切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
327 蜜罐 kippo SSH 2[复制链接]
发表于 2012-10-20 16:22:53 | 显示全部楼层 |!read_mode!
扫描下UB kippo的配置文件端口定义为2222
  1. root@Dis9Team:~# nmap -sV 192.168.71.130 -p 2222

  2. Starting Nmap 5.51 ( http://nmap.org ) at 2012-10-11 22:51 PDT
  3. Nmap scan report for 192.168.71.130
  4. Host is up (0.00024s latency).
  5. PORT     STATE SERVICE VERSION
  6. 2222/tcp open  ssh     OpenSSH 5.1p1 Debian 5 (protocol 2.0)
  7. MAC Address: 00:0C:29:9E:3F:14 (VMware)
  8. Service Info: OS: Linux

  9. Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
  10. Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds
  11. root@Dis9Team:~#
复制代码
OPENSSH服务出现了.
kippo的配置文件的密码定义为123456 测试一下
  1. root@Dis9Team:~# ssh root@192.168.71.130 -p2222
  2. The authenticity of host '[192.168.71.130]:2222 ([192.168.71.130]:2222)' can't be established.
  3. RSA key fingerprint is d9:f0:74:99:58:5e:32:74:a1:7b:27:78:2e:b1:83:a8.
  4. Are you sure you want to continue connecting (yes/no)? yes
  5. Warning: Permanently added '[192.168.71.130]:2222' (RSA) to the list of known hosts.
  6. Password:
  7. Password:
  8. ubuntu:~# id
  9. uid=0(root) gid=0(root) groups=0(root)
  10. ubuntu:~#
复制代码
邪恶的操作
  1. ubuntu:~# ls /
  2. sys        bin        mnt        media      vmlinuz    opt        cdrom      selinux    tmp        proc       sbin      
  3. etc        dev        srv        initrd.img lib        home       var        usr        boot       root       lost+found
  4. ubuntu:~# ls -la /
  5. drwxr-xr-x 1 root root  4096 2012-10-12 13:53 .
  6. drwxr-xr-x 1 root root  4096 2012-10-12 13:53 ..
  7. drwxr-xr-x 1 root root     0 2009-11-20 16:19 sys
  8. drwxr-xr-x 1 root root  4096 2009-11-08 23:42 bin
  9. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 mnt
  10. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 media
  11. lrwxrwxrwx 1 root root    25 2009-11-06 19:16 vmlinuz -> /boot/vmlinuz-2.6.26-2-686
  12. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 opt
  13. lrwxrwxrwx 1 root root    11 2009-11-06 19:08 cdrom -> /media/cdrom0
  14. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 selinux
  15. drwxrwxrwx 1 root root  4096 2009-11-20 16:19 tmp
  16. dr-xr-xr-x 1 root root     0 2009-11-20 16:19 proc
  17. drwxr-xr-x 1 root root  4096 2009-11-08 23:41 sbin
  18. drwxr-xr-x 1 root root  4096 2009-11-20 16:20 etc
  19. drwxr-xr-x 1 root root  3200 2009-11-20 16:20 dev
  20. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 srv
  21. lrwxrwxrwx 1 root root    28 2009-11-06 19:16 initrd.img -> /boot/initrd.img-2.6.26-2-686
  22. drwxr-xr-x 1 root root  4096 2009-11-08 23:46 lib
  23. drwxr-xr-x 1 root root  4096 2009-11-06 19:22 home
  24. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 var
  25. drwxr-xr-x 1 root root  4096 2009-11-08 23:46 usr
  26. drwxr-xr-x 1 root root  4096 2009-11-08 23:39 boot
  27. drwxr-xr-x 1 root root  4096 2009-11-20 17:08 root
  28. drwx------ 1 root root 16384 2009-11-06 19:08 lost+found
  29. ubuntu:~#
复制代码
删除全部文件
  1. ubuntu:~# rm -rf /
  2. ubuntu:~# ls -ls /
  3. drwxr-xr-x 1 root root  4096 2012-10-12 13:53 .
  4. drwxr-xr-x 1 root root  4096 2012-10-12 13:53 ..
  5. drwxr-xr-x 1 root root     0 2009-11-20 16:19 sys
  6. drwxr-xr-x 1 root root  4096 2009-11-08 23:42 bin
  7. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 mnt
  8. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 media
  9. lrwxrwxrwx 1 root root    25 2009-11-06 19:16 vmlinuz -> /boot/vmlinuz-2.6.26-2-686
  10. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 opt
  11. lrwxrwxrwx 1 root root    11 2009-11-06 19:08 cdrom -> /media/cdrom0
  12. drwxr-xr-x 1 root root  4096 2009-11-06 19:08 selinux
  13. drwxrwxrwx 1 root root  4096 2009-11-20 16:19 tmp
  14. dr-xr-xr-x 1 root root     0 2009-11-20 16:19 proc
  15. drwxr-xr-x 1 root root  4096 2009-11-08 23:41 sbin
  16. drwxr-xr-x 1 root root  4096 2009-11-20 16:20 etc
  17. drwxr-xr-x 1 root root  3200 2009-11-20 16:20 dev
  18. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 srv
  19. lrwxrwxrwx 1 root root    28 2009-11-06 19:16 initrd.img -> /boot/initrd.img-2.6.26-2-686
  20. drwxr-xr-x 1 root root  4096 2009-11-08 23:46 lib
  21. drwxr-xr-x 1 root root  4096 2009-11-06 19:22 home
  22. drwxr-xr-x 1 root root  4096 2009-11-06 19:09 var
  23. drwxr-xr-x 1 root root  4096 2009-11-08 23:46 usr
  24. drwxr-xr-x 1 root root  4096 2009-11-08 23:39 boot
  25. drwxr-xr-x 1 root root  4096 2009-11-20 17:08 root
  26. drwx------ 1 root root 16384 2009-11-06 19:08 lost+found
  27. ubuntu:~#
复制代码


