10.1 Holes in general
A hole is any feature of hardware or software that allows unauthorized users to gain access or increase their level of access without authorization. So a hole is nothing more than some form of vulnerability. There are different types of holes, including
- Holes that allow denial of service (class C)
- SYN Flooding attack on TCP
- ICMP Unreachable attack
- Java applets spawning Navigator Windows
- CHARGEN attack on Windows 95
- Holes that allow local users with limited privileges to increase those privileges without authorization (class B)
- sendmail bugs
- buffer overflow
- SetUID, SetGID holes
- Holes that allow outside parties (on remote hosts) unauthorized access to the network (class A)
- Bugs in FTP, Gopher, Telnet, Sendmail, NFS, ARP, Portmap, finger, ...
10.2 Windows 95/NT Vulnerabilities
- Password protection of Windows 95 workstation: doesn't seem to work; even if it does it can be easily compromised by Registry editor, which can be freely invoked in a Safe mode.
- Windows 95/NT Applications: Word macro viruses, ActiveX, ...
- SMB (Server Message Blocks) file sharing protocol bug + MS IE: reveals user passwords (see Windows 95 and MSIE Security Hole -- http://www.security.org.il/msnetbreak/)
- IE + PPT: may allow execution of local programs
- Hacking tools on File Sharing
- Legion
- SMB Scanner
- Shareview
- Mirror21
- Nat10bin
- Direct access on NTFS (without user authentication)
- NTFSDOS from DOS
- Linux mounting NTFS
- Denial of Service Attacks
- Land attack on Win 95: use packets with same source and destination address, causing TCP loopback
- Win 95/NT IP fragment overlap
- Win 95/NT OutOfBand (OOB) Data Attack
- Attacks to become SYSTEM/admin
- Sechole
- Back doors
- Back Orifice
- Netbus
- Netcat
PLUSÀÇ Back Orifice ÀÚ·á
¾ÐÃàÀ» Ç®¸é ´ÙÀ½°ú °°Àº ÆÄÀÏÀÌ ³ª¿Â´Ù.
º¹»ç, À̸§º¯°æ, »èÁ¦, º¸±â, ÆÄÀÏ°ú µð·ºÅ丮 Ž»ö, ±×¸®°í ¾ÐÃà°ú ±× ÇØÁ¦µµ °¡´É
¸®½ºÆÃ, Á¦°Å, ½ºÆù ÇÁ·Î¼¼¼
·¹Áö½ºÆ®¸®ÀÇ ¸®½ºÆÃ, »ý¼º, »èÁ¦, ¼¼Æ® Å°¿Í ±× °ª º¯°æ
»ç¿ë °¡´ÉÇÑ ¸ðµç ³×Æ®¿öÅ© ÀÚ¿øÀ» º¸¿©ÁÖ°í, ¶Ç ¸ðµç connectionÀÇ Á¢¼Ó, ÇØÁ¦¸¦ ¾Ë·ÁÁØ´Ù. ³×Æ®¿öÅ© connectionÀÇ »ý¼º°ú »èÁ¦, ±×¸®°í exportµÈ ¸ðµç ÀÚ¿ø°ú ±× Æнº¿öµå, exportÀÇ »ý¼º°ú »èÁ¦ ¶ÇÇÑ °¡´ÉÇÏ´Ù.
wav ÆÄÀÏ Àç»ý, ½ºÅ©¸° ¼¦ ĸÃç, ºñµð¿À ĸÃç¿Í ºñµð¿À ÀԷ±â±â(¿¹:Quickcam µî)ÀÇ ºñµð¿À¿Í Á¤Áöȸé ĸÃç
TCP ȤÀº UDP Æ÷Æ®ÀÇ ¸ðµç ÀÎÄ¿¹ÖÀ» ´Ù¸¥ ÁÖ¼Ò¿Í Æ÷Æ®·Î ¸®´ÙÀÌ·ºÆ®
ÄÜ¼Ö application(command.com µî)ÀÇ ´Ù¸¥ TCP Æ÷Æ®·ÎÀÇ ½ºÆùÀ¸·Î Åڳݼ¼¼ÇÀ» ÅëÇÑ application Á¦¾î°¡ °¡´ÉÇÏ´Ù.
ÀÓÀÇÀÇ Æ÷Æ®¸¦ ÅëÇØ NetscapeµîÀÇ wwwŬ¶óÀ̾ðÆ®¸¦ ÀÌ¿ëÇÑ ÆÄÀÏ ¾÷·Îµå¿Í ´Ù¿î ·Îµå
³×Æ®¿öÅ© ÆÐŶÀÇ °¨½Ã¿Í, Åë°úÇÏ´Â ¸ðµç ÅؽºÆ® Æнº¿öµå ·Î±ë.
plugin ÀÛ¼º °¡´É, BOÀÇ ¼û°ÜÁø ½Ã½ºÅÛ ÇÁ·Î¼¼½º¿¡ ±× ÄÚµå ½ÇÇàÀÌ °¡´É