09:09:12
|
#netstat -lp | grep :22
|
| /l3/users/14-06-2010/nt-lnet/debian4.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 |
|
|
#netstat -lnp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1000/sshd tcp6 0 0 :::22 :::* LISTEN 1000/sshd |
|
#netstat -lp | grep :22
|
|
#netstat -lp
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:ssh *:* LISTEN 1000/sshd tcp6 0 0 [::]:5900 [::]:* LISTEN 1026/Xvnc tcp6 0 0 [::]:ssh [::]:* LISTEN 1000/sshd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 2588 1077/gnome-keyring- /tmp/keyring-ljZs3L/socket unix 2 [ ACC ] STREAM LISTENING 2382 985/dbus-daemon /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 2813 1195/dbus-daemon @/tmp/dbus-gbXyyvwoOE unix 2 [ ACC ] STREAM LISTENING 2799 1191/ssh-agent /tmp/ssh-WfUKnd1152/agent.1152 unix 2 [ ACC ] STREAM LISTENING 2430 1011/gdm /var/run/gdm_socket unix 2 [ ACC ] STREAM LISTENING 2872 1224/gconfd-2 /tmp/orbit-user/linc-4c8-0-2abf4729e80a8 unix 2 [ ACC ] STREAM LISTENING 2889 1219/firefox-bin /tmp/orbit-user/linc-4c3-0-7d37809017e2 unix 2 [ ACC ] STREAM LISTENING 2475 1026/Xvnc /tmp/.X11-unix/X0 |
|
#netstat -lp | less
|
|
#netstat -lnp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1000/sshd tcp6 0 0 :::22 :::* LISTEN 1000/sshd |
|
#netstat -lnp | less
|
|
#netstat -lp | grep :22
|
|
#netstat -lp | grep sshd
tcp 0 0 *:ssh *:* LISTEN 1000/sshd tcp6 0 0 [::]:ssh [::]:* LISTEN 1000/sshd |
|
#screen
|
|
#nc 192.168.16.24 4444 | tar xvC /tmp
(UNKNOWN) [192.168.16.24] 4444 (?) : Connection refused tar: Это не похоже на tar-архив tar: Завершение работы с состоянием неисправности с из-за возникших ошибок |
|
#ssh 192.168.16.24
Password:
Last login: Mon Jun 14 16:49:42 2010 from host219.net.nt
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.3-RELEASE (SMP) #0: Wed Jan 16 04:45:45 UTC 2008
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#sockstat -4l | grep :22
root sshd 880 3 tcp46 *:22 *:* root sshd 880 4 tcp4 *:22 *:* |
|
#tar cv /etc | nc -l -p 4444
tar: Failed to open '/dev/sa0': Operation not supported
usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-P proxy_username] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port[s]]
|
|
#tar cv /etc - | nc -l -p 4444
usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-P proxy_username] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port[s]]
tar: Failed to open '/dev/sa0': Operation not supported
|
|
#tar cv - /etc | nc -l -p 4444
tar: Failed to open '/dev/sa0': Operation not supported
usage: nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-P proxy_username] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port[s]]
|
|
#nc 192.168.16.24 4444 | tar xvC /tmp
etc/ etc/defaults/ etc/netconfig etc/protocols etc/services etc/group etc/hosts etc/fstab etc/X11/ etc/bluetooth/ ... etc/gnats/freefall etc/bluetooth/hcsecd.conf etc/bluetooth/hosts etc/bluetooth/protocols etc/X11/xorg.conf etc/defaults/rc.conf etc/defaults/bluetooth.device.conf etc/defaults/devfs.rules etc/defaults/pccard.conf etc/defaults/periodic.conf |
|
#man tar
|
|
#ls /tmp/etc/
aliases hosts.lpd nsswitch.conf rc.resume amd.map inetd.conf ntp rc.sendmail apmd.conf isdn opieaccess rc.shutdown auth.conf lilalo opiekeys rc.subr bluetooth localtime pam.d rc.suspend crontab locate.rc passwd remote csh.cshrc login.access pccard_ether resolv.conf csh.login login.conf periodic resolv.conf.save csh.logout login.conf.db periodic.conf rmt defaults mac.conf pf.conf rpc ... freebsd-update.conf master.passwd protocols ssh fstab motd pwd.db ssl ftpusers mtree rc sysctl.conf gettytab namedb rc.bsdextended syslog.conf gnats netconfig rc.conf termcap group netstart rc.d ttys host.conf networks rc.firewall usbd.conf hosts network.subr rc.firewall6 wall_cmos_clock hosts.allow newsyslog.conf rc.initdiskless X11 hosts.equiv nsmb.conf rc.local |
