SlideShare a Scribd company logo

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack

Download as pptx, pdf
TechSecIT
TechSecIT

The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help boost feelings of calmness, happiness and focus.

1 of 26
Downloaded 53 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Cyber Security An Introduction of SQL Injection, Buffer Overflow & Wireless Network Attack http://techsecit.com
SQL Injection • SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application . Hackers use injections to obtain unauthorized access to the underlying data, structure, and DBMS. It is one of the most common web application vulnerabilities. • A Database is the heart of many web-applications and is used to store information needed by the application, such as, credit card information, customer demographics, customer orders, client preferences, etc. Consequently, databases have become attractive and very lucrative targets for hackers to hack into. • SQL Injections happen when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly validate and filter out dangerous characters. This can allow an attacker to alter SQL statements passed to the database as parameters and enable her to not only steal data from your database, but also modify and delete it.
Contd... • Below are listed the main categories of SQL injection attacks. • Classic Attack • Most attacks rely on basic SQL manipulation and are considered to be classic attacks. It includes WHERE clause modification, UNION operator injection and query stacking. Those are by far the most popular kinds of SQLIA • Inference attack • Inference attacks involve a SQL manipulation that will provide the hacker the ability to verify a true/false condition. Depending on the database system reaction, it is possible to find out if the condition was realized or not.
Contd... • DBMS specific attack • This type of SQLIA is used as an alternative to classic SQL injection. It is especially useful when trying to fingerprint the database system, but it can also provide the ability to achieve a complete attack when some particular conditions are met. • The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box. However, automated SQL injection programs are now available, and as a result, both the likelihood and the potential damage of an exploit has increased enormously. • In an interview with Security Wire Perspectives, Caleb Sima, CTO of SPI Dynamics spoke of the potential danger: "This technology being publicly released by some black hat will give script-kiddies the ability to pick up a freeware tool, point it at a Web site and automatically download a database without any knowledge whatsoever. • I think that makes things a lot more critical and severe. The automation of SQL injection gives rise to the possibility of a SQL injection worm, which is very possible. In fact, I am surprised this hasn't occurred yet." Sima estimates that about 60% of Web applications that use dynamic content are vulnerable to SQL injection.
Contd... • According to security experts, the reason that SQL injection and many other exploits, such as cross-site scripting, are possible is that security is not sufficiently emphasized in development. To protect the integrity of Web sites and applications, experts recommend simple precautions during development such as controlling the types and numbers of characters accepted by input boxes. • <It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language (SQL) queries that an application passes to a back-end database. By being able to influence what is passed to the database, the attacker can leverage the syntax and capabilities of SQL itself, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database. SQL injection is not a vulnerability that exclusively affects Web applications; any code that accepts input from an untrusted source and then uses that input to form dynamic SQL statements could be vulnerable >
Buffer Overflow • A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. • Buffer overflow is probably the best known form of software security vulnerability. Most software developers know what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly- developed applications are still quite common. Part of the problem is due to the wide variety of ways buffer overflows can occur, and part is due to the error- prone techniques often used to prevent them.
Contd... • Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables. Buffer overflow always ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows continue to plague software from vendors both large and small. • A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn't large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there. If the original data includes the exploited Function’s return pointer -- the address to which the process should go next -- an attacker can set the new values to point to an address of his choosing. The attacker usually sets the new values to point to a location where the exploit Payload has been positioned. This alters the execution path of the process and effectively transfers control to the attacker's malicious code.
Contd... • The heap is a memory structure used to manage dynamic memory. Programmers often use the heap to allocate memory whose size is not known at compile time, where the amount of memory required is too large to fit on the stack or where the memory is intended to be used across function calls. • Other buffer-related attacks include integer overflow, which is when a number is used in an operation, the result of which requires more memory to store. For example, 8 bits of memory are required to store the number 192. If the process adds 64 to this number, the answer 256 will not fit in the allocated memory, as it requires 9 bits. • Format strings attacks alter the flow of an application by using string formatting library functions like printf and sprintf to access other memory space.
Contd... • Finally, a Unicode overflow exploits the greater memory required to store a string in Unicode format than in ASCII characters. • The most common reason why buffer overflow attacks work is because applications fail to manage memory allocations and validate input from the client or other processes. Applications developed in C or C++ should avoid dangerous standard Library functions that are not bounds checked, such as gets, scanf and strcpy, and instead use libraries or classes explicitly created to perform string and other memory operations securely. User input and data from untrusted sources should always be validated to ensure that they are within the bounds of what's expected and to prevent overly long input values. • Vendors issue patches and updates for their software to fix buffer overflow vulnerabilities that have been discovered, but there is still a period of risk between the vulnerability being discovered and the patch being created and deployed.
Contd... • Most operating systems have introduced runtime protections to make it harder for overflow buffer attacks to succeed. Address Space layout randomization randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. This makes it difficult for an attacker to reliably jump to a particular function in memory. • Data Execution Prevention marks areas of memory as either executable or non- executable. This prevents an attacker from being able to execute instructions written to a data area via a buffer overflow.
Contd... • Recently revived, this formerly obsolete term gained currency in its day (1500) from a work by Johannes Trithemius, Steganographia, ostensibly a system of angel magic but also claiming to include a synthesis of how to learn and know things contained within a system of cryptography. The book was privately circulated but never published by the author because those who read it found it rather fearsome.
Wireless Network Attack • Access Control Attacks • Integrity Attacks • Confidentiality Attacks • Availability Attacks • Authentication Attacks
Access Control Attacks • War driving • In a wardriving attack, wireless LANS are detected either by sending probe requests over a connection or by listening to web beacons. Once a penetration point is discovered, further attacks can be launched on the LAN. Some of the tools that can be used to perform wardriving are KisMAC, NetStumbler, and WaveStumber. • Rogue Access Points • In order to create a backdoor into a trusted network, an unsecured access point or fake access point is installed inside a firewall. Any software or hardware access points can be used to perform this kind of attack. • MAC Spoofing • Using the MAC spoofing technique, the attacker can reconfigure the MAC address to appear as an authorized access point to a host on a trusted network. The tools for carrying out this kind of attack are: changemac.sh, SMAC, and Wicontrol.
Contd... • Ad Hoc Associations • This kind of attack can be carried out by using any USB adapter or wireless card. In this method, the host is connected to an unsecured station to attack a particular station or to avoid access point security. • AP Misconfiguration • If any of the critical security settings is improperly configured at any of the access points, the entire network could be open to vulnerabilities and attacks. The AP can't trigger alerts in most intrusion-detection systems, as it is authorized as a legitimate device on the network. • Client Misassociation • The client may connect or associate with an AP outside the legitimate network either intentionally or accidentally. This is because the WLAN signals travel through walls in the air. This kind of client misassociation thus can be lead to access control attacks.
Contd... • Unauthorized Association • Unauthorized association is the major threat to wireless network. Prevention of this kind of attack depends on the method or technique that the attacker uses in order to get associated with the network. • Promiscuous Client • The promiscuous client offers an irresistibly strong signal intentionally for malicious purposes. Wireless cards often look for a stronger signal to connect to a network. In this way the promiscuous client grabs the attention of the users towards it by sending strong signal.
Integrity Attacks • In integrity attacks, attackers send forged control, management, or data frames over a wireless network to misdirect the wireless devices in order to perform another type of attack (e.g., DoS). Type of Attack Description Method and Tools Data Frame Injection Crafting and sending forged 802.11 frames. Airpwn, File2air, libradiate, voidll, WEPWedgie, wnet dinject/reinject WEP Injection Crafting and sending forged WEP encryption keys WEP cracking + injection tools Data Replay Capturing 802.11 data frames for later (modified) replay. Capture + injection tools
Contd... Initialization Vector Replay Attacks The key stream is derived by sending the plain-text message. Bit-Flipping Attacks Captures the frame and flips random bits in the data payload, modifies ICV, and sends to the user Extensible AP Replay Capturing 802.IX Extensible Authentication Protocols (e.g., EAP Identity, Success, Failure) for later replay. Wireless capture + injection tools between station and AP RADIUS Replay Capturing RADIUS Access-Accept or Reject messages for later replay Ethernet capture + injection tools between AP and authentication server Wireless Network Viruses Viruses have their impact on the wireless network to a great extent. It allows the attacker with simplest ways for attacking on APs.
Confidentiality Attacks • These attacks attempt to intercept confidential information sent over wireless associations, whether sent in the clear text or encrypted by Wi-Fi protocols. Type of Attack Description Method and Tools Eavesdropping Capturing and decoding unprotected application traffic to obtain potentially sensitive information. bsd-airtools, Ethereal, Ettercap, Kismet, commercial analyzers Traffic Analysis Implication of information from the observation of external traffic characteristics. Cracking WEP Key Capturing data to recover a WEP key using brute force or Fluhrer-Mantin- Shamir (FMS) cryptanalysis. Aircrack, AirSnort, chopchop, dwepcrack, WepAttack, WepDecrypt, WepLab
Contd... Evil Twin AP Masquerading as an authorized AP by beaconing the WLAN's service set identifier (SSID) to lure users. qureAP, HermesAP, HostAP, OpenAP, Quetec, WifiBSD Man-in-the- Middle Attack Running traditional man-in-the- middle attack tools on an evil twin AP to intercept TCP sessions or SSL/SSH tunnels. dsniff, Ettercap Masquerading Pretends to be an authorized user of a system in order to gain access to it. Stealing login IDs and passwords, bypassing authentication mechanisms Session Hijacking Manipulating the network so the attacker's host appears to be the desired destination. Manipulating Honeypot Access Point Setting its service identifier (SSID) to be the same as an access point at the local hotspot assumes the attacker as the legitimate hotspot. Manipulating SSID
Availability Attack • These attacks aim at obstructing the delivery of wireless services to legitimate users, either by crippling those resources or by denying them access to WLAN resources. There are many attacks using which an attacker can obstruct the availability of wireless networks. The availability attacks include: Type of Attack Description Method and Tools Access Point Theft Physically removing an AP from a public space. Five finger discount Denial of Service Exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy An adapter that supports CW Tx mode, with a low- level utility to invoke continuous transmit Beacon Flood Generating thousands of counterfeit 802.11 beacons to make it hard for stations to find a legitimate AP. FakeAP
Contd... Authenticate Flood Sending forged Authenticates or Associates from random MACs to fill a target AP's association table. Airjack, File2air, Macfld, voidll Disassociation Attacks Causes the target unavailable to other wireless devices by destroying the connectivity between station and the client. Destroys the connectivity De-authenticate Flood Flooding station(s) with forged Deauthenticates or Disassociates to disconnecting users from an AP. Destroys the connectivity TKIP MIC Exploit Generating invalid TKIP data to exceed the target AP's MIC error threshold, suspending WLAN service. File2air, wnet dinject ARP Cache Poisoning Attack Provides attackers with many attack vectors
Contd... EAP-Failure Observing a valid 802.IX EAP exchange, and then sending the station a forged EAP-Failure message. QACafe, File2air, libradiate Routing Attacks Routing information is distributed within the network RIP protocol Power Saving Attacks Transmitting a spoofed TIM or DTIM to the client while in power saving mode causes the DoS attack
Authentication Attacks • The objective of authentication attacks is to steal the identity of Wi-Fi clients, their personal information, login credentials, etc. to gain unauthorized access to network resources. Type of Attack Description Method and Tools Application Login Theft Capturing user credentials (e.g., email address and password) from clear text application protocols. Ace Password Sniffer, Dsniff, PHoss, WinSniffer PSK Cracking Recovering a WPA PSK from captured key handshake frames using a dictionary attack tool. coWPAtty, KisMAC, wpa_crack, wpa-psk-bf Shared Key Guessing Attempting 802.11 Shared Key Authentication with guessed vendor default or cracked WEP keys. WEP cracking tools
Contd... Domain Login Cracking Recovering user credentials (e.g., Windows login and password) by cracking NetBIOS password hashes, using a brute-force or dictionary attack tool. John the Ripper, LOphtCrack, Cain Identity Theft Capturing user identities from cleartext 802.IX Identity Response packets Capture tools VPN Login Cracking Recovering user credentials (e.g., PPTP password or IPSec Preshared Secret Key) by running brute-force attacks on VPN authentication protocols. ike_scan and ike_crack (IPsec), anger and THC- pptp- bruter (PPTP Password Speculation Using a captured identity, repeatedly attempting 802.IX authentication to guess the user's password. Password dictionary
Contd... LEAP Cracking Recovering user credentials from captured 802.IX Lightweight EAP (LEAP) packets using a dictionary attack tool to crack the NT password hash. Anwrap, Asleap, THC- LEAPcracker
Thank You http://techsecit.com
Ad

Recommended

Keyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Email spam detection
Email spam detection
PratisthaSingh5
 
Data leakage detection Complete Seminar
Data leakage detection Complete Seminar
Sumit Thakur
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
Spam email detection using machine learning PPT.pptx
Spam email detection using machine learning PPT.pptx
Kunal Kalamkar
 
Data leakage detection (synopsis)
Data leakage detection (synopsis)
Mumbai Academisc
 
KRACK attack
KRACK attack
VadimDavydov3
 
Social Impacts & Trends of Data Mining
Social Impacts & Trends of Data Mining
SushilDhakal4
 
Project Report on Intrusion Detection System
Project Report on Intrusion Detection System
Vishal Polley
 
Ip spoofing ppt
Ip spoofing ppt
Anushakp9
 
Authentication vs authorization
Authentication vs authorization
Frank Victory
 
Secure hash function
Secure hash function
Mohibullah Saail
 
WannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
big data analytics in mobile cellular network
big data analytics in mobile cellular network
shubham patil
 
Machine Learning Project - Email Spam Filtering using Enron Dataset
Machine Learning Project - Email Spam Filtering using Enron Dataset
Aman Singhla
 
Multimedia database
Multimedia database
SumitKeshri10
 
key distribution in network security
key distribution in network security
babak danyal
 
Sql injection
Sql injection
Pallavi Biswas
 
The TLS/SSLv3 renegotiation vulnerability explained
The TLS/SSLv3 renegotiation vulnerability explained
Thierry Zoller
 
Buffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Ppt for Application of big data
Ppt for Application of big data
Prashant Sharma
 
Sms spam-detection
Sms spam-detection
Tanvirul Islam
 
MACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block Ciphers
Maitree Patel
 
Network attacks
Network attacks
Manjushree Mashal
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
IP Spoofing
IP Spoofing
Akmal Hussain
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
NithyasriA2
 
Buffer overflow
Buffer overflow
Evgeni Tsonev
 
Buffer Overflow
Buffer Overflow
Kaustubh Padwad
 

More Related Content

What's hot (20)

Project Report on Intrusion Detection System
Project Report on Intrusion Detection System
Vishal Polley
 
Ip spoofing ppt
Ip spoofing ppt
Anushakp9
 
Authentication vs authorization
Authentication vs authorization
Frank Victory
 
Secure hash function
Secure hash function
Mohibullah Saail
 
WannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
big data analytics in mobile cellular network
big data analytics in mobile cellular network
shubham patil
 
Machine Learning Project - Email Spam Filtering using Enron Dataset
Machine Learning Project - Email Spam Filtering using Enron Dataset
Aman Singhla
 
Multimedia database
Multimedia database
SumitKeshri10
 
key distribution in network security
key distribution in network security
babak danyal
 
Sql injection
Sql injection
Pallavi Biswas
 
The TLS/SSLv3 renegotiation vulnerability explained
The TLS/SSLv3 renegotiation vulnerability explained
Thierry Zoller
 
Buffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Ppt for Application of big data
Ppt for Application of big data
Prashant Sharma
 
Sms spam-detection
Sms spam-detection
Tanvirul Islam
 
MACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block Ciphers
Maitree Patel
 
Network attacks
Network attacks
Manjushree Mashal
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
IP Spoofing
IP Spoofing
Akmal Hussain
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
NithyasriA2
 
Project Report on Intrusion Detection System
Project Report on Intrusion Detection System
Vishal Polley
 
Ip spoofing ppt
Ip spoofing ppt
Anushakp9
 
Authentication vs authorization
Authentication vs authorization
Frank Victory
 
Secure hash function
Secure hash function
Mohibullah Saail
 
WannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
big data analytics in mobile cellular network
big data analytics in mobile cellular network
shubham patil
 
Machine Learning Project - Email Spam Filtering using Enron Dataset
Machine Learning Project - Email Spam Filtering using Enron Dataset
Aman Singhla
 
Multimedia database
Multimedia database
SumitKeshri10
 
key distribution in network security
key distribution in network security
babak danyal
 
Sql injection
Sql injection
Pallavi Biswas
 
The TLS/SSLv3 renegotiation vulnerability explained
The TLS/SSLv3 renegotiation vulnerability explained
Thierry Zoller
 
Buffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Ppt for Application of big data
Ppt for Application of big data
Prashant Sharma
 
Sms spam-detection
Sms spam-detection
Tanvirul Islam
 
MACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block Ciphers
Maitree Patel
 
Network attacks
Network attacks
Manjushree Mashal
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
IP Spoofing
IP Spoofing
Akmal Hussain
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
NithyasriA2
 

Viewers also liked (20)

Buffer overflow
Buffer overflow
Evgeni Tsonev
 
Buffer Overflow
Buffer Overflow
Kaustubh Padwad
 
Buffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Buffer Overflow by SecArmour
Buffer Overflow by SecArmour
Sec Armour
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow Attack
Rob Gillen
 
6 buffer overflows
6 buffer overflows
drewz lin
 
Buffer overflow attacks
Buffer overflow attacks
Sandun Perera
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
Instintos Unidad II Fisiología y Conducta
Instintos Unidad II Fisiología y Conducta
Maick Montanez
 
itek Energy_Marketing Strategy Powerpoint (1)
itek Energy_Marketing Strategy Powerpoint (1)
Hannah Bouscher-Gage
 
міністерство освіти і науки україни
міністерство освіти і науки україни
Sinyaeva-Oksana
 
marketing plan
marketing plan
Shalaka Sitre
 
Instinto sexual y sexualidad
Instinto sexual y sexualidad
isareyes22
 
Buffer Overflow exploitation
Buffer Overflow exploitation
Zakaria SMAHI
 
Intrusion detection and prevention
Intrusion detection and prevention
Nicholas Davis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
 
Desofuscando um webshell em php h2hc Ed.9
Desofuscando um webshell em php h2hc Ed.9
Ricardo L0gan
 
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
frank2
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
SelectedPresentations
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
Teodoro Cipresso
 
Buffer overflow
Buffer overflow
Evgeni Tsonev
 
Buffer Overflow
Buffer Overflow
Kaustubh Padwad
 
Buffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Buffer Overflow by SecArmour
Buffer Overflow by SecArmour
Sec Armour
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow Attack
Rob Gillen
 
6 buffer overflows
6 buffer overflows
drewz lin
 
Buffer overflow attacks
Buffer overflow attacks
Sandun Perera
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
tharindunew
 
Instintos Unidad II Fisiología y Conducta
Instintos Unidad II Fisiología y Conducta
Maick Montanez
 
itek Energy_Marketing Strategy Powerpoint (1)
itek Energy_Marketing Strategy Powerpoint (1)
Hannah Bouscher-Gage
 
міністерство освіти і науки україни
міністерство освіти і науки україни
Sinyaeva-Oksana
 
marketing plan
marketing plan
Shalaka Sitre
 
Instinto sexual y sexualidad
Instinto sexual y sexualidad
isareyes22
 
Buffer Overflow exploitation
Buffer Overflow exploitation
Zakaria SMAHI
 
Intrusion detection and prevention
Intrusion detection and prevention
Nicholas Davis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
 
Desofuscando um webshell em php h2hc Ed.9
Desofuscando um webshell em php h2hc Ed.9
Ricardo L0gan
 
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
frank2
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
SelectedPresentations
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
Teodoro Cipresso
 
Ad

Similar to An Introduction of SQL Injection, Buffer Overflow & Wireless Attack (20)

Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
csf_ppt.pptx
csf_ppt.pptx
0567Padma
 
2071
2071
Brave Sithu
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
IRJET - Buffer Overflows Attacks & Defense
IRJET - Buffer Overflows Attacks & Defense
IRJET Journal
 
Security communication
Security communication
Say Shyong
 
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
BenitoSumpter862
 
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
SantosConleyha
 
Cyber security tutorial1
Cyber security tutorial1
sweta dargad
 
501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks
gocybersec
 
CISSP Week 14
CISSP Week 14
jemtallon
 
Ids 008 buffer overflow
Ids 008 buffer overflow
jyoti_lakhani
 
Built-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software Developers
Phú Phùng
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzing
Prachi Gulihar
 
Golf teamlearnerlecture
Golf teamlearnerlecture
kairistiona
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
Computer Science Club
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Control hijacking
Control hijacking
Prachi Gulihar
 
Software security (vulnerabilities) and physical security
Software security (vulnerabilities) and physical security
Nicholas Davis
 
Software Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
csf_ppt.pptx
csf_ppt.pptx
0567Padma
 
2071
2071
Brave Sithu
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
IRJET - Buffer Overflows Attacks & Defense
IRJET - Buffer Overflows Attacks & Defense
IRJET Journal
 
Security communication
Security communication
Say Shyong
 
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
BenitoSumpter862
 
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
10h 35m remaining CHAPTER 12 Common Software Vulnerabili
SantosConleyha
 
Cyber security tutorial1
Cyber security tutorial1
sweta dargad
 
501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks
gocybersec
 
CISSP Week 14
CISSP Week 14
jemtallon
 
Ids 008 buffer overflow
Ids 008 buffer overflow
jyoti_lakhani
 
Built-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software Developers
Phú Phùng
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzing
Prachi Gulihar
 
Golf teamlearnerlecture
Golf teamlearnerlecture
kairistiona
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
Computer Science Club
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Control hijacking
Control hijacking
Prachi Gulihar
 
Software security (vulnerabilities) and physical security
Software security (vulnerabilities) and physical security
Nicholas Davis
 
Software Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
Ad

Recently uploaded (20)

Expository Text Translation WEASDSD.pptx
Expository Text Translation WEASDSD.pptx
SURYAADIWINATA3
 
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
vemulavenu484
 
In order to install and use the device software, your computer must meet the ...
In order to install and use the device software, your computer must meet the ...
raguclc
 
Timeline Infographics Para utilização diária
Timeline Infographics Para utilização diária
meslellis
 
inside the internet - understanding the TCP/IP protocol
inside the internet - understanding the TCP/IP protocol
shainweniton02
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
simple-presentationtestingdocument2007.pptx
simple-presentationtestingdocument2007.pptx
ashokjayapal
 
Lecture 3.1 Analysing the Global Business Environment .pptx
Lecture 3.1 Analysing the Global Business Environment .pptx
shofalbsb
 
AI theory work for students to understand the logic
AI theory work for students to understand the logic
areeba15775n
 
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
Jason Packer
 
NOC Services for maintaining network as MSA.ppt
NOC Services for maintaining network as MSA.ppt
ankurnagar22
 
最新版美国威斯康星大学绿湾分校毕业证(UWGB毕业证书)原版定制
最新版美国威斯康星大学绿湾分校毕业证(UWGB毕业证书)原版定制
Taqyea
 
cybercrime investigation and digital forensics
cybercrime investigation and digital forensics
goverdhankumar137300
 
rosoft PowcgnggerPoint Presentation.pptx
rosoft PowcgnggerPoint Presentation.pptx
sirbabu778
 
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
GFGLaboratorios
 
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
ragnaralpha7199
 
Unlocking Business Growth Through Targeted Social Engagement
Unlocking Business Growth Through Targeted Social Engagement
Digital Guider
 
Internet & Protocols : A Blueprint of the Internet System
Internet & Protocols : A Blueprint of the Internet System
cpnabil59
 
Quantiuwewe e3er14e we3223 32222 m2.pptx
Quantiuwewe e3er14e we3223 32222 m2.pptx
cyberesearchprof
 
AWS Basics for non technical people.pptx
AWS Basics for non technical people.pptx
sanjeevkumar123577
 
Expository Text Translation WEASDSD.pptx
Expository Text Translation WEASDSD.pptx
SURYAADIWINATA3
 
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
SAP_S4HANA_eCommerce_Integration_Presentation.pptx
vemulavenu484
 
In order to install and use the device software, your computer must meet the ...
In order to install and use the device software, your computer must meet the ...
raguclc
 
