主动出击盗回密码

主动出击盗回密码 A lot of friends have a QQ number is stolen, which USES "password protected" function to find, after the number stolen QQ COINS in it have also been ransacked, handing over more vicious, will also delete all your friends, and friends will have to leave you forever. Want to fight back? What? Fight back? That's not funny, we are just a rookie, not hackers, we will only look at web pages, chat, don't even know how QQ number is stolen, but also to handing over? Like handing over alleged hackers actually, also just use some ready-made hack tools, as long as we understand the process of the QQ number is stolen, you can make corresponding precautions, even by the turn defence into attack, to the handing over to a fatal blow. The technology of stealing is no longer mysterious Today, continues to update QQ hack software has left, one of the most famous and the most widely circulated, must belong to "pull QQ thieves", currently the vast majority of QQ number stolen events are caused by the software. The software is easy to use as long as you have a mailbox that supports SMTP mail or a page space that supports asp scripts. And the Trojan steal QQ number automatically can be divided into two kinds of beautiful and not beautiful, and send them to different address, which is "ah pull QQ bandit" one of the reasons why so popular. Next, let's take a look at how it works, so that it can find a cure. Choose the theft model Download "ah pull QQ big theft", unzip the following two files: alaqq. Exe, love forever, love nurse QQ. Asp. The alaqq.exe is the "ah la QQ big theft" configuration program, love the eternal, love the babysitter QQ. Asp is the document that needs to be used when using the "website collection" mode. You also need to set its parameters before you can formally use them. "Mail inbox" configuration: running alaqq.exe, the configuration interface for the program. The "transmitting mode choice" option is selected in "mail receiving", in the "mail receiving" fill in the email address (it is recommended to use the default 163. com netease mail). This is an example of the "mail-inbox" pattern, which is based on the mailbox n12345@163.com (password n_12345), and carries out the test below. In addition, you can fill in different email addresses in "inbox" and "inbox" to accept QQ and the QQ number. Then select the SMTP server from your mailbox in the "mail server" drop-down box, smtp.163.com. Finally, fill in the account number, password and full name. Setup has been completed, we can fill in the content of the test is correct, click the "test" button below, program will be a mailbox test state. If the test project is successful, you can complete the mailbox information configuration. "Website receiving" configuration, in addition to select "mail receiving" mode, we can also select "website receiving" mode, to steal the QQ number automatically uploaded to the designated site space. Of course, you need to do some preparation before using it. With FTP software will be eternal love, love the nanny qq. The space of asp upload support asp script, running alaqq. Exe, input in "asp interface address" love, eternal love nanny qq. The asp's URL address, so, when the Trojan horse intercepted qq number information, will retain it in eternal love, love the nanny qq. The asp with qq in the directory. TXT file. Set the trojans additional parameters And then we go to the advanced Settings. "Run" closed after QQ if checked, each other once run "ah pull QQ bandit" generated by the trojans, QQ will automatically shut down after 60 seconds, when the other side again after login QQ, the QQ number and password will be intercepted by a Trojan, handing over and send email or website space. In addition, if you want the Trojan to be used in an Internet cafe environment, you need to check the "restore sprites automatically", so that you can still run the Trojan after the system is up. Except for these two terms, Others remain by default. Steal QQ number information Configure "ah pull QQ big theft", click the "generation Trojan" in the program interface, can produce a Trojan that can steal QQ number. We can disguise the program as a picture, a small game, or a bundle of other software. When someone run after the corresponding files, the Trojan horse will hide into the system, when the system has a QQ login Trojan will begin to work, the relevant number and password interception, and according to the previous Settings, the information sent to the email or web site space. Second, practice the eye of the eye, let the Trojan horse in the system have nowhere to escape Now, we already know the general flow of "ah pull QQ big theft", how can discover "ah pull QQ big theft" from the system? In general, you should be careful if you encounter any of the following situations. ? QQ automatically closes. ? run a program and then itself disappear. When running a program, antivirus software shuts down automatically. The browser is automatically shut down when visiting antivirus software. ? if anti-virus software has an