As soon as the streamer course opens, z $ g * m * u

Many newcomers don't know how to start when using streamer, and the topics discussed in Xiaorong Forum are mostly elementary questions such as "how to add users":), so I spent some time writing this simple tutorial, hoping to make beginners get started quickly. Xn3l E & ampe M‘fl7i

h4r 3 |）V“S & amp； y

Personally, I think the cracking of streamer can be divided into five parts: #? c“J4l‘ul； mother

nZX‘VD； e3d 4 {+A6g I。 Pop 3/FTP/… detection

y D Z“Aw9e

N z*l6A8nuxjAZ ii。 IPC detection

+V8 }】2i X R3 { V ~ 7 cnnzi:W2u

Third, SQL detection

0b *【 1x8g‘u # } } 8Hx8O

Four. Advanced scan 4v`i' \ d \ z

\）r+x！ e-q）j BF

Verb (abbreviation of verb) Other …9FZ% J-tE6c(}+N8v

Qh @ 4vx 'p Due to the development time, the above detection modes are slightly different, so it is divided into four parts. This tutorial is about the first part of detection. The latter detection method should belong to the advanced application of streamer:) Z:X%? # A+y A & amp； V

6JO v+】f9jS, m x Let me briefly talk about the basic cracking process: $~S @O%r2D.

Z |+|)qsq BC 1, you have to have a streamer. I used streamer 200 1. Applicable to Win98 Chinese version. It is also acceptable for Win2000. nQ4】v-az9 NCD * _ 7G

Q&A: x7c. Kf4u starts streamer for the first time and sees the following interface:: X2jronj+X.

“d）zkP！ \ h $ a】| & amp； Q0uro

x-U9【zO“k； M

You need to register for the first time, but don't think about spending money:) Xiaorong just wants to see how many people use his streamer. You can fill in the corresponding options and click Send. If the sending fails, you can change the sending server.

1dy*^7cm4y4jj7ba）【srpa 7 _/w

s； X j@_H

e+U4xtR:@ 5EYt/CJ）}

Because the reloading system doesn't know how many times it was sent: (. If you don't want to register, just wait for the progress bar below and click "Later". As shown above:

y\Bs9Np9~9f%Ol`9F F5OGX-X？ 3c@U9L

tN； FQDgH-x-s（Z5w5FEr @ p【

h9ed$^"n[*p"x。 a $ } vtx 6q 2sj

2. Find a place. I chose the homepage space of China (home4u.china.com). The detection method is FTP.

|B^Fk4Y +I V+X lf

People often ask what the scanning port is for. In fact, the function is that you know what services it provides, and then you can take corresponding detection methods to get through:) We know that almost all homepages are uploaded through FTP, so we will test a bunch of usernames this time to see if there are retarded passwords. Hehe, if there is hacker.at.china.com, we might as well keep it for ourselves:)

4n9N OnqZkd

7W NmEQ5ZHw 3。 Add the name of the website to be cracked: right-click the FTP host → Edit → Add → Enter home4u.china.com → OK! \:】B E‘mgw

mZy9yF:qpE8K eJ5L！ I a#C4I 1O*w

Yu&CX # x $ x

CrN Ap

! ZS，@}0m/P，V7} 4。 Add User Name: We need to crack a bunch of user names, so we need to add a list file of user names! Let's add Name.dic to the Streamer directory:) Right-click the host you just added: home4u.china.com → Edit → Add from the list → Name.dic → Open.

