SlideShare a Scribd company logo

#nullblr bachav manual source code review

Santosh Gulivindala
Santosh Gulivindala
Software
1 of 6
Download to read offline
Manual Code Review- Null Bachaav Hi Security geeks, This is santosh from Null Chennai. I would like to share my experience and learning what I had at Null Bachaav Session at Banglore. This session was delivered by Sandesh. The entire session structure was a bit different. Generally, we used to have some learning and then crack some stuff. But in this bachaav session, it was bit different and more interesting. We right away started digging into finding vulnerabilities. We were provided with a deliberately developed insecure application source code, which has got multiple basic level vulnerabilities. This is very much ideal for beginners, who wanted to start manual source code review. Pre-requisite for this session as stated earlier is Eclipse JEE version. The application is developed using JSP. The primary thing what we did is, understanding the technological aspects involved in the application. By looking at the structure and configuration files of the application, we could able to understand that the following technologies have been used to design this vulnerable application. HTML 4, JAVASCRIPT, JSP, LOG4J, some struts concepts, SQL. The most important thing in source code review is to always begin with web.xml file, which will give the entire structure of the application and its data flow. There were many challenges designed to be cracked in a regular CTF fashion. Let’s look at the way we cracked things. Challenge 1: Attacker can able to find what Mr. X is doing, why? Solution: In web.xml Transport-guarantee is set to NONE – which says the entire traffic flows in HTTP channel. As http is a clear text protocol, attacker can intercept the entire traffic locally.
One more basic thing to observe here error-code redirection. Error Handling  More number of error codes should be enabled and redirected to customized error.jsp page to stop disclosing stack trace. Challenge 2: Find interesting things in the code Solution: After searching for sensitive key words like passwords,pwd, encrypt, decrypt, hash and security could able to arrive at a line, where there are two sensitive comments in main.jsp Interesting part here is first comment line is part of jsp code, it would not be displayed to end user. But the next one is a html comment, which will be displayed in client side source Challenge 3: I have a copy of the database and a pastebin account. Can I paste clear text passwords and earn some street cred? Solution: In Crypto.java it is observed that there is no salting has been implemented, the encrypted hashes can be cracked by using rainbow tables or pre-calculated hashes.
Challenge 4: Me: Hi, My name is Hacker, May I come in? You: NO Me: Hi, my name is May I come in ? You: Sure Solution: It is very clear that the hint is speaking about bypassing filters, so started looking at validations. At one point observed that the XSS filters were designed to protect against basic key words like <Script>,alert,onerror(), java script and vbscript etc. Attackers can use different keywords like onMouseOver(),onLoad() and bypass those filters. Whitelisting is the best practice when compared with blacklisting approach.
It is also observed that developer is trying to replace scripts with empty strings to sanitize, which is a bad idea. Hint: -> alalertert -> alert Challenge 5 Insecure redirect InsecureRedirect.jsp Insecure log management In Crypt.Java
Observations: Plaintext is logged in LOG. Logs can be manipulated by writing “santosh logged at 4:30” Logs can be manipulated by injecting EOF character into logs. (Injecting logs helps in covering tracks”) Data Flow To find issuses such as log injection, important to learn how Data Flows. Trust Zones Source- a place where taint enters in Taint - Data which is coming from outside of the application givien by user Taint Propagator – a function which carries taint Sink – a place where taint comes back and executes and creates a vulnerability Challenge 6 Privilege Escalation CSRF Cookie-injection
 Observations: In the above code snippet, it is observed that there is a hidden parameter for userid, which can be intercepted and modified for performing Privilege Escalation.  Application is reading userid information from cookie, attackers can tamper cookies and perform privilege escalation  Entire form is getting submitted without CSRF protection. Other keywords at the end of discussion: Reflection vulnerability MD5 AND SHA1 COLLISONS BCRYPT SCRYPT SECURITY REVIEW FINDBUG Dataflow analysis Threat Modeling

Recommended

Breaking The Framework's Core #PHPKonf 2016
Breaking The Framework's Core #PHPKonf 2016Breaking The Framework's Core #PHPKonf 2016
Breaking The Framework's Core #PHPKonf 2016Mehmet Ince
 
