Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity.
Brought to you by:
Jeremy Druin
Twitter: @webpwnized
Conrad Reynolds
Senior Consultant, NTT Data
Adrian Crenshaw
Links:
Mutillidae Download:
http://sourceforge.net/projects/mutillidae/files/?source=navbar
Burp Suite Download:
http://portswigger.net/burp/download.html
http://HackersForCharity.org
http://ISSA-Kentuckiana.org
http://Twitter.com/Webpwnized
http://Irongeek.com
Sections:
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy
Druin
Part 2: SQL Injection Conrad Reynolds
Part 3:
Uploading a web shell via SQLi Jeremy Druin
Part 4:
Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5:
Intro to Kentuckiana ISSA Jeremy Druin
Part 6:
Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7:
Webshells Demo Adrian Crenshaw
Part 8:
Intros to Speakers
Part 9:
HTML & Javasript Injection XSS Jeremy Druin
Part 10:
XSS & BeEF Conrad Reynolds
Part 11:
What we have of CSRF
(Camera ran out of space, slides kept going) Jeremy Druin
Part 12:
JSON injection Jeremy Druin
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin
Part 2: SQL Injection Conrad Reynolds
Part 3: Uploading a web shell via SQLi Jeremy Druin
Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5: Intro to Kentuckiana ISSA Jeremy Druin
Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7: Webshells Demo Adrian Crenshaw
Part 9: HTML & Javasript Injection XSS Jeremy Druin
Part 10: XSS & BeEF Conrad Reynolds
Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin
Part 12: JSON injection Jeremy Druin
Downloads:
https://archive.org/details/
Notes:
Introduction
JD, Conrad, Adrian, Nancy, Carl, Sullivan, ISSA
Why are we here?
Introduction to Mutillidae
Introduction to Burp Suite
How does the web work?
How do browsers work?
Spidering/Scoping/Proxying: Jeremy
Page(s): Whole Site
Tools(s): Burp-Suite
Injection point identification, canaries, prefixes, suffixes, URL encoding and context: Jeremy
Page(s): User Info: SQL Context
Document Viewer: HTML Attribute Context
Password Generator: JavaScript String Content
Pen Test Tool Lookup (AJAX Version): JSON String Context
SQL Injection: Conrad
Uploading a web shell via SQLi: Jeremy
Authentication Bypass (SQLi): Jeremy
Authentication Bypass (Cookie Tampering): Jeremy
Local File Inclusion: Jeremy
Pages(s): Medium - Source file viewer
Easy - index.php page parameter
%SYSTEMDRIVE%\pagefile.sys
%WINDIR%\debug\NetSetup.log
%WINDIR%\repair\sam
%WINDIR%\repair\system
%WINDIR%\repair\software
%WINDIR%\repair\security
%WINDIR%\system32\logfiles\w3svc1\exYYMMDD.log (year month day)
%WINDIR%\system32\config\AppEvent.Evt
%WINDIR%\system32\config\SecEvent.Evt
%WINDIR%\system32\config\default.sav
%WINDIR%\system32\config\security.sav
%WINDIR%\system32\config\software.sav
%WINDIR%\system32\config\system.sav
%WINDIR%\system32\CCM\logs\*.log
%USERPROFILE%\ntuser.dat
%USERPROFILE%\LocalS~1\Tempor~1\Content.IE5\index.dat
%WINDIR%\System32\drivers\etc\hosts
Remote File Inclusion: Jeremy
Page(s): Easy - index.php page parameter
Web Shells: Adrian
HTML Injection: Jeremy
Page(s): DNS Lookup: No prefix/suffix needed
Document Viewer: Prefix/suffix needed
Cross Site Scripting / Beef Hooks: Conrad
Cross Site Request Forgery: Jeremy
Page vulnerable to XSS: DNS Lookup
Page to exploit: Add to your blog
JavaScript Injection: Jeremy
Page(s): Password Generator
JSON injection: Jeremy
Unvalidated Redirects: Jeremy
Page(s): credits.php
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek