art hacking riassunto (il lato server e il lato exercise)

Posted on November 24, 2008 by alitaliaxyz

http://www.joomlashow.it/template-joomla/

 
OSHO VARAZZE
tel/fax 019 918766 – 019 918703
info@oshovarazze.com

sito fatto da cretivepeople,


On Fri, 7 Nov 2008 16:12:18 +0100

Sentia Server Housing srl info at sentia.it wrote:
> Benvenut* nei servizi offerti da www.sentia.it!!
> Hai attivato presso di noi un servizio di hosting.
> Questo servizio ti permette di gestire un dominio compreso di sito web,
> posta elettronica, trasferimento dati via FTP.
>
> FTP
> —–
> Puoi usare una utenza ftp per traferire il sito. Terminato il
> trasferimento del dominio, potrai collegarti al tuo spazio ftp
> usando l’indirizzo http://www.sens.it.
> SPAZIO WEB
> ———–
>
> Il tuo sito sara raggiungibile all’indirizzo: http://www.sens.it
>
> Noi ci permettiamo di consigliare alcune regole per rendere il sito
> "accessibile" a tutti gli utenti, suggerendo la lettura di una piccola
> guida in proposito: http://www.ecn.org/xs2web/guida.htm
>
> POSTA ELETTRONICA
> ——————-
> Ora hai un dominio di posta elettronico. Puoi gestire la tua posta
> elettronica usando il pannello grafico all’indirizzo:
>
> https://www.sentia.it/cgi-bin/qmailadmin/
>
> per entrare usa questi dati:
>
> Utente (postmaster): postmaster
>
> Per aggiungere nuove caselle usa il link "Nuove Caselle".
>
>
> oppure via web dal sito: https://webmail.sentia.it
>
> SPAZIO SU DISCO
> —————-
>
> Ora gestisci il tuo spazio che sarà occupato da:
> spazio web, posta elettronica, database mysql e log di apache.
> Puoi suddividere il tuo spazio come preferisci, considerando che il
> maggior uso di spazio da parte di un elemento va a detrimento della
> disponibilita complessiva. I log del server di pagine web, che noi
> cancelliamo dopo due mesi dalla loro creazione, sono scaricabili qui:
>
> http://www.sens.it/weblogs
>
> Ti consigliamo di farlo con regolarita se ti interessa tenere traccia
> degli accessi statistici al tuo sito.
> Le puoi trovare al seguente indirizzo:
> http://www.sens.it/sens.it-stats.html
>
> GESTIONE DEL DATABASE
> ———————-
>
> Al momento è stato attivato un database, dal nome "                 ".
> Per gestire personalmente il database con i nostri tool grafici ecco i
> dettagli:
>
> https://www.sentia.it/tools/mysqladm/
> nome database:

> nome utente:

> password:

>
> JOOMLA ADMINISTRATION
> ———————-
>
> Come richiesto è stata installata la versione      di Joomla in 
> lingua
> italiana. Di seguito i dettagli per amministrare il tuo nuovo sito 
> basato
> sul CMS Joomla:
>
> URL Amministrazione: http://www.sens.it/administrator/
> utente:

> password:

> email: mariahost autistici.org
>
> ——-
>
> Questo e tutto quello che ti dovrebbe servire per iniziare.
>
> Grazie per aver scelto i nostri servizi e …
> Benvenuto in Sentia!

praticamente è dal 23 settembre che non coagulo ……………..

riassunto di quel blog:

file della nuova edizione dell arte dell hacking

che ho messo facendo leggere la cartella in

http://www.autistici.org/cybercinema e cliccate su su booksrc

oppure andate in http://www.autistici.org/cybercinema/booksrc/ 

il sito è in lettura grazie a joomla che uso come usavo quando si chiamava mambo,

togliendo l home page in lettura in a.php. 

