Hoc Lam Hacker SANGTAOTRE.com Sua Tam

**** Foot Printing ****

**** Foot Printing ****

Thn cho tt c cc bn , nhm p ng nhu cu hc hi trong hacking v security, fantomas311 bin son mt b bi vit "Basic hacking" v cc bi vit lin quan n hacking h thng gii thiu n cc bn . Xin khuyn co vi nhng ai mun hc hack mt cch fast food l cc bn khng nn c bi vit ny ! V ti khng post nhng bi dy hack cho cc bn , m ti ch post bi theo phng chm "hack nh th no" . Hy c , suy ngh v lm bng i tay v khi c ca mnh !!

Trc khi cc hacker thc s bt tay vo vic, h phi tin hnh 3 bc c bn l in du n (foot printing) , Qut (scanning) v im danh(enumeration). Bi vit ny cp n k thut in du n v nhng vn lin quan.

**In du n l g ??**

In du n l vic dng cc cng c v k thut ly thng tin c bn u tin v mt t chc hoc mt chuyn khu web mun tn cng ( trong bi vit ny tm gi l victim). Vic in du n c h thng mt t chc s cho php hacker thy r tnh hnh an ninh ( bo mt) ca t chc .

**Ti sao cn in du n ??**

Foot Printing gip c th nh danh tt c cc mu tin v nm nhng thng tin c bn (i khi kh quan trng) v victim

** K thut in du n **

C rt nhiu k thut in du n khc nhau, bi vit ny s m t cc bc gip bn hon thnh mt t phn tch du n k lng.

*Bc 1:

nh phm vi hot ng: Bc ny ni cho n gin l bn phi xc nh r ci m bn mun hack l g ( mt cng ty , mt server hay ch l mt web c nhn ... )

- i vi ngi mi bt u, bn nn c k v ghi li nhng thng tin m trang web cung cp cho bn ( nhng thng tin v n , nh s T , mail ca webmaster , a ch ....). C nhiu khi nhng thng tin ny li l "chic cha kho vng" cho bn :) Nhng mc ng quan tm bao gm :+ Cc v tr+ Cc cng ty hoc thc th lin quan+ Cc kt ni hoc tin tc c c+ Cc ngn ng bo mt nu r cc c ch bo mt thit t ( cu hnh fire wall chng hn )+ Cc s in thoi , tn lin lc v Email .....

Ngoi ra, bn cng c th xem li m ngun HTML tm nhng s h trong lp trnh , bn cnh , nhng ch thch nm trong cc th HTML nh < ! v ~ cng l mt " ti nguyn" ng khai thc !! ( th d nh :D )Sau khi nghin cu trang web , bn tm thm nhng thng tin cung cp cc manh mi b sung v tnh trng ca t chc v tnh hnh an ninh ca n ( trn bo ch , cc bn tin trn NET chng hn) . Nhng ng c tm kim l cha kho cho bn . Sau y l mt vi ng c tm kim :

http://google.com :) http://sec.govhttp://cyberarmy.com Http://deja.comhttp://networksolution.com http://dogpile.comhttp://astalavista.com http://ipswich.comhttp://arin.net/whois/ http://ferretsoft.com

Okie, hy tin hnh bc u tin trong k thut Hack !! B)

*Bc 2 : im danh mng

Trong bc ny , vic u tin l nh danh cc domain v mng c lin quan n victim . Mun lm iu ny , hy truy xut d liu ca network solution ( www.networksolution.com ) v American Registry for Internet Number ( www.arin.net )Mt s kiu truy vn :

+Organizational : Tt c cc thng tin c lin quan n mt t chc c th+Domain:---------------------------------- domain -------+Network:-----------------------------------mng hoc IP+Point of contact:-------------------------1 c nhn c th ( admin )

*Bc 3 : Truy vn DNS

Sau khi nh danh cc domain ca t chc ch (victim), bn c th bt u truy vn DNS . Nu DNS c cu hnh bp bnh, ta c th moi c thng tin tit l v t chc . Mt trong nhng cch cu hnh sai nghim trng nht m mt iu hnh vin c th mc phi l cho php ngi dng internet khng tin cy thc hin chuyn giao min DNS ( zone transfer). S c ny c th cho thy tn h ch, cc IP n .... ni chung l cc thng tin mun che du ! Vic cung cp a ch IP bn trong cho 1 ngi dng khng tin cy trn internet cng ging nh cung cp bn ngi nh mnh cho k trm vy !!n y, c l bn c mt cu hi " Zone transfer - how ??" . Xin tha l y l mt vn khc, c l ti s cp trong mt bi vit khc ca mnh trnh long bi vit :). Kt thc bc 3 ti y !

*Bc 4: trinh st mng

Sau khi c bn trong tay, th y l giai on "xm nhp thc t" xc nh l trnh truy cp tim nng mng ( tm hiu nh l vic do thm xc nh cc con ng trc khi tin hnh nh cp m ! ) thc hin cng vic ny , xin gii hiu cc bn chng trnh trace route ( ftp://ftp.ec.lbl/traceroute.tar.z ) c trong hu ht phin bn ca Unix & WinNT . Trong WinNT , n c tn l tracert.Trace route l mt cng c chn on do Van Jacobson vit cho php xem tuyn ng m mt gi tin IP s theo t server ny sang server khcNu bn khng rnh cc lnh trong Unix , c th dng VIsual Route ( http://www.visualroute.com ) thc hin tin trnh trinh st(tracerouting) ny . Giao din ca visual route trng rt bt mt & d s dng. Nhng khng c tc dng tt vi cc mng c quy m ln .Ngoi ra , bn cn c th thc hin mt k thut phc tp hn gi l "tin trnh qut giao thc firewall" (s cp Basic hacking II - Scanning ca fantomas311 )

Vy l cng on u tin ca vic hack vo mt h thng xong . By gi, sau khi thc hin hon tt cc bc trn, bn ( ti ch ni nhng ngi lm ng cc bc trn) c th t hi : "vy c tc dng g ??" Lm g tip theo??" "nhng thng tin thu c c tc dng g?" " C nht thit phi thc hin bc ny khng ?? ":) Nhiu cu hi qu ! Nhng xin cc bn t tr li vy ! Ti ch tr li 1 cu thi ! Bc tip theo ca qu trnh hack - theo l thuyt - l Scanning . Qu trnh Scanning s c cp trong bi vit tip theo ca fantomas311 : " Basic Hacking part II - Scanning" :)Hy vng bi vit ny lm bn hi lng

S Lc Trace Route

Trong bi vit trn ti cp n traceroute. Vy Traceroute l g ?? Mi cc bn xem bi vit sau:

Traceroute l g?

Traceroute l mt chng trnh cho php bn xc nh c ng i ca cc gi packets t my bn n h thng ch trn mng Internet.

Mt v d v Traceroute!

Traceroute c th lm c g? Bn hy xem v d sau s r!

C:\windows>tracert 203.94.12.54

Tracing route to 203.94.12.54 over a maximum of 30 hops

1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms

Ti cn bit ng i t my ti n mt host trn mng Internet c a ch ip l 203.94.12.54. Ti cn phi tracert n n! Nh bn thy trn, cc gi packets t my ti mun n c 203.94.12.54 phi i qua 13 hops(mt xch) trn mng. y l ng i ca cc gi packets:

Netzero(ISP gi d liu i) -> Spectranet (mt nh cng cp mng xng sng - Backbone Provider) -> New York ISP -> New York Backbone -> Asia -> South Asia -> India Backbone -> New Delhi Backbone -> mt router khc trong New Delhi Backbone -> New Delhi ISP

Nh vy, host c a ch ip 203.94.12.54 nm New Delhi, India, South Asia! Bn cng c th telnet n 203.94.12.54 trn cng 13(datetime) xc nh gi GMT qua bn c th bit c v tr ca host ny(yu cu l host 203.94.12.54 phi chy daemon datetime v c nh cu hnh ng v thi gian)!

