Web App Pen Testing tools of the trade - denver.issa.org APP PEN TESTING TOOLS OF THE TRADE ISSA ALL...
104
WEB APP PEN TESTING TOOLS OF THE TRADE ISSA ALL DAY TRAINING
Transcript of Web App Pen Testing tools of the trade - denver.issa.org APP PEN TESTING TOOLS OF THE TRADE ISSA ALL...
WEBAPPPENTESTINGTOOLSOFTHETRADE
ISSAALLDAYTRAINING
SERGEBORSONOVEMBER2016
ABOUTME
• JurassicPark(1993)• Biometrics• BankingApplicationSecurity• ApplicationDevelopment• PenetrationTesting• SANSCommunityInstructor• Owner:SpyderSec(InformationSecurityConsulting)
ABOUTTHISTRAINING
• Whatyousignedupfor…• WebAppPenTestingToolsofTheTrade• Methodology,vulnerabilities,manualandautomatedexploitation• Talkabouttopic– thenexploretopicinteractively(LecturethenLab)• Hands-on• Focusontools• Learn&HAVEFUN!
HANDS-ONLABS
• Thereare5ofthem:• Browsers• Proxies• Nmap/bash• sqlmap• BeEF• Mygoal/intentisforyoutoleavewithknowledgeofthetopicscoveredandanunderstandingoftheirrelevancyforyouinyourcurrent/futurerole
PROGRESSIONOFTODAY8:00- 4:30
• Breakfast- Intro• Lecture– Lab#1• Lecture– Lab#2• Lecture– Lunch– Lab#3• Lecture– Lab#4• Lecture– Lab#5
CRITICALINFORMATION
• LocationofrestroomsJ• Networkconnectivityandyourlaptop(youhaveKaliright?)• Makesureyoucanaccesstheinternet• Incaseofemergency• Permissiontoengageinattackscenarios• Questions/AnythingImissed?
TELLMEABOUTYOU
• Name• Occupation• Experience
• Whatyouwanttogetoutofthisclass(anddon’tsayCPEsJ )
WEBAPPLICATIONS
• Whatarethey?• Appvswebsite• Howdotheywork?• CommonExamples…
PENETRATIONTESTING
• Whatisit?• Whattypesarethere?• Whatiswebapppentestingspecifically?• RedTeam,BlueTeam,whitebox,blackbox,greybox…• Whatitthegoal?• Scanningvspenetrationtesting
TOOLS
• Whatwouldatoolbeinthiscontext?• Software!• Scripts• Specifictotheweborapplicationsornetworkconnectivity
LETSBEGINWITHBROWSERS
• Abrowseristhe#1toolforaWebApplicationPenetrationTester;seriously• Butwhy?Andwhywouldwecareaboutthebrowser?• Wecarealotactually• Renderpages• Accessingsites(compatibilitymodesorRIA)• Makeourliveseasier(automation)• Visibilitybehindthescenes• Interactingwithapplications(HTML5support)
BROWSERCHOICES• Firefox• Chrome• Opera• Safari• Mobilebrowsers• Links(textbasedbrowser)• Andifyouhavenothingelse…IE• Donottakestatsatfacevalue(w3schools.com)
FIREFOX
• Yes,FireFox• FireFox isKingbecauseofit’sversatility(thisisallsubjective)• Versatilityasin:Add-ons!• Proxysupportisunmatched(lesssubjective)Note– grouppolicyatoffice*• ThisisNOTthemostsecure,orfastestoradvanced
• Usethebesttoolforthegivenjob– ThiswillbearecurringthemeJ
CHROME
• Anothergreatchoice(dependingonthesituation)• Stable,fast,modern(CSS3,HTML5– goodsupportforboth)• Webdevelopmenttoolsarequitegood• Moresecurethansome(sandboxing)• Notthemost“advanced”
ANDTHEREST…
• WejokeaboutIEbutEdgeisactuallynotbad• Howwillpagesrender?• Whatadd-onsaresupported?WhatOSdowehave?• SecurityandfeaturescomeintoplaywithXSSattacks
TRIVIA
• Q:Whichbrowsernowoffersfreebuilt-inVPNsupport?• Meaningyouopenyourbrowser,clickabuttonandconnecttoaVPN
• A:Operaasofabout2monthsabout…anditworkswell!
