sQuo Posted August 9, 2012 Share Posted August 9, 2012 This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up AntiDef is written in order to handle with defacement attacks. This tool written in Java in a fast-and-dirty manner; However is works. AntiDef+Defacement+Protector This tool is working straight forward. Server administrator should run the application with the following specific parameters: path to the copy of the web site (source), path to the application directory, path to log directory and few more optional parameters. This tool compares the source and the destination files, then copies the "defaced" files if any change occurs. The comparison occurs by default every 60 seconds, but can be defined differently. Defacement scenarios 1. RFI (Remote File Inclusion) attack, which enables the attacker to include remote file on the web site. 2. Exploitation of file upload vulnerability that includes directory traversal. 3. SQL injection on systems that hold the dynamic data on database, e.g. CMS (Content Management Systems). 4. CSRF on administrative actions, e.g. commit edited changed in CMS. How AntiDef works? AntiDef compares two directory paths - the web application and its backup foder. Then, it performs hash (MD5 - we need performance) on each file in the folders and a final hash on all hashed files. The final hashes of the source and the destination are compared. If they are different, then defacement is found. In this case, only the defaced files are moved (by default) to pre-defined "Defaced" folder and then replaced by the backup legitimate files. Then "Defaced" folder includes the malicious files, a timestamp of the defacement and a log. AntiDef compares the two paths above every 60 seconds, but it can be defined differently. The full manual is described by running the tool without parameters, i.e. java -jar AntiDef.jar This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts