¦þ¹ ¼³¾Šł
¦þ¹ ¼³¾Šł
¦þ¹ ¼³¾Šł
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Âçëîì<br />
ÕÀÊÅÐ\¹53\Ìàé\2003<br />
ÏÀÐÎËÜ "ÐÛÁÀ-SHIT"<br />
Master-lame-master<br />
ÏÀÐÎËÜ «ÐÛÁÀ-SHIT»<br />
ÐÅÀËÜÍÛÅ ÈÑÒÎÐÈÈ ÍÀØÓÌÅÂØÈÕ ÂÇËÎÌÎÂ<br />
Âñå ìû ñìîòðåëè áåññìåðòíûå ôèëüìû ïðî õàêåðîâ: Õàêåðû, Ìàòðèöà, Ïàðîëü "Ðûáà-Ìå÷" è ò.ï.<br />
 íèõ, êîíå÷íî æå, âçëîì ñåêóðíûõ ñåðâåðîâ ïðîèçâîäèëñÿ çà ñ÷èòàííûå ñåêóíäû è âñåãäà óñïåøíî.<br />
Ýòî âûçûâàëî ëèøü ãðèìàñû íà ëèöàõ ëþäåé, èìåþùèõ õîòü íåáîëüøîå ïðåäñòàâëåíèÿ î âçëîìå.<br />
Âåäü ïðîöåññ õàêà ìîæåò äëèòüñÿ íåäåëÿìè, à òî è ìåñÿöàìè, è äàëåêî íå âñåãäà óñïåøíî. Êîìó,<br />
êàê íå õàêåðàì, çíàòü, ÷òî âçëîìùèê ÷àñòî âçäðàãèâàåò îò òåëåôîííûõ çâîíêîâ è íåæäàííûõ<br />
ãîñòåé. Ïàðàíîéÿ äëÿ õàêåðîâ îáû÷íîå ÿâëåíèå, è ñ ýòèì íè÷åãî íåëüçÿ ïîäåëàòü...<br />
Íî õâàòèò î ãðóñòíîì. Âçëîì ñàì ïî ñåáå î÷åíü<br />
àçàðòíàÿ øòóêà. Îí ïîõîæ íà ýêñòðåìàëüíûé âèä<br />
ñïîðòà - â ëþáîé ìîìåíò õàêåðà ìîãóò çàñå÷ü, è<br />
âñå áåññîííûå íî÷è, ïîòðà÷åííûå íà ñáîð äàííûõ,<br />
ñêàíèðîâàíèå, âòîðæåíèå, îêàæóòñÿ íàïðàñíûìè.<br />
Íî åñëè õàêåð âñå æå âçëàìûâàåò ñåðâåð,<br />
ýòî ïîäîáíî ïîêîðåíèþ ãîðíîé âåðøèíû è ñðàâíèìî<br />
ñ ïîáåäîé â ñëîæíîì ïîåäèíêå.<br />
ÝÒÞÄ ÏÅÐÂÛÉ: ÂÇËÎÌ ÁÈËËÈÍÃÎÂÎÉ<br />
ÑÈÑÒÅÌÛ WWW.ICBILL.COM<br />
Äîñèæèâàÿ íî÷ü â ñåòè è îñîçíàâàÿ, ÷òî ïîðà ëîæèòüñÿ<br />
ñïàòü, îäèí õàêåð êðàåì ãëàçà çàìåòèë çàãàäî÷íûé<br />
ïðèâàò â IRC. Êàê îêàçàëîñü, åãî ñîáåñåäíèêó<br />
óæ î÷åíü ïðèãëÿíóëñÿ php-äâèæîê íåêîòîðîé<br />
áèëëèíãîâîé êîìïàíèè. Âçëîìùèê õîòåë<br />
áûëî çàáèòü íà åãî ïðîñüáó - äîñòàòü ýòè ñàìûå<br />
php-ñêðèïòû, íî òîò ïðîäîëæàë óïðàøèâàòü, ñîáëàçíÿÿ<br />
íåõèëîé ñóììîé â ñëó÷àå óñïåõà. "Ýòî<br />
ìåíÿåò äåëî", - ïîäóìàë õàêåð è îêîí÷àòåëüíî çàáèë<br />
íà âñå îñòàëüíûå äåëà. Çàêàç÷èê îñòàâèë<br />
ñâîé e-mail è ïîïðîñèë ñâÿçàòüñÿ ñ íèì, êîãäà âñå<br />
áóäåò ãîòîâî.<br />
ÑÁÎÐ ÄÀÍÍÛÕ Î ÏÐÎÒÈÂÍÈÊÅ<br />
Âîîðóæèâøèñü nmap'îì, âçëîìùèê áåðåæíî ïîùóïàë<br />
ñåðâåð ñî âñåõ ñòîðîí. ×åðåç äåñÿòü ìèíóò<br />
stealth-ñêàíà, nmap âûäàë ïðèìåðíî ñëåäóþùåå:<br />
Íåìíîãî ïîäóìàâ, õàêåð ðåøèë ïðîâåðèòü ñåðâåð<br />
íà îøèáêè â httpd. Ñäåëàë çàïðîñ "HEAD /<br />
Starting nmap V. 3.00 (<br />
www.insecure.org/nmap/ )<br />
Interesting ports on www.icbill.com<br />
(213.43.4.23):<br />
(The 1580 ports scanned but not shown below<br />
are in state: closed)<br />
