Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################
- # Course Materials #
- ####################
- Slides:
- https://s3.amazonaws.com/infosecaddictsfiles/WebAppSecIsNotEasyButCanBeSimple.pptx
- https://s3.amazonaws.com/infosecaddictsfiles/Burp+Suite.pptx
- Lab Manual:
- https://s3.amazonaws.com/infosecaddictsfiles/BurpSuite-Bootcamp-v1.pdf
- Day 1 Homework:
- Here is a good reference of how to use Burp to look for OWASP Top 10 vulnerabilities:
- https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten
- Use Burp Suite to demonstrate with screenshots and explanations of how to test for the all of the OWASP Top 10 vulnerabilities against your choice of targets the following targets:
- http://54.213.252.28/
- http://40.86.183.118/
- Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day1-Homework.docx)
- Day 1 Challenge:
- Use Burp Suite to demonstrate with screenshots and explanations of how to test for the all of the OWASP Top 10 vulnerabilities against your choice of targets the following targets:
- http://strategicsec.com
- http://54.213.131.105/
- Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day1-Challenge.docx)
- Day 2 Homework:
- Here are some sample web app penetration test reports from other companies that you can look at:
- https://s3.amazonaws.com/infosecaddictsfiles/WebAppSampleReports.zip
- I want you to perform a penetration test against http://zero.webappsecurity.com and document the engagement as if it were a real project.
- Day 2 Challenge:
- ----------------------------------
- Use the StrategicSec Ubuntu VM to demonstrate how to install, configure, and use at least five (5) of the following Burp Suite extensions from these websites and lists below:
- https://github.com/integrissecurity/carbonator
- https://github.com/allfro/BurpKit
- https://github.com/nccgroup/BurpSuiteLoggerPlusPlus
- https://github.com/Quitten/Autorize
- https://github.com/codewatchorg/sqlipy
- https://github.com/augustd/burp-suite-token-fetcher
- https://github.com/augustd/burp-suite-gwt-scan
- https://webbreacher.wordpress.com/2015/07/25/my-favorite-burp-suite-extensions/
- http://bughunting.guide/the-top-5-burp-suite-extensions/
- https://www.codemagi.com/downloads/
- You must use them against your choice of targets the following targets:
- http://strategicsec.com
- http://54.213.252.28/
- http://40.86.183.118/
- http://54.213.131.105/
- Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day2-Challenge.docx)
- ##########
- # VMWare #
- ##########
- - For this workshop you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player.
- - A 30-day trial of Workstation 11 can be downloaded from here:
- - https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0
- - A 30-day trial of Fusion 7 can be downloaded from here:
- - https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_fusion/7_0
- - The newest version of VMWare Player can be downloaded from here:
- - https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/7_0
- - Although you can get the VM to run in VirtualBox, I will not be supporting this configuration for this class.
- ##########################
- # Download the attack VM #
- ##########################
- https://s3.amazonaws.com/infosecaddictsvirtualmachines/InfoSecAddictsVM.zip
- user: infosecaddicts
- pass: infosecaddicts
- ##################################
- # Basic: Web Application Testing #
- ##################################
- Most people are going to tell you reference the OWASP Testing guide.
- https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
- I'm not a fan of it for the purpose of actual testing. It's good for defining the scope of an assessment, and defining attacks, but not very good for actually attacking a website.
- The key to doing a Web App Assessment is to ask yourself the 3 web questions on every page in the site.
- 1. Does the website talk to a DB?
- - Look for parameter passing (ex: site.com/page.php?id=4)
- - If yes - try SQL Injection
- 2. Can I or someone else see what I type?
- - If yes - try XSS
- 3. Does the page reference a file?
- - If yes - try LFI/RFI
- Let's start with some manual testing against 54.213.100.93
- Start here:
- http://54.213.252.28/
- There's no parameter passing on the home page so the answer to question 1 is NO.
- There is however a search box in the top right of the webpage, so the answer to question 2 is YES.
- Try an XSS in the search box on the home page:
- <script>alert(123);</script>
- Doing this gives us the following in the address bar:
- http://54.213.252.28/BasicSearch.aspx?Word=<script>alert(123);</script>
- Ok, so we've verified that there is XSS in the search box.
- Let's move on to the search box in the left of the page.
- Let's give the newsletter signup box a shot
- Moving on to the login page.
- http://54.213.252.28/login.aspx
- I entered a single quote (') for both the user name and the password. I got the following error:
- -----------------------------------------------------------------
- 'Users//User[@Name=''' and @Password=''']' has an invalid token.
- Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
- Exception Details: System.Xml.XPath.XPathException: 'Users//User[@Name=''' and @Password=''']' has an invalid token.
- Source Error:
- Line 112: doc.Load(Server.MapPath("") + @"\AuthInfo.xml");
- Line 113: string credential = "Users//User[@Name='" + UserName + "' and @Password='" + Password + "']";
- Line 114: XmlNodeList xmln = doc.SelectNodes(credential);
- Line 115: //String test = xmln.ToString();
- Line 116: if (xmln.Count > 0)
- -----------------------------------------------------------------
- Hmm....System.Xml.XPath.XPathException.....that's not SQL.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement