Hacking Exposed 6: Network Security Secrets & Solutions in Software

Creation QR Code ISO/IEC18004 in Software Hacking Exposed 6: Network Security Secrets & Solutions

Hacking Exposed 6: Network Security Secrets & Solutions
Create Quick Response Code In None
Using Barcode encoder for Software Control to generate, create QR Code image in Software applications.
Scanning QR Code 2d Barcode In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.
Accessing Router/Switch configurations via TFTP Network devices such as routers, switches, and VPN concentrators commonly provide the functionality to configure the device as a TFTP server In some cases, attackers can leverage this functionality to their advantage in order to obtain the device s configuration file Some files an attacker may look for on network devices are
Quick Response Code Creation In C#
Using Barcode maker for .NET framework Control to generate, create QR Code ISO/IEC18004 image in .NET framework applications.
Making QR In .NET Framework
Using Barcode printer for ASP.NET Control to generate, create QR Code JIS X 0510 image in ASP.NET applications.
running-config startup-config config config run
Quick Response Code Drawer In .NET Framework
Using Barcode maker for Visual Studio .NET Control to generate, create QR image in VS .NET applications.
Encode Denso QR Bar Code In Visual Basic .NET
Using Barcode creator for VS .NET Control to generate, create QR Code ISO/IEC18004 image in Visual Studio .NET applications.
TFTP Enumeration Countermeasures
Generating UPC Code In None
Using Barcode generator for Software Control to generate, create UPC-A image in Software applications.
Barcode Drawer In None
Using Barcode generation for Software Control to generate, create bar code image in Software applications.
TFTP is an inherently insecure protocol the protocol runs in cleartext on the wire, it offers no authentication mechanism, and it can leave misconfigured file system ACLs wide open to abuse For these reasons, don t run TFTP and if you do, wrap it to restrict access (using a tool such as TCP Wrappers), limit access to the /tftpboot directory, and make sure it s blocked at the border firewall
Paint EAN 128 In None
Using Barcode maker for Software Control to generate, create EAN / UCC - 13 image in Software applications.
Encode EAN13 In None
Using Barcode drawer for Software Control to generate, create EAN-13 Supplement 5 image in Software applications.
Finger, TCP/UDP 79
Generating USS Code 39 In None
Using Barcode generation for Software Control to generate, create USS Code 39 image in Software applications.
Printing ECC200 In None
Using Barcode creation for Software Control to generate, create ECC200 image in Software applications.
Popularity: Simplicity: Impact: Risk Rating: 7 10 1 6
Printing 2/5 Industrial In None
Using Barcode creation for Software Control to generate, create 2/5 Standard image in Software applications.
GTIN - 12 Generation In Java
Using Barcode maker for Java Control to generate, create UPC Code image in Java applications.
Perhaps the oldest trick in the book when it comes to enumerating users is the UNIX/ Linux finger utility Finger was a convenient way of giving out user information automatically back in the days of a much smaller and friendlier Internet We discuss it here primarily to describe the attack signature, because many scripted attack tools still try it, and many unwitting system admins leave finger running with minimal security configurations Again, the following assumes that a valid host running the finger service (port 79) has been identified in previous scans:
Bar Code Printer In Visual Studio .NET
Using Barcode drawer for Reporting Service Control to generate, create bar code image in Reporting Service applications.
Drawing Code 128B In Java
Using Barcode creation for Android Control to generate, create Code 128 Code Set B image in Android applications.
[root$]finger l @targetexamplecom [targetexamplecom] Login: root Name: root Directory: /root Shell: /bin/bash On since Sun Mar 28 11:01 (PST) on tty1 11 minutes idle (messages off) On since Sun Mar 28 11:01 (PST) on ttyp0 from :00 3 minutes 6 seconds idle No mail
Encode Bar Code In None
Using Barcode generator for Excel Control to generate, create bar code image in Microsoft Excel applications.
UPC-A Supplement 5 Creator In .NET
Using Barcode creation for VS .NET Control to generate, create UPC-A Supplement 5 image in .NET framework applications.
