Athena TaiLieu Su Dung BackTrack KiemTra AnNinhMang

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn 1

Ti Liu:

NGHIN CU V HNG DN

S DNG CC CHC NNG

BACKTRACK

KIM TRA AN NINH MNG (Lu Hnh Ni B)


Phn I. GII THIU V BO MT

1. Gii thiu

1.1. Bo mt l g?

Hin nay vi s pht trin ca thi i cng ngh thng tin. Nhu cu trao i, chia s thng tin

rt l ln. Khi internet ra i vi mc tiu xa b khong cch a l mi ngi trn th gii

c th n gn bn nhau chi s ti nguyn, ti liu, thng tin v..vv.

Chnh v iu nn vic b tn tht, mt mt, h hi, ly cp ti liu tr nn d dng hn.

Cng giao thip rng th cng d b tn cng, l quy lut. Cho nn vic bo mt thng tin l

ht sc cn thit bo v tnh ring t trnh nhng xm phm tri php.

1.2. Nhng loi ti nguyn cn c bo mt?

C hai loi ti nguyn cn c bo v:

Ti nguyn phm mm: Bao gm cc loi d liu m ta c

m bo c tnh bo mt ca ti nguyn phn mm cn m bo 3 yu tnh cht sau:

Tnh b mt : Ch cho php nhng ngi dng c lien quan s dng c.

Tnh sn sng: D liu lun lun sn sng p ng khi c yu cu.

Tnh ton ven: D liu khng b thay i bt hp php.

Ti nguyn phn cng: Bao gm cc thit b my tnh cng, a, cc thit bi lu tr,

cc thit b mng.

Uy tnh c nhn cng l mt iu quan trng. Hacker c th li dng s h v thng tin c

nhn e da v phc v cc mc ch tn cng cc nn nhn khc.

1.3. nh ngha k tn cng?

Ngi ta thng gi k tn cng l Hacker v hin nay Hacker c chia lm ba loi nh sau:

Hacker m en: y l loi hacker tn cng nn nhn ly cp, ph hy thng tin nhm mc

ch xu. Hacker m en l mt loi ti phm cng ngh cn phi ln n v trng tr trc php

lut.


Hacker m trng: y c th l cc chuyn vin v h thng mng cc chuyn gia bo mt, h

cng tn cng cc h thng my tnh nhng vi mc ch tm ra cc l hng bo mt c th v

li hoc a ra cc xut bo mt.

Hacker m xm: y l loi hnh hacker kt hp gia hai loi hnh trn. Gii hn ca hacker

m trng v hacker m en rt mong manh.

Mt cch nh ngha khc:

Hacker l lp trnh vin gii.

Hacker l chuyn vin h thng v mng.

Hacker l chuyn gia v phn cng.

2. Vn v l hng bo mt

2.1. nh ngha:

Cc l hng bo mt trn mt h thng l cc im yu c th to ra s ngng tr ca dch v,

thm quyn i vi ngi s dng hoc cho php cc truy nhp khng hp php vo h thng.

Cc l hng cng c th nm ngay cc dch v cung cp nh sendmail, web, ftp Ngoi ra cc

l hng cn tn ti ngay chnh ti h iu hnh nh trong Windows XP, Windows NT, UNIX;

hoc trong cc ng dng m ngi s dng thng xuyn s dng nh Word processing,trong

cc databases

2.2. Phn loi:

C rt nhiu cch phn loi l hng, theo B Quc Phng M th c phn nh sau:

Loi C: Cc l hng loi ny cho php thc hin cc cuc tn cng DoS. DoS l hnh thc tn

cng s dng cc giao thc tng Internet trong b giao thc TCP/IP lm h thng ngng tr

dn n tnh trng t chi ngi s dng hp php truy nhp hay s dng h thng. Mt s

lng ln cc gi tin c gi ti server trong khong thi gian lin tc lm cho h thng tr

nn qu ti, kt qu l server p ng chm hoc khng th p ng cc yu cu t client gi ti.

Cc dch v c cha ng l hng cho php thc hin cc cuc tn cng DoS c th c

nng cp hoc sa cha bng cc phin bn mi hn ca cc nh cung cp dch v. Hin nay,

cha c mt gii php ton din no khc phc cc l hng loi ny v bn thn vic thit k

giao thc tng Internet (IP) ni ring v b giao thc TCP/IP cha ng nhng nguy c

tim tng ca cc l hng ny.


Tuy nhin, mc nguy him ca cc l hng loi ny c xp loi C; t nguy him v chng

ch lm gin on cung cp dch v ca h thng trong mt thi gian m khng lm nguy hi n

d liu v ngi tn cng cng khng t c quyn truy nhp bt hp php vo h thng.

Loi B: L hng loi ny c mc nguy him hn l hng loi C, cho php ngi s dng

ni b c th chim c quyn cao hn hoc truy nhp khng hp php.

Nhng l hng loi ny thng xut hin trong cc dch v trn h thng. Ngi s dng local

c hiu l ngi c quyn truy nhp vo h thng vi mt s quyn hn nht nh.

Loi A: Cc l hng ny cho php ngi s dng ngoi c th truy nhp vo h thng bt

hp php. L hng rt nguy him, c th lm ph hy ton b h thng.

3. Cc loi tn cng ca hacker

C kh nhiu kiu tn cng khc nhau rt a dng. T nhng kiu tn cng n gin m ai

cng thc hin c, n nhng kiu tn cng tinh vi v gy hu qu nghim trng. Sau ay l

mt s kiu tn cng.

3.1. Tn cng trc tip

S dng mt my tnh tn cng mt my tnh khc vi mc ch d tm mt m, tn ti

khon tng ng, . H c th s dng mt s chng trnh gii m gii m cc file cha

password trn h thng my tnh ca nn nhn. Do , nhng mt khu ngn v n gin thng

rt d b pht hin.

Ngoi ra, hacker c th tn cng trc tip thng qua cc li ca chng trnh hay h iu hnh

lm cho h thng t lit hoc h hng. Trong mt s trng hp, hacker ot c quyn ca

ngi qun tr h thng.

3.2. K thut nh la : Social Engineering

y l th thut c nhiu hacker s dng cho cc cuc tn cng v thm nhp vo h thng

mng v my tnh bi tnh n gin m hiu qu ca n. Thng c s dng ly cp mt

khu, thng tin, tn cng vo v ph hy h thng.

V d : k thut nh la Fake Email Login.

V nguyn tc, mi khi ng nhp vo hp th th bn phi nhp thng tin ti khon ca mnh

bao gm username v password ri gi thng tin n Mail Server x l. Li dng vic ny,

nhng ngi tn cng thit k mt trng web ging ht nh trang ng nhp m bn hay s

dng. Tuy nhin, l mt trang web gi v tt c thng tin m bn in vo u c gi n

cho h. Kt qu, bn b nh cp mt khu !


Nu l ngi qun tr mng, bn nn ch v d chng trc nhng email, nhng messengers,

cc c in thoi yu cu khai bo thng tin. Nhng mi quan h c nhn hay nhng cuc tip

xc u l mt mi nguy him tim tng.

1.1. K thut tn cng vo vng n

Nhng phn b du i trong cc website thng cha nhng thng tin v phin lm vic ca

cc client. Cc phin lm vic ny thng c ghi li my khch ch khng t chc c s d

liu trn my ch. V vy, ngi tn cng c th s dng chiu chc View Source ca trnh

duyt c phn u i ny v t c th tm ra cc s h ca trang Web m h mun tn

cng. T , c th tn cng vo h thng my ch.

V d: Mt website cho php bn sa cc cp thnh vin Mod, Members, Banned nhng

khng cho php bn sa ln cp Admin. Bn th View Code ca website ny, bn c th thy

nh sau :

Moderator

Member

Banned

T dng m trn, bn c th suy lun nh sau: Banned s mang gi tr l 3, Member mang gi

tr 2, Moderator mang gi tr 1. Vy bn c th suy lun Admin c gi tr l 0 chng hn. Tip

tc, bn lu trang setting member , sau chuyn sang mt trnh text hiu chnh on code

nh sau :

Admin

Moderator

Member

Banned


n y, bn m trang web v nhn submit. Lc ny vn khng c chuyn g xy ra.

Nhng bn nn lu n mt chiu thc ny khai thng l hng ca n : dng lnh

V d : http://www.hcmut.edu.vn/sinhvien/xemdiem.php sa code nh sau :

.

Admin

Moderator

Member

Banned

By gi bn th submit mt ln na v xem kt qu. Bn s thnh cng nu code n.

3.3. Tn cng vo cc l hng bo mt

Hin, nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh, cc web

server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l hng v a ra cc

phin bn mi sau khi v li cc l hng ca cc phin bn trc. Do , ngi s dng phi

lun cp nht thng tin v nng cp phin bn c m mnh ang s dng nu khng cc hacker

s li dng iu ny tn cng vo h thng.

Thng thng, cc forum ca cc hng ni ting lun cp nht cc l hng bo mt v vic

khai thc cc l hng nh th no th ty tng ngi.

3.3.1. Khai thc tnh trng trn b m

Trn b m l mt tnh trng xy ra khi d liu c gi qu nhiu so vi kh nng x l ca

h thng hay CPU. Nu hacker khai thc tnh trng trn b m ny th h c th lm cho h

thng b t lit hoc lm cho h thng mt kh nng kim sot.

khai thc c vic ny, hacker cn bit kin thc v t chc b nh, stack, cc lnh gi

hm. Shellcode.


Khi hacker khai thc li trn b m trn mt h thng, h c th ot quyn root trn h

thng . i vi nh qun tr, trnh vic trn b m khng my kh khn, h ch cn to cc

chng trnh an ton ngay t khi thit k.

3.3.2. Nghe trm

Cc h thng truyn t thng tin qua mng i khi khng chc chn lm v li dng iu ny,

hacker c th truy cp vo data paths nghe trm hoc c trm lung d liu truyn qua.

Hacker nghe trm s truyn t thng tin, d liu s chuyn n sniffing hoc snooping. N s

thu thp nhng thng tin qu gi v h thng nh mt packet cha password v username ca

mt ai . Cc chng trnh nghe trm cn c gi l cc sniffing. Cc sniffing ny c nhim

v lng nghe cc cng ca mt h thng m hacker mun nghe trm. N s thu thp d liu trn

cc cng ny v chuyn v cho hacker.

3.3.3. K thut gi mo a ch

Thng thng, cc mng my tnh ni vi Internet u c bo v bng bc tng la(fire

wall). Bc tng la c th hiu l cng duy nht m ngi i vo nh hay i ra cng phi qua

v s b im mt. Bc tng la hn ch rt nhiu kh nng tn cng t bn ngoi v gia

tng s tin tng ln nhau trong vic s dng to nguyn chia s trong mng ni b.

