ÔõÑù¾ÙÐÐLinuxϵͳµÄÍøÂçÇ徲ɨÃèºÍÉø͸²âÊÔ
ÔÚ½ñÌìµÄÍøÂçÇéÐÎÖУ¬LinuxϵͳÍøÂçÇ徲ɨÃèºÍÉø͸²âÊÔÔ½À´Ô½Ö÷Òª¡£ÎªÁË°ü¹ÜϵͳÇå¾²ÐÔºÍÎȹÌÐÔ£¬¶Ôϵͳ¾ÙÐÐÍøÂçÇ徲ɨÃèÊDZز»¿ÉÉٵģ¬Í¬Ê±£¬Éø͸²âÊÔµÄÄ¿µÄÊÇ·¢Ã÷ºÍ¾ÀÕýϵͳÇå¾²ÐÔÎÊÌâ¡£
±¾ÎĽ«ÏÈÈÝÔõÑù¾ÙÐÐLinuxϵͳµÄÍøÂçÇ徲ɨÃèºÍÉø͸²âÊÔ¡£ÎÒÃǽ«Ê¹ÓÃһЩ³£ÓõŤ¾ßºÍÊÖÒÕ£¬ÆäÖаüÀ¨NmapºÍMetasploitµÈ¿ªÔ´¹¤¾ß¡£
1¡¢NmapɨÃè
NmapÊÇÒ»¿î³£ÓõÄÍøÂçɨÃ蹤¾ß£¬¿ÉÒÔ¶ÔÄ¿µÄÖ÷»ú¾ÙÐж˿ÚɨÃ衢ЧÀÍʶ±ðµÈ²Ù×÷¡£ÏÂÃæÊÇÒ»¸ö¼òÆÓµÄÏÂÁîÐÐʾÀý£º
nmap -sS -A -T4 target_ip
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬-sS´ú±íʹÓÃTCP SYNɨÃè·½·¨£¬-A´ú±íÆôÓòÙ×÷ϵͳÕì²âºÍЧÀͰ汾ɨÃ裬-T4´ú±íʹÓøßËÙɨÃèģʽ¡£
2¡¢MetasploitÉø͸²âÊÔ
MetasploitÊÇÒ»¸ö¿ª·ÅÔ´´úÂëµÄÉø͸²âÊÔ¿ò¼Ü£¬¿ÉÒÔÓÃÓÚ²âÊÔÍøÂçºÍÓ¦ÓóÌÐòµÄÎó²î¡£ÏÂÃæÊÇÒ»¸ö¼òÆÓµÄÏÂÁîÐÐʾÀý£º
msfconsole use exploit/multi/handler set payload payload_name set lhost local_ip set lport local_port exploit
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬msfconsole´ú±íÆô¶¯Metasploit¿ØÖÆ̨£¬use exploit/multi/handler´ú±íʹÓöàÖع¥»÷Ôغɴ¦Àí³ÌÐò£¬set payload payload_name´ú±íÉèÖù¥»÷ÔغɵÄÃû³Æ£¬set lhost local_ipºÍset lport local_port»®·Ö´ú±íÉèÖù¥»÷ÕßÖ÷»úµÄIPµØµãºÍ¶Ë¿ÚºÅ£¬exploit´ú±íÖ´Ðй¥»÷¡£
3¡¢Îó²îɨÃè
³ýÁËʹÓÃNmapºÍMetasploitÒÔÍ⣬»¹¿ÉÒÔʹÓÃÆäËûÎó²îɨÃ蹤¾ß¾ÙÐÐÍøÂçÇå¾²²âÊÔ¡£ÏÂÃæÊÇһЩ³£ÓõÄÎó²îɨÃ蹤¾ß£º
£¨1£©OpenVAS£ºOpenVASÊÇÒ»¸ö¿ªÔ´µÄÎó²îɨÃèÆ÷£¬¿ÉÒÔɨÃèÖݪֲÙ×÷ϵͳºÍÓ¦ÓóÌÐòµÄÎó²î¡£
£¨2£©Nexpose£ºNexposeÊÇÒ»¿îÉÌÒµÎó²îɨÃ蹤¾ß£¬¿ÉÓÃÓÚɨÃèÖݪֲÙ×÷ϵͳ¡¢Ó¦ÓóÌÐòºÍÍøÂç×°±¸µÄÎó²î¡£
£¨3£©NESSUS£ºNESSUSÊÇÒ»¿îÆÕ±éʹÓõÄÎó²îɨÃèÆ÷£¬¿ÉÓÃÓÚɨÃèÖݪֲÙ×÷ϵͳ¡¢Ó¦ÓóÌÐòºÍÍøÂç×°±¸µÄÎó²î¡£
4¡¢·À»ðǽÉèÖÃ
LinuxϵͳÖÐÄÚÖÃÁËIPtables·À»ðǽ£¬¿ÉÒÔ¶ÔÈëÕ¾ºÍ³öÕ¾µÄÍøÂçÁ÷Á¿¾ÙÐйýÂ˺ÍÇå¾²¿ØÖÆ¡£ÏÂÃæÊÇһЩ³£ÓõÄIPtables·À»ðǽ¹æÔò£º
£¨1£©Ö»ÔÊÐíÀ´×ÔÖ¸¶¨IPµØµãµÄÁ÷Á¿£º
iptables -A INPUT -s allowed_ip -j ACCEPT iptables -A INPUT -j DROP
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬allowed_ip´ú±íÔÊÐíµÄIPµØµã¡£
£¨2£©Ö»ÔÊÐíÖ¸¶¨¶Ë¿ÚµÄÁ÷Á¿£º
iptables -A INPUT -p tcp ¨Cdport allowed_port -j ACCEPT iptables -A INPUT -j DROP
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬allowed_port´ú±íÔÊÐíµÄ¶Ë¿Ú¡£
£¨3£©Ö»ÔÊÐíÖ¸¶¨ÐÒéµÄÁ÷Á¿£º
iptables -A INPUT -p allowed_protocol -j ACCEPT iptables -A INPUT -j DROP
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬allowed_protocol´ú±íÔÊÐíµÄÐÒé¡£
×ܽá
±¾ÎÄÏÈÈÝÁËÔõÑù¾ÙÐÐLinuxϵͳµÄÍøÂçÇ徲ɨÃèºÍÉø͸²âÊÔ¡£ÎÒÃÇʹÓÃÁËһЩ³£ÓõŤ¾ßºÍÊÖÒÕ£¬°üÀ¨NmapºÍMetasploitµÈ¿ªÔ´¹¤¾ß¡£Í¬Ê±£¬ÎÒÃÇ»¹ÌÖÂÛÁËһЩIPtables·À»ðǽ¹æÔò£¬ÓÃÓÚ°ü¹ÜϵͳµÄÇå¾²ÐÔºÍÎȹÌÐÔ¡£
ÒÔÉϾÍÊÇÔõÑù¾ÙÐÐLinuxϵͳµÄÍøÂçÇ徲ɨÃèºÍÉø͸²âÊÔµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