This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
About Me• Information Security Consultant at Pricewaterhouse Coopers (PwC)
• What I’ve been certified in: Ethical Ninja (Sama), Ethical Ninja (Senpai) , JavaScript for Pentesters (JFP)
• Project Lead for OWASP Mth3l3m3nt Framework.
• Chapter Leader OWASP (Kenya).
• The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
What is it?• A penetration testing tool and exploitation framework to make penetration
testing on the go a reality.
• Current Build Contains? • Payload Store• Cookie Theft Database• Web Herd• Shell Generator• Payload Encoder• Payload Decoder• Client Side tools • Whois• LFI exploiter
Why Mth3l3m3nt?• Limitations of portability of most web tools.
• Multiple modes of storage for penetration testing data e.g. payloads.
• Based on free tools (PHP, Js, HTML) and uses minimal dependencies.
• Cheap to implement ; so many choices: • Shared Hosting• VPS• Phone/Tablet• Local Server
• Webservers tested on for support: • Litespeed• Apache• Lighttpd• Nginx• IIS
• You
Who can use it?• Developers
• Security Professionals
• Students
• Software Testers
The Admin’s hand is in the cookie jar
For we came in peace to leave you in pieces
Fixes• Whitelist what is allowed to be uploaded rather than upload and check once
files are already on the server.
• Ensure you filter user input before putting it in the database.
• Test for security before launching.
• NEVER trust a user.
Improvements• Make web herd have an even lesser fingerprint and also make it more flexible
to support external versions of minimal shells via different methods.
• Amalgamate functions to prevent running too many remote commands.
• Include a Crawler/Scanner.
• Add support for other injection attacks.
• Better UI Design.
• Add integration capabilities with other tools of a similar nature.
• Include a module to handle social engineering attacks especially phishing via website vectors.
• Needs work on a generic LFI builder.
…..
Queries?GET /Understood HTTP/1.1
HTTP/1.1 404 Not FoundCache-Control: private, no-cache, no-store, must-