Chapter 1 ------ About searching software
Commonly used software:
Black and white house:
http://www.play8.net/
Huajun software
http://www.newhua.com/ (Select speed fast image according to physical location)
China download
Http://download.com.cn/ (most software can be found using the lookup function)
East online
http://www.tjdl.net/softdown/ (Nice Software Download Station, similar to Huajun)
Century download
http://www.21sx.com/ (is also a good download station)
Safety software:
Black and white house:
http://www.play8.net/index2.htm
Security focus
http://www.xfocus.net/tool.php
Security information
http://www.aurorasafe.com/list.asp
Every day security
http://www.ttian.net/download/list.php
Net sniff download
http://netsill.com/download/default.asp
Gray trajectory
http://www.sandflee.net/down/list.asp
Eagle download
Http://211.155.27.12/~technic/down/
(Some large classic security software download, but sometimes it will not go)
Find a proxy here:
Agent usage method
http://extend.hk.hi.cn/~sunbird/freeproxy_why.html
(Introduction to various agent usage)
Proxy server address
http://www.salala.com/proxy_index.htm
(Most of the HTTP proxy)
Proxy server address
http://www.emaga.net/8341/myann
(Daily updated, most of the SOCKS agent, both QQ agents)
The registration code is here:
Sixth space
http://www.sixthroom.com/down/qt/ser.rar (Registration Code Daquan Download)
Registration code search
http://www.netpaste.com/code/
Sight monthly registration code
http://www.guyue.com/key/
Chapter 2 ------ About the invasion
Brief description:
There are often posts say: "I am China Trojan, what should I do?" "I was attacked." I have a problem with my windows. Is it invaded? "Wait." If you suspect that the system is invaded, please first look at the log's record or what changes, then you should see the suspicious process (Win98 needs to use related tools), registry launch, service, open port, then Update the virus library, anti-virus. The premise is that you have to have a certain computer common sense and more understanding your system, it can be normal or not. If you don't have a lot of computers, it's hard to help you in the forum. In fact, like a virus in reality, it should be prevention. Anti-virus software and network firewall can resist most danger, and the improvement of their own safety knowledge is the most fundamental guarantee. The latest virus-related knowledge can be found on the homepage of anti-virus software companies. In addition, the system is not normal or caused by operating errors. It is not a "computer zero point", so there is a problem with system repair, please don't mention it in the forum.
Related tools:
Active Ports monitors your computer's port and makes it properly.
http://www.sixthroom.com/down/aq/cn_aports.rar
Windows Optimization Master 5.1 Its process management features are good. It is also the best system optimization software. http://www.sixthroom.com/down/aq/wom.rar
Windows Benchmark Security Analyzer 1.0 (Special Recommendation, Details See Download Notes)
http://www.sixthroom.com/down/admin/aq/mbsasetup.msi
FPORT-2.0 View port association (applied to 9x / me)
Http://www.sixthroom.com/down/admin/aq/fport.zip
Mport is more winning more than fport
http://www.sixthroom.com/down/admin/aq/mport.zip
KV3000 Jiangmin anti-virus king (official version key disc)
http://www.kxweb.net/down/down.asp?downid=1&id=14
Jinshan drug tyrant 2003 official version
http://www.kxweb.net/down/down.asp?downid=1&id=11
Relevant information:
Black and White House Document Center:
http://www.play8.net/cgi-bin/news/Article/List.cgi
104 types of trees
http://asp2.6to23.com/ebug88/net/Article/net004.htm
Clear damage of malicious webpage
http://assistant.3721.com/safe.htm
2000 system process list
Http://sinbad.zhoubin.com/read.html?board=win&num=73
Trojan detection, clearance and its prevention
http://sky.net.cn/main/view.php?cid=170
Blue Shield safety test
http://www.boedon.com/boedonserver.asp
Chapter 3 ------ Basic Knowledge and Intrusion Steps
Brief description:
Computers and network knowledge can be based on the foundation of hackers, at least you must first understand them to see the following article. After reading this section, you just think of the door, the road is still growing. Here I will say a few words about the invasion step, give novices to a guidance. The so-called invasion can be understood as unauthorized access. Since it is unauthorized, it is necessary to use some unconventional means, which is usually used to use vulnerabilities.
Basic knowledge website:
http://tech.163.com/tm/010213/010213_14563.html
http://tech.163.com/tm/010213/010213_14564.html
http://tech.163.com/tm/010214/010214_14632.html
http://tech.163.com/tm/010214/010214_14634.html
http://tech.163.com/tm/010214/010214_14638.html
First, you must first discover it first by using the vulnerability. Port scans and vulnerability scans are "knocking on the door". A general scan can be made for a large number of targets, or a single target can also be scanned. Or both in both. When you are familiar with the vulnerability, you can understand the possible vulnerabilities of the target only through the port scan. This improves both efficiency and not easily recorded.
Simple use tutorial for several scanners:
http://www.chinesehack.org/file/show.asp?id=5614
Intrusion Technical Introduction - Target Detection:
http://www.sixthroom.com/ailan/f ... 2 & rootid = 279 & id = 279
Second, the problem after finding the vulnerability is a thousand words. This is one of the places where newbie wants to learn. Many things to rely on their own knowledge accumulation and the level of understanding of the system, not much here. Here are a few websites that provide vulnerabilities for your reference. Tianji Net
Http://www.myhard.com/76284138209935360/index.shtml
Green Alliance Technology
http://www.nsfocus.net/index.php?act=sec_bug
May security network
http://bgbbs.wwww70.cn4e.com/Article.asp?cat_id=2
China Information Security
http://www.chinafirst.org.cn/ruodian/advisory.php
Third, what is the purpose of using the vulnerability? It is the control of the other party, that is, it is a remote shell. The concept of shell is inherited from UNIX, refers to an interactive mode and interface with the core of the operating system. A typical example is Telnet. There are many ways to get the shell, such as Telnet, terminal service that comes with the system. Or provided by Trojans and tools such as Winshell, glaciers, and so on. The following article introduces two shell programming articles to everyone.
China software
http://www.9cbs.net/develop/Article/14/14219.shtm
Program Spring and Autumn
http://www.cbinews.com/developer/showcontent.php?rticleid=2193
Fourth, shell is the right to permissions. The highest permission - Administrator privilege is our goal. So sometimes there will be a problem with enhancement. Of course, this also uses a vulnerability. Here is a few articles.
Win2K promotion permission vulnerability
http://www.yesky.com/20010530/182273.shtml
Microsoft SQL Server WebTasks Permissions Lifting Vulnerability
Http://it.rising.com.cn/newsite/ ... 10 / 31-153502052.htm
Linux Kernel PTRACE Lift Vulnerability
Http://levinstorm.myetang.com/main/holes/unix/005.html
NT / 2000 method of upgrading permissions
Http://home.lufeng.neet/wolf/compute/luodong/2000tisheng.htm
IIS upgrade permission vulnerability
http://www.ddhome.net/hole/14.htm
5. With the shell, it is necessary to expand it, it is to further get a better shell. The command line to the graphic, the function is less. So I have "how to open 3389", "how to upload". In this introduction, I will introduce you to the most popular 3389. More articles please
Www.sixthroom.com.
Remotely open 3389 terminal service
http://www.sandflee.net/wawa/3389-1.htm
Create your 3389 broiler
http://www.sandflee.net/wawa/sz-3389.htm
Sixth, in order to control the goals next time, you need to keep the shell. It is a kind of "learning" to do a good back door. Clone account, burying wood horse, breaking the password of Administrator, and the means is different. Everyone is learning.
Forever back door
http://www.ttian.net/Article/show.php?id=259
Simple implementation of ping back door under win2000
Http://www.landun.org/wenzhang/images/xiaran/Article/154.html
Account clone
http://www.netxeyes.org/ca.exe
Account check
http://www.netxeyes.org/cca.exe
Violent crack LC4
Http://www.andyxu.net/bana/tools_2/lc4.rar Port Knowledge:
Related tools:
The scan port is the basic function of the scanner, and the tool is too much. Provide two to everyone, more referred to.
X-port.zip download
http://www.xfocus.net/download.php?id=327
PortReady download
http://dotpot.533.net/dpsoft/portready1.6.zip
Relevant information:
Port Scanning Introduction
Http://www.netscreen.com.cn/suml/zhishiyy/jingong/duankougj.htm0
System service and Trojan default port table
http://www.pttc.yn.cninfo.net/dtsy/nettech/netanquan/41250634.htm
Port Daquan
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 268 & id = 268
Commonly used default port lists and features Chinese annotations
http://www.sixthroom.com/ailan/f ... 2 & rootid = 267 & id = 267
Frequent port detailed and partial attack strategy
http://www.sixthroom.com/ailan/f ... 2 & rootid = 266 & id = 266
Relevant information:
How to become a hacker
Http://263.aka.org.cn/docs/hacker-howto_2001.html
Question
Http://bbs.online.sh.cn/eliteart ... 44fb3b6efa4377e48ae
TCP / IP foundation
http://www.linkwan.com/gb/routertech/netbase/tcpip.htm
Network attack and defense tutorial
http://www.netsill.com/wenzhang/list.asp?id=115
Network intrusion steps and ideas
http://www.iamguo.com/bh3/hackguide2.htm
Reject behind the black hand to spy the IPC $ vulnerability
Http://computer.szptt.net.cn/2002-04-27/nw2002042700109.shtml
Global IP allocation table
http://519519.vicp.net/lb5000//USR/3/3_11.txt
Hacker entry tutorial
http://www.pttc.yn.cninfo.net/dtsy/nettech/netanquan/43934529.htm
Rookie XXX passenger
Http://netsafe.ayinfo.ha.cn/sqxw/2002117172333.htm
Several popular invasion tools and explanations
Http://www.pttc.yn.cninfo.net/dtsy/nettech/netanquan/44188520.htm
Frequent port detailed and partial attack strategy
http://www.pttc.yn.cninfo.net/dtsy/nettech/netanquan/-90637.htm
Various levels of attacks
http://www.pttc.yn.cninfo.net/dtsy/nettech/netanquan/39825935.htm
Chapter 4 ------ About orders
Brief description:
WindowsNT / 2000 has a rich CMD available, and its role is also huge. It is worth learning to master her. The Windows2000 itself provides detailed command help. In the start menu - "Help you can search for" Windows 2000 Command Reference ". It is highly recommended that the novices take a closer look at it. Installing software such as IIS, there will be new commands, add /? Or -h parameters in the command line mode to view help, other built-in commands are of course possible. There is also something necessary to master some common DOS commands. Because Winsows do not have to develop, it is impossible to replace DOS, at least not now. The NET command is the most common network command, I want to make a hacker, but it is necessary to master. It is also necessary to master some Linux commands. I hope the following information will help everyone. Related Posts:
DOS under network related commands explain
http://www.jiejingwang.com/list.asp?id=521
Getting Started Network Command
http://www.jiejingwang.com/list.asp?id=520
Win2000 Command Complete Works
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 343 & id = 343
Detailed explanation of the cmd command under Windows XP
http://www.sixthroom.com/ailan/f ... 2 & rootid = 366 & id = 366
FTP command:
http://www.hotcy.org/chem/campous/Article/ftp.htm
Telnet Command Description:
http://www22.brinkster.com/lastknife/netbase/telnetORDER.HTM (the above address briefly introduces the telnet command,
http://www.sixthroom.com/ailan/f ... 2 & rootid = 277 & id = 277
NET command Basic User:
http://www.yy0730.com/1/1/1/wen/list.asp?id=12
TFTP command: Since the TFTP command is too simple, please use the "TFTP /?" to query it. Here is given a reference
Example:
Http://levinstorm.myetang.com/main/tutorials/hacking/006.html
Several common commands required for general intrusion:
http://www.yixindz.com/badschool/hacker/hack_commands.htm
Common network command for Linux
http://www.jiejingwang.com/list.asp?id=522
Chapter 5 ------ About Windows98
Brief description:
There are two kinds of such issues: What is the invasion of the Win98 system, and the other is in Win98 invading.
Since the network function of 98 is not perfect, the problem solving is far from "rich and multi-color" as 2000. 98 By default, there is no network service startup, and the well-known vulnerabilities are not perfect for the functional design of various services, so it is difficult to invade, that is, no vulnerabilities, it is difficult to invade anything that can be used. This is difficult to imagine. Sharing invasion, is the most common way of attack.
Relevant information:
Share invasion
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 269 & id = 269
Invasion Windows98 system
http://www.sixthroom.com/ailan/f ... 2 & rootid = 270 & id = 270
Win98 intrusion network can't explain
http://www.sixthroom.com/ailan/f ... 2 & rootid = 271 & id = 271
In fact, there are still some ways, such as sniffing passwords, viruses and Trojans to the mailbox, even with QQ "contact emotions", then pass a tied mougonical flash, etc. I also hit, actually, I don't know what to say, huh, huh).
Based on the same reason, 98 is not a good attack platform. If only port scans, SUPERSCAN can be competent. Vulnerability scanning X-Scan of the Web class can also. However, there is an OS that involves IPC $, a vulnerability, a remote control tool, and a service (such as SQL) to "build NT technology". Good client in the 3389 terminal, can be 98, so first, a 3389 broiler is an evading problem. If you are still using 98, sincere advice you: please use 2000. If you are in the Internet, try the invasion network bar server. (I have to add a sentence here if you use 98 systems, which is also a good thing to choose the signs of the buddha. However, there are many features that are still unused).
Given that the problem of 98 is not high, there is no deep exploration value, so I will talk about it. (personal opinion)
Related tools:
NetPass 1.0 crack 98 shared password
Http://lovezxd.myetang.com/indexpage/indextool/netpass.zip
CAIN V2.5 Comprehensive Crack Tool
http://www.qq888.com/down/download.asp?did=968
Exebinderz 1.3 EXE Bundle
Http://www.heibai.net/download/show.php?id=3028&down=3
Superscan3.0 Chinese version download
http://download.pchome.net/php/d ... Erscanv30.exe & SVR = 3
X-scan2.3 download
http://www.xfocus.net/download.php?id=366
Download
http://www.netxeyes.com/cfluxay2k1for98setup.exe (because Fanye is unwilling to see the work of adding patch, in order to respect his elderly, this is not to provide a patch download, you need to go to find it).
Terminal service client
http://arm.533.net/hack/winterminal.zip (both 3389 connector)
Chapter 6 ------ About IPC $, Empty Connection and Default Sharing
Brief description:
***** The first thing to point out is that the empty connection and IPC $ are different concepts. The empty connection is a session established with the server without trust, in other words, it is an anonymous access to the server. IPC $ is a named pipe that opens inter-process communication and can obtain appropriate permissions by verifying usernames and passwords. There are many tools that must be used in IPC $. The default sharing is to facilitate remote management and open sharing, including all logical dishes (C $, D $, E $ ...) and system catalog Winnt or Windows (admin $). ****** Personally think this is very important, because many people don't know what is empty connection, what is IPC $. It is recommended that friends don't know carefully. This problem should not be known.
Related Posts:
Reject behind the black hand to spy the IPC $ vulnerability
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 281 & id = 281
IPC invading full Raiders
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 278 & id = 278win2k in the default sharing of C-drive and the equation is going on
http://www.sixthroom.com/ailan/f ... 2 & rootid = 282 & id = 282
Cancel the default sharing ≠ safe
Http://js00.51.net/23/wudi/show. ... p; id = 20021017212524
Frequently asked questions and answers:
First, how to build an empty connection, what is it used?
A: Use the command NET USE / iPIPC $ "" / user: "to create an empty connection to the target (requires the target open IPC $).
For NT, in the default security settings, you can list the sharing of target users, sharing, access Everyone privileges, access small partial registry, etc., without any utilization value. It is smaller for 2000. And it is not convenient to achieve tools. If you don't understand why "useless", you will look at the "professional" explanation:
Air connection under NT / 2000
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 280 & id = 280
Anatomy of empty space under Win2k
http://www.sixthroom.com/ailan/f ... 2 & rootid = 283 & id = 283
Second, why can't I even connect IPC $?
A: 1, only NT / 2000 / XP and above can establish IPC $. If you use 98 / me, there is no such thing.
2, confirm that your command is not wrong. The correct command is: NET USE / Target IPIPC $ "Password" / User: "User Name"
Be careful not to have more or less space. Double quotes on both sides may be omitted when the user name and password do not contain spaces. Empty password "" means.
