- Search engines use automated software, i.e., crawlers, to continuously scan active websites and add the retrieved results in the search engine index that is further stored in a massive database. When a user queries the search engine index, it returns a list of Search Engine Results Pages (SERPs). These results include web pages, videos, images, and many different file types ranked and displayed according to their relevance. - A Google search could reveal submissions to forums by security personnel, disclosing the brands of firewalls or antivirus software used by the target. This information helps the attacker in identifying vulnerabilities in such security controls. - For example, consider an organization, perhaps Microsoft. Type Microsoft in the Search box of a search engine and press Enter; this will display the results containing information about Microsoft. Browsing the results often provides critical information such as physical location, contact addresses, services offered, number of employees, and so on, which may prove to be a valuable source for hacking. - - - - - Many people coming from a Windows environment can find this frustrating. - Followed by a keyword denoting what it is you want to find - If it gets packets with the M flag set, the receiver can hold the packets and reassemble them into a complete packet - With so many text files, manipulating text becomes crucial in managing Linux and Linux applications. - For illustrative purposes, I’ll use files from the world’s best network intrusion detection system (NIDS) - in this case, Mode:Managed, in contrast to monitor or promiscuous mode - Hackers can find a treasure trove of information on a target in its Domain Name System (DNS) - the association of domain names with IP addresses could fit into single text file - In some cases, the hackers/attackers can simply harvest information from the DNS servers on the target such as DNS scanning and DNS recon - The manager can undertake management tasks, - the communication takes place with protocol data units or PDU's. - The management data exposed by the agents - some people find chmod’s symbolic method more intuitive - As a hacker, these special permissions can be used to exploit Linux systems through privilege escalation, - The output reveals numerous files that have the SUID bit set. - There is no doubt that web application security is a current and newsworthy subject. - The Evolution of Web Applications - web applications have been widely adopted inside organizations to support key business functions. - Some problems have become less prevalent as awareness of them has increased - Application-level denial-of-service attacks can be used to achieve the same results as traditional resource exhaustion attacks against infrastructure. - Throughout this evolution, compromises of prominent web applications have remained in the news - Therefore, it must take steps to ensure that attackers cannot use crafted input to compromise the application by interfering with its logic and behavior, thus gaining unauthorized access to its data and functionality. - A defect in any single component may enable an attacker to gain unrestricted access to the application’s functionality and data. - Posts and comments made to the blog may quite legitimately contain explicit attack strings that are being discussed - What is actually taking place on our system. - you can use nice to suggest that a process should be elevated in priority - the superuser or root user can arbitrarily set the nice value to whatever they please. - Linux Environment variables are the dynamic values that impact the programs or processes on the computer. - web applications may incorporate user-supplied input into SQL queries - If this process is not carried out safely, attackers may be able to submit malicious input to interfere with the database - The PHP language emerged from a hobby project - Any reasonably functional application may employ dozens of distinct technologies within its server and client components. - the Java Platform, Enterprise Edition (formerly known as J2EE) was a de facto standard for largescale enterprise applications - it lends itself to multitieredand load-balanced architectures and is well suited to modular development - Because of its long history and widespread adoption, many highquality development tools, application servers, and frameworks are available to assist developers - Descriptions of Java-based web applications often employ a number of potentially confusing terms that you may need to be aware of - Rails 1.0 was released in 2005, with strong emphasis on model-view-controller architecture - Extensible Markup Language (XML) is a specification (khác vs specific) for encoding data in a machine-readable form - XML and technologies derived from it are used extensively in web applications, on both the server and client side - the ways in which applications leverage client-side technology has continued to evolve rapidly in recent years. - Part of the motivation for XHTML was the need to move toward a more rigid standard for HTML markup to avoid the various compromises and security issues that can arise when browsers are obligated to tolerate less-strict forms of HTM - how different aspects of the request are used to control server-side processing - if you are sending a script or document, the integrity of the original file must be retained when it is decompressed - HTML encoding is used to represent problematic characters so that they can be safely incorporated into an HTML document. - to perform a rigorous inspection of the enumerated content, - Google attempts to filter out redundant results by removing pages that it believes are sufficiently similar to others included in the results - any item of information returned by the server may be customized or even deliberately falsified - The HTTP specification contains a lot of detail that is optional or left to an implementer’s discretion - It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated guess, by observing clues that the application discloses to the client - The handling of this URL is probably functionally equivalent to the following - sanitizing various kinds of potentially malicious input before it is processed. - Some applications use custom obfuscation schemes when storing sensitive data on the client to prevent casual inspection and modification of this data by users - If you are lucky, aspects of this structure may be replicated in other areas. - Isolating Unique Application Behavior - this vulnerability was extremely widespread, and by no means has it been eliminated today - an easier and more elegant method is to use an intercepting proxy to modify the desired data on-the-fly - because the user controls every aspect of every request, including the HTTP headers, this control can be easily circumvented by proceeding directly to CreateUser.ashx and using an intercepting proxy to change the value of the Referer header to the value that the application requires using it to control application functionality should be regarded as a hack Notice that the path ❶ and the imported package name are constructed in a way that avoids assigning the same name to multiple packages. - - this book almost exclusively uses go get to pull down dependencies An exhaustive review of the entire Go language would take multiple chapters It contains serialized information about the state of the current page It enables the server to preserve elements within the user interface across successive requests without needing to maintain all the relevant state information on the server side. Although sample procedures are linked to sub-techniques, the ATT&CK framework does not contain a comprehensive list of procedures, nor is it intended to it adopts a minimalistic approach that encourages you to check for errors if programmers would simply properly use the safer alternatives, such as snprintf, then the entire class of buffer overflow attacks would be less prevalent. Compiling is the process of turning human-readable source code into machine-readable binary files that can be digested by the computer and executed You may not get accurate results for ports whose packets were still in-flight. - shared libraries could be abused to gain code execution or full system compromise. - Notice that the explicit calls to reader.Read([]byte) and writer.Write([]byte) have been replaced with a single call to io.Copy(writer, reader) a TCP server can’t simply manufacture a connection - - - - - At the time of this writing, the fee is fairly nominal for the lowest tier, which offers adequate credits for individual use Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic As we stressed in the Shodan section, relatively benign information Information such as employee names, phone numbers, email addresses, and client software versions are often the most highly regarded because they provide concrete or actionable information One of the fantastic things about Go’s package is that it’s contextually aware: The variable can be a complex structure with several fields, or it can be a primitive variable. This is a contrived example that shows how to dynamically populate content returned to the browser