áúðчðть - Xakep Online
áúðчðть - Xakep Online
áúðчðть - Xakep Online
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ÞÍÈÒÛ ÊÐÅÀÒÈÔÔ ÊÎÄÈÍÃ UNIXOID ÑÖÅÍÀ [ÂÇËÎÌ] ÈÌÏËÀÍÒ PC_ZONE FERRUM<br />
ÍÜÞÑÛ<br />
WWW<br />
CLICKATELL<br />
Clickatell âîçâðàùàåòñÿ<br />
ÎÄÍÀÆÄÛ ÌÍÅ ÇÀÕÎÒÅËÎÑÜ ÏÐÈÂÅÑÒÈ ÑÂÎÈ ÄÀÍ-<br />
ÍÛÅ Â ÏÎÐßÄÎÊ. ÄÓÌÀÞ, ÌÍÎÃÈÅ ÌÅÍß ÏÎÉÌÓÒ: ÅÑ-<br />
ËÈ ÍÅ ÓÏÎÐßÄÎ×ÈÂÀÒÜ ÈÍÔÎÐÌÀÖÈÞ ÍÅÑÊÎËÜÊÎ<br />
ÌÅÑßÖÅÂ, ÒÎ ÑÒÐÓÊÒÓÐÀ ÍÀÊÎÏÈÒÅËÅÉ ÏÐÅÂÐÀÙÀ-<br />
ÅÒÑß Â ÍÅÈÇÂÅÑÒÍÎ ×ÒÎ. ÈÌÅÍÍÎ ÒÀÊÎÅ ÌÅÑÈÂÎ<br />
ÄÀÂÍÎ ÈÌÅËÎ ÌÅÑÒÎ ÍÀ ÌÎÅÌ ÊÎÌÏÜÞÒÅÐÅ:<br />
Èíòåðåñíàÿ èñòîðèÿ<br />
íîâîãî âçëîìà Clickatell.com<br />
[óòåðÿííûé êîìïëåêò ñöåíàðèåâ] Îáû÷íî, êîãäà ðîåøüñÿ â õëàìå<br />
äàííûõ, òî íàõîäèøü äàâíî óòåðÿííóþ èíôîðìàöèþ. Òàê âûøëî è â ýòîò<br />
ðàç: çà ïîë÷àñà óáîðêè ÿ óñïåë îáíàðóæèòü òðè mp3-øêè, êîòîðûå ÿ â ïîòå<br />
ëèöà èñêàë ìåñÿö íàçàä, ïàðó òåêñòîâèêîâ ñ çàñíèôàíûìè ïàðîëÿìè,<br />
à òàêæå íåñêîëüêî óâåñèñòûõ tar.gz-àðõèâîâ, ïîïóñòó çàíèìàþùèå ìåñòî<br />
íà ìîèõ íàêîïèòåëÿõ. Íî ýòî áûëè òîëüêî öâåòî÷êè. Ìíå ïîñ÷àñòëèâèëîñü<br />
íàéòè ïàïêó ñ íàçâàíèåì clickatell, â êîòîðîé íàõîäèëñÿ àðõèâ÷èê<br />
www.tar.gz. Â ïîñëåäíåì ðàñïîëàãàëèñü âñå web-ñöåíàðèè êîìïàíèè<br />
Êëèêàòåëü. Åñëè òû ïîñòîÿííûé ÷èòàòåëü æóðíàëà, òî çíàåøü, ÷òî ïîëãîäà<br />
íàçàä ìíå óäàëîñü ëèõî ïîðóòàòü Êëèê è îòïðàâèòü íà øàðó<br />
ïàðó ñîòåí SMS'îê :).<br />
Íåáîëüøîå ëèðè÷åñêîå îòñòóïëåíèå: àäìèíèñòðàòîðû Clickatell ïðèíÿëè<br />
ðåøèòåëüíûå ìåðû ïðîòèâ ìîåãî âçëîìà: îíè çàñòàâèëè âñåõ êëèåíòîâ<br />
ñìåíèòü ñâîè ïàðîëè, âïîñëåäñòâèè çàøèôðîâàâ èõ îòíîñèòåëüíî ñòîéêèì<br />
àëãîðèòìîì MD5. Ïîìèìî ýòîãî, àäìèíèñòðàöèÿ ñìåíèëà âñå ïàññâîðäû<br />
íà çàêðûòûå çîíû è çàáàíèëà ìîè IP-àäðåñà íà öåíòðàëüíîì áðàíäìàóýðå :).<br />
Åäèíñòâåííîå, ÷òî ÿ óñïåë ñäåëàòü, ýòî ñïèîíåðèòü ñ WWW-ñåðâåðà àðõèâ,<br />
ñîäåðæàùèé êîíòåíò âñåõ admin- è public-ñöåíàðèåâ.<br />
È âîò, ñïóñòÿ äîëãèå ìåñÿöû, ÿ íàøåë ýòîò àðõèâ. Âíóòðè íàõîäèëèñü<br />
äâå ïàïêè: public è admin. Ïîìíèòñÿ, ÷òî áëàãîäàðÿ àðõèâó ÿ îòûñêàë<br />
äûðêó â ñêðèïòå àäìèíêè, êîòîðàÿ ïîçâîëÿëà âûïîëíÿòü ëþáûå êîìàíäû.<br />
Íà ñåãîäíÿøíèé äåíü, ïî ïîíÿòíûì ïðè÷èíàì, â àäìèíêó çàéòè áûëî<br />
ïðîáëåìàòè÷íî, ïîýòîìó áûëî ðåøåíî èñïûòàòü óäà÷ó â public-÷àñòè<br />
