92
edits
Workshops/Web Hacking: Difference between revisions
From London Hackspace Wiki
no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
==Workshop #2== | |||
While the masses demanded the 15th May, this isnt a democracy. Due to | |||
the Ardino workshop on the same day who will also be after the quiet | |||
room, I've decided upon the 21st of May, 1300 - ~1700. | |||
== | ===Details of workshop #2=== | ||
'''We will be covering''' | |||
* CSRF | |||
* Blind SQL Injection | |||
* How to turn SQL injection into owning the box outright | |||
* If anyone has anything else they'd like to look at, say so | |||
'''You will need the following equipment and software''' | |||
* A portable computer which can access the space's wireless network Firefox | |||
* The Sun/Oracle Java Runtime Environment (JRE) | |||
* Burp Suite ( pro or demo version from http://portswigger.net/ ) | |||
* Netcat (easy to use) or socat (a bit of a pain, but awesomely powerful) | |||
* All of these tools will run on Mac/Windows/Linux/BSD, take your pick | |||
'''You will need the following skills''' | |||
* A basic understanding of Stored and Reflected XSS | |||
* A basic understanding of SQL Injection | |||
* A little practice of using Burp Suite | |||
* A vague understanding of HTTP | |||
===Workshop #1 rerun=== | |||
If you do not have these skills, a quick rerun of workshop #1 will be | |||
running form 1030-1230 | |||
'''For this you will just need''' | |||
* Firefox | |||
* The Sun/Oracle Java Runtime Environment (JRE) | |||
* A portable computer which can access the space's wireless network | |||
* General computer literacy and half a brain | |||
* TO BE ON TIME! * | |||
* Last time some people arrived late and after a point I just didnt | |||
have time help them get setup and to troubleshoot their laptops. | |||
==Proposed Topics== | ===Proposed Topics=== | ||
CSRF<br> | CSRF<br> | ||
A Real Audit [[One Click Orgs]] | A Real Audit [[One Click Orgs]] | ||
==Apologies / Request for repeat== | ==Other Details== | ||
===It's free=== | |||
If anyone attempts to pay me this time around, I'll be taking your | |||
cash and putting it towards some good whiskey. Instead id recommend | |||
donating it to the space or becoming a member | |||
==It's in the quiet room, Lab 24 | |||
===Resources=== | |||
[http://anders.dmcdonald.net anders] - A vulnerable webserver available for practice | |||
==Workshop #1== | |||
Was held on the 16th of April. | |||
===Apologies / Request for repeat=== | |||
* Andrew Black. Afraid I have a memorial service to go to. Would have liked to have come | * Andrew Black. Afraid I have a memorial service to go to. Would have liked to have come | ||
