::: ´ÙÀ½Àº À̹ø Á¦ 1ȸ Hacking The Linux Contest¿¡¼­ 5À§¸¦ Â÷ÁöÇÑ  Jay Park ´ÔÀÇ °ø°Ý º¸°í¼­ÀÔ´Ï´Ù. :::

<The following report of "1st Hacking the Linux Server Contest">  

 

 

 

[walwal@localhost /]$ /sbin/ifconfig -a
.
.
.
[Snip]
eth1 Link encap:Ethernet HWaddr 00:EE:B1:03:B2:B5
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
~~~~~~~~~~~
.
.
.
[Snip]

 



// ifconfigÀÇ -a ¿É¼ÇÀ¸·Î º¸´Ï±ñ ¸¶Ä¡ N.A.T Network À» ¿¬»ó½ÃÅ°´ÂµíÇÑ
eth1 ·£Ä«µåÀÇ ³»ºÎ IP AddrÀÌ ³ªÅ¸³µ´Ù

 

 

[walwal@localhost /]$ w | grep root
root pts/9 192.168.0.2 6:29pm 3.00s 0.90s 0.01s more

 



// ¿ª½Ã³ª ¼øÂ÷ÀûÀÎ 1, 2, 3 À¸·Î ³ª°¥°ÍÀ¸·Î ¿¹»óÇÏ¿´´ø ´ë·Î root °¡ Á¢¼ÓÇÑ °æ·Î´Â .2 IP Addr À̾ú´Ù

 

 

[walwal@localhost walwal]$ nmap -F -P0 192.168.0.2

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Warning: You are not root -- using TCP pingscan rather than ICMP
Interesting ports on (192.168.0.2):
(The 1095 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
5000/tcp open fics

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

[walwal@localhost /]$ ping -c 1 192.168.0.2
PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=128 time=0.303 ms

--- 192.168.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% loss, time 0ms
rtt min/avg/max/mdev = 0.303/0.303/0.303/0.000 ms

 


Æ÷Æ® ½ºÄ³´× ¹× ÇÎÀ» º¸³»¼­ TTL Value¿Í Opened Port¿¡ ´ëÇÑ Á¤º¸¸¦ ¾Ë¾Æº¸¾Ò´Ù

´ç¿¬, Windows SystemÀ¸·Î È®½ÅÀ» Áö¾ú°í Æ÷Æ®µé¿¡ ´ëÇÏ¿© ´«¿©°Ü º¸¾Ò´Ù


 

[guta@localhost /]$ telnet 192.168.0.2 5000
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 400 Bad Request

Connection closed by foreign host.

 




5000 Æ÷Æ®°¡ ¸¶Ä¡ À¥ °°¾Æ¼­ Ȥ½Ã³ª ÇÏ´Â ¸¶À½¿¡
Unicode ¹× ¿©·¯ CGI °ø°ÝÀ» ÇÑ °á°ú ¾Æ¹«·± ¹ÝÀÀÀÌ ÀϾÁö ¾Ê¾Æ ¾Æ½¬¿ü½À´Ï´Ù [;
±×¸®°í 135 and 139 Æ÷Æ®·Î DoS °ø°ÝÀ» ÇÏ·Á´Ù°¡ È¥³¯ °Í °°¾Æ¼­ ¾ÈÇß½À´Ï´Ù [=
À̺¸´Ù ´õ ³ª¾Æ°¡¼­ Ternimal Service »ðÁú µîµîµµ »ý°¢ÇØ º¼¸¸ Çϳª
½Ã°£ÀÌ ¿©À¯Ä¡ ¾Ê´Â °ü°è·Î Á¢°í, ´õ ³ª¾Æ°¥ ¼ö Àִٴ°͸¸ ¾Ë¾ÆÁÖ¼ÌÀ¸¸é ÇÏ´Â ÀÛÀº ¹Ù·¥°ú ¾î¸°¾çÀÇ ¼Ò¸ÁÀÌ ÀÖ±º¿ä =.-

 

 

[guta@localhost /]$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
211.215.55.192 0.0.0.0 255.255.255.192 U 40 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 211.215.55.193 0.0.0.0 UG 40 0 0 eth0
~~~~~~~~~~~~~~

[guta@localhost /]$ telnet 211.215.55.193
Trying 211.215.55.193...
Connected to 211.215.55.193.
Escape character is '^]'.


