Warhead Sergey Belov whoami Pentester in Digital Security ERPScan Writer habrahabrru Xakep CTF Player Bug bounty member Google Yandex bugscollectorcom creator ID: 440709
Download Presentation The PPT/PDF document "NGinx" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
NGinx Warhead
Sergey BelovSlide2
whoami
Pentester in Digital Security / ERPScan;
Writer (habrahabr.ru, “
Xakep
”);CTF Player;Bug bounty member (Google, Yandex);bugscollector.com creator.Slide3
intro
Very easy0$
Not mentioned
in the wildSlide4
Part 1/3
NGinx – reverse proxySlide5
NGinx – reverse proxy
Client
Nginx
php
-fpm
ApacheSlide6
NGinx – reverse proxy
Client
Nginx
php
-fpm
Apache
??? http server
attacker.com
vuln.comSlide7
NGinx – reverse proxy
Step 1location / { proxy_pass http://vuln.com;
proxy_set_header
X-Real-IP $remote_addr; }}Slide8
NGinx – reverse proxy
Step 2proxy_set_header Host “vuln.com";sub_filter ‘vuln.com' ‘attacker.com';
sub_filter_once
off;Slide9
NGinx – reverse proxySlide10
Part 2/3
PhishingSlide11
Phishing
NGinx – tool for MitM/phishing?+ Identical design
+ Fully functional working
+ Logging all data (POST/GET)
+ Add custom JS/HTML- Another domain (DNS poising / router hacking, malware, evil apn config e.t.c.)Slide12
Phishing
Pentest Random exploit’s?Change response data (rights of social networks apps)Change apps swf
->
java (exploit)???Slide13
Part 3/3
DNS rebindingSlide14
DNS rebinding
-Another domain
- Very unstable
+ Can attack internal resourcesSlide15
DNS rebinding
Internal, not external!Slide16
DNS rebinding
C:\Users\BeLove>ping
www.ya.ru
Обмен пакетами с
ya.ru [87.250.250.203] с 32 байтами данныхSlide17
DNS rebinding
Remove it from
:
Pentester’s reports Most famous security scannersSlide18
Thanks!
demo:
http://zn.sergeybelove.ru
http
://twitter.com/sergeybelove