ndzlogo-1-1
0%
Loading ...

INDIA – HEADQUARTERS

INDIA

UNITED STATES

CANADA

                 The term security or the phrase Server security refers to techniques for ensuring that data stored in a system cannot be read or compromised by any individuals without authorization. The effort to secure a server is a continuous process; where the security threats needs to be analyzed and then protect the server from each new one of them on a daily basis. Securing a server by all means will not assure that the server is not prone to attacks; as new vulnerabilities are evolving day by day of which some are immediately identified while some takes time. That being said, security is the degree of resistance to, or protection from harm.

How to make a linux server secure

A server admin plays the basic role in securing a server. The most common server securing steps include:

  • Implementing and configuring a firewall like CSF or APF
  • Enabling Brute Force protection
  • Securing SSH service
  • tmp hardening
  • FTP Hardening & Apache Hardening
  • PHP Tightening
  • Host.conf and Sysctl.conf hardening
  • Implementing Mod Security
  • Implementing Mod Evasive
  • System Integrity Monitor

Types of Vulnerabilities

  • Sql Injection
  • Cross site scripting (XSS)
  • CSRF Attack
  • Exposure of version information
  • Heart Bleed
  • Shellshock
  • Poodle

Web hack incident database

webhackSQL injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. SQL injection can be prevented if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type, and syntax and also against business rules.To prevent SQL injections we will have to use something called prepared statements which uses bound parameters. Prepared Statements do not combine variables with SQL strings, so it is not possible for an attacker to modify the SQL statement. Prepared Statements combine the variable with the compiled SQL statement, this means that the SQL and the variables are sent separately and the variables are just interpreted as strings, not part of the SQL statement.

sqlCross Site Scripting (XSS)

The hacker will exploits vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim. It allows an attacker to embed malicious Javascript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. So xss an attacker will exploit the trust a user has in a website. The simplest and arguably the easiest form of XSS protection would be to pass all external data through a filter which will remove dangerous keywords, such as the infamous <SCRIPT> tag, JavaScript commands, CSS styles and other dangerous HTML markup.

Cross Site Request Forgery (CSRF)

CSRF attacks include a malicious exploit of a website in which a user will transmit malicious requests that the target website trusts without the user’s consent. In XSS, the hacker takes advantage of the trust that a user has for a certain website. On the other hand, in CSRF the hacker takes advantage of a website’s trust for a certain user’s browser. For example in a chat forum, an attacker posts a message which contains an image tag or an HTML image element. However, the source of the image contains a link which performs an action on a victim’s bank website account. So, instead of an image file the attacker has included a link that performs a bank transaction. Below is an example of the image tag containing a rogue URL.

<imgsrc=”https://bank.example.com/withdraw?account=bob&amount=1000000&for=Fred”>

A prevention measure could be the implementation and inclusion of tokens in a user’s (current) session. Tokens are long cryptographic values that are difficult to guess. These will be generated when a user’s session begins and will be associated with this particular user’s session. This challenge token will be included in each request, which will be used by the server side to verify the legitimacy of the end-user’s request. In order for an attacker to forge an HTTP request, they would have to know the particular challenge value (token) of the victim’s session. The disclosure of the challenge token in the URL (GET requests) should be done wisely and with awareness of the CSRF attack. So in the previous example even if the victim has clicked on the image tag, as long as the attacker didn’t know the token he will not forge the https request.

Keeping track of server security

Apart from all these security implementations, one should do a penetration testing to check the server vulnerabilities. Rather, to check the possibility of getting a server hacked, one should think and proceed like a hacker. Then only the security holes can be identified. Hacking techniques include the very basic tools too

Foot printing

  • ping
  • nslookup
  • traceroute

Scanning

  • Acunetix
  • OpenVAS
  • Vega

Enumeration

  • nbstat
  • ftp enumeration
  • telnet

Access gaining

  • Metasploit
  • Meterpreter

Acunetix : This is a widely used web vulnerability scanner. It is a paid service.
Vega       : This is an open source web vulnerability scanner available in the Kali OS
Openvas  : This is also an another tool in Kali OS, the advantage of this tool is it will check the vulnerability of whole server other than Vega a site.

