Скачать - Xakep Online
02.01.2015 Views
Share Embed Flag

Скачать - Xakep Online

Скачать - Xakep Online

Скачать - Xakep Online

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
xakep.ru

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

âûïîëíÿåì êîìàíäó dir íà Windows-ñåðâåðå<br />

äæåíòëüìåíñêèé íàáîð ðàçðàáîò÷èêà (Äåíâåð) — îòëè÷íàÿ âîçìîæíîñòü<br />

ïðîâåðèòü ñêðèïòû ïîä Windows<br />

àâòîðèçàöèÿ íà âåáøåëëå:<br />

÷óæîé íå<br />

ïðîéäåò!<br />

[RST MySQL v2.0]<br />

Ïëàòôîðìà: PHP<br />

Ðàçìåð: 79 Êá<br />

Ñàéò: www.rst.void.ru<br />

Êàæäûé çíàåò, ÷òî òàáëèöû MySQL ìîãóò áûòü<br />

ëåãêî îòðåäàêòèðîâàíû íà ñåðâåðå ñ ïîìîùüþ<br />

ìîùíîãî ñêðèïòà phpMyAdmin (www.phpmyadmin.net).<br />

Ðàáîòà ñ áàçàìè äàííûõ îñóùåñòâëÿåòñÿ<br />

ïðÿìî ÷åðåç îêíî áðàóçåðà, îò òåáÿ ëèøü<br />

òðåáóåòñÿ çàëèòü àðõèâ ñ äèñòðèáóòèâîì ñêðèïòà<br />

íà ñåðâåð. Íî èìåííî çäåñü è âîçíèêàþò ïðîáëåìû. Âî-ïåðâûõ, äèñòðèáóòèâ<br />

phpMyAdmin çàíèìàåò ïî÷òè 3 Ìá, ñîîòâåòñòâåííî, ðàñïàêîâàííûé<br />

— åùå áîëüøå. Âî-âòîðûõ, ñèëüíî íàïðÿãàåò îãðîìíîå êîëè÷åñòâî<br />

PHP-ôàéëîâ, èç êîòîðûõ êîìïîíóåòñÿ ñêðèïò: èìè êðàéíå íåóäîáíî<br />

îïåðèðîâàòü è åùå ñëîæíåå óñòàíîâèòü ñêðûòíî íà ñåðâåð. Íî ýòî<br />

åùå íå âñå. Íåäîñòàòîê phpMyAdmin çàêëþ÷àåòñÿ åùå è â òîì, ÷òî ïàðîëü<br />

ê ÁÄ õðàíèòñÿ â îòêðûòîì âèäå ïðÿìî â òåêñòîâûõ êîíôèãàõ ñêðèïòà.<br />

Ýòî ÿâíî íå äåëàåò åãî ïî÷åòíûì, è âîîáùå ãîâîðÿ, ÿâëÿåòñÿ ñåðüåçíîé<br />

äûðîé â áåçîïàñíîñòè.<br />

Äóìàþ, ÿ ñìîã óáåäèòü òåáÿ â íåîáõîäèìîñòè àëüòåðíàòèâû :). Äîñòîéíî<br />

óêðåïèòüñÿ â ýòîé äîëæíîñòè âñå øàíñû èìååò ñêðèïò RST MySQL 2.0.<br />

Íàøåë ÿ åãî íåäàâíî, íî ñðàçó ïîíÿë, ÷òî ýòî èìåííî òî, ÷òî íàäî. Ìèíèàòþðíûé<br />

ñêðèïò, êîòîðûé â àðõèâå çàíèìàåò âñåãî 17 Êá, ïî ôóíêöèîíàëüíîñòè<br />

íè÷óòü íå óñòóïàåò ãèãàíòñêîìó phpMyAdmin. Ñóäè ñàì: óñòàíîâèâ<br />

RST MySQL íà ñåðâåð, òû ñìîæåøü ïðîñìàòðèâàòü è ðåäàêòèðîâàòü<br />

ëþáûå áàçû, êîòîðûå äîñòóïíû äëÿ òâîåãî àêêàóíòà, èëè äàæå ñîçäàâàòü<br />

íîâûå, åñëè òû ÿâëÿåøüñÿ àäìèíèñòðàòîðîì. Âñå äåéñòâèÿ âûïîëíÿþòñÿ<br />

âèçóàëüíî, òî åñòü íà èíòóèòèâíîì óðîâíå. Äëÿ òîãî, ÷òîáû<br />

îòðåäàêòèðîâàòü, ïðîñìîòðåòü è ñîçäàòü íîâóþ òàáëèöó â ÁÄ, òåáå íå<br />

íóæíî çíàòü ÿçûê SQL — âñå ýòî çà òåáÿ ñäåëàåò RST MySQL 2.0. Åñëè<br />

æå òû õî÷åøü óêðåïèòü ñâîè ïîçèöèè â ñîñòàâëåíèè SQL-çàïðîñîâ, òî<br />

ñêðèïò âîîáùå äëÿ òåáÿ îêàæåòñÿ áîëüøîé íàõîäêîé. Ëþáîå äåéñòâèå,<br />

êîòîðîå îí ñîâåðøàåò, ñîïðîâîæäàåòñÿ òåêñòîì SQL-çàïðîñà, ïîýòîìó<br />

îí ëåãêî óñâàèâàåòñÿ. Ïîíàáëþäàâ, ìîæåøü ïîïðîáîâàòü ñîñòàâèòü çàïðîñû<br />

âðó÷íóþ — RST MySQL c óäîâîëüñòâèåì èõ îáðàáîòàåò. Ìîæíî<br />

ðåäàêòèðîâàòü àáñîëþòíî âñå: ëþáûå ïîëÿ (íàçâàíèÿ ñòîëáöîâ) òàáëèöû,<br />

ñîäåðæàíèå, ñâÿçè è ò.ï. Îòëè÷íîé ôèøêîé ÿâëÿåòñÿ âîçìîæíîñòü<br />

ñîçäàíèÿ äàìïà (êîïèè) ÁÄ èëè îòäåëüíûõ òàáëèö, êîòîðûå òû ìîæåøü<br />

ïðîñìîòðåòü â áðàóçåðå èëè îòïðàâèòü ïî HTTP. Âñå ýòè ôóíêöèè ëåãêî<br />

ïîìåñòèëèñü â îäèí íåáîëüøîé ôàéë, êîòîðûé íå íóæíî êîíôèãóðèðîâàòü<br />

è ëåãêî çàëèòü íà ñåðâåð.<br />

Àëüòåðíàòèâà: WizMySQLAdmin (PHP, wiz.homelinux.net/php.php), perlmyadmin<br />

(Perl, www.perlmyadmin.de).<br />

[PHP FXP 3.0]<br />

Ïëàòôîðìà: PHP<br />

Ðàçìåð: 11 Êá<br />

Ñàéò: http://fxp.harrym.nu/phpfxp<br />

Ñ ïîÿâëåíèåì âûñîêîñîðòíûõ<br />

èíåò-êàíàëîâ âñå ìåíüøå ñòàëà<br />

îùóùàòüñÿ íåîáõîäèìîñòü ëîêàëüíî<br />

õðàíèòü êàêèå-òî ôàéëû. Ê<br />

ìîìåíòó ñëåäóþùåé óñòàíîâêè<br />

ïðèâû÷íîé ïðîãðàììû â èíåòå íàâåðíÿêà<br />

áóäåò âûëîæåí åå ñâåæèé<br />

ðåëèç. Google.com èíäåêñèðóåò<br />

åæåäíåâíî ìèëëèîíû äîêóìåíòîâ,<br />

