SlideShare una empresa de Scribd logo

Web hacking

Prashant Vashisht
Prashant Vashisht
EducaciónTecnologíaDiseño
1 de 56
Descargar para leer sin conexión
Web Hacking KSAJ Inc. www.PENETRATIONTEST.com
HaX0rz Toolkit Complicated ‘sploits that need a Bachelor’s degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
A Web Browser? Web surfing: • Is easy to do, • Is Operating System independent, • Doesn’t require intimate knowledge of “the system”, • Provides access to vast amounts of data and information, • and topped off with all kinds of data mining tools
Web Features Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain Data aggregation makes it more serious
What We’ll Learn Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on privacy
Where to start? Search Engines are one of the first things people learn to use on the Internet Most use highly effective search algorithms to mine the Internet Most provide equally advanced search abilities to the user
allintitle:”Index of /admin”
• Here is a Google hit from MIT, pulled from the cache
• allintitle:”Index of /” site:mil
Sometimes it works when broken From an allintitle:”Index of /admin” search Admin account had been patched But the error information was pretty interesting, too… • Within the full page error report was: Full paths to libraries /home/faraway/opt/cancat/lib /usr/local/share/perl/5.6.1/Apache/ASP.pm /usr/local/lib/perl/5.6.1/DBD/mysql.pm
Search Engines allintitle:”Index of /” site:gov site:mil site:ztarget.com filetype:doc filetype:pdf filetype:xls [cached] [view as html] intitle:, inurl:, allinurl: Filetypes include: pdf, ps, wk[12345], wki, wks, wku, lwp, mw, xls, ppt, doc, wps, wdb, wri, rtf, ans and txt
Other Interesting Searches Far too many password files to bother counting anymore Access and error logs from a hotel chain • Included booking information and how long customers were staying • Some very well-known people had their full vacation schedules made available to the public Military “Procedures and Practices”
Other Interesting Searches allintitle:”Index of /” +confidential filetype:doc • A regulatory matters postal letter to an executive at a telecommunications commission, which contained competitor and specific revenue information, and made the following declaration: The release of such information on the public record would allow current and potential competitors to develop more effective business and marketing strategies…
Other Interesting Searches Searches for WS_FTP.LOG give a rather detailed list of files that are updated regularly, and often provides internal network IP information normally hidden from the Internet Name, job title, phone number, and email address of mailroom staff at major military sites Inter-department electronic funds transfers
Other Interesting Searches robots.txt files tell search engines “don’t look here” World-readable and in a known location so the search engines will find it easily, and ignore confidential or private directories What do you find when you do look in those directories?
Other Interesting Searches Passive scanning for vulnerable targets Where to find targets: • Search for phrases commonly found on web-based application interfaces (and especially their error messages) • Sites like http://www.securityfocus.com – provide information that can be used to create search criteria
Unreported Vulnerabilities Many vulnerabilities go unreported and unfixed, despite how obvious they are Example: • HAMWeather is a weather software package that allows websites to provide accurate weather information. Geared towards news sites. • Does not require authentication for any of its administrative processes • Lets search for that administrative program…
More Web Hacking Search engines are a treasure trove of information We’ve looked at general web search engines, but let’s now look at more information specific sites • Administrative web servers • Reconnaissance from the sky • Proxies
Administrative Web Servers Many devices come with web servers enabled by default: • Printers • Routers and Switches • Wireless Access Points
Printers on the Web? Netcraft provides an ongoing tally of web servers operating on the Internet. Can we find web based administration?
Agranat-EmWeb
Several sites seem to have left this particular printer wide open
Reconnaissance We’ve seen a glimpse of various back doors available to web browsers Let’s turn the tables now, and talk much closer to home How much personal detail do we put online for all to see?
Reconaissance Web surfing habits Cookies Resumes Web site histories (www.archive.org) News group posts Friends Relatives School archives Maps
Final Thoughts We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles
Thank You Karsten Johansson KSAJ Inc. www.PENETRATIONTEST.com

