Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

An Overview of Common Vulnerabilities in Wordpress

610 views

Published on

For a talk given at the Wordpress Meetup in Fort Collins, CO. Slides coupled with live demonstration when given.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

An Overview of Common Vulnerabilities in Wordpress

  1. 1. Hacking Wordpress A crash course in Web Application hacking.
  2. 2. Disclaimer This information is given for strictly educational purposes only. It is not cool (and is illegal) to hack sites that you don’t own or control. All the sites we’ll hack tonight have been setup specifically for the purpose of hacking and contain no sensitive data.
  3. 3. Disclaimer #2 We will be conducting most of our tests in real time. We’ve tested them extensively, but an any moment something may go wrong. We apologize in advance.
  4. 4. OWASP Top 10
  5. 5. Tonight We’ll Do: • Brute Force Password Attacking • Man-In-The-Middle Attacks • Session Hijacking (via cookie jacking) • XSS
  6. 6. Brute Force Attacks A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
  7. 7. Brute Forcing Wordpress • Wordpress has no built in Brute Force defense • You can install some plugins to reduce the risk of a brute force attack. • We’ll be brute forcing Wordpress using WP-Scan
  8. 8. Preventing Brute Force Attacks • Use strong passwords (also encourage users to use strong passwords) • Use unique passwords • Limit login attempts by user/IP with email reset
  9. 9. Let’s Demonstrate
  10. 10. What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response
  11. 11. What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response Attacker can intercept and *change* communication
  12. 12. Let’s Demonstrate
  13. 13. How can someone get “in the middle”? • WiFi Sniffing/Wifi Pineapple • Network Administrators • ISP/Governments • Datacenters
  14. 14. Session Hijacking Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
  15. 15. HTTP is a stateless protocol. That means we have to reauthenticate every time we make a request. We do this using cookies:
  16. 16. Session Hijacking User authenticates with username and password Once verified, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated
  17. 17. Session Hijacking User authenticates with username and password Once verified, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated If we can steal this cookie, we can become the user.
  18. 18. Let’s Demonstrate
  19. 19. Preventing Man-in-the-Middle and Session Hijacking • Use HTTPS site wide!!!! • Set Cookies to “HTTP only” • Set Cookies to “Secure”
  20. 20. XSS Attack Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
  21. 21. XSS Attacks • The attacker installs a small snippet of malicious javascript that runs on the client (your) browser • Attacks allow us to: • Steal cookies • Log keypresses • Trick the user into taking an action
  22. 22. Let’s Demonstrate
  23. 23. Protecting From XSS • Developer: • Sanitize all inputs (use a LIBRARY!!!) • Sanitize all outputs • User • Browser provide some level or protection • Be skeptical of anything that asks you to enter information
  24. 24. Tools • Beef - http://beefproject.com/ • WpScan - http://wpscan.org/ • Burp Suite - https://portswigger.net/burp/ • Edit This Cookie (Chrome) - https:// chrome.google.com/webstore/detail/ editthiscookie/ fngmhnnpilhplaeedifhccceomclgfbg?hl=en
  25. 25. Further Reading • Troy Hunt - http://www.troyhunt.com/ • Brian Krebs - http://krebsonsecurity.com/ • Courses: • Troy’s courses on Plural Sight - https:// www.pluralsight.com/authors/troy-hunt • One Month Web Security - https:// onemonth.com/courses/web-security

×