0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

500

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

540

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

190

Infectious Media with Rubber Ducky

1

580

Other Decks in Technology

See All in Technology

SoccerNet GSRの紹介と技術応用：選手視点映像を提供するサッカー作戦盤ツール

PRO

1

160

全てGoで作るP2P対戦ゲーム入門

3

1.3k

Azure Well-Architected Framework入門

0

260

許しとアジャイル

1

110

タスクって今どうなってるの？3.14の新機能 asyncio ps と pstree でasyncioのデバッグを (PyCon JP 2025)

1

250

Access-what? why and how, A11Y for All - Nordic.js 2025

1

100

BtoBプロダクト開発の深層

0

180

extension 現場で使えるXcodeショートカット一覧

0

200

Geospatialの世界最前線を探る [2025年版]

3

480

業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025

0

180

関係性が駆動するアジャイル──GPTに人格を与えたら、対話を通してふりかえりを習慣化できた話

0

130

インサイト情報からどこまで自動化できるか試してみた

0

140

Featured

See All Featured

The Language of Interfaces

162

25k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

54

3k

Optimizing for Happiness

379

70k

Building Applications with DynamoDB

96

6.6k

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

9

570

Fashionably flexible responsive web design (full day workshop)

407

66k

Practical Tips for Bootstrapping Information Extraction Pipelines

PRO

23

1.5k

The Psychology of Web Performance [Beyond Tellerrand 2023]

49

3.1k

Intergalactic Javascript Robots from Outer Space

273

27k

The Success of Rails: Ensuring Growth for the Next 100 Years

46

7.6k

Large-scale JavaScript Application Architecture

514

110k

GraphQLの誤解/rethinking-graphql

73

11k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]