Web penetration

1. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 1/22 Web Penetration - demo.test

2. re.net th!nkh@ck-hackartist cafe.thinkhack.org September 29, 2014

3. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 2/22 1 Introduction What is Penetration Test? Test Site Progress Phases 2 Pre-Ready Setting Target Crawling Target 3 Exploitation Acquiring Sensitive Data Directory Listing Revealing Souce Codes Redirecting to MalSite SQL Injection Simple SQL Injection Advanced SQL Injection 4 Reporting Vulnerabilities Reference Types of Web Attack Documentation

4. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 3/22 Outline 1 Introduction What is Penetration Test? Test Site Progress Phases 2 Pre-Ready Setting Target Crawling Target 3 Exploitation Acquiring Sensitive Data Directory Listing Revealing Souce Codes Redirecting to MalSite SQL Injection Simple SQL Injection Advanced SQL Injection 4 Reporting Vulnerabilities Reference Types of Web Attack Documentation

5. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 4/22 What is Penetration Test? What is Penetration Test? ¨Xt¹@ 4Çx?? ¬Ð X ÄÐ ¹ „| tÄ ”´Ð õ©D ÜÄ Ä õ©Ð è}ü Q)•ñD ÜX” ‘Å ¨Xt¹ü t¹X (t õ© Áü ”Ð t ¬Ð X| ˆ”À ì€ tÄ Áü ”| õ©Ä øƒD XÁÐŒ ¬ì¸T Xì õtüÈ”À ì€

6. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 5/22 Test Site Test Site ÀŸ$ õ©Á : http://demo.test

7. re.net õ©” : tù„Ð ¥ ¨à õ© demo.test

8. re.net Œ m© $… ‘¬ IBM © ¨Xt¹D L¤¸X0 © õ©” ù ¬t¸| ¥Xt ¸À J” ”´Ð ‰ ù @‰ ù¬t¸

9. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 6/22 Progress Phases Progress Phases DèÄ Á$ Á „ $ Á„X õ©” $ Á¤Ý ùX ½° Proxy Äl| t©Xì Crawling D µt ÁX ¤Ýt ¥ õ©èÄ Á„X ¤Ý ô| è}D ”!Xà, tù è}Ð t õ©D ‰ ¬ì¸èÄ õ©èÄÐ ‰ õ©äÐ t m© 8T X” èÄ 8T m©” õ©…X, õ©½, õ©(· ñt ˆL.

11. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 8/22 Setting Target Setting Target Á„ $ demo.test

12. re.netD Á„ $ õ©” $ demo.test

13. re.netX Œ¤TÜ ñD À½XÀ J” õ©Ð t demo.test

14. re.netX m© L¤¸| ‰

15. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 9/22 Crawling Target Burp Suite ä‰ ä´Ü ä‰ ä´Ü ¬t¸ : http://portswigger.net/burp/download.html ä‰ : java -jar -Xmx1024m burpsuite.jar

16. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 10/22 Crawling Target Proxy $ Proxy $)• Internet Explorer x075X - œ$ - Proxy $ Safari Safari - X½$ - à - ]Ü $À½ - Web ]Ü $

18. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 12/22 Acquiring Sensitive Data Acquiring Sensitive Data /admin/clients.xls | Á üXì ä´Ü| ÜÄ

19. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 13/22 Acquiring Sensitive Data Clients Information ä´Ü @

20. |D ôŒ ¥

21. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 14/22 Directory Listing Directory Listing /bank ¬Ð default.aspx

22. |t ÆL Directory Listing 5XD Æ`| X”p, $XÀ JXL. aspx.cs @ @ Œ¤

23. |Ä ¬¤à ˆLD L ˆL. aspx.cs @ @ Œ¤

24. |D Á }0 ˆ¥h.

25. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 15/22 Revealing Souce Codes content

26. |ø0 À½ €„X ˜tÀX ))•t URL

27. |ø0 ì include )Ý„D ”!` ˆL. /default.aspx?content=)`˜tÀ l1´ ˆL. contentX

28. |ø0| t©Xì aspx.cs

29. |D }´ $” ƒD ÜÄh. txt@ htm

30. |Ì

31. TÁ ” ƒD L ˆL.

32. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 16/22 Revealing Souce Codes null-byte injection aspx.cs

33. |D txt

34. | t0 t null-byte injectionD ¬© ?content=login.aspx.cs%00.txt Ðì@ hØ ù¬t¸X

35. |Ü¤ÁX ½| L ˆL.

36. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 17/22 Revealing Souce Codes Directory Traversal

37. |½ /static/login.aspx.cs À ƒD L ˆL. Á ¬ tÙXì bank ¬X

39. |ø0 ì

40. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 18/22 Redirecting to MalSite Redirecting to MalSite Crawling Ð L ˆït disclaimer.htm

41. |@ url

42. |ø0 ì üŒ ¬ät D tüà ˆL. tð ½° url

43. |ø0X Ð t EX ¬t¸xÀ €D pÐ|h. Tt@ ¬

44. ¬Ð õtü” €0¥ p¨¬t¸Ð” €D õXÀ JL.

45. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 19/22 SQL Injection Form Injection øx TtÐ èXŒ SQL InjectionD ÜÄh. ID@ (¤ÌÜÐ ' or '1'='1 D ½… ¬ Ä øx” ƒD Ux

46. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 20/22 SQL Injection Cookie Injection ¬ Ä øx È”p account detailÐ D4ôÄ Æ” ƒD L ˆL. Proxy 4D t©Xì account ô| »´¼ ˆD Ì è ˆDÀ € amUserId | „X À½Xt Account ô À½(D L ˆL ¨à Account ô| »0 t amUserId

47. |ø0Ð SQL Injection ÜÄ

48. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 21/22 SQL Injection Account Information ¨à account ©]t ˜$p, ôŒÄ ¥

49. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 22/22 SQL Injection Union Injection Union InjectionD µt Account ô àÐ øx ID/PW| »D ˆL. login.aspx.cs Œ¤TÜ| „Xì ¬© ô| ¬X” Ltt„ü DÜ…D LDÄ 1 union select username,password from users | ½…

51. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 24/22 Reference Types of Web Attack Reference Types of Web Attack ôà ‘1X 0 ôà| ‘1X0 t” ‘1 0t ˆ´| h. ù „|Ð” t 0t ” ƒt OWASP Top 10, CWE/SANS Top 25 t x ôà| ‘1X0 |ð¤ ˆL. OWASP Top 10 3Dü0 1àXà ˆp, OWASP|” pÁÐ ùÐ Ý` ˆ” 10 è}D Xà ˆL. CWE/SANS Top 25 CWE@ SANS õÙ Ä‰X” ƒ Œ¸è´ õµ„|Ð Ý` ˆ” è}D ôàXà ˆL. ¬” 2011D „t ¥à „„.

52. Introduction Pre-Ready Exploitation Reporting Vulnerabilities 25/22 Documentation Documentation 8T€? 8T” ^Ð ‰ „ õ©D 8Ð ø .0” ƒ„. ¨Xt¹Ð ¥ ” €„ ^Ð ‰ õ©äD ¨P 0 XÀ J”ät EXx t¹ü Ù|h. 8T ´© õ©…X õ©½ õ©Ð ¬© Request ô Q)• ø x 0À¬m

Web penetration

Recommended

Recommended

More Related Content

Similar to Web penetration

Similar to Web penetration (20)

More from Jongseok Choi

More from Jongseok Choi (16)

Recently uploaded

Recently uploaded (20)

Web penetration