A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


ISSA Kentuckiana Web Pen-Testing Workshop (Hacking Illustrated Series InfoSec Tutorial Videos)

ISSA Kentuckiana Web Pen-Testing Workshop

Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity.

Brought to you by:

Jeremy Druin
Twitter: @webpwnized

Conrad Reynolds
Senior Consultant, NTT Data

Adrian Crenshaw

Links:
Mutillidae Download: http://sourceforge.net/projects/mutillidae/files/?source=navbar
Burp Suite Download: http://portswigger.net/burp/download.html
http://HackersForCharity.org
http://ISSA-Kentuckiana.org
http://Twitter.com/Webpwnized
http://Irongeek.com

Sections:
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin
Part 2: SQL Injection Conrad Reynolds
Part 3: Uploading a web shell via SQLi Jeremy Druin
Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5: Intro to Kentuckiana ISSA Jeremy Druin
Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7: Webshells Demo Adrian Crenshaw
Part 8: Intros to Speakers
Part 9: HTML & Javasript Injection XSS Jeremy Druin
Part 10: XSS & BeEF Conrad Reynolds
Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin
Part 12: JSON injection Jeremy Druin

 

Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin

Part 2: SQL Injection Conrad Reynolds

Part 3: Uploading a web shell via SQLi Jeremy Druin

Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin

Part 5: Intro to Kentuckiana ISSA Jeremy Druin

Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin

Part 7: Webshells Demo Adrian Crenshaw

Part 8: Intros to Speakers

Part 9: HTML & Javasript Injection XSS Jeremy Druin

Part 10: XSS & BeEF Conrad Reynolds

Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin

Part 12: JSON injection Jeremy Druin

Downloads:
https://archive.org/details/WebPenTestingWorkshopPart1IntroToMutillidaeBurpSuiteInjectionJeremyDruin

Notes:

Introduction
JD, Conrad, Adrian, Nancy, Carl, Sullivan, ISSA
Why are we here?

Introduction to Mutillidae
Introduction to Burp Suite

How does the web work?
How do browsers work?

Spidering/Scoping/Proxying: Jeremy
Page(s): Whole Site
Tools(s): Burp-Suite

Injection point identification, canaries, prefixes, suffixes, URL encoding and context: Jeremy
Page(s): User Info: SQL Context
Document Viewer: HTML Attribute Context
Password Generator: JavaScript String Content
Pen Test Tool Lookup (AJAX Version): JSON String Context

SQL Injection: Conrad

Uploading a web shell via SQLi: Jeremy

Authentication Bypass (SQLi): Jeremy
Authentication Bypass (Cookie Tampering): Jeremy

Local File Inclusion: Jeremy
Pages(s): Medium - Source file viewer
Easy - index.php page parameter

%SYSTEMDRIVE%\pagefile.sys
%WINDIR%\debug\NetSetup.log
%WINDIR%\repair\sam
%WINDIR%\repair\system
%WINDIR%\repair\software
%WINDIR%\repair\security
%WINDIR%\system32\logfiles\w3svc1\exYYMMDD.log (year month day)
%WINDIR%\system32\config\AppEvent.Evt
%WINDIR%\system32\config\SecEvent.Evt
%WINDIR%\system32\config\default.sav
%WINDIR%\system32\config\security.sav
%WINDIR%\system32\config\software.sav
%WINDIR%\system32\config\system.sav
%WINDIR%\system32\CCM\logs\*.log
%USERPROFILE%\ntuser.dat
%USERPROFILE%\LocalS~1\Tempor~1\Content.IE5\index.dat
%WINDIR%\System32\drivers\etc\hosts

Remote File Inclusion: Jeremy
Page(s): Easy - index.php page parameter

Web Shells: Adrian

HTML Injection: Jeremy
Page(s): DNS Lookup: No prefix/suffix needed
Document Viewer: Prefix/suffix needed

Cross Site Scripting / Beef Hooks: Conrad

Cross Site Request Forgery: Jeremy
Page vulnerable to XSS: DNS Lookup
Page to exploit: Add to your blog

JavaScript Injection: Jeremy
Page(s): Password Generator

JSON injection: Jeremy

Unvalidated Redirects: Jeremy
Page(s): credits.php

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast