cms audit ask more than the release number

CMS audit, ask more than the release number A. Cervoise - PowerPoint PPT Presentation

Dec 03, 2023 •562 likes •1.42k views

Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion CMS audit, ask more than the release number A. Cervoise antoine.cervoise@devoteam.com July 8, 2013 1/ 85 - A. Cervoise - Devoteam

  1. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion CMS audit, ask more than the release number A. Cervoise antoine.cervoise@devoteam.com July 8, 2013 1/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  2. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Summary Introduction 1 World most used CMS 2 Why and how audit a CMS? 3 Tools for blackbox auditing most used CMS 4 Conclusion 5 2/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  3. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Who am I? IT Security Consultant Vulnerability watching Incident response Security compliance CMS knowledge As an administrator As an incident response engineer As a vulnerability researcher 3/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  4. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Why am I doing this talk? CMS are often forgotten security recommendations patch management pentest planning Give some basic security knowledge to secure CMS Tools Present you some tools I am not a (main) developper from WPScan, joomscan, etc. Give some truth about some tools you may have eard about 4/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  5. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Sumary Introduction 1 World most used CMS 2 Why and how audit a CMS? 3 Why? How to? Make it fast or make it clean Tools for blackbox auditing most used CMS 4 Some oversold products Joomscan WPScan Conclusion 5 5/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  6. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Be careful! Tools used in the following screenshots could be run with: ./toolname.ext or script language toolname.ext toolname Since Kali Linux, all tools are included in the PATH! 6/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  7. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Summary Introduction 1 World most used CMS 2 Why and how audit a CMS? 3 Tools for blackbox auditing most used CMS 4 Conclusion 5 7/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  8. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS What is a CMS? Content Management System Why use a CMS? You dont need Developpement knowledge Graphical skills You get Something quickly functional Modularity with plugins 8/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  9. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Some CMS: Joomla! Spip WordPress Blogger Typo3 Drupal DotNetNuke PHPNuke Etc. 9/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  10. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: http://trends.builtwith.com/cms (04/17/2013) 10/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  11. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: http://trends.builtwith.com/cms/top (04/17/2013) 11/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  12. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: http://w3techs.com/technologies/overview/content_management/all (04/17/2013) 12/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  13. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: https://twitter.com/WordPress , https://twitter.com/drupal and https://twitter.com/joomla (04/17/2013) 13/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  14. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: http://wordpress.org/ and http://wordpress.org/showcase/tag/celebrities/ (04/17/2013) 14/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  15. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: (04/17/2013) http://www.joomla.org/ 15/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  16. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion World most used CMS Figure: http://drupal.org/ and http://drupal.org/case-studies/featured/25214 (04/17/2013) 16/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  17. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Summary Introduction 1 World most used CMS 2 Why and how audit a CMS? 3 Why? How to? Make it fast or make it clean Tools for blackbox auditing most used CMS 4 Conclusion 5 17/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  18. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Why? Why audit CMS? Why audit CMS? They are used by companies as intranet or internet websites or applications They are the first step to get in your system 18/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  19. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Why? Attack scenarios Scenario 1 CMS on a DMZ server: CMS allows file upload Server allows privilege escalation (PHP vulnerability) Attack 1 CMS allows file upload → Code execution PHP allows privilege escalation → Root privilege on a server in your DMZ 19/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  20. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Why? Attack scenarios Scenario 2 CMS on an external server, uses for your mailing campaign. CMS allows XSS Attack 2 CMS allows XSS → Stealing admin credential Use your CMS for spam or stealing your customer DB 20/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  21. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion Why? Attack scenarios Oters cases CMS vulnerable with ... Apache running as root CMS got a root account in MySQL etc. 21/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  22. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS Quick and dirty audit Which CMS? Which version? Is it vulnerable to known vulnerabilities? 22/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  23. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS Which CMS? Each CMS got its own spec (headers, files, admin dirs) Which version? Headers can change between versions Look for new files Look for specific file hashes 23/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  24. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS Is it vulnerable to known vulnerabilities? CVE bulletins Editor bulletins Exploit-db, securityfocus etc. 24/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  25. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS - Tools Your browser Look into the HTML code, lazy guys <meta name="Generator" content="Drupal 7 (http:// drupal.org)" /> <meta name="generator" content="WordPress 3.5.1" /> 25/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  26. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS - Tools Wappalyzer (Firefox plugin) 26/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  27. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Auditing CMS - Tools whatweb 27/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

  28. Introduction World most used CMS Why and how audit a CMS? Tools for blackbox auditing most used CMS Conclusion How to? Make it fast or make it clean Audition CMS - Tools BlindElephant.py BlindElephant.py 192.168.56.101/Drupal/drupal7 drupal Loaded /usr/lib/python2.7/dist-packages/blindelephant/dbs/ drupal.pkl with 145 versions, 478 differentiating paths, and 434 version groups. Starting BlindElephant fingerprint for version of drupal at http://192.168.56.101/Drupal/drupal7 Hit http://192.168.56.101/Drupal/drupal7/CHANGELOG.txt [...] Hit http://192.168.56.101/Drupal/drupal7/misc/drupal.css File produced no match. Error: Failed to reach a server: Not Found Fingerprinting resulted in: 7.14 Best Guess: 7.14 28/ 85 - A. Cervoise - Devoteam - RMLL/LSM 2013

