SharePoint Security Advanced SharePoint Security Tips and Tools 22 - - PowerPoint PPT Presentation

sharepoint security
SMART_READER_LITE
LIVE PREVIEW

SharePoint Security Advanced SharePoint Security Tips and Tools 22 - - PowerPoint PPT Presentation

Jan 18, 2024 26 likes •606 views

SharePoint Security Advanced SharePoint Security Tips and Tools 22 Feb 2012 OWASP L.A. 2012 Los Angeles, CA Presen sented ed b by: Francis Brown Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W Br Brief ef Int

slide-1
SLIDE 1

SharePoint Security

Advanced SharePoint Security Tips and Tools

22 Feb 2012 – OWASP L.A. 2012 – Los Angeles, CA

Presen sented ed b by: Francis Brown Stach & Liu, LLC www.stachliu.com

slide-2
SLIDE 2

Agenda

2

  • Br

Brief ef Int Intro t to S Shar harePoint

  • Overview of Major Components
  • SharePoin

int S t Security ity

  • Security Tips and Tools

O V E R V I E W

slide-3
SLIDE 3

Background

3

G E T T I N G U P T O S P E E D

slide-4
SLIDE 4

Background

4

MS SharePoint Products & Technologies

  • Wi

Wind ndows S s Shar harePoint Services ( es (WSS) )

  • Office

e ShareP ePoint nt S Server er 2007/2010 ( 7/2010 (MOSS)

  • ShareP

ePoint nt D Designer ner 2007/2010 ( 7/2010 (SPD)

slide-5
SLIDE 5

Core Components

5

MS SharePoint Products & Technologies

slide-6
SLIDE 6

Core Components

6

MS SharePoint Products & Technologies

slide-7
SLIDE 7

Core Components

7

MS SharePoint Products & Technologies

slide-8
SLIDE 8

Centralized Portal

8

MS SharePoint Products & Technologies

slide-9
SLIDE 9

9

Site Hierarchy

Intro to SharePoint

slide-10
SLIDE 10

10

SharePoint Site Hierarchy

Intro to SharePoint

Base Base Site UR URLs: s:

  • http://learnsouth/
  • http://learnsouth/Media/
  • http://learnsouth/Revisions/
  • http://learnsouth/Schools/
  • http://learnsouth/Schools/SchoolA/
  • http://learnsouth/Schools/SchoolB/
  • http://learnsouth/Schools/SchoolC/
slide-11
SLIDE 11

11

Site Structure

Intro to SharePoint

slide-12
SLIDE 12

12

Site Navigation

Intro to SharePoint

slide-13
SLIDE 13

Security Tips

13

W H A T Y O U S H O U L D K N O W

slide-14
SLIDE 14

WikiLeaks and SharePoint

R I S K O F E X P O S U R E

14

  • Wget scripts targeting SharePoint downloads
  • 250,000 government cables sent to WikiLeaks
slide-15
SLIDE 15

Security Tips

15

S H A R E P O I N T S E C U R I T Y

# Security Tip 1 Know your external exposure… 2 Beware of normal users with excessive access… 3 Spot check user permissions and inheritance… 4 Beware 3rd party plugins/code…BUT not too much… 5 Backup every which way from Sunday… …

slide-16
SLIDE 16

Security Tip #1

16

K N O W Y O U R E X T E R N A L E X P O S U R E

slide-17
SLIDE 17

External Exposure

F I N D I N G H O L E S

17

1. 1. “Googl gle H Hack ck y yourse self”

  • 1. Search Google for exposed SharePoint admin pages
  • 2. E.g. inurl:"/_catalogs/wt/“

3.

  • 3. NEW

EW: SharePoint Google Regexs for S&L SearchDiggity – 121 queries

  • 4. Coming Soon: SharePoint Bing Dictionary
  • 5. SHODAN searching for SharePoint servers
  • 6. SharePoint Hacking Alerts

2. 2. Sha SharePoint nt U URL B Brut ute-forcing

  • 1. Forceful browse to common SharePoint extensions to test access

2.

  • 2. NEW

EW: Tool to bruteforce SharePoint URLs – 101 known extensions

3. 3. Nmap ap for r other r Share rePoint a administrat rative a apps ps

  • 1. E.g. Central Administration, Shared Service Providers (SSP)
slide-18
SLIDE 18

External Exposure

S H A R E P O I N T A D M I N W E B A P P S

18

slide-19
SLIDE 19

External Exposure

G O O G L E H A C K I N G S H A R E P O I N T

19

slide-20
SLIDE 20

External Exposure

G O O G L E H A C K I N G S H A R E P O I N T

20

slide-21
SLIDE 21

External Exposure

G O O G L E H A C K I N G S H A R E P O I N T

21

slide-22
SLIDE 22

External Exposure

B I N G H A C K I N G S H A R E P O I N T

22

slide-23
SLIDE 23

External Exposure

S H O D A N F O R S H A R E P O I N T

23

slide-24
SLIDE 24

External Exposure

S H A R E P O I N T H A C K I N G A L E R T S

24

slide-25
SLIDE 25

DEMO DEMO

S H A R E P O I N T H A C K I N G T O O L S

25

slide-26
SLIDE 26

External Exposure

S H A R E P O I N T U R L B R U T E F O R C I N G

26

slide-27
SLIDE 27

Security Tip #2

27

B E W A R E U S E R S W I T H E X C E S S I V E A C C E S S

slide-28
SLIDE 28

Excessive User Access

M O R E T H A N Y O U B A R G A I N E D F O R . . .

