You are on page 1of 60

Ti Liu:

NGHIN CU V HNG DN S DNG CC CHC NNG BACKTRACK KIM TRA AN NINH MNG
(Lu Hnh Ni B)

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Phn I.
1. Gii thiu
1.1.Bo mt l g?

GII THIU V BO MT

Hin nay vi s pht trin ca thi i cng ngh thng tin. Nhu cu trao i, chia s thng tin rt l ln. Khi internet ra i vi mc tiu xa b khong cch a l mi ngi trn th gii c th n gn bn nhau chi s ti nguyn, ti liu, thng tin v..vv. Chnh v iu nn vic b tn tht, mt mt, h hi, ly cp ti liu tr nn d dng hn. Cng giao thip rng th cng d b tn cng, l quy lut. Cho nn vic bo mt thng tin l ht sc cn thit bo v tnh ring t trnh nhng xm phm tri php. 1.2. Nhng loi ti nguyn cn c bo mt? C hai loi ti nguyn cn c bo v: Ti nguyn phm mm: Bao gm cc loi d liu m ta c m bo c tnh bo mt ca ti nguyn phn mm cn m bo 3 yu tnh cht sau: Tnh b mt : Ch cho php nhng ngi dng c lien quan s dng c. Tnh sn sng: D liu lun lun sn sng p ng khi c yu cu. Tnh ton ven: D liu khng b thay i bt hp php. Ti nguyn phn cng: Bao gm cc thit b my tnh cng, a, cc thit bi lu tr, cc thit b mng.

Uy tnh c nhn cng l mt iu quan trng. Hacker c th li dng s h v thng tin c nhn e da v phc v cc mc ch tn cng cc nn nhn khc. 1.3. nh ngha k tn cng? Ngi ta thng gi k tn cng l Hacker v hin nay Hacker c chia lm ba loi nh sau: Hacker m en: y l loi hacker tn cng nn nhn ly cp, ph hy thng tin nhm mc ch xu. Hacker m en l mt loi ti phm cng ngh cn phi ln n v trng tr trc php lut.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Hacker m trng: y c th l cc chuyn vin v h thng mng cc chuyn gia bo mt, h cng tn cng cc h thng my tnh nhng vi mc ch tm ra cc l hng bo mt c th v li hoc a ra cc xut bo mt. Hacker m xm: y l loi hnh hacker kt hp gia hai loi hnh trn. Gii hn ca hacker m trng v hacker m en rt mong manh. Mt cch nh ngha khc: Hacker l lp trnh vin gii. Hacker l chuyn vin h thng v mng. Hacker l chuyn gia v phn cng.

2. Vn v l hng bo mt
2.1. nh ngha: Cc l hng bo mt trn mt h thng l cc im yu c th to ra s ngng tr ca dch v, thm quyn i vi ngi s dng hoc cho php cc truy nhp khng hp php vo h thng. Cc l hng cng c th nm ngay cc dch v cung cp nh sendmail, web, ftp Ngoi ra cc l hng cn tn ti ngay chnh ti h iu hnh nh trong Windows XP, Windows NT, UNIX; hoc trong cc ng dng m ngi s dng thng xuyn s dng nh Word processing,trong cc databases 2.2. Phn loi: C rt nhiu cch phn loi l hng, theo B Quc Phng M th c phn nh sau: Loi C: Cc l hng loi ny cho php thc hin cc cuc tn cng DoS. DoS l hnh thc tn cng s dng cc giao thc tng Internet trong b giao thc TCP/IP lm h thng ngng tr dn n tnh trng t chi ngi s dng hp php truy nhp hay s dng h thng. Mt s lng ln cc gi tin c gi ti server trong khong thi gian lin tc lm cho h thng tr nn qu ti, kt qu l server p ng chm hoc khng th p ng cc yu cu t client gi ti. Cc dch v c cha ng l hng cho php thc hin cc cuc tn cng DoS c th c nng cp hoc sa cha bng cc phin bn mi hn ca cc nh cung cp dch v. Hin nay, cha c mt gii php ton din no khc phc cc l hng loi ny v bn thn vic thit k giao thc tng Internet (IP) ni ring v b giao thc TCP/IP cha ng nhng nguy c tim tng ca cc l hng ny.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Tuy nhin, mc nguy him ca cc l hng loi ny c xp loi C; t nguy him v chng ch lm gin on cung cp dch v ca h thng trong mt thi gian m khng lm nguy hi n d liu v ngi tn cng cng khng t c quyn truy nhp bt hp php vo h thng. Loi B: L hng loi ny c mc nguy him hn l hng loi C, cho php ngi s dng ni b c th chim c quyn cao hn hoc truy nhp khng hp php. Nhng l hng loi ny thng xut hin trong cc dch v trn h thng. Ngi s dng local c hiu l ngi c quyn truy nhp vo h thng vi mt s quyn hn nht nh. Loi A: Cc l hng ny cho php ngi s dng ngoi c th truy nhp vo h thng bt hp php. L hng rt nguy him, c th lm ph hy ton b h thng.

3. Cc loi tn cng ca hacker


C kh nhiu kiu tn cng khc nhau rt a dng. T nhng kiu tn cng n gin m ai cng thc hin c, n nhng kiu tn cng tinh vi v gy hu qu nghim trng. Sau ay l mt s kiu tn cng. 3.1. Tn cng trc tip S dng mt my tnh tn cng mt my tnh khc vi mc ch d tm mt m, tn ti khon tng ng, . H c th s dng mt s chng trnh gii m gii m cc file cha password trn h thng my tnh ca nn nhn. Do , nhng mt khu ngn v n gin thng rt d b pht hin. Ngoi ra, hacker c th tn cng trc tip thng qua cc li ca chng trnh hay h iu hnh lm cho h thng t lit hoc h hng. Trong mt s trng hp, hacker ot c quyn ca ngi qun tr h thng. 3.2. K thut nh la : Social Engineering y l th thut c nhiu hacker s dng cho cc cuc tn cng v thm nhp vo h thng mng v my tnh bi tnh n gin m hiu qu ca n. Thng c s dng ly cp mt khu, thng tin, tn cng vo v ph hy h thng. V d : k thut nh la Fake Email Login. V nguyn tc, mi khi ng nhp vo hp th th bn phi nhp thng tin ti khon ca mnh bao gm username v password ri gi thng tin n Mail Server x l. Li dng vic ny, nhng ngi tn cng thit k mt trng web ging ht nh trang ng nhp m bn hay s dng. Tuy nhin, l mt trang web gi v tt c thng tin m bn in vo u c gi n cho h. Kt qu, bn b nh cp mt khu !

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Nu l ngi qun tr mng, bn nn ch v d chng trc nhng email, nhng messengers, cc c in thoi yu cu khai bo thng tin. Nhng mi quan h c nhn hay nhng cuc tip xc u l mt mi nguy him tim tng. 1.1. K thut tn cng vo vng n Nhng phn b du i trong cc website thng cha nhng thng tin v phin lm vic ca cc client. Cc phin lm vic ny thng c ghi li my khch ch khng t chc c s d liu trn my ch. V vy, ngi tn cng c th s dng chiu chc View Source ca trnh duyt c phn u i ny v t c th tm ra cc s h ca trang Web m h mun tn cng. T , c th tn cng vo h thng my ch. V d: Mt website cho php bn sa cc cp thnh vin Mod, Members, Banned nhng khng cho php bn sa ln cp Admin. Bn th View Code ca website ny, bn c th thy nh sau :
<form action= method=post name=settings> <select class=search name=status> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option> </select>

T dng m trn, bn c th suy lun nh sau: Banned s mang gi tr l 3, Member mang gi tr 2, Moderator mang gi tr 1. Vy bn c th suy lun Admin c gi tr l 0 chng hn. Tip tc, bn lu trang setting member , sau chuyn sang mt trnh text hiu chnh on code nh sau :
<form action= method=post name=settings> <select class=search name=status> <option value=0> Admin</option> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option>

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

</select>

n y, bn m trang web v nhn submit. Lc ny vn khng c chuyn g xy ra. Nhng bn nn lu n mt chiu thc ny khai thng l hng ca n : dng lnh V d : http://www.hcmut.edu.vn/sinhvien/xemdiem.php sa code nh sau :
<form action= http://www.hcmut.edu.vn/sinhvien/xemdiem.php method=post name=settings> . <select class=search name=status> <option value=0> Admin</option> <option value=1> Moderator</option> <option value=2>Member</option> <option value=3>Banned</option> </select>

By gi bn th submit mt ln na v xem kt qu. Bn s thnh cng nu code n. 3.3. Tn cng vo cc l hng bo mt Hin, nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh, cc web server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l hng v a ra cc phin bn mi sau khi v li cc l hng ca cc phin bn trc. Do , ngi s dng phi lun cp nht thng tin v nng cp phin bn c m mnh ang s dng nu khng cc hacker s li dng iu ny tn cng vo h thng. Thng thng, cc forum ca cc hng ni ting lun cp nht cc l hng bo mt v vic khai thc cc l hng nh th no th ty tng ngi. 3.3.1. Khai thc tnh trng trn b m Trn b m l mt tnh trng xy ra khi d liu c gi qu nhiu so vi kh nng x l ca h thng hay CPU. Nu hacker khai thc tnh trng trn b m ny th h c th lm cho h thng b t lit hoc lm cho h thng mt kh nng kim sot. khai thc c vic ny, hacker cn bit kin thc v t chc b nh, stack, cc lnh gi hm. Shellcode.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Khi hacker khai thc li trn b m trn mt h thng, h c th ot quyn root trn h thng . i vi nh qun tr, trnh vic trn b m khng my kh khn, h ch cn to cc chng trnh an ton ngay t khi thit k. 3.3.2. Nghe trm Cc h thng truyn t thng tin qua mng i khi khng chc chn lm v li dng iu ny, hacker c th truy cp vo data paths nghe trm hoc c trm lung d liu truyn qua. Hacker nghe trm s truyn t thng tin, d liu s chuyn n sniffing hoc snooping. N s thu thp nhng thng tin qu gi v h thng nh mt packet cha password v username ca mt ai . Cc chng trnh nghe trm cn c gi l cc sniffing. Cc sniffing ny c nhim v lng nghe cc cng ca mt h thng m hacker mun nghe trm. N s thu thp d liu trn cc cng ny v chuyn v cho hacker. 3.3.3. K thut gi mo a ch Thng thng, cc mng my tnh ni vi Internet u c bo v bng bc tng la(fire wall). Bc tng la c th hiu l cng duy nht m ngi i vo nh hay i ra cng phi qua v s b im mt. Bc tng la hn ch rt nhiu kh nng tn cng t bn ngoi v gia tng s tin tng ln nhau trong vic s dng to nguyn chia s trong mng ni b. S gi mo a ch ngha l ngi bn ngoi s gi mo a ch my tnh ca mnh l mt trong nhng my tnh ca h thng cn tn cng. H t t a ch IP ca my tnh mnh trng vi a ch IP ca mt my tnh trong mng b tn cng. Nu nh lm c iu ny, hacker c th ly d liu, ph hy thng tin hay ph hoi h thng. 3.3.4. K thut chn m lnh Mt k thut tn cng cn bn v c s dng cho mt s k thut tn cng khc l chn m lnh vo trang web t mt my khch bt k ca ngi tn cng. K thut chn m lnh cho php ngi tn cng a m lnh thc thi vo phin lm vic trn web ca mt ngi dng khc. Khi m lnh ny chy, n s cho php ngi tn cng thc hin nhiu nhiu chuyn nh gim st phin lm vic trn trang web hoc c th ton quyn iu khin my tnh ca nn nhn. K thut tn cng ny thnh cng hay tht bi ty thuc vo kh nng v s linh hot ca ngi tn cng. 3.3.5. Tn cng vo h thng c cu hnh khng an ton Cu hnh khng an ton cng l mt l hng bo mt ca h thng. Cc l hng ny c to ra do cc ng dng c cc thit lp khng an ton hoc ngi qun tr h thng nh cu hnh khng an ton. Chng hn nh cu hnh my ch web cho php ai cng c quyn duyt qua h

