nil.enroll(aetheric_username, quantum_class_id) (adric) wrote,
nil.enroll(aetheric_username, quantum_class_id)

  • Location:
  • Music:

Web Sec quiz (in progres)

Some discussion with coworker yesterday provoked this tonight while I was riding a crowded train into work. I welcome your input. I expect that anyone on our team at work would be able to 'pass' this quiz and that a few would do better than I. The Linux section is almost complete and the Windows section is stubbed. It's wiki of course and I've tried to make the HTML work... Cut for length and horror factor.
Does this look infected?
Are these anything to be worried about?

  • PHP file contains <?system(getenv("HTTP_ACCEPT_IP"));?>

  • root running find . -type f -name .htaccess -exec grep AddHandler

  • www-data running sh -i

  • www-data running httpd -DSSL

  • Apache log entry:

    75.x.y.z - - [30/Aug/2008:22:38:23 -0400] "POST /gallery/2008/aug/28aug.jpg HTTP/1.1" 200 7083 "" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)

  • Apache log entry:

    125.x.y.z - - [30/Aug/2008:22:45:28 -0400] "POST /wsearch.php HTTP/1.1" 302 5138 "" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )"

Bad Perl
Name some of the many security mistakes in this pseudo Perl:

use CGI;
use DBI;

print header;
start_html('Update Password');

## get http get arguments
if (param()) {

## include mysql auth credentials from $mysql_keys
include $mysql_config;

# make connection to database
$dbh = DBI->connect($connectionInfo,$userid,$passwd);

# prepare and execute query
$query = "UPDATE * SET pass=password('$param(pass)') WHERE user='$param(user)' ";
$dbcon = $dbh->prepare($query);

p('Updated database for user $param(user)');

Short Answer
Octal mode quiz. What do these mean:

* 022
* 600
* 750
* Group Sticky?

How do you display the ACEs for a file (assume XAs)?

Suggest a rule to mitigate this attack signature: A vulnerability is announced in apache for URLs that have 45 capital Bs in a row.

What's PHP's Safe Mode and how well does it work?

You suspect a server might have a rootkit. What do you do?

Where does a RedHat-ish machine keep it's firewall rules?

Name a few system calls that any one looking for malicious code would check.

Which type of http request do we check logs for first and why?

Name two applications that use libpcap and define their uses.

Diff atime, mtime, and ctime.

What does SELinux do? How does this apply to web application security?

Diff sudo and wheel.

How do you change the linux firewall policy on ingress to deny?

Longer answers
How can chroot be used for application security? What about suexec/suphp?

Explain a current or historical XSS vulnerability. Suggest some mitigation.

Suggest some problems with the default handling of sessions in PHP5 or Rails 2.

Explain briefly how to do live forensics of a suspected web bug with the basic tools pre-installed on common Linux systems. Assume they deleted their file as is commonly the case. Rather than telling the narrative explain the tools and their uses in live forensics for the web.

These questions cover knowledge of current events and useful background knowledge.

What did DanK find out was wrong with DNS? Which servers were not vulnerable to this weakness?

Explain the ruby maintainer bugs recently revealed.

Name one or more security improvements in MS Windows 2008/Vista that OpenBSD already had.

Your boss makes a joke about Debian random in a meeting. Explain what this means? How did this more recently affect their competitor RedHat?

Explain how to avoid Little Bobby Tables (xkcd) FIXME.

Which Microsoft product can push out patches for non-Microsoft software to networked computers?

What user needs to be disabled for web sites to load on a fresh install of IIS?

Which users can by default use RDP?

What's the classic default login for MS SQL Server?
Tags: !security, work

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded