Day 1: Setting the Foundation
Day 1 sets the foundation in which Web server penetration tests are
performed. Emphasis is placed on understanding the target and the importance of
performing the work in a methodical and thorough manner.
E-commerce Primer
- E-commerce components
- E-commerce hacking prerequisites
- The web hacker's toolkit: browsers and other tools
- Introduction to Web publishing and programming languages
- Introduction to Web protocols
- Introduction to Web platforms and host operating systems
Information Gathering
Web reconnaissance
Web server enumeration
Vulnerability scanning
Site duplication
Source sifting
Field and URL analysis
Viewing Application Source
File handler mismatch
Sample file vulnerabilities
Microsoft IIS, ASP, index server, FrontPage vulnerabilities
File location validation issues
Hex character replacements
Backup file access
Information Gathering Lab
Newly-learned tools and techniques are used to footprint a bank of Web
servers running on various server software, host operating systems, and
applications. You will also discover source code disclosure vulnerabilities and
exploit them to determine information necessary to complete the lab. This lab
gives you the opportunity to run the discussed tools in a realistic manner
against live machines on the lab network.
Day 2: Common Server and Application Exploits
Day 2's focus is on the two most common categories of Web server and Web
application exploits - file system traversal and input validation. The day
begins with common examples of file system traversal attacks and discusses
methods for discovering other, similar vulnerabilities. Also covered is
Foundstone's methodology for performing input validation testing, including
common types of input validation problems and how hackers take advantage of
them. Throughout the lecture, you have access to test machines to experiment
with each concept presented.
File System Traversal Attacks
Dot listings
Tilde Usage
Dot Dot bugs
Encoded Dot Dot bugs
Wildcard characters
Input Validation Attacks
Meta-characters
Application field overflows
Server buffer overflows
Hex character replacement
Server side includes (SSI)
Hidden tags
Cross site scripting
Forcing handlers
Web Server Attack Lab
The day ends with a hands-on lab involving several target Web servers. You
will follow the information gathering and attack methodologies to work your way
through the lab. Many of the tools taught during the day will be used to
compromise the systems hosting Web servers. You will be given a clue for the
first target Web server, and successful compromise of each target yields a clue
for the next target. This "capture the flag" style exercise
demonstrates the process of chaining vulnerabilities together to achieve
complete compromise of the target servers and formulation of a complete
assessment.
Day 3: Impersonation and Other Topics
Day 3 focuses on impersonation attacks and other common Web server topics.
Included is a discussion of common state tracking methods and a discussion of
tools and techniques to exploit these methods and impersonate other users. The
rest of the day is spent covering a variety of "grab bag" topics.
Throughout the lecture, you have access to test machines in order to experiment
with each concept presented.
Impersonation Attacks
Determine state tracking in web applications
Hidden fields
Cookies
Session ID creation weaknesses
Sniffing user credentials
Brute force authentication
Grab Bag Topics
Server side debugging
Hacking over SSL
Decompiling Java applets
SQL injection attacks
Web Attack Lab
The day ends with a hands-on lab involving several target Web servers. Follow
the information gathering and attack methodologies to work your way through the
lab, and many of the tools taught during the third day will be used to
compromise the Web servers. You begin with a clue for the first target Web
server, and successful compromise of each target yields a clue for the next
target. As with the day two lab, this "capture the flag" style
exercise demonstrates techniques for employing multiple vulnerabilities to
achieve complete compromise of the target servers and formulation of a complete
assessment.
Hands On Exercises
Extensive hands-on exercises provide detailed, practical experience in
attacking and securing various operating systems. You can immediately experiment
with concepts as they are taught.
Information Gathering Exercises
Port scanning from Linux and MS Windows
Banner grabbing with netcat
SSL banner grabbing
Vulnerability scanning
Manual source viewing and editing
Automated site duplication
Manual source sifting
Automated source sifting tools
GET/POST requests manipulation
Source Viewing Exercises
JSP source code disclosures
File handler source code disclosures
ASP source code disclosures
CGI source code disclosures
Backup file searching
File System Traversal Exercises
Compaq Insight Manager file retrieval
Unicode and double decode vulnerabilties
Exploiting test-cgi vulnerability
Input Validation Exercises
Checking Microsoft Data Access Components (MDAC) vulnerability
Exploiting MDAC vulnerability
Sambar server exploitation
IIS buffer overflow attack
Server Side Includes (SSI) remote shell hack
E-shoplifting price changes
E-shoplifting negative quantities
Cross site scripting exploits
Java servlet command execution
Impersonation Exercises
Cookie file diagramming
Achilles cookie manipulation
User impersonation attack
Sniffer deployment and HTTP traffic capture
Brutus wordlist generation and password guessing
Grab Bag Exercises
SSL proxy for attacks
Decompiling Java applets
SQL injection techniques
Course Labs
Lab 1: Site Duplication
Lab 2: Manual Vulnerability Scanning
Lab 3: SSL Enumeration
Lab 4: E-mail and External Link Searches
Lab 5: Source Code Retrieval
Lab 6: ASP, CGI, Cold Fusion, and Java Server Vulnerability Exploitation
Lab 7: Input Field Overflow Exploitation
Lab 8: Exploiting SSL-Enabled Sites
|