I kēia manawa e ho'āʻo mākou i kahi ala ʻē aʻe e hoʻokomo ai i SQL. E nānā inā hoʻomau ka waihona i ka waiho ʻana i nā memo hewa. Kapaʻia kēiaʻano "e kali ana i kahi lohi", a ua kākauʻia ka hoʻopaneʻe iā ia iho penei: waitfor delay 00:00:01'. Kope au i kēia mai kā mākou faila a hoʻopili i ka pahu helu o kaʻu polokalamu kele pūnaewele.
Ua kapa ʻia kēia mau mea he "pilikia SQL makapō ma kahi manawa pōkole". ʻO nā mea a mākou e hana nei ma ʻaneʻi ʻo ka ʻōlelo ʻana "e kali i kahi lohi o 10 kekona". Inā ʻoe e ʻike, aia ma ka ʻaoʻao hema ka palapala "hoʻohui ...", ʻo ia hoʻi, he aha kā mākou ʻaoʻao? Ke kali nei ʻo ia no kahi pilina, a ma hope o 10 kekona, ʻike ʻia ka ʻaoʻao pololei ma kāu monitor. Me kēia hoʻopunipuni, noi mākou i ka waihona e ʻae iā mākou e nīnau iā ia i kekahi mau nīnau hou, no ka laʻana, inā ʻo Joe ka mea hoʻohana, a laila pono mākou e kali i 10 kekona. Ua maopopo? Inā he dbo ka mea hoʻohana, e kali i 10 kekona. ʻO kēia ke ʻano hana Blind SQL Injection.
Manaʻo wau ʻaʻole hoʻoponopono nā mea hoʻomohala i kēia nāwaliwali i ka wā e hana ana i nā pā. ʻO SQL injection kēia, akā ʻaʻole ʻike ʻia kā mākou polokalamu IDS, e like me nā ʻano hana o SQL injection.
E ho'āʻo kākou i kekahi mea hoihoi. E kope i kēia laina me ka IP address a hoʻopili i ka polokalamu kele pūnaewele. Ua hana! Ua ʻulaʻula ka pā TCP i kā mākou papahana, ua ʻike ka papahana i nā hoʻoweliweli palekana 2.
ʻAe, e ʻike kāua i ka mea i hiki mai. Loaʻa iā mākou hoʻokahi hoʻoweliweli i ka shell XP, a ʻo kekahi hoʻoweliweli he hoʻāʻo SQL injection. ʻO ka huina, ʻelua mau hoʻāʻo e hoʻouka i ka noi pūnaewele.
ʻAe, e kōkua mai iaʻu i ka noʻonoʻo. Loaʻa iā mākou kahi paʻi ʻikepili hoʻopunipuni kahi i ʻōlelo ai ʻo IDS ua pane ʻo ia i nā ʻano hoʻololi ʻana o ka shell XP.
Inā mākou e iho i lalo, ʻike mākou i kahi pākaukau o nā code HEX, aia ma ka ʻaoʻao ʻākau he hae me ka memo xp_cmdshell + &27ping, a maopopo he hewa kēia.
E ʻike kākou i ka mea i hana ʻia ma ʻaneʻi. He aha ka SQL Server i hana ai?
Ua ʻōlelo ke kikowaena SQL "hiki iā ʻoe ke loaʻa i kaʻu ʻōlelo huna waihona, hiki iā ʻoe ke loaʻa i kaʻu mau moʻolelo waihona waihona, akā e ke hoa, ʻaʻole wau makemake e hoʻokō ʻoe i kāu mau kauoha ma luna oʻu, ʻaʻole maikaʻi loa"!
ʻO ka mea e pono ai mākou e hana, ʻoiai inā hōʻike ka IDS i kahi hoʻoweliweli i ka shell XP, ʻaʻole mālama ʻia ka hoʻoweliweli. Inā ʻoe e hoʻohana nei i ka SQL Server 2005 a i ʻole SQL Server 2008, inā ʻike ʻia kahi hoʻāʻo hoʻāno SQL, e laka ʻia ka pūpū ʻōnaehana hana, e pale ana iā ʻoe mai ka hoʻomau ʻana i kāu hana. He mea hoʻonāukiuki loa. No laila he aha kā mākou e hana ai? Pono ʻoe e hoʻāʻo e nīnau i ke kikowaena me ke aloha. E ʻōlelo paha wau i kekahi mea penei, "E ʻoluʻolu, e papa, hiki iaʻu ke loaʻa kēia mau kuki"? ʻO ia kaʻu e hana ai, me ke koʻikoʻi, ke noi aku nei au i ke kikowaena me ka mahalo! Ke noi nei au i nā koho hou aʻe, ke noi nei au i kahi hoʻonohonoho hou, a ke noi nei au e hoʻololi i nā hoʻonohonoho shell XP e loaʻa ai ka pūpū no ka mea pono wau!
ʻIke mākou ua ʻike ʻo IDS i kēia - ʻike ʻoe, ua ʻike ʻia nā hoʻoweliweli 3 ma aneʻi.
E nānā wale maanei - ua puhi mākou i nā lāʻau palekana! Me he kumu lāʻau Kalikimaka lā, nui nā mea i kau ʻia ma ʻaneʻi! E like me 27 mau hoʻoweliweli palekana! Hooray guys, hopu mākou i kēia hacker, loaʻa iā mākou!
ʻAʻole mākou hopohopo e ʻaihue ʻo ia i kā mākou ʻikepili, akā inā hiki iā ia ke hoʻokō i nā kauoha ʻōnaehana i kā mākou "pahu" - ua koʻikoʻi kēia! Hiki iā ʻoe ke kahakiʻi i ke ala Telnet, FTP, hiki iā ʻoe ke lawe i kaʻu ʻikepili, maikaʻi kēlā, akā ʻaʻole wau hopohopo no ia mea, ʻaʻole wau makemake e lawe ʻoe i ka pūpū o kaʻu "pahu".
Makemake au e kamaʻilio e pili ana i nā mea i loaʻa iaʻu. Ke hana nei au no nā hui, ua hana au no lākou no nā makahiki he nui, a ke haʻi aku nei au iā ʻoe i kēia no ka manaʻo o kaʻu hoaaloha ʻaʻole wau he hana. Manaʻo ʻo ia ʻo kaʻu hana wale nō ke kū ma ke kahua a kamaʻilio, ʻaʻole hiki ke manaʻo ʻia he hana. Akā, ke'ōlelo nei au: "ʻaʻole, e kuʻu hauʻoli, he kākā'ōlelo wau"! ʻO ia ka ʻokoʻa - ʻōlelo wau i koʻu manaʻo a loaʻa iaʻu ka uku no ia mea.
E ʻae mai iaʻu e ʻōlelo penei - makemake mākou e like me ka poʻe hackers e haki i ka pūpū, a no mākou ʻaʻohe mea hauʻoli nui i ka honua ma mua o ka "ale ʻana i ka pūpū." Ke kākau nā mea loiloi IDS i kā lākou mau lula, hiki iā ʻoe ke ʻike ua kākau lākou iā lākou ma ke ʻano e pale ai i ka hacking shell. Akā inā ʻoe e kamaʻilio me CIO e pili ana i ka pilikia o ka unuhi ʻana i ka ʻikepili, e hāʻawi ʻo ia iā ʻoe e noʻonoʻo i nā koho ʻelua. E ʻōlelo kākou he noi kaʻu e hana ai i 100 "mau ʻāpana" i kēlā me kēia hola. He aha ka mea nui iaʻu - e hōʻoia i ka palekana o nā ʻikepili āpau i kēia noi a i ʻole ka palekana o ka pūpū "pahu"? He nīnau koʻikoʻi kēia! He aha kāu e hopohopo nui ai?
Ma muli wale nō o ka haʻihaʻi ʻana o ka pūpū "pahu" ʻaʻole ia he manaʻo ua loaʻa i kekahi ke komo i ka hana o loko o nā noi. ʻAe, ʻoi aku ia ma mua o ka mea hiki, a inā ʻaʻole i hiki mai, hiki koke paha. Akā, e hoʻomanaʻo i ka nui o nā huahana palekana i kūkulu ʻia ma ka manaʻo e holo ka mea hoʻouka i kāu pūnaewele. No laila ke nānā nei lākou i ka hoʻokō ʻana i nā kauoha, i ka hoʻokomo ʻana i nā kauoha, a pono ʻoe e hoʻomaopopo he mea koʻikoʻi kēia. Hōʻike lākou i nā haʻahaʻa liʻiliʻi, maʻalahi maʻalahi ma ka pae pūnaewele, nā injections SQL maʻalahi loa. ʻAʻole lākou manaʻo i nā hoʻoweliweli paʻakikī, ʻaʻole lākou manaʻo i nā memo i hoʻopili ʻia, ʻaʻole lākou mālama i kēlā ʻano mea. Hiki ke ʻōlelo ʻia ke ʻimi nei nā huahana palekana āpau i ka walaʻau, ke ʻimi nei lākou i ka "yapping", makemake lākou e hoʻōki i kahi mea e nahu ai i kou kuʻekuʻe wāwae. Eia kaʻu mea i aʻo ai i ka wā e pili ana i nā huahana palekana. ʻAʻole pono ʻoe e kūʻai i nā huahana palekana, ʻaʻole pono ʻoe e hoʻokele i ke kaʻa i hope. Pono ʻoe i nā poʻe mākaukau, akamai i hoʻomaopopo i ka ʻenehana. ʻAe, e koʻu Akua, nā kānaka! ʻAʻole mākou makemake e hoʻolei i nā miliona miliona i loko o kēia mau pilikia, akā nui ka poʻe o ʻoukou i hana ma kēia kahua a ʻike i ka wā e ʻike koke ai kou haku i kahi hoʻolaha, holo ʻo ia i ka hale kūʻai me ka ʻuā ʻana "pono mākou e kiʻi i kēia mea!". Akā ʻaʻole pono mākou, pono mākou e hoʻoponopono i ka haunaele ma hope o mākou. ʻO ia ke kumu o kēia hana.
ʻO kahi kūlana palekana kiʻekiʻe kahi mea aʻu i hoʻohana nui ai e hoʻomaopopo i nā lula o ka hana ʻana o nā mīkini pale. Ke hoʻomaopopo ʻoe i ke ʻano o ka pale ʻana, ʻaʻole paʻakikī ke kāpae ʻana i ka pale. No ka laʻana, loaʻa iaʻu kahi noi pūnaewele i pale ʻia e kāna pā ahi ponoʻī. Kopi au i ka helu wahi o ka papa hoʻonohonoho, hoʻopili iā ia i loko o ka pahu helu o ka polokalamu kele pūnaewele a hele i nā hoʻonohonoho a hoʻāʻo e hoʻopili i ka palapala hōʻailona cross-site.
ʻO ka hopena, loaʻa iaʻu kahi leka uila e pili ana i kahi hoʻoweliweli - ua ālai ʻia au.
Manaʻo wau he ʻino, ʻae ʻoe? Ke alo nei ʻoe i kahi huahana palekana. Akā pehea inā e hoʻāʻo wau i kekahi mea e like me kēia: e kau i ka ʻāpana Joe'+OR+1='1 i loko o ke kaula
E like me kāu e ʻike ai, ua hana. E hoʻoponopono iaʻu inā hewa wau, akā ua ʻike mākou ua lanakila ʻo SQL injection i ka pā ahi noi. I kēia manawa e hoʻohālike mākou e hoʻomaka i kahi ʻoihana palekana, no laila e kau mākou i ka pāpale o ka mea hana polokalamu. I kēia manawa, hoʻokomo mākou i ka ʻino no ka mea he pāpale ʻeleʻele. He kākā'ōlelo wau, no laila hiki iaʻu ke hana i kēia me nā mea hana polokalamu.
