Ropafadzo yekuwedzera iko kushandiswa neanorwisa kodzero dzazvino dzeakaundi kuti awane imwe, kazhinji nhanho yepamusoro yekuwana kune system. Nepo kukwidziridzwa kweropafadzo kungave mhedzisiro yekushandisa zero-zuva kusadzivirirwa, kana basa revatsotsi vekutanga-kirasi kuita kurwisa kwakanangwa, kana yakanyatsovanza malware, zvinowanzoitika nekuda kwekukanganisa kwekombuta kana account. Kuwedzera kurwiswa, vanorwisa vanoshandisa huwandu hwekusagadzikana kwemunhu, izvo pamwe chete zvinogona kutungamirira kune njodzi data leak.
Sei vashandisi vasingafanire kuve nekodzero dzemutungamiriri wenzvimbo?
Kana iwe uri nyanzvi yezvekuchengetedza, zvingaite sezviri pachena kuti vashandisi havafanirwe kuve nekodzero dzemaneja wenzvimbo, seizvi:
- Inoita kuti maakaunti avo ave panjodzi yekurwiswa kwakasiyana
- Zvinoita kuti kurwiswa kumwe chete uku kuve kwakanyanya
Nehurombo, kumasangano mazhinji iyi ichiri nyaya ine makakatanwa uye dzimwe nguva inoperekedzwa nenhaurirano dzinopisa (ona, semuenzaniso, ) Tisina kupinda muruzivo rwenhaurirano iyi, tinotenda kuti munhu akarwisa akawana kodzero dzemutungamiriri wenzvimbo pahurongwa huri kuferefetwa, kungave kuburikidza nekubiridzira kana nekuti michina haina kuchengetedzwa zvakanaka.
Nhanho 1 Reverse DNS Resolution nePowerShell
Nekumisikidza, PowerShell inoiswa pane dzakawanda nzvimbo dzekushandira uye pamaseva mazhinji eWindows. Uye kunyangwe zvisiri pasina kuwedzeredza kuti inoonekwa sechinhu chinoshamisa chinobatsira otomatiki uye chekudzora chishandiso, inokwanisa zvakaenzana kuzvishandura kuita iri pedyo-isingaoneki. (chirongwa chekubira icho chisingasiyi zvisaririra zvekurwisa).
Kwatiri, munhu anorwisa anotanga kuita network reconnaissance achishandisa PowerShell script, achiteedzana achidzokorora pamusoro pe network IP kero nzvimbo, achiedza kuona kana IP yakapihwa inogadzirisa kune muenzi, uye kana zvakadaro, zita retiweki remuenzi uyu.
Pane nzira dzakawanda dzekuita basa iri, asi kushandisa cmdlet ADComputer isarudzo yakasimba nekuti inodzosera yakapfuma seti yedata nezve imwe neimwe node:
import-module activedirectory Get-ADComputer -property * -filter { ipv4address -eq β10.10.10.10β}Kana kumhanya pamanetiweki makuru iri dambudziko, ipapo DNS callback inogona kushandiswa:
[System.Net.Dns]::GetHostEntry(β10.10.10.10β).HostName
Iyi nzira yekunyora mauto panetiweki yakakurumbira, sezvo mazhinji network asingashandisi zero-trust yekuchengetedza modhi uye asingatarise mukati meDNS zvikumbiro zvekufungidzira kuputika kwechiitiko.
Danho rechipiri: Sarudza chinangwa
Mhedzisiro yeichi nhanho ndeyekuwana runyorwa rwe server uye workstation hostnames anogona kushandiswa kuenderera mberi nekurwiswa.
Kubva pazita, iyo 'HUB-FILER' sevha inoita seyakakodzera chinangwa, kubvira nekufamba kwenguva, maseva efaira, sekutonga, anounganidza nhamba huru yemaforodha etiweki uye kuwana zvakanyanya kwavari nevanhu vakawandisa.
Kubhurawuza neWindows Explorer kunotitendera kuona kuvepo kweforodha yakavhurwa yakagovaniswa, asi account yedu yazvino haigone kuiwana (pamwe isu tine kodzero dzekunyora chete).
Danho rechitatu: Dzidza ACLs
Ikozvino, pane yedu HUB-FILER host uye tarisiro yekugovera, isu tinogona kumhanyisa PowerShell script kuti titore iyo ACL. Tinogona kuita izvi kubva kumuchina wemuno, sezvo isu tatova nekodzero dzemutongi wenzvimbo:
(get-acl hub-filershare).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags βautoExecution result:
Kubva pairi tinoona kuti boka reVashandisi veDomain rinongokwanisa kuwana rondedzero, asi boka reHelpdesk rinewo kodzero dzekuchinja.
Nhanho 4: Kuzivikanwa kweakaundi
Kumhanya , tinogona kuwana nhengo dzese dzeboka rino:
Get-ADGroupMember -identity Helpdesk
Mune ino runyorwa tinoona komputa account yatakatoona uye yatowana kare:
Step 5: Shandisa PSExec kumhanya sekombuta account
kubva kuMicrosoft Sysinternals inokutendera kuti uite mirairo mukati meiyo SYSTEM@HUB-SHAREPOINT system account, yatinoziva inhengo yeboka reHelpdesk rakanangana. Ndiko, isu tinongoda kuita:
PsExec.exe -s -i cmd.exeZvakanaka, saka iwe unokwanisa kuwana kuzere kune yakanangwa folda HUB-FILERshareHR, sezvo uri kushanda mumamiriro eiyo HUB-SHAREPOINT komputa account. Uye nekuwana uku, iyo data inogona kukopwa kune inotakurika chengetedzo mudziyo kana neimwe nzira kudzoserwa uye kuendeswa kunetiweki.
Danho rechitanhatu: Kuona kurwiswa uku
Iyi yakasarudzika rombo rekugadzirisa kusagadzikana (maakaundi emakombuta anowana network migove pachinzvimbo chemushandisi maakaundi kana masevhisi maakaundi) anogona kuwanikwa. Zvisinei, pasina maturusi akakodzera, izvi zvakaoma zvikuru kuita.
Kuona uye kudzivirira chikamu ichi chekurwiswa, tinogona kushandisa kuziva mapoka ane maakaundi ekombuta mukati, uye nekuramba kuwana iwo. inoenda mberi uye inobvumidza iwe kugadzira chiziviso chakanangana nemhando iyi yemamiriro.
Iyo skrini iri pazasi inoratidza chiziviso chetsika chinopisa pese pese apo account yekombuta inowana data pane inotariswa sevha.
Nhanho dzinotevera nePowerShell
Unoda kuziva zvakawanda? Shandisa "blog" yekuvhura kodhi yemahara yekuwana iyo yakazara .
Source: www.habr.com