Top Ten Web Hacking Techniques (2010)

Conference: InsomniHack (21 March 2014) Talk speakers: Michele Orru (@antisnatchor) Krzysztof Kotowicz (@kkotowicz) Talk abstract: A bag of fresh and juicy 0days is certainly something you would love to get as a Christmas present, but it would probably be just a dream you had one of those drunken nights. Hold on! Not all is lost! There is still hope for pwning targets without 0days. We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system. The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc. We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient. You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.

Video recording of the talk: https://connect.ruhr-uni-bochum.de/p3g2butmrt4/ HTML5 is quickly gaining media attention and popularity among browser vendors and web developers. Having tremendous features, together with its sister specifications like Drag & Drop API, File API or Geolocation it allows developers to build rich web applications that easily blend with desktop & mobile environments. The talk will be focused on finding the weakest link and combining several recent attack techniques to turn a security vulnerability into a successful exploit. We'll show how to build a successful advanced UI-Redressing attack (also known as clickjacking), presenting the latest findings in this field, including malicious games and quizes. We'll work on file upload functionalities in current web applications and see how attackers might use HTML5 APIs for their advantage. Putting all these building blocks together will enable us to launch an attack and exploit even the otherwise unexploitable vulnerabilities.

My presentation from Framsia. Topics: XSS (reflected, stored, dom-based) CSRF Clickjacking Header based approaches (CSP, X-frame-options) EcmaScript5 HTML5 Some slides borrowed from John Wilander http://www.slideshare.net/johnwilander/application-security-for-rias

Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack. Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported. In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron. --- Yosuke Hasegawa Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others. OWASP Kansai Chapter Leader, OWASP Japan Board member.

Demonstration based session on HTTP headers relevant to security aspect of web applications. Target audience is web developers, and more attention is given to Java language.

XSS (cross-site scripting) is a client-side vulnerability that allows injection of malicious JavaScript which can then be run on a victim's browser. The document discusses different types of XSS (non-persistent, persistent, DOM-based), examples of how to perform basic and advanced XSS attacks, ways XSS has been used on major websites, and how attackers can exploit XSS vulnerabilities for activities like session hijacking, cookie stealing, clickjacking, and more.

This document summarizes techniques for securing Java EE web applications with secure HTTP headers. It discusses cross-site scripting (XSS) and how to prevent it using the HttpOnly and X-XSS-Protection headers. It also covers session hijacking and how to prevent it with the Secure and Strict-Transport-Security headers. Finally, it discusses clickjacking and demonstrates how it works.

Often, web developers keep hearing about "Same Origin Policy (SOP)" of browsers but live with half-knowledge or with several confusions. This session attempts to clear the misconceptions of SOP.

This document discusses security considerations for using UIWebView on iOS. It recommends only loading trusted content, implementing input validation, and using features like Content Security Policy (CSP) to mitigate risks like cross-site scripting (XSS). The document provides code examples for implementing CSP and filtering untrusted content. It also warns that JavaScript bridges between UIWebView and native code need special attention from a security perspective.

Slides of my talk at RuxCon 2013: For those who do not listen Mayhem and black metal, the talk title might seem a bit weird, and I can't blame you. You know the boundaries of the Same Origin Policy, you know SQL injection and time-delays, you know BeEF. You also know that when sending cross-domain XHRs you can still monitor the timing of the response: you might want to infer on 0 or 1 bits depending if the response was delayed or not. This means it's possible to exploit every kind of SQL injection, blind or not blind, through an hooked browser, if you can inject a time-delay and monitor the response timing. You don't need a 0day or a particular SOP bypass to do this, and it works in every browser. The potential of being faster than a normal single-host multi-threaded SQLi dumper will be explored. Two experiments will be shown: WebWorkers as well as multiple synched hooked browsers, which split the workload communicating partial results to a central server. A pure JavaScript approach will be exclusively presented during this talk, including live demos. Such approach would work for both internet facing targets as well as applications available in the intranet of the hooked browser. The talk will finish discussing the implications of such an approach in terms of Incident Response and Forensics, showing evidence of a very small footprint.