Timeline Infographics Para utilização diária
Timeline Infographics Para utilização diária
meslellis
 
inside the internet - understanding the TCP/IP protocol
inside the internet - understanding the TCP/IP protocol
shainweniton02
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
simple-presentationtestingdocument2007.pptx
simple-presentationtestingdocument2007.pptx
ashokjayapal
 
Lecture 3.1 Analysing the Global Business Environment .pptx
Lecture 3.1 Analysing the Global Business Environment .pptx
shofalbsb
 
AI theory work for students to understand the logic
AI theory work for students to understand the logic
areeba15775n
 
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
CBUSDAW - Ash Lewis - Reducing LLM Hallucinations
Jason Packer
 
NOC Services for maintaining network as MSA.ppt
NOC Services for maintaining network as MSA.ppt
ankurnagar22
 
最新版美国威斯康星大学绿湾分校毕业证(UWGB毕业证书)原版定制
最新版美国威斯康星大学绿湾分校毕业证(UWGB毕业证书)原版定制
Taqyea
 
cybercrime investigation and digital forensics
cybercrime investigation and digital forensics
goverdhankumar137300
 
rosoft PowcgnggerPoint Presentation.pptx
rosoft PowcgnggerPoint Presentation.pptx
sirbabu778
 
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
AMOR PROHIBIDO MURMURAN POR LAS CALLES PORQUE
GFGLaboratorios
 
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
Dark Web Presentation - 1.pdf about internet which will help you to get to kn...
ragnaralpha7199
 
Unlocking Business Growth Through Targeted Social Engagement
Unlocking Business Growth Through Targeted Social Engagement
Digital Guider
 
Internet & Protocols : A Blueprint of the Internet System
Internet & Protocols : A Blueprint of the Internet System
cpnabil59
 
Quantiuwewe e3er14e we3223 32222 m2.pptx
Quantiuwewe e3er14e we3223 32222 m2.pptx
cyberesearchprof
 
AWS Basics for non technical people.pptx
AWS Basics for non technical people.pptx
sanjeevkumar123577
 