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013JavaScript Static Analysis Tools and Techniques - STP Online Session 2013
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013Noah Sussman
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Comparing DOM XSS Tools On Real World Bug
Comparing DOM XSS Tools On Real World BugComparing DOM XSS Tools On Real World Bug
Comparing DOM XSS Tools On Real World BugStefano Di Paola
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkPichaya Morimoto
 

Recommended

Breaking The Framework's Core #PHPKonf 2016
Breaking The Framework's Core #PHPKonf 2016Breaking The Framework's Core #PHPKonf 2016
Breaking The Framework's Core #PHPKonf 2016Mehmet Ince
 
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013JavaScript Static Analysis Tools and Techniques - STP Online Session 2013
JavaScript Static Analysis Tools and Techniques - STP Online Session 2013Noah Sussman
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Comparing DOM XSS Tools On Real World Bug
Comparing DOM XSS Tools On Real World BugComparing DOM XSS Tools On Real World Bug
Comparing DOM XSS Tools On Real World BugStefano Di Paola
 
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guideReversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkPichaya Morimoto
 
Preventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionPreventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionStefano Di Paola
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
Web Security
Web SecurityWeb Security
Web SecuritySupankar Banik
 
Asp
AspAsp
AspAdil Jafri
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
How To Detect Xss
How To Detect XssHow To Detect Xss
How To Detect XssFerruh Mavituna
 
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...Lionel Briand
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security TopicsShawn Gorrell
 
Formas de adquirir la experiencia
Formas de adquirir la experienciaFormas de adquirir la experiencia
Formas de adquirir la experienciaJudith Orozco
 
Digital divide in australia
Digital divide in australiaDigital divide in australia
Digital divide in australiaMithun112
 
American government powerpoint
American government powerpointAmerican government powerpoint
American government powerpointJoshua Thigpen
 
Flo & Jo 2013
Flo & Jo 2013Flo & Jo 2013
Flo & Jo 2013Sergiy Sev
 
Docs y spreadsheets
Docs y spreadsheets Docs y spreadsheets
Docs y spreadsheets henry
 
ePortfolio for student assessment
ePortfolio for student assessmentePortfolio for student assessment
ePortfolio for student assessmentsamiandtanya
 
2013 09 Trainingportal Kundekveld - Kurs brukerkonto
2013 09 Trainingportal Kundekveld - Kurs brukerkonto2013 09 Trainingportal Kundekveld - Kurs brukerkonto
2013 09 Trainingportal Kundekveld - Kurs brukerkontoMintra Trainingportal - Training for the Oil and Gas Industry
 
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...Mintra Trainingportal - Training for the Oil and Gas Industry
 
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom Group
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom GroupTrainingportal Competence Days 2013 - Klaus Myklebust - Dom Group
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom GroupMintra Trainingportal - Training for the Oil and Gas Industry
 
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣkiriakougr
 
Slideshare
SlideshareSlideshare
Slideshareajgordon2
 
Retoy
RetoyRetoy
RetoyMaria Elena Rossi
 

More Related Content

What's hot

Preventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionPreventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionStefano Di Paola
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...Lionel Briand
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security TopicsShawn Gorrell
 

What's hot (10)

Preventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionPreventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code Execution
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
Web Security
Web SecurityWeb Security
Web Security
 
Asp
AspAsp
Asp
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web Attacks
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
 
How To Detect Xss
How To Detect XssHow To Detect Xss
How To Detect Xss
 
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Pr...
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
 

Viewers also liked

Formas de adquirir la experiencia
Formas de adquirir la experienciaFormas de adquirir la experiencia
Formas de adquirir la experienciaJudith Orozco
 
Digital divide in australia
Digital divide in australiaDigital divide in australia
Digital divide in australiaMithun112
 
American government powerpoint
American government powerpointAmerican government powerpoint
American government powerpointJoshua Thigpen
 
Docs y spreadsheets
Docs y spreadsheets Docs y spreadsheets
Docs y spreadsheets henry
 
ePortfolio for student assessment
ePortfolio for student assessmentePortfolio for student assessment
ePortfolio for student assessmentsamiandtanya
 
