A Real World Attack: wu-ftp - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

A Real World Attack: wu-ftp

Description:

There have many intrusion accident ... Microsoft Windows DCOM RPC Internet Buffer Overrun. 1 ... Microsoft RPCSS DCOM Interface Long Filename Heap Corruption. 2 ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 15
Provided by: Ryan85
Category:
Tags: attack | dcom | decompress | ftp | nmap | real | world

less

Transcript and Presenter's Notes

Title: A Real World Attack: wu-ftp


1
A Real World Attack wu-ftp
2
Description
  • There have many intrusion accident happened in
    day. Do you know what technique that crackers can
    intrude your web server, mail server and ftp
    server.
  • Today, this exercise will guide you through the
    process of discovering a vulnerable system,
    exploiting the vulnerability, and installing
    software to cover your tracks.

3
Purpose
  • Located a vulnerable system
  • Exploit that vulnerability to gain a root shell
  • Installed a RootKit
  • Access the system via the RootKit

4
Principle and Pre-Study (I)
  • CERT Advisory CA-1999-13
  • Multiple Vulnerabilities in WU-FTPD
  • MAPPING_CHDIR Buffer Overflow
  • Message File Buffer Overflow
  • SITE NEWER Consumes Memory
  • http//www.cert.org/advisories/CA-1999-13.html

5
Principle and Pre-Study (II)
  • What is Buffer overflow?

2003 Top Ten Vulnerability Threat (Symantec) 2003 Top Ten Vulnerability Threat (Symantec)
1 Microsoft Windows DCOM RPC Internet Buffer Overrun
2 Microsoft RPCSS DCOM Interface Long Filename Heap Corruption
3 Microsoft Windows ntdll.dll Buffer Overflow
4 Sun Solaris Sadmin Client Credentials Remote Administrative Access
5 Sendmail Address Prescan Memory Corruption
6 Multiple Microsoft Internet Explorer Script Execution
7 Microsoft Windows Workstation Service Remote Buffer Overflow
8 Samba call_trans2open Remote Buffer Overflow
9 Microsoft Windows Locator Service Buffer Overflow
10 Cisco IOS Malicious IPV4 Packet Sequence Denial of Service
A type of programmatic flaw that is due to a
programmer allowing for an unbounded operation on
data.
6
Required Facilities
  • WARNING
  • This process of cracking a system is only tested
    in internal network.
  • Do not actual exploit on unprivileve host
  • Hardware
  • PC or Workstation with UNIX-like system
  • Software
  • Wu-ftp 6.2.0
  • RootKits and Buffer Overflow Program

7
Step (I) reconnaissance and scanning
Use nmap for system scanning
Test the account of anonymous
8
Step (II) exploit the target
Decompress the buffer overflow file and compile it
List the usage of this tool
9
Step (III) cracking
Execute the buffer overflow on target host
Got the root right
10
Step (IV)
  • Download the rootkit from outside and install it

checking the login user
Download the tool from another victim
Decompress the rootkit
Execute the rootkit
11
Step (V) auto-patch the victim
the default login password
change the system command
open the telnet port
Report the system information
close the system filewall
12
Step (IV)
  • try the rootkit if it works
  • Now you can do anything

The Telnet daemon has been replaced
Input the ID and the Password Which predefine by
us
We have got a root shell now
13
Summary
  • Checking the OS and applications vulnerability
    periodically.
  • Catch the idea of Defense in Depth.

14
Reference
  • CERT
  • http//www.cert.org/
  • Nmap
  • http//incsecure.org/
  • Buffer Overflow and RootKits download site
  • http//www.flatline.org.uk/pete/ids/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Real World Attack: wu-ftp" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!