Welcome to the LiveCD for Hacking : The Art of Exploitation
The source code is found in the ~/booksrc directory

    -=[ Unix Basics (enough to get you started) ]=-

command |   description             |   example
——–|—————————|———————
  ls    |  lists files              |  ls -la
  man   |  manual page help         |  man ls
  pwd   |  print working directory  |  pwd
  cat   |  dump file to console     |  cat unix_basics
  cd    |  change directory         |  cd ~/booksrc
  nano  |  simple text editor       |  nano firstprog.c
———————————————————-
 
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

reader@hacking:~ $ sudo -s
root@hacking:~ # cd ~/booksrc
root@hacking:~/booksrc # ls -la
total 572
drwxr-xr-x  3 reader reader  2740 2008-06-14 12:35 .
drwxr-xr-x 15 reader reader   620 2008-06-14 10:38 ..
-rw-r–r–  1 reader reader   471 2008-06-14 12:35 addressof2.c
-rw-r–r–  1 reader reader   134 2008-06-14 12:35 addressof.c
-rw-r–r–  1 reader reader   426 2008-06-14 12:35 addr_struct.c
-rw-r–r–  1 reader reader   181 2008-06-14 12:35 aslr_demo.c
-rw-r–r–  1 reader reader   299 2008-06-14 12:35 aslr_execl.c
-rw-r–r–  1 reader reader   804 2008-06-14 12:35 aslr_execl_exploit.c
-rw-r–r–  1 reader reader   660 2008-06-14 12:35 auth_overflow2.c
-rw-r–r–  1 reader reader   660 2008-06-14 12:35 auth_overflow.c
-rw-r–r–  1 reader reader   867 2008-06-14 12:35 bind_port.c
-rw-r–r–  1 reader reader  1846 2008-06-14 12:35 bind_port.s
-rw-r–r–  1 reader reader    92 2008-06-14 12:35 bind_shell
-rw-r–r–  1 reader reader   101 2008-06-14 12:35 bind_shell_beta
-rw-r–r–  1 reader reader  2978 2008-06-14 12:35 bind_shell_beta.s
-rw-r–r–  1 reader reader  2872 2008-06-14 12:35 bind_shell.s
-rw-r–r–  1 reader reader   518 2008-06-14 12:35 bitwise.c
-rw-r–r–  1 reader reader   129 2008-06-14 12:35 char_array2.c
-rw-r–r–  1 reader reader   355 2008-06-14 12:35 char_array.c
-rw-r–r–  1 reader reader   224 2008-06-14 12:35 commandline.c
-rw-r–r–  1 reader reader    78 2008-06-14 12:35 connectback_shell
-rw-r–r–  1 reader reader  2718 2008-06-14 12:35 connectback_shell.s
-rw-r–r–  1 reader reader   513 2008-06-14 12:35 convert2.c
-rw-r–r–  1 reader reader   512 2008-06-14 12:35 convert.c
-rw-r–r–  1 reader reader  1275 2008-06-14 12:35 crypt_crack.c
-rw-r–r–  1 reader reader   335 2008-06-14 12:35 crypt_test.c
-rw-r–r–  1 reader reader   530 2008-06-14 12:35 datatype_sizes.c
-rw-r–r–  1 reader reader  3631 2008-06-14 12:35 decode_sniff.c
-rw-r–r–  1 reader reader  7797 2008-06-14 12:35 dissembler.c
-rw-r–r–  1 reader reader   274 2008-06-14 12:35 drop_privs.c
-rw-r–r–  1 reader reader   323 2008-06-14 12:35 dtors_sample.c
-rw-r–r–  1 reader reader    73 2008-06-14 12:35 encoded_socket_reuse_restore
-rw-r–r–  1 reader reader    71 2008-06-14 12:35 encoded_sockreuserestore
-rw-r–r–  1 reader reader  1695 2008-06-14 12:35 encoded_sockreuserestore_dbg.s
-rw-r–r–  1 reader reader  1697 2008-06-14 12:35 encoded_sockreuserestore.s
-rw-r–r–  1 reader reader  1815 2008-06-14 12:35 errorchecked_heap.c
-rw-r–r–  1 reader reader   100 2008-06-14 12:35 evil_name
-rw-r–r–  1 reader reader    36 2008-06-14 12:35 exec_shell
-rw-r–r–  1 reader reader   325 2008-06-14 12:35 exec_shell.c
