I kekahi manawa aku nei ua kākau wau e pili ana , aka, he uuku a he haunaele. Ma hope iho, ua hoʻoholo wau e hoʻonui i ka papa inoa o nā mea hana i ka loiloi, hoʻohui i ka hoʻolālā i ka ʻatikala, a noʻonoʻo i ka hoʻohewa ʻana (mahalo nui no ka ʻōlelo aʻo) a hoʻouna ʻia i kahi hoʻokūkū ma SecLab (a paʻi ʻia , akā no nā kumu maopopo ʻaʻohe mea i ʻike iā ia). Ua pau ka hoʻokūkū, ua hoʻolaha ʻia nā hopena a me ka noʻonoʻo maʻemaʻe hiki iaʻu ke paʻi (ka ʻatikala) ma Habré.
Nā mea hana Pentester no ka pūnaewele manuahi
Ma kēiaʻatikala e kamaʻilio wau e pili ana i nā mea hana kaulana loa no ka pentesting (penetration tests) o nā noi pūnaewele me ka hoʻohana ʻana i ka hoʻolālā "black box".
No ka hana ʻana i kēia, e nānā mākou i nā pono hana e kōkua i kēia ʻano hoʻāʻo. E noʻonoʻo i kēia mau ʻāpana huahana:
- Nā mea nānā pūnaewele
- ʻO nā mea hōʻailona hōʻino palapala pūnaewele
- Ka hoʻohana ʻana
- ʻO ke ʻano o nā injections
- Debuggers (sniffers, local proxies, etc.)
ʻO kekahi mau huahana he "ʻano" āpau, no laila e hoʻokaʻawale wau iā lākou i loko o ka māhele i loaʻa iā lākou aоʻoi aku ka maikaʻi o ka hopena (manaʻo kumuhana).
Nā mea nānā pūnaewele.
ʻO ka hana nui ka ʻike ʻana i nā lawelawe pūnaewele i loaʻa, hoʻokomo i kā lākou mau mana, hoʻoholo i ka OS, etc.
Nmap
he manuahi manuahi a wehe ʻia no ka nānā ʻana i ka pūnaewele a me ka loiloi palekana ʻōnaehana. Hiki i nā hoa hakakā o ka console ke hoʻohana iā Zenmap, kahi GUI no Nmap.
ʻAʻole kēia he scanner "akamai", he mea hoʻonui nui (kekahi o nā "hiʻohiʻona maʻamau" ʻo ia ka hele ʻana o kahi palapala no ka nānā ʻana i kahi node no ka hele ʻana o kahi ilo ""(i ʻōlelo ʻia ). Laʻana hoʻohana maʻamau:
nmap -A -T4 localhost
-A no ka ʻike ʻana i ka mana o ka OS, ka nānā ʻana a me ka ʻimi ʻana
-T4 hoʻonohonoho mana manawa (ʻoi aku ka wikiwiki, mai 0 a 5)
localhost - mea hoʻokipa
ʻOi aku ka paʻakikī?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
ʻO kēia kahi o nā koho mai ka "slow comprehensive scan" profile ma Zenmap. He lōʻihi ka manawa e hoʻopau ai, akā hāʻawi i ka ʻike kikoʻī hou aʻe i hiki ke ʻike ʻia e pili ana i ka ʻōnaehana target. , inā hoʻoholo ʻoe e hele i ka hohonu, paipai pū wau e unuhi i ka ʻatikala .
Ua hāʻawi ʻia ʻo Nmap i ke kūlana "Huahana Palekana o ka Makahiki" e nā makasina a me nā hui e like me Linux Nūpepa, ʻIke Honua, LinuxNā Nīnau.Org a me Codetalker Digest.
ʻO kahi mea hoihoi, hiki ke ʻike ʻia ʻo Nmap ma nā kiʻiʻoniʻoni "The Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" a me .
IP-Paahana
- he ʻano hoʻonohonoho o nā pono pūnaewele ʻokoʻa, hele mai me kahi GUI, "hoʻolaʻa" i nā mea hoʻohana Windows.
ʻO ka scanner port, nā kumuwaiwai like (nā paʻi paʻi like ʻole), ʻo WhoIs/Finger/Lookup, telnet client a ʻoi aku. He mea hana maʻalahi, wikiwiki, hana.
