Professional Documents
Culture Documents
Chan
Chan
LI M U
Cng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh v s pht trin ca mng internet ngy cng pht trin a dng v phong ph. Cc dch v trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi. Cc thng tin trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu thng tin cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy ca n. Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v phc tp hn. Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l ht sc quan trng v cn thit. Xut pht t nhng thc t , chng ta s tm hiu v cc cch tn cng ph bin nht hin nay v cc phng chng cc loi tn cng ny. Chnh v vy, thng qua vic nghin cu mt s phng php tn cng v cch bo mt cc la tn cng ny, mnh mong mun gp mt phn nh vo vic nghin cu v tm hiu v cc vn an ninh mng gip cho vic hc tp v nghin cu.
1. L do chn ti Trong nhng nm gn y, Vit Nam ngy cng pht trin v nht l v mt cng ngh thng tin. c bit l v ng dng web, hu nh mi ngi ai cng tng nghe v lm vic trn ng dng web. Website tr nn ph bin v tr thnh mt phn quan trng ca mi ngi v nht l cc doanh nghip, cng ty. Bn cnh l do an ton bo mt cho ng dng web lun l vn nan gii ca mi ngi.V vy chng ta s i tm hiu ng dng web v cch thc tn cng v bo mt web. 2. Mc tiu Gip chng ta c th hiu hn v cc ng dng website, cc mi e da v vn an ton thng tin khi chng ta lm vic trn ng dng web hng ngy, hiu r hn v cc k thut tn cng v bo mt web. 3. Phm vi
MC LC
CHNG 1............................................................................................................................4 TNG QUAN V WEBSITE, CC DCH V CA WEBSITE V LI BO MT THNG DNG.....................................................................................................................................4 1.1. M t Website v cch hot ng.................................................................................4 1.2. Cc dch v v ng dng trn nn web........................................................................5 CHNG 2............................................................................................................................6 CC LOI TN CNG V BO MT NG DNG WEB PH BIN.....................................6 2.1. LOCAL ATTACK...........................................................................................................6 2.1.1. Tm hiu v Local Attack........................................................................................6 2.1.2. Cch tn cng Local Attack....................................................................................7 2.1.3. Cch bo mt cho Local Attack............................................................................11 2.1.4. Cc cng c h tr...............................................................................................16 2.2. Tn cng t chi dch v - (Denial Of Service)...........................................................18 2.2.1. DOS(Denial Of Service).......................................................................................18 2.2.2. Ddos(Distributed Denial of Service)......................................................................21 2 2.2.3. Tn cng t chi dch v phn x nhiu vng DRDoS (Distributed Reflection Denial of Service)...........................................................................................................36 2.3. SQL Injection..............................................................................................................37 2.3.1. Tn cng SQL injection........................................................................................37 2.3.2.Cch Phng Trnh SQL Injection..........................................................................50 2.4. Cross Site Scripting (XSS)..........................................................................................55 2.4.1. Tn cng XSS......................................................................................................55 2.4.2. Phng chng........................................................................................................59
Trang 2
Trang 3
Trang 4
Trang 5
ngi u c trnh duyt v bn ch cn trnh duyt chy phn mm. mm lun lun c cp nht v chng chy trn server sn sng 24/7
Phn Lun D C
dng backup d liu thng xuyn th truy cp mi lc, mi ni, min l bn c mng ph trin khai cc r so vi phn mm chy trn desktop
Chi
Hy hnh dung bn c mt phn mm qun l bn hng hay qun l cng vic cng ty. Khng phi lc no bn cng cng ty, vi phn mm vit trn nn web, bn c th vo kim tra, iu hnh bt c u, thm ch bn ch cn mt chic in thoi chy c trnh duyt nh IPhone m khng cn n mt chic my tnh.
