Ukulibaziseka ekutyikityeni kuyinto eqhelekileyo kuyo nayiphi na inkampani enkulu. Isivumelwano phakathi kuka-Tom Hunter kunye nevenkile enye yezilwanyana zasekhaya ukuze kungene ngokucokisekileyo kwakungenjalo. Kwafuneka sijonge iwebhusayithi, inethiwekhi yangaphakathi, kunye ne-Wi-Fi esebenzayo.
Ayothusi into yokuba izandla zam zirhawuzelelwe kwangaphambi kokuba kulungiswe yonke into. Ewe, skena nje isiza ukuba kunokwenzeka, akunakwenzeka ukuba ivenkile eyaziwayo njenge "Hound of the Baskervilles" iya kwenza iimpazamo apha. Kwiintsuku ezimbalwa emva koko, ekugqibeleni uTom waziswa isivumelwano sokuqala esayiniweyo- ngeli xesha, ngaphezulu kwemagi yesithathu yekofu, uTom ovela kwi-CMS yangaphakathi wavavanywa ngomdla imeko yeendawo zokugcina...
umthombo:
Kodwa kwakungenakwenzeka ukulawula okuninzi kwi-CMS - abalawuli besayithi bavala i-IP kaTom Hunter. Nangona kuya kwenzeka ukuba ube nexesha lokuvelisa iibhonasi kwikhadi levenkile kwaye ukondle ikati yakho ethandekayo kwixabiso eliphantsi kwiinyanga ezininzi ... "Akunjalo ngeli xesha, uDarth Sidious," uTom wacinga ngokumomotheka. Kuya kuba yinto enomdla kakhulu ukusuka kwindawo yewebhusayithi ukuya kwinethiwekhi yendawo yomthengi, kodwa ngokucacileyo la macandelo awaxhunyiwe kumxhasi. Nangona kunjalo, oku kwenzeka rhoqo kwiinkampani ezinkulu kakhulu.
Emva kwayo yonke imimiselo, uTom Hunter wazixhobisa ngeakhawunti ye-VPN enikezelweyo kwaye waya kuthungelwano lwasekhaya lomthengi. I-akhawunti yayingaphakathi kwi-domain ye-Active Directory, ngoko ke kwakunokwenzeka ukulahla i-AD ngaphandle kwamaqhinga akhethekileyo - ukukhupha yonke ingcaciso efumaneka esidlangalaleni malunga nabasebenzisi kunye noomatshini abasebenzayo.
UTom uqalise i-adfind utility kwaye waqala ukuthumela izicelo ze-LDAP kumlawuli wesizinda. Ngecebo lokucoca udidi lwento, echaza umntu njengophawu. Impendulo ibuye nolwakhiwo lulandelayo:
dn:CN=Гость,CN=Users,DC=domain,DC=local
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>cn: Гость
>description: Встроенная учетная запись для доступа гостей к компьютеру или домену
>distinguishedName: CN=Гость,CN=Users,DC=domain,DC=local
>instanceType: 4
>whenCreated: 20120228104456.0Z
>whenChanged: 20120228104456.0ZUkongeza kule nto, kwakukho ulwazi oluninzi oluluncedo, kodwa eyona nto inomdla yayikwi> inkcazo:>indawo yenkcazo. Oku kuphawula kwi-akhawunti - indawo efanelekileyo yokugcina amanqaku amancinci. Kodwa abalawuli bomthengi bagqibe kwelokuba amagama ayimfihlo anokuhlala apho ngokuzolileyo. Ngubani, emva koko, onokuba nomdla kuzo zonke ezi ngxelo zingabalulekanga zaseburhulumenteni? Ngoko amagqabantshintshi awawafumanayo uTom aye:
Создал Администратор, 2018.11.16 7po!*VqnAwudingi ukuba ngusosayensi we-rocket ukuze uqonde ukuba kutheni indibaniselwano ekugqibeleni iluncedo. Ekuphela kwento eshiyekileyo yayikukucazulula ifayile yempendulo enkulu kwiCD usebenzisa > intsimi yenkcazo: kwaye apha bebekhona - 20 igama-lokungena igama-magama ngababini. Ngaphezu koko, phantse isiqingatha sinamalungelo okufikelela kwiRDP. Hayi ibhulorho embi, ixesha lokwahlula imikhosi ehlaselayo.
