Esikhathini esidlule ngabhala mayelana , kodwa kancane futhi isiphithiphithi. Ngemuva kwalokho, nginqume ukwandisa uhlu lwamathuluzi ekubuyekezweni, ngengeze isakhiwo esihlokweni, futhi ngicabangele ukugxekwa (ngiyabonga kakhulu ukuthola izeluleko) futhi wayithumela emqhudelwaneni we-SecLab (futhi yashicilelwa , kodwa ngazo zonke izizathu ezisobala akekho owambona). Umncintiswano usuphelile, imiphumela imenyezelwe futhi ngonembeza ohlanzekile ngingayishicilela (isihloko) ngoHabré.
Amathuluzi we-Web Application Pentester wamahhala
Kulesi sihloko ngizokhuluma ngamathuluzi athandwa kakhulu okungena (ukuhlolwa kokungena) kwezinhlelo zokusebenza zewebhu kusetshenziswa isu "lebhokisi elimnyama".
Ukwenza lokhu, sizobheka izinsiza ezizosiza ngalolu hlobo lokuhlola. Cabangela izigaba zomkhiqizo ezilandelayo:
- Izikena zenethiwekhi
- Izikena zokwephulwa kombhalo wewebhu
- Ukuxhashazwa
- Automation imijovo
- Ama-debugger (abahogelayo, abameleli bendawo, njll.)
Eminye imikhiqizo “inohlamvu” olujwayelekile, ngakho ngizoyihlukanisa esigabeni laphoоumphumela ongcono (umbono oqondile).
Izikena zenethiwekhi.
Umsebenzi oyinhloko ukuthola izinsizakalo zenethiwekhi ezitholakalayo, ukufaka izinguqulo zabo, ukucacisa i-OS, njll.
I-Nmap
iyinsizakalo yamahhala nevulekile yokuhlaziya inethiwekhi nokuhlolwa kokuphepha kwesistimu. Abamelene nodlame bekhonsoli bangasebenzisa i-Zenmap, okuyi-GUI ye-Nmap.
Lesi akusona nje isithwebuli “esihlakaniphile”, iyithuluzi elinwebekayo (esinye “sezici ezingajwayelekile” ubukhona beskripthi sokuhlola i-node yokuba khona kwesibungu ""(eshiwo ). Isibonelo sokusetshenziswa esijwayelekile:
nmap -A -T4 localhost
-A yokuthola inguqulo ye-OS, ukuskena umbhalo kanye nokulandela umkhondo
-T4 isilungiselelo sokulawula isikhathi (okuningi kuyashesha, kusuka ku-0 kuye ku-5)
localhost - umsingathi oqondiwe
Kukhona okuqinile?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Lena isethi yezinketho ezivela kuphrofayela "ehamba kancane ebanzi" ku-Zenmap. Kuthatha isikhathi eside ukuqeda, kodwa ekugcineni kunikeza imininingwane enemininingwane eminingi engatholakala ngohlelo oluqondiwe. , uma unquma ukujula, futhi ngincoma ukuhumusha isihloko .
I-Nmap ithole isimo "Somkhiqizo Wokuvikela Wonyaka" kumamagazini nasemiphakathini efana ne-Linux Journal, Info World, LinuxQuestions.Org kanye ne-Codetalker Digest.
Iphuzu elithakazelisayo, i-Nmap ingabonakala kumafilimu "I-Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" kanye .
IP-Amathuluzi
- uhlobo lwesethi yezinsiza ezahlukene zenethiwekhi, luza ne-GUI, "enikezelwe" kubasebenzisi beWindows.
Isithwebuli sembobo, izinsiza ezabiwe (amaphrinta/amafolda abelwe), WhoIs/Finger/Lookup, iklayenti le-telnet nokunye okuningi. Ithuluzi elikahle, elisheshayo, elisebenzayo.
Alikho iphuzu elithile ekucabangeni eminye imikhiqizo, ngoba kunezinsiza eziningi kule ndawo futhi zonke zinezimiso zokusebenza ezifanayo nokusebenza. Noma kunjalo, i-nmap isalokhu isetshenziswa kakhulu.
Izikena zokwephulwa kombhalo wewebhu
Izama ukuthola ubungozi obudumile (i-SQL inj, i-XSS, i-LFI/RFI, njll.) noma amaphutha (awasuswanga amafayela esikhashana, ukukhonjwa kohlu lwemibhalo, njll.)