Traceroute hot ng nh th no?

Trc ht, bn cn bit v ICMP, TTL v cch lm vic ca cc routers(b nh tuyn)!

Nhng kin thc c bn

ICMP - Internet Control Message Protocol. ICMP c dng thng bo cc li xy ra trong qu trnh truyn i ca cc gi d liu trn mng. ICMP thuc tng vn huyn - Transpoort Layer! Tng ng dng HTTP FTP Telnet Finger SSH DNSPOP3/IMAP SMTP Gopher BGPTime/NTP Whois TACACS+ SSL DNS SNMP RIPRADIUS ArchieTraceroute tftp PingTng vn chuynTCP

UDP

ICMP

OSPF

Tng InternetIP

ARP

Tng vt l Ethernet/802.3 Token Ring (802.5) SNAP/802.2 X.25 FDDI ISDNFrame Relay SMDS ATM Wireless (WAP, CDPD, 802.11)Fibre Channel DDS/DS0/T-carrier/E-carrier SONET/SDH DWDMPPP HDLC SLIP/CSLIP xDSL Cable Modem (DOCSIS)

Tt c cc ICMP messages u c chuyn i cng vi cc IP datagrams. Mi ICMP message c gi trong IP datagram s c dng nh sau:

+---------------------+-------------------------+| IP Header(20 bytes) | ICMP message (32 bytes) |+---------------------+-------------------------+

Sau y l cu trc ca mt IMCP message: (tham kho RFC792 bit thm!)

0 7 8 15 16 31+-----------------+-----------------+-----------------+| Type (0 or 8) | Code (0) | 16-bit Checksum |+-----------------+-----------------+-----------------+| Indentifier | sequence number |+-----------------+-----------------+-----------------+| || Optional Data (ni dung ty thuc vo Type v Code) || |+-----------------------------------------------------+

trng type c 15 gi tr khc nhau, ty thuc vo tng loi ICMP error message c th. V d type=3 ch nh cho thng bo li "Khng n c ch" - "Destination unreachable" error message!trng code = sub-error dng xc nh chnh xc li xy ra. V d, type=3 v code=0 ngha l "Network Unreachable"(khng n c mng); nu type=3, code=1 ngha l "Host Unreachable"(khng n c host)...TTL - Time to Live. TTL l mt trng 8 bit trong IP header(bn hy xem li cu trc ca IP header!). TTL l thi gian gi d liu tn ti trn mng trc khi n b b qua. Ngi gi d liu i s xc nh mt gi tr TTL trc, thng l t 32 -> 64. Gi tr ny s c gim i mt khi mt khi c chuyn qua mt b nh tuyn trn mng. Khi gi tr ny bng 0, datagram ny s b b qua v giao thc ICMP s bo li v cho ngi gi. iu ny s trnh cho datagram ny i vo mt vng lp v tn qua cc b nh tuyn.

Mi b nh tuyn khi nhn c IP datagram s gim gi tr TTL ca datagram ny i mt. Hu ht cc b nh tuyn u khng gi li datagram ny trong thi gian qu 1 giy trc khi chuyn datagram ny i. Nn gi tr TTL c th coi bng hop(counter) = s b nh tuyn m datagram ny va vt qua.

Khi b nh tuyn nhn c mt datagram c trng TTL bng 0 hoc 1, n s khng chuyn datagram ny i tip. Thay vo , n s b qua datagram ny v gi mt ICMP message "Time Exceeded"(qu thi gian) tr li cho ngi gi datagram ny! V ICMP message m b nh tuyn gi tr li cho ngi gi c a ch ngun - source address l a ch ip ca b nh tuyn ny nn ngi gi c th bit c a ch ip ca router ny!

Cch lm vic ca traceroute!

Traceroute gi mt IP datagram c TTL=1 n h thng ch. Router u tin nhn c datagram ny s gim gi tr TTL i mt -> TTL=0 v router ny s b qua datagram ny(khng gi n i tip!) v gi mt ICMP error message vi a ch ip ngun l a ch ca n n my bn. Nh vy router c th xc nh a ch ip ca router th nht! Sau , traceroute s gi mt datagram mi i vi gi tr TTL=2(1+1=2) n h thng ch. Router u tin s gim gi tr ca TTL i mt -> TTL=1(2-1=1) v chuyn datagram ny sang router th 2. Router th 2 nhn c datagram c TTL=1 s gim TTL=0. Rounter 2 nhn thy TTL=0 nn n s khng chuyn datagram ny i tip. Router 2 s gi tr li my bn mt ICMP error message vi a ch ip ngun l a ch ip ca n(router 2). Nh vy trnh traceroute trn my bn s bit c router th 2 m datagram i qua. Traceroute s tip tc gi mt datagram khc c TTL=3(2+1=3) i v lp li qu trnh trn cho n khi datagram n c h thng ch!

Nu by gi IP datagram n c ch, TTL=1. Host ch s b qua datagram ny v n cng s khng gi "Time Exceeded" ICMP error message. Nh vy th bn s khng th no bit c l mnh n ch cha?! Traceroute dng mt c ch khc nh sau:

Traceroute gi UDP datagrams n host ch trn cc cng UDP c s hiu ln(>30000). S d n chn cc cng c gi tr ln v thng khng c ng dng no ang lng nghe cc cng ny. Khi host ch nhn c UDP datagram ny, n s gi tr li mt ICMP error message "Port Unreachable"(khng n c cng) cho traceroute. By gi th traceroute c th phn bit c s khc nhau gia ICMP error message "Time Exceeded" vi "Port Unreachable" bit c n c ch hay cha?!

Ghi ch: ICMP error message "Time Exceeded" c type=1 v code=0; ICMP eror message "Port Unreachable" c type=3 v code=3

Tng kt: traceroute gi UDP datagrams n host ch vi gi tr TTL=1 v c tng sau mi ln xc nh cc routers m datagrams i qua. Mi router s gi tr v mt ICMP message "Time Exceeded". Ring h thng ch s gi tr li cho traceroute mt ICMP message "Port Unreachable". Traceroute da vo s khc bit ny xc nh xem n c ch cha?!