KEEPINGINMIND
• Theapplication/engagementmightdictatethebrowserweuse• Doweneedcustomproxysupport?That’sFireFox• ActiveX?That’sgoingtobeIEforsure• AdvancedHTML5andjs supportrequired?Chromeisagoodchoice• Arewerestrictedtoaterminalforsomeoddreason?Linkstotherescue• Goesbacktothebesttoolforthejob• Whichbrowserareyoumostcomfortablewith?• It’sprobablygoingtobeIceWeasel todayJ
THEGOALOFGETTINGTOKNOWYOURBROWSER
• Learnitssecrets• Strengths,weaknesses• Allaboutwieldingatoollikeaprofessional• Youwouldn’tusegoogletosearchthecontentsofasitewithout“site:”right?
• Whatdoesthatmean?• Ifyouaregoingtodosomething,doitwell
LAB#1BROWSERS
• #1SpinupKali• #2OpenBrowser(IceWeasel)• #3Browsetodenvertrainingday.com:11432/BrowserLab1.php• #4Followinstructionsonpage• Alreadycompleted/seekingsomethingmoreadvanced?Goto/BLA.php
BROWSERRECAP
• CircumventingHSTS*• Viewingheaders• Modifyandexportcookies• Easyproxychanges• Tamperwithrequests• AssessApplications– easytofindvulnerabilitiesQuestionsonthisLab?
INTERCEPTIONPROXIES
• Twothatwewilltalkabout:• OWASP’sZAP• Burp(Freeversion)• Severalothersavailable
WHATISANINTERCEPTIONPROXY• Anothertool– thisoneallowsustoviewandmodifyrawHTTPrequests• Softwarethatsitslogicallybetweenthebrowserandwebapplication• Browsersendsallrequeststotheproxy• Proxyforwardstheserequeststotheintendedwebapplication• Webapplicationresponds,responsegoesbackthroughproxy• Proxysendsresponsebacktobrowserandthepageloadsinbrowser• Lookslikethis…
PROXYVIEW
PROXYVIEW
INTERCEPTIONPROXYSPECIFICS• Potenttoolforourarsenal• Youcangetbywithabrowserandaproxyformajorityofthetesting(dependingonscope)
• Theproxyiswhereautomationcomesintoplay• Andattacks:• Malicioustraffic• Fuzzing• Identifyingvulnerabilities
VULNERABILITIESWECANEXPECTTOFIND
• Usingaproxyasapassiveoractivescanner• Essentiallywatchesyourrequestsaswellasserverresponses• Determinesifthereareissuessuchas:• XSS• SQLi• XSRF(CSRF)• Harvesting• Insecureconfigurations&more
SPEAKINGOFVULNERABILITIES
• Weakness• Attacksurface• SecurityBug• WithanOSorsoftwarewetypicallyhaveapatchforremediation• Awebappvulnerabilityfixmightentailacodechangeanddeployment• Afteritmakesittothebacklogandafterthoroughtestingandapprovals• Manyvulnerabilitieswillnotbefixed*really*
VULNERABILITIESREMAIN
• Andtheylingerforyearssometimes• Usuallyduetolowriskorlowprobabilityofexploitation• InMANYcasesbecausesecuritypeopledon’texplaintheriskwellenough• Othertimesit’s3rd partycodeandwedon’thavedirectcontrol/influence• Alotoftheriskcomesdownontheclientoruseroftheapplication• Riskisthecriticalelementthough,evenSQLi mightnotgetfixed*
HOWDOWEFINDTHESEVULNERABILITIES?
