åå¿è ã®äŸµå ¥ãã¹ãè åãã®ããŒã«ããã: å éšãããã¯ãŒã¯ã®äŸµå ¥ãã¹ããè¡ããšãã«åœ¹ç«ã€äž»èŠãªããŒã«ã®çããã€ãžã§ã¹ãã玹ä»ããŸãã ãããã®ããŒã«ã¯ãã§ã«å¹ åºãå°é家ã«ãã£ãŠç©æ¥µçã«äœ¿çšãããŠããããã誰ãããã®æ©èœãç¥ããå®å šã«äœ¿ãããªãããšãã§ããŸãã
å 容ïŒ
-
Nmapã® -
Zããã -
ãã¹ãã£ã³ -
ããµã¹ -
ãããã¯ã¬ãžãã -
ãããã¯ãŒã¯ãã€ã㌠-
mitm6 -
çã -
Evil_Foca -
ãã¿ãŒãã£ãã -
ã²ãŒããŠã§ã€ãã¡ã€ã³ã㌠-
ããããããã· -
ã»ãã³ -
ãšã«ã·ã㢠-
ãããã·ãã§ãŒã³
Nmapã®
nmap ã¯ããªãŒãã³/ã¯ããŒãºã ããŒãã®ãã§ãã¯ã«å ããŠããªãŒãã³ ããŒãã§ãªãã¹ã³ããŠãããµãŒãã¹ãšãã®ããŒãžã§ã³ãèå¥ããããšãã§ããå Žåã«ãã£ãŠã¯ OS ã®ç¹å®ã«åœ¹ç«ã¡ãŸãã Nmap ã¯ãã¹ãã£ã³ ã¹ã¯ãªãã (NSE - Nmap Scripting Engine) ããµããŒãããŠããŸãã ã¹ã¯ãªããã䜿çšãããšãããŸããŸãªãµãŒãã¹ã®è匱æ§ããã§ãã¯ããã (ãã¡ãããã¹ã¯ãªãããååšããå ŽåããŸãã¯ãã€ã§ãç¬èªã®ã¹ã¯ãªãããäœæã§ããŸã)ãããŸããŸãªãµãŒãã¹ã®ãã¹ã¯ãŒããå埩ãããããããšãã§ããŸãã
ãããã£ãŠãNmap ã䜿çšãããšããããã¯ãŒã¯ã®è©³çŽ°ãªããããäœæãããããã¯ãŒã¯äžã®ãã¹ãã§å®è¡ãããŠãããµãŒãã¹ã«é¢ããæ倧éã®æ
å ±ãååŸããäžéšã®è匱æ§ãäºåã«ãã§ãã¯ããããšãã§ããŸãã Nmap ã«ã¯æè»ãªã¹ãã£ã³èšå®ããããã¹ãã£ã³é床ãã¹ã¬ããæ°ãã¹ãã£ã³ããã°ã«ãŒãã®æ°ãªã©ãæ§æã§ããŸãã
å°èŠæš¡ãããã¯ãŒã¯ã®ã¹ãã£ã³ã«äŸ¿å©ã§ãåã
ã®ãã¹ãã®ã¹ããã ã¹ãã£ã³ã«ã¯äžå¯æ¬ ã§ãã
é·æïŒ
- çãç¯å²ã®ãã¹ãã§è¿ éã«åäœããŸãã
- èšå®ã®æè»æ§ - 蚱容å¯èœãªæéå ã«æãæçãªããŒã¿ãååŸã§ããããã«ãªãã·ã§ã³ãçµã¿åãããããšãã§ããŸãã
- 䞊åã¹ãã£ã³ - ã¿ãŒã²ãã ãã¹ãã®ãªã¹ããã°ã«ãŒãã«åå²ãããåã°ã«ãŒããé çªã«ã¹ãã£ã³ãããã°ã«ãŒãå ã§äžŠåã¹ãã£ã³ã䜿çšãããŸãã ãŸããã°ã«ãŒãã«åå²ããããšã¯å°ããªæ¬ ç¹ã§ã (äžèšãåç §)ã
- ããŸããŸãªã¿ã¹ã¯çšã®äºåå®çŸ©ãããã¹ã¯ãªããã®ã»ãã - ç¹å®ã®ã¹ã¯ãªããã®éžæã«å€ãã®æéãè²»ããå¿ èŠã¯ãªããã¹ã¯ãªããã®ã°ã«ãŒããæå®ããŸãã
- åºåçµæ - XML ãå«ã 5 ã€ã®ç°ãªã圢åŒãä»ã®ããŒã«ã«ã€ã³ããŒãã§ããŸãã
çæïŒ
- ãã¹ãã®ã°ã«ãŒãã®ã¹ãã£ã³ - ã°ã«ãŒãå šäœã®ã¹ãã£ã³ãå®äºãããŸã§ããã¹ãã«é¢ããæ å ±ã¯å©çšã§ããŸããã ããã¯ããªãã·ã§ã³ã§æ倧ã°ã«ãŒã ãµã€ãºãšãè©Šè¡ãåæ¢ãããå¥ã®è©Šè¡ãè¡ãåã«èŠæ±ãžã®å¿çãäºæ³ãããæ倧æéééãèšå®ããããšã§è§£æ±ºã§ããŸãã
- ã¹ãã£ã³äžãNmap ã¯ã¿ãŒã²ãã ããŒãã« SYN ãã±ãããéä¿¡ããå¿çãã±ãããåŸ ã€ããå¿çããªãå Žåã¯ã¿ã€ã ã¢ãŠãããŸãã ããã¯ãéåæã¹ãã£ã (zmap ãmasscan ãªã©) ãšæ¯èŒããŠãã¹ãã£ãå šäœã®ããã©ãŒãã³ã¹ã«æªåœ±é¿ãåãŒããŸãã
- 倧èŠæš¡ãªãããã¯ãŒã¯ãã¹ãã£ã³ããå Žåãã¹ãã£ã³ãé«éåããããã®ãã©ã° (-min-rateã--min-Parallelism) ã䜿çšãããšãåœé°æ§ã®çµæãçæããããã¹ãäžã®éããŠããããŒãã倱ãããå¯èœæ§ããããŸãã ãŸãããã±ãã ã¬ãŒãã倧ãããšæå³ããªã DoS ãçºçããå¯èœæ§ãããããããããã®ãªãã·ã§ã³ã¯æ³šæããŠäœ¿çšããå¿ èŠããããŸãã
Zããã
nmap ãšã¯ç°ãªããSYN ãã±ãããéä¿¡ãããšããZmap ã¯å¿çãè¿ããããŸã§åŸ æ©ãããã¹ãã£ã³ãç¶ç¶ããåæã«ãã¹ãŠã®ãã¹ãããã®å¿çãåŸ ã€ãããå®éã«ã¯æ¥ç¶ç¶æ ãç¶æããŸããã SYN ãã±ããã«å¯Ÿããå¿çãå°çãããšãZmap ã¯ãã±ããã®å 容ããã©ã®ãã¹ãäžã§ã©ã®ããŒããéãããããç解ããŸãã ããã«ãZmap ã¯ã¹ãã£ã³å¯Ÿè±¡ã®ããŒãããšã« 10 ã€ã® SYN ãã±ããã®ã¿ãéä¿¡ããŸãã XNUMX ã®ã¬ããã ã€ã³ã¿ãŒãã§ã€ã¹ãšäºææ§ã®ãããããã¯ãŒã¯ ã«ãŒããæå ã«ããå Žåã¯ãPF_RING ã䜿çšããŠå€§èŠæš¡ãããã¯ãŒã¯ãè¿ éã«ã¹ãã£ã³ããããšãã§ããŸãã
é·æïŒ
- ã¹ãã£ã³é床ã
- Zmap ã¯ãã·ã¹ãã ã® TCP/IP ã¹ã¿ãã¯ããã€ãã¹ããŠã€ãŒãµããã ãã¬ãŒã ãçæããŸãã
- PF_RING ã䜿çšããå¯èœæ§ã
- ZMap ã¯ã¿ãŒã²ãããã©ã³ãã åããŠãã¹ãã£ã³ãããåŽã®è² è·ãåçã«åæ£ããŸãã
- ZGrab (L7 ã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã§ãµãŒãã¹ã«é¢ããæ å ±ãåéããããŒã«) ãšã®çµ±åã®å¯èœæ§ã
çæïŒ
- ãã¹ãŠã®ãã±ããã XNUMX ã€ã®ã«ãŒã¿ãŒãééãããããè² è·ãåæ£ãããŠããã«ãããããããäžéã«ãŒã¿ãŒãç Žå£ããããªã©ããããã¯ãŒã¯æ©åšã®ãµãŒãã¹åŠšå®³ãçºçããå¯èœæ§ããããŸãã
ãã¹ãã£ã³
é·æïŒ
- æ§æ㯠Nmap ã«äŒŒãŠãããããã°ã©ã ã¯ããã€ãã® Nmap äºæãªãã·ã§ã³ããµããŒãããŠããŸãã
- åäœé床 - æéã®éåæã¹ãã£ããŒã® XNUMX ã€ã
- æè»ãªã¹ãã£ã³ ã¡ã«ããºã - äžæãããã¹ãã£ã³ãåéããè² è·ãè€æ°ã®ããã€ã¹ã«åæ£ããŸã (Zmap ã®ããã«)ã
çæïŒ
- Zmap ãšåæ§ã«ããããã¯ãŒã¯èªäœã®è² è·ãéåžžã«é«ããDoS ã«ã€ãªããå¯èœæ§ããããŸãã
- ããã©ã«ãã§ã¯ãL7 ã¢ããªã±ãŒã·ã§ã³å±€ã§ã¹ãã£ã³ããæ©èœã¯ãããŸããã
ããµã¹
ãµãŒãã¹ãŸãã¯ãµãŒããŒã®è匱ãªããŒãžã§ã³ãç¹å®ããã·ã¹ãã æ§æã®ãšã©ãŒãæ€åºããèŸæžãã¹ã¯ãŒãã®ãã«ãŒããã©ãŒã¹ãå®è¡ã§ããŸãã PCI DSS ç£æ»ã®æºåãšããŠã ãã§ãªãããµãŒãã¹èšå® (ã¡ãŒã«ãã¢ããããŒããªã©) ã®æ£ç¢ºæ§ãå€æããããã«äœ¿çšã§ããŸãã ããã«ããã¹ãè³æ Œæ å ±ã Nessus (SSH ãŸã㯠Active Directory ã®ãã¡ã€ã³ ã¢ã«ãŠã³ã) ã«æž¡ããšãã¹ãã£ããŒããã¹ãã«ã¢ã¯ã»ã¹ããŠãã¹ãäžã§çŽæ¥ãã§ãã¯ãå®è¡ã§ããããã«ãªããŸãããã®ãªãã·ã§ã³ã¯è³æ Œæ å ±ã¹ãã£ã³ãšåŒã°ããŸãã èªç€Ÿãããã¯ãŒã¯ã®ç£æ»ãè¡ãäŒæ¥ã«äŸ¿å©ã§ãã
é·æïŒ
- è匱æ§ããšã«åå¥ã®ã·ããªãªããããããŒã¿ããŒã¹ã¯åžžã«æŽæ°ãããŸãã
- çµæã®åºå - ãã¬ãŒã³ããã¹ããXMLãHTMLãLaTeXã
- API Nessus - ã¹ãã£ã³ãšçµæååŸã®ããã»ã¹ãèªååã§ããŸãã
- èªèšŒæ å ±ã¹ãã£ã³ãWindows ãŸã㯠Linux èªèšŒæ å ±ã䜿çšããŠãã¢ããããŒãããã®ä»ã®è匱æ§ããã§ãã¯ã§ããŸãã
- ç¬èªã®çµã¿èŸŒã¿ã»ãã¥ãªã㣠ã¢ãžã¥ãŒã«ãäœæããæ©èœ - ã¹ãã£ããŒã«ã¯ç¬èªã®ã¹ã¯ãªããèšèª NASL (Nessus Attack Scripting Language) ããããŸãã
- ããŒã«ã« ãããã¯ãŒã¯ã®å®æã¹ãã£ã³ã®æéãèšå®ã§ããŸããããã«ãããæ å ±ã»ãã¥ãªã㣠ãµãŒãã¹ã¯ãã»ãã¥ãªãã£èšå®ã®ãã¹ãŠã®å€æŽãæ°ãããã¹ãã®åºçŸãèŸæžãŸãã¯ããã©ã«ãã®ãã¹ã¯ãŒãã®äœ¿çšãèªèããŸãã
çæïŒ
- ã¹ãã£ã³äžã®ã·ã¹ãã ã®åäœã«èª€åäœãçºçããŠããå¯èœæ§ããããŸããå®å šãã§ã㯠ãªãã·ã§ã³ãç¡å¹ã«ããŠæ éã«äœæ¥ããå¿ èŠããããŸãã
- 補åçã¯ç¡æã§ã¯ãããŸããã
ãããã¯ã¬ãžãã
é·æïŒ
