Xam nhap the gioi hacker ky 2 Truy tim

Tags: giam doc cong ty, cua cong ty, he thong mang, tu dia chi, dia chi email, may chu, xam nhap, kiem tra, the gioi, toan bo, may tinh, hf, hacker, toi, vu


Xam nhap the gioi hacker ky 2 Truy tim
Mot sang no, giam doc cong ty A. nhan duoc mot email co tieu de dam mui giang ho “Cong ty A - Song hay Chet?” tu dia chi email cua… GD phu trach ky thuat voi noi dung thong bao rang toan bo he thong mang cua cong ty da bi kiem soat.

Chuyen khong phai dua khi kem theo do la mot file chua cau truc thu muc cua mot so may chu phuc vu web dat tai van phong chinh cung voi yeu cau mot so tien lon de giu im lang va khong khai thac du lieu ve khach hang cua cong ty. Nhiem vu cua toi la tra loi cho duoc cac cau hoi: Ai da lam gi? Khi nao va nhu the nao?

Cong ty A. la mot cong ty lon co chi nhanh tren toan the gioi voi hang ngan nhan vien. Chinh sach bao mat cua cong ty A. rat tot va duoc cap nhat deu dan hang thang. Cac nhan vien IT cua cong ty A cung co nhieu kinh nghiem trong viec xu ly cac su co tren he thong mang.

De phuc vu cho viec truy cap du lieu cho toan bo cac chi nhanh tren khap the gioi, van phong chinh quyet dinh su dung he thong VPN (1) de de quan ly va co cac chinh sach bao mat hop ly.

Mot buoi sang thu hai dau tuan nhu moi ngay dau tuan khac, P. - tong giam doc cua cong ty A., ngoi doc cac email tu doi tac, cap duoi, thong tin phan hoi cua khach hang … Nhung hom nay, TGD P. bi thu hut boi mot email co tieu de dam mui giang ho “Cong ty A - Song hay Chet?” tu dia chi email cua giam doc phu trach ky thuat voi noi dung thong bao rang toan bo he thong mang cua cong ty da bi kiem soat.

Dang ngac nhien hon la email gui kem mot file chua cau truc thu muc cua mot so may chu phuc vu web dat tai van phong chinh cung voi yeu cau mot so tien lon de giu im lang va khong khai thac du lieu ve khach hang cua cong ty. Chang nhung vay, ke tong tien con dong thoi kem theo mot loi canh cao rang khong nen dung gi toi cac may chu da bi xam nhap neu khong se phai tra gia dat!

“Mot chuyen dua u? The nay thi khong the nao dua roi!”, TGD P. tu nhu. Boc dien thoai, dien ngay cho GD ky thuat M. va P. nhanh chong duoc xac nhan rang M. khong he gui mot email nao nhu the. Bo phan IT cua cong ty nhanh chong bat tay vao viec va dua ra giai phap cho tinh huong. Ho rut cable cua may chu tinh nghi bi xam nhap ra khoi he thong mang nhung lap tuc, man hinh cac may chu nay lap tuc xuat hien nhung hinh hoat hinh nhay mua va roi tat ca chi con mot mau den! Nhan vien bo phan IT hot hoang tat may va goi dien cho toi.

Chung cu

Ngay chieu hom do, toi co mat tai “hien truong” xay ra “vu an”. “To chuc kha quy mo va bai ban”, toi tu nhu sau khi tiep can voi he thong mang cua cong ty A. He thong mang cua cong ty nay su dung mot Hardware Firewall (HF) cua CISCO co chuc nang VPN, mot Proxy Server kiem luon chuc nang lam Software Firewall (SF) chay tren nen Linux. Toan bo he thong duoc dat sau Firewall (tuong lua), biet lap hoan toan voi Internet va khong chap nhan bat cu mot ket noi nao tu ben ngoai. Nhu vay cac cuoc tan cong tu ngoai vao se duoc loai bo ngay boi HF. Toi lap tuc dat ra 2 gia thuyet: 1. He thong da bi tan cong tu ben trong boi nhan vien cua cong ty; 2). HF co loi va bi khai thac loi do.

