[COURSE_PTHE] 5. 系统Blackbox
1. 简介:黑盒测试(System Hacking)
系统黑盒测试包括:获取访问权限、修改系统架构等。该视频包括如何获取权限及防御措施。
2. 框架
该视频介绍系统黑盒测试整体框架。
3. 数据流获取(截屏)
该视频介绍了如何在Window下构建、使用备用数据流及防御被侵入-可以创建隐藏在文本文件中的默认启动项(类似backdoor)。
1 Windows CMD: 2 3 > notepad hello.txt 4 ... 5 > type hello.txt 6 7 > notepad hello.txt:hidden.txt 8 9 > type calc.exe > calc_hidden.txt:calc.exe 10 11 > more < hello.txt:hidden.txt 12 13 14 ## 明文文件:附带隐藏文件 15 ## 只能通过notepad hello.txt:hidden.txt打开看内容,而不能用type指令 16 ## 父文件不存在,隐藏文件也会丢失!!!
4. ADS Spy使用
该视频介绍了如何使用相关工具来检测备用数据流攻击。
Windows工具包:1. Streams
2. ADS Spy GUI
5. LCP协议工具
该视频介绍了如何利用LCP工具来双向(收发)嗅探P2P协议过程,获取Local/Remote Windows用户信息。
Password auditing and recovery tool for Windows NT/2000/XP/2003. Accounts information import. Passwords recovering by dictionary attack, brute force attack, hybrid of dictionary and brute force attacks. Brute force session distribution. Hashes computing.
Windows工具包:LCP 5.04 ver.
6. pwdump使用
该视频介绍了Dictionary/ForceBrute/Hybrid模式来破解Windows用户密码工具的使用方法。
1 http://foofus.net/goons/fizzgig/pwdump/downloads.htm 2 3 Windows 2000/XP/2003/Vista/2008 NTLM and LanMan Password Grabber 4 5 windows executable command 6 7 > pwdump.exe hostname 8 > pwdump.exe [remote ip] 9 10 > pwdump.exe [remote ip] >> hash_password.txt
Windows安装包:PWdump
7. x.exe使用
该文简单介绍了如何使用X.exe脚本程序来获得用户访问权限的过程(Backdoor程序-can create a user with group privilege)。
8. sethC使用
在Windows登录界面中启动sethc.exe(cmd.exe)来运行X.exe,创建并获取访问权限。
1 > dir 2 > windows\system32\ 3 4 > copy sethc.exe sethc.exe.back 5 > copy cmd.exe sethc.exe 6 7 win+l to get out 8 multi press Shift button, will popup cmd
9. snow使用
snow是一个Windows/Linux下可伪装信息的文本加密工具。
1 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 2 ██ ██ 3 █▌ - SNOW - HIDE MESSAGES IN A TEXT FILE - █▌ 4 █▌ █▌ 5 █ /\ ▐▌ 6 █ __ \/ __ ▐▌ 7 █ \_\_\/\/_/_/ ▐▌ 8 █ \__ __/ _\_\/_/_ ▐▌ 9 █ /_/ /\ \_\ __/_/\_\__ __ __ ▐▌ 10 █ __ \ \/ / __ /_/ /\/\ \_\ /_/ /\ \_\ ▐▌ 11 █ \_\_\/\/_/_/ /\ __ \ \/ / __ ▐▌ 12 █ __/\___\_\/_/___/\__ \/ \_\_\/\/_/_/ ▐▌ 13 █ \/ __/_/\_\__ \/ /\___\_\/_/___/\ ▐▌ 14 █ /_/ /\/\ \_\ \/ __/_/\_\__ \/ ▐▌ 15 █ __/ /\ \__ /_/ /\/\ \_\ _\/\/_ ▐▌ 16 █ \_\ \/ /_/ __/ \__ __/ /\ \__ _\_\/_/_ ▐▌ 17 █ / \ _\/\/_ \_\ \/ /_/ /_/\_\ ▐▌ 18 █ \_\_\/_/_/ /\/\ ▐▌ 19 █ / /_/\_\ \ ▐▌ 20 █ __/\/\__ ▐▌ 21 █ \ / ▐▌ 22 █ ▐▌ 23 █ (Snowflakes ASCII art by itz aka Ilmarin Karonen.) ▐▌ 24 █ ▐▌ 25 █ "SNOW (Steganographic Nature Of Whitespace) is a program for concealing ▐▌ 26 █ messages in text files by appending tabs and spaces on the end of lines, ▐▌ 27 █ and for extracting messages from files containing hidden messages. Tabs ▐▌ 28 █ and spaces are invisible to most text viewers, hence the steganographic ▐▌ 29 █ nature of this encoding scheme. And if the built-in encryption is used, ▐▌ 30 █ the message cannot be read even if it is detected." ▐▌ 31 █ ▐▌ 32 █ Download the latest version of SNOW from here. It's available for most ▐▌ 33 █ OSes; Linux, DOS and even a Java applet. ▐▌ 34 █ ▐▌ 35 █ I have a text file HERE that has an encrypted secret message in it. ▐▌ 36 █ Even this HTML page you are reading has an encrypted secret message in it. ▐▌ 37 █ Save the text file or this page; right click 'this' and save as if you ▐▌ 38 █ want to decrypt it. ▐▌ 39 █ ▐▌ 40 █ LINUX: ▐▌ 41 █ `````` ▐▌ 42 █ Prerequisite is GCC to compile SNOW (aptitude install gcc) or Java to use ▐▌ 43 █ the Java applet then you don't need to compile it. ▐▌ 44 █ Check for latest version then download it: ▐▌ 45 █ wget http://www.darkside.com.au/snow/snow-20130616.tar.gz ▐▌ 46 █ tar xvzf snow-20130616.tar.gz && cd snow-20130616 ▐▌ 47 █ Compile it, then you are done: make ▐▌ 48 █ ▐▌ 49 █ WINDOWS: ▐▌ 50 █ ```````` ▐▌ 51 █ Download the DOS or Java version, unzip it. I'm using the DOS 32bit v. ▐▌ 52 █ Launch a command prompt window: Press the Windows logo key on your ▐▌ 53 █ keyboard +r to launch Run, then type in the 'Open' drop down window: cmd ▐▌ 54 █ ▐▌ 55 █ Change to the directory containing SNOW.EXE; for example if it is on D ▐▌ 56 █ drive type in and press enter: D: ▐▌ 57 █ cd D:\Downloads\snwdos32\ ▐▌ 58 █ ▐▌ 59 █ USAGE: ▐▌ 60 █ `````` ▐▌ 61 █ To conceal the message 'my secret message' with the password 'OpenSesame' ▐▌ 62 █ using the file 'infile' and create 'outfile' with the hidden message: ▐▌ 63 █ ./snow -C -m "my secret message" -p "OpenSesame" infile outfile ▐▌ 64 █ Window users remove './' from the command line. ▐▌ 65 █ Reply might be similar to, if message is long on a small file: ▐▌ 66 █ Compressed by 40.83% ▐▌ 67 █ Message exceeded available space by approximately 21.37%. ▐▌ 68 █ An extra 1 lines were added. ▐▌ 69 █ ▐▌ 70 █ To decrypt the hidden message: ▐▌ 71 █ ./snow -C -p "OpenSesame" outfile ▐▌ 72 █ ▐▌ 73 █ So for example: ▐▌ 74 █ To decrypt my text file above or this page, put either file in the same ▐▌ 75 █ directory as snow (or state full path to the file) then: ▐▌ 76 █ ./snow -C -p "mewbies" snow_example_encrypted.txt ▐▌ 77 █ or ▐▌ 78 █ ./snow -C -p "mewbies" how_to_conceal_a_message_in_a_text_file.htm ▐▌ 79 █ ▐▌ 80 █ For more information SNOW's manual is here. ▐▌ 81 █ ▐▌ 82 █ LINUX SYSTEM WIDE USAGE: ▐▌ 83 █ ```````````````````````` ▐▌ 84 █ If you want to have SNOW available system wide: ▐▌ 85 █ su ▐▌ 86 █ cp snow /usr/local/bin/snow ▐▌ 87 █ exit ▐▌ 88 █ cd ~ ▐▌ 89 █ rm snow-20130616 -rf ▐▌ 90 █ wget http://mewbies.com/steganography/snow/snow_example.txt ▐▌ 91 █ snow -C -m "mewbies hidden easter egg is at http://mewbies.com/e.htm" -p ▐▌ 92 █ "mewbies" snow_example.txt snow_example_encrypted.txt ▐▌ 93 █ snow -C -p "mewbies" snow_example_encrypted.txt ▐▌ 94 █ ▐▌ 95 █ WINDOWS SYSTEM WIDE USAGE: ▐▌ 96 █ `````````````````````````` ▐▌ 97 █ If you would like to use SNOW without having to change to its directory ▐▌ 98 █ you only need to: ▐▌ 99 █ 1. Place snow.exe where you want to use it permanently. ▐▌ 100 █ 2. Then follow my tutorial 'How To Set Environment Variables'. ▐▌ 101 █ ▐▌ 102 █ //---------------------------------------------------------------------- ▐▌ 103 █ ▐▌ 104 █ If you find mistakes, have suggestions, and or questions please post at ▐▌ 105 █ mewbies forum HERE - thank you. ▐▌ 106 █ ▐▌ 107 █ Last update on 26 Dec '13 ▐▌
工具包:1. Windows版本-可执行文件
2. Linux版本-源码
3. java版本
浙公网安备 33010602011771号