Classic New
server-side attack: no interaction required from victim user. Probe daemon on device directly
generation victim-user-to-server attack: target daemon available on LAN interface only (NOT WAN). Exploit relies internal user as a proxy to attack device from inside the network
Demo time: owning cameras Hollywood style!
axis-defacer.sh demo tool
Why "and beyond"
OK, so you compromise an appliance. So
what i.e.: who cares about my printer being owned
We need to think in more than one dimension:
How far can you go after you own a device
Why "and beyond" : stepping stone attacks
If Internet-visible device not properly
segmented we can use compromised device as stepping stone and probe the internal network (LAN)
Internet
-> Target Device -> LAN
Not many companies consider DMZing
"miscellaneous" devices
i.e.:
printers, IP cameras, VCR appliances, UPS appliances
Why "and beyond" : stepping stone attacks (pt 2)
Most of what we need to probe the LAN
already on device. i.e.:
Axis
camera with shell scripting (mish) and PHP support
with port-forwarding functionalities
Routers
Why "and beyond" : stepping stone attacks (pt 3)
brute-force URLs of internal web server
via Axis cameras telnet interface
#!/bin/mish [snip] for i in `cat $2` do if shttpclient -p $1/$i/ | grep 404 > /dev/null then : else echo "possible resource found: $1/$i/" fi sleep $3 done
Why "and beyond" : exploit password reuse
Dump all passwords stored on device and try
against all login interfaces on target companys netblocks
Passwords
could be found on: HTML source code (i.e.: type="password" fields), config file, SNMP OIDs
Login
interfaces include: SSH, telnet, FTP, Terminal Services, VNS, SSL VPNs (i.e.: Juniper SA), SNMP, etc …
Why "and beyond" : exploit password reuse (pt 2)
- snmpwalk > Public/independent
-
Public/independent
下载该文档 文档格式:PDF 更新时间:2009-02-02 下载次数:0 点击次数:1文档基本属性 文档语言: Simplified Chinese 文档格式: pdf 文档作者: z 关键词: 主题: 备注: 点击这里显示更多文档属性 经理: 单位: 分类: 创建时间: 2009-11-02 09:39:32 上次保存者: 修订次数: 编辑时间: 文档创建者: 修订: 加密标识: 幻灯片: 段落数: 字节数: 备注: 演示格式: 上次保存时间:
- 下载地址 (推荐使用迅雷下载地址,速度快,支持断点续传)
- PDF格式下载
- 更多文档...
-
上一篇:网路存取监控
下一篇:''nlorTlbush':"Mother
点击查看更多关于snmpwalk的相关文档
- 您可能感兴趣的
- snmpwalk安装 snmpwalk下载 snmpwalk工具
- 大家在找
-
- · 历史必修2说课稿
- · 中国管理思想史讲义教案
- · 电视剧千山暮雪25集
- · asbethecase
- · 找咖啡店服务员的兼职
- · 鬼片电影大全林正英
- · 计算机等级考试报名
- · 2012青海老师招考
- · matlab2011电驴
- · 北京奥运会金牌榜
- · 电子电工题
- · 山西焦煤集团胡文强
- · led日光灯管照度测试
- · 本田思迪改装车
- · 经济学专业描述
- · 医学检验专业知识
- · cad图如何放入word里
- · 橡胶全包紧身衣窒息
- · 钢筋工理论知识
- · 三菱plc编程视频教程
- · matlab2010免费下载
- · 链轮CAD
- · webqq
- · 公路施工手册
- · 51自学网coreldraw
- · 电工电子技术试题网络教育
- · cad复制到word软件
- · 昆明3mm钢板价格
- · 物流园区规划与设计图
- · 爱上查美乐中的歌曲
- 赞助商链接