Submit Search
Upload
TA Lesson Web-109
•
0 likes
•
190 views
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Follow
TA Lesson Web-109 @ National Chung Cheng University
Read less
Read more
Software
Report
Share
Report
Share
1 of 22
Download now
Download to read offline
Recommended
RESTful API Design
RESTful API Design
Amigo 陳兆祥
Web Introduction
Web Introduction
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Http协议介绍
Http协议介绍
Sanji Zhang
OAuth: How And Why?
OAuth: How And Why?
LI Daobing
Http in development
Http in development
仲伟 李
Async programming-2014-08-22-pub
Async programming-2014-08-22-pub
persia cai
Session1.pdf
Session1.pdf
ssuser9026c8
利用OpenSSL创建并验证证书
利用OpenSSL创建并验证证书
Water Sky
Recommended
RESTful API Design
RESTful API Design
Amigo 陳兆祥
Web Introduction
Web Introduction
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Http协议介绍
Http协议介绍
Sanji Zhang
OAuth: How And Why?
OAuth: How And Why?
LI Daobing
Http in development
Http in development
仲伟 李
Async programming-2014-08-22-pub
Async programming-2014-08-22-pub
persia cai
Session1.pdf
Session1.pdf
ssuser9026c8
利用OpenSSL创建并验证证书
利用OpenSSL创建并验证证书
Water Sky
Intro to REST
Intro to REST
Leon Gao(高磊)
Intro to rest
Intro to rest
Leon Gao(高磊)
Http callback bridge
Http callback bridge
Phoenix Su
network2
network2
overcomerwang
WEB 安全基础
WEB 安全基础
xki
Laradebut #7 - Laravel AUTH
Laradebut #7 - Laravel AUTH
Szuping Wang
OpenWebSchool - 01 - WWW Intro
OpenWebSchool - 01 - WWW Intro
Hung-yu Lin
Session1(更新20230205).pdf
Session1(更新20230205).pdf
ssuser9026c8
http flood and mobile app
http flood and mobile app
im_yunshu
Node Web开发实战
Node Web开发实战
fengmk2
运维系统开发与Rails 3页面开发实践
运维系统开发与Rails 3页面开发实践
Li JianYe
Res tful api design tw-2.0
Res tful api design tw-2.0
昀陞 李
Node Web开发实战
Node Web开发实战
fengmk2
06
06
chanlung wu
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
Justin Lin
OpenWebSchool - 03 - PHP Part II
OpenWebSchool - 03 - PHP Part II
Hung-yu Lin
高性能远程调用解决方案
高性能远程调用解决方案
Ady Liu
Sse api
Sse api
景智 張
PHP 應用之一 socket funion : 偽 WEB Server
PHP 應用之一 socket funion : 偽 WEB Server
志賢 黃
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
AEG_ Automatic Exploit Generation
AEG_ Automatic Exploit Generation
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Unleashing MAYHEM On Binary Code
Unleashing MAYHEM On Binary Code
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
More Related Content
Similar to TA Lesson Web-109
Intro to REST
Intro to REST
Leon Gao(高磊)
Intro to rest
Intro to rest
Leon Gao(高磊)
Http callback bridge
Http callback bridge
Phoenix Su
network2
network2
overcomerwang
WEB 安全基础
WEB 安全基础
xki
Laradebut #7 - Laravel AUTH
Laradebut #7 - Laravel AUTH
Szuping Wang
OpenWebSchool - 01 - WWW Intro
OpenWebSchool - 01 - WWW Intro
Hung-yu Lin
Session1(更新20230205).pdf
Session1(更新20230205).pdf
ssuser9026c8
http flood and mobile app
http flood and mobile app
im_yunshu
Node Web开发实战
Node Web开发实战
fengmk2
运维系统开发与Rails 3页面开发实践
运维系统开发与Rails 3页面开发实践
Li JianYe
Res tful api design tw-2.0
Res tful api design tw-2.0
昀陞 李
Node Web开发实战
Node Web开发实战
fengmk2
06
06
chanlung wu
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
Justin Lin
OpenWebSchool - 03 - PHP Part II
OpenWebSchool - 03 - PHP Part II
Hung-yu Lin
高性能远程调用解决方案
高性能远程调用解决方案
Ady Liu
Sse api
Sse api
景智 張
PHP 應用之一 socket funion : 偽 WEB Server
PHP 應用之一 socket funion : 偽 WEB Server
志賢 黃
Similar to TA Lesson Web-109
(19)
Intro to REST
Intro to REST
Intro to rest
Intro to rest
Http callback bridge
Http callback bridge
network2
network2
WEB 安全基础
WEB 安全基础
Laradebut #7 - Laravel AUTH
Laradebut #7 - Laravel AUTH
OpenWebSchool - 01 - WWW Intro
OpenWebSchool - 01 - WWW Intro
Session1(更新20230205).pdf
