1 / 14

A Real World Attack: wu-ftp

A Real World Attack: wu-ftp. Cao er kai ( 曹爾凱 ) g92430023@comm.ccu.edu.tw Tel: 05-272-0411 Ext. 23535. Outline. Description Purpose Principle and Pre-Study Required Facilities Step by step Summary Reference. Description.

medea
Download Presentation

A Real World Attack: wu-ftp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Real World Attack: wu-ftp Cao er kai (曹爾凱) g92430023@comm.ccu.edu.tw Tel: 05-272-0411 Ext. 23535 2004/03/03

  2. Outline • Description • Purpose • Principle and Pre-Study • Required Facilities • Step by step • Summary • Reference 2004/03/03

  3. Description • The exercise will guide you through the process of discoveringa vulnerable system, exploitingthe vulnerability, and installing software to cover your tracks 2004/03/03

  4. Purpose • Located a vulnerable system • Exploit that vulnerability to gain a root shell • Installed a rootkit • Access the system via the rootkit 2004/03/03

  5. Principle and Pre-Study • CERT Advisory CA-1999-13 Multiple Vulnerabilities in WU-FTPD • MAPPING_CHDIR Buffer Overflow • Message File Buffer Overflow • SITE NEWER Consumes Memory • http://www.cert.org/advisories/CA-1999-13.html 2004/03/03

  6. Required Facilities • Hardware • PC or Workstation with UNIX-like system • Software • Wu-ftp 6.2.0 • RootKits and Buffer Overflow Program • WARNING: • This process of cracking a system is only tested in internal network. • Do not actual exploit on unprivileve host 2004/03/03

  7. Step (I): reconnaissance and scanning Use “nmap” for system scanning Test the account of anonymous 2004/03/03

  8. Step (II): exploit the target Decompress the buffer overflow file and compile it List the usage of this tool 2004/03/03

  9. Step (III): cracking Execute the buffer overflow on target host Got the root right 2004/03/03

  10. Step (IV) • Download the rootkit from outside and install it checking the login user Download the tool from another victim Decompress the rootkit Execute the rootkit 2004/03/03

  11. Step (V): auto-patch the victim the default login password change the system command open the telnet port Report the system information close the system filewall 2004/03/03

  12. Step (IV) • try the rootkit if it works • Now you can do anything The Telnet daemon has been replaced Input the ID and the Password Which predefine by us We have got a root shell now 2004/03/03

  13. Summary • Checking the OS and applications’ vulnerability periodically. • None unsafe applications, but careless people 2004/03/03

  14. Reference • CERT • http://www.cert.org/ • Nmap • http://incsecure.org/ • Buffer Overflow and RootKits download site • http://www.flatline.org.uk/~pete/ids/ 2004/03/03

More Related