Rimwe zuva sabhuku anobvunza kuti: βNei vamwe vanhu vachikwanisa kuwana kombiyuta yebasa vari kure kure, vasina kuwana dzimwe mvumo dzokushandisa?β
Basa rinomuka kuti "vhare" loophole.
Kune akawanda maapplication eremote control pane network: Chrome iri kure desktop, AmmyAdmin, LiteManager, TeamViewer, Anyplace Control, nezvimwe. kubva kunetiweki uye vashandisi "vanogeda mazino avo" neimwe nzira kana imwe "penya" nemaadmins, zvino inofarirwa nevazhinji kuti ushandise wega - AnyDesk ichiri kuda kutariswa zvakanyanya, kunyanya kana mukuru akati "Kwete!"
Kana iwe uchiziva kuti chii chinovharira network packet nezviri mukati uye iwe unogutsikana nazvo, saka zvimwe zvese
kwete chinangwa zvako.
Kuedza kubva kune zvakapesana, chaizvoizvo inotaura izvo zvinofanirwa kubvumidzwa kuti chirongwa chishande; saizvozvo, iyo DNS rekodhi yakavharwa *.net.anydesk.com. Asi AnyDesk haisi nyore; haina basa nekuvhara zita rezita.
Pane imwe nguva, ndakagadzirisa dambudziko rekuvharira "Anyplace Control", iyo yakauya kwatiri neimwe software isina chokwadi, uye yakagadziriswa nekuvharira maIPs mashoma (ini ndakatsigira antivirus). Dambudziko neAnyDesk, mushure mekunge ndaunganidza nemakero anopfuura gumi nemaviri IP, akandikurudzira ibva kumabasa emaoko enguva dzose.
Zvakaonekwa zvakare kuti mu "C:ProgramDataAnyDesk" kune akati wandei mafaera ane zvigadziriso, nezvimwe, uye mufaira ad_svc.trace Zviitiko pamusoro pekubatanidza uye kukundikana zvinounganidzwa.
1. Kucherechedza
Sezvatotaurwa, kuvharira *.anydesk.com hakuna kupa chero mhedzisiro mukushanda kwechirongwa, zvakasarudzwa kuongorora. maitiro epurogiramu mumamiriro ezvinhu anonetsa. TCPView kubva Sysinternals mumaoko ako uye enda!
1.1. Zvinogona kuonekwa kuti maitiro akawanda ekufarira kwatiri ari "kurembera", uye chete iyo inotaurirana nekero kubva kunze ndiyo inofadza kwatiri. Zviteshi kwainobatanidza zvinosarudzwa, kubva pane zvandakaona: 80, 443, 6568. π Isu hatigoni kuvhara 80 uye 443.
1.2. Mushure mekuvhara kero kuburikidza ne router, imwe kero inosarudzwa chinyararire.
1.3. Iyo console ndeyedu ZVESE! Isu tinoona iyo PID uye ndakazoita rombo rakanaka kuti AnyDesk yakaiswa nebasa, saka PID yataitsvaga ndiyo yega.
1.4. Isu tinosarudza iyo IP kero ye server sevhisi kubva pane iyo PID maitiro.
2. Kugadzirira
Sezvo chirongwa chekuzivisa IP kero chingangoshanda paPC yangu, ini handina zvirambidzo pakureruka uye usimbe, saka C #.
2.1. Nzira dzese dzekuziva iyo IP kero inodiwa dzave kutozivikanwa, inoramba ichiitwa.
string pid1_;//ΡΠ·Π½Π°Π΅ΠΌ PID ΡΠ΅ΡΠ²ΠΈΡΠ° AnyDesk
using (var p = new Process())
{p.StartInfo.FileName = "cmd.exe";
p.StartInfo.Arguments = " /c "tasklist.exe /fi "imagename eq AnyDesk.exe" /NH /FO CsV | findstr "Services""";
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.CreateNoWindow = true;
p.StartInfo.StandardOutputEncoding = Encoding.GetEncoding("CP866");
p.Start();
string output = p.StandardOutput.ReadToEnd();
string[] pid1 = output.Split(',');//ΠΏΠ΅ΡΠ΅Π²ΠΎΠ΄ΠΈΠΌ ΠΎΡΠ²Π΅Ρ Π² ΠΌΠ°ΡΡΠΈΠ²
pid1_ = pid1[1].Replace(""", "");//Π±Π΅ΡΠ΅ΠΌ 2ΠΉ ΡΠ»Π΅ΠΌΠ΅Π½Ρ Π±Π΅Π· ΠΊΠ°Π²ΡΡΠ΅ΠΊ
}Saizvozvo, isu tinowana iyo sevhisi yakasimbisa kubatana, ini ndinopa chete mutsara mukuru
p.StartInfo.Arguments = "/c " netstat -n -o | findstr /I " + pid1_ + " | findstr "ESTABLISHED""";Mhedzisiro yacho ichave:
Kubva pamutsara, zvakafanana kune danho rekare, bvisa iyo 3rd column uye bvisa zvese mushure me ":". Nekuda kweizvozvo, isu tine yedu yatinoda IP.
