sec-pentesting-toolkit/Cryptography/Hash_Functions/MD5/Hash-Length-extension-attacks/VimeoHashExploit

Hash Extension Attack at the Vimeo API

This tutorial is a slight adaptation of Filippo Valsorda's presentation. The example here should not work currently, but it was a vulnerability a couple of years ago.

The problem presented here shows how to exploit a poor choice combination of information in an API hash-function.

TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix.

MD5

MD5 hashes can't be reversed and are nearly unique (accidental collisions are extremely rare, although possible).

The Vulnerability

• A signature is created from a hashed string. This string is a composed of:

[ PASSWORD ]["api_key"+ api_key ]["method" + method]

Where password is just the user password and method is the action, for example "vimeo.test.login".

• This signature is hashed and added as the API signature.

• Vulnerability 1: if we can see the hash, we can add code to it (extend).

• Vulnerability 2: the secret is attached to the string that was hashed.

• Vulnerability 3: all the other components (except the secret) is passed in the plaintext in the request.

The Exploit

• If an attacker can see a request, she can extend the signature hash with any exploit. For example, she could add the method "vimeo.videos.setFavorite"

• The API signature is now formed by hashing the entire new request.

HOW TO RUN THIS EXAMPLE

• In one terminal run $ python server.py

• Copy the values api_key cdd56f298e71493b9b1015c691e14501 api_sig fdffe59969293f23c197f321ff2f972e

to client.py and then run it.

• To understand what happen, look inside client.py.