Research on exploiting the vulnerability of FTP server to find broiler

1, scan and determine the target

As the saying goes, to make haste, to get a large number of chickens in the shortest time possible. You must first identify the host that has the FTP service, which is done by scanning

Ftpscan is a command line of the FTP weak password scan in the specified IP network segment Fast scan for hosts with FTP weak passwords, speed and stature are all first-class. The usage is also very simple!

Step 1: Go to the DOS command line and go to the Save Ftpscan Path Input Scan command: Ftpscan.exe 218.109.2.1-218.109.2.255 IP segment can find its own

That is, 200 of the number of threads to scan the network segment, 218.109.2.1-218.109.2.255. See if there is an FTP weak password

Step 3: The time can be scanned, scan results in the same directory under the Ftpscan.txt save, open the view, you can see some open the FTP weak password host. These are the things we're going to

The target of practicing guns

2. Confirm FTP Server type

Although we've just taken the steps to get a large number of hosts with weak FTP passwords, it doesn't mean they can be hacked. Because their FTP server type is not yet determined. It could be Microsoft.

FTP. or wuftp and so on.

And we invade the exploit is serv-u ftp, so we must also have the FTP weak password host to carry out type confirmation;

Step 1 Filters The ftpscan.txt that you just scanned. Leave all IP. Save with the rule for each IP row.

Step 2 to open the Superscan scanner. Check "show host Response", select "Import file" in IP settings, then select Saved Ftpscan.txt, and finally define scan port on 21. End of

After that, it's going to start scanning.

Step 3: Scan quickly. The FTP server type of the scanned host is shown in detail. You can see that the FTP server type for a target host is: serv-u FTP

Ii. invasion of designated targets

Through a series of steps, such as the scan just now. I've identified the target to be laid.

Below, start the intrusion using the Serv-u mdtm Overflow vulnerability.

Step 1: Run the serv-u mdtm overflow application killftp at the command line. See Help file

Step 2: Follow the prompts. We enter the command: KILLFTP 218.109.2.222 ftp FTP. That is, for an IP of 218.109.2.222, the account number is FTP. The password is an FTP host to attack,

As you can see, the 8111 port is connected after the prompt succeeds

Step 3: Follow the success prompts. We use the NC Port program to connect to the target host's 8111 port, enter the connection command: NC-VV 218.109.2.222 8111 will soon be able to get a new

DOS window. And this window is administrator-only. It's that simple.

Third, rear door rotation reserve broiler


Pass. The method just went inside the server, but it was a little hard to keep the chicken.

One is. Maybe it's dynamic I was lost after the reboot, or the other manager was alert. Don't let you have the slightest chance of leaving the back door. So what do we do? I recommend a non

Often good backdoor tools to solve the problem, the Web my PC is an automatic online remote management software. Originally for the Administrator remote management of the host, it has automatic on-line, connection speed,

It can be manipulated directly in the browser. No external software is required. The chicken that was there was Terminal Server (remote Terminal Services). It's easy for me to go through the connection and get inside.

Below the graphical interface to install the Web my PC as a backdoor. Step 1: Open the Web my PC's main program on the broiler to set up. First fill in the login name and password, which requires registration, because the Web my PC is a service provided by a company, in order to use it, you must

Register first.

Step 2: Next in the Web my PC's main program fill in the login name, password and other related information, set up. You can start running. The taskbar in the lower-right corner of the screen displays its icon at run time. Step 3: Click the right mouse button on the icon displayed in the lower-right corner of the taskbar and choose Install as Windows Service so that you can install the Web my PC as a system service.

Services can be found: Webmypc server. Set its startup type to automatic and start the service.

This completes the installation of the service. It will start randomly at a later time.

Step 4: The icon displayed in the taskbar in the lower-right corner is an eyesore. It's easy for an administrator to find out, so you have to remove it by clicking "Start", "Run", and enter regedit. Open the Registry,

The entry path for Hkey_local_machine\software\mirosoft\windows\currentversion\run will webmypc the startup key value. Webmypc deleted. That's not

The taskbar will display an icon in the lower-right corner.

Step 5: After all set up, you can login to the site: Http://dns0755.net fill in the application username and password entered, and then point "self-service" project, you can find

to the online broiler. Name: Black egg. So you can control it remotely.

This use of this loophole and the introduction of the backdoor webmypc, can do a lot of chicken, and will not worry about the loss of chickens, it is the right or wrong