Técnicas avanzadas de penetracion a sistemas con IDS / Rafael Gómez del Ángel

7/27/2019 Tcnicas avanzadas de penetracion a sistemas con IDS / Rafael Gmez del ngel

1/51

Zflgfns nvnlznjns ji

pilitrnfgl n sgstikns


2/51

DNFBGLA IZGFM

Hms dnfbirs tgfms sml prmeisgmlnhis ji hn siaurgjnj qui

nphgfnl sus fmlmfgkgiltms ji dnfbgla fml eglis

jieilsgvms (y hianhis). Jgrikms dnfbir sgikpri, pirm dny

qui egcnrsi il ih fmltixtm.


3/51

^YI IV YL DNFBIP

Ixpirtm il nhal fnkpm ji hn glemrktgfn

Fmlmfgkgiltms prmeuljms ji jgvirsns

_hntnemrkns (Qgljmws, Ylgx, Hglux, nljrmgj).

Fmlmfgkgiltms ji rijis

Fmlmfgkgiltms ji dnrjwnri y smetwnri.


4/51

_nsms privgms nh

NZN^YI>. Pifmlmfgkgiltm _nsgvm

Nftgvm

0. Pnstrim (isfnl

ir)

6. Nffism Lgvihis jih Vgstikn

Pijis

JMV

:. Knltilir ihnffism

9. @mrrnjm ji

duihhns


5/51

EMMZ_PGLZGLA

M`tilfgl ji hms pireghis ji siaurgjnj ji uln mranlgznfgl

dnfgiljm usm ji uln kitmjmhman (emmtprgltgla).

Ih risuhtnjm jihemmtprgltgla is ul piregh lgfm ji hn

mranlgznfgl il funltm n sus rijis (Gltirlit / Gltrnlit /

Ixtrnlit /Qgrihiss) y sgstikns.


6/51

EMMZ_PGLZGLA

>.- M`tilir glemrknfgl glgfgnh

wdmgs

lshmmbup

0.- Hmfnhgznr ih rnlam ji rij

Zrnfirmuti


7/51

ZG_MV JI NZN^YIV

>.- Dnfbgla QGEG

0.-JMV

6.-JJMV:.-K.G.Z

9.- Ilvililnkgiltm JLV

5.-Pivirsi Vdihh1.-_mrt sfnlgla

4.-Glyiffgmlis V^H

7.-P.E.G

>?.-TVV

>>.-Glyiffgml ji

fmknljms nr`gtrnrgms

>0.-Dgcnfbgla

>6.-Fmmbgi pmgsmlgla


8/51


9/51

Isfnlim ji _uirtms

Ih isfnlim ji puirtms is ih ntnqui prgknrgm y kns fmkl

utghgznjm il uln nujgtmrgn yn sin hianh m ghianh.

Lms pirkgti 3

Ixphmrnr

Gjiltgegfnr

Fmkpriljir


10/51

Zflgfns

ZF_ fmllift ()

Pivirsi Gjilt

ZF_ VWL

Smk`gi sfnl

ZF_ EGL

NFB Vfnl

Luhh Vfnl

Tkns Vfnl

VWL/NFB Vfnl

Ernakiltnfgl ZF_

ZF_ ifdm

YJ_ ifdm

ZF_ NFB

ZF_ VWL

GFK_ ifdm

YJ_ sfnl

EZ_

`mulfi

sfnl

N`girtmKijgm

n`girtm Vghilfgmsm@nrrgjms Mtrms

Zgpm ji

isfnlim


11/51

ZF_ fmllift()

Hn kns fmkl ji funhqugir smetwnri ji isfnlim ji puirtmsfmlsgsti il usnr hn hhnknjn fmllift() ji ZF_

Gltiltn istn`hifir fmlixgl

Vg fmliftn ih puirtm istn n`girtm

sg lm , ih puirtm istn firrnjm

Vg lm fmltistn istn sghilfgmsm

Kuy rpgjm i glvnsgvm y hhnkntgvm il ixfism.

* Kghis ji fmlixgmlis

*Hmas


12/51

Fmkpmrtnkgiltm

ZF_ fmllift()Dnfbir-------RVWL[------


13/51

ZF_ VWL

Zflgfn fmlmfgjn fmkm Dnhe-mpil sfnl, isfnlim kijgm n`girtm pmrixfihilfgn

si ilvn ul pnquiti VWL eglagiljm istn`hifir uln fmlixgml y si

ispirn hn rispuistn jih Dmst, sg hhian ul pnquiti VWL/NFB

sgalgegfn qui istn n`girtm y lm jivmhvikms hn fmltistnfgl NFB,jivmhvikms PVZ , istm pnrn ivgtnr qui si fmkphiti ih glgfgm

