сишься, что левые трояны, вирусы и всякая про ... - Xakep Online

More documents

Recommendations

Info

Èâàí Ïîòðîøèòåëü aka Johny the Ripper Sky (dot_sky@iname.ru) Ýòè çàáàâíûå àäìèíû Çàõîæó ÿ ê ýòîìó óêñóñó äîìîé, à îí âåñü êàêîéòî ðàñòåðÿííûé è ðóêó ê íîóòáóêó òÿíåò. Ãëÿíóëà íà ìîíüêó, à òàì... òàì Áèëë Ãåéòñ è òðè íåãðà â ÒÀÊÈÕ ïîçàõ, êàêèå ñîçäàòåëþ” Êàìàñóòðû” íå ñíèëèñü, óðë òèïà õõõ.bestgirls.com è ïîäïèñü “Âàíÿ Ìÿñíèê”. “Íó è ÷òî?” - ñïðàøèâàþ ÿ. À îí óæå ïî êëàâêå òîï÷åòñÿ è óðë ÷àòà íàáèðàåò, êîííåêòèòñÿ òóäà è ïàëüöåì òû÷åò ïî íèêó CuCbKa (Âàíè Ìÿñíèêà). “Íó è ÷òî äàëüøå?” - ñïðàøèâàþ è óæå äóìàþ, êóäà ýòîãî þçâåðÿ óäàðèòü ëó÷øå. À îí ñìîòðèò íà ìåíÿ èñïóãàííî òàê è ïàññâîðä, íå îòâîäÿ îò ìåíÿ ãëàç, íàáèâàåò íà øåëë åãî âàðåçíîãî ñåðâàêà. Ïîòîì äðîæàùèìè ðóêàìè ââîäèò su è ïàññâîðä. Íå êàòèò ïàññ è ïîÿâëÿåòñÿ íàäïèñü “Access denied”. “×å-òî ÿ ïðîïóñòèëà, - äóìàþ ÿ è ïëþõàþñü çà êëàâêó â êðåñëî, - íàäî âûðó÷àòü óêñóñà, âñå-òàêè íà ÄÐ ìíå êàê-òî ìûøêó çàäàðèë. Äîëãî îíà ó ìåíÿ äåðæàëàñü, Äèàáëó ïåðâóþ ïåðåæèëà, è íà ïåðâîìàïå Âòîðîé Êâàêè ñäîõëà... õîðîøàÿ ìûøêà áûëà”. Ñìîòðþ, à òîò óæå ñïèò - íåðâíûé êàêîé-òî. Äåëàòü íå÷åãî, çàëèâàþ ñ Èíåòà John the Ripper. Êîííåêò - ñêàçêà, æåëåçî - ïåñíÿ. À êóâûðêàòüñÿ ñ ïðîãîé ìîæíî ïîä ëþáîé îïåðàöèîíêîé: Win95/98/NT è *nix. ×èñòà ïðî ïàðîëè Â Ëèíóõå ïàðîëè øèôðóþòñÿ àëãîðèòìîì DES, ïî ïðèíöèïó salt - ýòî êîãäà ïàðîëü øèôðóåòñÿ òàê, ÷òî åãî íåâîçìîæíî ðàñøèôðîâàòü. Åäèíñòâåííûé ñïîñîá - ýòî õåøèðîâàòü ïàðîëü ïî ýòîìó æå àëãîðèòìó è ñâåðÿòü õåøè. Íî ýòî áûëî ðàíüøå. Ïîñëåäíåå âðåìÿ âñå ðàçðàáîò÷èêè *íèêñîâ þçàþò PAM (Pluggable Authentication Modules - ïîäêëþ÷àåìûå ìîäåëè àóòåíòèôèêàöèè). Â íàðîäå îäíà èç ñàìûõ øèðîêî èñïîëüçóåìûõ ðàçíîâèäíîñòåé PAM çîâåòñÿ “Çàòåíåíèå”, òî åñòü Shadow. Õðàíÿòñÿ âñå ýòè äåëà (ïàðîëè) çäåñü: /etc/passwd - ñòàðûé âàðèàíò /etc/shadow - íîâûé âàðèàíò. Â /etc/passwd âàëÿëàñü ñëåäóþùàÿ âåðõíÿÿ ñòðî÷êà: root:*:0:0:System Administrator:/root:/bin/csh Òóò ìåíÿ îáëîìàëî, òàê êàê ýòî áûë fake, ò. å. “êóêëà”, ïîäñòàâà, ïîääåëêà... Ïðèøëîñü íàïðÿ÷üñÿ è çàéòè êàê ïðîñòîé þçåð: telnet www.uksuswarez.ru Connected to www.uksuswarez.ru Escape character is ‘^]’ Welcome to Uksus Warez