; g$d.k H-W 5itXRHu%？ 8G

7 _ bvg‘fu

C & amp@ 2H W .】S NO % yOw-y . \ * E x hJkB6l

1l； v0{ `！ ~d+e%hU u

Then the prompt "Users already in the list" will appear, and we choose "Don't prompt again" → OK. As follows: 6A ~:uu X3eh

$G7Z%~ nw

wVF5^tB#yT#k%Nf7c

Ckjr-x [_ @-b] Too many user names. We can use the "-"sign in front of the host to narrow down the user list, as shown below:

+l3^8TC0R3Ml

7Q，FP OE `“【MK z-m 1x^kb8j$ej】

! V8WoCEr

Please note that there must be a √ in the box before the name. If not, it can't be detected. People's Republic of China (PRC)

\JL，X5W Cv Lv o3G

With the user name, we can detect it, and everyone will think of how to use the password. Actually, streamer has a simple detection mode, that is, it uses the built-in passwords ":"123456 "and" user name "for detection, because this password is used most frequently:) 9r)? e b； M4Y5y#pixy

{M JrO#j@Hmg_ Of course, you can modify this simple mode file and add a password that you think is retarded. The method is: click Tools menu → Pattern file settings → Simple pattern detection setting file → Add password to join → Save setting file! OQhI^,O

F Q_~。 K ODI, let's see how many of these names use "123456" and "own name" as passwords.

} S ~ 5M {）E

EbUz RqHZ detection → simple mode detection!

Dollar b' n (jr.ik0h @)

b（P * | @-s，U！ p； uO。 {mm-hmm. T2l*t} ，|

T] ask and answer. I2q~

3F _（W（C . j？ \

M s+q O3L$s detection …

:fJ+A； T @ S } & ampu

y+g . Bl C-_ 6x“U @ X+m 1】B

$k.S*q！ g .】X

K]e/y^Ii

:]^YE/A$fB#W

1M+】t+eW QAM 6。 After testing, we have seen the results. Streamer will ask us whether to check the intrusion detection report. If we don't want to see it, we can choose no. ..

*sQ！ cR:C‘OMS

; w I `& amp； x+y

| I）vh7？ xc|

; HGA+B5R:VT # JE report screen

2z）S“nS @ l4 ~ # VM

ydx！ w*O b| {？ Cb 1ZDZ

\. I'm c`h xc 7. If you want to detect user names, you need to add a dictionary or password scheme. The method is: right-click the decoding dictionary or scheme → Edit → Add → Select the password file. 】}E5？ J l/@

J $``` IO # R3i is a simple flow detection. In fact, these functions can only be regarded as the functions of Streamer version 2.5. The IPC/SQL/ advanced scanning function added in streamer 200 1 makes streamer more powerful. If you are already familiar with this, I believe you will learn other ways to use it quickly by reading Streamer's help.

9\W i R-JUV j {L k/X |

About the user name: Some people think that the user name they joined does not necessarily exist. If it doesn't exist, wouldn't it be a waste of effort? You can rest assured that streamer will verify this. Besides, there are so many registered users now that it is hard to think of a name without it. If you don't believe me, try.

Vi~PLWdY UYk5@Ou

Question about dictionaries: streamer can use dictionary scheme for detection, and of course it can also generate dictionaries. Some novices don't know how to do exercises, and you can also use notepad to generate them. Enter the password for each line, save the password and rename the extension. DIC, streamer will recognize it:) If you can't even change the extension: (Then …

WP-w7J“Ga）\ af+p

L/\Di/`@y X#c

2a2H~/f9W【，L o r @m F ~

As long as you are studying, everyone will encounter difficulties. I have many questions, too. I have to ask Xiao Rong and EKIN for advice. Welcome to communicate more:)

】J+|3{，mJ-k#j！ M

0W H%X$sp/@ a

u3I4L%S9n btd

p # m）Zqs

` 1 _ s“W）BD:c“{ n _ & amp； r】

To be continued …

Cigarettes may 28, 2007

Streamer course 2

I haven't written for a long time, which stems from my laziness and lack of passion for life. My notebook is full of promises to my friends

l P8M“F5M:B2 | 0k！ J:Ix~R h

Now that you have seen this, please listen to my complaint:) You should have a correct attitude towards safety, and don't think that knowing how to use tools can make you successful.