S gi mo a ch ngha l ngi bn ngoi s gi mo a ch my tnh ca mnh l mt trong

nhng my tnh ca h thng cn tn cng. H t t a ch IP ca my tnh mnh trng vi a

ch IP ca mt my tnh trong mng b tn cng. Nu nh lm c iu ny, hacker c th ly

d liu, ph hy thng tin hay ph hoi h thng.

3.3.4. K thut chn m lnh

Mt k thut tn cng cn bn v c s dng cho mt s k thut tn cng khc l chn m

lnh vo trang web t mt my khch bt k ca ngi tn cng.

K thut chn m lnh cho php ngi tn cng a m lnh thc thi vo phin lm vic trn

web ca mt ngi dng khc. Khi m lnh ny chy, n s cho php ngi tn cng thc hin

nhiu nhiu chuyn nh gim st phin lm vic trn trang web hoc c th ton quyn iu

khin my tnh ca nn nhn. K thut tn cng ny thnh cng hay tht bi ty thuc vo kh

nng v s linh hot ca ngi tn cng.

3.3.5. Tn cng vo h thng c cu hnh khng an ton

Cu hnh khng an ton cng l mt l hng bo mt ca h thng. Cc l hng ny c to

ra do cc ng dng c cc thit lp khng an ton hoc ngi qun tr h thng nh cu hnh

khng an ton. Chng hn nh cu hnh my ch web cho php ai cng c quyn duyt qua h


thng th mc. Vic thit lp nh trn c th lm l cc thng tin nhy cm nh m ngun, mt

khu hay cc thng tin ca khch hng.

Nu qun tr h thng cu hnh h thng khng an ton s rt nguy him v nu ngi tn cng

duyt qua c cc file pass th h c th download v gii m ra, khi h c th lm c

nhiu th trn h thng.

3.3.6. Tn cng dng Cookies

Cookie l nhng phn t d liu nh c cu trc c chia s gia website v trnh duyt ca

ngi dng.

Cookies c lu tr di nhng file d liu nh dng text (size di 4KB). Chng c cc

site to ra lu tr, truy tm, nhn bit cc thng tin v ngi dng gh thm site v nhng

vng m h i qua trong site. Nhng thng tin ny c th bao gm tn, nh danh ngi dng,

mt khu, s thch, thi quen,

Cookies c Browser ca ngi dng chp nhn lu trn a cng ca my tnh, khng phi

Browser no cng h tr cookies.

3.3.7. Can thip vo tham s trn URL

y l cch tn cng a tham s trc tip vo URL. Vic tn cng c th dng cc cu lnh

SQL khai thc c s d liu trn cc my ch b li. in hnh cho k thut tn cng ny l

tn cng bng li SQL INJECTION.

Kiu tn cng ny gn nh nhng hiu qu bi ngi tn cng ch cn mt cng c tn cng

duy nht l trnh duyt web v backdoor.

3.3.8. V hiu ha dch v

Kiu tn cng ny thng thng lm t lit mt s dch v, c gi l DOS (Denial of

Service - Tn cng t chi dch v).

Cc tn cng ny li dng mt s li trong phn mm hay cc l hng bo mt trn h thng,

hacker s ra lnh cho my tnh ca chng a nhng yu cu khng u vo u n cc my

tnh, thng l cc server trn mng. Cc yu cu ny c gi n lin tc lm cho h thng

nghn mch v mt s dch v s khng p ng c cho khch hng.

i khi, nhng yu cu c trong tn cng t chi dch v l hp l. V d mt thng ip c

hnh vi tn cng, n hon ton hp l v mt k thut. Nhng thng ip hp l ny s gi cng

mt lc. V trong mt thi im m server nhn qu nhiu yu cu nn dn n tnh trng l

khng tip nhn thm cc yu cu. l biu hin ca t chi dch v.


3.3.9. Mt s kiu tn cng khc

L hng khng cn login

Nu nh cc ng dng khng c thit k cht ch, khng rng buc trnh t cc bc khi

duyt ng dng th y l mt l hng bo mt m cc hacker c th li dng truy cp thng

n cc trang thng tin bn trong m khng cn phi qua bc ng nhp.

Thay i d liu

Sau khi nhng ngi tn cng c c d liu ca mt h thng no , h c th thay i

d liu ny m khng quan tm n ngi gi v ngi nhn n. Nhng hacker c th sa i

nhng thng tin trong packet d liu mt cch d dng.

Password-base Attact

Thng thng, h thng khi mi cu hnh c username v password mc nh. Sau khi cu

hnh h thng, mt s admin vn khng i li cc thit lp mc nh ny. y l l hng gip

nhng ngi tn cng c th thm nhp vo h thng bng con ng hp php. Khi ng

nhp vo, hacker c th to thm user, ci backboor cho ln vin thm sau.

Identity Spoofing

Cc h thng mng s dng IP address nhn bit s tn ti ca mnh. V th a ch IP l s

quan tm hng u ca nhng ngi tn cng. Khi h hack vo bt c h thng no, h u bit

a ch IP ca h thng mng . Thng thng, nhng ngi tn cng gi mo IP address

xm nhp vo h thng v cu hnh li h thng, sa i thng tin,

Vic to ra mt kiu tn cng mi l mc ch ca cc hacker. Trn mng Internet hin nay, c

th s xut hin nhng kiu tn cng mi c khai sinh t nhng hacker thch my m v sng

to. Bn c th tham gia cc din n hacking v bo mt m rng kin thc.

4. Cc bin php pht hin h thng b tn cng

Khng c mt h thng no c th m bo an ton tuyt i, bn thn mi dch v u c

nhng l hng bo mt tim tng. ng trn gc ngi qun tr h thng, ngoi vic tm hiu

pht hin nhng l hng bo mt cn lun phi thc hin cc bin php kim tra h thng xem

c du hiu tn cng hay khng. Cc bin php l:

Kim tra cc du hiu h thng b tn cng: h thng thng b treo hoc b crash bng nhng

thng bo li khng r rng. Kh xc nh nguyn nhn do thiu thng tin lin quan. Trc tin,

xc nh cc nguyn nhn v phn cng hay khng, nu khng phi phn cng hy ngh n kh

nng my b tn cng.


Kim tra cc ti khon ngi dng mi trn h thng: mt s ti khon l, nht l uid ca ti

khon c uid= 0.

Kim tra xut hin cc tp tin l. Thng pht hin thng qua cch t tn cc tp tin, mi

ngi qun tr h thng nn c thi quen t tn tp tin theo mt mu nht nh d dng pht

hin tp tin l. Dng cc lnh ls -l kim tra thuc tnh setuid v setgid i vi nhng tp tinh

ng ch (c bit l cc tp tin scripts).

Kim tra thi gian thay i trn h thng, c bit l cc chng trnh login, sh hoc cc

scripts khi ng trong /etc/init.d, /etc/rc.d

Kim tra hiu nng ca h thng. S dng cc tin ch theo di ti nguyn v cc tin trnh

ang hot ng trn h thng nh ps hoc top

Kim tra hot ng ca cc dch v m h thng cung cp. Chng ta bit rng mt trong

cc mc ch tn cng l lm cho t lit h thng (Hnh thc tn cng DoS). S dng cc lnh

nh ps, pstat, cc tin ch v mng pht hin nguyn nhn trn h thng.

Kim tra truy nhp h thng bng cc account thng thng, phng trng hp cc account

ny b truy nhp tri php v thay i quyn hn m ngi s dng hp php khng kim sot

c.

Kim tra cc file lin quan n cu hnh mng v dch v nh /etc/inetd.conf; b cc dch v

khng cn thit, i vi nhng dch v khng cn thit chy di quyn root th khng chy

bng cc quyn yu hn.

Kim tra cc phin bn ca sendmail, /bin/mail, ftp, tham gia cc nhm tin v bo mt c

thng tin v l hng ca dch v s dng

4.1. Cc quy tc bo mt

Ti trung tm hi p v an ton bo mt thng tin ca hng Microsoft, hng nghn cc bn

bo co v an ninh h thng c nghin cu trong mi nm. Trong mt s trng hp, kt

qu v mc an ton ca h thng xut pht t li trong sn phm. iu ny c ngha l s c

mt bn sa li pht trin ngay sau khc phc li va tm c. Trong mt s trng hp,

cc vn c bo co l kt qu n gin do li ca ai to ra trong qu trnh s dng sn

phm. Nhng li c rt nhiu trng hp m khng ri vo hai trng hp trn. chnh l cc

vn an ton bo mt thng tin thc s, nhng cc vn ny li khng do cc thiu st t sn

phm. Theo nm thng, mt danh sch v nhng vn nh vy c pht trin gi l Mi

quy tc then cht v an ton v bo mt.


ng gi h thng ca bn hot ng trong khi ch i mt phin bn sa li mi m hy bo

v bn t cc vn m chng ti a ra di y. Cc li ny khng th do Microsoft hay bt

k cc nh sn xut phn mm no c th sa c, bi v chng c to ra do chnh cch hot

ng ca cc my tnh. Nhng cng ng nh mt ht hi vng iu ny ph thuc vo chnh

bn thn bn vi cc li ny v nu bn gi chng trong u mnh bn c th ci thin mt cch

ng k cc h thng bo mt ca bn.

Mi Quy Tc Then Cht Trong Bo Mt

Quy tc 1 : Nu mt ngi no c th thuyt phc bn chy chng trnh ca anh ta

trn my tnh ca bn, N s khng cn l my tnh ca bn na.

Quy tc 2: Nu mt ngi no c th sa i h iu hnh trn my tnh ca bn,

N s khng cn l my tnh ca bn na.

Quy tc 3: Nu mt ngi no truy cp vt l khng hn ch ti my tnh ca bn.

N s khng cn l my tnh ca bn na.

Quy tc 4: Nu bn cho php mt ngi no y cc chng trnh ti website ca

bn. N s khng cn l website ca bn.

Quy tc 5: Cc mt khu d nhn c th lm hng h thng bo mt mnh.

Quy tc 6: Mt h thng ch c an ton nh s tin tng nh qun tr.

Quy tc 7: D liu c m ho ch nh cha kho gii m.

Quy tc 8: Mt h thng qut virus ht hn th cng cn tt hn khng c h thng dit

virus no.

Quy tc 9: Tnh trng du tn hon ton khng thc t.

