The Most Basic Understanding to Become a Hacker - Part 5

31. What is the TCP / IP packet?

TCP / IP stands for Transmission Control Protocol and Internet Protocol, a TCP / IP packet that is a compressed data block, then attaches a header and sends it to another computer. This is the way the internet transmits, by sending packets. The header in a packet contains the IP address of the sender of the packet. You can rewrite a packet and make it in the same as coming from another person !! You can use this to find ways to access many systems without being caught. You will have to run it on Linux or have a program that allows you to do this.

32. What is Linux:

In the original sense, Linux is the kernel of the OS. Multiply is a piece of software that is responsible for communicating between computer programs and hardware. The Linux kernel is not yet an operating system, so the Linux kernel needs some help. Must link to applications written by GNU to create a complete operating system: Linux OS. This is also why we see GNU / Linux when it comes to Linux.

Next, a company or organization stands out to package these products (Multiply and Application) and then fixes some configurations to bring the identity of the company / organization and make the installer part. set (Installation Process) for the Linux set, we have: Distribution. Distributions vary in the number and type of software that is packaged as well as the installation process, and versions of Multiply. Some of the major distributions of Linux are: Debian, Redhat, Mandrake, SlackWare, Suse.

33. Basic commands to know when using or accessing a Linux system:

• Man command: When you want to know which command to use, you can use this command:
• Command structure: $ man.
• Example: $ man man
• The "uname" command: tells us the basic information about the system
• For example: $ uname -a; It will give the following information: Linux gamma 2.4.18 # 3 Wed Dec 26 10:50:09 ICT 2001 i686 unknown
• Action id: view current uid / gid (view current group and name)
• The w: command looks at the logged users and their actions on the system.
• Example: $ w it will give the following information: 10:31 pm up 25 days, 4:07, 18 users, load average: 0.06, 0.01, 0.00
• Ps command: view process information on the system
• Example: $ ps ax
• Cd command: you want to move to the right directory thanks to this command.
• For example: $ cd / usr / bin ---- & gt; It will take you to the bin directory
• Mkdir command: create a directory.
• For example: $ mkdir / home / convit --- & gt; It will create a convit directory in / home
• The rmdir command: remove the directory
• For example: $ rmdir / home / conga ---- & gt; It will remove the conga directory in / home.
• The ls command lists the contents of the directory
• For example: $ ls -laR /
• The printf command: prints the formatted data, just like using printf () of C ++.
• For example: $ printf% s "x41x41x41x41"
• The pwd command gives the current directory
• Example: $ pwd ------ & gt; It will tell us where our current location is / home / level1
• The command: cp, mv, rm means: copy, move, delete file
• For example, with the command rm (del): $ rm -rf / var / tmp / blah ----- & gt; it will del blah file.
• Do the same for cp, mv commands.
• Find command: search for files, directories
• For example: $ find / -user level2
• Grep command: search engine, simplest usage: grep "something"
• For example: $ ps axuw | grep "level1"
• Strings: prints all the printable characters in a file. Use it to find sequence declarations in the program, or system calls, which may even find passwords
• For example: $ strings / usr / bin / level1
• The strace (linux) command calls system and signal functions, which are extremely useful for tracking the flow of a program, the fastest way to determine which program is defective. On other unix systems, the equivalent tool is truss, ktrace.
• For example: $ strace / usr / bin / level1
• Command "cat, more": print the contents of the file to the screen
• $ cat / etc / passwd | more - & gt; It will give you the fastest passwd file.
• $ more / etc / passwd ---- & gt; It will pass through the passwd file gradually.
• The hexdump command: prints the corresponding values ​​in ascii, hex, octal, decimal of the input data.
• For example: $ echo AAAA | hexdump
• Commands: cc, gcc, make, gdb: tools for compiling and debugging.
• Example: $ gcc -o -g bof bof.c
• For example: $ make bof
• Example: $ gdb level1
• (gdb) break main
• (gdb) run
• The perl command: a language
• For example: $ perl -e 'print "A" x1024' | ./bufferoverflow (Buffer overflow error when typing 1024 characters)
• The "bash" command: It's time to automate your tasks with a shell script, powerful and flexible. Want to learn about bash, see how it works: $ man bash
• Command ls: View directory contents (List files in directory).
• Example: $ ls / home ---- & gt; will show all the files in the Home folder
• $ ls -a ----- & gt; Show all files, including hidden files
• $ ls -l ----- & gt; give out information about files
• Command to output data to a file:
• For example: $ ls / urs / bin & gt; ~ / convoi ------ & gt; Write data showing the information of the bin directory to a convoi file.

34. Basic insights around Linux:

a. Some important directories on the server:

• / home: where the user files are stored (eg, the system login named convit will have a / home / convit directory)
• / bin: Where to handle basic Unix commands needed such as ls.
• / usr / bin: The place to handle other special commands, commands used by special users and system administrators.
• / bot: where the kernel and other files are used at startup.
• / ect: Network activity files, NFS (Network File System) Mail (This is the most important place we need to exploit the most)
• / var: admin files
• / usr / lib: Standard libraries like libc.a
• / usr / src: The source location of the programs.

b. The file location contains passwd of several different versions:

CODE
AIX 3 / etc / security / passwd! / Tcb / auth / files //
A / UX 3.0s / tcb / files / auth /? / 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com
1. com text: some text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel- 2016-200.jpg tmp03.html tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www.microsoft.com www.securityfocus.com
ConvexOS 10 / etc / shadpw 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt news.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg tmp03.html tmp02.html tmpdesign.txt tmpdesktop.txt www.microsoft.com www.securityfocus.com
ConvexOS 11 / etc / shadow 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt news.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg tmp03.html tmp02.html tmpdesign.txt tmpdesktop.txt www.microsoft.com www.securityfocus.com
DG / UX / etc / tcb / aa / user / 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft .net -mp162.html txt wm.AzSoft.com www.mailenable.com www.microsoft.com www.securityfocus.com
EP / IX / etc / shadow x
HP-UX /.secure/etc/passwd 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: some text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016 -200.jpg tmp03.html tmp02.html tmpdesign.txt tmpdesktop.txt .AzSoft.com www.mailenable.com www.microsoft.com www.securityfocus.com
IRIX 5 / etc / shadow x
Linux 1.1 / etc / shadow 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt news.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg tmp03.html tmp02.html tmpdesign.txt tmpdesktop.txt www.microsoft.com www.securityfocus.com
OSF / 1 /etc/passwd[.dir|.pag] 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img .AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu -excel-2016-200.jpg tmp03.html tmp02.html tmpdesign.txt tmpdesktop.txt transresult.txt wm.AzSoft.com www.mailenable.com www.microsoft.com www.securityfocus.com
SCO Unix # .2.x / tcb / auth / files //
SunOS4.1 + c2 /etc/security/passwd.adjunct ## username
SunOS 5.0 / etc / shadow
System V Release 4.0 / etc / shadow x
System V Release 4.2 / etc / security / cache / config / etc .etf /etc/security/namespace.d/etc/security/namespace.init / etc / security / opasswd /etc/security/pam_env.conf /etc/security/sepermit.conf /etc/security/time.conf database
Ultrix 4 /etc/auth[.dir|.pag] 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-listening? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img. AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt news.txt news t-142619 testimg2-0.jpg testimg2.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu- excel-2016-200.jpg tmp03.html tmp02.html tmp03.html tmp2.html tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt tmpdesktop.txt .txt wm.AzSoft.com www.mailenable.com www.microsoft.com www.securityfocus.com
UNICOS / etc / udb 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe? P = 1 en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label: Some Text link_original.txt link .txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02 .html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable. com www.microsoft.com www.securityfocus.com

35. Exploit Linux through WU-FTP server vulnerabilities:

WU-FTP Server (developed by University of Washington) is an FTP server software that is used on Unix & Linux systems. Linux (all Distributors: Redhat, Caldera, Slackware, Suse, Mandrake ...) and Windows ..., hackers can execute their commands remotely via globbing files by overwriting to file on the system.

However, exploiting this error is not as easy as it must meet the following conditions:

Must have an account on the server.
Shellcode must be set into the process memory of the server.
Must send a special FTP command containing a special sample globbing without being detected by the server in error.
Hackers will overwrite a Function, Code to a Shellcode, which may be executed by the FTP Server itself.

