Scribd Logo
Upload

Welcome to Scribd!

  • Ethical Hacking Ch1 Part 1

    Uploaded by

    James
    26 views30 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    26 views30 pages

    Ethical Hacking Ch1 Part 1

    Uploaded by

    James

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 30
    cer Nia Information Security: Attacks and Vulnerabilities Syllabus Topic : Introduction to Information Security 1.1__ Introduction to Information Secu: [2.2.4.1 Define information Security. (Ref. Sec. 1.1) (2Marks)] — Information security sometimes it is also called as InfoSec. It is the practice of preventing unauthorized access, modification, inspection use, disclosure, disruption, recording or destruction of information. — The data or information can be in any format for e.g. electronic format or physical format. Basically information security primary intention is to the balanced of the confidentiality, integrity and availability of data. It is also known as CIA triad. Syllabus Topic : Asset 1.1.1 Asset [4.12 Define Asset (Ref. Sec. 1.1.1) _ — An asset is any device, data, or other component of the environment that supporting information related activities. Asset can include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. ~ Assets should be protected from illicit or unauthorized access, use, disclosure, alteration, modification, destruction, and/or theft, may resulting in loss to the organization. pee TO Etna! Hac (MU - B.So. «Comp. Sem VI) 1 Into, Seo: Attacks & Vulnorabiitiog —_—_—_—_———— Syltabue Toplo : Accesa Control 1.1.2 Access Control = Access to confidential or protected information must be restricted to people who are authorized to access the information, In many cases authorize the computers that process the information like computer program, must also, = This requires that mechanisms be in place to control the access to protected information, ‘The sophistication of the access control mechanisms should be in parity with the value of the information being protected; the more sensitive or valuable the information the ‘stronger the control mechanisms need to be, = Access control is considered in three steps : Fig. 1.1.1: Three steps in Access Control > 1. Kentification — _ Itis an assertion of what something is or who someone is. If a person makes the statement "Hi, My name is Ganesh Bhagwat" they are making a claim of whom they are. — However, their claim may or may not be true, Before Ganesh Bhagwat can be granted access to protected information, it will be necessary to verify that the person claiming to be Ganesh Bhagwat really is Ganesh Bhagwat, Typically, the claim is in the form of a username, By entering that username you are claiming "I am the person the username belongs to”, > 2. Authentication Authentication means verifying a claim of identity, > 3. Authorization Authorization to access information and other computing services begins with | gdministrative policies and procedures Basically information security primary intention is to the balanced of the confidentiality, imsegrity and availability of data. It is also known as CIA triad as shown in Fig. 1.2.1. Fig. 12.1: CIA triad > 1 Confidentiality — Confidentiality is the property that information is not made disclosed or available to unauthorized people, entities, or processes. It is similar to “privacy” the two words aren't imtexchangrable. — Confidentiality is 2 key component of privacy that implements to protect our data from unauthorized users and viewers of data. ‘Examples of confidentiality : - Electronic data being compromised include laptop theft, password theft. — Seasitive emails being sent to the incorrect individuals. > 2 Integrity ~ lstegrity means that data cannot be modified in an undetected or unauthorized manner. Data integrity means assuring and maintaining the completeness and accuracy of data over its entire lifecycle. ns Although it can be viewed as a special case of consistency as underg ACID model of transaction processing but it is not the same thing ag 00d in the Feferentiay , “Mig in databases. ep, Information security systems provide message integrity alongside to Confident; TT 3. Availability ‘The CIA trind goal of availability is the situation where information is availa where it is rightly needed. For any information system to serve itg may information must be available when it is needed. POR, 4g In the CIA triad, availability is attached or linked to information securi CUTtY because eft, ‘security measures to protect the system components and ensuring that info tive available. Maton i Availability is maintained when all components of the information s: Properly. Problems in the information system could make it im Stem are Workin : ; A ; POSSIDIe 10 acca, information, thereby making the information unavailable, iets Tope: Acthortoaton —_—$——Saetienteston Authentication means verifying a claim of identity. When Ganesh Bhagwat goes into a bank to make a withdrawal, he tells the bank teller he is Ganesh Bhagwat a claim of ‘The bank teller asks to see a photo ID, so he hands the teller his PAN card. The bank tll ‘checks the PAN card to make sure it has Ganesh Bhagwat printed on it and compares the Photograph on the license against the person claiming to be Ganesh Bhagwat If the photo and name match Bhagwat is who he claimed to Providing evidence that he/she Ganesh the person, then the teller has authenticated that Gans be. Similarly, by entering the correct password, the " is the person the username belongs to. ‘There are three different types of information that can be used for authentication © _APIN, a password, or your date of birth, © APAN card or a magnetic swipe card, . . : = e) scan © Biometrics, including palm prints fingerprints, voice prints and retina (ey®) **" a P| Ethical Hacking (MU - B.Sc. - Comp.- Sem VI) _1-5 Info. Sec.; Attacks & Vulnerabilities: = Strong authentication requires two-factor authentication. The username is the most common form of identification on computer systems now a days and the password is the most common form of authentication = Usernames and passwords have served their purpose, but they are increasingly inadequate. = Usernames and passwords are slowly being replaced or supplemented with more sophisticated authentication mechanisms such as Time-based One-time Password algorithms. Syllabus Topic : Authorization 1.4 Authorization “What is Authorization 2_ (Ref. Sec. 1.4) Marks} — Authorization to access information and other computing services begins with administrative policies and procedures. — While a person, computer or program has successfully been identified and authenticated then it is decide that what kind of action they allowed to perform such as run, view, create, delete or change is called authorization. ~The policies state what kind of information and computing services can be accessed, under what conditions and by whom. — The access control mechanisms as we discussed already are then configured to enforce these policies. Different computing systems are equipped with different kinds of access control mechanisms. Some may even offer a choice of different access control mechanisms. ~The access control mechanism a system offers will be based upon one of three approaches to access control, or it may be derived from a combination of the three approaches. Syllabus Topic : Risk 1.5 Risk is role of risk in information security ? (Ref. Sec. 1.5) ~ Risk is a big term in information security, The success of any risk management of any organization or industry is depending on the management of risk data. SS Ethical -BSc.- -SemVi)_1-6 Info, Sec. Atacks & Vulnerabiti, = Risk management information systems or services also called as RMIS are used to supp expert advice and cost-effective information management solutions around key Processes such as : © Risk control : Risk control is the method by which organization evaluate potenti, Josses and take action to reduce or eliminate such threats. © Risk financing : Risk financing is the determination of how an organization will pay for loss events in the most effective and least costly way possible. Risk financing involves the identification of risks, determining how to finance the risk ang monitoring the effectiveness of the financing technique that is chosen. © Risk identification and assessment : As the name suggests, risk identification is the act of identifying negative and positive risks that impact an objective. ‘Syllabus Topic : Threat A potential cause of an incident that may result in harm of systems and organization. Exampies of Online Cyber Security Threats 1. Computer Viruses A computer virus is a program written to alter the way a computer operates, without the Permission or knowledge of the user. A virus replicates and executes itself, usually doing damage to your computer in the process. 2. Spyware Threats A spyware is any program that monitors your online activities or installs programs without your consent for profit or to capture personal information. 3. Hackers and Predators Hackers and predators are programmers who victimize others for their own gain bY breaking into computer systems to steal, change, or destroy information as a form ©! cyber-terrorism. 