Buffer Overflow - Simply Explained with real world Example

Buffer Overflow - Simply Explained with real world Example

  August 29, 2020    Davinder

---

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

For better reference:

https://www.hackingtutorials.org/exploit-tutorials/buffer-overflow-explained-basics/

Lets say , we visit a signup page of a website and we entered email and password and click on signup . But before clicking sign up , I am capturing request in the Burp Suite . So when i captured the request , I changed email to some long string , like if email is "davinder@gmail.com" , i changed that to "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@gmail.com" or even more in size

If i am able to proceed further without any restriction and or boundation, that this vulnerability exists.

Another example of code

Steps to resolve:

Restrict size limit on input parameter.

Impact

Category:Availability: Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Access control (instruction processing): Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program’s implicit security policy.
Other: When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

• 1 attachment:

Read More

List of Top Wireless hacking Tools for bug hunting

List of Top Wireless hacking Tools for bug hunting

  August 28, 2020    Davinder

---

http://www.aircrack-ng.org/

http://www.stumbler.net/

http://www.kismetwireless.net/

http://sourceforge.net/projects/airsnort/

http://www.oxid.it/cain.html

http://wepattack.sourceforge.net/

http://www.inssider.com/

http://sourceforge.net/projects/airjack/

http://sourceforge.net/projects/cowpatty/

https://www.cloudcracker.com/

http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

https://github.com/esc0rtd3w/wifi-hacker

https://github.com/philcryer/wpa2own

https://github.com/hash3liZer/WiFiBroot

https://github.com/kennyn510/wpa2-wordlists

https://github.com/chunkingz/linsetmv1-2

https://github.com/DominikStyp/WPA-Attack

https://github.com/wifiphisher/wifiphisher

https://github.com/krtzer/WPA2-Wireless-Network-LabVIEW-FPGA-Testing

https://github.com/soxrok2212/PSKracker

https://github.com/r-a-w/DriveShake

https://github.com/wi-fi-analyzer/eaphammer

https://github.com/Hackndo/krack-poc

https://github.com/jgamblin/hackAPie

https://github.com/derv82/wifite

Read More

Bypassing Android SSL Pinning

Bypassing Android SSL Pinning

  August 28, 2020    Davinder

---

Portswigger.net will give you detailed video for burp setup , But to hunt bugs on Android , Below are some important steps in order to unpin Apps for testing . To do so you need to install below apps

1. Dowload genymotion - This is Your Andoid Emulater

2. Download super su v2.46 or latest

3. Download xposed installer apk

4. download xposed sdk

5. Download ssl unpinning

first root your android fone

than download xposed apk in that fone

than install xposed sdk (Note sdk version must be same as your fone apk version)

than ssl unpinning

After all steps , Restart android phone. 

After Restarting the phone , Open SSL pinning App, Select the app you want to test and click on upin.

After that capture the requests on the Burp and have fun.

Read More

No Restriction on Password length - Bug Bounty

No Restriction on Password length - Bug Bounty

  August 05, 2020    Davinder

---

About this Vulnerability 

This is something when we are able to sign up on any web application using a long 100000 characters password which may lead  website becoming unavailable or unresponsive.

When you supply a long password , Generally what happens applications are implementing password hashing algorithms , So when we supply long password than server will get busy doing that and website becomes unavailable or unresponsive . When a long password is sent, the password hashing process will result in CPU and memory exhaustion.

Prevention

Normally all sites have a password minimum to maximum length like 72 words limit or 48 limit to prevent Denial Of Service attack.

The password hashing implementation must be fixed to limit the maximum length of accepted passwords.

Example Password used during testing

123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 

Read More