Professional Documents
Culture Documents
2008 Batch-I
Module XII
Web Application Vulnerabilities
Scenario
George and Brett are friends. Brett is a web
administrator for his company's website. George is
a computer geek. He finds security holes in Brett’s
website and claims that he can:
• Steal identities
• Hijack accounts
• Manipulate web pages/inject malicious codes
into the client’s browser
• Gain access to confidential resources
Brett challenges this claim maintaining that his
Website is secure and free from any intrusion.
George thinks that it’s the time to prove his mettle.
Picture Source:
What next? http://daz00k.free.fr/geek.gif
Module Objectives
Web Application
Countermeasures Hacking Tools
Web Application Set Up
Exploitive behaviors
• Defacing Web sites
• Stealing credit card
information
• Exploiting server-side
scripting
• Exploiting buffer
overflows
• Domain Name Server
(DNS) Attacks
• Employ Malicious
Code Picture Source:
http://www.governmentsecurity.org/articles/images/SQL_in1.jpg
Anatomy of an Attack
SCANNING
INFORMATION GATHERING
TESTING
Cross-site scripting
SQL injection
Command injection
Cookie/session poisoning
Parameter/form tampering
Buffer overflow
Directory traversal/forceful browsing
Cryptographic interception
Authentication hijacking
Log tampering
Web Application Threats
E-mail
You have won..
Click here!!!!
Web Browser
Script Host
<script>
evilscript()
<\script>
Hackers Computer
Countermeasures
Picture Source:
http://www.vaemergency.com/emupdatenew/articles/03jan/images_03jan/injection.jpg
Command Injection Flaws
Picture Source:
http://www.wsl.ch/land/biodiversity/gendiv/BAFE/overflow.gif
Countermeasures
George found out that the Session IDs in George sends URL (with a malicious script)
link via email
Brett's Website are stored in a cookie to
keep track of the user’s state. If the users
are made to click upon a link then they
can be redirected to a different site
wherein their credentials can easily be Brett
stolen. George sends an URL link with Brett clicks the link and request page
Brett
Hacking Tools
Instant Source
Wget
WebSleuth
BlackWidow
WindowBomb
Burp
cURL
Instant Source
http://www.blazingtool.com
This tools allows viewing and editing the HTML
source code of the web pages
It can be executed from Internet Explorer
wherein a new toolbar window displays the
source code for any selected part of the page in
the browser window.
Hacking Tool: Wget
www.gnu.org/software/wget/wget.html
Wget is a command line tool for Windows and Unix that
will download the contents of a web site.
It works non-interactively, in the background, after the
user has logged off.
Wget works particularly well with slow or unstable
connections by continuing to retrieve a document until
the document is fully downloaded.
Both http and ftp retrievals can be time stamped, so
Wget can see if the remote file has changed since the
last retrieval and automatically retrieve the new version
if required.
Wget
Hacking Tool: WebSleuth
Picture Source:
http://sandsprite.com/sleuth/
BlackWidow
http://softbytelabs .com
Black widow is a website
scanner, a site mapping
tool, a site ripper, a site
mirroring tool, and an
offline browser program.
It can be used to scan a
site and create a complete
profile of the site's
structure, files, e-mail
addresses, external links
and even link errors.
Hacking Tool: WindowBomb
Burp comes preconfigured with attack payloads and it can check for
common databases on a Lotus Domino server.
Burp
Carnivore is an FBI
assistance program.
It captures all e-mail
messages to and from a
specific user's account.
Carnivore eavesdrops on
network packets
watching them go by,
then saves a copy of the
packets it is interested in
(passive sniffer). Picture Source:
http://www.politrix.org/foia/carnivore/carnr03.jpg
Summary