ji fmlixgl y ns `urhnr ih riagstrm jih sgstikn fmkm gltiltm ji

fmlixgl

*Jgsfritm

*Ixfihiltis risuhtnjms

F g


14/51

FmkpmrtnkgiltmZF_ VWL

Dnfbir ---RVWL[---< RM[ _. ZF_ n`girtm il hn Ugftgkn

Dnfbir 8---RVWL/NFB[--- RM[ _. ZF_ n`girtm il hn Ugftgkn

Dnfbir ---RPVZ[---< RM[ _. ZF_ n`girtm il hn Ugftgkn

Dnfbir ---RVWL[---< RT[ _uirtm ZF_ firrnjm il hn Ugftgkn

Dnfbir 8---RPVZ[--- RT[ _uirtm ZF_ firrnjm il hn Ugftgkn

Dnfbir ---RVWL[---< R~[ _uirtm ZF_ sghilfgmsm il hn Ugftgkn


15/51

NFB sfnl

Jistglnjm n gjiltgegfnr nquihhms puirtms qui istl il istnjmsghilfgmsm ji emrkn prifgsn funljm ul puirtm istn il isti istnjm m

lm.

Ilvn pnquitis NFB fml lkirms ji sifuilfgn y fmlegrknfgl

nhintmrgms.

sg ih puirtm istn n`girtm, rispmljir fml ul pnquiti PVZ, puis lm

gjiltgegfnrn hn fmlixgl fmkm suyn

sg ih puirtm istn firrnjm rispmljir PVZ pirm sg lm rispmlji is qui

istn eghtrnjm.

* Npmym ji ul isfnlim nltirgmr

*Unrgn`hi jih pgla sg rispmlji PVZ

istn vgvm sg lm is gl nhfnlzn`hi.

*Gjiltgegfnr egriwnhh `hmquinljm VWL.


16/51

Fmkpmrtnkgiltm

NFB sfnlDnfbir ---RNFB[---< RM[ _uirtm ZF_ n`girtm il hn Ugftgkn

Dnfbir 8---RPVZ[--- RM[ _uirtm ZF_ n`girtm il hn Ugftgkn

Dnfbir ---RNFB[---< RT[ _uirtm ZF_ firrnjm il hn Ugftgkn


Dnfbir ---RNFB[---< R~[ _uirtm ZF_ sghilfgmsm il hn Ugftgkn


17/51

Luhh sfnl

Vgkghnr nh EGL, eulfgmln jih kgskm kmjm, ilvgnljm

pnquitis knhemrknjms, pirm il isti fnsm fml

hms ehnas jisnftgvnjms, sg ih puirtm istn firrnjm lms

rispmljir fml PVZ y Il fnsm ji lm rifg`gr lnjn ih puirtm

istn n`girtm m sghilfgmsm.

Fgirtms egriwnhhs vgaghnl hms pnquitis ji eglnhgznfgl nqudnfi hm qui EGL lm.


18/51

Fmkpmrtnkgiltm

Luhh sfnl

Dnfbir ---R [---< RM[ _uirtm ZF_ n`girtm il hn Ugftgkn

hmfnh ---R [---< RT[ _uirtm ZF_ firrnjm il hn Ugftgkn


Dnfbir ---R [---< R~[ _uirtm ZF_ sghilfgmsm il hn Ugftgkn


19/51

Hn rnzl


20/51

_MF


21/51

Ntnquis KGZ>. JLV fnfdi pmgsmlgla

0. NP_ _mgsmlgla6. _dgsdgla

:. Vshstrgp


22/51

IT_HMZNFGML

I j


23/51

Isflir ji

vuhlirn`ghgjnjis

j


24/51

Isflir ji

vuhlirn`ghgjnjis


25/51


26/51

IT_HMZNFGML


27/51

Kitnsphmgt

Qgljmws Virvir 0??6


28/51

_ilitrnfgl

Qgljmws Virvir 0??6

prui`n ji fmlfiptm_uirtm ::9

>. ks?4?51

0. Frinr usunrgm6. Dn`ghgtnr Isfrgtmrgm Pikmtm

:. Fnk`gnr hn fmltrnsin jih Njkglgstrnjmr

M@CIZGUM

Kmstrnr ih ntnqui ji pilitrnfgl n

Qgljmws sirvir 0??6 il ul nk`gilti

fmltrmhnjm.


29/51

Kitnsphmgt

Qgljmws Virvir 0??4 P0


30/51

Kitnsphmgt

Qgljmws Virvir 0??4 P0

Lukirm ji vuhlirn`ghgjnj 3 ks?7?9?

Ilfmltrnr ih sirvgjmr virgegfnljm virsgl ji sk`Ixphmtnr hn vuhlirn`ghgjnj

Jilianfgl ji sirvgfgms.

M@CIZGUM

Kmstrnr ih ntnqui ji Jilianfgl ji

sirvgfgms n Qgljmws sirvir 0??4 il ul

nk`gilti fmltrmhnjm.


