Network Security Information

[Roots]

Hi, I'm working with my professor this Fall semester on an intrusion security tolerance project that I need some help on. First of all, I've done nothing related to network security before, but I am pretty fluent in C (took Data structures course last semester). Here is a description of what I need to accomplsh:

- Research the various vulnerabilities that can occur on our infrastructure (Linux 8.0, Apache 1.3.23, MySQL DB svr, CGI scripts in Perl or PHP)
(I've already finsihed this first part)

- Gain an understanding of the vulnerabilities and learn how to exploit them by writing C programs

- Test the code on the server


What I am looking for are some good texts or websites that will give me a crash course in security, and teach me how I can write attack programs in C. Can anyone help me out? I really need to get cracking. Thanks!

 

[Roots]

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ BUMP ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^

Anyone, please??? I went to B&N today and I skimmed through a book called "Hacking Exposed!
Web Applications" that seemed relevant to my topic, but I still don't know if its going to
effectively teach me how to hack with MAD SKILLS. I'm going to keep bumping until I get at least
a couple replies

 

[Nothinman]

You won't be able to get mad skills in hacking things until you understand intimately how those things work. Like using a buffer overflow to exploit a remote daemon or OS requires knowledge about how the OS lays out VM for a process, what parts of the process are where in memory relative to where the buffer you're overflowing, what parts of that memory are executable, etc and not all OSes handle things the same. Other things like tricking a web page into executing shell commands for you can be easier but you still have to know a good bit about the web server and software it's running.

But first you need to find out what you're attacking, there is no such thing as "Linux 8.0". PHP isn't usually done in CGI fashion, although it can be and the same with perl, it can be either CGI or mod_perl. CGI is generally really slow for a high traffic site (doing a fork() for each CGI request takes a lot of time) and isn't used often.

 

[yoda291]

First off, if you don't know how the system works, trying to figure out how to compromise it is hopeless. You need a grounding in the basics of at least TCP/IP, Sockets, memory paging and have more than a casual familiarity with the system your trying to crack open. Exploiting a vulnerability in the source code is different than exploiting a security issue in a web application as well. To break open a web application, you need to understand what language it is written in and be aware of its foibles. I am reluctant to give you more information because I have no way of knowing that you are legitimately pursuing academic goals. I doubt you could blame me since your post in a nutshell goes:

"I know a system that runs x,y,z software, can someone point me somewhere that lets me write an attack program against it."

This is also in lieu of the fact that very few schools and universities will allow anyone who isn't themself a member of faculty or staff...and even then...you'd probably need tenure. Also, I don't know any IT dept, regardless of how incompetent they are that gives an OK to anyone to start poking around looking for holes and then running code to exploit them.

 

[Roots]

Ok.....well I am NOT lying this is a real project. It is regarding Intrusion Security Tolerance and I go to Purdue University. What we are trying to do is design software that will detect each class of attack when it occurs on the system. Then it diagnoses and contains the problem within a boundary. It collects statistics on what % of functionality is still available, and what % can be restored after an attack has occured.

I have a 3 page paper written by my professor that discusses what I am supposed to do and what the goal of this project is. It says Redhat Linux 8.0 on here, and it also says "CGI scripts written in Perl or PHP". The only vulnerabilties I'm supposed to exploit are:

1 - Buffer overflow
2 - Denial of Service
3 - Flooding
4 - Script Vulnerablity attacks

And I'm supposed to research all those types of attacks (through NIST, bugtraq, etc) that can occur on Apach, MySQL, Perl, PHP, and HTTP 1.1 web browser. So once I code these attacks, we activate our software protection on the server we have setup for this project and we collect data on how well it performs, and make necessary changes. This is what I was told. I only met this professor once and we talked for about one hour at the very end of last semester on this project. If you still don't believe me well I guess that's your choice.

And also, I'm not trying to learn where I can find out how to write an attack on "x,y,z software" like you put it. I said I'm looking for sources so I can have a crash course and begin to understand how I would go about attacking a system. I already KNOW what I'm attacking, this isn't a project for me to learn how to hack any system. I don't know what else to say; If you still don't believe me then fine, but don't just lambaste me for not knowing diddly-squat because I DON'T.

 

[yoda291]

per your examples...
1 - read a document called smashing the stack for fun and profit by aleph-one. It's kind of technical, but it's kind of THE reference for stack smashing and overflows.
2 - GRC.com has an account of their site being hit with both a DDOS and DRDOS which is well written.
3 - This is usually paired up with (2), but you can look up the basics by searching for information on ARP requests and maybe get a primer on the basics of tcp/ip. Also lookup broadcast storm and why they're bad.
4 - Nowadays, the big things script authors have to look out for is poisoned URLs, poisoned file uploads, SQL injection, Session spoofing, session hijacking etc. phpBB recently had an SQL vulnerability that you might want to look into.

The best source for info would be your local web DESIGN firm. Not designer. Design firms interact with hundreds of different clients, speak with thousands of engineers and have to have at least one person on staff who knows wtf they're doing security wise. Also speak with your school's security administrator and get the name of where you get your bandwidth from. Then talk to a tech on THAT end.