An Introduction of SQL Injection, Buffer Overflow & Wireless Attack

  • 1. Cyber Security An Introduction of SQL Injection, Buffer Overflow & Wireless Network Attack http://techsecit.com
  • 2. SQL Injection • SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application . Hackers use injections to obtain unauthorized access to the underlying data, structure, and DBMS. It is one of the most common web application vulnerabilities. • A Database is the heart of many web-applications and is used to store information needed by the application, such as, credit card information, customer demographics, customer orders, client preferences, etc. Consequently, databases have become attractive and very lucrative targets for hackers to hack into. • SQL Injections happen when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly validate and filter out dangerous characters. This can allow an attacker to alter SQL statements passed to the database as parameters and enable her to not only steal data from your database, but also modify and delete it.
  • 3. Contd... • Below are listed the main categories of SQL injection attacks. • Classic Attack • Most attacks rely on basic SQL manipulation and are considered to be classic attacks. It includes WHERE clause modification, UNION operator injection and query stacking. Those are by far the most popular kinds of SQLIA • Inference attack • Inference attacks involve a SQL manipulation that will provide the hacker the ability to verify a true/false condition. Depending on the database system reaction, it is possible to find out if the condition was realized or not.
  • 4. Contd... • DBMS specific attack • This type of SQLIA is used as an alternative to classic SQL injection. It is especially useful when trying to fingerprint the database system, but it can also provide the ability to achieve a complete attack when some particular conditions are met. • The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box. However, automated SQL injection programs are now available, and as a result, both the likelihood and the potential damage of an exploit has increased enormously. • In an interview with Security Wire Perspectives, Caleb Sima, CTO of SPI Dynamics spoke of the potential danger: "This technology being publicly released by some black hat will give script-kiddies the ability to pick up a freeware tool, point it at a Web site and automatically download a database without any knowledge whatsoever. • I think that makes things a lot more critical and severe. The automation of SQL injection gives rise to the possibility of a SQL injection worm, which is very possible. In fact, I am surprised this hasn't occurred yet." Sima estimates that about 60% of Web applications that use dynamic content are vulnerable to SQL injection.
  • 5. Contd... • According to security experts, the reason that SQL injection and many other exploits, such as cross-site scripting, are possible is that security is not sufficiently emphasized in development. To protect the integrity of Web sites and applications, experts recommend simple precautions during development such as controlling the types and numbers of characters accepted by input boxes. • <It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language (SQL) queries that an application passes to a back-end database. By being able to influence what is passed to the database, the attacker can leverage the syntax and capabilities of SQL itself, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database. SQL injection is not a vulnerability that exclusively affects Web applications; any code that accepts input from an untrusted source and then uses that input to form dynamic SQL statements could be vulnerable >
  • 6. Buffer Overflow • A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. • Buffer overflow is probably the best known form of software security vulnerability. Most software developers know what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly- developed applications are still quite common. Part of the problem is due to the wide variety of ways buffer overflows can occur, and part is due to the error- prone techniques often used to prevent them.
  • 7. Contd... • Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables. Buffer overflow always ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows continue to plague software from vendors both large and small. • A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn't large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there. If the original data includes the exploited Function’s return pointer -- the address to which the process should go next -- an attacker can set the new values to point to an address of his choosing. The attacker usually sets the new values to point to a location where the exploit Payload has been positioned. This alters the execution path of the process and effectively transfers control to the attacker's malicious code.
  • 8. Contd... • The heap is a memory structure used to manage dynamic memory. Programmers often use the heap to allocate memory whose size is not known at compile time, where the amount of memory required is too large to fit on the stack or where the memory is intended to be used across function calls. • Other buffer-related attacks include integer overflow, which is when a number is used in an operation, the result of which requires more memory to store. For example, 8 bits of memory are required to store the number 192. If the process adds 64 to this number, the answer 256 will not fit in the allocated memory, as it requires 9 bits. • Format strings attacks alter the flow of an application by using string formatting library functions like printf and sprintf to access other memory space.
  • 9. Contd... • Finally, a Unicode overflow exploits the greater memory required to store a string in Unicode format than in ASCII characters. • The most common reason why buffer overflow attacks work is because applications fail to manage memory allocations and validate input from the client or other processes. Applications developed in C or C++ should avoid dangerous standard Library functions that are not bounds checked, such as gets, scanf and strcpy, and instead use libraries or classes explicitly created to perform string and other memory operations securely. User input and data from untrusted sources should always be validated to ensure that they are within the bounds of what's expected and to prevent overly long input values. • Vendors issue patches and updates for their software to fix buffer overflow vulnerabilities that have been discovered, but there is still a period of risk between the vulnerability being discovered and the patch being created and deployed.
  • 10. Contd... • Most operating systems have introduced runtime protections to make it harder for overflow buffer attacks to succeed. Address Space layout randomization randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. This makes it difficult for an attacker to reliably jump to a particular function in memory. • Data Execution Prevention marks areas of memory as either executable or non- executable. This prevents an attacker from being able to execute instructions written to a data area via a buffer overflow.
  • 11. Contd... • Recently revived, this formerly obsolete term gained currency in its day (1500) from a work by Johannes Trithemius, Steganographia, ostensibly a system of angel magic but also claiming to include a synthesis of how to learn and know things contained within a system of cryptography. The book was privately circulated but never published by the author because those who read it found it rather fearsome.
  • 12. Wireless Network Attack • Access Control Attacks • Integrity Attacks • Confidentiality Attacks • Availability Attacks • Authentication Attacks
