Tải bản đầy đủ

OReilly network security tools aug 2005 ISBN 0596007949

NetworkSecurityTools
ByJustinClarke,NiteshDhanjani
...............................................
Publisher:O'Reilly
PubDate:April2005
ISBN:0-596-00794-9
Pages:352

TableofContents|Index|Examples|Errata

Thisconcise,high-endguideshowsexperiencedadministratorshowtocustomizeand
extendpopularopensourcesecuritytoolssuchasNikto,Ettercap,andNessus.Italso
addressesportscanners,packetinjectors,networksniffers,andwebassessmenttools.
NetworkSecurityToolsistheoneresourceyouwantatyoursidewhenlockingdownyour
network.


NetworkSecurityTools
ByJustinClarke,NiteshDhanjani
...............................................
Publisher:O'Reilly

PubDate:April2005
ISBN:0-596-00794-9
Pages:352

TableofContents|Index|Examples|Errata



















































Copyright
Preface
Audience
AssumptionsThisBookMakes
ContentsofThisBook
ConventionsUsedinThisBook
UsingCodeExamples
We'dLiketoHearfromYou
SafariEnabled
Acknowledgments
PartI:ModifyingandHackingSecurityTools
Chapter1.WritingPlug-insforNessus
Section1.1.TheNessusArchitecture
Section1.2.InstallingNessus
Section1.3.UsingNessus
Section1.4.TheNASLInterpreter
Section1.5.HelloWorld
Section1.6.DatatypesandVariables
Section1.7.Operators
Section1.8.if...else
Section1.9.Loops
Section1.10.Functions
Section1.11.PredefinedGlobalVariables
Section1.12.ImportantNASLFunctions
Section1.13.NessusPlug-ins
















































































Chapter2.DevelopingDissectorsandPlug-insfortheEttercapNetworkSniffer
Section2.1.InstallingandUsingEttercap
Section2.2.WritinganEttercapDissector
Section2.3.WritinganEttercapPlug-in
Chapter3.ExtendingHydraandNmap
Section3.1.ExtendingHydra
Section3.2.AddingServiceSignaturestoNmap
Chapter4.WritingPlug-insfortheNiktoVulnerabilityScanner
Section4.1.InstallingNikto
Section4.2.UsingNikto
Section4.3.NiktoUndertheHood
Section4.4.ExistingNiktoPlug-ins
Section4.5.AddingCustomEntriestothePlug-inDatabases
Section4.6.UsingLibWhisker
Section4.7.WritinganNTLMPlug-inforBrute-ForceTesting
Section4.8.WritingaStandalonePlug-intoAttackLotusDomino
Chapter5.WritingModulesfortheMetasploitFramework
Section5.1.IntroductiontoMSF
Section5.2.OverviewofStackBufferOverflows
Section5.3.WritingExploitsforMSF
Section5.4.WritingaModulefortheMnoGoSearchOverflow
Section5.5.WritinganOperatingSystemFingerprintingModuleforMSF
Chapter6.ExtendingCodeAnalysistotheWebroot
Section6.1.AttackingWebApplicationsattheSource
Section6.2.Toolkit101
Section6.3.PMD
Section6.4.ExtendingPMD
PartII:ModifyingandHackingSecurityTools
Chapter7.FunwithLinuxKernelModules
Section7.1.HelloWorld
Section7.2.InterceptingSystemCalls
Section7.3.HidingProcesses
Section7.4.Hidingfromnetstat
Chapter8.DevelopingWebAssessmentToolsandScripts
Section8.1.WebApplicationEnvironment
Section8.2.DesigningtheScanner
Section8.3.BuildingtheLogParser
Section8.4.BuildingtheScanner
Section8.5.UsingtheScanner








































Section8.6.CompleteSourceCode
Chapter9.AutomatedExploitTools
Section9.1.SQLInjectionExploits
Section9.2.TheExploitScanner
Section9.3.UsingtheScanner
Chapter10.WritingNetworkSniffers
Section10.1.Introductiontolibpcap
Section10.2.GettingStartedwithlibpcap
Section10.3.libpcapand802.11WirelessNetworks
Section10.4.libpcapandPerl
Section10.5.libpcapLibraryReference
Chapter11.WritingPacket-InjectionTools
Section11.1.Introductiontolibnet
Section11.2.GettingStartedwithlibnet
Section11.3.AdvancedlibnetFunctions
Section11.4.Combininglibnetandlibpcap
Section11.5.IntroducingAirJack
Colophon
Index


