SlideShare a Scribd company logo

Web hacking

T
tyorock

Web hacking

TechnologyDesign
1 of 56
Download to read offline
Web Hacking KSAJ Inc. www.PENETRATIONTEST.com
HaX0rz Toolkit Complicated ‘sploits that need a Bachelor’s degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
A Web Browser? Web surfing: • Is easy to do, • Is Operating System independent, • Doesn’t require intimate knowledge of “the system”, • Provides access to vast amounts of data and information, • and topped off with all kinds of data mining tools
Web Features Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain Data aggregation makes it more serious
What We’ll Learn Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on privacy
Where to start? Search Engines are one of the first things people learn to use on the Internet Most use highly effective search algorithms to mine the Internet Most provide equally advanced search abilities to the user
allintitle:”Index of /admin”
• Here is a Google hit from MIT, pulled from the cache
• allintitle:”Index of /” site:mil
Sometimes it works when broken From an allintitle:”Index of /admin” search Admin account had been patched But the error information was pretty interesting, too… • Within the full page error report was: Full paths to libraries /home/faraway/opt/cancat/lib /usr/local/share/perl/5.6.1/Apache/ASP.pm /usr/local/lib/perl/5.6.1/DBD/mysql.pm
Search Engines allintitle:”Index of /” site:gov site:mil site:ztarget.com filetype:doc filetype:pdf filetype:xls [cached] [view as html] intitle:, inurl:, allinurl: Filetypes include: pdf, ps, wk[12345], wki, wks, wku, lwp, mw, xls, ppt, doc, wps, wdb, wri, rtf, ans and txt
Other Interesting Searches Far too many password files to bother counting anymore Access and error logs from a hotel chain • Included booking information and how long customers were staying • Some very well-known people had their full vacation schedules made available to the public Military “Procedures and Practices”
Other Interesting Searches allintitle:”Index of /” +confidential filetype:doc • A regulatory matters postal letter to an executive at a telecommunications commission, which contained competitor and specific revenue information, and made the following declaration: The release of such information on the public record would allow current and potential competitors to develop more effective business and marketing strategies…
Other Interesting Searches Searches for WS_FTP.LOG give a rather detailed list of files that are updated regularly, and often provides internal network IP information normally hidden from the Internet Name, job title, phone number, and email address of mailroom staff at major military sites Inter-department electronic funds transfers
Other Interesting Searches robots.txt files tell search engines “don’t look here” World-readable and in a known location so the search engines will find it easily, and ignore confidential or private directories What do you find when you do look in those directories?
Other Interesting Searches Passive scanning for vulnerable targets Where to find targets: • Search for phrases commonly found on web-based application interfaces (and especially their error messages) • Sites like http://www.securityfocus.com – provide information that can be used to create search criteria
Unreported Vulnerabilities Many vulnerabilities go unreported and unfixed, despite how obvious they are Example: • HAMWeather is a weather software package that allows websites to provide accurate weather information. Geared towards news sites. • Does not require authentication for any of its administrative processes • Lets search for that administrative program…
More Web Hacking Search engines are a treasure trove of information We’ve looked at general web search engines, but let’s now look at more information specific sites • Administrative web servers • Reconnaissance from the sky • Proxies
Administrative Web Servers Many devices come with web servers enabled by default: • Printers • Routers and Switches • Wireless Access Points
Printers on the Web? Netcraft provides an ongoing tally of web servers operating on the Internet. Can we find web based administration?
Agranat-EmWeb
Several sites seem to have left this particular printer wide open
Reconnaissance We’ve seen a glimpse of various back doors available to web browsers Let’s turn the tables now, and talk much closer to home How much personal detail do we put online for all to see?
Reconaissance Web surfing habits Cookies Resumes Web site histories (www.archive.org) News group posts Friends Relatives School archives Maps
Final Thoughts We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles
Thank You Karsten Johansson KSAJ Inc. www.PENETRATIONTEST.com

Recommended

Web hacking
Web hackingWeb hacking
Web hacking
Prashant Vashisht
 
CC_OverviewBrochure
CC_OverviewBrochureCC_OverviewBrochure
CC_OverviewBrochure
Michael Cunningham
 
