This is an intrusion method that is simple to intrude, but has the most serious consequences of user losses. It is strictly forbidden to invade domestic hosts! Please use it with caution! ! !
(Using system: WIN98/ME/2000/NT) This method is effective for Simplified WIN2000. So practice is OK, but don't ruin it. It is easier for scholars who understand NET and IPC pipeline intrusion to learn.
1. Preparation tools: WIN2000 terminal service client program, SQLEXEC program, SUPERSCAN scanner.
2. Let’s run the SUPERSCAN scanner first, and the scanner settings are shown in the figure:
SUPERSCAN Settings
Note: The main thing is to change two places: one IP address and the other port is changed to 3389.
3. After we scan out the host with port 3389 open, use the SQLEXEC program to see if we can create a new user. If we can't create it, give up (of course there is another way, let's talk about it below.) If we can create a user with NET USER and add the user to the ADMINISTRATORS group, then congratulations. Ready to log in.
4. We open the WIN2000 client program. Fill in the other party's IP in the top item. Other items do not need to be changed. Press Connect. A few seconds later, the client program will open a window:
5. I believe you are familiar with this screen. Fill in the user name you just created in the user name, fill in the password you created in the password field and press OK. Haha, wait a while (the specific time depends on the Internet speed) and log in to the window of the other party’s machine. As shown
Login success window
6 You can see all the contents of the other party's host, (why does it feel a bit like a glacier? Haha, the glacier is not so intuitive) It means that you have occupied the other party's machine, and its power of life and death is in your hands. Don't do bad things. hehe. Remember to delete the intrusion record after entering. Delete the c:winnt\system32\logfiles\*.* file. Don't delete it wrong.
The advantage of the above method is that you can log in by directly entering the username and password, and the disadvantage is that you need to try it with SQLEXEC one by one. There is another method: This method is suitable for students who are proficient in NET commands.
We use SUPERSCAN to scan a network segment first, set the scan port to 3389, run the client connection manager, add any scanned address to, set up the client connection manager, and then connect to the server. After a few seconds, the WIN2000 login interface will be displayed on the screen (if it is found that it is English or Traditional Chinese version, give up and change to another address), use CTRL+SHIFT to quickly switch the input method and switch to full spelling. At this time, the input method status bar will appear in the lower left corner of the login interface (if it does not appear, please wait patiently, because there is still a process for the other party's data streaming). Right-click on the Microsoft logo on the status bar, and "Help" pops up (if you find that "Help" is gray, give up, because the other party is likely to discover and have made up for this vulnerability), open the "Operation Guide" in the "Help" column, right-click on the top taskbar, and a menu will pop up, opening "Jump to URL". At this time, the system installation path of WIN2000 and the blank column of the path we are asked to fill in will appear. For example, if the system is installed on the C disk, fill in "c:\winnt\system32" in the blank column. Then press "OK", so we successfully bypassed the authentication and entered the SYSTEM32 directory of the system. Now we need to obtain an account and become a legal user of the system. Find "in this directory, create a shortcut for ", right-click the shortcut, and empty the following "Properties" -> "Target" -> c:\winnt\system32\, fill in user username, password/add", create a new account, and run the shortcut. At this time, you will not see the running status, but the new user has been activated. Then modify the shortcut, fill in localgroup administrators new user /add, and turn the new user into the system administrator. You can enter with SQL and IPC pipeline commands.
OK, I’ve briefly mentioned three commonly used invasion methods. You can refer to the exercises. Do not destroy domestic hosts. Will it be severely punished by law