我是一个小小的菜鸟,UNIX主机入侵这些高深的技术还没有学会,怎么办呢,只好用高手们编好的远程控制软件先来尝试一下入侵的感觉了,呵呵,下面我也来谈谈自己使用过程中的一些体会,希望高手们指正。 I was a little rookie, UNIX host intrusion of these advanced technologies have not learned, how to do it, they had to use the master remote control software programmed to try the first invasion of feeling, Oh, I also talk about the following the process of using some of their own experience, who want to master correction. (下面所提的内容只是提供给我们初学者参考学习防范之用) (Mentioned below, the contents are only available to our reference for beginners to learn preventive purposes)
入侵的准备: Preparation of the invasion:
需要软件:代理猎手3.0,冰河2.2,口令邮差外加一个防火墙一般用这些就可以完成一次简单的入侵。 Required software: Proxy Hunter 3.0, 2.2 glaciers, plus a firewall password Postman can generally use these to complete a simple invasion.
一. One. 入侵第一步:设置 Invasion Step 1: Set
1. 1. 代理猎手设置: Proxy Hunter set:
打开代理猎手,选择"系统"中的"参数设置" Open Proxy Hunter, select "System" in the "parameters"
在"搜索验证设置"中把两个"并发连接数"都设置成200,其他选项默认就可以了。 In the "Search Authentication Settings" in the two "concurrent connections" are set to 200, other options default on it.
2. 2. 口令邮差设置: Postman password settings:
打开SETUP程序单击OPEN按钮,选sendME.exe. Click the OPEN button to open the SETUP program, select sendME.exe.
SMTP server即发信服务器,如:SMTP.CITIZ.NET The Outgoing server SMTP server, such as: SMTP.CITIZ.NET
DESTINATION ADDRESS 即你指定的EMAIL地址 DESTINATION ADDRESS EMAIL address that you specify
(这里我提醒一下,最好你先申请一个免费的EMAIL,作为收密码的专用信箱,千万不要设置你主信箱的地址,不然到时万一被人查到,后果你自己想了) (Here I remind you, the best you apply for a free EMAIL, as a collection dedicated mailbox password, do not set your primary mail address, or when the case was to be found, the consequences of your own thought)
SOURCE ADDRESS 随意填一个免费的EMAIL地址. SOURCE ADDRESS randomly fill a free EMAIL address.
填好以后,单击SAVE,即配置成功. After completed, click on SAVE, the configuration is successful.
将sendMe.exe改成backup.exe或其它你认为别人不容易察觉的程序名 Will sendMe.exe into backup.exe or other people you think of the name of the program is not easy to detect
二. Two. 入侵第二步:开始扫描木马端口 Invasion of the second step: Start scanning Trojan ports
1. 1. 先打开你的网络防火墙。 First open your network firewall. (因为你在扫描别人的时候一定会被别人发现你的IP,为了避免没黑到别人,自己先死了的惨剧发生,所以我建议你打开防火墙,比如LOCKDOWN。) (Because when you scan someone else someone else will find your IP, in order to avoid black people did not, he died before the tragedy, so I suggest you open the firewall, such as LOCKDOWN.)
2. 2. 在代理猎手的"搜索任务"中选择"添加任务" In the proxy hunter "search task", select "Add Task"
添加你要扫描的IP段地址,这里有多种方式:如果你要对一个人进行扫描,就选用单一IP地址项。 Add your address to scan the IP segment, there are a variety of ways: If you want a person to scan a single IP address on the selection of items. 如果你想扫描一个网段,就可以选用起止地址范围,可以任意输入你想要扫描的网段的IP开始地址和结束地址。 If you want to scan a network segment, you can choose starting and ending address range, you can enter any segment you want to scan the IP start address and end address. 我建议扫描靠近你IP的网段的地址,因为这样连接速度可以快点,你可以用查询本机的IP地址项来确定你自己的IP地址,如你查到自己的IP是61.151.98.234,那你就可以扫描61.151.2.2 I suggest you scan close to the IP address of the segment, because the connection speed so you can quickly, you can check the machine's IP address entries to determine your own IP address, if you found your own IP is 61.151.98.234, then you can scan 61.151.2.2
到61.151.200.254网段,比较靠近你的机器,速度应该很快。 To 61.151.200.254 network segment, closer to your machine, the speed should be fast.
填加你要扫描的木马端口,如果是用冰河就用7626,"协议"无所谓,"是否必搜"选"是"当然你可以同时扫描很多端口,如黑洞2000的端口2000等,这具体看你要用什么控制软件了。 Plus you have to fill in the Trojan port scan, if it is to use ice on the use of 7626, the "Agreement" does not matter, "it will search" choose "is" of course you can scan many ports, such as black holes and other 2000 port 2000, which specifically see what you want to use control software. 最后点"完成"就可以了。 Finally click "Finish" on it.
