Researching System Vulnerabilities

belchertownshuffleΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

86 εμφανίσεις

University of Bahrain

College of IT

Department of Computer Science

ITCS 412: Cryptography and Network Security


Homework

#
1

Due Date:
20
/
3
/201
2


Researching System Vulnerabilities

2
0

MINUTES



There are websites that have listings of vulnerabilities and methods in which those
vulnerabilities can be exploited. One source is
Common Vulnerabilities and Exposures (CVE)

database.
Vulnerabilities

are known openings in systems that can be exploited by
users. In this
exercise you will search the Internet for vulnerabilities
and find utilities to test those utilities.

Step 1: Search Google

1.

Open Internet Explorer and type
http://www.google.com

2.

In the Google search box, type
iis
6
.0
vulnerability

exploits



How many hits? What were the domain names of the top
three

hits?

About 197,000

www.microsoft.com/technet/security
/bulletin/ms06
-
034.mspx

www.microsoft.com/technet/security/bulletin/ms09
-
053.mspx

www.blog.
g
-
sec.lu/2009/09/iis
-
5
-
iis
-
6
-
ftp
-
vulnerability.html



Step 2: Search the CVE database

1.

In the Internet Explorer, type
http://www.cve.mitre.org


2.

click on
CVE List

link
, from top menu

3.

In the
national
Vulnerability

Database

rectangle, click on
CVE search on NVD
.

4.

In the
search by key word

box, type
IIS 5.
0 and click
search



How many vulnerabilities found?

69 vulnerabilities.


5.

Click on the vulnerability
CVE
-
2001
-
0333



Read the information about it



What is directory trav
ersal and why is it considered a vulnerability
?

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute
arbitrary commands by encoding .. (dot dot) and "
\
" characters twice.

It may allowed the hacker to access private ar
ea in the system or get private information




What

is the impact of this vulnerability
?

Allows unauthorized disclosure of information; Allows unauthorized modification;
Allows disruption of service


Step
3
: Packetstormsecurity

Packetstormsecurity

is a nonprofit organization composed of security professionals who are
dedicated to providing the information necessary to secure networks worldwide.

1.

In the Address bar of

IE,
type

http://www.packetstorm
security.com

2.

In the search box, type
windows crash



How many hit
s
?

108 Search files found for windows crash.


3.

Look for
SMBDie
. What does it do?

SMBdie is a proof of concept tool which crashes Windows machines with Netbios
enabled by sending a specially cra
fted SMB request. Tested against Windows
NT/2k/XP/.NET RC1.


4.

In the search box, type
windows
XP

password crack



Select the first hit, and explain how it works.

Burncrack is a burneye cryptographic layer 1 & 2 cracker which can work together with
john the ri
pper for password generation. It can crack and unwrap burneye layer 1 and
layer 2 protected binaries without having to run them, on both windows (Cygwin) and
linux platforms.