V d cui cng!

host2 # traceroute xyz.com

traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets1 isp.net (202.xy.34.12) 20ms 10ms 10ms2 xyz.com (202.xx.12.34) 130ms 130ms 130ms

Dng u tin cho bit hostname v a ch IP ca h thng ch. Dng ny cn cho chng ta bit thm gi tr TTL netview /domainLit k cc my tnh trong 1 domain c th :C:\> netview /domain:tndomain

+++im danh cc h iu khin domain NT :

o su hn mt cht vo cu trc mng NT , ta cn dng mt cng c t NT Resource Kit ( NTRK - lu : t ny dng kh nhiu trong bi vit ny !) , cng c xem l Windows NT Hacking Kit bi bn cht dao hai li ca nhiu trnh tin ch iu hnh mnh m n cung cp ! Trc tin, xin gii thiu s lc v ci gi l NTRK ny :- NTRK l mt b ti liu b tr cho WinNT c km CD cha cc trnh tin ch qun l mng.NTRK cha mt tp hp cc trnh tin ch mnh, a dng t ngn ng Perl ph dng n cc cng ca nhiu trnh tin ch Unix , n cc cng c iu hnh t xa khng c trong cc phin bn l ca WinNT.N l mt b ngh khng th thiu cho cc iu hnh vin mng NT v cng l cng c hu ch cho cc hacker mun khai thc winNT. Cng c l v m gi bn l ca NTRK vo khong ... 200 USD. H, nhng khng sao, vn cn mt gii php free cho bn ti ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/Tr li vn im danh cc h iu khin domain NT: thc hin cng vic ny, ta dng cng c c tn l nltest trong NTRK nh danh cc PDC (Primary Domain Controllers ) v BDC ( Backup Domain Controllers )Cu lnh : C:\> nltest /delist:[domain name]Thm ch, tin xa hn, ta cn dng Holy Grail ca tnh nng im danh NT, tuyn ni rng , hoc nc danh ( s gii thiu sau y ). Sau khi xc lp mt phin lm vic rng cho mt trong cc my trn khu y im danh, ta c th dng c php nltest /server:[server name] v /trusted_domain tm hiu thm cc domain NT c lin quan n domain u tin !

** Phng php NT ton cc **

Hu ht cc k thut thu thp thng tin m ti m t trong phn ny u vn dng mt thiu st v bo mt ca winNT l cho php cc ngi dng nc danh( anonymous user ) kt ni v im danh mt s ti nguyn nht nh m khng cn s "cho php" . Ch yu ny c bit n vi ci tn "Red Button"( hiii, chc l nt login hay submit qu ), tuyn ni phin lm vic rng hay ng nhp nc danh.....v n vn l ch ng c tim nng tn ph nht trn mng m hacker tm kim. Ti nh c mt bi vit lu truyn kh rng ri trn mng vi tiu rt "gh" l " hng dn deface mt trang web" trong hng dn cch d tm ch yu anonymous user v khai thc n ! thc hin mt tuyn ni phin lm vic rng, ta dng c php:C:\> net use \\IP\IPC$ ''''''' /user:'''''C php trn ni "phn dng chung" truyn thng tin x l n (IPC$) ti a ch IP m ta cung cp di dng ngi dng nc danh l [user:''''] v mt mt hiu rng [''''''']. Nu thnh cng, ta c th c mt lnh m s dng nhng k thut khc nhau nhm "thu gom" cng nhiu thng tin cng tt : thng tin mng , cc phn dng chung, cc ngi dng , cc nhm , cc kha Registry..... Phng php chng NT ton cc s c nu trong "basic security" ca fantomas311 - mi bn n xem

*** Cc phn dng chung NetBIOS ***

Sau khi thit lp mt phin lm vic rng, ta cng c th dng li lnh net view im danh cc phn dng chung trn h thng t xa.Ba cng c im danh cc phn dng chung khc trong NTRK l rmtshare , srvcheck v srvinfoMt trong cc cng c thch hp nht im danh cc tp dng chung NT( v cc ni dung khc l Dump ACL .Download free ti http://38.15.19.115 Dump ACL kim ton mi th, t giy php h tp tin n cc dch v sn dng trn cc h thng t xa. Thm ch n cn c th ly thng tin ngi dng c bn qua mt tuyn ni rng v hi, v c th chy t dng lnh, to thun li cho vic lp k m v t ng ha.Vic m cc tuyn ni rng v dng cc cng c trn y theo th cng l mt phng php tuyt vi cho cc cuc tn cng c nh hng, nhng hu ht cc hacker thng s dng mt b qut NetBIOS nhanh chng kim tra nguyn c mng tm cc tp dng chung phi by. Mt trong cc cng c ph dng l Legion ( c th tm thy trn nhiu kho tng tr internet ). Legion c th nghin ngm qua mt mng IP Class C v tit l tt c cc tp dng chung sn dng trong giao din ha ca n. Phin bn 2.1 c gp mt "cng c cng bc", cng c ny s c gng ni kt vi mt tp dng chung nht nh thng qua mt danh sch cc mt hiu do ngi dng cung cp. Cch b kha cng bc i vi Win9x v WinNT s c nu c th cc phn sauMt b qut tp dng chung windows ph dng khc l NetBIOS Auditing Tool (NAT) c th tm thy trn cc kho tng tr internet

****Cc kiu im danh NT khc ****

Ngoi ra cn c mt s b im danh thng tin mng NT khc nh : epdump ca Microsoft ( http://www.ntshop.net/security/tools/def.htm ), getmac v netdom trong NTRK v netviewx ( http://www.ibt.ku.dk/jesper/NTtools/ ) epdump truy vn b nh x im cui RPC v nu cc dch v kt gn vi cc a ch IP v cc s hiu cng. Dng phin lm vic rng, get mac hin th cc a ch MAC v cc thit b ca cc card giao tip mng trn cc my t xa. iu ny cung cp cc thng tin hu ch gip hacker nh hnh mt h thng c nhiu giao din trn mng . netdom cn hu ch hn im danh cc thng tin chnh v cc domain NT trn tuyn, bao gm t cch thnh vin domain v cc danh xng ca Backup Domain Controllers . netviewx thng c dng d tm NT Remote Access Services ( RAS ) thu c khi nim v s lng cc h phc v quay s tn ti trn mngCui cng, qu tht ng trch nu khng cp n SNMP ( Simple Network Management Protocol ) nh mt ngun thng tin NT tuyt vi.SNMP s c cp chi tit hn trong phn tip theo: k thut im danh ngi dng ( user ) trong WinNT

+++ im danh ngi dng v nhm ( user and group ) trong WinNT

Trc khi cp n im danh ngi dng nh th no , hy ni n cng c cn dng cho k thut ny .Sau khi nh danh mt danh sch user , hacker c th s dng cc cng c on pass t ng ( brute force ). Cng nh trng hp ca cc tp dng chung, cc my NT config sai d dng phun ra cc thng tin userMt ln na, ta s dng tuyn ni rng cung cp kh nng truy cp ban u chy cc cng c hacking bit . cch u tin v n gin nht nh danh cc user trn mt h thng windows t xa l dng lnh nbstat

C:\> nbstat -A [IP]

K thut ny cho ta ni dung bng tn NetBIOS ca h thng t xa, nu tn h thng, domai m n ang trong , v nhng user ng nhp .C vi cng c NTRK khc c th cung cp thng tin v cc user ( d c tuyn ni rng hay khng ) chng hn nh cc trnh tin ch usrstat , showgrps, local, global nhng cng c thng dng ly thng tin ca user nht vn l DumpACL. DumpACL c th ko mt danh sch cc ngi dng, cc nhm, v cc quyn user ca h thng NT.Ngoi ra, hai cng c im danh NT khc cng kh mnh l user2sid v sid2user ca Evgenii Rudnyi ( xem http://www.chem.msu.sn:8080~rudnyi/NT/sid.txt ) mun s dng tt hai cng c ny cn phi c thi gian tm hiu. Ti ch c th ni l n c th lm vic ngay c khi cc qun tr mng kch hot RestrictAnonymous , ch cn c th truy cp port 139 !

