On the first day: The phantom overlapping the Buddha has a cloud: the flag did not move, it is a human heart himself under the way, almost all network administrators want their own servers, such as iron buckets Unlike the wind, just like the desert called forget, floating clouds can't be plundered, birds are not available. However, the chaos of the world, disturbing, their heaven, often is the hell of others. This is the same. The night gave me black eyes, but I used it to find a vulnerability. Yes, I use the scanning software to find the needle eyes on the iron bucket with scanning software. In fact, it is not me, but my patience, my patience is more gloomy than the sky, like hidden wind, snow Vehicle, lightning, 霹雳! I am hitting ... 1. Footprinting: Sign up on July 14, night. Black cabinet, dark. Every time you come, it is when I reached out. Today, the big sister handed me a task, capturing the server of the Xiangxiang Inn, which is a nest of the porn website, and the people in it still tangled Liangzi. I am with big sister in the network, I know that my big brother hates all men, because the man will abandon her, the big sister wants to revenue those who are negative. In the past three years, the world has always been a man's world, and the rivers and lakes are also a man's rivers and lakes. But the big sister told me that the rivers and lakes are our rivers and lakes. I asked the big sister to do what extent, she said: The chicken dog will not stay. You may have heard of scanning, this is a common means of black camp. Before starting, we have to complete this most critical trick, this trick is a trick to let the enemy leak out. Before scanning, the black camp must first be commonly known as a tangible step, which is a fine job of collecting the target server information. The big sister often told me in the hacker camp: vibrating the world's thieves, before robbing any money, it will explore the target of the target, a clear, familiar, familiar, can not think about the theme, this can come Go free to come. The clocking point is also the same, and it is more accurate and accurate, and it is available. Every sentence of the big sister, I remember clearly, and I didn't dare to have slightly. Hack.cpcw.com The nest of the fragrant inn, I decided to go see it first. I started to check the information registered by the leson domain name registered in the most commonly used domain name, I often go to Wannang, the reason is simple: fast! I didn't think of the input, the contact, the phone, the email mailbox, and their DNS domain name points to the server, etc. I have mastered. It is important to get the phone, because I often listen to the big sister say, many stupid people use the phone to do a password, all passwords. I also listened to the big sister. Once she actually called the administrator and asked the password, after the site, the administrator resigned. I saw the web address of the stay in IE in the address bar of IE: http://hack.cpcw.com/usingdo14.asp?typeid=1&usingDottid=44 This is one .ASP, not PHP and CGI, It's not our hacking jams JSP, I am very happy, this shows that the server of the Xiangxiang Inn should be the operating system of Windows 2000 or above, in summary, I can't escape the range of Windows I am familiar. Black Camp: The ASP is full of Microsoft Active Server Pages, which is a server-side scripting language that uses it to create and run dynamic, interactive web server applications.
