSheep ~ one-click session hijacking using your android smartphone

What is this about?
If you know Firesheep or Faceniff, you probably know what this is about – one-click session hijacking using your android smartphone or tablet computer.

If you do not know one of these tools, I’ll try to explain what DroidSheep is.

Maybe you know Bob. Bob is a wellknown person and Bob loves coffee. Every morning, he takes his laptop and visits one the famous green coffee bars, has a “grande vanilla latte” and writes messages to his facebook friends. For doing that, Bob uses the coffee bars WiFi – because it´s free and fast.

One Morning, Bob is just writing a message to his girlfriend, Eve enters the coffee bar. Eve has an Android phone and Eve uses DroidSheep. After ordering a “venti caramel macchiato”, Eve sits down, takes her phone and starts browsing facebook. Using Bobs identity. She can watch at his friends. Read his messages. Write messages. Write wall posts. Remove friends. Delete Bobs account. Without getting ever in touch with Bob.


What happened?

When Bob is using the WiFi, his laptop sends all the data intended to be received by facebook, over the air to the coffee bars wireless router. As “over the air” means “captureable by everybody”, Eve (or her phone) can read all the data sent by Bob. As some data is encrypted before being sent, she cannot read Bobs facebook password, but in order not to make Bob enter his password after each click, facebook sends Bob a so called “session id” after logging in, which Bob sends with each interaction, making it possible for facebook to identify Bob. Usually only Bob knows this id, as he receives it encrypted. But when Bob uses the coffee bars WiFi, he spreads his session id over the air to everybody. So Eve takes this session id and uses it as hers – and facebook cannot determine, if Bob or Eve uses this id.

DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click. That´s it.


What do you need to run DroidSheep?
- You need an android-powered device, running at least version 2.1 of Android
- You need Root-Access on your phone (link)
- You need DroidSheep :-) (You can get it in the “GET IT” section)

DroidSheep now supports nearly all Websites using Cookies!
With Version 5, DroidSheep got the new “generic”-Mode! Simply enable it, and DroidSheep will capture all Accounts in the network!!
Successfully tested with ALL already supported Accounts and a lot of other ones (even all WordPress and Joomla-Pages should work!!)


Which pages does DroidSheep support?
- amazon.de
– facebook.com
– fl ickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)



Limitations
DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data :-)

How does this work?
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.

DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.
I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT HAPPEN BY USING THIS SOFTWARE!


HowTo use.
Using DroidSheep is really simple
Before you start — Make sure your phone is ***ROOTED***
DroidSheep will not work without Root-Privileges! If it is not, try THIS
Installation:
There are two possible ways to install DroidSheep:
  • One of the Android Markets (Google, AppBrain, …) — Simply search for DroidSheep and install the application
  • Download it from the “GET-IT” section using your phones browser and open the file — your phone should ask for installing the app.



Download