LI M U Cng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh
v s pht trin ca mng internet ngy cng pht trin a dng v phong ph.Cc
dch v trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi.Cc thng
tin trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu
thng tin cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy
ca n.Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v phc tp hn.
Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l ht sc
quan trng v cn thit. Xut pht t nhng thc t , chng ta s tm hiu v cc
cch tn cng ph bin nht hin nay v cc phng chng cc loi tn cng ny.Chnh
v vy, thng qua vic nghin cu mt s phng php tn cng v cch bo mt cc la
tn cng ny, mnh mong mun gp mt phn nh vo vic nghin cu v tm hiu v cc
vn an ninh mng gip cho vic hc tp v nghin cu.1. L do chn ti Trong
nhng nm gn y, Vit Nam ngy cng pht trin v nht l v mt cng ngh thng
tin. c bit l v ng dng web, hu nh mi ngi ai cng tng nghe v lm vic
trn ng dng web.Website tr nn ph bin v tr thnh mt phn quan trng ca
mi ngi v nht l cc doanh nghip, cng ty. Bn cnh l do an ton bo mt cho
ng dng web lun l vn nan gii ca mi ngi.V vy chng ta s i tm hiu ng
dng web v cch thc tn cng v bo mt web. 2. Mc tiu Gip chng ta c th
hiu hn v cc ng dng website, cc mi e da v vn an ton thng tin khi
chng ta lm vic trn ng dng web hng ngy, hiu r hn v cc k thut tn cng
v bo mt web. 3. Phm viTm hiu cc k thut tn cng ph bin nht hin nay nh
SQL Injection, Denial Of Service, Local Attack,Cch bo mt, phng th
cc loi tn cng ph bin trn mt cch tng quan nht1.1. M t Website v cch
hot ng Website l mt trang web trn mng Internet, y l ni gii thiu
nhng thng tin, hnh nh v doanh nghip v sn phm, dch v ca doanh nghip
(hay gii thiu bt c thng tin g) khch hng c th truy cp bt k ni u, bt
c lc no. Website l tp hp nhiu trang [web page]. Khi doanh nghip xy
dng website ngha l ang xy dng nhiu trang thng tin, catalog sn phm,
dch v.... to nn mt website cn phi c 3 yu t c bn: Cn phi c tn min
(domain). Ni lu tr website (hosting). Ni dung cc trang thng tin
[web page]. Mt s thut ng c bn: Website ng (Dynamic website) l
website c c s d liu, c cung cp cng c qun l website (Admin Tool).c
im ca website ng l tnh linh hot v c th cp nht thng tin thng xuyn,
qun l cc thnh phn trn website d dng. Loi website ny thng c vit bng
cc ngn ng lp trnh nh PHP, Asp.net, JSP, Perl,..., qun tr C s d liu
bng SQL hoc MySQL... Website tnh do lp trnh bng ngn ng HTML theo
tng trang nh brochure, khng c c s d liu v khng c cng c qun l thng
tin trn website. Thng thng website tnh c thit k bng cc phn mm nh
FrontPage, Dreamwaver,...c im ca website tnh l t thay i ni dung, s
thay i ni dung ny thng lin quan n s thay i cc vn bn i km th hin ni
dung trn .Hin nay, hu ht cc doanh nghip u s dng website ng, th h
cng ngh website c mi ngi bit n l web 2.0.- Tn min (domain): Tn min
chnh l a ch website, trn internet ch tn ti duy nht mt a ch (tc l tn
ti duy nht mt tn min). C 2 loi tn min: - Tn min Quc t: l tn min c
dng .com; .net; .org; .biz; .name ...- Tn min Vit Nam: l tn min c
dng .vn; .com.vn; .net.vn; org.vn; .gov.vn;... - Lu tr website: D
liu thng tin ca website phi c lu tr trn mt my tnh (my ch - server)
lun hot ng v kt ni vi mng Internet. Mt server c th lu tr nhiu
website, nu server ny b s c chng hn tt trong mt thi im no th khng
ai c th truy cp c nhng website lu tr trn server ti thi im b s c.-
Ty theo nhu cu lu tr thng tin m doanh nghip c th thu dung lng thch
hp cho website [thu dung lng host]. - Dung lng host: L ni lu c s tr
d liu ca website (hnh nh, thng tin ), n v o dung lng thng l Mb hoc
Gb. - Bng thng hay dung lng ng truyn truyn: L tng s Mb d liu ti ln
my ch hoc ti v t my ch (download, upload) ni t website, n v o thng
thng l Mb/Thng. 1.2. Cc dch v v ng dng trn nn web Vi cng ngh hin
nay, website khng ch n gin l mt trang tin cung cp cc tin bi n
gin.Nhng ng dng vit trn nn web khng ch c gi l mt phn ca website na,
gi y chng c gi l phn mm vit trn nn web. C rt nhiu phn mm chy trn nn
web nh Google word (x l vn bn), Google spreadsheets (x l bng tnh),
Email , Mt s u im ca phn mm hay ng dng chy trn nn web: Mi ngi u c
trnh duyt v bn ch cn trnh duyt chy phn mm. Phn mm lun lun c cp nht
v chng chy trn server Lun sn sng 24/7 D dng backup d liu thng xuyn
Chi ph trin khai cc r so vi phn mm chy trn desktop Hy hnh dung bn c
mt phn mm qun l bn hng hay qun l cng vic cng ty. Khng phi lc no bn
cng cng ty, vi phn mm vit trn nn web, bn c th vo kim tra, iu hnh bt
c u, thm ch bn ch cn mt chic in thoi chy c trnh duyt nh IPhone m
khng cn n mt chic my tnh. 2.1. LOCAL ATTACK 2.1.1. Tm hiu v Local
Attack - Local attack l mt trong nhng kiu hack rt ph bin v khng c
khuyn dng.i mt web server thng thng khi bn ng k mt ti khon trn
server no bn s c cp mt ti khon trn server v mt th mc qun l site ca
mnh. V d : tenserver/tentaikhoancuaban. V nh vy cng c mt ti khon ca
ngi dng khc tng t nh : tenserver/taikhoan1.Gi s taikhoan1 b hacker
chim c th hacker c th dng cc th thut,cc on scrip,cc on m lnh truy
cp sang th mc cha site ca bn l tenserver/taikhoancuaban. V cng theo
cch ny hacker c th tn cng sang cc site ca ngi dng khc v c th ly
thng tin admin,database,cc thng tin bo mt khc hoc chn cc on m c vo
trang index ca site bn. Dng tn cng trn gi l Local Attack - Thng
thng nht, Local Attack c s dng c ly thng tin config t victim, sau
da vo thng tin config v mc ch ca hacker ph hoi website 2.1.2. Cch
tn cng Local Attack - thc hin tn cng Local Attack, ty theo cch thc
ca hacker m c nhng cch Local khc nhau. Thng thng th cc hacker thng
s dng cc on lnh tn cng vo database. - Trc tin phi c mt con
PHP/ASP/CGI backdoor trn server. Backdoor th c rt nhiu loi khc nhau
nhng ph bin nht l phpRemoteView (thng c gi l remview) R57Shell,
CGITelnet,C99,Tin hnh upload cc cng c trn ln, thng l cc con shell
nh R57,C99, - Upload mt trong nhng cng c ln host (Thng th chng ta s
dng cc con shell R57,C99,.. v n mnh v d s dng) - c host chng ta c
nhiu cch: + Mua mt ci host(cch ny hacker t s dng v nhiu l do nhng l
do c bn vn l tn tin m khi up shell ln nu b admin ca server pht hin
s b del host,..Vi cch ny th sau khi Local xong th nn xa cc con
shell ngay lp tc.+ Hack mt trang b li v upload shell ln (thng th
hacker s dng SQL Injection hack mt trang web v chim ti khon admin
ca trang web v upload cc con shell ln)hoc khai thc li inclusion +
Search backdoor (Vo google.com search keyword: , r57Shell ...). Vi
cch ny th hu ht cc con shell l ca cc hacker s dng v cha b xa, nu c
th chng ta nn upload cho chng ta mt con shell khc 2.1.2.2.Tin hnh
Attack - Sau khi chng ta chun b xong, tc l upload c con shell ln 1
server no . Chng ta bt u tm cc website cng server m bn up shell ln,
thng thng cc hacker thng s dng Reverse Ip domain m hacker upload
shell xem cc website cng server - Sau khi tm c danh sch website ,ln
lt check xem site no b li v c th local sang c - Cc lnh thng dng
trong shell Local Attack Xem tn domain trn cng 1 host ls -la
/etc/valiasescd /etc/vdomainaliases;ls lia - Trng hp c bit khi khng
th xem user nm cng host th ta thm && vocd
/etc/vdomainaliases && ls lia - Mun bit tn user th dng lnh
:cat /etc/passwd/ Hoc less /etc/passwd+ local sang victim, tc l
local sang site khc v d hin ti con shell chng ta ang :
/home/abcd/public_html/ th chng ta s local sang nh sau : dir
home/tn user cn local/public_html - Mun bit tn user cn local sang
th chng ta s dng Reverse Ip ly danh sch user trn cng mt server.Mun
bit user c tn ti hay khng chng ta m trnh duyt web ln v nh on : Ip
ca server/~ tn user (V d : 203.166.222.121/~doanchuyennganh). Nu
trnh duyt hin ln trang index ca website th tc l user tn ti +Xem ni
dung ca file cat /home/tn user cn local/public_html/index.php Hoc
Chng ta mun xem config ca 1 forum th dng ln -s /home/tn user cn
local/public_html/forum/includes/config.php doanchuyennganh.txt Vi
doanchuyennganh.txt y l file chng ta to ra trn host ca chng ta xem
file ca ngi khc ! Nu khng s dng c cc lnh trn tc l server disable
chc nng . Thm 1 s lnh shell trong linux :- pwd: a ra ngoi mn hnh th
mc ang hot ng (v d: /etc/ssh). - cd: thay i th mc (v d: cd .. ra mt
cp th mc hin ti; cd vidu vo th mc /vidu). - ls: a ra danh sch ni
dung th mc. - mkdir: to th mc mi (mkdir tn_thumuc). - touch: to
file mi (touch ten_file). - rmdir: b mt th mc (rmdir ten_thumuc). -
cp: copy file hoc th mc (cp file_ngun file_ch). - mv: di chuyn file
hoc th mc; cng c dng t li tn file hoc th mc (mv v_tr_c v_tr_mi hoc
mv tn_c tn_mi). - rm: loi b file (rm tn_file). - tm kim file, bn c
th dng: - find : dng cho cc tn file. - grep: tm ni dung trong file.
xem mt file, bn c th dng: - more : hin th file theo tng trang. -
cat: hin th tt c file. - Nu mun kt ni ti mt host t xa, s dng lnh
ssh. C php l ssh. Qun l h thng: - ps: hin th cc chng trnh hin thi
ang chy (rt hu ch: ps l ci nhn ton b v tt c cc chng trnh).- Trong
danh sch a ra khi thc hin lnh ps, bn s thy c s PID (Process
identification - nhn dng tin trnh). Con s ny s c hi n khi mun ngng
mt dch v hay ng dng, dng lnh kill - top: hot ng kh ging nh Task
Manager trong Windows. N a ra thng tin v tt c ti nguyn h thng, cc
tin trnh ang chy, tc load trung bnh Lnh top -d thit lp khong thi
gian lm ti li h thng. Bn c th t bt k gi tr no, t .1 (tc 10 mili
giy) ti 100 (tc 100 giy) hoc thm ch ln hn.- uptime: th hin thi gian
ca h thng v tc load trung bnh trong khong thi gian , trc y l 5 pht
v 15 pht. Thng thng tc load trung bnh c tnh ton theo phn trm ti
nguyn h thng (vi x l, RAM, cng vo/ra, tc load mng) c dng ti mt thi
im. Nu tc c tnh ton l 0.37, tc c 37% ti nguyn c s dng. Gi tr ln hn
nh 2.35 ngha l h thng phi i mt s d liu, khi n s tnh ton nhanh hn
235% m khng gp phi vn g. Nhng gia cc phn phi c th khc nhau mt cht.
