From 76626a468c06ba0bd6fa237f261c4ea944534bfc Mon Sep 17 00:00:00 2001 From: JMARyA Date: Thu, 2 May 2024 21:59:25 +0200 Subject: [PATCH] add vulns --- technology/hacking/Buffer Overflow.md | 32 ++++++++++++++++++++ technology/hacking/CSRF.md | 27 +++++++++++++++++ technology/hacking/Code Injection.md | 34 +++++++++++++++++++++ technology/hacking/File Inclusion.md | 43 +++++++++++++++++++++++++++ technology/hacking/XSS.md | 30 +++++++++++++++++++ 5 files changed, 166 insertions(+) create mode 100644 technology/hacking/Buffer Overflow.md create mode 100644 technology/hacking/CSRF.md create mode 100644 technology/hacking/Code Injection.md create mode 100644 technology/hacking/File Inclusion.md create mode 100644 technology/hacking/XSS.md diff --git a/technology/hacking/Buffer Overflow.md b/technology/hacking/Buffer Overflow.md new file mode 100644 index 0000000..eec83e5 --- /dev/null +++ b/technology/hacking/Buffer Overflow.md @@ -0,0 +1,32 @@ +--- +obj: concept +wiki: https://en.wikipedia.org/wiki/Buffer_overflow +rev: 2024-05-02 +--- + +# Buffer Overflows +Buffer overflow is a type of vulnerability that occurs when a program writes more data to a buffer (a fixed-size memory storage area) than it was allocated, leading to corruption of adjacent memory locations. This can result in unpredictable behavior, crashes, or even exploitation by attackers to execute arbitrary code. + +## How Buffer Overflows Work +1. **Buffer Allocation**: In programming languages like C and C++, developers often allocate fixed-size buffers to store data. +2. **Data Input**: When data is input into the buffer, if it exceeds the allocated size, it overflows into adjacent memory locations. +3. **Memory Corruption**: The overflowed data can overwrite other variables, control structures, or even function pointers in memory. +4. **Exploitation**: Attackers can craft input data to overflow the buffer strategically, overwrite critical memory locations, and gain control over the program's execution flow. + +## Types of Buffer Overflows +1. **Stack-Based Buffer Overflow**: Occurs when the overflow corrupts the stack memory, including return addresses, function pointers, and local variables. +2. **Heap-Based Buffer Overflow**: Occurs when the overflow corrupts dynamically allocated memory on the heap, typically through misuse of functions like `malloc` and `free`. +3. **Format String Vulnerability**: A subtype of buffer overflow where the attacker controls the format string argument in functions like `printf`, leading to memory corruption and potential code execution. + +## Impact of Buffer Overflows +- **Crashes**: Buffer overflows often cause crashes or segmentation faults, leading to denial of service. +- **Arbitrary Code Execution**: Attackers can exploit buffer overflows to execute arbitrary code with the privileges of the vulnerable program. +- **Privilege Escalation**: Buffer overflows can be used to escalate privileges and gain unauthorized access to system resources. + +## Prevention and Mitigation +1. **Input Validation**: Validate and sanitize input data to ensure it doesn't exceed the buffer size. +2. **Bounds Checking**: Use programming languages or libraries that perform bounds checking automatically. +3. **Compiler Protections**: Utilize compiler features like stack canaries, which detect stack-based buffer overflows at runtime. +4. **Address Space Layout Randomization (ASLR)**: Randomize memory addresses to make it harder for attackers to predict memory locations for exploitation. +5. **Executable Space Protection**: Mark memory regions as non-executable to prevent the execution of injected shellcode. +6. **Code Auditing**: Regularly audit code for vulnerabilities and employ static and dynamic analysis tools to detect buffer overflow issues. diff --git a/technology/hacking/CSRF.md b/technology/hacking/CSRF.md new file mode 100644 index 0000000..01bbc80 --- /dev/null +++ b/technology/hacking/CSRF.md @@ -0,0 +1,27 @@ +--- +obj: concept +wiki: https://en.wikipedia.org/wiki/Cross-site_request_forgery +rev: 2024-05-02 +--- + +# Cross-Site Request Forgery (CSRF) +Cross-Site Request Forgery (CSRF) is a type of security vulnerability that allows an attacker to execute unauthorized actions on behalf of a victim user. CSRF attacks occur when an attacker tricks a victim