当前位置:编程学习 > 网站相关 >>

How to get the Information leakage

1. Banners
 
Banners are the text presented to a user when they attempt to log into a system via any one of the many services. Banners can be found on such services as File Transfer Protocol (FTP), secure shell (SSH), telnet, Simple Mail Transfer Protocol (SMTP), and Post Office Protocol 3 (POP3). Many software packages for these services happily yield version information to outside users in their default configuration.
 
 
 
 
 
2. Error Messages:
 
Services such as Web servers yield more than ample information about themselves when an exception condition is created. An exception condition is defined by a circumstance out of the ordinary, such as a request for a page that does not exist, or a command that is not recognized. In these situations, it is best to make use of the customizable error configurations supplied, or create a workaround configuration.
 
 
 
 
 
3. Protocol Information Leakage:
 
In addition to the previously mentioned cases of information leakage, there is also what is termed protocol 易做图ysis. Protocol 易做图ysis exists in numerous forms. One type of 易做图ysis is using the constraints of a protocol’s design against a system to yield information about a system. Observe this FTP system type query:
 
 
elliptic@ellipse:~$ telnet parabola.cipherpunks.com 21
Trying 192.168.1.2...
Connected to parabola.cipherpunks.com.
Escape character is '^]'.
220 parabola FTP server (Version: 9.2.1-4) ready.
SYST
215 UNIX Type: L8 Version: SUNOS
 
 
 
 
 
This problem also manifests itself in such services as HTTP. Observe the leakage of information through the HTTP HEAD command:
elliptic@ellipse:~$ telnet www.cipherpunks.com 80
Trying 192.168.1.2...
Connected to www.cipherpunks.com.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Wed, 05 Dec 2001 11:25:13 GMT
Server: Apache/1.3.22 (Unix)
Last-Modified: Wed, 28 Nov 2001 22:03:44 GMT
ETag: "30438-44f-3c055f40"
Accept-Ranges: bytes
Content-Length: 1103
Connection: close
Content-Type: text/html
 
 
 
 
 
4. Analysis of responses to IP
 
Attackers also perform protocol 易做图ysis through a number of other methods. One such method is the 易做图ysis of responses to IP, an attack based on the previously mentioned concept, but working on a lower level. Automated tools, such as www.syngress.com Classes of Attack, the Network Mapper, or Nmap, provide an easy-to-use utility designed to gather information about a target system, including publicly reachable ports on the system, and the operating system of the target. Observe the output from an Nmap scan:
 
 
elliptic@ellipse:~$ nmap -sS -O parabola.cipherpunks.com
 
 
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on parabola.cipherpunks.com (192.168.1.2):
(The 1533 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
Remote operating system guess: Solaris 2.6 - 2.7
Uptime 5.873 days (since Thu Nov 29 08:03:04 2001)
Nmap run completed — 1 IP address (1 host up) scanned in 67 seconds
 
 
 
 
 
补充:综合编程 , 其他综合 ,
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,