Professional Documents
Culture Documents
Book 1
Book 1
Uploaded by
Abdurrahman Hazer0 ratings0% found this document useful (0 votes)
8 views11 pagesbook
Original Title
book1
Copyright
© © All Rights Reserved
Available Formats
PDF, TXT or read online from Scribd
Share this document
Did you find this document useful?
Is this content inappropriate?
Report this Documentbook
Copyright:
© All Rights Reserved
Available Formats
Download as PDF, TXT or read online from Scribd
0 ratings0% found this document useful (0 votes)
8 views11 pagesBook 1
Book 1
Uploaded by
Abdurrahman Hazerbook
Copyright:
© All Rights Reserved
Available Formats
Download as PDF, TXT or read online from Scribd
You are on page 1of 11
BGA
BEYAZ APKALI
HACKER ETM
YARDIMCI DERS NOTLARI - I
HUZEYFE NAL
BLG GVENL AKADEMS
BGA
[BEYAZ APKALI HACKER ETM] BGA
erik Tablosu
Backtrack Nedir? .................................................................................................................................... 13
Backtrack Linux kullanm ................................................................................................................... 13
Sisteme Giri ...................................................................................................................................... 14
Grafik Arabirimli Moda Gei .......................................................................................................... 15
Datmdaki Yazlmlarn Kullanm .................................................................................................. 17
Backtrackde Bulunan Baz Ek Servisler ve Kullanm ........................................................................... 18
Tftp Servisinin Balatlmas ............................................................................................................. 18
SSH Servisisinin Balatlmas ........................................................................................................... 19
Linux ve A Ortam ................................................................................................................................. 20
Linux Sistemlerde IP Yaplandrmas ....................................................................................................... 20
ifconfig............................................................................................................................................... 20
Bir Arabirime birden fazla IP adresi Atama(IP Alias) ............................................................................ 21
IP Yaplandrmasn DHCPden almak .................................................................................................. 21
Ping komutu....................................................................................................................................... 22
oklu ping - fping ............................................................................................................................... 22
Arp ........................................................................................................................................................ 23
ARP Belleini Sorgulama .................................................................................................................... 23
Arp Belleine Statik Kayt ekleme ....................................................................................................... 23
Firewall/Router'dan Ip-MAC degisimini kontrol etmek ....................................................................... 24
Ynlendirme Tablosu - Route ................................................................................................................. 26
Ynlendirme tablosu Grntleme .................................................................................................... 27
Yeni ynlendirme(Routing) Ekleme .................................................................................................... 27
Varolan Ynlendirme Tanmn Deitirme ......................................................................................... 27
Linux Sistemleri Router(Ynlendirici) Olarak Yaplandrma ................................................................. 28
DNS Yaplandrmas ............................................................................................................................ 28
Netstat ile A Durumunu zleme......................................................................................................... 29
TCP Balantlarn zleme ................................................................................................................ 29
UDP Balantlarn zleme ............................................................................................................... 29
Sistemde Hizmet Veren Portlar zleme .......................................................................................... 29
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
Sistem/A Gvenlii ile ilgili Temel Komutlar.......................................................................................... 30
Sistem Giri lemleri .......................................................................................................................... 30
Sisteme Kimler Bal? ..................................................................................................................... 30
Who komutu kullanm rnekleri .................................................................................................. 30
w komutu kullanm rnekleri;......................................................................................................... 31
Bilgi Neden Deerlidir? .......................................................................................................................... 32
Gvenlik Testlerinde Bilginin nemi .................................................................................................. 32
Bilgi Toplama Yntemleri ................................................................................................................... 32
Pasif Bilgi Toplama ............................................................................................................................. 32
IP Adresleri ve Domain Adlar Hakknda Bilgi Edinme .................................................................... 33
Ripe zerinden IP Adresi sorgulama ............................................................................................... 36
ARIN zerinden IP Sorgulama......................................................................................................... 37
NetworkSolutions zerinden Domain Sorgulama.......................................................................... 38
Web Sayfalarnn Gemiini zleme ................................................................................................. 39
E-posta Listeleri Arivleri Aracl le Bilgi Toplama ....................................................................... 40
Netcraft Aracl ile Bilgi Toplama .................................................................................................. 41
Passive DNS Replication ................................................................................................................. 43
Bir Domaine Ait E-posta Adreslerinin Bulunmas............................................................................. 44
Arama Motorolar Araclyla Bilgi Toplama ....................................................................................... 45
Pipl.com Aracl ile ahs Arama ................................................................................................... 45
Google Araclyla Bilgi Toplama .................................................................................................... 46
Aktif Bilgi toplama.................................................................................................................................. 47
DNS Protokol kullanarak Bilgi Toplama ............................................................................................. 47
DNS sorgu tipleri ............................................................................................................................ 47