28

  • Web Services e

es exampl mples es

  • Admin.asmx
  • Permissions.asmx
  • User A

Admini nist strat ation n exampl mples es

  • “People and Groups”
  • ”Add Users”
  • “PeoplePicker”
slide-29
SLIDE 29

DEMO DEMO

C O N T I N U E D S H A R E P O I N T H A C K I N G

29

slide-30
SLIDE 30

Excessive User Access

S H A R E P O I N T W E B S E R V I C E S

30

slide-31
SLIDE 31

Security Tip #3

31

C H E C K P E R M I S S I O N S A N D I N H E R I T A N C E

slide-32
SLIDE 32

User Permissions

32

S E C U R I T Y T I P S

slide-33
SLIDE 33

User Permissions

33

S E C U R I T Y T I P S

slide-34
SLIDE 34

User Permissions

34

S E C U R I T Y T I P S

slide-35
SLIDE 35

Security Tools

35

U S E R P E R M I S S I O N S

slide-36
SLIDE 36

36

Security Tools

U S E R P E R M I S S I O N S

slide-37
SLIDE 37

37

Security Tools

U S E R P E R M I S S I O N S

slide-38
SLIDE 38

38

Security Tools

U S E R P E R M I S S I O N S

slide-39
SLIDE 39

39

Security Tools

U S E R P E R M I S S I O N S

slide-40
SLIDE 40

Security Tip #4

40

B E W A R E 3RD P A R T Y C O D E… N O T T O O M U C H

slide-41
SLIDE 41

3RD Party Plugins

N E C E S S A R Y E V I L

41

  • SharePoint without 3rd party plugins is

like an iPhone with no apps

  • Solutions, Features
  • Web Parts, Templates
  • If too strict, people will circumvent you
  • Leads to rogue

e Sha hareP ePoint nt d dep eployment ents

slide-42
SLIDE 42

Detect Rogue SharePoint

R O G U E D E P L O Y M E N T S

42

Quest Software - Server Administrator for SharePoint

slide-43
SLIDE 43

Detect Rogue SharePoint

R O G U E D E P L O Y M E N T S

43

McAfee - Network Discovery for Microsoft SharePoint

slide-44
SLIDE 44

3RD Party Plugins

S O L U T I O N S

44

slide-45
SLIDE 45

3RD Party Plugins

S O L U T I O N S

45

slide-46
SLIDE 46

3RD Party Plugins

F E A T U R E S

46

slide-47
SLIDE 47

3RD Party Plugins

F E A T U R E S

47

slide-48
SLIDE 48

3RD Party Plugins

F U T U R E S E C U R I T Y

48

  • SharePoint 2010 has sandboxed solutions
  • Minimize risk of running untrusted 3rd party plugins
slide-49
SLIDE 49

3RD Party Plugins

S A N D B O X E D S O L U T I O N S

49

slide-50
SLIDE 50

Security Tip #5

50

B A C K U P E V E R Y W H I C H W A Y F R O M S U N D A Y

slide-51
SLIDE 51

Backups

M A N Y M E T H O D S … M O S T T E R R I B L E

51

1. Microsoft System Center: Data Protection Manager 2. Windows 2003/2008 Server backups 3. Stsadm.exe cmdline tool backups 4. Central Administration v3 backups 5. SharePoint Designer backups 6. Site and List template backups 7. Raw MS SQL database backups

slide-52
SLIDE 52

Backups

S H A R E P O I N T D E S I G N E R

52

slide-53
SLIDE 53

Backups

S T S A D M / C E N T R A L A D M I N I S T R A T I O N

53

slide-54
SLIDE 54

Backups

S I T E A N D L I S T T E M P L A T E S

54

slide-55
SLIDE 55

Backups

S I T E A N D L I S T T E M P L A T E S

55

slide-56
SLIDE 56

Backups

R A W S Q L D A T A B A S E S

56

slide-57
SLIDE 57

Questions? Ask us something We’ll try to answer it.

For

  • r m

mor

  • re i

e info:

  • :

Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com

slide-58
SLIDE 58

Thank You

58

Stach ach & & Li Liu S Shar arePoint Hack acking g Diggi ggity Pr Proj

  • ject i

info:

  • :

http://www.stachliu.com/index.php/resources/tools/sharepoint-hacking-diggity-project/