Malicious URLs - PowerPoint PPT Presentation

1 / 6

About This Presentation

Title:

Malicious URLs

Description:

Command = netscape www.nba.com';rm -f -- Back Ticks ... Netscape opened with URL: www.nba.com deleted on Netscape Exit. Single Quotes ... – PowerPoint PPT presentation

Number of Views:119

Avg rating:3.0/5.0

Slides: 7

Provided by: Winst2

Category:

Tags: malicious | nba | urls

Transcript and Presenter's Notes

Title: Malicious URLs

1
Malicious URLs

Files Removal
-- Single Quotes
Command netscape www.nba.comrm -f
-- Back Ticks
Command netscape www.nba.comrm -f
-- No Quotes or Ticks
Command netscape www.nba.comrm -f
Note Filename

2
Results

Single Quote
Netscape opened with URL www.nba.com
deleted on Netscape Exit
Back Ticks
Shell executed rm f BEFORE Netscape
Netscape opened with URL www.nba.com
No Quotes or Ticks
Netscape opened with URL www.nba.com
deleted on Netscape Exit

3
Single Quotes

system(netscape www.nba.comrm f )
System calls
execv(/bin/sh,
sh,-c,netscape www.nba.comrm f
,0)
/bin/sh calls
execvp(netscape, netscape","www.nba.com",0)
execvp(rm, rm",f,,0)
Executing
netscape www.nba.com
rm f
Therefore
Runs netscape www.nba.com
On Netscape Exit, Runs rm -f
Note It is identical for
Example

4
Back Ticks

Back Ticks are interpreted by the Shell as
Output of the Command in the Back Tick
or simply, Command Substitution
Commonly used to assign Output of Command to Var
bin/sh todaydate
bin/sh echo today
bin/sh Wed Apr 20 140933 GMT-8 2005
Thus, Command in Back Ticks
Executed and Evaluated above all

5
Back Ticks

system(netscape www.nba.comrm rf )
System calls
execv(/bin/sh,
sh,-c,rm f ,0)
execv(/bin/sh,
sh,-c,netscape www.nba.com,0)
/bin/sh calls
execvp(rm,rm",f",,0)
execvp(netscape,netscape","www.nba.com",0)
Executing
rm f
netscape www.nba.com
Therefore
Runs rm -f
Runs netscape www.nba.com

6
Conclusion

system() invokes /bin/sh Subshell
Vulnerable to Attacks
With UNCHECKED Shell MetaCharaters
Prudent to check ALL User Inputs

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

World's Best PowerPoint Templates PowerPoint PPT Presentation

World's Best PowerPoint Templates - CrystalGraphics offers more PowerPoint templates than anyone else in the world, with over 4 million to choose from. Winner of the Standing Ovation Award for “Best PowerPoint Templates” from Presentations Magazine. They'll give your presentations a professional, memorable appearance - the kind of sophisticated look that today's audiences expect. Boasting an impressive range of designs, they will support your presentations with inspiring background photos or videos that support your themes, set the right mood, enhance your credibility and inspire your audiences.

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

Malicious Threats PowerPoint PPT Presentation

Malicious Threats - Threats to Information Security Part 2 Sanjay Goel University at Albany, SUNY | PowerPoint PPT presentation | free to view

Malicious Code PowerPoint PPT Presentation

Malicious Code - Title: PowerPoint Presentation Author: GnomeQ Last modified by: GnomeQ Created Date: 3/3/2003 6:07:31 PM Document presentation format: On-screen Show | PowerPoint PPT presentation | free to view

Malicious Threats PowerPoint PPT Presentation

Malicious Threats - Period sign at the end of the message. Email Spoofing. Telnet to Port 25. 27 ... Real address for John Doe: johndoe@hotmail.com. Fake address set for John Doe: ... | PowerPoint PPT presentation | free to view

How Morse Code is being used to hide nefarious URLs? PowerPoint PPT Presentation

How Morse Code is being used to hide nefarious URLs? - An innovative obfuscation technique of utilizing Morse code to mask malicious URLs in an email attachment is used in a new targeted phishing attempt. | PowerPoint PPT presentation | free to view

Phishing and Malicious JavaScript PowerPoint PPT Presentation

Phishing and Malicious JavaScript - Timing attacks on login pages. Communicating back to the server ... 100,000 victims of MySpace Attack. Spear-Phishing. Targeted email to customers ... login ... | PowerPoint PPT presentation | free to view

Identifying Suspicious URLs: An Application of Large-Scale Online Learning PowerPoint PPT Presentation

Identifying Suspicious URLs: An Application of Large-Scale Online Learning - http://fblight.com. http://mail.ru. 3. Problem in a Nutshell ... facebook.com. fblight.com. 4. Today's Talk. Problem. Approach. Learning to detect malicious URLs ... | PowerPoint PPT presentation | free to view

How Comodo’s cWatch Helps to Clean a Malicious Websites PowerPoint PPT Presentation

How Comodo’s cWatch Helps to Clean a Malicious Websites - cWatch analyze the given website URL and checks for suspicious scripts, malicious files and other web security threats hidden into your web sites. cWatch is a product of Comodo that provides the best malware removal service to all websites and removal malware instantly. To know more about this free website malware removal service visit https://cwatch.comodo.com/?af=9557 | PowerPoint PPT presentation | free to view

Malicious Code PowerPoint PPT Presentation

Malicious Code - ILoveYou: The Love Letter Virus ... Body: kindly check the attached LOVELETTER coming from me' Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs ... | PowerPoint PPT presentation | free to view

Intelligent Detection of Malicious Script Code PowerPoint PPT Presentation

Intelligent Detection of Malicious Script Code - ... and develop an effective structure for storing data and link it to webcrawler ... Webcrawler will be used to grab additional URLs, and Norton Antivirus will be ... | PowerPoint PPT presentation | free to view

Malicious Software PowerPoint PPT Presentation

Malicious Software - A computer virus passes from computer to computer like a biological virus passes ... or P2P sharing networks like Kazaa, Limewire, Ares, or Gnutella because they ... | PowerPoint PPT presentation | free to view

Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs PowerPoint PPT Presentation

Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs - WHOIS (domain name) registration date ... (3) WHOIS Features. Domain name registration. Date of registration, update, expiration ... | PowerPoint PPT presentation | free to view

Viruses, Worms and other Malicious Code PowerPoint PPT Presentation

Viruses, Worms and other Malicious Code - Now they spread primarily over the Internet (a 'Worm' ... The customer chooses what he wants and his browser completes a form like this: ... | PowerPoint PPT presentation | free to view

Group Session: Malvertising: How To Detect and Deal With Malicious Ads PowerPoint PPT Presentation

Group Session: Malvertising: How To Detect and Deal With Malicious Ads - Malware Ads, or 'Malvertisements', when displayed attempt to ... publicity and complaints with federal agencies, law enforcement and online advocacy groups ... | PowerPoint PPT presentation | free to view

Phishing Email Attacks: Examples and Solutions PowerPoint PPT Presentation

Phishing Email Attacks: Examples and Solutions - Phishing is a type of cybersecurity attack in which malicious actors send messages posing as trustworthy people or institutions. Phishing messages deceive users into doing things like installing a malicious file, clicking on a risky link, or exposing critical information like access credentials. | PowerPoint PPT presentation | free to view

Phishing Attack Red Flags: Discover the Common Indicators PowerPoint PPT Presentation

Phishing Attack Red Flags: Discover the Common Indicators - Protect yourself from phishing attacks! In this PPT, you will uncover common indicators of phishing attacks and learn how to protect yourself and your confidential information. Learn the secrets behind detecting these malicious attempts at stealing data and arm yourself with the knowledge needed to stay safe online. Watch now! Click to know more: https://jettbt.com/news/uncovering-common-indicators-of-phishing-attacks/ | PowerPoint PPT presentation | free to view