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

thng th mc. Vic thit lp nh trn c th lm l cc thng tin nhy cm nh m ngun, mt khu hay cc thng tin ca khch hng. Nu qun tr h thng cu hnh h thng khng an ton s rt nguy him v nu ngi tn cng duyt qua c cc file pass th h c th download v gii m ra, khi h c th lm c nhiu th trn h thng. 3.3.6. Tn cng dng Cookies Cookie l nhng phn t d liu nh c cu trc c chia s gia website v trnh duyt ca ngi dng. Cookies c lu tr di nhng file d liu nh dng text (size di 4KB). Chng c cc site to ra lu tr, truy tm, nhn bit cc thng tin v ngi dng gh thm site v nhng vng m h i qua trong site. Nhng thng tin ny c th bao gm tn, nh danh ngi dng, mt khu, s thch, thi quen, Cookies c Browser ca ngi dng chp nhn lu trn a cng ca my tnh, khng phi Browser no cng h tr cookies. 3.3.7. Can thip vo tham s trn URL y l cch tn cng a tham s trc tip vo URL. Vic tn cng c th dng cc cu lnh SQL khai thc c s d liu trn cc my ch b li. in hnh cho k thut tn cng ny l tn cng bng li SQL INJECTION. Kiu tn cng ny gn nh nhng hiu qu bi ngi tn cng ch cn mt cng c tn cng duy nht l trnh duyt web v backdoor. 3.3.8. V hiu ha dch v Kiu tn cng ny thng thng lm t lit mt s dch v, c gi l DOS (Denial of Service - Tn cng t chi dch v). Cc tn cng ny li dng mt s li trong phn mm hay cc l hng bo mt trn h thng, hacker s ra lnh cho my tnh ca chng a nhng yu cu khng u vo u n cc my tnh, thng l cc server trn mng. Cc yu cu ny c gi n lin tc lm cho h thng nghn mch v mt s dch v s khng p ng c cho khch hng. i khi, nhng yu cu c trong tn cng t chi dch v l hp l. V d mt thng ip c hnh vi tn cng, n hon ton hp l v mt k thut. Nhng thng ip hp l ny s gi cng mt lc. V trong mt thi im m server nhn qu nhiu yu cu nn dn n tnh trng l khng tip nhn thm cc yu cu. l biu hin ca t chi dch v.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

3.3.9. Mt s kiu tn cng khc L hng khng cn login

Nu nh cc ng dng khng c thit k cht ch, khng rng buc trnh t cc bc khi duyt ng dng th y l mt l hng bo mt m cc hacker c th li dng truy cp thng n cc trang thng tin bn trong m khng cn phi qua bc ng nhp. Thay i d liu

Sau khi nhng ngi tn cng c c d liu ca mt h thng no , h c th thay i d liu ny m khng quan tm n ngi gi v ngi nhn n. Nhng hacker c th sa i nhng thng tin trong packet d liu mt cch d dng. Password-base Attact

Thng thng, h thng khi mi cu hnh c username v password mc nh. Sau khi cu hnh h thng, mt s admin vn khng i li cc thit lp mc nh ny. y l l hng gip nhng ngi tn cng c th thm nhp vo h thng bng con ng hp php. Khi ng nhp vo, hacker c th to thm user, ci backboor cho ln vin thm sau. Identity Spoofing

Cc h thng mng s dng IP address nhn bit s tn ti ca mnh. V th a ch IP l s quan tm hng u ca nhng ngi tn cng. Khi h hack vo bt c h thng no, h u bit a ch IP ca h thng mng . Thng thng, nhng ngi tn cng gi mo IP address xm nhp vo h thng v cu hnh li h thng, sa i thng tin, Vic to ra mt kiu tn cng mi l mc ch ca cc hacker. Trn mng Internet hin nay, c th s xut hin nhng kiu tn cng mi c khai sinh t nhng hacker thch my m v sng to. Bn c th tham gia cc din n hacking v bo mt m rng kin thc.

4. Cc bin php pht hin h thng b tn cng


Khng c mt h thng no c th m bo an ton tuyt i, bn thn mi dch v u c nhng l hng bo mt tim tng. ng trn gc ngi qun tr h thng, ngoi vic tm hiu pht hin nhng l hng bo mt cn lun phi thc hin cc bin php kim tra h thng xem c du hiu tn cng hay khng. Cc bin php l: Kim tra cc du hiu h thng b tn cng: h thng thng b treo hoc b crash bng nhng thng bo li khng r rng. Kh xc nh nguyn nhn do thiu thng tin lin quan. Trc tin, xc nh cc nguyn nhn v phn cng hay khng, nu khng phi phn cng hy ngh n kh nng my b tn cng.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

Kim tra cc ti khon ngi dng mi trn h thng: mt s ti khon l, nht l uid ca ti khon c uid= 0. Kim tra xut hin cc tp tin l. Thng pht hin thng qua cch t tn cc tp tin, mi ngi qun tr h thng nn c thi quen t tn tp tin theo mt mu nht nh d dng pht hin tp tin l. Dng cc lnh ls -l kim tra thuc tnh setuid v setgid i vi nhng tp tinh ng ch (c bit l cc tp tin scripts). Kim tra thi gian thay i trn h thng, c bit l cc chng trnh login, sh hoc cc scripts khi ng trong /etc/init.d, /etc/rc.d Kim tra hiu nng ca h thng. S dng cc tin ch theo di ti nguyn v cc tin trnh ang hot ng trn h thng nh ps hoc top Kim tra hot ng ca cc dch v m h thng cung cp. Chng ta bit rng mt trong cc mc ch tn cng l lm cho t lit h thng (Hnh thc tn cng DoS). S dng cc lnh nh ps, pstat, cc tin ch v mng pht hin nguyn nhn trn h thng. Kim tra truy nhp h thng bng cc account thng thng, phng trng hp cc account ny b truy nhp tri php v thay i quyn hn m ngi s dng hp php khng kim sot c. Kim tra cc file lin quan n cu hnh mng v dch v nh /etc/inetd.conf; b cc dch v khng cn thit, i vi nhng dch v khng cn thit chy di quyn root th khng chy bng cc quyn yu hn. Kim tra cc phin bn ca sendmail, /bin/mail, ftp, tham gia cc nhm tin v bo mt c thng tin v l hng ca dch v s dng

4.1. Cc quy tc bo mt
Ti trung tm hi p v an ton bo mt thng tin ca hng Microsoft, hng nghn cc bn bo co v an ninh h thng c nghin cu trong mi nm. Trong mt s trng hp, kt qu v mc an ton ca h thng xut pht t li trong sn phm. iu ny c ngha l s c mt bn sa li pht trin ngay sau khc phc li va tm c. Trong mt s trng hp, cc vn c bo co l kt qu n gin do li ca ai to ra trong qu trnh s dng sn phm. Nhng li c rt nhiu trng hp m khng ri vo hai trng hp trn. chnh l cc vn an ton bo mt thng tin thc s, nhng cc vn ny li khng do cc thiu st t sn phm. Theo nm thng, mt danh sch v nhng vn nh vy c pht trin gi l Mi quy tc then cht v an ton v bo mt.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

10

ng gi h thng ca bn hot ng trong khi ch i mt phin bn sa li mi m hy bo v bn t cc vn m chng ti a ra di y. Cc li ny khng th do Microsoft hay bt k cc nh sn xut phn mm no c th sa c, bi v chng c to ra do chnh cch hot ng ca cc my tnh. Nhng cng ng nh mt ht hi vng iu ny ph thuc vo chnh bn thn bn vi cc li ny v nu bn gi chng trong u mnh bn c th ci thin mt cch ng k cc h thng bo mt ca bn. Mi Quy Tc Then Cht Trong Bo Mt Quy tc 1 : Nu mt ngi no c th thuyt phc bn chy chng trnh ca anh ta trn my tnh ca bn, N s khng cn l my tnh ca bn na. Quy tc 2: Nu mt ngi no c th sa i h iu hnh trn my tnh ca bn, N s khng cn l my tnh ca bn na. Quy tc 3: Nu mt ngi no truy cp vt l khng hn ch ti my tnh ca bn. N s khng cn l my tnh ca bn na. Quy tc 4: Nu bn cho php mt ngi no y cc chng trnh ti website ca bn. N s khng cn l website ca bn. Quy tc 5: Cc mt khu d nhn c th lm hng h thng bo mt mnh. Quy tc 6: Mt h thng ch c an ton nh s tin tng nh qun tr. Quy tc 7: D liu c m ho ch nh cha kho gii m. Quy tc 8: Mt h thng qut virus ht hn th cng cn tt hn khng c h thng dit virus no. Quy tc 9: Tnh trng du tn hon ton khng thc t. Quy tc 10: Cng ngh khng phi l tt c

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

11

Phn II.

