Lec 04- Application Security
This module covers:
- Buffer Overflow
- SMTP Open Relays
- P2P File Sharing
- Instant Messaging
ActiveX controls foremerly known as COM componenet Object Model, and OLE Object linking and Embeding, is way of executing code in client system to enhance user experience.
ActiveX controls are compiled code. Native binary code.
There are 2 types of activeX controls:
1- controls in web pages to enhance user experience.
2- Addons for browsers.
Windows internet explorer browser support activeX till windows 10. Windows Edge browser does not support activeX.
Extention for ActiveX could be .ocx, .cab, .dll.
ActiveX should be singed with Authenticode.
Other than internet explorer browser by microsoft, activeX is supported by microsoft office, microsoft visual studio, windows media player.
If user trust a signed activeX control, then activeX control can take control of whole machine.
So, check for activeX controls embeded inside web pages and browser adons as well.
Similar technologies like ActiveX are:
NPAPI, netscape Application programming interface, only for browser.
NaCl, Google Native Client. Only for browser and execute in sandbox.
Java Applets: Only execute in Sandbox.
Tools to fuzz activeX controls are:
- Open com Raider Fuzzer.
Collection of malicious ActiveX controlls that should block on machine, and does not execute.
How activeX is exploited?
1- Know CLSID of program
2- Know progID of program
3- Know dll of program
4- upload dll in open com raider fuzzer program
5- create a batch file say 1.bat
6- Edit the dll file , so to call the batch file 1.bat
7- write the exploit code.
Here we discuss java applets.
Java applets are executed in sandbox after user accept applet. Although, java applets execute in sandbox, still, it give too much access to attacker.
User IDS/IPS to block malicious java applets.
Use GP or workstation settings to control execution of java applets.
CGI scripts are notorious for buffer overflows.
Cross site scripting:
If XSS is discovered, hacker can use XSS for:
- Hacking cookies
- Browser keylogging,
- Show phishing dialogs to victim to credentials harvesting,
- Open popups/popunders
- Using victim browser as proxy.
- Sending spam emails
- clicking ads
Countermeasure to XSS:
- input validation
- Session cookies
- Cookies httpOnly, secure attribute
providing more input data than expected allow hacker to controll exploited target system on which vulnerable software is installed.
SMTP Open Relay
SMTP server allow third party emails.
Spammers use these misconfigured SMTP servers for sending spam emails.
P2P File Sharing
email phishing, mobile phishing, IM phishing.