删除不了 读下默认文件
  1. ubuntu:~# cat /etc/shadow
  2. cat: /etc/shadow: No such file or directory
  3. ubuntu:~# cat /etc/shadow-
  4. cat: /etc/shadow-: No such file or directory
  5. ubuntu:~# cat /etc/passwd
  6. root:x:0:0:root:/root:/bin/bash
  7. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
  8. bin:x:2:2:bin:/bin:/bin/sh
  9. sys:x:3:3:sys:/dev:/bin/sh
  10. sync:x:4:65534:sync:/bin:/bin/sync
  11. games:x:5:60:games:/usr/games:/bin/sh
  12. man:x:6:12:man:/var/cache/man:/bin/sh
  13. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
  14. mail:x:8:8:mail:/var/mail:/bin/sh
  15. news:x:9:9:news:/var/spool/news:/bin/sh
  16. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
  17. proxy:x:13:13:proxy:/bin:/bin/sh
  18. www-data:x:33:33:www-data:/var/www:/bin/sh
  19. backup:x:34:34:backup:/var/backups:/bin/sh
  20. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
  21. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
  22. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  23. nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
  24. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
  25. richard:x:1000:1000:richard,,,:/home/richard:/bin/bash
  26. sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
  27. ubuntu:~#
复制代码


不是系统的 估计是伪造的

一些操作都记录到MYSQL数据库里面 链接看看

  1. kippo@ubuntu:/opt/kippo$ mysql -u kippo -p
  2. Enter password:
  3. Welcome to the MySQL monitor.  Commands end with ; or \g.
  4. Your MySQL connection id is 41
  5. Server version: 5.1.61-0ubuntu0.10.10.1-log (Ubuntu)

  6. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

  7. Oracle is a registered trademark of Oracle Corporation and/or its
  8. affiliates. Other names may be trademarks of their respective
  9. owners.

  10. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

  11. mysql>
复制代码

查下破解记录

  1. mysql> use kippo;
  2. Reading table information for completion of table and column names
  3. You can turn off this feature to get a quicker startup with -A

  4. Database changed
  5. mysql> select * from auth;
  6. +----+----------------------------------+---------+----------+----------+---------------------+
  7. | id | session                          | success | username | password | timestamp           |
  8. +----+----------------------------------+---------+----------+----------+---------------------+
  9. |  1 | 0c592448143111e287c0000c299e3f14 |       0 | root     | dfsdfds  | 2012-10-12 05:52:51 |
  10. |  2 | 0c592448143111e287c0000c299e3f14 |       1 | root     | 123456   | 2012-10-12 05:52:54 |
  11. +----+----------------------------------+---------+----------+----------+---------------------+
  12. 2 rows in set (0.00 sec)

  13. mysql>
复制代码

看下操作记录

  1. mysql> select * from input;
  2. +----+----------------------------------+---------------------+-------+---------+-----------------------------+
  3. | id | session                          | timestamp           | realm | success | input                       |
  4. +----+----------------------------------+---------------------+-------+---------+-----------------------------+
  5. |  1 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:52:56 | NULL  |       1 | id                          |
  6. |  2 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:53:28 | NULL  |       1 | ls /                        |
  7. |  3 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:53:34 | NULL  |       1 | ls -la /                    |
  8. |  4 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:53:47 | NULL  |       1 | rm -rf /                    |
  9. |  5 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:53:50 | NULL  |       1 | ls -ls /                    |
  10. |  6 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:23 | NULL  |       1 | echo "hacked by helen" > 1  |
  11. |  7 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:25 | NULL  |       1 | cat 1                       |
  12. |  8 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:31 | NULL  |       1 | echo "hacked by helen" >> 1 |
  13. |  9 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:37 | NULL  |       1 | ls                          |
  14. | 10 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:39 | NULL  |       1 | ls                          |
  15. | 11 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:40 | NULL  |       1 | ls -la                      |
  16. | 12 | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:54:41 | NULL  |       1 | pwd                         |
  17. +----+----------------------------------+---------------------+-------+---------+-----------------------------+
  18. 12 rows in set (0.00 sec)

  19. mysql>
复制代码

看下会话记录


  1. mysql> select * from sessions;
  2. +----------------------------------+---------------------+---------------------+--------+----------------+----------+--------+
  3. | id                               | starttime           | endtime             | sensor | ip             | termsize | client |
  4. +----------------------------------+---------------------+---------------------+--------+----------------+----------+--------+
  5. | cb9ef50e143011e287c0000c299e3f14 | 2012-10-12 05:50:58 | NULL                |      1 | 192.168.71.129 | NULL     |   NULL |
  6. | df36bce6143011e287c0000c299e3f14 | 2012-10-12 05:51:31 | 2012-10-12 05:51:31 |      1 | 192.168.71.129 | NULL     |   NULL |
  7. | ec4e7748143011e287c0000c299e3f14 | 2012-10-12 05:51:53 | NULL                |      1 | 192.168.71.129 | NULL     |   NULL |
  8. | 0c592448143111e287c0000c299e3f14 | 2012-10-12 05:52:46 | NULL                |      1 | 192.168.71.129 | 124x37   |      1 |
  9. +----------------------------------+---------------------+---------------------+--------+----------------+----------+--------+
  10. 4 rows in set (0.00 sec)

  11. mysql>
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-26 08:52

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部