4. Phishing Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Fig. 1.6.1 shows possible threats in information security. Spyware Hackers ue Key er: Lockups Lost Identity Ong Theft Trojan Slow poe response ‘Oniine Computer Predators pop crashes Ups Worms Root Kits Fig. 1.6.1 : Threats in information security Syllabus Topic : Vulnerability 1.7_ Vulnerability Define Vulnerability. (Ref. Sec. 1.7) af (2 Marks)| - Vulnerability is a weakness which can be exploited by a Threat Actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. — _ In this frame, vulnerability is also known as the attack surface. f Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems. A security risk is often incorrectly classified as vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the exploit of vulnerability. Then there are vulnerabilities without risk: for example when the affected asset has no value. SS ll sti Ethical Hacking (MU - B.Sc. - Comp.- Sem Vi) _1-8 Info. Sec.: Attacks & Vulnerabaite, — Syllabus Topic : Attack SSS 1.8.1. What is attack in information security ? (Ref. Sec. 1.8) (2 Marks)| 1.8.2 What are f. Sec. 1. - An Attack is any attempt or tries to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an Asset. — Information security attacks are those attacks on data and information to steal, misuse or delete them. These attacks are taking advantage of the weaknesses of either information technology or humans. — Anattack can be active or passive. © Active attack : An “active attack" attempts to alter system resources or affect their Operation. © Passive attack : A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. Syllabus Topic : Attack Surface 1.8.1 Attack Surface ‘gs __ What is Attack S The attack surface of a software environment is the total of the different points called as attack vector, where an unauthorized user also called the attacker can try to enter data to ‘br extract data from an environment. — Keeping the attack surface as small as possible is a basic security measure. — Attack surfaces can be divided in to a few categories : © The network attack surface. © The software attack surface. The physical attack surface, [What is Malware ? (Ref. Sec. 1.9) (2 Marks) short note on malware. (Ref. Sec. 1.9) (4 Marks) & Ethical Hacking (MU - B.Sc. - Comp.- Sem VI) 9 Info. Sec.: Attacks & Vulnerabilities Syllabus Topic : Malware Malware Malware is any software intentionally designed to cause affect or damage to a computer, computer network or server. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software. ‘The code is described as computer viruses, worms, Trojan horses, ransom ware, spyware, adware, and scare ware, among other terms. Malware has a malicious intent, acting against the interest of the computer user and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug. Programs officially supplied by companies can be considered malware if they secretly act against the interests of the computer user. For example, Sony sold the Sony rootkit, which contained a Trojan horse embedded into CDs that silently installed and concealed itself on purchasers’ computers with the intention of preventing illicit copying. It also reported on users’ listening habits, and unintentionally created vulnerabilities that were then exploited by unrelated malware. ‘Syllabus Topic : Security-Functionality-Ease of Use Triangle 1.10 Security-Functionality-Ease of Use Triangle ase of use triangle. (Ref. Sec. 1.10) (4 Marks) Security Functionality Ease of use| Fig. 1.10.1 : Security Triangle Lica There is an interconnection between these three att Tributes, Whe, usability and functionality rises down. Any organization should p, ‘i Se, three attribute to arrive at a balanced information system, ‘Alanice Following are some important terms to consider in hacking ; ing Utity Ng beta A UT etic Hacking (MU - B.Sc. - Comp. Sem VI) _1-11 Info. Sec.: Attacks & Vulnerabilities Syllabus Topic : Types of Malware 4.11 Types of Malware [EGA Enlist types of malware. (Ret. Sec. 1.11) (2 Marks) Following are the types of malware : Fig. 1.11.1 : Types of Malware Syllabus Topic : Worms — Though closely related, worms and viruses are two completely different types of malware. Both have the ability to self-replicate and propagate by attaching themselves to files. ~ While a virus moves from machine to machine, a worm tends to leach onto network traffic and can be a corporation's worst nightmare. In no time, it can travel through the internet and inflict great damage from deleting files to creating backdoors that give its creator control of a system. = Ethical (wu -Bse.