Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online
11.07.2015 Views
Share Embed Flag

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

Ùı Ô ÙÏ ÙÔÛÁ - Xakep Online

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
xakep.ru

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

ÂÇËÎÌMaster-lame-masterCISCOÏÎÄÕÀÊÅÐ/¹07(67)/2004CENSORED ÏÎÈÑÊÅ ÈÑÒÎ×ÍÈÊÀÍåñìîòðÿ íà âñå ñëîæíîñòè, âçëîìùèê íåðàññòàëñÿ ñ ìûñëüþ î âçëîìå íåäðóãà. Ïîñëåíåêîòîðûõ ðàçäóìèé õàêåð ðåøèë íàéòèìàøèíêó, êîòîðàÿ ðåæåò âñå êîííåêòû íà 135ïîðò. Îí ñäåëàë òðàññèðîâêó äî àéïèøíèêàæåðòâû è îáðàòèë âíèìàíèå íà ïðåäïîñëåä-ÏÐÈÖÅËÎÌàìàÿ ýôôåêòèâíàÿ çàùèòà ïðîòèâ íàøóìåâøèõ óÿçâèìîñòåé â Win2k - ýòî ïðèíóäèòåëüíàÿ ôèëüòðàöèÿ ïîäêëþ÷åíèé íà 135 ïîðò ñîñòîðîíû ïðîâàéäåðà. Íî, êàê ïîêàçûâàåò ïðàêòèêà, è ýòó, êàçàëîñü áû, áåòîííóþ ïðåãðàäó ïðè æåëàíèè ìîæíî îáîéòè.  ýòîé ñòàòüåÿ ðàññêàæó ïðî òî, êàê îäíîìó õàêåðó óäàëîñü ïðåîäîëåòü ôàéðâîë íà öåíòðàëüíîì ìàðøðóòèçàòîðå.38CÈÑÒÎÐÈÈ ÕÀÊÅÐÑÊÎÃÎ ÄÅÑÒÐÓÊÒÈÂÀÝêñïëîéò äëÿ ñåðâèñà LsassSACCER VS LSASSCîâñåì íåäàâíî ìèð óçíàë îáî÷åðåäíîì áàãå â Windows. Íàýòîò ðàç äÿäþ Áèëëè îãîð÷èëñåðâèñ Lsass, â îäíîé èç ôóíêöèéêîòîðîãî áûëî îáíàðóæåíîïåðåïîëíåíèå áóôåðà. Îá ýòîéóÿçâèìîñòè ìû óæå íå ðàç ïèñàëèíà ñòðàíèöàõ æóðíàëà, ïîýòîìóåå ïðèíöèï ÿ ðàññìàòðèâàòü íå áóäó.Íà÷àëîñü âñå ñ òîãî, ÷òî íàøåìó ãåðîþïîòðåáîâàëîñü ïîëó÷èòü äîñòóï ê êîìïüþòåðóîäíîãî ñâîåãî íåäðóãà, ãäå õðàíèëèñü î÷åíüöåííûå ñâåäåíèÿ, íóæíûå âçëîìùèêó ïîçàðåç.Ïîñêîëüêó õîçÿèí êîìïüþòåðà áûë äîâîëüíîèíåðòíûì ÷åëîâåêîì, êîòîðûé íåòîëüêî íå ÷èòàë áàãòðàêè, íî è íèêîãäà âæèçíè íå ñòàâèë íà ñâîþ ìàøèíó íè îäíîãîïàò÷à, òî ëþáîé çëîóìûøëåííèê ìîã ëåãêî êíåìó íàâåäàòüñÿ. Õàêåð ñëèë óäîáíûé âèíäîâûéýêñïëîéò äëÿ lsass.dll(www.openwww.net/soft/HOD-ms04011-lsasrv-expl.exe),âûáðàë íóæíûé òàðãåò (îí çíàë, êàêàÿ îïåðàöèîíêàñòîèò ó æåðòâû) è çàïóñòèë åãî. Êàçàëîñüáû, âñå, ñåé÷àñ öåëü áóäåò äîñòèãíóòà,íî íå òóò-òî áûëî! Ýêñïëîéò ðóãíóëñÿ íà òî,÷òî íå ìîæåò ïðèñîåäèíèòüñÿ ê 135 ïîðòó íàóäàëåííîé ìàøèíå - ïî âñåìó áûëî âèäíî,÷òî ýòîò ïîðò ôèëüòðîâàëñÿ. Ýòî î÷åíü ñèëüíîóäèâèëî âçëîìùèêà, ïîñêîëüêó îí òî÷íîçíàë, ÷òî íà êîìïå æåðòâû íå ñòîèò ôàéðâîëà.Ïðîñêàíèðîâàâ ëîìàåìóþ ìàøèíó, õàêåðâûÿñíèë, ÷òî âñå îñòàëüíûå ïîðòû (äàæå 139è 445) îòêðûòû, ÷òî áûëî òàêæå î÷åíü ñòðàííî.Òîãäà îí ðåøèë ïîñìîòðåòü, íåò ëè â ñåòèïðîâàéäåðà ìàøèí ñ îòêðûòûì 135 ïîðòîì- îêàçàëîñü, ÷òî íà âñåõ êîìïüþòåðàõýòîò ïîðò áûë çàêðûò. "×òî çà ÷åðò!" - ïîäóìàëâçëîìùèê. Äåëî îêàçàëîñü â ñëåäóþùåì. ñåòè ïðîâàéäåðà óæå âîâñþ îðóäîâàë ÷åðâÿêSaccer, þçàþùèé óÿçâèìîñòü â Lsass. Ïîýòîìóïðîâàéäåð ðåøèë, ÷òî ïðîùå çàêðûòüâñåì êëèåíòàì 135 ïîðò, ÷åì ó÷èòü èõ êà÷àòüçàïëàòû íà ÎÑ. Ïðàâû ëè áûëè àäìèíû èëèíåò - âîïðîñ ñïîðíûé. Íî ôàêò îñòàåòñÿ ôàêòîì- âçëîìùèêó âñå-òàêè óäàëîñü îáîéòèýòó, êàçàëîñü áû, íåïðîáèâàåìóþ çàùèòó.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!