第十六課:紅藍(lán)對(duì)抗?jié)B透測(cè)試1
專(zhuān)注APT攻擊與防御
https://micropoor.blogspot.com/
前言:
在團(tuán)體滲透測(cè)試的項(xiàng)目中,如紅藍(lán)對(duì)抗,團(tuán)隊(duì)滲透測(cè)試比賽等,最重要的是過(guò)程與結(jié)果實(shí)時(shí)共享于團(tuán)隊(duì),例如:A同學(xué)nmap目標(biāo)站,B同學(xué)也nmap目標(biāo)站,這在對(duì)抗比賽中是極其浪費(fèi)時(shí)間也是非常容易引起防火墻,日志服務(wù)器或其他設(shè)備的警覺(jué)。所以打算寫(xiě)一系列關(guān)于未來(lái)團(tuán)隊(duì)滲透的對(duì)抗。爭(zhēng)取做到過(guò)程與結(jié)果,團(tuán)隊(duì)實(shí)時(shí)共享。把曾經(jīng)的團(tuán)隊(duì)作戰(zhàn)經(jīng)驗(yàn)形成一個(gè)適應(yīng)對(duì)抗,比賽等的參考。
BloodHound簡(jiǎn)介:
BloodHound是2016年出現(xiàn)大家的視線(xiàn)中,它是一個(gè)分析和解讀AD中權(quán)限關(guān)系的一個(gè)工具。對(duì)于攻擊者來(lái)說(shuō),能快速的獲取到域中的線(xiàn)索以便進(jìn)行下一步攻擊,而對(duì)于防御者來(lái)說(shuō),可以更快速的得知攻擊者可能采取的攻擊途徑以及域中的可突破的途徑。
項(xiàng)目地址:
https://github.com/BloodHoundAD/BloodHound
Debian上安裝:
root@John:~# apt-get install git wget curl
root@John:~# wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo
apt-key add
root@John:~# echo 'deb http://debian.neo4j.org/repo stable/' | sudo tee
/etc/apt/sources.list.d/neo4j.list
root@John:~# apt-get install openjdk-8-jdk openjdk-8-jre
root@John:~# apt-get install neo4j
root@John:~# echo "dbms.active_database=graph.db" >> /etc/neo4j/neo4j.conf
root@John:~# echo "dbms.connector.http.address=0.0.0.0:7474" >>
/etc/neo4j/neo4j.conf
root@John:~# echo "dbms.connector.bolt.address=0.0.0.0:7687" >>
/etc/neo4j/neo4j.conf
root@John:~# tail /etc/neo4j/neo4j.conf
# Name of the service
dbms.windows_service_name=neo4j
#********************************************************************
# Other Neo4j system properties
#********************************************************************
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
dbms.active_database=graph.db
dbms.connector.http.address=0.0.0.0:7474
dbms.connector.bolt.address=0.0.0.0:7687
root@John:~j# update-java-alternatives -l
java-1.8.0-openjdk-amd64 1081 /usr/lib/jvm/java-1.8.0-openjdk-amd64
root@John:~j# update-java-alternatives -s java-1.8.0-openjdk-amd64
下載地址:https://neo4j.com/download/
root@John:~/Downloads# tar zxvf neo4j-community-3.3.0-unix.tar.gz
root@John:~/Downloads/neo4j-community-3.3.0/bin# ./neo4j start
Active database: graph.db
Directories in use:
home: /root/Downloads/neo4j-community-3.3.0
config: /root/Downloads/neo4j-community-3.3.0/conf
logs: /root/Downloads/neo4j-community-3.3.0/logs
plugins: /root/Downloads/neo4j-community-3.3.0/plugins
import: /root/Downloads/neo4j-community-3.3.0/import
data: /root/Downloads/neo4j-community-3.3.0/data
certificates: /root/Downloads/neo4j-community-3.3.0/certificates
run: /root/Downloads/neo4j-community-3.3.0/run
Starting Neo4j.
WARNING: Max 1024 open files allowed, minimum of 40000 recommended. See the
Neo4j manual.
Started neo4j (pid 4286). It is available at http://localhost:7474/
There may be a short delay until the server is ready.
See /root/Downloads/neo4j-community-3.3.0/logs/neo4j.log for current status.
root@John:~# apt-get install bloodhound
root@John:~/Downloads/neo4j-community-3.3.0/bin# nmap 127.0.0.1 -p 7474
Starting Nmap 7.40 ( https://nmap.org ) at 2017-12-02 11:16 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
PORT STATE SERVICE
7474/tcp open neo4j
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
Micropoor
?
