Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200610771
HistoryJul 29, 2006 - 12:00 a.m.

Serv-U get the administrator password new trick-vulnerability warning-the black bar safety net

2006-07-2900:00:00
佚名
www.myhack58.com
8
JSON

Sometimes we get the WebShell is very pleased with the Serv-U local privilege escalation vulnerability to achieve complete control of broiler purposes, but will always go wrong. We at WebShell input of a command is generally like this:
D:\WEB\su.exe “net user 1 1 /add”
Many cases can not be successful, will generally return the following information:
<2 2 0 Serv-U FTP Server v6. 0 for WinSock ready…
>USER LocalAdministrator
<3 3 1 User name okay, need password.
>PASS #l@$ak#. lk;0@P
<5 3 0 Not logged in.
Such a situation is because the administrator modify the default Serv-U the administrator account or a password, cannot login nature cannot elevate permissions. Encountered such a situation estimated many friends will flinch? In fact, we have continued to use Serv-U elevation of Privilege.
Interested friends can be used in the UE or WinHex, etc. in hex editor open the Serv-U management program: ServUAdmin.exe carefully the words you’ll find inside is actually stored with the administrator account and password, that’s how to get this account and password? There are three methods:
The first is to change the password didn’t change accounts. 我们 可以 直接 用 UE 打开 ServUAdmin.exe search the account name“LocalAdministrator”, tight with the account behind a string that is the password. Generally this format: LocalAdministrator. password. Globl…that Which Password we need the password.
The second method is to change the account didn’t change the password. This happens rarely, most people believe that are not so modified? We only need to search for the password on the line above.
The third method is generic, 直接打开同版本的两个ServUAdmin.exe in there the default password of ServUAdmin. exe to find the password stored in the address directly to the target machine on the ServUAdmin. exe to query the address will be able to find the password and account.
Get a password if the server supports PHP, you can use wofeiwo the Serv-U local privilege escalation PHP script to achieve privilege escalation, because the inside of the account and password can be modified; or directly use the smelly beggar Serv-U local privilege generator to generate the required program, and then use the UE to modify.
I believe this method after the announcement, the network will have a batch server down, I hope everyone in moderation.

JSON