Test Environment: Windows 2003 IIS6.0 Access Database Now everyone is generally uses the network forum, but the mobile network forum will threaten the security of the web host once the administrator privilege is obtained. For how to get WebShell by moving the network, please refer to the article I turn "Motion Forum 7.0 WEBSHELL analysis (transfer)" http://blog.9cbs.net/starlee1738/archive/2005/15/254849 .aspx, I successfully uploaded the ASP webmaster assistant and ASP probe (uploading Haiyang Trojan), because there is no authority), but I can only browse / modify the web directory because the host NTFS permission is set. Content, and cannot traverse other directories, you can't find other available vulnerabilities, if you have any good way, please enlighten me! Running the uploaded ASP assistant, prompting "The path is not found" when browsing other partitions, with the ASP probe to find out because there is no read permission to the partition. We know that anonymous access to the "IUSR_ Host Name" user in the system in the system, as long as the user's read permissions can limit the accesser traversal server directory, and the protect server data is not illegally accessed. Steps: 1. My computer, disk security properties. 2. First delete the Everyone group. Generally I want to delete on the server. 3. Add IUSR_HOSTNAME users to set it "Reject Read and Run" permissions. Figure. 4. Apply. There will be prompts and don't use it. 5. Set the completion. This is the NTFS settings of the non-Web site partition, and additional settings for the partition that stores the Web site can be accessed normally. Otherwise, when the website is accessing the website, it cannot be browsed because there is no run permission. Suppose my website is placed under F: / WWW. After setting the NTFS permissions of the F area according to the above five steps, the settings of the following steps are required: 1. Go to the WWW directory security attribute. At this time, you can see that the user's permissions of this user are set to refuse to read and run, and checkbox is gray, and cannot be modified. 2. Point high-level, let the following allow inherited Checkbox hooks, select "copy" in the pop-up prompt. 3. OK. At this time, you can see that Checkbox that is not modified now can be modified. 4. Change the IUSR_HOSTNAME user permissions and change only "read". 5. OK. At this point, all partitioned NTFS settings have been completed. At this point, you will then upload the ASP probe and the ASP assistant to the server, and you will receive a prompt that the permissions are insufficient.
The permissions set to the C disk are not automated, and the access to each folder is required to reject access. PROGRAM FILES, Documents and Settings and INETPUB These folders must be set.
WINDOWS or WINNT directory must not set this, otherwise it is when running the ASP program: (excluding the network, the reason is unknown.) If you connect the Access database connected to the ODBC, then report error: Microsoft Ole DB Provider for ODBC Drivers Error '80004005' [Microsoft ] [ODBC Microsoft Access Driver] Common Error You cannot open Registry Keyword 'Temporary (Volatile) Jet DSN for Process 0x1844 Thread 0x1B40 DBC 0x554cc59c jet'. If you use an OLEDB connected Acess database, an error is reported: an error is not specified.
The settings of the Windows or Winnt directory are as shown in the figure: "List folder / read data" This is not set to reject.
After setting up the Windows or Winnt directory, use the ASP assistant or browse to the contents of the directory, but there is no permission to open the file browsing. Also, if the server hard disk is set this, what method can be used to further get the host authority, please also enlighten me! ! This article is only for everyone to provide a way of protecting server data, please set it according to your needs. If you have a place, I hope everyone should point out!
ASP probe: http://www.itlearner.com/aspcheck/asp assistant 6.0: http://www.gxgl.com/? Action = Soft & Module = show & id = 4