Hacking en aplicaciones web
Hacking en aplicaciones webHacking en aplicaciones web
Hacking en aplicaciones web
Hacking Bolivia
 
Hacking
HackingHacking
Hacking
Ranjan Som
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
RajeshP153
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 

Recommended

Web hacking
Web hackingWeb hacking
Web hacking
Prashant Vashisht
 
CC_OverviewBrochure
CC_OverviewBrochureCC_OverviewBrochure
CC_OverviewBrochure
Michael Cunningham
 
Hacking en aplicaciones web
Hacking en aplicaciones webHacking en aplicaciones web
Hacking en aplicaciones web
Hacking Bolivia
 
Hacking
HackingHacking
Hacking
Ranjan Som
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
RajeshP153
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
Jyoti Yadav
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
webhostingguy
 
Internet
InternetInternet
Internet
Sonika koul
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & Internet
VNSGU
 
Introduction to internet
Introduction to internetIntroduction to internet
Introduction to internet
Yusuf Brima
 
Web technology
Web technologyWeb technology
Web technology
Selvin Josy Bai Somu
 
Web analytics
Web analyticsWeb analytics
Web analytics
racerunner
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
Harry Essel
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
webhostingguy
 
SERVICES ON THE INTERNET
SERVICES ON THE INTERNETSERVICES ON THE INTERNET
SERVICES ON THE INTERNET
Riya Gupta
 
Internet
InternetInternet
Internet
wondimu bantihun
 
10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About 10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About
Jesus Rodriguez
 
Internet
InternetInternet
Internet
Cloudbells.com
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
Adin Ermie
 
Web scraping & browser automation
Web scraping & browser automationWeb scraping & browser automation
Web scraping & browser automation
BHAWESH RAJPAL
 
0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf
Zani10
 
Internet &web technology
Internet &web technology Internet &web technology
Internet &web technology
Sharmila Devi
 
BITM3730 11-22.pptx
BITM3730 11-22.pptxBITM3730 11-22.pptx
BITM3730 11-22.pptx
MattMarino13
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 

More Related Content

Similar to Web hacking

Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
webhostingguy
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & Internet
VNSGU
 
SERVICES ON THE INTERNET
SERVICES ON THE INTERNETSERVICES ON THE INTERNET
SERVICES ON THE INTERNET
Riya Gupta
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf
Zani10
 

Similar to Web hacking (20)

1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Software
 
Internet
InternetInternet
Internet
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & Internet
 
Introduction to internet
Introduction to internetIntroduction to internet
Introduction to internet
 
Web technology
Web technologyWeb technology
Web technology
 
Web analytics
Web analyticsWeb analytics
Web analytics
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
SERVICES ON THE INTERNET
SERVICES ON THE INTERNETSERVICES ON THE INTERNET
SERVICES ON THE INTERNET
 
Internet
InternetInternet
Internet
 
10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About 10 Big Data Technologies you Didn't Know About
10 Big Data Technologies you Didn't Know About
 
Internet
InternetInternet
Internet
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
 
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
Global Azure Bootcamp 2017 - Performance and Health Management for Modern App...
 
Web scraping & browser automation
Web scraping & browser automationWeb scraping & browser automation
Web scraping & browser automation
 
0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf0_Leksion_Web_Servers (1).pdf
0_Leksion_Web_Servers (1).pdf
 
Internet &web technology
Internet &web technology Internet &web technology
Internet &web technology
 
BITM3730 11-22.pptx
BITM3730 11-22.pptxBITM3730 11-22.pptx
BITM3730 11-22.pptx
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Web hacking

