{"id":458,"date":"2015-08-16T18:11:08","date_gmt":"2015-08-16T15:11:08","guid":{"rendered":"https:\/\/furkansandal.com\/sizma-testlerinde-http-servislerine-yonelik-brute-force-saldirilari\/"},"modified":"2015-08-16T18:31:36","modified_gmt":"2015-08-16T15:31:36","slug":"sizma-testlerinde-http-servislerine-yonelik-brute-force-saldirilari","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/sizma-testlerinde-http-servislerine-yonelik-brute-force-saldirilari\/","title":{"rendered":"S\u0131zma Testlerinde HTTP Servislerine Y\u00f6nelik Brute Force Sald\u0131r\u0131lar\u0131"},"content":{"rendered":"<p>[ad_1]<\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\">\n<div style=\"text-align: justify;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">\u0130nternet \u00fczerinden ya da yerel a\u011fdan yap\u0131lan s\u0131zma testlerinde, i\u015fletim sistemi ya da \u00fc\u00e7\u00fcnc\u00fc parti yaz\u0131l\u0131mlar\u0131n g\u00fcncelleme eksikleri, web uygulamlar\u0131ndaki girdi do\u011frulama(input validation) hatalar\u0131 yetki y\u00fckseltme konusunda en s\u0131k kar\u015f\u0131la\u015f\u0131lan durumlard\u0131r. Yetkisiz bir kullan\u0131c\u0131 rol\u00fc ile yap\u0131lan s\u0131zma testinde bu tarz zafiyetleri kullanarak yetkili bir kullan\u0131c\u0131 haklar\u0131na sahip olunabilir. <\/span><\/div>\n<p><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">\u00a0<\/span><\/p>\n<\/div>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\">\n<div style=\"text-align: justify;\"><span style=\"font-family: Arial; font-size: 15px; line-height: 1.38;\">Bunlar\u0131n d\u0131\u015f\u0131nda en az bu zafiyetler kadar \u00f6nemli olan ve kesinlikle bak\u0131lmas\u0131 gereken di\u011fer bir zafiyet ise, \u00f6n tan\u0131ml\u0131 olarak b\u0131rak\u0131lan ya da basit parola ile korunan web uygulama y\u00f6netim panelleridir. Sizi en yetkisiz kullan\u0131c\u0131dan bir anda Domain Admin haklar\u0131na sahip bir kullan\u0131c\u0131ya ta\u015f\u0131yabilir. Bunun i\u00e7in yap\u0131lmas\u0131 gereken \u015fey, ilgili IP bloklar\u0131nda a\u00e7\u0131k olan HTTP portlar\u0131n\u0131 bulmak ve burada bulunan giri\u015f panellerine \u00f6n tan\u0131ml\u0131 ya da s\u0131k kullan\u0131lan basit parolalar\u0131 denemektir.<\/span><\/div>\n<p><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\"><a name=\"more\"><\/a><\/span><span style=\"font-family: Arial; font-size: 15px; line-height: 1.38;\">\u0130lk olarak bulundu\u011funuz yerel a\u011fdaki a\u00e7\u0131k HTTP portlar\u0131n\u0131 bulmak i\u00e7in nmap\u2019i kullanabilirsiniz.<\/span><\/p>\n<\/div>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Bunun i\u00e7in yapman\u0131z gereken \u015fey 80 portu a\u00e7\u0131k olan IP\u2019leri belirlemektir. A\u015fa\u011f\u0131daki nmap komutu ile bu i\u015flemi h\u0131zl\u0131 bir \u015fekilde ger\u00e7ekle\u015ftirebilirsiniz.<\/span><\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"margin-left: 0pt;\">\n<table style=\"border-collapse: collapse; border: none; width: 624px;\">\n<colgroup>\n<col width=\"*\" \/> <\/colgroup>\n<tbody>\n<tr style=\"height: 0px;\">\n<td style=\"padding: 7px 7px 7px 7px; vertical-align: top; border: solid #000000 1px;\">\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">nmap -p80 &#8211;open 192.168.0.0\/24<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Starting Nmap 6.46 ( http:\/\/nmap.org ) at 2015-05-11 21:27 EEST<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Nmap scan report for 192.168.0.1<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Host is up (0.094s latency).<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">PORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">80\/tcp open \u00a0http<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Nmap scan report for <\/span><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;\">192.168.0.22<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Host is up (0.00072s latency).