-
1
***************************
THC HNH LAB
PHNG PHP TN CNG CA
HACKER VO CC NG DNG
WEB B LI SQL INJECTION
***************************
-
2
LI NI U
...............................................................................................................3
Gii thiu chung :
..........................................................................................................4
Mc tiu
:.......................................................................................................................4
iu kin
:......................................................................................................................4
Ni dung :
......................................................................................................................5
1. Phn chun b cho bi thc hnh
LAB:.................................................................6
2. Phn thc hnh LAB :
.........................................................................................76
-
3
LI NI U
Ti liu ny dnh cho bt c nhng ai quan tm ti bo mt thng tin cho ng
dng Web c s dng c s d liu, c bit dnh cho cc qun tr Website, qun tr
my ch Web Server c chy cc ng dng Web c nguy c tim n v cng l ti liu
tham kho rt tt cho cc bn ang theo hc v qun tr mng .Ti liu ny s hng
cc bn lm th no c c mt h thng gi lp v cc li SQL Injection ca ng dng
Web, cch s dng cc cng c h tr trong vic tn cng vo cc ng dng Web b li
SQL Injection .
V y l ti liu hng dn v cc phng php tn cng ca hacker vo cc ng dng
Web b li SQL Injection, phng chm ca chng ti l Hack khng phi l ph
hoi Hack bo mt hn ! .Nn chng ti xin nhc nh cc bn y ch l ti liu c
tnh cht tham kho thc hnh LAB, chng ti khng chu trch nhim vic cc bn
dng kin thc ny vo vic vi phm php lut nh nc Cng Ha X Hi Ch Ngha Vit
Nam .
Cui cng th chn thnh cm n ti liu ca cc tc gi OReilly, Kevin
Spett, AirScanner v cc din n v bo mt cung cp ti liu chng ti hon
thnh cun ti liu hng dn thc hnh LAB ny . Mi thc mc xin gi v :
[email protected]
-
4
Gii thiu chung :
Ni dung ca phn LAB ca module 14 SQL Injection th hin rt r phng
chm Hack bo mt hn !, module ny bao gm chuyn v nhng phng thc v k nng
thc hnh thm nhp h thng nh : qut li bo mt, truyn cc lnh thc thi tri
php, xm nhp h thng my ch Web ca hacker ngi qun tr c ci nhn tng quan
t pha nhng hacker thc hin ch bo mt cho Web site ca mnh mt cch tt hn
.
V l do cc li bo mt v SQL Injection th rt nhiu cc ng dng Web b mc
phi .Do trong gii hn ca ti liu ny ti ly mt v d in hnh v li SQL
Injection l li ng dng Web ASP (Active Server Pages) lm v d hng dn
trong phn LAB ca module ny . Mc tiu :
Tham gia qun tr bo mt h thng my ch chy cc ng dng Web c s dng c s
d liu cc t chc, cng ty, x nghip, c quan .
- Nm vng cc phng php kho st, nh gi mc an ninh mng . - Nm vng cc
k nng v kin thc, thc hnh v kinh nghim Ethical
Hacking . - Xc nh c nguyn nhn, nhn din chnh xc i tng, ng c,
cch
thc ca k tn cng xm nhp d liu h thng .Xc nh mc tiu, mi nguy him
thng trc v an ninh ng dng Web ca t chc .
- Phng thc thit k h thng v ng dng Web theo hng bo mt .Phng thc i
ph vi s c khi xy ra .
- Hiu r khi nim, phng thc hot ng ca cc hacker . - Bit s dng phng
php v cc cng c c bn kim tra an ninh bo
mt trn ng dng Web ca t chc . iu kin :
- C kin thc v H iu hnh mng Windows (tng ng MCSA) . - C kin thc v
H qun tr c s d liu Microsoft SQL Server (tng
ng MCDBA) . - C kin thc v lp trnh Web : HTML, ASP, PHP . - C kin
thc v Anh ng . - Quan tm n bo mt thng tin trn ng dng Web .
-
5
Ni dung :
Phn chun b cho bi thc hnh LAB . Phn thc hnh LAB .
-
6
1. Phn chun b cho bi thc hnh LAB:
- Phn ny yu cu cc bn s dng 2 h thng PC c th thc hnh bi LAB v thy
c hiu qu ca nhng bi thc hnh .
- Tt nht cc bn nn s dng cng c to my o(VMware Workstation,
Micsoft Virtual PC) c th thc hin tt phn thc hnh LAB .
- y ti s a ra m hnh thc hnh nh sau : - Trong my Attack s s dng
Windows XP sp2 v my ch Web l victim s
dng Windows 2000 Server .
1.1. My ch Web Server victim :
1.1.1. Mt h iu hnh (OS) Microsoft Windows 2000 Server :
- Ti s dng phin bn Windows 2000 Server hng dn cc bn thc hnh bi
LAB ny cho thun tin .
- Vic lm sao c h iu hnh trn tt nhin cc bn bit ti s khng nhc ti,
bn cnh ta cn c 1 Web Server chy trn nn Web Server IIS 5.0 (Internet
Information Service) .Phn ny cc bn hc qua mn MCSA (Microsoft
Certified System Administrator ) tt nhin phi bit cch ci t gi phn mm
Web Server ny u ra .
-
7
- y ti xin nhc li nhng bn no cha bit c th bit cch ci t gi phn mm
ny phc v cho bi thc hnh LAB di y .
- Vo Start Setting Control Panel Add / Remove Programs . - Chn
Add / Remove Windows Components .
- Chn du chn gi Internet Information Services (IIS), gi phn mm
ny s chy c cc ng dng Web Application ASP .
-
8
- Chn Next .
-
9
- Ch h thng ci t gi phn mm IIS vo .
-
10
- Chn Finish .
- n y ta chun b xong phn Web Server cho h thng victim phc v bi
thc hnh LAB di y .
1.1.2. Mt h qun tr c s d liu (database) Microsoft SQL Server
2000 :
- Ti s dng h qun tr c s d liu Microsoft SQL Server 2000
Standard hng dn cho cc bn bi thc hnh LAB ny cho thun tin .
- Vic lm sao c v cch thc ci t gi phn mm h qun tr c s d liu
Microsoft SQL Server th bn no hc qua MCDBA (Micosoft Certified
Database Administrator ) tt nhin phi bit cch ci t v s dng nh th no
.
- y ti xin nhc li mt cch c bn cc bn cha bit c th t mnh ci t gi
phn mm ny phc v cho bi thc hnh LAB di y .
- Chn file setup.bat (trong th mc gc ci t) .
-
11
- Chn Next .
-
12
- Chn Local Computer chn Next .
-
13
- Chn Create a new instance of SQL Server, or install Client
Tools chn Next .
-
14
- Chn Next .
-
15
- Chn Server and Client Tools chn Next .
-
16
- Chn Yes .
-
17
- in CD key vo v chn Next .
-
18
- mc nh Default chn Next .
-
19
- Chn Custom chn Next .
-
20
- Chn Next .
