Introduction to Ethical Hacking

Reading Summary: SQL Injection

SQL injection is one of the most common vulnerabilities in web applications and that is why it is very crucial to test for vulnerabilities when one creates a website since it might allow modification of the URL in such a way that it can maliciously connect to the database and extract/modify/delete important data. SQL injection is used to perform operations on the database, bypass authentication mechanisms, read otherwise unavailable information from the database and write information to those databases. There are various ways to find SQL injection bugs such as using a single quote or a semicolon. If an error results, then the application is vulnerable. If there is no error, then make sure to check for any output changes.

Question for the class:
Have you experienced a SQL injection attack and what tools/techniques did you use to go back to operational mode?

In the news:

“Hacker group claims to have looted $100 via SQL injection attack”

A group of hackers known as TeamBersek took credit on Twitter for using a SQL injection attack to access usernames and passwords in plaintext for customers of Sebastian, a California based Internet, phone and TV service provider. It then leveraged those credentials to steal $100,000 from online accounts. The issue existed with recycling the same passwords across multiple accounts. Also, it is interesting to note that in July, cyber crooks were charged with hacking more than a dozen companies and using SQL injection to steal 160 million credit card numbers.

You can find more information about this article here.

Presentation Details:
Title: =MIS 5211.001_10/28/2015
Date: Wednesday, October 28, 2015
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/15710728c79141baa6e17d86361f6eba1d

Intro-to-Ethical-Hacking-Week-10

The prevalence of today’s web applications make it a good attack surface because of the many ways it can be reached. Moreover, web application vulnerabilities is a real and likely threat vector for many organizations with a web facing presence today. One of the tools that can assist with detection of web vulnerabilities is Burp Suite. This suite is a robust web application vulnerbaility test tool with many functionalities; some of the tool’s functionalities is called spider which is used to get a complete list of URLs and parameters for each site. The tool looks into each page that was manually visited and goes through every link it finds within the testing scope. Also, XSS is one of the most common particular web attack vulnerability.

I found this interesting article from Electronic Frontier Foundation; it speaks about law enforcement agencies around the country are all too eager to adopt mass surveillance technologies, but sometimes they have put little effort into ensuring the systems are secure and the sensitive data they collect on everyday people is protected which I thought you might like it:
https://www.eff.org/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive

Web Application vulnerabilities are still rampant and companies continue to allow attackers to exploit weaknesses in their websites.   XSS is the most prevalent attack method for the Web app type attack followed closely by SQL injection.  The exploitation of XSS occurs when an attacker exploits poor code in the website where via an input field the attackers code is executed instead to search for XSS vulnerability.   SQL injection occurs when you have some sort of input field the attacker can exploit via commands that test for certain vulnerabilities.    There is a long list of vulnerabilities, but ultimately better coding and vulnerability management mitigate the risk.

In the News: http://www.databreachtoday.com/talktalk-breach-fuels-call-for-tougher-uk-laws-a-8618

The continuing problems with the London based Telecom with their 3rd data breach.

Burp suite is a powerful tool used to test potential vulnerabilities in web applications. Burp sequencer is used to find authentication to web applications. Burp decoder is used to decode encrypted usernames or passwords on the client side and gain access to a web application. Burp comparer simply compares two sets of data like various responses so that you can see where the differences are. Burp proxy works between the browser and the application to potentially launch a man in the middle attack. Burp proxy is literally in the middle of the application and the browser being used to connect to it. Burp sitemap helps to identify where you want to focus your attention on a domain, similarly burp spider gets an exhaustive list of URLs for every site. For example Temple.edu would receive a large number of responses compared to darinbartholomew.com. Burp intruder finally executes the attacks. Once you used the various other tools to find authentication methods and define your scope you can deliver a payload.

Question for the class: Do you see web application threats to be a growing trend as we become even more connected and our applications become more network dependent than they already are?

Article http://www.zdnet.com/article/find-a-flash-drive-pick-it-up-study-highlights-poor-city-security-habits/

This article interested me because it used a “social experiment” (sort of like social engineering) to see how many people would pick up an abandoned USB drive and later plug them into their devices. 17% or one in five plugged them into their devices. This is a huge vulnerability because someone could do a similar thing with malicious intent and the drive could launch malicious software instead of the software used in this case to simply find out if it was plugged in. In our application this is something to think about because without proper training and employee knowledge, one of these drives could end up infecting an entire network that we are one day working to protect.

Web-application hacking highlights the importance of sanitizing data. This is all made possible due to how the application can accept unexpected values as input. It is through this method that malicious code is injected into the web application via the input field box.  The reading also describes the Burp Suite, which is a collection of tools used for doing security testing of Web applications. The tools are Burp Proxy, Burp Sitemap & site scope, Burp spider, Burp intruder  (used for SQL injections) , Repeater, Sequencer, Decoder and Comparer.

In The News:

TalkTalk ransome, Hacker demanded 80k GBP

TalkTalk has confirmed that they did have a security incident. It looks like the attacker used SQL injection to steal the database on the website. Now it looks like the website might have stored the information of 4 million customers or so…

..it started with the CEO talking about getting a ransom letter, the letter basically said if you don’t pay up to 80,000 pounds or 120,000 dollars in Bitcoin, we are going to release all your information and they also included a sample of the information, that was stolen…

Reading

Proxy servers are used to intercept data between private and public networks for increased response time when querying domain names by caching data, masking origin’s Public IP Address to fake point of origin, redirect traffic to other servers and manage authentication for internet access. Proxy can also be used to intercept traffic between browser and target application allowing to execute man-in-the-middle attack when accessing non-encrypted destinations. Login credentials and target web application vulnerabilities may be discovered and exploited afterwards. SQL Injections and XSS attacks are some of examples.

Web Apps injection attacks are done by inserting improper characters or code into web form fields, which when processed by back end web server get accepted and malicious code is executed. Programmers must develop web form checkers to verify input data is correct and consistent within application logic.

Question for the Class: What Proxy server software, other than Burp, is the most effective and easy to use?

In the News

Electronic Frontier Foundation (EFF) received an approval from United States Copyright Office (DMCA) of their proposal to exempt restrictions from:

1. Device unlocking
2. Jailbreaking
3. Ripping videos for remix

EFF Proposal: https://www.eff.org/document/eff-jailbreaking-exemption-request

Article: http://thehackernews.com/2015/10/jailbreak-phones.html

Web Application vulnerabilities are a significant threat to websites and companies in which an attack can exploit a weakness on the website to gain access to sensitive information. XSS is the most common type of web app attack, with SQL injection coming in second. For XSS attack, an attacker can exploit badly written code in the website by inputting their own code into an input box. The code will allow the attacker to either test if the website is open to a XSS vulnerability, or will submit the code in an attempt to display sensitive information. In SQL injection, the attacker can input certain code into an input box in order to either test for a SQL injection vulnerability, or to view the contents of the database of sensitive information. Other types of web app attacks include URL tampering, and using unicode to avoid IDS’s. Prevention includes looking over and fixing faulty code, web application firewalls or scanners.

News story for the week:

US Naval Academy teaches celestial navigation due to fears of hacking of navigation systems.
http://www.dailymail.co.uk/news/article-3273519/US-Naval-Academy-returns-celestial-navigation-amid-fears-computer-hacking.html

Intro-to-Ethical-Hacking-Week-9

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5211.001_10/21/2015
Date: Wednesday, October 21, 2015
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/5c5eb537759341a38cb10341c34e01671d

This weeks reading covered SQL injection & XSS vulnerabilities and the Burp Suite. The burp suite readings cover basic usage of Burp Suite on non encrypted HTTP connections. The Web Application Injection Vulnerabilities reading show howbad coding habits and lack of data verification can allow attackers entry into the backend of websites/apps. It also talks about how checking for errors, penetration testing web applications, using secure coding practices and installing web application firewalls can be used to mitigate risks against such attacks.

An article I found interesting can be found at:

http://www.informationweek.com/government/mobile-and-wireless/smartphones-on-drones-can-hack-your-wireless-printer/d/d-id/1322547