- sem Vi) Info, See. Attacks & Vulnerabligg, Worm examples include : — NegrBot : This worm propagates through chat messengers and social networking site, Perpetrators use social engineering to encourage downloading of the malware that, onc, installed, turns the user's machine into a zombie participating in a massive botnet. It aj,, stops infected systems from being updated and can steal login credentials and othe, sensitive information. - ILOVEYOU : This has been deployed using a social engineering attack that encourageg people, through the enticement of a possible love interest, to open an email attachmen, containing the worm. A Visual Basic script is run that then overwrites various file types, The worm has infected an estimated 45 million computers. Syllabus Topic : Viruses 1.11.2 Viruses (2 Marks) Q. 1.11.3 _ Define Virus. (Ref. Sec. 1. 11.2) — The computer virus is the most infamous type of malware. It is a self replicating program that infects a system without authorization. — A virus is often transmitted via an e-mail but can also be distributed through various storage mediums such as a flash drive. Once installed, it will execute itself, infect system files, and attempt to propagate to other systems. — The impact of a virus ranges widely from slow system performance to wiping out every file on your computer. UU preeneee Syllabus Topic : Trojans a 1.11.3 Trojans — Similar to the mythical wooden horse used by the Greeks to invade Troy, the Trojan hors¢ is a very deceptive program that appears harmless but is actually one of the mos dangerous types of malware. It may arrive as a friendly email attachment or present itself as a useful application on a website, ’| Ethical Hacking (MU - B.Sc, Sem Vi) 3 Info. Sec.; Attacks & Vulnerabilities Because it does not have the ability to self replicate, a Trojan cannot be classified as a virus. However, it does have the ability to deliver destructive payloads and unload viruses, worms or spyware. (netuding ars code @ 5. 402-111-1320) ‘Social securtty number Fig. 1.11.2 : Tiny Banker Trojan being used to users into disclosing sensitive information re... Ethical Hi (MU - B.Sc, - - Sem VI) _1-14 Info. Sec.: Attacks & ulnorabgg Syllabus Topic : Spyware a 1.11.4 Spyware ~ Spyware is a sneaky program that tracks and reports your computing activity Withon Consent. While it isn't designed to inflict damage, spyware can terribly affect 14, performance of your computer over time. ~ Spyware usually comes bundled with free software and automatically installs itself wiy, the program you intended to use. Signs of spyware include sudden modifications to yoy, web browser, redirects of your search attempts and the frequent displaying of pop-ups. ~ In this instance, spyware can also be termed as adware which is essentially ad-supported software that has the ability to track your activity. «fT Eee ————— ~ A rootkit could be a single program or collection of programs designed to take complete control of a system. This type of malware is employed by hackers and gives them all the abilities of a system administrator from a remote location. - Rootkits are very sophisticated as they make hackers very difficult to find. They are often used to infect other computers and enslave them as zombies, forcing them to attack other machines, distribute spam or steal passwords, = When attempting to track a rootkit's creator, the search usually ends with the first zombie while the hacker goes undetected. ~ Examples of rootkits include Flame, used in cyberes Pionage attacks to steal screenshots, record keystrokes and monitor network traffic. It was most notably used to disrupt Iranian oil refinery production in 2012, 5) Ethical (MU - B.Sc. Sem Vi) _1-15 Info, Seo.: Attacks & Vulnerabilitios Syliabus Topic : Types of Vulnerabilities 1,32_Types of Vulnerabilities -1_ What are the of 2 (Ret. Seo. 1.1 Marks) Vulnerabilities can be fall into one of a small set of categories : Access-Control Problems Buffer Overflows Unvalidated Input Race Conditions ‘Weaknesses in authentication, authorization, or cryptographic practices, In this topic we will sce nature of each type of Vulnerability. ‘Syllabus Topic : OWASP Top 10 yeep 1.12.1 OWASP Top 10 — The Open Web Application Security Project (OWASP) is a non-profit organization. This ‘organization is dedicated to providing unbiased, practical information about application ‘security. ~ The OWASP Top 10 Web Application Security Risks was updated in 2017. They provide guidance to developers and security professionals on the most critical vulnerabilities that ‘are commonly found in web applications, which are also easy to exploit. ~ These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers. Syllabus Topic : Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) ~ Cross-site scripting (XSS) flaws give attackers the capability to inject client-side scripts OO = com V_1:18 Info. Sec.: Attacks 4 y : Ethical wu. — For example: to redirect users to malicious websites security testing to help programmer, s ae vaing best practices, such as encoding datg Pre cross-site scripting with best coding and | validation. " icaaie ‘Syllabus Topic : Cross ‘Site Request Forgery (CSRFXSRF) 4.12.3 Cross Site Request Forgery (CSRF/XSRF) ‘Sec. 1.12.3) 5 Forgery (CSRF), also known as XSRF, Session Riding or Seq Sur ser into executing an unwanted action i. a — Cross Site Request an attack vector that tricks a web brow: application to which a user is logged in. CSRFs are typically conducted using malicious social engineering, such as an emily link that tricks the victim into sending a forged request to a server. As the unsuspectizy user is authenticated by their application at the time of the attack, it’s impossible 4 distinguish a legitimate request from a forged one. 'A successful CSRF attack can be devastating for both the business and user. It can resi in damaged client relationships, unauthorized fund transfers, changed passwords and des theft including stolen session cookies. a * . @ Perpetrator embeds the A visitor clicks on the request into 2 hyperlink and Website Visitor link, inadvertently ‘sends it to visitors who may sending the request © be logged into the site. the website a Ethioal Hacking (MU - B.Sc. Comp Sem VI)_) 17 Info. Sec.: Attacks & Vulnerabilities © CSRF EXAMPLE request for a Rs.1000 bank transfer might look like : 1000Rs HTTP/1.1 = For example, a typical GET [[GET http: //abcbank.com/transfer do?acct=PersonB&amount~ can modify this script so it results in @ 1000Rs transfer to their own account. = A hacker Now the malicious request might look like: [ ‘GET http://abcbank. com transfer do?acct=AttackerA&amount=1000Rs HITP/1.1. = Abad actor can embed the request [ <> Wwe "http//abebank.com transfer. do?acct=AttackerABamount=1000Ré">Read morel into an innocent looking hyperlink: Syllabus Topic : SQL Injection SQL injection, also known as SQLI. It is a common attack vector that uses malicious SQL code for database at the backend to manipulation and access information that was not intended to be displayed. This kind of information may include any number of items, other data or list, including sensitive company data, user lists or private customer details. Because of SQL injection can have on a business is far reaching. A successful attack is result in the deletion of entire tables, unauthorized viewing of user lists and, in certain cases, the attacker gaining administrative rights to a database, all of which are confidential and very important to a business. When calculating the potential cost of a SQLI, it’s important to consider the loss of customer trust should personal information such as phone numbers, addresses and credit card details are stolen. While this vector can be used to attack any SQL database, websites are the most frequent targets, ‘SQL Injection example An attacker wanted to execute SQL injection manipulates a standard SQL query to exploit non-validated input vulnerabilities in a database. ‘There are many ways that this attack vector can be executed, several of which will be shown here to provide you with a general idea about how SQLI works. Ethical Hacking (Mi Sc. - Comp. Sem VI) _1-18 Info. Sec.: Attacks & Vulneral ilitieg ~ For example, the above-mentioned input, which pulls information for a specific Produey, can be altered to read http:/Awww.mystore.com/item/item.php?itemid=111 or 2=2, As a result, the corresponding SQL query looks like this : ‘SELECT I_Name, I_Description FROM Items WHERE I_Number = 111 OR 2=2 — And since the statement 2 = 2 is always true, the query returns all of the product name and descriptions in the database, even those they you may not be eligible to access. Attackers are also able to take advantage of incorrectly filtered characters to alter SQi, commands, including using a semicolon to separate two fields. For example, this input http://www.mystore.com/item/item.php?itemid=111; DRop TABLE Users would generate the following SQL query: SELECT L_Name, I Description FROM Items WHERE I_Number = 111; DROP TABLE USERS = As a result, the entire user database could be deleted. ‘Syllabus Topic : Input Parameter Manipulation 1.13.1 Input Parameter Manipulation ‘(4 Marks) — The data sent between the browser and the web application manipulating to an attacker’ advantage has long been a simple but effective way to make applications do things in a way the user often shouldn't be able to. — Ina very badly designed