Bao Cao Dot 2 29 3 Do Trong Thanh

8/2/2019 Bao Cao Dot 2 29 3 Do Trong Thanh

1/17

Chuyn 2: Mt s phn mm kim tra an

ton ng dng WEB

H v tn: Trng Thnh

Lp : Mng My Tnh 6


2/17

Mc LcM c L c ................................................................................................................ 2

Acunetix Web Vulnerability Scanner : .......................................................................... 2

Shadow Security Scanner: .......................................................................................... 6

Gi i thi u, ch c n ng c a ph n m m: ...................................................................... 6

Ho t ng c a ch ng trnh: .................................................................................... 6

Retina Network Security Scanner (RNSS): .................................................................... 8

Gi i thi u ch c n ng: ............................................................................................... 8

Ho t ng c a RNSS: ............................................................................................... 9

Metasploit:................................................................................................................ 10

Gi i thi u ch c n ng: ............................................................................................. 10

Ho t d ng c a Metasploit s d ng framework: ....................................................... 11

Gi i thi u payload meterpreter: ............................................................................. 12

Nikto: ........................................................................................................................ 15

Acunetix Web Vulnerability Scanner :1. Gii thiu, chc nng ca phn mm:


3/17

- Mt vn nng trong thi bui CNTT hin nay, l cc Website lun c thb tn cng bt c lc no. V vy chng ta cn lm g bo v Website camnh c an ton cao nht? Nu chng ta khng phi l mt chuyn gia trong

lnh vc security c th t kim tra Website ca mnh, th chng ta c th sdng phn mm Acunetix Web Vulnerability Scanner thc hin iu mtcch nhanh chng v hiu qu.

- Nh thng thy, cc li bo mt Vit Nam tp trung vo nhng l hng nguyhim m bt c cng c Scan cao cp no cng c th qut thy. Nhng hu htcc admin dng nh qun mt, hoc khng bit n nhng l hng vn d rtd pht hin ny. Acunetix Web Vulnerability Scanner l chng trnh t ngkim tra cc ng dng Web tm kim cc l hng bo mt nh SQL Injection,

hay Cross-Site Scripting, cc link b li, version ca server, li CGI v tmkim nhng chnh sch i vi mt khu ng nhp cng nh cc phng thcxc thc vo Web Site. T a ra nhng cnh bo ty theo mc li v hnth na l chng trnh cn cung cp cc ti liu tng ng dng sa cc li.

2. Hot ng ca chng trnh :


4/17

- Ca s bn tri cung cp cho ta mt dy cc cng c: Web Scanner, Site Crawer,Target Finder, Subdomain Scanner ..., ch cn nhp chut vo cng c no Acunetix Web Vulnerability thc hin nhim v ca mnh. u im ca Toolny l tng tc trc quan m khng phi nh tng dng lnh nh Nmap hoc

Netcat - Acunetix Web Vulnerability l mt cng c qut li cho ng dng Web da trn

mt c s d liu rng ln c cp nht thng xuyn, vi cc thut tonheuristic p ng c cc c ch hat ng phc tp ca mi trng Web.Acunetix Web Vulnerability c th t ng kim tra cc l hng thng dng nhcross site scripting, sql injection v cc mi nhy cm khc ca nhng web sitec th truy cp bng trnh duyt, hay nhng ng dng c xy dng trn cc kthut tin tin nh AJAX.. thc hin c iu ny Acunetix WebVulnerability da trn nhiu phng php v cng c tch hp :

+ Crawling (ly v) ton b website gm tt c cc lin kt trn site v c trongtp tin robots.txt sau hin th tan b cu trc ny mt cch chi tit.

+ Sau tin trnh cwarling v khm ph tnh trng ca ng dng web, AcunetixWeb Vulnerability t ng pht ng cc t tn cng c lp trnh sn datrn cc l hng, ging nh khi web site b 1 hacker tn cng thc s, phn tchcc trang v nhng v tr c th nhp liu cng vi cc s kt hp khc nhau cad liu u vo c th lm cho website hin th nhng thng tin nhy cm.

+ Sau khi tm ra c cc l hng, Acunetix Web Vulnerability thng bo trncc Alerts Node, mi alert gm cc thng tin v li cng nh cc mi nguyhim c th gp phi v d nhin l km theo cc khuyn ngh v cch thckhc phc.

