PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS)

Black Hat USA 2012

Presented by: George Argyros, Silvio Cesare
Date: Wednesday July 25, 2012
Time: 15:30 - 16:30
Location: Augustus I+II
Track: Upper Layers

We present a number of novel, practical, techniques for exploiting randomness vulnerabilities in PHP applications. We focus on the predictability of password reset tokens and demonstrate how an attacker can take over user accounts in a web application via predicting the PHP core randomness generators.

Our suite of new techniques and tools go far beyond previously known attacks (e.g. Kamkar and Esser) and can be used to mount attacks against all PRNG of the PHP core system even when it is hardened with the Suhosin extension. Using them we demonstrate how to create practical attacks for a number of very popular PHP applications (including Mediawiki, Gallery, osCommerce and Joomla) that result in the complete take over of arbitrary user accounts.

While our techniques are designed for the PHP language, the principles behind ]them are independent of PHP and readily apply to any system that utilizes weak randomness generators or low entropy sources.

We will also release tools that assist in the exploitation of randomness vulnerabilities and exploits for some vulnerable applications.

George Argyros

George Argyros is an undergraduate student at University Of Athens in Greece but he is about to start a Ph.D. at Columbia University in September. He also works as an intern at Census inc. His research interests include cryptography, software testing, source code auditing and anything else related to computer security seems interesting.

Silvio Cesare

University of Athens


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats