Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online
11.07.2015 Views
Share Embed Flag

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
xakep.ru

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

äðóãîé ñåññèè.  ñàìîì íà÷àëå ñîåäèíåíèÿîòïðàâèòåëü è ïîëó÷àòåëü îáìåíèâàþòñÿ íà-÷àëüíûìè íîìåðàìè ïîñëåäîâàòåëüíîñòè.Çàòåì, ïðè ïåðåäà÷å äàííûõ, êàæäûé ïàêåò âçàãîëîâêå èìååò SN, ðàâíûé ïðåäûäóùåìó+1. Åñëè ïî êàêîé-òî ïðè÷èíå ïàêåò áûë óòåðÿí,ïî çíà÷åíèþ SN îïðåäåëÿþòñÿ ïîòåðÿííûåäàííûå, ïîñëå ÷åãî ïîëó÷àòåëü òðåáóåòïîâòîðèòü èõ îòïðàâêó.Ïîìèìî SN, â çàãîëîâêå ïðèñóòñòâóåò èíòåðåñíîåïîëå Window. Èìåííî îíî çàñòàâèëîÓîòñîíà ïðîòåñòèðîâàòü ïðîòîêîë íà óÿçâèìîñòü.Ýòà ÷àñòü çàãîëîâêà ÿâëÿåòñÿ ñâîåãîðîäà îãðàíè÷èòåëåì ïîñûëàåìîãî ñåãìåíòà.Áóäó÷è óñòàíîâëåííûì ïðè ñîåäèíåíèè,îêíî ðåãóëèðóåò ðàçìåð ïðèíèìàåìîãî ñåãìåíòà.Ïðåäïîëîæèì, ÷òî çíà÷åíèå ïîëÿWindow ðàâíî 3000. Òàêèì îáðàçîì, åñëè ïîñûëàþùàÿñòîðîíà îòïðàâèò ñåãìåíò, ñîñòîÿùèéèç 5000 ïàêåòîâ (ñ íóìåðàöèåé îò 1),2000 ïîñëåäíèõ ïàêåòîâ íå áóäóò ðàññìîòðåíû.Äóìàþ, ñìûñë òåáå ïîíÿòåí.Îñòàëüíóþ ÷àñòü çàãîëîâêà ñîñòàâëÿþòñïåöèàëüíûå ôëàãè: SYN, ACK, PSH, URG,RST è FIN. ß ïðåäïîëàãàþ, ÷òî òû çíàåøü èõíàçíà÷åíèå (åñëè íå çíàåøü - ñìîòðè âðåçêó).Ïî õîäó ñòàòüè ÿ íå ðàç áóäó ãîâîðèòüïðî ýòè ñëóæåáíûå ôëàæêè.È, íàêîíåö, ñàìûå âàæíûå ïîëÿ, ôîðìèðóþùèåñîêåò: Source Address, Source Port,Destination Address è Destination Port. Ïðàêòè÷åñêèâñå ýòè ïîëÿ èçâåñòíû, çà èñêëþ÷åíèåìSource Port. Ëîêàëüíûé ïîðò äëÿ ñðûâàñîåäèíåíèÿ ïðèäåòñÿ ïîäáèðàòü. Âïðî÷åì,îáî âñåì ïî ïîðÿäêó.RST-ÀÒÀÊÀÅñëè âåðèòü RFC, çàâåðøèòü TCP-ñîåäèíåíèåìîæíî, ïîñëàâ ïóñòîé ïàêåò ñ RST-ôëàãîì.ß óæ íå ãîâîðþ î òîì, ÷òî ïîëÿ SA, SP,DA è DP äîëæíû ïðèíèìàòü ðåàëüíûå çíà÷åíèÿ.