Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: FAX virus

from [cwright] Network Security [Permanent Link]
Subject: Re: RE: FAX virus
Date: 19 Nov 2007 19:44:36 -0000 
Scott,
The question was originally posed as ?Can anyone send a fax that includes a 
file infected with the virus/ worm? (Wed, 07 Mar)
My concern was not with sanitisation as you are trying to suggest. It is with 
the idea that a buffer overflow is the attack vector. That for instance a virus 
/ worm could be embedded. This is a suggestion that I remain in disbelief of. 
What I suggested is an alternative. Rather then sending  a virus/worm, send a 
XSS attack and rely on the users in the organisation to exploit this.
If this is sent in a PDF, it is going to display as the scripted entry. So a 
conversion to an attached PDF is still not going to work as what is displayed 
is what is on the page. It will need to be sent directly to a web enabled email 
or web server.
So it is not that I am suggesting an attack against the document processor, but 
rather extending this by adding user interaction. It is thus the user who 
extends this through reading email with the link or opening a page. In this 
case the site would still also have a simpler attack against the user in any 
instance.
I also believe that you suggested ?If you allow the asterisk and parenthesis 
through, you run the risk of allowing SQL injection passed to your service.? 
The idea you stated other then a buffer overflow was a SQL injection. Neither 
of these are valid. You failed to consider XSS and having user involvement at 
the time. I did not think of this either. If you had suggested this I would 
have conceded that as an attack vector has I now have. 
The suggestion that an embedded buffer overflow or binary attack against the 
fax server is still out of the question.
You for example stated:
?The communication is one-way as Craig so eloquently pointed out.  But what if 
the command is to drop a database?  In that case there was never any intention 
of receiving data back, it's a malicious vandalism of your database.?
Again, this is not a valid path or attack vector Scott. You are attempting to 
add too much complexity. So consider a XSS as a simplification of your idea. By 
over complicating the idea to send SQL commands to an unknown database or worse 
embed a buffer overflow (which I am still wondering how you could even propose 
as I see no way to fax a NOP sled) you take the thesis to a level where it may 
not be supported.
Regards,
Dr Craig Wright

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Oracle SQL Injection vulnerability, Erin Carroll
Next by Date:  RE: Oracle SQL Injection vulnerability, Paul Melson
Previous by Thread:  Re: FAX virus, M.B.Jr.
Next by Thread:  Re: FAX virus, Alcides
Indexes:  [Date] [Thread] [Top] [All Lists]