Esikhathini esidlule ngabhala mayelana
Amathuluzi we-Web Application Pentester wamahhala
Kulesi sihloko ngizokhuluma ngamathuluzi athandwa kakhulu okungena (ukuhlolwa kokungena) kwezinhlelo zokusebenza zewebhu kusetshenziswa isu "lebhokisi elimnyama".
Ukwenza lokhu, sizobheka izinsiza ezizosiza ngalolu hlobo lokuhlola. Cabangela izigaba zomkhiqizo ezilandelayo:
- Izikena zenethiwekhi
- Izikena zokwephulwa kombhalo wewebhu
- Ukuxhashazwa
- Automation imijovo
- Ama-debugger (abahogelayo, abameleli bendawo, njll.)
Eminye imikhiqizo “inohlamvu” olujwayelekile, ngakho ngizoyihlukanisa esigabeni laphoоumphumela ongcono (umbono oqondile).
Izikena zenethiwekhi.
Umsebenzi oyinhloko ukuthola izinsizakalo zenethiwekhi ezitholakalayo, ukufaka izinguqulo zabo, ukucacisa i-OS, njll.
I-Nmap
Lesi akusona nje isithwebuli “esihlakaniphile”, iyithuluzi elinwebekayo (esinye “sezici ezingajwayelekile” ubukhona beskripthi sokuhlola i-node yokuba khona kwesibungu "
nmap -A -T4 localhost
-A yokuthola inguqulo ye-OS, ukuskena umbhalo kanye nokulandela umkhondo
-T4 isilungiselelo sokulawula isikhathi (okuningi kuyashesha, kusuka ku-0 kuye ku-5)
localhost - umsingathi oqondiwe
Kukhona okuqinile?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Lena isethi yezinketho ezivela kuphrofayela "ehamba kancane ebanzi" ku-Zenmap. Kuthatha isikhathi eside ukuqeda, kodwa ekugcineni kunikeza imininingwane enemininingwane eminingi engatholakala ngohlelo oluqondiwe.
I-Nmap ithole isimo "Somkhiqizo Wokuvikela Wonyaka" kumamagazini nasemiphakathini efana ne-Linux Journal, Info World, LinuxQuestions.Org kanye ne-Codetalker Digest.
Iphuzu elithakazelisayo, i-Nmap ingabonakala kumafilimu "I-Matrix Reloaded", "Die Hard 4", "The Bourne Ultimatum", "Hottabych" kanye
IP-Amathuluzi
Isithwebuli sembobo, izinsiza ezabiwe (amaphrinta/amafolda abelwe), WhoIs/Finger/Lookup, iklayenti le-telnet nokunye okuningi. Ithuluzi elikahle, elisheshayo, elisebenzayo.
Alikho iphuzu elithile ekucabangeni eminye imikhiqizo, ngoba kunezinsiza eziningi kule ndawo futhi zonke zinezimiso zokusebenza ezifanayo nokusebenza. Noma kunjalo, i-nmap isalokhu isetshenziswa kakhulu.
Izikena zokwephulwa kombhalo wewebhu
Izama ukuthola ubungozi obudumile (i-SQL inj, i-XSS, i-LFI/RFI, njll.) noma amaphutha (awasuswanga amafayela esikhashana, ukukhonjwa kohlu lwemibhalo, njll.)
I-Acunetix Web Vulnerability Scanner
Nikto
Futhi, uma ithola umbhalo othile odumile, iyasihlolela ukuxhashazwa okukhishiwe (okukusizindalwazi).
Imibiko itholakala ngezindlela "ezingafunwa" njenge-PUT kanye ne-TRACE
Njalo njalo. Kulula kakhulu uma usebenza njengomcwaningi wamabhuku futhi uhlaziya amawebhusayithi nsuku zonke.
Kuma-minuses, ngingathanda ukuqaphela iphesenti eliphezulu lezinto ezingamanga. Isibonelo, uma isayithi lakho lihlala linikeza iphutha elikhulu esikhundleni sephutha le-404 (uma kufanele lenzeke), khona-ke isithwebuli sizothi isayithi lakho liqukethe zonke izikripthi nazo zonke izinto ezinobungozi ezivela kusizindalwazi saso. Empeleni, lokhu akwenzeki kaningi, kodwa njengeqiniso, okuningi kuncike esakhiweni sesayithi lakho.