ʻAʻohe wahi kikoʻī i ka noʻonoʻo ʻana i nā huahana ʻē aʻe, no ka mea he nui nā pono hana ma kēia wahi a loaʻa iā lākou nā loina hana like a me nā hana. Eia nō naʻe, ʻo ka nmap ka mea i hoʻohana pinepine ʻia.
ʻO nā mea hōʻailona hōʻino palapala pūnaewele
Ke hoʻāʻo nei e ʻimi i nā nāwaliwali kaulana (SQL inj, XSS, LFI/RFI, etc.) a i ʻole nā hewa (ʻaʻole i holoi ʻia nā faila manawaleʻa, papa kuhikuhi kuhikuhi, etc.)
ʻO ka Scanner Vulnerability Web Acunetix
- mai ka loulou hiki iā ʻoe ke ʻike he xss scanner kēia, akā ʻaʻole pololei kēia. ʻO ka mana manuahi, loaʻa ma aneʻi, hāʻawi i nā hana he nui. ʻO ka mea maʻamau, ʻo ka mea nāna e hoʻokele i kēia scanner no ka manawa mua a loaʻa iā ia kahi hōʻike e pili ana i kā lākou kumu waiwai no ka manawa mua e ʻike i kahi haʻalulu iki, a maopopo iā ʻoe ke kumu e hana ai ʻoe i kēia. He huahana ikaika loa kēia no ka nānā ʻana i nā ʻano nāwaliwali āpau ma kahi pūnaewele a hana ʻaʻole wale me nā pūnaewele PHP maʻamau, akā ma nā ʻōlelo ʻē aʻe (ʻoiai ʻaʻole he hōʻailona ka ʻokoʻa o ka ʻōlelo). ʻAʻohe wahi kikoʻī i ka wehewehe ʻana i nā ʻōlelo aʻoaʻo, no ka mea, "ʻohi" wale ka scanner i nā hana a ka mea hoʻohana. ʻO kekahi mea e like me "next, next, next, ready" i kahi hoʻonohonoho polokalamu maʻamau.
Nikto
He mea kolo punaewele Open Source (GPL) keia. Hoʻopau i ka hana lima maʻamau. Huli i ka paena i hoʻopaʻa ʻia no nā palapala i hoʻopau ʻole ʻia (kekahi test.php, index_.php, etc.), nā mea hana hoʻokele waihona (/phpmyadmin/, /pma a me nā mea like), a me nā mea ʻē aʻe, ʻo ia hoʻi, nānā i ka punawai no nā hewa maʻamau. maʻa mau ʻia e nā kumu kanaka.
Eia kekahi, inā loaʻa iā ia kekahi palapala kaulana, nānā ia no nā hana hoʻokuʻu ʻia (aia ma ka waihona).
Loaʻa nā hōʻike "makemake ʻole" e like me PUT a me TRACE
A laila. He mea maʻalahi loa inā hana ʻoe ma ke ʻano he loiloi a nānā i nā pūnaewele i kēlā me kēia lā.
ʻO nā mea liʻiliʻi, makemake wau e hoʻomaopopo i ka pakeneka kiʻekiʻe o nā hopena maikaʻi ʻole. No ka laʻana, inā hāʻawi mau kāu pūnaewele i ka hewa nui ma mua o kahi hewa 404 (i ka wā e hiki mai ai), a laila e ʻōlelo ka scanner aia kāu pūnaewele i nā palapala āpau a me nā nāwaliwali āpau mai kāna waihona. I ka hoʻomaʻamaʻa, ʻaʻole hiki pinepine kēia, akā ʻo ka mea ʻoiaʻiʻo, hilinaʻi nui i ke ʻano o kāu pūnaewele.
Hoʻohana maʻamau:
./nikto.pl -host localhost
Inā pono ʻoe e ʻae ʻia ma ka pūnaewele, hiki iā ʻoe ke hoʻonohonoho i kahi kuki ma ka faila nikto.conf, ka hoʻololi STATIC-COOKIE.
