• Aucun résultat trouvé

durability)Not using the

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "durability)Not using the"

Copied!
80
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)
(2)
(3)
(4)
(5)

Schema less

“ACID” (atomicity, consistency, isolation and

durability)

Not using the relational model

Built for the 21st century web estates Running well on

clusters Open-source

Support

(6)

Wide Column Store / Column Families

Hbase Cassandra

Document

Store MongoDB CouchDB

Key Value /

Tuple Store Riak Redis

Graph

Databases Neo4J DEX

(7)
(8)
(9)
(10)

No Proper Validation in API Calls

Developers Use them to Develop various Applications

PHP is easy to abuse for Mongo ,Couch, Cassandra.

(11)
(12)

Written in: C++

Main point: Retains some friendly properties of SQL. (Query, index)

Protocol: Custom, binary (BSON) Mongod is the "Mongo Daemon” running

on Port 27017 by Default Web Interface Runs on 28017 Mongo is the Client Mongod Uses MongoDB Wire Protocol (TCP/IP

Socket)

Data is Represented using JSON format

(13)
(14)

Mongo Client Mongo Client

Mongo Server

Mongo Client

(15)

Mongo Client Mongo Client

Mongo Server

Mongo Client

Sniffing,Enumeration,JS Injection,DOS

(16)
(17)

JavaScript Attacks mostly used against MongoDB Vulnerabilities Keep Popping Up

• Run command RCE

Mongo Shell Functions Purely Based on JavaScript Possible Chances to Overwrite Functions

Resource Exhaustion

Regex Matching ,plenty of JavaScript operations could be used

(18)

Mapping SQL Logical Commands to MongoDB

• and mapped to &&

• or to ||

• ‘=‘ to ‘==‘

(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)

Blocked

(27)
(28)

PHP converts parameter with brackets to arrays.

• Already addressed issue in previous researches

Lets Look at Some New vectors

• $exists

• $type

• $all

(29)
(30)

Mongo on 32 bit environment is too easy for attackers (Max Size limit 2GB)

Use command creates arbitrary schemas on the fly

Attacker could run it continuously exhausting the disk space resource as well as memory.

var i=1;while(1){use i=i+1;}

• An empty database takes up 192Mb

(31)
(32)
(33)
(34)

Backend CouchDB

Couch FUTIL

Interface Administrator

(35)

Backend CouchDB

Couch FUTIL

Interface Administrator

(36)

Written in: Erlang

CouchDB document is a JSON object Schema-Free

Main point: DB consistency, ease of use Protocol: HTTP/REST

Distributed database system

Runs on Default Port : 5984,Binds to loopback interface by default Client uses REST API to communicate with the Backend

Futon Web Interface

(37)

Admin Party = Game Over.

Auth Cookie Sniffable

Credentials Send over Unencrypted Channel

XSPA attacks in Replication (limited to port web server ports) XSS,HTML Injection in Futon Interface

DOS (Versions on 1.5 and below),File Enumeration attacks

(38)

XSS at the token interface

HTML injection can be used by attackers to lure the victim to other sites.

XSPA Attack can be used in the replication to check whether port is open or not

Blind File Name Enumeration possible within the Replication

(39)

Defaults to Expire within 10 min

Attacker gaining access would want to use these 10 min Fruitfully

NoSQL Framework kicks in with automation session grabbing and dumping necessary info.

(40)

Uses Curl Library to send the requests to the API

Un validated PHP APPS could result in calling Arbitrary API Call Execution

Download PHP on Couch:

https://github.com/dready92/PHP-on-Couch/

(41)
(42)
(43)
(44)
(45)
(46)
(47)
(48)
(49)
(50)
(51)
(52)
(53)
(54)
(55)

Sample Command

ename-command CONFIG l33tshit

rename-command CONFIG "“

(56)
(57)
(58)
(59)
(60)
(61)
(62)
(63)
(64)
(65)
(66)
(67)
(68)
(69)
(70)
(71)

A framework of one of its Kind Open Source, Written In Python

• I am not a hardcode coder(Bugs are prone ) Documented API’s

Code Download:nosqlproject.com

(72)
(73)
(74)
(75)
(76)
(77)
(78)
(79)
(80)

Références

Télécharger maintenant ( PDF - 80 Page - 10.49 MB )

Documents relatifs

TCP/IP

BTOS II Standard Software Operations Guide (relative to release 2.0 or higher) This guide contains introductory, procedural, and reference information for using the

the default is *standard-output

Constructs a menu from a list of items and returns the value associated with the selected item; also returned are the item and the mouse character that was used to select it..

Protocoles TCP/IP et DNS Protocoles TCP/IP et DNS

) Les machines sont reliées entre elles dans un même domaine logiquement et non par adressage. Exemple : 10 machines d’un même domaine appartiennent à 10 réseaux différents

Communiquer avec TCP/IP Communiquer avec TCP/IP

Les couches hautes de la pile OSI sont regroupées en une seule couche Application.. Application : http, ftp, pop, smtp, telnet, snmp, dns, … Transport : tcp, udp,

Using 3174 TCP/IP Networks

This publication is intended to help IBM and customer system engineers, system planners, system programmers and network administrators implement the TCP/IP TELNET

By default, this connection is set up by an active open from the FTP server to the FTP client

A new connection is used for each transfer; to avoid running afoul of TCP’s TIMEWAIT state, the client picks a new port number each time and sends a PORT command announcing

TCP is currently the dominant transport protocol used in the Internet

For TCP, ECN requires three new mechanisms: negotiation between the endpoints during setup to determine if they are both ECN-capable; an ECN-Echo flag in the TCP header so

Introduction TCP uses the RST (Reset) bit in the TCP header to reset a TCP connection

The Complications of Modifying Packet Headers in the Network In addition to firewalls that send resets in response to ECN-setup SYN packets and firewalls that drop ECN-setup