inethiwekhi
I-Hounds efikelelekayo yeebhola ze-Baskerville zazikhumbuza isixeko esikhulu kuzo zonke iziphithiphithi kunye nokungaqiniseki. Ngolwazi lomsebenzisi kunye ne-RDP, uTom Hunter wayeyinkwenkwe eyophukileyo kwesi sixeko, kodwa wakwazi ukubona izinto ezininzi ngeefestile ezikhanyayo zomgaqo-nkqubo wokhuseleko.
Amacandelo eeseva zeefayile, ii-akhawunti zeakhawunti, kunye nemibhalo ehambelana nazo zonke zenziwe esidlangalaleni. Kuseto lwesinye sezi scripts, uTom wafumana iMS SQL hash yomsebenzisi omnye. Ubugqi obunoburhalarhume obuncinci-kwaye ihashi yomsebenzisi yajika yaba ligama lokugqitha elicacileyo. Enkosi kuJohn The Ripper kunye neHashcat.
Esi sitshixo kufuneka silingane isifuba. Isifuba safunyanwa, kwaye ngaphezu koko, "izifuba" ezilishumi ezingaphezulu zidibene nayo. Kwaye ngaphakathi ezintandathu lay... superuser amalungelo, nt igunya inkqubo! Kwezimbini kuzo sakwazi ukuqhuba inkqubo egciniweyo ye-xp_cmdshell kwaye sithumele imiyalelo ye-cmd kwiWindows. Yintoni enye obunokuyifuna?
Abalawuli besizinda
UTom Hunter ulungiselele isibetho sesibini kubalawuli besizinda. Kwakukho abathathu kubo kwinethiwekhi "Izinja ze-Baskervilles", ngokuhambelana nenani lamaseva akude. Umlawuli wesizinda ngasinye unefolda yoluntu, njengetyala elivulekileyo lokubonisa evenkileni, kufutshane apho kwaloo nkwenkwana ihlwempu uTom ijingayo.
Kwaye ngeli xesha lo mfo waba nethamsanqa kwakhona - balibele ukususa iskripthi kwimeko yokubonisa, apho i-password yomphathi womncedisi wendawo yayifakwe lukhuni. Ngoko indlela eya kumlawuli wesizinda yayivuliwe. Ngena, Tom!
Apha kumnqwazi womlingo watsalwa , abafumene inzuzo kubalawuli abaninzi besizinda. UTom Hunter wafumana ukufikelela kubo bonke oomatshini bothungelwano lwasekhaya, kwaye ukuhleka kukasathana koyikisa ikati kwisitulo esilandelayo. Le ndlela ibimfutshane kunoko bekulindelwe.
IBlueBlue
Inkumbulo ye-WannaCry kunye noPetya isaphila ezingqondweni ze-pentesters, kodwa ezinye ii-admins zibonakala zikhohliwe malunga ne-ransomware ekuhambeni kwezinye iindaba zangokuhlwa. UTom ufumene iindawo ezintathu ezinobuthathaka kwiprotocol ye-SMB - CVE-2017-0144 okanye i-EternalBlue. Obu bubuthathaka obufanayo obusetyenziselwe ukusasaza iWannaCry kunye nePetya ransomware, ubuthathaka obuvumela ikhowudi enganyanzelekanga ukuba yenziwe kumamkeli. Kwenye yeendawo ezisesichengeni bekukho iseshoni yolawulo lwesizinda- "xhaphaze kwaye uyifumane." Yintoni onokuyenza, ixesha alifundisanga wonke umntu.
"Inja yaseBasterville"
IiClassics zokhuseleko lolwazi zithanda ukuphinda ukuba eyona ndawo ibuthathaka kuyo nayiphi na inkqubo ngumntu. Qaphela ukuba isihloko esingasentla asihambelani negama levenkile? Mhlawumbi ayinguye wonke umntu omamele ngolu hlobo.