Quy tc 10: Cng ngh khng phi l tt c


Phn II. FOOTPRINTING

1. Gii thiu

Trc tin, cc bn cn hiu khi nim Reconnaissance ! y l qu trnh thu thp cng

nhiu thng tin cng tt v mt mc tiu cn tn cng hay khai thc, c th l mt trang web

hay mt h thng my ch, router . Qu trnh ny bao gm 3 bc l Footprinting, Scanning

(qut li mt h thng t bn trong hay bn ngai) v Enumeration, y l 3 bc pre-attack ca

mt hacker m chng ta cn nh k cho qu trnh thc hnh penetration test. Trong

Footprinting l tin trnh u tin dng thu thp cc thng tin cn thit ca mt t chc thng

qua cc c s d liu cng khai nh cc thng tin v tn min ca t chc, danh bn in thai,

cc trang vng doanh nghip tm kim a ch, s in thai, a ch email ca cc b phn

.v.v. y l bc rt quan trng v cc attacker thng dnh ra n 90% thi gian tin hnh

thu thp thng tin, cn qu trnh tn cng ch din ra trong 10% trong ton b qu trnh. iu ny

cng ging nh bc chun b khi chng ta cn tin hnh trin khai mt cng vic no trong

qu trnh kinh doanh hay pht trin tng mi. Ging nh khi x th cn tiu dit mt mc tiu

th cc cng an m anh ta cn tin hnh l : Xc nh mc tiu, Nhm/Nhm cho tht k

& Bn. Trong qu trnh xc nh tm kim mc tiu v nhm bn chim nhiu thi gian nht

trong tan b tin trnh. Thng tin cng nhiu th c hi tn cng thnh cng cng cao.

tin hnh thu thp thng tin mt cch khoa hc, cc hacker/attacker cn thc hin theo mt

s nh sau:

1. Tm kim t cc ngun thng tin.

2. Xc nh cc dy a ch mng.

3. Xc nh cc my cn hat ng

4. Tm kim nhng port m (open port) hay im truy cp ca mc tiu (access point)

5. D tm h iu hnh ca mc tiu.

6. Tm kim cc dch v ang hat ng trn nhng port m.

7. Lp m hnh mng.

Trong 7 bc trn th bc 1 v 2 chinh l tin trnh Footprinting, cc bc cn li thuc giai


an scanning v enumeration. Tip theo chng ta s i vo phn tch chi tit cc bc trn v

nhng thao tc k thut cn tin hnh. Trong cng an u tin cc bn cn tn dng cc

ngun ti nguyn thc hin Footprinting

Thng tin tm kim:

Network Informations: Domain, Network blocks, IP, TCP hay UDP, System Enumeration,

ACLs, IDSes, v.v..

System Informations: OS, user and group name, system name, kin trc system, SNMP,

Routing

Organziation Informations: Tn cng ty, nhn vin, websites, a ch, s in thoi, Email lin

lc, cc kin thc lin quan n tnh hnh kinh doanh ca cng ty.

Cc ngun thng tin:

Cc ngun ti nguyn m l nhng d liu cng khai nh trang vng doanh nghip, danh bn

in thai.

Whois

Nslookup

Hacking Tool: Sam Spade, Visual Route, 3D Trace, Email Tracker Pro, Network-Tool

Trong qu trnh ny cng c tm kim Google lun l la chn s 1 ca cc attacker. Rt nhiu

ngun ti liu sp xp Google l mt trong nhng cng c hacking hng u ca cc hacker v

thm ch c c mt ti liu hng dn s dng Google tin Hacking gi l Google Hacke ca

Jonhny ti trang web http://johnny.ihackstuff.com

Internal URL:

Khi bit c tn domain ca cng ty, hacker c th tm ra cc my ch bn trong h thng

bng cch an nhng tn my ch thng dng nh mail.domainname.com, hay

www.domainname.com .

2. Cc kiu Footprinting

a. Ative Footprinting


Tip xc trc tip vi mc tiu tm kim thng tin v mc tiu nh: tn , a ch,

ch s hu, network , cng ty, nhn vin .vv..

Lin lc qua Email tm hiu cc thng tin c th.

Phng php ny i hi nhiu k nng giao tip, v k nng khai thc thng tin nu

nh bn c u c thm t th mi chuyn tr nn n gin rt nhiu.

b. Pasive Footprinting

Khc vi cc hnh thc thu thp thng tin trc tip th phng php thu thp thng tin b

ng cng rt c a chung. y l bin php tm kim thng tin v mc tiu t cc ngun

d liu min ph trn Internet thay v lin h trc tip vi cc nhn vin hay ngi dng ca t

chc. V d mt s trng hp thng tin cung cung trn web site khng p ng c yu cu

cc hacker c th s dng tnh nng Way Back Machine ca trang web

http://www.archive.org/index.php

Ngai ra, c mt s trang web cung cp cc thng tin c nhn nh http://people.yahoo.com

hay tm kim trn nhng trang tuyn dng nh Vietnamworks.Com hoc cc trang tuyn dng

quc t, s dng nhng trang tm kim thng tin c nhn mi nh Best People Search, AnyWho

v nhiu website khc.Bn cnh , cc hacker cn c th s dng nhng tin ch cung cp

bn trc tuyn nh Google Map hay Intelius.Com tm kim v tr ca c nhn hay t chc.

Chng ta cng tng nghe nguy c cc t chc khng b quc t s dng cc cng c ny xc

nh v tr tn cng trong hay hong gia Brunei b thn dn ca mnh s dng Google Earth

pht hin s t ai m h chim gi.

3. Phng php Footprinting

Tip theo chng ta s tm hiu v s dng cc cng c phc v cho mc ch thu thp thng

tin nh Whois hay Smart Whois trong qu trnh tm kim cc thng tin lin quan n domain

name. Tm v xc nh ng i n mt trang web hay my ch bng NeoTrace, Visual Route

hay 3D Trace Route. Tm kim cc a ch email theo ch hay domain name bng 1- eMail

Address Spider, xc nh ngun gc v ni gi email vi emailTrackerpro, s dng MetaSearch

Katoo Online Tool v nhiu cng c khc. Khi kt hp nhiu cng c th tnh chnh xc v cht

lng thng tin c nng cao, t l thnh cng khi tn cng v th cng c nng cao.

Internet footprinting

Competitive Intelligence Gathering L phng php thu thp

thng tin t cc ngun nh Internet v mt cng ty hay t chc no . Competitive

Intelligence


c th l sn phm hay mt tin trnh v d nh cc hnh ng thu thp v phn tch d liu,

xc

nhn thng tin.

Nhng cng c thng c s dng cho qu trnh Footprinting : Competitive Intelligence

Gathering nh :

Whois

ARIN

Nslookup

Neo Trace

VisualRoute Trace

SmartWhois

VisualLookout

eMailTrackerPro

Whois footprinting

Whois c cng c (nh SmartWhois) hay tin ch online www.whois.net dng thu thp

thng tin lin quan n mt tn min no bao gm ni hosting ca website, tn v a ch lin

lc ca ngi qun tr, a ch IP ca Web Server v cc my ch phn gii tn min DNS. y

l kt qu ca whois www.facebook.com

Creation Date (?)

1997-03-29

Expiration Date (?)

2020-03-29

Registrant (?)

Domain Administrator

Facebook, Inc.

1601 Willow Road

Menlo Park CA 94025


US

[email protected] +1.6505434800 Fax: +1.6505434800

Admin Contact (?)


Facebook, Inc.

1601 Willow Road

Menlo Park CA 94025

US


Tech Contact (?)


Facebook, Inc.

1601 Willow Road

Menlo Park CA 94025

US


Name Servers (?)

A.NS.FACEBOOK.COM

B.NS.FACEBOOK.COM

Registrar (?)

MARKMONITOR INC.

Status (?)

clientDeleteProhibited

clientTransferProhibited

clientUpdateProhibited

serverDeleteProhibited

serverTransferProhibited

serverUpdateProhibited

Updated Date (?)

2012-09-28

C s d liu ca Whois c chia lm 4 vng chnh l

ARIN (North America v sub-Saharan Africa)


APNIC (Asia Pacific)

LACNIC (Southern v Central America v Caribbean)

RIPE NCC (Europe v northern Africa)

Thng th ARIN Whois Database s c tm kim trc tin, nu khng tm thy thng tin

whois ca mt trang web trong ARIN th c th thng tin ny s c lu gi CSDL ca

APNIC,

LACNIC hay RIPE NCC. Cc bn c th s dng www.allwhois.com tin hnh tm kim

thng tin trn tt c cc co s d liu thuc cc vng khc nhau. Ngoi nhng trang web chuyn

cung cp nhng dch v whois th c nhiu cng c c th p ng c yu cu ny nh:

Sam Spade, Smart Whois, Netscan v GTWhois (Windows XP compatible),

www.geektools.com

Mt s h iu hnh nh Unix, Linux cung cp tin ch Whois tch hp trn h thng v s

dng nhng tin ch ny chng ta c th s dng lnh theo c phap nh sau:

whois -h hostname identifier v d whois -h whois.arin.net

V d sau l kt qu Whois Google.Com c tm kim t cc c s d liu ca internic.net :

Domain Name: GOOGLE.COM

Registrar: ALLDOMAINS.COM INC.

Whois Server: whois.alldomains.com

Referral URL: http://www.alldomains.com

Name Server: NS2.GOOGLE.COM




Status: REGISTRAR-LOCK

Updated Date: 03-oct-2002

Creation Date: 15-sep-1997


Expiration Date: 14-sep-2011

Cc tool thng s dng l : sam space, My IP Suite, CountryWhois, LanWhois, Arin

Database Search, Whois Lookup, AutoWhois. Vv..

DNS footprinting

Tm kim cc thng tin v DNS v Vic nghin cu n s gip chng ta phn bit r server m

chng ta ang tm c chc nng g.

A (address): nh x hostname thnh a ch IP.

SOA (Start of Authoriy): Xc nh bng ghi thng tin ca DNS Server.

CNAME (canonical name): Cung cp nhng tn bit danh (alias) cho tn

min ang c.

MX (mail exchange): Xc nh mail server cho domain

SRV (service): Xc nh nhng dch v nh nhng directory service

PTR (pointer): nh x a ch ip thnh hostname

NS (name server): Xc nh Name Server khc cho domain

Nslookup

Nslookup l chng trnh truy vn tn min trn Internet ca cc my ch, cc kt qu thu

c

t Nslookup c th c hacker s dng m phng cu trc DNS ca t chc, tm kim

thm

cc thng t in b sung v nhng my ch ni b hay thng tin MX record ca mail server.Trn

cc h thng Windows hay Linux/Unix u c cng c nslookup km theo. Ngoi ra chng ta

c

th s dng SamSpade tin hnh nslookup. Ngai vic tm kim cc thng tin v tn min

internet ca cc my ch th nslookup cn lmt cng c hu ch cho qu trnh chn an,

khc


phc v x l cc s c mng lin quan n vn phn gii tn min, truy cp internet ca

ngi dng hay kim tra h thng Active directory sau khi ci t...