Wikto
- Nikto ma lalo Windows, akā me kekahi mau hoʻohui, e like me ka logic fuzzy no ka nānā ʻana i nā hewa, ka hoʻohana ʻana iā GHDB, ka hoʻihoʻi ʻana i nā loulou kumuwaiwai a me nā waihona, a me ka nānā ʻana i nā noi/pane HTTP i ka manawa maoli. Ua kākau ʻia ʻo Wikto ma C# a koi i ka ʻōnaehana .NET.
skipfish
- ka mīkini paʻi kiʻi pūnaewele mai (ʻike ʻia ʻo lcamtuf). Kākau ʻia ma C, cross-platform (Win koi iā Cygwin). Recursively (a no ka manawa lōʻihi loa, ma kahi o 20 ~ 40 mau hola, ʻoiai ʻo ka manawa hope loa i hana ai iaʻu he 96 mau hola) kolo ia i ka pūnaewele holoʻokoʻa a loaʻa nā ʻano puka palekana āpau. Hoʻopuka pū ia i ka nui o nā kaʻa (he mau GB komo / puka waho). Akā maikaʻi nā ala āpau, ʻoiai inā loaʻa iā ʻoe ka manawa a me nā kumuwaiwai.
Hoʻohana maʻamau:
./skipfish -o /home/reports www.example.com
Ma ka waihona "hōʻike" e loaʻa kahi hōʻike ma html, .
w3af 
— Web Application Attack and Audit Framework, open-source web vulnerability scanner. Loaʻa iā ia kahi GUI, akā hiki iā ʻoe ke hana mai ka console. ʻOi aku ka pololei, ʻo ia kahi hoʻolālā me .
Hiki iaʻu ke hoʻomau i ka ʻōlelo ʻana e pili ana i kona mau pono, akā ʻoi aku ka maikaʻi o ka hoʻāʻo ʻana :]
ʻO ka hana maʻamau me ia e iho i ke koho ʻana i kahi ʻaoʻao, ke kuhikuhi ʻana i kahi pahuhopu, a, ʻoiaʻiʻo, e hoʻomaka ana.
Mantra Security Framework
he moeuhane i hiki mai. He hōʻiliʻili o nā mea hana palekana ʻike manuahi a wehe ʻia i kūkulu ʻia i loko o kahi polokalamu kele pūnaewele.
Maikaʻi loa i ka hoʻāʻo ʻana i nā noi pūnaewele ma nā pae āpau.
Hoʻomaka ka hoʻohana ʻana i ke kau ʻana a me ka hoʻomaka ʻana i ka polokalamu kele pūnaewele.
ʻO kaʻoiaʻiʻo, nui nā mea pono i kēia ʻāpana a paʻakikī loa ke koho i kahi papa inoa kikoʻī mai lākou. ʻO ka pinepine, hoʻoholo kēlā me kēia pentester i ka hoʻonohonoho o nā mea hana e pono ai.
Ka hoʻohana ʻana
No ka hoʻohana maʻalahi a ʻoi aku ka maʻalahi o nā nāwaliwali, ua kākau ʻia nā hana i loko o nā polokalamu a me nā palapala, pono e hāʻawi ʻia i nā ʻāpana i mea e hoʻohana ai i ka lua palekana. A aia nā huahana e hoʻopau i ka pono e ʻimi me ka lima no ka hoʻohana ʻana, a hoʻopili iā lākou ma ka lele. E kūkākūkā ʻia kēia māhele.
Kākuhi Metasploit 
- he ʻano monster i kā mākou ʻoihana. Hiki iā ia ke hana i nā ʻatikala he nui nā kuhikuhi. E nānā mākou i ka hoʻohana maʻalahi (nmap + metasploit). ʻO ka laina lalo kēia: E nānā ʻo Nmap i ke awa e pono ai mākou, e hoʻokomo i ka lawelawe, a e hoʻāʻo ʻo metasploit e hoʻohana i nā hana ma muli o ka papa lawelawe (ftp, ssh, etc.). Ma kahi o nā ʻōlelo kuhikuhi, e hoʻokomo wau i kahi wikiō, kaulana loa ma ke kumuhana autopwn
A i ʻole hiki iā mākou ke hoʻokaʻawale i ka hana o ka hoʻohana ʻana iā mākou e pono ai. E laʻa:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
ʻO ka ʻoiaʻiʻo, ʻoi aku ka nui o nā mana o kēia anga, no laila inā hoʻoholo ʻoe e hele hohonu, e hele i
ʻĀlani
- OVA o ke ʻano cyberpunk GUI no Metasploit. Nānā i ka pahu hopu, paipai i ka hoʻohana ʻana a hāʻawi i nā hiʻohiʻona holomua o ka framework. Ma keʻano laulā, no ka poʻe makemake i nā mea a pau e nānā nani a nani.
