Paypal Complete 2-Factor Authentication(2FA) Bypass Exploit.

To make it clear: The Paypal account you were 'hacking' did NOT have to be affiliated with the eBay account you were using. In my original tests, I had made a new eBay account using a temporary email, and had gotten into my Paypal through the same method.

 

 

 Found By Joshau Rojers

 It works even without an eBay account, actually.

https://www.paypal.com/cgi-bin/webscr?cmd=_integrated-registration&key=0&stamp=1364194631&data=JGHnP2g2ybqbgKfR7%2B1loOlg24LvI/VppQIqFE8DyTO9hqc1x1pQw42CCLy3EdEogm85LYOTKtU2wYNfjFZvuHSx4PjAHLVtlv6sYdPl2FIBLN7BNr3l%2BPe0WPeDhopUWqhw0PYE9EAyZPkgIZWJgWKGGGNPqdQRjlbNGoCCIox7RLfKmtEDeH8KXEOzZDSmvETO%2B7fkoy06CLe9CkJhE0V8Mh9QN/wNYIF6WMFgHsze7RAS8Qe3j/U9I9zYXDPcfB2L5AVCYI53jcWUOxeKXSlcoV0eIcxkLOkLfmSqnaY9vywEQEhEU2PYoKSqefaZBPFh6Y7kWXVD/7id8PvkrJzKaCUq0nhBRfFGtf1kYrK0ZgX%2Byws4HmiTn4GEL/gaUPtpWviP4BCJmeGOhzQEhbFNYwzuzmOWAaqYfsa62DsAcq3LUy1DyAmBfsLhwzRyzZhKlg1NRz5MxTsuBqlh72W6ytc1gEMwh%2BJtBxZTf7EggIaTRLdpjXMlZmwRjkMH2BjX8P4968XicykzmLhTpqpg507flV%2Belq3QNBd9cAliSskS3n/%2Bd1os7FQBnogr4tZ7srcTkoPM5nezXqz3caE/loqoJnkWvlRYfNJpSSysjQ%2BThTgiwNtk4eh8X2r3LhepLD27KdM7I299%2BnWVF9veVjw625ZT%2B3MyQMiO7FbMJdng5baW%2BZIRFIear2GlEJVXMlftP3ibMJAmzGrnKqB0sPwY3augnaBNnz4u32QAaxg8zhvz5FEaELdpFxJ4ptLdRc2MFUBFkUDm%2B5tlpuNl9JzgKTDQnXzYxX/2KYAznivHTlsCcwH68kL6EqoiGGTsFoLzp8TqnLvizULu6tdfnTAhhxV6kCeRRoyN/a62wahvxDibJgTnTjp4d3/xm4nhkQhQ5/xUgtAN9T1aa7n5PinOWS84AOFR0TB3KpwHsQkoQCGXvzdYZh4wD8ECQzYS9lbpaCLm13GqPGK4xC6K2vat8/gt9uoiJbiy77SK2PcMhcRS3KbK9Z0HtDCl&ev=1.0&locale=en_US
 

On the 5th of June, 2014, I found a complete bypass for Paypal's 2FA service, in which anybody would be able to access a Paypal account that has 2FA setup, by only logging in through a "special" Paypal page.

 eBay, in conjunction with Paypal, provide a service as to where you can link your eBay account to your Paypal account, and when you sell something on eBay, the fees automatically come out of your Paypal account.

When setting this up, you're (obviously) asked for your Paypal login.

When you are redirected to the login page(above), the URL contains "=_integrated-registration". Doing a quick Google search for this shows that it isn't used for anything other than eBay; thus it is setup purely for Paypal&eBay.

Once you're actually logged in, a cookie is set with your details, and you're redirected to a page to confirm the details of the process. And this is where the exploit lays. Now just load http://www.paypal.com/ , and you are logged in, and don't need to re-enter your login.

So, the actual bug itself is that the "=_integrated-registration" function does not check for a 2FA code, despite logging you into Paypal.

You could repeat the process using the same "=_integrated-registration" page unlimited times. 

When you are redirected to the login page(above), the URL contains "=_integrated-registration". Doing a quick Google search for this shows that it isn't used for anything other than eBay; thus it is setup purely for Paypal&eBay.

Once you're actually logged in, a cookie is set with your details, and you're redirected to a page to confirm the details of the process. And this is where the exploit lays. Now just load http://www.paypal.com/ , and you are logged in, and don't need to re-enter your login.

So, the actual bug itself is that the "=_integrated-registration" function does not check for a 2FA code, despite logging you into Paypal.

You could repeat the process using the same "=_integrated-registration" page unlimited times. 

 I originally found this on the 5th of June, 2014, and reported it to Paypal the same day.

I have also uploaded a demonstration of it on YouTube.

It still works.


For Complete Tutorial Contact me on Facebook or Twitter
https://www.facebook.com/zxera
https://www.twitter.com/Yedens

For Educational Porpose only

A Beginners Guide to Ethical Hacking - E-BOOK

A Beginners Guide to Ethical Hacking is a complete path for newbie hackers who want are curious to Learn Ethical Hacking Techniques.The Information given in this book will make you a master hacker.