Trang 6
Trang 7
Trang 9
Trang 10
Trang 12
proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, set_time_limit, escapeshellcmd, escapeshellarg, dl, curl_exec, parse_ini_file, show_source,ini_alter, virtual, openlog - Khi , ta v d :
Tav4 Bkav Forum Trang 13
Trang 15
Trang 16
Trang 17
Trang 18
Trang 19
Trang 20
Trang 21
Trang 22
DDoS attack-network
Agent -Handler
IRC - Based
Secret/private channel
Public channel
TCP
UDP
ICMP
TCP
UDP
ICMP
i. M hnh Agent Handler: Theo m hnh ny, attack-network gm 3 thnh phn: Agent, Client v Handler Client : l software c s hacker iu khin mi hot ng ca attack-network Handler : l mt thnh phn software trung gian gia Agent v Client Agent : l thnh phn software thc hin s tn cng mc tiu, nhn iu khin t Client thng qua cc Handler
Trang 23
Handler
Handler
Handler
Handler
Agent
Agent
Agent
Agent
Agent
Victim
Hnh 3. Kin trc attack-network kiu Agent Handler
- Attacker s t Client giao tip vi cc1 Handler xc nh s lng Agent ang online, iu chnh thi im tn cng v cp nht cc Agent. Ty theo cch attacker cu hnh attack-network, cc Agent s chu s qun l ca mt hay nhiu Handler. - Thng thng Attacker s t Handler software trn mt Router hay mt server c lng traffic lu thng nhiu. Vic ny nhm lm cho cc giao tip gia Client, handler v Agent kh b pht hin. Cc gia tip ny thng thng xy ra trn cc protocol TCP, UDP hay ICMP. Ch nhn thc s ca cc Agent thng thng khng h hay bit h b li dng vo cuc tn cng kiu DDoS, do h khng kin thc hoc cc chng trnh Backdoor Agent ch s dng rt t ti nguyn h thng lm cho hu nh khng th thy nh hng g n hiu nng ca h thng. ii. M hnh IRC Based: - Internet Relay Chat (IRC) l mt h thng online chat multiuser, IRC cho php User to mt kt ni n multipoint n nhiu user khc v chat thi gian thc. Kin trc c IRC network bao gm nhiu IRC server trn khp internet, giao tip vi nhau trn nhiu knh (channel). IRC network cho php user to ba loi channel: public, private v serect.
Trang 24
IRC NETWORK
Agent
Agent
Agent
Agent
Agent
Victim
Hnh 4. Kin trc attack-network ca kiu IRC-Base - IRC Based net work cng tng t nh Agent Handler network nhng m hnh ny s dng cc knh giao tip IRC lm phng tin giao tip gia Client v Agent (khng s dng Handler). S dng m hnh ny, attacker cn c thm mt s li th khc nh: Cc giao tip di dng chat message lm cho vic pht hin chng l v cng kh khn IRC traffic c th di chuyn trn mng vi s lng ln m khng b nghi ng Khng cn phi duy tr danh sch cc Agent, hacker ch cn logon vo IRC server l c th nhn c report v trng thi cc Agent do cc channel gi v.
Trang 25
Resource Deleption
Flaggle Attack
TCP SYS
Attack
Direct Attack
Hnh 5. Phn loi cc kiu tn cng DDoS i. Nhng kiu tn cng lm cn kit bng thng ca mng (BandWith Depletion Attack) - BandWith Depletion Attack c thit k nhm lm trng ngp mng mc tiu vi nhng traffic khng cn thit, vi mc ch lm gim ti thiu kh nng ca cc traffic hp l n c h thng cung cp dch v ca mc tiu. - C hai loi BandWith Depletion Attack:
Trang 26
Attacker/Agent
VICTIM
Amplifier
Hnh 6. S tn cng kiu Amplification Attack C th chia amplification attack thnh hai loi, Smuft va Fraggle attack:
Trang 28
Trang 29
TCP
TCP Client
Client Port 1024-65535
SYN/ACK
Server
80
ACK
Service Port
1-1023
- Nu bn server tr li mt yu cu SYN bng mt SYN/ACK REPLY nhng khng nhn c ACK packet cui cng sau mt khong thi gian quy nh th n s resend li SYN/ACK REPLY cho n ht thi gian timeout. Ton b ti nguyn h thng d tr x l phin giao tip nu nhn c ACK packet cui cng s b phong ta cho n ht thi gian timeout. - Nm c im yu ny, attacker gi mt SYN packet n nn nhn vi a ch bn gi l gi mo, kt qu l nn nhn gi SYN/ACK REPLY n mt a ch kh v s khng bao gi nhn c ACK packet cui cng, cho n ht thi gian timeout nn nhn mi nhn ra c iu ny v gii phng cc ti nguyn h thng. Tuy nhin, nu lng SYN packet gi mo n vi s lng nhiu v dn dp, h thng ca nn nhn c th b ht ti nguyn.
