Your SlideShare is downloading. ×
Sembang2 Keselamatan It 2004
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Sembang2 Keselamatan It 2004

1,547

Published on

Sembang2 Keselamatan It 2004 Pokleyzz, wyse, obelicks, pengalir by SK from Scan Associates

Sembang2 Keselamatan It 2004 Pokleyzz, wyse, obelicks, pengalir by SK from Scan Associates

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,547
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Sembang2 Keselamatan It [email_address]
  • 2. S pea K er
    • Call me S.K.
    • While in UTM:
      • Modify virus source code and spread it to Tar College, crack Virus Buster™ for fun
    • After UTM:
      • Start up SCAN Associates
      • Legally do pen-test for many agencies
      • Document hacking tricks and share with friends
    Advertisement
  • 3. Publications
    • SQL Injection Walkthrough , published in more than a dozen security web site
    • Win32 Buffer Overflow Walkthrough , details the process of buffer overflow
    • Thanks from Microsoft™ for finding bug in their software
    • Creating firewall proof shellcode in Blackhat and soon in Ruxcon conference
    • Winner of Blackhat Hacking game !
    Advertisement
  • 4. Wat we wanna do today?
    • Appetizer has:
      • some new terminologies
      • a bit of concepts
      • a few easy to use tools
    • Main course:
      • Treat
      • Vulnerability
      • Exploitation
      • A bit of SQL injection
    • Dessert:
        • demo on some tricks/tools
    TOC
  • 5. Threat
    • If there is a computer, there is a threat…
    • If there are 2 computers, there are 2 times threats…
    • If there are N computers, there are N x threats…
    • The more computers you hafta manage, the more risk there is…
    Threat
  • 6. Threat, seriously…
    • Running background services
      • Services running all the time
      • Allow direct connection from anywhere
      • Favorite targets:
        • HTTP (port 80)
        • FTP (port 21)
        • NetBIOS (port 135, 445)
        • HTTPS (port 443)
        • SSH (port 22), etc
    Threat
  • 7. More threats…
    • Mistake and Configuration errors:
      • No password
      • User name = password
      • Write access allowed
      • Default Public/Private community string
      • Poor Access Control in proxy server
      • Testing server in public network
      • Existing of default account
    Threat
  • 8. Threats from within…
    • End-user attacks:
      • Email attachments
      • User download trojan horse
      • File sharing tool like Kazaa
      • Not to mention Instant Messaging and IRC
      • Unprotected Wi-Fi Access Point
    Threat
  • 9. Vulnerability
    • Software bug leads to vulnerability, vulnerability leads to system hack
    • Thus, software bug is our friend
    • Find the bug, you will find the way in
    • Fortunate for us, security experts publish new vulnerability everyday
    • Our objective is to find a system with any vulnerability
    Vulnerability
  • 10. Finding vulnerability
    • The easy way:
      • nessus – general purpose vuln scanner
      • nikto – web attack scanner
    • The semi-automatic approach:
      • nmap – port scanner
      • sl – port scanner for windoze
    • The free-styler:
      • netcat
      • your favorite browser
    Vulnerability
  • 11. nessus
    • General purpose vulnerability scanner
    • http://www.nessus.org
    • GNU Public License
    • Test hundreds of vulnerabilities effortlessly
    • Can write your own plug-in using NASL
    • Test only, will not let you control the server
    Vulnerability - The easy way
  • 12. nessus client-server Nessus Client (Unix) Nessus Server (Unix) Targets Nessus Client (Windows) Targets Vulnerability - The easy way
  • 13. nikto
    • Web scanner
    • http://www.cirt.net/code/nikto.shtml
    • Open source (GPL)
    • Over 2600 vulnerabilities specific to Web only
    • Support HTTPS connection to avoid IDS detection
    • Test only, will not let you control the server
    Vulnerability - The easy way
  • 14. Other Tools
    • General purpose scanner
      • Internet Security Scanner ( www.iss.net)
      • Eeye’s Retina ( www.eeye.com)
    • Web Server Scanner
      • Stealth HTTP Scan ( www.hideaway.net)
      • Whisker ( www.wiretrip.net/rfp/p/doc.asp/i2/d21.htm )
    Vulnerability - The easy way
  • 15. Port Scanner