- free: hin th thng tin trn b nh h thng.- ifconfig: xem thng tin
chi tit v cc giao din mng; thng thng giao din mng ethernet c tn l
eth(). Bn c th ci t cc thit lp mng nh a ch IP hoc bng cch dng lnh
ny (xem man ifconfig). Nu c iu g cha chnh xc, bn c th stop hoc
start (tc ngng hoc khi_ng) giao din bng cch dng lnh ifconfig
up/down. - passwd: cho php bn thay i mt khu (passwd
ngi_dng_s_hu_mt_khu hoc tn ngi dng khc nu bn ng nhp h thng vi vai
tr root). - useradd: cho php bn thm ngi dng mi (xem man useradd).D
phn phi no, bn cng c th dng phm TAB t ng hon chnh mt lnh hoc tn
file.iu ny rt hu ch khi bn quen vi cc lnh.Bn cng c th s dng cc phm
ln, xung cun xem cc lnh nhp.Bn c th dng lnh a dng trn mt dng. V d
nh, nu mun to ba th mc ch trn mt dng, c php c th l: mkdir th_mc_1 ;
mkdir th_mc_2 ; mkdir th_mc_3.Mt iu th v khc na l cc lnh dng
pipe.Bn c th xut mt lnh thng qua lnh khc. V d: man mkdir | tail s a
ra thng tin cc dng cui cng trong trang xem "th cng" ca lnh mkdir.
Nu lc no c yu cu phi ng nhp vi ti khon gc (tc "siu" admin ca h
thng), bn c th ng nhp tm thi bng cch dng lnh su. Tham s -1 (su-1)
dng thay i th mc ch v cho cc lnh hoc ang dng. Ch l bn cng s c nhc
mt mt khu. thot hay ng : g exit hoc logout. 2.1.3. Cch bo mt cho
Local Attack hn ch Local Attack, chng ta nn Chmod filemanager ,di
chuyn file config.php v sa i file htaccess v nht l thng xuyn backup
d liu. -Chmod File Manager: + CHMOD th mc Public_html thnh 710 thay
v 750 mc nh vic ny s gip bn bo v c cu trc Website ca mnh. + CHMOD
tip cc th mc con trong th mcdiendan
(http://diendan.doanchuyennganh.com) thnh 701 + CHMOD ton b file
thnh 404 Vi CHMOD chc chn khi run shell s hin ra thng bo li:Not
Acceptable An appropriate representation of the requested resource
/test.php could not be found on this server.Additionally, a 404 Not
Found error was encountered while trying to use an ErrorDocument to
handle the request. Attacker s khng view c. - Ngoi ra , mt s site
th bn truy cp bng subdomain ca n m khng l dng
doanchuyenganh.com/diendan (http://diendan.doanchuyennganh.com), ci
ny c nhiu ngha, nhng trong bo mt th n s rt khc. + CHMOD th mc l 701
v c gng ng bao gi CHMOD 777, c mt s folder ko quan trng, bn c th
CHMOD 755 c th hin th ng v y mt s ni dung trong Folder . Ch th ny,
mt s Server h tr CHMOD th mc c 101, nu Server ca bn h tr ci ny th
hy s dng n, v bin php CHMOD ny rt an ton, n ngay c Owner cng ko th
xem c cu trc Folder ngay c khi vo FTP. Hin ch c Server ca
Eshockhost.net l h tr ci ny. + CHMOD File l 604 v ng bao gi l 666
nu c vic cn 666 th chng ta CHMOD tm s dng lc , sau hy CHMOD li
ngay. i vi cc Server h tr CHMOD file 404 chng ta hy CHMOD nh vy, v
d Server Eshockhost.net - Thay i cu trc, tn file mc nh c cha cc
thng tin quan trng . Nu c th hy thay i c cu trc CSDL nu bn lm c .
