A Practical Introduction into How to Exploit Blind Vulnerabilities

  • Webcast Aired Tuesday, 11 Dec 2018 10:30AM EST (11 Dec 2018 15:30 UTC)
  • Speaker: Chris Dale

In this webcast, Chris will be doing a demonstration-based webcast, that is, no PowerPoint! We will be doing an in-depth explanation and exploitation of blind vulnerabilities.

First, we will look at user enumeration vulnerabilities, and specifically using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. An attack vector which is very useful in many cases today, notably against Lync/Skype4B installations which are currently vulnerable to this issue. Furthermore, we will look at password spraying attacks to get a foothold into the target systems.

Once inside we'll look at some very common problems penetration testers face today, everything is blind! Meaning your attacks don't give an immediate feedback that they are working, we'll have to look at other means to discover success. We're basically flying blind.

We will discover, analyze and fully exploit weaknesses that serve into command injection, and eventually a reverse-shell on a Windows server. Then, how can we find these in automated manners, and across huge systems? How does vulnerability scanners manage to discover such weaknesses, and how can they conclude weaknesses? We will introduce the Burp Collaborator and scripts to aid in using the Collaborator against attack vectors otherwise hard to successfully exploit.

Finally, we'll look into how to discover, analyze and fully exploit blind SQL injections. We'll be utilizing the Burp Intruder to compromise the database, leveraging blind exploitation techniques to exfiltrate data.

Chris Dale is a SANS Instructor and teaches our most popular training course, SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling all throughout the EMEA region.