<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">PORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">80\/tcp open \u00a0http<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Burada 192.168.0.22 IP adresinin 80 portunun a\u00e7\u0131k oldu\u011fu g\u00f6r\u00fclmektedir. Bu IP adresine browser \u00fczerinden eri\u015ferek login paneline \u00f6n tan\u0131ml\u0131 ya da basit parola denemeleri yap\u0131labilir. Bunu manuel olarak yapmak biraz zahmetli olaca\u011f\u0131ndan nmap\u2019in http-default-accounts scriptini kullanmak size h\u0131z ve zaman kazand\u0131racakt\u0131r. Bu script, ilgili portta hizmet veren login paneline kaba kuvvet sald\u0131r\u0131s\u0131 yapacakt\u0131r ve giri\u015f bilgilerini bulabilirse size bunu s\u00f6yleyecektir. A\u015fa\u011f\u0131daki \u00f6rnek kullan\u0131mda bu durum g\u00f6sterilmi\u015ftir.<\/span><\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"margin-left: 0pt;\">\n<table style=\"border-collapse: collapse; border: none; width: 624px;\">\n<colgroup>\n<col width=\"*\" \/> <\/colgroup>\n<tbody>\n<tr style=\"height: 0px;\">\n<td style=\"padding: 7px 7px 7px 7px; vertical-align: top; border: solid #000000 1px;\">\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">nmap &#8211;script http-default-accounts -p80 192.168.0.22<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Starting Nmap 6.46 ( http:\/\/nmap.org ) at 2015-05-11 21:33 EEST<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Nmap scan report for 192.168.0.22<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Host is up (0.00037s latency).<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">PORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">80\/tcp open \u00a0http<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: red; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;\">|_http-default-accounts: [Apache Tomcat] credentials found -&gt; admin:admin Path:\/manager\/html\/<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Nmap done: 1 IP address (1 host up) scanned in 14.54 seconds<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Buradan anla\u015f\u0131laca\u011f\u0131 \u00fczere hedef sistemde Tomcat uygulamas\u0131 \u00e7al\u0131\u015fmaktad\u0131r ve yap\u0131land\u0131rma hatas\u0131ndan kaynakl\u0131 olarak \u00a0\u00f6n tan\u0131ml\u0131 giri\u015f bilgileri ile b\u0131rakl\u0131lm\u0131\u015ft\u0131r. Bu ad\u0131mdan sonra elde edilen bilgiler ile Tomcat y\u00f6netim arabirimine girerek sisteme casus yaz\u0131l\u0131m at\u0131labilir ve i\u015fletim sistemi baz\u0131nda komut \u00e7al\u0131\u015ft\u0131r\u0131labilir.<\/span><\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">\u00d6rnek olarak, web arabiriminden uygulamaya casus yaz\u0131l\u0131m y\u00fcklendikten sonra test ad\u0131nda bir kullan\u0131c\u0131 a\u015fa\u011f\u0131daki gibi eklenmi\u015ftir.<\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/BvMS9pb_LtP8btBeQXRdcpbkruHJVmZuPZkuMf6YZx9Vwv7kCV6a1qYT3TFsdIB-FFaKbS6Dz5G1q_v7-9Wo2MtQwNTZ9uyQPggpMagITw3SfAcah8dML2Vl-WohtquG-VEWgQE\" alt=\"\" width=\"624px;\" height=\"113px;\" \/><\/span><\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Daha sonras\u0131nda bu kullan\u0131c\u0131ya lokal admin haklar\u0131 verilerek Administrators grubuna dahil edilebilir. <\/span><\/div>\n<p><b style=\"font-weight: normal;\">\u00a0<\/b><\/p>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/Bj3zkh9mc3jlBROXurni0GmyHr-d4e01fmca5JUn9r6XBotSC2IpcCNneGY2KltCNxEC5QJbo1IN9h8b_PS5w-YzgdxGNL8XttIL_aOjpzSL0rnCsev_U22OjpHKdfzJ4Avrz_Q\" alt=\"\" width=\"624px;\" height=\"115px;\" \/><\/span><\/div>\n<div dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"><span style=\"background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;\">Son olarak, art\u0131k makineye uzak masa\u00fcst\u00fc ba\u011flant\u0131s\u0131 yapabilir ve meterpreter oturumu elde etmek i\u00e7in istenilen herhangi bir zararl\u0131 yaz\u0131l\u0131m \u00e7al\u0131\u015ft\u0131r\u0131labilir.<\/span><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad_1] \u0130nternet \u00fczerinden ya da yerel a\u011fdan yap\u0131lan s\u0131zma testlerinde, i\u015fletim sistemi ya da \u00fc\u00e7\u00fcnc\u00fc parti yaz\u0131l\u0131mlar\u0131n g\u00fcncelleme eksikleri, web&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-7o","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/458"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=458"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/458\/revisions"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}