API tools faq
paste
Advertisement
viprajput

session 25june

viprajput
Jun 26th, 2018
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.77 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. FILE INCLUSION VULNERABILITY
  4. ===========================
  5. File Inclusion Vulnerability leads a Attacker to access the already included files which are already present on the Web Server and may contain some Critical Data.
  6. So by accessing those files through URL, the Attacker can use that critical data which contains the critical data and misuse that.
  7.  
  8. ./ - Forward
  9. ../ - Backwards
  10.  
  11. TYPES OF FILE INCLUSION :
  12.  
  13. = LFI - Local File Inclusion (LFI) vulnerabilities allow an attacker to read (and sometimes execute) files on the victim machine. This can be very dangerous because if the web server is misconfigured and running with high privileges, the attacker may gain access to sensitive information.
  14.  
  15. = RFI - Remote File Inclusion (RFI) vulnerabilities are easier to exploit but less common. Instead of accessing a file on the local machine, the attacker is able to execute code on the Remote Web Application Server.
  16.  
  17. ./ : Forward
  18. ../ : Backwards
  19.  
  20.  
  21. /etc/passwd : stores essential file which is used while loging in to the system. In other words it contains the user and password of the users in a text file. It also tells us about the user id, group id, shell, etc etc…
  22.  
  23. Proc/self/environ
  24.  
  25. Demonstration of LFI on DVWA.
  26.  
  27. STEPS :
  28. (../) - Going a Folder Backwards.
  29.  
  30. = http://127.0.0.1/dvwa/vulnerabilities/fi/?page=../../../../../../etc/passwd
  31. Getting the data in warning and errors by back slashing (../) .
  32.  
  33. ------------------------------------------------------------------------------------------------------------------------------------
  34.  
  35. COMMAND EXECUTION VULNERABILITY
  36. =================================
  37. Command injection/execution is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data to a system shell (CMD). In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application.
  38.  
  39. PIPE : " | "
  40. Used for running multiple commands at the same time.
  41. eg. "ipconfig | dir"
  42.  
  43. Demonstration on LVS and DVWA.
  44.  
  45. STEPS - Pinging on the Input Method of the Web Application.
  46.  
  47. ------------------------------------------------------------------------------------------------------------------------------------
  48.  
  49. TASK
  50. =====
  51. 1. Finding 5 Commands that can work for Command Execution/Injection.
  52. 2. Proc/self/environ
  53.  
  54.  
  55. --------------------------------------------------------------------------------------------------------------
  56.  
  57. XSS - CROSS SITE SCRIPTING
  58. ===========================
  59.  
  60. Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
  61. Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.
  62.  
  63. Flaw of XSS
  64. ============
  65. When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
  66. For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.
  67.  
  68. TYPES OF XSS
  69. =============
  70.  
  71. 1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
  72. 2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
  73. 3. DOM Based XSS : Document Object Module Based XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. For eg. in (document.write) etc.
  74.  
  75. DEMONSTRATION on LVS and DVWA
  76. =============================
  77.  
  78. STEPS
  79. =====
  80.  
  81. = Finding any XSS vulnerable web application, DVWA and LVS.
  82. = Reflected XSS (LOW in DVWA, LVS)
  83. = <script>alert("hacked")</script> //this will create a pop up named kartik
  84. = Stored XSS (LOW in DVWA, LVS)
  85. = Name : kartik Message : <script>alert("xss vulnerability")</script> // storing in thge Database.
  86.  
  87. = Reflected XSS (MEDIUM in DVWA, LVS)
  88. Here <script>alert("test")</script> will not work. Because the source code has performed validation checks and sanitization.
  89.  
  90. Validation Check / Sanitization says > replace "<script>"
  91.  
  92. = ways to bypass XSS in medium security
  93. 1. <script> <script>
  94. 2. <script lan=eng>
  95. 3. <ScRipt>
  96. 4. <scr<script>ipt> ---> <script> --> <scr ipt> --> <script>
  97.  
  98. = <ScRiPt>alert("test")</script>
  99.  
  100.  
  101. = Cookie Stealing
  102. To steal the cookie of the website > affecting on (document.cookie)
  103. <ScRiPt>alert(document.cookie)</script>
  104.  
  105.  
  106. -------------------------------------------------------------------------------------------------------------
  107.  
  108.  
  109. https://lucideustech.blogspot.in/2018/03/a-definitive-guide-to-session-hijacking.html
  110.  
  111. ------------------------------------------------------------------------------------------------------------
  112.  
  113. BROKEN AUTHENTICATION AND SESSION MANAGEMENT
  114. =============================================
  115.  
  116. Broken Authentication and Session Management is two different vulnereabilities. Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
  117. Broken Authentication leads to Weak Login Credentials a Web Application authentication check is having, and Session management leads to the exposure of sensitive Session IDs.
  118.  
  119.  
  120. IRAJ LOGGED IN INTO PNB - 21071993 - fRyuT5478hFde56
  121.  
  122. Demonstration of Broken Authentication and Session Management in LVS.
  123.  
  124. Session Management Example :
  125.  
  126. pnb login > session created > sessiion id = 123545677gcccgz89
  127.  
  128. ATTACKER > steal the session id > behave like a victim and go to pnb site > session id of the attacker, he/she can change it with the viictim's session id ie, session id=12354567789 in the same version of we browser and same enviornment.
  129.  
  130. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
  131.  
  132. FUNCTION on XSS high: onload , onfocus
  133.  
  134.  
  135. TASK
  136. ====
  137. 1. hackertest.net
  138. 2. https://xss-game.appspot.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!