Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Safety testing Unix and Linux server entry succinctly     - Install Java, Maven, Tomcat under Linux (Linux)

- Linux system security Comments (Linux)

- ASM required disk format process in Solaris platforms (Linux)

- Restore Oracle Database Cold backup and database reconstruction emca (Database)

- Gentoo: startx appeared Failed to load module Problem Solving (Linux)

- 20 Top Linux commands (Linux)

- Ubuntu Froxlor Server Administration panel installation (Server)

- CentOS7 installed MySQL (Database)

- PostgreSQL query result area is removed and precision (Database)

- Iptables use examples (Linux)

- VirtualBox virtual machine can not start to solve under Ubuntu (Linux)

- Zabbix configuration external network mail alarm (Server)

- Install Krita 2.8 on Ubuntu 13.10 / 12.04 / 12.10 (Linux)

- Ubuntu 15.04 / 14.04 install Ubuntu After Install 2.6 (Linux)

- Use web2py + uWSGI + Nginx Web server built on Linux (Server)

- Configuration OpenOCD + FT2232 under Ubuntu (Linux)

- Shell script on the variables with double quotation marks grep small problem (Programming)

- Linux operating system ARP Spoofing Defense (Linux)

- Emacs install clojure development environment (Linux)

- Nginx Module Development - get user ip (Server)

  Safety testing Unix and Linux server entry succinctly
  Add Date : 2017-01-08      
  Despite trying to improve the security of the system design software for the server software engineers, however, due to the uneven level of system administrator or under safety awareness, often for hackers invasion opportunities.

In fact, every hacker has its own unique approach. Author for the invasion of the Web server data collection a lot, but because of the different realities, often resulting in the failure of many methods; Thus, the circumstances of each site is different, need to be treated differently intruder. Suppose Shenzhen line much better than Beijing's line, giving the dictionary exhaustive great convenience, users can rely on the Shenzhen advantage of online attacks password, as the user will need to give priority to Beijing's other way. For so many means of invasion, I refer to Mr. H ackalot the hacker community celebrity article to tell you about the basic steps of the invasion site.

Analysis of a portion of the home page was black stories can be found using the most keen to invader invasion Web server and FTP server, because it is relatively simple in two ways. Under assumes knowledge of UNIX systems and WEB SERVER did not understand the situation, the author gives the following steps.

First, learn to invade the system

Now used as a server on the network operating system to UNIX and Linux to the mainstream, if you want to invade these systems you must have an understanding of them.

Most of the DOS command for use on UNIX and Linux has a corresponding command (because the early development of dos draws UNIX), listed below when using SHELL account (shell account) some of the most important instruction corresponding dos instruction:







To see who are the department with r y the user can type WHO directives, to know a bit on the line y user's data, can I enter FINGER. These basic UNIX commands allow you to get your system is using y information.

Second, crack the code

In the UNIX operating system, all system users passwords are stored in a file, the files are stored in / etc this directory, its files will be called passwd. If the reader finds the work to be done is to get the password file in accordance with the above system, then you would be wrong. UNIX and Linux file p asswd under is special in it all account passwords have been recompiled (DES encryption method that is said before), and these are one-way password conducted compilation (one -way encrypted), that is to say there is no way you can decompile it (decrypt).

But still some of these programs can get the original password. I recommend to you to crack the code of a program "Cracker Jack", it is also a dictionary to use software for exhaustive dictionary file. First "Cracker Jack" would dictionary file compiled for each value, and then compiled with the password file content comparison, the same results will be reported without corresponding compiled code. This clever software to bypass the password can not be decompiled limits the use of exhaustive comparison of obtained passwords. Using this principle has many tools to get the password, readers can go to the network search it.

Third, get a password file

This is the most difficult part. Obviously, if the administrator there is then a password file, then of course he will not be there to let other people get comfortably. Invaders must find a good way to not get into the way the system password file. Here the author to introduce two methods, we can try, there is likely to be successful.

1.tc directory will not be locked in the FTP service, FTP client program can invade using anoymously anonymous account login, and then check the / etc / passwd whether anonymous permission is set to read, if you have to use immediately back down software decoding.

2. these systems, / cgi-bin directory will be a man named PHF file, any more than it would be convenient if preparing to invade on the server. Because PHF allows users of the site in the file system as read distal end, as far as the user can use the browser to fetch p asswd file, just type the URL in the browser address bar: http: //xxx.xxx .xxx / cgi-bin / phf? Qalias = x% 0a / bin / cat% 20 / etc / passwd, which is to invade xxx.xxx.xxx site name.

If both methods are not feasible, then the intruder must implement other way.

The second part, in some cases the intruder found the password file is X ,! or *, then the description of the password file has been locked, which is one of the means used by system administrators to strengthen security. However, the password file is completely hidden situation is not quite there. Under normal circumstances, there will not lock password file backup system, so the intruder can be used, such as: intruder usually find / etc / shadow directory or similar directory, see if you can find the backup password files .

Fourth, to establish their own shell account

After two or three two key steps intruder finally got the key password file and crack a password. You can now run the TELNET program, landing mainframe. When connected to the server the server will show you some of their own information, usually U NIX, linux, aix, irix, ultrix, bsd even DOS and VAX / Vms; then the Login prompt appears on the screen, then type come username and password to login. At this point the intruder can use their knowledge of UNIX do you like to do things.