|
#nc 192.168.16.24 4444 | tar xvC /tmp
(UNKNOWN) [192.168.16.24] 4444 (?) : Connection refused tar: Это не похоже на tar-архив tar: Завершение работы с состоянием неисправности с из-за возникших ошибок |
|
#tar -cvf - /etc | nc -l 127.0.0.1 4444
tar: Removing leading '/' from member names a etc a etc/defaults a etc/netconfig a etc/protocols a etc/services^C |
|
#tar -cvf - /etc | nc -l 192.168.16.24 4444
tar: Removing leading '/' from member names a etc a etc/defaults a etc/netconfig a etc/protocols a etc/services a etc/group a etc/hosts a etc/fstab a etc/X11 ... a etc/gnats/freefall a etc/bluetooth/hcsecd.conf a etc/bluetooth/hosts a etc/bluetooth/protocols a etc/X11/xorg.conf a etc/defaults/rc.conf a etc/defaults/bluetooth.device.conf a etc/defaults/devfs.rules a etc/defaults/pccard.conf a etc/defaults/periodic.conf |
|
#tar -cvf - /etc | nc -l 192.168.16.24 4444
tar: Removing leading '/' from member names a etc a etc/defaults a etc/netconfig a etc/protocols a etc/services ^C |
|
#apt-get install popa3d
Чтение списков пакетов... Готово Построение дерева зависимостей Чтение информации о состоянии... Готово Будут установлены следующие дополнительные пакеты: exim4 exim4-base exim4-config exim4-daemon-light heirloom-mailx libfile-copy-recursive-perl update-inetd Предлагаемые пакеты: mail-reader eximon4 exim4-doc-html exim4-doc-info gnutls-bin openssl libmail-spf-query-perl swaks Рекомендуемые пакеты: ... Starting pop daemon: popa3d. Настраивается пакет exim4-config (4.72-1) ... Adding system-user for exim (v4) Настраивается пакет exim4-base (4.72-1) ... Настраивается пакет exim4-daemon-light (4.72-1) ... Starting MTA: exim4. Настраивается пакет exim4 (4.72-1) ... Настраивается пакет heirloom-mailx (12.4-2) ... update-alternatives: используется `/usr/bin/heirloom-mailx' для предоставления `/usr/bin/mailx' (mailx) в автоматический режим. Обрабатываются триггеры для menu ... |
|
#netstat -lnp | grep :110
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1950/popa3d |
|
#cd /tmp
|
|
#mkfifo test
|
|
#ls -l test
prw-r--r-- 1 root root 0 Июн 15 10:23 test |
|
#nc 127.0.0.1 110 < /tmp/test | nc -l -p 11111 > /tmp/test
|
|
#man nc
|
|
#nc 192.168.16.4 110
+OK USER -ERR USER user +OK PASS password +OK LIST +OK . QUIT +OK |
|
#nc 192.168.16.4 11111
+OK USER user +OK PASS password +OK LIST +OK . QUIT +OK |
|
#nc 192.168.16.4 4444
ls -l итого 16 drwxr-xr-x 19 root root 4096 Июн 14 14:37 etc -rw------- 1 root root 0 Июн 15 10:22 fileQQYEnn drwx------ 2 user user 4096 Июн 15 09:57 keyring-ljZs3L drwx------ 2 user user 4096 Июн 15 09:58 orbit-user drwx------ 2 user user 4096 Июн 15 09:57 ssh-WfUKnd1152 prw-r--r-- 1 root root 0 Июн 15 10:24 test hostanme ifconfig ... Получено:11 http://debian.org.ua squeeze/main 2010-06-15-0302.55.pdiff [51,7kB] Получено:12 http://debian.org.ua squeeze/contrib 2010-06-15-0302.55.pdiff [971B] Получено:13 http://debian.org.ua squeeze/non-free 2010-06-15-0302.55.pdiff [246B] Получено:14 http://debian.org.ua squeeze/contrib 2010-06-15-0302.55.pdiff [971B] Получено:15 http://debian.org.ua squeeze/non-free 2010-06-15-0302.55.pdiff [246B] Получено 654kБ за 4с (155kБ/c) Чтение списков пакетов... echo $PS1 PS1=test\h exit |
|
#nc -c '/bin/bash -i' -l -p 4444
root@debian4:/tmp# ls -l root@debian4:/tmp# hostname root@debian4:/tmp# hostname -f root@debian4:/tmp# quit bash: quit: команда не найдена root@debian4:/tmp# exit exit |
|
#nc -c '/bin/bash -i' -l -p 4444^C
|
|
#nc 192.168.16.4 4444
ls -l итого 16 drwxr-xr-x 19 root root 4096 Июн 14 14:37 etc -rw------- 1 root root 0 Июн 15 10:22 fileQQYEnn drwx------ 2 user user 4096 Июн 15 09:57 keyring-ljZs3L drwx------ 2 user user 4096 Июн 15 09:58 orbit-user drwx------ 2 user user 4096 Июн 15 09:57 ssh-WfUKnd1152 prw-r--r-- 1 root root 0 Июн 15 10:24 test hostname debian4 hostname -f debian4.net.nt quit exit |
