Ngexesha elidlulileyo ndabhala malunga , kodwa incinci kwaye isiphithiphithi. Emva koko, ndaye ndagqiba ekubeni ndikhulise uluhlu lwezixhobo kuphononongo, ndongeza isakhiwo kwinqaku, kwaye ndithathele ingqalelo ukugxeka (enkosi kakhulu ukufumana iingcebiso) kwaye wayithumela kukhuphiswano lwe-SecLab (yaye yapapashwa , kodwa ngenxa yezizathu ezicacileyo akukho mntu wambonayo). Ukhuphiswano luphelile, iziphumo zibhengezwe kwaye ngesazela esicocekileyo ndinokuyipapasha (inqaku) ngoHabré.
Izixhobo zePentester zeWebhu zasimahla
Kule nqaku ndiza kuthetha ngezixhobo ezidume kakhulu zokungena (uvavanyo lokungena) kwizicelo zewebhu usebenzisa iqhinga "lebhokisi elimnyama".
Ukwenza oku, siza kujonga izixhobo eziza kunceda ngolu hlobo lovavanyo. Qwalasela ezi ndidi zemveliso zilandelayo:
- Izikena zenethiwekhi
- Izikena zokwaphulwa kweskripthi sewebhu
- Ukuxhaphaza
- Ukuzenzekela iinaliti
- Iidebuggers (abaphunga, iiproxi zalapha, njl.njl.)
Ezinye iimveliso zine "character" jikelele, ngoko ke ndiza kuzihlela kudidi aphoоisiphumo esingcono (uluvo oluphantsi).
Izikena zenethiwekhi.
Umsebenzi oyintloko kukufumanisa iinkonzo zenethiwekhi ezikhoyo, ukufaka iinguqulelo zabo, ukumisela i-OS, njl.
Nmap
sisixhobo sasimahla kunye nesivulelekileyo sokuhlalutya inethiwekhi kunye nophicotho lokhuseleko lwenkqubo. Abachasi abanobundlobongela bekhonsoli banokusebenzisa iZenmap, eyi-GUI yeNmap.
Esi ayisoskena nje “esihlakaniphileyo”, sisixhobo esinokwandiswa kakhulu (enye “yeempawu ezingaqhelekanga” bubukho beskripthi sokujonga indawo yobukho bombungu ""(ikhankanywe ). Umzekelo wokusetyenziswa oqhelekileyo:
nmap -A -T4 localhost
-A yokufunyanwa kwenguqulo ye-OS, ukuskena kweskripthi kunye nokulandela umkhondo
-T4 isethingi yokulawula ixesha (okungakumbi kuyakhawuleza, ukusuka ku-0 ukuya ku-5)
Inginginya yendawo - umamkeli ekujoliswe kuwo
Into eqinile?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Olu luluhlu lweenketho ezivela kwiprofayile "ecothayo ebanzi" kwiZenmap. Kuthatha ixesha elide ukugqiba, kodwa ekugqibeleni kubonelela ngolwazi oluthe kratya olunokufunyanwa malunga nenkqubo ekujoliswe kuyo. , ukuba uthatha isigqibo sokungena nzulu, ndikwacebisa ukuguqulela inqaku .
I-Nmap ifumene iwonga "yeMveliso yoKhuseleko yoNyaka" kwiimagazini kunye noluntu olunje ngeLinux Journal, Info World, LinuxQuestions.Org kunye neCodetalker Digest.
Inqaku elinomdla, iNmap inokubonwa kwiifilimu "I-Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" kunye .
IP-Izixhobo
- uhlobo lweseti yezixhobo ezahlukeneyo zenethiwekhi, iza ne-GUI, "enikezelweyo" kubasebenzisi beWindows.
Isikena sezibuko, izibonelelo ekwabelwana ngazo (abashicileli ekwabelwana ngazo/iifolda), WhoIs/Finger/Lookup, telnet client nokunye okuninzi. Isixhobo nje esifanelekileyo, esikhawulezayo, esisebenzayo.
Akukho ngongoma ethile ekuqwalaseleni ezinye iimveliso, kuba zininzi izinto eziluncedo kule ndawo kwaye zonke zinemigaqo efanayo yokusebenza kunye nokusebenza. Nangona kunjalo, i-nmap ihlala iyeyona isetyenziswa ngokuqhelekileyo.
Izikena zokwaphulwa kweskripthi sewebhu
Ukuzama ukufumana ubuthathaka obudumileyo (SQL inj, XSS, LFI/RFI, njl.)
