Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identifique brechas, proteja sua aplicação | Php avenger e octopus

876 views

Published on

Apresentação ministrada no PHP Community Summit, em São Paulo, promovido pela Locaweb, no dia 01/09/2017.

O PHP Avenger e Octopus são ferramentas criadas para auxiliar segurança nas suas aplicações.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download Full doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download PDF EBOOK here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download EPUB Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... Download doc Ebook here { http://shorturl.at/mzUV6 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Identifique brechas, proteja sua aplicação | Php avenger e octopus

  1. 1. IDENTIFIQUE BRECHAS, PROTEJA SUA APLICAÇÃO PHP Avenger e Octopus
  2. 2. ME CHAMO LEONN LEITE Made in TAGUÁ Entusiasta PHP, PHPDF, PHPWOMEN /leonnleite @leonnleite +leonnleite SOU IRMÃO DO LENON LEITE
  3. 3. PROJETOS ● Heimdall Ransomware ● PHP Avenger ● Octopus
  4. 4. PROJETOS ● Heimdall Ransomware ● PHP Avenger ● Octopus
  5. 5. Heimdall Ransomware
  6. 6. Heimdall Ransomware
  7. 7. Heimdall Ransomware
  8. 8. PHP Octopus Padrões, todo mundo comete o mesmo erro.
  9. 9. PHP Octopus
  10. 10. PHP Octopus
  11. 11. Mas como funciona?
  12. 12. chmod
  13. 13. rwx r=read (leitura) w=write (gravação, alteração, deleção) x=execute (execução)
  14. 14. rwx
  15. 15. rwx 000 | 0 001 | 1 010 | 2 011 | 3 100 | 4 101 | 5 110 | 6 111 | 7
  16. 16. rwx rwx Dono Grupo Outros rwx 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111
  17. 17. chmod 777 chmod 666
  18. 18. Uai, mas como o cara sabe meu usuario?
  19. 19. /etc/passwd 644
  20. 20. PHP Avenger Eu achava que os .gov tinham vários erros de segurança
  21. 21. PHP Avenger “É um erro grave formular teorias antes de se conhecer os fatos. Sem querer, começamos a distorcer os fatos para se adaptarem às teorias..” - Sherlock Holmes
  22. 22. Processo Identificação de padrão Trabalhar a vulnerabilidade Estudo das vulnerabilidades Validar o retorno
  23. 23. Processo - Falso positivo Anda como pato, nada como pato, tem bico de pato
  24. 24. Processo - Falso positivo
  25. 25. “Cross Site Scripting” “Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.” - Owasp
  26. 26. “Cross Site Scripting” Exemplo <marquee></marquee>
  27. 27. “Cross Site Scripting” Exemplo Url: indextodas.php?titulo=Nordeste+Desenvolvimento
  28. 28. “Cross Site Scripting” Exemplo Url: indextodas.php?titulo=<marquee>Teste</marquee>
  29. 29. “Cross Site Scripting” Estudo da Vulnerabilidade Identificando as possibilidades e como funciona o ataque. Identificação do padrão Texto na requisição GET/POST se repete no corpo da pagina. Trabalhando a vulnerabilidade Alterar parâmetro GET/POST, inserindo comandos como tags html e scripts. Validando o retorno Identificando se a alteração da requisição foi mostrada na tela.
  30. 30. “Sql Injection” “Attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.” - owasp
  31. 31. “Sql Injection” exemplo Url: /index.php?id=1
  32. 32. “Sql Injection” exemplo Url: /index.php?id=1'
  33. 33. “Sql Injection” exemplo
  34. 34. Mas como funciona? $sql = "select * from tabela where id = $id" Ou seja $sql = "select * from tabela where id = 1" mas $sql = "select * from tabela where id = 1'" Que isso possibilita $sql = "select * from tabela where id = 1" . " union select password from user"
  35. 35. “Sql injection” Estudo da Vulnerabilidade Foi feito estudo de uma do resultado e do log de uma ferramenta chamada sqlmap. Identificação do padrão Quando é utilizado aspas nas requisições é gerado um erro padrão do banco de dados. Trabalhando a vulnerabilidade Utilização de aspas. Validando o retorno Identificar os erros impresso ao inserir aspas e se os erros não estava lá anteriormente.
  36. 36. “Sql injection” errors Mysql ○ mysql_ ○ You have an error in your SQL syntax ○ Warning: mysql_ ○ MySQL result index PostgreSql ○ pg_ ○ Warning: pg_ ○ PostgreSql Error: ○ Function.pg Oracle ○ Microsoft OLE DB Provider for Oracle ○ ORA-01756 ○ ORA- Fatal error Sql Server ○ Microsoft JET Database ○ ODBC Microsoft Access Driver ○ 500 - Internal server error ○ Microsoft OLE DB Provider
  37. 37. “Local File Inclusion” ““The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application...” owasp
  38. 38. “Local File Inclusion”
  39. 39. “Local File Inclusion”
  40. 40. “Local File Inclusion” /etc/passwd /etc/group
  41. 41. “Local File Download/Path Traversal” Estudo da Vulnerabilidade Checando urls possíveis, identificando os arquivos que sempre vão existir. Identificação do padrão É utilizado caminho do arquivo no GET/POST para escolha de arquivo para leitura. Trabalhando a vulnerabilidade Navegar pelas pastas utilizando ../ procurando pelo arquivo de origem ou index. Validando o retorno Verificar no retorno se aquele é realmente um arquivo de sistema.
  42. 42. “Local File Download/Path Traversal” “A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder.” - Owasp
  43. 43. “Local File Download/Path Traversal” exemplo
