WIN2000 Input Method Intrusion _ Web surfing

This is a simple intrusion, but the result of the most serious user loss of an intrusion method, strictly prohibited invasion of domestic host! Please use the!!! carefully
(using System: WIN98/ME/2000/NT) This method is effective for simplified WIN2000. So practice can, but don't spoil. It is easier for academics who understand net and IPC pipe intrusions to learn.
A preparation tool: WIN2000 Terminal Services client program, SQLEXEC program, Superscan scanner.
Two we first run the Superscan scanner, the scanner settings as shown:
Superscan settings
Note: The main change is two places: one IP address, another port to 3389.
Three we sweep out the 3389-port open host, using the SQLEXEC program to see if you can create a new user. If you can't create it, give it up, (there's another way, of course, below). If we can create users with net user and add users to the Administrators group, congratulations. Ready to land.
Four we open the WIN2000 client program. In the top one to fill in each other's IP. Other items need not be changed. Press Connect. After a few seconds, the client opens a window:
Five this picture believe you very familiar with it, in the user name fill in the username you just created, password column fill in the password you created and then click OK. Oh, wait a while (the specific time to see speed) on the landing to the other machine window. As shown in figure
Landing Success Window
You can see all the contents of the other host, (How do you feel like a glacier?) Ah, the glacier is not so intuitive ah) equals you took the other side of the machine, its life and death is in your hands. But don't do anything bad. Oh. Remember to delete the intrusion record when you go in. Delete the C:winnt\system32\logfiles\*.* file. Don't delete the wrong.
The advantages of the above method is that you can enter the user name and password can be logged, the disadvantage is to use a sqlexec a try. There is another way: This approach is appropriate for students who are proficient in net commands.
We use Superscan to scan a segment first, scan port set to 3389, run Client Connection Manager, add any addresses scanned to, set up Client Connection Manager, and then connect to the server. A few seconds later, screen display WIN2000 login interface (if found to be in English or Traditional Chinese version, give up, another address), with ctrl+shift fast switch input method, switch to full spell, then in the login interface will appear in the lower left corner of the input state bar (if not appear, please wait patiently, Because the other side of the data flow transmission there is another process. Right-click on the status bar of the Microsoft logo, pop-up "Help" (if you find that "help" is grayed out, give up, because the other side is likely to find and has made up the vulnerability, open the "Help" column "Operation Guide", in the top of the taskbar right-click, will pop up a menu, open "Jump to URL." The WIN2000 system installation path and the blank bar of the path that we are required to fill appear. For example, the system is installed on the C disk, the blank column to fill in the "C:\Winnt\System32". Then press OK, so we successfully bypassed the authentication and entered the SYSTEM32 directory of the system. Now we are going to get an account and become a legitimate user of the system. In this directory find Net.exe ", for Net.exe" to create a shortcut, right-click the shortcut, in the "property"-> "target"->c:\winnt\system32\net.exe empty after a grid, fill in the user username password/add " , create a new account, run the shortcut, and you will not see the running state, but the new user has been activated. You then modify the shortcut to fill in the LocalGroup Administrators new user/add and turn the new user into a system administrator. You can enter it with SQL and IPC pipe commands.
Well, three of the most frequently used intrusion methods have been simply said. We can refer to the practice. Must not destroy the domestic host. Not to be punished by the law.