Nslookup / dig ................................................................................................................................ 48
Dig Arac ile DNS Sorgulama .......................................................................................................... 49
DNS Sunucu Versiyon Bilgisi ........................................................................................................... 51
Zone Transferi Kontrol.................................................................................................................. 52
DNS Sorgularn zlemek(DNS Trace) ............................................................................................... 54
DNS Bruteforce Yntemi ile Bilgi Toplama ...................................................................................... 57
Banner Yakalama(Banner Grabbing)................................................................................................... 59
Dier Bilgi Toplama Yntemleri .......................................................................................................... 65
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
Web Sayfas Yorum Satrlarndan Bilgi Toplama .............................................................................. 65
Hedef Sistem Hakknda Ek Bilgi Edinmek ........................................................................................ 65
Spam Gndermeye Ak Web Sunucularn Kefi.............................................................................. 70
E-posta Balklar Aracl ile Bilgi Edinme ......................................................................................... 72
E-posta Balk Bilgileri..................................................................................................................... 72
Mailin ilk kaynakta oluturulma zaman................................................................................... 76
MetaGoofil nasl alr? ........................................................................................................................ 79
A Haritalama Yntemi ile Bilgi Toplama ............................................................................................ 80
Traceroute ..................................................................................................................................... 80
Traceroute ve TCPTraceroute Farkn Anlama ................................................................................. 82
SNMP zerinden Bilgi Toplama ...................................................................................................... 83
Dmitry ile Bilgi Toplama ..................................................................................................................... 85
Yeni Nesil Bilgi Toplama Arac:Maltego............................................................................................... 87
Maltego ile Arama Yapma .............................................................................................................. 88
OSI Katman ve Katman levleri ............................................................................................................. 91
Eitim asndan OSInin nemli katmanlar ........................................................................................ 92
TCP/IP .................................................................................................................................................... 92
TCP/IP Katmanlar .............................................................................................................................. 93
Port Gruplamas ................................................................................................................................. 93
ok kullanlan baz servisler ve kullandklar Port/Protokol Bilgileri ................................................. 94
Address Resolution Protocol .................................................................................................................. 95
Arp Request paketi............................................................................................................................. 95
Arp Reply Paketi ................................................................................................................................. 96
ARPn gvenlik asndan nemi........................................................................................................ 96
IP (Internet Protocol) ............................................................................................................................. 96
TTL ..................................................................................................................................................... 97
Sniffer ile IP Paketi Analizi .................................................................................................................. 97
ICMP ...................................................................................................................................................... 98
Hping ile icmp paketi oluturma. ........................................................................................................ 99
Hping ile ICMP tipi ve kodu belirtmek iin kullanlan parametreler............................................... 101
UDP ..................................................................................................................................................... 102
UDP Bal....................................................................................................................................... 102
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
Sniffer aracl ile UDP Protokol ..................................................................................................... 103
TCP/IP Alarda Paralanm Paketler.................................................................................................... 104
Paralanm Paketler ........................................................................................................................ 104
IP (Internet Protocol) Yaps.............................................................................................................. 104
MTU (Maximum Transfer Unit)..................................................................................................... 105
Paket Paralama(Fragmentation) ..................................................................................................... 105
Paketlerin Birletirilmesi ...................................................................................................... 105
Detay nceleme ............................................................................................................................ 107
Paralanm Paketler ve Gvenlik Zaafiyetleri................................................................................... 109
Paralanm Paket Oluturma Aralar .............................................................................................. 109
Hping ile Paralanm Paket Oluturma ........................................................................................ 109
Fragroute ve Fragrouter Aralar .................................................................................................. 111
Paralanm Paketler ve Gvenlik Duvarlar .................................................................................. 113
Paralanm Paketler ve Saldr Tespit Sistemleri........................................................................... 113
TCP/IP Alarda Trafik Analizi ................................................................................................................ 114
Trafik Analizi/Sniffing ........................................................................................................................... 114
Pasif Sniffing .................................................................................................................................... 114
