ﺍﺧﺘﺮﺍﻕ ﻣﻮﻗﻊ

ﺑﺴﻢ ﺍﻟﻠﻪ ﺍﻟﺮﺣﻤﻦ ﺍﻟﺮﺣﻴﻢ
ﻭﻗﻞ ﺭﺑﻰ ﺯﺩﻧﻰ ﻋﻠﻤﺎ
ﺻﺪﻕ ﺍﻟﻠﻪ ﺍﻟﻌﻈﻴﻢ !!
ﺍﻭﻻ ﻳﺎ ﺷﺒﺎﺏ ﻳﻌﻨﻰ ﺍﻳﻪ ﺛﻐﺮﻩ ﻭﻛﻴﻒ
ﺗﺘﻄﺒﻘﻬﺎ ﻭﻃﻴﻒ ﺗﻌﺮﻑ ﺍﻥ ﺍﻟﻤﻮﻗﻊ ﻳﺪﻋﻢ
ﺑﺜﻐﺮﻩ
ﺍﺳﺌﻠﻪ ﺗﺪﻭﺭ ﻓﻰ ﺫﻫﻨﻨﺎ ﻓﻠﻜﻰ ﺗﻌﺮﻑ ﻓﺘﺎﺑﻊ
ﻫﺎﺩ ﺍﻟﺸﺮﺡ ﻣﻊ
ﺍﻟﺘﻄﻴﺒﻖ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!
" ﺍﻟﺜﻐﺮﺍﺕ "
* ﻟﻜﻲ ﺗﺴﺘﻄﻴﻊ

ﺍﺧﺘﺮﺍﻕ ﻣﻮﻗﻊ ﻻ ﺑﺪ ﺃﻥ
ﺗﻌﺮﻑ ﺍﺳﻢ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﻛﻠﻤﺔ ﺍﻟﻤﺮﻭﺭ
ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﻮﻗﻊ
User name-Password
ﻭﻫﻤﺎ ﻳﻜﻮﻧﺎﻥ ﻣﺤﻔﻮﻇﻴﻦ ﻓﻲ ﻣﻠﻒ
ﻳﺴﻤﻲ
PASSWDﻏﺎﻟﺒﺎ
ﺑﻌﺾ ﺍﻟﻤﻮﺍﻗﻊ ﺗﻀﻊ ﻫﺬﺍ ﺍﻟﻤﻠﻒ ﻓﻲ ﺍﻹﻑ
ﺗﻲ ﺑﻲ
ﻣﺎ ﻫﻮ ﺇﻑ ﺗﻲ ﺑﻲ؟
FTP=File Transfer Protocol
ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ ﺗﺴﺘﻄﻴﻊ ﺍﻻﺗﺼﺎﻝ
ﺑﺎﻟﻤﻮﻗﻊ ﻭﺳﺤﺐ ﻫﺬﺍ ﺍﻟﻤﻠﻒ ﻋﻦ ﻃﺮﻳﻖ
ﺍﻟﺘﻠﻨﺖ
start==>run ﺇﺑﺪﺃ ﺛﻢ ﺗﺸﻐﻴﻞ
ﻭﺍﻛﺘﺐ telnet
ﺳﻴﻔﺘﺢ ﺍﻟﺘﻠﻨﺖ ﺍﺿﻐﻂ ﻋﻠﻰRemote
System ==> connect
ﺛﻢ ﺍﻛﺘﺐ ﺍﻟﻤﻮﻗﻊ ﻓﻲ Host Name ﻣﺜﻼ
kahane.org ﺃﻭ ﺍﻵﻳﺒﻲ ﺍﻟﺨﺎﺹ ﺑﻪ
ﻭﻓﻲ PORT ﺍﻛﺘﺐ 21 ﻭﻫﻮ ﺍﻟﺒﻮﺭﺕ
ﺍﻟﺨﺎﺹ ﺑﺎﻹﻑ ﺗﻲ ﺑﻲ
ﺛﻢ ﺍﺿﻐﻂ connect
ﻭﺑﻌﺪ ﺃﻥ ﻳﻈﻬﺮ ﺭﺩ ﺍﻟﺴﻴﺮﻓﺮ ﺍﻛﺘﺐ
ﻭﻟﻜﻦ..ﻟﻦ ﺗﺮﻯ ﻣﺎ ﻛﺘﺒﺖ!! ﺷﻔﺮﺓ source
code
user anonymous
ﺛﻢ ﺍﻧﺘﺮ ﺑﻌﺪﻫﺎ ﻳﻄﻠﺐ ﺍﻟﺴﻴﺮﻓﺮ ﻛﻠﻤﺔ ﺍﻟﺴﺮ
ﺍﻛﺘﺐ
pass zzzoozz@yahoo.com
ﺍﻛﺘﺐ ﺃﻱ ﺑﺮﻳﺪ ﻛﻜﻠﻤﺔ ﺳﺮ ﻭﻃﺒﻌﺎ ﺳﻴﻜﻮﻥ
ﻭﻫﻤﻴﺎ
ﻣﺎﺫﺍ ﻓﻌﻠﻨﺎ؟ﻟﻘﺪ ﺩﺧﻠﻨﺎ ﺇﻟﻰ ﺳﻴﺮﻓﺮ ﺍﻟﻤﻮﻗﻊ
ﻓﻲ ﻭﺿﻊ ﺍﻟﺘﺨﻔﻲ ﻭﺑﻌﺾ ﺍﻟﻤﻮﺍﻗﻊ
ﺗﺴﻤﺢ ﺑﻬﺬﻩ ﺍﻟﺨﺎﺻﻴﺔ ﻭﺑﻌﻀﻬﺎ ﻻ ﻳﺴﻤﺢ..
