PUBWIN is very popular in Internet cafes. It is very convenient to use and manage. It is second to none in China's Internet cafe management software.
Today I will discuss: the security of PUBWIN. (The environment tested is a system with relatively low security)
1. Cracking:
1. Client cracking:
There are currently 3 popular ways to crack PUBWIN client
(1) Cracking errors such as intelligent ABC input method vulnerabilities and software conflicts, etc.
From this picture, we can see that the client of PUBWIN only has 2 processes and...
The main function is to automatically detect whether the PUBWIN process is running every 1-2 minutes. If not, automatically scan the default path of PUBWIN to restart PUBWIN...
Let's modify the default path of PUBWIN: PUBWIN client is generally installed under C:\Program files\Hintsoft\Pubclt\ by default
Generally, Internet cafes C drives are hidden and prohibited from accessing. . . However, we can use Group Policy to unleash this restriction.
Still open "User Configuration" ---"Administrative Templates" ------"WINDOWS Components" -------"WINDOWS Explorer" -----"Hide the drive specified here in my computer" ----Set it to "not enable"; "Prevent access to drives from my computer" Set it to "not enable";
Then we modify the path of the PUBWIN client, that is, C:\Program files\Hintsoft\Pubclt\Rename any folder. .
If the PUBWIN client is not installed on disk C, you can use the Disk Manager to change its drive letters
After logging into the PUBWIN client, use the PUBWIN short message function, enter v with smart ABC, then press the left arrow, press DEL and press Enter..
Then the path to PUBWIN cannot be found and the system cracked...
(2) Use Ultraedit to edit and crack
This method can steal the PUBWIN system management password
There is no shelling. We can use Language2000 to view Pubwin. First copy it into a backup directory, open W32Dasm, click "Disassembly", select the backup directory, and after the decompilation is completed, click "Reference" to select "String Data Reference" to find "Password Error, please re-enter"
For password verification statements, if the password is not correct, it will jump. We only need to change 7509 to 9090, because 9090 means to execute NOP twice, that is, do nothing, and if the password is not correct, it will not jump. (Just understand this step, everyone else has found the assembly code, so you don’t have to search again)
Run Ultraedit32, open, look for "85C07509" and change it to "85C09090" and then look for the next one, then change it to "85C09090"
Then save...rename the original path, and then copy the edited PUBWIN to the original directory..OK is deregistered..
Then you can exit PUBWIN without entering your password..
After exiting the system management... and then click on System Settings... Open "Asterisk Viewer", and then move the mouse to the asterisk's password...
See it...this is the password of the system administrator
2. Prevention
For the first cracking method. . . It is very easy to prevent it.
Just install the patch of the smart ABC input method once and it will be OK. . .
Before copying, turn off the file protection function of 2000/XP. . .
XPLITE_TRIAL It can turn off file protection of 2000/XP. .
Then unzip to c:\windows\system32
2. Block the short message function of the PUBWIN client. . . This function has no effect at all.
Instead, it has become a tool for cashiers and guests to chat, so it is recommended to delete it.
Open with ResHacker
Expand menu ---137--2052---Delete MENUITEM "Send a short message."
save. . OK. . The mission is done. .
For UE cracking, I just want to briefly explain a few suggestions. . .
1. Install the PUBWIN client on the C drive as much as possible, and do not install it on the default path. .
2. Use Group Policy to hide the C drive and prohibit access. . The use of control panel, registry, , WINRAR and other software is prohibited. . No downloads (if you are not afraid of trouble)
3. Change the group policy name. .
4. Use PUBWIN patrol client detection software to detect
The function of the PUBWIN patrol is to detect whether the PUBWIN process of all hosts that are already connected to the network exists. . If the network connection is normal but PUBWIN is not running, the host is in a "warning" state. . Then the client of the host may be cracked
Note: When the system starts and shuts down, PUBWIN has been turned off or is not running, and it is normal to display a "warning" at this time. . .
In fact, the Internet cafe system is aimed at customers. A system that is too secure is good for us, but it may not be suitable for customers. Therefore, our system must be moderate in security, but the convenience of use must also meet the needs of customers. If you even download a plug-in, a ** map or login patch, pictures, MP3, etc., it is prohibited, then customers will not accept it. Only a few people cracked this phenomenon, we can only discover it in time and persuade those customers to crack it, so that everyone can become friends, study and learn together.