Let's analyze the following example of overwriting FTP server files:

CODE
ftp & gt; open localhost & lt; == command to open the page with errors.
Connected to localhost (127.0.0.1).
220 sasha FTP server (Version wu-2.6.1-18) ready & lt; == Successful FTP server access.
Name (localhost: root): anonymous & lt; == Enter this place name
331 Guest login ok, send your email address complete as password.
Password: ......... .. & lt; == enter password here
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Dùng binary mode để chuyển đổi tập tin. & lt; == use binary variables to convert files.
ftp & gt; ls ~ {& lt; == command to list the current directory.
227 Entering Passive Mode (127,0,0,1,241,205)
Service 421 not available, máy phục vụ đã đóng kết nối
1405 1 S 0:00 ftpd: accepting connections on port 21 ç accept connection at port 21.
7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd
26256 1 S 0:00 ftpd:
sasha: anonymous / aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
26265 tty3 R 0:00 bash -c ps ax | grep ftpd
(gdb) at 26256
Attaching to program: /usr/sbin/wu.ftpd, process 26256 & lt; == exploit Wu.ftpd error.
Symbols đã được nạp cho /lib/libcrypt.so.1
Symbols đã được nạp cho /lib/libnsl.so.1
Symbols đã được nạp cho /lib/libresolv.so.2
Symbols đã được nạp cho /lib/libpam.so.0
Symbols đã được nạp cho /lib/libdl.so.2
Symbols đã được nạp cho /lib/i686/libc.so.6
Symbols đã được nạp cho /lib/ld-linux.so.2
Symbols đã được nạp cho /lib/libnss_files.so.2
Symbols đã được nạp cho /lib/libnss_nisplus.so.2
Symbols đã được nạp cho /lib/libnss_nis.so.2
0x40165544 in __libc_read () from /lib/i686/libc.so.6
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
__libc_free (mem = 0x61616161) at malloc.c: 3136
3136 in malloc.c

The exploit through this error so far my test is still not successful (do not know where to do wrong). So you can do post to you know.

There are very few Linux flaws (especially for Redhat), so please wait if there is a new bug, then the "Security hole" will update immediately. How to exploit them, the manager of the party, especially Leonhart, he is very diligent to answer you.

(Based on the article by brother Binhnx2000)

36. Learn about SQL Injection:

SQL Injection is one of the most popular web hacking methods available today. By injecting the SQL query / command into the input before passing it to the web application, you can login without the username and password, execute the remote command, capture the data, and get root of the SQL server. The tool used to attack is any web browser, such as Internet Explorer, Netscape, Lynx, ...

You can find faulty Web sites by using search engines to find pages that allow you to submit data. Some Web sites pass parameters through hidden areas so you have to view the new view. Let's define this page using Submit data by looking at the code that we have viewsource:

CODE

& lt; input type = hidden name = A value = C & gt;

Check whether the Web site has this error or not by entering the login and pass the following steps:

- Login: hi` or 1 = 1--
- Pass: hi or 1 = 1--

If you do not try the following login and pass:

CODE

or 1 = 1--
`` or 1 = 1--
or 1 = 1--
or `a` =` a
`` or `` `` `` `` `a
`` or (`a` =` a

If successful, you can login without knowing your username and password.

This error is related to the query, so if you have ever learned the database can be easily exploited just by typing the query command in your browser. If you want to find out more about this error can find the article of vicky group to learn more.

37. One example of Web hacking through admentor errors (A type of SQL Injection error):

First you go to google.com find admentor web page by keyword "allinurl: admentor".

Usually you will get the following results:

http://www.someserver.com/admentor/admin/admin.asp

You try to enter "` or `` = `" into login and password:

CODE

Login: `or` `` `

Password: `or` `` `

If you are successful, you will be able to access the Web as an admin.

Let's find out how to fix this error:

Filter the special characters like "` `~" by entering the following code javascrip:

CODE
function RemoveBad (strTemp)

strTemp = strTemp.replace (/ & lt; | & gt; | `| |` |% |; | (|) | & amp; | + |
- / g, `` ``);
return strTemp;

And call it from within the asp's script:

CODE
var login = var TempStr = RemoveBad
(Request.QueryString (`` login``));
var password = var TempStr = RemoveBad
(Request.QueryString (`` password``));

So we fixed the error.

You can apply this hack to other Web sites that submit data, you test it out, the Web site in Vietnam is very much, I have earned quite pass admin by this test. (but also let them fix it).

There are many pages when login is not equal to `` or `` = '' but by the actual nick name registered on the site, we link to the "member" nickname of an admin to test offline.

Hack happily.

In part 6, I will cover the DoS attack, a kind of attack that has made the Web as powerful as our HVA gets blocked in the short run. Drink coffee without supervision. Attached are the methods of DoS attacks that have been used.

GOOKLUCK !!!!!!!!!!!!!!!!!!!!

(End of Part 5) - TG: Anhdenday

The Most Basic Understanding to Become a Hacker - Part 4
The Most Basic Understanding to Become a Hacker - Part 3
The Most Basic Understanding to Become a Hacker - Part 2
The Most Basic Understanding to Become a Hacker - Part 1