Download presentation
Presentation is loading. Please wait.
1
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 ) g92430023@comm.ccu.edu.tw Tel: 05-272-0411 Ext. 23535
2
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/032 Outline Description Purpose Principle and Pre-Study Required Facilities Step by step Summary Reference
3
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/033 Description The exercise will guide you through the process of discovering a vulnerable system, exploiting the vulnerability, and installing software to cover your tracks
4
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/034 Purpose Located a vulnerable system Exploit that vulnerability to gain a root shell Installed a rootkit Access the system via the rootkit
5
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/035 Principle and Pre-Study CERT Advisory CA-1999-13 Multiple Vulnerabilities in WU-FTPD 1.MAPPING_CHDIR Buffer Overflow 2.Message File Buffer Overflow 3.SITE NEWER Consumes Memory http://www.cert.org/advisories/CA-1999-13.html
6
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/036 Required Facilities Hardware PC or Workstation with UNIX-like system Software Wu-ftp 6.2.0 RootKits and Buffer Overflow Program WARNING: This process of cracking a system is only tested in internal network. Do not actual exploit on unprivileve host
7
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/037 Step (I): reconnaissance and scanning Use “nmap” for system scanning Test the account of anonymous
8
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/038 Step (II): exploit the target Decompress the buffer overflow file and compile it List the usage of this tool
9
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/039 Step (III): cracking Execute the buffer overflow on target host Got the root right
10
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/0310 Step (IV) Download the rootkit from outside and install it checking the login user Download the tool from another victim Execute the rootkit Decompress the rootkit
11
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/0311 Step (V): auto-patch the victim the default login password change the system command open the telnet port close the system filewall Report the system information
12
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/0312 Step (IV) try the rootkit if it works Now you can do anything We have got a root shell now The Telnet daemon has been replaced Input the ID and the Password Which predefine by us
13
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/0313 Summary Checking the OS and applications’ vulnerability periodically. None unsafe applications, but careless people
14
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/0314 Reference CERT http://www.cert.org/ http://www.cert.org Nmap http://incsecure.org/ http://incsecure.org/ Buffer Overflow and RootKits download site http://www.flatline.org.uk/~pete/ids/ http://www.flatline.org.uk/~pete/ids/
Similar presentations
