Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 05_ocred_fax_ocred.pdf

Full Transcript

Exam 212-82 Exam 212-82 Technician Cybersecurity Certified ian curity Technic d Cyberse Certifie Information Security Attacks Attacks y Securit Information F) (SSRF) Forgery gery (SSR Reques Side uestt For Serverde Req ver-Si Ser Attack ck Atta crafted send crafted server toto send web server public web vulnerabilitie SSRF vulnera exploit SSRF Attackers bilitiess inin a a public rs exploit OO Attacke requests the internal internal oror back back end end servers servers s toto the request m various various perform can perfor attackers rs can the attacke performed, the successfully is med, attack the Once the attack is successfully perfor OO Once ry, s discove discovery, address scanning, ng, IPIP addres network scanning, k scanni port scannin such asas port activities g, networ es such activiti ticationn authenticatio host-based bypassing ased authen and bypass files, and server files, web server ing host-b reading web reading wee o® ‘.,.-'. o Ve “::m et ¢ \\c‘).,o‘ “ed @ R oatl Pe’ 9““}‘5‘ = aa“efi @ et ot® seg\d‘»\“e‘a\;-\?_?.-‘ et ‘*"".-“";c ool “efi“.\?-" ',.--"‘\\e"‘“ ,\\0“‘*..-""\ “.‘3.-"‘ Wit g.-"‘;bac\""’ a"v' g.-"";n ese® {1g o’ otooVRty.-o oo SaF @Y ot® oo o ,o"' e 4 4.. +*" o0°°) -. A A] Web Web Server Server £ ee* Web - l server Interna Internal server :1 with : : dswith responds respon 3 Web server server sends sends t onon behalf behalf 1 i reques request data: data & v e r 1 : ofof theuse - the user v |. —5 o (= 2 {=! Attacker Attacker [—— communication with tion with communica Firewall blocks direct the Internal internal server server the == Database Server — Firewall Firewall — Database Server Copyright ©© byby EC-{ Copyright ions Strictly Prohibited L L AlAll Rights Rights Reserved. Reserved. Reproduct Reproductionis Strictly Prohibited. ck Attack (SSRF) F) Atta Forgery Request ide Requ ery (SSR Server-S est Forg er-Side serv the from the evolvee from rabilities ties,, which evolv vulnerabili (SSRF)) vulne ry (SSRF forgery request st forge server-sid exploit Attackers r-side reque it serve kers explo Attac sts to crafted reque the to the requests servers to send crafted public web servers applicatio cation, in public functions unsafee use ions in an appli use of funct unsaf prevent to prevent firewalls to implemented by firewalls usually implemen servers are usually Internal servers internal servers. Internal backend servers. or backend internal or ities inin vulnerabilities leverage SSRF vulnerabil attackers leverage Therefore,, attackers inflows. Therefore traffic inflows. the unwanted traffic network from unwanted the network by aa protected by servers that are protected backend servers access to the backend Internet-f servers to gain access Internet-facing web servers they because they server because request is made by the web server believes that the request firewall. server believes backend server The backend firewall. The it. stored ininit. responds with the data stored are network and responds the same network on the are on resource external resource an external from an onn from informatio obtain informati initiated to obtain are initiated Generally, requests are server-side requests Generally, server-sid such asas URL such utilize aa URL can utilize designer can instance, aa designer For instance, n. For application. and an applicatio into an feed itit into and feed attackers feed. IfIf attackers remote feed. obtain aa remote ed/to toto obtain /feed/to l=externa lsite.com/fe ed.php?ur yz.com/fe =externalsite.com https://x.php?url com/feed https://xyz. server. the server. on the resources on local resources the local all the view all can view they can then they localhost, then the localhost, can input toto the URL input the URL alter the can alter evolve. ities evolve. This vulnerabilities SSRF vulnerabil how SSRF This isis how port such asas port activities such various activities perform various can perform attackers can , attackers performed, ly performed Once successfully attack isis successful the attack Once the hostbypassing ofof hostfiles, bypassing server files, web server reading ofof web discovery, reading address discovery, scanning, scanning, IPIP address network scanning, scanning, network execution. code execution. remote code and remote protocols, and critical protocols, with critical based interactionn with tion, interactio authentication, based authentica Module 241 Page 241 Module 0202 Page EC-Gouncil Copyright © © byby EC-Council Technician Copyright Cybersecurity Technician Certified Cybersecurity Certified Prohibited. Strictly Prohibited. Reproduction is isStrictly Reserved. Reproduction Rights Reserved. AllAll Rights Certified Cybersecurity Technician Information Security Attacks Exam 212-82 ,-'7 -"7 pe ® o5t (9 et ed‘ea\):gse \}“\\ o v " ““\\ 3“9 (3“ he® et. @“‘ep. Set\“"d@ ‘:e“‘“c “e““\“?“' “equ\t\?‘_,..oo*® ‘0“..'.-' oV e o '-“.' o,..,.-' o ot * -'.“ o. o* ‘-"‘." 03‘-3 Oa"a e* ot ” ‘c ‘C..o‘t“e L "‘, ,.-".““e “.".“ac\“o 3(.\“0 “,..-' 15%¢.\Sse ot “_.-" e. o'o."‘.. ad.".o."" C 3 » Web Server A A.H :. ,. e 9 - Internal server E: serversends Web server E: Web sends with :E responds with responds data data -; behalf :~ request request on on behalf user :s ofof the the user ‘\" 9 e n - H.= V v il ‘o" -."'. e -"" “...’ l“.“.--"“ oo Attacker Firewall blocks direct communication with Internal Firewall Database Server the internal server Figure 2.38: Demonstration of SSRF attack Module 02 Page 242 Certified Cybersecurity Technician Copyright © by EG-Council EGC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Application-level DoS Attack OO Attackers exhaust available server server resources resources by by sending sending hundreds of resource-intensive requests such as retrieving requests ety TN 153 w1 ctwv R large image files or requesting dynamic pages that require expensive on expensive search search operations operations on the backend of database servers Q oy PRrveladbey O 8 e SSn St DR St e dnwss SRR e e ] B %0 ' 2WPews maleresne - 0 eo oool X ERREERER Targets Targets.& CPU, LTI Memory, and Sockets