一篇翻譯工具機翻譯的介紹,重點是他提供的DEMO網頁XD
原文網址:http://www.shineblog.com/user2/xmmc/archives/2006/627446.shtml
If you are not sure what a penetration testing tool is you could check my previous post: Introduction to Automated Penetration Testers .如果你不知道你是一個穿透測試工具可以查我以前的職:引言自動穿透測驗.
The company is wide famous among security guys also for a series of parallel works, from publishing public security advisories and research papers, to hosting some very interesting security projects, which in part are inside Impact.著名大公司之間也進行了一系列的安全佬並行工程發佈公安警告和研究論文,有的很有趣主辦保安工程其中一部分是黨內的影響.
After following a demo webcast about new features Impact 5.0 offers, I was contacted by the company as usual in these cases.下一個演示播後約5.0新特點衝擊出價我所接觸的公司在這種情況如常.
I asked if I could produce a public review about the product on Security Zero and received an enthusiastic positive answer.我問如果我能出示一份公開檢討有關安全生產零接待熱情積極的回答.
I received more online, interactive training on a real installation and the trial product to realize the following review.我接到更多的網上互動式培訓和試生產裝置真正實現下述審查.
Installation and configuration安裝和配置
Core Impact 5.0 will fit well in a Windows XP Professional machine but will absolutely require administrative privileges for installation.核心將影響5.0適合於視窗XP專業機但是絕對需要行政特權進行安裝.
As soon as you start the program you’ll notice the downloaded updates summary.只要你的節目,你就會開始下載最新公告摘要.
They are composed by new exploits developed by Core Security, which customers can download for a whole year since the day their license starts, and the new OS fingerprinting database, provided by NMap.他們組成了新研製的核心戰功安全讓客戶可以下載了整整一年,自許可之日起的,而新的作業系統指紋資料庫,提供MA的.
onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1025">
The update operation can be manually invoked at any time and I strongly suggest doing so before any new penetration test.更新操作可隨時手動援引做之前,我強烈建議任何新的滲透測試.
onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1026">
When a new vulnerability goes public, Core Security develops and put online for download a new exploit in a 1-2 weeks timeframe.當新上市的脆弱,核心安全和發展提出了新的開拓,在網上下載了1-2周時間.
Penetration tests management is organized in Workspaces, which you can assign to your customers or parts of your network to be treated as isolated.滲透測試組織工作空間管理、你可以把你的客戶或你的網路部分視為孤立.
Every workspace is ciphered with prime numbers generated by mouse movements and a user-defined passphrase.每一個素數與工作空間是ciphered產生滑鼠動作和使用者定義passphrase.
This is an important feature granting privacy even in machine theft case.這是一個重要特徵,即使給予隱私權機盜竊案.
Impact activity is organized in 6 phases:活動舉辦6期的影響:
- Network Discovery網愉
- Attack and Penetration攻擊與滲透
- Local Information Gathering本地資訊採集
- Privileges Escalation特權升級
- Clean Up清理
- Report Generation報告生成
Targets discovery發現目標
The network discovery module is developed directly by Core Security and as already said it uses the NMap OS fingerprinting database.愉模組開發網路安全和直接的核心內容已經說過利用MA的作業系統指紋資料庫.
' border=0 onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1027">
You can choose to customize the discovery asking to recognize applications instead of just enumerating ports (like NMap can do since some releases).你可以選擇定制的發現不是只要求確認申請列舉港口(MA的一樣可以做,因為有些發佈).
' border=0 onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1028">
This module can easily replace any vulnerability scanner you have, like Shadow Security Scanner or eEye Retina.這個單元可輕易取代你有什麼弱點掃描器,像影子eeye安全或視網膜掃描器.
Another way to find targets to attack is to import a list from portscanners and vulnerability scanners like NMap, Nessus, Retina, LANguard and Saint.另一種方法是尋找攻擊目標的名單,由進口portscanners像MA的掃描器和脆弱,Nessus中,視網膜,languard和聖.
The attack攻擊
The real attack can be configured in a very flexible way: you can choose if permit DoS attacks, which eventually will freeze the target network, you can choose to be very invasive giving priority to privileges escalations exploits, etc.真正的攻擊可以在很靈活配置:如果你可以選擇允許DoS攻擊,最終目標將凍結網路你可以選擇要非常侵襲優先特權升級功勳等
onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1029">
Impact intelligently selects which exploit to launch against a target analyzing what ports portscanner module found opened.聰明選擇利用發起衝擊而目標分析發現什麼港口portscanner艙打開.
But remember this method is prone to the tricky use of non-standard ports for services, rarely used by companies to protect certain private, critical applications.但這種方法很容易記刁鑽的使用非標準港口服務很少使用的一些私人公司來保護,關鍵應用.
When it finds vulnerability in a target system it immediately exploits it injecting an agent.當它發現了目標體系脆弱戰功它立即注射代理人. And this is for sure the strength of Impact.這是肯定的力量衝擊.
Agents are classified on an invasive level from 0 to 1.歸類於一個創一級代理商0至1. A higher agent level means more attack actions available on the target system, until the total machine control.代理人更高層次就意味著更多的攻擊行動,目標可制,直到完全控制機器.
' border=0 onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1030"> 
onclick="javascript:window.open(this.src);" onload="javascript:if(this.width>440){this.resized=true;this.style.width=440;}" v:shapes="_x0000_i1031">
Depending on how severe the found vulnerability is Impact will be able to inject an agent of level 0 or 1.視乎嚴重影響脆弱的發現將可注入代理人級別0或1.
