Beruflich Dokumente
Kultur Dokumente
er. Tip theo chng ta s cng tm hiu v Enumeration thuc Module 4 ca phin bn CEH v7. Trong s ny chng ta s tham kho thm cc th thut my tnh nhm nng cao s an ton v bo mt thng tin c nhn hay cc th thut my tnh cn quan tm khc. Lu : Ch Enumeration chng ti c s dng mt ti liu su tm ca bn V Thanh Vn thuc nhm IT Cowboy, do thy bi vit ca cc bn kh y v rt hay, km theo l mt s bi ging ca trng ban bin tp Tp Ch Security365 l ng Nguyn Trn Tng Vinh v cc video demo cng c CEH thuc ch Enumeration c cover li bi anh Trn Ngc Bng Web Master Security365.VN download cc s cng b ca Tp Ch Security365 cc bn hy truy cp link sau :
Hoc download trc tip t mediafire theo link sau : S 1 - http://www.mediafire.com/file/urjrq4bahu5xhoy/Tap_Chi_Security365_So_1.pdf S 2 - http://www.mediafire.com/file/b53vg3nnf5nnnpr/Tap_Chi_Security365_So_2.pdf S 3 - http://www.mediafire.com/file/0sk47esjomuqqrh/Tap_Chi_Security365_So_3.pdf S 4 - http://www.mediafire.com/file/cfce7micptsghc5/Tap_Chi_Security365_So_4.pdf S 5 - http://www.mediafire.com/file/cm1922ij21v151w/Tap_Chi_Security365_So_5.pdf
S 6 - http://www.mediafire.com/file/ppomkv279d2cs62/Tap_Chi_Security365_So_6.pdf Cc cng c thc hnh ca Module Enumeration : http://www.mediafire.com/?e86bxj3pudwxv Cc bi vit + hng dn thuc Tp Ch Security365 S 7 ! Bo Mt Gmail 2 Lp, Hack Password Cc H iu Hnh Windows, Th Thut Xem Video Security365 Local, S Dng PageSpeed, Demo Tamper Data, Tng Quan V GFI NSS, Ceh v7 ENUMERATION. Cc ti liu tham kho Kho sch nghin cu http://www.security365.vn/index.php?option=com_content&view=category&id=3&Itemi d=103 Kho tool thc hnh http://www.security365.vn/index.php?option=com_content&view=category&id=1&Itemi d=108
Bo Mt Gmail , Bt Kh Xm Phm !
Bi gi cho PCWORLD VN Bt k ai cng c s dng email, qua ri thi m khi c hi email ca bn l g c ngi cn tr li l ti qun nh V, trong s cc email m chng ta s dng c 1 email chnh, tm gi l primary mail dng khai bo cc thng tin ti khon quan trng nh ti khon ngn hng, ti khon webhosting hay email dng phc hi password cho nhng ti khon email khc V vy, a ch email chnh ny nn s dng v thit lp sao cho an ton ti a, c th gi l khng th ph v c c ch bo mt ca n. thc hin iu ny hin nay Gmail cung cp cho chng ta mt c ch bo mt 2 lp kh hu ch l ngoi mt khu ng nhp cc bn cn phi nhp vo mt m s xc nhn c gi qua in thoi di ng, v ph v c c ch bo mt ny mt hacker kh ni ting trong gii blackhat phi tht ln l kh nh ln tri, vy vic cu hnh n c kh nh vy khng ? Tht may mn l ng dng n li rt d dng. Cc bn hy xem hnh minh ha khi ti ng nhp vo hp th ca mnh sau khi nhp vo password s xut hin 1 mn hnh nhp m xc nhn, m s ny s c gi ngay tc th sau khi chng ta vt qua lp bo mt u tin
Hy nhp m v chn xc minh cc bn s c chuyn n hp th hay ti khon google ca mnh, vy lm sao c th cu hnh bo mt 2 lp cho gmail hay cc ti khon google khc? Trc tin hy ng k mt ti khon gmail min ph dng lm email chnh, sau cc bn hy tham kho hng dn chi tit ti y . http://www.youtube.com/watch?v=ysjvir7seC0 Trong trng hp khng mun s dng c ch bo mt 2 lp cc bn ch cn chn Turn off 2-step verification
Bc 1 - u tin, cc bn hy download cng c Active Change Password ti y : http://www.mediafire.com/?egcwhbf44howbs7 Bc 2 - Burn ng dng ra a CD Reset Password, c th s dng chng trnh ghi a min ph nh gn Active ISO Burn ti y : http://www.hoctructuyen.org/taichuongtrinh/iso-burner.zip Bc 3 Khi ng my tnh t CD Reset Password
Bc 5 Khi ng li my tnh v ng nhp ti khon c reset password trng. Qu trnh ng nhp hon tt.
