$30 off During Our Annual Pro Sale. View Details »

How to hack an Angular app? - ngConf 2018

Asim Hussain
April 18, 2018
Technology
0
710

How to hack an Angular app? - ngConf 2018

How to hack an Angular app? - ngConf 2018

Asim Hussain

April 18, 2018
Tweet

More Decks by Asim Hussain

See All by Asim Hussain
JavaScript Saves The World - DotJS 2019
jawache
0
860
Saving the world, one line at a time [CodeLeaders Australia 2019]
jawache
0
60
YGLF_2019.pdf
jawache
1
110
AI + JavaScript Rocks @ GDGDevFest UA 2018
jawache
0
43
How to hack a web app? WebConfAsia 2018
jawache
0
76
How to scale an SPA? @ AmsterdamJS 2018
jawache
0
20
Getting started with node.js @ AngleBrackets 2018
jawache
1
170
How to hack an Angular app? @ ngVikings 2018
jawache
1
980
How to hack a python app? @ PyCaribbean 2018
jawache
0
160

Other Decks in Technology

See All in Technology
生成AIでシステム開発はどう変わるか
etaroid
17
6.9k
20年以上続くサービスの 管理画面リプレイスを行いながら 技術的負債と向き合った話
radkmb
0
2.2k
Micro Frontends for Java Microservices - SF JUG 2023
mraible
PRO
1
180
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.2k
CPOが開発する覚悟 〜コンパウンドスタートアップにおける、爆速の新規プロダクト開発スタイル〜
mosa_siru
7
6.1k
Kafka Streamsで作る10万rpsを支えるイベント駆動マイクロサービス
joker1007
7
2.3k
SRE推進における失敗と成功 〜く"し"け"な"い"〜 - NIFTY Tech Day 2023
niftycorp
0
100
フロントエンドリアーキテクチャリングと開発チームのスキルトランスファーにおける9ヶ月間の奮闘記
wakamsha
5
3.9k
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
130
RDBを使う単体テストの前に 用意しておきたい環境を考え てみたの
bun913
0
400
AutoGenで作るLLM Agen
peisuke
1
290
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
2
4k

Featured

See All Featured
The Language of Interfaces
destraynor
149
22k
How to train your dragon (web standard)
notwaldorf
71
4.8k
The Brand Is Dead. Long Live the Brand.
mthomps
48
6.5k
Into the Great Unknown - MozCon
thekraken
7
650
Building an army of robots
kneath
299
41k
The Art of Programming - Codeland 2020
erikaheidi
39
12k
Designing for Performance
lara
601
66k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
GraphQLの誤解/rethinking-graphql
sonatard
45
8.7k
Making Projects Easy
brettharned
105
5.2k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k

Transcript

  1. How to hack an
    Angular app?
    @jawache
    ngConf 2018

    View Slide

  2. How to hack a
    web app?
    @jawache
    ngConf 2018

    View Slide

  3. Real Life
    Hacking Stories
    @jawache
    ngConf 2018

    View Slide

  4. Asim Hussain
    @jawache
    codecraft.tv
    microsoft.com

    View Slide

  5. View Slide

  6. Vulnerability vs. Exploit

    View Slide

  7. @jawache
    #1

    View Slide

  8. @jawache
    Photo by Kristina Flour on Unsplash
    0 Day Exploit

    View Slide

  9. @jawache
    Photo by Veri Ivanova on Unsplash
    0 Day Exploit

    View Slide

  10. View Slide

  11. @jawache

    View Slide

  12. @jawache

    View Slide

  13. @jawache

    View Slide

  14. @jawache

    View Slide

  15. "12 of top 50 data breaches were through known
    vulnerabilities" - snyk.io
    https://snyk.io/blog/owasp-top-10-breaches/ @jawache

    View Slide

  16. "77% of 433,000 Sites Use Vulnerable
    JavaScript Libraries" - snyk.io
    https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ @jawache

