He mea maʻamau ka lohi i ke kau inoa ʻana no kekahi hui nui. ʻAʻole ʻokoʻa ka ʻaelike ma waena o Tom Hunter a me kahi hale kūʻai holoholona pipi no ka hoʻopaʻa ʻana. Pono mākou e nānā i ka pūnaewele, ka pūnaewele kūloko, a me ka hana Wi-Fi.
ʻAʻole ia he mea kupanaha i ka ʻāʻī ʻana o koʻu mau lima ma mua o ka hoʻopaʻa ʻia ʻana o nā hana a pau. ʻAe, e nānā wale i ka pūnaewele i ka hihia, ʻaʻole paha e hana hewa kahi hale kūʻai kaulana e like me "The Hound of the Baskervilles". I kekahi mau lā ma hope mai, ua hāʻawi hope ʻia ʻo Tom i ka ʻaelike kumu i hoʻopaʻa ʻia - i kēia manawa, ma luna o ke kolu o ka pahu kofe, ua loiloi ʻo Tom mai ka CMS kūloko me ka hoihoi i ke kūlana o nā hale kūʻai ...
Source:
Akā ʻaʻole hiki ke hoʻokele nui i ka CMS - ua pāpā nā luna o ka pūnaewele i ka IP o Tom Hunter. ʻOiai hiki ke loaʻa ka manawa e hoʻopuka ai i nā bonus ma ke kāleka hale kūʻai a hānai i kāu pōpoki aloha ma ke kumukūʻai no nā mahina he nui ... "ʻAʻole i kēia manawa, Darth Sidious," noʻonoʻo ʻo Tom me ka ʻakaʻaka. ʻAʻole i emi iki ka hele ʻana mai ka wahi pūnaewele i ka pūnaewele kūloko o ka mea kūʻai aku, akā ʻike ʻia ʻaʻole pili kēia mau ʻāpana no ka mea kūʻai aku. Eia naʻe, hana pinepine kēia i nā ʻoihana nui loa.
Ma hope o nā hana āpau, ua hoʻopaʻa ʻo Tom Hunter iā ia iho me ka waihona VPN i hāʻawi ʻia a hele i ka pūnaewele kūloko o ka mea kūʻai. Aia ka mooolelo i loko o ka waihona Active Directory, no laila ua hiki ke hoʻolei iā AD me ka ʻole o nā hoʻopunipuni kūikawā - hoʻokahe i nā ʻike āpau i loaʻa i ka lehulehu e pili ana i nā mea hoʻohana a me nā mīkini hana.
Ua hoʻomaka ʻo Tom i ka pono adfind a hoʻomaka i ka hoʻouna ʻana i nā noi LDAP i ka mea hoʻokele domain. Me kahi kānana ma ka papa objectСategory, e kuhikuhi ana i ke kanaka ma ke ʻano he ʻano. Ua hoʻi mai ka pane me ke ʻano penei:
dn:CN=Гость,CN=Users,DC=domain,DC=local
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>cn: Гость
>description: Встроенная учетная запись для доступа гостей к компьютеру или домену
>distinguishedName: CN=Гость,CN=Users,DC=domain,DC=local
>instanceType: 4
>whenCreated: 20120228104456.0Z
>whenChanged: 20120228104456.0ZMa waho aʻe o kēia, ua nui nā ʻike pono, akā ʻo ka mea hoihoi loa i loko o ka >description: >description field. He manaʻo kēia ma kahi moʻokāki - he wahi kūpono e mālama ai i nā memo liʻiliʻi. Akā ua hoʻoholo nā luna o ka mea kūʻai aku e noho mālie nā ʻōlelo huna. ʻO wai, ma hope o nā mea a pau, makemake paha i kēia mau moʻolelo kūlana koʻikoʻi? No laila, ʻo nā ʻōlelo i loaʻa iā Tom:
Создал Администратор, 2018.11.16 7po!*VqnʻAʻole pono ʻoe e lilo i ʻepekema rocket e hoʻomaopopo i ke kumu e pono ai ka hui ʻana ma ka hopena. ʻO nā mea a pau i koe, ʻo ia ka hoʻokaʻawale ʻana i ka faila pane nui mai ka CD me ka hoʻohana ʻana i ke kahua wehewehe: a eia lākou - 20 mau inoa inoa inoa inoa. Eia kekahi, kokoke ka hapalua i loaʻa nā kuleana komo RDP. ʻAʻole kahi alahaka maikaʻi ʻole, ka manawa e hoʻokaʻawale i nā pūʻali hoʻouka.
