The bypass attack is relatively large for the virtual host, but now many virtual hosts use a website with a user's mode (specific setting method. You can go Google Sos Sos "to build a virtual host" one text) from the FSO component " It is really trouble that encounters this set of machines. Can you break through the safety awareness of the other party administrator. I just put forward a breakthrough method to add advertisements.
Now some servers have installed .NET Framework, that is, IIS supports ASP.NET, if you use NET USER to find ASPNET this account to prove that the server is support ASP.NET (under Win2000, XP ). There are a series of ASP shells such as the ocean top under the ASP environment, while ASP.NET also has WebAdmin this WebShell. Are all WebShells, is the difference between the two?
Oh, of course, it is an ASP and the other is ASP.NET. I don't know if you have noticed the account of Aspnet, he is you installed .NET Framework later. Look at the description in user management: "Account use for running the asp.net worker process (aspnet_wp.exe)", this account is originally used to execute the ASP.NET program. The ASP program is executed by the account of iUser_xxxxx.
The key to the problem is that iUser_xxxx is part of the guests group, while the ASPNET belongs to the User Group. Oh, the User Group is slightly larger than the guests group, that is, the permissions of ASP.NET Webshell are slightly larger than the ASP WebShell.
Wow, if a virtual host only limits the permissions of the guests group and ignores the Useers group, and he supports ASP.NET ... Hey, don't tell me, ^ _ ^
The text is over, here is advertising: WebShell under the ASP.NET mentioned in the article - WebAdmin in my home http://lake2.126.com
2005-4-16
