Fault Monitoring

Previous page
Table of content
Next page

Putting It Together

We've also included on the Shellcoders Handbook Web site the source code and compiled Win32 version of the sample fault injection application, RIOT. To see RIOT in action, simply copy RIOT and FaultMon from the CD-ROM to a folder on your computer. We'll perform a sample test using the input we reviewed earlier in this chapter. 

 GET /search.ida?group=kuroto&q=riot HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 Host: 192.168.1.1 Connection: Keep-Alive Cookie: ASPSESSIONIDQNNNNTEG=ODDDDIOANNCXXXXIIMGLLNNG

Don't worry about creating a test for this; it' s already set up and ready to go. Open two command shells ( cmd.exe ). The first command prompt must be opened on the server running the potentially vulnerable Web server you want to test. In this first command shell, run FaultMon and supply it with the process ID of the Web server that is running in the background. If you are running IIS 5.0, use the process ID of inetinfo.exe . If the process ID were 2003, you would type the following command into your shell: 

 faultmon.exe i 2003

As FaultMon starts, you should see a series of events displayed. You can ignore these eventsthey are related to FaultMon initialization and are irrelevant to our testing. Now that FaultMon is running and monitoring events, let' s open another shell on our attacker machine.

The second shell should be opened on the machine where RIOT is located. In the second command shell, start RIOT by entering the target IP address of the host you are auditing as well as the port number on which the Web server is listening. If the IP address of the Web server is 192.168.1.1 and the port on which it is listening is 80, then issue the following command: 

 riot.exe p 80 192.168.1.1

The input files supplied with RIOT allow will you to rediscover various buffer-overflow vulnerabilities that have been found in enterprise Web servers. If you choose to audit a Microsoft Windows 2000 server with an early service pack, you may just rediscover the security flaw that lead to the success of the Code Red worm.

Each file in the input folder contains input data for a particular test. RIOT will start with test ID 1 and increment until it runs out of tests. You can edit these files and create your own tests as you'd like. There is also source code included that should give you a nice framework to start with. Happy hunting.


Previous page
Table of content
Next page
The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz
BUY ON AMAZON
C++ GUI Programming with Qt 3
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
MySQL Cookbook
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Special Edition Using FileMaker 8
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy