Web Attacks
The focus of this chapter will be on Internet-based attacks. Security administrators
for organizations are aware that there are malicious parties on the Internet,
continuously looking for ways to penetrate any network they come across and in
defense, administrators have security measures in place. Common defenses include
Firewalls, IPS/IDS, host-based security products, such as Anti-Virus, Content Filters,
etc. In the past, these defenses were sufficient; however, threats are becoming more
sophisticated nowadays, with the ability to circumvent commercial off the shelf or
"COTS" security solutions. The tools covered in this chapter will include methods in
Kali Linux, used to bypass standard security defenses from a remote location.
This chapter wraps up the Penetration Tester's attack arsenal. After reviewing material
covered in previous chapters, you should understand how to conduct reconnaissance
on a target, identify server-and client-side vulnerabilities, and techniques used for
exploiting them. This chapter will cover the final element of attack related to using web
applications as a front end. In addition, we will explore how to take advantage of the
web server itself and compromise web applications using exploits, such as browser
exploitation attacks, proxy attacks, and password harvesting. We will also cover
methods to interrupt services using denial of service techniques.
Browser Exploitation Framework – BeEF
Browser vulnerabilities can be exploited by malicious software to manipulate the
expected behavior of a browser. These vulnerabilities are a popular attack vector,
because most host systems leverage some form of Internet browser software. Let's
take a look at a popular tool developed to exploit browser vulnerabilities.
There are many cool Penetration Testing applications that should be included in
your hacking arsenal, such as one of our favorites known as Browser Exploitation
Framework (BeEF). BeEF is a browser-based exploit package that "hooks" one or more
browsers as beachheads for launching attacks. A user can be hooked by accessing a
customized URL and continue to see typical web traffic, while an attacker has access
to the user's session. BeEF bypasses network security appliances and host–based, antivirus
applications by targeting the vulnerabilities found in common browsers, such as
Internet Explorer and Firefox.
BeEF is not included with the 1.0 release of Kali Linux, but can be found at
beefproject.com. We expect BeEF to be added into a future release of Kali
Linux based on its popularity in the Penetration Testing community.
To install BeEF, open a command terminal on Kali Linux as a root user and issue
the following commands:
expected behavior of a browser. These vulnerabilities are a popular attack vector,
because most host systems leverage some form of Internet browser software. Let's
take a look at a popular tool developed to exploit browser vulnerabilities.
There are many cool Penetration Testing applications that should be included in
your hacking arsenal, such as one of our favorites known as Browser Exploitation
Framework (BeEF). BeEF is a browser-based exploit package that "hooks" one or more
browsers as beachheads for launching attacks. A user can be hooked by accessing a
customized URL and continue to see typical web traffic, while an attacker has access
to the user's session. BeEF bypasses network security appliances and host–based, antivirus
applications by targeting the vulnerabilities found in common browsers, such as
Internet Explorer and Firefox.
BeEF is not included with the 1.0 release of Kali Linux, but can be found at
beefproject.com. We expect BeEF to be added into a future release of Kali
Linux based on its popularity in the Penetration Testing community.
To install BeEF, open a command terminal on Kali Linux as a root user and issue
the following commands:
•apt-get update
• apt-get install beef-xss
• apt-get install beef-xss
You may be asked to install, update, or overwrite some older files when you run the
apt-get update command. In most cases, you can just accept the default prompts.
When the update process is completed, you may use apt-get to install BeEF:
apt-get update command. In most cases, you can just accept the default prompts.
When the update process is completed, you may use apt-get to install BeEF:
Once the process is complete, you will have BeEF installed on Kali Linux.
To start BeEF, navigate to /usr/share/beef-xss directory and type ./beef to start
the BeEF server. Once BeEF starts, the URLs to manage BeEF and hook victims will
be displayed in the terminal window:
the BeEF server. Once BeEF starts, the URLs to manage BeEF and hook victims will
be displayed in the terminal window:
To access the administration server, open a web browser and go to the /ui/panel
URL. When tricking a victim into being hooked by BeEF, redirect the victims to the
BeEF server hook URL listed as hook.js. You will need to develop a strategy to get
the victims to access your hook URL, such as a phishing or social engineering attack,
which redirects users to BeEF.
URL. When tricking a victim into being hooked by BeEF, redirect the victims to the
BeEF server hook URL listed as hook.js. You will need to develop a strategy to get
the victims to access your hook URL, such as a phishing or social engineering attack,
which redirects users to BeEF.
In this example, we will go to: http://172.16.86.144:3000/ui/panel.The default
username and password are both beef.
username and password are both beef.
When a victim clicks on or is redirected to the "hook.js" website, the attacker on the
BeEF server will see the hooked browser. BeEF will add the new system to a list of
targets and display them if a hooked victim is online. Offline victims will become
vulnerable to attack once they reconnect to the Internet regardless if they access
the hook link prior to re-using the internet. The next screenshot shows BeEF's main
dashboard and options available to launch against a hooked system:
BeEF server will see the hooked browser. BeEF will add the new system to a list of
targets and display them if a hooked victim is online. Offline victims will become
vulnerable to attack once they reconnect to the Internet regardless if they access
the hook link prior to re-using the internet. The next screenshot shows BeEF's main
dashboard and options available to launch against a hooked system:
The previous example shows a hooked Windows laptop. BeEF can reveal the details,
such as whether the victim is using Firefox, Windows 32, specific browser plugins,
scripts, whether Java is enabled, and other useful information. The attacker can
execute commands on hooked machines, such as make a sound chime, grab session
cookies, capture screen shots, log keystrokes, and even use the hooked browser as
a proxy to attack other systems. Another example is having the hooked system log
into Facebook and using BeEF to capture the session cookie. An attacker can reply
to the authenticated session and have full access to the victim's Facebook account.
The possibilities for evil and destruction are endless. This beachhead could allow an
attacker unfettered access to the user's browser and all information that is needed to
access it.
such as whether the victim is using Firefox, Windows 32, specific browser plugins,
scripts, whether Java is enabled, and other useful information. The attacker can
execute commands on hooked machines, such as make a sound chime, grab session
cookies, capture screen shots, log keystrokes, and even use the hooked browser as
a proxy to attack other systems. Another example is having the hooked system log
into Facebook and using BeEF to capture the session cookie. An attacker can reply
to the authenticated session and have full access to the victim's Facebook account.
The possibilities for evil and destruction are endless. This beachhead could allow an
attacker unfettered access to the user's browser and all information that is needed to
access it.
BeEF provides the details of the hooked systems and logs the commands that are
executed. Both details of individual hosts and successfully executed command log
information could be copied into a final deliverable report:
executed. Both details of individual hosts and successfully executed command log
information could be copied into a final deliverable report:
Defending against browser-based penetration tools is difficult. The best defense is
ensuring that all browser-based software is updated with the latest versions and
security patches, along with disabling the browser from running Flash and Java. In
addition, security solutions that can detect common application-based threats such
as Next Generation Intrusion Prevention Systems (NGIPS) can provide an extra
layer of security. The majority of victims to penetration tools such as BeEF are users
who click links included in emails or social media guests posing as a trusted party
sharing things wrapped with malicious links/software/code and so on.
ensuring that all browser-based software is updated with the latest versions and
security patches, along with disabling the browser from running Flash and Java. In
addition, security solutions that can detect common application-based threats such
as Next Generation Intrusion Prevention Systems (NGIPS) can provide an extra
layer of security. The majority of victims to penetration tools such as BeEF are users
who click links included in emails or social media guests posing as a trusted party
sharing things wrapped with malicious links/software/code and so on.
Tidak ada komentar:
Posting Komentar