Directory traversal as a reconnaissance tool
来源:互联网 发布:sql中case的用法 编辑:程序博客网 时间:2024/05/18 01:17
Like most of you, I find malicious or fraudulent online advertisers annoying to say the least.
My typical response, upon receipt of rogue AV pop-ups, or redirects to clearly fraudulent sites, is to "closely scrutinize" the perpetrating site.
This effort often bears fruit as is evident in the following analysis.
My interest was recently peaked when being made aware of a number of related sites committing abuse against a variety of brands; all quite clearly in violation of copyrights and trademarks.
An example, for your consideration: messenger-download.info
After a little exploration it was quickly determined that these cretins seek only to con victims out of credit card data with the promise of illegal downloads for a fee.
Apparently these dbags have been at it for awhile.
They make it look like you're going to receive access to a legitimate offering then they suck you in to freedownloadzone.com.
This, of course, pissed me off, so...off to the races.
A poke here, a tickle there, and voila.../etc/passwd.
This Centos server, running Apache 2.2.3 (very dated), complete with craptastic PHP code, is a textbook lesson in how to not run a web server.
Includes, anyone?
What's lovely about grabbing /etc/passwd with directory traversal (file path traversal, if you prefer) is the discovery of all the additional abusive URLs in play on this same server. Additionally you'll note more than a few culprits, learned to be based in the Phillipines after running their user names through Maltego.
Here's a text dump of the raw /etc/passwd grab.
A little regex parsing produced 256 +/- URLs, all pointing back to freedownloadzone.com, and all GoDaddy domains (shocking!).
Rather than post all the URLs here, for brevity, please refer to the text file.
Lesson to be learned for the bad guys: secure development practices apply to you as well, or the whitehats may come knocking.
A parting thought for freedownloadzone.com, and it's shadow org, helpmedownload.com.
By the way, you have XSS issues too: http://bit.ly/cT2P8F
- Directory traversal as a reconnaissance tool
- A. Reconnaissance
- A. Reconnaissance 2
- A. Reconnaissance 2
- maven编译error:Could not find tool 'aapt'. Please provide a proper Android SDK directory path as confi
- 【水排序】#32 A. Reconnaissance
- CodeForces 34A Reconnaissance 2
- CODEFORCES, 34A,Reconnaissance 2
- eWebEditor suffers from a directory traversal vulnerability
- Reconnaissance
- A - Reconnaissance 2 士兵 立正啦…
- 【水数组】#34 A. Reconnaissance 2
- Codeforce 34A-Reconnaissance 2(水)
- Beyond Compare as a Diff and Merge tool with Git
- Good tool for ubuntu, as a linux programer
- Check Sheet as a Component of Seven Basic Quality Tool
- Histogram as a Component of Seven Basic Quality Tool
- Control Chart as a Component of Seven Basic Quality Tool
- 工作学习的一点思索
- yum 命令
- google的GFS,map/reduce,bigtable的资料索引
- 查看端口号是否被占用(情况 命令)
- 系统集成项目管理工程师考试情况分析及对考生备考的建议
- Directory traversal as a reconnaissance tool
- NoSQL数据库探讨一
- [转载]Java学习总结(Java源文件、JavaDoc文档)
- 【转】理解ASP.NET中的三层中的DAL、BLL和USL
- http://technet.microsoft.com/zh-cn/cc731957(WS.10).aspx
- @RSnake ’s RFI List in Burp Suite
- 图解MyEclipse配置struts+hibernate+spring+FreeMarker
- 上传
- 心情