HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Image files in Penetration testing
EH-Net
May 19, 2013, 12:16:04 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Image files in Penetration testing  (Read 3629 times)
0 Members and 1 Guest are viewing this topic.
satyr
Newbie
*
Offline Offline

Posts: 41



View Profile
« on: September 23, 2010, 12:36:06 AM »
I am testing an application which takes image files (jpeg) as input.

I was thinking of ways to break the application using image files ...
I have been searching on the lines of giving the application a corrupt
image file ... there are posts about buffer overflow using jpeg
files ...

Anyone here has some experience on this ? would like to have some
pointers on this topic
Logged
dante
Jr. Member
**
Offline Offline

Posts: 58



View Profile
« Reply #1 on: September 23, 2010, 08:56:02 AM »
First I admit I have no experience regarding this.
Am assuming it is a desktop application that takes in JPEG images and either renders or process the JPEG file.
First if it is an existing desktop application look for exploits in the wild already.
If it is a new application and you got the source, try static code auditing, else if you dont have the source, then fuzzing might reveal bugs in the application.
Here is a jpeg fuzzer.
http://www.securiteam.com/tools/6P00B1FNFM.html
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #2 on: September 25, 2010, 03:44:50 PM »
What kind of application? Web app, client app, mobile app...

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #3 on: September 30, 2010, 07:31:31 AM »
If it's a Web Application, the content of the JPEG files will most likely not matter except if the application reads and parses the input somehow in a vulnerable way.

There are of course, usually other vulnerabilities included with file uploading formulas where it is occasionally possible to upload php files with a simple %00 byte added to the end of the filename.

If it's a client application aka a real program, use the jpeg fuzzer dante recommended or create your own fuzzer  Smiley
Logged
I'm an InterN0T'er
ElCapitan
Newbie
*
Offline Offline

Posts: 28


Unanimous FTP: the #1 threat to copyrights!


View Profile
« Reply #4 on: October 06, 2010, 09:54:44 PM »
How do you know it accepts JPEGs? Can you do something like

Code:
nerfarious_script.jpeg.exe
  ?

If you are authorized, try to upload several variants of files and proxy the application's response. Look for subtleties.

It may be suspectible to parameter tampering. In PHP, it would be something like
Code:
include $_REQUEST['filename’];
If it's not validating your upload parameter, try some fuzzing; for example, /../../  or  command injection.
Logged
CISSP, Security+, CEH, OPP, et alii
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.066 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.