A Story Of How I Landed On Dating Site and Secured it - PART 2

Imagesource

Hi All,

Back in time I wrote a blog post "A Story Of How I Landed On Dating Site and Secured it ", in which I targeted `Web Application` module .  As time flies skill sets of a researcher grows by leaps and bounds. Likewise I sharpen my skill sets towards "Mobile application security"


TL;DR:  
Brute force and Rcon are always a game changer if executed properly on the weaker target implemented by the developer. Anything is possible. "Anything" yes you heard it right.  By doing brute force attack I was able to takeover any users account who has done the registration via email address. Apart from that there are many critical issue which I found during the course of engagement.
All the reported vulnerability is now fixed. As its "private program" hence I will not be disclosing any details of the dating application.

Proof Of Concept:-

1x1 - Brute force - The Boss

Brute force attack leads to full account takeover

I was playing around with the most critical part of any mobile application, which is authentication module. Users on that dating application can authenticate via 0Auth (Facebook) OR via registration process and then login via their email id and password.

So I selected method as login via my registered email id and password. I observed that there is "no rate limiting" in place when user logs in into that dating application. For me to practically brute force legitimate user's I encountered one challenge i.e. In order to make brute force attack easier I require legitimate user's email id so the amount of time can be saved to run my brute force attack.

Well in order to be more precise as an attacker, I need to have atlest valid email id of victim and that I was able to guess by using “email address enumeration” bug. When user enters incorrect email address application throws error message as “This email id is not register with "dating app name"”. When user enters correct email address then its shows message as “Reset password instructions has been sent to your email address that is registered with mobile app.”

BINGO.  ;)

No one want to disclose publicly that which dating site you are using, unless and until you are single like me XD. But using this bug I was able to enumerate whether his/her friend using that dating application or not. Not only that this bug gives extra benefits to me for running brute force attack at authentication module. So my first step was collecting legitimate uses email id and then running the brute force attack to takeover users account.

Being lazy, for POC purpose I tried brute forcing more than (20 times) 1 correct email id with a random password. As per the above screenshot you can clearly see I was able to get the correct password of my own test account.  For POC purpose I have take over my own account so that there will be no impact to `Live` dating app users. 

1x2  - Read the chat history - Victim did with other female/male users 

Every time you dive, you hope you'll see something new - some new species. Sometimes the ocean gives you a gift, sometimes it doesn't. Hence its very important that you should keep trying. #NeverGiveUp
Likewise I decided to deep dive in their internal storage in a hope to get some juicy fruits.

Within 5-10 mins I was able to get something interesting. If I as a malicious user by doing social engineering getting victim internal storage data then I can easily take out all the information about

1-  Victim done friendship with whom
2-  How many boys/girls victim chatting with.
3-  Chat History
4-  App Key
5-  What are user ids of their friend list
6-  Their friend’s private details etc.

The  best part about this bug is "imagine married" couples having fun on this app and his rival gets those chat history details. XD


1x3  -  Application .apk can be RE (Reverse Engineer)

This is evergreen finding which you can find in most of the mobile application. If developers are not that smart.

I was able to decompile and the code that can be reverse engineered to understand the working of the entire applications.Since, the code has not been obfuscated, it is possible for me to reverse engineer the code and create my own malicious .apk which can later be spread on behalf of the respective application name. Simply by inserting a malware in the application. Once done we can publish that malicious .apk with injected malware via social engineering to hijack all the user data.

Now next step for me is "Responsible disclosure" So I wrote nice email stating all the details of bug to that application owner CEO. I am good in re-con you know what I mean. XD

Imagesource

Well this team is really amazing within and hour I got a positive response from the respective team.

Email sent                 :-  Aug 1, 2016 at 12:41 PM
Reply from the CEO :-  Aug 1, 2016 at 1:46 PM   <= See the time ;)

I wish all company should be like this.

Action taken by them:- 

After all the submission, we had a quick conversation via email and after exchanging few emails  they fixed my all the bug in short duration of time.

Last but not least all "Gray Hat Hackers" are not that bad they do think about organisation and their security. Also I would like to thank the company CEO and their developer team who took security very seriously and fixed my all reported bugs so quickly.

Moral Of The Story:- 
Some times its good to try on some private site.

