Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The local area network i
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
System revelation passwo
Has the firewall website
Invades RedHat the Linux
Breaks through Stationma
The RPC crack invades
dcomrpc invasion
Environment variable in
One time attempts IRIX t
The security examines AS
Three minutes do hide th
System revelation password invasion analysis
  Add date: 07/28/2008   Publishing date: 07/28/2008   Hits: 1
Total 2 pages, Current page:1, Jump to page:
 
Windows visits when 139 ports with the current user, the password connection, creates the revelation user password automatically, although its password is the encryption, but may use for equally to attack.

  Below is the SMB password authentication way.

  WINDOWS 139 visit process, arrow expression data direction:

  1. client side <--------------------Establishes the TCP connection-----------------> serves the end

  2. client side-------Client side type, support service mode tabulation and so on----------> serves the end

  3. client side <---------The server authentication way, the encryption use key and so on-----------Service end

  The authentication way is the user level authentication shares the level authentication and the password encryption not, key was the server stochastic production 8 bytes, WIN2000 already supported 16 bytes key.

  4. client side--------------After user name, encryption, password-----------------> serves the end

  WIN9X, WINNT, WIN2000 this has a crack, does not undergo the prompt and so on current user, after the password encryption, sent, caused password divulging. Here encryption is the DES distortion, lockedpass=chgdes(key, pass). Here pass is KEY, key which distorts as DES is distorts as DES treats the enciphered data.

  5. client side <---------------Authenticates successfully otherwise-----------------------Service end

  The WINDOWS client side 4th step has the crack, obviously serves the end to be possible to obtain username and lockedpass=chgdes(key, pass), key may assign freely, because this is serves the side to provide, usname, pass are the client side current visitor user name and the password. Here encryption transforms irreversiblily, but already might use violence the law to explain, also already had such procedure. Sometimes actually we not necessarily must obtain the password definite orders, so long as could provide the connection to need to be possible. We looked that what obtains lockedpass to have to use, our counter-past visited has a look, connections and so on telnet, ftp wanted lockedpass which the password definite orders we obtained not to be able to provide, then we considered that passed on the password scrambled text with the similar encryption algorithm the service? For instance is the NETBIOS sharing service. Front is serves the end to obtain the thing, that present was stands in the client side, looked again front that process, we did not need to provide pass actually obviously, only needed to provide username and lockedpass2=chgdes(key2, pass) may? And key2 is present's service end provides. Has a look at us to have usname and lockedpass=chgdes(key, pass) key we may assign, as soon as everybody looked so long as obviously key=key2 that needs we have had? Therefore we must make key=key2.

  Good we have a look at the connection process carefully again, others connect two steps 1, 2:

  1. client side <--------------------Establishes the TCP connection-----------------> serves the end

 
Other pages: : 1 * 2 * Next>>
Prev:Has the firewall website invasion process Next:The study contains the crack using the document to carry on the website invasion

Comment:

Category: Home > hacker invade
Home