Kwizithethe ezingcono kakhulu ze-phishing blockbusters, u-Tom Hunter ubhalise i-domain eyahluke ngonobumba omnye ukusuka kwi-domain ye-"Hounds of the Baskervilles". Idilesi yokuposa kwesi sizinda ilinganisile idilesi yenkonzo yokhuseleko lolwazi lwevenkile. Kwisithuba seentsuku ezi-4 ukususela ngo-16:00 ukuya ku-17:00, le leta ilandelayo yathunyelwa ngokufanayo kwiidilesi ezingama-360 isuka kwidilesi yomgunyathi:
Mhlawumbi, bubuvila babo kuphela abasindise abasebenzi ekuvuzeni okukhulu kwamagama ayimfihlo. Kwiileta ze-360, kuphela i-61 yavulwa - inkonzo yokhuseleko ayithandwa kakhulu. Kodwa ke kwaba lula.
Iphepha le-Phishing
Abantu be-46 bacofa kwikhonkco kwaye phantse isiqingatha - abasebenzi be-21 - abazange bajonge kwibar yedilesi kwaye bangena ngokuzolileyo ukungena kwabo kunye neephasiwedi. Ubambe kakuhle, Tom.
Inethiwekhi ye-Wi-Fi
Ngoku kwakungekho mfuneko yokubala uncedo lwekati. UTom Hunter wajula iintsimbi ezininzi kwisedan yakhe endala waza waya kwiofisi yeHound of the Baskervilles. Utyelelo lwakhe akuzange kuvunyelwene ngalo: UTom wayeza kuvavanya iWi-Fi yomthengi. Kwindawo yokupaka iziko loshishino kwakukho iindawo ezininzi ezikhululekile ezifakwe ngokufanelekileyo kwi-perimeter yenethiwekhi ekujoliswe kuyo. Kuyabonakala ukuba, abakhange bacinge kakhulu malunga nokusikelwa umda kwayo - ngokungathi abalawuli baphonononga ngokungenamkhethe amanqaku ongezelelweyo ukuphendula kuso nasiphi na isikhalazo malunga ne-Wi-Fi ebuthathaka.
Isebenza njani iWPA/WPA2 PSK yokhuseleko? Uguqulelo oluntsonkothileyo phakathi kwendawo yofikelelo kunye nabaxhasi lubonelelwa ngesitshixo seseshini yangaphambili - Isitshixo esiThutyanayo sePairwise (PTK). I-PTK isebenzisa iSitshixo ekwabelwana ngaso kwangaphambili kunye nezinye iiparameters ezintlanu - i-SSID, i-Authenticator Nounce (i-Asounce), i-Supplicant Nounce (SNounce), indawo yokufikelela kunye needilesi ze-MAC zomthengi. UTom uthintele zontlanu iiparamitha, kwaye ngoku kuphela isitshixo ekwabelwana ngaso ngaphambili sasingekho.
Usetyenziso lweHashcat lukhuphele eli khonkco lilahlekileyo malunga nemizuzu engama-50 - kwaye iqhawe lethu laphela kwinethiwekhi yeendwendwe. Ukusuka kuyo ubunokubona esebenzayo- ngokungaqhelekanga ngokwaneleyo, apha uTom walawula igama eliyimfihlo malunga nemizuzu elithoba. Kwaye konke oku ngaphandle kokushiya indawo yokupaka, ngaphandle kweVPN. Inethiwekhi esebenzayo yavula indawo yemisebenzi eyoyikisayo yeqhawe lethu, kodwa ... akazange afake iibhonasi kwikhadi levenkile.
UTom wanqumama, wajonga iwotshi yakhe, waphosa iimali ezimbalwa phezu kwetafile, wathi ndlela-ntle, wayishiya i-cafe. Mhlawumbi yipentest kwakhona, okanye mhlawumbi ingenile Ndacinga ukubhala...
umthombo: www.habr.com