  44. 44. “Local File Download/Path Traversal” exemplo
  45. 45. “Local File Download/Path Traversal” Estudo da Vulnerabilidade Checando urls possíveis, identificando os arquivos que sempre vão existir. Identificação do padrão É utilizado caminho do arquivo no GET/POST para escolha de arquivo para download. Trabalhando a vulnerabilidade Navegar pelas pastas utilizando ../ procurando pelo arquivo de origem ou index. Validando o retorno Verificar se o retorno é um arquivo de sistema. Validando tags de sistema, como <?php do php.
  46. 46. “Local File Download/Path Traversal” exemplo
  47. 47. “Local File Download/Path Traversal” Estudo da Vulnerabilidade Checando urls possíveis, identificando os arquivos que sempre vão existir. Identificação do padrão É utilizado caminho do arquivo no GET/POST para escolha de arquivo para download. Trabalhando a vulnerabilidade Navegar pelas pastas utilizando ../ procurando pelo arquivo de origem ou index. Validando o retorno Verificar se o retorno é um arquivo de sistema. Validando tags de sistema, como <?php do php.
  48. 48. “Local File Download/Path Traversal” Bonus
  49. 49. WordPress “Brute Force” “...consists in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response.” owasp
  50. 50. WordPress “Brute Force”
  51. 51. WordPress “Brute Force”
  52. 52. WordPress “Brute Force”
  53. 53. “Local File Download/Path Traversal” Estudo da Vulnerabilidade O WordPress retornar usuários de acordo com um comando na url. Identificação do padrão Inserting, /?author=1, the system user name is printed. Trabalhando a vulnerabilidade A loop is looped to list all possible users Validando o retorno Check if user returns according to id, to be used in the brute-force list.
  54. 54. Localizando alvos
  55. 55. Search Engine ● Google ● Bing ● Yandex ● Others Study pattern in search
  56. 56. Google Bing Yandex DukeDukeGo Baidu Outros
  57. 57. Motores de busca Curiosidades Google O google não traz resultados infinitos, trazem em torno de mil resultados. Bing É possível rastrear páginas através do IP.
  58. 58. Motores de busca Curiosidades DukeDukeGo Utilizando de api para retornar um resultado sempre passando uma chave. Yandex É russo, importante para ataques efetuados ao leste europeu.
  59. 59. Motores de busca Mas como? Já ouviu falar de dork?
  60. 60. "dork" “Inicialmente conhecido como Google Hacking Database. Dorks são pesquisas avançadas com intuito de melhorar, específicar e filtrar a pesquisa.” -Meu irmão
  61. 61. "dork"
  62. 62. "dork" Localizando sistemas educacionais que rodam WordPress
  63. 63. "dork" Localizando sistemas educacionais *.edu.br que rodam WordPress
  64. 64. "dork" Localizando sistemas educacionais *.edu.br que rodam WordPress */wp-content/*
  65. 65. "dork"
  66. 66. "dork" Localizando backup do banco de dados De site brazuca
  67. 67. "dork" Localizando backup do banco de dados filetype:sql De site brazuca
  68. 68. "dork" Localizando backup do banco de dados filetype:sql De site brazuca site:com.br
  69. 69. "dork" Localizando backup do banco de dados filetype:sql De site brazuca site:com.br bonus
  70. 70. "dork" Localizando backup do banco de dados filetype:sql De site brazuca site:com.br Bonus intext:password
  71. 71. "dork" Localizando backup do banco de dados filetype:sql De site brazuca site:com.br Bonus intext:insert password
  72. 72. "dork" Possíveis falha de Local File Download / Path Traversal.
  73. 73. "dork" Possíveis falha de Local File Download / Path Traversal. site:com.br inurl:baixar.php?arquivo=
  74. 74. "dork" Possíveis falha de Local File Download / Path Traversal. site:com.br inurl:baixar.php?arquivo=
  75. 75. "dork" Possíveis falhas de Sql Injection.
  76. 76. "dork" Possíveis falhas de Sql Injection. site:com.ar inurl: index.php?id=
  77. 77. "dork" Possíveis falhas de Sql Injection. site:com.ar inurl: index.php?id=
  78. 78. "dork" Possible Cross Site Scripting fails
  79. 79. "dork" Possible Cross Site Scripting fails site:com.ar inurl:index.php?titulo=
  80. 80. "dork" Possible Cross Site Scripting fails site:com.ar inurl:index.php?titulo=
  81. 81. Automatizando
  82. 82. "Chefão" “Hackear qualquer alvo específico pode ser difícil, dependendo do que for escolhido, até impossível. Mas escaneie centenas de milhares de sistemas, e você terá a certeza de encontrar alguns vulneráveis.” - Poulsen, Kevin. Chefão
  83. 83. "Problemas/Soluções" Brute force é lento
  84. 84. "Problemas/Soluções"
  85. 85. "Problemas/Soluções"
  86. 86. "Problemas/Soluções" Tor/Proxys
  87. 87. "Problemas/Soluções" Tor/Proxys
  88. 88. Php avenger
  89. 89. php avenger sh --dork=”index.php?titulo” --check=”xss”
  90. 90. php avenger sh --dork=”index.php?titulo” --check=”xss”
  91. 91. php avenger sh --dork=”site:com.br inurl:index.php?id=” --check=”sqli”
  92. 92. php avenger sh --dork=”site:com.br inurl:index.php?id=” --check=”sqli”
  93. 93. php avenger sh --dork=”site:com.br inurl:baixar.php?arquivo=” --check=”lfd”
  94. 94. Brute force > Send email
  95. 95. Open source https://github.com/aszone Contribua
  96. 96. Open source Phpeste outubro/2017 fortaleza
  97. 97. Dúvidas?
  98. 98. Obrigato

×