Team RISC
Team RISC nullcon 2012 Jailbreak presentation
Jan 24, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Team RISC
Our story of Jail break !
Aim
Find zero day in Joomla ( I'm-possible in 36 Hrs ;) )
Eating only this ...
Why Joomla/Gymla ?
● Challenge !● Learn exploitation in complex
web applications● IBM X-force paper on CMS
security.
Vulns in Drupal
Vulns in Wordpress
Vulns in Joomla
How its generally done ?
Source codeAuditing
Fuzzing
0 day vulnerability
What we did ?
Methodology
Know your enemy
If you know your enemies and know yourself, you will not be imperiled in a hundred battles
-- Sun Tzu, the art of war
Set up the Attacking environment
Study the Joomla architecture
Components, modules, plugins
Source code Auditing
●Identify vulnerable Functions●Analyze the entry points●Analyze Input Validations.
The entry points
More ...
Few more ...
Exec call
RIPS output
Fuzzing● Find the entry points ● SQL Injection● XSS● CSRF● Command Injection● Click Jacking with Drag and drop
JBroFuzz
Clickjacking
Tools used for Source code auditing
● The mighty grep● RIPS● RATS
Tools used for Fuzzing
JBroFuzz
Burp Suite
WebScarab
References
● http://www.exploit-db.com/papers/15780/
● Burp Suite
● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119
Thanks to ...
Omair, Amol Naik, Null team and especially our Jailer
Questions ?
हकैर हकै्या ? हकैर
Related Documents
