Một số SIDcó thể có dạng như sau :
S-1-5-21-1507001333-1204550764-1011284298-500

Một SID bao giờ cũng bắt đầu với chữ S và các thành phần của nó được ngăn cách
nhau bởi dấu trừ ( Hyphens ). Số đầu tiên là số duyệt ( Revision number ) - ỏ ví dụ
trên nó là 1

Số thứ hai là là nói về HDH - ví dụ số 5 luôn luôn là của Windows2000. Tiếp theo
là 4 nhóm chữ sô và cuối cùng là RID ( relative Identìier ). Chà ta quan tâm đến
RID một tý nào.

Nếu một SID mà có RID là 500c => Đó là Amin của máy cục bộ
RID là 501 => guest.

Nếu ở trong Domain thì RID luôn bắt đầu từ 1000 khi tạo ra User đầu tiên => khi
ta nhìn thấy RID =1015 => hệ thống có 14 User đựoc tao ra trong hệ thống.

OK => đến đây ta lại quay lại bài NetBIOS hacking và cách phòng chống.
Hầu hết các User đều cho rằng khi Disable netBIOS over TCP/IP ( Bấm vào My
Network Places chọn Local Area Connetion, chọn TCP/ IP sau đó bấm vào
propperties chọn Advandce, chọn WINS và bấm vào Disable NetBIOS over
TCP/IP) là đã chặn đựơc cách thâm nhập vào máy qua NetBIOS.

Thực ra việc thiết lập này chỉ chặn trên cổng 139. Khác với NT4, Windows2000
còn chạy một SMB lắng nghe trên cổng 445. Cổng này vẫn còn Active cho dù
NetBIOS over TCP / IP đã đựoc Disable

Phần Windows SMB cho Cllient từ sau version NT4 SP 6a sẽ tự động chuyển lên
cổng 445 nếu như cố gắng kết nối trên cổng 139 =>
Ta có thể thiết lập một kết nối gọi là " null sesion" tới máy của victim

net use \\192,168.203.33\IPC$ "" /u:"" <= thiết lập một kết nối với anonymous
user (/u) và pass rỗng (""). Nếu thành công ta cũng có thể sử dụng Net view để
xem các tài nguyên được chia sẻ trên máy victim

=> Để chống lại ta có thể can thiệp vào Registry :

HKLM\system\CurrentControlSet\Control\LSA\RestrictAnonymous

Bấm đúp vào key RestrictAnonymous ở panel bên phải và nhập vào trong khung
Value 2

RestrictAnonymous có 3 giá trị:
0 Đây là gía trị mặc định của nó khi cài Winddows
1 Không cho phép tìm hiểu các thông tin của SAM
2 Không cho phép truy nhập


Ở đây bạn phải lưu ý rằng nêu bạn để RestrictAnonymous với giá trị là 1 thì vẫn có
thể dung một số Tool như user2sid/sid2user hay UserInfor hoặc UserDump để
lấy được thông tin về user và truy nhập vào máy bạn được.

Tác giả: PhuongDong

Proxy Server là gì?

Một proxy server là 1 máy trung gian giữa máy tính của bạn và các tài nguyên
Internet bạn đang truy cập. Dữ liệu bạn yêu cầu đến Proxy trước, sau đó mới
truyền đến máy tính của bạn.
What is an anonymous proxy server?


Anonymous proxy servers hide your IP address and thereby prevent your from
unauthorized access to your computer through the Internet. They do not provide
anyone with your IP address and effectively hide any information about you and
your reading interests. Besides that, they don't even let anyone know that you are
surfing through a proxy server. Anonymous proxy servers can be used for all kinds
of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat
rooms, FTP archives, etc.

What types of public proxy servers exist?

1. Transparent - HTTP proxy server reveals all. Usable only for transfer speed
improvement.
2. Anonymous - HTTP proxy server doesn't send any variables with your real IP to
host, but it sends variables indicating that you are using proxy.
3. High Anonymity - HTTP proxy server doesn't send ANY variables indicating
that you are using proxy server to host.

Why should I use proxy servers?

1. Transfer speed improvement. Proxy servers accumulate and save files that are
most often requested by thousands of Internet users in a special database, called
'cache'. Therefore, proxy servers are able to increase the speed of your connection
to the Internet. The cache of a proxy server may already contain information you
need by the time of your request, making it possible for the proxy to deliver it
immediately.
2. Security and privacy. Anonymous proxy servers that hide your IP address
thereby saving you from vulnerabilities concerned with it.
3. Sometimes you may encounter problems while accessing to web server when
server administrator restricted access from your IP or even from wide IP range (for
example restricting access from certain countries or geographical regions). So you

try to access those pages using an anonymous proxy server.
What is a public proxy server?