FOOTPRINTING

1. Gii thiu
Trc tin, cc bn cn hiu khi nim Reconnaissance ! y l qu trnh thu thp cng nhiu thng tin cng tt v mt mc tiu cn tn cng hay khai thc, c th l mt trang web hay mt h thng my ch, router . Qu trnh ny bao gm 3 bc l Footprinting, Scanning (qut li mt h thng t bn trong hay bn ngai) v Enumeration, y l 3 bc pre -attack ca mt hacker m chng ta cn nh k cho qu trnh thc hnh penetration test. Trong Footprinting l tin trnh u tin dng thu thp cc thng tin cn thit ca mt t chc thng qua cc c s d liu cng khai nh cc thng tin v tn min ca t chc, danh bn in thai, cc trang vng doanh nghip tm kim a ch, s in thai, a ch email ca cc b phn .v.v. y l bc rt quan trng v cc attacker thng dnh ra n 90% thi gian tin hnh thu thp thng tin, cn qu trnh tn cng ch din ra trong 10% trong ton b qu trnh. iu ny cng ging nh bc chun b khi chng ta cn tin hnh trin khai mt cng vic no trong qu trnh kinh doanh hay pht trin tng mi. Ging nh khi x th cn tiu dit mt mc tiu th cc cng an m anh ta cn tin hnh l : Xc nh mc tiu, Nhm/Nhm cho tht k & Bn. Trong qu trnh xc nh tm kim mc tiu v nhm bn chim nhiu thi gian nht trong tan b tin trnh. Thng tin cng nhiu th c hi tn cng thnh cng cng cao. tin hnh thu thp thng tin mt cch khoa hc, cc hacker/attacker cn thc hin theo mt s nh sau: 1. Tm kim t cc ngun thng tin. 2. Xc nh cc dy a ch mng. 3. Xc nh cc my cn hat ng 4. Tm kim nhng port m (open port) hay im truy cp ca mc tiu (access point) 5. D tm h iu hnh ca mc tiu. 6. Tm kim cc dch v ang hat ng trn nhng port m. 7. Lp m hnh mng. Trong 7 bc trn th bc 1 v 2 chinh l tin trnh Footprinting, cc bc cn li thuc giai

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

12

an scanning v enumeration. Tip theo chng ta s i vo phn tch chi tit cc bc trn v nhng thao tc k thut cn tin hnh. Trong cng an u tin cc bn cn tn dng cc ngun ti nguyn thc hin Footprinting

Thng tin tm kim: Network Informations: Domain, Network blocks, IP, TCP hay UDP, System Enumeration, ACLs, IDSes, v.v.. System Informations: OS, user and group name, system name, kin trc system, SNMP, Routing Organziation Informations: Tn cng ty, nhn vin, websites, a ch, s in thoi, Email lin lc, cc kin thc lin quan n tnh hnh kinh doanh ca cng ty. Cc ngun thng tin: Cc ngun ti nguyn m l nhng d liu cng khai nh trang vng doanh nghip, danh bn in thai. Whois Nslookup

Hacking Tool: Sam Spade, Visual Route, 3D Trace, Email Tracker Pro, Network-Tool Trong qu trnh ny cng c tm kim Google lun l la chn s 1 ca cc attacker. Rt nhiu ngun ti liu sp xp Google l mt trong nhng cng c hacking hng u ca cc hacker v thm ch c c mt ti liu hng dn s dng Google tin Hacking gi l Google Hacke ca Jonhny ti trang web http://johnny.ihackstuff.com Internal URL: Khi bit c tn domain ca cng ty, hacker c th tm ra cc my ch bn trong h thng bng cch an nhng tn my ch thng dng nh mail.domainname.com, hay www.domainname.com .

2. Cc kiu Footprinting
a. Ative Footprinting

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

13

Tip xc trc tip vi mc tiu tm kim thng tin v mc tiu nh: tn , a ch, ch s hu, network , cng ty, nhn vin .vv.. Lin lc qua Email tm hiu cc thng tin c th. Phng php ny i hi nhiu k nng giao tip, v k nng khai thc thng tin nu nh bn c u c thm t th mi chuyn tr nn n gin rt nhiu. b. Pasive Footprinting Khc vi cc hnh thc thu thp thng tin trc tip th phng php thu thp thng tin b ng cng rt c a chung. y l bin php tm kim thng tin v mc tiu t cc ngun d liu min ph trn Internet thay v lin h trc tip vi cc nhn vin hay ngi dng ca t chc. V d mt s trng hp thng tin cung cung trn web site khng p ng c yu cu cc hacker c th s dng tnh nng Way Back Machine ca trang web http://www.archive.org/index.php Ngai ra, c mt s trang web cung cp cc thng tin c nhn nh http://peopl e.yahoo.com hay tm kim trn nhng trang tuyn dng nh Vietnamworks.Com hoc cc trang tuyn dng quc t, s dng nhng trang tm kim thng tin c nhn mi nh Best People Search, AnyWho v nhiu website khc.Bn cnh , cc hacker cn c th s dng nhng tin ch cung cp bn trc tuyn nh Google Map hay Intelius.Com tm kim v tr ca c nhn hay t chc. Chng ta cng tng nghe nguy c cc t chc khng b quc t s dng cc cng c ny xc nh v tr tn cng trong hay hong gia Brunei b thn dn ca mnh s dng Google Earth pht hin s t ai m h chim gi.

3. Phng php Footprinting


Tip theo chng ta s tm hiu v s dng cc cng c phc v cho mc ch thu thp thng tin nh Whois hay Smart Whois trong qu trnh tm kim cc thng tin lin quan n domain name. Tm v xc nh ng i n mt trang web hay my ch bng NeoTrace, Visual Route hay 3D Trace Route. Tm kim cc a ch email theo ch hay domain name bng 1 - eMail Address Spider, xc nh ngun gc v ni gi email vi emailTrackerpro, s dng MetaSearch Katoo Online Tool v nhiu cng c khc. Khi kt hp nhiu cng c th tnh chnh xc v cht lng thng tin c nng cao, t l thnh cng khi tn cng v th cng c nng cao. Internet footprinting Competitive Intelligence Gathering L phng php thu thp thng tin t cc ngun nh Internet v mt cng ty hay t chc no . Competitive Intelligence

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

14

c th l sn phm hay mt tin trnh v d nh cc hnh ng thu thp v phn tch d liu, xc nhn thng tin. Nhng cng c thng c s dng cho qu trnh Footprinting : Competitive Intelligence Gathering nh : Whois ARIN Nslookup Neo Trace VisualRoute Trace SmartWhois VisualLookout eMailTrackerPro

Whois footprinting Whois c cng c (nh SmartWhois) hay tin ch online www.whois.net dng thu thp thng tin lin quan n mt tn min no bao gm ni hosting ca website, tn v a ch lin lc ca ngi qun tr, a ch IP ca Web Server v cc my ch phn gii tn min DNS. y l kt qu ca whois www.facebook.com
Creation Date (?) 1997-03-29 Expiration Date (?) 2020-03-29 Registrant (?) Domain Facebook, 1601 Menlo Administrator Inc. Road 94025

Willow Park CA

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

15

US domain@fb.com +1.6505434800 Fax: +1.6505434800 Admin Contact (?) Domain Facebook, 1601 Willow Menlo Park US domain@fb.com +1.6505434800 Fax: +1.6505434800 Tech Contact (?) Domain Facebook, 1601 Willow Menlo Park US domain@fb.com +1.6505434800 Fax: +1.6505434800 Name Servers (?) A.NS.FACEBOOK.COM B.NS.FACEBOOK.COM Registrar (?) MARKMONITOR INC. Status (?) clientDeleteProhibited clientTransferProhibited clientUpdateProhibited serverDeleteProhibited serverTransferProhibited serverUpdateProhibited Updated Date (?) 2012-09-28 Administrator Inc. Road 94025 Administrator Inc. Road 94025

CA

CA

C s d liu ca Whois c chia lm 4 vng chnh l ARIN (North America v sub-Saharan Africa)

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

16

APNIC (Asia Pacific) LACNIC (Southern v Central America v Caribbean) RIPE NCC (Europe v northern Africa) Thng th ARIN Whois Database s c tm kim trc tin, nu khng tm thy thng tin whois ca mt trang web trong ARIN th c th thng tin ny s c lu gi CSDL ca APNIC, LACNIC hay RIPE NCC. Cc bn c th s dng www.allwhois.com tin hnh tm kim thng tin trn tt c cc co s d liu thuc cc vng khc nhau. Ngoi nhng trang web chuyn cung cp nhng dch v whois th c nhiu cng c c th p ng c yu cu ny nh: Sam Spade, Smart www.geektools.com Whois, Netscan v GTWhois (Windows XP compatible),

Mt s h iu hnh nh Unix, Linux cung cp tin ch Whois tch hp trn h thng v s dng nhng tin ch ny chng ta c th s dng lnh theo c phap nh sau: whois -h hostname identifier v d whois -h whois.arin.net <query string> V d sau l kt qu Whois Google.Com c tm kim t cc c s d liu ca internic.net :
Domain Name: GOOGLE.COM Registrar: ALLDOMAINS.COM INC. Whois Server: whois.alldomains.com Referral URL: http://www.alldomains.com Name Server: NS2.GOOGLE.COM Name Server: NS1.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM Status: REGISTRAR-LOCK Updated Date: 03-oct-2002 Creation Date: 15-sep-1997

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

17

Expiration Date: 14-sep-2011

Cc tool thng s dng l : sam space, My IP Suite, CountryWhois, LanWhois, Arin Database Search, Whois Lookup, AutoWhois. Vv.. DNS footprinting Tm kim cc thng tin v DNS v Vic nghin cu n s gip chng ta phn bit r server m chng ta ang tm c chc nng g. A (address): nh x hostname thnh a ch IP. SOA (Start of Authoriy): Xc nh bng ghi thng tin ca DNS Server.

