Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Common hacking practices


Published on

Describing the most common practices used in web applications cracking

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Common hacking practices

  1. 1. What happens on our machines  and why? Common hacking practices Marian Marinov -
  2. 2.       Physical  Hardware  Network  Software Attack vectors
  3. 3.   cross-site scripting cross-site request forgery information disclosure denial of service distributed denial of service remote code execution code injection SQL injection Typical web application attacks
  4. 4.     Vulnerability scanners Botnet scanners Google and Yahoo How attackers find vulnerable apps
  5. 5.     Full Disclosure Security Mailing Lists Where attackers find their exploits
  6. 6.     Try Gruyere  Life cycle of a web attack
  7. 7.   Joomla exploit ->  Joomla YJ Contact us Component Local File Inclusion Vulnerability -> Proof of Concept: http://localhost/[path]/ index.php?option=com_yjcontactus & view=../../../../../../../../../../../../../../etc/passwd%00 Google it, and crack them.... Using google as a “hacker” :)
  8. 8.   Nikto2 - ParoProxy - OWASP WebScrab - Blurb - Vulnerability scanners
  9. 9.   Nmap - port scanner  Hping2,3,4 - port scanner and packet generator Nessus - comprehensive security analysis tool I LOVE IT!  I HATE THEM!!! Snort -Traffic analyzer with a lot of plug-ins Wireshark - Traffic analyzer Other general security tools
  10. 10. It is pretty easy to crack  web apps these days :)   And most of the work is already done by someone else! :( Conclusion