Several gadgets used in the intrusion process [recommended]_ security Tutorials

Of course, if you want to see what the latest column wants and what topics you want, you can also talk to me and brainstorm.

This column will be my first time to write an article. The three gate faction is a bit exaggerated, but in order to facilitate the classification and download, so I played a topic like this. The three gates were Microsoft (www.sysinternals.com has been acquired by Microsoft),http://www.nirsoft.net and www.diamondcs.com.au. If you have friends who have been to the sites above, you will soon find that they are small tools for doing some ancillary Windows systems. If you use these three-door tools, you can play a very good role in infiltration. Of course, I'm going to introduce you to the command line tool.

First, Microsoft (www.sysinternals.com) 's Tools
I'd like to say a few words of sour grapes before introducing Microsoft's tools. I am responsible for editing the West line without war column author's contribution, sometimes will appear like this: "Take out a friend sent a small tool xxx, try, ha, really successful." As a result, the article does not include the gadget mentioned in the article. In other words, some people may collect some of their own gadgets, they do not want to open. Do not want to disclose the truth of others, in fact, I really do not envy, I think Microsoft to the dongdong itself enough, when can master completely? For the simplest example, the system's PUSHD.exe command. I'm betting that maybe 100 hackers have 50 people who haven't used them, and 30 don't pay attention to them. 10 people do not know that there is this dongdong, not outside 10 people occasionally used, hehe. Actually very interesting, if you are in C: next to D:\hack directory can be one step to do, is "c:\>pushd d:\hack". Here I use the push this command to give examples, or hope that we learn the basic knowledge. If you want to understand the basic command line for your system, you canhttp://www.ss64.com/nt/Here's a look.
Intranet infiltration, sometimes it is inevitable in the chicken's command line to search for some files on the other machine, and sometimes want to search for a certain period of time to another file. Like searching doc documents from January 1, 2006 to February 2, 2008, System commands dir is powerless. In order to solve this problem, I deliberately wrote a VBS script,http://hi.baidu.com/myvbscript/blog/item/47175316835e004f21a4e90b.html/cmtid/cc37a6fdca04991108244d32Over here. Interested readers can go and have a look. But the VBS is really slow, and when a directory is set up for permissions, the VBS will die (Dir can skip). In fact, Microsoft has given us tools, is LogParser.exe. Perhaps many readers say this is not a tool for analyzing logs? Wrong, LogParser.exe is too broad and profound, the search file is only its function of bucket, we can go to see its help file. Here I only give an order to surprise everyone:
LogParser "SELECT Top Path, Name, size,lastaccesstime from C:\downloads\*.* where Lastaccesstime>timestamp (' 01/01/ ', ' mm/dd/yyyy ') and To_lowercase (name) like '%a% ' ORDER by Size DESC '-i:fs-uselocaltime:off-preservelastacctime:on -recurse:-1, as shown in Figure 1. This means that the first 10 files of a name containing a are searched from the C:\downloads directory, and the modification time is greater than January 1, 2004, sorted by size, and displays its path, size, and filename, displaying the time in the machine's timezone. Strong no?

www.sysinternals.com has been acquired by Microsoft and I like its psexec.exe. Psexec.exe My first feature is the conversion of system permissions to user rights, which I've mentioned in the details of the infiltration in my previous column, so I'm not going to write it here. Another feature that I was putting on the web is to put it right. Everyone will have such a situation, got a webshell, in the other machine found some password information, such as MSSQL database password. If the MSSQL password is not an SA, it is the password for the system account. The system is only 80 ports, it is impossible to let you reverse terminal or something, this time psexec can be sent to use. We can execute the psexec \\127.0.0.1 -u administrator-p password C:\muma.exe directly in the Webshell, so that we will directly plant the Trojan. My example here is PsExec v1.21, which may be different in version and slightly different in usage.

Twowww.nirsoft.netAndwww.diamondcs.com.au
If you saywww.sysinternals.comThe PCTools toolset is designed for systems and networks,www.nirsoft.netSeems to have been focused on the collection of individual passwords.www.nirsoft.netis a personal website where the author lives on other people's donations. If you think his tools are well written, you can donate money to the author online. It is said that the author was very carefree and lived in a villa. I guess such authors are starved to death in China, hehe.www.nirsoft.netWeb site out a lot of gadgets, like what grab IE cache password, Outlook, MSN password and so on. If you enter a personal computer, you want to know the personal computer's common password, withwww.nirsoft.netIt's the right tool. It out of the series of tools have GUI and cmd usage, we naturally need to use CMD. The basic formats for each tool are:
★
Option Description
/stext <Filename> Save The list of all dial-up items into a regular text file.
/stab <Filename> Save The list of all dial-up items into a tab-delimited text file.
/stabular <Filename> Save The list of all dial-up items into a tabular text file.
/shtml <Filename> Save The list of all dial-up items into horizontal HTML file.
/sverhtml <Filename> Save The list of all dial-up items into vertical HTML file.
★
The use of this. Let's take a specific command Dialupass2.exe/stext 1.txt, as shown in Figure 2, see no, list the VPN password I used.

As for the www.diamondcs.com.au free tool, I think is the anti-virus software does not kill, like what column process kill process and so on, I grabbed two pictures for everyone to see it (Figure 3, Figure 4).

The tool in Figure 3 is the port counterpart process, and the tool in Figure 4 lists the handle and process ID of the executing program first and then asks if you want to execute the program.
If I were to introduce the three-door tools, I could have a very thick book. Here is just a good point, we can go to the website download trial, I believe you will have harvest.