Using DWRCC to break through Skynet Firewall (experience) (figure) _ Vulnerability Research

External voice: This morning, in order to tease BBS friends Cloud Shu Happy, special told her I used the server's account and password, let her see my good dongdong. Meanwhile, I and her login to the same station to open 3389 meat machine use software login to my server, dizzy, scared to death, fortunately, not others, * ^_^ *

System environment:
Use Windows Professional as I use LAN intranet, currently running software, Skynet 4.2.8 people beta, Jinshan Virus Firewall, Sygate (hereinafter referred to as the server)
All of the following pictures are in the LAN 98 machine on the map, I used 98+windows 2000 remote Terminal Services connectors and other related software (hereinafter referred to as the machine)

Another running remote terminal login to get user rights to Windows Server machine (hereinafter referred to as meat machine), meat machine running remote control software DWRCC (a powerful, graphical interface of remote control software, just get each other "Windows NT or above version" Machine account and password can be forcibly logged in, connect Port 6129, the following image has a color border is his connection window

Steps:
1, run the remote Terminal Service on 98 machine, connect to the meat machine, start the meat machine DWRCC software, fill in my Server account number and password, halo, immediately connect to the server, check the server, the current Skynet security level is set to low (note: Skynet security level, Low: The computer completely trusts the machines inside the LAN to access the various services they provide, but prohibits access to these services on the internet---from skynet description)

As shown in the picture, there are two desktops, the front is the server desktop connected to the server to see on the meat machine, the back is the meat machine desktop, Skynet rejected a total of three times, and then let DWRCC software forced login without any further prompts, which IP has been blocked, my meat machine IP, the current server I intend to play open two windows, One is Skynet, the other is dial-up networking.

Heart fear, and then disconnect DWRCC, disconnect the server, redial, I server ADSL dialing, and then Skynet security level set to the (Skynet security level, in: LAN internal machine only allow access to network share services (files, printer sharing services), but not allow access to other services (HTTP,FTP And also prohibits the access of all of these services to the machines on the Internet, open dynamic rule management, allow the authorization to run the program Open port service---from Skynet description), start the meat machine DWRCC, and then connect the server, of course, at this time the server IP has been replaced, Halo incredibly can also log into this server, as shown in the figure, And Skynet didn't make any prompt moves.

Simply try, then disconnect, and then connect, at this time the Skynet security level is set to high (security level, High: all applications for the first time to access the network will be asked, the approved program is in accordance with the corresponding rules action.) The system will screen out all the ports open to the outside, prohibit the LAN and the Internet machine access to their own network sharing services, LAN and interconnection of the machine will not be able to see this machine---from Skynet description), at this time DWRCC can still connect to my server, as shown

Let's take a look at the server's desktop system. What programs are running in the small tray? There is no DWRCC icon hint, perhaps my server can not see, from the meat machine login caught pictures can not see, and in this machine can not see, Skynet still did not make any hint.

At this point, it is proved that Skynet can not withstand the DWRCC remote ipc$ sharing connection, and in the general server or private computer NT or related version, ipc$ is generally the default, and any one IP segment, find more than 10 weak password host is not difficult, What's more, there are also some Web servers or Windows 2000server system also have weak password, and excessive trust Skynet protection, Skynet as a shareware, in the domestic user is quite many, I hope everyone careful

Words: At the same time after the same meat machine login My server has a QQ friend Cloud Shu. Oh you still forget my server password, Shushufindi my girlfriend, as long as you are happy, you can access my machine at any time
PS: Shushufindi, what is the batch file you put on my desktop? Also, I saw the Notepad document "Love:" ... "I understand."

PS: I have done the test system after the consent of the test, any imitation of the consequences of all, I do not bear any responsibility

Complete the gray trajectory Mowgli
If there is any mistake, please correct me.
Original Address http://goods.8u8.com/netsky/netsky.htm