3. Analyze the cause of the error number returned:
Error number 5, refuse to access: It is very likely that the user you use is not administrator privileges, first improve the permissions;
Error number 51, Windows can't find network path: there is a problem with the network;
Error number 53, can not find the network path: IP address error; the target is not boot; the target LanmanServer service is not started; the target has a firewall (port filtering);
Error number 67, find the network name: Your LanmanWorkStation service is not started; the target deletes IPC $;
Error number 1219, provided credentials and existing credential sets: You have established an IPC $ with each other, please delete again.
Error number 1326, unknown username or error password: The reason is obvious;
Error number 1792, trying to log in, but the network login service is not started: The target Netlogon service is not started. (This event occurs in connection domain)
Error number 2242, this user's password has expired: the target has an account policy, enforces the change in periodic requirements.
4. About IPC $ can't connect the problem, this forum did not summarize a unified understanding, I sometimes got a contradictory conclusion on broiler, very difficult. And I know the problem, if you don't have a shell with other ways, many problems still can't resolve. The problem is not suitable for discussion in this article too detailed. Look at it, huh, huh. Third, how to open the target of IPC $?
A: First you need to get a shell that does not rely on IPC $, such as SQL CMD extensions, Telnet, Trojan. Of course, this shell must be admin privileges. Then you can use the shell to execute the NET Share IPC $ to open the target's IPC $. From the previous question, you can know that IPC $ can use many conditions. Please confirm that the relevant services have been running, not starting it (don't know how to do it, see the usage of the net command). Still don't work (such as a firewall, can't kill) it is recommended to give up.
Fourth, how to map and access the default sharing?
A: Using the Command NET Use Z: / Domestic IPC $ Password "/ user:" User Name "to map the other party's C drive to its own Z disk, other disk classes push.
If IPC $ has been established with the target, you can use IP addresses to add $ access. For example, Copy Muma.exe /ipd (Patmuma.exe. Or reproduction can also be mapped, just do not need the username and password: Net Use Y: / ipd $. Then Copy Muma.exe Y: pathmuma.exe. When you contain spaces in the path, you must use "" to fully lead the path.
5. How to delete a mapping and IPC $ connection?
A: Use the command NET USE / IPIPC $ / DEL to delete and a target IPC $ connection.
Use the command NET USE Z: / DEL to delete the mapped Z disk, and other disk classes are pushed.
Delete all in order net use * / del. There will be prompts that the requirements are confirmed by Y.
Sixth, even IPC $ then I can do?
A: You can use the account number of administrator privileges to connect IPC $, indicating that you can do deeply "communication" with the other system. You can use a variety of command line tools (such as PSTools Series, Win2000SRVRESKIT, TelnetHack, etc.) to get target information, management objects, and services, etc. If the target is open, the default share (no you will help him), you can upload the trees and run. You can also upload it with TFTP and FTP. Tools such as DWRCC, VNC, Remoteadmin (Troja) also have a direct control screen. If it is 2000Server, you can also consider opening the terminal service to easily control. Use the tools mentioned here, please see the instructions or related tutorials.
Seven, how to prevent others from using IPS $ and the default sharing invading me?
A: A, one way is to delete IPC $ and the default sharing. But there will be after restart. This needs to be changed registry.
1, first put existing deletion
NET Share IPC $ / DEL
Net Share Admin $ / DEL
NET Share C $ / DEL
............ (have a few deleted several)
2, prohibiting establishing an empty connection
First run regedit, find the following primary key [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETCONTROLLSA] to change the key value of Restrictanonymous (DWORD) to: 00000001.
3, prohibiting automatic opening of default sharing
For the Server version, find the following primary key [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESLANSERVERVERVERVERVERVERVICESLANSERVERVERVERVERVERVERVESLANSERVERVERVERVERVERVICES] to change the key value of AutoShareserver (DWORD) to: 00000000. For the Pro version, [HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESLANSERVERVERVERVERVERVICESLANSERVERVERPARETERS] is changed to: 00000000.
B. The other is to close the IPC $ and the default sharing reliance (not recommended)
Net Stop LanmanServer
There may be prompts that the XXX service will also turn off Whether to continue. Because there are still some secondary services depend on LanmanServer. The general situation can continue to continue.
