prev
next
out of 67

Bao Cao Do an Chuyen Nganh 1347

Embed Size (px)

Citation preview

LI M UCng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh v s pht trin ca mng internet ngy cng pht trin a dng v phong ph. Cc dch v trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi. Cc thng tin trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu thng tin cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy ca n. Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v ph c t p h n. Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l ht sc quan trng v cn thit. Xut pht t nhng thc t , chng ta s tm hiu v cc cch tn cng ph bin nht hin nay v cc phng chng cc loi tn cng ny. Chnh v vy, thng qua vic nghin cu mt s phng php tn cng v cch bo mt cc la tn cng ny,ti mong mun gp mt phn nh vo vic nghin cu v tm hiu v cc vn an ninh mng gip cho vic hc tp v nghin cu. Ti xin chn thnh cm n s hng dn ca Thy ng Ngc Cng l thy trc tip hng dn n chuyn ngnh cho ti, gip ti c th hon thnh n ny. 1. L do chn ti Trong nhng nm gn y, Vit Nam ngy cng pht trin v nht l v mt cng ngh thng tin. c bit l v ng dng web, hu nh mi ngi ai cng tng nghe v lm vic trn ng dng web. Website tr nn ph bin v tr thnh mt phn quan trng ca mi ngi v nht l cc doanh nghip, cng ty. Bn cnh l do an ton bo mt cho ng dng web lun l vn nan gii ca mi ngi.V vy chng ta s i tm hiu ng dng web v cch thc tn cng v bo mt web. 2. Mc tiu

CC PHNG THC TN CNG & PHNG TH WEB SERVER Gip chng ta c th hiu hn v cc ng dng website, cc mi e da v v n an ton thng tin khi chng ta lm vic trn ng dng web hng ngy, hiu r hn v cc k thut tn cng v bo mt web. 3. Phm vi Tm hiu cc k thut tn cng ph bin nht hin nay nh SQL Injection, Denial Of Service, Local Attack,Cch bo mt, phng th cc loi tn cng ph bin trn mt cch tng quan nht

MC LCCHNG 1.................................................................................................................................4 TNG QUAN V WEBSITE, CC DCH V CA WEBSITE V LI BO MT THNG DNG..........................................................................................................................................4 1.1. M t Website v cch hot ng....................................................................................4 1.2. Cc dch v v ng dng trn nn web...........................................................................6 CHNG 2.................................................................................................................................6 CC LOI TN CNG V BO MT NG DNG WEB PH BIN........................................6 2.1. LOCAL ATTACK...............................................................................................................6 2.1.1. Tm hiu v Local Attack............................................................................................6 2.1.2. Cch tn cng Local Attack.......................................................................................7 2.1.3. Cch bo mt cho Local Attack...............................................................................11 2.1.4. Cc cng c h tr..................................................................................................17 2.2. Tn cng t chi dch v - (Denial Of Service)..............................................................18 2.2.1. DOS(Denial Of Service)...........................................................................................18 2.2.2. Ddos(Distributed Denial of Service).........................................................................21 2.2.3. Tn cng t chi dch v phn x nhiu vng DRDoS (Distributed Reflection Denial of Service)...............................................................................................................36 2.3. SQL Injection..................................................................................................................37 2.3.1. Tn cng SQL injection............................................................................................37 2.3.2.Cch Phng Trnh SQL Injection..............................................................................50

NGUYN VNG NGH

Trang 2

CC PHNG THC TN CNG & PHNG TH WEB SERVER2.4. Cross Site Scripting (XSS)..............................................................................................55 2.4.1. Tn cng XSS..........................................................................................................55 2.4.2. Phng chng............................................................................................................59 CHNG 3...............................................................................................................................60 DEMO, NH GI V HNG PHT TRIN TI............................................................60 3.1. Demo..............................................................................................................................60 3.2. Kt lun..........................................................................................................................61 3.2.1. Cc vn t c...................................................................................................61 3.2.2. Hn ch.......................................................................................................................62 3.2.3. Hng pht trin ti................................................................................................62 NHN XT CA GING VIN HNG DN..........................................................................64 NHN XT CA GING VIN PHN BIN.............................................................................66

NGUYN VNG NGH

Trang 3

CC PHNG THC TN CNG & PHNG TH WEB SERVER

CHNG 1 TNG QUAN V WEBSITE, CC DCH V CA WEBSITE V LI BO MT THNG DNG1.1. M t Website v cch hot ng Website l mt trang web trn mng Internet, y l ni gii thiu nhng thng tin, hnh nh v doanh nghip v sn phm, dch v ca doanh nghip (hay gii thiu bt c thng tin g) khch hng c th truy cp bt k ni u, bt c lc no. Website l tp hp nhiu trang [web page]. Khi doanh nghip xy dng website ngha l ang xy dng nhiu trang thng tin, catalog sn phm, dch v.... to nn mt website cn phi c 3 yu t c bn: Cn phi c tn min (domain). Ni lu tr website (hosting). Ni dung cc trang thng tin [web page]. Mt s thut ng c bn: Website ng (Dynamic website) l website c c s d liu, c cung cp cng c qun l website (Admin Tool). c im ca website ng l tnh linh hot v c th cp nht thng tin thng xuyn, qun l cc thnh phn trn website d dng. Loi website ny thng c vit bng cc ngn ng lp trnh nh PHP, Asp.net, JSP, Perl,..., qun tr C s d liu bng SQL hoc MySQL...

NGUYN VNG NGH

Trang 4

CC PHNG THC TN CNG & PHNG TH WEB SERVER Website tnh do lp trnh bng ngn ng HTML theo tng trang nh brochure, khng c c s d liu v khng c cng c qun l thng tin trn website. Thng thng website tnh c thit k bng cc phn mm nh FrontPage, Dreamwaver,... c im ca website tnh l t thay i ni dung, s thay i ni dung ny thng lin quan n s thay i cc vn bn i km th hin ni dung trn . Hin nay, hu ht cc doanh nghip u s dng website ng, th h cng ngh website c mi ngi bit n l web 2.0. - Tn min (domain): Tn min chnh l a ch website, trn internet ch tn ti duy nht mt a ch (tc l tn ti duy nht mt tn min). C 2 loi tn min: - Tn min Quc t: l tn min c dng .com; .net; .org; .biz; .name ... - Tn min Vit Nam: l tn min c dng .vn; .com.vn; .net.vn; org.vn; .gov.vn;... - Lu tr website: D liu thng tin ca website phi c lu tr trn mt my tnh (my ch - server) lun hot ng v kt ni vi mng Internet. Mt server c th lu tr nhiu website, nu server ny b s c chng hn tt trong mt thi im no th khng ai c th truy cp c nhng website lu tr trn server ti thi i m b hp cho website [thu dung lng host]. - Dung lng host: L ni lu c s tr d liu ca website (hnh nh, thng tin ), n v o dung lng thng l Mb hoc Gb. - Bng thng hay dung lng ng truyn truyn: L tng s Mb d liu ti ln my ch hoc ti v t my ch (download, upload) ni t website, n v o thng thng l Mb/Thng. s c. - Ty theo nhu cu lu tr thng tin m doanh nghip c th thu dung lng thch

NGUYN VNG NGH

Trang 5

CC PHNG THC TN CNG & PHNG TH WEB SERVER 1.2. Cc dch v v ng dng trn nn web Vi cng ngh hin nay, website khng ch n gin l mt trang tin cung cp cc tin bi n gin. Nhng ng dng vit trn nn web khng ch c gi l mt phn ca website na, gi y chng c gi l phn mm vit trn nn web. C rt nhiu phn mm chy trn nn web nh Google word (x l vn bn), Google spreadsheets (x l bng tnh), Email , Mt s u im ca phn mm hay ng dng chy trn nn web:

Mi ngi u c trnh duyt v bn ch cn trnh duyt chy phn mm. Phn mm lun lun c cp nht v chng chy trn server Lun sn sng 24/7 D dng backup d liu thng xuyn C th truy cp mi lc, mi ni, min l bn c mng Chi ph trin khai cc r so vi phn mm chy trn desktop Hy hnh dung bn c mt phn mm qun l bn hng hay qun l cng vic

cng ty. Khng phi lc no bn cng cng ty, vi phn mm vit trn nn web, bn c th vo kim tra, iu hnh bt c u, thm ch bn ch cn mt chic in thoi chy c trnh duyt nh IPhone m khng cn n mt chic my tnh.

CHNG 2 CC LOI TN CNG V BO MT NG DNG WEB PH BIN2.1. LOCAL ATTACK 2.1.1. Tm hiu v Local Attack - Local attack l mt trong nhng kiu hack rt ph bin v khng c khuyn dng.i mt web server thng thng khi bn ng k mt ti khon trn server no bn s c cp mt ti khon trn server v mt th mc qun l site ca mnh. V d : tenserver/tentaikhoancuaban. V nh vy cng c mt ti khon ca ngi dng khc tng t nh : tenserver/taikhoan1.Gi s taikhoan1 b hacker

NGUYN VNG NGH

Trang 6

CC PHNG THC TN CNG & PHNG TH WEB SERVER chim c th hacker c th dng cc th thut,cc on scrip,cc on m lnh truy cp sang th mc cha site ca bn l tenserver/taikhoancuaban. V cng theo cch ny hacker c th tn cng sang cc site ca ngi dng khc v c th l y thng tin admin,database,cc thng tin bo mt khc hoc chn cc on m c vo trang index ca site bn. Dng tn cng trn gi l Local Attack - Thng thng nht, Local Attack c s dng c ly thng tin config t victim, sau da vo thng tin config v mc ch ca hacker ph hoi website 2.1.2. Cch tn cng Local Attack - thc hin tn cng Local Attack, ty theo cch thc ca hacker m c nhng cch Local khc nhau. Thng thng th cc hacker thng s dng cc on lnh tn cng vo database. 2.1.2.1. Chun b - Trc tin phi c mt con PHP/ASP/CGI backdoor trn server. Backdoor th c rt nhiu loi khc nhau nhng ph bin nht l phpRemoteView (thng c gi l remview) R57Shell, CGITelnet,C99,Tin hnh upload cc cng c trn ln, thng l cc con shell nh R57,C99, - Upload mt trong nhng cng c ln host (Thng th chng ta s dng cc con shell R57,C99,.. v n mnh v d s dng) - c host chng ta c nhiu cch: + Mua mt ci host(cch ny hacker t s dng v nhiu l do nhng l do c b n vn l tn tin m khi up shell ln nu b admin ca server pht hin s b del host,..Vi cch ny th sau khi Local xong th nn xa cc con shell ngay lp tc. + Hack mt trang b li v upload shell ln (thng th hacker s dng SQL Injection hack mt trang web v chim ti khon admin ca trang web v upload cc con shell ln)hoc khai thc li inclusion

NGUYN VNG NGH

Trang 7

CC PHNG THC TN CNG & PHNG TH WEB SERVER + Search backdoor (Vo google.com search keyword: , r57Shell ...). Vi cch ny th hu ht cc con shell l ca cc hacker s dng v cha b xa, nu c th chng ta nn upload cho chng ta mt con shell khc 2.1.2.2.Tin hnh Attack - Sau khi chng ta chun b xong, tc l upload c con shell ln 1 server no . Chng ta bt u tm cc website cng server m bn up shell ln, thng thng cc hacker thng s dng Reverse Ip domain m hacker upload shell xem cc website cng server - Sau khi tm c danh sch website ,ln lt check xem site no b li v c th local sang c - Cc lnh thng dng trong shell Local Attack Xem tn domain trn cng 1 host ls -la /etc/valiases cd /etc/vdomainaliases;ls lia - Trng hp c bit khi khng th xem user nm cng host th ta thm && vo cd /etc/vdomainaliases && ls lia - Mun bit tn user th dng lnh : cat /etc/passwd/ Hoc less /etc/passwd + local sang victim, tc l local sang site khc v d hin ti con shell chng ta ang : /home/abcd/public_html/ th chng ta s local sang nh sau :