Chc cc bn thnh cng! Lu : Phng php ny c th b cc attacker tn dng t nhp tri php vo my tnh ca cc bn, do nn t password CMOS hn ch vic khi ng my tnh t CD ROM hay USB. Video hng dn chi tit ti : http://www.youtube.com/watch?v=jI4TFFxoWQE Nguyn Tng Minh http://www.hoctructuyen.org
CHNG 6: Enumeration
T/G V Thanh Vn
Enumeration (Lit k) l bc tip theo trong qu trnh tm kim thng tin ca t chc, xy ra sau khi scanning v l qu trnh tp hp v phn tch tn ngi dng, tn my,ti nguyn chia s v cc dch v. N cng ch ng truy vn hoc kt ni ti mc tiu c c nhng thng tin hp l hn.
Enumeration L G?
Enumeration (lit k) c th c nh ngha l qu trinh trch xut nhng thng tin c c trong phn scan ra thnh mt h thng c trt t. Nhng thng tin c trch xut bao gm nhng th c lin quan n mc tiu cn tn cng, nh tn ngi dng (user name), tn my tnh (host name), dch v (service), ti nguyn chia s (share). Nhng k thut lit k c iu khin t mi trng bn trong. Enumeration bao gm c cng on kt ni n h thng v trc tip rt trch ra cc thng tin. Mc ch ca k thut lit k l xc nh ti khon ngi dng v ti khon h thng c kh nng s dng vo vic hack mt mc tiu. Khng cn thit phi tm mt ti khon qun tr v chng ta c th tng ti khon ny ln n mc c c quyn nht cho php truy cp vo nhiu ti khon hn cp trc y. Cc k thut c s dng trong lit k c th k ra nh: K thut Win2k Enumeration : dng trch xut thng tin ti khon ngi dng (user name). K thut SNMP (Simple Network Management Protocol) lit k thng tin ngi dng. K thut Active Directory Enumeration dng trong lit k h thng Active Directory. S dng Email IDs tm kim thng tin. Tt c nhng k thut ny chng ta s ln lt i vo tho lun trong nhng phn sau.
Null Session
Null Session l g?
Khi ng nhp vo h iu hnh, qu trnh chng thc xy ra, n yu cu ngi dung cung cp username v password tin hnh chng thc. Sau qu trnh chng thc, mt danh sch truy cp ACL c ti v xc nh quyn hn ca user ng nhp. N mt cch khc, qu trnh to cho user mt phin lm vic r rng. Tuy nhin, c nhng dch trong h iu hnh c kch hot t chy, vi mt user n danh no , chng hn nh SYSTEM USER. Loi user ny khng cn c password, v n c dng khi chy cc dch v. N khng c dng ng nhp, nhng c dng s dng mt s dch v. Khi bn dng loi user ny ng nhp, bn b ri vo trng thi Null Session.
Null Session, hay c gi l IPC$ trn my ch nn tng Windows, l mt dng kt ni nc danh ti mt mng chia s cho php ngi dng trong mng truy cp t do. Tn cng Null Session xut hin k t khi Windows 2000 c s dng rng ri. Tuy nhin, hnh thc tn cng ny khng c cc qun tr vin h thng ch khi p dng cc bin php bo mt mng. iu ny c th dn n kt cc khn lng v tin tc c th s dng hnh thc tn cng ny ly mi thng tin hu dng cn thit ginh quyn truy cp t xa vo h thng. Mc d khng cn mi m, nhng tn cng Null Session vn ph bin v nguy him nh nhng nm trc y. Xt v mt kha cnh no , mc d kh nng bo mt ca cc h thng hin i khng phi qu yu nhng khi thc hin cc cuc th nghim xm nhp trn my tnh Windows th kt qu cho thy Null Session vn l mt trong nhng hnh thc cn lu .
