Practical Exploitation - Webappy Style

2,557 views

Published on

Given at OWASP NoVA - March 2013

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,557
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
46
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Practical Exploitation - Webappy Style

  1. 1. Practical Exploitation Timey Wimey WebAppy Style by Mubix
  2. 2. Are we (the business) inthe Wall Street Journal? No? Then we arent under attack.
  3. 3. Agenda● What you do● What I do● What is "practical" exploitation?● Demos
  4. 4. We arent going to talk about● Stuff I assume you know ○ SQLI ○ Running your Database as root ○ RFI/LFI ○ etc ○ etc ○ OWASP TOP 10● Stuff you should know ○ Your {SECURITY BLINKY LIGHTS} wont save you....
  5. 5. What you do?● This is where I ask you awkward questions about what you do for a living
  6. 6. What I do?● Senior Red Teamer● Big Co● Break into mainframes, bank accounts, SCADA systems, Windows, Linux, wireless, physical, web apps, UPSs, etc..● Part of a team of highly skilled peepsPrimarily Im a sorter of useful info
  7. 7. What is practical exploitation?● The application of techniques, tactics, and procedures to accomplish objectives and sub-objectives within a targeted engagementAlso known as: "if it doesnt get me more, its stupid"
  8. 8. What falls in the "Stupid" category ● SSLv2 Enabled ● Traceroute Enabled ● DNS Cache Poisoning ● MD5 "collisions" Oh ya, and every single public IE, Firefox, Chrome or Windows exploit. Why? Because their patch cycles are too fast for attackers.
  9. 9. DEMOS
  10. 10. Demo 1 - Linux Pivot to WindowsTomcat -> MS08_067 Wellllllll..... I was going to patch those DMZ hosts, then........
  11. 11. How do I fix that!?● Patch yo %#@$%@ $#%
  12. 12. Demo 2 - WindowsRails vulnerability -> Cred Steal - Mimikatz You use a web framework that protects you and you have really long passwords?
  13. 13. How do I fix that?● Monitor the security community events, disable YAML or XML parsing.● Microsoft has left you out to dry for Mimikatz. They believe if you have Administrator access then its game over.● Dont run your web server as SYSTEM or Administrator, keep UAC enabled on your DMZ hosts
  14. 14. Demo 3 - Windows Pivot to LinuxWinRM on IIS -> DistCC What the..........
  15. 15. How do I fix that?● Dont enable WinRM on DMZ hosts! Stupid.● Firewall DistCC off to only required hosts.
  16. 16. EOMQuestions?Mubix "Rob" Fullerhttp://www.room362.com@mubixmubix@room362.com

×