Jinkirin sa hannu ya zama ruwan dare ga kowane babban kamfani. Yarjejeniyar da ke tsakanin Tom Hunter da kantin sayar da dabbobin sarkar guda ɗaya don shigar da ƙara ba ta kasance ba. Dole ne mu bincika gidan yanar gizon, cibiyar sadarwar ciki, har ma da Wi-Fi mai aiki.
Ba abin mamaki ba ne cewa hannayena suna ƙaiƙayi tun kafin a daidaita duk abubuwan da aka tsara. To, kawai bincika shafin kawai idan akwai, yana da wuya cewa irin wannan sanannen kantin sayar da "The Hound of the Baskervilles" zai yi kuskure a nan. Bayan 'yan kwanaki, Tom a ƙarshe ya ba da kwangilar asali na asali - a wannan lokacin, sama da kofi na uku, Tom daga CMS na ciki ya kimanta tare da sha'awar yanayin shagunan ...
source:
Amma ba zai yiwu a sarrafa da yawa a cikin CMS ba - masu gudanar da rukunin yanar gizon sun dakatar da Tom Hunter's IP. Ko da yake zai yiwu a sami lokaci don samar da kari akan katin kantin sayar da kaya kuma ku ciyar da cat ɗin ku na ƙaunataccen kuɗi na watanni masu yawa ... "Ba wannan lokacin ba, Darth Sidious," Tom yayi tunani da murmushi. Ba zai zama mai ban sha'awa ba don tafiya daga yankin gidan yanar gizon zuwa cibiyar sadarwar abokin ciniki, amma a fili waɗannan sassan ba a haɗa su ga abokin ciniki ba. Duk da haka, wannan yana faruwa sau da yawa a cikin manyan kamfanoni.
Bayan duk ƙa'idodin, Tom Hunter ya yi amfani da kansa tare da asusun VPN da aka bayar kuma ya tafi cibiyar sadarwar abokin ciniki. Asusun yana cikin yankin Active Directory, don haka yana yiwuwa a zubar da AD ba tare da wani dabaru na musamman ba - kwashe duk bayanan da ake samu a bainar jama'a game da masu amfani da injunan aiki.
Tom ya ƙaddamar da adfind mai amfani kuma ya fara aika buƙatun LDAP zuwa mai sarrafa yanki. Tare da tacewa a kan ajin abuCategory, ƙayyade mutum a matsayin sifa. Amsar ta dawo da tsari mai zuwa:
dn:CN=Гость,CN=Users,DC=domain,DC=local
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>cn: Гость
>description: Встроенная учетная запись для доступа гостей к компьютеру или домену
>distinguishedName: CN=Гость,CN=Users,DC=domain,DC=local
>instanceType: 4
>whenCreated: 20120228104456.0Z
>whenChanged: 20120228104456.0ZBan da wannan, akwai bayanai masu fa'ida da yawa, amma mafi ban sha'awa shine a cikin > bayanin: > filin bayanin. Wannan sharhi ne akan asusu - asali madaidaicin wuri don adana ƙananan bayanan kula. Amma masu kula da abokin ciniki sun yanke shawarar cewa kalmomin shiga kuma za su iya zama a can cikin nutsuwa. Wanene, bayan haka, zai iya sha'awar duk waɗannan bayanan hukuma marasa mahimmanci? Don haka sharhin da Tom ya samu sune:
Создал Администратор, 2018.11.16 7po!*VqnBa kwa buƙatar zama masanin kimiyyar roka don fahimtar dalilin da yasa haɗuwa a ƙarshen ke da amfani. Abin da ya rage shi ne a rarraba babban fayil ɗin amsawa daga CD ta amfani da> filin bayanin: kuma a nan sun kasance - 20 login-Password nau'i-nau'i. Haka kuma, kusan rabin suna da haƙƙin samun damar RDP. Ba mummunan gada ba, lokacin da za a raba dakarun da ke kai hari.
hanyar sadarwa
Hounds masu samun damar ƙwallayen Baskerville sun kasance suna tunawa da babban birni a cikin duk hargitsi da rashin tabbas. Tare da bayanan mai amfani da RDP, Tom Hunter yaro ne mai karye a cikin wannan birni, amma har ma ya sami damar ganin abubuwa da yawa ta cikin tagogin windows na manufofin tsaro.
Sassan sabar fayil, asusun lissafin kuɗi, har ma da rubutun da ke da alaƙa da su duk an bayyana su ga jama'a. A cikin saitunan ɗayan waɗannan rubutun, Tom ya sami hash ɗin MS SQL na mai amfani ɗaya. Wani ɗan ƙaramin sihiri mai ƙarfi - kuma zaton mai amfani ya juya ya zama kalmar sirrin rubutu bayyananne. Godiya ga John The Ripper da Hashcat.
Dole ne wannan maɓalli ya dace da wani ƙirji. An samo ƙirjin, kuma abin da ya fi haka, an haɗa wasu "kirji" guda goma tare da shi. Kuma cikin shida sa ... superuser rights, nt iko tsarin! A kan biyu daga cikinsu mun sami damar gudanar da tsarin da aka adana xp_cmdshell kuma mu aika umarni cmd zuwa Windows. Me kuma za ku iya so?