C. The easiest way is to set complex passwords to prevent via IPC $ exhaustive password. But if you have other vulnerabilities, IPC $ will be convenient for further intrusion.
D, there is another way to install a firewall, or port filtering. The method of firewall is not said, port filtration is here:
The local policy is configured to prohibit the 139/445 port:
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 284 & id = 284
Chapter 7 ------ Vulnerability on Scanning
Brief description:
Many scanners have vulnerability scanning functions. When you get some host's vulnerability list, don't rush to post them on the forum, and you will expect others to analyze and tell you how to use. You should first try to do this. The scanned vulnerability is not useful, and some of the vulnerabilities are over time, a part is a false statement. If you want to know more, it is best to go to the website that is relatively fast, and the use of vulnerabilities is a process of not accumulating. Time is long, I believe you will experience it.
Vulnerability search:
Green Alliance Engine
http://www.nsfocus.net/index.php?act=sec_bug
Blue shield engine
http://www.landun.org/zhongyao/sousuo.htm
Replenishment
http://www.patching.net/otherweb/leak/leakindex.asp
Safety focus engine
http://www.xfocus.net/vuln/index.php
Xiao Fengju engine
http://lilitou1.myetang.com/
Related Posts:
Discovery and utilization of a CGI vulnerability
http://www.sixthroom.com/ailan/f ... 2 & rootid = 285 & id = 285
CGI vulnerability
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 293 & id = 293
Common CGI vulnerability and dealing with two
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 286 & id = 286
Common CGI vulnerability and response
http://www.sixthroom.com/ailan/f ... 2 & rootid = 287 & id = 287
Windows 2000 Vulnerability Highlights 1
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 288 & id = 288
Windows 2000 Vulnerability Highlights 2
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 289 & id = 289
Windows 2000 Vulnerability Highlights 3
http://www.sixthroom.com/ailan/f ... 2 & rootid = 290 & id = 290windows 2000 Vulnerability Highlights 4
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 291 & id = 291
Windows 2000 Vulnerability Highlights 5
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 292 & id = 292
ASP vulnerability
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 294 & id = 294
IIS vulnerability
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 295 & id = 295
IIS vulnerability
http://www.sixthroom.com/ailan/f ... 2 & rootid = 296 & id = 296
China Network Security Response Center Various Vulnerabilities
http://www.cns911.com/holes/linux/list.php
Chapter 8 ------ About promoting permissions
Brief description:
The ultimate goal of hackers is to get root (ie, admin) permissions. A real hacker will make an invasion as a piece of work, not to give up easily, but some vulnerabilities (typical as Unicode vulnerabilities, ASP Trojans) cannot directly obtain administrator privileges, so it will need to increase permission. Some newcomers may make such mistakes, thinking that there is a shell to control everything. As a result, "why not add users", "why not open 3389" and so on. 2000 and higher OS inherited the security structure of NT, multiple mechanism loop deduction to ensure safety, especially account security. The helpless security system is too large, and how many vulnerabilities have, so we have the opportunity. Also add a little, just get a ready-made back door software, or when a Trojan, you must first see the description. At least you should know the effect after this back door is running? Some people have uploaded a back door software or the Trojan, I think it is good after going to the target. If you don't perform it, what is the use of a mine?