V d sau l kt qu ca tin trnh s dng dng cng c nslookup trn Linux/Unix v my

ch

cracker.com:

$ nslookup

Default Server: cracker.com

Address: 10.11.122.133

Server 10.12.133.144

Default Server: ns.targetcompany.com

Address 10.12.133.144

set type=any

ls -d target.com

systemA 1DINA 10.12.133.147

1DINHINFO "Exchange MailServer"

1DINMX 10 mail1

geekL 1DINA 10.12.133.151

1DINTXT "RH6.0"

Hack Tools: Dnsmap, nslookup, DNS analyzer, DNS tool. V.vv

Network footprinting:

Traceroute l gi cng c c ci t sn trong hu ht cc h iu hnh. Chc nng ca n

l gi mt gi tin ICME Echo n mi hop (router hoc gateway), cho n khi n c ch.

Khi gi tin ICMP gi qua mi router, trng thi gian sng (Time To Live TTL) c tr i

xung mt mc. Chng ta c th m c c bao nhiu Hop m gi tin ny i qua, tc l

n c ch phi qua bao nhiu router. Ngoi ra, chng ta s thu c kt qua l nhng router

m gi tin i qua.


Mt vn ln khi s dng Traceroute l ht thi gian i (time out), khi gi tin i qua tng

la hoc router c chc nng lc gi tin. Mc d tng la s chn ng vic gi tin ICMP i

qua, nhng n vn gi cho hacker mt thng bo cho bit s hin din ny, k n vi k thut

vt tng la c th c s dng.

Note: nhng phng php k thut ny l phn ca tn cng h thng, chng ta s c tho

lun trong chng 4: System hacking.

Sam Spade v nhiu cng c hack khc bao gm 1 phin bn ca traceroute. Nhng h iu

hnh Window s dng c php tracert hostname xc nh mt traceroute. Hnh 2.5 l mt v

d v traceroute hin th vic theo di theo www.yahoo.com u tin s c mt qu trnh phn

gii tn min tm kim a ch cho Yahoo Web Server, v a ch ip ca server c tm thy

l 68.142.226.42. Bit a ch IP ny cho php hacker thc hin qu trnh qut ton b h thng

phc v cho cng vic tn cng. Chng ta s tm hiu v cc cng ngh qut (Scan) trong

chng tip theo.

Hnh 1: tracert yahoo.com

Hacking tools

Neo trace, Visualroute, v VisualLookout l nhng cng c c giao din ha thc hin

chc nng Traceroute.

Website footprinting:


Web Spoder l cng ngh thu thp nhng thng tin t internet. y l cch l spammer hoc

bt ai quan tm n email dng thu thp danh sch email hu dng. Web Spider s dng

nhng cu php, v d nh biu tng @, xc nh email hay, k n sao chp chng vo c

s d liu. D liu ny c thu thp phc v cho mt mc ch khc. Hacker c th s dng

Web Spider tng hp cc loi thng tin trn internet. C mt phng php ngn chn

Spider l thm file robots.txt trong thc mc gc ca website vi ni dung l danh sch cc th

mc cn s bo v. Bn s tm hiu ch ny trong phn ni v Web Hacking.

Hacking tool

1st email address spider v SpiderFoot l cng c cho php chng ta thu thp email t website

theo nhng tn min khc nhau. Nhng spammer s dng cng c ny tin hnh thu thp

hng lot email, phc v cho mc ch spam ca h.

Email footprinting:

E-mailtracking l chng trnh cho php ngi gi bit c nhng vic lm ca ngi

nhn nh reads, forwards, modifies, hay deletes. Hu ht cc chng trnh E-mailtracking hot

ng ti server ca tn min email. Mt file ha n bit c s dng nh km vo email

gi cho ngi nhn, nhng file ny s khng c c. Khi mt hnh ng tc ng vo email,

file nh km s gi thng tin li cho server cho bit hnh ng ca server. Bn thng thy

nhng file ny nh km vo email vi ci tn quen thuc nh noname, noread...

Hacking tool

Emailtracking pro v mailtracking.com l nhng cng c gip hacker thc hin chc nng

theo di email. Khi s dng cng c, tt c nhng hot ng nh gi mail, tr li, chuyn tip,

sa mail u c gi n ngi qun l. Ngi gi s nhn c nhng thng bo ny mt

cch t ng. Trong backtrack 5 c cng c mnh m c th footprinting l Maltego y l

mt cng c dng pht hin cc lin kt gia: Ngi s dng, c quan, t chc, website,

domain, di mng, a ch IP,

s dng n cn ng k mt ti khon, vic s dng Maltego rt d dng v c trc

qua ha bng giao din ha


Hnh 2: Maltego

Google Hacking

Google hacking thc hin nhng cng vic nh:

S dng b my tm kim truy tm thng tin ca i tng cn theo di.

o Cng l b my tm kim, vi nhng c php tm kim c bit c th gip

hacker tm thy nhng thng tin c bit c lin quan n bo mt, nh

username, computername, password, page logon

o S dng Google thc hin cc v tn cng


Google hacking basiccAnonymity with Caches

Chc nng Cache tht s l qu tuyt vi ca Google. Google lu li nhiu website m bn v

nhng ngi khc truy cp. Bt c khi no, bn u c th xem li trang web c lu trong b

nh cache ny ca google, ngay c khi n b xa khi server trn mng. V nh ni

Google Cache lu li mi th

.

Hnh 3:Mi th c lu trong cache

Google lu li mi d liu m n thu thp c. C n hng Tegabyte d liu web b r r

hng nm. Hacker c th li dng vo Google thc hin mt cuc tn cng n danh.

Bn ng mt thng tin ln website ca mnh. Mt thi gian khng lu sau , bn xa trang

i, v khng mun tin ny pht tn na. Th nhng mi ngi vn xem c nhng thng tin

do bn ng ln. H khng xem trc tip t website ca bn m xem trong b nh cache

ca Google.

Bn vo trang in thng tin c nhn khi ng k tham gia mt trang web bn hng trc tuyn.

Tht tai hai, khi thng tin ca bn c nh cung cp dch v bn hng ha l gi b mt, m

n vn b r r ra bn ngoi. Chuyn g xy ra? chnh l v bn b Google cache thng

tin ca bn li, khi bn vo xem trang thng tin ca mnh.

Ni tm li, nhiu thng tin nhy cm ca bn v ca cng ty, t chc c th b Google cache

li. V n lc no bn khng mun n xut hin trn internet na, th n li vn cn xut

hin thng qua b nh cache ca google.

Nu mt hacker tinh khn, anh ta c th tm thy nhiu thng tin hu ch lu trong b nh

cache ny


Tm kim th mc v tp tin c bit

l nhng th mc nh adminitrator, configuration, hay nhng file *.log, *.sys, *.conf

Nu mun tm nhng thc mc c bit nh th c th kt hp thm t kha intitle:

V d c php: intitle: index of admin hoc intitle: index of inurl: admin s cho chng ta

kt qu l nhng trang web c lin quan n trang qun tr ca website.

C php intile: index of ws_ftp.log s gip chng ta tm kim file ws_ftp.log

C rt nhiu vn v google hacking cn c khm ph. N l mt cng c tuyt vi m

cc hacker chuyn nghip cn khai thc.

4. Tng kt

Footprinting l mt phng php cng khai v tm kim ci thng tin hp php nn khng

c cch thc no pht hin v ngn chn n. Bc ny tm kim cc thng tin phc v

cho cc qu trnh lp t in d liu sau ny crack password rt hiu qu.


Phn III. SCANNING

1. Gii thiu

Nu footprinting l vic xc nh ngun thng tin ang u th scanning l vic tm ra tt c

cc cnh ca xm nhp vo ngun thng tin . Trong qu trnh footprinting, chng ta t

c danh sch dy mng IP v a ch IP thng qua nhiu k thut khc nhau bao gm whois v

truy vn ARIN. K thut ny cung cp cho nh qun tr bo mt cng nh hacker nhiu thng tin

co gi tr v mng ch, dy IP, DNS servers v mail servers. Trong chng ny, chng ta s xc

nh xem h thng no ang lng nghe trn giao thng mng v c th bt c qua vic s dng

nhiu cng c v k thut nh ping sweeps, port scan. Chng ta c th d dng vt tng la

bng tay (bypass firewalls) scan cc h thng gi s nh n ang b kha bi chnh sch trch

lc (filtering rules).

i tng ca Scanning:

Live System: Xc nh xem h thng m chng ta ang nhm ti c cn hot ng hay

khng. My tnh (host) ang qut c hot ng trn internet hay khng. a ch ip c

ang trong trng thy public.

Port: Mc tiu tip theo l xc nh cc port ang m. Vic xc nh port ny cho php

chng ta bit my tnh ang m cc dch v no. T xc nh c mc ch ca

cuc tn cng.

Operating System: Xc nh h iu hnh ang s dng trn my tnh mc tiu s gip

hacker tm ra cc l hng thng dng. Cc h iu hnh khng nhiu th t cng tim n

nhng l hng to iu kin cho k tn cng t nhp. Xc nh h iu hnh cn phi

xc nh phin bn ca n.

Service: Hiu r nhng dch v ang chy v lng nghe trn h thng ch. Phin bn

ca dch v no cng cha nhng li nh, m nu bit khai thc l nh th n khng

cn nh cht no.

IP Address: Khng ch c mt ip ca mt host, m chng ta cng cn xc nh dy a

ch mng, v nhng host khc c lin quan nh Default gateway, DNS Server


2. Chng nng

2.1. Tm cc host cn ang hot ng

Mt trong nhng bc c bn lp ra mt mng no l ping sweep trn mt dy mng v IP

xc nh cc thit b hoc h thng c ang hot ng hay khng. Ping thng c dng

gi cc gi tin ICMP ECHO ti h thng ch v c gng nhn c mt ICMP ECHO REPLY

bit h thng ang hot ng. Ping c th c chp nhn xc nh s lng h thng

cn sng c trong mng trong mng va v nh ( Lp C c 254 v B c 65534 a ch) v chng

ta c th mt hng gi, hng ngy hon thnh cho nhnh mng lp A 16277214 a ch.

2.2. Netword Ping Sweeps

Netword pinging l hnh ng gi cc loi ca giao thng mng ti ch v phn tch kt qu.

Pinging s dng ICMP (Internet Control Message Protocol). Ngoi ra, n cn s dng TCP hoc

UDP tm host cn sng. thc hin ICMP ping sweep, ta c th s dng fping, nmap,.

