IE also do accomplices: with the IE browser control want black on black-and-vulnerability warning-the black bar safety net

ID MYHACK58:62200611231
Type myhack58
Reporter 佚名
Modified 2006-08-23T00:00:00


Heard of dove gray, glaciers, etc. can achieve remote control, but you've heard that IE also can be achieved? Nice, one based on IE fresh tool--rmtSvc&vIDC can make Microsoft's IE to become a super hacker accomplices. Herein, in addition to for you to show rmtSvc&vIDC is based on how IE remote control in broilers, in how the“assassination”of antivirus software, attack ideas on strong guidance.

If I asked you what IE can do? Your answer is absolutely not complete! IE not only can browse the web. If I then tell you that IE can also be used to remote control, remote transmission, process management, proxy services, and even remote open Telnet, FTP services, etc? You must feel incredible right, with rmtSvc&vIDC, that everything is possible!

A, IE want black on black

The simple point that, the rmtSvc is a FTP, Telnet Service, Proxy service, and vIDC service of remote control tools. The user can use this tool easily to a remote computer for control. This tool and other remote control tools, it uses B/S structure without installation, the user can through the browser for remote control, our slogan is: IE, want to black on black! on.

Below, the author to the invasion of the control instance for everyone were introduced rmtSvc common function of the use of methods and techniques. Unzip the downloaded compressed package, first Don't let rmtSvc. exe in the target machine row is not added to the housing program will be antivirus software killing, the author first tells everyone how to the source program plus the shell so as to avoid killing it or you don't have to play-_-|on. Run the software, enter the“Options”menu, and tick the“retain extra data”, then“open file”, select the source program rmtSvc. exe will be automatically compressed.

Special note: compressed rmtSvc. exe not antivirus Avira, and the file size will be reduced by nearly 5 0 per cent after Duba 6-enhanced edition, the KV2005, Norton 2 0 0 5 testing,if you want to further enhance concealment, please refer to the 2 0 0 4 year 5 stage 0 G9 edition of the wolf in sheep's clothing--will Radmin transformed into a Trojan horse for a text description of the“super bundle”software using the method. Trojan horse of deception to send this article will not be further discussed.

Second, the armed rmtSvc “assassination”antivirus

1. Open the browser and enter http://IPort where the IP of the controlled machine's IP address, the port is rmtSvc the service port, the default is 7 7 7 8 in. After a successful connection will be seen as shown in Figure 1 The Welcome login screen, enter the access password, which by default is 1 2 3 4 5 6 it may be rmtSvc the support of the operation if it has, together with msnlib. dll and webe directory are sent to each other, then rmtSvc get more out of using MSN for remote control and HTTP file management functionality.

2. Welcome to the login screen on the top of the rmtSvc the system menu, from left to right function as follows: Pview (process view, the Spy++remote control management, Proxy(start or stop rmtSvc the proxy service, the vIDC is set vIDCs access rights, the logoff(cancellation of the rmtSvc login, the Option configured rmtSvc operating parameters, and About(rmtsvc welcome/login screen in.

3. The first sign you need to go rmtSvc the parameter settings to change the sensitive information in Figure 2, so as to guarantee their security. First in the“Modify Password”to modify rmtSvc access password, and then in the“Service Port”to change the rmtSvc service port for any one of the 4 bits is not a commonly used port(need to restart service to take effect, the recommendations provided for the high-end port. And then the“Start of the Control, Stolen mode”is selected, so that rmtSvc automatically installed as a Windows service random start and services for the hidden attribute, which means that the next time you start, you can continue to control the target machine.

4. Next in the“Start mode”option, set the rmtSvc run automatically after start the FTP and Telnet services, in addition Proxy, the vIDCs mapping, etc. Through FTP you can easily upload files download. Then the“Auto install service”and“Forbid detaching Dll”selection, so each time the program runs, it automatically detects rmtSvc service is installed, if not installed it is automatically installed as a service, the equivalent of the self-repair function, and the release of a DLL file may modify the file name, 默认为inject.dll,this is to prevent the automatic release is not added to shell DLL is antivirus Avira, the user can choose not to release the DLL. The manual will be added to the housing after the DLL is copied in to the controlled machine's system directory, in the release DLL the name of the place to fill your packers after the DLL name. Master pass through: the rmtSvc release the DLL has the following usefulness: the hidden process, simulate“Ctrl+Alt+Del”button, to display the Password box password, the monitoring rmtSvc running situation. If exit abnormally or are killed it will restart automatically, the configuration parameters are written to the rmtSvc the program itself is strongly recommended.

  1. Next in the“Killed the Program”, set rmtSvc monitor and auto-kill the process name,as there are multiple processes, each name separated by commas. For example, enter: PFW.exe,KAVSvc. exe you can put Duba and Skynet firewall off.

