Presnted by Ashwani (09IT16) Navneet (09IT48)

This paper offers a fresh perspective on the aspect of application security, highlighting a sample attack that is not currently being protected against. It includes identifying poor coding practices that render Web applications vulnerable to attacks such as remote command execution.

Part One is about a remote command execution hole that is found on a web application or a network.

Part two is about the description and the importance of the selected application for study about,

Part three and four are some discussion about vulnerability and penetration test

Part five is about Remote Command Execution Security Hole/Metasploit Framework Usage to Exploit the vulnerability i.e gaining access. Part six is about privilage escalation Part seven represent a method to maintain the access. part eight is the conclusion of the research.

Vulnerability:

The term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability exploit the flaw.

Using the failure of the system to violate the site security policy is called exploiting the vulnerability.

Exploit:

A security bug is a software bug that benefits someone other than intended beneficiaries in the intended ways.

Security Bug:

Definition of Penetration Testing: - A penetration test or pentest is a test evaluating the strengths of all security controls on the computer system. Penetration tests evaluate procedural and operational controls as well as technological controls.

-Reconnaissance

and Information Gathering or Foootprinting

- Network Enumeration and Scanning - Vulnerability Testing and Exploitation - Reporting

Purpose: To discover as much information about a target (individual or organization) as possible without actually making network contact with said target. Methods: Organization info discovery via WHOIS Google search Website browsing

Planning & Discovery

Domain Name: CLEMSON.EDU Registrant: Clemson University 340 Computer Ct Anderson, SC 29625 UNITED STATES Administrative Contact: Network Operations Center Clemson University 340 Computer Court Anderson, SC 29625 UNITED STATES (864) 656-4634 noc@clemson.edu Technical Contact: Mike S. Marshall DNS Admin Clemson University Clemson University 340 Computer Court Anderson, SC 29625 UNITED STATES (864) 247-5381 hubcap@clemson.edu Name Servers: EXTNS1.CLEMSON.EDU 130.127.255.252 EXTNS2.CLEMSON.EDU 130.127.255.253 EXTNS3.CLEMSON.EDU 192.42.3.5

Purpose: To discover existing networks owned by a target as well as live hosts and services running on those hosts. Methods: Scanning programs that identify live hosts, open ports, services, and other info (Nmap, autoscan) DNS Querying Route analysis (traceroute)

Active probing,Port scanner,Nmap

nmap -sS 127.0.0.1 1 2 3 Starting Nmap 4.01 at 2006-07-06 17:23 BST 4 Interesting ports on chaos (127.0.0.1): 5 (The 1668 ports scanned but not shown below are in state: closed) 6 PORT STATE SERVICE 7 21/tcp open ftp 8 22/tcp open ssh 9 631/tcp open ipp 10 6000/tcp open X11 11 12 Nmap finished: 1 IP address (1 host up) scanned in 0.207 13 seconds

Purpose: To check hosts for known vulnerabilities and to see if they are exploitable, as well as to assess the potential severity of said vulnerabilities. Methods: Remote vulnerability scanning (Nessus, OpenVAS) Active exploitation testing o Login checking and bruteforcing o Vulnerability exploitation (Metasploit, Core Impact) o 0day and exploit discovery (Fuzzing, program analysis) o Post exploitation techniques to assess severity (permission levels, backdoors, rootkits, etc)
o

Testing & exploitation(Exploit & privilege escalation)

Metasploit Framework follows some key steps

for exploiting a system that include

To Select and configure the exploit to be targeted. This is the code that will be targeted toward a system with the intention of taking advantage of a defect in the software. Validate whether the chosen system is susceptible to the chosen exploit.

Select and configures a payload that will be used. This payload represents the code that will be run on a system after a loop-hole has been found in the system and an entry point is set.

Select and configure the encoding schema to be used to make sure that the payload can evade Intrusion Detection Systems with ease.

Execute the exploit.

Purpose: To organize and document information found during the reconnaissance, network scanning, and vulnerability testing phases of a pentest. Methods: Documentation tools (Dradis) o Organizes information by hosts, services, identified hazards and risks, recommendations to fix problems
o

Executive Summary ->1 page document ->describing in brief activities performed,findings ->recommendations & conclusion

Some of the tools that are popularly used for penetration testing are shown in this appendix. The tools below are grouped according to the testing methodologies outlined earlier.
Information Gathering:

Nmap Network scanning, port scanning and OS detection URL: http://www.insecure.org/nmap/index.html hping Tool for port scanning. URL: http://www.kyuzz.org/antirez/hping.html netcat - Grabs service banners / versions. URL: http://packetstorm.securify.com/UNIX/netcat/ firewalk - Determining firewall ACLs. URL: http://www.packetfactory.net/Projects/Firewalk/ ethereal - Monitoring and logging return traffic from maps and scans. icmpquery - Determining target system time and netmask. URL: http://packetstorm.securify.com/UNIX/scanners/icmpquery.c strobe - Port scanning utility URL: http://packetstorm.securify.com/UNIX/scanners/strobe-1.04.tgz

Vulnerability Detection:

Nessus - Scans for vulnerabilities. URL: http://www.nessus.org/ SARA Another scanner to scan for vulnerabilities. URL: http://www.www-arc.com/sara/

Penetration Tools:

Brutus Telnet, FTP and HTTP Password cracker URL: http://www.hoobie.net/brutus LC3 Password cracking utility URL: http://www.atstake.com/lc3

THANK YOU