Академический Документы
Профессиональный Документы
Культура Документы
------------oOo---------
Trang 1
I. M u
Hm nay chng ta quay tr li chng trnh gio luyn vi ti Arp Tn cng v phng
th. B ti liu ln ny gm c 2 file pdf v 2 video.
-
Pdf: Tng quan Arp v cc hnh thc tn cng: Ti liu ny s cho cc bn 1 ci nhn
r nt v gi tin arp t cu trc, Cch hot ng, u nhc im, cho n 3 hnh
thc tn cng lin quan n gi tin ny. Ti liu ny cc bn hy c qua. V nu l
ngi mun ngm cu chuyn su th hy nghin cu tht k :D
Pdf: M u Tn cng sniffing Phishing: Chnh l Pdf ny. Pdf ny s tm tt ngn
gn li v arp, Sau s trnh by v Hnh thc tn cng sniffer v Phishing
3 video:
+ windows-sniff
+Linux-sniff_SSLtrip
+ Phishing
Hi vng cc bn s thu lm c nhiu kin thc qua b ti liu ny :D Bn thn kid khi
c ci Pdf Tng quan Arp v cc hnh thc tn cng ngy trc c 1 s tng hay t
n :3
Trang 2
II. ARP
Arp l protcol ph bin trong hu ht mi mng TCP/IP. Nu cc bn c k ti liu ca bi
trc chc hn cc bn thy s hin din ca ARP trong c m hnh OSI v TCP/IP :D
Mt thc th trong mng c xc nh ch qua a ch mng m khng cn a ch vt l.
D liu c truyn qua mng ch da vo a ch mng. Khi no d liu ti mng LAN th
a ch vt l mi cn thit a d liu ti ch.
V d:
My gi c a ch 128.1.6.7 ->a ch mng l 128.1
My nhn c a ch 132.5.8.12 ->a ch mng l 132.5
Mng Internet c trch nhim da vo 2 a ch mng trn a d liu ti mng 132.5.
Khi ti mng 132.5 th da vo a ch 8.12 s tm ra a ch vt l thc truyn d liu ti
ch. Nh vy c mt thc mc l: c a ch vt l ri, ti sao li cn thm a ch mng?
* Trn quan im ngi thit k mng th s rt hiu qu khi tng IP khng lin quan g vi
cc tng di.
Trang 4
Trang 5
Vic gi mo bng ARP chnh l li dng bn tnh khng an ton ca giao thc ARP. Khng
ging nh cc giao thc khc, chng hn nh DNS (c th c cu hnh ch chp nhn
cc nng cp ng kh an ton), cc thit b s dng giao thc phn gii a ch (ARP) s
chp nhn nng cp bt c lc no. iu ny c ngha rng bt c thit b no c th gi gi
ARP reply n mt my tnh khc v my tnh ny s cp nht vo bng ARP cache ca n
ngay gi tr mi ny. Vic gi mt gi ARP reply khi khng c request no c to ra c
gi l vic gi ARP vu v. Khi cc ARP reply vu v ny n c cc my tnh gi
request, my tnh request ny s ngh rng chnh l i tng mnh ang tm kim
truyn thng, tuy nhin thc cht h li ang truyn thng vi mt k tn cng.
d) Phng chng.
- Thng xuyn theo di H thng Mng ( khng kh thi v khng ai kin nhn lm
chuyn cho mng c nhn )
Trong phng php ny bao gm cc k thut: S dng Ping, S dng ARP, S dng
DNS, s dng source-Route, ging by ( Decoy) , kim tra s chm tr ca gi tin.
Lin h kid nu mun tm hiu k hn.
- M ha ARP Cache. t MAC tnh ( kh thi hn nhng hi bt tin )
Mt cch c th bo v chng li vn khng an ton vn c trong cc ARP request
v ARP reply l thc hin mt qu trnh km ng hn. y l mt ty chn v cc
my tnh Windows cho php bn c th b sung cc entry tnh vo ARP cache. Bn
c th xem ARP cache ca my tnh Windows bng cch m nhc lnh v nh vo
lnh arp a.
C th thm cc entry vo danh sch ny bng cch s dng lnh arp s <IP
ADDRESS> <MAC ADDRESS>.