Hnh : Kt ni tht bi vo mt mng chia s s dng lnh NET. Khi s dng lnh NET, chng ta c th thay i tn chia s kt ni ti chia s qun tr IPC$. Khi kt qu s kh quan hn.
Hnh : Kt ni Null Session thnh cng vi lnh NET. Lc ny, chng ta thit lp mt kt ni Null Session ti my tnh nn nhn. Tuy nhin, chng ta vn cha c quyn truy cp qun tr trn my tnh ny do cha th bt u duyt tm cng hay ly mt khu. Cn nh rng, chia s IPC c s dng giao tip gia cc tin trnh, do quyn truy cp ca chng ta s b gii hn xung quyn truy cp ca tn ngi dng SYSTEM. Chng ta c th s dng lnh NET ly nhiu thng tin hn t my tnh mc tiu, tuy nhin c nhiu cng c t ng ha s thc hin cc cng vic rc ri ny.
Hacking Tool
Null Session c th d dng tn cng vi cng c c sn trong windows nh Net, Netview. Tuy nhin, nh trnh by trn, chng ta cn mt qu trnh phc tp hn lm c nhiu vic, nh lit k th mc, userCng c Nbtstat v Enum s gip chng ta thc hin hng lot cc cng vic phc tp, cui cng chng ta xp nhp c vo h thng. Dumpsec v Superscan l hai cng c ha h tr thc hin cc cng vic ny.
cao hn, tuy nhin Windows XP v Windows Server 2003 vn l nhng h iu hnh c a chung nht. C mt s phng php khc m chng ta c th thc hin chn Null Session.
Session, mt trong nhng bin php hu hiu nht l pht hin ra tn cng Null Session mt cch sm nht c th trin khai nhng bin php khc phc kp thi nh khi thc hin mt s kin bo mt mng thng thng. Nu ang s dng Snort, mt IDS/IPS (H thng pht hin v chn xm nhp mng) ph bin nht hin nay trong mi trng sn xut, th rule sau y s pht hin thng k Null Session: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:NETBIOS NT NULL session; flow:to_server.establshed; content: |00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 00 31|; classtype:attempted-recon;) Rule ny s khng ngn chn cc kt ni Null Session, tuy nhin n s thng bo khi Null Session xy ra. Nng cp h iu hnh Gii php cui cng nh cp trn l nng cp h iu hnh. Null Session ch d dng thc hin vi h iu hnh i c trc nm 2000. Cn sau nh Windows XP, Windows 2003 th vic ny c Microsoft tch hp trong sn phm. Do , nng cp h iu hnh lm chng ta yn tm hn.
Network element l cc thit b, my tnh, hoc phn mm tng thch SNMP v c qun l bi network management station. Nh vy element bao gm device, host v application.
