linux渗透测试_渗透测试:选择正确的(Linux)工具栈来修复损坏的IT安全性
linux滲透測試
Got IT infrastructure? Do you know how secure it is? The answer will probably hurt, but this is the kind of bad news you’re better off getting sooner rather than later.
有IT基礎(chǔ)架構(gòu)嗎? 你知道它有多安全嗎? 答案可能會(huì)很痛苦,但這是一種壞消息,您最好早點(diǎn)而不是遲點(diǎn)。
The only reasonably sure way to find out what’s going on with your servers is to apply a solid round of penetration testing. Your ultimate goal is to uncover any dangerous vulnerabilities so you can lock them down.
找出服務(wù)器運(yùn)行狀況的唯一合理確定的方法是進(jìn)行可靠的滲透測試。 您的最終目標(biāo)是發(fā)現(xiàn)所有危險(xiǎn)漏洞,以便將其鎖定。
By “dangerous vulnerability” I mean obvious things like unprotected open ports and unpatched software. But I also mean the existence of freely available intelligence about your organization that’s probably just floating around the internet, waiting to be collected and turned against you.
“危險(xiǎn)漏洞”是指顯而易見的事情,例如未受保護(hù)的開放端口和未修補(bǔ)的軟件。 但我的意思是,存在關(guān)于您的組織的免費(fèi)情報(bào),這些情報(bào)可能只是在Internet上徘徊,正等待收集和反對。
Pen testing is made up of three very different parts, each with its own unique tools and protocols.
筆測試由三個(gè)截然不同的部分組成,每個(gè)部分都有自己獨(dú)特的工具和協(xié)議。
Passive information gathering, where testers scour the public internet looking for subtle hints or carelessly revealed private data that can be used against the organization.
被動(dòng)信息收集 ,測試人員在其中搜尋公共互聯(lián)網(wǎng),以尋找可用于組織的微妙提示或不小心泄露的私人數(shù)據(jù)。
Active information gathering, where the organization’s networks and servers are scanned for potential vulnerabilities.
主動(dòng)信息收集 ,在其中掃描組織的網(wǎng)絡(luò)和服務(wù)器以查找潛在的漏洞。
Identifying exploits that could possibly be run against the organization’s infrastructure.
識(shí)別可能在組織的基礎(chǔ)架構(gòu)上運(yùn)行的漏洞 。
Let’s look at those one at a time.
讓我們一次看看那些。
被動(dòng)信息收集(OSINT) (Passive Information Gathering (OSINT))
Say your company has around 50 employees and a handful of outside contractors, each of whom is most likely active on both professional and personal social networks. And say you’ve got the usual range of corporate and product websites and social media accounts (like LinkedIn).
假設(shè)您的公司有大約50名員工和少數(shù)外部承包商,每個(gè)承包商最有可能活躍在專業(yè)和個(gè)人社交網(wǎng)絡(luò)上。 并說您擁有通常的公司和產(chǎn)品網(wǎng)站以及社交媒體帳戶(例如LinkedIn)。
Now pause for a moment and try to imagine that you’re a hacker who’s searching for exploitable information about your company which he can use to launch an attack. Assuming he’ll stick exclusively to the public internet and not break any laws, how much do you think he’ll find?
現(xiàn)在暫停片刻,嘗試想象您是一名黑客,他正在搜索有關(guān)您公司的可利用信息,他可以利用這些信息來發(fā)起攻擊。 假設(shè)他將完全堅(jiān)持使用公共互聯(lián)網(wǎng)并且不違反任何法律,那么您認(rèn)為他會(huì)發(fā)現(xiàn)多少呢?
Not too much? After all, no one is stupid enough to post passwords and account information to the internet, right?
不會(huì)太多嗎 畢竟,沒有人足夠愚蠢地將密碼和帳戶信息發(fā)布到互聯(lián)網(wǎng)上,對嗎?