-rw-r–r–  1 reader reader   736 2008-06-14 12:35 exec_shell.s
-rw-r–r–  1 reader reader   115 2008-06-14 12:35 exploit_buffer
-rw-r–r–  1 reader reader   961 2008-06-14 12:35 exploit_notesearch.c
-rw-r–r–  1 reader reader   586 2008-06-14 12:35 exploit_notesearch_env.c
-rw-r–r–  1 reader reader  1519 2008-06-14 12:35 fcntl_flags.c
-rw-r–r–  1 reader reader   239 2008-06-14 12:35 find_jmpesp.c
-rw-r–r–  1 reader reader   106 2008-06-14 12:35 firstprog.c
-rw-r–r–  1 reader reader  3147 2008-06-14 12:35 fms.c
-rw-r–r–  1 reader reader   566 2008-06-14 12:35 fmt_strings.c
-rw-r–r–  1 reader reader   498 2008-06-14 12:35 fmt_uncommon2.c
-rw-r–r–  1 reader reader   501 2008-06-14 12:35 fmt_uncommon.c
-rw-r–r–  1 reader reader   671 2008-06-14 12:35 fmt_vuln2.c
-rw-r–r–  1 reader reader   567 2008-06-14 12:35 fmt_vuln.c
-rw-r–r–  1 reader reader   498 2008-06-14 12:35 funcptr_example.c
-rw-r–r–  1 reader reader 15307 2008-06-14 12:35 game_of_chance.c
-rw-r–r–  1 reader reader   392 2008-06-14 12:35 getenvaddr.c
-rw-r–r–  1 reader reader   129 2008-06-14 12:35 getenv_example.c
-rw-r–r–  1 reader reader  1222 2008-06-14 12:35 hacking.h
-rw-r–r–  1 reader reader  3451 2008-06-14 12:35 hacking-network.h
-rw-r–r–  1 reader reader  1912 2008-06-14 12:35 heap_example.c
-rw-r–r–  1 reader reader    49 2008-06-14 12:35 helloworld1
-rw-r–r–  1 reader reader   648 2008-06-14 12:35 helloworld1.s
-rw-r–r–  1 reader reader   694 2008-06-14 12:35 helloworld2.s
-rw-r–r–  1 reader reader    40 2008-06-14 12:35 helloworld3
-rw-r–r–  1 reader reader   913 2008-06-14 12:35 helloworld3.s
-rw-r–r–  1 reader reader   720 2008-06-14 12:35 helloworld.asm
-rw-r–r–  1 reader reader    74 2008-06-14 12:35 helloworld.c
-rw-r–r–  1 reader reader   704 2008-06-14 12:35 helloworld.o
-rw-r–r–  1 reader reader   575 2008-06-14 12:35 host_lookup.c
-rw-r–r–  1 reader reader   263 2008-06-14 12:35 input.c
-rw-r–r–  1 reader reader    83 2008-06-14 12:35 loopback_shell
-rw-r–r–  1 reader reader   102 2008-06-14 12:35 loopback_shell_restore
-rw-r–r–  1 reader reader  3157 2008-06-14 12:35 loopback_shell_restore.s
-rw-r–r–  1 reader reader  2791 2008-06-14 12:35 loopback_shell.s
-rw-r–r–  1 reader reader    44 2008-06-14 12:35 mark
-rw-r–r–  1 reader reader    44 2008-06-14 12:35 mark_break
-rw-r–r–  1 reader reader   611 2008-06-14 12:35 mark_break.s
-rw-r–r–  1 reader reader    53 2008-06-14 12:35 mark_restore
-rw-r–r–  1 reader reader   701 2008-06-14 12:35 mark_restore.s
-rw-r–r–  1 reader reader   611 2008-06-14 12:35 mark.s
-rw-r–r–  1 reader reader  1103 2008-06-14 12:35 memory_segments.c
-rw-r–r–  1 reader reader  3451 2008-06-14 12:35 notesearch.c
-rw-r–r–  1 reader reader  1659 2008-06-14 12:35 notetaker.c
-rw-r–r–  1 reader reader   907 2008-06-14 12:35 overflow_example.c
-rw-r–r–  1 reader reader   754 2008-06-14 12:35 pcap_sniff.c
-rw-r–r–  1 reader reader   550 2008-06-14 12:35 pointer.c
-rw-r–r–  1 reader reader   767 2008-06-14 12:35 pointer_types2.c
-rw-r–r–  1 reader reader   791 2008-06-14 12:35 pointer_types3.c
-rw-r–r–  1 reader reader   754 2008-06-14 12:35 pointer_types4.c
-rw-r–r–  1 reader reader   804 2008-06-14 12:35 pointer_types5.c