Recommend

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Outline Quick outline of the physics The LHC and CMS CMS Upgrades Funding and Costs

620 views • 50 slides
Pixel trigger in CMS Peter Wittich CMS/Cornell University 12/2/2019 Trigger in CMS for Phase 2:

Pixel trigger in CMS Peter Wittich CMS/Cornell University 12/2/2019 Trigger in CMS for Phase 2:

Pixel trigger in CMS Peter Wittich CMS/Cornell University 12/2/2019 Trigger in CMS for Phase 2: track trigger Big change for CMS in Phase 2: add information from solid state tracking detector to the hardware trigger Phase 2 CMS tracker

603 views • 7 slides
Flow measurements from CMS Julia Velkovska for the CMS Collaboration CMS flow measurements: LHC

Flow measurements from CMS Julia Velkovska for the CMS Collaboration CMS flow measurements: LHC

Flow measurements from CMS Julia Velkovska for the CMS Collaboration CMS flow measurements: LHC flow WG, August 2011 Publically available documents CMS PAS HIN-10-002 preliminary v 2 results CMS PAS HIN-11-005 preliminary v

457 views • 21 slides
ASK C o r p o r a t i o n ASK Corporation American ADM, Inc. ASK 1 C o r p o r a t i o n Ask

ASK C o r p o r a t i o n ASK Corporation American ADM, Inc. ASK 1 C o r p o r a t i o n Ask

Ask for your solutions! ASK C o r p o r a t i o n ASK Corporation American ADM, Inc. ASK 1 C o r p o r a t i o n Ask for your solutions! Corporate Profile Incorporated December 1997 Executive Officer Kazuhiko Muto,

663 views • 10 slides
Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019

Audit and Compliance Committee Internal Audit Proposed Internal Audit Charter March 15, 2019 Internal Audit Open Meeting Internal Audit Charter Internal Audit Charter (The following 3 slides are excerpts from the Institute of Internal

205 views • 6 slides
CMS Programme India CERN LHC CMS India-CMS Kajari Mazumdar ( on behalf of

CMS Programme India CERN LHC CMS India-CMS Kajari Mazumdar ( on behalf of

CMS Programme India CERN LHC CMS India-CMS Kajari Mazumdar ( on behalf of India-CMS collaboration) Tata Institute of Fundamental Research Mumbai Plan is to cover briefly relevant hardware, software and physics topics. Additional

374 views • 34 slides
CMS Mortgage Strategies CMS TacOpps I - Trends &amp; Opportunities in CRE Debt CMS TacOpps I

CMS Mortgage Strategies CMS TacOpps I - Trends &amp; Opportunities in CRE Debt CMS TacOpps I

CMS Commercial CMS Mortgage Strategies CMS TacOpps I - Trends &amp; Opportunities in CRE Debt CMS TacOpps I Opportunity Catalysts Regulatory and capital constraints have limited the availability of CRE credit, despite strong borrower demand

326 views • 16 slides
CMS physics overview CMS physics overview LISHEP-2013, March 18-22, Rio de Janeiro LISHEP-2013,

CMS physics overview CMS physics overview LISHEP-2013, March 18-22, Rio de Janeiro LISHEP-2013,

CMS CMS physics overview CMS physics overview LISHEP-2013, March 18-22, Rio de Janeiro LISHEP-2013, March 18-22, Rio de Janeiro David d'Enterria (CERN) David d'Enterria (CERN) on behalf of the CMS Collaboration on behalf of the CMS

891 views • 47 slides
PhEDEx and CMS Data Transfers Paul Rossman Fermilab Global CMS Data Network Paul Rossman

PhEDEx and CMS Data Transfers Paul Rossman Fermilab Global CMS Data Network Paul Rossman

PhEDEx and CMS Data Transfers Paul Rossman Fermilab Global CMS Data Network Paul Rossman Fermilab PhEDEx and CMS Data Transfers 2 Dec 8, 2010 Global CMS Data Network Paul Rossman Fermilab PhEDEx and CMS Data Transfers 3 Dec 8, 2010

454 views • 26 slides
2018 Annual Audit Report to the Commission GCPUD Audit Department 11/13/18 1 Meeting

2018 Annual Audit Report to the Commission GCPUD Audit Department 11/13/18 1 Meeting

2018 Annual Audit Report to the Commission GCPUD Audit Department 11/13/18 1 Meeting Objectives: 1. Principles of Audit Plan Development 2. Status of the 2018 Audit Plan 3. Review 2019 Audit Plan 4. Moving Forward GCPUD Audit Department

807 views • 60 slides
Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit

Farmersville, Texas Audit Presentation September 30, 2017 Presented By: Louis Breedlove, Audit Manager June 26, 2018 1 OVERVIEW OF THE AUDIT PROCESS Audit Planning and Risk Assessment Audit Standards The audit was performed in

425 views • 13 slides
Release Reporting RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON

Release Reporting RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON

Release Reporting RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON RELEASE NOTI FI CATI ON REQUI REMENTS TABLE REQUI REMENTS TABLE REQUI REMENTS I N REQUI REMENTS I N 11/ 10/ 2011 11/ 10/ 2011 MI CHI GAN MI CHI GAN

104 views • 7 slides
Mini Bookfairs in Schools/Universities More than 50 publishers More than 50 publishers More than

Mini Bookfairs in Schools/Universities More than 50 publishers More than 50 publishers More than

Mini Bookfairs in Schools/Universities More than 50 publishers More than 50 publishers More than 50 publishers More than 3000 titles available Prices TAILORED to you Up to 40% Bookfair should be ordered in advance Talk to you Sales

434 views • 6 slides
Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do more Be more Key Staff linked to Year 7 Mrs Angela Haynes Mrs Louisa Smith Head of Year 7 Year 7 PSM Ms Leyla Mrs Julia Emmel Bilsborough

736 views • 27 slides
Release management in Debian - Can we do better? Frans Pop FOSDEM 2009, Brussels Frans Pop

Release management in Debian - Can we do better? Frans Pop FOSDEM 2009, Brussels Frans Pop

Release Management Stable release Management The etch-and-a-half release The Lenny release Release management in Debian - Can we do better? Frans Pop FOSDEM 2009, Brussels Frans Pop Release management in Debian - Can we do better? Release

194 views • 18 slides
The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview

The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview

The F word: FRAUD Agenda About Internal Audit Audit team Internal Audit office overview Fraud and Fraud Schemes Define fraud Learn about different types of fraud and fraud schemes Fraud reporting methods Audit Team Corby

509 views • 32 slides
Testing Linearity against Non-Signaling Strategies Alessandro Chiesa Peter Manohar Igor Shinkar

Testing Linearity against Non-Signaling Strategies Alessandro Chiesa Peter Manohar Igor Shinkar

Testing Linearity against Non-Signaling Strategies Alessandro Chiesa Peter Manohar Igor Shinkar UC Berkeley What is linearity testing? 1 Linearity Testing 2 Linearity Testing Given oracle access to f:{0,1} n {0,1} decide if: (1) f is

2.31k views • 163 slides
New Guidelines to Support New York Providers Delivering Telehealth During the COVID Crisis Arthur

New Guidelines to Support New York Providers Delivering Telehealth During the COVID Crisis Arthur

New Guidelines to Support New York Providers Delivering Telehealth During the COVID Crisis Arthur Yusupov Provider Training Specialist, New York State Cheryl Foley Director of Provider Relations, New York State Chris Daher- Vice President

368 views • 17 slides
CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed

CMS Subgroups in dCache 2.2 CMS T3 requirements for dCache We manage a CMS T3 cluster financed by 3 Swiss Institutes: PSI , UniZ , ETHZ ; during 2013 we will run 700TB net based on 2*NetApp E5400 + 4*Sun X4500 + 5*Sun X4540 ; Our user

210 views • 10 slides
Transition of Medicaid Claims Payments to SCEIS Stakeholder Outreach Team RMMIS Program South

Transition of Medicaid Claims Payments to SCEIS Stakeholder Outreach Team RMMIS Program South

Transition of Medicaid Claims Payments to SCEIS Stakeholder Outreach Team RMMIS Program South Carolina Department of Health and Human Services What is SCEIS? Beginning July 2019, the South Carolina Department of Health and Human Services

298 views • 27 slides
Washington Update Medmarc Webinar August 23, 2017 Clayton Hall, VP for Government Affairs

Washington Update Medmarc Webinar August 23, 2017 Clayton Hall, VP for Government Affairs

Washington Update Medmarc Webinar August 23, 2017 Clayton Hall, VP for Government Affairs Medical Device Manufacturers Association About MDMA Founded in 1992 by handful of smaller medical device executives seeking a voice in Washington

529 views • 33 slides
Are -functions able to solve Diophantine equations? An introduction to (non-commutative)

Are -functions able to solve Diophantine equations? An introduction to (non-commutative)

-functions and Diophantine equations The function field case Classical Iwasawa theory Non-commutative Iwasawa Theory Are -functions able to solve Diophantine equations? An introduction to (non-commutative) Iwasawa theory Otmar Venjakob

1.07k views • 45 slides
Modeling 9/11 disaster networks using degree sequence models Miruna Petrescu-Prahova, University

Modeling 9/11 disaster networks using degree sequence models Miruna Petrescu-Prahova, University

Modeling 9/11 disaster networks using degree sequence models Miruna Petrescu-Prahova, University of Washington Michael Schweinberger, Pennsylvania State University Duy Quang Vu, Pennsylvania State University June 3, 2011 Miruna

294 views • 16 slides
Merit System Principles and Prohibited Personnel Practices: A Primer for the HR Community

Merit System Principles and Prohibited Personnel Practices: A Primer for the HR Community

Merit System Principles and Prohibited Personnel Practices: A Primer for the HR Community Presented by: Julie Broussard Berko, MPA Acting Director, Office of Human Resources National Institutes of Health April 3, 2018 Key Takeaways By the

783 views • 24 slides

More recommend