How will the information in the book affect me?

• You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation

• You will start to think like hackers

• Secure your computer from trojans,worms, Adwares etc

• Amaze your friends with your newly learned tricks

• You will be able to protect your self from future hack attacks

 Download it for free

A Beginners Guide to Ethical Hacking.pdf

Wifi Packet Capturing and Session Hijacking using Wireshark 2

Before you go to this section it is required you to read first tutorial
Wifi Packet Capturing and Session Hijacking using Wireshark 1

Step - 7 

Now Setting up New configurations by typing these commands. 
“ifconfig eth0 0.0.0.0 up”  
“ifconfig at0 0.0.0.0 up” 
   
Description -  
ifconfig stands for interface configurator. ifconfig command is used to configure network interfaces. ifconfig is widely used to initialize the network interface and to enable or disable the interfaces.  

Step -8

Now it’s turn on MITM Interface by typing this command 
“ifconfig mitm up”  

Description –  
ifconfig stands for interface configurator. ifconfig command is used to configure network interfaces. ifconfig is widely used to initialize the network interface and to enable or disable the interfaces. 
By Default Interface we created is down, we need to put it up.

Step – 9 

Now send the deauthentication packets to the router by typing this command
“aireplay-ng - - deauth 0 - a 94:44:52:DA:B4:28 mon0”   

Description –  
Aireplay-ng is used to inject frames.  
The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. There are different attacks which can cause deauthentications for the purpose of capturing WPA handshake data, fake authentications, Interactive packet replay, hand- crafted ARP request injection and ARP-request reinjection. 
We use 0 for continuous Flooding of packets. We use 1 for Single Flooding of packet. 
-a represent bssid of the victim network. 94:44:52:DA:B4:28 here is a bssid of the victim network.

Step - 10

Now it’s time to assigning the IP to all victims by typing this command
“dhclient3 mitm&”   OR  “dhclient3 mitm &”  

Description –  
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. 

Step – 11 

Now you can check the client connected on the 5th Terminal where you create Fake Access point.

Step – 12 

Start your Wireshark Packet Analyzer Tool by typing this command 
“wireshark&”   OR   “wireshark &  

Description –   
 Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

Step – 13 

Now Select the Interface (at0) and click on START. 

Type “http contains POST” and you can see that all packets be in your sniffing tool


and you'll get user name and password :)
Happy hacking

Top 10 Web Hacking Techniques 2014

Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web
browsers, Web proxies, and their mobile platform equivalents. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack. Now in its eighth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent work. Past Top 10s and the number of new attack techniques discovered in each year


The Top 10

1. Mario Heiderich – Mutation XSS
2. Angelo Prado, Neal Harris, Yoel Gluck – BREACH
3. Pixel Perfect Timing Attacks with HTML5
4. Lucky 13 Attack
5. Weaknesses in RC4
6. Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
7. Million Browser Botnet Video Briefing
   Slideshare
8. Large Scale Detection of DOM based XSS
9. Tor Hidden-Service Passive De-Cloaking
10. HTML5 Hard Disk Filler™ API

Mobile Charger That Can Power-Up Your Smartphone in 30 Seconds

Going for a meeting or for a party and your Phone's battery discharged? Oops! 

Yes, I know this happens with most of us once in a day or I can rather say all of us. Smartphones are smart enough but not that smarter as expected keeping in mind today’s lifestyle.

WiFi Hotspot in Windows 8 without any softawre

To create a WiFi Hotspot in Windows 8 you need to perform some cmd commands in order to activate the hotspot and turn your computer into modem internet sharer. Here are the commands used in step by step:

 this is not my tutorial i found this in someones blog. I would like to thanks him:

1. Search for CMD then click Run as Administrator to run the command prompt with administrator privileges
2. Run the following commands one by one:

 netsh wlan set hostednetwork mode=allow ssid=zx3r1 key=password

 Note: Change zx3r1to the SSID (name) of your wifi and password to the key you want to use.

netsh wlan start hostednetwork

netsh wlan show hostednetwork

 

3. The last command with "show" parameter will show you if the network was created successfully or not, here's an example of what it outputs:

4. Done! You just created a WiFi hotspot, now search for it using your iPhone, iPad, Android device or another Computer equipped with a Wireless adapter.

Here you've set up hotspot but if you connect to it you'll see that it is limited.

///////////////////////

here is how to share internet over your hosted hotspot

1. Goto Network and Sharing Center
2. goto Change Adapter Setting
3. now you'll see "Local Area Connection* 4" or may other with your ssid in my case its zx3r1
4. now rightclick and open properties
5. On Sharing tab check on "Allow other network users to connect through this computer's Internet connection"
6. Select Appropriate Home networking connection
7. From setting select Web Server(HTTP)

in my case I've Local Area Connection 2 Which has current internet connection

share this to your friends too :)

enjoy!