©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

Slides:



Advertisements
Similar presentations
Using Eclipse. Getting Started There are three ways to create a Java project: 1:Select File > New > Project, 2 Select the arrow of the button in the upper.
Advertisements

CSS Central: Central Management Utility Screen View Samples Next.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
©2009 Justin C. Klein Keane PHP Code Auditing Session 4.3 – Information Disclosure & Authentication Bypass Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”
How to post to Wordpress Chruton Budd. Click on the Login link.
Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI /
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Excel Connector for JIRA Installation and functional presentation.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
DB2 (Express C Edition) Installation and Using a Database
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Eclipse Overview Introduction to Web Programming Kirkwood Continuing Education Fred McClurg © Copyright 2015, Fred McClurg, All Rights Reserved.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
bWAPP – Bee Bug – Installation
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.
Android. The Eclipse IDE Installation Requirements: Eclipse Java Windows All must match (32-bit OR 64-bit) If you have a 64-bit OS & 32-bit browser,
Introduction to Android. Android as a system, is a java based operating system that runs on the Linux kernel. The system is very lightweight and full.
LPHI ITG Emergency Preparedness Information Sessions & Training.
Integrating with UCSF’s Shibboleth system
Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting
Microsoft FrontPage 2003 Illustrated Complete Finalizing a Web Site.
Excel Connector for JIRA Installation and functional presentation.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
Liferay Installation Prepared by: Do Xuan Hai 8 August 2011.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Surya Bahadur Kathayat Outline  Ramses  Installing Ramses  Ramses Perspective (Views and Editors)  Importing/Exporting Example.
PAYware Transact Terminal Interface Manager
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
CPSC 372 John D. McGregor Module 6 Session 4 Sonar.
MIS Week 5 Site:
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Proctor Caching and System Check September 4, 2014 Becky Hoeft Conference Number: (877) Conference Pin:
Technology Coordinator Training. Agenda Getting Started Using SystemCheck Technology Configurations Infrastructure Trial Proctor Caching Overview Managing.
1.Switch on the computer and wait for loading. 2.Select the Windows 7 OS at the end of the list. 3.Click on the link ‘Administrator’ 4.Enter the administrator.
CF Eclipse Nick Kwiatkowski Michigan State University, Physical Plant 8/8/2006.
Installing a Moodle Test Site The painless and easy way.
Installing and Configuring Moodle. Download Download latest Windows Install package from Moodle.orgMoodle.org.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1.Switch on the computer and wait for loading. 2.Select the Windows 7 OS at the end of the list. 3.Click on the link ‘Administrator’ 4.Enter the administrator.
The Next Step Hudson Fare Files 102 – Import & upload Rev. 10/14.
5/14/2003Sprint TekNet IP Train the Trainer1 Open TekNet Software If working at a client station, enter the IP address of the server and mark page as a.
How to use Drupal Awdhesh Kumar (Team Leader) Presentation Topic.
Migrating Wordpress Migrating Wordpress can sometimes get more complicated as it should. There is no plugin that does this for you, the best way is to.
WikID installation/training
Configuring ALSMS Remote Navigation
WEB APPLICATION TESTING
NTP, Syslog & Secure Shell
PHP / MySQL Introduction
Microsoft FrontPage 2003 Illustrated Complete
CCA Skill Certification
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
Install Ruby If you are running on Mac OS X, Ruby is preinstalled.
PuTTY Download Putty from:
Lecture 2 - SQL Injection
Web Hacking: Beginners
Configuration Of A Pull Network.
Access eJournals Form Your Home
Cross Site Request Forgery (CSRF)
Presentation transcript:

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane Setting Up Environment Install VMWare workstation, or player  Fusion on the Mac Download the target host Unzip the host files then start the host in VMWare

©2009 Justin C. Klein Keane Get VMWare Image Running If prompted, say you moved the image

©2009 Justin C. Klein Keane CentOS Image Booting Once image boots log in with root/password

©2009 Justin C. Klein Keane Find the IP Address Get the IP address of the virtual machine using # /sbin/ifconfig eth0

©2009 Justin C. Klein Keane Ensure Apache is Running

©2009 Justin C. Klein Keane Upload the Exercise

©2009 Justin C. Klein Keane Extract the Exercise

©2009 Justin C. Klein Keane Install the Database

©2009 Justin C. Klein Keane Check the Application

©2009 Justin C. Klein Keane Troubleshooting If you get a blank screen, check the web server and MySQL server:  # service httpd status  # service mysqld status If you need to start services use:  # /etc/rc.d/init.d/httpd restart  # /etc/rc.d/init.d/mysqld restart

©2009 Justin C. Klein Keane Troubleshooting Cont. Check the log files:  # tail /var/log/httpd/error_log

©2009 Justin C. Klein Keane Install Eclipse PDT Download PDT all in one from Alternatively install Eclipse from  Be sure to download “Eclipse IDE for Java Developers”