CNAME (canonical name): Cung cp nhng tn bit danh (alias) cho tn min ang c. MX (mail exchange): Xc nh mail server cho domain SRV (service): Xc nh nhng dch v nh nhng directory service PTR (pointer): nh x a ch ip thnh hostname NS (name server): Xc nh Name Server khc cho domain

Nslookup
Nslookup l chng trnh truy vn tn min trn Internet ca cc my ch, cc kt qu thu c t Nslookup c th c hacker s dng m phng cu trc DNS ca t chc, tm kim thm cc thng t in b sung v nhng my ch ni b hay thng tin MX record ca mail server.Trn cc h thng Windows hay Linux/Unix u c cng c nslookup km theo. Ngoi ra chng ta c th s dng SamSpade tin hnh nslookup. Ngai vic tm kim cc thng tin v tn min internet ca cc my ch th nslookup cn lmt cng c hu ch cho qu trnh chn an, khc

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

18

phc v x l cc s c mng lin quan n vn phn gii tn min, truy cp internet ca ngi dng hay kim tra h thng Active directory sau khi ci t... V d sau l kt qu ca tin trnh s dng dng cng c nslookup trn Linux/Unix v my ch
cracker.com: $ nslookup Default Server: cracker.com Address: 10.11.122.133 Server 10.12.133.144 Default Server: ns.targetcompany.com Address 10.12.133.144 set type=any ls -d target.com systemA 1DINA 10.12.133.147 1DINHINFO "Exchange MailServer" 1DINMX 10 mail1 geekL 1DINA 10.12.133.151 1DINTXT "RH6.0"

Hack Tools: Dnsmap, nslookup, DNS analyzer, DNS tool. V.vv

Network footprinting: Traceroute l gi cng c c ci t sn trong hu ht cc h iu hnh. Chc nng ca n l gi mt gi tin ICME Echo n mi hop (router hoc gateway), cho n khi n c ch. Khi gi tin ICMP gi qua mi router, trng thi gian sng (Time To Live TTL) c tr i xung mt mc. Chng ta c th m c c bao nhiu Hop m gi tin ny i qua, tc l n c ch phi qua bao nhiu router. Ngoi ra, chng ta s thu c kt qua l nhng router m gi tin i qua.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

19

Mt vn ln khi s dng Traceroute l ht thi gian i (time out), khi gi tin i qua tng la hoc router c chc nng lc gi tin. Mc d tng la s chn ng vic gi tin ICMP i qua, nhng n vn gi cho hacker mt thng bo cho bit s hin din ny, k n vi k thut vt tng la c th c s dng. Note: nhng phng php k thut ny l phn ca tn cng h thng, chng ta s c tho lun trong chng 4: System hacking. Sam Spade v nhiu cng c hack khc bao gm 1 phin bn ca traceroute. Nhng h iu hnh Window s dng c php tracert hostname xc nh mt traceroute. Hnh 2.5 l mt v d v traceroute hin th vic theo di theo www.yahoo.com u tin s c mt qu trnh phn gii tn min tm kim a ch cho Yahoo Web Server, v a ch ip ca server c tm thy l 68.142.226.42. Bit a ch IP ny cho php hacker thc hin qu trnh qut ton b h thng phc v cho cng vic tn cng. Chng ta s tm hiu v cc cng ngh qut (Scan) trong chng tip theo.

Hnh 1: tracert yahoo.com Hacking tools Neo trace, Visualroute, v VisualLookout l nhng cng c c giao din ha thc hin chc nng Traceroute.

Website footprinting:

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

20

Web Spoder l cng ngh thu thp nhng thng tin t internet. y l cch l spammer hoc bt ai quan tm n email dng thu thp danh sch email hu dng. Web Spider s dng nhng cu php, v d nh biu tng @, xc nh email hay, k n sao chp chng vo c s d liu. D liu ny c thu thp phc v cho mt mc ch khc. Hacker c th s dng Web Spider tng hp cc loi thng tin trn internet. C mt phng php ngn chn Spider l thm file robots.txt trong thc mc gc ca website vi ni dung l danh sch cc th mc cn s bo v. Bn s tm hiu ch ny trong phn ni v Web Hacking. Hacking tool 1st email address spider v SpiderFoot l cng c cho php chng ta thu thp email t website theo nhng tn min khc nhau. Nhng spammer s dng cng c ny tin hnh thu thp hng lot email, phc v cho mc ch spam ca h. Email footprinting: E-mailtracking l chng trnh cho php ngi gi bit c nhng vic lm ca ngi nhn nh reads, forwards, modifies, hay deletes. Hu ht cc chng trnh E-mailtracking hot ng ti server ca tn min email. Mt file ha n bit c s dng nh km vo email gi cho ngi nhn, nhng file ny s khng c c. Khi mt hnh ng tc ng vo email, file nh km s gi thng tin li cho server cho bit hnh ng ca server. Bn thng thy nhng file ny nh km vo email vi ci tn quen thuc nh noname, noread... Hacking tool Emailtracking pro v mailtracking.com l nhng cng c gip hacker thc hin chc nng theo di email. Khi s dng cng c, tt c nhng hot ng nh gi mail, tr li, chuyn tip, sa mail u c gi n ngi qun l. Ngi gi s nhn c nhng thng bo ny mt cch t ng. Trong backtrack 5 c cng c mnh m c th footprinting l Maltego y l mt cng c dng pht hin cc lin kt gia: Ngi s dng, c quan, t chc, website , domain, di mng, a ch IP, s dng n cn ng k mt ti khon, vic s dng Maltego rt d dng v c trc qua ha bng giao din ha

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

21

Hnh 2: Maltego

Google Hacking Google hacking thc hin nhng cng vic nh: S dng b my tm kim truy tm thng tin ca i tng cn theo di. o Cng l b my tm kim, vi nhng c php tm kim c bit c th gip hacker tm thy nhng thng tin c bit c lin quan n bo mt, nh username, computername, password, page logon o S dng Google thc hin cc v tn cng

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

22

Google hacking basiccAnonymity with Caches Chc nng Cache tht s l qu tuyt vi ca Google. Google lu li nhiu website m bn v nhng ngi khc truy cp. Bt c khi no, bn u c th xem li trang web c lu trong b nh cache ny ca google, ngay c khi n b xa khi server trn mng. V nh ni Google Cache lu li mi th .

Hnh 3:Mi th c lu trong cache

Google lu li mi d liu m n thu thp c. C n hng Tegabyte d liu web b r r hng nm. Hacker c th li dng vo Google thc hin mt cuc tn cng n danh. Bn ng mt thng tin ln website ca mnh. Mt thi gian khng lu sau , bn xa trang i, v khng mun tin ny pht tn na. Th nhng mi ngi vn xem c nhng thng tin do bn ng ln. H khng xem trc tip t website ca bn m xem trong b nh cache ca Google. Bn vo trang in thng tin c nhn khi ng k tham gia mt trang web bn hng trc tuyn. Tht tai hai, khi thng tin ca bn c nh cung cp dch v bn hng ha l gi b mt, m n vn b r r ra bn ngoi. Chuyn g xy ra? chnh l v bn b Google cache thng tin ca bn li, khi bn vo xem trang thng tin ca mnh. Ni tm li, nhiu thng tin nhy cm ca bn v ca cng ty, t chc c th b Google cache li. V n lc no bn khng mun n xut hin trn internet na, th n li vn cn xut hin thng qua b nh cache ca google. Nu mt hacker tinh khn, anh ta c th tm thy nhiu thng tin hu ch lu trong b nh cache ny

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

23

Tm kim th mc v tp tin c bit l nhng th mc nh adminitrator, configuration, hay nhng file *.log, *.sys, *.conf Nu mun tm nhng thc mc c bit nh th c th kt hp thm t kha intitle: V d c php: intitle: index of admin hoc intitle: index of inurl: admin s cho chng ta kt qu l nhng trang web c lin quan n trang qun tr ca website. C php intile: index of ws_ftp.log s gip chng ta tm kim file ws_ftp.log C rt nhiu vn v google hacking cn c khm ph. N l mt cng c tuyt vi m cc hacker chuyn nghip cn khai thc.

4. Tng kt
Footprinting l mt phng php cng khai v tm kim ci thng tin hp php nn khng c cch thc no pht hin v ngn chn n. Bc ny tm kim cc thng tin phc v cho cc qu trnh lp t in d liu sau ny crack password rt hiu qu.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

24

Phn III.
1. Gii thiu

SCANNING

Nu footprinting l vic xc nh ngun thng tin ang u th scanning l vic tm ra tt c cc cnh ca xm nhp vo ngun thng tin . Trong qu trnh footprinting, chng ta t c danh sch dy mng IP v a ch IP thng qua nhiu k thut khc nhau bao gm whois v truy vn ARIN. K thut ny cung cp cho nh qun tr bo mt cng nh hacker nhiu thng tin co gi tr v mng ch, dy IP, DNS servers v mail servers. Trong chng ny, chng ta s xc nh xem h thng no ang lng nghe trn giao thng mng v c th bt c qua vic s dng nhiu cng c v k thut nh ping sweeps, port scan. Chng ta c th d dng vt tng la bng tay (bypass firewalls) scan cc h thng gi s nh n ang b kha bi chnh sch trch lc (filtering rules). i tng ca Scanning: Live System: Xc nh xem h thng m chng ta ang nhm ti c cn hot ng hay khng. My tnh (host) ang qut c hot ng trn internet hay khng. a ch ip c ang trong trng thy public. Port: Mc tiu tip theo l xc nh cc port ang m. Vic xc nh port ny cho php chng ta bit my tnh ang m cc dch v no. T xc nh c mc ch ca cuc tn cng. Operating System: Xc nh h iu hnh ang s dng trn my tnh mc tiu s gip hacker tm ra cc l hng thng dng. Cc h iu hnh khng nhiu th t cng tim n nhng l hng to iu kin cho k tn cng t nhp. Xc nh h iu hnh cn phi xc nh phin bn ca n. Service: Hiu r nhng dch v ang chy v lng nghe trn h thng ch. Phin bn ca dch v no cng cha nhng li nh, m nu bit khai thc l nh th n khng cn nh cht no. IP Address: Khng ch c mt ip ca mt host, m chng ta cng cn xc nh dy a ch mng, v nhng host khc c lin quan nh Default gateway, DNS Server

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

25

2. Chng nng 2.1. Tm cc host cn ang hot ng Mt trong nhng bc c bn lp ra mt mng no l ping sweep trn mt dy mng v IP xc nh cc thit b hoc h thng c ang hot ng hay khng. Ping thng c dng gi cc gi tin ICMP ECHO ti h thng ch v c gng nhn c mt ICMP ECHO REPLY bit h thng ang hot ng. Ping c th c chp nhn xc nh s lng h thng cn sng c trong mng trong mng va v nh ( Lp C c 254 v B c 65534 a ch) v chng ta c th mt hng gi, hng ngy hon thnh cho nhnh mng lp A 16277214 a ch. 2.2. Netword Ping Sweeps Netword pinging l hnh ng gi cc loi ca giao thng mng ti ch v phn tch kt qu. Pinging s dng ICMP (Internet Control Message Protocol). Ngoi ra, n cn s dng TCP hoc UDP tm host cn sng. thc hin ICMP ping sweep, ta c th s dng fping, nmap,. Fping a g 192.168.1.1 192.168.1.10 -a hin thi host ang sng: alive -g dy a ch: 192.168.1.0/24

