Upload
pham-thanh-van
View
228
Download
0
Embed Size (px)
Citation preview
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
1/17
Chuyn 2: Mt s phn mm kim tra an
ton ng dng WEB
H v tn: Trng Thnh
Lp : Mng My Tnh 6
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
2/17
Mc LcM c L c ................................................................................................................ 2
Acunetix Web Vulnerability Scanner : .......................................................................... 2
Shadow Security Scanner: .......................................................................................... 6
Gi i thi u, ch c n ng c a ph n m m: ...................................................................... 6
Ho t ng c a ch ng trnh: .................................................................................... 6
Retina Network Security Scanner (RNSS): .................................................................... 8
Gi i thi u ch c n ng: ............................................................................................... 8
Ho t ng c a RNSS: ............................................................................................... 9
Metasploit:................................................................................................................ 10
Gi i thi u ch c n ng: ............................................................................................. 10
Ho t d ng c a Metasploit s d ng framework: ....................................................... 11
Gi i thi u payload meterpreter: ............................................................................. 12
Nikto: ........................................................................................................................ 15
Acunetix Web Vulnerability Scanner :1. Gii thiu, chc nng ca phn mm:
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
3/17
- Mt vn nng trong thi bui CNTT hin nay, l cc Website lun c thb tn cng bt c lc no. V vy chng ta cn lm g bo v Website camnh c an ton cao nht? Nu chng ta khng phi l mt chuyn gia trong
lnh vc security c th t kim tra Website ca mnh, th chng ta c th sdng phn mm Acunetix Web Vulnerability Scanner thc hin iu mtcch nhanh chng v hiu qu.
- Nh thng thy, cc li bo mt Vit Nam tp trung vo nhng l hng nguyhim m bt c cng c Scan cao cp no cng c th qut thy. Nhng hu htcc admin dng nh qun mt, hoc khng bit n nhng l hng vn d rtd pht hin ny. Acunetix Web Vulnerability Scanner l chng trnh t ngkim tra cc ng dng Web tm kim cc l hng bo mt nh SQL Injection,
hay Cross-Site Scripting, cc link b li, version ca server, li CGI v tmkim nhng chnh sch i vi mt khu ng nhp cng nh cc phng thcxc thc vo Web Site. T a ra nhng cnh bo ty theo mc li v hnth na l chng trnh cn cung cp cc ti liu tng ng dng sa cc li.
2. Hot ng ca chng trnh :
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
4/17
- Ca s bn tri cung cp cho ta mt dy cc cng c: Web Scanner, Site Crawer,Target Finder, Subdomain Scanner ..., ch cn nhp chut vo cng c no Acunetix Web Vulnerability thc hin nhim v ca mnh. u im ca Toolny l tng tc trc quan m khng phi nh tng dng lnh nh Nmap hoc
Netcat - Acunetix Web Vulnerability l mt cng c qut li cho ng dng Web da trn
mt c s d liu rng ln c cp nht thng xuyn, vi cc thut tonheuristic p ng c cc c ch hat ng phc tp ca mi trng Web.Acunetix Web Vulnerability c th t ng kim tra cc l hng thng dng nhcross site scripting, sql injection v cc mi nhy cm khc ca nhng web sitec th truy cp bng trnh duyt, hay nhng ng dng c xy dng trn cc kthut tin tin nh AJAX.. thc hin c iu ny Acunetix WebVulnerability da trn nhiu phng php v cng c tch hp :
+ Crawling (ly v) ton b website gm tt c cc lin kt trn site v c trongtp tin robots.txt sau hin th tan b cu trc ny mt cch chi tit.
+ Sau tin trnh cwarling v khm ph tnh trng ca ng dng web, AcunetixWeb Vulnerability t ng pht ng cc t tn cng c lp trnh sn datrn cc l hng, ging nh khi web site b 1 hacker tn cng thc s, phn tchcc trang v nhng v tr c th nhp liu cng vi cc s kt hp khc nhau cad liu u vo c th lm cho website hin th nhng thng tin nhy cm.
+ Sau khi tm ra c cc l hng, Acunetix Web Vulnerability thng bo trncc Alerts Node, mi alert gm cc thng tin v li cng nh cc mi nguyhim c th gp phi v d nhin l km theo cc khuyn ngh v cch thckhc phc.
+ Sau khi tin trnh kim tra han tt, chng ta c th lu li thnh mt tp tin phn tch sau ny, vi cng c bo co chuyn nghip s gip cho cc webmaster d dng tng hp cc kt qu kim tra khc nhau trn ng dng Web camnh.
+ Sau khi qut, Acunetix Web Vulnerability s lit k cu trc ca site, phinbn webserver ang s dng, URL khng tn ti, cc li pht hin c cngnh mc Security ca site ang qut.
+ Mc bo mt ca website c Acunetix Web Vulnerability nh gi tlow, medium, high.
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
5/17
- Danh sch cc l hng bo mt c kim tra bi Acunetix WVS:
+ Code Execution+ Directory Traversal+ File Inclusion+ Script Source Code Disclosure+ CRLF Injection+ Cross Frame Scripting (XFS)+ PHP Code Injection
+ XPath Injection+ Full Path Disclosure+ LDAP Injection+ Cookie Manipulation+ MultiRequest Parameter Manipulation+ Blind SQL/XPath Injection+ File Checks+ Checks Backup Files hay Directories Tm kim cc tp tin thng dng (nhl logs, application traces, CVS web repositories)
+ Cross Site Scripting trong URL+ Checks Script Errors+ Directory Checks+ Tm kim cc tp tin quan trng nh logs, traces, CVS.+ Discover Sensitive Files/Directories+ Kim tra cc quyn gn cho th mc khng hp l - Weak Permissions+ Cross Site Scripting trong Path and PHPSESSID Session Fixation.+ Web Applications+ Text Search
+ Directory Listings+ Source Code Disclosure+ Kim tra Common Files+ Kim tra Email Addresses+ Microsoft Office Possible Sensitive Information+ Local Path Disclosure
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
6/17
+ Error Messages+ GHDB Google Hacking Database+ Over 1200 GHDB Search Entries in the Database
- Bn cnh cc Web master c th tin hnh cc thao tc penetration test th
cng nh input validation, authentication attacke, buffer overflows.
Shadow Security Scanner:Gii thiu, chc nng ca phn mm:
- y l mt th h mi ca phn mm cng ngh cao (mng my qut d b tnthng) m thc hin rt nhiu trong th k 20 v vn cn tuyn u trong thinnin k mi!Shadow Security Scanner (my qut l hng mng) thu c tnca cc nhanh nht - v thc hin tt nht - my qut an ninh trong khu vc th
trng ca n, nhiu thng hiu ni ting hn mc.Shadow Security Scanner cpht trin cung cp mt pht hin an ton, nhanh chng v ng tin cy ca mtphm vi rng ln ca cc l hng h thng an ninh. Sau khi hon thnh h thngqut, Shadow Security Scanner phn tch cc d liu thu thp, nh v cc l hngv cc li c th c trong cc ty chn iu chnh my ch, v cho thy cch giiphp c th c ca vn .
- Shadow Security Scanner s dng mt thut ton phn tch an ninh h thng duynht da trn mt "ct li tr tu" cp bng sng ch. Shadow Security Scanner thchin h thng qut vi tc nh vy v vi chnh xc nh vy c th cnh
tranh vi cc dch v bo v chuyn nghip CNTT v tin tc, c gng t nhp vomng ca bn.
Hot ng ca chng trnh:
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
7/17
- Chy trn nn tng Windows bn a ca n, Shadow Security Scanner cng qutcc my ch c xy dng thc t trn nn tng no, thnh cng vi phm l trongUnix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris, v d nhin, Windows95/98/ME/NT/2000 / XP / NET.Do kin trc c o ca n, Shadow SecurityScanner l mt trnh qut bo mt duy nht ca th gii c th pht hin li viCisco, HP, v thit b mng khc. N cng l thng mi duy nht c kh nng quttheo di hn 2.000 cuc kim ton cho mi h thng.