  • 13. Access Control Attacks • War driving • In a wardriving attack, wireless LANS are detected either by sending probe requests over a connection or by listening to web beacons. Once a penetration point is discovered, further attacks can be launched on the LAN. Some of the tools that can be used to perform wardriving are KisMAC, NetStumbler, and WaveStumber. • Rogue Access Points • In order to create a backdoor into a trusted network, an unsecured access point or fake access point is installed inside a firewall. Any software or hardware access points can be used to perform this kind of attack. • MAC Spoofing • Using the MAC spoofing technique, the attacker can reconfigure the MAC address to appear as an authorized access point to a host on a trusted network. The tools for carrying out this kind of attack are: changemac.sh, SMAC, and Wicontrol.
  • 14. Contd... • Ad Hoc Associations • This kind of attack can be carried out by using any USB adapter or wireless card. In this method, the host is connected to an unsecured station to attack a particular station or to avoid access point security. • AP Misconfiguration • If any of the critical security settings is improperly configured at any of the access points, the entire network could be open to vulnerabilities and attacks. The AP can't trigger alerts in most intrusion-detection systems, as it is authorized as a legitimate device on the network. • Client Misassociation • The client may connect or associate with an AP outside the legitimate network either intentionally or accidentally. This is because the WLAN signals travel through walls in the air. This kind of client misassociation thus can be lead to access control attacks.
  • 15. Contd... • Unauthorized Association • Unauthorized association is the major threat to wireless network. Prevention of this kind of attack depends on the method or technique that the attacker uses in order to get associated with the network. • Promiscuous Client • The promiscuous client offers an irresistibly strong signal intentionally for malicious purposes. Wireless cards often look for a stronger signal to connect to a network. In this way the promiscuous client grabs the attention of the users towards it by sending strong signal.
  • 16. Integrity Attacks • In integrity attacks, attackers send forged control, management, or data frames over a wireless network to misdirect the wireless devices in order to perform another type of attack (e.g., DoS). Type of Attack Description Method and Tools Data Frame Injection Crafting and sending forged 802.11 frames. Airpwn, File2air, libradiate, voidll, WEPWedgie, wnet dinject/reinject WEP Injection Crafting and sending forged WEP encryption keys WEP cracking + injection tools Data Replay Capturing 802.11 data frames for later (modified) replay. Capture + injection tools
  • 17. Contd... Initialization Vector Replay Attacks The key stream is derived by sending the plain-text message. Bit-Flipping Attacks Captures the frame and flips random bits in the data payload, modifies ICV, and sends to the user Extensible AP Replay Capturing 802.IX Extensible Authentication Protocols (e.g., EAP Identity, Success, Failure) for later replay. Wireless capture + injection tools between station and AP RADIUS Replay Capturing RADIUS Access-Accept or Reject messages for later replay Ethernet capture + injection tools between AP and authentication server Wireless Network Viruses Viruses have their impact on the wireless network to a great extent. It allows the attacker with simplest ways for attacking on APs.
  • 18. Confidentiality Attacks • These attacks attempt to intercept confidential information sent over wireless associations, whether sent in the clear text or encrypted by Wi-Fi protocols. Type of Attack Description Method and Tools Eavesdropping Capturing and decoding unprotected application traffic to obtain potentially sensitive information. bsd-airtools, Ethereal, Ettercap, Kismet, commercial analyzers Traffic Analysis Implication of information from the observation of external traffic characteristics. Cracking WEP Key Capturing data to recover a WEP key using brute force or Fluhrer-Mantin- Shamir (FMS) cryptanalysis. Aircrack, AirSnort, chopchop, dwepcrack, WepAttack, WepDecrypt, WepLab
  • 19. Contd... Evil Twin AP Masquerading as an authorized AP by beaconing the WLAN's service set identifier (SSID) to lure users. qureAP, HermesAP, HostAP, OpenAP, Quetec, WifiBSD Man-in-the- Middle Attack Running traditional man-in-the- middle attack tools on an evil twin AP to intercept TCP sessions or SSL/SSH tunnels. dsniff, Ettercap Masquerading Pretends to be an authorized user of a system in order to gain access to it. Stealing login IDs and passwords, bypassing authentication mechanisms Session Hijacking Manipulating the network so the attacker's host appears to be the desired destination. Manipulating Honeypot Access Point Setting its service identifier (SSID) to be the same as an access point at the local hotspot assumes the attacker as the legitimate hotspot. Manipulating SSID
  • 20. Availability Attack • These attacks aim at obstructing the delivery of wireless services to legitimate users, either by crippling those resources or by denying them access to WLAN resources. There are many attacks using which an attacker can obstruct the availability of wireless networks. The availability attacks include: Type of Attack Description Method and Tools Access Point Theft Physically removing an AP from a public space. Five finger discount Denial of Service Exploiting the CSMA/CA Clear Channel Assessment (CCA) mechanism to make a channel appear busy An adapter that supports CW Tx mode, with a low- level utility to invoke continuous transmit Beacon Flood Generating thousands of counterfeit 802.11 beacons to make it hard for stations to find a legitimate AP. FakeAP
  • 21. Contd... Authenticate Flood Sending forged Authenticates or Associates from random MACs to fill a target AP's association table. Airjack, File2air, Macfld, voidll Disassociation Attacks Causes the target unavailable to other wireless devices by destroying the connectivity between station and the client. Destroys the connectivity De-authenticate Flood Flooding station(s) with forged Deauthenticates or Disassociates to disconnecting users from an AP. Destroys the connectivity TKIP MIC Exploit Generating invalid TKIP data to exceed the target AP's MIC error threshold, suspending WLAN service. File2air, wnet dinject ARP Cache Poisoning Attack Provides attackers with many attack vectors
  • 22. Contd... EAP-Failure Observing a valid 802.IX EAP exchange, and then sending the station a forged EAP-Failure message. QACafe, File2air, libradiate Routing Attacks Routing information is distributed within the network RIP protocol Power Saving Attacks Transmitting a spoofed TIM or DTIM to the client while in power saving mode causes the DoS attack
  • 23. Authentication Attacks • The objective of authentication attacks is to steal the identity of Wi-Fi clients, their personal information, login credentials, etc. to gain unauthorized access to network resources. Type of Attack Description Method and Tools Application Login Theft Capturing user credentials (e.g., email address and password) from clear text application protocols. Ace Password Sniffer, Dsniff, PHoss, WinSniffer PSK Cracking Recovering a WPA PSK from captured key handshake frames using a dictionary attack tool. coWPAtty, KisMAC, wpa_crack, wpa-psk-bf Shared Key Guessing Attempting 802.11 Shared Key Authentication with guessed vendor default or cracked WEP keys. WEP cracking tools
  • 24. Contd... Domain Login Cracking Recovering user credentials (e.g., Windows login and password) by cracking NetBIOS password hashes, using a brute-force or dictionary attack tool. John the Ripper, LOphtCrack, Cain Identity Theft Capturing user identities from cleartext 802.IX Identity Response packets Capture tools VPN Login Cracking Recovering user credentials (e.g., PPTP password or IPSec Preshared Secret Key) by running brute-force attacks on VPN authentication protocols. ike_scan and ike_crack (IPsec), anger and THC- pptp- bruter (PPTP Password Speculation Using a captured identity, repeatedly attempting 802.IX authentication to guess the user's password. Password dictionary
  • 25. Contd... LEAP Cracking Recovering user credentials from captured 802.IX Lightweight EAP (LEAP) packets using a dictionary attack tool to crack the NT password hash. Anwrap, Asleap, THC- LEAPcracker