ﺑﻌﺪﻫﺎ ﺳﻨﺤﺼﻞ ﻋﻠﻰ ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ
ﻗﺒﻞ ﺫﻟﻚ ﺃﺣﺐ ﺃﻥ ﺃﺫﻛﺮ ﺃﻧﻪ ﻳﻤﻜﻨﻚ ﻋﻤﻞ
ﺍﻷﺷﻴﺎﺀ ﺍﻟﺴﺎﺑﻘﺔ ﻋﻦ ﻃﺮﻳﻖ ﺃﻱ ﺑﺮﻧﺎﻣﺞ
ﺇﻑ ﺗﻲ ﺑﻲ ﻣﺜﻞ
cute ftp - ws_ftp
ﻣﺜﻼﺃﻭ ﺣﺘﻰ ﺍﻟﺬﻫﺎﺏ ﺇﻟﻰ ﺍﻟﻤﺘﺼﻔﺢ ﻭﻛﺘﺎﺑﺔ
ﺍﻟﻤﻮﻗﻊ ﻫﻜﺬﺍ ﻓﻲ ﺣﻘﻞ ﺍﻟﻌﻨﻮﺍﻥ
ftp.kahane.org
ﻟﺘﺤﺼﻞ ﻋﻠﻰ ﺍﻟﻤﻠﻒ ﻓﻲ ﺍﻟﺘﻠﻨﺖ ﺍﻛﺘﺐ
retr /etc/passwd
/etc ﻫﻮ ﺍﻟﻤﺠﻠﺪ ﺍﻟﺬﻱ ﻳﺤﺘﻮﻱ ﺍﻟﻤﻠﻒ
passwd ﻭﻳﺨﺘﻠﻒ ﺍﺳﻢ ﺍﻟﻤﺠﻠﺪ ﻭﺍﺳﻢ
ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ ﺑﺎﺧﺘﻼﻑ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ
ﺍﻟﻤﻮﻗﻊ
Sunos 5.0 etc/shadow ﺍﻭ etc/
passwd
Linux etc/shadow ﺍﻭ etc/passwd
BSD4.3 –RENO etc/master.passwd
AIX etc/security/passwd
NT ﻭﻳﻨﺪﻭﺯ scripts/passwd
ﻭﺗﺨﺘﻠﻒ ﺃﺳﻤﺎﺀ ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ ﺑﻴﻦ
passwd ﻭ admin.pwl ﻭ ﻏﻴﺮﻫﺎ
ﺍﻻﺧﺘﺮﺍﻕ ﻣﻦ ﺍﻹﻑ ﺗﻲ ﺑﻲ ﺃﺻﺒﺤﺖ
ﻃﺮﻳﻘﺔ ﻗﺪﻳﻤﺔ ﻟﺬﺍ ﻟﻦ ﺗﺠﺪ ﻣﻮﻗﻌﺎ
ﺣﺪﻳﺜﺎﻳﻀﻊ ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ ﻓﻲ ﺇﻑ ﺗﻲ
ﺑﻲ ﺫﻛﺮﻧﻬﺎ ﻓﻘﻂ ﻛﻤﻘﺪﻣﺔ..ﺇﺫﺍ ﺃﺭﺩﺕ
ﺗﺠﺮﻳﺒﻬﺎ ﺟﺮﺑﻬﺎ ﻋﻠﻰ ﻫﺬﺍ ﺍﻟﻤﻮﻗﻊ
ftp.pangeia.com.br
ﻭﻟﺰﻳﺎﺩﺓ ﻣﻌﻠﻮﻣﺎﺗﻚ ﻋﻦ ﺍﻻﺧﺘﺮﺍﻕ ﺑﺎﻟﻒ ﺗﻲ
ﺑﻲ ﻗﻢ ﺑﺘﺤﻤﻴﻞ ﺍﻟﻤﻠﻒ ﺍﻟﻤﻮﺟﻮﺩ ﺑﻨﻬﺎﻳﺔ
ﺍﻟﺼﻔﺤﺔ ﻭﺑﻌﺪﻫﺎ؟؟ﺍﻟﻤﺸﻮﺍﺭ ﻣﺎﺯﺍﻝ
ﻃﻮﻳﻼ...ﻛﻠﻤﺔ ﺍﻟﺴﺮ ﺳﺘﻜﻮﻥ ﻣﺸﻔﺮﺓ
ﻭﺳﻨﺸﺮﺡ ﻛﻴﻘﻴﺔ ﻛﺴﺮﻫﺎ ﻓﻲ ﺍﻟﻨﻬﺎﻳﺔ....
