Advanced webshell skills: how to leave webshells in IIS practices IIS webshells

The jsp + mysql used by the company mail server must be used on windows. However, after tomcat is installed on windows, the system permission is granted by default. If you get a shell, the server will handle it. Therefore, the Service adopts a method of downgrading so that the tomcat service can run with a separate account to prevent webshell from raising the permission to think that the tomcat permission is so large,

Jsp + mysql used by the company mail server, which must be used on windowsMcAt. However, tomCatAfter installation, the system permission is assigned by default on windows. If you get a shell, the server will handle it. Therefore, the Service adopts a method of downgrading so that the tomcat service can run with a separate account to prevent webshell from raising the permission to think that the tomcat permission is so large, can we use tomcat to leave system backdoors?

Yes. iis can specify that each website runs an application in a separate process, that is, an application pool. Generally, a common application pool has network service permissions.
What if I drop the application pool as the system permission? In the application pool properties --- ID --- pre-defined account --- Local System

In this way, you only need to leave a sentence and execute CommandAll are system permissions.