Copyright©2005O'ReillyMedia,Inc.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles(http://safari.oreilly.com).Formoreinformation,
contactourcorporate/institutionalsalesdepartment:(800)
998-9938orcorporate@oreilly.com.
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
NetworkSecurityTools,theimageofthetrapezeartist,and
relatedtradedressaretrademarksofO'ReillyMedia,Inc.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorsassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.


Preface
Thesedays,softwarevulnerabilitiesareannouncedtothepublic
beforevendorshaveachancetoprovideapatchtocustomers.
Therefore,ithasbecomeimportant,ifnotabsolutelynecessary,
foranorganizationtoroutinelyassessitsnetworktomeasure
itssecurityposture.
Buthowdoesonegoaboutperformingathoroughnetwork
assessment?Networksecuritybookstodaytypicallyteachyou
onlyhowtousetheout-of-the-boxfunctionalityprovidedby
existingnetworksecuritytools,whichisoftenlimited.Malicious
attackers,however,aresophisticatedenoughtounderstand
thattherealpowerofthemostpopularnetworksecuritytools
doesnotlieintheirout-of-the-boxfunctionality,butinthe
frameworkthatallowsyoutoextendandtweaktheir
functionality.Thesesophisticatedattackersalsoknowhowto
quicklywritetheirowntoolstobreakintoremotenetworks.The
aimofthisbookistoteachyouhowtotweakexistingand
powerfulopensourceassessmenttoolsandhowtowriteyour
owntoolstoprotectyournetworksanddatafromthemost
experiencedattackers.


Audience
Thisbookisforanyoneinterestedinextendingexistingopen
sourcenetworkassessmenttoolsandinwritingtheirown
assessmenttools.Hundredsofothernetworkassessmentbooks
areavailabletoday,buttheysimplyteachreadershowtouse
existingtools,whileneglectingtoteachthemhowtomodify
existingsecuritytoolstosuittheirneeds.Ifyouareanetwork
securityassessmentprofessionalorhobbyist,andifyouhave
alwayswantedtolearnhowtotweakandwriteyourown
securitytools,thisbookisforyou.


AssumptionsThisBookMakes
Thisbookassumesyouarefamiliarwithprogramming
languagessuchasCandPerl.Italsoassumesyouarefamiliar
withtheuseoftheassessmenttoolscoveredinthisbook:
Ettercap,Hydra,Metasploit,Nessus,Nikto,andNmap.


ContentsofThisBook
Thisbookisdividedintotwoparts.PartIcoversseveral
commonlyusedopensourcesecuritytoolsandshowsyouhow
toleverageexistingwell-knownandreliablenetworksecurity
toolstosolveyournetworksecurityproblems.Here'sa
summaryofwhatwecover:

Chapter1,WritingPlug-insforNessus
Nessusisthemostpopularvulnerabilityscanneravailable
today.Itisalsoopensourceandfree.Thischapter
demonstratesnotonlyhowtouseNessus,butalsohowto
writeplug-instoenableittoscanfornewvulnerabilities.

Chapter2,DevelopingDissectorsandPlug-insfortheEttercap
NetworkSniffer
Ettercapisapopularnetworksnifferthatalsoisfreeand
opensource.Itsplug-infunctionalityisoneofthemost
robustavailable.Infact,quiteafewplug-insforthissniffer
areavailablethatperformavarietyofusefultasks,suchas
detectingothersniffersonthenetworkandcollectingdata
suchaspasswordsthatarebeingpassedaroundthe
network.Thischapterexplainshowtowriteplug-insforthis
mostpowerfulscannertolookforspecificdataonthe
network,aswellasotherusefultricks.

Chapter3,ExtendingHydraandNmap
Manysecuritytoolsdonotuseaplug-inarchitecture,and


thereforecannotbetriviallyextended.Thischapter
discusseshowtoextendthecommonlyusednonplug-in
tool,Hydra,atoolforperformingbruteforcetestingagainst
passwords,tosupportanadditionalprotocol.Italso
discusseshowtocreatebinarysignaturesforNmapthat
useasignaturedatabaseforexpansion.