- ãµãŒãã¹ã®èå¥ã¯ã䜿çšãããããŒãçªå·ã«ãã£ãŠãµãŒãã¹ãèå¥ããã®ã§ã¯ãªãããã±ããåæã«åºã¥ããŠããŸãã
- 䜿ãããã;
- æœåºãããå¹ åºãããŒã¿ - FTPãPOPãIMAPãSMTPãNTLMv1/v2 ãããã³ã«ã®ãã°ã€ã³ãšãã¹ã¯ãŒãããã°ã€ã³ ãã©ãŒã ãåºæ¬èªèšŒãªã©ã® HTTP ãªã¯ãšã¹ãããã®æ å ±ãå«ãŸããŸãã
ãããã¯ãŒã¯ãã€ããŒ
é·æïŒ
- ã°ã©ãã£ã«ã«ã€ã³ã¿ãŒãã§ã€ã¹ã
- ããŒã¿ãèŠèŠåããŠã°ã«ãŒãã«åé¡ããããšã§ããã©ãã£ãã¯åæãç°¡çŽ åãããé«éåãããŸãã
çæïŒ
- è©Šçšçã«ã¯æ©èœãå¶éãããŠããŸãã
mitm6
é·æïŒ
- Windows ãã¹ããšãããã¯ãŒã¯ã®æšæºæ§æã«ãããå€ãã®ãããã¯ãŒã¯ã§ããŸãæ©èœããŸãã
çã
é·æïŒ
- ããã©ã«ãã§ã¯ãSMBãMSSQLãHTTPãHTTPSãLDAPãFTPãPOP3ãIMAPãSMTP ãªã©ã® NTLM èªèšŒããµããŒãããå€ãã®ãµãŒããŒãèµ·åãããŸãã
- MITM æ»æ (ARP ã¹ããŒãã£ã³ã°ãªã©) ã®å Žåã« DNS ã¹ããŒãã£ã³ã°ãèš±å¯ããŸãã
- ãããŒããã£ã¹ãèŠæ±ãè¡ã£ããã¹ãã®ãã£ã³ã¬ãŒããªã³ãã
- åæã¢ãŒã - ãªã¯ãšã¹ãã®ååçç£èŠçšã
- NTLM èªèšŒçšã«ååãããããã·ã¥ã®åœ¢åŒã¯ãJohn the Ripper ããã³ Hashcat ãšäºææ§ããããŸãã
çæïŒ
- Windows ã§å®è¡ããå ŽåãããŒã 445 (SMB) ãã€ã³ãã«ã¯ããã€ãã®åé¡ã䌎ããŸã (察å¿ãããµãŒãã¹ãåæ¢ããŠåèµ·åããå¿ èŠããããŸã)ã
Evil_Foca
é·æïŒ
- MITM æ»æ (ARP ã¹ããŒãã£ã³ã°ãDHCP ACK ã€ã³ãžã§ã¯ã·ã§ã³ãSLAAC æ»æãDHCP ã¹ããŒãã£ã³ã°) ã®å®è¡ã«äŸ¿å©ã§ãã
- IPv4 ãããã¯ãŒã¯ã§ã¯ ARP ã¹ããŒãã£ã³ã°ã䜿çšããIPv6 ãããã¯ãŒã¯ã§ã¯ SLAAC DoS ã䜿çšããŠãDoS æ»æãå®è¡ã§ããŸãã
- DNS ãã€ãžã£ãã¯ãå®è¡ããå¯èœæ§ããããŸãã
- 䜿ããããããŠãŒã¶ãŒãã¬ã³ããªãŒãªã°ã©ãã£ã«ã«ã€ã³ã¿ãŒãã§ã€ã¹ã
çæïŒ
- Windows äžã§ã®ã¿åäœããŸãã
ãã¿ãŒãã£ãã
é·æïŒ
- è³æ Œæ å ±ã¹ããã¡ãŒ - 蚪åãã URL ãš HTTPS ãã¹ããHTTP èªèšŒãããŸããŸãªãããã³ã«ã®è³æ Œæ å ±ãææã§ããŸãã
- å€ãã®çµã¿èŸŒã¿ MITM æ»æã
- ã¢ãžã¥ã©ãŒ HTTP(S) ééãããã· - ããŒãºã«å¿ããŠãã©ãã£ãã¯ã管çã§ããŸãã
- å èµHTTPãµãŒããŒã
