1 / 13

Chapter 8

Chapter 8. Web Hacking: Google, Web Server, Web App Vulnerabilities, and Web-Based Password Cracking Techniques. Web Server Vulnerabilities. Misconfiguration of Web Server Software Using default web site with default settings OS / App bugs; flaws in code Vulnerable Default Install.

lula
Télécharger la présentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Web Hacking: Google, Web Server, Web App Vulnerabilities, and Web-Based Password Cracking Techniques

  2. Web Server Vulnerabilities • Misconfiguration of Web Server Software • Using default web site with default settings • OS / App bugs; flaws in code • Vulnerable Default Install

  3. Attacking a Web Server • Access via Ports 80 and/or 443 • Allow HTTP Tunneling for covert protocols • Banner Grabbing • Opportunities after Banner Grabbing • Knowing the server type and version: • Deface • Gather Admin information • Using DNS to redirect users • Compromise FTP or SMTP • Change web shares • Perform SQL Injection attacks

  4. Hacking IIS • Directory Transversal / Unicode Exploit • Accessing directories other than those intended • http://www.something.com/scripts/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+C.\ • Buffer Overflow attacks • Send more data than capable of handling • Source Disclosure attacks • Collecting web app source code

  5. Web Server Hardening • Rename Admin account; strong password • Disable default FTP sites • Disable Anonymous/Blind FTP: stops directory transversal • Remove unused apps • Disable directory browsing • Apply patches, hotfixes, service packs • Perform bounds checking • Disable remote administration • Enable auditing and logging • Use strong firewall • Replace GET method with POST method

  6. Web Application Threats • Cross-Site Scripting: Replace ‘<‘ and ‘>’ with ‘&lt’ and ‘&gt’ • SQL Injection: validate user variables • Eg: SELECT email, passwd, login_id, full_name FROM members WHERE email = 'attacker@somehwere.com'; DROP TABLE members; --‘ • Command Injection: Use language specific variables

  7. Web Application Threats • Cookie Poisoning: no passwords in cookies • Buffer Overflow: validate user input • Vulnerable: C & C++ • Worm: Code Red • Authentication Hijacking: use SSL or TLS • Directory transversal: Set permissions properly

  8. Web Server Hacking Tools • Wget: command-line for downloading entire website • BlackWidow: scan / map pages of a website • MetasploitProject • Metasploit Framework: develop/execute exploit code • Opcode Database • Shellcode Archive • Security Research • http://en.wikipedia.org/wiki/Metasploit_Project

  9. Web Server Hacking Tools • The Way Back Machine • Contains 100+ TB and 10 billion Web pages from 1996 • Httprint: Web server fingerprinting tool • Nitko: Web scanner for penetration testing • WinSSLMiM: HTTPS MitM creates fake certs

  10. Google Hacking • Look for PHP file with ‘admbook’ and ‘version’ • intitle:admbookintitle:versionfiletype:php • Look for particular text: intext: • Search for specific file type: filetype: • http://www.youtube.com/watch?v=_VWXaBq--eg • http://www.informit.com/articles/article.aspx?p=170880 • http://www.marcandangel.com/2007/07/25/7-clever-google-tricks-worth-knowing/

  11. Web-Based Password-Cracking Techniques • Authentication Types • HTTP authentication • Basic: data sent in clear text • Digest: data is hashed and challenge-response is used • NTLM authentication • Used in IIS for NT4 • Kerberos • Used in IIS for 2000 and 2003 and 2008 • Certificate-Based • Uses Public/Private keys • Token-Based • Requires smart card technology • Biometric-Based

  12. Password Attacks / Cracking • Dictionary / Rainbow • Brute-Force • Hybrid • Tools • Brutus: performs Dictionary, Hybrid, Brute-force • Webcracker: uses a word list

  13. Password-cracking Countermeasures • Strong Passwords • Strong Authentication Mechanisms • Kerberos • Tokens • Biometrics

More Related