查看: 23436|回复: 62
收起左侧

[教程] (原创)用一条规则干掉所有敲竹杠修改开机密码!

  [复制链接]
lixihong10
发表于 2015-1-19 00:53:34 | 显示全部楼层 |阅读模式
本帖最后由 lixihong10 于 2015-1-19 22:27 编辑

看COMODO区不怎么活跃呀,看我来水一帖就去睡觉


看样本区敲竹杠挺多的,当然用COMODO的不怕敲竹杠咯。
下面用一条规则干掉所有敲竹杠修改开机密码!

在“被保护的对象”—>“受保护的文件” 添加一条如下:

\Device\NamedPipe\samr

即可摆脱敲竹杠的命运







实战一下:









还在担心被敲竹杠的小伙伴们,快来使用COMODO吧

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 4经验 +20 分享 +1 人气 +2 收起 理由
mijel + 1 版区有你更精彩: )
a330391 + 1 感谢提供分享
YSJ + 1 网络的生命在于分享
mxf147 + 20 版区有你更精彩: )

查看全部评分

微笑低语
发表于 2015-1-19 07:41:44 | 显示全部楼层
本帖最后由 微笑低语 于 2015-1-19 07:44 编辑

小白傻傻地问一下,敲竹杠这里指的是什么呀?修改账户类型?
\Device\NamedPipe\samr 是干什么的?谢谢!
YSJ
发表于 2015-1-19 09:21:21 | 显示全部楼层
进来看看情况,学习一下
lixihong10
 楼主| 发表于 2015-1-19 11:18:31 | 显示全部楼层
微笑低语 发表于 2015-1-19 07:41
小白傻傻地问一下,敲竹杠这里指的是什么呀?修改账户类型?
\Device\NamedPipe\samr 是干什么的?谢谢!

修改开机密码那种敲竹杠。
只要修改用户(权限,密码等)都是在这里 \Device\NamedPipe\samr

[mw_shl_code=html,true]4.9.2. samr interface

The samr interface is used to communicate with the SAM (Security Account Manager) subsystem.

Before Windows 2000, the samr interface is only available on the samr named pipe endpoint:


C:\> ifids -p ncacn_np -e \pipe\samr \\.

Interfaces: 4
[...]

  12345778-1234-abcd-ef00-0123456789ac v0.0

[...]

In Active Directory domains (and particularly, Active Directory domain controllers), the samr interface is also available (and used) over a TCP endpoint:

C:\> ifids -p ncacn_ip_tcp -e 1025 127.0.0.1

Interfaces: 12
[...]

  12345778-1234-abcd-ef00-0123456789ac v0.0

[...]

During Active Directory domain joins, the creation of computer accounts is implemented with samr operations called on the TCP endpoint of Active Directory domain controllers.

IDL (Interface Definition Language) for the samr interface is available in Samba 4 [55].

Table 4.16. samr operations

Interface        Operation number        Operation name
12345778-1234-abcd-ef00-0123456789ac v1.0: samr                  
        0x00        SamrConnect
        0x01        SamrCloseHandle
        0x02        SamrSetSecurityObject
        0x03        SamrQuerySecurityObject
        0x04        SamrShutdownSamServer
        0x05        SamrLookupDomainInSamServer
        0x06        SamrEnumerateDomainsInSamServer
        0x07        SamrOpenDomain
        0x08        SamrQueryInformationDomain
        0x09        SamrSetInformationDomain
        0x0a        SamrCreateGroupInDomain
        0x0b        SamrEnumerateGroupsInDomain
        0x0c        SamrCreateUserInDomain
        0x0d        SamrEnumerateUsersInDomain
        0x0e        SamrCreateAliasInDomain
        0x0f        SamrEnumerateAliasesInDomain
        0x10        SamrGetAliasMembership
        0x11        SamrLookupNamesInDomain
        0x12        SamrLookupIdsInDomain
        0x13        SamrOpenGroup
        0x14        SamrQueryInformationGroup
        0x15        SamrSetInformationGroup
        0x16        SamrAddMemberToGroup
        0x17        SamrDeleteGroup
        0x18        SamrRemoveMemberFromGroup
        0x19        SamrGetMembersInGroup
        0x1a        SamrSetMemberAttributesOfGroup
        0x1b        SamrOpenAlias
        0x1c        SamrQueryInformationAlias
        0x1d        SamrSetInformationAlias
        0x1e        SamrDeleteAlias
        0x1f        SamrAddMemberToAlias
        0x20        SamrRemoveMemberFromAlias
        0x21        SamrGetMembersInAlias
        0x22        SamrOpenUser
        0x23        SamrDeleteUser
        0x24        SamrQueryInformationUser
        0x25        SamrSetInformationUser
        0x26        SamrChangePasswordUser
        0x27        SamrGetGroupsForUser
        0x28        SamrQueryDisplayInformation
        0x29        SamrGetDisplayEnumerationIndex
        0x2a        SamrTestPrivateFunctionsDomain
        0x2b        SamrTestPrivateFunctionsUser
        0x2c        SamrGetUserDomainPasswordInformation
> Windows 2000        0x2d        SamrRemoveMemberFromForeignDomain
-        0x2e        SamrQueryInformationDomain2
-        0x2f        SamrQueryInformationUser2
-        0x30        SamrQueryDisplayInformation2
-        0x31        SamrGetDisplayEnumerationIndex2
-        0x32        SamrCreateUser2InDomain
-        0x33        SamrQueryDisplayInformation3
-        0x34        SamrAddMultipleMembersToAlias
-        0x35        SamrRemoveMultipleMembersFromAlias
-        0x36        SamrOemChangePasswordUser2
-        0x37        SamrUnicodeChangePasswordUser2
-        0x38        SamrGetDomainPasswordInformation
-        0x39        SamrConnect2
-        0x3a        SamrSetInformationUser2
-        0x3b        SamrSetBootKeyInformation
-        0x3c        SamrGetBootKeyInformation
-        0x3d        SamrConnect3
-        0x3e        SamrConnect4
-        0x3f        SamrUnicodeChangePasswordUser3
> Windows XP and Windows Server 2003        0x40        SamrConnect5
-        0x41        SamrRidToSid
-        0x42        SamrSetDSRMPassword
-        0x43        SamrValidatePassword
> Windows Vista        0x44        SamrQueryLocalizableAccountsInDomain
-        0x45        SamrPerformGenericOperation
To connect to the SAM server, one of the following operations are used:

SamrConnect (0x00)
SamrConnect2 (0x39)
SamrConnect3 (0x3d)
SamrConnect4 (0x3e)
SamrConnect5 (0x40)
Then, available domains in the SAM server can be enumerated(枚举) using the following operation:

SamrEnumerateDomainsInSamServer (0x06)
The following operation is used to obtain the SID of a domain, given its name:

SamrLookupDomainInSamServer (0x05)
This operation typically returns the BUILTIN domain (S-1-5-32) and the machine domain (local domain for a non-domain controller machine, NT 4 or Active Directory domain for a domain controller machine).

The domain SID can then be used to open a given domain:

SamrOpenDomain (0x07)
General information about the opened domain can be obtained or set with the following operations:

SamrQueryInformationDomain (0x08)
SamrQueryInformationDomain2 (0x2e)
SamrSetInformationDomain (0x09)
Once a domain is opened, it is possible to enumerate groups, aliases and users, using the following operations:

SamrEnumerateGroupsInDomain (0x0b)
SamrEnumerateAliasesInDomain (0x0f)
SamrEnumerateUsersInDomain (0x0d)
RID and names resolution inside an opened domain are implemented by the following operations:

SamrLookupNamesInDomain (0x11)
SamrLookupIdsInDomain (0x12)
Domain password policies can be obtained with the following operations:

SamrGetUserDomainPasswordInformation (0x2c)
SamrGetDomainPasswordInformation (0x38)
To create a new group, alias or user in the opened domain, the following operations can be used:

SamrCreateGroupInDomain (0x0a)
SamrCreateAliasInDomain (0x0e)
SamrCreateUserInDomain (0x0c)
SamrCreateUser2InDomain (0x32)
To open an existing group, alias or user in the opened domain, the following operations exist:

SamrOpenGroup (0x13)
SamrOpenAlias (0x1b)
SamrOpenUser (0x22)
To delete an existing group, alias or user in the opened domain, the following operations exist:

SamrDeleteGroup (0x17)
SamrDeleteAlias (0x1e)
SamrDeleteUser (0x23)
To obtain a list of members in groups or aliases, the following operations can be used:

SamrGetMembersInGroup (0x19)
SamrGetMembersInAlias (0x21)
To add or remove a member to a group or alias, the following operations are available:

SamrAddMemberToGroup (0x16)
SamrAddMemberToAlias (0x1f)
SamrRemoveMemberFromGroup (0x18)
SamrRemoveMemberFromAlias (0x20)
For aliases, it is also possible to add or remove multiple members to or from an alias:

SamrAddMultipleMembersToAlias (0x34)
SamrRemoveMultipleMembersFromAlias (0x35)
To obtain or set information about a given group or alias, the following operations exist:

SamrQueryInformationGroup (0x14)
SamrQueryInformationAlias (0x1c)
SamrSetInformationGroup (0x15)
SamrSetInformationAlias (0x1d)
Similar operations exist for accounts management:

SamrQueryInformationUser (0x24)
SamrQueryInformationUser2 (0x2f)
SamrSetInformationUser (0x25)
SamrSetInformationUser2 (0x3a)
A list of groups containing a given user can be obtained with the following operation:

SamrGetGroupsForUser (0x27)
Finally, handles returned by the following operations are supposed to be closed, using the SamrCloseHandle (0x01) operation:

SamrConnect (0x00)
SamrConnect2 (0x39)
SamrConnect3 (0x3d)
SamrConnect4 (0x3e)
SamrConnect5 (0x40)
SamrOpenDomain (0x07)
SamrOpenGroup (0x13)
SamrOpenAlias (0x1b)
SamrOpenUser (0x22)
SamrCreateUserInDomain (0x0c)
SamrCreateUser2InDomain (0x32)
SamrCreateAliasInDomain (0x0e)
SamrCreateGroupInDomain (0x0a)[/mw_shl_code]
哥舒夜带刀
发表于 2015-1-19 14:33:44 | 显示全部楼层
技术贴要顶
微笑低语
发表于 2015-1-19 14:50:30 | 显示全部楼层
哇赛!好家伙!慢慢啃。
谢谢!
高手啊!你这是哪里看的资料,有中文的吗?
这样的设备还有几个,常看到的,也不知道是些什么,一并请教:
\Device\NamedPipe\ShimViewer
\Device\MountPointManager
\Device\RasAcd
\Device\NamedPipe\lsarpc
资深裸奔菜鸟
发表于 2015-1-19 18:13:09 | 显示全部楼层
撸主是高人!
mxf147
发表于 2015-1-19 18:38:12 | 显示全部楼层
感谢楼主分享
把你的帖子标题改的明确一点吧, 以帮助更多人
捌佰666
发表于 2015-1-19 21:55:49 | 显示全部楼层
谢谢分享。
lixihong10
 楼主| 发表于 2015-1-19 22:13:52 | 显示全部楼层
微笑低语 发表于 2015-1-19 14:50
哇赛!好家伙!慢慢啃。
谢谢!
高手啊!你这是哪里看的资料,有中文的吗?

没有中文的文档。
完整的在这:http://www.hsc.fr/ressources/articles/win_net_srv/index.html
要感谢 @kxmp 网站是他给我的
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 09:59 , Processed in 0.133693 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表