2.2. IP blocking muWindows. Kana Linux iine Blackhole uye iptables, saka nzira yekuvharisa IP kero mumutsara mumwe, pasina kushandisa firewall, muWindows yakave isina kujairika,
asi rudzi rwemidziyo yaivepo...
route add Π½Π°Ρ_Π½Π°ΠΉΠ΄Π΅Π½Π½ΡΠΉ_IP_Π°Π΄ΡΠ΅Ρ mask 255.255.255.255 10.113.113.113 if 1 -pKey parameter"kana 1" tumira nzira kuLoopback (Unogona kuratidza nzvimbo dziripo nekumhanya kudhinda nzira). UYE ZVINOKOSHA! Zvino chirongwa chinoda kutangwa nekodzero dzemutungamiri, sezvo kuchinja nzira kunoda kukwirira.
2.3. Kuratidza nekuchengetedza kero dzeIP dzakaonekwa ibasa diki uye haridi tsananguro. Kana iwe uchifunga nezvazvo, unogona kugadzirisa faira ad_svc.trace CheroDesk pachayo, asi ini handina kumbofunga nezvazvo ipapo + pamwe pane inogumira pairi.
2.4. Hunhu hunoshamisa husina kuenzana hwechirongwa ndehwekuti kana "taskkilling" iyo sevhisi maitiro mukati Windows 10, inotangazve otomatiki, muWindows 8 inopera, ichisiya chete nzira yekoni uye pasina kubatanidza, kazhinji hazvina musoro uye izvi hazvina kunaka.
Kubvisa maitiro akabatana nevhavha inobvumira iwe "kumanikidza" kubatana zvakare kune inotevera kero. Inoitwa nenzira imwechete semirairo yapfuura, saka ini ndinongopa:
p.StartInfo.Arguments = "/c taskkill /PID " + pid1_ + " /F";Uyezve, tanga iyo AnyDesk chirongwa.
//Π·Π°ΠΏΡΡΠΊΠ°Π΅ΠΌ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΡ ΠΊΠΎΡΠΎΡΠ°Ρ ΡΠ°ΡΠΏΠΎΠ»ΠΎΠΆΠ΅Π½Π° ΠΏΠΎ ΠΏΡΡΠΈ path_pro
if (File.Exists(path_pro)){
Process p1 = Process.Start(path_pro);}2.5. Tichatarisa chimiro cheAnyDesk kamwe paminiti (kana kakawanda?), Uye kana yakabatana, i.e. kubatana KWAKASISWA - vhara iyi IP, uye zvakare zvakare zvakare - mirira kusvika yabatana, vhara uye mirira.
3. Kurwisa
Iyo kodhi yaive "yakadhirowewa" uye yakasarudzwa kufungidzira maitiro "+" ratidza yakawanikwa uye yakavharwa IP, uye "."- dzokorora cheki pasina kubudirira kubatana kwemuvakidzani kubva kune AnyDesk.
β
Semagumoβ¦
Purogiramu yakashanda pamakombiyuta akawanda ane Windows OS yakasiyana, ine shanduro dzeAnyDesk 5 uye 6. Kupfuura 500 iterations, anenge 80 kero dzakaunganidzwa. Kune 2500 - 87 uye zvichingodaro ...
Nekufamba kwenguva, nhamba yeIPs yakavharwa yakasvika 100+.
Batanidza kune yekupedzisira text file nemakero: ΠΈ
Zvaitwa! Dziva remakero eIP rakawedzerwa kumitemo yeiyo main router kuburikidza ne script uye AnyDesk haingogone kugadzira yekunze kubatana.
Pane imwe pfungwa inoshamisa, kubva pamatanda ekutanga zviri pachena kuti kero inobatanidzwa mukuendeswa kwemashoko boot-01.net.anydesk.com. Ehe, isu takavhara ese * .net.anydesk.com mauto semutemo wakajairika, asi handicho chinhu chinoshamisa. Nguva imwe neimwe ine yakajairika ping kubva kumakomputa akasiyana, iri zita rezita rinopa yakasiyana IP. Kutarisa paLinux:
host boot-01.net.anydesk.com
seDNSLookup vanopa kero imwe chete yeIP, asi kero iyi inosiyana. Kana tichiongorora kubatana kweTCPView, tinodzoserwa PTR zvinyorwa zve IP kero yerudzi relay-*.net.anydesk.com.
Theoretically: sezvo ping dzimwe nguva inoenda kune isingazivikanwe isina kuvharwa muenzi boot-01.net.anydesk.com tinogona kuwana ips idzi todzivharira, ita kuti kuita uku kuve chinyorwa chenguva dzose pasi peLinux OS, pano hapana chikonzero chekuisa AnyDesk. Ongororo yakaratidza kuti maIPs aya kazhinji "intersect"neaya akawanikwa kubva pane yedu runyorwa. Zvichida ingori iyi inomiririra iyo chirongwa ichi chinobatanidza isati yatanga "kugadzirisa" inozivikanwa IPs. Ini pamwe ndichawedzera chinyorwa nechikamu chechipiri chekutsvaga kwevaenzi, kunyangwe panguva ino purogiramu pachayo haina kuisa mukati me network yekunze inojoinha zvakazara.
Ndinovimba hapana chawaona zvisiri pamutemo pane zviri pamusoro, uye vagadziri veAnyDesk vanobata zviito zvangu nenzira yemitambo.
Source: www.habr.com