Homework & Class review

Slides:

Advertisements

Similar presentations

Smashing the Stack for Fun and Profit

Advertisements

Company LOGO WEB SYSTEM. Components of a Generic Web Application System.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

ITEC403 Graduation Project Applications’ Security – Cem Yağlı.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

Buffer Overflow. Process Memory Organization.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

SQL Injection and Buffer overflow

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

www.ursamajorconsulting.com1 Avoid Getting Hacked Joomla! Web Security Northern Virginia Joomla Users Group January 2012 Dorothy Firsching, Ursa.

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Attacking Applications: SQL Injection & Buffer Overflows.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Web Applications Testing By Jamie Rougvie Supported by.

Crash Course in Web Hacking

Network Programming and Network Security Lane Thames Graduate Research Assistant.

Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,

Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.

What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

ROP Exploit. ROP Return Oriented Programming (ROP): is a hacking exploit technique where you exploit buffer overflow to inject a chain of gadgets. Each.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Let’s look at an example

Secure Programming Dr. X

Application Vulnerabilities

Buffer Overflow Walk-Through

Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.

Web Application Security

Introduction to Information Security

WEB APPLICATION TESTING

Hacking SQL Server The best defense is a good offence by Dustin

Penetration Test Debrief

Secure Programming Dr. X

Example – SQL Injection

CSC 495/583 Topics of Software Security Stack Overflows (2)

Penetration Test Debrief

Homework & Class review

Metasploit assignment

Buffer Overflow Walk-Through

Exploiting Metasploitable

HTML Level II (CyberAdvantage)

Security of web applications.

Software Security Lesson Introduction

Chapter 13 Security Methods Part 3.

Smashing the Stack for Fun and Profit

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.

Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.

CS5123 Software Validation and Quality Assurance

Hacking web applications

Metasploit assignment – Arkadiy Kantor – Mis-5212

Lecture 27 Security I April 4, 2018 Open news web sites.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.

Understanding and Preventing Buffer Overflow Attacks in Unix

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.

FIGURE Illustration of Stack Buffer Overflow

Format String Vulnerability

Return-to-libc Attacks

Presentation transcript:

Homework & Class review Dr. X

Metasploitable Not everything is what it looks like… You opened a reverse shell with root priviledges But did you?

Metasploitable There was a bug You were root back on the kali VM not the metasploitable How could you correct this?

What you did

What you did Workaround: do not use exploit –j Use just exploit Then on the php code, use the IP address of the metasploitable

SQL Injection

Had to override password http://zerofreak.blogspot.com/2012/01/chapter2-basic-sql-injection-with-login.html

But there are other ways Use known login Close query Comment out password check admin'); #’ And then you could add an sql expression admin');UPDATE user SET pass='pass' WHERE name='admin';#'

XSS https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet http://brutelogic.com.br/blog/cheat-sheet/ Methodology: Find websites with inputs Use a scanner such as Burp Use Nikto: http://sectools.org/tool/nikto/ perl nikto.pl -host http://www.google-no-dont-do-that.com Write a program that can try different inputs (only if you have permission!)

Buffer overflow Let’s draw the stack… What was our goal? Why? High address Buffer overflow Stack Grows Str pointer Return Address Let’s draw the stack… What was our goal? Why? Previous Frame Pointer Frame Pointer (Overflow) Buffer Low address

Buffer overflow Find buffer address: b bof 0xbffff138 High address Buffer overflow Stack Grows Str pointer Return Address 0x28 bytes Find buffer address: b bof 0xbffff138 Find ebp address: x ebp 0xbfff158 Previous Frame Pointer 0x24 bytes (Overflow) 0x20 bytes Buffer Low address

Buffer overflow Find buffer address: b bof 0xbffff138 High address Buffer overflow Malicious code Find buffer address: b bof 0xbffff138 Find ebp address: x ebp 0xbfff158 Return address should be… 0xbffff138 + 0x28 = 0xbffff160 Add some extra bytes to return address to make sure that you will land at the no-op slide (ex. Set ret address to 0xbffff260) NOP slide Str pointer Return Address Previous Frame Pointer buffer[0]…buffer[] Low address

A brief review of assignments & class Reconnaissance and automation Scanning – maybe not Edurange? Denial of Service and Snort Metasploit SQL Injection & XSS – use OWASP vulnerable VM? Buffer overflow

A brief review of assignments & class Add Hack VMs: Create a vulnerable VM Exchange VMs Hack each others VMs Add Develop Malware/Worm program – will need to use DeterLab or local VMs Practice scan in an automated program Deletes or modifies files Add Defend VMs Real time exercise? Setup a firewall, IDS, Security Onion Or create a robust VM, let others try to hack it…

A brief review of assignments & class Have two tests Have another textbook Start with crypto? Your thoughts?