Attacking a Web Server and Application - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Attacking a Web Server and Application

Description:

Server OS: Ubuntu Linux. Apache: Version 2.0.54. Perl: Version 5.8.7. Mod Perl: Version 2.0.1 ... http://www.odci.gov/cgi-bin/query? /bin/cat /etc/passwd ... – PowerPoint PPT presentation

Number of Views:81
Avg rating:3.0/5.0
Slides: 10
Provided by: loganm
Category:

less

Transcript and Presenter's Notes

Title: Attacking a Web Server and Application


1
Attacking a Web Server and Application
  • Logan McKenna

2
Server Information Gathered
  • Server OS Ubuntu Linux
  • Apache Version 2.0.54
  • Perl Version 5.8.7
  • Mod Perl Version 2.0.1

3
Possible Attacks
  • Cookies
  • Apache
  • Security Setup
  • CGI Scripting
  • Allows the execution of custom code
  • Buffer Overflow Exploits

4
Perl Translation Attack
  • Issue characters the Perl translator will not
    filter
  • An example of such an attack would look like
  • http//www.odci.gov/cgi-bin/query?0a/bin/cat20/e
    tc/passwd
  • 0a is the line feed character and 20 is the
    space
  • If this attack is possible a listing of the
    /etc/passwd file will be displayed
  • This attack is not possible on Allans Server

5
Packet Sniffing
  • The packet sniffer I used was Ethereal
  • I ran through all the possible commands and
    options a user can choose.
  • I found out everything is transferred in plain
    text.
  • The help button uses JavaScript to call help
    files stored in a directory

6
Packet Sniffing Continued
  • Can call any help file
  • http//alraymond.kicks-ass.org/cgi-bin/user_help.p
    l?config_fileframecal/demohelp_topic2
  • Permissions are set correctly
  • Cannot call any other system files

7
Valid Help Files
8
Deletion
  • Deletion function does not authenticate
  • http//alraymond.kicks-ass.org/cgi-bin/framecal/fr
    amecal.pl?session_file456c4e991c6c0e25calendard
    emoitem_to_mod_del16month11year2006actionD
    eleteEvent
  • Allan implemented a fix by disabling the Public
    View
  • My solution to logon and get the session file
    numbers
  • Changed the Deletion code to authenticate at each
    deletion call

9
Secure ?
  • Implement SSL
  • Update all the system software
  • SSL exploits and buffer overflow exploits have
    recently been found
Write a Comment
User Comments (0)
About PowerShow.com