and developed web application, malicious users can alter of modify things like prices and value in web carts, session tokens or values stored in cookies and even HTTP headers. — Cryptographic protection in the transport layer (SSL) in no way protects one from attacks like parameter manipulation in which data is mangled before it hits the wire. No data sen! to the browser can be relied upon to stay the same unless cryptographically protected ® the application layer. Parameter tampering can often be done with cookies and form field’: 87} Ethical Hacking © Cookies Example from a real world example on a travel web site modified to protect the innocent (or stupid). [Ey Gookie : tang=en-us; ADMIN=no; y=1 ; time=10:30GMT ; ]@ Form Fields imple form to submit 2 sername and password to a As an example an application uses a simp cat for esaticatisn ai HTTP over SSL. The username and password form fields look ; like this. @ URL Query Strings The original URL for charity website is looks like as follows: [s http://www.xyz.com/example?accountnumber=12345&debitamount=1 ee. malicious user could construct his own account number and change the parameters as Ss: http://www.xyz.com/example?accountnumber=67891&creditamount=99999999 1U - B.Sc. - Comp.- Sem VI) = HTTP Headers HTTP headers are control information passed from web clients to we lee, Fequests, and from web servers to web clients on HTTP responses. Each hase, consists of a single line of ASCII text with a name and a value. Sample header, tre Tequest follow : ‘ moe Host : www.someplace.org Pragma : no-cache ‘Cache-Control : no-cache User-Agent: Lynx/2.8.4dev.9 libwww-FM/2.14 Referer : http://Avww.someplace.org/login. php Content-type : application/x-www-form-urlencoded Content-length : 49 ______ Syllabus Topic : Broken Authentication ation? ) (Ref. Sec. 1.13.2) Garg) Two ways authentication can be broken 1. Insecure Reset Password The Reset password thing can be done by visiting an URL such as below : [i hnttp://127.0.0.1:9090/resetpw?login-user@token-ee11cbb19052 2. Insecure Session Secret ‘The session secret is used is insecure and is used in the example snippets across the «> = Vulnerable Code snippet server.js app-use(session({ secret: ‘keyboard cat’, Ethical Hacking (MU - B.Sc. - Comp.- Sem VI) _1-21 Info. Sec.: Attacks & Vulnerabilities SS Syllabus Topic : Sensitive Information Disclosure 1.13.3 Sensitive Information Disclosure [EEGEIES_ What is Sensitive information Disclosure ? (Ret. Sec. 1.13.3) (2 Marks) © Hashed Passwords Disclosed The Admin API endpoint at http://127.0.0.1 9090/app/admin/api/users sends the entire user object to the front end. Even if the applic: ation/page rendering this may not display the password, it's critical that only necessary information is sent instead of the entire Sa oH {success Rei > Sagin®:*user*, email": *eser”, "password: S2aS0S26TROAYORXIMFZL 2 )OMOD83AZ TIAA /3T eee ee = 10-2ET8: 3458.60", opdatedht*:"2017-18-28728:54:58. 0082") ]} Fig. 1.13.2 = Vulnerable Code snippet ‘core/apphandler js db.User.FindAll({}).then(users —> { res.status(200).json({ ‘success: true, users: users » = Logging of sensitive information By default, Sequelize logs every query using console. log, this could be a serious issue if these ogs are stored to disk or worse, sent elsewhere for analytics or other purposes. a2.'= Tes/nov/ 2017-00: “POST /app/useredit umes. 1" 382 76 9898/app/useredit” entre . (X11; Linux x86_64) ApplevebKit/537.36 ‘Like Gecko) ‘Ubuntu Chrone/62.6.3262.62 Satari/537.36" y, ‘role’, ‘created User oid Executing (default): SELECT “id’, ‘code’, “name”, Sageeripeia tags’, “createdAt™, “u Fig. 1.13.3 a om VI) te Lio ea Aleck A Vitnaray ition! Hooking (MU ff, Conip Byllabus Toplo 1 XML External Entities —— 1.14 XML External Entition (TART ral ion, (ot, So. 1.14) gy ‘The Bulk Import feature at htip://127.0.0,1:9090/app/oulkproducts Is vulnerable to xq External Batity attack. ef. Bulk Import Products Upload products owe, No he Blot Sample XML cvredicte> orotac > names Ones /ime coder lender Siig cana rgtiooaning cons an Ne by Microsefte/ercriotione ‘ctagganing consolec/tags> nctnanig cl Soy rteniion Fig. 1.141 i } Ethical Hacking (MU - B.Sc. - Comp. Sem VI) _1-23, Info. Sec.: Attacks & Vulnerabilities This can be easily exploited by supplying an input like the one below IDOCTYPE foo [ ENTITY bar SYSTEM “file:///etc/passwd" >]> & jucts> | qproduct> Playstation 4 274 gaming console -edescription>Sbar; oduct> lucts> The resulting product's description will have the contents of /etc/passwd. Syllabus Topic : Broken Access Control 1.14.1 Broken Access Control [fb1.142 Explain Broken Access Control. (Ref. Seo. 1.14.1), ~(@ Marks) The issue lies in List Users API implementation where the code does not correctly establish identity and capability for the calling user before fulfilling the request. 