Scribd Logo
Upload

Welcome to Scribd!

  • 1111

    Uploaded by

    Diễn Đàn Học Tập
    25 views36 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views36 pages

    1111

    Uploaded by

    Diễn Đàn Học Tập

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 36

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Bi 5:

    CC PHNG PHP SNIFFER


    I/ Gii thiu v Sniffer A. TNG QUAN SNIFFER Sniffer c hiu n gin nh l mt chng trnh c gng nghe ngng cc lu lng thng tin trn mt h thng mng Sniffer c s dng nh mt cng c cc nh qun tr mng theo di v bo tr h thng mng. V mt tiu cc, sniffer c s dng nh mt cng c vi mc ch nghe ln cc thng tin trn mng ly cc thng tin quan trng Sniffer da vo phng thc tn cng ARP bt gi cc thng tin c truyn qua mng. Tuy nhin nhng giao dch gia cc h thng mng my tnh thng l nhng d liu dng nh phn (binary). Bi vy hiu c nhng d liu dng nh phn ny, cc chng trnh Sniffer ny phi c tnh nng phn tch cc nghi thc (Protocol Analysis), cng nh tnh nng gii m (Decode) cc d liu dng nh phn hiu c chng Mt s cc ng dng ca Sniffer c s dng nh: dsniff, snort, cain, ettercap, sniffer pro B. HOT NG CA SNIFFER Sniffer hot ng ch yu da trn dng tn cng ARP. TN CNG ARP 1. Gii thiu y l mt dng tn cng rt nguy him, gi l Man In The Middle. Trong trng hp ny ging nh b t my nghe ln, phin lm vic gia my gi v my nhn vn din ra bnh thng nn ngi s dng khng h hay bit mnh b tn cng 2. S Lc Qu trnh hot ng Trn cng mt mng, Host A v Host B mun truyn tin cho nhau, cc Packet s c a xung tng Datalink ng gi, cc Host phi ng gi MAC ngun, MAC ch vo Frame. Nh vy trc khi qu trnh truyn D liu, cc Host phi hi a ch MAC ca nhau. Nu nh Host A khi ng qu trnh hi MAC trc, n s gi broadcast gi tin ARP request cho tt c cc Host hi MAC Host B, lc Host B c MAC ca Host A, sau Host B ch tr li cho Host A MAC ca Host B(ARP reply ). C 1 Host C lin tc gi ARP reply cho Host A v Host B a ch MAC ca Host C, nhng li t a ch IP l Host A v Host B. Lc ny Host A c ngh my B c MAC l C. Nh vy cc gi tin m Host A gi cho Host B u b a n Host C, gi tin Host B tr li cho Host A cng a n Host C. Nu Host C bt chc nng forwarding th coi nh Host A v Host B khng h hay bit rng mnh b tn cng ARP

    VSIC Education Corporation

    Trang 38

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Host A

    Host B

    Host C . V d: Ta c m hnh gm cc host Attacker: l my hacker dng tn cng ARP IP: 10.0.0.11 MAC: 0000.0000.1011 Victim: l my b tn cng IP: 10.0.0.12 MAC: 0000.0000.1012 HostA IP: 10.0.0.13 MAC: 0000.0000.1013 u tin, HostA mun gi d liu cho Victim, cn phi bit a ch MAC ca Victim lin lc. HostA s gi broadcast ARP Request ti tt c cc my trong cng mng LAN hi xem IP 10.0.0.12 (IP ca Victim) c a ch MAC l bao nhiu. Attacker v Victim u nhn c gi tin ARP Request, nhng ch c Victim gi tr li gi tin ARP Reply li cho HostA. ARP Reply cha thng tin v IP 10.0.0.12 v MAC 0000.0000.1012 ca Victim HostA nhn c gi ARP Realy t Victim, bit c a ch MAC ca Victim l 0000.0000.1012 s bt u thc hin lin lc truyn d liu n Victim. Attacker khng th xem ni dung d liu c truyn gia HostA v Victim

    My Attacker mun thc hin ARP attack i vi my Victim. Attacker mun mi gi tin HostA gi n my Victim u c th chp li c xem trm - Attacker thc hin gi lin tc ARP Reply cha thng tin v IP ca Victim 10.0.0.12, cn a ch MAC l ca Attacker 0000.0000.1011. - HostA nhn c ARP Reply ngh rng IP Victim 10.0.0.12 c a ch MAC l 0000.0000.1011. HostA lu thng tin ny vo bng ARP Cache v thc hin kt ni. - Lc ny mi thng tin, d liu HostA gi ti my c IP 10.0.0.12 (l my Victim) s gi qua a ch MAC 0000.0000.1011 ca my Attacker.
    VSIC Education Corporation Trang 39

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    CAIN (S dng phn mm CAIN) 1.Yu cu v phn cng: - cng cn trng 10 Mb - h iu hnh Win 2000/2003/XP - cn phi c Winpcap 2. Ci t:

    Chn Next.

    VSIC Education Corporation

    Trang 40

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Chn Next.

    Chn Finish.

    VSIC Education Corporation

    Trang 41

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    VSIC Education Corporation

    Trang 42

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    VSIC Education Corporation

    Trang 43

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    3. Cu hnh Cain & Abel cn cu hnh mt vi thng s, mi th c th c iu chnh thng qua bng Configuration dialog . Sniffer tab:

    -Ti y chng ta chn card mng s dng tin hnh sniffer v tnh nng APR . Check vo Option kch hot hay khng kch hot tnh nng. -Sniffer tng thch vi Winpcap version 2.3 hay cao hn . Version ny h tr card mng rt nhiu .
    VSIC Education Corporation Trang 44

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    APR tab:

    -y l ni bn c th config ARP . Mc nh Cain ngn cch 1 chui gi gi ARP t nn nhn trong vng 30 giy . y thc s l iu cn thit bi v vic xm nhp vo thit b c th s gy ra s khng lu thng tnh hiu . T dialog ny bn c th xc nh thi gian gia mi ln thc thi ARP, xc nh thng s t s to cho ARP lu thng nhiu,ngc li s kh khn hn trong vic xm nhp . -Ti mc ny, ta cn ch ti phn Spoofing Options: +Mc u tin cho php ta s dng a ch MAC v IP thc ca my m mnh dang s dng. +Mc th hai cho php s dng mt IP v a ch MAC gi mo. (Lu a ch ta chn phi khng trng vi IP ca my khc) Khi click vo tab filters and ports, ta s thy mt s thng tin v giao thc v cc con s port tng ng vi giao thc .

    VSIC Education Corporation

    Trang 45

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Fliter and Ports Tab: -Ti y bn c th chn kch hot hay khng kch hot cc port ng dng TCP/UDP . HTTP fields tab:

    VSIC Education Corporation

    Trang 46

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    - Ti y c 1 list danh sch username v password s dng c HTTP sniffer lc li. - Ti tab ny cho php ta bit dc chng trnh ny s bt 1 s thng tin v trang web nh: + Mc Username Fields: n s ly thng tin nhng g lin quan n ci tn (user name, account, web name v.v..) . + Mc Password Fields: lanh vc ny s m nhim vai tr ly thng tin v password (login password, user pass, webpass v.v) 4. Cc ng dng ca CAIN: + Bo v password manager: Trc ht n c s dng nh 1 private key bo mt mt s vn cho user . Hu ht thng tin trong Protected Storage c m ha.S dng nh 1 key nhn c t vic logon password ca user.Cho php iu ha vic truy cp thng tin owner c th an ton truy xut . Mt vi ng dng ca Windows c nt c trng nn s dng dch v ny: Internet Explorer, Oulook, Oulook Express

    + Gii m password manager: N cho php bn a user names v passwords cho 1 ti nguyn mng khc v 1 ng dng,sau h thng t ng cung cp thng tin v nhng s ving thm thng tin m bn khng can thip. + LSA secrets dumper: LSA secrets th s dng thng tin password cho accounts dng start mt dch v khc d liu cc b. Dial Up v mt s ng dng khc xc nh password nm y . + Gii m password Dial-Up:

    VSIC Education Corporation

    Trang 47

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    +APR: APR l nt c trng chnh ca chng trnh .N cho php lng nghe v cc mng chuyn mch v s tn cng lu thng IP gia cc host . APR poinsion routing thc hin: tn cng v nh tuyn chnh xc a ch ch APR tn cng c bn thng qua thao tc ca host ARP.Trn 1 a ch IP hay Ethernet khi m 2 host mun truyn tin ln nhau th phi bit a ch MAC addresses ca nhau. Host gc thy bng ARP nu m y c 1 MAC addresses tng ng vi a ch IP addresses ca n. Nu khng, n l a ch broadcasts,mt li yu cu ARP hi a ch MAC ca a ch ch. Bi v gi thng tin ny c gi trong min broadcasts, n s i n nhng ci host cng subnet, tuy nhin host vi IP address trn l thuyt khi nhn c yu cu s tr li li a ch MAC gc ca n. Tri li nu ARP-IP tip cn a ch ch ca host th n sn sng a ra soure host trn ARP cache. iu ny s c dng pht sinh lu thng ARP Config: Cn chnh 1 vi thng s, iu ny c th thc hin c bng vic ch r vic bt chc MAC v IP addresses bng vic s dng ARP poision packets . iu ny tht s kh khn khi khng li vt tch ca vic tn cng bi v ngi tn cng thc t khng bao gi gi a ch qua li trn mng.Trn mng ngi tn cng lc no cng ln lc gia quan st

    VSIC Education Corporation

    Trang 48

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Hnh trn l ta mun tn cng ip t 192.168.0.1 ( 192.168.0.10 .Cng vic tin hnh theo c ch Ngi gia, chng trnh s thc hin 1 s tn cng ARP poision, CAIN c th pht trin s tn cng b nh Ca nhiu host trong khong thi gian nh nhau, bn cn chn 1 a ch bn tri

    + Service manager: ta c th start/stop,pause/continued hay remove bt c 1 dch v no c trn ca s giao din

    VSIC Education Corporation

    Trang 49

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    + Sniffer: ARP-DNS: Nt c trng y l cho php DNS tin hnh gi mo thnh 1 DNS-reply c th tn cng.

    ARP-DNS d dng to ra 1 ip address trn DNS-reply .Sniffer d dng rt ra c tn yu cu t gi d liu kt hp vi vic thy c a ch trn bng danh sch. y gi d liu s c chnh li IP address sau re-route i .Lc ny client s b nh la ta d dng bit c a ch ch . ARP-HTTPS:

    VSIC Education Corporation

    Trang 50

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    ARP-HTTPS cho php vic bt gi v gii m trong s lu thng ca HTTPS gia cc host . y l cng vic kt hp vi cng c Certificate Collector . Khi m nn nhn Start HTTPS trnh duyt ca anh ta s hin ln po-pup bo ng .

    VSIC Education Corporation

    Trang 51

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    + Certificates Collector:

    VSIC Education Corporation

    Trang 52

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    VSIC Education Corporation

    Trang 53

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    ETTERCAP
    1. Gii Thiu Ettercap l chng trnh phn tch cc gi tin gi qua mng, v th Ettercap cng l mt phn mm hiu nghim cho php ngi s dng nh hi cc d liu trn mng LAN, k c nhng thng tin c m ha. Ettercap c th gi danh a ch MAC ca card mng b tn cng, thay v gi tin c truyn n my tnh cn n th n li c truyn n my tnh c ci ettercap ri sau mi truyn n my tnh ch 2. Install trn Linux Trc khi Install, chng ta cn chun b 3 gi ci sau: + ettercap-NG-0.7.1.tar c th download t website http://prdownloads.sourceforge.net/ettercap + libpcap-0.8.1.tar + libnet-1.1.2.1.tar c th download t website http://www.packetfactory.net/libnet/dist/ Install libnet: 1. 2. 3. 4. 5. # tar zxvf libnet-1.1.2.1.tar.gz # cd libnet # ./configure # make # make install

    Install libpcap: 6. # tar zxvf libpcap-1.1.2.1.tar.gz 7. # cd libpcap 8. # ./configure 9. # make 10. # make install Install ettercap: 1. 2. 3. 4. # tar zxvf ettercap-NG-0.7.1.tar.gz # cd ettercap-NG-0.7.1 # ./configure # make
    Trang 54

    VSIC Education Corporation

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    5. # make install Qu trnh ci t hon tt, trn ca s console xut hin nhng dng thng bo

    3. Cu Hnh v S Dng Ettercap - M giao din Ettercap bng cch g dng lnh # ettercap C

    VSIC Education Corporation

    Trang 55

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    - Trc khi tin hnh cu hnh, ta kim tra option Promisc mode c dc check cha, nu cha th chn check

    Trong menu sniff, chn Unified sniffing..

