In fact, the brute-force cracking server is very simple and required.
Port 3389 is a remote desktop port. Many people often enable port 3389 to facilitate server management and update resources on the server. Run the nastat-An command to check whether the port is enabled. If the password of an account is too weak, it is easy to be cracked. Generally, the default account is administrator or admin. For a password that is too simple, it can be found in the 3389 password dictionary, next we will explain the whole process of cracking 3389 servers and getting a server.
Tool: dubrute blasting tool (or frdpb)
SYN scanning tool
IP search
First, use ipseacher to search for an active IP segment, or search for an active 3389ip segment in Baidu, followed by SYN scan, preferably in the server2003 system, actually, you can use vmwarevm to perform a 2003 system scan. If you want to scan Windows XP, first allow XP to support SYN scanning and copy the TCPIP that supports SYN patch to drive C, after restarting, you can perform SYN scanning. The following services are enabled for the newly installed server2003 system.
Scconfig LmHosts start = auto
SC config RpcLocator start = auto
SC configntlmssp start = auto
SC config LanmanServer start = auto
SC configsharedaccess start = disabled
Net start LmHosts 2> NUL
Net startrpclocator 2> NUL
Net start NtLmSsp 2> NUL
Net start lanmanserver2> NUL
Net stop sharedaccess> NUL 2> NUL
Copy the ipfield under ipseachto ip.txt under the synscanner and start scanning for a period of time. Generate IPS documents after scanning. IPS documents contain IP addresses that enable port 3389.
The dubrute tool is used below. This tool is a full English version. I will translate this tool below.
Source indicates "Source ".
Bad indicates "bad"
Good indicates "good"
Error indicates "Incorrect"
Check: "Detection"
Thread indicates "Thread"
Start indicates "START"
Stop indicates "stop"
Config indicates "configuration"
Generation indicates "generate"
About indicates "about"
Exit indicates "exit"
After an important translation is completed, import the IP address of 3389 that needs to be cracked and open generation directly. Three columns need to be added. The first column contains the IP address to be cracked, click fileip to import all IP addresses under IPs. In the second column, login is the login account. Here, we can directly select addlogin to add the user name. You can simply click "Administrator" or "admin, of course, you can also import the username dictionary, but it is slower. In the third column of password, select filepass to import our 3389 password dictionary. Click male to exit the interface. Click config to configure. For 2 GB servers, thread threads can be increased to 2000. We can choose 1000 or 500 .. OK ,the bad.txtand good.txt files are loaded with the correct account and password of our server IP address and the wrong connection IP address.
OK. Click start to crack the server. Wait for the time. A number is displayed after "good", indicating how many servers have been cracked successfully, and "bad" indicates that the server is being checked, we can find the good document under dubrute to open it. We can see the IP address of the cracked server and the Logon account and password.
Congratulations! The brute-force cracking attack is successful. Start -- run -- mstsc-Admin. In the 3389 logon window, enter the IP address, connect to the server, enter the cracked account and password, and log on to the server, in this step, you have successfully obtained a server. Create a user of your own. Do not do bad things. If it is a game server, do not disturb others.
In fact, there are a series of backdoor methods after obtaining the server, including methods for rejecting the net permission.
3389 whole technical process and principle of blasting Server