owst - orange web security toolkit documentation
DESCRIPTION
TRANSCRIPT
![Page 1: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/1.jpg)
Orange Web Sec Toolkit.網站安全檢測工具[email protected]
![Page 2: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/2.jpg)
This was written for educational purpose.We are good person. Don’t be evil :P
![Page 3: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/3.jpg)
Web Scanner
![Page 4: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/4.jpg)
Web Scanner
![Page 5: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/5.jpg)
Web Scanner
• 網站敏感目錄、具有危險性的路徑檢查• 自訂副檔名– 使用 | 分隔
• 自訂失敗的 HTTP status– 301 moved permanently– 302 found
• 自訂失敗的錯誤頁面– NotExists.html
![Page 6: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/6.jpg)
Decoder / Encoder
• Text to Hex• Hex to Text• URL Encode / Decode• Base64 Encode /
Decode• MSSQL CHAR()• JavaScript unescape to
C array (for shellcode)
![Page 7: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/7.jpg)
Decoder / Encoder
![Page 8: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/8.jpg)
SQL Injector
![Page 9: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/9.jpg)
SQL Injector
• 自動化判斷注入型態以及資料庫類型
• 可使用 GET / POST
• 目前支援– ACCESS– MYSQL UNION– MYSQL BLIND– MYSQL ERROR BASED– MSSQL BLIND– MSSQL ERROR BASED– ORACLE BLIND– ORACLE ERROR BASED– ORACLE UTL_HTTP
![Page 10: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/10.jpg)
SQL Injector
• 網址輸入後可自訂注入型態以及資料庫型態,如不清楚可保持 AUTO 讓程式自動判斷是否存在弱點
• 網址輸入後按下 Start 按鈕即可進行
![Page 11: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/11.jpg)
SQL Injector
• 按下 Get Table 可取得所有 Table list
![Page 12: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/12.jpg)
SQL Injector
• 選定需要的 Table 打勾後按下 Get Column 可取得所有 Column list
![Page 13: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/13.jpg)
SQL Injector
• 選定需要的 Column 打勾後按下 Get data可取得所有欲取得的資料
![Page 14: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/14.jpg)
Advanced SQL Injector
![Page 15: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/15.jpg)
Advanced SQL Injector
• 目前支援– MYSQL load_file– MYSQL into outfile– MSSQL xp_dirtree– MSSQL xp_cmdshell– PHP eval connector– ASP eval/execute connector– Struts2 Code Execution
![Page 16: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/16.jpg)
Advanced SQL Injector
• MYSQL load_file• 輸入網址以及欲讀取
的檔案按下 Start 即可讀取
• p.s. MYSQL root only
![Page 17: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/17.jpg)
Advanced SQL Injector
• MYSQL into outfile• 輸入網址以及檔案參
數按下 Start 即可• p.s. MYSQL root only• MAGIC_QUOTE = Off
![Page 18: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/18.jpg)
Advanced SQL Injector
• egg.php?key=phpinfo();• 成功畫面
![Page 19: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/19.jpg)
Advanced SQL Injector
• MSSQL xp_dirtree
• p.s. db_owner & sysadmin Only (Pulic will be in next version)
![Page 20: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/20.jpg)
Advanced SQL Injector
• MSSQL xp_cmdshell
• sysadmin only
![Page 21: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/21.jpg)
Advanced SQL Injector
• Struts2 Code Execution
• URL pattern is like http://site/xxx.action
![Page 22: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/22.jpg)
Authorization Cracker
• 支援– 401 Authorization– Web Login Form
( 不存在圖形驗證碼 )
![Page 23: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/23.jpg)
Settings
![Page 24: OWST - Orange Web Security Toolkit Documentation](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c68ffc4a7959bc708b457b/html5/thumbnails/24.jpg)
測試版本中,有錯誤以及建議歡迎回報