SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

More documents

Recommendations

Info

• Black box testing Types of Tests – Little to no information is provided – Extra time spent on Recon and Mapping • White box or crystal box testing – Other end of the scale – Virtually all access to the host server provided – Often includes source code review • Grey box testing – Most "discoverable" information is provided Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 12
Formal Methodology • A simple methodology: – Recon: Gathering information from external sources about your target – Mapping: Learning about the target app from a user's AND a developer's perspective – Discovery: Learning the app from an attacker's perspective – Exploitation: Attempting to measure the true risk of discovered vulnerabilities • Successful exploitation often leads to new functionality to map and a second layer of vulnerabilities to discover Exploitation Recon Discovery Mapping Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 13
Page 1 and 2: Assessing and Exploiting Web Applic
Page 3 and 4: Course Contributors Course Authors
Page 5 and 6: SamuraiWTF • Live testing environ
Page 7 and 8: SamuraiWTF 2.0 • Complete rebuild
Page 9 and 10: Setting up Your Course VM • Copy
Page 11: Testing Methodology Because we are
Page 15 and 16: First Target: Dojo-Basic Mutillidae
Page 17 and 18: Testing Plan for Dojo-Basic • Map
Page 19 and 20: Reconnaissance Steps Copyright 2009
Page 21 and 22: The MOST Underutilized Step... •
Page 23 and 24: Mapping Steps Copyright 2009-2012 J
Page 25 and 26: • nmap 127.42.84.0/29 - Port scan
Page 27 and 28: Zenmap • Author: Adriano Monteiro
Page 29 and 30: Firefox • Author: Mozilla Foundat
Page 31 and 32: • Author: Elbert F Wappalyzer •
Page 33 and 34: FoxyProxy • Author: Eric H. Jung
Page 35 and 36: Using Firefox with ZAP • Configur
Page 37 and 38: Manual Mapping Exercise • Which o
Page 39 and 40: Viewing Saved Alerts • Keeps trac
Page 41 and 42: • Author: PortSwigger Ltd. • Si
Page 43 and 44: Burp Spider • Burp's concept of s
Page 45 and 46: Discovery Steps Copyright 2009-2012
Page 47 and 48: • Author: Sullo Nikto • Site: h
Page 49 and 50: ZAP Application Integration nikto C
Page 51 and 52: Finding Unlinked Resources • Befo
Page 53 and 54: Raft's Unlinked Resource Lists •
Page 55 and 56: w3af • Author: Andres Riancho and
Page 57 and 58: Using w3af • Choosing the plugins
Page 59 and 60: • Author: iOpus iMacro • Site:
Page 61 and 62: CeWL • Author: DigiNinja (Robin W
Page 63 and 64:
Fuzzing Logins • Use ZAP Fuzzer t
Page 65 and 66:
When Session Look Random • Try co
Page 67 and 68:
Session Analysis with Burp • Clea
Page 69 and 70:
Testing for Injection Flaws • Whe
Page 71 and 72:
User Agent Switcher • Author: chr
Page 73 and 74:
Dojo-Basic Exploitation Copyright 2
Page 75 and 76:
Step 4: Exploitation • Verifying
Page 77 and 78:
• Author: V@no Cookies Manager+
Page 79 and 80:
Basic SQL Injection Exploitation
Page 81 and 82:
SQLMap Exercise • Review the opti
Page 83 and 84:
Laudanum Exercise • Configure a L
Page 85 and 86:
BeEF Exercise • Start beef from t
Page 87 and 88:
Final Target: Samurai Dojo A dojo (
Page 89 and 90:
STOP!!! The next page contains the
Page 91 and 92:
Walkthrough: Keys 0-4 • Key 00 =
Page 93 and 94:
Walkthrough: Keys 10-14 • Key 10
Page 95 and 96:
Next Steps • We will all continue
Page 97 and 98:
Instructor Contact Information Raul
Page 99 and 100:
Appendix A: Recon The most under ut
Page 101 and 102:
Domain and IP Registrations • Wha
Page 103 and 104:
Social Networks • Precursor to So
Page 105 and 106:
• Common tools: DNS Interrogation
Page 107 and 108:
Fierce Domain Scanner • Author: R
Page 109 and 110:
• Author: Hrvoje Nikšić & Giuse
Page 111 and 112:
Appendix C: Scripting With Python C
Page 113 and 114:
Python Shell • Using an interacti
Page 115 and 116:
A Tale of Two Libraries urllib2 HTT
Page 117 and 118:
Using urllib2 The library that does
Page 119 and 120:
import urllib2 Working with Headers
Page 121 and 122:
import urllib2, re Filtering Respon
Page 123 and 124:
import urllib2, re Fuzzing and Brut
Page 125:
pyCIT Templates • Completed Templ
show all

SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?