Masu kula da yanki
Tom Hunter ya shirya bugu na biyu don masu kula da yanki. Akwai uku daga cikinsu a cikin cibiyar sadarwa na "Dogs of the Baskervilles", daidai da adadin sabar sabar yanki mai nisa. Kowane mai sarrafa yanki yana da babban fayil na jama'a, kamar buɗaɗɗen nuni a cikin shago, kusa da wanda talakan yaron Tom ya rataye.
Kuma a wannan lokacin mutumin ya sake yin sa'a - sun manta cire rubutun daga akwatin nuni, inda aka sanya kalmar sirri ta uwar garken gida. Don haka hanyar zuwa mai sarrafa yanki a buɗe take. Shigo, Tom!
Anan aka ciro hular sihiri , wanda ya ci riba daga masu gudanar da yanki da yawa. Tom Hunter ya sami damar shiga duk injinan da ke kan hanyar sadarwar gida, kuma dariyar shaidan ta tsorata cat daga kujera ta gaba. Wannan hanya ta yi guntu fiye da yadda ake tsammani.
Karshe
Tunawa da WannaCry da Petya har yanzu yana raye a cikin zukatan masu tada hankali, amma wasu admins da alama sun manta game da ransomware a cikin kwararar wasu labaran maraice. Tom ya gano nodes uku tare da rauni a cikin ka'idar SMB - CVE-2017-0144 ko EternalBlue. Wannan lahani iri ɗaya ne da aka yi amfani da shi don rarraba WannaCry da Petya ransomware, raunin da ke ba da damar yin amfani da lambar sabani akan mai watsa shiri. A ɗaya daga cikin nodes masu rauni akwai taron gudanarwa na yanki - "yi amfani da shi kuma samu." Me za ku yi, lokaci bai koya wa kowa ba.
"The Basterville's Dog"
Classics na tsaro na bayanai suna son maimaita cewa mafi raunin batu na kowane tsarin shine mutum. Ka lura cewa kanun labaran da ke sama bai dace da sunan kantin ba? Wataƙila ba kowa ba ne mai hankali sosai.
A cikin mafi kyawun hadisai na blockbusters na phishing, Tom Hunter ya yi rajistar yanki wanda ya bambanta da wasiƙa ɗaya daga yankin "Hounds of the Baskervilles". Adireshin saƙon kan wannan yanki ya kwaikwayi adireshin sabis ɗin tsaro na bayanan kantin. A cikin kwanaki 4 daga 16:00 zuwa 17:00, an aika da wasiƙar mai zuwa zuwa adireshi 360 daga adireshin karya:
Wataƙila, kawai nasu kasala ne ya ceci ma'aikata daga yawan yabo na kalmomin shiga. Daga cikin haruffa 360, 61 kawai aka buɗe - ma'aikatar tsaro ba ta da farin jini sosai. Amma sai aka samu sauki.
Shafin phishing
Mutane 46 ne suka danna mahadar kuma kusan rabin - ma'aikata 21 - ba su kalli sandar adireshin ba kuma sun shiga cikin natsuwa da kalmomin shiga. Da kyau kama, Tom.
Wi-Fi network
Yanzu babu buƙatar ƙidayar taimakon cat. Tom Hunter ya jefa baƙin ƙarfe da yawa a cikin tsohon sedan ɗin sa ya tafi ofishin Hound na Baskervilles. Ba a yarda da ziyararsa ba: Tom zai gwada Wi-Fi na abokin ciniki. A cikin filin ajiye motoci na cibiyar kasuwanci akwai wurare da yawa na kyauta waɗanda aka haɗa su cikin dacewa a cikin kewayen cibiyar sadarwa. A bayyane yake, ba su yi tunani da yawa game da iyakancewar sa ba - kamar dai masu gudanar da aiki ba da gangan suke yin ƙarin maki don amsa duk wani korafi game da Wi-Fi mai rauni ba.
Ta yaya tsaro WPA/WPA2 PSK ke aiki? Ana ba da ɓoyayyen ɓoyewa tsakanin wurin shiga da abokan ciniki ta maɓalli na farko-Pairwise Transient Key (PTK). PTK yana amfani da Maɓallin Share-Kafafi da wasu sigogi guda biyar - SSID, Mai tabbatarwa Nounce (SANARWA), Kiran Kira (SNounce), wurin shiga da adiresoshin MAC abokin ciniki. Tom ya katse dukkan sigogi guda biyar, kuma yanzu Maɓallin Pre-Shared kawai ya ɓace.
Mai amfani da Hashcat ya sauke wannan hanyar da ta ɓace a cikin kusan mintuna 50 - kuma gwarzonmu ya ƙare a cikin hanyar sadarwar baƙi. Daga gare ta kun riga kun ga mai aiki - abin ban mamaki, anan Tom ya sarrafa kalmar wucewa cikin kusan mintuna tara. Kuma duk wannan ba tare da barin filin ajiye motoci ba, ba tare da VPN ba. Cibiyar sadarwa ta buɗe sararin samaniya don ayyuka masu ban mamaki ga gwarzonmu, amma bai taɓa ƙara kari a katin ajiya ba.
Tom ya dakata, ya kalli agogon hannunsa, ya jefar da takardun kudi guda biyu a kan tebirin sannan ya yi bankwana ya bar cafe din. Watakila ya sake yin wani abu, ko watakila yana ciki Na yi tunanin rubuta...
source: www.habr.com