Client SYN
SYN/ACK
Server
Attacker/Agent SYN
Server
SYN/ACK
ACK
SYN/ACK
Hnh 8. Attacker gi mo Ip
Trang 30
+ PUSH = ACK Attack: Trong TCP protocol, cc packet c cha trong buffer, khi buffer y th cc packet ny s c chuyn n ni cn thit. Tuy nhin, bn gi c th yu cu h thng unload buffer trc khi buffer y bng cch gi mt packet vi PUSH v ACK mang gi tr l 1. Nhng packet ny lm cho h thng ca nn nhn unload tt c d liu trong TCP buffer ngay lp tc v gi mt ACK packet tr v khi thc hin xong iu ny, nu qu trnh c din ra lin tc vi nhiu Agent, h thng s khng th x l c lng ln packet gi n v s b treo. ii.b/ Malformed Packet Attack: - Malformed Packet Attack l cch tn cng dng cc Agent gi cc packet c cu trc khng ng chun nhm lm cho h thng ca nn nhn b treo. C hai loi Malformed Packet Attack: + IP address attack: dng packet c a ch gi v nhn ging nhau lm cho h iu hnh ca nn nhn khng x l ni v b treo. + IP packet options attack ngu nhin ha vng OPTION trong IP packet v thit lp tt c cc bit QoS ln 1, iu ny lm cho h thng ca nn nhn phi tn thi gian phn tch, nu s dng s lng ln Agent c th lm h thng nn nhn ht kh nng x l.
Trang 31
Agent Setup
OS supported
Yes
No
TCP UDP
ICMP
Actively Poll
Live&wait YES
IRC Basedl
Backdoor Trojan
Buffer Overlfow
Handlerl
Handlerl
- C rt nhiu im chung v mt software ca cc cng c DDoS attack. C th k ra mt s im chung nh: cch ci Agent software, phng php giao tip gia cc attacker, handler v Agent, im chung v loi h iu hnh h tr cc cng c ny. S trn m t s so snh tng quan gia cc cng c tn cng DDoS ny. * Cch thc ci t DDoS Agent: - Attacker c th dng phng php active v passive ci t agent software ln cc my khc nhm thit lp attack-network kiu Agent-Handler hay IRC-based. - Cch ci t Active: + Scaning: dng cc cng c nh Nmap, Nessus tm nhng s h trn cc h thng ang online nhm ci t Agentsoftware. Ch , Nmap s tr v nhng thng tin v mt h thng c ch nh bng a ch IP, Nessus tm kim t nhng a ch IP bt k v mt im yu bit trc no .
Trang 32
Trang 34
Trang 35
Trang 36
- Qu trnh gi c lp li lin tc vi nhiu a ch IP gip t k tn cng, vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti, bandwidth b chim dng bi server ln. Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mt hacker lnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot bt c my no lm phng tin thc hin tn cng. 2.3. SQL Injection 2.3.1. Tn cng SQL injection 2.3.1.1. SQL Injection l g? - Khi trin khai cc ng dng web trn Internet, nhiu ngi vn ngh rng vic m bo an ton, bo mt nhm gim thiu ti a kh nng b tn cng t cc tin tc ch n thun tp trung vo cc vn nh chn h iu hnh, h qun tr c s d liu, webserver s chy ng dng, ... m qun mt ng ngay c bn thn ng dng chy trn cng tim n mt l hng bo mt rt ln. Mt trong s cc l hng ny l SQL
Trang 37
Trang 38
- bit website no dnh li SQL Injection ta thm du vo sau thanh a ch. V d : http://www.doanchuyenganh.com/product.php?id=123
Trang 39
H Hnh 12. Mt site b li SQL Injection i. Dng tn cng vt qua kim tra ng nhp - Vi dng tn cng ny, tin tc c th d dng vt qua cc trang ng nhp nh vo li khi dng cc cu lnh SQL thao tc trn c s d liu ca ng dng web. Xt mt v d in hnh, thng thng cho php ngi dng truy cp vo cc trang web c bo mt, h thng thng xy dng trang ng nhp yu cu ngi dng nhp thng tin v tn ng nhp v mt khu. Sau khi ngi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mt khu c hp l hay khng quyt nh cho php hay t chi thc hin tip. Trong trng hp ny, ngi ta c th dng hai trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t pha ngi dng. V d: login.htm <form action="ExecLogin.asp" method="post"> Username: <input type="text" name="fUSRNAME"><br> Password: <input type="password" name="fPASSWORD"><br> <input type="submit"> </form>
