L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h




Download 7,3 Mb.
Pdf ko'rish
bet90/115
Sana27.11.2023
Hajmi7,3 Mb.
#106243
1   ...   86   87   88   89   90   91   92   93   ...   115
Bog'liq
linuxbasicsforhackers

nmap -sT 192.168.181.1
To take things a step further, if you wanted to perform a TCP scan of 
address 192.168.181.1, looking to see whether port 3306 (the default port 
for MySQL) was open, you could enter this:
nmap -sT 192.168.181.1 -p 3306
Here, 
-p
designates the port you want to scan for. Go ahead and try it 
out now on your Kali system.
Our Task
At the time of this writing, there is a hacker serving time in US federal prison 
by the name of Max Butler, also known as Max Vision throughout the hacker 
world. Max was a kind of gray hat hacker. By day, he was an IT security profes-
sional in Silicon Valley, and by night, he was stealing and selling credit card 
numbers on the black market. At one time, he ran the world’s largest credit 
card black market, CardersMarket. Now, Max is serving a 13-year prison term 


Bash Scripting
87
while at the same time assisting the Computer Emergency Response Team 
(CERT) in Pittsburgh with defending against hackers.
A few years before Max was caught, he realized that the Aloha Point of 
Sale (POS) system used by many small restaurants had a technical support 
backdoor built into it. In this case, the backdoor enabled tech support to 
assist their clients. Aloha tech support could access the end user’s system 
through port 5505 to provide assistance when the user called for help. Max 
realized that if he found a system connected to the internet with the Aloha 
POS system, he could access the system with sysadmin privileges through 
port 5505. Max was able to enter many of these systems and steal tens of 
thousands of credit card numbers.
Eventually, Max wanted to find every system that had port 5505 open so 
that he could go from stealing thousands of credit card numbers to steal-
ing millions. Max decided to write a script that would scan millions of IP 
addresses looking for systems with port 5505 open. Of course, most systems 
do not have port 5505 open so, if they did, it was likely they were running the 
doomed Aloha POS. He could run this script while at work during the day, 
then by night hack into those systems identified as having port 5505 open.
Our task is to write a script that will be nearly identical to Max’s script, 
but rather than scan for port 5505 as Max did, our script will scan for systems 
connected to the ubiquitous online database MySQL. MySQL is an open 
source database used behind millions of websites; we’ll be working with 
MySQL in Chapter 12. By default, MySQL uses port 3306. Databases are the 
“Golden Fleece” that nearly every black hat hacker is seeking, as they often 
contain credit card numbers and personally identifiable information (PII) 
that is very valuable on the black market.

Download 7,3 Mb.
1   ...   86   87   88   89   90   91   92   93   ...   115




Download 7,3 Mb.
Pdf ko'rish

Bosh sahifa
Aloqalar

    Bosh sahifa



L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h

Download 7,3 Mb.
Pdf ko'rish