Professional Documents
Culture Documents
Attack Webserver OmniHTTPd
Attack Webserver OmniHTTPd
07 :
Chao cac ban! hom nay toi lai gioi thieu tiep voi ban cach Attack mot Webserver
OmniHTTPd v2.07.
Lo hong thu nhat: Lo hong thu nhat cho phep cac Hacker co pha hong bat cu mot file
nao tren Webserver....Dan den nhieu hau qua nghitoi trong. Neu nhu cac Hacker co
the biet duoc chinh xac vi tri file ma minh can pha hoai. Gia su ban da co trong ta
doan Code cua "Joe Testa". Ban ra DOS go:
perl omnismash.pl localhost 80 -corrupt duong_dan_file_can_pha_huy
Dong lenh tren se pha hong file autoexec.bat tren Webserver...Ban co the tu do pha
huy cac file khac neu nhu ban biet chinh xac vi tri cua no.
Lo hong bao mat thu hai: Cac Hacker co the sua doi noi dung file stats.pl bang doan
Script co san. Tat nhien la viec nay co ich cho viec Attack roi, chang ai thua com ma
di sua lung tung ca. Ban ra DOS go:
perl omnismash.pl localhost 80 -inject duong_dan_cua_file_stats.pl
De lam duoc dieu nay ban phai biet chinh xac vi tri cua file stats.pl....Neu nhu
OmniHTTPd duoc Setting o che do Default thi duong dan cua no co the la c:\httpd\cgi-
bin ...Noi chung cai nay thi con tuy Server, tuy Admin....
Neu thanh cong, file stats.pl da duoc thay the. Ban khoi dong Browser cua minh trong
Form Address go http://localhost/cgi-bin/stats.pl?|dir thi ban se nhin thay duoc cac file
trong trong thu muc cgi-bin. P..h..u vay la ban da Hack song mot Webserver Omni
HTTPd roi do. Bua no toi len mang kitoi duoc duoc mot dia chi goi Bug Web (dai loai la
cac trang Web bi dinh Bug...chuyen dung de cho cac Hacker moi vo nghe thuc hanh
duoi day la dia chi cua no)
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].java.server.txt
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].hsweb.root.exposu
re.txt
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].sedum.txt
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].bibliowebserver.txt
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].picserver.txt