Related tools:
Erunasx uses Debug Registers vulnerability to improve permissions
Http://www.qq888.com/down/download.asp?did=796
Windows NT / 2000 Permission Tools can enhance any user to the SYSTEM level permissions. Vulnerability out of the Debug subsystem in Smss.exe, all ordinary users can obtain control of any process or thread handle in the system through this vulnerability, so that any command can be performed with SYSTEM or administrator privileges. 2, how to use: Suppose we have got a Guest user (or other ordinary users) on a machine, now we want this tool to get the highest permission of the system. Perform the following steps: Copy the two files of Erunasx.exe and Erunasx.dll to the visible directory on the target host, for example C:. Run "ERUNASX to perform command" as guest, such as "ERunasx cmd.exe", the command executed at this time is running in system permissions ... (please note: Specific use in software informal English instructions, within BUG solution)
PipeUpadmin is effective for SP1 and lower
Http://maopao.com/down/download.asp?did=69
ISPC uses IIS vulnerabilities, see
http://www.cnsq.net/sq88/down/show.asp?id=572&down=1phpbb Forum Permissions Improvement
Http://www.newyouth.org/softdown ....0.exploit_code.zip
Win Help file overflow (available for XP)
http://www.newyouth.org/softdown ... ACK / CHMOVERFLOW.ZIP
NT / 2K permission promotion tool getadmin download
http://www.9cbs.net/cnshare/soft/openfile.asp?kind=1&ID=9807
Related Posts:
NT / 2000 method of upgrading permissions
http://www.sixthroom.com/ailan/f ... 2 & rootid = 297 & id = 297
About Win2000 invasion, and security defense, etc. (article contains a process of using U vulnerabilities to improve permission)
http://www.sixthroom.com/ailan/f ... 2 & rootid = 298 & id = 298
Unicode vulnerability introduction and invasion
http://www.sixthroom.com/ailan/f ... 2 & rootid = 299 & id = 299
How to improve permissions, do the back door
http://www.sixthroom.com/ailan/f ... 2 & rootid = 300 & id = 300
General User How to get NT server admin privileges
http://www.sixthroom.com/ailan/f ... 2 & rootid = 302 & id = 302
Windows NT4 security structure (some difficult to do, understand it)
Http://www.sixthroom.com/ailan/f ... 3 & rootid = 303 & id = 303
Chapter 9 ------ About Making Agent and Stripboard
basic introduction:
Proxy server English full name is Proxy Cerver, its function is the network user to obtain network information. The image said: it is a transfer station of network information. In general, when we use the web browser to connect to other Internet sites to get network information, we must send the request signal to get an answer, and then the other party will transfer the information in BIT. The proxy server is a server between the browser and the web server. After it has it, the browser is not directly to the web server to retrieve the web page but to send a request to the proxy server. The Request signal will be sent to the proxy server. Remove the information required by the browser and transfer it to your browser. Moreover, most proxy servers have buffering functions, just like a large cache, it has a large storage space, which constantly stores new acquisition data to its local memory, if the data requested by the browser In its native memory already exists, it does not re-resend data from the web server, and directly transmits the data on the memory to the user, so it can significantly improve the browsing speed and efficiency. More importantly: Proxy Server is an important security feature provided by the Internet link level gateway. Its work is primarily a dialogue in the open system Internet (OSI) model, with a proxy understanding, I believe you also realize what is a springboard.
Related tools:
SOCKSCAP 2.2 SOCKS Scheduling Tools
http://www.123gz.com/dzc/download/sc32r231.exe
SKSOCKSERVER 1.04 agent springboard http://www.123gz.com/dzc/download/sksockServer.zip
Snake Skywriting Fool Edition
http://www.123gz.com/dzc/download/sgtb.zip
Agent Hunter V3.1Beta1 Laid Edition
http://www.123gz.com/dzc/download/proxyhunter.zip
FTP Serv-U 4.0 official Chinese version, the most commonly used FTP service
Http://61.159.24.188/makesoftur ... 627E207574756375737
SLIMFTP hidden FTP server
http://www.whitsoftdev.com/files/slimftpd.zip
Dai Yan web server does not need to be installed small web service procedures
http://www.cnzz.com/download/do ... 33352254709 & url = 100
A variety of service sergers download
Http://www.zdnet.com.cn/download/windows/business/swlist/0,2008004954,39000268r, 00.htm?sort=5
Related Posts:
Proxy, broiler, springboard concept
http://www.sixthroom.com/ailan/f ... 2 & rootid = 305 & id = 305
Proxy server (Proxy) fully resolved
http://www.sixthroom.com/ailan/f ... 2 & rootid = 307 & id = 307
How to use proxy servers
http://www.sixthroom.com/ailan/f ... 2 & rootid = 309 & id = 309
Simple production springboard
http://www.123gz.com/dzc/sksockserver-cusky.htm
Serv-U sets tutorial
http://www.enanshan.com/ftp/
Sockscap32 use details
http://www.123gz.com/dzc/sockscap32.htm
Install FTP server on broiler
http://www.sixthroom.com/ailan/f ... 2 & rootid = 306 & id = 306
Use Unicode vulnerabilities to easily build your own proxy server
http://www.123gz.com/dzc/sksockServer- Nicky-1.htm#top1
Special recommendation hunter and ant collector
http://www.123gz.com/
Chapter 10 ------ About Terminal Services (3389)
Brief description:
Windows Terminal Services provides the ability to remotely access server desktops remotely through "thin client" software that works as a terminal emulator. The graphical interface and the characteristic of the current local user is its largest advantage. Since it is the function of 2000 Server and the above version, it has become a strong "back door". And Win98 can also be a client, which makes it possible to "work" online. One thing to emphasize that the client landing the remote host has no effect on the current work, and all the action local users can not see. That is to say, remote login and local users are different spaces, both from each other.