{ B \【y0x \/u‘a+g a S）tUc

Communication and study are the most important. Whether we are in a high position or a low position, we should keep a clear head.

r p4O）Z‘Qt # L n . wxu 3zk 0x

5F, I GX! xJL+Z#`dN

Today I'm going to write about the IPC detection of streamer: \, `; P_ `？

Ev b n+jq I. Purpose and task:+@&; g2b/DP+I

m UA0P @ O； T-bag ? data processing

1. Get the administrative authority of nt host with streamer IPC detection and make it a springboard/agent.

V | nnP_ gTX】2。 Understand IPC detection.

! Chew 4v, FT9 ~ 4x-R0J' u: \ | TD

Second, the detection process:

e】，@9y/b Bm#a~ S8HD#？ %X

1, you have to have streamer, and China version of streamer 200 1. Win2000 is used in my experiment. Not for Win98. Because the IPC connection function is NT/

X.Q#mG"Vj^S }+T！ J (USA, o|P 1F\I2p)

Functions provided in 2000. Moreover, Streamer FOR 2K requires your operating system to be NT/2000, otherwise the Streamer startup will fail!

+df DOX； }）J（~ \ q . ` v \ & amp； |7\3o

What is IPC:

l2E6WK0@4b^

d，d-Txkrx！ MilIPC refers to "interprocess communication", specifically ipc$ is the default admin share when the system starts. . p gsh Y_E

S#M+Y+c^+\_|

IPC$ is a unique remote network login function in Windows NT/2K. Its characteristic is that only one connection can be established between two IPS at the same time. （nV6s7f4k

RE u*@！ T Please note that your attempt to connect via IPC$ will leave a record in the event log. Whether you log in successfully or not. g/？ “o【； We have w

2“D，R+t6u； z $s e5mP6@^5v7t

:s # n8【q4rA g

Can I crack the password through IPC$ violence? Sure! But isn't that a little stupid? ...

# P“u ` 9f9 V8 LV，P

xK8X$rAm k{8K*G7q5R

2. When you start Streamer for the first time, you will see the registration screen. Please refer to my first tutorial for specific operation. There are several ways to get through IPC on the home page.

sI）at

M9ly3t p detection has the right to manage. What we need to do here is to get a springboard so that we can detect it with a high hit rate (A: detect q6EkB5_v by testing a bunch of IP).

nLa5Q*pxL

To a weak password).

“S【； hr4】W ）@

9Q$？ 5X4w (Select Probe → Probe POP3/FTP/NT/SQL host option in the main interface, or press Ctrl+R directly.

u ~】` W6C Figure main 1 4H % SmP u3 `-g

7\0v7S7S^ue

+k . h】7 } vr4a * |“b^； XKZ0Lr“_-H

Figure main2 Qmm _ Lh7GV

-XCq2S~ cQ

For example, "miTgi+u"

6N5_Vp！ Y0@ws0r，E 3。 Open the small window above and enter the IP segment we want to crack. Let's have a look. Figure main2: We cancelled "Automatically add FrontPage hosts to the HTTP host list". Because we only want to get the IPC weak password, which can speed up the scanning:) Fill in the IP and choose to scan NT/98 host K3p. GQ p。

. ZA F#w X 4, detection ... (start 1)% _, sn # g；; Q3y` year

! Lingtai? @ G； t0| 1t_D

(Note that if the domestic IP segment of streamer reservation is to be detected, it will be banned, that is, the words "IP reservation" will appear in the information bar during detection) 6RB2ZLN9N'? 3F

Meter (short for meter) KoJ2c

! DNP 6 me； d % C iCBt）HVS！ BM）v

6e(JmneR 5, this is the scanning list of NT/98 hosts: (jg1) 9Ydr9V @ c e.g.

