Common vulnerabilities and attacks

Buffer Overflow DoS (Denial Of Service) SQL Injection Cross Site Scripting (XSS) Session Management Client-side scripting Web Cookie Exploit

Buffer Overflow
Program asks for a serial number that the attacker does not know Attacker also does not have source code

Attacker does have the executable (exe)

Program quits on incorrect serial number

Buffer Overflow
By trial and error, attacker discovers an apparent buffer overflow

Note that 0x41 is A Looks like ret overwritten by 2 bytes!

Buffer Overflow
Next, disassemble bo.exe to find

The goal is to exploit buffer overflow to jump to address 0x401034

Buffer Overflow
Find that 0x401034 is @^P4 in ASCII

Byte order is reversed? Why? X86 processors are little-endian

Buffer Overflow
Reverse the byte order to 4^P@ and

Success! Weve bypassed serial number check by exploiting a buffer overflow Overwrote the return address on the stack

Cross Site Scripting (XSS)

What is the XSS?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications Enables malicious attackers to inject client-side script into web pages viewed by other users.

Cross Site Scripting (XSS)

How to exploit XSS?

Search box Banner area etc

insert scripts (ex: <script>alert(XSS)</script>

Client/Server script
What is the Client/Server Script?

Client-side scripting is executed client-side, by the user's web browser, instead of server-side (on the web server).

Client/Server script
How to exploit Client/Server Script Vulnerability?

traffic from client to server via Web proxy (man in the middle) edit data then forward to server.

Client/Server script
Client-script works properly

Example
Configure the web proxy that will work as man in the middle

Example
Submit a valid value

Example
Use Web Proxy to edit valid value with an invalid ones

Example
The invalid data is accepted because there is no script checking at server

After that, there is no session can be accessed to this Web server

Web Cookie Exploit

What is the Web Cookie?

a piece of text stored by a user's web browser used for

Web Cookie Exploit

How to exploit Web Cookie Vulnerability?

import cookies into browser

FireFox + Add N Edit Cookies Add-ons

Web Cookie Exploit

SQL Injection
What is SQL Injection?
SQL injection l mt k thut m hacker li dng l hng trong vic kim tra d liu nhp trong cc ng dng web v cc thng bo li ca c s d liu thm vo v thi hnh cc cu lnh SQL bt hp php (((Ch ny tn dch jum ch phc dch ko ni)))

SQL Injection
How to exploit SQL Injection ?

SQL Injection
How to exploit Web Cookie Vulnerability?

SQL Injection
How to exploit Web Cookie Vulnerability?

Acunetix Web Vulnerability Scanner N-Stealth

http://www.acunetix.com/vulnerability-scanner/)

http://www.nstalker.com/products/editions/free/)

SQL Injection
How to detect, identify SQL Injection Vulnerability?