• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Enterprise Portals - Gateway to the Gold
 

Enterprise Portals - Gateway to the Gold

on

  • 961 views

Ian De Villiers

Ian De Villiers
ZaCon 2009
http://www.zacon.org.za/Archives/2009/slides/

Statistics

Views

Total Views
961
Views on SlideShare
958
Embed Views
3

Actions

Likes
0
Downloads
16
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Enterprise Portals - Gateway to the Gold Enterprise Portals - Gateway to the Gold Presentation Transcript

    • Enterprise Portals Gate to the Gold
    • `whoami` •  SensePost –  Specialist Security firm based in Pretoria –  Customers all over the globe –  Talks / Papers / Books •  ian@sensepost.com –  Associate security analyst –  I break stuff and write reports about breaking stuff •  Why this talk?
    • EP Vendors •  IBM WebSphere Portal •  SAP NetWeaver Portal •  Oracle Portal Products (PlumTree, BEA, SUN, ∞) •  OpenText Portal (Formerly Vignette) •  JBoss Portal •  Microsoft SharePoint Server •  Apache Jetspeed, Interwoven TeamPortal, …, ∞
    • EP Overview •  Frequent on intranets. •  Also frequent on the Internet… :) •  Framework for integrating information, people and processes** •  Consolidate and summarise diverse sources of information •  Provide customisable home-page for registered users **
    • EP Overview •  Popular platform for deployment of applications due to framework and built-in functionality •  Provide SDK’s for customisation and deployment of custom applications •  Support pluggable components called portlets •  Generally J2EE-based, but there are some alternate platforms (i.e.: .NET, PHP, ∞)
    • Portlet Overview •  Pluggable user interface components which are managed and displayed in a portal** •  Fragments of markup code (i.e: HTML / XML etc) which are aggregated in a portal page** •  Adhere to various standards –  WSRP (web services for remote portlets) –  Java Portlet Specification GET /moo?portlet=id&URI=http%3A%2F%2FHR%2Fbaa •  JSR168 HTTP 200 OK •  JSR268 •  Proprietary **
    • Functionality++ •  User Registration •  Portals are generally designed to share information – provide functionality for searching documents, users, ..., ∞ •  Workflow components •  Messaging / Social networking •  Configuration and administrative components
    • Common Shortcomings •  Generally cater for multiple portal applications –  May expose intranet applications to the Internet •  Frequently allow registration for public users – Functionality++ •  Due to complex installation of J2EE application servers and lazy sys-admins, frequently run with elevated privileges
    • Common Shortcomings •  Diverse log-in capabilities –  LDAP, XML, Database, ..., ∞, * == SSO •  Developers of custom applications deployed on portal platforms frequently have not considered the underlying functionality of the platform •  Custom error pages defined for platform •  Complexity++
    • Breaking Out •  Custom applications frequently exploit functionality of portal framework but don’t allow users direct access to framework functions… •  … or do they ?
    • Breaking Out •  Direct object access •  Google is your friend… :> •  Forcing errors to display generic portal error messages •  Accessing site-registration •  HTML source comments and JavaScript •  Once we can break out of the custom application, we expose the full functionality of the portal…
    • Finding Portals •  Google Hacks (nods at Johnny Long…) •  site:, insite:, inurl:, …, ∞ •  Demo… –  site:za –  inurl:/portal/site –  inurl:/template.REGISTER
    • Abusing Portlets •  Original Advisory pertaining to IBM WebSphere –  WebSphere – 2006/01/24 – EPAM Systems •  Port Scanning •  Accessing protected resources •  Attacks at third parties •  Blended Attack Scenarios –  Denial Of Service –  Brute-Force –  Attacks against other protocols
    • PortletSuite.tgz •  PortletScan.py –  Scan for open ports by abusing portlets •  Pikto.py –  Scan for common virtual directory names and web server misconfigurations •  PorProx.py –  Provides proxy server functionality tunnelling HTTP requests through remote portlets
    • PortletSuite.tgz •  http://www.sensepost.com/blog •  Demo… –  Breaking out –  Portlet-scanning –  Pikto –  Accessing protected resources –  PortletProx
    • Questions ? ian@sensepost.com