zz2-f5-websec.md 7.99 KB
Newer Older
Vincent Mazenod's avatar
Vincent Mazenod committed
1
2
Title: ZZ2 F5 - Securité logicielle (2/2) - sécurité des applications web
Date: 2019-11-20 10:55
mazenovi's avatar
mazenovi committed
3
4
5
6
7
8
9
Category: <i class='fa fa-graduation-cap' aria-hidden='true'></i> &Eacute;tudiants
Tags: cours

[TOC]

## Plan du cours

Vincent Mazenod's avatar
Vincent Mazenod committed
10
### Architecture
mazenovi's avatar
mazenovi committed
11

Vincent Mazenod's avatar
Vincent Mazenod committed
12
13
14
* [HTTP](slides/1337/http.html)
* [HTTPS](slides/privacy/tls.html#/0/52)
* [JS](slides/1337/js.html)
mazenovi's avatar
mazenovi committed
15

Vincent Mazenod's avatar
Vincent Mazenod committed
16
### Pentesting
mazenovi's avatar
mazenovi committed
17

Vincent Mazenod's avatar
Vincent Mazenod committed
18
19
* [Collecter](slides/1337/collecting.html)
* [Détecter](slides/1337/detecting.html)
Vincent Mazenod's avatar
websec    
Vincent Mazenod committed
20
    * [Heartbleed](slides/1337/heartbleed.html)
mazenovi's avatar
mazenovi committed
21

Vincent Mazenod's avatar
Vincent Mazenod committed
22
### Mécanisme
mazenovi's avatar
mazenovi committed
23

Vincent Mazenod's avatar
Vincent Mazenod committed
24
* [Authentification](slides/1337/authentication.html)
mazenovi's avatar
mazenovi committed
25

Vincent Mazenod's avatar
Vincent Mazenod committed
26
### Vulnérabilités communes
mazenovi's avatar
mazenovi committed
27

Vincent Mazenod's avatar
Vincent Mazenod committed
28
29
30
31
32
33
34
35
* [Command execution](slides/1337/cmdi.html)
    * [Shellshock](slides/1337/shellshock.htm)
* [Upload](slides/1337/upload.htm)
* [LFI_RFI](slides/1337/fi.htm)
* [XSS](slides/1337/xss.html)
* [CSRF](slides/1337/csrf.html)
* [SQLi](slides/1337/sqli.htm)
    * [Drupalgeddon](slides/1337/drupalgeddon.htm!)
mazenovi's avatar
mazenovi committed
36

Vincent Mazenod's avatar
Vincent Mazenod committed
37
### Se protéger
mazenovi's avatar
mazenovi committed
38

Vincent Mazenod's avatar
Vincent Mazenod committed
39
40
* [Top10](slides/1337/top10.htm)
* [anticiper](slides/1337/anticiper.htm)
mazenovi's avatar
mazenovi committed
41

Vincent Mazenod's avatar
Vincent Mazenod committed
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<div class="panel panel-success">
  <div class="panel-heading">
    <h3 class="panel-title">FYI</h3>
  </div>
  <div class="panel-body">
    <ul>
      <li>Tous les slides sont fait avec <a href="https://github.com/hakimel/reveal.js">reveal.js</a>
        <ul>
          <li>ils sont exportables en pdf en ajoutant <code>?print-pdf#</code> à l'url (à coller juste après le <code>.html</code>) et en passant par l'impression dans un fichier du navigateur chrome ou (mieux) <a href="https://www.chromium.org/">chromium</a>
            <ul>
              <li>plus de détails sur l'<a href="https://github.com/hakimel/reveal.js/#pdf-export">export PDF de reveal</a></li>
            </ul>
          </li>
        </ul>
      </li>
    </ul>
  </div>
</div>

mazenovi's avatar
mazenovi committed
61
62
## Recréer l'environnement de cours dans VirtualBox

63
64
* testé avec [VirtualBox 5.2.18](https://download.virtualbox.org/virtualbox/5.2.18/virtualbox-5.2_5.2.18-124319~Ubuntu~bionic_amd64.deb) sous [Ubuntu Bionic](http://releases.ubuntu.com/bionic/)
  * et les [extensions pack associés](https://download.virtualbox.org/virtualbox/5.2.18/Oracle_VM_VirtualBox_Extension_Pack-5.2.18.vbox-extpack)
mazenovi's avatar
mazenovi committed
65
66

```
67
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.18.vbox-extpack
mazenovi's avatar
mazenovi committed
68
69
70
```

sous windows vous devrez peut être utiliser le path entier de vboxmanage
mazenovi's avatar
mazenovi committed
71
72
73
74
75
76
77

```
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"
```