Makemake mākou e kūkulu a hoʻonoho i kahi ʻōnaehana ʻike intrusion hou, no laila e hoʻomaka mākou i kahi hoʻolaha ʻike hoʻopunipuni. ʻO Snort, ma ke ʻano he huahana open source, loaʻa nā haneli haneli o nā pūlima hoʻoweliweli intrusion. Pono mākou e hana pono, no laila ʻaʻole mākou e ʻaihue i kēia mau pūlima mai nā noi ʻē aʻe a hoʻokomo iā lākou i loko o kā mākou ʻōnaehana. Noho wale mākou a kākau hou iā lākou āpau - e Bob, Tim, Joe, e hele mai ma ʻaneʻi a holo wikiwiki i kēlā mau pūlima 100!
Pono pū mākou e hana i kahi scanner vulnerability. Ua ʻike ʻoe ʻo Nessus, ka mea ʻimi vulnerability maʻalahi, he 80 mau pūlima a me nā palapala e nānā ai i nā nāwaliwali. E hana hou mākou ma ke ʻano kūpono a kākau hou iā lākou a pau i kā mākou papahana.
Nīnau mai ka poʻe iaʻu, "Joe, ke hana nei ʻoe i kēia mau hoʻāʻo a pau me ka polokalamu open source e like me Mod Security, Snort a me nā mea like, pehea ke ʻano o lākou me nā huahana ʻē aʻe?" Pane wau iā lākou: "ʻAʻole like lākou!" No ka mea ʻaʻole ʻaihue nā mea kūʻai aku i nā mea mai nā huahana palekana open source, noho lākou i lalo a kākau i kēia mau lula a pau.
Inā hiki iā ʻoe ke hana i kāu mau pūlima ponoʻī a me nā kaula hoʻouka kaua me ka hoʻohana ʻole ʻana i nā huahana open source, he manawa kūpono kēia no ʻoe. Inā ʻaʻole hiki iā ʻoe ke hoʻokūkū kūʻē i nā huahana pāʻoihana, e neʻe ana i ke ala kūpono, pono ʻoe e ʻimi i kahi manaʻo e kōkua iā ʻoe e ʻike ʻia ma kāu kahua.
Ua ʻike nā kānaka a pau ke inu nei au. E hōʻike wau iā ʻoe i ke kumu o koʻu inu ʻana. Inā ua hana ʻoe i kahi loiloi kumu kumu i kou ola, e ʻona maoli ʻoe, e hilinaʻi iaʻu, ma hope e hoʻomaka ʻoe e inu.
No laila, ʻo C++ kā mākou ʻōlelo punahele. E nānā kākou i kēia polokalamu - Web Knight he polokalamu pā ahi no nā kikowaena pūnaewele. Loaʻa iā ia nā ʻokoʻa paʻamau. He mea hoihoi ia - inā wau e hoʻonoho i kēia pā ahi, ʻaʻole ia e pale iaʻu mai ka Outlook Web Access.
Kupaianaha! ʻO ia no ka mea he nui nā mea kūʻai lako polokalamu e huki ana i nā lula mai kekahi mau noi a hoʻokomo iā lākou i kā lākou huahana me ka ʻole o ka hana ʻana i kahi hui holoʻokoʻa o ka noiʻi kūpono. No laila, i ka wā e kau ai au i kahi noi pā ahi pūnaewele, manaʻo wau ua hana hewa nā mea āpau e pili ana i ka leka uila! No ka mea, ʻaneʻane kekahi leka uila e uhaki i ka palekana paʻamau. Loaʻa iā ʻoe ke code pūnaewele e hoʻokō i nā kauoha ʻōnaehana a me nā nīnau LDAP a i ʻole kekahi hale kūʻai waihona mea hoʻohana ʻē aʻe ma ka pūnaewele.
