Skip to content

Commit

Permalink
First commit
Browse files Browse the repository at this point in the history
  • Loading branch information
Apress committed Oct 7, 2016
0 parents commit df267e8
Show file tree
Hide file tree
Showing 10 changed files with 8,013 additions and 0 deletions.
Binary file added 2040.pdf
Binary file not shown.
Binary file added 2041.pdf
Binary file not shown.
Binary file added 9781590593356.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7,500 changes: 7,500 additions & 0 deletions Chapter06/Chapter06.txt

Large diffs are not rendered by default.

369 changes: 369 additions & 0 deletions Chapter07/Chapter07.txt
@@ -0,0 +1,369 @@
Listing 7-1. Source Code of Test.sh
DATE=`date`
echo "$DATE: Started From $1 Port $2" >> /tmp/log
echo SSH-1.5-2.40
while read name
do
echo "$name" >> /tmp/log
echo "$name"
done

Listing 7-2. Modified Test.sh
DATE=`date`
echo "$DATE: Started From $1 Port $2" >> ssh.log
echo SSH-1.5-2.40
while read name
do
echo "$name" >> ssh.log
echo "$name"
done

Listing 7-3. Source Code of Router-telnet.pl
# Copyright 2002 Niels Provos <provos@citi.umich.edu>
# All rights reserved.
# For the license refer to the main source code of Honeyd.
# Don't echo Will Echo Will Surpress Go Ahead
$return = pack('ccccccccc', 255, 254, 1, 255, 251, 1, 255, 251, 3);
syswrite STDOUT, $return, 9;
$string =
"Users (authorized or unauthorized) have no explicit or\r
implicit expectation of privacy. Any or all uses of this\r
system may be intercepted, monitored, recorded, copied,\r
audited, inspected, and disclosed to authorized site,\r
and law enforcement personnel, as well as to authorized\r
officials of other agencies, both domestic and foreign.\r
By using this system, the user consents to such\r
interception, monitoring, recording, copying, auditing,\r
inspection, and disclosure at the discretion of authorized\r
site.\r
\r
Unauthorized or improper use of this system may result in\r
administrative disciplinary action and civil and criminal\r
penalties. By continuing to use this system you indicate\r
your awareness of and consent to these terms and conditions\r
of use. LOG OFF IMMEDIATELY if you do not agree to the\r
conditions stated in this warning.\r
\r
\r
\r
User Access Verification\r
";
syswrite STDOUT, $string;
open(O, ">C:\\fff");
$count = 0;
while ($count < 3) {
do {
$count++;
syswrite STDOUT, "\r\n";
$word = read_word("Username: ", 1);
} while (!$word && $count < 3);
if ($count >= 3 && !$word) {
exit;
}
$password = read_word("Password: ", 0);
if (!$password) {
syswrite STDOUT, "% Login invalid\r\n";
} else {
syswrite STDERR, "Attempted login: $word/$password";
syswrite STDOUT, "% Access denied\r\n";
}
}
exit;
sub read_word {
local $prompt = shift;
local $echo = shift;
local $word;
syswrite STDOUT, "$prompt";
$word = "";
$alarmed = 0;
eval {
local $SIG{ALRM} = sub { $alarmed = 1; die; };
alarm 30;
$finished = 0;
do {
$nread = sysread STDIN, $buffer, 1;
print O "RET: " . $nread . " BUF: " . $buffer . "\n";
die unless $nread;
if (ord($buffer) == 0) {
; #ignore
} elsif (ord($buffer) == 255) {
sysread STDIN, $buffer, 2;
} elsif (ord($buffer) == 13 || ord($buffer) == 10) {
syswrite STDOUT, "\r\n" if $echo;
$finished = 1;
} else {
syswrite STDOUT, $buffer, 1 if $echo;
$word = $word.$buffer;
}
} while (!$finished);
alarm 0;
};
syswrite STDOUT, "\r\n" if $alarmed || ! $echo;
if ($alarmed) {
syswrite STDOUT, "% $prompt timeout expired!\r\n";
return (0);
}
return ($word);
}

Listing 7-4. Source Code of Web.sh
#!/bin/sh
REQUEST=""
while read name
do
LINE=`echo "$name" | egrep -i "[a-z:]"`
if [ -z "$LINE" ]
then
break
fi
echo "$name" >> /tmp/log
NEWREQUEST=`echo "$name" | grep "GET .scripts.*cmd.exe.*dir.* HTTP/1.0"`
if [ ! -z "$NEWREQUEST" ] ; then
REQUEST=$NEWREQUEST
fi
done

if [ -z "$REQUEST" ] ; then
cat << _eof_
HTTP/1.1 404 NOT FOUND
Server: Microsoft-IIS/5.0
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA Content-Location: http://cpmsftwbw27/default.htm
Date: Thu, 04 Apr 2002 06:42:18 GMT
Content-Type: text/html
Accept-Ranges: bytes

