Think You Can Hack SharePoint?

Think You Can Hack SharePoint? Think You Can Hack SharePoint? - Start

Added : 2018-10-12 Views :11K

Download Presentation

Think You Can Hack SharePoint?




Download Presentation - The PPT/PDF document "Think You Can Hack SharePoint?" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in Think You Can Hack SharePoint?

Slide1

Slide2

Think You Can Hack SharePoint?

Liam Cleary

ATC-B315

Slide3

About Me

Liam Cleary

Solution Architect in Virginia

SharePoint MVP

Past

LifeTrainerDeveloperNetwork & Server AdministratorNetwork Security Consultant (Cisco, Checkpoint & MSFT Firewalls)Maybe a little “Ethical Hacking”All aspects of SharePoint, even dreaming about it

Slide4

Agenda

The Hackers

Who are they?

SharePoint and Hacking anyone?

Hacking =

Data LeakageSecuring Infrastructures Topology DesignClose those entry points Firewall, Firewall and

more

Firewalls

Final Thoughts

Slide5

The Hackers

Slide6

The Hackers

Hackers

The real world hackers

Employees

The ones you always though you shouldn’t trust

Developers No-one trusts these guysAdministrators “We have the Power”

Slide7

SharePoint & Hacking

Slide8

Hacking Tools

Manual: SharePoint “

Brute-Force

Test Access for common URLs

Search EngineGoogle: inurl:”/_layouts/viewlsts.aspx”Bing: instreamurl:”_layouts/viewlsts.aspx”Nmap

Access Central Administration

Shared Services

Web Service Endpoints

RegEx Tools

SHODAN

Searching

WWW-authenticate

,

MicrosoftSharePointTeamServices

: 12/14/15

Slide9

What Can Be Used?

Cross Site Scripting (XSS)

Web

Services Endpoints Exposed – “

_vti_bin/spdisco.aspx

”“_layouts/viewlsts.aspx” – potential data leak“_vti_bin” – functionality can be available as anonymous“_layouts/userdisp.aspx?Force=True&ID={0}” – User Enumeration“_vti_inf.html

” – expose internal Front Page Extensions

Common functions available through Web Services

Search Principals

GetAllUserCollectionsFromWeb3

rd

Party components, such as web parts

Slide10

WGET Testing

wget

-r A.pdf --no-check-certificate https

://{siteurl}/

Forms/AllItems.aspx

Slide11

PowerShell Testing

Sample PowerShell User Enumeration Testing

Slide12

Demo

Hacking Options

Slide13

Securing Infrastructure

Slide14

Base Topology

NORMAL:

M

ulti-server farm layout

Web

Application

Database

Services

HTTP/HTTPS

Slide15

Secure Topology

SECURE:

M

ulti-server farm layout with firewall layers

Web

Application

Database

Services

HTTP/HTTPS

Slide16

Ports & Protocols

Web

Cache

Application

Search

Workflow

Intra-Farm Communication

HTTP 80

HTTPS 443

TCP 22233 - 22236

TCP / UDP – 389

TCP / UDP - 464

TCP 16500 – 16519

TCP / UDP 445

TCP / UDP 137 – 139

TCP 5725

TCP 9354 – 9356

TCP 9000 (5 Random Ports)

Slide17

Demo

Topology

Slide18

Close those entry points

Slide19

Database Protection

Block

the standard SQL Server

ports

Configure

SQL Server database instances to listen on a nonstandard portConfigure SQL client aliasesBypass the actual server nameConfigured SQL EncryptionImplement Windows Firewall Policies

Run

“Best Practice Security Analyzer” and use “Server Hardening

Guidance”

Utilize Group Policies

.aspx

Slide20

Application Protection

Implement Windows Firewall Policies

Run “Best Practice Security Analyzer” and use “Server Hardening Guidance”

Utilize Group Policies

Open “Allowed Ports” ONLY

List Common App Server Ports Here

Slide21

Web Protection

Open “Allowed Ports” ONLY

TCP 80 – HTTP

TCP 443 - HTTPS

Implement Windows Firewall PoliciesRun “Best Practice Security Analyzer” and use “Server Hardening Guidance”Utilize Group Policies

Slide22

Perimeter Protection

Open “Allowed Ports” ONLY

TCP 80 – HTTP

TCP 443 - HTTPS

Hardware / Software FirewallSSL Encryption & InspectionOffload Authentication / Delegation User Access Gateway (UAG)

Slide23

Demo

Firewall Policies

Slide24

Final Thoughts

Slide25

Final Thoughts

Page Lockdown

Fix Security Slip-Ups – manual process

Comply with Compliance and Governance Policies

Administrator can modify or delete logsSecure Web Site SQL Injection, Brute Force Password Attack and Cross Site Scripting (XSS)Understand that SharePoint is SQL Privileged Users could hack Permission for SharePointFix Search Engine Visibility Mississippi National Guard apologized for exposing personal data through their public SharePoint Site

Slide26

Final Thoughts

P

entest

your SharePoint Site

Internal – Choice External – No ChoiceEnsure Latest Patches Suggested Rule, stay two CU’s behind unless it resolves a current issueLearn to HackMake Security a to PriorityLearn to “Publish” SharePoint Correctly

technet

link goes here

Slide27

Thank You

Slide28

Related content

ATC-B309 - Live Demonstration: Hacker Tools You Should Know and Worry About

SES-B308 – Microsoft SharePoint 2013 Sharing and Security

SES-B312 – Understanding the Fundamentals of SharePoint Claims-Based Authentication

Find Me Later At the SharePoint Booth

Slide29

Trustworthy Computing Resources

Trustworthy Computing (

TwC

) is a long-term,

collaborative

effort to deliver more secure, private, and reliable computing experiences for everyone. Learn more at:http://microsoft.com/twcCloud Security Readiness ToolPass the Hash GuidanceData, Insights and Guidance (Security Intelligence Report, volume 14)and more…

Slide30

msdn

Resources for Developers

http://microsoft.com/msdn

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Resources for IT Professionals

http://microsoft.com/technet

Slide31

Complete an evaluation on CommNet and enter to win!

Slide32

Evaluate this session

Scan this QR code

to evaluate this session and be automatically entered in a drawing to

win a prize

Required Slide

*delete this box when your slide is finalizedYour MS Tag will be inserted here during the final scrub.

Slide33

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.
Youtube