    VSIC Education Corporation

    Trang 56

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Chn card mng s dng

    khi ng qu trnh lng nghe, chn menu start, start sniffing

    VSIC Education Corporation

    Trang 57

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Ti dng User Messages se xut hin thng bo cho bit dch v ang start ln

    Trong menu Host, chn Scan from hosts

    VSIC Education Corporation

    Trang 58

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Trong menu Mitm, chn Arp poisoning

    VSIC Education Corporation

    Trang 59

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    - Khng chn parameters, nhn enter b qua - Ti dng User messages xut hin thng bo
    VSIC Education Corporation Trang 60

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    - xem cc host c qut, chn Connections, trong menu View

    bt gi, chn host no ang ch active, s hin ra bn cc gi bt c, cc gi ny s hin th di dng m ha

    VSIC Education Corporation

    Trang 61

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    - Chn Log all packets and infos trong menu Logging save nhng file logs cha cc gi bt c li - c th c c cc gi di dng m ha , trong ca s console, g lnh # etterlog p k i ascii logfile.eci | less

    4. Tnh Nng Ca Ettercap Ettercap cung cp cho ta mt s plug-in, bng cch chn nhng plug-in ny, ta c th ng dng mt s tnh nng quan trng ca ettercap

    VSIC Education Corporation

    Trang 62

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Ngoi ra Ettercap cn c 2 plug-in rt quan trng l arpcop v leech

    VSIC Education Corporation

    Trang 63

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    N cho php ta c th dng chnh Ettercap bo v my mnh trc cc chng trnh sniffer khc trn mng 1. Arpcop: Nu nghi ng ai ang nghe ln trn mng, bn khi ng ettercap v chn plug-in ny, i tng s dng ettercap hay dsniff ta vn c th d tm c, lc mt ca s mi s hin th nhng my tnh ang chy cc chng trnh spoofing arp trn mng. 2. Leech: Khi xc nhn c i tng tn cng, ta c th tin hnh c lp my tnh ny khi mng ngay lp tc bng cch s dng plug-in ny. Cn c th dng ettercap pht hin cc my b nhim virus ang pht tn trn mng ri c lp chng bng leech, sau dit bng cc chng trnh chng virus rt hiu qu.

    VSIC Education Corporation

    Trang 64

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Bi 6:

    Tn Cng t chi dch v DoS


    I/ Gii thiu: DoS attack l g? (Denial Of Services Attack ) DoS attack (dch l tn cng t chi dch v ) l kiu tn cng rt li hi, vi loi tn cng ny, bn ch cn mt my tnh kt ni Internet l c th thc hin vic tn cng c my tnh ca I phng . thc cht ca DoS attack l hacker s chim dng mt lng ln ti nguyn trn server (ti nguyn c th l bng thng, b nh, cpu, a cng, ... ) lm cho server khng th no p ng cc yu cu t cc my ca ngui khc (my ca nhng ngi dng bnh thng ) v server c th nhanh chng b ngng hot ng, crash hoc reboot .

    Cc loi DoS attack hin ang c bit n v s dng: a.) Winnuke: - DoS attack loi ny ch c th p dng cho cc my tnh ang chy Windows9x . Hacker s gi cc gi tin vi d liu Out of Band n cng 139 ca my tnh ch. (Cng 139 chnh l cng NetBIOS, cng ny ch chp nhn cc gi tin c c Out of Band c bt). Khi my tnh ca victim nhn c gi tin ny, mt mn hnh xanh bo li s c hin th ln vi nn nhn do chng trnh ca Windows nhn c cc gi tin ny nhng n li khng bit phn ng vi cc d liu Out Of Band nh th no dn n h thng s b crash . b.) Ping of Death: - kiu DoS attack ny, ta ch cn gi mt gi d liu c kch thc ln thng qua lnh ping n my ch th h thng ca h s b treo. - VD: ping l 65000 c . ) Teardrop: - Nh ta bit, tt c cc d liu chuyn i trn mng t h thng ngun n h thng ch u phi tri qua 2 qu trnh: d liu s c chia ra thnh cc mnh nh h thng ngun, mi mnh u phi c mt gi tr offset nht nh xc nh v tr ca mnh trong gi d liu c chuyn i. Khi cc mnh ny n h thng ch, h thng ch s da vo gi tr offset sp xp cc mnh li vi nhau theo th t ng nh ban u . Li dng s h , ta ch cn gi n h thng ch mt lot gi packets vi gi tr offset chng cho ln nhau. H thng ch s khng th no sp xp li cc packets ny, n khng iu khin c v c th b crash, reboot hoc ngng hot ng nu s lng gi packets vi gi tr offset chng cho ln nhau qu ln !
    VSIC Education Corporation Trang 65

