·¹º§ ÇØÅ·

 2844, 1/143 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   Mastel
   level4 ¸¦ ¾ó¶³°á¿¡ ²£½À´Ï´Ù. Áö½ÄÀ» ³ª´²ÁÖ¼¼¿ä ¤Ð¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=3225 [º¹»ç]


Á¶±Ý ±é´Ï´Ù. Á˼ÛÇÕ´Ï´Ù. µµ¿ÍÁÖ¼¼¿ä. °Ë»öÀ» Á» ÇغÁµµ Á¦°¡ ¿øÇÏ´Â ´äÀ» ±¸Çϱâ Èûµé´õ±º¿ä ¤Ð


Àü óÀ½¿¡ ¹®Á¦¸¦ ²£À» ¶§ finger ¼­ºñ½º°¡ ÀÌ¹Ì standalone »óÅ·Π½ÇÇàµÇ°í ÀÖ°í
°Å±â¼­ finger @localhost À» ½ÇÇàÇÏ¸é ¼öÆÛµ¥¸óÀ» ÅëÇؼ­ finger°¡ ´Ù½Ã ÀÛµ¿Çؼ­
¼­¹ö¿¡ Á¢±ÙÇÏ·Á ÇÏ´Ï backdoor(my-pass) ¸¦ level5 ±ÇÇÑÀ¸·Î ½ÇÇàÇÏ°Ô µÇ¾î¼­ ÇØ°áµÇ´Â ÁÙ ¾Ë¾Ò½À´Ï´Ù.
(ÇöÀçµµ ¼ÖÁ÷È÷ Á» Çò±ò¸³´Ï´Ù.)

±Ùµ¥ ±×·¸°Ô »ý°¢ÇÏ¸é ¹º°¡ ¸»ÀÌ ¾ÈµÇ´õ±º¿ä.

±×·¡¼­ finger ¼­ºñ½º°¡ standalone »óÅ·Π½ÇÇàµÇ°í ÀÖ´Ù´Â °Ç ¾Æ´Ï¶ó°í ´ÜÁ¤Áö¾î¹ö·È½À´Ï´Ù;

finger À¯Àú@localhost ¶ó°í Ä¡¸é localhost ÀÚ°ÝÀ¸·Î(?) À¯ÀúÀÇ Á¤º¸¸¦ ã±â À§ÇØ ¼­¹ö¿¡ Á¢±ÙÇؼ­(true) Á¤º¸¸¦ Ãâ·ÂÇϱâ À§ÇØ backdoor(my-pass) ¿¡ Á¢±ÙÇÏ°í localhost ÀÚ°ÝÀ¸·Î level5 ÀÇ my-pass°¡ ½ÇÇàµÇ´Â °É·Î »ý°¢Çß½À´Ï´Ù.


Á¦°¡ »ý°¢ÇÑ °Ô ¸Â´Â °Ç°¡¿ä?
  Hit : 2379     Date : 2011/07/23 11:58


    
´¾´¾ Èì.. ±×³É backdoor ¶ó´Â ÇÁ·Î±×·¥ ÀÚü¸¦ ½ÇÇàÇϴ°ſ¡¿ä

¿¹¸¦µé¾î¼­
a.c ÀÇ ³»¿ëÀÌ ´ÙÀ½°ú °°´Ù°íÇßÀ»‹š
#include <stdio.h>
main()
{
printf("Backdoor Activated\n");
}
gcc -o backdoor a.c ¸¦ ÇØÁֽøé
backdoor ¶ó´Â ÇÁ·Î±×·¥ÀÌ »ý¼ºµÇÁÒ?
À̶§ finger @localhost
¸¦Çغ¸½Ã¸é ÀÌÇØ °¡½Ç°Å¿¡¿ä


Èì.. ¿øÇÏ½Ã´Â°Ô ÀÌ°Ô ¸Â³ª¿ä?		 2011/07/24  
pwn3r [level4@ftz xinetd.d]$ cat backdoor
service finger
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = level5
server = /home/level4/tmp/backdoor
log_on_failure += USERID
}

[level4@ftz xinetd.d]$ cat finger
# default: on
# description: The finger server answers finger requests. Finger is \
# a protocol that allows remote users to see information such \
# as login name and last login time for local users.
service finger
{
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/in.fingerd
disable = yes
}