7 Vulnerable Code snippet /app.js aes Ss 7 -get('/admin’ authHandler.isAuthenticated, function(req,res){ _ tes.tender(‘app/admin’,{admin: (req.user.role—'admin’)}) -get('/admin/api/users’,authHandler.isAuthenticated, appHandler.listUsersAPT) /app/admin.ejs isAdmin = false; tisAdmin){ "var div = document.getElementByld(‘admin-body’); F div.style.display = "none"; | Var diy = ocument,getElementByld(‘non-admin-body)); j div.style.display = "none"; = Info. $2e:: Atacks & Vulnerat iting Ethical Hacking (MU. Sc. - Comp.- Sem VI) By checking the page source, we are able to see the List Users API th Dashboard. Fr As for quck acess. pace yer tookmats hee onthe Booka bat. mga by. BD
    iv classe col ad 12> Unaustenzes . ‘div class= page-header'> ‘hD>Adain Dashboard ie ee appacinyapvsers oUt Users APT 1. Software-based keyloggers “= Software-based keyloggers are computer programs designed to work on the target computer's software. Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. vi) 108 Info. Sec.: Attacks & Vulner, Comp- Sem. Ethical Hacking (MU - 8 > 2 Hardware-based keyloggers — — Hardware-based keyloggers do not depend upon 8° software being installed as they ey at a hardware level in a computer system. (2) A connected hardware-based keylogger (1) A hardware-based keylogger Fig. 1.163 Syllabus Topic : Denial of Service (D0S/DDoS) 1.96.2 Denial of Service (DoS /DDoS) [GQ 4.462 What is Denial of Service attack ? Explain. (Ref. Sec. 1.16.2) (4 Marks) — in computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. _ Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Slaves Attacker Victim uD Fig. 1.164 : DDoS Attack = ethical Hacking (MU - B.Sc_- Comp - Sem VI)_ 1:29 Info. Sec.: Attacks & Vulnerabilities tn a distributed denial-of-service attack (DD0S attack), the incoming traffic flooding the sjetim originates from many different sources. This effectively makes it impossible to stop ack simply by blocking a single source. the att ‘A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade. — Syllabus Topic : Waterhole Attack rat 4.16.3. Waterhole Attack 46.3 Write a short note on Waterhole attack. (Ref. Sec. 1.16. ‘A watering hole attack is a malware attack in which the attacker observes the websites often visited by a victim or a particular group, and infects those sites with malware. A ‘watering hole attack has the potential to infect the members of the targeted victim group. Although uncommon, a watering hole attack does pose a significant threat to websites, as these attacks are difficult to diagnose. Watering Hole Attack Infected Vistors Fig. 1.16.5 : Watering hole attack = Watering hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. - Eventually, some member of the targeted group becomes infected. Hacks looking for specific information may only attack users coming from a specific IP address. = This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, which wait for an opportunity to attack their prey near watering holes. > Pe ll . mvt) 1-30 Info. Sec.: Attacks & yj Ethical Hacking (MU - B.Sc. - Comp- Sem Vi)_1-3¢ Yo. er, jand-errot method used to obtain information sch 88 4 og) Password or personal identification number (PIN). In a brute force attack, aut sotware i wed Yo gener age number of consecutive GUE 10 the vale fe desired data. = iti... ‘analysts to test an organization's network security. ~ A bnute force attack is also known as brute force cracking or simply brute force. - ‘One example of a type of brute force attack is known as a dictionary attack, which might ‘ty all the words in a dictionary. ‘Other forms of brute force attack might try commonly. ‘used passwords or combinations of letters and numbers. An attack of this nature can be time and resource-consuming. Hence the name "brute force ‘attack;” success is usually based on computing power and the number of combinations ‘ned rather than an ingenious algorithm. ~The following measures can be used to defend against brute force attacks : © — Requiring users to create complex passwords. | © Limiting the number of times a user can unsuccessfully attempt to log in. ° ‘Temporarily locking out users who exceed the specified maximum number of failed login attempts. is a hacking technique using which a hacker replicates the most-accessed sites and traps the victim by sending that spoofed link. Combined with social engineering, \' | becomes one of the most commonly used and deadliest attack vectors,

    You might also like