Ukusetshenziswa kwakudala:
./nikto.pl -host localhost
Uma udinga ukugunyazwa kusayithi, ungasetha ikhukhi kufayela le-nikto.conf, okuguquguqukayo kwe-STATIC-COOKIE.
Wikto
i-skipfish
Ukusetshenziswa Okuvamile:
Kufolda "yemibiko" kuzoba nombiko ku-html,
w3f
Ungakwazi ukukhuluma ngezinzuzo zayo isikhathi eside, kungcono ukuzama :] Umsebenzi ojwayelekile nawo wehlela ekukhetheni iphrofayili, ucacise umgomo futhi, empeleni, uyethule.
I-Mantra Security Framework
Iwusizo kakhulu lapho uhlola izinhlelo zokusebenza zewebhu kuzo zonke izigaba.
Ukusetshenziswa kuncike ekufakeni nasekuqaliseni isiphequluli.
Eqinisweni, kunezinsiza eziningi kulesi sigaba futhi kunzima kakhulu ukukhetha uhlu oluthile kuzo. Ngokuvamile, i-pentester ngayinye inquma isethi yamathuluzi ayidingayo.
Ukuxhashazwa
Ngokuxhashazwa okuzenzakalelayo nokufaneleka kakhudlwana kobungozi, ukuxhashazwa kubhalwa kusofthiwe nemibhalo, edinga kuphela ukudlula amapharamitha ukuze kusetshenziswe imbobo yokuvikela. Futhi kunemikhiqizo eqeda isidingo sokusesha mathupha ukuxhashazwa, futhi ngisho ukuzisebenzisa on the fly. Lesi sigaba manje kuzoxoxwa ngaso.
I-Metasploit Framework
Noma singamane senze ngokuzenzakalelayo ukusebenza kokuxhashazwa esikudingayo. Isb:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Eqinisweni, amakhono alolu hlaka abanzi kakhulu, ngakho-ke uma unquma ukujula, yiya ku
Izikhali
Isikrini:
I-Nessus® eqashiswayo
Sebenzisa:
- Ilandiwe (yesistimu yakho), ifakiwe, ibhalisiwe (ukhiye uthunyelwa ku-imeyili yakho).
- Iqale iseva, yengeza umsebenzisi kokuthi Isiphathi Seseva ye-Nessus (Inkinobho yokuphatha abasebenzisi)
- Siya ekhelini
https://localhost:8834/
bese uthola iklayenti le-flash kusiphequluli
- Izikena -> Engeza -> gcwalisa izinkambu (ngokukhetha iphrofayili yokuskena evumelana nathi) bese uchofoza Skena.
Ngemva kwesikhathi esithile, umbiko wokuskena uzovela kuthebhu ethi Imibiko
Ukuze uhlole ubungozi obuphathekayo bezinsizakalo ukuze uxhashazwe, ungasebenzisa i-Metasploit Framework echazwe ngenhla noma uzame ukuthola ukuxhashazwa (ngokwesibonelo, ku-
I-IMHO: inkulu kakhulu. Ngimlethe njengomunye wabaholi kule ndlela yomkhakha wesoftware.
Automation imijovo
Izikena eziningi zohlelo lokusebenza lwewebhu zisesha imijovo, kodwa kuseyizikena nje ezijwayelekile. Futhi kukhona izinsiza ezibhekana ngqo nokufuna nokusebenzisa imijovo. Sizokhuluma ngabo manje.
i-sqlmap
Ukusetshenziswa okuvamile kuphelela emugqeni:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Kunamamanyuwali anele, okuhlanganisa nesiRashiya. Isofthiwe isiza kakhulu umsebenzi wepentester lapho usebenza kule ndawo.