Tav4 Bkav Forum Trang 40
[ [E-book] Tan cong va phong thu ung dung WEB execlogin.asp <% Dim vUsrName, vPassword, objRS, strSQL vUsrName = Request.Form("fUSRNAME") vPassword = Request.Form("fPASSWORD") strSQL = "SELECT * FROM T_USERS " & _ "WHERE USR_NAME=' " & vUsrName & _ " ' and USR_PASSWORD=' " & vPassword & " ' " Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." If (objRS.EOF) Then Response.Write "Invalid login." Else Response.Write "You are logged in as " & objRS("USR_NAME") End If Set objRS = Nothing %> - Thot nhn, on m trong trang execlogin.asp dng nh khng cha bt c mt l hng v an ton no. Ngi dng khng th ng nhp m khng c tn ng nhp v mt khu hp l. Tuy nhin, on m ny thc s khng an ton v l tin cho mt li SQL injection. c bit, ch s h nm ch d liu nhp vo t ngi dng c dng xy dng trc tip cu lnh SQL. Chnh iu ny cho php nhng k tn cng c th iu khin cu truy vn s c thc hin. V d, nu ngi dng nhp
Trang 41
USR_PASSWORD= '' OR ''='' - Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca T_USERS v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp h hp l. ii. Dng tn cng s dng cu lnh SELECT - Dng tn cng ny phc tp hn. thc hin c kiu tn cng ny, k tn cng phi c kh nng hiu v li dng cc s h trong cc thng bo li t h thng d tm cc im yu khi u cho vic tn cng. Xt mt v d rt thng gp trong cc website v tin tc. Thng thng, s c mt trang nhn ID ca tin cn hin th ri sau truy vn ni dung ca tin c ID ny. V d: http://www.doanchuyennganh.com/product.asp?ID=123 . M ngun cho chc nng ny thng c vit kh n gin theo dng <% Dim vNewsID, objRS, strSQL v vNewsID = Request("ID") s strSQL = "SELECT * FROM T_NEWS WHERE NEWS_ID =" & vNewsID Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." Set objRS = Nothing %> - Trong cc tnh hung thng thng, on m ny hin th ni dung ca tin c ID trng vi ID ch nh v hu nh khng thy c li. Tuy nhin, ging nh v d
Tav4 Bkav Forum Trang 42
Trang 43
Trang 44
Trang 45
R rng l, n ngn chn c tt c nhng kiu tn cng trn. Tuy nhin nu mun to ra mt chui gi tr m khng dng cc du nhy, c th dng hm char() nh v d sau: V d a.2: INSERT into User VALUES(666, char(0x63) +char(0x68)
Tav4 +char(0x72) char(0x69) +char(0x73) ,char(0x63) +char(0x68) Bkav Forum Trang 46
V d a.2 trn tuy l mt cu truy vn khng c du nhy n no nhng n vn c th insert chui vo bng, v tng ng vi: INSERT into User VALUES( 666,chris,chris,255) Hacker cng c th chn username , password l s trnh du nhy nh v d sau: V d a.3: INSERT into User VALUES( 667,123,123,0xffff) SQL server s t ng chuyn t s sang chui. Tn cng 2 tng: - Mc d ng dng thay th du nhy n nhng vn cn kh nng b chn on m SQL . V d b.1: ng k account trong ng dng, nhp username nh sau: Username: admin' Password: passofadmin - ng dng s thay th du nhy, kt qu trong cu insert s nh sau: INSERT into User VALUES(123, 'admin''--', 'password',0xffff) (nhng trong c s d liu s lu l admin--) - Gi s rng ng dng cho php ngi dng thay i mt khu. Cc on m ASP c thit k m bo rng ngi s dng phi nhp ng mt khu c trc khi nhp mt khu mi. on m nh sau:
Trang 47
