Xem bản tiếng việt đầy đủ tại đây : http://thethao60s.com/index/11920/03062007.aspx

Ky thuat Hack co ban - Phan I
**** Foot Printing ****

Than chao tat ca cac ban , nham dap ung nhu cau hoc hoi trong hacking va security, fantomas311 da bien soan mot bo bai viet "Basic hacking" va cac bai viet lien quan den hacking he thong de gioi thieu den cac ban . Xin khuyen cao voi nhung ai muon hoc hack mot cach fast food la cac ban khong nen doc bai viet nay ! Vi toi khong post nhung bai day hack cho cac ban , ma toi chi post bai theo phuong cham "hack nhu the nao" . Hay doc , suy nghi va lam bang doi tay va khoi oc cua minh !!

Truoc khi cac hacker thuc su bat tay vao viec, ho phai tien hanh 3 buoc co ban la in dau an (foot printing) , Quet (scanning) va diem danh(enumeration). Bai viet nay de cap den ky thuat in dau an va nhung van de lien quan.


**In dau an la gi ??**

In dau an la viec dung cac cong cu va ky thuat de lay thong tin co ban dau tien ve mot to chuc hoac mot chuyen khu web muon tan cong ( trong bai viet nay tam goi la victim). Viec in dau an co he thong mot to chuc se cho phep hacker thay ro tinh hinh an ninh ( do bao mat) cua to chuc do.

**Tai sao can in dau an ??**

Foot Printing giup co the dinh danh tat ca cac mau tin va nam nhung thong tin co ban (doi khi kha quan trong) ve victim

** Ky thuat in dau an **

Co rat nhieu ky thuat in dau an khac nhau, bai viet nay se mo ta cac buoc giup ban hoan thanh mot dot phan tich dau an ky luong.

*Buoc 1:

dinh pham vi hoat dong: Buoc nay noi cho don gian la ban phai xac dinh ro cai ma ban muon hack la gi ( mot cong ty , mot server hay chi la mot web ca nhan ... )

- Doi voi nguoi moi bat dau, ban nen doc ky va ghi lai nhung thong tin ma trang web cung cap cho ban ( nhung thong tin ve no , nhu so DT , mail cua webmaster , dia chi ....). Co nhieu khi nhung thong tin nay lai la "chiec chia khoa vang" cho ban :) Nhung muc dang quan tam bao gom :
+ Cac vi tri
+ Cac cong ty hoac thuc the lien quan
+ Cac ket noi hoac tin tuc co duoc
+ Cac ngon ngu bao mat neu ro cac co che bao mat da thiet dat ( cau hinh fire wall chang han )
+ Cac so dien thoai , ten lien lac va Email .....

Ngoai ra, ban cung co the xem lai ma nguon HTML de tim nhung so ho trong lap trinh , ben canh do , nhung chu thich nam trong cac the HTML nhu < ! va ~ cung la mot " tai nguyen" dang khai thac !! ( thi du nhu :D )
Sau khi nghien cuu trang web , ban tim them nhung thong tin cung cap cac manh moi bo sung ve tinh trang cua to chuc va tinh hinh an ninh cua no ( tren bao chi , cac ban tin tren NET chang han) . Nhung dong co tim kiem la chia khoa cho ban . Sau day la mot vai dong co tim kiem :

http://google.com :) http://sec.gov
http://cyberarmy.com Http://deja.com
http://networksolution.com http://dogpile.com
http://astalavista.com http://ipswich.com
http://arin.net/whois/ http://ferretsoft.com

Okie, hay tien hanh buoc dau tien trong ky thuat Hack !! B)

*Buoc 2 : diem danh mang

Trong buoc nay , viec dau tien la dinh danh cac domain va mang co lien quan den victim . Muon lam dieu nay , hay truy xuat du lieu cua network solution ( www.networksolution.com ) va American Registry for Internet Number ( www.arin.net )
Mot so kieu truy van :

+Organizational : Tat ca cac thong tin co lien quan den mot to chuc cu the
+Domain:---------------------------------- domain -------
+Network:-----------------------------------mang hoac IP
+Point of contact:-------------------------1 ca nhan cu the ( admin )