NGUYN VNG NGH

Trang 8

CC PHNG THC TN CNG & PHNG TH WEB SERVER dir home/tn user cn local/public_html - Mun bit tn user cn local sang th chng ta s dng Reverse Ip ly danh sch user trn cng mt server.Mun bit user c tn ti hay khng chng ta m trnh duyt web ln v nh on : Ip ca server/~ tn user (V d : 203.166.222.121/~doanchuyennganh). Nu trnh duyt hin ln trang index ca website th tc l user tn ti +Xem ni dung ca file cat /home/tn user cn local/public_html/index.php Hoc Chng ta mun xem config ca 1 forum th dng ln -s /home/tn user cn local/public_html/forum/includes/config.php doanchuyennganh.txt Vi doanchuyennganh.txt y l file chng ta to ra trn host ca chng ta xem file ca ngi khc ! Nu khng s dng c cc lnh trn tc l server disable chc nng . Thm 1 s lnh shell trong linux : - pwd: a ra ngoi mn hnh th mc ang hot ng (v d: /etc/ssh). - cd: thay i th mc (v d: cd .. ra mt cp th mc hin ti; cd vidu vo th mc /vidu). - ls: a ra danh sch ni dung th mc. - mkdir: to th mc mi (mkdir tn_thumuc). - touch: to file mi (touch ten_file). - rmdir: b mt th mc (rmdir ten_thumuc). - cp: copy file hoc th mc (cp file_ngun file_ch).NGUYN VNG NGH Trang 9

CC PHNG THC TN CNG & PHNG TH WEB SERVER - mv: di chuyn file hoc th mc; cng c dng t li tn file hoc th mc (mv v_tr_c v_tr_mi hoc mv tn_c tn_mi). - rm: loi b file (rm tn_file). - tm kim file, bn c th dng: - find : dng cho cc tn file. - grep : tm ni dung trong file. xem mt file, bn c th dng: - more : hin th file theo tng trang. - cat : hin th tt c file. - Nu mun kt ni ti mt host t xa, s dng lnh ssh. C php l ssh . Qun l h thng: - ps: hin th cc chng trnh hin thi ang chy (rt hu ch: ps l ci nhn ton b v tt c cc chng trnh). - Trong danh sch a ra khi thc hin lnh ps, bn s thy c s PID (Process identification - nhn dng tin trnh). Con s ny s c hi n khi mun ngng mt dch v hay ng dng, dng lnh kill - top: hot ng kh ging nh Task Manager trong Windows. N a ra thng tin v tt c ti nguyn h thng, cc tin trnh ang chy, tc load trung bnh Lnh top -d thit lp khong thi gian lm ti li h thng. Bn c th t bt k gi tr no, t .1 (tc 10 mili giy) ti 100 (tc 100 giy) hoc thm ch ln hn. - uptime: th hin thi gian ca h thng v tc load trung bnh trong khong thi gian , trc y l 5 pht v 15 pht. Thng thng tc load trung bnh c tnh ton theo phn trm ti nguyn h thng (vi x l, RAM, cng vo/ra, tc load mng) c dng ti mt thi im. Nu tc c tnh ton l 0.37, tc c 37% ti nguyn c s dng. Gi tr

NGUYN VNG NGH

Trang 10

CC PHNG THC TN CNG & PHNG TH WEB SERVER ln hn nh 2.35 ngha l h thng phi i mt s d liu, khi n s tnh ton nhanh hn 235% m khng gp phi vn g. Nhng gia cc phn phi c th khc nhau mt cht. - free: hin th thng tin trn b nh h thng. - ifconfig : xem thng tin chi tit v cc giao din mng; thng thng giao din mng ethernet c tn l eth(). Bn c th ci t cc thit lp mng nh a ch IP hoc bng cch dng lnh ny (xem man ifconfig). Nu c iu g cha chnh xc, bn c th stop hoc start (tc ngng hoc khi_ng) giao din bng cch dng lnh ifconfig up/down. - passwd: cho php bn thay i mt khu (passwd ngi_dng_s_hu_mt_khu hoc tn ngi dng khc nu bn ng nhp h thng vi vai tr root). - useradd: cho php bn thm ngi dng mi (xem man useradd). D phn phi no, bn cng c th dng phm TAB t ng hon chnh mt lnh hoc tn file. iu ny rt hu ch khi bn quen vi cc lnh. Bn cng c th s dng cc phm ln, xung cun xem cc lnh nhp. Bn c th dng lnh a dng trn mt dng. V d nh, nu mun to ba th mc ch trn mt dng, c php c th l: mkdir th_mc_1 ; mkdir th_mc_2 ; mkdir th_mc_3. Mt iu th v khc na l cc lnh dng pipe. Bn c th xut mt lnh thng qua lnh khc. V d: man mkdir | tail s a ra thng tin cc dng cui cng trong trang xem "th cng" ca lnh mkdir. Nu lc no c yu cu phi ng nhp vi ti khon gc (tc "siu" admin ca h thng), bn c th ng nhp tm thi bng cch dng lnh su. Tham s -1 (su-1) dng thay i th mc ch v cho cc lnh hoc ang dng. Ch l bn cng s c nhc mt mt khu. thot hay ng : g exit hoc logout. 2.1.3. Cch bo mt cho Local Attack hn ch Local Attack, chng ta nn Chmod filemanager ,di chuyn file config.php v sa i file htaccess v nht l thng xuyn backup d liu.

NGUYN VNG NGH

Trang 11

CC PHNG THC TN CNG & PHNG TH WEB SERVER -Chmod File Manager: + CHMOD th mc Public_html thnh 710 thay v 750 mc nh vic ny s gip bn bo v c cu trc Website ca mnh. + CHMOD tip cc th mc con (diendan (http://diendan.doanchuyennganh.com), CHMOD th mc diendan (http://diendan.doanchuyennganh.com) thnh 701, ri CHMOD tip cc th mc con trong th mc diendan (http://diendan.doanchuyennganh.com) thnh 701 + CHMOD ton b file thnh 404 Vi CHMOD chc chn khi run shell s hin ra thng bo li: Not Acceptable An appropriate representation of the requested resource /test.php could not be found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Attacker s khng view c. - Ngoi ra , mt s site th bn truy cp bng subdomain ca n m khng l dng doanchuyenganh.com/diendan (http://diendan.doanchuyennganh.com), ci ny c nhiu ngha, nhng trong bo mt th n s rt khc. + CHMOD th mc l 701 v c gng ng bao gi CHMOD 777, c mt s folder ko quan trng, bn c th CHMOD 755 c th hin th ng v y mt s ni dung trong Folder . Ch th ny, mt s Server h tr CHMOD th mc c 101, nu Server ca bn h tr ci ny th hy s dng n, v bi n php CHMOD ny rt an ton, n ngay c Owner cng ko th xem c cu trc Folder ngay c khi vo FTP. Hin ch c Server ca Eshockhost.net l h tr ci ny. + CHMOD File l 604 v ng bao gi l 666 nu c vic cn 666 th chng ta CHMOD tm s dng lc , sau hy CHMOD li ngay. i vi cc Server h tr CHMOD file 404 chng ta hy CHMOD nh vy, v d Server Eshockhost.netNGUYN VNG NGH Trang 12

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Thay i cu trc, tn file mc nh c cha cc thng tin quan tr ng . Nu c th hy thay i c cu trc CSDL nu bn lm c . -Chng local bng cch bt safe-mode (dnh cho root): Nh chng ta bit, i vi cc webshell - PHP, trong PHP Configuration c nhng option hn ch tnh nng ca n (c bit l r57 - t ng by pass) nn cng vic u tin ca cc root account l phi cp nht cc phin bn PHP mi nht v config li php.ini : [i]PHP safe mode l phng php gii quyt vn bo mt cho nhng ni server chia s hosting cho nhiu accounts (shared-server). N l do thit k 1 cch sai lc ca tng cp PHP. Hin nay, nhiu ngi chn phng php bt safe-mode bo mt, c bit l cc ISP - Cc hng dn v cu hnh Security and Safe Mode : Code: safe_mode: mc nh : "0" sa di phn quyn : PHP_INI_SYSTEM safe_mode_gid: mc nh :"0"sa di phn quyn : PHP_INI_SYSTEM safe_mode_include_dir: mc nh :NULL sa di phn quyn : PHP_INI_SYSTEM safe_mode_exec_dir: mc nh :""sa di PHP_INI_SYSTEM safe_mode_allowed_env_vars: mc nh :"PHP_"sa di PHP_INI_SYSTEM safe_mode_protected_env_vars: mc nh :"LD_LIBRARY_PATH"sa di PHP_INI_SYSTEM open_basedir: mc nh :NULL sa di PHP_INI_SYSTEM disable_functions: mc nh :"" sa di php.ini disable_classes : mc nh : ""sa di php.ini - Sau y l cch c chnh cu hnh server bt ch safe mode : Trong file php.ini : safe_mode = Off chuyn thnh safe_mode = OnNGUYN VNG NGH Trang 13

CC PHNG THC TN CNG & PHNG TH WEB SERVER - disabled_functions nn cha nhng function sau : PHP Code: readfile,system, exec, shell_exec, passthru, pcntl_exec, putenv, proc_close,

proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, set_time_limit, escapeshellcmd, escapeshellarg, dl, curl_exec, parse_ini_file, show_source,ini_alter, virtual, openlog - Khi , ta v d : PHP Code: -rw-rw-r-- 1 doanchuyennganh doanchuyennganh 33 Jul 1 19:20 script.php -rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd - Trong script.php l : PHP Code: - Kt qu : PHP Code: Warning: readfile() has been disabled for security reasons in /docroot/script.php on line 2 - Vi li im ca vic bt safe mode: - Thng khi upload file, file s vo /tmp/ vi nhng ngi c quyn khng phi l owner. - Bt safe-mode s c nhng bt li vi ngi lp trnh code PHP, do , h thng c: PHP Code:

NGUYN VNG NGH

Trang 14

CC PHNG THC TN CNG & PHNG TH WEB SERVER -Bo mt server apache : By gi, xin gii thch tm quan trng ca apache : Client (Hacker using local attack) ------> Shared server Shared Server --------------------------> Apache Apache ---------------------------------> PHP/Perl ... x l ... PHP/Perl (gi kt qu) -----------------> Apache Apache (gi kt qu) ------------------>Client Do quyn chnh apache set .. ch 0 h ph thuc nhiu vo cc application nh PHP/CGI ... Ci t apache : Code: pw groupadd apache pw useradd apache -c "Apache Server" -d /dev/null -g apache -s /sbin/nologin Theo mc nh, cc process thuc Apache chy vi ch quyn ca ngi dng nobody (ngoi tr process chnh phi chy vi ch quyn root) v GID thuc nhm nogroup. iu ny c th dn n nhng e da bo mt nghim trng. Trong trng hp t nhp thnh cng, tin tc c th ly c quyn truy dng n nhng process khc chy cng UID/GID. Bi th, gii php ti u l cho Apache chy bng UID/GID t nhm ring bit, chuyn ch n software y thi.

