Imwe nguva yapfuura ndakanyora nezvazvo , asi zvishoma uye mhirizhonga. Mushure mezvo ndakafunga kuwedzera rondedzero yezvishandiso muongororo, wedzera chimiro kuchinyorwa, uye nekushoropodza mufunge (zvizhinji kutenda kune zano) ndokuitumira kumakwikwi paSecLab (uye yakaburitswa , asi nokuda kwezvikonzero zvose zviri pachena hapana akamuona). Makwikwi apera, mhedzisiro yakaziviswa uye nehana yakachena ndinogona kuiburitsa (chinyorwa) paHabré.
Yemahara Webhu Yekushandisa Pentester Zvishandiso
Muchinyorwa chino ini ndichataura nezve anonyanya kufarirwa maturusi ekupinda (yekupinda bvunzo) yewebhu maapplication uchishandisa "black box" zano.
Kuti tiite izvi, isu tichatarisa zvishandiso zvichabatsira nerudzi urwu rwekuyedza. Funga nezvezvikamu zvezvigadzirwa zvinotevera:
- Network scanners
- Webhu script kukanganisa scanners
- Kushandisa
- Automation yemajekiseni
- Debuggers (vanosniffer, proxies emunharaunda, nezvimwewo)
Zvimwe zvigadzirwa zvine "character" yepasirese, saka ndichazviisa muchikamu chavanenge vaineоmhedzisiro iri nani (subjective maonero).
Network scanners.
Basa guru nderekutsvaga anowanikwa network masevhisi, kuisa mavhezheni avo, kuona iyo OS, nezvimwe.
Nmap
ndeye yemahara uye yakavhurika sosi yekushandisa yetiweki kuongororwa uye system kuchengetedza ongororo. Vanopikisa vane chisimba vekoni vanogona kushandisa Zenmap, inova GUI yeNmap.
Iyi haingori "smart" scanner, chishandiso chakakura chinowedzera (chimwe che "zvisina kujairika" kuvepo kwechinyorwa chekutarisa node yekuvapo kwehonye ""(akataura ) Muenzaniso wekushandisa:
nmap -A -T4 localhost
-A yeOS vhezheni yekuona, script scanning uye kutsvaga
-T4 nguva yekudzora kugadzika (yakawanda inokurumidza, kubva 0 kusvika 5)
localhost - target host
Chimwe chinhu chakaoma?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Iyi seti yesarudzo kubva ku "slow comprehensive scan" mbiri muZenmap. Zvinotora nguva yakareba kuti upedze, asi pakupedzisira inopa ruzivo rwakadzama runogona kuwanikwa pamusoro pechinangwa chehurongwa. , kana ukasarudza kupinda zvakadzama, ndinokurudzirawo kushandura chinyorwa .
Nmap yakapihwa chinzvimbo che "Security Product of the Year" nemagazini nemasangano akaita se Linux Chinyorwa, Nyika Yeruzivo, LinuxMibvunzo.Org uye Codetalker Digest.
Pfungwa inonakidza, Nmap inogona kuonekwa mumafirimu "The Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" uye. .
IP-Zvishandiso
- rudzi rweseti yezvishandiso zvakasiyana-siyana, inouya neGUI, "yakatsaurirwa" kune vashandisi veWindows.
Port scanner, zviwanikwa zvakagovaniswa (akagovaniswa maprinta/maforodha), WhoIs/Finger/Lookup, telnet client nezvimwe zvakawanda. Ingori nyore, inokurumidza, inoshanda chishandiso.
Iko hakuna imwe pfungwa yekufunga nezvezvimwe zvigadzirwa, sezvo kune zvakawanda zvekushandisa munzvimbo ino uye zvese zvine maitiro akafanana ekushanda uye kushanda. Zvakadaro, nmap inoramba iri iyo inonyanya kushandiswa.
Webhu script kukanganisa scanners
Kuedza kutsvaga kusasimba kwakakurumbira (SQL inj, XSS, LFI/RFI, nezvimwewo) kana zvikanganiso (zvisina kubviswa zvenguva pfupi mafaira, dhairekitori indexing, nezvimwewo)
Acunetix Web Vulnerability Scanner
- kubva pane chinongedzo unogona kuona kuti iyi xss scanner, asi ichi hachisi chokwadi zvachose. Iyo yemahara vhezheni, inowanikwa pano, inopa yakawanda kwazvo kushanda. Kazhinji, munhu anomhanyisa scanner iyi kekutanga uye anogamuchira mushumo pane yavo sosi kekutanga anosangana nekatyamadzo kadiki, uye iwe unonzwisisa kuti sei kana waita izvi. Ichi chigadzirwa chine simba kwazvo chekuongorora marudzi ese ekusagadzikana pawebhusaiti uye chinoshanda kwete chete neakajairwa PHP mawebhusaiti, asiwo mune mimwe mitauro (kunyangwe musiyano mumutauro usiri chiratidzo). Hapana imwe pfungwa pakutsanangura mirairo, sezvo scanner inongo "tora" zviito zvemushandisi. Chimwe chinhu chakafanana ne "chinotevera, chinotevera, chinotevera, chakagadzirira" mune yakajairwa kuisirwa software.
Nikto
Iyi i Open Source (GPL) web crawler. Inobvisa basa remaoko renguva dzose. Inotsvaga saiti yakanangwa yezvinyorwa zvisina kudzimwa (mamwe test.php, index_.php, nezvimwewo), dhatabhesi manejimendi maturusi (/phpmyadmin/, / pma nezvimwe zvakadaro), zvichingodaro, kureva kuti, inotarisa sosi yezvikanganiso zvinowanzoitika. kazhinji zvinokonzerwa nezvinhu zvevanhu.
Uyezve, kana ikawana imwe yakakurumbira script, inotarisa iyo yakaburitswa yakaburitswa (iyo iri mudhatabhesi).
Mishumo inowanikwa "isingadiwe" nzira dzakadai sePUT neTRACE
Zvichingoenda zvakadaro. Zviri nyore kwazvo kana ukashanda semuongorori uye kuongorora mawebhusaiti mazuva ese.
Pakati pema minuses, ndinoda kucherechedza huwandu hwepamusoro hwemashoko enhema. Semuenzaniso, kana saiti yako ichigara ichipa mhosho huru pane 404 kukanganisa (painofanirwa kuitika), ipapo scanner ichataura kuti saiti yako ine zvinyorwa zvese uye zvese zvinokanganisa kubva mudura rayo. Mukuita, izvi hazviitike kazhinji, asi sechokwadi, zvakawanda zvinoenderana nechimiro chesaiti yako.
Classic kushandiswa:
./nikto.pl -host localhost
Kana iwe uchida kupihwa mvumo pane saiti, unogona kuseta cookie munikto.conf faira, iyo STATIC-COOKIE inoshanduka.
Wikto
- Nikto pasi Windows, asi nezvimwe zvinhu zvinowedzerwa, zvakaita se fuzzy logic yekutarisa zvikanganiso, kushandiswa kweGHDB, kutora ma resource links nemafolders, uye kutarisa zvikumbiro/mhinduro dzeHTTP panguva chaiyo. Wikto yakanyorwa muC# uye inoda .NET framework.
skipfish
- web vulnerability scanner kubva (inozivikanwa selcamtuf). Yakanyorwa muC, muchinjiko-chikuva (Win inoda Cygwin). Recursively (uye kwenguva yakareba kwazvo, anenge 20 ~ 40 maawa, kunyange nguva yekupedzisira yakashanda kwandiri yaiva maawa 96) inokambaira nzvimbo yose uye inowana marudzi ose emakomba ekuchengetedza. Iyo zvakare inogadzira yakawanda traffic (yakawanda GB inouya / inobuda). Asi nzira dzese dzakanaka, kunyanya kana uine nguva uye zviwanikwa.
Mashandisiro Akajairika:
./skipfish -o /home/reports www.example.com
Mu "reports" folda pachave neshumo muhtml, .
w3af 
- Webhu Chikumbiro Kurwiswa uye Odhita Chimiro, yakavhurika-sosi webhu vulnerability scanner. Iyo ine GUI, asi iwe unogona kushanda kubva kune iyo console. Kunyanya chaizvo, iyo framework ine .
Ndingangoramba ndichitaura nezvemabhenefiti ayo, asi zviri nani kuti ndiedze :]
Basa rinowanzoitwa nayo rinobva pakusarudza purogiramu, kutsanangura chinangwa, uye, chaizvoizvo, kuivhura.
Mantra Security Framework
ihope dzakazoitika. Muunganidzwa wemahara uye akavhurika ruzivo ekuchengetedza maturusi akavakwa muwebhu browser.
