book1

BEYAZ APKALI HACKER ETM YARDIMCI DERS NOTLARI - I

BGA

HUZEYFE NAL BLG GVENL AKADEMS

BGA

[BEYAZ APKALI HACKER ETM] BGA

BLG GVENL AKADEMS | Backtrack Nedir? 2

erik Tablosu

Backtrack Nedir? .................................................................................................................................... 13

Backtrack Linux kullanm ................................................................................................................... 13

Sisteme Giri ...................................................................................................................................... 14

Grafik Arabirimli Moda Gei .......................................................................................................... 15

Datmdaki Yazlmlarn Kullanm .................................................................................................. 17

Backtrackde Bulunan Baz Ek Servisler ve Kullanm ........................................................................... 18

Tftp Servisinin Balatlmas ............................................................................................................. 18

SSH Servisisinin Balatlmas ........................................................................................................... 19

Linux ve A Ortam ................................................................................................................................. 20

Linux Sistemlerde IP Yaplandrmas ....................................................................................................... 20

ifconfig ............................................................................................................................................... 20

Bir Arabirime birden fazla IP adresi Atama(IP Alias) ............................................................................ 21

IP Yaplandrmasn DHCPden almak .................................................................................................. 21

Ping komutu....................................................................................................................................... 22

oklu ping - fping ............................................................................................................................... 22

Arp ........................................................................................................................................................ 23

ARP Belleini Sorgulama .................................................................................................................... 23

Arp Belleine Statik Kayt ekleme ....................................................................................................... 23

Firewall/Router'dan Ip-MAC degisimini kontrol etmek ....................................................................... 24

Ynlendirme Tablosu - Route ................................................................................................................. 26

Ynlendirme tablosu Grntleme .................................................................................................... 27

Yeni ynlendirme(Routing) Ekleme .................................................................................................... 27

Varolan Ynlendirme Tanmn Deitirme ......................................................................................... 27

Linux Sistemleri Router(Ynlendirici) Olarak Yaplandrma ................................................................. 28

DNS Yaplandrmas ............................................................................................................................ 28

Netstat ile A Durumunu zleme......................................................................................................... 29

TCP Balantlarn zleme ................................................................................................................ 29

UDP Balantlarn zleme ............................................................................................................... 29

Sistemde Hizmet Veren Portlar zleme .......................................................................................... 29



Sistem/A Gvenlii ile ilgili Temel Komutlar.......................................................................................... 30

Sistem Giri lemleri .......................................................................................................................... 30

Sisteme Kimler Bal? ..................................................................................................................... 30

Who komutu kullanm rnekleri .................................................................................................. 30

w komutu kullanm rnekleri; ......................................................................................................... 31

Bilgi Neden Deerlidir? .......................................................................................................................... 32

Gvenlik Testlerinde Bilginin nemi .................................................................................................. 32

Bilgi Toplama Yntemleri ................................................................................................................... 32

Pasif Bilgi Toplama ............................................................................................................................. 32

IP Adresleri ve Domain Adlar Hakknda Bilgi Edinme .................................................................... 33

Ripe zerinden IP Adresi sorgulama ............................................................................................... 36

ARIN zerinden IP Sorgulama......................................................................................................... 37

NetworkSolutions zerinden Domain Sorgulama .......................................................................... 38

Web Sayfalarnn Gemiini zleme ................................................................................................. 39

E-posta Listeleri Arivleri Aracl le Bilgi Toplama ....................................................................... 40

Netcraft Aracl ile Bilgi Toplama .................................................................................................. 41

Passive DNS Replication ................................................................................................................. 43

Bir Domaine Ait E-posta Adreslerinin Bulunmas ............................................................................. 44

Arama Motorolar Araclyla Bilgi Toplama ....................................................................................... 45

Pipl.com Aracl ile ahs Arama ................................................................................................... 45

Google Araclyla Bilgi Toplama .................................................................................................... 46

Aktif Bilgi toplama.................................................................................................................................. 47

DNS Protokol kullanarak Bilgi Toplama ............................................................................................. 47

DNS sorgu tipleri ............................................................................................................................ 47

Nslookup / dig ................................................................................................................................ 48

Dig Arac ile DNS Sorgulama .......................................................................................................... 49

DNS Sunucu Versiyon Bilgisi ........................................................................................................... 51

Zone Transferi Kontrol.................................................................................................................. 52