----------------------------------------------------------------------
RS 3000 System Software, Version 9.1.0.0
Copyright (c) 2000-2002 Riverstone Networks, Inc.
System started on 2002-08-12 00:43:17
----------------------------------------------------------------------


Press RETURN to activate console . . .

 



¿©±â´Ù°¡ DoS¸¦ ÇÑ´Ù¸é ¿ª½Ã³ª ´ëȸ¿¡ Â÷ÁúÀÌ »ý±â°ÚÁÒ
º°°Å ¾Æ´Ñ°ÅÁö¸¸ Çѹø ½áº¾´Ï´Ù

±×¸®°í /server/Apache/proxy ¾È¿¡ nobody °ü·Ã ¹éµµ¾î¸¦ ¸¸µé°í
file nameÀ» Á¦ NickName°ú S/N À¸·Î Çصξú¾úÁÒ

ÇÏÁö¸¸, ¾Æ¹«³ª ´Ù µû´Â nobody ±ÇÇÑ ¹¹Çմϱî ^^
(¼ÖÁ÷È÷, »óÇ°±Ç Çϳª ¹Þ°í ½Í¾î¼­ ¹ß¹öµÕ Ĩ´Ï´Ù ^^;;;)

±×³É ±×·¨¾ú½À´Ï´Ù;;

¶ÇÇÑ, ù¹ø° ÷ºÎÇÏ´Â »çÁøÀº º¸½Ã¸é ¾Æ½Ã°ÚÁö¸¸ [÷ºÎ]
bbs °èÁ¤ Å͹̳ΠÆÄÀÏ Æ۹̼ÇÀÌ ÁÁÁö ¾Ê´Ù´Â ¾ÆÁÖ ÀÛÀº ¹ö±×ÀÔ´Ï´Ù
¹ö±×¶ó°í Çϱ⿡µµ ¹¹ÇÏÁÒ

±×¸®°í µÎ¹ø° ÷ºÎÇÏ´Â »çÁøÀº ---> [÷ºÎ]

VCS ¾Õ¿¡ À̴ϼÈÀ» µû¼­ »ý°¢ÇÏ´Ù°¡ /dev/vcs ÆÄÀÏÀ» ¹ß°ßÇÏ°í
À¯Àú°¡ vcsa ¶ó¼­ /etc/passwd ÆÄÀÏ¿¡¼­ ã¾Æº¸°í
¾Æ¹«·¡µµ ÀÌ·¸°Ô ½±°Ô ³Ñ¾î°¥ °Í °°Áö°¡ ¾Ê´Ù »ý°¢ÇÏ¿©
ls -la /dev/vcs* ·Î ãÀº ÆÄÀÏ Áß vcs1 Æ۹̼ÇÀÌ 624 ¶ó¼­
°ü¸®ÀÚ È­¸é(?@)ÀÇ ³»¿ëÀ» º¸¾Ò½À´Ï´Ù
ls -la /dev/vcs* È­¸éÀº ±¦È÷ Çß´Ù°¡ ĸÃçÇÑ È­¸éÀÌ Á¶ÀâÇØÁú±îºÁ
ĸÃçÇÑ È­¸é»ó¿¡´Â °£´ÜÇÏ°Ô Ç¥½ÃÇÑ°ÍÀÌ´Ï ÀÌÇØÇØÁֽñ⠹ٶø´Ï´Ù.

 

 

** ÀÔ»óÀÚ¿¡°Ô ÇѸ¶µð!! **

 

 

indra : ´Ï³×ȸ»ç ¶ó¿ìÅÍ´Â °Ç°­ÇÏ´Ï?-_-; ÇÏÇÏÇÏ -_-;; À½... Àß ºÃ´Ù... .
Jay Park : ¶ó¿ìÅÍ´Â Çϳª·Î Åë½Å¿¡ ¿¬¶ôÇؼ­ t1 t3 ·Î ¿Ã·Á´Þ¶ó±¸ ÇØ =.- À½ÈÑ~ .
TheHP : À¸ÇäÀ¸Çä ¤Ñ¤Ñ .

 

 

À̸§ :   ³»¿ë :