Finally, do an analysis of a password file, the document reads as follows:

root: 1234aaab: 0: 1: Operator: /: / bin / csh

nobody: *: 12345: 12345 :: /:

daemon: *: 1: 1 :: /:

sys: *: 2: 2 :: /: / bin / csh

sun: 123456hhh: 0: 1: Operator: /: / bin / csh

bin: *: 3: 3 :: / bin:

uucp: *: 4: 8 :: / var / spool / uucppublic:

news: *: 6: 6 :: / var / spool / news: / bin / csh

audit: *: 9: 9 :: / etc / security / audit: / bin / csh

sync :: 1: 1 :: /: / bin / sync

sysdiag: *: 0: 1: Old System

Diagnostic: / usr / diag / sysdiag: / usr / diag / sysdiag / sysdiag

sundiag: *: 0: 1: System

Diagnostic: / usr / diag / sundiag: / usr / diag / sundiag / sundiag

tom: 456lll45uu: 100: 20 :: / home / tom: / bin / csh

john: 456fff76Sl: 101: 20: john: / home / john: / bin / csh

henry: AusTs45Yus: 102: 20: henry: / home / henry: / bin / csh

harry: SyduSrd5sY: 103: 20: harry: / home / harry: / bin / csh

steven: GEs45Yds5Ry: 104: 20: steven: / home / steven: / bin / csh

+ :: 0: 0 :::

Among them ":" into several fields, such as: tom: 456lll45uu: 100: 20: tomchang: / home / tom: / bin / csh means:

User Name: tom

Password: 456lll45uu

User No: 100

Group No: 20

Real Name: tom chang

Home Dir: / home / tom

Shell: / bin / csh

Readers can find more like nobody, daemon, sys, bin, uucp, news, audit, sysdiag, sundiag like password fields are *, that these account passwords are locked and can not be directly used.

It is noteworthy that many of the system after the initial installation will have some default account and password, which brings convenience to opportunistic hackers Here are some UNIX default account and password.


----------- ----------------

root root

sys sys / system / bin

bin sys / bin

mountfsys mountfsys

adm adm

uucp uucp

nuucp anon

anon anon

user user

games games

install install

reboot for "command login" use

demo demo

umountfsys umountfsys

sync sync

admin admin

guest guest

daemon daemon

Wherein the root mountfsys umountfsys install (there r also waiting sync) are all root-level account, that is, have sysop (system administrator) privileges.

Finally, it is necessary to introduce the UNIX log file. Many intruders do not want to invade your computer to track them, and that in the end how to do that.

System administrators rely mainly LOG systems, IP, and other information we often call log files to get traces of the invasion and the invaders came. Of course, some administrators use third-party tools to record invasive computer information here is mainly about general U NIX systems record invasion trace files.

There are several versions of UNIX systems, each system has a different LOG files, but most should have about the same storage location, the most common of these is the following location:

/ Usr / adm, earlier versions of UNIX;

/ Var / adm, newer versions use this position;

/ Var / log, some versions of Solaris, Linux BSD, Free BSD use this position;

/ Etc, most versions of UNIX utmp put on here, some of which also put wtmp on here, which is the syslog.conf position.

Here are some of the features of the document, of course, they compromised system according to differs.

acct or pacct, recording each command the user's record;

access_log, mainly used to run the server NCSA HTTPD, the log file what sites connected through your server;

aculog, holds you dial out MODEMS record;

lastlog, records the user's login record and the recent initial destination of each user, and sometimes ultimately unsuccessful landing record;

loginlog, recording some of the abnormal landing record;

messages, recorded record output to the system console, additional information is generated by the syslog;

security, recording a number of attempts to enter the system using UUCP to limit the scope of the case;

sulog, recording use the su command records;

utmp, records currently logged into the system for all users, this file along with the user to enter and leave the system and changing;

utmpx, UTMP expansion;

wtmp, record user login and logout events;

syslog, the most important log files, use the syslogd daemon to obtain.

Log information:

/ Dev / log, a UNIX domain socket, accept message processes running on the local machine generated;

/ Dev / klog, a device receiving a message from the UNIX kernel;

514 port, a socket INTERNET accept other machines produced by UDP syslog message;

Uucp, UUCP recorded information can be updated locally UUCP activity, may also have to modify the action initiated by the remote site, including the issue of information and receive calls, requests, sent by the sender, the transmission time and the sending host;

lpd-errs, Printer fault log information;

ftp logs, ftpd perform with the -l option to obtain the record;

httpd logs, HTTPD server records every WEB access record in the log;

history log, the file contains the user's most recent recording input commands;

vold.log, error records when using an external media encounter.

The above description about the invasion of the main steps in the server, it should now readers have some basic understanding of the. It should be stressed again if the reader is a lack of understanding of the UNIX system, then it is absolutely impossible to grasp it.
- Variables Python variables (Programming)
- Secondary exponential smoothing prediction method implemented in Python (Programming)
- Shorewall firewall settings under Ubuntu (Linux)
- Video editing captions under Linux (Linux)
- Learning UNIX good habits (Linux)
- Machine Learning: Classification of the curse of dimensionality (Programming)
- HTTP and FTP TCP-FLOOD CC Attacks Analysis and Prevention solutions under CentOS 6.5 (Linux)
- SQL statement to repair SQL Server database (Database)
- ssh port forwarding Comments (Server)
- Ubuntu arm-none-eabi-gcc compiler treated with STM32F10x (Linux)
- Oracle study notes view (Database)
- Shell Scripting early experience (Programming)
- Compare Several MySQL environmental issues (Database)
- Keepalived + Nginx Installation and Configuration (Server)
- About phpwind 5.01-5.3 0day analysis of the article (Linux)
- Extended VMware Ubuntu root partition size (Linux)
- Linux password file security issues detailed usage (Linux)
- Packages with Snort intrusion monitoring light (Linux)
- MongoDB 3.2 to upgrade from 3.0.7 (Database)
- Security Configuration SQL Server 2000 database tutorial (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.