issuhub.com

CEH

(Jeff_L) #1

Exploring the Client-Server Relationship 321


Vulnerable Software Some software implementations that encrypt the transmission of
data, such as Secure Sockets Layer (SSL), may suffer from poor programming and thus
become vulnerable to attacks such as buffer overflows.


Some tools and resources are available to help in assessing the security of web
applications and their associated encryption strategies:


■ OpenSSL, an open source toolkit used to implement the SSLv3 and TLS v1 protocols:


http://www.openssl.org

■ The OWASP guide to common cryptographic flaws: http://www.owasp.org


■ Nessus Vulnerability Scanner, which can list the ciphers in use by a web server: www


.nessus.org

■ WinSSLMiM, which can be used to perform an HTTPS man-in-the-middle attack:


http://www.securiteinfo.com/outils/WinSSLMiM.shtml

■ Stunnel, a program that allows the encryption of non-SSL-aware protocols:


http://www.stunnel.org

Directory Traversal Attacks


Another type of attack is the directory traversal attack, which allows an attacker to move
outside of the web server directory and into other parts of the host system. Once outside
this directory, the attacker may then be able to bypass permissions and other security
controls and execute commands on the system.
To execute this attack, an intruder takes advantage of errors or weaknesses in one of
two areas


■ Access control lists (ACLs), which are used to indicate which users and groups are


allowed to access files and directories on a server as well as what level of interaction is

allowed.

■ Root directory, which is the directory on the server to which users are specifically


restricted. Typically this is the highest-level folder they are allowed to access. The

root directory acts as the top directory in the website and prevents users from gaining

access to sensitive files on the server.

To perform a directory traversal attack, surprisingly little is needed—just some knowledge
and a web browser. With these tools and patience, it is possible to blindly find default
files and directories on a system.
The success of the attack depends largely on the configuration of the website and server,
but there are some common threads. Typically the attackers rely on taking over or spoofing
themselves as a user and gaining access to anything the user has access to.
In web applications with dynamic pages (such as ASP or ASP.NET), input is usually
received from browsers through GET or POST request methods. Here is an example of a
GET HTTP request URL:


http://beta.canadiens.com/show.asp?view=history.html

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.