Web Hacking: Beginners

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Server-Side vs. Client-Side Scripting Languages
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
SQL Injection and Buffer overflow
Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Introduction to Application Penetration Testing
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
© 2003 By Default! A Free sample background from Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Attacking Applications: SQL Injection & Buffer Overflows.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.
SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Web Applications Testing By Jamie Rougvie Supported by.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Crash Course in Web Hacking
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
MySQL Getting Started BCIS 3680 Enterprise Programming.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
Error-based SQL Injection
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Common System Exploits Tom Chothia Computer Security, Lecture 17.
CGS 3066: Web Programming and Design Spring 2017
Chapter 40 Internet Security.
SQL Injection.
Group 18: Chris Hood Brett Poche
Building Secure ColdFusion Applications
Tonga Institute of Higher Education IT 141: Information Systems
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Introduction to Information Security
Introduction to Dynamic Web Programming
TOPIC: Web Security (Part-4)
WEB APPLICATION TESTING
World Wide Web policy.
Theodore Lawson CSCE548 Student Presentation, Topic #2
SQL Injection Attacks Many web servers have backing databases
Computer Security Fundamentals
Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.
PHP: Security issues FdSc Module 109 Server side scripting and
Tonga Institute of Higher Education IT 141: Information Systems
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
Tonga Institute of Higher Education IT 141: Information Systems
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
PHP Forms and Databases.
Enterprise Class Security Scanner
Web Application Development Using PHP
Presentation transcript:

Web Hacking: Beginners SQL Injection Broken Authentication Code Injection Insecure Direct Object References

Websites: Basics You (the client), request/send data to the server Server side languages (PHP, Python with Flask/Django etc), process data on the server, while client side languages (mainly JavaScript) process data on your client Most vulnerabilities occur because the server trusts you will send it data as it expects Sending unusual/unexpected data can cause unexpected behaviour in server

Source All the code which runs on your web browser (client) can be viewed CTRL+U / Right click and Inspect Source Can help you understand what the web application does and how it might be exploited In rare cases developers can forget about information left in the source code This can be valuable to an attacker

Broken Authentication When web applications are installed within a corporate environment quite often the administrative panel comes with a default username and password Very often these are not changed (people forget or can’t be bothered) Default credentials can usually be found on google Usually easy to take control of the server once logged in to admin panel

Broken Authentication Quite often there are also weak passwords in use A weak password is generally one that is short or easily guessable Tools exist which can brute force credentials, using either password wordlists or randomly generated passwords Examples are: Hydra, which works well against most websites WPScan for Wordpress Ncrack is another popular general purpose one

SQL Language which is used to handle databases SQL: Very common database language Usually logins are handled like: if username == suppliedUsername and password == suppliedPassword: login Program expects something along the lines of suppliedUsername=admin and suppliedPassword=password SuppliedUsername and suppliedPassword are not variables but any sequence of characters

SQL Injection However, we can craft an input to defeat this logic suppliedUsername=admin OR 1=1 -- SQL query becomes: if username == admin OR 1=1 -- and password == suppliedPassword: login Double dash comments out rest of line OR username == ‘admin’ OR ‘1’=’1’ and password == ‘suppliedPassword’: login if username == admin OR 1=1: login 1=1 always evaluates to true, so login occurs without password or username required One of the most common web vulnerabilities out there Common programming error which is easy to make <--User Input

Code Injection (Bash) Server side languages often have direct access to the operating system the web server is running on Is a very powerful tool but also very dangerous Bash is a shell and command language and is generally the default shell for most Linux distributions and macOS - runs commands on the system Has huge amount of commands, ls (list), cd (change directory) and ping being some of the most common Can chain together commands with semicolon, e.g. ls; cd /home; ls

Code Injection (Bash) Imagine a server which monitors the health of other servers You can input a server IP and it will ping that server to see if it exists On the server side: execute(‘ping USER_SUPPLIED_HOST’) We can insert an IP, then append a semicolon and we can execute whatever we want Insert ‘IP_ADDRESS; ls’ Will end up with execute(‘ping IP_ADDRESS; ls’), and the server will execute ls With remote code execution the server is P W N E D

Burp Suite #1 tool in web hacking Has many different features to be explored For now we will just use one: proxy Proxy enables you to intercept data going between your computer (client) and the server

Insecure Direct Object References Sometimes the server trusts the client with important information This is (almost) never a good thing For example, a web application may have an ‘admin’ string set to false Hidden on client side However, as the server reads this information from the client it can be intercepted and changed

Prevention Injections can be prevented by input sanitization For example, PHP can create SQL parameterized queries, where the query is planned before the user supplied strings are parsed Be sure to use strong passwords and change default passwords Never trust data coming from the client - with the right tools it can be modified

Now Your Turn - Labs http://school.sigint.mx:8000/challenges - introductory https://security-shepherd.ctf365.com - replacement (free) https://www.hackthis.co.uk/ - good practice https://ctf.hacker101.com - also introductory, has lessons as well as challenges Burp Suite - web proxy, very useful (it is what we used) Google if you don`t know - plenty of examples

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.