Hnh 4: Fping a g 192.168.1.1 192.168.1.10

Nmap sP PE 192.168.1.0/24 -sP: ping scan

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

26

-PE: ping echo

Hnh 5: Nmap sP PE 192.168.1.0/24

Phng chng: chng ta c th dng pingd gi tt c cc giao thng mng ICMP ECHO v ICMP ECHO REPLY cp host. im ny t c bng cch g b s h tr ca vic x l ICMP ECHO t nhn h thng. V mt c bn, n cung cp mt c ch iu khin truy cp mc h thng. 2.3. Xc nh cc dch v ang chy hoc ang lng nghe 2.3.1. Port Scanning Port scanning l qu trnh gi cc gi tin ti cng TCP v UDP trn h thng ch xc nh dch v no ang chy hoc trong tnh trng ang lng nghe. Vic xc nh ang lng nghe l rt quan trng xc nh cc dch v ang chy. Thm vo , chng ta c th xc nh loi v phin bn h iu hnh ang chy v ng dng ang x dng. 2.3.2. Cc Loi Scan

Trc khi thc hin port scanning, chng ta nn im qua mt s cch thc qut sn c: TCP Connect scan: loi ny kt ni ti cng ch v thc hin y quy trnh bt tay ba bc (SYN, SYN/ACK, ACK). Tuy nhin iu ny th d dng b pht hin bi h thng ch. N s dng li gi h thng thay cho cc gi tin sng (raw packets) v

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

27

thng c s dng bi nhng ngi dng Unix khng c quyn.V SYN Scan khng th thc hin c. CP SYN scan: n khng to ra mt kt ni ti ngun m ch gi gi tin SYN(bc u tin trong ba bc to kt ni) ti ch. Nu a gi tin SYN/ACK c tr v th chng ta bit c cng ang lng nghe. Ngc li, nu nhn c RST/ACK th cng khng lng nghe. K thut ny kh b pht hin hn l TCP connect v n khng lu li thng tin my tnh ch. Tuy nhin, mt trong nhng nhc im ca k thut ny l c th to ra iu kin t chi dch v DoS nu c qu nhiu kt ni khng y c to ra. V vy, k thut ny l an ton nu khng c qu nhiu kt ni nh trn c to ra. TCP ACK Scan: k thut ny c dng vch ra cc quy tt thit lp tng la. n c th gip xc nh xem tng la l trnh trch lc cc gi tin n gin cho php to kt ni hay l trnh trch lc nng cao. Tuy nhin n khng th phn bit c cng no open hay closed. TCP Windows Scan: Ging vi ACK Scan, im khc l n c th pht hin cng open vi closed. UDP Scan: k thut ny gi mt gi tin UDP ti cng ch. Nu cng ch tr li vi thng ip ICMP port unreachable th cng closed. Nu khng nhn c thng ip trn th cng trn ang m. Tuy nhin, UDP scan l mt qu trnh rt chp nu nh chng ta c gng scan mt thit b no m c p chnh sch trch lc gi tin mnh. TCP FIN, XMAS, NULL: chng chuyn nghip trong vic ln lt vt tng la khm ph cc h thng pha sau. Tuy nhin, chng li ph thuc nhiu vo cch x l ca h thng ch m(in hnh l Windows) th khng c biu hin g.

2.3.3. Cng c nmap Nmap (Network Mapper) l mt tin ch ngun m min ph cho pht hin mng v kim ton an ninh. Nhiu qun tr mng v h thng cng tm thy s hu ch cho cc cng vic nh kim k mng li, dch v qun l lch trnh, v theo di thi gian hot ng dch v v my ch. Nmap s dng cc gi tin IP th trong cc phng php mi xc nh host no c sn trn mng, cc dch v (tn ng dng v phin bn) m host ang cung cp, h iu hnh g (v cc phin bn h iu hnh) m h ang chy, loi b lc gi tin hoc tng la no ang s dng, v nhiu c im khc. N c thit k scan nhanh chng cc mng ln, nhng ho. Nmap chy c trn tt c cc h iu hnh, v cc gi nh phn chnh thc c sn cho Linux, Windows, v Mac OS X.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

28

Loi Nmap Scan TCP connect

M t K tn cng to kt ni TCP(full TCP) ti h thng ch Nhng k tn cng kim tra dch v TCP bng cch gi gi d liu XMAS-tree. XMAS-tree c ngha l FIN,URG and PSH flag (ngha ca flag gii thch phn sau). c gi l qut na m(haft-open scanning). Hacker gi 1 gi SYN v nhn 1 gi SYN-ACK t server. l 1 cch tng hnh v kt ni full TCP khng c m. y l mt cch qut tin tin c th i qua tng la m khng b pht hin hay b sa i. Null (ch c dng nh lc hng trong mt m) scan c tt c c hay khng thit lp. Null scan ch hot ng trn h thng UNIX. y l loi qut tng t nh ACK scan v cng c pht hin cc cng m. Loi qut c s dng vch ra cc quy tc tng la. Ch lm vic trn UNIX.
Hnh 6: Cc kiu scan h tr trong nmap

XMAS tree scan

SYN stealth scan

Null scan

Windows scan

ACK scan

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

29

Hnh 7: Cc ty chn trong nmap

Cch dng n gin nht, khng c t tham s: nmap 192.168.1.0/24

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

30

Hnh 8: nmap 192.168.1.0/24

Ph thuc vo phc tp ca mng ch v cc host, qu trnh qut c th d dng b pht hin.Nmap cung cp kh nng lm gi a ch ngun vi ty chn Ddecoy. N c to ra lm trn ngp ci site ch vi nhng thng tin gi mo. Th c bn nm pha sau ty chn ny l chy scan gi cng lc vi scan tht. H thng ch s tr li trn cc a ch gi cng nh scan port thc ca chng ta. V quan trng hn c l a ch gi phi cn sng. Ngc li, qu trnhscan vi SYN v dn n iu kin t chi dch v

Nmap sSPE 192.168.1.0/24 D 10.10.10.1

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

31

Hnh 9: Nmap sSPE 192.168.1.0/24 D 10.10.10.1

2.3.4. Zenmap y l mt cng c h tr ha ca nmap Giao din chnh chng trnh

Hnh 10: Giao din chnh

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

32

Cch s dng : Target : a ch mc tiu cn qut Profile : cc tnh nng cn qut

Hnh 11: Mc tiu v Profile

Sau khi nhp a ch qut v chon cc profile cn thit ta nhn Scan tip qut mc tiu.

Hnh 12: Kt qu scan

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

33

Sauk hi qut xong ta c th xem kt qu ca qu trnh qut trong cc option ca n.

2.4.

Qut li h thng

Qut li h thng l qu trnh ch ng xc nh cc l hng ca h thng my tnh trn mng. Thng thng, mt my qut l hng u tin xc nh cc h iu hnh v s phin bn, bao gm cc gi dch v c th c ci t. Sau , my qut l hng xc nh cc im yu, l hng trong h iu hnh.Trong giai on tn cng sau , mt hacker c th khai thc nhng im yu t c quyn truy cp vo h thng. Mt h thng pht hin xm nhp (IDS) hay mt mng an ninh tinh vi chuyn nghip vi cc cng c thch hp c th pht hin cc hot ng port-scanning. Cc cng c d qut cng TCP/IP tm kim cc cng m v a ch IP, v l hng thng c th b pht hin, v cc my qut phi tng tc vi h thng ch trn mng. 1.1.1. Cng c nessus

1) Download phin bng Nessus dnh cho Windows ti a ch http://www.nessus.org/ 2) ng k 1 key min ph t website ca Nessus ti http://www.nessus.org/plugins/index.php?view=register dng cp nht cc li mi cho Nessus Server 3) Mt key active s c gi v a ch email m bn ng k 4) Nhp key ng k c ca bc 2 vo Activation Code -> Register trc khi tin hnh cp nht 5) Nhn vo Update Plugins tin hnh cp nht cc li mi cho Nessus Server 6) Sau khi ci t xong https://localhost:8834/ khi ng

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

34

Hnh 13: Giao din ng nhp nessus

7) Sauk hi ng nhp n s nh sau

Hnh 14: Giao din Scan

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

35

sacan mc tiu chn ta Nhn vo Add sau mn hnh s xut hin in tn mc tiu chn Policy cn scan sau nhp a ch ip mc tiu, c th nhp mt lc nhiu mc tiu, hoc c th dung file text lu dang sch mc tiu cn scan.

Hnh 15: Giao din Scan mc tiu chn

Hnh 16: Kt qu v cc li ca h iu hnh c lc exploit

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

36

Cc li trn y c th dung metasploit trong backtrack5 khai thc. Phn Demo s trnh by qu trnh khai thc li MS08_067.

Hnh 17: Li MS08_067

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

37

Phn IV.
Phn I. Gii thiu

ENUMERATION

Enumeration (Lit k) l bc tip theo trong qu trnh tm kim thng tin ca t chc, xy ra sau khi scanning v l qu trnh tp hp v phn tch tn ngi dng , tn ma y,ti nguyn chia s v cc dch v . N cng ch ng truy vn hoc kt n i t i mu c tiu co c nh ng thng tin hp l hn. Enumeration (lit k) c th c nh ngha l qu trnh trch xut nhng thng tin c c trong phn scan ra thnh mt h thng c trt t. Nhng thng tin c trch xut bao gm nhng th c lin quan n mc tiu cn tn cng, nh tn ngi dng (user name), tn my tnh (host name), dch v (service), ti nguyn chia s (share).Nhng k thut lit k c iu khin t mi trng bn trong. Enumeration bao gm c cng on kt ni n h thng v trc tip rt trch ra cc thng tin. Mc ch ca k thut lit k l xc nh ti khon ngi dng v ti khon h thng c kh nng s dng vo vic hack mt mc tiu . Khng c n thi t pha i ti m m t ta i khoa n qua n tri vi chng ta c th tng ta i khon ny ln n mc co c quy n nh t cho phe p truy c p va o nhi u ta i khoa n hn a c p tr c y . Cc k thut c s dng trong lit k c th k ra nh: K thut Win2k Enumeration : dng trch xut thng tin ti khon ngi dng (user name). K thut SNMP (Simple Network Management Protocol) lit k thng tin ngi dng. K thut Active Directory Enumeration dng trong lit k h thng Active Directory. S dng Email IDs tm kim thng tin. Tt c nhng k thut ny chng ta s ln lt i vo tho lun trong nhng phn sau.