*Buoc 3 : Truy van DNS

Sau khi dinh danh cac domain cua to chuc dich (victim), ban co the bat dau truy van DNS . Neu DNS duoc cau hinh bap benh, ta co the moi duoc thong tin tiet lo ve to chuc . Mot trong nhung cach cau hinh sai nghiem trong nhat ma mot dieu hanh vien co the mac phai la cho phep nguoi dung internet khong tin cay thuc hien chuyen giao mien DNS ( zone transfer). Su co nay co the cho thay ten he chu, cac IP an .... noi chung la cac thong tin muon che dau ! Viec cung cap dia chi IP ben trong cho 1 nguoi dung khong tin cay tren internet cung giong nhu cung cap ban do ngoi nha minh cho ke trom vay !!
Den day, co le ban co mot cau hoi " Zone transfer - how ??" . Xin thua la day la mot van de khac, co le toi se de cap trong mot bai viet khac cua minh de tranh loang bai viet :). Ket thuc buoc 3 tai day !

*Buoc 4: trinh sat mang

Sau khi da co ban do trong tay, thi day la giai doan "xam nhap thuc te" de xac dinh lo trinh truy cap tiem nang mang ( tam hieu nhu la viec do tham de xac dinh cac con duong truoc khi tien hanh danh cuop a ma ! )
De thuc hien cong viec nay , xin gioi hieu cac ban chuong trinh trace route ( ftp://ftp.ec.lbl/traceroute.tar.z ) co trong hau het phien ban cua Unix & WinNT . Trong WinNT , no co ten la tracert.
Trace route la mot cong cu chan doan do Van Jacobson viet de cho phep xem tuyen duong ma mot goi tin IP se theo tu server nay sang server khac
Neu ban khong ranh cac lenh trong Unix , co the dung VIsual Route ( http://www.visualroute.com ) de thuc hien tien trinh trinh sat(tracerouting) nay . Giao dien cua visual route trong rat bat mat & de su dung. Nhung khong co tac dung tot voi cac mang co quy mo lon .
Ngoai ra , ban con co the thuc hien mot ky thuat phuc tap hon goi la "tien trinh quet giao thuc firewall" (se de cap o Basic hacking II - Scanning cua fantomas311 )

Vay la cong doan dau tien cua viec hack vao mot he thong da xong . Bay gio, sau khi da thuc hien hoan tat cac buoc tren, ban ( toi chi noi nhung nguoi da lam dung cac buoc tren) co the tu hoi : "vay co tac dung gi ??" Lam gi tiep theo??" "nhung thong tin thu duoc co tac dung gi?" " Co nhat thiet phai thuc hien buoc nay khong ?? "
:) Nhieu cau hoi qua ! Nhung xin de cac ban tu tra loi vay ! Toi chi tra loi 1 cau thoi ! Buoc tiep theo cua qua trinh hack - theo ly thuyet - la Scanning . Qua trinh Scanning se duoc de cap trong bai viet tiep theo cua fantomas311 : " Basic Hacking part II - Scanning" :)
Hy vong bai viet nay lam ban hai long


So Luoc Trace Route


Trong bai viet tren toi da de cap den traceroute. Vay Traceroute la gi ?? Moi cac ban xem bai viet sau:

Traceroute la gi?

Traceroute la mot chuong trinh cho phep ban xac dinh duoc duong di cua cac goi packets tu may ban den he thong dich tren mang Internet.

Mot vi du ve Traceroute!

Traceroute co the lam duoc gi? Ban hay xem vi du sau se ro!

C:\windows>tracert 203.94.12.54

Tracing route to 203.94.12.54 over a maximum of 30 hops

1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms
2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms
3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms
4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms
5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms
6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms
7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms
8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms
9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms
10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms
11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms
12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms
13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms

Toi can biet duong di tu may toi den mot host tren mang Internet co dia chi ip la 203.94.12.54. Toi can phai tracert den no! Nhu ban thay o tren, cac goi packets tu may toi muon den duoc 203.94.12.54 phai di qua 13 hops(mat xich) tren mang. Day la duong di cua cac goi packets:

Netzero(ISP da goi du lieu di) -> Spectranet (mot nha cong cap mang xuong song - Backbone Provider) -> New York ISP -> New York Backbone -> Asia -> South Asia -> India Backbone -> New Delhi Backbone -> mot router khac trong New Delhi Backbone -> New Delhi ISP

Nhu vay, host co dia chi ip 203.94.12.54 nam o New Delhi, India, South Asia! Ban cung co the telnet den 203.94.12.54 tren cong 13(datetime) de xac dinh gio GMT qua do ban co the biet duoc vi tri cua host nay(yeu cau la host 203.94.12.54 phai chay daemon datetime va duoc dinh cau hinh dung ve thoi gian)!

