First, let's introduce our main character, ms0539.exe overflow tool from Xiao Rong. If it succeeds, a shell with the admin permission will be obtained. You should be familiar with DameWare development, a remote control tool that will never be rejected by the firewall, and the network management software that will never be scanned and killed.
4.7 (unavailable ?! A lazy can change the system time like me and use it as usual.) wait and use it to scan the machine.
It's almost the same. You should be playing the show! Scan an IP address first. In this step, you can use streaming. Good luck today, there is a weak name = guest Pwd = guest. Okay, let's take this! (Guest cried: "55555. How can I find me? I only have a little permission ." Ms05039: "No way. You are the one you are looking. What should I do if I always get some admin permissions ?") If there is a weak password, the security is definitely not very good. Create a new user guest in the Local Machine, Pwd = guest, do not understand? Because NTLM authentication is required when you use the Telnet command. I Want To ensure security. If the other party is vigilant for this, the loss will not be worth the candle (your kid is savvy: P) after all, it was the first time I used the software of Xiao Rong for testing.
Okay, run =, CMD, and input ms05039 [Peer IP address] [specified port] [System Version parameter] at the prompt. Won't you use it? You can view help.
Ms05039 192.168.62.206 999 1. Overflow successful. (Hey, a black hand opened your door quietly ......)
Telnet 192.168.60.2 999 is a long wait, although only a few seconds. Dizzy, why? I wiped my eyes. Connection Failed ?? No, I'm kidding you. Forget it. When I understand it, I can ask Xiao Rong again.
I think, will it be the opposite party's firewall? First, you can use the tools that come with the system to connect to the system. Control Panel = system management tools = Computer Management (I don't know about this? It seems that you have not studied well .).
Connect to another computer and enter 192.168.62.206 [IP address of the other computer]. The road to success is coming to me.
What services are running?
See no. There is a firewall. Stop it first. Haha, telnet is manual. You can also enable it. (Do not think it is OK to connect via Telnet. In fact, the guest user does not have any permissions .)
There was a burst of laughter. Let's see how I did it. Let's take a look: ms05039 192.168.62.206 999 1. Press enter. You can get 999 successfully. Another trick: Telnet 192.168.62.206 999 and press Enter. Success or failure. This is a long wait, and every second is suffocating.
I saw c: \ winnt \ system32> (overflow successful)
There was another burst of laughter: "I have three moves under my hands. There are not many people in the world !" (Zhao Benshan looked dizzy: "Look at you !") The net user netpaladin 123456/Add command is successfully executed. The net localgroup adminstrators netpaladin/Add command is successfully executed.
The task is half done. The following figure shows DameWare development. I will briefly introduce the commonly used "DameWare:
Applicable to: People with self-help ability and calm mind, otherwise the consequences will be serious.
What is needed: Understand what is an IPC "Internet process connection" remote connection.
Applicability: "After obtaining the remote host admin permission, the host has an IPC $ channel ".
We use it for screen monitoring, screen control, remote command execution, system configuration modification, file theft, webshell, and footprints. Just now, the command line may cause a shadow to the new birds. The graphic interface can be used below.
After getting the account and password, let's proceed to the next step. Let's take a look at DameWare Remote Control in "DameWare", click newhost, and fill in the obtained IP address, username, and password. Click Connect.
The first time we enter this machine, a dialog box will pop up prompting us to install the service on the remote host. Program .
You don't have to worry about it. This installation doesn't have to disturb the other party. The program will help us install it without the other party's knowledge. All we need to do is configure it. The configuration is only convenient for him to use as a hacker tool. Click OK in the dialog box to continue the installation, and then enter the installation dialog box.
This is the setting for running programs on the remote host, so whether the other party can be controlled is configured here. First, we can see four options ,. Select Stop Service on disconnect to stop the service when the connection is disconnected. Select Remove service on disconnect, and the service will be uninstalled upon disconnection. If you select set Service Startup Type Manual default is, the remote DameWare server will be manually started when you connect to the host, and copy configuration files DWRCS will be selected. The server program will install our modification settings and execute them on the other side. We recommend that you select 3 or 4 items and enter Edit to go to detailed settings. Enter edit and configure "DameWare Mini Remote Control Properties ".
Very important! We mainly modify two locations to hide our remote control. If you are interested in other aspects, let's explore them by yourself. Select the additional tag and remove the check box before the Enable ary icon. In this way, notifications are sent to remotely connect to the host toolbar.
Then, select the notify dialog tag and remove the notify on Connection check. In this way, no prompt is displayed when the remote host is controlled.
Are you ready? Click OK to enter the host. Go go! The remote host screen is displayed in DameWare Mini Remote Control. Remember to select view only at this time; otherwise, control the screen of the recipient. The mouse of the other party will follow you and it will scare mm. Oh, this girl is still playing this.
I think this monitoring image is of good quality, and it is much faster than the remote control such as glaciers, and it can achieve this effect without deceiving the trojan. The most important thing is that it will not be scanned and killed, we are not just looking at what he has. Check if she's on QQ. If she has any, add her. In case the other party uses netstat-An to view the network, he can quickly escape.
Put the screen control aside. Let's first look at the stronger tool DameWare nt utilities, which is a tool set, including the remote monitoring just used.
Fill in the IP address just now and click OK. Let's take a look at all the tools of the DameWare nt utilites. The functions are very powerful. To what extent, let's take a look. In addition to damaging hardware, we almost made some other work. Open remote command, open it, and select RCMD view. Enter the user name and password. After logging on, you can enter the doscommand you are familiar.
You can create your own account and do whatever you want. Let's take a look at netstat-An to see if there are other intruders. Let's take a look at the processes of the other party and find the processes that appear after double-clicking them.
The process control is the same as the local process. You know what to do. You can do whatever you like. Let's see if there are any processes that threaten us. Finally, we have to clear our footprints. You just need to plan the task. There are many ways to do this. I am very lazy. Some of the IP addresses are intercepted separately, so there is a slight difference.
to conclude,
do not use ms05039 at will. I did another test later. If the other party is on the firewall, the real-time protection warning will automatically jump out. This is also the reason why my first connection failed. Fortunately, the other party is not very concerned. Or I will stop.
the DameWare development console must also have the admin permission. Otherwise, the recipient's cmd prompt cannot be started. If the other party does not have the admin permission, add the permission group to it. If you have any mistakes, please forgive me and I sincerely hope you can communicate with us.