(现在知道为什么我选用代理猎手了吧,因为它扫描速度快,功能强大,是个很好的IP扫描工具,不过它本来是用来找代理服务器的,只不过现在我把它用于找中了木马的机器,把这个软件用歪了,呵呵,不过它真的功能很强大,你可以自己研究一下,还有很多用处呢。) (Now know why I use Proxy Hunter, right, because it scans fast, powerful, IP scanner is a very good tool, but it would have come to the proxy server is used, but now I find it to be used in the Trojan machines, this software is to use distortion, Oh, but it is really very powerful, you can look at yourself, there are many use it.)
一切准备好之后就开始扫描,按上面的运行键就可以了,然后你可以切换到搜索结果界面看结果了。 All ready to start scanning, press the button above to run on it, then you can switch to the search results interface to see results. 特别注意:在扫描的时候不要使用其它的下载软件下载东西,因为代理猎手开了200个线程,几乎可以把你的网络带宽吃光。 Special Note: When not to use scanning download software download other things, because the agency opened a 200 thread hunter almost eat your network bandwidth. 这时也别开聊天软件,如OICQ,别人可以通过你的IP找到你的OICQ号,如果你不想以后聊天的时候别人来找麻烦,你就暂时先别开。 At this time also distinguished chat software, such as OICQ, other people can find you your IP OICQ number later if you do not want to trouble others when chatting, you will temporarily be distinguished.
三. Three. 入侵第三步:可以控制了! Invasion of the third step: you can control!
哈哈,找到中木马的机器了! Haha, found in the machine of the horse! 代理猎手会把木马端口开放的机器的IP列出来。 Proxy Hunter will open Trojan port of the machine's IP listed. (咦?连接超时?不用管它,本来就不是HTTP服务器,怎么会不超时呢?呵呵) (Huh? Connection timeout? Do not ignore it, had not the HTTP server, how could it not time out? Oh)
先暂停你的代理猎手然后打开冰河,添加主机,把你找到的主机IP填入,然后连接。 Pause your agent first and then open the ice hunter, adding a host, you fill find a host IP, and then connect.
咦? Huh? 对方没有响应,呵呵,巧了,对方开了个欺骗端口或者他开了天网之类的防火墙。 The other party does not respond, Oh, clever, and the other opened a fraud he opened a port or firewall like Skynet. 怎么办? How to do? 没办法,再继续找吧。 No way, then continue to find it. (不过有一次我记得我入侵过一台开了天网的机器,是用冰河,不知道为什么。)如果是说口令不正确,那么恭喜你,应该可以搞定了,谁叫冰河有万能密码呢。 (But I remember I once had a open invasion of Skynet's machines, is to use ice, do not know why.) Is that if the password is not correct, then congratulations, you should be able to get, and who told a universal ice password for it.
你在访问口令中填入以下密码中的一个: Fill in the password you visit one of the following passwords:
Can you speak Chinese? 通用密码 Can you speak Chinese? Common password
05181977 改良版前的密码 05,181,977 improved version of the password before
yzkzero! 3。0版后的密码然后你按"应用"(记住!一定要按"应用"不然万能密码等于没填。) yzkzero! 3. 0 version of the password and then after you press the "Apply" (remember that! sure to press the "Apply" universal password otherwise equal Motian.)
再把界面切换到"命令控制台",点击"缓存口令"看到"完成"恭喜你了,入侵成功了! Then the interface switch to the "command console", click on the "Password Caching" see "Finish" Congratulations to you, the invasion a success! (对于冰河万能密码的看法,我不知道是不是有很多,但是就我个人测试下来,是99%成功的,就是说三个密码中必有一个可以用,我测试的机器是N台哦,N>100) (Universal password for the views of the ice, I do not know a lot, but on my test down, was 99% successful, that there must be a three passwords can be used, I tested the machine is N sets of oh , N> 100)
接下来要做什么呢? What to do next?
我想首先是要偷到他的所有密码。 I would like to steal all his passwords. "缓存口令","其他口令"和"历史口令"大致上可以看到对方的常用的密码和帐号。 "Cache passwords", "other password" and "password history" generally used to see each other's password and account.
然后就是要上传口令邮差了,先查看对方的进程,注意! Then the postman is to upload the password, the first view each other's process, pay attention! 如果发现有杀毒软件开着,就要终止了,因为口令邮差会被杀毒软件所识破(这里你要问,既然这样,为什么还要选它来偷密码,我想原因有三,第一,它比较小,只有14K,上传时间短,如果是200K以上的东东,我想你还没上传好别人就发现不对而断线了。第二,它功能很强,可以偷到计算机中几乎各种密码和帐号,包括OICQ的和EMAIL的,还有个人信息等。第三,并不是所有的杀毒软件都可以识破它,其实大多数机器上的杀毒软件不太升级,所以也就不会被发现。) If found to have anti-virus software is open, we must terminate, because the password is the postman will be seen through anti-virus software (where you have to ask, so, why choose it to steal passwords, I think for three reasons, first, it is relatively small, only 14K, upload a short time, if it is over 200K stuff, I think you better not upload while others found not break the second, it features a strong, you can steal the computer almost all kinds of passwords and accounts, including OICQ and EMAIL, as well as personal information, etc. Third, not all anti-virus software can see through it, in fact, most machines do not update antivirus software, so there will not be that.)
