Kunonoka kusaina kwakajairika kune chero kambani huru. Chibvumirano pakati paTom Hunter nechitoro chimwe chezvipfuyo zvekunyatsopentesa chaive chimwe chete. Taifanira kutarisa webhusaiti, network yemukati, uye kunyange kushanda Wi-Fi.
Hameno kuti maoko angu aikwenya nyangwe maformalities ese asati agadziriswa. Zvakanaka, ingotarisa saiti kana zvikaitika, hazvigoneke kuti chitoro chinozivikanwa se "The Hound of the Baskervilles" chichaita zvikanganiso pano. Mazuva mashoma gare gare, Tom akazounzwa chibvumirano chepakutanga chakasainwa - panguva ino, pamusoro pekapu yechitatu yekofi, Tom kubva kuCMS yemukati akaongororwa nekufarira mamiriro edzimba dzekuchengetera zvinhu ...
Source:
Asi zvakange zvisingaite kubata zvakawanda muCMS - vatariri vesaiti vakarambidza Tom Hunter's IP. Kunyangwe zvingave zvichibvira kuva nenguva yekugadzira mabhonasi pane kadhi rechitoro uye kudyisa katsi yako inodiwa pane zvakachipa kwemwedzi yakawanda ... "Kwete nguva ino, Darth Sidious," Tom akafunga achinyemwerera. Zvingave zvisinganyanyi kunakidza kubva kunzvimbo yewebhusaiti kuenda kunetiweki yemunharaunda, asi zviri pachena kuti zvikamu izvi hazvina kubatana kune mutengi. Zvakadaro, izvi zvinowanzoitika mumakambani makuru kwazvo.
Mushure mezvose, Tom Hunter akazvishongedza neakaunti yeVPN yakapihwa ndokuenda kunetiweki yemunharaunda. Iyo account yaive mukati meiyo Active Directory domain, saka zvaive zvichikwanisika kurasa AD pasina chero akakosha manomano - kudhiza ruzivo rwese rwunowanikwa pachena nezvevashandisi nemichina inoshanda.
Tom akatanga iyo adfind utility uye akatanga kutumira zvikumbiro zveLDAP kune iyo domain controller. Nesefa pane chinhu Class kirasi, kudoma munhu sehunhu. Mhinduro yakadzoka neinotevera chimiro:
dn:CN=ΠΠΎΡΡΡ,CN=Users,DC=domain,DC=local
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>cn: ΠΠΎΡΡΡ
>description: ΠΡΡΡΠΎΠ΅Π½Π½Π°Ρ ΡΡΠ΅ΡΠ½Π°Ρ Π·Π°ΠΏΠΈΡΡ Π΄Π»Ρ Π΄ΠΎΡΡΡΠΏΠ° Π³ΠΎΡΡΠ΅ΠΉ ΠΊ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΡ ΠΈΠ»ΠΈ Π΄ΠΎΠΌΠ΅Π½Ρ
>distinguishedName: CN=ΠΠΎΡΡΡ,CN=Users,DC=domain,DC=local
>instanceType: 4
>whenCreated: 20120228104456.0Z
>whenChanged: 20120228104456.0ZPamusoro peizvi, pakanga paine ruzivo rwakawanda runobatsira, asi chinonyanya kufadza chaive mune > tsananguro: > tsananguro ndima. Uku kutaura paakaundi - inzvimbo iri nyore yekuchengeta zvinyorwa zvidiki. Asi vatariri vemutengi vakasarudza kuti mapassword anogona kugara ipapo chinyararire. Ndiani, shure kwezvose, angave achifarira izvi zvinyorwa zvisingakoshi zvepamutemo? Saka mazwi akagamuchirwa naTom aive:
Π‘ΠΎΠ·Π΄Π°Π» ΠΠ΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡ, 2018.11.16 7po!*VqnIwe haufanire kunge uri roketi sainzi kuti unzwisise kuti nei kusanganiswa kumagumo kunobatsira. Chakanga chasara ndechekuparura iyo hombe yekupindura faira kubva kuCD uchishandisa > tsananguro ndima: uye apa vaive - 20 login-password pairs. Uyezve, vangangosvika hafu vane kodzero dzekuwana RDP. Kwete bhiriji rakashata, nguva yekuparadzanisa mauto anorwisa.
network
MaHounds anosvikika emabhora eBaskerville aive achiyeuchidza guta guru mumhirizhonga yaro yese uye kusatarisika. Nemushandisi uye RDP profiles, Tom Hunter aive mukomana akaputsika muguta rino, asi kunyangwe akakwanisa kuona zvinhu zvakawanda kuburikidza nemahwindo anopenya emitemo yekuchengetedza.
Zvikamu zvemaseva efaira, maakaundi eakaunzi, uye kunyange zvinyorwa zvine chekuita nazvo zvese zvakaiswa pachena. Mune zvigadziriso zveimwe yeaya zvinyorwa, Tom akawana iyo MS SQL hash yemushandisi mumwechete. Mashiripiti mashoma echisimba - uye hashi yemushandisi yakashanduka kuita password yakajeka. Kutenda kuna John The Ripper uye Hashcat.
Kiyi iyi inofanirwa kunge yakwana chipfuva. Chipfuva chakawanikwa, uye chiizve, gumi zvakare "zvipfuva" ββzvakabatana nazvo. Uye mukati mevatanhatu vakaisa ... superuser kodzero, nt chiremera system! Pavaviri vavo takakwanisa kumhanya xp_cmdshell yakachengetwa maitiro uye kutumira cmd mirairo kuWindows. Chii chimwe chaungade?
