Experience a hacker feel-ipc$ remote control of intrusion

Preface

look at you just look at the title come in, I am not the title party Ah, everyone down, this article mainly introduces the use of IPC Sharing vulnerability upload and execute trojan.

Basic Knowledge

I. What is IPC

interprocess communication (ipc,inter-process communication), which is a technique or method that transmits data or signals between at least two processes or threads. A process is the smallest unit of resources allocated by a computer system (strictly speaking a thread). Each process has its own part of a separate system resource that is isolated from each other. Inter-process communication is achieved in order to enable different processes to access resources and coordinate work with each other. To cite a typical example, two applications that use interprocess communication can be categorized as clients and servers, client processes requesting data, and server-side replies to client data requests. Some applications are both servers and clients, which are often seen in distributed computing. These processes can run on the same computer or on different computers that are connected to the network. Interprocess communication technologies include messaging, synchronization, shared memory, and remote procedure calls. IPC is a standard UNIX communication mechanism.

Ii. What is a null session

A null session is a session established with the server without trust (i.e. no user name and password), but according to the access control model of WIN2000 (for example, Win2000), the establishment of a null session also needs to provide a token, but the null session is not authenticated by the user information during the establishment process. Therefore, this token does not contain user information, so this session does not allow the system to send encrypted information, but this does not mean that the null session of the token does not contain the security identifier SID (which identifies the user and the owning group), for a null session, the SID of the token provided by the LSA is s-1-5-7, This is the SID of a null session.

third, what is a Trojan horse

Trojan Horse (Trojan), also known as Trojan virus, refers to the control of another computer by a particular program (Trojan Horse program). Trojans usually have two executables: one is the control side and the other is the controlled side. The name of the Trojan is derived from the ancient Greek legend (the story of the Trojan Horse in Homer's epic, the Trojan Horse of Trojan is meant to be trojan, that is, the story of Trojan Horse). "Trojan" program is currently more popular virus files, unlike the general virus, it will not self-breeding, nor "deliberately" to infect other files, it through the camouflage to attract users to download the execution, to the application of the Trojan to provide open the host of the portal, so that the seed can be arbitrarily destroyed, stealing the files of the species, Even remote control of the host. The production of Trojan virus seriously endangers the safe operation of modern network.

Related information:

1, Trojan related technology album
http://bbs.ichunqiu.com/forum.php?mod=collection&action=view&ctid=43
2, virus-free kill technology-signature code to avoid killing
http://bbs.ichunqiu.com/thread-6802-1-1.html

Body

two steps, the first step we use ipc$ sharing vulnerability upload Trojan; the second step is to use Metasploit to execute the Trojan.

first, the use of ipc$ sharing vulnerability upload Trojan

First of all, let's introduce the experimental environment
Lab Environment:
attack aircraft IP address: 10.1.1.2
target drone IP address: 10.1.1.110

first, let's prepare the tools we need.

Tools:

• Metasploit
• Remote Control Trojan (remote control Trojan generate everyone to see my relevant information 2)

Operation steps:

Let's first scan the target host for the presence of the IPC weak password (PS: Nonsense, target drone must exist)

Here we need to use the Metasploit Smb_login module, which is a login check scanner

using modules, search module



View settings: You can see that we need to set the username and password dictionary and our target address



Set Destination address, set user name and password dictionary



we can see that we successfully burst into a weak password .
administrator/123456



Next we establish a connection with the 10.1.1.110 target drone using the net USE command



use copy command to upload our wood to target drone immediately.



This is our first step to complete.


second, the use of Metasploit execution Trojan

Here we are going to use the PSE Xec_command module for Metasploit (the module name is masked, not knowing what to do, only a space in the middle), this module is for Microsoft Windows Authentication Command execution.

using modules, search module



viewing settings, setting the destination address, setting the user name, setting password, setting the command to execute on the remote host



results such as:



we can find our Trojan on the line.




Concluding remarks

In conclusion, we learn the knowledge in this article. Here we first learned to use the ipc$ sharing vulnerability to upload trojans and execute, in which we learned how to use Metasploit in the smb_login and PSE XEC_ Command module, understand what is the IPC, what is the empty session and some related knowledge of Trojans, then this article to the end here, thank you for your support, if there is any problem with the article, you can leave a message below, I will often come to see, thank you.

Experience a hacker feel-ipc$ remote control of intrusion