Uses the CBC bit reverse attack to bypass the encrypted session token
0x01 what is CBC bit inversion technology?
The full name of the CBC mode is the Cipher Block Chainning, which is called because the ciphertext group wants to connect to each other in the same chain.
:
In CBC mode, the plaintext group and the previous ciphertext group are first used for XOR operation, and then encrypted. When the first plaintext group is encrypted, because there is no "previous ciphertext group ", therefore, we need to prepare a bit sequence with a length of one group to replace the previous ciphertext group. This bit sequence is called the Initialization vector (Initialization vector), which is usually abbreviated as IV, if the same initialization vector (IV) is used each time, when the same key is used to encrypt the same plaintext, the obtained password must be the same, therefore, each encryption request generates a different bit sequence randomly as the initialization vector to avoid this situation.
The purpose of the CBC bit reverse attack is to modify the ciphertext to manipulate the decrypted plaintext. The attacker will reverse any bit in the initialization vector (IV) (1 to 0 to 1 ), the corresponding bits in the plaintext group (the plaintext group obtained after decryption) will also be reversed. For example, if a user named admin logs on and uses the CBC encryption mode, the token is "aaabbbccc999". Now there is an attacker named john, logging on, encrypted in the CBC mode, token is cccbbbccc1111. Now john changes token to "ffcbbbccc1111" and finds that the login name has changedOhn, so he knows that the ff of the first token is convertedAfter several rounds of tests, he found that if he changed the token to "7bcbbbccc1111", the login name would be 'aohn ', and finally he sent the token to 7bdc995465 to the server, I found that I have changed to admin.
0x02 attack demonstration
Here, we use the Owasp Mutilidae test platform. Click "Owasp 2013", "Broken authentication and session management", and "Privilege escalation" in the left-side navigation bar ", "view user privileges", you can see that the goal of this challenge is to change the UID and GID to 000. Through burpsuite, you have caught the IV and sent this request to the Repeater of burpsuite, for future testing,
The current IV value is "6bc24fc1abda-b25b4114e93a98f1eba"
Next, change "6bc24fc1abda-b25b4114e93a98f1eba" to "ffc24fc1ab366b25b4114e93a98f1eba" and observe the changes,
It is found that there is a character change in the Application ID part, and then the conversion character. When the IV is ffffffffff0000b25b4114e93a98f1eba ", it is found that the User ID is changed to e00.
Now let's see if the Group ID can be affected. When the iv is ffffffffffffb4114e93a98f1eba, the Group ID changes,
We only need to change the userID and GroupID, and restore ffffffffffffb4114e93a98f1eba in sequence. When the corresponding item is found, the iv value is 6bc24fc1ff1_bffb4114e93a98f1eba,
We found that the first FF corresponds to the e of the USERID, And the hexadecimal code of e is 0x65. After the difference or, 0xFF xor 0x65 = 0x9a, now our goal is to set USERID to 0 (the corresponding hexadecimal system is 0x30), so 0x9a xor 0x30 = 0xaa, we submit iv as 6bc24fc1aa1_bffb4114e93a98f1eba, USERID is what we want,
Then let's set the GROUPID to 0. Then, 0xFF xor 0xeb = 0x14,0x30 xor 0x14 = 0x24. We submit the iv value 6bc24fc1aa1_b24b4114e93a98f1eba.
0x03 references
Bypassing encrypted session tokens using CBC bit flipping technique.
Http://swepssecurity.blogspot.tw/2014/05/bypassing-encrypted-session-tokens.html
<Graphic Password Technology>