sql injection lab 5477
Embed Size (px)
DESCRIPTION
sql labTRANSCRIPT
-
1
***************************
THC HNH LAB
PHNG PHP TN CNG CA
HACKER VO CC NG DNG
WEB B LI SQL INJECTION
***************************
-
2
LI NI U ...............................................................................................................3 Gii thiu chung : ..........................................................................................................4 Mc tiu :.......................................................................................................................4 iu kin :......................................................................................................................4 Ni dung : ......................................................................................................................5 1. Phn chun b cho bi thc hnh LAB:.................................................................6 2. Phn thc hnh LAB : .........................................................................................76
-
3
LI NI U
Ti liu ny dnh cho bt c nhng ai quan tm ti bo mt thng tin cho ng dng Web c s dng c s d liu, c bit dnh cho cc qun tr Website, qun tr my ch Web Server c chy cc ng dng Web c nguy c tim n v cng l ti liu tham kho rt tt cho cc bn ang theo hc v qun tr mng .Ti liu ny s hng cc bn lm th no c c mt h thng gi lp v cc li SQL Injection ca ng dng Web, cch s dng cc cng c h tr trong vic tn cng vo cc ng dng Web b li SQL Injection .
V y l ti liu hng dn v cc phng php tn cng ca hacker vo cc ng dng Web b li SQL Injection, phng chm ca chng ti l Hack khng phi l ph hoi Hack bo mt hn ! .Nn chng ti xin nhc nh cc bn y ch l ti liu c tnh cht tham kho thc hnh LAB, chng ti khng chu trch nhim vic cc bn dng kin thc ny vo vic vi phm php lut nh nc Cng Ha X Hi Ch Ngha Vit Nam .
Cui cng th chn thnh cm n ti liu ca cc tc gi OReilly, Kevin Spett, AirScanner v cc din n v bo mt cung cp ti liu chng ti hon thnh cun ti liu hng dn thc hnh LAB ny . Mi thc mc xin gi v : [email protected]
-
4
Gii thiu chung :
Ni dung ca phn LAB ca module 14 SQL Injection th hin rt r phng chm Hack bo mt hn !, module ny bao gm chuyn v nhng phng thc v k nng thc hnh thm nhp h thng nh : qut li bo mt, truyn cc lnh thc thi tri php, xm nhp h thng my ch Web ca hacker ngi qun tr c ci nhn tng quan t pha nhng hacker thc hin ch bo mt cho Web site ca mnh mt cch tt hn .
V l do cc li bo mt v SQL Injection th rt nhiu cc ng dng Web b mc phi .Do trong gii hn ca ti liu ny ti ly mt v d in hnh v li SQL Injection l li ng dng Web ASP (Active Server Pages) lm v d hng dn trong phn LAB ca module ny . Mc tiu :
Tham gia qun tr bo mt h thng my ch chy cc ng dng Web c s dng c s d liu cc t chc, cng ty, x nghip, c quan .
- Nm vng cc phng php kho st, nh gi mc an ninh mng . - Nm vng cc k nng v kin thc, thc hnh v kinh nghim Ethical
Hacking . - Xc nh c nguyn nhn, nhn din chnh xc i tng, ng c, cch
thc ca k tn cng xm nhp d liu h thng .Xc nh mc tiu, mi nguy him thng trc v an ninh ng dng Web ca t chc .
- Phng thc thit k h thng v ng dng Web theo hng bo mt .Phng thc i ph vi s c khi xy ra .
- Hiu r khi nim, phng thc hot ng ca cc hacker . - Bit s dng phng php v cc cng c c bn kim tra an ninh bo
mt trn ng dng Web ca t chc . iu kin :
- C kin thc v H iu hnh mng Windows (tng ng MCSA) . - C kin thc v H qun tr c s d liu Microsoft SQL Server (tng
ng MCDBA) . - C kin thc v lp trnh Web : HTML, ASP, PHP . - C kin thc v Anh ng . - Quan tm n bo mt thng tin trn ng dng Web .
-
5
Ni dung :
Phn chun b cho bi thc hnh LAB . Phn thc hnh LAB .
-
6
1. Phn chun b cho bi thc hnh LAB:
- Phn ny yu cu cc bn s dng 2 h thng PC c th thc hnh bi LAB v thy c hiu qu ca nhng bi thc hnh .
- Tt nht cc bn nn s dng cng c to my o(VMware Workstation, Micsoft Virtual PC) c th thc hin tt phn thc hnh LAB .
- y ti s a ra m hnh thc hnh nh sau : - Trong my Attack s s dng Windows XP sp2 v my ch Web l victim s
dng Windows 2000 Server .
1.1. My ch Web Server victim :
1.1.1. Mt h iu hnh (OS) Microsoft Windows 2000 Server :
- Ti s dng phin bn Windows 2000 Server hng dn cc bn thc hnh bi LAB ny cho thun tin .
- Vic lm sao c h iu hnh trn tt nhin cc bn bit ti s khng nhc ti, bn cnh ta cn c 1 Web Server chy trn nn Web Server IIS 5.0 (Internet Information Service) .Phn ny cc bn hc qua mn MCSA (Microsoft Certified System Administrator ) tt nhin phi bit cch ci t gi phn mm Web Server ny u ra .
-
7
- y ti xin nhc li nhng bn no cha bit c th bit cch ci t gi phn mm ny phc v cho bi thc hnh LAB di y .
- Vo Start Setting Control Panel Add / Remove Programs . - Chn Add / Remove Windows Components .
- Chn du chn gi Internet Information Services (IIS), gi phn mm ny s chy c cc ng dng Web Application ASP .
-
8
- Chn Next .
-
9
- Ch h thng ci t gi phn mm IIS vo .
-
10
- Chn Finish .
- n y ta chun b xong phn Web Server cho h thng victim phc v bi thc hnh LAB di y .
1.1.2. Mt h qun tr c s d liu (database) Microsoft SQL Server 2000 :
- Ti s dng h qun tr c s d liu Microsoft SQL Server 2000
Standard hng dn cho cc bn bi thc hnh LAB ny cho thun tin .
- Vic lm sao c v cch thc ci t gi phn mm h qun tr c s d liu Microsoft SQL Server th bn no hc qua MCDBA (Micosoft Certified Database Administrator ) tt nhin phi bit cch ci t v s dng nh th no .
- y ti xin nhc li mt cch c bn cc bn cha bit c th t mnh ci t gi phn mm ny phc v cho bi thc hnh LAB di y .
- Chn file setup.bat (trong th mc gc ci t) .
-
11
- Chn Next .
-
12
- Chn Local Computer chn Next .
-
13
- Chn Create a new instance of SQL Server, or install Client Tools chn Next .
-
14
- Chn Next .
-
15
- Chn Server and Client Tools chn Next .
-
16
- Chn Yes .
-
17
- in CD key vo v chn Next .
-
18
- mc nh Default chn Next .
-
19
- Chn Custom chn Next .
-
20
- Chn Next .