Common hacking practices
Upcoming SlideShare
Loading in...5
×
 

Common hacking practices

on

  • 1,815 views

Describing the most common practices used in web applications cracking

Describing the most common practices used in web applications cracking

Statistics

Views

Total Views
1,815
Views on SlideShare
1,815
Embed Views
0

Actions

Likes
0
Downloads
25
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Common hacking practices Common hacking practices Presentation Transcript

  • What happens on our machines  and why? Common hacking practices Marian Marinov - mm@1h.com
  •       Physical  Hardware  Network  Software Attack vectors
  •   cross-site scripting cross-site request forgery information disclosure denial of service distributed denial of service remote code execution code injection SQL injection Typical web application attacks View slide
  •     Vulnerability scanners Botnet scanners Google and Yahoo How attackers find vulnerable apps View slide
  •     Full Disclosure Security Mailing Lists www.exploit-db.com www.securityfocus.com packetstormsecurity.org Where attackers find their exploits
  •     Try Gruyere         http://google-gruyere.appspot.com/  Life cycle of a web attack
  •   Joomla exploit -> http://www.joomlaexploit.com/  Joomla YJ Contact us Component Local File Inclusion Vulnerability -> http://www.exploit-db.com/exploits/18033/ Proof of Concept: http://localhost/[path]/ index.php?option=com_yjcontactus & view=../../../../../../../../../../../../../../etc/passwd%00 Google it, and crack them.... Using google as a “hacker” :)
  •   Nikto2 - http://www.cirt.net/nikto2 ParoProxy - http://www.parosproxy.org/ OWASP WebScrab - https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Blurb - http://portswigger.net/burp/ Vulnerability scanners
  •   Nmap - port scanner  Hping2,3,4 - port scanner and packet generator Nessus - comprehensive security analysis tool I LOVE IT!  I HATE THEM!!! Snort -Traffic analyzer with a lot of plug-ins Wireshark - Traffic analyzer Other general security tools
  • It is pretty easy to crack  web apps these days :)   And most of the work is already done by someone else! :( Conclusion