Pali kuchititsa kogawana, komwe seva imagwiritsidwa ntchito kuchititsa mawebusayiti angapo. Kawirikawiri, ndi kasinthidwe kameneka, gwero lirilonse liri ndi wogwiritsa ntchito yake ndi bukhu lapadera lanyumba ndi wolandira. Chifukwa chake, ngati sichinasinthidwe molakwika, mutha kupeza fayilo ya .bash_history muzowongolera zapaintaneti.
Kusaka mapasiwedi mu fayilo yamafayilo ndikuwukira pamakina oyandikana nawo
Mafayilo osinthira azinthu zosiyanasiyana amatha kuwerengedwa ndi ogwiritsa ntchito pano. Mwa iwo mutha kupeza zidziwitso m'mawu omveka bwino - mapasiwedi olowera ku database kapena mautumiki ogwirizana. Mawu achinsinsi omwewo angagwiritsidwe ntchito pofikira ku database komanso kuvomereza wogwiritsa ntchito (credential staffing).
Zimachitika kuti zidziwitso zomwe zapezeka ndi za mautumiki pa olandila ena. Kupanga kuwukira kwa zomangamanga kudzera mwa anthu omwe ali pachiwopsezo sikuli koyipa kuposa kudyera masuku pamutu ena. Makina oyandikana nawo atha kupezekanso poyang'ana ma adilesi a IP pamafayilo.
grep -lRi "password" /home /var/www /var/log 2>/dev/null | sort | uniq #Find string password (no cs) in those directories
grep -a -R -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' /var/log/ 2>/dev/null | sort -u | uniq #IPs inside logs
Ngati wolandirayo ali ndi pulogalamu yapaintaneti yomwe imapezeka pa intaneti, ndikwabwino kusiya zipika zake pakufufuza ma adilesi a IP. Maadiresi a ogwiritsa ntchito pa intaneti sangakhale othandiza kwa ife, koma maadiresi a netiweki yamkati (172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8) ndi komwe amapita, kuweruza ndi zipika. , zingakhale zosangalatsa.
sudo
Lamulo la sudo limapatsa wogwiritsa ntchito mwayi woti apereke lamulo pamizu yake pogwiritsa ntchito mawu achinsinsi kapena osagwiritsa ntchito mawu achinsinsi. Ntchito zambiri mu Linux zimafuna mwayi wokhala ndi mizu, koma kuthamanga ngati mizu kumaonedwa kuti ndi njira yoyipa kwambiri. M'malo mwake, ndi bwino kugwiritsa ntchito chilolezo chosankha kuti mupereke malamulo pamizu. Komabe, zida zambiri za Linux, kuphatikiza zokhazikika ngati vi, zitha kugwiritsidwa ntchito kukulitsa mwayi m'njira zovomerezeka. Kuti mupeze njira yoyenera, ndikupangira kuyang'ana apa.
Mukhozanso kufufuza mafayilo omwe amalembedwa ndi wogwiritsa ntchito aliyense.
find / -perm -2 -type f 2>/dev/null # find world writable files
Njirayi imadziwika bwino; oyang'anira machitidwe odziwa bwino amagwiritsa ntchito lamulo la chmod. Komabe, pa intaneti, mabuku ambiri amafotokoza za kukhazikitsa maufulu ambiri. "Ingopangitsani kuti izi zitheke" njira ya oyang'anira machitidwe osadziwa imapanga mwayi wokweza mwayi mwadongosolo. Ngati n'kotheka, ndi bwino kuyang'ana m'mbiri ya malamulo kuti mugwiritse ntchito chmod mosatetezeka.
chmod +w /path
chmod 777 /path
Kupeza mwayi wofikira kwa ogwiritsa ntchito ena
Timayang'ana mndandanda wa ogwiritsa ntchito /etc/passwd. Timatchera khutu kwa omwe ali ndi chipolopolo. Mutha kuchitira nkhanza ogwiritsa ntchito awa - ndizotheka kuti kudzera mwa wogwiritsa ntchitoyo pamapeto pake zidzatheka kuwonjezera mwayi.
Kupititsa patsogolo chitetezo, ndikupangira kuti nthawi zonse muzitsatira mfundo yamwayi wocheperako. Ndizomvekanso kuthera nthawi ndikuyang'ana masinthidwe osatetezeka omwe angakhalepo pambuyo pothetsa mavuto - iyi ndi "ntchito yaukadaulo" ya woyang'anira dongosolo.
Zolemba zokha
Ndikoyenera kuyang'anitsitsa mafayilo omwe angathe kuchitidwa mu bukhu la kunyumba la wosuta ndi seva ya intaneti (/ var/www/, pokhapokha atatchulidwa). Mafayilowa atha kukhala yankho lopanda chitetezo ndipo ali ndi ndodo zodabwitsa. Zoonadi, ngati muli ndi mtundu wina wa chimango mu bukhu la seva la intaneti, sizomveka kuyang'ana zero-day mmenemo ngati gawo la pentest, koma tikulimbikitsidwa kupeza ndi kuphunzira zosinthidwa, mapulagini ndi zigawo zikuluzikulu.
Kugwiritsiridwa ntchito uku kudzasanthula dongosolo kuti likhale loyenera kugwiritsa ntchito. M'malo mwake, igwira ntchito yofanana ndi gawo la Metasploit local_exploit_suggester, koma ipereka maulalo ogwiritsira ntchito ma code-db source m'malo mwa ma module a Metasploit.