E haʻi mai iaʻu, ma ka honua hea kahi mea e manaʻo ʻia he palekana? E noʻonoʻo wale ʻoe: wehe ʻoe iā Outlook Web Access, kaomi b ctrl+K, e nānā i nā mea hoʻohana a me nā mea a pau, hoʻokele pololei ʻoe iā Active Directory mai ka pūnaewele, hoʻokō ʻoe i nā kauoha ʻōnaehana ma Linux inā ʻoe e hoʻohana i ka "squirrel mail" a i ʻole Horde mea e ae. Ke huki nei ʻoe i kēlā mau evals a me nā ʻano hana palekana ʻole. No laila, nui nā pā ahi e kāpae iā lākou mai ka papa inoa o nā hoʻoweliweli palekana, e hoʻāʻo e nīnau i kāu mea hana polokalamu e pili ana i kēia.
E hoʻi kāua i ka palapala noi Web Knight. Ua ʻaihue ia i nā lula palekana mai kahi scanner URL e nānā ana i kēia mau pae helu IP āpau. A he aha, ua hoʻokaʻawale ʻia kēia mau papa helu helu mai kaʻu huahana?
Makemake paha kekahi o ʻoukou e hoʻokomo i kēia mau helu wahi ma kāu pūnaewele? Makemake ʻoe e holo kāu pūnaewele ma kēia mau helu wahi? ʻAe, kupanaha. ʻAe, e ʻōwili i lalo i kēia polokalamu a nānā i nā mea ʻē aʻe i makemake ʻole ʻia e kēia pā ahi.
Kapa ʻia lākou ʻo "1999" a makemake lākou i kā lākou kikowaena pūnaewele i ka wā ma mua! Ke hoʻomanaʻo nei paha kekahi o ʻoukou i kēia mea ʻino: /scripts, /iishelp, msads? E hoʻomanaʻo paha kekahi mau kānaka me ka nostalgia i ka hauʻoli o ka hack ʻana i ia mau mea. "E hoʻomanaʻo, e ke kanaka, pehea ka lōʻihi i hala aku nei ua "pepehi" mākou i nā kikowaena, ua ʻoluʻolu!".
I kēia manawa, inā ʻoe e nānā i kēia mau ʻokoʻa, e ʻike ʻoe hiki iā ʻoe ke hana i kēia mau mea āpau - msads, printers, iisadmpwd - kēia mau mea āpau ʻaʻohe mea e pono ai i kēia lā. Pehea nā kauoha ʻaʻole ʻae ʻia ʻoe e hoʻokō?
ʻO kēia nā arp, at, cacls, chkdsk, cipher, cmd, com. Ke hoʻopaʻa inoa nei iā lākou, ua hoʻopiha ʻia ʻoe i nā hoʻomanaʻo o ka wā kahiko, "ka hoa, e hoʻomanaʻo i kā mākou lawe ʻana i kēlā kikowaena, e hoʻomanaʻo i kēlā mau lā"?
Akā eia ka mea hoihoi loa - ʻike anei kekahi iā WMIC ma aneʻi a i ʻole PowerShell? E noʻonoʻo ʻoe he polokalamu hou kāu e hana nei ma ka holo ʻana i nā palapala ma ka ʻōnaehana kūloko, a he mau palapala hou kēia, no ka mea makemake ʻoe e holo i ka Windows Server 2008, a e hana wau i kahi hana nui o ka pale ʻana me nā lula i hoʻolālā ʻia no Windows. 2000. No laila, i ka manawa aʻe e hele mai ai kekahi mea kūʻai aku iā ʻoe me kā lākou palapala noi pūnaewele, e nīnau iā ia, "e ke kanaka, ua hoʻolako anei ʻoe i nā mea e like me nā bits admin, a i ʻole ka hoʻokō ʻana i nā kauoha powershell, ua nānā ʻoe i nā mea ʻē aʻe a pau, no ka mea, e hele ana mākou. e hoʻohou a hoʻohana i ka mana hou o DotNET"? Akā, pono kēia mau mea a pau i loko o ka huahana palekana ma ka maʻamau!
