How hackers use Ms05002 overflow to find "broiler" (figure) _ Vulnerability Research

Overflow attacks are always a role that cannot be ignored in the security world. And now is the age of chicken shortage, can master a new Ms05002 overflow, will let you have "amazing" harvest. As for skilled overflow how to refine into? See below for specific methods!

Implementation method: Through the Ms05002 attack tool, overflow bounce IP, bounce port, will generate files containing the nature of the Trojan horse. The resulting file is then sent to the victim in the form of a QQ transmission or uploaded to its own home page to entice others to visit. Finally executes the NC Swiss Army knife, listens to the native port, and receives the host that has already run the production file.

Step 1. First download the Ms05002 overflow tool from the Internet, release it to the more ideal hard drive, and then under the cmd command line, enter the software name to start the program, there will be some English form of help information (see Figure 1).

Figure 1

　　tip : Ms05002 overflow tool, is a need to support the operation under the command line program, it can be a rebound through the IP address, generate Trojan server.　　This is completely different from the other overflow procedures, and in contrast to efficiency, there is also a significant improvement, it is really the upgrade version of all overflow programs. Step 2. Continue at the command line below it, enter command Ms05002 to generate Trojan filename Local machine IP address overflow port (Figure 2), then hit "Enter" execution. The screen will not stop scrolling up, then there will be two "OK" letter hint, the Trojan file has been generated.

Figure 2

Step 3. Usually after the overflow, there is a need for monitoring tools to catch chickens. This is no exception, jump to the directory of prepared NC tools, and then enter the nc–vv–l–p 1984 listening command at its command line, and tap the "enter" key to start listening for local 1984 port information access.

　　Small tip : NC Monitor Software-VV parameter representative, get more detailed input listening content. -L continues to listen after the connection port is closed. -P listens for a local port, followed by a number that is the port number to monitor.

Step 4. Will overflow generated Trojan, QQ form to the user to run, or upload to their personal space, cheat victims browse run. If the user unfortunately looks at the Trojan that is being sent, the NC wait condition that is listening on the computer is changed to the operational command line (Figure 3). And at this time the command operation platform, is also the remote host Shell platform (for the shell explanation, has been described in the previous articles, here do not do too much explaining), now you can on its host, as you like to command the form of control of the machine.

Figure 3

　　conclusion : The quickest and most efficacious "catch chicken" method, has been placed in front of you. What are you hesitating about? Go ahead and try this magic!

　　Note: The main purpose of this article is to introduce hackers how to attack your computer, no one can use the technology described in this article to do illegal things.