-rw-r–r–  1 reader reader   693 2008-06-14 12:35 pointer_types.c
-rw-r–r–  1 reader reader    92 2008-06-14 12:35 portbinding_shellcode
-rw-r–r–  1 reader reader  7553 2008-06-14 12:35 ppm_crack.c
-rw-r–r–  1 reader reader  4410 2008-06-14 12:35 ppm_gen.c
-rw-r–r–  1 reader reader  2411 2008-06-14 12:35 printable_helper.c
-rw-r–r–  1 reader reader  1841 2008-06-14 12:35 printable.s
-rw-r–r–  1 reader reader    37 2008-06-14 12:35 priv_shell
-rw-r–r–  1 reader reader  1011 2008-06-14 12:35 priv_shell.s
-rw-r–r–  1 reader reader   311 2008-06-14 12:35 rand_example.c
-rw-r–r–  1 reader reader   487 2008-06-14 12:35 raw_tcpsniff.c
-rw-r–r–  1 reader reader  4664 2008-06-14 12:35 rst_hijack.c
-rw-r–r–  1 reader reader   716 2008-06-14 12:35 scope2.c
-rw-r–r–  1 reader reader  1111 2008-06-14 12:35 scope3.c
-rw-r–r–  1 reader reader   472 2008-06-14 12:35 scope.c
-rw-r–r–  1 reader reader    35 2008-06-14 12:35 shellcode
-rw-r–r–  1 reader reader    35 2008-06-14 12:35 shellcode.bin
-rw-r–r–  1 reader reader  1033 2008-06-14 12:35 shellcode.s
-rw-r–r–  1 reader reader  5478 2008-06-14 12:35 shroud.c
-rw-r–r–  1 reader reader  2070 2008-06-14 12:35 signal_example.c
-rw-r–r–  1 reader reader  1872 2008-06-14 12:35 simplenote.c
-rw-r–r–  1 reader reader  1695 2008-06-14 12:35 simple_server.c
-rw-r–r–  1 reader reader    62 2008-06-14 12:35 socket_reuse_restore
-rw-r–r–  1 reader reader  1477 2008-06-14 12:35 socket_reuse_restore.s
-rw-r–r–  1 reader reader   168 2008-06-14 12:35 stack_example.c
-rw-r–r–  1 reader reader   665 2008-06-14 12:35 static2.c
-rw-r–r–  1 reader reader   617 2008-06-14 12:35 static.c
-rw-r–r–  1 reader reader  3324 2008-06-14 12:35 synflood.c
-rw-r–r–  1 reader reader  1414 2008-06-14 12:35 time_example2.c
-rw-r–r–  1 reader reader   754 2008-06-14 12:35 time_example.c
-rw-r–r–  1 reader reader    25 2008-06-14 12:35 tiny_shell
-rw-r–r–  1 reader reader   648 2008-06-14 12:35 tiny_shell.s
-rw-r–r–  1 reader reader  4987 2008-06-14 12:35 tinyweb.c
-rw-r–r–  1 reader reader  6590 2008-06-14 12:35 tinywebd.c
-rw-r–r–  1 reader reader  2005 2008-06-14 12:35 tinyweb_exploit2.c
-rw-r–r–  1 reader reader  1747 2008-06-14 12:35 tinyweb_exploit.c
-rw-r–r–  1 reader reader   316 2008-06-14 12:35 typecasting.c
-rw-r–r–  1 reader reader   119 2008-06-14 12:35 uid_demo.c
-rw-r–r–  1 reader reader  1532 2008-06-14 12:35 update_info.c
-rw-r–r–  1 reader reader   102 2008-06-14 12:35 vuln.c
drwxr-xr-x  2 reader reader   100 2008-06-14 12:35 webroot
-rw-r–r–  1 reader reader  1178 2008-06-14 12:35 webserver_id.c
-rwxr-xr-x  1 reader reader   771 2008-06-14 12:35 xtool_tinywebd_cback.sh
-rwxr-xr-x  1 reader reader  1115 2008-06-14 12:35 xtool_tinywebd_reuse.sh
-rwxr-xr-x  1 reader reader   586 2008-06-14 12:35 xtool_tinywebd.sh
-rwxr-xr-x  1 reader reader  1054 2008-06-14 12:35 xtool_tinywebd_silent.sh
-rwxr-xr-x  1 reader reader   997 2008-06-14 12:35 xtool_tinywebd_spoof.sh
-rwxr-xr-x  1 reader reader   781 2008-06-14 12:35 xtool_tinywebd_steath.sh
root@hacking:~/booksrc # prima di inziare gi esercizi hp epnsato che non tutti hanno una tastiera americana,
bash: prima: command not found
root@hacking:~/booksrc #
root@hacking:~/booksrc #