DNS Sorgularn zlemek(DNS Trace) ............................................................................................... 54

DNS Bruteforce Yntemi ile Bilgi Toplama ...................................................................................... 57

Banner Yakalama(Banner Grabbing) ................................................................................................... 59

Dier Bilgi Toplama Yntemleri .......................................................................................................... 65



Web Sayfas Yorum Satrlarndan Bilgi Toplama .............................................................................. 65

Hedef Sistem Hakknda Ek Bilgi Edinmek ........................................................................................ 65

Spam Gndermeye Ak Web Sunucularn Kefi .............................................................................. 70

E-posta Balklar Aracl ile Bilgi Edinme ......................................................................................... 72

E-posta Balk Bilgileri..................................................................................................................... 72

Mailin ilk kaynakta oluturulma zaman. .................................................................................. 76

MetaGoofil nasl alr? ........................................................................................................................ 79

A Haritalama Yntemi ile Bilgi Toplama ............................................................................................ 80

Traceroute ..................................................................................................................................... 80

Traceroute ve TCPTraceroute Farkn Anlama ................................................................................. 82

SNMP zerinden Bilgi Toplama ...................................................................................................... 83

Dmitry ile Bilgi Toplama ..................................................................................................................... 85

Yeni Nesil Bilgi Toplama Arac:Maltego ............................................................................................... 87

Maltego ile Arama Yapma .............................................................................................................. 88

OSI Katman ve Katman levleri ............................................................................................................. 91

Eitim asndan OSInin nemli katmanlar ........................................................................................ 92

TCP/IP .................................................................................................................................................... 92

TCP/IP Katmanlar .............................................................................................................................. 93

Port Gruplamas ................................................................................................................................. 93

ok kullanlan baz servisler ve kullandklar Port/Protokol Bilgileri ................................................. 94

Address Resolution Protocol .................................................................................................................. 95

Arp Request paketi............................................................................................................................. 95

Arp Reply Paketi ................................................................................................................................. 96

ARPn gvenlik asndan nemi ........................................................................................................ 96

IP (Internet Protocol) ............................................................................................................................. 96

TTL ..................................................................................................................................................... 97

Sniffer ile IP Paketi Analizi .................................................................................................................. 97

ICMP ...................................................................................................................................................... 98

Hping ile icmp paketi oluturma. ........................................................................................................ 99

Hping ile ICMP tipi ve kodu belirtmek iin kullanlan parametreler............................................... 101

UDP ..................................................................................................................................................... 102

UDP Bal ....................................................................................................................................... 102



Sniffer aracl ile UDP Protokol ..................................................................................................... 103

TCP/IP Alarda Paralanm Paketler .................................................................................................... 104

Paralanm Paketler ........................................................................................................................ 104

IP (Internet Protocol) Yaps.............................................................................................................. 104

MTU (Maximum Transfer Unit)..................................................................................................... 105

Paket Paralama(Fragmentation) ..................................................................................................... 105

Paketlerin Birletirilmesi ...................................................................................................... 105

Detay nceleme ............................................................................................................................ 107

Paralanm Paketler ve Gvenlik Zaafiyetleri ................................................................................... 109

Paralanm Paket Oluturma Aralar .............................................................................................. 109

Hping ile Paralanm Paket Oluturma ........................................................................................ 109

Fragroute ve Fragrouter Aralar .................................................................................................. 111

Paralanm Paketler ve Gvenlik Duvarlar .................................................................................. 113

Paralanm Paketler ve Saldr Tespit Sistemleri........................................................................... 113

TCP/IP Alarda Trafik Analizi ................................................................................................................ 114

Trafik Analizi/Sniffing ........................................................................................................................... 114

Pasif Sniffing .................................................................................................................................... 114

Aktif Sniffing .................................................................................................................................... 114

Promiscious Mode Kavram? ............................................................................................................ 115

Sniffer Yerleimi ............................................................................................................................... 117

HUB/TAP Kullanlan Ortamlar in Sniffer Yerleimi ...................................................................... 117

Switch Kullanlan Ortamlarda Sniffer Yerleimi ............................................................................. 118

Sniffing Amal Aralar ..................................................................................................................... 119

ifresiz Protokoller ............................................................................................................................... 119

Telnet Protokol .............................................................................................................................. 120

Simple Mail Transfer Protocol .......................................................................................................... 121

SQL Balants .................................................................................................................................. 122

ifrelememenin Getirisi ve Gtrleri .............................................................................................. 123