+ Sau khi tin trnh kim tra han tt, chng ta c th lu li thnh mt tp tin phn tch sau ny, vi cng c bo co chuyn nghip s gip cho cc webmaster d dng tng hp cc kt qu kim tra khc nhau trn ng dng Web camnh.

+ Sau khi qut, Acunetix Web Vulnerability s lit k cu trc ca site, phinbn webserver ang s dng, URL khng tn ti, cc li pht hin c cngnh mc Security ca site ang qut.

+ Mc bo mt ca website c Acunetix Web Vulnerability nh gi tlow, medium, high.


5/17

- Danh sch cc l hng bo mt c kim tra bi Acunetix WVS:

+ Code Execution+ Directory Traversal+ File Inclusion+ Script Source Code Disclosure+ CRLF Injection+ Cross Frame Scripting (XFS)+ PHP Code Injection

+ XPath Injection+ Full Path Disclosure+ LDAP Injection+ Cookie Manipulation+ MultiRequest Parameter Manipulation+ Blind SQL/XPath Injection+ File Checks+ Checks Backup Files hay Directories Tm kim cc tp tin thng dng (nhl logs, application traces, CVS web repositories)

+ Cross Site Scripting trong URL+ Checks Script Errors+ Directory Checks+ Tm kim cc tp tin quan trng nh logs, traces, CVS.+ Discover Sensitive Files/Directories+ Kim tra cc quyn gn cho th mc khng hp l - Weak Permissions+ Cross Site Scripting trong Path and PHPSESSID Session Fixation.+ Web Applications+ Text Search

+ Directory Listings+ Source Code Disclosure+ Kim tra Common Files+ Kim tra Email Addresses+ Microsoft Office Possible Sensitive Information+ Local Path Disclosure


6/17

+ Error Messages+ GHDB Google Hacking Database+ Over 1200 GHDB Search Entries in the Database

- Bn cnh cc Web master c th tin hnh cc thao tc penetration test th

cng nh input validation, authentication attacke, buffer overflows.

Shadow Security Scanner:Gii thiu, chc nng ca phn mm:

- y l mt th h mi ca phn mm cng ngh cao (mng my qut d b tnthng) m thc hin rt nhiu trong th k 20 v vn cn tuyn u trong thinnin k mi!Shadow Security Scanner (my qut l hng mng) thu c tnca cc nhanh nht - v thc hin tt nht - my qut an ninh trong khu vc th

trng ca n, nhiu thng hiu ni ting hn mc.Shadow Security Scanner cpht trin cung cp mt pht hin an ton, nhanh chng v ng tin cy ca mtphm vi rng ln ca cc l hng h thng an ninh. Sau khi hon thnh h thngqut, Shadow Security Scanner phn tch cc d liu thu thp, nh v cc l hngv cc li c th c trong cc ty chn iu chnh my ch, v cho thy cch giiphp c th c ca vn .

- Shadow Security Scanner s dng mt thut ton phn tch an ninh h thng duynht da trn mt "ct li tr tu" cp bng sng ch. Shadow Security Scanner thchin h thng qut vi tc nh vy v vi chnh xc nh vy c th cnh

tranh vi cc dch v bo v chuyn nghip CNTT v tin tc, c gng t nhp vomng ca bn.

Hot ng ca chng trnh:


7/17

- Chy trn nn tng Windows bn a ca n, Shadow Security Scanner cng qutcc my ch c xy dng thc t trn nn tng no, thnh cng vi phm l trongUnix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris, v d nhin, Windows95/98/ME/NT/2000 / XP / NET.Do kin trc c o ca n, Shadow SecurityScanner l mt trnh qut bo mt duy nht ca th gii c th pht hin li viCisco, HP, v thit b mng khc. N cng l thng mi duy nht c kh nng quttheo di hn 2.000 cuc kim ton cho mi h thng.