Fping a g 192.168.1.1 192.168.1.10

-a hin thi host ang sng: alive

-g dy a ch: 192.168.1.0/24

Hnh 4: Fping a g 192.168.1.1 192.168.1.10

Nmap sP PE 192.168.1.0/24

-sP: ping scan


-PE: ping echo

Hnh 5: Nmap sP PE 192.168.1.0/24

Phng chng: chng ta c th dng pingd gi tt c cc giao thng mng ICMP ECHO v

ICMP ECHO REPLY cp host. im ny t c bng cch g b s h tr ca vic x

l ICMP ECHO t nhn h thng. V mt c bn, n cung cp mt c ch iu khin truy cp

mc h thng.

2.3. Xc nh cc dch v ang chy hoc ang lng nghe

2.3.1. Port Scanning

Port scanning l qu trnh gi cc gi tin ti cng TCP v UDP trn h thng ch xc nh

dch v no ang chy hoc trong tnh trng ang lng nghe. Vic xc nh ang lng nghe l rt

quan trng xc nh cc dch v ang chy. Thm vo , chng ta c th xc nh loi v

phin bn h iu hnh ang chy v ng dng ang x dng.

2.3.2. Cc Loi Scan

Trc khi thc hin port scanning, chng ta nn im qua mt s cch thc qut sn c:

TCP Connect scan: loi ny kt ni ti cng ch v thc hin y quy trnh

bt tay ba bc (SYN, SYN/ACK, ACK). Tuy nhin iu ny th d dng b pht hin

bi h thng ch. N s dng li gi h thng thay cho cc gi tin sng (raw packets) v


thng c s dng bi nhng ngi dng Unix khng c quyn.V SYN Scan khng

th thc hin c.

CP SYN scan: n khng to ra mt kt ni ti ngun m ch gi gi tin

SYN(bc u tin trong ba bc to kt ni) ti ch. Nu a gi tin SYN/ACK c tr

v th chng ta bit c cng ang lng nghe. Ngc li, nu nhn c RST/ACK

th cng khng lng nghe. K thut ny kh b pht hin hn l TCP connect v n

khng lu li thng tin my tnh ch. Tuy nhin, mt trong nhng nhc im ca k

thut ny l c th to ra iu kin t chi dch v DoS nu c qu nhiu kt ni khng

y c to ra. V vy, k thut ny l an ton nu khng c qu nhiu kt ni nh

trn c to ra.

TCP ACK Scan: k thut ny c dng vch ra cc quy tt thit lp tng

la. n c th gip xc nh xem tng la l trnh trch lc cc gi tin n gin cho php

to kt ni hay l trnh trch lc nng cao. Tuy nhin n khng th phn bit c cng

no open hay closed.

TCP Windows Scan: Ging vi ACK Scan, im khc l n c th pht hin cng

open vi closed.

UDP Scan: k thut ny gi mt gi tin UDP ti cng ch. Nu cng ch tr li

vi thng ip ICMP port unreachable th cng closed. Nu khng nhn c thng

ip trn th cng trn ang m. Tuy nhin, UDP scan l mt qu trnh rt chp nu nh

chng ta c gng scan mt thit b no m c p chnh sch trch lc gi tin mnh.

TCP FIN, XMAS, NULL: chng chuyn nghip trong vic ln lt vt tng la

khm ph cc h thng pha sau. Tuy nhin, chng li ph thuc nhiu vo cch x

l ca h thng ch m(in hnh l Windows) th khng c biu hin g.

2.3.3. Cng c nmap

Nmap (Network Mapper) l mt tin ch ngun m min ph cho pht hin mng v kim ton

an ninh. Nhiu qun tr mng v h thng cng tm thy s hu ch cho cc cng vic nh kim

k mng li, dch v qun l lch trnh, v theo di thi gian hot ng dch v v my ch.

Nmap s dng cc gi tin IP th trong cc phng php mi xc nh host no c sn trn

mng, cc dch v (tn ng dng v phin bn) m host ang cung cp, h iu hnh g (v

cc phin bn h iu hnh) m h ang chy, loi b lc gi tin hoc tng la no ang s

dng, v nhiu c im khc. N c thit k scan nhanh chng cc mng ln, nhng ho.

Nmap chy c trn tt c cc h iu hnh, v cc gi nh phn chnh thc c sn cho Linux,

Windows, v Mac OS X.


Loi Nmap Scan M t

TCP connect K tn cng to kt ni TCP(full TCP) ti h thng ch

XMAS tree scan

Nhng k tn cng kim tra dch v TCP bng cch gi gi d liu

XMAS-tree. XMAS-tree c ngha l FIN,URG and PSH flag (ngha

ca flag gii thch phn sau).

SYN stealth scan

c gi l qut na m(haft-open scanning). Hacker gi 1 gi

SYN v nhn 1 gi SYN-ACK t server. l 1 cch tng hnh

v kt ni full TCP khng c m.

Null scan

y l mt cch qut tin tin c th i qua tng la m khng b

pht hin hay b sa i. Null (ch c dng nh lc hng

trong mt m) scan c tt c c hay khng thit lp. Null scan ch

hot ng trn h thng UNIX.

Windows scan y l loi qut tng t nh ACK scan v cng c pht hin cc

cng m.

ACK scan Loi qut c s dng vch ra cc quy tc tng la. Ch lm

vic trn UNIX.

Hnh 6: Cc kiu scan h tr trong nmap


Hnh 7: Cc ty chn trong nmap

Cch dng n gin nht, khng c t tham s: nmap 192.168.1.0/24


Hnh 8: nmap 192.168.1.0/24

Ph thuc vo phc tp ca mng ch v cc host, qu trnh qut c th d dng b pht

hin.Nmap cung cp kh nng lm gi a ch ngun vi ty chn Ddecoy. N c to ra

lm trn ngp ci site ch vi nhng thng tin gi mo. Th c bn nm pha sau ty chn ny

l chy scan gi cng lc vi scan tht. H thng ch s tr li trn cc a ch gi cng nh

scan port thc ca chng ta. V quan trng hn c l a ch gi phi cn sng. Ngc li, qu

trnhscan vi SYN v dn n iu kin t chi dch v

Nmap sSPE 192.168.1.0/24 D 10.10.10.1


Hnh 9: Nmap sSPE 192.168.1.0/24 D 10.10.10.1

2.3.4. Zenmap

y l mt cng c h tr ha ca nmap

Giao din chnh chng trnh

Hnh 10: Giao din chnh


Cch s dng :

Target : a ch mc tiu cn qut

Profile : cc tnh nng cn qut

Hnh 11: Mc tiu v Profile

Sau khi nhp a ch qut v chon cc profile cn thit ta nhn Scan tip qut mc tiu.

Hnh 12: Kt qu scan


Sauk hi qut xong ta c th xem kt qu ca qu trnh qut trong cc option ca n.

2.4. Qut li h thng

Qut li h thng l qu trnh ch ng xc nh cc l hng ca h thng my tnh trn

mng. Thng thng, mt my qut l hng u tin xc nh cc h iu hnh v s phin

bn, bao gm cc gi dch v c th c ci t. Sau , my qut l hng xc nh cc

im yu, l hng trong h iu hnh.Trong giai on tn cng sau , mt hacker c th

khai thc nhng im yu t c quyn truy cp vo h thng.

Mt h thng pht hin xm nhp (IDS) hay mt mng an ninh tinh vi chuyn nghip vi

cc cng c thch hp c th pht hin cc hot ng port-scanning. Cc cng c d qut

cng TCP/IP tm kim cc cng m v a ch IP, v l hng thng c th b pht hin, v

cc my qut phi tng tc vi h thng ch trn mng.

1.1.1. Cng c nessus

1) Download phin bng Nessus dnh cho Windows ti a ch

http://www.nessus.org/

2) ng k 1 key min ph t website ca Nessus ti

http://www.nessus.org/plugins/index.php?view=register dng cp nht cc

li mi cho Nessus Server

3) Mt key active s c gi v a ch email m bn ng k

4) Nhp key ng k c ca bc 2 vo Activation Code -> Register trc

khi tin hnh cp nht

5) Nhn vo Update Plugins tin hnh cp nht cc li mi cho Nessus

Server

6) Sau khi ci t xong https://localhost:8834/ khi ng


Hnh 13: Giao din ng nhp nessus

7) Sauk hi ng nhp n s nh sau

Hnh 14: Giao din Scan


sacan mc tiu chn ta Nhn vo Add sau mn hnh s xut hin

in tn mc tiu chn Policy cn scan sau nhp a ch ip mc tiu, c th nhp mt lc

nhiu mc tiu, hoc c th dung file text lu dang sch mc tiu cn scan.

Hnh 15: Giao din Scan mc tiu chn

Hnh 16: Kt qu v cc li ca h iu hnh c lc exploit


Cc li trn y c th dung metasploit trong backtrack5 khai thc. Phn Demo s trnh by

qu trnh khai thc li MS08_067.

Hnh 17: Li MS08_067


Phn IV. ENUMERATION

Phn I. Gii thiu

Enumeration (Lit k) l bc tip theo trong qu trnh tm kim thng tin ca t chc, xy ra

sau khi scanning v l qu trnh tp hp v phn tch tn ngi dng , tn may,ti nguyn chia

s v cc dch v . N cng ch ng truy vn hoc kt ni ti muc tiu co c nhng thng

tin hp l hn. Enumeration (lit k) c th c nh ngha l qu trnh trch xut nhng thng

tin c c trong phn scan ra thnh mt h thng c trt t. Nhng thng tin c trch xut

bao gm nhng th c lin quan n mc tiu cn tn cng, nh tn ngi dng (user name), tn

my tnh (host name), dch v (service), ti nguyn chia s (share).Nhng k thut lit k c

iu khin t mi trng bn trong. Enumeration bao gm c cng on kt ni n h thng v

trc tip rt trch ra cc thng tin. Mc ch ca k thut lit k l xc nh ti khon ngi dng

v ti khon h thng c kh nng s dng vo vic hack mt mc tiu . Khng cn thit phai tim

mt tai khoan quan tri vi chng ta c th tng tai khon ny ln n mc co c quyn nht

cho phep truy cp vao nhiu tai khoan hn a cp trc y.

Cc k thut c s dng trong lit k c th k ra nh:

K thut Win2k Enumeration : dng trch xut thng tin ti khon ngi dng (user

name).

K thut SNMP (Simple Network Management Protocol) lit k thng tin ngi dng.

K thut Active Directory Enumeration dng trong lit k h thng Active Directory.

S dng Email IDs tm kim thng tin.