Use ASP to combine HTML pages, scripting commands, and ActiveX components to create an interactive web page and web-based power-based applications. ASP applications are easy to develop and modify. The ASP program is running under the Windows server. PHP and CGI are also scripting languages, but they can run in Windows such as: Linux and UNIX. - When viewing the web source file of the leaving Xiangxiang Inn, I saw this information, FrontPage, how much it is intoxicated, simply can't make a simple function. I didn't think that the family of staying inserts actually used this simple software to build this guest gathering Wangdian. However, after night, the rivers and lakes will not be in the informants, so confidence comes from these details I have collected in the step. Before leaving, I have a Ping Skille Inn, "Reply from 61.180.78.23: Bytes = 32 Time = 422MS TTL = 113" TTL's return value is 113, I conclude that this is definitely the machine of Windows 2000. This is the first to teach me, let the other party return to your TTL value size, and the system type of the TTL value is the system type of the Windows series or the system returned by the system of the Windows series in general. Between 100-130, the TTL value returned by the UNIX / Linux series is between 240-255. Of course, the masters in the rivers and lakes know that the value of the TTL reaches the deception, but the master is very busy, and these little things are ignored. The next day, night. Big sister said to me, step on it once, and there is no loss. Everyone will pass this stage, see a mountain, I want to know what the mountain is behind. Because the big sister knows, what you can't get is always the best. This time, I use Baidu, Google, Tianwang, Sina's search engine to search for the entire URL of the detailed inn, just like the big sister said, it is not bad, I found two never appeared in the stay in the sun. Web pages, one of the newsletters, marks such a few words "Stack Diary", click the link address, and find that the inn will delete these two pages early, after all, the era is too far away. However, Baidu, Google has the function of web snapshots. I have dotted, and I have a text, there is a diary, more than 3,000 words, but I am enough for me, one of the paragraphs: "The flying knife door Lao Li told me that he often uses a big string of English in the green arrows as a password. I think this is very good. "Blackke Camp: In the use of search engines, you can add the following string C: Winnt can find the page references to the Windows system folder content server C: inetpub can find Night sleep references the server SWEB / DEFAULT.HTM of the Windows Internet Sergeant Directory SWEB / DEFAULT.HTM can find the Windows system of the ActiveX control in the browser. Day, small summer, night. Through your chewing gum, I looked at the entire flying door in the night. The chicken dog does not stay. I thought of the two poems of big sisters, I like poetry - abandoning me that I can't stay yesterday, I am worried about my heart today! This poem is beautiful ... 2. Scan (SCAN): The truth is laughing. Because the big sister knows that the person who stays in the inn is not much smart than the flying door, the same is a group of stupid. Seventeen, 4 o'clock in the morning. Big sister told me that the vulnerability scan for the vitaminker server was started.
A senior tells me that the scanning tool is the most critical step in the vulnerability invasion, and select the weapon to kill ten steps. And a good scanner must have a simple and easy to use the operating interface, powerful analysis and scan information scope, and scanning the latest vulnerability (which is usually the upgrade concept), detailed analysis results report and the vulnerability Description and countermeasures. Such weapons can be counted in a black checker in the hands of the black cabinet. For this Windows server, my favorite scanner is the "security focus" X-scan and the small-soluble stream, and many places have these two weapons, but I only like to take it in the hacking, because of the way, Safety. Sister said that X-Scan runs the most cool in Windows 2000 environment. The stream is needed, and the patch bag is also a pile, it is very cumbersome. X-scan is going on, take it back with WinRar to decompression, it can be used right, this is naturally the first of my election. The most important thing in X-SCAN is the scanning parameters, and the settings can be set soon. Of course, if you do a thick, you don't have to move those default settings, enter you directly in the basic settings of the scan parameters. The IP address to be scanned. The IP address is of course obtained through the PING URL. But tonight, I want to exploit the detonation. I also used this latest version of X-Scan. I opened "Scanning Module", watching the description text on the right side of each module, which is a fatal blade of X-Scan. I selected "Show Detail Progress" in "Advanced Settings" in "Parameter Settings", I want to write down every detail of the detailed inventory, and this X-Scan scan every detail of the Xiangxiang Inn. I can see clearly. Railing incense stack uses Windows 2000, fragile system, else to use me? No, big sister said, don't overestimate your opponent, the X-Scan default setting is enough. I started using X-SCAN to leave the Xiangxiang Inn, X-SCAN first checked whether the thriving mainframe is online, and the passive identification of the target host operating system type, the report is the same as me, it is Windows 2000 host. The X-Scan then scans the vitamin TCP port status, and actively identifies all open ports and the type of service that is running according to my settings. At this time, I noticed that in addition to the traditional 21, 80 ports, the stay in Xiangxiang has also opened 3389 port. This port is open, and the fragrant inventory must undoubtedly. X-Scan starts to detect the WIN NT / 2000 server weak port to the 139 port. This is extremely important, it is the key to open the door of the Thrombins through the 3389 port. This design of X-scan is very perfect because it is a list of users in the load dictionary file even when obtaining the user list from the server. I can also use the "NT" directory "NT_User.dic" and "NT_pass.dic" to expand the username / password dictionary, and then load the dictionary I need through the Dictionary File Settings page in the Scan Parameters window. . I chose the dictionary who broke the flying door. In addition to the password of the flying door Lao Li, I also collected the key characters of the Wrigley other chewing gum. The X-SCAN and the start calling plugin loads the dictionary to detect the "SQL Server" weak port of the stayed incense. The vita-inlant inserted the database of SQL Server. But there is no weak password in my dictionary. After ten minutes, complete the entire scanning process, X-Scan automatic survival test report results let me anger, although the lexion inn has opened countless common functions, but there is no weak password.
