SharePoint Security. Advanced SharePoint Security Tips and Tools. Presented by: Francis Brown Stach & Liu, LLC www.stachliu.com

SharePoint Security Advanced SharePoint Security Tips and Tools 22 Feb 2012 OWASP L.A. 2012 Los Angeles, CA Presented by: Francis Brown Stach & Liu, LLC www.stachliu.com

Agenda O V E R V I E W Brief Intro to SharePoint Overview of Major Components SharePoint Security Security Tips and Tools 2

Background G E T T I N G U P T O S P E E D 3

Background MS SharePoint Products & Technologies Windows SharePoint Services (WSS) Office SharePoint Server 2007/2010 (MOSS) SharePoint Designer 2007/2010 (SPD) 4

Core Components MS SharePoint Products & Technologies 5

Core Components MS SharePoint Products & Technologies 6

Core Components MS SharePoint Products & Technologies 7

Centralized Portal MS SharePoint Products & Technologies 8

Site Hierarchy Intro to SharePoint 9

SharePoint Site Hierarchy Intro to SharePoint Base Site URLs: http://learnsouth/ http://learnsouth/media/ http://learnsouth/revisions/ http://learnsouth/schools/ http://learnsouth/schools/schoola/ http://learnsouth/schools/schoolb/ http://learnsouth/schools/schoolc/ 10

Site Structure Intro to SharePoint 11

Site Navigation Intro to SharePoint 12

Security Tips W H A T Y O U S H O U L D K N O W 13

WikiLeaks and SharePoint R I S K O F E X P O S U R E Wget scripts targeting SharePoint downloads 250,000 government cables sent to WikiLeaks 14

Security Tips S H A R E P O I N T S E C U R I T Y # Security Tip 1 Know your external exposure 2 Beware of normal users with excessive access 3 Spot check user permissions and inheritance 4 Beware 3 rd party plugins/code BUT not too much 5 Backup every which way from Sunday 15

Security Tip #1 K N O W Y O U R E X T E R N A L E X P O S U R E 16

External Exposure F I N D I N G H O L E S 1. Google Hack yourself 1. Search Google for exposed SharePoint admin pages 2. E.g. inurl:"/_catalogs/wt/ 3. NEW: SharePoint Google Regexs for S&L SearchDiggity 121 queries 4. Coming Soon: SharePoint Bing Dictionary 5. SHODAN searching for SharePoint servers 6. SharePoint Hacking Alerts 2. SharePoint URL Brute-forcing 1. Forceful browse to common SharePoint extensions to test access 2. NEW: Tool to bruteforce SharePoint URLs 101 known extensions 3. Nmap for other SharePoint administrative apps 1. E.g. Central Administration, Shared Service Providers (SSP) 17

External Exposure S H A R E P O I N T A D M I N W E B A P P S 18

External Exposure G O O G L E H A C K I N G S H A R E P O I N T 19

External Exposure G O O G L E H A C K I N G S H A R E P O I N T 20

External Exposure G O O G L E H A C K I N G S H A R E P O I N T 21

External Exposure B I N G H A C K I N G S H A R E P O I N T 22

External Exposure S H O D A N F O R S H A R E P O I N T 23

External Exposure S H A R E P O I N T H A C K I N G A L E R T S 24

S H A R E P O I N T H A C K I N G T O O L S DEMO 25

External Exposure S H A R E P O I N T U R L B R U T E F O R C I N G 26

Security Tip #2 B E W A R E U S E R S W I T H E X C E S S I V E A C C E S S 27

Excessive User Access M O R E T H A N Y O U B A R G A I N E D F O R... Web Services examples Admin.asmx Permissions.asmx User Administration examples People and Groups Add Users PeoplePicker 28

C O N T I N U E D S H A R E P O I N T H A C K I N G DEMO 29

Excessive User Access S H A R E P O I N T W E B S E R V I C E S 30

Security Tip #3 C H E C K P E R M I S S I O N S A N D I N H E R I T A N C E 31

User Permissions S E C U R I T Y T I P S 32

User Permissions S E C U R I T Y T I P S 33

User Permissions S E C U R I T Y T I P S 34

Security Tools U S E R P E R M I S S I O N S 35

Security Tools U S E R P E R M I S S I O N S 36

Security Tools U S E R P E R M I S S I O N S 37

Security Tools U S E R P E R M I S S I O N S 38

Security Tools U S E R P E R M I S S I O N S 39

Security Tip #4 B E W A R E 3 RD P A R T Y C O D E N O T T O O M U C H 40

3 RD Party Plugins N E C E S S A R Y E V I L SharePoint without 3 rd party plugins is like an iphone with no apps Solutions, Features Web Parts, Templates If too strict, people will circumvent you Leads to rogue SharePoint deployments 41

Detect Rogue SharePoint R O G U E D E P L O Y M E N T S Quest Software - Server Administrator for SharePoint 42

Detect Rogue SharePoint R O G U E D E P L O Y M E N T S McAfee - Network Discovery for Microsoft SharePoint 43

3 RD Party Plugins S O L U T I O N S 44

3 RD Party Plugins S O L U T I O N S 45

3 RD Party Plugins F E A T U R E S 46

3 RD Party Plugins F E A T U R E S 47

3 RD Party Plugins F U T U R E S E C U R I T Y SharePoint 2010 has sandboxed solutions Minimize risk of running untrusted 3 rd party plugins 48

3 RD Party Plugins S A N D B O X E D S O L U T I O N S 49

Security Tip #5 B A C K U P E V E R Y W H I C H W A Y F R O M S U N D A Y 50

Backups M A N Y M E T H O D S M O S T T E R R I B L E 1. Microsoft System Center: Data Protection Manager 2. Windows 2003/2008 Server backups 3. Stsadm.exe cmdline tool backups 4. Central Administration v3 backups 5. SharePoint Designer backups 6. Site and List template backups 7. Raw MS SQL database backups 51

Backups S H A R E P O I N T D E S I G N E R 52

Backups S T S A D M / C E N T R A L A D M I N I S T R A T I O N 53

Backups S I T E A N D L I S T T E M P L A T E S 54

Backups S I T E A N D L I S T T E M P L A T E S 55

Backups R A W S Q L D A T A B A S E S 56

Questions? Ask us something We ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com

Thank You Stach & Liu SharePoint Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/sharepoint-hacking-diggity-project/ 58