PUBWIN Internet cafe management software cracking and Prevention

PUBWIN is widely used in Internet cafes. It is very convenient to use and manage and is second to none in China.

Today I will discuss the security of PUBWIN. (The test environment is a system with low security)

I. Cracking:

1. Client cracking:

Currently, there are three popular methods to crack the PUBWIN client:

(1) cracking through smart ABC Input Method vulnerabilities and software conflicts

From the image 001.jpg, we can see that the PUBWIN client only has two processes, RECLOCK. EXE and PUBWIN. EXE ..

Rerock.exe is used to automatically check whether the PUBWIN process runs every 1-2 minutes. If not, it automatically scans the default PUBWIN path and restarts PUBWIN...

Next let's modify the default path of PUBWIN: The PUBWIN client is usually installed under C: \ Program files \ Hintsoft \ Pubclt \ by default.

In general, the drive C of an internet cafe hides and prohibits access... However, we can use the Group Policy to remove this restriction and run gpedit. msc.

Still open "user configuration" --- "management template" ----- "WINDOWS Components" ---- "WINDOWS Resource Manager" ----- "hide the drive specified here on my computer" --- set it to" disable "; "prevent access to the drive from my computer" and set it to "disabled ";

Then, modify the PUBWIN client path, namely C: \ Program files \ Hintsoft \ Pubclt \, and rename any of the folders ..

If the PUBWIN client is not installed on disk C, you can use the disk management program diskmgmt. msc to change its drive letter.

After logging on to the PUBWIN client, you can use the short message function of PUBWIN. Press the left arrow, press DEL, and press Enter ..

Then RELOCK. EXE cannot find the PUBWIN path and cannot restart PUBWIN. Then the system will crack it...

(2) Use Ultraedit to edit pubwin.exe to crack

This method can steal the PUBWIN system management password.

PUBWIN. EXE is not shelled. We can use Language2000 to unzip pubwinfirst to decompile pubwin.exe later. After decompiling, click "Reference" and select "string data reference" to find "Password error. Please input it again"

It is a password verification statement. If the password is incorrect, we only need to change 7509 to 9090. Because 9090 means to execute NOP twice, that is, do nothing, and the password will not jump. (Now let's take a look at this step. If compilation code is found by others, you don't have to look for it again)

Run ultraedit32,open pubwin.exe, find "85C07509", change it to "85C09090", find the next one, and change it to "85C09090"

Save... and rename the original path PUBWIN. EXE. Then copy the edited PUBWIN to the original directory... OK to log out ..

Then you can exit PUBWIN without entering the password ..

After exiting system management... then click system settings... open the "asterisk viewer", move the cursor to the password of the asterisk...

See. This is the password of the system administrator.

Ii. Prevention

For the first method of cracking... It is very easy to prevent.

You only need to install a patch for the smart ABC input method...

Disable the 2000/XP file protection function before copying...

XPLITE_TRIAL: It can disable file protection of 2000/XP ..

Decompress WINABC. IME to c: \ windows \ system32.

2. Disable the short message function of the PUBWIN client... This function has no function at all,

Instead, it becomes a tool for cashier and guest chat, so we recommend that you delete it.

Open PUBWIN. EXE with ResHacker

Expand menu ---- 137---2052 --- send a short message to MENUITEM .." Delete this sentence

Save .. OK .. Success ..

For UE cracking, I only need to give a few suggestions...

1. Install the PUBWIN client on the C drive as much as possible, and do not install it on the default path ..

2. Use the Group Policy to hide drive C and prohibit access .. You are prohibited from using software such as control panel, registry, CMD. EXE, and WINRAR .. Download prohibited (if you are not in trouble)

3. Rename the Group Policy GPEDIT. MSC ..

4. Use the PUBWIN patrol Client Detection Software

The PUBWIN patrol is to check whether the PUBWIN process exists for all hosts with network connections in the network segment .. If the network connection is normal but PUBWIN is not running, the host is in the "warning" status .. The client of the host may be cracked.

Note: when the system is started and shut down, PUBWIN has been turned off or is not running, and "warning" is displayed as normal...

In fact, the Internet cafe system is intended for customers. A system that is too secure is certainly good for us, but it may not be suitable for customers, so our system security should be moderate, however, the ease of use must also meet the customer's needs. If a plug-in, a ** map or scanner patch, image, or MP3 are not allowed to be downloaded, then the customer is unacceptable. Only a few people can crack this phenomenon. We can only promptly discover and persuade those customers who crack the attack so that they can become friends and study and learn together.