Aktif Sniffing .................................................................................................................................... 114
Promiscious Mode Kavram? ............................................................................................................ 115
Sniffer Yerleimi ............................................................................................................................... 117
HUB/TAP Kullanlan Ortamlar in Sniffer Yerleimi ...................................................................... 117
Switch Kullanlan Ortamlarda Sniffer Yerleimi ............................................................................. 118
Sniffing Amal Aralar ..................................................................................................................... 119
ifresiz Protokoller ............................................................................................................................... 119
Telnet Protokol .............................................................................................................................. 120
Simple Mail Transfer Protocol .......................................................................................................... 121
SQL Balants .................................................................................................................................. 122
ifrelememenin Getirisi ve Gtrleri .............................................................................................. 123
HTTP zerinden www.verisign.com adresine ulam; ............................................................. 124
HTTPS zerinden www.verisign.com adresine ulam; ............................................................ 125
Tcpdump ............................................................................................................................................. 126
Tcpdump Nedir? .............................................................................................................................. 126
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
Windows iin Tcpdump ................................................................................................................ 126
Tcpdump Kullanm .............................................................................................................................. 126
Promiscious mod ............................................................................................................................. 126
Yetki ................................................................................................................................................ 127
Tcpdump TCP Paket Format ........................................................................................................... 128
Tcpdump UDP Paket Format ........................................................................................................... 128
Tcpdump ICMP Paket Format .......................................................................................................... 128
Sk Kullanlan Parametreler .............................................................................................................. 129
Arabirim Seimi( -i ) ...................................................................................................................... 129
sim zmleme ( -n )................................................................................................................... 129
-Zaman Damgas Gsterimi ( -t ) ................................................................................................... 130
Yakalanan Paketleri Kaydetme ( -w ) ............................................................................................ 131
Yakalanacak Paket Saysn Belirleme ( -c ) .................................................................................... 132
Yakalanacak Paket Boyutunu Belirleme ( -s ) ............................................................................... 133
Detayl Loglama (-v)...................................................................................................................... 133
Promisc Moddan Ka ( -p ) ......................................................................................................... 134
Layer 2 Balklarn Yakalama ( -e ) .............................................................................................. 134
BPF(Berkley Packet Filter) ................................................................................................................ 135
Type ............................................................................................................................................. 135
Direction ...................................................................................................................................... 135
Protocol ....................................................................................................................................... 135
Host Parametresi ......................................................................................................................... 135
dst host (Hedef Host Belirtimi) ..................................................................................................... 135
src host (Kaynak Host Belirtimi) .................................................................................................... 136
port Parametresi (Port Belirtimi) .................................................................................................. 136
Tcpdump ile Sorun giderme ............................................................................................................. 137
SSH Sunuculara balantda yavalk Sorunu ve Analizi................................................................... 137
TTNET Karaliste uygulamas ve Analizi .......................................................................................... 140
Tcpdump ile Detay Paket Analizi ...................................................................................................... 142
SYN bayrakl TCP paketlerini yakalamak........................................................................................ 142
Saldr Tespit Sistemi Olarak Tcpdump .............................................................................................. 143
Tcpdump ile LAND Ata Belirleme ............................................................................................... 143
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
TTL Deeri 2den az olan paketleri Yakalama(traceroute) ............................................................. 144
UDP Port Taramalarn izlemek ..................................................................................................... 145
Nmap ile yaplan XMAS taramalarn tcpdump ile izleme .............................................................. 146
Tcpdump ile XMAS taramas belirleme ......................................................................................... 146
Port Tarama Aralarn Belirleme .................................................................................................. 147
Hping port taramalarn tcpdump ile belirleme ............................................................................. 147
Nmap Taramalarn Ttcpdump ile Belirleme .................................................................................. 148
Nmap ile yaplan UDP taramasnn tcpdump ile izlenmesi ............................................................. 149
Sniffer Olarak Snort.............................................................................................................................. 149
Yakalanan paketleri Kaydetme(Logging) ........................................................................................... 150
Wireshark ile Trafik Analizi ................................................................................................................... 152
Wiresharkin baz nemli zellikleri: ................................................................................................ 152
