Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web Application Hacking - ADCET

Shrimant More
October 03, 2024
0
10

Web Application Hacking - ADCET

Shrimant More

October 03, 2024
Tweet

More Decks by Shrimant More

See All by Shrimant More
CVSS - 101
smshrimant
0
4
Importance of Security Tester
smshrimant
0
250
Session on Getting Started with Linux
smshrimant
0
260
Session on Ethical Hacking
smshrimant
0
280

Featured

See All Featured
A designer walks into a library…
pauljervisheath
204
24k
What's new in Ruby 2.0
geeforr
343
31k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Adopting Sorbet at Scale
ufuk
73
9.1k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k

Transcript

  1. Web Application Hacking Date: 6th May 2023

  2. whoami - Shrimant More - Product Security Analyst @HackerOne -

    HackerOne Brand Ambassador - Pune, India - 4+ years of experience in Security Domain 2

  3. Quick Question: How do I put these balls in this

    jar ? 3

  4. 4 Things you already know Things you will learn in

    today’s workshop Your Brain Just open the lid

  5. 5 The Golden Circle

  6. What we will learn - Burp Suite Proxy Tool -

    Google dorking - Fuzzing using Intruder and ffuf - Choosing a good program to Hack on - Writing good vulnerability reports - Submitting Vulnerability reports on HackerOne platform 6

  7. How we will learn - https://portswigger.net/web-security/learning-path - https://owasp.org/www-project-top-ten/ - https://twitter.com/InfoSecComm

    - https://hackerone.com/hacktivity - Youtube - Book1, Book2 7

  8. Why AppSec? 8

  9. - Lot of Jobs Openings - Freelancing - Bug Bounty

    Hunting - Security Research - Security Consultant 9

  10. Burp Suite - Application Security Testing Software 10

  11. None

  12. Explore the tool for 5 mins

  13. URL Structure

  14. URL with Parameters

  15. Burp Demo

  16. Request

  17. Response

  18. Sensitive Data Exposure using Intruder

  19. Intruder - Demo - Visit https://github.com/Pratham0x01/Fuzzing - Open the mentioned

    URL in burp’s browser - Open the two wordlists in different tabs - Use wordlist1.txt - Use wordlist2.txt - Use wordlist3.txt

  20. Fuzzing using ffuf

  21. Ffuf - Demo - Visit https://github.com/Pratham0x01/Fuzzing - Open the mentioned

    URL in burp’s browser - Open the two wordlists in different tabs - Use wordlist1.txt - Use wordlist2.txt - Use wordlist3.txt

  22. Google Dorking

  23. - What is Google Dorks? - How it Works? -

    Why to use Google Dorks? - Q&A

  24. What is Google Dorks - It is NOT Google hacking.

    - Collection of operators. - Gives results based on queries. It is a special search term in which a user provides specific queries as a search to access specific information which is not available using normal search. Result obtained is based on type of operators used to make the search.

  25. Why to Use Google Dorks? - To find login panels.

    - To explore hidden files. - To explore hidden sensitive endpoints. - To explore open/vulnerable web servers. - To find cached version of website.

  26. How it works?

  27. Before getting into the details there are some terms we

    need to know - Operators. - Special Characters(+, -, ~).

  28. Operators - Used to create a query. - Multiple operators

    in single query is possible.

  29. Common Operators - Site: name of the website - inurl:

    specified keyword - intitle: required keyword - intext: required keyword - filetype: pdf,doc, log, etc. - cache:website address

  30. Common Examples - Site: example.com inurl: "/admin" intitle:"Admin Login“ -

    Site: example.com intitle:"index of" "config.php“ - intitle:”index of” inurl:ftp - Site: example.com filetype:log - filetype:log username putty - intitle:"Index of" wp-admin - "index of" "database.sql.zip" - intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator“

  31. Google Hacking Database Demo https://www.exploit-db.com/google-hacking-database

  32. Pentest Tools Google Dorks Demo https://pentest-tools.com/information-gathering/google-hacking

  33. Automation - https://github.com/ZephrFish/GoogD0rker/ - https://github.com/opsdisk/pagodo

  34. Choose a good Bug Bounty Program Demo

  35. What to look for - Reputation: Good reviews and ratings

    - Scope: Clearly defined and relevant to skill set. - Rewards: Check the rewards offered by the program. - Response Efficiency: Check if the company has a good history of responding to vulnerabilities reported through the program. - Communication: Look for programs that have clear communication channels and respond promptly to bug reports.

  36. Writing Good Vulnerability Reports Demo

  37. Why it is important - It makes easier to understand

    the cause of vulnerability. - It makes easier to distinguish the severity. - It is easier to reproduce the reported issue. - It makes easier to fix the vulnerability.

  38. What’s there in a good report? - Summary: Brief summary

    introducing the reader to your finding. - Steps to Reproduce: Step performed in order to regenerate the vulnerability - Proof of Concept: Screenshots or Video of performed attack. - Impact: if this bug were exploited, what could happen? - Supporting Material: Any logs, reference links etc. - Severity: To show how severe the vulnerability is.

  39. Submitting Reports on Platform Demo

  40. Questions?