¦þ¹ ¼³¾Šł
¦þ¹ ¼³¾Šł
¦þ¹ ¼³¾Šł
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Âçëîì<br />
ÕÀÊÅÐ\¹53\Ìàé\2003<br />
ÏÀÐÎËÜ "ÐÛÁÀ-SHIT"<br />
Master-lame-master<br />
ñêðèïò, ÷òî è ïðîäåëàë íàø âçëîìùèê. Ñêðèïò íàéäåí,<br />
äåëî îñòàâàëîñü çà ìàëûì - çàïóñòèòü 7350fun<br />
è æäàòü ðåçóëüòàòà.<br />
Áóêâàëüíî ÷åðåç 20 ìèíóò ïåðåáîðà îôñåòîâ,<br />
apache ñäàëñÿ è âûäàë nobody-øåëë. Äàëüøå<br />
ñêðèïòêèäè îïðåäåëèë îïåðàöèîííóþ ñèñòåìó, ýòî<br />
îêàçàëàñü RedHat 7.0. Â áîé ïîøëè ëîêàëüíûå ýêñïëîèòû.<br />
Íà ñåðâåð áûë óñòàíîâëåí äûðÿâûé sendmail.<br />
Ñ ïîìîùüþ ñïëîèòà sxp.c (ïðî íåãî óæå ïèñàë<br />
][ â ñòàòüå "top10 exploits"), õàêåð äîñòèã rootïðàâ.<br />
Ïîñëå óñòàíîâêè ðóòêèòà åìó ïîä÷èíèëàñü<br />
âñÿ ñèñòåìà... À âñå èç-çà êàêîãî-òî php-ìîäóëÿ.<br />
ÓÃËÓÁËßÅÌÑß Â ÊÎÄÈÍÃ<br />
Ýòîìó ãåðîþ îäíîãî âçëîìà îêàçàëîñü ìàëî, è îí<br />
ñòàë ëèñòàòü èñòîðèþ êîìàíä àäìèíèñòðàòîðà.<br />
Íàéäåíû áûëè òîëüêî èñõîäÿùèå êîííåêòû ïî ssh,<br />
íî áåç âñÿêèõ ïàðîëåé. John The Ripper òàêæå îêàçàëñÿ<br />
áåñïîëåçíûì. Íî êèäèñ íå ñäàâàëñÿ, ïûòàÿñü<br />
ïðèäóìàòü ÷òî-íèáóäü åùå. È ïðèäóìàë-òàêè - íàäî<br />
ïðîïàò÷èòü ñûðöû ssh, ÷òîáû îí ëîãèðîâàë ïàðîëè.<br />
Óçíàâ âåðñèþ ssh (ssh -V), õàêåð ïîëåç åãî ñêà÷èâàòü<br />
(www.openssh.org). Ñêà÷àë, ðàñïàêîâàë. Íà-<br />
÷àë äåòàëüíîå èçó÷åíèå ñîðñîâ. Åìó íàäî áûëî<br />
íàéòè ìåñòî, ãäå ïåðåäàåòñÿ ïàðîëü. Â ôàéëàõ<br />
sshconnect1.c è sshconnect2.c îáíàðóæèëèñü<br />
Íàéòè php-ñêðèïò - ïðîùå ïðîñòîãî =)<br />
ôóíêöèè ïî çàïðîñó ïàðîëåé. Òåïåðü îñòàâàëîñü<br />
òîëüêî íåìíîãî ñìîäèôèöèðîâàòü êîä:<br />
[root@hack work]# nc -vv www.nikita.ru 80 <<br />
./get.txt |grep Server<br />
Server: Apache/1.3.19 (Unix)<br />
mod_perl/1.24_01 mod_throttle/2.11<br />
PHP/4.0.6 FrontPage/4.0.4.3 mod_ssl/2.8.3<br />
OpenSSL/0.9.6b mod_gzip/1.3.19.1a<br />
sent 17, rcvd 359<br />
[root@hack work]#<br />
Ïðîïàò÷èâ äâà ýòèõ ôàéëà, õàêåð çàíîâî ïåðåñîáðàë<br />
openssh. Çàìåíèë åäèíñòâåííûé /usr/bin/ssh,<br />
ïîñòàâèë ñòàðóþ äàòó. Ïîòîì ñîçäàë ôàéë<br />
/usr/share/locale/it/console.it ñ ïðàâàìè äîñòóïà 666,<br />
÷òîáû áèíàðíèê ìîã êîððåêòíî çàïèñûâàòü â íåãî<br />