-Chng local bng cch bt safe-mode (dnh cho root): Nh chng ta bit, i
vi cc webshell - PHP, trong PHP Configuration c nhng option hn ch
tnh nng ca n (c bit l r57 - t ng by pass) nn cngvic u tin ca cc
root account l phi cp nht cc phin bn PHP mi nht v config li php.ini
: [i]PHP safe mode l phng php gii quyt vn bo mt cho nhng ni server
chia s hosting cho nhiu accounts (shared-server). N l do thit k1
cch sai lc ca tng cp PHP. Hin nay, nhiu ngi chn phng php bt
safe-mode bo mt, c bit l cc ISP - Cc hng dn v cu hnh Security and
Safe Mode :Code: safe_mode: mc nh : "0" sa di phn quyn :
PHP_INI_SYSTEM safe_mode_gid: mc nh :"0"sa di phn quyn :
PHP_INI_SYSTEM safe_mode_include_dir: mc nh :NULL sa di phn quyn :
PHP_INI_SYSTEM safe_mode_exec_dir: mc nh :""sa di PHP_INI_SYSTEM
safe_mode_allowed_env_vars: mc nh :"PHP_"sa di PHP_INI_SYSTEM
safe_mode_protected_env_vars: mc nh :"LD_LIBRARY_PATH"sa di
PHP_INI_SYSTEM open_basedir: mc nh :NULL sa di PHP_INI_SYSTEM
disable_functions: mc nh :"" sa di php.ni disable_classes : mc nh :
""sa di php.ini - Sau y l cch c chnh cu hnh server bt ch safe mode
:Trong file php.ini : safe_mode = Off chuyn thnh safe_mode = On -
disabled_functions nn cha nhng function sau : PHP Code:
readfile,system, exec, shell_exec, passthru, pcntl_exec, putenv,
proc_close, proc_get_status, proc_nice, proc_open, proc_terminate,
popen, pclose, set_time_limit, escapeshellcmd, escapeshellarg, dl,
curl_exec, parse_ini_file, show_source,ini_alter, virtual, openlog
- Khi , ta v d : PHP Code: -rw-rw-r-- 1 doanchuyennganh
doanchuyennganh 33 Jul 1 19:20 script.php -rw-r--r-- 1 root root
1116 May 26 18:01 /etc/passwd - Trong script.php l :PHP Code:
- Kt qu : PHP Code: Warning: readfile() has been disabled for
security reasons in /docroot/script.php on line 2 - Vi li im ca vic
bt safe mode: - Thng khi upload file, file s vo /tmp/ vi nhng ngi c
quyn khng phi l owner. Bt safe-mode s c nhng bt li vi ngi lp trnh
code PHP, do , h thng c: PHP Code:
-Bo mt server apache :By gi, xin gii thch tm quan trng ca apache
:Client (Hacker using local attack) ------> Shared server Shared
Server --------------------------> Apache Apache
---------------------------------> PHP/Perl ... x l ...PHP/Perl
(gi kt qu) -----------------> Apache Apache (gi kt qu)
------------------>Client Do quyn chnh apache set ..ch 0 h ph
thuc nhiu vo cc application nh PHP/CGI ...Ci t apache :Code: pw
groupadd apache pw useradd apache -c "Apache Server" -d /dev/null
-g apache -s /sbin/nologinTheo mc nh, cc process thuc Apache chy vi
ch quyn ca ngi dng nobody (ngoi tr process chnh phi chy vi ch quyn
root) v GID thuc nhm nogroup.iu ny c th dn n nhng e da bo mt nghim
trng.Trong trng hp t nhp thnh cng, tin tc c th ly c quyn truy dng n
nhng process khc chy cng UID/GID.Bi th, gii php ti u l cho Apache
chy bng UID/GID t nhm ring bit, chuyn ch n software y thi.i vi nhng
ai quen dng *nix hn khng l g vi khi nim UID/GID thuc ch "file
permission". Tuy nhin, chi tit ny nn m rng mt t cho nhng bn c cha
quen thuc vi UID/GID. Phn to nhm (group) v ngi dng (user) ring cho
Apache trn c hai chi tit cn ch l: -d /dev/null: khng cho php user
Apache c th mc $HOME nhng nhng user bnh thng khc-s /sbin/nologin:
khng cho user Apache dng bt c mt shell no c.C mt s trng hp dng -s
/bin/true thay v nologin trn, true l mt lnh khng thc thi g c v hon
ton v hi.L do khng cho php user Apache c th mc $HOME v khng c cp mt
"shell" no c v nu account Apache ny b c cho php, tin tc cng khng c
c hi tip cn vi system mc cn thit cho th thut "leo thang c quyn".
Trn mi trng *nix ni chung, "shell" l giao din gia ngi dng v h thng,
khng c shell th khng c c hi tip cn. Nu phn thit lp trn cung cp user
Apache mt $HOME v cho php dng mt shell no th khng mang gi tr g trn
quan im "bo mt". Vo http://httpd.apache.org/ ci t phin bn mi nht
(hin gi 2.2) Khi ta nn set quyn ca php shell ring, n khng c quyn c
nhy sang cc user khc .- Chmod trong /usr/bin nh sau : -rwxr--r-x
root nobody wget cho -rwxr-x--- root compiler gcc - Chn bin dch
gcc, trnh user dng nhng exploit sn bin dch get root. Trong
/bin/-rwxr-xr-x root root cp - Tng t vi rm, mv, tar, chmod, chown,
chgrp... -rwsr-x--- root wheel su -rwxr-x--- root root ln18
