Ngexesha elidlulileyo ndabhala malunga
Izixhobo zePentester zeWebhu zasimahla
Kule nqaku ndiza kuthetha ngezixhobo ezidume kakhulu zokungena (uvavanyo lokungena) kwizicelo zewebhu usebenzisa iqhinga "lebhokisi elimnyama".
Ukwenza oku, siza kujonga izixhobo eziza kunceda ngolu hlobo lovavanyo. Qwalasela ezi ndidi zemveliso zilandelayo:
- Izikena zenethiwekhi
- Izikena zokwaphulwa kweskripthi sewebhu
- Ukuxhaphaza
- Ukuzenzekela iinaliti
- Iidebuggers (abaphunga, iiproxi zalapha, njl.njl.)
Ezinye iimveliso zine "character" jikelele, ngoko ke ndiza kuzihlela kudidi aphoоisiphumo esingcono (uluvo oluphantsi).
Izikena zenethiwekhi.
Umsebenzi oyintloko kukufumanisa iinkonzo zenethiwekhi ezikhoyo, ukufaka iinguqulelo zabo, ukumisela i-OS, njl.
Nmap
Esi ayisoskena nje “esihlakaniphileyo”, sisixhobo esinokwandiswa kakhulu (enye “yeempawu ezingaqhelekanga” bubukho beskripthi sokujonga indawo yobukho bombungu "
nmap -A -T4 localhost
-A yokufunyanwa kwenguqulo ye-OS, ukuskena kweskripthi kunye nokulandela umkhondo
-T4 isethingi yokulawula ixesha (okungakumbi kuyakhawuleza, ukusuka ku-0 ukuya ku-5)
Inginginya yendawo - umamkeli ekujoliswe kuwo
Into eqinile?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Olu luluhlu lweenketho ezivela kwiprofayile "ecothayo ebanzi" kwiZenmap. Kuthatha ixesha elide ukugqiba, kodwa ekugqibeleni kubonelela ngolwazi oluthe kratya olunokufunyanwa malunga nenkqubo ekujoliswe kuyo.
I-Nmap ifumene iwonga "yeMveliso yoKhuseleko yoNyaka" kwiimagazini kunye noluntu olunje ngeLinux Journal, Info World, LinuxQuestions.Org kunye neCodetalker Digest.
Inqaku elinomdla, iNmap inokubonwa kwiifilimu "I-Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" kunye
IP-Izixhobo
Isikena sezibuko, izibonelelo ekwabelwana ngazo (abashicileli ekwabelwana ngazo/iifolda), WhoIs/Finger/Lookup, telnet client nokunye okuninzi. Isixhobo nje esifanelekileyo, esikhawulezayo, esisebenzayo.
Akukho ngongoma ethile ekuqwalaseleni ezinye iimveliso, kuba zininzi izinto eziluncedo kule ndawo kwaye zonke zinemigaqo efanayo yokusebenza kunye nokusebenza. Nangona kunjalo, i-nmap ihlala iyeyona isetyenziswa ngokuqhelekileyo.
Izikena zokwaphulwa kweskripthi sewebhu
Ukuzama ukufumana ubuthathaka obudumileyo (SQL inj, XSS, LFI/RFI, njl.)
Iskena esiSengozini seWebhu ye-Acunetix
Nikto
Ngaphezu koko, ukuba ifumana iskripthi esidumileyo, iyasijonga ngokusetyenziswa okukhutshiweyo (ezikwisiseko sedatha).
Iingxelo ziyafumaneka iindlela "ezingafunwayo" ezifana ne-PUT kunye ne-TRACE
Kwaye nangokunjalo. Kulula kakhulu ukuba usebenza njengomphicothi-zincwadi kwaye uhlalutye iiwebhusayithi yonke imihla.
Kwimizuzu, ndingathanda ukuqaphela ipesenteji ephezulu yeengxelo zobuxoki. Ngokomzekelo, ukuba isayithi lakho lihlala linika impazamo enkulu endaweni yempazamo ye-404 (xa kufuneka yenzeke), ke iskena siya kuthi indawo yakho iqulethe zonke izikripthi kunye nazo zonke iziphene ezivela kwi-database yayo. Ngokwenyani, oku akwenzeki rhoqo, kodwa njengenyani, okuninzi kuxhomekeke kubume bendawo yakho.