Kiʻi kiʻi:
ʻO Nessus® pono
- hiki ke hana i nā mea he nui, akā ʻo kekahi o nā mea hiki iā mākou ke hoʻoholo i nā lawelawe i hoʻohana. Mana manuahi o ka huahana "home only"
Hoʻohana:
- Hoʻoiho ʻia (no kāu ʻōnaehana), hoʻokomo ʻia, hoʻopaʻa inoa ʻia (ua hoʻouna ʻia ke kī i kāu leka uila).
- Hoʻomaka i ka kikowaena, hoʻohui i ka mea hoʻohana iā Nessus Server Manager (Manage mea hoʻohana pihi)
- Hele mākou i ka helu wahi
https://localhost:8834/
a e kiʻi i ka mea kūʻai uila ma ka polokalamu kele pūnaewele
- Scans -> Add -> hoʻopiha i nā kahua (ma ke koho ʻana i ka ʻaoʻao scanning e kūpono iā mākou) a kaomi iā Scan
Ma hope o kekahi manawa, e hōʻike ʻia ka hōʻike scan ma ka pā Hōʻike
No ka nānā ʻana i ka haʻahaʻa kūpono o nā lawelawe i ka hoʻohana ʻana, hiki iā ʻoe ke hoʻohana i ka Metasploit Framework i wehewehe ʻia ma luna a i ʻole e hoʻāʻo e ʻimi i kahi hoʻohana (no ka laʻana, ma , , etc.) a hoʻohana me ka lima kona ʻōnaehana
IMHO: nui loa. Ua lawe au iā ia ma ke ʻano he alakaʻi i kēia ʻaoʻao o ka ʻoihana polokalamu.
ʻO ke ʻano o nā injections
ʻImi ka nui o nā mea hoʻopaʻa pūnaewele sec no nā injections, akā he mau scanner maʻamau wale nō. A aia nā pono hana e pili pono ana i ka ʻimi ʻana a me ka hoʻohana ʻana i nā injections. E kamaʻilio mākou e pili ana iā lākou i kēia manawa.
sqlmap
- ka mea hoʻohana open-source no ka ʻimi ʻana a me ka hoʻohana ʻana i nā injections SQL. Kākoʻo i nā kikowaena waihona e like me: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Hoʻohana ʻia ka hoʻohana maʻamau i ka laina:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Ua lawa nā manuale, me ka ʻōlelo Lūkini. Hoʻoikaika nui ka polokalamu i ka hana a kahi pentester i ka wā e hana ai ma kēia wahi.
E hoʻohui au i kahi hōʻike wikiō kūhelu:
bsqlbf-v2
- he palapala perl, he mea ikaika no ka "makapo" Sql injections. Hoʻohana ia me nā helu integer ma url a me nā koina string.
Kākoʻo ʻia ka waihona:
- MS-SQL
- MySQL
- PostgreSQL
- kahi e'ōlelo ai
Laʻana hoʻohana:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
-url — Hoʻohui me nā ʻāpana
-makapo u - ka palena no ka injection (ma ka maʻamau i lawe ʻia ka mea hope mai ka pahu helu helu)
-sql "koho table_name mai imformation_schema.tables palena 1 offset 0" - kā mākou noi hoʻopaʻapaʻa i ka waihona
- waihona waihona 1 — kikowaena waihona: MSSQL
-ʻano 1 — ke ʻano o ka hoʻouka ʻana, "makapō" i hoʻokomo ʻia, e pili ana i nā pane ʻoiaʻiʻo a me ka Hapa (no ka laʻana, syntax errors)
Nā Debuggers
Hoʻohana nui ʻia kēia mau mea hana e nā mea hoʻomohala inā loaʻa iā lākou nā pilikia me nā hopena o ka hoʻokō ʻana i kā lākou code. Akā he mea pono kēia kuhikuhi no ka pentesting, ke hiki iā mākou ke hoʻololi i ka ʻikepili a mākou e pono ai ma ka lele, e nānā i nā mea e hiki mai ana i ka pane ʻana i kā mākou mau helu hoʻokomo (no ka laʻana, i ka wā fuzzing), etc.
