Upgrade to Pro — share decks privately, control downloads, hide ads and more …

I want to be a hacker... but I only look good in a white hat

Jakub Gadkowski
June 27, 2015
Programming
0
170

I want to be a hacker... but I only look good in a white hat

Lightning Uncon talk at Dutch PHP Conference 2015

Jakub Gadkowski

June 27, 2015
Tweet

More Decks by Jakub Gadkowski

See All by Jakub Gadkowski
Software Architecture Anti-patterns
jakubgg
1
190
Do you think you are secure?
jakubgg
0
86
I want to be a Hacker v3.0
jakubgg
0
200
I want to be a hacker... but I only look good in a white hat v2.0
jakubgg
0
72

Other Decks in Programming

See All in Programming
読みやすいコードの書き方 第 1 回 / Code readability: Session 1 (ver. 2, Ja)
munetoshi
1
460
Develop Modern and Lightweight Cloud Applications with Jakarta EE 10
ivargrimstad
0
1.1k
OAuth for Java Developers - Codemotion Madrid 2023
mraible
PRO
0
300
スクラムマスターを目指すためにギャルになってみた話
kinocoboy2
6
1.9k
AWS CDKとZodを活用したバリデーションパターン集 / validation patterns with cdk and zod
gotok365
3
800
「無ければ作る」Backlogに欲しい機能を自分で作った話
nsuz
0
130
その Swift コード、
こう書き換えてみないか / Polishing your Swift code with me!
treastrain
1
3.2k
The Resurrection of 
the Fast Parallel Test Runner
koic
1
1.6k
Github CopilotとChatGPTを使って感じた使い分けの糸口 / JavaDo #22
gishi_yama
0
150
Workshop: Android UI Testing
alexzhukovich
0
130
フロントエンド刷新をプロジェクトとして進める際に気をつけていること
koba04
1
1.1k
SwiftSyntaxが面白い
ryu_hu03
1
350

Featured

See All Featured
A Philosophy of Restraint
colly
195
15k
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
The Invisible Customer
myddelton
113
12k
Clear Off the Table
cherdarchuk
81
300k
Code Reviewing Like a Champion
maltzj
508
38k
Building an army of robots
kneath
300
41k
Designing the Hi-DPI Web
ddemaree
273
33k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
Writing Fast Ruby
sferik
613
58k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
9
5.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k
Typedesign – Prime Four
hannesfritz
34
1.6k

Transcript

  1. I WANT TO BE A HACKER
    But I only look good in a white hat

    View Slide

  2. JAKUB GADKOWSKI
    Back-end developer at
    Helping to make awesome
    @jakubga
    WHOAMI

    View Slide

  3. WHAT IS PENTESTING?

    View Slide

  4. When you break (into) a website
    legally (and you get paid for it).

    View Slide

  5. COMMON ATTACK VECTORS

    View Slide

  6. PERSISTENT XSS

    View Slide

  7. REFLECTED XSS

    View Slide

  8. SQL (BLIND) INJECTION

    View Slide

  9. CSRF
    (CROSS SERVER REQUEST FORGERY)

    View Slide

  10. DATA MINING

    View Slide

  11. MANY MORE
    (DIRECTORY TRAVERSAL, REMOTE CODE EXECUTION, PRIVILEGE
    ESCALATION, SESSION STEALING, REMOTE FILES INCLUSION)

    View Slide

  12. TOOLS

    View Slide

  13. View Slide

  14. GOOGLE

    View Slide

  15. GOOGLE
    • Data mining:

    site:target.com filetype:doc
    • SQL Injection/DB identification:

    site:target.com "supplied argument is not a valid
    MySQL”
    • For more check “Exploit Database”:

    https://www.exploit-db.com/

    View Slide

  16. WPSCAN

    View Slide

  17. WPSCAN
    First of all, update WPscan database:

    wpscan --update
    Quickscan (may require `sudo` on Ubuntu) only enumerate
    vulnerable plugins:

    wpscan -u domaintocheck.com -e vp

    View Slide

  18. WPSCAN
    Most popular plugins with plugin folder given (more accurate results):

    wpscan -u domaintocheck.com -e p --wp-plugins-dir content/plugins/
    WPscan can also ‘brute force’ using dictionaries with passwords :

    wpscan -u domaintocheck.com --wordlist popularpass.txt --username admin

    View Slide

  19. OWASP ZAP PROXY

    View Slide

  20. ZAP PROXY QUICK SCAN
    • Might be a good idea to
    persist your session for
    future reference
    • Be sure you have plenty of
    memory and space as these
    sessions can grow quite large
    (200mb-500mb is standard)

    View Slide

  21. ZAP PROXY QUICK SCAN
    • fill in “URL to attack” field
    with your target address
    • press “Attack”

    View Slide

  22. ZAP PROXY QUICK SCAN
    • wait until finished
    • explore “Alerts” tab

    View Slide

  23. W3AF

    View Slide

  24. W3AF QUICK SCAN
    • Backbox version does not
    work ‘out of the box’
    • you need to update it
    manually.

    View Slide

  25. W3AF QUICK SCAN
    • First select scan type (e.g.
    OWASP Top 10)
    • Put the address in the
    “Target” field
    • Press “Start”

    View Slide

  26. W3AF QUICK SCAN
    • After scan finishes investigate
    “Results” tab.

    View Slide

  27. SQLMAP

    View Slide

  28. SQLMAP
    Once you have a suspect parameter for injection:

    sqlmap -u “http://domaintocheck.com/search?search=1” --threads=3 --risk=2
    --level=2
    If you know your target platform (say MySQL) and want only table
    names, you can speedup the process:

    sqlmap -u "http://domaintocheck.com/search?search=1" --threads=3 --risk=2
    --level=2 --tables --dbms=MySQL

    View Slide

  29. View Slide

  30. RESOURCES

    View Slide

  31. BACKBOX
    http://www.backbox.org/

    View Slide

  32. KALI (AKA BACKTRACK)
    https://www.kali.org/

    View Slide

  33. OWASP
    The Open Web Application Security Project
    https://www.owasp.org/

    View Slide

  34. WPSCAN VULNERABILITY
    DATABASE
    https://wpvulndb.com/

    View Slide

  35. ETHICAL HACKING
    http://www.ehacking.net/

    View Slide

  36. OFFENSIVE SECURITY EXPLOIT
    DATABASE ARCHIVE
    https://www.exploit-db.com/

    View Slide

  37. FOR CONFERENCES &
    TUTORIALS
    Do you really need the address?

    View Slide

  38. GOOGLE
    if you do not know the address just google it.

    View Slide

  39. THANK YOU!

    View Slide