zz2-f5-websec.md 6.67 KB
Newer Older
Vincent Mazenod's avatar
Vincent Mazenod committed
1
2
Title: ZZ2 F5 - Securité logicielle (2/2) - sécurité des applications web
Date: 2019-11-20 10:55
mazenovi's avatar
mazenovi committed
3
4
5
6
7
8
9
10
11
Category: <i class='fa fa-graduation-cap' aria-hidden='true'></i> &Eacute;tudiants
Tags: cours

[TOC]

## Plan du cours

* Architecture

Vincent Mazenod's avatar
Vincent Mazenod committed
12
    * [HTTP](slides/1337/http.htm)
mazenovi's avatar
mazenovi committed
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

* Pentesting

    * [Collecter](https://doc.m4z3.me/_/1337/collecter.htm)
    * [Détecter](https://doc.m4z3.me/_/1337/detecter.htm)

* Exploit

    * [Heartbleed](https://doc.m4z3.me/_/1337/heartbleed.htm)

* Mécanisme

    * [Authentification](https://doc.m4z3.me/_/1337/AUTH.htm)

* Vulnérabilités communes

    * [Command execution](https://doc.m4z3.me/_/1337/CMDi.htm)

* Exploit

    * [Shellshock](https://doc.m4z3.me/_/1337/shellshock.htm)
    * [Upload](https://doc.m4z3.me/_/1337/upload.htm)
    * [LFI_RFI](https://doc.m4z3.me/_/1337/LFI_RFI.htm)
    * [XSS](https://doc.m4z3.me/_/1337/XSS.htm)
    * [CSRF](https://doc.m4z3.me/_/1337/CSRF.htm)
  * [SQLi](https://doc.m4z3.me/_/1337/SQLi.htm)

* Exploit

    * [Drupalgeddon](https://doc.m4z3.me/_/1337/drupalgeddon.htm)

* Se protéger

    * [Top10](https://doc.m4z3.me/_/1337/top10.htm)
    * [anticiper](https://doc.m4z3.me/_/1337/anticiper.htm)
    * [réagir](https://doc.m4z3.me/_/gdi/cnrs.htm#/cover)


## Recréer l'environnement de cours dans VirtualBox

53
54
* testé avec [VirtualBox 5.2.18](https://download.virtualbox.org/virtualbox/5.2.18/virtualbox-5.2_5.2.18-124319~Ubuntu~bionic_amd64.deb) sous [Ubuntu Bionic](http://releases.ubuntu.com/bionic/)
  * et les [extensions pack associés](https://download.virtualbox.org/virtualbox/5.2.18/Oracle_VM_VirtualBox_Extension_Pack-5.2.18.vbox-extpack)
mazenovi's avatar
mazenovi committed
55
56

```
57
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.18.vbox-extpack
mazenovi's avatar
mazenovi committed
58
59
60
```

sous windows vous devrez peut être utiliser le path entier de vboxmanage
mazenovi's avatar
mazenovi committed
61
62
63
64
65
66
67

```
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"
```

### Créer un réseau NAT

mazenovi's avatar
mazenovi committed
68
```bash
mazenovi's avatar
mazenovi committed
69
vboxmanage  natnetwork add --netname natwebsec --network "172.16.76.0/24" --enable --dhcp off
mazenovi's avatar
mazenovi committed
70
71
```

mazenovi's avatar
mazenovi committed
72
### Télécharger les images OVA
mazenovi's avatar
mazenovi committed
73
74
75

voir [https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/](https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/)

mazenovi's avatar
mazenovi committed
76
```bash
mazenovi's avatar
mazenovi committed
77
78
79
80
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/debian.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/proxy.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/kali.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/thenetwork.ova&dl=1
mazenovi's avatar
mazenovi committed
81
82
83
84
85
86
87
88
89
90
91
92
```
<div class="panel panel-warning">
  <div class="panel-heading">
    <h3 class="panel-title">FYI</h3>
  </div>
  <div class="panel-body">
    il y a environ 7 Go d'images, n'hésitez pas à vous les faire passer via des clés USB
  </div>
</div>

