SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

More documents

Recommendations

Info

• Author: OWASP Project DirBuster • Site:www.owasp.org/index.php/Category:OWASP_Di rBuster_Project • Purpose: Brute force of web directories and files • Language: Java • Pros: – Very quick for what it does – Has one of the most exhaustive list (big crawler on tons of websites), however they are highly inefficient • Caveats: – Scans can take a VERY long time if you use recursion – Can overwhelm servers (connections and log disk storage) Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 50
Finding Unlinked Resources • Before you do anything, turn off recursion! – Takes FOREVER! • Scan “http://dojo-basic” with the small directory list – Disable recursive checks and brute force file checks • While the scan is running, experiment with the number of threads – Be careful over 10 threads if you are on in a virtual machine! Copyright 2009-2012 Justin Searle / Raul Siles - This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License 51
Page 1 and 2: Assessing and Exploiting Web Applic
Page 3 and 4: Course Contributors Course Authors
Page 5 and 6: SamuraiWTF • Live testing environ
Page 7 and 8: SamuraiWTF 2.0 • Complete rebuild
Page 9 and 10: Setting up Your Course VM • Copy
Page 11 and 12: Testing Methodology Because we are
Page 13 and 14: Formal Methodology • A simple met
Page 15 and 16: First Target: Dojo-Basic Mutillidae
Page 17 and 18: Testing Plan for Dojo-Basic • Map
Page 19 and 20: Reconnaissance Steps Copyright 2009
Page 21 and 22: The MOST Underutilized Step... •
Page 23 and 24: Mapping Steps Copyright 2009-2012 J
Page 25 and 26: • nmap 127.42.84.0/29 - Port scan
Page 27 and 28: Zenmap • Author: Adriano Monteiro
Page 29 and 30: Firefox • Author: Mozilla Foundat
Page 31 and 32: • Author: Elbert F Wappalyzer •
Page 33 and 34: FoxyProxy • Author: Eric H. Jung
Page 35 and 36: Using Firefox with ZAP • Configur
Page 37 and 38: Manual Mapping Exercise • Which o
Page 39 and 40: Viewing Saved Alerts • Keeps trac
Page 41 and 42: • Author: PortSwigger Ltd. • Si
Page 43 and 44: Burp Spider • Burp's concept of s
Page 45 and 46: Discovery Steps Copyright 2009-2012
Page 47 and 48: • Author: Sullo Nikto • Site: h
Page 49: ZAP Application Integration nikto C
Page 53 and 54: Raft's Unlinked Resource Lists •
Page 55 and 56: w3af • Author: Andres Riancho and
Page 57 and 58: Using w3af • Choosing the plugins
Page 59 and 60: • Author: iOpus iMacro • Site:
Page 61 and 62: CeWL • Author: DigiNinja (Robin W
Page 63 and 64: Fuzzing Logins • Use ZAP Fuzzer t
Page 65 and 66: When Session Look Random • Try co
Page 67 and 68: Session Analysis with Burp • Clea
Page 69 and 70: Testing for Injection Flaws • Whe
Page 71 and 72: User Agent Switcher • Author: chr
Page 73 and 74: Dojo-Basic Exploitation Copyright 2
Page 75 and 76: Step 4: Exploitation • Verifying
Page 77 and 78: • Author: V@no Cookies Manager+
Page 79 and 80: Basic SQL Injection Exploitation
Page 81 and 82: SQLMap Exercise • Review the opti
Page 83 and 84: Laudanum Exercise • Configure a L
Page 85 and 86: BeEF Exercise • Start beef from t
Page 87 and 88: Final Target: Samurai Dojo A dojo (
Page 89 and 90: STOP!!! The next page contains the
Page 91 and 92: Walkthrough: Keys 0-4 • Key 00 =
Page 93 and 94: Walkthrough: Keys 10-14 • Key 10
Page 95 and 96: Next Steps • We will all continue
Page 97 and 98: Instructor Contact Information Raul
Page 99 and 100: Appendix A: Recon The most under ut
Page 101 and 102:
Domain and IP Registrations • Wha
Page 103 and 104:
Social Networks • Precursor to So
Page 105 and 106:
• Common tools: DNS Interrogation
Page 107 and 108:
Fierce Domain Scanner • Author: R
Page 109 and 110:
• Author: Hrvoje Nikšić & Giuse
Page 111 and 112:
Appendix C: Scripting With Python C
Page 113 and 114:
Python Shell • Using an interacti
Page 115 and 116:
A Tale of Two Libraries urllib2 HTT
Page 117 and 118:
Using urllib2 The library that does
Page 119 and 120:
import urllib2 Working with Headers
Page 121 and 122:
import urllib2, re Filtering Respon
Page 123 and 124:
import urllib2, re Fuzzing and Brut
Page 125:
pyCIT Templates • Completed Templ
show all

SamuraiWTF Course Slides v14 - BruCON 2012.pdf - ftp

Create successful ePaper yourself

Delete template?

Save as template?