Iskena esiSengozini seWebhu ye-Acunetix
- ukusuka kwikhonkco unokubona ukuba esi siskena se-xss, kodwa oku akuyonyani ngokupheleleyo. Inguqulelo yasimahla, ekhoyo apha, ibonelela ngokusebenza okuninzi. Ngokuqhelekileyo, umntu oqhuba le scanner okokuqala kwaye ufumana ingxelo kwisixhobo sabo okokuqala ufumana ukothuka okuncinci, kwaye uya kuqonda ukuba kutheni ukwenzile oku. Le yimveliso enamandla kakhulu yokuhlalutya zonke iintlobo zobuthathaka kwiwebhusayithi kwaye ayisebenzi kuphela ngewebhusayithi ye-PHP eqhelekileyo, kodwa nangezinye iilwimi (nangona umahluko kulwimi ungelophawu). Akukho ngongoma ethile ekuchazeni imiyalelo, ekubeni iskena "sithatha" nje izenzo zomsebenzisi. Into efana "nelandelayo, elandelayo, elandelayo, ilungile" kufakelo lwesoftware eqhelekileyo.
Nikto
Lo nguMthombo oVulekileyo (GPL) umkhangeli wewebhu. Uphelisa umsebenzi wezandla oqhelekileyo. Iphendla indawo ekujoliswe kuyo kwizikripthi ezingacinywanga (ezinye test.php, index_.php, njl.), izixhobo zolawulo lwesiseko sedata (/phpmyadmin/, /pma nokunye okunjalo), njalo njalo, oko kukuthi, ijonga uvimba wezona mpazamo zixhaphakileyo. ngokuqhelekileyo kubangelwa yimiba yabantu.
Ngaphezu koko, ukuba ifumana iskripthi esidumileyo, iyasijonga ngokusetyenziswa okukhutshiweyo (ezikwisiseko sedatha).
Iingxelo ziyafumaneka iindlela "ezingafunwayo" ezifana ne-PUT kunye ne-TRACE
Kwaye nangokunjalo. Kulula kakhulu ukuba usebenza njengomphicothi-zincwadi kwaye uhlalutye iiwebhusayithi yonke imihla.
Kwimizuzu, ndingathanda ukuqaphela ipesenteji ephezulu yeengxelo zobuxoki. Ngokomzekelo, ukuba isayithi lakho lihlala linika impazamo enkulu endaweni yempazamo ye-404 (xa kufuneka yenzeke), ke iskena siya kuthi indawo yakho iqulethe zonke izikripthi kunye nazo zonke iziphene ezivela kwi-database yayo. Ngokwenyani, oku akwenzeki rhoqo, kodwa njengenyani, okuninzi kuxhomekeke kubume bendawo yakho.
Usetyenziso lwakudala:
./nikto.pl -host localhost
Ukuba ufuna ukugunyaziswa kwisayithi, unokuseta icookie kwifayile ye-nikto.conf, i-STATIC-COOKIE eguquguqukayo.
Wikto
-I-Nikto ye-Windows, kodwa ngezinye izongezo, ezinje ngengqiqo "engaqondakaliyo" xa ujonga ikhowudi yeempazamo, usebenzisa i-GHDB, ukufumana amakhonkco kunye neefolda zemithombo, ukujonga ixesha lokwenyani kwezicelo / iimpendulo ze-HTTP. IWikto ibhalwe kwi C# kwaye ifuna isakhelo se.NET.
skipfish
- web vulnerability scanner ukusuka (eyaziwa ngokuba yi-lcamtuf). Ibhalwe kwi-C, i-cross-platform (i-Win ifuna i-Cygwin). Ngokuphindaphindiweyo (kwaye ixesha elide kakhulu, malunga ne-20 ~ iiyure ze-40, nangona ixesha lokugqibela elisebenza kum laliyi-96 iiyure) likhasa yonke indawo kwaye lifumana zonke iintlobo zemingxuma yokhuseleko. Ikwavelisa i-traffic eninzi (ii-GB ezininzi ezingenayo / eziphumayo). Kodwa zonke iindlela zilungile, ngakumbi ukuba unexesha kunye nezixhobo.
Ukusetyenziswa okuqhelekileyo:
./skipfish -o /home/reports www.example.com
Kwifolda "yeengxelo" kuya kubakho ingxelo kwi-html, .
w3f
-Uhlaselo lweSicelo seWebhu kunye neSikhokelo soPhicotho, iskena sobungozi bewebhu esivulelekileyo. Ine-GUI, kodwa unokusebenza kwi-console. Ngokuchanekileyo, sisikhokelo nge .
Unokuthetha malunga nezibonelelo zayo ixesha elide, kungcono uzame :]
Umsebenzi oqhelekileyo kunye nayo wehla ekukhetheni iprofayili, ichaza injongo kwaye, ngokwenene, ukuyisungula.
Isakhelo soKhuseleko lweMantra
liphupha elazaliseka. Ingqokelela yezixhobo zokhuseleko zolwazi zasimahla nezivulelekileyo ezakhelwe kwisikhangeli sewebhu.