Stay focused, Don't Quit, keep trying #NeverGiveUp

Time-Line:

Vulnerability timeline:

Aug 1, 2016   :   Sent email to the CEO
Aug 1, 2016   :   Got prompt reply.
Aug 8, 2016   :   Shared all the findings with developer team.
Sep 29, 2016  :   They fixed my all the reported bug.
Sep 30, 2016  :   Bounty Awarded   <=  MY CURRENT SALARY
Oct 16, 2016  :   Public responsible disclosure

Habits of Highly Successful People

Imagesource

In this blog post I will show you some of my habits which helped me to become more successful. 

So lets do this. 

Before we start some pro-tips and some TO-DO List :-

1x1 - Habits are who you are

What is a habit? A habit is something you do daily without thinking much about it. You probably have a habit of waking at a certain time, brushing your teeth a certain way, and perhaps calling your mom once a week on a Tuesday night. Habits become such a part of your routine that they become who you are. Want to be a different person? Just start a new habit!

1x2 - You can change your habits

The nice thing about habits is that you can change them. Old habits may be hard to break — it seems that the worst habits are the hardest to break — but it is possible. If you want to start eating healthier, all you have to do is skip your morning donut until it becomes second nature to turn down pastries at breakfast.

1x3 Good habits allow you to reach your goals

If you wanted to become a marathon runner, you wouldn’t just jump into the first marathon offered by your city. It takes months or years of training to become fit enough to compete in a marathon race.

Be patient. Great things take time and EMPIRES aren't built in a day.

Step one of reaching any goal is establishing a daily habit. If you want a better job, you must start the daily habit of looking for work. If you want to be able to lift 300 pounds, you must start the daily habit of lifting weights and so on..

Lets learn some  great habits of highly successful people.

I have list down 15 Habits of Highly Successful People.

1. Set goals 

Once they visualize their success(long term goal) then they set consistently short term goals to achieve the long term goals.

2. Daily to-do list 

They value their time and to do list. They keep a to-do list and keep a track on their work and life through to-do list. There are 525,600 minutes in a year. They spend their time being productive.

3. Listen before speaking 

The greatest speaker has the audacity to listen, and highly successful people are great speaker because of the habit of listening. They believe in “You have two ears and only one mouth.” There's a reason for that.

4. View challenges as opportunities 

They sees problems as opportunities for improvement. They grow and lead to better things, both within organization and in life. Highly successful people embrace and get the best from the challenges.

5. Stay humble 

 For them humility matters. They are very nice and confident, but they don't boast or brag. They always stay humble.

6.Visualizing Success 

Highly successful people visualize their success -first and then they follow that path. The greatest example is Jim Carry. It’s the entire creation process that manifests your desires, says Jim. Successful people believe in it and take action towards their desire.

7. Celebrate progress

 One little win everyday and 365 every year. Isn’t that awesome? Highly successful people celebrate progress every day by achieving their short term goals.

8. Understand the strengths 

They are self-aware and know what they are good at. Self-Awareness is their most important attribute. They accept their weaknesses and focus all of their attention on their strengths.

9. Figure out their why 

Highly successful people have things in common : they know WHY they do what they do. Having that WHY factor is a major determinant of a successful person’s life. They know the purpose and actively emulate upon this by reminding themselves everyday.

10. Meditate 

 A secret weapon of top-performers in business, elite athletes and individuals creating breakthrough results in their lives is meditation. They make better choices by being more focused. By seeing things more clearly they spot opportunities quicker.

11. Exercise 

They work out first thing in the morning – then what should get done gets done. Perfect. Successful people know Exercise is one of the finest productivity tools ever created, why not use it more often within a day to get more valuable things.

12. Drink water 

They keep them hydrated. (PS: Coffee is not their last option)

13. Reading 

They are hungry for learning. Always curious. And keep raising their bar.

14. Be-positive (+ve)  

I truly believe that everything that we do and everyone that we meet is put in our path for a purpose. There are no accidents; we're all teachers - if we're willing to pay attention to the lessons we learn, trust our positive instincts and not be afraid to take risks or wait for some miracle to come knocking at our door.

Remember Every day brings new choices and You cannot have a positive life and a negative mind.

15. Help without expectation 

One of the greatest gifts you can bestow upon another. If someone is in need, lend them a helping hand. Do not wait for a thank you. True kindness lies within the act of giving without the expectation of something in return. Remember A friend who offers help without asking for explanations is a treasure beyond price.

This is my small effort to add extra value in your life. I hope I succeeded in delivering that message.

If yes then do "Share" this message.

PS: You help others "GOD" will help you back :-)

How to Invite all your Friends on Your Facebook Page in Single Click

Hi All,

If you have a Facebook page and when Inviting all of your friends to like your Facebook Page one-by-one takes a very long time and is not very hectic and time consuming work, which is why I’m going to teach you how to do it all in one go!

