Presentation is loading. Please wait.

Presentation is loading. Please wait.

Homework & Class review

Published byAntonia Perkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Homework & Class review"— Presentation transcript:

1 Homework & Class review
Dr. X

2 Metasploitable Not everything is what it looks like…
You opened a reverse shell with root priviledges But did you?

3 Metasploitable There was a bug
You were root back on the kali VM not the metasploitable How could you correct this?

4 What you did

5 What you did Workaround: do not use exploit –j Use just exploit
Then on the php code, use the IP address of the metasploitable

6 SQL Injection

7 Had to override password

8 But there are other ways
Use known login Close query Comment out password check admin'); #’ And then you could add an sql expression admin');UPDATE user SET pass=​'pass' WHERE name=​'admin';#'

9 XSS https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Methodology: Find websites with inputs Use a scanner such as Burp Use Nikto: perl nikto.pl -host Write a program that can try different inputs (only if you have permission!)

10 Buffer overflow Let’s draw the stack… What was our goal? Why?
High address Buffer overflow Stack Grows Str pointer Return Address Let’s draw the stack… What was our goal? Why? Previous Frame Pointer Frame Pointer (Overflow) Buffer Low address

11 Buffer overflow Find buffer address: b bof 0xbffff138
High address Buffer overflow Stack Grows Str pointer Return Address 0x28 bytes Find buffer address: b bof 0xbffff138 Find ebp address: x ebp 0xbfff158 Previous Frame Pointer 0x24 bytes (Overflow) 0x20 bytes Buffer Low address

12 Buffer overflow Find buffer address: b bof 0xbffff138
High address Buffer overflow Malicious code Find buffer address: b bof 0xbffff138 Find ebp address: x ebp 0xbfff158 Return address should be… 0xbffff x28 = 0xbffff160 Add some extra bytes to return address to make sure that you will land at the no-op slide (ex. Set ret address to 0xbffff260) NOP slide Str pointer Return Address Previous Frame Pointer buffer[0]…buffer[] Low address

13 A brief review of assignments & class
Reconnaissance and automation Scanning – maybe not Edurange? Denial of Service and Snort Metasploit SQL Injection & XSS – use OWASP vulnerable VM? Buffer overflow

14 A brief review of assignments & class
Add Hack VMs: Create a vulnerable VM Exchange VMs Hack each others VMs Add Develop Malware/Worm program – will need to use DeterLab or local VMs Practice scan in an automated program Deletes or modifies files Add Defend VMs Real time exercise? Setup a firewall, IDS, Security Onion Or create a robust VM, let others try to hack it…

15 A brief review of assignments & class
Have two tests Have another textbook Start with crypto? Your thoughts?

Download ppt "Homework & Class review"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Company LOGO WEB SYSTEM. Components of a Generic Web Application System.

Company LOGO WEB SYSTEM. Components of a Generic Web Application System.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
ITEC403 Graduation Project Applications’ Security – Cem Yağlı.

ITEC403 Graduation Project Applications’ Security – Cem Yağlı.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
1-19-2012www.ursamajorconsulting.com1 Avoid Getting Hacked Joomla! Web Security Northern Virginia Joomla Users Group January 2012 Dorothy Firsching, Ursa.

www.ursamajorconsulting.com1 Avoid Getting Hacked Joomla! Web Security Northern Virginia Joomla Users Group January 2012 Dorothy Firsching, Ursa.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Similar presentations

Ads by Google