Ïîìèìî ýòîãî, çëîáíîìó õàêåðó åùå íåîáõîäèìîóãàäàòü òåêóùèé Sequence Numberè òîëüêî ïîòîì ïîñëàòü õèòðî ñôîðìèðîâàííûéïàêåò â ñîêåò. Âñå ýòè ôóíäàìåíòàëüíûåîñíîâû ñâîäÿò âåðîÿòíîñòü ñðûâà ñîåäèíåíèÿê íóëþ. Ñóäè ñàì, SN ìîæåò èçìåíÿòüñÿâ äèàïàçîíå îò 1 äî 4 294 967 295. Ïîäîáíûéíîìåð óãàäàòü, êîíå÷íî, ìîæíî. Íîòîëüêî åñëè TCP-ñîåäèíåíèå ïðîñòàèâàåò. Âñëó÷àå àêòèâíîé ïåðåäà÷è äàííûõ ïîäîáíûéáðóòôîðñ ïðîñòî òåðÿåò ñìûñë.Íî, êàê ãîâîðèòñÿ, äîâåðÿé, íî ïðîâåðÿé.Âîò Óîòñîí è ïðîâåðèë :).  ðåçóëüòàòå òåñòèðîâàíèÿîí îáíàðóæèë, ÷òî íàñòîÿùèé îáìåííåìíîãî îòëè÷àåòñÿ îò ñòàíäàðòèçèðîâàííîãî.Âçëîìùèê âïîëíå ìîæåò ñîðâàòüòåêóùåå TCP-ñîåäèíåíèå, äàæå åñëè îíî ÿâëÿåòñÿàêòèâíûì. Äëÿ ýòîãî åìó ñîâåðøåííîíå îáÿçàòåëüíî çíàòü òî÷íûé SN, à äîñòàòî÷íî,÷òîáû íîìåð ïîääåëüíîãî ïàêåòà âõîäèëâ ðàíæèð óñòàíîâëåííîãî îêíà. Ïîìíèøü, ÿãîâîðèë ïðî ïîëå Window? Òàêèì îáðàçîì,åñëè þçåð ïîñûëàåò ïàêåò ñ óñòàíîâëåííûìRST-ôëàãîì, SN â êîòîðîì ðàâåí ÷èñëó34000, à ðàçìåð îêíà ïðè ýòîì ðàâåí 35000,Ëîêàëüíûé ïîðò äëÿ ñðûâà ñîåäèíåíèÿïðèäåòñÿ ïîäáèðàòü.ÌÀÃÈ×ÅÑÊÈÅ ÔËÀÃÈÊàê ÿ ãîâîðèë, â TCP-çàãîëîâêå îáÿçàòåëüíî óêàçûâàþòñÿôëàãè. Ñàìûìè âàæíûìè èç íèõ ÿâëÿþòñÿ SYN, ACK, FIN èRST. Âîò èõ êðàòêîå îïèñàíèå:Ôëàã SYN èñïîëüçóåòñÿ ïðè èíèöèàëèçàöèè ñîåäèíåíèÿ. Ïðèôîðìèðîâàíèè ñîåäèíåíèÿ îòïðàâèòåëü øëåò ïîëó÷àòåëþ ïàêåòñ íà÷àëüíûì SN è âçâåäåííûì ôëàãîì SYN. Ïîëó÷àòåëü,ïðèíÿâ ïàêåò, îòïðàâëÿåò îòâåòíûé çàïðîñ ñ âçâåäåííûìè ôëàãàìèSYN è ACK. Ïðè ýòîì çàïîëíÿåòñÿ ïîëå çàãîëîâêà ACK, êîòîðîåèìååò çíà÷åíèå "ïîëó÷åííûé SN+1". Ïîìèìî ýòîãî, ïîëó-÷àòåëü îïðåäåëÿåò SN ñî ñâîåé ñòîðîíû. Îòïðàâèòåëü äàííûõ,ïðèíÿâ ïîäòâåðæäåíèå, ïåðåõîäèò â ñîñòîÿíèå ESTABLISHED, àòàêæå çàñûëàåò åùå îäèí ïàêåò ñ ïîäòâåðæäåíèåì íîìåðà î÷åðåäèïîëó÷àòåëÿ (âûñòàâëÿåòñÿ ôëàã ACK è çíà÷åíèÿ ïîëÿ ACK,ðàâíîå "SN+1"). È òîëüêî ïîñëå ýòîãî íà÷èíàåòñÿ ïåðåäà÷à äàííûõ.