4z zC 1Kn9GOP？

1sa _W Om9l

U0x？ ^2G5j University

6. Common passwords are not scanned: (

2“r‘I‘ka & amp； n； o 6k Gori“y T }-T $ J

LQ）K:F

7. Don't check the report: ...&; e2N（Ki，t \ & ampWM@FO

} z‘p-S % yYu4W

WU9g。 _w/S5A

\:kr _ 8 _ 7gA）A8。 There are many NT/98 machines, and IPC$ detection officially begins: IPC$ host-detection-detection of all IPC$ users list. $ P8E】3 \ 9B K2pg

AP #【（N W5P4Y

% n）T H9 qo & amp； 【k“U3y P Xe

）g2tm“l-”a . s8n } 9。 Please pay attention to the settings of the following two dialogs: Select All, we only need the weak password of IPC$ administrator. Then click Options.

Y i:~C{DP Nzy _x3wxL

（C0M4X W@vO

“mx-？ Qz]% n4z10, click "Options": In order to speed up the scanning of weak passwords, we can cancel them all here, such as the following options. If the other party prohibits listing users, I think it is very unlikely for a network administrator to have a weak password. t 1 @+Z \ q _‘xbU

3U+n）l 1？ 1ZHE0E

】* \ 9k 5 { 4o 2 { 3a l8 _ W

-~K+d6^]%w mg x 1_fw【

1 1, detection ...

L|9Wl/`9i！ w

iX5 ~ o5y“E C+@/l8f # OxW:@ Q

FL？ Hong kong /vQ

12, password:) vh3tv/zll, p

XM； { Z r+L3 { ~“k

y 1pg 2x l z:P l（f6y 2【2 vsy； k，】

13, the window to view the report appears again, have a look:)

# Hello, I'm good @, @Tf x

@^%z0v(t【| 9m-`】x-p（q # o，I

C8E【，F W

14, we have the management password of the remote host, and the rest is to find a way to control it. Is there any good way? :) There are plenty! Look at the tools yourself -I:h0 {(agco 5 o

H.j+f！ x； IIS remote command under Fp8o menu:) Is it very simple? I'll talk about this later. Let's practice network command first today.

} 6Pb \+u W # C % V % ` * @ $ m * u“pH & amp； P

15 Black him!

w2K # Cu“e }

@ 2】* w5d。 Y+V' D8bb opens a dos prompt and executes the following command. An example of this use is as follows.

1v‘kepx 4a-r

) z9N, s5hb-AaH_ 1, net use file://opposeip/IPC $ "password"/user: "user name" || Establish a remote connection.

6 sbdd 1z3l p # T（o _ p5ve+PSqC

2. Copy icmd.exe files://The other party's ip/admin$ || admin$ $ is the other party's winnt directory:) There are many files here.

*Q 1T*l，E“K % _/E

-Pr:z%mOn/L 3, network time file://IP of the other party IP/ || View the local time of the other party.

{7J{ H.|:f！ oy Q\M

r g； Yi x+to1j&; _ 4.at file://IP of the other party/name of the startup program || Use the at command to start the program periodically. Here, we can use soon instead of 3/4 steps.

luw UB @）L2 ~ fy S0 @ LZ

5.telnet another ip port ||1q&; LR 1Z3W/h }

{ K9x J4s-U（K % C-_ * C

6. Enter pass (if you don't use icmd.exe or set a password) ||

8Hv3k？ ）um 1o @ ~ `【QF @ G ~ % gZ8jF

7. Open a window and continue to copy what we use. Copy sock.exe, copy ntlm.exe, copy cl.exe and copy clear.exe1p "? +X 1LN$K~4k

za 1\5E【:？ :j5f

Figure cmd 1

-MRgW，~F/cx

Q \ & ampVh |, P # o & ampn8N/R` l%RB

9O2i，ZZ ~/~，b kA%c4f-h！ V Q graph cmd2

Netherlands #I\*s E V

ui HR“C % X

; l； \ # ~ A-g】）_ $ o

z（G； IiC If we really want to hack him, we just need to overwrite our homepage file with the target homepage. We can determine each other's homepage through DIR/S default.htm or DIR/S index.htm, usually at X:\interpub\wwwroot\.