- Hin nay, cc dch v chnh sau y c h tr l: FTP, SSH, Telnet, SMTP, DNS,Finger, HTTP, POP3, IMAP, NetBIOS, NFS, NNTP, SNMP, mc (ShadowSecurity Scanner l my qut ch kim ton cc my ch proxy - khc ch cnxc minh cc cng my qut sn c), LDAP (Shadow Security Scanner l my qutch kim ton cc LDAP my ch - my qut khc hn ch hnh ng ca mnhti cc cng xc minh), HTTPS, SSL, giao thc TCP / IP, UDP, v cc k dch v.Bi v mt kin trc (ActiveX-based) hon ton m bt k chuyn nghip vi kin
thc ca VC + +, C + + Builder hoc Delphi c th d dng m rng kh nng camy qut. ActiveX cng ngh cng cho php cc qun tr vin h thng integrateShadow Security Scanner vo thc t bt k sn phm h tr ActiveX.
- Khi my qut l hng mng cung cp truy cp trc tip vo ct li ca n, bn cth s dng API (i vi mt thng tin chi tit xin tham kho ti liu API) t
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
8/17
c kim sot y toShadow Security Scanner hoc thay i tnh cht v chcnng ca mnh.
- Cc bin tp quy tc v Settings s c cn thit cho ngi s dng sn sng ch qut cc cng mong mun v dch v m khng lng ph thi gian v ngun lc
qut cc dch v khc. iu chnh linh hot cho php cc qun tr vin h thngqun l chc nng qut cc ty chn su v khc lm cho li ch ca mngc ti u ha tc qut m khng cn bt k s mt mt trong qut cht lng.
Retina Network Security Scanner (RNSS):Gii thiu chc nng:
- eEye l mt cng ty chuyn v t vn v nghin cu bo mt ti M. eEye ni tingv mt nghin cu v cng b cc l hng bo mt nguy him. Bn ch cn thamkho cc trang web nh securityfocus.com s thy s lng cc l hng nghimtrng c cng b bi eEye. RNSS c ng b vi update server ca eEye. Do, cc l hng mi c pht hin s ngay lp tc c RNSS update, k c cctool pht hin li (nh li RPC DCOM m Blaster s dng) cng c update theo.
- Retina Network Security Scanner c cng nhn l chun cng nghip trong vic
d tm l hng, xc nh v v nhng li bo mt quen thuc. Vi c tnh nhanhchng, chnh xc, ngi s dng c th bo v h thng ca mnh trc nhng lhng mi cng nh nhng cch tn cng mi.
- Vi mt c s d liu khng l v cc l hng bo mt, RNSS c giao din thnthin, chy trn tt c cc h Windows NT, cung cp chc nng kim tra cho cUnix (Solaris, BSD ..), Linux ln Windows, cho network device (firewall, router ..),
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
9/17
cho database v thm ch cho c cc software ca cc hng khc (v d li AccessImproper Memory ca Macromedia Flash Player).
Hot ng ca RNSS:
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
10/17
- Khng ging nh cc security scanner khc, RNSS qut rt nhanh do s dng kthut thng minh khng da trn nguyn l pen-test nn hon ton v hi (non-instrusive). iu ny lm cho qu trnh scanning remote khng tiu tn nhiu tinguyn h thng. RNSS cn cho php bn ch nh scan li theo nhiu ty chn:
NetBIOS, HTTP, CGI, FTP, DNS, DoS, POP3, SMTP, LDAP, TCP/IP, UDP,Registry, Services, User, Password ..
- RNSS c th d tm ra cc host ang hot ng ca mt h thng mng. Sau khiscanning, RNSS s lit k cc li theo th t mc nguy him. i vi mili, RNSS c t chi tit, mc , v hng dn lm th no sa l hng, vni lu tr thng tin v li (ID trn CVE, Bugtraq). RNSS cng cung cp nhngng link ti cc website download cc bn patch. c bit, RNSS c chcnng cc k hu ch: sa cha mt s l hng ngay lp tc. Gi s, c mt lhng do mt service khng cn thit, RNSS s a ra cc gii php chnh sahoc ng service .
- Mt trong nhng im khc bit vi cc security scanner khc ca RNSS lkhng hot ng trn c s mc nh mt giao thc no vi mt cng c nh(nh http vi port 80). Thay vo RNSS phn tch cc packet vo/ra trn ccport ny xc nh giao thc v service thc s ang chy. Vi tnh nng ny,RNSS c th trnh c cc config ring bit ca nhng h thng mng khcnhau hoc cc setup c customize.RNSS cng khng chm tr trong lnh vc wireless network. RNSS c th phthin c cc access point v t ng pht hin s xut hin ca cc AP chac xc nhn v thng bo cho security administrator.V mt nhn dng OS, Nmap Fingerprint Database nhng trong RNSS gip
security scanner ny thc hin vic pht hin HH ca h thng t xa kh chnhxc. Song song vi OS detection, RNSS cho php security administrator c thhnh dung ra mt bc tranh tng th v kt cu network (server, database,switch, router).