Domain controllers
Tom Hunter akagadzirira kurova kwechipiri kwevatongi vedomasi. Paiva nevatatu vavo mu "Imbwa dzeBaskervilles" network, maererano nehuwandu hwemaseva ari kure. Imwe neimwe domain controller ine yeruzhinji folda, seyakavhurika yekuratidzira kesi muchitoro, padhuze neapo mukomana murombo mumwe chete Tom anorembera kunze.
Uye panguva ino mukomana wacho akaita rombo rakanaka zvakare - vakakanganwa kubvisa script kubva pane yekuratidzira kesi, apo yemunharaunda server admin password yaive hardcoded. Saka nzira yekuenda kune domain controller yaive yakavhurika. Pinda, Tom!
Apa kubva pahuroyi hat yakadhonzwa , avo vakawana purofiti kubva kune akati wandei domain administrator. Tom Hunter akawana mukana kune ese machina pane network yemuno, uye kuseka kwadhiabhorosi kwakavhundutsa katsi kubva pachigaro chinotevera. Nzira iyi yaive ipfupi pane yaitarisirwa.
Nzvimbo isingaperi
Kuyeuka kwaWannaCry naPetya kuchiri kurarama mupfungwa dzevapentester, asi mamwe maadmins anoita kunge akanganwa nezve ransomware mukuyerera kwedzimwe nhau dzemanheru. Tom akawana node nhatu dzine njodzi muSMB protocol - CVE-2017-0144 kana EternalBlue. Uku ndiko kusagadzikana kwakafanana kwakashandiswa kugovera WannaCry nePetya ransomware, kusagadzikana kunobvumira kodhi isina kujeka kuti iitwe pamugamuchiri. Pane imwe yenzvimbo dzisina njodzi pakanga paine domain admin chikamu - "exploit and get it." Chii chaungaite, nguva haina kudzidzisa munhu wese.
"Imbwa yeBasterville"
Makirasi ekuchengetedza ruzivo anoda kudzokorora kuti iyo isina kusimba poindi yechero system munhu. Waona kuti musoro wepamusoro hauenderane nezita rechitoro? Zvichida havasi vose vanonyatsoteerera.
Mutsika dzakanakisa dzehuvhavhavhavhavhavhavha, Tom Hunter akanyoresa domain inosiyana netsamba imwe kubva ku"Hounds of the Baskervilles" domain. Kero yetsamba iri padhomeini iyi yakatevedzera kero yechitoro chekuchengetedza ruzivo. Mukufamba kwemazuva mana kubva na4:16 kusvika 00:17, tsamba inotevera yakatumirwa zvakafanana kumakero mazana matatu nemakumi matanhatu kubva kukero yenhema:
Zvichida, husimbe hwavo chete hwakaponesa vashandi kubva mukudonha kwemapassword. Pamatsamba mazana matatu nemakumi matanhatu, makumi matanhatu neimwe chete akavhurwa - sevhisi yekuchengetedza haina kufarirwa zvakanyanya. Asi zvakazove nyore.
Phishing peji
Vanhu makumi mana nevatanhatu vakadzvanya pane chinongedzo uye vangangoita hafu - vashandi makumi maviri nevaviri - havana kutarisa kero kero uye vakadzikama vakaisa yavo logins nemapassword. Kubata kwakanaka, Tom.
Wi-Fi network
Zvino pakanga pasisina chikonzero chekuvimba nekubatsira kwekatsi. Tom Hunter akakanda zvimedu zvesimbi musedan yake yekare ndokuenda kuhofisi yeHound of the Baskervilles. Kushanya kwake hakuna kubvumirana: Tom aienda kunoedza Wi-Fi yemutengi. Munzvimbo yekupaka yenzvimbo yebhizinesi maive nenzvimbo dzinoverengeka dzemahara dzaive zviri nyore kuverengerwa mukati meiyo inotarirwa network. Sezviri pachena, ivo havana kufunga zvakanyanya nezve kudzikisira kwayo - sekunge vatungamiriri vaingorongedza mapoinzi ekupindura chero kunyunyuta nezve isina simba Wi-Fi.
WPA/WPA2 PSK kuchengetedza inoshanda sei? Encryption pakati penzvimbo yekupinda nevatengi inopihwa nekiyi yepre-session - Pairwise Transient Key (PTK). PTK inoshandisa Pre-Shared Key uye mamwe mashanu paramita - SSID, Authenticator Nounce (Anounce), Supplicant Nounce (SNounce), nzvimbo yekupinda uye kero yemutengi MAC. Tom akabata ese mashanu paramita, uye ikozvino chete Pre-Kugovaniswa Kiyi yakanga isipo.
Iyo Hashcat yekushandisa yakadhawunirodha iyi isipo chinongedzo mune angangoita 50 maminetsi - uye gamba redu rakaguma mune yevaenzi network. Kubva pairi iwe waitoona iyo inoshanda - zvisingaite, apa Tom akakwanisa password mukati memaminitsi mapfumbamwe. Uye zvese izvi pasina kusiya nzvimbo yekupaka, pasina chero VPN. Iyo network yekushanda yakavhura mukana wezviitiko zvinotyisa zvegamba redu, asi iye ... haana kumbowedzera mabhonasi pakadhi rechitoro.
Tom akambomira akatarisa wachi yake, akakanda mabhengi patafura uye, akati zvakanaka, akabuda mucafe. Pamwe ipentest zvakare, kana kuti yapinda Ndafunga kunyora...
Source: www.habr.com