Perhaps. But you won’t believe how easy it can be to use what is there to figure out all the passwords and administration information that hackers will need to get what they’re after. Don’t believe me? Do some passive information gathering yourself.
也許。 但是您不會(huì)相信使用其中的內(nèi)容來找出黑客獲得其所需要的所有密碼和管理信息是多么容易。 不相信我嗎 做一些被動(dòng)的信息來收集自己。
Among the fantastic/frightening information gathering tools available to help you (which also include Maltego and Shodan) there’s a great Linux-based open source package named Recon-ng?—?about which I created a video course on Pluralsight.
在可幫助您(包括Maltego和Shodan)的奇妙/令人恐懼的信息收集工具中,有一個(gè)名為Recon-ng的基于Linux的出色開源軟件包–我在Pluralsight上創(chuàng)建了一個(gè)視頻課程 。
You start by providing Recon-ng with some information about your company and choosing the particular scans that interest you. All the hard work will then be done by tools they call modules. Each of the 90+ available modules is a script that reads data from the Recon-ng database and launches a scanning operation against some remote data resource.
首先,向Recon-ng提供有關(guān)您公司的一些信息,然后選擇您感興趣的特定掃描。 然后,所有艱苦的工作將由它們稱為模塊的工具完成。 90多個(gè)可用模塊中的每個(gè)模塊都是一個(gè)腳本,該腳本從Recon-ng數(shù)據(jù)庫讀取數(shù)據(jù)并針對某些遠(yuǎn)程數(shù)據(jù)資源啟動(dòng)掃描操作。
Based on your choices, Recon-ng will intelligently comb through vast volumes of DNS, social media, and search engine results, plus information-rich position postings for new developers and hints to internal email addresses relating to your target. When it’s done, the software will prepare a report that’s guaranteed to scare the daylights out of you.
根據(jù)您的選擇,Recon-ng將智能地梳理大量的DNS,社交媒體和搜索引擎結(jié)果,并為新開發(fā)人員提供信息豐富的職位發(fā)布,并提示與目標(biāo)有關(guān)的內(nèi)部電子郵件地址。 完成后,該軟件將準(zhǔn)備一份報(bào)告,保證可以嚇到您。
With this information, all a hacker would have to do is sift through the data and set the launch date for your attack. With this information, all you will have to do is tighten up your defences and speak with your team about being a lot more careful when communicating online.
有了這些信息,黑客要做的就是篩選數(shù)據(jù)并設(shè)置攻擊的開始日期。 有了這些信息, 您所要做的就是加強(qiáng)防御,并與您的團(tuán)隊(duì)討論在線交流時(shí)要多加注意。
That OSINT acronym I used above? It stands for Open Source Intelligence. Stuff anyone can get.
我上面使用的OSINT縮寫? 它代表開源情報(bào)。 任何人都能得到的東西。
主動(dòng)信息收集(漏洞評估) (Active information gathering (vulnerability assessment))
Besides all the things you thoughtlessly leave lying around across the internet, there’s probably a lot more that a hacker can learn about your infrastructure from the infrastructure itself. If your servers are on a network, it’s because, to some degree, you want them exposed to network users. But that might also expose things you’d rather keep quiet, including the fact that you might be running software that’s buggy and open for exploits.
除了您無意間在互聯(lián)網(wǎng)上留下的所有東西之外,黑客還可以從基礎(chǔ)設(shè)施本身中學(xué)到更多有關(guān)您的基礎(chǔ)設(shè)施的信息。 如果您的服務(wù)器在網(wǎng)絡(luò)上,那是因?yàn)樵谀撤N程度上您希望它們對網(wǎng)絡(luò)用戶公開。 但這也可能暴露出您寧愿保持安靜的事物,包括您可能正在運(yùn)行有漏洞的軟件并且可以利用漏洞的事實(shí)。
The good news is that government and industry players?—?like the US government’s NIST and their National Vulnerability Database?—?have been actively tracking software vulnerabilities for decades now and they make their information freely available. The bad news is that their databases contain hundreds of thousands of those vulnerabilities and it makes for really dull reading.