 

prima di inziare gi esercizi ho pensato che non tutti hanno una tastiera americana,

allora mi son preparato e ho cercato chi linka listati on line:

Chapter 0x200 Programming

overflow.c
vuln.c
exploit.c
vuln2.c
env_exploit.c
getenvaddr.c
heap.c
bss_game.c
fmt_example.c
fmt_vuln.c
dtors_sample.c
hello.asm
shell.asm
shellcode.asm_original
shellcode.asm_final
stackshell.asm
tinyshell.asm
print.asm
printable_exploit.c
print2.asm
only_print.c
cleared_stack.c

Chapter 0x300 Networking

arpredirect.pl
hijack_rst.sh
shroud.sh
shroud2.sh

Chapter 0x400 Cryptology

crack.pl
ppm_gen.c
ppm_crack.c
fms.c
il sito? http://tecalibri.altervista.org/E/ERICKSON-J_arte.htm#p004

che scopro essere i listati della prima edizione che si può leggere on line
http://books.google.com/books?vid=ISBN8850323476&printsec=toc&dq=isbn:8850323476&hl=it#PPP1,M1

poi ho scoperto che l autore del libro con cd rom ubuntu hacks contenente i listati

 

usa il pc fin da quando era bambino: join erickson

 

http://www.tinker.tv/download/hacking2e_toc.

http://www.oreillynet.com/pub/au/1648 art hacking
http://www.gizmosforgeeks.com/2008/02/24/book-review-hacking-the-art-of-exploitation/

art hacking

Hacking and Security – 70 books

Citazione:
Addison-Wesley Professional.Honeypots- Tracking Hackers.pdf
Wiley.The Database Hacker’s Handbook- Defending Database Servers.chm
John Wiley & Sons.Hacking GMail (ExtremeTech).pdf
Hacking.Guide.V3.1.pdf
A-List Publishing.Hacker Linux Uncovered.chm
Hacker’S.Delight.chm
Hacker.Bibel.[278.kB_www.netz.ru].pdf
HackerHighSchool.pdf
Hacker’s Desk Reference.pdf
Hackers Beware Defending Your Network From The Wiley Hacker.pdf
Addison Wesley – Hackers Delight 2002.pdf
addison wesley – web hacking – attacks and defense.chm
Addison Wesley, The Outlook Answer Book Useful Tips Tricks And Hacks (2005) Bbl Lotb.chm
Anti-Hacker ToolKit – McGraw Hill 2E 2004.chm
Auerbach.Pub.The.Hackers.Handbook.The.Strategy.Behind.Breaking.into.and.Defending.Networks.Nov.2003.eBook-DDU.pdf
ceh-official-certified-ethical-hacker-review-guide-exam-312-50.9780782144376.27422.pdf
ebook.oreilly.-.windows.xp.hacks.sharereactor.chm
For.Dummies.Hacking.for.Dummies.Apr.2004.eBook-DDU.pdf
For.Dummies.Hacking.Wireless.Networks.For.Dummies.Sep.2005.eBook-DDU.pdf
Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.chm
hacker-disassembling-uncovered.9781931769228.20035.chm
Hacking Cisco Routers.pdf
Hacking the Code – ASP.NET Web Application Security Cookbook (2004) .chm
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook.pdf
John.Wiley.and.Sons.The.Art.of.Intrusion.The.Real.Stories.Behind.the.Exploits.of.Hackers.Intruders.and.Deceivers.Feb.2005.ISBN0764569597.pdf