Tt c nhng k thut ny chng ta s ln lt i vo tho lun trong nhng phn sau.

Phn II. Enumerating cc dch v mng

II.1. Http fingerprinting

Telnet

TELNET (vit tt ca TerminaL NETwork) l mt giao thc mng (network protocol) c

dng trn cc kt ni vi Internet hoc cc kt ni ti mng my tnh cc b LAN. Ti liu ca

IETF, STD 8, (cn c gi l RFC 854 v RFC 855) c ni rng: Mc ch ca giao thc

TELNET l cung cp mt phng tin truyn thng chung chung, c tnh lng truyn, dng

rng 8 bit, nh hng byte. TELNET l mt giao thc khch-ch (client-server protocol), da


trn nn TCP, v phn khch (ngi dng) thng kt ni vo cng 23 vi mt my ch, ni

cung cp chng trnh ng dng thi hnh cc dch v. S dng telnet tm hiu thng tin t

cng dch v ang m, s dng cng c t xa ly thng tin thng qua cng telnet m hu ht

cc h iu hnh iu h tr.

telnet www.google.com 80

Hnh 18: Telnet www.google.com 80

Netcat

L mt tool cho php ghi v c data thng qua giao thc TCP v UDP. Netcat c th s dng

nh port scanner, backdoor, port redirecter, port listener, S dng netcat bng dng lnh: -

Ch kt ni : nc [-ty_chn] tn_my cng1[-cng2] - Ch lng nghe: nc -l -p cng [-

ty_chn] [tn_my] [cng] V d: Ly banner ca Server: nc n 192.168.1.5, cng 80 Qut

cng chy netcat vi ty chn -z. V d scan cc cng TCP(1->500) ca host 192.168.1.5

Open SSL

L s n lc hp tc nhm pht trin b m ngun m vi y tnh nng, c trin khai

trn giao thc SSL (version 2 v version 3) vgiao thc TSL(version 1) c qun l bi cng

ng nhng ngi tnhnguyn trn ton th gii s dng Internet kt ni v pht trin b

OpenSSL v cc ti liu c lin quan. Hu ht cc phn mm nh IMAP&POP, Samba,


OpenLDAP, FTP,Apache v nhng phn mm khc u yu cu cng vic kim tra tnh xcthc

ca ngi s dng trc khi cho php s dng cc dch v ny. Nhngmc nh vic truyn ti

s xc minh thng tin ngi s dng v mt khu(password) dng vn bn thun ty nn c

th c c hoc thay i bimt ngi khc. K thut m ha nh SSL s m bo tnh an

ton v nguynvn ca d liu, vi k thut ny thng tin truyn trn mng dng im niim

c m ha. Mt khi OpenSSL c ci t trn Linux server chng ta c th s dng n

nh mt cng c th ba cho php cc ng dngkhc dng tnh nng SSL

OpenSSL l mt b cng c mt m trin khai trn giao thc mng SSLv TLS v cc chun

mt m c lin quan. Chng trnh OpenSSL l mt cng c dng lnh s dng cc chcnng

mt m ca cc th vin crypto ca OpenSSL t nhn. OpenSSL c cc th vin cung cp cc

chc nng mt m cho cc ngdng nh an ton webserver. L phn mm m ngun m , c th

s dng c cho c mc ch thng mi v phi thng mi vi tnh nng m ho mnh trn

ton th gii, h tr cc giao thc SSLv2 v SSLv3 v TLSv1, cho c php m ho RSA v

Diffie-Hellman, DSO. H tr cho OpenSSL v RSArefUS, nng cao kh nng x l cm mt

khu i vi kho ring .Chng ch X.509 da vo xc thc cho c pha client v server, H tr

danh sch thu hi chng ch X.509, kh nng ti iu chnh i vi mi URL ca cc tham s

bt tay SSL.

II.2. DNS Enumeration

DNS Enumeration l qu trnh nh v tt c cc my ch DNS v tng ng ca h h s cho

mt t chc. Mt cng ty c th c c hai ni b v bn ngoi my ch DNS c th mang li

thng tin nh tn ngi dng, tn my tnh, v a ch IP ca h thng mc tiu tim nng. Hin

c rt nhiu cc cng c c th c s dng c c thng tin cho thc hin DNS lit k.

Cc v d v cc cng c c th c s dng lit k DNS nslookup, DIN, Registry M cho

s Internet (ARIN), v Whois. k khai DNS, chng ta phi c s hiu bit v DNS v lm th

no n hot ng. Chng ta phi c kin thc v cc bn ghi DNS. Danh sch cc bn ghi DNS

cung cp mt ci nhn tng quan cc loi bn ghi ti nguyn (c s d liu h s) c lu gi

trong cc tp tin khu vc ca tn min System (DNS). DNS thc hin mt c s d liu phn

tn, phn cp, v d phng thng tin lin kt vi cc tn min Internet v a ch. Trong nhng

min my ch, cc loi h s khc nhau c s dng cho cc mc ch khc nhau. Danh sch

sau y m t bn ghi DNS ph bin cc loi v s dng ca h: A (a ch)-Bn mt tn my

ch n mt a ch IP SOA (Start of Authority)-Xc nh my ch DNS c trch nhim cho cc

tn min thng tin CNAME (tn kinh in)-Cung cp tn hoc b danh cho a ch ghi MX (th

trao i) Xc nh cc my ch mail cho tn min SRV (dch v)-Nhn dng cc dch v nh

dch v th mc PTR (pointer)-Bn a ch IP lu tr tn NS (tn my ch)-Xc nh my

ch tn khc cho tn min DNS Zone Transfer thng c s dng ti to d liu DNS trn

mt s my ch DNS, hoc sao lu cc tp tin DNS. Mt ngi s dng hoc my ch s

thc hin mt yu cu chuyn giao khu vc c th t mt name server.Nu my ch tn cho


php di chuyn vng xy ra, tt c cc tn DNS v IP a ch lu tr bi cc my ch tn s c

tr li trong vn bn ASCII con ngi c th c c.

Nslookup

Ta cng c th dng lnh trc tip nh sau: Nslookup type=any google.com.vn Type l loi

dch v mng, nh lit k trn: NS(nameserver), MX(mail exchange), any(tt c).

Hnh 19: Nslookup

II.2.1. Netbios name

NetBIOS l mt t vit tt cho mng Basic Input / Output System. N cung cp cc dch v

lin quan n lp phin ca m hnh OSI cho php cc ng dng trn cc my tnh ring giao

tip qua mt mng cc b. Tht s nh mt API, NetBIOS khng phi l mt giao thc mng.

H iu hnh c hn chy NetBIOS trn IEEE 802,2 v IPX / SPX s dng tng ng giao thc

Frames NetBIOS (NBF) v NetBIOS trn IPX / SPX (NBX) . Trong cc mng hin i,

NetBIOS bnh thng chy trn giao thc TCP / IP thng qua NetBIOS qua giao thc TCP / IP

(NBT) .iu ny dn n tng my tnh trong mng c c mt tn NetBIOS v mt a ch IP

tng ng vi mt (c th khc nhau) tn my ch. NetBIOS name l c ch t tn cho cc ti

nguyn trong 1 h thng theo khng gian phng (khng c khi nim phn cp).


Phn V. SYSTEM HACKING

1. Gii thiu

Trong cc chng trc, chng ta kho st qua qu trnh thu thp thng tin ca mc tiu

cn tn cng. Nhng k thut nh Footprinting, Social engineering, Enumeration, Google

Hacking c p dng cho mc ch truy tm thng tin.

n chng ny, bn bt u i vo qu trnh tn cng h thng tht s. Mc tiu ca bn by

gi l r trc mt, bn phi tin hnh nhng k thut khc nhau lm sao vo c trong

h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy chng trnh

trojan, keylogger

1.1. Qu trnh tn cng h thng

Trc khi tip tc ni v System Hacking chng ta dnh cht thi gian cho vic tm hiu

mt qu trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh.

Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng

on nh sau:


Hnh 20: Tng quan tn cng h thng

1. Pre-Attack: Bao gm ba bc Footprinting, Scanning, Enumeration trch ra

tt c nhng thng tin c th v user trong h thng. S dng phng php thm d c

c nhng thng tin hu ch, chnh xc hn. Bn tm hiu v phng php trong

phn trc.

2. Crack: Cng on ny c l hp dn nhiu hacker nht. Bc ny yu cu chng

ta b kha mt khu ng nhp ca user. Hoc bng mt cch no khc, mc tiu phi t

ti l quyn truy cp vo h thng.

3. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy cp t user binh

thng ln admin hoc user c quyn cao hn cho chng ta tn cng.

4. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc

malware, keylogger, rootkit chy n trn my tnh tn cng.

5. Hide (n file): Nhng file thc thi, file soucecode chy chng trnhcn phi

c lm n i, trnh b mc tiu pht hin tiu dit.

6. Tracks (du vt): Tt nhin khng phi l li du vt. Nhng thng tin c lin

quan n bn cn phi b xa sch, khng li bt c th g. Nu khng kh nng bn b

pht hin l k t nhp l rt cao.

Trong chng ny, bn s cng tri qua nhng cng ngh thc hin cc bc trn tn cng

h thng. Qua chng ta s a ra nhng gii php chng li tn cng . Phn

Enumeration c tho lun trong chng trc, nn s khng cp trong phn ny.


2. Cracking Passwords

2.1. Mt khu v cc kiu tn cng mt khu

Mt vi kiu password dng truy cp vo h thng. Cc k t dng lm mt khu c th ri

vo cc trng hp sau.

Ch l ch ci. VD: ABCDJ

Ch l s. VD: 457895

Ch l nhng k t c bit. VD: #$^@&*

Ch ci v s. VD: asw04d5s

Ch l s v k t c bit. VD: #$345%4#4

Ch ci ,s, v k t c bit. VD: P@ssw0rd

mnh ca mt khu ph thuc vo kh nng nhy cm ca hacker. Quy tc sau y,

ngh ca Hi ng EC, phi c p dng khi bn to mt mt khu, bo v n chng li cc

cuc tn cng.

Khng cha tn ti khon ngi dng

Ngn nht phi 8 k t

Phi cha cc k t t t nht ba trong s cc loi sau

o C cha cc k t c bit/

o Cha ch s.

o Ch ci vit thng

o Ch ci vit hoa.

Mt hacker dng cc cch tn cng khc nhau tm password v tip tc truy cp vo h

thng. Cc kiu tn cng password thng dng sau:


Hnh 21: Cac phng php Crack password

Passive Online: Nghe trm s thay i mt khu trn mng. Cuc tn cng th

ng trc tuyn bao gm: sniffing, man-in-the-middle, v replay attacks (tn cng da

vo phn hi)

Active Online: on trc mt khu ngui qun tr. Cc cuc tn cng trc tuyn

bao gm vic on password t ng.

