Thứ Tư, 25 tháng 4, 2012

Pass hash attack for Yahoo Messenger

http://rongchaua.net/blog/security-pass-hash-attack-for-yahoo-messenger/

Security – Pass hash attack for Yahoo Messenger

Authentication is an important process of a internet service for authenticating users. For example, when you register an account for Yahoo mail, you will be asked for an ID and password so that only you can access to your email account. That means Yahoo will save your ID and your password in their servers so that they can compare with your input later. Your ID can be saved in clear text but the password will not be never saved under clear text. Yahoo uses its own algorithmus to make a hash of your password. For example your password is "123456789″, then Yahoo may save it as format "25f9e794323b453885f5181f1b624d0b". In this way only you know the password and if the server is attacked, your password will be still safe. Furthermore password hash protects you from losing password through snipping on network connection.

A normal authentication looks like below

Now, let's consider a scenario. What if I manually establish a connection to the email I would like to access, but rather than feeding it privileged username and password I feed it the username and that password hash that I have stolen? Yahoo is concerned about is receiving a hash that matches what it is expecting (password hash). This means that I don't have to perform the one-way hashing function on the password, I just have to supply the hash, which is the basis for this attack. We call this attack "password hash attack" and the authentication will look like image below

So end with theorie and start with a small pratice of "password hash attack" with Yahoo Messenger. If you use Yahoo Messenger, there is an option to save your ID and password.

This password again is of course not saved under clear text but its hash will be saved in registry and sent to server for authentication when user logs in Yahoo Messenger. Therefore we can make a password hack attack for Yahoo Messenger as following steps.
0. Somehow take an access to the computer of victim. Open Yahoo Messenger and see if the option of saving ID and Password is ON. If it's on, we can start our attack.
1. Press Windows + R. Type in "regedit". Enter.
2. Browse to "HKEY_CURRENT_USER\Software\Yahoo\Pager".
3. Right click on it and click "Export". Enter a file name to save registry information into .reg file.

4. Copy the .reg file from victim's computer to our computer. Open it with Notepad, delete all of values but
+ "Save Password"
+ "MD_ID_VALUE"
+ "Yahoo! User ID"
+ "ETS"

5. Double click to import this .reg file into our registry.
6. Open your Yahoo Messenger and click Log In. Suprise you are logging to account of victim.


Với phiên bản 10.0.0.1264 thì không có MD_ID_VALUE, và không cần MD_ID_VALUE thì vẫn được.

Không có nhận xét nào:

Đăng nhận xét

(Chơi cho vui) AIRDROP CHAINGE FINANCE - dự án xây dựng ứng dụng ngân hàng số cho mọi người

 Không hiểu lắm về cái này, tuy nhiên thấy quảng cáo khá nhiều, lại chỉ cung cấp vài thông tin cá nhân (mà mấy ông lớn như facebook với goog...