ProHoster > Блог > Gudanarwa > Bayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2

Bayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2

Wani lokaci da ya wuce na rubuta game da wannan, amma kadan kadan kuma hargitsi. Bayan haka, na yanke shawarar fadada jerin kayan aikin a cikin bita, ƙara tsari ga labarin, da kuma yin la'akari da zargi (godiya da yawa). Lefty don shawara) kuma aika shi zuwa gasa akan SecLab (kuma an buga shi mahada, amma ga dukkan alamu babu wanda ya ganta). An gama gasar, an sanar da sakamakon kuma da lamiri mai tsabta zan iya buga shi (kasidar) akan Habré.

Aikace-aikacen Yanar Gizo Kyauta Kayan Aikin Pentester

A cikin wannan labarin zan yi magana game da kayan aikin da suka fi dacewa don ƙaddamarwa (gwajin shiga) na aikace-aikacen yanar gizo ta amfani da dabarun "black box".
Don yin wannan, za mu dubi abubuwan amfani waɗanda za su taimaka tare da irin wannan gwaji. Yi la'akari da nau'ikan samfura masu zuwa:

  1. Na'urar daukar hoto ta hanyar sadarwa
  2. Na'urar daukar hoton karya rubutun yanar gizo
  3. Amfani
  4. Automation na injections
  5. Masu gyara kuskure (sniffers, proxies local, etc.)


Wasu samfurori suna da "halaye" na duniya, don haka zan rarraba su a cikin nau'in da suke da aоsakamako mafi kyau (ra'ayi ra'ayi).

Na'urar daukar hoto ta hanyar sadarwa.

Babban aikin shine gano hanyoyin sadarwar da ke akwai, shigar da nau'ikan su, ƙayyade OS, da sauransu.

NmapBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Nmap ("Taswirar hanyar sadarwa") kyauta ne kuma buɗaɗɗen tushen amfani don bincike na cibiyar sadarwa da kuma duba tsarin tsaro. Masu adawa da kayan wasan bidiyo na iya amfani da Zenmap, wanda shine GUI don Nmap.
Wannan ba kawai na'urar daukar hotan takardu ta "smart" ba, kayan aiki ne mai mahimmanci (ɗayan "fasalolin da ba a saba gani ba" shine kasancewar rubutun don bincika kumburi don kasancewar tsutsa "Stuxnet"(an ambata a nan). Misalin amfani na yau da kullun:

nmap -A -T4 localhost

-A don gano nau'in OS, binciken rubutun da ganowa
-T4 saitin sarrafa lokaci (ƙarin yana da sauri, daga 0 zuwa 5)
localhost - mai masaukin baki
Wani abu mafi wuya?

nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost

Wannan saitin zaɓuɓɓuka ne daga bayanin martabar “Slow comprehensive scan” a cikin Zenmap. Yana ɗaukar lokaci mai tsawo don kammalawa, amma a ƙarshe yana ba da ƙarin cikakkun bayanai waɗanda za'a iya ganowa game da tsarin da aka yi niyya. Jagorar Taimako cikin Rashanci, idan kun yanke shawarar yin zurfi, Ina kuma bayar da shawarar fassara labarin Jagoran Mafari zuwa Nmap.
Nmap ya sami matsayin "Tsaro na Shekara" daga mujallu da al'ummomi kamar Linux Journal, Duniyar Bayani, LinuxQuestions.Org da Codetalker Digest.
Wani batu mai ban sha'awa, ana iya ganin Nmap a cikin fina-finai "The Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" da kuma wasu.

IP-Kayan aikiBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
IP-Kayan aiki - nau'in saiti na kayan aikin cibiyar sadarwa daban-daban, ya zo tare da GUI, " sadaukarwa" ga masu amfani da Windows.
Na'urar daukar hoto ta tashar jiragen ruwa, albarkatun da aka raba (masu bugawa / manyan fayiloli), WhoIs/Finger/Lookup, abokin ciniki na telnet da ƙari mai yawa. Kawai dacewa, sauri, kayan aiki mai aiki.

Babu wata ma'ana ta musamman a cikin la'akari da wasu samfurori, tun da akwai abubuwa masu yawa a cikin wannan yanki kuma duk suna da irin wannan ka'idodin aiki da ayyuka. Har yanzu, nmap ya kasance mafi yawan amfani.

Na'urar daukar hoton karya rubutun yanar gizo

Ƙoƙarin nemo mashahuran lahani (SQL inj, XSS, LFI/RFI, da dai sauransu) ko kurakurai (ba a share fayilolin wucin gadi ba, firikwensin directory, da sauransu.)