ʻO ka mea aʻe aʻu e makemake ai e kamaʻilio me ʻoe e pili ana i ka logical fallaces. E hele kāua i 192.168.2.6. E pili ana kēia i ka noi like me ka mea ma mua.
Hiki iā ʻoe ke ʻike i kahi mea hoihoi inā ʻoe e kaomi i lalo i ka ʻaoʻao a kaomi i ka loulou Hoʻokaʻaʻike iā mākou.
Inā ʻoe e nānā i ke kumu kumu o ka pā "Contact Us", ʻo ia kekahi o nā ala pentesting aʻu e hana ai i nā manawa āpau, e ʻike ʻoe i kēia laina.
E noʻonoʻo ʻoe! Lohe au i ka ʻike ʻana i kēia mea i ʻōlelo ʻia: "Wow"! Ua hana mua au i ka hoʻāʻo ʻana no, e ʻōlelo, kahi waihona kālā billionaire, a ʻike wau i kahi mea like ma laila. No laila, ʻaʻole pono mākou i ka SQL injection a i ʻole ke kākau ʻana i ka pae kahua - loaʻa iā mākou ka mea nui, ʻo kēia pahu helu.
No laila, me ka hoʻonui ʻole - ua haʻi mai ka panakō iā mākou ua loaʻa iā lāua ʻelua - a he loea pūnaewele, a he mea nānā pūnaewele, ʻaʻole lākou i hana i kekahi ʻōlelo. ʻO ia hoʻi, manaʻo lākou he mea maʻamau ka wehe ʻana a heluhelu ʻia kahi faila kikokikona ma o ka polokalamu kele pūnaewele.
ʻO ia, hiki iā ʻoe ke heluhelu pololei i ka faila mai ka ʻōnaehana faila. Ua haʻi mai ke poʻo o kā lākou hui palekana iaʻu, "ʻAe, ua loaʻa i kekahi o nā scanners kēia nāwaliwali, akā ua manaʻo ʻia he mea liʻiliʻi." ʻO ia kaʻu i pane aku ai, ʻae, hāʻawi mai iaʻu i minuke. Ua paʻi au i ka inoa file=../../../../boot.ini i loko o ka pahu helu wahi a ua hiki iaʻu ke heluhelu i ka faila boot file!
Ua haʻi mai lākou iaʻu: "ʻaʻole, ʻaʻole, ʻaʻole kēia mau faila koʻikoʻi"! Ua pane au - akā ʻo Server 2008, ʻaʻole anei? ʻAe lākou, ʻo ia nō. 'Ōlelo wau - akā aia kēia kikowaena i kahi faila hoʻonohonoho i loko o ka papa kuhikuhi kumu o ke kikowaena, ʻaʻole? "Polo," wahi a lākou. "Maikaʻi," wahi aʻu, "pehea inā hana ka mea hoʻouka i kēia," a paʻi au i ka filename=web.config ma ka pahu helu. 'Ōlelo lākou - he aha, ʻaʻole ʻoe e ʻike i kekahi mea ma ka monitor?
Ke'ōlelo nei au - pehea inā e kaomi'ākau wau i ka nānā a koho i ka koho "Show page code"? A he aha kaʻu e loaʻa ai ma ʻaneʻi? "ʻAʻohe mea koʻikoʻi"? E ʻike wau i ka ʻōlelo huna o ka luna hoʻomalu!