Wireshark Kullanm ......................................................................................................................... 153
Genel Hatlar ile WireShark .............................................................................................................. 157
Genel Protokol Bilgisi Alan ........................................................................................................... 157
Wireshark ile TCP Oturumlarnda paket birletirme ...................................................................... 158
Filtreler ............................................................................................................................................ 159
Capture Filter ............................................................................................................................... 160
Display Filter ................................................................................................................................ 160
Wireshark ile SMTP Trafii Analizi .................................................................................................... 161
Wireshark Komut Satr Aralar ....................................................................................................... 163
Dsniff ile Sniffing .................................................................................................................................. 171
A Trafiinde String Arama .................................................................................................................. 172
#grep googlebot /var/log/web_sunucu_erisimlogu|wc -l .................................................................... 172
Ngrep ile Neler yaplabilir? ............................................................................................................... 172
Ngrep almalar ............................................................................................................................. 172
HTTP trafiini Ngrep ile izleme ........................................................................................................ 174
Sisteminize hangi tip browserlarla balanldn grmek iin ............................................................... 174
http portundan yaplan ssh balantlarn izleme .......................................................................... 174
Http Protokol zerinden baka protokollerin kullanlmas ........................................................... 175
SSH-2. .................................................................................................................................................. 175
Ngrep ktlarn dzenlemek ........................................................................................................... 176
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
Kaydedilmi trafik zerinde veri arama............................................................................................. 176
User/Password bilgilerini alma ......................................................................................................... 176
Ngrep ile ifreli protokollerin Analizi ................................................................................................ 177
Paralanm Paketler ve Ngrep ......................................................................................................... 177
Ngrep Yardm ................................................................................................................................... 177
A trafiinde ham veriden orjinal veriyi elde etme yntemi(Data Carving) ........................................... 179
DriftNet ........................................................................................................................................... 179
NetworkMiner ile a verisi Analizi .................................................................................................... 180
Windows Sistemlerde Anlk Web Trafigi Takibi ................................................................................ 180
Yerel Alarda Sniffer Tespiti ................................................................................................................. 181
Cain & Abel ile windows Ortamnda Sniffer Tespiti ........................................................................... 183
TCP/IPde Gvenlik .............................................................................................................................. 185
Switch Kullanlan Alarda Trafik dinleme .......................................................................................... 185
ARP Paket eitleri ........................................................................................................................... 186
Arp kayd silmek ............................................................................................................................... 186
ARP CACHE POISONING/ ARP SPOOFING(ARP BELLEK ZEHRLEMES) ................................................ 187
ARP Poisoning gerceklestirmek icin kullanilan temel araclar: ............................................................ 187
Windows ortami icin .................................................................................................................... 187
Linux/UNIX ortami icin ................................................................................................................. 188
Arpspoof arac ile ARP Spoofing Uygulamas / Teori ......................................................................... 188
ARP Spoofing Uygulamas / Pratik .................................................................................................... 189
Nemesis ile Arp Poison ilemi ........................................................................................................... 190
Nemesis ile ARP Spoof .................................................................................................................. 191
Cain & Abel ile Spoofing / Poisoning almalar .............................................................................. 192
DNS Spoof almas......................................................................................................................... 196
rnek calisma: Dnsspoof arac ile Dns spoof ilemi gerekletirme ............................................... 196
rnek alma: Cain & Abel ile DNS Spoof saldrs gerekletirme ............................................... 200
Adm Adm HTTP/HTTPS Trafiinde Araya girme ve Mdahele etme ................................................ 200
Paros Proxy Ayarlar ..................................................................................................................... 201
SSL Balantlarnda Araya Girme Ve Veri Okuma(SSL MITM) ............................................................. 206
Internet Explorerin SSL MITM iin verdii uyar............................................................................ 208
Firefoxun SSL MITM iin verdii uyar .......................................................................................... 208
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
HTTPS Gvensiz Midir?..................................................................................................................... 210
SSLin HTTP ile mtihan .................................................................................................................... 211
Gz Yanlgsyla HTTPS Nasl Devre D Braklr? .............................................................................. 212
SSLStrip Nasl alr?.................................................................................................................... 213
Nasl Korunulur? .............................................................................................................................. 214
ARP istekleri(request) ile ARP(Arp Poison Routing) ........................................................................... 214
alma Detay ............................................................................................................................. 214