But if you chosen to be not much invasive it will try to inject level 0 agents everywhere.但如果你要選擇不多侵襲它將嘗試注入一級代理商四處0. At a second time you’ll be able to upgrade the agent from level 0 to level 1.下午二時則可以提升代理人從0到1級水準.
Pre-made actions (organized in modules) offered by agents are impressive: from simple screen capture to user password dumping, to keylogger installation (and remote sending of every single key pressed by users), to personal firewall disabling, to DLL injection into a running process.預作行動(模組組織)提供的代理商可觀:從簡單到螢幕捕獲使用者密碼傾銷keylogger來安裝(與遠端傳送到每一個用戶按下鍵),個人防火牆致殘、為了DLL的運行過程中注入了.
One of the most critical actions is the password sniffer installation with its packet driver.其中最關鍵的行動是其安裝包嗅探密碼司機.
But the most important feature at all is the capability of using an already-compromised machine (where an agent already is injected) as source for a new attack wave.但最重要的特點是所有具備利用一個已經失密機(如代理人已經注)作為一種新的攻擊波源泉.
In this way every attack can be relaunched towards new network segments where the compromised machine could be connected, unreachable from the starting attack position.這樣,每攻擊可以重新邁向新的網路部分受損機器可連接,從遙不可及的出發攻擊位置.
In my test environment the first penetration test victim had two network interfaces connected to networks 10.0.0.0 and 10.1.0.0.我第一次滲透測試環境測試網路介面連接兩個受害人和網路10.0.0.010.1.0.0.
The machine where Impact was installed was on the 10.0.0.0 network and from there was impossible to reach the 10.1.0.0 network.機器被安裝在那裡的影響,並從那裡10.0.0.0網路無法到達10.1.0.0網路.
Attacking and compromising the first victim made possible to reach the second network and a second victim, compromising it too.攻擊與妥協的第一個受害者可能達到二、二網受害人過於妥協.
Every single module is developed in Python and Core Security offers customers the chance to create their home-made modules to be integrated inside Impact.每個單元在巨蟒和核心是發展機會,創造顧客提供安全的土制單元內將綜合影響. Obviously an appropriate know-how is required to do so.顯然適度訣竅需要這樣做.
At today attacks cannot be scheduled in any way and this is really a pity since Impact can already register an attack sequence with a Macro Wizard.原定在今天襲擊不能以任何方式和影響,這是很可惜,因為已經登記順序與宏觀男巫攻擊.
Anyway Core Security could evaluate introducing this feature in a future release if customers start asking for it.反正核心引入安全評價這一特點可以在未來如果用戶開始要求釋放.
Meanwhile you could try to drive Impact with 3rd party’s automation tools like Automate.另外你可以嘗試駕駛與三號影響黨的自動化工具,如自動化.
Information gathering資訊採集
When an agent is installed on a target machine, customers can require as much information about that machine as they want: what OS patches are installed, local running services, installed applications, etc.當代理人的目標是安裝在機顧客可以要求更多的資料,他們希望機器:什麼是作業系統塊安裝本地運行服務安裝應用系統等
You’ll eventually find now the data you’re looking for.你現在終於找到你要找的資料.
Agents clean-up代理商大掃除
At the end of penetration testing you can launch a clean-up procedure, removing any agent installed on victims, to revert the environment to original conditions.截至滲透測試你可以發動大掃除,清除劑安裝在任何受害者回復到原來的環境條件.
Reporting報告
The reporting module is really complete.報告模組真的完成. Is able to extract data and arrange it in four different kinds of reports, aimed to different audiences, from the executive manager to the security manager.能提取資料,並安排在4個不同類型的報導,以不同的觀眾,從行政經理到保安經理.
The report is generated by the embedded Crystal Report engine, from BusinessObjects, and can be viewed by the embedded Crystal Report Viewer.該報告是由水晶報告嵌入引擎,從businessobjects,並可以由水晶報告嵌入觀眾.
Then you can print it or save in a lot of formats: PDF, HTML, XML, RPT (Crystal Reports), XLS, DOC, etc. It can even be injected in a database via ODBC.然後你可以列印或格式節省了不少:以PDF、HTML語言、XML技術、多哥(水晶報導)用xls,商務部等,甚至可以透過ODBC的資料庫注入.
Here an example .這裡一個例子.
Pricing定價
Core Security typically offers a one-year unlimited license, able to scan as many IPs as the customer wants and including product updates, training, maintenance and support.提供一個安全的核心通常一年無限許可能夠掃描的客戶要多通訊社等產品的更新換代和訓練,維護和支持.
After the year you can still use the product but don’t have exploits updates.一年之後你仍然可以使用,但沒有戰功產品更新.
The price for such a license is of $25,000 USD.這種價格是25,000美元執照.
Even if the price seems expensive, the cost of a single, outsourced, penetration test on a complex environment can go far beyond it.即使價格似乎昂貴費用單,外包、穿透了複雜環境的考驗才能超越它.
The bottom line底線
Core Impact is a real complex product with huge potential, but has a very high learning curve and you just need few hours to manage basic features with confidence.核心是真正影響複雜產品潛力巨大,但有一個非常高的學習曲線,你只需幾小時管理的基本特徵與信心.
The product has a price worth paying with these characteristics.該產品具有這些特點值得付出的代價.
On the end I strongly suggest it to companies who implemented or are implementing a security assessment plan on their infrastructures, particularly if are much extended.我強烈建議在年底前向公司實施或正在實施安全評估的基礎設施計畫,特別是如果大大延長.
I also would recommend it to consulting companies offering a penetration testing service.我也將推薦給公司提供諮詢服務滲透測試.
沒有留言:
張貼留言