A ʻōlelo ʻoe ʻaʻohe pilikia ma ʻaneʻi?
Akā ʻo kaʻu ʻāpana punahele ka mea aʻe. ʻAʻole ʻoe e ʻae iaʻu e holo i nā kauoha i loko o ka pahu, akā hiki iaʻu ke ʻaihue i ka ʻōlelo huna admin a me ka waihona waihona pūnaewele, e nānā i ka ʻikepili holoʻokoʻa, e ʻoki i nā mea āpau a me nā ʻōnaehana hemahema, a hele pū me nā mea āpau. ʻO kēia ka hihia i ka ʻōlelo ʻana o ke kanaka ʻino "e ke kanaka, he lā nui kēia"!
Mai ʻae i nā huahana palekana e lilo i maʻi nou! Mai ʻae i nā huahana palekana e hōʻeha iā ʻoe! E ʻimi i nā nerds, e hāʻawi iā lākou i kēlā mau mea hoʻomanaʻo Star Trek, e hoihoi iā lākou, e paipai iā lākou e noho pū me ʻoe, no ka mea, ʻo kēlā poʻe pilau nerdy ʻaʻole ʻauʻau i kēlā me kēia lā, ʻo ia ka mea e hana i kāu pūnaewele e like me kēia! ʻO kēia ka poʻe e kōkua i kāu huahana palekana e hana pono.
E haʻi mai iaʻu, ʻehia o ʻoukou e hiki ke noho i loko o ka lumi hoʻokahi no ka manawa lōʻihi me kahi kanaka e ʻōlelo mau nei: "ʻAe, pono wau e paʻi koke i kēia palapala!", A ʻo wai ka mea paʻa i kēia mau manawa? Akā makemake ʻoe i nā poʻe e hana i kāu huahana palekana.
No ka haʻi hou ʻana, he leo nā huahana palekana no ka mea hewa mau nā kukui, hana mau lākou i nā mea ʻino, ʻaʻole lākou e hāʻawi i ka palekana. ʻAʻole au i ʻike i kahi huahana palekana maikaʻi ʻaʻole koi i kahi kanaka me kahi screwdriver e hoʻopololei iā ia ma kahi e pono ai e hana hou a emi ʻole paha. He papa inoa nui wale nō o nā lula e ʻōlelo ana he ʻino, a ʻo ia nō!
No laila, e nā kāne, makemake wau e hoʻolohe ʻoukou i ka hoʻonaʻauao, i nā mea e like me ka palekana, polytechnics, no ka mea, nui nā papa pūnaewele manuahi e pili ana i nā pilikia palekana. E aʻo i ka Python, e aʻo i ka Assembly, e aʻo i ka hoʻāʻo ʻana i ka noi pūnaewele.
Eia ka mea e kōkua maoli iā ʻoe e hoʻopaʻa i kāu pūnaewele. Mālama ka poʻe akamai i nā pūnaewele, ʻaʻole pale nā huahana pūnaewele! E hoʻi i ka hana a haʻi aku i kou haku makemake ʻoe i kālā hou aʻe no ka poʻe akamai hou aku, ʻike wau he pilikia kēia i kēia manawa akā e haʻi aku iā ia pono mākou i kālā hou aku no ka poʻe e hoʻonaʻauao iā lākou. Inā kūʻai mākou i kahi huahana akā ʻaʻole mākou e kūʻai i kahi papa e pili ana i ka hoʻohana ʻana no ka mea he pipiʻi, a laila no ke aha mākou e kūʻai ai inā ʻaʻole mākou e aʻo i ka poʻe pehea e hoʻohana ai?