It is a proxy server which is free and open for everybody on the Internet.
Unfortunately most of them are not anonymous.

What is a pay proxy server?

Anonymizer - a pay proxy server with plenty of features. Effective for personal
use, when your Internet activities are not involved in very active surfing, web site
development, mass form submitting, etc. In short, Anonymizer is the best solution
for most of Internet users. Ultimate protection of privacy - nobody can find out
where you are engaged in surfing. Blocks all methods of tracking. URL Encryption
protects you from your own ISP. Web Based - does not require any program
installation or a configuration on your computer.
What is a pay proxy checker?

ProxyLists.Net - a pay database of free public proxies. Solution for pros. A place
where a huge list of proxy servers has been compiled. It uses the latest algorithms
for collection and sorting of proxy servers, checking them for anonymity, SSL-
based access and other properties.

What is SOCKS?

SOCKS is a networking proxy protocol that enables hosts on one side of a SOCKS
server to gain full access to hosts on the other side of the SOCKS server without
requiring direct IP-reachability. SOCKS is often used as a network firewall,
redirecting connection requests from hosts on opposite sides of a SOCKS server.
The SOCKS server authenticates and authorizes requests, establishes a proxy
connection, and relays data between hosts.


There are two major versions of SOCKS:
SOCKSv4 and SOCKSv5.

Is it legal to surf through open proxies?

As far as we can tell, the answer is yes. The primary argument against open proxies
is that their owners may not have intended for them to be used by the public.
However, by running a service on a machine accessible to the public, without
restricting access to that service, the machine's administrator is implicitly
consenting for that service to be used by the public. A proxy server is just like a
web server, an FTP server, or any other net service: if it's running and accepting
connections, it's fair game. The internet is a public network.
With regard to US law in particular, 18 USC 1030 (which covers computer-related
fraud and theft) applies only when the user has knowingly accessed a computer
without authorization or has knowingly exceeded his authorized access on that
computer. Because an open HTTP proxy, by default, allows connections and use of
the service by anyone in the world, the proxy's administrator has essentially
"authorized" everyone to use the service. There's no intentional bypassing of
security taking place. Just as you don't need Google's express written permission to
connect to google.com, you don't need a proxy admin's express written permission
to use his open proxy server.
Are there dangerous proxies?

Yes.
First, there are servers of goverment organisations (FBI, CIA, NASA etc.) and
organizations working close with federal/state and corporate law enforcement.
Second, there are hackers.
And don't believe those proxy checkers (even pay ones) telling you "we filter all
dangerous proxies". It's impossible. Nobody can tell you if that proxy you are

using is monitored or not.

Question:
What should I do if the access to some web-sites is restricted for me (by my
provider, administrators etc)?

Answer:
Use a proxy server ! Its principle of operation allows you to surf on many sites you
have been forbidden. Certainly, the provider can find out, that you are using proxy
and also restrict access to this proxy server. However there are many free proxies
servers on the Internet, and you can easily take another proxy, and continue to
travel on the sites closed for you.

But there is already the corporate proxy server in my company !
In this case you can use: 1)anonymizers (CGI proxy) 2)a chain of proxy servers

Question:
I want to scan for some IRC proxy - How?

Answer:
Download IRC proxy checker: (check under proxy tools) Import last proxy list,
define IRC server and time and scan for working proxies. And remember that you
must try to find proxies on other ports than : 23 , 1080 (socks) ,80 - 81 ,3128 , 8080
,8081. Because almost all IRC server scan now for proxy with ports above.
Question:
The program is not able to work with proxy. What should I do ?

Answer:
Making a program to use a proxy server depends on the type of proxy. For SOCKS
proxy you?ll need SocksCap (check under proxy tools). It will socksificate any

program i.e. redirect all requests to the socks proxy. For HTTP it?s necessary for
the proxy server to support HTTPS protocol. Install a local SOCKS proxy server
and using Socks2HTTP redirect all requests to it on HTTP proxy.
Question:
What is proxy chaining?

Answer:
A Proxy chaining is merely connecting to more than one proxy and then to your
intended destination. You can use as many proxy servers as you can or want. The
more you have, the more anonymous you will be.