Team RISC

Raghunath G

Imran Mohammed

Our story of Jail break !

Aim

Find zero day in Joomla ( I'm-possible in 36 Hrs ;) )

Eating only this ...

Why Joomla/Gymla ?

● Challenge !● Learn exploitation in complex

web applications● IBM X-force paper on CMS

security.

Vulns in Drupal

Vulns in Wordpress

Vulns in Joomla

How its generally done ?

Source codeAuditing

Fuzzing

0 day vulnerability

What we did ?

Methodology

Know your enemy

If you know your enemies and know yourself, you will not be imperiled in a hundred battles

-- Sun Tzu, the art of war

Set up the Attacking environment

Study the Joomla architecture

Components, modules, plugins

Source code Auditing

●Identify vulnerable Functions●Analyze the entry points●Analyze Input Validations.

The entry points

More ...

Few more ...

Exec call

RIPS output

Fuzzing● Find the entry points ● SQL Injection● XSS● CSRF● Command Injection● Click Jacking with Drag and drop

JBroFuzz

Clickjacking

Tools used for Source code auditing

● The mighty grep● RIPS● RATS

Tools used for Fuzzing

JBroFuzz

Burp Suite

WebScarab

References

● http://www.exploit-db.com/papers/15780/

● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119

Thanks to ...

Omair, Amol Naik, Null team and especially our Jailer

Questions ?

हकैर हकै्या ? हकैर