1.3 Application Attacks Flashcards
Define Privilege Escalation
Using an existing account to gain privileges beyond that account
Examples of privilege escalation attacks (2)
- User A gaining access to resources that only granted to User B
- Using a regular user account to launch an attack gaining Administrator/Root access
Preventing Privilege Escalation attacks (3)
- Data Execution Prevention (DEP)
- Anti-Virus/Malware
- Keeping OS patches up-to-date
Cross Site Scripting attack (XSS)
Taking advantage of web browsers and web-based applications use of JavaScript to launch attacks
2 Types of Cross Site Scripting attacks
- Non-Persistent (Client-side)
- Persistent or Reflected (Server-side)
Define Non-Persistent Cross Site Scripting Attack
Sends a malicious link to a valid, vulnerable web site with malicious JavaScript appended to input fields that will run silently in the background when the user clicks it
Define Persistent Cross Site Scripting Attack
Permanently posting malicious JavaScript on a site that runs every time the page is launched, i.e. via sites that display user messages or forum sites
Difference between Persistent and Non-Persistent Cross Site Scripting Attack
Non-persistent initiated from user’s browser, Persistent is stored on the web-server and runs every time some one accesses the web page
Define Injection Attack
Adding or removing information from a data stream for malicious intent
4 Common Injection Attacks
- SQL Injection
- XML Injection
- DLL Injection
- LDAP Injection
Define SQL Injection
Capitalizing on poorly designed web sites to extract data from databases via modified SQL statements
Define XML Injection
Appending malformed XML to XML exchanged between devices for malicious intent
Define LDAP Injection
Injecting data to LDAP data exchanges to access information from LDAP database
Define DLL Injection
Attaching a malicious DLL to a valid process so that whenever the valid process is run, the malicious process is also run
Define Pointer/Object Dereference, how and result
- supply a pointer for memory locations that the product is not expecting
- attack might allow modification of critical state variables, cause a crash, or execution of code
Define Directory Traversal attack and specific server type vulnerable to it
Accessing directories on a web server outside of the publicly available directories hosting the web content
Define Buffer Overflow attack
Using one section of memory to overwrite another section of memory causing the application to crash
What causes buffer overflow vulnerabilities?
Poor application programming
Define Race Condition attack
Taking advantage of simultaneously running processes for malicious intent
What is a TOCTOU attack?
Time-Of-Check to Time-Of-Use attack, taking advantage of the timing of the execution of processes for malicious intent, i.e. transferring more money from an account than the available balance due - Race Condition
What vulnerability exists related to application error handling?
Improper error messages might expose valuable system information, such a stack trace dump, that can be used for further malicious activities
Vulnerability exposed by improper input handling?
Improperly or not validating data input by users opens application up to injection attacks
Define replay attack
Gaining information, such as Session IDs, from network traffic and then using that information to create malicious requests
Define Session Replay attack
Attacker is able to pose as an authorized user by obtaining a session id and posing as another valid user or system
Preventing Replay attacks (2)
- Encrypt all communications
- Salting hashes
Define Integer overflow
Occurs when a larger integer is assigned than memory space is allocated for, causing it to overflow into another memory space crashing an application
Define Cross-Site Request Forgery
Initiating unwanted actions via client-side browser using an authenticated session
What is the abbreviation for Cross-Site Request Forgery? (2)
XSRF or CSRF
How is a Cross-Site Request Forgery attack initiated?
It is dependent on the victim clicking on a malicious URL
Define Server-Side Request Forgery
A forged request initiated from the server to access services that are not publicly exposed
How is a Server-Side Request Forgery attack initiated?
Malicious requests are sent to a vulnerable web application that then accesses private services to perform malicious actions
Define application programming interface (API) attack
Sending malicious HTTP GET requests to an API service to cause a system crash, obtain information, or perform other malicious actions
Define Resource Exhaustion attack
A type of denial-of-service attack often launched from a single low-bandwidth device to crash a device or service by consuming all of its resources
What are 2 examples of Resource Exhaustion attacks?
- Sending a small zip file that is huge when decompressed
- DHCP starvation - creating a bunch of DHCP requests to consume all of the addresses available in the pool
Define Memory Leak in an application
A vulnerability where memory is not released after use and eventually the application consumes all available memory on the device
Define Null Pointer Dereference vulnerability in an application
A vulnerability where a memory value is replaced with a NULL value causing the application to crash if not properly handled
Define SSL Stripping attack
A man-in-middle attack to intercept HTTP(S) communications. The client browser is tricked into downgrading to using HTTP, instead of HTTPS, and HTTP is relayed to the client and HTTPS is relayed to the server. The malicious middle host is now able to access all information communicated.
How to avoid SSL Stripping attack
Configure client browsers and web servers to not allow HTTP, only HTTPS
Define Driver Manipulation attack
Exploiting vulnerabilities in drivers to bypass anti-virus/malware scanning for malicious intent
Define Driver Manipulation - Shimming attack
A shim is a small library that translates API calls to create compatibility between and app and the OS. This shim can create an opportunity for malicious manipulation.
Define Driver Manipulation - Refactoring attack
Refactoring virus/malware code to evade signature detection by anti-virus/malware programs
Define Pass-the-Hash attack
If an attacker can capture a hashed password, they can use it in a replay attack to authenticate and impersonate a user or system