UC知道专业高手帮帮忙翻译啊9999
来源:百度知道 编辑:UC知道 时间:2024/06/16 22:45:36
Now we get down to the interesting stuff. These beasts can be intelligent so some brain is needed.
active:
(re-)placing a cgi-script on the webserver of the company, which allows remote access. This is unlikely because it's rare that the webserver is in the network, not monitored/ checked/audited and accessible from the internet. I hope nobody needs an example on such a thing ;-)
(re-placing) a service/binary on the firewall. This is dangerous because those are audited regulary and sometimes even sniffed on permanent ...
Loading a loadable module into the firewall kernel wich hides itself and gives access to it's master. The best solution for an active backdoor but still dangerous.
passive:
E@mail - an email account/mailer/reader is configured in a way to extract hidden commands in an email (X-Headers with weird stuff) and send them back with output if wanted/needed.
WWW - this is hard stuff. A daemon on an internal machine does http requests
active:
(re-)placing a cgi-script on the webserver of the company, which allows remote access. This is unlikely because it's rare that the webserver is in the network, not monitored/ checked/audited and accessible from the internet. I hope nobody needs an example on such a thing ;-)
(re-placing) a service/binary on the firewall. This is dangerous because those are audited regulary and sometimes even sniffed on permanent ...
Loading a loadable module into the firewall kernel wich hides itself and gives access to it's master. The best solution for an active backdoor but still dangerous.
passive:
E@mail - an email account/mailer/reader is configured in a way to extract hidden commands in an email (X-Headers with weird stuff) and send them back with output if wanted/needed.
WWW - this is hard stuff. A daemon on an internal machine does http requests
现在我们开始认真做有趣的材料.这些野兽能是聪明,所以一些
大脑被需要.活跃:
(兹就)把一允许遥远接近的机会的公司的cgi-字体放在webserver上.这个是不太可能因为webserver是很其的在网络中it\'s,不方格图案//审计和可从因特网接近monitored/.我希望没有人需要一有关这样一东西;-例子
在防火墙上(取代)一服务//两部分构成的一组.因为那些是审计regulary和有关永久性的...有时甚至擤鼻子,这个是危险
在防火墙上(取代)一服务//两部分构成的一组.因为那些是审计regulary和有关永久性的...有时甚至擤鼻子,这个是危险
被动:
E@mail--一个电子邮件帐户寄邮件的人//读者被摘取在一电子邮件中隐匿指挥((有怪异材料)的X-装桶盖的工人在某个意义上配置如果想要/,输出地退还他们需要.
万维网--这个是努力材料.一个在一台内部机器上恶魔对因特网做http请求但是请求是进入真正指挥,被一的http作为答复凶猛的www服务器下的命令的答案.这个真容易野兽被下面展示->Backdoor例子:相反万维网荷兰皇家壳牌同样地在上方但是随着dns问题和回答DNS-同一观念.不利之处是它不能带着许多数据.(http://www.icon.co.za/~wosp/wosp.dns-tunnel.tar.gz,这例子仍然需要许多编代码是有效)一些