特注:如果你有功能类似口令邮差的软件,大小在30K之内,而且不会被现在的杀毒软件识破,请推荐给我,谢谢! Special Note: If you have a function similar to a password mailman software, within the size of the 30K, but will not be seen through the current anti-virus software, please recommend to me, thank you!
等确定对方的杀毒软件没在运行时,我们就可以切换到文件管理器,看对方机器的目录和文件了,然后你可以选择一个不太会被打开并不太会被删除的目录把你配置好的口令邮差的木马文件传过去,一般传到对方机器上的备份目录里比较安全,如WIN98。 And other anti-virus software did not identify the other party in the run-time, we can switch to the File Manager, see the other machine's directory and file, and then you can choose a less open and less likely to be deleted you configure the directory good password Postman Trojan file transfer In the past, generally spread to other machines backup directory on the relatively safe, such as WIN98. (什么?你不会上传?不会吧,在目录区点击你鼠标的右键就可以看见这个选项了。) (What? You will not upload? Not it, in the directory area click the right mouse button you can see using it.)
上传OK了,你可以发现在你指定的目录里多了你上传的那个东东,选定这个东东,点击右键,选择"远程打开",用隐藏方式,哈哈,文件打开成功了,建议最好打开两次。 Upload OK, you can find in the directory you specify that you upload more stuff, selected this stuff, right click and select "Remote Open", with hidden way, ha ha, the file open is successful, recommended best Open twice. 然后你可以查看对方进程,你可以看到那个东东已经在工作了,恩,不错,以后可以收到密码了。 Then you can view each other process, you can see that the stuff is already at work, uh, well, you can receive a password later.
接下来你可以读取对方的冰河服务器配置,看看到底是谁黑了这个倒霉的家伙。 Then you can read each other's ice server configuration, to see who in the end this bad black guy. 一般用冰河的高手会设置中的人把密码发到他的信箱里,通过接受信箱你就可以知道是谁做的了。 General use in the ice master will set the password to the person of his mailbox, by accepting the mail you can know who did the. 这里我发现一个现象,就是冰河高手设置的冰河口令一般和他的信箱口令一样,(西西,原来高手有时也会犯错)也就是说,你可以到这个黑别人的家伙的信箱里逛一圈,用他的名义给他留一句让他大吃一惊的话吧,呵呵。 Here I found a phenomenon that glacial ice master password set and his mailbox password is generally the same, (cc, the original master sometimes make mistakes) In other words, you can go to this black guy's other people visiting the mailbox circle, with his name so he left a surprise, then, huh.
所以呢,我给个建议,如果你要配置冰河服务服务端程序,最好别设置自己的信箱,因为太容易就会被发现。 So, I Geigejianyi, if you want to configure the service end of the ice services program, it is best not to set their own mail, too easily be found. (如果想害人倒是个好办法) (If you want to harm would be a good way)
你现在可以更改对方服务器的配置项了,比如把口令给改了,或在注册表启动项中填入oicq.exe作为自我保护等。 You can now change configuration options of the other servers, such as the password to change, or in the registry as a startup item fill oicq.exe self-protection. (呵呵,首先要确定对方是用OICQ的哦)具体配置随便你了,原则就是不要让别人轻易发现! (Oh, we must first determine the other is OICQ oh) whatever you specific configuration, the principle is not to let others easily found!
接下来还可以做什么呢? Then you can do? 那就随便你了,可以看看对方屏幕等等,不过要注意的是就是不要做信息量传送很大的操作,这样很容易被发现。 It whatever you want, you can see the other screen, etc., but to note is that not to do a great amount of information transfer operation, it is easy to find. 好了,如果你玩腻味了,你可以再开始代理猎手的搜查,准备下一次的入侵,一般用代理猎手,在2个小时里可以扫描一大片IP网段,收获很大哦! Well, if you are tired of playing, you can then begin the search proxy hunter, prepare for the next invasion, general use Proxy Hunter, in 2 hours to scan a large IP network segment, and very fruitful Oh!
一次简单的远程控制完成了。 A simple remote control complete. 怎么样? How? 对远程控制有了一定的了解了吧,其实就是这么简单。 Remote control of a certain understanding of it, in fact, is that simple. 不过我再次郑重声明,这篇文章只供你学习参考,而不是要你去攻击或搞破坏,如果你对别人的机器进行破坏性的操作或者做违法的事情,后果自负。 But I once again solemnly declare that this article is for you to learn information, not to you to attack or sabotage, if you someone else's machine for destructive operations or do illegal things at your own risk. 毕竟,大家都是个人上网用户,何必相互为难呢? After all, we are all individual Internet users, so why make things difficult for each other it? 希望通过这篇文章认识更多的网络高手,欢迎您的指点,谢谢! Hope that through this article to know more network master, welcome your advice, thank you!
Tidak ada komentar:
Posting Komentar