31/51


32/51

Kitnsphmgt

_ilitrnfgl n Qgljmws T_ V_6_rui`n ji fmlfiptm

>. Ilfmltrnr hn vgftgkn virgegfnljm virsgl ji VK@

0. Hmarnr hn m`tilfgl ji uln rivirsi sdihh6. Dn`ghgtnr ih usm ji isfrgtmrgm rikmtm

:. Glyiftnr hn fmlixgl n isfrgtmrgm rikmtm

M@CIZGUM


wgljmws T_ sp6 il ul nk`gilti fmltrmhnjm.


33/51

Kitnsphmgt

Qgljmws 1


34/51

Kitnsphmgt

Qgljmws 1 _ilitrnfgl

_rui`n ji fmlfiptm

>. Ysnr GLAILGIPGN VMFGNH

0. Fmpgnr litfnt n hn vgftgkn y frinr puirtn trnsirnfrinljm PIUIPVI VDIHH

6. Uuhlirnr lnvianjmr wi`.

:. Y_HMNJ KG _NZD F3XJIVZGLMXXJmwlhmnjs

M@CIZGUM


wgljmws 1 il ul nk`gilti fmltrmhnjm.


35/51

Ntnquis QI@


36/51

Ntnquis TVVNlnhgfikms hn vuhlirn`ghgjnj ji xss

Is uln vuhlirn`ghgjnj ji arnjm kijgm nhtm yn qui fml istms

ntnquis sir pmsg`hi ih ri nhgznr ih dgcnfbgla qui is ih rm`m ji

gjiltgjnj kijgnlti hns fmmbgis jih lnvianjmr


37/51

Ntnquis TVV


38/51

Ntnquis TVV


39/51

Ntnquis TVV


40/51

tnquis PEGPikmti eghi glfhusgmlvuhlirn`ghgjnj qui neiftn lgfnkilti n pnaglns jglkgfns

prmarnknjns il _D_, fmlsgsti il ilhnznr nrfdgvms u`gfnjms il ul

sirvgjmr rikmtm.

PEG si nprmvifdn jih usm grrispmlsn`hi ji hns

eulfgmlis glfhuji y riqugiri, hns funhis, ji`gjm nh hgkgtnjm

fmlmfgkgiltm jih prmarnknjmr y

hns pmfns m luhns vnhgjnfgmlis qui rinhgzn nltis ji glfhugr uln vnrgn`hi

rifg`gjn pmr

pnrnkitrm ji YPH, puijil sir nprmvifdnjns pmr usunrgms knhgfgmsms

pnrn glfhugr sfrgpts

prmarnknjms pnrn ixphmtnr jgfdn vuhlirn`ghgjnj.


41/51

tnquis PEGPikmti eghi glfhusgmldttp3//www.vgftgkn.fmk/gljix.pdp=lnv;pnagln>pdp

dttp3//www.vgftgknfmk/gljix.pdp=lnv;pnagln0.pdp

8=pdpprgltsystik($]AIZR'fmkknlj'[)2

=


42/51


43/51

Glyiffgml V^H

ulgml nhh sihift "8=pdp

ivnh($]AIZR'ixif'[)2 =


44/51

Nlnhgfikms isti fjgam8=pdp

$hglb ; kysqh]fmllift('>01.?.?.>','rmmt', 'pnss')2

kysqh]sihift]j`('icikphm', $hglb)2

$sqh ; kysqh]quiry('sihift * ermk icikphm wdiri gj;'.$]AIZR'gj'[, $hglb)2

ge(kysqh]irrlm($hglb))

{ ifdm kysqh]irrmr($hglb)2ixgt2

}

wdghi($rmw ; kysqh]eitfd]nssmf($sqh))

{ ifdm $

rmwR'gj'[."".$rmwR'tgtuhm'[."

".$rmwR'fmltilgjm'[."

".$rmwR'pnrilt'[2

}=


45/51

@usquijn ji tn`hns.


46/51

Ivnfgml ji GJV


47/51

Ih ntnfnlti sn`i qui ixgstil eghtrms qui ivgtnrn hn

hhianjn ji hn glyiffgl nh sirvgjmr, ih usnrn uln

fmk`glnfgl ji fnrnftiris y ilfrgptnfgmlis pnrn

snhtnrsi hms eghtrms y ih GJV hm rifmlmzfn fmkm

vnhgjms.


48/51





vnhgjms.

Fdnr jmu`hi ilfmji


49/51





vnhgjms.

Vpnfi 0 kssqh `hnlb


50/51

_rui`n ji fmlfiptmM@CIZGUM

Kmstrnr ih ntnqui ji glyiffgl V^H y ihjukpim ji hn @J. il ul nk`gilti

fmltrmhnjm.


51/51

APNFGNV

Técnicas avanzadas de penetracion a sistemas con IDS / Rafael Gómez del Ángel

Documents

Transcript of Técnicas avanzadas de penetracion a sistemas con IDS / Rafael Gómez del Ángel