Zida zama netiweki, kapena pentester ayambire kuti?

Beginner Pentester's Toolkit: Nayi kugaya mwachidule kwa zida zapamwamba zomwe zingathandizire mukayika netiweki yamkati. Zida izi zimagwiritsidwa ntchito kale ndi akatswiri osiyanasiyana, kotero zidzakhala zothandiza kuti aliyense adziwe za kuthekera kwawo ndikuzidziwa bwino.

Zamkatimu:

• Nmap
• zmapa
• masscan
• Nessus
• Net Creds
• network miner
• mtm6
• yankho
• Zoyipa_Foca
• Bettercap
• gateway_finder
• kutchfuneralhome
• ZISANU NDI ZIWIRI
• yersinia
• ma proxychains

Nmap

Nmap - chida chotsegula pa intaneti, ndi chimodzi mwa zida zodziwika kwambiri pakati pa akatswiri achitetezo ndi oyang'anira dongosolo. Imagwiritsidwa ntchito poyang'ana padoko, koma kupatula kuti ili ndi zinthu zambiri zothandiza, zomwe ndizomwe Nmap imachita. wapamwamba wokolola zofufuza pa intaneti.

Kuphatikiza pakuyang'ana madoko otseguka / otsekedwa, nmap imatha kuzindikira ntchito yomwe ikumvera padoko lotseguka ndi mtundu wake, ndipo nthawi zina imathandizira kudziwa OS. Nmap ili ndi chithandizo pakusanthula zolemba (NSE - Nmap Scripting Engine). Pogwiritsa ntchito zolemba, ndizotheka kuyang'ana zofooka za mautumiki osiyanasiyana (pokhapokha ngati pali zolemba zawo, kapena mukhoza kulemba nokha) kapena mawu achinsinsi a mautumiki osiyanasiyana.

Chifukwa chake, Nmap imakupatsani mwayi wopanga mapu atsatanetsatane, pezani zambiri zokhudzana ndi kuyendetsa ntchito pamanetiweki, ndikuwunikanso zovuta zina. Nmap ilinso ndi zosintha zosinthika, ndizotheka kusintha liwiro la sikani, kuchuluka kwa mitsinje, kuchuluka kwamagulu oti sikani, ndi zina zambiri.
Ndiosavuta kusanthula ma netiweki ang'onoang'ono komanso ofunikira pakuwunika kwapayekha.

Zotsatira:

• Imagwira ntchito mwachangu ndi gulu laling'ono la makamu;
• Kusinthasintha kwa makonda - mutha kuphatikiza zosankha m'njira yoti mupeze chidziwitso chodziwitsa zambiri munthawi yoyenera;
• Parallel scanning - mndandanda wa omwe akuwatsata amagawidwa m'magulu, kenako gulu lililonse limasinthidwa motsatana, mkati mwa gululo, kusanthula kofananira kumagwiritsidwa ntchito. Komanso kugawikana m'magulu ndi vuto laling'ono (onani m'munsimu);
• Zolemba zokonzedweratu za ntchito zosiyanasiyana - simungathe kuthera nthawi yambiri mukusankha zolemba zenizeni, koma tchulani magulu a zolemba;
• Zotsatira zotuluka - 5 mitundu yosiyanasiyana, kuphatikiza XML, yomwe imatha kutumizidwa ku zida zina;

Wotsatsa:

• Kusanthula gulu la olandila - zambiri za wolandila aliyense sizikupezeka mpaka kusanthula kwa gulu lonse kukamalizidwa. Izi zimathetsedwa mwa kuyika muzosankha kukula kwakukulu kwa gulu ndi nthawi yochuluka yomwe yankho la pempho lidzayembekezeredwa musanayimitse kuyesa kapena kupanga wina;
• Mukasanthula, Nmap imatumiza mapaketi a SYN kumalo omwe mukufuna ndikudikirira paketi iliyonse yoyankha kapena kutha kwanthawi ngati palibe yankho. Izi zimasokoneza magwiridwe antchito a scanner yonse, poyerekeza ndi ma scanner asynchronous (mwachitsanzo, zmap kapena masscan);
• Mukasanthula maukonde akulu, kugwiritsa ntchito mbendera kufulumizitsa kupanga sikani (-min-rate, --min-parallelism) kungapereke zotsatira zabodza, kulumpha madoko otsegula pa wolandirayo. Komanso, gwiritsani ntchito zosankhazi mosamala, chifukwa kuchuluka kwa paketi kumatha kubweretsa DoS yosakonzekera.

zmapa

zmapa (osati kusokonezedwa ndi ZenMap) - komanso chosatsegula gwero, chopangidwa ngati njira yofulumira ku Nmap.

