After obtaining the PCANYWHERE password, we have used up various methods but cannot obtain the permissions we want ..
I will give you a successful example for your reference:
Objective: To enter host
Condition: host A is remotely managed using PCA. In this case, the logon password of PCA is obtained through SHELL script.
There is only one PCA user. After the Administrator logs on, the user will not be able to log on. After the Administrator leaves, the desktop will be locked.
I did this:
Find host B as A zombie in the same network segment of host.
Let the host A be disconnected to attract the Administrator's attention and then let the host go to PCA.
After several minutes, the host A will be disconnected again.
The Administrator is forced to drop the line...
....
At this time, his desktop was not locked.
Allow host A to communicate normally.
Log On with the original PCA account, and go directly to the desktop.
......... Create a backdoor and exit. Haha...