Uploaded by mosby ted

English

advertisement
-
Search engines use automated software, i.e., crawlers, to continuously scan active websites and
add the retrieved results in the search engine index that is further stored in a massive database.
When a user queries the search engine index, it returns a list of Search Engine Results Pages
(SERPs). These results include web pages, videos, images, and many different file types ranked
and displayed according to their relevance.
-
A Google search could reveal submissions to forums by security personnel, disclosing the brands
of firewalls or antivirus software used by the target. This information helps the attacker in
identifying vulnerabilities in such security controls.
-
For example, consider an organization, perhaps Microsoft. Type Microsoft in the Search box of a
search engine and press Enter; this will display the results containing information about
Microsoft. Browsing the results often provides critical information such as physical location,
contact addresses, services offered, number of employees, and so on, which may prove to be a
valuable source for hacking.
-
-
-
-
-
Many people coming from a Windows environment can find this
frustrating.
-
Followed by a keyword denoting what it is you want to find
-
If it gets packets with the M flag set, the receiver can hold the packets and reassemble them into a
complete packet
-
With so many text files, manipulating text becomes crucial in
managing Linux and Linux applications.
-
For illustrative purposes, I’ll use files from the world’s best network
intrusion detection system (NIDS)
-
in this case, Mode:Managed, in contrast to monitor or promiscuous mode
-
Hackers can find a treasure trove of information on a target in its Domain Name System (DNS)
-
the association of domain names with IP addresses could fit into single text file
-
In some cases, the hackers/attackers can simply harvest
information from the DNS servers on the target such as DNS
scanning and DNS recon
-
The manager can undertake management tasks,
-
the communication takes place with protocol data units or PDU's.
-
The management data exposed by the agents
-
some people find chmod’s symbolic method more intuitive
-
As a hacker, these special permissions can be used to exploit Linux
systems through privilege escalation,
-
The output reveals numerous files that have the SUID bit set.
-
There is no doubt that web application security is a current and newsworthy subject.
-
The Evolution of Web Applications
-
web applications have been widely adopted inside organizations to support key business
functions.
-
Some problems have become less prevalent as awareness of them has increased
-
Application-level denial-of-service attacks can be used to achieve the same results as traditional
resource exhaustion attacks against infrastructure.
-
Throughout this evolution, compromises of prominent web applications have remained in the
news
-
Therefore, it must take steps to ensure that attackers cannot use crafted input to compromise
the application by interfering with its logic and behavior, thus gaining unauthorized access to its
data and functionality.
-
A defect in any single component may enable an attacker to gain unrestricted access to the
application’s functionality and data.
-
Posts and comments made to the blog may quite legitimately contain explicit attack strings that
are being discussed
-
What is actually taking place on our system.
-
you can use nice to suggest that a process should be elevated in priority
-
the superuser or root user can arbitrarily set the nice value to whatever
they please.
-
Linux Environment variables are the dynamic values that impact the programs or
processes on the computer.
-
web applications may incorporate user-supplied input into SQL queries
-
If this process is not carried out safely, attackers may be able to submit malicious input to
interfere with the database
-
The PHP language emerged from a hobby project
-
Any reasonably functional application may employ dozens of distinct technologies within its
server and client components.
-
the Java Platform, Enterprise Edition (formerly known as J2EE) was a de facto standard for largescale enterprise applications
-
it lends itself to multitieredand load-balanced architectures and is well suited to modular
development
-
Because of its long history and widespread adoption, many highquality development tools,
application servers, and frameworks are available to assist developers
-
Descriptions of Java-based web applications often employ a number of potentially confusing
terms that you may need to be aware of
-
Rails 1.0 was released in 2005, with strong emphasis on model-view-controller architecture
-
Extensible Markup Language (XML) is a specification (khác vs specific) for encoding data in a
machine-readable form
-
XML and technologies derived from it are used extensively in web applications, on both the
server and client side
-
the ways in which applications leverage client-side technology has continued to evolve rapidly in
recent years.
-
Part of the motivation for XHTML was the need to move toward a more rigid standard for HTML
markup to avoid the various compromises and security issues that can arise when browsers are
obligated to tolerate less-strict forms of HTM
-
how different aspects of the request are used to control server-side processing
-
if you are sending a script or document, the integrity of the original file must be retained when it
is decompressed
-
HTML encoding is used to represent problematic characters so that they can be
safely incorporated into an HTML document.
-
to perform a rigorous inspection of the enumerated content,
-
Google attempts to filter out redundant results by removing pages that it believes are
sufficiently similar to others included in the results
-
any item of information returned by the server may be customized or even deliberately falsified
-
The HTTP specification contains a lot of detail that is optional or left to an implementer’s
discretion
-
It is often possible to infer a great deal about server-side functionality and structure, or at least
make an educated guess, by observing clues that the application discloses to the client
-
The handling of this URL is probably functionally equivalent to the following
-
sanitizing various kinds of potentially malicious input before it is processed.
-
Some applications use custom obfuscation schemes when storing sensitive data on the client to
prevent casual inspection and modification of this data by users
-
If you are lucky, aspects of this structure may be replicated in other areas.
-
Isolating Unique Application Behavior
-
this vulnerability was extremely widespread, and by no means has it been eliminated today
-
an easier and more elegant method is to use an intercepting proxy to
modify the desired data on-the-fly
-
because the user controls every aspect of every request, including
the HTTP headers, this control can be easily circumvented by proceeding directly to
CreateUser.ashx and using an intercepting proxy to change the value of the Referer header to
the value that the application requires
using it to control application functionality should be regarded as a hack
Notice that the path ❶ and the imported package name are constructed in a way that avoids
assigning the same name to multiple packages.
-
-
this book almost exclusively uses go get to
pull down dependencies
An exhaustive review of the entire Go language would take
multiple chapters
It contains serialized information about the state of the current page
It enables the server to preserve elements within the user interface across successive requests
without needing to maintain all the relevant state information on the server side.
Although sample procedures are linked to sub-techniques, the ATT&CK framework does not
contain a comprehensive list of procedures, nor is it intended to
it adopts a minimalistic approach that encourages you to check for errors
if programmers would simply properly use the safer alternatives, such as snprintf, then the entire class of
buffer overflow attacks would be less prevalent.
Compiling is the process of turning human-readable source code into machine-readable binary
files that can be digested by the computer and executed
You may not get accurate results for ports whose packets were still in-flight.
-
shared libraries could be abused to gain code execution or full system compromise.
-
Notice that the explicit calls to reader.Read([]byte) and
writer.Write([]byte) have been replaced with a single call to
io.Copy(writer, reader)
a TCP server can’t simply manufacture a connection
-
-
-
-
-
At the time of this writing, the fee is fairly nominal for the lowest tier, which offers adequate
credits for individual use
Create helper functions and types to facilitate simple initialization, authentication, and
communication to reduce verbose or repetitive logic
As we stressed in the Shodan section, relatively benign
information
Information such as employee
names, phone numbers, email addresses, and client software
versions are often the most highly regarded because they
provide concrete or actionable information
One of the fantastic things about Go’s package is that it’s
contextually aware:
The variable can be a complex structure with several fields, or it
can be a primitive variable.
This is a contrived example that shows how to dynamically populate
content returned to the browser
Download