Usetyenziso lwakudala:
./nikto.pl -host localhost
Ukuba ufuna ukugunyaziswa kwisayithi, unokuseta icookie kwifayile ye-nikto.conf, i-STATIC-COOKIE eguquguqukayo.
Wikto
skipfish
Ukusetyenziswa okuqhelekileyo:
Kwifolda "yeengxelo" kuya kubakho ingxelo kwi-html,
w3f
Unokuthetha malunga nezibonelelo zayo ixesha elide, kungcono uzame :]
Umsebenzi oqhelekileyo kunye nayo wehla ekukhetheni iprofayili, ichaza injongo kwaye, ngokwenene, ukuyisungula.
Isakhelo soKhuseleko lweMantra
Iluncedo kakhulu xa uvavanya usetyenziso lwewebhu kuwo onke amanqanaba.
Ukusetyenziswa kubilisa ekufakeni nasekuqaliseni isikhangeli.
Ngapha koko, zininzi izinto eziluncedo kolu didi kwaye kunzima kakhulu ukukhetha uluhlu oluthile kubo. Amaxesha amaninzi, i-pentester nganye ikhetha isethi yezixhobo azifunayo.
Ukuxhaphaza
Ukuxhaphazwa okuzenzekelayo kunye nokulungeleka ngakumbi kobuthathaka, ukuxhaphaza kubhaliwe kwisofthiwe kunye nezikripthi, ezifuna ukugqithiswa kuphela iiparameters ukwenzela ukuxhaphaza umngxuma wokhuseleko. Kwaye kukho iimveliso eziphelisa imfuneko yokukhangela ngokusetyenziswa ngesandla, kwaye zide zisebenzise kwi-fly. Olu didi luza kuxoxwa ngoku.
I-Metasploit Framework
Okanye sinokwenza ngokuzenzekelayo ukusebenza kokuxhaphaza esikufunayo. Umzekelo:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Enyanisweni, izakhono zesi sikhokelo zibanzi kakhulu, ngoko ke ukuba uthatha isigqibo sokungena nzulu, yiya kuyo
Ukumiswa
Screencast:
I-Nessus® enokuQeshelwa
Sebenzisa:
- Ikhutshelwe (yenkqubo yakho), ifakiwe, ibhalisiwe (isitshixo sithunyelwa kwi-imeyile yakho).
- Yaqala iseva, yongeza umsebenzisi kuMphathi weSeva yeNessus (Lawula iqhosha labasebenzisi)
- Siya kwidilesi
https://localhost:8834/
kwaye ufumane umxhasi weflash kwisikhangeli
- Izikena -> Yongeza -> gcwalisa iindawo (ngokukhetha iprofayile yokuskena esifanelana nathi) kwaye ucofe Skena
Emva kwexesha elithile, ingxelo yokuskena iya kuvela kwisithuba seeNgxelo
Ukujonga ubuthathaka obusebenzayo beenkonzo zokuxhaphaza, ungasebenzisa iMetasploit Framework echazwe ngasentla okanye uzame ukufumana inzuzo (umzekelo, kwi.
IMHO: ininzi kakhulu. Ndimzise njengenye yeenkokeli kweli cala loshishino lwesoftware.
Ukuzenzekela iinaliti
Uninzi lwe-web app sec scanners zikhangela iinaliti, kodwa ziseziskena nje jikelele. Kwaye kukho izinto eziluncedo ezijongana ngokukodwa nokukhangela kunye nokuxhaphaza iinaliti. Siza kuthetha ngazo ngoku.
sqlmap
Ukusetyenziswa okuqhelekileyo kuya kumgca:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Kukho iimanyuwali ezaneleyo, kubandakanywa nesiRashiya. Isoftware iququzelela kakhulu umsebenzi wepentester xa usebenza kule ndawo.