好消息是,政府和行業(yè)參與者(例如美國政府的NIST及其國家漏洞數(shù)據(jù)庫 )已經(jīng)積極跟蹤軟件漏洞已有數(shù)十年了,他們可以免費(fèi)獲取信息。 壞消息是他們的數(shù)據(jù)庫包含成千上萬個(gè)此類漏洞,這使閱讀變得很乏味。
You’d like to be able to quickly and regularly scan your network and the devices attached to it to make sure there’s nothing that needs patching, but it’s just not humanly possible to do it manually. So forget humans. You’re going to need software.
您希望能夠快速且定期地掃描您的網(wǎng)絡(luò)及其連接的設(shè)備,以確保沒有需要修補(bǔ)的內(nèi)容,但是人工操作幾乎是不可能的。 所以忘記人類。 您將需要軟件。
Vulnerability scanners are software tools that automatically scan your network and servers for unpatched software, open ports, misconfigured services, and potential exploit vectors (like SQL injection or cross-site scripting). Generally, the software will handle the vulnerability data and search for any matches with what you’ve got running. It’s your job to define the target, set the scan types you want run, read the reports that come out the other end, and?—?most important of all?—?fix whatever’s broken.
漏洞掃描程序是軟件工具,可以自動(dòng)掃描網(wǎng)絡(luò)和服務(wù)器上是否有未修補(bǔ)的軟件,打開的端口,配置錯(cuò)誤的服務(wù)以及潛在的利用媒介(例如SQL注入或跨站點(diǎn)腳本)。 通常,該軟件將處理漏洞數(shù)據(jù)并搜索與您所運(yùn)行的內(nèi)容是否匹配。 定義目標(biāo),設(shè)置要運(yùn)行的掃描類型,閱讀另一端的報(bào)告是您的工作,并且-最重要的是-修復(fù)所有問題。
Commercial scanning packages with free tiers include Nessus, Nexpose, and Burp Suite. OpenVAS is a mature, fully open source tool that can handle just about anything you throw at it. And, most conveniently, it just so happens that my Pluralsight collection also includes a video guide to using OpenVAS.
具有免費(fèi)套餐的商業(yè)掃描軟件包包括Nessus,Nexpose和Burp Suite。 OpenVAS是成熟的,完全開源的工具,可以處理您扔給它的幾乎所有東西。 而且,最方便的是,我的Pluralsight系列還包括一個(gè)使用OpenVAS的視頻指南 。
An outstanding platform for running all kinds of scans and testing is the Kali Linux distribution. Kali, which itself is highly secure by default, comes with dozens of networking and security software packages pre-configured. OpenVAS, while easily installed to Kali, was left out of the default profile due to its size.
Kali Linux發(fā)行版是運(yùn)行各種掃描和測試的出色平臺(tái)。 Kali本身在默認(rèn)情況下是高度安全的,它隨附了許多預(yù)先配置的網(wǎng)絡(luò)和安全軟件包。 雖然OpenVAS易于安裝到Kali,但由于其大小而沒有包含在默認(rèn)配置文件中。
It’s common to run Kali within a virtual environment like VirtualBox rather than having it take up a whole physical machine. That way you can safely isolate your testing from your regular compute activities…not to mention save yourself significant time and money.
通常在像VirtualBox這樣的虛擬環(huán)境中運(yùn)行Kali,而不是占用整個(gè)物理計(jì)算機(jī)。 這樣一來,您就可以安全地將測試與常規(guī)計(jì)算活動(dòng)隔離開了……更不用說節(jié)省大量時(shí)間和金錢了。
利用(滲透)測試 (Exploit (penetration) testing)
Here (after obtaining explicit authorization from the organization’s management) is where your pen testers try to actually penetrate your defences to see how far in they can get. Testers will make use of tools like the Metasploit Framework (often also run from Kali Linux), which executes live exploits against target infrastructure. My bad luck: I don’t have a course on Metasploit, but other Pluralsight authors sure do.
