Rookie must: IPC $ detailed explanation Daquan (2)

zhaozj2021-02-16  69

Third, what can I do?

For NT, in the default security settings, you can list the users and shares on the target host, access the share of Everyone privilege, and access the small part of the registry, and there is no great use value; for the 2000 role, Because the default is only administrator and backup operators in Windows 2000 and later, it is not convenient to access the registry from the network, and it is not convenient to achieve tools. From these we can see that this kind of non-credit session does not use, but from a complete IPC $ invading, empty space is an indispensable springboard because we can get a list from it, this is An older hacker is already enough. The following is the specific command that can be used in the empty session:

1 First, let's build an empty box (need to open IPC $)

Command: Net USE // IP / IPC $ "" / user: ""

Note: The above command includes four spaces, NET and USE have a space, one of the rear of the user, the password, and one space.

2 Viewing the shared resources of remote hosts

Command: Net View // ip

Explanation: After establishing an empty connection, use this command to view the shared resource of the remote host, if it has a sharing, you can get the following similar results:

Shared resources in //*.*.*.*

Resource shared name type use notes

-------------------------------------------------- ---------

Netlogon Disk Logon Server Share

Sysvol Disk Logon Server Share

The command successfully completed.

3 View the current time of the remote host

Command: Net Time // ip

Explanation: Use this command to get a current time of a remote host.

4 get NET from the remote host

BIOS username list (need to open your own NBT)

NBTSTAT -A IP

Use this command to get a NetBIOS user name list (require your NetBIOS support), return to the following results:

Node ipaddress: [*. *. *. *] Scope id: []

Netbios Remote Machine Name Table

Name Type Status

---------------------------------------------

Server <00> Unique registered

Oyamanishi-h <00> Group registered

Oyamanishi-h <1c> Group registered

Server <20> Unique Registered

Oyamanishi-h <1b> unique registered

Oyamanishi-h <1e> Group registered

Server <03> unique registered

Oyamanishi-h <1d> unique registered

..__ msbrowse __. <01> Group registered

INET ~ Services <1c> Group registered

Is ~ server ..... <00> unique registered

Mac Address = 00-50-8B-9A-2D-37

The above is what we often use empty sessions, it seems to have a lot of things, but you should pay attention to the operation of establishing an IPC $ connection will leave a record in EventLog, whether you are successful. Ok, then let's take a look at the ports used by IPC $?

转载请注明原文地址:https://www.9cbs.com/read-14568.html

New Post(0)