Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET...
Transcript of Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET...
![Page 1: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/1.jpg)
Jon McCoy
www.DigitalBodyGuard.com
Hacking .NET Applications:
The Black Arts AppSec-DC 2012
![Page 2: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/2.jpg)
AppSec-DC 2012
Hacking .NET Applications:
The Black Arts
Jon McCoy
www.DigitalBodyGuard.com
![Page 3: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/3.jpg)
.NET new and cross platform - Windows, OS-X, Linux, Android, IPhone, ARM
The attacks are not new nor only in .NET - C++, Java, ………….
Faster development time
Similar layout to JAVA
I happen to be good at .NET
WHY .NET
![Page 4: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/4.jpg)
HACKER VS ATTACKER
![Page 5: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/5.jpg)
![Page 6: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/6.jpg)
NOT AMS LEVEL
![Page 7: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/7.jpg)
WHY NOT ASM?
![Page 8: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/8.jpg)
NOT IDA PRO
![Page 9: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/9.jpg)
NOT IDA PRO
![Page 10: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/10.jpg)
IL – Intermediate Language
Code of the Matrix |||| NEW ASM
![Page 11: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/11.jpg)
C# - 15
IL - 34
ASM - 77
LINES
C# - 13 LINES DECOMPILE
![Page 12: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/12.jpg)
HOW MUCH CODE DO YOU NEED TO READ`
C# - 15 IL - 34 ASM - 77
![Page 13: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/13.jpg)
NOT IDA PRO
![Page 14: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/14.jpg)
![Page 15: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/15.jpg)
Attacking/Cracking
IN MEM |||| ON DISK
![Page 16: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/16.jpg)
ATTACKING .NET
ATTACK THE CODE ON DISK
![Page 17: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/17.jpg)
ATTACKING ON DISK
![Page 18: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/18.jpg)
GRAYWOLF
ON DISK EDIT
![Page 19: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/19.jpg)
ATTACK SECURITY
Microsoft
Media Center
![Page 21: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/21.jpg)
CRACK
PASSWORD
![Page 22: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/22.jpg)
CRACK
PASSWORD
Return True;
![Page 23: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/23.jpg)
ATTACKING .NET APPLICATIONS: AT RUNTIME
![Page 24: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/24.jpg)
GRAYDRAGON
INJECTION
![Page 25: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/25.jpg)
ATTACKING .NET
ATTACK WHILE THE APP IS RUNNING
![Page 26: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/26.jpg)
ASM THE OLD IS NEW ATTACK VECTOR (not new)
Shell Code - ASM
.NET has pointers
NO .NET Security
THIS IS SCARY!!!!
NEVER LET ME CALL
UNMANNAGED
………..
![Page 27: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/27.jpg)
ASM THE OLD IS NEW ATTACK VECTOR
![Page 28: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/28.jpg)
ASM THE OLD IS NEW ATTACK VECTOR
![Page 29: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/29.jpg)
Run and Inject
SECURITY
SYSTEMS
![Page 31: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/31.jpg)
101 - ATTACK ON DISK
Decompile - Get code/tech
Infect - Change the target's code
Remold/Recompile - WIN
Exploit - Take advantage
Connect/Open - Access Code
![Page 32: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/32.jpg)
THE WEAK SPOTS
Flip The Check
Set Value is “True”
Cut The Logic
Return True
Access Value
![Page 33: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/33.jpg)
FLIP THE CHECK SET VALUE TO “TRUE”
bool Registered = false; bool Registered = true; bool Registered = false;
If(a!=b) If(a==b) If(a==b)
![Page 34: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/34.jpg)
RETURN TRUE
bool IsRegistered()
{
Return TRUE;
........................
}
![Page 35: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/35.jpg)
CUT THE LOGIC
string sqlClean(string x)
{
Return x;
}
![Page 37: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/37.jpg)
CRACK THE KEY
Public/Private
3/B==Name*ID*7
Call Server
Demo = True;
Complex Math
==
==
==
==
== Complex Math
Change Key
ASK what is /B?