### Créer un réseau NAT

mazenovi's avatar
mazenovi committed
78
```bash
mazenovi's avatar
mazenovi committed
79
vboxmanage  natnetwork add --netname natwebsec --network "172.16.76.0/24" --enable --dhcp off
mazenovi's avatar
mazenovi committed
80
81
```

mazenovi's avatar
mazenovi committed
82
### Télécharger les images OVA
mazenovi's avatar
mazenovi committed
83
84
85

voir [https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/](https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/)

mazenovi's avatar
mazenovi committed
86
```bash
mazenovi's avatar
mazenovi committed
87
88
89
90
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/debian.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/proxy.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/kali.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/thenetwork.ova&dl=1
Vincent Mazenod's avatar
Vincent Mazenod committed
91
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/ubuntu-server-18.04.ova&dl=1
mazenovi's avatar
mazenovi committed
92
93
94
95
96
97
98
99
100
101
102
103
```
<div class="panel panel-warning">
  <div class="panel-heading">
    <h3 class="panel-title">FYI</h3>
  </div>
  <div class="panel-body">
    il y a environ 7 Go d'images, n'hésitez pas à vous les faire passer via des clés USB
  </div>
</div>

### Importer les images OVA

mazenovi's avatar
mazenovi committed
104
```bash
mazenovi's avatar
mazenovi committed
105
106
107
108
vboxmanage import debian.ova
vboxmanage import proxy.ova
vboxmanage import kali.ova
vboxmanage import thenetwork.ova
Vincent Mazenod's avatar
Vincent Mazenod committed
109
vboxmanage ubuntu-server-18.04.ova
mazenovi's avatar
mazenovi committed
110
111
```

mazenovi's avatar
mazenovi committed
112
### Configurer le réseau pour chaque vm
mazenovi's avatar
mazenovi committed
113

mazenovi's avatar
mazenovi committed
114
115
116
117
118
```bash
vboxmanage modifyvm debian --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm proxy --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm kali --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm thenetwork --nic1 natnetwork --nat-network1 natwebsec
Vincent Mazenod's avatar
Vincent Mazenod committed
119
vboxmanage modifyvm ubuntu-server-18.04 --nic1 natnetwork --nat-network1 natwebsec
mazenovi's avatar
mazenovi committed
120
121
```

mazenovi's avatar
mazenovi committed
122
123
![réseau vm](images/etudiants/vm-network.png)

mazenovi's avatar
mazenovi committed
124
### (optionnel) Mettre en place le port-forwarding sur debian
mazenovi's avatar
mazenovi committed
125

mazenovi's avatar
mazenovi committed
126
```bash
Vincent Mazenod's avatar
Vincent Mazenod committed
127
128
129
130
131
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1722:[172.16.76.142]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1723:[172.16.76.143]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1724:[172.16.76.144]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1725:[172.16.76.145]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1726:[172.16.76.146]:22"
mazenovi's avatar
mazenovi committed
132
133
```

mazenovi's avatar
mazenovi committed
134
### (optionnel) Se connecter en ssh
mazenovi's avatar
mazenovi committed
135

mazenovi's avatar
mazenovi committed
136
```bash
Vincent Mazenod's avatar
Vincent Mazenod committed
137
138
139
140
141
ssh -p 1722 mazenovi@127.0.0.1 #thenetwork
ssh -p 1723 mazenovi@127.0.0.1 #proxy
ssh -p 1724 mazenovi@127.0.0.1 #debian
ssh -p 1725 mazenovi@127.0.0.1 #kali
ssh -p 1726 mazenovi@127.0.0.1 #ubuntu server 18.04
mazenovi's avatar
mazenovi committed
142
143
```

mazenovi's avatar
mazenovi committed
144
## (fix) En cas de réseau injoignable sur proxy et thenetwork
mazenovi's avatar
mazenovi committed
145
146
147

si

mazenovi's avatar
mazenovi committed
148
```bash
mazenovi's avatar
mazenovi committed
149
ping 172.16.76.145 # ping sur kali
mazenovi's avatar
mazenovi committed
150
151
152
153
```

renvoie

mazenovi's avatar
mazenovi committed
154
```bash
mazenovi's avatar
mazenovi committed
155
156
157
158
159
connect: Network is unreachable
```

vérifier le numéro de votre interface réseau

mazenovi's avatar
mazenovi committed
160
161
162
```bash
student@proxy:~$ ifconfig -a

mazenovi's avatar
mazenovi committed
163
eth2      Link encap:Ethernet  HWaddr 08:00:27:ae:b5:20
mazenovi's avatar
mazenovi committed
164
          inet adr:172.16.76.143  Bcast:172.16.76.255  Masque:255.255.255.0
mazenovi's avatar
mazenovi committed
165
166
167
168
169
170
171
          adr inet6: fe80::a00:27ff:feae:b520/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:24 erreurs:0 :0 overruns:0 frame:0
          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          Octets reçus:4789 (4.7 KB) Octets transmis:4679 (4.6 KB)

mazenovi's avatar
mazenovi committed
172
lo        Link encap:Boucle locale
mazenovi's avatar
mazenovi committed
173
174
175
176
177
178
179
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          Packets reçus:54 erreurs:0 :0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          Octets reçus:4076 (4.0 KB) Octets transmis:4076 (4.0 KB)
mazenovi's avatar
mazenovi committed
180
181
```