    • Tell you what type of services are running in a server
    • Indirectly tell you the OS too
    • nmap
      • www.insecure.org/nmap/
      • Versatile port scanner for *nix
    • sl
      • www.foundstone.com
      • easy to use port scanner for windoze
    Vulnerability - semi-automatic
  • 16. Favorite targets
    • Port 53 – try bind exploit
    • Port 21 – try anonymous login, simple passwd or exploits for Pro-Ftp, Wu-ftp, serv-u, etc
    • Port 22 – try simple passwd and x2 exploit
    • Port 25 – sendmail exploit for slackware or exchange exploit
    • Port 80 – Apache chunked bug, IIS .printer, unicode, ASP chunked, Webdav, Frontpage, etc.
    • Port 135, 445 – try netbios sharing with simple passwd or Locator, Dcom, messenger, workstation, Lsass exploits
    • Port 443 – SSL-too-open, THCISSLame.c
    • Port 1433, 1434 – MS Sql Server Resolution Bug, HelloBug or SA without password
    Vulnerability - semi-automatic
  • 17. Free styler
    • Using netcat to connect to popular services and backdoor port:
      • port 22 review SSH version
      • port 1080 might allow you to connect to internal IP
      • port 5554 might drop you a shell
    • Use your favorite browser to surf around the target web server, look for:
      • Hidden info in HTML code
      • Web attack via SQL injection, PHP, Perl, etc
    Vulnerability
  • 18. Exploitation
    • The process of taking advantage of a vulnerability to either:
      • Get a shell (thus, control the victim)
      • Retrieve/modify information (source code, files, database)
      • Denial of Service (DOS), etc
    • To get an exploit:
      • Find/trade from www/irc/friends
      • Create it yourself
      • Purchase it from Core Impact or CANVAS
    Exploitation
  • 19. Find from Internet
    • www.metasploit.com
    • Bugtraq Mailing list
    • Full Disclosure Mailing list
    • http:// packetstormsecurity.nl /
    • http:// www.security.nnov.ru/search/exploits.asp
    • #vuln, #badcode, #darknet, #phrack
    Exploitation
  • 20. Creating it yourself
    • Read and understand the vulnerability from the advisory:
      • www.securitytracker.com
      • www.microsoft.com/security
    • Might require different skill set in:
      • Perl/PHP/SQL
      • Reverse engineering
      • C or ASM programming, etc
    Exploitation
  • 21. metasploit
    • www.metasploit.com
    • Developed by HD Moore and a few ghettohackers (they won Defcon Ctf 3 times in a row)
    • Integrated many exploits in one easy to use package
    • Support command line and web interface
    • Packed with many useful component for exploit development
    • Its free!
    Exploitation
  • 22. Web attack
    • Developers are putting more functionality into Web (port 80)
    • There are many type of attacks specific to port 80 alone:
      • SQL injection
      • Perl and CGI insecurities
      • PHP insecurities
      • Cross scripting (XSS)
    Web attack
  • 23. SQL Injection
    • A technique to manipulate data in a way that it will change the original SQL statement
    • It could happened in the following manner:
      • Program takes your input as a variable
      • It appends your input into an SQL statement
      • The program then pass the statement to the Database
    Web attack
  • 24. ...SQL Injection
    • What if your input is an SQL command?
    • By carefully insert SQL command as your input, you can change the original SQL statement to something else and make the Database to execute your command
    • Usual command to test for SQL injection:
      • Type a single quote as input (‘)
      • Type “ union select 1” to see if injection is possible
    Web attack
  • 25. Perl & CGI
    • File access problem
    • User supply variable which in turn used by Perl/CGI to open a file
    • Manipulating this variable may allow you to open any file or even remote execution
    Web attack
  • 26. PHP
    • Just like Perl/CGI, only more powerful (in a sense of hacking)
    • Not only you may manipulate variable to open any file, you also can control it to open any file in the Internet
    Web attack
  • 27. XSS
    • Allow injection of HTML code (including Javascript/VBScript) into existing HTML page
    • If a user open the page, your code execute
    • Best used in Forum, to steal user cookie
    Web attack
  • 28. Can we go now?
    • Q & A Session
    • Thanks

×