Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.

Slides:



Advertisements
Similar presentations
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Advertisements

Lesson 3-Hacker Techniques
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Computer Security and Penetration Testing
Browser Exploitation Framework (BeEF) Lab
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Website Hardening HUIT IT Security | Sep
OWASP Mobile Top 10 Why They Matter and What We Can Do
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
A Framework for Automated Web Application Security Evaluation
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Software Security Testing Vinay Srinivasan cell:
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
1/28/2010 Network Plus Unit 4 WAP Configuration WAP Configuration In this section we will discuss basic Wireless Access configuration using a Linksys.
CSC-682 Advanced Computer Security Analyzing Websites for User-Visible Security Design Flaws Pompi Rotaru Based on an article by : Laura Falk, Atul Prakash,
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Wireless Encryption: WEP and cracking it. Eric Shea.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server
Building Secure Web Applications With ASP.Net MVC.
Module 7: Advanced Application and Web Filtering.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
PwC Making Wireless Networks Secure Computerworld 30 Nov 2004 Mark Vos.
Solving the Security Risks of WLAN Tuukka Karvonen
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Evil Twin Wireless Access Point Attack (or, Thanks for Your Passwords!) Dan Ginsberg 5/4/2015.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Web Applications on the battlefield Alain Abou Tass.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Install, configure, and deploy a SOHO wireless/wired router using appropriate settings. Objective.
Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.
Chapter-7 Basic Wireless Concepts and Configuration.
IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
CompTIA Security+ Question Answer SY Detaille of CompTIA SY0-401 Pass4sure.. VENDOR COMPTIA EXAM NAME COMPTIA SECURITY+ EXAM CODE SY0-401 TOTAL.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
What’s New in Fireware v
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Securing Your Web Application in Azure with a WAF
Security Testing Methods
World Wide Web policy.
API Security Auditing Be Aware,Be Safe
CompTIA Server+ Certification (Exam SK0-004)
Securing the Network Perimeter with ISA 2004
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Advanced Penetration testing
Implementing Client Security on Windows 2000 and Windows XP Level 150
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Security: Attacks & Countermeasures
Presentation transcript:

Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009

2 Main Objectives Insecurities Impact Attack Techniques

3 A little about me...

4 What this talk will cover Intro DHCP Script Injection Attack SSID Script Injection Attack Scanning for Webmin Servers Attack Recommendations, Summary & QA

5 Introduction

6 Administrative Web Interfaces Administer Systems and Networks Help Administrators Most Network Systems have One

7 Why should they be secured? Vulnerable as any other Web Application Highly Privileged Access Different Services, Systems and Protocols Used in “Trusted Environment”

8 Today’s Web Application Attacks User Input Validation Security Best Practice Out of Band Channels

9 DHCP Script Injection Attack

10 DHCP “HandShake”

11 DHCP Request Packet

12 DHCP Script Injection Attack Active DHCP Leases List Attacker located in same LAN To Be Vulnerable

13 DHCP Script Injection Attack

14 DHCP Script Injection Attack

15 DHCP Script Injection Attack

16 DHCP Script Injection Attack

17 DHCP Script Injection Attack - DEMO pfSense Tool Remote Command Execution

18 SSID Script Injection Attack

19 SSID Script Injection Attack Protocol Management Beacon Frames Malicious Code in SSID

20 SSID Script Injection Attack “Scan for Neighbours AP” Functionality Attacker located in Wireless Range Max. SSID length = 32 Characters SSID1/** **/SSID2 = 64 Characters Access to Internet Attacker Server

21 SSID Script Injection

22 SSID Script Injection

23 SSID Script Injection

24 SSID Script Injection

25 SSID Attack - DEMO Linksys – DD-WRT firmware Tool Disable Wireless Encryption

26 Scanning for Webmin Servers Attack

27 Webmin

28 Scanning for Webmin Servers

29 Scanning for Webmin Servers Attack Attacker located in same Network Redirect user to fake Webmin Server Obtain Administrator Credentials CSRF

30 Scanning for Webmin Servers Attack

31 Scanning for Webmin Servers Attack

32 Scanning for Webmin Servers Attack

33 Demo

34 Webmin Web Based Attack Propagation

35 Webmin Web Based Attack Propagation

36 Webmin Web Based Attack Propagation

37 Webmin Web Based Attack Propagation

38 Webmin Web Based Attack Propagation

39 Webmin Web Based Attack Propagation

40 Webmin Web Based Attack Propagation

41 Webmin Web Based Attack Propagation

42 Webmin Web Based Attack Propagation

43 Webmin Web Based Attack Propagation

44 Webmin Web Based Attack Propagation

45 Webmin Web Based Attack Propagation

46 Webmin Web Based Attack Propagation

47 Webmin Web Based Attack Propagation

48 Webmin Web Based Attack Propagation

49 Webmin Web Based Attack Propagation

50 Webmin Web Based Attack Propagation

51 Recommendations

52 Recommendations

53 Recommendations Assess Deployment Do not Trust your Internal Network Penetration Testing Strict Security Policy Risk Management

54 Summary Vulnerable as any other Web Application Additional Attack Vectors “Scanning”, “Detecting “,“Finding” Functionality Risks Increased Used in “Trusted Environment”

55 References & Further Reading Project Web Site: Contact Me rafael.dominguez-vega( )mwrinfosecurity!com

56

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.