Recomendados

MLA Plenary Session IV - Bart Ragon
MLA Plenary Session IV - Bart RagonMLA Plenary Session IV - Bart Ragon
MLA Plenary Session IV - Bart RagonDavid Rothman
 
Datasets, APIs, and Web Scraping
Datasets, APIs, and Web ScrapingDatasets, APIs, and Web Scraping
Datasets, APIs, and Web ScrapingDamian T. Gordon
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodann|u - The Open Security Community
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzingBlueinfy Solutions
 
Web Scraping and Data Extraction Service
Web Scraping and Data Extraction ServiceWeb Scraping and Data Extraction Service
Web Scraping and Data Extraction ServicePromptCloud
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
Muhammad Nazim Al Zafir resume
Muhammad Nazim Al Zafir resumeMuhammad Nazim Al Zafir resume
Muhammad Nazim Al Zafir resumeMuhammad Nazim Al Zafir
 

Recomendados

MLA Plenary Session IV - Bart Ragon
MLA Plenary Session IV - Bart RagonMLA Plenary Session IV - Bart Ragon
MLA Plenary Session IV - Bart RagonDavid Rothman
 
Datasets, APIs, and Web Scraping
Datasets, APIs, and Web ScrapingDatasets, APIs, and Web Scraping
Datasets, APIs, and Web ScrapingDamian T. Gordon
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodann|u - The Open Security Community
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzingBlueinfy Solutions
 
Web Scraping and Data Extraction Service
Web Scraping and Data Extraction ServiceWeb Scraping and Data Extraction Service
Web Scraping and Data Extraction ServicePromptCloud
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
Muhammad Nazim Al Zafir resume
Muhammad Nazim Al Zafir resumeMuhammad Nazim Al Zafir resume
Muhammad Nazim Al Zafir resumeMuhammad Nazim Al Zafir
 
Atila
AtilaAtila
Atilakevingaleanoyo
 
Actividad n1 yoselin barrera
Actividad n1 yoselin barreraActividad n1 yoselin barrera
Actividad n1 yoselin barreraYoselin Barrera
 
Solamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiencySolamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiencyfrankhansen531
 
freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17健太 田上
 
壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Final壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Finalcash0430
 
Workers' Compensation in Utah
Workers' Compensation in UtahWorkers' Compensation in Utah
Workers' Compensation in UtahParsons Behle & Latimer
 
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERSGUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERSChema Lozano Guillermo
 
Hoa quynh
Hoa quynhHoa quynh
Hoa quynhseophuong
 
BIMobject dkt oslo 2012
BIMobject dkt oslo 2012BIMobject dkt oslo 2012
BIMobject dkt oslo 2012BIMobject
 
Sin and Salvation
Sin and SalvationSin and Salvation
Sin and SalvationG John Thimothy
 
Inland Technology General Profile 2016
Inland Technology General Profile 2016Inland Technology General Profile 2016
Inland Technology General Profile 2016Ben Lucas
 
MA Research Methods 2: Working Practices
MA Research Methods 2: Working PracticesMA Research Methods 2: Working Practices
MA Research Methods 2: Working PracticesClaire Lynch
 
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2Soares Filho
 
Patterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug DataPatterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug DataRodrigo Rocha
 
Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01Manuel Herrera Kmuland
 
Maquina virtual
Maquina virtualMaquina virtual
Maquina virtualGerard Apellidos
 
golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglio golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglioHotel Gianna
 
Freshwater Matters October2013
Freshwater Matters October2013Freshwater Matters October2013
Freshwater Matters October2013Lancaster University
 
pengajian islam
pengajian islampengajian islam
pengajian islamSoFfAeHa
 
Redis: no solo una caché
Redis: no solo una cachéRedis: no solo una caché
Redis: no solo una cachéFernando Escolar Martínez-Berganza
 
Web hacking
Web hackingWeb hacking
Web hackingtyorock
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

Más contenido relacionado

Destacado

Actividad n1 yoselin barrera
Actividad n1 yoselin barreraActividad n1 yoselin barrera
Actividad n1 yoselin barreraYoselin Barrera
 
Solamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiencySolamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiencyfrankhansen531
 
freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17健太 田上
 
壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Final壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Finalcash0430
 
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERSGUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERSChema Lozano Guillermo
 
BIMobject dkt oslo 2012
BIMobject dkt oslo 2012BIMobject dkt oslo 2012
BIMobject dkt oslo 2012BIMobject
 
Inland Technology General Profile 2016
Inland Technology General Profile 2016Inland Technology General Profile 2016
Inland Technology General Profile 2016Ben Lucas
 
MA Research Methods 2: Working Practices
MA Research Methods 2: Working PracticesMA Research Methods 2: Working Practices
MA Research Methods 2: Working PracticesClaire Lynch
 
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2Soares Filho
 
Patterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug DataPatterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug DataRodrigo Rocha
 
Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01Manuel Herrera Kmuland
 
golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglio golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglioHotel Gianna
 
pengajian islam
pengajian islampengajian islam
pengajian islamSoFfAeHa
 

Destacado (20)

Atila
AtilaAtila
Atila
 
Actividad n1 yoselin barrera
Actividad n1 yoselin barreraActividad n1 yoselin barrera
Actividad n1 yoselin barrera
 
Solamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiencySolamon energy epa recognizes hanscom office building for energy efficiency
Solamon energy epa recognizes hanscom office building for energy efficiency
 
freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17freeCodeCampTokyoMeetup 17
freeCodeCampTokyoMeetup 17
 
壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Final壹基金和阿里巴巴的那些事儿Final
壹基金和阿里巴巴的那些事儿Final
 
Workers' Compensation in Utah
Workers' Compensation in UtahWorkers' Compensation in Utah
Workers' Compensation in Utah
 
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERSGUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
GUIDE TO E-LEARNING DESIGN FOR NON-DESIGNERS
 
Hoa quynh
Hoa quynhHoa quynh
Hoa quynh
 
BIMobject dkt oslo 2012
BIMobject dkt oslo 2012BIMobject dkt oslo 2012
BIMobject dkt oslo 2012
 
Sin and Salvation
Sin and SalvationSin and Salvation
Sin and Salvation
 
Inland Technology General Profile 2016
Inland Technology General Profile 2016Inland Technology General Profile 2016
Inland Technology General Profile 2016
 
MA Research Methods 2: Working Practices
MA Research Methods 2: Working PracticesMA Research Methods 2: Working Practices
MA Research Methods 2: Working Practices
 
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
103845188 unidades-de-controle-na-parte-dianteira-do-veiculo-parte-2
 
Patterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug DataPatterns for Cleaning Up Bug Data
Patterns for Cleaning Up Bug Data
 
Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01Fivekingdomclassification 110903031134-phpapp01
Fivekingdomclassification 110903031134-phpapp01
 
Maquina virtual
Maquina virtualMaquina virtual
Maquina virtual
 
golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglio golf clinic pacchetto vacanza hotel gianna madonna di campiglio
golf clinic pacchetto vacanza hotel gianna madonna di campiglio
 
Freshwater Matters October2013
Freshwater Matters October2013Freshwater Matters October2013
Freshwater Matters October2013
 
pengajian islam
pengajian islampengajian islam
pengajian islam
 
Redis: no solo una caché
Redis: no solo una cachéRedis: no solo una caché
Redis: no solo una caché
 

Similar a Web hacking

Web hacking
Web hackingWeb hacking
Web hackingtyorock
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basicsJyoti Yadav
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Maximiliano Soler
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajeshRajeshP153
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET Journal
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationBlueinfy Solutions
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About 10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About Jesus Rodriguez
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpFelipe Prado
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationSam Bowne
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 

Similar a Web hacking (20)

Web hacking
Web hackingWeb hacking
Web hacking
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
What is web scraping?
What is web scraping?What is web scraping?
What is web scraping?
 
