Malicious URLs - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

Malicious URLs

Description:

Command = netscape www.nba.com';rm -f -- Back Ticks ... Netscape opened with URL: www.nba.com deleted on Netscape Exit. Single Quotes ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 7
Provided by: Winst2
Category:
Tags: malicious | nba | urls

less

Transcript and Presenter's Notes

Title: Malicious URLs


1
Malicious URLs
  • Files Removal
  • -- Single Quotes
  • Command netscape www.nba.comrm -f
  • -- Back Ticks
  • Command netscape www.nba.comrm -f
  • -- No Quotes or Ticks
  • Command netscape www.nba.comrm -f
  • Note Filename

2
Results
  • Single Quote
  • Netscape opened with URL www.nba.com
  • deleted on Netscape Exit
  • Back Ticks
  • Shell executed rm f BEFORE Netscape
  • Netscape opened with URL www.nba.com
  • No Quotes or Ticks
  • Netscape opened with URL www.nba.com
  • deleted on Netscape Exit

3
Single Quotes
  • system(netscape www.nba.comrm f )
  • System calls
  • execv(/bin/sh,
  • sh,-c,netscape www.nba.comrm f
    ,0)
  • /bin/sh calls
  • execvp(netscape, netscape","www.nba.com",0)
  • execvp(rm, rm",f,,0)
  • Executing
  • netscape www.nba.com
  • rm f
  • Therefore
  • Runs netscape www.nba.com
  • On Netscape Exit, Runs rm -f
  • Note It is identical for
    Example

4
Back Ticks
  • Back Ticks are interpreted by the Shell as
  • Output of the Command in the Back Tick
  • or simply, Command Substitution
  • Commonly used to assign Output of Command to Var
  • bin/sh todaydate
  • bin/sh echo today
  • bin/sh Wed Apr 20 140933 GMT-8 2005
  • Thus, Command in Back Ticks
  • Executed and Evaluated above all

5
Back Ticks
  • system(netscape www.nba.comrm rf )
  • System calls
  • execv(/bin/sh,
  • sh,-c,rm f ,0)
  • execv(/bin/sh,
  • sh,-c,netscape www.nba.com,0)
  • /bin/sh calls
  • execvp(rm,rm",f",,0)
  • execvp(netscape,netscape","www.nba.com",0)
  • Executing
  • rm f
  • netscape www.nba.com
  • Therefore
  • Runs rm -f
  • Runs netscape www.nba.com

6
Conclusion
  • system() invokes /bin/sh Subshell
  • Vulnerable to Attacks
  • With UNCHECKED Shell MetaCharaters
  • Prudent to check ALL User Inputs
Write a Comment
User Comments (0)
About PowerShow.com