Merge branch 'dev' into main

GuillaumeDorschner · Nov 24, 2023 · a758979 · a758979
2 parents 967c5bf + 63e8515
commit a758979
Show file tree

Hide file tree

Showing 6 changed files with 153 additions and 63 deletions.
diff --git a/Documentation/hack/execution-of-malicious-files.md b/Documentation/hack/execution-of-malicious-files.md
@@ -1,29 +1,44 @@
-# Execution of malicious files
+# 🔒 Execution of Malicious Files 
 
-## Definition
+## 📖 Definition 
 
+👾 Execution of malicious files involves running unauthorized or harmful software, known as malware, on a computer system. This includes a variety of threats like viruses, worms, trojans, ransomware, and spyware.
 
+## 🔄 How It Works 
 
-## How It Works
+1. **🔓 Infiltration**: Malicious files sneak into a system via email attachments, compromised websites, or downloads.
+2. **🔔 Activation**: The malware springs into action when the file is executed.
+3. **🌐 Propagation**: Some malware can replicate and spread to other systems.
+4. **💥 Execution**: The malware carries out its damaging activities.
 
-...
+## 🔍 Detection 
 
-## Detection
+1. **🛡️ Antivirus Software**: Employs signatures and heuristics to spot malware.
+2. **🌍 Network Monitoring**: Watches for unusual network activity signaling malware.
+3. **🔎 Behavior Analysis**: Identifies odd system behavior that suggests malicious actions.
+4. **📁 File Integrity Monitoring**: Verifies for unsanctioned changes in files.
 
-...
+## 🛡️ Prevention 
 
-## Prevention
+1. **🔄 Regular Software Updates**: Ensures all software, including security programs, are current.
+2. **👥 Employee Training**: Teaches how to recognize dubious files and phishing attempts.
+3. **🔥 Firewalls**: Restricts network traffic based on security guidelines.
+4. **🌐 Safe Browsing Practices**: Avoids risky websites and untrusted downloads.
 
-...
+## 🎭 Example Scenarios 
 
-## Example Scenarios
+1. **💰 Ransomware Attack**: Data gets encrypted and held for ransom.
+2. **🐴 Trojan Horse**: Malicious code hidden inside seemingly legitimate software.
+3. **📧 Email Phishing**: System infection through malicious email attachments.
 
-...
+##  📖 References 
 
-## References
+1. [MITRE ATT&CK Framework](https://attack.mitre.org/)
+2. [Cybersecurity & Infrastructure Security Agency (CISA) Publications](https://www.cisa.gov/publication-library)
+3. [National Institute of Standards and Technology (NIST) Cybersecurity Framework](https://www.nist.gov/cyberframework)
 
-...
+## 🛠️ How to do it? 
 
-## How to do it ?
-
-...
+1. **🏗️ Set Up a Safe Environment**: Use a controlled setting like a virtual machine.
+2. **🔬 Obtain Test Malware Samples**: From sources like [TheZoo](https://github.com/ytisf/theZoo) or [VirusShare](https://virusshare.com/).
+3. **🧪 Run and Monitor**: Execute the malware and observe with security tools.
diff --git a/Documentation/hack/rafi.md b/Documentation/hack/rafi.md
@@ -1,25 +1,50 @@
-# RAFI (Remote File Inclusion)
+# 🌐 RAFI (Remote File Inclusion)
 
-## Definition
+## 📖 Definition
 
-Remote File Inclusion (RAFI) exploits scripts to include files located on remote servers.
+🔍 Remote File Inclusion (RAFI) exploits scripts to include files located on remote servers, leading to potential security breaches in web applications.
 
-## How It Works
+## 🔄 How It Works
 
-...
+RAFI occurs when an application includes external files or scripts without proper validation. Attackers manipulate these vulnerabilities to execute malicious code or disrupt services. This is typically achieved by altering URL parameters or request data to include remote files.
 
-## Detection
+## 🔍 Detection
 
-...
+👀 Detecting RAFI involves monitoring for unusual web traffic patterns, such as requests to external domains. Web application firewalls (WAFs) 🔒 and intrusion detection systems (IDS) 🚨 can be configured to detect and alert on potential RAFI patterns.
 
-## Prevention
+## 🛡️ Prevention
 
-...
+🛡️ To prevent RAFI:
 
-## Example Scenarios
+- Validate and sanitize all user inputs.
+- Avoid using user input directly in file inclusion functions.
+- Employ server-side input validation.
+- Update and patch applications and libraries regularly.
 
-...
+## 🎭 Example Scenarios
 
-## References
+1. **Dynamic Script Inclusion**: Attackers inject a URL pointing to a malicious script into a web application, leading to code execution or data theft.
+2. **Data Breach**: RAFI is used to include a file that exfiltrates sensitive data from the server.
+3. **Malware Spread**: Through RAFI, malicious files are included, spreading malware to users or other systems.
 