****SNMP (Simple Network Management Protocol )****

Mt h thng NT ang chy cc tc nhn NT SNMP c th truy cp bng cc chui cng ng ngm nh nh "public".Vic im danh cc user NT thng qua SNMP l mt iu d dng khi dng trnh duyt SNMP snmputil trong NTRK.Tuy nhin, cng c ny li cung cp rt nhiu s liu c coi l "lng bng, kh nh, kh hiu".Do , trnh rc ri ( hacking c qu nhiu rc ri phi gii quyt ri !!!) bn c th s dng trnh duyt SNMP ca solar wind tn l IP network browser ti http://solarwinds.net . Trn y l phn trnh by ca fantomas311 v im danh WinNT , tip theo l im danh vi Novell

********* NOVELL *********

Tuy ni WinNT l bn ca cc "phin lm vic rng" nhng netware ca Novell cng gp s c tng t :

+++ Network Neighborhood :Dng Network Neighborhood tm hiu v cc h phc v v cc "cy" sn dng trn ng truyn .Bc ny khng e da trc tip thng tin, n ch nh mt bc khi ng n gin m thi, lm c g th hay ci ny !!

+++ Cc tuyn ni Novell Client32

Chng trnh Netware Services ca Novell chy trong khay h thng v cho php qun l cc tuyn ni Netware ca bn thng qua ty chn Netware Connections kh nng ny c th cc k qu gi trong vic qun l cc gn kt v cc t ng nhp .Tuy nhin, quan trng hn l sau khi to mt mi gn kt (attachment ), bn c th truy lc cy NDS cha h phc v, s hiu tuyn ni, v a ch mng hon chnh.iu ny c th hu ch cho vic ni vi h phc v v sau v ginh quyn u tin cp iu hnh (admin)

+++On-site Admin : Xem cc h phc v Novell

Nu khng c tin trnh thm nh quyn theo mt h phc v n l, bn c th dng sn phm On-site Admin ca Novell ( ftp://ftp.cdrom.com ) xem tnh trng ca mi h phc v trn ng truyn.Thay v gi cc yu cu qung b ring, On-Site Admin dng nh hin th cc h phc v c Network Neighborhood lp cache, gi cc t qung b nh k ring v cc h phc v Novell trn mng

+++On-site Admin duyt cy :

Ta c th duyt hu ht cc cy Novell bng On-site Admin. Trong trng hp ny , Client32 thc t gn kt vi h phc v la bn trong cy. L do l theo ngm nh, Netware 4.x cho php mi ngi duyt cy.Bn c th gim thiu iu ny bng cch b sung tnh nng lc cc quyn tha k vo gc cy. Nhng thng tin thu c quan On-Site Admin c th gip ta chuyn sang cuc t nhp h thng ch ng. im danh NT kt thc y !!!!

******* UNIX *******

Hu ht cc thc th Unix hin i u da trn cc tnh nng ni mng TCP/IP chun v do khng d g cng khai thng tin thoi mi nh NT thng qua cc giao din NetBIOS hoc NetWare .Tt nhin, iu khng c ngha l Unix khng b cc k thut im danh tn cng, nhng k thut no s cho ra cc kt qu tt nht ??? iu cn ty thuc vo cch cu hnh h thng. V d nh Remote Procedure Call (RPC) , Network Information System (NIS) v Network File System (NFS) ca Sun Microsystem nhm n trong nhiu nm qua. Ta s cp n mt s k thut c in ngay sau y.Trc khi i tip, bn nn nh rng hu ht cc k thut m t trong part III ny u dng cc thng tin thu thp c t cc k t qut cng v k thut im danh OS nu trong "basic hacking Part I v II"+++im danh tp dng chung v ti nguyn mng UnixNgun thng tin mng Unix tt nht l nhng k thut TCP/IP m t trong Part II, nhng mt cng c tuyt vi hn o su chnh l trnh tin ch Unix showmount rt hu ch trong vic im danh cc h tp tin xut khu NFS trn mt mng. V d : gi s mt t qut trc cho bit cng 2049 (NFS) ang lng ch trn mt ch tim nng . Nh vy, ta c th dng showmount xem mt cch chnh xc cc th mc ang c share ra sao :

showmount -e 192.168.202.34export list for 192.168.202.34/pub (everyone)/var (everyone)/usr (user)

Kha chuyn -e nu danh sch xut khu ca h phc v NFS, ng tic cho cc nh bo mt ,v mng cho hacker l l r r thng tin ny khng th n bt kn c , bi y l cch ng x ngm nh ca NFSNFS khng l phn mm chia s tp tin duy nht m bn tm thy trn Unix , nh tnh ph dng ngy cng tng ca b phn mm sampa ngun m, cung cp cc dch v tp tin v in tri chy cho cc h khch SMB (Server Message Block )to thnh nn mng ca tnh nng ni mng windows .Samba c th download ti http://samba.org v c phn phi cng vi nhiu b Linux.Mc d tp tin cu hnh h phc v Samba (/etc/smb.conf) c mt s tham s bo mt d hiu, vic cu hnh sai vn c th dn n cc tp tin dng chung mng khng c bo v.Mt ngun tim nng khc v thng tin mng ca Unix l NIS.S c chnh vi NIS l mt khi bit c tn domain NIS ca mt h phc v, bn c th dng mt t truy vn RPC n gin thu thp bt k bn nh x NIS no ca n. Cc bn nh x NIS l nhng php nh x phn phi thng tin quan trng ca tng h ch domain chng hn nh ni dung tp tin passwd . Kiu tn cng NIS truyn thng thng dng cc cng c khch NIS c gng on tn domain.Ngoi ra, cn mt s cng c khai thc cng kh hu ch l psean v snmpwalk+++im danh ngi dng v cc nhm Unix :K thut ny khng thu c nhng thng tin tht qu gi, n ch c th cho bn bit user no l root trong h phc v ch. Cng c : finger , rusers , rwho

****** Basic hacking Part III tm dng y, sau ba bc c bn, bn c kh nhiu thng tin v cng c, khai thc c th s hng dn sau .... Hy vng qua ba bi vit, fantomas311 em li cho bn khi nim c bn v hacking ! Chc vui ! Mi chi tit v bi vit xin lin h [email protected] *

