lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100123230227.4270.qmail@securityfocus.com>
Date: 23 Jan 2010 23:02:27 -0000
From: gat3way@...3way.eu
To: bugtraq@...urityfocus.com
Subject: Abusing weak PRNGs in PHP applications

Hello all, 

To cut the intro blablablas short, I've compiled this video here:

http://www.youtube.com/watch?v=NMhO00bnRzM

It's about abusing PHP's builtin PRNG functions to attack web applications. 

It starts where Stefan Esser's wonderful article "mt_srand and not so random numbers" ( http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ ) ended.

I've made some improvements to his idea. Since mt_srand()/mt_rand() are very slow (~17 hours to try all possible 2^32 seeds on my AMD Phenom 2.6 ghz machine) and lookup tables are huge (at least 32 GB), I implemented rainbow tables. With a chain length of 10000 and 512k rows, the table size is 11MB and average search takes only about 35 min. Rainbow table parameters can be tuned (longer chains = less space, but slower seed crack, shorter chains and more rows = more space, but less time to crack the seed).

Since it's about password reset attacks, time to predict the random string is crucial for the effectiveness of the attack. 

I also demonstrate a real PoC against installations of PHP-Nuke and PunBB hosted on a same server with keep-alives enabled. In my example, it took 7 minutes and 4 HTTP requests to reset the PunBB's admin password by predicting the "password reset" URL.

I also gave my ideas cents on how those attacks can be improved even further (e.g comparing sequences of PRNs instead of just the last values in case we have pseudorandom numbers generated in a smaller interval like mt_rand(1,1000);)

PoC code, rainbow table generation code and the rainbow table itself (mt_rainbow2) can be downloaded from http://www.gat3way.eu/poc/mtrt 

Hope some of you might find that useful.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