1 / 14

A Real World Attack: wu-ftp

A Real World Attack: wu-ftp. Description. There have many intrusion accident happened in day. Do you know what technique that crackers can intrude your web server, mail server and ftp server.

oki
Download Presentation

A Real World Attack: wu-ftp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Real World Attack: wu-ftp

  2. Description • There have many intrusion accident happened in day. Do you know what technique that crackers can intrude your web server, mail server and ftp server. • Today, this exercise will guide you through the process of discoveringa vulnerable system, exploitingthe vulnerability, and installing software to cover your tracks.

  3. Purpose • Located a vulnerable system • Exploit that vulnerability to gain a root shell • Installed a RootKit • Access the system via the RootKit

  4. Principle and Pre-Study (I) • CERT Advisory CA-1999-13 Multiple Vulnerabilities in WU-FTPD • MAPPING_CHDIR Buffer Overflow • Message File Buffer Overflow • SITE NEWER Consumes Memory • http://www.cert.org/advisories/CA-1999-13.html

  5. Principle and Pre-Study (II) • What is Buffer overflow? A type of programmatic flaw that is due to a programmer allowing for an unbounded operation on data.

  6. Required Facilities • WARNING: • This process of cracking a system is only tested in internal network. • Do not actual exploit on unprivileve host • Hardware • PC or Workstation with UNIX-like system • Software • Wu-ftp 6.2.0 • RootKits and Buffer Overflow Program

  7. Step (I): reconnaissance and scanning Use “nmap” for system scanning Test the account of anonymous

  8. Step (II): exploit the target Decompress the buffer overflow file and compile it List the usage of this tool

  9. Step (III): cracking Execute the buffer overflow on target host Got the root right

  10. Step (IV) • Download the rootkit from outside and install it checking the login user Download the tool from another victim Decompress the rootkit Execute the rootkit

  11. Step (V): auto-patch the victim the default login password change the system command open the telnet port Report the system information close the system filewall

  12. Step (IV) • try the rootkit if it works • Now you can do anything The Telnet daemon has been replaced Input the ID and the Password Which predefine by us We have got a root shell now

  13. Summary • Checking the OS and applications’ vulnerability periodically. • Catch the idea of “Defense in Depth.”

  14. Reference • CERT • http://www.cert.org/ • Nmap • http://incsecure.org/ • Buffer Overflow and RootKits download site • http://www.flatline.org.uk/~pete/ids/

More Related