----------------------------------------------
----------------------------------
Exploit = ﺍﺳﺜﻤﺎﺭ = ﺛﻐﺮﺓ
ﺍﻟﺠﺰﺀ ﺍﻟﻤﻬﻢ:
ﺍﻟﺜﻐﺮﺍﺕ ﻫﻲ ﺃﺧﻄﺎﺀ ﺑﺮﻣﺠﻴﺔ ﻓﻲ ﻧﻈﺎﻡ
ﺍﻟﺘﺸﻐﻴﻞ ﻭﻳﻤﻜﻨﻚ ﺍﺳﺘﻐﻼﻟﻬﺎ ﻟﻠﺤﺼﻮﻝ
ﻋﻠﻰ ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ ﻭﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ
ﻭﻭﻭﻭ..ﺇﻟﺦ
ﺃﻭﻻ ﻳﺠﺐ ﺃﻥ ﺗﺠﻤﻊ ﻛﻞ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ
ﺍﻟﻤﻤﻜﻨﺔ ﺣﻮﻝ ﺍﻟﻤﻮﻗﻊ :
1- ﺍﻟﻤﻨﺎﻓﺬ ﺍﻟﻤﻔﺘﻮﺣﺔ ﻣﺜﻞ ﺍﻹﻑ ﺗﻲ ﺑﻲ
ﻭﺍﻟﺘﻠﻨﺖ ﻣﺜﻼ ﻭﻫﺬ ﻋﻦ ﻃﺮﻳﻖ ﺑﺮﺍﻣﺞ ﻣﺜﻞ
super scan
ﺍﺑﺤﺚ ﻋﻨﻪ ﻓﻲ ﺍﻻﻧﺘﺮﻧﺖ.
2- ﻣﻌﺮﻓﺔ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﺍﻟﻤﻮﻗﻊ ﻭﻳﻨﺪﻭﺯ
ﺃﻡ ﻟﻴﻨﻮﻛﺲ ﻭﻏﻴﺮﻫﺎ ﻭﺍﻟﻔﺎﺋﺪﺓ ﻣﻦ ﺫﻟﻚ ﺃﻥ
ﻛﻞ ﻧﻈﺎﻡ ﻟﻪ ﺛﻐﺮﺍﺗﻪ ﺍﻟﺨﺎﺻﺔ ﺑﻪ ﻭﺍﺳﻢ
ﺍﻟﻤﺠﻠﺪ ﺍﻟﺬﻱ ﺑﻪ ﻣﻠﻒ ﺍﻟﺒﺎﺳﻮﻭﺭﺩ ﻳﺨﺘﻠﻒ
ﻣﻦ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﻵﺧﺮ.
ﻟﻤﻌﺮﻓﺔ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ﺇﺫﻫﺐ ﺇﻟﻰ
ﺍﻟﻤﻮﻗﻊ
www.netcraft.net
ﻭﺍﻛﺘﺐ ﺍﻟﻤﻮﻗﻊ ﺛﻢ ﺇﻧﺘﺮ..!!.! ﻭﺳﺘﻌﺮﻑ
ﺑﻌﺾ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻦ ﺍﻟﻤﻮﻗﻊ ﻛﻶﻳﺒﻲ
ﻭﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ...ﺇﻟﺦ
3- ﻣﻌﺮﻓﺔ ﻛﻞ ﻣﺎﻳﻘﺪﻣﻪ ﺍﻟﻤﻮﻗﻊ ﻣﻦ
ﺧﺪﻣﺎﺕ ﻛﺎﻟﺒﺮﻳﺪ ﻭﻏﻴﺮ ﺫﻟﻚ
4- ﻣﻌﺮﻓﺔ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﻤﺜﺒﺘﺔ ﻋﻠﻰ ﺍﻟﻤﻮﻗﻊ
ﻣﺜﻞ ﺍﻟﻤﻨﺘﺪﻳﺎﺕ ﻭﺑﺮﺍﻣﺞ ﺍﻟﺴﻲ ﺟﻲ ﺁﻱ
ﺃﻧﻮﺍﻉ ﺍﻟﺜﻐﺮﺍﺕ 






ou we can use havig very easy and usefull





for more contact me on fb https://www.facebook.com/dalibelgharbi?ref=tn_tnmn