Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@benpaddlejones
benpaddlejones committed Oct 24, 2024
1 parent 678b744 commit b95e7d0
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 41 deletions.
43 changes: 2 additions & 41 deletions ..._resources/file_attacks_and_side_channel_attacks/side_channel_example/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Time based information leak

This example side channel exploits a time-based information leak vulnerability. The exploit can enumerate if a username is valid by analysing the different response times for a valid versus invalid username. The threat actor would use datasets from data breaches, with the now verified usernames, to perform a more targeted dictionary attack informed by their known previous passwords.
This example side channel exploits a time-based information leak vulnerability. The exploit can enumerate if a username is valid by analysing the different response times for a valid versus invalid username. The threat actor would use datasets from data breaches, with the now verified usernames, to perform a more targeted dictionary attack informed by the corresponding known previous passwords.

> [!Note]
> Students are not expected to be able to duplicate this application or understand the complex Python implementation. This example is to model how information can leak and then be exploited only.
Expand Down Expand Up @@ -29,7 +29,7 @@ python TimeBasedLoginAnalysis.py -u admin -S

![An example graph output of the time analysis](README_Resources/graph.png)

### Step 3: Enumerate usernames based on response times**
### Step 3: Enumerate usernames based on response times

Now that we know that there is a time based leak of information, we can enumerate users with this command:

Expand All @@ -38,42 +38,3 @@ python TimeBasedLoginUserEnum.py -u admin -t 32 -s 100 -f users.txt
```

![An example username validation](README_Resources/example.png)

## Documentation on the enumeration tool

### Features

**Requirement**: A valid username on the application (no need for password)

- [TimeBasedLoginAnalysis.py](TimeBasedLoginAnalysis.py)

- Analysis of the response time differences between a valid and invalid username.
- Plot analysis results to a graph (option `-S` of ) or export to file (option `-f <graph.png>`).
- Multithreaded login tries.

- [TimeBasedLoginUserEnum.py](TimeBasedLoginUserEnum.py)

- Extract only usernames returning responses times that stands out.
- Multithreaded login tries.

### Usage

```python
python TimeBasedLoginUserEnum.py -h
usage: TimeBasedLoginUserEnum.py [-h] -u USERNAME -f USERNAMES_FILE [-t THREADS] [-s SAMPLES] [-v]

Enumerate valid usernames based on the requests response times.

optional arguments:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username
-f USERNAMES_FILE, --usernames-file USERNAMES_FILE
List of usernames to test
-t THREADS, --threads THREADS
Number of threads (default: 4)
-s SAMPLES, --samples SAMPLES
Number of login tries (default: 20)
-v, --verbose Verbose mode. (default: False)

```
Binary file modified ...acks_and_side_channel_attacks/side_channel_example/README_Resources/example.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified ...ttacks_and_side_channel_attacks/side_channel_example/README_Resources/graph.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
9 changes: 9 additions & 0 deletions ...rces/file_attacks_and_side_channel_attacks/side_channel_example/TimeBasedLoginAnalysis.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
#######################################################
# Requirements: A valid username on the application #
# (no need for password) #
# Analysis of the response time differences between a #
# valid and invalid username. #
# Plot analysis results to a graph (option `-S` of ) #
# or export to file (option `-f <graph.png>`). #
# Multithreaded login tries. #
#######################################################
import argparse
import re
import requests
Expand Down
22 changes: 22 additions & 0 deletions ...rces/file_attacks_and_side_channel_attacks/side_channel_example/TimeBasedLoginUserEnum.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,25 @@
######################################################################################################
# Requirements: A valid username on the application (no need for password) #
# Extract only usernames returning responses times that stands out. #
# Multithreaded login tries. #
# #
# python TimeBasedLoginUserEnum.py -h #
# usage: TimeBasedLoginUserEnum.py [-h] -u USERNAME -f USERNAMES_FILE [-t THREADS] [-s SAMPLES] [-v] #
# #
# Enumerate valid usernames based on the requests response times. #
# #
# optional arguments: #
# -h, --help show this help message and exit #
# -u USERNAME, --username USERNAME #
# Username #
# -f USERNAMES_FILE, --usernames-file USERNAMES_FILE #
# List of usernames to test #
# -t THREADS, --threads THREADS #
# Number of threads (default: 4) #
# -s SAMPLES, --samples SAMPLES #
# Number of login tries (default: 20) #
# -v, --verbose Verbose mode. (default: False) #
######################################################################################################
import argparse
import requests
import random
Expand Down
Binary file added __pycache__/userManagement.cpython-312.pyc
View file
Binary file not shown.
1 change: 1 addition & 0 deletions visitor_log.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0

0 comments on commit b95e7d0

Please sign in to comment.