  2. All the settings are correct, click on“Save”to save the current configuration in the pop-up dialog box, enter the reg, the configuration parameters are written to the registry. The input of the self is that the configuration parameters are written to the EXE file itself, if you fill out the other it will generate the appropriate file name. exe the copy and the configuration parameters are written to this EXE copy. For example: 输入c:\abc.exe will be in c disk root directory generated under the one abc. exe copy and the configuration parameters are written to this copy.

  3. Then rmtSvc service will restart the run.

Master pass through the: the hidden mode Can the configuration parameters are written into the EXE itself, if not save, each time in rmtSvc normal exit when the configuration parameters are written into the EXE itself.

  1. Again using the new password after logging in, click on Pview into the“process view”page, here will display three sections of Information: System Information, process/module information, CPU/memory usage information. In the page to the right of the process module to the display area, click a process name to display the process-related module information, click the“Kill It”button, you can kill the process note that the process list does not automatically refresh, the user must manually refresh it. Now you rmtSvc has been armed to the teeth, so what, can be shot.

Third, using the IE control over the addiction

Put out of the way of the security software to“assassination”, then you can take advantage of the other is not when using Spy++remote control and management to remote control of the machine. Of course, before the control we need will be the relevant parameter is set properly so as to get better control effect.

1. In the“Quality”of the display effect select the Good(Good), the“Stretch”settings to capture the image of the zoom ratio of 8 0 percent. Finally, the“Cursor”is selected, so that the capture remote computer screen will be along with the mouse cursor together with the captured, so that the user knows the current mouse cursor position. Set after the click“Set”so that the above three parameters take effect.

2. Next you can try to control. When the Remote Desktop image in the focus state of the mouse in the image area, you can directly tap the keyboard to send key information, and your operation of the local machine. But for the input of a large segment of text which is very inconvenient, because you each key action will, as once the HTTP request is issued, the input speed is very slow.

If you want to input a large section of text can be a mouse select input box, then input you want to send the text, press Enter; if you selected the Crlf checkbox, then after you input the text later will automatically add a carriage return line feed.

3. But in remote computer login, some machines may not have the input box directly enter the login password, only through the analog keyboard to enter the login password. The method is as follows: by mouse clicking directly on the desktop image, the system will automatically recognize your mouse click, double click Key Information. If you press the mouse while pressing the“Shift”,“Alt”or“Ctrl”key, the system can automatically identify.

4. In order to more easily control a Remote Desktop, the Remote Desktop image is set to refresh automatically, so it does not appear to have the action issue and the image does not change the need for manual refresh. The method is as follows, tick the“Auto-refresh”item, on the right enter auto-refresh interval, the default is 500ms.

Master pass through: if you want to know the remote controlled machine in the Password box in the password. You need to use the Password→Text item, in the Password box when this item becomes Text→Password. In this case as long as the left mouse button click on the Remote Desktop image of the password input box, then the remote controlled secret code in the box the password will be translated into the clear text display. If you cancel this function, click on the Text→the Password item, then this item will be changed to the Password→Text. 5. If you want to remotely execute the program, select the Start drop-down list box of the Run key, the input you want to remote execute a file name and parameter, using the method and the Windows Start menu the Run command is consistent.

And so it goes, through the IE can be like the operation of the present machine as the control target machine.

Fourth, the FTP/Telnet not one less

The remote control does not seem to make us feel satisfied, then again to open the other FTP/Telnet service, complete the invasion of addiction.

1. Enter“FTP&Telnet”menu, click FTP/Telnet service next to the“Run”you can start the related services. FTP/Telnet port: set the FTP/Telnet service port, default FTP is 2 1 2 1, Telnet 2 3 2 3 of. Anonymous access: setting up FTP access permissions for a service, whether to allow anonymous access to enable, if not allow you to set the access username and password.

2. In addition, we also want to allow different settings to access the account, each account can specify whether to write/delete/executable, and set a different FTP root directory. In the FTP settings of the text input box of the plurality of access account information, each account information with carriage return delimited, the account information in the following format:

[Account name] SP [password] SP [access] SP [allow access to directory] CRLF

Master pass through: set the PERMISSION Access Permissions, the 0:only read, 1:Write, 3:write and delete 7:you can write you can delete the executable. For example: [cytkk] sp [1 2 3 4 5 6] sp [7] sp [c:] on the establishment of a have administrator privileges, the password is 1 2 3 4 5 6 cytkk account.

3. In this case the FTP account information is only written to the registry saved, not saved to the EXE.

Now you can use FTP tool and Windows built-in Telnet tool to log in and operating, then you want to how to play on how to play it!

This rmtSvc basic functions of the use we have learned, space is limited, it's more of a function is not in this one example, and interested friends can through the Forum and together we explored.