Acunetix Scanner Rashin Lafiyar Yanar GizoBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Acunetix Scanner Rashin Lafiyar Yanar Gizo - daga hanyar haɗin za ku iya ganin cewa wannan na'urar daukar hotan takardu ce ta xss, amma wannan ba gaskiya ba ne. Sigar kyauta, akwai anan, tana ba da ayyuka da yawa. Yawancin lokaci, mutumin da ya fara gudanar da wannan na'urar daukar hotan takardu a karon farko kuma ya karɓi rahoto kan albarkatun su a karon farko ya ɗan ɗanɗana girgiza, kuma za ku fahimci dalilin da ya sa da zarar kun yi haka. Wannan samfuri ne mai ƙarfi sosai don nazarin kowane nau'in lahani akan gidan yanar gizon kuma yana aiki ba kawai tare da gidajen yanar gizo na PHP na yau da kullun ba, har ma a cikin wasu yarukan (ko da yake bambancin harshe ba alama ba ne). Babu wata ma'ana ta musamman a cikin bayanin umarnin, tunda na'urar daukar hotan takardu kawai ta “dauki” ayyukan mai amfani. Wani abu mai kama da "na gaba, gaba, gaba, shirye" a cikin shigarwar software na yau da kullun.

NiktoBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Nikto Wannan buɗaɗɗen Tushen (GPL) mai rarrafe gidan yanar gizo ne. Yana kawar da aikin hannu na yau da kullun. Yana bincika wuraren da aka yi niyya don rubutun da ba a share su ba (wasu test.php, index_.php, da sauransu), kayan aikin sarrafa bayanai (/phpmyadmin/, /pma da makamantansu), da sauransu, wato, bincika albarkatun don mafi yawan kurakurai. yawanci abubuwan da mutane ke haifarwa.
Bugu da ƙari, idan ya sami wasu shahararrun rubutun, yana duba shi don abubuwan da aka fitar (wadanda suke cikin ma'ajin bayanai).
Akwai rahotannin hanyoyin "marasa so" kamar PUT da TRACE
Da sauransu. Yana da matukar dacewa idan kuna aiki azaman mai duba kuma kuyi nazarin gidajen yanar gizo kowace rana.
Daga cikin minuses, Ina so in lura da yawan adadin abubuwan da ba su dace ba. Misali, idan gidan yanar gizon ku koyaushe yana ba da babban kuskure maimakon kuskuren 404 (lokacin da ya kamata ya faru), to, na'urar daukar hotan takardu za ta ce shafin ku yana dauke da dukkan rubutun da duk wasu lahani daga ma'adanar bayanansa. A aikace, wannan baya faruwa sau da yawa, amma a matsayin gaskiya, da yawa ya dogara da tsarin rukunin yanar gizon ku.
Amfanin gargajiya:

./nikto.pl -host localhost

Idan kana buƙatar samun izini akan rukunin yanar gizon, zaku iya saita kuki a cikin fayil ɗin nikto.conf, madaidaicin STATIC-COOKIE.

WiktoBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Wikto - Nikto don Windows, amma tare da wasu ƙari, irin su "hankali" lokacin bincika lamba don kurakurai, ta amfani da GHDB, samun hanyoyin haɗi da manyan fayiloli na albarkatu, saka idanu na ainihin buƙatun HTTP / amsawa. An rubuta Wikto a cikin C # kuma yana buƙatar tsarin NET.

kifin kifiBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
kifin kifi - na'urar daukar hoto mai rauni daga yanar gizo daga Michal Zalewski (wanda aka sani da lcamtuf). An rubuta a cikin C, giciye-dandamali (Win yana buƙatar Cygwin). Recursively (kuma na dogon lokaci, game da 20 ~ 40 hours, ko da yake na karshe lokacin da ya yi aiki a gare ni shi ne 96 hours) yana rarrafe dukan rukunin yanar gizon kuma ya sami kowane irin ramukan tsaro. Hakanan yana haifar da zirga-zirga mai yawa (yawancin GB masu shigowa/mai fita). Amma duk hanyoyin suna da kyau, musamman idan kuna da lokaci da albarkatu.
Amfani Na Musamman:

./skipfish -o /home/reports www.example.com

A cikin babban fayil "rahotanni" za a sami rahoto a cikin html, misali.

w3af Bayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
w3af - Harin Aikace-aikacen Yanar Gizo da Tsarin Audit, na'urar daukar hotan takardu ta buɗaɗɗen rashin lahani. Yana da GUI, amma kuna iya aiki daga na'ura wasan bidiyo. More daidai, tsari ne tare da bunch of plugins.
Kuna iya magana game da fa'idodinsa na dogon lokaci, yana da kyau a gwada shi:] Aikin yau da kullun tare da shi ya sauko don zaɓar bayanin martaba, ƙayyadaddun manufa kuma, a zahiri, ƙaddamar da shi.