Jon.Erickson.Hacking.The.Art.Of.Exploitation.No.Starch.Press.2003.chm
Linux-Server.Hacks-OReilly.pdf
McGraw Hill – Web Applications (Hacking Exposed).pdf
McGraw.Hill.HackNotes.Linux.and.Unix.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eBook-DDU.pdf
OReilly – Flickr Hacks Tips and Tools for Sharing Photos Online (Feb 2006).chm
Oreilly Access Hacks Apr 2005.chm
OReilly,.Digital.Video.Hacks.(2005).DDU.LotB.chm
oreilly,.visual.studio.hacks.(2005).ddu.lotb.chm
Oreilly.Amazon.Hacks.eBook.LiB.chm
oreilly.firefox.hacks.ebook-lib.chm
OReilly.Google.Hacks.2nd.Edition.Dec.2004.ISBN0596008570.chm
OReilly.Google.Maps.Hacks.Jan.2006.chm
Oreilly.Linux.Desktop.Hacks.Mar.2005.eBook-LiB.chm
OReilly.Linux.Server.Hacks.Volume.Two.Dec.2005.chm
OReilly.Network.Security.Hacks.chm
OReilly.PayPal.Hacks.Sep.2004.eBook-DDU.chm
OReilly.PC.Hacks.Oct.2004.eBook-DDU.chm
OReilly.Perl.Hacks.Tips.and.Tools.for.Programming.Debugging.and.Surviving.May.2006.chm
OReilly.Skype.Hacks.Tips.and.Tools.for.Cheap.Fun.Innovative.Phone.Service.Dec.2005.chm
OReilly.Statistics.Hacks.May.2006.chm
OReilly.Ubuntu.Hacks.Tips.and.Tools.for.Exploring.Using.and.Tuning.Linux.Jun.2006.chm
OReilly.VoIP.Hacks.Tips.and.Tools.for.Internet.Telephony.Dec.2005.chm
oreilly.windows.xp.hacks.2nd.edition.feb.2005.lib.chm
OReilly.Word.Hacks.Oct.2004.eBook-DDU.chm
prentice hall – pipkin – halting the hacker- a practical guide to computer security, 2nd edition.chm
Que – UNIX Hints Hacks.chm
Que.Certified.Ethical.Hacker.Exam.Prep.Apr.2006.chm
Syngress – Hack Proofing Linux (2001).pdf
Syngress – Hack Proofing Your Identity in the Information Age – 2002.pdf
Syngress — Hack Proofing Your Wireless Network.pdf
Syngress.Hacking.a.Terror.Network.Nov.2004.ISBN1928994989.pdf
the-database-hackers-handbook-defending-database-servers.9780764578014.25524.chm
Websters.New.World.Websters.New.World.Hacker.Dictionary.Sep.2006.pdf
Wiley.Hacking.Firefox.More.Than.150.Hacks.Mods.and.Customizations.Jul.2005.eBook-DDU.pdf
Wiley.Hacking.Google.Maps.and.Google.Earth.Jul.2006.pdf
Wiley.Hacking.GPS.Mar.2005.ISBN0764598805.pdf
Wiley.Lifehacker.Dec.2006.pdf


Codice:
http://hackingandsecurity.com/hacks/


hackish.altervista.org/forum/viewtopic.php?t=199 http://www.yyztech.ca/articles/view/review_hacking_the_art_of_exploitation

************************************************************************************************

djvù

 

 

 

This entry was posted in Generale. Bookmark the permalink.