Ua hana au no nā mea kūʻai huahana palekana he nui, ua hoʻohana wau i koʻu ola a pau i ka hoʻokō ʻana i kēia mau huahana, a ke maʻi nei au i kēia mau mana a me nā mea āpau no ka mea ua hoʻokomo a holo wau i kēia mau huahana crap. I kekahi lā ua hele au i kahi mea kūʻai aku, makemake lākou e hoʻokō i ka maʻamau 802.1x no ka protocol EAP, no laila loaʻa iā lākou nā helu MAC a me nā helu lua no kēlā me kēia awa. Hele mai au, ʻike ua hewa, huli aʻe a hoʻomaka e kaomi i nā pihi ma ka paʻi. ʻIke ʻoe, hiki i ka mea paʻi ke paʻi i kahi ʻaoʻao hoʻāʻo ʻenehana me nā helu MAC āpau a me nā helu IP. Akā ua ʻike ʻia ʻaʻole kākoʻo ka mea paʻi i ka maʻamau 802.1x, no laila pono e kāpae ʻia.
A laila wehe wau i ka mea paʻi a hoʻololi i ka helu MAC o kaʻu pona i ka helu MAC o ka mea paʻi a hoʻopili i kaʻu kamepiula, no laila ke kāpae nei i kēia hopena MAC pipiʻi, e noʻonoʻo e pili ana! No laila he aha ka maikaʻi e hiki ai i kēia hoʻonā MAC ke hana iaʻu inā hiki i ke kanaka ke hoʻopau wale i nā mea hana ma ke ʻano he paʻi a kelepona VoIP paha?
No laila noʻu i kēia lā, ʻo ka pentesting e pili ana i ka hoʻolilo manawa e hoʻomaopopo a hoʻomaopopo i kahi huahana palekana a kaʻu mea kūʻai aku i kūʻai ai. I kēia manawa, ʻo kēlā me kēia panakō aʻu e hana ai i kahi hoʻāʻo hoʻopaʻa ʻana i loaʻa kēia mau HIPS, NIPS, LAUGTHS, MACS a me kahi pūʻulu o nā acronyms ʻē aʻe. Akā ke hoʻāʻo nei au e noʻonoʻo i ka mea a kēia mau huahana e hoʻāʻo nei e hana a pehea lākou e hoʻāʻo nei e hana. A laila, i ka manawa aʻu e noʻonoʻo ai i ke ʻano a me ka loiloi a lākou e hoʻohana ai e hāʻawi i ka pale, ʻaʻole paʻakikī loa ka hele ʻana a puni.
ʻO kaʻu huahana punahele, aʻu e haʻalele ai iā ʻoe, ua kapa ʻia ʻo MS 1103. He mea hoʻohana ma ka polokalamu kele pūnaewele e pīpī i ka HIPS, Host Intrusion Prevention Signature, a i ʻole Host Intrusion Prevention Signatures. ʻO ka ʻoiaʻiʻo, ua manaʻo ʻia e kāpae i nā pūlima HIPS. ʻAʻole wau makemake e hōʻike iā ʻoe pehea e hana ai no ka mea ʻaʻole wau makemake e lawe i ka manawa e hōʻike aku ai, akā he hana nui ia i ka pale ʻana i kēia pale, a makemake wau e lawe ʻoe iā ia.
E nā kāne, e haʻalele ana au i kēia manawa.
Kekahi mau hoʻolaha 🙂
Mahalo no kou noho pū ʻana me mākou. Makemake ʻoe i kā mākou ʻatikala? Makemake ʻoe e ʻike i nā mea hoihoi hou aʻe? E kākoʻo iā mākou ma ke kau ʻana i kahi kauoha a i ʻole ka ʻōlelo ʻana i nā hoaaloha, , he analogue kū hoʻokahi o nā kikowaena hoʻokomo-level, i hana ʻia e mākou no ʻoe: (loaʻa me RAID1 a me RAID10, a hiki i 24 cores a hiki i 40GB DDR4).
ʻO Dell R730xd 2 mau manawa maʻalahi ma Equinix Tier IV kikowaena data ma Amsterdam? Eia wale nō ma Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - mai $99! Heluhelu e pili ana
Source: www.habr.com