Iluncedo kakhulu xa uvavanya usetyenziso lwewebhu kuwo onke amanqanaba.
Ukusetyenziswa kubilisa ekufakeni nasekuqaliseni isikhangeli.
Ngapha koko, zininzi izinto eziluncedo kolu didi kwaye kunzima kakhulu ukukhetha uluhlu oluthile kubo. Amaxesha amaninzi, i-pentester nganye ikhetha isethi yezixhobo azifunayo.
Ukuxhaphaza
Ukuxhaphazwa okuzenzekelayo kunye nokulungeleka ngakumbi kobuthathaka, ukuxhaphaza kubhaliwe kwisofthiwe kunye nezikripthi, ezifuna ukugqithiswa kuphela iiparameters ukwenzela ukuxhaphaza umngxuma wokhuseleko. Kwaye kukho iimveliso eziphelisa imfuneko yokukhangela ngokusetyenziswa ngesandla, kwaye zide zisebenzise kwi-fly. Olu didi luza kuxoxwa ngoku.
I-Metasploit Framework
- uhlobo lwe-monster kwishishini lethu. Unokwenza okuninzi kangangokuba imiyalelo iya kugubungela amanqaku amaninzi. Siza kujonga ukuxhaphaza ngokuzenzekelayo (nmap + metasploit). Undoqo ngulo: I-Nmap iya kuhlalutya izibuko esilidingayo, ifake inkonzo, kwaye i-metasploit iya kuzama ukusebenzisa i-exploit kuyo ngokusekelwe kudidi lwenkonzo (ftp, ssh, njl.). Endaweni yemiyalelo yombhalo, ndiza kufaka ividiyo, edume kakhulu kwisihloko esizenzekelayo
Okanye sinokwenza ngokuzenzekelayo ukusebenza kokuxhaphaza esikufunayo. Umzekelo:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Enyanisweni, izakhono zesi sikhokelo zibanzi kakhulu, ngoko ke ukuba uthatha isigqibo sokungena nzulu, yiya kuyo
Ukumiswa
-I-OVA ye-cyberpunk genre GUI ye-Metasploit. Ukubona oko kujoliswe kuko, kucebise ukuxhaphaza kwaye kubonelele ngeempawu eziphambili zesakhelo. Ngokubanzi, kwabo bathanda yonke into ukuba ibonakale intle kwaye iyamangalisa.
Screencast:
I-Nessus® enokuQeshelwa
- inokwenza izinto ezininzi, kodwa esinye sesakhono esisidingayo kuyo kukugqiba ukuba zeziphi iinkonzo ezinomsebenzi. Inguqulelo yasimahla yemveliso “ekhaya kuphela”
Sebenzisa:
- Ikhutshelwe (yenkqubo yakho), ifakiwe, ibhalisiwe (isitshixo sithunyelwa kwi-imeyile yakho).
- Yaqala iseva, yongeza umsebenzisi kuMphathi weSeva yeNessus (Lawula iqhosha labasebenzisi)
- Siya kwidilesi
https://localhost:8834/
kwaye ufumane umxhasi weflash kwisikhangeli
- Izikena -> Yongeza -> gcwalisa iindawo (ngokukhetha iprofayile yokuskena esifanelana nathi) kwaye ucofe Skena
Emva kwexesha elithile, ingxelo yokuskena iya kuvela kwisithuba seeNgxelo
Ukujonga ubuthathaka obusebenzayo beenkonzo zokuxhaphaza, ungasebenzisa iMetasploit Framework echazwe ngasentla okanye uzame ukufumana inzuzo (umzekelo, kwi. , , njl) kwaye uyisebenzise ngesandla ngokuchaseneyo inkqubo yayo
IMHO: ininzi kakhulu. Ndimzise njengenye yeenkokeli kweli cala loshishino lwesoftware.
Ukuzenzekela iinaliti
Uninzi lwe-web app sec scanners zikhangela iinaliti, kodwa ziseziskena nje jikelele. Kwaye kukho izinto eziluncedo ezijongana ngokukodwa nokukhangela kunye nokuxhaphaza iinaliti. Siza kuthetha ngazo ngoku.
sqlmap
- Uncedo oluvulelekileyo lokukhangela kunye nokusebenzisa iinaliti zeSQL. Ixhasa iiseva zedathabheyisi ezifana ne: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Ukusetyenziswa okuqhelekileyo kuya kumgca:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Kukho iimanyuwali ezaneleyo, kubandakanywa nesiRashiya. Isoftware iququzelela kakhulu umsebenzi wepentester xa usebenza kule ndawo.
Ndizakongeza umboniso osemthethweni wevidiyo:
bsqlbf-v2
- i-perl script, i-brute force for "imfama" ye-Sql injections. Isebenza zombini ngenani elipheleleyo kwi-url kunye namaxabiso omtya.