into making a request to a web application that the victim is authenticated with, without the victim's knowledge or consent. + +## How CSRF Works +1. **Authentication**: The victim user is authenticated with a web application and has an active session. +2. **Malicious Request**: The attacker crafts a malicious request, such as changing the victim's email address or making a fund transfer, and embeds it in a web page or email. +3. **Trickery**: The attacker lures the victim into visiting a web page or clicking a link that triggers the malicious request. Since the victim is authenticated with the web application, the request is automatically executed in the victim's context. +4. **Unauthorized Action**: The web application processes the malicious request, unaware that it was initiated by the attacker, and performs the action on behalf of the victim. + +## Impact of CSRF +- **Unauthorized Actions**: CSRF attacks can lead to unauthorized actions being performed by authenticated users, such as changing account settings, making financial transactions, or deleting data. +- **Data Tampering**: Attackers can manipulate data within the application, such as modifying user profiles, posting unauthorized content, or altering preferences. +- **Session Compromise**: CSRF attacks may lead to session compromise if sensitive actions, such as changing passwords or session tokens, are performed without the victim's consent. + +## Prevention and Mitigation +1. **CSRF Tokens**: Implement CSRF tokens in web forms and AJAX requests to validate that the request originates from the legitimate user session. Include the token in each request and validate it on the server-side before processing the action. +2. **Same-Site Cookies**: Set the SameSite attribute on cookies to restrict them from being sent in cross-origin requests, mitigating the risk of CSRF attacks. +3. **Anti-CSRF Headers**: Use anti-CSRF headers such as X-Requested-With or Origin to validate the origin of requests and prevent cross-origin requests from being processed. +4. **Double Submit Cookies**: In addition to CSRF tokens, use double submit cookies where a random value is stored in both a cookie and a request parameter, and the server verifies that they match. +5. **HTTP Referer Header**: Validate the [HTTP](../internet/HTTP.md) Referer header on the server-side to ensure that requests originate from trusted sources. +6. **User Interaction**: Require user interaction, such as confirming sensitive actions or entering passwords, before executing critical actions to prevent automated CSRF attacks. diff --git a/technology/hacking/Code Injection.md b/technology/hacking/Code Injection.md new file mode 100644 index 0000000..675c94c --- /dev/null +++ b/technology/hacking/Code Injection.md @@ -0,0 +1,34 @@ +--- +obj: concept +wiki: https://en.wikipedia.org/wiki/Code_injection +rev: 2024-05-02 +--- + +# Code Injection +Code injection is a type of attack where malicious code is injected into a program or system, often exploiting vulnerabilities to execute arbitrary commands or alter the behavior of the target application. Code injection attacks can have severe consequences, including data breaches, system compromise, and unauthorized access. + +## Types of Code Injection +1. **[SQL](../dev/programming/languages/SQL.md) Injection (SQLi)**: Involves inserting malicious [SQL](../dev/programming/languages/SQL.md) queries into input fields of web applications, exploiting vulnerabilities in database interaction to retrieve, modify, or delete data. +2. **Cross-Site Scripting ([XSS](XSS.md))**: Occurs when attackers inject malicious scripts, typically JavaScript, into web pages viewed by other users. [XSS](XSS.md) attacks can steal cookies, session tokens, or redirect users to malicious websites. +3. **Command Injection**: Involves injecting malicious commands into system commands or [shell](../applications/cli/Shell.md) scripts, exploiting vulnerabilities in input validation to execute arbitrary commands on the host system. +4. **LDAP Injection**: Similar to [SQL](../dev/programming/languages/SQL.md) injection, LDAP injection involves manipulating LDAP (Lightweight Directory Access Protocol) queries to bypass authentication, retrieve sensitive information, or gain unauthorized access. +5. **Code Injection in Compiled