• Wellwehaveamethodology:• Recon• Mapping• Scanning• Exploitation• Toolslikeaproxyhelpinsomephasesmorethanothers
RECON• OSINT• Googlesearches• Sourcecode(HTML)orrepository• Whois• DNS• Etc• Proxieshelpwithautomatingsomeofthisbutnotmuch
MAPPING
• Thisisthedomainoftheproxysotospeak• Mappingiswhereaproxyexcels• Basicallythisisspidering theside• Morespecificallywearelookingforallpages,allfeatures/functions,businesslogic,andtherelationshipsbetweenapplicationcomponents
• Aproxywillautomatethisandmakeusawareofeverythingitcanfind
SCANNINGANDFUZZING
• NotsprayingtheheapandlookingforRCE• Mentionedpassivevsactivescanning• Oncewehaveasolidmapoftheapplicationwecanstartactivelyscanning• Thisiswhereweleverageawebappvulnerabilityscanner• ZAPhasonebuilt-inaspartofthetool• WithBurpwehavetopayforproversiontogetscanningfeatures$350
LASTSTEP(S):EXPLOITATIONANDSTARTOVER
• Exploitationismoreoramanualprocessinasense• Oncewefindanissueweexploitit• Findnewattacksurfaceandstartthecycleoveragain• Supposewesuccessfulgainadminrightstoanapplication• Nowwemapnewfeaturesoftheappwedidn’tknowaboutbefore• It’saniterative/cyclicalmethodology…
BACKTOTHEPROXY
ZAPVIEW
LEVERAGINGAPROXY
• Starttheproxy• Configureit(defaultsworkfineforawhile)• Configureyourbrowsertouseit• Learnaboutthefeatures• Seehowitcanbeusedtomakeyourlifeeasier• Seehowitcanbeusedtomakeyourtestingmoreefficient• Let’sdoademothenalab
PROXYDEMO:SCANNINGANDFUZZING
• Goalistoshowhowtouseabrowser&proxytoscanandfuzzatarget
LAB#2PROXY• #1LogintoKali• #2OpenBrowser(IceWeasel)• #3Browsetodenvertrainingday.com:11432/ProxyLab1.php• #4Followinstructionsonpage• Alreadycompleted/seekingsomethingmoreadvanced?Goto/PLA.php• Takeabreak
PROXYRECAP
• Whatdidwelearn?• That“intercept”buttonisannoying• Youwillbepromptedtosubmitpopulatedforms• Thisisnotavulnerabilityscanner,takeslotsofmanual“driving”• Greatatautomatingsometasks• Yougetwhatyoupayfor(throttling)
LET’STALKNMAP ANDBASH
• Webapplicationpenetrationtestingisnot100%webappfocused…ever• Wehavetolookforplatformvulnerabilities• BepreparedtoidentifyandexploitSSLissues(heartbleed)• AswellasinjectionvulnerabilitieswhichcanleadtoOSaccess• Onceashellisgainedandevenduringpursuitweshiftawayfromtheapp• Thereforewewieldmultifunctionaltools,likeaSwissarmyknifeperhaps
NMAP
• Thefirstoneofthesetoolsisnmap• Thehighestqualitynetworkmappingtool• Usuallyusedtofindopenports• Identifyrunningservices• OSchecks• Traceroute• Troubleshootnetworkingissues• AndhelpTrinity
NOTJUSTAPORTSCANNERHOWEVER
• Justusingnmap forportscanning…comeoutofthestoneage• NSE– thenmap scriptingengine• Extensibility• Lua basedprogramminglanguageallowsustocreateourownscripts• ls/usr/share/nmap/scripts|wc -l• Severalhundredsuchscriptsarecurrentlyavailablebydefault
NSE
• Methodologyonceagain:Recon,mapping,scanning,exploitation• Reconscripts• Mapping/spidering script(s)• Scanningoptions• Exploitationaswell
SOMENMAP EXAMPLES
SOMENSE EXAMPLES
NSE HTTPSCRIPTS
• Quiterelevanttopenetrationtestingawebapp…• HTTPheader,HTTPgrep,HTTPbruteforce,referrercheck• Spider,robots.txt,slowloris check,sql injection• XSS,title,methods,formfuzzer,shellshock,trace• Vhosts,anddozen+knownvulnerabilitychecks• 100+NSEHTTPscriptsatourdisposal
ANOTHERMULTIFUNCTIONTOOL:BASH
• Extremelycapableshell• Allowsustoautomateattacks• Createinput/fuzzinglists• Leverageothercommandlinetools• Interactwithbuilt-incommandstoparsefiles• Chainattacksandtools• AttackAPIswithease
USINGNSESCRIPTS
• Invokethescriptofyourchoicewith“script=“oncommandline• Canaddmultiplescriptstogether• nmap –p80--script=script.nse,script2.nse,http-vhosts.nse• Somescriptsrequirearguments• OnethingIdon’tlike…lackofresults/indicatorforfailedscript• Mayneedtodebug(-d)totroubleshootsomeissues
WHYBASHANDNMAP
• It’snotalwaysjustoneapplicationforourtestingscope• Theapplicationsarenotonlyrunningon80and443• Redundanttasksrequireautomationforefficiency• i.e.IfIneedtopulldownrobots.txtoneverytarget;timetoscriptthat• IfIneedtomanglewordlists– forxin`catfile`;doecho$x|sed…• IfIneedtocreatexdigitnumbersforfuzzing• IfIneedtosleepwhilegettingworkdoneandbeingproductive:True!