/etc/xinetd.d/ ¿¡ ÀÖ´Â backdoor °ú fingerÀ̶õ ÆÄÀÏÀ» ¿­¾îº»°Çµ¥¿ä,
º¸½Ã¸é µÎ ÆÄÀϸðµÎ finger ¼­ºñ½º¸¦ Á¤ÀÇÇÏ°í Àִµ¥ ¸®´ª½º¿¡¼­ ±âº»ÀûÀ¸·Î »ç¿ëÇÏ´ø finger service´Â disableµÇÀֱ⠶§¹®¿¡ , backdoor¶ó´Â ÆÄÀÏ¿¡¼­ Á¤ÀÇÇÑ finger¼­ºñ½º°¡ ½ÇÇàµË´Ï´Ù.
finger¼­ºñ½º´Â Á¢¼ÓÀ» ¹ÞÀ¸¸é level5 userÀÇ ±ÇÇÑÀ¸·Î /home/level4/tmp/backdoor¸¦ ½ÇÇàÇϱ⶧¹®¿¡ backdoor¶ó´Â ÇÁ·Î±×·¥À» ¸¸µé¾îµÎ°í finger ¼­ºñ½º°¡ »ç¿ëÇÏ´Â Æ÷Æ®¿¡ Á¢¼ÓÇϸé backdoor¶ó´Â ÇÁ·Î±×·¥ÀÌ ½ÇÇàµÇ°Ô µË´Ï´Ù.		 2011/07/24  
Mastel ´¾´¾/pwn3r

µÎºÐ ´äº¯ °¨»çµå¸³´Ï´Ù. È®½ÅÀÌ »ý°å³×¿ä ¤¾¤¾		 2011/07/24  
2844   hack the box vpn ¼³Ä¡°¡ ¾È µË´Ï´Ù[2]     jyk5350
 07/16 1845
2843   ¿ö°ÔÀÓ¿¡¼­ ½ÇÁ¦ ÇÁ·ÎÁ§Æ®±îÁö À̾îÁö´Â °úÁ¤¿¡ °ü·ÃµÈ Áú¹®[2]     junhee329
 04/28 1579
2842   ftz Á¢¼Ó °ü·Ã[1]     pk2861
 04/01 1956
2841   level8ÀÇ ÈùÆ®ÆÄÀÏ ÈѼÕ[2]     MunHue
 06/05 2184
2840   ·¹º§1ÀÇ /bin/bash ¸í·É¾î....     MunHue
 05/15 2337
2839   ftz level4¿¡¼­ finger¸í·É¾î     krimson701
 04/20 2452
2838   /bin/bash¿¡ °üÇؼ­[3]     MunHue
 04/19 2535
2837   FC10 3¹ø ¹®Á¦ Áú¹®ÀÔ´Ï´Ù.[2]     tjdalstjr938
 04/02 2557
2836   ftzÀÌ ¾ÈµÇ¿ä¤Ð¤Ð¤Ð¤Ð¤Ð[1]     ersd145
 04/13 3213
2835   fedora core4 cruel Áú¹®[4]     vngkv123
 03/29 2660
2834   Fedora core4...[3]     vngkv123
 03/28 2670
2833   lob evil_wizard...[2]     vngkv123
 03/27 2324
2832   lob gremlin....[1]     vngkv123
 03/22 3700
2831   ftz level11 Áú¹®[1]     vngkv123
 03/19 2385
2830   pwnable.kr passcode¹®Á¦ Áú¹®...[3]     vngkv123
 03/14 2395
2829   ¿ö°ÔÀÓ Á¢ÇÒ ¼ö ÀÖ´Â »çÀÌÆ® ¾Ë·ÁÁÖ¼¼¿ä.[2]     ¿À¼Ò¸®
 02/23 3939
2828   ¿ö°ÔÀÓ ±â¹Ý Áö½Ä¿¡ °üÇÑ Áú¹®[1]     salangi11
 02/22 2284
2827   ftz Ç®±âÀ§ÇØ ÇÊ¿äÇÑ Áö½ÄÀÌ ±Ã±ÝÇÕ´Ï´Ù.[1]     read1516
 01/13 2696
2826   Lob[1]     km1434
 12/20 2477
2825   FTZ level4 ½© ¶ç¿ì´Â ¹®Á¦      kimstz0
 10/09 2909
1 [2][3][4][5][6][7][8][9][10]..[143]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org