Chapter4,WritingPlug-insfortheNiktoVulnerabilityScanner
Niktoisafree,opensource,andpopularwebvulnerability
scannerthatusesthewell-knownlibwhiskerlibraryto
operate.ThischapterteachesyouhowtoextendNiktoto
findnewvulnerabilitiesthatmightexistwithexternalweb
applicationsandservers,orevenwithinacompany's
custom-builtwebapplication.

Chapter5,WritingModulesfortheMetasploitFramework
TheMetasploitFrameworkisafreelyavailableframework
forwritingandtestingnetworksecurityexploits.This
chapterexploreshowtodevelopexploitsfortheframework,
aswellashowtousetheframeworkformoregeneral
securitypurposes.

Chapter6,ExtendingCodeAnalysistotheWebroot
SourcecodeanalysistoolsexistforlanguagessuchasJava.
However,suchtoolsforwebapplicationsarelacking.This
chapterdemonstrateshowtoimplementwebapplicationspecificrulesforthereviewofJ2EEapplicationsusingthe
PMDtool.
PartIIdescribesapproachestowritingcustomLinuxkernel


modules,webapplicationvulnerabilityidentificationand
exploitationtools,packetsniffers,andpacketinjectors.Allof
thesecanbeusefulfeaturesinnetworksecuritytools,andin
eachcaseanapproachortoolsetisintroducedtoguidereaders
inintegratingthesecapabilitiesintotheirowncustomsecurity
tools.

Chapter7,FunwithLinuxKernelModules
Linuxsecuritystartsatthekernellevel.Thischapter
discusseshowtowriteLinuxkernelmodulesandexplainsto
readerswhattheycanachieveatthekernellevel,aswellas
howkernel-levelrootkitsachievesomeofthethingsthey
do.

Chapter8,DevelopingWebAssessmentToolsandScripts
Effectivetoolsforhackingwebapplicationsmustbeableto
adequatelyadapttothecustomapplicationstheycanbe
runagainst.Thischapterdiscusseshowtodevelopscripts
inPerlthatcanbeusedtodynamicallydetectandidentify
vulnerabilitieswithincustomwebapplications.

Chapter9,AutomatedExploitTools
Toolsforexploitingwebapplicationissuesmustleverage
accesstoapplicationdatabasesandoperatingsystems.This
chapterdemonstratestechniquesforcreatingtoolsthat
showwhatcanbedonewithwebapplicationvulnerabilities.

Chapter10,WritingNetworkSniffers


Observingnetworktrafficisanimportantcapabilityofmany
securitytools.Themostcommontoolsetusedfornetwork
sniffingislibpcap.Thischapterdiscusseshowlibpcap
works,anddemonstrateshowyoucanuseitinyourown
toolswhereinterceptingnetworktrafficisneeded.Wealso
discussnetworksniffinginbothwiredandwireless
situations.

Chapter11,WritingPacket-InjectionTools
Packetinjectorsarerequiredinscenarioswheretheability
togeneratecustomormalformednetworktrafficisneeded
totestnetworkservices.Severaltoolsexisttoperformsuch
testing.Inthischapterwediscussanddemonstrateuseof
thelibnetlibraryandairjackdriverforpacketcreation.We
alsodiscusspacketinjectioninbothwiredandwireless
situations.


ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook.

Plaintext
Indicatesmenutitles,menuoptions,menubuttons,and
keyboardaccelerators(suchasAltandCtrl).

Italic
Indicatesnewterms,URLs,emailaddresses,filenames,file
extensions,pathnames,directories,andUnixutilities.

Constantwidth
Indicatescommands,options,switches,variables,
attributes,keys,functions,types,classes,namespaces,
methods,modules,properties,parameters,values,objects,
events,eventhandlers,XMLtags,HTMLtags,macros,the
contentsoffiles,ortheoutputfromcommands.

Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.

Constantwidthitalic


Showstextthatshouldbereplacedwithuser-supplied
values.

Thisiconsignifiesatip,suggestion,orgeneralnote.

Thisiconindicatesawarningorcaution.


