@WOOLY6BEAR



WHAT TO – HTMLBasic HTML Format:(see hint at bottom for info on how to view source code)(copy from browser into notepad so you can edit it)<html><head>Config and style information. Ignore this whole section for hackjam</head><body>Body of page to display in browserFind specific section of code you need and delete everything before/after out to clear the clutter</body></html>HomeIntroductionBasicAttributes <iframe src=test.htm></iframe>HTML Events (in HTML References section)OnloadOnerrorOnfocusKeyboard eventsMouse eventsCommentsImagesIframeJavascriptFormsInputInput typesActionButtons (Submit)Not on site: hidden – JavascriptIntroductionCommentsJS Examples sectionJS ReferenceJavascript Objects (this goes beyond javascript, relevant for SQL as well.)String(needs quotes “ or ‘)Number (no quotes) – SQLBasic structure: SELECT * FROM CUSTOMERS WHERE CustomerID = 1;As an English sentence: “Select The Folder That Contains Everything About The Customer, From the Customers Filing Cabinet, Where The CustomerID On The Folder Equals 1.”HomeIntroSyntaxSelectWhere (pay close attention to ‘Operators in The WHERE Clause’ section. != same as <>)Alternate operators: OR operator is “||”And & Or (pay attention here)Injection !!! important !!!WildcardsNot on site: “--“ added to end of SQL statement tells it to ignore everything afterDon’t forget “;” on endSQL injection involves getting the results of your input to pass more information than intendedCommon SQL injections:When looking for a number from the input: 1 or 1=1When looking for text from the input: X’ or ‘1’=’1X” or “1”=”1When looking for an email address:How do we make a string look like an email address and still return all the fields like the previous examples do? Email validators will look for the format of [______]@[___].com. Select * From UserTable Where Email = ‘ _______ ‘;Hint - Answer will include an ORHint - how can we incorporate the <> or != operators to accomplish this?To bypass filtering of “OR”, try nesting: OORR, OOORRR, OOOORRRRR. Your input will look like similar to: ‘ OOORRR ‘1’=’1-- (double hyphens) at the end will comment out rest of statement.SELECT * FROM customer WHERE username=’____’ AND password=’ ______’Input 1’or’1’=’1’-- as the username and X as passwordSELECT * FROM customer WHERE username=’ 1’or’1’=’1’--’ AND password=’X’ (everything in red will be commented out leaving you with your needed ‘1’=’1’ statement)Top 10 most common usernamesrootadmintestguestinfoadmmysqluseradministratororacle?Top 15 most common passwords123456password1234512345678qwerty1234567891234baseballdragonfootball1234567monkeyletmeinabc123111111View Source Code of the FRAME, not the entire siteMove mouse down close to inputRight-Click and chose VIEW FRAME SOURCEPossible way of breaking a XSS – Cross Site Scripting module:Depending on how the developer sanitizes and validates the input, any one of these may work.Most common - javascript: <script>alert(1)</script>Redirect an image tag with a source it can’t find: <img src="not_here.jpg" onerror="alert(1)" /> (notice the double quotes about attribute values)Display a button, when user clicks, display script: <input type="button" onclick="alert(1)"/><iframe src="javascript:alert(1);"></iframe>Crypto Hints – help in recognizing which tool to usemd5 – fixed length 32 alpha-numeric characters longbase64 - is variable lengths and is usually padded on the end with 1 or 2 = signs, sometimes 0 though. = is the giveaway.Caesarian shift – includes spacing and alpha characters only. Figure out how many chars were shifted. A=D, B=E, C=F…Caesarian keyed – same as shift but a word is made first than remaining alphabet. Key: spikeabcdfghjlmnoqrtuvwxyzVigenere – alpha characters only, along with a key wordSubstitution – every letter replaced with drawing, color, picture, number, symbol, or letter. Frequency Analysis tool helpful in solving this.HINTSEasier to find cookies in ZAP instead of using any of the cookie programs. Have to make changes in ZAP anyway.Sometimes links display as just a page name, example: test.htmlSometimes a folder is included in the name: folder/text.htmlTo navigate to the page, find the current URL and remove everything on the end back to the last ‘/’ then add link info.Current Page: : new_page.htmlResult1: Link2: folder2/new_page.htmlResult2: folder2/new_page.html Possible locations to find vulnerabilities: (important!)Submit to ZAPPOST parametersGET parameters in the URL stringCookiesSource code of the frameURLInput boxes = injection of some sortBroken down by category – ask yourself what type of information is associated with that category?InjectionInput boxes. No tools needed (double hint: all SQL Injection)Auth/SessionMostly cookie related, source code and Post parameters. Need ZAPXSSInput boxes, no tools (xss is just a form of injection)Direct Obj RefNeed ZAP, change parameters being passedSecurity MisconfigNo tool, default settings, information leakageSensitive Data ExpCrypto toolsAccess CtrlMay need ZAP, view source codeCSRFInfo in description, update with ID given to you at end of description along with URL for hackjam. RedirectsProbably won’t reach this point, but Add URL + (vuln function) + URL + request + UserdIDFINALLY – Everything in the iframe of the module is there to help you solve the module. Nothing is there just to be there. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download