Upload File

palestra - meetup wordpress brasília 2014 - wordpress vs hacker

  • Home
  • Technology
  • Palestra - Meetup WordPress Brasília 2014 - WordPress vs Hacker
26
WordPress vs Hacker Blindando seu WordPress

Upload: as-zone

Post on 16-Aug-2015

76 views

Category:

Technology


3 download

Report

TRANSCRIPT

  1. 1. WordPress vs Hacker Blindando seu WordPress
  2. 2. Quem somos?
  3. 3. Quem sou ? Lenon Leite @lenonleite DevOps + Workholic + TDAH = EU
  4. 4. Quem sou ? Thiago Dieb @thiagodieb -- -- -- Fresco ++ Ansioso; -- TDAH; que o Lenon;
  5. 5. WordPress Seguro 100% seguro == false; WordPress ou Cms prprio? WordPress Estvel; Rpida resposta de atualizao; Colaborativo;
  6. 6. E os plugins e temas? Todos os Plugins e Temas so do WordPress == false; Utilidade X Segurana == (?); Pagos X No pagos == (?); Quanto ++ Plugins == ++ Risco; Temas falsificados == ++ Risco;
  7. 7. Vamos comear.
  8. 8. A falhas em temas e plugins... LFD; ( local file download ) File Upload; Sql Injection; Brute Force;
  9. 9. LFD ThemeForest e CodeCanyon; Lista mais de mil temas =O http://marketblog.envato.com/news/affected-themes/
  10. 10. LFD
  11. 11. LFD Exemplo ... http://wordpress.local/wp-admin/admin-ajax.php? action=revslider_show_image&img=../wp-config.php http://wordpress.local/wp-admin/admin-ajax.php? action=revslider_show_image&img=../../../../etc/passwd
  12. 12. File upload
  13. 13. Sql injection Exemplo ... http://wordpress.local/wp-content/plugins/formcraft/form. php?id=1%27 python sqlmap.py -u 'http://wordpress.local/wp- content/plugins/formcraft/form.php?id=1' --dbs
  14. 14. Bruteforce
  15. 15. Modo de proteo
  16. 16. Previnir - Easy Admin para outro nome == false; Senha HARDCORE == true; Somente Plugins e Temas que vai utilizar == true; Vrios plugin de segurana == false; Pesquisar sobre os plugins e temas utilizados == true; Modo Debug false; Manter sistemas atualizados;
  17. 17. Previnir - Medium Desabilitar a funo de edio de tema == true; Bloquear Brute force 1 == true; Bloquear visualizao de pasta == true; Usar robots.txt == true; Acessar todos os dias == true; Comprar temas ou plugins == false;
  18. 18. Previnir - Hard Preprao de infra == true; Pentest no prprio site == true pra porra! Use WpScan; Use Accunetix; Use Metaexploit; Alterar e bloquear o wp-admin/ == true; Sempre informado == true;
  19. 19. No basta s proteger o WordPress
  20. 20. O cuidado deve ser alm
  21. 21. Olha quem caiu kkkk
  22. 22. Olha quem caiu kkkk Globo
  23. 23. Olha quem caiu kkkk Extra
  24. 24. Finalizando... @lenonleite www. lenonleite.com.br @ThiagoDieb www.dieb.com.br
  25. 25. Ferramentas WpScan -> Scan de vunerabilidades em WordPress. http://wpscan.org/ SqlMap -> Explorao de sql injection. http://sqlmap.org/ MetaSploit -> Explorao de vulnerabilidades. http://www.metasploit.com/ Acunetix -> Explorao de vulnerabilidades. http://www.acunetix.com/ John the Ripper -> Ferramenta de Brute Force, e quebra de hashs. http://www.openwall.com/john/ InurlBr -> Vunerabilidades em Massa. https://github.com/googleinurl/SCANNER-INURLBR
  26. 26. Sites e Links importantes. Exploiters http://www.exploit-db.com/ http://1337day.com/ https://www.facebook.com/inj3ct0rs http://www.cvedetails.com/ Links interessantes http://www.wordpressexploit.com/ https://www.facebook.com/inj3ct0rs

Meetup Wordpress #OpenExpoDay 2014

Saigon Wordpress Meetup - Themes Wordpress Meetup

Wordpress eCommerce with Woocommerce - Meetupfiles.meetup.com/1564158/Wordpress Meetup eCommerce Presentat… · WordPress eCommerce with WooCommerce 2 WordPress Westchester Meetup

2 WordPress Meetup Serbia

Saigon Wordpress Meetup - Do Less Work By Securing Your Wordpress Site From Hacker - Thomas

Global WordPress Translation Day – WordPress Meetup FRA

Seguridad WordPress Meetup Majadahonda

WordPress Security @ Vienna WordPress + Drupal Meetup

WordPress Comments (November Meetup)

WordPress Security Presentation from South Florida WordPress Meetup

WordPress Meetup Nijmegen 2016

Developers meetup wordpress presentation

Hacker News Meetup April 2014

Content Marketing With WordPress -- Tallahassee WordPress Meetup

Presentation wordpress | WordPress Greek Community 1st meetup

Vancouver WordPress Meetup - WordPress 101

Meetup WordPress Brasília 2014 - WordPress vs Hacker

SEO para WordPress - Curitiba WordPress Meetup

WordPress meetup Copenhagen 2011.04.16

Growing your WordPress Meetup

WordPress In the Enterprise - East Bay WordPress Meetup

WordPress Security - WordPress Meetup Copenhagen 2013

Wordpress Meetup - Junio 2015

MainWP @ WordPress Bilbao Meetup

Growth Hacker Meetup, Riga: Getting Early Traction

WordPress Houston Meetup - Using WordPress as a CMS

WordPress India Introductory Meetup

Wordpress meetup

WooCommerce Melbourne WordPress Meetup

WordPress Hacker Prevention

Sacramento WordPress Meetup 092111

Twitter Meetup at the Hacker Dojo

II Meetup WordPress Pontevedra

wise.io meetup at Hacker Dojo

WordPress Cases met Koppelingen - WordPress Meetup Nijmegen