Download Webroot Secureanywhere PC User Guide PowerPoint PPT Presentation

Download Webroot Secureanywhere PC User Guide - Webroot Secureanywhere is an advanced antivirus software which Provides you protection from online threats. It identifies phishing sites, malicious software. To Install and Download Webroot Secureanywhere PC Follow the User Guide. | PowerPoint PPT presentation | free to view

Cross%20Site%20Scripting PowerPoint PPT Presentation

Cross%20Site%20Scripting - ... was achieved by running malicious Javascript code at the victim (client) browser, ... it continues to function normally, malicious code is not executed ... | PowerPoint PPT presentation | free to view

Security in Application PowerPoint PPT Presentation

Security in Application - The result is that a either corrupted or malicious code is executed. ... using Injection flaws to relay malicious code through a web application to another System. ... | PowerPoint PPT presentation | free to view

Web Crawler: How Spiders Help Website Work Better PowerPoint PPT Presentation

Web Crawler: How Spiders Help Website Work Better - Web Crawlers also known as spiders in SEO lingo, help bots understand what a website is about. The crawlers find hyperlinks to various URLs as they crawl those web pages, and they include those URLs in their list of pages to crawl next. It is important that the bots correctly understand what your website is about and its content. Here is to know more about What is a web crawler and how spiders help your website work better. | PowerPoint PPT presentation | free to view

Spyware%20and%20Trojan%20Horses PowerPoint PPT Presentation

Spyware%20and%20Trojan%20Horses - JPEG Bug Attacker can insert malicious code into a JPEG file ... Malicious Code. Viruses Malicious code attached to programs, propagated on execution ... | PowerPoint PPT presentation | free to view

How to Activate McAfee Antivirus | Mcafee.com/activate PowerPoint PPT Presentation

How to Activate McAfee Antivirus | Mcafee.com/activate - When it comes to personal computing, there is a reasonable chance that your Personal Computer (PC) will, at one point in time, be a victim of a virus or a malicious file. These viruses and malicious files could come from online activity – the web, or from sharing of storage devices like SD cards, flash drives, as well as mass storage devices. visit on http://gomcafee.com/ https://sortmcafee.com/ | PowerPoint PPT presentation | free to view

Mobile Application Security Testing services PowerPoint PPT Presentation

Mobile Application Security Testing services - Mobile Application Security Testing Services by Prova Solutions help discover malicious threats or potentially risky actions in your mobile applications | PowerPoint PPT presentation | free to view

Data Warehouse and the Web PowerPoint PPT Presentation

Data Warehouse and the Web - ... only to people who are members ... Uniform Resource Locators (URLs) ... Each server vendor is free to implement SSI on an ad-hoc basis, if at all. ... | PowerPoint PPT presentation | free to view

How to Download Kaspersky Internet Security PowerPoint PPT Presentation

How to Download Kaspersky Internet Security - Kaspersky Internet Security is an advanced security solution for your PC.A new design protection from ransomware, malware, spyware and other malicious elements and safe your money improvements are among its best new features of Kaspersky Internet Security . | PowerPoint PPT presentation | free to view

Fortinet: The Leader in Enabling Secure Communications PowerPoint PPT Presentation

Fortinet: The Leader in Enabling Secure Communications - Malicious code exposing confidential data has increased significantly. Blended Threats. Combines the functionality of worms, viruses, trojans, malicious mobile ... | PowerPoint PPT presentation | free to view

Get Rid of Computer Adware PowerPoint PPT Presentation

Get Rid of Computer Adware - Malicious adware removal process is very difficult process when we use manual removal, but it is very easy by applying adware removal tool. www.killmalware.net/ | PowerPoint PPT presentation | free to view

Finding Security Vulnerabilities in Java Applications with Static Analysis PowerPoint PPT Presentation

Finding Security Vulnerabilities in Java Applications with Static Analysis - NetPBM PSToPNM Arbitrary Code Execution Vulnerability ... Injecting Malicious Data (1) query = 'SELECT Username, UserID, Password. FROM Users WHERE ... | PowerPoint PPT presentation | free to view