在這里(從組織的管理層獲得明確授權(quán)后 ),筆測試人員會(huì)嘗試在這里實(shí)際滲透您的防御措施,以了解他們能得到多大的幫助。 測試人員將使用Metasploit框架(通常也從Kali Linux運(yùn)行)之類的工具,該工具針對目標(biāo)基礎(chǔ)結(jié)構(gòu)執(zhí)行實(shí)時(shí)漏洞利用。 不幸的是:我沒有關(guān)于Metasploit的課程,但是其他Pluralsight的作者肯定會(huì)。
The immediate goal is to leverage any of the network or operating system exploits discovered during the earlier stages of the scanning process. But the ultimate idea, of course, is to shut down the security flaws your pen tester uncovers. All the testing in the world won’t do you an ounce of good if you don’t use it to improve.
近期目標(biāo)是利用在掃描過程的早期階段發(fā)現(xiàn)的任何網(wǎng)絡(luò)或操作系統(tǒng)漏洞。 但是,最終的想法當(dāng)然是關(guān)閉筆測試儀發(fā)現(xiàn)的安全漏洞。 如果您不使用它進(jìn)行改進(jìn),那么世界上所有的測試都不會(huì)給您帶來一點(diǎn)好處。
Besides the purely technical hacking tools you’ll use, the exploitation phase of pen testing can also incorporate some good old social engineering. That’s where (when authorized) you can use emails, phone calls, and personal contact to try to fool employees into giving up sensitive information.
除了您將使用的純技術(shù)黑客工具之外,筆測試的開發(fā)階段還可以結(jié)合一些良好的舊社會(huì)工程學(xué)。 在那兒(獲得授權(quán)時(shí)),您可以使用電子郵件,電話和個(gè)人聯(lián)系人來欺騙員工,以放棄敏感信息。
It’s a lot of work and requires a great deal of training and preparation to do it well. But if you’re responsible for your company’s IT resources, you can’t leave pen testing for later.
要做很多工作,需要大量的培訓(xùn)和準(zhǔn)備工作才能做好。 但是,如果您對公司的IT資源負(fù)責(zé),則不能再進(jìn)行筆測試。
So what’s your next step? If you’re a do-it-yourself type then by all means, carefully work through some online resources or courseware and dive right in. Otherwise, find a professional you can trust and see what they recommend.
那么,下一步是什么? 如果您是一個(gè)自己動(dòng)手的類型,則一定要仔細(xì)研究一些在線資源或課件,然后直接研究。否則,請找一個(gè)您可以信任的專業(yè)人員,看看他們的建議。
Good luck!
祝好運(yùn)!
Don’t think I’m just some kind of one-dimensional geek. Besides my Pluralsight courses, I also write books courses on Linux and AWS and even a hybrid course called Linux in Motion that’s made up of more than two hours of videos and some 40% of the content of my Linux in Action book. Ok. So I suppose I am some kind of one-dimensional geek.
不要以為我只是某種一維怪胎。 除了我的 Pluralsight課程以外 ,我還編寫 有關(guān)Linux和AWS的書籍課程 ,甚至還包括一個(gè)名為 Linux in Motion 的混合課程,該課程 由兩個(gè)多小時(shí)的視頻和我的 Linux in Action 書籍 內(nèi)容的大約40%組成 。 好。 所以我想我是一種一維怪胎。
翻譯自: https://www.freecodecamp.org/news/penetration-testing-choosing-the-right-linux-tool-stack-to-fix-your-broken-it-security/
linux滲透測試
總結(jié)
以上是生活随笔為你收集整理的linux渗透测试_渗透测试:选择正确的(Linux)工具栈来修复损坏的IT安全性的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 梦到假牙脱落是什么预兆
- 下一篇: ubuntu恢复系统_Ubuntu恢复菜