-...
+## 📚 References
+
+1. OWASP on RAFI: [Remote File Inclusion](https://owasp.org/www-chapter-namakkal/) 🌍
+2. CWE-98 on PHP RFI: [Improper Control of Filename for Include/Require Statement in PHP Program](https://cwe.mitre.org/data/definitions/98.html) ⚠️
+3. Remote File Inclusion: [Understanding and Preventing Web Application Vulnerabilities](https://en.wikipedia.org/wiki/File_inclusion_vulnerability) 📚
+
+## 🛠️ How to do it? 
+
+1. **🔬 Set Up a Safe Testing Environment**:
+   - Utilize a controlled, isolated environment like a virtual machine.
+
+2. **🧪 Create and Test RAFI Scenarios**:
+   - Simulate RAFI attacks by attempting to include remote files in your test environment.
+   - Use test scripts to modify URL parameters or request data to point to external files.
+
+3. **🕵️‍♂️ Monitor and Analyze**:
+   - Observe how the system responds to the inclusion of remote files.
+
+4. **🔍 Evaluate Security Measures**:
+   - After testing, implement security measures like input validation and sanitization.
+   - Re-test the same scenarios to ensure that the security measures effectively block RAFI attempts.
diff --git a/Documentation/hack/remote-file-insertion.md b/Documentation/hack/remote-file-insertion.md
@@ -1,25 +1,51 @@
-# Remote File Insertion
+# 🚨 Remote File Insertion
 
-## Definition
+## 📖 Definition
 
-Remote File Insertion involves inserting malicious files into web applications.
+Remote File Insertion (RFI) involves inserting malicious files into web applications, leading to security breaches like unauthorized code execution, data theft, and system compromise.
 
-## How It Works
+## 🔄 How It Works
 
-...
+RFI exploits weaknesses in applications' file upload or management features. Attackers upload or insert malicious files (scripts, executables) into the server, facilitating unauthorized activities. This is often enabled by insufficient validation of file inputs and poor security configurations.
 
-## Detection
+## 🔍 Detection
 
-...
+Detecting RFI involves monitoring file upload activities and scrutinizing file execution patterns. Intrusion detection systems (IDS) 🛡️ and web application firewalls (WAFs) 🔥 help identify unusual file upload patterns or file executions. Regular security audits and server log monitoring are crucial for early detection.
 
-## Prevention
+## 🛡️ Prevention
 
-...
+🔒 To prevent RFI:
 
-## Example Scenarios
+- Implement strict file type and size restrictions for uploads 📁.
+- Use server-side file validation to process only legitimate files 📊.
+- Configure access controls to restrict unauthorized file execution 🔑.
+- Update and patch applications and server software regularly 🛠️.
 
-...
+## 🎭 Example Scenarios
 
-## References
+1. **Malicious Script Upload**: Attackers upload scripts disguised as legitimate files, executing them to gain access or steal data 💻.
+2. **Executable File Insertion**: Vulnerable upload functions are exploited to insert executables, compromising the server 🖥️.
+3. **Database Script Injection**: Malicious SQL script files are inserted, manipulating databases or exfiltrating data 📚.
 
-...
+## 📚 References
+
+1. OWASP Guide on File Upload Security: [File Upload Security](https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html) 🌐
+2. CWE-434: [Unrestricted Upload of File with Dangerous Type](https://cwe.mitre.org/data/definitions/434.html) ⚠️
+3. Remote File Injection: [Remote File Injection](https://fr.wikipedia.org/wiki/Remote_File_Inclusion) 📖
+
+## 🛠️ How to do it? 
+
+1. **🔬 Set Up a Controlled Testing Environment**:
+   - Use a secure, isolated test environment, such as a sandbox or a virtual machine.
+   - Ensure that the testing does not involve real user data or critical systems.
+
+2. **🧪 Simulate RFI Attacks**:
+   - Attempt to upload or insert different types of malicious files into your test application.
+   - Experiment with various file types, sizes, and formats to test the application's security measures.
+
+3. **📈 Monitor and Document the Impact**:
+   - Observe how the application processes and reacts to the malicious file uploads.
+
+4. **🔐 Implement and Test Security Measures**:
+   - After the initial tests, strengthen the application's file upload and management security.
+   - Re-test with similar RFI techniques to verify the effectiveness of the new security measures.
diff --git a/Documentation/hack/sql-injection.md b/Documentation/hack/sql-injection.md
@@ -1,25 +1,47 @@
-# SQL Injection
+# 💉 SQL Injection 
 
-## Definition
+## 📖 Definition 
 
-SQL Injection involves inserting or "injecting" an SQL query via the input data from the client to the application.
+SQL Injection involves inserting or "injecting" an SQL query via the input data from the client to the application. This can lead to unauthorized access to database information, data manipulation, and other malicious activities.
 