NGUYN VNG NGH

Trang 15

CC PHNG THC TN CNG & PHNG TH WEB SERVER i vi nhng ai quen dng *nix hn khng l g vi khi nim UID/GID thuc ch "file permission". Tuy nhin, chi tit ny nn m rng mt t cho nhng bn c cha quen thuc vi UID/GID. Phn to nhm (group) v ngi dng (user) ring cho Apache trn c hai chi tit cn ch l: -d /dev/null: khng cho php user Apache c th mc $HOME nhng nhng user bnh thng khc -s /sbin/nologin: khng cho user Apache dng bt c mt shell no c. C mt s trng hp dng -s /bin/true thay v nologin trn, true l mt lnh khng thc thi g c v hon ton v hi. L do khng cho php user Apache c th mc $HOME v khng c cp mt "shell" no c v nu account Apache ny b c cho php, tin tc cng khng c c hi tip cn vi system mc cn thit cho th thut "leo thang c quyn". Trn mi trng *nix ni chung, "shell" l giao din gia ngi dng v h thng, khng c shell th khng c c hi tip cn. Nu phn thit lp trn cung cp user Apache mt $HOME v cho php dng mt shell no th khng mang gi tr g trn quan im "bo mt". Vo http://httpd.apache.org/ ci t phin bn mi nht (hin gi 2.2) Khi ta nn set quyn ca php shell ring, n khng c quyn c nhy sang cc user khc . - Chmod trong /usr/bin nh sau : -rwxr--r-x root nobody wget cho -rwxr-x--- root compiler gcc - Chn bin dch gcc, trnh user dng nhng exploit sn bin dch get root. Trong /bin/: -rwxr-xr-x root root cp - Tng t vi rm, mv, tar, chmod, chown, chgrp... -rwsr-x--- root wheel su

NGUYN VNG NGH

Trang 16

CC PHNG THC TN CNG & PHNG TH WEB SERVER -rwxr-x--- root root ln 2.1.4. Cc cng c h tr -Cng c h tr Local Attack ph bin v hay dng nht l cc con shell.Cc loi shell thng s dng l R57,C99,..

Hnh 1. Hnh nh ca 1 dng shell

NGUYN VNG NGH

Trang 17

CC PHNG THC TN CNG & PHNG TH WEB SERVER 2.2. Tn cng t chi dch v - (Denial Of Service) 2.2.1. DOS(Denial Of Service) 2.2.1.1. Gii thiu khi qut v DoS: - DoS (Denial of Service) c th m t nh hnh ng ngn cn nhng ngi dng hp php ca mt dch v no truy cp v s dng dch v . N bao gm c vic lm trn ngp mng, lm mt kt ni vi dch v m mc ch cui cng l lm cho server khng th p ng c cc yu cu s dng dch v t cc client. DoS c th lm ngng hot ng ca mt my tnh, mt mng ni b, thm ch c mt h thng mng rt ln. Thc cht ca DoS l k tn cng s chim dng mt lng ln ti nguyn mng nh bng thng, b nh v lm mt kh nng x l cc yu cu dch v n t cc client khc. 2.2.1.2. Cc cch thc tn cng: + Ph hoi da trn tnh gii hn hoc khng th phc hi ca ti nguyn mng. - Thng qua kt ni: Tn cng kiu SYN flood: FPRIVATE "TYPE=PICT;ALT=" Li dng cc thc hot ng ca kt ni TCP/IP, hacker bt u qu trnh thit l p mt kt ni TPC/IP vi mc tiu mun tn cng nhng s ph v kt ni ngay sau khi qu trnh SYN v SYN ACK hon tt, khin cho mc tiu ri vo trng thi ch (i gi tin ACK t pha yu cu thit lp kt ni) v lin tc gi gi tin SYN ACK thit lp kt ni . Mt cch khc l gi mo a ch IP ngun ca gi tin yu cu thit lp kt ni SYN v cng nh trng hp trn, my tnh ch cng ri vo trng thi ch v cc gi tin SYN ACK khng th i n ch do a ch IP ngun l khng c tht. Cch thc ny c th c cc hacker p dng tn cng mt h thng mng c bng thng ln hn h thng ca hacker.NGUYN VNG NGH Trang 18

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Li dng ngun ti nguyn ca chnh nn nhn tn cng: Tn cng kiu Land Attack: cng tng t nh SYN flood nhng hacker s dng chnh IP ca mc tiu cn tn cng dng lm a ch IP ngun trong gi tin, y mc tiu vo mt vng lp v tn khi c gng thit lp kt ni vi chnh n. Tn cng kiu UDP flood: hacker gi gi tin UDP echo vi a ch IP ngun l cng loopback ca chnh mc tiu cn tn cng hoc ca mt my tnh trong cng mng vi mc tiu qua cng UDP echo (port 7) thit l p vic gi v nhn cc gi tin echo trn 2 my tnh (hoc gia mc tiu vi chnh n nu mc tiu c cu hnh cng loopback) khin cho 2 my tnh ny dn dn s dng ht bng thng ca chng v cn tr hot ng chia s ti nguyn mng ca cc my tnh khc trong mng. -S dng bng thng: Tn cng kiu DDoS (Distributed Denial of Service): y l cch thc tn cng rt nguy him. Hacker xm nhp vo cc h thng my tnh, ci t cc chng trnh iu kin t xa v s kch hot ng thi cc chng trnh ny vo cng mt thi im ng lot tn cng vo mt mc tiu. Cch thc ny c th huy ng ti hng trm thm ch hng ngn my tnh cng tham gia tn cng mt lc (ty vo s chun b trc ca hacher) v c th ngn ht bng thng ca mc tiu trong nhy mt. -S dng cc ngun ti nguyn khc: K tn cng li dng cc ngun ti nguyn m nn nhn cn n tn cng. Nhng k tn cng c th thay i d liu v t sao chp d liu m nn nhn cn ln nhiu ln lm CPU b qu ti v cc qu trnh x l d liu b nh tr.

NGUYN VNG NGH

Trang 19

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Tn cng kiu Smurf Attack: kiu tn cng ny cn mt h thng rt quan trng, l mng khuych i. Hacker dng a ch ca my tnh cn tn cng gi broadcast gi tin ICMP echo cho ton b mng. Cc my tnh trong mng s ng lot gi gi tin ICMP reply cho my tnh m hacker mun tn cng. Kt qu l my tnh ny s khng th x l kp thi mt lng ln thng tin nh vy v rt d b treo. - Tn cng kiu Tear Drop: trong mng chuyn mch gi, d liu c chia nh lm nhiu gi tin, mi gi tin c mt gi tr offset ring v c th truyn i theo nhiu ng ti ch. Ti ch, nh vo gi tr offset ca tng gi tin m d liu li c kt hp li nh ban u. Li dng iu ny, hacker c th to ra nhiu gi tin c gi tr offset trng lp nhau gi n mc tiu mun tn cng. Kt qu l my tnh ch khng th sp xp c nhng gi tin ny v c th b treo do dng ht nng lc x l ca h thng. +.Ph hoi hoc chnh sa thng tin cu hnh. Li dng vic cu hnh thiu an ton (v d nh vic khng xc thc thng tin trong vic gi v nhn bn tin update ca cc router) m k tn cng s thay i t xa hoc trc tip cc thng tin quan trng khin cho nhng ngi dng hp php khng th s dng dch v. V d: hacker c th xm nhp vo DNS thay i thng tin, dn n qu trnh bin dch domain name sang IP ca DNS b sai lch. Kt qu l cc yu cu ca client n mt domain no s bin thnh mt domain khc. +.Ph hoi hoc chnh sa vt l phn cng. Li dng quyn hn ca chnh bn thn k tn cng i vi cc thit b trong h thng mng tip cn ph hoi (cc router, switch) 2.2.1.3 Cc cch phng chng - DoS c th lm tiu tn rt nhiu thi gian cng nh tin bc, v vy, cn phi c nhng bin php phng chng:

NGUYN VNG NGH

Trang 20

CC PHNG THC TN CNG & PHNG TH WEB SERVER - M hnh h thng phi c xy dng hp l, trnh ph thuc ln nhau qu mc d dn n mt b phn gp s c s lm c h thng b trc trc. - Thit lp password bo v cc thit b hay cc ngun ti nguyn quan trng. - Thit lp cc mc xc thc i vi ngi dng cng nh cc ngun tin trn mng (cc thng tin cp nht nh tuyn gia cc router cng nn thit lp ch chng li SYN flood. - Ch chp nhn cc dch v cn thit, tm thi dng cc dch v cha c yu cu cung cp hoc khng s dng. - Xy dng h thng nh mc, gii hn cho ngi s dng ngn nga tr ng hp ngi dng c c mun li dng cc ti nguyn trn server tn cng chnh server hay mng, server khc. - Lin tc cp nht, nghin cu, kim tra pht hin cc l hng bo mt v c bin php khc phc kp thi. - S dng cc bin php kim tra hot ng ca h thng mt cch lin tc pht hin ngay nhng hnh ng bt bnh thng. - Xy dng h thng d phng. 2.2.2. Ddos(Distributed Denial of Service) - Distributed Denial Of Service (DDoS) l k thut tn cng lm cc ISP lo u, gii hacker chnh thng th khng cng nhn DdoS l k thut tn cng chnh thng. Th nhng Black hat ang c rt nhiu u th khi trin khai tn cng bng k thut DdoS. Vic phng nga v ngn chn DdoS vn cn ang thc hin mc khc phc hu qu v truy tm th phm xc thc) - Xy dng h thng lc thng tin trn router, firewall v h thng bo v

NGUYN VNG NGH

Trang 21

CC PHNG THC TN CNG & PHNG TH WEB SERVER 2.2.2.1. Cc giai on ca mt cuc tn cng kiu DdoS: Bao gm 3 giai on: i. Giai on chun b: - Chun b cng c quan trng ca cuc tn cng, cng c ny thng th ng ho t ng theo m hnh client-server. Hacker c th vit phn mm ny hay down load mt cch d dng, theo thng k tm thi c khong hn 10 cng c DDoS c cung cp min ph trn mng (cc cng c ny s phn tch chi tit vo phn sau) - K tip, dng cc k thut hack khc nm trn quyn mt s host trn mng. tin hnh ci t cc software cn thit trn cc host ny, vic cu hnh v th nghim ton b attack-netword (bao gm mng li cc my b li dng cng vi cc software c thit lp trn , my ca hacker hoc mt s my khc c thit lp nh im pht ng tn cng) cng s c thc hin trong giai on ny. ii. Giai on xc nh mc tiu v thi im: - Sau khi xc nh mc tiu ln cui, hacker s c hot ng iu chnh attacknetword chuyn hng tn cng v pha mc tiu. - Yu t thi im s quyt nh mc thit hi v tc p ng ca mc tiu i vi cuc tn cng. iii. Pht ng tn cng v xa du vt: - ng thi im nh, hacker pht ng tn cng t my ca mnh, l nh t n cng ny c th i qua nhiu cp mi n host thc s tn cng. Ton b attacknetwork (c th ln n hng ngn my), s vt cn nng lc ca server mc tiu lin tc, ngn chn khng cho n hot ng nh thit k. - Sau mt khong thi gian tn cng thch hp, hacker tin hnh xa mi du vt c th truy ngc n mnh, vic ny i hi trnh khc cao v khng tuyt i cn thit.