Hnh : M hnh minh ha cc thnh phn ca SNMP Mt management station c th qun l nhiu element, mt element cng c th c qun l bi nhiu management sation. Vy nu mt element c qun l bi 2 station th iu g s xy ra ? Nu station ly thng tin t element th c 2 station s c thng tin ging nhau. Nu 2 station tc ng n cng mt element th element s p ng c 2 tc ng theo th t ci no n trc. Ngoi ra cn c khi nim SNMP agent. SNMP agent l mt tin trnh (process) chy trn network element, c nhim v cung cp thng tin ca element cho station, nh station c th qun l c element. Chnh xc hn l application chy trn station v agent chy trn element mi l 2 tin trnh SNMP trc tip lin h vi nhau. Cc v d minh ha sau y s lm r hn cc khi nim ny: dng mt my ch (station) qun l cc my con (element) chy HH Windows thng qua SNMP th bn phi : ci t mt phn mm qun l SNMP (application) trn my ch, bt SNMP service (agent) trn my con. dng mt my ch (station) gim st lu lng ca mt router (element) th bn phi : ci phn mm qun l SNMP (application) trn my ch, bt tnh nng SNMP (agent) trn router. Object ID Mt thit b h tr SNMP c th cung cp nhiu thng tin khc nhau, mi thng tin gi l mt object. (V d: My tnh c th cung cp cc thng tin : tng s cng, tng s port ni mng, tng s byte truyn/nhn, tn my tnh, tn cc process ang chy, .) Mi object c mt tn gi v mt m s nhn dng object , m s gi l Object ID (OID) (V d: Tn thit b c gi l sysName, OID l 1.3.6.1.2.1.1.5) Object access Mi object c quyn truy cp l READ_ONLY hoc READ_WRITE. Mi object u c th c c nhng ch nhng object c quyn READ_WRITE mi c th thay i c gi tr. VD : Tn ca mt thit b (sysName) l READ_WRITE, ta c th thay i tn ca thit b thng qua giao thc SNMP. Tng s port ca thit b (ifNumber) l READ_ONLY, d nhin ta khng th thay i s port ca n. Management Information Base MIB (c s thng tin qun l) l mt cu trc d liu gm cc i tng c qun l (managed object), c dng cho vic qun l cc thit b chy trn nn TCP/IP. MIB l
kin trc chung m cc giao thc qun l trn TCP/IP nn tun theo, trong c SNMP. MIB c th hin thnh 1 file (MIB file), v c th biu din thnh 1 cy (MIB tree). MIB c th c chun ha hoc t to. Mt manager c th qun l c mt device ch khi ng dng SNMP manager v ng dng SNMP agent ng h tr mt MIB. Cc ng dng ny cng c th h tr cng lc nhiu MIB. Cc phng thc ca SNMP Giao thc SNMP c 5 phng thc hot ng, tng ng vi 5 loi bn tin nh sau:
SNMP Enumeration ?
K thut SNMP Enumeration l qu trnh s dng SNMP lit k cc ti khon ngi dng trn mt h thng mc tiu. Hu ht tt c cc thit b h tng mng, nh router,switch v bao gm c h thng Windows, cha ng mt SNMP agent qun l h thng hoc thit b. Cc trm qun l SNMP gi yu cu ti cc agent v agent tr li li.Cc yu cu v cc s tr li c gi n cc bin truy cp cu hnh bi phn mm agent. Cc trm qun l c th lun gi cc yu cu thit lp gi tr cho cc bin nht nh. Cc trm qun l nhn gi Trap t agent bit mt vi iu quan trng va xy ra trn phn mm agent nh c s khi ng li hay mt li giao din. SNMP c hai password s dng truy cp v cu hnh SNMP agent t trm qun l. Ci u tin c gi l read community string, password ny cho php bn xem cu hnh ca thit b hoc h thng. Ci th hai c gi l read/write community string, n c dng thay i hay chnh sc cu hnh trn thit b. Ni chung, mc nh read community string l public, cn read/write community string l private. Mt l hng bo mt ph bin xy ra khi cc community string khng thay i so vi cc thit lp mc nh. Mt hacker c th s dng nhng password mc nh xem hoc thay i cu hnh trn thit b. Nu bn c bt k cu hi v vic lm cch no xc nh password mc nh ca cc thit b ,truy cp vo www.defaultpassword.com. Hacking tool SNMPUtil v Network Browser l cc cng c lit k SNMP. SNMPUtil tp trung thng tin v ti khon ngi dng qua SNMP trong cc h thng Windows. Mt vi thng tin nh cc bng v cc cng vic hng ngy,cc bng ARP,a ch IP,a ch MAC, cc cng m TCP v UDP, ti khon ngi dng v cc phn chia s c th b c t mt h thng Windows ni SNMP cho php s dng cng c SNMPUtil. IPNetworkBrowser t cc cng c SolarWinds cng s dng SNMP thu thp thm thng tin v mt thit b c mt SNMP agent.
