频道栏目
首页 > 安全 > 系统安全 > 正文

简单蜜罐的反击

2004-10-14 22:40:42           
收藏   我要投稿

常在河边走,哪有不湿鞋,本人因为经常和一些黑友打交道,自然遭受过许多入侵,被扫描更是难免。前几天上网时,网速突然暴慢,我关了QQ和所有的网络应用软件后,右下角的网络连接图标还是闪个不停,莫非是被人扫描了?可是我没装防火墙(大家可不要学我),于是我想到了用嗅探器看看,一嗅果然嗅出了名堂,如图1。

此主题相关图片如下:


\

 

看到了吧,从XXX.XXX.XXX.99机的4854端口发送数据包到我机(xxx.xxx.xxx.58)的1433端口,又返回去,这是典型被扫描的症状。我的机子更本没有SQL-SERVER哪来的1433端口?100%是被扫了,拿到IP后,先看看是有没有跟QQ上好友是一样的,看了一下没有,不管这些先用流光判断对方的系统
。对方是NT,那就好半了,先用x-scan扫一下。听了一首歌后发现没有弱口令,开了以下端口:


端口21开放: FTP (Control)

端口139开放: NETBIOS Session Service

端口443开放: HttpS, Secure HTTP

端口445开放: Microsoft-DS

端口3389开放: Windows 2000 remote admin

暴力破解21端口?太耗时间几率也小,139?NETBOIS?没口令一切都是空谈,3389?输入法?大海捞针。
于是我决定来此引狼入室,再来个瓮中捉鳖,其实蜜罐就是这道理。开工喽,首先先打开注册表,把空连接打开(注:把注册表里HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsarestrictanonymous REG_DWORD 0x2 改为0x0, 关闭所有共享,只把3个文件夹的共享打开,第一个文件夹里放置两个文件:Folder.htt,desktop.ini。
如图2
\

folder.htt和desktop.ini的代码如下:
folder.htt的代码:
<!--
* Copyright 1999 Microsoft Corporation. All rights reserved.
-->


<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<style>
body {margin: 0; font: menu; color: black}
#Panel {position: absolute; width: 200px; height: 100%; visibility: hidden; overflow: auto}
#Corner {padding-left: 12px; padding-top: 11px}
#FolderIcon {width: 32px; height: 32px}
#FolderName {margin-top: 8px; font: 14pt/14pt menu; font-weight: bold}
#LogoLine {width: 100%; height: 2px; margin-top: 4px; vertical-align: top}
#Details {padding-left: 12px; margin-top: 8px}
#Locked {vertical-align: baseline}
#Preview {}
.Movie {width: 176px; height: 136px}
.Sound {width: 176px; height: 46px}
.Divider {width: 100%; color: #C0C0C0; height: 1px}
#Thumbnail {width: 120px; height: 120px}
.Legend {margin-left: 8px}
#FileList {position: absolute; width: 0; height: 100%; border: 0px none; }
p {margin-top: 12px}
p.Half {margin-top: 4px}
p.Button {margin-top: 8px}
button {font: 9pt 宋体, MS Song; margin-left: 12px}
.Message {margin: -4px; margin-right: 0; padding: 3px; background: infobackground; color: infotext; border: 1px solid lightgrey}
#CSCPlusMin {width: 17px}
#CSCText {}
#CSCDetail {}
#CSCButton {}
</style>

<s cript language="Javas cript">

// THIS s cript IS COMMON FOR ALL CUSTOM WEB VIEWS

var L_Prompt_Text = "选定项目可以查看其说明。";
var L_Empty_Text = "该文件夹中没有项目可显示。";
var L_Multiple_Text = " 个选定的项目。";
var L_Size_Text = "大小: ";
var L_FileSize_Text = "总计文件大小: ";
var L_Delimiter_Text = ",";
var L_Bytes_Text = " 字节";
var L_Today_Text = "今天";
var L_Yesterday_Text = "昨天";
var L_Preview_Text = "正在生成预览...";
var L_TotalSize_Text = "总计: ";
var L_UsedSpace_Text = "已用空间: ";
var L_FreeSpace_Text = "可用空间: ";
var L_Attributes_Text = "属性";
var L_Codes_Text = "RHSaCE"; // suppress the Archive flag
var L_ReadOnly_Text = "只读";
var L_Hidden_Text = "隐藏";
var L_System_Text = "系统";
var L_Archive_Text = "存档";
var L_Compressed_Text = "压缩";
var L_Encrypted_Text = "加密";
var L_NoAttributes_Text = "(正常)";
var L_SeeAlso_Text = "另请参阅:";
var L_UsedSpaceTitle_Text = "已用空间";
var L_FreeSpaceTitle_Text = "可用空间";
var gAttributeNames = new Array(L_ReadOnly_Text, L_Hidden_Text, L_System_Text, L_Archive_Text, L_Compressed_Text, L_Encrypted_Text);
var gIntroText = "";
var gTimer = 0;
var gDoBlends = false && (navigator.cpuClass != "Alpha" && screen.colorDepth > 8);
var gPlusCold = "<img id=CSCBmp align=middle src=pluscold.gif>";
var gPlusHot = "<img id=CSCBmp align=middle src=plushot.gif>";
var gMinusCold = "<img id=CSCBmp align=middle src=mincold.gif>";
var gMinusHot = "<img id=CSCBmp align=middle src=minhot.gif>";
var gToday;
var gYesterday;
var gFolderPath = "";
var gFoundAuthor = false;

function FormatDetail(label, data) {
var s;
if (label.length + data.length > 32)
s = "<p>" + label + ":<br>" + data;
else
s = "<p>" + label + ": " + data;
return s;
}

function SanatizeString(data) {
var re = /</g;
var s = data.replace( re, "<");
re = />/g;
s = s.replace( re, ">");

return s;
}

function ShowInfo() {
// updates the left info panel when you select icons
var item;
var name;
var data;
var text;
var title;
var size = 0;
var i;

if (gDoBlends) {
Panel.filters.blendTrans.Stop();
Panel.filters.blendTrans.Apply();
}

// kill any preview
Preview.innerHTML = "";
Preview.style.display = "none";
Thumbnail.style.display = "none";

data = FileList.SelectedItems().Count;
if (data == 0)
text = NoneSelected();
else if (data > 1)
text = ManySelected(data);
else {
item = FileList.SelectedItems().Item(0);

// name
name = FileList.Folder.GetDetailsOf(item, 0);
if (!name)
name = item.Name;
text = "<b>" + SanatizeString(name) + "</b>";
if (false && IsFileLocked(FileList.Folder.GetDetailsOf(item, 4)))
text += "  <img id=Locked src=res://webview.dll/Locked.gif>";

// type
data = FileList.Folder.GetDetailsOf(item, 2);
if (data)
text += "<br>" + data;

// date
text += HandleDate(item);

// size
text += HandleSize(item);

// extra details?
gFoundAuthor = false;
for (i = 4; i < 10; i++) {
title = FileList.Folder.GetDetailsOf(null, i);
if (!title)
break;
data = FileList.Folder.GetDetailsOf(item, i);
if (title == L_Attributes_Text)
text += "<p>" + title + ": " + FormatAttributes(data);
else if (data) {
var safeData = SanatizeString(data);
if (title == "Author") {
gFoundAuthor = true;
text += "<p>" + title + ": <a href=mailto:" + safeData + ">" + safeData + "</a>";
} else
text += FormatDetail(title, safeData);
}
}

Info.innerHTML = text

相关TAG标签 蜜罐
上一篇:拒绝不安全因素—斩断伸向ADSL Modem的黑手
下一篇:如何阅读源代码
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站