Traceroute hoat dong nhu the nao?

Truoc het, ban can biet ve ICMP, TTL va cach lam viec cua cac routers(bo dinh tuyen)!

Nhung kien thuc co ban

ICMP - Internet Control Message Protocol. ICMP duoc dung de thong bao cac loi xay ra trong qua trinh truyen di cua cac goi du lieu tren mang. ICMP thuoc tang van huyen - Transpoort Layer! Tang ung dung HTTP FTP Telnet Finger SSH DNS
POP3/IMAP SMTP Gopher BGP
Time/NTP Whois TACACS+ SSL DNS SNMP RIP
RADIUS Archie
Traceroute tftp Ping
Tang van chuyen
TCP

UDP

ICMP

OSPF

Tang Internet
IP

ARP

Tang vat li Ethernet/802.3 Token Ring (802.5) SNAP/802.2 X.25 FDDI ISDN
Frame Relay SMDS ATM Wireless (WAP, CDPD, 802.11)
Fibre Channel DDS/DS0/T-carrier/E-carrier SONET/SDH DWDM
PPP HDLC SLIP/CSLIP xDSL Cable Modem (DOCSIS)

Tat ca cac ICMP messages deu duoc chuyen di cung voi cac IP datagrams. Moi ICMP message duoc goi trong IP datagram se co dang nhu sau:

+---------------------+-------------------------+
| IP Header(20 bytes) | ICMP message (32 bytes) |
+---------------------+-------------------------+

Sau day la cau truc cua mot IMCP message: (tham khao RFC792 de biet them!)

0 7 8 15 16 31
+-----------------+-----------------+-----------------+
| Type (0 or 8) | Code (0) | 16-bit Checksum |
+-----------------+-----------------+-----------------+
| Indentifier | sequence number |
+-----------------+-----------------+-----------------+
| |
| Optional Data (noi dung tuy thuoc vao Type va Code) |
| |
+-----------------------------------------------------+

truong type co 15 gia tri khac nhau, tuy thuoc vao tung loai ICMP error message cu the. Vi du type=3 de chi dinh cho thong bao loi "Khong den duoc dich" - "Destination unreachable" error message!
truong code = sub-error dung de xac dinh chinh xac loi da xay ra. Vi du, type=3 va code=0 nghia la "Network Unreachable"(khong den duoc mang); neu type=3, code=1 nghia la "Host Unreachable"(khong den duoc host)...
TTL - Time to Live. TTL la mot truong 8 bit trong IP header(ban hay xem lai cau truc cua IP header!). TTL la thoi gian goi du lieu ton tai tren mang truoc khi no bi bo qua. Nguoi goi du lieu di se xac dinh mot gia tri TTL truoc, thuong la tu 32 -> 64. Gia tri nay se duoc giam di mot khi mot khi duoc chuyen qua mot bo dinh tuyen tren mang. Khi gia tri nay bang 0, datagram nay se bi bo qua va giao thuc ICMP se bao loi ve cho nguoi goi. Dieu nay se tranh cho datagram nay di vao mot vong lap vo tan qua cac bo dinh tuyen.

Moi bo dinh tuyen khi nhan duoc IP datagram se giam gia tri TTL cua datagram nay di mot. Hau het cac bo dinh tuyen deu khong giu lai datagram nay trong thoi gian qua 1 giay truoc khi chuyen datagram nay di. Nen gia tri TTL co the coi bang hop(counter) = so bo dinh tuyen ma datagram nay vua vuot qua.

Khi bo dinh tuyen nhan duoc mot datagram co truong TTL bang 0 hoac 1, no se khong chuyen datagram nay di tiep. Thay vao do, no se bo qua datagram nay va goi mot ICMP message "Time Exceeded"(qua thoi gian) tro lai cho nguoi da goi datagram nay! Vi ICMP message ma bo dinh tuyen goi tro lai cho nguoi goi co dia chi nguon - source address la dia chi ip cua bo dinh tuyen nay nen nguoi goi co the biet duoc dia chi ip cua router nay!