©2009 Justin C. Klein Keane Install PDT if Necessary Use instructions at  Some platforms, such as Fedora, may have packages for PHP development, these may be more stable than a manual install of PDT

©2009 Justin C. Klein Keane Install RSE Install the Remote System Explorer tools Help -> Software Updates Click the “Add Site” button Enter the URL  s/ Select Remote System Explorer Core, Remote System Explorer End-User Runtime, Remote System Explorer Extender SDK, and RSE SSH Service

©2009 Justin C. Klein Keane Install the RSE Components Click “Install”

©2009 Justin C. Klein Keane Open Eclipse Default “perspective” is dull and doesn't suit our purposes Click Window -> Show View -> Remote System In the new window right click and select “new connection”

©2009 Justin C. Klein Keane Add New Connection Select “SSH Only”, click Next

©2009 Justin C. Klein Keane Connection Details Fill in VMWare host information, click Finish

©2009 Justin C. Klein Keane Connect to Remote Host Click the down arrow for the host, then “Sftp Files” then “Root” and enter credentials

©2009 Justin C. Klein Keane View Source

©2009 Justin C. Klein Keane Look for Potential SQL Injection

©2009 Justin C. Klein Keane Testing the Injection First we'll try the injection using manual methods Next we'll use some tools to help us out Sometimes manual testing may be impossible

©2009 Justin C. Klein Keane Manual Testing

©2009 Justin C. Klein Keane Using Tamper Data To start Firefox Tamper Data plugin select  Tools -> Tamper Data Click “Start Tamper” in the upper left Fill in your test values again and submit When prompted click “Tamper”

©2009 Justin C. Klein Keane That's Interesting

©2009 Justin C. Klein Keane Tamper Fill in new values for Post Parameters Note that you can also tamper with Cookies and Referer Data Click “OK” when you're happy with your values

©2009 Justin C. Klein Keane That's More Like It

©2009 Justin C. Klein Keane Checking Cookies You can also view cookies using the Web Developer Plugin  select Cookies -> View Cookie Information

©2009 Justin C. Klein Keane Using Web Developer

©2009 Justin C. Klein Keane View Source View -> Source in Firefox Look for comments, JavaScript and the like Sometimes source will reveal information you may have missed

©2009 Justin C. Klein Keane JavaScript in Source

©2009 Justin C. Klein Keane Paros Download Paros from Paros is Java based, so if Eclipse can run on your machine, so can Paros Paros is a proxy, so it captures requests from your web browser to a server and responses from the server back to your browser You can use it to alter your requests quite easily

©2009 Justin C. Klein Keane Start Up Paros

©2009 Justin C. Klein Keane Configure Firefox You need to configure Firefox to use Paros as a proxy  Choose Edit -> Preferences, then Advanced - > Network -> Settings

©2009 Justin C. Klein Keane Configure Settings

©2009 Justin C. Klein Keane Create Request Once Firefox is configured to utilize Paros browse through the site normally Note how Paros records all your interactions Try submitting the login form Note that Paros records GET and POST requests

©2009 Justin C. Klein Keane Paros in Action

©2009 Justin C. Klein Keane Paros Records Details

©2009 Justin C. Klein Keane Alter Requests To alter a request click on it in the bottom window Next right click and select “Resend” This opens a new window where you can alter any of the send requests Change any data and click the “Send” button

©2009 Justin C. Klein Keane Paros Resend

©2009 Justin C. Klein Keane Response is Raw

©2009 Justin C. Klein Keane Bypassing the Login In our manual code analysis we found a SQL injection vulnerability in the login form A JavaScript check prevents easy manual testing We could disable JavaScript or use Paros or Tamper Data to alter the data we're submitting for the login form First let's examine the query

©2009 Justin C. Klein Keane Our Target $sql = "select user_id from user where user_username = '". $_POST['username']. "' AND user_password = md5('". $_POST['password']. "')";

©2009 Justin C. Klein Keane Target SQL select user_id from user where user_username = 'somename' and user_password = md5('somepass');

©2009 Justin C. Klein Keane Possible Permutation select user_id from user where user_username = 'somename' or 1='1' and user_password = md5('somepass'); What is the proper input to create this statement?

©2009 Justin C. Klein Keane Testing Your SQL

©2009 Justin C. Klein Keane Bypassing Login with SQL Injection

©2009 Justin C. Klein Keane We're In!

©2009 Justin C. Klein Keane Chained Exploits Note that the exploitation of the authentication leads to access to new, potentially exploitable functionality Authentication leads to cookie granting Admin functions are often “trusted”

©2009 Justin C. Klein Keane Steps to Remember Look for vulnerabilities  In the source code  In the functional front end Test your exploits in the “friendliest” environment possible Use tools to recreate attacks in the live environment.

©2009 Justin C. Klein Keane For Next Time -Install Paros Proxy -Install Firefox and the Tamper Data and Web Developer plug ins -Download and install the sample SQL injection application on your VM -Identify at least 4 SQL injection vulnerabilities -Develop exploits for each vulnerability -Develop fixes for each vulnerability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.