Offline: Cc kiu tn cng nh Dictionary, hybrid, v brute-force.

Non-Electronic: Cc cuc tn cng da vo yu t con ngi nh Social

engineering, Phising

2.2. Passive Online Attacks

Mt cuc tn cng th ng trc tuyn l nh hi (sniffing) tm cc du vt, cc mt khu

trn mt mng. Mt khu l b bt (capture) trong qu trnh xc thc v sau c th c so

snh vi mt t in (dictionary) hoc l danh sch t (word list). Ti khon ngi dng c mt

khu thng c bm (hashed) hoc m ha (encrypted) trc khi gi ln mng ngn chn

truy cp tri php v s dng. Nu mt khu c bo v bng cch trn,mt s cng c c bit

gip hacker c th ph v cc thut ton m ha mt khu

2.3. Active Online Attacks

Cch d nht t c cp truy cp ca mt qun tr vin h thng l phi on t n

gin thng qua gi nh l cc qun tr vin s dng mt mt khu n gin. Mt khu on l

tn cng. Active Online Attack da trn cc yu t con ngi tham gia vo vic to ra mt khu

v cch tn cng ny ch hu dng vi nhng mt khu yu.


Khi chng ta tho lun v cc giai on Enumeration, bn hc c nhng l hng ca

NetBIOS Enumeration v Null Session. Gi s rng NetBIOS TCP m port 139, phng php

hiu qu nht t nhp vo Win NT hoc h thng Windows 2000 l on mt khu. Ci ny

c thc hin bng cch c gng kt ni n h thng ging nh mt qun tr vin thc hin.

Ti khon v mt khu c kt hp ng nhp vo h thng.

Mt hacker, u tin c th th kt ni vi ti nguyn chia s mc nh l Admin$, C$ hoc

C:\Windows. kt ni ti cc a my tnh, a chia s, g lnh sau y trong Start > Run:

\\ ip_address \ c$

Cc chng trnh t ng c th nhanh chng to ra file t in, danh sch t, hoc kt hp tt

c c th c ca cc ch ci, s v k t c bit v c gng ng nhp vo. Hu ht cc h

thng ngn chn kiu tn cng ny bng cch thit lp mt s lng ti a ca cc n lc ng

nhp vo mt h thng trc khi ti khon b kha. (v d khi bn ng nhp vo mt trang web

m bn nhp sai password 5 ln th ti khon bn t ng b kha li 1 ngy)

Trong cc phn sau, chng ta s tho lun lm th no hacker c th thc hin vic t ng

on mt khu cht ch hn, cng nh cc bin php i ph vi cc cuc tn cng nh vy.

Performing Automated Password Guessing: (T ng on Mt Khu)

tng tc on ca mt khu, hacker thng dng cng c t ng. Mt cch c qu

trnh, d dng t ng on mt khu l s dng ca s lnh da trn c php chun ca lnh

NET USE. to ra mt kch bn n gin cho vic on mt khu t ng, thc hin cc bc

sau y:

1. To ra mt tn ngi dng n gin v tp tin mt khu bng cch s dng cc ca s notepad. Dng cc dng lnh to ra danh sch cc t in. V sau lu vo

cc tp tin vo a C, vi tn l credentials.txt

2. S dng lnh FOR

C:\> FOR /F token=1, 2* %i in (credentials.txt)

3. G lnh

net use \\targetIP\IPC$ %i /u: %j

s dng file credentials.txt c gng logon vo h thng chia s n trn h thng mc tiu


2.4. Offline Attacks

Cuc tn cng Offline c thc hin ti mt v tr khc hn l hnh ng ti my tnh c

cha mt khu hoc ni mt khu c s dng. Cuc tn cng Offline yu cu phn cng

truy cp vt l vo my tnh v sao chp cc tp tin mt khu t h thng ln phng tin di

ng. Hacker sau c file v tip tc khai thc l hng bo mt. Bng sau minh ha vi loi

hnh tn cng offline:

Type of Attack Characteristics Example Password

Dictionary attack N lc s dng mt khu t t

in

Administrator

Hybrid attack

Thay th mt vi k t ca mt

khu

Adm1n1strator

Brute-force-attack Thay i ton b k t ca mt

khu

Ms!tr245@F5a

Hnh 22: Cc kiu tn cng Offline


2.4.1. Dictionary Attack

L cch tn cng n gin v nhanh nht trong cc loi hnh tn cng. N c s

dng xc nh mt mt khu t thc t, v mt khu c th c tm thy trong t

in. Thng thng nht, cuc tn cng s dng mt tp tin t in cc t c th, sau

s dng mt thut ton c s dng bi qu trnh xc thc. Cc hm bm (hash) ca cc

t trong t in c so snh vi hm bm ca mt khu ngi dng ng nhp vo,

hoc vi cc mt khu c lu tr trong mt tp tin trn my ch. Dictionary Attack ch

lm vic nu mt khu l mt thc th c trong t in. Nhng kiu tn cng ny c mt

s hn ch l n khng th c s dng vi cc mt khu mnh c cha s hoc k hiu

khc .

2.4.2. Hybrid Attack

L cp tip theo ca hacker, mt n lc nu mt khu khng th c tm thy bng

cch s dng Dictionary Attack. Cc cuc tn cng Hybrid bt u vi mt tp tin t in

v thay th cc con s v cc k hiu cho cc k t trong mt khu. V d, nhiu ngi s

dng thm s 1 vo cui mt khu ca h p ng yu cu mt khu mnh. Hybrid

c thit k tm nhng loi bt thng trong mt khu.

2.4.3. Brute Force Attack

L mt cuc tn cng bng thut ton brute-force, m mi c gng kt hp c th c

ca ch hoa v ch thng, ch ci, s, v biu tng. Mt cuc tn cng bng thut

ton brute-force l chm nht trong ba loi tn cng v c th kt hp nhiu k t trong

mt khu. Tuy nhin, cch ny c hiu qu, cn c thi gian v sc mnh x l tt c.

2.4.4. Noneelectronic Attacks

Cc cuc tn cng nonelectronicor l cuc tn cng m khng s dng bt k kin thc

k thut no. Loi tn cng c th bao gm cc k thut nh social engineering, shoulder

surfing, keyboard sniffing, dumpster diving.


2.5. K Thut Crack Password

C rt nhiu hacker n lc trong vic b kha password. Passwords l chic cha kha, thng

tin cn thit truy cp h thng. User, khi m h to ra password thng l nhng password

kh on. Nhiu password c ti s dng hoc chn mt k t, hoc l mt tn no gip h

d nh n. Bi v yu t con ngi nn c rt nhiu password c b gy thnh cng. N l

im mu cht ca qu trnh leo thang, thc thi ng dng, n file, v che du thng tin. Password

c th c b th cng hoc tm trong t in.

2.5.1. Crack password th cng lin quan n vic c gng ng nhp vi mt

password khc. Cc bc m hacker tin hnh:

1. Tm ti khon ngi dng (c th l ti khon administractor hoc khch)

2. To ra mt danh sch cc mt khu c th

3. Xp hng cc mt khu c xc xut t cao xung thp

4. Mc quan trng ca mt khu.

5. C gng lm i lm li cho n khi no b password thnh cng

Hnh 23: Cc bc cack password th cng

Mt hacker c gng to ra tp tin kch bn vi mi password trong danh sch. Nhng y

ch l cch th cng, n thng tn nhiu thi gian v khng hiu qu. tng hiu qu,

hacker c th s dng nhng cng c h tr cho vic truy tm mt khu mt cch t ng.

Mt cch hiu qu hn ph mt khu l truy cp vo cc tp tin mt khu trn h thng.

Hu ht cc mt khu c m ha lu tr trong h thng. Trong lc ng nhp vo h

thng, password do ngi dng nhp vo thng c m ha bng cc thut ton v sau

so snh vi password c lu trong file. Mt hacker c th c gng truy cp vo server

ly file, bng cc thut ton thay v c gng on hoc nu khng xc nh c password.

Nu hacker thnh cng, h c th gii m password lu tr trn server.

Mt khu c lu trong file SAM trn Windows v trong file Shadow trn Linux


2.6. Mt s tool trong Backtrack 5

Trong backtrack 5 h tr rt nhiu tool crack password, mi cng c u c mt u im ring

ca n. Di y ti s gii thiu mt s cng c dng crack password.

2.6.1. John The RIPPER

Bc 1: Vo terminal g : cd /pentest/passwords/john

Hnh 24: John the Riper

C php v cc options ca John , c rt nhiu options thc hin vic crackpass bng John,

vic chn cc options thch hp s lm cho qu trnh crack nhanh v hiu qu hn.

nh dng password cha trong file crackme.txt:

Admin: c422eba026e71063e891d9e6918d57f2


Hnh 25: Cc options ca John

V d crack file crackme.txt

John --format=raw-md5 --incremental=alpha /root/Desktop/crackme.txt


Hnh 26: crack MD5 daicavi

Crack vi Dictionary attack wordlist.txt kt qu thng thc hin rt nhanh, nu nh password

c trong t in, nu khng c th ta phi thc hin vt cn pass hoc b sung t in.

John wordlist=passwordlist.lst /root/Desktop/dic.txt

Hnh 27: Pass user :123456


Hnh 28: Crackfile


2.6.2. Findmyhash

Findmyhash l cng c hack password online

Hnh 29: Findmyhash

C php: python ./findmyhash.py OPTIONS

Cc options ca findmyhash l:

-h Crack mt gi tr hash

-f Crack file name

-g nu khng tm thy gi tr th tm kim trn google v show ra kt qu, ch lm vic vi

option -h.

V d: c mt on c3e63f9ce2f6947593285edf66c80fe7

Python ./findmyhash.py MD5 h c3e63f9ce2f6947593285edf66c80fe7

C file mycrack.txt lu tr cc on m MD5 cn crack


Python ./findmyhash,py MD5 f mycrack.txt

2.6.3. Hydra

Hydra l mt cng c b kha ng nhp mng rt nhanh, h tr nhiu giao thc v dch v

khc nhau. Hydra l trnh b kha ng nhp xong xong, ngha l n chy nhiu tc v cung mt

lc qu trnh b kha c nhanh hn. Cng c ny cho php cc nh nghin cu v chuyn

gia bo mt c th trnh by mc d dng chim quyn truy cp khng xc thc t xa ti

h thng no .