Cach lam viec cua traceroute!

Traceroute goi mot IP datagram co TTL=1 den he thong dich. Router dau tien nhan duoc datagram nay se giam gia tri TTL di mot -> TTL=0 va router nay se bo qua datagram nay(khong goi no di tiep!) va goi mot ICMP error message voi dia chi ip nguon la dia chi cua no den may ban. Nhu vay router co the xac dinh dia chi ip cua router thu nhat! Sau do, traceroute se goi mot datagram moi di voi gia tri TTL=2(1+1=2) den he thong dich. Router dau tien se giam gia tri cua TTL di mot -> TTL=1(2-1=1) va chuyen datagram nay sang router thu 2. Router thu 2 nhan duoc datagram co TTL=1 se giam TTL=0. Rounter 2 nhan thay TTL=0 nen no se khong chuyen datagram nay di tiep. Router 2 se goi tro lai may ban mot ICMP error message voi dia chi ip nguon la dia chi ip cua no(router 2). Nhu vay trinh traceroute tren may ban se biet duoc router thu 2 ma datagram da di qua. Traceroute se tiep tuc goi mot datagram khac co TTL=3(2+1=3) di va lap lai qua trinh tren cho den khi datagram den duoc he thong dich!

Neu bay gio IP datagram da den duoc dich, TTL=1. Host dich se bo qua datagram nay va no cung se khong goi "Time Exceeded" ICMP error message. Nhu vay thi ban se khong the nao biet duoc la minh da den dich chua?! Traceroute dung mot co che khac nhu sau:

Traceroute goi UDP datagrams den host dich tren cac cong UDP co so hieu lon(>30000). So di no chon cac cong co gia tri lon vi thuong khong co ung dung nao dang lang nghe o cac cong nay. Khi host dich nhan duoc UDP datagram nay, no se goi tra lai mot ICMP error message "Port Unreachable"(khong den duoc cong) cho traceroute. Bay gio thi traceroute co the phan biet duoc su khac nhau giua ICMP error message "Time Exceeded" voi "Port Unreachable" de biet duoc da den duoc dich hay chua?!

Ghi chu: ICMP error message "Time Exceeded" co type=1 va code=0; ICMP eror message "Port Unreachable" co type=3 va code=3

Tong ket: traceroute goi UDP datagrams den host dich voi gia tri TTL=1 va duoc tang sau moi lan de xac dinh cac routers ma datagrams da di qua. Moi router se goi tro ve mot ICMP message "Time Exceeded". Rieng he thong dich se goi tro lai cho traceroute mot ICMP message "Port Unreachable". Traceroute dua vao su khac biet nay de xac dinh xem da den duoc dich chua?!

Vi du cuoi cung!

host2 # traceroute xyz.com

traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets
1 isp.net (202.xy.34.12) 20ms 10ms 10ms
2 xyz.com (202.xx.12.34) 130ms 130ms 130ms

Dong dau tien cho biet hostname va dia chi IP cua he thong dich. Dong nay con cho chung ta biet them gia tri TTL<=30 va kich thuoc cua datagram la 40 bytes(20-bytes IP Header + 8-bytes UDP Header + 12-bytes user data).

Dong thu 2 cho biet router dau tien nhan duoc datagram la 202.xy.34.12, gia tri cua TTL khi goi den router nay la 1. Router nay se goi tro lai cho chuong trinh traceroute mot ICMP message error "Time Exceeded". Traceroute se goi tiep mot datagram den he thong dich.

Dong thu 3, xyz.com(202.xx.12.34) nhan duoc datagram co TTL=1(router thu nhat da giam mot truoc do - TTL=2-1=1). Tuy nhien, xyz.com khong phai la mot router, no se goi tro lai cho traceroute mot ICMP error message "Port Unreachable". Khi nhan duoc ICMP message nay, traceroute se biet duoc da den duoc he thong dich xyz.com va ket thuc nhiem vu tai day.

Trong truong hop router khong tra loi sau 5 giay, traceroute se in ra mot dau sao "*"(khong biet) va tiep tuc goi datagram khac den host dich!