- Kh nng m rng ca RNSS cng l u im vt tri. RNSS c th kt hpvi REM Security Management Console v Retina Remediation Manager, cungcp nh gi hon thin v security cho h thng v cc gii php sa cha hiuqu. Vi Retina Remote Manager, security admin c th scan v xem report bt k ni no. Nhng kh nng vt tri ca RNSS:+ Kho l hng phong ph, y v c update lin tc+ Khai bo li chi tit, mc nguy him, cch thc sa li v t ng sa li.+ Chc nng scanning nhanh, ng tin cy.+ Kh nng m rng, tch hp vi cc sn phm uy tn khc ca eEye, cho phpng dng vi h thng ca cc doanh nghip ln mt cch hiu qu.
Metasploit:Gii thiu chc nng:
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
11/17
- Metasploit Framework l mt mi trng dng kim tra ,tn cng v khai thcli ca cc service. Metasploit c xy dng t ngn ng hng i tng Perl,vi nhng components c vit bng C, assembler, v Python.Metasploit c thchy trn hu ht cc h iu hnh: Linux, Windows, MacOS.
- Cc thnh phn ca Metasploit: Metasploit h tr nhiu giao din vi ngi dng:
o Console interface: dng msfconsole.bat. Msfconsole interface s dng ccdng lnh cu hnh, kim tra nn nhanh hn v mm do hn.
o Web interface: dng msfweb.bat, giao tip vi ngi dng thng qua giaodin web.
o Global Enviroment:c thc thi thng qua 2 cu lnh setg v unsetg,nhng options c gn y s mang tnh ton cc, c a vo tt c
cc module exploits
o Temporary Enviroment: c thc thi thng qua 2 cu lnh set v unset,
enviroment ny ch c a vo module exploit ang load hin ti, khngnh hng n cc module exploit khc. Bn c th lu li enviroment mnh cu hnh thng qua lnh save. Mi trng s c lu trong/.msf/config v s c load tr li khi user interface c thc hin.
Hot dng ca Metasploit s dng framework:- Chn module exploit: la chn chng trnh, dch v cn khai thc.
show exploits: xem cc module exploit m framework c h truse exploit_name: chn module exploitinfo exploit_name: xem thng tin v module exploit
- Cu hnh module exploit chnshow options: Xc nh nhng options no cn cu hnhset : cu hnh cho nhng option ca module
- Verify nhng options va cu hnh:check: kim tra xem nhng option c set chnh xc cha.
- La chn target: la chn h diu hnh no thc hinshow targets: nhng target c cung cp bi module set: xc nh target no
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
12/17
vd: smf> use windows_ssl_pctshow targetsexploit s lit k ra nhng target nh: winxp, winxp SP1, win2000, win2000 SP1
- La chn payload
payload l on code m s chy trn h thng target.show payloads: lit k ra nhng payload ca module exploit hin tiinfo payload_name: xem thng tin chi tit v payload set PAYLOAD payload_name: xc nh payload module name.Sau khi la chnpayload no, dng lnh show options xem nhng options ca payload show advanced: xem nhng advanced options ca payload
- Thc thi exploitexploit: lnh dng thc thi payload code. Payload sau s cung cp cho bn
nhng thng tin v h thng c khai thc Viking avnol.
Gii thiu payload meterpreter:- Meterpreter, vit tt t Meta-Interpreter l mt advanced payload c trong
Metasploit framework. Muc ch ca n l cung cp nhng tp lnh khai thc,tn cng cc my remote computers. N c vit t cc developers di dngshared object( DLL) files. Meterpreter v cc thnh phn m rng c thc thitrong b nh, hon ton khng c ghi ln a nn c th trnh c s pht hint cc phn mm chng virus.
- Meterpreter cung cp mt tp lnh chng ta c th khai thc trn cc remotecomputers:
o Fs: cho php upload v download files t cc remote machine.
o Net: cho php xem thng tin mng ca remote machine nh IP, route table.
o Process:cho php to cc processes mi trn remote machine.
o Sys: cho php xem thng tin h thng ca remote machine.