Languages**: Involves injecting malicious code into compiled programs, exploiting vulnerabilities such as buffer overflows, format string vulnerabilities, or insecure dynamic loading of libraries. + +## How Code Injection Works +1. **Input Validation**: Attackers identify input fields or parameters vulnerable to injection attacks, such as web forms, [URL](../internet/URL.md) parameters, or command-line arguments. +2. **Injection**: Malicious code or commands are injected into the vulnerable input fields, bypassing input validation mechanisms. +3. **Execution**: The injected code is executed by the target application or system within the context of its execution environment, leading to unauthorized actions or data compromise. + +## Impact of Code Injection +- **Data Breach**: Attackers can access, modify, or delete sensitive data stored in databases or accessed by the target application. +- **Unauthorized Access**: Code injection can lead to unauthorized access to systems, applications, or user accounts. +- **System Compromise**: Injected code may compromise the integrity and availability of the target system, leading to system takeover or disruption of services. +- **Elevation of Privileges**: Successful code injection may allow attackers to escalate privileges and gain administrative access to systems. + +## Prevention and Mitigation +1. **Input Validation and Sanitization**: Validate and sanitize user input to prevent injection attacks, including parameterized queries for [SQL](../dev/programming/languages/SQL.md) injection and proper encoding for [XSS](XSS.md) prevention. +2. **Parameterized Queries**: Use parameterized queries or prepared statements in database interactions to prevent [SQL](../dev/programming/languages/SQL.md) injection vulnerabilities. +3. **Least Privilege**: Restrict the privileges of the application or user accounts to minimize the impact of successful injection attacks. +4. **Input Filtering**: Filter and restrict input to allow only expected characters and patterns, rejecting or escaping any potentially malicious input. +5. **Content Security Policy (CSP)**: Implement CSP headers to mitigate [XSS](XSS.md) attacks by controlling the sources from which content can be loaded. +6. **Static and Dynamic Analysis**: Employ static code analysis tools and dynamic application security testing (DAST) tools to identify and remediate injection vulnerabilities. diff --git a/technology/hacking/File Inclusion.md b/technology/hacking/File Inclusion.md new file mode 100644 index 0000000..e8e725b --- /dev/null +++ b/technology/hacking/File Inclusion.md @@ -0,0 +1,43 @@ +--- +obj: concept +wiki: https://en.wikipedia.org/wiki/File_inclusion_vulnerability +rev: 2024-05-02 +--- + +# File Inclusion Vulnerabilities +File Inclusion Vulnerabilities are a type of security exploit that occurs when an application allows an attacker to include a file, usually a malicious one, on a server through a script. This vulnerability is commonly found in web applications and can have serious consequences if exploited. + +## Types of File Inclusion Vulnerabilities +There are two main types of file inclusion vulnerabilities: + +1. **Remote File Inclusion (RFI)**: In RFI, an attacker can include remote files hosted on a different server. This allows the attacker to execute malicious code or retrieve sensitive information from the server. +2. **Local File Inclusion (LFI)**: In LFI, an attacker can include files that are already present on the server. These files could be system files, configuration files, or any other file accessible to the web server process. + +## Exploitation +File inclusion vulnerabilities are typically exploited by manipulating input parameters in a web application that are used to specify the file to be included. Attackers can modify these parameters to include arbitrary files, leading to unauthorized access or execution of malicious code. + +### Example of Exploitation +Consider a PHP web application that includes files based on a `page` parameter in the [URL](../internet/URL.md): + +```php + +``` + +An attacker can exploit this vulnerability by providing a malicious `page` parameter: + +``` +http://example.com/index.php?page=malicious_script +``` + +If the application does not properly sanitize input, the attacker's script (`malicious_script.php`) will be included and executed by the server. + +## Mitigation +To prevent file inclusion vulnerabilities, developers should follow best practices for secure coding: +1. **Input Validation**: Validate and sanitize all user-supplied input to ensure that it conforms to expected formats and does not contain malicious content. +2. **Whitelisting**: Maintain a whitelist of allowed files or directories that can be included. Only include files that are explicitly allowed, and reject all others. +3. **Use Absolute Paths**: Instead of including files based on user-supplied input, use absolute paths or predefined constants to specify file locations. +4. **Limit File Permissions**: Restrict the permissions of files and directories to minimize the impact of a successful exploitation. +5. **Security Headers**: Implement security headers, such as Content Security Policy (CSP), to prevent inclusion of external resources. diff --git a/technology/hacking/XSS.md b/technology/hacking/XSS.md new file mode 100644 index 0000000..fbaaec7 --- /dev/null +++ b/technology/hacking/XSS.md @@ -0,0 +1,30 @@ +--- +obj: concept +wiki: https://en.wikipedia.org/wiki/Cross-site_scripting +rev: 2024-05-02 +--- + +# Cross-Site Scripting (XSS) +Cross-Site Scripting (XSS) is a type of security vulnerability commonly found in web applications. It occurs when an attacker injects malicious scripts into web pages viewed by other users. These scripts can execute arbitrary code in the context of the victim's browser, leading to various attacks such as session hijacking, data theft, and website defacement. + +## Types of XSS +1. **Stored XSS (Persistent XSS)**: The injected malicious script is permanently stored on the server, typically in a database or file. When other users access the affected page, the script is executed in their browsers. +2. **Reflected XSS (Non-Persistent XSS)**: The injected script is reflected off a web server, such as in a [URL](../internet/URL.md) parameter or form input, and executed in the victim's browser. The payload is not stored permanently on the server. +3. **DOM-based XSS**: The payload is executed within the Document Object Model (DOM) of the victim's browser. This type of XSS occurs entirely on the client-side and does not involve server-side vulnerabilities. + +## How XSS Works +1. **Injection**: The attacker injects malicious scripts, typically JavaScript, into vulnerable input fields or parameters of a web application. +2. **Execution**: When other users access the affected page and trigger the injected payload, the malicious script executes within their browsers, allowing the attacker to steal sensitive information or perform unauthorized actions. + +## Impact of XSS +- **Session Hijacking**: Attackers can steal session cookies or tokens, allowing them to impersonate users and perform actions on their behalf. +- **Data Theft**: XSS can be used to steal sensitive information entered by users, such as passwords, credit card numbers, or personal data. +- **Website Defacement**: Attackers can modify the appearance of web pages by injecting malicious scripts, leading to brand damage and loss of trust. +- **Phishing**: XSS can be used to create convincing phishing pages that trick users into revealing sensitive information. + +## Prevention and Mitigation +1. **Input Validation and Output Encoding**: Validate and sanitize user input to prevent injection of malicious scripts. Encode output data to ensure that user-controlled content is treated as data, not executable code. +2. **Content Security Policy (CSP)**: Implement CSP headers to specify trusted sources from which content can be loaded, mitigating the impact of XSS attacks by restricting the execution of inline scripts and other potentially harmful content. +3. **Sanitization Libraries**: Use specialized libraries and frameworks that provide built-in protection against XSS vulnerabilities by automatically escaping user input and output. +4. **HTTPOnly and Secure Flags**: Set the HTTPOnly and Secure flags on session cookies to prevent them from being accessed by client-side scripts and transmitted over unsecured connections. +5. **Regular Security Audits**: Conduct regular security audits and penetration testing to identify and remediate XSS vulnerabilities in web applications.