Inobatsira kwazvo paunenge uchiyedza mawebhusaiti pamatanho ese.
Kushandisa kunowira pasi pakuisa uye kutanga bhurawuza.
Muchokwadi, kune zvakawanda zvekushandisa muchikamu ichi uye zvakanyanya kuoma kusarudza yakatarwa runyorwa kubva kwavari. Kazhinji, pentester yega yega inosarudza seti yezvishandiso zvaanoda.
Kushandisa
Kune otomatiki uye nyore nyore kushandisa kwekusagadzikana, zvibodzwa zvinonyorwa mumasoftware uye zvinyorwa, izvo zvinongoda kupfuudzwa maparamendi kuitira kushandisa gomba rekuchengetedza. Uye kune zvigadzirwa zvinobvisa kudikanwa kwekutsvaga nemaoko mashandisiro, uye kunyange kuzviisa panhunzi. Ichi chikamu chichakurukurwa zvino.
Metasploit Sisitimu 
- rudzi rwechikara mubhizinesi redu. Anokwanisa kuita zvakawanda zvekuti mirairo ichabata nyaya dzinoverengeka. Tichatarisa otomatiki kushandiswa (nmap + metasploit). Chinokosha ndeichi: Nmap ichaongorora chiteshi chatinoda, kuisa sevhisi, uye metasploit ichaedza kushandisa mabipo kwairi zvichienderana nekirasi yebasa (ftp, ssh, nezvimwewo). Panzvimbo pemirayiridzo yemavara, ini ndichaisa vhidhiyo, yakakurumbira pane iyo musoro wenyaya autopwn
Kana kuti isu tinogona kungogadzirisa kushanda kwekushandisa kwatinoda. Eg:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Muchokwadi, kugona kwechimiro ichi kwakakura kwazvo, saka kana ukafunga kudzika, enda
Armitage
-OVA yecyberpunk genre GUI yeMetasploit. Inoona chinangwa, inokurudzira kushandiswa uye inopa maficha epamberi eiyo chimiro. Kazhinji, kune avo vanoda zvinhu zvose kuti vataridzike zvakanaka uye zvinoshamisa.
Screencast:
Tenable Nessus®
- inogona kuita zvinhu zvakawanda, asi imwe yehunyanzvi hwatinoda kubva kwairi kuona kuti ndeapi masevhisi ane mabasa. Yemahara vhezheni yechigadzirwa "kumba chete"
Kushandisa:
- Yakatorwa (yesystem yako), yakaiswa, yakanyoreswa (kiyi inotumirwa kune yako email).
- Yakatanga sevha, yakawedzera mushandisi kuNessus Server Manager (Tonga vashandisi bhatani)
- Tinoenda kukero
https://localhost:8834/
uye tora iyo flash mutengi mubrowser
- Scans -> Wedzera -> zadza minda (nekusarudza iyo scanning profile inoenderana nesu) uye tinya Scan.
Mushure mechinguva, iyo scan report ichaonekwa muReports tab
Kuti utarise kusazvibata kwemasevhisi ekushandisa, unogona kushandisa Metasploit Framework yakatsanangurwa pamusoro kana kuedza kutsvaga kushandiswa (semuenzaniso, pa , , etc.) uye shandisa nemaoko kurwisa hurongwa hwayo
IMHO: yakawandisa. Ndakamuunza semumwe wevatungamiriri munzira iyi yeindasitiri yesoftware.
Automation yemajekiseni
Mazhinji ewebhu app sec scanner anotsvaga majekiseni, asi achiri angori general scanner. Uye kune zvishandiso zvinonyanya kubata nekutsvaga nekushandisa majekiseni. Tichataura nezvavo zvino.
sqlmap
- yakavhurika-sosi yekushandisa yekutsvaga uye kushandisa majekiseni eSQL. Inotsigira maseva edatabase akadai se: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Kushandiswa kwakajairika kunodzika kusvika kumutsara:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Kune mabhuku akakwana, kusanganisira muchiRussia. Iyo software inofambisa zvakanyanya basa repentester kana uchishanda panzvimbo iyi.
Ini ndichawedzera vhidhiyo yekuratidzira yepamutemo:
bsqlbf-v2
- perl script, brute forcer ye "bofu" Sql jekiseni. Inoshanda zvese neinteger values muurl uye ine tambo tsika.
