What happens on our machines  and why? Common hacking practices Marian Marinov - mm@1h.com
      Physical  Hardware  Network  Software Attack vectors
   cross-site scripting cross-site request forgery information disclosure denial of service distributed denial of service ...
    Vulnerability scanners Botnet scanners Google and Yahoo How attackers find vulnerable apps
    Full Disclosure Security Mailing Lists www.exploit-db.com www.securityfocus.com  packetstormsecurity.org  Where attack...
     Try Gruyere          http://google-gruyere.appspot.com/  Life cycle of a web attack
   Joomla exploit  ->  http://www.joomlaexploit.com/  Joomla YJ Contact us Component Local File Inclusion Vulnerability  -...
   Nikto2 -  http://www.cirt.net/nikto2 ParoProxy -  http://www.parosproxy.org/ OWASP WebScrab -  https://www.owasp.org/in...
  Nmap - port scanner  Hping2,3,4 - port scanner and packet generator Nessus - comprehensive security analysis tool I LOVE...
It is pretty easy to crack  web apps these days :)   And most of the work is already done by someone else! :( Conclusion
Upcoming SlideShare
Loading in …5
×

Common hacking practices

1,501
-1

Published on

Describing the most common practices used in web applications cracking

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,501
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Common hacking practices

  1. 1. What happens on our machines  and why? Common hacking practices Marian Marinov - mm@1h.com
  2. 2.       Physical  Hardware  Network  Software Attack vectors
  3. 3.   cross-site scripting cross-site request forgery information disclosure denial of service distributed denial of service remote code execution code injection SQL injection Typical web application attacks
  4. 4.     Vulnerability scanners Botnet scanners Google and Yahoo How attackers find vulnerable apps
  5. 5.     Full Disclosure Security Mailing Lists www.exploit-db.com www.securityfocus.com packetstormsecurity.org Where attackers find their exploits
  6. 6.     Try Gruyere         http://google-gruyere.appspot.com/  Life cycle of a web attack
  7. 7.   Joomla exploit -> http://www.joomlaexploit.com/  Joomla YJ Contact us Component Local File Inclusion Vulnerability -> http://www.exploit-db.com/exploits/18033/ Proof of Concept: http://localhost/[path]/ index.php?option=com_yjcontactus & view=../../../../../../../../../../../../../../etc/passwd%00 Google it, and crack them.... Using google as a “hacker” :)
  8. 8.   Nikto2 - http://www.cirt.net/nikto2 ParoProxy - http://www.parosproxy.org/ OWASP WebScrab - https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Blurb - http://portswigger.net/burp/ Vulnerability scanners
  9. 9.   Nmap - port scanner  Hping2,3,4 - port scanner and packet generator Nessus - comprehensive security analysis tool I LOVE IT!  I HATE THEM!!! Snort -Traffic analyzer with a lot of plug-ins Wireshark - Traffic analyzer Other general security tools
  10. 10. It is pretty easy to crack  web apps these days :)   And most of the work is already done by someone else! :( Conclusion

×