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣkiriakougr
 
A situación lingüística mundial
A situación lingüística mundialA situación lingüística mundial
A situación lingüística mundialSusana Ferreiro
 
Tayammum
TayammumTayammum
TayammumJahneta
 
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers AutomotiveWheelers Automotive
 
DPGroup eBrochure
DPGroup eBrochureDPGroup eBrochure
DPGroup eBrochureboatindave
 

Viewers also liked (20)

Formas de adquirir la experiencia
Formas de adquirir la experienciaFormas de adquirir la experiencia
Formas de adquirir la experiencia
 
Digital divide in australia
Digital divide in australiaDigital divide in australia
Digital divide in australia
 
American government powerpoint
American government powerpointAmerican government powerpoint
American government powerpoint
 
Flo & Jo 2013
Flo & Jo 2013Flo & Jo 2013
Flo & Jo 2013
 
Docs y spreadsheets
Docs y spreadsheets Docs y spreadsheets
Docs y spreadsheets
 
ePortfolio for student assessment
ePortfolio for student assessmentePortfolio for student assessment
ePortfolio for student assessment
 
2013 09 Trainingportal Kundekveld - Kurs brukerkonto
2013 09 Trainingportal Kundekveld - Kurs brukerkonto2013 09 Trainingportal Kundekveld - Kurs brukerkonto
2013 09 Trainingportal Kundekveld - Kurs brukerkonto
 
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...
TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...
 
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom Group
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom GroupTrainingportal Competence Days 2013 - Klaus Myklebust - Dom Group
Trainingportal Competence Days 2013 - Klaus Myklebust - Dom Group
 
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
ΘΡΑΚΙΚΗ ΕΣΤΙΑ ΕΟΡΔΑΙΑΣ
 
Slideshare
SlideshareSlideshare
Slideshare
 
Retoy
RetoyRetoy
Retoy
 
A situación lingüística mundial
A situación lingüística mundialA situación lingüística mundial
A situación lingüística mundial
 
TCD2011 - Effektiv kompetansestyring på Trainingportal v/Marianne Nilsen, Mintra
TCD2011 - Effektiv kompetansestyring på Trainingportal v/Marianne Nilsen, MintraTCD2011 - Effektiv kompetansestyring på Trainingportal v/Marianne Nilsen, Mintra
TCD2011 - Effektiv kompetansestyring på Trainingportal v/Marianne Nilsen, Mintra
 
Tayammum
TayammumTayammum
Tayammum
 
Trainingportal #hms2013 kriseberedskap - hvordan bli bedre - weatherford - ...
Trainingportal #hms2013 kriseberedskap - hvordan bli bedre - weatherford - ...Trainingportal #hms2013 kriseberedskap - hvordan bli bedre - weatherford - ...
Trainingportal #hms2013 kriseberedskap - hvordan bli bedre - weatherford - ...
 
Principles of web 2.0
Principles of web 2.0Principles of web 2.0
Principles of web 2.0
 
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive
2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive
 
DPGroup eBrochure
DPGroup eBrochureDPGroup eBrochure
DPGroup eBrochure
 
Images1
Images1Images1
Images1
 

Similar to #nullblr bachav manual source code review

Nt1310 Unit 3 Language Analysis
Nt1310 Unit 3 Language AnalysisNt1310 Unit 3 Language Analysis
Nt1310 Unit 3 Language AnalysisNicole Gomez
 
DEFCON 21: EDS: Exploitation Detection System WP
DEFCON 21: EDS: Exploitation Detection System WPDEFCON 21: EDS: Exploitation Detection System WP
DEFCON 21: EDS: Exploitation Detection System WPAmr Thabet
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonMandeep Jadon
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)CSCJournals
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxnmk42194
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 

Similar to #nullblr bachav manual source code review (20)

Nt1310 Unit 3 Language Analysis
Nt1310 Unit 3 Language AnalysisNt1310 Unit 3 Language Analysis
Nt1310 Unit 3 Language Analysis
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
DEFCON 21: EDS: Exploitation Detection System WP
DEFCON 21: EDS: Exploitation Detection System WPDEFCON 21: EDS: Exploitation Detection System WP
DEFCON 21: EDS: Exploitation Detection System WP
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
 