HTTP zerinden www.verisign.com adresine ulam; ............................................................. 124

HTTPS zerinden www.verisign.com adresine ulam; ............................................................ 125

Tcpdump ............................................................................................................................................. 126

Tcpdump Nedir? .............................................................................................................................. 126



Windows iin Tcpdump ................................................................................................................ 126

Tcpdump Kullanm .............................................................................................................................. 126

Promiscious mod ............................................................................................................................. 126

Yetki ................................................................................................................................................ 127

Tcpdump TCP Paket Format ........................................................................................................... 128

Tcpdump UDP Paket Format ........................................................................................................... 128

Tcpdump ICMP Paket Format .......................................................................................................... 128

Sk Kullanlan Parametreler .............................................................................................................. 129

Arabirim Seimi( -i ) ...................................................................................................................... 129

sim zmleme ( -n ) ................................................................................................................... 129

-Zaman Damgas Gsterimi ( -t ) ................................................................................................... 130

Yakalanan Paketleri Kaydetme ( -w ) ............................................................................................ 131

Yakalanacak Paket Saysn Belirleme ( -c ) .................................................................................... 132

Yakalanacak Paket Boyutunu Belirleme ( -s ) ............................................................................... 133

Detayl Loglama (-v)...................................................................................................................... 133

Promisc Moddan Ka ( -p ) ......................................................................................................... 134

Layer 2 Balklarn Yakalama ( -e ) .............................................................................................. 134

BPF(Berkley Packet Filter) ................................................................................................................ 135

Type ............................................................................................................................................. 135

Direction ...................................................................................................................................... 135

Protocol ....................................................................................................................................... 135

Host Parametresi ......................................................................................................................... 135

dst host (Hedef Host Belirtimi) ..................................................................................................... 135

src host (Kaynak Host Belirtimi) .................................................................................................... 136

port Parametresi (Port Belirtimi) .................................................................................................. 136

Tcpdump ile Sorun giderme ............................................................................................................. 137

SSH Sunuculara balantda yavalk Sorunu ve Analizi ................................................................... 137

TTNET Karaliste uygulamas ve Analizi .......................................................................................... 140

Tcpdump ile Detay Paket Analizi ...................................................................................................... 142

SYN bayrakl TCP paketlerini yakalamak ........................................................................................ 142

Saldr Tespit Sistemi Olarak Tcpdump .............................................................................................. 143

Tcpdump ile LAND Ata Belirleme ............................................................................................... 143



TTL Deeri 2den az olan paketleri Yakalama(traceroute) ............................................................. 144

UDP Port Taramalarn izlemek ..................................................................................................... 145

Nmap ile yaplan XMAS taramalarn tcpdump ile izleme .............................................................. 146

Tcpdump ile XMAS taramas belirleme ......................................................................................... 146

Port Tarama Aralarn Belirleme .................................................................................................. 147

Hping port taramalarn tcpdump ile belirleme ............................................................................. 147

Nmap Taramalarn Ttcpdump ile Belirleme .................................................................................. 148

Nmap ile yaplan UDP taramasnn tcpdump ile izlenmesi ............................................................. 149

Sniffer Olarak Snort.............................................................................................................................. 149

Yakalanan paketleri Kaydetme(Logging) ........................................................................................... 150

Wireshark ile Trafik Analizi ................................................................................................................... 152

Wiresharkin baz nemli zellikleri: ................................................................................................ 152

Wireshark Kullanm ......................................................................................................................... 153

Genel Hatlar ile WireShark .............................................................................................................. 157

Genel Protokol Bilgisi Alan ........................................................................................................... 157

Wireshark ile TCP Oturumlarnda paket birletirme ...................................................................... 158

Filtreler ............................................................................................................................................ 159

Capture Filter ............................................................................................................................... 160

Display Filter ................................................................................................................................ 160

Wireshark ile SMTP Trafii Analizi .................................................................................................... 161

Wireshark Komut Satr Aralar ....................................................................................................... 163

Dsniff ile Sniffing .................................................................................................................................. 171

A Trafiinde String Arama .................................................................................................................. 172

#grep googlebot /var/log/web_sunucu_erisimlogu|wc -l .................................................................... 172

Ngrep ile Neler yaplabilir? ............................................................................................................... 172

Ngrep almalar ............................................................................................................................. 172

HTTP trafiini Ngrep ile izleme ........................................................................................................ 174