|
#dpkg -l | grep inetd
ii update-inetd 4.36 inetd configuration file updater |
|
#cd
|
|
#apt-get install openbsd-inetd
Чтение списков пакетов... Готово Построение дерева зависимостей Чтение информации о состоянии... Готово Будут установлены следующие дополнительные пакеты: tcpd НОВЫЕ пакеты, которые будут установлены: openbsd-inetd tcpd обновлено 0, установлено 2 новых пакетов, для удаления отмечено 0 пакетов, и 345 пакетов не обновлено. Необходимо скачать 72,7kБ архивов. После данной операции, объём занятого дискового пространства возрастёт на 270kB. ... Выбор ранее не выбранного пакета tcpd. (Чтение базы данных ... на данный момент установлено 55500 файлов и каталогов.) Распаковывается пакет tcpd (из файла .../tcpd_7.6.q-19_i386.deb)... Выбор ранее не выбранного пакета openbsd-inetd. Распаковывается пакет openbsd-inetd (из файла .../openbsd-inetd_0.20080125-4_i386.deb)... Обрабатываются триггеры для man-db ... Настраивается пакет tcpd (7.6.q-19) ... Настраивается пакет openbsd-inetd (0.20080125-4) ... Stopping internet superserver: inetd. Not starting internet superserver: no services enabled. |
|
#vim /etc/services
--- /tmp/l3-saved-1461.23937.17661 2010-06-15 10:30:48.000000000 +0300 +++ /etc/services 2010-06-15 10:31:17.000000000 +0300 @@ -585,5 +585,5 @@ dircproxy 57000/tcp # Detachable IRC Proxy tfido 60177/tcp # fidonet EMSI over telnet fido 60179/tcp # fidonet EMSI over TCP - +calc 65534/tcp # Local services |
|
#vim /etc/inetd.conf
--- /tmp/l3-saved-1461.17446.23624 2010-06-15 10:31:22.000000000 +0300 +++ /etc/inetd.conf 2010-06-15 10:32:47.000000000 +0300 @@ -18,7 +18,7 @@ #discard dgram udp wait root internal #daytime stream tcp nowait root internal #time stream tcp nowait root internal - +calc stream tcp nowait root /usr/bin/bc #:STANDARD: These are standard services. #:BSD: Shell, login, exec and talk are BSD protocols. |
|
#/etc/init.d/openbsd-inetd restart
Restarting internet superserver: inetd. |
|
#netstat -lnp | grep inetd
tcp 0 0 0.0.0.0:65534 0.0.0.0:* LISTEN 2997/inetd |
|
#whereis inetd
inetd: /usr/sbin/inetd /etc/inetd.conf /usr/share/man/man8/inetd.8.gz |
|
#file /usr/sbin/inetd
/usr/sbin/inetd: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped |
|
#file /etc/inetd.conf
/etc/inetd.conf: ASCII text |
|
#file /etc/init.d/openbsd-inetd
/etc/init.d/openbsd-inetd: POSIX shell script text executable |
|
#ldd /usr/sbin/inetd
linux-gate.so.1 => (0xb7f4f000)
libwrap.so.0 => /lib/libwrap.so.0 (0xb7f2f000)
libc.so.6 => /lib/libc.so.6 (0xb7de8000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7dd1000)
/lib/ld-linux.so.2 (0xb7f50000)
|
|
#man libwrap
|
|
#vim /etc/hosts.allow
|
|
#~
Нет справочной страницы для host_access |
|
#apropos /etc/hosts.allow
|
|
#apropos host_access
|
|
#apropos hosts
hosts.equiv (5) - list of hosts and users that are granted "trusted"r co... exim4_hubbed_hosts (5) - Files in use by the Debian exim4 packages hosts (5) - The static table lookup for hostnames hosts.allow (5) - format of host access control files hosts.deny (5) - format of host access control files hosts_access (5) - format of host access control files hosts_options (5) - host access control language extensions pam_rhosts (8) - The rhosts PAM module ping (8) - send ICMP ECHO_REQUEST to network hosts ping6 (8) - send ICMP ECHO_REQUEST to network hosts |
|
#vim .vimrc
--- /dev/null 2010-06-15 09:50:47.839716629 +0300 +++ .vimrc 2010-06-15 10:37:09.000000000 +0300 @@ -0,0 +1,2 @@ +syn on +set number |
|
#vim /etc/hosts.allow
|
|
#~
1 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the systemm
.
. See the manual pages hosts_access(5) and hosts_options(5))
3 #
4 # Example: ALL: some.host.name, .some.domain
"/etc/hosts.deny" 20L, 880C
5 # ALL EXCEPT in.fingerd: other.host.name, .other.domain
6 #
7 # If you're going to protect the portmapper use the name "portmap" for the
8 # daemon name. Remember that you can only use the keyword "ALL" and IP
...
15 #
ALL: DENY
16 # You may wish to enable this to ensure any programs that don't
"/etc/hosts.deny" 20L, 889C записано
17 # validate looked up hostnames still leave understandable logs. In past
-- ВСТАВКА --
18 # versions of Debian this has been the default.
19 # ALL: PARANOID
20
~
|
|
#vim /etc/hosts.deny
|
|
#~
^C |
|
#man tcpd
|
|
#whereis tcpd
tcpd: /usr/sbin/tcpd /usr/share/man/man8/tcpd.8.gz |
|
#vim /etc/inetd.conf
--- /tmp/l3-saved-1461.23219.16842 2010-06-15 10:39:04.000000000 +0300 +++ /etc/inetd.conf 2010-06-15 10:39:14.000000000 +0300 @@ -18,7 +18,7 @@ #discard dgram udp wait root internal #daytime stream tcp nowait root internal #time stream tcp nowait root internal -calc stream tcp nowait root /usr/bin/bc +calc stream tcp nowait root /usr/sbin/tcpd /usr/bin/bc #:STANDARD: These are standard services. #:BSD: Shell, login, exec and talk are BSD protocols. |
|
#ps aux | grep inetd
root 2997 0.0 0.1 1884 632 ? Ss 10:32 0:00 /usr/sbin/inetd root 3345 0.0 0.1 4824 756 pts/3 R+ 10:39 0:00 grep inetd |
|
#kill -1 2997
|
|
#invoke-rc.d openbsd-inetd restart
Restarting internet superserver: inetd. |
|
#nc 192.168.16.4 65534
2+@ (standard_in) 1: illegal character: @ (standard_in) 2: syntax error 2+2 4 ^C |
|
#nc 192.168.16.4 65534
4+4 |
|
#nc 192.168.16.4 65534
4+4 8 ^C |
|
#vim /etc/crontab
--- /tmp/l3-saved-1461.20596.6639 2010-06-15 10:44:04.000000000 +0300 +++ /etc/crontab 2010-06-15 10:44:41.000000000 +0300 @@ -14,4 +14,4 @@ 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # - +* * * * * root logger -p emerg TEST_CRONT_TAB |
|
#ls -l /etc/crontab
-rw-r--r-- 1 root root 769 Июн 15 10:44 /etc/crontab |
|
#vim /etc/crontab
--- /tmp/l3-saved-1461.10092.15232 2010-06-15 10:45:17.000000000 +0300 +++ /etc/crontab 2010-06-15 10:45:21.000000000 +0300 @@ -14,4 +14,4 @@ 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # -* * * * * root logger -p emerg TEST_CRONT_TAB +#* * * * * root logger -p emerg TEST_CRONT_TAB |
|
#su - user
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "crontab.t3hvBI/crontab" 2L, 70C записано crontab: installing new crontab user@debian4:~$ exit logout |
|
#grep -r logger /var/spool/cron/
/var/spool/cron/crontabs/user:* * * * * logger -p emerg TEST_FROM_USER |
|
|