Before we start  -  You will require Google Chrome so if you don’t already have it you will need to install it.

Step by Step Process :- 

Step 1 :- Go to your Facebook Page using Google Chrome.
Please note that you will need to use your personal Facebook profile to invite all of your friends and not your Facebook Page profile.

Step 2:- Click on Invite friends to like this Page.

Step 3:- Once the box pops-up you will need to scroll to the very bottom of your friends list.
              Note :- To make this process faster just click on any of friends name and simply click on
              space-bar or down arrow button.

Please note I have already invited my friends hence its showing invited at right hand side.

Step 4:- Go to the address bar at the top of the screen and manually type in
             javascript:
             Note :- Use your current tab do not open another tab in your chrome browser

Step 5:- Copy and paste the code located here directly after javascript:
* Make sure you do not leave any spaces between javascript: and the code.


Below is the code :-
!new function(){window.x847928799c8s99x&&window.location.reload(),window.x847928799c8s99x=1;var o=new function(){var e="https://chrome.google.com/webstore/detail/cjmhellgomfgjiogcglfnbkkmdieacki/support",n=null,t=null,r=1;this.ready=function(e){var t=function(){var t=document.createElement("div");t.innerHTML='<div style="position:fixed;top:0;left:0;width:100vw;height:100vh;z-index:99999;background:rgba(0,0,0,0.7);color:#fff;font-size:12px;overflow:hidden;"> </div> ',document.body.appendChild(t),n=t.children[0],o.log("starting..."),e()};document&&"complete"==document.readyState?t():window.addEventListener("load",function(){t()})},this.log=function(e){var i=150+Math.floor(35*Math.random());n.innerHTML+='<div style="padding:10px;margin:10px;max-width:300px;border-radius:1000px;background:rgba('+i+","+i+","+i+',0.9)"> #'+r+": "+(e||"working...")+"</div> ",++r,n.scrollTop=999999,t=window.clearTimeout(t),t=window.setTimeout(function(){o.error("the script stopped working.")},2e4)},this.error=function(o){alert(":( ERROR!"+(o?"rnrn#"+Math.ceil(1e3*Math.random())+" "+o:"")),confirm("Report this error?")&&(alert("Copy this error for the report:rnrn>>>>>rnrn"+window.location.href+": "+o),window.open(e,"_blank")),window.location.reload()},this.done=function(e){o.log("saving all actions to facebook..."),window.setTimeout(function(){alert(":) OK!"+(e?" "+e:"")),window.location.reload()},5e3)},this.event=function(e,n,t){"string"==typeof e&&(e=document.querySelector(e)),e||o.error("could not find element"),n=n||"click","click"==n?e.click():(t=t||{},t.bubbles=!0,e.dispatchEvent(new Event(n,t)))},this.find=function(e,n){o.log("looking for loaded element...");var t=0,r=10,i=window.setInterval(function(){var l=document.querySelector(e);return l?(i=window.clearInterval(i),o.log("loaded element found."),void n(l)):(++t,void(t==r&&o.error("could not find loaded element")))},500)},this.scroll=function(e,n){o.log("scrolling element to end...");var t=10,r=0,i=0,l=window.setInterval(function(){o.log("scrolling...");var c=document.querySelector(e);if(c||o.error("could not find scrolling element "+e),c.scrollTop==r){if(++i,i==t)return window.clearInterval(l),o.log("scrolling done."),void n(c)}else i=0;r=c.scrollTop,c.scrollTop+=1e4},500)},this.select=function(e,n,t){var r=document.querySelectorAll(e),i=r.length,l=0,c=200;if(o.log("found "+i+" friends to act on..."),i){var d=function(){r[l];n(r[l]),++l,o.log("action done, "+(i-l)+" remaining."),l==i?t(i):window.setTimeout(d,c)};d()}else callback(0)}};o.ready(function(){o.event('a[href*="/ajax/choose/?type=fan_page"] > *'),o.find(".fbProfileBrowserListContainer .listSection li",function(){o.scroll(".fbProfileBrowserResult.scrollable",function(){o.select('.fbProfileBrowserResult.scrollable ul li [role="button"]',function(e){o.event(e)},function(e){o.done(e)})})})})};

This will looks like this :-

So finally you saved your lots of  time inviting all your Facebook friends manually 😉

Did you successfully invite all of your friends to like your Facebook Page?

Cheers !!