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    d. ) SYN Attack: - Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch ip ngun khng c thc. H thng ch khi nhn c cc SYN packets ny s gi tr li cc a ch khng c thc v ch I nhn thng tin phn hi t cc a ch ip gi . V y l cc a ch ip khng c thc, nn h thng ch s s ch i v ch v cn a cc ``request`` ch i ny vo b nh, gy lng ph mt lng ng k b nh trn my ch m ng ra l phi dng vo vic khc thay cho phi ch i thng tin phn hi khng c thc ny . Nu ta gi cng mt lc nhiu gi tin c a ch IP gi nh vy th h thng s b qu ti dn n b crash hoc boot my tnh . == > nm du tay . e . ) Land Attack: - _ Land Attack cng gn ging nh SYN Attack, nhng thay v dng cc a ch ip khng c thc, hacker s dng chnh a ch ip ca h thng nn nhn. iu ny s to nn mt vng lp v tn gia trong chnh h thng nn nhn , gia mt bn cn nhn thng tin phn hi cn mt bn th chng bao gi gi thng tin phn hi i c . == > Gy ng p lng ng . f . ) Smurf Attack: - Trong Smurf Attack, cn c ba thnh phn: hacker (ngi ra lnh tn cng), mng khuch i (s nghe lnh ca hacker) v h thng ca nn nhn. Hacker s gi cc gi tin ICMP n a ch broadcast ca mng khuch i. iu c bit l cc gi tin ICMP packets ny c a ch ip ngun chnh l a ch ip ca nn nhn . Khi cc packets n c a ch broadcast ca mng khuch i, cc my tnh trong mng khuch i s tng rng my tnh nn nhn gi gi tin ICMP packets n v chng s ng lot gi tr li h thng nn nhn cc gi tin phn hi ICMP packets. H thng my nn nhn s khng chu ni mt khi lng khng l cc gi tin ny v nhanh chng b ngng hot ng, crash hoc reboot. Nh vy, ch cn gi mt lng nh cc gi tin ICMP packets i th h thng mng khuch i s khuch i lng gi tin ICMP packets ny ln gp bI . T l khuch i ph thuc vo s mng tnh c trong mng khuch I . Nhim v ca cc hacker l c chim c cng nhiu h thng mng hoc routers cho php chuyn trc tip cc gi tin n a ch broadcast khng qua ch lc a ch ngun cc u ra ca gi tin . C c cc h thng ny, hacker s d dng tin hnh Smurf Attack trn cc h thng cn tn cng . == > mt my lm chng si nh, chc my chm li ta nh cho thua . g . ) UDP Flooding: - Cch tn cng UDP i hi phi c 2 h thng my cng tham gia. Hackers s lm cho h thng ca mnh i vo mt vng lp trao i cc d liu qua giao thc UDP. V gi mo a ch ip ca cc gi tin l a ch loopback (127.0.0.1 ), ri gi gi tin ny n h thng ca nn nhn trn cng UDP echo (7 ). H thng ca nn nhn s tr li li cc messages do 127.0.0.1(chnh n ) gi n, kt qu l n s i vng mt vng lp v tn. Tuy nhin, c nhiu h thng khng cho dng a ch loopback nn hacker s gi mo mt a ch ip ca mt my tnh no trn mng nn nhn v tin hnh ngp lt UDP trn h thng ca nn nhn . Nu bn lm cch ny khng thnh cng th chnh my ca bn s b y .
    VSIC Education Corporation Trang 66