WoMakersCode 2016 - Shit Happens
WoMakersCode 2016 - Shit HappensWoMakersCode 2016 - Shit Happens
WoMakersCode 2016 - Shit Happens
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
 
Best node js course
Best node js courseBest node js course
Best node js course
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptx
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 

Recently uploaded

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 

Recently uploaded (20)

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 

#nullblr bachav manual source code review

  • 1. Manual Code Review- Null Bachaav Hi Security geeks, This is santosh from Null Chennai. I would like to share my experience and learning what I had at Null Bachaav Session at Banglore. This session was delivered by Sandesh. The entire session structure was a bit different. Generally, we used to have some learning and then crack some stuff. But in this bachaav session, it was bit different and more interesting. We right away started digging into finding vulnerabilities. We were provided with a deliberately developed insecure application source code, which has got multiple basic level vulnerabilities. This is very much ideal for beginners, who wanted to start manual source code review. Pre-requisite for this session as stated earlier is Eclipse JEE version. The application is developed using JSP. The primary thing what we did is, understanding the technological aspects involved in the application. By looking at the structure and configuration files of the application, we could able to understand that the following technologies have been used to design this vulnerable application. HTML 4, JAVASCRIPT, JSP, LOG4J, some struts concepts, SQL. The most important thing in source code review is to always begin with web.xml file, which will give the entire structure of the application and its data flow. There were many challenges designed to be cracked in a regular CTF fashion. Let’s look at the way we cracked things. Challenge 1: Attacker can able to find what Mr. X is doing, why? Solution: In web.xml Transport-guarantee is set to NONE – which says the entire traffic flows in HTTP channel. As http is a clear text protocol, attacker can intercept the entire traffic locally.
  • 2. One more basic thing to observe here error-code redirection. Error Handling  More number of error codes should be enabled and redirected to customized error.jsp page to stop disclosing stack trace. Challenge 2: Find interesting things in the code Solution: After searching for sensitive key words like passwords,pwd, encrypt, decrypt, hash and security could able to arrive at a line, where there are two sensitive comments in main.jsp Interesting part here is first comment line is part of jsp code, it would not be displayed to end user. But the next one is a html comment, which will be displayed in client side source Challenge 3: I have a copy of the database and a pastebin account. Can I paste clear text passwords and earn some street cred? Solution: In Crypto.java it is observed that there is no salting has been implemented, the encrypted hashes can be cracked by using rainbow tables or pre-calculated hashes.
  • 3. Challenge 4: Me: Hi, My name is Hacker, May I come in? You: NO Me: Hi, my name is May I come in ? You: Sure Solution: It is very clear that the hint is speaking about bypassing filters, so started looking at validations. At one point observed that the XSS filters were designed to protect against basic key words like <Script>,alert,onerror(), java script and vbscript etc. Attackers can use different keywords like onMouseOver(),onLoad() and bypass those filters. Whitelisting is the best practice when compared with blacklisting approach.
  • 4. It is also observed that developer is trying to replace scripts with empty strings to sanitize, which is a bad idea. Hint: -> alalertert -> alert Challenge 5 Insecure redirect InsecureRedirect.jsp Insecure log management In Crypt.Java
  • 5. Observations: Plaintext is logged in LOG. Logs can be manipulated by writing “santosh logged at 4:30” Logs can be manipulated by injecting EOF character into logs. (Injecting logs helps in covering tracks”) Data Flow To find issuses such as log injection, important to learn how Data Flows. Trust Zones Source- a place where taint enters in Taint - Data which is coming from outside of the application givien by user Taint Propagator – a function which carries taint Sink – a place where taint comes back and executes and creates a vulnerability Challenge 6 Privilege Escalation CSRF Cookie-injection
  • 6.  Observations: In the above code snippet, it is observed that there is a hidden parameter for userid, which can be intercepted and modified for performing Privilege Escalation.  Application is reading userid information from cookie, attackers can tamper cookies and perform privilege escalation  Entire form is getting submitted without CSRF protection. Other keywords at the end of discussion: Reflection vulnerability MD5 AND SHA1 COLLISONS BCRYPT SCRYPT SECURITY REVIEW FINDBUG Dataflow analysis Threat Modeling