kaiapuni pūnaewele
Hoʻomanaʻo nā Hounds o nā pōlele Baskerville i ke kūlanakauhale nui i loko o kona haunaele a me ka hiki ʻole ke ʻike. Me nā mea hoʻohana a me nā ʻaoʻao RDP, he keikikāne ʻo Tom Hunter i kēia kūlanakauhale, akā hiki iā ia ke ʻike i nā mea he nui ma o nā puka makani ʻālohilohi o ke kulekele palekana.
Ua hoʻolaha ʻia nā ʻāpana o nā kikowaena faila, nā moʻohelu moʻohelu kālā, a me nā palapala pili pū me lākou. Ma nā hoʻonohonoho o kekahi o kēia mau palapala, ua ʻike ʻo Tom i ka hash MS SQL o hoʻokahi mea hoʻohana. ʻO kahi kupua ikaika liʻiliʻi - a ua lilo ka hash o ka mea hoʻohana i ʻōlelo huna kikokikona. Mahalo iā John The Ripper a me Hashcat.
Pono kēia kī i kahi pahu. Ua loaʻa ka pahu, a ʻoi aku ka nui o nā "puhi" he ʻumi i pili pū me ia. A i loko o nā ʻeono kau ... nā kuleana superuser, nt mana ʻōnaehana! Ma luna o ʻelua o lākou ua hiki iā mākou ke holo i ke kaʻina hana mālama xp_cmdshell a hoʻouna i nā kauoha cmd i Windows. He aha hou kāu e makemake ai?
Nā mea hoʻoponopono domain
Ua hoʻomākaukau ʻo Tom Hunter i ka lua o ka pupuhi no nā mea hoʻokele domain. ʻEkolu o lākou i loko o ka pūnaewele "Dogs of the Baskervilles", e like me ka helu o nā kikowaena mamao. Loaʻa i kēlā me kēia mea hoʻoponopono domain kahi waihona lehulehu, e like me kahi pahu hōʻike wehe i loko o kahi hale kūʻai, kahi kokoke i kahi keiki ʻilihune ʻo Tom e kau ai.
A i kēia manawa ua laki hou ke kanaka - ua poina iā lākou e wehe i ka palapala mai ka pahu hōʻikeʻike, kahi i hoʻopaʻa ʻia ai ka ʻōlelo huna admin server kūloko. No laila ua wehe ʻia ke ala i ka mea hoʻoponopono domain. E komo mai, e Tom!
Ma ʻaneʻi i huki ʻia ai ka pāpale kupua , ka mea i loaʻa kālā mai kekahi mau luna hoʻomalu. Ua loaʻa iā Tom Hunter ke komo i nā mīkini āpau ma ka pūnaewele kūloko, a ua hoʻoweliweli ka ʻakaʻaka daimonio i ka pōpoki mai ka noho aʻe. Ua pōkole kēia ala ma mua o ka mea i manaʻo ʻia.
KuIoha
Ke ola nei ka hoʻomanaʻo ʻana iā WannaCry a me Petya i ka manaʻo o nā pentesters, akā ua poina kekahi mau admins e pili ana i ka ransomware i ke kahe o nā nūhou ahiahi. Ua ʻike ʻo Tom i ʻekolu node me kahi nāwaliwali i ka protocol SMB - CVE-2017-0144 a i ʻole EternalBlue. ʻO kēia ka nāwaliwali like i hoʻohana ʻia e kahele ʻana i ka WannaCry a me Petya ransomware, kahi nāwaliwali e hiki ai ke hoʻokō ʻia ke code arbitrary ma kahi host. Ma kekahi o nā node palupalu aia kahi kau hoʻokele domain - "hoʻohana a loaʻa." He aha kāu e hana ai, ʻaʻole i aʻo ka manawa i nā mea a pau.