NGUYN VNG NGH

Trang 22

CC PHNG THC TN CNG & PHNG TH WEB SERVER 2.2.2.2. Kin trc tng quan ca DDoS attack-network Nhn chung DDoS attack-network c hai m hnh chnh: M hnh Agent Handler M hnh IRC Based

DDoS attack-network

Agent -Handler

IRC - Based

Client Handler Communication

Client Handler Communication

Secret/private channel

Public channel

TCP

UDP

ICMP

TCP

UDP

ICMP

Hnh 2. S chnh phn loi cc kiu tn cng DDoS

i. M hnh Agent Handler: Theo m hnh ny, attack-network gm 3 thnh phn: Agent, Client v Handler Client : l software c s hacker iu khin mi hot ng ca attack-network Handler : l mt thnh phn software trung gian gia Agent v Client Agent : l thnh phn software thc hin s tn cng mc tiu, nhn iu khin t Client thng qua cc Handler

NGUYN VNG NGH

Trang 23

CC PHNG THC TN CNG & PHNG TH WEB SERVER

Attacker

Attacker

Handler

Handler

Handler

Handler

Agent

Agent

Agent

Agent

Agent

VictimHnh 3. Kin trc attack-network kiu Agent Handler

- Attacker s t Client giao tip vi cc1 Handler xc nh s l ng Agent ang online, iu chnh thi im tn cng v cp nht cc Agent. Ty theo cch attacker cu hnh attack-network, cc Agent s chu s qun l ca mt hay nhiu Handler. - Thng thng Attacker s t Handler software trn mt Router hay mt server c lng traffic lu thng nhiu. Vic ny nhm lm cho cc giao tip gia Client, handler v Agent kh b pht hin. Cc gia tip ny thng thng xy ra trn cc protocol TCP, UDP hay ICMP. Ch nhn thc s ca cc Agent thng thng khng h hay bit h b li dng vo cuc tn cng kiu DDoS, do h khng kin thc hoc cc chng trnh Backdoor Agent ch s dng rt t ti nguyn h thng lm cho hu nh khng th thy nh hng g n hiu nng ca h thng. ii. M hnh IRC Based: - Internet Relay Chat (IRC) l mt h thng online chat multiuser, IRC cho php User to mt kt ni n multipoint n nhiu user khc v chat thi gian thc. Kin trc c IRC network bao gm nhiu IRC server trn khp internet, giao tip vi nhau trn nhiu knh (channel). IRC network cho php user to ba loi channel: public, private v serect.

NGUYN VNG NGH

Trang 24

CC PHNG THC TN CNG & PHNG TH WEB SERVER Public channel: Cho php user ca channel thy IRC name v nhn c message ca mi user khc trn cng channel Private channel: c thit k giao tip vi cc i tng cho php. Khng cho php cc user khng cng channel thy IRC name v message trn channel. Tuy nhin, nu user ngoi channel dng mt s lnh channel locator th c th bit c s tn ti ca private channel . Secrect channel : tng t private channel nhng khng th xc nh bng channel locator.Attacker Attacker

IRC NETWORK

Agent

Agent

Agent

Agent

Agent

VictimHnh 4. Kin trc attack-network ca kiu IRC-Base - IRC Based net work cng tng t nh Agent Handler network nhng m hnh ny s dng cc knh giao tip IRC lm phng tin giao tip gia Client v Agent (khng s dng Handler). S dng m hnh ny, attacker cn c thm mt s l i th khc nh: Cc giao tip di dng chat message lm cho vic pht hin chng l v cng kh khn IRC traffic c th di chuyn trn mng vi s lng ln m khng b nghi ng Khng cn phi duy tr danh sch cc Agent, hacker ch cn logon vo IRC server l c th nhn c report v trng thi cc Agent do cc channel gi v.

NGUYN VNG NGH

Trang 25

CC PHNG THC TN CNG & PHNG TH WEB SERVER Sau cng: IRC cng l mt mi trng file sharing to iu kin pht tn cc Agent code ln nhiu my khc. 2.2.2.3. Phn loi tn cng kiu DDOS - Nhn chung, c rt nhiu bin th ca k thut tn cng DDoS nhng nu nhn di gc chuyn mn th c th chia cc bin th ny thnh hai loi da trn mch ch tn cng: Lm cn kit bng thng v lm cn kit ti nguyn h thngDDoS attack

Bandwith DeleptionDeleption

Resource Deleption

Flood Attack

Amplification Attack

Protoco l Exploit Attack

Malformed Paclket attack

UDP

ICMP

Smuft attack

Flaggle Attack

TCP SYS

PUSH +ACK SYN

IP @ Attack

IP Packet Options Attack

Attack

Rando m Port

Static Port Attack

Spoof Source Attack

Direct Attack

Loop Attack Spoof source Attack

Attack Spoof source Attack Spoof source Attack Spoof source Attack

Attack

Hnh 5. Phn loi cc kiu tn cng DDoS i.

Nhng kiu tn cng lm cn kit bng thng ca mng (BandWith

Depletion Attack) - BandWith Depletion Attack c thit k nhm lm trng ngp mng mc tiu vi nhng traffic khng cn thit, vi mc ch lm gim ti thiu kh nng ca cc traffic hp l n c h thng cung cp dch v ca mc tiu. - C hai loi BandWith Depletion Attack:

NGUYN VNG NGH

Trang 26

CC PHNG THC TN CNG & PHNG TH WEB SERVER + Flood attack: iu khin cc Agent gi mt lng ln traffic n h thng dch v ca mc tiu, lm dch v ny b ht kh nng v bng thng. + Amplification attack: iu khin cc agent hay Client t gi message n mt a ch IP broadcast, lm cho tt c cc my trong subnet ny gi message n h thng dch v ca mc tiu. Phng php ny lm gia tng traffic khng cn thit, lm suy gim bng thng ca mc tiu. Flood attack: Trong phng php ny, cc Agent s gi mt lng ln IP traffic lm h thng dch v ca mc tiu b chm li, h thng b treo hay t n tr ng thi hot ng bo ha. Lm cho cc User thc s ca h thng khng s dng c dch v. Ta c th chia Flood Attack thnh hai loi: + UDP Flood Attack: do tnh cht connectionless ca UDP, h thng nhn UDP message ch n gin nhn vo tt c cc packet mnh cn phi x l. Mt lng ln cc UDP packet c gi n h thng dch v ca mc tiu s y ton b h thng n ngng ti hn. + Cc UDP packet ny c th c gi n nhiu port ty hay ch duy nh t mt port. Thng thng l s gi n nhiu port lm cho h thng mc tiu phi cng ra x l phn hng cho cc packet ny. Nu port b tn cng khng sn sng th h thng mc tiu s gi ra mt ICMP packet loi destination port unreachable. Thng thng cc Agent software s dng a ch IP gi che giu hnh tung, cho nn cc message tr v do khng c port x l s dn n mt i ch Ip khc. UDP Flood attack cng c th lm nh hng n cc kt ni xung quanh mc tiu do s hi t ca packet din ra rt mnh. + ICMP Flood Attack: c thit k nhm mc ch qun l mng cng nh nh v thit b mng. Khi cc Agent gi mt lng ln ICMP_ECHO_REPLY n h thng mc tiu th h thng ny phi reply mt lng tng ng Packet tr li, s dn n nghn ng truyn. Tng t trng hp trn, a ch IP ca c Agent c th b gi mo.NGUYN VNG NGH Trang 27

CC PHNG THC TN CNG & PHNG TH WEB SERVER +Amplification Attack: - Amplification Attack nhm n vic s dng cc chc nng h tr a ch IP broadcast ca cc router nhm khuych i v hi chuyn cuc tn cng. Chc nng ny cho php bn gi ch nh mt a ch IP broadcast cho ton subnet bn nhn thay v nhiu a ch. Router s c nhim v gi n tt c a ch IP trong subnet packet broadcast m n nhn c. - Attacker c th gi broadcast message trc tip hay thng qua mt s Agent nhm lm gia tng cng ca cuc tn cng. Nu attacker trc tip gi message, th c th li dng cc h thng bn trong broadcast network nh mt Agent.Attacker/Agent

VICTIM

Amplifier

Amplifier Network System

Hnh 6. S tn cng kiu Amplification Attack C th chia amplification attack thnh hai loi, Smuft va Fraggle attack:

NGUYN VNG NGH

Trang 28

CC PHNG THC TN CNG & PHNG TH WEB SERVER + Smuft attack: trong kiu tn cng ny attacker gi packet n network amplifier (router hay thit b mng khc h tr broadcast), vi a ch ca nn nhn. Thng thng nhng packet c dng l ICMP ECHO REQUEST, cc packet ny yu cu yu cu bn nhn phi tr li bng mt ICMP ECHO REPLY packet. Network amplifier s gi n ICMP ECHO REQUEST packet n tt c cc h thng thuc a ch broadcast v tt c cc h thng ny s REPLY packet v a ch IP ca mc tiu tn cng Smuft Attack. + Fraggle Attack: tng t nh Smuft attack nhng thay v dng ICMP ECHO REQUEST packet th s dng UDP ECHO packet gi m mc tiu. Tht ra cn mt bin th khc ca Fraggle attack s gi n UDP ECHO packet n chargen port (port 19/UNIX) ca mc tiu, vi a ch bn gi l echo port (port 7/UNIX) ca mc tiu, to nn mt vng lp v hn. Attacker pht ng cuc tn cng bng mt ECHO REQUEST vi a ch bn nhn l mt a ch broadcast, ton b h thng thuc a ch ny lp tc gi REPLY n port echo ca nn nhn, sau t nn nhn mt ECHO REPLY li gi tr v a ch broadcast, qu trnh c th tip din. y chnh l nguyn nhn Flaggle Attack nguy him hn Smuft Attack rt nhiu. ii. Nhng kiu tn cng lm cn kit ti nguyn: (Resource Deleption Attack) - Theo nh ngha: Resource Deleption Attack l kiu tn cng trong Attacker gi nhng packet dng cc protocol sai chc nng thit k, hay gi nhng packet vi dng lm tt nghn ti nguyn mng lm cho cc ti nguyn ny khng phc v user thng thng khc c. ii.a/ Protocol Exploit Attack: + TCP SYS Attack: Transfer Control Protocol h tr truyn nhn vi tin cy cao nn s dng phng thc bt tay gia bn gi v bn nhn trc khi truyn d liu. Bc u tin, bn gi gi mt SYN REQUEST packet (Synchronize). Bn nhn nu nhn c SYN REQUEST s tr li bng SYN/ACK REPLY packet. Bc cui cng, bn gi s truyn packet cui cng ACK v bt u truyn d liu.

NGUYN VNG NGH

Trang 29

CC PHNG THC TN CNG & PHNG TH WEB SERVERSYS

TCP Client

SYN/ACK

TCP

ACK Client Port 1024-65535

80

Server

Hnh 7. Kiu tn cng TCP SYS AttackService Port

- Nu bn server tr li mt yu cu SYN bng mt SYN/ACK REPLY nhng khng nhn c ACK packet cui cng sau mt khong thi gian quy nh th n s resend li SYN/ACK REPLY cho n ht thi gian timeout. Ton b ti nguyn h thng d tr x l phin giao tip nu nhn c ACK packet cui cng s b phong ta cho n ht thi gian timeout. - Nm c im yu ny, attacker gi mt SYN packet n nn nhn vi a ch bn gi l gi mo, kt qu l nn nhn gi SYN/ACK REPLY n mt a ch kh v s khng bao gi nhn c ACK packet cui cng, cho n ht thi gian timeout nn nhn mi nhn ra c iu ny v gii phng cc ti nguyn h thng. Tuy nhin, nu lng SYN packet gi mo n vi s lng nhiu v dn dp, h thng ca nn nhn c th b ht ti nguyn.

