Training Security EMEA - III

Basic Identification Port Scanning OS fingerprinting & Application scanning Advanced Identification Stealth operations Inline systems detection Security policy bypassing Fragmentation tricks ISN prediction & Spoofing | Security Training III – Application Hacking Renaud BIDOU Security Consultant EMEA Applications target points Input data Internal components External components Output Agenda – Part I : Introduction Environment Variables Files and commands Injections Basics SQL Injections Cross Site Scripting Agenda – Part II : Input data Reminder Buffer Overflow Heap Overflow Format Strings Agenda – Part III : Internal Parts External components Privilege Commands Output Information Leak Crash Policy Agenda – Part IV : External Introduction Functional Components INTRO Inputs Users Inputs The MOST dangerous Network inputs Shared data and memory Internal Components Memory management Temporary data Weak Points INTRO External components OS Environment variables Embedded commands Application privileges Other applications Output “Normal Output” Errors To users Logs Crash dumps Weak Points INTRO Inputs Environment Variables Typical path deviation Set PATH variable to include current directory Write fake program User will run the fake one if not using absolute path Case Study $ENV # export PATH=. # ping gotcha # #!/bin/sh cat ping main (){ printf("gotcha\n"); } EOF cc –o ping What is IFS ? Defines separators Usually space, tab and carriage return Can be used to bypass PATH protection User will run the fake one if not using absolute path PATH and IFS $ENV # export PATH=. # export IFS="P\r\n" # gotcha # $ cat #!/bin/sh export PATH=/bin:/usr/bin ping $1 $ LD_PRELOAD Used to load shared libraries Can be used to load trojaned libraries May generate buffer overflows on target applications CLASSPATH Used to load Java classes Can be wicked to load trojaned classes TMP Sets the temporary directory Useful for race conditions Other variables at risk $ENV Global deletion Under Linux set the **environ pointer to NULL Use the clearenv() function on POSIX systems May leave the system unstable Mitigating the . | Security Training III – Application Hacking Renaud BIDOU Security Consultant EMEA Applications target points Input data Internal components External components Output Agenda – Part I : Introduction Environment Variables Files and commands Injections Basics SQL Injections Cross Site Scripting Agenda – Part II : Input data Reminder Buffer Overflow Heap Overflow Format Strings Agenda – Part III : Internal Parts External components Privilege Commands Output Information Leak Crash Policy Agenda – Part IV : External Introduction Functional Components INTRO Inputs Users Inputs The MOST dangerous Network inputs Shared data and memory Internal Components Memory management Temporary data Weak Points INTRO External components OS Environment variables Embedded commands Application privileges Other applications Output “Normal Output” Errors To users Logs Crash dumps Weak Points INTRO Inputs Environment Variables Typical path deviation Set PATH variable .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.