We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byLonnie Ricker
Modified over 2 years ago
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane email@example.com
©2009 Justin C. Klein Keane Setting Up Environment Install VMWare workstation, or player Fusion on the Mac Download the target host Unzip the host files then start the host in VMWare
©2009 Justin C. Klein Keane Get VMWare Image Running If prompted, say you moved the image
©2009 Justin C. Klein Keane CentOS Image Booting Once image boots log in with root/password
©2009 Justin C. Klein Keane Find the IP Address Get the IP address of the virtual machine using # /sbin/ifconfig eth0
©2009 Justin C. Klein Keane Ensure Apache is Running
©2009 Justin C. Klein Keane Upload the Exercise
©2009 Justin C. Klein Keane Extract the Exercise
©2009 Justin C. Klein Keane Install the Database
©2009 Justin C. Klein Keane Check the Application
©2009 Justin C. Klein Keane Troubleshooting If you get a blank screen, check the web server and MySQL server: # service httpd status # service mysqld status If you need to start services use: # /etc/rc.d/init.d/httpd restart # /etc/rc.d/init.d/mysqld restart
©2009 Justin C. Klein Keane Troubleshooting Cont. Check the log files: # tail /var/log/httpd/error_log
©2009 Justin C. Klein Keane Install Eclipse PDT Download PDT all in one from http://www.eclipse.org/pdt/ Alternatively install Eclipse from http://www.eclipse.org/downloads/ Be sure to download “Eclipse IDE for Java Developers”
©2009 Justin C. Klein Keane Install PDT if Necessary Use instructions at http://wiki.eclipse.org/PDT/Installation Some platforms, such as Fedora, may have packages for PHP development, these may be more stable than a manual install of PDT
©2009 Justin C. Klein Keane Install RSE Install the Remote System Explorer tools Help -> Software Updates Click the “Add Site” button Enter the URL http://download.eclipse.org/dsdp/tm/download s/ Select Remote System Explorer Core, Remote System Explorer End-User Runtime, Remote System Explorer Extender SDK, and RSE SSH Service
©2009 Justin C. Klein Keane Install the RSE Components Click “Install”
©2009 Justin C. Klein Keane Open Eclipse Default “perspective” is dull and doesn't suit our purposes Click Window -> Show View -> Remote System In the new window right click and select “new connection”
©2009 Justin C. Klein Keane Add New Connection Select “SSH Only”, click Next
©2009 Justin C. Klein Keane Connection Details Fill in VMWare host information, click Finish
©2009 Justin C. Klein Keane Connect to Remote Host Click the down arrow for the host, then “Sftp Files” then “Root” and enter credentials
©2009 Justin C. Klein Keane View Source
©2009 Justin C. Klein Keane Look for Potential SQL Injection
©2009 Justin C. Klein Keane Testing the Injection First we'll try the injection using manual methods Next we'll use some tools to help us out Sometimes manual testing may be impossible
©2009 Justin C. Klein Keane Manual Testing
©2009 Justin C. Klein Keane Using Tamper Data To start Firefox Tamper Data plugin select Tools -> Tamper Data Click “Start Tamper” in the upper left Fill in your test values again and submit When prompted click “Tamper”
©2009 Justin C. Klein Keane That's Interesting
©2009 Justin C. Klein Keane Tamper Fill in new values for Post Parameters Note that you can also tamper with Cookies and Referer Data Click “OK” when you're happy with your values
©2009 Justin C. Klein Keane That's More Like It
©2009 Justin C. Klein Keane Checking Cookies You can also view cookies using the Web Developer Plugin select Cookies -> View Cookie Information
©2009 Justin C. Klein Keane Using Web Developer
©2009 Justin C. Klein Keane Paros Download Paros from http://www.parosproxy.org Paros is Java based, so if Eclipse can run on your machine, so can Paros Paros is a proxy, so it captures requests from your web browser to a server and responses from the server back to your browser You can use it to alter your requests quite easily
©2009 Justin C. Klein Keane Start Up Paros
©2009 Justin C. Klein Keane Configure Firefox You need to configure Firefox to use Paros as a proxy Choose Edit -> Preferences, then Advanced - > Network -> Settings
©2009 Justin C. Klein Keane Configure Settings
©2009 Justin C. Klein Keane Create Request Once Firefox is configured to utilize Paros browse through the site normally Note how Paros records all your interactions Try submitting the login form Note that Paros records GET and POST requests
©2009 Justin C. Klein Keane Paros in Action
©2009 Justin C. Klein Keane Paros Records Details
©2009 Justin C. Klein Keane Alter Requests To alter a request click on it in the bottom window Next right click and select “Resend” This opens a new window where you can alter any of the send requests Change any data and click the “Send” button
©2009 Justin C. Klein Keane Paros Resend
©2009 Justin C. Klein Keane Response is Raw
©2009 Justin C. Klein Keane Our Target $sql = "select user_id from user where user_username = '". $_POST['username']. "' AND user_password = md5('". $_POST['password']. "')";
©2009 Justin C. Klein Keane Target SQL select user_id from user where user_username = 'somename' and user_password = md5('somepass');
©2009 Justin C. Klein Keane Possible Permutation select user_id from user where user_username = 'somename' or 1='1' and user_password = md5('somepass'); What is the proper input to create this statement?
