Many of the master privilege elevation techniques-vulnerability warning-the black bar safety net

ID MYHACK58:62200922278
Type myhack58
Reporter 佚名
Modified 2009-02-23T00:00:00


When we get a webshell when next you want to do is elevate privileges

Personal summary as follows:

1: C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere see if you can jump to this directory, if the line that is the best, and directly under it the CIF file, get the pcAnywhere password, login

  1. C:\WINNT\system32\config into here it's the SAM, crack the user's password

c:\winnt\repaire the following is the backup

With to crack sam password the software with LC, SAMinside

  1. C:\Documents and Settings\All Users\Start Menu\Programs seen here can jump No, we're from here, you can get a lot of useful information

You can see a lot of shortcuts, we generally choose Serv-U, then the local view the properties, know the path, see if you can jump

Once inside, if the permission to modify the ServUDaemon. ini, add a user up, the password is empty



HomeDir=c:TimeOut=6 0 0






This user has the highest permissions, and then we can ftp up the quote site exec xxx to elevate permissions

  1. c:\winnt\system32\inetsrv\data is the directory, the same is erveryone full control, we have to do is put an elevated tool upload go up, and then perform the

  2. See if you can jump to the following directory

c:\php with phpspy

c:\prel sometimes is not necessarily the directory(the same can by download a shortcut to see the properties of the know)with cgi webshell

!/ usr/bin/perl


syswrite(STDOUT, "Content-type: text/html\r\n\r\n", 2 7);