Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
Simulates the intruder to examine the network attack(2)
  Add date: 07/08/2008   Publishing date: 07/08/2008   Hits: 63
Total 5 pages, Current page:2, Jump to page:
 


A server inspection treating processes

This A server installs the operating system was Advanced 2000 server, on the server installs has the auspicious star 2008 to kill the poisonous software, the viral storehouse already renewed to the newest edition. But has not installed the network firewall and other system surveillance software, the installment ftp server edition is server-u 6.0 (existence overflow attack threat)

A pair of primary data carries on the restoration

Restores some using the Datarecover software the document which deletes, the goal is the hope from the document which deletes is discovered some wooden horses or the back door as well as the virus. Carries on the depth analysis, had done formatting, as well as has deleted in the recycling station file recovery, but it is a pity succeeded the hacker who took this server jurisdiction already to make specialized processing, has carried on the comprehensive cleaning up his some traces, I believe he has used the special diary elimination tool which the Japanese underground hackers organized to develop, passed through me and assistant's joint effort restores the system log to the same year May.

Two manual analysis suspicious documents

Has sethc under this server's c packing table of contents. the .exe document. This document is Microsoft brings, is the system sticks the system key, the real size should be 27kb, but this document is 270kb, at first I thought that is because has the patch the reason. But the process glances through some material and do compared to, only then knew that such document is a new development popular back door, main usage: Through 3389 terminals, then through 5 times raps the shift key, transfers sethc.exe to obtain the system jurisdiction directly directly. Afterward achieves the control entire server, usually he through deletion normal some c plate exe document. Then exe filename which deletes oneself forge Cheng Neige. Creates one kind of false appearance.

Here we provide the solution to be as follows: Suggested personally this function usability is not high, suggested deletes this document directly, if some people use this technique to come to your server to carry on the invasion, that definitely some people attempted to pervert, may the first time discover that the hacker invades the behavior, may also take the evidence collection analysis a mentality; Establishes in inside control panel's auxiliary function cancels sticks the system key.

Third, the use special-purpose firewall inspection tool examines the network connections situation

The goal is through grasps the data packet to discover the question. If opposite party installs has the remote control terminal, he definitely needs to let the preservation carries on the telephone conversation on server's back door and the control terminal, will have a conversation connection. Through firewall's interception function, but seeks for the control the source. Above this has not discovered the existence bounce wooden horse, therefore has not seen the invasion the source.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * Next>>
Prev:Manual injection ASP script study Next:Invades the chinalinux stand technical guidance

Comment:

Category: Home > hacker invade
Home