3:
Data Matrix Drawer In Java
Using Barcode creation for Java Control to generate, create Data Matrix ECC200 image in Java applications.
ECC200 Generation In Objective-C
Using Barcode creator for iPad Control to generate, create Data Matrix image in iPad applications.
Enumeration
plan: John Smith Security Guru Telnet password is my birthdate
finger 0@hostname also turns up good info:
[root$]finger 0@19216820234 [19216820234] Line User Host(s) * 2 vty 0 idle Se0 Sync PPP
Idle Location 0 19216820214 00:00:02
As you can see, most of the info displayed by finger is fairly innocuous (It is derived from the appropriate /etc/passwd fields if they exist) Perhaps the most dangerous information contained in the finger output is the names of logged-on users and idle times, giving attackers an idea of who s watching (root ) and how attentive they are Some of the additional information could be used in a social engineering attack (hacker slang for trying to con access from people using social skills; see 12) As noted in this example, users who place a plan or project file in their home directories can deal potential wildcards of information to simple probes (The contents of such files are displayed in the output from finger probes, as shown earlier)
Finger Countermeasures
Detecting and plugging this information leak is easy don t run finger (comment it out in inetdconf and killall HUP inetd) and block port 79 at the firewall If you must (and we mean must) give access to finger, use TCP Wrappers (see 5) to restrict and log host access, or use a modified finger daemon that presents limited information
Enumerating HTTP, TCP 80
Popularity: Simplicity: Impact: Risk Rating: 5 9 1 5
Enumerating the make and model of a web server is one of the easiest and most timehonored techniques of the hacking community Whenever a new web server exploit is released into the wild (for example, the old ida/idq buffer overflow that served as the basis for the Code Red and Nimda worms), the underground turns to simple, automated enumeration tools to check entire swaths of the Internet for potentially vulnerable software Don t think you won t get caught We demonstrated elementary HTTP banner grabbing at the beginning of this chapter in the section titled The Basics of Banner Grabbing: telnet and netcat In that section,
Hacking Exposed 6: Network Security Secrets & Solutions
we showed you how to connect to a web server on the standard HTTP port (TCP 80) using netcat and how to hit a few carriage returns to extract the banner Usually the HTTP HEAD method is a clean way to elicit banner info You can type this command right into netcat once you ve connected to the target server, as shown here (commands to be entered are listed in bold; you ll need to hit two or more carriage returns after the line containing the head command):
C:\>nc v wwwexamplecom 80 wwwexamplecom [102191001] 80 (http) open HEAD / HTTP/11 HTTP/11 200 OK Server: Microsoft-IIS/50 Date: Thu, 17 Jul 2008 14:14:50 GMT X-Powered-By: ASPNET Content-Length: 8601 Content-Type: text/html Set-Cookie: ASPSESSIONIDCCRRABCR=MEJICIJDLAMKPGOIJAFBJOGD; path=/ Cache-control: private
We ve demonstrated the HTTP HEAD request in the previous example, which is uncommon nowadays, with the notable exception of worms Therefore, some intrusion detection systems might trigger from a HEAD request Also, if you encounter a website that uses SSL, don t fret, because netcat can t negotiate SSL connections Simply redirect it through one of the many available SSL proxy tools, such as sslproxy, or just use openssl to perform the task:
~ $ openssl s_client quiet -connect wwwexamplecom:443 HEAD / HTTP/11 host: wwwexamplecom HTTP/11 200 OK Server: Microsoft-IIS/50 Date: Thu, 17 Jul 2008 14:22:13 GMT X-Powered-By: ASPNET Content-Length: 8601 Content-Type: text/html Set-Cookie: ASPSESSIONIDAADQDAAQ=BEMJCIICCJBGGKCLLOIBBOHA; path=/ Cache-control: private
By default openssl is extremely verbose, so specify the quiet switch to limit its output You may notice that we ve also specified host: wwwexamplecom after our HEAD / HTTP/11 nudge This is because servers have the ability to host multiple
3:
Copyright © OnBarcode.com . All rights reserved.