Gratious ARP Paketleri.. ................................................................................................................... 215
Ettercap ile Spoofing almalar ...................................................................................................... 217
Ettercap ile Neler yaplabilir ? ....................................................................................................... 217
Ettercap Kullanm ........................................................................................................................ 218
MAC Flooding ...................................................................................................................................... 226
alma:macof kullanarak switch ilevini bozma ............................................................................... 226
SSH MITM almas............................................................................................................................. 229
Korunma .......................................................................................................................................... 239
ICMP zerinden MITM Ataklar Gerekletirme................................................................................ 239
Gvenlik Testlerinde kefin nemi ....................................................................................................... 245
Nmap A haritalama ve Port tarama arac ......................................................................................... 246
Nmap Tarama admlar..................................................................................................................... 246
Temel Nmap Kullanm ..................................................................................................................... 248
Hedef Belirleme ........................................................................................................................... 249
Nmap Kullancsnn Haklar .......................................................................................................... 249
Nmap ile Tarama eitleri ............................................................................................................ 250
UDP Tarama Trleri ...................................................................................................................... 258
Versiyon Belirleme Taramalar...................................................................................................... 260
Zayflk Tarama Arac Olarak Nmap ............................................................................................... 265
IDS/IPS Atlatma Teknikleri ............................................................................................................ 269
Proxy zerinden Nmap Taramas .................................................................................................. 269
Nmap iin kullanlan Grafik arabirimleri............................................................................................ 272
Umit............................................................................................................................................. 272
Hping Kullanarak Port Tarama .............................................................................................................. 275
Hping ile SYN Taramas..................................................................................................................... 275
BLG GVENL AKADEMS | Backtrack Nedir?
[BEYAZ APKALI HACKER ETM] BGA
SYN Tarama ncelemesi .................................................................................................................... 275
Hping ile XMAS tarama .................................................................................................................... 277
FIN Scan rnei................................................................................................................................ 277
THC-Amap ........................................................................................................................................... 277
UNICORNSCAN ile Port Tarama ........................................................................................................ 278
letim Sistemi Belirleme ...................................................................................................................... 281
Aktif saptama Aralar ...................................................................................................................... 281
Xprobe2 ............................................................................................................................................ 281
Pasif saptama Aralar ...................................................................................................................... 281
NMAP ile iletim sistemi belirleme ................................................................................................... 281
Koruma ............................................................................................................................................ 282
P0f ile iletim sistemi belirleme ........................................................................................................ 284
Xprobe ile iletim sistemi belirleme .................................................................................................. 284
Yaplan Taramalar IDS ile zleme/Engelleme ........................................................................................ 285
SynCookie/SynProxy ile korunan sistemlere ynelik port tarama ...................................................... 286
NESSUS ile Otomatize Zayflk Analizi ................................................................................................... 290
Nessus Projesi ...................................................................................................................................... 290
Projeye ait baz nemli zellikler ...................................................................................................... 290
Yerel ve Uzak sistemler gvenlik testi ............................................................................................... 291
Kurulum & Kullanm ............................................................................................................................. 291
Backtrack Linux zerine Nessus Kurulumu ....................................................................................... 291
Windows zerinde Nessus Kullanm ................................................................................................ 294
Aktivasyon ................................................................................................................................... 295
Sunucu Seimi .............................................................................................................................. 296
Kullanc lemleri ............................................................................................................................. 297
Tarama lemi .................................................................................................................................. 298
Tarama Politikalar ....................................................................................................................... 300
Uyumluluk Denetimi ........................................................................................................................ 310
Yerel aklklarn Nessus ile Taranmas .......................................................................................... 311
Komut Satrndan Nessus Taramas .................................................................................................. 311
Plugin Veritaban Gncelleme ......................................................................................................... 314
Raporlama ....................................................................................................................................... 315
BLG GVENL AKADEMS | Backtrack Nedir?