©2009 Justin C. Klein Keane Testing Your SQL
©2009 Justin C. Klein Keane Bypassing Login with SQL Injection
©2009 Justin C. Klein Keane We're In!
©2009 Justin C. Klein Keane Chained Exploits Note that the exploitation of the authentication leads to access to new, potentially exploitable functionality Authentication leads to cookie granting Admin functions are often “trusted”
©2009 Justin C. Klein Keane Steps to Remember Look for vulnerabilities In the source code In the functional front end Test your exploits in the “friendliest” environment possible Use tools to recreate attacks in the live environment.
©2009 Justin C. Klein Keane For Next Time -Install Paros Proxy -Install Firefox and the Tamper Data and Web Developer plug ins -Download and install the sample SQL injection application on your VM -Identify at least 4 SQL injection vulnerabilities -Develop exploits for each vulnerability -Develop fixes for each vulnerability
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Android. The Eclipse IDE Installation Requirements: Eclipse Java Windows All must match (32-bit OR 64-bit) If you have a 64-bit OS & 32-bit browser,
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
October, 2015 How to Deploy and Configure the Smart Net Total Care CSPC Collector.
Sitescope Admin Training ASKES
©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Installing a Moodle Test Site The painless and easy way.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
CSS Central: Central Management Utility Screen View Samples Next.
Microsoft FrontPage 2003 Illustrated Complete Finalizing a Web Site.
Liferay Installation Prepared by: Do Xuan Hai 8 August 2011.
MIS Week 5 Site:
LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
Eclipse Overview Introduction to Web Programming Kirkwood Continuing Education Fred McClurg © Copyright 2015, Fred McClurg, All Rights Reserved.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Introduction to Android. Android as a system, is a java based operating system that runs on the Linux kernel. The system is very lightweight and full.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
Integrating with UCSF’s Shibboleth system
The Next Step Hudson Fare Files 102 – Import & upload Rev. 10/14.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI /
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
bWAPP – Bee Bug – Installation
CF Eclipse Nick Kwiatkowski Michigan State University, Physical Plant 8/8/2006.
1.Switch on the computer and wait for loading. 2.Select the Windows 7 OS at the end of the list. 3.Click on the link ‘Administrator’ 4.Enter the administrator.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Installing and Configuring Moodle. Download Download latest Windows Install package from Moodle.orgMoodle.org.
CPSC 372 John D. McGregor Module 6 Session 4 Sonar.
How to use Drupal Awdhesh Kumar (Team Leader) Presentation Topic.
Technology Coordinator Training. Agenda Getting Started Using SystemCheck Technology Configurations Infrastructure Trial Proctor Caching Overview Managing.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
5/14/2003Sprint TekNet IP Train the Trainer1 Open TekNet Software If working at a client station, enter the IP address of the server and mark page as a.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af Web Application Attack and Audit Framework Secures web applications by finding and exploiting web application.
Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Blackboard Pilot Tasks and Walkthroughs. Bb Test Case Training Pilot with AnswersDarek Sady - 5/4/2004 Goals: Identify problematic areas our clients.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Proctor Caching and System Check September 4, 2014 Becky Hoeft Conference Number: (877) Conference Pin:
Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting https://www.alternativehosting.com
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
Migrating Wordpress Migrating Wordpress can sometimes get more complicated as it should. There is no plugin that does this for you, the best way is to.
PAYWARE TRANSACT TERMINAL INTERFACE MANAGER OVERVIEW Terminal Interface Manager (TIM) is a server designed and developed by VeriFone, Inc. to work between.
© 2017 SlidePlayer.com Inc. All rights reserved.