Session1(更新20230205).pdf
http flood and mobile app
http flood and mobile app
Node Web开发实战
Node Web开发实战
运维系统开发与Rails 3页面开发实践
运维系统开发与Rails 3页面开发实践
Res tful api design tw-2.0
Res tful api design tw-2.0
Node Web开发实战
Node Web开发实战
06
06
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
Servlet & JSP 教學手冊第二版 - 第 1 章:簡介Web應用程式
OpenWebSchool - 03 - PHP Part II
OpenWebSchool - 03 - PHP Part II
高性能远程调用解决方案
高性能远程调用解决方案
Sse api
Sse api
PHP 應用之一 socket funion : 偽 WEB Server
PHP 應用之一 socket funion : 偽 WEB Server
More from Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
AEG_ Automatic Exploit Generation
AEG_ Automatic Exploit Generation
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Unleashing MAYHEM On Binary Code
Unleashing MAYHEM On Binary Code
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Firmadyne
Firmadyne
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Fintech Newebpay API using Flask and VueJS
Fintech Newebpay API using Flask and VueJS
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
TA-java-method-109
TA-java-method-109
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
TA Lesson Binary Exploitation (Pwn)
TA Lesson Binary Exploitation (Pwn)
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Java - TA課 - Array
Java - TA課 - Array
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Reverse Engineering - Assembly & Introduction
Reverse Engineering - Assembly & Introduction
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
TA Lesson3 - Method
TA Lesson3 - Method
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Java - TA課 - Let's Begin
Java - TA課 - Let's Begin
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Java - TA課 - 開發環境
Java - TA課 - 開發環境
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
IoT Penetration Talk
IoT Penetration Talk
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Introduction to computer network
Introduction to computer network
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
Assembly Language Redhung ( x86 ) @ TDOH
Assembly Language Redhung ( x86 ) @ TDOH
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
TP-Link SR20 Zero-day attack
TP-Link SR20 Zero-day attack
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
滲透測試入門 Penetration test - white hat hacking introduction
滲透測試入門 Penetration test - white hat hacking introduction
Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
More from Redhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
(17)
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender_ Reverse Engineering Windows Defender's Antivirus Emulator
AEG_ Automatic Exploit Generation
AEG_ Automatic Exploit Generation
Unleashing MAYHEM On Binary Code
Unleashing MAYHEM On Binary Code
Firmadyne
Firmadyne
Fintech Newebpay API using Flask and VueJS
Fintech Newebpay API using Flask and VueJS
TA-java-method-109
TA-java-method-109
TA Lesson Binary Exploitation (Pwn)
TA Lesson Binary Exploitation (Pwn)
Java - TA課 - Array
Java - TA課 - Array
Reverse Engineering - Assembly & Introduction
Reverse Engineering - Assembly & Introduction
TA Lesson3 - Method
TA Lesson3 - Method
Java - TA課 - Let's Begin
Java - TA課 - Let's Begin
Java - TA課 - 開發環境
Java - TA課 - 開發環境
IoT Penetration Talk
IoT Penetration Talk
Introduction to computer network
Introduction to computer network
Assembly Language Redhung ( x86 ) @ TDOH
Assembly Language Redhung ( x86 ) @ TDOH
TP-Link SR20 Zero-day attack
TP-Link SR20 Zero-day attack
滲透測試入門 Penetration test - white hat hacking introduction
滲透測試入門 Penetration test - white hat hacking introduction
TA Lesson Web-109
1.
redhung@hung.red TA-LESSON @ INFORMATION
SECURITY — WEB SECURITY
2.