mazenovi's avatar
mazenovi committed
182
par exemple ce numéro peut être eth2 (comme ci dessus) au lieu de eth0
mazenovi's avatar
mazenovi committed
183
184
185

il faut alors modifier le fichier /etc/network/interfaces en fonction

mazenovi's avatar
mazenovi committed
186
```bash
mazenovi's avatar
mazenovi committed
187
188
189
190
student@proxy:~$ sudo vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
mazenovi's avatar
mazenovi committed
191

mazenovi's avatar
mazenovi committed
192
193
194
195
196
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
mazenovi's avatar
mazenovi committed
197
198
199
auto eth2
iface eth2 inet static
        address 172.16.76.143
mazenovi's avatar
mazenovi committed
200
        netmask 255.255.255.0
mazenovi's avatar
mazenovi committed
201
        gateway 172.16.76.1
mazenovi's avatar
mazenovi committed
202
203
204
205
```

puis activer l'interface réseau

mazenovi's avatar
mazenovi committed
206
```bash
mazenovi's avatar
mazenovi committed
207
student@proxy:~$ sudo ifup eth2
mazenovi's avatar
mazenovi committed
208
209
210
211
```

réessayer

mazenovi's avatar
mazenovi committed
212
213
```bash
ping 172.16.76.145 # ping sur kali
mazenovi's avatar
mazenovi committed
214
215
```

mazenovi's avatar
mazenovi committed
216
217
218
Ce bug est dû à la numérotation fantaisiste d'Ubuntu des interfaces réseau ...


mazenovi's avatar
mazenovi committed
219
## liste des vms / noms de domaine
mazenovi's avatar
mazenovi committed
220
221

```
mazenovi's avatar
mazenovi committed
222
223
# SecLab
172.16.76.143 proxy secured heart.bleed fo.ol #proxied version of dum.my
mazenovi's avatar
mazenovi committed
224

mazenovi's avatar
mazenovi committed
225
226
227
228
229
230
231
232
233
172.16.76.144 good.one go.od targ.et
172.16.76.144 mutillid.ae
172.16.76.144 dvwa.com dv.wa
172.16.76.144 d.oc
172.16.76.144 dum.my
172.16.76.144 drup.al hackable-drupal.com drupal
172.16.76.144 wordpre.ss bl.og wp wordpress
172.16.76.144 spip sp.ip
172.16.76.145 bad.guy hack.er 1337.net
mazenovi's avatar
mazenovi committed
234

mazenovi's avatar
mazenovi committed
235
172.16.76.142 thenetwork
mazenovi's avatar
mazenovi committed
236

mazenovi's avatar
mazenovi committed
237
172.16.76.1   us.er
mazenovi's avatar
mazenovi committed
238
```
mazenovi's avatar
mazenovi committed
239
240
241

## Evaluation

Vincent Mazenod's avatar
Vincent Mazenod committed
242
* Examen écrit en fin de session
mazenovi's avatar
mazenovi committed
243

Vincent Mazenod's avatar
Vincent Mazenod committed
244
<!--
mazenovi's avatar
mazenovi committed
245
## Mini projet en binôme
mazenovi's avatar
mazenovi committed
246

Vincent Mazenod's avatar
Vincent Mazenod committed
247
248
* [Enoncé](https://drive.mesocentre.uca.fr/f/d9e76a8e45934a069890/?dl=1)

Vincent Mazenod's avatar
Vincent Mazenod committed
249
* [Enoncé](https://drive.mesocentre.uca.fr/f/54bdd1a80c184bbcb63e/?dl=1)
mazenovi's avatar
mazenovi committed
250

Vincent Mazenod's avatar
Vincent Mazenod committed
251
* Rendu le 25/03/2019 à 23h59 dernier délais
mazenovi's avatar
mazenovi committed
252

Vincent Mazenod's avatar
Vincent Mazenod committed
253
    * à [vincent.mazenod@uca.fr](mailto:vincent.mazenod@uca.fr)
mazenovi's avatar
mazenovi committed
254
255

      * ```[TP websec]``` dans le sujet du mail ... sinon je vous perds ;)
mazenovi's avatar
mazenovi committed
256

mazenovi's avatar
mazenovi committed
257
258
    * Tous les fichiers nommés en NOMETUDIANT1_NOMETUDIANT2_nomfichier.ext

Vincent Mazenod's avatar
Vincent Mazenod committed
259
260
 -->
 
mazenovi's avatar
mazenovi committed
261
262
## Evaluation du cours

Vincent Mazenod's avatar
Vincent Mazenod committed
263
Vous avez aimé ou vous avez détesté ce cours ... [donnez moi votre avis et aidez moi à l'améliorer (en tout anonymat)](https://docs.google.com/forms/d/1w65KH2cnL_DbTKrUT-2AMvQ_p0Ht-wfSJT2YLEB8l7E/prefill)
mazenovi's avatar
mazenovi committed
264
265


mazenovi's avatar
mazenovi committed
266
267
268
## See also

* [faire son propre seclab](https://blog.mazenod.fr/faire-son-propre-seclab.html)