Presentation is loading. Please wait.

Presentation is loading. Please wait.

FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett.

Published byDwain Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett."— Presentation transcript:

1 FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett

2 FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett

3 Background History of the FPSE Different names, same old holes
What products include FPSE?

4 Risks Are the FPSE as insecure as everyone says?
What are the real risks? Increased attack surface Entry point Information gathering Running on system partition Insufficient logging Storing files within the web root

5 Risks What are some greater risks? Confusing security model
Running in-process with inetinfo.exe Relaxed NTFS permissions Cannot be secured without NTFS

6 The FPSE Files The same files? FPSE 2002 _vti_bin/shtml.dll
_vti_bin/_vti_aut/author.dll _vti_bin/_vti_adm/admin.dll FPSE 2002 _vti_bin/owssvr.dll _vti_bin/_vti_adm/fpadmdll.dll

7 FPSE Directories _vti_bin – FPSE Binaries _private - _vti_cnf _vti_pvt
_vti_script _vti_txt

8 Decoding vti_rpc Sending vti_rpc methods Interpreting output
POST to FPSE binaries GET to owssvr.dll Multiple posts using CAML Interpreting output

9 Sample Output <html><head><title>vermeer RPC packet</title></head> <body> <p>method=list services: <p>services_list= <ul> <li>SR|msiis <li>vti_usagevisitsbyweek <li>UX| <li>vti_usagebymonth <li>UX| <li>vti_welcomenames <li>VX|Default.htm Default.asp Default.aspx <li>vti_adminurl <li>SR|/_vti_bin/_vti_adm/fpadmdll.dll

10 Cool vti_rpc Tricks Finding unprotected web sites Listing webs
Other info gathering method=list+services: &service_name=

11 vti_rpc Exploits New exploits to be announced

12 Other Exploits New exploits to be announced

13 Updating the FPSE Finding product updates Confusing and inconsistent
Manual fixes

14 Manual Fixes Htimage.exe and Imagemap.exe Microsoft’s solution
Another Microsoft solution The real solution?

15 The Security Model Browse, Author, and Administer
NTFS Permissions on web root Common Mistakes

16 Installing & Uninstalling
Why are the directories there on a clean install? Why won’t they uninstall? How do you remove them?

17 Moving the FPSE 1. Move the binaries 2. Update the registry
3. Update the metabase

18 Securing the FPSE The FPSE can be used safely if you:
Secure user accounts Set proper NTFS permissions Set proper IIS permissions Configure the registry defaults Keep patched Use SSL for authoring Manage log files Set IP Restrictions

19 Advanced Techniques Mirror sites URLScan Rules Custom ISAPI filter
FPSE neutered NTFS restrictions Remove directories Disable authoring

20 FPSE Intrusions Spotting attacks Log entries Other trails
FPSE vs. WebDAV

21 Snort Rules Updated Snort rules Logging FPSE authoring with Snort

22 FrontPage Tools Xfp.pl – FrontPage security scanner
Fpseinfo.pl – FrontPage info gathering SecureFPSE.cmd – Harden FrontPage Server Extensions fpBlock – ISAPI filter for FrontPage IP restrictions

23 Xfp.pl

24 Fpseinfo.pl Returns FPSE information - Web server platform
- Anonymous user account - Site statistics - Hidden directories - More

25 SecureFPSE.cmd Removes htimage.exe and imagemap.exe Moves binaries
Registers components in new lcoation Updates metabase Updates registry

Download ppt "FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett."

Similar presentations

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Internet Information Server (IIS)

Internet Information Server (IIS)
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006.

Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Module 1: Installing Internet Information Services 5.0.

Module 1: Installing Internet Information Services 5.0.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Similar presentations

Ads by Google