際際滷

際際滷Share a Scribd company logo

An Overview of Common Vulnerabilities in Wordpress

A
Analytive

For a talk given at the Wordpress Meetup in Fort Collins, CO. 際際滷s coupled with live demonstration when given.

1 of 25
Download to read offline
Hacking Wordpress A crash course in Web Application hacking.
Disclaimer This information is given for strictly educational purposes only. It is not cool (and is illegal) to hack sites that you dont own or control. All the sites well hack tonight have been setup speci鍖cally for the purpose of hacking and contain no sensitive data.
Disclaimer #2 We will be conducting most of our tests in real time. Weve tested them extensively, but an any moment something may go wrong. We apologize in advance.
OWASP Top 10
Tonight Well Do: Brute Force Password Attacking Man-In-The-Middle Attacks Session Hijacking (via cookie jacking) XSS
Brute Force Attacks A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
Brute Forcing Wordpress Wordpress has no built in Brute Force defense You can install some plugins to reduce the risk of a brute force attack. Well be brute forcing Wordpress using WP-Scan
Preventing Brute Force Attacks Use strong passwords (also encourage users to use strong passwords) Use unique passwords Limit login attempts by user/IP with email reset
Lets Demonstrate
What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response
What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response Attacker can intercept and *change* communication
Lets Demonstrate
How can someone get in the middle? WiFi Snif鍖ng/Wi鍖 Pineapple Network Administrators ISP/Governments Datacenters
Session Hijacking Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
HTTP is a stateless protocol. That means we have to reauthenticate every time we make a request. We do this using cookies:
Session Hijacking User authenticates with username and password Once veri鍖ed, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated
Session Hijacking User authenticates with username and password Once veri鍖ed, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated If we can steal this cookie, we can become the user.
Lets Demonstrate
Preventing Man-in-the-Middle and Session Hijacking Use HTTPS site wide!!!! Set Cookies to HTTP only Set Cookies to Secure
XSS Attack Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
XSS Attacks The attacker installs a small snippet of malicious javascript that runs on the client (your) browser Attacks allow us to: Steal cookies Log keypresses Trick the user into taking an action
Lets Demonstrate
Protecting From XSS Developer: Sanitize all inputs (use a LIBRARY!!!) Sanitize all outputs User Browser provide some level or protection Be skeptical of anything that asks you to enter information
Tools Beef - http://beefproject.com/ WpScan - http://wpscan.org/ Burp Suite - https://portswigger.net/burp/ Edit This Cookie (Chrome) - https:// chrome.google.com/webstore/detail/ editthiscookie/ fngmhnnpilhplaeedifhccceomclgfbg?hl=en
Further Reading Troy Hunt - http://www.troyhunt.com/ Brian Krebs - http://krebsonsecurity.com/ Courses: Troys courses on Plural Sight - https:// www.pluralsight.com/authors/troy-hunt One Month Web Security - https:// onemonth.com/courses/web-security

More Related Content

An Overview of Common Vulnerabilities in Wordpress

  • 1. Hacking Wordpress A crash course in Web Application hacking.
  • 2. Disclaimer This information is given for strictly educational purposes only. It is not cool (and is illegal) to hack sites that you dont own or control. All the sites well hack tonight have been setup speci鍖cally for the purpose of hacking and contain no sensitive data.
  • 3. Disclaimer #2 We will be conducting most of our tests in real time. Weve tested them extensively, but an any moment something may go wrong. We apologize in advance.
  • 5. Tonight Well Do: Brute Force Password Attacking Man-In-The-Middle Attacks Session Hijacking (via cookie jacking) XSS
  • 6. Brute Force Attacks A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
  • 7. Brute Forcing Wordpress Wordpress has no built in Brute Force defense You can install some plugins to reduce the risk of a brute force attack. Well be brute forcing Wordpress using WP-Scan
  • 8. Preventing Brute Force Attacks Use strong passwords (also encourage users to use strong passwords) Use unique passwords Limit login attempts by user/IP with email reset
  • 10. What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response
  • 11. What is a Man-in-the-Middle Attack? User Makes Request Server Sends Response Attacker can intercept and *change* communication
  • 13. How can someone get in the middle? WiFi Snif鍖ng/Wi鍖 Pineapple Network Administrators ISP/Governments Datacenters
  • 14. Session Hijacking Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
  • 15. HTTP is a stateless protocol. That means we have to reauthenticate every time we make a request. We do this using cookies:
  • 16. Session Hijacking User authenticates with username and password Once veri鍖ed, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated
  • 17. Session Hijacking User authenticates with username and password Once veri鍖ed, server sends authentication cookie to user On all future requests, user sends the cookie to ensure that they are authenticated If we can steal this cookie, we can become the user.
  • 19. Preventing Man-in-the-Middle and Session Hijacking Use HTTPS site wide!!!! Set Cookies to HTTP only Set Cookies to Secure
  • 20. XSS Attack Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
  • 21. XSS Attacks The attacker installs a small snippet of malicious javascript that runs on the client (your) browser Attacks allow us to: Steal cookies Log keypresses Trick the user into taking an action
  • 23. Protecting From XSS Developer: Sanitize all inputs (use a LIBRARY!!!) Sanitize all outputs User Browser provide some level or protection Be skeptical of anything that asks you to enter information
  • 24. Tools Beef - http://beefproject.com/ WpScan - http://wpscan.org/ Burp Suite - https://portswigger.net/burp/ Edit This Cookie (Chrome) - https:// chrome.google.com/webstore/detail/ editthiscookie/ fngmhnnpilhplaeedifhccceomclgfbg?hl=en
  • 25. Further Reading Troy Hunt - http://www.troyhunt.com/ Brian Krebs - http://krebsonsecurity.com/ Courses: Troys courses on Plural Sight - https:// www.pluralsight.com/authors/troy-hunt One Month Web Security - https:// onemonth.com/courses/web-security