WebGoat实战: General
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
环境搭建
尹老师力推Fedora,本实验使用的是Parallels Desktop中安装的Fedora32虚拟机。
安装 docker
1 | |
更换 docker 源
我使用的是阿里云的docker源,需要阿里云用户的身份:
1 | |
测试 hello-world
1 | |
可能需要的设置
距离搭建环境已经过去了六周时间,翻看.zsh_history注意到当初输入了这些命令,记录下来以备不时之需。参考
1 | |
WebGoat 相关命令
第一次运行:
1 | |
停止容器:
1 | |
为了方便使用:
1 | |
Introduction
WebGoat
WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.
Now, while we in no way condone causing intentional harm to any animal, goat or otherwise, we think learning everything you can about security vulnerabilities is essential to understanding just what happens when even a small bit of unintended code gets into your applications.
What better way to do that than with your very own scapegoat?
Feel free to do what you will with him. Hack, poke, prod and if it makes you feel better, scare him until your heart’s content. Go ahead, and hack the goat. We promise he likes it.
Thanks for your interest!
WebWolf
Some challenges requires to have a local web server running. WebWolf is for you the attacker it helps you while solving some of the assignments and challenges within WebGoat. An assignment might for example require you to serve a file or connect back to your own environment or to receive an e-mail. In order to not let you run WebGoat open and connected to the internet we provided these tools in this application, called WebWolf.
介绍WebWolf及其相关功能,有两个小任务用于熟悉。
General
HTTP Basics
All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section and the entity body.
The client initiates a transaction as follows:
- The client contacts the server and sends a document request. A GET request can have url parameters and those parameters will be available in the web access logs.
- GET /index.html?param=value HTTP/1.0
- Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.
- User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, /
- In a POST request, the user supplied data will follow the optional headers and is not part of the contained within the POST URL.
发送“abc",返回“cba“,大概是倒序输出字符串的功能。
通过Firefox浏览器自带的开发者工具可以看到,点击按钮”Go!“发出的是POST请求。
HTTP Proxies
A proxy is some forwarder application that connects your http client to backend resources. HTTP clients can be browsers, or applications like curl, SOAP UI, Postman, etc. Usually these proxies are used for routing and getting access to internet when there is no direct connection to internet from the client itself. HTTP proxies are therefore also ideal when you are testing your application. You can always use the proxy log records to see what was actually sent from client to server. So you can check the request and response headers and the XML, JSON or other payload.
HTTP Proxies receive requests from a client and relay them. They also typically record them. They act as a man-in-the-middle. It even works fine with or without HTTPS as long as your client or browser trusts the certificate of the HTTP Proxy.
按步骤配置完Zap之后有个小任务——拦截并修改请求:
修改前:
修改后:
Developer Tools
CIA Triad
The CIA Triad (confidentiality, integrity, availability) is a model for information security. The three elements of the triad are considered the most crucial information security components and should be guaranteed in any secure system.
If only one of those three elements can be breached it can have serious consequences for the parties concerned.
The CIA Triad was created to provide a baseline standard for evaluating and implementing security regardless of the underlying system or/and organization.
Confidentiality 机密性
Confidentiality is “the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes.” In other words, confidentiality means to prevent sensitive information from reaching the wrong people, that should not get access to it, while at the same time making sure, that people that are allowed to access it, can get it.
While being similar to “privacy”, these two words are not interchangeable. Rather, confidentiality is a component of privacy that implements to protect our data from unauthorized viewers.
Integrity 完整性
Integrity is “the property of accuracy and completeness.” In other words, integrity means to maintain the consistency, accuracy and trustworthiness of data over its entire life cycle. Data must not be changed during transit and it must be ensured, that data can not be altered by unauthorized people (per example in a breach of confidentiality).
Availability 可用性
Availability is “the property of being accessible and usable on demand by an authorized entity.” In other words all the information should be available and accessible for authorized persons whenever it is needed.
Crypto Basics
Encoding 编码
Encoding is not realy cryptography, but it is used a lot in all kinds of standards around cryptographic functions.
Base64 Encoding
Base64 encoding is a technique used to transform all kinds of bytes to a specific range of bytes. This specific range is the ASCII readable bytes. This way you can transfer binary data such as secret or private keys more easily. You could even print these out or write them down. Encoding is also reversible. So if you have the encoded version, you can create the original version.
On wikipedia you can find more details. Basically it goes through all the bytes and transforms each set of 6 bits into a readable byte (8 bits). The result is that the size of the encoded bytes is increased with about 33%.
