owasp mth3l3m3nt framework - africahackon · 2017-03-27 · • cheap to implement ; so many...
TRANSCRIPT
OWASP Mth3l3m3nt Framework
Munir Njiru GET /OMF/begin HTTP/1.1
HTTP/1.1 200 Ok
Cache-Control: private, no-cache, no-store, must- revalidate, max-age=0
Pragma: no-cache Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference
Connection: close
About Me
• Information Security Consultant at Pricewaterhouse Coopers (PwC)
• What I’ve been certified in: Ethical Ninja (Sama), Ethical Ninja (Senpai) , JavaScript for Pentesters (JFP)
• Project Lead for OWASP Mth3l3m3nt Framework.
• Chapter Leader OWASP (Kenya).
• The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
What is it?
• A penetration testing tool and exploitation framework to make penetration testing on the go a reality.
• Current Build Contains?
• Payload Store
• Cookie Theft Database
• Web Herd
• Shell Generator
• Payload Encoder
• Payload Decoder
• Client Side tools
• Whois
• LFI exploiter
Why Mth3l3m3nt?
• Limitations of portability of most web tools.
• Multiple modes of storage for penetration testing data e.g. payloads.
• Based on free tools (PHP, Js, HTML) and uses minimal dependencies.
• Cheap to implement ; so many choices:
• Shared Hosting
• VPS
• Phone/Tablet
• Local Server
• Webservers tested on for support:
• Litespeed
• Apache
• Lighttpd
• Nginx
• IIS
• You
Who can use it?
• Developers
• Security Professionals
• Students
• Software Testers
The Admin’s hand is in the cookie jar
For we came in peace to leave you in pieces
Fixes
• Whitelist what is allowed to be uploaded rather than upload and check once files are already on the server.
• Ensure you filter user input before putting it in the database.
• Test for security before launching.
• NEVER trust a user.
Improvements
• Make web herd have an even lesser fingerprint and also make it more flexible to support external versions of minimal shells via different methods.
• Amalgamate functions to prevent running too many remote commands.
• Include a Crawler/Scanner.
• Add support for other injection attacks.
• Better UI Design.
• Add integration capabilities with other tools of a similar nature.
• Include a module to handle social engineering attacks especially phishing via website vectors.
• Needs work on a generic LFI builder.
…..
Queries?
GET /Understood HTTP/1.1
HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, must-
revalidate, max-age=0 Pragma: no-cache
Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference Connection: close
Contact
GET /find/hacker HTTP/1.1
HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-
revalidate, max-age=0 Pragma: no-cache
Content-Type: text/html
Content-Length: 1148 Accept-Ranges: bytes
Server: Africahackon Conference Connection: close
Email : [email protected] Web : http://munir.skilledsoft.com Project: http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/ Twitter: @muntopia Phone : <Mteja Wa Nambari Hapatikani Kwa Sasa>