Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Questions a) Demonstrate a Google search that finds secrets embedded in publical

ID: 3674441 • Letter: Q

Question

Questions

a) Demonstrate a Google search that finds secrets embedded in publically available source code on GitHub. Paste the search URL and a screenshot of some found secrets.

b) Read the paper “‘Security Through Obscurity’ Ain’t What They Think It Is” by Jay Beale at http://web.archive.org/web/20070202151534/http://www.bastille-linux.org/jay/obscurity-revisited.html. Summarize the author’s main points. Do you agree or disagree? Why?

c) Describe the problems and solutions associated with directory traversal vulnerabilities.

Explanation / Answer


Example of a Directory Traversal Attack via Web Application Code

In web applications with dynamic pages, input is usually received from browsers through GET or POST request methods. Here is an example of an HTTP GET request URL

GET http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1
Host: test.webarticles.com

With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When this request is executed on the web server, show.asp retrieves the file oldarchive.htm from the server’s file system, renders it and then sends it back to the browser which displays it to the user. The attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL.

GET http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1
Host: test.webarticles.com

This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user. The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error.
Example of a Directory Traversal Attack via Web Server

Apart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks. The problem can either be incorporated into the web server software or inside some sample script files left available on the server.

The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and Apache which might be open to directory traversal attacks. Even tough you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well known to hackers.

For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be

GET http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c: HTTP/1.1
Host: server.com

The request would return to the user a list of all files in the C: directory by executing the cmd.exe command shell file and run the command dir c: in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character .

Newer versions of modern web server software check for these escape codes and do not let them through. Some older versions however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.
How to Check for Directory Traversal Vulnerabilities

The best way to check whether your web site and web applications are vulnerable to directory traversal attacks is by using a Web Vulnerability Scanner. A Web Vulnerability Scanner crawls your entire website and automatically checks for directory traversal vulnerabilities. It will report the vulnerability and how to easily fix it. Besides directory traversal vulnerabilities a web application scanner will also check for SQL injection, Cross-site Scripting and other web vulnerabilities.

Acunetix Web Vulnerability Scanner scans for SQL Injection, Cross Site Scripting, Google Hacking and many more vulnerabilities.
Preventing Directory Traversal Attacks

First of all, ensure you have installed the latest version of your web server software, and sure that all patches have been applied.

Secondly, effectively filter any user input. Ideally remove everything but the known good data and filter meta characters from the user input. This will ensure that only what should be entered in the field will be submitted to the server.
Check if your Website is Vulnerable to Attack with Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL Injection, Cross Site Scripting, Directory Traversal and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.
===================================================================================

Obscurity: What Do We Really Mean?

First, what does the security professional mean by bad "security through obscurity?" We really mean "security implemented solely through obscurity." This describes the state where your entire method of security resides in hoping that the attacker doesn't know something about the setup of your network, computer or program. One simple case is where you put your company's secrets on an internal webserver, with no password-protection on the pages. Instead of relying on passwords or another acceptable method of access control, you're relying on something different. You're assuming that no one will know about that webserver except for the internal company employees who you've told.

Security Through Obscurity Isn't Bad?

Obscurity isn't always bad. We're usually just talking about how strong the obscurity is and how easily it can be defeated. The original idea "security implemented solely through obscurity is bad" came from criticism of certain cryptosystems.

Obscurity: Avoid/Block Some Number of Attacks
Obscurity: Force An Attacker to Be Less Stealthy
Obscurity: Potentially Slows Down the Attacker

Well, here we see how obscurity can really help slow an attacker down. We've seen how additional obscurity can repel many of the inexperienced attackers, especially those with low-grade tools. Further, we've examined how a little obscurity can really force an attacker to be a lot less sneaky.

Related Questions

Questions Central University of Illinois has a newly appointed president, Cather
Question #340748
Questions Could this experiment have been done in a different order? For example
Question #577540
Questions Could this experiment have been done in a different order? For example
Question #1081238
Questions Electrocardiogranm 1. WhatcausesthePwaveoftheECG? 2. What causes the Q
Question #3514295
Questions Example | Record the Debits and Credits in table to right. Use tables
Question #2548789
Questions Example | Record the Debits and Credits in table to right. Use tables
Question #2548852
Questions Exercise 06.07 Algorithmic « Question 2 of 6 > Check My Work O {Exerci
Question #3312341
Questions Exercise 7-14 Question 3 ofS Check My Work 2. 3. eBook Exercise 7-14 P
Question #2818940

Navigate

Previous
Questions a & b refer to the following information: The small town of East MacNe
Next
Questions a) Explain, in your own words, the vulnerabilities that lead to succes

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.