- S dng cu lnh:
o use -m module1,module2,module3 [ -p path ] [ -d ]Cu lnh use dng load nhng module m rng ca meterpreter nh: Fs,Net, Process..
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
13/17
o loadlib -f library [ -t target ] [ -lde ]Cu lnh cho php load cc th vin ca remote machines.
o read channel_id [length]Lnh read cho php xem d liu ca remote machine trn channel ang ktni.
o write channel_idLnh write cho php ghi d liu ln remote machine.
o close channel_idng channel m kt ni vi remote computer.
o interact channel_idBt u mt phin lm vic vi channel va thit lp vi remote machine.
o initcrypt cipher [parameters]M ho d liu c gi gia host v remote machine.
- S dng module Fs: cho php upload v download files t cc remote machinecd directoryging lnh cd ca commandlinegetcwdcho bit th mc ang lm vic hin ti
ls [filter_string]lit k cc th mc v tp tinupload src1 [src2 ...] dstupload filedownload src1 [src2 ...] dstdownload file
- S dng module Net:ipconfigroutexem bng nh tuyn ca remote machineportfwd [ -arv ] [ -L laddr ] [ -l lport ] [ -h rhost ] [ -p rport ] [ -P ]cho php to port forward gia host v remote machine
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
14/17
- S dng module Process:
o execute -f file [ -a args ] [ -Hc ]cu lnh execute cho php bn to ra mt process mi trn remote machinev s dng process khai thc d liu
o kill pid1 pid2 pid3hu nhng processes ang chy trn my remote machine
o pslit k nhng process ca remote machine
- S dng module Sys:
o getuid
cho bit username hin ti ca remote machineo sysinfo
cho bit thng tin v computername, OS.
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
15/17
Nikto:
- Nikto l mt cng c quyt l hng Web Server ngun m, do Chris Sullo v David
Lodge vit v pht trin.N c kh nng kim tra Web Server trong thi gian nhanhnht c th.
- u tin, n s tin hnh kim tra tng th Web Server, bao gm:
o Kim tra hn 6400 tp tin/CGIs (Common Gateway Interface) c kh nng gynguy him.
o Kim tra cc phin bn c ca hn 1200 my ch, t a ra cc gii phpnng cp hp l.
o Kim tra cc vn thng gp cho hn 270 my ch.
o Kim tra cc thit lp cu hnh Web Server nh: file index, nhng ty chn cuhnh HTTP Server,...
o Quyt cc ch mc v Plugins thng xuyn, cp nht t ng m bo anton cho my ch Web,...
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
16/17
-> Sau , kt qu s c lu vo trong 1 file log.
- Tnh nng chnh ca Nikto:
o H tr SSL (Unix vi OpenSSL, Windows vi Perl /NetSSL ca ActiveState)
o H tr y HTTP Proxy.
o Kim tra cc thnh phn my ch li thi.
o Lu bo co dng text n gin vi cc nh dng: *.Xml, *.Html, *.Nbe hoc*.Csv.
o C cc mu (template) nng cao d dng ty chnh bo co.
o Quyt nhiu cng trn mt my ch, v nhiu my ch thng qua tp tin u vo(bao gm c nmap u ra).
o K thut m ha IDS ca LibWhisker.
o D dng cp nht thng qua dng lnh
o Xc nh phn mm ci t thng qua cc header, favicon v cc tp tin.
o My ch xc thc vi Basic v NTLM.
o Lit k cc subdomain.
o Lit k tn ngi dng Apache v Cgiwrap.
o Thay i linh hot cc k thut m bo ni dung trn cc my ch Web.
o Qut kim tra, loi tr hoc iu chnh cc lp d b tn thng bn trongmy ch Web.
o Kim tra vic xc thc users (bao gm nhiu id/pw mc nh).
o Kim tra vic xc thc trn tt c cc th mc, bao gm c th mc gc.
o Nng cao vic kim tra gim mc sai thng qua nhiu phng thc: headers,ni dung trang, ni dung hm bm.
8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh
17/17
o Quyt v thng bo co headers "bt thng".
o C th thit lp cc trng thi tng tc, tm dng v thay i chi tit.
o Tch hp phn ng nhp vo Metasploit.