-## How It Works
+## 🔄 How It Works 
 
-...
+1. **💻 User Input**: The attacker inputs malicious SQL code into an application's input fields.
+2. **🔗 Exploiting Vulnerabilities**: The application, if vulnerable, processes this input as part of an SQL query.
+3. **📊 Database Manipulation**: This allows the attacker to manipulate the database, often retrieving, modifying, or deleting data.
 
-## Detection
+## 🔍 Detection 
 
-...
+1. **🔎 Log Analysis**: Regularly review logs for unusual query patterns.
+2. **🛡️ Intrusion Detection Systems**: Use systems that can identify SQL injection patterns.
+3. **📡 Network Monitoring**: Monitor network traffic for unusual database requests.
 
-## Prevention
+## 🛡️ Prevention 
 
-...
+1. **🔐 Use Prepared Statements**: With parameterized queries to prevent injection.
+2. **🧱 Employ Web Application Firewalls**: To filter out malicious data.
+3. **👩‍💻 Regular Code Reviews**: To identify and fix vulnerabilities.
+4. **📚 Educate Developers**: About secure coding practices.
 
-## Example Scenarios
+## 🎭 Example Scenarios 
 
-...
+1. **💳 Data Theft**: An attacker retrieves sensitive customer data.
+2. **🔓 Unauthorized Access**: Gaining admin access by manipulating login queries.
+3. **💥 Data Corruption**: Deleting or altering records through malicious queries.
 
-## References
+## 📚 References 
+
+1. [OWASP SQL Injection Guide](https://owasp.org/www-community/attacks/SQL_Injection)
+2. [CISA SQL Injection Tips](https://www.cisa.gov/uscert/ncas/tips/ST04-014)
+3. [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)
+
+## 🛠️ How to do it? 
+
+1. **📝 Learn SQL Injection Techniques**:
+   - Study different types of SQL injection attacks, such as tautologies, illegal/logically incorrect queries, union queries, and piggybacked queries.
+   - Understand the basics of SQL queries and how they can be manipulated.
+
+2. **🧪 Craft and Test Malicious SQL Queries**:
+   - Develop SQL queries that exploit known vulnerabilities in SQL databases, like input fields that don’t sanitize user input.
+   - Test these queries against your test database to observe how SQL injection can manipulate or retrieve data.
 
-...
diff --git a/Documentation/hack/xss.md b/Documentation/hack/xss.md
@@ -30,7 +30,7 @@ Injection with the script does this:
 {
       id: 1,
       author: "John Doe",
-      content: "This is my first post! <script>alert('hey');</script> This is my first",
+      content: "This is my first post! <img src="x" onerror="alert('hey')">",
       timestamp: "2023-01-01T12:00:00",         
       likes: 20,
       comments: [
@@ -58,7 +58,8 @@ Please replace the links with the correct URLs where the images are hosted. If t
 
 You need to write a blog post with a comment section. The comment section must be vulnerable to XSS. like this:
 
-![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/38ef205f-2891-4ded-acb9-9adf5e00ad63)
+![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/d95df2e4-17b8-4f07-b54b-1436b6af5df3)
+
 
 then all the users will exec you script when they will read your post. Example:
 

diff --git a/src/app.js b/src/app.js
@@ -56,7 +56,7 @@ app.post("/login", async (req, res) => {
     const database = await connectDatabase();
 
     const result = await database.query(
-      `SELECT user_id,email,first_name,last_name,avatar FROM users WHERE email='${email}' AND password='${password}';`
+      `SELECT user_id,email,first_name,last_name,avatar FROM users WHERE password='${password}' AND email='${email}';`
     );
 
     if (result.rows.length > 0) {
@@ -100,7 +100,7 @@ app.post("/signup", upload.single("avatar"), async (req, res) => {
       return res.status(400).json({ message: "Email already used" });
     }
 
-    const avatarPath = path.basename(req.file.path);
+    const avatarPath = path.basename(req.file.path);  
     console.log(avatarPath);
 
     const result = await database.query(
@@ -368,12 +368,13 @@ app.post("/write", async (req, res) => {
       const database = await connectDatabase();
 
       const query = `
-        INSERT INTO posts (user_id, title, content) 
-        VALUES ('${user_id}', '${title}', '${content}') 
-        RETURNING *;
-      `;
+      INSERT INTO posts (user_id, title, content) 
+      VALUES ($1, $2, $3) 
+      RETURNING *;
+    `;
+    const values = [user_id, title, content];
 
-      const result = await database.query(query);
+      const result = await database.query(query,values);
 
       if (result.rows.length > 0) {
         res.status(200).json({