tailieunhanh - stealing the network how to own the box PHẦN 2
Vì vậy, tôi có thể truy cập cổng thư, nhưng tôi thực sự muốn truy cập telnet. Tôi chuyển đến các máy chủ Web. Các máy chủ web đã chứng minh giá trị, như xa như truy cập đã được quan tâm. Quét ban đầu chỉ ra rằng hai cổng duy nhất mở cửa cho Internet trên hai máy chủ là 80 và 443 (HTTP và HTTPS, tương ứng). | Hide and Sneak Chapter 1 11 HELP EXPN and VRFY available to s a lot of information to just give out. So I could access the mail port but I really wanted telnet access. I moved on to the Web servers. The Web the Web . It s Always the Web The Web servers proved more worthwhile as far as access was concerned. Initial scans indicated that the only two ports open to the Internet on these two servers were 80 and 443 HTTP and HTTPS respectively . I knew that they were watching port 80 because none of my Whisker scans were successful on either SSL port provided a plethora of information. See that s the beauty of SSL It hides things from the can t see into the data stream because the data stream is encrypted. Isn t that lovely So to get the scans of their SSL servers I had to set up an SSL tunnel and then use that to conduct my scans. That s easy enough to do with one of the tools in my toolbox called big surprise SSL Proxy. SSL Proxy ssiproxy is a neat little program that basically lets you connect to an SSL server or something else that uses SSL and communicate with it normally. SSL Proxy handles all the necessary encryption for use it you just point it to the remote SSL server and bind it to a local port on your box telnet to that port and you re in. SSL Proxy to Windows 2000 Web Server 12 Chapter 1 Hide and Sneak From the screen I could tell that I wasn t the first one to show up at this machine. Apparently someone else hacked into it and changed the default page on the SSL server. Oh well no matter. That didn t deter me. But it was kind of funny that the sysadmin hadn t figured out that someone else owned this box. My guess is that it wasn t that important of a system for them. For me it meant a way in. Once I had verified that I could scan the Web server I let Whisker go through its paces and what do you know This box was also open to a whole variety of Internet Information Server IIS would .
đang nạp các trang xem trước