Phn II.

Enumerating cc dch v mng

II.1. Http fingerprinting Telnet TELNET (vit tt ca TerminaL NETwork) l mt giao thc mng (network protocol) c dng trn cc kt ni vi Internet hoc cc kt ni ti mng my tnh cc b LAN. Ti liu ca IETF, STD 8, (cn c gi l RFC 854 v RFC 855) c ni rng: Mc ch ca giao thc TELNET l cung cp mt phng tin truyn thng chung chung, c tnh lng truyn, dng rng 8 bit, nh hng byte. TELNET l mt giao thc khch-ch (client-server protocol), da

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

38

trn nn TCP, v phn khch (ngi dng) thng kt ni vo cng 23 vi mt my ch, ni cung cp chng trnh ng dng thi hnh cc dch v. S dng telnet tm hiu thng tin t cng dch v ang m, s dng cng c t xa ly thng tin thng qua cng telnet m hu ht cc h iu hnh iu h tr. telnet www.google.com 80

Hnh 18: Telnet www.google.com 80

Netcat L mt tool cho php ghi v c data thng qua giao thc TCP v UDP. Netcat c th s dng nh port scanner, backdoor, port redirecter, port listener, S dng netcat bng dng lnh: Ch kt ni : nc [-ty_chn] tn_my cng1[-cng2] - Ch lng nghe: nc -l -p cng [ty_chn] [tn_my] [cng] V d: Ly banner ca Server: nc n 192.168.1.5, cng 80 Qut cng chy netcat vi ty chn -z. V d scan cc cng TCP(1->500) ca host 192.168.1.5

Open SSL L s n lc hp tc nhm pht trin b m ngun m vi y tnh nng, c trin khai trn giao thc SSL (version 2 v version 3) vgiao thc TSL(version 1) c qun l bi cng ng nhng ngi tnhnguyn trn ton th gii s dng Internet kt ni v pht trin b OpenSSL v cc ti liu c lin quan. Hu ht cc phn mm nh IMAP&POP, Samba,

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

39

OpenLDAP, FTP,Apache v nhng phn mm khc u yu cu cng vic kim tra tnh xcthc ca ngi s dng trc khi cho php s dng cc dch v ny. Nhngmc nh vic truyn ti s xc minh thng tin ngi s dng v mt khu(password) dng vn bn thun ty nn c th c c hoc thay i bimt ngi khc. K thut m ha nh SSL s m bo tnh an ton v nguynvn ca d liu, vi k thut ny thng tin truyn trn mng dng im niim c m ha. Mt khi OpenSSL c ci t trn Linux server chng ta c th s dng n nh mt cng c th ba cho php cc ng dngkhc dng tnh nng SSL OpenSSL l mt b cng c mt m trin khai trn giao thc mng SSLv TLS v cc chun mt m c lin quan. Chng trnh OpenSSL l mt cng c dng lnh s dng cc chcnng mt m ca cc th vin crypto ca OpenSSL t nhn. OpenSSL c cc th vin cung cp cc chc nng mt m cho cc ngdng nh an ton webserver. L phn mm m ngun m , c th s dng c cho c mc ch thng mi v phi thng mi vi tnh nng m ho mnh trn ton th gii, h tr cc giao thc SSLv2 v SSLv3 v TLSv1, cho c php m ho RSA v Diffie-Hellman, DSO. H tr cho OpenSSL v RSArefUS, nng cao kh nng x l cm mt khu i vi kho ring .Chng ch X.509 da vo xc thc cho c pha client v server, H tr danh sch thu hi chng ch X.509, kh nng ti iu chnh i vi mi URL ca cc tham s bt tay SSL. II.2.DNS Enumeration DNS Enumeration l qu trnh nh v tt c cc my ch DNS v tng ng ca h h s cho mt t chc. Mt cng ty c th c c hai ni b v bn ngoi my ch DNS c th mang li thng tin nh tn ngi dng, tn my tnh, v a ch IP ca h thng mc tiu tim nng. Hin c rt nhiu cc cng c c th c s dng c c thng tin cho thc hin DNS lit k. Cc v d v cc cng c c th c s dng lit k DNS nslookup, DIN, Registry M cho s Internet (ARIN), v Whois. k khai DNS, chng ta phi c s hiu bit v DNS v lm th no n hot ng. Chng ta phi c kin thc v cc bn ghi DNS. Danh sch cc bn ghi DNS cung cp mt ci nhn tng quan cc loi bn ghi ti nguyn (c s d liu h s) c lu gi trong cc tp tin khu vc ca tn min System (DNS). DNS thc hin mt c s d liu phn tn, phn cp, v d phng thng tin lin kt vi cc tn min Internet v a ch. Trong nhng min my ch, cc loi h s khc nhau c s dng cho cc mc ch khc nhau. Danh sch sau y m t bn ghi DNS ph bin cc loi v s dng ca h: A (a ch)-Bn mt tn my ch n mt a ch IP SOA (Start of Authority)-Xc nh my ch DNS c trch nhim cho cc tn min thng tin CNAME (tn kinh in)-Cung cp tn hoc b danh cho a ch ghi MX (th trao i) Xc nh cc my ch mail cho tn min SRV (dch v)-Nhn dng cc dch v nh dch v th mc PTR (pointer)-Bn a ch IP lu tr tn NS (tn my ch)-Xc nh my ch tn khc cho tn min DNS Zone Transfer thng c s dng ti to d liu DNS trn mt s my ch DNS, hoc sao lu cc tp tin DNS. Mt ngi s dng hoc my ch s thc hin mt yu cu chuyn giao khu vc c th t mt name server.Nu my ch tn cho

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

40

php di chuyn vng xy ra, tt c cc tn DNS v IP a ch lu tr bi cc my ch tn s c tr li trong vn bn ASCII con ngi c th c c. Nslookup Ta cng c th dng lnh trc tip nh sau: Nslookup type=any google.com.vn Type l loi dch v mng, nh lit k trn: NS(nameserver), MX(mail exchange), any(tt c).

Hnh 19: Nslookup

II.2.1. Netbios name


NetBIOS l mt t vit tt cho mng Basic Input / Output System. N cung cp cc dch v lin quan n lp phin ca m hnh OSI cho php cc ng dng trn cc my tnh ring giao tip qua mt mng cc b. Tht s nh mt API, NetBIOS khng phi l mt giao thc mng. H iu hnh c hn chy NetBIOS trn IEEE 802,2 v IPX / SPX s dng tng ng giao thc Frames NetBIOS (NBF) v NetBIOS trn IPX / SPX (NBX) . Trong cc mng hin i, NetBIOS bnh thng chy trn giao thc TCP / IP thng qua NetBIOS qua giao thc TCP / IP (NBT) .iu ny dn n tng my tnh trong mng c c mt tn NetBIOS v mt a ch IP tng ng vi mt (c th khc nhau) tn my ch. NetBIOS name l c ch t tn cho cc ti nguyn trong 1 h thng theo khng gian phng (khng c khi nim phn cp).

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

41

Phn V.
Gii thiu

SYSTEM HACKING

1.

Trong cc chng trc, chng ta kho st qua qu trnh thu thp thng tin ca mc tiu cn tn cng. Nhng k thut nh Footprinting, Social engineering, Enumeration, Google Hacking c p dng cho mc ch truy tm thng tin. n chng ny, bn bt u i vo qu trnh tn cng h thng tht s. Mc tiu ca bn by gi l r trc mt, bn phi tin hnh nhng k thut khc nhau lm sao vo c trong h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy chng trnh trojan, keylogger

1.1. Qu trnh tn cng h thng


Trc khi tip tc ni v System Hacking chng ta dnh cht thi gian cho vic tm hiu mt qu trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh. Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng on nh sau:

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

42

Hnh 20: Tng quan tn cng h thng

1. Pre-Attack: Bao gm ba bc Footprinting, Scanning, Enumeration trch ra tt c nhng thng tin c th v user trong h thng. S dng phng php thm d c c nhng thng tin hu ch, chnh xc hn. Bn tm hiu v phng php trong phn trc. 2. Crack: Cng on ny c l hp dn nhiu hacker nht. Bc ny yu cu chng ta b kha mt khu ng nhp ca user. Hoc bng mt cch no khc, mc tiu phi t ti l quyn truy cp vo h thng. 3. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy cp t user binh thng ln admin hoc user c quyn cao hn cho chng ta tn cng. 4. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc malware, keylogger, rootkit chy n trn my tnh tn cng. 5. Hide (n file): Nhng file thc thi, file soucecode chy chng trnhcn phi c lm n i, trnh b mc tiu pht hin tiu dit. 6. Tracks (du vt): Tt nhin khng phi l li du vt. Nhng thng tin c lin quan n bn cn phi b xa sch, khng li bt c th g. Nu khng kh nng bn b pht hin l k t nhp l rt cao. Trong chng ny, bn s cng tri qua nhng cng ngh thc hin cc bc trn tn cng h thng. Qua chng ta s a ra nhng gii php chng li tn cng . Phn Enumeration c tho lun trong chng trc, nn s khng cp trong phn ny.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

43

2.

Cracking Passwords

2.1. Mt khu v cc kiu tn cng mt khu


Mt vi kiu password dng truy cp vo h thng. Cc k t dng lm mt khu c th ri vo cc trng hp sau. Ch l ch ci. VD: ABCDJ Ch l s. VD: 457895 Ch l nhng k t c bit. VD: #$^@&* Ch ci v s. VD: asw04d5s Ch l s v k t c bit. VD: #$345%4#4 Ch ci ,s, v k t c bit. VD: P@ssw0rd

mnh ca mt khu ph thuc vo kh nng nhy cm ca hacker. Quy tc sau y, ngh ca Hi ng EC, phi c p dng khi bn to mt mt khu, bo v n chng li cc cuc tn cng. Khng cha tn ti khon ngi dng Ngn nht phi 8 k t Phi cha cc k t t t nht ba trong s cc loi sau o C cha cc k t c bit/ o Cha ch s. o Ch ci vit thng o Ch ci vit hoa.

