Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

Published bySheryl Bishop Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi."— Presentation transcript:

1 1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi

2 ECE 4112-Internetwork Security2 Introduction Exploits  CSS  JavaScript  JPEG Buffer exploit Web Servers  Apache  IIS (Internet Information Services) Web Browsers  Internet Explorer  Firefox

3 ECE 4112-Internetwork Security3 CSS Exploits: Overview Cross-Site Scripting Caused by the failure of server application to validate user input before returning it to the client “Cross-Site” refers to the restriction of client application. For example, the JavaScript on one website only has access to the cookie set by that site, it cannot "cross-site" and access the cookie set by another website. But if bad guys can inject code onto another website, then they get access to the documents associated with that site! (eg. cookie)

4 ECE 4112-Internetwork Security4 CSS Exploits: Our Lab In our lab, two files, vulnerable.html and vulnerable.php vulnerable.html has a form that submits data using GET. vulnerable.php gets the data and simply echoes back to the user. Clearly vulnerable because malicious code can be entered and echoed back! Since we're using GET, specially formatted URLs bypass the form completely, enabling bad guys to mass-mail out URLs with malicious code embedded in them.

5 ECE 4112-Internetwork Security5 CSS Exploits: Example

6 ECE 4112-Internetwork Security6 CSS Exploits: Example

7 ECE 4112-Internetwork Security7 CSS Exploits: Example

8 ECE 4112-Internetwork Security8 CSS Exploits: Real World Example

9 ECE 4112-Internetwork Security9 CSS Exploits: Prevention Use POST instead of GET for form data transfer On client side, filter user input (not very effective) On server side, filter out special characters such as < \ / % &, etc.

10 ECE 4112-Internetwork Security10 JavaScript Exploits Background Potential Threats Known Security Flaws How to protect In this lab…

11 ECE 4112-Internetwork Security11 JavaScript Exploits: Background JavaScript is a scripting language that resembles Java, but has no ties to it The purpose of JavaScript is to make websites more interactive The script is executed by the Web browser when the document is loaded Example of JavaScript is rollover images

12 ECE 4112-Internetwork Security12 JavaScript: Potential Threats In recent years, vulnerabilities have been detected in web browsers that use JavaScript These scripts can potentially load deadly viruses and Trojans on a user’s computer

13 ECE 4112-Internetwork Security13 JavaScript: Known Security Flaws The "Cuartango" and "Son of Cuartango" Holes (November 1998) The Netscape "Cache Browsing Bug" (October 1998) Ability to Intercept the User's E-Mail Address and Other Preferences (February 1998)

14 ECE 4112-Internetwork Security14 Java Script: Known Security Flaws More Recently  JavaScript Exception Exploit (JS.Exception.Exploit) Virus/Worm – Allows applets to run arbitrary code on unpatched machines  JavaScript IFRAME Exploits – Allows malicious code to be run inside an or tag

15 ECE 4112-Internetwork Security15 JavaScript: Protection What is the best way to protect?  Turn off ActiveX controls and JavaScript in browser What is the downside to this?  Removes ability to have interactive web experience

16 ECE 4112-Internetwork Security16 JavaScript: In this lab… Explore the syntax and basic function of a script Create a script which exploits a vulnerability in Internet Explorer 6.0 The exploit bypasses security protocols that warn users of potentially harmful viruses

17 ECE 4112-Internetwork Security17 JPEG Attack Vulnerability Vulnerability was disclosed by Microsoft in September 2004  No attacks were reported prior to this announcement Takes advantage of the flaw in how Microsoft applications processes JPEG files Malicious JPEG files are capable of triggering buffer overflow in a common Windows component (GDI+) JPEG files are typically viewed "as a benign and trusted file format... as such it is possible to cause image files to be viewed with minimal user-interaction through several applications including many email clients such as Outlook and Outlook Express,"

18 ECE 4112-Internetwork Security18 Capability of this Attack Bind a shell to a port  Allows others to access the shell of the machine Reverse connect a shell to a port  Can reverse connect to other machines Download a file from an HTTP Server  Can grab all files that HTTP server contains Add a new administrator user  Can make new root account

19 ECE 4112-Internetwork Security19 ATmaCA Downloader

20 ECE 4112-Internetwork Security20 ATmaCA Downloader Has Alias name of “TrojanDownloader.Win32.Atmader.10” The Trojan dropped by this hack tool attempts to download and execute files from a URL, which a malicious user inputs in the dialogue box This hack tool also drops the file MYPICTURE.JPG in the current folder Creates a downloader server with JPG extension

21 ECE 4112-Internetwork Security21 “Save Picture As” Vulnerability found in some Internet Explorer versions When “Save Picture As” command is executed, IE strips the extension if multiple file extensions exist This can be exploited by a malicious web site to cause a valid image with malicious, embedded script code to be saved with an arbitrary file extension For example, if you have a file name “exploit.jpg.hta”, this will be shown as “exploit.jpg” on the explorer (assuming the windows option to hide the known extension is on) If a user decides to open what seems to be a jpg file, it will open a.hta file (HTML application file) that may contain malicious scripts

22 ECE 4112-Internetwork Security22 Web Browsers Internet Explorer has a much higher user base than its competitors More users = More victims for attacks Many malicious scripts developed for IE Two solutions to problem:  Repair  Replace

23 ECE 4112-Internetwork Security23 Web Browsers: Repair Changing settings on IE  Tools  Internet Options Adding trusted programs to combat unwanted effects to be placed on a computer  IE-SPYAD (used in this lab)  Browser Hijack Blaster  Spyware Blaster Beware of friendly imposters

24 ECE 4112-Internetwork Security24 Web Browsers: Repair

25 ECE 4112-Internetwork Security25 Web Browsers: Replace In this lab, we use Mozilla Firefox  Run same exploits and show that computer is not affected Other alternatives include:  Opera  Mozilla/Netscape  Konqueror  Safari (Mac)

26 ECE 4112-Internetwork Security26 ShieldsUP!! Internet Profiling Users can find out their own IP address Free tests  File Sharing Test  Common Ports  All Service Ports  Specific Port Testing

27 ECE 4112-Internetwork Security27 ShieldsUP!! Port Scan

28 ECE 4112-Internetwork Security28 What you will do in the lab Install Apache and IIS Web Servers Run exploits on both Internet Explorer and Firefox  CSS exploit  Javascript exploits Analysis of Advanced Attacks ShieldsUP!! Website – port testing

29 ECE 4112-Internetwork Security29 Questions?

Download ppt "1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)

1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Similar presentations

Ads by Google