Trong cc trng hp, ni cu hnh mng ca bn khng my khi thay i, bn hon
ton c th to mt danh sch cc entry ARP tnh v s dng chng cho cc client
thng qua mt kch bn t ng. iu ny s bo m c cc thit b s lun da
vo ARP cache ni b ca chng thay v cc ARP request v ARP reply.
Ch : 1 vi cu hi kinh in:
1. Em hay chi game ngoi qun nt thng thy chng bn s dng netcut
ct mng em. Vy y l hnh thc tn cng g? Lin quan n arp khng?
Trang 7
C. y l 1 hnh thc flood s dng arp. Xin vui lng c file Tng quan Arp
v cc hnh thc tn cng
2. Vy khi b chng n ct th phi lm sao v lm sao chi li?
Xin vui lng c bi phc lc Netcut
3. Thy Sniff thc t khng thu c kt qu Bi v ngy nay ngi ta truy cp web
s dng giao thc HTTPS.
Chng ta c 1 cng c gi l SSLtrip. Chng ta li dng n a HTTPS tr
thnh HTTP v tn cng.
Trang 8
2. Phishing.
K thut la o c m t chi tit vo nm 1987, v nhng ghi chp u tin vi thut
ng Phising Ngun gc t Phishing l kt hp gia 2 t Fish - Fishing v Phreaking. Fishing
ngha gc l cu c nhng uc hiu l cu cc thng tin ca ngi dng. Mt khc, do
tnh cht ca n cng gn ging kiu tn cng Phreaking (Ch Ph duc cc hacker thay th
cho ch F d to thnh phishing do cch pht m gn ging) - uc bit n ln u tin
bi hacker John Draper (bit danh aka Captain Crunch) khi s dng Blue Box tn cng
h thng din thoi M nhm thc hin cc cuc gi ng di min ph hoc s dng
ng in thoi ca ngui khc thc hin cc cuc gi bt hp php, vo u thp nin
1970 - tn gi khc l Phone Phreaking
a) Bn cht
Trong 1 cuc tn cng Phishing chng ta s To ra 1 trang web gi c giao din v mi th
ging vi web site cha thng tin chng ta cn ly. V d facebook.com. Chng ta to ra 1
website ging vi trang Login facebook.com nht c th. Sau bng cch no la ngi
dng v trang ny v ng nhp. Lc ngi dng vn c chuyn hng sang facebook
tht m khng h bit password ca mnh c gi v hoc lu li cho attacker.
Mt cuc tn cng Phishing c th din ra Lan, WAN, hay ngay c ngoi internet. :D
im quan trng quyt nh mt cuc tn cng phishing c thnh cng hay khng l
phc thuc vo: s thiu hiu bit ca victim, Ngh thut nh la ca attacer.
1 cuc tn cng Phishing thnh cng chng ta cn vn dng kt hp nhiu k thut.
b) Kt hp Phishing vi DNS poisoning.
DNS cache poisoning , cn c gi l gi mo DNS , l mt kiu tn cng khai thc l hng
trong h thng tn min (DNS) chuyn hng lu lng truy cp Internet t my ch
hp php v hng n s gi mo .Mt trong nhng l do DNS poisoning l rt nguy him
v n c th ly lan t DNS server n DNS server.
Mt cuc tn cng DNS cache poisoning c th c trin khai trong Lan, WAN hoc
internet.
Khi Phishing kt hp vi DNS poisoning tc l chng ta s s dng DNS poisoning chuyn
hng truy cp ca ngi dng t site bnh thng sang site phishing ta to sn.
c) Tn cng.
Xin vui lng xem video Phishing :D
Trong video l 1 cuc tn cng Kt hp Phishing vi DNS poisoning trong mi trng Lan :D
chng ta s dng b cng c S.E.T to trang phishing. Video c thc hin bi anh
Danny t CEH vit. y l video d nh s s dng trong Thuyt trnh ti i hc TT :D c
l kid s b sung 1 vi chi tit cho n sau ;)
Trang 9
Mi thc mc hoc Thc hnh khng thnh cng xin lin h vi KID :D
Sau bi vit ny khi no rnh kid s show cho cc bn xem 1 s cc video tn cng Sniff v
phishing mc cao hn mt cht do kid thc hin mi ngi tham kho :D
Trang 10