Sembang2 Keselamatan It 2004
Download as PPT, PDF1 like762 views
The document discusses various cybersecurity threats and exploitation techniques. It introduces vulnerability scanning tools like Nessus and Nikto that can identify security weaknesses. It also discusses methods for exploiting vulnerabilities, including through SQL injection, Perl/CGI issues, and cross-site scripting (XSS) attacks. The document promotes finding and sharing hacking tricks and exploits from security conferences and communities.
![Sembang2 Keselamatan It [email_address]](https://image.slidesharecdn.com/sembang2-keselamatan-it-1217573417584430-9/85/Sembang2-Keselamatan-It-2004-1-320.jpg)
Sembang2 Keselamatan It 2004
- 1. Sembang2 Keselamatan It [email_address]
- 2. S pea K er Call me S.K. While in UTM: Modify virus source code and spread it to Tar College, crack Virus Buster™ for fun After UTM: Start up SCAN Associates Legally do pen-test for many agencies Document hacking tricks and share with friends Advertisement
- 3. Publications SQL Injection Walkthrough , published in more than a dozen security web site Win32 Buffer Overflow Walkthrough , details the process of buffer overflow Thanks from Microsoft™ for finding bug in their software Creating firewall proof shellcode in Blackhat and soon in Ruxcon conference Winner of Blackhat Hacking game ! Advertisement
- 4. Wat we wanna do today? Appetizer has: some new terminologies a bit of concepts a few easy to use tools Main course: Treat Vulnerability Exploitation A bit of SQL injection Dessert: demo on some tricks/tools TOC
- 5. Threat If there is a computer, there is a threat… If there are 2 computers, there are 2 times threats… If there are N computers, there are N x threats… The more computers you hafta manage, the more risk there is… Threat
- 6. Threat, seriously… Running background services Services running all the time Allow direct connection from anywhere Favorite targets: HTTP (port 80) FTP (port 21) NetBIOS (port 135, 445) HTTPS (port 443) SSH (port 22), etc Threat
- 7. More threats… Mistake and Configuration errors: No password User name = password Write access allowed Default Public/Private community string Poor Access Control in proxy server Testing server in public network Existing of default account Threat
- 8. Threats from within… End-user attacks: Email attachments User download trojan horse File sharing tool like Kazaa Not to mention Instant Messaging and IRC Unprotected Wi-Fi Access Point Threat
- 9. Vulnerability Software bug leads to vulnerability, vulnerability leads to system hack Thus, software bug is our friend Find the bug, you will find the way in Fortunate for us, security experts publish new vulnerability everyday Our objective is to find a system with any vulnerability Vulnerability
- 10. Finding vulnerability The easy way: nessus – general purpose vuln scanner nikto – web attack scanner The semi-automatic approach: nmap – port scanner sl – port scanner for windoze The free-styler: netcat your favorite browser Vulnerability
- 11. nessus General purpose vulnerability scanner http://www.nessus.org GNU Public License Test hundreds of vulnerabilities effortlessly Can write your own plug-in using NASL Test only, will not let you control the server Vulnerability - The easy way
- 12. nessus client-server Nessus Client (Unix) Nessus Server (Unix) Targets Nessus Client (Windows) Targets Vulnerability - The easy way
- 13. nikto Web scanner http://www.cirt.net/code/nikto.shtml Open source (GPL) Over 2600 vulnerabilities specific to Web only Support HTTPS connection to avoid IDS detection Test only, will not let you control the server Vulnerability - The easy way
- 14. Other Tools General purpose scanner Internet Security Scanner ( www.iss.net) Eeye’s Retina ( www.eeye.com) Web Server Scanner Stealth HTTP Scan ( www.hideaway.net) Whisker ( www.wiretrip.net/rfp/p/doc.asp/i2/d21.htm ) Vulnerability - The easy way
- 15. Port Scanner Tell you what type of services are running in a server Indirectly tell you the OS too nmap www.insecure.org/nmap/ Versatile port scanner for *nix sl www.foundstone.com easy to use port scanner for windoze Vulnerability - semi-automatic
- 16. Favorite targets Port 53 – try bind exploit Port 21 – try anonymous login, simple passwd or exploits for Pro-Ftp, Wu-ftp, serv-u, etc Port 22 – try simple passwd and x2 exploit Port 25 – sendmail exploit for slackware or exchange exploit Port 80 – Apache chunked bug, IIS .printer, unicode, ASP chunked, Webdav, Frontpage, etc. Port 135, 445 – try netbios sharing with simple passwd or Locator, Dcom, messenger, workstation, Lsass exploits Port 443 – SSL-too-open, THCISSLame.c Port 1433, 1434 – MS Sql Server Resolution Bug, HelloBug or SA without password Vulnerability - semi-automatic
- 17. Free styler Using netcat to connect to popular services and backdoor port: port 22 review SSH version port 1080 might allow you to connect to internal IP port 5554 might drop you a shell Use your favorite browser to surf around the target web server, look for: Hidden info in HTML code Web attack via SQL injection, PHP, Perl, etc Vulnerability
- 18. Exploitation The process of taking advantage of a vulnerability to either: Get a shell (thus, control the victim) Retrieve/modify information (source code, files, database) Denial of Service (DOS), etc To get an exploit: Find/trade from www/irc/friends Create it yourself Purchase it from Core Impact or CANVAS Exploitation
- 19. Find from Internet www.metasploit.com Bugtraq Mailing list Full Disclosure Mailing list http:// packetstormsecurity.nl / http:// www.security.nnov.ru/search/exploits.asp #vuln, #badcode, #darknet, #phrack Exploitation
- 20. Creating it yourself Read and understand the vulnerability from the advisory: www.securitytracker.com www.microsoft.com/security Might require different skill set in: Perl/PHP/SQL Reverse engineering C or ASM programming, etc Exploitation
- 21. metasploit www.metasploit.com Developed by HD Moore and a few ghettohackers (they won Defcon Ctf 3 times in a row) Integrated many exploits in one easy to use package Support command line and web interface Packed with many useful component for exploit development Its free! Exploitation
- 22. Web attack Developers are putting more functionality into Web (port 80) There are many type of attacks specific to port 80 alone: SQL injection Perl and CGI insecurities PHP insecurities Cross scripting (XSS) Web attack
- 23. SQL Injection A technique to manipulate data in a way that it will change the original SQL statement It could happened in the following manner: Program takes your input as a variable It appends your input into an SQL statement The program then pass the statement to the Database Web attack
- 24. ...SQL Injection What if your input is an SQL command? By carefully insert SQL command as your input, you can change the original SQL statement to something else and make the Database to execute your command Usual command to test for SQL injection: Type a single quote as input (‘) Type “ union select 1” to see if injection is possible Web attack
- 25. Perl & CGI File access problem User supply variable which in turn used by Perl/CGI to open a file Manipulating this variable may allow you to open any file or even remote execution Web attack
- 26. PHP Just like Perl/CGI, only more powerful (in a sense of hacking) Not only you may manipulate variable to open any file, you also can control it to open any file in the Internet Web attack
- 27. XSS Allow injection of HTML code (including Javascript/VBScript) into existing HTML page If a user open the page, your code execute Best used in Forum, to steal user cookie Web attack
- 28. Can we go now? Q & A Session Thanks