Voiceover: This morning, in order to make BBS friend Yunshu happy, I told her the account and password of the server she used to let her see my good things. At the same time, she and I logged in to the same 3389 meat machine to log in to my server using the software. I was so shocked that I was so scared. Fortunately, it was not someone else, *^_^*
System environment:
Using Windows 2000 professional as the gateway within the LAN used by me, the current running software is Skynet 4.2.8 personal beta version, Kingsoft Virus Firewall, Sygate (hereinafter referred to as the server)
All the following pictures are captured on 98 machines in the LAN. I use 98+windows 2000 remote terminal service connector and other related software (hereinafter referred to as this machine)
Also runs a remote terminal to log in to obtain user rights for Windows 2000 Server machine (hereinafter referred to as meat machine), and the meat machine runs the remote control software dwrcc (a remote control software with powerful functions and graphical interface. You can log in by force by getting the other party's "windows nt or above version" machine account and password, and connect to port 6129). The colored border in the figure below is its connection window
step:
1. Run the remote terminal service on the 98 machine, connect to the meat machine, start the meat machine dwrcc software, fill in the server account and password you use, dizzy, connect to the server immediately, check the server, the current security level of Skynet is set to low (Note: Skynet security level, low: the computer fully trusts the machines inside the LAN to access various services provided by it, but machines on the Internet are prohibited from accessing these services---from Skynet instructions)
As shown in the figure, there are two desktops. The front is the server desktop connected to the server on the meat machine, and the back is the meat machine desktop. Skynet rejected it in total three times. Later, the dwrcc software forced to log in without any prompts. Among them, the IP has been blocked and it is my meat machine IP. I intend to pop up two windows on the current server, one from Skynet and the other is dial-up network.
I was afraid, then disconnect dwrcc, disconnect the server, dial up again, my server adsl dial, and then set the Skynet security level to medium (Skynet security level, medium: machines inside the LAN only allow access to network sharing services (files, printer sharing services), but not other services (http, ftp). At the same time, machines on the Internet are prohibited from accessing all these services, dynamic rule management is open, and the authorized running programs are allowed to open port services---from Skynet instructions), start the meat machine dwrcc, and then connect to the server. Of course, the server IP has been replaced at this time, and you can log in to this server, as shown in the figure, and Skynet did not make any prompts.
Just try it, disconnect it and connect again. At this time, set the security level of Skynet to high (security level, high: all applications will ask when accessing the network for the first time, and approved programs will act according to the corresponding rules. The system will screen all ports open to the outside, and machines on the LAN and the Internet are prohibited from accessing the network sharing services they provide. The machines on the LAN and the Internet will not be able to see this machine---from the Skynet instructions). At this time, dwrcc can still be connected to the server they have, as shown in the figure
Let’s take a look at what programs are running in the server’s desktop system tray? There is no dwrcc icon prompt at all. Perhaps my server cannot see it, the pictures captured from the meat machine login cannot be seen, and it cannot be seen on the local machine, and Skynet still did not make any prompts.
At this point, it is proved that Skynet cannot resist dwrcc's remote IPC$ shared connection at all. In general servers or private NT or related versions, IPc$ is generally default. In any IP segment, it is not difficult to find more than a dozen hosts with weak passwords. What's more, some website servers or Windows 2000 server systems also have weak passwords, and they overly believe in the protection of Skynet. As a sharing software, Skynet has quite a lot of users in China. I hope everyone is careful.
Outside of the conversation: A friend Yunshu, who logged into his server through the same meat machine at the same time, was on QQ. Haha, you still forgot my server password. Shushu is my girlfriend. As long as you are happy, you can access my machine at any time.
PS: Shushu, what is the batch file you put on my desktop? Also, I saw that note document "love:)..." I understand. Haha
PS: The test I have done is a test after obtaining consent. I will not bear any responsibility for any consequences caused by any imitation.
The full text is finished, gray track, Wuji
If there are any errors, please correct me.
Original address http://goods./netsky/