20 webshell elevation servers

20 webshell elevation servers

1, SER-TU elevation (usually using SERFTP server management tools, first you need to find the INI configuration file under the installation directory, must have the write permission)
2. RADMIN Privilege Escalation (no stranger to everyone. We also need him to connect after scanning the 4899 empty password)
3. Raise the right of PCANYWHRER (it is also a remote client software. Download the CIF file in the installation directory to crack it)
4. SAM Privilege Escalation (SAM's system account usually needs to download the temporarily stored SAM file and perform hash cracking)
5. NC Privilege Escalation (using the NC command, bounce a port, and TELNET to remotely connect to a port, although the permission is not large enough, combined with Brazilian barbecue, can be successful)
6. PR Elevation of Privilege (PR Elevation of Privilege is not much to mention. It is best to use a kill-free PR Daemon so that we can proceed with this operation)
7. Permission escalation in IIS (IIS6.0 requires obtaining IIS configuration information and using tools to add backdoor users)
8, 43958 Elevation of Privilege (if the SER-TU has the permission to directly read and execute, then we can directly raise the privilege)
9. PERL Elevation of Privilege (PERL Elevation of Privilege is usually aimed at the Elevation of Privilege in the PERL folder, using the DIR directory % 20NET USER to create a backdoor USER)
10. Intranet LCX elevation (the forwarding tool LCX usually needs to listen to a port locally and then forward it. For Intranet, connect 127 to the other's 3389)
11. Initiate Elevation of Privilege (if the server startup item has the permission to execute, it should be said that the Administrator's technology is definitely not superb)
12, replace service elevation (replace a service EXE, such as SER-TU, can delete the original, and then upload the same SER. EXE, wait for the server to restart)
13. FXP Privilege Escalation (FXP is actually a transmission tool, but we can download three of its files and then use the password viewer function to obtain the password)

14. Permission escalation for the input method (currently, the idea of permission escalation for the input method is basically not feasible)
15,360 Elevation of Privilege (360 Elevation of Privilege, that is, the SHIFT backdoor we often call. If a 360 vulnerability exploitation program is executed and the SHIFT5 is used to connect to the server, the CMDSHELL is displayed
Successful)
16. VNC Privilege Escalation (VNC is certainly not a stranger to everyone. We usually use VNC for connection when scanning 5900 foreign servers. Similarly, if we get the VNC password,
He can be used to escalate permissions)
17,200 3ODAY elevation (if the server is 2003, 3ODAY can be used for Elevation of Privilege)
18. ROOT Privilege Escalation (if you get the MSSQL password, you can import the registry and execute the command we want using the MSSQL statement)
19. SA password server privilege escalation (generally, SAS and MSSQL related passwords, such as CONFIG. ASP and CONN. ASP)
20. FTP overflow elevation (LCX is used for local overflow and forwarding a port. Although it is not an intranet, the permission is elevated using the default port 21)