Lec 04- Application Security

Lec 04- Application Security

This module covers:

  • ActiveX
  • Java
  • Scripting
  • Cookies
  • XSS
  • Buffer Overflow
  • SMTP Open Relays
  • P2P File Sharing
  • Instant Messaging
  • Phishing

ActiveX

ActiveX controls foremerly known as COM componenet Object Model, and OLE Object linking and Embeding, is way of executing code in client system to enhance user experience.

ActiveX controls are compiled code. Native binary code.

There are 2 types of activeX controls:

1- controls in web pages to enhance user experience.

2- Addons for browsers.

Windows internet explorer browser support activeX till windows 10. Windows Edge browser does not support activeX.

Extention for ActiveX could be .ocx, .cab, .dll.

ActiveX should be singed with Authenticode.

Other than internet explorer browser by microsoft, activeX is supported by microsoft office, microsoft visual studio, windows media player.

If user trust a signed activeX control, then activeX control can take control of whole machine.

So, check for activeX controls embeded inside web pages and browser adons as well.

Similar technologies like ActiveX are:

NPAPI, netscape Application programming interface, only for browser.

NaCl, Google Native Client. Only for browser and execute in sandbox.

Java Applets: Only execute in Sandbox.

Tools to fuzz activeX controls are:

  • Open com Raider Fuzzer.
  • Dranzer

Killbits:

Collection of malicious ActiveX controlls that should block on machine, and does not execute.

How activeX is exploited?

1- Know CLSID of program

2- Know progID of program

3- Know dll of program

4- upload dll in open com raider fuzzer program

5- create a batch file say 1.bat

6- Edit the dll file , so to call the batch file 1.bat

7- write the exploit code.

Java

Here we discuss java applets.

Java applets are executed in sandbox after user accept applet. Although, java applets execute in sandbox, still, it give too much access to attacker.

User IDS/IPS to block malicious java applets.

Use GP or workstation settings to control execution of java applets.

Scripting

CGI scripts are notorious for buffer overflows.

php script on server side may also be vulnerable. So, have to check security of scripts in php, cgi, javascript.

XSS

Cross site scripting:

  • Stored
  • reflected
  • DOM
  • universal

If XSS is discovered, hacker can use XSS for:

  • Hacking cookies
  • Browser keylogging,
  • Show phishing dialogs to victim to credentials harvesting,
  • Open popups/popunders
  • Using victim browser as proxy.
  • Sending spam emails
  • clicking ads

Countermeasure to XSS:

  • input validation
  • Session cookies
  • Cookies httpOnly, secure attribute

Buffer Overflow

providing more input data than expected allow hacker to controll exploited target system on which vulnerable software is installed.

SMTP Open Relay

SMTP server allow third party emails.

Spammers use these misconfigured SMTP servers for sending spam emails.

P2P File Sharing

Instant Messaging

Phishing

email phishing, mobile phishing, IM phishing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s