Uvimba weenkcukacha uyaxhaswa:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
Ukusetyenziswa umzekelo:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
-url - Ikhonkco kunye neeparamitha
-imfama u — iparameter yesitofu (ngokungagqibekanga eyokugqibela ithathwa kwibar yedilesi)
-sql "khetha i-table_name kwi-imformation_schema.tables umda we-1 offset 0" - isicelo sethu esingenasizathu kwisiseko sedatha
-isiseko sedatha 1 — iseva yedatha: MSSQL
-uhlobo 1 — uhlobo lohlaselo, inaliti “eyimfama”, esekwe kwiNyaniso kunye nempazamo (umzekelo, iimpazamo zesintaksi) iimpendulo
Debuggers
Ezi zixhobo zisetyenziswa ikakhulu ngabaphuhlisi xa beneengxaki ngeziphumo zokwenza ikhowudi yabo. Kodwa olu lathiso lukwaluncedo kwi-pentesting, xa sinokuthi sithathe indawo yedatha esiyidingayo kwi-fly, sihlalutye oko kuza ekuphenduleni iiparitha zethu zokufaka (umzekelo, ngexesha lokuxubha), njl.
I-Burp Suite
- iseti yezinto eziluncedo ezinceda kuvavanyo lokungena. Ikwi-Intanethi ngesiRashiya ukusuka eRaz0r (nangona i-2008).
Inguqulelo yasimahla ibandakanya:
- Ummeli weBurp ngummeli wasekhaya okuvumela ukuba uguqule izicelo esele zenziwe kumkhangeli zincwadi
- Burp Spider - spider, ikhangela iifayile ezikhoyo kunye nabalawuli
- Burp Repeater-ithumela izicelo zeHTTP ngesandla
- I-Burp Sequencer-ukuhlalutya amaxabiso angaqhelekanga kwiifom
- IBurp Decoder yi-encoder-decoder esemgangathweni (html, base64, hex, njl.), apho kukho amawaka, anokubhalwa ngokukhawuleza kulo naluphi na ulwimi.
- Burp Comparer - Umtya Comparison Component
Ngokomgaqo, le phakheji isombulula phantse zonke iingxaki ezinxulumene nale ndawo.
umfilisi
-I-Fiddler yi-proxy yokulungisa i-proxy efaka zonke iitrafikhi ze-HTTP (S). Ikuvumela ukuba uhlole le traffic, usete iindawo zokuphumla kwaye "udlale" ngedatha engenayo okanye ephumayo.
Kukho kwakhona , irhamncwa kunye nabanye, ukhetho luxhomekeke kumsebenzisi.
isiphelo
Ngokwemvelo, i-pentester nganye ine-arsenal yayo kunye nesethi yakhe yezinto eziluncedo, kuba zininzi zazo. Ndizamile ukudwelisa ezinye zezona ziluncedo nezithandwayo. Kodwa ukuze nabani na aziqhelanise nezinye izinto eziluncedo kweli cala, ndiya kubonelela ngamakhonkco angezantsi.
Imiphezulu eyahlukeneyo/uluhlu lweskena kunye nezinto eziluncedo
- .
Unikezelo lweLinux olusele lubandakanya iqela lezinto eziluncedo zokuvavanya
hlaziya: ngesiRashiya kwiqela le "Hack4Sec" (yongeziweyo )
P.S. Asikwazi ukuthula malunga neXSpider. Ayithathi nxaxheba ekuphononongweni, nangona i-shareware (ndiyifumene xa ndithumela inqaku kwi-SecLab, ngokwenene ngenxa yale nto (kungekhona ulwazi, kunye nokungabikho kwenguqulo yamva nje ye-7.8) kwaye andizange ndiyifake kwinqaku). Kwaye kwithiyori, ukuphononongwa kwayo kwakucwangcisiwe (ndineemvavanyo ezinzima ezilungiselelwe yona), kodwa andiyazi ukuba ihlabathi liya kuyibona.
P.P.S. Ezinye izinto ezivela kwinqaku ziya kusetyenziselwa injongo ekujoliswe kuyo kwingxelo ezayo apha I-2012 kwicandelo le-QA, eliya kuqulatha izixhobo ezingakhankanywanga apha (mahhala, kunjalo), kunye ne-algorithm, ngendlela yokusebenzisa ntoni, yintoni umphumo wokulindela, yintoni ulungelelwaniso olunokusetyenziswa kunye nazo zonke iintlobo zeengcebiso kunye namaqhinga xa ukusebenza (ndicinga malunga nengxelo phantse yonke imihla, ndiya kuzama ukukuxelela konke okuhle malunga nesihloko sesihloko)
Ngendlela, kwakukho isifundo kweli nqaku kwi Vula Iintsuku ze-InfoSec (, ), unako ukuphanga amaKorovans Thatha ujongo .
umthombo: www.habr.com