SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

More documents

Recommendations

Info

Nmap Optimization – Finding the right balance between speed and false negatives – Tune your options on a subset of IPs (first /24 of 127.42.0.0/16) sudo nmap -p 80,443 127.42.0.0/24 sudo nmap -n -PN -p 80,443 -T5 127.42.0.0/24 sudo nmap -n -PN -p 80,443 -T5 --max-retries 0 127.42.0.0/24 sudo nmap -n -PN -p 80,443 --max-rtt-timeout 100 --min-rtt-timeout 25 --initial-rtt-timeout 50 --max-retries 0 127.42.0.0/24 sudo nmap -n -PN -p 80,443 --min-rate 10000 --min-hostgroup 4096 --max-retries 0 127.42.0.0/24 – Now we have a finely tuned scan, lets run on the full /16 subnet sudo nmap -n -PN -p 80,443 --min-rate 10000 --min-hostgroup 4096 --max-retries 0 --reason -oN /tmp/AllIPs-ports80_443 127.42.0.0/16 sudo nmap -n -PN -sS -sU -p 80,443 -A --max-retries 1 --reason -oN /tmp/LiveWebServers-Top1000TcpUdpPorts-All 127.42.84.1-5 – Understanding Nmap Scripting Engine (NSE) ls /usr/share/nmap/scripts | grep -iE “http|html” Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 26
Zenmap • Author: Adriano Monteiro Marques and nmap project • Site: http://nmap.org/zenmap • Purpose: Graphical nmap interface to make it easier for beginners, provide basic analysis capabilities, facilitate rescans, display network topologies, and compare scans • Language: C/C++ • Samurai Notes: – Since many scans require root, Zenmap when started from the menu on <strong>SamuraiWTF</strong> runs as root. To run it as a normal user, run "zenmap" from the command prompt Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 27
Page 1 and 2: Assessing and Exploiting Web Applic
Page 3 and 4: Course Contributors Course Authors
Page 5 and 6: SamuraiWTF • Live testing environ
Page 7 and 8: SamuraiWTF 2.0 • Complete rebuild
Page 9 and 10: Setting up Your Course VM • Copy
Page 11 and 12: Testing Methodology Because we are
Page 13 and 14: Formal Methodology • A simple met
Page 15 and 16: First Target: Dojo-Basic Mutillidae
Page 17 and 18: Testing Plan for Dojo-Basic • Map
Page 19 and 20: Reconnaissance Steps Copyright 2009
Page 21 and 22: The MOST Underutilized Step... •
Page 23 and 24: Mapping Steps Copyright 2009-2012 J
Page 25: • nmap 127.42.84.0/29 - Port scan
Page 29 and 30: Firefox • Author: Mozilla Foundat
Page 31 and 32: • Author: Elbert F Wappalyzer •
Page 33 and 34: FoxyProxy • Author: Eric H. Jung
Page 35 and 36: Using Firefox with ZAP • Configur
Page 37 and 38: Manual Mapping Exercise • Which o
Page 39 and 40: Viewing Saved Alerts • Keeps trac
Page 41 and 42: • Author: PortSwigger Ltd. • Si
Page 43 and 44: Burp Spider • Burp's concept of s
Page 45 and 46: Discovery Steps Copyright 2009-2012
Page 47 and 48: • Author: Sullo Nikto • Site: h
Page 49 and 50: ZAP Application Integration nikto C
Page 51 and 52: Finding Unlinked Resources • Befo
Page 53 and 54: Raft's Unlinked Resource Lists •
Page 55 and 56: w3af • Author: Andres Riancho and
Page 57 and 58: Using w3af • Choosing the plugins
Page 59 and 60: • Author: iOpus iMacro • Site:
Page 61 and 62: CeWL • Author: DigiNinja (Robin W
Page 63 and 64: Fuzzing Logins • Use ZAP Fuzzer t
Page 65 and 66: When Session Look Random • Try co
Page 67 and 68: Session Analysis with Burp • Clea
Page 69 and 70: Testing for Injection Flaws • Whe
Page 71 and 72: User Agent Switcher • Author: chr
Page 73 and 74: Dojo-Basic Exploitation Copyright 2
Page 75 and 76: Step 4: Exploitation • Verifying
Page 77 and 78:
• Author: V@no Cookies Manager+
Page 79 and 80:
Basic SQL Injection Exploitation
Page 81 and 82:
SQLMap Exercise • Review the opti
Page 83 and 84:
Laudanum Exercise • Configure a L
Page 85 and 86:
BeEF Exercise • Start beef from t
Page 87 and 88:
Final Target: Samurai Dojo A dojo (
Page 89 and 90:
STOP!!! The next page contains the
Page 91 and 92:
Walkthrough: Keys 0-4 • Key 00 =
Page 93 and 94:
Walkthrough: Keys 10-14 • Key 10
Page 95 and 96:
Next Steps • We will all continue
Page 97 and 98:
Instructor Contact Information Raul
Page 99 and 100:
Appendix A: Recon The most under ut
Page 101 and 102:
Domain and IP Registrations • Wha
Page 103 and 104:
Social Networks • Precursor to So
Page 105 and 106:
• Common tools: DNS Interrogation
Page 107 and 108:
Fierce Domain Scanner • Author: R
Page 109 and 110:
• Author: Hrvoje Nikšić & Giuse
Page 111 and 112:
Appendix C: Scripting With Python C
Page 113 and 114:
Python Shell • Using an interacti
Page 115 and 116:
A Tale of Two Libraries urllib2 HTT
Page 117 and 118:
Using urllib2 The library that does
Page 119 and 120:
import urllib2 Working with Headers
Page 121 and 122:
import urllib2, re Filtering Respon
Page 123 and 124:
import urllib2, re Fuzzing and Brut
Page 125:
pyCIT Templates • Completed Templ
show all

SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?