An error occurred while starting IIS, IWAM, and IUSR accounts!

The server is hacked today.
It should not be an SQL inject attack method ~
It is estimated that most of them are caused by the MS system Overflow Vulnerability ~
I leave a message to the hacker, hoping to give some advice, but the other party seems to be not interested in helping me. I just mounted a Trojan and a stenographer on the homepage multiple times.

So I decided to restructure the server ~
First, use the system vulnerability scanning tool of the new Kingsoft drug overlord version:

Upgrade with the old version
Click to download this file
Use the new version for upgrade (the new version requires a DLL file of SQL SP4 downloaded from the old version)
Click to download this file

We have upgraded Win2000 and installed all patches.

Then begin to operate on the Administrator account and Guest Account

In fact, there is no problem with the administrator account. Add a 20-bit random password.
On the IUSR _ ****** and IWAM _ ***** accounts used by IIS, I made a fatal error due to poor learning skills ~
I mistakenly changed the 20-bit password for the two accounts, because I think the default account may be used. The password only needs to prevent malicious login.
Soon, I found my website inaccessible ......
Tip:

Program code:

[Copy Code] [run code]

Server application error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for maintenance.

Fainting ......
I thought that the default account is empty, and only need to reply, the result is to restore the passwords of IUSR _ ****** and IWAM _ ****** to null, still error ...... It seems that the system has a random password for these two accounts ......
It is useless to regret it. I started to check the relevant materials ......

I will not talk about the process during this period. I made a detour for two hours ......

Two vbs tools provided by IIS 5.0 are used:
Click to download the file (rename synciwam. vbs after the download)
Click to download this file (rename it adsutil. vbs after download)

There are two methods:

The following is a simple example:

Exploitation:
1. Obtain the IUSR password and run it in the DOS window.
Cscript.exe adsutil. vbs get w3svc/anonymoususerpass

2. Obtain the IWAM password and run it in the DOS window.
Cscript.exe adsutil. vbs get w3svc/wamuserpass

Obtain the original password of the IIS database. directly in the management tool, set the IUSR _ ****** and IWAM _ ****** accounts back to the random password generated by the original system.
(It's really simple ...... I was wrong at first, and then I got bored ......)

Here is a tip,
In Windows 2000, the default password is displayed as an asterisk and must be edited in adsutil. vbs.
1. Use notepad to open the adsutil. vbs File
2. "issecureproperty = true" is found"
3. Change the attribute to "false"
4. Save the file
The password is in plain text ~

The actual method is as follows:

Process:
Right-click my computer-Manage-local users and groups, and set passwords for IUSR _ ****** and IWAM.

IUSR problems:
Run the Internet information service tool in the management tool and right-click the forum in question on the IIS console. In the displayed dialog box, select "properties", switch to the "Directory Security" tab, and click "edit" in the anonymous access and authentication control bar. The "authentication method" dialog box is displayed, select "Anonymous Access" and click "OK.

IWAM problems:
2. Start -- run -- press cmd,
Then cd c: \ Inetpub \ adminscripts
Then cscript.exe adsutil. vbs set w3svc/wamuserpass "your password". This is the password set by IWAM _ ***** in the previous step.
Then cscript.exe adsutil. vbs set w3svc/anonymoususerpass "your password". This is the password set in the previous step IUSR _ *****.

3. Synchronize the password of the IWAM account and script synciwam. vbs
Cscript.exe synciwam. vbs-V,
Then restart IIS

4. This step should be successful, but I encountered the 8004e00f error in step 1. After searching for information on the Internet for half a day, I found that there was a problem with the MSDTC service. Then I finally got it done. The steps are as follows:

1. First, go to the component service and check the component service/computer/my computer/COM + application. The error "COM + cannot talk to Microsoft Distributed Transaction Coordination Program" is returned ", you cannot view the objects in it.
2. Go to the Event Viewer and find that the MSDTC Service is not started properly.
3. Delete the keys in the registry:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ MSDTC
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MSDTC
Hkey_classes_root \ CID
4. Run cmd to stop the MSDTC Service: net stop MSDTC
5. Uninstall the MSDTC Service: MSDTC-uninstall
6. reinstall the MSDTC Service: MSDTC-install
7. confirm that the MSDTC Service has been started properly in the Event Viewer [this step is critical. If not, restart the computer to check]. Here is a tip to check whether the MSDTC Service is started, run the net stop MSDTC command, and the system prompts that the instance is being stopped and the instance is successfully stopped. Then, run MSDTC-install to check whether the instance is successfully stopped.
8. Reset the iis iwam account password. [In User Management in Computer Management]
9. Synchronize the password of iwam_myserver in IIS metabase, in cmd: C: \ inetput \ adminscripts> adsutil set w3svc/wamuserpass "yourpassword"
10. Synchronize the iwam_myserver password used by the COM + application. In cmd: C: \ inetput \ adminscripts> cscript synciwam. vbs-V
11. Success !!!!!
In order to reply to the original security settings of the system, I executed MSDTC-uninstall

Everything is finally OK ~

[The above article is an online repost] The following are my steps, which are not so troublesome: 1. Only change the password in the user management on the control panel 2. Run c: \ inetput \ adminscripts> cscript synciwam. vbs-V to synchronize the modified password to COM +.