Taking a Delorean car back to the future:Time related attacks

After thinking about what to write about and having some ideas which are still half done and in draft.I decided to write this!
As a car enthusiast with love for classic cars and passion for
bringing back old cars to life. I would admit and hope my good friend mark whom we disagrees on most ideas are on the same page here.Delorean was a beauty.If you have not watched Back to the Future movies you are missing out. sit at the back left and let me drive you through time.oops! i forgot delorean is a two-passenger sports car
,but why not go to the future,2024 and get the new powerful delorean alpha5.A better looking super-fast,2+2 coupe , electric car.
Enough with the car analogy,we as hackers love technical stuff,nevertheless i believe nowadays i am starting to appreciate the non-technical aspects,folks and roles in tech.
In this blog i will discuss some attacks that could impact software from a time change.changing time to the future or back to the past could impact the normal working of the softwares.
1.Using Expired whatsapp mod  
Some months ago i installed two whatsapp mods for security research.After finding some bugs i forgot about it as
it was installed on my less used android phone.The phone is  a popular in my country,kenya and i have found some critical bugs and submitted to their bug bounty program for years.That's a story for another day.For that reason and maybe i am too paranoid i don't use it as a daily phone.
Back to the whatsapp mod which i discourage anyone from using as i have found bugs and reported to respective developers but never heard back from them.
After the whatsapp mod expired i could not use it and found out they had an activity on top of chats stating the app is expired preventing user from using it and having to install newer version.
I had an idea but it seemed so technical and would take time which i didn't feel was right to put in for such crappy application.The idea was to RE,mod the application taking out the activity.What if we can find an easy way out?
I found out changing the time in the phones system and having manual time could allow me use the app without
updating.I can hear you from a far asking yourself ,but crius what's the impact here.
With the app being laded with vulnerabilities,if at one time the developers come to their senses and fix them a
user with previous application using this trick leaves themselves to attackers mercy.



 


 

2.Predicting a virtual bet before being played
while doing a pen test of a betting company for a client,i found a way to find the next result before it was displayed in the
web application.
With a mass assignment vulnerability i found out adding a countID to the header path and adding one to the current countid could expose the next game result.

3.Unlocking online voting

After voting in an online poll,the web app could not allow you to vote again as a protection against cheating.but changing time to a future time could allow you to vote again in the same day.

4.Withdrawing more than once from a financial company

A financial company could allow only one withdrawal per day but changing time to a future time could allow more than one withdrawal in the same day.

Comments

Post a Comment

Popular posts from this blog

SOME BUGS

Image
 It's been  a while since i wrote anything related to bug bounty or hacking.In that time i have had some interesting and bad experiences with bug bounty programs.from fast responses to scam external  programs I won't be naming/ shaming the programs but soon i will put up a comprehensive list of scam programs to avoid. Let's talk about some of the bugs; 1. Authentication bypass via path normalization i was hunting on some match matching/dating site.after finding subdomains via crt.sh and fuzzing the subdomains with a wordlist.i found a login page;  min.site.com I started to fuzz to files with ffuf with a custom wordlist.with no result i looked for sqli but found non.tried response manipulation.again failed I was about to give up then i click on a png file.deleted the pic.png and got 403 error.using script https://github.com/iamj0ker/bypass-403 on it i  could list images on the server! https://login.site.com/images// I tried https://login.site.com// also https://...
Read more

Not A Guide to hacking betting sites

  DISCLAIMER!!!   This is for educational purposes only and not a guide to hacking betting sites. In this writeup i will try to provide some bugs i have found on betting sites during my almost 3years bug bounty journey.I have reported more than 100 vulnerabilities on betting websites and android application but i will only talk about some bugs.Sorry,I don't have screenshots to demonstrate the vulnerabilities so i will just list  some bugs and their impacts.I will not name the companies for obvious reasons The writeup lists some  vulnerabilities bug hunters can look for while hunting on betting platforms so grab some coffee and popcorn and enjoy! Some are interesting like  changing odds or withdrawing twice or withdrawing money more than your balance:) IDOR I found most of IDOR on betting sites on profile id parameters.some occurred on bet history where i could change user bet id history and get any user betting history on the site. SQLI Most of then were blind s...
Read more