1 | |
Basic Authentication
Basic authentication is sometimes used by web applications. This uses base64 encoding. Therefore, it is important to at least use Transport Layer Security (TLS or more commonly known as https) to protect others from reading the username password that is sent to the server.
1 | |
The HTTP header will look like:
1 | |
1 | |
HTML encoding
HTML encoding is used a lot when sending form data and request parameters to the server. Since spaces are not allowed in a URL, this is then replaced by %20.
UUEncode
The Unix-2-Unix encoding has been used to send email attachments.
XOR encoding
Sometimes encoding is used as a first and simple obfuscation technique for storing passwords. IBM WebSphere Application Server e.g. uses a specific implementation of XOR encoding to store passwords in configuration files. IBM recommends to protect access to these files and to replace the default XOR encoding by your own custom encryption. However when these recommendations are not followed, these defaults can become a vulnerability.
Hashing 哈希散列
Plain Hashing
Hashing is a type of cryptography which is mostly used to detect if the original data has been changed. A hash is generated from the original data. It is based on irreversible cryptographic techniques. If the original data is changed by even one byte, the resulting hash is also different.
So in a way it looks like a secure technique. However, it is NOT and even NEVER a good solution when using it for passwords. The problem here is that you can generate passwords from dictionaries and calculate all kinds of variants from these passwords. For each password you can calculate a hash. This can all be stored in large databases. So whenever you find a hash that could be a password, you just look up the hash in the database and find out the password.
Some hashing algorithms should no longer be used: MD5, SHA-1 For these hashes it is possible to change the payload in such a way that it still results in the same hash. This takes a lot of computing power, but is still a feasible option.
Salted Hashes
Plain passwords should obviously not be stored in a database. And the same goes for plain hashes. The OWASP Password Storage Cheat Sheet explains what should be used when password related information needs to be stored securely.
Encryption 加密
HTTPS uses both symmetric and asymmetric keys
Here is a short description of what happens if you open your browser and go to an https site.
- Your browser connects to the server and gets the webserver certificate.
- Your browser checks if it trusts the certificate issuer by checking if the issuer certificate is in its trust store. This trust store is managed by operating system and browser updates. And on some corporate networks it is managed by the company. From the certificate the browser obtains the public key.
- The browser now generates random bytes to be used to generate a symmetric key and encrypts this with the public key of the server. So only the server can decrypt it.
- At the end of this process both the browser and the webserver will use the exchanged symmetric key (in the asymmetric key exchange process) to encrypt and decrypt messages that are sent back and forth between the browser and the webserver.
Symmetric keys are used because they can be used more safely for large amounts of data.
Signing 签名
A signature is a hash that can be used to check the validity of some data. The signature can be supplied separately from the data that it validates, or in the case of CMS or SOAP can be included in the same file. (Where parts of that file contain the data and parts contain the signature).
Signing is used when integrity is important. It is meant to be a guarantee that data sent from A to B was not altered. So A signs the data by calculating the hash of the data and encrypting that hash using an asymmetric private key. B can then verify the data by calculating the hash of the data and decrypting the signature to compare if both hashes are the same.
RAW signatures
A raw signature is usually calculated as follows:
- create a hash of the data (e.g. SHA-256 hash)
- encrypt the hash using an asymmetric private key (e.g. RSA 2048 bit key)
- (optionally) encode the binary encrypted hash using base64 encoding
B will have to get the certificate with the public key as well. This might have been exchanged before. So at least 3 files are involved: the data, the signature and the certificate.
CMS signatures
A CMS signature is a standardized way to send data + signature + certificate with the public key all in one file from A to B. As long as the certificate is valid and not revoked, B can use the supplied public key to verify the signature.
SOAP signatures
A SOAP signature also contains data and the signature and optionally the certificate. All in one XML payload. There are special steps involved in calculating the hash of the data. This has to do with the fact that the SOAP XML sent from system to system might introduce extra elements or timestamps. Also, SOAP Signing offers the possibility to sign different parts of the message by different parties.
Email signatures
Sending emails is not very difficult. You have to fill in some data and send it to a server that forwards it, and eventually it will end up at its destination. However, it is possible to send emails with a FROM field that is not your own email address. In order to guarantee to your receiver that you really sent this email, you can sign your email. A trusted third party will check your identity and issue an email signing certificate. You install the private key in your email application and configure it to sign emails that you send out. The certificate is issued on a specific email address and all others that receive this email will see an indication that the sender is verified, because their tools will verify the signature using the public certificate that was issued by the trusted third party.
PDF or Word or other signatures
Adobe PDF documents and Microsoft Word documents are also examples of things that support signing. The signature is also inside the same document as the data so there is some description on what is part of the data and what is part of the metadata. Governments usually send official documents with a PDF that contains a certificate.
