For those of you who don’t know of LulzSec they are a hacking group that recently broke up. However, before they did break up they claims to do things such as taking the CIA website offline and the compromise of user accounts from Sony Pictures in 2011. This group was comprised of 6 main members that did a number of attacks during the summer of 2011 besides those two mention above. Also they worked with other groups such as Anonymous from time to time. In an article I found it observed some of the groups attacks and found that they use atleast 3 out of the 4 most popular attack techniques.
Attack number 1 used not just by them but by so many hackers as it is one of the most successful is the SQL Injection. An SQL injection is a technique that exploits a web application vulnerability in order to access the organizations data in an unauthorized manner. The easiest way to do the injection would be entering a bit of code into the username field so that the hacker can find out information from the system. It was found that 83% of successful attacks are SQLi.
Attack number 2 is something called remote file inclusion. RFI is used to replace a reference within the web application with any file of their own. Then once that file has been uploaded the hacker has complete control of the server ad can upload further information as well a manipulate data. The way LulzSec used this technique was by having bots perform the attacks so that it was like a DDoS and it is thought that this is how they brought down the CIA website. Its shown that RFI attacks account for only 4% of the top four most prevalent attack types.
The third attack that is listed is a directory traversal attack. This type of attack is used to go through the web applications file directory in an attempt to find hidden files that were exposed to the application. The main goal of the DT is always to try and get to the file’s parent directory. This attack took up 37% of the top four most prevalent attack types. It has also been found that the majority of the time these attacks are used more for reconnaissance than for doing damage. Once the hacker has found out other vulnerabilities he or she can proceed with an additional attack that can do some actual damage. It was found that DT is used in conjunction with RFI attacks most of the time.
The fourth and final attack is the Cross Site Scripting , or XSS. XSS is an attack that doesn’t directly attack the server, but instead targets the users of the website. The hacker uses XSS to execute scripts in a victim’s browser that could redirect the user to wherever the hacker wants or even to steal user credentials. Many applications have a vulnerability to XSS. Even Microsoft’s programs have been found to have the vulnerability and had to be patched to ensure that XSS couldn’t be used on their one program Sharepoint. The attack counts for 37% of the top four web attack techniques. Because WAAR is able to monitor these attacks however it shows that the XSS lays the foundation for a Search Engine Poisioning or SEP scheme. The hacker will create URLs and place them in forums which then get used by the search engines and as people search for these popular sites they find the fake URLs and get redirected because of the XSS.