How i Hacked into AirBnB in three simple steps
Hello to all readers,
Airbnb is an American company which operates an online marketplace and hospitality service for people to lease or rent short-term lodging including holiday cottages, apartments, homestays, hostel beds etc.
Cyber security pioneers emphasize on the fact that if you want to hack a target whether it be a Website, a Mobile app or an IoT device, you should follow the six step methodology.
This is what most researchers and bug bounty hunters fail to follow. Every hack has to be carried out via the methodology otherwise chances of success decrease drastically. This article about me following this simple approach and Hacking into Airbnb
Step No#1: Information Gathering
Firstly, I visited the AirBnB Hackerone program via the link https://www.hackerone.com/airbnb
I saw their scope of testing and identified a lesser used domain to find vulnerabilities and flaws in which was *.luxuryretreats.com
Step No#2: Network Mapping
Next i used the dnsdumpster tool to look for sub domains on this host which yielded some great results which were as follows
From here i found a number of unused sub domains which lead me to narrow down my search one in particular that was bookings.luxuryretreats.com onto which i did a port scan which revealed a vulnerability in HTTP protocol stack
Step No#3: Vulnerability Identification
I found that bookings.luxuryretreats.com is vulnerable to HTTP.sys RCE. A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.
Step No#4: Penetration
Next i used metasploit tool to test if the exploit was valid or not. Using MS15_034 auxiliary i was able to reproduce this flaw via this file path http://bookings.luxuryretreats.com/Content/images/logo.svg
I downloaded the executable exploit file from exploit-db and executed the exploited
The exploit was successful offcourse i could only demonstrate the “HelloWorld” because this is what i was allowed to do by the AirBnB Team. The folks at AirBnB team verified this exploit and replied nicely
