Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

“Can we deface your Web in 10 mins?” - Edu 3.4


Published on

知道創宇 資訊保安研究員 何寶麟先生

Published in: Education
  • Be the first to comment

  • Be the first to like this

“Can we deface your Web in 10 mins?” - Edu 3.4

  1. 1. Knownsec Hong Kong  Can we deface your Web in 10 mins?
  2. 2.  News Ref:
  3. 3.  News Ref:
  4. 4.  News Ref:
  5. 5.  Some Common Hacking Incidents •  Defacement •  Changing the look of the website – e.g. hackers break into into the web server and modify the content •  Stealing Information •  Getting some sensitive information (e.g. exam paper) because they are not properly protected Ref: website-defacedefacement
  6. 6. •  Modifying Information •  E.g. Hackers break into the server / through websites vulnerability to modify the database content, like school grades •  Upload Trojan / Shell •  Hackers upload a backdoor to control the webserver, they can change website content, spread virus, make webserver as zombie, etc… •  Etc… Ref:
  7. 7.  Some Common Vulnerabilities •  SQL Injection •  A website vulnerability that allow hackers to input gain access to database or even execute commands, e.g. dump database, modify content, upload files •  Vulnerable Components •  Using some vulnerable software like outdated CMS, vuln version of Wordpress plugin, old web servers (e.g. webdav exploit)… Ref:
  8. 8. •  Sensitive Files •  Important files are not properly protected, e.g. simply putting them to be internet accessible •  Weak Passwords •  Using weak password like 000000 and no brute force protection
  9. 9.  Demo – Can we deface your Web in 10mins? •  There is a sample Educational Website
  10. 10.  Can we deface your Web in 10mins? •  Hacking in progress… •  Browsing the website •  Finding vulnerabilities •  Uploading a shell… •  Defacing the homepage…
  11. 11.  Can we deface your Web in 10mins? – Yes!!
  12. 12.  What did the hacker do? •  Browsing the website •  Got interesting directories: /intranet •  Have to login? •  Got an interesting page: /intranet/fck.php using FKCEditor? •  Finding vulnerabilities •  Bypass login by SQL Injection… •  Misconfigured FCKEditor, a vulnerable component J •  Uploading a shell… •  A file that can control the website •  Defacing the homepage… •  Mission completed
  13. 13.  Tips •  Do security assessment on your websites •  Websites vulnerabilities •  Servers configuration •  Apply countermeasures if necessary •  Improve security awareness •  Be aware of the news about the technology that the school is using •  Education
  14. 14.  Contact •  Alan Ho •
  15. 15. Thank you!