PUBWIN is widely used in Internet cafes. It is very convenient to use and manage and is second to none in China.
Today I will discuss the security of PUBWIN. The testing environment is a system with low security)
I. Cracking:
1. Client cracking:
Currently, there are three popular methods to crack the PUBWIN client:
1) use smart ABC Input Method vulnerabilities and software conflicts to crack errors
From the image 001.jpg, we can see that the PUBWIN client only has two processes, RECLOCK. EXE and PUBWIN. EXE ..
Rerock.exe is used to automatically check whether the PUBWIN process runs every 1-2 minutes. If not, it automatically scans the default PUBWIN path and restarts PUBWIN... see Figure 1)
Next let's modify the default path of PUBWIN: The PUBWIN client is usually installed under C: \ Program files \ Hintsoft \ Pubclt \ by default.
In general, the drive C of an internet cafe hides and prohibits access... However, we can use the Group Policy to remove this restriction and run gpedit. msc.
Still open "user configuration" --- "management template" ----- "WINDOWS Components" ---- "WINDOWS Resource Manager" ----- "hide the drive specified here on my computer" --- set it to" disable "; "prevent access to the drive from my computer" and set it to "disabled ";
Then, modify the PUBWIN client path, namely C: \ Program files \ Hintsoft \ Pubclt \, and rename any of the folders ..
If the PUBWIN client is not installed on disk C, you can use the disk management program diskmgmt. msc to change its drive letter, that is, see Image 2)
After logging on to the PUBWIN client, you can use the short message function of PUBWIN. Press the left arrow, press DEL, and press Enter ..
Then RELOCK. EXE cannot find the PUBWIN path and cannot restart PUBWIN. Then the system will crack it...
(2) Use Ultraedit to edit pubwin.exe to crack
This method can steal the PUBWIN system management password.
PUBWIN. EXE is not shelled. We can use Language2000 to unzip pubwinfirst to decompile pubwin.exe later. After decompiling, click "Reference" and select "string data reference" to find "Password error. Please input it again"
It is a password verification statement. If the password is incorrect, we only need to change 7509 to 9090. Because 9090 means to execute NOP twice, that is, do nothing, and the password will not jump. (Now let's take a look at this step. If compilation code is found by others, you don't have to look for it again)