BASHANDNMAP• Thegoalhereistoaddtoolstothearsenal• Learntousethemeffectively• Anyonecanrunatool• WhatIwanttoimpartonyouislearnwhatthetoolsdoes• Howthetooloperates• Howitworksunderthehood• Replicateitsfunctionalityusingmanualmethods
MANUALEFFORTS
• Wehavearangeofhoststotest• Wewanttoknowwhattypeofserver(s)wearetargeting• Weneedtoknowtheplatformtocrafttailoredattacks• i.e.whatistheOS,languageanddatabase?• Ifit’saMSSQLdatabase,SQLi attackswithOraclesyntaxisawasteoftime• Wecanbrowseanduseanadd-onordevelopertoolstoseeheaders• Wecanusewget,orncat ornmap or…
USINGABROWSER
BASHBASICS
• Grep• Awk• Sed• Cut• |• forloop• ls,cat,wget (curl)
COMMANDBASICS
• Lookatafile(outputit’scontentstothescreen):cat• catfile.txt• Searchforastring:grep• grepstringIwantToSearchFor file.txt• Downloadafile/pagefromawebsite• wget www.example.com
PUTTINGITTOGETHER
• SavepageandHTTPheaders• wget –save-headersexample.com• Parsesavedfileandpulloutserverheader• grep‘Server:’index.html• Grabjusttheservernameandsaveittoafile• grep‘Server:’index.html|cut–d‘‘–f2,3>>SavedHeaders.txt
AUTOMATEIT
• catTargets…example.comDenver.issa.orgnmap.org• forxin`catTargets`;dowget –save-headers$x;done• grep‘Server:’index.html*|cut–d‘‘–f2,3>>SavedHeaders.txt• CatSavedHeaders.txt…ECS(den/1D77)ApacheApache/2.4.6(CentOS)
LAB#3NMAP ANDBASH• #1LogintoKali• #2OpenBrowser(IceWeasel)• #3Browsetodenvertrainingday.com:11432/NBLab1.php• #4Followinstructionsonpage• Seekingsomethingmoreadvanced?Goto/NHL.php• Eatlunch
BASHANDNMAP RECAP
• Whatdidwelearn?• Viewingoutputisprudent• Needtoknowwhattoparse
• nmap makesiteasierJ• Butnowweknowhowtodoitourselves• nmap anditsscriptsareopensource…wanttoknowwhattheydo?Look!• Anyquestionswiththislab?
SQLINJECTION
• Sameasbefore...Exceptthisonehasacomic(thanksRandall/xkcd.com)• Let’stalkaboutit• Manuallydoit• Thenautomateitwithanotherawesometoolofthetrade!
SQL INJECTION
• Definitelyinthewebapppenetrationtesterswheelhouse• Oneofthemorewellknownvulnerabilities• Highriskinsomecases• Riskisnotadefaultrating;contextmustbetakenintoaccount
SQLINJECTIONBASICS
• Injectionattack(OWASPtop10#1for2013)• SQLcommandsareinjectedintoaSQLstatement• Lackofsanitizationistheculprit• Poorplanning• ‘or1=1--
SQL INJECTIONDETAILS
• Canbeveryeasytofind• Reviewfuzzingoutput,lookforkeywords• MySQLError1064:YouhaveanerrorinyourSQLsyntax…• ORA-00066LOG_FILESisstringbutneedstobestringtobecompatible• MicrosoftOLEDBProviderforSQLServererror‘80040e14’• Knowyourplatform!