Mt hacker dng cc cch tn cng khc nhau tm password v tip tc truy cp vo h thng. Cc kiu tn cng password thng dng sau:

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

44

Hnh 21: Cac phng php Crack password

Passive Online: Nghe trm s thay i mt khu trn mng. Cuc tn cng th ng trc tuyn bao gm: sniffing, man-in-the-middle, v replay attacks (tn cng da vo phn hi) Active Online: on trc mt khu ngui qun tr. Cc cuc tn cng trc tuyn bao gm vic on password t ng. Offline: Cc kiu tn cng nh Dictionary, hybrid, v brute-force. Non-Electronic: Cc cuc tn cng da vo yu t con ngi nh Social engineering, Phising

2.2. Passive Online Attacks


Mt cuc tn cng th ng trc tuyn l nh hi (sniffing) tm cc du vt, cc mt khu trn mt mng. Mt khu l b bt (capture) trong qu trnh xc thc v sau c th c so snh vi mt t in (dictionary) hoc l danh sch t (word list). Ti khon ngi dng c mt khu thng c bm (hashed) hoc m ha (encrypted) trc khi gi ln mng ngn chn truy cp tri php v s dng. Nu mt khu c bo v bng cch trn,mt s cng c c bit gip hacker c th ph v cc thut ton m ha mt khu

2.3. Active Online Attacks


Cch d nht t c cp truy cp ca mt qun tr vin h thng l phi on t n gin thng qua gi nh l cc qun tr vin s dng mt mt khu n gin. Mt khu on l tn cng. Active Online Attack da trn cc yu t con ngi tham gia vo vic to ra mt khu v cch tn cng ny ch hu dng vi nhng mt khu yu.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

45

Khi chng ta tho lun v cc giai on Enumeration, bn hc c nhng l hng ca NetBIOS Enumeration v Null Session. Gi s rng NetBIOS TCP m port 139, phng php hiu qu nht t nhp vo Win NT hoc h thng Windows 2000 l on mt khu. Ci ny c thc hin bng cch c gng kt ni n h thng ging nh mt qun tr vin thc hin. Ti khon v mt khu c kt hp ng nhp vo h thng. Mt hacker, u tin c th th kt ni vi ti nguyn chia s mc nh l Admin$, C$ hoc C:\Windows. kt ni ti cc a my tnh, a chia s, g lnh sau y trong Start > Run: \\ ip_address \ c$ Cc chng trnh t ng c th nhanh chng to ra file t in, danh sch t, hoc kt hp tt c c th c ca cc ch ci, s v k t c bit v c gng ng nhp vo. Hu ht cc h thng ngn chn kiu tn cng ny bng cch thit lp mt s lng ti a ca cc n lc ng nhp vo mt h thng trc khi ti khon b kha. (v d khi bn ng nhp vo mt trang web m bn nhp sai password 5 ln th ti khon bn t ng b kha li 1 ngy) Trong cc phn sau, chng ta s tho lun lm th no hacker c th thc hin vic t ng on mt khu cht ch hn, cng nh cc bin php i ph vi cc cuc tn cng nh vy. Performing Automated Password Guessing: (T ng on Mt Khu) tng tc on ca mt khu, hacker thng dng cng c t ng. Mt cch c qu trnh, d dng t ng on mt khu l s dng ca s lnh da trn c php chun ca lnh NET USE. to ra mt kch bn n gin cho vic on mt khu t ng, thc hin cc bc sau y: To ra mt tn ngi dng n gin v tp tin mt khu bng cch s dng cc ca s notepad. Dng cc dng lnh to ra danh sch cc t in. V sau lu vo cc tp tin vo a C, vi tn l credentials.txt 2. S dng lnh FOR C:\> FOR /F token=1, 2* %i in (credentials.txt)

1.

3.

G lnh

net use \\targetIP\IPC$ %i /u: %j s dng file credentials.txt c gng logon vo h thng chia s n trn h thng mc tiu

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

46

2.4. Offline Attacks


Cuc tn cng Offline c thc hin ti mt v tr khc hn l hnh ng ti my tnh c cha mt khu hoc ni mt khu c s dng. Cuc tn cng Offline yu cu phn cng truy cp vt l vo my tnh v sao chp cc tp tin mt khu t h thng ln phng tin di ng. Hacker sau c file v tip tc khai thc l hng bo mt. Bng sau minh ha vi loi hnh tn cng offline:

Type of Attack Dictionary attack

Characteristics N lc s dng mt khu t t in Thay th mt vi k t ca mt khu

Example Password Administrator

Hybrid attack

Adm1n1strator

Brute-force-attack

Thay i ton b k t ca mt khu


Hnh 22: Cc kiu tn cng Offline

Ms!tr245@F5a

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

47

2.4.1. Dictionary Attack L cch tn cng n gin v nhanh nht trong cc loi hnh tn cng. N c s dng xc nh mt mt khu t thc t, v mt khu c th c tm thy trong t in. Thng thng nht, cuc tn cng s dng mt tp tin t in cc t c th, sau s dng mt thut ton c s dng bi qu trnh xc thc. Cc hm bm (hash) ca cc t trong t in c so snh vi hm bm ca mt khu ngi dng ng nhp vo, hoc vi cc mt khu c lu tr trong mt tp tin trn my ch. Dictionary Attack ch lm vic nu mt khu l mt thc th c trong t in. Nhng kiu tn cng ny c mt s hn ch l n khng th c s dng vi cc mt khu mnh c cha s hoc k hiu khc . 2.4.2. Hybrid Attack L cp tip theo ca hacker, mt n lc nu mt khu khng th c tm thy bng cch s dng Dictionary Attack. Cc cuc tn cng Hybrid bt u vi mt tp tin t in v thay th cc con s v cc k hiu cho cc k t trong mt khu. V d, nhiu ngi s dng thm s 1 vo cui mt khu ca h p ng yu cu mt khu mnh. Hybrid c thit k tm nhng loi bt thng trong mt khu. 2.4.3. Brute Force Attack L mt cuc tn cng bng thut ton brute-force, m mi c gng kt hp c th c ca ch hoa v ch thng, ch ci, s, v biu tng. Mt cuc tn cng bng thut ton brute-force l chm nht trong ba loi tn cng v c th kt hp nhiu k t trong mt khu. Tuy nhin, cch ny c hiu qu, cn c thi gian v sc mnh x l tt c. 2.4.4. Noneelectronic Attacks Cc cuc tn cng nonelectronicor l cuc tn cng m khng s dng bt k kin thc k thut no. Loi tn cng c th bao gm cc k thut nh social engineering, shoulder surfing, keyboard sniffing, dumpster diving.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

48

2.5. K Thut Crack Password


C rt nhiu hacker n lc trong vic b kha password. Passwords l chic cha kha, thng tin cn thit truy cp h thng. User, khi m h to ra password thng l nhng password kh on. Nhiu password c ti s dng hoc chn mt k t, hoc l mt tn no gip h d nh n. Bi v yu t con ngi nn c rt nhiu password c b gy thnh cng. N l im mu cht ca qu trnh leo thang, thc thi ng dng, n file, v che du thng tin. Password c th c b th cng hoc tm trong t in. 2.5.1. Crack password th cng lin quan n vic c gng ng nhp vi mt password khc. Cc bc m hacker tin hnh: 1. 2. 3. 4. 5. Tm ti khon ngi dng (c th l ti khon administractor hoc khch) To ra mt danh sch cc mt khu c th Xp hng cc mt khu c xc xut t cao xung thp Mc quan trng ca mt khu. C gng lm i lm li cho n khi no b password thnh cng

Hnh 23: Cc bc cack password th cng

Mt hacker c gng to ra tp tin kch bn vi mi password trong danh sch. Nhng y ch l cch th cng, n thng tn nhiu thi gian v khng hiu qu. tng hiu qu, hacker c th s dng nhng cng c h tr cho vic truy tm mt khu mt cch t ng. Mt cch hiu qu hn ph mt khu l truy cp vo cc tp tin mt khu trn h thng. Hu ht cc mt khu c m ha lu tr trong h thng. Trong lc ng nhp vo h thng, password do ngi dng nhp vo thng c m ha bng cc thut ton v sau so snh vi password c lu trong file. Mt hacker c th c gng truy cp vo server ly file, bng cc thut ton thay v c gng on hoc nu khng xc nh c password. Nu hacker thnh cng, h c th gii m password lu tr trn server. Mt khu c lu trong file SAM trn Windows v trong file Shadow trn Linux

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

49

2.6. Mt s tool trong Backtrack 5


Trong backtrack 5 h tr rt nhiu tool crack password, mi cng c u c mt u im ring ca n. Di y ti s gii thiu mt s cng c dng crack password. 2.6.1. John The RIPPER Bc 1: Vo terminal g : cd /pentest/passwords/john

Hnh 24: John the Riper

C php v cc options ca John , c rt nhiu options thc hin vic crackpass bng John, vic chn cc options thch hp s lm cho qu trnh crack nhanh v hiu qu hn. nh dng password cha trong file crackme.txt:
Admin: c422eba026e71063e891d9e6918d57f2

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

50

Hnh 25: Cc options ca John

V d crack file crackme.txt John --format=raw-md5 --incremental=alpha /root/Desktop/crackme.txt

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

51

Hnh 26: crack MD5 daicavi

Crack vi Dictionary attack wordlist.txt kt qu thng thc hin rt nhanh, nu nh password c trong t in, nu khng c th ta phi thc hin vt cn pass hoc b sung t in. John wordlist=passwordlist.lst /root/Desktop/dic.txt

Hnh 27: Pass user :123456

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

52

Hnh 28: Crackfile

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

53

2.6.2. Findmyhash

Findmyhash l cng c hack password online

Hnh 29: Findmyhash

C php: python ./findmyhash.py <algorithm> OPTIONS Cc options ca findmyhash l: -h <value-hash> Crack mt gi tr hash -f <file-hash> Crack file name -g nu khng tm thy gi tr th tm kim trn google v show ra kt qu, ch lm vic vi option -h. V d: c mt on c3e63f9ce2f6947593285edf66c80fe7 Python ./findmyhash.py MD5 h c3e63f9ce2f6947593285edf66c80fe7 C file mycrack.txt lu tr cc on m MD5 cn crack

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

54

Python ./findmyhash,py MD5 f mycrack.txt 2.6.3. Hydra Hydra l mt cng c b kha ng nhp mng rt nhanh, h tr nhiu giao thc v dch v khc nhau. Hydra l trnh b kha ng nhp xong xong, ngha l n chy nhiu tc v cung mt lc qu trnh b kha c nhanh hn. Cng c ny cho php cc nh nghin cu v chuyn gia bo mt c th trnh by mc d dng chim quyn truy cp khng xc thc t xa ti h thng no . C php chung ca Hydra l: Hydra [[-l LOGIN|-L FILE] [-p PASSWORD|-P FILE]]|[C FILE]] [-t task] [-w wait] [server server | IP] [service://server[:port]] hydra f L login.txt P password.txt 192.168.10.1 http-get http://192.168.10.1 Trong : -f: finish:tm c cp username v password hp l u tin s kt thc -L: file username (-l username) -P: file password (-p password) 192.168.1.1: a ch ip cn b kha mt khu ng nhp http-get: dch v http cng 80 (http c thay th bng http-get v http-head) http://192.168.1.1 l trang web cn cho qu trnh crack.