Sisteminize hangi tip browserlarla balanldn grmek iin ............................................................... 174

http portundan yaplan ssh balantlarn izleme .......................................................................... 174

Http Protokol zerinden baka protokollerin kullanlmas ........................................................... 175

SSH-2. .................................................................................................................................................. 175

Ngrep ktlarn dzenlemek ........................................................................................................... 176



Kaydedilmi trafik zerinde veri arama ............................................................................................. 176

User/Password bilgilerini alma ......................................................................................................... 176

Ngrep ile ifreli protokollerin Analizi ................................................................................................ 177

Paralanm Paketler ve Ngrep ......................................................................................................... 177

Ngrep Yardm ................................................................................................................................... 177

A trafiinde ham veriden orjinal veriyi elde etme yntemi(Data Carving) ........................................... 179

DriftNet ........................................................................................................................................... 179

NetworkMiner ile a verisi Analizi .................................................................................................... 180

Windows Sistemlerde Anlk Web Trafigi Takibi ................................................................................ 180

Yerel Alarda Sniffer Tespiti ................................................................................................................. 181

Cain & Abel ile windows Ortamnda Sniffer Tespiti ........................................................................... 183

TCP/IPde Gvenlik .............................................................................................................................. 185

Switch Kullanlan Alarda Trafik dinleme .......................................................................................... 185

ARP Paket eitleri ........................................................................................................................... 186

Arp kayd silmek ............................................................................................................................... 186

ARP CACHE POISONING/ ARP SPOOFING(ARP BELLEK ZEHRLEMES) ................................................ 187

ARP Poisoning gerceklestirmek icin kullanilan temel araclar: ............................................................ 187

Windows ortami icin .................................................................................................................... 187

Linux/UNIX ortami icin ................................................................................................................. 188

Arpspoof arac ile ARP Spoofing Uygulamas / Teori ......................................................................... 188

ARP Spoofing Uygulamas / Pratik .................................................................................................... 189

Nemesis ile Arp Poison ilemi ........................................................................................................... 190

Nemesis ile ARP Spoof .................................................................................................................. 191

Cain & Abel ile Spoofing / Poisoning almalar .............................................................................. 192

DNS Spoof almas......................................................................................................................... 196

rnek calisma: Dnsspoof arac ile Dns spoof ilemi gerekletirme ............................................... 196

rnek alma: Cain & Abel ile DNS Spoof saldrs gerekletirme ............................................... 200

Adm Adm HTTP/HTTPS Trafiinde Araya girme ve Mdahele etme ................................................ 200

Paros Proxy Ayarlar ..................................................................................................................... 201

SSL Balantlarnda Araya Girme Ve Veri Okuma(SSL MITM) ............................................................. 206

Internet Explorerin SSL MITM iin verdii uyar............................................................................ 208

Firefoxun SSL MITM iin verdii uyar .......................................................................................... 208



HTTPS Gvensiz Midir?..................................................................................................................... 210

SSLin HTTP ile mtihan .................................................................................................................... 211

Gz Yanlgsyla HTTPS Nasl Devre D Braklr? .............................................................................. 212

SSLStrip Nasl alr?.................................................................................................................... 213

Nasl Korunulur? .............................................................................................................................. 214

ARP istekleri(request) ile ARP(Arp Poison Routing) ........................................................................... 214

alma Detay ............................................................................................................................. 214

Gratious ARP Paketleri.. ................................................................................................................... 215

Ettercap ile Spoofing almalar ...................................................................................................... 217

Ettercap ile Neler yaplabilir ? ....................................................................................................... 217

Ettercap Kullanm ........................................................................................................................ 218

MAC Flooding ...................................................................................................................................... 226

alma:macof kullanarak switch ilevini bozma ............................................................................... 226

SSH MITM almas ............................................................................................................................. 229

Korunma .......................................................................................................................................... 239

ICMP zerinden MITM Ataklar Gerekletirme................................................................................ 239

Gvenlik Testlerinde kefin nemi ....................................................................................................... 245

Nmap A haritalama ve Port tarama arac ......................................................................................... 246

Nmap Tarama admlar ..................................................................................................................... 246

Temel Nmap Kullanm ..................................................................................................................... 248

Hedef Belirleme ........................................................................................................................... 249

Nmap Kullancsnn Haklar .......................................................................................................... 249

Nmap ile Tarama eitleri ............................................................................................................ 250