Tsarin Tsaro na MantraBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Mantra mafarki ne da ya zo gaskiya. Tarin kayan aikin tsaro na bayanai kyauta da buɗewa waɗanda aka gina a cikin mai binciken gidan yanar gizo.
Yana da amfani sosai lokacin gwada aikace-aikacen yanar gizo a kowane mataki.
Amfani yana tafasa ƙasa don shigarwa da ƙaddamar da mai binciken.

A gaskiya ma, akwai abubuwa da yawa a cikin wannan rukunin kuma yana da wuya a zaɓi takamaiman jerin daga cikinsu. Mafi sau da yawa, kowane pentester da kansa yana ƙayyade saitin kayan aikin da yake buƙata.

Amfani

Don yin amfani da ta atomatik kuma mafi dacewa ga rashin lahani, ana rubuta abubuwan amfani a cikin software da rubutun, waɗanda kawai ke buƙatar wuce sigogi don yin amfani da rami na tsaro. Kuma akwai samfuran da ke kawar da buƙatar da hannu don bincika abubuwan amfani, har ma da amfani da su akan tashi. Yanzu za a tattauna wannan rukuni.

Metasploit Tsarin Bayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Tsarin Metasploit® - wani nau'in dodo a cikin kasuwancinmu. Zai iya yin abubuwa da yawa har umarnin zai rufe labarai da yawa. Za mu kalli cin zarafi ta atomatik (nmap + metasploit). Layin ƙasa shine wannan: Nmap zai bincika tashar jiragen ruwa da muke buƙata, shigar da sabis ɗin, kuma metasploit zai yi ƙoƙarin yin amfani da abubuwan amfani da shi dangane da aji sabis (ftp, ssh, da sauransu). Maimakon umarnin rubutu, zan saka bidiyo, wanda ya shahara akan batun autopwn

Ko kuma za mu iya sarrafa sarrafa abubuwan da muke buƙata. Misali:

msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP] msf auxiliary(vpn_3000_ftp_bypass) > run

A gaskiya ma, damar wannan tsarin yana da yawa sosai, don haka idan kun yanke shawarar yin zurfi, je zuwa mahada

SanarwaBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Sanarwa - OVA na nau'in cyberpunk GUI don Metasploit. Yana kwatanta maƙasudi, yana ba da shawarar cin zarafi kuma yana ba da abubuwan ci gaba na tsarin. Gabaɗaya, ga waɗanda suke son duk abin da suke da kyau da ban sha'awa.
Screencast:

Nessus® mai ƙarfiBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Nessus® na'urar daukar hoto mai rauni - yana iya yin abubuwa da yawa, amma ɗaya daga cikin damar da muke buƙata daga gare ta shine tantance waɗanne ayyuka suke da amfani. Sigar samfurin kyauta "gida kawai"

Amfani:

  • Zazzage (don tsarin ku), shigar, rajista (ana aika maɓalli zuwa imel ɗin ku).
  • Fara uwar garken, ƙara mai amfani zuwa Nessus Server Manager (Sarrafa maɓallin masu amfani)
  • Muna zuwa adireshin 
    https://localhost:8834/

    da kuma samun flash abokin ciniki a cikin browser

  • Scans -> Ƙara -> cika filayen (ta zaɓar bayanan bayanan da ya dace da mu) kuma danna Scan

Bayan ɗan lokaci, rahoton binciken zai bayyana a cikin shafin Rahoton
Don duba fa'idar rashin lafiyar sabis don cin gajiyar, zaku iya amfani da Tsarin Metasploit da aka bayyana a sama ko ƙoƙarin nemo cin gajiyar (misali, a kunne). Fasa-db, guguwar fakiti, binciken bincike da dai sauransu) da kuma amfani da shi da hannu a kan tsarinta
IMHO: yayi girma sosai. Na kawo shi a matsayin daya daga cikin jagororin wannan al'amari na masana'antar software.

Automation na injections

Yawancin na'urori na yanar gizo na sec scanners suna neman allura, amma har yanzu su ne kawai na'urar daukar hotan takardu. Kuma akwai abubuwan amfani waɗanda ke hulɗar musamman game da nema da amfani da allura. Za mu yi magana game da su yanzu.

sqlmapBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
sqlmap - kayan aikin buɗe tushen don nema da amfani da alluran SQL. Yana goyan bayan sabar bayanai kamar: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Yawan amfani yana gangarowa zuwa layi:

python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Akwai isassun litattafai, gami da na Rashanci. Software yana sauƙaƙa aikin pentester sosai lokacin aiki akan wannan yanki.
Zan ƙara nunin bidiyo na hukuma:

bsqlbf-v2
bsqlbf-v2 - rubutun perl, mai ƙarfi mai ƙarfi don “makafi” alluran Sql. Yana aiki duka tare da ƙimar lamba a url kuma tare da ƙimar kirtani.
Yana goyan bayan bayanan bayanai:

  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle

Misalin amfani:

./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1

- url www.somehost.com/blah.php?u=5 - Haɗi tare da sigogi
- makaho ku - siga don allura (ta tsohuwa ana ɗaukar na ƙarshe daga ma'aunin adireshin)
-sql "zaɓi sunan tebur daga imformation_schema.tables iyaka 1 biya diyya 0" - bukatar mu ta sabani ga ma'ajin bayanai
-Database 1 - uwar garken bayanai: MSSQL
- nau'in 1 - nau'in harin, allurar "makafi", dangane da Gaskiya da Kuskure (misali, kurakuran rubutu) martani

Masu gyara kuskure

Waɗannan kayan aikin galibi masu haɓakawa ne ke amfani da su lokacin da suka sami matsala tare da sakamakon aiwatar da lambar su. Amma wannan jagorar kuma yana da amfani don ƙididdigewa, lokacin da za mu iya maye gurbin bayanan da muke buƙata akan tashi, bincika abin da ya zo don amsa sigogin shigarwar mu (misali, lokacin fuzzing), da sauransu.

Babban Suite
Babban Suite - saitin abubuwan amfani waɗanda ke taimakawa tare da gwaje-gwajen shiga. Yana kan Intanet kyakkyawan nazari a cikin Rashanci daga Raz0r (ko da yake na 2008).
Sigar kyauta ta ƙunshi:

  • Burp Proxy wakili ne na gida wanda ke ba ka damar canza buƙatun da aka riga aka samar daga mai lilo
  • Burp Spider - gizo-gizo, bincika fayilolin da ke akwai da kundayen adireshi
  • Burp Repeater - aika buƙatun HTTP da hannu
  • Burp Sequencer - nazarin ƙimar bazuwar a cikin nau'i
  • Burp Decoder shine madaidaicin encoder-decoder (html, base64, hex, da sauransu), wanda akwai dubbai, waɗanda za'a iya rubuta su cikin sauri cikin kowane harshe.
  • Kwatankwacin Burp - Abubuwan Kwatancen Kirtani

A ka'ida, wannan kunshin yana magance kusan duk matsalolin da suka shafi wannan yanki.

FiddlerBayanin kayan aikin kyauta don neman albarkatun yanar gizo da ƙari v2
Fiddler - Fiddler wakili ne na gyara kuskure wanda ke yin rajistar duk zirga-zirgar HTTP(S). Yana ba ku damar bincika wannan zirga-zirga, saita wuraren hutu da “wasa” tare da bayanai masu shigowa ko masu fita.

Akwai kuma Tushen wuta, dodo Wireshark da sauransu, zabi ya rage ga mai amfani.

ƙarshe

A zahiri, kowane pentester yana da nasa arsenal da nasa kayan aiki, tun da akwai da yawa daga cikinsu. Na yi ƙoƙari in jera wasu mafi dacewa da mashahuri. Amma don kowa ya san kansa da sauran abubuwan amfani ta wannan hanyar, zan samar da hanyoyin haɗin gwiwa a ƙasa.

Daban-daban saman/jessin na'urorin daukar hoto da kayan aiki

Rarraba Linux wanda ya riga ya haɗa da gungun abubuwan amfani daban-daban

sabuntawa: Takardun BurpSuite a cikin harshen Rashanci daga ƙungiyar "Hack4Sec" (ƙara Anton Kuzmin)

PS Ba za mu iya yin shiru game da XSpider ba. Ba ya shiga cikin bita, kodayake shareware ne (Na gano lokacin da na aika labarin zuwa SecLab, a zahiri saboda wannan (ba ilimi ba, da rashin sabon sigar 7.8) kuma ban haɗa shi a cikin labarin ba). Kuma a cikin ka'idar, an shirya bitar shi (Ina da gwaje-gwaje masu wahala da aka shirya don shi), amma ban sani ba ko duniya za ta gani.

PPS Wasu abubuwa daga labarin za a yi amfani da su don manufar sa a cikin rahoto mai zuwa a CodeFest 2012 a cikin sashin QA, wanda zai ƙunshi kayan aikin da ba a ambata a nan ba (kyauta, ba shakka), da kuma algorithm, a cikin abin da za a yi amfani da abin da, abin da sakamakon da za a yi tsammani, abin da jeri don amfani da kowane irin alamu da dabaru lokacin da aiki (Ina tunanin game da rahoton kusan kowace rana , Zan yi ƙoƙarin gaya muku duk mafi kyau game da batun batun)
Af, akwai darasi a kan wannan labarin a Bude InfoSec Kwanaki (Tag in Habre, Yanar gizo), iya fashi Korovans duba kayan.

source: www.habr.com

Add a comment