110,534
社区成员
发帖
与我相关
我的任务
分享如何获取所有登录到服务器上的远程登录账号
问题描述:
黑客猖獗,利用服务器漏洞创建远程登陆账号登陆,我想写个服务,定时获取登陆上来的远程账户
黑客猖獗,利用服务器漏洞创建远程登陆账号登陆,我想写个服务,定时获取登陆上来的远程账户
...全文
请发表友善的回复…
发表回复
江门拓胜科技 2008-03-21
- 打赏
- 举报
AppDomain domain = Thread.GetDomain();
domain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
不错》。
domain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
不错》。
whereboys 2008-03-21
- 打赏
- 举报
mark
anticlimax 2008-03-21
- 打赏
- 举报
通过找资料得出可以用Windows NT Session 来搞定,参考文章
http://www.cnblogs.com/suiyingjie/archive/2007/11/06/951206.html
关键函数LsaEnumerateLogonSessions,由于本人学VB的,遂继续寻找,找到
http://www.tech-archive.net/Archive/VB/microsoft.public.vb.winapi/2004-03/0598.html
代码
Option Explicit
Option Compare Binary
Option Base 0
Private Enum LogonTypes
ltInteractive = 2
ltNetwork
ltBatch
ltService
ltProxy
ltUnlock
End Enum
Private Type LSA_UNICODE_STRING
Length As Integer
MaximumLength As Integer
Buffer As Long
End Type
Private Type SECURITY_LOGON_SESSION_DATA
Size As Long
LogonId As Currency
UserName As LSA_UNICODE_STRING
LogonDomain As LSA_UNICODE_STRING
AuthenticationPackage As LSA_UNICODE_STRING
LogonType As LogonTypes
Session As Long
Sid As Long
LogonTime As Currency
LogonServer As LSA_UNICODE_STRING
DnsDomainName As LSA_UNICODE_STRING
Upn As LSA_UNICODE_STRING
End Type
Private Declare Function LsaFreeReturnBuffer Lib "secur32.dll" _
(ByVal BuffPtr As Long) As Long
Private Declare Function LsaEnumerateLogonSessions Lib "secur32.dll" _
(ByRef LogonSessionCount As Long, ByRef LogonSessionList As Long) As Long
Private Declare Function LsaGetLogonSessionData Lib "secur32.dll" _
(ByRef LogonId As Currency, ByRef ppLogonSessionData As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(ByRef dst As Any, ByRef src As Any, ByVal nbytes As Long)
Private Sub Main()
Dim lResult As Long
Dim lCount As Long
Dim lSessionList As Long
Dim lSessions() As Currency
Dim lData As Long ' address of pointer
Dim uData As SECURITY_LOGON_SESSION_DATA
Dim s As Long
lResult = LsaEnumerateLogonSessions(lCount, lSessionList)
If lResult = 0 Then
If lCount > 0 Then
ReDim lSessions(1 To lCount)
CopyMemory lSessions(1), ByVal lSessionList, lCount * 8
For s = 1 To lCount
lResult = LsaGetLogonSessionData(lSessions(s), lData)
If lResult = 0 Then
CopyMemory uData, ByVal lData, LenB(uData)
Debug.Print uData.LogonType,
GetLSAString(uData.AuthenticationPackage), _
GetLSAString(uData.LogonDomain) & "\" &
GetLSAString(uData.UserName)
lResult = LsaFreeReturnBuffer(lData)
Else
Debug.Print "Unable to get session " & s & ":" & lResult & "," &
Err.LastDllError
End If
Next
End If
lResult = LsaFreeReturnBuffer(lSessionList)
Else
Debug.Print "Unable to enumerate sessions:" & lResult & "," &
Err.LastDllError
End If
End Sub
Private Function GetLSAString(ByRef LSAString As LSA_UNICODE_STRING)
Dim b() As Byte
If LSAString.Length > 0 Then
ReDim b(1 To LSAString.Length)
CopyMemory b(1), ByVal LSAString.Buffer, LSAString.Length
GetLSAString = b
End If
End Function
LogonType有以下几个
Interactive = 2, // Interactively logged on (locally or remotely)
Network = 3, // Accessing system via network
Batch = 4, // Started via a batch queue
Service = 5, // Service started by service controller
Proxy = 6, // Proxy logon
Unlock = 7 // Unlock workstation
我们监控Interactive=2的就可以了
思路很明确,写个服务,定时检测logontype=2的,发现了,立即运行个可以发手机短信的网址(比如sms.powereasy.net),给自己发个短信就行了。
http://www.cnblogs.com/suiyingjie/archive/2007/11/06/951206.html
关键函数LsaEnumerateLogonSessions,由于本人学VB的,遂继续寻找,找到
http://www.tech-archive.net/Archive/VB/microsoft.public.vb.winapi/2004-03/0598.html
代码