Ngizongeza umboniso wevidiyo osemthethweni:
bsqlbf-v2
Isizindalwazi siyasekelwa:
- I-MS-SQL
- MySQL
- I-PostgreSQL
- Oracle
Isibonelo sokusetshenziswa:
-url
-yimpumputhe u - ipharamitha yomjovo (ngokuzenzakalelayo eyokugcina ithathwa kubha yekheli)
-sql "khetha table_name from imformation_schema.tables umkhawulo 1 offset 0" - isicelo sethu esingenangqondo kusizindalwazi
- database 1 - Iseva yedathabhethi: MSSQL
-uhlobo 1 — uhlobo lokuhlasela, umjovo “oyimpumputhe,” ngokusekelwe kuQiniso nephutha (isibonelo, amaphutha e-syntax)
Ama-debugger
Lawa mathuluzi asetshenziswa kakhulu onjiniyela uma benezinkinga ngemiphumela yokusebenzisa ikhodi yabo. Kodwa lesi siqondiso siwusizo futhi ekungeneni, lapho singashintsha idatha esiyidingayo empukaneni, sihlaziye lokho okuza ekuphenduleni imingcele yethu yokufaka (isibonelo, ngesikhathi sokuxubha), njll.
I-Burp Suite
Inguqulo yamahhala ihlanganisa:
- Ummeleli weBurp ummeleli wasendaweni okuvumela ukuthi uguqule izicelo esezivele zenziwe esipheqululini
- I-Burp Spider - isicabucabu, isesha amafayela akhona kanye nezinkomba
- I-Burp Repeater - ukuthumela ngokuzenzela izicelo ze-HTTP
- I-Burp Sequencer - ihlaziya amanani angahleliwe ngamafomu
- I-Burp Decoder i-encoder-decoder ejwayelekile (html, base64, hex, njll.), okukhona izinkulungwane zayo, ezingabhalwa ngokushesha nganoma yiluphi ulimi.
- I-Burp Comparer - Ingxenye Yentambo Yokuqhathanisa
Empeleni, le phakheji ixazulula cishe zonke izinkinga ezihlobene nale ndawo.
Isidididi
Kukhona futhi
isiphetho
Ngokwemvelo, i-pentester ngayinye ine-arsenal yayo kanye nesethi yayo yezinsiza, ngoba ziningi nje. Ngizamile ukuklelisa ezinye ezilungele kakhulu nezidumile. Kodwa ukuze noma ubani azijwayeze nezinye izinsiza kule ndlela, ngizohlinzeka ngezixhumanisi ngezansi.
Iziqongo/uhlu oluhlukahlukene lwezikena nezinsiza
Ukuphepha kanye nokugenca Amathuluzi Amathuluzi aphezulu ayi-100 okuphepha kwenethiwekhi Izikena Eziphezulu Eziyi-10 Zokungcupheni Kwewebhu .Izikena Eziphezulu Eziyi-10 Ezisengozini Amathuluzi namaqhinga we-OWASP aphezulu ayi-10 Izikena Zokuphepha Zohlelo Lokusebenza ezisekelwe kuwebhu Uhlu Lweskena Sokuphepha Kwesicelo Sewebhu ngeWebAppSec Izinsiza ze-Infosec kuforamu ye-Rdot Izikena zokuba sengozini (Wikipedia)
Ukusatshalaliswa kwe-Linux osekuvele kufaka inqwaba yezinsiza ezihlukile zokuhlola
buyekeza:
PS Asikwazi ukuthula nge-XSpider. Ayibambi iqhaza ekubuyekezweni, nakuba kuyi-shareware (ngithole lapho ngithumela isihloko ku-SecLab, empeleni ngenxa yalokhu (hhayi ulwazi, nokuntuleka kwenguqulo yakamuva 7.8) futhi angizange ngiyifake esihlokweni). Futhi ngombono, ukubuyekezwa kwayo kwakuhlelwe (nginokuhlolwa okunzima okulungiselelwe), kodwa angazi ukuthi umhlaba uzokubona yini.
I-PPS Okunye okusuka ku-athikili kuzosetshenziselwa inhloso yayo embikweni ozayo kokuthi
By the way, kwaba khona isifundo kulesi sihloko at Vula Izinsuku ze-InfoSec (
Source: www.habr.com