africahackon conference 2016- owasp mth3l3m3nt framework
TRANSCRIPT
OWASP Mth3l3m3nt Framework
Munir NjiruGET /OMF/begin HTTP/1.1
HTTP/1.1 200 OkCache-Control: private, no-cache, no-store, must-
revalidate, max-age=0Pragma: no-cache
Content-Type: text/htmlContent-Length: 1148Accept-Ranges: bytes
Server: Africahackon ConferenceConnection: close
About Me• Information Security Consultant at Pricewaterhouse Coopers (PwC)
• What I’ve been certified in: Ethical Ninja (Sama), Ethical Ninja (Senpai) , JavaScript for Pentesters (JFP)
• Project Lead for OWASP Mth3l3m3nt Framework.
• Chapter Leader OWASP (Kenya).
• The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
What is it?• A penetration testing tool and exploitation framework to make penetration
testing on the go a reality.
• Current Build Contains? • Payload Store• Cookie Theft Database• Web Herd• Shell Generator• Payload Encoder• Payload Decoder• Client Side tools • Whois• LFI exploiter
Why Mth3l3m3nt?• Limitations of portability of most web tools.
• Multiple modes of storage for penetration testing data e.g. payloads.
• Based on free tools (PHP, Js, HTML) and uses minimal dependencies.
• Cheap to implement ; so many choices: • Shared Hosting• VPS• Phone/Tablet• Local Server
• Webservers tested on for support: • Litespeed• Apache• Lighttpd• Nginx• IIS
• You
Fixes• Whitelist what is allowed to be uploaded rather than upload and check once
files are already on the server.
• Ensure you filter user input before putting it in the database.
• Test for security before launching.
• NEVER trust a user.
Improvements• Make web herd have an even lesser fingerprint and also make it more flexible
to support external versions of minimal shells via different methods.
• Amalgamate functions to prevent running too many remote commands.
• Include a Crawler/Scanner.
• Add support for other injection attacks.
• Better UI Design.
• Add integration capabilities with other tools of a similar nature.
• Include a module to handle social engineering attacks especially phishing via website vectors.
• Needs work on a generic LFI builder.
…..
Queries?GET /Understood HTTP/1.1
HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-
revalidate, max-age=0Pragma: no-cache
Content-Type: text/htmlContent-Length: 1148Accept-Ranges: bytes
Server: Africahackon ConferenceConnection: close
Contact
GET /find/hacker HTTP/1.1
HTTP/1.1 200 OkCache-Control: private, no-cache, no-store, must-
revalidate, max-age=0Pragma: no-cache
Content-Type: text/htmlContent-Length: 1148Accept-Ranges: bytes
Server: Africahackon ConferenceConnection: close
Email : [email protected] : http://munir.skilledsoft.comProject: http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/Twitter: @muntopiaPhone : <Mteja Wa Nambari Hapatikani Kwa Sasa>