Mosiyana ndi nmap, potumiza mapaketi a SYN, Zmap samadikirira mpaka yankho libwerere, koma ikupitiliza kusanthula, kudikirira mayankho kuchokera kwa makamu onse ofanana, kotero siyimasunga mawonekedwe olumikizana. Yankho la paketi ya SYN likafika, Zmap idzamvetsetsa zomwe zili mu paketi yomwe ndi doko komanso pomwe idatsegulidwa. Komanso, Zmap imangotumiza paketi imodzi ya SYN padoko lojambulidwa. Palinso mwayi wogwiritsa ntchito PF_RING kuti mufufuze mwachangu maukonde akulu ngati mwadzidzidzi mukhala ndi mawonekedwe a 10-gigabit ndi khadi yolumikizirana pamanja.

Zotsatira:

• Kusanthula liwiro;
• Zmap imapanga mafelemu a Efaneti kudutsa dongosolo la TCP/IP stack;
• Kutha kugwiritsa ntchito PF_RING;
• ZMap imasinthiratu mipherezero kuti igawanitse katunduyo mozungulira mbali yojambulidwa;
• Kutha kuphatikiza ndi ZGrab (chida chosonkhanitsira zidziwitso pazantchito pagawo la L7).

Wotsatsa:

• Zitha kuyambitsa kukana kwa mautumiki pazida zapaintaneti, monga kutsitsa ma routers apakatikati ngakhale atanyamula katundu, chifukwa mapaketi onse amadutsa pa rauta yomweyo.

masscan

masscan - chodabwitsa, komanso chojambulira chotseguka, chomwe chidapangidwa ndi cholinga chimodzi - kuyang'ana intaneti mwachangu kwambiri (osakwana mphindi 6 pa liwiro la ~ 10 miliyoni mapaketi / s). M'malo mwake, imagwira ntchito mofanana ndi Zmap, mwachangu kwambiri.

Zotsatira:

• Mawuwa ndi ofanana ndi Nmap, ndipo pulogalamuyi imathandiziranso zosankha zina zomwe zimagwirizana ndi Nmap;
• Kuthamanga kwa ntchito ndi imodzi mwama scanner othamanga kwambiri asynchronous.
• Makina ojambulira osinthika - kuyambiranso kusanthula kosokonekera, kusanja kwazinthu zingapo (monga Zmap).

Wotsatsa:

• Monga momwe zilili ndi Zmap, katundu pa netiweki wokha ndi wokwera kwambiri, zomwe zingayambitse DoS;
• Mwachikhazikitso, palibe njira yowonera pa L7 application layer;

Nessus

Nessus - chojambulira chosinthira cheke ndikuzindikira zovuta zomwe zimadziwika mudongosolo. Khodi yamagwero yatsekedwa, pali mtundu waulere wa Nessus Home womwe umakupatsani mwayi kuti muwone ma adilesi 16 a IP ndi liwiro lomwelo komanso kusanthula mwatsatanetsatane monga momwe adalipira.

Kutha kuzindikira mitundu ya ntchito kapena maseva omwe ali pachiwopsezo, kuzindikira zolakwika pamasinthidwe adongosolo, ndi mawu achinsinsi otanthauzira mawu a bruteforce. Itha kugwiritsidwa ntchito kudziwa kulondola kwa zoikamo zautumiki (makalata, zosintha, ndi zina), komanso pokonzekera kuwunika kwa PCI DSS. Kuphatikiza apo, mutha kupereka zidziwitso za wolandirayo (SSH kapena akaunti ya domain mu Active Directory) kupita ku Nessus ndipo scanner ipeza wolandilayo ndikuwunika mwachindunji, njirayi imatchedwa scanner credential. Ndikoyenera kwamakampani omwe amawunika ma netiweki awo.