1-1023

Client SYNSYN/ACK

Server

Attacker/Agent SYN

ServerSYN/ACK

ACK

SYN/ACK

Hnh 8. Attacker gi mo Ip

NGUYN VNG NGH

Trang 30

CC PHNG THC TN CNG & PHNG TH WEB SERVER

+ PUSH = ACK Attack: Trong TCP protocol, cc packet c cha trong buffer, khi buffer y th cc packet ny s c chuyn n ni cn thit. Tuy nhin, bn gi c th yu cu h thng unload buffer trc khi buffer y bng cch gi mt packet vi PUSH v ACK mang gi tr l 1. Nhng packet ny lm cho h thng ca nn nhn unload tt c d liu trong TCP buffer ngay lp tc v gi mt ACK packet tr v khi thc hin xong iu ny, nu qu trnh c din ra lin tc vi nhiu Agent, h thng s khng th x l c lng ln packet gi n v s b treo. ii.b/ Malformed Packet Attack: - Malformed Packet Attack l cch tn cng dng cc Agent gi cc packet c cu trc khng ng chun nhm lm cho h thng ca nn nhn b treo. C hai loi Malformed Packet Attack: + IP address attack: dng packet c a ch gi v nhn ging nhau lm cho h iu hnh ca nn nhn khng x l ni v b treo. + IP packet options attack ngu nhin ha vng OPTION trong IP packet v thit lp tt c cc bit QoS ln 1, iu ny lm cho h thng ca nn nhn phi tn thi gian phn tch, nu s dng s lng ln Agent c th lm h thng nn nhn ht kh nng x l.

ii.c/ Mt s c tnh ca cng c DdoS attack:

NGUYN VNG NGH

Trang 31

CC PHNG THC TN CNG & PHNG TH WEB SERVERDDoS software Tool Attack Network ComminicationInstalation Hide with rootkit Protocol Encruption Agent Activation Methods Active Passive Unix Solaris Linux Windows

Agent Setup

OS supported

Yes

NoTCP UDPICMP

Actively Poll

Live&wait

Bugged website

Corrupted File

YES Agent Handlerl Client Agent Handlerl IRC Basedl None Private/Serect No Public

Backdoor Trojan

Buffer Overlfow

Handlerl

Hnh 9. Mt s c tnh ca cng c DdoS attack

- C rt nhiu im chung v mt software ca cc cng c DDoS attack. C th k ra mt s im chung nh: cch ci Agent software, phng php giao tip gia cc attacker, handler v Agent, im chung v loi h iu hnh h tr cc cng c ny. S trn m t s so snh tng quan gia cc cng c tn cng DDoS ny. * Cch thc ci t DDoS Agent: - Attacker c th dng phng php active v passive ci t agent software ln cc my khc nhm thit lp attack-network kiu Agent-Handler hay IRC-based. - Cch ci t Active: + Scaning: dng cc cng c nh Nmap, Nessus tm nhng s h trn cc h thng ang online nhm ci t Agentsoftware. Ch , Nmap s tr v nhng thng tin v mt h thng c ch nh bng a ch IP, Nessus tm kim t nhng a ch IP bt k v mt im yu bit trc no .

NGUYN VNG NGH

Trang 32

CC PHNG THC TN CNG & PHNG TH WEB SERVER + Backdoor: sau khi tm thy c danh sch cc h thng c th li dng, attacker s tin hnh xm nhp v ci Agentsoftware ln cc h thng ny. C rt nhiu thng tin sn c v cch thc xm nhp trn mng, nh site ca t chc Common Vulnerabilities and Exposures (CVE), y lit k v phn loi trn 4.000 loi li ca tt c cc h thng hin c. Thng tin ny lun sn sng cho c gii qun tr mng ln hacker. + Trojan: l mt chng trnh thc hin mt chc nng thng thng no , nhng li c mt s chc nng tim n phc v cho mc ch ring ca ngi vit m ngi dng khng th bit c. C th dng trojan nh mt Agent software. + buffer Overflow: tn dng li buffer overflow, attacker c th lm cho chu trnh thc thi chng trnh thng thng b chuyn sang chu trnh thc thi chng trnh ca hacker (nm trong vng d liu ghi ). C th dng cch ny tn cng vo mt chng trnh c im yu buffer overflow chy chng trnh Agent software. - Cch ci t passive: + Bug Website: attacker c th li dng mt s li ca web brower ci Agent software vo my ca user truy cp. Attaker s to mt website mang ni dung tim n nhng code v lnh t by user. Khi user truy cp ni dung ca website, th website download v ci t Agent software mt cch b mt. Microsoft Internet Explorer web browser thng l mc tiu ca cch ci t ny, vi cc li ca ActiveX c th cho php IE brower t ng download v ci t code trn my ca user duyt web. + Corrupted file: mt phng php khc l nhng code vo trong cc file thng thng. Khi user c hay thc thi cc file ny, my ca h lp tc b nhim Agent software. Mt trong nhng k thut ph bin l t tn file rt di, do default ca cc h iu hnh ch hin th phn u ca tn file nn attacker c th gi km theo email cho nn nhn file nh sau: iloveyou.txt_hiiiiiii_NO_this_is_DDoS.exe, do ch thy phn Iloveyou.txt hin th nn user s m file ny c v lp tc file ny c thc thi v Agent code c ci vo my nn nhn. Ngoi ra cn nhiu cch khc nh ngy trang file, ghp fileNGUYN VNG NGH Trang 33

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Rootkit: l nhng chng trnh dng xa du vt v s hin din ca Agent hay Handler trn my ca nn nhn. Rootkit thng c dng trn Hander software c ci, ng vai tr xung yu cho s hot ng ca attack-network hay trn cc mi trng m kh nng b pht hin ca Handler l rt cao. Rootkit rt t khi dng trn cc Agent do mc quan trng ca Agent khng cao v nu c mt mt s Agent cng khng nh hng nhiu n attack-network. * Giao tip trn Attack-Network: - Protocol: giao tip trn attack-network c th thc hin trn nn cc protocol TCP, UDP, ICMP. - M ha cc giao tip: mt vi cng c DDoS h tr m ha giao tip trn ton b attack-network. Ty theo protocol c s dng giao tip s c cc phng php m ha thch hp. Nu attack-network dng IRC-based th private v secrect channel h tr m ha giao tip. - Cch kch hot Agent: c hai phng php ch yu kch hot Agent. Cch th nht l Agent s thng xuyn qut thm d Handler hay IRC channel nhn ch th (active Agent). Cch th hai l Agent ch n gin l nm vng ch ch th t Handler hay IRC Channel. ii.d. Mt s cng c DDoS: Da trn nn tng chung ca phn trn, c nhiu cng c c vit ra, thng thng cc cng c ny l m ngun m nn mc phc tp ngy cng cao v c nhiu bin th mi l. * Cng c DDoS dng Agent Handler: - TrinOO: l mt trong cc cng c DDoS u tin c pht tn rng ri. TrinOO c kin trc Agent Handler, l cng c DDoS kiu Bandwidth Depletion Attack, s dng k thut UDP flood. Cc version u tin ca TrinOO khng h tr gi mo a ch IP. TrinOO Agent c ci t li dng li remote buffer overrun. Hot ng trn h iu hnh Solaris 2.5.1 Red Hat Linux 6.0. Attack network giao

NGUYN VNG NGH

Trang 34

CC PHNG THC TN CNG & PHNG TH WEB SERVER tip dng TCP (attacker client v handler) v UDP (Handler v Agent). M ha giao tip dng phng php m ha i xng gia Client, handler v Agent. - Tribe Flood Network (TFN): Kiu kin trc Agent Handler, cng c DDoS ho tr kiu Bandwidth Deleption Attack v Resourse Deleption Attack. S dng k thut UDP flood, ICMP Flood, TCP SYN v Smurf Attack. Cc version u tin khng h tr gi mo a ch IP, TFN Agent c ci t li dng li buffer overflow. Hot ng trn h iu hnh Solaris 2.x v Red Hat Linux 6.0. Attack Network giao tip dng ICMP ECHO REPLY packet (TFN2K h tr thm TCP/UDP vi tnh nng chn protocol ty ), khng m ha giao tip (TFN2K h tr m ha) - Stacheldraht: l bin th ca TFN c thm kh nng updat Agent t ng. Giao tip telnet m ha i xng gia Attacker v Handler. - Shaft: l bin th ca TrinOO, giao tip Handler Agent trn UDP, Attacker Hendle trn Internet. Tn cng dng k thut UDP, ICMP v TCP flood. C th tn cng phi hp nhiu kiu cng lc. C thng k chi tit cho php attacker bit tnh trng tn tht ca nn nhn, mc quy m ca cuc tn cng iu chnh s lng Agent. * Cng c DDoS dng IRC Based: Cng c DDoS dng IRC-based c pht trin sau cc cng c dng Agent Handler. Tuy nhin, cng c DDoS dng IRC phc tp hn rt nhiu, do tch hp rt nhiu c tnh ca cc cng c DDoS dng Agent Handler. - Trinity: l mt in hnh ca cng c dng ny. Trinity c hu ht cc k thut tn cng bao gm: UDP, TCP SYS, TCP ACK, TCP fragment, TCP NULL, TCP RST, TCP random flag, TCP ESTABLISHED packet flood. N c sn kh nng ngu nhin ha a ch bn gi. Trinity cng h tr TCP flood packet vi kh nng ngu nhn tp CONTROL FLAG. Trinity c th ni l mt trong s cc cng c DDoS nguy him nht.

NGUYN VNG NGH

Trang 35

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Ngoi ra c th nhc thm v mt s cng c DDoS khc nh Knight, c thit k chy trn Windows, s dng k thut ci t ca troijan back Orifice. Knight dng cc k thut tn cng nh SYV, UDP Flood v Urgent Pointer Flooder. - Sau cng l Kaiten, l bin th ca Knight, h tr rt nhiu k thut tn cng nh: UDP, TCP flood, SYN, PUSH + ACK attack. Kaiten cng tha hng kh nng ngu nhin ha a ch gi mo ca Trinity. 2.2.3. Tn cng t chi dch v phn x nhiu vng DRDoS (Distributed Reflection Denial of Service) Xut hin vo u nm 2002, l kiu tn cng mi nht, mnh nht trong h DoS. Nu c thc hin bi k tn cng c tay ngh th c th h gc bt c h thng pht chc - Mc tiu chnh ca DDDoS l chim ot ton b bng thng ca my ch, tc l lm tc ngn hon ton ng kt ni t my ch vo xng sng ca Internet v tiu hao ti nguyn my ch. Trong sut qu trnh my ch b tn cng bng DrDoS, khng mt my khch no ch th kt ni c vo my ch . Tt c cc dch v chy trn nn TCP/IP nh DNS, HTTP, FTP, POP3, ... u b v hiu ha. - V c bn, DrDoS l s phi hp gia hai kiu DoS v DDoS. N c kiu tn cng SYN vi mt my tnh n, va c s kt hp gia nhiu my tnh chim dng bng thng nh kiu DDoS. K tn cng thc hin bng cch gi mo a ch ca server mc tiu ri gi yu cu SYN n cc server ln nh Yahoo,Micorosoft, cc server ny gi cc gi tin SYN/ACK n server mc tiu. Cc server ln, ng truyn mnh v tnh ng vai tr zoombies cho k tn cng nh trong DdoS

NGUYN VNG NGH

Trang 36

CC PHNG THC TN CNG & PHNG TH WEB SERVER

Hnh 10. S m t kiu tn cng DRDOS

- Qu trnh gi c lp li lin tc vi nhiu a ch IP gip t k tn cng, vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti, bandwidth b chim dng bi server ln. Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mt hacker lnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot bt c my no lm phng tin thc hin tn cng. 2.3. SQL Injection 2.3.1. Tn cng SQL injection 2.3.1.1. SQL Injection l g? - Khi trin khai cc ng dng web trn Internet, nhiu ngi vn ngh rng vic m bo an ton, bo mt nhm gim thiu ti a kh nng b tn cng t cc tin tc ch n thun tp trung vo cc vn nh chn h iu hnh, h qun tr c s d liu, webserver s chy ng dng, ... m qun mt ng ngay c bn thn ng

NGUYN VNG NGH

Trang 37

CC PHNG THC TN CNG & PHNG TH WEB SERVER dng chy trn cng tim n mt l hng bo mt rt ln. Mt trong s cc l hng ny l SQL injection. Ti Vit Nam, qua thi k cc qun tr website l l vic qut virus, cp nht cc bn v li t cc phn mm h thng, nhng vic chm sc cc li ca cc ng dng li rt t c quan tm. l l do t i sao trong thi gian va qua, khng t website ti Vit Nam b tn cng v a s u l li SQL injection. Vy SQL injection l g ? - SQL injection l mt k thut cho php nhng k tn cng li dng l hng trong vic kim tra d liu nhp trong cc ng dng web v cc thng bo li ca h qun tr c s d liu "tim vo" (inject) v thi hnh cc cu l nh SQL bt hp php (khng c ngi pht trin ng dng lng trc). Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hin cc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ng dng, thm ch l server m ng dng ang chy. Li ny thng xy ra trn cc ng dng web c d liu c qun l bng cc h qun tr c s d liu nh SQL Server, MySQL, Oracle, DB2, Sysbase. 2.3.1.2. Cc Dng Tn Cng SQL Injection - C bn dng thng thng bao gm: vt qua kim tra lc ng nh p (authorization bypass), s dng cu ln SELECT, s dng cu lnh INSERT, s dng cc stored-procedures. - bit cc website bn hng s dng CSDL SQL ta s dng cc soft hoc cc cng c tm li.Hoc cc cng c tm kim nh Google.V dng cc Dork tm kim nh : inurl : product.php?id=

