bt5攻防手法
TRANSCRIPT
![Page 1: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/1.jpg)
BT5攻防手法
![Page 2: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/2.jpg)
BackTrack發展簡介
� 早期BackTrack是基於SLAX 的Live CD,從BT4之後就改為使用ubuntu做基礎平臺了,可以作為Live usb 或Live CD 的Linux發行版本,方便使用。
� 類似的系統還有 WiFiSlax、Wifiway、nUbuntu、� 類似的系統還有 WiFiSlax、Wifiway、nUbuntu、SkyRidr、PHLAK、slitaz、mpentoo、NodeZero、REMnux、Security Onion、OWASP Livecd等。
![Page 3: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/3.jpg)
![Page 4: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/4.jpg)
![Page 5: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/5.jpg)
� 主要用於滲透測試、Linux安全等資訊安全課程的教材,而BackTrack系統本身亦可以作為教學之用。
� 是一個作業系統,也是高度專業化的資訊安全專用軟體,只是在這個系統裡面集合了各種安全工具而已。只是在這個系統裡面集合了各種安全工具而已。
� BackTrack不僅僅是用來破解無線密碼的,它除了包含無線方面的安全工具之外,還有集合了密碼枚舉、加密通道、密碼猜解、欺騙、Web工具、數位鑑識、Fuzzers、藍牙、sniffer、VoIP、 Debugging、滲透、資料庫、RFID、逆向工程、GPU等等幾乎全面的安全工具。
![Page 6: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/6.jpg)
任務目標:
� 攻陷 XYZ公司 完成後建立後門帳號。
� 標的物:server (192.168.123.100)� 武器:
![Page 7: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/7.jpg)
流程流程
BT5
尋找高風險
成功率高的
弱點
Server網站
使用漏洞入侵觸發
高風險漏洞新增後門帳
號
攻擊成功
![Page 8: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/8.jpg)
![Page 9: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/9.jpg)
![Page 10: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/10.jpg)
弱點掃描:
� 工具:Nessus
� 前置作業:� 1.nessus register � 到官方註冊,取得序號,才能更新 Plugins ,才能掃得到弱點。能更新 Plugins ,才能掃得到弱點。
� 2.nessus sser add �新增一個執行掃描的帳號,才能進入控制端,進行掃描控制。
� 3.nessus start �順利啟動服務後,於 瀏覽器 輸入: https://127.0.0.1:8834/
![Page 11: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/11.jpg)
![Page 12: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/12.jpg)
![Page 13: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/13.jpg)
![Page 14: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/14.jpg)
![Page 15: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/15.jpg)
![Page 16: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/16.jpg)
漏洞入侵:
� 工具:Metasploit
� 前置作業:� 1.msfupdate � 更新 Plugins ,才能掃得到漏洞。
� 2.啟動 msfconsole 、 msfcli 服務。
� 3.啟動 armitage
![Page 17: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/17.jpg)
![Page 18: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/18.jpg)
![Page 19: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/19.jpg)
![Page 20: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/20.jpg)
![Page 21: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/21.jpg)
![Page 22: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/22.jpg)
� http://www.metasploit.com/
![Page 23: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/23.jpg)
![Page 24: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/24.jpg)
入侵環境條件:
� 具有「MS08-067」的電腦。在受影響的系統上收到蓄意製作的 RPC 要求,則該弱點可能會允許遠端執行程式碼。
� http://www.microsoft.com/taiwan/technet/s� http://www.microsoft.com/taiwan/technet/security/bulletin/ms08-067.mspx
� 常見於具有「本機使用者帳號的電腦」
![Page 25: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/25.jpg)
![Page 26: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/26.jpg)
手法探討:
� 先掃描取得具有漏洞的電腦� 使用MS08-067(MS06-040)漏洞工具� 使用DOS語法加入帳號與群組取得權限
net user hacker 1234 /add� net user hacker 1234 /add
� net localgroup administrators hacker /add
![Page 27: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/27.jpg)
重點提示:
� 微軟MS08-067漏洞讓Windows面臨著四年來最大安全威脅。
� 首先,該漏洞的影響範圍非常廣泛,幾乎所有的Windows(2000~XP~2003~vista~2008)都面臨被Windows(2000~XP~2003~vista~2008)都面臨被攻擊的威脅;
� 其次,駭客一旦發起攻擊,不但可以遠端控制用戶電腦,展開一系列的竊取行為。
� 更嚴重的是該漏洞可能導致「蠕蟲」攻擊,導致使用者程序崩潰,甚至系統崩潰。
![Page 28: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/28.jpg)
Special features...
Firefox Add-ons好用東西也不少
28
![Page 29: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/29.jpg)
GMail Commander
� GMail Commander 是一種檢查信件的軟體,它允許於檢查信件的同時,接受來自於Gmail信箱所發送的各種控制指令,來進行遠端遙控。
� 註:遠端遙控部分需自行於Gmail中撰寫批次檔,� 註:遠端遙控部分需自行於Gmail中撰寫批次檔,或者呼叫系統的捷徑列。
![Page 30: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/30.jpg)
GMail Commander
純文字郵件
![Page 31: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/31.jpg)
GMail Commander
� 問題點:� 發送純文字檔的信,而目標電腦並沒有把信接收下去的狀態下去控制及觸發對方電腦起床工作了。
� 參考資料 (原始碼):� http://www.autohotkey.com/forum/topic67120.html
![Page 32: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/32.jpg)
![Page 33: Bt5攻防手法](https://reader033.vdocuments.pub/reader033/viewer/2022060116/55830311d8b42a50628b475a/html5/thumbnails/33.jpg)
� 部落格:� 網路攻防戰:http://anti-hacker.blogspot.com
� Plurk噗浪: http://www.plurk.com/openblue
FaceBook: http://www.facebook.com/openblue� FaceBook: http://www.facebook.com/openblue
�粉絲團:http://www.facebook.com/NetWarGame
� 網路直播頻道:� http://zh-tw.justin.tv/openblueTV