èç êîòîðûõ íàéòè íóæíûé íàìíîãî<br />

ëåã÷å, ÷åì ïåðåáèðàòü íà âèíòå<br />

êîãäà-òî ñîõðàíåííûå âåá-ñòðàíè÷êè.<br />

Ñïîðó íåò — óäîáíî, íî<br />

åñòü è ïðîáëåìû.<br />

Ìíå, íàïðèìåð, íå ðàç ïðèõîäèëîñü<br />

êîïèðîâàòü áîëüøèå îáúåìû<br />

ñ îäíîãî FTP-ñåðâåðà íà äðóãîé.<br />

Êàæäûé ðåøàåò ýòó çàäà÷ó ïî-ñâîåìó.<br />

Êòî-òî áóäåò äåéñòâîâàòü íàïðîëîì:<br />

âûêà÷àåò ôàéëû ñíà÷àëà<br />

íà ñâîé êîìïüþòåð, à ïîòîì çàëüåò<br />

â íóæíîå ìåñòî. Äðóãîé, íå<br />

ïîíàñëûøêå çíàêîìûé ñ òåõíîëîãèåé<br />

FxP, âîñïîëüçóåòñÿ ïðîäâèíóòûì<br />

FTP-êëèåíòîì. Íî åñòü åùå<br />

îäèí ñïîñîá — èñïîëüçîâàòü ñïåöèàëüíî<br />

çàòî÷åííûé ïîä ýòó çàäà-<br />

÷ó ñêðèïò. Ïðèçíàòüñÿ, ìíå ïðèøëîñü<br />

ïîòðàòèòü íåìàëî âðåìåíè, ïðåæäå ÷åì ÿ íàøåë ÷òî-òî ðàáîòîñïîñîáíîå:<br />

áîëüøèíñòâî ñêðèïòîâ ïî ðàçíûì ïðè÷èíàì îòêàçûâàëèñü êîððåêòíî<br />

ðàáîòàòü, íåñìîòðÿ íà ïðåäåëüíóþ ïðîñòîòó çàäàíèÿ. Ñ ñàìîé<br />

ëó÷øåé ñòîðîíû ïîêàçàë ñåáÿ ñêðèïò PHP FXP 3.0. Äëÿ åãî óñòàíîâêè<br />

ìíîãîãî íå òðåáóåòñÿ: íóæíî ðàñïàêîâàòü àðõèâ ñ äèñòðèáóòèâîì è ïîäïðàâèòü<br />

ïåðåìåííûå $url è $path â ôàéëå config.inc.php. Ïîñëå ýòîãî âñå<br />

ôàéëû è äèðåêòîðèè íåîáõîäèìî çàëèòü íà ñåðâåð, à ïîñëå ïåðåäà÷è<br />

âûñòàâèòü ïðàâà (chmod) 777 íà äèðåêòîðèþ Store è âñå ôàéëû, íàõîäÿùèåñÿ<br />

â ïàïêå data. Òåïåðü ìîæíî îòêðûâàòü ôàéë index.php â áðàóçå-<br />

BACK-CONNECT VS. BIND-SHELL<br />

Î÷åíü ÷àñòî äëÿ íîðìàëüíîé ðàáîòû ñ óäàëåííûì ñåðâåðîì<br />

÷åðåç telnet/SSH ìåøàåò ôàéðâîë, êîòîðûé áëîêèðóåò<br />

îáðàùåíèÿ ê ýòèì ïîðòàì èçâíå.  ýòîì ñëó÷àå ìîãóò ïîìî÷ü<br />

äâà ïîäõîäà. Îáà âêëþ÷åíû â ñîñòàâ r57shell.<br />

Bind-shell. Ñêðèïò îòêðûâàåò íà óäàëåííîì õîñòå ñîêåò íà<br />

çàäàííîì ïîðòó, êîòîðûé íå ôèëüòðóåòñÿ ôàéðâîëîì (åñëè<br />

òàêîé ïîðò âîîáùå åñòü), è ïðèâÿçûâàåò ê íåìó ñòàíäàðòíûé<br />

bash-èíòåðïðèòàòîð /bin/bash. Òåáå îñòàåòñÿ ñ ïîìîùüþ<br />