### Importer les images OVA

mazenovi's avatar
mazenovi committed
93
```bash
mazenovi's avatar
mazenovi committed
94
95
96
97
vboxmanage import debian.ova
vboxmanage import proxy.ova
vboxmanage import kali.ova
vboxmanage import thenetwork.ova
mazenovi's avatar
mazenovi committed
98
99
```

mazenovi's avatar
mazenovi committed
100
### Configurer le réseau pour chaque vm
mazenovi's avatar
mazenovi committed
101

mazenovi's avatar
mazenovi committed
102
103
104
105
106
107
108
```bash
vboxmanage modifyvm debian --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm proxy --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm kali --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm thenetwork --nic1 natnetwork --nat-network1 natwebsec
```

mazenovi's avatar
mazenovi committed
109
110
![réseau vm](images/etudiants/vm-network.png)

mazenovi's avatar
mazenovi committed
111
### (optionnel) Mettre en place le port-forwarding sur debian
mazenovi's avatar
mazenovi committed
112

mazenovi's avatar
mazenovi committed
113
```bash
mazenovi's avatar
mazenovi committed
114
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1337:[172.16.76.144]:22"
mazenovi's avatar
mazenovi committed
115
116
```

mazenovi's avatar
mazenovi committed
117
### (optionnel) Se connecter en ssh
mazenovi's avatar
mazenovi committed
118

mazenovi's avatar
mazenovi committed
119
```bash
mazenovi's avatar
mazenovi committed
120
ssh -p 1337 student@127.0.0.1
mazenovi's avatar
mazenovi committed
121
122
```

mazenovi's avatar
mazenovi committed
123
## (fix) En cas de réseau injoignable sur proxy et thenetwork
mazenovi's avatar
mazenovi committed
124
125
126

si

mazenovi's avatar
mazenovi committed
127
```bash
mazenovi's avatar
mazenovi committed
128
ping 172.16.76.145 # ping sur kali
mazenovi's avatar
mazenovi committed
129
130
131
132
```

renvoie

mazenovi's avatar
mazenovi committed
133
```bash
mazenovi's avatar
mazenovi committed
134
135
136
137
138
connect: Network is unreachable
```

vérifier le numéro de votre interface réseau

mazenovi's avatar
mazenovi committed
139
140
141
```bash
student@proxy:~$ ifconfig -a

mazenovi's avatar
mazenovi committed
142
eth2      Link encap:Ethernet  HWaddr 08:00:27:ae:b5:20
mazenovi's avatar
mazenovi committed
143
          inet adr:172.16.76.143  Bcast:172.16.76.255  Masque:255.255.255.0
mazenovi's avatar
mazenovi committed
144
145
146
147
148
149
150
          adr inet6: fe80::a00:27ff:feae:b520/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:24 erreurs:0 :0 overruns:0 frame:0
          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          Octets reçus:4789 (4.7 KB) Octets transmis:4679 (4.6 KB)

mazenovi's avatar
mazenovi committed
151
lo        Link encap:Boucle locale
mazenovi's avatar
mazenovi committed
152
153
154
155
156
157
158
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          Packets reçus:54 erreurs:0 :0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          Octets reçus:4076 (4.0 KB) Octets transmis:4076 (4.0 KB)
mazenovi's avatar
mazenovi committed
159
160
```

mazenovi's avatar
mazenovi committed
161
par exemple ce numéro peut être eth2 (comme ci dessus) au lieu de eth0
mazenovi's avatar
mazenovi committed
162
163
164

il faut alors modifier le fichier /etc/network/interfaces en fonction

mazenovi's avatar
mazenovi committed
165
```bash
mazenovi's avatar
mazenovi committed
166
167
168
169
student@proxy:~$ sudo vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
mazenovi's avatar
mazenovi committed
170

mazenovi's avatar
mazenovi committed
171
172
173
174
175
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
mazenovi's avatar
mazenovi committed
176
177
178
auto eth2
iface eth2 inet static
        address 172.16.76.143
mazenovi's avatar
mazenovi committed
179
        netmask 255.255.255.0
mazenovi's avatar
mazenovi committed
180
        gateway 172.16.76.1
mazenovi's avatar
mazenovi committed
181
182
183
184
```