NGUYN VNG NGH

Trang 38

CC PHNG THC TN CNG & PHNG TH WEB SERVER

Hnh 11. Mt tools tm site li Online

- bit website no dnh li SQL Injection ta thm du vo sau thanh a ch. V d : http://www.doanchuyenganh.com/product.php?id=123

NGUYN VNG NGH

Trang 39

CC PHNG THC TN CNG & PHNG TH WEB SERVER

Hnh 12. Mt site b li SQL Injection i. Dng tn cng vt qua kim tra ng nhp - Vi dng tn cng ny, tin tc c th d dng vt qua cc trang ng nhp nh vo li khi dng cc cu lnh SQL thao tc trn c s d liu ca ng dng web. Xt mt v d in hnh, thng thng cho php ngi dng truy cp vo cc trang web c bo mt, h thng thng xy dng trang ng nhp yu cu ngi dng nhp thng tin v tn ng nhp v mt khu. Sau khi ngi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mt khu c hp l hay khng quyt nh cho php hay t chi thc hin tip. Trong trng hp ny, ngi ta c th dng hai trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t pha ngi dng. V d: login.htm Username:
Password:
NGUYN VNG NGH Trang 40

CC PHNG THC TN CNG & PHNG TH WEB SERVER execlogin.asp - Thot nhn, on m trong trang execlogin.asp dng nh khng cha bt c mt l hng v an ton no. Ngi dng khng th ng nhp m khng c tn ng nhp v mt khu hp l. Tuy nhin, on m ny thc s khng an ton v l tin cho mt li SQL injection. c bit, ch s h nm ch d liu nhp vo t ngi dng c dng xy dng trc tip cu lnh SQL. Chnh iu ny cho php nhng k tn cng c th iu khin cu truy vn s c thc hin. V d, nu ngi

NGUYN VNG NGH

Trang 41

CC PHNG THC TN CNG & PHNG TH WEB SERVER dng nhp chui sau vo trong c 2 nhp liu username/password ca trang login.htm l: ' OR ' ' = ' '. Lc ny, cu truy vn s c gi thc hin l: SELECT * FROM T_USERS WHERE USR_NAME ='' OR ''='' and USR_PASSWORD= '' OR ''='' - Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca T_USERS v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp hp l. ii. Dng tn cng s dng cu lnh SELECT - Dng tn cng ny phc tp hn. thc hin c kiu tn cng ny, k tn cng phi c kh nng hiu v li dng cc s h trong cc thng bo li t h thng d tm cc im yu khi u cho vic tn cng. Xt mt v d rt thng gp trong cc website v tin tc. Thng thng, s c mt trang nhn ID c a tin c n hin th ri sau truy vn ni dung ca tin c ID ny. V d: http://www.doanchuyennganh.com/product.asp?ID=123 . M ngun cho chc nng ny thng c vit kh n gin theo dng - Trong cc tnh hung thng thng, on m ny hin th ni dung c a tin c ID trng vi ID ch nh v hu nh khng thy c li. Tuy nhin, ging nh v dNGUYN VNG NGH Trang 42

CC PHNG THC TN CNG & PHNG TH WEB SERVER ng nhp trc, on m ny l s h cho mt li SQL injection khc. K tn cng c th thay th mt ID hp l bng cch gn ID cho mt gi tr khc, v t , khi u cho mt cuc tn cng bt hp php, v d nh: 0 OR 1=1 (ngha l, http://www.doanchuyennganh.com/product.asp?ID=0 or 1=1). - Cu truy vn SQL lc ny s tr v tt c cc article t bng d liu v n s thc hin cu lnh: SELECT * FROM T_NEWS WHERE NEWS_ID=0 or 1=1 - Mt trng hp khc, v d nh trang tm kim. Trang ny cho php ngi dng nhp vo cc thng tin tm kim nh H, Tn, on m thng gp l: - Tng t nh trn, tin tc c th li dng s h trong cu truy vn SQL nhp vo trng tn tc gi bng chui gi tr: ' UNION SELECT ALL SELECT OtherField FROM OtherTable WHERE ' '='

NGUYN VNG NGH

Trang 43

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Lc ny, ngoi cu truy vn u khng thnh cng, chng trnh s thc hin thm lnh tip theo sau t kha UNION na. - Tt nhin cc v d ni trn, dng nh khng c g nguy him, nhng hy th tng tng k tn cng c th xa ton b c s d liu bng cch chn vo cc on lnh nguy him nh lnh DROP TABLE. V d nh: ' DROP TABLE T_AUTHORS -- Chc cc bn s thc mc l lm sao bit c ng dng web b li dng ny c. Rt n gin, hy nhp vo chui (*) nh trn, nu h thng bo li v c php dng: Invalid object name OtherTable; ta c th bit chc l h thng thc hin cu SELECT sau t kha UNION, v nh vy mi c th tr v li m ta c tnh to ra trong cu lnh SELECT. - Cng s c thc mc l lm th no c th bit c tn ca cc bng d liu m thc hin cc thao tc ph hoi khi ng dng web b li SQL injection. Cng rt n gin, bi v trong SQL Server, c hai i tng l sysobjects v syscolumns cho php lit k tt c cc tn bng v ct c trong h thng. Ta ch cn chnh l i cu l nh SELECT, v d nh: ' UNION SELECT name FROM sysobjects WHERE xtype = 'U' l c th lit k c tn tt c cc bng d liu. iii. Dng tn cng s dng cu lnh INSERT - Thng thng cc ng dng web cho php ngi dng ng k mt ti kho n tham gia. Chc nng khng th thiu l sau khi ng k thnh cng, ngi dng c th xem v hiu chnh thng tin ca mnh. SQL injection c th c dng khi h thng khng kim tra tnh hp l ca thng tin nhp vo. V d, mt cu lnh INSERT c th c c php dng: INSERT INTO TableName VALUES('Value One', 'Value Two', 'Value Three'). Nu on m xy dng cu lnh SQL c dng :

NGUYN VNG NGH

Trang 44

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Th chc chn s b li SQL injection, bi v nu ta nhp vo trng th nht v d nh: ' + (SELECT TOP 1 FieldName FROM TableName) + '. Lc ny cu truy vn s l: INSERT INTO TableName VALUES(' ' + (SELECT TOP 1 FieldName FROM TableName) + ' ', 'abc', 'def'). Khi , lc thc hin lnh xem thng tin, xem nh bn yu cu thc hin thm mt lnh na l: SELECT TOP 1 FieldName FROM TableName iiii. Dng tn cng s dng stored-procedures - Vic tn cng bng stored-procedures s gy tc hi rt ln nu ng dng c thc thi vi quyn qun tr h thng 'sa'. - V d: nu ta thay on m tim vo dng: ' ; EXEC xp_cmdshell cmd.exe dir C: '. - Lc ny h thng s thc hin lnh lit k th mc trn a C:\ ci t server. - Vic ph hoi kiu no tu thuc vo cu lnh ng sau cmd.exe. Nu ci SQL Server ch mc nh th SQL Server chy trn nn SYSTEM, tng ng mc truy cp Windows. C th dng master..xp_cmdshell thi hnh lnh t xa: ; exec master..xp_cmdshell 'ping 10.10.1.2'-Th dng du nhy i (") nu du nhy n (') khng lm vic.

NGUYN VNG NGH

Trang 45

CC PHNG THC TN CNG & PHNG TH WEB SERVER Di y l mt s extended stored procedure m hacker thng hay s dng thc thi nhng cu lnh xem ni dung thng tin trong my nn nhn: Xp_availablemedia: Hin th nhng a hin hnh trn my Xp_dirtree: Hin th tt c cc th mc k c th mc con Xp_loginconfig: Ly thng tin v ch bo mt trn server Xp_makecab: Cho php ngi s dng to cc tp tin lu tr trn Server (hay bt c tp tin no m server c th truy xut Xp_ntsec_enumdomain: lit k nhng domain m server c th truy vn. Xp_terminate_process: chm dt mt tin trnh vi tham s PID ca n. iiiii. Tn cng SQL Injection nng cao. Chui k t khng c du nhy n: - Nhng nh lp trnh c th bo v ng dng ca h bng cch loi b tt c du nhy, thng thng loi b du nhy bng cch thay mt du nhy thnh 2 d u nhy. V d a.1 : function escape( input ) input = replace(input, "'", "''") escape = input

R rng l, n ngn chn c tt c nhng kiu tn cng trn. Tuy nhin nu mun to ra mt chui gi tr m khng dng cc du nhy, c th dng hm char() nh v d sau:

NGUYN VNG NGH

Trang 46

CC PHNG THC TN CNG & PHNG TH WEB SERVER V d a.2: INSERT into User VALUES(666, char(0x63) +char(0x68) +char(0x72) char(0x69) +char(0x73) ,char(0x63) +char(0x68)

V d a.2 trn tuy l mt cu truy vn khng c du nhy n no nhng n vn c th insert chui vo bng, v tng ng vi: INSERT into User VALUES( 666,chris,chris,255) Hacker cng c th chn username , password l s trnh du nhy nh v d sau: V d a.3: INSERT into User VALUES( 667,123,123,0xffff) SQL server s t ng chuyn t s sang chui. Tn cng 2 tng: - Mc d ng dng thay th du nhy n nhng vn cn kh nng b chn on m SQL . V d b.1: ng k account trong ng dng, nhp username nh sau: Username: admin' Password: passofadmin - ng dng s thay th du nhy, kt qu trong cu insert s nh sau: INSERT into User VALUES(123, 'admin''--', 'password',0xffff) (nhng trong c s d liu s lu l admin--)

NGUYN VNG NGH

Trang 47

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Gi s rng ng dng cho php ngi dng thay i mt khu. Cc on m ASP c thit k m bo rng ngi s dng phi nhp ng mt khu c trc khi nhp mt khu mi. on m nh sau: username = escape( Request.form("username") ); oldpassword = escape( Request.form("oldpassword") ); newpassword = escape( Request.form("newpassword") ); var rso = Server.CreateObject("ADODB.Recordset"); var sql = "select * from users where username = '" + username + "' and password = '" + oldpassword + "'"; rso.open( sql, cn );

- Cu truy vn thit lp mt khu mi nh sau: sql = "update users set password = '" + newpassword + "' where username= '" + rso("username") + "'" rso(username) chnh l gi tr username c c cu truy vn login v n l admin-Cu truy vn lc ny nh sau: update users set password = 'password' where username = 'admin'--' - Nh hacker c th thay i mt khu ca admin bng gi tr ca mnh. y l 1 trng hp cn tn ti trong hu ht nhng ng dng ln ngy nay c s dng c ch loi b d liu. Gii php tt nht l loi b nhng gi tr li hn l chnh sa li. Nhng c mt vn l c mt s nhp d liu (nh nhp tn) cho php nhng k t ny. V d: OBrien.NGUYN VNG NGH Trang 48

