How i Hacked into AirBnB in three simple stepssteemCreated with Sketch.

in #airbnb6 years ago

Hello to all readers,

Airbnb is an American company which operates an online marketplace and hospitality service for people to lease or rent short-term lodging including holiday cottages, apartments, homestays, hostel beds etc.

Cyber security pioneers emphasize on the fact that if you want to hack a target whether it be a Website, a Mobile app or an IoT device, you should follow the six step methodology.

This is what most researchers and bug bounty hunters fail to follow. Every hack has to be carried out via the methodology otherwise chances of success decrease drastically. This article about me following this simple approach and Hacking into Airbnb

Step No#1: Information Gathering

Firstly, I visited the AirBnB Hackerone program via the link https://www.hackerone.com/airbnb

Screen Shot 2018-03-13 at 1.16.57 PM.png

I saw their scope of testing and identified a lesser used domain to find vulnerabilities and flaws in which was *.luxuryretreats.com

Step No#2: Network Mapping

Next i used the dnsdumpster tool to look for sub domains on this host which yielded some great results which were as followsScreen Shot 2018-03-13 at 1.17.50 PM.png
From here i found a number of unused sub domains which lead me to narrow down my search one in particular that was bookings.luxuryretreats.com onto which i did a port scan which revealed a vulnerability in HTTP protocol stack

Step No#3: Vulnerability Identification

I found that bookings.luxuryretreats.com is vulnerable to HTTP.sys RCE. A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

Step No#4: Penetration

Next i used metasploit tool to test if the exploit was valid or not. Using MS15_034 auxiliary i was able to reproduce this flaw via this file path

I downloaded the executable exploit file from exploit-db and executed the exploited
Screen Shot 2018-03-13 at 1.18.42 PM.png

The exploit was successful offcourse i could only demonstrate the “HelloWorld” because this is what i was allowed to do by the AirBnB Team. The folks at AirBnB team verified this exploit and replied nicely

Screen Shot 2018-03-13 at 1.19.31 PM.png

#bugbounty #hacking #security
6 years ago in #airbnb by
$0.00
    Reply 3
    Sort:  
  • Trending
    • [-]
     5 years ago 

    Congratulations @alexbatex! You received a personal award!

    Happy Birthday! - You are on the Steem blockchain for 2 years!

    You can view your badges on your Steem Board and compare to others on the Steem Ranking

    Vote for @Steemitboard as a witness to get one more award and increased upvotes!
    $0.00
      Reply

      Coin Marketplace

      STEEM 0.20
      TRX 0.13
      JST 0.030
      BTC 65762.16
      ETH 3485.95
      USDT 1.00
      SBD 2.50