Recognizing Application Attacks Flashcards
Dump the SAM
Privilege Escalation attack that gets the Security Accounts Manager on Windows
Retrieve /etc/password file
Privilege Escalation attack on a Linux machine
Look for insecure file shares
Privilege Escalation attack
DLL preloading
Privilege Escalation attack that replaces good dll’s with hacked versions.
Insecure or weak security processes
Privilege Escalation attack
Non-persistant XSS
Crafted URL for email blog posts
DOM based XSS
Used to hijack sessions
Persistant XSS
Server based that can execute on users PC by visiting infected site.
SQL Injection Attack
Modifying the query to get additional information not allowed.
DLL Injection
Inserting code into a running process and attach memory and then run.
LDAP Injection
Modified query to get LDAP to bring back different information than intended.
LDAP
Lightweight Directory Access Protocol that checks for user and group permissions in AD.
XML Injection
Manipulates XML file to perform different logic.
Pointer Dereference
Cause an application to throw an error an crash. (DOS attack or Remote Code execution.)
Directory Traversal/Command Injection
Manipulates user input to gain access to files not intended to be visible.
Buffer Overflow
Enough data to overflow memory allowing an attacker to input their code and elevate their privileges.
Race Conditions
Being able to manipulate the order that actions are to be performed allowing them to get access or modify or disclose data.
Time of Check
Part of race condition, where an attacker is able to gain access before the authentication check.
TOCTTOU
Time of Check to Time of Use
Replay Attack
Captures packets and puts them back on the wire. Can be stopped with digital timestamps aka sequencing.
Integar Overflow
When the equation results in a higher than allowed amount and the integar starts to wrap around cause it can’t fit. Reverse money sent to money received etc.
Cross Site Request Forgery (XSRF See-Surf)
Stealing a users active cookie.
API
Application Programming Interface (API could be the gas petal that runs the car so you don’t need to know how the engine works but you just need to know the gas petal)
XSS vs XSRF
XSS: Browser runs code because it came from a site it trusted.
XSRF: Server performs an action cause it was sent from a client it trusted.
API Attack
Hostile attack (all methods) that are no longer protected by traditional security measures like WAF and port blocking.
Resource Exhaustion
Attack that keeps going until all resources are used. DOS
Memory Leak
Normally unintentional use of memory where the application doesn’t release back the memory. Used to crash the system and gain privileges.
SSL
Secure Socket Layer
SSL Stripping
Man in the middle attack that strips away SSL encryption and allows them to intercept traffic. (Wireshark)
SSL Stripping Mitigations
Use SSL everywhere. Use HSTS which forces everyone to use HTTPS
Shim Databases
Part of Windows Application Compatibility Infrastructure to allow legacy applications to run. Backward compatibility
Shimming
Use the Shim databases to install bad stuff.
Refactoring
Modifying source code without making functional changes. Good version is to make queries run faster.
Pass the Hash
Harvesting user hash while they are accessing remote resources. Then using the hash for the password.