KY NANG CO BAN CUA MOT HACKER

Bi hc ny c chia lm 2 phn chnh, vi mc ch l gii thiu cho cc bn hiu mt s cch thc m hacker s dng thm nhp vo h thng v mt s phng php c th p dng t bo v bn. Bi hc ny cng khng c nh hng bn n mt ci nhn xu v hnh vi ca hacker m mc ch l gip bn hiu r hn v vn an ton bo mt. C th nh sau: 1- Cc hacker lm nh th no, ng c thc y h v cc phng php thng dng 2- Mt s bin php t bo v, bt u t vic thit k, xy dng ngi nh ca bn n vic nh gi, tm hiu r hn v cc qu trnh nhn dng xm nhp, t bo v... Chng ta s i tng bc mt. y ti s c gng tm lc m ko i qu su vo chi tit nhm to bi hc sng sa d hiu, nu c kin thc mc, cc bn hy post ln sau mi ngi s cng trao i gii quyt. I. PHA HACKERS 1- Mc ch v ng c ca hackers: - t mc ch g lin quan n tin bc, nh thay i thng tin v ti khon trong ngn hng, chuyn tin, trm credit card... - Gii tr khi rnh ri, th tay ngh, chng t kh nng , kim tra mc bo mt... - Lm yu i hoc gim kh nng chng c ca cc h thng trn mng, gip d dng cho vic xm nhp khai thc theo mc ch no khc... - Tn dng cc ti nguyn trn mng nh *a cng, tc CPU, dung lng ng truyn mng...Hacker c th li dng s h ca 1 server chim mt vng ko gian *a free trn n cha d liu ca mnh, hoc li dng tc CPU v bandwidth ca cc server (thng rt nhanh) lm vo vic khc nh tnh ton..., thm ch dng Dos cc server khc... T nhng mc ch trn, bn cn hiu r bn thn h thng bn ang kim sot. C nhng vn t ra nh sau: - Bn ang nm gi v bo v ci g, mc quan trng ca chng? - Cch thc no ngi ta c th tm cch tn cng, trm thng tin hay thm ch ph hy thng tin ca bn? - Mc kh m hacker s gp phi, h thnh cng n mc no? - Mc nh hng nghim trng th no nu hacker thnh cng? Vic hiu r v nh gi ng chnh mnh cng nh kh nng ca i phng c th gip bn hn ch ti a kh nng b tn cng. C mt iu bn phi hiu n nh mt yu t khch quan, tt yu l "Mi h thng phc tp sm mun cng s gp rc ri", v n gin l cc h thng cho bn tay v tr tu con ngi to ra, m con ngi th khng ai hon ho c. Nu bn ch s bit trong thi gian va qua, cc h thng c xem vo hng i gia trn net u tng c ving thm, nh Microsoft, Oracle, eBay, NASA, CIA, cc c quan lin bang USA, cc h thng ngn hng ln trn th gii...Security lin tc c ci thin, v bn cnh th li, l hng cng ko ngng c pht hin. 2- Mt s cch thc hacker dng xm nhp V c bn, c th tin hnh thm nhp vo h thng, cc hacker thng phi qua nhng bc sau. Lu cc bc ti trnh by y khng bt buc phi c thc hin tun t m ty vo iu kin v ng cnh p dng cho thch hp. Cc cng c trnh by y cc bn cn tm hiu cch s dng, ti s khng trnh by chi tit. a. Xc nh mc tiu - Footprinting Bc ny tng i n gin. Tuy nhin i vi hacker tht s mun tm cch thm nhp vo 1 h thng th bc ny rt cn thit. Cng thu thp c nhiu thng tin lin quan n mc tiu cng tt. V d nh mun thm nhp trang web ca 1 cng ty no , iu u tin cc hacker thng dng l xc nh host, domain (nu l website); dng cc cng c nh WhoIS, Ping, ICMP (nMap, Fping).. tm hiu cc thng tin lin quan n host/domain nh v tr, cc Domain Name Records..V d t domain name, ta c th ping bit c n host u vi IP c th l g...; hoc tm hiu cu trc mng ca i phng s dng cc phng php routing (traceroute) v SNMP data. K n l do quanh web site, tm hiu cu trc website, tm cch download source code (bng cc trnh nh Teleport Pro, Intellitamper..), v t c th bit c cc thng tin m ngi ch c tnh hoc v tnh h nh tn lin lc, emails, s in thoi, cc thng tin lin quan n bo mt (nh c ch an ton, ngn ng lp trnh..); cc lin kt lin quan n website... Vic do v xem cu trc website i khi s cho ta ci nhn tng quan v bo mt ca site , nu may mn ta c th tm c li (thng l li lp trnh, li thit lp access right/chmod cha ng..) trn cc webpage, lin kt. Cc search engine nh Google, AltaVista...cng c th tr thnh cng c rt hu ch trong qu trnh ny. V d search trn Google tm cc trang dng asp, c trang qun l ca admin v gii hn cc site VitNam, ta c th search theo t kha: "/admin/ asp site:.com.vn" hoc "admin.asp login.asp site:.com.vn" ..V d search trn AltaVista tm cc link lin quan n site http://www.hcm.fpt.vn/, ta c th dng t kha "link:www.hcm.fpt.vn AND anydata" y l mt v d in hnh v kt qu t c khi tm hiu v website: Ln do u tin qua site ny iu u tin nhn thy l h dng ASP thit k. Tuy nhin ti cha vi quan tm n vic tm li lin quan n n m ch n mc Hi vin v ng nhp hi vin, y l vng ring ca cc member tham gia webiste. C th l ti , iu ti hay lm l th download cu trc website dng Intellitamper. Kt qu sau khi download ca IT l rt nhiu file asp, y ti quan tm n th mc /hoivien/ v trang ng nhp nm th mc ny. Trong th mc ny kt qu cho thy c 6 file asp, trong c file hvshow.asp lm ti quan tm. Ti chy th n trn browser , kt qu cho thy bn cnh thng bo ng k l thng tin ca hi vin th 1 vi login name l yesco, tn l DuongMinh v 1 s thng tin khc. Ngh n vic on password, ti quay tr li trang login lc ny v th ng nhp vo vi login name l yesco, pass l duongminh. Khng thnh cng! pass l duong Cng fail! pass l minh! Thnh cng! Bn l Hi vin Vng...Sau ti xem qua 1 cht v cn thn logout. V d ny ti a ra vi mc ch gip cc bn hiu 1 trong cc bc c bn u tin trong qu trnh hacking. Hy vng cc bn khi th thnh cng khng nn lm nh hng n d liu ca ngi khc. b. Thu thp thng tin v mc tiu - Scanning, Enumeration Bc ny tht ra tng t bc u tin (Footprinting) nhng mc chi tit v nng cao hn. - Tm hiu cc dch v (services) c dng trn h thng i phng, d/qut cc cng (port) tm kim cng h, xc nh dch v dng cho cng ny. Mt s cng c thng c dng nh: Nmap (www.insecure.org/nmap) Netcat Strobe (packetstorm.security.com) ISS (http://www.iss.net/) Cc trnh duyt cng h v cc ti nguyn chia x (share) khc dng cho Windows nh Superscan, Sechole, Redbutton, Net Essential... Qu trnh duyt cng c th cho ta bit c cc dch v web no c s dng mc tiu. V d nh cc cng TCP: 139, 135 (NETBIOS), 110 (pop3), 80 (HTTP), 79 (Finger), 53 (domain), 25 (smtp), 21 (ftp)...Thm ch c h iu hnh v webserver c s dng mc tiu. V d vi netcat, ta dng lnh sau: nc -v -z 203.162.1.1 1-255 Vi nmap, ta dng: nmap -sS 203.162.1.1/255 hay nmap -p80 -O 203.162.1.10 Cc bn t tm hiu cch s dng cc tool khc. Lu cc cu lnh v d y ch mang tnh cht tham kho. - Tm hiu cc li/l hng bo mt m mc tiu c th mc phi. Ta c th tm thng tin t cc website sau: http://www.securityfocus.com/ http://www.l0pht.com/ www.microsoft.com/security packetstorm.security.com Hoc c th ng k cc mailing list