10
[BEYAZ APKALI HACKER ETM] BGA
Taramalarda Sorun Bulma ............................................................................................................ 319
Nessusa Plugin Yazma ................................................................................................................. 319
Windows Sistemleri Gvenlik Taramalar:MBSA ................................................................................... 321
Gvenlik Testlerinde Nikto Kullanm.................................................................................................... 322
Aklk Veritaban gncelleme .......................................................................................................... 322
Aklk Tarama.................................................................................................................................. 322
IDS Atlatma(Evasion) Tekniklerinin Kullanm.................................................................................... 323
METASPLOIT LE EXPLOIT ALITIRMA ................................................................................................. 327
Metasploit Nedir? ................................................................................................................................ 327
Ne amala kullanlr? ........................................................................................................................ 327
Baz Tanmlar ................................................................................................................................... 327
Metasploit Kurulumu ....................................................................................................................... 327
Windows iin................................................................................................................................ 327
Linux iin ...................................................................................................................................... 327
Metasploit alma Ortam ............................................................................................................... 328
Msfconsole ile Metasploit Kullanm ............................................................................................. 328
Exploit ve Payloadlar grntleme .............................................................................................. 329
Exploitleri grntleme ve bilgi alma ........................................................................................... 329
rnek Exploit Denemesi ................................................................................................................... 332
Metasploit GUI Kullanm ................................................................................................................. 334
Metasploit Ana Ekran .................................................................................................................. 335
Exploit Arama............................................................................................................................... 336
Exploit Detaylar ........................................................................................................................... 337
Exploit Kodu Grntleme ........................................................................................................... 338
Exploit altrma ......................................................................................................................... 339
Metasploit Komut satrndan Kullanm ................................................................................................. 346
Exploit altrmann Zararlar....................................................................................................... 351
BLG GVENL AKADEMS | Backtrack Nedir?
11
You might also like
- Lineer Cebir Hafta5Document16 pagesLineer Cebir Hafta5Abdurrahman HazerNo ratings yet
- Elektronik Ve İşlemciler - Atmega8 Ve RS232 Ile 3 Renkli LED Modül Sürülmesi PDFDocument12 pagesElektronik Ve İşlemciler - Atmega8 Ve RS232 Ile 3 Renkli LED Modül Sürülmesi PDFAbdurrahman HazerNo ratings yet
- Soyut Matematik PDFDocument96 pagesSoyut Matematik PDFgkhn kc60% (15)
- INNA - Take Me Higher (Türkçe Çeviri)Document3 pagesINNA - Take Me Higher (Türkçe Çeviri)Abdurrahman HazerNo ratings yet
- IstatistikDocument43 pagesIstatistikAbdurrahman Hazer0% (1)
- Devre Analizi 2 Ders NotlariDocument77 pagesDevre Analizi 2 Ders NotlariAbdurrahman Hazer100% (2)
- Naruto Shippuuden 414. Bölüm IzleDocument3 pagesNaruto Shippuuden 414. Bölüm IzleAbdurrahman HazerNo ratings yet
- Otomatik Kontrol - Benjamin C.kuo Ders NotlarıDocument2 pagesOtomatik Kontrol - Benjamin C.kuo Ders NotlarıAbdurrahman HazerNo ratings yet
