Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Hacking: Beginners

Published byAdele Dorcas McDaniel Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Hacking: Beginners"— Presentation transcript:

1 Web Hacking: Beginners
SQL Injection Broken Authentication Code Injection Insecure Direct Object References

2 Websites: Basics You (the client), request/send data to the server
Server side languages (PHP, Python with Flask/Django etc), process data on the server, while client side languages (mainly JavaScript) process data on your client Most vulnerabilities occur because the server trusts you will send it data as it expects Sending unusual/unexpected data can cause unexpected behaviour in server

3 Source All the code which runs on your web browser (client) can be viewed CTRL+U / Right click and Inspect Source Can help you understand what the web application does and how it might be exploited In rare cases developers can forget about information left in the source code This can be valuable to an attacker

4 Broken Authentication
When web applications are installed within a corporate environment quite often the administrative panel comes with a default username and password Very often these are not changed (people forget or can’t be bothered) Default credentials can usually be found on google Usually easy to take control of the server once logged in to admin panel

5 Broken Authentication
Quite often there are also weak passwords in use A weak password is generally one that is short or easily guessable Tools exist which can brute force credentials, using either password wordlists or randomly generated passwords Examples are: Hydra, which works well against most websites WPScan for Wordpress Ncrack is another popular general purpose one

6 SQL Language which is used to handle databases
SQL: Very common database language Usually logins are handled like: if username == suppliedUsername and password == suppliedPassword: login Program expects something along the lines of suppliedUsername=admin and suppliedPassword=password SuppliedUsername and suppliedPassword are not variables but any sequence of characters

7 SQL Injection However, we can craft an input to defeat this logic
suppliedUsername=admin OR 1=1 -- SQL query becomes: if username == admin OR 1=1 -- and password == suppliedPassword: login Double dash comments out rest of line OR username == ‘admin’ OR ‘1’=’1’ and password == ‘suppliedPassword’: login if username == admin OR 1=1: login 1=1 always evaluates to true, so login occurs without password or username required One of the most common web vulnerabilities out there Common programming error which is easy to make <--User Input

8 Code Injection (Bash) Server side languages often have direct access to the operating system the web server is running on Is a very powerful tool but also very dangerous Bash is a shell and command language and is generally the default shell for most Linux distributions and macOS - runs commands on the system Has huge amount of commands, ls (list), cd (change directory) and ping being some of the most common Can chain together commands with semicolon, e.g. ls; cd /home; ls

9 Code Injection (Bash) Imagine a server which monitors the health of other servers You can input a server IP and it will ping that server to see if it exists On the server side: execute(‘ping USER_SUPPLIED_HOST’) We can insert an IP, then append a semicolon and we can execute whatever we want Insert ‘IP_ADDRESS; ls’ Will end up with execute(‘ping IP_ADDRESS; ls’), and the server will execute ls With remote code execution the server is P W N E D

10 Burp Suite #1 tool in web hacking
Has many different features to be explored For now we will just use one: proxy Proxy enables you to intercept data going between your computer (client) and the server

11 Insecure Direct Object References
Sometimes the server trusts the client with important information This is (almost) never a good thing For example, a web application may have an ‘admin’ string set to false Hidden on client side However, as the server reads this information from the client it can be intercepted and changed

12 Prevention Injections can be prevented by input sanitization
For example, PHP can create SQL parameterized queries, where the query is planned before the user supplied strings are parsed Be sure to use strong passwords and change default passwords Never trust data coming from the client - with the right tools it can be modified

13 Now Your Turn - Labs - introductory - replacement (free) - good practice - also introductory, has lessons as well as challenges Burp Suite - web proxy, very useful (it is what we used) Google if you don`t know - plenty of examples

Download ppt "Web Hacking: Beginners"

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io

Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
© 2003 By Default! A Free sample background from www.awesomebackgrounds.com Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 

© 2003 By Default! A Free sample background from Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 

Similar presentations

Ads by Google