Recently, you must have a lot of broilers :) Some people are too busy, everyone's method is just the use of the back door of the ASP script. As for the issue of promoting the power, few people can do one breath. The key is to do a problem on the improvement permissions, and many of the server settings are very bt, your ASP Troja may not be used, but also the improvement there. We get WebShell is the authority of a low-level user. Various improved permissions method is to be described as five flowers. How to improve your own tricks.
First, if there is a PCANYWHERE server installed on the server, the administrator has given us convenient to facilitate management, and the Documents and Settings / All Users / Application Data / Symantec / Pcanywhere / Symantec / Pcanywhere / Symantec / PcAnywhere crack Use the PCANywhere connection to OK.
Second, if the other party has SERV-U, don't marry me, by modifying servudaemon.ini and fpipe, this software improvement should not be a question.
Third, through replacement system services to improve.
Its four, finding the documentation of CONN and Config to see if SA or MySQL's related password may be harvested.
I found this method in a boring intrusion, using FlashFXP to improve the permissions, but the success rate is high, see your own luck :)
I got a WebShell through BBS at www.xxx.com, put a pony (now the famousah's name is too big, I don't dare to put a piece of code into n files, black. The improvement permissions don't have time. After I went home, I saw that I was halo BBS upgrade to the mobile network SP2, I put the pony was also K, and the BBS of others was Access version. Depressed! Suddenly remembered that I insert a page into the back door of the ASP and see if there is still hope. Enter www.xxx.com/xx.asp?id = 1 good guy, still! Happy ING
figure 1
So I uploaded an ASP's latter, how to improve permissions?
On the host of this website, I wandered N minutes, and found a flashfxp folder under C: / Program file (using this software as yourself like me) Figure 2, then I have hit Sites. Dat this file (edit) ) What is a password and a username, and the password is added.
If I put these files back to the local location, how about it? Replace my local corresponding file?
So I downloaded the Sites.Dat Sites.Dat.bak Stats.dat Stats.dat.bak Download several files to my computer replaced the corresponding file of the FlashFXP folder in my computer. Open FlashFXP Open the site manager in the site.乖 乖 发
The other sources are in Figure 3 through the various sites connected to the FlashFXP connection. Through us, we have a bunch of broilers, we have FTP privileges. Upload script Trojans ~ huh, huh.
Talking about this for a long time, this improved permissions did not speak.
Don't worry, everyone look at the site manager of the other party, has the username and password, the password is an asterisk. what a pity!
Also think of the password and user name in sites.dat, and the password is encrypted.
Now the start of the star is also adding secrets. Look, you will go.
How to see? The rookie has a good look at the software, which is the XP asterisk Password viewer, and compares the password by viewing Sites.dat. The comparison of Figure 4 and Figure 5 is obvious that the password as seen in the site manager is displayed in plaintext. Make a fortune
The next step is to use the XP asterisk Password viewer to extract passwords and usernames. The complex password of the viewer is really a little missing the time of playing SNIFF. Haha code is: b69ujkq6 Hyndai790 S584P * FV4-C 98CQ3JK4 3-8 * EF. / 2Z5
Username: BN7865T Nilei75 QM / -G57 3KN QM / -G57 3KN 5.e * 82 / 69
(The above password and username have been necessary to modify)
So much information, according to the concept of social engineering, there is no administrator's password. I don't believe it. In the end, I got the password of this website administrator from this pile.
I think this question should be fed back to FlashFXP official, let them correct this vulnerability or error in the next release. After later testing, simply replace the SITES.DAT file containing the password and the username to the local corresponding file, you can restore the password of each site of the other party. I hope that when you encounter Fla SHFXP, you can think of this method, at least a pile of new broilers. Do not prevent try? I hope to give us help.