1 | |
Keystores
A keystore is a place where you store keys. Besides keystore the term truststore is also used frequently. A truststore is the same thing as a keystore. Only it usually contains only the certificates (so basically only public keys and issuer information) of trusted certificates or certificate authorities.
File based keystores
A file based keystore is something that in the end has the keys on a file system. Storing public certificates in a file based keystore is very common.
Database keystores
Keys and especially public certificates can of course also be stored in a database.
Hardware keystore
A hardware keystore is a system that has some sort of hardware which contain the actual keys. This is typically done in high end security environments where the private key is really private. In comparison with file based or database keystores, it is impossible to make a copy of the keystore to send it to some unknown and untrusted environment.
Some certificate authorities that are used to provide you with a server certificate for your website, also create the private keys for you (as-a-service). However, it is by definition no longer considered a private key. For all keystore types, you should keep the private key private and use a certificate signing request to order your signing or server certificates.
Managed keystores in operating system, browser and other applications
When you visit a website and your browser says that the certificates are fine, it means that the certificate used for the website is issued by a trusted certificate authority. But this list of trusted certificate authorites is managed. Some CA’s might be revoked or removed. These updates happen in the background when browser updates are installed. Not only the browser maitains a list of trusted certificate authorities, the operation system does so as well. And the Java runtime also has its own list which is kept in the cacerts file. Updates of the OS and Java JRE keep this list up to date. In coporate environments, these are usually maintained by the company and also contain company root certificates.
Extra check for website certificates using DNS CAA records
Some companies inspect all or most internet traffic. Even the ones were you think you have an end-2-end secured connection. This works as follows. An employee opens a browser and googles some information. The browser will use https and go to the site of google. The link looks real and the lock is shown in the browser. However, if you would inspect the certificate, you might notice that it has been issued by one of your companies root CA’s! So you have established an end-2-end secure connection with a server of your company, and that server has the secure connection with google. In order to prevent such man in the middle connections to your server, modern browsers now will also check the DNS CAA records to see whether or not a certain issuer is allowed for a certain website. More information: Wiki DNS CAA
Free certificates from Let’s encrypt
Let’s encrypt is a free, automated and open Certificate Authority. It allows you to create valid certificates for the websites that you control. By following and implementing a certain protocol, your identity is checked and a certificate will be issued. The certificates are free of charge and this is done to stimulate the use of authorised certificates and to lower the use of self-signed certificates on the internet. Certificates are valid for 90 days, so they need to be automatically renewed. (Which makes sure that the proof of identity/ownership also takes place frequently)
Security defaults 安全默认配置
A big problem in all kinds of systems is the use of default configurations. E.g. default username/passwords in routers, default passwords for keystores, default unencrypted mode, etc.
Java cacerts
Did you ever changeit? Putting a password on the cacerts file has some implications. It is important when the trusted certificate authorities need to be protected and an unknown self signed certificate authority cannot be added too easily.
Protecting your id_rsa private key
Are you using an ssh key for GitHub and or other sites and are you leaving it unencrypted on your disk? Or even on your cloud drive? By default, the generation of an ssh key pair leaves the private key unencrypted. Which makes it easy to use and if stored in a place where only you can go, it offers sufficient protection. However, it is better to encrypt the key. When you want to use the key, you would have to provide the password again.
SSH username/password to your server
When you are getting a virtual server from some hosting provider, there are usually a lot of not so secure defaults. One of which is that ssh to the server runs on the default port 22 and allows username/password attempts. One of the first things you should do, is to change the configuration that you cannot ssh as user root, and you cannot ssh using username/password, but only with a valid and strong ssh key. If not, then you will notice continuous brute force attempts to login to your server.
1 | |
求助万能的网络,找到的解法是在容器外修改/etc/shadow内root用户对应的密码。
图书馆四楼大厅真的热,稍有烦躁,自行尝试了偏方:无密码登陆,居然成了。
1 | |
Post quantum crypto
Quantum computers are here and getting more power in available qubits each year. Quantum computers are and will be capable of decrypting information that was encrypted with algorithms that were thought to be safe. For some years now, a lot of encrypted communicatation using quantum vulnerable cryptoraphy is being recorded. This information will be decrypted when the quantum computers are powerful enough. Even tough the information may be old, it still could contain valuable information that can be misused. Besides the fact that some private information will be known to parties it was not intended for.
Mathematics has answers for the post quantum era. New cryptography is already available and should be used NOW in order to minimize threads. You can read more on this on Wikipedia Post quatum on Wikipedia