Hack the Call
Set Value
1% of the time the KeyGen is given
![Page 38: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/38.jpg)
PUBLIC/PRIVATE KEY
If you can beat them
Why join them
Key = “F5PA11JS32DA”
Key = “123456ABCDE”
![Page 39: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/39.jpg)
SERVER CALL
1. Fake the Call
2. Fake the Request
3. Fake the Reply
4. Win
Call Web Server = www.LocalHost.com
“Send”
SystemID = 123456789
*Registered = True*
Reg Code = f3V541
![Page 40: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/40.jpg)
REG CODE REPLAY
Name:
Code: ==
JON DOE
98qf3uy !=
*C 5G9P3
FAIL
![Page 41: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/41.jpg)
Name:
Code:
*C
5G9P3
REG CODE REPLAY
![Page 42: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/42.jpg)
Name:
Code: ==
JON DOE
5G9P3 ==
*C 5G9P3
WIN
REG CODE REPLAY
![Page 43: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/43.jpg)
COMPLEX MATH
1. Chop up the Math
2. Attack the Weak
3. ??????????
4. Profit
![Page 45: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/45.jpg)
Static Crypto Key
Vector init = 0
Clear TXT Password Storage
Encrypted Data
![Page 46: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/46.jpg)
WHAT STOPS THIS?
What is the security?
![Page 47: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/47.jpg)
PROTECTION ON DISK
Signed code (1024 bit CRYPTO)
Strong Names
Try to SHUTDOWN
Tampering
Protection – Security
Verify the creator
ACLs……… M$ stuff
![Page 48: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/48.jpg)
PRIVET KEY SIGNING Signed code is based on
Private Key - 1024 bit
Signed Hash of Code
………..
Identify and Verify the Author
![Page 49: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/49.jpg)
PROTECTION ON DISK
Protection - Security by 0b$cur17y Code Obfuscation
Shells / Packers / Encrypted(code)
Logic Obfuscation
Unmanaged calls…to C/C++/ASM
Try to SHUTDOWN
Decompilation
![Page 50: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/50.jpg)
![Page 51: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/51.jpg)
![Page 54: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/54.jpg)
REVIEW DOTFUSCATOR
Obfuscation will only
slows the attacker
Obfuscation applied
programmatically is not
100% effective
Causes low or no
Bugs
Does no add
vulnerabilities
Phone Home
If Tampered
![Page 55: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/55.jpg)
![Page 56: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/56.jpg)
UNPROTECTED / PROTECTED
![Page 57: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/57.jpg)
THE BEST DEFENSE IS A GOOD SNIPER
If you know the enemy and know
yourself, you need not fear the
results of a hundred battles. - Sun Tzu
![Page 58: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/58.jpg)
PROTECTION ON DISK
Shells
Pack/Encrypt the EXE
![Page 59: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/59.jpg)
IT CAN BE THAT EZ
What is the security? What is the security?
’T ‘T
![Page 60: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/60.jpg)
![Page 61: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/61.jpg)
STRONG NAME HACKING
![Page 62: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/62.jpg)
PRIVET KEY SIGNING Signed code is based on
Private Key - 1024 bit
Signed Hash of Code
………..
SIGNED CODE CHECKING IS
OFF BY DEFAULT
ATTACK VECTOR
![Page 63: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/63.jpg)
FAKE SIGNED DLL
![Page 64: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/64.jpg)
FAKE SIGNED DLL
[HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\.NETFramework]
"AllowStrongNameBypass"=dword:00000000
Turn Key Checking ON
![Page 65: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/65.jpg)
FAKE SIGNED DLL
ERROR
![Page 66: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/66.jpg)
FAKE SIGNED DLL
![Page 67: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/67.jpg)
VISUAL STUDIO Exploit – Run arbitrary code
First noted in 2004
Demo PowerShell - Matrix
Get developer Keys Attack the SVN & DB
ATTACK VECTOR
www.pretentiousname.com/misc/win7_uac_whitelist2.html
![Page 68: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/68.jpg)
YOU’RE NOT A HACKER WHY SHOULD YOU CARE?
Defend your Applications
Defend your Systems
Verify your Tools\Programs
![Page 69: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/69.jpg)
LOOK INSIDE
![Page 70: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/70.jpg)
DON’T LOOK
![Page 71: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/71.jpg)
SECURITY
The Login security check is
Does A == B
Does MD5%5 == X
Is the Pass the Crypto Key
![Page 72: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/72.jpg)
DATA LEAK
The Data sent home is
Application Info
User / Registartion Info
Security / System Info
![Page 73: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/73.jpg)
KEY
The Crypto Key is
A Hard Coded Key
The Licence Number
A MD5 Hash of the Pass
6Salt 6MD5 Hash of the Pass
![Page 74: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/74.jpg)
CRYPTO
The Crypto is
DES 64
Tripple DES 192
Rijndael AES 256
Home MIX (secure/unsecure)
![Page 75: Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy](https://reader034.fdocuments.net/reader034/viewer/2022051009/5a8875047f8b9ad30c8e694a/html5/thumbnails/75.jpg)
FIN