Attacking Network Protocols – CH 10 – FIN

Attacking Network Protocols – CH 10 – FIN

Fuzzing: Feeds random/not-so-random data into protocol to force processing app to crash in order to ID vulns Yields results no matter complexity Produces simple multiple test cases: Sent to app for processing Can be generated auto using random mods/under direction from analyst Simplest: Sends random garbage to see what happens: cat /dev/urandom | nc hostname port Reads data from system’s RNG device using cat: Piped into netcat: Opens connection as instructed Mutation Fuzzer: Using existing protocol data/mutate it in some…

Read More Read More

Attacking Network Protocols Ch 9 Notes

Attacking Network Protocols Ch 9 Notes

Vulnerability Classes: RCE Remote Code Execution: Running arbitrary code w/app that implements protocol Hijacking logic of app/influencing cli subprocesses created in normal op Allows attacker to compromise sys of app executing Access to anything app can access: Maybe hosting network compromised too DoS Denial of Service: Causes crash/unresponsiveness Denies usr access to app/service Categorized as: Persistent: Perm prevents usr from accessing service Non-persistent: As long as attacker attacks Info Disclosure Exists if there’s a way to get an app to…

Read More Read More

Attacking Network Protocols CH 7 Notes

Attacking Network Protocols CH 7 Notes

All secure protocols should do the following: Confidentially: Protect data from being read Integrity: Protect data from being modified Prevent attacker from impersonating server/client via server/client auth Encryption: Data confidentiality Signing: Data integrity/auth Substitution ciphers Simplest form of encryption Alg to encrypt a value based on a sub table that contains 1-to-1 mapping bet plaintxt/cipher txt value Cipher value is looked up in a table/original txt replaced Fails to withstand cryptanalysis Frequency analysis: Commonly used to crack substitution ciphers Correlates…

Read More Read More

Attacking Network Protocols CH 6

Attacking Network Protocols CH 6

2 main kinds of reverse engineering:   Static Dynamic   Static Process of disassembling a compiled executable into native machine code Using that code to understand how the executable works Dynamic Executing an application/using tools like debuggers/function monitors Inspect the application’s runtime operation Compilers, Interpreters and Assemblers: The way a program executes determines how it’s reverse engineered Interpreted Languages: Ex. Python/Ruby/Scripting langs Commonly run from short scripts written as text files Dynamic/speed up dev time Interpreters execute programs more slowly…

Read More Read More

Attacking Network Protocols CH 4-5 Notes

Attacking Network Protocols CH 4-5 Notes

Traceroute Windows tracert *nix traceroute Mac Windows -h NUM *nix  -m NUM Routing tables: Windows route print *nix netstat -r Enabling Routing: 0 to disable Windows reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ^ /v IPEnableRouter /t REG_DWORD /d 1 *nix sysctl net.ipv4.conf.all.forwarding=1 | sysctl net.ipv6.conf.all.forwarding=1 MacOS sysctl -w net.inet.ip.forwarding=1 NAT: 2 types common today:   SNAT: Source Network Address Translation DNAT: Destination Network Address Translation   Diff bet 2: Which address is modified during NAT processing of traffic Enabling SNAT: When you want…

Read More Read More

ATTACKING NETWORK PROTOCOLS: NOTES CH3

ATTACKING NETWORK PROTOCOLS: NOTES CH3

Binary Protocol Structures: Smallest unit of data single binary digit: octet: 8-bit units/bytes: unit of network protocols Bit fmt: 0 (Bit 7/MSB) 1 0 0 0 0 0 1 (Bit 0/LSB) = 0x41/65: Octet: 0x41 MSB: Most Significant Bit || LSB: Least Significant Bit Numeric Data: Data values represented: Core of binary protocol: Ints/dec values: Length of data/ID tags Unsigned ints: Based on position: Values added together to represent the int Bit Dec Hex 0 1 0x01 1 2 0x02…

Read More Read More

Attacking Network Protocols: Notes CH1-2

Attacking Network Protocols: Notes CH1-2

Network protocol functions: Session state Create new/terminate existing connections Addressing ID specific nodes/group of Flow Data xfer: Increase throughput/reduce latency Arrival Order sent: Can reorder to ensure delivery Find/correct errors Detect corruption Fmt/encode data Specify ways of encoding TCP/IP: Link Phys: Xfer info bet nodes: Ethernet/PPP Internet Addressing: IPv4/6 Transport Connections client/server: Correct order packets/multiplexing Service multiplexing: TCP/UDP: Single support: Diff services:Assigns diff #’s for each port App Protocols: HTTP/SMTP/DNS etc.. Apps: Following components: Network comm Process inc/out data: SMTP/POP3…

Read More Read More

Notes: CH 7. Fundamentals

Notes: CH 7. Fundamentals

Arrays Store/work w/multiple values of same data type: A var that can store a group of values Example: int days[6]; Name[Size declarator] Size declarator: Indicates # of values array can hold: days can hold 6 values/elements: Each 1 is an int Size declarator: Must be a constant int expression w/value greater than 0: Can be a literal/named constant Example: const int NUM_DAYS = 6; int days[NUM_DAYS]; Each element in days array displayed below: Element 0 Element 1 Element 2 Element…

Read More Read More

WCNA Notes: CH 9: DNS (small recap already have stuff on this)

WCNA Notes: CH 9: DNS (small recap already have stuff on this)

Network Name Resolution Protocols: Procedures that govern rules used in manual/dynamic name resolution Provide the definitions/mechanisms involved in client/server apps LLMNR Link-Local Multicast Name Resolution: RFC 4795: Based on DNS packet fmt Allows IPv4/6 nodes to perform resolution for other devices connected to same local link Server12/WIn7+ support Limited to single network segment: Not designed to cross rtr boundaries Name resolution services in envs where DNS can’t be used: Smaller networks Can be sent using TCP LLMNR exchange: LLMNR sending…

Read More Read More

Notes: Sams/Shellcoder’s HB

Notes: Sams/Shellcoder’s HB

No distinction bet instr/data: Processor fed instructions when should see data: Executes anyway: Exploitation Program executed certain way: Elements mapped into mem: OS creates address space/actual program instructions/data 3 types of segments: .text Mapped read-only: Program instructions .bss Writable: Reserved: Global vars: Uninitialized .data Writable: Reserved: Global vars: Static initialized Stack: Data structure Stack LIFO: Last In First Out: Most recent data placed/pushed on stack while next item rem/popped from it Non-permanent storage: Local vars/info for function calls Other info…

Read More Read More