Workshops/Web Hacking: Difference between revisions

From London Hackspace Wiki
(Add datetime)
mNo edit summary
 
(26 intermediate revisions by 7 users not shown)
Line 1: Line 1:
__NOTOC__
==Workshop #2==


The first web hacking workshop will be held on Saturday 16th April at 13:00.
While the masses demanded the 15th May, this isnt a democracy. Due to
the Ardino workshop on the same day who will also be after the quiet
room, I've decided upon the 21st of May, 1300 - ~1700.


==Proposed Topics==
===Details of workshop #2===
===1===
HTTP, SSL, Web Proxies


===2===
'''We will be covering'''
Client Side Controls, Cross Site Scripting
* CSRF
* Blind SQL Injection
* How to turn SQL injection into owning the box outright
* If anyone has anything else they'd like to look at, say so


===3===
'''You will need the following equipment and software'''
SQL Injection
* A portable computer which can access the space's wireless network Firefox
* The Sun/Oracle Java Runtime Environment (JRE)
* Burp Suite ( pro or demo version from http://portswigger.net/ )
* Netcat (easy to use) or socat (a bit of a pain, but awesomely powerful)
* All of these tools will run on Mac/Windows/Linux/BSD, take your pick


===4===
'''You will need the following skills'''
Hacking a real application
* A basic understanding of Stored and Reflected XSS
* A basic understanding of SQL Injection
* A little practice of using Burp Suite
* A vague understanding of HTTP


===5===
'''Attendees'''<br>
Auditing [[One Click Orgs]]
Renski, Darren Hubbard, Prestwick, Tim Storey, Asc, Alex Muller, booyaa, Stefan from Krakow, [[User:Tenyen|TenYen]]
 
===Workshop #1 rerun===
 
If you do not have these skills, a quick rerun of workshop #1 will be
running form 1030-1230
 
'''For this you will just need'''
* Firefox
* The Sun/Oracle Java Runtime Environment (JRE)
* A portable computer which can access the space's wireless network
* General computer literacy and half a brain
* TO  BE ON TIME! *
 
<nowiki>*</nowiki> Last time some people arrived late and after a point I just didnt
have time help them get setup and to troubleshoot their laptops.
 
'''Attendees'''<br>
Renski, Darren Hubbard, Tim Storey, Asc, booyaa, Stefan from Krakow
 
==Other Details==
 
===It's free===
 
If anyone attempts to pay me this time around, I'll be taking your
cash and putting it towards some good whiskey. Instead I recommend
donating it to the space or becoming a member
 
===Location===
 
It's in the quiet room at Lab 24
 
===Resources===
* [http://anders.dmcdonald.net anders] - A vulnerable webserver available for practice
* [http://sqlzoo.net/ sqlzoo] - Excellent Resource on SQL Syntax
* [http://pentestmonkey.net/blog/mysql-sql-injection-cheat-sheet/ Pentest Monkey MSSQL Injection Cheat Sheet] - SQL Injection on MYSQL can sometimes get tricky, heres a decent cheat sheet
 
===Proposed Topics===
CSRF<br>
A Real Audit [[One Click Orgs]]
 
==Workshop #1==
 
Was held on the 16th of April.
 
===Topics Covered===
 
* Introduction to Reflected XSS
* Introduction to Stored XSS
* Introduction to SQL Injection
* Introduction to Client Side Controls
 
===Apologies / Request for repeat===
 
* Andrew Black. Afraid I have a memorial service to go to. Would have liked to have come
 
[[Category:Workshops]]

Latest revision as of 18:15, 8 May 2013

Workshop #2

While the masses demanded the 15th May, this isnt a democracy. Due to the Ardino workshop on the same day who will also be after the quiet room, I've decided upon the 21st of May, 1300 - ~1700.

Details of workshop #2

We will be covering

  • CSRF
  • Blind SQL Injection
  • How to turn SQL injection into owning the box outright
  • If anyone has anything else they'd like to look at, say so

You will need the following equipment and software

  • A portable computer which can access the space's wireless network Firefox
  • The Sun/Oracle Java Runtime Environment (JRE)
  • Burp Suite ( pro or demo version from http://portswigger.net/ )
  • Netcat (easy to use) or socat (a bit of a pain, but awesomely powerful)
  • All of these tools will run on Mac/Windows/Linux/BSD, take your pick

You will need the following skills

  • A basic understanding of Stored and Reflected XSS
  • A basic understanding of SQL Injection
  • A little practice of using Burp Suite
  • A vague understanding of HTTP

Attendees
Renski, Darren Hubbard, Prestwick, Tim Storey, Asc, Alex Muller, booyaa, Stefan from Krakow, TenYen

Workshop #1 rerun

If you do not have these skills, a quick rerun of workshop #1 will be running form 1030-1230

For this you will just need

  • Firefox
  • The Sun/Oracle Java Runtime Environment (JRE)
  • A portable computer which can access the space's wireless network
  • General computer literacy and half a brain
  • TO BE ON TIME! *

* Last time some people arrived late and after a point I just didnt have time help them get setup and to troubleshoot their laptops.

Attendees
Renski, Darren Hubbard, Tim Storey, Asc, booyaa, Stefan from Krakow

Other Details

It's free

If anyone attempts to pay me this time around, I'll be taking your cash and putting it towards some good whiskey. Instead I recommend donating it to the space or becoming a member

Location

It's in the quiet room at Lab 24

Resources

Proposed Topics

CSRF
A Real Audit One Click Orgs

Workshop #1

Was held on the 16th of April.

Topics Covered

  • Introduction to Reflected XSS
  • Introduction to Stored XSS
  • Introduction to SQL Injection
  • Introduction to Client Side Controls

Apologies / Request for repeat

  • Andrew Black. Afraid I have a memorial service to go to. Would have liked to have come