%\YUsC5z2th2w j2WwPs*C:@

If the homepage file is default.htm and located in c:\interpub\wwwroot, it will look like this: copy default.htm \ \ IP \ c $ \ interpub \ wwwroot n {* {] 4w0f4w # m.

_s8c8P\B K

The following figure shows T2 ~ 5l: I' v, j.

. Tyler. h）XGK _-fn 7。 In fact, black people are very low-level and boring: (,we'd better have everything and use it as a springboard, so that we can work more conveniently in the future:) /S.S, _? ^"L-y

F & ampd(HL) executes the ntlm.exe we copied in the past and cancels the calibration. Leave yourself a back door, such as upgrading the privileges of guests, or other back door tools. If there are many such things, you choose. Look at a bunch of killer copybooks:)

Gk，Q @ X“n \ m us E

} \ w (Company A

Y 1aU j9t ^/n[7K

6Z `！ q！ Dx-W\ 8。 Playing as a SOCK5 agent is good for QQ: CQ &；; Q `k+h8m

1g 1 } lX（F

Execute our copy of sock -install, net start skserver and see the effect when it is used on QQ:)

1C。 P7F6？ "My!

【7D & ampn & ampl|@

*b wh？ } 1O/SW

0s(r2G:K9 _ A \ kB/iw) Didn't you see the above steps clearly? \ $ u 1Ll】qJ，\ Q（e

1QG2S/zq4_0DK wN The following are all my commands after telnet:)

M）M k |。 Z $me*bZRZr

0c0Zw8X7}I

$ pf g 1.a9, can you do anything else? yLP4s # w“\ 5i 4 |

/}2}H6h！ JC/| o； A

Of course, as long as you have time and are willing to do it, I used to secretly put my homepage on someone else's server, which was fast and unlimited, hehe:)

A & ampb！ W2`My^#v

5Lj} O`qG 10, log cleared, disconnected: db # vaf ~ w f.

“x）Op（r【` 9D

Execute our copy. Cl.exe and clear.exe were able to clear logs in the past, such as Clear All: Clear All Logs. Then disconnect: net use file://ip/ipc$ /delete.

FNwL3v

4J $ LX‘xztp is a necessary step, especially on some controversial websites or domestic websites, unless you want to report XXX area on TV, and I am brave enough to be arrested by Interpol as a retarded hacker. rki h8g V（V

$ F & amptj+\W6f

Please give me some wrong suggestions. ,f^#B#yg3u J#q

& ampu； Y/q~3hN A~ As long as you are studying, everyone will encounter difficulties. I have many questions, too. I have to ask Xiao Rong and Yi Jian for advice. Welcome to communicate more:)

Cigarettes 2007-5-28 65438

Streamer course 3

I finally finished writing the article about IPC$, and the damn Internet cafe was full of noisy voices: (,you may not think that I finished the IPC$ test in the Internet cafe, and that Internet cafe also has the network monitor of the public security department. This thing is very interesting. It seems to be called by VXD and integrated with IE runtime. If one day you have to study it, maybe a unique Trojan horse will come out:) PY{ S+Fy! heave ho

%J@2J！ QlVW7uA

I wonder if you want to beat me up after reading the previous tutorial. . . .

zv‘y； w，\！ Modem-sharing unit

R7dr8gLWpd communication and learning are the most important. Whether we are in a high position or a low position, we should keep a clear head. jN； d|C c%|】

\ # O“o7Nd

+er [x`v`r] Today, I'm going to write about the SQL detection of streamer. By the way, ipc$ Appendix and other testing methods.

