Embed Size (px)
Citation preview
![Page 1: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/1.jpg)
y3dips©2005
D` Art of Thinkingsaatnya memberikan otak kita sedikit nutrisi
Ahmad.Muammar.W.Khttp://y3dips.echo.or.id
Re-write
![Page 2: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/2.jpg)
y3dips©2005
JadwalBerkenalan dengan EcHoSiapakah ?Show me the Art ?Mari Diskusi !
![Page 3: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/3.jpg)
y3dips©2005
EcHoindonEsian Community for Hackers and Opensource“ Belajar dan mencoba bersama kami “Mailing list, forum, ezine , IRC room, advisoriesy3dips, moby, the_day, comex, z3r0byt3, k-159, c-a-s-e, s`to , lirva32 , anonymoushttp://www.echo.or.id
![Page 4: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/4.jpg)
y3dips©2005
Eric S Raymond says the basic difference is that “ hackers build things, crackers break them ”“ Those who has the tools but not the knowledge ” are Script Kiddies ; --Jeff Moss , black Hat.Inc
Siapakah ?
![Page 5: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/5.jpg)
y3dips©2005
Hacker Hall Of Fame : http://tlc.discovery.com/convergence/hackers/hackers.html
![Page 6: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/6.jpg)
y3dips©2005
Show me the Art ?Perjalanan memahami kembali “anatomi hacking” yang kita ketahui
![Page 7: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/7.jpg)
y3dips©2005
Waktu ?Admin adalah juga seorang manusia biasa ….!Biarkan waktu berpihak kepada “kita”Saatnya berlibur ???!!! ( saatnya bekerja )Traffic ramai ?, tak ada salahnya menyumbang “suntikan“ traffic
Scanning target
![Page 8: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/8.jpg)
y3dips©2005
Cari TargetTraceroute, whois, dig, host, finger adalah standar ?
Tindak lanjutnyalah yang menjadikan tidak standar
Tandai target-mu !“high secure level” sampai “low secure level”Jadi kau pilih yang mana ?
![Page 9: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/9.jpg)
y3dips©2005
Server
Firewall
Attacker Server
Server
Attacker melakukan foot printing terhadap network (traceroute , nslookup, dig , whois)
![Page 10: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/10.jpg)
y3dips©2005
Server
Firewall
Attacker Server
Serveros : Redhat Enterprise- Apache- Mysql , SSHopen port- 3306 , 80 , 22
os : Debian- Qmail- SSHopen port- 22 - 110 , 25
os : win 2000- IIS5- MsSQL- MsFTPopen port- 21- 80,1434
Attacker melakukan mass scanning terhadap multi server / multi hostsAttacker melakukan foot printing terhadap network (traceroute , nslookup, dig , whois)
![Page 11: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/11.jpg)
y3dips©2005
Server
Firewall
Attacker Server
Serveros : Redhat Enterprise- Apache- Mysql , SSHopen port- 3306 , 80 , 22
os : Debian- Qmail- SSHopen port- 22 - 110 , 25
os : win 2000- IIS5- MsSQL- MsFTPopen port- 21- 80,1434
Attacker melakukan mass scanning terhadap multi server / multi hostsAttacker melakukan foot printing terhadap network (traceroute , nslookup, dig , whois)
Attacker menandai target yang pertama kali akan di coba
![Page 12: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/12.jpg)
y3dips©2005
Cari Target“Info are from everywhere”
Milis security, situs security , vendor security news , advisories
Google™ dan search engine lainnya adalah teman baik “KITA”Tetapi “google mulai memutuskan hubungan” ?
Try google hack
“Divide and Conguer”
![Page 13: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/13.jpg)
y3dips©2005
ScanningStealth scan (-sS , -sX, -sF) GAGAL !IDS menjadi masalah ? (eg /; snort , portsentry, etc)Bagaimana membreak desain yang ada ?
TIDAK ! Ikuti saja desain yang ada
Lakukan saja “koneksi” atau sekedar “banner grabing”telnet , NC , THC-amap“Less bandwidh consuming”
![Page 14: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/14.jpg)
y3dips©2005
ScanningLakukan Specific scanningCode :
![Page 15: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/15.jpg)
y3dips©2005
![Page 16: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/16.jpg)
y3dips©2005
Cari AksesExploitasi secara remote GAGAL TOTAL !!
Kejayaan masa lampau (wuftpd, Openssl-to-open, etc)Diblok oleh firewall , IDS , IPS, ACL, etc
Service service yang sudah relatif bertambah “aman”Dukungan komunitas dan maraknya User Groups
Miskinnya support “0day Xploits” ???? kiddies
![Page 17: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/17.jpg)
y3dips©2005
Cari AksesHanya berharap pada yang terbuka ??
Service umum di sebuah mesin komersil (http , https , ssh, ftp, smtp)
http sedikit lebih leluasa ?“Web hacking” ?Jujur saja kalo kita perlu akses !!
![Page 18: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/18.jpg)
y3dips©2005
Cari AksesAkrabkan diri dengan Web Aplikasi & ThreatBeragamnya aplikasi berjalan diatas port 80Ramai itu menguntungkan “KITA” :PDekatkan diri dengan Bugtraq “Lets Call back our friend Google™ ”SQL injection , Remote command execution !?