Database inotsigirwa:
- MS-SQL
- MySQL
- PostgreSQL
- pangataura
Muenzaniso wekushandisa:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
-url - Batanidza nema parameter
-bofu u - parameter yejekiseni (nekusagadzikana iyo yekupedzisira inotorwa kubva kukero bar)
-sql "sarudza table_name kubva imformation_schema.tables muganhu 1 offset 0" - chikumbiro chedu chekupokana kune database
-database 1 - database server: MSSQL
-rudzi 1 - rudzi rwekurwisa, "bofu" jekiseni, rakavakirwa paChokwadi uye Kanganiso (semuenzaniso, zvikanganiso zvemanyorerwo) mhinduro
Debuggers
Zvishandiso izvi zvinonyanya kushandiswa nevagadziri kana vaine matambudziko nemhedzisiro yekuita kodhi yavo. Asi gwara iri rinobatsirawo pakuita pentesting, kana isu tichigona kutsiva iyo data yatinoda panhunzi, ongorora zvinouya mukupindura yedu yekuisa paramita (semuenzaniso, panguva yefuzzing), nezvimwe.
Burp Suite
- seti yezvishandiso zvinobatsira nebvunzo dzekupinda. Zviri paInternet muchiRussia kubva kuRaz0r (kunyangwe 2008).
Iyo yemahara vhezheni inosanganisira:
- Burp Proxy ipuroksi yemuno iyo inokutendera kuti ugadzirise zvakatogadzirwa zvikumbiro kubva kubrowser
- Burp Spider - spider, inotsvaga mafaera aripo uye madhairekitori
- Burp Repeater - nemaoko kutumira zvikumbiro zveHTTP
- Burp Sequencer - kuongorora zvisina kujairika maitiro mumafomu
- Burp Decoder ndeye yakajairwa encoder-decoder (html, base64, hex, nezvimwewo), ine zviuru, izvo zvinogona kunyorwa nekukurumidza chero mutauro.
- Burp Comparer - String Comparison Component
Muchidimbu, pasuru iyi inogadzirisa anenge ese matambudziko ane chekuita nenzvimbo iyi.
Fiddler
- Fiddler idhijitari proxy inodhinda yese HTTP (S) traffic. Inokutendera kuti uongorore iyi traffic, isa nzvimbo dzekuputsa uye "tamba" ne data rinopinda kana rinobuda.
Kune zvakare , chikara uye vamwe, sarudzo iri kumushandisi.
mhedziso
Nomuzvarirwo, pentester imwe neimwe ine arsenal yake uye seti yezvishandiso, sezvo paine zvakawanda zvavo. Ndakaedza kunyora mamwe akanyanya kunaka uye akakurumbira. Asi kuti chero munhu agone kujairana nezvimwe zvinoshandiswa mune ino nzira, ini ndichapa zvinongedzo pazasi.
Yakasiyana-siyana yepamusoro / rondedzero ye scanner uye zvishandiso
- .
Distributions Linux, izvo zvatova nezvimwe zvinhu zvakasiyana-siyana zvekushandisa pakugadzira pentesting
upd: muchiRussia kubva ku "Hack4Sec" timu (yakawedzerwa )
PS Hatigone kunyarara nezve XSpider. Haisi kutora chikamu muongororo, kunyangwe iri shareware (ndakawana pandakatumira chinyorwa kuSecLab, chaizvo nekuda kweizvi (kwete ruzivo, uye kushomeka kweiyo yazvino vhezheni 7.8) uye handina kuiisa muchinyorwa). Uye muchirevo, kuongororwa kwayo kwakarongwa (ndine miedzo yakaoma yakagadzirirwa iyo), asi ini handizivi kana nyika ichazviona.
PPS Zvimwe zvinhu kubva muchinyorwa zvichashandiswa kune chinangwa chayo mushumo unouya pa 2012 muchikamu cheQA, iyo ichange iine midziyo isina kutaurwa pano (yemahara, hongu), pamwe chete nealgorithm, muhurongwa hwei yekushandisa chii, chii chigumisiro chekutarisira, zvipi zvigadziriso zvekushandisa uye marudzi ose ezviyero uye mazano apo kushanda (ndinofunga nezveshumo zuva rega rega, ndichaedza kukuudza zvese zvakanaka nezve musoro wenyaya)
Nenzira, pane chidzidzo pane ichi chinyorwa pa Vhura InfoSec Mazuva (, ), Unogona kubira vaKorovans tarisa .
Source: www.habr.com
