Nthawi ina kale ndinalemba za , koma pang'ono pang'ono ndi chipwirikiti. Pambuyo pake, ndidaganiza zokulitsa mndandanda wa zida zomwe zikuwunikiranso, kuwonjezera kapangidwe ka nkhaniyi, ndikuganiziranso zotsutsa (zikomo kwambiri. kwa upangiri) ndikutumiza ku mpikisano wa SecLab (ndikusindikizidwa , koma pazifukwa zoonekeratu palibe amene adamuwona). Mpikisano watha, zotsatira zalengezedwa ndipo ndi chikumbumtima choyera ndikhoza kuzifalitsa (nkhani) pa Habré.
Zida Zaulere Zapaintaneti za Pentester
M'nkhaniyi ndilankhula za zida zodziwika kwambiri zolowera (mayeso olowera) pa intaneti pogwiritsa ntchito njira ya "black box".
Kuti tichite izi, tiwona zida zomwe zingathandize pakuyesa kwamtunduwu. Ganizirani magulu awa:
- Network scanner
- Ma scanner ophwanya ma script pa intaneti
- Kudyera masuku pamutu
- Automation ya jakisoni
- Ochotsa madalaivala (onunkhiza, ma proxi apafupi, ndi zina zotero)
Zogulitsa zina zimakhala ndi "khalidwe" lachilengedwe chonse, kotero ndiziika m'gulu lomwe ali ndiоzotsatira zabwino (malingaliro omvera).
Network scanner.
Ntchito yayikulu ndikuzindikira ma network omwe alipo, kukhazikitsa mitundu yawo, kudziwa OS, ndi zina.
Nmap
ndi chida chaulere komanso chotseguka chowunikira maukonde ndikuwunika chitetezo chadongosolo. Otsutsa achiwawa a console amatha kugwiritsa ntchito Zenmap, yomwe ndi GUI ya Nmap.
Ichi sikuti ndi scanner "yanzeru", ndi chida chokulirapo (chimodzi mwa "zachilendo" ndi kukhalapo kwa script kuti muwone ngati pali nyongolotsi "" (wotchulidwa ). Chitsanzo chogwiritsiridwa ntchito:
nmap -A -T4 localhost
-A pakuzindikira mtundu wa OS, kusanthula zolemba ndi kutsata
-T4 nthawi yowongolera nthawi (zambiri zimathamanga, kuyambira 0 mpaka 5)
localhost - target host
Chinachake cholimba?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Izi ndi zosankha kuchokera pa mbiri ya "slow comprehensive scan" mu Zenmap. Zimatenga nthawi yayitali kuti amalize, koma pamapeto pake amapereka zambiri zatsatanetsatane zomwe zingapezeke za dongosolo lomwe mukufuna. , ngati mwaganiza zozama, ndikupangiranso kumasulira nkhaniyi .
Nmap yalandira udindo wa "Security Product of the Year" kuchokera m'magazini ndi madera monga Linux Journal, Info World, LinuxQuestions.Org ndi Codetalker Digest.
Mfundo yosangalatsa, Nmap imatha kuwoneka m'mafilimu "The Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" ndi .
IP-Zida
- mtundu wa zida zosiyanasiyana zapaintaneti, zimabwera ndi GUI, "yodzipereka" kwa ogwiritsa ntchito Windows.
Chojambulira pamadoko, zinthu zogawana (zosindikiza zogawana/mafoda), WhoIs/Finger/Lookup, kasitomala wa telnet ndi zina zambiri. Chida chosavuta, chachangu, chogwira ntchito.
Palibe chifukwa choganizira zinthu zina, chifukwa pali zambiri zothandiza m'derali ndipo onse ali ndi mfundo zofanana zogwirira ntchito ndi ntchito. Komabe, nmap ikadali yomwe imagwiritsidwa ntchito kwambiri.
Ma scanner ophwanya ma script pa intaneti
Kuyesa kupeza zofooka zodziwika bwino (SQL inj, XSS, LFI/RFI, etc.) kapena zolakwika (zosachotsedwa mafayilo osakhalitsa, kulondolera chikwatu, etc.)