Module 3
Module 3Module 3
Module 3
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine Optimization
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About 10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 
Module 5 and 6
Module 5 and 6Module 5 and 6
Module 5 and 6
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
freelancing
freelancingfreelancing
freelancing
 

Último

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 

Último (20)

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 

Web hacking

  • 1. Web Hacking KSAJ Inc. www.PENETRATIONTEST.com
  • 2. HaX0rz Toolkit Complicated ‘sploits that need a Bachelor’s degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
  • 3. A Web Browser? Web surfing: • Is easy to do, • Is Operating System independent, • Doesn’t require intimate knowledge of “the system”, • Provides access to vast amounts of data and information, • and topped off with all kinds of data mining tools
  • 4. Web Features Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain Data aggregation makes it more serious
  • 5. What We’ll Learn Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on privacy
  • 6. Where to start? Search Engines are one of the first things people learn to use on the Internet Most use highly effective search algorithms to mine the Internet Most provide equally advanced search abilities to the user
  • 8.
  • 9. • Here is a Google hit from MIT, pulled from the cache
  • 10. • allintitle:”Index of /” site:mil
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Sometimes it works when broken From an allintitle:”Index of /admin” search Admin account had been patched But the error information was pretty interesting, too… • Within the full page error report was: Full paths to libraries /home/faraway/opt/cancat/lib /usr/local/share/perl/5.6.1/Apache/ASP.pm /usr/local/lib/perl/5.6.1/DBD/mysql.pm
  • 18. Search Engines allintitle:”Index of /” site:gov site:mil site:ztarget.com filetype:doc filetype:pdf filetype:xls [cached] [view as html] intitle:, inurl:, allinurl: Filetypes include: pdf, ps, wk[12345], wki, wks, wku, lwp, mw, xls, ppt, doc, wps, wdb, wri, rtf, ans and txt
  • 19. Other Interesting Searches Far too many password files to bother counting anymore Access and error logs from a hotel chain • Included booking information and how long customers were staying • Some very well-known people had their full vacation schedules made available to the public Military “Procedures and Practices”
  • 20. Other Interesting Searches allintitle:”Index of /” +confidential filetype:doc • A regulatory matters postal letter to an executive at a telecommunications commission, which contained competitor and specific revenue information, and made the following declaration: The release of such information on the public record would allow current and potential competitors to develop more effective business and marketing strategies…
  • 21. Other Interesting Searches Searches for WS_FTP.LOG give a rather detailed list of files that are updated regularly, and often provides internal network IP information normally hidden from the Internet Name, job title, phone number, and email address of mailroom staff at major military sites Inter-department electronic funds transfers
  • 22. Other Interesting Searches robots.txt files tell search engines “don’t look here” World-readable and in a known location so the search engines will find it easily, and ignore confidential or private directories What do you find when you do look in those directories?
  • 23. Other Interesting Searches Passive scanning for vulnerable targets Where to find targets: • Search for phrases commonly found on web-based application interfaces (and especially their error messages) • Sites like http://www.securityfocus.com – provide information that can be used to create search criteria
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. Unreported Vulnerabilities Many vulnerabilities go unreported and unfixed, despite how obvious they are Example: • HAMWeather is a weather software package that allows websites to provide accurate weather information. Geared towards news sites. • Does not require authentication for any of its administrative processes • Lets search for that administrative program…
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35. More Web Hacking Search engines are a treasure trove of information We’ve looked at general web search engines, but let’s now look at more information specific sites • Administrative web servers • Reconnaissance from the sky • Proxies
  • 36. Administrative Web Servers Many devices come with web servers enabled by default: • Printers • Routers and Switches • Wireless Access Points
  • 37. Printers on the Web? Netcraft provides an ongoing tally of web servers operating on the Internet. Can we find web based administration?
  • 38.
  • 40. Several sites seem to have left this particular printer wide open
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Reconnaissance We’ve seen a glimpse of various back doors available to web browsers Let’s turn the tables now, and talk much closer to home How much personal detail do we put online for all to see?
  • 46. Reconaissance Web surfing habits Cookies Resumes Web site histories (www.archive.org) News group posts Friends Relatives School archives Maps
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. Final Thoughts We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles
  • 56. Thank You Karsten Johansson KSAJ Inc. www.PENETRATIONTEST.com