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Cch tt nht gii quyt vn ny l khng cho php nhp du nhy n. Nu iu ny khng th thchin c , th loi b v thay th nh trn. Trong trng hp ny, cch tt nht l m bo tt c d liu c a vo cu truy vn SQL (k c nhng gi tr trong c s d liu) phi c kim sot mt cch cht ch. Mt s ng dng phng chng vic thm cu truy vn t ngi dng bng cch gii hn chiu di ca nhp. Tuy nhin, vi gii hn ny th mt s kiu tn cng khng th thc hin c nhng vn c ch h hacker li dng. V d b.2: Gi s c username v password u b giihn ti a l 16 k t.Nhp: Username: aaaaaaaaaaaaaaa Password :; shutdown-ng dng s thay th mt du nhy n bng hai du nhy n nhng do chiu di chui b gii hn ch l 16 k t nn du nhy n va c thm s b xo mt. Cu lnh SQL nh sau: Select * from users where username=aaaaaaaaaaaaaaa and password=; shutdown kt qu l username trong cu lnh c gi tr l: aaaaaaaaaaaaaaa and password= iiiii.3. Trnh s kim sot: - SQL server c mt giao thc kim sot cht ch bng h hm sp_traceXXX, cho php ghi nhn nhiu s kin xy ra trong c s d liu. c bit l cc s kin TSQL, ghi nhn li tt c cc cu lnh SQL thc hin trn Server. Nu ch kim sot c bt th tt c cc cu truy vn SQL ca hacker cng b ghi nhn v nh m mt ngi qun tr c th kim sot nhng g ang xy ra v nhanh chng tm ra c gii php. Nhng cng c mt cch chng li iu ny, bng cch thmNGUYN VNG NGH Trang 49

CC PHNG THC TN CNG & PHNG TH WEB SERVER dng sp_password vo cu lnh T-SQL, v khi gp chui ny th vic kim tra s ghi nhnnh sau: -- sp_password was found in the text of this event. -- The text has benn replaced with this comment for security reasons. ngay c khi sp_password xut hin trong phn ch thch. V th du tt c cu truy vn tn cng, ch cn n gin l thm sp_password vo sau -- nh sau: 2.3.2.Cch Phng Trnh SQL Injection - Nh vy, c th thy li SQL injection khai thc nhng bt cn ca cc lp trnh vin pht trin ng dng web khi x l cc d liu nhp vo xy dng cu lnh SQL. Tc hi t li SQL injection ty thuc vo mi trng v cch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngi s hu c s d liu owner) khi thao tc d liu, n c th xa ton b cc bng d liu, to cc bng d liu mi, Nu ng dng s dng quyn sa (quyn qun tr h thng), n c th iu khin ton b h qun tr c s d liu v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngi dng bt hp php iu khin h thng ca bn. Trong hu ht trnh duyt, nhng k t nn c m ho trn a ch URL tr c khi c s dng. Vic tn cng theo SQL Injection da vo nhng cu thng bo li do vi c phng chng hay nht vn l khng cho hin th nhng thng ip li cho ngi dng bng cch thay th nhng li thng bo bng 1 trang do ngi pht trin thit k mi khi li xy ra trn ng dng. Kim tra k gi tr nhp vo ca ngi dng, thay th nhng k t nh ; v..v.. Hy loi b cc k t meta nh ',",/,\,; v cc k t extend nh NULL, CR, LF, ... trong cc string nhn c t: o d liu nhp do ngi dng trnh o cc tham s t URLNGUYN VNG NGH Trang 50

CC PHNG THC TN CNG & PHNG TH WEB SERVER o cc gi tr t cookie i vi cc gi tr numeric, hy chuyn n sang integer trc khi thc hin cu truy vnSQL, hoc dng ISNUMERIC chc chn n l mt s integer. Dng thut ton m ho d liu i. Kim tra d liu - Kim tra tnh ng n ca d liu l 1 vn phc tp v thng cha c quan tm ng mc trong cc ng dng. Khuynh hng ca vic kim tra tnh ng n ca d liu khng phi l ch cn thm mt s chc nng vo ng dng, m phi kim tra mt cch tng qut nhanh chng t c mc ch. - Nhng tm tt sau y s bn v vic kim tra tnh ng n ca d liu, cng vi v d mu minh ho cho vn ny. C ba gii php tip cn vn ny: 1) C gng kim tra v chnh sa lm cho d liu hp l. 2) Loi b nhng d liu bt hp l. 3) Ch chp nhn nhng d liu hp l Gii php 1: kh thc hin - Th nht, ngi lp trnh khng cn thit phi bit tt c d liu bt hp l, bi v nhng dng d liu bt hpl rt a dng. - Th hai, l vn ca trng hp b tn cng 2 tng (second-oder SQL injection) trong vic ly d liu t h thng ra. Gii php 2: b v hiu trong cc trng hp nh gii php 1 l do : - D liu bt hp l lun lun thay i v cng vi vic pht trin cc kiu tn cng mi. Gii php 3: tt hn hai gii php kia, nhng s gp mt s hn ch khi ci t.NGUYN VNG NGH Trang 51

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Cch bo mt tt nht l kt hp c gii php 2 v 3. Mt v d cho s c n thit kt hp 2-3 l du ni gia h v tn Quentin Bassington-Bassington phi cho php du gch ngang trong b nh ngha d liu hp l, nhng chui k t -- l mt chui k t c bit trong SQL server. - V d nu c b lc : + Lc b nhng d liu bt hp l nh --,select v union + Mt hm kim sot loi b du nhy n th c th i ph nh sau. union select @@version-- Mt s cch ci t cc chc nng kim tra d liu c bn Cch 1: T chi d liu bt hp l function validate_string( input ) known_bad = array("select","insert", "update", "delete", "drop","--", "'" ) validate_string = true for i = lbound( known_bad ) to ubound( known_bad ) if ( instr( 1, input, known_bad(i), vbtextcompare ) 0 ) then validate_string = false exit function end if next

NGUYN VNG NGH

Trang 52

CC PHNG THC TN CNG & PHNG TH WEB SERVER Cch 2: Thay th du nhy n: function escape( input ) input = replace(input, "'", "''") escape = input

Cch 3: Ch chp nhn d liu hp l function validatepassword( input ) good_password_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234 56789" validatepassword = true for i = 1 to len( input ) c = mid( input, i, 1 ) if ( InStr( good_password_chars, c ) = 0 ) then validatepassword = false exit function end if next ii. Kho cht SQL Server (SQL Server Lockdown) y l mt danh sch cc cng vic cn lm bo v SQL server: Xc nh cc phng php kt ni n server:

NGUYN VNG NGH

Trang 53

CC PHNG THC TN CNG & PHNG TH WEB SERVER o Dng tin ch Network Utility kim tra rng ch c cc th vin mng ang dng l hoat ng. Kim tra tt c cc ti khon c trong SQL Server o Ch to ti khon c quyn thp cho cc ng dng o Loi b nhng ti khon khng cn thit o m bo rng tt c ti khon c mt mt khu hp l, Kim tra cc i tng tn ti o Nhiu extended stored procedure c th c xo b mt cch an ton. Nu iu ny c thc hin, th cng nn xem xt vic loi b lun nhng tp tin .dll cha m ca cc extended stored procedure o Xo b tt c c s d liu mu nh northwind v pubs o Xa cc stored procedure khng dng nh: master..xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask Kim tra nhng ti khon no c th truy xut n nhng i tng no o i vi nhng ti khon ca mt ng dng no dng truy xut c s d liu th ch c cp nhng quyn hn cn thit ti thiu truy xut n nhng i tng n cn dng. Kim tra lp sa cha ca server o C mt s cch tn cng nh buffer overflow, format string thng ch n lp bo v ny. Kim tra cc phin lm vic trn server Thay i "Startup v chy SQL Server" mc ngi dng quyn hn thp trong SQL Server Security. - Nhn xt:

NGUYN VNG NGH

Trang 54

CC PHNG THC TN CNG & PHNG TH WEB SERVER + Qua phn tm hiu v SQL Injection,cng thy rng vic kim tra d liu trc khi x l l cn thit. + ng dng ngoi vickim tra tnh ng n ca d liu, cn m ha d liu ngay bn trong c s d liu v khng cho xut trang Web li, bo ni dung li c php SQL hacker khng th thu thp thng tin c s d liu. - Song song l cng vic ca ngi qun tr mng. iii. Thit lp cu hnh an ton cho h qun tr c s d liu - Cn c c ch kim sot cht ch v gii hn quyn x l d liu n ti khon ngi dng m ng dng web ang s dng. Cc ng dng thng thng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn ch, thit hi cng t. Ngoi ra trnh cc nguy c t SQL Injection attack, nn ch loi b bt k thng tin k thut no cha trong thng ip chuyn xung cho ngi dng khi ng dng c li. Cc thng bo li thng thng tit l cc chi tit k thut c th cho php k tn cng bit c im yu ca h thng. 2.4. Cross Site Scripting (XSS) 2.4.1. Tn cng XSS - Cross-Site Scripting (XSS) l mt trong nhng k thut tn cng ph bin nht hin nay, ng thi n cng l mt trong nhng vn bo mt quan tr ng i vi cc nh pht trin web v c nhng ngi s dng web. Bt k mt website no cho php ngi s dng ng thng tin m khng c s kim tra cht ch cc on m nguy him th u c th tim n cc li XSS. - Cross-Site Scripting hay cn c gi tt l XSS (thay v gi tt l CSS trnh nhm ln vi CSS-Cascading Style Sheet ca HTML) l mt k thut tn cng bng cch chn vo cc website ng (ASP, PHP, CGI, JSP ...) nhng th HTML hay nhng on m script nguy him c th gy nguy hi cho nhng ngi s dng khc. Trong , nhng on m nguy him c chn vo hu ht c vit bng cc Client-Site Script nh JavaScript, JScript, DHTML v cng c th l c cc th HTML.K thut

NGUYN VNG NGH

Trang 55

CC PHNG THC TN CNG & PHNG TH WEB SERVER tn cng XSS nhanh chng tr thnh mt trong nhng li ph bin nht ca Web Applications v mi e do ca chng i vi ngi s dng ngy cng l n. Ngi chin thng trong cuc thi eWeek OpenHack 2002 l ngi tm ra 2 XSS mi. Phi chng mi nguy him t XSS ngy cng c mi ngi ch hn. 2.4.1.1. Hot ng ca XSS: - V c bn XSS cng nh SQL Injection hay Source Injection, n cng l cc yu cu (request) c gi t cc my client ti server nhm chn vo cc thng tin vt qu tm kim sot ca server. N c th l mt request c gi t cc form d liu hoc cng c th ch l cc URL nh l http://www.example.com/search.cgi?query=alert('XSS was found !'); - V rt c th trnh duyt ca bn s hin ln mt thng bo "XSS was found !". Cc on m trong th script khng h b gii hn bi chng hon ton c th thay th bng mt file ngun trn mt server khc thng qua thuc tnh src ca th script. Cng chnh v l m chng ta cha th lng ht c nguy him ca cc li XSS. - Nhng nu nh cc k thut tn cng khc c th lm thay i c d liu ngun ca web server (m ngun, cu trc, c s d liu) th XSS ch gy tn hi i vi website pha client m nn nhn trc tip l nhng ngi khch duyt site . Tt nhin i khi cc hacker cng s dng k thut ny deface cc website nhng vn ch tn cng vo b mt ca website. Tht vy, XSS l nhng Client-Side Script, nhng on m ny s ch chy bi trnh duyt pha client do XSS khng lm nh hng n h thng website nm trn server. Mc tiu tn cng ca XSS khng ai khc chnh l nhng ngi s dng khc ca website, khi h v tnh vo cc trang c cha cc on m nguy him do cc hacker li h c th b chuyn ti cc website khc, t li homepage, hay nng hn l mt mt khu, mt cookie thm ch my tnh bn c th s b ci cc loi virus, backdoor, worm 2.4.1.2. Cch tn cng i. Scan l hng XSS cua ng dng web

NGUYN VNG NGH

Trang 56

CC PHNG THC TN CNG & PHNG TH WEB SERVER - Cch 1: S dng nhiu chng trnh d qut li ca ng dng web, v d nh chng trnh Web Vulnerability Scanner d qut li XSS. - Cch 2: Thc hin 5 bc: Bc 1: M website cn kim tra Bc 2: Xc nh cc ch (phn) cn kim tra XSS. 1 Site bt k bao gi cng c cc phn: Search, error message, web form. Ch yu li XSS nm phn ny, ni chung XSS c th xy ra ch no m ngi dng c th nhp d liu vo v sau nhn c mt ci g . V d chng ta nhp vo chui XSS Bc 3: Xc minh kh nng site c b li XSS hay khng bng cch xem cc thng tin tr v. V d chng ta thy th ny: Khng tm thy XSS , hay l Ti khon XSS khng chnh xc, ng nhp vi XSS khng thnh cng th khi kh nng ch b dnh XSS l rt cao. Bc 4: Khi xc nh ch c kh nng b dnh li XSS th chng ta s chn nhng on code ca chng ta vo th tip, v d nh sau: Chn on code ny: < script>alert('XSS')< /script> vo b li v nhn nt Login, nu chng ta nhn c mt popup c ch XSS th 100% b dnh XSS. Nhng xin ch , thnh thong vn c trng hp website b dnh XSS nhng vn khng xut hin ci popup th buc lng bn phi VIEW SOURCES (m bng) n ra xem . Khi view sources nh kim dng ny < script>alert('XSS)< /script> , nu c th ht chy , XSS y ri. Gi http://doannguyennganh.com/index.php l site b dnh li XSS v ta tm c ni b li nh th ny : http://doannguyennganh.com/index.php?page==5 nn ti c th d dng khai thc li thng qua information_shema.tables m khng cn phi on table ca n l g.