  • 2. HaX0rz Toolkit Complicated ‘sploits that need a Bachelor’s degree to understand and use Scripts in various languages and syntaxes like C, PERL, gtk and bash Automated scanning tools like nmap and nessus A web browser
  • 3. A Web Browser? Web surfing: • Is easy to do, • Is Operating System independent, • Doesn’t require intimate knowledge of “the system”, • Provides access to vast amounts of data and information, • and topped off with all kinds of data mining tools
  • 4. Web Features Reverse phone number searches Detailed address topological maps Satellite photography of target area Resumes Phone and Email lists Likely targets described in detail Exploit information easy to obtain Data aggregation makes it more serious
  • 5. What We’ll Learn Methods of Reconnaissance The level of sensitive detail companies and organizations leave exposed to the Internet The level of detail about specific people on the Internet The effect of data aggregation on privacy
  • 6. Where to start? Search Engines are one of the first things people learn to use on the Internet Most use highly effective search algorithms to mine the Internet Most provide equally advanced search abilities to the user
  • 8.
  • 9. • Here is a Google hit from MIT, pulled from the cache
  • 10. • allintitle:”Index of /” site:mil
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Sometimes it works when broken From an allintitle:”Index of /admin” search Admin account had been patched But the error information was pretty interesting, too… • Within the full page error report was: Full paths to libraries /home/faraway/opt/cancat/lib /usr/local/share/perl/5.6.1/Apache/ASP.pm /usr/local/lib/perl/5.6.1/DBD/mysql.pm
  • 18. Search Engines allintitle:”Index of /” site:gov site:mil site:ztarget.com filetype:doc filetype:pdf filetype:xls [cached] [view as html] intitle:, inurl:, allinurl: Filetypes include: pdf, ps, wk[12345], wki, wks, wku, lwp, mw, xls, ppt, doc, wps, wdb, wri, rtf, ans and txt
  • 19. Other Interesting Searches Far too many password files to bother counting anymore Access and error logs from a hotel chain • Included booking information and how long customers were staying • Some very well-known people had their full vacation schedules made available to the public Military “Procedures and Practices”
  • 20. Other Interesting Searches allintitle:”Index of /” +confidential filetype:doc • A regulatory matters postal letter to an executive at a telecommunications commission, which contained competitor and specific revenue information, and made the following declaration: The release of such information on the public record would allow current and potential competitors to develop more effective business and marketing strategies…
  • 21. Other Interesting Searches Searches for WS_FTP.LOG give a rather detailed list of files that are updated regularly, and often provides internal network IP information normally hidden from the Internet Name, job title, phone number, and email address of mailroom staff at major military sites Inter-department electronic funds transfers
  • 22. Other Interesting Searches robots.txt files tell search engines “don’t look here” World-readable and in a known location so the search engines will find it easily, and ignore confidential or private directories What do you find when you do look in those directories?
  • 23. Other Interesting Searches Passive scanning for vulnerable targets Where to find targets: • Search for phrases commonly found on web-based application interfaces (and especially their error messages) • Sites like http://www.securityfocus.com – provide information that can be used to create search criteria
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. Unreported Vulnerabilities Many vulnerabilities go unreported and unfixed, despite how obvious they are Example: • HAMWeather is a weather software package that allows websites to provide accurate weather information. Geared towards news sites. • Does not require authentication for any of its administrative processes • Lets search for that administrative program…
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35. More Web Hacking Search engines are a treasure trove of information We’ve looked at general web search engines, but let’s now look at more information specific sites • Administrative web servers • Reconnaissance from the sky • Proxies
  • 36. Administrative Web Servers Many devices come with web servers enabled by default: • Printers • Routers and Switches • Wireless Access Points
  • 37. Printers on the Web? Netcraft provides an ongoing tally of web servers operating on the Internet. Can we find web based administration?
  • 38.
  • 40. Several sites seem to have left this particular printer wide open
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Reconnaissance We’ve seen a glimpse of various back doors available to web browsers Let’s turn the tables now, and talk much closer to home How much personal detail do we put online for all to see?
  • 46. Reconaissance Web surfing habits Cookies Resumes Web site histories (www.archive.org) News group posts Friends Relatives School archives Maps
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. Final Thoughts We have shown a few ways that a web browser can be used to gather huge amounts of target information, and a few ways the web browser can be used to exploit trivial vulnerabilities There are many more online services like the ones pointed out in this presentation It is easy to collect and analyze this information to produce thorough profiles
  • 56. Thank You Karsten Johansson KSAJ Inc. www.PENETRATIONTEST.com