c th nhn c cc thng tin v security cp nhp nht: Buqtraq (http://www.securityfocus.com/) NTBugTraq (http://www.ntbugtraq.com/) Pen-Test (http://www.securityfocus.com/) c. Tin hnh tn cng - Khai thc im yu ca h thng, h iu hnh . Th tm cch truy xut n cc dch v ca h thng da trn hoc c lin quan n cc li bo mt . Tm hiu cc thng tin v li bo mt t cc nh sn xut h thng, tm hiu cc thng tin patch/update tng ng vi version bn ang nghin cu - Khai thc im yu ca cc ng dng dng trn my ch - server . Mt s ng dng server c th c li nh Microsoft IIS, Netscape Enterprise Server, Oracle, Apache... - Khai thc im yu ca cc ng dng client . Tm hiu cc li v /cgi-bin, cc li v trn b m . Tm hiu cc li v javascript . Tm hiu cc li v cookies . Tm hiu cc thit lp mc nh ca cc ng dng web, vd nh mt khu admin ngm nh ca mt s forum... - Leo thang c quyn (Escalate Privileges), ti ch m t mt s cch c th t c mc ch . Theo di trn mng (sniff) tm cch ly cc thng tin bo mt ca ngi dng, vd nh dng cc cng c bt gi tin (packet sniffer) bt cc thng tin lin quan n mt khu di chuyn trn mng... . Tm cch ly cc SUID t cc chng trnh qun l nhng kh nng kim tra cc gi tr nhp vo hoc cc gi tr bin km. . Tm hiu cc user (user ID) ko c mt khu, mt khu rng, hoc cc mt khu ngm nh . Tm kim cc thng tin v mt khu trong cc file trn h thng, dng cc cng c crack pass nu cc file password c m ho . Tm hiu k mi quan h gia cc my trong h thng mun thm nhp, d cc s h v tm cch khai thc lan rng ra khp h thng. Nh vy, leo thang c quyn l tm cch nng cao quyn hn ca mnh trong h thng. Vi d t user Guest hay Normal user trong h thng, hacker c th tm hiu cc s h t b sung thm quyn hn cho mnh, thm ch ot quyn admin. Mt v d in hnh ca leo thang c quyn trong qu trnh khai thc li ca Hosting Controller, khi upload 1 exploit script ln 1 normal host, nu sau ta tm cch chuyn script vo th mc admin ca HC th khi run n s c quyn admin. - M rng khai thc ra cc h thng ln cn; xc nh cc mc tiu k tip bt ngun hoc c lin quan n mc tiu ban u . Dng netstat -na tm hiu cc connection n cc my khc . Th kh nng t mt my trong mng, kt ni n my khc c trust-relationship, nu may mn th c th thm nhp c m ko phi qua cc qu trnh kim tra gt gao . Tm hiu cc file c trn h thng, chng hn nh cc file trong *nix /etc/hosts, ssh/identity.pub ... - Cc bc khc ty kh nng ca bn. d. Xa du vt (xa log files..), t hn c th l ph hy thng tin ca h thng 3- Cc mc tiu v phng php hay dng hin nay a. Cc mc tiu thung b tn cng - Unix v cc bin th t n: Linux, FreeBSD, Solaris, SCO.. - Cc h thng Windows NT, 2k, XP, 9x... - Cc dch v v my ch WWW - Cc ng dng web, forum... - Trm mt khu ca cc dch v web nh cc web e-mail, instant messenger... b. Cc kiu tn cng thng dng - Tn cng lm ngp ng truyn mng (flood), tn cng t chi dch v (Distributed Denial of Service) - Tn cng dng local - cc b - Tn cng remote - t xa - Tn cng dng iu khin d liu - data driven By gi ti s phn tch chi tit hn v cc kiu tn cng trn. b.1 Tn cng t chi dch v (DoS) - Feature driven SYN flooding - Inappropriate configurations SMURF - Programming flaws Teardrop - Distributed DoS: DoS tp th 1 mc tiu t nhiu hng, nhiu my ....(S bin son v b sung sau) b.2 Tn cng dng local - host based - Khai thc cc li trn b m Cch hn ch: Qun l tt b nh, stack; cp nht cc bn sa li; lp trnh k cng v tt hn. - Khai thc cc im yu trong vic kim tra iu kin thc thi ca cc ng dng Cch hn ch: Lp trnh k v tt hn - Dng trojan, backdoor, virus... Cch hn ch: Kim tra k cng cc chng trnh l trc khi thc hin, s dng cc trnh dit virus thng dng v thng xuyn cp nht - Crack password Cch hn ch: Dng cc k thut m ha cao hn, hn ch s ln th mt khu cc login form - ng nhp vo h thng kiu vt l bng cch khi ng t *a mm hoc mt h iu hnh song song khc Cch hn ch: Tng cng cc bin php bo v cc thit b b.3 Tn cng dng remote - network based - Khai thc cc li trn b m Cch hn ch: Tng t nh local - Tn cng nhim c tn min (DNS Cache poisoning) Cch hn ch: Dng cache timeout, DNSSEC, Non-Caching Servers - Tn cng vo li/l hng ca website. Cch hn ch: Cp nht cc bn sa li mi nht, thit lp cu hnh chnh xc, iu chnh cc quyn hn, thit k v vit m website tt. - Khai thc cc tn ng nhp, mt khu yu; tc l cc mt khu ngm nh, qu ngn, d on; hoc cc dng ng nhp c c ch kim tra s h, ko kim tra s ln th password...lm d crack bng dictionary, bruteforce... Cch hn ch: Tng cng kim tra s ln th password (vd s ko cho tip tc ng nhp nu s ln nhp sai password qu 5 ln..), gii hn chiu di password ti thiu, tng cng m ha bng cc gii thut tt... - Khai thc t cc thng tin chia s (sharing) nh SMB/NetBIOS, NFS Cch hn ch: gii gin quyn hoc tt share, nng cp h thng file c kh nng bo mt cao hn nh NTFS, HPFS... b.4 Tn cng dng iu khin d liu - data driven - Khai thc s h ca cc i tng d liu dng pha server, cc m Java, Javascript, VBScript, Perl, PHP..., cc ActiveX control. - Dng ca sau (backdoor), trojan, virus Vi thng tin v cc backdoor: Unix: sshd Windows: BackOffice 2k, DeepThroat (cng UDP 2140, 3150), NetSphere (TCP 30100, 30102), GateCrasher (TCP 6969), GirlFriend (TCP 21554), Hack'a'Tack (TCP 31785; UDP 31789, 31791), EvilFTP (TCP 23456), SubSeven (TCP 1234) - Khai thc s h t cc cng dch v, cc giao thc cu hnh sai hoc c c ch bo mt yu. Cch hn ch chung dng ny: Cp nht cc bn sa li, fix li; thit lp cu hnh chnh xc; dng tng la (firewall, proxy), cc trnh antivirus. II. PHA NHNG NH QUN TR H THNG Chng ta s cp n mt s phng php c th gip ch cho nhng nh qun tr trong vic hn ch v ngn chn s tn cng ca hacker 1- Thit k tt h thng - Design Mt trong nhng nguyn nhn ch yu gip hacker thnh cng trong vic hack vo cc h thng l do bn thn s yu km trong vic thit k h thng ca nhng nh qun tr. Mt h thng c gi l tt phi l mt s phi hp ng nht v hiu qu ca cc thit b phn cng (ng truyn mng, router, server...) v phn mm (OS, software...). Phn cng phi c la chn ph hp; b tr, ci t hp l v c bo v cn thn. Phn mm ci t v thit cu hnh chnh xc, cp nht thng xuyn cc bn sa li. Mt iu quan trng l chng phi c qun l bi ngi c kin thc v kinh nghim. Mt s vn ta cn quan tm y: - Tng la - Phn chia, b tr mng - Kim tra thng xuyn cc n lc thm nhp 2- Kim tra k lng h thng - Quality Assurance3- Theo di cc hnh vi tn cng - Intrusion Detection 4- Cc chnh sch bo mt v kt lun chung - Security Policies W-HatGii thiu ve FTP

