The reproduction of social engineering-vulnerability warning-the black bar safety net

ID MYHACK58:62200713572
Type myhack58
Reporter 佚名
Modified 2007-01-03T00:00:00


Article author: withered Ling rose[N. C. P. H] Information source: evil octal information security to

This is my osmosis in the process of a real experience,I would have thought after two days of time to get to the master server,the Master Station program on the Master Station server on a virtual machine,running a linux system,need to enter the root user name and password,but the root user name and password are not found,what should I do?

A ranking is very high in Taiwan site,there are many sub-stations,me a one of the sub-query,in a sub-scanning web directories and folders the time to get a admin. txt document,which records the sub-station of the distribution corresponding to the inner network ip. With outstation of the details don't have so much trouble go to google on the turn. The information collected is the infiltration process is a very important part. In a stor. xxx. com. tw sub-Station,registration of a user,in the user inside a search box,enter ddd'storm wrong,open nbsi,with the ssl pre-load,is a db permissions of the injection point,give a word to the horse's webshell,which is a breakthrough.

But the mention of the right to be a problem,because this sub-Station is only open 8 0 port and 3 3 8 9 port and a mssql database,but the calls are not sa permissions of the account number,guess for a long time also did not guess,the permissions are also set very strict,website directory does not have modify and edit permissions. Backup out of the word horse written not on Damascus,but the d disc management personnel is stored in some commonly used software,with write permissions,and only through the word Horse the download function to download the file to this above. In this case I think the mention of the right the probability is very small,because the server has no other services,plus I personally have never had 0day like killer tool.

I made a chm of the Trojans,and was with the pigeons,chm mA good,as long as the opening is one hundred percent in. Then the chm Trojan uploaded to the space,with the word Horse the download function will download it to the target machine d on the disc. I am not sure the administrators will run it,but it is not exe file,if the name is made good,the administrator has also opened it's possible,even if it is not opened on the server,in the Administrator's personal computer on open. So my name made a long-----help me help me help me help me. chm

I just habitually do this step,then continue to detect the other of the sub-Station point.......

A few days later,the pigeons on the up a meat machine,I even forgot this meat machine which is the server administrator,because I put a couple of chm horse on different websites,it is only up to a station server,also lucky. As shown in Figure: Figure 1 ! The Dove above the meat machine is a server,the following is the administrator of the machine,points to a bit set. From the figure we see,there is a"flashxp"folder,I generally have to get used to the meat machine on this folder, drag over,and then in the site management inside out,with asterisks viewer,find out the password,then the information collected analysis. Figure 2 ! As shown in Figure,from the inside I get a lot of useful information,but also further understanding to this machine is the administrator engage in the development of a machine,is windows2003 system,ftp he used a very habitual password:0956079xxx,I re-took it 3 3 8 9,tried adminisotrator/0956079xxx for login,login failure,and then use this password to log in it previously that sub-station 3 3 8 9,nor,it seems he used the password with the system password is not a password,then it's the system password may not be possible with remote 3 3 8 9 the same password? This flashxp there are a lot of races with this password,also get a lot of the sub-station of the webshell,but that is not the Main Station,scanning a bit of the main station,only opened 8 0 port,strange. So I added a user,log in to the administrator of the machine. Direct boarding without a Board,so it is forwarded out. The administrator of the machine and to give a very important information,as shown in Figure: Figure 3 ! It seems that administrators often log in 3 3 8 9,in the terminal management inside the Save user name and password,but carefully, we can find the machine name followed by is password,is actually the administrator will put the password written on the machine name back. However, there are still three server the password is wrong. Here I hurry to the administrator of the machine the hash got down,with the meat machine to open from the lc5 run up. The next day,the administrator password has ran out,well,not very complex. The password is:5901xx Use this password to login to the sub-Station server,it has two domains,the password of the domain there is no master server,so I use dove looked under the administrator desktop,an administrator is not the time,and use this password to log in to the administrator of the machine,because inside the terminal to save the password to the administrator account before you can log in directly. Forwarded over,with the administrator/5901xx log in to the administrator machine. In the terminal directly connected to the Master Station Server. But depressed is the master server and no master,and only open a virtual machine installed linux,ran the four systems,respectively, within the network ip is 1 9 2. 1 6 8. 1 2 4. 15-18,the virtual machine is in the logout status,also need a root password before they can enter,the previously obtained password and tried again still no go. Does he have another important password? The Administrator's desktop there is a putty,it seems that administrators use ssh to manage the master file. Now on the Administrator's machine on the climb over,time not waiting. First do some work,remember it's internal network ip. And then the Master Station Server hash got down,kind of a rebound the Trojans,left a port multiplexing of the back door. It took another two days,the Master Station Server hash ran out,I decided to use the sub-Station server within network in the master server to explore what happens. In the rally the Trojans on to view a bit of the Host server within the network ip,on the sub-station 3 3 8 9 login to the master server. I see a little Trojan of keyboard record log,got one of the most important password,it seems the main station has a game,really makes me surprised. Figure 4 ! The use of this rimmon the user's password,I successfully used the putty boarded theweb server,web serveris a linux,as shown in Figure: (Shown:from the sub-stations 3 3 8 9 log on to the master server 1 9 2. 1 6 8. 1 2 4. 2 1,then at the main station on the server with putty log on the virtual machine) Figure 5 ! Next, in putty using this user name and password to login to write the word horse.

Use putty to connect ssh command character following operations:

vi help.php the establishment of help. php file and open the Edit window/or editing help. php file Open the vi editor, enter i, invoke insert mode Finished editing press esc to exit edit, enter a colon at the colon prompt, enter wq(save and exit),or enter q! (Force quit) Use the vi editor built to help. php and write the word horse.

cat help.php 查看 help.php the content, look at the word mA is written.

ls-l to view the directory permissions

Edited home

Change the permissions chmod 7 7 7 index.php

Use the vi editor to modify

who view administrator is online

exit putty

Before I get to the server,when I face the other Station mounted on the virtual when I have vast project,talk to them to discuss,say no way,but I believe the administrator can go in and I will be able to get in.

The original give yourself a little self-confidence,problem solved.