作者:Jack zhai
提起渗透性测试(模拟黑客进行“合法”的网络入侵测试),人们自然会想到黑 客,好象做这种测试的只有真正的黑客才可以做到,但黑客通常是“虚拟网络”中的人物,与现实生活中的人很难对应,对于他们的行为感到神秘也是自然的。测试 与攻击有什么不同呢?我刚从事安全研究时也很困惑,攻击是不按常理出牌的思维,遵循套路的只能是表演,不会实用,那么安全公司的专家们是如何进行渗透性测 试呢?
一般来说,这种测试的过程都是半隐蔽的,不同的安全公司、不同的人 做这种测试的结果差异巨大。我们最终看到的多是一些结果报告,多数的报告是“模板”式的,开头是一大堆发现的漏洞,结果里总说这有问题,那有问题,但究竟 问题对用户数据安全、业务服务的具体影响?这个漏洞是否可以成为入侵的窗口?入侵者能否躲避开监控系统的眼睛,能否躲开安全管理者为他们设计的种种“陷 阱”?能说明白的就非常少了。有漏洞不希奇,漏洞也分不同的级别,“虱子多了不咬”,用户看了,一般都被搞得“找不到北”。反正“安全专家”说:网络漏洞 还很多,具体什么问题就不说了,怎么办呢?赶快买安全设备吧,花钱的时候别心痛,反正是国家的钱…花钱事小,安全责任重 大啊…
阅读全文
From:milw0rm
Introduction:
on Oracle Database and my plan was to get administrative shell on server where its database was installed. Server was running Windows 2003 server operation system and Oracle database was running with privileges of Administrator (not LOACL_SYSTEM) account. It is a quite common situation, though. Default way is to escalate privileges on database using one of the latest SQL Injection vulnerabilities and then using DBA privileges to gain access to OS using one of the popular methods such as ExtProc, Java, extjob etc. [1] So it seems to be quite simple and I thought about another ways. What if database is patched with latest CPU updates and additionally it has some kind of Intrusion Detection System which can find 0-day vulnerabilities or something like this and it is impossible to escalate privileges using SQL Injections. Of course there are some methods
阅读全文
最近发现http://carnal0wnage.blogspot.com/这个站点上有好多好东西,大家可以去看看。不过这篇文章只是简单介绍了一下,更详细的内容还是建议去metasploit上查阅。
What is WMAP
“WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It’s a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation.”
Getting it all up & running
Readme is here:
http://www.metasploit.com/dev/trac/browser/framework3/trunk/documentation/wmap.txt
Step 1: Download, patch, and install ratproxy
阅读全文
最近看了德国联邦信息安全办公室(Federal Office for Information Security)写的一篇关于在渗透测试方面的文章–渗透测试模型(A Penetration Testing Model),它用非常浅显的语言,比较详细的介绍了一个组织或者个人在进行渗透测试的时候应该怎么做,以及通用的方法。我感觉很不错,所以推荐给大家。
关于文章的主要内容我这里简单的列了一下,是英文的,我把每项的标题翻一下得了,其他我就不翻译了,感觉大部分人应该都能看懂。至于主要的内容大家就看书吧,一百多页,两三天搞定应该没啥问题。
Objectives of Penetration Testing(渗透测试的目的)
Client goals that can be atteained by penetration testing can be divided into four categories;
1. Improveing security of technical systems
2. Identifying vulnerabilities
阅读全文