UsingCodeExamples
Thisbookisheretohelpyougetyourjobdone.Ingeneral,you
canusethecodeinthisbookinyourprogramsand
documentation.Youdonotneedtocontactusforpermission
unlessyou'rereproducingasignificantportionofthecode.For
example,writingaprogramthatusesseveralchunksofcode
fromthisbookdoesnotrequirepermission.Sellingor
distributingaCD-ROMofexamplesfromO'Reillybooksdoes
requirepermission.Similarly,answeringaquestionbyciting
thisbookandquotingexamplecodedoesnotrequire
permission.However,incorporatingasignificantamountof
examplecodefromthisbookintoyourproduct'sdocumentation
doesrequirepermission.
Weappreciate,butdonotrequire,attribution.Anattribution
usuallyincludesthetitle,author,publisher,andISBN.For
example:"NetworkSecurityToolsbyNiteshDhanjaniand
JustinClarke.Copyright2005O'ReillyMedia,Inc.,0-59600794-9."Ifyoufeelyouruseofcodeexamplesfallsoutside
fairuseorthepermissiongivenhere,feelfreetocontactusat
permissions@oreilly.com.


We'dLiketoHearfromYou
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbookwherewelisterrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
http://www.oreilly.com/catalog/networkst
Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
bookquestions@oreilly.com
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seeourwebsiteat:
http://www.oreilly.com


SafariEnabled

WhenyouseeaSafari®Enabledicononthecoverof
yourfavoritetechnologybook,thatmeansthebookisavailable
onlinethroughtheO'ReillyNetworkSafariBookshelf.
Safarioffersasolutionthat'sbetterthane-books.It'savirtual
librarythatlet'syoueasilysearchthousandsoftoptechbooks,
cutandpastecodesamples,downloadchapters,andfindquick
answerswhenyouneethemostaccurate,currentinformation.
Tryitforfreeathttp://safari.oreilly.com.


Acknowledgments
ThankstoourcontributingauthorsErikCabetas,JoeHemler,
andBrianHolyfieldwithoutwhomthisbookwouldbealot
smallerandalotlessinteresting.Also,bigthanksgotoour
O'ReillyteamTatianaDiaz,AllisonRandal,NathanTorkington,
andJamiePeppardforensuringthatthisbookatleastmakes
somesensetoourreaders.
Wewanttogivecredittoallwhohelpedinthetechnicalreview
ofthematerialforthisbook.Ourmaintechnicalreviewerswere
AkshayAggarwal,chromatic,LureneA.Grenier,andSKChong.
Also,bigthanksgotothosewhoreviewedmaterialabouttheir
tools:VanHauser(Hydra),AlbertoOrnaghi(Ettercap),andTom
Copeland(PMD).
AdditionalthanksgoouttoHDMooreandSpoonmfor
Metasploit,andtochrissulloformiddle-of-the-nightIMsto
discussNikto.
JustinwouldalsoliketothankhiswifeMaraforherpatience
duringthewritingofthisbook.
Nitesh,Justin,Erik,Joe,andBrianwouldliketothankJosé
Granadoforhismentorshipandnever-endingenthusiasm.


I:ModifyingandHackingSecurityTools
Chapter1:WritingPlug-insforNessus
Chapter2:DevelopingDissectorsandPlug-insforthe
EttercapNetworkSniffer
Chapter3:ExtendingHydraandNmap
Chapter4:WritingPlug-insfortheNiktoVulnerability
Scanner
Chapter5:WritingModulesfortheMetasploitFramework
Chapter6:ExtendingCodeAnalysistotheWebroot


Chapter1.WritingPlug-insforNessus
Softwarevulnerabilitiesarebeingdiscoveredandannounced
morequicklythaneverbefore.Everytimeasecurityadvisory
goespublic,organizationsthatusetheaffectedsoftwaremust
rushtoinstallvendor-issuedpatchesbeforetheirnetworksare
compromised.TheeaseoffindingexploitsontheInternettoday
hasenabledacasualuserwithfewskillstolaunchattacksand
compromisethenetworksofmajorcorporations.Itistherefore
vitalforanyonewithhostsconnectedtotheInternettoperform
routineauditstodetectunpatchedremotevulnerabilities.
NetworksecurityassessmenttoolssuchasNessuscan
automaticallydetectsuchvulnerabilities.
Nessusisafreeandopensourcevulnerabilityscanner
distributedundertheGNUGeneralPublicLicense(GPL).The
NessusAttackScriptingLanguage(NASL)hasbeenspecifically
designedtomakeiteasyforpeopletowritetheirown
vulnerabilitychecks.Anorganizationmightwanttoquicklyscan
foravulnerabilitythatisknowntoexistinacustomorthirdpartyapplication,andthatorganizationcanuseNASLtodo
exactlythat.Providedyouhavehadsomeexposureto
programming,thischapterwillteachyouNASLfromscratch
andshowyouhowtowriteyourownplug-insforNessus.