FTP l ch vit tc ca File Transfer Protocol - Giao thc truyn file. FTP l mt giao thc truyn file trn mng da trn chun TCP nn rt ng tin cy!

Mt s lnh ph bin ca FTP

Sau y l danh sch mt s lnh thng dng km theo hng dn m bn cn bit!ascii chuyn sang ch truyn file theo dng vn bnbinary chuyn sang ch truyn file theo dng nh phncd [directory] chuyn vo th mc directorycdup chuyn ln th mc cp trn mt cpclose ngt kt ni vi my chdel [remote-file] xa 1 file trn my chdir [remote-directory|file] lit k ni dung ca th mc hoc danh sch cc file trn my chhelp [command] cho bit hng dn v lnh commandlcd [local-directory] t li th mc lm vic trn client l local-directoryls [remote-directory|file] [-la] lit k ni dung ca th mc hoc danh sch cc file trn my ch; tham s -la s lit k tt c c km theo m t v quynmdelete [remote-files] xa nhiu file trn my chmget [remote-files] download cc files trn my ch vmkdir to th mc c tn directory-namemput [local-files] upload cc files ln my chopen host [port] kt ni n my ch FTP c hostname l host v ang chy dch v FTP cng portput [remote-file] upload local-file ln my ch vi tn mi l remote-file nu cpwd cho bit th mc ang lm vic hin thiquit thotrecv [local-file] nhn remote-file trn my ch v lu trn my tnh vi tn local-file nu crename [from] [to] i tn file hoc th mc from thnh tormdir directory-name xa th mc c tn directory-namesend local-file [remote-file] gi local-file t my tnh ln my ch vi tn mi l remote-file nu cstatus cho bit trng thi ca phin lm vic hin tisyst cho bit h iu hnh ca my chuser user-name [password] [account] login vo vi tn l user-name, mt khu l password, ti khon l account? gi hng dn

Cc v d

d hiu, cc bn hy xem cc v d sau:(ti s dng cc ny upload my file ln website , khng cn dng cc chng trnh FTP mnh nh WS_FTP Pro, FTPNet, CuteFTP, AbsoluteFTP, ...!) Ti lu trang web cn ti ln server trong c:\website! By gi ti s ti n ln!

C:\website>ftp myftpsrv // kt ni n my ch myftpsrvConnected to myftpsrv.User (ftpsrv:(none)): dt331 User name okay, need password.Password:230 User logged in, proceed.ftp> pwd // cho bit th mc hin ti ang lm vic!257 "/home/dt" is current directory.ftp> status // xem trng thi hin tiType: ascii; Verbose: On ; Bell: Off ; Prompting: On ; Globbing: OnDebugging: Off ; Hash mark printing: Off . // ascii=1ftp> cd www // chuyn vo th mc www250 Directory changed to /home/dt/wwwftp> put index.html // upload file index.html ln server200 PORT Command successful.150 Opening ASCII mode data connection for index.html.226 Transfer complete.ftp: 2095 bytes sent in 0.00Seconds 2095000.00Kbytes/sec.ftp> mkdir tools // to th mc /home/dt/www/tools257 "/home/dt/www/tools" directory created.ftp> cd tools // chuyn vo th mc tools250 Directory changed to /home/dt/www/toolsftp> lcd c:\website\tools // thay i li local directory = c:\website\toolsLocal directory now C:\website\tools.ftp> bin // chuyn sang ch truyn file nh phn200 Type set to I.ftp> mput *.* // upload tt c cc file trong c:\website\tools ln server, vo /home/www/tools/mput test.zip? y200 PORT Command successful.150 Opening BINARY mode data connection for test.zip.226 Transfer complete.ftp: 10168 bytes sent in 0.06Seconds 169.47Kbytes/sec.mput test.exe? y200 PORT Command successful.150 Opening BINARY mode data connection for test.exe.226 Transfer complete.ftp: 54625 bytes sent in 0.11Seconds 496.59Kbytes/sec.ftp> ls -la // lit k ni dung ca /home/www/tools200 PORT Command successful.150 Opening ASCII mode data connection for /bin/ls.drwxr--r-- 1 dt group 0 Sep 30 14:13 .drwxr--r-- 1 dt group 0 Sep 30 14:13 ..-rwxr--r-- 1 dt group 54625 Sep 30 14:14 test.exe-rwxr--r-- 1 dt group 10168 Sep 30 14:14 test.zip226 Transfer complete.ftp: 247 bytes received in 0.00Seconds 247000.00Kbytes/sec.ftp> del test.exe // ti l tay upload ln file test.exe, by gi ti cn phi xa n250 DELE command successful.ftp> cd .. // chuyn ln th mc cp trn250 Directory changed to /home/dt/wwwftp> mkdir cgi-bin2 // to th mc mi257 "/home/dt/www/cgi-bin2" directory created.ftp> rename cgi-bin2 cgi-bin // ti nhp vo sai mt ri, by gi phi i tn li thi!350 File or directory exists, ready for destination name250 RNTO command successful.ftp> cd cgi-bin // chuyn vo th mc cgi-bin250 Directory changed to /home/dt/www/cgi-binftp> lcd c:\website\cgi-bin // t li local directory!Local directory now C:\website\cgi-bin.ftp> ascii // chuyn sang ch truyn file vn bn v ti cn upload mt s file .cgi + .pl200 Type set to A.ftp> put test.cgi // upload file test.cgi200 PORT Command successful.150 Opening ASCII mode data connection for test.cgi.226 Transfer complete.ftp: 222 bytes sent in 0.00Seconds 222000.00Kbytes/sec.ftp> ls -la // xem ni dung ca /home/www/cgi-bin200 PORT Command successful.150 Opening ASCII mode data connection for /bin/ls.drwxr--r-- 1 dt group 0 Sep 30 14:16 .drwxr--r-- 1 dt group 0 Sep 30 14:16 ..-rwxr--r-- 1 dt group 222 Sep 30 14:17 test.cgi226 Transfer complete.ftp: 182 bytes received in 0.00Seconds 182000.00Kbytes/sec.ftp> site chmod 755 test.cgi // t quyn 755(wrxx-xr-x) cho file test.cgiftp> ls -la // ti lit k li th mc cgi mt ln na200 PORT Command successful.150 Opening ASCII mode data connection for /bin/ls.drwxr-xr-x 1 dt group 0 Sep 30 14:16 .drwxr-xr-x 1 dt group 0 Sep 30 14:16 ..-rwxr-xr-x 1 dt group 222 Sep 30 14:17 test.cgi226 Transfer complete.ftp: 182 bytes received in 0.00Seconds 182000.00Kbytes/sec.ftp> bye // tt c xong, by gi ti c th ngt kt ni c ri!221 Goodbye!

C:\website>Ni thm v FTP

Lm th no kt ni vi mt my ch FTP qua mt proxy-server, chng hn nh Wingate? Ch cn ftp n proxy-server ny v g vo nh dng sau, user@host[:port]. V d my ti ang chy Wingate-FTP cng 21 v Serv-U FTP-Server v2.5i cng 2121, ti c th kt ni n Serv-U FTP-Server v2.5i qua Wingate-FTP nh sau:

CODE

C:\>ftp localhostConnected to dt.220 WinGate Engine FTP Gateway readyUser (dt:(none)): dt@localhost:2121331 User name okay, need password.Password:230 User logged in, proceed.ftp>

Hack vi FTP

i khi FTP cng cho bit mt s thng tin rt quan trng! Bn d dng on c h iu hnh ca my ch FTP! Hy xem cc v d sau:

CODE

C:\>ftp localhostConnected to dt.220 dt Microsoft FTP Service (Version 1.0).User (dt:(none)): anonymous331 Anonymous access allowed, send identity (e-mail name) as password.Password:230-Windows 95 FTP Service.230 Anonymous user logged in as anonymous.

