Web Application Hacking - ADCET

Transcript

1. Web Application Hacking Date: 6th May 2023

2. whoami - Shrimant More - Product Security Analyst @HackerOne -

   HackerOne Brand Ambassador - Pune, India - 4+ years of experience in Security Domain 2

3. Quick Question: How do I put these balls in this

   jar ? 3

4. 4 Things you already know Things you will learn in

   today’s workshop Your Brain Just open the lid

5. 5 The Golden Circle

6. What we will learn - Burp Suite Proxy Tool -

   Google dorking - Fuzzing using Intruder and ffuf - Choosing a good program to Hack on - Writing good vulnerability reports - Submitting Vulnerability reports on HackerOne platform 6

7. How we will learn - https://portswigger.net/web-security/learning-path - https://owasp.org/www-project-top-ten/ - https://twitter.com/InfoSecComm

   - https://hackerone.com/hacktivity - Youtube - Book1, Book2 7

8. Why AppSec? 8

9. - Lot of Jobs Openings - Freelancing - Bug Bounty

   Hunting - Security Research - Security Consultant 9

10. Burp Suite - Application Security Testing Software 10

11. None

12. Explore the tool for 5 mins

13. URL Structure

14. URL with Parameters

15. Burp Demo

16. Request

17. Response

18. Sensitive Data Exposure using Intruder

19. Intruder - Demo - Visit https://github.com/Pratham0x01/Fuzzing - Open the mentioned

    URL in burp’s browser - Open the two wordlists in different tabs - Use wordlist1.txt - Use wordlist2.txt - Use wordlist3.txt

20. Fuzzing using ffuf

21. Ffuf - Demo - Visit https://github.com/Pratham0x01/Fuzzing - Open the mentioned

    URL in burp’s browser - Open the two wordlists in different tabs - Use wordlist1.txt - Use wordlist2.txt - Use wordlist3.txt

22. Google Dorking

23. - What is Google Dorks? - How it Works? -

    Why to use Google Dorks? - Q&A

24. What is Google Dorks - It is NOT Google hacking.

    - Collection of operators. - Gives results based on queries. It is a special search term in which a user provides specific queries as a search to access specific information which is not available using normal search. Result obtained is based on type of operators used to make the search.

25. Why to Use Google Dorks? - To find login panels.

    - To explore hidden files. - To explore hidden sensitive endpoints. - To explore open/vulnerable web servers. - To find cached version of website.

26. How it works?

27. Before getting into the details there are some terms we

    need to know - Operators. - Special Characters(+, -, ~).

28. Operators - Used to create a query. - Multiple operators

    in single query is possible.

29. Common Operators - Site: name of the website - inurl:

    specified keyword - intitle: required keyword - intext: required keyword - filetype: pdf,doc, log, etc. - cache:website address

30. Common Examples - Site: example.com inurl: "/admin" intitle:"Admin Login“ -

    Site: example.com intitle:"index of" "config.php“ - intitle:”index of” inurl:ftp - Site: example.com filetype:log - filetype:log username putty - intitle:"Index of" wp-admin - "index of" "database.sql.zip" - intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator“

31. Google Hacking Database Demo https://www.exploit-db.com/google-hacking-database

32. Pentest Tools Google Dorks Demo https://pentest-tools.com/information-gathering/google-hacking

33. Automation - https://github.com/ZephrFish/GoogD0rker/ - https://github.com/opsdisk/pagodo

34. Choose a good Bug Bounty Program Demo

35. What to look for - Reputation: Good reviews and ratings

    - Scope: Clearly defined and relevant to skill set. - Rewards: Check the rewards offered by the program. - Response Efficiency: Check if the company has a good history of responding to vulnerabilities reported through the program. - Communication: Look for programs that have clear communication channels and respond promptly to bug reports.

36. Writing Good Vulnerability Reports Demo

37. Why it is important - It makes easier to understand

    the cause of vulnerability. - It makes easier to distinguish the severity. - It is easier to reproduce the reported issue. - It makes easier to fix the vulnerability.

38. What’s there in a good report? - Summary: Brief summary

    introducing the reader to your finding. - Steps to Reproduce: Step performed in order to regenerate the vulnerability - Proof of Concept: Screenshots or Video of performed attack. - Impact: if this bug were exploited, what could happen? - Supporting Material: Any logs, reference links etc. - Severity: To show how severe the vulnerability is.

39. Submitting Reports on Platform Demo

40. Questions?