main server Login: ââåëà ëîãèí Password: ïàðîëü Sun Microsystems Inc. SunOS 5.5 Generic October 1999 You have mail. SunOS univ 5.5 Generic_106541-08 sun4d sparc SUNW, SPARCserver-1000 Îñòàëîñü ìíå “ñàìîå ïðîñòîå” - ñòÿíóòü ðóòîâñêèé ïàðîëü. Íåìíîãî ïîðàçìûñëèâ è ïðèñìîòðåâøèñü ê âåðñèè ÑàíÎñè, ÿ ðåøèëà ïîïðîáîâàòü êëàññè÷åñêóþ àòàêó, þçàâøóþ îøèáêó â òåëíåòäåìîíå. Îïèñûâàòü åå íå áóäó - ñòîèò òîëüêî âçãëÿíóòü âíèìàòåëüíî íà ñêðèíû. Ïîíÿòíîå äåëî, ÷òî libc.so.6 áûëà çàðàíåå ìíîé ïðîòðîÿíåíà. Íó, âîò è âñå :). Ìû íà ìåñòå. Íî òóò îïÿòü ïðîáëåìêà âîçíèêëà. Ïîä ðóòîì-òî ÿ âîøëà, à âîò êàê íàñîëèòü Ìÿñíèêó - ýòî åùå “ïðèäóìàòü” íàäî ;). Íî ðåøåíèå ïðèøëî áûñòðî: íàäî áûëî ïðîñòî óçíàòü åãî ðóòîâñêèé passwd, à äàëüøå äåëî òåõíèêè ;). (Âàðåçíûõ-òî ñåðâàíòîâ ó íåãî ïîëíî.) #cat /etc/master.passwd root:eRhjgoòbR007:0:0:Vanya Myasnik:/root:/bin/csh À ýòî çíà÷èò: - root - èìÿ ïîëüçîâàòåëÿ. - eRhjgoòbR007 - çàøèôðîâàííûé ïàðîëü â DES. - 0:0 - PID (Personal IDentifier) : GID (Group
IDentifier), ó root âñþ äîðîãó 0:0. - Vanya Myasnik - èíôà î ïîëüçîâàòåëå. - /bin/csh - êîìàíäíûé èíòåðïðåòàòîð ðóòà. Íó, ïóòü ê ïàññó ó ìåíÿ åñòü. Ñîõðàíÿþ ÿ åãî ñåáå íà ìàøèíêó â âèäå passwd.lame (âîîáùå, ïî áàðàáàíó, ñ êàêèì ðàñøèðåíèåì òû åãî ñîõðàíèøü). Êèäàþ âñå ýòî äåëî â ïàïêó ê exe’øíèêó John The Ripper è ïðîïèñûâàþ â êîìàíäíîé ñòðîêå FaR’à òàêóþ âåùü: cd c:\jtr\ Ýõ, ìîëîäîñòü... Òèïà îïöèè John The Ripper: Ïîäáîðêà ïàðîëÿ äëÿ êîíêðåòíîãî ïîëüçîâàòåëÿ: john -w:wordlist -rules -users:0 passwd Ëèíêè ïî òåìå Êàê âñåãäà, àâòîðû ïîäâîäÿò ðåäàêòîðîâ: òî íàïèøóò ñëèøêîì ìíîãî, ïîòîì è íå çíàåøü, ÷åãî óáèðàòü. Òî íàîáîðîò, äåëÿòñÿ íå ïîëíîé âåðñèåé ìûñëåé, âûðàæàåìûõ â ïèñüìåííîì âèäå :). Ñåé- ÷àñ ñëó÷èëñÿ âòîðîé ñëó÷àé, òàê ÷òî ÿ ïîïûòàþñü âîñïîëíèòü ïðîáåë íåêîòîðîé èíôîé ïî òåìå. Êàê âîäèòñÿ, ýòî áóäóò ëèíêè íà ñàéòû íóæíîé íàì òåìàòèêè. Blacksun Áûëî áû íåëîãè÷íûì äàâàòü ëèíê íà ñòàòüþ, ðàñïîëîæåííóþ â åçèíå, äà è êî âñåìó ïðî÷åìó, òîé æå òåìàòèêè. Íî ÿ ïðîìåíÿþ ëîãèêó íà ïîëüçó ÷èòàòåëþ. Â ìàòåðèàëå òû íàéä¸øü ïîäðîáíûå ðàçúÿñíåíèÿ, íà ÷èñòîì àíãëèéñêîì ÿçûêå, ïî ðÿäó ôè÷ Ðèïïåðà, íå îïèñàííûõ â ñòàòüå. Ñ îäíîé ñòîðîíû, íå íàäî ëîìàòü Ïðîãà ïåðåáèðàåò ïàðîëè ê êîíêðåòíîìó