Theo cam tinh va kinh nghiem lam viec, toi kiem tra ngay phan HF de co the loai tru bot cac truong hop it co kha nang xay ra. Day la loai HF hien dai vao bac nhat cua CISCO vao thoi diem hien tai. Firmware (2) cua HF da duoc cap nhat phien ban moi nhat tu nha cung cap CISCO va tinh toi thoi diem cuoc tan cong bi phat hien, van chua co mot loi bao mat co the khai thac nao ve dong HF nay duoc nha cung cap cung nhu cac website bugtraq thong bao. Co the loai bo truong hop bi tan cong truc tiep tu ben ngoai? Van chua co gi chac chan ca!

Quay lai cac may chu da bi “chet”, toi ngan ngam khi biet rang toan bo cac may chu do da bi xoa sach se. Tren o cung cua 3 may chu chi con lai mot tap tin 0wned. Cung may la du lieu khach hang cua cac may nay da duoc sao luu tren o bang tu. Nhu vay la hien truong xay ra vu an da bi phi tang sach se. Moi co gang phuc hoi du lieu tro nen vo nghia khi o cung bi ghi de len mot bang FAT moi. Dieu nay cung dong nghia voi viec cac dau moi de dieu tra cuoc tan cong da bi xoa sach va cuoc dieu tra lai cuoc tan cong cua hacker duoc dua vao mot ngo cut toi tam. Toi ket thuc mot ngay met moi voi hang tram dong syslog cua HF va 3 cai may chu da bi xoa sach o cung.

Lan theo dau vet

Ngay hom sau, sau dot tong kiem tra HF, toi quay lai voi manh moi duy nhat luc do la email da duoc gui toi tong giam doc cua cong ty. Phan tich email header va log cua mail server, toi nhan ra rang email nay duoc gui tu IP 192.168.4.36. Nhu vay gia thuyet he thong bi tan cong tu ben trong co ve kha thi va ro rang nhat nhung cong ty co ca mot he thong mang lon voi rat nhieu tram lam viec khap noi tren the gioi. Toi yeu cau bo phan IT xac dinh IP nay thuoc chi nhanh nao. Cac thong tin ve IP 192.168.4.36 duoc nhanh chong thu thap.

C:>nslookup

Default Server : ns1.company.com

Address : 172.160.7.41

>192.168.4.36

Server : ns1.company.com

Address : 172.160.7.41

Name : 192-168-4-36-TS.sales-vpn2.e-asia.company.com

Address : 192.168.4.36

Nhung thong tin nay kha huu ich. Nho no ma toi biet duoc email nay duoc gui tu chi nhanh Y va chiec may so huu dia chi IP nay chinh la mot may tram (workstation) lam viec cua nhan vien K. - mot nhan vien lam viec lau nam trong cong ty. May tinh nay su dung he dieu hinh Windows 2000 Professional. Theo yeu cau cua ban quan ly, o cung cua may tinh nay nhanh chong duoc thao ra va chuyen toi van phong chinh.

Hai ngay sau. O cung cua may tinh tu chi nhanh Y da duoc chuyen toi. Toi gan no vao mot may tinh doc lap voi mang cua cong ty A. va dang nhap voi mat khau cua Administrator de bat dau qua trinh kiem tra. He thong hoat dong binh thuong. Cac phan mem duoc cai dat deu la phan mem nam trong quy dinh cua cong ty.

Moi thu khong co gi bat thuong ca. Tuy nhien, moi thu bat dau bat thuong khi toi kiem tra toi cac tai khoan nguoi dung tren he thong. Ngoai cac tai khoan Administrator, Guest, NVK (von la tai khoan cua nhan vien K.) toi da tim thay mot tai khoan khac do la tai khoan 0wn. Toi dien cho K. va duoc anh ta xac nhan rang khong he cai them bat cu mot account nao tren he thong. Nhu vay tai khoan 0wn la mot account duoc tao ra de lan sau dang nhap de dang hon chang?

Tiep tuc kiem tra cac xu ly (process) dang chay tren he thong, toi tim ra mot process co cai ten hay tuyet: system32.exe. Process nay nam ngay canh system32.dll (mot tap tin thu vien dong cua he thong). Phai cong nhan rang tay hacker nay cung rat thong minh khi dat ten cua backdoor (3) trung ten voi mot tap tin he thong. No de dang danh lua nhung nguoi thieu kinh nghiem va ca nhung nguoi co kinh nghiem nhung thieu can than. Bang lenh dir cung khoa chuyen /s toi nhanh chong xac dinh duoc vi tri cua tap tin system32.exe. No duoc dat tai 2 thu muc la WIN2K/SYSTEM32 va WIN2K/SYSTEM32/DLLCACHE.