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    h . ) Tn cng DNS: - Hacker c th i mt li vo trn Domain Name Server ca h thng nn nhn ri cho ch n mt website no ca hacker. Khi my khch yu cu DNS phn tch a ch b xm nhp thnh a ch ip, lp tc DNS ( b hacker thay i cache tm thI ) s i thnh a ch ip m hacker cho ch n . Kt qu l thay v phi vo trang Web mun vo th cc nn nhn s vo trang Web do chnh hacker to ra . Mt cch tn cng t chi dch v tht hu hiu !. g . ) Distributed DoS Attacks (DDos ): - DDoS yu cu phi c t nht vi hackers cng tham gia. u tin cc hackers s c thm nhp vo cc mng my tnh c bo mt km, sau ci ln cc h thng ny chng trnh DDoS server. By gi cc hackers s hn nhau n thi gian nh s dng DDoS client kt ni n cc DDoS servers, sau ng lot ra lnh cho cc DDoS servers ny tin hnh tn cng DDoS n h thng nn nhn . h.) DRDoS (The Distributed Reflection Denial of Service Attack ): - y c l l kiu tn cng li hi nht v lm boot my tnh ca i phng nhanh gn nht . Cch lm th cng tng t nh DDos nhng thay v tn cng bng nhiu my tnh th ngI tn cng ch cn dng mt my tn cng thng qua cc server ln trn th gii . Vn vi phng php gi mo a ch IP ca victim, k tn cng s gi cc gi tin n cc server mnh nht, nhanh nht v c ng truyn rng nht nh Yahoo .v.v, cc server ny s phn hi cc gi tin n a ch ca victim . Vic cng mt lc nhn c nhiu gi tin thng qua cc server ln ny s nhanh chng lm nghn ng truyn ca my tnh nn nhn v lm crash, reboot my tnh . Cch tn cng ny li hi ch ch cn mt my c kt ni Internet n gin vi ng truyn bnh thng cng c th nh bt c h thng c ng truyn tt nht th giI nu nh ta khng kp ngn chn . Trang Web HVA ca chng ta cng b DoS va ri bi cch tn cng ny y . (Trch dn Netsky (vniss))

    II/ M t bi lab: Bi Lab 1: DoS bng cch s dng Ping of death. Ngoi vic s dng cc tool Nemesy ta cn c th s dng lnh sau c th khi ng ping of death For /L %i in (1,1,100) do start ping [ip victim] l 10000 -t

    VSIC Education Corporation

    Trang 67

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Ta c th chy cu lnh ny nhiu ln, c th lm cho my Client b DoS hon ton.

    VSIC Education Corporation

    Trang 68

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Bi lab 2: DoS 1 giao thc khng s dng chng thc(trong bi s dng giao thc RIP) Trong bi ny chng ta s dng Cisco router chy phin bn RIP version 1 v s dng tool Nemesis t my CD Boot Linux chn vo cc thng ip RIP update trn Router. Router khi nhn c thng ip update s lu li trong bn nh tuyn. Do vy ta c th thc thi chng trnh Nemesis nhiu ln v lm cho b nh ca Router y.

    Trc tin ta th lnh sau: nemesis rip -V 1 -c 2 -i 192.168.5.0 -S 192.168.1.51 -D 192.168.1.254 Trong V 1 l ta ang s dng rip version 1, -c 2 l thng tin update, -i 192.168.5.0 l route m chng ta qung b, -S 192.168.1.51 l a ch ngun thng tin(c th khng phi l a ch ca PC, -D 192.168.1.254 l a ch ca fa0/0 Router VSIC1. Sau khi thc hin lnh ny, ta kim tra trn router c route ny cha, sau son 1 script c cc route khc nhau v chy script.

    VSIC Education Corporation

    Trang 69

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Qu trnh inject packet vo Router

    VSIC Education Corporation

    Trang 70

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    Router s b trn Memory

    Bn nh tuyn ca Router lc tn cng

    Nh vy vi vic chn vo nhng thng tin update ca giao thc khng chng thc, chng ta c th lm cho Router khng hot ng c. iu ny ni ln tm quan trng ca

    VSIC Education Corporation

    Trang 71

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    chng thc. Trung Nemesis cn rt nhiu option v cc giao thc ARP, OSPF v.v. Hc vin c th t test nhng giao thc cn li. Bi Lab 3: S dng flash DDoS Ngoi vic tn cng trc tip thng qua cc giao thc nh l RIP, OSPF, ARP v.v. Hacker cn c th s dng cc file flash ln cc forum, khi ngi s dng chy file flash ny(c th l on phim ) th ng thi s gi HTTP POST n nn nhn. Nh vy nu nh file flash ny c ti ln nhiu forum cng nh c nhiu ngi xem cng 1 lc, th v tnh cc Server cha cc file ny tn cng DoS vo Server nn nhn. Ta s dng file Flash trong CD (Module 8)sau , chy file ny bng internet explorer, phn tch bng webscarab proxy.

    VSIC Education Corporation

    Trang 72

    Gio trnh bi tp C|EH

    Ti liu dnh cho hc vin

    File flash m rt nhiu ca s Internet Explorer v mi explorer gi HTTP POST v pha Server nn nhn.

    VSIC Education Corporation

    Trang 73

    You might also like