This document discusses various tools from the OWASP project for securing modern web applications, including ESAPI and the Java Encoder for output encoding, the Secure Headers Project for response headers, and CSRFGuard for cross-site request forgery protection. It emphasizes using security features like content security policies, strict transport security, and X-frame options headers to help mitigate risks like cross-site scripting and clickjacking attacks. The document also demonstrates cross-site request forgery vulnerabilities using the OWASP 1-Liner application and how to address them with anti-CSRF tokens.

This document discusses DNS rebinding attacks and defenses against them. DNS rebinding works by resolving a domain name to the attacker's IP address for a short time, then rebinding it to the target's IP. This allows the attacker to circumvent the same-origin policy and run code on the target's machine. Experiments showed the attack could recruit over 30,000 browsers to a botnet without any user interaction using Flash. Defenses include smarter pinning in browsers, host name authorization, and policy-based approaches. Plug-ins also need to consult server policies before opening sockets.

XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple's components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere - Anti Viruses, Messengers, Privacy tools, Firewalls, and more. This presentation: 1.Explain how XPC/NSXPC work 2.Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t) 3.Abuse an interesting feature on Catalina allowing to inject an unsigned dylib 4.Show you how to fix that vulnz finally!

The document provides an overview of secure web messaging in HTML5. It discusses how traditional methods of communication like JavaScript, AJAX, and frames had limitations due to the same-origin policy. The HTML5 postMessage API allows for secure cross-origin communication between frames by abstracting multiple principals. While more secure than previous techniques, the postMessage API still requires careful configuration of target origins, validation of received data, and mitigation of framing attacks to prevent security issues like cross-site scripting.

This document discusses security challenges with web applications that combine content from multiple sources (mashups). It covers how the same-origin policy isolates origins but exempts scripts, allowing cross-site scripting attacks. Frame-based communication and the postMessage API provide secure cross-origin messaging capabilities. The document recommends sandboxing iframes and using features like CORS to mitigate risks in mashups.

The WhiteHat Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address to avert attack. WhiteHat has been publishing the report, which highlights the top ten vulnerabilities, vertical market trends and new attack vectors, since 2006. The WhiteHat report presents a statistical picture of current website vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the industry to focus solely on unknown vulnerabilities in custom Web applications, code unique to an organization, within real-world websites.

This document provides instructions for exploiting various web application vulnerabilities, including remote file inclusion (RFI), local file inclusion (LFI), SQL injection, and more. It begins by explaining RFI and how to exploit it, including using a null byte bypass. It then covers LFI and how to escalate it to remote code execution (RCE). Other sections discuss uploading shells via LFI and Firefox, exploiting vulnerabilities to download local files, full path disclosure, SQL injection techniques, and automatically uploading a shell via a phpThumb() command injection vulnerability. The document aims to serve as a tutorial for hackers to learn various web hacking methods.

This document discusses HTML5 web messaging and the same origin policy. It introduces the MessageEvent object used to handle cross-document messaging and describes how to use the postMessage() method and MessageChannel interface to communicate across browsing contexts from different origins securely. Examples are given of using web messaging to extend the browser's capabilities by communicating between injected scripts, pages, and background processes.

Security Risk Management: ovvero come mitigare e gestire i rischi dei dati attraverso i servizi gestiti. - by Hitachi Systems - festival ICT 2015 Relatore: Denis Cassinerio Security Business Unit Director di Hitachi Systems CBT

This is the first part of the Grow Hack Athens presentation by GrowthRocks, entitled GrowHackAthens: Growth Hacking For Web Apps.

The document discusses various web application attacks like cross-site scripting, SQL injection, cross-site request forgery, sensitive data exposure, and cookie editing. For each attack, it provides information on threat agents, attack vectors, security weaknesses, impacts, prevalence, detectability, example exploits, and steps to prevent the attack. The overall document serves as an educational guide on common web hacking techniques and how to avoid falling victim to them.

My talk on HPP at BlackHat USA 2011. These slides are an updated version of my other talks on the same topic.

This document discusses security issues related to Flash applications and cross-domain access. It covers how the crossdomain.xml file controls cross-domain access and demonstrates how this can be exploited. Attack surfaces like global parameters, external resources, and HTML text areas are described. The document recommends limiting JavaScript access in embedded Flash, ensuring configurations and external resources come from trusted domains, and sanitizing data in HTML text areas.

