0wn1ng The Web at www.wdcnz.com

Transcript

1. 0wn1ng The Web

2. Why do We Care?

3. Reconnaissance

4. None
5. None

6. Vulnerability Scanning

7. Vulnerability Scanning NMAP

8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

   Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

9. Vulnerability Scanning

10. Vulnerability Scanning

11. Vulnerability Scanning

12. Vulnerability Searching https://github.com/offensive-security/exploit-database

13. Vulnerability Searching https://www.exploit-db.com/

14. None

15. Vulnerability Searching

16. Vulnerability Searching

17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

18. Exploitation

19. Exploitation

20. Exploitation

21. Exploitation

22. Veil - Framework Exploitation

23. Exploitation

24. Why These Tools?

25. Demo 1

26. Countermeasures

27. Countermeasures Fix XSS vulns

28. -

29. Demo 2

30. Countermeasures

31. Countermeasures Understanding of Social Engineering

32. None
33. None

34. Demo 3

35. Countermeasures

36. Countermeasures Spoofing

37. None

38. Exploitation Hooked Browsers... What now?

39. None
40. None

41. Demo 4

42. Demo 5

43. Countermeasures

44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

45. Documenting / Reporting

46. None

47. Following images are used under the Creative Commons: [1], [2]