SQL INJECTIONDETAILS
• Canbeeasytoexploit• Manually• Automated• Askwhatisgoalis?• IhaveseenSQLi vulnerabilitiesmadetoppriorityforremediation• ConverselyIhavebeenaskedtonotexploitthem
SQL INJECTION
• Canbequitechallengingtofindaswell…• EnterBlindSQLinjection• Developerscansuppresserrors- >whoa->• Varyingdegreesofblindness• Wehavetogetsmarterwithourqueries• Alsosmarterwithourinferencing
SQL INJECTION- BLIND
• AskaseriesofTrue/Falsequestions• TimingAttacks• Bewareoffalsepositives(burpandautomatedscanningtools– cough)• Manuallyvalidateallfindings• Capitalizeonrelationshipwithdevteamorwhiteboxengagement
SQL INJECTION– INADDITION
• Canbehardtoexploit• Justbecausethereisanerrormessage,doesn’tmeantheflawisexploitable
• Justbecausewecansuccessfullyinject,doesn’tmeanthereisvalueindoingso• Contextonceagain!• Talkingaboutvaryingdegreesofblindness
SQL INJECTION– EXAMPLES
SQL INJECTION– HOWITWORKS/COMPONENTS
• Application– LAMPstack,IISand.NET,Java,Oracle,evennosql• Sloppycode• Sanitizeduserinput– notsomuch• Enduserinterface(thewebapp)• Processingcode(PHP,.NET,Java…)• DBconnection• Codereliesonuserinputandplacesitdirectlyintoquery– notuncommon
SQL INJECTIONRISK• Dependsonthedetails• What’sinthedatabase?• Whatisthevulnerablequery?• Mitigations(permissions,IPS,WAF,SEGMENTATION)• Ultimately,informationdisclosure…• Modify,Delete,etc (insertSQLverbhere),andshell!• CIAtriad:Confidentiality(select),Integrity(modify)andAvailability(drop)
WHYSOPREVALENT?
• Becauseit’sHARD!• Developingarobustwebapplicationischallenging• Manycomponents,features,movingparts• Havetokeepusershappy• Profitmattersasdoestimetomarket:Finiteamountofdevcycles• Lackoftraining• Overreliantonframework
MANUALLYIDENTIFYING
• Manual…whatdoesthatmean?• Typingincommandstoaformfieldandclickingsubmit–rathermanual• Easywaytofindlowhangingfruit• Notaproficientmethodhowever• Thiswillworkforsomeattacksonsomeapplications• Soyoufindaflaw,nowwhat?
MANUALEFFORTS
• Youneedtounderstandtheriskassociatedwiththatflaw• Goodtimetoreachouttoorganizationandletthemknow• Priortoexploitingit!• ThegoalisusuallynotDOSorcausingharmtothebusiness• Meaningyoudon’tnecessarilywanttodropatable
AUTOMATEDTOOLS
• Plentytochoosefrom:• BBQSQL• BSQL• Pangolin(GUI)• Havij• sqlmap• Somearedated,notmaintainedandjustnotgreat
SQLMAP – THE SQL INJECTIONTOOL!
• ByfarthemostcapablefreelyavailabletoolforSQLi• Python,opensource,extensible• IntegrateswithBurpandothertools• CLI,wizard,batchmode,configurationoptionsgalore• Veryflexible• Moststableandmostlyreliableintermsofquality
SLQMAP OVERVIEW
• Commandlineinterface• Writteninpython• Requirespython2.6or2.7• GNUGeneralPublicLicense• Greatresourcesandinformationatgithub.com/sqlmapproject
SQLMAP – USECASES
• ManuallyfindSQLi vulnerabilityandleveragesqlmap• Useasscanningtooltofindvulnerabilities• Importresultsfromtoolintosqlmap• Usejusttoexploitaknowvulnerability• Usespecialfeaturesforaspecificscenario
• Filterbypass(WAF/IPS/mod_security,etc)• TOR
SQLMAP – HOWITWORKS
• Basicallysendstraffictowebserver• Scrutinizesresults/responses• Makesdeterminationsbasedonresults• Vulnerable– notvulnerable– WAF/IPS– orunstabletarget• Asksuserwhattodoinagivensituation
SQLMAP – EXPLOITATION
• Potentially…• Banner• Hostname• OSVersion• Users• Passwords• Datadump• Shellaccess
SQLMAP – EXPLOITOVERVIEW
• Usingfunctionalityofthedatabase,sqlmap writesbackdoortowebserver• Makesfilesexecutable(0755)• Identifiesthelocationofthefile• PassesOScommandsasparametervalue• Returnsresults• Lookslikethis…
SQLMAP – EXPLOITVIEW
SQLMAP –DECODED
• Samething,decoded• Canyoutellwhat’shappening?