Option Explicit
Option Compare Binary
Option Base 0
Private Enum LogonTypes
ltInteractive = 2
ltNetwork
ltBatch
ltService
ltProxy
ltUnlock
End Enum
Private Type LSA_UNICODE_STRING
Length As Integer
MaximumLength As Integer
Buffer As Long
End Type
Private Type SECURITY_LOGON_SESSION_DATA
Size As Long
LogonId As Currency
UserName As LSA_UNICODE_STRING
LogonDomain As LSA_UNICODE_STRING
AuthenticationPackage As LSA_UNICODE_STRING
LogonType As LogonTypes
Session As Long
Sid As Long
LogonTime As Currency
LogonServer As LSA_UNICODE_STRING
DnsDomainName As LSA_UNICODE_STRING
Upn As LSA_UNICODE_STRING
End Type
Private Declare Function LsaFreeReturnBuffer Lib "secur32.dll" _
(ByVal BuffPtr As Long) As Long
Private Declare Function LsaEnumerateLogonSessions Lib "secur32.dll" _
(ByRef LogonSessionCount As Long, ByRef LogonSessionList As Long) As Long
Private Declare Function LsaGetLogonSessionData Lib "secur32.dll" _
(ByRef LogonId As Currency, ByRef ppLogonSessionData As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(ByRef dst As Any, ByRef src As Any, ByVal nbytes As Long)
Private Sub Main()
Dim lResult As Long
Dim lCount As Long
Dim lSessionList As Long
Dim lSessions() As Currency
Dim lData As Long ' address of pointer
Dim uData As SECURITY_LOGON_SESSION_DATA
Dim s As Long
lResult = LsaEnumerateLogonSessions(lCount, lSessionList)
If lResult = 0 Then
If lCount > 0 Then
ReDim lSessions(1 To lCount)
CopyMemory lSessions(1), ByVal lSessionList, lCount * 8
For s = 1 To lCount
lResult = LsaGetLogonSessionData(lSessions(s), lData)
If lResult = 0 Then
CopyMemory uData, ByVal lData, LenB(uData)
Debug.Print uData.LogonType,
GetLSAString(uData.AuthenticationPackage), _
GetLSAString(uData.LogonDomain) & "\" &
GetLSAString(uData.UserName)
lResult = LsaFreeReturnBuffer(lData)
Else
Debug.Print "Unable to get session " & s & ":" & lResult & "," &
Err.LastDllError
End If
Next
End If
lResult = LsaFreeReturnBuffer(lSessionList)
Else
Debug.Print "Unable to enumerate sessions:" & lResult & "," &
Err.LastDllError
End If
End Sub
Private Function GetLSAString(ByRef LSAString As LSA_UNICODE_STRING)
Dim b() As Byte
If LSAString.Length > 0 Then
ReDim b(1 To LSAString.Length)
CopyMemory b(1), ByVal LSAString.Buffer, LSAString.Length
GetLSAString = b
End If
End Function
LogonType有以下几个
Interactive = 2, // Interactively logged on (locally or remotely)
Network = 3, // Accessing system via network
Batch = 4, // Started via a batch queue
Service = 5, // Service started by service controller
Proxy = 6, // Proxy logon
Unlock = 7 // Unlock workstation
我们监控Interactive=2的就可以了
思路很明确,写个服务,定时检测logontype=2的,发现了,立即运行个可以发手机短信的网址(比如sms.powereasy.net),给自己发个短信就行了。
lanye_purple 2008-03-20
- 打赏
- 举报
幫頂
tangwood 2008-03-20
- 打赏
- 举报
现在黑客猖狂啊
cch1010 2008-03-20
- 打赏
- 举报
谢谢,帮顶!
anticlimax 2008-03-20
- 打赏
- 举报
好,如果成功了,我会贴上来,我想我能成
HarleyTung 2008-03-20
- 打赏
- 举报
成功了告诉我声。呵呵
marey_marey111 2008-03-20
- 打赏
- 举报
AppDomain domain = Thread.GetDomain();
domain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
bool User = Principal.IsInRole(WindowsBuiltInRole.User);
if(User)
{
MessageBox.Show("普通用户");
}
else
{
MessageBox.Show("不是普通用户");
}
domain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
bool User = Principal.IsInRole(WindowsBuiltInRole.User);
if(User)
{
MessageBox.Show("普通用户");
}
else
{
MessageBox.Show("不是普通用户");
}
奔跑的蜗牛007 2008-03-20
- 打赏
- 举报
用WMI技术,可以获取服务器上所有的服务及数据,这方面我用得的少,见过别人做过的系统,WMI比较好研究,关键是微软针对WMI提供的那名WIN32的名称,你需要到微软站点上去查哪一个是关于远程帐号的.
dayizhixiaotutu 2008-03-20
- 打赏
- 举报
帮顶
panzi667 2008-03-20
- 打赏
- 举报
也想知道,帮你顶起