Zotsatira:

• Zosiyana pazachiwopsezo chilichonse, nkhokwe yake yomwe imasinthidwa pafupipafupi;
• Zotsatira - zolemba zomveka, XML, HTML ndi LaTeX;
• API Nessus - imakulolani kuti musinthe njira zojambulira ndikupeza zotsatira;
• Credential Scan, mutha kugwiritsa ntchito zidziwitso za Windows kapena Linux kuti muwone zosintha kapena zovuta zina;
• Kutha kulemba mapulagini anu achitetezo - scanner ili ndi chilankhulo chake cholembera NASL (Nessus Attack Scripting Language);
• Mutha kukhazikitsa nthawi yowunikira pafupipafupi maukonde amderalo - chifukwa cha izi, Information Security Service idzazindikira zosintha zonse pakusintha kwachitetezo, mawonekedwe a makamu atsopano komanso kugwiritsa ntchito mtanthauzira mawu kapena mawu achinsinsi.

Wotsatsa:

• Kuphwanya magwiridwe antchito amachitidwe ojambulidwa ndikotheka - muyenera kugwira ntchito mosamala ndi njira yowunikira opumira;
• Mtundu wamalonda siufulu.

Net Creds

Net Creds ndi chida cha Python chosonkhanitsira mawu achinsinsi ndi ma hashes, komanso zidziwitso zina, monga ma URL ochezera, mafayilo otsitsidwa, ndi zidziwitso zina kuchokera pamagalimoto, zonse munthawi yeniyeni pakuwukira kwa MiTM, komanso kuchokera ku mafayilo a PCAP osungidwa kale. Oyenera kusanthula mwachangu komanso mwachiphamaso kuchuluka kwa magalimoto ambiri, mwachitsanzo, pakuwukira kwa netiweki ya MiTM, nthawi ikakhala yochepa, ndipo kusanthula pamanja pogwiritsa ntchito Wireshark kumawononga nthawi.

Zotsatira:

• Kuzindikiritsa ntchito kumatengera kununkhiza kwa paketi m'malo mozindikira ntchitoyo ndi nambala yadoko yomwe yagwiritsidwa ntchito;
• Yosavuta kugwiritsa ntchito;
• Zambiri zomwe zabwezedwa - kuphatikiza ma logins ndi mapasiwedi a FTP, POP, IMAP, SMTP, NTLMv1 / v2 protocol, komanso zidziwitso zochokera ku pempho la HTTP, monga mafomu olowera ndi zolemba zoyambira;

network miner

network miner - analogue ya Net-Creds malinga ndi mfundo yogwirira ntchito, komabe, ili ndi magwiridwe antchito ambiri, mwachitsanzo, ndizotheka kuchotsa mafayilo omwe amasamutsidwa kudzera pama protocol a SMB. Monga Net-Creds, ndizothandiza mukafuna kusanthula mwachangu kuchuluka kwa magalimoto. Ilinso ndi mawonekedwe osavuta kugwiritsa ntchito.

Zotsatira:

• Mawonekedwe azithunzi;
• Kuwona ndi kugawa deta m'magulu - kumathandizira kusanthula kwamagalimoto mosavuta ndikupangitsa kuti ikhale yachangu.

Wotsatsa:

• Mtundu wowunikira uli ndi magwiridwe antchito ochepa.

mtm6

mtm6 - chida chothandizira kuukira IPv6 (SLAAC-attack). IPv6 ndiyofunika kwambiri mu Windows OS (nthawi zambiri, mu OS inanso), ndipo pakuyimitsidwa kosasintha, mawonekedwe a IPv6 amayatsidwa, izi zimalola wowukirayo kukhazikitsa seva yake ya DNS pogwiritsa ntchito mapaketi a Router Advertisement, pambuyo pake wowukirayo amapeza mwayi. kusintha DNS ya wozunzidwayo. Zokwanira bwino pakuyendetsa kuukira kwa Relay pamodzi ndi chida cha ntlmrelayx, chomwe chimakupatsani mwayi kuti muwononge maukonde a Windows.