SQLMAP – LET’SCHECKITOUT
LAB#4SQLI
• #1LogintoKali• #2OpenBrowser(IceWeasel)• #3Browsetodenvertrainingday.com:11432/SQLiLab1.php• #4Followinstructionsonpage• Seekingsomethingmoreadvanced?Goto/ASIL.php• Feelfreetotakeabreak
SQLINJECTIONRECAP
• Whatdidwelearn?• Proxysupportisawesome• Onceagainanopensourcetool– viewsourceifinterested• Anyquestionswiththislab?
LETSMOVEONTOTODAYSLASTTOPIC
• Client-sideattacks• Client-side– asinbrowseroruseroftheapplication• Clientsareoftenoverlookedasattackvector• Manyclientimpactingvulnerabilitiesgouncheckedonapplications• Perfectexample…
HTTPS://SECURITYHEADERS.IO
LACKOFHEADERS
• HSTS(StrictTransportSecurity)• HPKP(PublicKeyPinning)• CSP(ContentSecurityPolicy)• X-XSS-Protection(ReflectedXSSprotectioninbrowser)• X-Frame-Options(Preventframingattacks)
CLIENT-SIDE
• Attackingusersofanapplication• Commontheme• Commonattackscenario• Thinkaboutit…• Compromiseasite?• Compromise1M+usersofthesite?• Ordoboth– whicheveriseasier(asanattacker)
CLIENT-SIDE– WHY?
• Takeastepbackandask:Whyattackusers?• Webapppentesting;notallaboutpoppingshells• Whatarethegoalsoftheattackers?
• Maliciousads(malvertisng)• Botnet
• Monetary
• Howcanapplicationvulnerabilitiesbeleveraged?
MORECLIENT-SIDEATTACKS
• XSS(Crosssitescripting)• XSRF(CSRF)(Crosssiterequestforgery)• XFS(Crossframescripting)• Harvestingattacks• Theseallleverageservervulnerabilitiestocauseharmtoclients/users
FROMPENTESTERSPERSPECTIVE
• User’sareloggedin• User’shaveaccess• User’smaybeadmins• User’sareontheLANthatcouldbeinscope• User’sareaweakspothistorically
USERRISK
• IstheOSuptodatewithpatches?(probablynot)• Isthebrowseronthelatestversion?(isyours?)• Arethereanycorporaterestrictionsinplacetopreventbrowsing?(NO)• Doesyourlaptophaveamicrophoneandcamerabuilt-in?(likely)• Sowhatcouldpossiblygowrong?• Letsfindout…
BEEF – BROWSEREXPLOITATIONFRAMEWORK
• Pentestingtoolwithafocusonthebrowser• Client-sideonceagain• Allowsusto“hook”victims• Exploitbrowserbasedvulnerabilities• Beefproject.com
BEEF – OVERVIEW
• Greatforpenetrationtestingengagements(dependingonscope)• Leveragesocialengineering• Targetusers• Advancedfeatures• MaptheLAN• Integratewithmetasploit
BEEF – VISUAL
BEEF – HOWITWORKS
• Client– Servermodel• VictimconnectstoBeEF instance• Victimbrowserexecutesjs andbecomes“hooked”• BeEF cannowcontrolthe“zombie”browser• Hookdisappearsoncevictimclosestab*
BEEF – EXPLOITATION
• Variousmodulesatourdisposal• Portscanning• Networkingscanning• Stealvictimshistoryandclipboardcontents• Targetvulnerabilitiesinbrowserandplugins• Ownbox
BEEF – DEMO
• IamgoingtoneedavolunteerJ
LAB#5BEEF• #1LogintoKali• #2OpenBrowser(IceWeasel)• #3Browsetodenvertrainingday.com:11432/BeEFLab1• #4Followinstructionsonpage• Seekingsomethingmoreadvanced?Goto/wheresthebeef
BEEFRECAP
• Whatdidwelearn?• ThereisareasonwhypeoplelikeSergehaveducttapeovertheircameras• Javascript isPOWERFUL• Lotsofmodulesdon’twork…• Canyouthinkofrealworldscenarioswhereyouwouldusethistool?*kids
WRAP-UP
• Learnedaboutsomecoolbrowserfeatures• Automatedattackswithburpandzap• Wrotesomebashscriptsutilizingnmap andNSEscripts• GotshellaccessviaablindSQLinjectionvulnerabilitywithsqlmap• HadsomefunwithBeEF• Anyquestionsaboutanythingwecoveredtoday?
THANKYOU!
@sergeborso
https://www.linkedin.com/in/sergeborsoAndthankstoISSA