Hacking process

hackingAcunetix

Acunetix has pioneered web application security scanning and has established an engineering lead in website analysis and vulnerability detection
Its deep scan understands complex web technologies such as SOAP, XML, AJAX and JSON. Acunetix AcuSensor Technology allows accurate scanning with low false positives, by combining black box scanning techniques with feedback from its sensors placed inside the source code. An automatic JavaScript analyzer for security testing of AJAX and Web 2.0 applications. Industry’s most advanced and in-depth SQL injection and Cross-Site Scripting (XSS) testing

AcunetixOpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs)

openvas

We can use either the command prompt or the graphical interface, which is the Greenbone security assistance that can be accessed via the link

https://localhost:9392

The following command can be used to initiate an openvas scan as follows:

service greenbone-security-assistant start
service openvas-scanner start
service openvas-administrator start
service openvas-manager start
openvas-nvt-sync
openvas-adduser
msfconsole
msf > load openvas
msf > openvas_connect username password 127.0.0.1 9390
msf > openvas_target_create “Local Mac” 192.168.70.128 “My Local machine”
msf > openvas_target_list
msf > openvas_config_list
Msf > openvas_task_create “Local Scan” “Scan My Local Machine” <scan_config_id> <target_id>
Msf > openvas_task_list
Msf > openvas_task_start <task_id>
Msf > openvas_report_list
Msf > openvas_format_list
Msf > openvas_report_import <report_id> <report_format_id>

open1Metasploit

Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine. It has the world’s largest database of public, tested exploits. In simple words, Metasploit can be used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems. Exploit is what that delivers the payload. Payload is the code that is executed in the compromised system. Let’s start by firing up Metasploit. You can do this by going through the menu system or simply typing msfconsole from a terminal. Once we have Metasploit open, we can start with psexec by typing:

use exploit/windows/smb/psexec

metasploit

  • Set the Options
  • For our options, we need to tell Metasploit what payload to use first.
    set PAYLOAD windows/meterpreter/bind_tcp
  • Then set our remote host (RHOST).
    set RHOST 192.168.2.129
  • Next, we need to set our SMB user and password. As you know,SMB stands for Server Message Block. It’s an application layer protocol that runs on port 445 that enables computers on a network to share resources such as files, printers, etc. SMB is one of the most common attack vectors in security intrusions.
  • Enter in the SMBuser now.
    set SMBUser administrator
  • Then the SMBpassword.
  • Once we’ve entered all the information correctly for each of the options, we then simply type:

meta1

Note in the screenshot above that we have a meterpreter command prompt. Success! Once we have a meterpreter command prompt on a system, we basically own the box. What we’re able to do is almost unlimited

Windows, and for that matter, most other operating systems, use tokens or “tickets” to determine who can use what resources. We log in once and when we do, the system checks to see what resources we’re authorized to access and then issues a token or ticket that enables us to access that resource without our having to re-authenticate. If we can grab the token or ticket for a particular service or resource, then we can use it with the same privileges as the user who was issued the token. We don’t have to know the token, simply grab it, present it to the service, and we’re in!
In this case, we want to get into the SQL Server service. Let’s first see if SQL Server is running on this system. Meterpreter uses the Linux command ps to list services.

As you can see here SQL Server is running and it has been assigned

meta2

Now that we know that the service is running and its PID, we can attempt to steal its token. Meterpreter has a command called steal_token that, surprisingly enough, attempts to steal the token from a service. Who would have thought! It’s syntax is simple and straightforward, simply the command followed by the service’s PID.

steal_token 1432

As you can see, the meterpreter has come back and indicated that our attempt  was successful

meta3

Now, we should have nearly unlimited access to the SQL Server service and its databases! It should be repeated that psexec is only useful if you already have the sysadmin credentials. When you do, psexec enables you to own the system, while leaving almost no evidence that you were ever there.

To conclude, security can only be guaranteed by maintaining the server health and doing a proper daily research on new vulnerabilities. Finally analysing a server by trying to intrude in to it; just like a hacker !