telnet'à ïîäêëþ÷èòüñÿ ê íåìó è ðàäîâàòüñÿ æèçíè.<br />

Back-connect. Ýòîò ñïîñîá ïîäõîäèò, êîãäà ïðàâèëà ôàéðâîëà<br />

íà óäàëåííîì õîñòå ôèëüòðóþò ïðàêòè÷åñêè âñå ïîäêëþ÷åíèÿ,<br />

è âîçìîæíîñòè çàáèíäèòü ïîðò íåò. Èñïîëüçîâàíèå<br />

back-connect ïîäðàçóìåâàåò, ÷òî èíèöèèðîâàòü ïîäêëþ÷åíèå<br />

áóäåøü íå òû, à ñàì ñåðâåð, êîòîðûé ïîïðîáóåò<br />

ïîäêëþ÷èòüñÿ ê óêàçàííîìó åìó ïîðòó çàäàííîãî IP-àäðåñà.<br />

Íà ïðèíèìàþùåé ñòîðîíå ýòî ñîåäèíåíèå íóæíî ïðèíÿòü<br />

ñ ïîìîùüþ ÷óäî-ïðîãðàììû netcat (netcat.sourceforge.net),<br />

ïîñëå ÷åãî ìîæíî îòäàâàòü êîìàíäû, êàê íà îáû÷íîì<br />

øåëëå. Åñëè back-connect íàñòðîåí íà 40000, òî çàïóñêàòü<br />

netcat íóæíî ïðèìåðíî òàê:<br />

d:\xakep>nc.exe -l -n -v -p 40000<br />

listening on [any] 40000 ...<br />

connect to [xxx.xxx.xxx.xx] from (UNKNOWN) [xx.xx.xxx.xx]<br />

54247<br />

Linux gw 2.4.8-ac5 #2 SMP Tue Sep 25 21:36:58 MSD 2001<br />

i686 unknown<br />

uid=60001(nobody) gid=60001(nobody)<br />

Íå ñòîèò çàáûâàòü, ÷òî âñå<br />

äåéñòâèÿ âçëîìùèêîâ<br />

ïðîòèâîçàêîííû è ýòà<br />

ñòàòüÿ ïðåäíàçíà÷åíà<br />

ëèøü äëÿ îçíàêîìëåíèÿ.<br />

Çà ïðèìåíåíèå ìàòåðèàëà<br />

â íåçàêîííûõ öåëÿõ àâòîð<br />

è ðåäàêöèÿ îòâåòñòâåííîñòè<br />

íå íåñóò.<br />

Ëó÷øèé ñïîñîá îïåðèðîâàòü<br />

ôàéëàìè íà óäàëåííîì<br />

ñåðâåðå — èñïîëüçîâàòü<br />

ñêðèïò phpRemoteView<br />

(www.php.spb.ru). Óâåðÿþ<br />

òåáÿ, òû íå ðàçî÷àðóåøüñÿ.<br />

www.hotscripts.com —<br />

îãðîìíàÿ ïîäáîðêà ñêðèïòîâ<br />

íà PHP/PERL/ASP è ò.ä.<br />

www.x-forum.info — îòëè÷íûé<br />

ðàçäåë «âåá-ñêðèïòû»,<br />

äëÿ àêòèâíûõ ó÷àñòíèêîâ<br />

— äîñòóï ê îãðîìíîé<br />

ïîäáîðêå íóëåíûõ<br />

ñêðèïòîâ.<br />

http://faqs.org.ru/progr/web_<br />

lang/perl_web2.htm — ðóêîâîäñòâî<br />

íà ñëó÷àé, åñëè<br />

êàêîé-ëèáî èç Perl-ñêðèïòîâ<br />

íå çàðàáîòàåò.<br />

[XÀÊÅÐ 09 [81] 05 > PC_ZONE 033]

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!