c0c0n 2013 - owasp skanda

SKANDAJayesh Singh Chauhan

@jayeshsch

ABOUT ME

• Author/Project Leader – OWASP Skanda

• Author of CSRF PoC Generator

• Pen Tester, Coder, B33rHead

• Snooker (Crazy Fan !!!)

Port Scan

• Nmap ???

• Firewall/IDS

• NO GAIN

• Web Apps

• Scan/Attack

• Enumerate/Attack Services

• A class of attack

• XXE, RFI, CRLF Injections

• If opens socket, can be SSRFed

Normal Attack

SSRF Attack

What makes it possible

• HTTP Client -> No Protocol Check

• Invalid packets ->Service doesn’t close

• Protocol that you can forge fit with the protocols .

Let’s dive into Skanda

• Port Scan

• Network Discovery

XSPA/SSRF

• Error based XSPA

• Blind XSPA

• Closed Port

• Port Scanning using Skanda

Intranet

Intranet Discovery

• Router -> First IP

• Checks whether any router is up

• If(IP==found):enter subnet

• Analyze every node’s response

• Network Discovery using Skanda

Q & A ?

Got ‘em ? Ask ‘em ?

Special Thanks to..

• Lavakumar Kuppan, @lavakumark

• Riyaz Walikar, @riyazwalikar

• Ajith Chandran, @r3dsm0k3

• ONsec Lab, @Onsec_lab

c0c0n 2013 - owasp skanda

ssrf attack

demo network discovery

demo port scanning

intranet discovery router

port scan nmap

skanda jayesh singh

normal attack

r3dsm0k3 onsec lab

Technology

skanda purana 01maheshvara 01kedara

review owasp 2014 - owasp perú

skanda vale hospice - our story so far

tebha skanda 2

information gathering with google (c0c0n - india)

owasp guadalajara owasp/index.php/guadalajara

varaha sahasranamam - skanda puranam

skanda purana hindi

skanda purana

skanda purana or kartika purana

skanda rudra bhashyam

skanda names

skanda guru kavasam[1]

new privacy in android 11 and owasp mobile security ·...

skanda shahsti kavacham_telugu

skanda presentation

(murugan, skanda, saravanabhava, kārttikeya, …...37!...

skanda giri-harsha

skanda elina

bhagabata odia dasama skanda