OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many...
Transcript of OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many...
![Page 1: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/1.jpg)
OWASP Mth3l3m3nt Framework
Munir Njiru GET /OMF/begin HTTP/1.1
HTTP/1.1 200 Ok
Cache-Control: private, no-cache, no-store, must- revalidate, max-age=0
Pragma: no-cache Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference
Connection: close
![Page 2: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/2.jpg)
About Me
• Information Security Consultant at Pricewaterhouse Coopers (PwC)
• What I’ve been certified in: Ethical Ninja (Sama), Ethical Ninja (Senpai) , JavaScript for Pentesters (JFP)
• Project Lead for OWASP Mth3l3m3nt Framework.
• Chapter Leader OWASP (Kenya).
• The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
![Page 3: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/3.jpg)
What is it?
• A penetration testing tool and exploitation framework to make penetration testing on the go a reality.
• Current Build Contains?
• Payload Store
• Cookie Theft Database
• Web Herd
• Shell Generator
• Payload Encoder
• Payload Decoder
• Client Side tools
• Whois
• LFI exploiter
![Page 4: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/4.jpg)
Why Mth3l3m3nt?
• Limitations of portability of most web tools.
• Multiple modes of storage for penetration testing data e.g. payloads.
• Based on free tools (PHP, Js, HTML) and uses minimal dependencies.
• Cheap to implement ; so many choices:
• Shared Hosting
• VPS
• Phone/Tablet
• Local Server
• Webservers tested on for support:
• Litespeed
• Apache
• Lighttpd
• Nginx
• IIS
• You
![Page 5: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/5.jpg)
Who can use it?
• Developers
• Security Professionals
• Students
• Software Testers
![Page 6: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/6.jpg)
The Admin’s hand is in the cookie jar
![Page 7: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/7.jpg)
For we came in peace to leave you in pieces
![Page 8: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/8.jpg)
Fixes
• Whitelist what is allowed to be uploaded rather than upload and check once files are already on the server.
• Ensure you filter user input before putting it in the database.
• Test for security before launching.
• NEVER trust a user.
![Page 9: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/9.jpg)
Improvements
• Make web herd have an even lesser fingerprint and also make it more flexible to support external versions of minimal shells via different methods.
• Amalgamate functions to prevent running too many remote commands.
• Include a Crawler/Scanner.
• Add support for other injection attacks.
• Better UI Design.
• Add integration capabilities with other tools of a similar nature.
• Include a module to handle social engineering attacks especially phishing via website vectors.
• Needs work on a generic LFI builder.
…..
![Page 10: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/10.jpg)
Queries?
GET /Understood HTTP/1.1
HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, must-
revalidate, max-age=0 Pragma: no-cache
Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference Connection: close
![Page 11: OWASP Mth3l3m3nt Framework - Africahackon · 2017-03-27 · • Cheap to implement ; so many choices: • Shared Hosting • VPS • Phone/Tablet • Local Server • Webservers tested](https://reader034.fdocuments.us/reader034/viewer/2022050103/5f425f4dc02e9916f3514668/html5/thumbnails/11.jpg)
Contact
GET /find/hacker HTTP/1.1
HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-
revalidate, max-age=0 Pragma: no-cache
Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference Connection: close
Email : [email protected] Web : http://munir.skilledsoft.com Project: http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/ Twitter: @muntopia Phone : <Mteja Wa Nambari Hapatikani Kwa Sasa>