Ndizakongeza umboniso osemthethweni wevidiyo:
bsqlbf-v2
Uvimba weenkcukacha uyaxhaswa:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
Ukusetyenziswa umzekelo:
-url
-imfama u — iparameter yesitofu (ngokungagqibekanga eyokugqibela ithathwa kwibar yedilesi)
-sql "khetha i-table_name kwi-imformation_schema.tables umda we-1 offset 0" - isicelo sethu esingenasizathu kwisiseko sedatha
-isiseko sedatha 1 — iseva yedatha: MSSQL
-uhlobo 1 — uhlobo lohlaselo, inaliti “eyimfama”, esekwe kwiNyaniso kunye nempazamo (umzekelo, iimpazamo zesintaksi) iimpendulo
Debuggers
Ezi zixhobo zisetyenziswa ikakhulu ngabaphuhlisi xa beneengxaki ngeziphumo zokwenza ikhowudi yabo. Kodwa olu lathiso lukwaluncedo kwi-pentesting, xa sinokuthi sithathe indawo yedatha esiyidingayo kwi-fly, sihlalutye oko kuza ekuphenduleni iiparitha zethu zokufaka (umzekelo, ngexesha lokuxubha), njl.
I-Burp Suite
Inguqulelo yasimahla ibandakanya:
- Ummeli weBurp ngummeli wasekhaya okuvumela ukuba uguqule izicelo esele zenziwe kumkhangeli zincwadi
- Burp Spider - spider, ikhangela iifayile ezikhoyo kunye nabalawuli
- Burp Repeater-ithumela izicelo zeHTTP ngesandla
- I-Burp Sequencer-ukuhlalutya amaxabiso angaqhelekanga kwiifom
- IBurp Decoder yi-encoder-decoder esemgangathweni (html, base64, hex, njl.), apho kukho amawaka, anokubhalwa ngokukhawuleza kulo naluphi na ulwimi.
- Burp Comparer - Umtya Comparison Component
Ngokomgaqo, le phakheji isombulula phantse zonke iingxaki ezinxulumene nale ndawo.
umfilisi
Kukho kwakhona
isiphelo
Ngokwemvelo, i-pentester nganye ine-arsenal yayo kunye nesethi yakhe yezinto eziluncedo, kuba zininzi zazo. Ndizamile ukudwelisa ezinye zezona ziluncedo nezithandwayo. Kodwa ukuze nabani na aziqhelanise nezinye izinto eziluncedo kweli cala, ndiya kubonelela ngamakhonkco angezantsi.
Imiphezulu eyahlukeneyo/uluhlu lweskena kunye nezinto eziluncedo
Ukhuseleko kunye neZixhobo zokuHacking Top 100 Network Security Tools Top 10 Web Vulnerability Scanners .Top 10 Vulnerability Scanners OWASP Top 10 Izixhobo kunye namaqhinga IWeb-based Application Security Scanners Uluhlu lweSikena soKhuseleko lweSicelo seWebhu nguWebAppSec Uncedo lwe-Infosec kwiforum ye-Rdot Izikena zobuthathaka (Wikipedia)
Unikezelo lweLinux olusele lubandakanya iqela lezinto eziluncedo zokuvavanya
hlaziya:
P.S. Asikwazi ukuthula malunga neXSpider. Ayithathi nxaxheba ekuphononongweni, nangona i-shareware (ndiyifumene xa ndithumela inqaku kwi-SecLab, ngokwenene ngenxa yale nto (kungekhona ulwazi, kunye nokungabikho kwenguqulo yamva nje ye-7.8) kwaye andizange ndiyifake kwinqaku). Kwaye kwithiyori, ukuphononongwa kwayo kwakucwangcisiwe (ndineemvavanyo ezinzima ezilungiselelwe yona), kodwa andiyazi ukuba ihlabathi liya kuyibona.
P.P.S. Ezinye izinto ezivela kwinqaku ziya kusetyenziselwa injongo ekujoliswe kuyo kwingxelo ezayo apha
Ngendlela, kwakukho isifundo kweli nqaku kwi Vula Iintsuku ze-InfoSec (
umthombo: www.habr.com