- The document summarizes a study of flash crowd dynamics in a peer-to-peer live video streaming system called Coolstreaming. It analyzes data collected during a flash crowd event when tens of thousands joined simultaneously. - It finds the number of short sessions (under 2 minutes) increases significantly during a flash crowd, correlated with high joining rates. This suggests new peers struggle to start playback due to limited resources. - User retry behavior is also analyzed, showing users try multiple times to join during a flash crowd. The system can scale up to a limit but with longer startup delays and potential disruptions during flash crowds.

The document discusses vulnerabilities in Adobe Flash and the risk of exploitation. It provides a history of Flash exploits from 2001-2008, noting common bugs like file format validation issues and input validation errors. It analyzes trends in Flash security advisories, finding that almost half of vulnerabilities allow remote code execution. The document warns that a Flash virus or worm is inevitable given the widespread use of Flash and continued emergence of vulnerabilities.

El documento describe los mensajes de control y error del conjunto de protocolos TCP/IP. Explica que el protocolo ICMP se utiliza para enviar mensajes de error y control entre dispositivos de red, ya que IP por sí solo no garantiza la entrega de paquetes ni proporciona notificaciones de errores. Además, describe diversos tipos de mensajes ICMP como eco, redireccionamiento, marca de tiempo y destino inalcanzable, así como sus usos para diagnosticar problemas de comunicación en redes IP.

This document introduces Proxenet, a hacker-friendly web application proxy designed to be easily extensible through plugins. Proxenet is written entirely in C for high performance. It uses a microkernel approach where a small core handles connections and delegates all other functionality to plugins. Plugins are simple to create, requiring only request and response hook functions. The document demonstrates how Proxenet can be used for man-in-the-middle attacks by modifying HTTP traffic using plugins during active directory poisoning attacks on internal networks.

Este documento define los virus informáticos y describe sus características, efectos y clasificaciones. Los virus son programas dañinos que se ocultan, propagan e infectan otros ordenadores. Pueden consumir recursos, disminuir el rendimiento y destruir información. Existen varios tipos como caballos de Troya, camaleones, polimorfos y gusanos. Los virus son creados por hackers para causar daño. Se recomienda usar software antivirus y no ejecutar archivos sospechosos para prevenir infecciones.

The top 10 security issues in web applications are: 1. Injection flaws such as SQL, OS, and LDAP injection. 2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser. 3. Broken authentication and session management, such as not logging users out properly or exposing session IDs. 4. Insecure direct object references where users can directly access files without authorization checks. 5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend. 6. Security misconfiguration of web or application servers. 7. Insecure cryptographic storage of passwords or sensitive data. 8

El documento introduce los conceptos de malware y virus informáticos, describiendo sus características, clasificaciones, formas de propagación y daños. Explica los tipos de virus como boot sector, file, macro y encriptados, así como sus síntomas y etapas de contaminación. Finalmente, recomienda medidas de protección como software antivirus, firewalls e implementación de políticas de seguridad.

This document advertises 1TopSpy cell phone tracking software and describes its features for hacking into phones and monitoring activity. It claims the software can track location, read texts, messages on apps like WhatsApp and Facebook, and more across millions of phones. The summary provides instructions to download the software onto a target phone, login on a computer, and begin monitoring. Customer testimonials praise the software's usefulness for parenting and employee monitoring.

La seguridad de la información busca proteger los activos de una empresa o individuo, como la información, equipos y personas, mediante el resguardo de los principios de integridad, confidencialidad y disponibilidad de la información. Esto se logra identificando amenazas y vulnerabilidades, y aplicando medidas de seguridad como análisis de riesgos y políticas de seguridad.

This document provides information on open source intelligence (OSINT) techniques for information gathering. It discusses performing passive, semi-passive, and active information gathering. Key areas of focus are infrastructure intelligence gathering to identify networks and domains, and people/organization intelligence gathering to find emails, metadata in documents, and profiles of employees. A variety of tools are recommended to automate the process, including Maltego, theHarvester, FOCA, and APIs from services like Zoominfo.

This document describes how to use 1TopSpy software to hack and track any mobile phone within 5 minutes. It lists the features of 1TopSpy including tracking GPS location, monitoring text messages, calls, WhatsApp messages, and more. The summary describes downloading and installing 1TopSpy on the target phone, logging into the 1TopSpy website to begin monitoring. Customer testimonials praise 1TopSpy for allowing worried parents and businesses to discreetly monitor mobile activity.