<html><title>You are in Error</title>
<body>
<h1>You are in Error</h1>
O strange and inconceivable thing! We did not really die, we were not really buried, we were not really crucified and raised again, but our imitation was but a figure, while our salvation is in reality. Christ was actually crucified, and actually buried, and truly rose again; and all these things have been vouchsafed to us, that we, by imitation communicating in His sufferings, might gain salvation in reality. O surpassing loving-kindness! Christ received the nails in His undefiled hands and feet, and endured anguish; while to me without suffering or toil, by the fellowship of His pain He vouchsafed salvation.
<p>
St. Cyril of Jerusalem, On the Christian Sacraments.
</body>
</html>
_eof_
exit 0
fi
DATE=`date`
cat << _eof_
HTTP/1.0 200 OK
Date: $DATE
Server: Microsoft-IIS/5.0
Connection: close
Content-Type: text/plain
Volume in drive C is Webserver
Volume Serial Number is 3421-07F5
Directory of C:\inetpub
01-20-02 3:58a <DIR> .
08-21-01 9:12a <DIR> ..
08-21-01 11:28a <DIR> AdminScripts
08-21-01 6:43p <DIR> ftproot
07-09-00 12:04a <DIR> iissamples
07-03-00 2:09a <DIR> mailroot
07-16-00 3:49p <DIR> Scripts
07-09-00 3:10p <DIR> webpub
07-16-00 4:43p <DIR> wwwroot
0 file(s) 0 bytes
20 dir(s) 290,897,920 bytes free
_eof_

Listing 7-5. Script Used to Clean MSBlaster Worm from Originating Hosts
# Launches a DCOM exploit toward the infected attacking host
# and then run cleaning commands in the remote DOS shell obtained
./dcom_exploit -d $1 << EOF
REM Executes the following orders on the host :
REM 1) Kill the running process MSBlast.exe
taskkill /f /im msblast.exe /t
REM 2) Eliminate the binary of the worm
del /f %SystemRoot%\system32\msblast.exe
REM 3) Clean the registry
echo Regedit4 > c: \cleanerMSB.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run] >> c:\cleanerMSB.reg
echo "auto windows update" = "REM msblast.exe" >> c: \cleanerMSB.reg
regedit /s c: \cleanerMSB.reg
del /f c:\cleanerMSB.reg
REM N) Specific actions to update the Windows host could be added here
REM N+1) Reboot the host
shutdown -r -f -t 0 exit
EOF

Listing 7-6. Ms-ftp.sh Script File Mimicking a Microsoft FTP Server
SRCIP=$1
SRCPORT=$2
DSTIP=$3
DSTPORT=$4
SERVICE="MSFTP/FTP"
HOST="ftp.banneretcs.com"
AUTH="no"
PASS="no"
DATFILES="ftpfiles"
LOG=ftp.log
pwd="/"
passive=0
#dataport=1234
dataport=$[$SRCPORT+1]
type="ASCII"
mode="S"

echo -e "220 $HOST Microsoft FTP Service"

while read incmd parm1 parm2 parm3 parm4 parm5
do
# remove control characters
incmd=`echo $incmd | ssed s/[[:cntrl:]]//g`
parm1=`echo $parm1 | ssed s/[[:cntrl:]]//g`
parm2=`echo $parm2 | ssed s/[[:cntrl:]]//g`
parm3=`echo $parm3 | ssed s/[[:cntrl:]]//g`
parm4=`echo $parm4 | ssed s/[[:cntrl:]]//g`
parm5=`echo $parm5 | ssed s/[[:cntrl:]]//g`

# convert to uppercase
incmd_nocase=`echo $incmd | gawk '{print toupper($0);}'`
#echo $incmd_nocase

# log user input
echo "$incmd $parm1 $parm2 $parm3 $parm4 $parm5" >> $LOG

# check for login
if $AUTH == "no"
then
if "$incmd_nocase" != "USER"
then
if "$incmd_nocase" != "QUIT"
then
echo -e "User ($SRCIP:(none)):"
continue
fi
fi
fi

