Pages

Wednesday, June 29, 2011

Multi Level Login 2

I get a chance to looking for solution about multi level login 2. The following is a screenshoot from multi leve login 2 :


SUBNETTING

Subnetting is a technique that allows network administrators to take advantage of 32 bit IP addresses that are available more efficiently. Subnetting techniques to make the network more extensive scale and not by classes under IP (IP Classes) A, B, and C to the set. With subnetting, you can create a network with more realistic limits appropriate host necessary.Subnetting provide a more flexible way to determine which parts of a 32 bit IP adddress representing network ID and which part represents the host ID.
Classes with a standard IP address, only 3 possible network IDs are available; 8 bits for class A, 16 bits for class B, and 24 bits for class C. Subnetting allows you to choose a random bit number (arbitrary number) to be used as a network ID.
Two main reasons for doing subnetting :

  1. Allocating the limited IP address to be more efficient. If the Internet is limited by the addresses in class A, B, and C, each network will possess 254, 65,000, or 16 million to the host device's IP address. Although there are many networks with the number of hosts more than 254, but only a few network (if you do not want to say no), which has hosted as

Thursday, June 23, 2011

Webgoat Installation

WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.

In this chance, I will tell you about how to installation webgoat.
Follow the steps below :
1.      Download webgoat Here
2.      Download java Here
3.      Extract webgoat with this command :
root@bt:~#7z x WebGoat-OWASP_Standard-5.3_RC1.7z
Information :
7z = used for unzip WebGoat-OWASP_Standard-5.3_RC1.7z
x = used for extract file with full path

Sunday, June 19, 2011

XSS Reflected and XSS Stored

What is a Reflected Cross Site Scripting vulnerability
The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user's attack is executed.
The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.
You think that the unknowing user would not click on some link that looked like it does something bad. But the reflected attack can occur using javascript that once an email is opened or even the website is viewed the attack is executed. Additionally the attack is typically url encoded, hex coded, or some other
encoding method to try and make the url appear as something valid.
What is a Stored Cross Site Scripting vulnerability

DVWA - CSRF (High)

In this chance, I will share my experience about DVWA. I have tried to complete DVWA with high level but I'm still confused. I still not understand about the purpose from this problem. this is some picture I've done :


Picture above is a page from CSRF with high level.


Friday, June 17, 2011

Difference of SQL Injection with SQL Injection (Blind)

Blind SQL Injection is a technique exploits the different databases with normal sql injection. On a regular sql injection will issue a value but in blind sql injection techniques will not issue a value anything but we will know the values by trial and error will the values / test is true or false value ...
GT here using the command
mid () = almost the same function as substring ()
char () = is a variable of character

Friday, June 10, 2011

Data Validation Testing

TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP-DV-001)
Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.
The following are the steps I have done :
1.      OWASP-DV-001
In this phase, I tried to write the following url :
http://akakom.ac.id/index.php?user=<script>alert(latihan)</script>, and here are the result :



Wednesday, June 8, 2011

Cookie and Session

Understanding COOKIES
Cookies are data files written to your hard disk by a Web server computer that is used to identify itself so that users on the site when the user re-visiting the site, the site will be able to recognize it.
Functions of cookies :
1.    Helping the web site to "remember" who we are and set the appropriate preferences so that when the user re-visiting this web site will be instantly recognizable.
2.  Eliminating the need to re-register on the web site again when accessing the (site only), cookies help the user logged into the web server.
3.   Allows web site to browse the web surfing patterns of users and to know your favorite sites are frequently visited.

Types of Cookies
1.    Non-persistent (session) cookies. A cookie that will disappear when users close the browser and is usually used on the 'shopping carts' in the online shopping store to browse the items

Tuesday, June 7, 2011

Session Management, Authorization Testing, Business Logic Testing

This time I will tell you what I have done on the topic on session management.

This describes how to analyse a Session Management Schema, with the goal to understand how the Session Management
mechanism has been developed and if it is possible to break it to bypass the user session. It explains how to test the
security of session tokens issued to the client's browser: how to reverse engineer a cookie, and how to manipulate cookies
to hijack a session.

The following are the steps I have done :
1. Session Management-001
    - open browser
  - on the browser, click edit => Preferences => Advanced => Network => Setting => on the manual proxy configuration, use 127.0.0.1 as HTTP proxy and use 8008 as port.
    - open webscarab

Sunday, June 5, 2011

Introduction to Computer Security

There is no precise definition for 'safe' or 'unsafe' in the computer system. Development of science and technology that lead to things like that.
Security is something that allows the system and users to :
·         Verify the identity of the entity
·         Maintain valuable information (personal data, passwords, etc.)

Computer Security Purpose :
·         To safe the secret data / information (confidentiality)
·         To prevent data from changes by unauthorized parties (integrity)
·         To ensure that data is available when needed

Some solution to make our computer more secure are below :
·         Update OS
·         Use antivirus (more than one)
·         Update your antivirus databases
     

Saturday, June 4, 2011

Configuration Management Testing

This time I will tell you about material related to OWASP Testing Configuration Management. After reading the book from the OWASP testing guide about me and my group to try to practice the material on Testing Configuration Management. The following are the steps we have done :
1.      SSL / TLS Testing
With the konsole we write this command :
root@bt:~# nmap -F -sV akakom.ac.id
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-04 19:08 WIT
Nmap scan report for akakom.ac.id (110.76.151.2)
Host is up (0.97s latency).
Not shown: 87 closed ports
PORT    STATE    SERVICE      VERSION
22/tcp  open     ssh          OpenSSH 5.5 (protocol 2.0)
25/tcp  open     smtp         Sendmail 8.14.4/8.14.4
53/tcp  open     domain
80/tcp  open     http         Apache httpd

GPG Tutorial

Network Security is very important. but, awareness of that is still lacking. if we have important file in our computer we must safe that file from the others.
In this time I want to tell about PGP. PGP can safe our file our email from the others. this is steps to use PGP to safe our email.
If we use Linux as our OS, we can write on konsole below :
root@bt:~# gpg --gen-key
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

Friday, June 3, 2011

Network Security Material

In this chance, I want to tells about something that I get from the material this afternoon. Me and my friends are invited to learn about network security in our campus.
Network security is very important, but many of us underestimate about it.
In this case we are required to think as a striker because of an attacker we can find holes or weaknesses and fix them for cover or reduce the gap of our network security.
There are several stages or steps that we can do to guide us in network security :
-         Information gathering
In this section we can collect the information from our target like OS that used the target, server, port, etc.
-         Configurating management testing
-         Authentication testing
-         Session management
-         Authorization testing
-         Data validation testing
-         And so on.

Thursday, June 2, 2011

INFORMATION GATHERING

This time I will tell my first exercise of information gathering.
1.      OWASP-IG-001
Black box testing :
by using the console, I write this command :
--2011-06-02 09:48:22-- http://www.akakom.ac.id/robots.txt
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt'

100%[=============================================================>] 304 --.-K/s in0s

2011-06-02 09:48:22 (25.2 MB/s) - `robots.txt' saved [304/304]