àêêàóíòû. Ïîñëå ýòîãî ñòåð ëîãè è óäàëèëñÿ. Îñòàâàëîñü<br />
òîëüêî äîæäàòüñÿ ïîÿâëåíèÿ àäìèíà, êîòîðûé,<br />
ïî ëîãèêå âåùåé, äîëæåí áûë çàéòè íà äðóãîé<br />
ñåðâåð ôèðìû Nikita. Òàê, ñîáñòâåííî, è ïðîèçîøëî.<br />
×òî ïðèìå÷àòåëüíî, àäìèí èñïîëüçîâàë<br />
root-àêêàóíò äëÿ ïîäêëþ÷åíèÿ, ïîýòîìó, ïðî÷èòàâ<br />
console.it, âçëîìùèê óçíàë âñþ ïîëåçíóþ èíôó.<br />
Òåáÿ èíòåðåñóåò, ÷åì âñå çàêîí÷èëîñü Èç-çà òîãî,<br />
÷òî õàêåð íå èñïîëüçîâàë øåëë â êà÷åñòâå õàêïëîùàäêè,<br />
åãî íå çàìå÷àëè äîâîëüíî äîëãî. Ê òîìó<br />
æå îí ìîã ïîëó÷àòü íà õàëÿâó âñå êîììåð÷åñêèå<br />
ïðîäóêòû âçëîìàííîé ôèðìû. PHP-áàã íà ñåðâåðå<br />
òàê è îñòàëñÿ íåçàïàò÷åííûì â òå÷åíèå ïîëóãîäà.<br />
Ïîòîì, íàêîíåö, ñèñòåìà áûëà çàìåíåíà íîâîé,<br />
è ïàðîëè ñóïåðïîëüçîâàòåëÿ èçìåíèëèñü.<br />
ÑÊÀÇÊÀ ËÎÆÜ, ÄÀ Â ÍÅÉ ÍÀÌÅÊ...<br />
Äàëåêî íå âñå âçëîìû ïðîõîäÿò òàê ãëàäêî. Ïîðîé<br />
ýòî áåññîííûå íî÷è, ïîñëå êîòîðûõ õàêåð íàõîäèò<br />
òîíåíüêóþ íèòî÷êó â ñèñòåìå, çà íåå îí è öåïëÿåòñÿ.<br />
À èíîãäà íåò è åå. Âñå çàâèñèò îò ñèñòåìíûõ<br />
ðóê àäìèíèñòðàòîðîâ.<br />
Íå ñòîèò ðàñöåíèâàòü ýòîò ìàòåðèàë êàê ëæèâûé<br />
êèíîðîìàí - âñå âçëîìû, îïèñàííûå çäåñü, ðåàëüíû.<br />
Äëÿ ïðîñòîòû ïîíèìàíèÿ áûëè ëèøü îïóùåíû<br />
ïîïûòêè ñáîðà äàííûõ, íå óâåí÷àâøèåñÿ<br />
óñïåõîì, à òàêæå íåêîòîðûå ïðîìàõè õàêåðà ïî<br />
ïðè÷èíå íåîïûòíîñòè èëè ëåíè. Äëÿ íàñ âñåãäà<br />
îñòàåòñÿ ãëàâíûì èòîã - íàðóøèòåëü ïðîðûâàåòñÿ<br />
÷åðåç âñåâîçìîæíûå ñèñòåìû áåçîïàñíîñòè è îñòàåòñÿ<br />
íåçàìåòíûì äëÿ àäìèíîâ...<br />
Êîäèì äî ïîòåðè ñîçíàíèÿ<br />
Îñíîâíûå ïðèíöèïû õàêåðà<br />
×òî æå ïîìîãëî õàêåðó â åãî íåëåãêîì äåëå<br />
1. Âçëîìùèê íèêîãäà íå ïðåíåáðåãàåò ñáîðîì äàííûõ î ïðîòèâíèêå, è ëèøü ïîñëå<br />
ïîëó÷åíèÿ èñ÷åðïûâàþùåé èíôîðìàöèè ïûòàåòñÿ ëîìàòü æåðòâó ÷åðåç âîçìîæíûå<br />
óÿçâèìîñòè.<br />
2. Âçëîìùèê äëÿ ïðîäóêòèâíîé ðàáîòû äîâîëüíî ÷àñòî ïîëüçóåòñÿ íåçàìåíèìûìè<br />
ïðîãðàììàìè nmap è netcat. Ñêà÷àòü èõ ìîæíî ÷åðåç ïîèñêîâèê unix-like-ïðîãðàìì<br />
www.freshmeat.net.<br />
3. Âçëîìùèê íå çëîóïîòðåáëÿåò ðóòèííîé ðàáîòîé ïî ïàò÷èíãó ñîðöîâ ñëóæåáíûõ ïðîãðàìì.<br />
1 2 3 4<br />
58 Íüþñû Ôåððóì Inside PC_Zone Âçëîì