Một số SIDcó thể có dạng như sau : S-1-5-21-1507001333-1204550764-1011284298-500 Một SID bao giờ cũng bắt đầu với chữ S và các thành phần của nó được ngăn cách nhau bởi dấu trừ ( Hyphens ). Số đầu tiên là số duyệt ( Revision number ) - ỏ ví dụ trên nó là 1 Số thứ hai là là nói về HDH - ví dụ số 5 luôn luôn là của Windows2000. Tiếp theo là 4 nhóm chữ sô và cuối cùng là RID ( relative Identìier ). Chà ta quan tâm đến RID một tý nào. Nếu một SID mà có RID là 500c => Đó là Amin của máy cục bộ RID là 501 => guest. Nếu ở trong Domain thì RID luôn bắt đầu từ 1000 khi tạo ra User đầu tiên => khi ta nhìn thấy RID =1015 => hệ thống có 14 User đựoc tao ra trong hệ thống. OK => đến đây ta lại quay lại bài NetBIOS hacking và cách phòng chống. Hầu hết các User đều cho rằng khi Disable netBIOS over TCP/IP ( Bấm vào My Network Places chọn Local Area Connetion, chọn TCP/ IP sau đó bấm vào propperties chọn Advandce, chọn WINS và bấm vào Disable NetBIOS over TCP/IP) là đã chặn đựơc cách thâm nhập vào máy qua NetBIOS. Thực ra việc thiết lập này chỉ chặn trên cổng 139. Khác với NT4, Windows2000 còn chạy một SMB lắng nghe trên cổng 445. Cổng này vẫn còn Active cho dù NetBIOS over TCP / IP đã đựoc Disable Phần Windows SMB cho Cllient từ sau version NT4 SP 6a sẽ tự động chuyển lên cổng 445 nếu như cố gắng kết nối trên cổng 139 => Ta có thể thiết lập một kết nối gọi là " null sesion" tới máy của victim net use \\192,168.203.33\IPC$ "" /u:"" <= thiết lập một kết nối với anonymous user (/u) và pass rỗng (""). Nếu thành công ta cũng có thể sử dụng Net view để xem các tài nguyên được chia sẻ trên máy victim => Để chống lại ta có thể can thiệp vào Registry : HKLM\system\CurrentControlSet\Control\LSA\RestrictAnonymous Bấm đúp vào key RestrictAnonymous ở panel bên phải và nhập vào trong khung Value 2 RestrictAnonymous có 3 giá trị: 0 Đây là gía trị mặc định của nó khi cài Winddows 1 Không cho phép tìm hiểu các thông tin của SAM 2 Không cho phép truy nhập Ở đây bạn phải lưu ý rằng nêu bạn để RestrictAnonymous với giá trị là 1 thì vẫn có thể dung một số Tool như user2sid/sid2user hay UserInfor hoặc UserDump để lấy được thông tin về user và truy nhập vào máy bạn được. Tác giả: PhuongDong Proxy Server là gì? Một proxy server là 1 máy trung gian giữa máy tính của bạn và các tài nguyên Internet bạn đang truy cập. Dữ liệu bạn yêu cầu đến Proxy trước, sau đó mới truyền đến máy tính của bạn. What is an anonymous proxy server? Anonymous proxy servers hide your IP address and thereby prevent your from unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they don't even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. What types of public proxy servers exist? 1. Transparent - HTTP proxy server reveals all. Usable only for transfer speed improvement. 2. Anonymous - HTTP proxy server doesn't send any variables with your real IP to host, but it sends variables indicating that you are using proxy. 3. High Anonymity - HTTP proxy server doesn't send ANY variables indicating that you are using proxy server to host. Why should I use proxy servers? 1. Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called 'cache'. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. 2. Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it. 3. Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server. What is a public proxy server? It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous. What is a pay proxy server? Anonymizer - a pay proxy server with plenty of features. Effective for personal use, when your Internet activities are not involved in very active surfing, web site development, mass form submitting, etc. In short, Anonymizer is the best solution for most of Internet users. Ultimate protection of privacy - nobody can find out where you are engaged in surfing. Blocks all methods of tracking. URL Encryption protects you from your own ISP. Web Based - does not require any program installation or a configuration on your computer. What is a pay proxy checker? ProxyLists.Net - a pay database of free public proxies. Solution for pros. A place where a huge list of proxy servers has been compiled. It uses the latest algorithms for collection and sorting of proxy servers, checking them for anonymity, SSL- based access and other properties. What is SOCKS? SOCKS is a networking proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP-reachability. SOCKS is often used as a network firewall, redirecting connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes requests, establishes a proxy connection, and relays data between hosts. There are two major versions of SOCKS: SOCKSv4 and SOCKSv5. Is it legal to surf through open proxies? As far as we can tell, the answer is yes. The primary argument against open proxies is that their owners may not have intended for them to be used by the public. However, by running a service on a machine accessible to the public, without restricting access to that service, the machine's administrator is implicitly consenting for that service to be used by the public. A proxy server is just like a web server, an FTP server, or any other net service: if it's running and accepting connections, it's fair game. The internet is a public network. With regard to US law in particular, 18 USC 1030 (which covers computer-related fraud and theft) applies only when the user has knowingly accessed a computer without authorization or has knowingly exceeded his authorized access on that computer. Because an open HTTP proxy, by default, allows connections and use of the service by anyone in the world, the proxy's administrator has essentially "authorized" everyone to use the service. There's no intentional bypassing of security taking place. Just as you don't need Google's express written permission to connect to google.com, you don't need a proxy admin's express written permission to use his open proxy server. Are there dangerous proxies? Yes. First, there are servers of goverment organisations (FBI, CIA, NASA etc.) and organizations working close with federal/state and corporate law enforcement. Second, there are hackers. And don't believe those proxy checkers (even pay ones) telling you "we filter all dangerous proxies". It's impossible. Nobody can tell you if that proxy you are using is monitored or not. Question: What should I do if the access to some web-sites is restricted for me (by my provider, administrators etc)? Answer: Use a proxy server ! Its principle of operation allows you to surf on many sites you have been forbidden. Certainly, the provider can find out, that you are using proxy and also restrict access to this proxy server. However there are many free proxies servers on the Internet, and you can easily take another proxy, and continue to travel on the sites closed for you. But there is already the corporate proxy server in my company ! In this case you can use: 1)anonymizers (CGI proxy) 2)a chain of proxy servers Question: I want to scan for some IRC proxy - How? Answer: Download IRC proxy checker: (check under proxy tools) Import last proxy list, define IRC server and time and scan for working proxies. And remember that you must try to find proxies on other ports than : 23 , 1080 (socks) ,80 - 81 ,3128 , 8080 ,8081. Because almost all IRC server scan now for proxy with ports above. Question: The program is not able to work with proxy. What should I do ? Answer: Making a program to use a proxy server depends on the type of proxy. For SOCKS proxy you?ll need SocksCap (check under proxy tools). It will socksificate any program i.e. redirect all requests to the socks proxy. For HTTP it?s necessary for the proxy server to support HTTPS protocol. Install a local SOCKS proxy server and using Socks2HTTP redirect all requests to it on HTTP proxy. Question: What is proxy chaining? Answer: A Proxy chaining is merely connecting to more than one proxy and then to your intended destination. You can use as many proxy servers as you can or want. The more you have, the more anonymous you will be. . connections, it's fair game. The internet is a public network. With regard to US law in particular, 18 USC 1030 (which covers computer-related fraud and theft) applies only when the user. organizations working close with federal/state and corporate law enforcement. Second, there are hackers. And don't believe those proxy checkers (even pay ones) telling you "we filter