The detection of a account on the default permissions of the directory is writable for the script-vulnerability warning-the black bar safety net

2005-10-06T00:00:00
ID MYHACK58:6220053610
Type myhack58
Reporter 佚名
Modified 2005-10-06T00:00:00

Description

Author: invincible most lonely[E. S. T] source: evil octal China in the web after the invasion,often be looking for a writable directory to upload the webshell or other things,this is a critical issue. Most of the administrators to some system directory, do the permissions to change settings,but there are very few administrators on all directories change permissions of(good trouble of the work,at least I'm not). So how to determine an account's default permissions to which directories can actually write permissions? Black Virus the brother in the article is estimated to be manually attempt? In fact,when we installed a system after a system disk under each folder has default permissions. Then how to detect which account for these folder have what permission? We can try to be in the system tray under each directory are written to a file,and if successful will illustrate this account in the default permissions have on a directory the write permission. Hand try time-consuming,with the following script we can easily achieve: this is a batch file,written in a simple point. The content is as follows: Code: @Echo find writable diretory by invincible most lonely@EST @Echo Now search the root directiory is %1 @echo off for /D %%i IN (%1\.) do echo aaa > %%i\superlone.txt for /D %%j IN (%1\.) do if EXIST %%j\superlone.txt echo %%j is writable for /D %%k IN (%1\.) do if EXIST %%k\superlone.txt del %%k\superlone.txt [Ctrl+A Select All] very simple code ,put it in storage. bat or. cmd is the suffix of the batch file,then operate as follows: 1. Suppose you want to test the guest account on the c:\winnt directory under all subdirectories whether you have write permission. First, use the runas command in a guest account identity to start a cmd. Command as follows: runas /profile /user:guest cmd 2. In this cmd window to find your saved the above contents of the batch file(I here is scanwrite. cmd),then this input: scanwrite. cmd c:\winnt the output results are as follows: C:\>scanwrite. cmd c:\winnt find writable diretory by invincible most lonely@EST Now search the root directiory is c:\winnt access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. Access is denied. c:\winnt\Tasks is writable c:\winnt\Tasks\superlone.txt access is denied. See? There is a c:\winnt\Tasks for the guest account that is writable. Is not very simple? The province a lot of trouble. So if you want to test the web account put the guest into the IUSR * account ,also be found. It's that simple,a small skill. Hoping for some help a friend. +++++++++++++++++++++++++++ +Welcome To EvilOctal Super Center+ +++++++++++++++++++++++++++ >>>Please Enter your authentication ID: <<<superlone >>>Please Enter your access code: <<<* >>>IDENTIFICATION Accepted! <<<info about superlone >>>Top Secret! You need level 5 <<<level 5 >>>Enter level 5 encrption code: <<<**** >>>Personal infomation about superlone++++++++++++++++++++++++++++++++ Nickname:invincible most lonely[-273℃] Email :superlone@qq.com site : http://superlone.126.com Group:Eviloctal Team[EST]