![Page 19: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/19.jpg)
y3dips©2005
Cari AksesBagaimana dengan HTTPS ?Hacking Web apps via ssl untuk https ????
stunnel , sslproxy
“ Its Encrypted , huh!! “ Membingungkan IDS untuk melihat “ signature “
Well my friend we`re l33t now!
![Page 20: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/20.jpg)
y3dips©2005
Cari Akses
![Page 21: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/21.jpg)
y3dips©2005
![Page 22: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/22.jpg)
y3dips©2005
Aku Tamu ?Kamu adalah “nobody” “www” “apache”Butuh akses lebih ?0day exploits sudah langka bagimu ?Kenapa tidak bermain main dengan “Read file”
/etc/passwd !!!!????? Why not ☺
![Page 23: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/23.jpg)
y3dips©2005
![Page 24: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/24.jpg)
y3dips©2005
Aku Tamu ?Terlalu terbatas berkeliaran dengan “nobody” id“Pick a new id” ?
Setidaknya “berubahlah” menjadi USERTemukan user id dan passwordnya
Ambil info sekecil apapun , jadilah pemulung ??Config.php , config.inc.php , data.mdb , user.dat
![Page 25: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/25.jpg)
y3dips©2005
![Page 26: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/26.jpg)
y3dips©2005
![Page 27: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/27.jpg)
y3dips©2005
Jadikan aku Raja?User ??Kenapa tidak menjadikan dirimu sebagai raja !
uid=0(root) gid=0(root) groups=0(root)
“ 0day exploits are very rare ? “Try another way ( Social engineering )0ld tricks ??
“ Success or failed , you choose ! “
![Page 28: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/28.jpg)
y3dips©2005
Pintu belakangSSHv4, Bind-tty, remote shell, dan YAB® telah GAGAL !Firewall menjadi lebih GANAS!!!
Block semua koneksi dari luar Membuka port yang hanya di gunakan (eg:/; 80, 22)
Tidak bisa patching OPENSSH dengan backdoor ??! Modifikasi sudoers, user, groups ??
Semua koneksi dari dalam keluar not filtered ???
![Page 29: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/29.jpg)
y3dips©2005
Pintu belakangKenapa tidak kita jadikan diri kita TUAN RUMAH !!“Let them connect to us using “ Netcat & reverse shell ??
![Page 30: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/30.jpg)
y3dips©2005
Firewall
AttackerServer
Attacker membuka koneksi ke server menggunakan port 80 (HTTP)Attacker menemukan celah untuk memasang backdoor di komputer server
Reverse Shell
![Page 31: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/31.jpg)
y3dips©2005
Firewall
AttackerServer
Attacker menemukan celah untuk memasang backdoor di komputer serverAttacker melakukan akan koneksi ke backdoor yang di pasang di serverAttacker gagal melakukan koneksi dikarenakan rule yang di terapkan di firewall (IDS, ACL, IPS)
Attacker membuka koneksi ke server menggunakan port 80 (HTTP)
Reverse Shell
![Page 32: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/32.jpg)
y3dips©2005
Firewall
AttackerServer
Attacker menemukan celah untuk memasang backdoor di komputer server
Attacker gagal melakukan koneksi dikarenakan rule yang di terapkan di firewall (IDS, ACL, IPS)Attacker mengeksekusi script reverse shell via phpshell, cgi telnet , remote command executionUser di mesin melakukan koneksi balik ke mesin attacker dan membypass firewall (IDS,ACL,IPS)
Attacker membuka koneksi ke server menggunakan port 80 (HTTP)
Reverse Shell
Attacker menjalankan netcat untuk membinding shell untuk menerima koneksi dari User di Server
Attacker melakukan akan koneksi ke backdoor yang di pasang di server
![Page 33: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/33.jpg)
y3dips©2005
Reverse ShellBackdoor tidak selalu online !
Tidak mencurigakan admin , karena port yang di binding tidak akanonline 24 jam.
Pengaktifannya bisa melalui backdoor lain di web applikasi yang relatif lebih gampang di sembunyikan
PhpShell, cgi-telnet, remote command execution
Minimalisir kecurigaan Tuan Rumah
![Page 34: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/34.jpg)
y3dips©2005
Jejak-kuLog yang tidak biasa akan mencurigakan ?
Working under web base relatively secure ( access.log )
Jika sesuai prosedur apakah bahaya ?Jika dirasa perlu lakukan sedikit modifikasi log
Rootkits , wipe log tools yang menghapus log user yang dinginkan sertawaktu yang di inginkan
Menghapus file log secara “membabi-buta” akan terlalu mencurigakan.
![Page 35: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/35.jpg)
y3dips©2005
![Page 36: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/36.jpg)
y3dips©2005
“Si bodoh”Defacing, ???!!Merubah file, menghapus file , dsbMenambah user secara mecolokBerlakulah biasa sampai kita “selesai”
![Page 37: Art of Thinking [Re-write]](https://reader037.dokumen.tips/reader037/viewer/2022103000/5559f728d8b42aa8098b48e3/html5/thumbnails/37.jpg)
y3dips©2005
Mari DiskusiBagi bagi ilmu dunk ?