"Ka ʻīlio a Basterville"
ʻO nā Classics o ka palekana ʻike e like me ka haʻi ʻana i ka wahi nāwaliwali loa o kekahi ʻōnaehana ʻo ke kanaka. E hoʻomaopopo ʻaʻole i kūlike ka poʻomanaʻo ma luna me ka inoa o ka hale kūʻai? ʻAʻole naʻe ka poʻe a pau i makaʻala.
Ma nā kuʻuna maikaʻi loa o ka phishing blockbusters, ua hoʻopaʻa inoa ʻo Tom Hunter i kahi kikowaena i ʻokoʻa i hoʻokahi leka mai ka domain "Hounds of the Baskervilles". Ua hoʻohālike ka helu leka uila ma kēia kahua i ka helu wahi o ka lawelawe palekana ʻike o ka hale kūʻai. I loko o nā lā 4 mai ka hola 16:00 a hiki i ka hola 17:00, ua hoʻouna like ʻia kēia leka i 360 mau helu mai kahi helu hoʻopunipuni:
Malia paha, ʻo kā lākou palaualelo wale nō i hoʻopakele i nā limahana mai ka leaka nui o nā ʻōlelo huna. Mai 360 mau leka, 61 wale nō i wehe ʻia - ʻaʻole kaulana loa ka lawelawe palekana. Akā, ua maʻalahi ia.
Palapala phishing
46 poʻe i kaomi i ka loulou a kokoke i ka hapalua - 21 mau limahana - ʻaʻole i nānā i ka helu helu a komo mālie i kā lākou logins a me nā ʻōlelo huna. Maikaʻi ka hopu ʻana, e Tom.
Pūnaewele Wi-Fi
I kēia manawa ʻaʻohe pono e helu i ke kōkua o ka pōpoki. Ua hoolei aku o Tom Hunter i kekahi mau apana hao iloko o kona sedan kahiko a hele aku la i ke keena o ka Hound of the Baskervilles. ʻAʻole ʻae ʻia kāna kipa ʻana: e hoʻāʻo ʻo Tom i ka Wi-Fi o ka mea kūʻai. Ma kahi kaʻa kaʻa o ke kikowaena ʻoihana he nui nā wahi kaʻawale i hoʻokomo pono ʻia i loko o ka perimeter o ka pūnaewele i hoʻopaʻa ʻia. ʻIke ʻia, ʻaʻole lākou i noʻonoʻo nui e pili ana i kona palena - me he mea lā e hoʻopiʻi wale ana nā luna hoʻomalu i nā helu hou e pane ai i kekahi hoʻopiʻi e pili ana i ka Wi-Fi nāwaliwali.
Pehea e hana ai ka palekana WPA/WPA2 PSK? Hāʻawi ʻia ka hoʻopunipuni ma waena o ka wahi komo a me nā mea kūʻai aku e kahi kī pre-session - Pairwise Transient Key (PTK). Hoʻohana ʻo PTK i ka Pre-Shared Key a ʻelima mau ʻāpana ʻē aʻe - SSID, Authenticator Nounce (ANounce), Supplicant Nounce (SNounce), wahi komo a me nā helu MAC o ka mea kūʻai aku. Ua kāpae ʻo Tom i nā ʻāpana ʻelima, a i kēia manawa ʻo ka Pre-Shared Key wale nō i nalowale.
Ua hoʻoiho ʻia ka pono Hashcat i kēia loulou nalo ma kahi o 50 mau minuke - a ua pau kā mākou koa i ka pūnaewele malihini. Mai ia mea hiki iā ʻoe ke ʻike i ka mea hana - he mea kupanaha, eia ʻo Tom i hoʻokele i ka ʻōlelo huna ma kahi o ʻeiwa mau minuke. A ʻo kēia mau mea me ka haʻalele ʻole i ka wahi kaʻa, me ka ʻole o VPN. Ua wehe ka ʻupena hana i ke ākea no nā hana monstrous no kā mākou hero, akā ʻaʻole ʻo ia i hoʻohui i nā bonus i ke kāleka hale kūʻai.
Hoʻomaha ʻo Tom, nānā i kāna wati, hoʻolei i ʻelua mau waihona kālā ma ka papaʻaina, a haʻalele i ka cafe. He pentest hou paha, a i ʻole i loko Ua manaʻo wau e kākau...
Source: www.habr.com