> For the complete documentation index, see [llms.txt](https://gitbook.cdxiaodong.life/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.cdxiaodong.life/cicd-an-quan/yi-lai-an-quan/typosquatting.md). # 域名欺骗 ## 概述 域名欺骗长期以来一直是域名领域的一个已知问题。然而,同样的方法可以用于在构建系统或公司员工的机器上获得任意代码执行,这些系统在依赖安装期间使用公共注册表。 攻击按照以下方式发展: * 攻击者制作一个在安装期间执行任意代码的包 * 该包是流行包的拼写错误版本,容易被错误输入,例如 `reqeusts`(而不是 `requests`) * 攻击者将包上传到公共注册表,如 pypi、npm、rubygems 等 * 如果有人无意中安装了这样的包,攻击者将获得任意代码执行能力。 此外,如果您利用输入命令时的错误,这也可能奏效。例如,让我们看看在 `python` 中使用 `pip` 安装依赖: ```bash $ pip install -r requirements.txt ``` 然而,在输入时很容易遗漏 `-r` 键,命令将变成这样: ```bash $ pip install requirements.txt ``` 换句话说,不是从 `requirements.txt` 文件安装依赖,而是安装名为 `requirements.txt` 的包。因此,攻击者只需要创建并上传一个名为 `requirements.txt` 的恶意包。 另一个例子是 `-` npm 包,它有超过 700,000 次下载,更多详情请查看 "[空的 npm 包 '-' 有超过 700,000 次下载 - 原因如下](https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/)"。 ## 如何在安装期间执行代码? ## 技巧 ### 数据收集 为了在基于数据识别组织的能力和避免收集过多敏感信息的需求之间取得平衡,您可以收集以下数据: * 用户名 * 主机名 * 当前路径 连同外部IP一起,这些数据应该足够帮助安全团队识别潜在易受攻击的系统,并避免将测试误认为是真实攻击。 ### 数据检索 由于大多数可能的目标位于保护良好的企业网络深处,DNS渗透是检索收集数据的最佳方式。将十六进制编码的数据作为DNS查询的一部分发送到自定义权威名称服务器。您可以使用以下资源来实现DNS渗透: * [1u.ms](https://github.com/neex/1u.ms) 是一个小型零配置DNS工具集,提供易于使用的DNS重绑定工具,以及获取任何给定内容的可解析资源记录的方法 * [Interactsh](https://github.com/projectdiscovery/interactsh) 是一个OOB交互收集服务器和客户端库 ## 参考资料 * [文章:编程语言包管理器的域名欺骗](https://incolumitas.com/2016/06/08/typosquatting-package-managers/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://gitbook.cdxiaodong.life/cicd-an-quan/yi-lai-an-quan/typosquatting.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.