UDP Tarama Trleri ...................................................................................................................... 258

Versiyon Belirleme Taramalar ...................................................................................................... 260

Zayflk Tarama Arac Olarak Nmap ............................................................................................... 265

IDS/IPS Atlatma Teknikleri ............................................................................................................ 269

Proxy zerinden Nmap Taramas .................................................................................................. 269

Nmap iin kullanlan Grafik arabirimleri. ........................................................................................... 272

Umit ............................................................................................................................................. 272

Hping Kullanarak Port Tarama .............................................................................................................. 275

Hping ile SYN Taramas ..................................................................................................................... 275



SYN Tarama ncelemesi .................................................................................................................... 275

Hping ile XMAS tarama .................................................................................................................... 277

FIN Scan rnei................................................................................................................................ 277

THC-Amap ........................................................................................................................................... 277

UNICORNSCAN ile Port Tarama ........................................................................................................ 278

letim Sistemi Belirleme ...................................................................................................................... 281

Aktif saptama Aralar ...................................................................................................................... 281

Xprobe2 ............................................................................................................................................ 281

Pasif saptama Aralar ...................................................................................................................... 281

NMAP ile iletim sistemi belirleme ................................................................................................... 281

Koruma ............................................................................................................................................ 282

P0f ile iletim sistemi belirleme ........................................................................................................ 284

Xprobe ile iletim sistemi belirleme .................................................................................................. 284

Yaplan Taramalar IDS ile zleme/Engelleme ........................................................................................ 285

SynCookie/SynProxy ile korunan sistemlere ynelik port tarama ...................................................... 286

NESSUS ile Otomatize Zayflk Analizi ................................................................................................... 290

Nessus Projesi ...................................................................................................................................... 290

Projeye ait baz nemli zellikler ...................................................................................................... 290

Yerel ve Uzak sistemler gvenlik testi ............................................................................................... 291

Kurulum & Kullanm ............................................................................................................................. 291

Backtrack Linux zerine Nessus Kurulumu ....................................................................................... 291

Windows zerinde Nessus Kullanm ................................................................................................ 294

Aktivasyon ................................................................................................................................... 295

Sunucu Seimi .............................................................................................................................. 296

Kullanc lemleri ............................................................................................................................. 297

Tarama lemi .................................................................................................................................. 298

Tarama Politikalar ....................................................................................................................... 300

Uyumluluk Denetimi ........................................................................................................................ 310

Yerel aklklarn Nessus ile Taranmas .......................................................................................... 311

Komut Satrndan Nessus Taramas .................................................................................................. 311

Plugin Veritaban Gncelleme ......................................................................................................... 314

Raporlama ....................................................................................................................................... 315



Taramalarda Sorun Bulma ............................................................................................................ 319

Nessusa Plugin Yazma ................................................................................................................. 319

Windows Sistemleri Gvenlik Taramalar:MBSA ................................................................................... 321

Gvenlik Testlerinde Nikto Kullanm .................................................................................................... 322

Aklk Veritaban gncelleme .......................................................................................................... 322

Aklk Tarama .................................................................................................................................. 322

IDS Atlatma(Evasion) Tekniklerinin Kullanm .................................................................................... 323

METASPLOIT LE EXPLOIT ALITIRMA ................................................................................................. 327

Metasploit Nedir? ................................................................................................................................ 327

Ne amala kullanlr? ........................................................................................................................ 327

Baz Tanmlar ................................................................................................................................... 327

Metasploit Kurulumu ....................................................................................................................... 327

Windows iin................................................................................................................................ 327

Linux iin ...................................................................................................................................... 327

Metasploit alma Ortam ............................................................................................................... 328

Msfconsole ile Metasploit Kullanm ............................................................................................. 328

Exploit ve Payloadlar grntleme .............................................................................................. 329

Exploitleri grntleme ve bilgi alma ........................................................................................... 329

rnek Exploit Denemesi ................................................................................................................... 332

Metasploit GUI Kullanm ................................................................................................................. 334

Metasploit Ana Ekran .................................................................................................................. 335

Exploit Arama ............................................................................................................................... 336

Exploit Detaylar ........................................................................................................................... 337

Exploit Kodu Grntleme ........................................................................................................... 338

Exploit altrma ......................................................................................................................... 339

Metasploit Komut satrndan Kullanm ................................................................................................. 346

Exploit altrmann Zararlar ....................................................................................................... 351

Documents

book1