ïðîåêòà. ß ÷åòêî ïîìíèë, ÷òî àäìèíñêèé ñêðèïò ñîäåðæàë áàã â ôóíêöèè<br />
exec(), êîòîðîé ïåðåäàâàëèñü íåçàýêðàíèðîâàííûå ïåðåìåííûå.<br />
Ïîýòîìó ÿ îñóùåñòâèë ïîèñê ïîäñòðîêè exec âî âñåõ ñöåíàðèÿõ àðõèâà.<br />
Ðåçóëüòàò ìåíÿ ïðîñòî îøåëîìèë: exec âûçûâàëñÿ â êàæäîì âòîðîì<br />
ñöåíàðèè. Îäíàêî, ïîñìîòðåâ ñîäåðæèìîå ôàéëîâ, ÿ áûë ðàçî÷àðîâàí:<br />
âñå ïåðåìåííûå ïðîâåðÿëèñü íà íàëè÷èå ñïåöèàëüíûõ ñèìâîëîâ<br />
è èíûõ êîíñòðóêöèé. Êàçàëîñü, ÷òî ïðîãðàììèñòû ïîäîøëè ê ïðîáëåìå<br />
áåçîïàñíîñòè ñ óìîì: íà ïåðâûé âçãëÿä èñõîäíèêè íå ñîäåðæàëè íè<br />
 ÊÎÐÍÅ ÄÈÑÊÀ «ÖÝ» ÐÀÑÏÎËÀÃÀËÈÑÜ ÏßÒÜ ÈËÈ<br />
ØÅÑÒÜ ÏÀÏÎÊ Ñ ÈÌÅÍÀÌÈ TEMP1, 111 È Ò.Ï. ÌÅÄËÅÍ-<br />
ÍÎ ÍÀ×À ÐÀÇÃÐÅÁÀÒÜ ÌÓÑÎÐ, ß ÄÀÆÅ ÍÅ ÏÐÅÄÏÎ-<br />
ËÀÃÀË, ×ÒÎ ÍÅÇÀÒÅÉËÈÂÀß ÓÁÎÐÊÀ ÌÎÆÅÒ ÏÐÈÂÅÑ-<br />
ÒÈ Ê ÑÎÊÐÓØÈÒÅËÜÍÎÌÓ ÂÇËÎÌÓ ÈÇÂÅÑÒÍÎÉ ÊÎÐ-<br />
ÏÎÐÀÒÈÂÍÎÉ ÑÅÒÈ | Master-lame-master<br />
Âñåãäà ïðîâåðÿé<br />
ðàçëè÷íûå êîíôèãè â<br />
êàòàëîãå /etc.  íèõ ÷àñòî<br />
õðàíÿòñÿ ïàðîëè, êëþ÷è è<br />
äðóãèå èíòåðåñíûå âåùè.<br />
îäíîãî èçúÿíà — êîä áûë ïðîäóìàí<br />
äî ìåëî÷åé. Íî ïðè ïðîñìîòðå<br />
î÷åðåäíîãî ñêðèïòà ìîè äîâîäû<br />
áûñòðî ðàññåÿëèñü. Ìíå ïîñ÷àñòëèâèëîñü<br />
îáíàðóæèòü êóñîê êîäà<br />
ñëåäóþùåãî ñîäåðæàíèÿ:<br />
Íå ñòîèò çàáûâàòü, ÷òî âñå<br />
äåéñòâèÿ õàêåðà ïðîòèâîçàêîííû,<br />
ïîýòîìó äàííàÿ<br />
ñòàòüÿ äàíà ëèøü äëÿ îçíàêîìëåíèÿ<br />
è îðãàíèçàöèè<br />
ïðàâèëüíîé çàùèòû ñ òâîåé<br />
ñòîðîíû. Çà ïðèìåíåíèå<br />
ìàòåðèàëà â íåçàêîííûõ<br />
öåëÿõ, àâòîð è ðåäàêöèÿ<br />
îòâåòñòâåííîñòè íå íåñóò.<br />
[êóñîê áàæíîé ïðîãðàììû]<br />
<<br />
$auth = new siteAuth();<br />
$auth->checkAuth($login);<br />
$user_no = $auth->getUserNo();<br />
$cmd = '/usr/clickatell/compile -v';<br />
if (isset($ota_type)&&$ota_type!=-1) $cmd .= " -t$ota_type";<br />
if (isset($name) && $name != "" &&$ota_type == 1) $port != -1) $cmd .=<br />
" -C$port";<br />
if (isset($isp_name) && $isp_name != "") $cmd .= " -I$isp_name";<br />
if (isset($sms_smsc) && $sms_smsc != "") $cmd .= " -a$sms_smsc";<br />
if (isset($gprs_access) && $gprs_access != "") $cmd .= " -<br />
G$gprs_access";<br />
$ota_ret = exec($cmd);<br />
><br />
Äàæå íåïîñâÿùåííûé â PHP ÷åëîâåê ñêàæåò, ÷òî êîä ñîäåðæèò áîëüøîé<br />
èçúÿí. Äåéñòâèòåëüíî, âíåøíÿÿ ïåðåìåííàÿ $cmd âïîëíå ìîæåò ñîäåð-