Port State Service<br />
21/tcp open ftp<br />
22/tcp open ssh<br />
23/tcp open telnet<br />
25/tcp open smtp<br />
53/tcp open domain<br />
80/tcp open http<br />
110/tcp open pop-3<br />
143/tcp open imap2<br />
3306/tcp open mysql<br />
Nmap run completed -- 1 IP address (1 host<br />
up) scanned in 610 seconds<br />
HTTP/1.0" è ïîíÿë, ÷òî àäìèíû íå ëûêîì øèòû -<br />
àïà÷ áûë ïîñëåäíåé âåðñèè, ñóùåñòâîâàâøåé íà<br />
òîò ìîìåíò. Òîãäà õàêåð ïîëåç èñêàòü ðàáî÷óþ<br />
ïðîêñþ íà www.proxycheck.spylog.ru, à ïîòîì ñòàë<br />
îñìàòðèâàòü ñàìó ñòðóêòóðó äâèæêà. Âñòàâêà ýêçîòè÷åñêèõ<br />
ïåðåìåííûõ â QUERY_STRING íå äàëà<br />
íèêàêèõ ðåçóëüòàòîâ. Âîçíèêëà ìûñëü, ÷òî ó çàêàç÷èêà<br />
ýòîãî äâèæêà äåéñòâèòåëüíî õîðîøèé<br />
âêóñ. Ïîáðîäèâ òàêèì îáðàçîì ïî âåáó â òå÷åíèå<br />
ìèíóò äâàäöàòè, íàø ãåðîé óæ áûëî îò÷àÿëñÿ â<br />
óñïåõå, êàê âäðóã âñïîìíèë, ÷òî äîïóñòèë îøèáêó<br />
â ñáîðå ìàòåðèàëà - îí åùå äàæå íå çíàë îïåðàöèîííîé<br />
ñèñòåìû, ïîä êîòîðîé ðàáîòàåò ýòîò äâèæîê.<br />
Fingerprint nmap'à íå ñêàçàë íè÷åãî âðàçóìèòåëüíîãî,<br />
à âîò áàííåðû îòêðûòûõ 21 è 22 ïîðòîâ<br />
ìîãëè çàïðîñòî âûäàòü îïåðàöèîíêó. Äëÿ ýòîãî îí<br />
âîñïîëüçîâàëñÿ óòèëèòîé netcat:<br />
[root@shell root]# nc icbill.com 21<br />
220 ProFTPD 1.2.6 Server (ProFTPD on<br />
www.icbill.com) ready<br />
^C punt!<br />
[root@shell root]# nc icbill.com 22<br />
SSH-1.99-OpenSSH_2.3.0 FreeBSD localisations<br />
20010713<br />
ÂÒÎÐÆÅÍÈÅ È ÏÎÈÑÊ<br />
Âóàëÿ! Âîò è èíòåðåñíàÿ èíôîðìàöèÿ. Íàø äåÿòåëü<br />
áûñòðî äîãàäàëñÿ, ÷òî íà ñåðâåðå óñòàíîâëåíà<br />
FreeBSD. Ïîäóìàâ åùå ïàðó ìèíóò è âçâåñèâ âñå ïîëó÷åííûå<br />
äàííûå, îí ïîðûëñÿ â ñâîåì àðõèâå è íàøåë<br />
äîâîëüíî ñòàðûé ýêñïëîèò äëÿ äûðÿâûõ âåðñèé<br />
telnetd. Ñóòü åãî çàêëþ÷àëàñü â ïåðåñûëêå 16-ìåãàáàéòíîãî<br />
òðàôèêà íà 23 ïîðò, ïîñëå ÷åãî ñèñòåìà<br />
äîëæíà áûëà ñäàòüñÿ è ïðîòÿíóòü Remote-Root-<br />
Access. Õàêåðà ìó÷èëè ñìóòíûå ñîìíåíèÿ, ò.ê. ýòèì<br />
ñïëîèòîì óæå ïðàêòè÷åñêè íè÷åãî íåëüçÿ áûëî ïîõàêàòü.<br />
Íî îí âñå æå ïîïðîáîâàë... È ê åãî óäèâëåíèþ<br />
ýêñïëîèò âûäàë ñëîâî PASSED, ÷òî îçíà÷àëî ñîâïàäåíèå<br />
îïåðàöèîíêè ñ ëîìàâøåéñÿ îñüþ. Òåïåðü<br />
ìîæíî áûëî íåìíîãî âçäðåìíóòü â êðåñëå. Ñîçíàíèå<br />
ïðîáóäèëîñü ïðè ïîÿâëåíèè íàäïèñè "uid=0(root)<br />
gid=0(root)" â êîíñîëè. Äà, äà! Âîò îíà óäà÷à! Âñå-<br />
1 2 3 4<br />
56 Íüþñû Ôåððóì Inside PC_Zone Âçëîì