进入Windows 2008系统,备份以下两个文件:
%windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms
%windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
或执行以下批处理:
@echo off
echo 请在管理员administrator下运行
echo. & pause
echo 备份原始激活文件到备份文件夹
md 备份
copy %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat 备份\tokens.dat
copy %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms 备份\pkeyconfig.xrm-ms
echo 完成备份!
echo. & pause
下次再使用的时候,进入WinPE(必须是支持Windows 2008的PE),将之前备份的文件复制到以上两个文件的源系统目录即可!
@echo off
echo 请在管理员administrator下运行
echo. & pause
echo 备份原始激活文件到备份文件夹
md 备份
copy %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat 备份\tokens.dat
copy %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms 备份\pkeyconfig.xrm-ms
echo 关闭Software Licensing服务
net stop slsvc
echo 取得原始激活文件的权限并删除
takeown /f %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
takeown /f %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms
cacls %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat /t /e /g administrator:f
cacls %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms /t /e /g administrator:f
del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
del %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms
echo copy激活文件到系统文件夹
copy tokens.dat %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
copy pkeyconfig.xrm-ms %windir%\System32\licensing\pkeyconfig\pkeyconfig.xrm-ms
echo 开启Software Licensing服务
net start slsvc
start %windir%\System32\licensing\pkeyconfig\
start %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\
echo 更改产品密钥
SLMGR.VBS -ipk 这里填写你的CD-KEY
echo 完成激活!
echo. & pause
以上批处理是用备份文件进行Windows 2008的激活操作。
bind组件包括以下六个子组件:
bind-libbind-devel-9.3.3-10.el5
bind-sdb-9.3.3-10.el5
bind-devel-9.3.3-10.el5
caching-nameserver
bind-chroot-9.3.3-10.el5
则将/usr/share/doc/bind-9.3.4/sample/etc/named.conf范本文件复制为/etc/named.conf
使用了chroot后,虚拟根目录为/var/named/chroot,则named.conf实际位置为/var/named/chroot/etc,而工作目录/var/named实际路径为/var/named/chroot/var/named。
二、配置bind
假设有域名:www.ooxx.com IP:192.168.80.198
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
zone "ooxx.com" IN {
type master;
file "ooxx.com.zone";
allow-update { none; };
};
zone "80.168.192.in-addr.arpa" IN {
type master;
file "192.168.80.zone";
allow-update { none; };
};
编辑ooxx.com.zone:
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
www IN A 192.168.80.198
编辑192.168.80.zone:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ooxx.com.
198 IN PTR www.ooxx.com.
其中test.com.zone为正向解析文件,192.168.80.zone为反向解析文件。
以上即是配置主域名服务器过程。
下面谈一下从域名服务器的配置,其实只需要改动named.rfc1912.zones文件就可以,将此文件的如下部分:
type master;
file "ooxx.com.zone";
allow-update { none; };
};
zone "80.168.192.in-addr.arpa" IN {
type master;
file "192.168.80.zone";
allow-update { none; };
};
type slave;
file "slaves/ooxx.com.zone";
masters { 192.168.80.198; };
};
zone "80.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.80.zone";
masters { 192.168.80.198; };
};
三、测试
只有修改/etc/resolv.conf文件了,将DNS指向192.168.80.198以后,才能使以上的域名解析(测试)生效。
nameserver 192.168.80.198
>www.ooxx.com
Server: 192.168.80.198
Address: 192.168.80.198:53
执行以下命令即可:
修复方法(修复前请备份重要数据):
debian用户请执行apt-get update ; apt-get upgrade -y
centos用户请执行yum update udev
RedHat用户请使用官方rpm包更新或者购买RedHat的satellite服务。
攻击效果展示:
libuuid@debian:~$ sh a 890
sh-3.1# id
uid=0(root) gid=0(root) groups=105(libuuid)
sh-3.1# cat /etc/debian_version
lenny/sid
sh-3.1# dpkg -l | grep udev
ii udev 0.114-2 /dev/ and hotplug management daemon
现在确认的是此攻击方式对Debian和Ubuntu相当有效,对RedHat的攻击效果有待确认。
二、搭建DHCP服务器:
1、安装DHCP服务器组件:
DHCP配置文件为/etc/dhcpd.conf,但该文件默认是没有内容的,可以从dhcp安装目录复制一个到/etc下。
ddns-update-style none; #不要更新DDNS的设置
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.254; #网关
option subnet-mask 255.255.255.0; #子网掩码
option domain-name “mycentos"; #域名
option domain-name-servers 192.168.0.254,202.103.0.68; #域名服务器地址
range 192.168.0.1 192.168.0.254; #提供的IP地址段
default-lease-time 21600; #默认租期
max-lease-time 43200; #最大租期
}
#以下内容为特定机器保留的IP
host game {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.0.123;
}
DHCPDARGS=eth0
三、启动DHCP服务器
四、测试(略)
