Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

E-Crime Scotland slides for Hacking demos

Published in: Technology
  • Login to see the comments

  • Be the first to like this


  1. 1. Colin McLeanLecturer in Ethical Hacking
  2. 2.  This is a stand-alone environment. Seeing attacks makes a difference! Please don’t try any of this at home! PS Adam is a 4thyear Ethical Hackingstudent at Abertay.
  3. 3. Installed On myPC.Adam will try tohack it..Installed On myPC.Adam will try tohack it..
  4. 4. And generally not as well defended.
  5. 5. WebserverWeb appWeb appWeb appWeb apptransportDBDBAppserver(optional)Web client:IE, Firefox,Opera, etc.HTTPresponse(HTML,JavaScript,VBScript,etc.)HTTPrequestClear-text orSSL• Apache• IIS• Netscape• etc.• ColdFusion• Oracle 9iAS• GlassFish• etc.• Perl• C++• CGI• Java• ASP• PHP• etc.• ADO• ODBC• JDBC• etc.• Oracle• SQLServer• etc.• AJP• IIOP• etc.
  6. 6. WebserverWeb appWeb appWeb appWeb apptransportDBDBAppserver(optional)
  7. 7.  Entering Colin and test gives a SQL query similar to thefollowing: -$query = "SELECT * FROM accounts WHERE username=‘Colin ANDpassword=‘test’; PROBLEM: - Often there is no filtering of input meaning that ahacker can inject CODE.Typical Code$username = $_REQUEST["username"];$password = $_REQUEST["password"];$query = "SELECT * FROM accounts WHERE username=$username ANDpassword=$password;
  8. 8.  Entering blah ‘OR 1=1# In MYSQL, “#” is a comment.$query = SELECT * FROM accounts WHERE username= $username ANDpassword= $password; Gives$query = SELECT * FROM accounts WHERE username= ‘blah OR 1=1#password=  Effectively$query = SELECT * FROM accounts WHERE username= ‘blah OR 1=1
  9. 9.  HacmeBank has an SQL injection flaw. Adam is currently trying to do as much as damageas he can by exploiting this flaw.... “SQLMAP” tool as used by hacking groups.
  10. 10. login_id password user_nameJV JV789 Joe VilellaJM jm789 John MathewJC jc789 Jane Chris
  11. 11. Abertay Ethical Hacking Groupuser_id branchcurrency account_no account_type creation_date balance_amount1Texas-RemingtonCircle USD 5204320422040000 PlatinumJun 14 20051:29AM 167791Texas-RemingtonCircle USD 5204320422040000 SilverJun 14 20051:29AM 81452Mahnattan - Newyork USD 5204320422040000 SilverSep 14 20051:29AM 85552Mahnattan - NewYork USD 5204320422040000 PlatinumSep 12 20051:23AM 910003L A-Hoston Road USD 5204320422040000 PlatinumJun 14 20051:29AM 48003L A-Hoston Road USD 5204320422040000 SilverJun 14 20051:29AM 51003Buston-RichadsonAvenue USD 5204320422040000 PlatinumJun 14 20051:29AM 76003Buston-RichadsonAvenue USD 5204320422040000 SilverJun 14 20051:29AM 12002Mahnattan - NewYork USD 5204320422040000 GoldOct 12 20051:23AM 850Transactions tableTransactions table
  12. 12.  Gain a “shell” on the victims PC. Stop firewall Deface Web site Could also publish database on the Internet.
  13. 13.  Reputation? Compensation? Could be devastating for the company.
  14. 14.  Approximately 3 lines of code.. AWARENESS. Only one of many Web flaws. A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4- Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards . ..etc
  15. 15. We are allvulnerable.No such thing asa “dumb user”.
  16. 16.  Relies on victim clicking on a link (e.g. E-Mail,Google search .....etc). Hackers success against a company can begreatly increased using targeting users. E.g. Might not be easy to get an accountant toclick on any old link....but...
  17. 17.  Get user to visit a page... Issue commands from the menu.
  18. 18. This is manyusers view ofwhat a trojan is...This is manyusers view ofwhat a trojan is...
  19. 19.  Install...◦ Visit the wrong web page/install the wrongsoftware/Someone gets on your PC. Anti-virus can be evaded relatively easily. The ultimate hack.
  20. 20. Unpatched /Downloaded..How dangerous?Unpatched /Downloaded..How dangerous?• This demo applies to “out of date”software or packages downloadedfrom the Internet.• If a flaw isn’t fixed then this is whatcan happen.
  21. 21.  Technical controls can help greatly but Developers/Networking staff/IT Staff/Userawareness is a major mitigation. Most modern hacking attacks require user “help”.
  22. 22.  Awareness training @ Abertay Uni...◦ Pen Testing & Vulnerability Assessment (2 days)◦ Security awareness for users (1/2 day)◦ Web Security testing (2 days)◦ Security Awareness for Managers (1/2 day)◦ Secure Coding (1 day)◦ Wireless security (1 day)◦ Intro to Digital Forensics (2 days)◦ Network Forensics (2 days). In our Ethical Hacking lab or in your company.
  23. 23. Any questions?Abertay Ethical Hacking Group