lab7 - Lab 7 Hacking Techniques ( (Part II) ) By y Alan S H...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
ab 7 Lab 7 Hacking Techniques (Part II) By Alan S H Lam IEG 7006 (2010) 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 7: Hacking Techniques Lab 7: Hacking Techniques Outlines Examples of remote root exploit through unhandled put (Format String Vulnerabilities) input (Format String Vulnerabilities) Examples of local root exploit through SUID and ace Condition Race Condition Trend of web attack xamples of CGI exploit, SQL injection, and CSRF Examples of CGI exploit, SQL injection, and CSRF Google Hacking hishing (Internet Fraud by 'spoofed' e- ails and Phishing (Internet Fraud by spoofed e mails and fraudulent websites) Real Cases Studies IEG 7006 (2010) 2
Background image of page 2
ab 7: Hacking Techniques Lab 7: Hacking Techniques xamples of remote root exploit through Examples of remote root exploit through unhandled input Most programs are written to handle valid input. Most programmers do not consider what happens when somebody enters input that doesn't match the specification . IEG 7006 (2010) 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 7: Hacking Techniques Lab 7: Hacking Techniques xamples of remote root exploit through unhandled Examples of remote root exploit through unhandled input u- pd vulnerability Wu ftpd vulnerability The wu-ftpd "site exec" vulnerability is the result of missing character-formatting argument in several function calls that implement the "site exec" command functionality. If a malicious user can pass character format strings consisting of carefully constructed *printf() conversion haracters (%f %p %n etc) while executing a characters (%f, %p, %n, etc) while executing a "site exec" command, the ftp daemon may be tricked into executing arbitrary code as root. IEG 7006 (2010) 4
Background image of page 4
ab 7: Hacking Techniques Lab 7: Hacking Techniques ocal root exploit through SUID Local root exploit through SUID On Unix systems, the "suid" bit on a system executable program allows the program to execute as the owner. A program that is setUID to "root" will llow the program to execute with root allow the program to execute with root privileges. IEG 7006 (2010) 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 7: Hacking Techniques Lab 7: Hacking Techniques ocal root exploit through SUID Local root exploit through SUID An example of local root exploit through dump SUID program Some implementations of the Linux backup utility, ump permit use of backup devices on remote dump, permit use of backup devices on remote machines via an access program on the local achine. This access program is identified in the machine. This access program is identified in the RSH environment variable. The value in the environment variable is not validated for security prior to its use in calling a program. IEG 7006 (2010) 6
Background image of page 6
ab 7: Hacking Techniques Lab 7: Hacking Techniques ocal root exploit through SUID Local root exploit through SUID An example of local root exploit through LBL traceroute This example shows how heap mismanagement is fatal. The local root exploit is done by overflowing a alloc()'ed buffer in the traceroute program In the malloc() ed buffer in the traceroute program. In the case of traceroute, there was a reliable way of making traceroute call free() on a pointer that was not obtained with malloc().
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 65

lab7 - Lab 7 Hacking Techniques ( (Part II) ) By y Alan S H...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online