- ã«ãã¬ããã®ãµããŒã - è€éã§èªååãããæ»æãã¹ã¯ãªããèšèªã§èšè¿°ããããšãå¯èœã«ãããã¡ã€ã«ã
çæïŒ
- äžéšã®ã¢ãžã¥ãŒã« (ble.enum ãªã©) 㯠macOS ããã³ Windows ã§ã¯éšåçã«ãµããŒããããŠããããLinux å°çšã«èšèšãããã¢ãžã¥ãŒã« (packet.proxy) ããããŸãã
ã²ãŒããŠã§ã€ãã¡ã€ã³ããŒ
é·æïŒ
- 䜿ããããã«ã¹ã¿ãã€ãºãç°¡åã
ããããããã·
é·æïŒ
- ããŸããŸãªãããã³ã«ã§åäœããHTML ãã Protobuf ãŸã§ããŸããŸãªåœ¢åŒã®å€æŽããµããŒãããŸãã
- API for Python - éæšæºã¿ã¹ã¯ã®ã¹ã¯ãªãããäœæã§ããŸãã
- ãã©ãã£ãã¯ãååããééãããã· ã¢ãŒãã§åäœã§ããŸãã
çæïŒ
- ãã³ã圢åŒã¯äœãšãäºææ§ããããŸãããgrep ã䜿çšããã®ã¯é£ãããã¹ã¯ãªãããäœæããå¿ èŠããããŸãã
ã»ãã³
é·æïŒ
Cisco Smart Install ãããã³ã«ã䜿çšãããšã次ã®ããšãå¯èœã«ãªããŸãã
- äžæ£ãªåœ¢åŒã® TCP ãã±ããã XNUMX ã€éä¿¡ããŠãã¯ã©ã€ã¢ã³ã ããã€ã¹ã® tftp ãµãŒã㌠ã¢ãã¬ã¹ãå€æŽããŸãã
- ããã€ã¹æ§æãã¡ã€ã«ãã³ããŒããŸãã
- æ°ãããŠãŒã¶ãŒãè¿œå ãããªã©ããŠãããã€ã¹æ§æãå€æŽããŸãã
- ããã€ã¹äžã® iOS ã€ã¡ãŒãžãæŽæ°ããŸãã
- ããã€ã¹äžã§ã©ã³ãã ãªäžé£ã®ã³ãã³ããå®è¡ããŸãã ããã¯ãiOS ããŒãžã§ã³ 3.6.0E ããã³ 15.2(2)E ã§ã®ã¿åäœããæ°æ©èœã§ãã
çæïŒ
- éããã Cisco ããã€ã¹ã§åäœããŸããããã€ã¹ããã®å¿çãåä¿¡ããã«ã¯ããã¯ã€ããIP ãå¿ èŠã§ãããŸãã¯ãããã€ã¹ãšåããããã¯ãŒã¯äžã«ããå¿ èŠããããŸãã
ãšã«ã·ãã¢
é·æïŒ
- STPãCDPãDTPãDHCPãHSRPãVTP ãªã©ã«å¯Ÿããæ»æãå®è¡ã§ããŸãã
çæïŒ
- æããŠãŒã¶ãŒãã¬ã³ããªãŒãªã€ã³ã¿ãŒãã§ãŒã¹ãšã¯èšããŸããã
ãããã·ãã§ãŒã³
é·æïŒ
- ããã©ã«ãã§ã¯ãããã·ãšé£æºã§ããªãäžéšã®ã¢ããªã±ãŒã·ã§ã³ããã®ãã©ãã£ãã¯ããªãã€ã¬ã¯ãããã®ã«åœ¹ç«ã¡ãŸãã
ãã®èšäºã§ã¯ãå
éšãããã¯ãŒã¯äŸµå
¥ãã¹ãçšã®äž»ãªããŒã«ã®é·æãšçæãç°¡åã«èª¬æããŸããã ä»åŸããŠã§ããããŒã¿ããŒã¹ãã¢ãã€ã« ã¢ããªã±ãŒã·ã§ã³ãªã©ã®ã³ã¬ã¯ã·ã§ã³ãå
¬éããäºå®ã§ããããã«ã€ããŠãå¿
ãæžããŸãã
ã³ã¡ã³ãã§ãæ°ã«å
¥ãã®ãŠãŒãã£ãªãã£ãå
±æããŠãã ããã
åºæïŒ habr.com