Whole Process of hacker intrusion into "online cinema" 2

Blocking: Searching for VOD movies

First, run Windows XP self-contained remote host mstsc.exe and fill in the IP address of the recipient 218. 147. *. * After confirmation, fill in the username hacker and password 12345 that I just created on the logon interface, and enter the target Windows 2000 desktop.

But then I got stuck. This machine has a total of two disks, drive C and drive d, and the total capacity is only 20 GB. It is impossible to hold hundreds of movies, where is my VOD movie?

Movie files must be placed on another machine, which must be connected to the server. At the same time, my analysis on the webpage files of "online cinema" proves that the movie files are not stored locally, but are remotely extracted using the index and classification of ms SQL. This is an iis5.0 + ms SQL site.

Once again, I opened "Administrative Tools" and found a node named "VOD" in "DNS". The IP address points to the address next to the server, I am looking for this "VOD. Considering the close communication relationship between the server and VOD, I naturally opened the "Network Neighbor" of the server. As expected, there were two machines in the entire group, namely the server and VOD. Double-click the VOD icon. The damn system prompts you to enter the user name and password. It seems that the network administrator did not save the password when accessing VOD on "Network Neighbor". Where should I find the password?

Developer: dig out the VOD Logon account password

Just as I was about to give up, my mind suddenly flashed a thought: What if the network administrator wants to watch a movie on his own? There are two ways to do this: one is to watch the video directly on VOD, and the other is to enter his account and password on the server homepage to watch the video. Since Channel 1 cannot be implemented now, what is Channel 2? Even if the network administrator operates files directly on VOD, he must have an account on the server's webpage for testing at least.

Next, find the account and password on the server. Go straight to the ms SQL database of the server. Log on to the server with 3389, click "start"> "program"> "Microsoft SQL Server"> "Enterprise Manager", and then open "Database" under the current server name "server ". I found a suspicious library named "web_new". It should be it! Open it and select "table". All the table names in the database are listed on the right. After observation and analysis, a table named "zh_guanli" is locked, let's take a look at its content. Right-click it and select "Export"> "export all rows ". In the twinkling of an eye, oh, my God, what is this not an account? The account and password of all paying users are here! Sorry, I copied all the columns and saved them to my local machine. The first of these accounts is admin, which should be managed by the network administrator. The password is wzl19750529.

Next, I wiped the footprints, logged on to the webpage again, entered the network management account and password, and finally saw the movie playing smoothly!

Postscript:

Intrusion is a shortest problem. Most of my intrusions do not use profound knowledge or knowledge. The key to the entire process is the ideas and Analysis of intruders. They are good at identifying and exploiting vulnerabilities and finding the simplest and most effective intrusion methods. This is the way hackers do. Also, we would like to remind beginners that "intrusion" is not "destructive "! Everyone needs to grasp this degree