Team RISC nullcon 2012 Jailbreak presentation
-
Upload
raghu-nath -
Category
Technology
-
view
609 -
download
1
description
Transcript of Team RISC nullcon 2012 Jailbreak presentation
Team RISC
Our story of Jail break !
Aim
Find zero day in Joomla ( I'm-possible in 36 Hrs ;) )
Eating only this ...
Why Joomla/Gymla ?
● Challenge !● Learn exploitation in complex
web applications● IBM X-force paper on CMS
security.
Vulns in Drupal
Vulns in Wordpress
Vulns in Joomla
How its generally done ?
Source codeAuditing
Fuzzing
0 day vulnerability
What we did ?
Methodology
Know your enemy
If you know your enemies and know yourself, you will not be imperiled in a hundred battles
-- Sun Tzu, the art of war
Set up the Attacking environment
Study the Joomla architecture
Components, modules, plugins
Source code Auditing
●Identify vulnerable Functions●Analyze the entry points●Analyze Input Validations.
The entry points
More ...
Few more ...
Exec call
RIPS output
Fuzzing● Find the entry points ● SQL Injection● XSS● CSRF● Command Injection● Click Jacking with Drag and drop
JBroFuzz
Clickjacking
Tools used for Source code auditing
● The mighty grep● RIPS● RATS
Tools used for Fuzzing
JBroFuzz
Burp Suite
WebScarab
References
● http://www.exploit-db.com/papers/15780/
● Burp Suite
● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119
Thanks to ...
Omair, Amol Naik, Null team and especially our Jailer
Questions ?
हकैर हकै्या ? हकैर