Hnh 13. Thng tin cc table ly c. - B qua cc table khng lin quan ta ly c cc table nh sau: khuyenmai, lienhe, loaispcon, online, sanpham, tbl_gioithieu, tbl_lienhe, tbl_lienket, tbl_tintuc, thanhtoan, tintuc, user - Sau ti tin hnh ly thng tin column v data v kt qu nh hnh 14.

NGUYN VNG NGH

Trang 60

CC PHNG THC TN CNG & PHNG TH WEB SERVER

Hnh 14. D liu ta khai thc c dng m ha - Theo hnh 14. d liu ly c ang dng m ha. Vic khai thc SQL Injection n y cn 1 bc na l tm ng dn ng nhp qun tr v nu mt khu nm dng m ha th ta cn phi tin hnh gii m. 3.2. Kt lun 3.2.1. Cc vn t c - Theo yu cu t ra ban u th cho n thi im hin ti, n t c cc ni dung sau: Tm hiu cc k thut tn cng ng dng Web bao gm cc k thut o Chn m lnh thc thi trn trnh khch Cross-site Scripting. o Chn cu truy vn SQL v Tn cng SQL Injection nng cao o Tn cng Local Acttack. o T chi dch v . Cc bin php bo mt t s kt hp gia nh qun tr mng, nh thit k ng dng Web v ngi dng

NGUYN VNG NGH

Trang 61

CC PHNG THC TN CNG & PHNG TH WEB SERVER o Kim tra mt trang Web c kh nng b tn cng bng nhng k thut chn cu lnh SQL, thay i tham s hay khng. o C th phng chng c cc li tn cng thng dng hin nay, nh cc vn tm hiu trn. 3.2.2. Hn ch Trong qu trnh lm n c rt nhiu ti liu ti tm kim tuy c mc ch l ging nhau song li c phng php khc nhau hon ton.Ti c gng tm hiu thm v chng nhng khng khi c nhiu sai st 3.2.3. Hng pht trin ti Trong phm vi n chuyn ngnh, t c cc yu cu t ra. Bn thn c nhn em xin xut hng pht trin n m rng hn v s c gng pht trin thm nhng ni dung sau: Tm hiu thm v cc k thut tn cng a ra phng php bo mt ng dng Web mc su hn. Tm hiu v vn bo mt su hn, khng ch dng mc mt ng dng Web m pht trin hn vn bo mt cc h thng mng v dch v. Khai trin chng trnh pht hin l hng tt hn, trn nhiu phng din k thut.

NGUYN VNG NGH

Trang 62

CC PHNG THC TN CNG & PHNG TH WEB SERVER

TI LIU THAM KHOA. Ti liu Ting Vit: [1] Tn cng t chi dch v Dos,Ddos,DRDos. Tc gi Ng.Ng.Thanh Ngh-HVA [2] Bi ging An Ninh Mng.Tc gi GV.Nguyn Anh Tun-Trung tm TH-NN Tr c [3] Li bo mt trn ng dng web v cch khc phc.Tc gi ng Hi Sn-Trung tm ng cu khn cp my tnh Vit Nam [4] Tn cng kiu SQL Injection-Tc hi v phng trnh. Tc gi L nh Duy-Khoa CNTT-Trng H Khoa Hc T Nhin TP.HCM [5] Web Application Attack & Defense. Tc gi V Thng-Trung tm An ninh mng Athena [6] XSS c bn. Tc gi Mask-NBTA B. Ti liu Ting Anh: [7] SQL Injection-Are you web Applications vulnerable. Author Kevin Spett

NGUYN VNG NGH

Trang 63

CC PHNG THC TN CNG & PHNG TH WEB SERVER [8] An Introduction to SQL Injection Attacks For Oracle Developers.Author Stephen Kost [9] How to Attack and fix Local File Disclosure. Author Sangteamtham C. Ti liu internet: [10]http://thuvienkhoahoc.com/wiki/K%C4%A9_thu%E1%BA%ADt_t%E1%BA %A5n_c%C3%B4ng_CROSS-SITE_SCRIPTING [11]http://vi.wikipedia.org/w/index.php?title=Th%E1%BB%83_lo%E1%BA%A1i:T %E1%BA%A5n_c%C3%B4ng_t%E1%BB%AB_ch%E1%BB%91i_d%E1%BB %8Bch_v%E1%BB%A5&action=edit&redlink=1 [12]http://www.hvaonline.net/hvaonline/posts/list/6720.hva;jsessionid=38F900726E076 41F712734A3B2A6F2EC [13]http://www.ddcntt.vn/forum/showthread.php?t=14 [14]http://ttgtc.com/forum/showthread.php?1385-T%C3%ACm-hi%E1%BB%83u-v %E1%BB%81-t%E1%BA%A5n-c%C3%B4ng-t%E1%BB%AB-ch%E1%BB%91i-d %E1%BB%8Bch-v%E1%BB%A5-DoS&s=c580b874a6ea05d220258132c9cef9e3

NHN XT CA GING VIN HNG DN.............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................NGUYN VNG NGH Trang 64

CC PHNG THC TN CNG & PHNG TH WEB SERVER .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................

NGUYN VNG NGH

Trang 65

CC PHNG THC TN CNG & PHNG TH WEB SERVER

NHN XT CA GING VIN PHN BIN.............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................

NGUYN VNG NGH

Trang 66

CC PHNG THC TN CNG & PHNG TH WEB SERVER .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................

NGUYN VNG NGH

Trang 67


anh van chuyen nganh

anh van chuyen nganh

Documents
Thuat Ngu Chuyen Nganh Vien Thong

Thuat Ngu Chuyen Nganh Vien Thong

Documents
Bai Giang Tin Hoc Chuyen Nganh

Bai Giang Tin Hoc Chuyen Nganh

Documents
Thuvienmienphi.com Tieng Anh Chuyen Nganh Xuat Nhap Khau

Thuvienmienphi.com Tieng Anh Chuyen Nganh Xuat Nhap Khau

Documents
Tu Dien Chuyen Nganh Co Khi

Tu Dien Chuyen Nganh Co Khi

Documents
Tieng anh chuyen nganh may

Tieng anh chuyen nganh may

Business
chuyen nganh 37

chuyen nganh 37

Documents
Seminar Chuyen Nganh - Nguyen Dinh Tu - 0914288 (Repaired)

Seminar Chuyen Nganh - Nguyen Dinh Tu - 0914288 (Repaired)

Documents
AV CHUYEN NGANH

AV CHUYEN NGANH

Documents
Tieng Anh Chuyen Nganh Dien

Tieng Anh Chuyen Nganh Dien

Documents
Thuat ngu-chuyen-nganh-cn-loc-hoa-dau

Thuat ngu-chuyen-nganh-cn-loc-hoa-dau

Art & Photos
Các thuật ngữ CHUYEN NGANH DIEN TU

Các thuật ngữ CHUYEN NGANH DIEN TU

Documents
Chuyen Nganh Tai Chinh Doanh Nghiep

Chuyen Nganh Tai Chinh Doanh Nghiep

Documents
Thuat Ngu Chuyen Nganh May

Thuat Ngu Chuyen Nganh May

Documents
Danh Sach Thi Tot Nghiep Mon Chinh Tri (Nganh Tieng Va Chuyen Nganh)

Danh Sach Thi Tot Nghiep Mon Chinh Tri (Nganh Tieng Va Chuyen Nganh)

Documents
Luan van tot nghiep chuyen nganh ke toan

Luan van tot nghiep chuyen nganh ke toan

Documents
HOA . CHUNGHIAVIE.T NAM ..HOC SUPHAM . KYTHUAT.daotao.ute.udn.vn/7510402.pdf · -Sinhvien c6kha nang chuyen d6i chuyen nganh hoac hoc them chuyen nganh thir2phil hop voi nganh dao

HOA . CHUNGHIAVIE.T NAM ..HOC SUPHAM . KYTHUAT.daotao.ute.udn.vn/7510402.pdf · -Sinhvien c6kha nang chuyen d6i chuyen nganh hoac hoc them chuyen nganh thir2phil hop voi nganh dao

Documents
Tieng Anh Chuyen Nganh Nong Nghiep 5017

Tieng Anh Chuyen Nganh Nong Nghiep 5017

Documents
Tieng Anh Chuyen Nganh Xuat Nhap Khau

Tieng Anh Chuyen Nganh Xuat Nhap Khau

Documents
he - tuyensinh.utc2.edu.vntuyensinh.utc2.edu.vn/uploads/img/files/DIEMSAN.pdf · STT Nganh/ Nhom nganh . Chuyen nganh/ Nhom chuyen nganh xet tuyen Ma xet tuy'en TO hov xet tuyen Diem

he - tuyensinh.utc2.edu.vntuyensinh.utc2.edu.vn/uploads/img/files/DIEMSAN.pdf · STT Nganh/ Nhom nganh . Chuyen nganh/ Nhom chuyen nganh xet tuyen Ma xet tuy'en TO hov xet tuyen Diem

Documents
Thuat Ngu Chuyen Nganh May.doc

Thuat Ngu Chuyen Nganh May.doc

Documents
Tieng Anh Chuyen Nganh Ban Hang

Tieng Anh Chuyen Nganh Ban Hang

Documents
Quy Trinh Ky Thuat Chuyen Nganh Hoa Sinh

Quy Trinh Ky Thuat Chuyen Nganh Hoa Sinh

Documents
Giao trinh triet hoc chuyen nganh

Giao trinh triet hoc chuyen nganh

Social Media
Tieng anh chuyen nganh co khi

Tieng anh chuyen nganh co khi

Education
Dn Chuyen Nganh Hai

Dn Chuyen Nganh Hai

Documents
Tu Dien Chuyen Nganh Co Khi Oto

Tu Dien Chuyen Nganh Co Khi Oto

Documents
Bao Cao Do an Chuyen Nganh

Bao Cao Do an Chuyen Nganh

Documents
Tieng Anh Chuyen Nganh Silicat

Tieng Anh Chuyen Nganh Silicat

Documents
Tieng Ang Chuyen Nganh Xnk

Tieng Ang Chuyen Nganh Xnk

Documents