Uhm, system32.exe nay la cai gi vay nhi? Toi quyet dinh chay thu xem no la cai gi. Sau mot hoi loay hoay voi du cac khoa chuyen, toi xac dinh duoc no chinh la netcat. Mot cong cu quen thuoc cua cac quan tri vien va cung la mot backdoor loi hai cua nhung ke xam nhap. No nhu mot chiec dua than cho nhung ke xam nhap voi hang loat nhung chuc nang nhu ket noi toi mot may chu, quet cong, truyen tai tap tin, va hoat dong nhu mot backdoor.

Kiem tra thu muc Start Up cua he thong – hoan toan binh thuong, khong he co mot file nao goi toi system32.exe. Kiem tra he thong System Registry, toi chot mung hum vi cam giac minh kham pha ra them mot manh moi, system32.exe da duoc goi khi may khoi dong voi khoa chuyen nhu sau: system32.exe -p 23985 -d -L -e cmd.exe.

Wow, kiem tra tiep thu xem sao! Toi su dung telnet vao localhost voi port 23985 va ket qua nhan duoc la mot shell lenh cua he thong Windows voi dau nhac C:> quen thuoc.

Mot buc tranh so luoc nhanh chong duoc phac hoa trong dau toi: hacker tan cong vao may tram cua nhan vien K. de chiem quyen dieu khien. Sau do dung may nay tan cong tiep vao cac may trong tru so chinh va gui email de “xin tien”. Co ve hop logic nhung van co vai diem chua thuyet phuc. Do la gi nhi? Toi met moi thiep di va danh kham pha cau tra loi vao ngay mai.

THANH TRUC

Tin, bai lien quan:
Ky 1: Cuoc dot nhap luc nua dem
Ky toi: Lo mat

__________________________

(1) VPN : Virtual Private Network : mang rieng ao. Su dung cong nghe VPN co the thiet lap mot mang LAN cho cong ty thong qua Internet giup cho nhan vien cua cong ty co the lam viec tai bat cu dau.

(2) Firmware: la mot chuong trinh may tinh duoc tich hop san trong bo nho chi doc (ROM - Read Only Memory) cua thiet bi phan cung. No se nhan nhiem vu xu ly cac tac vu giong nhu mot he dieu hanh.

(3) Backdoor: cua sau. Mot so quan tri vien se su dung Vung tin cay (trusted zone) de loai bo cac ket noi tu cac may tinh nam ngoai vung IP nay. Dieu nay giup giam bot tai he thong, bao mat hon nhung neu chu quan se bi danh lua. Cac hacker cao thu co the gia mao IP de thuc hien cac ket noi bat hop phap tu IP ko phai nam trong Trusted Zone.

Viet Bao
Chủ đề liên quan
Tìm hiểu: giam doc cong ty, cua cong ty, he thong mang, tu dia chi, dia chi email, may chu, xam nhap, kiem tra, the gioi, toan bo, may tinh, hf, hacker, toi, vu

Xem Bản Tiếng Việt Có Dấu: Xâm nhập thế giới hacker (kỳ 2): Truy tìm

Ban co the doc ban tieng Viet co dau cua bai viet Xâm nhập thế giới hacker (kỳ 2): Truy tìm bang cach nhan chuot vao duong dan tren.

Lien he ve tin Xam nhap the gioi hacker ky 2 Truy tim

Nhan xet, hay lien he ve tin Xam nhap the gioi hacker ky 2 Truy tim co the gui bang duong dan o duoi. Ban nen gui kem tieu de bai viet Xam nhap the gioi hacker ky 2 Truy tim de lam tham khao. Bai viet nay thuoc chuyen de Tin Tong hop trong chuyen muc Cong nghe.

Cac tin khac:

Xem tiep ... Tin Tong hop
Kenh Tin RSS Kenh Tin RSS | Du Bao Thoi Tiet | Lich Xem TV | Lien He - Contact | Quang Cao | Viec Lam | Dieu Kien Su Dung | Bao Ve Tinh Rieng Tu | Sitemap

Copyright©2008 VietBao.vn, Thu Vien Thong Tin Tong Hop Viet Nam va The Gioi, phien ban thu nghiem phan mem Viet Bao Viet Nam, beta 1.0