Data Gathering > Manual Discovery:
Not all vulnerabilities are discovered using automated vulnerability scanners, many hackers prefer to use manual tools such as hping, nmap and others. Some interesting classes of tools are as follows: some tools allow you to construct network packets manually, others use advanced techniques to discover information about the server, and others allow the hacker to customize web requests in real time thus bypassing any client security.
Tools such as hping allow the hacker to construct a customized network packet, which the web application, or service may not be expecting. Hping sends any type of network packet including ICMP, TCP or UDP, after the packet has been sent it records the response it receives. Hping allows the hacker to set each property on the packet such as any flags, the time to live, fragmentation, which port to send to, which port to send from, what protocol to use, and much more. Overall this class of tool allows the hacker to manually construct any packet that could possibly penetrate a firewall or could cause other problems on the server.
Advanced network discovery tools allow the hacker to uncover vital information about the server such as Operating System type, vendor and version number of each service running and an ability to learn where the firewall resides and how it is blocking incoming packets. A tool such as nmap has many types of scans implemented, including standard scans as well as focused, underhanded scans such as Stealth FIN, Xmas, or Null Scans. There are also options for different scan orders which may help bypass some Intrusion Detection Systems.
There is a class of tools which works as a web proxy which allows an attacker to view and edit web requests before they are sent back to the server. These tools also allow the hacker to guess HTTP or Cookie session ID, and discover SQL injection attacks. This can be a very powerful tool for a hacker if data is not verified on the server. Another method for editing web requests and discovering SQL injection attacks is to backup the site onto a local server, edit the form values and use the new edited forms to submit malicious web requests.
Techniques:
Technique |
Information Gathered |
Customize network packets |
Crash server, discover firewall, open ports, services |
Advanced network mapping |
Crash server, discover firewall, open ports, services, operating system, app names, app versions, RPC scan |
Web proxy |
HTTP/Cookie session ID, SQL injection attacks, hidden form elements. |
Tools:
Hping2 – A hacker uses hping and hping2 to generate specific packet requests to be sent to a server.
Nmap – Nmap is a fast and complete network scanning tool for advanced network mapping techniques.
Wget – Wget allows a hacker to quickly script the backup of an entire website to send malicious form requests back to the server.
webSleuth – This is a type of tool that allows the hacker to intercept the incoming and outgoing HTTP requests by using a localhost proxy. This can be used to easily change the hidden fields of a HTML form.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Next>> |
Provided by: Security Innovation, The Application Security Company