3.

Escalating Privileges

Leo thang c quyn l bc th ba trong chu trnh Hacking System, leo thang c quyn v c bn c ngha l thm nhiu quyn hn hoc cho php mt ti khon ngi dng thm quyn, leo thang c quyn lm cho mt ti khon ngi dng c quyn nh l ti khon qun tr. Ni chung, cc ti khon qun tr vin c yu cu mt khu nghim ngt hn, v mt khu ca h c bo v cht ch hn. Nu khng th tm thy mt tn ngi dng v mt khu ca mt ti khon vi quyn qun tr vin, mt hacker c th chn s dng mt ti khon vi quyn thp hn. Ti trng hp ny, cc hacker sau phi leo thang c quyn c nhiu quyn nh quyn ca qun tr. Ci ny c thc hin bng cch nm ly quyn truy cp bng cch s dng mt ti khon ngi dng khng phi l qun tr vin. Thng bng cch thu thp cc tn ngi dng v mt khu thng qua mt bc trung gian gia tng cc c quyn trn ti khon vi mc qun tr vin. Mt khi hacker c mt ti khon ngi dng hp l v mt khu, cc bc tip theo l thc thi cc ng dng ni chung hacker cn phi c mt ti khon c quyn truy cp cp qun tr vin ci t chng trnh. l l do ti sao leo thang c quyn l rt quan trng. Trong cc phn k tip , chng ti s xem nhng g hacker c th lm vi h thng ca bn mt khi h c quyn qun tr.

4. Executing Applications

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

55

Mt khi hacker c th truy cp ti khon vi quyn qun tr, iu tip theo cn lm l thc thi cc ng dng trn h thng ch. Mc ch ca vic thc thi ng dng c th ci t mt ca sau trn h thng, ci t mt keylogger thu thp thng tin b mt, sao chp cc tp tin, hoc ch gy thit hi c bn cho h thng, bt c iu g hacker mun lm trn h thng. Mt khi hacker c th thc thi cc ng dng, h thng ph thuc vo s kim sot ca hacker.

5. Hiding Files
Mt hacker c th mun che du cc tp tin trn mt h thng, ngn chn b pht hin, sau c th c dng khi ng mt cuc tn cng khc trn h thng. C hai cch n cc tp tin trong Windows. u tin l s dng lnh attrib. n mt tp tin vi lnh attrib, g nh sau ti du nhc lnh: attrib +h + R [file/directory] m mt tp tin n vi lnh attrib, g nh sau ti du nhc lnh: attrib -h - R [file/directory]

Cch th hai n mt tp tin trong Windows l vi lung d liu xen k NTFS (alternate data streaming - ADS).

5.1. NTFS File Streaming


NTFS s dng bi Windows NT, 2000, v XP c mt tnh nng gi l ADS cho php d liu c lu tr trong cc tp tin lin kt n mt cch bnh thng, c th nhn thy c tp tin. Streams khng gii hn v kch thc, hn na mt stream c th lin kt n mt file bnh thng. to v kim tra NTFS file stream, ta thc hin cc bc sau: 1. Ti dng lnh, nhp vo notepad test.txt 2. t mt s d liu trong tp tin, lu tp tin, v ng notepad 3. Ti dng lnh, nhp dir test.txt v lu kch thc tp tin 4. Ti dng lnh, nhp vo notepad test.txt:hidden.txt thay i mt s ni dung vo Notepad, lu cc tp tin, v ng n li. 5. Kim tra kch thc tp tin li (ging nh bc 3). 6. M li test.txt. bn ch nhn thy nhng d liu ban u.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

56

7. Nhp type test.txt:hidden.txt ti dng lnh mt thng bo li c hin th. The filename, directory name, or volume label syntax is incorrect.

6. Cover Your Tracks & Erase Evidence


Cover Your Tracks & Erase Evidence: Che du thng tin v xa b du vt Mt khi k xm nhp thnh cng, t c quyn truy cp qun tr vin trn mt h thng, c gng che du vt ca chng ngn chn b pht hin. Mt hacker cng c th c gng loi b cc bng chng hoc cc hot ng ca h trn h thng, ngn nga truy tm danh tnh hoc v tr ca c quan hacker. Xa bt k thng bo li hoc cc s kin an ninh c lu li, trnh pht hin. Trong cc phn sau y, chng ti s xem xt vic v hiu ha kim ton (auditing) v xa b cc bn ghi s kin (event log), l hai phng php c s dng bi hacker bao bc du vt v trnh b pht hin. Auditing l tnh nng ghi li Event Log. Windows Event Viewer l chng trnh dng qun l Auditing trn windows.

6.1. V hiu ha Auditing


Nhng vic lm u tin ca k xm nhp sau khi ginh c quyn qun tr l v hiu ha auditing. Auditing trong Windows ghi li tt c cc s kin nht nh Windows Event Viewer. S kin c th bao gm ng nhp vo h thng, mt ng dng, hoc mt s kin. Mt qun tr vin c th chn mc ghi nht k trn h thng. Hacker cn xc nh mc ghi nht k xem liu h cn lm g xa nhng du vt trn h thng. Hacking tools auditPol l mt cng c c trong b Win NT dnh cho cc qun tr ti nguyn h thng. Cng c ny c th v hiu ha hoc kch hot tnh nng kim ton t ca s dng lnh. N cng c th c s dng xc nh mc ghi nht k c thc hin bi mt qun tr vin h thng.

6.2. Xa Nht K X Kin


Nhng k xm nhp c th d dng xa b cc bn ghi bo mt trong Windows Event Viewer. Mt bn ghi s kin c cha mt hoc mt vi s kin l ng ng bi v n thng cho thy rng cc s kin khc b xa. Vn cn cn thit xa cc bn ghi s kin sau khi tt Auditing, bi v s dng cng c AuditPol th vn cn s kin ghi nhn vic tt tnh nng Auditing.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

57

Hacking Tools Mt s cng d xa cc bn ghi s kin, hoc mt hacker c th thc hin bng tay trong Windows Event Viewer. Tin ch elsave.exe l mt cng c n gin xa cc bn ghi s kin. Winzapper l mt cng c m mt k tn cng c th s dng xa cc bn ghi s kin, chn lc t cc ca s ng nhp bo mt trong nm 2000. Winzapper cng m bo rng khng c s kin bo mt s c lu li trong khi chng trnh ang chy. Evidence Eliminator l mt trnh xa d liu trn my tnh Windows. N ngn nga khng cho d liu tr thnh file n vnh vin trn h thng. N lm sch thng rc, b nh cache internet, h thng tp tin, th mc temp Evidence Eliminator cng c th c hacker s dng loi b cc bng chng t mt h thng sau khi tn cng.

Tng Kt
Hiu c tm quan trng ca bo mt mt khu. Thc hin thay i mt khu trong khong thi gian no , mt khu nh th no l mnh, v cc bin php bo mt khc l rt quan trng i vi an ninh mng. Bit cc loi tn cng mt khu khc nhau. Passive online bao gm sniffing, man-in-themiddle, v replay. Active online bao gm on mt khu t ng. Offline attacks bao gm dictionary, hybrid, v brute force. Nonelectronic bao gm surfing, keyboard sniffing, v social engineering. Bit lm th no c bng chng v activite hacking l loi b bi nhng k tn cn g. Xo bn ghi s kin v v hiu ho phng php kim tra ca nhng k tn cng s dng che du vt ca chng. Nhn ra rng cc tp tin n l phng tin c s dng ly ra nhng thng tin nhy cm. Steganography, NTFS File, v cc lnh attrib l nhng cch tin tc c th n v n cp cc tp tin.

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

58

MC LC Phn I. GII THIU V BO MT............................................................................................................... 2


1. Gii thiu ............................................................................................................................................................................................. 2

1.1. 1.2. 1.3.


2.

Bo mt l g? ........................................................................................................................... 2 Nhng loi ti nguyn cn c bo mt? ................................................................................ 2 nh ngha k tn cng?............................................................................................................ 2

Vn v l hng bo mt ........................................................................................................................................................... 3

2.1. 2.2.
3.

nh ngha:................................................................................................................................ 3 Phn loi: .................................................................................................................................. 3

Cc loi tn cng ca hacker ....................................................................................................................................................... 4

3.1. 3.2. 3.3.


4.

Tn cng trc tip ..................................................................................................................... 4 K thut nh la : Social Engineering .................................................................................... 4 Tn cng vo cc l hng bo mt ............................................................................................ 6

Cc bin php pht hin h thng b tn cng ..................................................................................................................... 9

4.1. Cc quy tc bo mt ...................................................................................................................................................................... 10

Phn II.
1. 2. 3. 4.

FOOTPRINTING........................................................................................................................ 12

Gii thiu ........................................................................................................................................................................................... 12 Cc kiu Footprinting ................................................................................................................................................................... 13 Phng php Footprinting ........................................................................................................................................................ 14 Tng kt ............................................................................................................................................................................................. 24

Phn III.
1. 2.

SCANNING ............................................................................................................................... 25

Gii thiu ........................................................................................................................................................................................... 25 Chng nng ....................................................................................................................................................................................... 26

Phn IV.
1. 2.

ENUMERATION ....................................................................................................................... 38

Gii thiu ........................................................................................................................................................................................... 38 Enumerating cc dch v mng ................................................................................................................................................ 38

Phn V.SYSTEM HACKING .......................................................................................................................... 42

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

59

Qu trnh tn cng h thng .................................................................................................................................................................. 42

2.

Cracking Passwords ............................................................................................................................ 44


2.1. Mt khu v cc kiu tn cng mt khu................................................................................................................................ 44 2.2. Passive Online Attacks .................................................................................................................................................................. 45 2.3. Active Online Attacks..................................................................................................................................................................... 45 2.4. Offline Attacks .................................................................................................................................................................................. 47 2.5. K Thut Crack Password ........................................................................................................................................................... 49 2.6. Mt s tool trong Backtrack 5 .................................................................................................................................................... 50

Tng Kt ..................................................................................................................................................... 58

Trung Tm o To Qun Tr Mng & An Ninh Mng Quc T ATHENA www.Athena.Edu.Vn

60