FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett.

Slides:



Advertisements
Similar presentations
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
Advertisements

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 18: Configuring Application Restriction Policies
Internet Information Server (IIS)
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Windows Server 2008 Chapter 8 Last Update
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Module 1: Installing Internet Information Services 5.0.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Cyber Patriot Training
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Created by the Community for the Community BizTalk & Build.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 6: Designing Active Directory Security in Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
15.47 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Microsoft Internet Information Services 5.0 (IIS) By: Edik Magardomyan Fozi Abdurhman Bassem Albaiady Vince Serobyan.
Module 4: Securing the Web Server 1. Overview Securing IIS Securing Apache 2.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
The In’s and Out’s of the IIS 6.0 Migration Tool The In’s and Out’s of the IIS 6.0 Migration Tool Chris Adams Web Platform Supportability Lead Microsoft.
Internet Information Server © N. Ganesan, Ph.D. All Rights Reserved.
IIS Security Sridurga Mavram. Contents -Introduction -Security Consideration -Creating a web page -Drawbacks -Security Tools -Conclusion -References.
Securing ColdFusion and IIS David T Watts, CTO, Fig Leaf Software 28 July 2001.
Module 4 : Installation Jong S. Bok
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Windows 2000 Certificate Authority By Saunders Roesser.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Managing and Monitoring DHCP.
Module 2: Overview of IIS 7.0 Application Server.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
Module 6: Deploying and Managing Software by Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Module 8 : Configuration II Jong S. Bok
Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.
TCOM Information Assurance Management System Hacking.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
April-June 2006 Windows Hosting Seminar Series Technical Labs.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.
Internet Information Server 6.0 & new management features.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Web Server Administration Chapter 6 Configuring a Web Server.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Setting-Up and Securing a Server
Chapter 4: Security Baselines
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
IIS.
الخطوات المطلوب القيام بها قبل انشاء الموقع
Configuring Internet-related services
Operating System Security
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett

FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett

Background History of the FPSE Different names, same old holes What products include FPSE?

Risks Are the FPSE as insecure as everyone says? What are the real risks? Increased attack surface Entry point Information gathering Running on system partition Insufficient logging Storing files within the web root

Risks What are some greater risks? Confusing security model Running in-process with inetinfo.exe Relaxed NTFS permissions Cannot be secured without NTFS

The FPSE Files The same files? FPSE 2002 _vti_bin/shtml.dll _vti_bin/_vti_aut/author.dll _vti_bin/_vti_adm/admin.dll FPSE 2002 _vti_bin/owssvr.dll _vti_bin/_vti_adm/fpadmdll.dll

FPSE Directories _vti_bin – FPSE Binaries _private - _vti_cnf _vti_pvt _vti_script _vti_txt

Decoding vti_rpc Sending vti_rpc methods Interpreting output POST to FPSE binaries GET to owssvr.dll Multiple posts using CAML Interpreting output

Sample Output <html><head><title>vermeer RPC packet</title></head> <body> <p>method=list services:4.0.2.0 <p>services_list= <ul> <li>SR|msiis <li>vti_usagevisitsbyweek <li>UX|337 380 423 501 297 <li>vti_usagebymonth <li>UX|88 4195 2667 3497 90 <li>vti_welcomenames <li>VX|Default.htm Default.asp Default.aspx <li>vti_adminurl <li>SR|/_vti_bin/_vti_adm/fpadmdll.dll

Cool vti_rpc Tricks Finding unprotected web sites Listing webs Other info gathering method=list+services:4.0.2.0000&service_name=

vti_rpc Exploits New exploits to be announced

Other Exploits New exploits to be announced

Updating the FPSE Finding product updates Confusing and inconsistent Manual fixes

Manual Fixes Htimage.exe and Imagemap.exe Microsoft’s solution Another Microsoft solution The real solution?

The Security Model Browse, Author, and Administer NTFS Permissions on web root Common Mistakes

Installing & Uninstalling Why are the directories there on a clean install? Why won’t they uninstall? How do you remove them?

Moving the FPSE 1. Move the binaries 2. Update the registry 3. Update the metabase

Securing the FPSE The FPSE can be used safely if you: Secure user accounts Set proper NTFS permissions Set proper IIS permissions Configure the registry defaults Keep patched Use SSL for authoring Manage log files Set IP Restrictions

Advanced Techniques Mirror sites URLScan Rules Custom ISAPI filter FPSE neutered NTFS restrictions Remove directories Disable authoring

FPSE Intrusions Spotting attacks Log entries Other trails FPSE vs. WebDAV

Snort Rules Updated Snort rules Logging FPSE authoring with Snort

FrontPage Tools Xfp.pl – FrontPage security scanner Fpseinfo.pl – FrontPage info gathering SecureFPSE.cmd – Harden FrontPage Server Extensions fpBlock – ISAPI filter for FrontPage IP restrictions

Xfp.pl

Fpseinfo.pl Returns FPSE information - Web server platform - Anonymous user account - Site statistics - Hidden directories - More

SecureFPSE.cmd Removes htimage.exe and imagemap.exe Moves binaries Registers components in new lcoation Updates metabase Updates registry

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.