Yes \~*F3~

Hmm. Purpose and task: 1Z%CUh! V:@ wo DZ

/】a E）Z4G #】。 e

1. Get the administrative authority of nt host through streamer SQL detection. dU/【-d9JI‘k

2. Learn about SQL detection.

^q$f5f·k·o； D qJ 3, IPC$ appendix and others …

$n j6n$V yl II。 Testing process? 8gzw）

F7AJG @: [1,you have to have a streamer, needless to say:) rchf &；; O4w|C

New york |f\X

What is SQL:

2? ek \+Z0G“E \； f“noy 0？ x+F^]6~ H9r

SQL: A database developed by Microsoft, which is specially used for Microsoft's operating system. Its function is similar to Mysql under Linux. God ... who is similar to who? have time

7K $ e . k Jbp（wi 4p w6 S9 pu 8 e/C * H

Look at the online manual of SQL, it is very clear.

& ampW8A4of）？ ) you

? Network protocols supported by c3QW@. K#Dh@*Ll SQL service program: Nl*`yf?

. G0y）？ F, R$`rH named pipe: there is a danger of being intercepted by sniffer when using NT SMB port for communication.

YB5I7`ME E9v4D

-If}ru \ IP Sockets: By default, the port 1433 is open, which can be detected by the scanner and there is a danger that the data will be intercepted by the sniffer.

:b3L{~-S Xl6}E！ 】2c o3C】

Multi-protocol: the client needs to support NT RPCs and data encryption. 4T7f3e？ { 1`【a

JJq（S:o9 ` \，nk

NWLink: The data is in danger of being intercepted by the sniffer. 5{/AhH3_F jv*LM

%^3qxm8h:\qz w！ y！ m

Apple talk(ADSP): The data is in danger of being intercepted by sniffer V "T3N" EDZX.

7y3r KD UkGZW@ Banyan Vines: There is danger that data will be intercepted by sniffers: TK6Z7Rz; W~

Bkh{3_/y9k7D p

On the Internet, more than 95% of SQL Server use IP Sockets protocol, and streamer detection is the default port of 1433.

; MA‘VXI jn . l“V7E

（【Z8u】b【 1N】l【xjf

Vi' go'} df eq.j 2, we want to obtain the administrative authority of SQL host, so we also use the method of high hit rate to detect (test a bunch of IP to obtain weak passwords).

Hertz W2VB "PQ

. ~8U6@/\？ H:{ The detection of fixed hosts is waiting for my next tutorial:) WUTp! ~-M:K

s）xzh LZ

Select probe → probe POP3/FTP/NT/SQL host in the main interface, or press Ctrl+R directly. ~ F）_ 2mc 1J！ _2k3o T%@

Graph master g; S:]_4M$^

）【MQp j

V_0@sF~

$ yX0tZTX‘l（u（b

i0i）q2cu 2 iv/ul

3. Open the small window below and enter the IP segment we want to crack. Let's have a look. (Note that if you want to detect the domestic IP segment reserved by streamer, it will be banned, that is, "address reservation information" will appear in the information bar during detection)

IO~/qo|p4\ Graph input prompt

@，l6S/mi6p ,S4^XK-rb

W7i}tF，？ ` H B j 1jWF:~ |； Market Value (market value)

% {】-Y； ` (wr-[cn4, being tested. ...

5hB-u.aXGA Xb

bm！ HL】-Kn | 1F5B 5。 Got the password:) Figure psss1→ 3&; i*xett-^ wy+d:n（q

`，te `# p ` yc2EJ * i7x % | Qu‘e

Soup: v 9

ee+x-va； w】F

6ur 8p）crk 5 \ 7？

aH0cgLClEGp9I

* {（S & amp； hN:n

2h】6i3xj4v | ip#^/h】my-I g7z

6. Let's get permission from the administrator in the next part. 4b。 RQK4L

Connect the host to the SQL client, but SQL is not installed: (a d-i9mc 30! oZ 1g