I-Acunetix Web Vulnerability Scanner
- kusukela kusixhumanisi ungabona ukuthi lesi isithwebuli se-xss, kodwa lokhu akulona iqiniso ngokuphelele. Inguqulo yamahhala, etholakala lapha, ihlinzeka ngokusebenza okuningi. Ngokuvamile, umuntu osebenzisa lesi sithwebuli okokuqala ngqa futhi athole umbiko ngensiza yakhe okokuqala ngqa uhlangabezana nokushaqeka okuncane, futhi uzoqonda ukuthi kungani uma usukwenzile lokhu. Lona umkhiqizo onamandla kakhulu wokuhlaziya zonke izinhlobo zobungozi kuwebhusayithi futhi awusebenzi nje kuphela ngamawebhusayithi ajwayelekile we-PHP, kodwa futhi nangezinye izilimi (yize umehluko olimini ungesona inkomba). Alikho iphuzu elithile ekuchazeni imiyalelo, njengoba isithwebuli simane "sithathe" izenzo zomsebenzisi. Okuthile okufana nokuthi "okulandelayo, okulandelayo, okulandelayo, kulungile" ekufakweni kwesofthiwe okuvamile.
Nikto
Lesi isiseshi sewebhu somthombo ovulekile (GPL). Iqeda umsebenzi wezandla ojwayelekile. Isesha isayithi okuhlosiwe ukuze uthole imibhalo engasuliwe (ezinye test.php, index_.php, njll.), amathuluzi okuphatha isizindalwazi (/phpmyadmin/, /pma nokunye), njll., okungukuthi, ihlola insiza ukuthola amaphutha avamile. ngokuvamile okubangelwa izici zomuntu.
Futhi, uma ithola umbhalo othile odumile, iyasihlolela ukuxhashazwa okukhishiwe (okukusizindalwazi).
Imibiko itholakala ngezindlela "ezingafunwa" njenge-PUT kanye ne-TRACE
Njalo njalo. Kulula kakhulu uma usebenza njengomcwaningi wamabhuku futhi uhlaziya amawebhusayithi nsuku zonke.
Kuma-minuses, ngingathanda ukuqaphela iphesenti eliphezulu lezinto ezingamanga. Isibonelo, uma isayithi lakho lihlala linikeza iphutha elikhulu esikhundleni sephutha le-404 (uma kufanele lenzeke), khona-ke isithwebuli sizothi isayithi lakho liqukethe zonke izikripthi nazo zonke izinto ezinobungozi ezivela kusizindalwazi saso. Empeleni, lokhu akwenzeki kaningi, kodwa njengeqiniso, okuningi kuncike esakhiweni sesayithi lakho.
Ukusetshenziswa kwakudala:
./nikto.pl -host localhost
Uma udinga ukugunyazwa kusayithi, ungasetha ikhukhi kufayela le-nikto.conf, okuguquguqukayo kwe-STATIC-COOKIE.
Wikto
— I-Nikto ye-Windows, kodwa ngezinye izengezo, ezinjengokucabanga “okungaqondakali” lapho ubheka ikhodi yamaphutha, kusetshenziswa i-GHDB, ukuthola izixhumanisi namafolda ezinsiza, ukuqapha kwesikhathi sangempela kwezicelo/izimpendulo ze-HTTP. I-Wikto ibhalwe nge-C# futhi idinga uhlaka lwe-.NET.
i-skipfish
- web vulnerability scanner kusuka (eyaziwa ngokuthi i-lcamtuf). Ibhalwe ngo-C, cross-platform (Ukuwina kudinga i-Cygwin). Ngokuphindaphindiwe (futhi isikhathi eside kakhulu, cishe amahora angu-20 ~ 40, nakuba isikhathi sokugcina engisebenzele amahora angu-96) icaca isayithi lonke futhi ithola zonke izinhlobo zezimbobo zokuphepha. Iphinde ikhiqize ithrafikhi eningi (ama-GB amaningana angenayo/aphumayo). Kodwa zonke izindlela zinhle, ikakhulukazi uma unesikhathi nezinsiza.
Ukusetshenziswa Okuvamile:
./skipfish -o /home/reports www.example.com
Kufolda "yemibiko" kuzoba nombiko ku-html, .
w3f
- I-Web Application Attack kanye Nohlaka Lokucwaningwa Kwamabhuku, isithwebuli sewebhu esinomthombo ovulekile. Ine-GUI, kodwa ungasebenza kusuka kukhonsoli. Ngokunembayo, kuwuhlaka olunalo .
Ungakwazi ukukhuluma ngezinzuzo zayo isikhathi eside, kungcono ukuzama :] Umsebenzi ojwayelekile nawo wehlela ekukhetheni iphrofayili, ucacise umgomo futhi, empeleni, uyethule.
I-Mantra Security Framework
iphupho elafezeka. Iqoqo lamathuluzi okuvikela olwazi amahhala navulekile akhelwe kusiphequluli sewebhu.
Iwusizo kakhulu lapho uhlola izinhlelo zokusebenza zewebhu kuzo zonke izigaba.
Ukusetshenziswa kuncike ekufakeni nasekuqaliseni isiphequluli.
Eqinisweni, kunezinsiza eziningi kulesi sigaba futhi kunzima kakhulu ukukhetha uhlu oluthile kuzo. Ngokuvamile, i-pentester ngayinye inquma isethi yamathuluzi ayidingayo.
Ukuxhashazwa
Ngokuxhashazwa okuzenzakalelayo nokufaneleka kakhudlwana kobungozi, ukuxhashazwa kubhalwa kusofthiwe nemibhalo, edinga kuphela ukudlula amapharamitha ukuze kusetshenziswe imbobo yokuvikela. Futhi kunemikhiqizo eqeda isidingo sokusesha mathupha ukuxhashazwa, futhi ngisho ukuzisebenzisa on the fly. Lesi sigaba manje kuzoxoxwa ngaso.
I-Metasploit Framework
- uhlobo lwe-monster ebhizinisini lethu. Angenza okuningi kangangokuthi iziqondiso zizohlanganisa izihloko eziningana. Sizobheka ukuxhashazwa okuzenzakalelayo (nmap + metasploit). Okubalulekile yilokhu: I-Nmap izohlaziya imbobo esiyidingayo, ifake isevisi, futhi i-metasploit izozama ukusebenzisa ukuxhashazwa kuyo ngokusekelwe esigabeni sesevisi (ftp, ssh, njll.). Esikhundleni semiyalelo yombhalo, ngizofaka ividiyo, edume kakhulu esihlokweni esizenzakalelayo
Noma singamane senze ngokuzenzakalelayo ukusebenza kokuxhashazwa esikudingayo. Isb:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Eqinisweni, amakhono alolu hlaka abanzi kakhulu, ngakho-ke uma unquma ukujula, yiya ku
Izikhali
- I-OVA yohlobo lwe-cyberpunk GUI ye-Metasploit. Ibona ngeso lengqondo okuqondiwe, incoma imisebenzi futhi inikeza izici ezithuthukile zohlaka. Ngokuvamile, kulabo abathanda yonke into ukuze ibukeke inhle futhi ihlaba umxhwele.
Isikrini:
I-Nessus® eqashiswayo
- ingenza izinto eziningi, kodwa elinye lamakhono esiwadingayo kuwo wukunquma ukuthi yiziphi izinsizakalo ezinokuxhashazwa. Inguqulo yamahhala yomkhiqizo "ekhaya kuphela"
Sebenzisa:
- Ilandiwe (yesistimu yakho), ifakiwe, ibhalisiwe (ukhiye uthunyelwa ku-imeyili yakho).
- Iqale iseva, yengeza umsebenzisi kokuthi Isiphathi Seseva ye-Nessus (Inkinobho yokuphatha abasebenzisi)
- Siya ekhelini
https://localhost:8834/
bese uthola iklayenti le-flash kusiphequluli
- Izikena -> Engeza -> gcwalisa izinkambu (ngokukhetha iphrofayili yokuskena evumelana nathi) bese uchofoza Skena.
Ngemva kwesikhathi esithile, umbiko wokuskena uzovela kuthebhu ethi Imibiko
Ukuze uhlole ubungozi obuphathekayo bezinsizakalo ukuze uxhashazwe, ungasebenzisa i-Metasploit Framework echazwe ngenhla noma uzame ukuthola ukuxhashazwa (ngokwesibonelo, ku- , , njll.) futhi uyisebenzise ngokuphambene uhlelo lwayo
I-IMHO: inkulu kakhulu. Ngimlethe njengomunye wabaholi kule ndlela yomkhakha wesoftware.
Automation imijovo
Izikena eziningi zohlelo lokusebenza lwewebhu zisesha imijovo, kodwa kuseyizikena nje ezijwayelekile. Futhi kukhona izinsiza ezibhekana ngqo nokufuna nokusebenzisa imijovo. Sizokhuluma ngabo manje.
i-sqlmap
- Insiza yomthombo ovulekile yokusesha nokusebenzisa imijovo ye-SQL. Isekela amaseva esizindalwazi afana nalawa: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Ukusetshenziswa okuvamile kuphelela emugqeni:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Kunamamanyuwali anele, okuhlanganisa nesiRashiya. Isofthiwe isiza kakhulu umsebenzi wepentester lapho usebenza kule ndawo.
Ngizongeza umboniso wevidiyo osemthethweni:
bsqlbf-v2
- iskripthi se-perl, i-brute force for "impumputhe" yemijovo ye-Sql. Isebenza kokubili ngamanani aphelele ku-url namanani eyunithi yezinhlamvu.