- Hin nay, cc dch v chnh sau y c h tr l: FTP, SSH, Telnet, SMTP, DNS,Finger, HTTP, POP3, IMAP, NetBIOS, NFS, NNTP, SNMP, mc (ShadowSecurity Scanner l my qut ch kim ton cc my ch proxy - khc ch cnxc minh cc cng my qut sn c), LDAP (Shadow Security Scanner l my qutch kim ton cc LDAP my ch - my qut khc hn ch hnh ng ca mnhti cc cng xc minh), HTTPS, SSL, giao thc TCP / IP, UDP, v cc k dch v.Bi v mt kin trc (ActiveX-based) hon ton m bt k chuyn nghip vi kin

thc ca VC + +, C + + Builder hoc Delphi c th d dng m rng kh nng camy qut. ActiveX cng ngh cng cho php cc qun tr vin h thng integrateShadow Security Scanner vo thc t bt k sn phm h tr ActiveX.

- Khi my qut l hng mng cung cp truy cp trc tip vo ct li ca n, bn cth s dng API (i vi mt thng tin chi tit xin tham kho ti liu API) t


8/17

c kim sot y toShadow Security Scanner hoc thay i tnh cht v chcnng ca mnh.

- Cc bin tp quy tc v Settings s c cn thit cho ngi s dng sn sng ch qut cc cng mong mun v dch v m khng lng ph thi gian v ngun lc

qut cc dch v khc. iu chnh linh hot cho php cc qun tr vin h thngqun l chc nng qut cc ty chn su v khc lm cho li ch ca mngc ti u ha tc qut m khng cn bt k s mt mt trong qut cht lng.

Retina Network Security Scanner (RNSS):Gii thiu chc nng:

- eEye l mt cng ty chuyn v t vn v nghin cu bo mt ti M. eEye ni tingv mt nghin cu v cng b cc l hng bo mt nguy him. Bn ch cn thamkho cc trang web nh securityfocus.com s thy s lng cc l hng nghimtrng c cng b bi eEye. RNSS c ng b vi update server ca eEye. Do, cc l hng mi c pht hin s ngay lp tc c RNSS update, k c cctool pht hin li (nh li RPC DCOM m Blaster s dng) cng c update theo.

- Retina Network Security Scanner c cng nhn l chun cng nghip trong vic

d tm l hng, xc nh v v nhng li bo mt quen thuc. Vi c tnh nhanhchng, chnh xc, ngi s dng c th bo v h thng ca mnh trc nhng lhng mi cng nh nhng cch tn cng mi.

- Vi mt c s d liu khng l v cc l hng bo mt, RNSS c giao din thnthin, chy trn tt c cc h Windows NT, cung cp chc nng kim tra cho cUnix (Solaris, BSD ..), Linux ln Windows, cho network device (firewall, router ..),


9/17

cho database v thm ch cho c cc software ca cc hng khc (v d li AccessImproper Memory ca Macromedia Flash Player).

Hot ng ca RNSS:


10/17

- Khng ging nh cc security scanner khc, RNSS qut rt nhanh do s dng kthut thng minh khng da trn nguyn l pen-test nn hon ton v hi (non-instrusive). iu ny lm cho qu trnh scanning remote khng tiu tn nhiu tinguyn h thng. RNSS cn cho php bn ch nh scan li theo nhiu ty chn:

NetBIOS, HTTP, CGI, FTP, DNS, DoS, POP3, SMTP, LDAP, TCP/IP, UDP,Registry, Services, User, Password ..

- RNSS c th d tm ra cc host ang hot ng ca mt h thng mng. Sau khiscanning, RNSS s lit k cc li theo th t mc nguy him. i vi mili, RNSS c t chi tit, mc , v hng dn lm th no sa l hng, vni lu tr thng tin v li (ID trn CVE, Bugtraq). RNSS cng cung cp nhngng link ti cc website download cc bn patch. c bit, RNSS c chcnng cc k hu ch: sa cha mt s l hng ngay lp tc. Gi s, c mt lhng do mt service khng cn thit, RNSS s a ra cc gii php chnh sahoc ng service .

- Mt trong nhng im khc bit vi cc security scanner khc ca RNSS lkhng hot ng trn c s mc nh mt giao thc no vi mt cng c nh(nh http vi port 80). Thay vo RNSS phn tch cc packet vo/ra trn ccport ny xc nh giao thc v service thc s ang chy. Vi tnh nng ny,RNSS c th trnh c cc config ring bit ca nhng h thng mng khcnhau hoc cc setup c customize.RNSS cng khng chm tr trong lnh vc wireless network. RNSS c th phthin c cc access point v t ng pht hin s xut hin ca cc AP chac xc nhn v thng bo cho security administrator.V mt nhn dng OS, Nmap Fingerprint Database nhng trong RNSS gip

security scanner ny thc hin vic pht hin HH ca h thng t xa kh chnhxc. Song song vi OS detection, RNSS cho php security administrator c thhnh dung ra mt bc tranh tng th v kt cu network (server, database,switch, router).

- Kh nng m rng ca RNSS cng l u im vt tri. RNSS c th kt hpvi REM Security Management Console v Retina Remediation Manager, cungcp nh gi hon thin v security cho h thng v cc gii php sa cha hiuqu. Vi Retina Remote Manager, security admin c th scan v xem report bt k ni no. Nhng kh nng vt tri ca RNSS:+ Kho l hng phong ph, y v c update lin tc+ Khai bo li chi tit, mc nguy him, cch thc sa li v t ng sa li.+ Chc nng scanning nhanh, ng tin cy.+ Kh nng m rng, tch hp vi cc sn phm uy tn khc ca eEye, cho phpng dng vi h thng ca cc doanh nghip ln mt cch hiu qu.

Metasploit:Gii thiu chc nng:


11/17

- Metasploit Framework l mt mi trng dng kim tra ,tn cng v khai thcli ca cc service. Metasploit c xy dng t ngn ng hng i tng Perl,vi nhng components c vit bng C, assembler, v Python.Metasploit c thchy trn hu ht cc h iu hnh: Linux, Windows, MacOS.

- Cc thnh phn ca Metasploit: Metasploit h tr nhiu giao din vi ngi dng:

o Console interface: dng msfconsole.bat. Msfconsole interface s dng ccdng lnh cu hnh, kim tra nn nhanh hn v mm do hn.

o Web interface: dng msfweb.bat, giao tip vi ngi dng thng qua giaodin web.

o Global Enviroment:c thc thi thng qua 2 cu lnh setg v unsetg,nhng options c gn y s mang tnh ton cc, c a vo tt c

cc module exploits

o Temporary Enviroment: c thc thi thng qua 2 cu lnh set v unset,

enviroment ny ch c a vo module exploit ang load hin ti, khngnh hng n cc module exploit khc. Bn c th lu li enviroment mnh cu hnh thng qua lnh save. Mi trng s c lu trong/.msf/config v s c load tr li khi user interface c thc hin.

Hot dng ca Metasploit s dng framework:- Chn module exploit: la chn chng trnh, dch v cn khai thc.

show exploits: xem cc module exploit m framework c h truse exploit_name: chn module exploitinfo exploit_name: xem thng tin v module exploit

- Cu hnh module exploit chnshow options: Xc nh nhng options no cn cu hnhset : cu hnh cho nhng option ca module

- Verify nhng options va cu hnh:check: kim tra xem nhng option c set chnh xc cha.

- La chn target: la chn h diu hnh no thc hinshow targets: nhng target c cung cp bi module set: xc nh target no


12/17

vd: smf> use windows_ssl_pctshow targetsexploit s lit k ra nhng target nh: winxp, winxp SP1, win2000, win2000 SP1

- La chn payload

payload l on code m s chy trn h thng target.show payloads: lit k ra nhng payload ca module exploit hin tiinfo payload_name: xem thng tin chi tit v payload set PAYLOAD payload_name: xc nh payload module name.Sau khi la chnpayload no, dng lnh show options xem nhng options ca payload show advanced: xem nhng advanced options ca payload

- Thc thi exploitexploit: lnh dng thc thi payload code. Payload sau s cung cp cho bn

nhng thng tin v h thng c khai thc Viking avnol.

Gii thiu payload meterpreter:- Meterpreter, vit tt t Meta-Interpreter l mt advanced payload c trong

Metasploit framework. Muc ch ca n l cung cp nhng tp lnh khai thc,tn cng cc my remote computers. N c vit t cc developers di dngshared object( DLL) files. Meterpreter v cc thnh phn m rng c thc thitrong b nh, hon ton khng c ghi ln a nn c th trnh c s pht hint cc phn mm chng virus.

- Meterpreter cung cp mt tp lnh chng ta c th khai thc trn cc remotecomputers:

o Fs: cho php upload v download files t cc remote machine.

o Net: cho php xem thng tin mng ca remote machine nh IP, route table.

o Process:cho php to cc processes mi trn remote machine.

o Sys: cho php xem thng tin h thng ca remote machine.