ïîëüçîâàòåëþ. ×òîáû óêàçàòü ïîëüçîâàòåëÿ, íàäî ïîñëå “:” îòìåòèòü UID - íîìåð ïîëüçîâàòåëÿ: íîìåð ðàáî÷åé ãðóïïû. Ôàéëû â òåíè(shadow) unshadow passwd shadow Ôèøêà ïðîãè - âîññòàíàâëèâàåò ïàðîëè èç ðåæèìà shadow Ïîäîáðàííûå ïàðîëè john -show passwd Ïîêàçûâàåò óæå ïîäîáðàííûå ïàðîëè â óêàçàííîì ôàéëå. Ôàéëîäðîáèëêà john -w:wordlist -salts:10 passwd john -w:wordlist -salts:-10 passwd Åñòü äâà êîìïà? Ðóëåç! ×èñëî 10 - ýòî salts (êîëè- ÷åñòâî ïîòðåáíûõ ïàðîëåé). John The Ripper áóäåò ïîäáèðàòü ñ ïåðâîé ñòðîêè. Íà ïåðâîé ìàøèíêå áåðóòñÿ ïåðâûå 10 ïîëüçîâàòåëåé. Íà âòîðîé ïåðåáèðàþòñÿ âñå, êðîìå 10-òè ïåðâûõ. Øåëëû john -w:wordlist -rules -shells:sh,csh,tcsh,bash passwd Ïîäáîðêà ïàðîëÿ äëÿ þçåðà ñ øåëëîì. Íó, à åñëè òû õî÷åøü ñðàçó íåñêîëüêî ïàðîëåé, òî ïðîïèñûâàé ýòî: john -single passwd passwd1 passwd2 passwd1 - èìÿ ïåðâîãî ôàéëà passwd2 - èìÿ âòîðîãî ôàéëÿ Ìàëåíüêèå øàëîñòè Íàêðîïàëà òàêîé ñêðèïòèê: #include main () { struct passwd *p; while(p=getpwent ()) printf(“%s:%s:%d:%d:%s:%s:%s\n”, p- >pw_name, p->pw_passwd, p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); } Êîìïèëüíóëà åãî òàì æå: $ gcc unshad.c Çàáûëà äîáàâèòü îñòðåíüêîãî! Ýêñïëîéò Insecure... êàê ìîãëà??? Íó äà ëàäíî, òóäà æå êèíóëà, ñêîìïèëèðîâàëà, è òóò îíî ðîäèëî! ãîëîâó íàä ðîäíîé Openwall`îâñêîé äîêóìåíòàøêîé, ñ äðóãîé, îáíàðóæèøü âñå äîïîëíèòåëüíûå îïöèè. Èòàê, äóé íà http://blacksun.box.sk è ñëèâàé äîêó ïðî Johny the Ripperà Technotronic Íåñïðàâåäëèâî çàáûòûé æóðíàëîì ïðîåêò, ïîñâÿù¸ííûé security, ñ àêöåíòîì íà *nix áåçîïàñíîñòü. Êó÷à ýêñïëîéòîâ, íîâîñòåé, ñîáñòâåííûõ ðàçðàáîòîê è ëèíêîâ. Óäîáåí â íàâèãàöèè lynx`îéäà: îñíîâíîé ôàéë-àðõèâ áàçèðóåòñÿ íà FTP, à íå íà http, êàê â ñëó÷àå ñ Securityfocus èëè Packetstorm. SecurityWatch Ñàéò ïî áåçîïàñíîñòè, ïîðàçèâøèé ñåðü¸çíîñòüþ ïîäõîäà ê äåëó. Äîñòóï òû ïîëó÷èøü òîëüêî ïî ïðîõîæäåíèè õàëÿâíîé ðåãèñòðàöèè. Âñå îïåðàöèè ñ ñàéòîì ïðîâîäÿòñÿ êàê áû ÷åðåç ëîêàëüíûé ïðîêñè, êîòîðûé óñòàíàâëèâàåòñÿ ó òåáÿ âî âðåìÿ çàãðóçêè ñàéòà. Òî åñòü îáðàùåíèå çà èíôîé ê êëèåíòó òû äåëàåøü îòêðûòûì òåêñòîì íà ñâî¸ì êîìïå, à îòòóäà óæå çàïðîñ óõîäèò â êðèïòî íà ñåðâåð. Âî êàê! Î÷åíü óäîáíûé ïîèñêîâèê ïî óÿçâèìîñòÿì â ïîïóëÿðíûõ ñèñòåìàõ, äåìîíàõ, ñêðèïòàõ, ñåðâèñàõ. Åñëè âñïîìíèòü, ÷òî íàñ â ïåðâóþ î÷åðåäü èíòåðåñóåò *nix, òî ìîæíî îáëîìàòüñÿ: àêöåíò íà ÍÒ. Õîòÿ ðàññìîòðåíû äîñòàòî÷íî ðåäêèå áàãè äëÿ íåñòàíäàðòíûõ ïëàòôîðì - âðîäå AIX, Sparc HP-UX, etc.