    View Slide

  17. View Slide

  18. @jawache

    View Slide

  19. @jawache
    nsp

    View Slide

  20. @jawache
    Photo by energepic.com from Pexels
    Summary

    View Slide

  21. #2
    @orange_8361

    View Slide

  22. View Slide

  23. git push
    @jawache
    http://example.com

    View Slide

  24. @jawache
    git push
    http://0

    View Slide

  25. @jawache
    git push
    http://0:8000/composer/send_email

    View Slide

  26. def send_email(request):
    try:
    recipients = request.GET['to'].split(',')
    url = request.GET['url']
    proto, server, path, query, frag = urlsplit(url)
    if query: path += '?' + query
    conn = HTTPConnection(server)
    conn.request('GET',path)
    resp = conn.getresponse()
    ...
    @jawache

    View Slide

  27. http://0:8000/composer/send_email?
    to=orange@nogg&
    url=http://127.0.0.1:12345/foo
    @jawache

    View Slide

  28. def send_email(request):
    try:
    recipients = request.GET['to'].split(',')
    url = request.GET['url']
    proto, server, path, query, frag = urlsplit(url)
    if query: path += '?' + query
    conn = HTTPConnection(server)
    conn.request('GET',path)
    resp = conn.getresponse()
    ...
    @jawache

    View Slide

  29. \r\n
    @jawache

    View Slide

  30. %0D%0A
    @jawache

    View Slide

  31. http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo:
    @jawache

    View Slide

  32. GET /%0D%0Ahello%0D%0AFoo:
    HTTP/1.1
    Host: 127.0.0.1:12345
    Accept-Encoding: identity
    @jawache

    View Slide

  33. GET /%0D%0Ahello%0D%0AFoo:\r\n
    HTTP/1.1\r\n
    Host: 127.0.0.1:12345\r\n
    Accept-Encoding: identity\r\n
    \r\n
    \r\n
    @jawache

    View Slide

  34. @jawache
    GET /\r\n
    hello\r\n
    Foo: HTTP/1.1\r\n
    Host: 127.0.0.1:12345\r\n
    Accept-Encoding: identity\r\n
    \r\n
    \r\n

    View Slide

  35. ...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A
    @jawache

    View Slide

  36. GET /
    set key 0 900 4 data
    HTTP/1.1
    Host: 127.0.0.1:11211
    Accept-Encoding: identity
    @jawache

    View Slide

  37. code
    code
    @jawache

    View Slide

  38. code
    code
    @jawache

    View Slide

  39. @jawache
    Photo by Kelly Sikkema on Unsplash
    Summary

    View Slide

  40. #3
    @jawache

    View Slide

  41. @jawache

    View Slide

  42. @jawache

    View Slide

  43. View Slide

  44. @jawache

    View Slide

  45. cross-env vs. crossenv
    @jawache

    View Slide

  46. @jawache
    Photo by Jairo Alzate on Unsplash
    Summary

    View Slide

  47. @scope/package-name
    @jawache

    View Slide

  48. package-name
    packagename
    package.name
    @jawache

    View Slide

  49. Update
    Small vulnerability
    Don't trust anyone
    All the things
    Fix
    @jawache

    View Slide

  50. Asim Hussain
    @jawache
    codecraft.tv
    microsoft.com

    View Slide

  51. #1
    How I Chained 4 vulnerabilities on GitHub Enterprise - Orange Tsai
    http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
    CRLF injection vulnerability in the HTTPConnection
    https://www.cvedetails.com/cve/CVE-2016-5699/

    View Slide

  52. #2
    Exploit DB
    https://www.exploit-db.com/
    Metasploit
    https://www.metasploit.com/
    Azure App Services
    https://aka.ms/azure-app-service-docs
    Google App Engine
    https://cloud.google.com/appengine/
    Heroku
    https://heroku.com
    Amazon Beanstack
    http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html
    The Equifax hack and how to protect your family — all explained in 5 minutes
    https://medium.freecodecamp.org/the-equifax-hack-and-how-to-protect-your-family-all-explained-in-5-minutes-a2b5187cb6c0

    View Slide

  53. #3
    Oscar Bolmsten on Twitter
    https://twitter.com/o_cee/status/892306836199800836
    Malicious packages in npm. Here’s what to do - Ivan Akulov
    https://iamakulov.com/notes/npm-malicious-packages/

    View Slide