Acunetix Web Vulnerability Scanner
- kuchokera pa ulalo mutha kuwona kuti iyi ndi scanner ya xss, koma izi sizowona kwathunthu. Mtundu waulere, womwe ukupezeka pano, umapereka magwiridwe antchito ambiri. Nthawi zambiri, munthu amene amayendetsa sikani iyi kwa nthawi yoyamba ndikulandila lipoti lazinthu zawo kwa nthawi yoyamba amakumana ndi mantha pang'ono, ndipo mumvetsetsa chifukwa chake mutangochita izi. Ichi ndi chinthu champhamvu kwambiri pakuwunika zovuta zamitundu yonse patsamba lawebusayiti ndipo sizimagwira ntchito ndi masamba amtundu wa PHP okha, komanso m'zilankhulo zina (ngakhale kusiyana kwa zilankhulo sichizindikiro). Palibe chifukwa chofotokozera malangizowo, chifukwa chojambulira "chimangotenga" zochita za wogwiritsa ntchito. Chinachake chofanana ndi "chotsatira, chotsatira, chotsatira, chokonzekera" pamakina oyika mapulogalamu.
Nikto
Ichi ndi chokwawa cha Open Source (GPL). Imathetsa ntchito zamanja zanthawi zonse. Imasaka malo omwe mukufuna kuti mupeze zolemba zomwe sizinachotsedwe (test.php, index_.php, ndi zina), zida zoyang'anira database (/phpmyadmin/, /pma ndi zina zotero), ndi zina zotero, ndiko kuti, kuyang'ana gwero lazolakwa zofala kwambiri. kawirikawiri amayamba chifukwa cha anthu.
Kuphatikiza apo, ngati ipeza zolemba zodziwika bwino, zimayiyang'ana zomwe zatulutsidwa (zomwe zili mu database).
Malipoti akupezeka njira "zosafunikira" monga PUT ndi TRACE
Ndi zina zotero. Ndizothandiza kwambiri ngati mumagwira ntchito yowerengera ndikusanthula mawebusayiti tsiku lililonse.
Mwa minuses, ndikufuna kuti ndizindikire kuchuluka kwazinthu zabodza. Mwachitsanzo, ngati tsamba lanu nthawi zonse limapereka cholakwika chachikulu m'malo mwa cholakwika cha 404 (pamene chiyenera kuchitika), scanner idzanena kuti tsamba lanu lili ndi zolemba zonse ndi zofooka zonse zochokera ku database yake. M'malo mwake, izi sizichitika kawirikawiri, koma zowona, zambiri zimatengera kapangidwe ka tsamba lanu.
Kagwiritsidwe kakale:
./nikto.pl -host localhost
Ngati mukufuna kuvomerezedwa patsamba, mutha kukhazikitsa cookie mufayilo ya nikto.conf, STATIC-COOKIE variable.
Wikto
- Nikto ya Windows, koma ndi zina zowonjezera, monga malingaliro "osamveka" pofufuza zolakwika, pogwiritsa ntchito GHDB, kupeza maulalo ndi zikwatu zothandizira, kuyang'anira zenizeni zopempha / mayankho a HTTP. Wikto yalembedwa mu C # ndipo imafuna .NET framework.
skipfish
- scanner yachitetezo chapaintaneti kuchokera (wotchedwa lcamtuf). Zolembedwa mu C, mtanda-nsanja (Win imafuna Cygwin). Mobwerezabwereza (ndipo kwa nthawi yayitali kwambiri, pafupifupi 20 ~ 40 maola, ngakhale kuti nthawi yomaliza yomwe inandigwirira ntchito inali maola 96) imakwawa malo onse ndikupeza mabowo amtundu uliwonse. Zimapanganso magalimoto ambiri (ma GB angapo omwe akubwera / otuluka). Koma njira zonse ndi zabwino, makamaka ngati muli ndi nthawi ndi chuma.
Kugwiritsa Ntchito Nthawi Zonse:
./skipfish -o /home/reports www.example.com
Mu foda ya "malipoti" padzakhala lipoti mu html, .
w3f
- Web Application Attack ndi Audit Framework, chosatsegula chotsegula pa intaneti. Ili ndi GUI, koma mutha kugwira ntchito kuchokera ku console. Ndendende, ndi chimango ndi .
Mutha kuyankhula za zabwino zake kwa nthawi yayitali, ndibwino kuyesa :] Ntchito yofananira nayo imatsikira posankha mbiri, kufotokozera cholinga, ndikuyiyambitsa.
Mantra Security Framework
ndi maloto amene anakwaniritsidwa. Kutolere kwa zida zaulere komanso zotseguka zotetezedwa zomangidwa mumsakatuli.
Zothandiza kwambiri poyesa mapulogalamu a pa intaneti pazigawo zonse.