Isizindalwazi siyasekelwa:
- I-MS-SQL
- MySQL
- I-PostgreSQL
- Oracle
Isibonelo sokusetshenziswa:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
-url - Xhumanisa namapharamitha
-yimpumputhe u - ipharamitha yomjovo (ngokuzenzakalelayo eyokugcina ithathwa kubha yekheli)
-sql "khetha table_name from imformation_schema.tables umkhawulo 1 offset 0" - isicelo sethu esingenangqondo kusizindalwazi
- database 1 - Iseva yedathabhethi: MSSQL
-uhlobo 1 — uhlobo lokuhlasela, umjovo “oyimpumputhe,” ngokusekelwe kuQiniso nephutha (isibonelo, amaphutha e-syntax)
Ama-debugger
Lawa mathuluzi asetshenziswa kakhulu onjiniyela uma benezinkinga ngemiphumela yokusebenzisa ikhodi yabo. Kodwa lesi siqondiso siwusizo futhi ekungeneni, lapho singashintsha idatha esiyidingayo empukaneni, sihlaziye lokho okuza ekuphenduleni imingcele yethu yokufaka (isibonelo, ngesikhathi sokuxubha), njll.
I-Burp Suite
- isethi yezinsiza ezisiza ngokuhlolwa kokungena. Iku-inthanethi ngesiRashiya kusukela ku-Raz0r (nakuba ngo-2008).
Inguqulo yamahhala ihlanganisa:
- Ummeleli weBurp ummeleli wasendaweni okuvumela ukuthi uguqule izicelo esezivele zenziwe esipheqululini
- I-Burp Spider - isicabucabu, isesha amafayela akhona kanye nezinkomba
- I-Burp Repeater - ukuthumela ngokuzenzela izicelo ze-HTTP
- I-Burp Sequencer - ihlaziya amanani angahleliwe ngamafomu
- I-Burp Decoder i-encoder-decoder ejwayelekile (html, base64, hex, njll.), okukhona izinkulungwane zayo, ezingabhalwa ngokushesha nganoma yiluphi ulimi.
- I-Burp Comparer - Ingxenye Yentambo Yokuqhathanisa
Empeleni, le phakheji ixazulula cishe zonke izinkinga ezihlobene nale ndawo.
Isidididi
- I-Fiddler ingummeleli osusa iphutha ofaka yonke ithrafikhi ye-HTTP(S). Ikuvumela ukuthi uhlole le thrafikhi, usethe izindawo zokunqamuka futhi "udlale" ngedatha engenayo noma ephumayo.
Kukhona futhi , inunu nabanye, ukukhetha kukumsebenzisi.
isiphetho
Ngokwemvelo, i-pentester ngayinye ine-arsenal yayo kanye nesethi yayo yezinsiza, ngoba ziningi nje. Ngizamile ukuklelisa ezinye ezilungele kakhulu nezidumile. Kodwa ukuze noma ubani azijwayeze nezinye izinsiza kule ndlela, ngizohlinzeka ngezixhumanisi ngezansi.
Iziqongo/uhlu oluhlukahlukene lwezikena nezinsiza
- .
Ukusatshalaliswa kwe-Linux osekuvele kufaka inqwaba yezinsiza ezihlukile zokuhlola
buyekeza: ngesiRashiya eqenjini le-“Hack4Sec” (kwengezwe )
PS Asikwazi ukuthula nge-XSpider. Ayibambi iqhaza ekubuyekezweni, nakuba kuyi-shareware (ngithole lapho ngithumela isihloko ku-SecLab, empeleni ngenxa yalokhu (hhayi ulwazi, nokuntuleka kwenguqulo yakamuva 7.8) futhi angizange ngiyifake esihlokweni). Futhi ngombono, ukubuyekezwa kwayo kwakuhlelwe (nginokuhlolwa okunzima okulungiselelwe), kodwa angazi ukuthi umhlaba uzokubona yini.
I-PPS Okunye okusuka ku-athikili kuzosetshenziselwa inhloso yayo embikweni ozayo kokuthi I-2012 esigabeni se-QA, esizoqukatha amathuluzi angashiwongo lapha (mahhala, kunjalo), kanye ne-algorithm, ngendlela yokusebenzisa lokho, yimuphi umphumela ongayilindela, yiziphi izilungiso okufanele zisetshenziswe nazo zonke izinhlobo zamacebo namaqhinga lapho ukusebenza (Ngicabanga ngombiko cishe nsuku zonke, ngizozama ukukutshela konke okuhle ngesihloko sesihloko)
By the way, kwaba khona isifundo kulesi sihloko at Vula Izinsuku ze-InfoSec (, ), kungaba bagebenga amaKorovans bheka .
Source: www.habr.com