Zotsatira:

• Zimagwira ntchito bwino pamanetiweki ambiri chifukwa cha kasinthidwe wamba kwa makamu a Windows ndi maukonde;

yankho

yankho - chida chowonongera ma protocol osintha dzina (LLMNR, NetBIOS, MDNS). Chida chofunikira kwambiri mu Active Directory network. Kuphatikiza pa spoofing, imatha kuletsa kutsimikizika kwa NTLM, imabweranso ndi zida zingapo zosonkhanitsira zidziwitso ndikukhazikitsa ziwopsezo za NTLM-Relay.

Zotsatira:

• Mwachikhazikitso, imakweza ma seva ambiri ndi chithandizo cha kutsimikizika kwa NTLM: SMB, MSSQL, HTTP, HTTPS, LDAP, FTP, POP3, IMAP, SMTP;
• Amalola DNS spoofing ngati MITM kuukira (ARP spoofing, etc.);
• Zolemba zala za omwe adapanga zomwe adapempha kuwulutsa;
• Kusanthula mode - poyang'anitsitsa zopempha;
• Mawonekedwe a ma hashes olandidwa panthawi yotsimikizika ya NTLM amagwirizana ndi John the Ripper ndi Hashcat.

Wotsatsa:

• Mukamagwira pansi pa Windows, doko lomanga 445 (SMB) limakhala ndi zovuta zina (zimafunika kuyimitsa ntchito zoyenera ndikuyambiranso);

Zoyipa_Foca

Kuyikira Koyipa - chida chowonera ma netiweki osiyanasiyana pamanetiweki a IPv4 ndi IPv6. Imayang'ana maukonde akomweko, zida zozindikiritsa, ma routers ndi maukonde awo, pambuyo pake mutha kuchita ziwonetsero zosiyanasiyana pamembala wapaintaneti.

Zotsatira:

• Zosavuta kuukira kwa MITM (ARP spoofing, jekeseni wa DHCP ACK, SLAAC attack, DHCP spoofing);
• Mutha kuchita ziwonetsero za DoS - ndi ARP spoofing pamanetiweki a IPv4, ndi SLAAC DoS mumanetiweki a IPv6;
• Mutha kugwiritsa ntchito kubera kwa DNS;
• Yosavuta kugwiritsa ntchito, yosavuta kugwiritsa ntchito GUI.

Wotsatsa:

• Imagwira ntchito pa Windows yokha.

Bettercap

Bettercap ndi chimango champhamvu chowunikira ndikuwukira maukonde, ndipo tikukambanso za kuwukira kwa ma netiweki opanda zingwe, BLE (bluetooth low energy) komanso ngakhale MouseJack ikuukira zida zopanda zingwe za HID. Kuphatikiza apo, ili ndi magwiridwe antchito osonkhanitsira zambiri kuchokera pamagalimoto (zofanana ndi ma net-cred). Kawirikawiri, mpeni wa ku Switzerland (zonse m'modzi). Posachedwapa zatero graphical ukonde mawonekedwe.

Zotsatira:

• Credential sniffer - mutha kugwira ma URL ochezera ndi makamu a HTTPS, kutsimikizika kwa HTTP, zidziwitso pama protocol osiyanasiyana osiyanasiyana;
• Ambiri anamanga-MITM kuukira;
• Modular HTTP(S) transparent proxy - mutha kuyang'anira magalimoto kutengera zosowa zanu;
• Seva ya HTTP yomangidwa;
• Kuthandizira kwa ma caplets - mafayilo omwe amakulolani kufotokoza zovuta komanso zodziwikiratu muchilankhulo cholembera.

Wotsatsa:

• Ma module ena - mwachitsanzo, ble.enum - samathandizidwa pang'ono ndi macOS ndi Windows, ena amapangidwira Linux - packet.proxy.

gateway_finder

wopeza pachipata - script ya Python yomwe imathandiza kudziwa njira zomwe zingatheke pa intaneti. Zothandiza pakuwunika magawo kapena kupeza makamu omwe amatha kupita ku subnet kapena intaneti yomwe mukufuna. Ndikoyenera kuyeserera kulowa mkati mukafunika kuyang'ana mwachangu mayendedwe osaloleka kapena njira zopita kumanetiweki ena am'deralo.

Zotsatira:

• Yosavuta kugwiritsa ntchito ndikusintha mwamakonda.

kutchfuneralhome

kutchfuneralhome ndi chida chotseguka chowunikira magalimoto otetezedwa ndi SSL/TLS. mitmproxy ndiyosavuta kuletsa ndikusintha magalimoto otetezeka, inde, ndikusungitsa kwina; chida sichilimbana ndi SSL/TLS decryption. Amagwiritsidwa ntchito ngati kuli kofunikira kuletsa ndi kukonza kusintha kwa magalimoto otetezedwa ndi SSL/TLS. Zili ndi Mitmproxy - ya proxying traffic, mitmdump - yofanana ndi tcpdump, koma ya HTTP (S) traffic, ndi mitmweb - mawonekedwe a intaneti a Mitmproxy.

Zotsatira:

• Imagwira ntchito ndi ma protocol osiyanasiyana, komanso imathandizira kusinthidwa kwamitundu yosiyanasiyana, kuchokera ku HTML kupita ku Protobuf;
• API ya Python - imakulolani kuti mulembe zolemba za ntchito zomwe sizili zoyenera;
• Itha kugwira ntchito munjira yowonekera bwino yolumikizirana ndi magalimoto.

Wotsatsa:

• Mtundu wotayira sugwirizana ndi chilichonse - ndizovuta kugwiritsa ntchito grep, muyenera kulemba zolemba;

ZISANU NDI ZIWIRI

ZISANU NDI ZIWIRI - chida chogwiritsira ntchito mphamvu za Cisco Smart Install protocol. Ndizotheka kupeza ndikusintha kasinthidwe, komanso kuwongolera chipangizo cha Cisco. Ngati mudatha kupeza kasinthidwe ka chipangizo cha Cisco, mutha kuyang'ana nawo CCAT, chida ichi ndi chothandiza pofufuza kasinthidwe ka chitetezo cha zida za Cisco.

Zotsatira:

Kugwiritsa ntchito protocol ya Cisco Smart Install kumakupatsani mwayi:

• Sinthani adilesi ya seva ya tftp pa chipangizo cha kasitomala potumiza paketi imodzi ya TCP yolakwika;
• Koperani fayilo yosinthira chipangizo;
• Sinthani mawonekedwe a chipangizocho, mwachitsanzo powonjezera wogwiritsa ntchito watsopano;
• Sinthani chithunzi iOS pa chipangizo;
• Perekani malamulo angapo pa chipangizocho. Ichi ndi chinthu chatsopano chomwe chimangogwira ntchito mumitundu 3.6.0E ndi 15.2(2)E ya iOS;

Wotsatsa:

• Zimagwira ntchito ndi zida zochepa za Cisco, mumafunikanso ip "yoyera" kuti mulandire yankho kuchokera ku chipangizocho, kapena muyenera kukhala pa intaneti yomweyo ndi chipangizocho;

yersinia

yersinia ndi njira yowukira ya L2 yopangidwira kugwiritsa ntchito zolakwika zachitetezo pama protocol osiyanasiyana a L2 network.

Zotsatira:

• Amalola kuukira pa STP, CDP, DTP, DHCP, HSRP, VTP ndi ma protocol ena.

Wotsatsa:

• Osati mawonekedwe osavuta kugwiritsa ntchito.

ma proxychains

ma proxychains - chida chomwe chimakupatsani mwayi wowongolera kuchuluka kwa magalimoto kudzera pa proxy yodziwika ya SOCKS.

Zotsatira:

• Imathandizira kuwongolera kuchuluka kwa mapulogalamu ena omwe sadziwa momwe angagwiritsire ntchito ndi proxy mwachisawawa;

M'nkhaniyi, tapenda mwachidule ubwino ndi kuipa kwa zida zazikulu zoyesera zolowera mkati mwamaneti. Khalani tcheru, tikufuna kutumiza zosonkhanitsidwa izi mtsogolomo: Webusaiti, nkhokwe, mafoni a m'manja - tidzalembanso za izi.

Gawani zofunikira zomwe mumakonda mu ndemanga!

Source: www.habr.com