Page 1:
w w w . x a k e p . r u Windows2000
Page 4 and 5: .::Íüþñû::. HiTech News 4 BugT
Page 6 and 7: HiTech News Äëÿ “ïÿòîé ò
Page 8 and 9: Âåñíîé ñòîëèöó îæè
Page 10 and 11: BUGTRAQ LonerX (lonerx@nettaxi.com)
Page 12 and 13: HARD NEWS ... Êîíñòàíòèí
Page 14 and 15: 9 155ËÀÇ 510 SideX (sidex@xakep.
Page 16 and 17: ïåðìåíû íå óñïåëè â
Page 18: Çàïàëèì îäíîãëàçîã
Page 22 and 23: Èìåé â âèäó, ÷òî êàæ
Page 24 and 25: Demoparty 2001 Çàïèñêè ïî
Page 26 and 27: Ñòàâèì íà ñ÷¸ò÷èê!
Page 28 and 29: Ýëåêòðîííûå íî÷è Â
Page 30 and 31: Íîâûå Ôîðòî÷êè ñòà
Page 32 and 33: Ñòàðûé, äîáðûé, íóæ
Page 34 and 35: Ïëàñòèêîâûé èíòåðí
Page 36 and 37: Ìèíóñû: Äîçâîí íå ñ
Page 38 and 39: Ðàáîòà íå âîëê, äí¸
Page 40: Èíòåðíåòå è ðàçîñë
Page 43 and 44: “Ñâàëêà” Èçíà÷àëü
Page 45 and 46: íóæíî, ïîðîé ñ ïðåä
Page 47 and 48: “Ìóðçèëêó” á ÷èòà
Page 50 and 51: Scriptkiddie ñ ìîëî÷íûìè,
Page 52 and 53: Àäìèíèñòðèð OZNOB Ýòî
Page 54: { fclose(file); WinExec(“regedit.
Page 60 and 61: ×òî òàêîå õàêåðñòâ
Page 62 and 63: Ìóòèì êðóòîé ñêðèï
Page 64 and 65: Îáîðîííûé êîìïëåêñ
Page 66: Òåïåðü ó òåáÿ åñòü
Page 69 and 70: Ñòàðûå çíàêîìûå ìî
Page 72 and 73: X-Life Õàêåðû íà ñëóæá
Page 74 and 75: HACK-FAQ Horrific (hack-faq@xakep.r
Page 76 and 77: Âîåííûé ñîôò êâàêå
Page 78 and 79: ÒÂÈÊÅÐÛ/ÐÅÄÀÊÒÎÐÛ Q
Page 80 and 81: àëåêñàíäð ‘2poisonS’
Page 82 and 83: Óðîæäåííàÿ Æàíð Ïî
Page 84 and 85: Èãðóøå÷íûå ñîëäàòè
Page 86 and 87: âðàòèò íåîæèäàííûå
Page 88 and 89: íûõ áîéöîâ. Ãðóçîâè
Page 90 and 91: Ëîìêà KodeMaster (cranyoblast@
Page 92 and 93: WWW M.J.Ash (m.j.ash@xakep.ru) www.
Page 94 and 95: Äàâíî ÿ ñîáèðàëñÿ ñ
Page 96 and 97: Opera 4.0b5 http://opera.online.no/
Page 98 and 99: FA Q FAQ (faq@xakep.ru) Âûó÷è
Page 100 and 101: Ïèñüìî: E-MAIL Îò: Àëåê
Page 102 and 103: ÈÍÒÅÐÂÜÞ èç-ïîä îäå
Page 104 and 105: Øèêàðíàÿ õàëÿâà äë
Page 106:
ÁÎÐÄÀ Â MSK èùåòñÿ “
show all

сишься, что левые трояны, вирусы и всякая про ... - Xakep Online

Create successful ePaper yourself

Delete template?

Save as template?