C php chung ca Hydra l: Hydra [[-l LOGIN|-L FILE] [-p PASSWORD|-P FILE]]|[-

C FILE]] [-t task] [-w wait] [server server | IP] [service://server[:port]]

hydra f L login.txt P password.txt 192.168.10.1 http-get http://192.168.10.1 Trong : -f: finish:tm c cp username v password hp l u tin s kt thc -L: file username (-l username) -P: file password (-p password) 192.168.1.1: a ch ip cn b kha mt khu ng nhp http-get: dch v http cng 80 (http c thay th bng http-get v http-head)

http://192.168.1.1 l trang web cn cho qu trnh crack.

3. Escalating Privileges

Leo thang c quyn l bc th ba trong chu trnh Hacking System, leo thang c quyn v

c bn c ngha l thm nhiu quyn hn hoc cho php mt ti khon ngi dng thm quyn,

leo thang c quyn lm cho mt ti khon ngi dng c quyn nh l ti khon qun tr.

Ni chung, cc ti khon qun tr vin c yu cu mt khu nghim ngt hn, v mt khu ca

h c bo v cht ch hn. Nu khng th tm thy mt tn ngi dng v mt khu ca mt

ti khon vi quyn qun tr vin, mt hacker c th chn s dng mt ti khon vi quyn thp

hn. Ti trng hp ny, cc hacker sau phi leo thang c quyn c nhiu quyn nh

quyn ca qun tr.

Ci ny c thc hin bng cch nm ly quyn truy cp bng cch s dng mt ti khon

ngi dng khng phi l qun tr vin. Thng bng cch thu thp cc tn ngi dng v mt

khu thng qua mt bc trung gian gia tng cc c quyn trn ti khon vi mc qun

tr vin.

Mt khi hacker c mt ti khon ngi dng hp l v mt khu, cc bc tip theo l

thc thi cc ng dng ni chung hacker cn phi c mt ti khon c quyn truy cp cp qun tr

vin ci t chng trnh. l l do ti sao leo thang c quyn l rt quan trng. Trong cc

phn k tip , chng ti s xem nhng g hacker c th lm vi h thng ca bn mt khi h c

quyn qun tr.

4. Executing Applications


Mt khi hacker c th truy cp ti khon vi quyn qun tr, iu tip theo cn lm l thc

thi cc ng dng trn h thng ch. Mc ch ca vic thc thi ng dng c th ci t mt ca

sau trn h thng, ci t mt keylogger thu thp thng tin b mt, sao chp cc tp tin, hoc

ch gy thit hi c bn cho h thng, bt c iu g hacker mun lm trn h thng.

Mt khi hacker c th thc thi cc ng dng, h thng ph thuc vo s kim sot ca hacker.

5. Hiding Files

Mt hacker c th mun che du cc tp tin trn mt h thng, ngn chn b pht hin, sau

c th c dng khi ng mt cuc tn cng khc trn h thng. C hai cch n cc

tp tin trong Windows.

u tin l s dng lnh attrib. n mt tp tin vi lnh attrib, g nh sau ti du nhc lnh:

attrib +h + R [file/directory]

m mt tp tin n vi lnh attrib, g nh sau ti du nhc lnh:

attrib -h - R [file/directory]

Cch th hai n mt tp tin trong Windows l vi lung d liu xen k NTFS (alternate

data streaming - ADS).

5.1. NTFS File Streaming

NTFS s dng bi Windows NT, 2000, v XP c mt tnh nng gi l ADS cho php d liu

c lu tr trong cc tp tin lin kt n mt cch bnh thng, c th nhn thy c tp tin.

Streams khng gii hn v kch thc, hn na mt stream c th lin kt n mt file bnh

thng.

to v kim tra NTFS file stream, ta thc hin cc bc sau:

1. Ti dng lnh, nhp vo notepad test.txt

2. t mt s d liu trong tp tin, lu tp tin, v ng notepad

3. Ti dng lnh, nhp dir test.txt v lu kch thc tp tin

4. Ti dng lnh, nhp vo notepad test.txt:hidden.txt thay i mt s ni dung

vo Notepad, lu cc tp tin, v ng n li.

5. Kim tra kch thc tp tin li (ging nh bc 3).

6. M li test.txt. bn ch nhn thy nhng d liu ban u.


7. Nhp type test.txt:hidden.txt ti dng lnh mt thng bo li c hin th.

The filename, directory name, or volume label syntax is incorrect.

6. Cover Your Tracks & Erase Evidence

Cover Your Tracks & Erase Evidence: Che du thng tin v xa b du vt

Mt khi k xm nhp thnh cng, t c quyn truy cp qun tr vin trn mt h thng,

c gng che du vt ca chng ngn chn b pht hin. Mt hacker cng c th c gng

loi b cc bng chng hoc cc hot ng ca h trn h thng, ngn nga truy tm danh tnh

hoc v tr ca c quan hacker. Xa bt k thng bo li hoc cc s kin an ninh c lu

li, trnh pht hin.

Trong cc phn sau y, chng ti s xem xt vic v hiu ha kim ton (auditing) v xa b

cc bn ghi s kin (event log), l hai phng php c s dng bi hacker bao bc du

vt v trnh b pht hin.

Auditing l tnh nng ghi li Event Log. Windows Event Viewer l chng trnh dng qun

l Auditing trn windows.

6.1. V hiu ha Auditing

Nhng vic lm u tin ca k xm nhp sau khi ginh c quyn qun tr l v hiu ha

auditing. Auditing trong Windows ghi li tt c cc s kin nht nh Windows Event Viewer. S

kin c th bao gm ng nhp vo h thng, mt ng dng, hoc mt s kin. Mt qun tr vin

c th chn mc ghi nht k trn h thng. Hacker cn xc nh mc ghi nht k xem

liu h cn lm g xa nhng du vt trn h thng.

Hacking tools

auditPol l mt cng c c trong b Win NT dnh cho cc qun tr ti nguyn h thng. Cng

c ny c th v hiu ha hoc kch hot tnh nng kim ton t ca s dng lnh. N cng c

th c s dng xc nh mc ghi nht k c thc hin bi mt qun tr vin h thng.

6.2. Xa Nht K X Kin

Nhng k xm nhp c th d dng xa b cc bn ghi bo mt trong Windows Event Viewer.

Mt bn ghi s kin c cha mt hoc mt vi s kin l ng ng bi v n thng cho thy

rng cc s kin khc b xa. Vn cn cn thit xa cc bn ghi s kin sau khi tt

Auditing, bi v s dng cng c AuditPol th vn cn s kin ghi nhn vic tt tnh nng

Auditing.


Hacking Tools

Mt s cng d xa cc bn ghi s kin, hoc mt hacker c th thc hin bng tay trong

Windows Event Viewer.

Tin ch elsave.exe l mt cng c n gin xa cc bn ghi s kin.

Winzapper l mt cng c m mt k tn cng c th s dng xa cc bn ghi s kin,

chn lc t cc ca s ng nhp bo mt trong nm 2000. Winzapper cng m bo rng khng

c s kin bo mt s c lu li trong khi chng trnh ang chy.

Evidence Eliminator l mt trnh xa d liu trn my tnh Windows. N ngn nga khng

cho d liu tr thnh file n vnh vin trn h thng. N lm sch thng rc, b nh cache

internet, h thng tp tin, th mc temp Evidence Eliminator cng c th c hacker s dng

loi b cc bng chng t mt h thng sau khi tn cng.

Tng Kt

Hiu c tm quan trng ca bo mt mt khu. Thc hin thay i mt khu trong khong

thi gian no , mt khu nh th no l mnh, v cc bin php bo mt khc l rt quan trng

i vi an ninh mng.

Bit cc loi tn cng mt khu khc nhau. Passive online bao gm sniffing, man-in-the-

middle, v replay. Active online bao gm on mt khu t ng. Offline attacks bao gm

dictionary, hybrid, v brute force. Nonelectronic bao gm surfing, keyboard sniffing, v social

engineering.

Bit lm th no c bng chng v activite hacking l loi b bi nhng k tn cng. Xo

bn ghi s kin v v hiu ho phng php kim tra ca nhng k tn cng s dng che du

vt ca chng.

Nhn ra rng cc tp tin n l phng tin c s dng ly ra nhng thng tin nhy cm.

Steganography, NTFS File, v cc lnh attrib l nhng cch tin tc c th n v n cp cc tp

tin.


MC LC

Phn I. GII THIU V BO MT ............................................................................................................... 2

1. Gii thiu ............................................................................................................................................................................................. 2

1.1. Bo mt l g? ........................................................................................................................... 2

1.2. Nhng loi ti nguyn cn c bo mt? ................................................................................ 2

1.3. nh ngha k tn cng? ............................................................................................................ 2

2. Vn v l hng bo mt ........................................................................................................................................................... 3

2.1. nh ngha: ................................................................................................................................ 3

2.2. Phn loi: .................................................................................................................................. 3

3. Cc loi tn cng ca hacker ....................................................................................................................................................... 4

3.1. Tn cng trc tip ..................................................................................................................... 4

3.2. K thut nh la : Social Engineering .................................................................................... 4

3.3. Tn cng vo cc l hng bo mt ............................................................................................ 6

4. Cc bin php pht hin h thng b tn cng ..................................................................................................................... 9

4.1. Cc quy tc bo mt ...................................................................................................................................................................... 10

Phn II. FOOTPRINTING ........................................................................................................................ 12

1. Gii thiu ........................................................................................................................................................................................... 12

2. Cc kiu Footprinting ................................................................................................................................................................... 13

3. Phng php Footprinting ........................................................................................................................................................ 14

4. Tng kt ............................................................................................................................................................................................. 24

Phn III. SCANNING ............................................................................................................................... 25

1. Gii thiu ........................................................................................................................................................................................... 25

2. Chng nng ....................................................................................................................................................................................... 26

Phn IV. ENUMERATION ....................................................................................................................... 38

1. Gii thiu ........................................................................................................................................................................................... 38

2. Enumerating cc dch v mng ................................................................................................................................................ 38

Phn V.SYSTEM HACKING .......................................................................................................................... 42


Qu trnh tn cng h thng .................................................................................................................................................................. 42

2. Cracking Passwords ............................................................................................................................ 44

2.1. Mt khu v cc kiu tn cng mt khu................................................................................................................................ 44

2.2. Passive Online Attacks .................................................................................................................................................................. 45

2.3. Active Online Attacks ..................................................................................................................................................................... 45

2.4. Offline Attacks .................................................................................................................................................................................. 47

2.5. K Thut Crack Password ........................................................................................................................................................... 49

2.6. Mt s tool trong Backtrack 5 .................................................................................................................................................... 50

Tng Kt ..................................................................................................................................................... 58

Documents

Athena TaiLieu Su Dung BackTrack KiemTra AnNinhMang