作者:rootkit
时间:2012-12-9 12:26
内容:
cain 嗅探到的 RDP 求解密
一些回复:
DKT 2#
按键动作 <num 3 pressed> <num 3 released> <num 1 released> <num 0 released> <num 3 pressed> <num 2 released> <num 0 released> ip <num 1 pressed> <num 1 released> <num 3 pressed> <num 3 released> <num 8 pressed> <num 8 released> <num del pressed> <num del released> com <enter pressed> <enter released> <ctrl pressed> <ctrl released> <f2 pressed> 1.html <enter pressed> <enter released> <enter pressed> <enter released> <enter pressed> <enter released>
worm 7#
回复 1# rootkit
之前有个女的写了一款软件直接可以拿到明文,但是,工具一直没有发出来,网名好像叫0x24
GgSuper 9#
7楼你说的 是 open 吧
匿名 10#
回复 rootkit
之前有个女的写了一款软件直接可以拿到明文,但是,工具一直没有发出来,网名好像 ...
worm 发表于 2012-12-10 11:07
女的个鸡巴,下面掏出来,比你还大
zczpc2000 13#
ip138.com
楼主睡了吧。
核攻击:
Key pressed client-side: 0x51 - 'num 3' Key pressed client-side: 0x50 - 'num 2' Key pressed client-side: 0x4f - 'num 1' Key released client-side: 0x51 - 'num 3' Key released client-side: 0x4f - 'num 1' Key released client-side: 0x52 - 'num 0' Key pressed client-side: 0x51 - 'num 3' Key pressed client-side: 0x50 - 'num 2' Key released client-side: 0x50 - 'num 2' Key released client-side: 0x52 - 'num 0' Key pressed client-side: 0x17 - 'i' Key pressed client-side: 0x19 - 'p' Key released client-side: 0x17 - 'i' Key released client-side: 0x19 - 'p' Key pressed client-side: 0x4f - 'num 1' Key released client-side: 0x4f - 'num 1' Key pressed client-side: 0x51 - 'num 3' Key released client-side: 0x51 - 'num 3' Key pressed client-side: 0x48 - 'num 8' Key released client-side: 0x48 - 'num 8' Key pressed client-side: 0x53 - 'num del' Key released client-side: 0x53 - 'num del' Key pressed client-side: 0x2e - 'c' Key released client-side: 0x2e - 'c' Key pressed client-side: 0x18 - 'o' Key released client-side: 0x18 - 'o' Key pressed client-side: 0x32 - 'm' Key released client-side: 0x32 - 'm' Key pressed client-side: 0x1c - 'enter' Key released client-side: 0x1c - 'enter' Key pressed client-side: 0x1d - 'ctrl' Key released client-side: 0x2f - 'v' Key released client-side: 0x1d - 'ctrl' Key pressed client-side: 0x3c - 'f2' Key pressed client-side: 0x2 - '1' Key released client-side: 0x2 - '1' Key pressed client-side: 0x34 - '.' Key released client-side: 0x34 - '.' Key pressed client-side: 0x23 - 'h' Key released client-side: 0x23 - 'h' Key pressed client-side: 0x14 - 't' Key released client-side: 0x14 - 't' Key pressed client-side: 0x32 - 'm' Key released client-side: 0x32 - 'm' Key pressed client-side: 0x26 - 'l' Key released client-side: 0x26 - 'l' Key pressed client-side: 0x1c - 'enter' Key released client-side: 0x1c - 'enter' Key pressed client-side: 0x1c - 'enter' Key released client-side: 0x1c - 'enter' Key pressed client-side: 0x1c - 'enter' Key released client-side: 0x1c - 'enter'
这个是三段,而且间隔比较大(通过数据包行数判断),可以肯定这是分三次输入的(而且中间可貌似漏掉几个键,在Arp攻击中漏掉部分数据很常见)。
第一次输入:3210
第二次输入:3210ip138.com
第三次输入:一些功能键 + 1.html
可以推断,此人第一次输入 3210(也可能是321),然后隔了一会儿后,又输入:3210ip138.com(也可是321ip138.com),然后按回车登陆成功,进入系统后,复制了一个文件,然后使用F2将新文件命名为:1.html……
推测密码可能是:
可能一:
账号:默认
密码:
3210ip138.com 320ip138.com 321ip138.com ip138.com3210 ip138.com320 ip138.com321
可能二:
账号:3210 或 320 或 321
密码:ip138.com
相关内容:
嗅探、劫持 3389 端口、远程桌面、rdp 协议的一些经验技巧总结
补充内容:
zczpc2000 18#
回复 16# 核攻击
核JJ你2 了吧。这个嗅探到的不是用户名密码。
是CAIN抓到管理员的输入,
管理在输入ip138.com
然后打了一个IP。CAIN没抓完包,所以这个样子。
核攻击 19#
回复 18# zczpc2000
Good.....
我以为他说的是登录数据,所以认为是账号密码……
好狗血……
留言评论(旧系统):