1.1.TheNessusArchitecture
Nessusisbaseduponaclient-servermodel.TheNessusserver,
nessusd,isresponsibleforperformingtheactualvulnerability
tests.TheNessusserverlistensforincomingconnectionsfrom
Nessusclientsthatendusersusetoconfigureandlaunch
specificscans.Nessusclientsmustauthenticatetotheserver
beforetheyareallowedtolaunchscans.Thisarchitecture
makesiteasytoadministertheNessusinstallations.
YoucanandshoulduseNASLtowriteNessusplug-ins.Another
alternativeistousetheCprogramminglanguage,butthisis
stronglydiscouraged.Cplug-insarenotasportableasNASL
plug-ins,andyoumustrecompilethemfordifferent
architectures.NASLwasdesignedtomakelifeeasierforthose
whowanttowriteNessusplug-ins,soyoushoulduseittodo
sowheneverpossible.


1.2.InstallingNessus
YoucaninstalltheNessusserveronUnix-andLinux-compatible
systems.TheeasiestwaytoinstallNessusistorunthe
followingcommand:
[notroot]$lynx-sourcehttp://install.nessus.org|sh

Thiscommanddownloadsthefileservedby
http://install.nessus.org/andrunsitusingtheshinterpreter.If
youwanttoseethecontentsofthefilethatisexecuted,simply
pointyourwebbrowsertohttp://install.nessus.org/.
Ifyoudon'twanttorunashellscriptfromawebsite,issuethe
buildcommandsyourself.Nessussourcecodeisavailableat
http://nessus.org/download/.First,installnessus-libraries:
[notroot]$tarzxvfnessus-libraries-x.y.z.tar.gz
[notroot]$cdnessus-libraries
[notroot]$./configure
[notroot]make
[root]#makeinstall

Next,installlibnasl:
[notroot]$tarzxvflibnasl-x.y.z.tar.gz
[notroot]$cdlibnasl
[notroot]$./configure
[notroot]$make
[root]#makeinstall
[root]#ldconfig


Then,installnessus-core:
[notroot]$tarzxvfnessus-core.x.y.z.tar.gz
[notroot]$cdnessus-core[notroot]$./configure
[notroot]$make
[root]#makeinstall

Ifyouareinstallingnessus-coreonaserverthatdoesnothavetheGTK
librariesandyoudon'tneedtheNessusGUIclient,run./configurewith
the--disable-gtkoption.


1.3.UsingNessus
First,starttheNessusserver:
[root]#nessusd&

Beforeyoucanconnecttotheserver,youneedtoaddaNessus
user.Dothisbyexecutingthenessus-adduserexecutable.Note
thatNessusisresponsibleforauthenticatingandauthoringits
users,soaNessususerhasnoconnectionwithaUnixorLinux
useraccount.Next,runthenessusexecutablefromthehoston
whichyouinstalledNessusoronaremotehostthatwillconnect
totheNessusserver.
Makesureyouselectthe"Nessusdhost"tab,asshownin
Figure1-1.InputtheIPaddressorhostnameofthehostwhere
theNessusserverisrunning,alongwiththelogininformation
asapplicabletotheNessususeryoucreated.Clickthe"Login"
buttontoconnecttotheNessusserver.

Figure1-1.LoggingintotheNessusserverusing
theGUIclient


Next,selectthePluginstabtolookatthedifferentoptions
available.Forexample,select"CGIabuses"fromthe"Plugin
selection"list,andyoushouldseealistofplug-insavailableto
you,asshowninFigure1-2.

Figure1-2.SelectingNessusplug-ins


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×