I can't seem to easily and easily destroy the stay in Xiangxiang Inn. Is it really rushing? Black Camp: You can load other dictionaries through the Dictionary File Settings page in the Scan Parameters window by editing the "SQL_USER.DIC" and "SQL_Pass.dic" "SQL_Pass.dic" in the "DAT" directory. . SQL Server: Microsoft's database system software. 3. Touching the wall: Tangible difficult solution I can't help but laugh - Railing inventory, if you can't escape this robbery, you will be able to recruit big sister to personally move your hands. I think so, I gradually returned to my hacker's identity. Thinking about the identity, I can't help but get a cold! I thought that the big sister was disappointed with me, I thought more, I thought of changing the consequences of the plan. I am like a hunting dog, I heard the whip of "嗖嗖"! I am tightening my pores. My expression is very bitter. I only pray to the sky. Please assure me that everything will happen as much as I hope ... can be black, like a person, only some vague stars in the sky. It is very fog, which is never disappeared. I can only smile, but I have at least understand: Don't give up easily, something you can't get it is always the best for me. I started to try to scan with stream light, but I got the same result. The vitaminologous stack is like a copper wall, which cannot be infiltrated at all. Although the inn opened 135, 139, 445, 3389 seems to be a vulnerability, but did not give me any opportunity to start. I have repeatedly look at these ports, I hope to find a flaw from it. When I was thinking, I suddenly found that my Blackice firewall was flashing. I opened it. Sure enough, Li Luo, who was fragrant, found my own, they also scan my computer with the same way. Although I didn't make a patch, but Blackice's firewall has been able to resist all the attacks, I have to know the Blackice's Update patch. I have not lost. In the 罗 又 人 人 人 人 人 人 人 方式 方式 方式 方式 方式 方式 方式 方式 分 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式 方式But maybe this scanned guy she definitely didn't think that he had already hit the wave virus, because his IP in my Blackice showed "MSRPC_RemoteActivate_bo" this is a typical symptom of impacting wave virus, this guy is certainly not playing After the patch of your own Windows, I don't want to do him with his people. I also started to scan his IP address with X-scan, and I can't expect my own machine, this person's machine actually vulnerable. . From SMB to 445, almost a lot of unparalleled, I have been laughing after I have read the vulnerability report. The big sister said that there is no mistake, the people who stay incense and the fell dozen are the same as the flying knife. I secretly speculated what method learned this kid, watching the vulnerability report of X-SCAN generated, watching the serious vulnerability reminder of the red and dizzy, what do I choose to learn? Choose SMB or simple things such as weak passwords. Unexpectedly, when faced with weak opponents, how to kill him is also a problem. Thinking, I suddenly saw that in this vulnerability, there is such a "vulnerability, CIFS (445 / TCP)" in the red-eyeful characters, followed by "Run a version Microsoft operating system remote There are several forms of vulnerabilities that may exist: including denial, remote execution of any code. Microsoft has released revision patch (KB835732) to solve these problems. MS04011 ". Heaven help me, this is a new thing, the latest LSA overflow vulnerability in Windows.
