Lesson 13 - Web App Attacks Flashcards
What type of attack an occur if you are missing input validation?
Injection Attacks
T or F developers should put as much details into error handling as possible
False
Too much information will provide malicious actors into too much unnecessary insight
What is the most likley outcome of a security misconfiguration
Exposing Sensitive Data
What is the method of using a digital signature to ensure the source and integrity of programming code
Code Signing
What can occur when the resulting outcome from execution process is directly depended on the order and timing of certain events
Causing Race Conditions
A malicious actor steals a user’s session credentials then uses it to impersonate the user. What is the text file that can be used to manage user sessions
Session Hijacking
Cookie - contains Session ID
Name the attack that forces a user to browse a website in the context of a known and valid session
Session Fixation - fake login page that uses the know SID
Name the attack that requires the user repeat the authentication process and intercepts. What category of attack can this be accomplished by
Session Replay
Man in the Middle - On Path
Name and describe two Crafting Request Forgery Attacks
Cross-Site Request Forgery (XSRF/CSRF) uses a malicious script hosted on attacker site that can exploit a session started on another site in same browser. the power of this type is that it is extremely hard to detect since it is carried out by user browser as business as usual
Server-Side request Forgery (SSRF) - takes advantage of trust between server and resources it can access such as a SQL Server.
Lab Lesson 13 exploiting Web Weakness
Name the two Privilege Escalation techniques and how they are impact an attack
Horizontal Privilege Escalation - obtaining access to regular user accounts with different permissions than the current one. Allows malicious actor to stay unnoticed.
Vertical Privilege Escalation - higher privilege and use PrivEsc to elevate in a restrictive shell
What is the method and syntax to launch Bash in interactive mode
/bin/bash -i
What are vulnerabilities that arise from implementation and design issues that lead to unintended behavior
Business Logic Flaws
Name the 3 most common API’s
RESTful: API based on REST
XML-RPC
SOAP - Simple Object Access Protocol
What is a recommended web framework for apps that incorporate HTML and/or Java Script Code
Ruby on Rails
AngularJS
Django (Python)
What is the most common type of code injection and what should you test for every single input to include
SQL Injection (SQLi)
URL Parameters
Form Fields
Cookies POST Data
HTTP Headers
What is the simplest way and most common method for identifying possible SQL injection vulnerabilities in a Web Application
Using the Single Quote Method
This will provide an error that can details on syntax to construct an attack
What is the process of injecting SQL queries when the web app response doe not contain the results of the query.
Blind SQL Injection
A boolean version of this is submitting a values that are always true and false. 1=1 or 1=2
Time based is submitting with time delays
What is the application attack that allows access to commands, file and directories that may or may not be connected to a web document directory
Director Traversal
Within URL using ../ or ..\ to traverse up one parent directory.
If these are blocked pr filtered you can use encoding to bypass this such as
%2E is equivalent to . (Period)
%2F is equivalent to /
What is a Null Byte used for in most programming languages and what is the Hexadecimal representations
Is a character with a value of zero that is used in most programming languages to indicated the termination of a string.
%00
What is Code Injection and what makes it possible to Exploit
is an attack that introduces malicious code in a vulnerable application to compromise the security of that app.
Made possible by week or absent input processing routines in the app
What is the injection attack that a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web app
Command Injection
Only using the native language of that app
What is the attack that injects JavaScript that executes on the clients broswer and what are the 3 categories
Cross Site Scripting (XSS)
Persistent Attack - Stored attack where you inject malicious code on that server
Reflected Attack - Send a form or other request to server that contains malicious script. You send link to the victim with this request, the script is sent to the server and reflected off of it
Document Object Model (DOM) attack - done solely on a web app’s client-side implementation of Java Script to attack solely on client
What is one type of technology that will protect you from attacks and where does it sit
Proxy
Between client and Webserver and can provide firewall
What is the method to gain control of a browser by connecting to another devices such as an attacker’s tool or framework. Name a common Framework that uses JavaScript.
Hook a Browser
Browser Exploit Framework (BeEF)
BeEF uses what colors to indicated against targets
Green - command works and invisible to user
Gray - works but may be visible
Orange - yet to be verified
Red - does not work
Name the Tool that can obtain secrets from a GitHub repository
truffleHog
What tools to check Ruby on Rails and performs static code analysis - high, medium, and weak.
Brakeman
What tool for post exploitation of Active Directory
CrackMapExec
Need to Memorize OWASP Top 10
Name the Two Common Web Proxy Tools
BurpSuite
OWASP ZAP
Can discover subdomains, directories, and files by Brute Forcing from a list of common names.
Gobuster
WebApp brute-force finder for directories and files. Comes with 9 different lists,
DirBuster
The WebApp Attack and Audit Framework allowing for identifying and exploiting a large set of web-based vulnerabilities. SQLi and XSS
w3af
The Webapp vulnerability scanner that will automatically navigate a webapp looking for areas to inject data
Wapiti
Focuses on web browser attacks by assessing the actual security posture of a target by using client side attack vectors
Browser Exploit Framework (BeEF)
Automatically gathers data about a WordPress site and compares findings such as plugins against a database of known vulnerabiliteis
WPScan
SQL injection scanner tool. Automates several attacks
SQLmap
Exploit Finder that allows to search through the information found in Exploit-DB
SearchSploit