Kugwiritsa ntchito kumafikira pakukhazikitsa ndi kuyambitsa msakatuli.
M'malo mwake, pali zambiri zothandiza m'gululi ndipo ndizovuta kusankha mndandanda wazinthu zina. Nthawi zambiri, pentester aliyense amasankha zida zomwe akufuna.
Kudyera masuku pamutu
Kuti mugwiritse ntchito zovuta zokha komanso zosavuta, zogwiritsidwa ntchito zimalembedwa mu mapulogalamu ndi zolemba, zomwe zimangofunika kuperekedwa kuti zigwiritse ntchito dzenje lachitetezo. Ndipo pali zinthu zomwe zimachotsa kufunikira kofufuza pamanja zochitira, ndipo ngakhale kuziyika pa ntchentche. Gululi likambirana tsopano.
Makhalidwe a Metasploit
- mtundu wa chilombo mu bizinesi yathu. Akhoza kuchita zambiri kotero kuti malangizowo adzakhudza nkhani zingapo. Tidzayang'ana kugwiritsa ntchito masuku pamutu (nmap + metasploit). Mfundo yayikulu ndi iyi: Nmap isanthula doko lomwe tikufuna, kukhazikitsa ntchitoyo, ndipo metasploit idzayesa kugwiritsa ntchito zomwe zachitika potengera gulu lautumiki (ftp, ssh, etc.). M'malo mwa malangizo alemba, ndiyika kanema, wotchuka kwambiri pamutuwu autown
Kapena tikhoza kungogwiritsa ntchito zomwe tikufuna. Mwachitsanzo:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
M'malo mwake, kuthekera kwa chimango ichi ndikwambiri, kotero ngati mwaganiza zozama, pitani
Armitage
- OVA wa mtundu wa cyberpunk GUI wa Metasploit. Imawonetsa chandamale, imalimbikitsa zopambana ndipo imapereka mawonekedwe apamwamba a chimango. Kawirikawiri, kwa iwo omwe amakonda chirichonse kuti aziwoneka okongola komanso ochititsa chidwi.
Screencast:
Tenable Nessus®
- amatha kuchita zinthu zambiri, koma chimodzi mwazinthu zomwe timafunikira ndikuzindikira kuti ndi ntchito ziti zomwe zili ndi zabwino. Mtundu waulere wa "home only"
Kugwiritsa:
- Zotsitsidwa (zadongosolo lanu), zoyikidwa, zolembetsedwa (kiyi imatumizidwa ku imelo yanu).
- Inayambitsa seva, ndikuwonjezera wogwiritsa ntchito ku Nessus Server Manager (Sinthani ogwiritsa ntchito batani)
- Timapita ku adilesi
https://localhost:8834/
ndi kupeza kasitomala kung'anima mu msakatuli
- Makani -> Onjezani -> lembani minda (posankha mbiri yojambulira yomwe ikuyenera ife) ndikudina Jambulani
Patapita kanthawi, lipoti la jambulani lidzawonekera pa tabu ya Reports
Kuti muwone kusatetezeka kwa ntchito kuti mugwiritse ntchito, mutha kugwiritsa ntchito Metasploit Framework yofotokozedwa pamwambapa kapena kuyesa kupeza mwayi (mwachitsanzo, pa , , etc.) ndi ntchito pamanja motsutsa dongosolo lake
IMHO: wochuluka kwambiri. Ndinamubweretsa ngati mmodzi wa atsogoleri kumbali iyi ya makampani opanga mapulogalamu.
Automation ya jakisoni
Ambiri mwa ma sec scanner a pa intaneti amasaka jakisoni, koma akadali masikani wamba. Ndipo pali zofunikira zomwe zimagwira ntchito posaka ndikugwiritsa ntchito jakisoni. Tikambirana za iwo tsopano.
sqlmap
- chida chotseguka posaka ndikugwiritsa ntchito jakisoni wa SQL. Imathandizira ma seva a database monga: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Kugwiritsiridwa ntchito kofananira kumafika pamzerewu:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Pali mabuku okwanira, kuphatikiza mu Chirasha. Pulogalamuyi imathandizira kwambiri ntchito ya pentester pogwira ntchito pamalowa.
Ndiwonjezera chiwonetsero cha kanema wovomerezeka:
bsqlbf-v2
- perl script, brute forcer for "khungu" Sql jakisoni. Imagwira ntchito zonse ndi ma ulalo onse komanso ndi zingwe.