Ïîäîáíàÿ ïðîöåäóðà íàçûâàåòñÿ "ðóêîïîæàòèåì" èëè"ïîäòâåðæäåíèåì òðåõ ïóòåé".Ïðîöåäóðà çàâåðøåíèÿ ñîåäèíåíèÿ ïðåäñòàâëÿåòñÿ ïîõîæèìîáðàçîì. Îòïðàâèòåëü çàñûëàåò ôëàã FIN, ÷òî îçíà÷àåò "äàííûõáîëüøå íåò". Ïîëó÷àòåëü âûäàåò ïîäòâåðæäåíèå ñ ôëàãîì ACKè FIN, ïîëó÷èâ êîòîðîå, îòïðàâèòåëü øëåò ïîñëåäíèé ACK íà FINè çàêðûâàåò ñîåäèíåíèå. Ïðèíÿâ ïîñëåäíåå ïîäòâåðæäåíèå,ïîëó÷àòåëü îêîí÷àòåëüíî çàâåðøàåò ïåðåäà÷ó.Ôëàã RST èñïîëüçóåòñÿ äëÿ ïåðåçàãðóçêè ñîåäèíåíèÿ â ñëó÷àåâîçíèêíîâåíèÿ îøèáîê (äóáëèêàòà SYN è ò.ï.). Ïðî îñòàëüíûåôëàæêè URG è PSH òû ìîæåøü ïðî÷èòàòü â RFC793.Ñõåìà àòàêè RSTÈÍÒÅÐÍÅÒ ÏÎÄ ÓÃÐÎÇÎÉïàêåò íîðìàëüíî "ïåðåâàðèòñÿ" ïîëó÷àòåëåì,è ïðîèçîéäåò çàâåòíûé äèñêîííåêò :).Òåïåðü äàâàé ðàññ÷èòàåì òî÷íîå ÷èñëîïîïûòîê, êîòîðûå äîëæåí ñäåëàòü õàêåðäëÿ ñðûâà ñîåäèíåíèÿ. Çíàÿ, ÷òî â çàãîëîâêåTCP ðàçìåð ïîëÿ Window ðàâåí 16Ê,à ìàêñèìàëüíûé SN ìîæåò áûòü ïðåäñòàâëåí÷èñëîì 4 294 967 295, ïðîñòî ïîäåëèìSN íà Window.  èòîãå ïîëó÷àåì, ÷òî õàêåðóäîñòàòî÷íî ñäåëàòü ÷óòü áîëüøå 260 òûñÿ÷ïîïûòîê. Ñ òåêóùåé ïðîïóñêíîé ñïîñîáíîñòüþòàêîé áðóòôîðñ âïîëíå ðåàëåí.Ïî RFC, ðàçìåð Window âîîáùå ìîæåòáûòü 64Ê. Ïðè ýòîì õàêåðó äîñòàòî÷íî îòïðàâèòüâñåãî 65 537 ïàêåòîâ. Íî íà ñàìîìäåëå íå âñå òàê ïðîñòî. Ïîìíèøü, ÿ ðàññêàçûâàëïðî ïîëå Source Port, à èìåííîïðî òî, ÷òî åãî íå âñåãäà ëåãêî óçíàòü? Ïàðàëëåëüíîñ ïåðåáîðîì SN, õàêåð äîëæåíïåðåáèðàòü è SP. Ïîñëåäíèé ïàðàìåòð êîëåáëåòñÿîò 1025 äî 49 152. Íåêîòîðûåîïåðàöèîíêè, íàïðèìåð OpenBSD, âûäàþòçíà÷åíèå SP ñëó÷àéíûì îáðàçîì. Íî îáû÷íîëîêàëüíûé ïîðò ôîðìèðóåòñÿ ïóòåìïðîñòîãî èíêðåìåíòà ïîðòà îò ïðîøëîãîñîåäèíåíèÿ. Òàêèì îáðàçîì, âçëîìùèêó÷àùå âñåãî äîñòàòî÷íî ïðîãíàòü çíà÷åíèÿSP â äèàïàçîíå 1025 - 5000.SYN-ÀÒÀÊÀ È DATA INJECTIONÍà ýòîì áàãè íå çàêàí÷èâàþòñÿ. Ïîìèìîâûñòàâëåíèÿ RST-ôëàãà, âçëîìùèê ìîæåòóñòàíîâèòü SYN-ôëàã (ôëàã ñèíõðîíèçàöèè).