>_ ECHO `WHOAMI` Interning
at CHT Security Co., Ltd. CTF Player Focusing on Reversing, Pwning
3.
>_ CAT ./OVERVIEW Web Basics Challenge
1 Cookies Challenge 2 Command Injection Challenge 3 Front-end Authentication 0x0 0x1 0x2 0x3
4.
Web Basics
5.
>_ WEB BASICS 協議
網址 參數 標籤 https://ctf.hung.red?boy=me#top
6.
當我們在日常生活點擊某個網址時就會碰到的協定 HTTP Protocol 定義了
Client端 及 Server端 之間應答的標準 由 Client端 發起 Request , Server端 接收後回應 Response HTTP methods & HTTP status code >_ WEB BASICS HTTP Protocol
7.
GET - 向Server請求資源
== 我來要東西 參數會以URL的形式傳送 E.g. https://ctf.hung.red?boy=me —> 參數boy的值 = me >_ WEB BASICS HTTP Methods POST - 傳送資料給Server == 我來送東西 參數不會出現在URL裡 通常⽤來傳送Data、Form HEAD、PUT、DELETE、TRACE、OPTIONS ..
8.
1XX - 收到請求了,但還要繼續處理 2XX
- 收到請求且處理成功 3XX - 重新導向相關 4XX - Client端相關的問題 5XX - Server端相關的問題 >_ WEB BASICS HTTP Status Code
9.
>_ WEB BASICS HTTP
Request GET / HTTP/1.1 Host: ctf.hung.red Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) Accept: text/html Accept-Language: zh-TW ⽅法 路徑
10.
>_ WEB BASICS HTTP
Response HTTP/1.1 200 OK Date: Mon, 07 Oct 2019 19:36:38 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 3266 Connection: close Content-Type: text/html; charset=UTF-8 回傳狀態碼
11.
>_ WEB BASICS
12.
Challenge 1 -
Cookies
13.
>_ COOKIES Cookies是網站在我們瀏覽網頁時儲存在電腦上的資料 通常會儲存瀏覽該網站的偏好設定 E.g.
語⾔、位置 Cookies也常⽤於儲存使⽤者資料,再⽤來驗證⾝份 Cookies是存放在Client端的東⻄,因此可以任意修改
14.
>_ COOKIES https://ctf.hung.red:10001
15.
Challenge 2 -
Command Injection
16.
>_ COMMAND INJECTION 當某些地⽅為使⽤者可控的指令且不經檢查時就容易產⽣ Command
injection的漏洞 以Linux的network指令ping為例,在無線AP的Web介⾯裡, 時常會出現network tool之類的⼯具,若在這之中沒有將 使⽤者輸入過濾好的話就容易造成Command injection E.g. 某個地⽅能夠讓使⽤者輸入IP,系統則會⾃動去ping 使⽤者所輸入的IP (是否有風險?)
17.
https://ctf.hung.red:10002 >_ COMMAND INJECTION
18.
Challenge 3 -
Front-end Authentication
19.
>_ FRONT-END AUTHENTICATION 不純熟的網頁開發者在驗證過程(E.g.
登入)時只做到前端保護 ,但後端並沒有同步驗證,而這種前端驗證容易造成修改封 包來達到繞過 如何修改封包?回憶⼀下 Request 和 Response 是如何進⾏的 我們將使⽤BurpSuite這個⼯具來攔截封包,修改封包後繞過 前端驗證並直擊後端
20.
>_ FRONT-END AUTHENTICATION HTTP
Request HTTP Request Proxy
21.
https://ctf.hung.red:10003 >_ FRONT-END AUTHENTICATION
22.
THANK YOU! redhung@hung.red r3dhun9 @r3dhun9
Philip Chen
Download now