3. Whoami?
• I’m NOT a CEH
• Creator of the Zombie Browser Toolkit
https://github.com/Z6543/ZombieBrowserPack
• Creator of the HWFW Bypass tool
• Idea later(?) implemented by nation state attackers in Duqu 2.0
https://github.com/MRGEffitas/hwfwbypass
• Creator of the Malware Analysis Sandbox Tester tool
https://github.com/MRGEffitas/Sandbox_tester
• Played with crappy IoT devices
https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html
https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html
4. Introduction
There is a saying that every software and system will
be tested from a security point of view, but the
question is whether the owner controls when this is
done and who reads the report.
But the owner (or the users) will pay the price either
way.
5. Automated testing
Good at scanning multiple pages, multiple
parameters for the same issues
Bad at finding logical bugs, authentication bypasses,
…
6. This is still an issue which is
not found by automated
scanners by default
What do you do?
7. This is still an issue which is
not found by automated
scanners by default
What do you do?
admin/admin
Automated scanners don’t brute-force user
logins by default
8. This is still an issue which is not
found by automated scanners
What do you do?
9. This is still an issue which is not
found by automated scanners
What do you do?
Automated scanners don’t have a clue that they should try
this parameter they have never seen before
11. Is this found by scanners?
/login.php?username=admin&password[$ne]=asdfg
array("username" => "admin""password" => array(”$ne" => "asdfg"));
Usually scanners don’t know NoSQL. And if they know, they are usually not
that smart
ProTIP: instead of asdfg, use a long complex password so you can be sure
this is not the correct password ;)
Try this challenge here:
https://platform.avatao.com/challenges/28f5fca5-6a01-11e6-bdf4-
0800200c9a66
15. Solution
Bypass whitelist by change order of parameters:
/php0816/code.php?hl[0]=nice&hl[1]=text&mode=hl
&src=solution.php
Try it here:
http://www.wechall.net/challenge/php0816/index.p
hp
16. Conclusion
Use a good tool for boring, repetitive tasks
And use your brain for creative hacks
And always develop new tools for new problems