Yeah! Chc n l server ny l PWS chy trn Windows!

Nu nh admin v hiu ha dng qung co trn th sao!? Vn cn cch khc! Bn login vo v pht lnh syst nh sau:

CODE

ftp> literal syst215 Windows_NT version 4.10

Hnh nh h iu hnh ca my ch l Win9.x hoc WinNT th phi!(Nu bn ang chy Linux* th ch cn g syst).

CHMOD l g ??? ( Nh c ht nh )

CHMOD inh nghia n gian chinh la cum t vit tt cua Change Mode - Mt lnh c bit chi dung trn cac may chu h Unix (Linux, Solaris, True64...) dung thay i quyn lc cua mt ngi bt ky i vi mt tp tin, th muc bt ky trn mt website cu th. Bng cach thay i chmod, ban ng thi gan mt quyn lc cho mt ngi nao o i vi cac tp tin, th muc trong cu truc website cua ban.

Gia tri chmod lun c biu thi bng mt cum gm 3 ch s (***) ai din cho 3 ngi gm: User (Owner - Chu s hu) - Group (Nhom cng tac) - Other (Guest - Tt ca moi ngi con lai) va gm cac gia tri gm 1 (Execute - Thc thi), 2 (Write - Ghi), 4 (Read - oc)

Vi du 1: chmod: 124 >>> Chu s hu : 1 - Nhom cng tac : 2 - Moi ngi : 4

Chu s hu co quyn goi thc thi tp tin, th muc Nhom cng tac co quyn ghi ni dung vao tp tin, th muc Moi ngi co quyn xem ni dung tp tin, th muc

Vi du 2: chmod: 412 >>> Chu s hu : 4 - Nhom cng tac : 1 - Moi ngi : 2

Chu s hu co quyn xem ni dung tp tin, th muc Nhom cng tac co quyn goi thc thi tp tin, th muc Moi ngi co quyn ghi ni dung vao tp tin, th muc

CHMOD 644, 666, 755, 777 la nh th nao?

Nh trn a trinh bay, cac gia tri chmod lun la 1, 2, 4. iu nay ng nghia vi vic nu ban mun cp nhiu quyn lc hn cho mt ngi bt ky i vi tp tin, th muc cua ban, ban se phai cng cac s lai vi nhau. Kt qua ta se co cac gia tri:

1 = Quyn goi thc thi 2 = Quyn ghi ni dung 3 = 1 + 2 = Quyn goi thc thi + Quyn ghi ni dung 4 = Quyn xem ni dung 5 = 4 + 1 = Quyn xem ni dung + Quyn goi thc thi 6 = 4 + 2 = Quyn xem ni dung + Quyn ghi ni dung 7 = 4 + 2 + 1 = Quyn xem ni dung + Quyn ghi ni dung + Quyn goi thc thi

Nh vy, khi ban co gia tri 7, quyn lc cua ban se la tuyt i i vi tp tin, th muc o. Va ngc lai, khi ban co gia tri 1, ban se co quyn lc thp nht.

Va cung nh trn a noi, chmod khng ng ring le ma lun i thanh cum 3 ch s biu thi cho quyn lc cua User - Group - Other. Kt qua ta co cac gia tri:

111, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 131, 132, 133, 134, 135, 136, 137, 141, 142, 143, 144, 145, 146, 147, 151, 152, 153, 154, 155, 156, 157, 161, 162, 163, 164, 165, 166, 167, 171, 172, 173, 174, 175, 176, 177, 211, 212, 213, 214, 215, 216, 217, 221, 222, 223, 224, 225, 226, 227, 231, 232, 233, 234, 235, 236, 237, 241, 242, 243, 244, 245, 246, 247, 251, 252, 253, 254, 255, 256, 257, 261, 262, 263, 264, 265, 266, 267, 271, 272, 273, 274, 275, 276, 277, 311, 312, 313, 314, 315, 316, 317, 321, 322, 323, 324, 325, 326, 327, 331, 332, 333, 334, 335, 336, 337, 341, 342, 343, 344, 345, 346, 347, 351, 352, 353, 354, 355, 356, 357, 361, 362, 363, 364, 365, 366, 367, 371, 372, 373, 374, 375, 376, 377, 411, 412, 413, 414, 415, 416, 417, 421, 422, 423, 424, 425, 426, 427, 431, 432, 433, 434, 435, 436, 437, 441, 442, 443, 444, 445, 446, 447, 451, 452, 453, 454, 455, 456, 457, 461, 462, 463, 464, 465, 466, 467, 471, 472, 473, 474, 475, 476, 477, 511, 512, 513, 614, 515, 516, 517, 521, 522, 523, 524, 525, 526, 527, 531, 532, 533, 534, 535, 536, 537, 541, 542, 543, 544, 545, 546, 547, 551, 552, 553, 554, 555, 556, 557,, 561, 562, 563, 564, 565, 566, 567, 571, 572, 573, 574, 575, 576, 577, 611, 612, 613, 614, 615, 616, 617, 621, 622, 623, 624, 625, 626, 627, 631, 632, 633, 634, 635, 636, 637, 641, 642, 643, 644, 645, 646, 647, 651, 652, 653, 654, 655, 656, 657, 661, 662, 663, 664, 665, 666, 667, 671, 672, 673, 674, 675, 676, 677, 711, 712, 713, 714, 715, 716, 717, 721, 722, 723, 724, 725, 726, 727, 731, 732, 733, 734, 735, 736, 737, 741, 742, 743, 744, 745, 746, 747, 751, 752, 753, 754, 755, 756, 757, 761, 762, 763, 764, 765, 766, 767, 771, 772, 773, 774, 775, 776, 777

Tt ca cac gia tri trn u la gia tri ung cho CHMOD va ng nhin ban co quyn gan cac gia tri nay ln tp tin, th muc bt ky trong cu truc website cua ban.

Theo mc inh cua ai a s cac server, sau khi ban upload file, cac file nay se c gan gia tri 644 tc User co quyn Xem, ghi ni dung, Group va Other chi co quyn xem. CHMOD 666 se cho phep moi ngi co quyn xem va ghi ni dung vao tp tin, th muc o. CHMOD 755 thng c gan cho cac chng trinh CGI (Cac file .cgi, .pl) cho phep cac chng trinh nay hoat ng. CHMOD 777 cho phep moi ngi co toan quyn trn tp tin, th muc.

Trong hu ht trng hp, tac gia cac chng trinh CGI, PHP se hng dn ban cach chmod tp tin, th muc chng trinh co th hoat ng chinh xac. Nu gp li, hay lin h vi quan tri server ni ban host website c tr giup do mi server se co th co nhng cach config khac nhau.

Lam sao gan gia tri chmod?

Mt s chng trinh quan ly file qua giao din web co tinh nng thay i CMOD. Tuy nhin, ban khng nn chmod file bng cac chng trinh nay ma thay vao o, hay chmod file qua FTP. Chng trinh quan ly file qua FTP c nghi s dung la CuteFTP Pro, hay LeapFTP. Sau khi upload file ln server, ban chi vic nhn chut phai ln tn file, chon muc Change Attributes / CHMOD va nhp cac gia tri tng ng vao trng hoc anh du chon gia tri va nhn OK.

Download phn mn LeapFTP y : http://www.leapware.com/

Documents

Hoc Lam Hacker SANGTAOTRE.com Sua Tam