# parse commands
case $incmd_nocase in

QUIT* )
echo -e "221 \r"
;;
HELP* )
echo -e "Commands may be abbreviated. Commands are:"
echo -e " "
echo -e "! delete literal prompt send"
echo -e "? debug ls put status"
echo -e "append dir mdelete pwd trace "
echo -e "ascii disconnect mdir quit type"
echo -e "bell get mget quote user"
echo -e "binary glob mkdir recv verbose"
echo -e "bye hash mls remotehelp"
echo -e "cd help mput rename"
echo -e "close lcd open rmdir"
echo -e "ftp>"
;;
USER* )
parm1_nocase=`echo $parm1 | gawk '{print toupper($0);}'`
if [ "$parm1_nocase" == "ANONYMOUS" ]; then
echo -e "331 Anonymous access allowed, send identity
(e-mail name) as password.\r"
AUTH="ANONYMOUS"
else
echo -e "331 Password required for $parm1."
echo -e "Password: "
AUTH=$parm1
fi
;;
PASS* )
PASS=$parm1
if "$AUTH" == "ANONYMOUS" ; then
rand=`head -c 4 /dev/urandom | hexdump | ssed -e 's/[0 a-z]//g' | head -c 2`
echo -e "230 Anonymous user logged in.\r"
else
echo -e "530 Login incorrect.\r"
fi
;;
MDIR* )
if [ `echo "$parm1" | grep ^/ >/dev/null && echo 1` ]; then

if `cat $DATFILES | ssed -e 's!/.*/$!/!' | grep "$parm1.*\[.*w.*\]" 2>&1 >/dev/null
&& echo 1`; then
echo -e "257 \"$parm1\" new directory created.\r"
echo -e "$parm1/\t[drwx]" | ssed 's!//*!/!g' >> $DATFILES
else
echo -e "550 $parm1: Permission denied.\r"
fi
else

if `grep "$pwd.*\.*w.*\" $DATFILES 2>&1 >/dev/null && echo 1` ; then
echo -e "257 \"$pwd/$parm1\" new directory created.\r"
echo -e "$pwd/$parm1/\t[drwx]" | ssed 's!//*!/!g' >> $DATFILES
else
echo -e "550 $parm1: Permission denied.\r"
fi

fi
;;
RMD* )
if [ `echo "$parm1" | grep ^/ >/dev/null && echo 1` ]; then

if [ `cat $DATFILES | ssed -e 's!/.*/$!/!' | grep "$parm1.*\[.*w.*\]" 2>&1
>/dev/null && echo 1` ]; then
echo -e "257 \"$parm1\" directory deleted.\r"
#echo -e "$parm1/\t[drwx]" | ssed 's!//*!/!g' >> $DATFILES
else
echo -e "550 $parm1: Permission denied.\r"
fi
else

if [ `grep "$pwd.*\[.*w.*\]" $DATFILES 2>&1 >/dev/null && echo 1` ]; then
echo -e "257 \"$pwd/$parm1\" directory deleted.\r"
#echo -e "$pwd/$parm1/\t[drwx]" | ssed 's!//*!/!g' >> $DATFILES
else
echo -e "550 $parm1: Permission denied.\r"
fi
fi
;;
PWD* )
echo -e "257 \"$pwd\" is current directory.\r"
;;
LS* )
if [ `grep "$parm1" $DATFILES 2>&1 >/dev/null && echo 1` ]; then

if [ `grep "$pwd/$parm1.*\[.*r.*\]" $DATFILES 2>&1 >/dev/null && echo
1` ]; then
echo -e "150 Opening ASCII mode data connection for /bin/ls.\r"
if $passive -eq 1; then
#echo -e "hallo\r" | nc -w 1 -l -p $dataport
sleep 6
echo -e "425 Can't build data connection: Connection Timeout\r"
else
mode data connection for file list.\r"
echo -e "425 Can't build data connection: Connection refused\r"
fi
else
echo -e "550 $parm1: Permission denied.\r"
fi

else

echo -e "550 $parm1: No such file or directory\r"

fi
;;
PASV* )
echo -e "227 Entering Passive Mode (192,168,1,2,165,53)\r"
passive=1
dataport=42293
;;
TYPE*)
echo -e "200 Type set to $parm1.\r"
type=$parm1
;;
STAT* )
echo -e "Connected to $HOST.$DOMAIN\r"
echo -e "Type: $type, Verbose: On ; Bell: Off ; Prompting: On ; Globbing: On "
echo -e "Debugging: Off ; Hash mark printing: Off "
echo -e "FTP> "
;;
* )
echo -e "500 '$incmd': command not understood.\r"
;;
esac
done

0 comments on commit df267e8

Please sign in to comment.