- S dng cu lnh:

o use -m module1,module2,module3 [ -p path ] [ -d ]Cu lnh use dng load nhng module m rng ca meterpreter nh: Fs,Net, Process..


13/17

o loadlib -f library [ -t target ] [ -lde ]Cu lnh cho php load cc th vin ca remote machines.

o read channel_id [length]Lnh read cho php xem d liu ca remote machine trn channel ang ktni.

o write channel_idLnh write cho php ghi d liu ln remote machine.

o close channel_idng channel m kt ni vi remote computer.

o interact channel_idBt u mt phin lm vic vi channel va thit lp vi remote machine.

o initcrypt cipher [parameters]M ho d liu c gi gia host v remote machine.

- S dng module Fs: cho php upload v download files t cc remote machinecd directoryging lnh cd ca commandlinegetcwdcho bit th mc ang lm vic hin ti

ls [filter_string]lit k cc th mc v tp tinupload src1 [src2 ...] dstupload filedownload src1 [src2 ...] dstdownload file

- S dng module Net:ipconfigroutexem bng nh tuyn ca remote machineportfwd [ -arv ] [ -L laddr ] [ -l lport ] [ -h rhost ] [ -p rport ] [ -P ]cho php to port forward gia host v remote machine


14/17

- S dng module Process:

o execute -f file [ -a args ] [ -Hc ]cu lnh execute cho php bn to ra mt process mi trn remote machinev s dng process khai thc d liu

o kill pid1 pid2 pid3hu nhng processes ang chy trn my remote machine

o pslit k nhng process ca remote machine

- S dng module Sys:

o getuid

cho bit username hin ti ca remote machineo sysinfo

cho bit thng tin v computername, OS.


15/17

Nikto:

- Nikto l mt cng c quyt l hng Web Server ngun m, do Chris Sullo v David

Lodge vit v pht trin.N c kh nng kim tra Web Server trong thi gian nhanhnht c th.

- u tin, n s tin hnh kim tra tng th Web Server, bao gm:

o Kim tra hn 6400 tp tin/CGIs (Common Gateway Interface) c kh nng gynguy him.

o Kim tra cc phin bn c ca hn 1200 my ch, t a ra cc gii phpnng cp hp l.

o Kim tra cc vn thng gp cho hn 270 my ch.

o Kim tra cc thit lp cu hnh Web Server nh: file index, nhng ty chn cuhnh HTTP Server,...

o Quyt cc ch mc v Plugins thng xuyn, cp nht t ng m bo anton cho my ch Web,...


16/17

-> Sau , kt qu s c lu vo trong 1 file log.

- Tnh nng chnh ca Nikto:

o H tr SSL (Unix vi OpenSSL, Windows vi Perl /NetSSL ca ActiveState)

o H tr y HTTP Proxy.

o Kim tra cc thnh phn my ch li thi.

o Lu bo co dng text n gin vi cc nh dng: *.Xml, *.Html, *.Nbe hoc*.Csv.

o C cc mu (template) nng cao d dng ty chnh bo co.

o Quyt nhiu cng trn mt my ch, v nhiu my ch thng qua tp tin u vo(bao gm c nmap u ra).

o K thut m ha IDS ca LibWhisker.

o D dng cp nht thng qua dng lnh

o Xc nh phn mm ci t thng qua cc header, favicon v cc tp tin.

o My ch xc thc vi Basic v NTLM.

o Lit k cc subdomain.

o Lit k tn ngi dng Apache v Cgiwrap.

o Thay i linh hot cc k thut m bo ni dung trn cc my ch Web.

o Qut kim tra, loi tr hoc iu chnh cc lp d b tn thng bn trongmy ch Web.

o Kim tra vic xc thc users (bao gm nhiu id/pw mc nh).

o Kim tra vic xc thc trn tt c cc th mc, bao gm c th mc gc.

o Nng cao vic kim tra gim mc sai thng qua nhiu phng thc: headers,ni dung trang, ni dung hm bm.


17/17

o Quyt v thng bo co headers "bt thng".

o C th thit lp cc trng thi tng tc, tm dng v thay i chi tit.

o Tch hp phn ng nhp vo Metasploit.

Bao Cao Dot 2 29 3 Do Trong Thanh

Documents

Transcript of Bao Cao Dot 2 29 3 Do Trong Thanh