Presentation is loading. Please wait.

Presentation is loading. Please wait.

Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.

Published byMaximillian Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009."— Presentation transcript:

1 Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009

2 2 Main Objectives Insecurities Impact Attack Techniques

3 3 A little about me...

4 4 What this talk will cover Intro DHCP Script Injection Attack SSID Script Injection Attack Scanning for Webmin Servers Attack Recommendations, Summary & QA

5 5 Introduction

6 6 Administrative Web Interfaces Administer Systems and Networks Help Administrators Most Network Systems have One

7 7 Why should they be secured? Vulnerable as any other Web Application Highly Privileged Access Different Services, Systems and Protocols Used in “Trusted Environment”

8 8 Today’s Web Application Attacks User Input Validation Security Best Practice Out of Band Channels

9 9 DHCP Script Injection Attack

10 10 DHCP “HandShake”

11 11 DHCP Request Packet

12 12 DHCP Script Injection Attack Active DHCP Leases List Attacker located in same LAN To Be Vulnerable

13 13 DHCP Script Injection Attack

14 14 DHCP Script Injection Attack

15 15 DHCP Script Injection Attack

16 16 DHCP Script Injection Attack

17 17 DHCP Script Injection Attack - DEMO pfSense Tool Remote Command Execution

18 18 SSID Script Injection Attack

19 19 SSID Script Injection Attack 802.11 Protocol Management Beacon Frames Malicious Code in SSID

20 20 SSID Script Injection Attack “Scan for Neighbours AP” Functionality Attacker located in Wireless Range Max. SSID length = 32 Characters SSID1/** **/SSID2 = 64 Characters Access to Internet Attacker Server

21 21 SSID Script Injection

22 22 SSID Script Injection

23 23 SSID Script Injection

24 24 SSID Script Injection

25 25 SSID Attack - DEMO Linksys – DD-WRT firmware Tool Disable Wireless Encryption

26 26 Scanning for Webmin Servers Attack

27 27 Webmin

28 28 Scanning for Webmin Servers

29 29 Scanning for Webmin Servers Attack Attacker located in same Network Redirect user to fake Webmin Server Obtain Administrator Credentials CSRF

30 30 Scanning for Webmin Servers Attack

31 31 Scanning for Webmin Servers Attack

32 32 Scanning for Webmin Servers Attack

33 33 Demo

34 34 Webmin Web Based Attack Propagation

35 35 Webmin Web Based Attack Propagation

36 36 Webmin Web Based Attack Propagation

37 37 Webmin Web Based Attack Propagation

38 38 Webmin Web Based Attack Propagation

39 39 Webmin Web Based Attack Propagation

40 40 Webmin Web Based Attack Propagation

41 41 Webmin Web Based Attack Propagation

42 42 Webmin Web Based Attack Propagation

43 43 Webmin Web Based Attack Propagation

44 44 Webmin Web Based Attack Propagation

45 45 Webmin Web Based Attack Propagation

46 46 Webmin Web Based Attack Propagation

47 47 Webmin Web Based Attack Propagation

48 48 Webmin Web Based Attack Propagation

49 49 Webmin Web Based Attack Propagation

50 50 Webmin Web Based Attack Propagation

51 51 Recommendations

52 52 Recommendations

53 53 Recommendations Assess Deployment Do not Trust your Internal Network Penetration Testing Strict Security Policy Risk Management

54 54 Summary Vulnerable as any other Web Application Additional Attack Vectors “Scanning”, “Detecting “,“Finding” Functionality Risks Increased Used in “Trusted Environment”

55 55 References & Further Reading Project Web Site: http://labs.mwrinfosecurity.com/ Contact Me rafael.dominguez-vega( )mwrinfosecurity!com

56 56

Download ppt "Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009."

Similar presentations

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Similar presentations

Ads by Google