cng khc. V d nh bn mun d tm mt khu ca user th hy nh mt quy tc, user thng t mt khu l nhng g c lin quan n mnh nh ngy sinh, s in thoi, s nh, s xe Hacking Tool Sid2user v User2sid l hai cng c dng dng lnh gip bn lit k cc thng tin c lin n user. GetAcct l chng trnh dng ha, cho php bn tm kim thng tin user trn h iu hnh Win NT v 2000 LDAP Enumeration LDAP (Lightweight Directory Access Protocol) l giao thc truy cp danh sch th mc ca AD hoc nhng dch v directory khc. Th mc c cu trc, cp , nh dng c th. Di y l vi cng c dng lit k da vo giao thc LDAP. Hacking Tool Jxplorer: Ngoi chc nng lit k th mc, cng c ny cn h tr chng thc qua SSL, thm ch l vic thm, xa, sa thng tin th mc. Softerra LDAPP Browser, LDAPMiner l hai cng c khc c chc nng tng t. NTP Enumeration NTP (Network Time Protocol) l giao thc c thit k ng b ha thi gian gia cc server. Giao thc hot ng port 123, UDP truyn ti d liu. lit k thng tin c lin quan n NTP Server, bn c th dng cc lnh nh ntpdata, ntptracer, ntpdc, ntpq SMTP Enumeration SMTP (Simple Mail Transport Protocol) l giao thc hot ng port 25TCP gi mail ln POP3 hoc IMAP server nhng server nhn mail. lit k thng tin SMTP server bn c th dng lnh telnet n server. Hacking Tool SMTPscan l cng c cho php chng ta tm kim nhng thng tin c lin quan n SMTP Server. Chng trnh hot ng bng cch gi mt gi tin gi n server v c tin nhn tr v bit nhng thng tin ca server. WEB Enumeration HTTP l giao thc web m ai cng bit. N hot ng port 80, v port 443 cho HTTPS. Ngi dng gi yu cu ni dung ln web server. Ti trnh duyt, chng ta g a ch, tt nhin s phi c DNS server thc hin qu trnh truy vn tm ra ip. tm kim nhng tin c lin quan n web server, bn c th bt gi tin tr v v xem thng tin server phn header ca d liu. Hacking Tool Asnumber l mt tin ch nh ci vo trnh duyt, hin th thng tin ca server. System Using Default Password S dng mt khu mt nh v nhng thng tin default khc ca phn cng qu tht khng nn. Tuy nhin, nu bn mun tn cng h thng, hy th tm kim coi c thit b no ang xi password mt nh hay khng. Truy cp www.phenoelit.de/dpl/dpl.html bit cc password mc nh ca thit b. Tng kt Sau khi kt thc chng ny bn cn nm r cc vn sau: Hiu r v lit k thng tin user account: Bng cch to ra kt ni n h thng ch bng nhng giao thc nh SMB/ CIFS hoc NetBIOS truy vn thng tin h thng.
Trnh by c nhng thng no c th lit k t h thng. Nhng thng bao gm ti nguyn mng chia s, user, group v nhng ng dng. L gii Null Session l g? V nhng k tn cng da trn null session. Kt ni n h thng bng password trng l Null Session. Hacker kt ni n h thng ch thc thi nhng ng dng. Cc cng c hack dng lit k. C th chia hai loi. Loi dng NetBios, loi dng SNMP nh SNMP Until, Enum. Li ca Security365 : Trong bi vit ny cc bn cn ch n cc cng nh hng bi Null Session, v cch ng cng cng nh cc nh hng ca vic ng cng ny. thun tin cho vic ng v m cng chng ti c vit 2 script l Block NullSession v Enable Null Session m cc bn c th download t chuyn mc Tool ca trang ch tp ch www.security365.vn Cc cng c khc ca Module ny cc bn hy download v t kho lu tr qua link mediafire c cung cp trong phn gii thiu, sau y l mt s video hng dn cch s dng cc cng c ny.
Lu : Security365 khng th tch hp tt c cc video Module 4 vo tp ch v s lm dung lng qua ln, v vy cc bn c th tham kho y cc video demo thuc ch ny ca Ceh v7 ti mc Video CEH v7 ti http://www.security365.vn/index.php?option=com_content&view=section&id=8&Itemid=112 Tip theo l cc hng dn v ly tin t ng, tng quan v GFI NSS, funny hack game bng tamper data