- Cu truy vn thit lp mt khu mi nh sau: sql = "update users set password = '" + newpassword + "' where username= '" + rso("username") + "'" rso(username) chnh l gi tr username c c cu truy vn login v n l admin-Cu truy vn lc ny nh sau: update users set password = 'password' where username = 'admin'--' - Nh hacker c th thay i mt khu ca admin bng gi tr ca mnh. y l 1 trng hp cn tn ti trong hu ht nhng ng dng ln ngy nay c s dng c ch loi b d liu. Gii php tt nht l loi b nhng gi tr li hn l chnh sa li. Nhng c mt vn l c mt s nhp d liu (nh nhp tn) cho php nhng k t ny. V d: OBrien. - Cch tt nht gii quyt vn ny l khng cho php nhp du nhy n. Nu iu ny khng th thchin c , th loi b v thay th nh trn. Trong trng hp
Trang 48
Trang 49
Trang 50
Trang 51
Trang 52
Cch 3: Ch chp nhn d liu hp l function validatepassword( input ) good_password_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123 456789" validatepassword = true for i = 1 to len( input ) c = mid( input, i, 1 ) if ( InStr( good_password_chars, c ) = 0 ) then validatepassword = false exit function end if next ii. Kho cht SQL Server (SQL Server Lockdown) y l mt danh sch cc cng vic cn lm bo v SQL server: Xc nh cc phng php kt ni n server:
Trang 53
Trang 54
Trang 55
Trang 56
Trang 57
Trang 58
Trang 59
[E-book] Tan cong va phong thu ung dung WEB CHNG 3 DEMO, NH GI V HNG PHT TRIN TI
3.1. Demo - Trc tin ta s dng mt th thut tm kim nh trn google c th tm kim site b li SQL Injecton. y ti dng t kha: inurl:keywords V d: inurl:sanpham.php?id=3 - S dng t kha trn google.com ti chn c mt website thit k s si l http://nhanquynhphat.com/sanpham.php?id=3 ; ti on n b dnh li SQL Injetion v tin hnh khai thc li. - Ti tin hnh kim tra li v thy website ny b li SQL Injection, ti tip tc ly cc thng tin v website nh version MySQL vic khai thc tr nn r rng hn. y website s dng version MySQL >=5 nn ti c th d dng khai thc li thng qua information_shema.tables m khng cn phi on table ca n l g.
Hnh 13. Thng tin cc table ly c. - B qua cc table khng lin quan ta ly c cc table nh sau: khuyenmai, lienhe, loaispcon, online, sanpham, tbl_gioithieu, tbl_lienhe, tbl_lienket, tbl_tintuc, thanhtoan, tintuc, user - Sau ti tin hnh ly thng tin column v data v kt qu nh hnh 14.
Trang 60
Hnh 14. D liu ta khai thc c dng m ha - Theo hnh 14. d liu ly c ang dng m ha. Vic khai thc SQL Injection n y cn 1 bc na l tm ng dn ng nhp qun tr v nu mt khu nm dng m ha th ta cn phi tin hnh gii m. 3.2. Kt lun 3.2.1. Cc vn t c - Theo yu cu t ra ban u th cho n thi im hin ti, n t c cc ni dung sau: Tm hiu cc k thut tn cng ng dng Web bao gm cc k thut o Chn m lnh thc thi trn trnh khch Cross-site Scripting. o Chn cu truy vn SQL v Tn cng SQL Injection nng cao o Tn cng Local Acttack. o T chi dch v . Cc bin php bo mt t s kt hp gia nh qun tr mng, nh thit k ng dng Web v ngi dng
Trang 61
Trang 62
Trang 63
NHN XT HNG DN
.............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................
Tav4 Bkav Forum Trang 64
Trang 65
[E-book] Tan cong va phong thu ung dung WEB NHN XT PHN BIN
.............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. .............................................................................................................................. ..............................................................................................................................
Trang 66
Trang 67