email monitoring feature, the alert box for sending an email is sent. Install a network firewall (such as the skynet firewall) and the warning of NTdhcp.exe to access the network. In the case of one or more of these cases, the system may have infected "ah la QQ theft". Of course, it's not scary to be infected, and we can also remove it from the system. Manually kill the Trojan horse. After discovering that the system was infected with "ah la QQ," we could remove it by hand. "Ah pull QQ bandit" after running in the system directory system32 folder to generate a called NTdhcp. Exe files, and join in the registry of startup Trojan key value, so that each system start to run the Trojan. The first thing we need to do is run the "task manager" and end the Trojan horse "NTdhcp. Then open the resource manager of "folder options", select the "view", to "hide the protected operating system files" option at the front of the box. Then go to the system32 folder in the system directory and delete the NTdhcp.exe file. Finally, enter the registry to remove the NTdhcp.exe key value, which is located in the HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currentversion \ Run. Unload the Trojan horse. Bandit "uninstall" ah pull QQ is very simple, as long as the download "ah pull QQ bandit" configuration program, click the "uninstall program" button after running the Trojan horse can be completely out of the system. Three, to return, to give the thief a fatal blow Spend half a day, and finally the system of "ah pull QQ bandit" wipe out, so, in the face of abominable handing, we should teach him a lesson? Take advantage of the loophole and turn the attack This so-called "attack" is not a direct intrusion into the computer of the thief. It is believed that this "technical life" is not suitable for everyone. This is a lesson to be learned from nearly all of the vulnerabilities that exist in pirated software. So what is this loophole? From analysis of the "ah pull QQ bandit" as you can see, in the configuration section filled out the charge QQ number information mail E-mail account and password, and email account and password are definitely save in the trojans. Therefore, we can find the account number and password of the thief in the Trojan program that is generated. In turn, it was easy to control the mailbox of the thief, so that the thief could not steal the chicken. Tip: above loopholes exist only in the QQ number information in the form of mail way to send trojans, if in the configuration "ah pull QQ thieves" in the process of choose to use a web site to receive the way there are no the vulnerability. 2, network sniffer, reverse snatching number of person mailbox After the Trojan intercepted QQ number and password, the information in the form of an email will be sent to the handing over of the mailbox, we can start from here, in the process of Trojan sending mail network packet interception, handing over the intercepted packets will contain email account and password. We can use some network sniffing software when intercepting packets, which can easily intercept packets and automatically filter out password information. X-is is a command line sniffing tool that is very powerful, especially for detecting the password information in packets. Will download x - sniff unzip to a directory, such as "c: \", then run the "command prompt", in the "command prompt" into the x - sniff directory, and then type the command "xsiff. Exe - pass - hide - log pass. The log" can (command: running in the background - sniff x, and from the packet filtering out the password information, and will be with sniffer to save password information to pass in the directory. The log file). With the sniffing software set up, we can log on to QQ. At this point, the trojans are running, but since we have already run the x-s, the information from the Trojan horse will be intercepted. After a few moments, enter the folder where the x-files are located, open pass.log, and you can see that the x - is successfully sniffed out the account and password of the mailbox. ? sinffer Maybe a lot of friends have a fear of what's going on at the command line, so we can use a graphical sniffer tool for sniffing. For example, a sinffer for novice users. Before running sinffer, we need to install the WinPcap driver, or the sinffer will not run properly. Sinffer operation. First of all we need to sinffer. Exe to specify a card, click on the network icon on the toolbar, choose the network card for their own use in the pop-up window, after "OK" to complete the configuration. To determine the above configuration, click the "start" button in the sinffer toolbar, and the software starts sniffing. Next, we normal landing QQ, if sniffer is successful, will appear in the interface of sinffer packet capture, including mail account password information is clearly listed out. After handing over to get mail account and password, we can use the QQ number delete all information mail, or modify his mailbox password, handing over to a lesson, let's a rookie and justice.