下面是对一个没禁止空连接的系统的信息的分析D:\>info 211.104.116.186Remote System Info Retriever By Meteor(Slackbot)Pinging 211.104.116.186 [211.104.116.186] with 32 bytes of data:Reply from: 211.104.116.186: bytes=32 time=721ms TTL=109Reply from: 211.104.116.186: bytes=32 time=711ms TTL=109Reply from: 211.104.116.186: bytes=32 time=712ms TTL=109Domain Information:---------------------------------------------------------------------Platform: 500Name: WEB-SERVER // 这里显示的是电脑名Version: 5.0 // 看这里,是一台win 2kDomain: ECCOMPANY // 这里显示的是域名---------------------------------------------------------------------Share: Remark: // 共享信息---------------------------------------------------------------------E$Content$nbsp; Default shareIPC$Content$nbsp; Remote IPCD$Content$nbsp; Default shareh_cataloggoalwebADMIN$Content$nbsp; Remote AdminC$Content$nbsp; Default sharecatalog---------------------------------------------------------------------Server Information: // 系统信息---------------------------------------------------------------------This Is A Server //看这里,显示是一台server了Running Terminal Service //看这里,系统运行了终端服务---------------------------------------------------------------------Accounts Information: // 帐户列表---------------------------------------------------------------------Administrator (Admin)Guest (Guest)ILS_ANONYMOUS_USER (Guest)IUSR_CATALOG-SERVER (Guest)IUSR_WEB-SERVER (Guest)IWAM_CATALOG-SERVER (Guest)IWAM_WEB-SERVER (Guest)test (Admin)TsInternetUser (Admin)wwwokok (Admin)---------------------------------------------------------------User Information: // 帐户信息-----------------------------------------------------------------Account Administrator // 帐户名字Full NameComment:Privilege AdministratorNumber Of Logon 70 //登陆次数Bad PW Count 12Logon Server \\*WorkstationsLast logon Sat Oct 12 15:03:04 2002 // 前一次登陆时间User RID 500Pgroup RID 513PassWord Age 246 days, 19:58:42 //密码是246天前设置过的Account EXPires NeverPassword Expired NoMax Storage UnlimitedFlagsAccount Active YesPassword Required YesUser May Change Password Yes-----------------------------------------------------------------User Information: //帐户信息------------------------------------------------------------------Account test // 帐户名字Full Name testComment:Privilege AdministratorNumber Of Logon 5 // 登陆次数Bad PW Count 12Logon Server \\*WorkstationsLast logon Mon Oct 07 04:50:03 2002 // 前一次登陆时间User RID 1009Pgroup RID 513Password Age 12 days, 08:13:14 //密码是12天前设置的Account Expires NeverPassword Expired NoMax Storage UnlimitedFlagsAccount Active YesPassword Required YesUser May Change Password Yes---------------------------------------------------------------User Information:-----------------------------------------------------------------Account TsInternetUserFull Name TsInternetUserComment:Privilege AdministratorNumber Of Logon 0 //从来没登陆进过系统Bad PW Count 12Logon Server \\*WorkstationsLast logon neverUser RID 1002Pgroup RID 513Password Age 0 days, 11:24:29Account Expires NeverPassword Expired NoMax Storage UnlimitedFlagsAccount Active YesPassword Required NoUser May Change Password No----------------------------------------------------------User Information:------------------------------------------------------------Account wwwokokFull NameComment:Privilege AdministratorNumber Of Logon 0 //从来没登陆进过系统Bad PW Count 12Logon Server \\*WorkstationsLast logon neverUser RID 1010Pgroup RID 513Password Age 12 days, 02:08:05Account Expires NeverPassword Expired NoMax Storage UnlimitedFlagsAccount Active YesPassword Required YesUser May Change Password Yes---------------------------------------------------------------------上面的是程序得到的信息这一台系统是在我oicq上一个朋友的,这IP的韩国的,但我知道他是在中国的,所以很肯定他是在那台韩国系统上装了QQ用.从上面的信息我知道那系统只有四个admin组的用户,分别为Administrator,test,Tsinternetuser和wwwokok,从password Age中我可以知道wwwokok和Tsinternetuser这两个用户的密码是今天才被设置过的,因为这两个用户都没有登陆过上系统(从Number Of Logon中可以看到),那我可以肯定我朋友只可能是用Administrator或test这两个帐户登陆终端的.因为他的qq是挂了好几天的了,所以他最大可能是用test那个帐户登陆上去的,因为test前一次登陆时间是10月7号,但Administrator是今天才登陆的(看Last Logon那里)从得到的信息中,我根本不需要入侵到那台系统,就可以大致猜到我朋友是用什么帐户登陆的,在真正的入侵中,得到这些信息还是有用的。例如你已经入侵到那台系统了,但管理员没登陆,Administrator帐户的密码的空的,你当然不敢改Administrator的密码了,不然管理员就进不去了,但如果你通过这类信息看到Administrator这个用户从来都没登陆过上系统,那你就知道管理员是不用这个帐户的,那你就可以放心去改Administrator这个用户的密码。
[1] [2]
(出处:http://www.sheup.com)
[1] [2]