Frameworks are undeniably one of the most important elements of frameworks. As we continue to witness a significant increase in number of framework-based attacks towards web applications each day, usage of Frameworks without considering security-related aspects continue to be the most drastic problem that developers face. Throughout the presentation; Mr. İnce will analyze one of the most commonly-used PHP web frameworks by highlighting important security considerations; followed by a real-time exploitation of discovered vulnerability in LAB environment.

Many notable and new web hacking techniques, discoveries and compromises were uncovered in 2008. During his session, the top 10 vulnerabilities present in 2008, as well as some of the prevalent security issues emerging in 2009. Attendees will virtually be able to walk through the vulnerabilities appearing on today’s corporate websites, learning real-world solutions to today’s web application security issues. Moderator: Mike Stephenson, SC lab manager, SC Magazine - Jeremiah Grossman, founder and chief technology officer, WhiteHat Security

The document discusses securing web applications from common vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF). It outlines various techniques attackers use to exploit these issues, such as injecting malicious scripts into user input or forging unauthorized requests. The document then provides recommendations for developers to prevent these attacks, such as carefully validating and encoding all user input, and authenticating that requests are intended by the user.

Caleb Sima is the founder and CTO of SPI Dynamics, a security company. He has over 11 years of experience in security and is a frequent speaker on topics like exploiting web security vulnerabilities and hacking web applications. The document discusses various web application vulnerabilities like SQL injection, cross-site scripting, and session hijacking, and provides examples of exploiting these vulnerabilities on real websites.

Cross-Site Request Forgery (CSRF) is a major web vulnerability that forces users to perform unintended actions on websites. It remains underreported due to the difficulty of detection. CSRF can be used to hijack user accounts, modify browser settings, and force purchases without user awareness or consent. While solutions like tokens exist, many websites remain vulnerable to CSRF attacks.

I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in “securITy” Information Security Conference at BASIS SoftExpo 2012

The document provides instructions for setting up a lab environment to practice HTML5 hacking techniques. It includes details on installing VirtualBox and shared folders, as well as IP addresses to use for the "localvictim" and "evil" servers. The remainder of the document outlines a plan to cover various HTML5-related attacks, including bypassing the same-origin policy, exploiting XSS vectors in HTML5, attacking with cross-origin resource sharing and web messaging, targeting client-side storage, and using web sockets. Disclaimers are provided about the practical nature of the workshops and limited time.

Top 10 Web Hacks Every year the number and creativity of Web hacks increases, and the damage from these attacks rises exponentially, costing organizations millions every year. Join this webinar to learn about the latest and most insidious Web-based attacks. The much anticipated list, now in its seventh year, represents exhaustive research conducted by a panel of experienced security industry professionals. Learn the latest of the worst in Web hacks, and how to protect your organization.

Cross-Site Request Forgery (CSRF) is a type of malicious attack that tricks a user into unknowingly executing unwanted actions on a web application. The attacker creates hidden HTTP requests that get executed in the victim's browser using their authentication credentials. This allows the attacker to perform sensitive functions like changing passwords, making purchases, or posting comments on the victim's behalf. Defenses include using secret tokens or custom headers to validate requests and prevent CSRF attacks. The Firefox add-on CsFire also helps protect users by removing authentication information from cross-domain requests.

1) The document discusses new hacking techniques that can exploit browsers and access internal corporate networks even when the browser has JavaScript disabled or restricted. These techniques bypass traditional perimeter security measures. 2) One technique uses CSS to steal a user's browsing history without JavaScript. Another obtains the user's internal IP address using a Java applet and then port scans the internal network to find vulnerabilities. 3) The author concludes that a user's browser, when visiting public websites, can potentially be silently hijacked to target and hack resources on the internal corporate network.

The document discusses security considerations for HTML5. It notes that while HTML5 specifications are not inherently flawed, bad code can introduce new vulnerabilities. It outlines several attack vectors like XSS, history tampering, web storage manipulation, and clickjacking. It also discusses mitigations like script isolation, cross-document messaging, sandboxing, and CORS, noting their limitations. The document aims to raise awareness of the expanded client-side attack surface in HTML5.