Related tools:
Win2000 client
http://zudu2000.myetang.com/soft/win2k.rar
Client functions under WinXP are more powerful than 2000
http://zudu2000.myetang.com/soft/windowsxp.zip
A patch of the terminal service program enables local and remote to copy text
http://www.sandflee.net/wawa/tools/rdpclip_hotfix.exe
WEB Terminal Client Using Browser Call ActiveX Control Access Terminal Services http://www.enanshan.com/down/tswebsetup.exe
C3389.exe Modify Tools for Terminal Services Port Number
http://www.sandflee.net/down/show.asp?id=228&down=1
File package required for Win2K terminal server
http://www.netsill.com/download/download.asp?did=1965
3389 Automatic Setup - DJShao official version 5.0
http://netsill.com/download/download.asp?did=2019
Open 3389 tool (if you want to turn the remote host to turn on the Win2000 terminal service, please also transfer 3389.exe to the remote host. Then wait for a long time (because it is unmanned). You can see it. The 3389 port of the remote host will be opened.)
http://netsill.com/download/download.asp?did=1991
W2K terminal service client installation version
http://www.sandflee.net/down/show.asp?id=39&down=1
Related Posts:
Posts about remote launch terminal services
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 385 & id = 385
Terminal service problem FAQ
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 386 & id = 386
Photo explanation of input method vulnerability invasion
http://www.sandflee.net/txt/list.asp?id=22
3389 Automatic Installation Tool Tutorial
http://netsill.com/download/download.asp?did=2068
3389 Animation Tutorial (Password China)
http://netsill.com/download/download.asp?did=1990
Modify the end client port animation tutorial
http://netsill.com/download/download.asp?did=2009
3389 data
http://www21.brinkster.com/srob/wawa/wawa/3389txt.htm
Chapter 11 ------ About cloning account
Brief description:
The principle of cloning account is simple to say that there is two SID relative flags that hold the account in the registry, one is the subkey name under SamDomainSaccountUsers, and the other is the value of the sub-key of the subkey. . Here, Microsoft has led to the mistakes that do not synchronize their, and the latter is used when logging in. When you override the F items of other accounts with admin, the account is administrator privilege but the query is still the case. The so-called cloning account. (The predecessors are the predecessors to write everyone, I really don't know what it is adding here. It seems that there is only this. If you have anything you don't understand, you will send a post in the forum.
See here:
Anatomy Security Account Manager (SAM) structure
Http://www.sixthroom.com/ailan/f ... 3 & rootid = 387 & id = 387
After understanding the principle, you can manually or clone your account with ready-made tools.
Related tools:
Clone Ca.exe
http://www.netxeyes.org/ca.exe
Check the clone cca.exe
http://www.netxeyes.org/cca.exe
Manual clones need system permissions, use it PSU.exe
http://www.sandflee.net/down/show.asp?id=176&down=1 Related Posts:
Tool Cloning: CA and CCA Please visit the author homepage
http://www.netxeyes.org/main.html
PSU usage: PSU.exe upgrade to System permissions
Http://www.sixthroom.com/ailan/f ... 2 & rootid = 390 & id = 390
Manual clone: How to clone the administrator account
http://www.sixthroom.com/ailan/f ... 3 & rootid = 388 & id = 388
How to clone the replenishment of the administrator account
Http://www.sixthroom.com/ailan/f ... 3 & rootid = 389 & id = 389
