Содержание
- 2. FrontPage: 2003 Exploiting, Abusing, and Securing the FrontPage Server Extensions on Windows Server 2003 Mark Burnett
- 3. Background History of the FPSE Different names, same old holes What products include FPSE?
- 4. Risks Are the FPSE as insecure as everyone says? What are the real risks? Increased attack
- 5. Risks What are some greater risks? Confusing security model Running in-process with inetinfo.exe Relaxed NTFS permissions
- 6. The FPSE Files The same files? _vti_bin/shtml.dll _vti_bin/_vti_aut/author.dll _vti_bin/_vti_adm/admin.dll FPSE 2002 _vti_bin/owssvr.dll _vti_bin/_vti_adm/fpadmdll.dll
- 7. FPSE Directories _vti_bin – FPSE Binaries _private - _vti_cnf _vti_pvt _vti_script _vti_txt
- 8. Decoding vti_rpc Sending vti_rpc methods POST to FPSE binaries GET to owssvr.dll Multiple posts using CAML
- 9. Sample Output vermeer RPC packet method=list services:4.0.2.0 services_list= SR|msiis vti_usagevisitsbyweek UX|337 380 423 501 297 vti_usagebymonth
- 10. Cool vti_rpc Tricks Finding unprotected web sites Listing webs Other info gathering method=list+services:4.0.2.0000&service_name=
- 11. vti_rpc Exploits New exploits to be announced
- 12. Other Exploits New exploits to be announced
- 13. Updating the FPSE Finding product updates Confusing and inconsistent Manual fixes
- 14. Manual Fixes Htimage.exe and Imagemap.exe Microsoft’s solution Another Microsoft solution The real solution?
- 15. The Security Model Browse, Author, and Administer NTFS Permissions on web root Common Mistakes
- 16. Installing & Uninstalling Why are the directories there on a clean install? Why won’t they uninstall?
- 17. Moving the FPSE 1. Move the binaries 2. Update the registry 3. Update the metabase
- 18. Securing the FPSE The FPSE can be used safely if you: Secure user accounts Set proper
- 19. Advanced Techniques Mirror sites URLScan Rules Custom ISAPI filter FPSE neutered NTFS restrictions Remove directories Disable
- 20. FPSE Intrusions Spotting attacks Log entries Other trails FPSE vs. WebDAV
- 21. Snort Rules Updated Snort rules Logging FPSE authoring with Snort
- 22. FrontPage Tools Xfp.pl – FrontPage security scanner Fpseinfo.pl – FrontPage info gathering SecureFPSE.cmd – Harden FrontPage
- 23. Xfp.pl
- 24. Fpseinfo.pl Returns FPSE information - Web server platform - Anonymous user account - Site statistics -
- 26. Скачать презентацию