Chao cac ban! hom nay toi lai gioi thieu tiep voi ban cach Attack mot Webserver OmniHTTPd v2.07.
OmniHTTPd la mot Webserver chay tren nen OS Win95/97/98/NT/2K. Den Version 2.07 thi bi "Omnicron Technologies Corporation was notified via" phat hien ra 2 lo hong bao mat kha tram trong. OK! bay gio chung ta bat dau trao doi va tim hieu ve 2 lo hong nay xtoi no tram trong ra sao? Dau tien tren may ban phai co cai Perl (Pratical Extraction And Reporting Language), va can phai tai doan Code cua "Joe Testa" de khai thac 2 lo hong bao mat nay.
Lo hong thu nhat: Lo hong thu nhat cho phep cac Hacker co pha hong bat cu mot file nao tren Webserver....Dan den nhieu hau qua nghitoi trong. Neu nhu cac Hacker co the biet duoc chinh xac vi tri file ma minh can pha hoai. Gia su ban da co trong ta doan Code cua "Joe Testa". Ban ra DOS go:
perl omnismash.pl localhost 80 -corrupt duong_dan_file_can_pha_huy
VD: perl omnismash.pl localhost 80 -corrupt c:\autoexec.bat
Dong lenh tren se pha hong file autoexec.bat tren Webserver...Ban co the tu do pha huy cac file khac neu nhu ban biet chinh xac vi tri cua no.
Lo hong bao mat thu hai: Cac Hacker co the sua doi noi dung file stats.pl bang doan Script co san. Tat nhien la viec nay co ich cho viec Attack roi, chang ai thua com ma di sua lung tung ca. Ban ra DOS go:
perl omnismash.pl localhost 80 -inject duong_dan_cua_file_stats.pl
De lam duoc dieu nay ban phai biet chinh xac vi tri cua file stats.pl....Neu nhu OmniHTTPd duoc Setting o che do Default thi duong dan cua no co the la c:\httpd\cgi-bin ...Noi chung cai nay thi con tuy Server, tuy Admin....
VD: perl omnismash.pl localhost 80 -inject c:\httpd\cgi-bin
Neu thanh cong, file stats.pl da duoc thay the. Ban khoi dong Browser cua minh trong Form Address go
http://localhost/cgi-bin/stats.pl?|dir thi ban se nhin thay duoc cac file trong trong thu muc cgi-bin. P..h..u vay la ban da Hack song mot Webserver Omni HTTPd roi do. Bua no toi len mang kitoi duoc duoc mot dia chi goi Bug Web (dai loai la cac trang Web bi dinh Bug...chuyen dung de cho cac Hacker moi vo nghe thuc hanh duoi day la dia chi cua no)
http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].java.server.txt http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].hsweb.root.exposure.txt http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].sedum.txt http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].bibliowebserver.txt http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].picserver.txt