API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2018
627
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.22 KB | None | 0 0
raw download clone embed print report
  1. ####################
  2. # Course Materials #
  3. ####################
  4.  
  5. Slides:
  6. https://s3.amazonaws.com/infosecaddictsfiles/WebAppSecIsNotEasyButCanBeSimple.pptx
  7. https://s3.amazonaws.com/infosecaddictsfiles/Burp+Suite.pptx
  8.  
  9.  
  10. Lab Manual:
  11. https://s3.amazonaws.com/infosecaddictsfiles/BurpSuite-Bootcamp-v1.pdf
  12.  
  13.  
  14.  
  15. Day 1 Homework:
  16. Here is a good reference of how to use Burp to look for OWASP Top 10 vulnerabilities:
  17. https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten
  18.  
  19.  
  20. Use Burp Suite to demonstrate with screenshots and explanations of how to test for the all of the OWASP Top 10 vulnerabilities against your choice of targets the following targets:
  21. http://54.213.252.28/
  22. http://40.86.183.118/
  23.  
  24. Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day1-Homework.docx)
  25.  
  26. Day 1 Challenge:
  27. Use Burp Suite to demonstrate with screenshots and explanations of how to test for the all of the OWASP Top 10 vulnerabilities against your choice of targets the following targets:
  28. http://strategicsec.com
  29. http://54.213.131.105/
  30.  
  31. Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day1-Challenge.docx)
  32.  
  33.  
  34. Day 2 Homework:
  35. Here are some sample web app penetration test reports from other companies that you can look at:
  36. https://s3.amazonaws.com/infosecaddictsfiles/WebAppSampleReports.zip
  37.  
  38. I want you to perform a penetration test against http://zero.webappsecurity.com and document the engagement as if it were a real project.
  39.  
  40.  
  41. Day 2 Challenge:
  42. ----------------------------------
  43. Use the StrategicSec Ubuntu VM to demonstrate how to install, configure, and use at least five (5) of the following Burp Suite extensions from these websites and lists below:
  44. https://github.com/integrissecurity/carbonator
  45. https://github.com/allfro/BurpKit
  46. https://github.com/nccgroup/BurpSuiteLoggerPlusPlus
  47. https://github.com/Quitten/Autorize
  48. https://github.com/codewatchorg/sqlipy
  49. https://github.com/augustd/burp-suite-token-fetcher
  50. https://github.com/augustd/burp-suite-gwt-scan
  51.  
  52. https://webbreacher.wordpress.com/2015/07/25/my-favorite-burp-suite-extensions/
  53. http://bughunting.guide/the-top-5-burp-suite-extensions/
  54. https://www.codemagi.com/downloads/
  55.  
  56.  
  57.  
  58. You must use them against your choice of targets the following targets:
  59. http://strategicsec.com
  60. http://54.213.252.28/
  61. http://40.86.183.118/
  62. http://54.213.131.105/
  63.  
  64. Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Burp-Suite-Bootcamp-Day2-Challenge.docx)
  65.  
  66.  
  67.  
  68. ##########
  69. # VMWare #
  70. ##########
  71. - For this workshop you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player.
  72.  
  73. - A 30-day trial of Workstation 11 can be downloaded from here:
  74. - https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0
  75.  
  76. - A 30-day trial of Fusion 7 can be downloaded from here:
  77. - https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_fusion/7_0
  78.  
  79. - The newest version of VMWare Player can be downloaded from here:
  80. - https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/7_0
  81.  
  82.  
  83. - Although you can get the VM to run in VirtualBox, I will not be supporting this configuration for this class.
  84.  
  85.  
  86. ##########################
  87. # Download the attack VM #
  88. ##########################
  89. https://s3.amazonaws.com/infosecaddictsvirtualmachines/InfoSecAddictsVM.zip
  90. user: infosecaddicts
  91. pass: infosecaddicts
  92.  
  93.  
  94. ##################################
  95. # Basic: Web Application Testing #
  96. ##################################
  97.  
  98. Most people are going to tell you reference the OWASP Testing guide.
  99. https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
  100.  
  101. I'm not a fan of it for the purpose of actual testing. It's good for defining the scope of an assessment, and defining attacks, but not very good for actually attacking a website.
  102.  
  103.  
  104. The key to doing a Web App Assessment is to ask yourself the 3 web questions on every page in the site.
  105.  
  106. 1. Does the website talk to a DB?
  107. - Look for parameter passing (ex: site.com/page.php?id=4)
  108. - If yes - try SQL Injection
  109.  
  110. 2. Can I or someone else see what I type?
  111. - If yes - try XSS
  112.  
  113. 3. Does the page reference a file?
  114. - If yes - try LFI/RFI
  115.  
  116. Let's start with some manual testing against 54.213.100.93
  117.  
  118.  
  119. Start here:
  120. http://54.213.252.28/
  121.  
  122.  
  123. There's no parameter passing on the home page so the answer to question 1 is NO.
  124. There is however a search box in the top right of the webpage, so the answer to question 2 is YES.
  125.  
  126. Try an XSS in the search box on the home page:
  127. <script>alert(123);</script>
  128.  
  129. Doing this gives us the following in the address bar:
  130. http://54.213.252.28/BasicSearch.aspx?Word=<script>alert(123);</script>
  131.  
  132. Ok, so we've verified that there is XSS in the search box.
  133.  
  134. Let's move on to the search box in the left of the page.
  135.  
  136. Let's give the newsletter signup box a shot
  137.  
  138. Moving on to the login page.
  139. http://54.213.252.28/login.aspx
  140.  
  141. I entered a single quote (') for both the user name and the password. I got the following error:
  142.  
  143. -----------------------------------------------------------------
  144. 'Users//User[@Name=''' and @Password=''']' has an invalid token.
  145. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  146.  
  147. Exception Details: System.Xml.XPath.XPathException: 'Users//User[@Name=''' and @Password=''']' has an invalid token.
  148.  
  149. Source Error:
  150.  
  151.  
  152. Line 112: doc.Load(Server.MapPath("") + @"\AuthInfo.xml");
  153. Line 113: string credential = "Users//User[@Name='" + UserName + "' and @Password='" + Password + "']";
  154. Line 114: XmlNodeList xmln = doc.SelectNodes(credential);
  155. Line 115: //String test = xmln.ToString();
  156. Line 116: if (xmln.Count > 0)
  157.  
  158. -----------------------------------------------------------------
  159.  
  160.  
  161. Hmm....System.Xml.XPath.XPathException.....that's not SQL.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!