R`s AB$u@A

Open the menu tool → MSSQL tool → SQL remote command to view:) f8jz]/j

Graphic tool

q^%g{$H|8p6~

d ~ fE/Yj‘hyy G4k # X，br（h

+sjL t+N】j graph sqlcmd 7 `； ^3d4kd&； Wt\4ir2a

@ 0 | # Zh * I `“U

2^M*O8rLD

zL$n*Gl 4nsB*l+？ X

7. Obtain management authority and increase the back door.

Standard+exmd &; 6R^。 HtkOe g

5x % G7L _ z； LM A

Roy? 2b:sy

8HNh#wk.f

0f-} 8s（Z % Q gO

{9Rhd aD 8, now we are administrators:)

3l "em1g (for example? （y.M tn

In the past, we used at commands to run programs remotely. Today, by the way, streamer comes with its own "grower". Look at tools → nt/iis tools → grower. Let's use it to remotely start the back door of icmd. xW9{5d lp

4o@7Fi。 O5Mt{

Figure lookcrop 5q l.c.nM6k

& ampH V } g.e } _ O

oS8D‘l & amp； L

l e9g 1a ~（wy

Graphic clipping &; V8XMu }\0t%_Sd

{j qEC#？ Letter of credit/draft

)\$_; K，u-K

h（p 1e）G； A7E diagram cropend d' vhg6 @ yu

m * XX6A $ B N fe3A9u % B】Sk

-VLFBb*N Log in in one minute to see:

2 @‘zrwib . z b9f】V4V/Ys“q # gr2H

-L-e）L，m yQG 1？ c

@ x3A ）} U $ I % k 1mA

. y，EMOF

6 qnc 4 w6 RS‘t

7O2l（X； TT； bQp

9. Let's talk about tools → mode file settings → ipc simple setup file.

0T:s(_)^CdaQt

3}.Yu yvi)g8N graphic mode u k/d &；; bcw‘e4m

da \【j； ^2m

8eQI H3er！ \$R

QJ/ dutch trust fundc

# v（HkA % {，I9E

@ I/v5v ` u & amp； O Other items in Tools are similar to the two mentioned above, so I won't say much.

:AL A“sF）g \ H2K

8 { 7e（z【（0j‘）zF v

# Rn3O $ {】& amp； K "H9VNR10, log clearing, disconnection, please refer to IPC detection, and remember that you can use grower to execute commands remotely.

Q】d % H Q of 5b ot-m MFN m8a # Cv3A

! Oso. LF|

Appendix about IPC$: After writing the last article about testing with IPC$, I think I hardly said anything:) T)Rlz * v # @ gC.

B8n2, y} "UI1`1,although we only detected the weak password of the administrator (admin), in fact, no user password will miss the attempt in the real attack, because we have already obtained it.

Michael o # P0m, EAJ! aF C5k！ qh9CH

With the permission of ordinary users, the authority can be improved. In fact, in the * *nix attack, the permissions of ordinary users are very important. lCkc）W @ m

MN0f:GT%x

2. After obtaining the password, there are various ways to attack, so don't limit yourself to my routine.

XJWu+Q |/U5B/Ffco

3. What if the other party doesn't have XXX? For such questions, you can go and see the streamer FAQ I compiled before. v！ D+RH z K

k； t {“S（a？ space

About other probes:

o）}，m 1】u a 1J

】6H {0^7C$？ You play 3389? lxk 8【l8F

Dc？ ~' # MQ/C3L Lake

First of all, the terminal is a function provided by WIN2K, so we should select "NT/98" host when scanning, and customize the terminal after obtaining the host list.

4】vE0 ~ b/o CY

6j: xhwy {an "qu port scans port 3389 of these hosts, and then ...

The seventh edition. O4CM/】NZ 8l3m-J9x‘？ *B

Play Cisco router? y‘} L4【x-}:Qt

& amp| 7l5x \； Nm, think about what to do for yourself. If I understand, I won't have to look at my later tutorial:)

4? `【wxXB“o/} ~ y！ GGM X } \（H:|‘`

1 _ h（r5b“v 1E3ht】% j

G6rk xe-u, got it? I mean to use streamer flexibly:)