barcamp 2009-ninjitsu attack hack for fun and profit
Post on 02-Nov-2014
822 Views
Preview:
DESCRIPTION
TRANSCRIPT
Ninjitsu Attack: Hack for Fun and Profit
Prathan PhongthiproekACIS Professional CenterInformation Security ConsultantMay 24th, 2009
What I’ve done ?
Penetration Testing (BlackBox and WhiteBox)
Security Consultant
Active Security Researcher for Fun (and Profit)
Devoted Hacker
Exploits and Vulnerabilities Disclosure (CWH Underground)
Hacking and Security Papers (WebApp, Wireless, OS)
Comments, Feedback ? >> prathan.ptr@gmail.com (Don’t spam mail !! lol)
# w03:19:18 up 1 min, 1 user, load average: 1.73, 0.71, 0.26USER TTY FROM LOGIN@ IDLE JCPU PCPUprathan phongthiproek tty1 - 03:18 0.00s 0.08s 0.01s
Overview
Exploit CMS Vulnerabilities
Web Browser’s Passive Attack
Wifi-Ninjitsu Attack For Profit
Lock Picking: Owned The Key
Other Techniques (Something Evil)
Exploit CMS Vulnerabilities
A content management system (CMS) is computer application used to create, edit, manage, and publish content in a consistently organized
fashion.
Exploit CMS Vulnerabilities
Exploit CMS Vulnerabilities
Exploit CMS Vulnerabilities
Exploit CMS Vulnerabilities
Exploit CMS Vulnerabilities
target.com/index.php?option=com_user&view=reset&layout=confirm
Exploit CMS Vulnerabilities
Exploit CMS Vulnerabilities
How to protect CMS Hacking
Obey the Installer, and Remove /installation directory after install.
Security Issues are primarily caused by faulty third-party extensions.
Monitor HTTPD logs, bandwidth logs, and search terms for your site, in addition to traditional Linux intrusion detection & defense techniques to catch emerging threats before they hit your site.
Always patch New Version !!
Web Browser’s Passive AttackVulnerability in Windows Animated Cursor Handling
Web Browser’s Passive Attack
Web Browser’s Passive Attack'Internet Explorer 7 Uninitialized Memory Corruption Vulnerability'
Web Browser’s Passive Attack“Can we use Active Attack ?? >> ARP Poisoning”
Wifi-Ninjitsu Attack For Profit
Rouge AP (Evil Twin): Steal usernames, passwords and information from public wireless hotspots.
Why we don’t steal something evil like credit card (Pay to Play) ??
Can we Exploit victim machine through Web Browser Vuln or MS08-067 (Conficker Worms) ??
Wifi-Ninjitsu Attack For Profit
Rouge AP (Evil Twin): Steal usernames, passwords and information from public wireless hotspots.
Wifi-Ninjitsu Attack For Profit
Can we Exploit victim machine through Web Browser Vuln or MS08-067 (Conficker Worms) ??
Lock Picking: Owned The Key
Locks are not complicated mechanisms
Most locks are wildly easy to pick
Unpickable doesn’t mean invulnerable
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Lock Picking: Owned The KeyIt’s typically as simple as that
Lock Picking: Owned The Key
Lock Picking: Owned The Key
Other Techniques (Something Evil)
If someone is still in the room.. Q&A
THANK YOU
top related