VOICEOVER: this morning, in order to make the BBS friend Yun Shu happy, she was told that she had used the server account and password to let her see what I think. at the same time, I logged on to the same server as her and started 3389 meat machines using software to log on to my server. I was dizzy and scared to death. Fortunately, it wasn't someone else, * ^_^ *
System Environment:
Windows 2000 professional is used as the local network gateway for my use. Currently, the software is running. The personal test version of Skynet 4.2.8 is Jinshan virus firewall and Sygate (hereinafter referred to as server)
All the pictures below are captured on 98 machines in the LAN. I use 98 + windows 2000 Remote Terminal Service connector and other related software (hereinafter referred to as the local machine)
In addition, the windows 2000 Server machine (hereinafter referred to as the meat machine) that runs remote control software (dwrcc) for logging on to the remote terminal to obtain user permissions, and the meat machine runs the remote control software with a powerful function and graphic interface, you only need to obtain the account and password of the other "windows nt or later versions" to forcibly log on to the server. The connection port is 6129. The colored border indicates the connection window.
Steps:
1. Run the Remote Terminal Service on machine 98, connect to the meat machine, start the dwrcc software on the meat machine, fill in the account and password of the server I used, and immediately connect to the server. Check the server, currently, the security level of Skynet is set to low (Note: Skynet security level, low: computers fully trust machines in the LAN to access various services they provide, however, prohibit machines on the Internet from accessing these services)
There are two desktops in front of which are the server desktop that is connected to the server on the meat machine, followed by the desktop on the meat machine, which was rejected by Skynet three times in total, afterwards, we forced the dwrcc software to log on without any prompts. The IP address was blocked, which is the IP address of my bot. Currently, I intentionally opened two windows on the server, one on Skynet, the other is the dial-up network.
Fear, disconnect dwrcc, disconnect the server, dial again, my server adsl dial-up, and then set the Skynet security level to moderate (Skynet security level, medium: machines in the LAN can only access the network sharing service (file and printer sharing service), but cannot access other services (http and ftp ), at the same time, prohibit machines on the Internet from accessing all these services, enable dynamic rule management, enable port services opened by authorized programs --- From Skynet instructions), and start the Meat Machine dwrcc, connect to the server again. Of course, the IP address of the server has been changed at this time, and you can log on to the server even if you are dizzy, and no prompt action has been made by Skynet.
Just try again, disconnect again, and connect again. At this time, set the Skynet security level to high (security level, high: All applications will ask when accessing the network for the first time, approved Programs follow the corresponding rules. The system drops all ports opened to the outside, and prohibits machines in the LAN and the Internet from accessing their own network sharing services, machines on the LAN and the Internet will not be able to see this machine-From Skynet). At this time, dwrcc can still be connected to my server,
Let's see what programs are running in the small tray of the server's desktop system? There is no icon prompt for dwrcc at all. Maybe my server cannot be seen, the images captured by login from the meat machine cannot be seen, and they cannot be seen on the local machine. Skynet still does not provide any prompts.
At this time, it is proved that Skynet cannot resist the remote IPC $ shared connection of dwrcc at all. In general server or private machine nt or related versions, ipc $ is generally default, in addition, it is not difficult to find hosts with dozens of weak passwords in any IP segment. What's more, some website servers or windows 2000server systems also have weak passwords, I believe in the Protection of Skynet. As a shared software, Skynet has a large number of users in China.
Other words: When I log on to my server through the same bot, there is a QQ friend Yun Shu. Oh, you forgot my server password. Shu is my girlfriend. As long as you are happy, you can access my machine at any time.
PS: Shu, what is the batch processing file you put on my desktop? Also, I saw the notepad document "love :)......" Understand.
PS: I shall not be liable for my tests after obtaining consent.
Full gray track
If you have any mistakes, please correct them.
Original address http://goods.8u8.com/netsky/netsky.htm