Burp Suite
- kahi hoʻonohonoho o nā pono hana e kōkua i nā hoʻokolohua komo. Aia ma ka Pūnaewele ma Rusia mai Raz0r (ʻoiai no 2008).
Aia ka mana manuahi:
- ʻO Burp Proxy kahi koho kūloko e hiki ai iā ʻoe ke hoʻololi i nā noi i hana mua ʻia mai ka polokalamu kele pūnaewele
- Burp Spider - spider, ʻimi i nā faila a me nā papa kuhikuhi
- Burp Repeater - hoʻouna lima lima i nā noi HTTP
- Burp Sequencer - ka nānā ʻana i nā waiwai maʻamau i nā ʻano
- ʻO Burp Decoder kahi encoder-decoder maʻamau (html, base64, hex, etc.), nona nā tausani, hiki ke kākau koke ʻia i kekahi ʻōlelo.
- Burp Comparer - Māhele Hoʻohālikelike String
Ma ke kumu, hoʻoponopono kēia pūʻolo i nā pilikia āpau e pili ana i kēia wahi.
Kūlana
- ʻO Fiddler kahi mea hoʻopiʻi hoʻopiʻi e hoʻopaʻa inoa i nā kaʻa HTTP(S) āpau. Hāʻawi iā ʻoe e nānā i kēia kaʻa, hoʻonohonoho i nā wahi haʻihaʻi a "pāʻani" me ka ʻikepili komo a i waho paha.
Aia kekahi , monster a me nā mea ʻē aʻe, aia ka koho i ka mea hoʻohana.
hopena
Ma keʻano maʻamau, loaʻa i kēlā me kēia pentester kāna mea ponoʻī a me kāna mau pono ponoʻī, no ka mea he nui wale lākou. Ua ho'āʻo wau e papa inoa i kekahi o nā mea maʻalahi a kaulana. Akā i hiki i kekahi ke hoʻomaʻamaʻa iā lākou iho me nā pono hana ʻē aʻe ma kēia kuhikuhi, e hāʻawi wau i nā loulou ma lalo nei.
Nā kiʻekiʻe kiʻekiʻe / papa inoa o nā scanners a me nā pono hana
- .
Māhele Linux, kahi i hoʻokomo pū i kahi pūʻulu o nā pono hana like ʻole no ka pentesting
upd: ma Lūkini mai ka hui "Hack4Sec" (hoʻohui )
P.S. ʻAʻole hiki iā mākou ke noho mālie e pili ana iā XSpider. ʻAʻole i komo i ka loiloi, ʻoiai ʻo ia ka shareware (ʻike wau i ka wā aʻu i hoʻouna ai i ka ʻatikala iā SecLab, ʻoiaʻiʻo ma muli o kēia (ʻaʻole ʻike, a me ka nele o ka mana hou 7.8) a ʻaʻole i hoʻokomo i loko o ka ʻatikala). A ma ke kumumanaʻo, ua hoʻolālā ʻia kahi loiloi o ia mea (ua hoʻomākaukau wau i nā hoʻokolohua paʻakikī no ia), akā ʻaʻole maopopo iaʻu inā ʻike ka honua.
P.P.S. E hoʻohana ʻia kekahi mau mea mai ka ʻatikala no kāna kumu i manaʻo ʻia ma kahi hōʻike e hiki mai ana ma 2012 ma ka ʻāpana QA, kahi e loaʻa ai nā mea hana ʻaʻole i ʻōlelo ʻia ma aneʻi (free, ʻoiaʻiʻo), a me ka algorithm, i ke ʻano o ka hoʻohana ʻana i ka mea, he aha ka hopena e manaʻo ai, he aha nā hoʻonohonoho e hoʻohana ai a me nā ʻano hōʻailona a me nā hoʻopunipuni a pau. e hana ana (Manaʻo wau e pili ana i ka hōʻike kokoke i kēlā me kēia lā, e hoʻāʻo wau e haʻi iā ʻoe i nā mea maikaʻi loa e pili ana i ke kumuhana kumuhana)
Ma ke ala, aia kahi haʻawina ma kēia ʻatikala ma Wehe i nā lā InfoSec (, ), hiki powa i na Korovan e koho pono .
Source: www.habr.com
