SECOPS 6: Common Attack Vectors Flashcards
Goal of Obfuscating javascript code
Protect IP of developers
eval()
Sign of JavaScript obfuscation
DOM
HTML Model for accessing web-based documents
jsunpack or jsdetox
Model to decode obfuscated javascript
JavaScript key variable
Always the first part of a string
‘+”"”)())();’
JavaScript string always ends with this.
DEP
Prevents the use of stack memory space for execution
DEP circumvented by…
heap memory
ASLR bypassed by…
egg hunting (executing code stub that ID’s memory location)
Shellcode stage payload
Buffer overflow to acquire memory space
Unstaged payload
No space limitations. Payload resides with a single memory space.
Way to detect shellcode on the network
Detect a sequence of NOP instructions.
NOP Sled
Sequence of NOP instructions that precedes shellcode.
NOP instructions do what?
Nothing, then move to the next instruction until they find the shellcode.
Snort and Bro use generic signatures to detect…
Shellcode
Metasploit singles
Self contained payloads that function on their own
Metasploit stagers
Sets up network connection between attacker and victim.
Stages
Actual malicious payload. Execution and exploitation.
Self contained.
Meterpreter
Executed only in memory.
Metasploiit NoNX
Circumvents DEP
DLL Injection
Stage payload is injected into compromised host process running in memory. Never written to disk.
.,\
Used for directory traversal. Up a level.
SQL Injection Consequences
Auth bypass
Information disclosure
Compromised CIA
Remote Code Execution
uricontent:”.pl”
URI’s that end in .pl (Perl)
