Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 14
Guests Online: 14
Members Online: 0

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

College Website

Scar0ptics
Member



Posts: 12
Location:
Joined: 19.11.13
Rank:
Moderate
Posted on 21-11-13 20:50
Ok, so the website has "SAML 2.0 SP Metadata" which is security assertion markup language. Uploaded on the Ubuntu Apache server for our schools website. the SAML script also works with "Shib 1.3 IdP Metadata".

Basically, I want to know and understand the advantages and disadvantages of this type of authentication script.


It's easy to analyze error pages and find yourself at a page that gives you the option to log on as a administrator as well as giving you the Administrators user name, but not password of course. Isn't this a big security issue itself?

I have an example website that uses this type of user/password authentication, but I don't know if its against the rules to post.

The following image below shows the SSO process of communication between client to server.

upload.wikimedia.org/wikipedia/en/thumb/0/04/Saml2-browser-sso-redirect-post.png/800px-Saml2-browser-sso-redirect-post.png

Edited by Scar0ptics on 21-11-13 21:29
Author

RE: College Website

Scar0ptics
Member



Posts: 12
Location:
Joined: 19.11.13
Rank:
Moderate
Posted on 24-11-13 21:34
*****UPDATE******



When I go to login with my correct username and password I analyze the different request being made by the client and server end. after I have completed the login I recieve these.

SimpleSAMLAuthToken=_5e88d57e8dc2049604e8425bec..etc

-there is always a underscore before the AuthToken

PHPSESSID=bef282065b2b15c615ad9c0f..etc

-phpsession Identification


Now I did find a link that allows me to access the login screen with the Admin's "SimpleSAMLAuthToken" but from there the password is needed to obtain the "phpsessionID"..


now when I was viewing the Request from the server I saw a /Router.php that displays different Post commands sent by the router I believe. This caught my attention.

I'm also able to view .css pages of the website, such as /retina.css, but all they contain is just the css script.

Edited by Scar0ptics on 24-11-13 21:38
Author

RE: College Website

rex_mundi
☆ Lucifer ☆



Posts: 1458
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 25-11-13 09:41
You should probably read these:

https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf

https://www.certezza.net/media/45053/saml_-_shibboleth_vulnerability_example.pdf

And if it all happens to go tits up, this one might come in handy too.

http://lawyers.findlaw.com/
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: College Website

Scar0ptics
Member



Posts: 12
Location:
Joined: 19.11.13
Rank:
Moderate
Posted on 26-11-13 01:09
the sites using SAML2.0 so I think that this vulnerability has been patched. Although it will not hurt to do some reading on this.

For now I'm going to try and set up my own website. All I have is a basic laptop running windows 7..I can use Win 7 IIS or WAMP..either way I have a lot of learning to do I cant even get a basic page up and running without the server saying Forbidden you don't have access to view this page.