puis activer l'interface réseau

mazenovi's avatar
mazenovi committed
185
```bash
mazenovi's avatar
mazenovi committed
186
student@proxy:~$ sudo ifup eth2
mazenovi's avatar
mazenovi committed
187
188
189
190
```

réessayer

mazenovi's avatar
mazenovi committed
191
192
```bash
ping 172.16.76.145 # ping sur kali
mazenovi's avatar
mazenovi committed
193
194
```

mazenovi's avatar
mazenovi committed
195
196
197
Ce bug est dû à la numérotation fantaisiste d'Ubuntu des interfaces réseau ...


mazenovi's avatar
mazenovi committed
198
## liste des vms / noms de domaine
mazenovi's avatar
mazenovi committed
199
200

```
mazenovi's avatar
mazenovi committed
201
202
# SecLab
172.16.76.143 proxy secured heart.bleed fo.ol #proxied version of dum.my
mazenovi's avatar
mazenovi committed
203

mazenovi's avatar
mazenovi committed
204
205
206
207
208
209
210
211
212
172.16.76.144 good.one go.od targ.et
172.16.76.144 mutillid.ae
172.16.76.144 dvwa.com dv.wa
172.16.76.144 d.oc
172.16.76.144 dum.my
172.16.76.144 drup.al hackable-drupal.com drupal
172.16.76.144 wordpre.ss bl.og wp wordpress
172.16.76.144 spip sp.ip
172.16.76.145 bad.guy hack.er 1337.net
mazenovi's avatar
mazenovi committed
213

mazenovi's avatar
mazenovi committed
214
172.16.76.142 thenetwork
mazenovi's avatar
mazenovi committed
215

mazenovi's avatar
mazenovi committed
216
172.16.76.1   us.er
mazenovi's avatar
mazenovi committed
217
```
mazenovi's avatar
mazenovi committed
218
219
220

## Evaluation

Vincent Mazenod's avatar
Vincent Mazenod committed
221
* Examen écrit en fin de session
mazenovi's avatar
mazenovi committed
222

mazenovi's avatar
mazenovi committed
223
## Mini projet en binôme
mazenovi's avatar
mazenovi committed
224

Vincent Mazenod's avatar
Vincent Mazenod committed
225
226
227
* [Enoncé](https://drive.mesocentre.uca.fr/f/d9e76a8e45934a069890/?dl=1)

<!-- * [Enoncé](https://drive.mesocentre.uca.fr/f/54bdd1a80c184bbcb63e/?dl=1) -->
mazenovi's avatar
mazenovi committed
228

Vincent Mazenod's avatar
Vincent Mazenod committed
229
* Rendu le 25/03/2019 à 23h59 dernier délais
mazenovi's avatar
mazenovi committed
230

Vincent Mazenod's avatar
Vincent Mazenod committed
231
    * à [vincent.mazenod@uca.fr](mailto:vincent.mazenod@uca.fr)
mazenovi's avatar
mazenovi committed
232
233

      * ```[TP websec]``` dans le sujet du mail ... sinon je vous perds ;)
mazenovi's avatar
mazenovi committed
234

mazenovi's avatar
mazenovi committed
235
236
    * Tous les fichiers nommés en NOMETUDIANT1_NOMETUDIANT2_nomfichier.ext

mazenovi's avatar
mazenovi committed
237
238
## Evaluation du cours

Vincent Mazenod's avatar
Vincent Mazenod committed
239
Vous avez aimé ou vous avez détesté ce cours ... [donnez moi votre avis et aidez moi à l'améliorer (en tout anonymat)](https://docs.google.com/forms/d/1w65KH2cnL_DbTKrUT-2AMvQ_p0Ht-wfSJT2YLEB8l7E/prefill)
mazenovi's avatar
mazenovi committed
240
241


mazenovi's avatar
mazenovi committed
242
243
244
## See also

* [faire son propre seclab](https://blog.mazenod.fr/faire-son-propre-seclab.html)