Óâèäåâ SYN, ïîëó÷àòåëü îòïðàâèò îòâåòíûéRST (åñëè, êîíå÷íî, ïàêåò âõîäèò â ãðàíèöûîêíà) è çàêðîåò ñîåäèíåíèå.  ïðèíöèïå, òàêàÿàòàêà ïîâòîðÿåò ïî âèäó ïðåäûäóùóþ,ìåíÿåòñÿ ëèøü íàçâàíèå ôëàãà, ïîýòîìó âñåîñòàëüíûå ïðîñ÷åòû è îãðàíè÷åíèÿ îñòàþòñÿòàêèìè æå, êàê â ïðîøëîì ñëó÷àå.Âî âñåõ âûøåèçëîæåííûõ èçúÿíàõ õàêåðïîñûëàåò àáñîëþòíî ïóñòîé ïàêåò. Òîáèøü ïîëå DATA èìååò íóëåâîé ðàçìåð.Ïðè ýòîì âçëîìùèê âûèãðûâàåò â ñêîðîñòè,íî âûïîëíÿåò âñåãî îäíó çàäà÷ó - ðàçðûâñîåäèíåíèÿ. Óîòñîí íå èñêëþ÷àåò ñëó-÷àè âíåäðåíèÿ â TCP-ñîåäèíåíèå, êîãäàõàêåð ìîæåò íàìåðåííî ïîâðåäèòü ïåðåñûëàåìûåäàííûå. Äëÿ ýòîãî íóæíî íå óñòàíàâëèâàòüôëàãè, à ñôîðìèðîâàòü ïðàâèëüíûéïàêåò ñ ïîäõîäÿùèì SN. Åñëè ïîëó÷àòåëüðàñöåíèò ïîäîáíûå äàííûå êàêñâîè, òî ïåðåäàâàåìàÿ èíôîðìàöèÿ çàìåòíîèñêàçèòñÿ. Ïðàâäà, ýòîò ïðèåì ýôôåêòèâåí,åñëè ïðîèñõîäèò ïåðåäà÷à áîëüøîãîôàéëà ñ íåáîëüøîé ñêîðîñòüþ.  îñòàëüíûõñëó÷àÿõ âçëîìùèê, âåðîÿòíî, íåóñïååò ïîäîáðàòü íåîáõîäèìûé SN.×òîáû âðóáèòüñÿâ òåîðèþ ñðûâà ñîåäèíåíèÿ,íåîáõîäèìîçíàòü óñòðîéñòâîTCP. Äëÿ ýòîãîñîâåòóþ òåáåïî÷èòàòü ðóññêèéïåðåâîä ñïåöèôèêàöèèRFC793(www.free.net/Info/usmanov-01/rfc793.htm).Äëÿ âèíäîâûõòåñòåðîâ ýêñïëîéòàíåîáõîäèìî óñòàíîâèòüRawIP ÷åðåçèíñòàëëÿòîð ppm,ïðåäâàðèòåëüíîïîñòàâèâ winpcap(http://winpcap.polito.it/install/bin/WinPcap_3_1_beta.exe).Íà íàøåì äèñêåòû íàéäåøüRFC793 â ðóññêîìïåðåâîäå, à òàêæåáèáëèîòåêó libpcapñ ìîäóëåìNet::RawIP.Winpcap óæå áûëàâûëîæåíà â èþíüñêîìäèñêå X.59

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!