Submit Search
Upload
Nginx warhead
•
Download as PPTX, PDF
•
0 likes
•
1,714 views
Sergey Belov
Follow
ZeroNights 2013 talk about nginx
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 18
Download now
Recommended
ZeroNights - SmartTV
ZeroNights - SmartTV
Sergey Belov
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
HackIT Ukraine
Nikto
Nikto
Sorina Chirilă
44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software
44CON
Recommended
ZeroNights - SmartTV
ZeroNights - SmartTV
Sergey Belov
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
HackIT Ukraine
Nikto
Nikto
Sorina Chirilă
44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software
44CON
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Yury Chemerkin
Flash it baby!
Flash it baby!
Soroush Dalili
Random numbers
Random numbers
Positive Hack Days
Иван Новиков «Elastic search»
Иван Новиков «Elastic search»
Mail.ru Group
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
Orange Tsai
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON
I can be apple and so can you
I can be apple and so can you
Shakacon
Web (dis)assembly
Web (dis)assembly
Shakacon
Macdoored
Macdoored
Shakacon
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
44CON
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Positive Hack Days
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
Denis Kolegov
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
CODE BLUE
Assume Compromise
Assume Compromise
Zach Grace
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
PROIDEA
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
More Related Content
What's hot
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Yury Chemerkin
Flash it baby!
Flash it baby!
Soroush Dalili
Random numbers
Random numbers
Positive Hack Days
Иван Новиков «Elastic search»
Иван Новиков «Elastic search»
Mail.ru Group
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
Orange Tsai
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON
I can be apple and so can you
I can be apple and so can you
Shakacon
Web (dis)assembly
Web (dis)assembly
Shakacon
Macdoored
Macdoored
Shakacon
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
44CON
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Positive Hack Days
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
Denis Kolegov
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
CODE BLUE
Assume Compromise
Assume Compromise
Zach Grace
What's hot
(20)
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Flash it baby!
Flash it baby!
Random numbers
Random numbers
Иван Новиков «Elastic search»
Иван Новиков «Elastic search»
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
I can be apple and so can you
I can be apple and so can you
Web (dis)assembly
Web (dis)assembly
Macdoored
Macdoored
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Assume Compromise
Assume Compromise
Similar to Nginx warhead
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
PROIDEA
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023
Scott Keck-Warren
Orange@php conf
Orange@php conf
Hash Lin
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
grecsl
Legal and efficient web app testing without permission
Legal and efficient web app testing without permission
Abraham Aranguren
How To Be A Hacker
How To Be A Hacker
Paul Tarjan
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Pantheon
Taming botnets
Taming botnets
f00d
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Positive Hack Days
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
grecsl
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
guest441c58b71
Debugging webOS applications
Debugging webOS applications
fpatton
Abraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permission
Yury Chemerkin
Detecting headless browsers
Detecting headless browsers
Sergey Shekyan
Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...
Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...
eZ Systems
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
renebruns
Unity Makes Strength
Unity Makes Strength
Xavier Mertens
Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
c0c0n - International Cyber Security and Policing Conference
Similar to Nginx warhead
(20)
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023
Orange@php conf
Orange@php conf
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Legal and efficient web app testing without permission
Legal and efficient web app testing without permission
How To Be A Hacker
How To Be A Hacker
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Taming botnets
Taming botnets
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
Debugging webOS applications
Debugging webOS applications
Abraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permission
Detecting headless browsers
Detecting headless browsers
Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...
Debugging Effectively in the Cloud - Felipe Fidelix - Presentation at eZ Con...
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Unity Makes Strength
Unity Makes Strength
Columbus WordCamp 2015
Columbus WordCamp 2015
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
More from Sergey Belov
Как начать тестировать безопасность уже сегодня
Как начать тестировать безопасность уже сегодня
Sergey Belov
Attacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
(Не)безопасный frontend
(Не)безопасный frontend
Sergey Belov
современная практика статического анализа безопасности кода веб приложений
современная практика статического анализа безопасности кода веб приложений
Sergey Belov
CodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server API
Sergey Belov
CodeFest 2012 - Пентест на стероидах
CodeFest 2012 - Пентест на стероидах
Sergey Belov
More from Sergey Belov
(6)
Как начать тестировать безопасность уже сегодня
Как начать тестировать безопасность уже сегодня
Attacking thru HTTP Host header
Attacking thru HTTP Host header
(Не)безопасный frontend
(Не)безопасный frontend
современная практика статического анализа безопасности кода веб приложений
современная практика статического анализа безопасности кода веб приложений
CodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server API
CodeFest 2012 - Пентест на стероидах
CodeFest 2012 - Пентест на стероидах
Recently uploaded
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
Precisely
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Competition Advisory Services (India) LLP
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
null - The Open Security Community
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
null - The Open Security Community
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Recently uploaded
(20)
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Nginx warhead
1.
Sergey Belov
2.
• Pentester in Digital
Security / ERPScan; • Writer (habrahabr.ru, “Xakep”); • CTF Player; • Bug bounty member (Google, Yandex); • bugscollector.com creator.
3.
• Very easy • 0$ • Not mentioned
in the wild
4.
NGinx – reverse
proxy
5.
php-fpm Client Nginx Apache
6.
attacker.com Client php-fpm Nginx Apache vuln.com ??? http server
7.
Step 1 location /
{ proxy_pass http://vuln.com; proxy_set_header X-Real-IP $remote_addr; } }
8.
Step 2 proxy_set_header Host
“vuln.com"; sub_filter ‘vuln.com' ‘attacker.com'; sub_filter_once off;
9.
10.
Phishing
11.
NGinx – tool
for MitM/phishing? + Identical design + Fully functional working + Logging all data (POST/GET) + Add custom JS/HTML - Another domain (DNS poising / router hacking, malware, evil apn config e.t.c.)
12.
Pentest Random exploit’s?
Change response data (rights of social networks apps) Change apps swf -> java (exploit) ???
13.
DNS rebinding
14.
• -Another domain •
- Very unstable • + Can attack internal resources
15.
Internal, not external!
16.
C:UsersBeLove>ping www.ya.ru Обмен пакетами
с ya.ru [87.250.250.203] с 32 байтами данных
17.
Remove it from: •
Pentester’s reports • Most famous security scanners
18.
Thanks! demo: http://zn.sergeybelove.ru http://twitter.com/sergeybelove
Download now