Database yothandizidwa:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
Mwachitsanzo:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
- url - Lumikizanani ndi magawo
-khungu u - parameter ya jakisoni (mwachikhazikitso chomaliza chimatengedwa kuchokera pa adilesi)
-sql "sankhani tebulo_name kuchokera ku imformation_schema.tables malire 1 kuchotsa 0" - pempho lathu losavomerezeka ku database
-database 1 - seva ya database: MSSQL
-mtundu 1 - mtundu wa kuukira, jekeseni "akhungu", kutengera Zoona ndi Zolakwika (mwachitsanzo, zolakwika za syntax)
Ochotsa zolakwika
Zida izi zimagwiritsidwa ntchito makamaka ndi omanga akakhala ndi vuto ndi zotsatira zakugwiritsa ntchito code yawo. Koma malangizowa ndi othandizanso pa pentesting, pamene tingathe m'malo zomwe timafuna pa ntchentche, kusanthula zomwe zimabwera poyankha magawo athu (mwachitsanzo, panthawi ya fuzzing), ndi zina zotero.
Maofesi a Burp
- mndandanda wazinthu zomwe zimathandizira pakuyesa kulowa. Zili pa intaneti mu Russian kuchokera ku Raz0r (ngakhale 2008).
Mtundu waulere umaphatikizapo:
- Burp Proxy ndi projekiti yakomweko yomwe imakulolani kuti musinthe zopempha zomwe zapangidwa kale kuchokera pa msakatuli
- Burp Spider - kangaude, amasaka mafayilo omwe alipo ndi maupangiri
- Burp Repeater - kutumiza pamanja zopempha za HTTP
- Burp Sequencer - kusanthula zachisawawa mumitundu
- Burp Decoder ndi encoder-decoder (html, base64, hex, etc.), yomwe ilipo masauzande ambiri, yomwe imatha kulembedwa mwachangu mchilankhulo chilichonse.
- Burp Comparer - Chingwe Chofananitsa Chigawo
Kwenikweni, phukusili limathetsa pafupifupi mavuto onse okhudzana ndi dera lino.
Fiddler
- Fiddler ndi projekiti yowonongeka yomwe imasunga magalimoto onse a HTTP (S). Imakulolani kuti muwone kuchuluka kwa magalimoto awa, kukhazikitsa malo opumira ndi "kusewera" ndi data yomwe ikubwera kapena yotuluka.
Palinso , chilombo ndi ena, kusankha kuli kwa wosuta.
Pomaliza
Mwachilengedwe, pentester aliyense ali ndi zida zake komanso zida zake, chifukwa ndi zambiri. Ndinayesa kutchula zina mwazosavuta komanso zodziwika bwino. Koma kuti aliyense athe kudziwa zofunikira zina kumbali iyi, ndipereka maulalo pansipa.
Mitundu / mindandanda yosiyanasiyana yama scanner ndi zofunikira
- .
Kugawa kwa Linux komwe kumaphatikizapo mulu wazinthu zosiyanasiyana zopenta
sinthani: mu Chirasha kuchokera ku gulu la "Hack4Sec" (lowonjezera )
PS Sitingathe kukhala chete za XSpider. Sichita nawo ndemanga, ngakhale ndi shareware (ndinapeza pamene ndinatumiza nkhaniyi ku SecLab, makamaka chifukwa cha izi (osati chidziwitso, ndi kusowa kwa mtundu waposachedwa wa 7.8) ndipo sindinauphatikizepo m'nkhaniyi). Ndipo mwachidziwitso, kubwereza kwa izo kunakonzedwa (ndili ndi mayesero ovuta omwe ndinakonzekera), koma sindikudziwa ngati dziko lidzawona.
PPS Zinthu zina zochokera m'nkhaniyi zidzagwiritsidwa ntchito pazolinga zake mu lipoti lomwe likubwera 2012 mu gawo la QA, lomwe lidzakhala ndi zida zomwe sizinatchulidwe apa (zaulere, ndithudi), komanso ndondomeko, momwe mungagwiritsire ntchito zomwe, zotsatira zotani zomwe mungayembekezere, masinthidwe oti agwiritse ntchito ndi mitundu yonse ya malingaliro ndi zidule pamene kugwira ntchito (ndikuganiza za lipoti pafupifupi tsiku lililonse, ndiyesetsa kukuuzani zabwino zonse za mutuwo)
Mwa njira, panali phunziro pa nkhaniyi pa Tsegulani InfoSec Days (, ), akhoza kulanda a Korovans yang'anani .
Source: www.habr.com